202bcbcc |
1 | <?php |
2 | |
3 | /** |
4 | * init.php -- initialisation file |
5 | * |
6 | * File should be loaded in every file in src/ or plugins that occupate an entire frame |
7 | * |
8 | * @copyright © 2006 The SquirrelMail Project Team |
9 | * @license http://opensource.org/licenses/gpl-license.php GNU Public License |
10 | * @version $Id$ |
11 | * @package squirrelmail |
12 | */ |
13 | |
202bcbcc |
14 | /** |
15 | * This is a development version so in order to track programmer mistakes we |
16 | * set the error reporting to E_ALL |
17 | */ |
202bcbcc |
18 | error_reporting(E_ALL); |
19 | |
20 | |
6a2a6e44 |
21 | /** |
22 | * If register_globals are on, unregister globals. |
23 | * Code requires PHP 4.1.0 or newer. |
a3b99374 |
24 | * Second test covers boolean set as string (php_value register_globals off). |
6a2a6e44 |
25 | */ |
826ddd72 |
26 | if ((bool) @ini_get('register_globals') && |
a3b99374 |
27 | strtolower(ini_get('register_globals'))!='off') { |
6a2a6e44 |
28 | /** |
29 | * Remove all globals from $_GET, $_POST, and $_COOKIE. |
30 | */ |
31 | foreach ($_REQUEST as $key => $value) { |
32 | unset($GLOBALS[$key]); |
33 | } |
34 | /** |
35 | * Remove globalized $_FILES variables |
36 | * Before 4.3.0 $_FILES are included in $_REQUEST. |
37 | * Unglobalize them in separate call in order to remove dependency |
38 | * on PHP version. |
39 | */ |
40 | foreach ($_FILES as $key => $value) { |
41 | unset($GLOBALS[$key]); |
42 | // there are three undocumented $_FILES globals. |
43 | unset($GLOBALS[$key.'_type']); |
44 | unset($GLOBALS[$key.'_name']); |
45 | unset($GLOBALS[$key.'_size']); |
46 | } |
47 | /** |
48 | * Remove globalized environment variables. |
49 | */ |
50 | foreach ($_ENV as $key => $value) { |
51 | unset($GLOBALS[$key]); |
52 | } |
53 | /** |
54 | * Remove globalized server variables. |
55 | */ |
56 | foreach ($_SERVER as $key => $value) { |
57 | unset($GLOBALS[$key]); |
58 | } |
59 | } |
60 | |
71efd1ed |
61 | /** |
62 | * [#1518885] session.use_cookies = off breaks SquirrelMail |
63 | * |
64 | * When session cookies are not used, all http redirects, meta refreshes, |
65 | * src/download.php and javascript URLs are broken. Setting must be set |
66 | * before session is started. |
67 | */ |
68 | if (!(bool)ini_get('session.use_cookies') || |
69 | ini_get('session.use_cookies') == 'off') { |
70 | ini_set('session.use_cookies','1'); |
71 | } |
6a2a6e44 |
72 | |
202bcbcc |
73 | /** |
74 | * calculate SM_PATH and calculate the base_uri |
75 | * assumptions made: init.php is only called from plugins or from the src dir. |
76 | * files in the plugin directory may not be part of a subdirectory called "src" |
77 | * |
78 | */ |
79 | if (isset($_SERVER['SCRIPT_NAME'])) { |
80 | $a = explode('/',$_SERVER['SCRIPT_NAME']); |
81 | } elseif (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) { |
b0829edf |
82 | $a = explode('/',$HTTP_SERVER_VARS['SCRIPT_NAME']); |
83 | } else { |
84 | $error = 'Unable to detect script environment. ' |
85 | .'Please test your PHP settings and send PHP core config, $_SERVER ' |
86 | .'and $HTTP_SERVER_VARS to SquirrelMail developers.'; |
87 | die($error); |
202bcbcc |
88 | } |
89 | $sSM_PATH = ''; |
90 | for($i = count($a) -2;$i > -1; --$i) { |
91 | $sSM_PATH .= '../'; |
92 | if ($a[$i] === 'src' || $a[$i] === 'plugins') { |
93 | break; |
94 | } |
95 | } |
96 | |
97 | $base_uri = implode('/',array_slice($a,0,$i)). '/'; |
98 | |
202bcbcc |
99 | define('SM_PATH',$sSM_PATH); |
6a2a6e44 |
100 | define('SM_BASE_URI', $base_uri); |
202bcbcc |
101 | /** |
102 | * global var $bInit is used to check if initialisation took place. |
103 | * At this moment it's a workarounf for the include of addrbook_search_html |
104 | * inside compose.php. If we found a better way then remove this. Do only use |
105 | * this var if you know for sure a page can be called stand alone and be included |
106 | * in another file. |
107 | */ |
108 | $bInit = true; |
109 | |
8e1e2794 |
110 | /** |
111 | * This theme as a failsafe if no themes were found, or if we error |
112 | * out before anything could be initialised. |
113 | */ |
114 | $color = array(); |
115 | $color[0] = '#DCDCDC'; /* light gray TitleBar */ |
116 | $color[1] = '#800000'; /* red */ |
117 | $color[2] = '#CC0000'; /* light red Warning/Error Messages */ |
118 | $color[3] = '#A0B8C8'; /* green-blue Left Bar Background */ |
119 | $color[4] = '#FFFFFF'; /* white Normal Background */ |
120 | $color[5] = '#FFFFCC'; /* light yellow Table Headers */ |
121 | $color[6] = '#000000'; /* black Text on left bar */ |
122 | $color[7] = '#0000CC'; /* blue Links */ |
123 | $color[8] = '#000000'; /* black Normal text */ |
124 | $color[9] = '#ABABAB'; /* mid-gray Darker version of #0 */ |
125 | $color[10] = '#666666'; /* dark gray Darker version of #9 */ |
126 | $color[11] = '#770000'; /* dark red Special Folders color */ |
127 | $color[12] = '#EDEDED'; |
128 | $color[13] = '#800000'; /* (dark red) Color for quoted text -- > 1 quote */ |
129 | $color[14] = '#ff0000'; /* (red) Color for quoted text -- >> 2 or more */ |
130 | $color[15] = '#002266'; /* (dark blue) Unselectable folders */ |
131 | $color[16] = '#ff9933'; /* (orange) Highlight color */ |
132 | |
202bcbcc |
133 | require(SM_PATH . 'functions/global.php'); |
134 | require(SM_PATH . 'config/config.php'); |
135 | require(SM_PATH . 'functions/plugin.php'); |
136 | require(SM_PATH . 'include/constants.php'); |
137 | require(SM_PATH . 'include/languages.php'); |
138 | |
139 | /** |
140 | * If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways. |
141 | * Force magic_quotes_runtime off. |
142 | * tassium@squirrelmail.org - I put it here in the hopes that all SM code includes this. |
143 | * If there's a better place, please let me know. |
144 | */ |
145 | ini_set('magic_quotes_runtime','0'); |
146 | |
147 | |
148 | /* if running with magic_quotes_gpc then strip the slashes |
149 | from POST and GET global arrays */ |
150 | if (get_magic_quotes_gpc()) { |
151 | sqstripslashes($_GET); |
152 | sqstripslashes($_POST); |
153 | } |
154 | |
202bcbcc |
155 | |
156 | /* strip any tags added to the url from PHP_SELF. |
157 | This fixes hand crafted url XXS expoits for any |
158 | page that uses PHP_SELF as the FORM action */ |
159 | $_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']); |
160 | |
161 | $PHP_SELF = php_self(); |
162 | |
163 | /** |
164 | * Initialize the session |
165 | */ |
166 | |
e8c4e350 |
167 | /** set the name of the session cookie */ |
168 | if (!isset($session_name) || !$session_name) { |
169 | $session_name = 'SQMSESSID'; |
170 | } |
171 | |
172 | /** |
173 | * if session.auto_start is On then close the session |
1d537493 |
174 | */ |
175 | $sSessionAutostartName = session_name(); |
176 | if ((isset($sSessionAutostartName) || $sSessionAutostartName == '') && |
177 | $sSessionAutostartName !== $session_name) { |
178 | $sCookiePath = ini_get('session.cookie_path'); |
179 | $sCookieDomain = ini_get('session.cookie_domain'); |
e8c4e350 |
180 | // reset the cookie |
1d537493 |
181 | setcookie($sSessionAutostartName,'',time() - 604800,$sCookiePath,$sCookieDomain); |
e8c4e350 |
182 | @session_destroy(); |
183 | session_write_close(); |
1d537493 |
184 | } |
e8c4e350 |
185 | |
202bcbcc |
186 | /** |
187 | * includes from classes stored in the session |
188 | */ |
189 | require(SM_PATH . 'class/mime.class.php'); |
190 | |
202bcbcc |
191 | ini_set('session.name' , $session_name); |
192 | session_set_cookie_params (0, $base_uri); |
193 | sqsession_is_active(); |
194 | |
202bcbcc |
195 | /** |
3464e1f4 |
196 | * DISABLED. |
202bcbcc |
197 | * Remove globalized session data in rg=on setups |
3464e1f4 |
198 | * |
199 | * Code can be utilized when session is started, but data is not loaded. |
200 | * We have already loaded configuration and other important vars. Can't |
201 | * clean session globals here. |
202 | if ((bool) @ini_get('register_globals') && |
203 | strtolower(ini_get('register_globals'))!='off') { |
202bcbcc |
204 | foreach ($_SESSION as $key => $value) { |
205 | unset($GLOBALS[$key]); |
206 | } |
207 | } |
3464e1f4 |
208 | */ |
6a2a6e44 |
209 | |
826ddd72 |
210 | sqsession_register(SM_BASE_URI,'base_uri'); |
6a2a6e44 |
211 | |
e8c4e350 |
212 | /** |
213 | * SquirrelMail version number -- DO NOT CHANGE |
214 | */ |
215 | $version = '1.5.2 [CVS]'; |
216 | |
1d537493 |
217 | /** |
218 | * SquirrelMail internal version number -- DO NOT CHANGE |
219 | * $sm_internal_version = array (release, major, minor) |
220 | */ |
221 | $SQM_INTERNAL_VERSION = array(1,5,2); |
222 | |
202bcbcc |
223 | /** |
224 | * Retrieve the language cookie |
225 | */ |
226 | if (! sqgetGlobalVar('squirrelmail_language',$squirrelmail_language,SQ_COOKIE)) { |
227 | $squirrelmail_language = ''; |
228 | } |
229 | |
230 | |
231 | /** |
232 | * @var $sInitlocation From where do we include. |
233 | */ |
234 | if (!isset($sInitLocation)) { |
235 | $sInitLocation=NULL; |
236 | } |
237 | |
238 | /** |
239 | * MAIN PLUGIN LOADING CODE HERE |
240 | */ |
241 | |
242 | /** |
243 | * Include Compatibility plugin if available. |
244 | */ |
245 | if (file_exists(SM_PATH . 'plugins/compatibility/functions.php')) |
246 | include_once(SM_PATH . 'plugins/compatibility/functions.php'); |
247 | $squirrelmail_plugin_hooks = array(); |
248 | |
249 | /* On init, register all plugins configured for use. */ |
250 | if (isset($plugins) && is_array($plugins)) { |
251 | // turn on output buffering in order to prevent output of new lines |
252 | ob_start(); |
253 | foreach ($plugins as $name) { |
254 | use_plugin($name); |
255 | } |
256 | // get output and remove whitespace |
257 | $output = trim(ob_get_contents()); |
258 | ob_end_clean(); |
259 | // if plugins output more than newlines and spacing, stop script execution. |
260 | if (!empty($output)) { |
261 | die($output); |
262 | } |
263 | } |
264 | |
265 | |
266 | switch ($sInitLocation) { |
267 | case 'style': session_write_close(); sqsetcookieflush(); break; |
268 | case 'redirect': |
4d2f7565 |
269 | /** |
826ddd72 |
270 | * directory hashing functions are needed for all setups in case |
4d2f7565 |
271 | * plugins use own pref files. |
272 | */ |
273 | require(SM_PATH . 'functions/prefs.php'); |
274 | /* hook loads custom prefs backend plugins */ |
202bcbcc |
275 | $prefs_backend = do_hook_function('prefs_backend'); |
276 | if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) { |
277 | require(SM_PATH . $prefs_backend); |
278 | } elseif (isset($prefs_dsn) && !empty($prefs_dsn)) { |
279 | require(SM_PATH . 'functions/db_prefs.php'); |
280 | } else { |
202bcbcc |
281 | require(SM_PATH . 'functions/file_prefs.php'); |
282 | } |
283 | //nobreak; |
284 | case 'login': |
285 | require(SM_PATH . 'functions/display_messages.php' ); |
286 | require(SM_PATH . 'functions/page_header.php'); |
287 | require(SM_PATH . 'functions/html.php'); |
1d537493 |
288 | /** |
289 | * cleanup old cookies with a cookie path the same as the standard php.ini |
290 | * cookie path. All previous SquirrelMail version used the standard php.ini |
291 | * cookie path for storing the session name. That behaviour changed. |
292 | */ |
293 | if ($sCookiePath !== SM_BASE_URI) { |
294 | /** |
295 | * do not delete the standard sessions with session.name is i.e. PHPSESSID |
296 | * because they probably belong to other php apps |
297 | */ |
298 | if (ini_get('session.name') !== $sSessionAutostartName) { |
299 | sqsetcookie(ini_get('session.name'),'',0,$sCookiePath); |
300 | } |
301 | } |
202bcbcc |
302 | break; |
303 | default: |
304 | require(SM_PATH . 'functions/display_messages.php' ); |
305 | require(SM_PATH . 'functions/page_header.php'); |
306 | require(SM_PATH . 'functions/html.php'); |
307 | require(SM_PATH . 'functions/strings.php'); |
308 | |
309 | |
310 | /** |
311 | * Check if we are logged in |
312 | */ |
313 | require(SM_PATH . 'functions/auth.php'); |
314 | |
315 | if ( !sqsession_is_registered('user_is_logged_in') ) { |
316 | // First we store some information in the new session to prevent |
317 | // information-loss. |
318 | // |
319 | $session_expired_post = $_POST; |
320 | $session_expired_location = $PHP_SELF; |
321 | if (!sqsession_is_registered('session_expired_post')) { |
322 | sqsession_register($session_expired_post,'session_expired_post'); |
323 | } |
324 | if (!sqsession_is_registered('session_expired_location')) { |
325 | sqsession_register($session_expired_location,'session_expired_location'); |
326 | } |
327 | // signout page will deal with users who aren't logged |
328 | // in on its own; don't show error here |
329 | // |
330 | if (strpos($PHP_SELF, 'signout.php') !== FALSE) { |
331 | return; |
332 | } |
333 | |
8efadc6b |
334 | /** |
335 | * Initialize the template object (logout_error uses it) |
336 | */ |
337 | require(SM_PATH . 'class/template/template.class.php'); |
338 | /* |
339 | * $sTplDir is not initialized when a user is not logged in, so we will use |
340 | * the config file defaults here. If the neccesary variables are net set, |
341 | * force a default value. |
342 | */ |
343 | $aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet ); |
344 | $templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default ); |
345 | |
346 | $sTplDir = ( !isset($aTemplateSet[$templateset_default]['PATH']) ? |
347 | SM_PATH . 'templates/default/' : |
348 | $aTemplateSet[$templateset_default]['PATH'] ); |
349 | $oTemplate = new Template($sTplDir); |
350 | |
202bcbcc |
351 | set_up_language($squirrelmail_language, true); |
352 | logout_error( _("You must be logged in to access this page.") ); |
353 | exit; |
354 | } |
355 | |
356 | sqgetGlobalVar('username',$username,SQ_SESSION); |
357 | |
358 | /** |
359 | * Setting the prefs backend |
360 | */ |
361 | sqgetGlobalVar('prefs_cache', $prefs_cache, SQ_SESSION ); |
362 | sqgetGlobalVar('prefs_are_cached', $prefs_are_cached, SQ_SESSION ); |
363 | |
364 | if ( !sqsession_is_registered('prefs_are_cached') || |
365 | !isset( $prefs_cache) || |
366 | !is_array( $prefs_cache)) { |
367 | $prefs_are_cached = false; |
368 | $prefs_cache = false; //array(); |
369 | } |
370 | |
4d2f7565 |
371 | /* see 'redirect' switch */ |
372 | require(SM_PATH . 'functions/prefs.php'); |
373 | |
202bcbcc |
374 | $prefs_backend = do_hook_function('prefs_backend'); |
375 | if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) { |
376 | require(SM_PATH . $prefs_backend); |
377 | } elseif (isset($prefs_dsn) && !empty($prefs_dsn)) { |
378 | require(SM_PATH . 'functions/db_prefs.php'); |
379 | } else { |
202bcbcc |
380 | require(SM_PATH . 'functions/file_prefs.php'); |
381 | } |
382 | |
383 | /** |
384 | * initializing user settings |
385 | */ |
386 | require(SM_PATH . 'include/load_prefs.php'); |
387 | |
388 | |
389 | // i do not understand the frames language cookie story |
390 | /** |
391 | * We'll need this to later have a noframes version |
392 | * |
393 | * Check if the user has a language preference, but no cookie. |
394 | * Send him a cookie with his language preference, if there is |
395 | * such discrepancy. |
396 | */ |
397 | $my_language = getPref($data_dir, $username, 'language'); |
398 | if ($my_language != $squirrelmail_language) { |
399 | sqsetcookie('squirrelmail_language', $my_language, time()+2592000, $base_uri); |
400 | } |
401 | // /dont understand |
402 | |
403 | /** |
404 | * Set up the language. |
405 | */ |
406 | $err=set_up_language(getPref($data_dir, $username, 'language')); |
407 | /* this is the last cookie we set so flush it. */ |
408 | sqsetcookieflush(); |
409 | |
410 | // Japanese translation used without mbstring support |
411 | if ($err==2) { |
412 | $sError = |
413 | "<p>You need to have PHP installed with the multibyte string function \n". |
414 | "enabled (using configure option --enable-mbstring).</p>\n". |
415 | "<p>System assumed that you accidently switched to Japanese translation \n". |
416 | "and reverted your language preference to English.</p>\n". |
417 | "<p>Please refresh this page in order to use webmail.</p>\n"; |
418 | error_box($sError); |
419 | } |
420 | |
421 | $timeZone = getPref($data_dir, $username, 'timezone'); |
422 | |
423 | /* Check to see if we are allowed to set the TZ environment variable. |
424 | * We are able to do this if ... |
425 | * safe_mode is disabled OR |
426 | * safe_mode_allowed_env_vars is empty (you are allowed to set any) OR |
427 | * safe_mode_allowed_env_vars contains TZ |
428 | */ |
429 | $tzChangeAllowed = (!ini_get('safe_mode')) || |
430 | !strcmp(ini_get('safe_mode_allowed_env_vars'),'') || |
431 | preg_match('/^([\w_]+,)*TZ/', ini_get('safe_mode_allowed_env_vars')); |
432 | |
433 | if ( $timeZone != SMPREF_NONE && ($timeZone != "") |
434 | && $tzChangeAllowed ) { |
435 | |
436 | // get time zone key, if strict or custom strict timezones are used |
437 | if (isset($time_zone_type) && |
438 | ($time_zone_type == 1 || $time_zone_type == 3)) { |
439 | /* load time zone functions */ |
440 | require(SM_PATH . 'include/timezones.php'); |
441 | $realTimeZone = sq_get_tz_key($timeZone); |
442 | } else { |
443 | $realTimeZone = $timeZone; |
444 | } |
445 | |
446 | // set time zone |
447 | if ($realTimeZone) { |
448 | putenv("TZ=".$realTimeZone); |
449 | } |
450 | } |
867fed37 |
451 | |
452 | /** |
453 | * php 5.1.0 added time zone functions. Set time zone with them in order |
454 | * to prevent E_STRICT notices and allow time zone modifications in safe_mode. |
455 | */ |
456 | if (function_exists('date_default_timezone_set')) { |
457 | if ($timeZone != SMPREF_NONE && $timeZone != "") { |
458 | date_default_timezone_set($timeZone); |
459 | } else { |
460 | // interface runs on server's time zone. Remove php E_STRICT complains |
461 | $default_timezone = @date_default_timezone_get(); |
462 | date_default_timezone_set($default_timezone); |
463 | } |
464 | } |
202bcbcc |
465 | break; |
466 | } |
467 | |
468 | /** |
469 | * Initialize the template object |
470 | */ |
471 | require(SM_PATH . 'class/template/template.class.php'); |
472 | /* |
473 | * $sTplDir is not initialized when a user is not logged in, so we will use |
474 | * the config file defaults here. If the neccesary variables are net set, |
475 | * force a default value. |
476 | */ |
477 | $aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet ); |
478 | $templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default ); |
479 | |
480 | $sTplDir = ( !isset($aTemplateSet[$templateset_default]['PATH']) ? |
481 | SM_PATH . 'templates/default/' : |
482 | $aTemplateSet[$templateset_default]['PATH'] ); |
483 | $oTemplate = new Template($sTplDir); |
484 | |
485 | /** |
486 | * Initialize our custom error handler object |
487 | */ |
488 | require(SM_PATH . 'class/error.class.php'); |
489 | $oErrorHandler = new ErrorHandler($oTemplate,'error_message.tpl'); |
490 | |
491 | /** |
492 | * Activate custom error handling |
493 | */ |
494 | if (version_compare(PHP_VERSION, "4.3.0", ">=")) { |
495 | $oldErrorHandler = set_error_handler(array($oErrorHandler, 'SquirrelMailErrorhandler')); |
496 | } else { |
497 | $oldErrorHandler = set_error_handler('SquirrelMailErrorhandler'); |
498 | } |
499 | |
500 | /** |
501 | * Javascript support detection function |
502 | * @param boolean $reset recheck javascript support if set to true. |
867fed37 |
503 | * @return integer SMPREF_JS_ON or SMPREF_JS_OFF ({@see include/constants.php}) |
202bcbcc |
504 | * @since 1.5.1 |
505 | */ |
202bcbcc |
506 | function checkForJavascript($reset = FALSE) { |
507 | global $data_dir, $username, $javascript_on, $javascript_setting; |
508 | |
509 | if ( !$reset && sqGetGlobalVar('javascript_on', $javascript_on, SQ_SESSION) ) |
510 | return $javascript_on; |
511 | |
512 | if ( $reset || !isset($javascript_setting) ) |
513 | $javascript_setting = getPref($data_dir, $username, 'javascript_setting', SMPREF_JS_AUTODETECT); |
514 | |
515 | if ( !sqGetGlobalVar('new_js_autodetect_results', $js_autodetect_results) && |
516 | !sqGetGlobalVar('js_autodetect_results', $js_autodetect_results) ) |
517 | $js_autodetect_results = SMPREF_JS_OFF; |
518 | |
519 | if ( $javascript_setting == SMPREF_JS_AUTODETECT ) |
520 | $javascript_on = $js_autodetect_results; |
521 | else |
522 | $javascript_on = $javascript_setting; |
523 | |
524 | sqsession_register($javascript_on, 'javascript_on'); |
525 | return $javascript_on; |
526 | } |
527 | |
528 | function sqm_baseuri() { |
529 | global $base_uri; |
530 | return $base_uri; |
8e1e2794 |
531 | } |