This patch duplicates Gmail's option of the same name. It stores the
username and encrypted password in a cookie (_cuser and _cpass).
Anytime you visit RC, you're taken directly to the Inbox.
The patch is available from:
http://www.whidbey.com/richs/rc-rememberme.patch
(Please avoid copy+paste, which might garble the localizations).
As a side effect, you could set "_cuser" and "_cpass" cookies from
another web app, or submit them with a form. Remember that you'd need
to mimic Roundcube's "encrypt_passwd" function.
After patching, please examine "program/include/main.inc", around
line 701:
$cypher = des('rcmail?24BitPwDkeyF**ECB', $pass, 1, 0, NULL);
And line 708:
$pass = des('rcmail?24BitPwDkeyF**ECB', base64_decode($cypher), 0,
0, NULL);
I'd recommend changing 'rcmail?24BitPwDkeyF**ECB' to something unique
for your site (Could this become a Config option?). For example,
'k2mJs9*l_38qms-CYkja!9Oq'. Otherwise, anyone could decrypt a
password if they had access to cache, cookie, etc.
Feedback appreciated! Maybe we can work to get the option into SVN?
Rich
