+ /* Return result or handle errors */
+ if ($handle_errors == false) {
+ return $aResponse;
+ }
+ switch ($response[$tag]) {
+ case 'OK':
+ return $aResponse;
+ break;
+ case 'NO':
+ /* ignore this error from M$ exchange, it is not fatal (aka bug) */
+ if (strstr($message[$tag], 'command resulted in') === false) {
+ sqimap_error_box(_("ERROR : Could not complete request."), $query, _("Reason Given: "), $message[$tag]);
+ echo '</body></html>';
+ exit;
+ }
+ break;
+ case 'BAD':
+ sqimap_error_box(_("ERROR : Bad or malformed request."), $query, _("Server responded: "), $message[$tag]);
+ echo '</body></html>';
+ exit;
+ case 'BYE':
+ sqimap_error_box(_("ERROR : Imap server closed the connection."), $query, _("Server responded: "), $message[$tag]);
+ echo '</body></html>';
+ exit;
+ default:
+ sqimap_error_box(_("ERROR : Unknown imap response."), $query, _("Server responded: "), $message[$tag]);
+ /* the error is displayed but because we don't know the reponse we
+ return the result anyway */
+ return $aResponse;
+ break;
+ }
+}
+
+/**
+ * @param stream $imap_stream
+ * @param string $tag_uid
+ * @param boolean $handle_errors
+ * @param array $response
+ * @param array $message
+ * @param mixed $query (since 1.2.5)
+ * @param mixed $filter (since 1.4.1) see sqimap_retrieve_imap_response()
+ * @param mixed $outputstream (since 1.4.1) see sqimap_retrieve_imap_response()
+ * @param mixed $no_return (since 1.4.1) see sqimap_retrieve_imap_response()
+ */
+function sqimap_read_data ($imap_stream, $tag_uid, $handle_errors,
+ &$response, &$message, $query = '',
+ $filter=false,$outputstream=false,$no_return=false) {
+
+ $tag_uid_a = explode(' ',trim($tag_uid));
+ $tag = $tag_uid_a[0];
+
+ $res = sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors,
+ $response, $message, $query,$filter,$outputstream,$no_return);
+ return $res;
+}
+
+/**
+ * Connects to the IMAP server and returns a resource identifier for use with
+ * the other SquirrelMail IMAP functions. Does NOT login!
+ * @param string server hostname of IMAP server
+ * @param int port port number to connect to
+ * @param bool tls whether to use TLS when connecting.
+ * @return imap-stream resource identifier
+ * @since 1.5.0 (usable only in 1.5.1 or later)
+ */
+function sqimap_create_stream($server,$port,$tls=false) {
+ global $squirrelmail_language;
+
+ if ($tls == true) {
+ if ((check_php_version(4,3)) and (extension_loaded('openssl'))) {
+ /* Use TLS by prefixing "tls://" to the hostname */
+ $server = 'tls://' . $server;
+ } else {
+ require_once(SM_PATH . 'functions/display_messages.php');
+ logout_error( sprintf(_("Error connecting to IMAP server: %s."), $server).
+ '<br />'.
+ _("TLS is enabled, but this version of PHP does not support TLS sockets, or is missing the openssl extension.").
+ '<br /><br />'.
+ _("Please contact your system administrator and report this error.") );
+ }
+ }
+
+ $imap_stream = @fsockopen($server, $port, $error_number, $error_string, 15);
+
+ /* Do some error correction */
+ if (!$imap_stream) {
+ set_up_language($squirrelmail_language, true);
+ require_once(SM_PATH . 'functions/display_messages.php');
+ logout_error( sprintf(_("Error connecting to IMAP server: %s."), $server).
+ "<br />\r\n$error_number : $error_string<br />\r\n" );
+ exit;
+ }
+ $server_info = fgets ($imap_stream, 1024);
+ return $imap_stream;
+}
+
+/**
+ * Logs the user into the imap server. If $hide is set, no error messages
+ * will be displayed. This function returns the imap connection handle.
+ * @param string $username user name
+ * @param string $password encrypted password
+ * @param string $imap_server_address address of imap server
+ * @param integer $imap_port port of imap server
+ * @param boolean $hide controls display connection errors
+ * @return stream
+ */
+function sqimap_login ($username, $password, $imap_server_address, $imap_port, $hide) {
+ global $color, $squirrelmail_language, $onetimepad, $use_imap_tls,
+ $imap_auth_mech, $sqimap_capabilities;
+
+ if (!isset($onetimepad) || empty($onetimepad)) {
+ sqgetglobalvar('onetimepad' , $onetimepad , SQ_SESSION );
+ }
+ if (!isset($sqimap_capabilities)) {
+ sqgetglobalvar('sqimap_capabilities' , $capability , SQ_SESSION );
+ }
+
+ $host = $imap_server_address;
+ $imap_server_address = sqimap_get_user_server($imap_server_address, $username);
+
+ $imap_stream = sqimap_create_stream($imap_server_address,$imap_port,$use_imap_tls);
+
+ /* Decrypt the password */
+ $password = OneTimePadDecrypt($password, $onetimepad);
+
+ if (($imap_auth_mech == 'cram-md5') OR ($imap_auth_mech == 'digest-md5')) {
+ // We're using some sort of authentication OTHER than plain or login
+ $tag=sqimap_session_id(false);
+ if ($imap_auth_mech == 'digest-md5') {
+ $query = $tag . " AUTHENTICATE DIGEST-MD5\r\n";
+ } elseif ($imap_auth_mech == 'cram-md5') {
+ $query = $tag . " AUTHENTICATE CRAM-MD5\r\n";
+ }
+ fputs($imap_stream,$query);
+ $answer=sqimap_fgets($imap_stream);
+ // Trim the "+ " off the front
+ $response=explode(" ",$answer,3);
+ if ($response[0] == '+') {
+ // Got a challenge back
+ $challenge=$response[1];
+ if ($imap_auth_mech == 'digest-md5') {
+ $reply = digest_md5_response($username,$password,$challenge,'imap',$host);
+ } elseif ($imap_auth_mech == 'cram-md5') {
+ $reply = cram_md5_response($username,$password,$challenge);
+ }
+ fputs($imap_stream,$reply);
+ $read=sqimap_fgets($imap_stream);
+ if ($imap_auth_mech == 'digest-md5') {
+ // DIGEST-MD5 has an extra step..
+ if (substr($read,0,1) == '+') { // OK so far..
+ fputs($imap_stream,"\r\n");
+ $read=sqimap_fgets($imap_stream);
+ }
+ }
+ $results=explode(" ",$read,3);
+ $response=$results[1];
+ $message=$results[2];
+ } else {
+ // Fake the response, so the error trap at the bottom will work
+ $response="BAD";
+ $message='IMAP server does not appear to support the authentication method selected.';
+ $message .= ' Please contact your system administrator.';
+ }
+ } elseif ($imap_auth_mech == 'login') {
+ // Original IMAP login code
+ $query = 'LOGIN "' . quoteimap($username) . '" "' . quoteimap($password) . '"';
+ $read = sqimap_run_command ($imap_stream, $query, false, $response, $message);
+ } elseif ($imap_auth_mech == 'plain') {
+ /***
+ * SASL PLAIN
+ *
+ * RFC 2595 Chapter 6
+ *
+ * The mechanism consists of a single message from the client to the
+ * server. The client sends the authorization identity (identity to
+ * login as), followed by a US-ASCII NUL character, followed by the
+ * authentication identity (identity whose password will be used),
+ * followed by a US-ASCII NUL character, followed by the clear-text
+ * password. The client may leave the authorization identity empty to
+ * indicate that it is the same as the authentication identity.
+ *
+ **/
+ $tag=sqimap_session_id(false);
+ $sasl = (isset($capability['SASL-IR']) && $capability['SASL-IR']) ? true : false;
+ $auth = base64_encode("$username\0$username\0$password");
+ if ($sasl) {
+ // IMAP Extension for SASL Initial Client Response
+ // <draft-siemborski-imap-sasl-initial-response-01b.txt>
+ $query = $tag . " AUTHENTICATE PLAIN $auth\r\n";
+ fputs($imap_stream, $query);
+ $read = sqimap_fgets($imap_stream);
+ } else {
+ $query = $tag . " AUTHENTICATE PLAIN\r\n";
+ fputs($imap_stream, $query);
+ $read=sqimap_fgets($imap_stream);
+ if (substr($read,0,1) == '+') { // OK so far..
+ fputs($imap_stream, "$auth\r\n");
+ $read = sqimap_fgets($imap_stream);
+ }
+ }
+ $results=explode(" ",$read,3);
+ $response=$results[1];
+ $message=$results[2];
+ } else {
+ $response="BAD";
+ $message="Internal SquirrelMail error - unknown IMAP authentication method chosen. Please contact the developers.";
+ }
+
+ /* If the connection was not successful, lets see why */
+ if ($response != 'OK') {
+ if (!$hide) {