diff options
author | CoverTowerSuperAdmin <86950868+CoverTowerSuperAdmin@users.noreply.github.com> | 2021-11-06 16:30:52 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-11-06 16:30:52 +0300 |
commit | 5b29790ab89543acc30f12312a11bcb11a69a97a (patch) | |
tree | 43e3ec3904d5c24f56e880e945bea340c238a8a2 /plugins | |
parent | 945ff9e61832b3193ea8471c1460037f0a921c99 (diff) |
Plugin to auto log out users with a POST request (#8270)
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/autologout/autologout.php | 60 | ||||
-rw-r--r-- | plugins/autologout/composer.json | 17 |
2 files changed, 77 insertions, 0 deletions
diff --git a/plugins/autologout/autologout.php b/plugins/autologout/autologout.php new file mode 100644 index 000000000..ab96116a3 --- /dev/null +++ b/plugins/autologout/autologout.php @@ -0,0 +1,60 @@ +<?php + +/** + * Plugin to auto log out users with a POST request sent from an external site. + * + * @license GNU GPLv3+ + * @author Cover Tower LLC + * + * First enable this plugin by setting $config['plugins'] = array(..., 'autologout') + * in the Roundcube configuration file (config.inc.php). To use it, embed + * a form like the following in a web page: + * + * <form id="rcLogoutForm" method="POST" action="https://mail.example.com/"> + * <input type="hidden" name="_action" value="logout" /> + * <input type="hidden" name="_task" value="logout" /> + * <input type="hidden" name="_autologout" value="1" /> + * <input id="loSubmitButton" type="submit" value="Logout" /> + * </form> + * + * This plugin won't work if the POST request is made using CURL or other + * methods. It will only work if the POST request is made by submitting a + * form similar to the one from above. The form can be hidden and it can + * be sent automatically using JavaScript or JQuery (for example by using: + * $("#loSubmitButton").click();) + */ + +class autologout extends rcube_plugin +{ + public $task = 'logout'; + + function init() + { + $this->add_hook('startup', [$this, 'startup']); + } + + function startup($args) + { + $rcmail = rcmail::get_instance(); + + // Change task and action to logout + if (!empty($_SESSION['user_id']) && !empty($_POST['_autologout']) && $this->known_client()) { + $rcmail->logout_actions(); + $rcmail->kill_session(); + } + + return $args; + } + + function known_client() + { + /** + * If you want to restrict the use of this plugin to specific + * remote clients, you can verify the remote client's IP like this: + * + * return in_array(rcube_utils::remote_addr(), ['123.123.123.123', '124.124.124.124']); + */ + + return true; + } +} diff --git a/plugins/autologout/composer.json b/plugins/autologout/composer.json new file mode 100644 index 000000000..98ab1d902 --- /dev/null +++ b/plugins/autologout/composer.json @@ -0,0 +1,17 @@ +{ + "name": "roundcube/autologout", + "type": "roundcube-plugin", + "description": "Plugin to auto log out users with a POST request sent from an external site.", + "license": "GPLv3+", + "version": "1.0", + "authors": [ + { + "name": "Cover Tower LLC", + "email": "contact@covertower.com" + } + ], + "require": { + "php": ">=7.3.0", + "roundcube/plugin-installer": ">=0.1.3" + } +} |