X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=functions%2Fauth.php;h=3bd8f86f6a30d0b93b55c8b17dd3bf42ee3c216b;hb=3ab350426ee70647e8d97a0e85744d76315b5e84;hp=287be6ce7013143de410f98aefd0d5d3b7a9cadd;hpb=5be9f1952729e353cf3a2b8431e432254b879b15;p=squirrelmail.git diff --git a/functions/auth.php b/functions/auth.php index 287be6ce..3bd8f86f 100644 --- a/functions/auth.php +++ b/functions/auth.php @@ -3,7 +3,7 @@ /** * auth.php * - * Copyright (c) 1999-2002 The SquirrelMail Project Team + * Copyright (c) 1999-2003 The SquirrelMail Project Team * Licensed under the GNU GPL. For full terms see the file COPYING. * * Contains functions used to do authentication. @@ -11,25 +11,172 @@ * $Id$ */ -require_once( '../functions/page_header.php' ); +/* Put in a safety net here, in case a naughty admin didn't run conf.pl when they upgraded */ -function is_logged_in () { - global $squirrelmail_language; +if (! isset($smtp_auth_mech)) { + $smtp_auth_mech = 'none'; +} + +if (! isset($imap_auth_mech)) { + $imap_auth_mech = 'plain'; +} + +if (! isset($use_imap_tls)) { + $use_imap_tls = false; +} + +if (! isset($use_smtp_tls)) { + $use_smtp_tls = false; +} - if ( session_is_registered('user_is_logged_in') ) { +function is_logged_in() { + + if ( sqsession_is_registered('user_is_logged_in') ) { return; + } else { + global $PHP_SELF, $session_expired_post, + $session_expired_location; + + /* First we store some information in the new session to prevent + * information-loss. + */ + + $session_expired_post = $_POST; + $session_expired_location = $PHP_SELF; + if (!sqsession_is_registered('session_expired_post')) { + sqsession_register($session_expired_post,'session_expired_post'); + } + if (!sqsession_is_registered('session_expired_location')) { + sqsession_register($session_expired_location,'session_expired_location'); + } + include_once( SM_PATH . 'functions/display_messages.php' ); + logout_error( _("You must be logged in to access this page.") ); + exit; } +} + +function cram_md5_response ($username,$password,$challenge) { + +/* Given the challenge from the server, supply the response using + cram-md5 (See RFC 2195 for details) +*/ +$challenge=base64_decode($challenge); +$hash=bin2hex(hmac_md5($challenge,$password)); +$response=base64_encode($username . " " . $hash) . "\r\n"; +return $response; +} - set_up_language($squirrelmail_language, true); +function digest_md5_response ($username,$password,$challenge,$service,$host) { +/* Given the challenge from the server, calculate and return the response-string + for digest-md5 authentication. (See RFC 2831 for more details) */ + $result=digest_md5_parse_challenge($challenge); + +// verify server supports qop=auth + // $qop = explode(",",$result['qop']); + //if (!in_array("auth",$qop)) { + // rfc2831: client MUST fail if no qop methods supported + // return false; + //} + $cnonce = base64_encode(bin2hex(hmac_md5(microtime()))); + $ncount = "00000001"; - displayHtmlHeader( 'SquirrelMail', '', FALSE ); + /* This can be auth (authentication only), auth-int (integrity protection), or + auth-conf (confidentiality protection). Right now only auth is supported. + DO NOT CHANGE THIS VALUE */ + $qop_value = "auth"; - echo "
\n" . - '