X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=functions%2Fauth.php;h=85eb8ff3bdf8299948d77e062a5552684d126615;hb=3e28c1231fe4d9a49563b39c1647d26d7723bd96;hp=bebc7f87a1739de545b3c994428b94118c809ccb;hpb=2fa4a9b78e0bea6d75e20ea113aaa96ee2894f1a;p=squirrelmail.git diff --git a/functions/auth.php b/functions/auth.php index bebc7f87..85eb8ff3 100644 --- a/functions/auth.php +++ b/functions/auth.php @@ -3,7 +3,7 @@ /** * auth.php * - * Copyright (c) 1999-2002 The SquirrelMail Project Team + * Copyright (c) 1999-2003 The SquirrelMail Project Team * Licensed under the GNU GPL. For full terms see the file COPYING. * * Contains functions used to do authentication. @@ -11,29 +11,172 @@ * $Id$ */ -require_once( '../functions/page_header.php' ); +/* Put in a safety net here, in case a naughty admin didn't run conf.pl when they upgraded */ -function is_logged_in () { - global $squirrelmail_language, $frame_top, $base_uri; +if (! isset($smtp_auth_mech)) { + $smtp_auth_mech = 'none'; +} + +if (! isset($imap_auth_mech)) { + $imap_auth_mech = 'login'; +} + +if (! isset($use_imap_tls)) { + $use_imap_tls = false; +} + +if (! isset($use_smtp_tls)) { + $use_smtp_tls = false; +} - if ( session_is_registered('user_is_logged_in') ) { +function is_logged_in() { + + if ( sqsession_is_registered('user_is_logged_in') ) { return; - } + } else { + global $PHP_SELF, $session_expired_post, + $session_expired_location; - if (!isset($frame_top) || $frame_top == '' ) { - $frame_top = '_top'; + /* First we store some information in the new session to prevent + * information-loss. + */ + + $session_expired_post = $_POST; + $session_expired_location = $PHP_SELF; + if (!sqsession_is_registered('session_expired_post')) { + sqsession_register($session_expired_post,'session_expired_post'); + } + if (!sqsession_is_registered('session_expired_location')) { + sqsession_register($session_expired_location,'session_expired_location'); + } + include_once( SM_PATH . 'functions/display_messages.php' ); + logout_error( _("You must be logged in to access this page.") ); + exit; } +} + +function cram_md5_response ($username,$password,$challenge) { + +/* Given the challenge from the server, supply the response using + cram-md5 (See RFC 2195 for details) +*/ +$challenge=base64_decode($challenge); +$hash=bin2hex(hmac_md5($challenge,$password)); +$response=base64_encode($username . " " . $hash) . "\r\n"; +return $response; +} - set_up_language($squirrelmail_language, true); +function digest_md5_response ($username,$password,$challenge,$service,$host) { +/* Given the challenge from the server, calculate and return the response-string + for digest-md5 authentication. (See RFC 2831 for more details) */ + $result=digest_md5_parse_challenge($challenge); + +// verify server supports qop=auth + // $qop = explode(",",$result['qop']); + //if (!in_array("auth",$qop)) { + // rfc2831: client MUST fail if no qop methods supported + // return false; + //} + $cnonce = base64_encode(bin2hex(hmac_md5(microtime()))); + $ncount = "00000001"; - displayHtmlHeader( 'SquirrelMail', '', FALSE ); + /* This can be auth (authentication only), auth-int (integrity protection), or + auth-conf (confidentiality protection). Right now only auth is supported. + DO NOT CHANGE THIS VALUE */ + $qop_value = "auth"; - echo "
\n" . - '