X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=functions%2Fauth.php;h=53b96d9f717e27ee90ef326bc99bb62dfe9fa452;hb=e1a125cdd9aafec0ac3048b72405fd3cba0378d3;hp=71f2fdb95dc52c13db966214135bbe16dae6dbf1;hpb=867fed375310bddf80421e7ae711ec1f56402413;p=squirrelmail.git diff --git a/functions/auth.php b/functions/auth.php index 71f2fdb9..53b96d9f 100644 --- a/functions/auth.php +++ b/functions/auth.php @@ -9,7 +9,7 @@ * functions/global.php * functions/strings.php. * - * @copyright © 1999-2006 The SquirrelMail Project Team + * @copyright © 1999-2007 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail @@ -17,12 +17,12 @@ /** - * Detect logged user + * Detect whether user is logged in * * Function is similar to is_logged_in() function. If user is logged in, function * returns true. If user is not logged in or session is expired, function saves $_POST - * and $PHP_SELF in session and returns false. POST information is saved in - * 'session_expired_post' variable, PHP_SELF is saved in 'session_expired_location'. + * and PAGE_NAME in session and returns false. POST information is saved in + * 'session_expired_post' variable, PAGE_NAME is saved in 'session_expired_location'. * * Script that uses this function instead of is_logged_in() function, must handle user * level messages. @@ -32,23 +32,26 @@ function sqauth_is_logged_in() { if ( sqsession_is_registered('user_is_logged_in') ) { return true; - } else { - global $PHP_SELF, $session_expired_post, $session_expired_location; + } - // First we store some information in the new session to prevent - // information-loss. - // - $session_expired_post = $_POST; - $session_expired_location = $PHP_SELF; - if (!sqsession_is_registered('session_expired_post')) { - sqsession_register($session_expired_post,'session_expired_post'); - } - if (!sqsession_is_registered('session_expired_location')) { - sqsession_register($session_expired_location,'session_expired_location'); - } + // First we store some information in the new session to prevent + // information-loss. + $session_expired_post = $_POST; + if (defined('PAGE_NAME')) + $session_expired_location = PAGE_NAME; + else + $session_expired_location = ''; + + if (!sqsession_is_registered('session_expired_post')) { + sqsession_register($session_expired_post,'session_expired_post'); + } + if (!sqsession_is_registered('session_expired_location')) { + sqsession_register($session_expired_location,'session_expired_location'); + } + + session_write_close(); - return false; - } + return false; } /** @@ -122,10 +125,11 @@ function cram_md5_response ($username,$password,$challenge) { * define the digest-uri. * @param string $host The host name, usually the server's FQDN; it is used to * define the digest-uri. + * @param string $authz Authorization ID (since 1.5.2) * @return string The response to be sent to the IMAP server * @since 1.4.0 */ -function digest_md5_response ($username,$password,$challenge,$service,$host) { +function digest_md5_response ($username,$password,$challenge,$service,$host,$authz='') { $result=digest_md5_parse_challenge($challenge); // verify server supports qop=auth @@ -151,6 +155,9 @@ function digest_md5_response ($username,$password,$challenge,$service,$host) { $string_a1 .= utf8_encode($password); $string_a1 = hmac_md5($string_a1); $A1 = $string_a1 . ":" . $result['nonce'] . ":" . $cnonce; + if(!empty($authz)) { + $A1 .= ":" . utf8_encode($authz); + } $A1 = bin2hex(hmac_md5($A1)); $A2 = "AUTHENTICATE:$digest_uri_value"; // If qop is auth-int or auth-conf, A2 gets a little extra @@ -166,6 +173,9 @@ function digest_md5_response ($username,$password,$challenge,$service,$host) { $reply .= 'nonce="' . $result['nonce'] . '",nc=' . $ncount . ',cnonce="' . $cnonce . '",'; $reply .= "digest-uri=\"$digest_uri_value\",response=$response_value"; $reply .= ',qop=' . $qop_value; + if(!empty($authz)) { + $reply .= ',authzid=' . $authz; + } $reply = base64_encode($reply); return $reply . "\r\n"; @@ -255,7 +265,7 @@ function hmac_md5($data, $key='') { * * @param string $user Reference to SMTP username * @param string $pass Reference to SMTP password (unencrypted) - * @since 1.5.0 + * @since 1.4.11 */ function get_smtp_user(&$user, &$pass) { global $username, $smtp_auth_mech, @@ -264,13 +274,19 @@ function get_smtp_user(&$user, &$pass) { if ($smtp_auth_mech == 'none') { $user = ''; $pass = ''; - } elseif ( isset($smtp_sitewide_user) && isset($smtp_sitewide_pass) ) { + } elseif ( isset($smtp_sitewide_user) && isset($smtp_sitewide_pass) && + !empty($smtp_sitewide_user)) { $user = $smtp_sitewide_user; $pass = $smtp_sitewide_pass; } else { $user = $username; $pass = sqauth_read_password(); } -} -?> \ No newline at end of file + // plugin authors note: override $user or $pass by + // directly changing the arguments array contents + // in your plugin e.g., $args[0] = 'new_username'; + // + $temp = array(&$user, &$pass); + do_hook('smtp_auth', $temp); +}