Version 1.0pre1 -- DEVELOPMENT
------------------------------
+- For security, login verification happens, then we're redirected to webmail.php
- Folder sorting now case insensative
- added config option to set IMAP folder delimiter rather than always detecting it
- Made session cookie parameter use PHP's settings rather than making assumptions
echo $org_name . " - " . _("Login");
echo "</TITLE></HEAD>\n";
echo "<BODY TEXT=000000 BGCOLOR=#FFFFFF LINK=0000CC VLINK=0000CC ALINK=0000CC>\n";
- echo "<FORM ACTION=\"webmail.php\" METHOD=\"POST\" NAME=f>\n";
+ echo "<FORM ACTION=\"redirect.php\" METHOD=\"POST\" NAME=f>\n";
$username_form_name = 'username';
$password_form_name = 'secretkey';
**
**/
- // Before starting the session, the base URI must be known.
- // Assuming that this file is in the src/ subdirectory (or
- // something).
- ereg ("(^.*/)[^/]+/[^/]+$", $PHP_SELF, $regs);
- $base_uri = $regs[1];
-
- session_set_cookie_params (0, $base_uri);
session_start();
- session_register ("base_uri");
-
if (!isset($i18n_php))
include ("../functions/i18n.php");
exit;
}
- // Refresh the language cookie.
- if (isset($squirrelmail_language)) {
- setcookie("squirrelmail_language", $squirrelmail_language, time()+2592000);
- }
-
include ("../config/config.php");
include ("../functions/prefs.php");
include ("../functions/imap.php");
if ($force_username_lowercase)
$username = strtolower($username);
- if (!session_is_registered("user_is_logged_in") || $logged_in != 1) {
- do_hook ("login_before");
-
- $onetimepad = OneTimePadCreate(strlen($secretkey));
- $key = OneTimePadEncrypt(quotemeta($secretkey), $onetimepad);
- session_register("onetimepad");
- // verify that username and password are correct
- $imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);
- sqimap_logout($imapConnection);
-
- setcookie("username", $username, 0, $base_uri);
- setcookie("key", $key, 0, $base_uri);
- setcookie("logged_in", 1, 0, $base_uri);
-
- do_hook ("login_verified");
- }
-
- session_register ("user_is_logged_in");
- $user_is_logged_in = true;
-
include ("../src/load_prefs.php");
// We'll need this to later have a noframes version