php Script to login on Horde and Neomail

[Radio_Head]

A gift for all , I hope you will appreciate it .
================================

It works inside Cpanel or outside on client Domain .
It works with ip shared or dedicated.
You can install it on your domain to check email ,
you can provide it to your clients to check email ,
you can integrate it on your control panel ..

It works with ssl or without ssl ...
It works with neomail or/and horde
No double prompt , insert user and password and click on button , and you are logged on Neomail or Horde .

Setup : install 3 php files in same dir , and
setup the 3 variables on index.php , nothing else .

Download : see my post below , attached file

(I fully replaced webmaillogin.cgi with the CheckIT . I created also a Cpanel script that permits the client to have CheckIT installed on his domain and configured and ready to use. If Brad/Darkorb is interested ...)

 

[MySitesOnline]

Hello,
I tried to download it but it gave me an error "You don't have access to this docmument"

 

[Tom Pyles]

No access here either

 

[Stenny Chong]

Work for me...:D
Thanks.

 

[dgbaker]

Don't do it from your browser, use wget from the server in ssh works fine.

 

[Radio_Head]

Sorry it's a free web space .

I attached here .

What do you think ?

p.s.
webmaillogin.php is required for Neomail
login2.php is required for Horde


If you will appreciate/enjoy it , I will be happy if you can tell me how to get Apache Max Client value (current server value reported from server-status) from SSH (not via browser) . I don't know if it's possible

 

[rvskin]

Didn't try but on your webmaillogin.php you using

echo "<meta http-equiv=\"REFRESH\" content=0;URL=$httptype://$user:[email protected]$ip:$port/$user+$domain/neomail.pl>";


This will be a big security issue. User's password should not appear on the URL.

 

[Radio_Head]

Originally posted by rvskin
Didn't try but on your webmaillogin.php you using

echo "<meta http-equiv=\"REFRESH\" content=0;URL=$httptype://$user:[email protected]$ip:$port/$user+$domain/neomail.pl>";


This will be a big security issue. User's password should not appear on the URL.

I don't think , because user:password are not logged by logfiles
and they don't remain on browser.
However it's the only way to access using the browser ,if you don't want use browser prompts .

 

[strauberry]

Hi,
I had the same "problem" with the htaccess-login and you can solve it with perl AND php... but it is very unpritty
You have to authenticate on the server an on client side... so if you try this

header("Location: http://user : [email protected]");

you will get the htaccess-popup anyway because the browser is not authenticated.

If anyone is interested I can poste my solution...

strauberry

 

[vladgur]

Originally posted by Radio_Head
I don't think , because user:password are not logged by logfiles
and they don't remain on browser.
However it's the only way to access using the browser ,if you don't want use browser prompts .

I think it would be much safer if you didnt send the password in a url but in a password field and then processed it on the server side.

 

[sqsisa]

Thats just the difference between get and post methods. If you switch it, it will go into the http header instead of the URL.

 

[Radio_Head]

Originally posted by sqsisa
Thats just the difference between get and post methods. If you switch it, it will go into the http header instead of the URL.

In fact my scripts shoud use POST (if I remember) , I cannot see security iussues .

 

[sqsisa]

Not saying you have one. Just that you could get the vars out of the URl by the method. I'm using squirrlmail so I can use 80 and only login once. Nice job.

 

[hutech]

i am havint problem installinf the scripts,

where do i change variables, what variales do i need to change

where is the login2.php

thanks very much for helping ,

cPanel.net Support Ticket Number:

 

[sqsisa]

With what? Squirrlmail?

cPanel.net Support Ticket Number:

 

[hutech]

no, just the default horde imp

thanks,

actually, where do i put the 3 scripts.

cPanel.net Support Ticket Number:

 

[sqsisa]

Sry, never use it.

cPanel.net Support Ticket Number:

 

[pigstuy]

I tried using the http 1.1 to send the username and password in the header using the GET method. I copied the basic script from the PHP user manual (under the function fsockopen). The problem is that it never sets the cookies (or something else), so the login script will not work unless the user has previously logged in using http://domain.com:2095/neomail/neomail.pl. Has anyone managed to get a working script like this?

I do not want to send the passwords by url (http://user:[email protected]:2095) because that is extremely unsecure in a public environment.

Thanks!

cPanel.net Support Ticket Number:

 

[Radio_Head]

Originally posted by hutech
i am havint problem installinf the scripts,

where do i change variables, what variales do i need to change

where is the login2.php

thanks very much for helping ,

cPanel.net Support Ticket Number:

read my first post ..

Setup : install 3 php files in same dir , and
setup the 3 variables on index.php , nothing else .


@ pigstuy : can you explain me why extremely unsecure since
apache doesn't log them (user and pass) ? Could be unsecure is someone is phisically near your pc , yes .
However If anyone/you want could modify the scripts , of course. You/anyone can attach the files so we can test.

For now I have find no alternatives if you don't want double logins.

 

[pigstuy]

It isn't secure in the respect that your password is clearly visible in the URL. It is not a big problem in I.E. because the URL will not show the password, only the location bar will. But in Mozilla the URL & location bar shows the username and password.

Many of my users will be logging in from school computers, where there are many people standing around you/near you and I want to make the site as secure as possible.

It seems like a better idea to send the information as a header because the password will never show up in the location bar or URL.