Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 328 lines (248 sloc) 10.18 kB
4e17e6c @thomascube Initial revision
thomascube authored
1 <?php
2
3 /*
4 +-----------------------------------------------------------------------+
5 | RoundCube Webmail IMAP Client |
15a9d1c @thomascube Optimized loading time; added periodic mail check; added EXPUNGE command
thomascube authored
6 | Version 0.1-20060104 |
4e17e6c @thomascube Initial revision
thomascube authored
7 | |
8 | Copyright (C) 2005, RoundCube Dev. - Switzerland |
15fee7b @thomascube Moved config files to config/*inc.php.dist
thomascube authored
9 | Licensed under the GNU GPL |
4e17e6c @thomascube Initial revision
thomascube authored
10 | |
11 | Redistribution and use in source and binary forms, with or without |
12 | modification, are permitted provided that the following conditions |
13 | are met: |
14 | |
15 | o Redistributions of source code must retain the above copyright |
16 | notice, this list of conditions and the following disclaimer. |
17 | o Redistributions in binary form must reproduce the above copyright |
18 | notice, this list of conditions and the following disclaimer in the |
19 | documentation and/or other materials provided with the distribution.|
20 | o The names of the authors may not be used to endorse or promote |
21 | products derived from this software without specific prior written |
22 | permission. |
23 | |
24 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
25 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
26 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
27 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
28 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
29 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
30 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
31 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
32 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
33 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
34 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | |
36 +-----------------------------------------------------------------------+
37 | Author: Thomas Bruederli <roundcube@gmail.com> |
38 +-----------------------------------------------------------------------+
39
40 $Id$
41
42 */
43
15a9d1c @thomascube Optimized loading time; added periodic mail check; added EXPUNGE command
thomascube authored
44 define('RCMAIL_VERSION', '0.1-20060104');
45
46
4e17e6c @thomascube Initial revision
thomascube authored
47 // define global vars
7cc38e0 @thomascube Added Finnish, Romanian and Chinese translation
thomascube authored
48 $INSTALL_PATH = dirname($_SERVER['SCRIPT_FILENAME']);
4e17e6c @thomascube Initial revision
thomascube authored
49 $OUTPUT_TYPE = 'html';
50 $JS_OBJECT_NAME = 'rcmail';
51
7cc38e0 @thomascube Added Finnish, Romanian and Chinese translation
thomascube authored
52 if (empty($INSTALL_PATH))
53 $INSTALL_PATH = './';
54 else
55 $INSTALL_PATH .= '/';
5abfcc7 better setting for include_path
svncommit authored
56
d7cb774 more pear/mdb2 integration
svncommit authored
57 // RC include folders MUST be included FIRST to avoid other
58 // possible not compatible libraries (i.e PEAR) to be included
59 // instead the ones provided by RC
7cc38e0 @thomascube Added Finnish, Romanian and Chinese translation
thomascube authored
60 ini_set('include_path', $INSTALL_PATH.PATH_SEPARATOR.$INSTALL_PATH.'program'.PATH_SEPARATOR.$INSTALL_PATH.'program/lib'.PATH_SEPARATOR.ini_get('include_path'));
d7cb774 more pear/mdb2 integration
svncommit authored
61
4e17e6c @thomascube Initial revision
thomascube authored
62 ini_set('session.name', 'sessid');
63 ini_set('session.use_cookies', 1);
977a295 @thomascube Usage of virtusertable; mail_domain for new users; Chinese and Turkis…
thomascube authored
64 ini_set('session.gc_maxlifetime', 21600);
65 ini_set('session.gc_divisor', 500);
66 ini_set('error_reporting', E_ALL&~E_NOTICE);
4e17e6c @thomascube Initial revision
thomascube authored
67
68 // increase maximum execution time for php scripts
00fd332 warning clearance
svncommit authored
69 // (does not work in safe mode)
1cded85 @thomascube Re-design of caching (new database table added\!); some bugfixes; Pos…
thomascube authored
70 @set_time_limit(120);
4e17e6c @thomascube Initial revision
thomascube authored
71
72 // include base files
73 require_once('include/rcube_shared.inc');
74 require_once('include/rcube_imap.inc');
75 require_once('include/bugs.inc');
76 require_once('include/main.inc');
77 require_once('include/cache.inc');
7902df4 @thomascube Fixed SSL support; improved Courier compatibility; some visual enhanc…
thomascube authored
78 require_once('PEAR.php');
79
80
81 // set PEAR error handling
82 // PEAR::setErrorHandling(PEAR_ERROR_TRIGGER, E_USER_NOTICE);
4e17e6c @thomascube Initial revision
thomascube authored
83
84
85 // catch some url/post parameters
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored
86 $_auth = !empty($_POST['_auth']) ? $_POST['_auth'] : $_GET['_auth'];
87 $_task = !empty($_POST['_task']) ? $_POST['_task'] : (!empty($_GET['_task']) ? $_GET['_task'] : 'mail');
88 $_action = !empty($_POST['_action']) ? $_POST['_action'] : (!empty($_GET['_action']) ? $_GET['_action'] : '');
89 $_framed = (!empty($_GET['_framed']) || !empty($_POST['_framed']));
4e17e6c @thomascube Initial revision
thomascube authored
90
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored
91 if (!empty($_GET['_remote']))
92 $REMOTE_REQUEST = TRUE;
93
4e17e6c @thomascube Initial revision
thomascube authored
94 // start session with requested task
95 rcmail_startup($_task);
96
97 // set session related variables
98 $COMM_PATH = sprintf('./?_auth=%s&_task=%s', $sess_auth, $_task);
99 $SESS_HIDDEN_FIELD = sprintf('<input type="hidden" name="_auth" value="%s" />', $sess_auth);
100
101
102 // add framed parameter
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored
103 if ($_framed)
4e17e6c @thomascube Initial revision
thomascube authored
104 {
105 $COMM_PATH .= '&_framed=1';
ccfda89 @thomascube Fixed session expiration issue with SQLite
thomascube authored
106 $SESS_HIDDEN_FIELD .= "\n".'<input type="hidden" name="_framed" value="1" />';
4e17e6c @thomascube Initial revision
thomascube authored
107 }
108
109
110 // init necessary objects for GUI
111 load_gui();
112
113 // error steps
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored
114 if ($_action=='error' && !empty($_GET['_code']))
4e17e6c @thomascube Initial revision
thomascube authored
115 {
116 raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE);
117 }
118
119
120 // try to log in
121 if ($_action=='login' && $_task=='mail')
122 {
123 $host = $_POST['_host'] ? $_POST['_host'] : $CONFIG['default_host'];
124
125 // check if client supports cookies
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored
126 if (empty($_COOKIE))
4e17e6c @thomascube Initial revision
thomascube authored
127 {
128 show_message("cookiesdisabled", 'warning');
129 }
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored
130 else if (isset($_POST['_user']) && isset($_POST['_pass']) && rcmail_login($_POST['_user'], $_POST['_pass'], $host))
4e17e6c @thomascube Initial revision
thomascube authored
131 {
132 // send redirect
133 header("Location: $COMM_PATH");
134 exit;
135 }
136 else
137 {
138 show_message("loginfailed", 'warning');
139 $_SESSION['user_id'] = '';
140 }
141 }
142
143 // end session
00fd332 warning clearance
svncommit authored
144 else if ($_action=='logout' && isset($_SESSION['user_id']))
4e17e6c @thomascube Initial revision
thomascube authored
145 {
146 show_message('loggedout');
147 rcmail_kill_session();
148 }
149
150 // check session cookie and auth string
7cc38e0 @thomascube Added Finnish, Romanian and Chinese translation
thomascube authored
151 else if ($_action!='login' && $sess_auth && $_SESSION['user_id'])
4e17e6c @thomascube Initial revision
thomascube authored
152 {
7902df4 @thomascube Fixed SSL support; improved Courier compatibility; some visual enhanc…
thomascube authored
153 if ($_auth !== $sess_auth || $_auth != rcmail_auth_hash($_SESSION['client_id'], $_SESSION['auth_time']) ||
ccfda89 @thomascube Fixed session expiration issue with SQLite
thomascube authored
154 ($CONFIG['session_lifetime'] && isset($SESS_CHANGED) && $SESS_CHANGED + $CONFIG['session_lifetime']*60 < mktime()))
4e17e6c @thomascube Initial revision
thomascube authored
155 {
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored
156 $message = show_message('sessionerror', 'error');
4e17e6c @thomascube Initial revision
thomascube authored
157 rcmail_kill_session();
158 }
159 }
160
161
162 // log in to imap server
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored
163 if (!empty($_SESSION['user_id']) && $_task=='mail')
4e17e6c @thomascube Initial revision
thomascube authored
164 {
7902df4 @thomascube Fixed SSL support; improved Courier compatibility; some visual enhanc…
thomascube authored
165 $conn = $IMAP->connect($_SESSION['imap_host'], $_SESSION['username'], decrypt_passwd($_SESSION['password']), $_SESSION['imap_port'], $_SESSION['imap_ssl']);
4e17e6c @thomascube Initial revision
thomascube authored
166 if (!$conn)
167 {
168 show_message('imaperror', 'error');
169 $_SESSION['user_id'] = '';
170 }
7902df4 @thomascube Fixed SSL support; improved Courier compatibility; some visual enhanc…
thomascube authored
171 else
172 rcmail_set_imap_prop();
4e17e6c @thomascube Initial revision
thomascube authored
173 }
174
175
176 // not logged in -> set task to 'login
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored
177 if (empty($_SESSION['user_id']))
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored
178 {
179 if ($REMOTE_REQUEST)
180 {
181 $message .= "setTimeout(\"location.href='\"+this.env.comm_path+\"'\", 2000);";
182 rcube_remote_response($message);
183 }
184
4e17e6c @thomascube Initial revision
thomascube authored
185 $_task = 'login';
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored
186 }
4e17e6c @thomascube Initial revision
thomascube authored
187
188
189
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored
190 // set task and action to client
4e17e6c @thomascube Initial revision
thomascube authored
191 $script = sprintf("%s.set_env('task', '%s');", $JS_OBJECT_NAME, $_task);
192 if (!empty($_action))
193 $script .= sprintf("\n%s.set_env('action', '%s');", $JS_OBJECT_NAME, $_action);
194
195 $OUTPUT->add_script($script);
196
197
198
199 // not logged in -> show login page
200 if (!$_SESSION['user_id'])
201 {
202 parse_template('login');
203 exit;
204 }
205
206
1cded85 @thomascube Re-design of caching (new database table added\!); some bugfixes; Pos…
thomascube authored
207 // handle keep-alive signal
208 if ($_action=='keep-alive')
209 {
210 rcube_remote_response('');
211 exit;
212 }
213
4e17e6c @thomascube Initial revision
thomascube authored
214
215 // include task specific files
216 if ($_task=='mail')
217 {
218 include_once('program/steps/mail/func.inc');
219
220 if ($_action=='show' || $_action=='print')
221 include('program/steps/mail/show.inc');
222
223 if ($_action=='get')
224 include('program/steps/mail/get.inc');
225
226 if ($_action=='moveto' || $_action=='delete')
227 include('program/steps/mail/move_del.inc');
228
229 if ($_action=='mark')
230 include('program/steps/mail/mark.inc');
231
232 if ($_action=='viewsource')
233 include('program/steps/mail/viewsource.inc');
234
235 if ($_action=='send')
236 include('program/steps/mail/sendmail.inc');
237
238 if ($_action=='upload')
239 include('program/steps/mail/upload.inc');
240
241 if ($_action=='compose')
242 include('program/steps/mail/compose.inc');
243
244 if ($_action=='addcontact')
245 include('program/steps/mail/addcontact.inc');
15a9d1c @thomascube Optimized loading time; added periodic mail check; added EXPUNGE command
thomascube authored
246
247 if ($_action=='expunge')
248 include('program/steps/mail/folders.inc');
249
250 if ($_action=='check-recent')
251 include('program/steps/mail/check_recent.inc');
252
253 if ($_action=='getunread')
254 include('program/steps/mail/getunread.inc');
4e17e6c @thomascube Initial revision
thomascube authored
255
256 if ($_action=='list' && $_GET['_remote'])
257 include('program/steps/mail/list.inc');
258
259 // kill compose entry from session
260 if (isset($_SESSION['compose']))
261 rcmail_compose_cleanup();
262 }
263
264
265 // include task specific files
266 if ($_task=='addressbook')
267 {
268 include_once('program/steps/addressbook/func.inc');
269
270 if ($_action=='save')
271 include('program/steps/addressbook/save.inc');
272
273 if ($_action=='edit' || $_action=='add')
274 include('program/steps/addressbook/edit.inc');
275
276 if ($_action=='delete')
277 include('program/steps/addressbook/delete.inc');
278
279 if ($_action=='show')
280 include('program/steps/addressbook/show.inc');
281
282 if ($_action=='list' && $_GET['_remote'])
283 include('program/steps/addressbook/list.inc');
284 }
285
286
287 // include task specific files
288 if ($_task=='settings')
289 {
290 include_once('program/steps/settings/func.inc');
291
292 if ($_action=='save-identity')
293 include('program/steps/settings/save_identity.inc');
294
295 if ($_action=='add-identity' || $_action=='edit-identity')
296 include('program/steps/settings/edit_identity.inc');
297
298 if ($_action=='delete-identity')
299 include('program/steps/settings/delete_identity.inc');
300
301 if ($_action=='identities')
302 include('program/steps/settings/identities.inc');
303
304 if ($_action=='save-prefs')
305 include('program/steps/settings/save_prefs.inc');
306
307 if ($_action=='folders' || $_action=='subscribe' || $_action=='unsubscribe' || $_action=='create-folder' || $_action=='delete-folder')
308 include('program/steps/settings/manage_folders.inc');
309
310 }
311
312
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored
313 // only allow these templates to be included
314 $valid_tasks = array('mail','settings','addressbook');
315
4e17e6c @thomascube Initial revision
thomascube authored
316 // parse main template
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored
317 if (in_array($_task, $valid_tasks))
318 parse_template($_task);
319
4e17e6c @thomascube Initial revision
thomascube authored
320
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored
321 // if we arrive here, something went wrong
322 raise_error(array('code' => 404,
323 'type' => 'php',
324 'line' => __LINE__,
325 'file' => __FILE__,
326 'message' => "Invalid request"), TRUE, TRUE);
327
4e17e6c @thomascube Initial revision
thomascube authored
328 ?>
Something went wrong with that request. Please try again.