Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 316 lines (241 sloc) 9.897 kb
4e17e6c @thomascube Initial revision
thomascube authored
1 <?php
2
3 /*
4 +-----------------------------------------------------------------------+
5 | RoundCube Webmail IMAP Client |
749b07c @thomascube IMAP bugfixes, better signature handling
thomascube authored
6 | Version 0.1-20051214 |
4e17e6c @thomascube Initial revision
thomascube authored
7 | |
8 | Copyright (C) 2005, RoundCube Dev. - Switzerland |
15fee7b @thomascube Moved config files to config/*inc.php.dist
thomascube authored
9 | Licensed under the GNU GPL |
4e17e6c @thomascube Initial revision
thomascube authored
10 | |
11 | Redistribution and use in source and binary forms, with or without |
12 | modification, are permitted provided that the following conditions |
13 | are met: |
14 | |
15 | o Redistributions of source code must retain the above copyright |
16 | notice, this list of conditions and the following disclaimer. |
17 | o Redistributions in binary form must reproduce the above copyright |
18 | notice, this list of conditions and the following disclaimer in the |
19 | documentation and/or other materials provided with the distribution.|
20 | o The names of the authors may not be used to endorse or promote |
21 | products derived from this software without specific prior written |
22 | permission. |
23 | |
24 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
25 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
26 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
27 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
28 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
29 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
30 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
31 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
32 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
33 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
34 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | |
36 +-----------------------------------------------------------------------+
37 | Author: Thomas Bruederli <roundcube@gmail.com> |
38 +-----------------------------------------------------------------------+
39
40 $Id$
41
42 */
43
44 // define global vars
7cc38e0 @thomascube Added Finnish, Romanian and Chinese translation
thomascube authored
45 $INSTALL_PATH = dirname($_SERVER['SCRIPT_FILENAME']);
4e17e6c @thomascube Initial revision
thomascube authored
46 $OUTPUT_TYPE = 'html';
47 $JS_OBJECT_NAME = 'rcmail';
48
7cc38e0 @thomascube Added Finnish, Romanian and Chinese translation
thomascube authored
49 if (empty($INSTALL_PATH))
50 $INSTALL_PATH = './';
51 else
52 $INSTALL_PATH .= '/';
5abfcc7 better setting for include_path
svncommit authored
53
d7cb774 more pear/mdb2 integration
svncommit authored
54 // RC include folders MUST be included FIRST to avoid other
55 // possible not compatible libraries (i.e PEAR) to be included
56 // instead the ones provided by RC
7cc38e0 @thomascube Added Finnish, Romanian and Chinese translation
thomascube authored
57 ini_set('include_path', $INSTALL_PATH.PATH_SEPARATOR.$INSTALL_PATH.'program'.PATH_SEPARATOR.$INSTALL_PATH.'program/lib'.PATH_SEPARATOR.ini_get('include_path'));
d7cb774 more pear/mdb2 integration
svncommit authored
58
4e17e6c @thomascube Initial revision
thomascube authored
59 ini_set('session.name', 'sessid');
60 ini_set('session.use_cookies', 1);
977a295 @thomascube Usage of virtusertable; mail_domain for new users; Chinese and Turkish l...
thomascube authored
61 ini_set('session.gc_maxlifetime', 21600);
62 ini_set('session.gc_divisor', 500);
63 ini_set('error_reporting', E_ALL&~E_NOTICE);
4e17e6c @thomascube Initial revision
thomascube authored
64
65 // increase maximum execution time for php scripts
00fd332 warning clearance
svncommit authored
66 // (does not work in safe mode)
1cded85 @thomascube Re-design of caching (new database table added\!); some bugfixes; Postgr...
thomascube authored
67 @set_time_limit(120);
4e17e6c @thomascube Initial revision
thomascube authored
68
69 // include base files
70 require_once('include/rcube_shared.inc');
71 require_once('include/rcube_imap.inc');
72 require_once('include/bugs.inc');
73 require_once('include/main.inc');
74 require_once('include/cache.inc');
7902df4 @thomascube Fixed SSL support; improved Courier compatibility; some visual enhanceme...
thomascube authored
75 require_once('PEAR.php');
76
77
78 // set PEAR error handling
79 // PEAR::setErrorHandling(PEAR_ERROR_TRIGGER, E_USER_NOTICE);
4e17e6c @thomascube Initial revision
thomascube authored
80
81
82 // catch some url/post parameters
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forward...
thomascube authored
83 $_auth = !empty($_POST['_auth']) ? $_POST['_auth'] : $_GET['_auth'];
84 $_task = !empty($_POST['_task']) ? $_POST['_task'] : (!empty($_GET['_task']) ? $_GET['_task'] : 'mail');
85 $_action = !empty($_POST['_action']) ? $_POST['_action'] : (!empty($_GET['_action']) ? $_GET['_action'] : '');
86 $_framed = (!empty($_GET['_framed']) || !empty($_POST['_framed']));
4e17e6c @thomascube Initial revision
thomascube authored
87
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored
88 if (!empty($_GET['_remote']))
89 $REMOTE_REQUEST = TRUE;
90
4e17e6c @thomascube Initial revision
thomascube authored
91 // start session with requested task
92 rcmail_startup($_task);
93
94 // set session related variables
95 $COMM_PATH = sprintf('./?_auth=%s&_task=%s', $sess_auth, $_task);
96 $SESS_HIDDEN_FIELD = sprintf('<input type="hidden" name="_auth" value="%s" />', $sess_auth);
97
98
99 // add framed parameter
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forward...
thomascube authored
100 if ($_framed)
4e17e6c @thomascube Initial revision
thomascube authored
101 {
102 $COMM_PATH .= '&_framed=1';
ccfda89 @thomascube Fixed session expiration issue with SQLite
thomascube authored
103 $SESS_HIDDEN_FIELD .= "\n".'<input type="hidden" name="_framed" value="1" />';
4e17e6c @thomascube Initial revision
thomascube authored
104 }
105
106
107 // init necessary objects for GUI
108 load_gui();
109
110 // error steps
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forward...
thomascube authored
111 if ($_action=='error' && !empty($_GET['_code']))
4e17e6c @thomascube Initial revision
thomascube authored
112 {
113 raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE);
114 }
115
116
117 // try to log in
118 if ($_action=='login' && $_task=='mail')
119 {
120 $host = $_POST['_host'] ? $_POST['_host'] : $CONFIG['default_host'];
121
122 // check if client supports cookies
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forward...
thomascube authored
123 if (empty($_COOKIE))
4e17e6c @thomascube Initial revision
thomascube authored
124 {
125 show_message("cookiesdisabled", 'warning');
126 }
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forward...
thomascube authored
127 else if (isset($_POST['_user']) && isset($_POST['_pass']) && rcmail_login($_POST['_user'], $_POST['_pass'], $host))
4e17e6c @thomascube Initial revision
thomascube authored
128 {
129 // send redirect
130 header("Location: $COMM_PATH");
131 exit;
132 }
133 else
134 {
135 show_message("loginfailed", 'warning');
136 $_SESSION['user_id'] = '';
137 }
138 }
139
140 // end session
00fd332 warning clearance
svncommit authored
141 else if ($_action=='logout' && isset($_SESSION['user_id']))
4e17e6c @thomascube Initial revision
thomascube authored
142 {
143 show_message('loggedout');
144 rcmail_kill_session();
145 }
146
147 // check session cookie and auth string
7cc38e0 @thomascube Added Finnish, Romanian and Chinese translation
thomascube authored
148 else if ($_action!='login' && $sess_auth && $_SESSION['user_id'])
4e17e6c @thomascube Initial revision
thomascube authored
149 {
7902df4 @thomascube Fixed SSL support; improved Courier compatibility; some visual enhanceme...
thomascube authored
150 if ($_auth !== $sess_auth || $_auth != rcmail_auth_hash($_SESSION['client_id'], $_SESSION['auth_time']) ||
ccfda89 @thomascube Fixed session expiration issue with SQLite
thomascube authored
151 ($CONFIG['session_lifetime'] && isset($SESS_CHANGED) && $SESS_CHANGED + $CONFIG['session_lifetime']*60 < mktime()))
4e17e6c @thomascube Initial revision
thomascube authored
152 {
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored
153 $message = show_message('sessionerror', 'error');
4e17e6c @thomascube Initial revision
thomascube authored
154 rcmail_kill_session();
155 }
156 }
157
158
159 // log in to imap server
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forward...
thomascube authored
160 if (!empty($_SESSION['user_id']) && $_task=='mail')
4e17e6c @thomascube Initial revision
thomascube authored
161 {
7902df4 @thomascube Fixed SSL support; improved Courier compatibility; some visual enhanceme...
thomascube authored
162 $conn = $IMAP->connect($_SESSION['imap_host'], $_SESSION['username'], decrypt_passwd($_SESSION['password']), $_SESSION['imap_port'], $_SESSION['imap_ssl']);
4e17e6c @thomascube Initial revision
thomascube authored
163 if (!$conn)
164 {
165 show_message('imaperror', 'error');
166 $_SESSION['user_id'] = '';
167 }
7902df4 @thomascube Fixed SSL support; improved Courier compatibility; some visual enhanceme...
thomascube authored
168 else
169 rcmail_set_imap_prop();
4e17e6c @thomascube Initial revision
thomascube authored
170 }
171
172
173 // not logged in -> set task to 'login
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forward...
thomascube authored
174 if (empty($_SESSION['user_id']))
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored
175 {
176 if ($REMOTE_REQUEST)
177 {
178 $message .= "setTimeout(\"location.href='\"+this.env.comm_path+\"'\", 2000);";
179 rcube_remote_response($message);
180 }
181
4e17e6c @thomascube Initial revision
thomascube authored
182 $_task = 'login';
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored
183 }
4e17e6c @thomascube Initial revision
thomascube authored
184
185
186
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forward...
thomascube authored
187 // set task and action to client
4e17e6c @thomascube Initial revision
thomascube authored
188 $script = sprintf("%s.set_env('task', '%s');", $JS_OBJECT_NAME, $_task);
189 if (!empty($_action))
190 $script .= sprintf("\n%s.set_env('action', '%s');", $JS_OBJECT_NAME, $_action);
191
192 $OUTPUT->add_script($script);
193
194
195
196 // not logged in -> show login page
197 if (!$_SESSION['user_id'])
198 {
199 parse_template('login');
200 exit;
201 }
202
203
1cded85 @thomascube Re-design of caching (new database table added\!); some bugfixes; Postgr...
thomascube authored
204 // handle keep-alive signal
205 if ($_action=='keep-alive')
206 {
207 rcube_remote_response('');
208 exit;
209 }
210
4e17e6c @thomascube Initial revision
thomascube authored
211
212 // include task specific files
213 if ($_task=='mail')
214 {
215 include_once('program/steps/mail/func.inc');
216
217 if ($_action=='show' || $_action=='print')
218 include('program/steps/mail/show.inc');
219
220 if ($_action=='get')
221 include('program/steps/mail/get.inc');
222
223 if ($_action=='moveto' || $_action=='delete')
224 include('program/steps/mail/move_del.inc');
225
226 if ($_action=='mark')
227 include('program/steps/mail/mark.inc');
228
229 if ($_action=='viewsource')
230 include('program/steps/mail/viewsource.inc');
231
232 if ($_action=='send')
233 include('program/steps/mail/sendmail.inc');
234
235 if ($_action=='upload')
236 include('program/steps/mail/upload.inc');
237
238 if ($_action=='compose')
239 include('program/steps/mail/compose.inc');
240
241 if ($_action=='addcontact')
242 include('program/steps/mail/addcontact.inc');
243
244 if ($_action=='list' && $_GET['_remote'])
245 include('program/steps/mail/list.inc');
246
247 // kill compose entry from session
248 if (isset($_SESSION['compose']))
249 rcmail_compose_cleanup();
250 }
251
252
253 // include task specific files
254 if ($_task=='addressbook')
255 {
256 include_once('program/steps/addressbook/func.inc');
257
258 if ($_action=='save')
259 include('program/steps/addressbook/save.inc');
260
261 if ($_action=='edit' || $_action=='add')
262 include('program/steps/addressbook/edit.inc');
263
264 if ($_action=='delete')
265 include('program/steps/addressbook/delete.inc');
266
267 if ($_action=='show')
268 include('program/steps/addressbook/show.inc');
269
270 if ($_action=='list' && $_GET['_remote'])
271 include('program/steps/addressbook/list.inc');
272 }
273
274
275 // include task specific files
276 if ($_task=='settings')
277 {
278 include_once('program/steps/settings/func.inc');
279
280 if ($_action=='save-identity')
281 include('program/steps/settings/save_identity.inc');
282
283 if ($_action=='add-identity' || $_action=='edit-identity')
284 include('program/steps/settings/edit_identity.inc');
285
286 if ($_action=='delete-identity')
287 include('program/steps/settings/delete_identity.inc');
288
289 if ($_action=='identities')
290 include('program/steps/settings/identities.inc');
291
292 if ($_action=='save-prefs')
293 include('program/steps/settings/save_prefs.inc');
294
295 if ($_action=='folders' || $_action=='subscribe' || $_action=='unsubscribe' || $_action=='create-folder' || $_action=='delete-folder')
296 include('program/steps/settings/manage_folders.inc');
297
298 }
299
300
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored
301 // only allow these templates to be included
302 $valid_tasks = array('mail','settings','addressbook');
303
4e17e6c @thomascube Initial revision
thomascube authored
304 // parse main template
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored
305 if (in_array($_task, $valid_tasks))
306 parse_template($_task);
307
4e17e6c @thomascube Initial revision
thomascube authored
308
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored
309 // if we arrive here, something went wrong
310 raise_error(array('code' => 404,
311 'type' => 'php',
312 'line' => __LINE__,
313 'file' => __FILE__,
314 'message' => "Invalid request"), TRUE, TRUE);
315
4e17e6c @thomascube Initial revision
thomascube authored
316 ?>
Something went wrong with that request. Please try again.