Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 367 lines (275 sloc) 10.94 kb
4e17e6c9 »
2005-09-25 Initial revision
1 <?php
2 /*
3 +-----------------------------------------------------------------------+
4 | RoundCube Webmail IMAP Client |
3ea0e320 »
2006-09-01 Quota display as image
5 | Version 0.1-20060901 |
4e17e6c9 »
2005-09-25 Initial revision
6 | |
aade7b98 »
2006-08-06 Finalized 0.1beta2 release
7 | Copyright (C) 2005-2006, RoundCube Dev. - Switzerland |
15fee7b8 »
2005-09-30 Moved config files to config/*inc.php.dist
8 | Licensed under the GNU GPL |
4e17e6c9 »
2005-09-25 Initial revision
9 | |
10 | Redistribution and use in source and binary forms, with or without |
11 | modification, are permitted provided that the following conditions |
12 | are met: |
13 | |
14 | o Redistributions of source code must retain the above copyright |
15 | notice, this list of conditions and the following disclaimer. |
16 | o Redistributions in binary form must reproduce the above copyright |
17 | notice, this list of conditions and the following disclaimer in the |
18 | documentation and/or other materials provided with the distribution.|
19 | o The names of the authors may not be used to endorse or promote |
20 | products derived from this software without specific prior written |
21 | permission. |
22 | |
23 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
24 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
25 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
26 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
27 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
28 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
29 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
30 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
31 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
32 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
33 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
34 | |
35 +-----------------------------------------------------------------------+
36 | Author: Thomas Bruederli <roundcube@gmail.com> |
37 +-----------------------------------------------------------------------+
38
39 $Id$
40
41 */
42
3ea0e320 »
2006-09-01 Quota display as image
43 define('RCMAIL_VERSION', '0.1-20060901');
15a9d1ce »
2006-01-05 Optimized loading time; added periodic mail check; added EXPUNGE command
44
4e17e6c9 »
2005-09-25 Initial revision
45 // define global vars
8c2e58b4 »
2006-03-20 Minor improvements and bugfixes (see changelog)
46 $CHARSET = 'UTF-8';
4e17e6c9 »
2005-09-25 Initial revision
47 $OUTPUT_TYPE = 'html';
48 $JS_OBJECT_NAME = 'rcmail';
321302e5 »
2006-07-07 Fixed INSTALL_PATH bug #1425663
49 $INSTALL_PATH = dirname(__FILE__);
8c2e58b4 »
2006-03-20 Minor improvements and bugfixes (see changelog)
50 $MAIN_TASKS = array('mail','settings','addressbook','logout');
4e17e6c9 »
2005-09-25 Initial revision
51
7cc38e0b »
2005-10-31 Added Finnish, Romanian and Chinese translation
52 if (empty($INSTALL_PATH))
53 $INSTALL_PATH = './';
54 else
55 $INSTALL_PATH .= '/';
bac7d174 »
2006-07-18 Fixed bugs #1364122, #1468895, ticket #1483811 and other minor bugs
56
57
58 // make sure path_separator is defined
59 if (!defined('PATH_SEPARATOR'))
60 define('PATH_SEPARATOR', (eregi('win', PHP_OS) ? ';' : ':'));
61
62
d7cb7741 »
2005-10-25 more pear/mdb2 integration
63 // RC include folders MUST be included FIRST to avoid other
64 // possible not compatible libraries (i.e PEAR) to be included
65 // instead the ones provided by RC
7cc38e0b »
2005-10-31 Added Finnish, Romanian and Chinese translation
66 ini_set('include_path', $INSTALL_PATH.PATH_SEPARATOR.$INSTALL_PATH.'program'.PATH_SEPARATOR.$INSTALL_PATH.'program/lib'.PATH_SEPARATOR.ini_get('include_path'));
d7cb7741 »
2005-10-25 more pear/mdb2 integration
67
4e17e6c9 »
2005-09-25 Initial revision
68 ini_set('session.name', 'sessid');
69 ini_set('session.use_cookies', 1);
977a295e »
2005-12-16 Usage of virtusertable; mail_domain for new users; Chinese and Turkis…
70 ini_set('session.gc_maxlifetime', 21600);
71 ini_set('session.gc_divisor', 500);
72 ini_set('error_reporting', E_ALL&~E_NOTICE);
4e17e6c9 »
2005-09-25 Initial revision
73
74 // increase maximum execution time for php scripts
00fd332a »
2005-10-14 warning clearance
75 // (does not work in safe mode)
1cded857 »
2005-12-03 Re-design of caching (new database table added\!); some bugfixes; Pos…
76 @set_time_limit(120);
4e17e6c9 »
2005-09-25 Initial revision
77
78 // include base files
79 require_once('include/rcube_shared.inc');
80 require_once('include/rcube_imap.inc');
81 require_once('include/bugs.inc');
82 require_once('include/main.inc');
83 require_once('include/cache.inc');
7902df45 »
2005-10-20 Fixed SSL support; improved Courier compatibility; some visual enhanc…
84 require_once('PEAR.php');
85
86
87 // set PEAR error handling
88 // PEAR::setErrorHandling(PEAR_ERROR_TRIGGER, E_USER_NOTICE);
4e17e6c9 »
2005-09-25 Initial revision
89
c1ba9587 »
2006-04-13 Added gzip compression support
90 // use gzip compression if supported
8f4834d8 »
2006-05-05 Check for zlib.output_compression before using ob_gzhandler
91 if (function_exists('ob_gzhandler') && !ini_get('zlib.output_compression'))
c1ba9587 »
2006-04-13 Added gzip compression support
92 ob_start('ob_gzhandler');
8a256ef5 »
2006-05-25 Always use output buffering
93 else
94 ob_start();
c1ba9587 »
2006-04-13 Added gzip compression support
95
4e17e6c9 »
2005-09-25 Initial revision
96
97 // catch some url/post parameters
03f85589 »
2006-04-04 Strip tags on _auth, _action, _task parameters
98 $_task = get_input_value('_task', RCUBE_INPUT_GPC);
99 $_action = get_input_value('_action', RCUBE_INPUT_GPC);
597170fe »
2005-10-04 Added new languages, hierarchical folder tree and attachments in forw…
100 $_framed = (!empty($_GET['_framed']) || !empty($_POST['_framed']));
4e17e6c9 »
2005-09-25 Initial revision
101
03f85589 »
2006-04-04 Strip tags on _auth, _action, _task parameters
102 if (empty($_task))
103 $_task = 'mail';
104
42b11351 »
2005-10-07 Several bugfixes and feature improvements
105 if (!empty($_GET['_remote']))
106 $REMOTE_REQUEST = TRUE;
107
4e17e6c9 »
2005-09-25 Initial revision
108 // start session with requested task
109 rcmail_startup($_task);
110
111 // set session related variables
bac7d174 »
2006-07-18 Fixed bugs #1364122, #1468895, ticket #1483811 and other minor bugs
112 $COMM_PATH = sprintf('./?_task=%s', $_task);
113 $SESS_HIDDEN_FIELD = '';
4e17e6c9 »
2005-09-25 Initial revision
114
115
116 // add framed parameter
597170fe »
2005-10-04 Added new languages, hierarchical folder tree and attachments in forw…
117 if ($_framed)
4e17e6c9 »
2005-09-25 Initial revision
118 {
10c92bef »
2006-08-30 New indentation for quoted message text; HTML validity
119 $COMM_PATH .= '&amp;_framed=1';
ccfda896 »
2005-11-01 Fixed session expiration issue with SQLite
120 $SESS_HIDDEN_FIELD .= "\n".'<input type="hidden" name="_framed" value="1" />';
4e17e6c9 »
2005-09-25 Initial revision
121 }
122
123
124 // init necessary objects for GUI
125 load_gui();
126
8affba5b »
2006-03-14 Improved error handling in DB connection failure
127
128 // check DB connections and exit on failure
129 if ($err_str = $DB->is_error())
130 {
131 raise_error(array('code' => 500, 'type' => 'db', 'line' => __LINE__, 'file' => __FILE__,
132 'message' => $err_str), FALSE, TRUE);
133 }
134
135
4e17e6c9 »
2005-09-25 Initial revision
136 // error steps
597170fe »
2005-10-04 Added new languages, hierarchical folder tree and attachments in forw…
137 if ($_action=='error' && !empty($_GET['_code']))
4e17e6c9 »
2005-09-25 Initial revision
138 {
139 raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE);
140 }
141
142
143 // try to log in
144 if ($_action=='login' && $_task=='mail')
145 {
146 $host = $_POST['_host'] ? $_POST['_host'] : $CONFIG['default_host'];
147
148 // check if client supports cookies
597170fe »
2005-10-04 Added new languages, hierarchical folder tree and attachments in forw…
149 if (empty($_COOKIE))
4e17e6c9 »
2005-09-25 Initial revision
150 {
151 show_message("cookiesdisabled", 'warning');
152 }
ea7c46b4 »
2006-03-03 Improved reading of POST and GET values
153 else if (isset($_POST['_user']) && isset($_POST['_pass']) &&
bac7d174 »
2006-07-18 Fixed bugs #1364122, #1468895, ticket #1483811 and other minor bugs
154 rcmail_login(get_input_value('_user', RCUBE_INPUT_POST), $_POST['_pass'], $host))
4e17e6c9 »
2005-09-25 Initial revision
155 {
156 // send redirect
157 header("Location: $COMM_PATH");
158 exit;
159 }
160 else
161 {
162 show_message("loginfailed", 'warning');
163 $_SESSION['user_id'] = '';
164 }
165 }
166
167 // end session
00fd332a »
2005-10-14 warning clearance
168 else if ($_action=='logout' && isset($_SESSION['user_id']))
4e17e6c9 »
2005-09-25 Initial revision
169 {
170 show_message('loggedout');
171 rcmail_kill_session();
172 }
173
bac7d174 »
2006-07-18 Fixed bugs #1364122, #1468895, ticket #1483811 and other minor bugs
174 // check session and auth cookie
175 else if ($_action!='login' && $_SESSION['user_id'])
4e17e6c9 »
2005-09-25 Initial revision
176 {
bac7d174 »
2006-07-18 Fixed bugs #1364122, #1468895, ticket #1483811 and other minor bugs
177 if (!rcmail_authenticate_session() ||
ccfda896 »
2005-11-01 Fixed session expiration issue with SQLite
178 ($CONFIG['session_lifetime'] && isset($SESS_CHANGED) && $SESS_CHANGED + $CONFIG['session_lifetime']*60 < mktime()))
4e17e6c9 »
2005-09-25 Initial revision
179 {
42b11351 »
2005-10-07 Several bugfixes and feature improvements
180 $message = show_message('sessionerror', 'error');
4e17e6c9 »
2005-09-25 Initial revision
181 rcmail_kill_session();
182 }
183 }
184
185
186 // log in to imap server
597170fe »
2005-10-04 Added new languages, hierarchical folder tree and attachments in forw…
187 if (!empty($_SESSION['user_id']) && $_task=='mail')
4e17e6c9 »
2005-09-25 Initial revision
188 {
7902df45 »
2005-10-20 Fixed SSL support; improved Courier compatibility; some visual enhanc…
189 $conn = $IMAP->connect($_SESSION['imap_host'], $_SESSION['username'], decrypt_passwd($_SESSION['password']), $_SESSION['imap_port'], $_SESSION['imap_ssl']);
4e17e6c9 »
2005-09-25 Initial revision
190 if (!$conn)
191 {
192 show_message('imaperror', 'error');
193 $_SESSION['user_id'] = '';
194 }
7902df45 »
2005-10-20 Fixed SSL support; improved Courier compatibility; some visual enhanc…
195 else
196 rcmail_set_imap_prop();
4e17e6c9 »
2005-09-25 Initial revision
197 }
198
199
200 // not logged in -> set task to 'login
597170fe »
2005-10-04 Added new languages, hierarchical folder tree and attachments in forw…
201 if (empty($_SESSION['user_id']))
42b11351 »
2005-10-07 Several bugfixes and feature improvements
202 {
203 if ($REMOTE_REQUEST)
204 {
205 $message .= "setTimeout(\"location.href='\"+this.env.comm_path+\"'\", 2000);";
206 rcube_remote_response($message);
207 }
208
4e17e6c9 »
2005-09-25 Initial revision
209 $_task = 'login';
42b11351 »
2005-10-07 Several bugfixes and feature improvements
210 }
4e17e6c9 »
2005-09-25 Initial revision
211
212
213
597170fe »
2005-10-04 Added new languages, hierarchical folder tree and attachments in forw…
214 // set task and action to client
4e17e6c9 »
2005-09-25 Initial revision
215 $script = sprintf("%s.set_env('task', '%s');", $JS_OBJECT_NAME, $_task);
216 if (!empty($_action))
217 $script .= sprintf("\n%s.set_env('action', '%s');", $JS_OBJECT_NAME, $_action);
218
219 $OUTPUT->add_script($script);
220
221
222
223 // not logged in -> show login page
224 if (!$_SESSION['user_id'])
225 {
226 parse_template('login');
227 exit;
228 }
229
230
1cded857 »
2005-12-03 Re-design of caching (new database table added\!); some bugfixes; Pos…
231 // handle keep-alive signal
232 if ($_action=='keep-alive')
233 {
234 rcube_remote_response('');
235 exit;
236 }
237
4e17e6c9 »
2005-09-25 Initial revision
238
239 // include task specific files
240 if ($_task=='mail')
241 {
242 include_once('program/steps/mail/func.inc');
88375ff9 »
2006-02-05 Added RSS output (experimental)
243
4e17e6c9 »
2005-09-25 Initial revision
244 if ($_action=='show' || $_action=='print')
245 include('program/steps/mail/show.inc');
246
247 if ($_action=='get')
248 include('program/steps/mail/get.inc');
249
250 if ($_action=='moveto' || $_action=='delete')
251 include('program/steps/mail/move_del.inc');
252
253 if ($_action=='mark')
254 include('program/steps/mail/mark.inc');
255
256 if ($_action=='viewsource')
257 include('program/steps/mail/viewsource.inc');
258
259 if ($_action=='send')
260 include('program/steps/mail/sendmail.inc');
261
262 if ($_action=='upload')
263 include('program/steps/mail/upload.inc');
264
a894ba50 »
2006-06-29 Removeable attachments, Auto-default folder creation, bug fixes
265 if ($_action=='compose' || $_action=='remove-attachment')
4e17e6c9 »
2005-09-25 Initial revision
266 include('program/steps/mail/compose.inc');
267
268 if ($_action=='addcontact')
269 include('program/steps/mail/addcontact.inc');
15a9d1ce »
2006-01-05 Optimized loading time; added periodic mail check; added EXPUNGE command
270
5e351267 »
2006-01-25 Added folder purge function and some checks
271 if ($_action=='expunge' || $_action=='purge')
15a9d1ce »
2006-01-05 Optimized loading time; added periodic mail check; added EXPUNGE command
272 include('program/steps/mail/folders.inc');
273
274 if ($_action=='check-recent')
275 include('program/steps/mail/check_recent.inc');
276
277 if ($_action=='getunread')
278 include('program/steps/mail/getunread.inc');
4e17e6c9 »
2005-09-25 Initial revision
279
4647e1bb »
2006-03-23 Started implementing search function
280 if ($_action=='list' && isset($_GET['_remote']))
4e17e6c9 »
2005-09-25 Initial revision
281 include('program/steps/mail/list.inc');
282
4647e1bb »
2006-03-23 Started implementing search function
283 if ($_action=='search')
dd53e2b4 »
2006-05-01 Started integrating GoogieSpell
284 include('program/steps/mail/search.inc');
285
286 if ($_action=='spell')
287 include('program/steps/mail/spell.inc');
4647e1bb »
2006-03-23 Started implementing search function
288
88375ff9 »
2006-02-05 Added RSS output (experimental)
289 if ($_action=='rss')
290 include('program/steps/mail/rss.inc');
3ea0e320 »
2006-09-01 Quota display as image
291
292 if ($_action=='quotaimg')
293 include('program/steps/mail/quotaimg.inc');
88375ff9 »
2006-02-05 Added RSS output (experimental)
294
aade7b98 »
2006-08-06 Finalized 0.1beta2 release
295
01c86f2e »
2006-03-04 Minor bugfixes
296 // make sure the message count is refreshed
297 $IMAP->messagecount($_SESSION['mbox'], 'ALL', TRUE);
4e17e6c9 »
2005-09-25 Initial revision
298 }
299
300
301 // include task specific files
302 if ($_task=='addressbook')
303 {
304 include_once('program/steps/addressbook/func.inc');
305
306 if ($_action=='save')
307 include('program/steps/addressbook/save.inc');
308
309 if ($_action=='edit' || $_action=='add')
310 include('program/steps/addressbook/edit.inc');
311
312 if ($_action=='delete')
313 include('program/steps/addressbook/delete.inc');
314
315 if ($_action=='show')
316 include('program/steps/addressbook/show.inc');
317
318 if ($_action=='list' && $_GET['_remote'])
319 include('program/steps/addressbook/list.inc');
d1d2c4fb »
2006-01-08 adding files and modifications for public ldap search
320
321 if ($_action=='ldappublicsearch')
322 include('program/steps/addressbook/ldapsearchform.inc');
4e17e6c9 »
2005-09-25 Initial revision
323 }
324
325
326 // include task specific files
327 if ($_task=='settings')
328 {
329 include_once('program/steps/settings/func.inc');
330
331 if ($_action=='save-identity')
332 include('program/steps/settings/save_identity.inc');
333
334 if ($_action=='add-identity' || $_action=='edit-identity')
335 include('program/steps/settings/edit_identity.inc');
336
337 if ($_action=='delete-identity')
338 include('program/steps/settings/delete_identity.inc');
339
340 if ($_action=='identities')
341 include('program/steps/settings/identities.inc');
342
343 if ($_action=='save-prefs')
344 include('program/steps/settings/save_prefs.inc');
345
aade7b98 »
2006-08-06 Finalized 0.1beta2 release
346 if ($_action=='folders' || $_action=='subscribe' || $_action=='unsubscribe' ||
347 $_action=='create-folder' || $_action=='rename-folder' || $_action=='delete-folder')
4e17e6c9 »
2005-09-25 Initial revision
348 include('program/steps/settings/manage_folders.inc');
349
350 }
351
352
353 // parse main template
8c2e58b4 »
2006-03-20 Minor improvements and bugfixes (see changelog)
354 // only allow these templates to be included
355 if (in_array($_task, $MAIN_TASKS))
539cd478 »
2005-09-29 Fix for URL injection vulnerability (Bug #1307966)
356 parse_template($_task);
357
4e17e6c9 »
2005-09-25 Initial revision
358
539cd478 »
2005-09-29 Fix for URL injection vulnerability (Bug #1307966)
359 // if we arrive here, something went wrong
360 raise_error(array('code' => 404,
361 'type' => 'php',
362 'line' => __LINE__,
363 'file' => __FILE__,
364 'message' => "Invalid request"), TRUE, TRUE);
365
d1d2c4fb »
2006-01-08 adding files and modifications for public ldap search
366 ?>
Something went wrong with that request. Please try again.