Jump to content
kaseytraeger

Difficulties With Horde Login Script

Recommended Posts

Hey folks,

 

In order to easily access my email via the web, I've embedded the HordeMail login script into my website's home page. I found the HordeMail login script on TCH's website at http://totalchoicehosting.com/help/id35.htm.

 

In a nutshell, the login script works fine if I'm using Firefox, but never works if I'm using Internet Explorer. I'm hoping someone can shed some light on this for me because it's a puzzler...

 

The code for the login <form> is this:

><!-- Webmail Login -->
<form name="webmail">
	<input type="hidden" value="pudgypuppy.com" name="server" maxlength="30" size="15">
	<label for="username">Username:</label>
	<input type="text" name="username" id="username" size="20"><br /><br />
	<label for="password">Password:</label>
	<input type="password" name="password" id="password" size="20"><br /><br />
	<input type="button" value="Login" onClick="Login(this.form)" name="button">
</form>

 

The _javascript code that performs the login is part of the same webpage and looks like this:

><script language="JavaScript" type="text/javascript"> 
	function Login(form) { 
		var username = form.username.value
		var password = form.password.value
		var server = form.server.value
		if (username && password && server) {
			var horde = "https://" +username+ "+" +server+ ":" +password+ "@" +server+ ":2096/" + "horde/index.php"
			window.status='WebMail'
			window.location = horde
		} 
		else { 
			alert("Please fill the username and the password")
		}
	}
</script>

 

When I attempt to login to my webmail using IE, I get a Microsoft error page that states:

The page cannot be displayed

 

The page you are looking for might have been removed or had its name changed.

--------------------------------------------------------------------------------

 

Please try the following:

 

Open the thisismyaddress+pudgypuppy.com:thePassword@pudgypuppy.com:2096 home page, and then look for links to the information you want.

 

If you typed the page address in the Address bar, make sure that it is spelled correctly.

 

where the email address is "thisismyaddress@pudgypuppy.com" and the password for the email account is 'thePassword"

 

The address bar of this error page shows a "URL" of "https://thisismyaddress+pudgypuppy.com:thePassword@pudgypuppy.com:2096/horde/index.php"

 

Does anyone know enough about the subtle differences between IE and Firefox in how they handle situations like this? For the life of me, I don't know why IE can't do a simple little login!

 

Thanks.

Kasey

Share this post


Link to post
Share on other sites

There was a security change in IE that effects the way it uses links formed like that.

Share this post


Link to post
Share on other sites

This will work in both IE and Firefox.

 

><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" 
  "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head><title>Webmail</title>
<meta http-equiv="Content-Type" content="application/xhtml+xml; charset=iso-8859-1" />
<style type="text/css">
/*<![CDATA[*/
#form {
text-align: center;
font-family: Arial, Verdana, Geneva, sans-serif
}
#form h2 {
padding: 0;
margin: 0;
color: #039;
font-weight: 900;
}
#form label {
display: block;
width: 15em;
margin: 0 auto;
}
/*]]>*/
</style>

<script language="javascript"> 
//<![CDATA
function Login(form) { 
var server = document.forms[0][0].value;
var username = document.forms[0][1].value;
var password = document.forms[0][2].value;
if ((username !="") && (password !="")) { 
	var horde = "https://"+username+"+"+server+":"+ password+"@"+server+":2096/"+"horde/index.php";
	window.status='WebMail'
	window.location = horde;
}
else { 
	alert("Please fill in all fields.")
}
}
//]]>
</script>

</head>
<body>

<div id="form">
<h2>Webmail Login</h2>
<form id="form1" action="#" method="post" onsubmit="Login(this); return false;">
	<div>
		<input type="hidden" value="yourTCHdomain.ext" name="server" />

		<label for="username">Username:
			<input type="text" name="username" />
		</label>
		
		<label for="password">Password:
			<input type="password" name="password" />
		</label>

		<input type="submit" name="submit" value="Login" />
	</div>
</form>
</div>		

</body>
</html>

Share this post


Link to post
Share on other sites

Hmmm, I just tried it, and I still can't get it to work in IE. I've double checked the code, and I can't see anything that I'm doing wrong. If you want to see the code as I've got it running now, you can go to h**p://pudgypuppy.com/ and "View Source".

 

By the way, how long has IE had this particular "security" feature? Not that I code a lot of _javascript (haven't done much with it in about the last 2 years), but I don't recall the necessity of accessing variables using array indexes.

 

Thanks TCH-Bruce!

:yes:

Kasey

 

This will work in both IE and Firefox.

 

><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" 
  "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head><title>Webmail</title>
<meta http-equiv="Content-Type" content="application/xhtml+xml; charset=iso-8859-1" />
<style type="text/css">
/*<![CDATA[*/
#form {
text-align: center;
font-family: Arial, Verdana, Geneva, sans-serif
}
#form h2 {
padding: 0;
margin: 0;
color: #039;
font-weight: 900;
}
#form label {
display: block;
width: 15em;
margin: 0 auto;
}
/*]]>*/
</style>

<script language="javascript"> 
//<![CDATA
function Login(form) { 
var server = document.forms[0][0].value;
var username = document.forms[0][1].value;
var password = document.forms[0][2].value;
if ((username !="") && (password !="")) { 
	var horde = "https://"+username+"+"+server+":"+ password+"@"+server+":2096/"+"horde/index.php";
	window.status='WebMail'
	window.location = horde;
}
else { 
	alert("Please fill in all fields.")
}
}
//]]>
</script>

</head>
<body>

<div id="form">
<h2>Webmail Login</h2>
<form id="form1" action="#" method="post" onsubmit="Login(this); return false;">
	<div>
		<input type="hidden" value="yourTCHdomain.ext" name="server" />

		<label for="username">Username:
			<input type="text" name="username" />
		</label>
		
		<label for="password">Password:
			<input type="password" name="password" />
		</label>

		<input type="submit" name="submit" value="Login" />
	</div>
</form>
</div>		

</body>
</html>

Edited by kaseytraeger

Share this post


Link to post
Share on other sites

IE was patched quite a while ago. The only other thing I can suggest trying is to add your site to the trusted sites in your IE.

 

I tested this with my domain which is in my trusted sites and it seemed to work fine in IE.

 

Update - this worked last night for me once on my domain. Now I am unable to get it to work. Very strange. But it does work in Firefox.

Share this post


Link to post
Share on other sites

Ok here is some more information as to why it does not work in IE.

 

"Invalid syntax error" if username & password are part of a URL

This is a result of an important security update (832894). This update removes support for handling user names and passwords in HTTP and HTTP with Secure Sockets Layer (SSL) or HTTPS URLs in Microsoft Internet Explorer. The following URL syntax is no longer supported in Internet Explorer or in Windows Explorer after you install the MS04-004 Cumulative Security Update for Internet Explorer (832894): http(s)://username:password@server/resource.ext

 

However there is a way around it. See the M$ release info and check the Work Arounds section.

Share this post


Link to post
Share on other sites

Thank you, TCH-Bruce, I will certainly check out that website. Of course, I'll post my results of using the "workaround" here as soon as I'm done. :D

 

:yes: Kasey

Share this post


Link to post
Share on other sites

It's going to take a registry hack to make it work in IE but it's possible. I would quit using IE if I were you. :yes:

Share this post


Link to post
Share on other sites

I don't recall reading anything about a registry hack. But I did read the Micro$oft article rather quickly, so I'm sure I gleaned right over that section. I skipped directly to the section where it discussed using "URLs that are opened by a script that uses credentials for state management". I don't have time to read the actual articles they've posted, but it seems to me that I'd need to learn a bit of session management, ala cookies. Unfortunately, I just don't have time to play around with my website like I used to. (Damn this stupid full-time job! I really need to get rid of this thing!)

 

As for not using IE, that's not a problem at all for me! I haven't used it for years except when I have to apply security updates to Windows or Micro$oft Office because Micro$oft doesn't allow you to use any browser except IE to apply those much-needed security updates.

 

The problem is that my darlin' hubby continues to use IE in spite of my begging and pleading to the contrary. I think it has something to do with stuff at his work, but be that as it may, he only infrequently uses Firefox instead of IE. Consequently, when he wants to check his pudgypuppy.com webmail, he can't do it with IE, and it's very frustrating to him. That was my main motivation for fixing this little problem.

Share this post


Link to post
Share on other sites
I don't recall reading anything about a registry hack.
At the bottom of the M$ page.

 

How to disable the new default behavior for handling user information in HTTP or HTTPS URLs

To disable the new default behavior in Windows Explorer and Internet Explorer, create iexplore.exe and explorer.exe DWORD values in one of the following registry keys and set their value data to 0.

 

• For all users of the program, set the value in the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE

 

• For the current user of the program only, set the value in the following registry key:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE

Share this post


Link to post
Share on other sites

TCH-Don,

 

I've used SquirrelMail in the past, but didn't care for the way it handled certain things, such as line breaks and overall email format. So my preference now is Horde. Also, the code for creating an html login form for Horde was easily available on the TCH help site.

 

Maybe I'll go back and review the SquirrelMail documentation and see if I can't create a login form for SquirrelMail that my husband can use. After all, he's the only one who uses IE! I can easily access Horde from Firefox.

 

TCH-Bruce,

 

Looks like those registry hacks are very straightforward. I always get a little nervous when messing with the registry, so I think I'm going to try other options before going that route.

 

:)

Kasey

Share this post


Link to post
Share on other sites

I just checked my registry here at home and yes, this hack has been applied. I must have done it a while back and forgot about it. Works great though.

Share this post


Link to post
Share on other sites
Maybe I'll go back and review the SquirrelMail documentation

and see if I can't create a login form for SquirrelMail that my husband can use. After all, he's the only one who uses IE! I can easily access Horde from Firefox.

Kasey

Just add a link labeled

web mail login

 

send it to

https://yourTCHdomain.ext:2096/3rdparty/squirrelmail/index.php

works in IE and FF

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...