/** * Will verify the input against a set of criteria: * is every field supplied, does verify password match, * does current password validate, .. * These criteria are (for now) backend-independent. * * @return array Array with zero or more error messages. */ function cpw_check_input() { global $cpw_pass_min_length, $cpw_pass_max_length; // formdata sqgetGlobalVar('cpw_curpass', $currentpw, SQ_POST); sqgetGlobalVar('cpw_newpass', $newpw, SQ_POST); sqgetGlobalVar('cpw_verify', $verifypw, SQ_POST); // for decrypting current password sqgetGlobalVar('key', $key, SQ_COOKIE); sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION); $msg = array(); if (!$newpw) { $msg[] = _("You must type in a new password."); } if (!$verifypw) { $msg[] = _("You must also type in your new password in the verify box."); } elseif ($verifypw != $newpw) { $msg[] = _("Your new password does not match the verify password."); } $orig_pw = OneTimePadDecrypt($key, $onetimepad); if (!$currentpw) { $msg[] = _("You must type in your current password."); } elseif ($currentpw != $orig_pw) { $msg[] = _("Your current password is not correct."); } if ($newpw && (strlen($newpw) < $cpw_pass_min_length || strlen($newpw) > $cpw_pass_max_length)) { $msg[] = sprintf(_("Your new password should be %s to %s characters long."), $cpw_pass_min_length, $cpw_pass_max_length); } // do we need to do checks that are backend-specific and should // be handled by a hook? I know of none now, bnd those checks can // also be done in the backend dochange() function. If there turns // out to be a need for it we can add a hook for that here. return $msg; }
function sqimap_login($username, $password, $imap_server_address, $imap_port, $hide) { global $color, $squirrelmail_language, $onetimepad, $use_imap_tls, $imap_auth_mech; if (!isset($onetimepad) || empty($onetimepad)) { sqgetglobalvar('onetimepad', $onetimepad, SQ_SESSION); } $imap_server_address = sqimap_get_user_server($imap_server_address, $username); $host = $imap_server_address; if ($use_imap_tls == true and check_php_version(4, 3) and extension_loaded('openssl')) { /* Use TLS by prefixing "tls://" to the hostname */ $imap_server_address = 'tls://' . $imap_server_address; } $imap_stream = fsockopen($imap_server_address, $imap_port, $error_number, $error_string, 15); /* Do some error correction */ if (!$imap_stream) { if (!$hide) { set_up_language($squirrelmail_language, true); require_once SM_PATH . 'functions/display_messages.php'; $string = sprintf(_("Error connecting to IMAP server: %s.") . "<br>\r\n", $imap_server_address) . "{$error_number} : {$error_string}<br>\r\n"; logout_error($string, $color); } exit; } $server_info = fgets($imap_stream, 1024); /* Decrypt the password */ $password = OneTimePadDecrypt($password, $onetimepad); if ($imap_auth_mech == 'cram-md5' or $imap_auth_mech == 'digest-md5') { // We're using some sort of authentication OTHER than plain or login $tag = sqimap_session_id(false); if ($imap_auth_mech == 'digest-md5') { $query = $tag . " AUTHENTICATE DIGEST-MD5\r\n"; } elseif ($imap_auth_mech == 'cram-md5') { $query = $tag . " AUTHENTICATE CRAM-MD5\r\n"; } fputs($imap_stream, $query); $answer = sqimap_fgets($imap_stream); // Trim the "+ " off the front $response = explode(" ", $answer, 3); if ($response[0] == '+') { // Got a challenge back $challenge = $response[1]; if ($imap_auth_mech == 'digest-md5') { $reply = digest_md5_response($username, $password, $challenge, 'imap', $host); } elseif ($imap_auth_mech == 'cram-md5') { $reply = cram_md5_response($username, $password, $challenge); } fputs($imap_stream, $reply); $read = sqimap_fgets($imap_stream); if ($imap_auth_mech == 'digest-md5') { // DIGEST-MD5 has an extra step.. if (substr($read, 0, 1) == '+') { // OK so far.. fputs($imap_stream, "\r\n"); $read = sqimap_fgets($imap_stream); } } $results = explode(" ", $read, 3); $response = $results[1]; $message = $results[2]; } else { // Fake the response, so the error trap at the bottom will work $response = "BAD"; $message = 'IMAP server does not appear to support the authentication method selected.'; $message .= ' Please contact your system administrator.'; } } elseif ($imap_auth_mech == 'login') { // Original IMAP login code $query = 'LOGIN "' . quoteimap($username) . '" "' . quoteimap($password) . '"'; $read = sqimap_run_command($imap_stream, $query, false, $response, $message); } elseif ($imap_auth_mech == 'plain') { /* Replace this with SASL PLAIN if it ever gets implemented */ $response = "BAD"; $message = 'SquirrelMail does not support SASL PLAIN yet. Rerun conf.pl and use login instead.'; } else { $response = "BAD"; $message = "Internal SquirrelMail error - unknown IMAP authentication method chosen. Please contact the developers."; } /* If the connection was not successful, lets see why */ if ($response != 'OK') { if (!$hide) { if ($response != 'NO') { /* "BAD" and anything else gets reported here. */ $message = htmlspecialchars($message); set_up_language($squirrelmail_language, true); require_once SM_PATH . 'functions/display_messages.php'; if ($response == 'BAD') { $string = sprintf(_("Bad request: %s") . "<br>\r\n", $message); } else { $string = sprintf(_("Unknown error: %s") . "<br>\n", $message); } if (isset($read) && is_array($read)) { $string .= '<br>' . _("Read data:") . "<br>\n"; foreach ($read as $line) { $string .= htmlspecialchars($line) . "<br>\n"; } } error_box($string, $color); exit; } else { /* * If the user does not log in with the correct * username and password it is not possible to get the * correct locale from the user's preferences. * Therefore, apply the same hack as on the login * screen. * * $squirrelmail_language is set by a cookie when * the user selects language and logs out */ set_up_language($squirrelmail_language, true); include_once SM_PATH . 'functions/display_messages.php'; sqsession_destroy(); logout_error(_("Unknown user or password incorrect.")); exit; } } else { exit; } } return $imap_stream; }
function sqauth_read_password() { sqgetGlobalVar('key', $key, SQ_COOKIE); sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION); return OneTimePadDecrypt($key, $onetimepad); }
/** * Fillin user and password based on SMTP auth settings. * * @param string $user Reference to SMTP username * @param string $pass Reference to SMTP password (unencrypted) */ function get_smtp_user(&$user, &$pass) { global $username, $smtp_auth_mech, $smtp_sitewide_user, $smtp_sitewide_pass; if ($smtp_auth_mech == 'none') { $user = ''; $pass = ''; } elseif (isset($smtp_sitewide_user) && isset($smtp_sitewide_pass)) { $user = $smtp_sitewide_user; $pass = $smtp_sitewide_pass; } else { global $key, $onetimepad; $user = $username; $pass = OneTimePadDecrypt($key, $onetimepad); } }
/** * Writes user dictionary into the $username.words file, then changes mask * to 0600. If encryption is needed -- does that, too. * * @param $words The contents of the ".words" file to write. * @return void * @since 1.5.1 (sqspell 0.5) * @deprecated */ function sqspell_writeWords_old($words) { global $SQSPELL_WORDS_FILE, $SQSPELL_CRYPTO; /** * if $words is empty, create a template entry by calling the * sqspell_makeDummy() function. */ if (!$words) { $words = sqspell_makeDummy(); } if ($SQSPELL_CRYPTO) { /** * User wants to encrypt the file. So be it. * Get the user's password to use as a key. */ sqgetGlobalVar('key', $key, SQ_COOKIE); sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION); $clear_key = OneTimePadDecrypt($key, $onetimepad); /** * Try encrypting it. If fails, scream bloody hell. */ $save_words = sqspell_crypto("encrypt", $clear_key, $words); if ($save_words == 'PANIC') { /** * AAAAAAAAH! I'm not handling this yet, since obviously * the admin of the site forgot to compile the MCRYPT support in * when upgrading an existing PHP installation. * I will add a handler for this case later, when I can come up * with some work-around... Right now, do nothing. Let the Admin's * head hurt.. ;))) */ /** save some hairs on admin's head and store error message in logs */ error_log('SquirrelSpell: php does not have mcrypt support'); } } else { $save_words = $words; } /** * Do the actual writing. */ $fp = fopen($SQSPELL_WORDS_FILE, "w"); fwrite($fp, $save_words); fclose($fp); chmod($SQSPELL_WORDS_FILE, 0600); }
echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"' . "\n" . ' "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">' . "\n<head>\n<meta name=\"robots\" content=\"noindex,nofollow\">\n" . "</head><body>"; if (sqgetGlobalVar('submit', $submit, SQ_POST)) { $continue = TRUE; if (!sqgetGlobalVar('secret', $secret, SQ_POST) || empty($secret)) { $continue = FALSE; echo "<p>You must enter an encryption key.</p>\n"; } if (!sqgetGlobalVar('enc_string', $enc_string, SQ_POST) || empty($enc_string)) { $continue = FALSE; echo "<p>You must enter an encrypted string.</p>\n"; } if ($continue) { if (isset($enc_string) && !base64_decode($enc_string)) { echo "<p>Encrypted string should be BASE64 encoded.<br />\n" . "Please enter all characters that are listed after header name.</p>\n"; } elseif (isset($secret)) { $string = OneTimePadDecrypt($enc_string, base64_encode($secret)); if (sqgetGlobalVar('ip_addr', $is_addr, SQ_POST)) { $string = hex2ip($string); } echo "<p>Decoded string: " . htmlspecialchars($string) . "</p>\n"; } } echo "<hr />"; } ?> <form action="" method="post"> <p> Secret key: <input type="password" name="secret"><br /> Encrypted string: <input type="text" name="enc_string"><br /> <label for="ip_addr">Check here if you are decoding an address string (FromHash/ProxyHash): </label><input type="checkbox" name="ip_addr" id="ip_addr" /><br /> <button type="submit" name="submit" value="submit">Submit</button>
function retrieve_external_userdata() { global $data_dir, $username, $password; include "../plugins/retrieveuserdata/config.php"; include "../plugins/retrieveuserdata/{$retrieve_data_from}"; $cleartext_password = OneTimePadDecrypt($password, $onetimepad); $userdata = retrieve_data($username, $cleartext_password); if (!$userdata["error"]) { set_userdata($userdata["common_name"], $userdata["mail_address"]); set_userdata_backup($userdata["common_name"], $userdata["mail_address"]); setPref($data_dir, $username, "got_external_userdata", 1); } }
<td align="right" nowrap><?php echo _("Repeat password: "******"left"><input type="password" name="rptpass" size="12"></td></tr> <tr> <td colspan="2" align="center"><input type="submit" name="mkpass" value="<?php echo _("Change my password >>"); ?> "></td></tr> </table> </div> <?php } else { /** This means that the form was submitted **/ $v_key = OneTimePadDecrypt($key, $onetimepad); /** These checks are self-explanatory **/ if ($oldpass != $v_key) { sayError("Old password did not match."); } if ($newpass == $v_key) { sayError("New password is the same as old"); } if ($newpass != $rptpass) { sayError("New password and repeat password did not match"); } if (strlen($newpass) < 4) { sayError("Password too short. Passwords must be between 4 and 16 characters in length."); } if (strlen($newpass) > 16) { sayError("Password too long. Passwords must be between 4 and 16 characters in length.");
function SendMDN($mailbox, $passed_id, $sender, $message, $imapConnection) { global $username, $attachment_dir, $color, $version, $attachments, $squirrelmail_language, $default_charset, $languages, $useSendmail, $domain, $sent_folder, $popuser, $data_dir, $username; sqgetGlobalVar('SERVER_NAME', $SERVER_NAME, SQ_SERVER); $header = $message->rfc822_header; $hashed_attachment_dir = getHashedDir($username, $attachment_dir); $rfc822_header = new Rfc822Header(); $content_type = new ContentType('multipart/report'); $content_type->properties['report-type'] = 'disposition-notification'; set_my_charset(); if ($default_charset) { $content_type->properties['charset'] = $default_charset; } $rfc822_header->content_type = $content_type; $rfc822_header->to[] = $header->dnt; $rfc822_header->subject = _("Read:") . ' ' . encodeHeader($header->subject); // FIX ME, use identity.php from SM 1.5. Change this also in compose.php $reply_to = ''; if (isset($identity) && $identity != 'default') { $from_mail = getPref($data_dir, $username, 'email_address' . $identity); $full_name = getPref($data_dir, $username, 'full_name' . $identity); $from_addr = '"' . $full_name . '" <' . $from_mail . '>'; $reply_to = getPref($data_dir, $username, 'reply_to' . $identity); } else { $from_mail = getPref($data_dir, $username, 'email_address'); $full_name = getPref($data_dir, $username, 'full_name'); $from_addr = '"' . $full_name . '" <' . $from_mail . '>'; $reply_to = getPref($data_dir, $username, 'reply_to'); } // Patch #793504 Return Receipt Failing with <@> from Tim Craig (burny_md) // This merely comes from compose.php and only happens when there is no // email_addr specified in user's identity (which is the startup config) if (ereg("^([^@%/]+)[@%/](.+)\$", $username, $usernamedata)) { $popuser = $usernamedata[1]; $domain = $usernamedata[2]; unset($usernamedata); } else { $popuser = $username; } if (!$from_mail) { $from_mail = "{$popuser}@{$domain}"; $from_addr = $from_mail; } $rfc822_header->from = $rfc822_header->parseAddress($from_addr, true); if ($reply_to) { $rfc822_header->reply_to = $rfc822_header->parseAddress($reply_to, true); } // part 1 (RFC2298) $senton = getLongDateString($header->date, $header->date_unparsed); $to_array = $header->to; $to = ''; foreach ($to_array as $line) { $to .= ' ' . $line->getAddress(); } $now = getLongDateString(time()); set_my_charset(); $body = _("Your message") . "\r\n\r\n" . "\t" . _("To") . ': ' . decodeHeader($to, false, false, true) . "\r\n" . "\t" . _("Subject") . ': ' . decodeHeader($header->subject, false, false, true) . "\r\n" . "\t" . _("Sent") . ': ' . $senton . "\r\n" . "\r\n" . sprintf(_("Was displayed on %s"), $now); $special_encoding = ''; if (isset($languages[$squirrelmail_language]['XTRA_CODE']) && function_exists($languages[$squirrelmail_language]['XTRA_CODE'])) { $body = $languages[$squirrelmail_language]['XTRA_CODE']('encode', $body); if (strtolower($default_charset) == 'iso-2022-jp') { if (mb_detect_encoding($body) == 'ASCII') { $special_encoding = '8bit'; } else { $body = mb_convert_encoding($body, 'JIS'); $special_encoding = '7bit'; } } } elseif (sq_is8bit($body)) { // detect 8bit symbols added by translations $special_encoding = '8bit'; } $part1 = new Message(); $part1->setBody($body); $mime_header = new MessageHeader(); $mime_header->type0 = 'text'; $mime_header->type1 = 'plain'; if ($special_encoding) { $mime_header->encoding = $special_encoding; } else { $mime_header->encoding = 'us-ascii'; } if ($default_charset) { $mime_header->parameters['charset'] = $default_charset; } $part1->mime_header = $mime_header; // part2 (RFC2298) $original_recipient = $to; $original_message_id = $header->message_id; $report = "Reporting-UA : {$SERVER_NAME} ; SquirrelMail (version {$version}) \r\n"; if ($original_recipient != '') { $report .= "Original-Recipient : {$original_recipient}\r\n"; } $final_recipient = $sender; $report .= "Final-Recipient: rfc822; {$final_recipient}\r\n" . "Original-Message-ID : {$original_message_id}\r\n" . "Disposition: manual-action/MDN-sent-manually; displayed\r\n"; $part2 = new Message(); $part2->setBody($report); $mime_header = new MessageHeader(); $mime_header->type0 = 'message'; $mime_header->type1 = 'disposition-notification'; $mime_header->encoding = 'us-ascii'; $part2->mime_header = $mime_header; $composeMessage = new Message(); $composeMessage->rfc822_header = $rfc822_header; $composeMessage->addEntity($part1); $composeMessage->addEntity($part2); if ($useSendmail) { require_once SM_PATH . 'class/deliver/Deliver_SendMail.class.php'; global $sendmail_path, $sendmail_args; // Check for outdated configuration if (!isset($sendmail_args)) { if ($sendmail_path == '/var/qmail/bin/qmail-inject') { $sendmail_args = ''; } else { $sendmail_args = '-i -t'; } } $deliver = new Deliver_SendMail(array('sendmail_args' => $sendmail_args)); $stream = $deliver->initStream($composeMessage, $sendmail_path); } else { require_once SM_PATH . 'class/deliver/Deliver_SMTP.class.php'; $deliver = new Deliver_SMTP(); global $smtpServerAddress, $smtpPort, $smtp_auth_mech, $pop_before_smtp; if ($smtp_auth_mech == 'none') { $user = ''; $pass = ''; } else { global $key, $onetimepad; $user = $username; $pass = OneTimePadDecrypt($key, $onetimepad); } $authPop = isset($pop_before_smtp) && $pop_before_smtp ? true : false; $stream = $deliver->initStream($composeMessage, $domain, 0, $smtpServerAddress, $smtpPort, $user, $pass, $authPop); } $success = false; if ($stream) { $length = $deliver->mail($composeMessage, $stream); $success = $deliver->finalizeStream($stream); } if (!$success) { $msg = _("Message not sent.") . ' ' . _("Server replied:") . "\n<blockquote>\n" . $deliver->dlv_msg . '<br />' . $deliver->dlv_ret_nr . ' ' . $deliver->dlv_server_msg . "</blockquote>\n\n"; require_once SM_PATH . 'functions/display_messages.php'; plain_error_message($msg, $color); } else { unset($deliver); if (sqimap_mailbox_exists($imapConnection, $sent_folder)) { sqimap_append($imapConnection, $sent_folder, $length); require_once SM_PATH . 'class/deliver/Deliver_IMAP.class.php'; $imap_deliver = new Deliver_IMAP(); $imap_deliver->mail($composeMessage, $imapConnection); sqimap_append_done($imapConnection); unset($imap_deliver); } } return $success; }
/** * temporary function to make use of the deliver class. * In the future the responsible backend should be automaticly loaded * and conf.pl should show a list of available backends. * The message also should be constructed by the message class. */ function deliverMessage($composeMessage, $draft = false) { global $send_to, $send_to_cc, $send_to_bcc, $mailprio, $subject, $body, $username, $popuser, $usernamedata, $identity, $idents, $data_dir, $request_mdn, $request_dr, $default_charset, $color, $useSendmail, $domain, $action, $default_move_to_sent, $move_to_sent; global $imapServerAddress, $imapPort, $sent_folder, $key; $rfc822_header = $composeMessage->rfc822_header; $abook = addressbook_init(false, true); $rfc822_header->to = $rfc822_header->parseAddress($send_to, true, array(), '', $domain, array(&$abook, 'lookup')); $rfc822_header->cc = $rfc822_header->parseAddress($send_to_cc, true, array(), '', $domain, array(&$abook, 'lookup')); $rfc822_header->bcc = $rfc822_header->parseAddress($send_to_bcc, true, array(), '', $domain, array(&$abook, 'lookup')); $rfc822_header->priority = $mailprio; $rfc822_header->subject = $subject; $special_encoding = ''; if (strtolower($default_charset) == 'iso-2022-jp') { if (mb_detect_encoding($body) == 'ASCII') { $special_encoding = '8bit'; } else { $body = mb_convert_encoding($body, 'JIS'); $special_encoding = '7bit'; } } $composeMessage->setBody($body); if (ereg("^([^@%/]+)[@%/](.+)\$", $username, $usernamedata)) { $popuser = $usernamedata[1]; $domain = $usernamedata[2]; unset($usernamedata); } else { $popuser = $username; } $reply_to = ''; $from_mail = $idents[$identity]['email_address']; $full_name = $idents[$identity]['full_name']; $reply_to = $idents[$identity]['reply_to']; if (!$from_mail) { $from_mail = "{$popuser}@{$domain}"; } $rfc822_header->from = $rfc822_header->parseAddress($from_mail, true); if ($full_name) { $from = $rfc822_header->from[0]; if (!$from->host) { $from->host = $domain; } $full_name_encoded = encodeHeader($full_name); if ($full_name_encoded != $full_name) { $from_addr = $full_name_encoded . ' <' . $from->mailbox . '@' . $from->host . '>'; } else { $from_addr = '"' . $full_name . '" <' . $from->mailbox . '@' . $from->host . '>'; } $rfc822_header->from = $rfc822_header->parseAddress($from_addr, true); } if ($reply_to) { $rfc822_header->reply_to = $rfc822_header->parseAddress($reply_to, true); } /* Receipt: On Read */ if (isset($request_mdn) && $request_mdn) { $rfc822_header->dnt = $rfc822_header->parseAddress($from_mail, true); } /* Receipt: On Delivery */ if (isset($request_dr) && $request_dr) { $rfc822_header->more_headers['Return-Receipt-To'] = $from_mail; } /* multipart messages */ if (count($composeMessage->entities)) { $message_body = new Message(); $message_body->body_part = $composeMessage->body_part; $composeMessage->body_part = ''; $mime_header = new MessageHeader(); $mime_header->type0 = 'text'; $mime_header->type1 = 'plain'; if ($special_encoding) { $mime_header->encoding = $special_encoding; } else { $mime_header->encoding = '8bit'; } if ($default_charset) { $mime_header->parameters['charset'] = $default_charset; } $message_body->mime_header = $mime_header; array_unshift($composeMessage->entities, $message_body); $content_type = new ContentType('multipart/mixed'); } else { $content_type = new ContentType('text/plain'); if ($special_encoding) { $rfc822_header->encoding = $special_encoding; } else { $rfc822_header->encoding = '8bit'; } if ($default_charset) { $content_type->properties['charset'] = $default_charset; } } $rfc822_header->content_type = $content_type; $composeMessage->rfc822_header = $rfc822_header; /* Here you can modify the message structure just before we hand it over to deliver */ $hookReturn = do_hook('compose_send', $composeMessage); /* Get any changes made by plugins to $composeMessage. */ if (is_object($hookReturn[1])) { $composeMessage = $hookReturn[1]; } if (!$useSendmail && !$draft) { require_once SM_PATH . 'class/deliver/Deliver_SMTP.class.php'; $deliver = new Deliver_SMTP(); global $smtpServerAddress, $smtpPort, $pop_before_smtp, $smtp_auth_mech; $authPop = isset($pop_before_smtp) && $pop_before_smtp ? true : false; if ($smtp_auth_mech == 'none' && !$authPop) { $user = ''; $pass = ''; } else { global $key, $onetimepad; $user = $username; $pass = OneTimePadDecrypt($key, $onetimepad); } $stream = $deliver->initStream($composeMessage, $domain, 0, $smtpServerAddress, $smtpPort, $user, $pass, $authPop); } elseif (!$draft) { require_once SM_PATH . 'class/deliver/Deliver_SendMail.class.php'; global $sendmail_path, $sendmail_args; // Check for outdated configuration if (!isset($sendmail_args)) { if ($sendmail_path == '/var/qmail/bin/qmail-inject') { $sendmail_args = ''; } else { $sendmail_args = '-i -t'; } } $deliver = new Deliver_SendMail(array('sendmail_args' => $sendmail_args)); $stream = $deliver->initStream($composeMessage, $sendmail_path); } elseif ($draft) { global $draft_folder; require_once SM_PATH . 'class/deliver/Deliver_IMAP.class.php'; $imap_stream = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0); if (sqimap_mailbox_exists($imap_stream, $draft_folder)) { require_once SM_PATH . 'class/deliver/Deliver_IMAP.class.php'; $imap_deliver = new Deliver_IMAP(); $length = $imap_deliver->mail($composeMessage); sqimap_append($imap_stream, $draft_folder, $length); $imap_deliver->mail($composeMessage, $imap_stream); sqimap_append_done($imap_stream, $draft_folder); sqimap_logout($imap_stream); unset($imap_deliver); $composeMessage->purgeAttachments(); return $length; } else { $msg = '<br />' . sprintf(_("Error: Draft folder %s does not exist."), htmlspecialchars($draft_folder)); plain_error_message($msg, $color); return false; } } $succes = false; if ($stream) { $length = $deliver->mail($composeMessage, $stream); $succes = $deliver->finalizeStream($stream); } if (!$succes) { $msg = _("Message not sent.") . ' ' . _("Server replied:") . "\n<blockquote>\n" . $deliver->dlv_msg . '<br />' . $deliver->dlv_ret_nr . ' ' . $deliver->dlv_server_msg . "</blockquote>\n\n"; plain_error_message($msg, $color); } else { unset($deliver); $move_to_sent = getPref($data_dir, $username, 'move_to_sent'); $imap_stream = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0); /* Move to sent code */ if (isset($default_move_to_sent) && $default_move_to_sent != 0) { $svr_allow_sent = true; } else { $svr_allow_sent = false; } if (isset($sent_folder) && ($sent_folder != '' || $sent_folder != 'none') && sqimap_mailbox_exists($imap_stream, $sent_folder)) { $fld_sent = true; } else { $fld_sent = false; } if (isset($move_to_sent) && $move_to_sent != 0 || !isset($move_to_sent)) { $lcl_allow_sent = true; } else { $lcl_allow_sent = false; } if ($fld_sent && $svr_allow_sent && !$lcl_allow_sent || $fld_sent && $lcl_allow_sent) { sqimap_append($imap_stream, $sent_folder, $length); require_once SM_PATH . 'class/deliver/Deliver_IMAP.class.php'; $imap_deliver = new Deliver_IMAP(); $imap_deliver->mail($composeMessage, $imap_stream); sqimap_append_done($imap_stream, $sent_folder); unset($imap_deliver); } global $passed_id, $mailbox, $action; $composeMessage->purgeAttachments(); if ($action == 'reply' || $action == 'reply_all') { sqimap_mailbox_select($imap_stream, $mailbox); sqimap_messages_flag($imap_stream, $passed_id, $passed_id, 'Answered', false); } sqimap_logout($imap_stream); } return $succes; }
/** * Logs the user into the IMAP server. If $hide is set, no error messages * will be displayed (if set to 1, just exits, if set to 2, returns FALSE). * This function returns the IMAP connection handle. * @param string $username user name * @param string $password password encrypted with onetimepad. Since 1.5.2 * function can use internal password functions, if parameter is set to * boolean false. * @param string $imap_server_address address of imap server * @param integer $imap_port port of imap server * @param int $hide controls display connection errors: * 0 = do not hide * 1 = show no errors (just exit) * 2 = show no errors (return FALSE) * 3 = show no errors (return error string) * @param array $stream_options Stream context options, see config_local.php * for more details (OPTIONAL) * @return mixed The IMAP connection stream, or if the connection fails, * FALSE if $hide is set to 2 or an error string if $hide * is set to 3. */ function sqimap_login($username, $password, $imap_server_address, $imap_port, $hide, $stream_options = array()) { global $color, $squirrelmail_language, $onetimepad, $use_imap_tls, $imap_auth_mech, $sqimap_capabilities, $display_imap_login_error; // Note/TODO: This hack grabs the $authz argument from the session. In the short future, // a new argument in function sqimap_login() will be used instead. $authz = ''; global $authz; sqgetglobalvar('authz', $authz, SQ_SESSION); if (!empty($authz)) { /* authz plugin - specific: * Get proxy login parameters from authz plugin configuration. If they * exist, they will override the current ones. * This is useful if we want to use different SASL authentication mechanism * and/or different TLS settings for proxy logins. */ global $authz_imap_auth_mech, $authz_use_imap_tls, $authz_imapPort_tls; $imap_auth_mech = !empty($authz_imap_auth_mech) ? strtolower($authz_imap_auth_mech) : $imap_auth_mech; $use_imap_tls = !empty($authz_use_imap_tls) ? $authz_use_imap_tls : $use_imap_tls; $imap_port = !empty($authz_use_imap_tls) ? $authz_imapPort_tls : $imap_port; if ($imap_auth_mech == 'login' || $imap_auth_mech == 'cram-md5') { logout_error("Misconfigured Plugin (authz or equivalent):<br/>" . "The LOGIN and CRAM-MD5 authentication mechanisms cannot be used when attempting proxy login."); exit; } } /* get imap login password */ if ($password === false) { /* standard functions */ $password = sqauth_read_password(); } else { /* old way. $key must be extracted from cookie */ if (!isset($onetimepad) || empty($onetimepad)) { sqgetglobalvar('onetimepad', $onetimepad, SQ_SESSION); } /* Decrypt the password */ $password = OneTimePadDecrypt($password, $onetimepad); } if (!isset($sqimap_capabilities)) { sqgetglobalvar('sqimap_capabilities', $sqimap_capabilities, SQ_SESSION); } $host = $imap_server_address; $imap_server_address = sqimap_get_user_server($imap_server_address, $username); $imap_stream = sqimap_create_stream($imap_server_address, $imap_port, $use_imap_tls, $stream_options); if ($imap_auth_mech == 'cram-md5' or $imap_auth_mech == 'digest-md5') { // We're using some sort of authentication OTHER than plain or login $tag = sqimap_session_id(false); if ($imap_auth_mech == 'digest-md5') { $query = $tag . " AUTHENTICATE DIGEST-MD5\r\n"; } elseif ($imap_auth_mech == 'cram-md5') { $query = $tag . " AUTHENTICATE CRAM-MD5\r\n"; } fputs($imap_stream, $query); $answer = sqimap_fgets($imap_stream); // Trim the "+ " off the front $response = explode(" ", $answer, 3); if ($response[0] == '+') { // Got a challenge back $challenge = $response[1]; if ($imap_auth_mech == 'digest-md5') { $reply = digest_md5_response($username, $password, $challenge, 'imap', $host, $authz); } elseif ($imap_auth_mech == 'cram-md5') { $reply = cram_md5_response($username, $password, $challenge); } fputs($imap_stream, $reply); $read = sqimap_fgets($imap_stream); if ($imap_auth_mech == 'digest-md5') { // DIGEST-MD5 has an extra step.. if (substr($read, 0, 1) == '+') { // OK so far.. fputs($imap_stream, "\r\n"); $read = sqimap_fgets($imap_stream); } } $results = explode(" ", $read, 3); $response = $results[1]; $message = $results[2]; } else { // Fake the response, so the error trap at the bottom will work $response = "BAD"; $message = 'IMAP server does not appear to support the authentication method selected.'; $message .= ' Please contact your system administrator.'; } } elseif ($imap_auth_mech == 'login') { // Original IMAP login code $query = 'LOGIN "' . quoteimap($username) . '" "' . quoteimap($password) . '"'; $read = sqimap_run_command($imap_stream, $query, false, $response, $message); } elseif ($imap_auth_mech == 'plain') { /*** * SASL PLAIN, RFC 4616 (updates 2595) * * The mechanism consists of a single message, a string of [UTF-8] * encoded [Unicode] characters, from the client to the server. The * client presents the authorization identity (identity to act as), * followed by a NUL (U+0000) character, followed by the authentication * identity (identity whose password will be used), followed by a NUL * (U+0000) character, followed by the clear-text password. As with * other SASL mechanisms, the client does not provide an authorization * identity when it wishes the server to derive an identity from the * credentials and use that as the authorization identity. */ $tag = sqimap_session_id(false); $sasl = isset($sqimap_capabilities['SASL-IR']) && $sqimap_capabilities['SASL-IR'] ? true : false; if (!empty($authz)) { $auth = base64_encode("{$username}{$authz}{$password}"); } else { $auth = base64_encode("{$username}{$username}{$password}"); } if ($sasl) { // IMAP Extension for SASL Initial Client Response // <draft-siemborski-imap-sasl-initial-response-01b.txt> $query = $tag . " AUTHENTICATE PLAIN {$auth}\r\n"; fputs($imap_stream, $query); $read = sqimap_fgets($imap_stream); } else { $query = $tag . " AUTHENTICATE PLAIN\r\n"; fputs($imap_stream, $query); $read = sqimap_fgets($imap_stream); if (substr($read, 0, 1) == '+') { // OK so far.. fputs($imap_stream, "{$auth}\r\n"); $read = sqimap_fgets($imap_stream); } } $results = explode(" ", $read, 3); $response = $results[1]; $message = $results[2]; } else { $response = "BAD"; $message = "Internal SquirrelMail error - unknown IMAP authentication method chosen. Please contact the developers."; } /* If the connection was not successful, lets see why */ if ($response != 'OK') { if (!$hide || $hide == 3) { //FIXME: UUURG... We don't want HTML in error messages, should also do html sanitizing of error messages elsewhere; should't assume output is destined for an HTML browser here if ($response != 'NO') { /* "BAD" and anything else gets reported here. */ $message = sm_encode_html_special_chars($message); set_up_language($squirrelmail_language, true); if ($response == 'BAD') { if ($hide == 3) { return sprintf(_("Bad request: %s"), $message); } $string = sprintf(_("Bad request: %s") . "<br />\r\n", $message); } else { if ($hide == 3) { return sprintf(_("Unknown error: %s"), $message); } $string = sprintf(_("Unknown error: %s") . "<br />\n", $message); } if (isset($read) && is_array($read)) { $string .= '<br />' . _("Read data:") . "<br />\n"; foreach ($read as $line) { $string .= sm_encode_html_special_chars($line) . "<br />\n"; } } error_box($string); exit; } else { /* * If the user does not log in with the correct * username and password it is not possible to get the * correct locale from the user's preferences. * Therefore, apply the same hack as on the login * screen. * * $squirrelmail_language is set by a cookie when * the user selects language and logs out */ set_up_language($squirrelmail_language, true); sqsession_destroy(); /* terminate the session nicely */ sqimap_logout($imap_stream); // determine what error message to use // $fail_msg = _("Unknown user or password incorrect."); if ($display_imap_login_error) { // See if there is an error message from the server // Skip any rfc5530 response code: '[something]' at the // start of the message if (!empty($message) && $message[0] == '[' && ($end = strstr($message, ']')) && $end != ']') { $message = substr($end, 1); } // Remove surrounding spaces and if there // is anything left, display that as the // error message: $message = trim($message); if (strlen($message)) { $fail_msg = _($message); } } if ($hide == 3) { return $fail_msg; } logout_error($fail_msg); exit; } } else { if ($hide == 2) { return FALSE; } exit; } } /* Special error case: * Login referrals. The server returns: * ? OK [REFERRAL <imap url>] * Check RFC 2221 for details. Since we do not support login referrals yet * we log the user out. */ if (stristr($message, 'REFERRAL imap') === TRUE) { sqimap_logout($imap_stream); set_up_language($squirrelmail_language, true); sqsession_destroy(); logout_error(_("Your mailbox is not located at this server. Try a different server or consult your system administrator")); exit; } return $imap_stream; }
/** * Reads and decodes stored user password information * * Direct access to password information is deprecated. * @return string password in plain text * @since 1.5.1 */ function sqauth_read_password() { global $currentHookName; if ($currentHookName == 'login_verified') { global $key; } sqgetGlobalVar('key', $key, SQ_COOKIE); sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION); return OneTimePadDecrypt($key, $onetimepad); }