grabbing login information from imp login process
Zachary Denison
zacharydenison@yahoo.com
Mon, 4 Feb 2002 09:20:37 -0800 (PST)
Hi,
I am using the imp authentication mechanism to perform
the login for all the pages of my site, not just the
imp pages. What I would like to do, one on of the
pages is after the user logs in and properly
authenticates I would like to grab the users password
and log them into another resource, since it's the
same password, I dont want them to have to retype it
again: is there a way to do this? My sample hello
program is below and illustrates what I want to do.
Thank you
<?
// sample hello.php
include('base.php');
$user=Auth::getAuth();
$login=Horde::url("login.php?redirect_url=" .
$PHP_SELF, true, true);
$logout=Horde::url("login.php?reason=logout&redirect_url="
. $PHP_SELF, true, true);
if(!$user) {
// grab users password and login to an ldap server
// or sql server some other company resource, without
// having user retype password.
exit;
}
?>
__________________________________________________
Do You Yahoo!?
Great stuff seeking new owners in Yahoo! Auctions!
http://auctions.yahoo.com
>From jan@horde.org Date: Mon, 4 Feb 2002 18:17:26 +0100
Return-Path: <jan@horde.org>
Mailing-List: contact imp-help@lists.horde.org; run by ezmlm
Delivered-To: mailing list imp@lists.horde.org
Received: (qmail 27575 invoked from network); 4 Feb 2002 17:23:51 -0000
Received: from mailout05.sul.t-online.com (194.25.134.82)
by clark.horde.org with SMTP; 4 Feb 2002 17:23:51 -0000
Received: from fwd01.sul.t-online.de
by mailout05.sul.t-online.com with smtp
id 16XmqK-0001wz-05; Mon, 04 Feb 2002 18:23:48 +0100
Received: from linux.wg.de (320034214675-0001@[80.130.213.181]) by fmrl01.sul.t-online.com
with esmtp id 16XmqH-0PuilUC; Mon, 4 Feb 2002 18:23:45 +0100
Received: from localhost (localhost [127.0.0.1])
by linux.wg.de (8.11.0/8.11.0/SuSE Linux 8.11.0-0.4) with ESMTP id g14HHQ919032
for <imp@lists.horde.org>; Mon, 4 Feb 2002 18:17:26 +0100
Received: from 62.225.101.66 ( [62.225.101.66])
as user jan@linux by jan.dip.ammma.net with HTTP;
Mon, 4 Feb 2002 18:17:26 +0100
Message-ID: <1012843046.3c5ec226203ac@jan.dip.ammma.net>
Date: Mon, 4 Feb 2002 18:17:26 +0100
From: Jan Schneider <jan@horde.org>
To: imp@lists.horde.org
References: <016201c1ad9f$3265eb30$ce00a8c0@euromedias.fr>
In-Reply-To: <016201c1ad9f$3265eb30$ce00a8c0@euromedias.fr>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 4.0-cvs
X-Sender: 320034214675-0001@t-dialin.net
Subject: Re: [imp] I cant see Folder link...
Zitat von Jerome <jerome@euromedias.com>:
> Hi,
>
> I use Imp with MySQL and POP3 accounts.
> Like your demo I can't use personnal folder and Trash/Sent/Draft folder.
>
> I try to set this value : $conf['user']['allow_folders'] = true; but it
> doesnt work.
>
> What is the solution ?
POP3 doesn't have folders.
Jan.
--
http://www.horde.org - The Horde Project
http://www.ammma.de - discover your knowledge
http://www.tip4all.de - Deine private Tippgemeinschaft
>From gunawan@optima.co.id Date: Tue, 5 Feb 2002 00:43:30 +0700
Return-Path: <gunawan@optima.co.id>
Mailing-List: contact imp-help@lists.horde.org; run by ezmlm
Delivered-To: mailing list imp@lists.horde.org
Received: (qmail 27698 invoked from network); 4 Feb 2002 17:24:01 -0000
Received: from internal.optima.co.id (HELO mail.optima.co.id) (qmailr@202.159.115.51)
by clark.horde.org with SMTP; 4 Feb 2002 17:24:01 -0000
Received: (qmail 14017 invoked by uid 48); 4 Feb 2002 17:43:30 -0000
Received: from 202.46.96.2 ( [202.46.96.2])
as user gunawan@mail.optima.co.id by webmail.optima.co.id with HTTP;
Tue, 5 Feb 2002 00:43:30 +0700
Message-ID: <1012844610.3c5ec8424825d@webmail.optima.co.id>
Date: Tue, 5 Feb 2002 00:43:30 +0700
From: gunawan@optima.co.id
To: imp@lists.horde.org
References: <Pine.LNX.4.33.0202041617060.18907-100000@polka.aix.diginext.fr>
In-Reply-To: <Pine.LNX.4.33.0202041617060.18907-100000@polka.aix.diginext.fr>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.0
X-WebMail-Company: Optima Infocitra Universal, PT.
Subject: Re: [imp] change password for imp 3.0
:
hemm, it uses /usr/bin/passwd ...
bad news, coz i use vpasswd (vpopmail) for authentication, i think this patch
cannot be implemented on vpasswd.
do you have any suggestion ?
Quoting Mathieu CLABAUT <mathieu.clabaut@free.fr>:
> On Mon, 4 Feb 2002 gunawan@optima.co.id wrote:
>
> > i just wanna ask about change password facility in imp 3.0
> > should i add some script ? or ... ?
> > could you give me solution ?
> > (newbie)
>
> Have a look at https://mail.ph.utexas.edu/test2/patches/public
>
> --
> ___________________________________________________________________________
> Mathieu CLABAUT mailto:mathieu.clabaut@free.fr
> DIGINEXT http://mathieu.clabaut.free.fr
> 45, impasse de la draille, P.A. La Duranne, tel: 04 42 90 82 91
> 13857 Aix En Provence - cedex 3 fax: 04 42 90 82 80
>
>
> --
> IMP mailing list: http://horde.org/imp/
> Archive: http://marc.theaimsgroup.com/?l=imp&r=1&w=2
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: imp-unsubscribe@lists.horde.org
>
>
--
dont be panic! (kernel)
---------------------------------------------------------
This mail sent through Webmail Optima Infocitra Universal
>From jan@horde.org Date: Mon, 4 Feb 2002 18:30:00 +0100
Return-Path: <jan@horde.org>
Mailing-List: contact imp-help@lists.horde.org; run by ezmlm
Delivered-To: mailing list imp@lists.horde.org
Received: (qmail 30274 invoked from network); 4 Feb 2002 17:34:06 -0000
Received: from mailout06.sul.t-online.com (194.25.134.19)
by clark.horde.org with SMTP; 4 Feb 2002 17:34:06 -0000
Received: from fwd04.sul.t-online.de
by mailout06.sul.t-online.com with smtp
id 16Xn0G-0002oc-00; Mon, 04 Feb 2002 18:34:04 +0100
Received: from linux.wg.de (320034214675-0001@[80.130.213.181]) by fmrl04.sul.t-online.com
with esmtp id 16Xmzx-0dURTEC; Mon, 4 Feb 2002 18:33:45 +0100
Received: from localhost (localhost [127.0.0.1])
by linux.wg.de (8.11.0/8.11.0/SuSE Linux 8.11.0-0.4) with ESMTP id g14HU0919094
for <imp@lists.horde.org>; Mon, 4 Feb 2002 18:30:01 +0100
Received: from 62.225.101.66 ( [62.225.101.66])
as user jan@linux by jan.dip.ammma.net with HTTP;
Mon, 4 Feb 2002 18:30:00 +0100
Message-ID: <1012843800.3c5ec518956aa@jan.dip.ammma.net>
Date: Mon, 4 Feb 2002 18:30:00 +0100
From: Jan Schneider <jan@horde.org>
To: imp@lists.horde.org
References: <1012532174.3c5a03cebc61d@mail.herolse-gbc.com>
In-Reply-To: <1012532174.3c5a03cebc61d@mail.herolse-gbc.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 4.0-cvs
X-Sender: 320034214675-0001@t-dialin.net
Subject: Re: [imp] Show msword docs in TechniColor ;-)
Zitat von Pelayo Gonzalez <pelayog@herolse-gbc.com>:
>
> Hi, finally I've managed to render the images from msword documents.
> Please can
> review and test this patches and improve them. There are minor
> modifications to
> horde/lib/MIME/Viewer/msword.php and a new file horde/dump_image.php.
>
> This is my very first contact with PHP/HORDE programming I'll try to
> improve my
> skills but, I've finished the coffe.
Nice that you tried to fix this problem but I see two issues with your
patch.
At first the is HUGE security issue. With the dump_image.php script
everybody is able to read every file from the tmp directory. I know there
shouldn't be any sensitive data world readable in the tmp directory because
it's readable by everyone with an account on the machine, but still.
Also I don't like the idea of another script in the main directory only to
implement one mime driver that doesn't work correctly.
I see following solutions to this. We could pass the image as an additional
to view.php instead and look for this parameter in the mime driver itself.
If it's present we send the image to the browser otherwise the html'ed word
document.
The security problem can be fixed if we don't pass the filename as
cleartext but encode it with the secret we store in the user session. But
this would require to be authenticated to use this mime driver. And I don't
know if it's not to much overhead at all.
What do others think?
Jan.
--
http://www.horde.org - The Horde Project
http://www.ammma.de - discover your knowledge
http://www.tip4all.de - Deine private Tippgemeinschaft
>From jan@horde.org Date: Mon, 4 Feb 2002 18:34:00 +0100
Return-Path: <jan@horde.org>
Mailing-List: contact imp-help@lists.horde.org; run by ezmlm
Delivered-To: mailing list imp@lists.horde.org
Received: (qmail 31524 invoked from network); 4 Feb 2002 17:43:53 -0000
Received: from mailout11.sul.t-online.com (194.25.134.85)
by clark.horde.org with SMTP; 4 Feb 2002 17:43:53 -0000
Received: from fwd11.sul.t-online.de
by mailout11.sul.t-online.com with smtp
id 16Xn9i-0006X5-0B; Mon, 04 Feb 2002 18:43:50 +0100
Received: from linux.wg.de (320034214675-0001@[80.130.213.181]) by fmrl11.sul.t-online.com
with esmtp id 16Xn9d-1D7vRQC; Mon, 4 Feb 2002 18:43:45 +0100
Received: from localhost (localhost [127.0.0.1])
by linux.wg.de (8.11.0/8.11.0/SuSE Linux 8.11.0-0.4) with ESMTP id g14HY0919150
for <imp@lists.horde.org>; Mon, 4 Feb 2002 18:34:01 +0100
Received: from 62.225.101.66 ( [62.225.101.66])
as user jan@linux by jan.dip.ammma.net with HTTP;
Mon, 4 Feb 2002 18:34:00 +0100
Message-ID: <1012844040.3c5ec6086707d@jan.dip.ammma.net>
Date: Mon, 4 Feb 2002 18:34:00 +0100
From: Jan Schneider <jan@horde.org>
To: imp@lists.horde.org
References: <20020204172037.72189.qmail@web13709.mail.yahoo.com>
In-Reply-To: <20020204172037.72189.qmail@web13709.mail.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 4.0-cvs
X-Sender: 320034214675-0001@t-dialin.net
Subject: Re: [imp] grabbing login information from imp login process
Zitat von Zachary Denison <zacharydenison@yahoo.com>:
>
> Hi,
>
> I am using the imp authentication mechanism to perform
> the login for all the pages of my site, not just the
> imp pages. What I would like to do, one on of the
> pages is after the user logs in and properly
> authenticates I would like to grab the users password
> and log them into another resource, since it's the
> same password, I dont want them to have to retype it
> again: is there a way to do this? My sample hello
> program is below and illustrates what I want to do.
>
> Thank you
>
>
> <?
>
> // sample hello.php
>
> include('base.php');
>
> $user=Auth::getAuth();
> $login=Horde::url("login.php?redirect_url=" .
> $PHP_SELF, true, true);
> $logout=Horde::url("login.php?reason=logout&redirect_url="
> . $PHP_SELF, true, true);
>
> if(!$user) {
>
> // grab users password and login to an ldap server
> // or sql server some other company resource, without
> // having user retype password.
> exit;
> }
>
>
> ?>
Auth::getCredential() is what you're looking for.
Jan.
--
http://www.horde.org - The Horde Project
http://www.ammma.de - discover your knowledge
http://www.tip4all.de - Deine private Tippgemeinschaft
>From eric.rostetter@physics.utexas.edu Date: Mon, 4 Feb 2002 12:18:09 -0600
Return-Path: <eric.rostetter@physics.utexas.edu>
Mailing-List: contact imp-help@lists.horde.org; run by ezmlm
Delivered-To: mailing list imp@lists.horde.org
Received: (qmail 32961 invoked from network); 4 Feb 2002 18:18:12 -0000
Received: from pcgxmt1.ph.utexas.edu (root@128.83.114.121)
by clark.horde.org with SMTP; 4 Feb 2002 18:18:12 -0000
Received: (from httpd@localhost)
by pcgxmt1.ph.utexas.edu (8.9.3/8.9.3) id MAA22940
for imp@lists.horde.org; Mon, 4 Feb 2002 12:18:09 -0600
Received: from 128.83.155.179 ( [128.83.155.179])
as user ericr@localhost by mail.ph.utexas.edu with HTTP;
Mon, 4 Feb 2002 12:18:09 -0600
Message-ID: <1012846689.3c5ed061222f5@mail.ph.utexas.edu>
Date: Mon, 4 Feb 2002 12:18:09 -0600
From: Eric Jon ROSTETTER <eric.rostetter@physics.utexas.edu>
To: imp@lists.horde.org
References: <Pine.LNX.4.33.0202041617060.18907-100000@polka.aix.diginext.fr> <1012844610.3c5ec8424825d@webmail.optima.co.id>
In-Reply-To: <1012844610.3c5ec8424825d@webmail.optima.co.id>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.1-cvs
Subject: Re: [imp] change password for imp 3.0
Quoting gunawan@optima.co.id:
> hemm, it uses /usr/bin/passwd ...
No, it uses a poppassd server. The poppassd server then uses whatever
it wants to. The patch is independ of password store, as it only depends
on a working poppassd server.
> bad news, coz i use vpasswd (vpopmail) for authentication, i think this patch
> cannot be implemented on vpasswd.
The patch is for a poppassd server, and can be used with any working
poppassd server. Password store is not an issue of the patch itself, but
of the external poppassd server.
> do you have any suggestion ?
Find, or write/modify, a poppassd server that supports vpasswd.
Eric Jon Rostetter
The Department of Physics
The University of Texas at Austin
Austin, Texas 78712-1081
Office: RLM 7.126
Telephone: 512-471-5821
Email: eric.rostetter@physics.utexas.edu
Fragen Sie nicht was Ihre Kumputer tun koennen,
aber fragen Sie was Sie fur Ihre Kumputer koennen.
>From pelayog@herolse Date: Mon, 4 Feb 2002 19:31:43 +0100
Return-Path: <pelayog@herolse-gbc.com>
Mailing-List: contact imp-help@lists.horde.org; run by ezmlm
Delivered-To: mailing list imp@lists.horde.org
Received: (qmail 34084 invoked from network); 4 Feb 2002 18:31:50 -0000
Received: from 217-125-104-181.uc.nombres.ttd.es (HELO mail.herolse-gbc.com) (217.125.104.181)
by clark.horde.org with SMTP; 4 Feb 2002 18:31:50 -0000
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.herolse-gbc.com (8.11.6/8.11.6) with ESMTP id g14IVh105426
for <imp@lists.horde.org>; Mon, 4 Feb 2002 19:31:43 +0100
Received: from 192.168.10.163 ( [192.168.10.163])
as user pelayog@localhost by mail.herolse-gbc.com with HTTP;
Mon, 4 Feb 2002 19:31:43 +0100
Message-ID: <1012847503.3c5ed38f0fe20@mail.herolse-gbc.com>
Date: Mon, 4 Feb 2002 19:31:43 +0100
From: Pelayo Gonzalez <pelayog@herolse-gbc.com>
To: imp@lists.horde.org
References: <1012532174.3c5a03cebc61d@mail.herolse-gbc.com> <1012843800.3c5ec518956aa@jan.dip.ammma.net>
In-Reply-To: <1012843800.3c5ec518956aa@jan.dip.ammma.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 4.0-cvs
Subject: Re: [imp] Show msword docs in TechniColor ;-)
Hello Jan.
Thanks for your response. It'll be a honour for me if somebody find useful this
little contribution.
You can find an evolution of this patch posted yesterday in the thread 'wvHtml
and images'. I think we better close this thread and continue with that one.
I'll try to:
- Avoid security issues.
- Avoid creating dump_image.php and integrate its funcionality into view.php
- Learn, learn and learn more...
Pelayo
Mensaje citado por Jan Schneider <jan@horde.org>:
> Nice that you tried to fix this problem but I see two issues with your
> patch.
>
> At first the is HUGE security issue. With the dump_image.php script
> everybody is able to read every file from the tmp directory. I know there
> shouldn't be any sensitive data world readable in the tmp directory because
>
> it's readable by everyone with an account on the machine, but still.
> Also I don't like the idea of another script in the main directory only to
> implement one mime driver that doesn't work correctly.
>
> I see following solutions to this. We could pass the image as an additional
>
> to view.php instead and look for this parameter in the mime driver itself.
> If it's present we send the image to the browser otherwise the html'ed word
>
> document.
> The security problem can be fixed if we don't pass the filename as
> cleartext but encode it with the secret we store in the user session. But
> this would require to be authenticated to use this mime driver. And I don't
>
> know if it's not to much overhead at all.
>
> What do others think?
>
> Jan.
>From chuck@horde.org Date: Mon, 4 Feb 2002 13:54:54 -0500
Return-Path: <chuck@horde.org>
Mailing-List: contact imp-help@lists.horde.org; run by ezmlm
Delivered-To: mailing list imp@lists.horde.org
Received: (qmail 35913 invoked from network); 4 Feb 2002 18:55:32 -0000
Received: from h00104bc60b3c.ne.mediaone.net (HELO marina.horde.org) (24.91.196.127)
by clark.horde.org with SMTP; 4 Feb 2002 18:55:32 -0000
Received: by marina.horde.org (Postfix, from userid 33)
id DA89539CB; Mon, 4 Feb 2002 13:54:54 -0500 (EST)
Received: from 192.168.0.123 ( [192.168.0.123])
as user chuck@localhost by marina.horde.org with HTTP;
Mon, 4 Feb 2002 13:54:54 -0500
Message-ID: <1012848894.3c5ed8feadc9d@marina.horde.org>
Date: Mon, 4 Feb 2002 13:54:54 -0500
From: Chuck Hagenbuch <chuck@horde.org>
To: imp@lists.horde.org
References: <Pine.LNX.4.43.0202041212150.22714-100000@centaur.ccs.yorku.ca>
In-Reply-To: <Pine.LNX.4.43.0202041212150.22714-100000@centaur.ccs.yorku.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 4.0-cvs
Subject: Re: [imp] Session expiring
Quoting Ramon Kagan <rkagan@yorku.ca>:
> Any body have any new ideas. I can't go production when my users will be
> logged out spontaneously.
Turn off of cookies and go with URL session ids? Use domain cookies instead? We
give you cookie_path and cookie_domain settings; you just have to get them
right.
-chuck
--
Charles Hagenbuch, <chuck@horde.org>
"What was and what may be, lie, like children whose faces we cannot see, in the
arms of silence. All we ever have is here, now." - Ursula K. Le Guin