From df758744d8856eee5cd0cdc60e73cd440d19985f Mon Sep 17 00:00:00 2001 From: kink Date: Wed, 18 Aug 2004 19:47:33 +0000 Subject: [PATCH] * Check for capabilities in configtest, and warn here about LOGINDISABLED or missing STARTTLS * Login.php suggested that "logins" were disabled, but this should be "plain text logins" only. git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@7935 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- src/configtest.php | 35 ++++++++++++++++++++++++++++++----- src/login.php | 5 +++-- 2 files changed, 33 insertions(+), 7 deletions(-) diff --git a/src/configtest.php b/src/configtest.php index 54499c3b..b3f0307d 100644 --- a/src/configtest.php +++ b/src/configtest.php @@ -16,6 +16,9 @@ * If it throws errors you need to adjust your config. * ************************************************************/ +// This script could really use some restructuring as it has grown quite rapidly +// but is not very 'clean'. Feel free to get some structure into this thing. + function do_err($str, $exit = TRUE) { global $IND; echo '

'.$IND.'ERROR: ' .$str. "

\n"; @@ -217,8 +220,12 @@ if($useSendmail) { } } +/** + * Check the IMAP server + */ echo "Checking IMAP service....
\n"; +/** Can we open a connection? */ $stream = fsockopen( ($use_imap_tls?'tls://':'').$imapServerAddress, $imapPort, $errorNumber, $errorString); if(!$stream) { @@ -227,18 +234,36 @@ if(!$stream) { htmlspecialchars($errorString)); } +/** Is the first response 'OK'? */ $imapline = fgets($stream, 1024); if(substr($imapline, 0,4) != '* OK') { do_err('Error connecting to IMAP server. Server error: '. htmlspecialchars($imapline)); } -fputs($stream, '001 LOGOUT'); -fclose($stream); - -echo $IND . 'IMAP server OK ('. +echo $IND . 'IMAP server ready ('. htmlspecialchars(trim($imapline)).")
\n"; +/** Check capabilities */ +fputs($stream, "A001 CAPABILITY\r\n"); +$capline = fgets($stream, 1024); + +echo $IND . 'Capabilities: '.htmlspecialchars($capline)."
\n"; + +if($imap_auth_mech == 'login' && stristr($capline, 'LOGINDISABLED') !== FALSE) { + do_err('Your server doesn\'t allow plaintext logins. '. + 'Try enabling another authentication mechanism like CRAM-MD5, DIGEST-MD5 or TLS-encryption '. + 'in the SquirrelMail configuration.', FALSE); +} +if($use_imap_tls && stristr($capline, 'STARTTLS') === FALSE) { + do_err('You have enabled TLS encryption in the config, but the server does not '. + 'report STARTTLS capability. TLS is probably not supported.', FALSE); +} + +/** OK, close connection */ +fputs($stream, "A002 LOGOUT\r\n"); +fclose($stream); + echo "Checking internationalization (i18n) settings...
\n"; echo "$IND gettext - "; if (function_exists('gettext')) { @@ -392,4 +417,4 @@ if( empty($ldap_server) ) { \ No newline at end of file +?> diff --git a/src/login.php b/src/login.php index 9baeccbe..9709cda1 100644 --- a/src/login.php +++ b/src/login.php @@ -64,7 +64,8 @@ if($imap_auth_mech == 'login') { $logindisabled = sqimap_capability($imap,'LOGINDISABLED'); sqimap_logout($imap); if ($logindisabled) { - $string = _("The IMAP server is reporting that logins are disabled.").'
'; + $string = _("The IMAP server is reporting that plain text logins are disabled.").'
'. + _("Using CRAM-MD5 or DIGEST-MD5 authentication instead may work.").'
'; if (!$use_imap_tls) { $string .= _("The use of TLS may allow SquirrelMail to login.").'
'; } @@ -185,4 +186,4 @@ echo '' . "\n"; do_hook('login_bottom'); ?> - \ No newline at end of file + -- 2.25.1