I am trying to hack a single login feature for squirrelmail so members of my site can login to amember and click the link to the email interface and it logs them in automatically. The squirrelmail plugin i am trying to hack for this function is Login: HTTP Authentication. The way it checks if user is logged in is: Code: function login_auth_skip_login_do() { global $PHP_AUTH_USER, $PHP_AUTH_PW; sqgetGlobalVar('PHP_AUTH_USER', $PHP_AUTH_USER, SQ_SERVER); sqgetGlobalVar('PHP_AUTH_PW', $PHP_AUTH_PW, SQ_SERVER); If it comes up as a no (maybe user/pwd don't exist on imap server, or query found nothing), it just sends user to squirrelmail login page. How can i hack this to check for amember username/password? There is another promising plugin...Login: Auto, which is a cookie setter, but as i know little to nothing about all this jazz, it looked harder to hack (if my previous idea has any compatability, that is). -------------------------- Let me amend this: i believe this is the function called to see if user is logged elsewhere: Code: /** * Use correct login info from HTTP * */ function login_auth_login_before_do() { global $plugins, $login_auth, $login_auth_user, $login_auth_pass, $just_logged_in, $login_username, $secretkey; sqgetGlobalVar('login_auth', $login_auth, SQ_SESSION); sqgetGlobalVar('login_auth_user', $login_auth_user, SQ_SESSION); sqgetGlobalVar('login_auth_pass', $login_auth_pass, SQ_SESSION); // user is logging in via normal means // if (empty($login_auth) || $login_auth !== 'YES') return; $login_username = $login_auth_user; $secretkey = $login_auth_pass; $just_logged_in = 1; } Please excuse and bear with me...sorry i'm a noob.
It is very easy: PHP: global $PHP_AUTH_USER, $PHP_AUTH_PW;// sqgetGlobalVar('PHP_AUTH_USER', $PHP_AUTH_USER, SQ_SERVER);// sqgetGlobalVar('PHP_AUTH_PW', $PHP_AUTH_PW, SQ_SERVER); $PHP_AUTH_USER = $_SESSION['_amember_login']; $PHP_AUTH_PW = $_SESSION['_amember_pass']; only problem can be if SquirrelMail is using its own session engine, then variables from aMember session won't be available.
Alas, squirrelmail does use its own session engine; and i'm not truly conversational with php, let alone fluent, so rewriting that huge of a piece is too big a project for me. I was thinking about using .htaccess to rewrite a request to the squirrelmail login page and pass it amember values, but i've looked around the login handler and it's php with an html browser output (using echo instead of seperate files) and i don't even know where to begin. Looks like single login might be tabled for now, though i still hope to find a solution. Thanks for your help.
I didn't see any in the main body of documentation, nor the config.pl program, and i don't know where to look for this in the code. What i did (that worked) was find a plugin to put a login form on "any page" and modified that form to pass amember values: Code: <head> <script language="JavaScript" type="text/javascript"> <!-- function squirrelmail_loginpage_onload() { document.email.js_autodetect_results.value="1"; for (i = 0 ; i < document.forms[0].elements.length;i++) { if (document.forms[0].elements[i].type=="text" || document.forms[0].elements[i].type=="password") { document.forms[0].elements[i].focus(); break; } } } function squirrellogin() { document.email.submit(); } //--> </script> </head> <body onLoad="squirrelmail_loginpage_onload()"> <a href="javascript:squirrellogin()">Email</a> <form name="email" method="post" action="http://example.com/squirrelmail-1.4.6/src/redirect.php"> <input type="hidden" name="js_autodetect_results" value="0"> <input type="hidden" name="just_logged_in" value="1"> <input type="hidden" name="login_username" value="<?php echo $_SESSION['_amember_user']['login'] ?>"> <input type="hidden" name="secretkey" value="<?php echo $_SESSION['_amember_user']['pass'] ?>"> </form> </body> I know i don't need the focus piece of the onload function (as they aren't fields the user can edit), but i don't know if "autodetect_results" is neccessary, as i don't know what it's doing besides changing the form field value to "1". But it works.