The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

php Script to login on Horde and Neomail

Discussion in 'E-mail Discussions' started by Radio_Head, Apr 18, 2003.

?

Do you like CheckIT ?

  1. Yes

    9 vote(s)
    45.0%
  2. No

    11 vote(s)
    55.0%
Thread Status:
Not open for further replies.
  1. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    A gift for all , I hope you will appreciate it .
    ================================

    It works inside Cpanel or outside on client Domain .
    It works with ip shared or dedicated.
    You can install it on your domain to check email ,
    you can provide it to your clients to check email ,
    you can integrate it on your control panel ..

    It works with ssl or without ssl ...
    It works with neomail or/and horde
    No double prompt , insert user and password and click on button , and you are logged on Neomail or Horde .

    Setup : install 3 php files in same dir , and
    setup the 3 variables on index.php , nothing else .

    Download : see my post below , attached file

    (I fully replaced webmaillogin.cgi with the CheckIT . I created also a Cpanel script that permits the client to have CheckIT installed on his domain and configured and ready to use. If Brad/Darkorb is interested ...)
     
    #1 Radio_Head, Apr 18, 2003
    Last edited: Apr 18, 2003
  2. MySitesOnline

    MySitesOnline Active Member

    Joined:
    Mar 24, 2003
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Hello,
    I tried to download it but it gave me an error "You don't have access to this docmument"
     
  3. Tom Pyles

    Tom Pyles Well-Known Member

    Joined:
    Apr 26, 2002
    Messages:
    254
    Likes Received:
    0
    Trophy Points:
    16
    No access here either :(
     
  4. Stenny Chong

    Stenny Chong Well-Known Member

    Joined:
    Jun 12, 2002
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    6
    Work for me...:D
    Thanks.
     
  5. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    Don't do it from your browser, use wget from the server in ssh works fine.
     
  6. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    Sorry it's a free web space .

    I attached here .

    What do you think ?

    p.s.
    webmaillogin.php is required for Neomail
    login2.php is required for Horde


    If you will appreciate/enjoy it , I will be happy if you can tell me how to get Apache Max Client value (current server value reported from server-status) from SSH (not via browser) . I don't know if it's possible
     

    Attached Files:

    #6 Radio_Head, Apr 18, 2003
    Last edited: Apr 18, 2003
  7. rvskin

    rvskin Well-Known Member
    PartnerNOC

    Joined:
    Feb 19, 2003
    Messages:
    400
    Likes Received:
    1
    Trophy Points:
    18
    Didn't try but on your webmaillogin.php you using

    echo "<meta http-equiv=\"REFRESH\" content=0;URL=$httptype://$user:$pwd@$ip:$port/$user+$domain/neomail.pl>";


    This will be a big security issue. User's password should not appear on the URL.
     
  8. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    I don't think , because user:password are not logged by logfiles
    and they don't remain on browser.
    However it's the only way to access using the browser ,if you don't want use browser prompts .
     
  9. strauberry

    strauberry Well-Known Member

    Joined:
    Mar 25, 2003
    Messages:
    150
    Likes Received:
    0
    Trophy Points:
    16
    Hi,
    I had the same "problem" with the htaccess-login and you can solve it with perl AND php... but it is very unpritty :)
    You have to authenticate on the server an on client side... so if you try this

    PHP:
    header("Location: http://user : pw@domain.com");
    you will get the htaccess-popup anyway because the browser is not authenticated.

    If anyone is interested I can poste my solution...

    strauberry
     
  10. vladgur

    vladgur Member

    Joined:
    Apr 18, 2003
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    I think it would be much safer if you didnt send the password in a url but in a password field and then processed it on the server side.
     
  11. sqsisa

    sqsisa Well-Known Member

    Joined:
    Apr 8, 2003
    Messages:
    97
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Bay Area, CA
    Thats just the difference between get and post methods. If you switch it, it will go into the http header instead of the URL.
     
  12. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    In fact my scripts shoud use POST (if I remember) , I cannot see security iussues .
     
  13. sqsisa

    sqsisa Well-Known Member

    Joined:
    Apr 8, 2003
    Messages:
    97
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Bay Area, CA
    Not saying you have one. Just that you could get the vars out of the URl by the method. I'm using squirrlmail so I can use 80 and only login once. Nice job.
     
  14. hutech

    hutech Member

    Joined:
    Mar 18, 2003
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    i am havint problem installinf the scripts,

    where do i change variables, what variales do i need to change

    where is the login2.php

    thanks very much for helping ,

    cPanel.net Support Ticket Number:
     
  15. sqsisa

    sqsisa Well-Known Member

    Joined:
    Apr 8, 2003
    Messages:
    97
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Bay Area, CA
    With what? Squirrlmail?

    cPanel.net Support Ticket Number:
     
  16. hutech

    hutech Member

    Joined:
    Mar 18, 2003
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    no, just the default horde imp

    thanks,

    actually, where do i put the 3 scripts.

    cPanel.net Support Ticket Number:
     
  17. sqsisa

    sqsisa Well-Known Member

    Joined:
    Apr 8, 2003
    Messages:
    97
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Bay Area, CA
    Sry, never use it.

    cPanel.net Support Ticket Number:
     
  18. pigstuy

    pigstuy Member

    Joined:
    Sep 4, 2003
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    I tried using the http 1.1 to send the username and password in the header using the GET method. I copied the basic script from the PHP user manual (under the function fsockopen). The problem is that it never sets the cookies (or something else), so the login script will not work unless the user has previously logged in using http://domain.com:2095/neomail/neomail.pl. Has anyone managed to get a working script like this?

    I do not want to send the passwords by url (http://user:pass@domain.com:2095) because that is extremely unsecure in a public environment.

    Thanks!

    cPanel.net Support Ticket Number:
     
  19. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    read my first post ..

    Setup : install 3 php files in same dir , and
    setup the 3 variables on index.php , nothing else .


    @ pigstuy : can you explain me why extremely unsecure since
    apache doesn't log them (user and pass) ? Could be unsecure is someone is phisically near your pc , yes .
    However If anyone/you want could modify the scripts , of course. You/anyone can attach the files so we can test.

    For now I have find no alternatives if you don't want double logins.
     
    #19 Radio_Head, Sep 4, 2003
    Last edited: Sep 4, 2003
  20. pigstuy

    pigstuy Member

    Joined:
    Sep 4, 2003
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    It isn't secure in the respect that your password is clearly visible in the URL. It is not a big problem in I.E. because the URL will not show the password, only the location bar will. But in Mozilla the URL & location bar shows the username and password.

    Many of my users will be logging in from school computers, where there are many people standing around you/near you and I want to make the site as secure as possible.

    It seems like a better idea to send the information as a header because the password will never show up in the location bar or URL.
     
Loading...
Thread Status:
Not open for further replies.

Share This Page