From 029ec9dcb557db0c0bd309859a84364d550a467f Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Wed, 10 Jun 2015 15:45:49 +0000 Subject: [PATCH] * Setup: support mail authentication without PHP imap extension --- phpgwapi/inc/class.auth_mail.inc.php | 79 ++++++++++++++++---------- setup/inc/hook_config_validate.inc.php | 4 ++ setup/lang/egw_de.lang | 1 + setup/lang/egw_en.lang | 1 + setup/templates/default/config.tpl | 2 +- 5 files changed, 57 insertions(+), 30 deletions(-) diff --git a/phpgwapi/inc/class.auth_mail.inc.php b/phpgwapi/inc/class.auth_mail.inc.php index e66af43c53..0624758d2d 100644 --- a/phpgwapi/inc/class.auth_mail.inc.php +++ b/phpgwapi/inc/class.auth_mail.inc.php @@ -27,15 +27,13 @@ class auth_mail implements auth_backend * * @param string $username username of account to authenticate * @param string $passwd corresponding password - * @param string $passwd_type='text' 'text' for cleartext passwords (default) + * @param string $passwd_type ='text' 'text' for cleartext passwords (default) * @return boolean true if successful authenticated, false otherwise */ function authenticate($username, $passwd, $passwd_type='text') { unset($passwd_type); // not used but required by function signature - check_load_extension('imap', true); - switch ($GLOBALS['egw_info']['server']['mail_login_type']) { case 'vmailmgr': @@ -50,34 +48,57 @@ class auth_mail implements auth_backend } list($host, $port) = explode(':', $GLOBALS['egw_info']['server']['mail_server']); - switch ($GLOBALS['egw_info']['server']['mail_server_type']) - { - case 'imap': - default: - if (!isset($port)) $port = 143; - $mailauth = imap_open('{'.$host.':'.$port.'/imap/novalidate-cert}INBOX', $username , $passwd); - break; - case 'imaps': - if (!isset($port)) $port = 993; - $mailauth = imap_open('{'.$host.'/imap/ssl/novalidate-cert:'.$port.'}INBOX', $username , $passwd); - break; - case 'pop3': - if (!isset($port)) $port = 110; - $mailauth = imap_open('{'.$host.'/pop3/novalidate-cert:'.$port.'}INBOX', $username , $passwd); - break; - case 'pop3s': - if (!isset($port)) $port = 995; - $mailauth = imap_open('{'.$host.'/pop3/ssl/novalidate-cert:'.$port.'}INBOX', $username , $passwd); - break; - } - if (!$mailauth) + // use Horde_Imap_Client by default, to not require PHP imap extension anymore + if (class_exists('Horde_Imap_Client_Socket') && !in_array($GLOBALS['egw_info']['server']['mail_server_type'], array('pop', 'pops'))) { - return False; - } - imap_close($mailauth); + $imap = new Horde_Imap_Client_Socket(array( + 'username' => $username, + 'password' => $passwd, + 'hostspec' => $host, + 'port' => $port ? $port : ($GLOBALS['egw_info']['server']['mail_server_type'] == 'imaps' ? 993 : 143), + 'secure' => $GLOBALS['egw_info']['server']['mail_server_type'] == 'imaps' ? 'ssl' : 'tls', + )); + try { + $imap->login(); + $mailauth = true; + $imap->logout(); + } + catch(Horde_Imap_Client_Exception $e) { + // throw everything but authentication failed as exception + if ($e->getCode() != Horde_Imap_Client_Exception::LOGIN_AUTHENTICATIONFAILED) throw $e; - return True; + $mailauth = false; + } + error_log(__METHOD__."('$username', \$passwd) checked via Horde code returning ".array2string($mailauth)); + } + else + { + check_load_extension('imap', true); + + switch ($GLOBALS['egw_info']['server']['mail_server_type']) + { + case 'imap': + default: + if (!isset($port)) $port = 143; + $mailauth = imap_open('{'.$host.':'.$port.'/imap/novalidate-cert}INBOX', $username , $passwd); + break; + case 'imaps': + if (!isset($port)) $port = 993; + $mailauth = imap_open('{'.$host.'/imap/ssl/novalidate-cert:'.$port.'}INBOX', $username , $passwd); + break; + case 'pop3': + if (!isset($port)) $port = 110; + $mailauth = imap_open('{'.$host.'/pop3/novalidate-cert:'.$port.'}INBOX', $username , $passwd); + break; + case 'pop3s': + if (!isset($port)) $port = 995; + $mailauth = imap_open('{'.$host.'/pop3/ssl/novalidate-cert:'.$port.'}INBOX', $username , $passwd); + break; + } + if ($mailauth) imap_close($mailauth); + } + return !!$mailauth; } /** @@ -85,7 +106,7 @@ class auth_mail implements auth_backend * * @param string $old_passwd must be cleartext or empty to not to be checked * @param string $new_passwd must be cleartext - * @param int $account_id=0 account id of user whose passwd should be changed + * @param int $account_id =0 account id of user whose passwd should be changed * @return boolean true if password successful changed, false otherwise */ function change_password($old_passwd, $new_passwd, $account_id=0) diff --git a/setup/inc/hook_config_validate.inc.php b/setup/inc/hook_config_validate.inc.php index 11dfdfa43a..0aee59c656 100644 --- a/setup/inc/hook_config_validate.inc.php +++ b/setup/inc/hook_config_validate.inc.php @@ -33,6 +33,10 @@ function auth_type($settings) switch($settings['auth_type']) { case 'mail': + if (class_exists('Horde_Imap_Client_Socket') && !in_array($settings['mail_server_type'], array('pop', 'pops'))) + { + return; // we use Horde code instead of imap extension + } try { check_load_extension('imap', true); } diff --git a/setup/lang/egw_de.lang b/setup/lang/egw_de.lang index a456926f3a..9b26800787 100644 --- a/setup/lang/egw_de.lang +++ b/setup/lang/egw_de.lang @@ -337,6 +337,7 @@ if using ads (active directory) setup de Wenn Sie ADS (Active Directory) benutze if using cas (central authentication service): setup de Wenn Sie CAS (Central Authentication Service) benutzen if using ldap setup de Wenn Sie LDAP verwenden if using ldap, do you want to manage homedirectory and loginshell attributes? setup de Wenn Sie LDAP verwenden, wollen Sie Benutzerverzeichnisse und Kommandointerpreter verwalten ? +if using mail authentication setup de Wenn Sie Mail Authentifizierung verwenden if you can only access the docroot choose database for where to store the file content and use same path as for temporary files. setup de Wenn Sie nur die Documentroot erreichen können, wählen Sie bei Inhalt von Dateien speichern Datenbank UND benutzen Sie hier den Pfad für temporäre Dateien. if you did not receive any errors, your applications have been setup de Wenn Sie keine Fehlermeldungen erhalten, wurden Ihre Anwendungen if you did not receive any errors, your tables have been setup de Wenn Sie keine Fehlermeldungen erhalten, wurden Ihre Tabellen diff --git a/setup/lang/egw_en.lang b/setup/lang/egw_en.lang index a084783cea..9cf104d7cf 100644 --- a/setup/lang/egw_en.lang +++ b/setup/lang/egw_en.lang @@ -337,6 +337,7 @@ if using ads (active directory) setup en If using ADS (Active Directory) authent if using cas (central authentication service): setup en if using cas (Central Authentication Service): if using ldap setup en If using LDAP if using ldap, do you want to manage homedirectory and loginshell attributes? setup en If using LDAP, do you want to manage home directory and login shell attributes? +if using mail authentication setup en If using Mail authentication if you can only access the docroot choose database for where to store the file content and use same path as for temporary files. setup en If you can only access the docroot choose Database for where to store the file content AND use same path as for temporary files. if you did not receive any errors, your applications have been setup en If you did not receive any errors, your applications have been if you did not receive any errors, your tables have been setup en If you did not receive any errors, your tables have been diff --git a/setup/templates/default/config.tpl b/setup/templates/default/config.tpl index 65723c6abd..c8d73ffba8 100644 --- a/setup/templates/default/config.tpl +++ b/setup/templates/default/config.tpl @@ -444,7 +444,7 @@ - {lang_If_using_Mail_authentication_(requires_PHP_IMAP_extension!}: + {lang_If_using_Mail_authentication}: {lang_POP/IMAP_mail_server_hostname_or_IP_address}[:{lang_port}]: