My name is Philipp C. Heckel and I write about nerdy things.

Roundcube login via PHP script


Programming

Roundcube login via PHP script


Roundcube is an AJAX/PHP based e-mail application which is really flexible and easy to use in comparison to other free web based solutions.

For the customer interface of Silversun, I wanted to use RC as the internal web mail application and therefore had to embed it into my system. To avoid that the customer has to log in twice (customer interface and Roundcube), I had to simulate the login request with a PHP script.


Contents


Updates

A lot has changed over the years. As of now (July 2013), the class does exist for over 5 years. Here’s what happened in this time:

  • November 2008: After the comment of Matias, I reviewed the code and fixed some issues. Now it should work properly even with the newest Roundcube version (0.2-beta). The class file itself contains installation instructions. Please read them carefully.
  • March 2009: Just tested the script with version 0.2.1 and it works like a charm, at least for my installation.
  • December 2009: Diego just confirmed (via e-mail) that the script also works for 0.3.1 without modification.
  • May 2010: I just tested the scripts with Roundcube 0.4-beta, and it still works without modification. I also added the section Debugging make it easier to figure out what’s wrong.
  • March 2011: After Alex’ comment, I adjusted a small part of the script. It should now also work with Roundcube 0.5.1. It now handles the new request token correctly. The pre-0.5.1 script is still available for download here: RoundcubeLogin.pre-0.5.1.class.php (plain text).
  • April 2012: I have updated the script again. It now works with 0.7.2. Issues were PHP’s multiple-cookie handling, the sessauth-cookie as well as the user agent checks by RC. The pre-0.6 version is still available for download here: RoundcubeLogin.pre-0.6.class.php (plain text).
  • May 2013: According to Reznor’s comment, the script still works with 0.9.0.
  • July 2013: The class is currently used in the Roundcube ownCloud Plugin by Martin Reinhardt. There have been some issues with the altered version. Make sure to update to the newest version or report bugs here.
  • July 2013: After many user issues with SSL-hosted Roundcube installations, I finally got around to fix the SSL issues once and for all. The class now detects whether RC is running with SSL/TLS and set hostname, port and connection type accordingly. If that does not work, you can use setHostname(), setPort() and setSSL to adjust these settings to your environment. The old class is still available here: RoundcubeLogin.pre-0.9.2.class.php (plain text).

1. Prepare RC

To perform the Roundcube login via a web site, it is necessary to turn off the check_ip/ip_check option in the main.inc.php file, because our script (= server IP address) will send the login data and pass it to RC instead of the user’s browser (= user IP address).

2. The RoundcubeLogin class

This small class only consists of four functions and it shouldn’t be necessary to modify it in order to get the login to work.

The class provides four public methods:

  • login($username, $password)
    Perform a login to the Roundcube mail system.
    Note: If the client is already logged in, the script will re-login the user (logout/login). To prevent this behaviour, use the isLoggedIn()-function.
    Returns: TRUE if the login suceeds, FALSE if the user/pass-combination is wrong
    Throws: May throw a RoundcubeLoginException if Roundcube sends an unexpected answer (that might happen if a new Roundcube version behaves differently)
  • isLoggedIn()
    Checks whether the client/browser is logged in and has a valid Roundcube session.
    Returns: TRUE if the user is logged in, FALSE otherwise.
    Throws: May also throw a RoundcubeLoginException (see above).
  • logout()
    Performs a logout on the current Roundcube session.
    Returns: TRUE if the logout was a success, FALSE otherwise.
    Throws: May also throw a RoundcubeLoginException (see above).
  • redirect()
    Simply redirects to Roundcube.
  • setHostname($hostname)
    Set hostname manually. Note that the hostname must point to the local machine. It does not work for remote machines.
  • setPort($port)
    Set port manually. Uses server port by default (auto detected).
  • setSSL($enableSSL)
    Enable or disable SSL for this connection. This value impacts the connection string for fsockopen(). If enabled, the prefix “ssl://” is attached. If NULL is set, the value of the $_SERVER['HTTPS'] variable is used.

3. Sample usage

The script below demonstrates how the class can be used. If the client is already logged in, it simply redirects the browser to the Roundcube application. If not, it performs a login and then redirects to Roundcube.

4. Debugging

If you’re having problems with the RoundcubeLogin.class.php class (plain text) itself, try using the rclogin.php-file (plain text) for debugging: open the file in your browser (http://myhost/roundcube/rclogin.php), and take a look at the output. The RoundcubeLogin-class performs a series of request/response cycles and parses the output to figure out if you’re logged in.

Known issues:

  1. No Roundcube installation found at ‘…’
    This error message is thrown if the path-value in the RoundcubeLogin constructur was not set correctly. It must be set to the part of the URL that represents the path, e.g. in case of http://myhost/roundcube/ you must create the object like this:
  2. Unable to determine login-status due to technical problems.
    This error can occur in the methods login(), logout() and isLoggedIn(). The RoundcubeLogin-class expects Roundcube to send certain headers in response to the login/logout-requests. If those headers could not be found, this error is thrown. Possible reasons are:

    • New RC version
    • Cookies must be enabled
    • ip_check/check_ip option in the main.inc.php must be false
  3. Unable to determine the login status. Unable to continue due to technical problems.
    This error occurs if the script cannot determine if you are logged in or not, because the returned HTML code neither contains the login-form (= logged out) nor the message DIV (= logged in). This might happen if Roundcube changed the HTML-code.
  4. Test script “rclogin.php” says “400 Bad Request”: When you run the test script you get an error like this:

    The reason for this exception is that the hostname in the fsockopen() has been called without an “ssl://”-prefix. In the class you can fix this by calling $rcl->setSSL(true).

5. I’m open for suggestions

Please feel free to post your comment or suggestions. That’s the only way to ensure that it works with all versions.

209 Comments

  1. matias

    hey! thanks for sharing…I couldn’t make it work, I get errors on this lines:
    header($line); (line 89 of the class)
    and:
    header(“Location: /mypath/rc”);

    the success var contains a 1, so I guess the login works fine.

    If in a different tab of my browser try to go to “mydomain/mypath/rc/?_task=mail”, I get redirected to the rc login page.
    Wasn’t I suposed to see my mails if I get a 1 at the success line?

    can you tell me what version of roundcube are you using? mine is 0.1.1

    thank you very much!!


  2. Philipp

    Hallo Matias,

    thanks for your comment. I will look into this at the weekend.
    In fact, i’ve experienced some difficulties after my update too, — so
    this might me the chance for me to fix this bug and answer your questions.

    Regards,
    Philipp



  3. matias

    Philipp….thank you very much!!!!!
    It worked perfectly!!!
    good job!
    again, thank you a lot

    regards
    matias


  4. Simone

    Hi, I receive the message error:

    Status: ERROR: Unable to determine the login status. Unable to continue due to technical problems.

    I’m using RC 0.2b version.
    I’ve modified the main.inc.php file setting $rcmail_config[‘ip_check’] = false;

    The classic login works.

    Any suggestions?

    Thanks!


  5. Philipp

    Hey Simone,

    if you give me the debug output, I can take a look. I’m gonna write you a mail so that we can try to fix it …

    Regards,
    Philipp

    Update 30th Nov:
    Unfortunately, Simone didn’t reply to my mail. Therefore, I can’t help her …


  6. uzu

    hi,

    i havent test it fully right now… but i got some errors and could fix it.

    first .. local .. all right ..runs smoothly :D

    public .. errors .. first “no roundcube install found” .. change it to ‘./roundcubemail/’ .. then i got the error Status: ERROR: Unable to determine the login status. Unable to continue due to technical problems.

    then i change followed:
    private function sendRequest($path, $postData = false) {
    $method = (!$postData) ? “GET” : “POST”;
    $port = ($_SERVER[‘HTTPS’]) ? 443 : 80;
    $host = ($port == 443) ? “ssl://email.godz-clan.org” : “email.godz-clan.org”;

    my webspace provider block maybe localhost .. dont know .. but so it runs.

    maybe you make a variable host so you can make this at one place if someone has the same error.


  7. joris

    Philipp,

    Thanks for this workaround. I am looking for a solution to login from an external page into RC. Your soluation seems to be perfect for what i am looking for.

    After i tried the code, the error

    “Status: ERROR: Unable to determine the login status. Unable to continue due to technical problems.”

    popped up. As far as i can see, all my parameters are set up as they should. Even the original login page in RC works as it should. I even tried UZU’s solution (above).

    I use RC version: RELEASE 0.2-ALPHA.
    PHP 5, etc..

    Thanks in advance.

    Joris


  8. Nick

    Philipp..

    Really cool workaround, thank you so much for posting it..

    But it doesn’t seem to be working for me!

    Here’s the error I get:

    Warning: Cannot modify header information – headers already sent by (output started at …/roundcubelogin.class.php:398) in …/roundcubelogin.class.php on line 351

    Warning: Cannot modify header information – headers already sent by (output started at …/roundcubelogin.class.php:398) in …/roundcubelogin.class.php on line 351

    Warning: Cannot modify header information – headers already sent by (output started at …/roundcubelogin.class.php:398) in …/roundcubelogin.class.php on line 233

    any ideas?



  9. Jack

    Philipp,

    I desperately want to use your solution. However, I keep getting an error that I’m not sure how to fix.

    First of all, I have to set the first argument of the RoundcubeLogin class constructor to “./roundcube/” instead of “/roundcube/” or I get the message “ERROR: Technical problem, No Roundcube installation found at ‘/roundcube/’.”

    After that, I get the message “ERROR: Technical problem, Unable to determine the login status. Unable to continue due to technical problems.” The debug output is saying that it is a 400 Bad Request error. I can see that it is caused by trying to append “./roundcube” to my domain name rather than resolving to the correct directory path. For example, instead of correctly making the request to http://mydomain.com/path/to/roundcube, it’s trying to make the request to http://mydomain.com./roundcube.

    Will you please help me get this working?

    TIA,
    Jack


  10. Philipp

    @Jack: This looks pretty simple. You should be using the correct path in the constructor.

    Instead of

    $rcl = new RoundcubeLogin(“/roundcube/”, true);

    write

    $rcl = new RoundcubeLogin(“/path/to/roundcube/”, true);

    This parameter is the URL-path of your roundcube installation. That is, if your RC is installed at http://mydomain.com/path/to/roundcube/, you should specify “/path/to/roundcube/” as webmail-path.

    Regards, Philipp


  11. carl

    Thanks!

    I have this working, and it meets 100% of my needs but…

    I can only get it to work with a clear text password!

    Is there any way to make this work with an encrypted password?

    It would be a big security issue for my site to store clear text passwords…

    Thanks!


  12. Philipp

    Hey there,

    you don’t have to store the clear text passwords in your database. That’s absolutely not necessary.

    The easiest way is to store the clear text password in the $_SESSION variable when the user logs in. That is, the password is only stored temporarily on the server and can only be stolen when someone is able to steal the session AND your script prints the password at some point. However, due to the fact that you don’t have to print the password, but only send it to the RC installation, this shouldn’t be a problem….

    Regards,
    Philipp


  13. Steve

    First, thank you for creating this script and for your continued support of it!

    Have you tested this with RC 2.2? The script doesn’t seem to be working for me – I get an error that the roundcube installation isn’t found.

    I have tried /roundcube/ and http://www.idatasys.net/roundcube/ – neither seems to work.


  14. Philipp

    Hey Steve,

    I haven’t had the chance to test it unfortunately and I will not be able to do so for the next month (since I am traveling around in California, yey!!).

    It is possible that RC 2.2 either completely changed the login mechanisms, or some parts of the HTML output (which my script uses to parse the results).

    Enabling the debug option and printing the output should give you some hints why it isn’t working. See above how to do that.

    /roundcube/ should be fine as path.

    Regards,
    Philipp


  15. Carl

    Howdy,

    Thanks to you I was able to setup SSO (Single Sign On) for my site.

    These scripts helped so much!

    There is just one little thing I hope someone can help with, as I can not figure it out on my own…

    When using http://mydomain.com/roundcube/ everything works.

    But I have a seprate Mail server with a much faster RoundCube setup at http://mail.mydomain.com

    How can I change:

    $rcl = new RoundcubeLogin(“/mail/rc671/”, true);

    To something like:

    $rcl = new RoundcubeLogin(“mail.mydoamin.com”,
    \ true);

    Also, I think I would need to update:

    if ($rcl->isLoggedIn())
    header(“Location: rc671/”);

    And:

    if ($rcl->isLoggedIn())
    header(“Location: rc671/”);

    Thank you for you time,
    Carl.


  16. Philipp

    Hey Carl,

    the script is not made for this situation, and I’m not sure it is possible to rewrite it that way. If it would work, I would have made it that flexible when I wrote it.

    Reasons: RC relies on Cookies. And in order to communicate with RC, my script has to read the Cookies from RC and interpret their meaning, _and_ eventually re-set to the end-user’s browser.

    i.e.
    RC <--> script <--> user

    If the script and RC are located on the same host, it can read and write the same Cookies as RC. If, however, it is located on a different server, it is able to read RC’s Cookies (as a client), but cannot re-send them to the end-user client (because you can’t save Cookies for a different host than your own). Therefore, the end-user cannot stay logged in.

    If you have any questions, please feel free to ask.

    Philipp



  17. Kit

    I am trying to mod a server install and keep getting the following error when running your the rclogin.php script– Parse error: syntax error, unexpected ‘{‘ in /home/xxxxxx/public_html/RoundCube/rclogin.php on line 23

    I have placed the class file in the main usr directory for roundcube.

    Please advise… Your help is greatly apprecited.

    -Kit


  18. Philipp

    Hey Kit,

    sorry that it took so long for me to answer but I read your comment on my cell and totally forgot about it…

    1)
    First to the parse error: the rclogin.php file worked for all the others which means that you either made a copy+paste error, or more likely that you’re using a PHP version that doesn’t support try/catch. What PHP version are you using? You need at least PHP 5.0.

    2)
    “I have placed the class file in the main usr directory for roundcube.”
    You don’t have to place the class-file or the rclogin-file in the RC installation. It can reside anywhere within the document root. In fact, the class file could even be outside the doc-root.

    Hope this helps a little.
    Regards,

    Philipp


  19. Kit

    Hey Philipp,
    NP

    Well, recently had to re-install server… When I configured through easyapache, I setup both php 4.7 and 5.2, not knowing if some clients would have older versions of code that could possibly break.

    Is there a method where I can call a specific vs of php for this script, becuase it seems to be defaulting to 4.7

    -Kit


  20. Philipp

    Hey Kit,

    I think this is a configuration problem of your web server, i.e., most likely apache… Google it and I’m sure you will find a solution …

    Regards,
    Philipp


  21. Aodhan

    Hi there, This script looks like exactly what I’m looking for but I’m getting this message error:

    Status: ERROR: Unable to determine the login status. Unable to continue due to technical problems.

    I’m using version 0.3.1.

    My main.inc.php was already set to $rcmail_config[‘ip_check’] = false and I can log in normally ok.

    my RC installation is at mydomain.com/mail and I have both your files rclogin.php and RoundcubeLogin.class.php in mydomain.com/mail/test

    I have set $rcPath = “/mail/”; in the rclogin.php script, although I get the same arror regardless of what in put here ?

    Help Please !?


  22. Philipp

    @Aodhan: The rclogin.php produces a whole lot of debug output. If you send it to me, I can maybe help you here … BUT: Make sure to remove all passwords from the output first :-D

    Regards,
    Philipp


  23. Aodhan

    Hi and thanks for getting back to me.

    Where should I see the debug output ? In the same folder as the script ? If so its not been written, thers nothing there.

    If have this set in your script, I assume thats correct ?

    // Set to TRUE if something doesn’t work
    $debug = true;
    $rcPath = “/mail/”;

    Thanks again for your help.

    Aodhan.


  24. Philipp C. Heckel

    Hey there and sorry for not replying immediately.

    when you call the rclogin.php file in your browser, it outputs something
    like “Status: … Login Logout …”. Below that, it prints the debug
    information if you click on “Login” or “Logout”.

    try clicking on “Login” or “Logout” and then it should definitely print
    something … if it doesn’t i can’t think of any reason why it doesn’t.

    you’re using version 0.3.1 right? because one of my readers confirmed
    that it works with that version. i personally haven’t tried it yet.

    sorry i can’t be more help… but without the debug output, it’s simply
    impossible to find out what’s wrong.

    regards,
    philipp


  25. Tim

    Hi,
    ist es auch möglich eine SQL abfrage (für die userdaten) zu machen und wie?
    “$rcl->login(“your-email-address”, “plain-text-password”);” Trage ich da einfach die namen der beiden Textboxen ein?

    Vielen dank im Vorraus
    Grüße


  26. Tim

    Noch ne kleinere frage, wie wende ich das richtig an (welches verzeichniss hochladen und evtl. daten anpassen)?

    Danke und Grüße


  27. Philipp C. Heckel

    Hallo Tim,

    I’m not quite sure I fully understand what you mean. The login function does not take the names of the textboxes as arguments but rather the actual e-mail address and password.

    For example:
    $rcl->login(“kennedy@example.com”,”ich-bin-ein-berliner”),
    or $rcl->login($_POST[‘username-textbox’], $_POST[‘password-textbox’]);

    but NOT:
    $rcl->login(“username-textbox”,”password-textbox”);

    What names/data do you want to retrieve from the SQL database?

    Regards,
    Philipp


  28. Tim

    Hi Philipp,
    ich möchte die User nicht über den IMAP Server abfragen sodern aus einer DB.
    Ersetzte ich die index.php mit Ihrer?

    Grüße


  29. Rabah

    hi i use rclogin scritp all its ok. but when i receive the response it show me the php code not the html page
    see above
    thanks a lot of


  30. Philipp C. Heckel

    Hello Rabah,

    the rclogin script should be used only for testing purposes because it always prints the debugging output at the end (cmp. $rcl->printDebugStack()).

    Try to use the code given in the section “sample usage” and/or disable debugging in the constructor of the RoundcubeLogin-class: $rcl = new RoundcubeLogin(…, false);

    Regards,
    Philipp


  31. Martin

    Hi Phillip, i have a problem with the login to roundcube using your script, the problem is that i have linked my login and the roundcube login, so i dont have to login every time i need to enter roundcube, but my system doesn’t keep the login, so i login and 3 seconds after i’m returned to the login page, what could be my problem??
    Thanks


  32. Philipp C. Heckel

    It’s very difficult to determine a problem without any code and/or a detailed description. Does the rclogin.php script work as expected, i.e. does it allow you to log-in/out to roundcube?

    To make a Single Sign-On script as you described it, you need to:

    1. create your own login-page with a HTML form (login.php)
    2. save the username/password when the user logs in (e.g. in the $_SESSION variable)
    3. perform a $rcl->login(…) operation if the user asks to access the webmail interface

    Sorry I can’t help more. Post some code if you have further questions …

    Regards,
    Philipp


  33. Martin

    Hello Phillip, do you know how i can make a contact list, with some of my contact, so i dont have to write them all when i want to send them a mail??
    it would a great help if you can help me.
    Thanks


  34. Arek

    hello,
    Is there any way to auto login to RoundCube? Problem is that i dont have access to any files of RoundCube, I was trying to set IE or FF to remamber passwords but it dont work, so Im thinking about making some script. Mr Philipp if You have any idea how to help me pls write msg :)

    Best regards


  35. Philipp C. Heckel

    Hey Arek,

    my script only works if the RoundcubeLogin-file and your own script reside on the same host as the RC installation, because it has to read RCs cookies.

    It will NOT work, if your script is on a different host, e.g. http://mywebsite.myprovider.tld <--> http://webmail.myprovider.tld

    Hope this helps a little.

    Regards,
    Philipp


  36. Sylvain

    Hello,

    The script tell’s me that there is no rouncube installation find. But it really is there. The file’s are my own so it’s not a provider install.

    $rcl = new RoundcubeLogin(“http://www.startnet.be/mail/”, true);
    I have already try for /mail/ ant http://startnet.be/mail/ the same problem

    ERROR: Technical problem, No Roundcube installation found at ‘http://www.startnet.be/mail’
    REQUEST:

    GET http://www.startnet.be/mail HTTP/1.1
    Host: www.startnet.be
    Cookie: 92d2a1256cd02a582ac9d3dec5154d99=239dca458af583caa6f194ba2d0606ef; 87f58a10ed835bc6d150e0ccfc067c48=71759a66171227d5ca319e575b42fda4; 3ab17c82a5752b030f3c75a65dc13787=54b2f888386adab02f720ced84f63c7a; ja_purity_tpl=ja_purity; roundcube_sessid=e12384f63f04b8adf842428e444113e4; PHPSESSID=d04ee7422f070b4c806c9403902fda1f
    Connection: close

    Regards,

    Sylvain


  37. Rich

    Great script saved me tons of time.

    Just to help others who might be having the same problem as me. I kept getting a 404 message from the roundcube request. This was because apache was not figuring out what virtual server I wanted and was defaulting to the wrong virtualserver. I simply added an alias for /roundcube in apache conf and it solved the issue. I do not know why the virtual server was not working with socket request.

    Now just make it work for squirrel mail :) and all my problems will be solved.

    Thanks again

    Rich



  38. Alex

    This doesn’t work anymore since 0.5.1, they have added a CSRF token to the login submission :)


  39. Philipp C. Heckel

    Thank you Alex for this hint.

    I updated the class. It should now work with older versions as well as Roundcube 0.5.1. It handles the request token correctly.


  40. Tim Canty

    This script looks like it will fit the task that i require perfectly, however i have been trying to get this to work for the last few hours. I have been getting can’t find path error, whatever i put in e.g. /rmail/ etc doesn’t work.

    However I have just discovered i’m using version 0.5.2 not 0.5.1, and looking at the change log they have made a few changes to fix sessions and Stateless request tokens etc.

    Would you be upgrading this to work with 0.5.2? or should i downgrade to 0.5.1?


  41. Tim Canty

    I started afresh and gone back to 0.5.1 and still getting the same problem,

    I just keep getting Status: ERROR: No Roundcube installation found at ‘/rmail/’

    I’ve tried it with the domain name included, tried it under http and https. I just can’t figure out what i’m missing.

    Any pointers of things that i can try?


  42. Tim Canty

    Sorry to keep posting, i finaly craked it…

    The problem was with this line
    $host = ($port == 443) ? “ssl://localhost” : “localhost”;

    I changed localhost to the domain and now it works.

    cheers for all the hard work on the script :)


  43. Philipp C. Heckel

    Hey Tim,

    that’s weird. Is your RoundcubeLogin script on the same machine as the Roundcube installation? In my experience, it will not work, if they are on separate machines: because of the different IPs, this configuration is not possible.

    Did you test it with Roundcube 0.5.2 yet?

    Rgrds,
    Philipp


  44. D. Kuipers

    Hi Philipp,

    Thanks for the very usable script!

    I had the same problem as uzu and Tim Canty (server returns a 400 Bad Request).
    I changed
    $host = ($port == 443) ? “ssl://localhost” : “localhost”;
    to
    $host = (($port == 443) ? “ssl://” : “”) . $_SERVER[‘HTTP_HOST’];

    The problem can be found in the Apache logs:
    [error] Hostname localhost provided via SNI and hostname xxxxxx.xx provided via HTTP are different.
    It seems that the Server Name Indication feature found on servers which can host multiple secure virtual hosts ’causes’ this.

    Anyway, thanks for the script. It works like a charm with the minor change I made.


  45. Daniele

    Hi Philipp,
    your script sounds very promising but I can’t make it working.
    I set false to ip_check but when I try to login through rclogin.php script no error is shown but I have:
    Status: We’re NOT logged in.
    And the system give me the login page. I can’t understand it. Is there some php inizializzation issues (such as register_global)?

    Thank you
    Daniele


  46. nadj

    Hi I just want to thank you, everithing I looked for.
    And it works for me out of the box. :)


  47. Dany

    After upgrading PHP 5.2.x to 5.3.x

    ERROR: Technical problem, Unable to determine the login status. Unable to continue due to technical problems.


  48. Philipp C. Heckel

    I suppose I’ll have to test it with the newer versions at some point …
    Did you try running the rclogin.php script? Can you give me the output from there?


  49. MatBoy

    I get this error too, something seems to be changed in the new version. I hope we can fix this soon.

    Why not make a topic about this plugin @ www.roundcubeforum.net so everyone can add fixes ?


  50. MatBoy

    I have created a “support topic” @ the forum if people like this.

    http://www.roundcubeforum.net/7-third-party-contributions/25-old-style-plug-ins/8571-single-login-keep-updated-new-versions.html


  51. Dany

    $host = ($port == 443) ? “ssl://”.$_SERVER[‘HTTP_HOST’] : $_SERVER[‘HTTP_HOST’];
    (Tim Canty solution)

    Works with PHP 5.3.x and roundcube 0.5.3
    Tested only with https

    With localhost I have bad request errors with:
    Hostname localhost provided via SNI and hostname www.mydomain.com provided via HTTP are different

    When I tried to replace localhost with domain name I get:
    [Mon Jun 13 18:51:23 2011] [error] Hostname mydomain.com provided via SNI and hostname www.mydomain.com provided via HTTP are different

    So the best solution is HTTP_HOST, because www.domainname and domainname is not the same. But is not perfect, sometimes I get the login page and cant login, event with the right password dont know why.

    Thank You for Your script :)


  52. MatBoy

    Dany,

    I have tried your solution and my rclogin.php keeps loading forever.

    Cheers,

    Matt


  53. MatBoy

    OK, my loading was a quote error…. but I still get the RC version error .


  54. pascoli

    Thanks for sharing this great php script. I try to run them but i have some problems. I exaclty followed your description but I allway get an error. I tried to run your rclogin.php script for my roundcube v0.3.1.

    Status: ERROR: Unable to determine login-status due to technical problems.
    LOGIN STATUS UNKNOWN:
    Neither failure nor success. This maybe the case if no session ID was sent

    I tried also alle the tips in the comments written above.
    Any suggestions?

    LG pascoli


  55. pascoli

    Problem solved, i dont know what was the fault. After a reinstallation of RC erveythink worked fine.

    Thanks agian for sharin such a nics scirpt!

    Cheers, pascoli


  56. Stefan Weise

    Hey Philipp,

    can you give a hint on how to use your script with joomla cms? I bought a roundcube component but it doesn’t work, but I think your script is exactly what I need and nearly all the work is already done, but sadly I have no experience with PHP and Web Applicatios at all.. :(

    Thx in advance
    Stefan



  57. Bakhtiyor

    Greate job!
    Thanks a lot for your contribution in roundcube. I was looking forward to find a solution for autologin in 0.5.3 version of roundcube and your solution worked perfectly. I highly appreciate your help.
    Best regards,
    Bakhtiyor


  58. suneel kumar gerri

    dear philippi,
    i devoloped a site with phpfox. i want to integrate the webmail to it.it maybe round cube or hive mail
    or something else. is there any posiblity? if any chance pls give me the reply to my mail ID.


  59. Angel

    I have created a custom form and am trying to use this to process the login.

    $rcl->login($_POST[“_user”];, $_POST[“_pass”);

    I have Roundcube-0.5.3,1 and am getting “ERROR: Technical problem, Unable to determine the login status. Unable to continue due to technical problems.”


  60. Angel

    I have RC v0.5.3,1 and have not been able to get this to work, even with an unmodified rclogin.php. Any help would be appreciated.


  61. Bakhtiyor

    Hi everybody.

    A lot of thanks to Phillip. I would like to know whether somebody knows where to get this kind of autologin script for Roundcube version 0.6. As far as I understood and had tested this script doesn’t support Roundcube 0.6 yet.

    Thank you.


  62. Johannes

    Hi everybody,
    I am also interested in this script for the newest version of Roundcube. I get it almost to work, but RC displays a message, that the Session is not valid.
    Is there any chance that the script is modified soon?
    Anyway thanks to Philipp, it would be a great help.
    Thank you.


  63. Paolo

    Hi,

    me too i’ve problems with roundcube 0.6. It’s the same problem of Johannes.
    Please help-us!!!

    Best regards
    Paolo


  64. jluis

    Anyone know what changed in the last version that the script does not work


  65. David B

    It’s very simple custom login form — customize at yours needs. Tested RC 0.7

    add this code in your RC root folder

    get_request_token();

    ?>

    <input type="hidden" value="” name=”_token”>


  66. David B

    It’s very simple custom login form — customize at yours needs. Tested RC 0.7

    add this code in your RC root folder

    http://www.fileserve.com/file/H4TzZ3V/dologin.zip


  67. Tim Canty

    Anybody got this working for RC 0.6 or RC 0.7? As a few others has stated it says that the Session is not valid…

    It appears to login, but then complains about the session…

    I’ve tried the debug options, but unfortuently doesn’t help show anything that is wrong.

    Any Ideas?


  68. Luciano T.

    Script provided by Divid B. work only if you host the page on the same webserver of roundcube installation. How can work the script to install de script in the same webserver of a main site where you want to give access to webmail by filling the form on main site ? I’ m trying with remote include: but not working


  69. Jesus

    It doesn’t work with RC 0.7.1. It appears to do everything fine (get statsu, login and logout) but when it redirects to RC, it says that session is not valid.

    Any help? Thanks.



  70. Thomas Andersen

    Same problem here.. ” Your session is invalid or expired”



  71. Rohan

    I must agree, The script works fantastic again on the latest version of RC.

    Philipp, you have saved us all again!!!!


  72. Kyle

    Looks like it’s broken again for 0.8. I suspect this line in the changelog:

    – Deprecate $DB, $USER, $IMAP global variables, Use $RCMAIL instead

    Sucks because 0.8 has made a ton of improvements, but I am dead in the water without this script.


  73. Leonardo Castillo

    Greetings. Where I can get the script updated to version 0.7.2.?

    thanks


  74. Evgeny

    Hi!
    Thank you for plugin.
    It is strange, but on some hostings request to ‘localhost’ returns 404 error.

    If you met this, change lines in function sendRequest:

    $host = ($port == 443) ? “ssl://localhost” : “localhost”; (line 329)

    to

    $host = $_SERVER[‘HTTP_HOST’];

    if ($port == 443)
    $host = “ssl://$host”;


  75. Bikens

    Hi every body, i have this error by load the sample script:

    Your session is invalid or expired


  76. Bartek

    It worked but then I copied all my project files to server and it stopped with this error:

    ERROR: Technical problem, Unable to determine the login status. Unable to continue due to technical problems.
    REQUEST:

    GET /poczta/ HTTP/1.1
    Host: goomail.pl
    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.46 Safari/536.5
    Cookie: locale=en-US; psaContext=subscriptions; PHPSESSID=rd5v7lhui7migkfasj37q0a4d7; roundcube_sessid=6f87g1ecmphokke07c8npsvb41; __utma=229337482.1015233021.1338220097.1338220097.1338224949.2; __utmb=229337482.22.10.1338224949; __utmc=229337482; __utmz=229337482.1338220097.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
    Connection: close

    RESPONSE:
    HTTP/1.1 302 Found
    Date: Mon, 28 May 2012 18:20:03 GMT
    Server: Apache
    Expires: Mon, 28 May 2012 18:20:03 GMT
    Cache-Control: private, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Last-Modified: Mon, 28 May 2012 18:20:03 GMT
    X-DNS-Prefetch-Control: off
    Location: https://goomail.pl/poczta/
    Vary: Accept-Encoding
    X-Powered-By: PleskLin
    MS-Author-Via: DAV
    Content-Length: 0
    Connection: close
    Content-Type: text/html

    UNKNOWN LOGIN STATE:
    Unable to determine the login status. Did you change the RC version?


  77. charles

    Hello Philipp C. Heckel,

    Great script, and I have read every single comments, but I have two host, is there possibility to write a script for two host? I have a website on host1 with user’s registrated account in mysql1 , with name and password, and a roundcube on host2, the mail account creation is done by RC admin url, mail account in mysql2 on host2, I think if a script can grab the user name and password from mysql1, then use admin credential logon roundcube admin url to create a mail account on host2 mysql2, this should work, then I am not an expert on php in that level yet, please look into the possiblilty, since that would fit a broader demend.

    thank you very much!


  78. charles

    sorry,, I should make more accurate, I used the iRedmail with Roundcube client, the “RC admin” is iredadmin URL for creating mail account



  79. PowerM@ci

    Hi,

    I’ve tried the script but i got error (after reinstalling RC too ):

    Status: ERROR: Unable to determine login-status due to technical problems.
    LOGIN STATUS UNKNOWN:

    Neither failure nor success. This maybe the case if no session ID was sent

    Rc 0.72
    latest script
    $rcmail_config[‘ip_check’] = false;

    Whats wrong?


  80. PowerM@ci

    What does it mean?

    LOGIN STATUS UNKNOWN:
    Neither failure nor success. This maybe the case if no session ID was sent


  81. Bhargav Pandya

    Thank god you have this leave reply option on your site…

    Comming back to autologin
    I have copied your class to the root of roundcube installation and coping the login file also there. Modified and inserted username and passwords .. When i go to http://mydomain/rcube/rclogin.php .. it does nothing .. Just trying to open the page and then 500 internal server error…

    I am using rcube on Windows platform (IIS) with hmailserver..

    Regards


  82. Michael

    Hi,

    I have the “Unable to determine the login status. Did you change the RC version?” probleme. What can i do? Her we are the adresse of the script:
    http://webmail.boosteurs.fr/rclogin.php

    Thank you,

    Michael


  83. Dany

    Not working with 0.8 stable :\

    Err: Your session is invalid or expired



  84. Bruno Wacemberg

    What about the new roundcube version? (0.8)
    It’s not working here! Anyone else has the same problem?


  85. Alberto

    Hi, I found the follow bug:

    If you access to the script by https (I have to do it on this way because I have forced http to https pretitions in my server), the script configures $port and $host to 443 and ssl://localhost, but it’s not enough, the response is a bad request, I think it’s because you have to modify or encode the request in https petitions, but I’m not sure and I haven’t enough knowledge to fix it.

    My solution has been accept http requests, and force port to 80 and host to localhost in the php class. This allows me to use https://mydomain/rclogin.php without the bad request error but the script login my by http internal request, and the login works at https domain too.

    I hope to help and sorry about my english, which I suppose that isn’t too much fine :D


  86. Julien

    Hey Philipp,

    It seems I get the “No Roundcube installation found at ” message when setting up the plugin in owncloud 4.0.7, would you know what causes this?
    From your troubleshooting section I gather the constructor is somehow wrong, but inputting it manually doesn’t seem to fix the problem.
    Moreover, there is no access attempt when looking at the apache logs.

    Would you have an idea where I should look next?

    Thank you in advance!


  87. Andrew

    This plugin worked for me on v0.81
    http://lists.roundcube.net/pipermail/users/2012-March/008369.html


  88. Roger

    Hello

    Please add new argoman to loginb method named ‘host’ that we can set smtp_host


  89. Matt Smith

    Thank you for the script. I have this working with RoundCube 8.1. I was getting some strange error messages. What I found was that because I was running on a non standard SSL port, it would not work properly. On lines 327 and 328 I re-wrote the code as follows:

    From:
    $port = ($_SERVER[‘HTTPS’]) ? 443 : 80;
    $host = ($port == 443) ? “ssl://localhost” : “localhost”;

    To:
    $port = ($_SERVER[‘HTTPS’]) ? $_SERVER[‘SERVER_PORT’] : 80;
    $host = ($_SERVER[‘HTTPS’]) ? “ssl://”.$_SERVER[‘SSL_TLS_SNI’] : “localhost”;

    This was a better option for me, because it made it dynamic.


  90. PRISMA Computer GmbH

    Grüße aus Heidelberg!

    Thanks for the script. It works good for a simple infrastructure. But I had to make some backward compliant changes to the class to enable access to a remote RoundCube-Server, optionally also with http-authentication before RoundCube-Login. If you’re interested in the code, write my a mail…

    Gregor


  91. Aaron

    I have got this working with the rclogin ( It says it’s loged in and stuff) But I’m getting Errors on redirect and it’s not logged in.. (if i go to the roundcube directory manually)

    is this because my setup does not have the roundcube directory in the same directory as my application?

    (I use seperate Clients and webmail@domain.com and not domain.com/webmail/)


  92. Tymon

    Is it possible to use it with subdomain?

    eg. main page named page.localhost will call mail.localhost?


  93. Reznor

    Seems to still work on 0.9.0 version

    Remind me to buy you a beer next time I come in Germany :p


  94. Philipp C. Heckel

    Tymon, it must be the same domain, since RC sets the cookies that way.

    Reznor, good to hear. Feel free to send beer if you like :-D


  95. Kristian

    Hi,
    For some reason I can’t get this to work with RC 8.6.
    http://envisionenglish.com.br/intranet/test.php
    Status: ERROR: Unable to determine the login status. Unable to continue due to technical problems.
    Unable to determine the login status. Did you change the RC version?

    Already set the ip_check to false..:
    $rcmail_config[‘ip_check’] = false;


  96. Kristian

    I should probably have mentioned that I run a virtualmin server, my login is username.domain.
    The thing that caught my eye is that I get a HTTP/1.1 400 Bad Request.
    if you need any further info, just let me know.. .I could really use this script and would appreciate your help immensely.


  97. Philipp C. Heckel

    Bad request means that the HTTP request is malformated. That could be the case if the given path is wrong, so for example if you do $rcl = new RoundcubeLogin(“”); instead of $rcl = new RoundcubeLogin(“/”);

    Try to dump the debug stack to see the HTTP request: $rcl->dumpDebugStack(); exit;


  98. Kristian

    Yeah.. I’m using the rclogin.php (although i renamed it to test.php for no real reason) so I already have that info, you can see for yourself here:
    http://envisionenglish.com.br/intranet/test.php

    but essentially the request is:
    GET ./webmail/ HTTP/1.1
    Host: envisionenglish.com.br
    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.94 Safari/537.36
    Cookie: language=pt-br; _ga=1.3.177800087.1368448083
    Connection: close

    It’s finding the installation alright, so how can it be the path?


  99. Philipp C. Heckel

    “./webmail/” is not the path part of the URL which is what the parameter of the RoundcubeLogin-constructor needs to be. So if your RC URL is http://example.com/mywebmail/, the constructor must be

    $rcl = new RoundcubeLogin(“/mywebmail/”);

    Not: $rcl = new RoundcubeLogin(“./mywebmail/”);
    Not: $rcl = new RoundcubeLogin(“/mywebmail”);
    Not: $rcl = new RoundcubeLogin(“mywebmail/”);
    Not: $rcl = new RoundcubeLogin(“mywebmail”);

    In your case probably:
    $rcl = new RoundcubeLogin(“/webmail/”);

    Or:
    $rcl = new RoundcubeLogin(“/intranet/webmail/”);


  100. Kristian

    Yeah, tried that… but then it doesn’t work..
    But wait.. My intranet and roundcube MUST be in the same directory? I though it was only domain?


  101. Philipp C. Heckel

    It must not be in the same directory. At least I think it doesn’t. It seems your server sends a 404 not found even though the RC installation is there. It might be that fsockopen is disabled on your server.

    It’s really hard to diagnose from here. Try installing Firebug and monitor the network traffic in the “Net” tab. Sorry I can’t help any further.


  102. Kristian

    Thanks for trying though..
    When I change to /webmail/ (as it should be) this is the error in the apache logs:
    [Tue May 28 20:30:02 2013] [error] [client 127.0.0.1] File does not exist: /var/www/webmail
    seems like it’s looking in an entirely wrong place… should look here:
    /home/envisionenglish/public_html/webmail


  103. Kristian

    Ok.. I actually managed to solve that using a symbolic link and I’m getting a proper response..
    Thanks for the help :)


  104. Manuel Pardo

    I’m trying to work with version 0.9.1 .
    The script can login ant it seems to work.

    But when It redirects to roundcube index, no message appear, just the normal login. So I need to put the credentials again.

    Does it work with version 0.9.1 ?


  105. Manuel Pardo

    It’s working with 0.9.1 too.

    I have one server www and another server webmail
    I was running these scripts in www server trying to access roundcube in the second server webmail.
    Maybe the cookies or session wasn’t valid because the script runs in different severs.

    I put the script in the same server webmail within roundcube.
    Now it’s running perfectly


  106. Muhammad Talal

    I am trying this script with 0.9.1 version of round cube
    the first change which i did is as I am allwoing users to login to round cube from any email addreses so in login function i did modification and I am also providing _host variable
    but I am aving problem its redirecting me to roundcube home page but its not logging me in

    Please Help!!


  107. Philipp C. Heckel

    Hi Muhammad, I’m on vacation right now so I unfortunately cannot help you. I’ll be back in a week. Please let me know if you have or have not solved the problem by then. Cheers, Philipp


  108. Coke

    Hi,
    I’m expericing a similar problem than someone in a previous post but I cannot get the script working.
    THe url to roundcube is: http://localhost:8080/JavaBridgeTemplate621/roundcubemail

    so if in my request I have: get localhost:8080/JavaBridgeTemplate621/roundcubemail
    the error is: Unable to determine the login status. Unable to continue due to technical problems.

    If I put: get /JavaBridgeTemplate621/roundcubemail/(I thought this was the correct one) then it cannot find Roundcube.
    Error: No Roundcube installation found at ‘./JavaBridgeTemplate621/roundcubemail/

    Any ideas?
    My roundcuber version is 0.9.2

    Thanks in advance.



  109. Coke

    Same thing: No Roundcube installation found at ‘/JavaBridgeTemplate621/roundcubemail/
    Only if I put “localhost:8080/JavaBridgeTemplate621/roundcubemail” seems to find my installation but then I get the Unable to determine the login status message.


  110. Philipp C. Heckel

    Have you tried the rclogin.php script to test everything. I cannot help you if I do not have the output of that script. You can post it on nopaste.info or something. But remove your password from the output first!


  111. Coke

    This is what I get using the rclogin.php:

    1. using localhost:8080/JavaBridgeTemplate621/roundcubemail:
    http://nopaste.info/858e6b2eb7.html

    2. using /JavaBridgeTemplate621/roundcubemail:
    http://nopaste.info/9c808b51b4.html

    Thanks.


  112. Philipp C. Heckel

    The second one is way better. The problem is the port. Apparently I didn’t expect anyone to use non-standard ports. I’ll adjust this in a bit. until then, you can manually override this in the script:

    Simply adjust this line: $port = ($_SERVER[‘HTTPS’]) ? 443 : 80;
    to: $port = ($_SERVER[‘HTTPS’]) ? 443 : 8080;

    Ugly, I know.


  113. Coke

    It’s not ugly honestly, you did an amazing job with this script. It’s working now. I’m using Tomcat not Apache (long story) that’s why I use the 8080 port. Many many thanks for this and for replaying so fast.

    Take care.



  114. Monty2kx

    In fact i receive some :

    PHP Warning: feof() expects parameter 1 to be resource, boolean given in /my_path/RoundcubeLogin.class.php on line 381

    When i’m attempt to login in https. No problem in http.

    I have seen some : private function sendRequest($path, $postData = false) {
    326 $method = (!$postData) ? “GET” : “POST”;
    327 $port = ($_SERVER[‘HTTPS’]) ? 443 : 80;
    328 $host = ($port == 443) ? “ssl://localhost” : “localhost”;

    But i don’t really understand.

    Maybe change localhost by my servername ?

    Thank a lot


  115. Paul K Sosthenes

    Any Help please, Be cause the script bring this Error

    Status: ERROR: No Roundcube installation found at ‘/barua/’
    Status – Login – Logout

    REQUEST:

    GET /barua/ HTTP/1.1
    Host: www.kurayangu.net
    User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:23.0) Gecko/20100101 Firefox/23.0
    Cookie: PHPSESSID=4b4b43fccea713e5c6c137de610f8222; cprelogin=no; cpsession=kurayang:5PxorLzqaL4W8r1AOTaqQOJSlWQblZwwY53h4ny5zR0PrjPMn8797jMCoKXRgP0g; langedit=; lang=
    Connection: close



  116. Michée

    Hello,

    I use your class to achieve autologin via owncloud. I created my own app for that because the owncloud app has some features I am not interrested in.

    I have a question concerning sessionning. Is there a way to make owncloud and roundcube use the same php session. I use memcache to store the sessions.

    I tried to modify roundcube to achieve it without any success. It always destroy the owncloud session values.


  117. Philipp C. Heckel

    I have not used owncloud so far, so I cannot definitively answer your question. However, I do not believe that you can modify the two applications to use the exact same session variables — without many code changes and lots of hassle. The session of each application stores multiple application specific attributes and is only identified by the session id. Using the same session – as you say – would mean to create a roundcube session (and performing the RC session-starting stuff) and an owncloud session in one operation… I don’t really know. I’m just spit-balling here :-D

    If I were you, I’d probably try to hook into the RC/ownCloud login/logout mechanisms and login/logout the other application respectively: So if RC is logged in, you want something like callback_rc_login() to be called in which you then login to owncloud, … and the other way round of course.

    I hope this helps a little. Let me know if you figure something out. :-D


  118. Michée

    Thanks. I finally gave out the idea of unifying sessions. I just plugged the hooks for login and logout together. I added a new parameter in the login function to pass the “keep me logged in” between rc and oc.

    The “keep me logged in” is provided by the rc remember_login plugin.


  119. Philipp C. Heckel

    Thanks for sharing this information. Please let me know if you would like to publish your solution here. Maybe in a separate post. :-D


  120. Michée

    My solution is very simple:

    — public function login($username,$password) {

    ++ public function login($username,$password,$remember) {

    — . “_task=login&_action=login&_timezone=1&_dstactive=1&_url=&_user=”.urlencode($username).”&_pass=”.urlencode($password);

    ++ . “_task=login&_action=login&_timezone=1&_dstactive=1&_url=&_user=”.urlencode($username).”&_pass=”.urlencode($password).”&_ifpl=”.urlencode($remember);

    Of course the plugin remember_login has to be enabled in RC. $remember has for value 1 to accept and any other integer to reject.


  121. DustinT

    Hello,

    first of all, thanks for this plugin. Unfortunately, it won’t work for me but I don’t know why. When I try to perform the auto login, the webpages of my server seem to loop forever and I cannot access any page unless I clear the browser cookies.

    The files are listed as follows:
    /mail
    /mail/RoundcubeLogin.class.php
    /mail/rclogin.php

    I added this piece of code to one file located at “/”:

    include “mail/RoundcubeLogin.class.php”;
    $rcl = new RoundcubeLogin(“/mail/”, $debug);

    try {
    # If we are already logged in, simply redirect
    if ($rcl->isLoggedIn())
    $rcl->redirect();

    # If not, try to login and simply redirect on success
    $rcl->login($mylogin, $mypass);

    if ($rcl->isLoggedIn())
    $rcl->redirect();

    # If the login fails, display an error message
    die(“ERROR: Login failed due to a wrong user/pass combination.”);
    }
    catch (RoundcubeLoginException $ex) {
    echo “ERROR: Technical problem, “.$ex->getMessage();
    $rcl->dumpDebugStack(); exit;
    }

    When this piece of code is called, I cannot access any file on server any more. Do you know why?

    Thanks :)


  122. DustinT

    Oh sorry, I solved my problem. There was a double line in a file that messed up the code…



  123. skyice

    Hello,

    I have a problem :

    i get this into the debug :

    RESPONSE:

    HTTP/1.1 400 Bad Request
    Date: Mon, 22 Jul 2013 09:53:49 GMT
    Server: Apache/2.2.22 (Debian)
    Vary: Accept-Encoding
    Content-Length: 312
    Connection: close
    Content-Type: text/html; charset=iso-8859-1

    400 Bad Request

    Bad Request
    Your browser sent a request that this server could not understand.

    Apache/2.2.22 (Debian) Server at xxxxxx 443

    UNKNOWN LOGIN STATE:

    Unable to determine the login status. Did you change the RC version?

    Thanks.


  124. Philipp C. Heckel

    The server line indicates that you are using the class on an installation on HTTPS (port 443). I have noticed that there are increasing complains about HTTPS-installations throwing errors. I have not yet had the time to investigate. However, I’ll put some time into it as soon as possible.

    Check out the other postings, maybe there already is a solution. Sorry that I cannot help right away.



  125. skyice

    Thanks but didn’t work for me :

    ERROR: Login failed due to a wrong user/pass combination.


  126. Philipp C. Heckel

    I think the error says it all. :-D
    Are you using the default skin? The script parses the output and might not work if a very intrusive skin is used.



  127. Philipp C. Heckel

    Sorry, but seeing that this is the default skin and the same skin I used for testing, I see no reason why there should be a problem with the script. Please check your credentials.


  128. skyice

    With the debug :

    Status: We’re NOT logged in.

    But i’m logged …


  129. Philipp C. Heckel

    Please upload the whole output of the rclogin.php?action=login call on http://nopaste.info and post the link here.

    Make sure to REMOVE YOUR PASSWORD and ANY PERSONAL INFORMATIOn from the output before you post it!


  130. skyice

    Ok, sorry I have found the problem : I use webmail.mydomain but in your script it /webmail/ when I log in /webmail/ it work… Any way to use webmail.mydomain ?

    Thanks.


  131. Philipp C. Heckel

    No. the script must be on the same hostname, because the script passes the cookies through. It cannot set cookies on a different domain and it cannot alter the scope of the cookies because then Roundcube would not detect them. The script could be in a different folder, not on a separate hostname though …




  132. Monty

    I note one issue for the password with special chars like (é è …) the class say that the login is incorrect. I have a perdition imap proxy in front-end if it can help.

    Thank a lot




  133. Henry Jennings

    Hey, I am getting this problem, what is going on?

    Warning: Cannot modify header information – headers already sent by (output started at …/roundcubelogin.class.php:398) in …/roundcubelogin.class.php on line 351

    Warning: Cannot modify header information – headers already sent by (output started at …/roundcubelogin.class.php:398) in …/roundcubelogin.class.php on line 351
    – See more at: http://blog.philippheckel.com/2008/05/16/roundcube-login-via-php-script/#sthash.GIrKyGDr.dpuf



  134. Basweshwar

    Dear Philipp C. Heckel sir,
    we use roundcube letest version 0.9.2,
    how to redirect roundcube login bye another php page,actuly we use
    a diffirant login page.
    Please healp me..


  135. Philipp C. Heckel

    @Basweshwar: Do you have any more information? If you’re using a different login page the script won’t work. The regular page must be there, because the regular expressions parse the login page HTML.


  136. Robert

    Hello Philipp,

    Could you tell me If you had chance to integrate your script with an iframe? Because with the exapmle script I am able to connect me to the roundcube, but afterwards I am not sure how to use it in iframe, because it displays just blank layer of iframe.

    Thanks for any tips,
    Robert


  137. Philipp C. Heckel

    Hi Robert,

    the easiest way is store the user credentials in the session ($_SESSION[‘username’], ..) after your own web frontend login and to embed an iframe with the attribute src=”rclogin.php”. The rclogin-script could then get the credentials from the session and do something like this: $rcl->login($_SESSION[‘username’], …)

    Hope this helps,
    Philipp


  138. Robert

    It works great, thanks for the tip! :) And have a good day Philipp!


  139. Monty

    Hi Philipp,

    Any news about my problem with specials chars in the password ?

    Thank a lot

    Regards


  140. Paul Sosthenes Kilyabum

    Thanks, The script is working. and i’m real happy with it.


  141. Tamas

    Hi Phillip,
    Trying to make it work with 0.9.3, my main observation is that it won’t work if I’m running it on a different host than RC:
    – the redirect() routine doesn’t even try to use the hostname,
    – and the cookie gets installed in my browser with the hostname of the script-running server, not the RC server, so it won’t accept it. (I’m running the script on localhost while RC is on a nice full .com).
    Or quite possibly I’m doing something very wrong here?

    Cheers,
    Tamas


  142. Philipp C. Heckel

    Hello Tamas,

    to the best of my knowledge, there is no way to perform a login on Roundcube and pass on the session cookies to the browser if the script runs on a different host. The cookies (as you observed correctly) are set to the script-running server :-)

    As the post says in the setHostname()-description: “Note that the hostname must point to the local machine. It does not work for remote machines.”. This method only works around some SSL issues (see comments above).

    Best
    Philipp


  143. Monty2kx

    Hi Phillipp,

    I am sorry but have you any idea about my encountered problem.
    Some users can’t connect throught the form if their password contain special char.

    Do you have some ideas ? Thank a lot


  144. Monty

    Ok I just add an “utf8_encode” on the password var in my login form.
    It work perfectly.

    Thanks again.


  145. Skumar

    Hey Phillipp,
    Thanks for the nice script. But I want to login into roundcube from my drupal site. Is it possible to login through curl or is there any other way to login? I mean if I login into my site It should autologin on roundcube.


  146. Jozef

    Hi Philipp.
    Is there any way to detect which user is currently logged in? I have two users for my roundcube instalation .. and your script work perfectly (thanks :)) .. but I know only that there is one of these users connected, but I dont know which one.
    Thanks a lot for any idea..


  147. Jon

    I added a “_host” parameter to the login function for my own purposes. You should consider that too.

    I store a database of employees and they may not all be logging into the same mail server. Roundcube allows this as the _host parameter on the login form.

    For some reason, I couldn’t get “localhost” to work where it was hardcoded in the script. I was able to replace it with $_SERVER[‘HTTP_HOST’], which my server resolves to itself just fine. I’m sure it’s my server config.

    Thanks for the script, it saved me a lot of time today.

    @Skumar: This will only work if your blog (Drupal) and your roundcube install are on the same domain. This script works by setting cookies and your blog can only set cookies for its own domain, so as long as it’s the same domain as your roundcube install, it’ll be fine.


  148. Arun

    Can this script work for rc version 0.9.5. Because by using this script i am getting 500 Internal Server Error for the script page only.


  149. Hilbert

    Wired error..
    Notice: Undefined index: roundcube_sessauth in /home/User/domains/Domain/public_html/site/RoundcubeLogin.class.php on line 345 Notice: Undefined index: roundcube_sessauth in /home/User/domains/Domain/public_html/site/RoundcubeLogin.class.php on line 446
    REQUEST:

    GET ../ HTTP/1.1
    Host: Domain
    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36
    Cookie: roundcube_sessid=qu3pvlm2ee42todm2si7448rm3; mailviewsplitterv=226; prefviewsplitter=266; identviewsplitter=266
    Connection: close

    RESPONSE:
    HTTP/1.1 400 Bad Request
    Date: Sun, 01 Dec 2013 14:11:59 GMT
    Server: Apache/2
    Content-Length: 416
    Connection: close
    Content-Type: text/html; charset=iso-8859-1

    400 Bad Request

    Bad Request
    Your browser sent a request that this server could not understand.

    Additionally, a 404 Not Found
    error was encountered while trying to use an ErrorDocument to handle the request.

    Apache/2 Server at mailer.hilbertk.nl Port 443

    UNKNOWN LOGIN STATE:
    Unable to determine the login status. Did you change the RC version?

    Do you have the solution?!


  150. Lalit

    Thanks very much for the class you made. Its really awesome.

    Somehow its not working for me, here is the debug response:
    ————————————————————————–
    REQUEST:
    GET /mail/ HTTP/1.1
    Host: mx.mail6g.com
    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
    Cookie: roundcube_sessid=n7aojmv5tr9b8hcpes8qj27qc3
    Connection: close

    RESPONSE:
    HTTP/1.1 302 Found
    Date: Mon, 23 Dec 2013 19:51:01 GMT
    Server: Apache
    Expires: Mon, 23 Dec 2013 19:51:01 GMT
    Cache-Control: private, no-cache, no-store, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Last-Modified: Mon, 23 Dec 2013 19:51:01 GMT
    X-DNS-Prefetch-Control: off
    Location: https://mx.mail6g.com/mail/
    Content-Length: 0
    Connection: close
    Content-Type: text/html; charset=UTF-8

    UNKNOWN LOGIN STATE:
    Unable to determine the login status. Did you change the RC version?

    —————————————————————————

    Thanks in Advance.



  151. Jeremy

    Hi Philipp

    Thanks for sharing the code. I was just wondering, if this code will still work if my RC is a part of my server’s cPanel ?

    Thanks again
    Jeremy



  152. Gissinger

    Hello,
    your plugin is very good, but I have slowness issues with some of my users having a very large number of mail folders.

    To give an approximation with /rdc index page :
    – my own mailbox index is about 35ko for 440 lines
    – the (worst) user mailbox index is about 350ko for 2200 lines

    Your plugin does 5 preg_match on the mailbox index and take about 8 seconds to execute for this user whereas my mailbox is parsed in less than 1 second.
    I tried other chunk sizes but the best execution time is about 5sec for 512 bytes chunk size.

    Thanks,
    Seb


  153. Philipp C. Heckel

    Interesting. I didn’t know that the plugin was in use for such big mailboxes. Obviously I cannot test this; however, it might be possible to replace some of the GET requests with HEAD requests, because only the HTTP headers are parsed. If you want, you can modify the sendRequest() method to also support HEAD, not only GET/POST; and then modify the calls to this method in the script. Tell me how it goes.


  154. Gissinger

    Ok,
    I just tried, but HEAD request does not reply with cookies and it seems that lastToken property is retrieved from inner HTML.


  155. Philipp C. Heckel

    Hm. Not so easy to quickly implement, but the best option for you would be to only read the page until you’ve found the matching line; and then simply break the connection.

    That would mean you’d have to change the sendRequest method and include a test in the “while (!feof($fp)) { .. }”. I’d probably do it with a callback method in sendRequest.


  156. Gissinger

    ok,
    I succeed too improve performances, but I removed updateLoginStatus() and isLoggedIn() methods which were called very often. I also modified login() and sendRequest() methods a little.


  157. monty2kx

    Hello Philipp,

    The class seem not work with the Roundcube 1.0 RC :(
    Have you had a chance to test it ?

    Regards



  158. monkey_logic

    Philipp,

    The closest I can come to get this working gives me the following response. Any Idea what I am doing wrong?

    RESPONSE:
    * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
    GET BAD Error in IMAP command received by server.
    Host: BAD Error in IMAP command received by server.
    * BYE Too many invalid IMAP commands.

    Thanks.



  159. Brad

    Thank you very much for your work on this!! I greatly appreciate it. I wish to add, that I discovered, this will not work with the bruteforcebreaker plugin on Debian Roundcube 8.2. Just an FYI. I’ll figure out another work around for that!! Your work is AWESOME!!


  160. Asim Patra

    Hi Philipp,
    I was tried login with you script,but its not works for me plz help me.When i run this page its get this output:
    Status: We’re NOT logged in.
    Status – Login – Logout
    REQUEST:
    GET /localblue/admin/scriptgiantmail/ HTTP/1.1
    Host: localhost
    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36
    Cookie: PHPSESSID=u2l276bk9u98cutocst5mk8jt5; roundcube_sessid=1jedujc2i76h8rd1cr4u2kb9r5; mailviewsplitterv=226
    Connection: close


  161. Ernie

    RoundcubeLogin appears to be working badly with Roundcube 0.9.5 and up, using PHP 5.4.4. Your example script reports that the login works, but if I click the Status link immediately after login, it says I’m *not* logged in.

    This appears to be related to another issue that we’re having with the autologin plugin, where people have to “log in twice”, once through the PHP login form on our website, then again at the proper Roundcube login page. Our page at https://webmail.lightspeed.ca/roundcube works the first time, but nobody bookmarks it.


  162. Guilherme Nascimento

    Hi Philipp,

    your code not work for me (my roundcube version is 1.0.1),

    I create an code: https://github.com/brcontainer/roundcube-login

    Work in localhost, but in my server not work, you can update your code or help me with my code?

    Thanks!


  163. Antony

    Hi Philipp,

    Similar issue to Earnie: actual script throws error. Degub script indicates “Status: We are logged in!”. But then subsequent click on “status” gives “ERROR: Unable to determine the login status…”

    If it helps: on debug “logout”, then click “status” gives correct message: “We’re not logged in”

    When debug login indicates success, html dump below is actually for login page, where I expected to see a logged-in “mail” page html. But I see that after clicking “status” which throws the error, I see html below is of actual logged-in “mail” page (much larger dump). Indicates that for an instant, it was indeed logged in.

    My set up is rc 1.0.1, script and class are located on the same server as rc.


  164. Antony

    Hi,

    As follow up research to previous post, newer roundcube versions have config.inc.php in place of main.inc.php, and therefore don’t seem to have ip_check toggle. I added it anyway, but I still get error when clicking status after debug says we’re logged in.

    Certainly appreciate all the work that you put into this script over the years!



  165. Oszo

    Hi Philipp,
    Thank you very much about this script. It reduces the develop time significantly.


  166. Krishman

    I tried this code for an application developed in laravel.
    showed error like this:
    {“error”:{“type”:”ErrorException”,”message”:”Undefined index: roundcube_sessauth”,”file”:”C:\\xampp\\htdocs\\intranet_main\\app\\controllers\\RoundcubeLogin.class.php”,”line”:344}}


  167. Nicolas BADIA

    Hi guys,
    I upgraded from 0.9 to 1.2 and were having issues. After some digging, I find out it was because of the regex which check if the user is logged in (preg_match(‘/<div.+id="message"/mi',$response)).
    A quick fix is to simply remove it.



  168. Mikhail

    how cen I set app, automatic aplouding of the incoming mail, after log in?


  169. Dmitriy

    Thank you for the script, it works great. One point in the login function on line 250 the variable $ line is not defined. It does not seem to interfere. But it is possible unexpected behavior.



  170. Max Kostikov

    Hint for latest RC version: replace string “message” in
    } else if (preg_match(‘/<div.+id="message"/mi', $response))
    to "messagestack"


  171. Max Kostikov

    Also I recommend to add “User-Agent” in HTTP request string for RC language autodetection.
    Here is example for GET method:
    $request = “GET ” . $path . ” HTTP/1.1\r\n” . “Host: ” . $_SERVER[‘HTTP_HOST’] . “\r\n” . “User-Agent: ” . $_SERVER[‘HTTP_USER_AGENT’] . “\r\n” . “Accept-Language: ” . $_SERVER[‘HTTP_ACCEPT_LANGUAGE’] . “\r\n” . $cookies . “Connection: close\r\n\r\n”;


  172. MRC

    Hi Philipp, thanks for the great guide. There are not so many guides about Round Cube on the net.

    I’ve been using Round Cube with the default settings since 2012 and everything worked perfect until today when it decided to not let anybody log in through the WebMail interface.

    FireFox says “This page isn’t redirecting properly / This might be caused by your browser not accepting third party cookies” . Google Chrome says “TOO MANY REDIRECTS” .

    The thing is that since 2012 nobody had done any modifications or updates on the website so I have no idea what to do. A Google search on the matter hardly finds any previous talks on the issue.

    I’ve set up Google Chrome to accept the 3rd party cookies, but to no avail.

    I find it amazing that this can suddenly happen without anybody modifying anything.

    Do you have any suggestion ?

    Thanks in advance!


  173. Matthias

    Hey there,

    your script works great, thanks for your work :)

    But i have a small problem, may you can help me.

    On the local server the script works really great, but know i want to try to combinate one site login with rc.

    So on one server the user login and in the background, the username and passwort will be send to the server with roundcube to make the login and when the user opens the rouncube page, he is still loggedin.

    Do you have a idea, how to do this?

    Many greetings,
    Matthias


  174. Latha

    I am little confused how to start roundcube integration in my website can anyone help me please.It will be very helpful for me.Thanks in Advance.



  175. mike

    hello thanks for you idea!
    i have a question .
    in file RoundcubeLogin.class.php have code like this :
    //
    else if (preg_match(‘/addDebug(“LOGGED IN”, “Detected that we’re logged in.”);
    $this->rcLoginStatus = 1;
    }
    //
    can this check login statues? if can please tell me how ?


  176. mohammad

    Hi, thank you for this nice tutorial .
    I’m wondering if there are any way to retrieve all of the inbox’s mail from roundcube mail server ?
    I have made a webApp and I just want to show the emails into a single page is there are any way any plugin ?

    Thank you, for any help .


  177. MD Danish

    Thanks for sharing this great article!!! This article helped a lot & Thanks Again!

    I am able to login successfully via GET, POST & AJAX.
    Is it possible to not show the password as a plain text while posting via AJAX? I tried to pass the encrypted password hash exactly as it is in mailbox table but it didn’t works!!!


  178. Ogier Schelvis

    @MD Danish
    That shouldn’t be a problem as long as you send it over HTTPS


  179. Michael

    Hi,
    I download roundcube version 0.9.2, allow cookies, username & pswd is correct but still show errors.