X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Flogin.php;h=a9dbd436136a6f255084c978415d6cee3ec17875;hb=2be6e3fc90746bcafa7a200b599e6d48409b5e43;hp=62ae3238e8e20b51eb826de386b119a4ab4f8ddc;hpb=5e9e90fd78a930cc74432034fad600d38ac50563;p=squirrelmail.git diff --git a/src/login.php b/src/login.php index 62ae3238..a9dbd436 100644 --- a/src/login.php +++ b/src/login.php @@ -3,150 +3,193 @@ /** * login.php -- simple login screen * - * Copyright (c) 1999-2002 The SquirrelMail Project Team - * Licensed under the GNU GPL. For full terms see the file COPYING. - * * This a simple login screen. Some housekeeping is done to clean * cookies and find language. * - * $Id$ + * @copyright © 1999-2006 The SquirrelMail Project Team + * @license http://opensource.org/licenses/gpl-license.php GNU Public License + * @version $Id$ + * @package squirrelmail */ -$rcptaddress = ''; -if (isset($emailaddress)) { - if (stristr($emailaddress, 'mailto:')) { - $rcptaddress = substr($emailaddress, 7); - } else { - $rcptaddress = $emailaddress; - } - - if (($pos = strpos($rcptaddress, '?')) !== false) { - $a = substr($rcptaddress, $pos + 1); - $rcptaddress = substr($rcptaddress, 0, $pos); - $a = explode('=', $a, 2); - if (isset($a[1])) { - $name = urldecode($a[0]); - $val = urldecode($a[1]); - global $$name; - $$name = $val; - } - } - - /* At this point, we have parsed a lot of the mailto stuff. */ - /* Let's do the rest -- CC, BCC, Subject, Body */ - /* Note: They can all be case insensitive */ - foreach ($GLOBALS as $k => $v) { - $key = strtolower($k); - $value = urlencode($v); - if ($key == 'cc') { - $rcptaddress .= '&send_to_cc=' . $value; - } else if ($key == 'bcc') { - $rcptaddress .= '&send_to_bcc=' . $value; - } else if ($key == 'subject') { - $rcptaddress .= '&subject=' . $value; - } else if ($key == 'body') { - $rcptaddress .= '&body=' . $value; - } - } - - /* Double-encode in this fashion to get past redirect.php properly. */ - $rcptaddress = urlencode($rcptaddress); -} - -require_once('../functions/strings.php'); -require_once('../config/config.php'); -require_once('../functions/i18n.php'); -require_once('../functions/plugin.php'); -require_once('../functions/constants.php'); -require_once('../functions/page_header.php'); +/** + * Path for SquirrelMail required files. + * @ignore + */ +define('SM_PATH','../'); + +/* SquirrelMail required files. */ +require_once(SM_PATH . 'functions/global.php'); +require_once(SM_PATH . 'functions/strings.php'); +require_once(SM_PATH . 'config/config.php'); +require_once(SM_PATH . 'functions/i18n.php'); +require_once(SM_PATH . 'functions/plugin.php'); +require_once(SM_PATH . 'functions/constants.php'); +require_once(SM_PATH . 'functions/page_header.php'); +require_once(SM_PATH . 'functions/html.php'); +require_once(SM_PATH . 'functions/imap_general.php'); +require_once(SM_PATH . 'functions/forms.php'); -/* +/** * $squirrelmail_language is set by a cookie when the user selects * language and logs out */ -set_up_language($squirrelmail_language, TRUE); +set_up_language($squirrelmail_language, TRUE, TRUE); -/* Need the base URI to set the cookies. (Same code as in webmail.php). */ -ereg ("(^.*/)[^/]+/[^/]+$", $PHP_SELF, $regs); -$base_uri = $regs[1]; -@session_destroy(); +/** + * Find out the base URI to set cookies. + */ +$base_uri = sqm_baseuri(); /* * In case the last session was not terminated properly, make sure * we get a new one. */ -$cookie_params = session_get_cookie_params(); -setcookie(session_name(),'',0,$cookie_params['path'].$cookie_params['domain']); -setcookie('username', '', 0, $base_uri); -setcookie('key', '', 0, $base_uri); + +sqsession_destroy(); +/** + * PHP bug. http://bugs.php.net/11643 (warning, spammed bug tracker) and + * http://bugs.php.net/13834 + * SID constant is not destroyed in PHP 4.1.2, 4.2.3 and maybe other + * versions. Produces warning on login page. Bug should be fixed only in 4.3.0 + */ +@sqsession_start(); header('Pragma: no-cache'); +/** + * This detects if the IMAP server has logins disabled, and if so, + * squelches the display of the login form and puts up a message + * explaining the situation. + */ +if($imap_auth_mech == 'login') { + /** + * detect disabled login, only when imapServerAddress contains + * server address and not mapping. See sqimap_get_user_server() + */ + if (substr($imapServerAddress, 0, 4) != "map:") { + $imap = sqimap_create_stream($imapServerAddress, $imapPort, $use_imap_tls); + $logindisabled = sqimap_capability($imap,'LOGINDISABLED'); + sqimap_logout($imap); + if ($logindisabled) { + $string = _("The IMAP server is reporting that plain text logins are disabled.").'
'. + _("Using CRAM-MD5 or DIGEST-MD5 authentication instead may work.").'
'; + if (!$use_imap_tls) { + $string .= _("Also, the use of TLS may allow SquirrelMail to login.").'
'; + } + $string .= _("Please contact your system administrator and report this error."); + error_box($string,$color); + exit; + } + } +} + +/* + * Initialize the template object and custom error handler object + */ +include_once(SM_PATH . 'class/template/template.class.php'); +include_once(SM_PATH . 'class/error.class.php'); + +/* + * $sTplDir is not initialized when a user is not logged in, so we will use + * the config file defaults here. If the neccesary variables are net set, + * force a default value. + */ +$aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet ); +$templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default ); +$sTplDir = ( !isset($aTemplateSet[$templateset_default]['PATH']) ? + SM_PATH . 'templates/default/' : + $aTemplateSet[$templateset_default]['PATH'] ); + +$oTemplate = new Template($sTplDir); +$oErrorHandler = new ErrorHandler($oTemplate,'error_message.tpl'); + do_hook('login_cookie'); -/* Output the javascript onload function. */ +$loginname_value = (sqGetGlobalVar('loginname', $loginname) ? htmlspecialchars($loginname) : ''); -$header = "\n"; -$custom_css = 'none'; + +if (@file_exists($theme[$theme_default]['PATH'])) + @include ($theme[$theme_default]['PATH']); + +if (! isset($color) || ! is_array($color)) { + // Add default color theme, if theme loading fails + $color = array(); + $color[0] = '#dcdcdc'; /* light gray TitleBar */ + $color[1] = '#800000'; /* red */ + $color[2] = '#cc0000'; /* light red Warning/Error Messages */ + $color[4] = '#ffffff'; /* white Normal Background */ + $color[7] = '#0000cc'; /* blue Links */ + $color[8] = '#000000'; /* black Normal text */ +} + displayHtmlHeader( "$org_name - " . _("Login"), $header, FALSE ); -/* Set the title of this page. */ -echo "\n". - "
\n"; + +/* If they don't have a logo, don't bother.. */ +$logo_str = ''; +if (isset($org_logo) && $org_logo) { + /* Display width and height like good little people */ + $width_and_height = ''; + if (isset($org_logo_width) && is_numeric($org_logo_width) && + $org_logo_width>0) { + $width_and_height = " width=\"$org_logo_width\""; + } + if (isset($org_logo_height) && is_numeric($org_logo_height) && + $org_logo_height>0) { + $width_and_height .= " height=\"$org_logo_height\""; + } + + $logo_str = '
'."\n"; +} + +$sm_attribute_str = ''; +if (isset($hide_sm_attributions) && !$hide_sm_attributions) { + $sm_attribute_str = _("SquirrelMail Webmail Application")."
\n" . + _("By the SquirrelMail Project Team")."
\n"; +} $username_form_name = 'login_username'; $password_form_name = 'secretkey'; -do_hook('login_top'); - -$loginname_value = (isset($loginname) ? htmlspecialchars($loginname) : ''); - -echo "
". - "
\n". - ( $hide_sm_attributions ? '' : - '' . sprintf (_("SquirrelMail version %s"), $version) . "
\n". - ' ' . _("By the SquirrelMail Development Team") . "
\n" ) . - "
\n". - - "
\n". - "\n". - " ". - " \n". - " \n". - "
\n". - ' ' . sprintf (_("%s Login"), $org_name) . "\n". - "
\n". - " \n". - ' \n". - " \n". - " \n". - " \n". - ' \n". - " \n". - " \n". - "
' . _("Name:") . "\n". - " \n". - "
' . _("Password:") . "\n". - " \n". - " \n". - " \n"; -if ($rcptaddress != '') { - echo " \n"; + +if(sqgetGlobalVar('mailto', $mailto)) { + $rcptaddress = addHidden('mailto', $mailto); +} else { + $rcptaddress = ''; } -echo "
\n". - '
\n". - "
\n". - "
\n"; - -do_hook('login_form'); -echo "
\n"; - -do_hook('login_bottom'); -echo "\n". - "\n"; -?> + +$password_field = addPwField($password_form_name). + addHidden('js_autodetect_results', SMPREF_JS_OFF). + $rcptaddress . + addHidden('just_logged_in', '1'); + +$oTemplate->assign('color', $color); +$oTemplate->assign('logo_str', $logo_str); +$oTemplate->assign('sm_attribute_str', $sm_attribute_str); +$oTemplate->assign('org_name_str', sprintf (_("%s Login"), $org_name)); +$oTemplate->assign('login_field', addInput($username_form_name, $loginname_value)); +$oTemplate->assign('password_field', $password_field); +$oTemplate->assign('submit_field', addSubmit(_("Login"))); + +$oTemplate->display('login.tpl'); +?> \ No newline at end of file