Re: [SM-DEVEL] 'You must be logged in to access this page.' after going to 'webmail.php' (plugin 'login_auto')

[Paul L. <pa...@sq...>]

On Nov 16, 2007 12:33 PM, Michael A. Puls II <sha...@gm...> wrote:
>
> On 11/16/07, Jon Angliss <jo...@sq...> wrote:
> > Hi Michael
> >
> > > On 11/15/07, Jon Angliss <jo...@sq...> wrote:
> > >> Doing some research on this, it might not be too difficult, you
> > >> *should* be able to catch this in the logout_error hook. It's a bit of
> > >> a "cheap shot" so to speak, but you can probably do something like
> > >> this:
> >
> > >> function login_auto_logout_err() {
> > >>     if (defined('PAGE_NAME') && (PAGE_NAME == 'webmail')) {
> > >>         if (!empty($_COOKIE['user'])) {
> > >>             header('Location: ' . SM_PATH . 'src/login.php');
> > >>         }
> > >>     }
> > >> }
> >
> > >> This forces a redirect to the login page, only if the page is webmail,
> > >> and the login_auto cookie 'user' is set.  This will allow the normal
> > >> login_auto code to kick in.  You'll also need to update the
> > >> squirrelmail_plugin_hooks, which is in the _init function in
> > >> login_auto/setup.php.
> > >>
> > >> $squirrelmail_plugin_hooks['logout_error']['login_auto'] = 'login_auto_logout_err';
> >
> > > Thanks.
> >
> > > O.K. in login_auto/setup.php, I have (showing relevant parts only):
> >
> > [..]
> >
> > > login_auto_logout_err_do() never seems to be called and no redirection happens.
> > > login_auto_logout_err never seems to be called either.
> >
> > > Do I have something incorrect?
> >
> > What SM version are you using? The 1.5.2-svn builds a static PHP array
> > from the plugins, so you'd need to rerun the configuration util. I
> > just applied it to my login_auto 1.1, and SM 1.4.12-svn setup, and got
> > it working fine. I've included a patch.
>
> Using 1.4.11. (I can test it with any version you want, but 1.4.11 is
> the one I'm trying to get it to work on.)
>
> Anyway, it still does not work. The function is never called. (The
> plugin still works fine otherwise)
>
> However, I figured out when the function is called. It's called only
> if I try to log in with an incorrect username/password. However,
> that's not what I'm trying to accomplish and the correct login info is
> still stored in my cookies. It's just webmail.php doesn't accept it.
>
> Just to be clear:
>
> In Opera (which defaults to continue from last time):
>
> 1. Goto login.php and log in.
> (you'll then be at webmail.php and logged in)
> 2. Close Opera without closing the webmail.php tab.
> 3. Start Opera
> When Opera starts, webmail.php will be reloaded. Then, since
> webmail.php doesn't autolog you back in, I expect to be redirected to
> login.php (so it can autolog me back in) instead of getting the "you
> must be logged in" error page.
>
> The problem is, the logout_error hook isn't activated in that
> situation (or at least it's not activated in a way that
> login_auto_logout_err_do() is called)

>From 1.4.12SVN snapshot ChangeLog:

  - Revived logout_error hook (#1800015).

As for Jon's "hack", I was going to suggest that webmail.php should
use the proper login_auto code instead of trying to catch the logout
error, HOWEVER, I think his solution is more elegant, because it
allows auto login on other pages as well.  I haven't looked at the
patch yet, but seems like it could work fine.

-paul