From: Walker W. <fx...@ua...> - 2004-08-17 22:56:58
|
I've created a partial solution plugin/code hack that will allow one to capture submitted messages from a person whose session has expired. It's very experimental. This functionality is implemented in a very poor way, requiring an insertion of a few lines in functions/auth.php. I'm hoping that someone can improve this plugin/code hack and eventually get an option to have this enabled or disabled in squirrelmail's future releases. What I have: This plugin/code hack is called msg_recover or message recover. When a person submits form data to src/compose.php, the post variable 'send' is set, and their session is inactive/timed out this kicks in and saves the message to the user data directory as '$username.msg'. From here the person clicks on the link to login again. When they login the 'right_main_after_header' hook kicks in to display a form that has been saved. his form displays a button with the text 'Recover Interrrupted Message' that they can click on to continue the composition or sending of the message. If they don't click on this button, the message just sits there until they do. When they click on it, it submits to the composition page and populates To, CC, BCC, Subject and body.When src/compose.php is executing the 'compose_form' kicks in to delete the stored form on the server. What I'd like to see: It would be nice if this could be modified so that when ever a person logged in after a session time out and an attempt to send a message, they would instead go directly back into the composition form with their message waiting. Problems with this: There are definite problems with this implementation. One could easily spoof post data to create a msg and the system would store. Possibly a scripting attack from remote user. You have to define in the file plugins/msg_recover/setup.php what the $data_dir on your server is instead of just pulling it from the config file. It has to do with not being able to access this information from when your session times out. And finally you have to hack up functions/auth.php to make it this thing work at all. You have to insert two lines after the comment around line 48 to 50. Not good having to modify actual source and not doing it strictly as a plugin. What do you guys think? A tar file is attached for review. For the most part you treat it like a plugin with a few exceptions. You have to define what the $data_dir really is on your system in msg_recover/setup.php. You also have to insert the following 2 lines into the file functions/auth.php. ------auth.php insertion after comment starting on line 48-------- require_once(SM_PATH . 'plugins/msg_recover/setup.php'); msg_recover_store(); ------------------------------------------------------------------ Thank you, Walker Wheeler ========================================== fx...@ua... 907.474.7173 University of Alaska Fairbanks Division of Computing and Communication Systems Programmer ========================================== |