summaryrefslogtreecommitdiff
path: root/program/include/rcube_imap_generic.php
diff options
context:
space:
mode:
authoralecpl <alec@alec.pl>2011-02-15 11:10:59 +0000
committeralecpl <alec@alec.pl>2011-02-15 11:10:59 +0000
commitab0b51a1fef87bcc643c3aaf2e635c811b28ccd8 (patch)
tree19bf76833555f8a799c7291783ea413c70ab64e5 /program/include/rcube_imap_generic.php
parentda142bb598f716dd9390eec3f2db0ef8d54fc991 (diff)
- Use only one from IMAP authentication methods to prevent login delays (1487784)
Diffstat (limited to 'program/include/rcube_imap_generic.php')
-rw-r--r--program/include/rcube_imap_generic.php25
1 files changed, 14 insertions, 11 deletions
diff --git a/program/include/rcube_imap_generic.php b/program/include/rcube_imap_generic.php
index e7a9cedf3..cc590e05a 100644
--- a/program/include/rcube_imap_generic.php
+++ b/program/include/rcube_imap_generic.php
@@ -782,6 +782,13 @@ class rcube_imap_generic
else if (!$login_disabled) {
$auth_methods[] = 'LOGIN';
}
+
+ // Use best (for security) supported authentication method
+ foreach (array('DIGEST-MD5', 'CRAM-MD5', 'CRAM_MD5', 'PLAIN', 'LOGIN') as $auth_method) {
+ if (in_array($auth_method, $auth_methods)) {
+ break;
+ }
+ }
}
else {
// Prevent from sending credentials in plain text when connection is not secure
@@ -791,32 +798,28 @@ class rcube_imap_generic
return false;
}
// replace AUTH with CRAM-MD5 for backward compat.
- $auth_methods[] = $auth_method == 'AUTH' ? 'CRAM-MD5' : $auth_method;
+ if ($auth_method == 'AUTH') {
+ $auth_method = 'CRAM-MD5';
+ }
}
// pre-login capabilities can be not complete
$this->capability_readed = false;
// Authenticate
- foreach ($auth_methods as $method) {
- switch ($method) {
+ switch ($auth_method) {
case 'CRAM_MD5':
- $method = 'CRAM-MD5';
+ $auth_method = 'CRAM-MD5';
case 'CRAM-MD5':
case 'DIGEST-MD5':
case 'PLAIN':
- $result = $this->authenticate($user, $password, $method);
+ $result = $this->authenticate($user, $password, $auth_method);
break;
case 'LOGIN':
$result = $this->login($user, $password);
break;
default:
- $this->setError(self::ERROR_BAD, "Configuration error. Unknown auth method: $method");
- }
-
- if (is_resource($result)) {
- break;
- }
+ $this->setError(self::ERROR_BAD, "Configuration error. Unknown auth method: $auth_method");
}
// Connected and authenticated