diff -ruN ../am223/changes ./changes
--- ../am223/changes	2004-09-09 23:49:32.000000000 -0400
+++ ./changes	2004-09-09 22:35:52.000000000 -0400
@@ -153,3 +153,9 @@
   have the "personal name" defined
 * Added option to get rid of duplicate INBOX folder for some IMAP server
   configurations
+
+Version 2.23-cookies - Laird Bedore
+
+* Removed HTTP basic authentication and enabled PHP sessions (requires cookies)
+* Changed the "Login" button to "Logout" in english language file
+* Added configuration in config.inc to define session file save path
diff -ruN ../am223/config.inc ./config.inc
--- ../am223/config.inc	2004-09-09 23:50:29.000000000 -0400
+++ ./config.inc	2004-09-09 22:37:19.000000000 -0400
@@ -24,6 +24,10 @@
 // controls the name at the top of the window
 define('PROG_NAME', "AeroMail");
 
+// Session save path: where your cookies; session data is stored. This should
+// be a secure directory that your users cannot access.
+define('SESSION_SAVE_PATH', "/usr/local/lib/php/sessions");
+
 // directory for folders to be stored - applies to UWash servers only
 // if server type is Cyrus, this var is not used
 define('PROG_DIR', "~/");
@@ -43,9 +47,6 @@
 //define('IMAP_OPTS',"/imap/ssl");
 //define('IMAP_OPTS',"/imap/ssl/novalidate-cert");
 
-// url to redirect to when a user clicks on cancel when loggin in
-define('SERVER_REDIR', "http://aeromail.nicolaas.net/");
-
 // default number of messages to display per screen
 define('MSG_COUNT', 25);
 
diff -ruN ../am223/global.inc ./global.inc
--- ../am223/global.inc	2004-09-09 23:57:51.000000000 -0400
+++ ./global.inc	2004-09-09 22:40:11.000000000 -0400
@@ -1,10 +1,14 @@
 <?php
 
 // shouldn't have to modify anything in this file...
-define('VERSION', "AeroMail 2.23");
+define('VERSION', "AeroMail 2.23-cookies");
 
 include("config.inc");
 
+session_name("AeroMail");
+session_save_path(SESSION_SAVE_PATH);
+session_start();
+
 define('FILTER', IMAP_SERVER_TYPE == "Cyrus" ? "INBOX" : PROG_DIR);
 define('IMAP_STR', "{".IMAP_SERVER.":".IMAP_PORT.IMAP_OPTS."}");
 
@@ -682,30 +686,25 @@
 
 function login_prompt()
 {
-    Header("WWW-Authenticate: Basic realm=\"" . PROG_NAME . "\"");
-    Header("HTTP/1.0 401 Unauthorized");
-    echo "<meta HTTP-EQUIV=\"Refresh\" CONTENT=\"0; URL= " . SERVER_REDIR . "\">";
+    Header("Location: login.php");
     exit;
 }
 
 include('layout.inc');
 
-if ((!$PHP_AUTH_USER) or (!$PHP_AUTH_PW) or ($time > time()))
+if ((!$_SESSION[user]) or (!$_SESSION[pass]))
 {
     login_prompt();
 } 
 else
 { 
-    if($PHP_AUTH_USER && $PHP_AUTH_PW)
-    {
-        $user = $PHP_AUTH_USER;
-        $pass = $PHP_AUTH_PW;
+        $user = $_SESSION[user];
+        $pass = $_SESSION[pass];
         $folder = !$folder ? "INBOX" : $folder;
         $mailbox = mailbox_log_in($folder);
 
         if(!$mailbox)
             login_prompt();
-    }
 } 
 
 ?>
diff -ruN ../am223/login.php ./login.php
--- ../am223/login.php	1969-12-31 19:00:00.000000000 -0500
+++ ./login.php	2004-09-09 22:40:54.000000000 -0400
@@ -0,0 +1,68 @@
+<?php
+
+include("config.inc");
+
+if (isset($_POST[username]) && isset($_POST[password]))
+ {
+	session_name("AeroMail");
+	session_save_path(SESSION_SAVE_PATH);
+	session_start();
+
+	$_SESSION[user] = $_POST[username];
+	$_SESSION[pass] = $_POST[password];
+
+	Header("Location: index.php");
+	exit;
+}
+// If we got this far, they need to be prompted for their credentials.
+
+    # Forcibly delete any old cookies.
+    setcookie("AeroMail", "", mktime() - 1,"/", getenv("SERVER_NAME"), 0);
+    echo "<html>\n<head>\n";
+    include("style.php");
+    ?>
+<title><?php echo "Login - ".PROG_NAME ?></title>
+</head>
+<script language="JavaScript">
+function dofocus() {
+    document.login.username.focus()
+}
+</script>
+<body bgcolor="<?php echo COLOR_BG ?>" text="<?php echo COLOR_FONT ?>" topmargin=11 link="<?php echo COLOR_LINK ?>" alink="<?php echo COLOR_ALINK ?>" vlink="<?php echo COLOR_VLINK ?>" onload=dofocus()>
+
+<form name="login" action="login.php" method=POST>
+<center>
+<table bgcolor=<?php echo COLOR_HEAD ?> cellpadding=0 celspacing=0 border=0><tr><td>
+ <table border=0 cellpadding=3 cellspacing=1>
+  <tr>
+   <td colspan=2 bgcolor=<?php echo COLOR_HEAD ?> align=center>
+    <font face=<?php echo FONT ?> size=4><b><?php echo PROG_NAME ?>: Login</b></font>
+   </td>
+  </tr>
+  <tr>
+   <td bgcolor=<?php echo COLOR_TITLE ?>>
+    <b>Username</b>
+   </td>
+   <td bgcolor=<?php echo COLOR_TITLE ?>>
+    <b>Password</b>
+   </td>
+  </tr>
+  <tr>
+   <td bgcolor=<?php echo COLOR_ROW_ON ?>>
+    <input type="text" size="15" name="username">
+   </td>
+   <td bgcolor=<?php echo COLOR_ROW_ON ?>>
+    <input type="password" size="15" name="password">
+   </td>
+  </tr>
+  <tr>
+   <td bgcolor=<?php echo COLOR_HEAD ?> colspan=2 align=right>
+    <input type="submit" value="Login">
+   </td>
+  </tr>
+ </table>
+</td></tr></table>
+</form>
+</center>
+</body>
+</html>
diff -ruN ../am223/logout.php ./logout.php
--- ../am223/logout.php	2004-09-09 23:53:23.000000000 -0400
+++ ./logout.php	2004-09-09 23:53:31.000000000 -0400
@@ -1,5 +1,14 @@
 <?php
-
-Header("Location: index.php?time=" . (time() + 2));
+include("config.inc");
+   
+       # Delete session.
+       session_name("AeroMail");
+       session_save_path(SESSION_SAVE_PATH);
+       session_start();
+       session_destroy();
+       # Remove cookie from user's browser.
+       setcookie("AeroMail", "", mktime() - 1,"/", getenv("SERVER_NAME"), 0);
+       # Load the Login page.
+       Header("Location: login.php");
 
 ?>
diff -ruN ../am223/send_message.php ./send_message.php
--- ../am223/send_message.php	2004-09-09 23:41:00.000000000 -0400
+++ ./send_message.php	2004-09-09 23:42:31.000000000 -0400
@@ -33,13 +33,10 @@
     $to = removecrlf($to);
     if (!strstr($to, "@"))
     {
-        if (is_string(SERVER_SUFFIX)) {
-echo "Using server suffix " . SERVER_SUFFIX . "<br>\n";
+        if (is_string(SERVER_SUFFIX))
             $to .= "@" . SERVER_SUFFIX;
-        } else {
-echo "Defaulting to IMAP server " . IMAP_SERVER . "<br>\n";
+        else
             $to .= "@" . IMAP_SERVER;
-        }
     }
     $mailheaders .= "To: ".removecrlf($to)."\r\n";
     
@@ -95,6 +92,7 @@
         $from_user = FORCE_FROM ? "$user@" . SERVER_SUFFIX : $user;
     else
         $from_user = FORCE_FROM ? "$user@" . IMAP_SERVER : $user;
+
     mailfrom($from_user, $msg_body, $mailheaders);
 
     // add message to the sent mail folder