*
* This implements all functions that do general IMAP functions.
*
- * @copyright 1999-2013 The SquirrelMail Project Team
+ * @copyright 1999-2014 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
* @param int port port number to connect to
* @param integer $tls whether to use plain text(0), TLS(1) or STARTTLS(2) when connecting.
* Argument was boolean before 1.5.1.
+ * @param array $ssl_options SSL context options, see config_local.php
+ * for more details (OPTIONAL)
* @return imap-stream resource identifier
* @since 1.5.0 (usable only in 1.5.1 or later)
*/
-function sqimap_create_stream($server,$port,$tls=0) {
+function sqimap_create_stream($server,$port,$tls=0,$ssl_options=array()) {
global $squirrelmail_language;
if (strstr($server,':') && ! preg_match("/^\[.*\]$/",$server)) {
$server = '['.$server.']';
}
+ // NB: Using "ssl://" ensures the highest possible TLS version
+ // will be negotiated with the server (whereas "tls://" only
+ // uses TLS version 1.0)
+ //
if ($tls == 1) {
if ((check_php_version(4,3)) and (extension_loaded('openssl'))) {
- /* Use TLS by prefixing "tls://" to the hostname */
- $server = 'tls://' . $server;
+ if (function_exists('stream_socket_client')) {
+ $server_address = 'ssl://' . $server . ':' . $port;
+ if (!empty($ssl_options))
+ $ssl_options = array('ssl' => $ssl_options);
+ $ssl_context = @stream_context_create($ssl_options);
+ $connect_timeout = ini_get('default_socket_timeout');
+ // null timeout is broken
+ if ($connect_timeout == 0)
+ $connect_timeout = 15;
+ $imap_stream = @stream_socket_client($server_address, $error_number, $error_string, $connect_timeout, STREAM_CLIENT_CONNECT, $ssl_context);
+ } else {
+ $imap_stream = @fsockopen('ssl://' . $server, $port, $error_number, $error_string, 15);
+ }
} else {
require_once(SM_PATH . 'functions/display_messages.php');
logout_error( sprintf(_("Error connecting to IMAP server: %s."), $server).
_("Please contact your system administrator and report this error."),
sprintf(_("Error connecting to IMAP server: %s."), $server));
}
+ } else {
+ $imap_stream = @fsockopen($server, $port, $error_number, $error_string, 15);
}
- $imap_stream = @fsockopen($server, $port, $error_number, $error_string, 15);
/* Do some error correction */
if (!$imap_stream) {
* 1 = show no errors (just exit)
* 2 = show no errors (return FALSE)
* 3 = show no errors (return error string)
+ * @param array $ssl_options SSL context options, see config_local.php
+ * for more details (OPTIONAL)
* @return mixed The IMAP connection stream, or if the connection fails,
* FALSE if $hide is set to 2 or an error string if $hide
* is set to 3.
*/
-function sqimap_login ($username, $password, $imap_server_address, $imap_port, $hide) {
+function sqimap_login ($username, $password, $imap_server_address,
+ $imap_port, $hide, $ssl_options=array()) {
global $color, $squirrelmail_language, $onetimepad, $use_imap_tls,
- $imap_auth_mech, $sqimap_capabilities;
+ $imap_auth_mech, $sqimap_capabilities, $display_imap_login_error;
// Note/TODO: This hack grabs the $authz argument from the session. In the short future,
// a new argument in function sqimap_login() will be used instead.
$host = $imap_server_address;
$imap_server_address = sqimap_get_user_server($imap_server_address, $username);
- $imap_stream = sqimap_create_stream($imap_server_address,$imap_port,$use_imap_tls);
+ $imap_stream = sqimap_create_stream($imap_server_address,$imap_port,$use_imap_tls,$ssl_options);
if (($imap_auth_mech == 'cram-md5') OR ($imap_auth_mech == 'digest-md5')) {
// We're using some sort of authentication OTHER than plain or login
/* terminate the session nicely */
sqimap_logout($imap_stream);
- if ($hide == 3) return _("Unknown user or password incorrect.");
- logout_error( _("Unknown user or password incorrect.") );
+
+ // determine what error message to use
+ //
+ $fail_msg = _("Unknown user or password incorrect.");
+ if ($display_imap_login_error) {
+ // See if there is an error message from the server
+ // Skip any rfc5530 response code: '[something]' at the
+ // start of the message
+ if (!empty($message)
+ && $message{0} == '['
+ && ($end = strstr($message, ']'))
+ && $end != ']') {
+ $message = substr($end, 1);
+ }
+ // Remove surrounding spaces and if there
+ // is anything left, display that as the
+ // error message:
+ $message = trim($message);
+ if (strlen($message))
+ $fail_msg = _($message);
+ }
+
+ if ($hide == 3) return $fail_msg;
+ logout_error($fail_msg);
exit;
}
} else {