/functions/auth.php

Description

auth.php

Contains functions used to do authentication.

Functions
cram_md5_response (line 141)

Given the challenge from the server, supply the response using cram-md5 (See RFC 2195 for details)

  • return: The response to be sent to the IMAP server
string cram_md5_response (string $username, string $password, string $challenge)
  • string $username: User ID
  • string $password: User password supplied by User
  • string $challenge: The challenge supplied by the server
digest_md5_parse_challenge (line 226)

Parse Digest-MD5 challenge.

This function parses the challenge sent during DIGEST-MD5 authentication and returns an array. See the RFC for details on what's in the challenge string.

  • return: Digest-MD5 challenge decoded data
array digest_md5_parse_challenge (string $challenge)
  • string $challenge: Digest-MD5 Challenge
digest_md5_response (line 165)

Return Digest-MD5 response.

Given the challenge from the server, calculate and return the response-string for digest-md5 authentication. (See RFC 2831 for more details)

  • return: The response to be sent to the IMAP server
  • since: 1.4.0
string digest_md5_response (string $username, string $password, string $challenge, string $service, string $host, [string $authz = ''])
  • string $username: User ID
  • string $password: User password supplied by User
  • string $challenge: The challenge supplied by the server
  • string $service: The service name, usually 'imap'; it is used to define the digest-uri.
  • string $host: The host name, usually the server's FQDN; it is used to define the digest-uri.
  • string $authz: Authorization ID (since 1.4.23)
get_smtp_user (line 354)

Fillin user and password based on SMTP auth settings.

  • since: 1.4.11
void get_smtp_user ( &$user,  &$pass, string $user, string $pass)
  • string $user: Reference to SMTP username
  • string $pass: Reference to SMTP password (unencrypted)
  • &$user
  • &$pass
hmac_md5 (line 273)

Creates a HMAC digest that can be used for auth purposes See RFCs 2104, 2617, 2831 Uses mhash() extension if available

  • return: HMAC Digest string
string hmac_md5 (string $data, [string $key = ''])
  • string $data: Data to apply hash function to.
  • string $key: Optional key, which, if supplied, will be used to calculate data's HMAC.
is_logged_in (line 58)

Check if user has previously logged in to the SquirrelMail session. If user has not logged in, execution will stop inside this function.

This function optionally checks the referrer of this page request. If the administrator wants to impose a check that the referrer of this page request is another page on the same domain (otherwise, the page request is likely the result of a XSS or phishing attack), then they need to specify the acceptable referrer domain in a variable named $check_referrer in config/config.php (or the configuration tool) for which the value is usually the same as the $domain setting (for example: $check_referrer = 'example.com'; However, in some cases (where proxy servers are in use, etc.), the acceptable referrer might be different. If $check_referrer is set to "###DOMAIN###", then the current value of $domain is used (useful in situations where $domain might change at runtime (when using the Login Manager plugin to host multiple domains with one SquirrelMail installation, for example)): $check_referrer = '###DOMAIN###'; NOTE HOWEVER, that referrer checks are not foolproof - they can be spoofed by browsers, and some browsers intentionally don't send them, in which case SquirrelMail silently ignores referrer checks.

  • return: This function returns ONLY if user has previously logged in successfully (otherwise, execution terminates herein).
void is_logged_in ()
sqauth_read_password (line 303)

Reads and decodes stored user password information

Direct access to password information is deprecated.

  • return: password in plain text
  • since: 1.4.11
string sqauth_read_password ()
sqauth_save_password (line 337)

Saves or updates user password information

This function is used to update the password information that SquirrelMail stores in the existing PHP session. It does NOT modify the password stored in the authentication system used by the IMAP server.

This function must be called before any html output is started. Direct access to password information is deprecated. The saved password information is available only to the SquirrelMail script that is called/executed AFTER the current one. If your script needs access to the saved password after a sqauth_save_password() call, use the returned OTP encrypted key.

  • return: Password encrypted with OTP. In case the script wants to access the password information before the end of its execution.
  • since: 1.4.16
string sqauth_save_password (string $pass)
  • string $pass: password

Documentation generated on Fri, 25 Jul 2014 04:20:23 +0200 by phpDocumentor 1.4.3