Linux sagir-us1.hostever.us 5.14.0-570.51.1.el9_6.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Oct 8 09:41:34 EDT 2025 x86_64
LiteSpeed
Server IP : 104.247.108.91 & Your IP : 216.73.216.26
Domains : 74 Domain
User : georgeto
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
/
var /
webuzo-data /
roundcube /
program /
actions /
login /
Delete
Unzip
Name
Size
Permission
Date
Action
oauth.php
4.46
KB
-rw-r--r--
2026-02-08 09:33
Save
Rename
<?php /** +-----------------------------------------------------------------------+ | This file is part of the Roundcube Webmail client | | | | Copyright (C) The Roundcube Dev Team | | | | Licensed under the GNU General Public License version 3 or | | any later version with exceptions for skins & plugins. | | See the README file for a full license statement. | | | | PURPOSE: | | Perform OAuth2 user login | +-----------------------------------------------------------------------+ | Author: Thomas Bruederli <roundcube@gmail.com> | +-----------------------------------------------------------------------+ */ class rcmail_action_login_oauth extends rcmail_action { /** * Request handler. * * @param array $args Arguments from the previous step(s) */ public function run($args = []) { $rcmail = rcmail::get_instance(); $auth_code = rcube_utils::get_input_string('code', rcube_utils::INPUT_GET); $auth_error = rcube_utils::get_input_string('error', rcube_utils::INPUT_GET); $auth_state = rcube_utils::get_input_string('state', rcube_utils::INPUT_GET); // auth code return from oauth login if (!empty($auth_code)) { $auth = $rcmail->oauth->request_access_token($auth_code, $auth_state); // oauth success if ($auth && isset($auth['username'], $auth['authorization'], $auth['token'])) { // enforce XOAUTH2 auth type (if not disabled by use of oauth_password_claim) if (!empty($auth['token']['auth_type'])) { $rcmail->config->set('imap_auth_type', $auth['token']['auth_type']); } $rcmail->config->set('login_password_maxlen', strlen($auth['authorization'])); // use access_token and user info for IMAP login $storage_host = $rcmail->autoselect_host(); if ($rcmail->login($auth['username'], $auth['authorization'], $storage_host, true)) { // replicate post-login tasks from index.php $rcmail->session->remove('temp'); $rcmail->session->regenerate_id(false); // send auth cookie if necessary $rcmail->session->set_auth_cookie(); // save OAuth token in session $_SESSION['oauth_token'] = $auth['token']; // log successful login $rcmail->log_login(); // allow plugins to control the redirect url after login success $redir = $rcmail->plugins->exec_hook('login_after', ['_task' => 'mail']); unset($redir['abort'], $redir['_err']); // send redirect $rcmail->output->redirect($redir, 0, true); } else { $rcmail->output->show_message('loginfailed', 'warning'); // log failed login $error_code = $rcmail->login_error(); $rcmail->log_login($auth['username'], true, $error_code); $rcmail->plugins->exec_hook('login_failed', [ 'code' => $error_code, 'host' => $storage_host, 'user' => $auth['username'], ]); $rcmail->kill_session(); // fall through -> login page } } else { $rcmail->output->show_message('oauthloginfailed', 'warning'); } } // error return from oauth login else if (!empty($auth_error)) { $error_message = rcube_utils::get_input_string('error_description', rcube_utils::INPUT_GET) ?: $auth_error; $rcmail->output->show_message($error_message, 'warning'); } // login action: redirect to `oauth_auth_uri` else if ($rcmail->task === 'login') { // this will always exit() the process $rcmail->oauth->login_redirect(); } } }