--- users/admin/admin_login_inc.php.stokes	2006-07-04 21:53:20.000000000 -0400
+++ users/admin/admin_login_inc.php	2006-07-05 12:43:13.000000000 -0400
@@ -300,4 +300,42 @@
 	}
 }
 
+$mailSettings = array(
+	'mail_create_user_auth' => array(
+		'label' => "Create user if not in Mail server",
+		'type' => "checkbox",
+		'note' => "",
+	),
+	'mail_create_gBitDbUser' => array(
+		'label' => "Create user if not in bitweaver",
+		'type' => "checkbox",
+		'note' => "",
+	),
+	'mail_skip_admin' => array(
+		'label' => "Just use bitweaver auth for admin",
+		'type' => "checkbox",
+		'note' => "",
+	),
+	'mail_imap_server' => array(
+		'label' => "IMAP Server",
+		'type' => "text",
+		'note' => "",
+	),
+	'mail_imap_port' => array(
+		'label' => "IMAP Port",
+		'type' => "text",
+		'note' => "",
+	),
+);
+$gBitSmarty->assign( 'mailSettings', $mailSettings );
+
+if( !empty( $_REQUEST["mail_submit"] ) ) {
+	foreach( array_keys( $mailSettings ) as $feature ) {
+		if( $mailSettings[$feature]['type'] == 'text' ) {
+			simple_set_value( $feature, USERS_PKG_NAME );
+		} else {
+			simple_set_toggle( $feature, USERS_PKG_NAME );
+		}
+	}
+}
 ?>
--- users/admin/schema_inc.php.stokes	2006-07-04 22:07:40.000000000 -0400
+++ users/admin/schema_inc.php	2006-07-05 12:42:43.000000000 -0400
@@ -273,6 +273,12 @@
 	array(USERS_PKG_NAME,'auth_ldap_useroc','inetOrgPerson'),
 	array(USERS_PKG_NAME,'auth_method','tiki'),
 	array(USERS_PKG_NAME,'auth_skip_admin','y'),
+	// # Mail Auth additions
+	array(USERS_PKG_NAME,'mail_create_user_auth','n'),
+	array(USERS_PKG_NAME,'mail_create_gBitDbUser','n'),
+	array(USERS_PKG_NAME,'mail_imap_server',''),
+	array(USERS_PKG_NAME,'mail_imap_port','993'),
+	array(USERS_PKG_NAME,'mail_skip_admin','y'),
 	array(USERS_PKG_NAME,'allowRegister','y'),
 	array(USERS_PKG_NAME,'feature_userfiles','n'),
 	array(USERS_PKG_NAME,'forgotPass','y'),
--- users/BitUser.php.stokes	2006-07-04 22:11:41.000000000 -0400
+++ users/BitUser.php	2006-07-05 14:58:53.000000000 -0400
@@ -748,6 +748,12 @@
 		$create_tiki = ($gBitSystem->getPreference("auth_create_gBitDbUser", "n") == "y");
 		$create_auth = ($gBitSystem->getPreference("auth_create_user_auth", "n") == "y");
 		$skip_admin = ($gBitSystem->getPreference("auth_skip_admin", "n") == "y");
+		// see if we want to use mail auth
+		$mail_auth = ($gBitSystem->getPreference("mail_submit", "mail") == "mail");
+		$create_mail_tiki = ($gBitSystem->getPreference("mail_create_gBitDbUser", "n") == "y");
+		$create_mail_auth = ($gBitSystem->getPreference("mail_create_user_auth", "n") == "n");
+		$skip_mail_admin = ($gBitSystem->getPreference("mail_skip_admin", "n") == "y");
+
 		// first attempt a login via the standard Tiki system
 		$userId = $this->validateBitUser($user, $pass, $challenge, $response);
 		if ($userId) {
@@ -782,6 +788,25 @@
 
 			}
 		}
+		if ( !$mail_auth || ($user == "root" && $skip_admin) ) {
+			// dunno what to put here, nothing to reference - stokes
+		} elseif ( $mail_auth ) {
+			$result = $this->validateMail($user,$pass);
+			switch ($result) {
+				case USER_VALID:
+					unset($this->mErrors['login']);
+					$userAuthValid = true;
+					$userAuthPresent = true;
+					break;
+				case PASSWORD_INCORRECT:
+					$this->mErrors['login'] = 'password incorrect';
+					$userAuthPresent = true;
+					break;
+				case USER_NOT_FOUND:
+					// disabled for w/e reason
+					break;
+			}
+		}
 /*
 echo "userId: $userId<br>";
 echo "auth_pear: $auth_pear<br>";
@@ -793,6 +818,30 @@
 echo "userTikiPresent: $userTikiPresent<br>";
 echo "userAuthPresent: $userAuthPresent<br>";
 */
+		// Create gBitUser if not found in tiki.
+		if ( $mail_auth ) {
+			// user found in auth but not tiki
+			if ( $create_mail_tiki && $userAuthValid && !$userTikiPresent ) {
+				$authUserInfo = array( 'login' => $user, 'password' => $pass, 'real_name' => $this->mTmpStore['real_name'], 'email' => $this->mTmpStore['email'] );
+			// -1 mUserId, setting to null
+			$this->mUserId = NULL;
+				if ( $this->store( $authUserInfo ) ) {
+					$userId = $this->mUserId;
+				}
+			}
+		// add user if logged into auth but not found in tiki
+			elseif( $userAuthValid && $userTikiPresent ) {
+				$real_name = $this->mTmpStore['real_name'];
+				$email = $this->mTmpStore['email'];
+				$userInfo = $this->getUserInfo(array('login' => $user ));
+				$this->mUserId = $userInfo['user_id'];
+				$authUserInfo = array( 'login' => $user, 'password' => $pass, 'real_name' => $real_name, 'email' => $email );
+				# todo: if user is in mail auth with tiki existing
+				# storing info will cause errors. FIXME
+				$this->mErros = array();
+			}
+		}
+	
 		// start off easy
 		// if the user verified in Tiki and Auth, or
 		// was not present in either, than skip all this
@@ -908,6 +957,27 @@
 		return $ret;
 	}
 
+	function validateMail($user,$pass) {
+		global $gBitSystem;
+		// just make sure we're supposed to be here
+		if ($gBitSystem->getPreference("mail_submit", "mail") != "mail")
+			return false;
+		$options["host"] = $gBitSystem->getPreference("mail_imap_server", "");
+		$options["port"] = $gBitSystem->getPreference("mail_imap_port", "993");
+		// FIXME: add option in html interface for vhosts.
+		$options["eAddress"] = "redhat.com";
+
+		$imapauth = imap_open('{'.$options['host']."/ssl/novalidate-cert".':'.$options["port"].'}INBOX',$user , $pass);
+		if (!$imapauth) {
+			print_r(imap_errors());
+			$ret=USER_NOT_FOUND;
+		} else {
+			$ret=USER_VALID;
+			$this->mTmpStore["real_name"] = $user;
+			$this->mTmpStore["email"] = $user."@".$options["eAddress"];
+		}
+		return $ret;
+	}
 	// validate the user in the bitweaver database - validation is case insensitive, and we like it that way!
 	function validateBitUser( $pLogin, $pass, $challenge, $response ) {
 		global $gBitSystem;
--- users/templates/admin_login.tpl.stokes	2006-07-04 21:41:14.000000000 -0400
+++ users/templates/admin_login.tpl	2006-07-04 22:05:45.000000000 -0400
@@ -10,6 +10,7 @@
 						<option value="tiki" {if $auth_method eq 'tiki'} selected="selected"{/if}>{tr}Just bitweaver{/tr}</option>
 						<option value="ws" {if $auth_method eq 'ws'} selected="selected"{/if}>{tr}Web Server{/tr}</option>
 						<option value="auth" {if $auth_method eq 'auth'} selected="selected"{/if}>{tr}bitweaver and PEAR::Auth{/tr}</option>
+						<option value="mail" {if $auth_method eq 'mail'} selected="selected"{/if}>{tr}bitweaver and mail{/tr}</option>
 					</select>
 					{formhelp note=""}
 				{/forminput}
@@ -148,4 +149,27 @@
 			</div>
 		{/form}
 	{/jstab}
+	{jstab title="Mail Authentication"}
+		{form legend="Mail Authentication"}
+		<input type="hidden" name="page" value="{$page}" />
+			{foreach from=$mailSettings key=feature item=output}
+				<div class="row">
+					{formlabel label=`$output.label` for=$feature}
+					{forminput}
+						{if $output.type == 'text'}
+							<input type="text" size="50" name="{$feature}" id="{$feature}" value="{$gBitSystemPrefs.$feature|escape}" />
+						{elseif $output.type == 'password'}
+							<input type="password" size="50" name="{$feature}" id="{$feature}" value="{$gBitSystemPrefs.$feature|escape}" />
+						{else}
+							{html_checkboxes name="$feature" values="y" checked=`$gBitSystemPrefs.$feature` labels=false id=$feature}
+						{/if}
+						{formhelp note=`$output.note` page=`$output.page` link=`$output.link`}
+					{/forminput}
+				</div>
+			{/foreach}
+			<div class="row submit">
+				<input type="submit" name="mail_submit" value="{tr}Change preferences{/tr}" />
+			</div>		
+		{/form}
+	{/jstab}
 {/jstabs}