Homepage | Products | OX Knowledge Base | Support | Try Now | Contact | Company
OX Logo
Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1
    Soldiar Guest

    Default OpenExchange in Joomla?

    Hello,

    I am new to this forum. But I've got a simple question. I need a webmailer in the backend of the CMS joomla. And my webhoster has OpenExchange installed, so I wanted to use it.

    Is there a way I could transfer a username & password to the OpenExchange, to log in, directly into the mailbox? Hope you can help me, because I've got a lot of trouble with this project.

    Really big thanks in advance for you cooperation.


    Regards,
    Christian, 20, Germany

  2. #2
    Join Date
    Feb 2007
    Location
    Germany
    Posts
    3,695

  3. #3
    Soldiar Guest

    Default

    Hello,

    thanks a lot for all this! Gonna have a look on all of this asap. If I need any further assistance can I bother this community with it?

    Thanks for the help!

    Regards,
    Christian, 20, Germany

  4. #4
    Join Date
    Feb 2007
    Location
    Germany
    Posts
    3,695

    Default

    Hi Christian,

    sure - we're here to help

    Greetings

  5. #5
    Soldiar Guest

    Default

    Hello,

    I tried to get a bit on, but my programming is not really good in web-development. Do you or somebody else maybe have some working sample code (PHP) for this AJAX-Login-Script on which I could built on?

    Thanks again in advance!

    Regards,
    Christian, 20, Germany

  6. #6
    Soldiar Guest

    Default Referer

    Hello,

    I hope somebody can give me some advice.

    I found out, that I was doing everything alright with the javascript example Martin Braun gave me. But now I know, that there's probably a referer check.

    My webhoster is not at all helpfull in this thing, they wanna sell me instead something what's like microsoft outlook in explorer. But I like the idea of open-xchange.

    So now my problem is, how could my webhoster change the referer-settings? (or isn't this any function of open xchange?) Or how could I use the referer it normally accepts?

    Thanks in advance again for your big help!

    Regards,
    Christian, 20, K.
    Last edited by Soldiar; 05-19-2009 at 02:52 PM.

  7. #7
    Join Date
    Feb 2007
    Posts
    253

    Default

    AFAIK, the groupware itself performs no referer check. It does perform an IP check, which means the login must be performed from the same IP address as the rest of the session. What errors do you get?

  8. #8
    Soldiar Guest

    Default

    Hello Viktor,

    oh! That could be the reason. the webhoster is a big company which probably has my website on another server than their open xchange (called "webmailer 2.0" at this webhosters side). I don't have this error message right here, but it was something with that I am not "authorized" to access the ressource, will post here later on today the full error message.

    Do you have any idea by know how to bypass/fix this problem?

    Regards,
    Christian, 20, K.

  9. #9
    Join Date
    Feb 2007
    Location
    Germany
    Posts
    3,695

    Default

    Some background - generally this ip check is a security feature. If somebody manages to steal the session cookie set by OX (stored at your browser) and your session ID, he *could* login to your account because the session is already authorized. This would require some criminal effort (network access, local access to the browsers cookie store, browser vulnerabilities etc.) but history shows that such attacks do happen. To add another obstacle to session/cookie stealing we check the IP address which sends the cookie/session id an compare it to the ip address which has initiated the login procedure by entering credentials. Of course it is possible to fake IP addresses but doing a man-in-the-middle attack and even more evil stuff at the internet and through a encrypted connection is much harder than just stealing a session. Atop of this we use whitelisting for HTML E-Mail to minimize the risk of executing script code from external sources which might be a security issue.
    Last edited by Martin Heiland; 05-19-2009 at 03:21 PM.

  10. #10
    Soldiar Guest

    Default

    Hello,

    @Viktor Pracht: the error message is "Access to restricted URI denied".

    @Martin Braun: so this means there's no way for me, to login directly into the "Inbox" of OX without my webhoster helping me?
    I understand the security reasons of course, but I wanted to make a user friendly login after a user already logged into an webapplication (SSL crypted). Because who want's to login with username/password twice in two different login forms every day?

    Thanks for the big help of you two.

    Regards,
    Christian, 20, K.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •