Hello Jason,
On Friday, November 22, 2002, Jason Lemm wrote...
> Hi Jonathan,
> Just after a bit of help please. Um, well I tried the suggestion
> below, but can't work out how the $key is generated. You see, we
> have usernames and passwords within our intranet database. These
> match the usernames and passwords of our IMAP mailboxes. We have a
> button within the intranet which automatically logs us into to email
> by going straight to the "redirect.php" file. Now, we also have the
> Notify plugin on our homepage which tells us how many e-mails we
> have in our mailboxes. I have tried passing the username and
> password from our database to this page by putting in
> "session_start()" at the top of the page. If I echo the variables
> just after the session_start then they display to me fine, but if I
> move these echo lines to just after the 2 includes, then I get
> nothing as if something in one of the includes are replacing the 2
> variables in my session?? Either that or they are being ignored. I
> took a look at line 84 in notify.php and I have found the code you
> are talking about but unable to use it to generate the $key which
> notify.php seems to require? SO, at the moment we have to login by
> clicking the e-mail button first which automatically logs us in, and
> then go back to the homepage to see notify.php plugin working. Hope
> you understand whats going on here.
Because of how redirect retrieves the values, just setting the session
values for $username and such aren't going to work. As you are
apparently attempting to completely bypass the first login
(authentication), it should be possible to set the session variables
for $username, $key, and $onetimepad. $key itself is in fact stored in
a cookie, while $username and $onetimepad are stored in the session.
So in theory you should be able to do this:
1. Do your standard authentication for the intranet
*** BEFORE DISPLAYING ANY INFORMATION ***
2. Start a session (the session name must be the same as that set in
php.ini file for the server running squirrelmail
3. Save $username (your users login name) into the session, you can
do this by simply doing:
session_register('username');
4. Generate the $onetimepad value. This is done as follows:
$onetimepad = OneTimePadCreate(strlen($secretkey));
The custom function OneTimePadCreate can be seen in
functions/strings.php. To save yourself some work, you might just
want to include the file in your first page.
5. Save $onetimepad into the session, as with username, you can do
this via:
session_register('onetimepad');
6. Now for $key, src/redirect.php says $key is set as such:
$key = OneTimePadEncrypt($secretkey, $onetimepad);
This must appear *after* $onetimepad is set. Again,
OneTimePadEncrypt() is a custom function, and appears in
functions/strings.php so you really can save yourself some work
by simply included it in your login page.
7. The next step is the cookie... before *ANY* code is set back to
the browser, you have to set the cookie. If you don't, PHP will
cause an error, and you won't get anywhere. So after the person
has been authorised, and you have calculated $onetimepad,
$username and $key, and stored the first two in sessions, it's
now time to setup the cookie... this is done as such:
setcookie('key', $key , 0 , '<base address for squirrelmail>');
Not too difficult there. Just replace <base....> with the value
relative to the root web directory for your webmail. For
example, if you have squirrelmail running in
http://myintra.net/webmail/ then <base...> would be set to
/webmail/. If you have SquirrelMail running in
http://webmail.intra.net/ then <base...> would be /.
8. Now two final variables, and the main page, and we should be
there (I hope). Set as such:
$user_is_logged_in = true;
$just_logged_in = true;
session_register('user_is_logged_in');
session_register('just_logged_in');
Now provide a link to http://domain/webmail/src/webmail.php (or
replace domain/webmail/ with the real path to squirrelmail).
In theory that should work... I've not tried... I'll give it a whirl
in a little while, but it gives you a starting point. Hope it helps a
bit. Out of curiosity, is your intranet PHP based, or html?
--
Jonathan Angliss
([EMAIL PROTECTED])
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
--
squirrelmail-users mailing list
List Address: [EMAIL PROTECTED]
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
