[horde] _horde_hook_postauthenticate()
Chuck Hagenbuch
chuck at horde.org
Wed Jun 18 02:38:52 UTC 2008
Quoting Liam Hoekenga <liamr at umich.edu>:
>> It should be invoked on initial authentication. IMP does extra auth
>> checks because of the IMAP stuff; Turba and Ingo don't need it
>> because you've already logged in to Horde.
>
> Right now, I'm using auto_prepend_file to check for a list of spammers..
>
> $badUsers = array('spammer' =>1, 'evilguy' => 1, 'lottoman' => 1 );
>
> if( $badUser = isset( $badUsers[ $_SERVER[ 'REMOTE_USER' ]] )) {
> ... do some stuff...
> exit();
> }
>
> I was thinking I could use _horde_hook_postauthenticate() instead of
> auto_prepend_file.. but I kind of need it work with Ingo and Turba.
> If someone is on our bade users list, I'd rather prevent them from
> using an piece of horde.
>
> W/ my test of _horde_hook_postauthenticate, I can keep them out of
> IMP, but spammers could still mess around with a user's mail
> filters, or harvest addresses from their address book.
So is the hook not called on initial login? Or is that avoided because
of your transparent authentication? Why can't you block them where you
do transparent auth, then?
-chuck
More information about the horde
mailing list