functions/global.php

   1 <?php
   2
   3 /**
   4  * global.php
   5  *
   6  * Copyright (c) 1999-2003 The SquirrelMail Project Team
   7  * Licensed under the GNU GPL. For full terms see the file COPYING.
   8  *
   9  * This includes code to update < 4.1.0 globals to the newer format
  10  * It also has some session register functions that work across various
  11  * php versions.
  12  *
  13  * $Id$
  14  * @package squirrelmail
  15  */
  16
  17 /** Bring in the config file. */
  18 require_once(SM_PATH . 'config/config.php');
  19
  20 /** set the name of the session cookie */
  21 if(isset($session_name) && $session_name) {
  22     ini_set('session.name' , $session_name);
  23 } else {
  24     ini_set('session.name' , 'SQMSESSID');
  25 }
  26
  27 /** If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
  28  *  Force magic_quotes_runtime off.
  29  *  tassium@squirrelmail.org - I put it here in the hopes that all SM code includes this.
  30  *  If there's a better place, please let me know.
  31  */
  32 ini_set('magic_quotes_runtime','0');
  33
  34 /* Since we decided all IMAP servers must implement the UID command as defined in
  35  * the IMAP RFC, we force $uid_support to be on.
  36  */
  37
  38 global $uid_support;
  39 $uid_support = true;
  40
  41 sqsession_is_active();
  42
  43 /* convert old-style superglobals to current method
  44  * this is executed if you are running PHP 4.0.x.
  45  * it is run via a require_once directive in validate.php
  46  * and redirect.php. Patch submitted by Ray Black.
  47  */
  48
  49 if ( !check_php_version(4,1) ) {
  50   global $_COOKIE, $_ENV, $_FILES, $_GET, $_POST, $_SERVER, $_SESSION;
  51   global $HTTP_COOKIE_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES, $HTTP_GET_VARS,
  52          $HTTP_POST_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $PHP_SELF;
  53   $_COOKIE  =& $HTTP_COOKIE_VARS;
  54   $_ENV     =& $HTTP_ENV_VARS;
  55   $_FILES   =& $HTTP_POST_FILES;
  56   $_GET     =& $HTTP_GET_VARS;
  57   $_POST    =& $HTTP_POST_VARS;
  58   $_SERVER  =& $HTTP_SERVER_VARS;
  59   $_SESSION =& $HTTP_SESSION_VARS;
  60   if (!isset($PHP_SELF) || empty($PHP_SELF)) {
  61      $PHP_SELF =  $HTTP_SERVER_VARS['PHP_SELF'];
  62   }
  63 }
  64
  65 /* if running with magic_quotes_gpc then strip the slashes
  66    from POST and GET global arrays */
  67
  68 if (get_magic_quotes_gpc()) {
  69     sqstripslashes($_GET);
  70     sqstripslashes($_POST);
  71 }
  72
  73 /* strip any tags added to the url from PHP_SELF.
  74    This fixes hand crafted url XXS expoits for any
  75    page that uses PHP_SELF as the FORM action */
  76
  77 $_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
  78
  79 /**
  80  * returns true if current php version is at mimimum a.b.c
  81  *
  82  * Called: check_php_version(4,1)
  83  */
  84 function check_php_version ($a = '0', $b = '0', $c = '0')
  85 {
  86     global $SQ_PHP_VERSION;
  87
  88     if(!isset($SQ_PHP_VERSION))
  89         $SQ_PHP_VERSION = substr( str_pad( preg_replace('/\D/','', PHP_VERSION), 3, '0'), 0, 3);
  90
  91     return $SQ_PHP_VERSION >= ($a.$b.$c);
  92 }
  93
  94 /**
  95  * returns true if the current internal SM version is at minimum a.b.c
  96  * These are plain integer comparisons, as our internal version is
  97  * constructed by us, as an array of 3 ints.
  98  *
  99  * Called: check_sm_version(1,3,3)
 100  */
 101 function check_sm_version($a = 0, $b = 0, $c = 0)
 102 {
 103     global $SQM_INTERNAL_VERSION;
 104     if ( !isset($SQM_INTERNAL_VERSION) ||
 105          $SQM_INTERNAL_VERSION[0] < $a ||
 106          $SQM_INTERNAL_VERSION[1] < $b ||
 107          ( $SQM_INTERNAL_VERSION[1] == $b &&
 108            $SQM_INTERNAL_VERSION[2] < $c ) ) {
 109         return FALSE;
 110     }
 111     return TRUE;
 112 }
 113
 114
 115 /* recursively strip slashes from the values of an array */
 116 function sqstripslashes(&$array) {
 117     if(count($array) > 0) {
 118         foreach ($array as $index=>$value) {
 119             if (is_array($array[$index])) {
 120                 sqstripslashes($array[$index]);
 121             }
 122             else {
 123                 $array[$index] = stripslashes($value);
 124             }
 125         }
 126     }
 127 }
 128
 129 function sqsession_register ($var, $name) {
 130
 131     sqsession_is_active();
 132
 133     if ( !check_php_version(4,1) ) {
 134         global $HTTP_SESSION_VARS;
 135         $HTTP_SESSION_VARS[$name] = $var;
 136     }
 137     else {
 138         $_SESSION["$name"] = $var;
 139     }
 140     session_register("$name");
 141 }
 142
 143 function sqsession_unregister ($name) {
 144
 145     sqsession_is_active();
 146
 147     if ( !check_php_version(4,1) ) {
 148         global $HTTP_SESSION_VARS;
 149         unset($HTTP_SESSION_VARS[$name]);
 150     }
 151     else {
 152         unset($_SESSION[$name]);
 153     }
 154     session_unregister("$name");
 155 }
 156
 157 function sqsession_is_registered ($name) {
 158     $test_name = &$name;
 159     $result = false;
 160     if ( !check_php_version(4,1) ) {
 161         global $HTTP_SESSION_VARS;
 162         if (isset($HTTP_SESSION_VARS[$test_name])) {
 163             $result = true;
 164         }
 165     }
 166     else {
 167         if (isset($_SESSION[$test_name])) {
 168             $result = true;
 169         }
 170     }
 171     return $result;
 172 }
 173
 174
 175 define('SQ_INORDER',0);
 176 define('SQ_GET',1);
 177 define('SQ_POST',2);
 178 define('SQ_SESSION',3);
 179 define('SQ_COOKIE',4);
 180 define('SQ_SERVER',5);
 181 define('SQ_FORM',6);
 182
 183 /**
 184  * Search for the var $name in $_SESSION, $_POST, $_GET,
 185  * $_COOKIE, or $_SERVER and set it in provided var.
 186  *
 187  * If $search is not provided,  or == SQ_INORDER, it will search
 188  * $_SESSION, then $_POST, then $_GET. Otherwise,
 189  * use one of the defined constants to look for
 190  * a var in one place specifically.
 191  *
 192  * Note: $search is an int value equal to one of the
 193  * constants defined above.
 194  *
 195  * example:
 196  *    sqgetGlobalVar('username',$username,SQ_SESSION);
 197  *  -- no quotes around last param!
 198  *
 199  * Returns FALSE if variable is not found.
 200  * Returns TRUE if it is.
 201  */
 202 function sqgetGlobalVar($name, &$value, $search = SQ_INORDER) {
 203
 204     if ( !check_php_version(4,1) ) {
 205         global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS,
 206                $HTTP_SERVER_VARS, $HTTP_SESSION_VARS;
 207
 208         $_COOKIE  =& $HTTP_COOKIE_VARS;
 209         $_GET     =& $HTTP_GET_VARS;
 210         $_POST    =& $HTTP_POST_VARS;
 211         $_SERVER  =& $HTTP_SERVER_VARS;
 212         $_SESSION =& $HTTP_SESSION_VARS;
 213     }
 214
 215     /* NOTE: DO NOT enclose the constants in the switch
 216        statement with quotes. They are constant values,
 217        enclosing them in quotes will cause them to evaluate
 218        as strings. */
 219     switch ($search) {
 220         /* we want the default case to be first here,
 221            so that if a valid value isn't specified,
 222            all three arrays will be searched. */
 223       default:
 224       case SQ_INORDER: // check session, post, get
 225       case SQ_SESSION:
 226         if( isset($_SESSION[$name]) ) {
 227             $value = $_SESSION[$name];
 228             return TRUE;
 229         } elseif ( $search == SQ_SESSION ) {
 230             break;
 231         }
 232       case SQ_FORM:   // check post, get
 233       case SQ_POST:
 234         if( isset($_POST[$name]) ) {
 235             $value = $_POST[$name];
 236             return TRUE;
 237         } elseif ( $search == SQ_POST ) {
 238           break;
 239         }
 240       case SQ_GET:
 241         if ( isset($_GET[$name]) ) {
 242             $value = $_GET[$name];
 243             return TRUE;
 244         }
 245         /* NO IF HERE. FOR SQ_INORDER CASE, EXIT after GET */
 246         break;
 247       case SQ_COOKIE:
 248         if ( isset($_COOKIE[$name]) ) {
 249             $value = $_COOKIE[$name];
 250             return TRUE;
 251         }
 252         break;
 253       case SQ_SERVER:
 254         if ( isset($_SERVER[$name]) ) {
 255             $value = $_SERVER[$name];
 256             return TRUE;
 257         }
 258         break;
 259     }
 260     return FALSE;
 261 }
 262
 263 function sqsession_destroy() {
 264
 265     /*
 266      * php.net says we can kill the cookie by setting just the name:
 267      * http://www.php.net/manual/en/function.setcookie.php
 268      * maybe this will help fix the session merging again.
 269      *
 270      * Changed the theory on this to kill the cookies first starting
 271      * a new session will provide a new session for all instances of
 272      * the browser, we don't want that, as that is what is causing the
 273      * merging of sessions.
 274      */
 275
 276     global $base_uri;
 277
 278     if (isset($_COOKIE[session_name()])) setcookie(session_name(), '', time() - 5, $base_uri);
 279     if (isset($_COOKIE['username'])) setcookie('username','',time() - 5,$base_uri);
 280     if (isset($_COOKIE['key'])) setcookie('key','',time() - 5,$base_uri);
 281
 282     $sessid = session_id();
 283     if (!empty( $sessid )) {
 284         if ( !check_php_version(4,1) ) {
 285             global $HTTP_SESSION_VARS;
 286             $HTTP_SESSION_VARS = array();
 287         } else {
 288             $_SESSION = array();
 289         }
 290         @session_destroy();
 291     }
 292
 293 }
 294
 295 /*
 296  * Function to verify a session has been started.  If it hasn't
 297  * start a session up.  php.net doesn't tell you that $_SESSION
 298  * (even though autoglobal), is not created unless a session is
 299  * started, unlike $_POST, $_GET and such
 300  */
 301
 302 function sqsession_is_active() {
 303
 304     $sessid = session_id();
 305     if ( empty( $sessid ) ) {
 306         session_start();
 307     }
 308 }
 309
 310
 311 ?>