[horde] Login session problems

Chris Hamilton chris at ambigc.com
Fri Jul 25 18:24:10 PDT 2003 

I am using a cvs version from about a month ago.  I have a single imap 
server that is connected to imp, however I want to use ldap to pull in 
information for horde administration.  What I have done is set horde to 
use ldap and set imp to call a script called autologin.php for login.

This script calls the imp login call from the api with the current users 
id and password.

The problem is that intermittently, the session seems to get confused or 
drop the password for the user.  I see (modified debug message) that the 
user id is extracted from the session, but the password is blank.

Here is the code for reference, is there anyway I can more consistently 
extract the session?
I still dont know why it is breaking, it seems to do it more often in ie 
than mozilla and more when you have logged out and then back in.

<?php
@define('HORDE_BASE', dirname(__FILE__) . '/..');
@define('IMP_BASE', dirname(__FILE__));

// Browser detection library
require_once HORDE_BASE . '/lib/Browser.php';
$browser = &Browser::singleton();
if (isset($session_control)) {
    switch ($session_control) {
    case 'netscape':
        if ($browser->isBrowser('mozilla')) {
            session_cache_limiter('private, must-revalidate');
        }
        break;
    }
}

require_once HORDE_BASE . '/lib/Registry.php';
$registry = &Registry::singleton();
$registry->pushApp('imp');
$conf = &$GLOBALS['conf'];

require_once HORDE_BASE . '/lib/Horde.php';
require_once HORDE_BASE . '/lib/Auth.php';
require_once HORDE_BASE . '/lib/Secret.php';

require_once IMP_BASE . '/lib/api.php';

if (Auth::getAuth()) {

    $userID = $_SESSION['__auth'][userID];
    //Force niceness to cyrus
    $userID = strtolower($userID);
    $credentials = @unserialize(Secret::read(Secret::getKey('auth'), 
$_SESSION['__auth']['credentials']));

    if(_imp_authenticate($userID, $credentials, '')) {
       header('Location: redirect.php');
       exit;
    }
    else {
       echo 'No email account';
    }
}
else {
    echo 'Not logged in';
}


Is there a better way to do this since the usernames are the same -> 
anyway to login by imp and still get ldap info too?

Thanks,
Chris Hamilton

More information about the horde mailing list