Using SESSION to store IMAP details??

[gaza165]

I have created a login form for users to log into their IMAP email account, I am using sessions to store log in credientials to make connection to IMAP in other instances.

 

<?php
session_start();

Function ShowLoginForm() {

echo "<form action='$PHP_SELF?what=login' method='POST'>";
echo "Username: <input type='text' name='user'>";
echo "Password: <input type='password' name='pass'>";
echo "<input type='submit' value='Login'>";
echo "</form>";

}

Function ProcessLogin() {

$user = $_POST['user'];
$pass = $_POST['pass'];

$_SESSION['username'] = $user;
$_SESSION['password'] = $pass;

$mailbox = "imap.gmail.com:993/imap/ssl";
$conn = @imap_open("{" . $mailbox . "}INBOX", $user, $pass) or header("Location:./");

if($conn) { 
header("Location: $PHP_SELF?what=inbox"); 
}

}

Function ShowInbox() {

$mailbox = "imap.gmail.com:993/imap/ssl";
$conn = @imap_open("{" . $mailbox . "}INBOX", $_SESSION['username'], $_SESSION['password']);

$headers = @imap_headers($conn) or die("Couldn't get emails");
$numEmails = sizeof($headers); 

for($i = 1; $i < $numEmails+1; $i++)
{
$mailHeader = @imap_headerinfo($conn, $i);
$from = $mailHeader->fromaddress;
$subject = strip_tags($mailHeader->subject);
$date = $mailHeader->date;
echo "Email from $from, subject $subject, date $date<br>";
}

}
?>

 

My question is... is it safe to store the username and password like this in SESSIONS??

 

[RussellReal]

sure why not?

 

just make sure you make the session expire in like 25 minutes lol