if ($auth_method == "imap") {
$imap_address = get_rewritten_email_address($address, $address_rewriting_type);
$user_name = get_user_from_email($imap_address);
} elseif ($auth_method == "pop3" && empty($routing_domain)) {
$user_name = get_user_from_email($address);
} elseif ($auth_method == "external") {
$user_name = ereg_replace('@.*$', '', $user_name);
// FIXME there has to be a better way to do this. It implements the
// assumption (valid here) that the LHS of all addresses that need to
// be authenticated against is the user name. But some things just didn't
// work right until I added this code.
}
list($authenticated, $email) = auth($user_name, $pwd, $address, $nt_domain);
if ($authenticated === true) {
if (is_primary_email($email)) {
$owner_id = get_email_address_owner(get_email_address_id($email));
$uid = get_user_id($user_name, $email);
if ($owner_id != 0 && $owner_id != $uid) {
$authenticated = PEAR::raiseError($lang['error_case_mixup_rejected_html']);
$logger->warning(sprintf($lang['error_case_mixup_rejected_log'], $email, $address, $user_name, $uid, $owner_id));
}
} else {
$authenticated = PEAR::raiseError(sprintf($lang['error_link_login_failed'], $email));
$logger->warning(sprintf($lang['error_link_login_failed'], $email));
}
}
}
if ($authenticated === true) {
session_start();
session_unset();
// clear any session data
$domain_name = get_user_name($euid);
$domain_id = get_domain_id($domain_name);
} else {
$domain_user = false;
$domain_name = "";
$domain_id = "";
}
$smarty->assign('domain_user', $domain_user);
$smarty->assign('domain_name', $domain_name);
$smarty->assign('domain_id', $domain_id);
$smarty->assign("euid", $euid);
$smarty->assign('super', $super);
//verify that the supplied address is valid for the current user
if (isset($_GET["addid"])) {
$address_id = trim($_GET["addid"]);
if (get_email_address_owner($address_id) != $euid) {
header("Location: index.php{$sid}");
exit;
}
} else {
if ($domain_user) {
$address_id = get_primary_email_id($euid);
} else {
$address_id = 0;
}
}
$smarty->assign('address_id', $address_id);
if (isset($_GET['tab'])) {
$smarty->assign('tab', $_GET['tab']);
} else {
$smarty->assign('tab', 0);
if (isset($_POST["domain"])) {
$domain = trim($_POST["domain"]);
} else {
$domain = "";
}
if ($auth_method == "pop3" && !empty($routing_domain) || $auth_method == "ldap" || $auth_method == "exchange" || $auth_method == "sql" || $auth_method == "internal" || $auth_method == "external") {
$user_name = $login;
$address = "";
} else {
$address = $login;
$user_name = "";
}
list($authenticated, $email) = auth($user_name, $password, $address, $domain);
if ($authenticated === true) {
$address_id = get_email_address_id($email);
$old_owner = get_email_address_owner($address_id);
if (!$old_owner) {
add_email_address_to_user($euid, $email);
} else {
transfer_email_address_to_user($old_owner, $euid, $email);
}
$message = sprintf($lang['text_address_added'], $email);
} else {
$message = sprintf($lang['text_login_failed'], $login);
if (PEAR::isError($authenticated)) {
$message .= "<br>" . $authenticated->getMessage();
}
}
$_SESSION['message'] = $message;
header("Location: settings.php{$msid}tab=0");
exit;
