Skip to content
Newer
Older
100644 361 lines (273 sloc) 10.8 KB
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
1 <?php
2 /*
3 +-----------------------------------------------------------------------+
4 | RoundCube Webmail IMAP Client |
dd53e2b @thomascube Started integrating GoogieSpell
thomascube authored May 1, 2006
5 | Version 0.1-20060501 |
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
6 | |
7 | Copyright (C) 2005, RoundCube Dev. - Switzerland |
15fee7b @thomascube Moved config files to config/*inc.php.dist
thomascube authored Sep 30, 2005
8 | Licensed under the GNU GPL |
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
9 | |
10 | Redistribution and use in source and binary forms, with or without |
11 | modification, are permitted provided that the following conditions |
12 | are met: |
13 | |
14 | o Redistributions of source code must retain the above copyright |
15 | notice, this list of conditions and the following disclaimer. |
16 | o Redistributions in binary form must reproduce the above copyright |
17 | notice, this list of conditions and the following disclaimer in the |
18 | documentation and/or other materials provided with the distribution.|
19 | o The names of the authors may not be used to endorse or promote |
20 | products derived from this software without specific prior written |
21 | permission. |
22 | |
23 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
24 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
25 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
26 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
27 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
28 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
29 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
30 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
31 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
32 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
33 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
34 | |
35 +-----------------------------------------------------------------------+
36 | Author: Thomas Bruederli <roundcube@gmail.com> |
37 +-----------------------------------------------------------------------+
38
39 $Id$
40
41 */
42
dd53e2b @thomascube Started integrating GoogieSpell
thomascube authored May 1, 2006
43 define('RCMAIL_VERSION', '0.1-20060501');
15a9d1c @thomascube Optimized loading time; added periodic mail check; added EXPUNGE command
thomascube authored Jan 5, 2006
44
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
45 // define global vars
8c2e58b @thomascube Minor improvements and bugfixes (see changelog)
thomascube authored Mar 20, 2006
46 $CHARSET = 'UTF-8';
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
47 $OUTPUT_TYPE = 'html';
48 $JS_OBJECT_NAME = 'rcmail';
8c2e58b @thomascube Minor improvements and bugfixes (see changelog)
thomascube authored Mar 20, 2006
49 $INSTALL_PATH = dirname($_SERVER['SCRIPT_FILENAME']);
50 $MAIN_TASKS = array('mail','settings','addressbook','logout');
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
51
7cc38e0 @thomascube Added Finnish, Romanian and Chinese translation
thomascube authored Oct 31, 2005
52 if (empty($INSTALL_PATH))
53 $INSTALL_PATH = './';
54 else
55 $INSTALL_PATH .= '/';
5abfcc7 @thomascube better setting for include_path
thomascube authored Oct 14, 2005
56
d7cb774 @thomascube more pear/mdb2 integration
thomascube authored Oct 25, 2005
57 // RC include folders MUST be included FIRST to avoid other
58 // possible not compatible libraries (i.e PEAR) to be included
59 // instead the ones provided by RC
7cc38e0 @thomascube Added Finnish, Romanian and Chinese translation
thomascube authored Oct 31, 2005
60 ini_set('include_path', $INSTALL_PATH.PATH_SEPARATOR.$INSTALL_PATH.'program'.PATH_SEPARATOR.$INSTALL_PATH.'program/lib'.PATH_SEPARATOR.ini_get('include_path'));
d7cb774 @thomascube more pear/mdb2 integration
thomascube authored Oct 25, 2005
61
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
62 ini_set('session.name', 'sessid');
63 ini_set('session.use_cookies', 1);
977a295 @thomascube Usage of virtusertable; mail_domain for new users; Chinese and Turkis…
thomascube authored Dec 16, 2005
64 ini_set('session.gc_maxlifetime', 21600);
65 ini_set('session.gc_divisor', 500);
66 ini_set('error_reporting', E_ALL&~E_NOTICE);
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
67
68 // increase maximum execution time for php scripts
00fd332 @thomascube warning clearance
thomascube authored Oct 14, 2005
69 // (does not work in safe mode)
1cded85 @thomascube Re-design of caching (new database table added\!); some bugfixes; Pos…
thomascube authored Dec 3, 2005
70 @set_time_limit(120);
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
71
72 // include base files
73 require_once('include/rcube_shared.inc');
74 require_once('include/rcube_imap.inc');
75 require_once('include/bugs.inc');
76 require_once('include/main.inc');
77 require_once('include/cache.inc');
7902df4 @thomascube Fixed SSL support; improved Courier compatibility; some visual enhanc…
thomascube authored Oct 20, 2005
78 require_once('PEAR.php');
79
80
81 // set PEAR error handling
82 // PEAR::setErrorHandling(PEAR_ERROR_TRIGGER, E_USER_NOTICE);
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
83
c1ba958 @thomascube Added gzip compression support
thomascube authored Apr 13, 2006
84 // use gzip compression if supported
85 if (function_exists('ob_gzhandler'))
86 ob_start('ob_gzhandler');
87
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
88
89 // catch some url/post parameters
03f8558 @thomascube Strip tags on _auth, _action, _task parameters
thomascube authored Apr 4, 2006
90 $_auth = get_input_value('_auth', RCUBE_INPUT_GPC);
91 $_task = get_input_value('_task', RCUBE_INPUT_GPC);
92 $_action = get_input_value('_action', RCUBE_INPUT_GPC);
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored Oct 4, 2005
93 $_framed = (!empty($_GET['_framed']) || !empty($_POST['_framed']));
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
94
03f8558 @thomascube Strip tags on _auth, _action, _task parameters
thomascube authored Apr 4, 2006
95 if (empty($_task))
96 $_task = 'mail';
97
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored Oct 7, 2005
98 if (!empty($_GET['_remote']))
99 $REMOTE_REQUEST = TRUE;
100
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
101 // start session with requested task
102 rcmail_startup($_task);
103
104 // set session related variables
105 $COMM_PATH = sprintf('./?_auth=%s&_task=%s', $sess_auth, $_task);
106 $SESS_HIDDEN_FIELD = sprintf('<input type="hidden" name="_auth" value="%s" />', $sess_auth);
107
108
109 // add framed parameter
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored Oct 4, 2005
110 if ($_framed)
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
111 {
112 $COMM_PATH .= '&_framed=1';
ccfda89 @thomascube Fixed session expiration issue with SQLite
thomascube authored Nov 1, 2005
113 $SESS_HIDDEN_FIELD .= "\n".'<input type="hidden" name="_framed" value="1" />';
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
114 }
115
116
117 // init necessary objects for GUI
118 load_gui();
119
8affba5 @thomascube Improved error handling in DB connection failure
thomascube authored Mar 14, 2006
120
121 // check DB connections and exit on failure
122 if ($err_str = $DB->is_error())
123 {
124 raise_error(array('code' => 500, 'type' => 'db', 'line' => __LINE__, 'file' => __FILE__,
125 'message' => $err_str), FALSE, TRUE);
126 }
127
128
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
129 // error steps
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored Oct 4, 2005
130 if ($_action=='error' && !empty($_GET['_code']))
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
131 {
132 raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE);
133 }
134
135
136 // try to log in
137 if ($_action=='login' && $_task=='mail')
138 {
139 $host = $_POST['_host'] ? $_POST['_host'] : $CONFIG['default_host'];
140
141 // check if client supports cookies
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored Oct 4, 2005
142 if (empty($_COOKIE))
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
143 {
144 show_message("cookiesdisabled", 'warning');
145 }
ea7c46b @thomascube Improved reading of POST and GET values
thomascube authored Mar 3, 2006
146 else if (isset($_POST['_user']) && isset($_POST['_pass']) &&
147 rcmail_login(get_input_value('_user', RCUBE_INPUT_POST),
148 get_input_value('_pass', RCUBE_INPUT_POST),
149 $host))
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
150 {
151 // send redirect
152 header("Location: $COMM_PATH");
153 exit;
154 }
155 else
156 {
157 show_message("loginfailed", 'warning');
158 $_SESSION['user_id'] = '';
159 }
160 }
161
162 // end session
00fd332 @thomascube warning clearance
thomascube authored Oct 14, 2005
163 else if ($_action=='logout' && isset($_SESSION['user_id']))
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
164 {
165 show_message('loggedout');
166 rcmail_kill_session();
167 }
168
169 // check session cookie and auth string
7cc38e0 @thomascube Added Finnish, Romanian and Chinese translation
thomascube authored Oct 31, 2005
170 else if ($_action!='login' && $sess_auth && $_SESSION['user_id'])
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
171 {
7902df4 @thomascube Fixed SSL support; improved Courier compatibility; some visual enhanc…
thomascube authored Oct 20, 2005
172 if ($_auth !== $sess_auth || $_auth != rcmail_auth_hash($_SESSION['client_id'], $_SESSION['auth_time']) ||
ccfda89 @thomascube Fixed session expiration issue with SQLite
thomascube authored Nov 1, 2005
173 ($CONFIG['session_lifetime'] && isset($SESS_CHANGED) && $SESS_CHANGED + $CONFIG['session_lifetime']*60 < mktime()))
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
174 {
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored Oct 7, 2005
175 $message = show_message('sessionerror', 'error');
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
176 rcmail_kill_session();
177 }
178 }
179
180
181 // log in to imap server
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored Oct 4, 2005
182 if (!empty($_SESSION['user_id']) && $_task=='mail')
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
183 {
7902df4 @thomascube Fixed SSL support; improved Courier compatibility; some visual enhanc…
thomascube authored Oct 20, 2005
184 $conn = $IMAP->connect($_SESSION['imap_host'], $_SESSION['username'], decrypt_passwd($_SESSION['password']), $_SESSION['imap_port'], $_SESSION['imap_ssl']);
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
185 if (!$conn)
186 {
187 show_message('imaperror', 'error');
188 $_SESSION['user_id'] = '';
189 }
7902df4 @thomascube Fixed SSL support; improved Courier compatibility; some visual enhanc…
thomascube authored Oct 20, 2005
190 else
191 rcmail_set_imap_prop();
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
192 }
193
194
195 // not logged in -> set task to 'login
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored Oct 4, 2005
196 if (empty($_SESSION['user_id']))
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored Oct 7, 2005
197 {
198 if ($REMOTE_REQUEST)
199 {
200 $message .= "setTimeout(\"location.href='\"+this.env.comm_path+\"'\", 2000);";
201 rcube_remote_response($message);
202 }
203
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
204 $_task = 'login';
42b1135 @thomascube Several bugfixes and feature improvements
thomascube authored Oct 7, 2005
205 }
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
206
207
208
597170f @thomascube Added new languages, hierarchical folder tree and attachments in forw…
thomascube authored Oct 4, 2005
209 // set task and action to client
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
210 $script = sprintf("%s.set_env('task', '%s');", $JS_OBJECT_NAME, $_task);
211 if (!empty($_action))
212 $script .= sprintf("\n%s.set_env('action', '%s');", $JS_OBJECT_NAME, $_action);
213
214 $OUTPUT->add_script($script);
215
216
217
218 // not logged in -> show login page
219 if (!$_SESSION['user_id'])
220 {
221 parse_template('login');
222 exit;
223 }
224
225
1cded85 @thomascube Re-design of caching (new database table added\!); some bugfixes; Pos…
thomascube authored Dec 3, 2005
226 // handle keep-alive signal
227 if ($_action=='keep-alive')
228 {
229 rcube_remote_response('');
230 exit;
231 }
232
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
233
234 // include task specific files
235 if ($_task=='mail')
236 {
237 include_once('program/steps/mail/func.inc');
88375ff @thomascube Added RSS output (experimental)
thomascube authored Feb 5, 2006
238
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
239 if ($_action=='show' || $_action=='print')
240 include('program/steps/mail/show.inc');
241
242 if ($_action=='get')
243 include('program/steps/mail/get.inc');
244
245 if ($_action=='moveto' || $_action=='delete')
246 include('program/steps/mail/move_del.inc');
247
248 if ($_action=='mark')
249 include('program/steps/mail/mark.inc');
250
251 if ($_action=='viewsource')
252 include('program/steps/mail/viewsource.inc');
253
254 if ($_action=='send')
255 include('program/steps/mail/sendmail.inc');
256
257 if ($_action=='upload')
258 include('program/steps/mail/upload.inc');
259
260 if ($_action=='compose')
261 include('program/steps/mail/compose.inc');
262
263 if ($_action=='addcontact')
264 include('program/steps/mail/addcontact.inc');
15a9d1c @thomascube Optimized loading time; added periodic mail check; added EXPUNGE command
thomascube authored Jan 5, 2006
265
5e35126 @thomascube Added folder purge function and some checks
thomascube authored Jan 25, 2006
266 if ($_action=='expunge' || $_action=='purge')
15a9d1c @thomascube Optimized loading time; added periodic mail check; added EXPUNGE command
thomascube authored Jan 5, 2006
267 include('program/steps/mail/folders.inc');
268
269 if ($_action=='check-recent')
270 include('program/steps/mail/check_recent.inc');
271
272 if ($_action=='getunread')
273 include('program/steps/mail/getunread.inc');
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
274
4647e1b @thomascube Started implementing search function
thomascube authored Mar 23, 2006
275 if ($_action=='list' && isset($_GET['_remote']))
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
276 include('program/steps/mail/list.inc');
277
4647e1b @thomascube Started implementing search function
thomascube authored Mar 23, 2006
278 if ($_action=='search')
dd53e2b @thomascube Started integrating GoogieSpell
thomascube authored May 1, 2006
279 include('program/steps/mail/search.inc');
280
281 if ($_action=='spell')
282 include('program/steps/mail/spell.inc');
4647e1b @thomascube Started implementing search function
thomascube authored Mar 23, 2006
283
88375ff @thomascube Added RSS output (experimental)
thomascube authored Feb 5, 2006
284 if ($_action=='rss')
285 include('program/steps/mail/rss.inc');
286
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
287 // kill compose entry from session
288 if (isset($_SESSION['compose']))
289 rcmail_compose_cleanup();
01c86f2 @thomascube Minor bugfixes
thomascube authored Mar 4, 2006
290
291 // make sure the message count is refreshed
292 $IMAP->messagecount($_SESSION['mbox'], 'ALL', TRUE);
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
293 }
294
295
296 // include task specific files
297 if ($_task=='addressbook')
298 {
299 include_once('program/steps/addressbook/func.inc');
300
301 if ($_action=='save')
302 include('program/steps/addressbook/save.inc');
303
304 if ($_action=='edit' || $_action=='add')
305 include('program/steps/addressbook/edit.inc');
306
307 if ($_action=='delete')
308 include('program/steps/addressbook/delete.inc');
309
310 if ($_action=='show')
311 include('program/steps/addressbook/show.inc');
312
313 if ($_action=='list' && $_GET['_remote'])
314 include('program/steps/addressbook/list.inc');
d1d2c4f @thomascube adding files and modifications for public ldap search
thomascube authored Jan 8, 2006
315
316 if ($_action=='ldappublicsearch')
317 include('program/steps/addressbook/ldapsearchform.inc');
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
318 }
319
320
321 // include task specific files
322 if ($_task=='settings')
323 {
324 include_once('program/steps/settings/func.inc');
325
326 if ($_action=='save-identity')
327 include('program/steps/settings/save_identity.inc');
328
329 if ($_action=='add-identity' || $_action=='edit-identity')
330 include('program/steps/settings/edit_identity.inc');
331
332 if ($_action=='delete-identity')
333 include('program/steps/settings/delete_identity.inc');
334
335 if ($_action=='identities')
336 include('program/steps/settings/identities.inc');
337
338 if ($_action=='save-prefs')
339 include('program/steps/settings/save_prefs.inc');
340
341 if ($_action=='folders' || $_action=='subscribe' || $_action=='unsubscribe' || $_action=='create-folder' || $_action=='delete-folder')
342 include('program/steps/settings/manage_folders.inc');
343
344 }
345
346
347 // parse main template
8c2e58b @thomascube Minor improvements and bugfixes (see changelog)
thomascube authored Mar 20, 2006
348 // only allow these templates to be included
349 if (in_array($_task, $MAIN_TASKS))
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored Sep 29, 2005
350 parse_template($_task);
351
4e17e6c @thomascube Initial revision
thomascube authored Sep 25, 2005
352
539cd47 @thomascube Fix for URL injection vulnerability (Bug #1307966)
thomascube authored Sep 29, 2005
353 // if we arrive here, something went wrong
354 raise_error(array('code' => 404,
355 'type' => 'php',
356 'line' => __LINE__,
357 'file' => __FILE__,
358 'message' => "Invalid request"), TRUE, TRUE);
359
d1d2c4f @thomascube adding files and modifications for public ldap search
thomascube authored Jan 8, 2006
360 ?>
Something went wrong with that request. Please try again.