Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 232 lines (194 sloc) 7.754 kB
4e17e6c @thomascube Initial revision
thomascube authored
1 <?php
2 /*
a6f90e1 @alecpl -fixed disclaimer
alecpl authored
3 +-------------------------------------------------------------------------+
4 | RoundCube Webmail IMAP Client |
48aff91 @thomascube Moved code block to a more appropriate position + codestyle
thomascube authored
5 | Version 0.2-20080829 |
a6f90e1 @alecpl -fixed disclaimer
alecpl authored
6 | |
cbbef37 @till * bumping up copyright (happy new year ;-))
till authored
7 | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland |
a6f90e1 @alecpl -fixed disclaimer
alecpl authored
8 | |
9 | This program is free software; you can redistribute it and/or modify |
10 | it under the terms of the GNU General Public License version 2 |
11 | as published by the Free Software Foundation. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License along |
19 | with this program; if not, write to the Free Software Foundation, Inc., |
20 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
21 | |
22 +-------------------------------------------------------------------------+
23 | Author: Thomas Bruederli <roundcube@gmail.com> |
24 +-------------------------------------------------------------------------+
4e17e6c @thomascube Initial revision
thomascube authored
25
26 $Id$
27
28 */
29
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
30 // include environment
31 require_once 'program/include/iniset.php';
15a9d1c @thomascube Optimized loading time; added periodic mail check; added EXPUNGE command
thomascube authored
32
83a7636 @thomascube More code cleanup
thomascube authored
33 // init application and start session with requested task
34 $RCMAIL = rcmail::get_instance();
35
36 // init output class
37 $OUTPUT = !empty($_REQUEST['_remote']) ? $RCMAIL->init_json() : $RCMAIL->load_gui(!empty($_REQUEST['_framed']));
38
2f2f15b @thomascube Little improvements for message parsing and encoding
thomascube authored
39 // set output buffering
197601e @thomascube Next step: introduce the application class 'rcmail' and get rid of so…
thomascube authored
40 if ($RCMAIL->action != 'get' && $RCMAIL->action != 'viewsource') {
2f2f15b @thomascube Little improvements for message parsing and encoding
thomascube authored
41 // use gzip compression if supported
03fcc16 @till * fixing warning reported in #1484851
till authored
42 if (function_exists('ob_gzhandler')
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
43 && !ini_get('zlib.output_compression')
44 && ini_get('output_handler') != 'ob_gzhandler') {
2f2f15b @thomascube Little improvements for message parsing and encoding
thomascube authored
45 ob_start('ob_gzhandler');
03fcc16 @till * fixing warning reported in #1484851
till authored
46 }
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
47 else {
2f2f15b @thomascube Little improvements for message parsing and encoding
thomascube authored
48 ob_start();
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
49 }
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
50 }
2f2f15b @thomascube Little improvements for message parsing and encoding
thomascube authored
51
8c72e33 @thomascube Show appropriate error message if config files are missing
thomascube authored
52 // check if config files had errors
53 if ($err_str = $RCMAIL->config->get_error()) {
54 raise_error(array(
55 'code' => 601,
56 'type' => 'php',
57 'message' => $err_str), false, true);
58 }
59
8affba5 @thomascube Improved error handling in DB connection failure
thomascube authored
60 // check DB connections and exit on failure
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
61 if ($err_str = $DB->is_error()) {
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
62 raise_error(array(
63 'code' => 603,
64 'type' => 'db',
65 'message' => $err_str), FALSE, TRUE);
66 }
8affba5 @thomascube Improved error handling in DB connection failure
thomascube authored
67
4e17e6c @thomascube Initial revision
thomascube authored
68 // error steps
197601e @thomascube Next step: introduce the application class 'rcmail' and get rid of so…
thomascube authored
69 if ($RCMAIL->action=='error' && !empty($_GET['_code'])) {
4e17e6c @thomascube Initial revision
thomascube authored
70 raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE);
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
71 }
4e17e6c @thomascube Initial revision
thomascube authored
72
73 // try to log in
197601e @thomascube Next step: introduce the application class 'rcmail' and get rid of so…
thomascube authored
74 if ($RCMAIL->action=='login' && $RCMAIL->task=='mail') {
1854c45 @thomascube More code cleanup + oop-ization
thomascube authored
75 $host = $RCMAIL->autoselect_host();
4e17e6c @thomascube Initial revision
thomascube authored
76
77 // check if client supports cookies
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
78 if (empty($_COOKIE)) {
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
79 $OUTPUT->show_message("cookiesdisabled", 'warning');
80 }
b2265ae @alecpl #1485584: display proper warning on login with empty user and pass
alecpl authored
81 else if ($_SESSION['temp'] && !empty($_POST['_user']) && !empty($_POST['_pass']) &&
197601e @thomascube Next step: introduce the application class 'rcmail' and get rid of so…
thomascube authored
82 $RCMAIL->login(trim(get_input_value('_user', RCUBE_INPUT_POST), ' '),
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
83 get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1'), $host)) {
aad6e2a @thomascube New session authentication, should fix bugs #1483951 and #1484299; te…
thomascube authored
84 // create new session ID
85 unset($_SESSION['temp']);
2e3ce3e @thomascube Add rcube name prefixes + codestyle
thomascube authored
86 rcube_sess_regenerate_id();
aad6e2a @thomascube New session authentication, should fix bugs #1483951 and #1484299; te…
thomascube authored
87
88 // send auth cookie if necessary
1854c45 @thomascube More code cleanup + oop-ization
thomascube authored
89 $RCMAIL->authenticate_session();
aad6e2a @thomascube New session authentication, should fix bugs #1483951 and #1484299; te…
thomascube authored
90
5e0045b Add option to log successful logins.
svncommit authored
91 // log successful login
c8a21d6 @thomascube Killed one more global var + log logins to a separate file (not console)
thomascube authored
92 if ($RCMAIL->config->get('log_logins')) {
93 write_log('userlogins', sprintf('Successful login for %s (id %d) from %s',
94 $RCMAIL->user->get_username(),
95 $RCMAIL->user->ID,
96 $_SERVER['REMOTE_ADDR']));
97 }
5e0045b Add option to log successful logins.
svncommit authored
98
4e17e6c @thomascube Initial revision
thomascube authored
99 // send redirect
c719f3c @thomascube Store compose parameters in session and redirect to a unique URL
thomascube authored
100 $OUTPUT->redirect();
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
101 }
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
102 else {
7342d7e @alecpl - re-fix r2095
alecpl authored
103 $OUTPUT->show_message($IMAP->error_code < -1 ? 'imaperror' : 'loginfailed', 'warning');
1854c45 @thomascube More code cleanup + oop-ization
thomascube authored
104 $RCMAIL->kill_session();
4e17e6c @thomascube Initial revision
thomascube authored
105 }
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
106 }
4e17e6c @thomascube Initial revision
thomascube authored
107
108 // end session
197601e @thomascube Next step: introduce the application class 'rcmail' and get rid of so…
thomascube authored
109 else if (($RCMAIL->task=='logout' || $RCMAIL->action=='logout') && isset($_SESSION['user_id'])) {
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
110 $OUTPUT->show_message('loggedout');
1854c45 @thomascube More code cleanup + oop-ization
thomascube authored
111 $RCMAIL->logout_actions();
112 $RCMAIL->kill_session();
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
113 }
4e17e6c @thomascube Initial revision
thomascube authored
114
bac7d17 @thomascube Fixed bugs #1364122, #1468895, ticket #1483811 and other minor bugs
thomascube authored
115 // check session and auth cookie
197601e @thomascube Next step: introduce the application class 'rcmail' and get rid of so…
thomascube authored
116 else if ($RCMAIL->action != 'login' && $_SESSION['user_id'] && $RCMAIL->action != 'send') {
1854c45 @thomascube More code cleanup + oop-ization
thomascube authored
117 if (!$RCMAIL->authenticate_session()) {
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
118 $OUTPUT->show_message('sessionerror', 'error');
1854c45 @thomascube More code cleanup + oop-ization
thomascube authored
119 $RCMAIL->kill_session();
4e17e6c @thomascube Initial revision
thomascube authored
120 }
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
121 }
4e17e6c @thomascube Initial revision
thomascube authored
122
123
719a257 @thomascube Some bugfixes, security issues + minor improvements
thomascube authored
124 // check client X-header to verify request origin
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
125 if ($OUTPUT->ajax_call) {
835ae85 @thomascube Fix some recently introduced bugs
thomascube authored
126 if (!$RCMAIL->config->get('devel_mode') && !rc_request_header('X-RoundCube-Referer')) {
719a257 @thomascube Some bugfixes, security issues + minor improvements
thomascube authored
127 header('HTTP/1.1 404 Not Found');
128 die("Invalid Request");
129 }
130 }
131
4e17e6c @thomascube Initial revision
thomascube authored
132
133 // not logged in -> show login page
197601e @thomascube Next step: introduce the application class 'rcmail' and get rid of so…
thomascube authored
134 if (empty($RCMAIL->user->ID)) {
83a7636 @thomascube More code cleanup
thomascube authored
135
136 if ($OUTPUT->ajax_call)
c719f3c @thomascube Store compose parameters in session and redirect to a unique URL
thomascube authored
137 $OUTPUT->redirect(array(), 2000);
83a7636 @thomascube More code cleanup
thomascube authored
138
330127a @thomascube Disable PHP notices + check for installer script on login page
thomascube authored
139 // check if installer is still active
83a7636 @thomascube More code cleanup
thomascube authored
140 if ($RCMAIL->config->get('enable_installer') && is_readable('./installer/index.php')) {
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
141 $OUTPUT->add_footer(html::div(array('style' => "background:#ef9398; border:2px solid #dc5757; padding:0.5em; margin:2em auto; width:50em"),
142 html::tag('h2', array('style' => "margin-top:0.2em"), "Installer script is still accessible") .
143 html::p(null, "The install script of your RoundCube installation is still stored in its default location!") .
144 html::p(null, "Please <b>remove</b> the whole <tt>installer</tt> folder from the RoundCube directory because .
145 these files may expose sensitive configuration data like server passwords and encryption keys
146 to the public. Make sure you cannot access the <a href=\"./installer/\">installer script</a> from your browser.")
147 )
148 );
149 }
330127a @thomascube Disable PHP notices + check for installer script on login page
thomascube authored
150
bbf15d8 @alecpl - fixed task setting on login
alecpl authored
151 $OUTPUT->set_env('task', 'login');
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
152 $OUTPUT->send('login');
153 }
4e17e6c @thomascube Initial revision
thomascube authored
154
155
1cded85 @thomascube Re-design of caching (new database table added\!); some bugfixes; Pos…
thomascube authored
156 // handle keep-alive signal
48aff91 @thomascube Moved code block to a more appropriate position + codestyle
thomascube authored
157 if ($RCMAIL->action == 'keep-alive') {
158 $OUTPUT->reset();
159 $OUTPUT->send();
160 }
161 // save preference value
162 else if ($RCMAIL->action == 'save-pref') {
163 $RCMAIL->user->save_prefs(array(get_input_value('_name', RCUBE_INPUT_POST) => get_input_value('_value', RCUBE_INPUT_POST)));
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
164 $OUTPUT->reset();
83a7636 @thomascube More code cleanup
thomascube authored
165 $OUTPUT->send();
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
166 }
1cded85 @thomascube Re-design of caching (new database table added\!); some bugfixes; Pos…
thomascube authored
167
4e17e6c @thomascube Initial revision
thomascube authored
168
6ea6c9b @thomascube Simplify step inclusion in controller (index.php)
thomascube authored
169 // map task/action to a certain include file
170 $action_map = array(
171 'mail' => array(
172 'preview' => 'show.inc',
173 'print' => 'show.inc',
174 'moveto' => 'move_del.inc',
175 'delete' => 'move_del.inc',
176 'send' => 'sendmail.inc',
177 'expunge' => 'folders.inc',
178 'purge' => 'folders.inc',
133bb07 @alecpl - performance: skip imap connection for attachments actions
alecpl authored
179 'remove-attachment' => 'attachments.inc',
180 'display-attachment' => 'attachments.inc',
181 'upload' => 'attachments.inc',
6ea6c9b @thomascube Simplify step inclusion in controller (index.php)
thomascube authored
182 ),
4e17e6c @thomascube Initial revision
thomascube authored
183
6ea6c9b @thomascube Simplify step inclusion in controller (index.php)
thomascube authored
184 'addressbook' => array(
185 'add' => 'edit.inc',
186 ),
4e17e6c @thomascube Initial revision
thomascube authored
187
6ea6c9b @thomascube Simplify step inclusion in controller (index.php)
thomascube authored
188 'settings' => array(
189 'folders' => 'manage_folders.inc',
190 'create-folder' => 'manage_folders.inc',
191 'rename-folder' => 'manage_folders.inc',
192 'delete-folder' => 'manage_folders.inc',
193 'subscribe' => 'manage_folders.inc',
194 'unsubscribe' => 'manage_folders.inc',
195 'add-identity' => 'edit_identity.inc',
196 )
197 );
198
199 // include task specific functions
200 include_once 'program/steps/'.$RCMAIL->task.'/func.inc';
201
202 // allow 5 "redirects" to another action
203 $redirects = 0; $incstep = null;
204 while ($redirects < 5) {
205 $stepfile = !empty($action_map[$RCMAIL->task][$RCMAIL->action]) ?
206 $action_map[$RCMAIL->task][$RCMAIL->action] : strtr($RCMAIL->action, '-', '_') . '.inc';
207
208 // try to include the step file
209 if (is_file(($incfile = 'program/steps/'.$RCMAIL->task.'/'.$stepfile))) {
210 include($incfile);
211 $redirects++;
212 }
213 else {
214 break;
215 }
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
216 }
4e17e6c @thomascube Initial revision
thomascube authored
217
218
6ea6c9b @thomascube Simplify step inclusion in controller (index.php)
thomascube authored
219 // parse main template (default)
197601e @thomascube Next step: introduce the application class 'rcmail' and get rid of so…
thomascube authored
220 $OUTPUT->send($RCMAIL->task);
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored
221
4e17e6c @thomascube Initial revision
thomascube authored
222
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored
223 // if we arrive here, something went wrong
f115416 @thomascube Merged branch devel-addressbook from r443 back to trunk
thomascube authored
224 raise_error(array(
225 'code' => 404,
226 'type' => 'php',
227 'line' => __LINE__,
228 'file' => __FILE__,
47124c2 @thomascube Changed codebase to PHP5 with autoloader + added some new classes fro…
thomascube authored
229 'message' => "Invalid request"), true, true);
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored
230
d1d2c4f adding files and modifications for public ldap search
svncommit authored
231 ?>
Something went wrong with that request. Please try again.