Google dropped the support of user/password authentication as of 30 may 2022.
imap_open can not be used anymore, without the support of xoauth2.
https://support.google.com/accounts/answer/6010255

There is a ToDo from 2020 that didn't make it.
https://wiki.php.net/todo/ext/imap/xoauth2

The only way is to switch to a third party lib. "php-imap"
This is so sad.

To reply to "dsgvoseidank" saying it doesnt work anymore with Gmail :

As today 26 august 2022 it is still working but you need to use google parameters to generate a password for your app on a 2FA account

imap_open is very simple to use, but struggles a litte bit on setups with ssl and tls.

this are tested examples for different hosts and protocols.

uncomment the host/protocol line and fill in correct username and password.

Kay

<?php

#######
# localhost pop3 with and without ssl
# $authhost="{localhost:995/pop3/ssl/novalidate-cert}";
# $authhost="{localhost:110/pop3/notls}";

# localhost imap with and without ssl
# $authhost="{localhost:993/imap/ssl/novalidate-cert}";
# $authhost="{localhost:143/imap/notls}";
# $user="localuser";

# localhost nntp with and without ssl
# you have to specify an existing group, control.cancel should exist
# $authhost="{localhost:563/nntp/ssl/novalidate-cert}control.cancel";
# $authhost="{localhost:119/nntp/notls}control.cancel";

######
# web.de pop3 without ssl
# $authhost="{pop3.web.de:110/pop3/notls}";
# $user="[email protected]";

#########
# goggle with pop3 or imap
# $authhost="{pop.gmail.com:995/pop3/ssl/novalidate-cert}";
# $authhost="{imap.gmail.com:993/imap/ssl/novalidate-cert}";
# $user="[email protected]";

$user="username like above";
$pass="yourpass";

if ($mbox=imap_open( $authhost, $user, $pass ))
        {
         echo "<h1>Connected</h1>\n";
         imap_close($mbox);
        } else
        {
         echo "<h1>FAIL!</h1>\n";
        }

?>

One of the issues with gmail IMAP SSL authentication is related to Google's account security.

Once you get the login error once, sign out of all your google accounts. Then, visit this link:
http://www.google.com/accounts/DisplayUnlockCaptcha

Log in with the account you're attempting to access via imap.

Follow the steps and you'll then be able to login in to gmail with php imap.

It's visually shown here:
http://jeffreifman.com/filtered-open-source-imap-mail-filtering-software-for-php/configuring-gmail/

Using: 
<?php
imap_open( "{server.example.com:143}INBOX" , 'login' , 'password' );
?>

Got this error:
"Couldn't open stream {server.example.com:143}INBOX" 

Solved by adding the flag "novalidate-cert":
<?php
imap_open( "{server.example.com:143/novalidate-cert}INBOX" , 'login' , 'password' );
?>

=D

Subfolders of INBOX have to be seperate by dot like this: 'INBOX.test'
$mailbox = '{example.example.com:143/imap/novalidate-cert}INBOX.test'

This code demonstrates features that are not well documented at this time. The main feature is that the selected mailbox in imap_open (or reopen)  and the specified mailbox in other imap functions are unrelated.  It has been tested with Gmail and with a Dovecot IMAP server.  The mailbox separator depends on the server. Gmail: "/"  Dovecot: "."  If you want to test with Gmail, you need to turn on "Access for less secure apps" in your account.
 
<?php
  // Change these.
  $server    = "{imap.gmail.com:993/imap/ssl/novalidate-cert}"; 
  $email     = "[email protected]"; 
  $password  = "password";
 
  // The code assumes that the folders Test/Sub1/Sub11, etc. exist. 
  $selected  = "{$server}Test/Sub1/Sub12";
  $conn      = imap_open($selected, $email , $password);

  // This returns the $specified mailbox and its sub mailboxes, 
  // even if the $specified mailbox is outside the $selected mailbox. 
  $specified =  "{$server}Test/Sub1"; 
  $boxes     = imap_list($conn, $specified , '*');
  print_r($boxes);
  
  // This appends the message in the $specified mailbox. 
  // It ignores the $selected mailbox. 
  imap_append($conn, $specified
                     , "From: [email protected]\r\n"
                     . "To: [email protected]\r\n"
                     . "Subject: test\r\n"
                     . "\r\n"
                     . "this is a test message, please ignore\r\n");

  // This changes the $selected mailbox
  $selected = "{$server}Test/Sub1"; 
  imap_reopen($conn, $selected); 

  // This moves a message from the $selected to the $specified mailbox
  // In this case, the specified mailbox does not include the server. 
  imap_mail_move ($conn , "1" ,  "Test"); 
  imap_expunge($conn); 
  imap_close($conn);
  // If you executed this code with a real IMAP server, 
  // the message is now in the Test mailbox !
?>

Do not bother using "/debug" flag in $mailbox or OP_DEBUG in $options. They do not do anything.

When you set either one, the underlying IMAP c-client library will gather protocol debugging data and pass it back to PHP.
However, the debug handler defined by PHP is an empty function, it doesn't do anything.

So unless you're using a customized version of the IMAP extension that does something with that handler (mm_dlog), there is no point using "/debug" or OP_DEBUG.

If you get Kerberos errors like:
« Notice: Unknown: Kerberos error: Credentials cache file '/tmp/krb5cc_0123' not found (try running kinit) ».

Try to add as a $param:
<?php array('DISABLE_AUTHENTICATOR' => 'GSSAPI') ?>

eg.
<?php
$imap_stream = imap_open('{mail.domain.tld:993/imap/ssl}' , 'username' , 'password', null, 1, array('DISABLE_AUTHENTICATOR' => 'GSSAPI'));
?>

The error: Unknown: Mailbox is empty (errflg=1) in Unknown on line 0
appears when:

1)  use imap_open to connect 
2) then use imap_search ALL to retrieve emails

but there are no messages available. To avoid this error, check first the number of messages in a mailbox using imap_status. Only if there are messages available then you can use the imap_search.

Function to test most of the possible options of a connection:

function imapConfig($options, $i=0, $till = array()) {
        if(sizeof($options)==$i)
            return $till;
        
        if(sizeof($till)==0)
            $till[] = '';
        
        $opt = $options[$i];
        $new = array();
        foreach($till as $t) {
            foreach($opt as $o) {
                if(strlen($o)==0)
                    $new[] = $t;
                else
                    $new[] = $t.'/'.$o;
            }
        }
        return imapConfig($options, $i+1, $new);
    }

function imap_test($server, $port, $dir, $username, $passw) {
        $options = array();
        //$options[] = array('debug');
        $options[] = array('imap', 'imap2', 'imap2bis', 'imap4', 'imap4rev1', 'pop3'); //nntp
        $options[] = array('', 'norsh');
        $options[] = array('', 'ssl');
        $options[] = array('', 'validate-cert', 'novalidate-cert');
        $options[] = array('', 'tls', 'notls');
        
        $configOptions = imapConfig($options);
        foreach($configOptions as $c) {
            $mbox = @imap_open("{".$server.":".$port.$c."}".$dir, $username, $passw);
            echo "<b>{".$server.":".$port.$c."}".$dir."</b> ... ";
            if (false !== $mbox) {
                echo '<span style="color: green"> success</span>';
            }
            else {
                echo '<span style="color: red"> failed</span>';
            }
            echo '<br>';
        }
    }

imap_test('mail.server.de', 143, 'INBOX', 'username', 'pwd');

To authenticate using kerberos V / GSSAPI, you might need to add "user=" to the connection string.. eg:

$mbox = imap_open( "\{imap.example.com:143/imap/notls/user=" . $user . "}INBOX", $user, $passwd );

Our IMAP servers won't allow a user other than the user specified in the kerberos credentials connect using those credentials unless you specify that extra "user=" in the connection string.  Passing it as an argument to imap_open() doesn't seem to be enough.

imap_open will not open a stream if your server operates with Transport Layer Security (i.e. TLS) imap_open connects with SSL if its there. So try opening mailbox as 

$mailbox="{mail.domain.com:143/imap/notls}"; 
or
$mailbox="{mail.domain.com:110/pop3/notls}"; This works...

Some mail server requires you to provide [email protected] so you can always use. [email protected]

$conn=imap_open($mailbox, $username, $password);

Some server may ask for username as "[email protected]"

:)

For all imap functions where you specify the mailbox string it is important that you ALWAYS use IP (not hostname) and the portnumber. If you do not do this imap functions will be painfully slow.
Using hostname instead of IP adds 3 seconds to each IMAP call, not using portnumber adds 10 seconds to each imap call. (hint: use gethostbyname() )

In order to make a IMAP connection to a Microsoft Exchange Server 5.5, I used this connection-string :

<?php
if(imap_open ("{192.168.1.6:143/imap}Inbox", "DOMAIN/USERNAME/ALIAS", "PASSWORD"))
{
    echo 'Connection success!';
}
else
{
    echo 'Connection failed';
}
?>

By replacing "Inbox" with, e.g. "Tasks", its possible to see all your tasks. I Hope this helps anybody!

Regards

You can do

<? $foo = imap_errors(); ?>

to clear unwanted warning messages like 'Mailbox is empty'

a little tip for those who get really frustrated even after reading all the right solutions and implementing them but still get the same errors or none at all..:
after having changed the code.. restart the httpd deamon..

for Fedora or any other Red Hat Linux OS (/etc/init.d/httpd restart).

After this you will be able to make a imap/pop3 stream from apache..

I was receiving the following error while trying to add the /secure flag and verify that the /ssl flag was using TLS 1.2 instead of the very outdated SSL protocol:

PHP Request Shutdown: Can't do secure authentication with this server (errflg=2)

I ended up having to call my host to get help as there were literally only five pages in the search engines with the error. The mailbox configuration:

Before / incorrect / error:
<?php
$server_folder = '{mail.example.com:993/imap/ssl/secure}';
?>

After / correct / connected:
<?php
$server_folder = '{mail.example.com:993/ssl/imap/secure}';
?>

The /ssl and /imap flags were not in the correct order. Here is the thing, the flags listed above do NOT mention a strict chronological order of flags and are themselves no listed in the chronological order. So that right there is a bug report needed for the documentation though hopefully this comment will spare someone the aggravation for seemingly random errors. Good luck!

``There is one thing I learned over the years,
if someone says: "it's not possible", prove them wrong.`` ~ Stefano Kocka '99

test date: 2022-11-20
php version: PHP 8.0.10 (cli)
extension=imap
extension=openssl

imap: IMAP c-Client Version => 2007f
SSL Support => enabled

https://support.google.com/accounts/answer/185833?hl=en

<?php
$cnx = '{imap.gmail.com:993/imap/ssl/readonly}';
$mbox = imap_open($cnx, '[email protected]', 'MyAppPassword');
$folders = imap_listmailbox($mbox, $cnx, '*');
print_r($folders);
/*
Array
(
    [0] => {imap.gmail.com:993/imap/ssl/readonly}INBOX
    [1] => {imap.gmail.com:993/imap/ssl/readonly}LABEL1
    [2] => {imap.gmail.com:993/imap/ssl/readonly}LABEL2
    [3] => {imap.gmail.com:993/imap/ssl/readonly}Queue
    [4] => {imap.gmail.com:993/imap/ssl/readonly}[Gmail]/All
    [5] => {imap.gmail.com:993/imap/ssl/readonly}[Gmail]/Drafts
    [6] => {imap.gmail.com:993/imap/ssl/readonly}[Gmail]/Sent
    [7] => {imap.gmail.com:993/imap/ssl/readonly}[Gmail]/Spam
    [8] => {imap.gmail.com:993/imap/ssl/readonly}[Gmail]/Starred
    [9] => {imap.gmail.com:993/imap/ssl/readonly}[Gmail]/Trash
)
*/
?>
Kind regards