<?php
/**
 *     File: imp/_custom/imp_sql_auth.php v1.0
 *  Created: 2002/04/10
 * Modified: 2002/04/12
 * See http://vkinetic.com/hordedev for current version and information.
 *
 * Copyright 2002 Ben Gerber <ben@vkinetic.com>
 * See http://www.fsf.org/copyleft/gpl.html for license information (GPL).
 *
 *
 * This code uses mySQL data types and functions.
 * This code uses the standard horde_users table and a custom table:
 *
 * CREATE TABLE custom_imp_users (
 *     id              mediumint not null auto_increment,
 *     horde_user_uid  varchar(255) not null,
 *     imp_imapuser    varchar(20) not null,
 *     imp_pass        blob not null,
 *     imp_server      varchar(20) not null,
 *     enabled         bool not null,
 *     last_updated timestamp(14),
 *     primary key (id),
 *     index (horde_user_uid)
 * );
 *
 * Note that horde_user_uid is not unique, allowing for future use of this
 * table to support multiple e-mail accounts per horde_user_uid.
 * Currently, the first row returned for a valid login will be used.
 *
 *
 * ./key.php contains the secret key for encoding/decoding the stored pop/imap passwords
 *
 *
 * Place this line of code in between lines 110 and 112 of
 * imp/lib/IMP.php,v 1.198.2.4 2001/11/18 (in distribution of IMP 3.0):
 * ___
 *         include_once IMP_BASE . '/_custom/imp_sql_auth.php';
 * ___
 *
 *
 * You probably want to let IMP handle the authentication for Horde:
 * see horde/config/registry.php
 *
 *
 * Enable ['server']['server_list'] and ['server']['server_list_hidden']
 * in imp/config/conf.php; this produces a login screen requiring only
 * a username and password.  Or, use an alternate login screen.
 *
 */

// set these
$_custom_enable_custom_auth = true;   // true = use this custom authentication; false = standard IMP behavior
$_custom_db_name = 'horde';
$_custom_db_host = 'localhost';
$_custom_db_user = 'horde';           // (optionally, a read-only user)
$_custom_db_pass = '*****';


if ($_custom_enable_custom_auth) {

    $_custom_user_uid  = trim($HTTP_POST_VARS['imapuser']);
    $_custom_user_pass = trim($HTTP_POST_VARS['pass']);

    $_custom_db = mysql_connect($_custom_db_host, $_custom_db_user, $_custom_db_pass);
    mysql_select_db($_custom_db_name, $_custom_db);

    require_once 'key.php';

    $_custom_result = mysql_query("SELECT
                                   imp_imapuser,
                                   decode(imp_pass, '$_custom_key'),
                                   imp_server
                                   FROM horde_users, custom_imp_users
                                   WHERE user_uid = '$_custom_user_uid'
                                   AND user_pass = md5('$_custom_user_pass')
                                   AND horde_user_uid = user_uid
                                   AND enabled = 1",
                                   $_custom_db);

    if ( $_custom_row = mysql_fetch_row($_custom_result) ) {

        $_custom_imp_imapuser = $_custom_row[0];
        $_custom_imp_pass     = $_custom_row[1];
        $_custom_imp_server   = $_custom_row[2];                

    } else {

        $_custom_imp_imapuser = null;
        $_custom_imp_pass     = null;
        $_custom_imp_server   = null;    

    }

} else {

    $_custom_imp_imapuser = trim($HTTP_POST_VARS['imapuser']);
    $_custom_imp_pass     = trim($HTTP_POST_VARS['pass']);
    $_custom_imp_server   = trim($HTTP_POST_VARS['server']);

}

$HTTP_POST_VARS['imapuser'] = $_custom_imp_imapuser;
$HTTP_POST_VARS['pass']     = $_custom_imp_pass;
$HTTP_POST_VARS['server']   = $_custom_imp_server;

?>