Browse code

Created repository.

DoubleBastionAdmin authored on26/01/2022 20:24:40
Showing3 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1 @@
1
+A Roundcube plugin that enables auto logging out users with POST requests sent from external sites. 
0 2
new file mode 100644
... ...
@@ -0,0 +1,60 @@
1
+<?php
2
+
3
+/**
4
+ * Plugin to auto log out users with a POST request sent from an external site.
5
+ *
6
+ * @license GNU GPLv3+
7
+ * @author  Double Bastion LLC <www.doublebastion.com>
8
+ *
9
+ * First enable this plugin by setting $config['plugins'] = array(..., 'autologout')
10
+ * in the Roundcube configuration file (config.inc.php). To use it, embed
11
+ * a form like the following in a web page:
12
+ *
13
+ * <form id="rcLogoutForm" method="POST" action="https://mail.example.com/">
14
+ * <input type="hidden" name="_action" value="logout" />
15
+ * <input type="hidden" name="_task" value="logout" />
16
+ * <input type="hidden" name="_autologout" value="1" />
17
+ * <input id="loSubmitButton" type="submit" value="Logout" />
18
+ * </form>
19
+ *
20
+ * This plugin won't work if the POST request is made using CURL or other
21
+ * methods. It will only work if the POST request is made by submitting a
22
+ * form similar to the one from above. The form can be hidden and it can
23
+ * be sent automatically using JavaScript or JQuery (for example by using:
24
+ * $("#loSubmitButton").click();)
25
+ */
26
+
27
+class autologout extends rcube_plugin
28
+{
29
+    public $task = 'logout';
30
+
31
+    function init()
32
+    {
33
+        $this->add_hook('startup', [$this, 'startup']);
34
+    }
35
+
36
+    function startup($args)
37
+    {
38
+        $rcmail = rcmail::get_instance();
39
+
40
+        // Change task and action to logout
41
+        if (!empty($_SESSION['user_id']) && !empty($_POST['_autologout']) && $this->known_client()) {
42
+            $rcmail->logout_actions();
43
+            $rcmail->kill_session();
44
+        }
45
+
46
+        return $args;
47
+    }
48
+
49
+    function known_client()
50
+    {
51
+        /**
52
+         *  If you want to restrict the use of this plugin to specific
53
+         *  remote clients, you can verify the remote client's IP like this:
54
+         *
55
+         *  if (in_array(rcube_utils::remote_addr(), ['123.123.123.123', '124.124.124.124'])) { return true; }
56
+         */
57
+
58
+        return true;
59
+    }
60
+}
0 61
new file mode 100644
... ...
@@ -0,0 +1,17 @@
1
+{
2
+    "name": "roundcube/autologout",
3
+    "type": "roundcube-plugin",
4
+    "description": "Plugin to auto log out users with a POST request sent from an external site.",
5
+    "license": "GPLv3+",
6
+    "version": "1.0",
7
+    "authors": [
8
+        {
9
+            "name": "Double Bastion LLC",
10
+            "email": "contact@doublebastion.com"
11
+        }
12
+    ],
13
+    "require": {
14
+        "php": ">=7.3.0",
15
+        "roundcube/plugin-installer": ">=0.1.3"
16
+    }
17
+}