|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #39362 imap_open retries 3 times on failed auth
Submitted: 2006-11-03 15:47 UTC Modified: 2006-11-05 18:32 UTC
From: askalski at gmail dot com Assigned: iliaa (profile)
Status: Closed Package: IMAP related
PHP Version: 5CVS-2006-11-03 (snap) OS: Linux
Private report: No CVE-ID: None
 [2006-11-03 15:47 UTC] askalski at gmail dot com
imap_open will retry 3 times on bad credentials.  Some IMAP or POP servers delay on successive bad logins, making a failed imap_open take very long.  Worse, some servers will lock the user out because of repeated failed login attempts.

Somewhere during module initialization, this call needs to be made:

mail_parameters(NIL, SET_MAXLOGINTRIALS, (void *) 1);

Reproduce code:
imap_open("{mailserver/pop}", "user", "badpass");

Expected result:
It should try logging in only once.

Actual result:
It tries logging in three times (watch with a packet sniffer or strace).

write(0, "AUTH LOGIN\r\n", 12)          = 12
read(0, "-ERR Bad authentication\r\n", 8192) = 25
write(0, "AUTH LOGIN\r\n", 12)          = 12
read(0, "-ERR Bad authentication\r\n", 8192) = 25
write(0, "AUTH LOGIN\r\n", 12)          = 12
read(0, "-ERR Bad authentication\r\n", 8192) = 25
write(0, "QUIT\r\n", 6)                 = 6
read(0, "+OK Sayonara\r\n", 8192)       = 14
write(1, "\nWarning: imap_open(): Couldn\'t "..., 104) = 104


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2006-11-03 20:03 UTC]
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

PHP does not control the number of retries performed, that is 
something the imap (c-client) library controls.
 [2006-11-03 20:48 UTC] askalski at gmail dot com
I'm sorry if I did not make this clear enough in the original bug report.

This is very much a bug in PHP.  While you're correct in saying c-client controls the number of retries it makes, it's up to PHP to change MAXLOGINTRIALS from its default of 3 to 1.

There is no way to work around this from a PHP script, because the mail_parameters() function is not exposed through the PHP imap module.  The only way is for PHP to make a mail_parameters() call in ext/imap/php_imap.c during module initialization.
 [2006-11-04 19:11 UTC]
Actually this is more of a feature request to add the ability 
to control the number of retries, something the current API 
does not allow.
 [2006-11-05 03:13 UTC] askalski at gmail dot com
Is there really any point in retrying with the same failed credentials?  The only reasonable setting for MAXLOGINTRIALS in this case is 1.  (There is no benefit in setting it any higher in PHP, so it wouldn't make sense to add the ability to control it.)
 [2006-11-05 18:32 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Wed Jun 07 00:03:41 2023 UTC