Roundcube Login via PHP script

is currently consolidating Roundcube 1.0.5 mail system and other systems, want to cancel the login process, found this, first praise one!

Original address: http://blog.philippheckel.com/2008/05/16/roundcube-login-via-php-script/

Roundcube is an ajax/php based e-mail application which is really flexible and easy-to-use on comparison to other free web Based solutions.

For the customer interface of Silversun, I wanted to use RC as the internal Web mail application and therefore had to Embe D it into my system. To avoid the customer have to log in twice (Customer interface and Roundcube), I had to simulate the login request wit H a PHP script.

Contents

1. Updates
   1. 1. Prepare RC
   2. 2. The Roundcubelogin class
   3. 3. Sample Usage
   4. 4. Debugging
2. Bad Request
   1. 5. I ' m open for suggestions

Updates

A lot have changed over the years. As of Now (July), the class does exist for over 5 years. Here's what happened in this time:

• November: After the comment of Matias, I reviewed the code and fixed some issues. Now it should work properly even with the newest Roundcube version (0.2-beta). The class file itself contains installation instructions. Please read them carefully.

• March: Just tested the script with version 0.2.1 and it works like a charm, at least for my installation.

• December: Diego just confirmed (via e-mail) that is the script also works for 0.3.1 without.

• May: I just tested the scripts with Roundcube 0.4-beta, and it still works without modification. I also added the sectiondebugging make it easier to figure out what ' s wrong.

• March: After Alex ' comment, I adjusted a small part of the script. It should now also work with Roundcube 0.5.1. It now handles the new request token correctly. The pre-0.5.1 script is still available for download here:roundcubelogin.pre-0.5.1.class.php (plain text).

• April: I have updated the script again. It now works with 0.7.2. Issues were PHP ' s multiple-cookie handling, the Sessauth-cookie as well as the user agent checks by RC. The pre-0.6 version is still available for download here:roundcubelogin.pre-0.6.class.php (plain text).

• may: According to Reznor's comment, the script still works with 0.9.0.

• July: The class is currently used in the Roundcube ownCloud Plugin by Martin Reinhardt. There has been some issues with the altered version. Make sure to update to the newest version or report bugs here.

• July: After many user issues with ssl-hosted roundcube installations, I-finally got around to fix the SSL is Sues once and for all. The class now detects whether RC are running with SSL/TLS and set hostname, port and connection type accordingly. If that does isn't work, you can usesethostname (),Setport ()andSetsslto adjust these settings to your environment. The old class is still available here:roundcubelogin.pre-0.9.2.class.php (plain text).

1. Prepare RC

To perform the Roundcube login via a Web site, it's necessary to turn off the check_ip/ip_check option in themain.inc.php file, because our script (= Server IP address) would send the login data and pass it to RC instead of T He user ' s browser (= user IP address).

2. The Roundcubelogin class

This small class is consists of four functions and it shouldn ' t is necessary to modify it in order to get the login to W Ork.

• RoundcubeLogin.class.php (plain text)
  Provides the functionality to login, logout and check the login status.
• rclogin.php (plain text)
  A Small script to test if everything works as expected.

The class provides four public methods:

• Login ($username, $password) 
• Perform a login to the Roundcube mail system.
  note : If The client is already logged in, the script would re-login the US ER (logout/login). To prevent this behaviour, use the isLoggedIn () -function.
  returns :   TRUE  if the login suceeds,  FALSE  if The user/pass-combination is wrong
  throws : May throw a  roundcubeloginexception  if Roundcube sends a unexpected answer (that might happe N If a new Roundcube version behaves differently)
• isLoggedIn ()
• Checks whether the Client/browser are logged in and have a valid Roundcube session.
  Returns: TRUE If the user is logged in, FALSE otherwise.
  Throws: May also throw a roundcubeloginexception (see above).
• Logout ()
• Performs a logout on the current Roundcube session.
  Returns: TRUE If the logout was a success, FALSE otherwise.
  Throws: May also throw a roundcubeloginexception (see above).
• Redirect ()
• Simply redirects to Roundcube.
• SetHostName ($hostname)
• Set hostname manually. Note that the hostname must point to the local machine. It does not work for remote machines.
• Setport ($port)
• Set Port manually. Uses Server port By default (auto detected).
• Setssl ($enableSSL)
• Enable or disable SSL for this connection. This value impacts the connection string forfsockopen (). If enabled, the prefix "ssl://" is attached. IfNULLis set, the value of the$_server[' HTTPS ')variable is used.

3. Sample Usage

The script below demonstrates how the class can be used. If the client is already logged in, it simply redirects the browser to the Roundcube application. If not, it performs a login and then redirects to Roundcube.

PHP

<?php   include "RoundcubeLogin.class.php";   // Create RC login object. // Note: The first parameter is the URL-path of the RC inst., //      NOT the file-system path. Trailing slash REQUIRED. // e.g. http://host.com/path/to/roundcube/ --> "/path/to/roundcube/" $rcl = new RoundcubeLogin("/roundcube/", $debug);   // Override hostname, port or SSL-setting if necessary: // $rcl->setHostname("example.localhost"); // $rcl->setPort(443); // $rcl->setSSL(true);   try {    // If we are already logged in, simply redirect    if ($rcl->isLoggedIn())       $rcl->redirect();      // If not, try to login and simply redirect on success    $rcl->login("some-email-address", "plain-text-password");      if ($rcl->isLoggedIn())       $rcl->redirect();      // If the login fails, display an error message    die("ERROR: Login failed due to a wrong user/pass combination."); } catch (RoundcubeLoginException $ex) {    echo "ERROR: Technical problem, ".$ex->getMessage();    $rcl->dumpDebugStack(); exit; }   ?>

4. Debugging

If you ' re has problems with the RoundcubeLogin.class.php class (plain text) itself, try using the Rclogin.php-file (PLA In text) for Debugging:open the file in your browser (http://myhost/roundcube/rclogin.php) with a look at the output . Theroundcubelogin-class performs a series of request/response cycles and parses the output to figure out if you ' Re logged in.

Known Issues:

1. No roundcube installation found at ' ... ' 
2. This error message was thrown if the path-value in the Roundcubelogin constructur is not set correctly. It must is set to the part of the URL that represents the path, e.g. in case of http://myhost/roundcube/you must create t He object like This:     php  

   1	$RCL = new RoundcubeLogin< Span class= "Crayon-sy" > ( "/roundcube/"

3. Unable to determine login-status due to technical problems.
4. This error can occur in the methods login (), logout () and isLoggedIn (). Theroundcubelogin-class expects Roundcube to send certain headers on response to the login/logout-requests. If those headers could not being found, this error is thrown. Possible reasons is:

   
   

   • New RC Version
   • Cookies must be enabled
   • ip_check/check_ip option in the main.inc.php must isfalse
5. Unable to determine the login status. Unable to continue due to technical problems.
6. This error occurs if the script cannot determine if you is logged in or not, because the returned HTML code neither Conta Ins the login-form (= logged out) nor the message DIV (= logged in). This might happen if Roundcube changed the Html-code.
7. Test Script "rclogin.php" says "Bad Request": When you run the test script, you get a error like this:
   XHTML
   <h1 id="Bad-Request">Bad Request</h1>
   <p>Your browser sent a request that this server could not understand.<br />
   Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
   Instead use the HTTPS scheme to access this URL, please.

   
   

   
   

   
   

   The reason for this exception is, the hostname in thefsockopen ()have been called without an "ssl://"-prefi X. In the class can fix this by calling$rcl->setssl (True).

   
   

5. I ' m open for suggestions

Feel free to post your comment or suggestions. That's the only-to ensure-it works with all versions.

Roundcube Login via PHP script