[squirrelmail.git] / include / init.php

<?php

/**
 * init.php -- initialisation file
 *
 * File should be loaded in every file in src/ or plugins that occupate an entire frame
 *
 * @copyright &copy; 2006 The SquirrelMail Project Team
 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
 * @version $Id$
 * @package squirrelmail
 */

/**
 * This is a development version so in order to track programmer mistakes we
 * set the error reporting to E_ALL
 */
error_reporting(E_ALL);


/**
 * If register_globals are on, unregister globals.
 * Second test covers boolean set as string (php_value register_globals off).
 */
if ((bool) ini_get('register_globals') &&
    strtolower(ini_get('register_globals'))!='off') {
    /**
     * Remove all globals that are not reserved by PHP
     * 'value' and 'key' are used by foreach. Don't unset them inside foreach.
     */
    foreach ($GLOBALS as $key => $value) {
        switch($key) {
        case 'HTTP_POST_VARS':
        case '_POST':
        case 'HTTP_GET_VARS':
        case '_GET':
        case 'HTTP_COOKIE_VARS':
        case '_COOKIE':
        case 'HTTP_SERVER_VARS':
        case '_SERVER':
        case 'HTTP_ENV_VARS':
        case '_ENV':
        case 'HTTP_POST_FILES':
        case '_FILES':
        case '_REQUEST':
        case 'HTTP_SESSION_VARS':
        case '_SESSION':
        case 'GLOBALS':
        case 'key':
        case 'value':
            break;
        case 'sInitLocation':
            // FIXME: variable must be set only in src/login.php
            break;
        default:
            unset($GLOBALS[$key]);
        }
    }
    // Unset variables used in foreach
    unset($GLOBALS['key']);
    unset($GLOBALS['value']);
}

/**
 * [#1518885] session.use_cookies = off breaks SquirrelMail
 *
 * When session cookies are not used, all http redirects, meta refreshes, 
 * src/download.php and javascript URLs are broken. Setting must be set 
 * before session is started.
 */
if (!(bool)ini_get('session.use_cookies') ||
    ini_get('session.use_cookies') == 'off') {
    ini_set('session.use_cookies','1');
}

/**
 * calculate SM_PATH and calculate the base_uri
 * assumptions made: init.php is only called from plugins or from the src dir.
 * files in the plugin directory may not be part of a subdirectory called "src"
 *
 */
if (isset($_SERVER['SCRIPT_NAME'])) {
    $a = explode('/',$_SERVER['SCRIPT_NAME']);
} elseif (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) {
    $a = explode('/',$HTTP_SERVER_VARS['SCRIPT_NAME']);
} else {
    $error = 'Unable to detect script environment. '
	.'Please test your PHP settings and send PHP core config, $_SERVER '
	.'and $HTTP_SERVER_VARS to SquirrelMail developers.';
    die($error);
}
$sSM_PATH = '';
for($i = count($a) -2;$i > -1; --$i) {
    $sSM_PATH .= '../';
    if ($a[$i] === 'src' || $a[$i] === 'plugins') {
        break;
    }
}

$base_uri = implode('/',array_slice($a,0,$i)). '/';

define('SM_PATH',$sSM_PATH);
define('SM_BASE_URI', $base_uri);
/**
 * global var $bInit is used to check if initialisation took place.
 * At this moment it's a workarounf for the include of addrbook_search_html
 * inside compose.php. If we found a better way then remove this. Do only use
 * this var if you know for sure a page can be called stand alone and be included
 * in another file.
 */
$bInit = true;

/**
 * This theme as a failsafe if no themes were found, or if we error
 * out before anything could be initialised.
 */
$color = array();
$color[0]  = '#DCDCDC';  /* light gray    TitleBar               */
$color[1]  = '#800000';  /* red                                  */
$color[2]  = '#CC0000';  /* light red     Warning/Error Messages */
$color[3]  = '#A0B8C8';  /* green-blue    Left Bar Background    */
$color[4]  = '#FFFFFF';  /* white         Normal Background      */
$color[5]  = '#FFFFCC';  /* light yellow  Table Headers          */
$color[6]  = '#000000';  /* black         Text on left bar       */
$color[7]  = '#0000CC';  /* blue          Links                  */
$color[8]  = '#000000';  /* black         Normal text            */
$color[9]  = '#ABABAB';  /* mid-gray      Darker version of #0   */
$color[10] = '#666666';  /* dark gray     Darker version of #9   */
$color[11] = '#770000';  /* dark red      Special Folders color  */
$color[12] = '#EDEDED';
$color[13] = '#800000';  /* (dark red)    Color for quoted text -- > 1 quote */
$color[14] = '#ff0000';  /* (red)         Color for quoted text -- >> 2 or more */
$color[15] = '#002266';  /* (dark blue)   Unselectable folders */
$color[16] = '#ff9933';  /* (orange)      Highlight color */

require(SM_PATH . 'functions/global.php');
require(SM_PATH . 'config/config.php');
require(SM_PATH . 'functions/plugin.php');
require(SM_PATH . 'include/constants.php');
require(SM_PATH . 'include/languages.php');

/**
 * If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
 * Force magic_quotes_runtime off.
 * tassium@squirrelmail.org - I put it here in the hopes that all SM code includes this.
 * If there's a better place, please let me know.
 */
ini_set('magic_quotes_runtime','0');


/* if running with magic_quotes_gpc then strip the slashes
   from POST and GET global arrays */
if (get_magic_quotes_gpc()) {
    sqstripslashes($_GET);
    sqstripslashes($_POST);
}


/* strip any tags added to the url from PHP_SELF.
This fixes hand crafted url XXS expoits for any
   page that uses PHP_SELF as the FORM action */
$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);

$PHP_SELF = php_self();

/**
 * Initialize the session
 */

/** set the name of the session cookie */
if (!isset($session_name) || !$session_name) {
    $session_name = 'SQMSESSID';
}

/**
 * if session.auto_start is On then close the session
 */
$sSessionAutostartName = session_name();
if ((isset($sSessionAutostartName) || $sSessionAutostartName == '') &&
     $sSessionAutostartName !== $session_name) {
    $sCookiePath = ini_get('session.cookie_path');
    $sCookieDomain = ini_get('session.cookie_domain');
    // reset the cookie
    setcookie($sSessionAutostartName,'',time() - 604800,$sCookiePath,$sCookieDomain);
    @session_destroy();
    session_write_close();
}

/**
 * includes from classes stored in the session
 */
require(SM_PATH . 'class/mime.class.php');

ini_set('session.name' , $session_name);
session_set_cookie_params (0, $base_uri);
sqsession_is_active();

/**
 * DISABLED.
 * Remove globalized session data in rg=on setups
 * 
 * Code can be utilized when session is started, but data is not loaded.
 * We have already loaded configuration and other important vars. Can't 
 * clean session globals here.
if ((bool) @ini_get('register_globals') &&
    strtolower(ini_get('register_globals'))!='off') {
    foreach ($_SESSION as $key => $value) {
        unset($GLOBALS[$key]);
    }
}
*/

sqsession_register(SM_BASE_URI,'base_uri');

/**
 * SquirrelMail version number -- DO NOT CHANGE
 */
$version = '1.5.2 [CVS]';

/**
 * SquirrelMail internal version number -- DO NOT CHANGE
 * $sm_internal_version = array (release, major, minor)
 */
$SQM_INTERNAL_VERSION = array(1,5,2);

/**
 * Retrieve the language cookie
 */
if (! sqgetGlobalVar('squirrelmail_language',$squirrelmail_language,SQ_COOKIE)) {
    $squirrelmail_language = '';
}


/**
 * @var $sInitlocation From where do we include.
 */
if (!isset($sInitLocation)) {
    $sInitLocation=NULL;
}

/**
 * MAIN PLUGIN LOADING CODE HERE
 */

/**
 * Include Compatibility plugin if available.
 */
if (file_exists(SM_PATH . 'plugins/compatibility/functions.php'))
    include_once(SM_PATH . 'plugins/compatibility/functions.php');
$squirrelmail_plugin_hooks = array();

/* On init, register all plugins configured for use. */
if (isset($plugins) && is_array($plugins)) {
    // turn on output buffering in order to prevent output of new lines
    ob_start();
    foreach ($plugins as $name) {
        use_plugin($name);
    }
    // get output and remove whitespace
    $output = trim(ob_get_contents());
    ob_end_clean();
    // if plugins output more than newlines and spacing, stop script execution.
    if (!empty($output)) {
        die($output);
    }
}


switch ($sInitLocation) {
    case 'style': session_write_close(); sqsetcookieflush(); break;
    case 'redirect':
        /**
         * directory hashing functions are needed for all setups in case
         * plugins use own pref files.
         */
        require(SM_PATH . 'functions/prefs.php');
        /* hook loads custom prefs backend plugins */
        $prefs_backend = do_hook_function('prefs_backend');
        if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) {
            require(SM_PATH . $prefs_backend);
        } elseif (isset($prefs_dsn) && !empty($prefs_dsn)) {
            require(SM_PATH . 'functions/db_prefs.php');
        } else {
            require(SM_PATH . 'functions/file_prefs.php');
        }
        //nobreak;
    case 'login':
        require(SM_PATH . 'functions/display_messages.php' );
        require(SM_PATH . 'functions/page_header.php');
        require(SM_PATH . 'functions/html.php');
        /**
         * cleanup old cookies with a cookie path the same as the standard php.ini
         * cookie path. All previous SquirrelMail version used the standard php.ini
         * cookie path for storing the session name. That behaviour changed.
         */
        if ($sCookiePath !== SM_BASE_URI) {
            /**
             * do not delete the standard sessions with session.name is i.e. PHPSESSID
             * because they probably belong to other php apps
             */
            if (ini_get('session.name') !== $sSessionAutostartName) {
                sqsetcookie(ini_get('session.name'),'',0,$sCookiePath);
            }
        }
        break;
    default:
        require(SM_PATH . 'functions/display_messages.php' );
        require(SM_PATH . 'functions/page_header.php');
        require(SM_PATH . 'functions/html.php');
        require(SM_PATH . 'functions/strings.php');


        /**
         * Check if we are logged in
         */
        require(SM_PATH . 'functions/auth.php');

        if ( !sqsession_is_registered('user_is_logged_in') ) {
            //  First we store some information in the new session to prevent
            //  information-loss.
            //
            $session_expired_post = $_POST;
            $session_expired_location = $PHP_SELF;
            if (!sqsession_is_registered('session_expired_post')) {
                sqsession_register($session_expired_post,'session_expired_post');
            }
            if (!sqsession_is_registered('session_expired_location')) {
                sqsession_register($session_expired_location,'session_expired_location');
            }
            // signout page will deal with users who aren't logged
            // in on its own; don't show error here
            //
            if (strpos($PHP_SELF, 'signout.php') !== FALSE) {
            return;
            }

            /**
             * Initialize the template object (logout_error uses it)
             */
            require(SM_PATH . 'class/template/template.class.php');
            /*
             * $sTplDir is not initialized when a user is not logged in, so we will use
             * the config file defaults here.  If the neccesary variables are net set,
             * force a default value.
             */
            $aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet );
            $templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default );

            $sTplDir = ( !isset($aTemplateSet[$templateset_default]['PATH']) ?
                         SM_PATH . 'templates/default/' :
                         $aTemplateSet[$templateset_default]['PATH'] );
            $oTemplate = new Template($sTplDir);

            set_up_language($squirrelmail_language, true);
            logout_error( _("You must be logged in to access this page.") );
            exit;
        }

        sqgetGlobalVar('username',$username,SQ_SESSION);

        /**
         * Setting the prefs backend
         */
        sqgetGlobalVar('prefs_cache', $prefs_cache, SQ_SESSION );
        sqgetGlobalVar('prefs_are_cached', $prefs_are_cached, SQ_SESSION );

        if ( !sqsession_is_registered('prefs_are_cached') ||
            !isset( $prefs_cache) ||
            !is_array( $prefs_cache)) {
            $prefs_are_cached = false;
            $prefs_cache = false; //array();
        }

        /* see 'redirect' switch */
        require(SM_PATH . 'functions/prefs.php');

        $prefs_backend = do_hook_function('prefs_backend');
        if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) {
            require(SM_PATH . $prefs_backend);
        } elseif (isset($prefs_dsn) && !empty($prefs_dsn)) {
            require(SM_PATH . 'functions/db_prefs.php');
        } else {
            require(SM_PATH . 'functions/file_prefs.php');
        }

        /**
         * initializing user settings
         */
        require(SM_PATH . 'include/load_prefs.php');


// i do not understand the frames language cookie story
        /**
         * We'll need this to later have a noframes version
         *
         * Check if the user has a language preference, but no cookie.
         * Send him a cookie with his language preference, if there is
         * such discrepancy.
         */
         $my_language = getPref($data_dir, $username, 'language');
         if ($my_language != $squirrelmail_language) {
             sqsetcookie('squirrelmail_language', $my_language, time()+2592000, $base_uri);
         }
// /dont understand

        /**
         * Set up the language.
         */
        $err=set_up_language(getPref($data_dir, $username, 'language'));
        /* this is the last cookie we set so flush it. */
        sqsetcookieflush();

        // Japanese translation used without mbstring support
        if ($err==2) {
            $sError =
                "<p>You need to have PHP installed with the multibyte string function \n".
                "enabled (using configure option --enable-mbstring).</p>\n".
                "<p>System assumed that you accidently switched to Japanese translation \n".
                "and reverted your language preference to English.</p>\n".
                "<p>Please refresh this page in order to use webmail.</p>\n";
            error_box($sError);
        }

        $timeZone = getPref($data_dir, $username, 'timezone');

        /* Check to see if we are allowed to set the TZ environment variable.
         * We are able to do this if ...
         *   safe_mode is disabled OR
         *   safe_mode_allowed_env_vars is empty (you are allowed to set any) OR
         *   safe_mode_allowed_env_vars contains TZ
         */
        $tzChangeAllowed = (!ini_get('safe_mode')) ||
                            !strcmp(ini_get('safe_mode_allowed_env_vars'),'') ||
                            preg_match('/^([\w_]+,)*TZ/', ini_get('safe_mode_allowed_env_vars'));

        if ( $timeZone != SMPREF_NONE && ($timeZone != "")
            && $tzChangeAllowed ) {

            // get time zone key, if strict or custom strict timezones are used
            if (isset($time_zone_type) &&
                ($time_zone_type == 1 || $time_zone_type == 3)) {
                /* load time zone functions */
                require(SM_PATH . 'include/timezones.php');
                $realTimeZone = sq_get_tz_key($timeZone);
            } else {
                $realTimeZone = $timeZone;
            }

            // set time zone
            if ($realTimeZone) {
                putenv("TZ=".$realTimeZone);
            }
        }

        /**
         * php 5.1.0 added time zone functions. Set time zone with them in order
         * to prevent E_STRICT notices and allow time zone modifications in safe_mode.
         */
        if (function_exists('date_default_timezone_set')) {
            if ($timeZone != SMPREF_NONE && $timeZone != "") {
                date_default_timezone_set($timeZone);
            } else {
                // interface runs on server's time zone. Remove php E_STRICT complains
                $default_timezone = @date_default_timezone_get();
                date_default_timezone_set($default_timezone);        
            }
        }
        break;
}

/**
 * Initialize the template object
 */
require(SM_PATH . 'class/template/template.class.php');
/*
 * $sTplDir is not initialized when a user is not logged in, so we will use
 * the config file defaults here.  If the neccesary variables are net set,
 * force a default value.
 */
$aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet );
$templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default );

$sTplDir = ( !isset($aTemplateSet[$templateset_default]['PATH']) ?
             SM_PATH . 'templates/default/' :
             $aTemplateSet[$templateset_default]['PATH'] );
$oTemplate = new Template($sTplDir);

/**
 * Initialize our custom error handler object
 */
require(SM_PATH . 'class/error.class.php');
$oErrorHandler = new ErrorHandler($oTemplate,'error_message.tpl');

/**
 * Activate custom error handling
 */
if (version_compare(PHP_VERSION, "4.3.0", ">=")) {
    $oldErrorHandler = set_error_handler(array($oErrorHandler, 'SquirrelMailErrorhandler'));
} else {
    $oldErrorHandler = set_error_handler('SquirrelMailErrorhandler');
}

/**
 * Javascript support detection function
 * @param boolean $reset recheck javascript support if set to true.
 * @return integer SMPREF_JS_ON or SMPREF_JS_OFF ({@see include/constants.php})
 * @since 1.5.1
 */
function checkForJavascript($reset = FALSE) {
  global $data_dir, $username, $javascript_on, $javascript_setting;

  if ( !$reset && sqGetGlobalVar('javascript_on', $javascript_on, SQ_SESSION) )
    return $javascript_on;

  if ( $reset || !isset($javascript_setting) )
    $javascript_setting = getPref($data_dir, $username, 'javascript_setting', SMPREF_JS_AUTODETECT);

  if ( !sqGetGlobalVar('new_js_autodetect_results', $js_autodetect_results) &&
       !sqGetGlobalVar('js_autodetect_results', $js_autodetect_results) )
    $js_autodetect_results = SMPREF_JS_OFF;

  if ( $javascript_setting == SMPREF_JS_AUTODETECT )
    $javascript_on = $js_autodetect_results;
  else
    $javascript_on = $javascript_setting;

  sqsession_register($javascript_on, 'javascript_on');
  return $javascript_on;
}

function sqm_baseuri() {
    global $base_uri;
    return $base_uri;
}
Commit	Line	Data
202bcbcc	1	<?php
	2
	3	/**
	4	* init.php -- initialisation file
	5	*
	6	* File should be loaded in every file in src/ or plugins that occupate an entire frame
	7	*
	8	* @copyright © 2006 The SquirrelMail Project Team
	9	* @license http://opensource.org/licenses/gpl-license.php GNU Public License
	10	* @version $Id$
	11	* @package squirrelmail
	12	*/
	13
202bcbcc	14	/**
	15	* This is a development version so in order to track programmer mistakes we
	16	* set the error reporting to E_ALL
	17	*/
202bcbcc	18	error_reporting(E_ALL);
	19
	20
6a2a6e44	21	/**
6a2a6e44	22	* If register_globals are on, unregister globals.
a3b99374	23	* Second test covers boolean set as string (php_value register_globals off).
6a2a6e44	24	*/
55dd9abf	25	if ((bool) ini_get('register_globals') &&
a3b99374	26	strtolower(ini_get('register_globals'))!='off') {
6a2a6e44	27	/**
55dd9abf	28	* Remove all globals that are not reserved by PHP
55dd9abf	29	* 'value' and 'key' are used by foreach. Don't unset them inside foreach.
6a2a6e44	30	*/
55dd9abf	31	foreach ($GLOBALS as $key => $value) {
	32	switch($key) {
	33	case 'HTTP_POST_VARS':
	34	case '_POST':
	35	case 'HTTP_GET_VARS':
	36	case '_GET':
	37	case 'HTTP_COOKIE_VARS':
	38	case '_COOKIE':
	39	case 'HTTP_SERVER_VARS':
	40	case '_SERVER':
	41	case 'HTTP_ENV_VARS':
	42	case '_ENV':
	43	case 'HTTP_POST_FILES':
	44	case '_FILES':
	45	case '_REQUEST':
	46	case 'HTTP_SESSION_VARS':
	47	case '_SESSION':
	48	case 'GLOBALS':
	49	case 'key':
	50	case 'value':
	51	break;
	52	case 'sInitLocation':
	53	// FIXME: variable must be set only in src/login.php
	54	break;
	55	default:
	56	unset($GLOBALS[$key]);
	57	}
6a2a6e44	58	}
55dd9abf	59	// Unset variables used in foreach
	60	unset($GLOBALS['key']);
	61	unset($GLOBALS['value']);
6a2a6e44	62	}
6a2a6e44	63
71efd1ed	64	/**
	65	* [#1518885] session.use_cookies = off breaks SquirrelMail
	66	*
	67	* When session cookies are not used, all http redirects, meta refreshes,
	68	* src/download.php and javascript URLs are broken. Setting must be set
	69	* before session is started.
	70	*/
	71	if (!(bool)ini_get('session.use_cookies') \|\|
	72	ini_get('session.use_cookies') == 'off') {
	73	ini_set('session.use_cookies','1');
	74	}
6a2a6e44	75
202bcbcc	76	/**
	77	* calculate SM_PATH and calculate the base_uri
	78	* assumptions made: init.php is only called from plugins or from the src dir.
	79	* files in the plugin directory may not be part of a subdirectory called "src"
	80	*
	81	*/
	82	if (isset($_SERVER['SCRIPT_NAME'])) {
	83	$a = explode('/',$_SERVER['SCRIPT_NAME']);
	84	} elseif (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) {
b0829edf	85	$a = explode('/',$HTTP_SERVER_VARS['SCRIPT_NAME']);
	86	} else {
	87	$error = 'Unable to detect script environment. '
	88	.'Please test your PHP settings and send PHP core config, $_SERVER '
	89	.'and $HTTP_SERVER_VARS to SquirrelMail developers.';
	90	die($error);
202bcbcc	91	}
	92	$sSM_PATH = '';
	93	for($i = count($a) -2;$i > -1; --$i) {
	94	$sSM_PATH .= '../';
	95	if ($a[$i] === 'src' \|\| $a[$i] === 'plugins') {
	96	break;
	97	}
	98	}
	99
	100	$base_uri = implode('/',array_slice($a,0,$i)). '/';
	101
202bcbcc	102	define('SM_PATH',$sSM_PATH);
6a2a6e44	103	define('SM_BASE_URI', $base_uri);
202bcbcc	104	/**
	105	* global var $bInit is used to check if initialisation took place.
	106	* At this moment it's a workarounf for the include of addrbook_search_html
	107	* inside compose.php. If we found a better way then remove this. Do only use
	108	* this var if you know for sure a page can be called stand alone and be included
	109	* in another file.
	110	*/
	111	$bInit = true;
	112
8e1e2794	113	/**
	114	* This theme as a failsafe if no themes were found, or if we error
	115	* out before anything could be initialised.
	116	*/
	117	$color = array();
	118	$color[0] = '#DCDCDC'; /* light gray TitleBar */
	119	$color[1] = '#800000'; /* red */
	120	$color[2] = '#CC0000'; /* light red Warning/Error Messages */
	121	$color[3] = '#A0B8C8'; /* green-blue Left Bar Background */
	122	$color[4] = '#FFFFFF'; /* white Normal Background */
	123	$color[5] = '#FFFFCC'; /* light yellow Table Headers */
	124	$color[6] = '#000000'; /* black Text on left bar */
	125	$color[7] = '#0000CC'; /* blue Links */
	126	$color[8] = '#000000'; /* black Normal text */
	127	$color[9] = '#ABABAB'; /* mid-gray Darker version of #0 */
	128	$color[10] = '#666666'; /* dark gray Darker version of #9 */
	129	$color[11] = '#770000'; /* dark red Special Folders color */
	130	$color[12] = '#EDEDED';
	131	$color[13] = '#800000'; /* (dark red) Color for quoted text -- > 1 quote */
	132	$color[14] = '#ff0000'; /* (red) Color for quoted text -- >> 2 or more */
	133	$color[15] = '#002266'; /* (dark blue) Unselectable folders */
	134	$color[16] = '#ff9933'; /* (orange) Highlight color */
	135
202bcbcc	136	require(SM_PATH . 'functions/global.php');
	137	require(SM_PATH . 'config/config.php');
	138	require(SM_PATH . 'functions/plugin.php');
	139	require(SM_PATH . 'include/constants.php');
	140	require(SM_PATH . 'include/languages.php');
	141
	142	/**
	143	* If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
	144	* Force magic_quotes_runtime off.
	145	* tassium@squirrelmail.org - I put it here in the hopes that all SM code includes this.
	146	* If there's a better place, please let me know.
	147	*/
	148	ini_set('magic_quotes_runtime','0');
	149
	150
	151	/* if running with magic_quotes_gpc then strip the slashes
	152	from POST and GET global arrays */
	153	if (get_magic_quotes_gpc()) {
	154	sqstripslashes($_GET);
	155	sqstripslashes($_POST);
	156	}
	157
202bcbcc	158
	159	/* strip any tags added to the url from PHP_SELF.
	160	This fixes hand crafted url XXS expoits for any
	161	page that uses PHP_SELF as the FORM action */
	162	$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
	163
	164	$PHP_SELF = php_self();
	165
	166	/**
	167	* Initialize the session
	168	*/
	169
e8c4e350	170	/** set the name of the session cookie */
	171	if (!isset($session_name) \|\| !$session_name) {
	172	$session_name = 'SQMSESSID';
	173	}
	174
	175	/**
	176	* if session.auto_start is On then close the session
1d537493	177	*/
	178	$sSessionAutostartName = session_name();
	179	if ((isset($sSessionAutostartName) \|\| $sSessionAutostartName == '') &&
	180	$sSessionAutostartName !== $session_name) {
	181	$sCookiePath = ini_get('session.cookie_path');
	182	$sCookieDomain = ini_get('session.cookie_domain');
e8c4e350	183	// reset the cookie
1d537493	184	setcookie($sSessionAutostartName,'',time() - 604800,$sCookiePath,$sCookieDomain);
e8c4e350	185	@session_destroy();
e8c4e350	186	session_write_close();
1d537493	187	}
e8c4e350	188
202bcbcc	189	/**
	190	* includes from classes stored in the session
	191	*/
	192	require(SM_PATH . 'class/mime.class.php');
	193
202bcbcc	194	ini_set('session.name' , $session_name);
	195	session_set_cookie_params (0, $base_uri);
	196	sqsession_is_active();
	197
202bcbcc	198	/**
3464e1f4	199	* DISABLED.
202bcbcc	200	* Remove globalized session data in rg=on setups
3464e1f4	201	*
	202	* Code can be utilized when session is started, but data is not loaded.
	203	* We have already loaded configuration and other important vars. Can't
	204	* clean session globals here.
	205	if ((bool) @ini_get('register_globals') &&
	206	strtolower(ini_get('register_globals'))!='off') {
202bcbcc	207	foreach ($_SESSION as $key => $value) {
	208	unset($GLOBALS[$key]);
	209	}
	210	}
3464e1f4	211	*/
6a2a6e44	212
826ddd72	213	sqsession_register(SM_BASE_URI,'base_uri');
6a2a6e44	214
e8c4e350	215	/**
	216	* SquirrelMail version number -- DO NOT CHANGE
	217	*/
	218	$version = '1.5.2 [CVS]';
	219
1d537493	220	/**
	221	* SquirrelMail internal version number -- DO NOT CHANGE
	222	* $sm_internal_version = array (release, major, minor)
	223	*/
	224	$SQM_INTERNAL_VERSION = array(1,5,2);
	225
202bcbcc	226	/**
	227	* Retrieve the language cookie
	228	*/
	229	if (! sqgetGlobalVar('squirrelmail_language',$squirrelmail_language,SQ_COOKIE)) {
	230	$squirrelmail_language = '';
	231	}
	232
	233
	234	/**
	235	* @var $sInitlocation From where do we include.
	236	*/
	237	if (!isset($sInitLocation)) {
	238	$sInitLocation=NULL;
	239	}
	240
	241	/**
	242	* MAIN PLUGIN LOADING CODE HERE
	243	*/
	244
	245	/**
	246	* Include Compatibility plugin if available.
	247	*/
	248	if (file_exists(SM_PATH . 'plugins/compatibility/functions.php'))
	249	include_once(SM_PATH . 'plugins/compatibility/functions.php');
	250	$squirrelmail_plugin_hooks = array();
	251
	252	/* On init, register all plugins configured for use. */
	253	if (isset($plugins) && is_array($plugins)) {
	254	// turn on output buffering in order to prevent output of new lines
	255	ob_start();
	256	foreach ($plugins as $name) {
	257	use_plugin($name);
	258	}
	259	// get output and remove whitespace
	260	$output = trim(ob_get_contents());
	261	ob_end_clean();
	262	// if plugins output more than newlines and spacing, stop script execution.
	263	if (!empty($output)) {
	264	die($output);
	265	}
	266	}
	267
	268
	269	switch ($sInitLocation) {
	270	case 'style': session_write_close(); sqsetcookieflush(); break;
	271	case 'redirect':
4d2f7565	272	/**
826ddd72	273	* directory hashing functions are needed for all setups in case
4d2f7565	274	* plugins use own pref files.
	275	*/
	276	require(SM_PATH . 'functions/prefs.php');
	277	/* hook loads custom prefs backend plugins */
202bcbcc	278	$prefs_backend = do_hook_function('prefs_backend');
	279	if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) {
	280	require(SM_PATH . $prefs_backend);
	281	} elseif (isset($prefs_dsn) && !empty($prefs_dsn)) {
	282	require(SM_PATH . 'functions/db_prefs.php');
	283	} else {
202bcbcc	284	require(SM_PATH . 'functions/file_prefs.php');
	285	}
	286	//nobreak;
	287	case 'login':
	288	require(SM_PATH . 'functions/display_messages.php' );
	289	require(SM_PATH . 'functions/page_header.php');
	290	require(SM_PATH . 'functions/html.php');
1d537493	291	/**
	292	* cleanup old cookies with a cookie path the same as the standard php.ini
	293	* cookie path. All previous SquirrelMail version used the standard php.ini
	294	* cookie path for storing the session name. That behaviour changed.
	295	*/
	296	if ($sCookiePath !== SM_BASE_URI) {
	297	/**
	298	* do not delete the standard sessions with session.name is i.e. PHPSESSID
	299	* because they probably belong to other php apps
	300	*/
	301	if (ini_get('session.name') !== $sSessionAutostartName) {
	302	sqsetcookie(ini_get('session.name'),'',0,$sCookiePath);
	303	}
	304	}
202bcbcc	305	break;
	306	default:
	307	require(SM_PATH . 'functions/display_messages.php' );
	308	require(SM_PATH . 'functions/page_header.php');
	309	require(SM_PATH . 'functions/html.php');
	310	require(SM_PATH . 'functions/strings.php');
	311
	312
	313	/**
	314	* Check if we are logged in
	315	*/
	316	require(SM_PATH . 'functions/auth.php');
	317
	318	if ( !sqsession_is_registered('user_is_logged_in') ) {
	319	// First we store some information in the new session to prevent
	320	// information-loss.
	321	//
	322	$session_expired_post = $_POST;
	323	$session_expired_location = $PHP_SELF;
	324	if (!sqsession_is_registered('session_expired_post')) {
	325	sqsession_register($session_expired_post,'session_expired_post');
	326	}
	327	if (!sqsession_is_registered('session_expired_location')) {
	328	sqsession_register($session_expired_location,'session_expired_location');
	329	}
	330	// signout page will deal with users who aren't logged
	331	// in on its own; don't show error here
	332	//
	333	if (strpos($PHP_SELF, 'signout.php') !== FALSE) {
	334	return;
	335	}
	336
8efadc6b	337	/**
	338	* Initialize the template object (logout_error uses it)
	339	*/
	340	require(SM_PATH . 'class/template/template.class.php');
	341	/*
	342	* $sTplDir is not initialized when a user is not logged in, so we will use
	343	* the config file defaults here. If the neccesary variables are net set,
	344	* force a default value.
	345	*/
	346	$aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet );
	347	$templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default );
	348
	349	$sTplDir = ( !isset($aTemplateSet[$templateset_default]['PATH']) ?
	350	SM_PATH . 'templates/default/' :
	351	$aTemplateSet[$templateset_default]['PATH'] );
	352	$oTemplate = new Template($sTplDir);
	353
202bcbcc	354	set_up_language($squirrelmail_language, true);
	355	logout_error( _("You must be logged in to access this page.") );
	356	exit;
	357	}
	358
	359	sqgetGlobalVar('username',$username,SQ_SESSION);
	360
	361	/**
	362	* Setting the prefs backend
	363	*/
	364	sqgetGlobalVar('prefs_cache', $prefs_cache, SQ_SESSION );
	365	sqgetGlobalVar('prefs_are_cached', $prefs_are_cached, SQ_SESSION );
	366
	367	if ( !sqsession_is_registered('prefs_are_cached') \|\|
	368	!isset( $prefs_cache) \|\|
	369	!is_array( $prefs_cache)) {
	370	$prefs_are_cached = false;
	371	$prefs_cache = false; //array();
	372	}
	373
4d2f7565	374	/* see 'redirect' switch */
	375	require(SM_PATH . 'functions/prefs.php');
	376
202bcbcc	377	$prefs_backend = do_hook_function('prefs_backend');
	378	if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) {
	379	require(SM_PATH . $prefs_backend);
	380	} elseif (isset($prefs_dsn) && !empty($prefs_dsn)) {
	381	require(SM_PATH . 'functions/db_prefs.php');
	382	} else {
202bcbcc	383	require(SM_PATH . 'functions/file_prefs.php');
	384	}
	385
	386	/**
	387	* initializing user settings
	388	*/
	389	require(SM_PATH . 'include/load_prefs.php');
	390
	391
	392	// i do not understand the frames language cookie story
	393	/**
	394	* We'll need this to later have a noframes version
	395	*
	396	* Check if the user has a language preference, but no cookie.
	397	* Send him a cookie with his language preference, if there is
	398	* such discrepancy.
	399	*/
	400	$my_language = getPref($data_dir, $username, 'language');
	401	if ($my_language != $squirrelmail_language) {
	402	sqsetcookie('squirrelmail_language', $my_language, time()+2592000, $base_uri);
	403	}
	404	// /dont understand
	405
	406	/**
	407	* Set up the language.
	408	*/
	409	$err=set_up_language(getPref($data_dir, $username, 'language'));
	410	/* this is the last cookie we set so flush it. */
	411	sqsetcookieflush();
	412
	413	// Japanese translation used without mbstring support
	414	if ($err==2) {
	415	$sError =
	416	"<p>You need to have PHP installed with the multibyte string function \n".
	417	"enabled (using configure option --enable-mbstring).</p>\n".
	418	"<p>System assumed that you accidently switched to Japanese translation \n".
	419	"and reverted your language preference to English.</p>\n".
	420	"<p>Please refresh this page in order to use webmail.</p>\n";
	421	error_box($sError);
	422	}
	423
	424	$timeZone = getPref($data_dir, $username, 'timezone');
	425
	426	/* Check to see if we are allowed to set the TZ environment variable.
	427	* We are able to do this if ...
	428	* safe_mode is disabled OR
	429	* safe_mode_allowed_env_vars is empty (you are allowed to set any) OR
	430	* safe_mode_allowed_env_vars contains TZ
	431	*/
	432	$tzChangeAllowed = (!ini_get('safe_mode')) \|\|
	433	!strcmp(ini_get('safe_mode_allowed_env_vars'),'') \|\|
	434	preg_match('/^([\w_]+,)*TZ/', ini_get('safe_mode_allowed_env_vars'));
	435
	436	if ( $timeZone != SMPREF_NONE && ($timeZone != "")
	437	&& $tzChangeAllowed ) {
	438
	439	// get time zone key, if strict or custom strict timezones are used
	440	if (isset($time_zone_type) &&
	441	($time_zone_type == 1 \|\| $time_zone_type == 3)) {
	442	/* load time zone functions */
	443	require(SM_PATH . 'include/timezones.php');
	444	$realTimeZone = sq_get_tz_key($timeZone);
	445	} else {
	446	$realTimeZone = $timeZone;
447	}
448
449	// set time zone
450	if ($realTimeZone) {
451	putenv("TZ=".$realTimeZone);
452	}
453	}
867fed37	454
	455	/**
	456	* php 5.1.0 added time zone functions. Set time zone with them in order
	457	* to prevent E_STRICT notices and allow time zone modifications in safe_mode.
	458	*/
	459	if (function_exists('date_default_timezone_set')) {
	460	if ($timeZone != SMPREF_NONE && $timeZone != "") {
	461	date_default_timezone_set($timeZone);
	462	} else {
	463	// interface runs on server's time zone. Remove php E_STRICT complains
	464	$default_timezone = @date_default_timezone_get();
	465	date_default_timezone_set($default_timezone);
	466	}
	467	}
202bcbcc	468	break;
	469	}
	470
	471	/**
	472	* Initialize the template object
	473	*/
	474	require(SM_PATH . 'class/template/template.class.php');
	475	/*
	476	* $sTplDir is not initialized when a user is not logged in, so we will use
	477	* the config file defaults here. If the neccesary variables are net set,
	478	* force a default value.
	479	*/
	480	$aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet );
	481	$templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default );
	482
	483	$sTplDir = ( !isset($aTemplateSet[$templateset_default]['PATH']) ?
	484	SM_PATH . 'templates/default/' :
	485	$aTemplateSet[$templateset_default]['PATH'] );
	486	$oTemplate = new Template($sTplDir);
	487
	488	/**
	489	* Initialize our custom error handler object
	490	*/
	491	require(SM_PATH . 'class/error.class.php');
	492	$oErrorHandler = new ErrorHandler($oTemplate,'error_message.tpl');
	493
	494	/**
	495	* Activate custom error handling
	496	*/
	497	if (version_compare(PHP_VERSION, "4.3.0", ">=")) {
	498	$oldErrorHandler = set_error_handler(array($oErrorHandler, 'SquirrelMailErrorhandler'));
	499	} else {
	500	$oldErrorHandler = set_error_handler('SquirrelMailErrorhandler');
	501	}
	502
	503	/**
	504	* Javascript support detection function
	505	* @param boolean $reset recheck javascript support if set to true.
867fed37	506	* @return integer SMPREF_JS_ON or SMPREF_JS_OFF ({@see include/constants.php})
202bcbcc	507	* @since 1.5.1
202bcbcc	508	*/
202bcbcc	509	function checkForJavascript($reset = FALSE) {
	510	global $data_dir, $username, $javascript_on, $javascript_setting;
	511
	512	if ( !$reset && sqGetGlobalVar('javascript_on', $javascript_on, SQ_SESSION) )
	513	return $javascript_on;
	514
	515	if ( $reset \|\| !isset($javascript_setting) )
	516	$javascript_setting = getPref($data_dir, $username, 'javascript_setting', SMPREF_JS_AUTODETECT);
	517
	518	if ( !sqGetGlobalVar('new_js_autodetect_results', $js_autodetect_results) &&
	519	!sqGetGlobalVar('js_autodetect_results', $js_autodetect_results) )
	520	$js_autodetect_results = SMPREF_JS_OFF;
	521
	522	if ( $javascript_setting == SMPREF_JS_AUTODETECT )
	523	$javascript_on = $js_autodetect_results;
	524	else
	525	$javascript_on = $javascript_setting;
	526
	527	sqsession_register($javascript_on, 'javascript_on');
	528	return $javascript_on;
	529	}
	530
	531	function sqm_baseuri() {
	532	global $base_uri;
	533	return $base_uri;
8e1e2794	534	}