Add "Security:" with relevant changelog items and add CVE id's.

[squirrelmail.git] / functions / auth.php

diff --git a/functions/auth.php b/functions/auth.php
index 5f939cccf1d553c7b281f6c2b07e401e8ecf16f1..f8c45768446628cb551c8a22e090f1e3a23039d0 100644 (file)
--- a/functions/auth.php
+++ b/functions/auth.php
@@ -3,12 +3,12 @@
 /**
  * auth.php
  *
- * Copyright (c) 1999-2003 The SquirrelMail Project Team
+ * Copyright (c) 1999-2004 The SquirrelMail Project Team
  * Licensed under the GNU GPL. For full terms see the file COPYING.
  *
  * Contains functions used to do authentication.
  *
- * $Id$
+ * @version $Id$
  * @package squirrelmail
  */
 
@@ -42,22 +42,23 @@ function is_logged_in() {
     if ( sqsession_is_registered('user_is_logged_in') ) {
         return;
     } else {
-        global $PHP_SELF, $session_expired_post, 
-              $session_expired_location;
+        global $PHP_SELF, $session_expired_post,
+               $session_expired_location, $squirrelmail_language;
 
         /*  First we store some information in the new session to prevent
          *  information-loss.
          */
-        
-       $session_expired_post = $_POST;
+
+        $session_expired_post = $_POST;
         $session_expired_location = $PHP_SELF;
-        if (!sqsession_is_registered('session_expired_post')) {    
+        if (!sqsession_is_registered('session_expired_post')) {
            sqsession_register($session_expired_post,'session_expired_post');
         }
         if (!sqsession_is_registered('session_expired_location')) {
            sqsession_register($session_expired_location,'session_expired_location');
         }
         include_once( SM_PATH . 'functions/display_messages.php' );
+        set_up_language($squirrelmail_language, true);
         logout_error( _("You must be logged in to access this page.") );
         exit;
     }
@@ -97,7 +98,7 @@ function cram_md5_response ($username,$password,$challenge) {
  */
 function digest_md5_response ($username,$password,$challenge,$service,$host) {
   $result=digest_md5_parse_challenge($challenge);
-  
+
 // verify server supports qop=auth
   // $qop = explode(",",$result['qop']);
   //if (!in_array("auth",$qop)) {
@@ -109,7 +110,7 @@ function digest_md5_response ($username,$password,$challenge,$service,$host) {
 
   /* This can be auth (authentication only), auth-int (integrity protection), or
      auth-conf (confidentiality protection).  Right now only auth is supported.
-        DO NOT CHANGE THIS VALUE */
+     DO NOT CHANGE THIS VALUE */
   $qop_value = "auth";
 
   $digest_uri_value = $service . '/' . $host;
@@ -138,7 +139,7 @@ function digest_md5_response ($username,$password,$challenge,$service,$host) {
   $reply .= ',qop=' . $qop_value;
   $reply = base64_encode($reply);
   return $reply . "\r\n";
- 
+
 }
 
 /**
@@ -174,10 +175,10 @@ function digest_md5_parse_challenge($challenge) {
       // We're in a "simple" value - explode to next comma
       $val=explode(',',$challenge,2);
       if (isset($val[1])) {
-               $challenge=$val[1];
-         } else {
-           unset($challenge);
-         }
+          $challenge=$val[1];
+      } else {
+          unset($challenge);
+      }
       $value=$val[0];
     }
     $parsed["$key"]=$value;
@@ -218,4 +219,27 @@ function hmac_md5($data, $key='') {
     return $hmac;
 }
 
-?>
+/**
+ * Fillin user and password based on SMTP auth settings.
+ *
+ * @param string $user Reference to SMTP username
+ * @param string $pass Reference to SMTP password (unencrypted)
+ */
+function get_smtp_user(&$user, &$pass) {
+    global $username, $smtp_auth_mech,
+           $smtp_sitewide_user, $smtp_sitewide_pass;
+
+    if ($smtp_auth_mech == 'none') {
+        $user = '';
+        $pass = '';
+    } elseif ( isset($smtp_sitewide_user) && isset($smtp_sitewide_pass) ) {
+        $user = $smtp_sitewide_user;
+        $pass = $smtp_sitewide_pass;
+    } else {
+        global $key, $onetimepad;
+        $user = $username;
+        $pass = OneTimePadDecrypt($key, $onetimepad);
+    }
+}
+
+?>
\ No newline at end of file