0 | 2 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,60 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+/** |
|
4 |
+ * Plugin to auto log out users with a POST request sent from an external site. |
|
5 |
+ * |
|
6 |
+ * @license GNU GPLv3+ |
|
7 |
+ * @author Double Bastion LLC <www.doublebastion.com> |
|
8 |
+ * |
|
9 |
+ * First enable this plugin by setting $config['plugins'] = array(..., 'autologout') |
|
10 |
+ * in the Roundcube configuration file (config.inc.php). To use it, embed |
|
11 |
+ * a form like the following in a web page: |
|
12 |
+ * |
|
13 |
+ * <form id="rcLogoutForm" method="POST" action="https://mail.example.com/"> |
|
14 |
+ * <input type="hidden" name="_action" value="logout" /> |
|
15 |
+ * <input type="hidden" name="_task" value="logout" /> |
|
16 |
+ * <input type="hidden" name="_autologout" value="1" /> |
|
17 |
+ * <input id="loSubmitButton" type="submit" value="Logout" /> |
|
18 |
+ * </form> |
|
19 |
+ * |
|
20 |
+ * This plugin won't work if the POST request is made using CURL or other |
|
21 |
+ * methods. It will only work if the POST request is made by submitting a |
|
22 |
+ * form similar to the one from above. The form can be hidden and it can |
|
23 |
+ * be sent automatically using JavaScript or JQuery (for example by using: |
|
24 |
+ * $("#loSubmitButton").click();) |
|
25 |
+ */ |
|
26 |
+ |
|
27 |
+class autologout extends rcube_plugin |
|
28 |
+{ |
|
29 |
+ public $task = 'logout'; |
|
30 |
+ |
|
31 |
+ function init() |
|
32 |
+ { |
|
33 |
+ $this->add_hook('startup', [$this, 'startup']); |
|
34 |
+ } |
|
35 |
+ |
|
36 |
+ function startup($args) |
|
37 |
+ { |
|
38 |
+ $rcmail = rcmail::get_instance(); |
|
39 |
+ |
|
40 |
+ // Change task and action to logout |
|
41 |
+ if (!empty($_SESSION['user_id']) && !empty($_POST['_autologout']) && $this->known_client()) { |
|
42 |
+ $rcmail->logout_actions(); |
|
43 |
+ $rcmail->kill_session(); |
|
44 |
+ } |
|
45 |
+ |
|
46 |
+ return $args; |
|
47 |
+ } |
|
48 |
+ |
|
49 |
+ function known_client() |
|
50 |
+ { |
|
51 |
+ /** |
|
52 |
+ * If you want to restrict the use of this plugin to specific |
|
53 |
+ * remote clients, you can verify the remote client's IP like this: |
|
54 |
+ * |
|
55 |
+ * if (in_array(rcube_utils::remote_addr(), ['123.123.123.123', '124.124.124.124'])) { return true; } |
|
56 |
+ */ |
|
57 |
+ |
|
58 |
+ return true; |
|
59 |
+ } |
|
60 |
+} |
0 | 61 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,17 @@ |
1 |
+{ |
|
2 |
+ "name": "roundcube/autologout", |
|
3 |
+ "type": "roundcube-plugin", |
|
4 |
+ "description": "Plugin to auto log out users with a POST request sent from an external site.", |
|
5 |
+ "license": "GPLv3+", |
|
6 |
+ "version": "1.0", |
|
7 |
+ "authors": [ |
|
8 |
+ { |
|
9 |
+ "name": "Double Bastion LLC", |
|
10 |
+ "email": "contact@doublebastion.com" |
|
11 |
+ } |
|
12 |
+ ], |
|
13 |
+ "require": { |
|
14 |
+ "php": ">=7.3.0", |
|
15 |
+ "roundcube/plugin-installer": ">=0.1.3" |
|
16 |
+ } |
|
17 |
+} |