202bcbcc |
1 | <?php |
2 | |
3 | /** |
4 | * init.php -- initialisation file |
5 | * |
6 | * File should be loaded in every file in src/ or plugins that occupate an entire frame |
7 | * |
8 | * @copyright © 2006 The SquirrelMail Project Team |
9 | * @license http://opensource.org/licenses/gpl-license.php GNU Public License |
10 | * @version $Id$ |
11 | * @package squirrelmail |
12 | */ |
13 | |
202bcbcc |
14 | /** |
15 | * This is a development version so in order to track programmer mistakes we |
16 | * set the error reporting to E_ALL |
17 | */ |
202bcbcc |
18 | error_reporting(E_ALL); |
19 | |
20 | |
6a2a6e44 |
21 | /** |
22 | * If register_globals are on, unregister globals. |
23 | * Code requires PHP 4.1.0 or newer. |
a3b99374 |
24 | * Second test covers boolean set as string (php_value register_globals off). |
6a2a6e44 |
25 | */ |
826ddd72 |
26 | if ((bool) @ini_get('register_globals') && |
a3b99374 |
27 | strtolower(ini_get('register_globals'))!='off') { |
6a2a6e44 |
28 | /** |
29 | * Remove all globals from $_GET, $_POST, and $_COOKIE. |
30 | */ |
31 | foreach ($_REQUEST as $key => $value) { |
32 | unset($GLOBALS[$key]); |
33 | } |
34 | /** |
35 | * Remove globalized $_FILES variables |
36 | * Before 4.3.0 $_FILES are included in $_REQUEST. |
37 | * Unglobalize them in separate call in order to remove dependency |
38 | * on PHP version. |
39 | */ |
40 | foreach ($_FILES as $key => $value) { |
41 | unset($GLOBALS[$key]); |
42 | // there are three undocumented $_FILES globals. |
43 | unset($GLOBALS[$key.'_type']); |
44 | unset($GLOBALS[$key.'_name']); |
45 | unset($GLOBALS[$key.'_size']); |
46 | } |
47 | /** |
48 | * Remove globalized environment variables. |
49 | */ |
50 | foreach ($_ENV as $key => $value) { |
51 | unset($GLOBALS[$key]); |
52 | } |
53 | /** |
54 | * Remove globalized server variables. |
55 | */ |
56 | foreach ($_SERVER as $key => $value) { |
57 | unset($GLOBALS[$key]); |
58 | } |
59 | } |
60 | |
61 | |
202bcbcc |
62 | /** |
63 | * calculate SM_PATH and calculate the base_uri |
64 | * assumptions made: init.php is only called from plugins or from the src dir. |
65 | * files in the plugin directory may not be part of a subdirectory called "src" |
66 | * |
67 | */ |
68 | if (isset($_SERVER['SCRIPT_NAME'])) { |
69 | $a = explode('/',$_SERVER['SCRIPT_NAME']); |
70 | } elseif (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) { |
71 | $a = explode('/',$_SERVER['SCRIPT_NAME']); |
72 | } |
73 | $sSM_PATH = ''; |
74 | for($i = count($a) -2;$i > -1; --$i) { |
75 | $sSM_PATH .= '../'; |
76 | if ($a[$i] === 'src' || $a[$i] === 'plugins') { |
77 | break; |
78 | } |
79 | } |
80 | |
81 | $base_uri = implode('/',array_slice($a,0,$i)). '/'; |
82 | |
202bcbcc |
83 | define('SM_PATH',$sSM_PATH); |
6a2a6e44 |
84 | define('SM_BASE_URI', $base_uri); |
202bcbcc |
85 | /** |
86 | * global var $bInit is used to check if initialisation took place. |
87 | * At this moment it's a workarounf for the include of addrbook_search_html |
88 | * inside compose.php. If we found a better way then remove this. Do only use |
89 | * this var if you know for sure a page can be called stand alone and be included |
90 | * in another file. |
91 | */ |
92 | $bInit = true; |
93 | |
94 | require(SM_PATH . 'functions/global.php'); |
95 | require(SM_PATH . 'config/config.php'); |
96 | require(SM_PATH . 'functions/plugin.php'); |
97 | require(SM_PATH . 'include/constants.php'); |
98 | require(SM_PATH . 'include/languages.php'); |
99 | |
100 | /** |
101 | * If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways. |
102 | * Force magic_quotes_runtime off. |
103 | * tassium@squirrelmail.org - I put it here in the hopes that all SM code includes this. |
104 | * If there's a better place, please let me know. |
105 | */ |
106 | ini_set('magic_quotes_runtime','0'); |
107 | |
108 | |
109 | /* if running with magic_quotes_gpc then strip the slashes |
110 | from POST and GET global arrays */ |
111 | if (get_magic_quotes_gpc()) { |
112 | sqstripslashes($_GET); |
113 | sqstripslashes($_POST); |
114 | } |
115 | |
202bcbcc |
116 | |
117 | /* strip any tags added to the url from PHP_SELF. |
118 | This fixes hand crafted url XXS expoits for any |
119 | page that uses PHP_SELF as the FORM action */ |
120 | $_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']); |
121 | |
122 | $PHP_SELF = php_self(); |
123 | |
124 | /** |
125 | * Initialize the session |
126 | */ |
127 | |
e8c4e350 |
128 | /** set the name of the session cookie */ |
129 | if (!isset($session_name) || !$session_name) { |
130 | $session_name = 'SQMSESSID'; |
131 | } |
132 | |
133 | /** |
134 | * if session.auto_start is On then close the session |
1d537493 |
135 | */ |
136 | $sSessionAutostartName = session_name(); |
137 | if ((isset($sSessionAutostartName) || $sSessionAutostartName == '') && |
138 | $sSessionAutostartName !== $session_name) { |
139 | $sCookiePath = ini_get('session.cookie_path'); |
140 | $sCookieDomain = ini_get('session.cookie_domain'); |
e8c4e350 |
141 | // reset the cookie |
1d537493 |
142 | setcookie($sSessionAutostartName,'',time() - 604800,$sCookiePath,$sCookieDomain); |
e8c4e350 |
143 | @session_destroy(); |
144 | session_write_close(); |
1d537493 |
145 | } |
e8c4e350 |
146 | |
202bcbcc |
147 | /** |
148 | * includes from classes stored in the session |
149 | */ |
150 | require(SM_PATH . 'class/mime.class.php'); |
151 | |
202bcbcc |
152 | ini_set('session.name' , $session_name); |
153 | session_set_cookie_params (0, $base_uri); |
154 | sqsession_is_active(); |
155 | |
202bcbcc |
156 | /** |
3464e1f4 |
157 | * DISABLED. |
202bcbcc |
158 | * Remove globalized session data in rg=on setups |
3464e1f4 |
159 | * |
160 | * Code can be utilized when session is started, but data is not loaded. |
161 | * We have already loaded configuration and other important vars. Can't |
162 | * clean session globals here. |
163 | if ((bool) @ini_get('register_globals') && |
164 | strtolower(ini_get('register_globals'))!='off') { |
202bcbcc |
165 | foreach ($_SESSION as $key => $value) { |
166 | unset($GLOBALS[$key]); |
167 | } |
168 | } |
3464e1f4 |
169 | */ |
6a2a6e44 |
170 | |
826ddd72 |
171 | sqsession_register(SM_BASE_URI,'base_uri'); |
6a2a6e44 |
172 | |
e8c4e350 |
173 | /** |
174 | * SquirrelMail version number -- DO NOT CHANGE |
175 | */ |
176 | $version = '1.5.2 [CVS]'; |
177 | |
1d537493 |
178 | /** |
179 | * SquirrelMail internal version number -- DO NOT CHANGE |
180 | * $sm_internal_version = array (release, major, minor) |
181 | */ |
182 | $SQM_INTERNAL_VERSION = array(1,5,2); |
183 | |
202bcbcc |
184 | /** |
185 | * Retrieve the language cookie |
186 | */ |
187 | if (! sqgetGlobalVar('squirrelmail_language',$squirrelmail_language,SQ_COOKIE)) { |
188 | $squirrelmail_language = ''; |
189 | } |
190 | |
191 | |
192 | /** |
193 | * @var $sInitlocation From where do we include. |
194 | */ |
195 | if (!isset($sInitLocation)) { |
196 | $sInitLocation=NULL; |
197 | } |
198 | |
199 | /** |
200 | * MAIN PLUGIN LOADING CODE HERE |
201 | */ |
202 | |
203 | /** |
204 | * Include Compatibility plugin if available. |
205 | */ |
206 | if (file_exists(SM_PATH . 'plugins/compatibility/functions.php')) |
207 | include_once(SM_PATH . 'plugins/compatibility/functions.php'); |
208 | $squirrelmail_plugin_hooks = array(); |
209 | |
210 | /* On init, register all plugins configured for use. */ |
211 | if (isset($plugins) && is_array($plugins)) { |
212 | // turn on output buffering in order to prevent output of new lines |
213 | ob_start(); |
214 | foreach ($plugins as $name) { |
215 | use_plugin($name); |
216 | } |
217 | // get output and remove whitespace |
218 | $output = trim(ob_get_contents()); |
219 | ob_end_clean(); |
220 | // if plugins output more than newlines and spacing, stop script execution. |
221 | if (!empty($output)) { |
222 | die($output); |
223 | } |
224 | } |
225 | |
226 | |
227 | switch ($sInitLocation) { |
228 | case 'style': session_write_close(); sqsetcookieflush(); break; |
229 | case 'redirect': |
4d2f7565 |
230 | /** |
826ddd72 |
231 | * directory hashing functions are needed for all setups in case |
4d2f7565 |
232 | * plugins use own pref files. |
233 | */ |
234 | require(SM_PATH . 'functions/prefs.php'); |
235 | /* hook loads custom prefs backend plugins */ |
202bcbcc |
236 | $prefs_backend = do_hook_function('prefs_backend'); |
237 | if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) { |
238 | require(SM_PATH . $prefs_backend); |
239 | } elseif (isset($prefs_dsn) && !empty($prefs_dsn)) { |
240 | require(SM_PATH . 'functions/db_prefs.php'); |
241 | } else { |
202bcbcc |
242 | require(SM_PATH . 'functions/file_prefs.php'); |
243 | } |
244 | //nobreak; |
245 | case 'login': |
246 | require(SM_PATH . 'functions/display_messages.php' ); |
247 | require(SM_PATH . 'functions/page_header.php'); |
248 | require(SM_PATH . 'functions/html.php'); |
1d537493 |
249 | /** |
250 | * cleanup old cookies with a cookie path the same as the standard php.ini |
251 | * cookie path. All previous SquirrelMail version used the standard php.ini |
252 | * cookie path for storing the session name. That behaviour changed. |
253 | */ |
254 | if ($sCookiePath !== SM_BASE_URI) { |
255 | /** |
256 | * do not delete the standard sessions with session.name is i.e. PHPSESSID |
257 | * because they probably belong to other php apps |
258 | */ |
259 | if (ini_get('session.name') !== $sSessionAutostartName) { |
260 | sqsetcookie(ini_get('session.name'),'',0,$sCookiePath); |
261 | } |
262 | } |
202bcbcc |
263 | break; |
264 | default: |
265 | require(SM_PATH . 'functions/display_messages.php' ); |
266 | require(SM_PATH . 'functions/page_header.php'); |
267 | require(SM_PATH . 'functions/html.php'); |
268 | require(SM_PATH . 'functions/strings.php'); |
269 | |
270 | |
271 | /** |
272 | * Check if we are logged in |
273 | */ |
274 | require(SM_PATH . 'functions/auth.php'); |
275 | |
276 | if ( !sqsession_is_registered('user_is_logged_in') ) { |
277 | // First we store some information in the new session to prevent |
278 | // information-loss. |
279 | // |
280 | $session_expired_post = $_POST; |
281 | $session_expired_location = $PHP_SELF; |
282 | if (!sqsession_is_registered('session_expired_post')) { |
283 | sqsession_register($session_expired_post,'session_expired_post'); |
284 | } |
285 | if (!sqsession_is_registered('session_expired_location')) { |
286 | sqsession_register($session_expired_location,'session_expired_location'); |
287 | } |
288 | // signout page will deal with users who aren't logged |
289 | // in on its own; don't show error here |
290 | // |
291 | if (strpos($PHP_SELF, 'signout.php') !== FALSE) { |
292 | return; |
293 | } |
294 | |
8efadc6b |
295 | /** |
296 | * Initialize the template object (logout_error uses it) |
297 | */ |
298 | require(SM_PATH . 'class/template/template.class.php'); |
299 | /* |
300 | * $sTplDir is not initialized when a user is not logged in, so we will use |
301 | * the config file defaults here. If the neccesary variables are net set, |
302 | * force a default value. |
303 | */ |
304 | $aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet ); |
305 | $templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default ); |
306 | |
307 | $sTplDir = ( !isset($aTemplateSet[$templateset_default]['PATH']) ? |
308 | SM_PATH . 'templates/default/' : |
309 | $aTemplateSet[$templateset_default]['PATH'] ); |
310 | $oTemplate = new Template($sTplDir); |
311 | |
202bcbcc |
312 | set_up_language($squirrelmail_language, true); |
313 | logout_error( _("You must be logged in to access this page.") ); |
314 | exit; |
315 | } |
316 | |
317 | sqgetGlobalVar('username',$username,SQ_SESSION); |
318 | |
319 | /** |
320 | * Setting the prefs backend |
321 | */ |
322 | sqgetGlobalVar('prefs_cache', $prefs_cache, SQ_SESSION ); |
323 | sqgetGlobalVar('prefs_are_cached', $prefs_are_cached, SQ_SESSION ); |
324 | |
325 | if ( !sqsession_is_registered('prefs_are_cached') || |
326 | !isset( $prefs_cache) || |
327 | !is_array( $prefs_cache)) { |
328 | $prefs_are_cached = false; |
329 | $prefs_cache = false; //array(); |
330 | } |
331 | |
4d2f7565 |
332 | /* see 'redirect' switch */ |
333 | require(SM_PATH . 'functions/prefs.php'); |
334 | |
202bcbcc |
335 | $prefs_backend = do_hook_function('prefs_backend'); |
336 | if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) { |
337 | require(SM_PATH . $prefs_backend); |
338 | } elseif (isset($prefs_dsn) && !empty($prefs_dsn)) { |
339 | require(SM_PATH . 'functions/db_prefs.php'); |
340 | } else { |
202bcbcc |
341 | require(SM_PATH . 'functions/file_prefs.php'); |
342 | } |
343 | |
344 | /** |
345 | * initializing user settings |
346 | */ |
347 | require(SM_PATH . 'include/load_prefs.php'); |
348 | |
349 | |
350 | // i do not understand the frames language cookie story |
351 | /** |
352 | * We'll need this to later have a noframes version |
353 | * |
354 | * Check if the user has a language preference, but no cookie. |
355 | * Send him a cookie with his language preference, if there is |
356 | * such discrepancy. |
357 | */ |
358 | $my_language = getPref($data_dir, $username, 'language'); |
359 | if ($my_language != $squirrelmail_language) { |
360 | sqsetcookie('squirrelmail_language', $my_language, time()+2592000, $base_uri); |
361 | } |
362 | // /dont understand |
363 | |
364 | /** |
365 | * Set up the language. |
366 | */ |
367 | $err=set_up_language(getPref($data_dir, $username, 'language')); |
368 | /* this is the last cookie we set so flush it. */ |
369 | sqsetcookieflush(); |
370 | |
371 | // Japanese translation used without mbstring support |
372 | if ($err==2) { |
373 | $sError = |
374 | "<p>You need to have PHP installed with the multibyte string function \n". |
375 | "enabled (using configure option --enable-mbstring).</p>\n". |
376 | "<p>System assumed that you accidently switched to Japanese translation \n". |
377 | "and reverted your language preference to English.</p>\n". |
378 | "<p>Please refresh this page in order to use webmail.</p>\n"; |
379 | error_box($sError); |
380 | } |
381 | |
382 | $timeZone = getPref($data_dir, $username, 'timezone'); |
383 | |
384 | /* Check to see if we are allowed to set the TZ environment variable. |
385 | * We are able to do this if ... |
386 | * safe_mode is disabled OR |
387 | * safe_mode_allowed_env_vars is empty (you are allowed to set any) OR |
388 | * safe_mode_allowed_env_vars contains TZ |
389 | */ |
390 | $tzChangeAllowed = (!ini_get('safe_mode')) || |
391 | !strcmp(ini_get('safe_mode_allowed_env_vars'),'') || |
392 | preg_match('/^([\w_]+,)*TZ/', ini_get('safe_mode_allowed_env_vars')); |
393 | |
394 | if ( $timeZone != SMPREF_NONE && ($timeZone != "") |
395 | && $tzChangeAllowed ) { |
396 | |
397 | // get time zone key, if strict or custom strict timezones are used |
398 | if (isset($time_zone_type) && |
399 | ($time_zone_type == 1 || $time_zone_type == 3)) { |
400 | /* load time zone functions */ |
401 | require(SM_PATH . 'include/timezones.php'); |
402 | $realTimeZone = sq_get_tz_key($timeZone); |
403 | } else { |
404 | $realTimeZone = $timeZone; |
405 | } |
406 | |
407 | // set time zone |
408 | if ($realTimeZone) { |
409 | putenv("TZ=".$realTimeZone); |
410 | } |
411 | } |
867fed37 |
412 | |
413 | /** |
414 | * php 5.1.0 added time zone functions. Set time zone with them in order |
415 | * to prevent E_STRICT notices and allow time zone modifications in safe_mode. |
416 | */ |
417 | if (function_exists('date_default_timezone_set')) { |
418 | if ($timeZone != SMPREF_NONE && $timeZone != "") { |
419 | date_default_timezone_set($timeZone); |
420 | } else { |
421 | // interface runs on server's time zone. Remove php E_STRICT complains |
422 | $default_timezone = @date_default_timezone_get(); |
423 | date_default_timezone_set($default_timezone); |
424 | } |
425 | } |
202bcbcc |
426 | break; |
427 | } |
428 | |
429 | /** |
430 | * Initialize the template object |
431 | */ |
432 | require(SM_PATH . 'class/template/template.class.php'); |
433 | /* |
434 | * $sTplDir is not initialized when a user is not logged in, so we will use |
435 | * the config file defaults here. If the neccesary variables are net set, |
436 | * force a default value. |
437 | */ |
438 | $aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet ); |
439 | $templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default ); |
440 | |
441 | $sTplDir = ( !isset($aTemplateSet[$templateset_default]['PATH']) ? |
442 | SM_PATH . 'templates/default/' : |
443 | $aTemplateSet[$templateset_default]['PATH'] ); |
444 | $oTemplate = new Template($sTplDir); |
445 | |
446 | /** |
447 | * Initialize our custom error handler object |
448 | */ |
449 | require(SM_PATH . 'class/error.class.php'); |
450 | $oErrorHandler = new ErrorHandler($oTemplate,'error_message.tpl'); |
451 | |
452 | /** |
453 | * Activate custom error handling |
454 | */ |
455 | if (version_compare(PHP_VERSION, "4.3.0", ">=")) { |
456 | $oldErrorHandler = set_error_handler(array($oErrorHandler, 'SquirrelMailErrorhandler')); |
457 | } else { |
458 | $oldErrorHandler = set_error_handler('SquirrelMailErrorhandler'); |
459 | } |
460 | |
461 | /** |
462 | * Javascript support detection function |
463 | * @param boolean $reset recheck javascript support if set to true. |
867fed37 |
464 | * @return integer SMPREF_JS_ON or SMPREF_JS_OFF ({@see include/constants.php}) |
202bcbcc |
465 | * @since 1.5.1 |
466 | */ |
202bcbcc |
467 | function checkForJavascript($reset = FALSE) { |
468 | global $data_dir, $username, $javascript_on, $javascript_setting; |
469 | |
470 | if ( !$reset && sqGetGlobalVar('javascript_on', $javascript_on, SQ_SESSION) ) |
471 | return $javascript_on; |
472 | |
473 | if ( $reset || !isset($javascript_setting) ) |
474 | $javascript_setting = getPref($data_dir, $username, 'javascript_setting', SMPREF_JS_AUTODETECT); |
475 | |
476 | if ( !sqGetGlobalVar('new_js_autodetect_results', $js_autodetect_results) && |
477 | !sqGetGlobalVar('js_autodetect_results', $js_autodetect_results) ) |
478 | $js_autodetect_results = SMPREF_JS_OFF; |
479 | |
480 | if ( $javascript_setting == SMPREF_JS_AUTODETECT ) |
481 | $javascript_on = $js_autodetect_results; |
482 | else |
483 | $javascript_on = $javascript_setting; |
484 | |
485 | sqsession_register($javascript_on, 'javascript_on'); |
486 | return $javascript_on; |
487 | } |
488 | |
489 | function sqm_baseuri() { |
490 | global $base_uri; |
491 | return $base_uri; |
492 | } |