Source for file auth.php
Documentation is available at auth.php
* Contains functions used to do authentication.
* @copyright © 1999-2006 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id: auth.php,v 1.34.2.12 2006/08/03 14:48:09 kink Exp $
/** Put in a safety net here, in case a naughty admin didn't run conf.pl when they upgraded */
if (! isset
($smtp_auth_mech)) {
$smtp_auth_mech =
'none';
if (! isset
($imap_auth_mech)) {
$imap_auth_mech =
'login';
if (! isset
($use_imap_tls)) {
if (! isset
($use_smtp_tls)) {
* Check if user has previously logged in to the SquirrelMail session. If user
* has not logged in, execution will stop inside this function.
* @return int A positive value is returned if user has previously logged in
global $PHP_SELF, $HTTP_POST_VARS, $_POST, $session_expired_post,
$session_expired_location, $squirrelmail_language;
// First we store some information in the new session to prevent
$session_expired_post =
$HTTP_POST_VARS;
$session_expired_post =
$_POST;
$session_expired_location =
$PHP_SELF;
// signout page will deal with users who aren't logged
// in on its own; don't show error here
if (strpos($PHP_SELF, 'signout.php') !==
FALSE) {
include_once( SM_PATH .
'functions/display_messages.php' );
* Given the challenge from the server, supply the response using cram-md5 (See
* @param string $username User ID
* @param string $password User password supplied by User
* @param string $challenge The challenge supplied by the server
* @return string The response to be sent to the IMAP server
* Return Digest-MD5 response.
* Given the challenge from the server, calculate and return the
* response-string for digest-md5 authentication. (See RFC 2831 for more
* @param string $username User ID
* @param string $password User password supplied by User
* @param string $challenge The challenge supplied by the server
* @param string $service The service name, usually 'imap'; it is used to
* @param string $host The host name, usually the server's FQDN; it is used to
* @return string The response to be sent to the IMAP server
// verify server supports qop=auth
// $qop = explode(",",$result['qop']);
//if (!in_array("auth",$qop)) {
// rfc2831: client MUST fail if no qop methods supported
/* This can be auth (authentication only), auth-int (integrity protection), or
auth-conf (confidentiality protection). Right now only auth is supported.
DO NOT CHANGE THIS VALUE */
$digest_uri_value =
$service .
'/' .
$host;
// build the $response_value
//FIXME This will probably break badly if a server sends more than one realm
$A1 =
$string_a1 .
":" .
$result['nonce'] .
":" .
$cnonce;
$A2 =
"AUTHENTICATE:$digest_uri_value";
// If qop is auth-int or auth-conf, A2 gets a little extra
if ($qop_value !=
'auth') {
$A2 .=
':00000000000000000000000000000000';
$string_response =
$result['nonce'] .
':' .
$ncount .
':' .
$cnonce .
':' .
$qop_value;
$reply =
'charset=utf-8,username="' .
$username .
'",realm="' .
$result["realm"] .
'",';
$reply .=
'nonce="' .
$result['nonce'] .
'",nc=' .
$ncount .
',cnonce="' .
$cnonce .
'",';
$reply .=
"digest-uri=\"$digest_uri_value\",response=$response_value";
$reply .=
',qop=' .
$qop_value;
* Parse Digest-MD5 challenge.
* This function parses the challenge sent during DIGEST-MD5 authentication and
* returns an array. See the RFC for details on what's in the challenge string.
* @param string $challenge Digest-MD5 Challenge
* @return array Digest-MD5 challenge decoded data
while (isset
($challenge)) {
if ($challenge{0} ==
',') { // First char is a comma, must not be 1st time through loop
$challenge=
substr($challenge,1);
if ($challenge{0} ==
'"') {
// We're in a quoted value
// Drop the first quote, since we don't care about it
$challenge=
substr($challenge,1);
// Now explode() to the next quote, which is the end of our value
$challenge=
$val[1]; // The rest of the challenge, work on it in next iteration of loop
// Now, for those quoted values that are only 1 piece..
$value=
$value[0]; // Convert to non-array
// We're in a "simple" value - explode to next comma
* Creates a HMAC digest that can be used for auth purposes
* See RFCs 2104, 2617, 2831
* Uses mhash() extension if available
* @param string $data Data to apply hash function to.
* @param string $key Optional key, which, if supplied, will be used to
* @return string HMAC Digest string
$mhash=
mhash(MHASH_MD5,$data);
$mhash=
mhash(MHASH_MD5,$data,$key);
/* Heh, let's get recursive. */
Documentation generated on Sat, 07 Oct 2006 16:29:56 +0300 by phpDocumentor 1.3.0RC6