| Welcome to the Zimbra :: Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|
 | | 
04-01-2008, 10:25 AM
| | |  PHP Script Auth
Exists any example script in PHP for authentication in Zimbra? |
04-01-2008, 05:22 PM
| | Project Contributor | |
Posts: 81
| |
__________________ Zindus - contact sync for Thunderbird and Zimbra
|
04-08-2008, 11:30 AM
| | | Here you go!
This is a PHP function that I wrote... It utilizes php_curl. Now if only I could find a way to make Zimbra redirect to my custom front-end page upon logout... Any ideas?
We implemented our custom front-end to enforce password rules, etc.
Here is the function: PHP Code: function zimbraLogin($username, $password, $client)
{
// Bring the zimbra server value into this function:
global $zimbra_server; // In the format: https://yourdomain.com/
if($client == "")
$client = "preferred";
// Attempt login to zimbra server:
$ch = curl_init();
$crap = fopen ("/dev/null", "w"); // We don't want to log curl's stderr output - contains passwords...
curl_setopt($ch, CURLOPT_URL, $zimbra_server);
curl_setopt($ch, CURLOPT_VERBOSE, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); // Stop Curl from validating SSL cert - needed for self-signed...
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_FAILONERROR, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0); // Allow redirects
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // Return into a variable
curl_setopt($ch, CURLOPT_TIMEOUT, 0); // Time out setting
curl_setopt($ch, CURLOPT_HEADER, 1); // Return the headers along with the output...
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_STDERR, $crap);
curl_setopt($ch, CURLOPT_POSTFIELDS, "loginOp=login&username=$username&password=$password&client=$client");
$result = curl_exec($ch);
curl_close($ch);
fclose($crap);
$values = explode("\n",$result);
// Search through the headers to find the Location value to pass to the browser:
foreach($values as $key => $value)
{
list($start, $good) = split(':', $value);
if($start == "Location")
{
header($values[$key]);
die;
}
}
// If we get here that means that no location header was found - most likely incorrect password, zimbra is down, etc.
return false;
}
 |
04-08-2008, 04:24 PM
| | |
Quote:
Originally Posted by tjpatter  Now if only I could find a way to make Zimbra redirect to my custom front-end page upon logout... Any ideas? | su - zimbra
zmprov mcf zimbraWebClientLogoutURL http://www.zimbra.com
or
zmprov md domain.com zimbraWebClientLogoutURL http://www.zimbra.com
I believe for the zimbraWebClientLogoutURL to work, you might need to create a virtual domain for all possible redirects:
zmprov md domain.com +zimbraVirtualHostname http://www.zimbra.com
(You can do this from the admin console gui as well.)
It should come right up, but a zmmailboxdctl restart may be needed. |
04-10-2008, 08:51 AM
| | | why PHP? Seems basic form auth works.
Quote:
Originally Posted by mirkocoz Exists any example script in PHP for authentication in Zimbra? | We managed to get the following to work: Code: <form name="form1" method="post" action="https://zimbra.domain.com/zimbra/">
<input name="username" type="text" size="20"/>
<input name="password" type="password" size="20" /> <input type="hidden" name="loginOp" value="login"/>
<input type="hidden" name="client" value="preferred"/>
<input type="submit" name="Submit" value="Submit"/>
</form> |
09-18-2008, 05:57 PM
| | Intermediate Member | |
Posts: 17
| |
If you clear your cookies and then do basic form auth, it won't work.
We have this problem if people have never been to the webmail client. They receive an error when trying to login from our custom form page.
Any idea if this php script would have the same problem?
Thanks,
- J |
10-07-2008, 11:47 AM
| | |
Quote:
Originally Posted by tjpatter This is a PHP function that I wrote... It utilizes php_curl. Now if only I could find a way to make Zimbra redirect to my custom front-end page upon logout... Any ideas?
We implemented our custom front-end to enforce password rules, etc.
Here is the function: PHP Code: function zimbraLogin($username, $password, $client)
{
// Bring the zimbra server value into this function:
global $zimbra_server; // In the format: https://yourdomain.com/
if($client == "")
$client = "preferred";
// Attempt login to zimbra server:
$ch = curl_init();
$crap = fopen ("/dev/null", "w"); // We don't want to log curl's stderr output - contains passwords...
curl_setopt($ch, CURLOPT_URL, $zimbra_server);
curl_setopt($ch, CURLOPT_VERBOSE, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); // Stop Curl from validating SSL cert - needed for self-signed...
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_FAILONERROR, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0); // Allow redirects
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // Return into a variable
curl_setopt($ch, CURLOPT_TIMEOUT, 0); // Time out setting
curl_setopt($ch, CURLOPT_HEADER, 1); // Return the headers along with the output...
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_STDERR, $crap);
curl_setopt($ch, CURLOPT_POSTFIELDS, "loginOp=login&username=$username&password=$password&client=$client");
$result = curl_exec($ch);
curl_close($ch);
fclose($crap);
$values = explode("\n",$result);
// Search through the headers to find the Location value to pass to the browser:
foreach($values as $key => $value)
{
list($start, $good) = split(':', $value);
if($start == "Location")
{
header($values[$key]);
die;
}
}
// If we get here that means that no location header was found - most likely incorrect password, zimbra is down, etc.
return false;
}
| I have a fix that corrects issues with browsers that have had their cookies cleared. Replace the foreach loop in my original code with the following: PHP Code: // Search through the headers to find the Location value to pass to the browser:
foreach($values as $key => $value)
{
list($start, $good) = split(':', $value);
// Found an anamoly where people with cleared cookies have to log in twice...
// Fix it by taking the auth token out of the cookie and passing it through as a URL
if($start == "Set-Cookie")
{
$newurl = $zimbra_server . "?client=$client&zauthtoken=" . $values[$key];
header("Location: $newurl");
die;
}
if($start == "Location")
{
header($values[$key]);
die;
}
}
|
10-07-2008, 02:16 PM
| | Intermediate Member | |
Posts: 17
| |
Thanks tjpatter!
I'll give this a try...
- J |
10-07-2008, 03:22 PM
| | Intermediate Member | |
Posts: 17
| |
The only headers I ever get are these:
LabelPragma: no-cache
Content-Language: en-US
Transfer-Encoding: chunked
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Content-Type: text/html; charset=utf-8
Date: Tue, 07 Oct 2008 21:20:22 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: ZM_TEST=true
I never get a Location key and the Set-Cookie value doesn't look very helpful...
Any pointers would be great!
Thanks,
- J |
10-07-2008, 03:54 PM
| | | Oops...
Forgot to include this in the modified code for my script: PHP Code: curl_setopt($ch, CURLOPT_COOKIE, 'ZM_TEST=true');
curl_setopt($ch, CURLOPT_REFERER, "$zimbra_server");
Add that line with the rest of the CURLOPTs in my modified code.
Good catch BraveStarr! | | Thread Tools | Search this Thread | | | | | Display Modes |  Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.   |
Bugzilla
Wiki
Source
