From f644ad108c017cf40768957832f259548f862ab5 Mon Sep 17 00:00:00 2001 From: lkehresman Date: Thu, 7 Dec 2000 03:10:21 +0000 Subject: [PATCH] applied the patch that uses redirect.php for login git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@873 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- ChangeLog | 1 + src/login.php | 2 +- src/webmail.php | 34 ---------------------------------- 3 files changed, 2 insertions(+), 35 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3387a8ed..52430ef8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ Version 1.0pre1 -- DEVELOPMENT ------------------------------ +- For security, login verification happens, then we're redirected to webmail.php - Folder sorting now case insensative - added config option to set IMAP folder delimiter rather than always detecting it - Made session cookie parameter use PHP's settings rather than making assumptions diff --git a/src/login.php b/src/login.php index d8d69c14..6e2119b1 100644 --- a/src/login.php +++ b/src/login.php @@ -41,7 +41,7 @@ echo $org_name . " - " . _("Login"); echo "\n"; echo "\n"; - echo "

\n"; + echo "\n"; $username_form_name = 'username'; $password_form_name = 'secretkey'; diff --git a/src/webmail.php b/src/webmail.php index bb6df91e..d3d41c47 100644 --- a/src/webmail.php +++ b/src/webmail.php @@ -12,17 +12,8 @@ ** **/ - // Before starting the session, the base URI must be known. - // Assuming that this file is in the src/ subdirectory (or - // something). - ereg ("(^.*/)[^/]+/[^/]+$", $PHP_SELF, $regs); - $base_uri = $regs[1]; - - session_set_cookie_params (0, $base_uri); session_start(); - session_register ("base_uri"); - if (!isset($i18n_php)) include ("../functions/i18n.php"); @@ -32,11 +23,6 @@ exit; } - // Refresh the language cookie. - if (isset($squirrelmail_language)) { - setcookie("squirrelmail_language", $squirrelmail_language, time()+2592000); - } - include ("../config/config.php"); include ("../functions/prefs.php"); include ("../functions/imap.php"); @@ -50,26 +36,6 @@ if ($force_username_lowercase) $username = strtolower($username); - if (!session_is_registered("user_is_logged_in") || $logged_in != 1) { - do_hook ("login_before"); - - $onetimepad = OneTimePadCreate(strlen($secretkey)); - $key = OneTimePadEncrypt(quotemeta($secretkey), $onetimepad); - session_register("onetimepad"); - // verify that username and password are correct - $imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0); - sqimap_logout($imapConnection); - - setcookie("username", $username, 0, $base_uri); - setcookie("key", $key, 0, $base_uri); - setcookie("logged_in", 1, 0, $base_uri); - - do_hook ("login_verified"); - } - - session_register ("user_is_logged_in"); - $user_is_logged_in = true; - include ("../src/load_prefs.php"); // We'll need this to later have a noframes version -- 2.25.1