| 1 | <?php |
| 2 | |
| 3 | /** |
| 4 | * login.php -- simple login screen |
| 5 | * |
| 6 | * This a simple login screen. Some housekeeping is done to clean |
| 7 | * cookies and find language. |
| 8 | * |
| 9 | * @copyright © 1999-2007 The SquirrelMail Project Team |
| 10 | * @license http://opensource.org/licenses/gpl-license.php GNU Public License |
| 11 | * @version $Id$ |
| 12 | * @package squirrelmail |
| 13 | */ |
| 14 | |
| 15 | /** This is the login page */ |
| 16 | define('PAGE_NAME', 'login'); |
| 17 | |
| 18 | /** |
| 19 | * Include the SquirrelMail initialization file. |
| 20 | */ |
| 21 | require('../include/init.php'); |
| 22 | |
| 23 | /* SquirrelMail required files. */ |
| 24 | require_once(SM_PATH . 'functions/imap_general.php'); |
| 25 | require_once(SM_PATH . 'functions/forms.php'); |
| 26 | |
| 27 | /** |
| 28 | * $squirrelmail_language is set by a cookie when the user selects |
| 29 | * language and logs out |
| 30 | */ |
| 31 | set_up_language($squirrelmail_language, TRUE, TRUE); |
| 32 | |
| 33 | /** |
| 34 | * In case the last session was not terminated properly, make sure |
| 35 | * we get a new one, but make sure we preserve session_expired_* |
| 36 | */ |
| 37 | $sep = ''; |
| 38 | $sel = ''; |
| 39 | sqGetGlobalVar('session_expired_post', $sep, SQ_SESSION); |
| 40 | sqGetGlobalVar('session_expired_location', $sel, SQ_SESSION); |
| 41 | |
| 42 | /* blow away session */ |
| 43 | sqsession_destroy(); |
| 44 | |
| 45 | /** |
| 46 | * in some rare instances, the session seems to stick |
| 47 | * around even after destroying it (!!), so if it does, |
| 48 | * we'll manually flatten the $_SESSION data |
| 49 | */ |
| 50 | if (!empty($_SESSION)) { |
| 51 | $_SESSION = array(); |
| 52 | } |
| 53 | |
| 54 | /* start session and put session_expired_* variables back in session */ |
| 55 | @sqsession_is_active(); |
| 56 | if (!empty($sep) && !empty($sel)) { |
| 57 | sqsession_register($sep, 'session_expired_post'); |
| 58 | sqsession_register($sel, 'session_expired_location'); |
| 59 | } |
| 60 | |
| 61 | /** |
| 62 | * This detects if the IMAP server has logins disabled, and if so, |
| 63 | * squelches the display of the login form and puts up a message |
| 64 | * explaining the situation. |
| 65 | */ |
| 66 | if($imap_auth_mech == 'login') { |
| 67 | /** |
| 68 | * detect disabled login, only when imapServerAddress contains |
| 69 | * server address and not mapping. See sqimap_get_user_server() |
| 70 | */ |
| 71 | if (substr($imapServerAddress, 0, 4) != "map:") { |
| 72 | $imap = sqimap_create_stream($imapServerAddress, $imapPort, $use_imap_tls); |
| 73 | $logindisabled = sqimap_capability($imap,'LOGINDISABLED'); |
| 74 | sqimap_logout($imap); |
| 75 | if ($logindisabled) { |
| 76 | $string = _("The IMAP server is reporting that plain text logins are disabled.").'<br />'. |
| 77 | _("Using CRAM-MD5 or DIGEST-MD5 authentication instead may work.").'<br />'; |
| 78 | if (!$use_imap_tls) { |
| 79 | $string .= _("Also, the use of TLS may allow SquirrelMail to login.").'<br />'; |
| 80 | } |
| 81 | $string .= _("Please contact your system administrator and report this error."); |
| 82 | error_box($string); |
| 83 | // display footer (closes html tags) and stop script execution |
| 84 | $oTemplate->display('footer.tpl'); |
| 85 | exit; |
| 86 | } |
| 87 | } |
| 88 | } |
| 89 | |
| 90 | do_hook('login_cookie', $null); |
| 91 | |
| 92 | $loginname_value = (sqGetGlobalVar('loginname', $loginname) ? htmlspecialchars($loginname) : ''); |
| 93 | |
| 94 | //FIXME: should be part of the template, not the core! |
| 95 | /* Output the javascript onload function. */ |
| 96 | $header = "<script type=\"text/javascript\">\n" . |
| 97 | "<!--\n". |
| 98 | " function squirrelmail_loginpage_onload() {\n". |
| 99 | " var textElements = 0;\n". |
| 100 | " for (i = 0; i < document.forms[0].elements.length; i++) {\n". |
| 101 | " if (document.forms[0].elements[i].type == \"text\" || document.forms[0].elements[i].type == \"password\") {\n". |
| 102 | " textElements++;\n". |
| 103 | " if (textElements == " . (isset($loginname) ? 2 : 1) . ") {\n". |
| 104 | " document.forms[0].elements[i].focus();\n". |
| 105 | " break;\n". |
| 106 | " }\n". |
| 107 | " }\n". |
| 108 | " }\n". |
| 109 | " }\n". |
| 110 | "// -->\n". |
| 111 | "</script>\n"; |
| 112 | |
| 113 | if (@file_exists($theme[$theme_default]['PATH'])) |
| 114 | @include ($theme[$theme_default]['PATH']); |
| 115 | |
| 116 | if (! isset($color) || ! is_array($color)) { |
| 117 | // Add default color theme, if theme loading fails |
| 118 | $color = array(); |
| 119 | $color[0] = '#dcdcdc'; /* light gray TitleBar */ |
| 120 | $color[1] = '#800000'; /* red */ |
| 121 | $color[2] = '#cc0000'; /* light red Warning/Error Messages */ |
| 122 | $color[4] = '#ffffff'; /* white Normal Background */ |
| 123 | $color[7] = '#0000cc'; /* blue Links */ |
| 124 | $color[8] = '#000000'; /* black Normal text */ |
| 125 | } |
| 126 | |
| 127 | displayHtmlHeader( "$org_name - " . _("Login"), $header, FALSE ); |
| 128 | |
| 129 | |
| 130 | |
| 131 | /* If they don't have a logo, don't bother.. */ |
| 132 | $logo_str = ''; |
| 133 | if (isset($org_logo) && $org_logo) { |
| 134 | |
| 135 | if (isset($org_logo_width) && is_numeric($org_logo_width) && |
| 136 | $org_logo_width>0) { |
| 137 | $width = $org_logo_width; |
| 138 | } else { |
| 139 | $width = ''; |
| 140 | } |
| 141 | if (isset($org_logo_height) && is_numeric($org_logo_height) && |
| 142 | $org_logo_height>0) { |
| 143 | $height = $org_logo_height; |
| 144 | } else { |
| 145 | $height = ''; |
| 146 | } |
| 147 | |
| 148 | $logo_str = create_image($org_logo, sprintf(_("%s Logo"), $org_name), |
| 149 | $width, $height, '', 'sqm_loginImage'); |
| 150 | |
| 151 | } |
| 152 | |
| 153 | $sm_attribute_str = ''; |
| 154 | if (isset($hide_sm_attributions) && !$hide_sm_attributions) { |
| 155 | $sm_attribute_str = _("SquirrelMail Webmail")."\n" . |
| 156 | _("By the SquirrelMail Project Team"); |
| 157 | } |
| 158 | |
| 159 | if(sqgetGlobalVar('mailtodata', $mailtodata)) { |
| 160 | $mailtofield = addHidden('mailtodata', $mailtodata); |
| 161 | } else { |
| 162 | $mailtofield = ''; |
| 163 | } |
| 164 | |
| 165 | $password_field = addPwField('secretkey'); |
| 166 | $login_extra = addHidden('js_autodetect_results', SMPREF_JS_OFF). |
| 167 | $mailtofield . |
| 168 | addHidden('just_logged_in', '1'); |
| 169 | |
| 170 | session_write_close(); |
| 171 | |
| 172 | $oTemplate->assign('logo_str', $logo_str, FALSE); |
| 173 | $oTemplate->assign('logo_path', $org_logo); |
| 174 | $oTemplate->assign('sm_attribute_str', $sm_attribute_str); |
| 175 | // i18n: The %s represents the service provider's name |
| 176 | $oTemplate->assign('org_name_str', sprintf (_("%s Login"), $org_name)); |
| 177 | // i18n: The %s represents the service provider's name |
| 178 | $oTemplate->assign('org_logo_str', sprintf (_("The %s logo"), $org_name)); |
| 179 | $oTemplate->assign('login_field_value', $loginname_value); |
| 180 | $oTemplate->assign('login_extra', $login_extra, FALSE); |
| 181 | |
| 182 | //FIXME: need to remove *ALL* HTML from this file! |
| 183 | echo '<body onload="squirrelmail_loginpage_onload()">'."\n"; |
| 184 | echo '<form action="redirect.php" method="post" onsubmit="document.forms[0].js_autodetect_results.value='. SMPREF_JS_ON .'">'."\n"; |
| 185 | do_hook('login_top', $null); |
| 186 | |
| 187 | $oTemplate->display('login.tpl'); |
| 188 | |
| 189 | //FIXME: need to remove *ALL* HTML from this file! |
| 190 | echo "</form>\n"; |
| 191 | do_hook('login_bottom', $null); |
| 192 | |
| 193 | // Turn off delayed error handling to make sure all errors are dumped. |
| 194 | $oErrorHandler->setDelayedErrors(false); |
| 195 | |
| 196 | $oTemplate->display('footer.tpl'); |