Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 373 lines (279 sloc) 11.037 kb
4e17e6c @thomascube Initial revision
thomascube authored
1 <?php
2 /*
3 +-----------------------------------------------------------------------+
4 | RoundCube Webmail IMAP Client |
2f2f15b @thomascube Little improvements for message parsing and encoding
thomascube authored
5 | Version 0.1-20060904 |
4e17e6c @thomascube Initial revision
thomascube authored
6 | |
aade7b9 @thomascube Finalized 0.1beta2 release
thomascube authored
7 | Copyright (C) 2005-2006, RoundCube Dev. - Switzerland |
15fee7b @thomascube Moved config files to config/*inc.php.dist
thomascube authored
8 | Licensed under the GNU GPL |
4e17e6c @thomascube Initial revision
thomascube authored
9 | |
10 | Redistribution and use in source and binary forms, with or without |
11 | modification, are permitted provided that the following conditions |
12 | are met: |
13 | |
14 | o Redistributions of source code must retain the above copyright |
15 | notice, this list of conditions and the following disclaimer. |
16 | o Redistributions in binary form must reproduce the above copyright |
17 | notice, this list of conditions and the following disclaimer in the |
18 | documentation and/or other materials provided with the distribution.|
19 | o The names of the authors may not be used to endorse or promote |
20 | products derived from this software without specific prior written |
21 | permission. |
22 | |
23 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
24 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
25 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
26 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
27 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
28 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
29 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
30 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
31 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
32 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
33 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
34 | |
35 +-----------------------------------------------------------------------+
36 | Author: Thomas Bruederli <roundcube@gmail.com> |
37 +-----------------------------------------------------------------------+
38
39 $Id$
40
41 */
42
2f2f15b @thomascube Little improvements for message parsing and encoding
thomascube authored
43 define('RCMAIL_VERSION', '0.1-20060904');
15a9d1c @thomascube Optimized loading time; added periodic mail check; added EXPUNGE command
thomascube authored
44
4e17e6c @thomascube Initial revision
thomascube authored
45 // define global vars
8c2e58b @thomascube Minor improvements and bugfixes (see changelog)
thomascube authored
46 $CHARSET = 'UTF-8';
4e17e6c @thomascube Initial revision
thomascube authored
47 $OUTPUT_TYPE = 'html';
48 $JS_OBJECT_NAME = 'rcmail';
321302e @thomascube Fixed INSTALL_PATH bug #1425663
thomascube authored
49 $INSTALL_PATH = dirname(__FILE__);
8c2e58b @thomascube Minor improvements and bugfixes (see changelog)
thomascube authored
50 $MAIN_TASKS = array('mail','settings','addressbook','logout');
4e17e6c @thomascube Initial revision
thomascube authored
51
7cc38e0 @thomascube Added Finnish, Romanian and Chinese translation
thomascube authored
52 if (empty($INSTALL_PATH))
53 $INSTALL_PATH = './';
54 else
55 $INSTALL_PATH .= '/';
bac7d17 @thomascube Fixed bugs #1364122, #1468895, ticket #1483811 and other minor bugs
thomascube authored
56
57
58 // make sure path_separator is defined
59 if (!defined('PATH_SEPARATOR'))
60 define('PATH_SEPARATOR', (eregi('win', PHP_OS) ? ';' : ':'));
61
62
d7cb774 more pear/mdb2 integration
svncommit authored
63 // RC include folders MUST be included FIRST to avoid other
64 // possible not compatible libraries (i.e PEAR) to be included
65 // instead the ones provided by RC
7cc38e0 @thomascube Added Finnish, Romanian and Chinese translation
thomascube authored
66 ini_set('include_path', $INSTALL_PATH.PATH_SEPARATOR.$INSTALL_PATH.'program'.PATH_SEPARATOR.$INSTALL_PATH.'program/lib'.PATH_SEPARATOR.ini_get('include_path'));
d7cb774 more pear/mdb2 integration
svncommit authored
67
4e17e6c @thomascube Initial revision
thomascube authored
68 ini_set('session.name', 'sessid');
69 ini_set('session.use_cookies', 1);
977a295 @thomascube Usage of virtusertable; mail_domain for new users; Chinese and Turkish l...
thomascube authored
70 ini_set('session.gc_maxlifetime', 21600);
71 ini_set('session.gc_divisor', 500);
72 ini_set('error_reporting', E_ALL&~E_NOTICE);
4e17e6c @thomascube Initial revision
thomascube authored
73
74 // increase maximum execution time for php scripts
00fd332 warning clearance
svncommit authored
75 // (does not work in safe mode)
1cded85 @thomascube Re-design of caching (new database table added\!); some bugfixes; Postgr...
thomascube authored
76 @set_time_limit(120);
4e17e6c @thomascube Initial revision
thomascube authored
77
78 // include base files
79 require_once('include/rcube_shared.inc');
80 require_once('include/rcube_imap.inc');
81 require_once('include/bugs.inc');
82 require_once('include/main.inc');
83 require_once('include/cache.inc');
7902df4 @thomascube Fixed SSL support; improved Courier compatibility; some visual enhanceme...
thomascube authored
84 require_once('PEAR.php');
85
86
87 // set PEAR error handling
88 // PEAR::setErrorHandling(PEAR_ERROR_TRIGGER, E_USER_NOTICE);
4e17e6c @thomascube Initial revision
thomascube authored
89
90
91 // catch some url/post parameters
03f8558 @thomascube Strip tags on _auth, _action, _task parameters
thomascube authored
92 $_task = get_input_value('_task', RCUBE_INPUT_GPC);
93 $_action = get_input_value('_action', RCUBE_INPUT_GPC);
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forward...
thomascube authored
94 $_framed = (!empty($_GET['_framed']) || !empty($_POST['_framed']));
4e17e6c @thomascube Initial revision
thomascube authored
95
03f8558 @thomascube Strip tags on _auth, _action, _task parameters
thomascube authored
96 if (empty($_task))
97 $_task = 'mail';
98
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored
99 if (!empty($_GET['_remote']))
100 $REMOTE_REQUEST = TRUE;
2f2f15b @thomascube Little improvements for message parsing and encoding
thomascube authored
101
102
103 // set output buffering
104 if ($_action != 'get' && $_action != 'viewsource')
105 {
106 // use gzip compression if supported
107 if (function_exists('ob_gzhandler') && !ini_get('zlib.output_compression'))
108 ob_start('ob_gzhandler');
109 else
110 ob_start();
111 }
112
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored
113
4e17e6c @thomascube Initial revision
thomascube authored
114 // start session with requested task
115 rcmail_startup($_task);
116
117 // set session related variables
bac7d17 @thomascube Fixed bugs #1364122, #1468895, ticket #1483811 and other minor bugs
thomascube authored
118 $COMM_PATH = sprintf('./?_task=%s', $_task);
119 $SESS_HIDDEN_FIELD = '';
4e17e6c @thomascube Initial revision
thomascube authored
120
121
122 // add framed parameter
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forward...
thomascube authored
123 if ($_framed)
4e17e6c @thomascube Initial revision
thomascube authored
124 {
10c92be @thomascube New indentation for quoted message text; HTML validity
thomascube authored
125 $COMM_PATH .= '&amp;_framed=1';
ccfda89 @thomascube Fixed session expiration issue with SQLite
thomascube authored
126 $SESS_HIDDEN_FIELD .= "\n".'<input type="hidden" name="_framed" value="1" />';
4e17e6c @thomascube Initial revision
thomascube authored
127 }
128
129
130 // init necessary objects for GUI
131 load_gui();
132
8affba5 @thomascube Improved error handling in DB connection failure
thomascube authored
133
134 // check DB connections and exit on failure
135 if ($err_str = $DB->is_error())
136 {
137 raise_error(array('code' => 500, 'type' => 'db', 'line' => __LINE__, 'file' => __FILE__,
138 'message' => $err_str), FALSE, TRUE);
139 }
140
141
4e17e6c @thomascube Initial revision
thomascube authored
142 // error steps
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forward...
thomascube authored
143 if ($_action=='error' && !empty($_GET['_code']))
4e17e6c @thomascube Initial revision
thomascube authored
144 {
145 raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE);
146 }
147
148
149 // try to log in
150 if ($_action=='login' && $_task=='mail')
151 {
152 $host = $_POST['_host'] ? $_POST['_host'] : $CONFIG['default_host'];
153
154 // check if client supports cookies
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forward...
thomascube authored
155 if (empty($_COOKIE))
4e17e6c @thomascube Initial revision
thomascube authored
156 {
157 show_message("cookiesdisabled", 'warning');
158 }
ea7c46b @thomascube Improved reading of POST and GET values
thomascube authored
159 else if (isset($_POST['_user']) && isset($_POST['_pass']) &&
bac7d17 @thomascube Fixed bugs #1364122, #1468895, ticket #1483811 and other minor bugs
thomascube authored
160 rcmail_login(get_input_value('_user', RCUBE_INPUT_POST), $_POST['_pass'], $host))
4e17e6c @thomascube Initial revision
thomascube authored
161 {
162 // send redirect
163 header("Location: $COMM_PATH");
164 exit;
165 }
166 else
167 {
168 show_message("loginfailed", 'warning');
169 $_SESSION['user_id'] = '';
170 }
171 }
172
173 // end session
00fd332 warning clearance
svncommit authored
174 else if ($_action=='logout' && isset($_SESSION['user_id']))
4e17e6c @thomascube Initial revision
thomascube authored
175 {
176 show_message('loggedout');
177 rcmail_kill_session();
178 }
179
bac7d17 @thomascube Fixed bugs #1364122, #1468895, ticket #1483811 and other minor bugs
thomascube authored
180 // check session and auth cookie
181 else if ($_action!='login' && $_SESSION['user_id'])
4e17e6c @thomascube Initial revision
thomascube authored
182 {
bac7d17 @thomascube Fixed bugs #1364122, #1468895, ticket #1483811 and other minor bugs
thomascube authored
183 if (!rcmail_authenticate_session() ||
ccfda89 @thomascube Fixed session expiration issue with SQLite
thomascube authored
184 ($CONFIG['session_lifetime'] && isset($SESS_CHANGED) && $SESS_CHANGED + $CONFIG['session_lifetime']*60 < mktime()))
4e17e6c @thomascube Initial revision
thomascube authored
185 {
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored
186 $message = show_message('sessionerror', 'error');
4e17e6c @thomascube Initial revision
thomascube authored
187 rcmail_kill_session();
188 }
189 }
190
191
192 // log in to imap server
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forward...
thomascube authored
193 if (!empty($_SESSION['user_id']) && $_task=='mail')
4e17e6c @thomascube Initial revision
thomascube authored
194 {
7902df4 @thomascube Fixed SSL support; improved Courier compatibility; some visual enhanceme...
thomascube authored
195 $conn = $IMAP->connect($_SESSION['imap_host'], $_SESSION['username'], decrypt_passwd($_SESSION['password']), $_SESSION['imap_port'], $_SESSION['imap_ssl']);
4e17e6c @thomascube Initial revision
thomascube authored
196 if (!$conn)
197 {
198 show_message('imaperror', 'error');
199 $_SESSION['user_id'] = '';
200 }
7902df4 @thomascube Fixed SSL support; improved Courier compatibility; some visual enhanceme...
thomascube authored
201 else
202 rcmail_set_imap_prop();
4e17e6c @thomascube Initial revision
thomascube authored
203 }
204
205
206 // not logged in -> set task to 'login
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forward...
thomascube authored
207 if (empty($_SESSION['user_id']))
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored
208 {
209 if ($REMOTE_REQUEST)
210 {
211 $message .= "setTimeout(\"location.href='\"+this.env.comm_path+\"'\", 2000);";
212 rcube_remote_response($message);
213 }
214
4e17e6c @thomascube Initial revision
thomascube authored
215 $_task = 'login';
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored
216 }
4e17e6c @thomascube Initial revision
thomascube authored
217
218
219
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forward...
thomascube authored
220 // set task and action to client
4e17e6c @thomascube Initial revision
thomascube authored
221 $script = sprintf("%s.set_env('task', '%s');", $JS_OBJECT_NAME, $_task);
222 if (!empty($_action))
223 $script .= sprintf("\n%s.set_env('action', '%s');", $JS_OBJECT_NAME, $_action);
224
225 $OUTPUT->add_script($script);
226
227
228
229 // not logged in -> show login page
230 if (!$_SESSION['user_id'])
231 {
232 parse_template('login');
233 exit;
234 }
235
236
1cded85 @thomascube Re-design of caching (new database table added\!); some bugfixes; Postgr...
thomascube authored
237 // handle keep-alive signal
238 if ($_action=='keep-alive')
239 {
240 rcube_remote_response('');
241 exit;
242 }
243
4e17e6c @thomascube Initial revision
thomascube authored
244
245 // include task specific files
246 if ($_task=='mail')
247 {
248 include_once('program/steps/mail/func.inc');
88375ff @thomascube Added RSS output (experimental)
thomascube authored
249
4e17e6c @thomascube Initial revision
thomascube authored
250 if ($_action=='show' || $_action=='print')
251 include('program/steps/mail/show.inc');
252
253 if ($_action=='get')
254 include('program/steps/mail/get.inc');
255
256 if ($_action=='moveto' || $_action=='delete')
257 include('program/steps/mail/move_del.inc');
258
259 if ($_action=='mark')
260 include('program/steps/mail/mark.inc');
261
262 if ($_action=='viewsource')
263 include('program/steps/mail/viewsource.inc');
264
265 if ($_action=='send')
266 include('program/steps/mail/sendmail.inc');
267
268 if ($_action=='upload')
269 include('program/steps/mail/upload.inc');
270
a894ba5 Removeable attachments, Auto-default folder creation, bug fixes
svncommit authored
271 if ($_action=='compose' || $_action=='remove-attachment')
4e17e6c @thomascube Initial revision
thomascube authored
272 include('program/steps/mail/compose.inc');
273
274 if ($_action=='addcontact')
275 include('program/steps/mail/addcontact.inc');
15a9d1c @thomascube Optimized loading time; added periodic mail check; added EXPUNGE command
thomascube authored
276
5e35126 @thomascube Added folder purge function and some checks
thomascube authored
277 if ($_action=='expunge' || $_action=='purge')
15a9d1c @thomascube Optimized loading time; added periodic mail check; added EXPUNGE command
thomascube authored
278 include('program/steps/mail/folders.inc');
279
280 if ($_action=='check-recent')
281 include('program/steps/mail/check_recent.inc');
282
283 if ($_action=='getunread')
284 include('program/steps/mail/getunread.inc');
4e17e6c @thomascube Initial revision
thomascube authored
285
4647e1b @thomascube Started implementing search function
thomascube authored
286 if ($_action=='list' && isset($_GET['_remote']))
4e17e6c @thomascube Initial revision
thomascube authored
287 include('program/steps/mail/list.inc');
288
4647e1b @thomascube Started implementing search function
thomascube authored
289 if ($_action=='search')
dd53e2b @thomascube Started integrating GoogieSpell
thomascube authored
290 include('program/steps/mail/search.inc');
291
292 if ($_action=='spell')
293 include('program/steps/mail/spell.inc');
4647e1b @thomascube Started implementing search function
thomascube authored
294
88375ff @thomascube Added RSS output (experimental)
thomascube authored
295 if ($_action=='rss')
296 include('program/steps/mail/rss.inc');
3ea0e32 @thomascube Quota display as image
thomascube authored
297
298 if ($_action=='quotaimg')
299 include('program/steps/mail/quotaimg.inc');
88375ff @thomascube Added RSS output (experimental)
thomascube authored
300
aade7b9 @thomascube Finalized 0.1beta2 release
thomascube authored
301
01c86f2 @thomascube Minor bugfixes
thomascube authored
302 // make sure the message count is refreshed
303 $IMAP->messagecount($_SESSION['mbox'], 'ALL', TRUE);
4e17e6c @thomascube Initial revision
thomascube authored
304 }
305
306
307 // include task specific files
308 if ($_task=='addressbook')
309 {
310 include_once('program/steps/addressbook/func.inc');
311
312 if ($_action=='save')
313 include('program/steps/addressbook/save.inc');
314
315 if ($_action=='edit' || $_action=='add')
316 include('program/steps/addressbook/edit.inc');
317
318 if ($_action=='delete')
319 include('program/steps/addressbook/delete.inc');
320
321 if ($_action=='show')
322 include('program/steps/addressbook/show.inc');
323
324 if ($_action=='list' && $_GET['_remote'])
325 include('program/steps/addressbook/list.inc');
d1d2c4f adding files and modifications for public ldap search
svncommit authored
326
327 if ($_action=='ldappublicsearch')
328 include('program/steps/addressbook/ldapsearchform.inc');
4e17e6c @thomascube Initial revision
thomascube authored
329 }
330
331
332 // include task specific files
333 if ($_task=='settings')
334 {
335 include_once('program/steps/settings/func.inc');
336
337 if ($_action=='save-identity')
338 include('program/steps/settings/save_identity.inc');
339
340 if ($_action=='add-identity' || $_action=='edit-identity')
341 include('program/steps/settings/edit_identity.inc');
342
343 if ($_action=='delete-identity')
344 include('program/steps/settings/delete_identity.inc');
345
346 if ($_action=='identities')
347 include('program/steps/settings/identities.inc');
348
349 if ($_action=='save-prefs')
350 include('program/steps/settings/save_prefs.inc');
351
aade7b9 @thomascube Finalized 0.1beta2 release
thomascube authored
352 if ($_action=='folders' || $_action=='subscribe' || $_action=='unsubscribe' ||
353 $_action=='create-folder' || $_action=='rename-folder' || $_action=='delete-folder')
4e17e6c @thomascube Initial revision
thomascube authored
354 include('program/steps/settings/manage_folders.inc');
355
356 }
357
358
359 // parse main template
8c2e58b @thomascube Minor improvements and bugfixes (see changelog)
thomascube authored
360 // only allow these templates to be included
361 if (in_array($_task, $MAIN_TASKS))
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored
362 parse_template($_task);
363
4e17e6c @thomascube Initial revision
thomascube authored
364
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored
365 // if we arrive here, something went wrong
366 raise_error(array('code' => 404,
367 'type' => 'php',
368 'line' => __LINE__,
369 'file' => __FILE__,
370 'message' => "Invalid request"), TRUE, TRUE);
371
d1d2c4f adding files and modifications for public ldap search
svncommit authored
372 ?>
Something went wrong with that request. Please try again.