Hello,
I am nearly finished porting a PHP application to a Zimbra 5.0 server. It will be invoked using a zimlet. It uses a "normal" web server (i.e. not Zimbra) which is guaranteed to be on the same server as the Zimbra server. It uses a different port, and uses SSL (https) only.
Everything works fine, except that I need to validate the application was invoked via the Zimlet and not merely connected to from the "outside" (i.e. from the internet). Here's the application flow:
- User logs into Zimbra, sees and clicks on Zimlet
- Zimlet has an action url that says "https://host.domain:20443/some/path
- PHP app is at /some path and is handled by the other web server
- The app validates that this user has already logged into Zimbra and does not have to re-authenticate.
Here's the zimlet:
<zimlet name="com_phpministry_oss" version="1.0" description="Database">
<includeCSS>oss.css</includeCSS>
<resource>oss.gif</resource>
<zimletPanelItem label="Manage All My Seminars" icon="oss-panelIcon">
<toolTipText>Right-click to Schedule Seminar</toolTipText>
<contextMenu>
<menuItem label="Online Seminar Scheduling" id="mail.testserver.us:20443/oss" icon="oss-panelIcon">
<canvas type="window" title="Support Form" />
<actionUrl method="post" target="https://mail.testserver.us:20443/oss">
<param name="param">${setting.USERNAME}</param>
</actionUrl>
</menuItem>
</contextMenu>
</zimletPanelItem>
</zimlet>
The problem:
A user from the outside can connect to this URL directly from the outside. I need a piece of code in
/some/path/index.php
that says:
if ($This came from the Zimlet)
{
echo "It's ok to enter"
}
else
{
echo "It's not ok to enter";
}
How do I test to see if this user has actually gotten here via the zimlet?
Thanks and regards,
Dave
Bugzilla
Wiki
Source
[SOLVED] Test to see if application is being run by authenticated user 
Linear Mode
