Michael Sharp writes: > I am trying to add a sqwebmail login to to my site that is running > PHP-nuke. > > I added this in PHP-nuke: > > <form method="post" name="logon" action="../cgi-bin/webmail?index=1"> > > <table border="0"> > <tbody> > <tr> > <td>User Id: </td> > <td><input type="text" size="16" name="username" > maxlength="128"></td> > <td></td> > </tr> > <tr> > <td>Password: </td> > <td><input type="password" size="16" name="password" > maxlength="128"></td> > <td> > <input type="submit" value="Login" name="do.login"></td> > </tr> > <tr> > <td align="right" valign="top"><input type="checkbox" > checked="checked" name="sameip"></td> > <td colspan="2">Restrict access to your IP address<br> > only (increased security)</td> > </tr> > </tbody> > </table> > </form> > </td> > > Strangely enough, it worked and I was logged into my mailbox. However, In > looking at the URL, it was showing the direct path to the authdaemon which > which was unacceptable because if I did this from a public system, the > next person could pull up the history and go straight to my mailbox. > > Can anyone offer a solution to this?
This is why sqwebmail's content is actually in a frame, so the URL history does not get logged. P.S. If you explicitly log out, any URLs in history will no longer work. -- Sam
