Added host auto-selection and correct password encoding for IMAP login

3 files changed, 46 insertions, 7 deletions

diff --git a/index.php b/index.php
index 4bf9d9487..da92874a2 100644
--- a/index.php
+++ b/index.php
@@ -166,7 +166,7 @@ if ($_action=='html2text')
 // try to log in
 if ($_action=='login' && $_task=='mail')
   {
-  $host = $_POST['_host'] ? $_POST['_host'] : $CONFIG['default_host'];
+  $host = rcmail_autoselect_host();
   
   // check if client supports cookies
   if (empty($_COOKIE))
@@ -174,7 +174,8 @@ if ($_action=='login' && $_task=='mail')
     show_message("cookiesdisabled", 'warning');
     }
   else if (isset($_POST['_user']) && isset($_POST['_pass']) &&
-           rcmail_login(get_input_value('_user', RCUBE_INPUT_POST), $_POST['_pass'], $host))
+           rcmail_login(get_input_value('_user', RCUBE_INPUT_POST),
+              get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1'), $host))
     {
     // send redirect
     header("Location: $COMM_PATH");
diff --git a/program/include/main.inc b/program/include/main.inc
index 55336fd30..9cf1f6767 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -413,6 +413,34 @@ function rcmail_set_locale($lang)
   }
 
 
+// auto-select IMAP host based on the posted login information
+function rcmail_autoselect_host()
+  {
+  global $CONFIG;
+  
+  $host = isset($_POST['_host']) ? get_input_value('_host', RCUBE_INPUT_POST) : $CONFIG['default_host'];
+  if (is_array($host))
+    {
+    list($user, $domain) = explode('@', get_input_value('_user', RCUBE_INPUT_POST));
+    if (!empty($domain))
+      {
+      foreach ($host as $imap_host => $mail_domains)
+        if (is_array($mail_domains) && in_array($domain, $mail_domains))
+          {
+          $host = $imap_host;
+          break;
+          }
+      }
+
+    // take the first entry if $host is still an array
+    if (is_array($host))
+      $host = array_shift($host);
+    }
+  
+  return $host;
+  }
+
+
 // perfom login to the IMAP server and to the webmail service
 function rcmail_login($user, $pass, $host=NULL)
   {
@@ -1732,14 +1760,22 @@ function rcmail_login_form($attrib)
     $select_host = new select(array('name' => '_host', 'id' => 'rcmloginhost'));
     
     foreach ($CONFIG['default_host'] as $key => $value)
-      $select_host->add($value, (is_numeric($key) ? $value : $key));
+    {
+      if (!is_array($value))
+        $select_host->add($value, (is_numeric($key) ? $value : $key));
+      else
+        {
+        unset($select_host);
+        break;
+        }
+    }
       
-    $fields['host'] = $select_host->show($_POST['_host']);
+    $fields['host'] = isset($select_host) ? $select_host->show($_POST['_host']) : null;
     }
   else if (!strlen($CONFIG['default_host']))
     {
-	$input_host = new textfield(array('name' => '_host', 'id' => 'rcmloginhost', 'size' => 30));
-	$fields['host'] = $input_host->show($_POST['_host']);
+    $input_host = new textfield(array('name' => '_host', 'id' => 'rcmloginhost', 'size' => 30));
+    $fields['host'] = $input_host->show($_POST['_host']);
     }
 
   $form_name = strlen($attrib['form']) ? $attrib['form'] : 'form';
diff --git a/program/lib/imap.inc b/program/lib/imap.inc
index caa1d2721..6bc47a198 100644
--- a/program/lib/imap.inc
+++ b/program/lib/imap.inc
@@ -39,6 +39,7 @@
 		- Added BCC and REFERENCE to the list of headers to fetch in iil_C_FetchHeaders()
 		- Leave messageID unchanged in iil_C_FetchHeaders()
 		- Avoid stripslahes in iil_Connect()
+		- Escape quotes and backslashes in iil_C_Login()
 		- Added patch to iil_SortHeaders() by Richard Green
 		- Removed <br> from error messages (better for logging)
 		- Added patch to iil_C_Sort() enabling UID SORT commands
@@ -225,8 +226,9 @@ function iil_C_Authenticate(&$conn, $user, $pass, $encChallenge){
 
 function iil_C_Login(&$conn, $user, $password){
 
+    $password = strtr($password, array('"'=>'\\"', '\\' => '\\\\'));  
     fputs($conn->fp, "a001 LOGIN $user \"$password\"\r\n");
-		
+
 	do{
 	    $line = iil_ReadReply($conn->fp);
 	}while(!iil_StartsWith($line, "a001 "));