202bcbcc |
1 | <?php |
2 | |
3 | /** |
4 | * init.php -- initialisation file |
5 | * |
6 | * File should be loaded in every file in src/ or plugins that occupate an entire frame |
7 | * |
8 | * @copyright © 2006 The SquirrelMail Project Team |
9 | * @license http://opensource.org/licenses/gpl-license.php GNU Public License |
10 | * @version $Id$ |
11 | * @package squirrelmail |
12 | */ |
13 | |
202bcbcc |
14 | /** |
15 | * This is a development version so in order to track programmer mistakes we |
16 | * set the error reporting to E_ALL |
17 | */ |
202bcbcc |
18 | error_reporting(E_ALL); |
19 | |
20 | |
6a2a6e44 |
21 | /** |
22 | * If register_globals are on, unregister globals. |
23 | * Code requires PHP 4.1.0 or newer. |
a3b99374 |
24 | * Second test covers boolean set as string (php_value register_globals off). |
6a2a6e44 |
25 | */ |
826ddd72 |
26 | if ((bool) @ini_get('register_globals') && |
a3b99374 |
27 | strtolower(ini_get('register_globals'))!='off') { |
6a2a6e44 |
28 | /** |
29 | * Remove all globals from $_GET, $_POST, and $_COOKIE. |
30 | */ |
31 | foreach ($_REQUEST as $key => $value) { |
32 | unset($GLOBALS[$key]); |
33 | } |
34 | /** |
35 | * Remove globalized $_FILES variables |
36 | * Before 4.3.0 $_FILES are included in $_REQUEST. |
37 | * Unglobalize them in separate call in order to remove dependency |
38 | * on PHP version. |
39 | */ |
40 | foreach ($_FILES as $key => $value) { |
41 | unset($GLOBALS[$key]); |
42 | // there are three undocumented $_FILES globals. |
43 | unset($GLOBALS[$key.'_type']); |
44 | unset($GLOBALS[$key.'_name']); |
45 | unset($GLOBALS[$key.'_size']); |
46 | } |
47 | /** |
48 | * Remove globalized environment variables. |
49 | */ |
50 | foreach ($_ENV as $key => $value) { |
51 | unset($GLOBALS[$key]); |
52 | } |
53 | /** |
54 | * Remove globalized server variables. |
55 | */ |
56 | foreach ($_SERVER as $key => $value) { |
57 | unset($GLOBALS[$key]); |
58 | } |
59 | } |
60 | |
71efd1ed |
61 | /** |
62 | * [#1518885] session.use_cookies = off breaks SquirrelMail |
63 | * |
64 | * When session cookies are not used, all http redirects, meta refreshes, |
65 | * src/download.php and javascript URLs are broken. Setting must be set |
66 | * before session is started. |
67 | */ |
68 | if (!(bool)ini_get('session.use_cookies') || |
69 | ini_get('session.use_cookies') == 'off') { |
70 | ini_set('session.use_cookies','1'); |
71 | } |
6a2a6e44 |
72 | |
202bcbcc |
73 | /** |
74 | * calculate SM_PATH and calculate the base_uri |
75 | * assumptions made: init.php is only called from plugins or from the src dir. |
76 | * files in the plugin directory may not be part of a subdirectory called "src" |
77 | * |
78 | */ |
79 | if (isset($_SERVER['SCRIPT_NAME'])) { |
80 | $a = explode('/',$_SERVER['SCRIPT_NAME']); |
81 | } elseif (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) { |
82 | $a = explode('/',$_SERVER['SCRIPT_NAME']); |
83 | } |
84 | $sSM_PATH = ''; |
85 | for($i = count($a) -2;$i > -1; --$i) { |
86 | $sSM_PATH .= '../'; |
87 | if ($a[$i] === 'src' || $a[$i] === 'plugins') { |
88 | break; |
89 | } |
90 | } |
91 | |
92 | $base_uri = implode('/',array_slice($a,0,$i)). '/'; |
93 | |
202bcbcc |
94 | define('SM_PATH',$sSM_PATH); |
6a2a6e44 |
95 | define('SM_BASE_URI', $base_uri); |
202bcbcc |
96 | /** |
97 | * global var $bInit is used to check if initialisation took place. |
98 | * At this moment it's a workarounf for the include of addrbook_search_html |
99 | * inside compose.php. If we found a better way then remove this. Do only use |
100 | * this var if you know for sure a page can be called stand alone and be included |
101 | * in another file. |
102 | */ |
103 | $bInit = true; |
104 | |
8e1e2794 |
105 | /** |
106 | * This theme as a failsafe if no themes were found, or if we error |
107 | * out before anything could be initialised. |
108 | */ |
109 | $color = array(); |
110 | $color[0] = '#DCDCDC'; /* light gray TitleBar */ |
111 | $color[1] = '#800000'; /* red */ |
112 | $color[2] = '#CC0000'; /* light red Warning/Error Messages */ |
113 | $color[3] = '#A0B8C8'; /* green-blue Left Bar Background */ |
114 | $color[4] = '#FFFFFF'; /* white Normal Background */ |
115 | $color[5] = '#FFFFCC'; /* light yellow Table Headers */ |
116 | $color[6] = '#000000'; /* black Text on left bar */ |
117 | $color[7] = '#0000CC'; /* blue Links */ |
118 | $color[8] = '#000000'; /* black Normal text */ |
119 | $color[9] = '#ABABAB'; /* mid-gray Darker version of #0 */ |
120 | $color[10] = '#666666'; /* dark gray Darker version of #9 */ |
121 | $color[11] = '#770000'; /* dark red Special Folders color */ |
122 | $color[12] = '#EDEDED'; |
123 | $color[13] = '#800000'; /* (dark red) Color for quoted text -- > 1 quote */ |
124 | $color[14] = '#ff0000'; /* (red) Color for quoted text -- >> 2 or more */ |
125 | $color[15] = '#002266'; /* (dark blue) Unselectable folders */ |
126 | $color[16] = '#ff9933'; /* (orange) Highlight color */ |
127 | |
202bcbcc |
128 | require(SM_PATH . 'functions/global.php'); |
129 | require(SM_PATH . 'config/config.php'); |
130 | require(SM_PATH . 'functions/plugin.php'); |
131 | require(SM_PATH . 'include/constants.php'); |
132 | require(SM_PATH . 'include/languages.php'); |
133 | |
134 | /** |
135 | * If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways. |
136 | * Force magic_quotes_runtime off. |
137 | * tassium@squirrelmail.org - I put it here in the hopes that all SM code includes this. |
138 | * If there's a better place, please let me know. |
139 | */ |
140 | ini_set('magic_quotes_runtime','0'); |
141 | |
142 | |
143 | /* if running with magic_quotes_gpc then strip the slashes |
144 | from POST and GET global arrays */ |
145 | if (get_magic_quotes_gpc()) { |
146 | sqstripslashes($_GET); |
147 | sqstripslashes($_POST); |
148 | } |
149 | |
202bcbcc |
150 | |
151 | /* strip any tags added to the url from PHP_SELF. |
152 | This fixes hand crafted url XXS expoits for any |
153 | page that uses PHP_SELF as the FORM action */ |
154 | $_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']); |
155 | |
156 | $PHP_SELF = php_self(); |
157 | |
158 | /** |
159 | * Initialize the session |
160 | */ |
161 | |
e8c4e350 |
162 | /** set the name of the session cookie */ |
163 | if (!isset($session_name) || !$session_name) { |
164 | $session_name = 'SQMSESSID'; |
165 | } |
166 | |
167 | /** |
168 | * if session.auto_start is On then close the session |
1d537493 |
169 | */ |
170 | $sSessionAutostartName = session_name(); |
171 | if ((isset($sSessionAutostartName) || $sSessionAutostartName == '') && |
172 | $sSessionAutostartName !== $session_name) { |
173 | $sCookiePath = ini_get('session.cookie_path'); |
174 | $sCookieDomain = ini_get('session.cookie_domain'); |
e8c4e350 |
175 | // reset the cookie |
1d537493 |
176 | setcookie($sSessionAutostartName,'',time() - 604800,$sCookiePath,$sCookieDomain); |
e8c4e350 |
177 | @session_destroy(); |
178 | session_write_close(); |
1d537493 |
179 | } |
e8c4e350 |
180 | |
202bcbcc |
181 | /** |
182 | * includes from classes stored in the session |
183 | */ |
184 | require(SM_PATH . 'class/mime.class.php'); |
185 | |
202bcbcc |
186 | ini_set('session.name' , $session_name); |
187 | session_set_cookie_params (0, $base_uri); |
188 | sqsession_is_active(); |
189 | |
202bcbcc |
190 | /** |
3464e1f4 |
191 | * DISABLED. |
202bcbcc |
192 | * Remove globalized session data in rg=on setups |
3464e1f4 |
193 | * |
194 | * Code can be utilized when session is started, but data is not loaded. |
195 | * We have already loaded configuration and other important vars. Can't |
196 | * clean session globals here. |
197 | if ((bool) @ini_get('register_globals') && |
198 | strtolower(ini_get('register_globals'))!='off') { |
202bcbcc |
199 | foreach ($_SESSION as $key => $value) { |
200 | unset($GLOBALS[$key]); |
201 | } |
202 | } |
3464e1f4 |
203 | */ |
6a2a6e44 |
204 | |
826ddd72 |
205 | sqsession_register(SM_BASE_URI,'base_uri'); |
6a2a6e44 |
206 | |
e8c4e350 |
207 | /** |
208 | * SquirrelMail version number -- DO NOT CHANGE |
209 | */ |
210 | $version = '1.5.2 [CVS]'; |
211 | |
1d537493 |
212 | /** |
213 | * SquirrelMail internal version number -- DO NOT CHANGE |
214 | * $sm_internal_version = array (release, major, minor) |
215 | */ |
216 | $SQM_INTERNAL_VERSION = array(1,5,2); |
217 | |
202bcbcc |
218 | /** |
219 | * Retrieve the language cookie |
220 | */ |
221 | if (! sqgetGlobalVar('squirrelmail_language',$squirrelmail_language,SQ_COOKIE)) { |
222 | $squirrelmail_language = ''; |
223 | } |
224 | |
225 | |
226 | /** |
227 | * @var $sInitlocation From where do we include. |
228 | */ |
229 | if (!isset($sInitLocation)) { |
230 | $sInitLocation=NULL; |
231 | } |
232 | |
233 | /** |
234 | * MAIN PLUGIN LOADING CODE HERE |
235 | */ |
236 | |
237 | /** |
238 | * Include Compatibility plugin if available. |
239 | */ |
240 | if (file_exists(SM_PATH . 'plugins/compatibility/functions.php')) |
241 | include_once(SM_PATH . 'plugins/compatibility/functions.php'); |
242 | $squirrelmail_plugin_hooks = array(); |
243 | |
244 | /* On init, register all plugins configured for use. */ |
245 | if (isset($plugins) && is_array($plugins)) { |
246 | // turn on output buffering in order to prevent output of new lines |
247 | ob_start(); |
248 | foreach ($plugins as $name) { |
249 | use_plugin($name); |
250 | } |
251 | // get output and remove whitespace |
252 | $output = trim(ob_get_contents()); |
253 | ob_end_clean(); |
254 | // if plugins output more than newlines and spacing, stop script execution. |
255 | if (!empty($output)) { |
256 | die($output); |
257 | } |
258 | } |
259 | |
260 | |
261 | switch ($sInitLocation) { |
262 | case 'style': session_write_close(); sqsetcookieflush(); break; |
263 | case 'redirect': |
4d2f7565 |
264 | /** |
826ddd72 |
265 | * directory hashing functions are needed for all setups in case |
4d2f7565 |
266 | * plugins use own pref files. |
267 | */ |
268 | require(SM_PATH . 'functions/prefs.php'); |
269 | /* hook loads custom prefs backend plugins */ |
202bcbcc |
270 | $prefs_backend = do_hook_function('prefs_backend'); |
271 | if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) { |
272 | require(SM_PATH . $prefs_backend); |
273 | } elseif (isset($prefs_dsn) && !empty($prefs_dsn)) { |
274 | require(SM_PATH . 'functions/db_prefs.php'); |
275 | } else { |
202bcbcc |
276 | require(SM_PATH . 'functions/file_prefs.php'); |
277 | } |
278 | //nobreak; |
279 | case 'login': |
280 | require(SM_PATH . 'functions/display_messages.php' ); |
281 | require(SM_PATH . 'functions/page_header.php'); |
282 | require(SM_PATH . 'functions/html.php'); |
1d537493 |
283 | /** |
284 | * cleanup old cookies with a cookie path the same as the standard php.ini |
285 | * cookie path. All previous SquirrelMail version used the standard php.ini |
286 | * cookie path for storing the session name. That behaviour changed. |
287 | */ |
288 | if ($sCookiePath !== SM_BASE_URI) { |
289 | /** |
290 | * do not delete the standard sessions with session.name is i.e. PHPSESSID |
291 | * because they probably belong to other php apps |
292 | */ |
293 | if (ini_get('session.name') !== $sSessionAutostartName) { |
294 | sqsetcookie(ini_get('session.name'),'',0,$sCookiePath); |
295 | } |
296 | } |
202bcbcc |
297 | break; |
298 | default: |
299 | require(SM_PATH . 'functions/display_messages.php' ); |
300 | require(SM_PATH . 'functions/page_header.php'); |
301 | require(SM_PATH . 'functions/html.php'); |
302 | require(SM_PATH . 'functions/strings.php'); |
303 | |
304 | |
305 | /** |
306 | * Check if we are logged in |
307 | */ |
308 | require(SM_PATH . 'functions/auth.php'); |
309 | |
310 | if ( !sqsession_is_registered('user_is_logged_in') ) { |
311 | // First we store some information in the new session to prevent |
312 | // information-loss. |
313 | // |
314 | $session_expired_post = $_POST; |
315 | $session_expired_location = $PHP_SELF; |
316 | if (!sqsession_is_registered('session_expired_post')) { |
317 | sqsession_register($session_expired_post,'session_expired_post'); |
318 | } |
319 | if (!sqsession_is_registered('session_expired_location')) { |
320 | sqsession_register($session_expired_location,'session_expired_location'); |
321 | } |
322 | // signout page will deal with users who aren't logged |
323 | // in on its own; don't show error here |
324 | // |
325 | if (strpos($PHP_SELF, 'signout.php') !== FALSE) { |
326 | return; |
327 | } |
328 | |
8efadc6b |
329 | /** |
330 | * Initialize the template object (logout_error uses it) |
331 | */ |
332 | require(SM_PATH . 'class/template/template.class.php'); |
333 | /* |
334 | * $sTplDir is not initialized when a user is not logged in, so we will use |
335 | * the config file defaults here. If the neccesary variables are net set, |
336 | * force a default value. |
337 | */ |
338 | $aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet ); |
339 | $templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default ); |
340 | |
341 | $sTplDir = ( !isset($aTemplateSet[$templateset_default]['PATH']) ? |
342 | SM_PATH . 'templates/default/' : |
343 | $aTemplateSet[$templateset_default]['PATH'] ); |
344 | $oTemplate = new Template($sTplDir); |
345 | |
202bcbcc |
346 | set_up_language($squirrelmail_language, true); |
347 | logout_error( _("You must be logged in to access this page.") ); |
348 | exit; |
349 | } |
350 | |
351 | sqgetGlobalVar('username',$username,SQ_SESSION); |
352 | |
353 | /** |
354 | * Setting the prefs backend |
355 | */ |
356 | sqgetGlobalVar('prefs_cache', $prefs_cache, SQ_SESSION ); |
357 | sqgetGlobalVar('prefs_are_cached', $prefs_are_cached, SQ_SESSION ); |
358 | |
359 | if ( !sqsession_is_registered('prefs_are_cached') || |
360 | !isset( $prefs_cache) || |
361 | !is_array( $prefs_cache)) { |
362 | $prefs_are_cached = false; |
363 | $prefs_cache = false; //array(); |
364 | } |
365 | |
4d2f7565 |
366 | /* see 'redirect' switch */ |
367 | require(SM_PATH . 'functions/prefs.php'); |
368 | |
202bcbcc |
369 | $prefs_backend = do_hook_function('prefs_backend'); |
370 | if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) { |
371 | require(SM_PATH . $prefs_backend); |
372 | } elseif (isset($prefs_dsn) && !empty($prefs_dsn)) { |
373 | require(SM_PATH . 'functions/db_prefs.php'); |
374 | } else { |
202bcbcc |
375 | require(SM_PATH . 'functions/file_prefs.php'); |
376 | } |
377 | |
378 | /** |
379 | * initializing user settings |
380 | */ |
381 | require(SM_PATH . 'include/load_prefs.php'); |
382 | |
383 | |
384 | // i do not understand the frames language cookie story |
385 | /** |
386 | * We'll need this to later have a noframes version |
387 | * |
388 | * Check if the user has a language preference, but no cookie. |
389 | * Send him a cookie with his language preference, if there is |
390 | * such discrepancy. |
391 | */ |
392 | $my_language = getPref($data_dir, $username, 'language'); |
393 | if ($my_language != $squirrelmail_language) { |
394 | sqsetcookie('squirrelmail_language', $my_language, time()+2592000, $base_uri); |
395 | } |
396 | // /dont understand |
397 | |
398 | /** |
399 | * Set up the language. |
400 | */ |
401 | $err=set_up_language(getPref($data_dir, $username, 'language')); |
402 | /* this is the last cookie we set so flush it. */ |
403 | sqsetcookieflush(); |
404 | |
405 | // Japanese translation used without mbstring support |
406 | if ($err==2) { |
407 | $sError = |
408 | "<p>You need to have PHP installed with the multibyte string function \n". |
409 | "enabled (using configure option --enable-mbstring).</p>\n". |
410 | "<p>System assumed that you accidently switched to Japanese translation \n". |
411 | "and reverted your language preference to English.</p>\n". |
412 | "<p>Please refresh this page in order to use webmail.</p>\n"; |
413 | error_box($sError); |
414 | } |
415 | |
416 | $timeZone = getPref($data_dir, $username, 'timezone'); |
417 | |
418 | /* Check to see if we are allowed to set the TZ environment variable. |
419 | * We are able to do this if ... |
420 | * safe_mode is disabled OR |
421 | * safe_mode_allowed_env_vars is empty (you are allowed to set any) OR |
422 | * safe_mode_allowed_env_vars contains TZ |
423 | */ |
424 | $tzChangeAllowed = (!ini_get('safe_mode')) || |
425 | !strcmp(ini_get('safe_mode_allowed_env_vars'),'') || |
426 | preg_match('/^([\w_]+,)*TZ/', ini_get('safe_mode_allowed_env_vars')); |
427 | |
428 | if ( $timeZone != SMPREF_NONE && ($timeZone != "") |
429 | && $tzChangeAllowed ) { |
430 | |
431 | // get time zone key, if strict or custom strict timezones are used |
432 | if (isset($time_zone_type) && |
433 | ($time_zone_type == 1 || $time_zone_type == 3)) { |
434 | /* load time zone functions */ |
435 | require(SM_PATH . 'include/timezones.php'); |
436 | $realTimeZone = sq_get_tz_key($timeZone); |
437 | } else { |
438 | $realTimeZone = $timeZone; |
439 | } |
440 | |
441 | // set time zone |
442 | if ($realTimeZone) { |
443 | putenv("TZ=".$realTimeZone); |
444 | } |
445 | } |
867fed37 |
446 | |
447 | /** |
448 | * php 5.1.0 added time zone functions. Set time zone with them in order |
449 | * to prevent E_STRICT notices and allow time zone modifications in safe_mode. |
450 | */ |
451 | if (function_exists('date_default_timezone_set')) { |
452 | if ($timeZone != SMPREF_NONE && $timeZone != "") { |
453 | date_default_timezone_set($timeZone); |
454 | } else { |
455 | // interface runs on server's time zone. Remove php E_STRICT complains |
456 | $default_timezone = @date_default_timezone_get(); |
457 | date_default_timezone_set($default_timezone); |
458 | } |
459 | } |
202bcbcc |
460 | break; |
461 | } |
462 | |
463 | /** |
464 | * Initialize the template object |
465 | */ |
466 | require(SM_PATH . 'class/template/template.class.php'); |
467 | /* |
468 | * $sTplDir is not initialized when a user is not logged in, so we will use |
469 | * the config file defaults here. If the neccesary variables are net set, |
470 | * force a default value. |
471 | */ |
472 | $aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet ); |
473 | $templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default ); |
474 | |
475 | $sTplDir = ( !isset($aTemplateSet[$templateset_default]['PATH']) ? |
476 | SM_PATH . 'templates/default/' : |
477 | $aTemplateSet[$templateset_default]['PATH'] ); |
478 | $oTemplate = new Template($sTplDir); |
479 | |
480 | /** |
481 | * Initialize our custom error handler object |
482 | */ |
483 | require(SM_PATH . 'class/error.class.php'); |
484 | $oErrorHandler = new ErrorHandler($oTemplate,'error_message.tpl'); |
485 | |
486 | /** |
487 | * Activate custom error handling |
488 | */ |
489 | if (version_compare(PHP_VERSION, "4.3.0", ">=")) { |
490 | $oldErrorHandler = set_error_handler(array($oErrorHandler, 'SquirrelMailErrorhandler')); |
491 | } else { |
492 | $oldErrorHandler = set_error_handler('SquirrelMailErrorhandler'); |
493 | } |
494 | |
495 | /** |
496 | * Javascript support detection function |
497 | * @param boolean $reset recheck javascript support if set to true. |
867fed37 |
498 | * @return integer SMPREF_JS_ON or SMPREF_JS_OFF ({@see include/constants.php}) |
202bcbcc |
499 | * @since 1.5.1 |
500 | */ |
202bcbcc |
501 | function checkForJavascript($reset = FALSE) { |
502 | global $data_dir, $username, $javascript_on, $javascript_setting; |
503 | |
504 | if ( !$reset && sqGetGlobalVar('javascript_on', $javascript_on, SQ_SESSION) ) |
505 | return $javascript_on; |
506 | |
507 | if ( $reset || !isset($javascript_setting) ) |
508 | $javascript_setting = getPref($data_dir, $username, 'javascript_setting', SMPREF_JS_AUTODETECT); |
509 | |
510 | if ( !sqGetGlobalVar('new_js_autodetect_results', $js_autodetect_results) && |
511 | !sqGetGlobalVar('js_autodetect_results', $js_autodetect_results) ) |
512 | $js_autodetect_results = SMPREF_JS_OFF; |
513 | |
514 | if ( $javascript_setting == SMPREF_JS_AUTODETECT ) |
515 | $javascript_on = $js_autodetect_results; |
516 | else |
517 | $javascript_on = $javascript_setting; |
518 | |
519 | sqsession_register($javascript_on, 'javascript_on'); |
520 | return $javascript_on; |
521 | } |
522 | |
523 | function sqm_baseuri() { |
524 | global $base_uri; |
525 | return $base_uri; |
8e1e2794 |
526 | } |