Hello
I am looking over the .php files to try to figure out
how exactly SquirrelMail handles passwords.
I have looked for some sort of whitepaper on
sourceforge and on the squirrel mail site itself. I
search the mail list also. Sorry if i have missed it.
If so please direct me to that.
Anway from what i have seen in the php files it
appears the value $key is populated by a cookie which
is obtained from the password field in login.php
I tried echoing the $key and it is the exact contents
of the cookie itself. It appears to be garbage or
perhaps an encrypted password.
I also see $password and $pass mentioned along with
$username, $user in situations where it appears to be
sending login info to the imap or smtp server (in
auth.php and Deliver_SMTP.class.php for example).
I insert a line where it echos those variables to a
file and I get nothing.
How is the password being passed? Is there another
function being used to translate the $key into $pass
or something like that?
By the way my IMAP Authentication type is login, and
my SMTP Authentication is none. I am not concerned
about the encrypting/decrypting of the md5 etc. Just
how SquirrelMail handles the KEY cookie and get the
password set to a variable from that.
Thank you for any light you may be able to shed on
this question.
Regards
Brian
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
--
squirrelmail-users mailing list
List Address: [EMAIL PROTECTED]
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
