[imp] Automatic login IMP form portal
Randy Miller
rmiller@highwired-inc.com
Tue, 17 Jul 2001 13:15:20 -0400
I ran into this problem and came up my own solution. Here is what I did:
1) Changed the frameset in index.php3 so that main frame is now
mailbox.php3. The change was made in frames_mode.inc file. I changed the
line
<frame name="main"
src="<?php $sess->purl('mailbox.php3?uniq=' . uniqid(rand())) ?>"
>
2) On the machine that is attempting to auto login to mail server, I
created an encrypted cookie with username, password, and server.
3) This is the hard step. I had to modify the mailbox.php3 file to login
the user. This is my code with a couple things taken out:
/* Set or read session */
page_open(array('sess' => 'HordeSession'));
if (!isset($imp)) {
$actionID = IMP_LOGIN;
$decryptedcookie = decrypt($encryptedcookie);
// decrypted cookie is an array of username, password, and server.
$mailbox ="INBOX";
$imapuser = $decryptedcookie[0];
$pass = $decryptedcookie[1];
$server = $decryptedcookie[2];
$port = 143;
$servtype ="imap";
$folders ="";
$imp = new ImpSession();
$imp->construct();
$sess->register('imp');
} else {
$imp->unpickle();
}
/* only proceed on a valid login */
$imp->authenticate();
Hope this gets you started. I am pretty sure this is secure. Anybody have
reason to believe otherwise?
Randy
At 12:47 PM 7/17/01 -0400, you wrote:
>What I mean is that I don't want to send the username and password
>to the user's browser and then 'log in' the user with JavaScript
>or something like that, making the browser send imapuser and pass
>to redirect.php (or remote_login). In this case the password shows
>up in the page's source.
>
>It's the web server that will open the conection to IMP and
>send username/pass to IMP via POST, sort of mimicking the login
>form.
>
>If the username/pass pair is correct, IMP usually responds by creating
>a session and setting a cookie on the user's browser. And this is where
>I get lost, trying to figure out where to get the value for the
>cookies, etc - in my scheme, the cookies that IMP sends, do not
>reach the user, and I have to set them myself.
>
>I'm sorry if I wasn't clear in the first message and I hope
>this one is better :)
>
> > I'm not entirely clear what you mean by having the webserver do the
> POST, but
> > you should be able to modify redirect.php to do what you want fairly
> easily.
> >
> > -chuck
> >
> > --
> > Charles Hagenbuch, <chuck@horde.org>
> > Some fallen angels have their good reasons.
> >
> > --
> > IMP mailing list: http://horde.org/imp/
> > Archive: http://marc.theaimsgroup.com/?l=imp&r=1&w=2
> > Frequently Asked Questions: http://horde.org/faq/
> > To unsubscribe, mail: imp-unsubscribe@lists.horde.org
> >
> >
>
>
>--
>IMP mailing list: http://horde.org/imp/
>Archive: http://marc.theaimsgroup.com/?l=imp&r=1&w=2
>Frequently Asked Questions: http://horde.org/faq/
>To unsubscribe, mail: imp-unsubscribe@lists.horde.org
Randy Miller -- Team Leader, Web Development
HighWired.com -- Your high school connection
http://www.highwired.com/
rmiller@highwired-inc.com -- 617.393.2233