Login Script for Cpanel Webmail

[SatuPortal.com]

Hi....

Anyone knows where i can find login script for Cpanel webmail that i can put on my index page on my website ? Or anybody have it ?

[Maximiliam]

just make a url to point to port 2095 that should do it..

like http://yourdomain.com:2095/

you can also directly link to horde or neomail.

[wooster]

Is it possible to directly link to horde/imp.


I get a pop up window asking me to enter the name and address everytime I access webmail. Is it possible to have a static page where you can enter the name and address and login into Horde/Imp

I have tried qute a few things to no avail.

Could anyone help help me regarding this, how to avoid a popup screen login into webmail

[Website Rob]

Doesnt' work that way.

If you think of an Apt. building with security access, many people can live there and anyone can walk in the front door. To visit someone and gain access to the main building, one must push one of those buzzer buttons and have someone buzz them in.

Same with the Email setup. Although anyone can use the &webmail& or &port :2095& URL, that is the front door. As multiple Email accounts can be setup, the Control Panel needs to know &which& account is being accessed before access is granted.

Although I'm not sure why, you would find this convenient, it is much easier for anyone who has an Email account to Bookmark the link themselves. And a URL of http://domian.com/webmail/ is usually easy for people to remember, if they are not using their own computer.

[dave12345]

This seems to work ok for me

http://yourdomain.com:2095/neomail/neomail.pl
http://yourdomain.com:2095/horde/index.php

sorry, ignore me, just read more above

[wooster]

Let me clarify, the login and the access control is not the problem at all, Its just the pop up window which looks a bit out of place, my request was has anyone managed to get a login from a static page, some what like a regular page where people can enter their name and password and be directed to thier mail boxes.

Thanks for your replies ...

[kempes]

Try this.
[quote:8f591dc14b]#put this bit between the head tags

&script language=&javascript&&
&!-- This version: Hostroute.com --&
&!-- Based on FTP log in by: Reinout Verkerk --&
&!-- Although to be fair there is not much of his code left here --&
&!-- Web Site: http://www.hostroute.com/script_neomail.html --&

&!-- Begin
function Login(form) {
var username = form.username.value;
var password = form.password.value;
var server = form.server.value;
if (username && password && server) {
var neomail = &http://& + username + &:& + password + &@& + server + &:2095/& + username + &+& + server + &/neomail.pl&;
window.location = neomail;
}
else {
alert(&Please enter your username and password.\nYour username is the bit before the @ sign in your e-mail address.&
}
}
// End --&
&/script&

#this is what you need to put in the body of the page.

&form name=login&
&table border=1 cellpadding=3&
&tr&
&td colspan=2 align=center&
&h2&&b&Logon to webmail! &/b&&/h2&
&/td&
&/tr&
&tr&
&td&Username:&/td&
&td&
&input type=text name=username size=15 maxlength=&26&&
@
&input type=&text& name=&server& maxlength=&65& size=&15&&
&/td&
&/tr&
&tr&
&td&Password:&/td&
&td&
&input type=password name=password size=20&
&/td&
&/tr&
&tr&
&td colspan=2 align=center&
&input type=button value=&Login!& onClick=&Login(this.form)& name=&button&&
&/td&
&/tr&
&/table&
&/form&[/quote:8f591dc14b]

[wooster]

Thanks for the help.

Both the short cuts work...

[Website Rob]

Is that the script posted at WebHostingTalk? Seems similar and the discussion over there also pointed out the [b:a25a17fd26]big security hole[/b:a25a17fd26] with those type scripts.

As the URL, including ID & PW, are retained in Browser History, it allows the next person to also use the Web mail account. Can be fine for a home computer, but if that script is used at a public location, it leaves one &wide open& to abuse of their Email account.

There is a very good reason why an Authentication Challenge is setup for access to certain parts of a Hosting account. To mis-use or abuse it, is something that should be mentioned to the people using it. Otherwise, the person providing the &script& can legally be held accountable for any repercussions.

Something to think about, eh.

[wooster]

This is taken from

http://cvs.horde.org/co.php/imp/scripts/custom_login.php?login=2&r=1.5

This is the script,

&?php
// $Horde: imp/scripts/custom_login.php,v 1.4 2002/04/23 04:48:38 chuck Exp $

// CUSTOMIZE THIS
define('IMP_BASE', '..');

require_once IMP_BASE . '/lib/base.php';
require_once IMP_BASE . '/config/servers.php';

/* Set up the password encryption token. */
Secret::setKey('imp');

/* Use the first server defined in servers.php. */
// CUSTOMIZE THIS

$server_key = 'localhost';

$server_value = $servers[$server_key]['server'];
$protocol_value = $servers[$server_key]['protocol'];
$port_value = $servers[$server_key]['port'];
$folders_value = $servers[$server_key]['folders'];
$namespace_value = $servers[$server_key]['namespace'];
$maildomain_value = $servers[$server_key]['maildomain'];
$realm_value = $servers[$server_key]['realm'];
$url = '/' . $registry-&getParam('initial_page','horde');

?&

&!-- CUSTOMIZE THIS --&
&form action=&&?php echo Horde::applicationUrl('redirect.php') ?&& method=&post&&
User: &input name=&imapuser& type=&text& size=&20& /&&br /&
Pass: &input name=&pass& type=&password& size=&20& /&&br /&
&input type=&hidden& name=&server& value=&&?php echo $server_value ?&& /&
&input type=&hidden& name=&protocol& value=&&?php echo $protocol_value ?&& /&
&input type=&hidden& name=&port& value=&&?php echo $port_value ?&& /&
&input type=&hidden& name=&folders& value=&&?php echo $folders_value ?&& /&
&input type=&hidden& name=&namespace& value=&&?php echo $namespace_value ?&& /&
&input type=&hidden& name=&maildomain& value=&&?php echo $maildomain_value ?&& /&
&input type=&hidden& name=&realm& value=&&?php echo $realm_value ?&& /&
&input type=&hidden& name=&url& value=&&?php echo $url ?&& /&
&input type=&submit& value=&Log in& /&
&/form&
**************************

I am a total noob at getting this to work with imp, could some one please help me with what values to enter where the customization is supposed to happen, I tried about a dozen combinations till now....this is supposed to be a custom login page for IMP that I was directed to..

[wooster]

Its giving me a fatal error when I try to access the page:

Fatal error: Failed opening required 'PEAR.php' (include_path='') in /usr/local/cpanel/base/horde/lib/Registry.php on line 4


Could anyone help shed more light on the error

[Tim@OCZ]

This is a pain in the ass...horde should be able to parse the @domain.com and know which mailbox it is sort of like qmail does...I haven't read up on exim but there has to be an easier solution...I don't want my clients to have to enter htaccess info but rather just login directly to horde...

CPANEL staff please address this issue because looking through the forum it would appear this is a great appeal in getting this worked out.

[ccrobin]

I agree. While true, it should not be a big deal to have to enter info twice (and I agree, security is important), I am slowly migrating 25 hosting accounts to cPanel and almost every single user is asking "why do I have to...?". Again, not a huge deal in the grand scheme of things, but it does seem to be leaving a negative impression on the customers who have been confronted with it.

Perhaps it could be incorporated into the users control panel (like an option for them to logon easier - but with a caveat that if they enable the feature, it will make them more vulnerable to security risks). This way it is their decision if they want to allow it to happen or not.

I dunno, just a thought. Overall though, I must say I am very impressed with the options and configuration possibilities of cPanel. It is a big step up from what I was using.

[Planet_Master]

Heres what I use:

Firstly, put this between the HEAD tags of your page

PHP Code:

<script LANGUAGE="JavaScript"> 

<!-- Begin 
function Login(form) { 
var username = form.username.value; 
var password = form.password.value; 
var server = form.server.value; 
letters = "abcdefghijklmnopqrstuvwxyz/.1234567890~_:"; 
   
  encrypt = new Array( 
  "%61","%62","%63","%64","%65","%66", 
  "%67","%68","%69","%6a","%6b","%6c", 
  "%6d","%6e","%6f","%70","%71","%72", 
  "%73","%74","%75","%76","%77","%78", 
  "%79","%7a","/","." 
  ,"%31","%32","%33","%34","%35","%36","%37","%38", 
  "%39","%30","~","_","!",":"); 
var input = password; 
  encpass = ""; 
  for(var count = 0; count < input.length; count++) { 
    daChar = input.charAt(count); 
    for (i = 0; i < letters.length; i++) { 
      if (daChar == letters.charAt(i)) { 
        encpass += encrypt[i]; 
        break; 
      } 
    } 
  } 
if (username == "" && password == "") { 
alert("Enter your Username and Password!"); 
login.username.focus(); 
return false;   
} 
if (username == "") { 
alert("Enter your Username!"); 
login.username.focus(); 
return false;   
} 
if (password == "") { 
alert("Enter your Password!"); 
login.password.focus(); 
return false;   
} 
else { 
var htsite = "http://" + username + ":" + encpass + "@" + server; 
window.location.href = htsite; 
   } 
} 
//  End --> 
</script> 


Next, the actual login form code:

PHP Code:

<form name="login"> 

Username: <input type=text name="username" value="E-mail Address" size=20><br> 
Password: <input type=password name="password" value="Password" size=20><br> 

<input type="hidden" name="server" value="http://www.domain.com:2095/"> 
<input type=button value="Login" onClick="Login(this.form)" name="button"> 

</form> 


That's it

This is a form that should work for Neomail as that works on port 2095.

Naturally the domain.com in form name needs changing to your domain

MODIFY:

I made a few modifications to suit my purpose, but it seems to be working. If anyone else thinks of using this script a couple of observations:

1) Use the following url in the form: yourdomain.com/webmail this will redirect to the :2095 port so the username and encoded password will not be visible in the url. The problem with having it visible in the path is you can look through your browser history and simply click the link containing both the username & password !!!! That is a BIG security issue especially if your user was to login from a public machine

2) In my application i only wanted users to enter their username not the complete email address username@domain.com, i updated the script to read:

PHP Code:

var htsite = "http://" + username + "+domain.com:" + encpass + "@" + server; 


By using the above the user only needs to enter username not username@domain.com

Using this and the script above you can enable the server to automatically setup an email account.

AND SQUIRRELMAIL:

Found this at the Squirrelmail site:

How to embed a SquirrelMail login within your web page.

It is easy to put username and password input fields in any web page and let the user log into their SquirrelMail without going to the default SquirrelMail login page. Here is a sample of the required HTML code (obviously, you need to add your own layout code):

In head section add:

PHP Code:

<script language="JavaScript" type="text/javascript">
<!--
function squirrelmail_loginpage_onload() {
document.forms[0].js_autodetect_results.value = '1';
}
// -->
</script> 


And the input box:

PHP Code:

<form method="post" action="http://your.host.com/mail/src/redirect.php">

<input type="hidden" name="js_autodetect_results" value="0">

User: <input type="text" name="login_username" size="10">

Password: <input type="password" name="secretkey" size="10">

<input type="submit" value="Login">

</form> 


Good luck with it, please post your results.

[splashscreen]

Originally posted by Planet_Master

How to embed a SquirrelMail login within your web page.

It is easy to put username and password input fields in any web page and let the user log into their SquirrelMail without going to the default SquirrelMail login page. Here is a sample of the required HTML code (obviously, you need to add your own layout code):

In head section add:

PHP Code:

<script language="JavaScript" type="text/javascript">
<!--
function squirrelmail_loginpage_onload() {
document.forms[0].js_autodetect_results.value = '1';
}
// -->
</script> 


And the input box:

PHP Code:

<form method="post" action="http://your.host.com/mail/src/redirect.php">

<input type="hidden" name="js_autodetect_results" value="0">

User: <input type="text" name="login_username" size="10">

Password: <input type="password" name="secretkey" size="10">

<input type="submit" value="Login">

</form> 


Thanks for posting this... but I'm lost as to what exactly to put in the form action URL:

PHP Code:

<form method="post" action="http://your.host.com/mail/src/redirect.php"> 


Where is this located?