Skip to content
Newer
Older
100644 243 lines (206 sloc) 8.46 KB
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
1 <?php
2 /*
a6f90e1 @alecpl -fixed disclaimer
alecpl authored May 11, 2008
3 +-------------------------------------------------------------------------+
e019f2d @alecpl - s/RoundCube/Roundcube/
alecpl authored Sep 25, 2010
4 | Roundcube Webmail IMAP Client |
f5e7b35 @thomascube Bumbed version; Roundcube development is not Switzerland only
thomascube authored Jan 12, 2011
5 | Version 0.6-svn |
a6f90e1 @alecpl -fixed disclaimer
alecpl authored May 11, 2008
6 | |
f5e7b35 @thomascube Bumbed version; Roundcube development is not Switzerland only
thomascube authored Jan 12, 2011
7 | Copyright (C) 2005-2011, The Roundcube Dev Team |
a6f90e1 @alecpl -fixed disclaimer
alecpl authored May 11, 2008
8 | |
9 | This program is free software; you can redistribute it and/or modify |
10 | it under the terms of the GNU General Public License version 2 |
11 | as published by the Free Software Foundation. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License along |
19 | with this program; if not, write to the Free Software Foundation, Inc., |
20 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
21 | |
22 +-------------------------------------------------------------------------+
23 | Author: Thomas Bruederli <roundcube@gmail.com> |
24 +-------------------------------------------------------------------------+
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
25
26 $Id$
27
28 */
29
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored Apr 12, 2008
30 // include environment
31 require_once 'program/include/iniset.php';
15a9d1c @thomascube Optimized loading time; added periodic mail check; added EXPUNGE command
thomascube authored Jan 5, 2006
32
48bc52e @alecpl - Fix imap_init hook broken in r3258 (#1486493)
alecpl authored Feb 13, 2010
33 // init application, start session, init output class, etc.
83a7636 @thomascube More code cleanup
thomascube authored Jun 14, 2008
34 $RCMAIL = rcmail::get_instance();
35
d51c93b @alecpl - get rid of some hardcoded action names and move decission about out…
alecpl authored Jun 1, 2009
36 // turn on output buffering
37 ob_start();
2f2f15b @thomascube Little improvements for message parsing and encoding
thomascube authored Sep 4, 2006
38
8c72e33 @thomascube Show appropriate error message if config files are missing
thomascube authored Jul 28, 2008
39 // check if config files had errors
40 if ($err_str = $RCMAIL->config->get_error()) {
41 raise_error(array(
42 'code' => 601,
43 'type' => 'php',
44 'message' => $err_str), false, true);
45 }
46
8affba5 @thomascube Improved error handling in DB connection failure
thomascube authored Mar 14, 2006
47 // check DB connections and exit on failure
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored Apr 12, 2008
48 if ($err_str = $DB->is_error()) {
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored Apr 28, 2007
49 raise_error(array(
50 'code' => 603,
51 'type' => 'db',
52 'message' => $err_str), FALSE, TRUE);
53 }
8affba5 @thomascube Improved error handling in DB connection failure
thomascube authored Mar 14, 2006
54
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
55 // error steps
197601e @thomascube Next step: introduce the application class 'rcmail' and get rid of so…
thomascube authored Apr 30, 2008
56 if ($RCMAIL->action=='error' && !empty($_GET['_code'])) {
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
57 raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE);
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored Apr 12, 2008
58 }
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
59
f5d61d8 @thomascube Revert r3038 and allow to specify the port as value of force_https
thomascube authored Oct 21, 2009
60 // check if https is required (for login) and redirect if necessary
61 if (empty($_SESSION['user_id']) && ($force_https = $RCMAIL->config->get('force_https', false))) {
62 $https_port = is_bool($force_https) ? 443 : $force_https;
5818e44 @alecpl - Fix $_SERVER['HTTPS'] check for SSL forcing on IIS (#1486243) + fix…
alecpl authored Oct 27, 2009
63 if (!rcube_https_check($https_port)) {
76c94b6 @alecpl - Fix 'force_https' to specified port when URL contains a port number…
alecpl authored Jan 17, 2010
64 $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);
65 $host .= ($https_port != 443 ? ':' . $https_port : '');
66 header('Location: https://' . $host . $_SERVER['REQUEST_URI']);
f5d61d8 @thomascube Revert r3038 and allow to specify the port as value of force_https
thomascube authored Oct 21, 2009
67 exit;
68 }
69 }
70
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored Apr 19, 2009
71 // trigger startup plugin hook
72 $startup = $RCMAIL->plugins->exec_hook('startup', array('task' => $RCMAIL->task, 'action' => $RCMAIL->action));
73 $RCMAIL->set_task($startup['task']);
74 $RCMAIL->action = $startup['action'];
75
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
76 // try to log in
9b94eb6 @alecpl - Fix setting task name according to auth state. So, any action befor…
alecpl authored Feb 6, 2010
77 if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') {
0129d7c @alecpl - Fix authentication when submitting form with existing session (#148…
alecpl authored Jan 19, 2009
78 // purge the session in case of new login when a session already exists
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored Apr 19, 2009
79 $RCMAIL->kill_session();
5f560ee @alecpl - Plugin API: Add 'pass' argument in 'authenticate' hook (#1487134)
alecpl authored Nov 29, 2010
80
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored Apr 19, 2009
81 $auth = $RCMAIL->plugins->exec_hook('authenticate', array(
82 'host' => $RCMAIL->autoselect_host(),
83 'user' => trim(get_input_value('_user', RCUBE_INPUT_POST)),
5f560ee @alecpl - Plugin API: Add 'pass' argument in 'authenticate' hook (#1487134)
alecpl authored Nov 29, 2010
84 'pass' => get_input_value('_pass', RCUBE_INPUT_POST, true,
85 $RCMAIL->config->get('password_charset', 'ISO-8859-1')),
4463648 @thomascube Allow a plugin to disable the cookie check
thomascube authored Aug 5, 2009
86 'cookiecheck' => true,
64608bf @alecpl - Password: Make passwords encoding consistent with core, add 'passwo…
alecpl authored Feb 25, 2010
87 ));
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored Apr 19, 2009
88
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
89 // check if client supports cookies
4463648 @thomascube Allow a plugin to disable the cookie check
thomascube authored Aug 5, 2009
90 if ($auth['cookiecheck'] && empty($_COOKIE)) {
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored Apr 28, 2007
91 $OUTPUT->show_message("cookiesdisabled", 'warning');
92 }
64608bf @alecpl - Password: Make passwords encoding consistent with core, add 'passwo…
alecpl authored Feb 25, 2010
93 else if ($_SESSION['temp'] && !$auth['abort'] &&
94 !empty($auth['host']) && !empty($auth['user']) &&
95 $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'])) {
aad6e2a @thomascube New session authentication, should fix bugs #1483951 and #1484299; te…
thomascube authored Mar 27, 2007
96 // create new session ID
929a508 @alecpl - Improve performance by avoiding unnecessary updates to the session …
alecpl authored Mar 1, 2010
97 $RCMAIL->session->remove('temp');
98 $RCMAIL->session->regenerate_id();
aad6e2a @thomascube New session authentication, should fix bugs #1483951 and #1484299; te…
thomascube authored Mar 27, 2007
99
100 // send auth cookie if necessary
1854c45 @thomascube More code cleanup + oop-ization
thomascube authored May 7, 2008
101 $RCMAIL->authenticate_session();
aad6e2a @thomascube New session authentication, should fix bugs #1483951 and #1484299; te…
thomascube authored Mar 27, 2007
102
5e0045b @thomascube Add option to log successful logins.
thomascube authored Jun 6, 2008
103 // log successful login
3544558 @alecpl - Add HTTP_X_REAL_IP and HTTP_X_FORWARDED_FOR to successful logins lo…
alecpl authored Apr 20, 2010
104 rcmail_log_login();
10eedbe @alecpl - add file/line definitions to raise_error() calls
alecpl authored Jan 28, 2010
105
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored Apr 19, 2009
106 // restore original request parameters
88007cf @thomascube Fix login redirect issues (#1487686)
thomascube authored Jan 14, 2011
107 $query = array();
32234d7 @thomascube Better fix for login redirect, don't force mail task
thomascube authored Jan 19, 2011
108 if ($url = get_input_value('_url', RCUBE_INPUT_POST)) {
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored Apr 19, 2009
109 parse_str($url, $query);
32234d7 @thomascube Better fix for login redirect, don't force mail task
thomascube authored Jan 19, 2011
110
111 // prevent endless looping on login page
112 if ($query['_task'] == 'login')
113 unset($query['_task']);
114 }
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored Apr 19, 2009
115
116 // allow plugins to control the redirect url after login success
32234d7 @thomascube Better fix for login redirect, don't force mail task
thomascube authored Jan 19, 2011
117 $redir = $RCMAIL->plugins->exec_hook('login_after', $query + array('_task' => 'mail'));
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored Apr 19, 2009
118 unset($redir['abort']);
5e0045b @thomascube Add option to log successful logins.
thomascube authored Jun 6, 2008
119
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
120 // send redirect
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored Apr 19, 2009
121 $OUTPUT->redirect($redir);
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored Apr 28, 2007
122 }
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored Apr 12, 2008
123 else {
6d99f99 @alecpl - Handle situation when $IMAP object isn't initialized on log in
alecpl authored Nov 9, 2010
124 $error_code = is_object($IMAP) ? $IMAP->get_error_code() : -1;
125
126 $OUTPUT->show_message($error_code < -1 ? 'imaperror' : 'loginfailed', 'warning');
8fcc3e1 @alecpl - Improved IMAP errors handling
alecpl authored Oct 14, 2010
127 $RCMAIL->plugins->exec_hook('login_failed', array(
6d99f99 @alecpl - Handle situation when $IMAP object isn't initialized on log in
alecpl authored Nov 9, 2010
128 'code' => $error_code, 'host' => $auth['host'], 'user' => $auth['user']));
1854c45 @thomascube More code cleanup + oop-ization
thomascube authored May 7, 2008
129 $RCMAIL->kill_session();
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
130 }
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored Apr 28, 2007
131 }
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
132
133 // end session
9b94eb6 @alecpl - Fix setting task name according to auth state. So, any action befor…
alecpl authored Feb 6, 2010
134 else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id'])) {
7ef47e5 @thomascube Add some arguments to the logout_after hook
thomascube authored Aug 14, 2009
135 $userdata = array('user' => $_SESSION['username'], 'host' => $_SESSION['imap_host'], 'lang' => $RCMAIL->user->language);
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored Apr 28, 2007
136 $OUTPUT->show_message('loggedout');
1854c45 @thomascube More code cleanup + oop-ization
thomascube authored May 7, 2008
137 $RCMAIL->logout_actions();
138 $RCMAIL->kill_session();
7ef47e5 @thomascube Add some arguments to the logout_after hook
thomascube authored Aug 14, 2009
139 $RCMAIL->plugins->exec_hook('logout_after', $userdata);
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored Apr 28, 2007
140 }
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
141
bac7d17 @thomascube Fixed bugs #1364122, #1468895, ticket #1483811 and other minor bugs
thomascube authored Jul 18, 2006
142 // check session and auth cookie
9b94eb6 @alecpl - Fix setting task name according to auth state. So, any action befor…
alecpl authored Feb 6, 2010
143 else if ($RCMAIL->task != 'login' && $_SESSION['user_id'] && $RCMAIL->action != 'send') {
1854c45 @thomascube More code cleanup + oop-ization
thomascube authored May 7, 2008
144 if (!$RCMAIL->authenticate_session()) {
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored Apr 28, 2007
145 $OUTPUT->show_message('sessionerror', 'error');
1854c45 @thomascube More code cleanup + oop-ization
thomascube authored May 7, 2008
146 $RCMAIL->kill_session();
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
147 }
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored Apr 28, 2007
148 }
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
149
150 // not logged in -> show login page
197601e @thomascube Next step: introduce the application class 'rcmail' and get rid of so…
thomascube authored Apr 30, 2008
151 if (empty($RCMAIL->user->ID)) {
83a7636 @thomascube More code cleanup
thomascube authored Jun 14, 2008
152 if ($OUTPUT->ajax_call)
c719f3c @thomascube Store compose parameters in session and redirect to a unique URL
thomascube authored Jun 20, 2008
153 $OUTPUT->redirect(array(), 2000);
9b94eb6 @alecpl - Fix setting task name according to auth state. So, any action befor…
alecpl authored Feb 6, 2010
154
ccc80d1 @alecpl - Fix login page loading into an iframe when session expires (#1485952)
alecpl authored Oct 14, 2009
155 if (!empty($_REQUEST['_framed']))
b571339 @alecpl - fix last commit
alecpl authored Oct 14, 2009
156 $OUTPUT->command('redirect', '?');
ccc80d1 @alecpl - Fix login page loading into an iframe when session expires (#1485952)
alecpl authored Oct 14, 2009
157
330127a @thomascube Disable PHP notices + check for installer script on login page
thomascube authored Mar 2, 2008
158 // check if installer is still active
83a7636 @thomascube More code cleanup
thomascube authored Jun 14, 2008
159 if ($RCMAIL->config->get('enable_installer') && is_readable('./installer/index.php')) {
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored Apr 12, 2008
160 $OUTPUT->add_footer(html::div(array('style' => "background:#ef9398; border:2px solid #dc5757; padding:0.5em; margin:2em auto; width:50em"),
161 html::tag('h2', array('style' => "margin-top:0.2em"), "Installer script is still accessible") .
e019f2d @alecpl - s/RoundCube/Roundcube/
alecpl authored Sep 25, 2010
162 html::p(null, "The install script of your Roundcube installation is still stored in its default location!") .
163 html::p(null, "Please <b>remove</b> the whole <tt>installer</tt> folder from the Roundcube directory because .
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored Apr 12, 2008
164 these files may expose sensitive configuration data like server passwords and encryption keys
165 to the public. Make sure you cannot access the <a href=\"./installer/\">installer script</a> from your browser.")
166 )
167 );
168 }
249db18 @alecpl - Fix "Server Error! (Not Found)" when using utils/save-pref action (…
alecpl authored Oct 1, 2010
169
bbf15d8 @alecpl - fixed task setting on login
alecpl authored May 2, 2008
170 $OUTPUT->set_env('task', 'login');
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored Apr 28, 2007
171 $OUTPUT->send('login');
172 }
249db18 @alecpl - Fix "Server Error! (Not Found)" when using utils/save-pref action (…
alecpl authored Oct 1, 2010
173 // CSRF prevention
174 else {
175 // don't check for valid request tokens in these actions
176 $request_check_whitelist = array('login'=>1, 'spell'=>1);
177
178 // check client X-header to verify request origin
179 if ($OUTPUT->ajax_call) {
180 if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token()) {
181 header('HTTP/1.1 404 Not Found');
182 die("Invalid Request");
183 }
184 }
185 // check request token in POST form submissions
186 else if (!empty($_POST) && !$request_check_whitelist[$RCMAIL->action] && !$RCMAIL->check_request()) {
187 $OUTPUT->show_message('invalidrequest', 'error');
188 $OUTPUT->send($RCMAIL->task);
189 }
190 }
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
191
249db18 @alecpl - Fix "Server Error! (Not Found)" when using utils/save-pref action (…
alecpl authored Oct 1, 2010
192 // handle special actions
48aff91 @thomascube Moved code block to a more appropriate position + codestyle
thomascube authored Aug 29, 2008
193 if ($RCMAIL->action == 'keep-alive') {
194 $OUTPUT->reset();
195 $OUTPUT->send();
196 }
249db18 @alecpl - Fix "Server Error! (Not Found)" when using utils/save-pref action (…
alecpl authored Oct 1, 2010
197 else if ($RCMAIL->action == 'save-pref') {
198 include 'steps/utils/save_pref.inc';
199 }
1cded85 @thomascube Re-design of caching (new database table added\!); some bugfixes; Pos…
thomascube authored Dec 3, 2005
200
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
201
6ea6c9b @thomascube Simplify step inclusion in controller (index.php)
thomascube authored Jun 20, 2008
202 // include task specific functions
564a2ba @alecpl - Help plugin
alecpl authored Jul 22, 2009
203 if (is_file($incfile = 'program/steps/'.$RCMAIL->task.'/func.inc'))
204 include_once($incfile);
6ea6c9b @thomascube Simplify step inclusion in controller (index.php)
thomascube authored Jun 20, 2008
205
206 // allow 5 "redirects" to another action
207 $redirects = 0; $incstep = null;
208 while ($redirects < 5) {
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored Apr 19, 2009
209 // execute a plugin action
05a631a @thomascube Allow plugins to register their own tasks
thomascube authored Jun 3, 2010
210 if ($RCMAIL->plugins->is_plugin_task($RCMAIL->task)) {
211 $RCMAIL->plugins->exec_action($RCMAIL->task.'.'.$RCMAIL->action);
212 break;
213 }
214 else if (preg_match('/^plugin\./', $RCMAIL->action)) {
cc97ea0 @thomascube Merged branch devel-api (from r2208 to r2387) back into trunk (omitti…
thomascube authored Apr 19, 2009
215 $RCMAIL->plugins->exec_action($RCMAIL->action);
216 break;
217 }
6ea6c9b @thomascube Simplify step inclusion in controller (index.php)
thomascube authored Jun 20, 2008
218 // try to include the step file
68d2d54 @alecpl - Move action files map from index.php to steps' func.inc files
alecpl authored Jan 16, 2011
219 else if (($stepfile = $RCMAIL->get_action_file())
220 && is_file($incfile = 'program/steps/'.$RCMAIL->task.'/'.$stepfile)
221 ) {
6ea6c9b @thomascube Simplify step inclusion in controller (index.php)
thomascube authored Jun 20, 2008
222 include($incfile);
223 $redirects++;
224 }
225 else {
226 break;
227 }
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored Apr 28, 2007
228 }
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
229
230
6ea6c9b @thomascube Simplify step inclusion in controller (index.php)
thomascube authored Jun 20, 2008
231 // parse main template (default)
197601e @thomascube Next step: introduce the application class 'rcmail' and get rid of so…
thomascube authored Apr 30, 2008
232 $OUTPUT->send($RCMAIL->task);
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored Sep 29, 2005
233
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
234
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored Sep 29, 2005
235 // if we arrive here, something went wrong
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored Apr 28, 2007
236 raise_error(array(
237 'code' => 404,
238 'type' => 'php',
239 'line' => __LINE__,
240 'file' => __FILE__,
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored Apr 12, 2008
241 'message' => "Invalid request"), true, true);
b25dfd0 @alecpl - removed PHP closing tag
alecpl authored Jun 23, 2010
242
Something went wrong with that request. Please try again.