English
Chinese (Simplified)
French
German
Italian
Japanese
Russian
Spanish
Vietnamese
Pre-filling the Email Field in a Webmail Login Form Using URL Parameters
-
Hello,
I need your help to pre-fill the email field in the login form. Here is the relevant line of code:
<input type="email" name="User" id="User" value="" placeholder="E-mail" />I would like to pass an email address in the URL to pre-fill this field. However, it seems that POST/GET methods are being blocked, and I can't find any option to enable them in the settings.
I'm convinced that what I want to do is possible, because I have another webmail (the one from Plesk) that works this way.
Here is an example of the code I am planning to use to pre-fill the field:
<?php if ($_SERVER["REQUEST_METHOD"] == "POST") { $email = filter_var(trim($_POST["email"]), FILTER_SANITIZE_EMAIL); // Redirect to the webmail with the pre-filled email address header("Location: https://case-postale.ch/?User=" . urlencode($email)); exit(); } ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Webmail Redirection</title> </head> <body> <form method="post" action=""> <label for="email">Enter your email:</label> <input type="email" id="email" name="email" required> <button type="submit">Submit</button> </form> </body> </html>Thanks in advance for your help!
-
Jonathan StaffHi Noé,
It depends on where this template is located.
For example, if you want to prefill it with information from WorldClient, you need it to be in the WorldClient\Templates directories. The same template would need to be in each theme.
However, since WorldClient does not use PHP, your current template would not be executed there.
Instead, you would need to use what's called WCML, and you could prefill the email input like so:
<input type="email" name="User" value="<$CGI:USER,HTML$>" placeholder="Email Address" />The CGI:USER tag will retrieve the value of User from the URL or from the User cookie. The ",HTML" encodes the output for HTML.
Instead of using a PHP script to intercept the form POST submission here, you could use javascript to do the same
document.forms[0].onsubmit = function () { var email = document.forms[0].User.value; email = yourFavoriteSanitizingMethod(email); document.location.href = "https://case-postale.ch/?User=" + encodeURIComponent(email); }There's also this github page that we created to help with intranet integration: https://github.com/mdaemon-technologies/intranet-integration
-
Hi @Jonathan Ehman,
Thanks for your help!
Unfortunately, it's still not working. I'm not the best developer and I'm having a bit of trouble understanding everything. I changed my `Domains.ini` file from:
WorldClientAPI:AllowTheseExternalOrigins=Noto
WorldClientAPI:AllowTheseExternalOrigins=YesI know this isn't secure, but it's just for testing on a test MDaemon.
I also modified my code, which looks something like this:
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Pre-fill Email</title> </head> <body> <form id="redirectForm"> <label for="User">Email:</label> <input type="email" id="User" name="User" value="<?php echo htmlspecialchars($_GET['User']); ?>" required> <button type="submit">Submit</button> </form> <script> document.forms[0].onsubmit = function (event) { event.preventDefault(); // Prevent page reload var email = document.forms[0].User.value; // Sanitization method function sanitizeEmail(email) { // Remove whitespace and invalid characters return email.trim().replace(/[^a-zA-Z0-9._%+-]+/g, ''); } // Sanitize the email email = sanitizeEmail(email); // Redirect document.location.href = "https://mail.rat-din.xyz/?User=" + encodeURIComponent(email); }; </script> </body> </html>Thanks again for your help!
-
Jonathan Staff
@Noé
This will not be a useful setting value.
WorldClientAPI:AllowTheseExternalOrigins=YesIt needs to be a semi-colon separated list of origins, e.g.: https://mail.example.com;https://localhost
The All origins setting is: WorldClientAPI:AllowAllExternalOrigins=Yes
Secondly, this is only useful if you make use of the WorldClientAPI in your code. If you do not use it, then there's no value in setting the list.
I might be able to help you better if I understood your motivation/purpose in having a redirect page.
Is it for an office intranet setup?
Are you just trying to set the user for the WorldClient sign-in page and the User variable isn't working as you expect in this code:document.location.href = "https://mail.rat-din.xyz/?User=" + encodeURIComponent(email); ?
If that's the case, you probably need to include WorldClient.dll and the View in your request like this:
document.location.href = "https://mail.ra-din.xyz/WorldClient.dll?View=Logon&User=" + encodeURIComponent(email)";Please let me know if you're still having trouble.
-
Thank you, but it still doesn’t work.
I want to do this because, in my company, we have several webmails, and I am developing a page that asks users for their email to perform DNS queries to determine which webmail to use. This already works for another webmail, but I can’t get it to work for the MDaemon webmail.
I have modified the file as follows:
WorldClientAPI:AllowTheseExternalOrigins=YesHere is the code with the modifications, and I don’t understand why it doesn’t work.
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Pre-fill Email</title> <script> function redirectToWebmail(event) { event.preventDefault(); // Prevents page reload var email = document.getElementById('email').value; // Sanitization method function sanitizeEmail(email) { return email.trim().replace(/[^a-zA-Z0-9._%+-]+/g, ''); } // Sanitize the email email = sanitizeEmail(email); // Redirect document.location.href = "https://mail.rat-din.xyz/WorldClient.dll?View=Logon&User=" + encodeURIComponent(email); } </script> </head> <body> <form id="redirectForm" onsubmit="redirectToWebmail(event);"> <label for="email">Enter your email:</label> <input type="email" id="email" name="email" required> <button type="submit">Submit</button> </form> </body> </html>
-
Jonathan Staff
@Noé This setting is not correct:
WorldClientAPI:AllowTheseExternalOrigins=YesThe correct format is as follows:
WorldClientAPI:AllowTheseExternalOrigins=https://example.com;https://localhostBut it also doesn't sound like you need this setting for what you're doing, so it should just be
WorldClientAPI:AllowTheseExternalOrigins=https://case-postale.ch/Based on how you're using the template, your first iteration of the template should be working.
I did some testing, and now I think you've actually discovered a defect, which I am now tracking down.
-
Jonathan Staff
@Noé
Here's what you need to do. You need to set the cookie for "User" in your PHP script. It should be something like this:
<?php if ($_SERVER["REQUEST_METHOD"] == "POST") { $email = filter_var(trim($_POST["email"]), FILTER_SANITIZE_EMAIL); // Redirect to the webmail with the pre-filled email address header("Location: https://case-postale.ch/?User=" . urlencode($email)); header("Set-Cookie: User=" . $email . "; Path=/; SameSite=Lax"); exit(); } ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Webmail Redirection</title> </head> <body> <form method="post" action=""> <label for="email">Enter your email:</label> <input type="email" id="email" name="email" required> <button type="submit">Submit</button> </form> </body> </html>This assumes that the proxy is passing the cookies along in addition to the URL variables.
-
Hello,
Thank you for your help.
It works, but it's not perfect yet. Thanks to you, I was able to make some adjustments. The problem is that I can't display the
@symbol on the login page; it shows up as%40, probably due to encoding. From what I've read, it seems that modifying the webmail code to decode it would be necessary.Here is my code:
<?php if ($_SERVER["REQUEST_METHOD"] == "POST") { // Récupérer l'email sans filtrage pour permettre tous les caractères $email = trim($_POST["email"]); // Set the cookie with a lifespan of 2 minutes (120 seconds) setcookie("User", $email, time() + 120, '/', 'rat-din.xyz', false, false); // Rediriger vers la page de connexion sans encodage header("Location: https://mail.rat-din.xyz/?User=" . $email); // Pas d'encodage ici exit(); } ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Webmail Redirection</title> </head> <body> <form method="post" action=""> <label for="email">Enter your email:</label> <!-- Changer type="email" en type="text" pour permettre tous les caractères --> <input type="text" id="email" name="email" value="<?php echo isset($email) ? htmlspecialchars($email) : ''; ?>" required> <button type="submit">Submit</button> </form> </body> </html>
-
Jonathan Staff
@Noé Excellent. It looks like you've already modified the Logon.html previously, so that shouldn't be too difficult.
Just add the follwoing to the <script type="text/javascript"> that comes after <script type="text/javascript" src="All/JavaScript/jquery-latest.js?v=<$VERSION,URL$>"></script> on the page:
$(document).ready(function () { document.forms[0].User.value = decodeURIComponent(document.forms[0].User.value); });For example:
<script type="text/javascript" src="All/JavaScript/jquery-latest.js?v=<$VERSION,URL$>"></script> <script type="text/javascript"> var $WC = { .... }; $(document).ready(function () { // your code here }); </script>I'm sure you're aware that these pages get overwritten with new versions and will need to be updated each time you upgrade.
Please let us know if there's anything else you need help with.
-
@Jonathan
Thank you, but is there a way to do this without modifying the underlying code, or is there an option in the admin interface? I would prefer not to touch the webmail code, especially since it could be overwritten during updates.
-
Jonathan Staff
I'm kind of surprised, since it's clear from looking at the Logon page that it is already being modified (the entire branding div is being hidden or removed).
According to my quick search, PHP's setcookie url encodes the input. But, "The
setrawcookie()function, introduced in PHP 5, allows you to set a cookie without URL-encoding the value. This function sends the cookie data as raw, unencoded data."So, assuming you have at least PHP 5, use
setrawcookie("User", $email, time() + 120, '/', 'rat-din.xyz', false, false);
-
@Jonathan
Thank you very much, it's working, for everyone need this is my working code.
And this MDaemon server is for test so I try things but I don't edit files in the production one.<?php if ($_SERVER["REQUEST_METHOD"] == "POST") { // Retrieve the email without filtering to allow all characters $email = trim($_POST["email"]); // Set the raw cookie with a lifespan of 2 minutes (120 seconds) setrawcookie("User", $email, time() + 120, '/', 'rat-din.xyz', false, false); // Redirect to the login page without encoding header("Location: https://mail.rat-din.xyz/?User=" . $email); // No encoding here exit(); } ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Webmail Redirection</title> </head> <body> <form method="post" action=""> <label for="email">Enter your email:</label> <!-- Change type="email" to type="text" to allow all characters --> <input type="text" id="email" name="email" value="<?php echo isset($email) ? htmlspecialchars($email) : ''; ?>" required> <button type="submit">Submit</button> </form> </body> </html>
-
Jonathan Staff
@Noé That's great. I'm glad I could help.
