On Tue, May 13, 2008 at 3:29 PM, Iacopo Benesperi <iacchi86@xxxxxxxxx> wrote: > Hi everyone, this is my first message! > > First of all, some relevant things of my configuration: I'm running > squirrelmail-1.4.10a on a SuSE server. > > I'm a student in Pisa university, and I've spent the last two weeks > modifying php-fusion to install it on the student server at the > department of chemistry so users can use their account login on the > server (i.e. their e-mail login) to login in the CMS. > So: I'm not the administrator of the server, but i can ask the admin to > do everything I need. Why are you starting with an outdated release? > Since not all chemistry students are so good with IT, and since I want > to promote this CMS as a virtual place of aggregation, I want to make my > users the more comfortable I can. > To do this, I'd like to let them do a single login to access both CMS > and webmail, so I want to make a SM login at the same time users login > to the CMS; i.e. I need to set the SM cookie (or whatever is needed) > toegether with the CMS cookie calling the CMS login function. > > What do I need to do to do this? I've already copied three SM functions > (OneTimePadCreate, OneTimePadEncrypt, OneTimePadDecrypt) because I > needed them for other things. What else should I do? If your CMS is PHP, just copy the code from src/redirect.php that creates the login (key) cookie and puts the needed information into the session, except also note the code in functions/global.php that creates the session name cookie. Note that because SM's user and password are nothing more than their IMAP username and password, you have to require users to use those credentials when logging into your whole CMS. That could be insecure, especially if not using SSL/https, and also depends largely on the security of your chosen CMS. You could write some sort of lookup mapping library that stores IMAP credentials and maps them to less secure user credentials, but because they are still mapped together this may not do too much good. Also, you should search the mailing list archives (both this list and the squirrelmail-devel list) for recent conversations about this where the chosen solution was not to create the cookies ahead of time, but instead to pass along the username and password to src/redirect.php when the user clicked to go to their email. I'm not a fan of this method, especially if done with GET arguments (in the URI), but it seems like a few people have chosen this method. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
