SquirrelMail  
Donations
News
About
Support
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties













Security Notice
Phishing campain
UPDATE YOUR
EMAIL SECURITY
"IUEU"
Plugins - Secure Login
Category: Logging in

This plugin automatically enables a secure HTTPS/SSL-encrypted connection for the SquirrelMail login page if it hasn't already been requested by the referring hyperlink or bookmark. Optionally, the secure connection can be turned off again after successful login.

This utility is intended to prevent passwords and email contents being transmitted over the Internet in the clear after people browse to the login page without including https:// in its address.


Version 1.4
by Paul Lesniewski on May 14, 2008
Please support this plugin's development: Donate to this author
[ secure_login-1.4-1.2.8.tar.gz tarball (24149 d/l) Help ]
Requires: SquirrelMail version 1.2.8 or above, HTTPS/SSL-capable web server with encryption already working on your SquirrelMail installation

Description:
  • When using $allVirtualDomainsUnderOneSSLHost and coming back from the signout page or a login error page, the URI was wrongly constructed - fixed thanks to Brett Johnson
  • Minor bug fixes and updates

Older versions

Version 1.3
by Paul Lesniewski on Feb 27, 2007
[ secure_login-1.3-1.2.8.tar.gz tarball (15959 d/l) Help ]
Requires: SquirrelMail version 1.2.8 or above, HTTPS/SSL-capable web server with encryption already working on your SquirrelMail installation

Description:
  • Fix for problem with session variables sticking around between logins, such that SSL connection would be forced only every other login
  • Updated documentation
  • Added configtest hook
  • Updated for compatibility with SquirrelMail 1.5.x
  • Removed specific requirement for Compatibility plugin
  • Updated to stop accessing superglobal arrays directly
  • Removed configuration file requirement
  • Added debug flag
  • Added more flexible "multiple domains under one SSL certificate" configuration
  • Added more fine-grained controls over URI parsing (not recommended unless default behavior won't work)
  • NOTE that configuration variable names have changed - please review your config file if upgrading from an earlier release!


Version 1.2
by Paul Lesniewski on Jul 18, 2003
[ secure_login-1.2-1.2.8.tar.gz tarball (35881 d/l) Help ]
Requires: SquirrelMail 1.2.8, Compatibility plugin, SSL-capable web server

Description:
  • Changed plugin logic to detect HTTP and HTTPS connections based on port number instead of environment variables that in some cases may not be provided by the web server (Thanks to Tony Geerts [tgeerts at dyton.com])
  • If user comes to login page with a URI that has any GET variables appended to it, they are automatically added to the secure redirection URI (Thanks to Alex Lemaresquier [alex at brainstorm.fr]).


Version 1.1
by Paul Lesniewski on Jul 12, 2003
[ secure_login-1.1-1.2.8.tar.gz tarball (3052 d/l) Help ]
Requires: SquirrelMail 1.2.8, Compatibility plugin, SSL-capable web server

Description:
  • Fix for when going back to HTTP from HTTPS login that would cause javascript errors after sending at least one message - the right frame was getting redirected back to HTTPS. But not any more. ;> This is only a fix applicable for SM 1.4 and up.
  • Updated for latest version reporting API.
  • Removed config.php from distribution, replaced with config.php.sample for hassle-free upgrades.


Version 1.0
by Paul Lesniewski on Mar 6, 2003
[ secure_login-1.0-1.2.8.tar.gz tarball (6975 d/l) Help ]
Requires: SquirrelMail 1.2.8, Compatibility plugin, SSL-capable web server

Description: Many thanks to Greg Schiedler [Greg at Limo.Net] for help testing version 1.0!

v1.0
  • Added compatibility with SquirrelMail v1.4.
  • New setup.php format for better overall SquirrelMail performance.
  • In combination with more recent versions of SquirrelMail (and probably older ones, thanks to the Compatibility plugin), a bug that allowed users to log in without SSL in a browser session that had already logged in once before has been removed.
v0.7
  • Added config setting for servers running https or http on non-standard ports.
v0.6
  • Sites that host all their virtual domains off of a single SSL URL can now specify that URL in config.php and users will be redirected as appropriate
  • PHP version checking fixed (for all locales)


Version 0.5
by Paul Lesniewski on Nov 5, 2002
[ This version is not available. You might be able to get it by asking on the "squirrelmail-plugins" mailing list or by contacting the author. ]
Requires: Requires: Requires: SquirrelMail 1.2.8 running on Apache 1.3.x with OpenSSL

Description: Updated for compatibility with the Update Plugins plugin.

Version 0.4
by Paul Lesniewski on Oct 8, 2002
[ This version is not available. You might be able to get it by asking on the "squirrelmail-plugins" mailing list or by contacting the author. ]
Requires: Requires: SquirrelMail 1.2.8 running on Apache 1.3.x with OpenSSL

Description: The sysadmin now has the ability to specify that users who came to the login page using SSL should stay in an encrypted session (while others only get encryption for the duration of their login). That flag is turned on and off in config.php.

Version 0.3
by Paul Lesniewski on Sep 30, 2002
[ This version is not available. You might be able to get it by asking on the "squirrelmail-plugins" mailing list or by contacting the author. ]
Requires: SquirrelMail 1.2.8 running on Apache 1.3.x with OpenSSL

Description: Added functionality that will drop user back to a non-encrypted connection after logging in (this can be turned off if needed - see setup.php).

Version 0.2
by Graham Norbury on Jan 4, 2002
[ secure_login-0.2-1.2.0.tar.gz tarball (8850 d/l) Help ]
Requires: SquirrelMail 1.2 running on Apache 1.3.x with OpenSSL

Description: Fixed a bug causing redirect to fail if apache RewriteEngine was not turned on. Added check to prevent infinite redirection to the same page.

Version 0.1
by Graham Norbury on Jan 3, 2002
[ This version is not available. You might be able to get it by asking on the "squirrelmail-plugins" mailing list or by contacting the author. ]
Requires: SquirrelMail 1.2 running on Apache 1.3.x with OpenSSL

Description: Initial revision

If you have problems with the download or decompressing...
Internet Explorer
Right-click on the file, then select "Save Target As"
Firefox, Mozilla, Netscape
Right-click on the file, then select "Save Link As"
Opera
Right-click on the file, then select "Save Link Document As"
Lynx and Links
Press "d" on the link to download the file directly.
  • Untarring problems: Your browser might have un-gzipped it for you automatically. Try just "tar xvf" instead of "tar xvfz". Also, the plugins archive isn't gzipped (it is a tarball of .tar.gz files)
  • Macintosh users: Just hold down your mouse button to get the menu instead of right-clicking.
  • If all else fails, seek our help
© 1999-2010 by The SquirrelMail Project Team