- if (($imap_auth_mech == 'cram-md5') OR ($imap_auth_mech == 'digest-md5')) {
- // We're using some sort of authentication OTHER than plain
- $tag=sqimap_session_id(false);
- if ($imap_auth_mech == 'digest-md5') {
- $query = $tag . " AUTHENTICATE DIGEST-MD5\r\n";
- } elseif ($imap_auth_mech == 'cram-md5') {
- $query = $tag . " AUTHENTICATE CRAM-MD5\r\n";
- }
- fputs($imap_stream,$query);
- $answer=sqimap_fgets($imap_stream);
- // Trim the "+ " off the front
- $response=explode(" ",$answer,3);
- if ($response[0] == '+') {
- // Got a challenge back
- $challenge=$response[1];
- if ($imap_auth_mech == 'digest-md5') {
- $reply = digest_md5_response($username,$password,$challenge,'imap',$host);
- } elseif ($imap_auth_mech == 'cram-md5') {
- $reply = cram_md5_response($username,$password,$challenge);
- }
- fputs($imap_stream,$reply);
- $read=sqimap_fgets($imap_stream);
- if ($imap_auth_mech == 'digest-md5') {
- // DIGEST-MD5 has an extra step..
- if (substr($read,0,1) == '+') { // OK so far..
- fputs($imap_stream,"\r\n");
- $read=sqimap_fgets($imap_stream);
- }
- }
- $results=explode(" ",$read,3);
- $response=$results[1];
- $message=$results[2];
- } else {
- // Fake the response, so the error trap at the bottom will work
- $response="BAD";
- $message='IMAP server does not appear to support the authentication method selected.';
- $message .= ' Please contact your system administrator.';
- }
+ if (($imap_auth_mech == 'cram-md5') OR ($imap_auth_mech == 'digest-md5')) {
+ // We're using some sort of authentication OTHER than plain or login
+ $tag=sqimap_session_id(false);
+ if ($imap_auth_mech == 'digest-md5') {
+ $query = $tag . " AUTHENTICATE DIGEST-MD5\r\n";
+ } elseif ($imap_auth_mech == 'cram-md5') {
+ $query = $tag . " AUTHENTICATE CRAM-MD5\r\n";
+ }
+ fputs($imap_stream,$query);
+ $answer=sqimap_fgets($imap_stream);
+ // Trim the "+ " off the front
+ $response=explode(" ",$answer,3);
+ if ($response[0] == '+') {
+ // Got a challenge back
+ $challenge=$response[1];
+ if ($imap_auth_mech == 'digest-md5') {
+ $reply = digest_md5_response($username,$password,$challenge,'imap',$host);
+ } elseif ($imap_auth_mech == 'cram-md5') {
+ $reply = cram_md5_response($username,$password,$challenge);
+ }
+ fputs($imap_stream,$reply);
+ $read=sqimap_fgets($imap_stream);
+ if ($imap_auth_mech == 'digest-md5') {
+ // DIGEST-MD5 has an extra step..
+ if (substr($read,0,1) == '+') { // OK so far..
+ fputs($imap_stream,"\r\n");
+ $read=sqimap_fgets($imap_stream);
+ }
+ }
+ $results=explode(" ",$read,3);
+ $response=$results[1];
+ $message=$results[2];
+ } else {
+ // Fake the response, so the error trap at the bottom will work
+ $response="BAD";
+ $message='IMAP server does not appear to support the authentication method selected.';
+ $message .= ' Please contact your system administrator.';
+ }
+ } elseif ($imap_auth_mech == 'login') {
+ // Original IMAP login code
+ $query = 'LOGIN "' . quoteimap($username) . '" "' . quoteimap($password) . '"';
+ $read = sqimap_run_command ($imap_stream, $query, false, $response, $message);
+ } elseif ($imap_auth_mech == 'plain') {
+ /***
+ * SASL PLAIN
+ *
+ * RFC 2595 Chapter 6
+ *
+ * The mechanism consists of a single message from the client to the
+ * server. The client sends the authorization identity (identity to
+ * login as), followed by a US-ASCII NUL character, followed by the
+ * authentication identity (identity whose password will be used),
+ * followed by a US-ASCII NUL character, followed by the clear-text
+ * password. The client may leave the authorization identity empty to
+ * indicate that it is the same as the authentication identity.
+ *
+ **/
+ $tag=sqimap_session_id(false);
+ $sasl = (isset($capability['SASL-IR']) && $capability['SASL-IR']) ? true : false;
+ $auth = base64_encode("$username\0$username\0$password");
+ if ($sasl) {
+ // IMAP Extension for SASL Initial Client Response
+ // <draft-siemborski-imap-sasl-initial-response-01b.txt>
+ $query = $tag . " AUTHENTICATE PLAIN $auth\r\n";
+ fputs($imap_stream, $query);
+ $read = sqimap_fgets($imap_stream);
+ } else {
+ $query = $tag . " AUTHENTICATE PLAIN\r\n";
+ fputs($imap_stream, $query);
+ $read=sqimap_fgets($imap_stream);
+ if (substr($read,0,1) == '+') { // OK so far..
+ fputs($imap_stream, "$auth\r\n");
+ $read = sqimap_fgets($imap_stream);
+ }
+ }
+ $results=explode(" ",$read,3);
+ $response=$results[1];
+ $message=$results[2];