Roundcube login via PHP script

目前正在整合 roundcube 1.0.5 的邮件系统和其他系统，想取消登录过程，发现了这个，先赞一个！

原文地址： http://blog.philippheckel.com/2008/05/16/roundcube-login-via-php-script/

Roundcube is an AJAX/PHP based e-mail application which is really flexible and easy to use in comparison to other free web based solutions.

For the customer interface of Silversun, I wanted to use RC as the internal web mail application and therefore had to embed it into my system. To avoid that the customer has to log in twice (customer interface and Roundcube), I had to simulate the login request with a PHP script.

Contents

Updates

A lot has changed over the years. As of now (July 2013), the class does exist for over 5 years. Here’s what happened in this time:

November 2008: After the comment of Matias, I reviewed the code and fixed some issues. Now it should work properly even with the newest Roundcube version (0.2-beta). The class file itself contains installation instructions. Please read them carefully.
March 2009: Just tested the script with version 0.2.1 and it works like a charm, at least for my installation.
December 2009: Diego just confirmed (via e-mail) that the script also works for 0.3.1 without modification.
May 2010: I just tested the scripts with Roundcube 0.4-beta, and it still works without modification. I also added the sectionDebugging make it easier to figure out what’s wrong.
March 2011: After Alex’ comment, I adjusted a small part of the script. It should now also work with Roundcube 0.5.1. It now handles the new request token correctly. The pre-0.5.1 script is still available for download here:RoundcubeLogin.pre-0.5.1.class.php (plain text).
April 2012: I have updated the script again. It now works with 0.7.2. Issues were PHP’s multiple-cookie handling, the sessauth-cookie as well as the user agent checks by RC. The pre-0.6 version is still available for download here:RoundcubeLogin.pre-0.6.class.php (plain text).
May 2013: According to Reznor’s comment, the script still works with 0.9.0.
July 2013: The class is currently used in the Roundcube ownCloud Plugin by Martin Reinhardt. There have been some issues with the altered version. Make sure to update to the newest version or report bugs here.
July 2013: After many user issues with SSL-hosted Roundcube installations, I finally got around to fix the SSL issues once and for all. The class now detects whether RC is running with SSL/TLS and set hostname, port and connection type accordingly. If that does not work, you can use setHostname(), setPort() and setSSL to adjust these settings to your environment. The old class is still available here: RoundcubeLogin.pre-0.9.2.class.php (plain text).

1. Prepare RC

To perform the Roundcube login via a web site, it is necessary to turn off the check_ip/ip_check option in the main.inc.php file, because our script (= server IP address) will send the login data and pass it to RC instead of the user’s browser (= user IP address).

2. The RoundcubeLogin class

This small class only consists of four functions and it shouldn’t be necessary to modify it in order to get the login to work.

RoundcubeLogin.class.php (plain text)
Provides the functionality to login, logout and check the login status.
rclogin.php (plain text)
A small script to test if everything works as expected.

The class provides four public methods:

login($username, $password)
Perform a login to the Roundcube mail system.
Note: If the client is already logged in, the script will re-login the user (logout/login). To prevent this behaviour, use theisLoggedIn()-function.
Returns: TRUE if the login suceeds, FALSE if the user/pass-combination is wrong
Throws: May throw a RoundcubeLoginException if Roundcube sends an unexpected answer (that might happen if a new Roundcube version behaves differently)
isLoggedIn()
Checks whether the client/browser is logged in and has a valid Roundcube session.
Returns: TRUE if the user is logged in, FALSE otherwise.
Throws: May also throw a RoundcubeLoginException (see above).
logout()
Performs a logout on the current Roundcube session.
Returns: TRUE if the logout was a success, FALSE otherwise.
Throws: May also throw a RoundcubeLoginException (see above).
redirect()
Simply redirects to Roundcube.
setHostname($hostname)
Set hostname manually. Note that the hostname must point to the local machine. It does not work for remote machines.
setPort($port)
Set port manually. Uses server port by default (auto detected).
setSSL($enableSSL)
Enable or disable SSL for this connection. This value impacts the connection string for fsockopen(). If enabled, the prefix “ssl://” is attached. If NULL is set, the value of the $_SERVER['HTTPS'] variable is used.

3. Sample usage

The script below demonstrates how the class can be used. If the client is already logged in, it simply redirects the browser to the Roundcube application. If not, it performs a login and then redirects to Roundcube.

PHP

<?php

include "RoundcubeLogin.class.php";

// Create RC login object.

// Note: The first parameter is the URL-path of the RC inst.,

// NOT the file-system path. Trailing slash REQUIRED.

// e.g. http://host.com/path/to/roundcube/ --> "/path/to/roundcube/"

$rcl = new RoundcubeLogin("/roundcube/", $debug);

// Override hostname, port or SSL-setting if necessary:

// $rcl->setHostname("example.localhost");

// $rcl->setPort(443);

// $rcl->setSSL(true);

try {

// If we are already logged in, simply redirect

if ($rcl->isLoggedIn())

$rcl->redirect();

// If not, try to login and simply redirect on success

$rcl->login("some-email-address", "plain-text-password");

if ($rcl->isLoggedIn())

$rcl->redirect();

// If the login fails, display an error message

die("ERROR: Login failed due to a wrong user/pass combination.");

}

catch (RoundcubeLoginException $ex) {

echo "ERROR: Technical problem, ".$ex->getMessage();

$rcl->dumpDebugStack(); exit;

}

4. Debugging

If you’re having problems with the RoundcubeLogin.class.php class (plain text) itself, try using the rclogin.php-file (plain text) for debugging: open the file in your browser (http://myhost/roundcube/rclogin.php), and take a look at the output. TheRoundcubeLogin-class performs a series of request/response cycles and parses the output to figure out if you’re logged in.

Known issues:

No Roundcube installation found at ‘…’
This error message is thrown if the path-value in the RoundcubeLogin constructur was not set correctly. It must be set to the part of the URL that represents the path, e.g. in case of http://myhost/roundcube/ you must create the object like this:

PHP

1

$rcl = new RoundcubeLogin("/roundcube/");
Unable to determine login-status due to technical problems.
This error can occur in the methods login(), logout() and isLoggedIn(). The RoundcubeLogin-class expects Roundcube to send certain headers in response to the login/logout-requests. If those headers could not be found, this error is thrown. Possible reasons are:
- New RC version
- Cookies must be enabled
- ip_check/check_ip option in the main.inc.php must be false
Unable to determine the login status. Unable to continue due to technical problems.
This error occurs if the script cannot determine if you are logged in or not, because the returned HTML code neither contains the login-form (= logged out) nor the message DIV (= logged in). This might happen if Roundcube changed the HTML-code.

Test script “rclogin.php” says “400 Bad Request”: When you run the test script you get an error like this:

XHTML

<h1 id="Bad-Request">Bad Request</h1>

<p>Your browser sent a request that this server could not understand.<br />

Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />

Instead use the HTTPS scheme to access this URL, please.

The reason for this exception is that the hostname in the fsockopen() has been called without an “ssl://”-prefix. In the class you can fix this by calling $rcl->setSSL(true).

5. I’m open for suggestions

Please feel free to post your comment or suggestions. That’s the only way to ensure that it works with all versions.