[imp] Automatic login IMP form portal

Randy Miller rmiller@highwired-inc.com
Tue, 17 Jul 2001 13:15:20 -0400

Previous message: [imp] Disabling cookies in IMP
Next message: Imap YES but blank page anyway
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I ran into this problem and came up my own solution.  Here is what I did:

1) Changed the frameset in index.php3 so that main frame is now 
mailbox.php3.  The change was made in frames_mode.inc file.  I changed the 
line
<frame name="main"
           src="<?php $sess->purl('mailbox.php3?uniq=' . uniqid(rand())) ?>"
  >

2) On the machine that is attempting to auto login to mail server, I 
created an encrypted cookie with username, password, and server.

3) This is the hard step.  I had to modify the mailbox.php3 file to login 
the user.  This is my code with a couple things taken out:

/* Set or read session */
page_open(array('sess' => 'HordeSession'));
if (!isset($imp)) {
   $actionID = IMP_LOGIN;
   $decryptedcookie = decrypt($encryptedcookie);
   // decrypted cookie is an array of username, password, and server.
   $mailbox ="INBOX";
   $imapuser = $decryptedcookie[0];
   $pass = $decryptedcookie[1];
   $server = $decryptedcookie[2];
   $port = 143;
   $servtype ="imap";
   $folders ="";
   $imp = new ImpSession();
   $imp->construct();
  $sess->register('imp');
} else {
   $imp->unpickle();
}

/* only proceed on a valid login */
$imp->authenticate();

Hope this gets you started.  I am pretty sure this is secure.  Anybody have 
reason to believe otherwise?

Randy

At 12:47 PM 7/17/01 -0400, you wrote:
>What I mean is that I don't want to send the username and password
>to the user's browser and then 'log in' the user with JavaScript
>or something like that, making the browser send imapuser and pass
>to redirect.php (or remote_login). In this case the password shows
>up in the page's source.
>
>It's the web server that will open the conection to IMP and
>send username/pass to IMP via POST, sort of mimicking the login
>form.
>
>If the username/pass pair is correct, IMP usually responds by creating
>a session and setting a cookie on the user's browser. And this is where
>I get lost, trying to figure out where to get the value for the
>cookies, etc - in my scheme, the cookies that IMP sends, do not
>reach the user, and I have to set them myself.
>
>I'm sorry if I wasn't clear in the first message and I hope
>this one is better :)
>
> > I'm not entirely clear what you mean by having the webserver do the 
> POST, but
> > you should be able to modify redirect.php to do what you want fairly 
> easily.
> >
> > -chuck
> >
> > --
> > Charles Hagenbuch, <chuck@horde.org>
> > Some fallen angels have their good reasons.
> >
> > --
> > IMP mailing list: http://horde.org/imp/
> > Archive: http://marc.theaimsgroup.com/?l=imp&r=1&w=2
> > Frequently Asked Questions: http://horde.org/faq/
> > To unsubscribe, mail: imp-unsubscribe@lists.horde.org
> >
> >
>
>
>--
>IMP mailing list: http://horde.org/imp/
>Archive: http://marc.theaimsgroup.com/?l=imp&r=1&w=2
>Frequently Asked Questions: http://horde.org/faq/
>To unsubscribe, mail: imp-unsubscribe@lists.horde.org


Randy Miller -- Team Leader, Web Development
HighWired.com -- Your high school connection
http://www.highwired.com/
rmiller@highwired-inc.com -- 617.393.2233

Previous message: [imp] Disabling cookies in IMP
Next message: Imap YES but blank page anyway
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]