Direct login in roundcube webmail

[cPanelDon]

Hi,
I am trying to set up something similar and the roundcuberedirect.html file seems to work only if you do not use security tokens. Can anyone suggest the extra code needed to make the redirect security token aware?
Thanks.

With security session tokens enabled, I'm able to directly access Roundcube webmail via the following URLs; replace "server" with your server hostname, IP address, or cPanel account domain name:

Code:

http://server:2095/3rdparty/roundcube/
https://server:2096/3rdparty/roundcube/

If proxy sub-domains are enabled, the following URLs, using the "webmail." sub-domain, will also go directly to Roundcube; replace "domain" with your cPanel account domain name:

Code:

http://webmail.domain:2095/3rdparty/roundcube/
https://webmail.domain:2096/3rdparty/roundcube/

[Asver]

The browser pop-up window is displayed because your server is configured to use HTTP Authentication. To log-in using an HTML-form you will need to disable HTTP Authentication so that cookie authentication will be used, which will avoid the pop-up-style log-in prompt.

This change can be accomplished using WebHost Manager via the following menu path (with linked documentation): WHM: Main >> Server Configuration >> Tweak Settings >> Security >> Enable HTTP Authentication [?] Enable HTTP Authentication for cPanel/WebMail/WHM Logins. This risks certain types of XSRF attacks that rely on cached HTTP Auth credentials. Disabling forces cookie authentication.

I see. Thanks for fast and solid reply.
But even if it spread some light on cause of my problem, it does not solve it.
I don’t have access to this security setting, neither I want to disable it. All I want is to allow my users to log in directly to roundcube with use of little form located somewhere on my website.

Now I am wondering if it is possible to log in using help of curl?
I done some tests, but they don’t work... I don’t know much about sniffing with Curl, and breaking security stuff, but if there is no other option... any suggestions will be nice.
Here is code that I gathered in last few days (witch don’t work, of course).

PHP Code:

$curl = curl_init();
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY ) ;
curl_setopt($curl, CURLOPT_USERPWD, "login:pass");
curl_setopt($curl, CURLOPT_SSLVERSION,3);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($curl, CURLOPT_HEADER, true);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, "user=login&pass=password");
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
curl_setopt($curl, CURLOPT_URL, 'https://myDomain:2096/3rdparty/roundcube/?_task=mail'); 


[beddo]

If proxy sub-domains are enabled, the following URLs, using the "webmail." sub-domain, will also go directly to Roundcube; replace "domain" with your cPanel account domain name:

Code:

http://webmail.domain:2095/3rdparty/roundcube/
https://webmail.domain:2096/3rdparty/roundcube/

We actually use the proxy sub-domains exclusively due to the certificate name. direct access to the ports is actually firewalled off.

All I need is a little bit of code in the roundcube redirector that picks up the right variable being posted and then passes it on. Surely there is some documentation for developers on how to make things token compatible?

Edit:

I figured it out myself. All it takes is an extra print statement in the clickable link and javascript redirect. Here it is for anyone else interested.

Code:

<cpanel Email="check_roundcube()">
<h2>Redirecting to Roundcube WebMail.....please click <a href="<cpanel print="$ENV{'cp_security_token'}"><cpanel print="$CPVAR{'roundcube'}">/index.php">here</a> if you are not redirected in 5 seconds.</h2>
<script type="text/javascript">
function goToRoundCube(){
        document.location.href="<cpanel print="$ENV{'cp_security_token'}"><cpanel print="$CPVAR{'roundcube'}">/index.php";
}
</script>
<script>goToRoundCube();</script>

[thisxstyle]

Hey,

I'm stuck in a tough spot with this. I did the method described in the first two posts with the script and the redirect, but how would I go about undoing this to revert it back to how cpanel webmail was before I put it in place?

Thanks

[beddo]

Hey,

I'm stuck in a tough spot with this. I did the method described in the first two posts with the script and the redirect, but how would I go about undoing this to revert it back to how cpanel webmail was before I put it in place?

Thanks

I didn't see this one when it was posted, hope you figured it out but in case anyone else is interested removing is a case of deleting the relevant line from /scripts/postupcp and running /scripts/upcp. That'll put the stock pages back in and prevent the redirect from being copied over.

[beddo]

I realise .htaccess can be used to achieve the same thing however a .htaccess rule has to be created for each and every hosting account, further to this a webmail.XXXXXX.XXX subdomain. Both of these are tasks i'd rather not have to perform manually for each and every hosting account.

The redirect file using postupcp applies automatically to all accounts.

I have actually installed ATMail and changed it to the following:

Code:

<h2>Redirecting to ATMail.....please click <a href="<cpanel print="$ENV{'cp_security_token'}">/3rdparty/atmailopen/index.php">here</a> if you are not redirected automatically.</h2>
<script type="text/javascript">
function goToATMail(){
        document.location.href="<cpanel print="$ENV{'cp_security_token'}">/3rdparty/atmailopen/index.php";
}
</script>
<script>goToATMail();</script>

[armenology]

Hi Susan,

where this file should be located? Will this script enter direct to roundcube mailbox?