[imp] auto compose

Chuck Hagenbuch chuck@horde.org
Wed, 12 Dec 2001 18:16:35 -0500


Quoting Milos Prudek <milos.prudek@tiscali.cz>:

> How can I set up session pre-authenticated?

You just need to call IMP::createSession() from somewhere. Where you get the 
form data from doesn't really matter.

> I looked again at your mail of 07/17/2001 to this list which suggests
> creating a modified redirect.php that would pull password from SQL table
> and autologin user if it receives username via a POST.
> 
> Wouldn't such redirect.php present a security breach? Anyone who knew
> user name would be able to login to his/her mailbox just by visiting
> redirect.php and submitting username via POST...

I never suggested doing exactly what you describe above. If you have your users 
already authenticated by another scheme, _then_ you can modify redirect.php to 
use that scheme to figure out who the user is.

-chuck

--
Charles Hagenbuch, <chuck@horde.org>
"What was and what may be, lie, like children whose faces we cannot see, in the
arms of silence. All we ever have is here, now." - Ursula K. Le Guin