Direct login in roundcube webmail

[jcorreia]

Hi,
I would like that the users when acessing webmail could be logged on directly into roundcube without passing in the cpanel window where they can see the options to;
"Change Password,Forwarding Options,Auto Responders,Configure Mail Client...etc"

is this possible or there is already an URL that I don´t know ?

Thanks,
Jorge Correia

 

[SuperBaby]

Me too want to know.

 

[jcorreia]

anybody ? is it possible or available ? is it in plans ?

Thanks

 

[jcorreia]

well....at least the path to the file so I can change the code of it ?

 

[DaveUsedToWorkHere]

You can click on the Enable AutoLoad link to have Roundcube auto appear after 5 seconds on each login. This is designed to allow the mail user to have access to the other options in the mail interface which can greatly improve their mail experience.

For example, Mail filtering allows them to set up filters/rules on their account so they don't have to configure them in each email application they use. Mail users can also set up filters to send mail to another account through this interface rather than having to ask the site admin to do so.


There's not currently a way to edit the login page but you could put in place a custom page using /scripts/postupcp as putting a custom page in /usr/local/cpanel/base/webmail/x3/ will result in the custom page being overwritten after any update.

To 'hack' a custom page into place See my later post for a cross-browser JavaScript approach:

Create a file called /root/roundcuberedirect.html that contains this:

<cpanel Email="check_roundcube()">
<meta http-equiv="refresh" content="0;<cpanel print="$CPVAR{'roundcube'}">/index.php">

Then, create a text file called /scripts/postupcp that contains this:

#!/bin/sh
(cp /root/roundcuberedirect.html /usr/local/cpanel/base/webmail/x3/index.html)

After those are created, the html file containing the meta-refresh will be copied in place of the webmail home page each time you update cPanel. run /scripts/postupcp to switch the files and you'll be good to go.

 

[jcorreia]

Thanks for your answer

I know it´s a good thing for them to have this option, but our server is managed, and sometimes a 'user can´t break what they can´t see' :D

I will try your solution. Once again thanks

 

[glicky]

I would like to use the standard roundcubes login page like in their demo and generall installs, not the cpanel popup window method. Is this possible?

 

[DaveUsedToWorkHere]

I would like to use the standard roundcubes login page like in their demo and generall installs, not the cpanel popup window method. Is this possible?

This is not possible. You need to login to the cPanel webmail interface before accessing roundcube. As discussed above, once logged into the webmail interface, the user can be taken directly to roundcube.

 

[Ado`]

Works for Firefox but not IE ! ?

There's not currently a way to edit the login page but you could put in place a custom page using /scripts/postupcp as putting a custom page in /usr/local/cpanel/base/webmail/x3/ will result in the custom page being overwritten after any update.

To 'hack' a custom page into place:

Create a file called /root/roundcuberedirect.html that contains this:

<cpanel Email="check_roundcube()">
<meta http-equiv="refresh" content="0;<cpanel print="$CPVAR{'roundcube'}">/index.php">

Then, create a text file called /scripts/postupcp that contains this:

#!/bin/sh
(cp /root/roundcuberedirect.html /usr/local/cpanel/base/webmail/x3/index.html)

After those are created, the html file containing the meta-refresh will be copied in place of the webmail home page each time you update cPanel. run /scripts/postupcp to switch the files and you'll be good to go.

Hi cpaneldave,
This workaround works in Firefox however in Internet Explorer it simply creates an endless loop after submitting the login details. Any possibility you know of a reason as to why this is and what would fix it ?

 

[whplus]

why not using httaccess ?

(1) create subdomain, i.e webmail.domain.com
(2) create .htaccess file in there that contains:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^webmail.domain.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.webmail.domain.com$
RewriteRule ^(.*)$ https://domain.com:2096/3rdparty/roundcube/index.php?_task=mail$1 [R=301,L]

susan,

 

[Ado`]

Hi Susan,
I realise .htaccess can be used to achieve the same thing however this then means that a .htaccess rule has to be created for each and every hosting account, further to this a webmail.XXXXXX.XXX subdomain. Both of these are tasks i'd rather not have to perform manually for each and every hosting account.

 

[DaveUsedToWorkHere]

Hi cpaneldave,
This workaround works in Firefox however in Internet Explorer it simply creates an endless loop after submitting the login details. Any possibility you know of a reason as to why this is and what would fix it ?

Sorry about that. I'm not on Win so I only tested in FF and Safari. Here's content for the index.html page that will allow it to work with IE. It's less elegant (JavaScript) but handles those w/ out JavaScript by giving them a link to click.

<cpanel Email="check_roundcube()">
<h2>Redirecting to Roundcube WebMail.....please click <a href="<cpanel print="$CPVAR{'roundcube'}">/index.php">here</a> if you are not redirected in 5 seconds.</h2>
<script type="text/javascript">
function goToRoundCube(){
        document.location.href="<cpanel print="$CPVAR{'roundcube'}">/index.php";
}
</script>
<script>goToRoundCube();</script>

 

[Asver]

Hi.
First of all, sorry for my spell mistakes.
I have exactly the same problem, and i dont have access to cPanel directory, but still I want to put some log-in form on my webpage that send users directly to roundcube client.
Is anything changed in this matter? Is this option now avaiable?
And if not, maybe someone will help me with this:
When I entering url directly to my roundcube cilent (like "https://myDomain:2096/3rdparty/roundcube/?_task=mail") withoun being log in, I get some kind of pop-up window with log-in form. When I type my log/pass Im send directly to roundcube. It is exactly the effect what I want, but withaut the pop-up window. I want form on my site.
My question is: How I can communicate with this window to automatically send log/pass? Or, how this window works? Or where it sends the data?

 

[cPanelDon]

And if not, maybe someone will help me with this:
When I entering url directly to my roundcube cilent (like "https://myDomain:2096/3rdparty/roundcube/?_task=mail") withoun being log in, I get some kind of pop-up window with log-in form. When I type my log/pass Im send directly to roundcube. It is exactly the effect what I want, but withaut the pop-up window. I want form on my site.

The browser pop-up window is displayed because your server is configured to use HTTP Authentication. To log-in using an HTML-form you will need to disable HTTP Authentication so that cookie authentication will be used, which will avoid the pop-up-style log-in prompt.

This change can be accomplished using WebHost Manager via the following menu path (with linked documentation): WHM: Main >> Server Configuration >> Tweak Settings >> Security >> Enable HTTP Authentication [?] Enable HTTP Authentication for cPanel/WebMail/WHM Logins. This risks certain types of XSRF attacks that rely on cached HTTP Auth credentials. Disabling forces cookie authentication.

 

[beddo]

Hi,
I am trying to set up something similar and the roundcuberedirect.html file seems to work only if you do not use security tokens. Can anyone suggest the extra code needed to make the redirect security token aware?
Thanks.

 

[cPanelDon]

Hi,
I am trying to set up something similar and the roundcuberedirect.html file seems to work only if you do not use security tokens. Can anyone suggest the extra code needed to make the redirect security token aware?
Thanks.

With security session tokens enabled, I'm able to directly access Roundcube webmail via the following URLs; replace "server" with your server hostname, IP address, or cPanel account domain name:

http://server:2095/3rdparty/roundcube/
https://server:2096/3rdparty/roundcube/

If proxy sub-domains are enabled, the following URLs, using the "webmail." sub-domain, will also go directly to Roundcube; replace "domain" with your cPanel account domain name:

http://webmail.domain:2095/3rdparty/roundcube/
https://webmail.domain:2096/3rdparty/roundcube/

 

[Asver]

The browser pop-up window is displayed because your server is configured to use HTTP Authentication. To log-in using an HTML-form you will need to disable HTTP Authentication so that cookie authentication will be used, which will avoid the pop-up-style log-in prompt.

This change can be accomplished using WebHost Manager via the following menu path (with linked documentation): WHM: Main >> Server Configuration >> Tweak Settings >> Security >> Enable HTTP Authentication [?] Enable HTTP Authentication for cPanel/WebMail/WHM Logins. This risks certain types of XSRF attacks that rely on cached HTTP Auth credentials. Disabling forces cookie authentication.

I see. Thanks for fast and solid reply.
But even if it spread some light on cause of my problem, it does not solve it.
I don’t have access to this security setting, neither I want to disable it. All I want is to allow my users to log in directly to roundcube with use of little form located somewhere on my website.

Now I am wondering if it is possible to log in using help of curl?
I done some tests, but they don’t work... I don’t know much about sniffing with Curl, and breaking security stuff, but if there is no other option... any suggestions will be nice.
Here is code that I gathered in last few days (witch don’t work, of course).

$curl = curl_init();
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY ) ;
curl_setopt($curl, CURLOPT_USERPWD, "login:pass");
curl_setopt($curl, CURLOPT_SSLVERSION,3);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($curl, CURLOPT_HEADER, true);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, "user=login&pass=password");
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
curl_setopt($curl, CURLOPT_URL, 'https://myDomain:2096/3rdparty/roundcube/?_task=mail');

 

[beddo]

If proxy sub-domains are enabled, the following URLs, using the "webmail." sub-domain, will also go directly to Roundcube; replace "domain" with your cPanel account domain name:

http://webmail.domain:2095/3rdparty/roundcube/
https://webmail.domain:2096/3rdparty/roundcube/

We actually use the proxy sub-domains exclusively due to the certificate name. direct access to the ports is actually firewalled off.

All I need is a little bit of code in the roundcube redirector that picks up the right variable being posted and then passes it on. Surely there is some documentation for developers on how to make things token compatible?

Edit:

I figured it out myself. All it takes is an extra print statement in the clickable link and javascript redirect. Here it is for anyone else interested.

<cpanel Email="check_roundcube()">
<h2>Redirecting to Roundcube WebMail.....please click <a href="<cpanel print="$ENV{'cp_security_token'}"><cpanel print="$CPVAR{'roundcube'}">/index.php">here</a> if you are not redirected in 5 seconds.</h2>
<script type="text/javascript">
function goToRoundCube(){
        document.location.href="<cpanel print="$ENV{'cp_security_token'}"><cpanel print="$CPVAR{'roundcube'}">/index.php";
}
</script>
<script>goToRoundCube();</script>

 

[thisxstyle]

Hey,

I'm stuck in a tough spot with this. I did the method described in the first two posts with the script and the redirect, but how would I go about undoing this to revert it back to how cpanel webmail was before I put it in place?

Thanks

 

[beddo]

Hey,

I'm stuck in a tough spot with this. I did the method described in the first two posts with the script and the redirect, but how would I go about undoing this to revert it back to how cpanel webmail was before I put it in place?

Thanks

I didn't see this one when it was posted, hope you figured it out but in case anyone else is interested removing is a case of deleting the relevant line from /scripts/postupcp and running /scripts/upcp. That'll put the stock pages back in and prevent the redirect from being copied over.