Hi All,
We've added our own webmail option to the cPanel webmail list. When the user clicks on it, we're redirecting him from cPanel to our external (non-cPanel) server, where we have Roundcube installed. The user logs into Roundcube on our server, which in turns logs in to IMAP on the original cPanel server.
So we're in essence replacing the basic version of Roundcube that comes with cPanel with an external version of Roundcube that includes a lot of additional skins and plugins.
What we'd like to do is avoid the double-login issue similarly to the way the 'cpanellogin' Roundcube login does.
We can get the following information from cPanel before redirecting the user to Roundcube on our server:
getenv('cp_security_token') -- for example: /cpsess9445373123 -- we can use this to create the return path to cPanel when someone logs out of Roundcube on our server.
$_ENV['REMOTE_USER'] -- the username we can use to log in to Roundcube
$_ENV['REMOTE_PASSWORD'] -- this gives us something like this: cpses_te2iaho33p[::cpses::]HVTpfuajgAPGrT8PenEo6tTfNBA25P6a
This REMOTE_PASSWORD string is used to automatically log in to the local cPanel version of Roundcube, so the user doesn't have to type their username password again.
The question is, how do we use this REMOTE_PASSWORD string to log in to cPanel's IMAP server from an external location? What is this format? Is it the user's password encrypted/hashed using one the methods used by Dovecot? Or is it something that's cPanel specific?
Thank you, any help would be appreciated.
We've added our own webmail option to the cPanel webmail list. When the user clicks on it, we're redirecting him from cPanel to our external (non-cPanel) server, where we have Roundcube installed. The user logs into Roundcube on our server, which in turns logs in to IMAP on the original cPanel server.
So we're in essence replacing the basic version of Roundcube that comes with cPanel with an external version of Roundcube that includes a lot of additional skins and plugins.
What we'd like to do is avoid the double-login issue similarly to the way the 'cpanellogin' Roundcube login does.
We can get the following information from cPanel before redirecting the user to Roundcube on our server:
getenv('cp_security_token') -- for example: /cpsess9445373123 -- we can use this to create the return path to cPanel when someone logs out of Roundcube on our server.
$_ENV['REMOTE_USER'] -- the username we can use to log in to Roundcube
$_ENV['REMOTE_PASSWORD'] -- this gives us something like this: cpses_te2iaho33p[::cpses::]HVTpfuajgAPGrT8PenEo6tTfNBA25P6a
This REMOTE_PASSWORD string is used to automatically log in to the local cPanel version of Roundcube, so the user doesn't have to type their username password again.
The question is, how do we use this REMOTE_PASSWORD string to log in to cPanel's IMAP server from an external location? What is this format? Is it the user's password encrypted/hashed using one the methods used by Dovecot? Or is it something that's cPanel specific?
Thank you, any help would be appreciated.
