Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 331 lines (250 sloc) 10.278 kB
4e17e6c @thomascube Initial revision
thomascube authored
1 <?php
2 /*
3 +-----------------------------------------------------------------------+
4 | RoundCube Webmail IMAP Client |
15a9d1c @thomascube Optimized loading time; added periodic mail check; added EXPUNGE command
thomascube authored
5 | Version 0.1-20060104 |
4e17e6c @thomascube Initial revision
thomascube authored
6 | |
7 | Copyright (C) 2005, RoundCube Dev. - Switzerland |
15fee7b @thomascube Moved config files to config/*inc.php.dist
thomascube authored
8 | Licensed under the GNU GPL |
4e17e6c @thomascube Initial revision
thomascube authored
9 | |
10 | Redistribution and use in source and binary forms, with or without |
11 | modification, are permitted provided that the following conditions |
12 | are met: |
13 | |
14 | o Redistributions of source code must retain the above copyright |
15 | notice, this list of conditions and the following disclaimer. |
16 | o Redistributions in binary form must reproduce the above copyright |
17 | notice, this list of conditions and the following disclaimer in the |
18 | documentation and/or other materials provided with the distribution.|
19 | o The names of the authors may not be used to endorse or promote |
20 | products derived from this software without specific prior written |
21 | permission. |
22 | |
23 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
24 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
25 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
26 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
27 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
28 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
29 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
30 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
31 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
32 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
33 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
34 | |
35 +-----------------------------------------------------------------------+
36 | Author: Thomas Bruederli <roundcube@gmail.com> |
37 +-----------------------------------------------------------------------+
38
39 $Id$
40
41 */
42
15a9d1c @thomascube Optimized loading time; added periodic mail check; added EXPUNGE command
thomascube authored
43 define('RCMAIL_VERSION', '0.1-20060104');
44
45
4e17e6c @thomascube Initial revision
thomascube authored
46 // define global vars
7cc38e0 @thomascube Added Finnish, Romanian and Chinese translation
thomascube authored
47 $INSTALL_PATH = dirname($_SERVER['SCRIPT_FILENAME']);
4e17e6c @thomascube Initial revision
thomascube authored
48 $OUTPUT_TYPE = 'html';
49 $JS_OBJECT_NAME = 'rcmail';
50
7cc38e0 @thomascube Added Finnish, Romanian and Chinese translation
thomascube authored
51 if (empty($INSTALL_PATH))
52 $INSTALL_PATH = './';
53 else
54 $INSTALL_PATH .= '/';
5abfcc7 better setting for include_path
svncommit authored
55
d7cb774 more pear/mdb2 integration
svncommit authored
56 // RC include folders MUST be included FIRST to avoid other
57 // possible not compatible libraries (i.e PEAR) to be included
58 // instead the ones provided by RC
7cc38e0 @thomascube Added Finnish, Romanian and Chinese translation
thomascube authored
59 ini_set('include_path', $INSTALL_PATH.PATH_SEPARATOR.$INSTALL_PATH.'program'.PATH_SEPARATOR.$INSTALL_PATH.'program/lib'.PATH_SEPARATOR.ini_get('include_path'));
d7cb774 more pear/mdb2 integration
svncommit authored
60
4e17e6c @thomascube Initial revision
thomascube authored
61 ini_set('session.name', 'sessid');
62 ini_set('session.use_cookies', 1);
977a295 @thomascube Usage of virtusertable; mail_domain for new users; Chinese and Turkis…
thomascube authored
63 ini_set('session.gc_maxlifetime', 21600);
64 ini_set('session.gc_divisor', 500);
65 ini_set('error_reporting', E_ALL&~E_NOTICE);
4e17e6c @thomascube Initial revision
thomascube authored
66
67 // increase maximum execution time for php scripts
00fd332 warning clearance
svncommit authored
68 // (does not work in safe mode)
1cded85 @thomascube Re-design of caching (new database table added\!); some bugfixes; Pos…
thomascube authored
69 @set_time_limit(120);
4e17e6c @thomascube Initial revision
thomascube authored
70
71 // include base files
72 require_once('include/rcube_shared.inc');
73 require_once('include/rcube_imap.inc');
74 require_once('include/bugs.inc');
75 require_once('include/main.inc');
76 require_once('include/cache.inc');
7902df4 @thomascube Fixed SSL support; improved Courier compatibility; some visual enhanc…
thomascube authored
77 require_once('PEAR.php');
78
79
80 // set PEAR error handling
81 // PEAR::setErrorHandling(PEAR_ERROR_TRIGGER, E_USER_NOTICE);
4e17e6c @thomascube Initial revision
thomascube authored
82
83
84 // catch some url/post parameters
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored
85 $_auth = !empty($_POST['_auth']) ? $_POST['_auth'] : $_GET['_auth'];
86 $_task = !empty($_POST['_task']) ? $_POST['_task'] : (!empty($_GET['_task']) ? $_GET['_task'] : 'mail');
87 $_action = !empty($_POST['_action']) ? $_POST['_action'] : (!empty($_GET['_action']) ? $_GET['_action'] : '');
88 $_framed = (!empty($_GET['_framed']) || !empty($_POST['_framed']));
4e17e6c @thomascube Initial revision
thomascube authored
89
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored
90 if (!empty($_GET['_remote']))
91 $REMOTE_REQUEST = TRUE;
92
4e17e6c @thomascube Initial revision
thomascube authored
93 // start session with requested task
94 rcmail_startup($_task);
95
96 // set session related variables
97 $COMM_PATH = sprintf('./?_auth=%s&_task=%s', $sess_auth, $_task);
98 $SESS_HIDDEN_FIELD = sprintf('<input type="hidden" name="_auth" value="%s" />', $sess_auth);
99
100
101 // add framed parameter
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored
102 if ($_framed)
4e17e6c @thomascube Initial revision
thomascube authored
103 {
104 $COMM_PATH .= '&_framed=1';
ccfda89 @thomascube Fixed session expiration issue with SQLite
thomascube authored
105 $SESS_HIDDEN_FIELD .= "\n".'<input type="hidden" name="_framed" value="1" />';
4e17e6c @thomascube Initial revision
thomascube authored
106 }
107
108
109 // init necessary objects for GUI
110 load_gui();
111
112 // error steps
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored
113 if ($_action=='error' && !empty($_GET['_code']))
4e17e6c @thomascube Initial revision
thomascube authored
114 {
115 raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE);
116 }
117
118
119 // try to log in
120 if ($_action=='login' && $_task=='mail')
121 {
122 $host = $_POST['_host'] ? $_POST['_host'] : $CONFIG['default_host'];
123
124 // check if client supports cookies
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored
125 if (empty($_COOKIE))
4e17e6c @thomascube Initial revision
thomascube authored
126 {
127 show_message("cookiesdisabled", 'warning');
128 }
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored
129 else if (isset($_POST['_user']) && isset($_POST['_pass']) && rcmail_login($_POST['_user'], $_POST['_pass'], $host))
4e17e6c @thomascube Initial revision
thomascube authored
130 {
131 // send redirect
132 header("Location: $COMM_PATH");
133 exit;
134 }
135 else
136 {
137 show_message("loginfailed", 'warning');
138 $_SESSION['user_id'] = '';
139 }
140 }
141
142 // end session
00fd332 warning clearance
svncommit authored
143 else if ($_action=='logout' && isset($_SESSION['user_id']))
4e17e6c @thomascube Initial revision
thomascube authored
144 {
145 show_message('loggedout');
146 rcmail_kill_session();
147 }
148
149 // check session cookie and auth string
7cc38e0 @thomascube Added Finnish, Romanian and Chinese translation
thomascube authored
150 else if ($_action!='login' && $sess_auth && $_SESSION['user_id'])
4e17e6c @thomascube Initial revision
thomascube authored
151 {
7902df4 @thomascube Fixed SSL support; improved Courier compatibility; some visual enhanc…
thomascube authored
152 if ($_auth !== $sess_auth || $_auth != rcmail_auth_hash($_SESSION['client_id'], $_SESSION['auth_time']) ||
ccfda89 @thomascube Fixed session expiration issue with SQLite
thomascube authored
153 ($CONFIG['session_lifetime'] && isset($SESS_CHANGED) && $SESS_CHANGED + $CONFIG['session_lifetime']*60 < mktime()))
4e17e6c @thomascube Initial revision
thomascube authored
154 {
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored
155 $message = show_message('sessionerror', 'error');
4e17e6c @thomascube Initial revision
thomascube authored
156 rcmail_kill_session();
157 }
158 }
159
160
161 // log in to imap server
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored
162 if (!empty($_SESSION['user_id']) && $_task=='mail')
4e17e6c @thomascube Initial revision
thomascube authored
163 {
7902df4 @thomascube Fixed SSL support; improved Courier compatibility; some visual enhanc…
thomascube authored
164 $conn = $IMAP->connect($_SESSION['imap_host'], $_SESSION['username'], decrypt_passwd($_SESSION['password']), $_SESSION['imap_port'], $_SESSION['imap_ssl']);
4e17e6c @thomascube Initial revision
thomascube authored
165 if (!$conn)
166 {
167 show_message('imaperror', 'error');
168 $_SESSION['user_id'] = '';
169 }
7902df4 @thomascube Fixed SSL support; improved Courier compatibility; some visual enhanc…
thomascube authored
170 else
171 rcmail_set_imap_prop();
4e17e6c @thomascube Initial revision
thomascube authored
172 }
173
174
175 // not logged in -> set task to 'login
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored
176 if (empty($_SESSION['user_id']))
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored
177 {
178 if ($REMOTE_REQUEST)
179 {
180 $message .= "setTimeout(\"location.href='\"+this.env.comm_path+\"'\", 2000);";
181 rcube_remote_response($message);
182 }
183
4e17e6c @thomascube Initial revision
thomascube authored
184 $_task = 'login';
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored
185 }
4e17e6c @thomascube Initial revision
thomascube authored
186
187
188
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored
189 // set task and action to client
4e17e6c @thomascube Initial revision
thomascube authored
190 $script = sprintf("%s.set_env('task', '%s');", $JS_OBJECT_NAME, $_task);
191 if (!empty($_action))
192 $script .= sprintf("\n%s.set_env('action', '%s');", $JS_OBJECT_NAME, $_action);
193
194 $OUTPUT->add_script($script);
195
196
197
198 // not logged in -> show login page
199 if (!$_SESSION['user_id'])
200 {
201 parse_template('login');
202 exit;
203 }
204
205
1cded85 @thomascube Re-design of caching (new database table added\!); some bugfixes; Pos…
thomascube authored
206 // handle keep-alive signal
207 if ($_action=='keep-alive')
208 {
209 rcube_remote_response('');
210 exit;
211 }
212
4e17e6c @thomascube Initial revision
thomascube authored
213
214 // include task specific files
215 if ($_task=='mail')
216 {
217 include_once('program/steps/mail/func.inc');
218
219 if ($_action=='show' || $_action=='print')
220 include('program/steps/mail/show.inc');
221
222 if ($_action=='get')
223 include('program/steps/mail/get.inc');
224
225 if ($_action=='moveto' || $_action=='delete')
226 include('program/steps/mail/move_del.inc');
227
228 if ($_action=='mark')
229 include('program/steps/mail/mark.inc');
230
231 if ($_action=='viewsource')
232 include('program/steps/mail/viewsource.inc');
233
234 if ($_action=='send')
235 include('program/steps/mail/sendmail.inc');
236
237 if ($_action=='upload')
238 include('program/steps/mail/upload.inc');
239
240 if ($_action=='compose')
241 include('program/steps/mail/compose.inc');
242
243 if ($_action=='addcontact')
244 include('program/steps/mail/addcontact.inc');
15a9d1c @thomascube Optimized loading time; added periodic mail check; added EXPUNGE command
thomascube authored
245
246 if ($_action=='expunge')
247 include('program/steps/mail/folders.inc');
248
249 if ($_action=='check-recent')
250 include('program/steps/mail/check_recent.inc');
251
252 if ($_action=='getunread')
253 include('program/steps/mail/getunread.inc');
4e17e6c @thomascube Initial revision
thomascube authored
254
255 if ($_action=='list' && $_GET['_remote'])
256 include('program/steps/mail/list.inc');
257
258 // kill compose entry from session
259 if (isset($_SESSION['compose']))
260 rcmail_compose_cleanup();
261 }
262
263
264 // include task specific files
265 if ($_task=='addressbook')
266 {
267 include_once('program/steps/addressbook/func.inc');
268
269 if ($_action=='save')
270 include('program/steps/addressbook/save.inc');
271
272 if ($_action=='edit' || $_action=='add')
273 include('program/steps/addressbook/edit.inc');
274
275 if ($_action=='delete')
276 include('program/steps/addressbook/delete.inc');
277
278 if ($_action=='show')
279 include('program/steps/addressbook/show.inc');
280
281 if ($_action=='list' && $_GET['_remote'])
282 include('program/steps/addressbook/list.inc');
d1d2c4f adding files and modifications for public ldap search
svncommit authored
283
284 if ($_action=='ldappublicsearch')
285 include('program/steps/addressbook/ldapsearchform.inc');
4e17e6c @thomascube Initial revision
thomascube authored
286 }
287
288
289 // include task specific files
290 if ($_task=='settings')
291 {
292 include_once('program/steps/settings/func.inc');
293
294 if ($_action=='save-identity')
295 include('program/steps/settings/save_identity.inc');
296
297 if ($_action=='add-identity' || $_action=='edit-identity')
298 include('program/steps/settings/edit_identity.inc');
299
300 if ($_action=='delete-identity')
301 include('program/steps/settings/delete_identity.inc');
302
303 if ($_action=='identities')
304 include('program/steps/settings/identities.inc');
305
306 if ($_action=='save-prefs')
307 include('program/steps/settings/save_prefs.inc');
308
309 if ($_action=='folders' || $_action=='subscribe' || $_action=='unsubscribe' || $_action=='create-folder' || $_action=='delete-folder')
310 include('program/steps/settings/manage_folders.inc');
311
312 }
313
314
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored
315 // only allow these templates to be included
316 $valid_tasks = array('mail','settings','addressbook');
317
4e17e6c @thomascube Initial revision
thomascube authored
318 // parse main template
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored
319 if (in_array($_task, $valid_tasks))
320 parse_template($_task);
321
4e17e6c @thomascube Initial revision
thomascube authored
322
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored
323 // if we arrive here, something went wrong
324 raise_error(array('code' => 404,
325 'type' => 'php',
326 'line' => __LINE__,
327 'file' => __FILE__,
328 'message' => "Invalid request"), TRUE, TRUE);
329
d1d2c4f adding files and modifications for public ldap search
svncommit authored
330 ?>
Something went wrong with that request. Please try again.