From 045ec1a17de3de6297f2dfc576db99f5edbdb15b Mon Sep 17 00:00:00 2001
From: tokul <tokul@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Wed, 19 Apr 2006 18:03:24 +0000
Subject: [PATCH] if $key is set to false, sqimap_login() function will use
 sqauth_read_password() to retrieve user password. sqimap_login() calls in
 plugins are modified to use this code. It allows to centralize place that is
 used to access password information.

Older way is preserved for backwards compatibility and different IMAP login
credentials.


git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@11058 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 ChangeLog                                     |  3 +++
 functions/imap_general.php                    | 21 +++++++++++++------
 include/options/folder.php                    |  5 ++---
 plugins/info/options.php                      |  4 +---
 .../message_details_bottom.php                |  3 +--
 plugins/sent_subfolders/setup.php             |  7 ++-----
 plugins/spamcop/functions.php                 |  5 ++---
 plugins/spamcop/spamcop.php                   |  5 +----
 8 files changed, 27 insertions(+), 26 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 969a8fd2..1ad32247 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -37,6 +37,9 @@ Version 1.5.2 - CVS
   - Fixed sqsession_cookie function for setting HttpOnly cookie attribute.
   - Reduce references header in a smart way to avoid "header too long"
     errors from SMTP servers in really long threads (#1167754, #1465342).
+  - Added code that allows to use internal password functions in sqimap_login().
+    Switched plugins to use this code instead of accessing key and otp information
+    directly.
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------
diff --git a/functions/imap_general.php b/functions/imap_general.php
index 1afcafff..80d40d12 100755
--- a/functions/imap_general.php
+++ b/functions/imap_general.php
@@ -743,7 +743,9 @@ function sqimap_create_stream($server,$port,$tls=0) {
  * Logs the user into the IMAP server.  If $hide is set, no error messages
  * will be displayed.  This function returns the IMAP connection handle.
  * @param string $username user name
- * @param string $password encrypted password
+ * @param string $password password encrypted with onetimepad. Since 1.5.2 
+ *  function can use internal password functions, if parameter is set to 
+ *  boolean false. 
  * @param string $imap_server_address address of imap server
  * @param integer $imap_port port of imap server
  * @param boolean $hide controls display connection errors
@@ -753,9 +755,19 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $
     global $color, $squirrelmail_language, $onetimepad, $use_imap_tls,
            $imap_auth_mech, $sqimap_capabilities;
 
-    if (!isset($onetimepad) || empty($onetimepad)) {
-        sqgetglobalvar('onetimepad' , $onetimepad , SQ_SESSION );
+    /* get imap login password */
+    if ($password===false) {
+        /* standard functions */
+        $password = sqauth_read_password();
+    } else {
+        /* old way. $key must be extracted from cookie */
+        if (!isset($onetimepad) || empty($onetimepad)) {
+            sqgetglobalvar('onetimepad' , $onetimepad , SQ_SESSION );
+        }
+        /* Decrypt the password */
+        $password = OneTimePadDecrypt($password, $onetimepad);
     }
+
     if (!isset($sqimap_capabilities)) {
         sqgetglobalvar('sqimap_capabilities' , $capability , SQ_SESSION );
     }
@@ -765,9 +777,6 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $
 
     $imap_stream = sqimap_create_stream($imap_server_address,$imap_port,$use_imap_tls);
 
-    /* Decrypt the password */
-    $password = OneTimePadDecrypt($password, $onetimepad);
-
     if (($imap_auth_mech == 'cram-md5') OR ($imap_auth_mech == 'digest-md5')) {
         // We're using some sort of authentication OTHER than plain or login
         $tag=sqimap_session_id(false);
diff --git a/include/options/folder.php b/include/options/folder.php
index ce55f516..451def5a 100644
--- a/include/options/folder.php
+++ b/include/options/folder.php
@@ -33,12 +33,11 @@ define('SMOPT_GRP_FOLDERSELECT', 2);
  * @return array all option information
  */
 function load_optpage_data_folder() {
-    global $username, $key, $imapServerAddress, $imapPort;
+    global $username, $imapServerAddress, $imapPort;
     global $folder_prefix, $default_folder_prefix, $show_prefix_option;
 
     /* Get some imap data we need later. */
-    $imapConnection =
-        sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);
+    $imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0);
     $boxes = sqimap_mailbox_list($imapConnection);
 
     /* Build a simple array into which we will build options. */
diff --git a/plugins/info/options.php b/plugins/info/options.php
index e27ae576..1046b86b 100644
--- a/plugins/info/options.php
+++ b/plugins/info/options.php
@@ -42,8 +42,6 @@ if (! is_plugin_enabled('info')) {
 
 /* GLOBALS */
 sqgetGlobalVar('username', $username, SQ_SESSION);
-sqgetGlobalVar('key', $key, SQ_COOKIE);
-sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION);
 
 sqgetGlobalVar('submit', $submit, SQ_POST);
 
@@ -56,7 +54,7 @@ for($i = 0; $i <= 9; $i++){
 
 /* END GLOBALS */
 
-$imap_stream = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);
+$imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 0);
 $caps_array = get_caps($imap_stream);
 $list = array ('TEST_0',
                'TEST_1',
diff --git a/plugins/message_details/message_details_bottom.php b/plugins/message_details/message_details_bottom.php
index f3eee63a..f66817db 100644
--- a/plugins/message_details/message_details_bottom.php
+++ b/plugins/message_details/message_details_bottom.php
@@ -126,9 +126,8 @@ global $imapServerAddress, $imapPort, $color,$msgd_8bit_in_hex;
 $returnValue = '';
 
 sqgetGlobalVar('username', $username, SQ_SESSION);
-sqgetGlobalVar('key', $key, SQ_COOKIE);
 
-$imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);
+$imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0);
 $read = sqimap_mailbox_select($imapConnection, $mailbox);
 $start = gettimeofday();
 $body = sqimap_run_command($imapConnection, "FETCH $passed_id RFC822",true, $response, $readmessage, TRUE);
diff --git a/plugins/sent_subfolders/setup.php b/plugins/sent_subfolders/setup.php
index 14427d15..42070e33 100644
--- a/plugins/sent_subfolders/setup.php
+++ b/plugins/sent_subfolders/setup.php
@@ -104,11 +104,9 @@ function sent_subfolders_optpage_loadhook_folders() {
     global $optpage_data, $imapServerAddress, $imapPort, $show_contain_subfolders_option;
 
     sqgetGlobalVar('username', $username, SQ_SESSION);
-    sqgetGlobalVar('key', $key, SQ_COOKIE);
 
     /* Get some imap data we need later. */
-    $imapConnection =
-        sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);
+    $imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0);
     $boxes = sqimap_mailbox_list($imapConnection);
     sqimap_logout($imapConnection);
 
@@ -197,7 +195,6 @@ function sent_subfolders_update_sentfolder() {
     global $use_sent_subfolders, $move_to_sent;
 
     sqgetGlobalVar('username', $username, SQ_SESSION);
-    sqgetGlobalVar('key', $key, SQ_COOKIE);
     sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION);
 
     if ($use_sent_subfolders || $move_to_sent) {
@@ -246,7 +243,7 @@ function sent_subfolders_update_sentfolder() {
             /* Auto-create folders, if they do not yet exist. */
             if ($sent_subfolder != 'none') {
                 /* Create the imap connection. */
-                $ic = sqimap_login($username, $key, $imapServerAddress, $imapPort, 10);
+                $ic = sqimap_login($username, false, $imapServerAddress, $imapPort, 10);
 
                 $boxes = false;
                 /**
diff --git a/plugins/spamcop/functions.php b/plugins/spamcop/functions.php
index d3a21dee..44c542ef 100644
--- a/plugins/spamcop/functions.php
+++ b/plugins/spamcop/functions.php
@@ -131,13 +131,12 @@ function spamcop_options_function() {
  */
 function spamcop_while_sending_function() {
     global $mailbox, $spamcop_delete, $spamcop_save, $spamcop_is_composing, $auto_expunge,
-           $username, $key, $imapServerAddress, $imapPort;
+           $username, $imapServerAddress, $imapPort;
 
     if (sqgetGlobalVar('spamcop_is_composing' , $spamcop_is_composing)) {
         // delete spam message
         if ($spamcop_delete) {
-            $imapConnection = sqimap_login($username, $key, $imapServerAddress,
-                $imapPort, 0);
+            $imapConnection = sqimap_login($username, false, $imapServerAddress, $imapPort, 0);
             sqimap_mailbox_select($imapConnection, $mailbox);
             sqimap_msgs_list_delete($imapConnection, $mailbox, array($spamcop_is_composing));
             if ($auto_expunge)
diff --git a/plugins/spamcop/spamcop.php b/plugins/spamcop/spamcop.php
index 5dc226b2..a0730344 100644
--- a/plugins/spamcop/spamcop.php
+++ b/plugins/spamcop/spamcop.php
@@ -23,8 +23,6 @@ include_once(SM_PATH . 'plugins/spamcop/functions.php');
 /* GLOBALS */
 
 sqgetGlobalVar('username', $username, SQ_SESSION);
-sqgetGlobalVar('key',      $key,      SQ_COOKIE);
-sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION);
 
 sqgetGlobalVar('mailbox', $mailbox, SQ_GET);
 sqgetGlobalVar('passed_id', $passed_id, SQ_GET);
@@ -64,8 +62,7 @@ if (! is_plugin_enabled('spamcop')) {
     exit();
 }
 
-    $imap_stream = sqimap_login($username, $key, $imapServerAddress,
-       $imapPort, 0);
+    $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 0);
     sqimap_mailbox_select($imap_stream, $mailbox);
 
     if ($spamcop_method == 'quick_email' ||
-- 
2.25.1