[squirrelmail.git] / functions / global.php

<?php

/**
 * global.php
 *
 * Copyright (c) 1999-2005 The SquirrelMail Project Team
 * Licensed under the GNU GPL. For full terms see the file COPYING.
 *
 * This includes code to update < 4.1.0 globals to the newer format
 * It also has some session register functions that work across various
 * php versions.
 *
 * @version $Id$
 * @package squirrelmail
 */

/** Bring in the config file. */
require_once(SM_PATH . 'config/config.php');

/** set the name of the session cookie */
if(isset($session_name) && $session_name) {
    ini_set('session.name' , $session_name);
} else {
    ini_set('session.name' , 'SQMSESSID');
}

/**
 * If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
 * Force magic_quotes_runtime off.
 * tassium@squirrelmail.org - I put it here in the hopes that all SM code includes this.
 * If there's a better place, please let me know.
 */
ini_set('magic_quotes_runtime','0');

/* Since we decided all IMAP servers must implement the UID command as defined in
 * the IMAP RFC, we force $uid_support to be on.
 */

global $uid_support;
$uid_support = true;

sqsession_is_active();

/* if running with magic_quotes_gpc then strip the slashes
   from POST and GET global arrays */

if (get_magic_quotes_gpc()) {
    sqstripslashes($_GET);
    sqstripslashes($_POST);
}

/* strip any tags added to the url from PHP_SELF.
   This fixes hand crafted url XXS expoits for any
   page that uses PHP_SELF as the FORM action */

$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);

/**
 * returns true if current php version is at mimimum a.b.c
 *
 * Called: check_php_version(4,1)
 * @param int a major version number
 * @param int b minor version number
 * @param int c release number
 * @return bool
 */
function check_php_version ($a = '0', $b = '0', $c = '0')
{
    return version_compare ( PHP_VERSION, "$a.$b.$c", 'ge' );
}

/**
 * returns true if the current internal SM version is at minimum a.b.c
 * These are plain integer comparisons, as our internal version is
 * constructed by us, as an array of 3 ints.
 *
 * Called: check_sm_version(1,3,3)
 * @param int a major version number
 * @param int b minor version number
 * @param int c release number
 * @return bool
 */
function check_sm_version($a = 0, $b = 0, $c = 0)
{
    global $SQM_INTERNAL_VERSION;
    if ( !isset($SQM_INTERNAL_VERSION) ||
         $SQM_INTERNAL_VERSION[0] < $a ||
         ( $SQM_INTERNAL_VERSION[0] == $a &&
           $SQM_INTERNAL_VERSION[1] < $b) ||
         ( $SQM_INTERNAL_VERSION[0] == $a &&
           $SQM_INTERNAL_VERSION[1] == $b &&
           $SQM_INTERNAL_VERSION[2] < $c ) ) {
        return FALSE;
    }
    return TRUE;
}


/**
 * Recursively strip slashes from the values of an array.
 * @param array array the array to strip, passed by reference
 * @return void
 */
function sqstripslashes(&$array) {
    if(count($array) > 0) {
        foreach ($array as $index=>$value) {
            if (is_array($array[$index])) {
                sqstripslashes($array[$index]);
            }
            else {
                $array[$index] = stripslashes($value);
            }
        }
    }
}

/**
 * Add a variable to the session.
 * @param mixed $var the variable to register
 * @param string $name the name to refer to this variable
 * @return void
 */
function sqsession_register ($var, $name) {

    sqsession_is_active();

    $_SESSION["$name"] = $var;

    session_register("$name");
}

/**
 * Delete a variable from the session.
 * @param string $name the name of the var to delete
 * @return void
 */
function sqsession_unregister ($name) {

    sqsession_is_active();

    unset($_SESSION[$name]);

    session_unregister("$name");
}

/**
 * Checks to see if a variable has already been registered
 * in the session.
 * @param string $name the name of the var to check
 * @return bool whether the var has been registered
 */
function sqsession_is_registered ($name) {
    $test_name = &$name;
    $result = false;

    if (isset($_SESSION[$test_name])) {
        $result = true;
    }

    return $result;
}


define('SQ_INORDER',0);
define('SQ_GET',1);
define('SQ_POST',2);
define('SQ_SESSION',3);
define('SQ_COOKIE',4);
define('SQ_SERVER',5);
define('SQ_FORM',6);

/**
 * Search for the var $name in $_SESSION, $_POST, $_GET,
 * $_COOKIE, or $_SERVER and set it in provided var.
 *
 * If $search is not provided,  or == SQ_INORDER, it will search
 * $_SESSION, then $_POST, then $_GET. Otherwise,
 * use one of the defined constants to look for
 * a var in one place specifically.
 *
 * Note: $search is an int value equal to one of the
 * constants defined above.
 *
 * example:
 *    sqgetGlobalVar('username',$username,SQ_SESSION);
 *  -- no quotes around last param!
 *
 * @param string name the name of the var to search
 * @param mixed value the variable to return
 * @param int search constant defining where to look
 * @return bool whether variable is found.
 */
function sqgetGlobalVar($name, &$value, $search = SQ_INORDER) {

    /* NOTE: DO NOT enclose the constants in the switch
       statement with quotes. They are constant values,
       enclosing them in quotes will cause them to evaluate
       as strings. */
    switch ($search) {
        /* we want the default case to be first here,
           so that if a valid value isn't specified,
           all three arrays will be searched. */
      default:
      case SQ_INORDER: // check session, post, get
      case SQ_SESSION:
        if( isset($_SESSION[$name]) ) {
            $value = $_SESSION[$name];
            return TRUE;
        } elseif ( $search == SQ_SESSION ) {
            break;
        }
      case SQ_FORM:   // check post, get
      case SQ_POST:
        if( isset($_POST[$name]) ) {
            $value = $_POST[$name];
            return TRUE;
        } elseif ( $search == SQ_POST ) {
          break;
        }
      case SQ_GET:
        if ( isset($_GET[$name]) ) {
            $value = $_GET[$name];
            return TRUE;
        }
        /* NO IF HERE. FOR SQ_INORDER CASE, EXIT after GET */
        break;
      case SQ_COOKIE:
        if ( isset($_COOKIE[$name]) ) {
            $value = $_COOKIE[$name];
            return TRUE;
        }
        break;
      case SQ_SERVER:
        if ( isset($_SERVER[$name]) ) {
            $value = $_SERVER[$name];
            return TRUE;
        }
        break;
    }
    /* Nothing found, return FALSE */
    return FALSE;
}

/**
 * Deletes an existing session, more advanced than the standard PHP
 * session_destroy(), it explicitly deletes the cookies and global vars.
 */
function sqsession_destroy() {

    /*
     * php.net says we can kill the cookie by setting just the name:
     * http://www.php.net/manual/en/function.setcookie.php
     * maybe this will help fix the session merging again.
     *
     * Changed the theory on this to kill the cookies first starting
     * a new session will provide a new session for all instances of
     * the browser, we don't want that, as that is what is causing the
     * merging of sessions.
     */

    global $base_uri;

    if (isset($_COOKIE[session_name()])) setcookie(session_name(), '', time() - 5, $base_uri);
    if (isset($_COOKIE['username'])) setcookie('username','',time() - 5,$base_uri);
    if (isset($_COOKIE['key'])) setcookie('key','',time() - 5,$base_uri);

    $sessid = session_id();
    if (!empty( $sessid )) {
        $_SESSION = array();
        @session_destroy();
    }

}

/**
 * Function to verify a session has been started.  If it hasn't
 * start a session up.  php.net doesn't tell you that $_SESSION
 * (even though autoglobal), is not created unless a session is
 * started, unlike $_POST, $_GET and such
 */

function sqsession_is_active() {

    $sessid = session_id();
    if ( empty( $sessid ) ) {
        session_start();
    }
}

// vim: et ts=4
?>
Commit	Line	Data
61d9ec71	1	<?php
	2
	3	/**
0c701a88	4	* global.php
61d9ec71	5	*
6c84ba1e	6	* Copyright (c) 1999-2005 The SquirrelMail Project Team
61d9ec71	7	* Licensed under the GNU GPL. For full terms see the file COPYING.
61d9ec71	8	*
62f7daa5	9	* This includes code to update < 4.1.0 globals to the newer format
242342d0	10	* It also has some session register functions that work across various
62f7daa5	11	* php versions.
61d9ec71	12	*
31841a9e	13	* @version $Id$
d6c32258	14	* @package squirrelmail
61d9ec71	15	*/
61d9ec71	16
d6c32258	17	/** Bring in the config file. */
ebabf3f5	18	require_once(SM_PATH . 'config/config.php');
ebabf3f5	19
d6c32258	20	/** set the name of the session cookie */
62f7daa5	21	if(isset($session_name) && $session_name) {
	22	ini_set('session.name' , $session_name);
	23	} else {
	24	ini_set('session.name' , 'SQMSESSID');
ebabf3f5	25	}
ebabf3f5	26
051f6245	27	/**
	28	* If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
	29	* Force magic_quotes_runtime off.
	30	* tassium@squirrelmail.org - I put it here in the hopes that all SM code includes this.
	31	* If there's a better place, please let me know.
388c855c	32	*/
5f660901	33	ini_set('magic_quotes_runtime','0');
61d9ec71	34
2ca4c65a	35	/* Since we decided all IMAP servers must implement the UID command as defined in
	36	* the IMAP RFC, we force $uid_support to be on.
	37	*/
	38
	39	global $uid_support;
	40	$uid_support = true;
	41
d416901b	42	sqsession_is_active();
d416901b	43
180239ca	44	/* if running with magic_quotes_gpc then strip the slashes
a32985a5	45	from POST and GET global arrays */
	46
	47	if (get_magic_quotes_gpc()) {
180239ca	48	sqstripslashes($_GET);
180239ca	49	sqstripslashes($_POST);
a32985a5	50	}
	51
	52	/* strip any tags added to the url from PHP_SELF.
	53	This fixes hand crafted url XXS expoits for any
	54	page that uses PHP_SELF as the FORM action */
	55
388c855c	56	$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
a32985a5	57
62f7daa5	58	/**
	59	* returns true if current php version is at mimimum a.b.c
	60	*
97bdc607	61	* Called: check_php_version(4,1)
8b096f0a	62	* @param int a major version number
	63	* @param int b minor version number
	64	* @param int c release number
	65	* @return bool
97bdc607	66	*/
62f7daa5	67	function check_php_version ($a = '0', $b = '0', $c = '0')
9697c5ab	68	{
5673cabe	69	return version_compare ( PHP_VERSION, "$a.$b.$c", 'ge' );
9697c5ab	70	}
9697c5ab	71
97bdc607	72	/**
62f7daa5	73	* returns true if the current internal SM version is at minimum a.b.c
62f7daa5	74	* These are plain integer comparisons, as our internal version is
97bdc607	75	* constructed by us, as an array of 3 ints.
	76	*
	77	* Called: check_sm_version(1,3,3)
8b096f0a	78	* @param int a major version number
	79	* @param int b minor version number
	80	* @param int c release number
	81	* @return bool
97bdc607	82	*/
	83	function check_sm_version($a = 0, $b = 0, $c = 0)
	84	{
	85	global $SQM_INTERNAL_VERSION;
	86	if ( !isset($SQM_INTERNAL_VERSION) \|\|
	87	$SQM_INTERNAL_VERSION[0] < $a \|\|
150c28d6	88	( $SQM_INTERNAL_VERSION[0] == $a &&
	89	$SQM_INTERNAL_VERSION[1] < $b) \|\|
	90	( $SQM_INTERNAL_VERSION[0] == $a &&
	91	$SQM_INTERNAL_VERSION[1] == $b &&
97bdc607	92	$SQM_INTERNAL_VERSION[2] < $c ) ) {
97bdc607	93	return FALSE;
62f7daa5	94	}
62f7daa5	95	return TRUE;
97bdc607	96	}
	97
	98
8b096f0a	99	/**
	100	* Recursively strip slashes from the values of an array.
	101	* @param array array the array to strip, passed by reference
	102	* @return void
	103	*/
a32985a5	104	function sqstripslashes(&$array) {
3aa17cf9	105	if(count($array) > 0) {
	106	foreach ($array as $index=>$value) {
	107	if (is_array($array[$index])) {
	108	sqstripslashes($array[$index]);
	109	}
	110	else {
	111	$array[$index] = stripslashes($value);
	112	}
a32985a5	113	}
	114	}
	115	}
	116
8b096f0a	117	/**
	118	* Add a variable to the session.
	119	* @param mixed $var the variable to register
	120	* @param string $name the name to refer to this variable
	121	* @return void
	122	*/
61d9ec71	123	function sqsession_register ($var, $name) {
281c3d5b	124
	125	sqsession_is_active();
	126
62f7daa5	127	$_SESSION["$name"] = $var;
62f7daa5	128
dcc1cc82	129	session_register("$name");
61d9ec71	130	}
3aa17cf9	131
8b096f0a	132	/**
	133	* Delete a variable from the session.
	134	* @param string $name the name of the var to delete
	135	* @return void
	136	*/
61d9ec71	137	function sqsession_unregister ($name) {
281c3d5b	138
	139	sqsession_is_active();
	140
abd74f7d	141	unset($_SESSION[$name]);
62f7daa5	142
dcc1cc82	143	session_unregister("$name");
61d9ec71	144	}
3aa17cf9	145
8b096f0a	146	/**
	147	* Checks to see if a variable has already been registered
	148	* in the session.
	149	* @param string $name the name of the var to check
	150	* @return bool whether the var has been registered
	151	*/
d7c82551	152	function sqsession_is_registered ($name) {
	153	$test_name = &$name;
	154	$result = false;
62f7daa5	155
abd74f7d	156	if (isset($_SESSION[$test_name])) {
abd74f7d	157	$result = true;
d7c82551	158	}
62f7daa5	159
d7c82551	160	return $result;
	161	}
	162
61d9ec71	163
4cd8ae7d	164	define('SQ_INORDER',0);
	165	define('SQ_GET',1);
	166	define('SQ_POST',2);
	167	define('SQ_SESSION',3);
27d0841c	168	define('SQ_COOKIE',4);
27d0841c	169	define('SQ_SERVER',5);
d9ad2525	170	define('SQ_FORM',6);
4cd8ae7d	171
4cd8ae7d	172	/**
27d0841c	173	* Search for the var $name in $_SESSION, $_POST, $_GET,
62f7daa5	174	* $_COOKIE, or $_SERVER and set it in provided var.
d1975c5b	175	*
4cd8ae7d	176	* If $search is not provided, or == SQ_INORDER, it will search
4cd8ae7d	177	* $_SESSION, then $_POST, then $_GET. Otherwise,
62f7daa5	178	* use one of the defined constants to look for
4cd8ae7d	179	* a var in one place specifically.
d1975c5b	180	*
62f7daa5	181	* Note: $search is an int value equal to one of the
d1975c5b	182	* constants defined above.
	183	*
	184	* example:
	185	* sqgetGlobalVar('username',$username,SQ_SESSION);
	186	* -- no quotes around last param!
	187	*
8b096f0a	188	* @param string name the name of the var to search
	189	* @param mixed value the variable to return
	190	* @param int search constant defining where to look
	191	* @return bool whether variable is found.
4cd8ae7d	192	*/
4cd8ae7d	193	function sqgetGlobalVar($name, &$value, $search = SQ_INORDER) {
f79c19a4	194
d1975c5b	195	/* NOTE: DO NOT enclose the constants in the switch
	196	statement with quotes. They are constant values,
	197	enclosing them in quotes will cause them to evaluate
	198	as strings. */
4cd8ae7d	199	switch ($search) {
62f7daa5	200	/* we want the default case to be first here,
051f6245	201	so that if a valid value isn't specified,
051f6245	202	all three arrays will be searched. */
d1975c5b	203	default:
d9ad2525	204	case SQ_INORDER: // check session, post, get
d1975c5b	205	case SQ_SESSION:
d1975c5b	206	if( isset($_SESSION[$name]) ) {
4cd8ae7d	207	$value = $_SESSION[$name];
d1975c5b	208	return TRUE;
	209	} elseif ( $search == SQ_SESSION ) {
	210	break;
	211	}
d9ad2525	212	case SQ_FORM: // check post, get
d1975c5b	213	case SQ_POST:
d1975c5b	214	if( isset($_POST[$name]) ) {
4cd8ae7d	215	$value = $_POST[$name];
d1975c5b	216	return TRUE;
d1975c5b	217	} elseif ( $search == SQ_POST ) {
27d0841c	218	break;
d1975c5b	219	}
	220	case SQ_GET:
	221	if ( isset($_GET[$name]) ) {
	222	$value = $_GET[$name];
	223	return TRUE;
62f7daa5	224	}
d1975c5b	225	/* NO IF HERE. FOR SQ_INORDER CASE, EXIT after GET */
	226	break;
	227	case SQ_COOKIE:
	228	if ( isset($_COOKIE[$name]) ) {
	229	$value = $_COOKIE[$name];
62f7daa5	230	return TRUE;
d1975c5b	231	}
	232	break;
	233	case SQ_SERVER:
d1975c5b	234	if ( isset($_SERVER[$name]) ) {
	235	$value = $_SERVER[$name];
	236	return TRUE;
	237	}
	238	break;
4cd8ae7d	239	}
511f5c33	240	/* Nothing found, return FALSE */
4cd8ae7d	241	return FALSE;
	242	}
	243
8b096f0a	244	/**
	245	* Deletes an existing session, more advanced than the standard PHP
	246	* session_destroy(), it explicitly deletes the cookies and global vars.
	247	*/
513db22c	248	function sqsession_destroy() {
242342d0	249
281c3d5b	250	/*
	251	* php.net says we can kill the cookie by setting just the name:
	252	* http://www.php.net/manual/en/function.setcookie.php
	253	* maybe this will help fix the session merging again.
	254	*
	255	* Changed the theory on this to kill the cookies first starting
	256	* a new session will provide a new session for all instances of
	257	* the browser, we don't want that, as that is what is causing the
	258	* merging of sessions.
	259	*/
242342d0	260
f9902ccb	261	global $base_uri;
f31687f6	262
	263	if (isset($_COOKIE[session_name()])) setcookie(session_name(), '', time() - 5, $base_uri);
	264	if (isset($_COOKIE['username'])) setcookie('username','',time() - 5,$base_uri);
	265	if (isset($_COOKIE['key'])) setcookie('key','',time() - 5,$base_uri);
281c3d5b	266
	267	$sessid = session_id();
	268	if (!empty( $sessid )) {
abd74f7d	269	$_SESSION = array();
21e18f59	270	@session_destroy();
242342d0	271	}
242342d0	272
281c3d5b	273	}
242342d0	274
8b096f0a	275	/**
281c3d5b	276	* Function to verify a session has been started. If it hasn't
	277	* start a session up. php.net doesn't tell you that $_SESSION
	278	* (even though autoglobal), is not created unless a session is
	279	* started, unlike $_POST, $_GET and such
	280	*/
	281
	282	function sqsession_is_active() {
62f7daa5	283
281c3d5b	284	$sessid = session_id();
	285	if ( empty( $sessid ) ) {
	286	session_start();
	287	}
513db22c	288	}
513db22c	289
5673cabe	290	// vim: et ts=4
f8a1ed5a	291	?>