search

kevinoid / auth-mailbox-joomla

Plugin for Joomla! to authenticate users against a mail server using IMAP, NNTP, or POP3.
GNU General Public License v2.0
6 stars 0 forks source link

POP not working correctly #2

Closed natxocc closed 12 years ago

natxocc commented 12 years ago

The programs doesn't work with IMAP nor POP with me. I have select POP to confirm user but need some changes: I have made some mods:

    $mailboxParts[] = '/service=' . $this->params->get('mail_protocol');
    if ($this->params->get('mail_protocol')=="IMAP") {
    $mailboxParts[] = '/readonly';
    }

    switch ($this->params->get('mail_encryption')) {
        case 0:
            $mailboxParts[] = '/notls';
            $unsecure=1;
            break;
        case 2:
            $mailboxParts[] = '/tls';
            break;
        case 3:
            $mailboxParts[] = '/ssl';
            break;
        default:
            $unsecure=1;
            // For 1 (TLS Optional) and default case, no flag necessary
            break;
    }
    if (!$this->params->get('mail_allow_plaintext')) {
        if (!$unsecure){
        $mailboxParts[] = '/secure';
        }
    }

    if ($this->params->get('mail_validate_cert')) {
        $mailboxParts[] = '/validate-cert';
    } else {
        if (!$unsecure)
        {
        $mailboxParts[] = '/novalidate-cert';
        }
    }

    $mailboxParts[] = '}';

    return imap_utf7_encode(implode('', $mailboxParts));
}

I have remove mailboxopts here, but needs to have a condition if using POP don't use mailboxopts as have problems with detecting POP. $mailboxStream = @imap_open( $mailboxStr, $username, $credentials['password'] );

PD: I'm not a programmer, only like to do it. If I have and error o security problem, please modify as you need.

kevinoid commented 12 years ago

Thank you for the bug report. I have tested it and found that POP3 support was indeed broken by requesting read-only connections, which is not supported for POP3 by PHP IMAP. I have committed the fix and issued a new release (v1.0.4). Please let me know if this does not fix the problem you are reporting.

I did not make the changes included in your code to only allow plaintext with SSL/TLS because, unfortunately, there are many servers which require this behavior. I also did not include your change to only omit certificate validation with "/notls" or the default encryption mode. Omitting it in default mode is common and legitimate. With "/notls" it has no effect, so I may change it if there is reason to do so. Let me know if there is need for this change.

Thanks!

kevinoid commented 12 years ago

I will assume that version 1.0.4 has successfully fixed the issue. If this issue still remains, please reopen this bug report.