Added a much better fix for the IE/SSL problem. No security hazards

[squirrelmail.git] / src / redirect.php

diff --git a/src/redirect.php b/src/redirect.php
index 8075f360fa3e80eeac5282b8c2c59cae5088a188..868d05759578f42a8740e47c685ce4cd6caeda50 100644 (file)
--- a/src/redirect.php
+++ b/src/redirect.php
@@ -14,6 +14,7 @@
 
    if (!isset($strings_php))
       include ("../functions/strings.php");
+include("../config/config.php");
 
    // Before starting the session, the base URI must be known.
    // Assuming that this file is in the src/ subdirectory (or
@@ -29,7 +30,7 @@
 
    session_register ("base_uri");
 
-   if(!isset($username)) {
+   if(!isset($login_username)) {
       exit;
    }
 
@@ -56,10 +57,15 @@
       $key = OneTimePadEncrypt($secretkey, $onetimepad);
       session_register("onetimepad");
       // verify that username and password are correct
-      $imapConnection = sqimap_login($username, quotemeta($key), $imapServerAddress, $imapPort, 0);
+      if ($force_username_lowercase)
+          $login_username = strtolower($login_username);
+      $imapConnection = sqimap_login($login_username, $key, $imapServerAddress, $imapPort, 0);
+         if (!$imapConnection) {
+               exit;
+         }
       sqimap_logout($imapConnection);
 
-      setcookie("username", $username, 0, $base_uri);
+      setcookie("username", $login_username, 0, $base_uri);
       setcookie("key", $key, 0, $base_uri);
       setcookie("logged_in", 1, 0, $base_uri);
       do_hook ("login_verified");