PHP Script Auth

[mirkocoz]

Exists any example script in PHP for authentication in Zimbra?

[ljm]

This thread might be of interest:
[SOLVED] PHP Class for easy access to Zimbra SOAP API

[tjpatter]

This is a PHP function that I wrote... It utilizes php_curl. Now if only I could find a way to make Zimbra redirect to my custom front-end page upon logout... Any ideas?

We implemented our custom front-end to enforce password rules, etc.

Here is the function:

PHP Code:

function zimbraLogin($username, $password, $client)
    {
        // Bring the zimbra server value into this function:
        global $zimbra_server;  // In the format: https://yourdomain.com/
        
        if($client == "")
            $client = "preferred";
        
        // Attempt login to zimbra server:
        $ch = curl_init();
    
        $crap = fopen ("/dev/null", "w"); // We don't want to log curl's stderr output - contains passwords...
        
        curl_setopt($ch, CURLOPT_URL, $zimbra_server);
        curl_setopt($ch, CURLOPT_VERBOSE, 0); 
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); // Stop Curl from validating SSL cert - needed for self-signed...
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
        curl_setopt($ch, CURLOPT_FAILONERROR, 0);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0); // Allow redirects
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // Return into a variable
        curl_setopt($ch, CURLOPT_TIMEOUT, 0); // Time out setting
        curl_setopt($ch, CURLOPT_HEADER, 1);  // Return the headers along with the output...
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_STDERR, $crap);
        curl_setopt($ch, CURLOPT_POSTFIELDS, "loginOp=login&username=$username&password=$password&client=$client");

        $result = curl_exec($ch);
        
        curl_close($ch);        
        fclose($crap);
        
        $values = explode("\n",$result);

        // Search through the headers to find the Location value to pass to the browser:
        foreach($values as $key => $value)
        {
            list($start, $good) = split(':', $value);
            if($start == "Location")
            {
                header($values[$key]);
                die;
            }
        }        
        
        // If we get here that means that no location header was found - most likely incorrect password, zimbra is down, etc.
        return false;
    } 


[mmorse]

Now if only I could find a way to make Zimbra redirect to my custom front-end page upon logout... Any ideas?

su - zimbra
zmprov mcf zimbraWebClientLogoutURL http://www.zimbra.com
or
zmprov md domain.com zimbraWebClientLogoutURL http://www.zimbra.com

I believe for the zimbraWebClientLogoutURL to work, you might need to create a virtual domain for all possible redirects:
zmprov md domain.com +zimbraVirtualHostname http://www.zimbra.com
(You can do this from the admin console gui as well.)
It should come right up, but a zmmailboxdctl restart may be needed.

[xtremetoonz]

Exists any example script in PHP for authentication in Zimbra?

We managed to get the following to work:

Code:

<form name="form1" method="post" action="https://zimbra.domain.com/zimbra/">
<input name="username" type="text" size="20"/>
<input name="password" type="password" size="20" />                                                                                                                                                                                                                                                 <input type="hidden" name="loginOp" value="login"/>
<input type="hidden" name="client" value="preferred"/>
<input type="submit" name="Submit" value="Submit"/>
</form>

[BraveStarr]

If you clear your cookies and then do basic form auth, it won't work.

We have this problem if people have never been to the webmail client. They receive an error when trying to login from our custom form page.

Any idea if this php script would have the same problem?

Thanks,
- J

[tjpatter]

This is a PHP function that I wrote... It utilizes php_curl. Now if only I could find a way to make Zimbra redirect to my custom front-end page upon logout... Any ideas?

We implemented our custom front-end to enforce password rules, etc.

Here is the function:

PHP Code:

function zimbraLogin($username, $password, $client)
    {
        // Bring the zimbra server value into this function:
        global $zimbra_server;  // In the format: https://yourdomain.com/
        
        if($client == "")
            $client = "preferred";
        
        // Attempt login to zimbra server:
        $ch = curl_init();
    
        $crap = fopen ("/dev/null", "w"); // We don't want to log curl's stderr output - contains passwords...
        
        curl_setopt($ch, CURLOPT_URL, $zimbra_server);
        curl_setopt($ch, CURLOPT_VERBOSE, 0); 
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); // Stop Curl from validating SSL cert - needed for self-signed...
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
        curl_setopt($ch, CURLOPT_FAILONERROR, 0);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0); // Allow redirects
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // Return into a variable
        curl_setopt($ch, CURLOPT_TIMEOUT, 0); // Time out setting
        curl_setopt($ch, CURLOPT_HEADER, 1);  // Return the headers along with the output...
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_STDERR, $crap);
        curl_setopt($ch, CURLOPT_POSTFIELDS, "loginOp=login&username=$username&password=$password&client=$client");

        $result = curl_exec($ch);
        
        curl_close($ch);        
        fclose($crap);
        
        $values = explode("\n",$result);

        // Search through the headers to find the Location value to pass to the browser:
        foreach($values as $key => $value)
        {
            list($start, $good) = split(':', $value);
            if($start == "Location")
            {
                header($values[$key]);
                die;
            }
        }        
        
        // If we get here that means that no location header was found - most likely incorrect password, zimbra is down, etc.
        return false;
    } 


I have a fix that corrects issues with browsers that have had their cookies cleared. Replace the foreach loop in my original code with the following:

PHP Code:

// Search through the headers to find the Location value to pass to the browser:
        foreach($values as $key => $value)
        {
            list($start, $good) = split(':', $value);
            
            // Found an anamoly where people with cleared cookies have to log in twice...
            // Fix it by taking the auth token out of the cookie and passing it through as a URL
            if($start == "Set-Cookie")
            {
                $newurl = $zimbra_server . "?client=$client&zauthtoken=" . $values[$key];
                header("Location: $newurl");
                die;
            }
                        
            if($start == "Location")
            {
                header($values[$key]);
                die;
            }
        } 


[BraveStarr]

Thanks tjpatter!

I'll give this a try...

- J

[BraveStarr]

The only headers I ever get are these:

LabelPragma: no-cache
Content-Language: en-US
Transfer-Encoding: chunked
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Content-Type: text/html; charset=utf-8
Date: Tue, 07 Oct 2008 21:20:22 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: ZM_TEST=true


I never get a Location key and the Set-Cookie value doesn't look very helpful...

Any pointers would be great!

Thanks,
- J

[tjpatter]

Forgot to include this in the modified code for my script:

PHP Code:

curl_setopt($ch, CURLOPT_COOKIE, 'ZM_TEST=true');
curl_setopt($ch, CURLOPT_REFERER, "$zimbra_server"); 


Add that line with the rest of the CURLOPTs in my modified code.

Good catch BraveStarr!