/** * Check if user has previously logged in to the SquirrelMail session. If user * has not logged in, execution will stop inside this function. * * @return int A positive value is returned if user has previously logged in * successfully. */ function is_logged_in() { if (sqsession_is_registered('user_is_logged_in')) { return; } else { global $PHP_SELF, $HTTP_POST_VARS, $_POST, $session_expired_post, $session_expired_location, $squirrelmail_language; // First we store some information in the new session to prevent // information-loss. // if (!check_php_version(4, 1)) { $session_expired_post = $HTTP_POST_VARS; } else { $session_expired_post = $_POST; } $session_expired_location = $PHP_SELF; if (!sqsession_is_registered('session_expired_post')) { sqsession_register($session_expired_post, 'session_expired_post'); } if (!sqsession_is_registered('session_expired_location')) { sqsession_register($session_expired_location, 'session_expired_location'); } session_write_close(); // signout page will deal with users who aren't logged // in on its own; don't show error here // if (strpos($PHP_SELF, 'signout.php') !== FALSE) { return; } include_once SM_PATH . 'functions/display_messages.php'; set_up_language($squirrelmail_language, true); logout_error(_("You must be logged in to access this page.")); exit; } }
function logout_error($errString, $errTitle = '') { global $frame_top, $org_logo, $org_name, $org_logo_width, $org_logo_height, $hide_sm_attributions, $version, $squirrelmail_language, $color, $theme, $theme_default; $base_uri = sqm_baseuri(); include_once SM_PATH . 'functions/page_header.php'; if (!isset($org_logo)) { // Don't know yet why, but in some accesses $org_logo is not set. include SM_PATH . 'config/config.php'; } /* Display width and height like good little people */ $width_and_height = ''; if (isset($org_logo_width) && is_numeric($org_logo_width) && $org_logo_width > 0) { $width_and_height = " width=\"{$org_logo_width}\""; } if (isset($org_logo_height) && is_numeric($org_logo_height) && $org_logo_height > 0) { $width_and_height .= " height=\"{$org_logo_height}\""; } if (!isset($frame_top) || $frame_top == '') { $frame_top = '_top'; } // load default theme if possible if (!isset($color) && @file_exists($theme[$theme_default]['PATH'])) { @(include $theme[$theme_default]['PATH']); } if (!isset($color)) { $color = array(); $color[0] = '#dcdcdc'; /* light gray TitleBar */ $color[1] = '#800000'; /* red */ $color[2] = '#cc0000'; /* light red Warning/Error Messages */ $color[4] = '#ffffff'; /* white Normal Background */ $color[7] = '#0000cc'; /* blue Links */ $color[8] = '#000000'; /* black Normal text */ } $logout_link = $base_uri . 'src/login.php'; list($junk, $errString, $errTitle, $logout_link) = do_hook('logout_error', $errString, $errTitle, $logout_link); if ($errTitle == '') { $errTitle = $errString; } set_up_language($squirrelmail_language, true); displayHtmlHeader($org_name . ' - ' . $errTitle, '', false); echo '<body text="' . $color[8] . '" bgcolor="' . $color[4] . '" link="' . $color[7] . '" vlink="' . $color[7] . '" alink="' . $color[7] . "\">\n\n" . '<center>'; if (isset($org_logo) && $org_logo != '') { echo '<img src="' . $org_logo . '" alt="' . sprintf(_("%s Logo"), $org_name) . "\"{$width_and_height} /><br />\n"; } echo ($hide_sm_attributions ? '' : '<small>' . sprintf(_("SquirrelMail version %s"), $version) . '<br />' . _("By the SquirrelMail Project Team") . "<br /></small>\n") . '<table cellspacing="1" cellpadding="0" bgcolor="' . $color[1] . '" width="70%">' . '<tr><td>' . '<table width="100%" border="0" bgcolor="' . $color[4] . '" align="center">' . '<tr><td bgcolor="' . $color[0] . '" align="center">' . '<font color="' . $color[2] . '"><b>' . _("ERROR") . '</b></font>' . '</td></tr>' . '<tr><td align="center">' . $errString . '</td></tr>' . '<tr><td bgcolor="' . $color[0] . '" align="center">' . '<font color="' . $color[2] . '"><b>' . '<a href="' . $logout_link . '" target="' . $frame_top . '">' . _("Go to the login page") . '</a></b></font></td></tr>' . '</table></td></tr></table></center></body></html>'; }
/** * Check if user has previously logged in to the SquirrelMail session. If user * has not logged in, execution will stop inside this function. * * @return void This function returns ONLY if user has previously logged in * successfully (otherwise, execution terminates herein). */ function is_logged_in() { if (sqsession_is_registered('user_is_logged_in')) { return; } else { global $session_expired_post, $session_expired_location, $squirrelmail_language; // use $message to indicate what logout text the user // will see... if 0, typical "You must be logged in" // if 1, information that the user session was saved // and will be resumed after (re)login // $message = 0; // First we store some information in the new session to prevent // information-loss. $session_expired_post = $_POST; if (defined('PAGE_NAME')) { $session_expired_location = PAGE_NAME; } if (!sqsession_is_registered('session_expired_post')) { sqsession_register($session_expired_post, 'session_expired_post'); } if (!sqsession_is_registered('session_expired_location')) { sqsession_register($session_expired_location, 'session_expired_location'); if ($session_expired_location == 'compose') { $message = 1; } } session_write_close(); // signout page will deal with users who aren't logged // in on its own; don't show error here if (defined('PAGE_NAME') && PAGE_NAME == 'signout') { return; } include_once SM_PATH . 'functions/display_messages.php'; set_up_language($squirrelmail_language, true); if (!$message) { logout_error(_("You must be logged in to access this page.")); } else { logout_error(_("Your session has expired, but will be resumed after logging in again.")); } exit; } }
/** * Displays error when user is logged out * * Error strings can be overriden by logout_error hook * @param string $errString error message * @param string $errTitle title of page with error message * @since 1.2.6 */ function logout_error($errString, $errTitle = '') { global $frame_top, $org_logo, $org_logo_width, $org_logo_height, $org_name, $hide_sm_attributions, $squirrelmail_language, $oTemplate, $base_uri; $login_link = array('URI' => $base_uri . 'src/login.php', 'FRAME' => $frame_top); /* As of 1.5.2, plugin parameters are combined into one array; plugins on this hook must be updated */ $temp = array(&$errString, &$errTitle, &$login_link); do_hook('logout_error', $temp); if ($errTitle == '') { $errTitle = $errString; } set_up_language($squirrelmail_language, true); displayHtmlHeader($org_name . ' - ' . $errTitle, '', false); /* If they don't have a logo, don't bother.. */ $logo_str = ''; if (isset($org_logo) && $org_logo) { if (isset($org_logo_width) && is_numeric($org_logo_width) && $org_logo_width > 0) { $width = $org_logo_width; } else { $width = ''; } if (isset($org_logo_height) && is_numeric($org_logo_height) && $org_logo_height > 0) { $height = $org_logo_height; } else { $height = ''; } $logo_str = create_image($org_logo, sprintf(_("%s Logo"), $org_name), $width, $height, '', 'sqm_loginImage'); } $sm_attribute_str = ''; if (isset($hide_sm_attributions) && !$hide_sm_attributions) { $sm_attribute_str = _("SquirrelMail Webmail") . "\n" . _("By the SquirrelMail Project Team"); } $oTemplate->assign('logo_str', $logo_str); $oTemplate->assign('sm_attribute_str', $sm_attribute_str); $oTemplate->assign('login_link', $login_link); $oTemplate->assign('errorMessage', $errString); $oTemplate->display('error_logout.tpl'); $oTemplate->display('footer.tpl'); }
/** * Check if user has previously logged in to the Squirrelmail session. If user * has not logged in, execution will stop inside this function. * * @return int A positive value is returned if user has previously logged in * successfully. */ function is_logged_in() { return; if (sqsession_is_registered('user_is_logged_in')) { return; } else { global $PHP_SELF, $session_expired_post, $session_expired_location, $squirrelmail_language; /* First we store some information in the new session to prevent * information-loss. */ $session_expired_post = $_POST; $session_expired_location = $PHP_SELF; if (!sqsession_is_registered('session_expired_post')) { sqsession_register($session_expired_post, 'session_expired_post'); } if (!sqsession_is_registered('session_expired_location')) { sqsession_register($session_expired_location, 'session_expired_location'); } include_once SM_PATH . 'functions/display_messages.php'; set_up_language($squirrelmail_language, true); logout_error(_("You must be logged in to access this page.")); exit; } }
function sqimap_append_done($imap_stream, $folder = '') { global $squirrelmail_language, $color; fputs($imap_stream, "\r\n"); $tmp = fgets($imap_stream, 1024); if (preg_match("/(.*)(BAD|NO)(.*)\$/", $tmp, $regs)) { set_up_language($squirrelmail_language); require_once SM_PATH . 'functions/display_messages.php'; $reason = $regs[3]; if ($regs[2] == 'NO') { $string = "<b><font color={$color['2']}>\n" . _("ERROR : Could not append message to") . " {$folder}." . "</b><br>\n" . _("Server responded: ") . $reason . "<br>\n"; if (preg_match("/(.*)(quota)(.*)\$/i", $reason, $regs)) { $string .= _("Solution: ") . _("Remove unneccessary messages from your folder and start with your Trash folder.") . "<br>\n"; } $string .= "</font>\n"; error_box($string, $color); } else { $string = "<b><font color={$color['2']}>\n" . _("ERROR : Bad or malformed request.") . "</b><br>\n" . _("Server responded: ") . $tmp . "</font><br>\n"; error_box($string, $color); exit; } } }
function sqimap_append_checkresponse($response, $folder) { if (preg_match("/(.*)(BAD|NO)(.*)\$/", $response, $regs)) { global $squirrelmail_language, $color; set_up_language($squirrelmail_language); require_once SM_PATH . 'functions/display_messages.php'; $reason = $regs[3]; if ($regs[2] == 'NO') { $string = "<b><font color=\"{$color['2']}\">\n" . _("ERROR: Could not append message to") . " {$folder}." . "</b><br />\n" . _("Server responded:") . ' ' . $reason . "<br />\n"; if (preg_match("/(.*)(quota)(.*)\$/i", $reason, $regs)) { $string .= _("Solution:") . ' ' . _("Remove unneccessary messages from your folders. Start with your Trash folder.") . "<br />\n"; } $string .= "</font>\n"; error_box($string, $color); } else { $string = "<b><font color=\"{$color['2']}\">\n" . _("ERROR: Bad or malformed request.") . "</b><br />\n" . _("Server responded:") . ' ' . $reason . "</font><br />\n"; error_box($string, $color); exit; } } }
function sqimap_get_headerfield($imap_stream, $field) { $sid = sqimap_session_id(false); $results = array(); $read_list = array(); $query = "{$sid} FETCH 1:* (UID BODY.PEEK[HEADER.FIELDS ({$field})])\r\n"; fputs($imap_stream, $query); $readin_list = sqimap_read_data_list($imap_stream, $sid, false, $response, $message); $i = 0; foreach ($readin_list as $r) { $r = implode('', $r); /* first we unfold the header */ $r = str_replace(array("\r\n\t", "\r\n\\s"), array('', ''), $r); /* * now we can make a new header array with each element representing * a headerline */ $r = explode("\r\n", $r); if (!$uid_support) { if (!preg_match("/^\\*\\s+([0-9]+)\\s+FETCH/iAU", $r[0], $regs)) { set_up_language($squirrelmail_language); echo '<br><b><font color=$color[2]>' . _("ERROR : Could not complete request.") . '</b><br>' . _("Unknown response from IMAP server: ") . ' 1.' . $r[0] . "</font><br>\n"; } else { $id = $regs[1]; } } else { if (!preg_match("/^\\*\\s+([0-9]+)\\s+FETCH.*UID\\s+([0-9]+)\\s+/iAU", $r[0], $regs)) { set_up_language($squirrelmail_language); echo '<br><b><font color=$color[2]>' . _("ERROR : Could not complete request.") . '</b><br>' . _("Unknown response from IMAP server: ") . ' 1.' . $r[0] . "</font><br>\n"; } else { $id = $regs[2]; } } $field = $r[1]; $field = substr($field, strlen($field) + 2); $result[] = array($id, $field); } return $result; }
* don't have to worry. * * This is for a RedHat package bug and a Konqueror (pre 2.1.1?) bug */ global $send, $PHP_SELF; if (isset($send) && substr($send, 0, 1) == "\n" && substr($PHP_SELF, -12) == '/compose.php') { if ($REQUEST_METHOD == 'POST') { global $HTTP_POST_VARS; TrimArray($HTTP_POST_VARS); } else { global $HTTP_GET_VARS; TrimArray($HTTP_GET_VARS); } } require_once SM_PATH . 'include/load_prefs.php'; require_once SM_PATH . 'functions/page_header.php'; require_once SM_PATH . 'functions/prefs.php'; /* Set up the language (i18n.php was included by auth.php). */ global $username, $data_dir; set_up_language(getPref($data_dir, $username, 'language')); $timeZone = getPref($data_dir, $username, 'timezone'); /* Check to see if we are allowed to set the TZ environment variable. * We are able to do this if ... * safe_mode is disabled OR * safe_mode_allowed_env_vars is empty (you are allowed to set any) OR * safe_mode_allowed_env_vars contains TZ */ $tzChangeAllowed = !ini_get('safe_mode') || !strcmp(ini_get('safe_mode_allowed_env_vars'), '') || preg_match('/^([\\w_]+,)*TZ/', ini_get('safe_mode_allowed_env_vars')); if ($timeZone != SMPREF_NONE && $timeZone != "" && $tzChangeAllowed) { putenv("TZ=" . $timeZone); }
function logout_error($errString, $errTitle = '') { global $frame_top, $org_logo, $org_name, $org_logo_width, $org_logo_height, $hide_sm_attributions, $version, $squirrelmail_language; $base_uri = sqm_baseuri(); include_once SM_PATH . 'functions/page_header.php'; if (!isset($org_logo)) { // Don't know yet why, but in some accesses $org_logo is not set. include SM_PATH . 'config/config.php'; } /* Display width and height like good little people */ $width_and_height = ''; if (isset($org_logo_width) && is_numeric($org_logo_width) && $org_logo_width > 0) { $width_and_height = " WIDTH=\"{$org_logo_width}\""; } if (isset($org_logo_height) && is_numeric($org_logo_height) && $org_logo_height > 0) { $width_and_height .= " HEIGHT=\"{$org_logo_height}\""; } if (!isset($frame_top) || $frame_top == '') { $frame_top = '_top'; } if (!isset($color)) { $color = array(); $color[0] = '#DCDCDC'; /* light gray TitleBar */ $color[1] = '#800000'; /* red */ $color[2] = '#CC0000'; /* light red Warning/Error Messages */ $color[4] = '#FFFFFF'; /* white Normal Background */ $color[7] = '#0000CC'; /* blue Links */ $color[8] = '#000000'; /* black Normal text */ } if ($errTitle == '') { $errTitle = $errString; } set_up_language($squirrelmail_language, true); displayHtmlHeader($errTitle, '', false); echo "<BODY TEXT=\"{$color['8']}\" BGCOLOR=\"{$color['4']}\" LINK=\"{$color['7']}\" VLINK=\"{$color['7']}\" ALINK=\"{$color['7']}\">\n\n" . '<CENTER>'; if (isset($org_logo) && $org_logo != '') { echo "<IMG SRC=\"{$org_logo}\" ALT=\"" . sprintf(_("%s Logo"), $org_name) . "\"{$width_and_height}><BR>\n"; } echo ($hide_sm_attributions ? '' : '<SMALL>' . sprintf(_("SquirrelMail version %s"), $version) . "<BR>\n" . ' ' . _("By the SquirrelMail Development Team") . "<BR></SMALL>\n") . "<table cellspacing=1 cellpadding=0 bgcolor=\"{$color['1']}\" width=\"70%\"><tr><td>" . "<TABLE WIDTH=\"100%\" BORDER=\"0\" BGCOLOR=\"{$color['4']}\" ALIGN=CENTER>" . "<TR><TD BGCOLOR=\"{$color['0']}\" ALIGN=\"center\">" . "<FONT COLOR=\"{$color['2']}\"><B>" . _("ERROR") . '</B></FONT></TD></TR>' . '<TR><TD ALIGN="center">' . $errString . '</TD></TR>' . "<TR><TD BGCOLOR=\"{$color['0']}\" ALIGN=\"center\">" . "<FONT COLOR=\"{$color['2']}\"><B>" . '<a href="' . $base_uri . 'src/login.php" target="' . $frame_top . '">' . _("Go to the login page") . "</a></B></FONT>" . '</TD></TR>' . '</TABLE></td></tr></table></center></body></html>'; }
/* SquirrelMail required files. */ require_once SM_PATH . 'functions/strings.php'; require_once SM_PATH . 'config/config.php'; require_once SM_PATH . 'functions/i18n.php'; require_once SM_PATH . 'functions/plugin.php'; require_once SM_PATH . 'functions/constants.php'; require_once SM_PATH . 'functions/page_header.php'; require_once SM_PATH . 'functions/html.php'; require_once SM_PATH . 'functions/global.php'; require_once SM_PATH . 'functions/imap_general.php'; require_once SM_PATH . 'functions/forms.php'; /** * $squirrelmail_language is set by a cookie when the user selects * language and logs out */ set_up_language($squirrelmail_language, TRUE, TRUE); /** * Find out the base URI to set cookies. */ if (!function_exists('sqm_baseuri')) { require_once SM_PATH . 'functions/display_messages.php'; } $base_uri = sqm_baseuri(); /* * In case the last session was not terminated properly, make sure * we get a new one. */ sqsession_destroy(); header('Pragma: no-cache'); /** * This detects if the IMAP server has logins disabled, and if so,
$location = get_location(); sqsession_is_active(); sqsession_unregister('user_is_logged_in'); sqsession_register($base_uri, 'base_uri'); /* get globals we me need */ sqGetGlobalVar('login_username', $login_username); sqGetGlobalVar('secretkey', $secretkey); sqGetGlobalVar('js_autodetect_results', $js_autodetect_results); if (!sqGetGlobalVar('squirrelmail_language', $squirrelmail_language) || $squirrelmail_language == '') { $squirrelmail_language = $squirrelmail_default_language; } if (!sqgetGlobalVar('mailtodata', $mailtodata)) { $mailtodata = ''; } /* end of get globals */ set_up_language($squirrelmail_language, true); /* Refresh the language cookie. */ sqsetcookie('squirrelmail_language', $squirrelmail_language, time() + 2592000, $base_uri); if (!isset($login_username)) { include_once SM_PATH . 'functions/display_messages.php'; logout_error(_("You must be logged in to access this page.")); exit; } if (!sqsession_is_registered('user_is_logged_in')) { do_hook('login_before'); /** * Regenerate session id to make sure that authenticated session uses * different ID than one used before user authenticated. This is a * countermeasure against session fixation attacks. * NB: session_regenerate_id() was added in PHP 4.3.2 (and new session * cookie is only sent out in this call as of PHP 4.3.3), but PHP 4
// it first to avoid register_globals headaches // $right_frame_url = ''; do_hook('webmail_top'); /** * We'll need this to later have a noframes version * * Check if the user has a language preference, but no cookie. * Send him a cookie with his language preference, if there is * such discrepancy. */ $my_language = getPref($data_dir, $username, 'language'); if ($my_language != $squirrelmail_language) { sqsetcookie('squirrelmail_language', $my_language, time() + 2592000, $base_uri); } set_up_language($my_language); $output = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Frameset//EN\">\n" . "<html><head>\n" . "<meta name=\"robots\" content=\"noindex,nofollow\">\n" . "<title>{$org_title}</title>\n" . "</head>"; $left_size = getPref($data_dir, $username, 'left_size'); $location_of_bar = getPref($data_dir, $username, 'location_of_bar'); if (isset($languages[$squirrelmail_language]['DIR']) && strtolower($languages[$squirrelmail_language]['DIR']) == 'rtl') { $temp_location_of_bar = 'right'; } else { $temp_location_of_bar = 'left'; } if ($location_of_bar == '') { $location_of_bar = $temp_location_of_bar; } $temp_location_of_bar = ''; if ($left_size == "") { if (isset($default_left_size)) { $left_size = $default_left_size;
/** * Logs the user into the IMAP server. If $hide is set, no error messages * will be displayed (if set to 1, just exits, if set to 2, returns FALSE). * This function returns the IMAP connection handle. * @param string $username user name * @param string $password password encrypted with onetimepad. Since 1.5.2 * function can use internal password functions, if parameter is set to * boolean false. * @param string $imap_server_address address of imap server * @param integer $imap_port port of imap server * @param int $hide controls display connection errors: * 0 = do not hide * 1 = show no errors (just exit) * 2 = show no errors (return FALSE) * 3 = show no errors (return error string) * @param array $stream_options Stream context options, see config_local.php * for more details (OPTIONAL) * @return mixed The IMAP connection stream, or if the connection fails, * FALSE if $hide is set to 2 or an error string if $hide * is set to 3. */ function sqimap_login($username, $password, $imap_server_address, $imap_port, $hide, $stream_options = array()) { global $color, $squirrelmail_language, $onetimepad, $use_imap_tls, $imap_auth_mech, $sqimap_capabilities, $display_imap_login_error; // Note/TODO: This hack grabs the $authz argument from the session. In the short future, // a new argument in function sqimap_login() will be used instead. $authz = ''; global $authz; sqgetglobalvar('authz', $authz, SQ_SESSION); if (!empty($authz)) { /* authz plugin - specific: * Get proxy login parameters from authz plugin configuration. If they * exist, they will override the current ones. * This is useful if we want to use different SASL authentication mechanism * and/or different TLS settings for proxy logins. */ global $authz_imap_auth_mech, $authz_use_imap_tls, $authz_imapPort_tls; $imap_auth_mech = !empty($authz_imap_auth_mech) ? strtolower($authz_imap_auth_mech) : $imap_auth_mech; $use_imap_tls = !empty($authz_use_imap_tls) ? $authz_use_imap_tls : $use_imap_tls; $imap_port = !empty($authz_use_imap_tls) ? $authz_imapPort_tls : $imap_port; if ($imap_auth_mech == 'login' || $imap_auth_mech == 'cram-md5') { logout_error("Misconfigured Plugin (authz or equivalent):<br/>" . "The LOGIN and CRAM-MD5 authentication mechanisms cannot be used when attempting proxy login."); exit; } } /* get imap login password */ if ($password === false) { /* standard functions */ $password = sqauth_read_password(); } else { /* old way. $key must be extracted from cookie */ if (!isset($onetimepad) || empty($onetimepad)) { sqgetglobalvar('onetimepad', $onetimepad, SQ_SESSION); } /* Decrypt the password */ $password = OneTimePadDecrypt($password, $onetimepad); } if (!isset($sqimap_capabilities)) { sqgetglobalvar('sqimap_capabilities', $sqimap_capabilities, SQ_SESSION); } $host = $imap_server_address; $imap_server_address = sqimap_get_user_server($imap_server_address, $username); $imap_stream = sqimap_create_stream($imap_server_address, $imap_port, $use_imap_tls, $stream_options); if ($imap_auth_mech == 'cram-md5' or $imap_auth_mech == 'digest-md5') { // We're using some sort of authentication OTHER than plain or login $tag = sqimap_session_id(false); if ($imap_auth_mech == 'digest-md5') { $query = $tag . " AUTHENTICATE DIGEST-MD5\r\n"; } elseif ($imap_auth_mech == 'cram-md5') { $query = $tag . " AUTHENTICATE CRAM-MD5\r\n"; } fputs($imap_stream, $query); $answer = sqimap_fgets($imap_stream); // Trim the "+ " off the front $response = explode(" ", $answer, 3); if ($response[0] == '+') { // Got a challenge back $challenge = $response[1]; if ($imap_auth_mech == 'digest-md5') { $reply = digest_md5_response($username, $password, $challenge, 'imap', $host, $authz); } elseif ($imap_auth_mech == 'cram-md5') { $reply = cram_md5_response($username, $password, $challenge); } fputs($imap_stream, $reply); $read = sqimap_fgets($imap_stream); if ($imap_auth_mech == 'digest-md5') { // DIGEST-MD5 has an extra step.. if (substr($read, 0, 1) == '+') { // OK so far.. fputs($imap_stream, "\r\n"); $read = sqimap_fgets($imap_stream); } } $results = explode(" ", $read, 3); $response = $results[1]; $message = $results[2]; } else { // Fake the response, so the error trap at the bottom will work $response = "BAD"; $message = 'IMAP server does not appear to support the authentication method selected.'; $message .= ' Please contact your system administrator.'; } } elseif ($imap_auth_mech == 'login') { // Original IMAP login code $query = 'LOGIN "' . quoteimap($username) . '" "' . quoteimap($password) . '"'; $read = sqimap_run_command($imap_stream, $query, false, $response, $message); } elseif ($imap_auth_mech == 'plain') { /*** * SASL PLAIN, RFC 4616 (updates 2595) * * The mechanism consists of a single message, a string of [UTF-8] * encoded [Unicode] characters, from the client to the server. The * client presents the authorization identity (identity to act as), * followed by a NUL (U+0000) character, followed by the authentication * identity (identity whose password will be used), followed by a NUL * (U+0000) character, followed by the clear-text password. As with * other SASL mechanisms, the client does not provide an authorization * identity when it wishes the server to derive an identity from the * credentials and use that as the authorization identity. */ $tag = sqimap_session_id(false); $sasl = isset($sqimap_capabilities['SASL-IR']) && $sqimap_capabilities['SASL-IR'] ? true : false; if (!empty($authz)) { $auth = base64_encode("{$username}{$authz}{$password}"); } else { $auth = base64_encode("{$username}{$username}{$password}"); } if ($sasl) { // IMAP Extension for SASL Initial Client Response // <draft-siemborski-imap-sasl-initial-response-01b.txt> $query = $tag . " AUTHENTICATE PLAIN {$auth}\r\n"; fputs($imap_stream, $query); $read = sqimap_fgets($imap_stream); } else { $query = $tag . " AUTHENTICATE PLAIN\r\n"; fputs($imap_stream, $query); $read = sqimap_fgets($imap_stream); if (substr($read, 0, 1) == '+') { // OK so far.. fputs($imap_stream, "{$auth}\r\n"); $read = sqimap_fgets($imap_stream); } } $results = explode(" ", $read, 3); $response = $results[1]; $message = $results[2]; } else { $response = "BAD"; $message = "Internal SquirrelMail error - unknown IMAP authentication method chosen. Please contact the developers."; } /* If the connection was not successful, lets see why */ if ($response != 'OK') { if (!$hide || $hide == 3) { //FIXME: UUURG... We don't want HTML in error messages, should also do html sanitizing of error messages elsewhere; should't assume output is destined for an HTML browser here if ($response != 'NO') { /* "BAD" and anything else gets reported here. */ $message = sm_encode_html_special_chars($message); set_up_language($squirrelmail_language, true); if ($response == 'BAD') { if ($hide == 3) { return sprintf(_("Bad request: %s"), $message); } $string = sprintf(_("Bad request: %s") . "<br />\r\n", $message); } else { if ($hide == 3) { return sprintf(_("Unknown error: %s"), $message); } $string = sprintf(_("Unknown error: %s") . "<br />\n", $message); } if (isset($read) && is_array($read)) { $string .= '<br />' . _("Read data:") . "<br />\n"; foreach ($read as $line) { $string .= sm_encode_html_special_chars($line) . "<br />\n"; } } error_box($string); exit; } else { /* * If the user does not log in with the correct * username and password it is not possible to get the * correct locale from the user's preferences. * Therefore, apply the same hack as on the login * screen. * * $squirrelmail_language is set by a cookie when * the user selects language and logs out */ set_up_language($squirrelmail_language, true); sqsession_destroy(); /* terminate the session nicely */ sqimap_logout($imap_stream); // determine what error message to use // $fail_msg = _("Unknown user or password incorrect."); if ($display_imap_login_error) { // See if there is an error message from the server // Skip any rfc5530 response code: '[something]' at the // start of the message if (!empty($message) && $message[0] == '[' && ($end = strstr($message, ']')) && $end != ']') { $message = substr($end, 1); } // Remove surrounding spaces and if there // is anything left, display that as the // error message: $message = trim($message); if (strlen($message)) { $fail_msg = _($message); } } if ($hide == 3) { return $fail_msg; } logout_error($fail_msg); exit; } } else { if ($hide == 2) { return FALSE; } exit; } } /* Special error case: * Login referrals. The server returns: * ? OK [REFERRAL <imap url>] * Check RFC 2221 for details. Since we do not support login referrals yet * we log the user out. */ if (stristr($message, 'REFERRAL imap') === TRUE) { sqimap_logout($imap_stream); set_up_language($squirrelmail_language, true); sqsession_destroy(); logout_error(_("Your mailbox is not located at this server. Try a different server or consult your system administrator")); exit; } return $imap_stream; }