File/nasmail/functions/auth.php

Description
Description | Functions

auth.php

Contains functions used to do authentication.

Depends on:

  • functions/global.php
  • functions/strings.php
  • functions/i18n.php
  • functions/display_messages.php
  • mhash extension, optional. have failsafe function

  • version: $Id: auth.php 1428 2009-01-13 10:14:30Z tokul $
  • copyright: (c) 1999-2006 The SquirrelMail Project Team
  • copyright: (c) 2006-2008 The NaSMail Project
  • license: GNU Public License
Functions
Description | Functions
cram_md5_response (line 73)

Given the challenge from the server, supply the response using cram-md5 (See RFC 2195 for details)

  • return: The response to be sent to the IMAP server
string cram_md5_response (string $username, string $password, string $challenge)
  • string $username: User ID
  • string $password: User password supplied by User
  • string $challenge: The challenge supplied by the server
digest_md5_parse_challenge (line 152)

Parse Digest-MD5 challenge.

This function parses the challenge sent during DIGEST-MD5 authentication and returns an array. See the RFC for details on what's in the challenge string.

  • return: Digest-MD5 challenge decoded data
  • todo: handle multiple replies with same key (realm)
array digest_md5_parse_challenge (string $challenge)
  • string $challenge: Digest-MD5 Challenge
digest_md5_response (line 97)

Return Digest-MD5 response.

Given the challenge from the server, calculate and return the response-string for digest-md5 authentication. (See RFC 2831 for more details)

  • return: The response to be sent to the IMAP server
  • todo: add multiple realms support.
  • todo: don't send charset to server's that don't support utf-8
string digest_md5_response (string $username, string $password, string $challenge, string $service, string $host)
  • string $username: User ID
  • string $password: User password supplied by User
  • string $challenge: The challenge supplied by the server
  • string $service: The service name, usually 'imap'; it is used to define the digest-uri.
  • string $host: The host name, usually the server's FQDN; it is used to define the digest-uri.
get_smtp_user (line 228)

Fillin user and password based on SMTP auth settings.

void get_smtp_user (string &$user, string &$pass)
  • string &$user: Reference to SMTP username
  • string &$pass: Reference to SMTP password (unencrypted)
hmac_md5 (line 198)

Creates a HMAC digest that can be used for auth purposes See RFCs 2104, 2617, 2831 Uses mhash() extension if available

  • return: HMAC Digest string
string hmac_md5 (string $data, [string $key = ''])
  • string $data: Data to apply hash function to.
  • string $key: Optional key, which, if supplied, will be used to calculate data's HMAC.
is_logged_in (line 27)

Check if user has previously logged in to the SquirrelMail session. If user has not logged in, execution will stop inside this function.

boolean is_logged_in ()
nsm_auth_delete_password (line 346)

Removes saved password information.

Function must be executed before html output is started.

  • since: 1.2
void nsm_auth_delete_password ([integer $flag = 3])
  • integer $flag: 1 - delete password, 2 - delete otp, 3 - delete both
nsm_auth_read_key (line 295)

Reads encrypted pass password

  • return: one time pad
  • since: 1.2
string nsm_auth_read_key ()
nsm_auth_read_otp (line 283)

Reads key used to encrypt password

Function works only since 1.3

  • return: one time pad
  • since: 1.2
string nsm_auth_read_otp ()
nsm_auth_read_password (line 264)

Reads and decodes stored user password information

Direct access to password information is deprecated.

  • return: password in plain text
  • since: 1.2
string nsm_auth_read_password ()
nsm_auth_save_password (line 314)

Saves password Function must be executed before html output is started.

  • return: false on failure, true on success. Please note that in some cases (read only session, blocked cookies) script might report success even when operation fails.
  • since: 1.2
boolean nsm_auth_save_password (string $password)
  • string $password: user's password
nsm_check_httponly_cookies (line 375)

Checks for HTTPOnly cookie support in browsers.

Check works only when function is able to detect used browser.

Broken browsers: * Mozilla/4.0 (compatible; MSIE 5.23; Mac_PowerPC)

  • return: True = no known issues, False = broken httponly cookie support
  • since: 1.6
boolean nsm_check_httponly_cookies ()
sqauth_read_password (line 253)

Reads and decodes stored user password information

Direct access to password information is deprecated.

  • return: password in plain text
  • deprecated: 1.2 - 2007.06.14 function was renamed to nsm_auth_read_password() for consistency.
string sqauth_read_password ()

Documentation generated on Sun, 22 Nov 2009 17:36:17 +0200 by phpDocumentor 1.4.3