The random number seed generator was creating float values that, when fed to mt_srand...
[squirrelmail.git] / include / init.php
CommitLineData
202bcbcc 1<?php
2
3/**
4 * init.php -- initialisation file
5 *
6 * File should be loaded in every file in src/ or plugins that occupate an entire frame
7 *
8 * @copyright &copy; 2006 The SquirrelMail Project Team
9 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
10 * @version $Id$
11 * @package squirrelmail
12 */
13
202bcbcc 14/**
15 * This is a development version so in order to track programmer mistakes we
16 * set the error reporting to E_ALL
1888b1bf 17FIXME: disabling this for now, because we now have $sm_debug_mode, but the problem with that is that we don't know what it will be until we have loaded the config file, a good 175 lines below after several important files have been included, etc. For now, we'll trust that developers have turned on E_ALL in php.ini anyway, but this can be uncommented if not.
202bcbcc 18 */
1888b1bf 19//error_reporting(E_ALL);
20
202bcbcc 21
202bcbcc 22/**
c7ebdfcf 23 * Make sure we have a page name
24 *
25 */
26if ( !defined('PAGE_NAME') ) define('PAGE_NAME', NULL);
27
28
29/**
6a2a6e44 30 * If register_globals are on, unregister globals.
a3b99374 31 * Second test covers boolean set as string (php_value register_globals off).
6a2a6e44 32 */
55dd9abf 33if ((bool) ini_get('register_globals') &&
a3b99374 34 strtolower(ini_get('register_globals'))!='off') {
6a2a6e44 35 /**
55dd9abf 36 * Remove all globals that are not reserved by PHP
37 * 'value' and 'key' are used by foreach. Don't unset them inside foreach.
6a2a6e44 38 */
55dd9abf 39 foreach ($GLOBALS as $key => $value) {
40 switch($key) {
41 case 'HTTP_POST_VARS':
42 case '_POST':
43 case 'HTTP_GET_VARS':
44 case '_GET':
45 case 'HTTP_COOKIE_VARS':
46 case '_COOKIE':
47 case 'HTTP_SERVER_VARS':
48 case '_SERVER':
49 case 'HTTP_ENV_VARS':
50 case '_ENV':
51 case 'HTTP_POST_FILES':
52 case '_FILES':
53 case '_REQUEST':
54 case 'HTTP_SESSION_VARS':
55 case '_SESSION':
56 case 'GLOBALS':
57 case 'key':
58 case 'value':
59 break;
55dd9abf 60 default:
61 unset($GLOBALS[$key]);
62 }
6a2a6e44 63 }
55dd9abf 64 // Unset variables used in foreach
65 unset($GLOBALS['key']);
66 unset($GLOBALS['value']);
6a2a6e44 67}
68
71efd1ed 69/**
d849b570 70 * Used as a dummy value, e.g., for passing as an empty
e39d00e9 71 * hook argument (where the value is passed by reference,
72 * and therefore NULL itself is not acceptable).
d849b570 73 */
086ad092 74global $null;
d849b570 75$null = NULL;
76
77/**
dbbd586e 78 * The global $server_os variable will be "windows" if
79 * we are working in a Windows environment or "*nix"
80 * otherwise.
81 */
82global $server_os;
83if (DIRECTORY_SEPARATOR == '\\') $server_os = 'windows'; else $server_os = '*nix';
84
85/**
71efd1ed 86 * [#1518885] session.use_cookies = off breaks SquirrelMail
87 *
086ad092 88 * When session cookies are not used, all http redirects, meta refreshes,
89 * src/download.php and javascript URLs are broken. Setting must be set
71efd1ed 90 * before session is started.
91 */
92if (!(bool)ini_get('session.use_cookies') ||
93 ini_get('session.use_cookies') == 'off') {
94 ini_set('session.use_cookies','1');
95}
6a2a6e44 96
79dd8c72 97/**
98 * Initialize seed of random number generator.
99 * We use a number of things to randomize input: current time in ms,
100 * info about the remote client, info about the current process, the
101 * randomness of uniqid and stat of the current file.
102 *
103 * We seed this here only once per init, not only to save cycles
104 * but also to make the result of mt_rand more random (it now also
105 * depends on the number of times mt_rand was called before in this
106 * execution.
107 */
108$seed = microtime() . $_SERVER['REMOTE_PORT'] . $_SERVER['REMOTE_ADDR'] . getmypid();
109
110if (function_exists('getrusage')) {
111 /* Avoid warnings with Win32 */
112 $dat = @getrusage();
113 if (isset($dat) && is_array($dat)) { $seed .= implode('', $dat); }
114}
115
116if(!empty($_SERVER['UNIQUE_ID'])) {
117 $seed .= $_SERVER['UNIQUE_ID'];
118}
119
120$seed .= uniqid(mt_rand(),TRUE);
121$seed .= implode( '', stat( __FILE__) );
122
8313aa5e 123// mt_srand() uses an integer to seed, so we need to distill our
124// very large seed to something useful (without taking a sub-string,
125// the integer conversion of such a large number is always 0 on
126// many systems, but strangely, 9 hex numbers - even if larger
127// than a signed 32 bit integer - seem to be an acceptable "integer"
128// seed (perhaps it is used as unsigned?)...
129// we may want to revisit this and always force it to be less than
130// 2,147,483,647
131//
132$seed = hexdec(substr(md5($seed), 0, 9));
133
134// PHP 4.2 and up don't require seeding, but their used seed algorithm
135// is of questionable quality, so we keep doing it ourselves. */
136mt_srand($seed);
3f081dd0 137
6a2a6e44 138/**
202bcbcc 139 * calculate SM_PATH and calculate the base_uri
140 * assumptions made: init.php is only called from plugins or from the src dir.
141 * files in the plugin directory may not be part of a subdirectory called "src"
142 *
143 */
144if (isset($_SERVER['SCRIPT_NAME'])) {
3f081dd0 145 $a = explode('/', $_SERVER['SCRIPT_NAME']);
202bcbcc 146} elseif (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) {
3f081dd0 147 $a = explode('/', $HTTP_SERVER_VARS['SCRIPT_NAME']);
b0829edf 148} else {
3f081dd0 149 $error = 'Unable to detect script environment. Please test your PHP '
150 . 'settings and send your PHP core configuration, $_SERVER and '
151 . '$HTTP_SERVER_VARS contents to the SquirrelMail developers.';
b0829edf 152 die($error);
202bcbcc 153}
154$sSM_PATH = '';
3f081dd0 155for($i = count($a) -2; $i > -1; --$i) {
202bcbcc 156 $sSM_PATH .= '../';
157 if ($a[$i] === 'src' || $a[$i] === 'plugins') {
158 break;
159 }
160}
161
3f081dd0 162$base_uri = implode('/', array_slice($a, 0, $i)). '/';
202bcbcc 163
202bcbcc 164define('SM_PATH',$sSM_PATH);
6a2a6e44 165define('SM_BASE_URI', $base_uri);
3f081dd0 166
167
202bcbcc 168/**
169 * global var $bInit is used to check if initialisation took place.
170 * At this moment it's a workarounf for the include of addrbook_search_html
171 * inside compose.php. If we found a better way then remove this. Do only use
172 * this var if you know for sure a page can be called stand alone and be included
173 * in another file.
174 */
175$bInit = true;
176
8e1e2794 177/**
178 * This theme as a failsafe if no themes were found, or if we error
179 * out before anything could be initialised.
180 */
181$color = array();
182$color[0] = '#DCDCDC'; /* light gray TitleBar */
183$color[1] = '#800000'; /* red */
184$color[2] = '#CC0000'; /* light red Warning/Error Messages */
185$color[3] = '#A0B8C8'; /* green-blue Left Bar Background */
186$color[4] = '#FFFFFF'; /* white Normal Background */
187$color[5] = '#FFFFCC'; /* light yellow Table Headers */
188$color[6] = '#000000'; /* black Text on left bar */
189$color[7] = '#0000CC'; /* blue Links */
190$color[8] = '#000000'; /* black Normal text */
191$color[9] = '#ABABAB'; /* mid-gray Darker version of #0 */
192$color[10] = '#666666'; /* dark gray Darker version of #9 */
193$color[11] = '#770000'; /* dark red Special Folders color */
194$color[12] = '#EDEDED';
195$color[13] = '#800000'; /* (dark red) Color for quoted text -- > 1 quote */
196$color[14] = '#ff0000'; /* (red) Color for quoted text -- >> 2 or more */
197$color[15] = '#002266'; /* (dark blue) Unselectable folders */
198$color[16] = '#ff9933'; /* (orange) Highlight color */
199
1888b1bf 200require(SM_PATH . 'include/constants.php');
202bcbcc 201require(SM_PATH . 'functions/global.php');
4ffcf13a 202require(SM_PATH . 'functions/strings.php');
918fcc1d 203require(SM_PATH . 'functions/arrays.php');
67c826ce 204require(SM_PATH . 'functions/files.php');
5e68a08e 205
206/* load default configuration */
207require(SM_PATH . 'config/config_default.php');
208/* reset arrays in default configuration */
209$ldap_server = array();
210$plugins = array();
211$fontsets = array();
5e68a08e 212$aTemplateSet = array();
28294310 213$aTemplateSet[0]['ID'] = 'default';
214$aTemplateSet[0]['NAME'] = 'Default';
01fd1d1a 215
5e68a08e 216/* load site configuration */
202bcbcc 217require(SM_PATH . 'config/config.php');
5e68a08e 218/* load local configuration overrides */
219if (file_exists(SM_PATH . 'config/config_local.php')) {
220 require(SM_PATH . 'config/config_local.php');
221}
222
1888b1bf 223
224/**
225 * Set PHP error reporting level based on the SquirrelMail debug mode
226 */
227$error_level = 0;
228if ($sm_debug_mode & SM_DEBUG_MODE_SIMPLE)
229 $error_level |= E_ERROR;
230if ($sm_debug_mode & SM_DEBUG_MODE_MODERATE
231 || $sm_debug_mode & SM_DEBUG_MODE_ADVANCED)
232 $error_level |= E_ALL;
233if ($sm_debug_mode & SM_DEBUG_MODE_STRICT)
234 $error_level |= E_STRICT;
235error_reporting($error_level);
236
237
202bcbcc 238require(SM_PATH . 'functions/plugin.php');
202bcbcc 239require(SM_PATH . 'include/languages.php');
42b5e8aa 240require(SM_PATH . 'class/template/Template.class.php');
5ab684a5 241require(SM_PATH . 'class/error.class.php');
202bcbcc 242
243/**
244 * If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
245 * Force magic_quotes_runtime off.
246 * tassium@squirrelmail.org - I put it here in the hopes that all SM code includes this.
247 * If there's a better place, please let me know.
248 */
249ini_set('magic_quotes_runtime','0');
250
251
252/* if running with magic_quotes_gpc then strip the slashes
253 from POST and GET global arrays */
430a19f3 254if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc()) {
202bcbcc 255 sqstripslashes($_GET);
256 sqstripslashes($_POST);
257}
258
202bcbcc 259
260/* strip any tags added to the url from PHP_SELF.
261This fixes hand crafted url XXS expoits for any
262 page that uses PHP_SELF as the FORM action */
263$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
264
265$PHP_SELF = php_self();
266
267/**
268 * Initialize the session
269 */
270
e8c4e350 271/** set the name of the session cookie */
272if (!isset($session_name) || !$session_name) {
273 $session_name = 'SQMSESSID';
274}
275
276/**
319ad3c0 277 * When session.auto_start is On we want to destroy/close the session
1d537493 278 */
279$sSessionAutostartName = session_name();
ccb5faf0 280$sSessionAutostartID = session_id();
281if (!empty($sSessionAutostartID) && $sSessionAutostartName !== $session_name) {
1d537493 282 $sCookiePath = ini_get('session.cookie_path');
283 $sCookieDomain = ini_get('session.cookie_domain');
e8c4e350 284 // reset the cookie
ccb5faf0 285 sqsetcookie($sSessionAutostartName,'',1,$sCookiePath,$sCookieDomain);
e8c4e350 286 @session_destroy();
287 session_write_close();
1d537493 288}
e8c4e350 289
202bcbcc 290/**
291 * includes from classes stored in the session
292 */
293require(SM_PATH . 'class/mime.class.php');
294
202bcbcc 295ini_set('session.name' , $session_name);
296session_set_cookie_params (0, $base_uri);
297sqsession_is_active();
298
202bcbcc 299/**
319ad3c0 300 * When on login page, have to reset the user session, making
301 * sure to save session restore data first
302 */
303if (PAGE_NAME == 'login') {
304 if (!sqGetGlobalVar('session_expired_post', $sep, SQ_SESSION))
305 $sep = '';
306 if (!sqGetGlobalVar('session_expired_location', $sel, SQ_SESSION))
307 $sel = '';
308 sqsession_destroy();
309 session_write_close();
310
311 /**
312 * in some rare instances, the session seems to stick
313 * around even after destroying it (!!), so if it does,
314 * we'll manually flatten the $_SESSION data
315 */
316 if (!empty($_SESSION))
317 $_SESSION = array();
318
bc3acc5a 319 /**
320 * Allow administrators to define custom session handlers
321 * for SquirrelMail without needing to change anything in
322 * php.ini (application-level).
323 *
324 * In config_local.php, admin needs to put:
325 *
326 * $custom_session_handlers = array(
327 * 'my_open_handler',
328 * 'my_close_handler',
329 * 'my_read_handler',
330 * 'my_write_handler',
331 * 'my_destroy_handler',
332 * 'my_gc_handler',
333 * );
334 * session_module_name('user');
335 * session_set_save_handler(
336 * $custom_session_handlers[0],
337 * $custom_session_handlers[1],
338 * $custom_session_handlers[2],
339 * $custom_session_handlers[3],
340 * $custom_session_handlers[4],
341 * $custom_session_handlers[5]
342 * );
343 *
344 * We need to replicate that code once here because PHP has
345 * long had a bug that resets the session handler mechanism
346 * when the session data is also destroyed. Because of this
347 * bug, even administrators who define custom session handlers
348 * via a PHP pre-load defined in php.ini (auto_prepend_file)
349 * will still need to define the $custom_session_handlers array
350 * in config_local.php.
351 */
352 global $custom_session_handlers;
353 if (!empty($custom_session_handlers)) {
354 $open = $custom_session_handlers[0];
355 $close = $custom_session_handlers[1];
356 $read = $custom_session_handlers[2];
357 $write = $custom_session_handlers[3];
358 $destroy = $custom_session_handlers[4];
359 $gc = $custom_session_handlers[5];
360 session_module_name('user');
361 session_set_save_handler($open, $close, $read, $write, $destroy, $gc);
362 }
363
319ad3c0 364 sqsession_is_active();
365 session_regenerate_id();
ef33def6 366
367 // put session restore data back into session if necessary
368 if (!empty($sel)) {
369 sqsession_register($sel, 'session_expired_location');
370 if (!empty($sep))
371 sqsession_register($sep, 'session_expired_post');
372 }
319ad3c0 373}
374
375/**
5aed95be 376 * SquirrelMail internal version number -- DO NOT CHANGE
377 * $sm_internal_version = array (release, major, minor)
378 */
a895042a 379$SQM_INTERNAL_VERSION = explode('.', SM_VERSION, 3);
b37e457f 380$SQM_INTERNAL_VERSION[2] = intval($SQM_INTERNAL_VERSION[2]);
5aed95be 381
93d67e0d 382
6d5775db 383/* load prefs system; even when user not logged in, should be OK to do this here */
384require(SM_PATH . 'functions/prefs.php');
385
6d5775db 386
086ad092 387/* if plugins are disabled only for one user and
93d67e0d 388 * the current user is NOT that user, turn them
389 * back on
390 */
0d56053e 391sqgetGlobalVar('username', $username, SQ_SESSION);
93d67e0d 392if ($disable_plugins && !empty($disable_plugins_user)
393 && $username != $disable_plugins_user) {
394 $disable_plugins = false;
395}
396
4a9f6063 397
93d67e0d 398/* remove all plugins if they are disabled */
399if ($disable_plugins) {
400 $plugins = array();
401}
402
403
5aed95be 404/**
405 * Include Compatibility plugin if available.
406 */
93d67e0d 407if (!$disable_plugins && file_exists(SM_PATH . 'plugins/compatibility/functions.php'))
5aed95be 408 include_once(SM_PATH . 'plugins/compatibility/functions.php');
409
4a9f6063 410
5aed95be 411/**
412 * MAIN PLUGIN LOADING CODE HERE
086ad092 413 * On init, we no longer need to load all plugin setup files.
5aed95be 414 * Now, we load the statically generated hook registrations here
415 * and let the hook calls include only the plugins needed.
416 */
417$squirrelmail_plugin_hooks = array();
93d67e0d 418if (!$disable_plugins && file_exists(SM_PATH . 'config/plugin_hooks.php')) {
4a9f6063 419//FIXME: if we keep the plugin hooks array static like this, it seems like we should also keep the template files list in a static file too (when a new user session is started or the template set is changed, the code will dynamically iterate through the directory heirarchy of the template directory and catalog all the template files therein (and store the "catalog" in PHP session) -- instead, we could do that once at config-time and keep that static so SM can just include the file just like the line below)
5aed95be 420 require(SM_PATH . 'config/plugin_hooks.php');
421}
422
4a9f6063 423
5aed95be 424/**
4a9f6063 425 * Plugin authors note that the "config_override" hook used to be
426 * executed here, but please adapt your plugin to use this "prefs_backend"
427 * hook instead, making sure that it does NOT return anything, since
428 * doing so will interfere with proper prefs system functionality.
429 * Of course, otherwise, this hook may be used to do any configuration
430 * overrides as needed, as well as set up a custom preferences backend.
5aed95be 431 */
4a9f6063 432$prefs_backend = do_hook('prefs_backend', $null);
433if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) {
434 require(SM_PATH . $prefs_backend);
435} elseif (isset($prefs_dsn) && !empty($prefs_dsn)) {
436 require(SM_PATH . 'functions/db_prefs.php');
437} else {
438 require(SM_PATH . 'functions/file_prefs.php');
439}
440
441
5aed95be 442
443/**
3464e1f4 444 * DISABLED.
202bcbcc 445 * Remove globalized session data in rg=on setups
086ad092 446 *
3464e1f4 447 * Code can be utilized when session is started, but data is not loaded.
086ad092 448 * We have already loaded configuration and other important vars. Can't
aae60854 449 * clean session globals here, beside, the cleanout of globals at the
450 * top of this file will have removed anything this code would find anyway.
3464e1f4 451if ((bool) @ini_get('register_globals') &&
452 strtolower(ini_get('register_globals'))!='off') {
202bcbcc 453 foreach ($_SESSION as $key => $value) {
454 unset($GLOBALS[$key]);
455 }
456}
3464e1f4 457*/
6a2a6e44 458
826ddd72 459sqsession_register(SM_BASE_URI,'base_uri');
6a2a6e44 460
202bcbcc 461/**
462 * Retrieve the language cookie
463 */
464if (! sqgetGlobalVar('squirrelmail_language',$squirrelmail_language,SQ_COOKIE)) {
465 $squirrelmail_language = '';
466}
467
bf3abdc3 468
202bcbcc 469/**
775a1f52 470 * In some cases, buffering all output allows more complex functionality,
471 * especially for plugins that want to add headers on hooks that are beyond
472 * the point of output having been sent to the browser otherwise.
473 *
474 * Note that we don't turn this on any earlier since we want to allow plugins
475 * to turn it on themselves via a configuration override on the prefs_backend
476 * hook.
477 *
478 */
479if ($buffer_output) ob_start(!empty($buffered_output_handler) ? $buffered_output_handler : NULL);
480
481
482/**
f0d28f44 483 * Do something special for some pages. This is based on the PAGE_NAME constant
9e06a3ea 484 * set at the top of every page.
202bcbcc 485 */
0d56053e 486$set_up_langage_after_template_setup = FALSE;
9e06a3ea 487switch (PAGE_NAME) {
086ad092 488 case 'style':
c4e5f61f 489
2b26084f 490 // need to get the right template set up
28294310 491 //
492 sqGetGlobalVar('templateid', $templateid, SQ_GET);
c4e5f61f 493
2b26084f 494 // sanitize just in case...
28294310 495 //
496 $templateid = preg_replace('/(\.\.\/){1,}/', '', $templateid);
497
498 // make sure given template actually is available
499 //
28294310 500 $found_templateset = false;
501 for ($i = 0; $i < count($aTemplateSet); ++$i) {
502 if ($aTemplateSet[$i]['ID'] == $templateid) {
503 $found_templateset = true;
504 break;
505 }
506 }
c4e5f61f 507
be155e14 508// FIXME: do we need/want to check here for actual (physical) presence of template sets?
28294310 509 // selected template not available, fall back to default template
510 //
511 if (!$found_templateset) {
42b5e8aa 512 $sTemplateID = Template::get_default_template_set();
28294310 513 } else {
514 $sTemplateID = $templateid;
c4e5f61f 515 }
516
2b26084f 517 session_write_close();
c4e5f61f 518 break;
519
f0d28f44 520 case 'mailto':
521 // nothing to do
522 break;
523
202bcbcc 524 case 'redirect':
2e616fa4 525 require(SM_PATH . 'functions/auth.php');
202bcbcc 526 //nobreak;
bf3abdc3 527
202bcbcc 528 case 'login':
529 require(SM_PATH . 'functions/display_messages.php' );
530 require(SM_PATH . 'functions/page_header.php');
531 require(SM_PATH . 'functions/html.php');
42b5e8aa 532
533 // reset template file cache
534 //
535 $sTemplateID = Template::get_default_template_set();
d81572f7 536 Template::cache_template_file_hierarchy($sTemplateID, TRUE);
42b5e8aa 537
1d537493 538 /**
01fd1d1a 539 * Make sure icon variables are setup for the login page.
540 */
541 $icon_theme = $icon_themes[$icon_theme_def]['PATH'];
542 /*
543 * NOTE: The $icon_theme_path var should contain the path to the icon
544 * theme to use. If the admin has disabled icons, or the user has
545 * set the icon theme to "None," no icons will be used.
546 */
547 $icon_theme_path = (!$use_icons || $icon_theme=='none') ? NULL : ($icon_theme == 'template' ? SM_PATH . Template::calculate_template_images_directory($sTemplateID) : $icon_theme);
548
202bcbcc 549 break;
550 default:
551 require(SM_PATH . 'functions/display_messages.php' );
552 require(SM_PATH . 'functions/page_header.php');
553 require(SM_PATH . 'functions/html.php');
202bcbcc 554
555
556 /**
557 * Check if we are logged in
558 */
559 require(SM_PATH . 'functions/auth.php');
560
561 if ( !sqsession_is_registered('user_is_logged_in') ) {
f8eb968d 562
563 // use $message to indicate what logout text the user
564 // will see... if 0, typical "You must be logged in"
565 // if 1, information that the user session was saved
566 // and will be resumed after (re)login
567 //
568 $message = 0;
569
202bcbcc 570 // First we store some information in the new session to prevent
571 // information-loss.
572 //
573 $session_expired_post = $_POST;
f8e68605 574 $session_expired_location = PAGE_NAME;
202bcbcc 575 if (!sqsession_is_registered('session_expired_post')) {
576 sqsession_register($session_expired_post,'session_expired_post');
577 }
578 if (!sqsession_is_registered('session_expired_location')) {
579 sqsession_register($session_expired_location,'session_expired_location');
f8e68605 580 if ($session_expired_location == 'compose')
f8eb968d 581 $message = 1;
202bcbcc 582 }
583 // signout page will deal with users who aren't logged
584 // in on its own; don't show error here
585 //
9e06a3ea 586 if ( PAGE_NAME == 'signout' ) {
a140422a 587 return;
202bcbcc 588 }
589
8efadc6b 590 /**
591 * Initialize the template object (logout_error uses it)
592 */
8efadc6b 593 /*
086ad092 594 * $sTemplateID is not initialized when a user is not logged in, so we
595 * will use the config file defaults here. If the neccesary variables
d81572f7 596 * are not set, force a default value.
8efadc6b 597 */
d81572f7 598 if (PAGE_NAME == 'squirrelmail_rpc') {
599 $sTemplateID = Template::get_rpc_template_set();
600 } else {
601 $sTemplateID = Template::get_default_template_set();
602 }
28294310 603 $oTemplate = Template::construct_template($sTemplateID);
8efadc6b 604
202bcbcc 605 set_up_language($squirrelmail_language, true);
f8eb968d 606 if (!$message)
607 logout_error( _("You must be logged in to access this page.") );
608 else
609 logout_error( _("Your session has expired, but will be resumed after logging in again.") );
202bcbcc 610 exit;
611 }
612
79524620 613 sqgetGlobalVar('authz',$authz,SQ_SESSION);
202bcbcc 614
615 /**
616 * Setting the prefs backend
617 */
618 sqgetGlobalVar('prefs_cache', $prefs_cache, SQ_SESSION );
619 sqgetGlobalVar('prefs_are_cached', $prefs_are_cached, SQ_SESSION );
620
621 if ( !sqsession_is_registered('prefs_are_cached') ||
622 !isset( $prefs_cache) ||
623 !is_array( $prefs_cache)) {
624 $prefs_are_cached = false;
625 $prefs_cache = false; //array();
626 }
627
202bcbcc 628 /**
629 * initializing user settings
630 */
631 require(SM_PATH . 'include/load_prefs.php');
632
202bcbcc 633 /**
634 * We'll need this to later have a noframes version
635 *
636 * Check if the user has a language preference, but no cookie.
637 * Send him a cookie with his language preference, if there is
638 * such discrepancy.
639 */
640 $my_language = getPref($data_dir, $username, 'language');
641 if ($my_language != $squirrelmail_language) {
642 sqsetcookie('squirrelmail_language', $my_language, time()+2592000, $base_uri);
643 }
202bcbcc 644
0d56053e 645 $set_up_langage_after_template_setup = TRUE;
202bcbcc 646
647 $timeZone = getPref($data_dir, $username, 'timezone');
648
649 /* Check to see if we are allowed to set the TZ environment variable.
650 * We are able to do this if ...
651 * safe_mode is disabled OR
652 * safe_mode_allowed_env_vars is empty (you are allowed to set any) OR
653 * safe_mode_allowed_env_vars contains TZ
654 */
655 $tzChangeAllowed = (!ini_get('safe_mode')) ||
656 !strcmp(ini_get('safe_mode_allowed_env_vars'),'') ||
657 preg_match('/^([\w_]+,)*TZ/', ini_get('safe_mode_allowed_env_vars'));
658
659 if ( $timeZone != SMPREF_NONE && ($timeZone != "")
660 && $tzChangeAllowed ) {
661
662 // get time zone key, if strict or custom strict timezones are used
663 if (isset($time_zone_type) &&
664 ($time_zone_type == 1 || $time_zone_type == 3)) {
665 /* load time zone functions */
666 require(SM_PATH . 'include/timezones.php');
667 $realTimeZone = sq_get_tz_key($timeZone);
668 } else {
669 $realTimeZone = $timeZone;
670 }
671
672 // set time zone
673 if ($realTimeZone) {
674 putenv("TZ=".$realTimeZone);
675 }
676 }
867fed37 677
678 /**
679 * php 5.1.0 added time zone functions. Set time zone with them in order
680 * to prevent E_STRICT notices and allow time zone modifications in safe_mode.
681 */
682 if (function_exists('date_default_timezone_set')) {
683 if ($timeZone != SMPREF_NONE && $timeZone != "") {
684 date_default_timezone_set($timeZone);
685 } else {
686 // interface runs on server's time zone. Remove php E_STRICT complains
687 $default_timezone = @date_default_timezone_get();
086ad092 688 date_default_timezone_set($default_timezone);
867fed37 689 }
690 }
202bcbcc 691 break;
692}
693
202bcbcc 694/*
086ad092 695 * $sTemplateID is not initialized when a user is not logged in, so we
696 * will use the config file defaults here. If the neccesary variables
28294310 697 * are not set, force a default value.
086ad092 698 *
699 * If the user is logged in, $sTemplateID will be set in load_prefs.php,
28294310 700 * so we shouldn't change it here.
202bcbcc 701 */
28294310 702if (!isset($sTemplateID)) {
d81572f7 703 if (PAGE_NAME == 'squirrelmail_rpc') {
704 $sTemplateID = Template::get_rpc_template_set();
705 } else {
706 $sTemplateID = Template::get_default_template_set();
707 }
28294310 708 $icon_theme_path = !$use_icons ? NULL : Template::calculate_template_images_directory($sTemplateID);
3aa46abc 709}
be155e14 710
711// template object may have already been constructed in load_prefs.php
712//
713if (empty($oTemplate)) {
714 $oTemplate = Template::construct_template($sTemplateID);
715}
202bcbcc 716
7aae649d 717// We want some variables to always be available to the template
551c7b53 718//
e39d00e9 719$oTemplate->assign('javascript_on',
720 (sqGetGlobalVar('user_is_logged_in', $user_is_logged_in, SQ_SESSION)
721 ? checkForJavascript() : 0));
fe8103c2 722$oTemplate->assign('base_uri', sqm_baseuri());
457e8593 723$always_include = array('sTemplateID', 'icon_theme_path');
7aae649d 724foreach ($always_include as $var) {
725 $oTemplate->assign($var, (isset($$var) ? $$var : NULL));
726}
727
551c7b53 728// A few output elements are used often, so just get them once here
729//
730$nbsp = $oTemplate->fetch('non_breaking_space.tpl');
731$br = $oTemplate->fetch('line_break.tpl');
732
0d56053e 733
734/**
735 * Set up the language.
736 *
737 * This code block corresponds to the *default* block of the switch
738 * statement above, but the language cannot be set up until after the
739 * template is instantiated, so we set $set_up_langage_after_template_setup
740 * above and do the linguistic stuff now.
741 */
742if ($set_up_langage_after_template_setup) {
743 $err=set_up_language(getPref($data_dir, $username, 'language'));
744
745 // Japanese translation used without mbstring support
746 if ($err==2) {
747 $sError = "<p>Your administrator needs to have PHP installed with the multibyte string extension enabled (using configure option --enable-mbstring).</p>\n"
748 . "<p>This system has assumed that you accidently switched to Japanese and has reverted your language preference to English.</p>\n"
749 . "<p>Please refresh this page in order to continue using your webmail.</p>\n";
750 error_box($sError);
751 }
752}
753
754
202bcbcc 755/**
756 * Initialize our custom error handler object
757 */
202bcbcc 758$oErrorHandler = new ErrorHandler($oTemplate,'error_message.tpl');
759
0d56053e 760
202bcbcc 761/**
762 * Activate custom error handling
763 */
764if (version_compare(PHP_VERSION, "4.3.0", ">=")) {
765 $oldErrorHandler = set_error_handler(array($oErrorHandler, 'SquirrelMailErrorhandler'));
766} else {
767 $oldErrorHandler = set_error_handler('SquirrelMailErrorhandler');
768}
769
f0d28f44 770
771// ============================================================================
772// ================= End of Live Code, Beginning of Functions =================
773// ============================================================================
774
775
202bcbcc 776/**
777 * Javascript support detection function
778 * @param boolean $reset recheck javascript support if set to true.
867fed37 779 * @return integer SMPREF_JS_ON or SMPREF_JS_OFF ({@see include/constants.php})
202bcbcc 780 * @since 1.5.1
781 */
202bcbcc 782function checkForJavascript($reset = FALSE) {
783 global $data_dir, $username, $javascript_on, $javascript_setting;
784
785 if ( !$reset && sqGetGlobalVar('javascript_on', $javascript_on, SQ_SESSION) )
786 return $javascript_on;
787
e39d00e9 788 $user_is_logged_in = FALSE;
bf3abdc3 789 if ( $reset || !isset($javascript_setting) )
202bcbcc 790 $javascript_setting = getPref($data_dir, $username, 'javascript_setting', SMPREF_JS_AUTODETECT);
791
792 if ( !sqGetGlobalVar('new_js_autodetect_results', $js_autodetect_results) &&
793 !sqGetGlobalVar('js_autodetect_results', $js_autodetect_results) )
794 $js_autodetect_results = SMPREF_JS_OFF;
795
796 if ( $javascript_setting == SMPREF_JS_AUTODETECT )
797 $javascript_on = $js_autodetect_results;
798 else
799 $javascript_on = $javascript_setting;
800
801 sqsession_register($javascript_on, 'javascript_on');
802 return $javascript_on;
803}
804
805function sqm_baseuri() {
806 global $base_uri;
807 return $base_uri;
8e1e2794 808}