[horde] new post_login.php

Amos Shapira amos.shapira at gmail.com
Thu Aug 11 20:54:34 PDT 2005 

Hi,

Here is a summary of how I integrated Horde/Gollem in a Java
web application...

(Background - the requirements are:
1. Automatic login with credentials from the Java application
2. Dynamic FTP server name also passed from the Java application

Platform is Debian unstable ("etch"?) on x86, PHP4 4.3.10-15, horde
3.0.4 and Gollem 1.0-rc2, tested with Firefox 1.0.4).

1. Create a script horde/post_login.php:

<?php
@define('AUTH_HANDLER', true);
@define('HORDE_BASE', dirname(__FILE__));
require_once HORDE_BASE . '/lib/base.php';

$auth = &Auth::singleton($conf['auth']['driver']);
if (empty($_POST['user']) || !$auth->authenticate($_POST['user'],
array('password' => $_POST['pass']))) {
    header('Location: ' .
Horde::applicationUrl('login.php?logout_reason=logout'));
    exit;
}
$_SESSION['ftpserver'] = $_POST['ftpserver'];
$index_url = Horde::applicationUrl('index.php');
$index_url = Util::addParameter($index_url, 'ftpserver', $_POST['ftpserver']);
header('Location: ' . $index_url);

2. Create a "form post" link in the Java application like (open Gollem in a new
window):

<form name="login_to_file_server"
action="http://localhost/horde/post_login.php" method="post"
target="_blank">
    <input type="hidden" name="user" value="<%=bean.getUsername()%>" />
    <input type="hidden" name="pass" value="<%=bean.getPassword()%>" />
    <input type="hidden" name="ftpserver"
value="ftp.<%=bean.getVirtualHostDetails().getDomain()%>" />
    <a href="javascript:document.login_to_file_server.submit();">Login
to file server</a>
</form>

3. In horde/config/conf.php update a line:

$conf['auth']['params']['hostspec'] = $_POST['ftpserver'];

4. Set Horde authentication to 'ftp'
5. Edit Gollem's config/backends.php:

 if (!function_exists('nr_ftp_host_name')) {
   function nr_ftp_host_name() {
     if (!empty($_SESSION['ftpserver']))
       return $_SESSION['ftpserver'];
     else
       return '';
   }
 }

And the 'hordeftp' entry:

     'params' => array(
         // The hostname/IP Address of the FTP server.
         'hostspec' => nr_ftp_host_name(),
         // The port number of the FTP server.
         'port' => 21,
         // Use passive mode?
         'pasv' => false
     ),

(I'm not sure how this entry gets chosen by Horde/Gollem, I
just removed the other enties in the file).

6. In order to close the new window on "logout", I changed
horde's "login.php":

/* FIXME: Add a redirect-on-logout setting and check for that
 * here. */
if (true) {
  header('Location: ' . Horde::applicationUrl('close_window.php'));
  exit;
}

And the new file "close_window.php" just contains:

<html>
<body onload="window.close();">
</body>
</html>

And now I can just click the link in the Java application which will
take me directly to an authenticated Gollem session in a new window,
and upon clicking on "logout" Gollem's window will destroy the session
and close the new window.

I'd be happy to hear any comments about my solution, especially if you
can find security issues with it.

Hope this helps someone.

Special thanks go to Jan for pointing me in the right direction.

Cheers,

--Amos

More information about the horde mailing list