projects / squirrelmail.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Correct documentation
[squirrelmail.git] / include / init.php
CommitLineData
202bcbcc 1<?php
2
3/**
4 * init.php -- initialisation file
5 *
6 * File should be loaded in every file in src/ or plugins that occupate an entire frame
7 *
8 * @copyright &copy; 2006 The SquirrelMail Project Team
9 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
10 * @version $Id$
11 * @package squirrelmail
12 */
13
202bcbcc 14/**
15 * This is a development version so in order to track programmer mistakes we
16 * set the error reporting to E_ALL
1888b1bf 17FIXME: disabling this for now, because we now have $sm_debug_mode, but the problem with that is that we don't know what it will be until we have loaded the config file, a good 175 lines below after several important files have been included, etc. For now, we'll trust that developers have turned on E_ALL in php.ini anyway, but this can be uncommented if not.
202bcbcc 18 */
1888b1bf 19//error_reporting(E_ALL);
20
202bcbcc 21
c7ebdfcf 22/**
23 * Make sure we have a page name
24 *
25 */
26if ( !defined('PAGE_NAME') ) define('PAGE_NAME', NULL);
27
28
6a2a6e44 29/**
30 * If register_globals are on, unregister globals.
a3b99374 31 * Second test covers boolean set as string (php_value register_globals off).
6a2a6e44 32 */
55dd9abf 33if ((bool) ini_get('register_globals') &&
a3b99374 34 strtolower(ini_get('register_globals'))!='off') {
6a2a6e44 35 /**
55dd9abf 36 * Remove all globals that are not reserved by PHP
37 * 'value' and 'key' are used by foreach. Don't unset them inside foreach.
6a2a6e44 38 */
55dd9abf 39 foreach ($GLOBALS as $key => $value) {
40 switch($key) {
41 case 'HTTP_POST_VARS':
42 case '_POST':
43 case 'HTTP_GET_VARS':
44 case '_GET':
45 case 'HTTP_COOKIE_VARS':
46 case '_COOKIE':
47 case 'HTTP_SERVER_VARS':
48 case '_SERVER':
49 case 'HTTP_ENV_VARS':
50 case '_ENV':
51 case 'HTTP_POST_FILES':
52 case '_FILES':
53 case '_REQUEST':
54 case 'HTTP_SESSION_VARS':
55 case '_SESSION':
56 case 'GLOBALS':
57 case 'key':
58 case 'value':
59 break;
55dd9abf 60 default:
61 unset($GLOBALS[$key]);
62 }
6a2a6e44 63 }
55dd9abf 64 // Unset variables used in foreach
65 unset($GLOBALS['key']);
66 unset($GLOBALS['value']);
6a2a6e44 67}
68
d849b570 69/**
70 * Used as a dummy value, e.g., for passing as an empty
e39d00e9 71 * hook argument (where the value is passed by reference,
72 * and therefore NULL itself is not acceptable).
d849b570 73 */
086ad092 74global $null;
d849b570 75$null = NULL;
76
dbbd586e 77/**
78 * The global $server_os variable will be "windows" if
79 * we are working in a Windows environment or "*nix"
80 * otherwise.
81 */
82global $server_os;
83if (DIRECTORY_SEPARATOR == '\\') $server_os = 'windows'; else $server_os = '*nix';
84
71efd1ed 85/**
86 * [#1518885] session.use_cookies = off breaks SquirrelMail
87 *
086ad092 88 * When session cookies are not used, all http redirects, meta refreshes,
89 * src/download.php and javascript URLs are broken. Setting must be set
71efd1ed 90 * before session is started.
91 */
92if (!(bool)ini_get('session.use_cookies') ||
93 ini_get('session.use_cookies') == 'off') {
94 ini_set('session.use_cookies','1');
95}
6a2a6e44 96
79dd8c72 97/**
98 * Initialize seed of random number generator.
99 * We use a number of things to randomize input: current time in ms,
100 * info about the remote client, info about the current process, the
101 * randomness of uniqid and stat of the current file.
102 *
103 * We seed this here only once per init, not only to save cycles
104 * but also to make the result of mt_rand more random (it now also
105 * depends on the number of times mt_rand was called before in this
106 * execution.
107 */
108$seed = microtime() . $_SERVER['REMOTE_PORT'] . $_SERVER['REMOTE_ADDR'] . getmypid();
109
110if (function_exists('getrusage')) {
111 /* Avoid warnings with Win32 */
112 $dat = @getrusage();
113 if (isset($dat) && is_array($dat)) { $seed .= implode('', $dat); }
114}
115
116if(!empty($_SERVER['UNIQUE_ID'])) {
117 $seed .= $_SERVER['UNIQUE_ID'];
118}
119
120$seed .= uniqid(mt_rand(),TRUE);
7428254a 121$seed .= implode('', stat( __FILE__));
79dd8c72 122
8313aa5e 123// mt_srand() uses an integer to seed, so we need to distill our
124// very large seed to something useful (without taking a sub-string,
125// the integer conversion of such a large number is always 0 on
126// many systems, but strangely, 9 hex numbers - even if larger
127// than a signed 32 bit integer - seem to be an acceptable "integer"
128// seed (perhaps it is used as unsigned?)...
129// we may want to revisit this and always force it to be less than
130// 2,147,483,647
131//
132$seed = hexdec(substr(md5($seed), 0, 9));
133
134// PHP 4.2 and up don't require seeding, but their used seed algorithm
135// is of questionable quality, so we keep doing it ourselves. */
136mt_srand($seed);
3f081dd0 137
202bcbcc 138/**
139 * calculate SM_PATH and calculate the base_uri
140 * assumptions made: init.php is only called from plugins or from the src dir.
141 * files in the plugin directory may not be part of a subdirectory called "src"
142 *
143 */
144if (isset($_SERVER['SCRIPT_NAME'])) {
3f081dd0 145 $a = explode('/', $_SERVER['SCRIPT_NAME']);
202bcbcc 146} elseif (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) {
3f081dd0 147 $a = explode('/', $HTTP_SERVER_VARS['SCRIPT_NAME']);
b0829edf 148} else {
3f081dd0 149 $error = 'Unable to detect script environment. Please test your PHP '
150 . 'settings and send your PHP core configuration, $_SERVER and '
151 . '$HTTP_SERVER_VARS contents to the SquirrelMail developers.';
b0829edf 152 die($error);
202bcbcc 153}
154$sSM_PATH = '';
3f081dd0 155for($i = count($a) -2; $i > -1; --$i) {
202bcbcc 156 $sSM_PATH .= '../';
157 if ($a[$i] === 'src' || $a[$i] === 'plugins') {
158 break;
159 }
160}
161
3f081dd0 162$base_uri = implode('/', array_slice($a, 0, $i)). '/';
202bcbcc 163
202bcbcc 164define('SM_PATH',$sSM_PATH);
6a2a6e44 165define('SM_BASE_URI', $base_uri);
3f081dd0 166
167
202bcbcc 168/**
169 * global var $bInit is used to check if initialisation took place.
170 * At this moment it's a workarounf for the include of addrbook_search_html
171 * inside compose.php. If we found a better way then remove this. Do only use
172 * this var if you know for sure a page can be called stand alone and be included
173 * in another file.
174 */
175$bInit = true;
176
8e1e2794 177/**
178 * This theme as a failsafe if no themes were found, or if we error
179 * out before anything could be initialised.
180 */
181$color = array();
182$color[0] = '#DCDCDC'; /* light gray TitleBar */
183$color[1] = '#800000'; /* red */
184$color[2] = '#CC0000'; /* light red Warning/Error Messages */
185$color[3] = '#A0B8C8'; /* green-blue Left Bar Background */
186$color[4] = '#FFFFFF'; /* white Normal Background */
187$color[5] = '#FFFFCC'; /* light yellow Table Headers */
188$color[6] = '#000000'; /* black Text on left bar */
189$color[7] = '#0000CC'; /* blue Links */
190$color[8] = '#000000'; /* black Normal text */
191$color[9] = '#ABABAB'; /* mid-gray Darker version of #0 */
192$color[10] = '#666666'; /* dark gray Darker version of #9 */
193$color[11] = '#770000'; /* dark red Special Folders color */
194$color[12] = '#EDEDED';
195$color[13] = '#800000'; /* (dark red) Color for quoted text -- > 1 quote */
196$color[14] = '#ff0000'; /* (red) Color for quoted text -- >> 2 or more */
197$color[15] = '#002266'; /* (dark blue) Unselectable folders */
198$color[16] = '#ff9933'; /* (orange) Highlight color */
199
1888b1bf 200require(SM_PATH . 'include/constants.php');
202bcbcc 201require(SM_PATH . 'functions/global.php');
4ffcf13a 202require(SM_PATH . 'functions/strings.php');
918fcc1d 203require(SM_PATH . 'functions/arrays.php');
67c826ce 204require(SM_PATH . 'functions/files.php');
5e68a08e 205
206/* load default configuration */
207require(SM_PATH . 'config/config_default.php');
208/* reset arrays in default configuration */
209$ldap_server = array();
210$plugins = array();
211$fontsets = array();
5e68a08e 212$aTemplateSet = array();
28294310 213$aTemplateSet[0]['ID'] = 'default';
214$aTemplateSet[0]['NAME'] = 'Default';
01fd1d1a 215
5e68a08e 216/* load site configuration */
202bcbcc 217require(SM_PATH . 'config/config.php');
5e68a08e 218/* load local configuration overrides */
219if (file_exists(SM_PATH . 'config/config_local.php')) {
220 require(SM_PATH . 'config/config_local.php');
221}
222
1888b1bf 223
224/**
225 * Set PHP error reporting level based on the SquirrelMail debug mode
226 */
227$error_level = 0;
228if ($sm_debug_mode & SM_DEBUG_MODE_SIMPLE)
229 $error_level |= E_ERROR;
230if ($sm_debug_mode & SM_DEBUG_MODE_MODERATE
231 || $sm_debug_mode & SM_DEBUG_MODE_ADVANCED)
232 $error_level |= E_ALL;
233if ($sm_debug_mode & SM_DEBUG_MODE_STRICT)
234 $error_level |= E_STRICT;
235error_reporting($error_level);
236
237
8f557b94 238/**
239 * Detect SSL connections
240 */
241$is_secure_connection = is_ssl_secured_connection();
242
243
202bcbcc 244require(SM_PATH . 'functions/plugin.php');
202bcbcc 245require(SM_PATH . 'include/languages.php');
42b5e8aa 246require(SM_PATH . 'class/template/Template.class.php');
5ab684a5 247require(SM_PATH . 'class/error.class.php');
202bcbcc 248
249/**
250 * If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
251 * Force magic_quotes_runtime off.
252 * tassium@squirrelmail.org - I put it here in the hopes that all SM code includes this.
253 * If there's a better place, please let me know.
254 */
255ini_set('magic_quotes_runtime','0');
256
257
258/* if running with magic_quotes_gpc then strip the slashes
259 from POST and GET global arrays */
430a19f3 260if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc()) {
202bcbcc 261 sqstripslashes($_GET);
262 sqstripslashes($_POST);
263}
264
202bcbcc 265
960b7ec2 266/**
267 * Strip any tags added to the url from PHP_SELF.
268 * This fixes hand crafted url XXS expoits for any
269 * page that uses PHP_SELF as the FORM action
270 * Update: strip_tags() won't catch something like
271 * src/right_main.php?sort=0&startMessage=1&mailbox=INBOX&xxx="><script>window.open("http://example.com")</script>
272 * or
273 * contrib/decrypt_headers.php/%22%20onmouseover=%22alert(%27hello%20world%27)%22%3E
274 * because it doesn't bother with broken tags.
275 * htmlspecialchars() is the preferred method.
276 * QUERY_STRING also needs the same treatment since it is
277 * used in php_self().
278 */
279$_SERVER['PHP_SELF'] = htmlspecialchars($_SERVER['PHP_SELF']);
280$_SERVER['QUERY_STRING'] = htmlspecialchars($_SERVER['QUERY_STRING']);
202bcbcc 281
282$PHP_SELF = php_self();
283
284/**
285 * Initialize the session
286 */
287
e8c4e350 288/** set the name of the session cookie */
289if (!isset($session_name) || !$session_name) {
290 $session_name = 'SQMSESSID';
291}
292
293/**
319ad3c0 294 * When session.auto_start is On we want to destroy/close the session
1d537493 295 */
296$sSessionAutostartName = session_name();
ccb5faf0 297$sSessionAutostartID = session_id();
298if (!empty($sSessionAutostartID) && $sSessionAutostartName !== $session_name) {
1d537493 299 $sCookiePath = ini_get('session.cookie_path');
300 $sCookieDomain = ini_get('session.cookie_domain');
e8c4e350 301 // reset the cookie
ccb5faf0 302 sqsetcookie($sSessionAutostartName,'',1,$sCookiePath,$sCookieDomain);
e8c4e350 303 @session_destroy();
304 session_write_close();
1d537493 305}
e8c4e350 306
202bcbcc 307/**
308 * includes from classes stored in the session
309 */
310require(SM_PATH . 'class/mime.class.php');
311
202bcbcc 312ini_set('session.name' , $session_name);
313session_set_cookie_params (0, $base_uri);
314sqsession_is_active();
315
319ad3c0 316/**
317 * When on login page, have to reset the user session, making
318 * sure to save session restore data first
319 */
320if (PAGE_NAME == 'login') {
321 if (!sqGetGlobalVar('session_expired_post', $sep, SQ_SESSION))
322 $sep = '';
323 if (!sqGetGlobalVar('session_expired_location', $sel, SQ_SESSION))
324 $sel = '';
325 sqsession_destroy();
326 session_write_close();
327
328 /**
329 * in some rare instances, the session seems to stick
330 * around even after destroying it (!!), so if it does,
331 * we'll manually flatten the $_SESSION data
332 */
333 if (!empty($_SESSION))
334 $_SESSION = array();
335
bc3acc5a 336 /**
337 * Allow administrators to define custom session handlers
338 * for SquirrelMail without needing to change anything in
339 * php.ini (application-level).
340 *
341 * In config_local.php, admin needs to put:
342 *
343 * $custom_session_handlers = array(
344 * 'my_open_handler',
345 * 'my_close_handler',
346 * 'my_read_handler',
347 * 'my_write_handler',
348 * 'my_destroy_handler',
349 * 'my_gc_handler',
350 * );
351 * session_module_name('user');
352 * session_set_save_handler(
353 * $custom_session_handlers[0],
354 * $custom_session_handlers[1],
355 * $custom_session_handlers[2],
356 * $custom_session_handlers[3],
357 * $custom_session_handlers[4],
358 * $custom_session_handlers[5]
359 * );
360 *
361 * We need to replicate that code once here because PHP has
362 * long had a bug that resets the session handler mechanism
363 * when the session data is also destroyed. Because of this
364 * bug, even administrators who define custom session handlers
365 * via a PHP pre-load defined in php.ini (auto_prepend_file)
366 * will still need to define the $custom_session_handlers array
367 * in config_local.php.
368 */
369 global $custom_session_handlers;
370 if (!empty($custom_session_handlers)) {
371 $open = $custom_session_handlers[0];
372 $close = $custom_session_handlers[1];
373 $read = $custom_session_handlers[2];
374 $write = $custom_session_handlers[3];
375 $destroy = $custom_session_handlers[4];
376 $gc = $custom_session_handlers[5];
377 session_module_name('user');
378 session_set_save_handler($open, $close, $read, $write, $destroy, $gc);
379 }
380
319ad3c0 381 sqsession_is_active();
382 session_regenerate_id();
ef33def6 383
384 // put session restore data back into session if necessary
385 if (!empty($sel)) {
386 sqsession_register($sel, 'session_expired_location');
387 if (!empty($sep))
388 sqsession_register($sep, 'session_expired_post');
389 }
319ad3c0 390}
391
5aed95be 392/**
393 * SquirrelMail internal version number -- DO NOT CHANGE
394 * $sm_internal_version = array (release, major, minor)
395 */
a895042a 396$SQM_INTERNAL_VERSION = explode('.', SM_VERSION, 3);
b37e457f 397$SQM_INTERNAL_VERSION[2] = intval($SQM_INTERNAL_VERSION[2]);
5aed95be 398
93d67e0d 399
6d5775db 400/* load prefs system; even when user not logged in, should be OK to do this here */
401require(SM_PATH . 'functions/prefs.php');
402
6d5775db 403
086ad092 404/* if plugins are disabled only for one user and
93d67e0d 405 * the current user is NOT that user, turn them
406 * back on
407 */
0d56053e 408sqgetGlobalVar('username', $username, SQ_SESSION);
93d67e0d 409if ($disable_plugins && !empty($disable_plugins_user)
410 && $username != $disable_plugins_user) {
411 $disable_plugins = false;
412}
413
4a9f6063 414
93d67e0d 415/* remove all plugins if they are disabled */
416if ($disable_plugins) {
417 $plugins = array();
418}
419
420
5aed95be 421/**
422 * Include Compatibility plugin if available.
423 */
93d67e0d 424if (!$disable_plugins && file_exists(SM_PATH . 'plugins/compatibility/functions.php'))
5aed95be 425 include_once(SM_PATH . 'plugins/compatibility/functions.php');
426
4a9f6063 427
5aed95be 428/**
429 * MAIN PLUGIN LOADING CODE HERE
086ad092 430 * On init, we no longer need to load all plugin setup files.
5aed95be 431 * Now, we load the statically generated hook registrations here
432 * and let the hook calls include only the plugins needed.
433 */
434$squirrelmail_plugin_hooks = array();
93d67e0d 435if (!$disable_plugins && file_exists(SM_PATH . 'config/plugin_hooks.php')) {
4a9f6063 436//FIXME: if we keep the plugin hooks array static like this, it seems like we should also keep the template files list in a static file too (when a new user session is started or the template set is changed, the code will dynamically iterate through the directory heirarchy of the template directory and catalog all the template files therein (and store the "catalog" in PHP session) -- instead, we could do that once at config-time and keep that static so SM can just include the file just like the line below)
5aed95be 437 require(SM_PATH . 'config/plugin_hooks.php');
438}
439
4a9f6063 440
5aed95be 441/**
4a9f6063 442 * Plugin authors note that the "config_override" hook used to be
443 * executed here, but please adapt your plugin to use this "prefs_backend"
444 * hook instead, making sure that it does NOT return anything, since
445 * doing so will interfere with proper prefs system functionality.
446 * Of course, otherwise, this hook may be used to do any configuration
447 * overrides as needed, as well as set up a custom preferences backend.
5aed95be 448 */
4a9f6063 449$prefs_backend = do_hook('prefs_backend', $null);
450if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) {
451 require(SM_PATH . $prefs_backend);
452} elseif (isset($prefs_dsn) && !empty($prefs_dsn)) {
453 require(SM_PATH . 'functions/db_prefs.php');
454} else {
455 require(SM_PATH . 'functions/file_prefs.php');
456}
457
458
5aed95be 459
202bcbcc 460/**
3464e1f4 461 * DISABLED.
202bcbcc 462 * Remove globalized session data in rg=on setups
086ad092 463 *
3464e1f4 464 * Code can be utilized when session is started, but data is not loaded.
086ad092 465 * We have already loaded configuration and other important vars. Can't
aae60854 466 * clean session globals here, beside, the cleanout of globals at the
467 * top of this file will have removed anything this code would find anyway.
3464e1f4 468if ((bool) @ini_get('register_globals') &&
469 strtolower(ini_get('register_globals'))!='off') {
202bcbcc 470 foreach ($_SESSION as $key => $value) {
471 unset($GLOBALS[$key]);
472 }
473}
3464e1f4 474*/
6a2a6e44 475
826ddd72 476sqsession_register(SM_BASE_URI,'base_uri');
6a2a6e44 477
202bcbcc 478/**
479 * Retrieve the language cookie
480 */
481if (! sqgetGlobalVar('squirrelmail_language',$squirrelmail_language,SQ_COOKIE)) {
482 $squirrelmail_language = '';
483}
484
bf3abdc3 485
775a1f52 486/**
487 * In some cases, buffering all output allows more complex functionality,
488 * especially for plugins that want to add headers on hooks that are beyond
489 * the point of output having been sent to the browser otherwise.
490 *
491 * Note that we don't turn this on any earlier since we want to allow plugins
492 * to turn it on themselves via a configuration override on the prefs_backend
493 * hook.
494 *
495 */
496if ($buffer_output) ob_start(!empty($buffered_output_handler) ? $buffered_output_handler : NULL);
497
498
202bcbcc 499/**
f0d28f44 500 * Do something special for some pages. This is based on the PAGE_NAME constant
9e06a3ea 501 * set at the top of every page.
202bcbcc 502 */
0d56053e 503$set_up_langage_after_template_setup = FALSE;
9e06a3ea 504switch (PAGE_NAME) {
086ad092 505 case 'style':
c4e5f61f 506
2b26084f 507 // need to get the right template set up
28294310 508 //
509 sqGetGlobalVar('templateid', $templateid, SQ_GET);
c4e5f61f 510
2b26084f 511 // sanitize just in case...
28294310 512 //
513 $templateid = preg_replace('/(\.\.\/){1,}/', '', $templateid);
514
515 // make sure given template actually is available
516 //
28294310 517 $found_templateset = false;
518 for ($i = 0; $i < count($aTemplateSet); ++$i) {
519 if ($aTemplateSet[$i]['ID'] == $templateid) {
520 $found_templateset = true;
521 break;
522 }
523 }
c4e5f61f 524
be155e14 525// FIXME: do we need/want to check here for actual (physical) presence of template sets?
28294310 526 // selected template not available, fall back to default template
527 //
528 if (!$found_templateset) {
42b5e8aa 529 $sTemplateID = Template::get_default_template_set();
28294310 530 } else {
531 $sTemplateID = $templateid;
c4e5f61f 532 }
533
2b26084f 534 session_write_close();
c4e5f61f 535 break;
536
f0d28f44 537 case 'mailto':
538 // nothing to do
539 break;
540
202bcbcc 541 case 'redirect':
2e616fa4 542 require(SM_PATH . 'functions/auth.php');
202bcbcc 543 //nobreak;
bf3abdc3 544
202bcbcc 545 case 'login':
546 require(SM_PATH . 'functions/display_messages.php' );
547 require(SM_PATH . 'functions/page_header.php');
548 require(SM_PATH . 'functions/html.php');
42b5e8aa 549
550 // reset template file cache
551 //
552 $sTemplateID = Template::get_default_template_set();
d81572f7 553 Template::cache_template_file_hierarchy($sTemplateID, TRUE);
42b5e8aa 554
01fd1d1a 555 /**
556 * Make sure icon variables are setup for the login page.
557 */
558 $icon_theme = $icon_themes[$icon_theme_def]['PATH'];
559 /*
560 * NOTE: The $icon_theme_path var should contain the path to the icon
561 * theme to use. If the admin has disabled icons, or the user has
562 * set the icon theme to "None," no icons will be used.
563 */
564 $icon_theme_path = (!$use_icons || $icon_theme=='none') ? NULL : ($icon_theme == 'template' ? SM_PATH . Template::calculate_template_images_directory($sTemplateID) : $icon_theme);
565
202bcbcc 566 break;
567 default:
568 require(SM_PATH . 'functions/display_messages.php' );
569 require(SM_PATH . 'functions/page_header.php');
570 require(SM_PATH . 'functions/html.php');
202bcbcc 571
572
573 /**
7428254a 574 * Check if we are logged in and does optional referrer check
202bcbcc 575 */
576 require(SM_PATH . 'functions/auth.php');
577
7428254a 578 global $check_referrer, $domain;
579 if (!sqgetGlobalVar('HTTP_REFERER', $referrer, SQ_SERVER)) $referrer = '';
580 if ($check_referrer == '###DOMAIN###') $check_referrer = $domain;
581 if (!empty($check_referrer)) {
582 $ssl_check_referrer = 'https://' . $check_referrer;
583 $check_referrer = 'http://' . $check_referrer;
584 }
585 if (!sqsession_is_registered('user_is_logged_in')
586 || ($check_referrer && !empty($referrer)
587 && strpos(strtolower($referrer), strtolower($check_referrer)) !== 0
588 && strpos(strtolower($referrer), strtolower($ssl_check_referrer)) !== 0)) {
f8eb968d 589
590 // use $message to indicate what logout text the user
591 // will see... if 0, typical "You must be logged in"
592 // if 1, information that the user session was saved
7428254a 593 // and will be resumed after (re)login, if 2, there
594 // seems to have been a XSS or phishing attack (bad
595 // referrer)
f8eb968d 596 //
597 $message = 0;
598
202bcbcc 599 // First we store some information in the new session to prevent
600 // information-loss.
601 //
602 $session_expired_post = $_POST;
f8e68605 603 $session_expired_location = PAGE_NAME;
202bcbcc 604 if (!sqsession_is_registered('session_expired_post')) {
605 sqsession_register($session_expired_post,'session_expired_post');
606 }
607 if (!sqsession_is_registered('session_expired_location')) {
608 sqsession_register($session_expired_location,'session_expired_location');
f8e68605 609 if ($session_expired_location == 'compose')
f8eb968d 610 $message = 1;
202bcbcc 611 }
7428254a 612
613 // was bad referrer the reason we were rejected?
614 //
615 if (sqsession_is_registered('user_is_logged_in')
616 && $check_referrer && !empty($referrer))
617 $message = 2;
618
202bcbcc 619 // signout page will deal with users who aren't logged
620 // in on its own; don't show error here
621 //
9e06a3ea 622 if ( PAGE_NAME == 'signout' ) {
a140422a 623 return;
202bcbcc 624 }
625
8efadc6b 626 /**
627 * Initialize the template object (logout_error uses it)
628 */
8efadc6b 629 /*
086ad092 630 * $sTemplateID is not initialized when a user is not logged in, so we
631 * will use the config file defaults here. If the neccesary variables
d81572f7 632 * are not set, force a default value.
8efadc6b 633 */
d81572f7 634 if (PAGE_NAME == 'squirrelmail_rpc') {
635 $sTemplateID = Template::get_rpc_template_set();
636 } else {
637 $sTemplateID = Template::get_default_template_set();
638 }
28294310 639 $oTemplate = Template::construct_template($sTemplateID);
8efadc6b 640
202bcbcc 641 set_up_language($squirrelmail_language, true);
f8eb968d 642 if (!$message)
643 logout_error( _("You must be logged in to access this page.") );
7428254a 644 else if ($message == 1)
f8eb968d 645 logout_error( _("Your session has expired, but will be resumed after logging in again.") );
7428254a 646 else if ($message == 2)
647 logout_error( _("The current page request appears to have originated from an unrecognized source.") );
202bcbcc 648 exit;
649 }
650
79524620 651 sqgetGlobalVar('authz',$authz,SQ_SESSION);
202bcbcc 652
653 /**
654 * Setting the prefs backend
655 */
656 sqgetGlobalVar('prefs_cache', $prefs_cache, SQ_SESSION );
657 sqgetGlobalVar('prefs_are_cached', $prefs_are_cached, SQ_SESSION );
658
659 if ( !sqsession_is_registered('prefs_are_cached') ||
660 !isset( $prefs_cache) ||
661 !is_array( $prefs_cache)) {
662 $prefs_are_cached = false;
663 $prefs_cache = false; //array();
664 }
665
202bcbcc 666 /**
667 * initializing user settings
668 */
669 require(SM_PATH . 'include/load_prefs.php');
670
202bcbcc 671 /**
672 * We'll need this to later have a noframes version
673 *
674 * Check if the user has a language preference, but no cookie.
675 * Send him a cookie with his language preference, if there is
676 * such discrepancy.
677 */
678 $my_language = getPref($data_dir, $username, 'language');
679 if ($my_language != $squirrelmail_language) {
680 sqsetcookie('squirrelmail_language', $my_language, time()+2592000, $base_uri);
681 }
202bcbcc 682
0d56053e 683 $set_up_langage_after_template_setup = TRUE;
202bcbcc 684
685 $timeZone = getPref($data_dir, $username, 'timezone');
686
687 /* Check to see if we are allowed to set the TZ environment variable.
688 * We are able to do this if ...
689 * safe_mode is disabled OR
690 * safe_mode_allowed_env_vars is empty (you are allowed to set any) OR
691 * safe_mode_allowed_env_vars contains TZ
692 */
693 $tzChangeAllowed = (!ini_get('safe_mode')) ||
694 !strcmp(ini_get('safe_mode_allowed_env_vars'),'') ||
695 preg_match('/^([\w_]+,)*TZ/', ini_get('safe_mode_allowed_env_vars'));
696
697 if ( $timeZone != SMPREF_NONE && ($timeZone != "")
698 && $tzChangeAllowed ) {
699
700 // get time zone key, if strict or custom strict timezones are used
701 if (isset($time_zone_type) &&
702 ($time_zone_type == 1 || $time_zone_type == 3)) {
703 /* load time zone functions */
704 require(SM_PATH . 'include/timezones.php');
705 $realTimeZone = sq_get_tz_key($timeZone);
706 } else {
707 $realTimeZone = $timeZone;
708 }
709
710 // set time zone
711 if ($realTimeZone) {
712 putenv("TZ=".$realTimeZone);
713 }
714 }
867fed37 715
716 /**
717 * php 5.1.0 added time zone functions. Set time zone with them in order
718 * to prevent E_STRICT notices and allow time zone modifications in safe_mode.
719 */
720 if (function_exists('date_default_timezone_set')) {
721 if ($timeZone != SMPREF_NONE && $timeZone != "") {
722 date_default_timezone_set($timeZone);
723 } else {
724 // interface runs on server's time zone. Remove php E_STRICT complains
725 $default_timezone = @date_default_timezone_get();
086ad092 726 date_default_timezone_set($default_timezone);
867fed37 727 }
728 }
202bcbcc 729 break;
730}
731
202bcbcc 732/*
086ad092 733 * $sTemplateID is not initialized when a user is not logged in, so we
734 * will use the config file defaults here. If the neccesary variables
28294310 735 * are not set, force a default value.
086ad092 736 *
737 * If the user is logged in, $sTemplateID will be set in load_prefs.php,
28294310 738 * so we shouldn't change it here.
202bcbcc 739 */
28294310 740if (!isset($sTemplateID)) {
d81572f7 741 if (PAGE_NAME == 'squirrelmail_rpc') {
742 $sTemplateID = Template::get_rpc_template_set();
743 } else {
744 $sTemplateID = Template::get_default_template_set();
745 }
28294310 746 $icon_theme_path = !$use_icons ? NULL : Template::calculate_template_images_directory($sTemplateID);
3aa46abc 747}
be155e14 748
749// template object may have already been constructed in load_prefs.php
750//
751if (empty($oTemplate)) {
752 $oTemplate = Template::construct_template($sTemplateID);
753}
202bcbcc 754
7aae649d 755// We want some variables to always be available to the template
551c7b53 756//
e39d00e9 757$oTemplate->assign('javascript_on',
758 (sqGetGlobalVar('user_is_logged_in', $user_is_logged_in, SQ_SESSION)
759 ? checkForJavascript() : 0));
fe8103c2 760$oTemplate->assign('base_uri', sqm_baseuri());
457e8593 761$always_include = array('sTemplateID', 'icon_theme_path');
7aae649d 762foreach ($always_include as $var) {
763 $oTemplate->assign($var, (isset($$var) ? $$var : NULL));
764}
765
551c7b53 766// A few output elements are used often, so just get them once here
767//
768$nbsp = $oTemplate->fetch('non_breaking_space.tpl');
769$br = $oTemplate->fetch('line_break.tpl');
770
0d56053e 771
772/**
773 * Set up the language.
774 *
775 * This code block corresponds to the *default* block of the switch
776 * statement above, but the language cannot be set up until after the
777 * template is instantiated, so we set $set_up_langage_after_template_setup
778 * above and do the linguistic stuff now.
779 */
780if ($set_up_langage_after_template_setup) {
781 $err=set_up_language(getPref($data_dir, $username, 'language'));
782
783 // Japanese translation used without mbstring support
784 if ($err==2) {
785 $sError = "<p>Your administrator needs to have PHP installed with the multibyte string extension enabled (using configure option --enable-mbstring).</p>\n"
786 . "<p>This system has assumed that you accidently switched to Japanese and has reverted your language preference to English.</p>\n"
787 . "<p>Please refresh this page in order to continue using your webmail.</p>\n";
788 error_box($sError);
789 }
790}
791
792
202bcbcc 793/**
794 * Initialize our custom error handler object
795 */
202bcbcc 796$oErrorHandler = new ErrorHandler($oTemplate,'error_message.tpl');
797
0d56053e 798
202bcbcc 799/**
800 * Activate custom error handling
801 */
802if (version_compare(PHP_VERSION, "4.3.0", ">=")) {
803 $oldErrorHandler = set_error_handler(array($oErrorHandler, 'SquirrelMailErrorhandler'));
804} else {
805 $oldErrorHandler = set_error_handler('SquirrelMailErrorhandler');
806}
807
f0d28f44 808
809// ============================================================================
810// ================= End of Live Code, Beginning of Functions =================
811// ============================================================================
812
813
202bcbcc 814/**
815 * Javascript support detection function
816 * @param boolean $reset recheck javascript support if set to true.
867fed37 817 * @return integer SMPREF_JS_ON or SMPREF_JS_OFF ({@see include/constants.php})
202bcbcc 818 * @since 1.5.1
819 */
202bcbcc 820function checkForJavascript($reset = FALSE) {
821 global $data_dir, $username, $javascript_on, $javascript_setting;
822
823 if ( !$reset && sqGetGlobalVar('javascript_on', $javascript_on, SQ_SESSION) )
824 return $javascript_on;
825
960b7ec2 826 //FIXME: this isn't used anywhere else in this function; can we remove it? why is it here?
e39d00e9 827 $user_is_logged_in = FALSE;
bf3abdc3 828 if ( $reset || !isset($javascript_setting) )
202bcbcc 829 $javascript_setting = getPref($data_dir, $username, 'javascript_setting', SMPREF_JS_AUTODETECT);
830
831 if ( !sqGetGlobalVar('new_js_autodetect_results', $js_autodetect_results) &&
832 !sqGetGlobalVar('js_autodetect_results', $js_autodetect_results) )
833 $js_autodetect_results = SMPREF_JS_OFF;
834
835 if ( $javascript_setting == SMPREF_JS_AUTODETECT )
836 $javascript_on = $js_autodetect_results;
837 else
838 $javascript_on = $javascript_setting;
839
840 sqsession_register($javascript_on, 'javascript_on');
841 return $javascript_on;
842}
843
844function sqm_baseuri() {
845 global $base_uri;
846 return $base_uri;
8e1e2794 847}
Unnamed repository; edit this file 'description' to name the repository.