diff options
Diffstat (limited to 'program')
-rw-r--r-- | program/include/rcube_imap_generic.php | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/program/include/rcube_imap_generic.php b/program/include/rcube_imap_generic.php index e7a9cedf3..cc590e05a 100644 --- a/program/include/rcube_imap_generic.php +++ b/program/include/rcube_imap_generic.php @@ -782,6 +782,13 @@ class rcube_imap_generic else if (!$login_disabled) { $auth_methods[] = 'LOGIN'; } + + // Use best (for security) supported authentication method + foreach (array('DIGEST-MD5', 'CRAM-MD5', 'CRAM_MD5', 'PLAIN', 'LOGIN') as $auth_method) { + if (in_array($auth_method, $auth_methods)) { + break; + } + } } else { // Prevent from sending credentials in plain text when connection is not secure @@ -791,32 +798,28 @@ class rcube_imap_generic return false; } // replace AUTH with CRAM-MD5 for backward compat. - $auth_methods[] = $auth_method == 'AUTH' ? 'CRAM-MD5' : $auth_method; + if ($auth_method == 'AUTH') { + $auth_method = 'CRAM-MD5'; + } } // pre-login capabilities can be not complete $this->capability_readed = false; // Authenticate - foreach ($auth_methods as $method) { - switch ($method) { + switch ($auth_method) { case 'CRAM_MD5': - $method = 'CRAM-MD5'; + $auth_method = 'CRAM-MD5'; case 'CRAM-MD5': case 'DIGEST-MD5': case 'PLAIN': - $result = $this->authenticate($user, $password, $method); + $result = $this->authenticate($user, $password, $auth_method); break; case 'LOGIN': $result = $this->login($user, $password); break; default: - $this->setError(self::ERROR_BAD, "Configuration error. Unknown auth method: $method"); - } - - if (is_resource($result)) { - break; - } + $this->setError(self::ERROR_BAD, "Configuration error. Unknown auth method: $auth_method"); } // Connected and authenticated |