XoopsModules25x / xhelp

class/pear/Net/POP3.php

<?php
// +-----------------------------------------------------------------------+
// | Copyright (c) 2002, Richard Heyes                                     |
// | All rights reserved.                                                  |
// |                                                                       |
// | Redistribution and use in source and binary forms, with or without    |
// | modification, are permitted provided that the following conditions    |
// | are met:                                                              |
// |                                                                       |
// | o Redistributions of source code must retain the above copyright      |
// |   notice, this list of conditions and the following disclaimer.       |
// | o Redistributions in binary form must reproduce the above copyright   |
// |   notice, this list of conditions and the following disclaimer in the |
// |   documentation and/or other materials provided with the distribution.|
// | o The names of the authors may not be used to endorse or promote      |
// |   products derived from this software without specific prior written  |
// |   permission.                                                         |
// |                                                                       |
// | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS   |
// | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT     |
// | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
// | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT  |
// | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
// | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT      |
// | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
// | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
// | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT   |
// | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
// | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.  |
// |                                                                       |
// +-----------------------------------------------------------------------+
// | Author: Richard Heyes <richard@phpguru.org>                           |
// | Co-Author: Damian Fernandez Sosa <damlists@cnba.uba.ar>               |
// +-----------------------------------------------------------------------+
//
// $Id: POP3.php,v 1.2 2005/02/18 15:29:06 eric_juden Exp $

require_once XHELP_PEAR_PATH . '/Net/Socket.php';

/**
 *  +----------------------------- IMPORTANT ------------------------------+
 *  | Usage of this class compared to native php extensions such as IMAP   |
 *  | is slow and may be feature deficient. If available you are STRONGLY  |
 *  | recommended to use the php extensions.                               |
 *  +----------------------------------------------------------------------+
 *
 * POP3 Access Class
 *
 * For usage see the example script
 */
define('NET_POP3_STATE_DISCONNECTED', 1, true);
define('NET_POP3_STATE_AUTHORISATION', 2, true);
define('NET_POP3_STATE_TRANSACTION', 4, true);

/**
 * Class Net_POP3
 */
class Net_POP3
{
    /**
     * Some basic information about the mail drop
     * garnered from the STAT command
     *
     * @var array
     */
    public $_maildrop;
    /**
     * Used for APOP to store the timestamp
     *
     * @var string
     */
    public $_timestamp;
    /**
     * Timeout that is passed to the socket object
     *
     * @var int
     */
    public $_timeout;
    /**
     * Socket object
     *
     * @var object
     */
    public $_socket;
    /**
     * Current state of the connection. Used with the
     * constants defined above.
     *
     * @var int
     */
    public $_state;
    /**
     * Hostname to connect to
     *
     * @var string
     */
    public $_host;
    /**
     * Port to connect to
     *
     * @var int
     */
    public $_port;
    /**
     * To allow class debuging
     * @var bool
     */
    public $_debug = false;
    /**
     * The auth methods this class support
     * @var array
     */
    //var $supportedAuthMethods=array('DIGEST-MD5', 'CRAM-MD5', 'APOP' , 'PLAIN' , 'LOGIN', 'USER');
    //Disabling DIGEST-MD5 for now
    public $supportedAuthMethods = [/*'CRAM-MD5', 'APOP' ,*/
                                    'PLAIN',
                                    'LOGIN',
                                    'USER',
    ];
    //var $supportedAuthMethods=array( 'CRAM-MD5', 'PLAIN' , 'LOGIN');
    //var $supportedAuthMethods=array( 'PLAIN' , 'LOGIN');

    /**
     * The auth methods this class support
     * @var array
     */
    public $supportedSASLAuthMethods = ['DIGEST-MD5', 'CRAM-MD5'];
    /**
     * The capability response
     * @var array
     */
    public $_capability;

    /**
     * Constructor. Sets up the object variables, and instantiates
     * the socket object.
     *
     */

    public function __construct()
    {
        $this->_timestamp = ''; // Used for APOP
        $this->_maildrop  = [];
        $this->_timeout   = 10;
        $this->_state     = NET_POP3_STATE_DISCONNECTED;
        $this->_socket    = new Net_Socket();
        /*
         * Include the Auth_SASL package.  If the package is not available,
         * we disable the authentication methods that depend upon it.
         */
        if (false === (@require_once __DIR__ . '/Auth/SASL.php')) {
            if ($this->_debug) {
                echo "AUTH_SASL NOT PRESENT!\n";
            }
            foreach ($this->supportedSASLAuthMethods as $SASLMethod) {
                $pos = array_search($SASLMethod, $this->supportedAuthMethods, true);
                if ($this->_debug) {
                    echo "DISABLING METHOD $SASLMethod\n";
                }
                unset($this->supportedAuthMethods[$pos]);
            }
        }
    }

    /**
     * Handles the errors the class can find
     * on the server
     *
     * @param string $msg
     * @param int    $code
     * @return PEAR_Error
     */
    public function _raiseError(string $msg, int $code = -1): PEAR_Error
    {
        require_once XHELP_PEAR_PATH . '/PEAR.php';

        return PEAR::raiseError($msg, $code);

The method PEAR::raiseError() is not static, but was called statically.

It seems like $code can also be of type integer; however, parameter $code of PEAR::raiseError() does only seem to accept null, maybe add an additional type check?

    }

    /**
     * Connects to the given host on the given port.
     * Also looks for the timestamp in the greeting
     * needed for APOP authentication
     *
     * @param string $host /IP address to connect to Hostname
     * @param int    $port Port to use to connect to on host
     * @return bool  Success/Failure
     */
    public function connect(string $host = 'localhost', int $port = 110): bool
    {
        $this->_host = $host;
        $this->_port = $port;

        $result = $this->_socket->connect($host, $port, false, $this->_timeout);
        if (true === $result) {
            $data = $this->_recvLn();

            if ($this->_checkResponse($data)) {

It seems like $data can also be of type PEAR_Error; however, parameter $response of Net_POP3::_checkResponse() does only seem to accept string, maybe add an additional type check?

                // if the response begins with '+OK' ...
                //            if (@substr(strtoupper($data), 0, 3) == '+OK') {
                // Check for string matching apop timestamp
                if (preg_match('/<.+@.+>/U', $data, $matches)) {

It seems like $data can also be of type PEAR_Error; however, parameter $subject of preg_match() does only seem to accept string, maybe add an additional type check?

                    $this->_timestamp = $matches[0];
                }
                $this->_maildrop = [];
                $this->_state    = NET_POP3_STATE_AUTHORISATION;

                return true;
            }
        }

        $this->_socket->disconnect();

        return false;
    }

    /**
     * Disconnect function. Sends the QUIT command
     * and closes the socket.
     *
     * @return bool Success/Failure
     */
    public function disconnect(): bool
    {
        return $this->_cmdQuit();
    }

    /**
     * Performs the login procedure. If there is a timestamp
     * stored, APOP will be tried first, then basic USER/PASS.
     *
     * @param string $user Username to use
     * @param string $pass Password to use
     * @param bool   $apop Whether to try APOP first
     * @return bool|\PEAR_Error  true on Success/ PEAR_ERROR on error
     */
    public function login(string $user, string $pass, bool $apop = true)
    {
        if (NET_POP3_STATE_AUTHORISATION == $this->_state) {
            if (PEAR::isError($ret = $this->_cmdAuthenticate($user, $pass, $apop))) {

The method PEAR::isError() is not static, but was called statically.

$apop of type boolean is incompatible with the type null|string expected by parameter $userMethod of Net_POP3::_cmdAuthenticate().

                return $ret;

The expression return $ret also could return the type string which is incompatible with the documented return type PEAR_Error|boolean.

            }
            if (!PEAR::isError($ret)) {
                $this->_state = NET_POP3_STATE_TRANSACTION;

                return true;
            }
        }

        return $this->_raiseError('Generic login error', 1);
    }

    /**
     * Parses the response from the capability command. Stores
     * the result in $this->_capability
     */
    public function _parseCapability(): void
    {
        if (!PEAR::isError($data = $this->_sendCmd('CAPA'))) {

The method PEAR::isError() is not static, but was called statically.

            $data = $this->_getMultiline();
        }
        $data = preg_split('/\r?\n/', $data, -1, PREG_SPLIT_NO_EMPTY);

        foreach ($data as $i => $iValue) {
            $capa = '';
            if (preg_match('/^([a-z,\-]+)( ((.*))|$)$/i', $iValue, $matches)) {
                $capa = \mb_strtolower($matches[1]);
                switch ($capa) {
                    case 'implementation':
                        $this->_capability['implementation'] = $matches[3];
                        break;
                    case 'sasl':
                        $this->_capability['sasl'] = preg_split('/\s+/', $matches[3]);
                        break;
                    default:
                        $this->_capability[$capa] = $matches[2];
                        break;
                }
            }
        }
    }

    /**
     * Returns the name of the best authentication method that the server
     * has advertised.
     *
     * @param mixed $userMethod
     * @return mixed Returns a string containing the name of the best
     *               supported authentication method or a PEAR_Error object
     *               if a failure condition is encountered.
     * @since  1.0
     */
    public function _getBestAuthMethod($userMethod = null)
    {
        /*
         return 'USER';
         return 'APOP';
         return 'DIGEST-MD5';
         return 'CRAM-MD5';
         */

        $this->_parseCapability();

        //unset($this->_capability['sasl']);

        $serverMethods = $this->_capability['sasl'] ?? [/*'APOP',*/
                                                        'USER',
            ];

        if (null !== $userMethod && true !== $userMethod) {
            $methods   = [];
            $methods[] = $userMethod;

            return $userMethod;
        }
        $methods = $this->supportedAuthMethods;

        if ((null !== $methods) && (null !== $serverMethods)) {
            foreach ($methods as $method) {
                if (in_array($method, $serverMethods, true)) {
                    return $method;
                }
            }
            $serverMethods = implode(',', $serverMethods);
            $myMethods     = implode(',', $this->supportedAuthMethods);

            return $this->_raiseError("$method NOT supported authentication method!. This server " . "supports these methods: $serverMethods, but I support $myMethods");

The variable $method seems to be defined by a foreach iteration on line 319. Are you sure the iterator is never empty, otherwise this variable is not defined?

        }

        return $this->_raiseError("This server don't support any Auth methods");
    }

    /**
     * Handles the authentication using any known method
     *
     * @param string      $uid        The userid to authenticate as.
     * @param string      $pwd        The password to authenticate with.
     * @param string|null $userMethod The method to use ( if $userMethod == '' then the class chooses the best method (the stronger is the best ) )
     *
     * @return \PEAR_Error|string  string or PEAR_Error
     *
     * @access private
     * @since  1.0
     */
    private function _cmdAuthenticate(string $uid, string $pwd, string $userMethod = null)
    {
        if (PEAR::isError($method = $this->_getBestAuthMethod($userMethod))) {

The method PEAR::isError() is not static, but was called statically.

            return $method;
        }
        switch ($method) {
            case 'DIGEST-MD5':
                $result = $this->_authDigest_MD5($uid, $pwd);
                break;
            case 'CRAM-MD5':
                $result = $this->_authCRAM_MD5($uid, $pwd);
                break;
            case 'LOGIN':
                $result = $this->_authLOGIN($uid, $pwd);
                break;
            case 'PLAIN':
                $result = $this->_authPLAIN($uid, $pwd);
                break;
            case 'APOP':
                $result = $this->_cmdApop($uid, $pwd);
                // if APOP fails fallback to USER auth
                if (false === $result) {
                    echo "APOP FAILED!!!\n";
                    $result = $this->_authUSER($uid, $pwd);
                }
                break;
            case 'USER':
                $result = $this->_authUSER($uid, $pwd);
                break;
            default:
                $result = $this->_authUSER($uid, $pwd);
                //$result = $this->_raiseError( "$method is not a supported authentication method" );
                break;
        }

        return $result;

The expression return $result also could return the type array|boolean which is incompatible with the documented return type PEAR_Error|string.

    }

    /**
     * Authenticates the user using the USER-PASS method.
     *
     * @param string $user The userid to authenticate as.
     * @param string $pass The password to authenticate with.
     *
     * @return bool|\PEAR_Error    true on success or PEAR_Error on failure
     *
     * @access private
     * @since  1.0
     */
    private function _authUSER(string $user, string $pass)
    {
        if (PEAR::isError($ret = $this->_cmdUser($user))) {

The method PEAR::isError() is not static, but was called statically.

            return $ret;
        }
        if (PEAR::isError($ret = $this->_cmdPass($pass))) {
            return $ret;
        }

        return true;
    }

    /**
     * Authenticates the user using the PLAIN method.
     *
     * @param string $user The userid to authenticate as.
     * @param string $pass The password to authenticate with.
     *
     * @return array|bool Returns an array containing the response
     *
     * @access private
     * @since  1.0
     */
    private function _authPLAIN(string $user, string $pass)
    {
        $cmd = sprintf('AUTH PLAIN %s', base64_encode(chr(0) . $user . chr(0) . $pass));

        if (PEAR::isError($ret = $this->_send($cmd))) {

The method PEAR::isError() is not static, but was called statically.

            return $ret;

The expression return $ret also could return the type PEAR_Error which is incompatible with the documented return type array|boolean.

        }
        if (PEAR::isError($challenge = $this->_recvLn())) {
            return $challenge;

The expression return $challenge also could return the type PEAR_Error which is incompatible with the documented return type array|boolean.

        }
        if (PEAR::isError($ret = $this->_checkResponse($challenge))) {

It seems like $challenge can also be of type PEAR_Error; however, parameter $response of Net_POP3::_checkResponse() does only seem to accept string, maybe add an additional type check?

            return $ret;

The expression return $ret also could return the type PEAR_Error which is incompatible with the documented return type array|boolean.

        }

        return true;
    }

    /**
     * Authenticates the user using the PLAIN method.
     *
     * @param string $user The userid to authenticate as.
     * @param string $pass The password to authenticate with.
     *
     * @return array|\PEAR_Error Returns an array containing the response
     *
     * @access private
     * @since  1.0
     */
    private function _authLOGIN(string $user, string $pass)
    {
        $this->_send('AUTH LOGIN');

        if (PEAR::isError($challenge = $this->_recvLn())) {

The method PEAR::isError() is not static, but was called statically.

            return $challenge;
        }
        if (PEAR::isError($ret = $this->_checkResponse($challenge))) {

It seems like $challenge can also be of type PEAR_Error; however, parameter $response of Net_POP3::_checkResponse() does only seem to accept string, maybe add an additional type check?

            return $ret;

The expression return $ret also could return the type true which is incompatible with the documented return type PEAR_Error|array.

        }

        if (PEAR::isError($ret = $this->_send(sprintf('"%s"', base64_encode($user))))) {
            return $ret;

The expression return $ret also could return the type true which is incompatible with the documented return type PEAR_Error|array.

        }

        if (PEAR::isError($challenge = $this->_recvLn())) {
            return $challenge;
        }
        if (PEAR::isError($ret = $this->_checkResponse($challenge))) {
            return $ret;

The expression return $ret also could return the type true which is incompatible with the documented return type PEAR_Error|array.

        }

        if (PEAR::isError($ret = $this->_send(sprintf('"%s"', base64_encode($pass))))) {
            return $ret;

The expression return $ret also could return the type true which is incompatible with the documented return type PEAR_Error|array.

        }

        if (PEAR::isError($challenge = $this->_recvLn())) {
            return $challenge;
        }

        return $this->_checkResponse($ret);

The expression return $this->_checkResponse($ret) also could return the type true which is incompatible with the documented return type PEAR_Error|array.

$ret of type PEAR_Error|true is incompatible with the type string expected by parameter $response of Net_POP3::_checkResponse().

    }

    /**
     * Authenticates the user using the CRAM-MD5 method.
     *
     * @param string $uid The userid to authenticate as.
     * @param string $pwd The password to authenticate with.
     *
     * @return array|\PEAR_Error Returns an array containing the response
     *
     * @access private
     * @since  1.0
     */
    private function _authCRAM_MD5(string $uid, string $pwd)
    {
        if (PEAR::isError($ret = $this->_send('AUTH CRAM-MD5'))) {

The method PEAR::isError() is not static, but was called statically.

            return $ret;

The expression return $ret also could return the type true which is incompatible with the documented return type PEAR_Error|array.

        }

        if (PEAR::isError($challenge = $this->_recvLn())) {
            return $challenge;
        }
        if (PEAR::isError($ret = $this->_checkResponse($challenge))) {

It seems like $challenge can also be of type PEAR_Error; however, parameter $response of Net_POP3::_checkResponse() does only seem to accept string, maybe add an additional type check?

            return $ret;

The expression return $ret also could return the type true which is incompatible with the documented return type PEAR_Error|array.

        }

        // remove '+ '

        $challenge = mb_substr($challenge, 2);

It seems like $challenge can also be of type PEAR_Error; however, parameter $string of mb_substr() does only seem to accept string, maybe add an additional type check?

        $challenge = base64_decode($challenge, true);

        $cram     = &Auth_SASL::factory('crammd5');

The type Auth_SASL was not found. Maybe you did not declare it correctly or list all dependencies?

        $auth_str = base64_encode($cram->getResponse($uid, $pwd, $challenge));

        if (PEAR::isError($error = $this->_send($auth_str))) {
            return $error;

The expression return $error also could return the type true which is incompatible with the documented return type PEAR_Error|array.

        }
        if (PEAR::isError($ret = $this->_recvLn())) {
            return $ret;
        }
        //echo "RET:$ret\n";
        return $this->_checkResponse($ret);

The expression return $this->_checkResponse($ret) also could return the type true which is incompatible with the documented return type PEAR_Error|array.

    }

    /**
     * Authenticates the user using the DIGEST-MD5 method.
     *
     * @param string $uid The userid to authenticate as.
     * @param string $pwd The password to authenticate with.
     * @param string The efective user
     *
     * @return array|\PEAR_Error Returns an array containing the response
     *
     * @access private
     * @since  1.0
     */
    private function _authDigest_MD5(string $uid, string $pwd)
    {
        if (PEAR::isError($ret = $this->_send('AUTH DIGEST-MD5'))) {

The method PEAR::isError() is not static, but was called statically.

            return $ret;

The expression return $ret also could return the type true which is incompatible with the documented return type PEAR_Error|array.

        }

        if (PEAR::isError($challenge = $this->_recvLn())) {
            return $challenge;
        }
        if (PEAR::isError($ret = $this->_checkResponse($challenge))) {

It seems like $challenge can also be of type PEAR_Error; however, parameter $response of Net_POP3::_checkResponse() does only seem to accept string, maybe add an additional type check?

            return $ret;

The expression return $ret also could return the type true which is incompatible with the documented return type PEAR_Error|array.

        }

        // remove '+ '
        $challenge = mb_substr($challenge, 2);

It seems like $challenge can also be of type PEAR_Error; however, parameter $string of mb_substr() does only seem to accept string, maybe add an additional type check?

        $challenge = base64_decode($challenge, true);
        $digest    = &Auth_SASL::factory('digestmd5');
        $auth_str  = base64_encode($digest->getResponse($uid, $pwd, $challenge, 'localhost', 'pop3'));

        if (PEAR::isError($error = $this->_send($auth_str))) {
            return $error;

The expression return $error also could return the type true which is incompatible with the documented return type PEAR_Error|array.

        }

        if (PEAR::isError($challenge = $this->_recvLn())) {
            return $challenge;
        }
        if (PEAR::isError($ret = $this->_checkResponse($challenge))) {
            return $ret;

The expression return $ret also could return the type true which is incompatible with the documented return type PEAR_Error|array.

        }
        /*
         * We don't use the protocol's third step because POP3 doesn't allow
         * subsequent authentication, so we just silently ignore it.
         */

        if (PEAR::isError($challenge = $this->_send("\r\n"))) {
            return $challenge;

The expression return $challenge also could return the type true which is incompatible with the documented return type PEAR_Error|array.

        }

        if (PEAR::isError($challenge = $this->_recvLn())) {
            return $challenge;
        }

        return $this->_checkResponse($challenge);

The expression return $this->_checkResponse($challenge) also could return the type true which is incompatible with the documented return type PEAR_Error|array.

    }

    /**
     * Sends the APOP command
     *
     * @param string $user Username to send
     * @param string $pass Password to send
     * @return bool|\PEAR_Error Success/Failure
     */
    public function _cmdApop(string $user, string $pass)
    {
        if (NET_POP3_STATE_AUTHORISATION == $this->_state) {
            if (!empty($this->_timestamp)) {
                if (PEAR::isError($data = $this->_sendCmd('APOP ' . $user . ' ' . md5($this->_timestamp . $pass)))) {

The method PEAR::isError() is not static, but was called statically.

                    return $data;
                }
                $this->_state = NET_POP3_STATE_TRANSACTION;

                return true;
            }
        }

        return $this->_raiseError('Not In NET_POP3_STATE_AUTHORISATION State1');
    }

    /**
     * Returns the raw headers of the specified message.
     *
     * @param int $msg_id Message number
     * @return mixed   Either raw headers or false on error
     */

    /**
     * @param int $msg_id
     * @return bool|string
     */
    public function getRawHeaders(int $msg_id)
    {
        if (NET_POP3_STATE_TRANSACTION == $this->_state) {
            return $this->_cmdTop($msg_id, 0);
        }

        return false;
    }

    /*
     * Returns the  headers of the specified message in an
     * associative array. Array keys are the header names, array
     * values are the header values. In the case of multiple headers
     * having the same names, eg Received:, the array value will be
     * an indexed array of all the header values.
     *
     * @param  int $msg_id Message number
     * @return mixed   Either array of headers or false on error
     */

    /**
     * @param int $msg_id
     * @return array|false
     */
    public function getParsedHeaders(int $msg_id)
    {
        if (NET_POP3_STATE_TRANSACTION == $this->_state) {
            $raw_headers = rtrim($this->getRawHeaders($msg_id));

It seems like $this->getRawHeaders($msg_id) can also be of type false; however, parameter $string of rtrim() does only seem to accept string, maybe add an additional type check?

            $raw_headers = preg_replace("/\r\n[ \t]+/", ' ', $raw_headers); // Unfold headers
            $raw_headers = explode("\r\n", $raw_headers);
            foreach ($raw_headers as $value) {
                $name  = mb_substr($value, 0, $pos = mb_strpos($value, ':'));
                $value = ltrim(mb_substr($value, $pos + 1));
                if (isset($headers[$name]) && is_array($headers[$name])) {
                    $headers[$name][] = $value;
                } elseif (isset($headers[$name])) {
                    $headers[$name] = [$headers[$name], $value];
                } else {
                    $headers[$name] = $value;
                }
            }

            return $headers;

The variable $headers does not seem to be defined for all execution paths leading up to this point.

        }

        return false;
    }

    /*
     * Returns the body of the message with given message number.
     *
     * @param  int $msg_id Message number
     * @return mixed   Either message body or false on error
     */

    /**
     * @param int $msg_id
     * @return false|mixed|string
     */
    public function getBody(int $msg_id)
    {
        if (NET_POP3_STATE_TRANSACTION == $this->_state) {
            $msg = $this->_cmdRetr($msg_id);

            return mb_substr($msg, mb_strpos($msg, "\r\n\r\n") + 4);

It seems like $msg can also be of type false; however, parameter $haystack of mb_strpos() does only seem to accept string, maybe add an additional type check?

It seems like $msg can also be of type false; however, parameter $string of mb_substr() does only seem to accept string, maybe add an additional type check?

        }

        return false;
    }

    /*
     * Returns the entire message with given message number.
     *
     * @param  int $msg_id Message number
     * @return mixed   Either entire message or false on error
     */

    /**
     * @param int $msg_id
     * @return false|string
     */
    public function getMsg(int $msg_id)
    {
        if (NET_POP3_STATE_TRANSACTION == $this->_state) {
            return $this->_cmdRetr($msg_id);
        }

        return false;
    }

    /*
     * Returns the size of the maildrop
     *
     * @return mixed Either size of maildrop or false on error
     */

    /**
     * @return false|mixed
     */
    public function getSize()
    {
        if (NET_POP3_STATE_TRANSACTION == $this->_state) {
            if (isset($this->_maildrop['size'])) {
                return $this->_maildrop['size'];
            }
            [, $size] = $this->_cmdStat();

            return $size;
        }

        return false;
    }

    /*
     * Returns number of messages in this maildrop
     *
     * @return mixed Either number of messages or false on error
     */

    /**
     * @return false|mixed
     */
    public function numMsg()
    {
        if (NET_POP3_STATE_TRANSACTION == $this->_state) {
            if (isset($this->_maildrop['num_msg'])) {
                return $this->_maildrop['num_msg'];
            }
            [$num_msg,] = $this->_cmdStat();

            return $num_msg;
        }

        return false;
    }

    /*
     * Marks a message for deletion. Only will be deleted if the
     * disconnect() method is called.
     *
     * @param  Message $msg_id to delete
     * @return bool Success/Failure
     */

    /**
     * @param int $msg_id
     * @return false|mixed|\PEAR_Error
     */
    public function deleteMsg(int $msg_id)
    {
        if (NET_POP3_STATE_TRANSACTION == $this->_state) {
            return $this->_cmdDele($msg_id);
        }

        return false;
    }

    /*
     * Combination of LIST/UIDL commands, returns an array
     * of data
     *
     * @param  Optional $msg_id message number
     * @return mixed Array of data or false on error
     */

    /**
     * @param null $msg_id

Are you sure the doc-type for parameter $msg_id is correct as it would always require null to be passed?

     * @return array|false
     */
    public function getListing($msg_id = null)
    {
        if (NET_POP3_STATE_TRANSACTION == $this->_state) {
            if (isset($msg_id)) {
                if ($list = $this->_cmdList($msg_id) and $uidl = $this->_cmdUidl($msg_id)) {
                    return array_merge($list, $uidl);
                }
            } else {
                $list = $this->_cmdList();
                if ($list) {
                    $uidl = $this->_cmdUidl();
                    if ($uidl) {
                        foreach ($uidl as $i => $value) {
                            $list[$i]['uidl'] = $value['uidl'];
                        }
                    }

                    return $list;
                }
            }
        }

        return false;
    }

    /*
     * Sends the USER command
     *
     * @param  Username $user to send
     * @return bool  Success/Failure
     */

    /**
     * @param string $user
     * @return mixed|\PEAR_Error
     */
    public function _cmdUser(string $user)
    {
        if (NET_POP3_STATE_AUTHORISATION == $this->_state) {
            return $this->_sendCmd('USER ' . $user);
        }

        return $this->_raiseError('Not In NET_POP3_STATE_AUTHORISATION State');
    }

    /*
     * Sends the PASS command
     *
     * @param  Password $pass to send
     * @return bool  Success/Failure
     */

    /**
     * @param string $pass
     * @return mixed|\PEAR_Error
     */
    public function _cmdPass($pass)
    {
        if (NET_POP3_STATE_AUTHORISATION == $this->_state) {
            return $this->_sendCmd('PASS ' . $pass);
        }

        return $this->_raiseError('Not In NET_POP3_STATE_AUTHORISATION State');
    }

    /*
     * Sends the STAT command
     *
     * @return mixed Indexed array of number of messages and
     *               maildrop size, or false on error.
     */

    /**
     * @return array|false
     */
    public function _cmdStat()
    {
        if (NET_POP3_STATE_TRANSACTION == $this->_state) {
            if (!PEAR::isError($data = $this->_sendCmd('STAT'))) {

The method PEAR::isError() is not static, but was called statically.

                sscanf($data, '+OK %d %d', $msg_num, $size);

The variable $size seems to be never defined.

It seems like $data can also be of type PEAR_Error; however, parameter $string of sscanf() does only seem to accept string, maybe add an additional type check?

                $this->_maildrop['num_msg'] = $msg_num;
                $this->_maildrop['size']    = $size;

                return [$msg_num, $size];
            }
        }

        return false;
    }

    /*
     * Sends the LIST command
     *
     * @param  Optional $msg_id message number
     * @return mixed   Indexed array of msg_id/msg size or
     *                 false on error
     */

    /**
     * @param null $msg_id

Are you sure the doc-type for parameter $msg_id is correct as it would always require null to be passed?

     * @return array|false
     */
    public function _cmdList($msg_id = null)
    {
        if (NET_POP3_STATE_TRANSACTION == $this->_state) {
            if (isset($msg_id)) {
                if (!PEAR::isError($data = $this->_sendCmd('LIST ' . $msg_id))) {

The method PEAR::isError() is not static, but was called statically.

                    sscanf($data, '+OK %d %d', $msg_id, $size);

The variable $size seems to be never defined.

It seems like $data can also be of type PEAR_Error; however, parameter $string of sscanf() does only seem to accept string, maybe add an additional type check?

                    return ['msg_id' => $msg_id, 'size' => $size];
                }
            } else {
                if (!PEAR::isError($data = $this->_sendCmd('LIST'))) {
                    $data = $this->_getMultiline();
                    $data = explode("\r\n", $data);
                    foreach ($data as $line) {
                        sscanf($line, '%s %s', $msg_id, $size);
                        $return[] = ['msg_id' => $msg_id, 'size' => $size];
                    }

                    return $return;

The variable $return seems to be defined by a foreach iteration on line 898. Are you sure the iterator is never empty, otherwise this variable is not defined?

                }
            }
        }

        return false;
    }

    /**
     * Sends the RETR command
     *
     * @param int $msg_id The message number to retrieve
     * @return false|string   The message or false on error
     */
    public function _cmdRetr(int $msg_id)
    {
        if (NET_POP3_STATE_TRANSACTION == $this->_state) {
            if (!PEAR::isError($data = $this->_sendCmd('RETR ' . $msg_id))) {

The method PEAR::isError() is not static, but was called statically.

                $data = $this->_getMultiline();

                return $data;
            }
        }

        return false;
    }

    /**
     * Sends the DELE command
     *
     * @param int $msg_id Message number to mark as deleted
     * @return bool Success/Failure
     */

    /**
     * @param int $msg_id
     * @return false|mixed|\PEAR_Error
     */
    public function _cmdDele(int $msg_id)
    {
        if (NET_POP3_STATE_TRANSACTION == $this->_state) {
            return $this->_sendCmd('DELE ' . $msg_id);
        }

        return false;
    }

    /**
     * Sends the NOOP command
     *
     * @return bool Success/Failure
     */
    public function _cmdNoop(): bool
    {
        if (NET_POP3_STATE_TRANSACTION == $this->_state) {
            if (!PEAR::isError($data = $this->_sendCmd('NOOP'))) {

The method PEAR::isError() is not static, but was called statically.

                return true;
            }
        }

        return false;
    }

    /**
     * Sends the RSET command
     *
     * @return bool Success/Failure
     */
    public function _cmdRset(): bool
    {
        if (NET_POP3_STATE_TRANSACTION == $this->_state) {
            if (!PEAR::isError($data = $this->_sendCmd('RSET'))) {

The method PEAR::isError() is not static, but was called statically.

                return true;
            }
        }

        return false;
    }

    /**
     * Sends the QUIT command
     *
     * @return bool Success/Failure
     */
    public function _cmdQuit(): bool
    {
        $data         = $this->_sendCmd('QUIT');
        $this->_state = NET_POP3_STATE_DISCONNECTED;
        $this->_socket->disconnect();

        return (bool)$data;
    }

    /**
     * Sends the TOP command
     *
     * @param int $msg_id    Message number
     * @param int $num_lines Number of lines to retrieve
     * @return false|string Message data or false on error
     */
    public function _cmdTop(int $msg_id, int $num_lines)
    {
        if (NET_POP3_STATE_TRANSACTION == $this->_state) {
            if (!PEAR::isError($data = $this->_sendCmd('TOP ' . $msg_id . ' ' . $num_lines))) {

The method PEAR::isError() is not static, but was called statically.

                return $this->_getMultiline();
            }
        }

        return false;
    }

    /**
     * Sends the UIDL command
     *
     * @param int|null $msg_id Message number
     * @return array|false indexed array of msg_id/uidl or false on error
     */

    public function _cmdUidl(int $msg_id = null)
    {
        if (NET_POP3_STATE_TRANSACTION == $this->_state) {
            if (isset($msg_id)) {
                $data = $this->_sendCmd('UIDL ' . $msg_id);
                sscanf($data, '+OK %d %s', $msg_id, $uidl);

The variable $uidl seems to be never defined.

It seems like $data can also be of type PEAR_Error; however, parameter $string of sscanf() does only seem to accept string, maybe add an additional type check?

                return ['msg_id' => $msg_id, 'uidl' => $uidl];
            } else {
                if (!PEAR::isError($data = $this->_sendCmd('UIDL'))) {

The method PEAR::isError() is not static, but was called statically.

                    $data = $this->_getMultiline();
                    $data = explode("\r\n", $data);
                    foreach ($data as $line) {
                        sscanf($line, '%d %s', $msg_id, $uidl);
                        $return[] = ['msg_id' => $msg_id, 'uidl' => $uidl];
                    }

                    return $return;

The variable $return seems to be defined by a foreach iteration on line 1033. Are you sure the iterator is never empty, otherwise this variable is not defined?

                }
            }
        }

        return false;
    }

    /**
     * Sends a command, checks the reponse, and
     * if good returns the reponse, other wise
     * returns false.
     *
     * @param string $cmd Command to send (\r\n will be appended)
     * @return mixed First line of response if successful, otherwise false
     */
    public function _sendCmd(string $cmd)
    {
        $result = $this->_send($cmd);

        if (!PEAR::isError($result) && $result) {

The method PEAR::isError() is not static, but was called statically.

            $data = $this->_recvLn();
            if (!PEAR::isError($data) && 0 === mb_stripos($data, '+OK')) {

It seems like $data can also be of type PEAR_Error; however, parameter $haystack of mb_stripos() does only seem to accept string, maybe add an additional type check?

                return $data;
            }
        }

        return $this->_raiseError($data);

The variable $data does not seem to be defined for all execution paths leading up to this point.

    }

    /**
     * Reads a multiline reponse and returns the data
     *
     * @return string The reponse.
     */
    public function _getMultiline(): string
    {
        $data = '';
        while (!PEAR::isError($tmp = $this->_recvLn())) {

The method PEAR::isError() is not static, but was called statically.

            if ('.' === $tmp) {
                return mb_substr($data, 0, -2);
            }
            if (0 === mb_strpos($tmp, '..')) {

It seems like $tmp can also be of type PEAR_Error; however, parameter $haystack of mb_strpos() does only seem to accept string, maybe add an additional type check?

                $tmp = mb_substr($tmp, 1);

It seems like $tmp can also be of type PEAR_Error; however, parameter $string of mb_substr() does only seem to accept string, maybe add an additional type check?

            }
            $data .= $tmp . "\r\n";
        }

        return mb_substr($data, 0, -2);
    }

    /**
     * Sets the bebug state
     *
     * @param bool $debug
     */
    public function setDebug(bool $debug = true): void
    {
        $this->_debug = $debug;
    }

    /**
     * Send the given string of data to the server.
     *
     * @param string $data The string of data to send.
     *
     * @return bool|\PEAR_Error True on success or a PEAR_Error object on failure.
     *
     * @since   1.0
     */
    public function _send(string $data)
    {
        if ($this->_debug) {
            echo "C: $data\n";
        }

        if (PEAR::isError($error = $this->_socket->writeLine($data))) {

The method PEAR::isError() is not static, but was called statically.

            return $this->_raiseError('Failed to write to socket: ' . $error->getMessage());
        }

        return true;
    }

    /**
     * Receive the given string of data from the server.
     *
     * @return mixed a line of response on success or a PEAR_Error object on failure.
     *
     * @since   1.0
     */
    public function _recvLn()
    {
        if (PEAR::isError($lastline = $this->_socket->readLine(8192))) {

The method PEAR::isError() is not static, but was called statically.

            return $this->_raiseError('Failed to write to socket: ' . $this->lastline->getMessage());

The property lastline does not exist on Net_POP3. Did you maybe forget to declare it?

        }
        if ($this->_debug) {
            // S: means this data was sent by  the POP3 Server
            echo "S:$lastline\n";
        }

        return $lastline;
    }

    /**
     * Checks de server Response
     *
     * @param string $response
     * @return bool|\PEAR_Error true on success or a PEAR_Error object on failure.
     *
     * @since   1.3.3
     */
    public function _checkResponse(string $response)
    {
        if ('+OK' === @mb_substr(mb_strtoupper($response), 0, 3)) {
            return true;
        }
        if ('-ERR' === @mb_substr(mb_strtoupper($response), 0, 4)) {
            return $this->_raiseError($response);
        }
        if ('+ ' === @mb_substr(mb_strtoupper($response), 0, 2)) {
            return true;
        }

        return $this->_raiseError("Unknown Response ($response)");
    }
}