$authenticated = true; } else { $logger->err("token or data not found"); $authenticated = PEAR::raiseError($lang['invalid_token']); } } else { $logger->err("unknown action"); $authenticated = PEAR::raiseError($lang['invalid_token']); } if (!ok_to_impersonate($euid, $uid)) { $logger->err("user {$uid} cannot impersonate {$euid}"); $authenticated = PEAR::raiseError($lang['invalid_token']); } } else { if ($auth_method == "imap") { $imap_address = get_rewritten_email_address($address, $address_rewriting_type); $user_name = get_user_from_email($imap_address); } elseif ($auth_method == "pop3" && empty($routing_domain)) { $user_name = get_user_from_email($address); } elseif ($auth_method == "external") { $user_name = ereg_replace('@.*$', '', $user_name); // FIXME there has to be a better way to do this. It implements the // assumption (valid here) that the LHS of all addresses that need to // be authenticated against is the user name. But some things just didn't // work right until I added this code. } list($authenticated, $email) = auth($user_name, $pwd, $address, $nt_domain); if ($authenticated === true) { if (is_primary_email($email)) { $owner_id = get_email_address_owner(get_email_address_id($email)); $uid = get_user_id($user_name, $email);
function auth($user_name, $pwd, $email, $nt_domain) { global $dbh; global $auth_method; global $routing_domain; global $address_rewriting_type; $authenticated = false; $user_name = trim(stripslashes($user_name)); $email = trim($email); // Don't allow logins for domain-class pseudo-users if (!empty($user_name) && $user_name[0] == "@" || !empty($email) && $email[0] == "@") { return array(false, false); } $pwd = stripslashes($pwd); if ($auth_method == "pop3") { if (!empty($routing_domain)) { if (!empty($user_name) && !empty($pwd)) { $authenticated = auth_pop3($user_name, $pwd); $email = $user_name . "@" . $routing_domain; } } else { if (!empty($email) && !empty($pwd)) { $user_name = get_user_from_email($email); $authenticated = auth_pop3($user_name, $pwd); } } } elseif ($auth_method == "imap") { if (!empty($email) && !empty($pwd)) { $email = get_rewritten_email_address($email, $address_rewriting_type); if ($address_rewriting_type == 4) { $user_name = $email; } else { $user_name = get_user_from_email($email); } $authenticated = auth_imap($user_name, $pwd); } } elseif ($auth_method == "ldap") { if (!empty($user_name) && !empty($pwd)) { $email = auth_ldap($user_name, $pwd); $authenticated = !($email === false); } } elseif ($auth_method == "exchange") { if (!empty($user_name) && !empty($pwd)) { $authenticated = auth_exchange($user_name, $pwd, $nt_domain); // BROKEN! No idea what e-mail address to return here. } } elseif ($auth_method == "sql") { if (!empty($user_name) && !empty($pwd)) { $email = auth_sql($user_name, $pwd); if (PEAR::isError($email)) { $authenticated = false; } else { $authenticated = !($email === false); } } } elseif ($auth_method == "internal") { if (!empty($user_name) && !empty($pwd)) { $email = auth_internal($user_name, $pwd); $authenticated = !($email === false); } } elseif ($auth_method == "external") { if (!empty($user_name) && !empty($pwd)) { $authenticated = auth_external($user_name, $pwd); $email = $user_name; } } return array($authenticated, $email); }
if (isset($_POST["trusted_server"])) { $trusted_server = trim($_POST["trusted_server"]); } else { $trusted_server = ""; } if (isset($_POST["trusted_port"])) { $trusted_port = trim($_POST["trusted_port"]); } else { $trusted_port = ""; } $sth = $dbh->prepare("UPDATE maia_config SET enable_user_autocreation = 'N', " . "internal_auth = 'Y', " . "admin_email = ?, " . "reminder_login_url = ?, " . "newuser_template_file = ?, " . "smtp_server = ?, " . "smtp_port = ? " . "WHERE id = 0"); $sth->execute(array($admin_email, $reminder_login_url, $newuser_template_file, $trusted_server, $trusted_port)); if (PEAR::isError($sth)) { die($sth->getMessage()); } $new_email = get_rewritten_email_address($your_email, $address_rewriting_type); $username = $new_email; $new_user_id = add_user($username, $new_email); if ($new_user_id === -1) { $smarty->assign("error", "This superuser account already exists. It must be removed from the database before recreating."); } // Generate a random password and assign it to the new user list($password, $digest) = generate_random_password(); $sth = $dbh->prepare("UPDATE maia_users SET password = ? WHERE id = ?"); $sth->execute(array($digest, $new_user_id)); if (PEAR::isError($sth)) { die($sth->getMessage()); } $sth->free(); $fh = fopen($newuser_template_file, "r"); if ($fh) {