function user_valid_login($login, $password)
{
global $error, $user_external_group, $user_external_email;
$ret = false;
$data = @yp_match(yp_get_default_domain(), 'passwd.byname', $login);
if (strlen($data)) {
$data = explode(':', $data);
if ($user_external_group && $user_external_group != $data[3]) {
$error = translate('Invalid login');
return $ret;
}
if ($data[1] == crypt($password, substr($data[1], 0, CRYPT_SALT_LENGTH))) {
if (count($data) >= 4) {
$ret = true;
// Check for user in webcal_user.
// If in NIS and not in DB, then insert...
$sql = 'SELECT cal_login FROM webcal_user WHERE cal_login = ?';
$res = dbi_execute($sql, array($login));
if (!$res || !dbi_fetch_row($res)) {
// insert user into webcal_user
$uname = explode(' ', $data[4]);
$ufirstname = $uname[0];
$ulastname = $uname[count($uname) - 1];
user_add_user($login, $password, $ufirstname, $ulastname, $login . '@' . $user_external_email, 'N');
} else {
//refresh their password in webcal_user
user_update_user_password($login, $password);
}
} else {
$error = translate('Invalid login') . ': ' . translate('incorrect password');
$ret = false;
}
}
} else {
// no such user
$error = translate('Invalid login') . ': ' . translate('no such user');
$ret = false;
}
return $ret;
}
}
} else {
$error = print_not_auth(15);
}
} else {
// Handle update of password.
if ($formtype == 'setpassword' && strlen($user)) {
if (!access_can_access_function(ACCESS_USER_MANAGEMENT) && !access_can_access_function(ACCESS_ACCOUNT_INFO)) {
$error = print_not_auth(17);
} else {
if ($upassword1 != $upassword2) {
$error = $notIdenticalStr;
} else {
if (strlen($upassword1)) {
if ($user_can_update_password) {
user_update_user_password($user, $upassword1);
activity_log(0, $login, $user, LOG_USER_UPDATE, translate('Set Password'));
} else {
$error = print_not_auth(18);
}
} else {
$error = $noPasswordStr;
}
}
}
} else {
// Handle update of user info.
if ($formtype == 'edituser') {
if (!empty($add) && $is_admin) {
if ($upassword1 != $upassword2) {
$error = $notIdenticalStr;
/**
* Check to see if a given login/password is valid.
*
* If invalid, the error message will be placed in $error.
*
* @param string $login User login
* @param string $password User password
*
* @return bool True on success
*
* @global string Error message
*/
function user_valid_login($login, $password)
{
global $error, $auth, $imap_host, $imap_port, $allow_auto_create, $PHP_SELF;
$ret = false;
// do_debug ("in imap/user_valid_login...<br />\nl=$login p=$password<br />\n");
$all_imap_hosts = array();
$all_imap_ports = array();
// Check if we do not have a username/password
if (!isset($login) || !isset($password) || strlen($password) == 0) {
return $ret;
}
# Check that if there is an array of hosts and an array of ports
# then the number of each is the same
if (is_array($imap_host) && is_array($imap_port) && count($imap_port) != count($imap_host)) {
return $ret;
}
# Transfer the list of imap hosts to an new value to ensure that
# an array is always used.
# If a single value is passed then turn it into an array
if (is_array($imap_host)) {
$all_imap_hosts = $imap_host;
} else {
$all_imap_hosts = array($imap_host);
}
# create an array of the port numbers to match the number of
# hosts if a single port number has been passed.
if (is_array($imap_port)) {
$all_imap_ports = $imap_port;
} else {
while (each($all_imap_hosts)) {
$all_imap_ports[] = $imap_port;
}
}
# iterate over all hosts and return if you get a successful login
foreach ($all_imap_hosts as $idx => $host) {
$error_number = '';
$error_string = '';
// Connect to IMAP-server
$stream = fsockopen($host, $all_imap_ports[$idx], $error_number, $error_string, 15);
$response = fgets($stream, 1024);
if ($stream) {
$logon_str = 'a001 LOGIN "' . quoteIMAP($login) . '" "' . quoteIMAP($password) . "\"\r\n";
fputs($stream, $logon_str);
$response = fgets($stream, 1024);
if (substr($response, 5, 2) == 'OK') {
fputs($stream, "a001 LOGOUT\r\n");
$response = fgets($stream, 1024);
$ret = true;
if ($allow_auto_create && !empty($PHP_SELF) && preg_match("/\\/login.php/", $PHP_SELF)) {
//Test if user is in WebCalendar database
$prefix = "testuser";
user_load_variables($login, $prefix);
if (empty($GLOBALS[$prefix . 'login']) || $GLOBALS[$prefix . 'login'] != $login) {
user_add_user($login, $password, '', '', '', 'N');
//Redirect new users to enter user date
$GLOBALS['newUserUrl'] = $GLOBALS['SERVER_URL'] . "edit_user.php?user={$login}";
} else {
//refresh their password in webcal_user
user_update_user_password($login, $password);
}
}
return $ret;
}
fputs($stream, "a001 LOGOUT\r\n");
}
}
// return failure
return $ret;
}
