Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 364 lines (273 sloc) 10.856 kb
4e17e6c Thomas B. Initial revision
thomascube authored
1 <?php
2 /*
3 +-----------------------------------------------------------------------+
4 | RoundCube Webmail IMAP Client |
aade7b9 Thomas B. Finalized 0.1beta2 release
thomascube authored
5 | Version 0.1-beta2 |
4e17e6c Thomas B. Initial revision
thomascube authored
6 | |
aade7b9 Thomas B. Finalized 0.1beta2 release
thomascube authored
7 | Copyright (C) 2005-2006, RoundCube Dev. - Switzerland |
15fee7b Thomas B. Moved config files to config/*inc.php.dist
thomascube authored
8 | Licensed under the GNU GPL |
4e17e6c Thomas B. Initial revision
thomascube authored
9 | |
10 | Redistribution and use in source and binary forms, with or without |
11 | modification, are permitted provided that the following conditions |
12 | are met: |
13 | |
14 | o Redistributions of source code must retain the above copyright |
15 | notice, this list of conditions and the following disclaimer. |
16 | o Redistributions in binary form must reproduce the above copyright |
17 | notice, this list of conditions and the following disclaimer in the |
18 | documentation and/or other materials provided with the distribution.|
19 | o The names of the authors may not be used to endorse or promote |
20 | products derived from this software without specific prior written |
21 | permission. |
22 | |
23 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
24 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
25 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
26 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
27 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
28 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
29 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
30 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
31 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
32 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
33 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
34 | |
35 +-----------------------------------------------------------------------+
36 | Author: Thomas Bruederli <roundcube@gmail.com> |
37 +-----------------------------------------------------------------------+
38
39 $Id$
40
41 */
42
aade7b9 Thomas B. Finalized 0.1beta2 release
thomascube authored
43 define('RCMAIL_VERSION', '0.1-beta2');
15a9d1c Thomas B. Optimized loading time; added periodic mail check; added EXPUNGE command
thomascube authored
44
4e17e6c Thomas B. Initial revision
thomascube authored
45 // define global vars
8c2e58b Thomas B. Minor improvements and bugfixes (see changelog)
thomascube authored
46 $CHARSET = 'UTF-8';
4e17e6c Thomas B. Initial revision
thomascube authored
47 $OUTPUT_TYPE = 'html';
48 $JS_OBJECT_NAME = 'rcmail';
321302e Thomas B. Fixed INSTALL_PATH bug #1425663
thomascube authored
49 $INSTALL_PATH = dirname(__FILE__);
8c2e58b Thomas B. Minor improvements and bugfixes (see changelog)
thomascube authored
50 $MAIN_TASKS = array('mail','settings','addressbook','logout');
4e17e6c Thomas B. Initial revision
thomascube authored
51
7cc38e0 Thomas B. Added Finnish, Romanian and Chinese translation
thomascube authored
52 if (empty($INSTALL_PATH))
53 $INSTALL_PATH = './';
54 else
55 $INSTALL_PATH .= '/';
bac7d17 Thomas B. Fixed bugs #1364122, #1468895, ticket #1483811 and other minor bugs
thomascube authored
56
57
58 // make sure path_separator is defined
59 if (!defined('PATH_SEPARATOR'))
60 define('PATH_SEPARATOR', (eregi('win', PHP_OS) ? ';' : ':'));
61
62
d7cb774 more pear/mdb2 integration
svncommit authored
63 // RC include folders MUST be included FIRST to avoid other
64 // possible not compatible libraries (i.e PEAR) to be included
65 // instead the ones provided by RC
7cc38e0 Thomas B. Added Finnish, Romanian and Chinese translation
thomascube authored
66 ini_set('include_path', $INSTALL_PATH.PATH_SEPARATOR.$INSTALL_PATH.'program'.PATH_SEPARATOR.$INSTALL_PATH.'program/lib'.PATH_SEPARATOR.ini_get('include_path'));
d7cb774 more pear/mdb2 integration
svncommit authored
67
4e17e6c Thomas B. Initial revision
thomascube authored
68 ini_set('session.name', 'sessid');
69 ini_set('session.use_cookies', 1);
977a295 Thomas B. Usage of virtusertable; mail_domain for new users; Chinese and Turkish l...
thomascube authored
70 ini_set('session.gc_maxlifetime', 21600);
71 ini_set('session.gc_divisor', 500);
72 ini_set('error_reporting', E_ALL&~E_NOTICE);
4e17e6c Thomas B. Initial revision
thomascube authored
73
74 // increase maximum execution time for php scripts
00fd332 warning clearance
svncommit authored
75 // (does not work in safe mode)
1cded85 Thomas B. Re-design of caching (new database table added\!); some bugfixes; Postgr...
thomascube authored
76 @set_time_limit(120);
4e17e6c Thomas B. Initial revision
thomascube authored
77
78 // include base files
79 require_once('include/rcube_shared.inc');
80 require_once('include/rcube_imap.inc');
81 require_once('include/bugs.inc');
82 require_once('include/main.inc');
83 require_once('include/cache.inc');
7902df4 Thomas B. Fixed SSL support; improved Courier compatibility; some visual enhanceme...
thomascube authored
84 require_once('PEAR.php');
85
86
87 // set PEAR error handling
88 // PEAR::setErrorHandling(PEAR_ERROR_TRIGGER, E_USER_NOTICE);
4e17e6c Thomas B. Initial revision
thomascube authored
89
c1ba958 Thomas B. Added gzip compression support
thomascube authored
90 // use gzip compression if supported
8f4834d Thomas B. Check for zlib.output_compression before using ob_gzhandler
thomascube authored
91 if (function_exists('ob_gzhandler') && !ini_get('zlib.output_compression'))
c1ba958 Thomas B. Added gzip compression support
thomascube authored
92 ob_start('ob_gzhandler');
8a256ef Thomas B. Always use output buffering
thomascube authored
93 else
94 ob_start();
c1ba958 Thomas B. Added gzip compression support
thomascube authored
95
4e17e6c Thomas B. Initial revision
thomascube authored
96
97 // catch some url/post parameters
03f8558 Thomas B. Strip tags on _auth, _action, _task parameters
thomascube authored
98 $_task = get_input_value('_task', RCUBE_INPUT_GPC);
99 $_action = get_input_value('_action', RCUBE_INPUT_GPC);
597170f Thomas B. Added new languages, hierarchical folder tree and attachments in forward...
thomascube authored
100 $_framed = (!empty($_GET['_framed']) || !empty($_POST['_framed']));
4e17e6c Thomas B. Initial revision
thomascube authored
101
03f8558 Thomas B. Strip tags on _auth, _action, _task parameters
thomascube authored
102 if (empty($_task))
103 $_task = 'mail';
104
42b1135 Thomas B. Several bugfixes and feature improvements
thomascube authored
105 if (!empty($_GET['_remote']))
106 $REMOTE_REQUEST = TRUE;
107
4e17e6c Thomas B. Initial revision
thomascube authored
108 // start session with requested task
109 rcmail_startup($_task);
110
111 // set session related variables
bac7d17 Thomas B. Fixed bugs #1364122, #1468895, ticket #1483811 and other minor bugs
thomascube authored
112 $COMM_PATH = sprintf('./?_task=%s', $_task);
113 $SESS_HIDDEN_FIELD = '';
4e17e6c Thomas B. Initial revision
thomascube authored
114
115
116 // add framed parameter
597170f Thomas B. Added new languages, hierarchical folder tree and attachments in forward...
thomascube authored
117 if ($_framed)
4e17e6c Thomas B. Initial revision
thomascube authored
118 {
10c92be Thomas B. New indentation for quoted message text; HTML validity
thomascube authored
119 $COMM_PATH .= '&amp;_framed=1';
ccfda89 Thomas B. Fixed session expiration issue with SQLite
thomascube authored
120 $SESS_HIDDEN_FIELD .= "\n".'<input type="hidden" name="_framed" value="1" />';
4e17e6c Thomas B. Initial revision
thomascube authored
121 }
122
123
124 // init necessary objects for GUI
125 load_gui();
126
8affba5 Thomas B. Improved error handling in DB connection failure
thomascube authored
127
128 // check DB connections and exit on failure
129 if ($err_str = $DB->is_error())
130 {
131 raise_error(array('code' => 500, 'type' => 'db', 'line' => __LINE__, 'file' => __FILE__,
132 'message' => $err_str), FALSE, TRUE);
133 }
134
135
4e17e6c Thomas B. Initial revision
thomascube authored
136 // error steps
597170f Thomas B. Added new languages, hierarchical folder tree and attachments in forward...
thomascube authored
137 if ($_action=='error' && !empty($_GET['_code']))
4e17e6c Thomas B. Initial revision
thomascube authored
138 {
139 raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE);
140 }
141
142
143 // try to log in
144 if ($_action=='login' && $_task=='mail')
145 {
146 $host = $_POST['_host'] ? $_POST['_host'] : $CONFIG['default_host'];
147
148 // check if client supports cookies
597170f Thomas B. Added new languages, hierarchical folder tree and attachments in forward...
thomascube authored
149 if (empty($_COOKIE))
4e17e6c Thomas B. Initial revision
thomascube authored
150 {
151 show_message("cookiesdisabled", 'warning');
152 }
ea7c46b Thomas B. Improved reading of POST and GET values
thomascube authored
153 else if (isset($_POST['_user']) && isset($_POST['_pass']) &&
bac7d17 Thomas B. Fixed bugs #1364122, #1468895, ticket #1483811 and other minor bugs
thomascube authored
154 rcmail_login(get_input_value('_user', RCUBE_INPUT_POST), $_POST['_pass'], $host))
4e17e6c Thomas B. Initial revision
thomascube authored
155 {
156 // send redirect
157 header("Location: $COMM_PATH");
158 exit;
159 }
160 else
161 {
162 show_message("loginfailed", 'warning');
163 $_SESSION['user_id'] = '';
164 }
165 }
166
167 // end session
00fd332 warning clearance
svncommit authored
168 else if ($_action=='logout' && isset($_SESSION['user_id']))
4e17e6c Thomas B. Initial revision
thomascube authored
169 {
170 show_message('loggedout');
171 rcmail_kill_session();
172 }
173
bac7d17 Thomas B. Fixed bugs #1364122, #1468895, ticket #1483811 and other minor bugs
thomascube authored
174 // check session and auth cookie
175 else if ($_action!='login' && $_SESSION['user_id'])
4e17e6c Thomas B. Initial revision
thomascube authored
176 {
bac7d17 Thomas B. Fixed bugs #1364122, #1468895, ticket #1483811 and other minor bugs
thomascube authored
177 if (!rcmail_authenticate_session() ||
ccfda89 Thomas B. Fixed session expiration issue with SQLite
thomascube authored
178 ($CONFIG['session_lifetime'] && isset($SESS_CHANGED) && $SESS_CHANGED + $CONFIG['session_lifetime']*60 < mktime()))
4e17e6c Thomas B. Initial revision
thomascube authored
179 {
42b1135 Thomas B. Several bugfixes and feature improvements
thomascube authored
180 $message = show_message('sessionerror', 'error');
4e17e6c Thomas B. Initial revision
thomascube authored
181 rcmail_kill_session();
182 }
183 }
184
185
186 // log in to imap server
597170f Thomas B. Added new languages, hierarchical folder tree and attachments in forward...
thomascube authored
187 if (!empty($_SESSION['user_id']) && $_task=='mail')
4e17e6c Thomas B. Initial revision
thomascube authored
188 {
7902df4 Thomas B. Fixed SSL support; improved Courier compatibility; some visual enhanceme...
thomascube authored
189 $conn = $IMAP->connect($_SESSION['imap_host'], $_SESSION['username'], decrypt_passwd($_SESSION['password']), $_SESSION['imap_port'], $_SESSION['imap_ssl']);
4e17e6c Thomas B. Initial revision
thomascube authored
190 if (!$conn)
191 {
192 show_message('imaperror', 'error');
193 $_SESSION['user_id'] = '';
194 }
7902df4 Thomas B. Fixed SSL support; improved Courier compatibility; some visual enhanceme...
thomascube authored
195 else
196 rcmail_set_imap_prop();
4e17e6c Thomas B. Initial revision
thomascube authored
197 }
198
199
200 // not logged in -> set task to 'login
597170f Thomas B. Added new languages, hierarchical folder tree and attachments in forward...
thomascube authored
201 if (empty($_SESSION['user_id']))
42b1135 Thomas B. Several bugfixes and feature improvements
thomascube authored
202 {
203 if ($REMOTE_REQUEST)
204 {
205 $message .= "setTimeout(\"location.href='\"+this.env.comm_path+\"'\", 2000);";
206 rcube_remote_response($message);
207 }
208
4e17e6c Thomas B. Initial revision
thomascube authored
209 $_task = 'login';
42b1135 Thomas B. Several bugfixes and feature improvements
thomascube authored
210 }
4e17e6c Thomas B. Initial revision
thomascube authored
211
212
213
597170f Thomas B. Added new languages, hierarchical folder tree and attachments in forward...
thomascube authored
214 // set task and action to client
4e17e6c Thomas B. Initial revision
thomascube authored
215 $script = sprintf("%s.set_env('task', '%s');", $JS_OBJECT_NAME, $_task);
216 if (!empty($_action))
217 $script .= sprintf("\n%s.set_env('action', '%s');", $JS_OBJECT_NAME, $_action);
218
219 $OUTPUT->add_script($script);
220
221
222
223 // not logged in -> show login page
224 if (!$_SESSION['user_id'])
225 {
226 parse_template('login');
227 exit;
228 }
229
230
1cded85 Thomas B. Re-design of caching (new database table added\!); some bugfixes; Postgr...
thomascube authored
231 // handle keep-alive signal
232 if ($_action=='keep-alive')
233 {
234 rcube_remote_response('');
235 exit;
236 }
237
4e17e6c Thomas B. Initial revision
thomascube authored
238
239 // include task specific files
240 if ($_task=='mail')
241 {
242 include_once('program/steps/mail/func.inc');
88375ff Thomas B. Added RSS output (experimental)
thomascube authored
243
4e17e6c Thomas B. Initial revision
thomascube authored
244 if ($_action=='show' || $_action=='print')
245 include('program/steps/mail/show.inc');
246
247 if ($_action=='get')
248 include('program/steps/mail/get.inc');
249
250 if ($_action=='moveto' || $_action=='delete')
251 include('program/steps/mail/move_del.inc');
252
253 if ($_action=='mark')
254 include('program/steps/mail/mark.inc');
255
256 if ($_action=='viewsource')
257 include('program/steps/mail/viewsource.inc');
258
259 if ($_action=='send')
260 include('program/steps/mail/sendmail.inc');
261
262 if ($_action=='upload')
263 include('program/steps/mail/upload.inc');
264
a894ba5 Removeable attachments, Auto-default folder creation, bug fixes
svncommit authored
265 if ($_action=='compose' || $_action=='remove-attachment')
4e17e6c Thomas B. Initial revision
thomascube authored
266 include('program/steps/mail/compose.inc');
267
268 if ($_action=='addcontact')
269 include('program/steps/mail/addcontact.inc');
15a9d1c Thomas B. Optimized loading time; added periodic mail check; added EXPUNGE command
thomascube authored
270
5e35126 Thomas B. Added folder purge function and some checks
thomascube authored
271 if ($_action=='expunge' || $_action=='purge')
15a9d1c Thomas B. Optimized loading time; added periodic mail check; added EXPUNGE command
thomascube authored
272 include('program/steps/mail/folders.inc');
273
274 if ($_action=='check-recent')
275 include('program/steps/mail/check_recent.inc');
276
277 if ($_action=='getunread')
278 include('program/steps/mail/getunread.inc');
4e17e6c Thomas B. Initial revision
thomascube authored
279
4647e1b Thomas B. Started implementing search function
thomascube authored
280 if ($_action=='list' && isset($_GET['_remote']))
4e17e6c Thomas B. Initial revision
thomascube authored
281 include('program/steps/mail/list.inc');
282
4647e1b Thomas B. Started implementing search function
thomascube authored
283 if ($_action=='search')
dd53e2b Thomas B. Started integrating GoogieSpell
thomascube authored
284 include('program/steps/mail/search.inc');
285
286 if ($_action=='spell')
287 include('program/steps/mail/spell.inc');
4647e1b Thomas B. Started implementing search function
thomascube authored
288
88375ff Thomas B. Added RSS output (experimental)
thomascube authored
289 if ($_action=='rss')
290 include('program/steps/mail/rss.inc');
291
aade7b9 Thomas B. Finalized 0.1beta2 release
thomascube authored
292
01c86f2 Thomas B. Minor bugfixes
thomascube authored
293 // make sure the message count is refreshed
294 $IMAP->messagecount($_SESSION['mbox'], 'ALL', TRUE);
4e17e6c Thomas B. Initial revision
thomascube authored
295 }
296
297
298 // include task specific files
299 if ($_task=='addressbook')
300 {
301 include_once('program/steps/addressbook/func.inc');
302
303 if ($_action=='save')
304 include('program/steps/addressbook/save.inc');
305
306 if ($_action=='edit' || $_action=='add')
307 include('program/steps/addressbook/edit.inc');
308
309 if ($_action=='delete')
310 include('program/steps/addressbook/delete.inc');
311
312 if ($_action=='show')
313 include('program/steps/addressbook/show.inc');
314
315 if ($_action=='list' && $_GET['_remote'])
316 include('program/steps/addressbook/list.inc');
d1d2c4f adding files and modifications for public ldap search
svncommit authored
317
318 if ($_action=='ldappublicsearch')
319 include('program/steps/addressbook/ldapsearchform.inc');
4e17e6c Thomas B. Initial revision
thomascube authored
320 }
321
322
323 // include task specific files
324 if ($_task=='settings')
325 {
326 include_once('program/steps/settings/func.inc');
327
328 if ($_action=='save-identity')
329 include('program/steps/settings/save_identity.inc');
330
331 if ($_action=='add-identity' || $_action=='edit-identity')
332 include('program/steps/settings/edit_identity.inc');
333
334 if ($_action=='delete-identity')
335 include('program/steps/settings/delete_identity.inc');
336
337 if ($_action=='identities')
338 include('program/steps/settings/identities.inc');
339
340 if ($_action=='save-prefs')
341 include('program/steps/settings/save_prefs.inc');
342
aade7b9 Thomas B. Finalized 0.1beta2 release
thomascube authored
343 if ($_action=='folders' || $_action=='subscribe' || $_action=='unsubscribe' ||
344 $_action=='create-folder' || $_action=='rename-folder' || $_action=='delete-folder')
4e17e6c Thomas B. Initial revision
thomascube authored
345 include('program/steps/settings/manage_folders.inc');
346
347 }
348
349
350 // parse main template
8c2e58b Thomas B. Minor improvements and bugfixes (see changelog)
thomascube authored
351 // only allow these templates to be included
352 if (in_array($_task, $MAIN_TASKS))
539cd47 Thomas B. Fix for URL injection vulnerability (Bug #1307966)
thomascube authored
353 parse_template($_task);
354
4e17e6c Thomas B. Initial revision
thomascube authored
355
539cd47 Thomas B. Fix for URL injection vulnerability (Bug #1307966)
thomascube authored
356 // if we arrive here, something went wrong
357 raise_error(array('code' => 404,
358 'type' => 'php',
359 'line' => __LINE__,
360 'file' => __FILE__,
361 'message' => "Invalid request"), TRUE, TRUE);
362
d1d2c4f adding files and modifications for public ldap search
svncommit authored
363 ?>
Something went wrong with that request. Please try again.