Roundcube login via PHP script
Roundcube is an AJAX/PHP based e-mail application which is really flexible and easy to use in comparison to other free web based solutions.
For the customer interface of Silversun, I wanted to use RC as the internal web mail application and therefore had to embed it into my system. To avoid that the customer has to log in twice (customer interface and Roundcube), I had to simulate the login request with a PHP script.
Update Nov/08:
After the comment of Matias, I reviewed the code and fixed some issues. Now it should work properly even with the newest Roundcube version (0.2-beta). The class file itself contains installation instructions. Please read them carefully.
Update Mar/09:
Just tested the script with version 0.2.1 and it works like a charm, at least for my installation …
Update Dec/09:
Diego just confirmed (via e-mail) that the script also works for 0.3.1 without modification.
Prepare RC
To perform the Roundcube login via a web site, it is necessary to turn off the check_ip/ip_check option in the main.inc.php file, because our script (= server IP address) will send the login data and pass it to RC instead of the user’s browser (= user IP address).
The RoundcubeLogin class
This small class only consists of four functions and it shouldn’t be necessary to modify it in order to get the login to work.
- RoundcubeLogin.class.php
Provides the functionality to login, logout and check the login status. - rclogin.php
A small script to test if everything works as expected.
The class provides four public methods:
-
login($username, $password)
Perform a login to the Roundcube mail system.
Note: If the client is already logged in, the script will re-login the user (logout/login). To prevent this behaviour, use the isLoggedIn()-function.
Returns: TRUE if the login suceeds, FALSE if the user/pass-combination is wrong
Throws: May throw a RoundcubeLoginException if Roundcube sends an unexpected answer (that might happen if a new Roundcube version behaves differently) -
isLoggedIn()
Checks whether the client/browser is logged in and has a valid Roundcube session.
Returns: TRUE if the user is logged in, FALSE otherwise.
Throws: May also throw a RoundcubeLoginException (see above). -
logout()
Performs a logout on the current Roundcube session.
Returns: TRUE if the logout was a success, FALSE otherwise.
Throws: May also throw a RoundcubeLoginException (see above). -
redirect()
Simply redirects to Roundcube.
Sample usage
The script below demonstrates how the class can be used. If the client is already logged in, it simply redirects the browser to the Roundcube application. If not, it performs a login and then redirects to Roundcube.
<?php include "RoundcubeLogin.class.php"; # Create RC login object. # Note: The first parameter is the URL-path of the RC inst., # NOT the file-system path # e.g. http://host.com/path/to/roundcube/ --> "/path/to/roundcube" $rcl = new RoundcubeLogin("/roundcube/", $debug); try { # If we are already logged in, simply redirect if ($rcl->isLoggedIn()) $rcl->redirect(); # If not, try to login and simply redirect on success $rcl->login("some-email-address", "plain-text-password"); if ($rcl->isLoggedIn()) $rcl->redirect(); # If the login fails, display an error message die("ERROR: Login failed due to a wrong user/pass combination."); } catch (RoundcubeLoginException $ex) { echo "ERROR: Technical problem, ".$ex->getMessage(); $rcl->dumpDebugStack(); exit; } ?>
I’m open for suggestions
Please feel free to post your comment or suggestions. That’s the only way to ensure that it works with all versions.
hey! thanks for sharing…I couldn’t make it work, I get errors on this lines:
header($line); (line 89 of the class)
and:
header(“Location: /mypath/rc”);
the success var contains a 1, so I guess the login works fine.
If in a different tab of my browser try to go to “mydomain/mypath/rc/?_task=mail”, I get redirected to the rc login page.
Wasn’t I suposed to see my mails if I get a 1 at the success line?
can you tell me what version of roundcube are you using? mine is 0.1.1
thank you very much!!
Hallo Matias,
thanks for your comment. I will look into this at the weekend.
In fact, i’ve experienced some difficulties after my update too, — so
this might me the chance for me to fix this bug and answer your questions.
Regards,
Philipp
Hey everyone,
I just updated the script and the blog post.
It should now work like a charm.
Philipp
Philipp….thank you very much!!!!!
It worked perfectly!!!
good job!
again, thank you a lot
regards
matias
Hi, I receive the message error:
Status: ERROR: Unable to determine the login status. Unable to continue due to technical problems.
I’m using RC 0.2b version.
I’ve modified the main.inc.php file setting $rcmail_config['ip_check'] = false;
The classic login works.
Any suggestions?
Thanks!
Hey Simone,
if you give me the debug output, I can take a look. I’m gonna write you a mail so that we can try to fix it …
Regards,
Philipp
Update 30th Nov:
Unfortunately, Simone didn’t reply to my mail. Therefore, I can’t help her …
hi,
i havent test it fully right now… but i got some errors and could fix it.
first .. local .. all right ..runs smoothly :D
public .. errors .. first “no roundcube install found” .. change it to ‘./roundcubemail/’ .. then i got the error Status: ERROR: Unable to determine the login status. Unable to continue due to technical problems.
then i change followed:
private function sendRequest($path, $postData = false) {
$method = (!$postData) ? “GET” : “POST”;
$port = ($_SERVER['HTTPS']) ? 443 : 80;
$host = ($port == 443) ? “ssl://email.godz-clan.org” : “email.godz-clan.org”;
my webspace provider block maybe localhost .. dont know .. but so it runs.
maybe you make a variable host so you can make this at one place if someone has the same error.
Philipp,
Thanks for this workaround. I am looking for a solution to login from an external page into RC. Your soluation seems to be perfect for what i am looking for.
After i tried the code, the error
“Status: ERROR: Unable to determine the login status. Unable to continue due to technical problems.”
popped up. As far as i can see, all my parameters are set up as they should. Even the original login page in RC works as it should. I even tried UZU’s solution (above).
I use RC version: RELEASE 0.2-ALPHA.
PHP 5, etc..
Thanks in advance.
Joris
Philipp..
Really cool workaround, thank you so much for posting it..
But it doesn’t seem to be working for me!
Here’s the error I get:
Warning: Cannot modify header information – headers already sent by (output started at …/roundcubelogin.class.php:398) in …/roundcubelogin.class.php on line 351
Warning: Cannot modify header information – headers already sent by (output started at …/roundcubelogin.class.php:398) in …/roundcubelogin.class.php on line 351
Warning: Cannot modify header information – headers already sent by (output started at …/roundcubelogin.class.php:398) in …/roundcubelogin.class.php on line 233
any ideas?
@Nick: Sure. Simply remove all spaces before “< ?php" and after "?>” in the
class-file :-)
Philipp,
I desperately want to use your solution. However, I keep getting an error that I’m not sure how to fix.
First of all, I have to set the first argument of the RoundcubeLogin class constructor to “./roundcube/” instead of “/roundcube/” or I get the message “ERROR: Technical problem, No Roundcube installation found at ‘/roundcube/’.”
After that, I get the message “ERROR: Technical problem, Unable to determine the login status. Unable to continue due to technical problems.” The debug output is saying that it is a 400 Bad Request error. I can see that it is caused by trying to append “./roundcube” to my domain name rather than resolving to the correct directory path. For example, instead of correctly making the request to http://mydomain.com/path/to/roundcube, it’s trying to make the request to http://mydomain.com./roundcube.
Will you please help me get this working?
TIA,
Jack
@Jack: This looks pretty simple. You should be using the correct path in the constructor.
Instead of
$rcl = new RoundcubeLogin(“/roundcube/”, true);
write
$rcl = new RoundcubeLogin(“/path/to/roundcube/”, true);
This parameter is the URL-path of your roundcube installation. That is, if your RC is installed at http://mydomain.com/path/to/roundcube/, you should specify “/path/to/roundcube/” as webmail-path.
Regards, Philipp
Thanks!
I have this working, and it meets 100% of my needs but…
I can only get it to work with a clear text password!
Is there any way to make this work with an encrypted password?
It would be a big security issue for my site to store clear text passwords…
Thanks!
Hey there,
you don’t have to store the clear text passwords in your database. That’s absolutely not necessary.
The easiest way is to store the clear text password in the $_SESSION variable when the user logs in. That is, the password is only stored temporarily on the server and can only be stolen when someone is able to steal the session AND your script prints the password at some point. However, due to the fact that you don’t have to print the password, but only send it to the RC installation, this shouldn’t be a problem….
Regards,
Philipp
First, thank you for creating this script and for your continued support of it!
Have you tested this with RC 2.2? The script doesn’t seem to be working for me – I get an error that the roundcube installation isn’t found.
I have tried /roundcube/ and http://www.idatasys.net/roundcube/ – neither seems to work.
Hey Steve,
I haven’t had the chance to test it unfortunately and I will not be able to do so for the next month (since I am traveling around in California, yey!!).
It is possible that RC 2.2 either completely changed the login mechanisms, or some parts of the HTML output (which my script uses to parse the results).
Enabling the debug option and printing the output should give you some hints why it isn’t working. See above how to do that.
/roundcube/ should be fine as path.
Regards,
Philipp
Howdy,
Thanks to you I was able to setup SSO (Single Sign On) for my site.
These scripts helped so much!
There is just one little thing I hope someone can help with, as I can not figure it out on my own…
When using http://mydomain.com/roundcube/ everything works.
But I have a seprate Mail server with a much faster RoundCube setup at http://mail.mydomain.com
How can I change:
$rcl = new RoundcubeLogin(“/mail/rc671/”, true);
To something like:
$rcl = new RoundcubeLogin(“mail.mydoamin.com”,
\ true);
Also, I think I would need to update:
if ($rcl->isLoggedIn())
header(“Location: rc671/”);
And:
if ($rcl->isLoggedIn())
header(“Location: rc671/”);
Thank you for you time,
Carl.
Hey Carl,
the script is not made for this situation, and I’m not sure it is possible to rewrite it that way. If it would work, I would have made it that flexible when I wrote it.
Reasons: RC relies on Cookies. And in order to communicate with RC, my script has to read the Cookies from RC and interpret their meaning, _and_ eventually re-set to the end-user’s browser.
i.e.
RC < --> script < --> user
If the script and RC are located on the same host, it can read and write the same Cookies as RC. If, however, it is located on a different server, it is able to read RC’s Cookies (as a client), but cannot re-send them to the end-user client (because you can’t save Cookies for a different host than your own). Therefore, the end-user cannot stay logged in.
If you have any questions, please feel free to ask.
Philipp
thank you !! this post is a big help. You are a genious!
I am trying to mod a server install and keep getting the following error when running your the rclogin.php script– Parse error: syntax error, unexpected ‘{‘ in /home/xxxxxx/public_html/RoundCube/rclogin.php on line 23
I have placed the class file in the main usr directory for roundcube.
Please advise… Your help is greatly apprecited.
-Kit
Hey Kit,
sorry that it took so long for me to answer but I read your comment on my cell and totally forgot about it…
1)
First to the parse error: the rclogin.php file worked for all the others which means that you either made a copy+paste error, or more likely that you’re using a PHP version that doesn’t support try/catch. What PHP version are you using? You need at least PHP 5.0.
2)
“I have placed the class file in the main usr directory for roundcube.”
You don’t have to place the class-file or the rclogin-file in the RC installation. It can reside anywhere within the document root. In fact, the class file could even be outside the doc-root.
Hope this helps a little.
Regards,
Philipp
Hey Philipp,
NP
Well, recently had to re-install server… When I configured through easyapache, I setup both php 4.7 and 5.2, not knowing if some clients would have older versions of code that could possibly break.
Is there a method where I can call a specific vs of php for this script, becuase it seems to be defaulting to 4.7
-Kit
Hey Kit,
I think this is a configuration problem of your web server, i.e., most likely apache… Google it and I’m sure you will find a solution …
Regards,
Philipp
Hi there, This script looks like exactly what I’m looking for but I’m getting this message error:
Status: ERROR: Unable to determine the login status. Unable to continue due to technical problems.
I’m using version 0.3.1.
My main.inc.php was already set to $rcmail_config['ip_check'] = false and I can log in normally ok.
my RC installation is at mydomain.com/mail and I have both your files rclogin.php and RoundcubeLogin.class.php in mydomain.com/mail/test
I have set $rcPath = “/mail/”; in the rclogin.php script, although I get the same arror regardless of what in put here ?
Help Please !?
@Aodhan: The rclogin.php produces a whole lot of debug output. If you send it to me, I can maybe help you here … BUT: Make sure to remove all passwords from the output first :-D
Regards,
Philipp
Hi and thanks for getting back to me.
Where should I see the debug output ? In the same folder as the script ? If so its not been written, thers nothing there.
If have this set in your script, I assume thats correct ?
// Set to TRUE if something doesn’t work
$debug = true;
$rcPath = “/mail/”;
Thanks again for your help.
Aodhan.
Hey there and sorry for not replying immediately.
when you call the rclogin.php file in your browser, it outputs something
like “Status: … Login Logout …”. Below that, it prints the debug
information if you click on “Login” or “Logout”.
try clicking on “Login” or “Logout” and then it should definitely print
something … if it doesn’t i can’t think of any reason why it doesn’t.
you’re using version 0.3.1 right? because one of my readers confirmed
that it works with that version. i personally haven’t tried it yet.
sorry i can’t be more help… but without the debug output, it’s simply
impossible to find out what’s wrong.
regards,
philipp