new file mode 100644

@@ -0,0 +1 @@

+A Roundcube plugin that enables auto logging out users with POST requests sent from external sites. 

new file mode 100644

@@ -0,0 +1,60 @@

+<?php

+

+/**

+ * Plugin to auto log out users with a POST request sent from an external site.

+ *

+ * @license GNU GPLv3+

+ * @author  Double Bastion LLC <www.doublebastion.com>

+ *

+ * First enable this plugin by setting $config['plugins'] = array(..., 'autologout')

+ * in the Roundcube configuration file (config.inc.php). To use it, embed

+ * a form like the following in a web page:

+ *

+ * <form id="rcLogoutForm" method="POST" action="https://mail.example.com/">

+ * <input type="hidden" name="_action" value="logout" />

+ * <input type="hidden" name="_task" value="logout" />

+ * <input type="hidden" name="_autologout" value="1" />

+ * <input id="loSubmitButton" type="submit" value="Logout" />

+ * </form>

+ *

+ * This plugin won't work if the POST request is made using CURL or other

+ * methods. It will only work if the POST request is made by submitting a

+ * form similar to the one from above. The form can be hidden and it can

+ * be sent automatically using JavaScript or JQuery (for example by using:

+ * $("#loSubmitButton").click();)

+ */

+

+class autologout extends rcube_plugin

+{

+    public $task = 'logout';

+

+    function init()

+    {

+        $this->add_hook('startup', [$this, 'startup']);

+    }

+

+    function startup($args)

+    {

+        $rcmail = rcmail::get_instance();

+

+        // Change task and action to logout

+        if (!empty($_SESSION['user_id']) && !empty($_POST['_autologout']) && $this->known_client()) {

+            $rcmail->logout_actions();

+            $rcmail->kill_session();

+        }

+

+        return $args;

+    }

+

+    function known_client()

+    {

+        /**

+         *  If you want to restrict the use of this plugin to specific

+         *  remote clients, you can verify the remote client's IP like this:

+         *

+         *  if (in_array(rcube_utils::remote_addr(), ['123.123.123.123', '124.124.124.124'])) { return true; }

+         */

+

+        return true;

+    }

+}

new file mode 100644

@@ -0,0 +1,17 @@

+{

+    "name": "roundcube/autologout",

+    "type": "roundcube-plugin",

+    "description": "Plugin to auto log out users with a POST request sent from an external site.",

+    "license": "GPLv3+",

+    "version": "1.0",

+    "authors": [

+        {

+            "name": "Double Bastion LLC",

+            "email": "contact@doublebastion.com"

+        }

+    ],

+    "require": {

+        "php": ">=7.3.0",

+        "roundcube/plugin-installer": ">=0.1.3"

+    }

+}