Authenticate login using POP3

[hafizi]

Hi there,

I've been searching lots of forum system as requested by the faculty where i'm working, and later figure out that phpBB is my best bet.

However, there's some problem that doesn't satisfy the management....

We already have a POP3 service on the same server, therefore they want to access using the same username and password used for accessing their email.

They requested that the username would be the same as the email.

Is there any solution for this?

I know that POP3 authentication is possible from this article. I tried to modify the includes/auth/auth_ldap.php, but later got confused. I'm sure it could be implemented there using fsockopen or something.

Could anyone help me please???

Thank you very much

[Freitag]

Google is your friend

Some ideas discussed here (5th hit)
http://drupal.org/node/27245

For this one they may have also solved the issue, but I cant tell (3rd hit)
http://www.phpclasses.org/browse/package/4291.html

This one seems the most promising? (6th hit)
Cached Copy

Happy coding!

Oh and when you get it working, I bet that tons of folks would love it as a MOD!!

[hafizi]

Thank you for the prompt reply.

Yes, I found a couple solutions for this, but only standalone PHP script. For example, this one is for basic HTTP Authentication;

Code: Select all

<?
/*

HTTP Basic Authentication using POP3

POP servers should be RFC 1939 Compliant and return
'+OK <whatever>' on success and '-ERR <whatever>' on failure.

YMMV of course.

I don't support this, don't ask me questions, yadda yadda
All this script does is authenticate - what you do from there
is up to you. I just really didn't want system password files
used for web authentication - which is a "Really Bad Idea".

Public Domain Source code - use as you see fit.

05-Oct-1998
joe@blarg.net


*/

$REALM = "My Realm";
$POPSERVER = 'pop3.yourdomain.com'; // Change this, please.

$LOGERRORS = 1; // Comment this line out to NOT log
// Authentication errors.
// Logs to STDERR - could use syslog
// with minor tweaking.

if(!isset($PHP_AUTH_USER)) {
Header("WWW-Authenticate: Basic realm=\"$REALM\"");
Header("HTTP/1.0 401 Unauthorized");
echo "<H1>Authorization Required</H1>\n";
exit;
} else {
$fp = fsockopen("$POPSERVER", 110, &$errno, &$errstr);
if(!$fp) {
if (isset($LOGERRORS)) {
error_log("AUTH ERROR ($PHP_AUTH_USER/$PHP_AUTH_PW) Connection Failure",0);
error_log("POP3 ERROR [$errno] [$errstr]",0);
}
Header("WWW-Authenticate: Basic realm=\"$REALM\"");
Header("HTTP/1.0 401 Auth Required");
echo "<H1>Authorization Required</H1>\n";
exit;
} else {

set_socket_blocking($fp,-1); // Turn off blocking

/*
Clear the POP server's Banner Text.
eg.. '+OK Welcome to <server name> etc etc'
*/

$trash = fgets($fp,128); // Trash to hold the banner

fwrite($fp,"USER $PHP_AUTH_USER\r\n"); // POP3 USER CMD

$user = fgets($fp,128);
$user = ereg_replace("\n","",$user);

if ( ereg ("^\+OK(.+)", $user ) ) {

fwrite($fp,"PASS $PHP_AUTH_PW\r\n"); // POP3 PASS CMD
$pass = fgets($fp,128);
$pass = ereg_replace("\n","",$pass);

if ( ereg ("^\+OK(.+)", $pass ) ) {




// User has successfully authenticated

echo "<BR>Authenticated: $pass<BR>\n";

if (isset($LOGERRORS)) {
error_log("AUTH OK: $PHP_AUTH_USER",0);
}


} else {
if (isset($LOGERRORS)) {
error_log("AUTH ERROR ($PHP_AUTH_USER/$PHP_AUTH_PW)",0);
error_log("POP3 ERROR $pass",0);
}
Header("WWW-Authenticate: Basic realm=\"$REALM\"");
Header("HTTP/1.0 401 Auth Required");
echo "<H1>Authorization Required</H1>\n";
exit;
}

} else {
if (isset($LOGERRORS)) {
error_log("AUTH ERROR ($PHP_AUTH_USER/$PHP_AUTH_PW)",0);
error_log("POP3 ERROR [$user]",0);
}
Header("WWW-Authenticate: Basic realm=\"$REALM\"");
Header("HTTP/1.0 401 Auth Required");
echo "<H1>Authorization Required</H1>\n";
exit;
}

fwrite($fp,"QUIT\r\n");
fclose($fp);

}

}

?>

I consider myself a good PHP programmer, however, I really don't have any experience in dealing with phpBB coding system, let alone modifying it's login system.

That's the thing

[naderman]

Take a look at http://wiki.phpbb.com/Authentication_plugins