Hello
Is there any way to get this plugin working with RC 1.5 OAuth authentication?

Phone (SMS)

How to test?

Google Authenticator API

• http://code.google.com/p/google-authenticator/
• Android App: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en

Hi,

The text on the login page is unreadable with classic theme (Shadow, color)
I propose to change the persistent_login.css file :

@@ -1,7 +1,8 @@
 #ifplcontainer {
        border: 0 solid #999;
-       color: #cecece;
+       color:#666;
        text-align: center;
-       text-shadow: 0 1px 1px black;
 }

Thank you.

If token data is removed from database, but the cookie is present in the browser, line 143 (if (($data = $rcmail->get_dbh()->fetch_assoc($res)))) will be set to false. In this case the cookie is reported as "stolen" and all other (and also valid tokens) are removed from the database. If another browser now tries to login (with its saved cookie), this will fail also, is reported as stolen again, all other tokens will be removed and so on... in this case, login is stuck in a loop as log a valid local cookie is found in the browser.

I know, a stolen cookie can be a problem. But personally i think, removing all tokens for this user from the db, is not the right solution. Instead of this, the user should be notified, that there is a risk of a stolen cookie and let the decision what to do, to the user. Maybe we should record the IP address where this cookie was last used and present this to the user. If this IP is unknown to the user, the cookie is really stolen and all tokens should be removed. If the IP is known, then this is mostly no issue. A stolen cookie is at least in my eyes a very rare issue. Only to present the raw IP to the user in such a case is not helpful for unexperienced users, we should get more and additional info's about this IP address, like location, carrier ip address pool/range from specific carrier and time of this specific login. This info's should be gathered only at the time, this issue occurs, but not saved to the db, we need only the IP address.

In my bookmark back-end, i use a similar technique, feel free to use it here to:

function ip_info() {
	$ipArr = [];
	if(!empty($_SERVER['HTTP_CLIENT_IP'])) {
        $ip = $_SERVER['HTTP_CLIENT_IP'];
    } else if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){
        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
    } else {
        $ip = $_SERVER['REMOTE_ADDR'];
    }
    
    $ipArr['ip'] = $ip;
    $wArr = preg_split('/\r\n|\r|\n/', shell_exec("whois '".addslashes($ipArr['ip'])."'"));
	foreach($wArr as $ipi ) {
		$iarr = explode(": ", $ipi);
		if($iarr[0] == "descr") {
			$ipArr['de'] = trim($iarr[1]);
			break;
		}
	}
	
	$ip_info = @json_decode(file_get_contents("http://www.geoplugin.net/json.gp?ip=".$ipArr['ip']));
	if($ip_info && $ip_info->geoplugin_countryName != null){
		$ipArr['co'] = $ip_info->geoplugin_continentName;
		$ipArr['ct'] = $ip_info->geoplugin_countryName;
		$ipArr['re'] = $ip_info->geoplugin_region;
		$ipArr['ua'] = $_SERVER['HTTP_USER_AGENT'];
		$ipArr['tm'] = time();
	}
	
	return $ipArr;
}

If saving the IP address in the database is fine for you, i can try to make pull request. But since is a huge privacy aspect, I'm not sure, if this i fine for your.

I'm using roundcube in front of a dovecot server with mysql user management. When persistent_login is enabled, after a variable amount of time (difficult to reproduce), roundcube forgets that the Archive folder is an archive folder and just shows the regular folder icon in the navigation on the left, as well as no longer displaying the "Archive" function on top of the message.

After logging out and back in again, the expected behavior is restored.

I brought up this issue in the roundcube github ( roundcube/roundcubemail#8512) and was asked to test the persistent_login plugin. I've tested this extensively after disabling persistent_login and it has never happened. Obviously session times out without the plugin and a new login is required, so there is still a chance this is related to a roundcube issue that is obscured by the timeout, but it seems to point at the plugin.

I'd be glad to provide more info or perform any tests to help troubleshoot this, but I'm a bit lost how to troubleshoot this further by myself.

Atm the plugin is quite poorly integrated in elastic skin (see pic).
Would it be possible to have a smoother integration?

Thanks a lot!

This comment is wrong
// Time until the peristent login cookie invalidates (in milliseconds; 60_60_24*3 = 3 days)

60 * 60 * 24 * 3 = time in seconds, not in millisecons

60 (seconds) * 60 (minutes) * 24 (hours) * 3 (days)

Please add sql/sqlite.sql.

This one works for me, but I'm not sure if it's completely correct:

CREATE TABLE `auth_tokens` (
    `token` varchar(128) NOT NULL,
    `expires` datetime NOT NULL,
    `user_id` int(10)  NOT NULL,
    `user_name` varchar(128) NOT NULL,
    `user_pass` varchar(128) NOT NULL,
    `host` varchar(255) NOT NULL
);
CREATE INDEX token ON auth_tokens(token);

Hi,
The 0.8RC version is now out !
The plugin doesn't work any more with the new theme named "larry".
Do you plan to adapt the code to add compatibility for this version ?

Is there any way that a user could have an option for permanent logout?

It seems that the cookie stays enabled even if the user log-outs. I could log out 1,000 times and the cookie will automatically log me in the next time that I visit the e-mail.

Is there any way to have a button created to automatically erase the cookie and logout?

Hey,

I got a updated persistent_login you can add to 2021 update. Alot better checkbox and more! You can test for yourself on your mail server.

https://github.com/lolCourtesy/persistent_login-reworked

Looks bad with dark elastic theme:

This package is not listed in https://plugins.roundcube.net (which seems to be a frontend for https://packagist.org), and so I only found https://packagist.org/packages/texxasrulez/persistent_login which is an outdated fork of your plugin.

It would be nice if this package here would be listed there, too.

When using this plugin with Roundcube 1.2.0 and php7 I get Warning: Call to deprecated function get_input_value(); See bc.inc for replacement in the error log file a lot.

Hallo,
when a new browser session is started, i can see the login screen (without the checkbox for persisten login) and the error message sessionerror. After refreshing the page i'm loged in but not without.

Actually the plugin doesn't work with multiple hosts, because neither the cookie- nor the token based version save the host value for an automatic login.

I'm using Roundcube version 1.4.4 and this plugin is not working. Even if I select the "remember me" option I always need to login again after I close the browser and reopen it. On inspection no persistent cookie is being found.
I am also using the plugins 'twofactor_gauthenticator' and 'managesieve'.

When user taps keep me signed on, kolab_2fa plugin does not appear in settings.

When I come back to roundcube after a while and my session is expired and have to log back in, my chbox plugin and keyboard shortcuts are affected. The checkboxes does not show up and keyboard shortcuts hotkeys are not functional. When I logout and log back in it works. When I disable persistant_login plugin, I cannot recreate the issue. These are the only two plugins that I notice not working.

Latest releases of the following plugins affected:
corbosman/keyboard_shortcuts
umount/rcplugin_chbox

Thank you for your plugin.

Error
SQL query:

ALTER TABLE auth_tokens
ADD CONSTRAINT auth_tokens_ibfk_1 FOREIGN KEY (user_id) REFERENCES users (user_id) ON DELETE CASCADE
MySQL said: Documentation

#1215 - Cannot add foreign key constraint

Hi, trying to activate UserData cookie method. While doing sql import via phpmyadmin I get the following error:

"Cannot add foreign key constrain"

if I add "set foreign_key_checks=0;" then the output is:

"Failed to add the foreign key constaint. Missing index for constraint 'auth_tokens_ibfk_1' in the referenced table 'users'"

please add a license haha
currently, as it has no license, it's 'all rights reserved', and i truly doubt you meant that
nobody can really use this without an explicit notice or licensing

may i suggest cc0 ( unlicense, wtfpl, any public domain license ), mit ( or mit-0 ), or gplv3( + ) ?

• https://creativecommons.org/public-domain/cc0/
• https://unlicense.org
• http://www.wtfpl.net/
• https://github.com/aws/mit-0
• https://opensource.org/license/MIT
• https://www.gnu.org/licenses/gpl-3.0.en.html

Hi,

The plugin does not keep track of _action parameter when the logging in with persistent cookie.

Please store it somewhere before overwritting it in startup() and restore it in login_after().

Hello,

Would it be worthwhile to add an optional link to this plugin called "Forgot my password" that, when clicked, brings the user to a custom-named (or plugin-named) page where we have our own forgotten-password routine?

Or would we edit one of the plugin files to create our own link? (I've been trying to do so, but getting our link horizontally aligned with this plugin's "Keep me logged in" link in all browsers is proving difficult.)

I have configured and installed plugin on roundcube 1.3, I see it in installed plugins but in login page is missed. Can you check and fix it?

Add possibility to to configure a white-list of IPs and subnets, which are a allowed to use the "Remember Me" functionality.

Hi,

is the plugin still working with RC 1.6.1? I have set it on a test instance, but when I kill the webbrowser, I have to log in again.

Thanks

Hello,

it seems as persistent_login plugin no more works with new beta version 1.3.0 of Roundcube.
Could you please modify persistent_login plugin for new Roundcube version?

Thank you a lot!

We LOVE your plugin for RoundCube as it offers functionality that is very important to our customers.

In the latest release of RoundCube (1.5), we began having trouble with two items:

Issue 1

When selecting a layout in the Larry or the Classic theme, you can choose "List (no mail preview)" as an option in Preferences > Mailbox View > Main Options. If you save this option and then return to the main Mail screen, there will just be list of email with no preview pane as expected.

However, if you simply allow the browser screen to sit idle with no interaction for 5 or 10 minutes, the preview pane will suddenly appear.

Once the preview pane has appeared, you cannot get rid of it by using the small gear dropdown in the header row of the email listing and trying to set it back to list in the pop-up window that appears. Only going to Settings and saving Preferences > Mailbox View, will reset it. However, after several minutes, the preview pane will reappear automatically again.

Issue 2

For those customers who have their Roundcube refresh set to "every 10 minutes" or higher and then don't interact with their browser for a while, an error occurs and appear in the area of the screen where the email listing usually is. It is titled, "File Not Found" and says, "The requested resource was not found! Please contact your system administrator. _Failed request mail.redactedmailservername.com/mail/?_task=mail&action=keep-alive"

This is always accompanied by an error in the logs on the server that say, "PHP Error: Error loading template for in /usr/local/lib/roundcubemail/program/include/rcmail_output_html.php on line 804 (GET /mail/?_task=mail&_action=keep-alive)"

You'll note that there is a blank between "for" and "in" that is where a template name should appear. However, there isn't one.

The workaround is to set the refresh to less than 10 minutes. That works, but this was not an issue in previous RC versions and some people would prefer less frequent auto-refreshing or to manually refresh the page themselves as needed.

Notes

After posing both of these to the Roundcube folks, they indicated they thought it might be a plugin-related issue. I went in and temporarily deactivated all of the defined plugins in config.inc.php. The problems went away. I then reactivated all of the plugins EXCEPT persistent_login. The problems were still gone.

We use the Mail-in-a-box server package which is also on GitHub. One of the devs there suggested some fixes, which we can implement, but to have them added to the package and released would be a welcome and permanent change. You can see the thread of information here: mail-in-a-box/mailinabox#2052

Thank you so much for your help with this important plugin.

Problem: Usually it's always a good idea, maybe even best-practise, to have a primary key set in each table. But by default auth_tokens doesn't have any primary key set. This may cause issues on MySQL clusters, like MariaDB Galera Cluster (referring to the limitations site on https://mariadb.com/kb/en/mariadb/mariadb-galera-cluster-known-limitations/).

Suggestion: Use 'token' as the primary key, as it should be unique anyway.
Code for file /sql/mysql.sql (910f67b):

ALTER TABLE `auth_tokens`
	ADD PRIMARY KEY(`token`);

This is a simple fix:

--- persistent_login.php.orig   2013-08-15 12:10:55.000000000 -0400
+++ persistent_login.php        2013-08-15 12:11:15.000000000 -0400
@@ -397,7 +397,7 @@
                if (headers_sent()) {
                        return false;
                }
-               return setcookie($name, $value, $exp);
+               return rcmail::get_instance()->setcookie($name, $value, $exp);
        }

        /**

Hi, I'm trying to use persistent_login with Roundcube 1.6 on a Debian 11 but the logs return the follow error:

PHP Warning: Undefined array key "_pt" in /usr/share/roundcube/plugins/persistent_login/persistent_login.php on line 299