Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 350 lines (264 sloc) 10.843 kB
4e17e6c @thomascube Initial revision
thomascube authored
1 <?php
2 /*
3 +-----------------------------------------------------------------------+
4 | RoundCube Webmail IMAP Client |
8affba5 @thomascube Improved error handling in DB connection failure
thomascube authored
5 | Version 0.1-20060314 |
4e17e6c @thomascube Initial revision
thomascube authored
6 | |
7 | Copyright (C) 2005, RoundCube Dev. - Switzerland |
15fee7b @thomascube Moved config files to config/*inc.php.dist
thomascube authored
8 | Licensed under the GNU GPL |
4e17e6c @thomascube Initial revision
thomascube authored
9 | |
10 | Redistribution and use in source and binary forms, with or without |
11 | modification, are permitted provided that the following conditions |
12 | are met: |
13 | |
14 | o Redistributions of source code must retain the above copyright |
15 | notice, this list of conditions and the following disclaimer. |
16 | o Redistributions in binary form must reproduce the above copyright |
17 | notice, this list of conditions and the following disclaimer in the |
18 | documentation and/or other materials provided with the distribution.|
19 | o The names of the authors may not be used to endorse or promote |
20 | products derived from this software without specific prior written |
21 | permission. |
22 | |
23 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
24 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
25 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
26 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
27 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
28 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
29 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
30 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
31 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
32 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
33 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
34 | |
35 +-----------------------------------------------------------------------+
36 | Author: Thomas Bruederli <roundcube@gmail.com> |
37 +-----------------------------------------------------------------------+
38
39 $Id$
40
41 */
42
13c1afb @thomascube Fixed some charset bugs
thomascube authored
43 define('RCMAIL_VERSION', '0.1-20060220');
15a9d1c @thomascube Optimized loading time; added periodic mail check; added EXPUNGE command
thomascube authored
44
45
4e17e6c @thomascube Initial revision
thomascube authored
46 // define global vars
7cc38e0 @thomascube Added Finnish, Romanian and Chinese translation
thomascube authored
47 $INSTALL_PATH = dirname($_SERVER['SCRIPT_FILENAME']);
4e17e6c @thomascube Initial revision
thomascube authored
48 $OUTPUT_TYPE = 'html';
49 $JS_OBJECT_NAME = 'rcmail';
d2006d7 @thomascube Cleaned charset support
thomascube authored
50 $CHARSET = 'UTF-8';
4e17e6c @thomascube Initial revision
thomascube authored
51
7cc38e0 @thomascube Added Finnish, Romanian and Chinese translation
thomascube authored
52 if (empty($INSTALL_PATH))
53 $INSTALL_PATH = './';
54 else
55 $INSTALL_PATH .= '/';
5abfcc7 better setting for include_path
svncommit authored
56
d7cb774 more pear/mdb2 integration
svncommit authored
57 // RC include folders MUST be included FIRST to avoid other
58 // possible not compatible libraries (i.e PEAR) to be included
59 // instead the ones provided by RC
7cc38e0 @thomascube Added Finnish, Romanian and Chinese translation
thomascube authored
60 ini_set('include_path', $INSTALL_PATH.PATH_SEPARATOR.$INSTALL_PATH.'program'.PATH_SEPARATOR.$INSTALL_PATH.'program/lib'.PATH_SEPARATOR.ini_get('include_path'));
d7cb774 more pear/mdb2 integration
svncommit authored
61
4e17e6c @thomascube Initial revision
thomascube authored
62 ini_set('session.name', 'sessid');
63 ini_set('session.use_cookies', 1);
977a295 @thomascube Usage of virtusertable; mail_domain for new users; Chinese and Turkis…
thomascube authored
64 ini_set('session.gc_maxlifetime', 21600);
65 ini_set('session.gc_divisor', 500);
66 ini_set('error_reporting', E_ALL&~E_NOTICE);
4e17e6c @thomascube Initial revision
thomascube authored
67
68 // increase maximum execution time for php scripts
00fd332 warning clearance
svncommit authored
69 // (does not work in safe mode)
1cded85 @thomascube Re-design of caching (new database table added\!); some bugfixes; Pos…
thomascube authored
70 @set_time_limit(120);
4e17e6c @thomascube Initial revision
thomascube authored
71
72 // include base files
73 require_once('include/rcube_shared.inc');
74 require_once('include/rcube_imap.inc');
75 require_once('include/bugs.inc');
76 require_once('include/main.inc');
77 require_once('include/cache.inc');
7902df4 @thomascube Fixed SSL support; improved Courier compatibility; some visual enhanc…
thomascube authored
78 require_once('PEAR.php');
79
80
81 // set PEAR error handling
82 // PEAR::setErrorHandling(PEAR_ERROR_TRIGGER, E_USER_NOTICE);
4e17e6c @thomascube Initial revision
thomascube authored
83
84
85 // catch some url/post parameters
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored
86 $_auth = !empty($_POST['_auth']) ? $_POST['_auth'] : $_GET['_auth'];
87 $_task = !empty($_POST['_task']) ? $_POST['_task'] : (!empty($_GET['_task']) ? $_GET['_task'] : 'mail');
88 $_action = !empty($_POST['_action']) ? $_POST['_action'] : (!empty($_GET['_action']) ? $_GET['_action'] : '');
89 $_framed = (!empty($_GET['_framed']) || !empty($_POST['_framed']));
4e17e6c @thomascube Initial revision
thomascube authored
90
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored
91 if (!empty($_GET['_remote']))
92 $REMOTE_REQUEST = TRUE;
93
4e17e6c @thomascube Initial revision
thomascube authored
94 // start session with requested task
95 rcmail_startup($_task);
96
97 // set session related variables
98 $COMM_PATH = sprintf('./?_auth=%s&_task=%s', $sess_auth, $_task);
99 $SESS_HIDDEN_FIELD = sprintf('<input type="hidden" name="_auth" value="%s" />', $sess_auth);
100
101
102 // add framed parameter
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored
103 if ($_framed)
4e17e6c @thomascube Initial revision
thomascube authored
104 {
105 $COMM_PATH .= '&_framed=1';
ccfda89 @thomascube Fixed session expiration issue with SQLite
thomascube authored
106 $SESS_HIDDEN_FIELD .= "\n".'<input type="hidden" name="_framed" value="1" />';
4e17e6c @thomascube Initial revision
thomascube authored
107 }
108
109
110 // init necessary objects for GUI
111 load_gui();
112
8affba5 @thomascube Improved error handling in DB connection failure
thomascube authored
113
114 // check DB connections and exit on failure
115 if ($err_str = $DB->is_error())
116 {
117 raise_error(array('code' => 500, 'type' => 'db', 'line' => __LINE__, 'file' => __FILE__,
118 'message' => $err_str), FALSE, TRUE);
119 }
120
121
4e17e6c @thomascube Initial revision
thomascube authored
122 // error steps
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored
123 if ($_action=='error' && !empty($_GET['_code']))
4e17e6c @thomascube Initial revision
thomascube authored
124 {
125 raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE);
126 }
127
128
129 // try to log in
130 if ($_action=='login' && $_task=='mail')
131 {
132 $host = $_POST['_host'] ? $_POST['_host'] : $CONFIG['default_host'];
133
134 // check if client supports cookies
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored
135 if (empty($_COOKIE))
4e17e6c @thomascube Initial revision
thomascube authored
136 {
137 show_message("cookiesdisabled", 'warning');
138 }
ea7c46b @thomascube Improved reading of POST and GET values
thomascube authored
139 else if (isset($_POST['_user']) && isset($_POST['_pass']) &&
140 rcmail_login(get_input_value('_user', RCUBE_INPUT_POST),
141 get_input_value('_pass', RCUBE_INPUT_POST),
142 $host))
4e17e6c @thomascube Initial revision
thomascube authored
143 {
144 // send redirect
145 header("Location: $COMM_PATH");
146 exit;
147 }
148 else
149 {
150 show_message("loginfailed", 'warning');
151 $_SESSION['user_id'] = '';
152 }
153 }
154
155 // end session
00fd332 warning clearance
svncommit authored
156 else if ($_action=='logout' && isset($_SESSION['user_id']))
4e17e6c @thomascube Initial revision
thomascube authored
157 {
158 show_message('loggedout');
159 rcmail_kill_session();
160 }
161
162 // check session cookie and auth string
7cc38e0 @thomascube Added Finnish, Romanian and Chinese translation
thomascube authored
163 else if ($_action!='login' && $sess_auth && $_SESSION['user_id'])
4e17e6c @thomascube Initial revision
thomascube authored
164 {
7902df4 @thomascube Fixed SSL support; improved Courier compatibility; some visual enhanc…
thomascube authored
165 if ($_auth !== $sess_auth || $_auth != rcmail_auth_hash($_SESSION['client_id'], $_SESSION['auth_time']) ||
ccfda89 @thomascube Fixed session expiration issue with SQLite
thomascube authored
166 ($CONFIG['session_lifetime'] && isset($SESS_CHANGED) && $SESS_CHANGED + $CONFIG['session_lifetime']*60 < mktime()))
4e17e6c @thomascube Initial revision
thomascube authored
167 {
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored
168 $message = show_message('sessionerror', 'error');
4e17e6c @thomascube Initial revision
thomascube authored
169 rcmail_kill_session();
170 }
171 }
172
173
174 // log in to imap server
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored
175 if (!empty($_SESSION['user_id']) && $_task=='mail')
4e17e6c @thomascube Initial revision
thomascube authored
176 {
7902df4 @thomascube Fixed SSL support; improved Courier compatibility; some visual enhanc…
thomascube authored
177 $conn = $IMAP->connect($_SESSION['imap_host'], $_SESSION['username'], decrypt_passwd($_SESSION['password']), $_SESSION['imap_port'], $_SESSION['imap_ssl']);
4e17e6c @thomascube Initial revision
thomascube authored
178 if (!$conn)
179 {
180 show_message('imaperror', 'error');
181 $_SESSION['user_id'] = '';
182 }
7902df4 @thomascube Fixed SSL support; improved Courier compatibility; some visual enhanc…
thomascube authored
183 else
184 rcmail_set_imap_prop();
4e17e6c @thomascube Initial revision
thomascube authored
185 }
186
187
188 // not logged in -> set task to 'login
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored
189 if (empty($_SESSION['user_id']))
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored
190 {
191 if ($REMOTE_REQUEST)
192 {
193 $message .= "setTimeout(\"location.href='\"+this.env.comm_path+\"'\", 2000);";
194 rcube_remote_response($message);
195 }
196
4e17e6c @thomascube Initial revision
thomascube authored
197 $_task = 'login';
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored
198 }
4e17e6c @thomascube Initial revision
thomascube authored
199
200
201
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored
202 // set task and action to client
4e17e6c @thomascube Initial revision
thomascube authored
203 $script = sprintf("%s.set_env('task', '%s');", $JS_OBJECT_NAME, $_task);
204 if (!empty($_action))
205 $script .= sprintf("\n%s.set_env('action', '%s');", $JS_OBJECT_NAME, $_action);
206
207 $OUTPUT->add_script($script);
208
209
210
211 // not logged in -> show login page
212 if (!$_SESSION['user_id'])
213 {
214 parse_template('login');
215 exit;
216 }
217
218
1cded85 @thomascube Re-design of caching (new database table added\!); some bugfixes; Pos…
thomascube authored
219 // handle keep-alive signal
220 if ($_action=='keep-alive')
221 {
222 rcube_remote_response('');
223 exit;
224 }
225
4e17e6c @thomascube Initial revision
thomascube authored
226
227 // include task specific files
228 if ($_task=='mail')
229 {
230 include_once('program/steps/mail/func.inc');
88375ff @thomascube Added RSS output (experimental)
thomascube authored
231
4e17e6c @thomascube Initial revision
thomascube authored
232 if ($_action=='show' || $_action=='print')
233 include('program/steps/mail/show.inc');
234
235 if ($_action=='get')
236 include('program/steps/mail/get.inc');
237
238 if ($_action=='moveto' || $_action=='delete')
239 include('program/steps/mail/move_del.inc');
240
241 if ($_action=='mark')
242 include('program/steps/mail/mark.inc');
243
244 if ($_action=='viewsource')
245 include('program/steps/mail/viewsource.inc');
246
247 if ($_action=='send')
248 include('program/steps/mail/sendmail.inc');
249
250 if ($_action=='upload')
251 include('program/steps/mail/upload.inc');
252
253 if ($_action=='compose')
254 include('program/steps/mail/compose.inc');
255
256 if ($_action=='addcontact')
257 include('program/steps/mail/addcontact.inc');
15a9d1c @thomascube Optimized loading time; added periodic mail check; added EXPUNGE command
thomascube authored
258
5e35126 @thomascube Added folder purge function and some checks
thomascube authored
259 if ($_action=='expunge' || $_action=='purge')
15a9d1c @thomascube Optimized loading time; added periodic mail check; added EXPUNGE command
thomascube authored
260 include('program/steps/mail/folders.inc');
261
262 if ($_action=='check-recent')
263 include('program/steps/mail/check_recent.inc');
264
265 if ($_action=='getunread')
266 include('program/steps/mail/getunread.inc');
4e17e6c @thomascube Initial revision
thomascube authored
267
268 if ($_action=='list' && $_GET['_remote'])
269 include('program/steps/mail/list.inc');
270
88375ff @thomascube Added RSS output (experimental)
thomascube authored
271 if ($_action=='rss')
272 include('program/steps/mail/rss.inc');
273
4e17e6c @thomascube Initial revision
thomascube authored
274 // kill compose entry from session
275 if (isset($_SESSION['compose']))
276 rcmail_compose_cleanup();
01c86f2 @thomascube Minor bugfixes
thomascube authored
277
278 // make sure the message count is refreshed
279 $IMAP->messagecount($_SESSION['mbox'], 'ALL', TRUE);
4e17e6c @thomascube Initial revision
thomascube authored
280 }
281
282
283 // include task specific files
284 if ($_task=='addressbook')
285 {
286 include_once('program/steps/addressbook/func.inc');
287
288 if ($_action=='save')
289 include('program/steps/addressbook/save.inc');
290
291 if ($_action=='edit' || $_action=='add')
292 include('program/steps/addressbook/edit.inc');
293
294 if ($_action=='delete')
295 include('program/steps/addressbook/delete.inc');
296
297 if ($_action=='show')
298 include('program/steps/addressbook/show.inc');
299
300 if ($_action=='list' && $_GET['_remote'])
301 include('program/steps/addressbook/list.inc');
d1d2c4f adding files and modifications for public ldap search
svncommit authored
302
303 if ($_action=='ldappublicsearch')
304 include('program/steps/addressbook/ldapsearchform.inc');
4e17e6c @thomascube Initial revision
thomascube authored
305 }
306
307
308 // include task specific files
309 if ($_task=='settings')
310 {
311 include_once('program/steps/settings/func.inc');
312
313 if ($_action=='save-identity')
314 include('program/steps/settings/save_identity.inc');
315
316 if ($_action=='add-identity' || $_action=='edit-identity')
317 include('program/steps/settings/edit_identity.inc');
318
319 if ($_action=='delete-identity')
320 include('program/steps/settings/delete_identity.inc');
321
322 if ($_action=='identities')
323 include('program/steps/settings/identities.inc');
324
325 if ($_action=='save-prefs')
326 include('program/steps/settings/save_prefs.inc');
327
328 if ($_action=='folders' || $_action=='subscribe' || $_action=='unsubscribe' || $_action=='create-folder' || $_action=='delete-folder')
329 include('program/steps/settings/manage_folders.inc');
330
331 }
332
333
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored
334 // only allow these templates to be included
335 $valid_tasks = array('mail','settings','addressbook');
336
4e17e6c @thomascube Initial revision
thomascube authored
337 // parse main template
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored
338 if (in_array($_task, $valid_tasks))
339 parse_template($_task);
340
4e17e6c @thomascube Initial revision
thomascube authored
341
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored
342 // if we arrive here, something went wrong
343 raise_error(array('code' => 404,
344 'type' => 'php',
345 'line' => __LINE__,
346 'file' => __FILE__,
347 'message' => "Invalid request"), TRUE, TRUE);
348
d1d2c4f adding files and modifications for public ldap search
svncommit authored
349 ?>
Something went wrong with that request. Please try again.