PHP Script Auth

[chrisp8756]

Fairly new at at php but here is what I've done by using your example in a custom login page which I've called index.php
----

?php
function zimbraLogin($username, $password, $client)
{
// Bring the zimbra server value into this function:
global $zimbra_server; // In the format: https://yourdomain.com/

if($client == "")
$client = "preferred";

// Attempt login to zimbra server:
$ch = curl_init();

$crap = fopen ("/dev/null", "w"); // We don't want to log curl's stderr output - contains passwords...

curl_setopt($ch, CURLOPT_URL, $zimbra_server);
curl_setopt($ch, CURLOPT_VERBOSE, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); // Stop Curl from validating SSL cert - needed for self-signed...
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_FAILONERROR, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0); // Allow redirects
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // Return into a variable
curl_setopt($ch, CURLOPT_TIMEOUT, 0); // Time out setting
curl_setopt($ch, CURLOPT_HEADER, 1); // Return the headers along with the output...
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_STDERR, $crap);
curl_setopt($ch, CURLOPT_COOKIE, 'ZM_TEST=true');
curl_setopt($ch, CURLOPT_REFERER, "$zimbra_server");
curl_setopt($ch, CURLOPT_POSTFIELDS, "loginOp=login&username=$username&password=$passwo rd&client=$client");

$result = curl_exec($ch);

curl_close($ch);
fclose($crap);

$values = explode("\n",$result);

// Search through the headers to find the Location value to pass to the browser:
foreach($values as $key => $value)
{
list($start, $good) = split(':', $value);

// Found an anamoly where people with cleared cookies have to log in twice...
// Fix it by taking the auth token out of the cookie and passing it through as a URL
if($start == "Set-Cookie")
{
$newurl = $zimbra_server . "?client=$client&zauthtoken=" . $values[$key];
header("Location: $newurl");
die;
}

if($start == "Location")
{
header($values[$key]);
die;
}
}
// If we get here that means that no location header was found - most likely incorrect password, zimbra is down, etc.
return false;
}

?>


I also have copied the login form into my page which looks like --
<form action="https://mydomain.com/zimbra/" method="post" name="form1" id="form1">
<div align="center"> Email Address
<input name="username" type="text" size="55"/>
<br />
Password
<input name="password" type="password" size="45" />
<input type="hidden" name="loginOp" value="login"/>
<input type="hidden" name="client" value="preferred"/>
<input type="submit" name="Submit" value="Submit"/>
</div>
</form>

If my users clear there cache or have there browser set to remove cookies at when they close there browser they get a cookie error when trying to login. All they need to do is click login again and it works. What have I done wrong in the code?

[catzillaz]

Quote:

Originally Posted by chrisp8756

Fairly new at at php but here is what I've done by using your example in a custom login page which I've called index.php
----

?php
function zimbraLogin($username, $password, $client)
{
// Bring the zimbra server value into this function:
global $zimbra_server; // In the format: https://yourdomain.com/

if($client == "")
$client = "preferred";

// Attempt login to zimbra server:
$ch = curl_init();

$crap = fopen ("/dev/null", "w"); // We don't want to log curl's stderr output - contains passwords...

curl_setopt($ch, CURLOPT_URL, $zimbra_server);
curl_setopt($ch, CURLOPT_VERBOSE, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); // Stop Curl from validating SSL cert - needed for self-signed...
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_FAILONERROR, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0); // Allow redirects
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // Return into a variable
curl_setopt($ch, CURLOPT_TIMEOUT, 0); // Time out setting
curl_setopt($ch, CURLOPT_HEADER, 1); // Return the headers along with the output...
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_STDERR, $crap);
curl_setopt($ch, CURLOPT_COOKIE, 'ZM_TEST=true');
curl_setopt($ch, CURLOPT_REFERER, "$zimbra_server");
curl_setopt($ch, CURLOPT_POSTFIELDS, "loginOp=login&username=$username&password=$passwo rd&client=$client");

$result = curl_exec($ch);

curl_close($ch);
fclose($crap);

$values = explode("\n",$result);

// Search through the headers to find the Location value to pass to the browser:
foreach($values as $key => $value)
{
list($start, $good) = split(':', $value);

// Found an anamoly where people with cleared cookies have to log in twice...
// Fix it by taking the auth token out of the cookie and passing it through as a URL
if($start == "Set-Cookie")
{
$newurl = $zimbra_server . "?client=$client&zauthtoken=" . $values[$key];
header("Location: $newurl");
die;
}

if($start == "Location")
{
header($values[$key]);
die;
}
}
// If we get here that means that no location header was found - most likely incorrect password, zimbra is down, etc.
return false;
}

?>


I also have copied the login form into my page which looks like --
<form action="https://mydomain.com/zimbra/" method="post" name="form1" id="form1">
<div align="center"> Email Address
<input name="username" type="text" size="55"/>
<br />
Password
<input name="password" type="password" size="45" />
<input type="hidden" name="loginOp" value="login"/>
<input type="hidden" name="client" value="preferred"/>
<input type="submit" name="Submit" value="Submit"/>
</div>
</form>

If my users clear there cache or have there browser set to remove cookies at when they close there browser they get a cookie error when trying to login. All they need to do is click login again and it works. What have I done wrong in the code?

set cookie in the html page with following name and value
"ZM_TEST", "true" and it will works. I just figure it out today ))

[chrisp8756]

Sorry I'm not sure how to set a cookie in html or even in php. Can you tell me how I can do this?

[chrisp8756]

I've managed to setup the cookie in my site. But when they close there browser or log out. Then return to login again I get the following error from the zimbra login screen "Oops! It appears your browser does not allow cookies. You need to enable cookies in".


Any ideas on how I resolve this?

I'm currently using using this code to set my cookie-

<?php
setcookie("ZM_TEST","true",time()+3600 , "/", ".mail.mydomain.com");
?>

[catzillaz]

this is a javascript is use to set the cookie

function setCookie(name, value, expires, path, domain, secure) {
document.cookie= name + "=" + escape(value) +
((expires) ? "; expires=" + expires.toGMTString() : "") +
((path) ? "; path=" + path : "") +
((domain) ? "; domain=" + domain : "") +
((secure) ? "; secure" : "");
}

setCookie("ZM_TEST","true");

[samirfor]

This function dont work anymore.

Show me a message "Auth necessary".

More ideias?

[andy204]

you can use preauth to authenticate from external php script.

[samirfor]

Quote:

Originally Posted by andy204

you can use preauth to authenticate from external php script.

But preauth not verify the password.

[andy204]

thats true, but you can verify the password before preauth.

[samirfor]

Quote:

Originally Posted by andy204

thats true, but you can verify the password before preauth.

How do it?