Warning: UPDATE command denied to user 'michelon01'@'10.0.126.106' for table 'drupal_cache' query: UPDATE drupal_cache SET data = 'a:448:{s:13:\"theme_default\";s:7:\"garland\";s:13:\"filter_html_1\";i:1;s:18:\"node_options_forum\";a:1:{i:0;s:6:\"status\";}s:17:\"menu_primary_menu\";i:2;s:19:\"menu_secondary_menu\";i:2;s:15:\"install_profile\";s:7:\"default\";s:17:\"node_options_page\";a:1:{i:0;s:6:\"status\";}s:12:\"comment_page\";s:1:\"0\";s:18:\"drupal_private_key\";s:64:\"b4e640288de05f522bbe6b032bdd5e965244625713cbf8cf2021d99f2fe3072a\";s:19:\"file_directory_temp\";s:9:\"files/tmp\";s:19:\"file_directory_path\";s:5:\"files\";s:14:\"file_downloads\";s:1:\"1\";s:21:\"date_default_timezone\";s:4:\"7200\";s:22:\"configurable_timezones\";s:1:\" in /home/michelon/www/olivier/blog/includes/database.mysql.inc on line 174

Warning: Cannot modify header information - headers already sent by (output started at /home/michelon/www/olivier/blog/includes/database.mysql.inc:174) in /home/michelon/www/olivier/blog/includes/bootstrap.inc on line 569

Warning: Cannot modify header information - headers already sent by (output started at /home/michelon/www/olivier/blog/includes/database.mysql.inc:174) in /home/michelon/www/olivier/blog/includes/bootstrap.inc on line 570

Warning: Cannot modify header information - headers already sent by (output started at /home/michelon/www/olivier/blog/includes/database.mysql.inc:174) in /home/michelon/www/olivier/blog/includes/bootstrap.inc on line 571

Warning: Cannot modify header information - headers already sent by (output started at /home/michelon/www/olivier/blog/includes/database.mysql.inc:174) in /home/michelon/www/olivier/blog/includes/bootstrap.inc on line 572

Warning: INSERT command denied to user 'michelon01'@'10.0.126.106' for table 'drupal_watchdog' query: INSERT INTO drupal_watchdog (uid, type, message, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '<em>Cannot modify header information - headers already sent by (output started at /home/michelon/www/olivier/blog/includes/database.mysql.inc:174)</em> in <em>/home/michelon/www/olivier/blog/includes/common.inc</em> on line <em>141</em>.', 2, '', 'http://olivier.michelon.me/blog/?q=article/acceder-plus-rapidement-votre-webmail-squirrelmail', '', '23.20.147.6', 1495702249) in /home/michelon/www/olivier/blog/includes/database.mysql.inc on line 174

Warning: INSERT command denied to user 'michelon01'@'10.0.126.106' for table 'drupal_watchdog' query: INSERT INTO drupal_watchdog (uid, type, message, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '<em>UPDATE command denied to user &amp;#039;michelon01&amp;#039;@&amp;#039;10.0.126.106&amp;#039; for table &amp;#039;drupal_cache_browscap&amp;#039;\nquery: UPDATE drupal_cache_browscap SET data = &amp;#039;O:8:\\&amp;quot;stdClass\\&amp;quot;:2:{s:9:\\&amp;quot;useragent\\&amp;quot;;s:1:\\&amp;quot;%\\&amp;quot;;s:4:\\&amp;quot;data\\&amp;quot;;s:609:\\&amp;quot;a:25:{s:7:\\&amp;quot;browser\\&amp;quot;;s:15:\\&amp;quot;Default Browser\\&amp;quot;;s:7:\\&amp;quot;version\\&amp;quot;;s:1:\\&amp;quot;0\\&amp;quot;;s:8:\\&amp;quot;majorver\\&amp;quot;;s:1:\\&amp;quot;0\\&amp;quot;;s:8:\\&amp;quot;minorver\\&amp;quot;;s:1:\\&a in /home/michelon/www/olivier/blog/includes/database.mysql.inc on line 174
Accéder plus rapidement à votre webmail SquirrelMail | MICHBlog

Accéder plus rapidement à votre webmail SquirrelMail

  • warning: Cannot modify header information - headers already sent by (output started at /home/michelon/www/olivier/blog/includes/database.mysql.inc:174) in /home/michelon/www/olivier/blog/includes/common.inc on line 141.
  • user warning: UPDATE command denied to user 'michelon01'@'10.0.126.106' for table 'drupal_cache_browscap' query: UPDATE drupal_cache_browscap SET data = 'O:8:\"stdClass\":2:{s:9:\"useragent\";s:1:\"%\";s:4:\"data\";s:609:\"a:25:{s:7:\"browser\";s:15:\"Default Browser\";s:7:\"version\";s:1:\"0\";s:8:\"majorver\";s:1:\"0\";s:8:\"minorver\";s:1:\"0\";s:8:\"platform\";s:7:\"unknown\";s:5:\"alpha\";s:0:\"\";s:4:\"beta\";s:0:\"\";s:5:\"win16\";s:0:\"\";s:5:\"win32\";s:0:\"\";s:5:\"win64\";s:0:\"\";s:6:\"frames\";s:0:\"\";s:7:\"iframes\";s:0:\"\";s:6:\"tables\";s:0:\"\";s:7:\"cookies\";s:0:\"\";s:16:\"backgroundsounds\";s:0:\"\";s:10:\"javascript\";s:0:\"\";s:8:\"vbscript\";s:0:\"\";s:11:\"javaapplets\";s:0:\"\";s:15:\"activexcontrols\";s:0:\"\";s:8:\"isbanned\";s:0:\"\";s:14:\"ismobiledevice\";s:0:\"\";s:19:\"issyndicationreader\";s:0:\"\";s:7:\"crawler\";s:0:\"\";s:10:\"cssversion\";s:1:\"0\";s:10:\"aolversion\";s:1:\"0\";}\";}', created = 1495702249, expire = 0, headers = '' WHERE cid = 'CCBot/2.0 (http://commoncrawl.org/faq/)' in /home/michelon/www/olivier/blog/includes/database.mysql.inc on line 174.

SquirrelMail est une interface web pour consulter son courrier électronique. Ce webmail a été développé en PHP4 et est distribué sous licence GPL.

sm_logo.jpg

Trois pages sont nécessaires pour l'identification dans SquirrelMail:

  • login.php : cette page comporte deux champs de saisie du login et du mot de passe. Elle comporte un formulaire HTML qui a pour cible redirect.php.
login.jpg
  • redirect.php : cette page récupère les valeurs des champs de login.php et teste l’existence du compte en base de données. Dans le cas d’identifiants inconnus, elle affiche une page d’erreur, dans le cas contraire, elle active une session et réoriente le navigageur vers webmail.php (header('Location: /login.php');).
  • webmail.php : c’est la page principale du webmail accessible uniquement si l’authentification s’est correctement effectuée (test de la session).

Apparemment, toute connexion au webmail nécessite de saisir les champs de la page login.php. Il est vrai que les navigateurs peuvent mémoriser les identifiants de connexion mais une intervention manuelle est indispensable pour le clic sur “Login”. Ça peut devenir très vite harassant dans le cas d’une utilisation importante de l’interface!

Il existe une solution pour “sauter” le processus d’identification: le formulaire du login.php envoie les variables en POST à redirect.php mais, fort heureusement, cette dernière page accepte aussi les variables GETées. L’astuce consiste donc à directement envoyer les paramètres de connexion (login_username et secretkey) à redirect.php via l’URL. Ainsi un simple lien hypertexte suffit pour se connecter à webamail!!

Voici un exemple de raccourci direct SquirreMail:

"url du serveur de SquirrelMail"/redirect.php?login_username=<le login>&secretkey=<le mot de passe>

Seul inconvénient : le mot de passe est stocké en clair… Il néanmoins est possible de rendre l’ensemble un peu flou en rajoutant des paramètres bidons (c’est déjà pas mal):

"url du serveur de SquirrelMail"/redirect.php?js_autodetect_results=1&just_logged_in=1&js_autodetect_results=1&just_logged_in=1&login_username=<le login>&secretkey=<le mot de passe>&js_autodetect_results=1&just_logged_in=1&js_autodetect_results=1&just_logged_in=1

Commentaires

Poster un nouveau commentaire

Le contenu de ce champ ne sera pas montré publiquement.
Image CAPTCHA
Entrez les caractères affichés sur l'image sans espaces.
Syndiquer le contenu

Warning: INSERT command denied to user 'michelon01'@'10.0.126.106' for table 'drupal_watchdog' query: INSERT INTO drupal_watchdog (uid, type, message, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '<em>UPDATE command denied to user &amp;#039;michelon01&amp;#039;@&amp;#039;10.0.126.106&amp;#039; for table &amp;#039;drupal_node_counter&amp;#039;\nquery: UPDATE drupal_node_counter SET daycount = daycount + 1, totalcount = totalcount + 1, timestamp = 1495702249 WHERE nid = 19</em> dans <em>/home/michelon/www/olivier/blog/includes/database.mysql.inc</em> à la ligne <em>174</em>.', 2, '', 'http://olivier.michelon.me/blog/?q=article/acceder-plus-rapidement-votre-webmail-squirrelmail', '', '23.20.147.6', 1495702249) in /home/michelon/www/olivier/blog/includes/database.mysql.inc on line 174

Warning: INSERT command denied to user 'michelon01'@'10.0.126.106' for table 'drupal_watchdog' query: INSERT INTO drupal_watchdog (uid, type, message, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '<em>INSERT command denied to user &amp;#039;michelon01&amp;#039;@&amp;#039;10.0.126.106&amp;#039; for table &amp;#039;drupal_accesslog&amp;#039;\nquery: INSERT INTO drupal_accesslog (title, path, url, hostname, uid, sid, timer, timestamp) values(&amp;#039;Accéder plus rapidement à votre webmail SquirrelMail&amp;#039;, &amp;#039;node/19&amp;#039;, &amp;#039;&amp;#039;, &amp;#039;23.20.147.6&amp;#039;, 0, &amp;#039;b9d97e19608d1d5d96574385ad3201fb&amp;#039;, 247, 1495702249)</em> dans <em>/home/michelon/www/olivier/blog/includes/database.mysql.inc</em> à la ligne <em>174</em>.', 2, '', 'http://olivier.michelon.me/blog/?q=article/acce in /home/michelon/www/olivier/blog/includes/database.mysql.inc on line 174

Warning: INSERT command denied to user 'michelon01'@'10.0.126.106' for table 'drupal_watchdog' query: INSERT INTO drupal_watchdog (uid, type, message, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '<em>UPDATE command denied to user &amp;#039;michelon01&amp;#039;@&amp;#039;10.0.126.106&amp;#039; for table &amp;#039;drupal_sessions&amp;#039;\nquery: UPDATE drupal_sessions SET uid = 0, cache = 0, hostname = &amp;#039;23.20.147.6&amp;#039;, session = &amp;#039;image_captcha|a:1:{i:2051055461;s:5:\\&amp;quot;L49ZS\\&amp;quot;;}captcha|a:1:{s:12:\\&amp;quot;comment_form\\&amp;quot;;a:2:{s:32:\\&amp;quot;136e3c6c11e32f60132926d61c62ac0d\\&amp;quot;;s:5:\\&amp;quot;l49zs\\&amp;quot;;s:7:\\&amp;quot;success\\&amp;quot;;b:0;}}messages|a:1:{s:5:\\&amp;quot;error\\&amp;quot;;a:2:{i:0;s:339:\\&amp;quot;user warning: UPDATE command denied to user &amp;amp;#039;mic in /home/michelon/www/olivier/blog/includes/database.mysql.inc on line 174