Skip to content
Newer
Older
100644 298 lines (222 sloc) 8.95 KB
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
1 <?php
2
3 /*
4 +-----------------------------------------------------------------------+
5 | RoundCube Webmail IMAP Client |
15fee7b @thomascube Moved config files to config/*inc.php.dist
thomascube authored Sep 30, 2005
6 | Version 0.1-20050929 |
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
7 | |
8 | Copyright (C) 2005, RoundCube Dev. - Switzerland |
15fee7b @thomascube Moved config files to config/*inc.php.dist
thomascube authored Sep 30, 2005
9 | Licensed under the GNU GPL |
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
10 | |
11 | Redistribution and use in source and binary forms, with or without |
12 | modification, are permitted provided that the following conditions |
13 | are met: |
14 | |
15 | o Redistributions of source code must retain the above copyright |
16 | notice, this list of conditions and the following disclaimer. |
17 | o Redistributions in binary form must reproduce the above copyright |
18 | notice, this list of conditions and the following disclaimer in the |
19 | documentation and/or other materials provided with the distribution.|
20 | o The names of the authors may not be used to endorse or promote |
21 | products derived from this software without specific prior written |
22 | permission. |
23 | |
24 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
25 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
26 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
27 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
28 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
29 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
30 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
31 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
32 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
33 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
34 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | |
36 +-----------------------------------------------------------------------+
37 | Author: Thomas Bruederli <roundcube@gmail.com> |
38 +-----------------------------------------------------------------------+
39
40 $Id$
41
42 */
43
44 // define global vars
45 $INSTALL_PATH = './';
46 $OUTPUT_TYPE = 'html';
47 $JS_OBJECT_NAME = 'rcmail';
48
49
50 // set environment first
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored Oct 7, 2005
51 ini_set('include_path', ini_get('include_path').PATH_SEPARATOR.$INSTALL_PATH.PATH_SEPARATOR.'program'.PATH_SEPARATOR.'program/lib');
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
52 ini_set('session.name', 'sessid');
53 ini_set('session.use_cookies', 1);
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored Oct 7, 2005
54 ini_set('error_reporting', E_ALL&~E_NOTICE);
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
55 //ini_set('session.save_path', $INSTALL_PATH.'session');
56
57
58 // increase maximum execution time for php scripts
59 set_time_limit('120');
60
61
62 // include base files
63 require_once('include/rcube_shared.inc');
64 require_once('include/rcube_imap.inc');
1676e1e @thomascube Added PEAR:DB support plus database replication support
thomascube authored Oct 2, 2005
65 require_once('include/rcube_db.inc');
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
66 require_once('include/bugs.inc');
67 require_once('include/main.inc');
68 require_once('include/cache.inc');
69
70
71 // catch some url/post parameters
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored Oct 4, 2005
72 $_auth = !empty($_POST['_auth']) ? $_POST['_auth'] : $_GET['_auth'];
73 $_task = !empty($_POST['_task']) ? $_POST['_task'] : (!empty($_GET['_task']) ? $_GET['_task'] : 'mail');
74 $_action = !empty($_POST['_action']) ? $_POST['_action'] : (!empty($_GET['_action']) ? $_GET['_action'] : '');
75 $_framed = (!empty($_GET['_framed']) || !empty($_POST['_framed']));
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
76
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored Oct 7, 2005
77 if (!empty($_GET['_remote']))
78 $REMOTE_REQUEST = TRUE;
79
80
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
81 // start session with requested task
82 rcmail_startup($_task);
83
84
85 // set session related variables
86 $COMM_PATH = sprintf('./?_auth=%s&_task=%s', $sess_auth, $_task);
87 $SESS_HIDDEN_FIELD = sprintf('<input type="hidden" name="_auth" value="%s" />', $sess_auth);
88
89
90 // add framed parameter
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored Oct 4, 2005
91 if ($_framed)
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
92 {
93 $COMM_PATH .= '&_framed=1';
94 $SESS_HIDDEN_FIELD = "\n".'<input type="hidden" name="_framed" value="1" />';
95 }
96
97
98 // init necessary objects for GUI
99 load_gui();
100
101
102 // error steps
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored Oct 4, 2005
103 if ($_action=='error' && !empty($_GET['_code']))
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
104 {
105 raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE);
106 }
107
108
109 // try to log in
110 if ($_action=='login' && $_task=='mail')
111 {
112 $host = $_POST['_host'] ? $_POST['_host'] : $CONFIG['default_host'];
113
114 // check if client supports cookies
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored Oct 4, 2005
115 if (empty($_COOKIE))
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
116 {
117 show_message("cookiesdisabled", 'warning');
118 }
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored Oct 4, 2005
119 else if (isset($_POST['_user']) && isset($_POST['_pass']) && rcmail_login($_POST['_user'], $_POST['_pass'], $host))
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
120 {
121 // send redirect
122 header("Location: $COMM_PATH");
123 exit;
124 }
125 else
126 {
127 show_message("loginfailed", 'warning');
128 $_SESSION['user_id'] = '';
129 }
130 }
131
132 // end session
133 else if ($_action=='logout' && $_SESSION['user_id'])
134 {
135 show_message('loggedout');
136 rcmail_kill_session();
137 }
138
139 // check session cookie and auth string
140 else if ($_action!='login' && $_auth && $sess_auth)
141 {
142 if ($_auth !== $sess_auth || $_auth != rcmail_auth_hash($_SESSION['client_id'], $_SESSION['auth_time']))
143 {
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored Oct 7, 2005
144 $message = show_message('sessionerror', 'error');
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
145 rcmail_kill_session();
146 }
147 }
148
149
150 // log in to imap server
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored Oct 4, 2005
151 if (!empty($_SESSION['user_id']) && $_task=='mail')
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
152 {
153 $conn = $IMAP->connect($_SESSION['imap_host'], $_SESSION['username'], decrypt_passwd($_SESSION['password']));
154 if (!$conn)
155 {
156 show_message('imaperror', 'error');
157 $_SESSION['user_id'] = '';
158 }
159 }
160
161
162 // not logged in -> set task to 'login
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored Oct 4, 2005
163 if (empty($_SESSION['user_id']))
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored Oct 7, 2005
164 {
165 if ($REMOTE_REQUEST)
166 {
167 $message .= "setTimeout(\"location.href='\"+this.env.comm_path+\"'\", 2000);";
168 rcube_remote_response($message);
169 }
170
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
171 $_task = 'login';
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored Oct 7, 2005
172 }
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
173
174
175
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored Oct 4, 2005
176 // set task and action to client
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
177 $script = sprintf("%s.set_env('task', '%s');", $JS_OBJECT_NAME, $_task);
178 if (!empty($_action))
179 $script .= sprintf("\n%s.set_env('action', '%s');", $JS_OBJECT_NAME, $_action);
180
181 $OUTPUT->add_script($script);
182
183
184
185 // not logged in -> show login page
186 if (!$_SESSION['user_id'])
187 {
188 parse_template('login');
189 exit;
190 }
191
192
193
194 // include task specific files
195 if ($_task=='mail')
196 {
197 include_once('program/steps/mail/func.inc');
198
199 if ($_action=='show' || $_action=='print')
200 include('program/steps/mail/show.inc');
201
202 if ($_action=='get')
203 include('program/steps/mail/get.inc');
204
205 if ($_action=='moveto' || $_action=='delete')
206 include('program/steps/mail/move_del.inc');
207
208 if ($_action=='mark')
209 include('program/steps/mail/mark.inc');
210
211 if ($_action=='viewsource')
212 include('program/steps/mail/viewsource.inc');
213
214 if ($_action=='send')
215 include('program/steps/mail/sendmail.inc');
216
217 if ($_action=='upload')
218 include('program/steps/mail/upload.inc');
219
220 if ($_action=='compose')
221 include('program/steps/mail/compose.inc');
222
223 if ($_action=='addcontact')
224 include('program/steps/mail/addcontact.inc');
225
226 if ($_action=='list' && $_GET['_remote'])
227 include('program/steps/mail/list.inc');
228
229 // kill compose entry from session
230 if (isset($_SESSION['compose']))
231 rcmail_compose_cleanup();
232 }
233
234
235 // include task specific files
236 if ($_task=='addressbook')
237 {
238 include_once('program/steps/addressbook/func.inc');
239
240 if ($_action=='save')
241 include('program/steps/addressbook/save.inc');
242
243 if ($_action=='edit' || $_action=='add')
244 include('program/steps/addressbook/edit.inc');
245
246 if ($_action=='delete')
247 include('program/steps/addressbook/delete.inc');
248
249 if ($_action=='show')
250 include('program/steps/addressbook/show.inc');
251
252 if ($_action=='list' && $_GET['_remote'])
253 include('program/steps/addressbook/list.inc');
254 }
255
256
257 // include task specific files
258 if ($_task=='settings')
259 {
260 include_once('program/steps/settings/func.inc');
261
262 if ($_action=='save-identity')
263 include('program/steps/settings/save_identity.inc');
264
265 if ($_action=='add-identity' || $_action=='edit-identity')
266 include('program/steps/settings/edit_identity.inc');
267
268 if ($_action=='delete-identity')
269 include('program/steps/settings/delete_identity.inc');
270
271 if ($_action=='identities')
272 include('program/steps/settings/identities.inc');
273
274 if ($_action=='save-prefs')
275 include('program/steps/settings/save_prefs.inc');
276
277 if ($_action=='folders' || $_action=='subscribe' || $_action=='unsubscribe' || $_action=='create-folder' || $_action=='delete-folder')
278 include('program/steps/settings/manage_folders.inc');
279
280 }
281
282
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored Sep 29, 2005
283 // only allow these templates to be included
284 $valid_tasks = array('mail','settings','addressbook');
285
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
286 // parse main template
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored Sep 29, 2005
287 if (in_array($_task, $valid_tasks))
288 parse_template($_task);
289
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
290
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored Sep 29, 2005
291 // if we arrive here, something went wrong
292 raise_error(array('code' => 404,
293 'type' => 'php',
294 'line' => __LINE__,
295 'file' => __FILE__,
296 'message' => "Invalid request"), TRUE, TRUE);
297
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
298 ?>
Something went wrong with that request. Please try again.