$authenticated = PEAR::raiseError($lang['invalid_token']);
}
} else {
$logger->err("unknown action");
$authenticated = PEAR::raiseError($lang['invalid_token']);
}
if (!ok_to_impersonate($euid, $uid)) {
$logger->err("user {$uid} cannot impersonate {$euid}");
$authenticated = PEAR::raiseError($lang['invalid_token']);
}
} else {
if ($auth_method == "imap") {
$imap_address = get_rewritten_email_address($address, $address_rewriting_type);
$user_name = get_user_from_email($imap_address);
} elseif ($auth_method == "pop3" && empty($routing_domain)) {
$user_name = get_user_from_email($address);
} elseif ($auth_method == "external") {
$user_name = ereg_replace('@.*$', '', $user_name);
// FIXME there has to be a better way to do this. It implements the
// assumption (valid here) that the LHS of all addresses that need to
// be authenticated against is the user name. But some things just didn't
// work right until I added this code.
}
list($authenticated, $email) = auth($user_name, $pwd, $address, $nt_domain);
if ($authenticated === true) {
if (is_primary_email($email)) {
$owner_id = get_email_address_owner(get_email_address_id($email));
$uid = get_user_id($user_name, $email);
if ($owner_id != 0 && $owner_id != $uid) {
$authenticated = PEAR::raiseError($lang['error_case_mixup_rejected_html']);
$logger->warning(sprintf($lang['error_case_mixup_rejected_log'], $email, $address, $user_name, $uid, $owner_id));
function auth($user_name, $pwd, $email, $nt_domain)
{
global $dbh;
global $auth_method;
global $routing_domain;
global $address_rewriting_type;
$authenticated = false;
$user_name = trim(stripslashes($user_name));
$email = trim($email);
// Don't allow logins for domain-class pseudo-users
if (!empty($user_name) && $user_name[0] == "@" || !empty($email) && $email[0] == "@") {
return array(false, false);
}
$pwd = stripslashes($pwd);
if ($auth_method == "pop3") {
if (!empty($routing_domain)) {
if (!empty($user_name) && !empty($pwd)) {
$authenticated = auth_pop3($user_name, $pwd);
$email = $user_name . "@" . $routing_domain;
}
} else {
if (!empty($email) && !empty($pwd)) {
$user_name = get_user_from_email($email);
$authenticated = auth_pop3($user_name, $pwd);
}
}
} elseif ($auth_method == "imap") {
if (!empty($email) && !empty($pwd)) {
$email = get_rewritten_email_address($email, $address_rewriting_type);
if ($address_rewriting_type == 4) {
$user_name = $email;
} else {
$user_name = get_user_from_email($email);
}
$authenticated = auth_imap($user_name, $pwd);
}
} elseif ($auth_method == "ldap") {
if (!empty($user_name) && !empty($pwd)) {
$email = auth_ldap($user_name, $pwd);
$authenticated = !($email === false);
}
} elseif ($auth_method == "exchange") {
if (!empty($user_name) && !empty($pwd)) {
$authenticated = auth_exchange($user_name, $pwd, $nt_domain);
// BROKEN! No idea what e-mail address to return here.
}
} elseif ($auth_method == "sql") {
if (!empty($user_name) && !empty($pwd)) {
$email = auth_sql($user_name, $pwd);
if (PEAR::isError($email)) {
$authenticated = false;
} else {
$authenticated = !($email === false);
}
}
} elseif ($auth_method == "internal") {
if (!empty($user_name) && !empty($pwd)) {
$email = auth_internal($user_name, $pwd);
$authenticated = !($email === false);
}
} elseif ($auth_method == "external") {
if (!empty($user_name) && !empty($pwd)) {
$authenticated = auth_external($user_name, $pwd);
$email = $user_name;
}
}
return array($authenticated, $email);
}
if (isset($_POST["new_email"])) {
$smarty->assign('new_email', 1);
$new_email = trim($_POST["new_email"]);
// Rewrite the e-mail address as necessary for POP3/IMAP, to make
// it match the routing address provided by the MTA-RX.
if ($auth_method == "pop3" && !empty($routing_domain)) {
$username = get_user_from_email($new_email);
$new_email = $username . "@" . $routing_domain;
} elseif ($auth_method == "imap") {
$new_email = get_rewritten_email_address($new_email, $address_rewriting_type);
$username = get_user_from_email($new_email);
} elseif ($auth_method == "internal") {
$new_email = get_rewritten_email_address($new_email, $address_rewriting_type);
$username = $new_email;
} else {
$username = get_user_from_email($new_email);
}
$bad_user = empty($username);
$smarty->assign("bad_user", $bad_user);
if (!$super && !$bad_user) {
// Make sure the new address is in a domain that
// this administrator controls.
$domain = "@" . get_domain_from_email($new_email);
$select = "SELECT id " . "FROM maia_domains, maia_domain_admins " . "WHERE maia_domains.id = maia_domain_admins.domain_id " . "AND maia_domain_admins.admin_id = ? " . "AND maia_domains.domain = ?";
$sth = $dbh->prepare($select);
$res = $sth->execute(array($uid, $domain));
if (PEAR::isError($sth)) {
die($sth->getMessage());
}
$bad_domain = !$res->fetchrow();
$smarty->assign("bad_domain", $bad_domain);
