61d9ec71 |
1 | <?php |
2 | |
3 | /** |
0c701a88 |
4 | * global.php |
61d9ec71 |
5 | * |
62f7daa5 |
6 | * This includes code to update < 4.1.0 globals to the newer format |
242342d0 |
7 | * It also has some session register functions that work across various |
62f7daa5 |
8 | * php versions. |
61d9ec71 |
9 | * |
47ccfad4 |
10 | * @copyright © 1999-2006 The SquirrelMail Project Team |
4b4abf93 |
11 | * @license http://opensource.org/licenses/gpl-license.php GNU Public License |
31841a9e |
12 | * @version $Id$ |
d6c32258 |
13 | * @package squirrelmail |
61d9ec71 |
14 | */ |
15 | |
051f6245 |
16 | /** |
2ca4c65a |
17 | */ |
7f62aaef |
18 | define('SQ_INORDER',0); |
19 | define('SQ_GET',1); |
20 | define('SQ_POST',2); |
21 | define('SQ_SESSION',3); |
22 | define('SQ_COOKIE',4); |
23 | define('SQ_SERVER',5); |
24 | define('SQ_FORM',6); |
a32985a5 |
25 | |
202bcbcc |
26 | |
62f7daa5 |
27 | /** |
28 | * returns true if current php version is at mimimum a.b.c |
29 | * |
97bdc607 |
30 | * Called: check_php_version(4,1) |
8b096f0a |
31 | * @param int a major version number |
32 | * @param int b minor version number |
33 | * @param int c release number |
34 | * @return bool |
97bdc607 |
35 | */ |
62f7daa5 |
36 | function check_php_version ($a = '0', $b = '0', $c = '0') |
9697c5ab |
37 | { |
5673cabe |
38 | return version_compare ( PHP_VERSION, "$a.$b.$c", 'ge' ); |
9697c5ab |
39 | } |
40 | |
97bdc607 |
41 | /** |
62f7daa5 |
42 | * returns true if the current internal SM version is at minimum a.b.c |
43 | * These are plain integer comparisons, as our internal version is |
97bdc607 |
44 | * constructed by us, as an array of 3 ints. |
45 | * |
46 | * Called: check_sm_version(1,3,3) |
8b096f0a |
47 | * @param int a major version number |
48 | * @param int b minor version number |
49 | * @param int c release number |
50 | * @return bool |
97bdc607 |
51 | */ |
52 | function check_sm_version($a = 0, $b = 0, $c = 0) |
53 | { |
54 | global $SQM_INTERNAL_VERSION; |
55 | if ( !isset($SQM_INTERNAL_VERSION) || |
56 | $SQM_INTERNAL_VERSION[0] < $a || |
150c28d6 |
57 | ( $SQM_INTERNAL_VERSION[0] == $a && |
58 | $SQM_INTERNAL_VERSION[1] < $b) || |
59 | ( $SQM_INTERNAL_VERSION[0] == $a && |
60 | $SQM_INTERNAL_VERSION[1] == $b && |
97bdc607 |
61 | $SQM_INTERNAL_VERSION[2] < $c ) ) { |
62 | return FALSE; |
62f7daa5 |
63 | } |
64 | return TRUE; |
97bdc607 |
65 | } |
66 | |
67 | |
8b096f0a |
68 | /** |
69 | * Recursively strip slashes from the values of an array. |
70 | * @param array array the array to strip, passed by reference |
71 | * @return void |
72 | */ |
a32985a5 |
73 | function sqstripslashes(&$array) { |
3aa17cf9 |
74 | if(count($array) > 0) { |
75 | foreach ($array as $index=>$value) { |
76 | if (is_array($array[$index])) { |
77 | sqstripslashes($array[$index]); |
78 | } |
79 | else { |
80 | $array[$index] = stripslashes($value); |
81 | } |
a32985a5 |
82 | } |
83 | } |
84 | } |
85 | |
8b096f0a |
86 | /** |
87 | * Add a variable to the session. |
88 | * @param mixed $var the variable to register |
89 | * @param string $name the name to refer to this variable |
90 | * @return void |
91 | */ |
61d9ec71 |
92 | function sqsession_register ($var, $name) { |
281c3d5b |
93 | |
94 | sqsession_is_active(); |
95 | |
62f7daa5 |
96 | $_SESSION["$name"] = $var; |
97 | |
dcc1cc82 |
98 | session_register("$name"); |
61d9ec71 |
99 | } |
3aa17cf9 |
100 | |
8b096f0a |
101 | /** |
102 | * Delete a variable from the session. |
103 | * @param string $name the name of the var to delete |
104 | * @return void |
105 | */ |
61d9ec71 |
106 | function sqsession_unregister ($name) { |
281c3d5b |
107 | |
108 | sqsession_is_active(); |
109 | |
abd74f7d |
110 | unset($_SESSION[$name]); |
62f7daa5 |
111 | |
dcc1cc82 |
112 | session_unregister("$name"); |
61d9ec71 |
113 | } |
3aa17cf9 |
114 | |
8b096f0a |
115 | /** |
116 | * Checks to see if a variable has already been registered |
117 | * in the session. |
118 | * @param string $name the name of the var to check |
119 | * @return bool whether the var has been registered |
120 | */ |
d7c82551 |
121 | function sqsession_is_registered ($name) { |
122 | $test_name = &$name; |
123 | $result = false; |
62f7daa5 |
124 | |
abd74f7d |
125 | if (isset($_SESSION[$test_name])) { |
126 | $result = true; |
d7c82551 |
127 | } |
62f7daa5 |
128 | |
d7c82551 |
129 | return $result; |
130 | } |
131 | |
4cd8ae7d |
132 | /** |
2d055f0a |
133 | * Search for the var $name in $_SESSION, $_POST, $_GET, $_COOKIE, or $_SERVER |
134 | * and set it in provided var. |
d1975c5b |
135 | * |
2d055f0a |
136 | * If $search is not provided, or if it is SQ_INORDER, it will search $_SESSION, |
137 | * then $_POST, then $_GET. If $search is SQ_FORM it will search $_POST and |
138 | * $_GET. Otherwise, use one of the defined constants to look for a var in one |
139 | * place specifically. |
d1975c5b |
140 | * |
2d055f0a |
141 | * Note: $search is an int value equal to one of the constants defined above. |
d1975c5b |
142 | * |
2d055f0a |
143 | * Example: |
144 | * sqgetGlobalVar('username',$username,SQ_SESSION); |
145 | * // No quotes around last param, it's a constant - not a string! |
d1975c5b |
146 | * |
8b096f0a |
147 | * @param string name the name of the var to search |
148 | * @param mixed value the variable to return |
149 | * @param int search constant defining where to look |
150 | * @return bool whether variable is found. |
4cd8ae7d |
151 | */ |
202bcbcc |
152 | function sqgetGlobalVar($name, &$value, $search = SQ_INORDER, $default = NULL, $typecast = false) { |
153 | |
154 | $result = false; |
f79c19a4 |
155 | |
4cd8ae7d |
156 | switch ($search) { |
62f7daa5 |
157 | /* we want the default case to be first here, |
051f6245 |
158 | so that if a valid value isn't specified, |
159 | all three arrays will be searched. */ |
d1975c5b |
160 | default: |
d9ad2525 |
161 | case SQ_INORDER: // check session, post, get |
d1975c5b |
162 | case SQ_SESSION: |
163 | if( isset($_SESSION[$name]) ) { |
4cd8ae7d |
164 | $value = $_SESSION[$name]; |
202bcbcc |
165 | $result = TRUE; |
166 | break; |
d1975c5b |
167 | } elseif ( $search == SQ_SESSION ) { |
168 | break; |
169 | } |
d9ad2525 |
170 | case SQ_FORM: // check post, get |
d1975c5b |
171 | case SQ_POST: |
172 | if( isset($_POST[$name]) ) { |
4cd8ae7d |
173 | $value = $_POST[$name]; |
202bcbcc |
174 | $result = TRUE; |
175 | break; |
d1975c5b |
176 | } elseif ( $search == SQ_POST ) { |
27d0841c |
177 | break; |
d1975c5b |
178 | } |
179 | case SQ_GET: |
180 | if ( isset($_GET[$name]) ) { |
181 | $value = $_GET[$name]; |
202bcbcc |
182 | $result = TRUE; |
183 | break; |
62f7daa5 |
184 | } |
d1975c5b |
185 | /* NO IF HERE. FOR SQ_INORDER CASE, EXIT after GET */ |
186 | break; |
187 | case SQ_COOKIE: |
188 | if ( isset($_COOKIE[$name]) ) { |
189 | $value = $_COOKIE[$name]; |
202bcbcc |
190 | $result = TRUE; |
191 | break; |
d1975c5b |
192 | } |
193 | break; |
194 | case SQ_SERVER: |
d1975c5b |
195 | if ( isset($_SERVER[$name]) ) { |
196 | $value = $_SERVER[$name]; |
202bcbcc |
197 | $result = TRUE; |
198 | break; |
d1975c5b |
199 | } |
200 | break; |
4cd8ae7d |
201 | } |
202bcbcc |
202 | if ($result && $typecast) { |
203 | switch ($typecast) { |
204 | case 'int': $value = (int) $value; break; |
205 | case 'bool': $value = (bool) $value; break; |
206 | default: break; |
207 | } |
208 | } else if (!is_null($default)) { |
209 | $value = $default; |
210 | } |
211 | return $result; |
4cd8ae7d |
212 | } |
213 | |
8b096f0a |
214 | /** |
215 | * Deletes an existing session, more advanced than the standard PHP |
216 | * session_destroy(), it explicitly deletes the cookies and global vars. |
217 | */ |
513db22c |
218 | function sqsession_destroy() { |
242342d0 |
219 | |
281c3d5b |
220 | /* |
221 | * php.net says we can kill the cookie by setting just the name: |
222 | * http://www.php.net/manual/en/function.setcookie.php |
223 | * maybe this will help fix the session merging again. |
224 | * |
225 | * Changed the theory on this to kill the cookies first starting |
226 | * a new session will provide a new session for all instances of |
227 | * the browser, we don't want that, as that is what is causing the |
228 | * merging of sessions. |
229 | */ |
242342d0 |
230 | |
f9902ccb |
231 | global $base_uri; |
f31687f6 |
232 | |
3a1de9f1 |
233 | if (isset($_COOKIE[session_name()])) sqsetcookie(session_name(), '', 0, $base_uri); |
234 | if (isset($_COOKIE['username'])) sqsetcookie('username','',0,$base_uri); |
235 | if (isset($_COOKIE['key'])) sqsetcookie('key','',0,$base_uri); |
281c3d5b |
236 | |
237 | $sessid = session_id(); |
238 | if (!empty( $sessid )) { |
abd74f7d |
239 | $_SESSION = array(); |
21e18f59 |
240 | @session_destroy(); |
242342d0 |
241 | } |
281c3d5b |
242 | } |
242342d0 |
243 | |
8b096f0a |
244 | /** |
281c3d5b |
245 | * Function to verify a session has been started. If it hasn't |
246 | * start a session up. php.net doesn't tell you that $_SESSION |
247 | * (even though autoglobal), is not created unless a session is |
248 | * started, unlike $_POST, $_GET and such |
249 | */ |
281c3d5b |
250 | function sqsession_is_active() { |
281c3d5b |
251 | $sessid = session_id(); |
252 | if ( empty( $sessid ) ) { |
3a1de9f1 |
253 | sqsession_start(); |
281c3d5b |
254 | } |
513db22c |
255 | } |
256 | |
3a1de9f1 |
257 | /** |
258 | * Function to start the session and store the cookie with the session_id as |
259 | * HttpOnly cookie which means that the cookie isn't accessible by javascript |
260 | * (IE6 only) |
261 | */ |
262 | function sqsession_start() { |
202bcbcc |
263 | global $base_uri; |
7f62aaef |
264 | |
3a1de9f1 |
265 | session_start(); |
202bcbcc |
266 | $session_id = session_id(); |
267 | |
3a1de9f1 |
268 | // session_starts sets the sessionid cookie buth without the httponly var |
269 | // setting the cookie again sets the httponly cookie attribute |
09569b55 |
270 | |
271 | // disable, @see sqsetcookie and php 5.1.2 |
272 | // sqsetcookie(session_name(),session_id(),false,$base_uri); |
3a1de9f1 |
273 | } |
274 | |
275 | |
276 | /** |
277 | * Set a cookie |
278 | * @param string $sName The name of the cookie. |
279 | * @param string $sValue The value of the cookie. |
280 | * @param int $iExpire The time the cookie expires. This is a Unix timestamp so is in number of seconds since the epoch. |
281 | * @param string $sPath The path on the server in which the cookie will be available on. |
282 | * @param string $sDomain The domain that the cookie is available. |
283 | * @param boolean $bSecure Indicates that the cookie should only be transmitted over a secure HTTPS connection. |
284 | * @param boolean $bHttpOnly Disallow JS to access the cookie (IE6 only) |
285 | * @return void |
286 | */ |
202bcbcc |
287 | function sqsetcookie($sName,$sValue,$iExpire=false,$sPath="",$sDomain="",$bSecure=false,$bHttpOnly=true,$bFlush=false) { |
288 | static $sCookieCache; |
289 | if (!isset($sCache)) { |
290 | $sCache = ''; |
291 | } |
292 | /** |
293 | * We have to send all cookies with one header call otherwise we loose cookies. |
294 | * In order to achieve that the sqsetcookieflush function calls this function with $bFlush = true. |
295 | * If that happens we send the cookie header. |
296 | */ |
297 | if ($bFlush) { |
09569b55 |
298 | // header($sCookieCache); |
202bcbcc |
299 | return; |
300 | } |
09569b55 |
301 | if (!$sName) return; |
302 | |
303 | // php 5.1.2 and 4.4.2 do not allow to send multiple headers at once. |
304 | // Because that's the only way to get this thing working we fallback to |
305 | // setcookie until we solved this |
306 | if ($iExpire===false) $iExpire = 0; |
307 | setcookie($sName, $sValue, $iExpire, $sPath); |
308 | return; |
202bcbcc |
309 | |
3a1de9f1 |
310 | $sHeader = "Set-Cookie: $sName=$sValue"; |
311 | if ($sPath) { |
6f9fa51a |
312 | $sHeader .= "; path=$sPath"; |
3a1de9f1 |
313 | } |
6f9fa51a |
314 | if ($iExpire !== false) { |
3a1de9f1 |
315 | $sHeader .= "; Max-Age=$iExpire"; |
6f9fa51a |
316 | // php uses Expire header, also add the expire header |
a1ef1d05 |
317 | $sHeader .= "; expires=". gmdate('D, d-M-Y H:i:s T',$iExpire); |
3a1de9f1 |
318 | } |
319 | if ($sDomain) { |
320 | $sHeader .= "; Domain=$sDomain"; |
321 | } |
8ca9f662 |
322 | // TODO: IE for Mac (5.2) thinks that semicolon is part of cookie domain |
3a1de9f1 |
323 | if ($bSecure) { |
324 | $sHeader .= "; Secure"; |
325 | } |
326 | if ($bHttpOnly) { |
327 | $sHeader .= "; HttpOnly"; |
328 | } |
6f9fa51a |
329 | // $sHeader .= "; Version=1"; |
202bcbcc |
330 | $sCookieCache .= $sHeader ."\r\n"; |
09569b55 |
331 | //header($sHeader."\r\n"); |
202bcbcc |
332 | } |
333 | |
334 | /** |
335 | * Send the cookie header |
336 | * |
337 | * Cookies set with sqsetcookie will bet set after a sqsetcookieflush call. |
338 | * @return void |
339 | */ |
340 | function sqsetcookieflush() { |
341 | sqsetcookie('','','','','','','',true); |
342 | } |
343 | |
344 | /** |
345 | * session_regenerate_id replacement for PHP < 4.3.2 |
346 | * |
347 | * This code is borrowed from Gallery, session.php version 1.53.2.1 |
348 | */ |
349 | if (!function_exists('session_regenerate_id')) { |
350 | function make_seed() { |
351 | list($usec, $sec) = explode(' ', microtime()); |
352 | return (float)$sec + ((float)$usec * 100000); |
353 | } |
354 | |
355 | function php_combined_lcg() { |
356 | mt_srand(make_seed()); |
357 | $tv = gettimeofday(); |
358 | $lcg['s1'] = $tv['sec'] ^ (~$tv['usec']); |
359 | $lcg['s2'] = mt_rand(); |
360 | $q = (int) ($lcg['s1'] / 53668); |
361 | $lcg['s1'] = (int) (40014 * ($lcg['s1'] - 53668 * $q) - 12211 * $q); |
362 | if ($lcg['s1'] < 0) { |
363 | $lcg['s1'] += 2147483563; |
364 | } |
365 | $q = (int) ($lcg['s2'] / 52774); |
366 | $lcg['s2'] = (int) (40692 * ($lcg['s2'] - 52774 * $q) - 3791 * $q); |
367 | if ($lcg['s2'] < 0) { |
368 | $lcg['s2'] += 2147483399; |
369 | } |
370 | $z = (int) ($lcg['s1'] - $lcg['s2']); |
371 | if ($z < 1) { |
372 | $z += 2147483562; |
373 | } |
374 | return $z * 4.656613e-10; |
375 | } |
3a1de9f1 |
376 | |
202bcbcc |
377 | function session_regenerate_id() { |
378 | global $base_uri; |
379 | $tv = gettimeofday(); |
380 | sqgetGlobalVar('REMOTE_ADDR',$remote_addr,SQ_SERVER); |
381 | $buf = sprintf("%.15s%ld%ld%0.8f", $remote_addr, $tv['sec'], $tv['usec'], php_combined_lcg() * 10); |
382 | session_id(md5($buf)); |
383 | if (ini_get('session.use_cookies')) { |
384 | // at a later stage we use sqsetcookie. At this point just do |
385 | // what session_regenerate_id would do |
386 | setcookie(session_name(), session_id(), NULL, $base_uri); |
387 | } |
388 | return TRUE; |
389 | } |
3a1de9f1 |
390 | } |
7f62aaef |
391 | |
202bcbcc |
392 | |
7f62aaef |
393 | /** |
394 | * php_self |
395 | * |
396 | * Creates an URL for the page calling this function, using either the PHP global |
397 | * REQUEST_URI, or the PHP global PHP_SELF with QUERY_STRING added. Before 1.5.1 |
398 | * function was stored in function/strings.php. |
399 | * |
400 | * @return string the complete url for this page |
401 | * @since 1.2.3 |
402 | */ |
403 | function php_self () { |
404 | if ( sqgetGlobalVar('REQUEST_URI', $req_uri, SQ_SERVER) && !empty($req_uri) ) { |
405 | return $req_uri; |
406 | } |
407 | |
408 | if ( sqgetGlobalVar('PHP_SELF', $php_self, SQ_SERVER) && !empty($php_self) ) { |
409 | |
410 | // need to add query string to end of PHP_SELF to match REQUEST_URI |
411 | // |
412 | if ( sqgetGlobalVar('QUERY_STRING', $query_string, SQ_SERVER) && !empty($query_string) ) { |
413 | $php_self .= '?' . $query_string; |
414 | } |
415 | |
416 | return $php_self; |
417 | } |
418 | |
419 | return ''; |
420 | } |