Comunic/comunic
1
0
Fork 0
mirror of https://github.com/pierre42100/comunic synced 2025-11-04 12:14:10 +00:00
Code Issues Projects Releases Wiki Activity

First commit

Browse Source
This commit is contained in:
Pierre Hubert
2016-11-19 12:08:12 +01:00
commit 990540b2b9
4706 changed files with 931207 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
3rdparty/phpmailer/extras/EasyPeasyICS.php vendored Executable file
View File

@@ -0,0 +1,90 @@
<?php
/* ------------------------------------------------------------------------ */
/* EasyPeasyICS
/* ------------------------------------------------------------------------ */
/* Manuel Reinhard, manu@sprain.ch
/* Twitter: @sprain
/* Web: www.sprain.ch
/*
/* Built with inspiration by
/" http://stackoverflow.com/questions/1463480/how-can-i-use-php-to-dynamically-publish-an-ical-file-to-be-read-by-google-calend/1464355#1464355
/* ------------------------------------------------------------------------ */
/* History:
/* 2010/12/17 - Manuel Reinhard - when it all started
/* ------------------------------------------------------------------------ */
class EasyPeasyICS {
protected $calendarName;
protected $events = array();
/**
* Constructor
* @param string $calendarName
*/
public function __construct($calendarName=""){
$this->calendarName = $calendarName;
}//function
/**
* Add event to calendar
* @param string $calendarName
*/
public function addEvent($start, $end, $summary="", $description="", $url=""){
$this->events[] = array(
"start" => $start,
"end" => $end,
"summary" => $summary,
"description" => $description,
"url" => $url
);
}//function
public function render($output = true){
//start Variable
$ics = "";
//Add header
$ics .= "BEGIN:VCALENDAR
METHOD:PUBLISH
VERSION:2.0
X-WR-CALNAME:".$this->calendarName."
PRODID:-//hacksw/handcal//NONSGML v1.0//EN";
//Add events
foreach($this->events as $event){
$ics .= "
BEGIN:VEVENT
UID:". md5(uniqid(mt_rand(), true)) ."@EasyPeasyICS.php
DTSTAMP:" . gmdate('Ymd').'T'. gmdate('His') . "Z
DTSTART:".gmdate('Ymd', $event["start"])."T".gmdate('His', $event["start"])."Z
DTEND:".gmdate('Ymd', $event["end"])."T".gmdate('His', $event["end"])."Z
SUMMARY:".str_replace("\n", "\\n", $event['summary'])."
DESCRIPTION:".str_replace("\n", "\\n", $event['description'])."
URL;VALUE=URI:".$event['url']."
END:VEVENT";
}//foreach
//Footer
$ics .= "
END:VCALENDAR";
if ($output) {
//Output
header('Content-type: text/calendar; charset=utf-8');
header('Content-Disposition: inline; filename='.$this->calendarName.'.ics');
echo $ics;
} else {
return $ics;
}
}//function
}//class

21
3rdparty/phpmailer/extras/README.md vendored Executable file
View File

@@ -0,0 +1,21 @@
#PHPMailer Extras
These classes provide optional additional functions to PHPMailer.
These are not loaded by the PHPMailer autoloader, so in some cases you may need to `require` them yourself before using them.
##HTML2Text
This class was written by Jon Abernathy and provides a simple conversion of HTML to plain-text, while attempting to preserve some aspects of the formatting. It is used in PHPMailer if you set the `advanced` parameter to `true` in either the `msgHTML()` or `html2text` methods of PHPMailer.
##EasyPeasyICS
This class was originally written by Manuel Reinhard and provides a simple means of generating ICS/vCal files that are used in sending calendar events. PHPMailer does not use it diorectly, but you can use it to generate content appropriate for placing in the `Ical` property of PHPMailer. The PHPMailer project is now its official home as Manuel has given permission for that and is no longer maintaining it himself.
##htmlfilter
This class by Konstantin Riabitsev and Jim Jagielski implements HTML filtering to remove potentially malicious tags, such as `<script>` or `onclick=` attributes that can result in XSS attacks. This is a simple filter and is not as comprehensive as [HTMLawed](http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/) or [HTMLPurifier](http://htmlpurifier.org), but it's easier to use and considerably better than nothing! PHPMailer does not use it directly, but you may want to apply it to user-supplied HTML before using it as a message body.
##NTLM_SASL_client
This class by Manuel Lemos (bundled with permission) adds the ability to authenticate with Microsoft Windows mail servers that use NTLM-based authentication. It is used by PHPMailer if you send via SMTP and set the `AuthType` property to `NTLM`; you will also need to use the `Realm` and `Workstation` properties. The original source is [here](http://www.phpclasses.org/browse/file/7495.html).

677
3rdparty/phpmailer/extras/class.html2text.php vendored Executable file
View File

@@ -0,0 +1,677 @@
<?php
/*************************************************************************
* *
* Converts HTML to formatted plain text *
* *
* Portions Copyright (c) 2005-2007 Jon Abernathy <jon@chuggnutt.com> *
* *
* This script is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; either version 2 of the License, or *
* (at your option) any later version. *
* *
* The GNU General Public License can be found at *
* http://www.gnu.org/copyleft/gpl.html. *
* *
* This script is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
* GNU General Public License for more details. *
* *
*************************************************************************/
/**
* Converts HTML to formatted plain text
*/
class Html2Text
{
/**
* Contains the HTML content to convert.
*
* @type string
*/
protected $html;
/**
* Contains the converted, formatted text.
*
* @type string
*/
protected $text;
/**
* Maximum width of the formatted text, in columns.
*
* Set this value to 0 (or less) to ignore word wrapping
* and not constrain text to a fixed-width column.
*
* @type integer
*/
protected $width = 70;
/**
* List of preg* regular expression patterns to search for,
* used in conjunction with $replace.
*
* @type array
* @see $replace
*/
protected $search = array(
"/\r/", // Non-legal carriage return
"/[\n\t]+/", // Newlines and tabs
'/<head[^>]*>.*?<\/head>/i', // <head>
'/<script[^>]*>.*?<\/script>/i', // <script>s -- which strip_tags supposedly has problems with
'/<style[^>]*>.*?<\/style>/i', // <style>s -- which strip_tags supposedly has problems with
'/<p[^>]*>/i', // <P>
'/<br[^>]*>/i', // <br>
'/<i[^>]*>(.*?)<\/i>/i', // <i>
'/<em[^>]*>(.*?)<\/em>/i', // <em>
'/(<ul[^>]*>|<\/ul>)/i', // <ul> and </ul>
'/(<ol[^>]*>|<\/ol>)/i', // <ol> and </ol>
'/(<dl[^>]*>|<\/dl>)/i', // <dl> and </dl>
'/<li[^>]*>(.*?)<\/li>/i', // <li> and </li>
'/<dd[^>]*>(.*?)<\/dd>/i', // <dd> and </dd>
'/<dt[^>]*>(.*?)<\/dt>/i', // <dt> and </dt>
'/<li[^>]*>/i', // <li>
'/<hr[^>]*>/i', // <hr>
'/<div[^>]*>/i', // <div>
'/(<table[^>]*>|<\/table>)/i', // <table> and </table>
'/(<tr[^>]*>|<\/tr>)/i', // <tr> and </tr>
'/<td[^>]*>(.*?)<\/td>/i', // <td> and </td>
'/<span class="_html2text_ignore">.+?<\/span>/i' // <span class="_html2text_ignore">...</span>
);
/**
* List of pattern replacements corresponding to patterns searched.
*
* @type array
* @see $search
*/
protected $replace = array(
'', // Non-legal carriage return
' ', // Newlines and tabs
'', // <head>
'', // <script>s -- which strip_tags supposedly has problems with
'', // <style>s -- which strip_tags supposedly has problems with
"\n\n", // <P>
"\n", // <br>
'_\\1_', // <i>
'_\\1_', // <em>
"\n\n", // <ul> and </ul>
"\n\n", // <ol> and </ol>
"\n\n", // <dl> and </dl>
"\t* \\1\n", // <li> and </li>
" \\1\n", // <dd> and </dd>
"\t* \\1", // <dt> and </dt>
"\n\t* ", // <li>
"\n-------------------------\n", // <hr>
"<div>\n", // <div>
"\n\n", // <table> and </table>
"\n", // <tr> and </tr>
"\t\t\\1\n", // <td> and </td>
"" // <span class="_html2text_ignore">...</span>
);
/**
* List of preg* regular expression patterns to search for,
* used in conjunction with $ent_replace.
*
* @type array
* @see $ent_replace
*/
protected $ent_search = array(
'/&(nbsp|#160);/i', // Non-breaking space
'/&(quot|rdquo|ldquo|#8220|#8221|#147|#148);/i',
// Double quotes
'/&(apos|rsquo|lsquo|#8216|#8217);/i', // Single quotes
'/&gt;/i', // Greater-than
'/&lt;/i', // Less-than
'/&(copy|#169);/i', // Copyright
'/&(trade|#8482|#153);/i', // Trademark
'/&(reg|#174);/i', // Registered
'/&(mdash|#151|#8212);/i', // mdash
'/&(ndash|minus|#8211|#8722);/i', // ndash
'/&(bull|#149|#8226);/i', // Bullet
'/&(pound|#163);/i', // Pound sign
'/&(euro|#8364);/i', // Euro sign
'/&(amp|#38);/i', // Ampersand: see _converter()
'/[ ]{2,}/', // Runs of spaces, post-handling
);
/**
* List of pattern replacements corresponding to patterns searched.
*
* @type array
* @see $ent_search
*/
protected $ent_replace = array(
' ', // Non-breaking space
'"', // Double quotes
"'", // Single quotes
'>',
'<',
'(c)',
'(tm)',
'(R)',
'--',
'-',
'*',
'£',
'EUR', // Euro sign. € ?
'|+|amp|+|', // Ampersand: see _converter()
' ', // Runs of spaces, post-handling
);
/**
* List of preg* regular expression patterns to search for
* and replace using callback function.
*
* @type array
*/
protected $callback_search = array(
'/<(a) [^>]*href=("|\')([^"\']+)\2([^>]*)>(.*?)<\/a>/i', // <a href="">
'/<(h)[123456]( [^>]*)?>(.*?)<\/h[123456]>/i', // h1 - h6
'/<(b)( [^>]*)?>(.*?)<\/b>/i', // <b>
'/<(strong)( [^>]*)?>(.*?)<\/strong>/i', // <strong>
'/<(th)( [^>]*)?>(.*?)<\/th>/i', // <th> and </th>
);
/**
* List of preg* regular expression patterns to search for in PRE body,
* used in conjunction with $pre_replace.
*
* @type array
* @see $pre_replace
*/
protected $pre_search = array(
"/\n/",
"/\t/",
'/ /',
'/<pre[^>]*>/',
'/<\/pre>/'
);
/**
* List of pattern replacements corresponding to patterns searched for PRE body.
*
* @type array
* @see $pre_search
*/
protected $pre_replace = array(
'<br>',
'&nbsp;&nbsp;&nbsp;&nbsp;',
'&nbsp;',
'',
''
);
/**
* Temporary workspace used during PRE processing.
*
* @type string
*/
protected $pre_content = '';
/**
* Contains a list of HTML tags to allow in the resulting text.
*
* @type string
* @see set_allowed_tags()
*/
protected $allowed_tags = '';
/**
* Contains the base URL that relative links should resolve to.
*
* @type string
*/
protected $url;
/**
* Indicates whether content in the $html variable has been converted yet.
*
* @type boolean
* @see $html, $text
*/
protected $_converted = false;
/**
* Contains URL addresses from links to be rendered in plain text.
*
* @type array
* @see _build_link_list()
*/
protected $_link_list = array();
/**
* Various configuration options (able to be set in the constructor)
*
* @type array
*/
protected $_options = array(
// 'none'
// 'inline' (show links inline)
// 'nextline' (show links on the next line)
// 'table' (if a table of link URLs should be listed after the text.
'do_links' => 'inline',
// Maximum width of the formatted text, in columns.
// Set this value to 0 (or less) to ignore word wrapping
// and not constrain text to a fixed-width column.
'width' => 70,
);
/**
* Constructor.
*
* If the HTML source string (or file) is supplied, the class
* will instantiate with that source propagated, all that has
* to be done it to call get_text().
*
* @param string $source HTML content
* @param boolean $from_file Indicates $source is a file to pull content from
* @param array $options Set configuration options
*/
public function __construct($source = '', $from_file = false, $options = array())
{
$this->_options = array_merge($this->_options, $options);
if (!empty($source)) {
$this->set_html($source, $from_file);
}
$this->set_base_url();
}
/**
* Loads source HTML into memory, either from $source string or a file.
*
* @param string $source HTML content
* @param boolean $from_file Indicates $source is a file to pull content from
*/
public function set_html($source, $from_file = false)
{
if ($from_file && file_exists($source)) {
$this->html = file_get_contents($source);
} else {
$this->html = $source;
}
$this->_converted = false;
}
/**
* Returns the text, converted from HTML.
*
* @return string
*/
public function get_text()
{
if (!$this->_converted) {
$this->_convert();
}
return $this->text;
}
/**
* Prints the text, converted from HTML.
*/
public function print_text()
{
print $this->get_text();
}
/**
* Alias to print_text(), operates identically.
*
* @see print_text()
*/
public function p()
{
print $this->get_text();
}
/**
* Sets the allowed HTML tags to pass through to the resulting text.
*
* Tags should be in the form "<p>", with no corresponding closing tag.
* @param string $allowed_tags
*/
public function set_allowed_tags($allowed_tags = '')
{
if (!empty($allowed_tags)) {
$this->allowed_tags = $allowed_tags;
}
}
/**
* Sets a base URL to handle relative links.
*
* @param string $url
*/
public function set_base_url($url = '')
{
if (empty($url)) {
if (!empty($_SERVER['HTTP_HOST'])) {
$this->url = 'http://' . $_SERVER['HTTP_HOST'];
} else {
$this->url = '';
}
} else {
// Strip any trailing slashes for consistency (relative
// URLs may already start with a slash like "/file.html")
if (substr($url, -1) == '/') {
$url = substr($url, 0, -1);
}
$this->url = $url;
}
}
/**
* Workhorse function that does actual conversion (calls _converter() method).
*/
protected function _convert()
{
// Variables used for building the link list
$this->_link_list = array();
$text = trim(stripslashes($this->html));
// Convert HTML to TXT
$this->_converter($text);
// Add link list
if (!empty($this->_link_list)) {
$text .= "\n\nLinks:\n------\n";
foreach ($this->_link_list as $idx => $url) {
$text .= '[' . ($idx + 1) . '] ' . $url . "\n";
}
}
$this->text = $text;
$this->_converted = true;
}
/**
* Workhorse function that does actual conversion.
*
* First performs custom tag replacement specified by $search and
* $replace arrays. Then strips any remaining HTML tags, reduces whitespace
* and newlines to a readable format, and word wraps the text to
* $this->_options['width'] characters.
*
* @param string $text Reference to HTML content string
*/
protected function _converter(&$text)
{
// Convert <BLOCKQUOTE> (before PRE!)
$this->_convert_blockquotes($text);
// Convert <PRE>
$this->_convert_pre($text);
// Run our defined tags search-and-replace
$text = preg_replace($this->search, $this->replace, $text);
// Run our defined tags search-and-replace with callback
$text = preg_replace_callback($this->callback_search, array($this, '_preg_callback'), $text);
// Strip any other HTML tags
$text = strip_tags($text, $this->allowed_tags);
// Run our defined entities/characters search-and-replace
$text = preg_replace($this->ent_search, $this->ent_replace, $text);
// Replace known html entities
$text = html_entity_decode($text, ENT_QUOTES);
// Remove unknown/unhandled entities (this cannot be done in search-and-replace block)
$text = preg_replace('/&([a-zA-Z0-9]{2,6}|#[0-9]{2,4});/', '', $text);
// Convert "|+|amp|+|" into "&", need to be done after handling of unknown entities
// This properly handles situation of "&amp;quot;" in input string
$text = str_replace('|+|amp|+|', '&', $text);
// Bring down number of empty lines to 2 max
$text = preg_replace("/\n\s+\n/", "\n\n", $text);
$text = preg_replace("/[\n]{3,}/", "\n\n", $text);
// remove leading empty lines (can be produced by eg. P tag on the beginning)
$text = ltrim($text, "\n");
// Wrap the text to a readable format
// for PHP versions >= 4.0.2. Default width is 75
// If width is 0 or less, don't wrap the text.
if ($this->_options['width'] > 0) {
$text = wordwrap($text, $this->_options['width']);
}
}
/**
* Helper function called by preg_replace() on link replacement.
*
* Maintains an internal list of links to be displayed at the end of the
* text, with numeric indices to the original point in the text they
* appeared. Also makes an effort at identifying and handling absolute
* and relative links.
*
* @param string $link URL of the link
* @param string $display Part of the text to associate number with
* @param null $link_override
* @return string
*/
protected function _build_link_list($link, $display, $link_override = null)
{
$link_method = ($link_override) ? $link_override : $this->_options['do_links'];
if ($link_method == 'none') {
return $display;
}
// Ignored link types
if (preg_match('!^(javascript:|mailto:|#)!i', $link)) {
return $display;
}
if (preg_match('!^([a-z][a-z0-9.+-]+:)!i', $link)) {
$url = $link;
} else {
$url = $this->url;
if (substr($link, 0, 1) != '/') {
$url .= '/';
}
$url .= "$link";
}
if ($link_method == 'table') {
if (($index = array_search($url, $this->_link_list)) === false) {
$index = count($this->_link_list);
$this->_link_list[] = $url;
}
return $display . ' [' . ($index + 1) . ']';
} elseif ($link_method == 'nextline') {
return $display . "\n[" . $url . ']';
} else { // link_method defaults to inline
return $display . ' [' . $url . ']';
}
}
/**
* Helper function for PRE body conversion.
*
* @param string $text HTML content
*/
protected function _convert_pre(&$text)
{
// get the content of PRE element
while (preg_match('/<pre[^>]*>(.*)<\/pre>/ismU', $text, $matches)) {
$this->pre_content = $matches[1];
// Run our defined tags search-and-replace with callback
$this->pre_content = preg_replace_callback(
$this->callback_search,
array($this, '_preg_callback'),
$this->pre_content
);
// convert the content
$this->pre_content = sprintf(
'<div><br>%s<br></div>',
preg_replace($this->pre_search, $this->pre_replace, $this->pre_content)
);
// replace the content (use callback because content can contain $0 variable)
$text = preg_replace_callback(
'/<pre[^>]*>.*<\/pre>/ismU',
array($this, '_preg_pre_callback'),
$text,
1
);
// free memory
$this->pre_content = '';
}
}
/**
* Helper function for BLOCKQUOTE body conversion.
*
* @param string $text HTML content
*/
protected function _convert_blockquotes(&$text)
{
if (preg_match_all('/<\/*blockquote[^>]*>/i', $text, $matches, PREG_OFFSET_CAPTURE)) {
$start = 0;
$taglen = 0;
$level = 0;
$diff = 0;
foreach ($matches[0] as $m) {
if ($m[0][0] == '<' && $m[0][1] == '/') {
$level--;
if ($level < 0) {
$level = 0; // malformed HTML: go to next blockquote
} elseif ($level > 0) {
// skip inner blockquote
} else {
$end = $m[1];
$len = $end - $taglen - $start;
// Get blockquote content
$body = substr($text, $start + $taglen - $diff, $len);
// Set text width
$p_width = $this->_options['width'];
if ($this->_options['width'] > 0) $this->_options['width'] -= 2;
// Convert blockquote content
$body = trim($body);
$this->_converter($body);
// Add citation markers and create PRE block
$body = preg_replace('/((^|\n)>*)/', '\\1> ', trim($body));
$body = '<pre>' . htmlspecialchars($body) . '</pre>';
// Re-set text width
$this->_options['width'] = $p_width;
// Replace content
$text = substr($text, 0, $start - $diff)
. $body . substr($text, $end + strlen($m[0]) - $diff);
$diff = $len + $taglen + strlen($m[0]) - strlen($body);
unset($body);
}
} else {
if ($level == 0) {
$start = $m[1];
$taglen = strlen($m[0]);
}
$level++;
}
}
}
}
/**
* Callback function for preg_replace_callback use.
*
* @param array $matches PREG matches
* @return string
*/
protected function _preg_callback($matches)
{
switch (strtolower($matches[1])) {
case 'b':
case 'strong':
return $this->_toupper($matches[3]);
case 'th':
return $this->_toupper("\t\t" . $matches[3] . "\n");
case 'h':
return $this->_toupper("\n\n" . $matches[3] . "\n\n");
case 'a':
// override the link method
$link_override = null;
if (preg_match('/_html2text_link_(\w+)/', $matches[4], $link_override_match)) {
$link_override = $link_override_match[1];
}
// Remove spaces in URL (#1487805)
$url = str_replace(' ', '', $matches[3]);
return $this->_build_link_list($url, $matches[5], $link_override);
}
return '';
}
/**
* Callback function for preg_replace_callback use in PRE content handler.
*
* @param array $matches PREG matches
* @return string
*/
protected function _preg_pre_callback(
/** @noinspection PhpUnusedParameterInspection */
$matches)
{
return $this->pre_content;
}
/**
* Strtoupper function with HTML tags and entities handling.
*
* @param string $str Text to convert
* @return string Converted text
*/
private function _toupper($str)
{
// string can contain HTML tags
$chunks = preg_split('/(<[^>]*>)/', $str, null, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE);
// convert toupper only the text between HTML tags
foreach ($chunks as $idx => $chunk) {
if ($chunk[0] != '<') {
$chunks[$idx] = $this->_strtoupper($chunk);
}
}
return implode($chunks);
}
/**
* Strtoupper multibyte wrapper function with HTML entities handling.
* Forces mb_strtoupper-call to UTF-8.
*
* @param string $str Text to convert
* @return string Converted text
*/
private function _strtoupper($str)
{
$str = html_entity_decode($str, ENT_COMPAT);
if (function_exists('mb_strtoupper'))
$str = mb_strtoupper($str, 'UTF-8');
else
$str = strtoupper($str);
$str = htmlspecialchars($str, ENT_COMPAT);
return $str;
}
}

874
3rdparty/phpmailer/extras/htmlfilter.php vendored Executable file
View File

@@ -0,0 +1,874 @@
<?php
/**
* htmlfilter.inc
* ---------------
* This set of functions allows you to filter html in order to remove
* any malicious tags from it. Useful in cases when you need to filter
* user input for any cross-site-scripting attempts.
*
* Copyright (C) 2002-2004 by Duke University
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA
*
* @Author Konstantin Riabitsev <icon@linux.duke.edu>
* @Author Jim Jagielski <jim@jaguNET.com / jimjag@gmail.com>
*/
/**
* This function returns the final tag out of the tag name, an array
* of attributes, and the type of the tag. This function is called by
* tln_sanitize internally.
*
* @param string $tagname the name of the tag.
* @param array $attary the array of attributes and their values
* @param integer $tagtype The type of the tag (see in comments).
* @return string A string with the final tag representation.
*/
function tln_tagprint($tagname, $attary, $tagtype)
{
if ($tagtype == 2) {
$fulltag = '</' . $tagname . '>';
} else {
$fulltag = '<' . $tagname;
if (is_array($attary) && sizeof($attary)) {
$atts = array();
while (list($attname, $attvalue) = each($attary)) {
array_push($atts, "$attname=$attvalue");
}
$fulltag .= ' ' . join(' ', $atts);
}
if ($tagtype == 3) {
$fulltag .= ' /';
}
$fulltag .= '>';
}
return $fulltag;
}
/**
* A small helper function to use with array_walk. Modifies a by-ref
* value and makes it lowercase.
*
* @param string $val a value passed by-ref.
* @return void since it modifies a by-ref value.
*/
function tln_casenormalize(&$val)
{
$val = strtolower($val);
}
/**
* This function skips any whitespace from the current position within
* a string and to the next non-whitespace value.
*
* @param string $body the string
* @param integer $offset the offset within the string where we should start
* looking for the next non-whitespace character.
* @return integer the location within the $body where the next
* non-whitespace char is located.
*/
function tln_skipspace($body, $offset)
{
preg_match('/^(\s*)/s', substr($body, $offset), $matches);
if (sizeof($matches[1])) {
$count = strlen($matches[1]);
$offset += $count;
}
return $offset;
}
/**
* This function looks for the next character within a string. It's
* really just a glorified "strpos", except it catches the failures
* nicely.
*
* @param string $body The string to look for needle in.
* @param integer $offset Start looking from this position.
* @param string $needle The character/string to look for.
* @return integer location of the next occurrence of the needle, or
* strlen($body) if needle wasn't found.
*/
function tln_findnxstr($body, $offset, $needle)
{
$pos = strpos($body, $needle, $offset);
if ($pos === false) {
$pos = strlen($body);
}
return $pos;
}
/**
* This function takes a PCRE-style regexp and tries to match it
* within the string.
*
* @param string $body The string to look for needle in.
* @param integer $offset Start looking from here.
* @param string $reg A PCRE-style regex to match.
* @return array|boolean Returns a false if no matches found, or an array
* with the following members:
* - integer with the location of the match within $body
* - string with whatever content between offset and the match
* - string with whatever it is we matched
*/
function tln_findnxreg($body, $offset, $reg)
{
$matches = array();
$retarr = array();
$preg_rule = '%^(.*?)(' . $reg . ')%s';
preg_match($preg_rule, substr($body, $offset), $matches);
if (!isset($matches[0])) {
$retarr = false;
} else {
$retarr[0] = $offset + strlen($matches[1]);
$retarr[1] = $matches[1];
$retarr[2] = $matches[2];
}
return $retarr;
}
/**
* This function looks for the next tag.
*
* @param string $body String where to look for the next tag.
* @param integer $offset Start looking from here.
* @return array|boolean false if no more tags exist in the body, or
* an array with the following members:
* - string with the name of the tag
* - array with attributes and their values
* - integer with tag type (1, 2, or 3)
* - integer where the tag starts (starting "<")
* - integer where the tag ends (ending ">")
* first three members will be false, if the tag is invalid.
*/
function tln_getnxtag($body, $offset)
{
if ($offset > strlen($body)) {
return false;
}
$lt = tln_findnxstr($body, $offset, '<');
if ($lt == strlen($body)) {
return false;
}
/**
* We are here:
* blah blah <tag attribute="value">
* \---------^
*/
$pos = tln_skipspace($body, $lt + 1);
if ($pos >= strlen($body)) {
return array(false, false, false, $lt, strlen($body));
}
/**
* There are 3 kinds of tags:
* 1. Opening tag, e.g.:
* <a href="blah">
* 2. Closing tag, e.g.:
* </a>
* 3. XHTML-style content-less tag, e.g.:
* <img src="blah"/>
*/
switch (substr($body, $pos, 1)) {
case '/':
$tagtype = 2;
$pos++;
break;
case '!':
/**
* A comment or an SGML declaration.
*/
if (substr($body, $pos + 1, 2) == '--') {
$gt = strpos($body, '-->', $pos);
if ($gt === false) {
$gt = strlen($body);
} else {
$gt += 2;
}
return array(false, false, false, $lt, $gt);
} else {
$gt = tln_findnxstr($body, $pos, '>');
return array(false, false, false, $lt, $gt);
}
break;
default:
/**
* Assume tagtype 1 for now. If it's type 3, we'll switch values
* later.
*/
$tagtype = 1;
break;
}
/**
* Look for next [\W-_], which will indicate the end of the tag name.
*/
$regary = tln_findnxreg($body, $pos, '[^\w\-_]');
if ($regary == false) {
return array(false, false, false, $lt, strlen($body));
}
list($pos, $tagname, $match) = $regary;
$tagname = strtolower($tagname);
/**
* $match can be either of these:
* '>' indicating the end of the tag entirely.
* '\s' indicating the end of the tag name.
* '/' indicating that this is type-3 xhtml tag.
*
* Whatever else we find there indicates an invalid tag.
*/
switch ($match) {
case '/':
/**
* This is an xhtml-style tag with a closing / at the
* end, like so: <img src="blah"/>. Check if it's followed
* by the closing bracket. If not, then this tag is invalid
*/
if (substr($body, $pos, 2) == '/>') {
$pos++;
$tagtype = 3;
} else {
$gt = tln_findnxstr($body, $pos, '>');
$retary = array(false, false, false, $lt, $gt);
return $retary;
}
//intentional fall-through
case '>':
return array($tagname, false, $tagtype, $lt, $pos);
break;
default:
/**
* Check if it's whitespace
*/
if (preg_match('/\s/', $match)) {
} else {
/**
* This is an invalid tag! Look for the next closing ">".
*/
$gt = tln_findnxstr($body, $lt, '>');
return array(false, false, false, $lt, $gt);
}
}
/**
* At this point we're here:
* <tagname attribute='blah'>
* \-------^
*
* At this point we loop in order to find all attributes.
*/
$attary = array();
while ($pos <= strlen($body)) {
$pos = tln_skipspace($body, $pos);
if ($pos == strlen($body)) {
/**
* Non-closed tag.
*/
return array(false, false, false, $lt, $pos);
}
/**
* See if we arrived at a ">" or "/>", which means that we reached
* the end of the tag.
*/
$matches = array();
preg_match('%^(\s*)(>|/>)%s', substr($body, $pos), $matches);
if (isset($matches[0]) && $matches[0]) {
/**
* Yep. So we did.
*/
$pos += strlen($matches[1]);
if ($matches[2] == '/>') {
$tagtype = 3;
$pos++;
}
return array($tagname, $attary, $tagtype, $lt, $pos);
}
/**
* There are several types of attributes, with optional
* [:space:] between members.
* Type 1:
* attrname[:space:]=[:space:]'CDATA'
* Type 2:
* attrname[:space:]=[:space:]"CDATA"
* Type 3:
* attr[:space:]=[:space:]CDATA
* Type 4:
* attrname
*
* We leave types 1 and 2 the same, type 3 we check for
* '"' and convert to "&quot" if needed, then wrap in
* double quotes. Type 4 we convert into:
* attrname="yes".
*/
$regary = tln_findnxreg($body, $pos, '[^\w\-_]');
if ($regary == false) {
/**
* Looks like body ended before the end of tag.
*/
return array(false, false, false, $lt, strlen($body));
}
list($pos, $attname, $match) = $regary;
$attname = strtolower($attname);
/**
* We arrived at the end of attribute name. Several things possible
* here:
* '>' means the end of the tag and this is attribute type 4
* '/' if followed by '>' means the same thing as above
* '\s' means a lot of things -- look what it's followed by.
* anything else means the attribute is invalid.
*/
switch ($match) {
case '/':
/**
* This is an xhtml-style tag with a closing / at the
* end, like so: <img src="blah"/>. Check if it's followed
* by the closing bracket. If not, then this tag is invalid
*/
if (substr($body, $pos, 2) == '/>') {
$pos++;
$tagtype = 3;
} else {
$gt = tln_findnxstr($body, $pos, '>');
$retary = array(false, false, false, $lt, $gt);
return $retary;
}
//intentional fall-through
case '>':
$attary{$attname} = '"yes"';
return array($tagname, $attary, $tagtype, $lt, $pos);
break;
default:
/**
* Skip whitespace and see what we arrive at.
*/
$pos = tln_skipspace($body, $pos);
$char = substr($body, $pos, 1);
/**
* Two things are valid here:
* '=' means this is attribute type 1 2 or 3.
* \w means this was attribute type 4.
* anything else we ignore and re-loop. End of tag and
* invalid stuff will be caught by our checks at the beginning
* of the loop.
*/
if ($char == '=') {
$pos++;
$pos = tln_skipspace($body, $pos);
/**
* Here are 3 possibilities:
* "'" attribute type 1
* '"' attribute type 2
* everything else is the content of tag type 3
*/
$quot = substr($body, $pos, 1);
if ($quot == '\'') {
$regary = tln_findnxreg($body, $pos + 1, '\'');
if ($regary == false) {
return array(false, false, false, $lt, strlen($body));
}
list($pos, $attval, $match) = $regary;
$pos++;
$attary{$attname} = '\'' . $attval . '\'';
} else {
if ($quot == '"') {
$regary = tln_findnxreg($body, $pos + 1, '\"');
if ($regary == false) {
return array(false, false, false, $lt, strlen($body));
}
list($pos, $attval, $match) = $regary;
$pos++;
$attary{$attname} = '"' . $attval . '"';
} else {
/**
* These are hateful. Look for \s, or >.
*/
$regary = tln_findnxreg($body, $pos, '[\s>]');
if ($regary == false) {
return array(false, false, false, $lt, strlen($body));
}
list($pos, $attval, $match) = $regary;
/**
* If it's ">" it will be caught at the top.
*/
$attval = preg_replace('/\"/s', '&quot;', $attval);
$attary{$attname} = '"' . $attval . '"';
}
}
} else {
if (preg_match('|[\w/>]|', $char)) {
/**
* That was attribute type 4.
*/
$attary{$attname} = '"yes"';
} else {
/**
* An illegal character. Find next '>' and return.
*/
$gt = tln_findnxstr($body, $pos, '>');
return array(false, false, false, $lt, $gt);
}
}
}
}
/**
* The fact that we got here indicates that the tag end was never
* found. Return invalid tag indication so it gets stripped.
*/
return array(false, false, false, $lt, strlen($body));
}
/**
* Translates entities into literal values so they can be checked.
*
* @param string $attvalue the by-ref value to check.
* @param string $regex the regular expression to check against.
* @param boolean $hex whether the entites are hexadecimal.
* @return boolean True or False depending on whether there were matches.
*/
function tln_deent(&$attvalue, $regex, $hex = false)
{
preg_match_all($regex, $attvalue, $matches);
if (is_array($matches) && sizeof($matches[0]) > 0) {
$repl = array();
for ($i = 0; $i < sizeof($matches[0]); $i++) {
$numval = $matches[1][$i];
if ($hex) {
$numval = hexdec($numval);
}
$repl{$matches[0][$i]} = chr($numval);
}
$attvalue = strtr($attvalue, $repl);
return true;
} else {
return false;
}
}
/**
* This function checks attribute values for entity-encoded values
* and returns them translated into 8-bit strings so we can run
* checks on them.
*
* @param string $attvalue A string to run entity check against.
* @return Void, modifies a reference value.
*/
function tln_defang(&$attvalue)
{
/**
* Skip this if there aren't ampersands or backslashes.
*/
if (strpos($attvalue, '&') === false
&& strpos($attvalue, '\\') === false
) {
return;
}
do {
$m = false;
$m = $m || tln_deent($attvalue, '/\&#0*(\d+);*/s');
$m = $m || tln_deent($attvalue, '/\&#x0*((\d|[a-f])+);*/si', true);
$m = $m || tln_deent($attvalue, '/\\\\(\d+)/s', true);
} while ($m == true);
$attvalue = stripslashes($attvalue);
}
/**
* Kill any tabs, newlines, or carriage returns. Our friends the
* makers of the browser with 95% market value decided that it'd
* be funny to make "java[tab]script" be just as good as "javascript".
*
* @param string $attvalue The attribute value before extraneous spaces removed.
* @return Void, modifies a reference value.
*/
function tln_unspace(&$attvalue)
{
if (strcspn($attvalue, "\t\r\n\0 ") != strlen($attvalue)) {
$attvalue = str_replace(
array("\t", "\r", "\n", "\0", " "),
array('', '', '', '', ''),
$attvalue
);
}
}
/**
* This function runs various checks against the attributes.
*
* @param string $tagname String with the name of the tag.
* @param array $attary Array with all tag attributes.
* @param array $rm_attnames See description for tln_sanitize
* @param array $bad_attvals See description for tln_sanitize
* @param array $add_attr_to_tag See description for tln_sanitize
* @return Array with modified attributes.
*/
function tln_fixatts(
$tagname,
$attary,
$rm_attnames,
$bad_attvals,
$add_attr_to_tag
) {
while (list($attname, $attvalue) = each($attary)) {
/**
* See if this attribute should be removed.
*/
foreach ($rm_attnames as $matchtag => $matchattrs) {
if (preg_match($matchtag, $tagname)) {
foreach ($matchattrs as $matchattr) {
if (preg_match($matchattr, $attname)) {
unset($attary{$attname});
continue;
}
}
}
}
/**
* Remove any backslashes, entities, or extraneous whitespace.
*/
tln_defang($attvalue);
tln_unspace($attvalue);
/**
* Now let's run checks on the attvalues.
* I don't expect anyone to comprehend this. If you do,
* get in touch with me so I can drive to where you live and
* shake your hand personally. :)
*/
foreach ($bad_attvals as $matchtag => $matchattrs) {
if (preg_match($matchtag, $tagname)) {
foreach ($matchattrs as $matchattr => $valary) {
if (preg_match($matchattr, $attname)) {
/**
* There are two arrays in valary.
* First is matches.
* Second one is replacements
*/
list($valmatch, $valrepl) = $valary;
$newvalue = preg_replace($valmatch, $valrepl, $attvalue);
if ($newvalue != $attvalue) {
$attary{$attname} = $newvalue;
}
}
}
}
}
}
/**
* See if we need to append any attributes to this tag.
*/
foreach ($add_attr_to_tag as $matchtag => $addattary) {
if (preg_match($matchtag, $tagname)) {
$attary = array_merge($attary, $addattary);
}
}
return $attary;
}
/**
*
* @param string $body The HTML you wish to filter
* @param array $tag_list see description above
* @param array $rm_tags_with_content see description above
* @param array $self_closing_tags see description above
* @param boolean $force_tag_closing see description above
* @param array $rm_attnames see description above
* @param array $bad_attvals see description above
* @param array $add_attr_to_tag see description above
* @return string Sanitized html safe to show on your pages.
*/
function tln_sanitize(
$body,
$tag_list,
$rm_tags_with_content,
$self_closing_tags,
$force_tag_closing,
$rm_attnames,
$bad_attvals,
$add_attr_to_tag
) {
/**
* Normalize rm_tags and rm_tags_with_content.
*/
$rm_tags = array_shift($tag_list);
@array_walk($tag_list, 'tln_casenormalize');
@array_walk($rm_tags_with_content, 'tln_casenormalize');
@array_walk($self_closing_tags, 'tln_casenormalize');
/**
* See if tag_list is of tags to remove or tags to allow.
* false means remove these tags
* true means allow these tags
*/
$curpos = 0;
$open_tags = array();
$trusted = "<!-- begin tln_sanitized html -->\n";
$skip_content = false;
/**
* Take care of netscape's stupid javascript entities like
* &{alert('boo')};
*/
$body = preg_replace('/&(\{.*?\};)/si', '&amp;\\1', $body);
while (($curtag = tln_getnxtag($body, $curpos)) != false) {
list($tagname, $attary, $tagtype, $lt, $gt) = $curtag;
$free_content = substr($body, $curpos, $lt - $curpos);
if ($skip_content == false) {
$trusted .= $free_content;
} else {
}
if ($tagname != false) {
if ($tagtype == 2) {
if ($skip_content == $tagname) {
/**
* Got to the end of tag we needed to remove.
*/
$tagname = false;
$skip_content = false;
} else {
if ($skip_content == false) {
if (isset($open_tags{$tagname}) &&
$open_tags{$tagname} > 0
) {
$open_tags{$tagname}--;
} else {
$tagname = false;
}
} else {
}
}
} else {
/**
* $rm_tags_with_content
*/
if ($skip_content == false) {
/**
* See if this is a self-closing type and change
* tagtype appropriately.
*/
if ($tagtype == 1
&& in_array($tagname, $self_closing_tags)
) {
$tagtype = 3;
}
/**
* See if we should skip this tag and any content
* inside it.
*/
if ($tagtype == 1
&& in_array($tagname, $rm_tags_with_content)
) {
$skip_content = $tagname;
} else {
if (($rm_tags == false
&& in_array($tagname, $tag_list)) ||
($rm_tags == true
&& !in_array($tagname, $tag_list))
) {
$tagname = false;
} else {
if ($tagtype == 1) {
if (isset($open_tags{$tagname})) {
$open_tags{$tagname}++;
} else {
$open_tags{$tagname} = 1;
}
}
/**
* This is where we run other checks.
*/
if (is_array($attary) && sizeof($attary) > 0) {
$attary = tln_fixatts(
$tagname,
$attary,
$rm_attnames,
$bad_attvals,
$add_attr_to_tag
);
}
}
}
} else {
}
}
if ($tagname != false && $skip_content == false) {
$trusted .= tln_tagprint($tagname, $attary, $tagtype);
}
} else {
}
$curpos = $gt + 1;
}
$trusted .= substr($body, $curpos, strlen($body) - $curpos);
if ($force_tag_closing == true) {
foreach ($open_tags as $tagname => $opentimes) {
while ($opentimes > 0) {
$trusted .= '</' . $tagname . '>';
$opentimes--;
}
}
$trusted .= "\n";
}
$trusted .= "<!-- end tln_sanitized html -->\n";
return $trusted;
}
//
// Use the nifty htmlfilter library
//
function HTMLFilter($body, $trans_image_path, $block_external_images = false)
{
$tag_list = array(
false,
"object",
"meta",
"html",
"head",
"base",
"link",
"frame",
"iframe",
"plaintext",
"marquee"
);
$rm_tags_with_content = array(
"script",
"applet",
"embed",
"title",
"frameset",
"xmp",
"xml"
);
$self_closing_tags = array(
"img",
"br",
"hr",
"input",
"outbind"
);
$force_tag_closing = true;
$rm_attnames = array(
"/.*/" =>
array(
// "/target/i",
"/^on.*/i",
"/^dynsrc/i",
"/^data.*/i",
"/^lowsrc.*/i"
)
);
$bad_attvals = array(
"/.*/" =>
array(
"/^src|background/i" =>
array(
array(
'/^([\'"])\s*\S+script\s*:.*([\'"])/si',
'/^([\'"])\s*mocha\s*:*.*([\'"])/si',
'/^([\'"])\s*about\s*:.*([\'"])/si'
),
array(
"\\1$trans_image_path\\2",
"\\1$trans_image_path\\2",
"\\1$trans_image_path\\2",
"\\1$trans_image_path\\2"
)
),
"/^href|action/i" =>
array(
array(
'/^([\'"])\s*\S+script\s*:.*([\'"])/si',
'/^([\'"])\s*mocha\s*:*.*([\'"])/si',
'/^([\'"])\s*about\s*:.*([\'"])/si'
),
array(
"\\1#\\1",
"\\1#\\1",
"\\1#\\1",
"\\1#\\1"
)
),
"/^style/i" =>
array(
array(
"/expression/i",
"/binding/i",
"/behaviou*r/i",
"/include-source/i",
'/position\s*:\s*absolute/i',
'/url\s*\(\s*([\'"])\s*\S+script\s*:.*([\'"])\s*\)/si',
'/url\s*\(\s*([\'"])\s*mocha\s*:.*([\'"])\s*\)/si',
'/url\s*\(\s*([\'"])\s*about\s*:.*([\'"])\s*\)/si',
'/(.*)\s*:\s*url\s*\(\s*([\'"]*)\s*\S+script\s*:.*([\'"]*)\s*\)/si'
),
array(
"idiocy",
"idiocy",
"idiocy",
"idiocy",
"",
"url(\\1#\\1)",
"url(\\1#\\1)",
"url(\\1#\\1)",
"url(\\1#\\1)",
"url(\\1#\\1)",
"\\1:url(\\2#\\3)"
)
)
)
);
if ($block_external_images) {
array_push(
$bad_attvals{'/.*/'}{'/^src|background/i'}[0],
'/^([\'\"])\s*https*:.*([\'\"])/si'
);
array_push(
$bad_attvals{'/.*/'}{'/^src|background/i'}[1],
"\\1$trans_image_path\\1"
);
array_push(
$bad_attvals{'/.*/'}{'/^style/i'}[0],
'/url\(([\'\"])\s*https*:.*([\'\"])\)/si'
);
array_push(
$bad_attvals{'/.*/'}{'/^style/i'}[1],
"url(\\1$trans_image_path\\1)"
);
}
$add_attr_to_tag = array(
"/^a$/i" =>
array('target' => '"_blank"')
);
$trusted = tln_sanitize(
$body,
$tag_list,
$rm_tags_with_content,
$self_closing_tags,
$force_tag_closing,
$rm_attnames,
$bad_attvals,
$add_attr_to_tag
);
return $trusted;
}

185
3rdparty/phpmailer/extras/ntlm_sasl_client.php vendored Executable file
View File

@@ -0,0 +1,185 @@
<?php
/*
* ntlm_sasl_client.php
*
* @(#) $Id: ntlm_sasl_client.php,v 1.3 2004/11/17 08:00:37 mlemos Exp $
*
**
** Source: http://www.phpclasses.org/browse/file/7495.html
** License: BSD (http://www.phpclasses.org/package/1888-PHP-Single-API-for-standard-authentication-mechanisms.html)
** Bundled with Permission
**
*/
define("SASL_NTLM_STATE_START", 0);
define("SASL_NTLM_STATE_IDENTIFY_DOMAIN", 1);
define("SASL_NTLM_STATE_RESPOND_CHALLENGE", 2);
define("SASL_NTLM_STATE_DONE", 3);
class ntlm_sasl_client_class
{
var $credentials=array();
var $state=SASL_NTLM_STATE_START;
Function Initialize(&$client)
{
if(!function_exists($function="mcrypt_encrypt")
|| !function_exists($function="mhash"))
{
$extensions=array(
"mcrypt_encrypt"=>"mcrypt",
"mhash"=>"mhash"
);
$client->error="the extension ".$extensions[$function]." required by the NTLM SASL client class is not available in this PHP configuration";
return(0);
}
return(1);
}
Function ASCIIToUnicode($ascii)
{
for($unicode="",$a=0;$a<strlen($ascii);$a++)
$unicode.=substr($ascii,$a,1).chr(0);
return($unicode);
}
Function TypeMsg1($domain,$workstation)
{
$domain_length=strlen($domain);
$workstation_length=strlen($workstation);
$workstation_offset=32;
$domain_offset=$workstation_offset+$workstation_length;
return(
"NTLMSSP\0".
"\x01\x00\x00\x00".
"\x07\x32\x00\x00".
pack("v",$domain_length).
pack("v",$domain_length).
pack("V",$domain_offset).
pack("v",$workstation_length).
pack("v",$workstation_length).
pack("V",$workstation_offset).
$workstation.
$domain
);
}
Function NTLMResponse($challenge,$password)
{
$unicode=$this->ASCIIToUnicode($password);
$md4=mhash(MHASH_MD4,$unicode);
$padded=$md4.str_repeat(chr(0),21-strlen($md4));
$iv_size=mcrypt_get_iv_size(MCRYPT_DES,MCRYPT_MODE_ECB);
$iv=mcrypt_create_iv($iv_size,MCRYPT_RAND);
for($response="",$third=0;$third<21;$third+=7)
{
for($packed="",$p=$third;$p<$third+7;$p++)
$packed.=str_pad(decbin(ord(substr($padded,$p,1))),8,"0",STR_PAD_LEFT);
for($key="",$p=0;$p<strlen($packed);$p+=7)
{
$s=substr($packed,$p,7);
$b=$s.((substr_count($s,"1") % 2) ? "0" : "1");
$key.=chr(bindec($b));
}
$ciphertext=mcrypt_encrypt(MCRYPT_DES,$key,$challenge,MCRYPT_MODE_ECB,$iv);
$response.=$ciphertext;
}
return $response;
}
Function TypeMsg3($ntlm_response,$user,$domain,$workstation)
{
$domain_unicode=$this->ASCIIToUnicode($domain);
$domain_length=strlen($domain_unicode);
$domain_offset=64;
$user_unicode=$this->ASCIIToUnicode($user);
$user_length=strlen($user_unicode);
$user_offset=$domain_offset+$domain_length;
$workstation_unicode=$this->ASCIIToUnicode($workstation);
$workstation_length=strlen($workstation_unicode);
$workstation_offset=$user_offset+$user_length;
$lm="";
$lm_length=strlen($lm);
$lm_offset=$workstation_offset+$workstation_length;
$ntlm=$ntlm_response;
$ntlm_length=strlen($ntlm);
$ntlm_offset=$lm_offset+$lm_length;
$session="";
$session_length=strlen($session);
$session_offset=$ntlm_offset+$ntlm_length;
return(
"NTLMSSP\0".
"\x03\x00\x00\x00".
pack("v",$lm_length).
pack("v",$lm_length).
pack("V",$lm_offset).
pack("v",$ntlm_length).
pack("v",$ntlm_length).
pack("V",$ntlm_offset).
pack("v",$domain_length).
pack("v",$domain_length).
pack("V",$domain_offset).
pack("v",$user_length).
pack("v",$user_length).
pack("V",$user_offset).
pack("v",$workstation_length).
pack("v",$workstation_length).
pack("V",$workstation_offset).
pack("v",$session_length).
pack("v",$session_length).
pack("V",$session_offset).
"\x01\x02\x00\x00".
$domain_unicode.
$user_unicode.
$workstation_unicode.
$lm.
$ntlm
);
}
Function Start(&$client, &$message, &$interactions)
{
if($this->state!=SASL_NTLM_STATE_START)
{
$client->error="NTLM authentication state is not at the start";
return(SASL_FAIL);
}
$this->credentials=array(
"user"=>"",
"password"=>"",
"realm"=>"",
"workstation"=>""
);
$defaults=array();
$status=$client->GetCredentials($this->credentials,$defaults,$interactions);
if($status==SASL_CONTINUE)
$this->state=SASL_NTLM_STATE_IDENTIFY_DOMAIN;
Unset($message);
return($status);
}
Function Step(&$client, $response, &$message, &$interactions)
{
switch($this->state)
{
case SASL_NTLM_STATE_IDENTIFY_DOMAIN:
$message=$this->TypeMsg1($this->credentials["realm"],$this->credentials["workstation"]);
$this->state=SASL_NTLM_STATE_RESPOND_CHALLENGE;
break;
case SASL_NTLM_STATE_RESPOND_CHALLENGE:
$ntlm_response=$this->NTLMResponse(substr($response,24,8),$this->credentials["password"]);
$message=$this->TypeMsg3($ntlm_response,$this->credentials["user"],$this->credentials["realm"],$this->credentials["workstation"]);
$this->state=SASL_NTLM_STATE_DONE;
break;
case SASL_NTLM_STATE_DONE:
$client->error="NTLM authentication was finished without success";
return(SASL_FAIL);
default:
$client->error="invalid NTLM authentication step state";
return(SASL_FAIL);
}
return(SASL_CONTINUE);
}
};
?>