WebMail Lite Documentation

Logging in programmatically

If you have some existing web application, you might want to integrate WebMail Lite into it. It is possible to send authentication data from your application into WebMail Lite bypassing its login screen.

In order to make use of WebMail Lite API, you'll need to initialize it as follows:

include __DIR__.'/../system/autoload.php';
\Aurora\System\Api::Init();

It is assumed that the code itself is located in a subdirectory of main WebMail Lite directory. If that's not the case, you'll need to adjust the filesystem path which points to autoload.php file. And of course, you can supply full filesystem path there, e.g.:

include '/var/www/html/webmail/system/autoload.php';

In order to log specified user into their email account, Login method of Core module is used. It takes 2 parameters: email address and account password.

Below, please find sample code for logging a particular user into WebMail Lite. For the sake of simplicity, email and password are supplied directly in the code. In actual application, they will probably be taken from session, POST data, etc.

<?php
$sUserLogin = "user@domain.com";
$sUserPassword = "MyPassWord";
include __DIR__.'./system/autoload.php';
\Aurora\System\Api::Init();
$aData = \Aurora\System\Api::GetModuleDecorator('Core')->Login($sUserLogin, $sUserPassword);
if (isset($aData['AuthToken']))
{ 
    $sAuthToken = $aData['AuthToken'];
    setcookie('AuthToken', $sAuthToken, time()+3600, "/");
    \Aurora\System\Api::Location('../');
}
exit();

Note the line with Api::Location method call. Upon logging user into their account, WebMail Lite interface needs to be opened, and this line does that. Once again, it's assumed that the code itself is located in a subdirectory of main WebMail Lite directory. You can supply absolute or relative URL (NOT the path) pointing to your WebMail Lite installation there.

Also note that "/" stands for cookie path which should point to the installation folder. If you have WebMail Lite set up in subfolder of the domain, e.g. yourdomain.com/webmail then you need to adjust the path accordingly:

setcookie('AuthToken', $sAuthToken, time()+3600, "/webmail/");

In general, logging in programmatically and logging in using main WebMail Lite page use the same idea:

  • If the account with that email address exists, user will be logged into it.

  • If the account doesn't exist in WebMail Lite yet, and the matching domain is found in Mail Servers list in admin interface, account will be created according to incoming/outgoing mail settings for that domain, and then user will be logged into that account.

AllowUsedDevices

If you have two-factor-authentication enabled and "AllowUsedDevices" set to true, the above code will not work and needs to be adjusted, by additionally generating and saving DeviceID:

<?php
$sUserLogin = "username@domain.com";
$sUserPassword = "my_password";
include __DIR__.'/../system/autoload.php';
 
\Aurora\System\Api::Init();
 
function format_uuidv4($data)
{
  assert(strlen($data) == 16);
 
  $data[6] = chr(ord($data[6]) & 0x0f | 0x40); // set version to 0100
  $data[8] = chr(ord($data[8]) & 0x3f | 0x80); // set bits 6-7 to 10
 
  return vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($data), 4));
}
 
$aData = \Aurora\System\Api::GetModuleDecorator('Core')->Login($sUserLogin, $sUserPassword);
 
if (isset($aData['AuthToken']))
{ 
    $sAuthToken = $aData['AuthToken'];
    setcookie('AuthToken', $sAuthToken, time()+3600, "/");
 
    if ($_COOKIE['X-DeviceId']) {
        $sDeviceId = $_COOKIE['X-DeviceId'];
    } else {
        $sDeviceId = format_uuidv4(random_bytes(16));
        setcookie('DeviceId', $sDeviceId, time()+3600, "/");
    }
 
    $TwoFactorManager = \Aurora\System\Api::GetModuleDecorator('TwoFactorAuth')->getUsedDevicesManager();
    if ($TwoFactorManager) {
        $TwoFactorManager->saveDevice(\Aurora\System\Api::getAuthenticatedUserId(), $sDeviceId, '', $sAuthToken);
    }
 
    \Aurora\System\Api::Location('../');
}
 
exit();