Skip to content
Newer
Older
100644 305 lines (230 sloc) 9.31 KB
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
1 <?php
2
3 /*
4 +-----------------------------------------------------------------------+
5 | RoundCube Webmail IMAP Client |
7902df4 @thomascube Fixed SSL support; improved Courier compatibility; some visual enhanc…
thomascube authored Oct 20, 2005
6 | Version 0.1-20051018 |
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
7 | |
8 | Copyright (C) 2005, RoundCube Dev. - Switzerland |
15fee7b @thomascube Moved config files to config/*inc.php.dist
thomascube authored Sep 30, 2005
9 | Licensed under the GNU GPL |
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
10 | |
11 | Redistribution and use in source and binary forms, with or without |
12 | modification, are permitted provided that the following conditions |
13 | are met: |
14 | |
15 | o Redistributions of source code must retain the above copyright |
16 | notice, this list of conditions and the following disclaimer. |
17 | o Redistributions in binary form must reproduce the above copyright |
18 | notice, this list of conditions and the following disclaimer in the |
19 | documentation and/or other materials provided with the distribution.|
20 | o The names of the authors may not be used to endorse or promote |
21 | products derived from this software without specific prior written |
22 | permission. |
23 | |
24 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
25 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
26 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
27 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
28 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
29 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
30 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
31 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
32 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
33 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
34 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | |
36 +-----------------------------------------------------------------------+
37 | Author: Thomas Bruederli <roundcube@gmail.com> |
38 +-----------------------------------------------------------------------+
39
40 $Id$
41
42 */
43
44 // define global vars
45 $INSTALL_PATH = './';
46 $OUTPUT_TYPE = 'html';
47 $JS_OBJECT_NAME = 'rcmail';
5abfcc7 @thomascube better setting for include_path
thomascube authored Oct 14, 2005
48 $CURRENT_PATH=dirname($_SERVER['SCRIPT_FILENAME']);
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
49
5abfcc7 @thomascube better setting for include_path
thomascube authored Oct 14, 2005
50 if ($CURRENT_PATH!='')
51 $CURRENT_PATH.='/';
52
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
53 // set environment first
2c12662 @thomascube even better include_path setting
thomascube authored Oct 14, 2005
54 ini_set('include_path', $INSTALL_PATH.PATH_SEPARATOR.$CURRENT_PATH.'program'.PATH_SEPARATOR.$CURRENT_PATH.'program/lib'.PATH_SEPARATOR.ini_get('include_path'));
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
55 ini_set('session.name', 'sessid');
56 ini_set('session.use_cookies', 1);
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored Oct 7, 2005
57 ini_set('error_reporting', E_ALL&~E_NOTICE);
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
58
59
60 // increase maximum execution time for php scripts
00fd332 @thomascube warning clearance
thomascube authored Oct 14, 2005
61 // (does not work in safe mode)
62 @set_time_limit('120');
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
63
64
65 // include base files
66 require_once('include/rcube_shared.inc');
67 require_once('include/rcube_imap.inc');
68 require_once('include/bugs.inc');
69 require_once('include/main.inc');
70 require_once('include/cache.inc');
7902df4 @thomascube Fixed SSL support; improved Courier compatibility; some visual enhanc…
thomascube authored Oct 20, 2005
71 require_once('PEAR.php');
72
73
74 // set PEAR error handling
75 // PEAR::setErrorHandling(PEAR_ERROR_TRIGGER, E_USER_NOTICE);
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
76
77
78 // catch some url/post parameters
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored Oct 4, 2005
79 $_auth = !empty($_POST['_auth']) ? $_POST['_auth'] : $_GET['_auth'];
80 $_task = !empty($_POST['_task']) ? $_POST['_task'] : (!empty($_GET['_task']) ? $_GET['_task'] : 'mail');
81 $_action = !empty($_POST['_action']) ? $_POST['_action'] : (!empty($_GET['_action']) ? $_GET['_action'] : '');
82 $_framed = (!empty($_GET['_framed']) || !empty($_POST['_framed']));
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
83
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored Oct 7, 2005
84 if (!empty($_GET['_remote']))
85 $REMOTE_REQUEST = TRUE;
86
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
87 // start session with requested task
88 rcmail_startup($_task);
89
90 // set session related variables
91 $COMM_PATH = sprintf('./?_auth=%s&_task=%s', $sess_auth, $_task);
92 $SESS_HIDDEN_FIELD = sprintf('<input type="hidden" name="_auth" value="%s" />', $sess_auth);
93
94
95 // add framed parameter
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored Oct 4, 2005
96 if ($_framed)
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
97 {
98 $COMM_PATH .= '&_framed=1';
99 $SESS_HIDDEN_FIELD = "\n".'<input type="hidden" name="_framed" value="1" />';
100 }
101
102
103 // init necessary objects for GUI
104 load_gui();
105
106 // error steps
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored Oct 4, 2005
107 if ($_action=='error' && !empty($_GET['_code']))
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
108 {
109 raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE);
110 }
111
112
113 // try to log in
114 if ($_action=='login' && $_task=='mail')
115 {
116 $host = $_POST['_host'] ? $_POST['_host'] : $CONFIG['default_host'];
117
118 // check if client supports cookies
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored Oct 4, 2005
119 if (empty($_COOKIE))
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
120 {
121 show_message("cookiesdisabled", 'warning');
122 }
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored Oct 4, 2005
123 else if (isset($_POST['_user']) && isset($_POST['_pass']) && rcmail_login($_POST['_user'], $_POST['_pass'], $host))
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
124 {
125 // send redirect
126 header("Location: $COMM_PATH");
127 exit;
128 }
129 else
130 {
131 show_message("loginfailed", 'warning');
132 $_SESSION['user_id'] = '';
133 }
134 }
135
136 // end session
00fd332 @thomascube warning clearance
thomascube authored Oct 14, 2005
137 else if ($_action=='logout' && isset($_SESSION['user_id']))
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
138 {
139 show_message('loggedout');
140 rcmail_kill_session();
141 }
142
143 // check session cookie and auth string
144 else if ($_action!='login' && $_auth && $sess_auth)
145 {
7902df4 @thomascube Fixed SSL support; improved Courier compatibility; some visual enhanc…
thomascube authored Oct 20, 2005
146 if ($_auth !== $sess_auth || $_auth != rcmail_auth_hash($_SESSION['client_id'], $_SESSION['auth_time']) ||
147 ($CONFIG['session_lifetime'] && $SESS_CHANGED + $CONFIG['session_lifetime']*60 < mktime()))
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
148 {
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored Oct 7, 2005
149 $message = show_message('sessionerror', 'error');
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
150 rcmail_kill_session();
151 }
152 }
153
154
155 // log in to imap server
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored Oct 4, 2005
156 if (!empty($_SESSION['user_id']) && $_task=='mail')
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
157 {
7902df4 @thomascube Fixed SSL support; improved Courier compatibility; some visual enhanc…
thomascube authored Oct 20, 2005
158 $conn = $IMAP->connect($_SESSION['imap_host'], $_SESSION['username'], decrypt_passwd($_SESSION['password']), $_SESSION['imap_port'], $_SESSION['imap_ssl']);
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
159 if (!$conn)
160 {
161 show_message('imaperror', 'error');
162 $_SESSION['user_id'] = '';
163 }
7902df4 @thomascube Fixed SSL support; improved Courier compatibility; some visual enhanc…
thomascube authored Oct 20, 2005
164 else
165 rcmail_set_imap_prop();
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
166 }
167
168
169 // not logged in -> set task to 'login
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored Oct 4, 2005
170 if (empty($_SESSION['user_id']))
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored Oct 7, 2005
171 {
172 if ($REMOTE_REQUEST)
173 {
174 $message .= "setTimeout(\"location.href='\"+this.env.comm_path+\"'\", 2000);";
175 rcube_remote_response($message);
176 }
177
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
178 $_task = 'login';
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored Oct 7, 2005
179 }
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
180
181
182
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored Oct 4, 2005
183 // set task and action to client
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
184 $script = sprintf("%s.set_env('task', '%s');", $JS_OBJECT_NAME, $_task);
185 if (!empty($_action))
186 $script .= sprintf("\n%s.set_env('action', '%s');", $JS_OBJECT_NAME, $_action);
187
188 $OUTPUT->add_script($script);
189
190
191
192 // not logged in -> show login page
193 if (!$_SESSION['user_id'])
194 {
195 parse_template('login');
196 exit;
197 }
198
199
200
201 // include task specific files
202 if ($_task=='mail')
203 {
204 include_once('program/steps/mail/func.inc');
205
206 if ($_action=='show' || $_action=='print')
207 include('program/steps/mail/show.inc');
208
209 if ($_action=='get')
210 include('program/steps/mail/get.inc');
211
212 if ($_action=='moveto' || $_action=='delete')
213 include('program/steps/mail/move_del.inc');
214
215 if ($_action=='mark')
216 include('program/steps/mail/mark.inc');
217
218 if ($_action=='viewsource')
219 include('program/steps/mail/viewsource.inc');
220
221 if ($_action=='send')
222 include('program/steps/mail/sendmail.inc');
223
224 if ($_action=='upload')
225 include('program/steps/mail/upload.inc');
226
227 if ($_action=='compose')
228 include('program/steps/mail/compose.inc');
229
230 if ($_action=='addcontact')
231 include('program/steps/mail/addcontact.inc');
232
233 if ($_action=='list' && $_GET['_remote'])
234 include('program/steps/mail/list.inc');
235
236 // kill compose entry from session
237 if (isset($_SESSION['compose']))
238 rcmail_compose_cleanup();
239 }
240
241
242 // include task specific files
243 if ($_task=='addressbook')
244 {
245 include_once('program/steps/addressbook/func.inc');
246
247 if ($_action=='save')
248 include('program/steps/addressbook/save.inc');
249
250 if ($_action=='edit' || $_action=='add')
251 include('program/steps/addressbook/edit.inc');
252
253 if ($_action=='delete')
254 include('program/steps/addressbook/delete.inc');
255
256 if ($_action=='show')
257 include('program/steps/addressbook/show.inc');
258
259 if ($_action=='list' && $_GET['_remote'])
260 include('program/steps/addressbook/list.inc');
261 }
262
263
264 // include task specific files
265 if ($_task=='settings')
266 {
267 include_once('program/steps/settings/func.inc');
268
269 if ($_action=='save-identity')
270 include('program/steps/settings/save_identity.inc');
271
272 if ($_action=='add-identity' || $_action=='edit-identity')
273 include('program/steps/settings/edit_identity.inc');
274
275 if ($_action=='delete-identity')
276 include('program/steps/settings/delete_identity.inc');
277
278 if ($_action=='identities')
279 include('program/steps/settings/identities.inc');
280
281 if ($_action=='save-prefs')
282 include('program/steps/settings/save_prefs.inc');
283
284 if ($_action=='folders' || $_action=='subscribe' || $_action=='unsubscribe' || $_action=='create-folder' || $_action=='delete-folder')
285 include('program/steps/settings/manage_folders.inc');
286
287 }
288
289
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored Sep 29, 2005
290 // only allow these templates to be included
291 $valid_tasks = array('mail','settings','addressbook');
292
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
293 // parse main template
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored Sep 29, 2005
294 if (in_array($_task, $valid_tasks))
295 parse_template($_task);
296
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
297
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored Sep 29, 2005
298 // if we arrive here, something went wrong
299 raise_error(array('code' => 404,
300 'type' => 'php',
301 'line' => __LINE__,
302 'file' => __FILE__,
303 'message' => "Invalid request"), TRUE, TRUE);
304
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
305 ?>
Something went wrong with that request. Please try again.