Roundcube login via PHP script
Posted in Programming on May 16th, 2008 by Philipp C. Heckel – 41 CommentsRoundcube is an AJAX/PHP based e-mail application which is really flexible and easy to use in comparison to other free web based solutions.
For the customer interface of Silversun, I wanted to use RC as the internal web mail application and therefore had to embed it into my system. To avoid that the customer has to log in twice (customer interface and Roundcube), I had to simulate the login request with a PHP script.
Update Nov/08:
After the comment of Matias, I reviewed the code and fixed some issues. Now it should work properly even with the newest Roundcube version (0.2-beta). The class file itself contains installation instructions. Please read them carefully.
Update Mar/09:
Just tested the script with version 0.2.1 and it works like a charm, at least for my installation.
Update Dec/09:
Diego just confirmed (via e-mail) that the script also works for 0.3.1 without modification.
Update May/10:
I just tested the scripts with Roundcube 0.4-beta, and it still works without modification. I also added the section Debugging make it easier to figure out what’s wrong.
Prepare RC
To perform the Roundcube login via a web site, it is necessary to turn off the check_ip/ip_check option in the main.inc.php file, because our script (= server IP address) will send the login data and pass it to RC instead of the user’s browser (= user IP address).
The RoundcubeLogin class
This small class only consists of four functions and it shouldn’t be necessary to modify it in order to get the login to work.
- RoundcubeLogin.class.php
Provides the functionality to login, logout and check the login status. - rclogin.php
A small script to test if everything works as expected.
The class provides four public methods:
-
login($username, $password)
Perform a login to the Roundcube mail system.
Note: If the client is already logged in, the script will re-login the user (logout/login). To prevent this behaviour, use the isLoggedIn()-function.
Returns: TRUE if the login suceeds, FALSE if the user/pass-combination is wrong
Throws: May throw a RoundcubeLoginException if Roundcube sends an unexpected answer (that might happen if a new Roundcube version behaves differently) -
isLoggedIn()
Checks whether the client/browser is logged in and has a valid Roundcube session.
Returns: TRUE if the user is logged in, FALSE otherwise.
Throws: May also throw a RoundcubeLoginException (see above). -
logout()
Performs a logout on the current Roundcube session.
Returns: TRUE if the logout was a success, FALSE otherwise.
Throws: May also throw a RoundcubeLoginException (see above). -
redirect()
Simply redirects to Roundcube.
Sample usage
The script below demonstrates how the class can be used. If the client is already logged in, it simply redirects the browser to the Roundcube application. If not, it performs a login and then redirects to Roundcube.
<?php include "RoundcubeLogin.class.php"; # Create RC login object. # Note: The first parameter is the URL-path of the RC inst., # NOT the file-system path # e.g. http://host.com/path/to/roundcube/ --> "/path/to/roundcube" $rcl = new RoundcubeLogin("/roundcube/", $debug); try { # If we are already logged in, simply redirect if ($rcl->isLoggedIn()) $rcl->redirect(); # If not, try to login and simply redirect on success $rcl->login("some-email-address", "plain-text-password"); if ($rcl->isLoggedIn()) $rcl->redirect(); # If the login fails, display an error message die("ERROR: Login failed due to a wrong user/pass combination."); } catch (RoundcubeLoginException $ex) { echo "ERROR: Technical problem, ".$ex->getMessage(); $rcl->dumpDebugStack(); exit; } ?>
Debugging
If you’re having problems with the RoundcubeLogin.class.php class itself, try using the rclogin.php-file for debugging: open the file in your browser (http://myhost/roundcube/rclogin.php), and take a look at the output. The RoundcubeLogin-class performs a series of request/response cycles and parses the output to figure out if you’re logged in.
Known issues:
- No Roundcube installation found at ‘…’
This error message is thrown if the path-value in the RoundcubeLogin constructur was not set correctly. It must be set to the part of the URL that represents the path, e.g. in case of http://myhost/roundcube/ you must create the object like this:$rcl = new RoundcubeLogin("/roundcube/");
- Unable to determine login-status due to technical problems.
This error can occur in the methods login(), logout() and isLoggedIn(). The RoundcubeLogin-class expects Roundcube to send certain headers in response to the login/logout-requests. If those headers could not be found, this error is thrown. Possible reasons are:- New RC version
- Cookies must be enabled
- ip_check/check_ip option in the main.inc.php must be false
- Unable to determine the login status. Unable to continue due to technical problems.
This error occurs if the script cannot determine if you are logged in or not, because the returned HTML code neither contains the login-form (= logged out) nor the message DIV (= logged in). This might happen if Roundcube changed the HTML-code.
I’m open for suggestions
Please feel free to post your comment or suggestions. That’s the only way to ensure that it works with all versions.
hey! thanks for sharing…I couldn’t make it work, I get errors on this lines:
header($line); (line 89 of the class)
and:
header(“Location: /mypath/rc”);
the success var contains a 1, so I guess the login works fine.
If in a different tab of my browser try to go to “mydomain/mypath/rc/?_task=mail”, I get redirected to the rc login page.
Wasn’t I suposed to see my mails if I get a 1 at the success line?
can you tell me what version of roundcube are you using? mine is 0.1.1
thank you very much!!
Hallo Matias,
thanks for your comment. I will look into this at the weekend.
In fact, i’ve experienced some difficulties after my update too, — so
this might me the chance for me to fix this bug and answer your questions.
Regards,
Philipp
Hey everyone,
I just updated the script and the blog post.
It should now work like a charm.
Philipp
Philipp….thank you very much!!!!!
It worked perfectly!!!
good job!
again, thank you a lot
regards
matias
Hi, I receive the message error:
Status: ERROR: Unable to determine the login status. Unable to continue due to technical problems.
I’m using RC 0.2b version.
I’ve modified the main.inc.php file setting $rcmail_config['ip_check'] = false;
The classic login works.
Any suggestions?
Thanks!
Hey Simone,
if you give me the debug output, I can take a look. I’m gonna write you a mail so that we can try to fix it …
Regards,
Philipp
Update 30th Nov:
Unfortunately, Simone didn’t reply to my mail. Therefore, I can’t help her …
hi,
i havent test it fully right now… but i got some errors and could fix it.
first .. local .. all right ..runs smoothly :D
public .. errors .. first “no roundcube install found” .. change it to ‘./roundcubemail/’ .. then i got the error Status: ERROR: Unable to determine the login status. Unable to continue due to technical problems.
then i change followed:
private function sendRequest($path, $postData = false) {
$method = (!$postData) ? “GET” : “POST”;
$port = ($_SERVER['HTTPS']) ? 443 : 80;
$host = ($port == 443) ? “ssl://email.godz-clan.org” : “email.godz-clan.org”;
my webspace provider block maybe localhost .. dont know .. but so it runs.
maybe you make a variable host so you can make this at one place if someone has the same error.
Philipp,
Thanks for this workaround. I am looking for a solution to login from an external page into RC. Your soluation seems to be perfect for what i am looking for.
After i tried the code, the error
“Status: ERROR: Unable to determine the login status. Unable to continue due to technical problems.”
popped up. As far as i can see, all my parameters are set up as they should. Even the original login page in RC works as it should. I even tried UZU’s solution (above).
I use RC version: RELEASE 0.2-ALPHA.
PHP 5, etc..
Thanks in advance.
Joris
Philipp..
Really cool workaround, thank you so much for posting it..
But it doesn’t seem to be working for me!
Here’s the error I get:
Warning: Cannot modify header information – headers already sent by (output started at …/roundcubelogin.class.php:398) in …/roundcubelogin.class.php on line 351
Warning: Cannot modify header information – headers already sent by (output started at …/roundcubelogin.class.php:398) in …/roundcubelogin.class.php on line 351
Warning: Cannot modify header information – headers already sent by (output started at …/roundcubelogin.class.php:398) in …/roundcubelogin.class.php on line 233
any ideas?
@Nick: Sure. Simply remove all spaces before “< ?php" and after "?>” in the
class-file :-)
Philipp,
I desperately want to use your solution. However, I keep getting an error that I’m not sure how to fix.
First of all, I have to set the first argument of the RoundcubeLogin class constructor to “./roundcube/” instead of “/roundcube/” or I get the message “ERROR: Technical problem, No Roundcube installation found at ‘/roundcube/’.”
After that, I get the message “ERROR: Technical problem, Unable to determine the login status. Unable to continue due to technical problems.” The debug output is saying that it is a 400 Bad Request error. I can see that it is caused by trying to append “./roundcube” to my domain name rather than resolving to the correct directory path. For example, instead of correctly making the request to http://mydomain.com/path/to/roundcube, it’s trying to make the request to http://mydomain.com./roundcube.
Will you please help me get this working?
TIA,
Jack
@Jack: This looks pretty simple. You should be using the correct path in the constructor.
Instead of
$rcl = new RoundcubeLogin(“/roundcube/”, true);
write
$rcl = new RoundcubeLogin(“/path/to/roundcube/”, true);
This parameter is the URL-path of your roundcube installation. That is, if your RC is installed at http://mydomain.com/path/to/roundcube/, you should specify “/path/to/roundcube/” as webmail-path.
Regards, Philipp
Thanks!
I have this working, and it meets 100% of my needs but…
I can only get it to work with a clear text password!
Is there any way to make this work with an encrypted password?
It would be a big security issue for my site to store clear text passwords…
Thanks!
Hey there,
you don’t have to store the clear text passwords in your database. That’s absolutely not necessary.
The easiest way is to store the clear text password in the $_SESSION variable when the user logs in. That is, the password is only stored temporarily on the server and can only be stolen when someone is able to steal the session AND your script prints the password at some point. However, due to the fact that you don’t have to print the password, but only send it to the RC installation, this shouldn’t be a problem….
Regards,
Philipp
First, thank you for creating this script and for your continued support of it!
Have you tested this with RC 2.2? The script doesn’t seem to be working for me – I get an error that the roundcube installation isn’t found.
I have tried /roundcube/ and http://www.idatasys.net/roundcube/ – neither seems to work.
Hey Steve,
I haven’t had the chance to test it unfortunately and I will not be able to do so for the next month (since I am traveling around in California, yey!!).
It is possible that RC 2.2 either completely changed the login mechanisms, or some parts of the HTML output (which my script uses to parse the results).
Enabling the debug option and printing the output should give you some hints why it isn’t working. See above how to do that.
/roundcube/ should be fine as path.
Regards,
Philipp
Howdy,
Thanks to you I was able to setup SSO (Single Sign On) for my site.
These scripts helped so much!
There is just one little thing I hope someone can help with, as I can not figure it out on my own…
When using http://mydomain.com/roundcube/ everything works.
But I have a seprate Mail server with a much faster RoundCube setup at http://mail.mydomain.com
How can I change:
$rcl = new RoundcubeLogin(“/mail/rc671/”, true);
To something like:
$rcl = new RoundcubeLogin(“mail.mydoamin.com”,
\ true);
Also, I think I would need to update:
if ($rcl->isLoggedIn())
header(“Location: rc671/”);
And:
if ($rcl->isLoggedIn())
header(“Location: rc671/”);
Thank you for you time,
Carl.
Hey Carl,
the script is not made for this situation, and I’m not sure it is possible to rewrite it that way. If it would work, I would have made it that flexible when I wrote it.
Reasons: RC relies on Cookies. And in order to communicate with RC, my script has to read the Cookies from RC and interpret their meaning, _and_ eventually re-set to the end-user’s browser.
i.e.
RC < --> script < --> user
If the script and RC are located on the same host, it can read and write the same Cookies as RC. If, however, it is located on a different server, it is able to read RC’s Cookies (as a client), but cannot re-send them to the end-user client (because you can’t save Cookies for a different host than your own). Therefore, the end-user cannot stay logged in.
If you have any questions, please feel free to ask.
Philipp
thank you !! this post is a big help. You are a genious!
I am trying to mod a server install and keep getting the following error when running your the rclogin.php script– Parse error: syntax error, unexpected ‘{‘ in /home/xxxxxx/public_html/RoundCube/rclogin.php on line 23
I have placed the class file in the main usr directory for roundcube.
Please advise… Your help is greatly apprecited.
-Kit
Hey Kit,
sorry that it took so long for me to answer but I read your comment on my cell and totally forgot about it…
1)
First to the parse error: the rclogin.php file worked for all the others which means that you either made a copy+paste error, or more likely that you’re using a PHP version that doesn’t support try/catch. What PHP version are you using? You need at least PHP 5.0.
2)
“I have placed the class file in the main usr directory for roundcube.”
You don’t have to place the class-file or the rclogin-file in the RC installation. It can reside anywhere within the document root. In fact, the class file could even be outside the doc-root.
Hope this helps a little.
Regards,
Philipp
Hey Philipp,
NP
Well, recently had to re-install server… When I configured through easyapache, I setup both php 4.7 and 5.2, not knowing if some clients would have older versions of code that could possibly break.
Is there a method where I can call a specific vs of php for this script, becuase it seems to be defaulting to 4.7
-Kit
Hey Kit,
I think this is a configuration problem of your web server, i.e., most likely apache… Google it and I’m sure you will find a solution …
Regards,
Philipp
Hi there, This script looks like exactly what I’m looking for but I’m getting this message error:
Status: ERROR: Unable to determine the login status. Unable to continue due to technical problems.
I’m using version 0.3.1.
My main.inc.php was already set to $rcmail_config['ip_check'] = false and I can log in normally ok.
my RC installation is at mydomain.com/mail and I have both your files rclogin.php and RoundcubeLogin.class.php in mydomain.com/mail/test
I have set $rcPath = “/mail/”; in the rclogin.php script, although I get the same arror regardless of what in put here ?
Help Please !?
@Aodhan: The rclogin.php produces a whole lot of debug output. If you send it to me, I can maybe help you here … BUT: Make sure to remove all passwords from the output first :-D
Regards,
Philipp
Hi and thanks for getting back to me.
Where should I see the debug output ? In the same folder as the script ? If so its not been written, thers nothing there.
If have this set in your script, I assume thats correct ?
// Set to TRUE if something doesn’t work
$debug = true;
$rcPath = “/mail/”;
Thanks again for your help.
Aodhan.
Hey there and sorry for not replying immediately.
when you call the rclogin.php file in your browser, it outputs something
like “Status: … Login Logout …”. Below that, it prints the debug
information if you click on “Login” or “Logout”.
try clicking on “Login” or “Logout” and then it should definitely print
something … if it doesn’t i can’t think of any reason why it doesn’t.
you’re using version 0.3.1 right? because one of my readers confirmed
that it works with that version. i personally haven’t tried it yet.
sorry i can’t be more help… but without the debug output, it’s simply
impossible to find out what’s wrong.
regards,
philipp
Hi,
ist es auch möglich eine SQL abfrage (für die userdaten) zu machen und wie?
“$rcl->login(“your-email-address”, “plain-text-password”);” Trage ich da einfach die namen der beiden Textboxen ein?
Vielen dank im Vorraus
Grüße
Noch ne kleinere frage, wie wende ich das richtig an (welches verzeichniss hochladen und evtl. daten anpassen)?
Danke und Grüße
Hallo Tim,
I’m not quite sure I fully understand what you mean. The login function does not take the names of the textboxes as arguments but rather the actual e-mail address and password.
For example:
$rcl->login(“kennedy@example.com”,”ich-bin-ein-berliner”),
or $rcl->login($_POST['username-textbox'], $_POST['password-textbox']);
but NOT:
$rcl->login(“username-textbox”,”password-textbox”);
What names/data do you want to retrieve from the SQL database?
Regards,
Philipp
Hi Philipp,
ich möchte die User nicht über den IMAP Server abfragen sodern aus einer DB.
Ersetzte ich die index.php mit Ihrer?
Grüße
hi i use rclogin scritp all its ok. but when i receive the response it show me the php code not the html page
see above
thanks a lot of
RESPONSE:
HTTP/1.1 200 OK
Date: Mon, 07 Jun 2010 14:42:58 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5.10
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
989
RoundCube Webmail :: Bienvenue sur RoundCube Webmail
/* */
Bienvenue sur RoundCube Webmail
Utilisateur
Mot de passe
Hello Rabah,
the rclogin script should be used only for testing purposes because it always prints the debugging output at the end (cmp. $rcl->printDebugStack()).
Try to use the code given in the section “sample usage” and/or disable debugging in the constructor of the RoundcubeLogin-class: $rcl = new RoundcubeLogin(…, false);
Regards,
Philipp
Hi Phillip, i have a problem with the login to roundcube using your script, the problem is that i have linked my login and the roundcube login, so i dont have to login every time i need to enter roundcube, but my system doesn’t keep the login, so i login and 3 seconds after i’m returned to the login page, what could be my problem??
Thanks
It’s very difficult to determine a problem without any code and/or a detailed description. Does the rclogin.php script work as expected, i.e. does it allow you to log-in/out to roundcube?
To make a Single Sign-On script as you described it, you need to:
1. create your own login-page with a HTML form (login.php)
2. save the username/password when the user logs in (e.g. in the $_SESSION variable)
3. perform a $rcl->login(…) operation if the user asks to access the webmail interface
Sorry I can’t help more. Post some code if you have further questions …
Regards,
Philipp
Hello Phillip, do you know how i can make a contact list, with some of my contact, so i dont have to write them all when i want to send them a mail??
it would a great help if you can help me.
Thanks
hello,
Is there any way to auto login to RoundCube? Problem is that i dont have access to any files of RoundCube, I was trying to set IE or FF to remamber passwords but it dont work, so Im thinking about making some script. Mr Philipp if You have any idea how to help me pls write msg :)
Best regards
Hey Arek,
my script only works if the RoundcubeLogin-file and your own script reside on the same host as the RC installation, because it has to read RCs cookies.
It will NOT work, if your script is on a different host, e.g. http://mywebsite.myprovider.tld < --> http://webmail.myprovider.tld
Hope this helps a little.
Regards,
Philipp
Hello,
The script tell’s me that there is no rouncube installation find. But it really is there. The file’s are my own so it’s not a provider install.
$rcl = new RoundcubeLogin(“http://www.startnet.be/mail/”, true);
I have already try for /mail/ ant http://startnet.be/mail/ the same problem
ERROR: Technical problem, No Roundcube installation found at ‘http://www.startnet.be/mail’
REQUEST:
GET http://www.startnet.be/mail HTTP/1.1
Host: http://www.startnet.be
Cookie: 92d2a1256cd02a582ac9d3dec5154d99=239dca458af583caa6f194ba2d0606ef; 87f58a10ed835bc6d150e0ccfc067c48=71759a66171227d5ca319e575b42fda4; 3ab17c82a5752b030f3c75a65dc13787=54b2f888386adab02f720ced84f63c7a; ja_purity_tpl=ja_purity; roundcube_sessid=e12384f63f04b8adf842428e444113e4; PHPSESSID=d04ee7422f070b4c806c9403902fda1f
Connection: close
Regards,
Sylvain
Great script saved me tons of time.
Just to help others who might be having the same problem as me. I kept getting a 404 message from the roundcube request. This was because apache was not figuring out what virtual server I wanted and was defaulting to the wrong virtualserver. I simply added an alias for /roundcube in apache conf and it solved the issue. I do not know why the virtual server was not working with socket request.
Now just make it work for squirrel mail :) and all my problems will be solved.
Thanks again
Rich
Hey Rich,
thanks for sharing!
Oh nooo, SquirrelMail … hehe :-D
Regards,
Philipp