[squirrelmail.git] / include / init.php

<?php

/**
 * init.php -- initialisation file
 *
 * File should be loaded in every file in src/ or plugins that occupate an entire frame
 *
 * @copyright &copy; 2006 The SquirrelMail Project Team
 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
 * @version $Id$
 * @package squirrelmail
 */

/**
 * This is a development version so in order to track programmer mistakes we
 * set the error reporting to E_ALL
 */
error_reporting(E_ALL);


/**
 * If register_globals are on, unregister globals.
 * Code requires PHP 4.1.0 or newer.
 * Second test covers boolean set as string (php_value register_globals off).
 */
if ((bool) @ini_get('register_globals') &&
    strtolower(ini_get('register_globals'))!='off') {
    /**
     * Remove all globals from $_GET, $_POST, and $_COOKIE.
     */
    foreach ($_REQUEST as $key => $value) {
        unset($GLOBALS[$key]);
    }
    /**
     * Remove globalized $_FILES variables
     * Before 4.3.0 $_FILES are included in $_REQUEST.
     * Unglobalize them in separate call in order to remove dependency
     * on PHP version.
     */
    foreach ($_FILES as $key => $value) {
        unset($GLOBALS[$key]);
        // there are three undocumented $_FILES globals.
        unset($GLOBALS[$key.'_type']);
        unset($GLOBALS[$key.'_name']);
        unset($GLOBALS[$key.'_size']);
    }
    /**
     * Remove globalized environment variables.
     */
    foreach ($_ENV as $key => $value) {
        unset($GLOBALS[$key]);
    }
    /**
     * Remove globalized server variables.
     */
    foreach ($_SERVER as $key => $value) {
        unset($GLOBALS[$key]);
    }
}

/**
 * [#1518885] session.use_cookies = off breaks SquirrelMail
 *
 * When session cookies are not used, all http redirects, meta refreshes, 
 * src/download.php and javascript URLs are broken. Setting must be set 
 * before session is started.
 */
if (!(bool)ini_get('session.use_cookies') ||
    ini_get('session.use_cookies') == 'off') {
    ini_set('session.use_cookies','1');
}

/**
 * calculate SM_PATH and calculate the base_uri
 * assumptions made: init.php is only called from plugins or from the src dir.
 * files in the plugin directory may not be part of a subdirectory called "src"
 *
 */
if (isset($_SERVER['SCRIPT_NAME'])) {
    $a = explode('/',$_SERVER['SCRIPT_NAME']);
} elseif (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) {
    $a = explode('/',$_SERVER['SCRIPT_NAME']);
}
$sSM_PATH = '';
for($i = count($a) -2;$i > -1; --$i) {
    $sSM_PATH .= '../';
    if ($a[$i] === 'src' || $a[$i] === 'plugins') {
        break;
    }
}

$base_uri = implode('/',array_slice($a,0,$i)). '/';

define('SM_PATH',$sSM_PATH);
define('SM_BASE_URI', $base_uri);
/**
 * global var $bInit is used to check if initialisation took place.
 * At this moment it's a workarounf for the include of addrbook_search_html
 * inside compose.php. If we found a better way then remove this. Do only use
 * this var if you know for sure a page can be called stand alone and be included
 * in another file.
 */
$bInit = true;

/**
 * This theme as a failsafe if no themes were found, or if we error
 * out before anything could be initialised.
 */
$color = array();
$color[0]  = '#DCDCDC';  /* light gray    TitleBar               */
$color[1]  = '#800000';  /* red                                  */
$color[2]  = '#CC0000';  /* light red     Warning/Error Messages */
$color[3]  = '#A0B8C8';  /* green-blue    Left Bar Background    */
$color[4]  = '#FFFFFF';  /* white         Normal Background      */
$color[5]  = '#FFFFCC';  /* light yellow  Table Headers          */
$color[6]  = '#000000';  /* black         Text on left bar       */
$color[7]  = '#0000CC';  /* blue          Links                  */
$color[8]  = '#000000';  /* black         Normal text            */
$color[9]  = '#ABABAB';  /* mid-gray      Darker version of #0   */
$color[10] = '#666666';  /* dark gray     Darker version of #9   */
$color[11] = '#770000';  /* dark red      Special Folders color  */
$color[12] = '#EDEDED';
$color[13] = '#800000';  /* (dark red)    Color for quoted text -- > 1 quote */
$color[14] = '#ff0000';  /* (red)         Color for quoted text -- >> 2 or more */
$color[15] = '#002266';  /* (dark blue)   Unselectable folders */
$color[16] = '#ff9933';  /* (orange)      Highlight color */

require(SM_PATH . 'functions/global.php');
require(SM_PATH . 'config/config.php');
require(SM_PATH . 'functions/plugin.php');
require(SM_PATH . 'include/constants.php');
require(SM_PATH . 'include/languages.php');

/**
 * If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
 * Force magic_quotes_runtime off.
 * tassium@squirrelmail.org - I put it here in the hopes that all SM code includes this.
 * If there's a better place, please let me know.
 */
ini_set('magic_quotes_runtime','0');


/* if running with magic_quotes_gpc then strip the slashes
   from POST and GET global arrays */
if (get_magic_quotes_gpc()) {
    sqstripslashes($_GET);
    sqstripslashes($_POST);
}


/* strip any tags added to the url from PHP_SELF.
This fixes hand crafted url XXS expoits for any
   page that uses PHP_SELF as the FORM action */
$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);

$PHP_SELF = php_self();

/**
 * Initialize the session
 */

/** set the name of the session cookie */
if (!isset($session_name) || !$session_name) {
    $session_name = 'SQMSESSID';
}

/**
 * if session.auto_start is On then close the session
 */
$sSessionAutostartName = session_name();
if ((isset($sSessionAutostartName) || $sSessionAutostartName == '') &&
     $sSessionAutostartName !== $session_name) {
    $sCookiePath = ini_get('session.cookie_path');
    $sCookieDomain = ini_get('session.cookie_domain');
    // reset the cookie
    setcookie($sSessionAutostartName,'',time() - 604800,$sCookiePath,$sCookieDomain);
    @session_destroy();
    session_write_close();
}

/**
 * includes from classes stored in the session
 */
require(SM_PATH . 'class/mime.class.php');

ini_set('session.name' , $session_name);
session_set_cookie_params (0, $base_uri);
sqsession_is_active();

/**
 * DISABLED.
 * Remove globalized session data in rg=on setups
 * 
 * Code can be utilized when session is started, but data is not loaded.
 * We have already loaded configuration and other important vars. Can't 
 * clean session globals here.
if ((bool) @ini_get('register_globals') &&
    strtolower(ini_get('register_globals'))!='off') {
    foreach ($_SESSION as $key => $value) {
        unset($GLOBALS[$key]);
    }
}
*/

sqsession_register(SM_BASE_URI,'base_uri');

/**
 * SquirrelMail version number -- DO NOT CHANGE
 */
$version = '1.5.2 [CVS]';

/**
 * SquirrelMail internal version number -- DO NOT CHANGE
 * $sm_internal_version = array (release, major, minor)
 */
$SQM_INTERNAL_VERSION = array(1,5,2);

/**
 * Retrieve the language cookie
 */
if (! sqgetGlobalVar('squirrelmail_language',$squirrelmail_language,SQ_COOKIE)) {
    $squirrelmail_language = '';
}


/**
 * @var $sInitlocation From where do we include.
 */
if (!isset($sInitLocation)) {
    $sInitLocation=NULL;
}

/**
 * MAIN PLUGIN LOADING CODE HERE
 */

/**
 * Include Compatibility plugin if available.
 */
if (file_exists(SM_PATH . 'plugins/compatibility/functions.php'))
    include_once(SM_PATH . 'plugins/compatibility/functions.php');
$squirrelmail_plugin_hooks = array();

/* On init, register all plugins configured for use. */
if (isset($plugins) && is_array($plugins)) {
    // turn on output buffering in order to prevent output of new lines
    ob_start();
    foreach ($plugins as $name) {
        use_plugin($name);
    }
    // get output and remove whitespace
    $output = trim(ob_get_contents());
    ob_end_clean();
    // if plugins output more than newlines and spacing, stop script execution.
    if (!empty($output)) {
        die($output);
    }
}


switch ($sInitLocation) {
    case 'style': session_write_close(); sqsetcookieflush(); break;
    case 'redirect':
        /**
         * directory hashing functions are needed for all setups in case
         * plugins use own pref files.
         */
        require(SM_PATH . 'functions/prefs.php');
        /* hook loads custom prefs backend plugins */
        $prefs_backend = do_hook_function('prefs_backend');
        if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) {
            require(SM_PATH . $prefs_backend);
        } elseif (isset($prefs_dsn) && !empty($prefs_dsn)) {
            require(SM_PATH . 'functions/db_prefs.php');
        } else {
            require(SM_PATH . 'functions/file_prefs.php');
        }
        //nobreak;
    case 'login':
        require(SM_PATH . 'functions/display_messages.php' );
        require(SM_PATH . 'functions/page_header.php');
        require(SM_PATH . 'functions/html.php');
        /**
         * cleanup old cookies with a cookie path the same as the standard php.ini
         * cookie path. All previous SquirrelMail version used the standard php.ini
         * cookie path for storing the session name. That behaviour changed.
         */
        if ($sCookiePath !== SM_BASE_URI) {
            /**
             * do not delete the standard sessions with session.name is i.e. PHPSESSID
             * because they probably belong to other php apps
             */
            if (ini_get('session.name') !== $sSessionAutostartName) {
                sqsetcookie(ini_get('session.name'),'',0,$sCookiePath);
            }
        }
        break;
    default:
        require(SM_PATH . 'functions/display_messages.php' );
        require(SM_PATH . 'functions/page_header.php');
        require(SM_PATH . 'functions/html.php');
        require(SM_PATH . 'functions/strings.php');


        /**
         * Check if we are logged in
         */
        require(SM_PATH . 'functions/auth.php');

        if ( !sqsession_is_registered('user_is_logged_in') ) {
            //  First we store some information in the new session to prevent
            //  information-loss.
            //
            $session_expired_post = $_POST;
            $session_expired_location = $PHP_SELF;
            if (!sqsession_is_registered('session_expired_post')) {
                sqsession_register($session_expired_post,'session_expired_post');
            }
            if (!sqsession_is_registered('session_expired_location')) {
                sqsession_register($session_expired_location,'session_expired_location');
            }
            // signout page will deal with users who aren't logged
            // in on its own; don't show error here
            //
            if (strpos($PHP_SELF, 'signout.php') !== FALSE) {
            return;
            }

            /**
             * Initialize the template object (logout_error uses it)
             */
            require(SM_PATH . 'class/template/template.class.php');
            /*
             * $sTplDir is not initialized when a user is not logged in, so we will use
             * the config file defaults here.  If the neccesary variables are net set,
             * force a default value.
             */
            $aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet );
            $templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default );

            $sTplDir = ( !isset($aTemplateSet[$templateset_default]['PATH']) ?
                         SM_PATH . 'templates/default/' :
                         $aTemplateSet[$templateset_default]['PATH'] );
            $oTemplate = new Template($sTplDir);

            set_up_language($squirrelmail_language, true);
            logout_error( _("You must be logged in to access this page.") );
            exit;
        }

        sqgetGlobalVar('username',$username,SQ_SESSION);

        /**
         * Setting the prefs backend
         */
        sqgetGlobalVar('prefs_cache', $prefs_cache, SQ_SESSION );
        sqgetGlobalVar('prefs_are_cached', $prefs_are_cached, SQ_SESSION );

        if ( !sqsession_is_registered('prefs_are_cached') ||
            !isset( $prefs_cache) ||
            !is_array( $prefs_cache)) {
            $prefs_are_cached = false;
            $prefs_cache = false; //array();
        }

        /* see 'redirect' switch */
        require(SM_PATH . 'functions/prefs.php');

        $prefs_backend = do_hook_function('prefs_backend');
        if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) {
            require(SM_PATH . $prefs_backend);
        } elseif (isset($prefs_dsn) && !empty($prefs_dsn)) {
            require(SM_PATH . 'functions/db_prefs.php');
        } else {
            require(SM_PATH . 'functions/file_prefs.php');
        }

        /**
         * initializing user settings
         */
        require(SM_PATH . 'include/load_prefs.php');


// i do not understand the frames language cookie story
        /**
         * We'll need this to later have a noframes version
         *
         * Check if the user has a language preference, but no cookie.
         * Send him a cookie with his language preference, if there is
         * such discrepancy.
         */
         $my_language = getPref($data_dir, $username, 'language');
         if ($my_language != $squirrelmail_language) {
             sqsetcookie('squirrelmail_language', $my_language, time()+2592000, $base_uri);
         }
// /dont understand

        /**
         * Set up the language.
         */
        $err=set_up_language(getPref($data_dir, $username, 'language'));
        /* this is the last cookie we set so flush it. */
        sqsetcookieflush();

        // Japanese translation used without mbstring support
        if ($err==2) {
            $sError =
                "<p>You need to have PHP installed with the multibyte string function \n".
                "enabled (using configure option --enable-mbstring).</p>\n".
                "<p>System assumed that you accidently switched to Japanese translation \n".
                "and reverted your language preference to English.</p>\n".
                "<p>Please refresh this page in order to use webmail.</p>\n";
            error_box($sError);
        }

        $timeZone = getPref($data_dir, $username, 'timezone');

        /* Check to see if we are allowed to set the TZ environment variable.
         * We are able to do this if ...
         *   safe_mode is disabled OR
         *   safe_mode_allowed_env_vars is empty (you are allowed to set any) OR
         *   safe_mode_allowed_env_vars contains TZ
         */
        $tzChangeAllowed = (!ini_get('safe_mode')) ||
                            !strcmp(ini_get('safe_mode_allowed_env_vars'),'') ||
                            preg_match('/^([\w_]+,)*TZ/', ini_get('safe_mode_allowed_env_vars'));

        if ( $timeZone != SMPREF_NONE && ($timeZone != "")
            && $tzChangeAllowed ) {

            // get time zone key, if strict or custom strict timezones are used
            if (isset($time_zone_type) &&
                ($time_zone_type == 1 || $time_zone_type == 3)) {
                /* load time zone functions */
                require(SM_PATH . 'include/timezones.php');
                $realTimeZone = sq_get_tz_key($timeZone);
            } else {
                $realTimeZone = $timeZone;
            }

            // set time zone
            if ($realTimeZone) {
                putenv("TZ=".$realTimeZone);
            }
        }

        /**
         * php 5.1.0 added time zone functions. Set time zone with them in order
         * to prevent E_STRICT notices and allow time zone modifications in safe_mode.
         */
        if (function_exists('date_default_timezone_set')) {
            if ($timeZone != SMPREF_NONE && $timeZone != "") {
                date_default_timezone_set($timeZone);
            } else {
                // interface runs on server's time zone. Remove php E_STRICT complains
                $default_timezone = @date_default_timezone_get();
                date_default_timezone_set($default_timezone);        
            }
        }
        break;
}

/**
 * Initialize the template object
 */
require(SM_PATH . 'class/template/template.class.php');
/*
 * $sTplDir is not initialized when a user is not logged in, so we will use
 * the config file defaults here.  If the neccesary variables are net set,
 * force a default value.
 */
$aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet );
$templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default );

$sTplDir = ( !isset($aTemplateSet[$templateset_default]['PATH']) ?
             SM_PATH . 'templates/default/' :
             $aTemplateSet[$templateset_default]['PATH'] );
$oTemplate = new Template($sTplDir);

/**
 * Initialize our custom error handler object
 */
require(SM_PATH . 'class/error.class.php');
$oErrorHandler = new ErrorHandler($oTemplate,'error_message.tpl');

/**
 * Activate custom error handling
 */
if (version_compare(PHP_VERSION, "4.3.0", ">=")) {
    $oldErrorHandler = set_error_handler(array($oErrorHandler, 'SquirrelMailErrorhandler'));
} else {
    $oldErrorHandler = set_error_handler('SquirrelMailErrorhandler');
}

/**
 * Javascript support detection function
 * @param boolean $reset recheck javascript support if set to true.
 * @return integer SMPREF_JS_ON or SMPREF_JS_OFF ({@see include/constants.php})
 * @since 1.5.1
 */
function checkForJavascript($reset = FALSE) {
  global $data_dir, $username, $javascript_on, $javascript_setting;

  if ( !$reset && sqGetGlobalVar('javascript_on', $javascript_on, SQ_SESSION) )
    return $javascript_on;

  if ( $reset || !isset($javascript_setting) )
    $javascript_setting = getPref($data_dir, $username, 'javascript_setting', SMPREF_JS_AUTODETECT);

  if ( !sqGetGlobalVar('new_js_autodetect_results', $js_autodetect_results) &&
       !sqGetGlobalVar('js_autodetect_results', $js_autodetect_results) )
    $js_autodetect_results = SMPREF_JS_OFF;

  if ( $javascript_setting == SMPREF_JS_AUTODETECT )
    $javascript_on = $js_autodetect_results;
  else
    $javascript_on = $javascript_setting;

  sqsession_register($javascript_on, 'javascript_on');
  return $javascript_on;
}

function sqm_baseuri() {
    global $base_uri;
    return $base_uri;
}
Commit	Line	Data
202bcbcc	1	<?php
	2
	3	/**
	4	* init.php -- initialisation file
	5	*
	6	* File should be loaded in every file in src/ or plugins that occupate an entire frame
	7	*
	8	* @copyright © 2006 The SquirrelMail Project Team
	9	* @license http://opensource.org/licenses/gpl-license.php GNU Public License
	10	* @version $Id$
	11	* @package squirrelmail
	12	*/
	13
202bcbcc	14	/**
	15	* This is a development version so in order to track programmer mistakes we
	16	* set the error reporting to E_ALL
	17	*/
202bcbcc	18	error_reporting(E_ALL);
	19
	20
6a2a6e44	21	/**
	22	* If register_globals are on, unregister globals.
	23	* Code requires PHP 4.1.0 or newer.
a3b99374	24	* Second test covers boolean set as string (php_value register_globals off).
6a2a6e44	25	*/
826ddd72	26	if ((bool) @ini_get('register_globals') &&
a3b99374	27	strtolower(ini_get('register_globals'))!='off') {
6a2a6e44	28	/**
	29	* Remove all globals from $_GET, $_POST, and $_COOKIE.
	30	*/
	31	foreach ($_REQUEST as $key => $value) {
	32	unset($GLOBALS[$key]);
	33	}
	34	/**
	35	* Remove globalized $_FILES variables
	36	* Before 4.3.0 $_FILES are included in $_REQUEST.
	37	* Unglobalize them in separate call in order to remove dependency
	38	* on PHP version.
	39	*/
	40	foreach ($_FILES as $key => $value) {
	41	unset($GLOBALS[$key]);
	42	// there are three undocumented $_FILES globals.
	43	unset($GLOBALS[$key.'_type']);
	44	unset($GLOBALS[$key.'_name']);
	45	unset($GLOBALS[$key.'_size']);
	46	}
	47	/**
	48	* Remove globalized environment variables.
	49	*/
	50	foreach ($_ENV as $key => $value) {
	51	unset($GLOBALS[$key]);
	52	}
	53	/**
	54	* Remove globalized server variables.
	55	*/
	56	foreach ($_SERVER as $key => $value) {
	57	unset($GLOBALS[$key]);
	58	}
	59	}
	60
71efd1ed	61	/**
	62	* [#1518885] session.use_cookies = off breaks SquirrelMail
	63	*
	64	* When session cookies are not used, all http redirects, meta refreshes,
	65	* src/download.php and javascript URLs are broken. Setting must be set
	66	* before session is started.
	67	*/
	68	if (!(bool)ini_get('session.use_cookies') \|\|
	69	ini_get('session.use_cookies') == 'off') {
	70	ini_set('session.use_cookies','1');
	71	}
6a2a6e44	72
202bcbcc	73	/**
	74	* calculate SM_PATH and calculate the base_uri
	75	* assumptions made: init.php is only called from plugins or from the src dir.
	76	* files in the plugin directory may not be part of a subdirectory called "src"
	77	*
	78	*/
	79	if (isset($_SERVER['SCRIPT_NAME'])) {
	80	$a = explode('/',$_SERVER['SCRIPT_NAME']);
	81	} elseif (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) {
	82	$a = explode('/',$_SERVER['SCRIPT_NAME']);
	83	}
	84	$sSM_PATH = '';
	85	for($i = count($a) -2;$i > -1; --$i) {
	86	$sSM_PATH .= '../';
	87	if ($a[$i] === 'src' \|\| $a[$i] === 'plugins') {
	88	break;
	89	}
	90	}
	91
	92	$base_uri = implode('/',array_slice($a,0,$i)). '/';
	93
202bcbcc	94	define('SM_PATH',$sSM_PATH);
6a2a6e44	95	define('SM_BASE_URI', $base_uri);
202bcbcc	96	/**
	97	* global var $bInit is used to check if initialisation took place.
	98	* At this moment it's a workarounf for the include of addrbook_search_html
	99	* inside compose.php. If we found a better way then remove this. Do only use
	100	* this var if you know for sure a page can be called stand alone and be included
	101	* in another file.
	102	*/
	103	$bInit = true;
	104
8e1e2794	105	/**
	106	* This theme as a failsafe if no themes were found, or if we error
	107	* out before anything could be initialised.
	108	*/
	109	$color = array();
	110	$color[0] = '#DCDCDC'; /* light gray TitleBar */
	111	$color[1] = '#800000'; /* red */
	112	$color[2] = '#CC0000'; /* light red Warning/Error Messages */
	113	$color[3] = '#A0B8C8'; /* green-blue Left Bar Background */
	114	$color[4] = '#FFFFFF'; /* white Normal Background */
	115	$color[5] = '#FFFFCC'; /* light yellow Table Headers */
	116	$color[6] = '#000000'; /* black Text on left bar */
	117	$color[7] = '#0000CC'; /* blue Links */
	118	$color[8] = '#000000'; /* black Normal text */
	119	$color[9] = '#ABABAB'; /* mid-gray Darker version of #0 */
	120	$color[10] = '#666666'; /* dark gray Darker version of #9 */
	121	$color[11] = '#770000'; /* dark red Special Folders color */
	122	$color[12] = '#EDEDED';
	123	$color[13] = '#800000'; /* (dark red) Color for quoted text -- > 1 quote */
	124	$color[14] = '#ff0000'; /* (red) Color for quoted text -- >> 2 or more */
	125	$color[15] = '#002266'; /* (dark blue) Unselectable folders */
	126	$color[16] = '#ff9933'; /* (orange) Highlight color */
	127
202bcbcc	128	require(SM_PATH . 'functions/global.php');
	129	require(SM_PATH . 'config/config.php');
	130	require(SM_PATH . 'functions/plugin.php');
	131	require(SM_PATH . 'include/constants.php');
	132	require(SM_PATH . 'include/languages.php');
	133
	134	/**
	135	* If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
	136	* Force magic_quotes_runtime off.
	137	* tassium@squirrelmail.org - I put it here in the hopes that all SM code includes this.
	138	* If there's a better place, please let me know.
	139	*/
	140	ini_set('magic_quotes_runtime','0');
	141
	142
	143	/* if running with magic_quotes_gpc then strip the slashes
	144	from POST and GET global arrays */
	145	if (get_magic_quotes_gpc()) {
	146	sqstripslashes($_GET);
	147	sqstripslashes($_POST);
	148	}
	149
202bcbcc	150
	151	/* strip any tags added to the url from PHP_SELF.
	152	This fixes hand crafted url XXS expoits for any
	153	page that uses PHP_SELF as the FORM action */
	154	$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
	155
	156	$PHP_SELF = php_self();
	157
	158	/**
	159	* Initialize the session
	160	*/
	161
e8c4e350	162	/** set the name of the session cookie */
	163	if (!isset($session_name) \|\| !$session_name) {
	164	$session_name = 'SQMSESSID';
	165	}
	166
	167	/**
	168	* if session.auto_start is On then close the session
1d537493	169	*/
	170	$sSessionAutostartName = session_name();
	171	if ((isset($sSessionAutostartName) \|\| $sSessionAutostartName == '') &&
	172	$sSessionAutostartName !== $session_name) {
	173	$sCookiePath = ini_get('session.cookie_path');
	174	$sCookieDomain = ini_get('session.cookie_domain');
e8c4e350	175	// reset the cookie
1d537493	176	setcookie($sSessionAutostartName,'',time() - 604800,$sCookiePath,$sCookieDomain);
e8c4e350	177	@session_destroy();
e8c4e350	178	session_write_close();
1d537493	179	}
e8c4e350	180
202bcbcc	181	/**
	182	* includes from classes stored in the session
	183	*/
	184	require(SM_PATH . 'class/mime.class.php');
	185
202bcbcc	186	ini_set('session.name' , $session_name);
	187	session_set_cookie_params (0, $base_uri);
	188	sqsession_is_active();
	189
202bcbcc	190	/**
3464e1f4	191	* DISABLED.
202bcbcc	192	* Remove globalized session data in rg=on setups
3464e1f4	193	*
	194	* Code can be utilized when session is started, but data is not loaded.
	195	* We have already loaded configuration and other important vars. Can't
	196	* clean session globals here.
	197	if ((bool) @ini_get('register_globals') &&
	198	strtolower(ini_get('register_globals'))!='off') {
202bcbcc	199	foreach ($_SESSION as $key => $value) {
	200	unset($GLOBALS[$key]);
	201	}
	202	}
3464e1f4	203	*/
6a2a6e44	204
826ddd72	205	sqsession_register(SM_BASE_URI,'base_uri');
6a2a6e44	206
e8c4e350	207	/**
	208	* SquirrelMail version number -- DO NOT CHANGE
	209	*/
	210	$version = '1.5.2 [CVS]';
	211
1d537493	212	/**
	213	* SquirrelMail internal version number -- DO NOT CHANGE
	214	* $sm_internal_version = array (release, major, minor)
	215	*/
	216	$SQM_INTERNAL_VERSION = array(1,5,2);
	217
202bcbcc	218	/**
	219	* Retrieve the language cookie
	220	*/
	221	if (! sqgetGlobalVar('squirrelmail_language',$squirrelmail_language,SQ_COOKIE)) {
	222	$squirrelmail_language = '';
	223	}
	224
	225
	226	/**
	227	* @var $sInitlocation From where do we include.
	228	*/
	229	if (!isset($sInitLocation)) {
	230	$sInitLocation=NULL;
	231	}
	232
	233	/**
	234	* MAIN PLUGIN LOADING CODE HERE
	235	*/
	236
	237	/**
	238	* Include Compatibility plugin if available.
	239	*/
	240	if (file_exists(SM_PATH . 'plugins/compatibility/functions.php'))
	241	include_once(SM_PATH . 'plugins/compatibility/functions.php');
	242	$squirrelmail_plugin_hooks = array();
	243
	244	/* On init, register all plugins configured for use. */
	245	if (isset($plugins) && is_array($plugins)) {
	246	// turn on output buffering in order to prevent output of new lines
	247	ob_start();
	248	foreach ($plugins as $name) {
	249	use_plugin($name);
	250	}
	251	// get output and remove whitespace
	252	$output = trim(ob_get_contents());
	253	ob_end_clean();
	254	// if plugins output more than newlines and spacing, stop script execution.
	255	if (!empty($output)) {
	256	die($output);
	257	}
	258	}
	259
	260
	261	switch ($sInitLocation) {
	262	case 'style': session_write_close(); sqsetcookieflush(); break;
	263	case 'redirect':
4d2f7565	264	/**
826ddd72	265	* directory hashing functions are needed for all setups in case
4d2f7565	266	* plugins use own pref files.
	267	*/
	268	require(SM_PATH . 'functions/prefs.php');
	269	/* hook loads custom prefs backend plugins */
202bcbcc	270	$prefs_backend = do_hook_function('prefs_backend');
	271	if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) {
	272	require(SM_PATH . $prefs_backend);
	273	} elseif (isset($prefs_dsn) && !empty($prefs_dsn)) {
	274	require(SM_PATH . 'functions/db_prefs.php');
	275	} else {
202bcbcc	276	require(SM_PATH . 'functions/file_prefs.php');
	277	}
	278	//nobreak;
	279	case 'login':
	280	require(SM_PATH . 'functions/display_messages.php' );
	281	require(SM_PATH . 'functions/page_header.php');
	282	require(SM_PATH . 'functions/html.php');
1d537493	283	/**
	284	* cleanup old cookies with a cookie path the same as the standard php.ini
	285	* cookie path. All previous SquirrelMail version used the standard php.ini
	286	* cookie path for storing the session name. That behaviour changed.
	287	*/
	288	if ($sCookiePath !== SM_BASE_URI) {
	289	/**
	290	* do not delete the standard sessions with session.name is i.e. PHPSESSID
	291	* because they probably belong to other php apps
	292	*/
	293	if (ini_get('session.name') !== $sSessionAutostartName) {
	294	sqsetcookie(ini_get('session.name'),'',0,$sCookiePath);
	295	}
	296	}
202bcbcc	297	break;
	298	default:
	299	require(SM_PATH . 'functions/display_messages.php' );
	300	require(SM_PATH . 'functions/page_header.php');
	301	require(SM_PATH . 'functions/html.php');
	302	require(SM_PATH . 'functions/strings.php');
	303
	304
	305	/**
	306	* Check if we are logged in
	307	*/
	308	require(SM_PATH . 'functions/auth.php');
	309
	310	if ( !sqsession_is_registered('user_is_logged_in') ) {
	311	// First we store some information in the new session to prevent
	312	// information-loss.
	313	//
	314	$session_expired_post = $_POST;
	315	$session_expired_location = $PHP_SELF;
	316	if (!sqsession_is_registered('session_expired_post')) {
	317	sqsession_register($session_expired_post,'session_expired_post');
	318	}
	319	if (!sqsession_is_registered('session_expired_location')) {
	320	sqsession_register($session_expired_location,'session_expired_location');
	321	}
	322	// signout page will deal with users who aren't logged
	323	// in on its own; don't show error here
	324	//
	325	if (strpos($PHP_SELF, 'signout.php') !== FALSE) {
	326	return;
	327	}
	328
8efadc6b	329	/**
	330	* Initialize the template object (logout_error uses it)
	331	*/
	332	require(SM_PATH . 'class/template/template.class.php');
	333	/*
	334	* $sTplDir is not initialized when a user is not logged in, so we will use
	335	* the config file defaults here. If the neccesary variables are net set,
	336	* force a default value.
	337	*/
	338	$aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet );
	339	$templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default );
	340
	341	$sTplDir = ( !isset($aTemplateSet[$templateset_default]['PATH']) ?
	342	SM_PATH . 'templates/default/' :
	343	$aTemplateSet[$templateset_default]['PATH'] );
	344	$oTemplate = new Template($sTplDir);
	345
202bcbcc	346	set_up_language($squirrelmail_language, true);
	347	logout_error( _("You must be logged in to access this page.") );
	348	exit;
	349	}
	350
	351	sqgetGlobalVar('username',$username,SQ_SESSION);
	352
	353	/**
	354	* Setting the prefs backend
	355	*/
	356	sqgetGlobalVar('prefs_cache', $prefs_cache, SQ_SESSION );
	357	sqgetGlobalVar('prefs_are_cached', $prefs_are_cached, SQ_SESSION );
	358
	359	if ( !sqsession_is_registered('prefs_are_cached') \|\|
	360	!isset( $prefs_cache) \|\|
	361	!is_array( $prefs_cache)) {
	362	$prefs_are_cached = false;
	363	$prefs_cache = false; //array();
	364	}
	365
4d2f7565	366	/* see 'redirect' switch */
	367	require(SM_PATH . 'functions/prefs.php');
	368
202bcbcc	369	$prefs_backend = do_hook_function('prefs_backend');
	370	if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) {
	371	require(SM_PATH . $prefs_backend);
	372	} elseif (isset($prefs_dsn) && !empty($prefs_dsn)) {
	373	require(SM_PATH . 'functions/db_prefs.php');
	374	} else {
202bcbcc	375	require(SM_PATH . 'functions/file_prefs.php');
	376	}
	377
	378	/**
	379	* initializing user settings
	380	*/
	381	require(SM_PATH . 'include/load_prefs.php');
	382
	383
	384	// i do not understand the frames language cookie story
	385	/**
	386	* We'll need this to later have a noframes version
	387	*
	388	* Check if the user has a language preference, but no cookie.
	389	* Send him a cookie with his language preference, if there is
	390	* such discrepancy.
	391	*/
	392	$my_language = getPref($data_dir, $username, 'language');
	393	if ($my_language != $squirrelmail_language) {
	394	sqsetcookie('squirrelmail_language', $my_language, time()+2592000, $base_uri);
	395	}
	396	// /dont understand
	397
	398	/**
	399	* Set up the language.
	400	*/
	401	$err=set_up_language(getPref($data_dir, $username, 'language'));
	402	/* this is the last cookie we set so flush it. */
	403	sqsetcookieflush();
	404
	405	// Japanese translation used without mbstring support
	406	if ($err==2) {
	407	$sError =
	408	"<p>You need to have PHP installed with the multibyte string function \n".
	409	"enabled (using configure option --enable-mbstring).</p>\n".
	410	"<p>System assumed that you accidently switched to Japanese translation \n".
	411	"and reverted your language preference to English.</p>\n".
	412	"<p>Please refresh this page in order to use webmail.</p>\n";
	413	error_box($sError);
	414	}
	415
	416	$timeZone = getPref($data_dir, $username, 'timezone');
	417
	418	/* Check to see if we are allowed to set the TZ environment variable.
	419	* We are able to do this if ...
	420	* safe_mode is disabled OR
	421	* safe_mode_allowed_env_vars is empty (you are allowed to set any) OR
	422	* safe_mode_allowed_env_vars contains TZ
	423	*/
	424	$tzChangeAllowed = (!ini_get('safe_mode')) \|\|
	425	!strcmp(ini_get('safe_mode_allowed_env_vars'),'') \|\|
	426	preg_match('/^([\w_]+,)*TZ/', ini_get('safe_mode_allowed_env_vars'));
	427
	428	if ( $timeZone != SMPREF_NONE && ($timeZone != "")
	429	&& $tzChangeAllowed ) {
	430
	431	// get time zone key, if strict or custom strict timezones are used
	432	if (isset($time_zone_type) &&
	433	($time_zone_type == 1 \|\| $time_zone_type == 3)) {
	434	/* load time zone functions */
	435	require(SM_PATH . 'include/timezones.php');
	436	$realTimeZone = sq_get_tz_key($timeZone);
	437	} else {
	438	$realTimeZone = $timeZone;
439	}
440
441	// set time zone
442	if ($realTimeZone) {
443	putenv("TZ=".$realTimeZone);
444	}
445	}
867fed37	446
	447	/**
	448	* php 5.1.0 added time zone functions. Set time zone with them in order
	449	* to prevent E_STRICT notices and allow time zone modifications in safe_mode.
	450	*/
	451	if (function_exists('date_default_timezone_set')) {
	452	if ($timeZone != SMPREF_NONE && $timeZone != "") {
	453	date_default_timezone_set($timeZone);
	454	} else {
	455	// interface runs on server's time zone. Remove php E_STRICT complains
	456	$default_timezone = @date_default_timezone_get();
	457	date_default_timezone_set($default_timezone);
	458	}
	459	}
202bcbcc	460	break;
	461	}
	462
	463	/**
	464	* Initialize the template object
	465	*/
	466	require(SM_PATH . 'class/template/template.class.php');
	467	/*
	468	* $sTplDir is not initialized when a user is not logged in, so we will use
	469	* the config file defaults here. If the neccesary variables are net set,
	470	* force a default value.
	471	*/
	472	$aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet );
	473	$templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default );
	474
	475	$sTplDir = ( !isset($aTemplateSet[$templateset_default]['PATH']) ?
	476	SM_PATH . 'templates/default/' :
	477	$aTemplateSet[$templateset_default]['PATH'] );
	478	$oTemplate = new Template($sTplDir);
	479
	480	/**
	481	* Initialize our custom error handler object
	482	*/
	483	require(SM_PATH . 'class/error.class.php');
	484	$oErrorHandler = new ErrorHandler($oTemplate,'error_message.tpl');
	485
	486	/**
	487	* Activate custom error handling
	488	*/
	489	if (version_compare(PHP_VERSION, "4.3.0", ">=")) {
	490	$oldErrorHandler = set_error_handler(array($oErrorHandler, 'SquirrelMailErrorhandler'));
	491	} else {
	492	$oldErrorHandler = set_error_handler('SquirrelMailErrorhandler');
	493	}
	494
	495	/**
	496	* Javascript support detection function
	497	* @param boolean $reset recheck javascript support if set to true.
867fed37	498	* @return integer SMPREF_JS_ON or SMPREF_JS_OFF ({@see include/constants.php})
202bcbcc	499	* @since 1.5.1
202bcbcc	500	*/
202bcbcc	501	function checkForJavascript($reset = FALSE) {
	502	global $data_dir, $username, $javascript_on, $javascript_setting;
	503
	504	if ( !$reset && sqGetGlobalVar('javascript_on', $javascript_on, SQ_SESSION) )
	505	return $javascript_on;
	506
	507	if ( $reset \|\| !isset($javascript_setting) )
	508	$javascript_setting = getPref($data_dir, $username, 'javascript_setting', SMPREF_JS_AUTODETECT);
	509
	510	if ( !sqGetGlobalVar('new_js_autodetect_results', $js_autodetect_results) &&
	511	!sqGetGlobalVar('js_autodetect_results', $js_autodetect_results) )
	512	$js_autodetect_results = SMPREF_JS_OFF;
	513
	514	if ( $javascript_setting == SMPREF_JS_AUTODETECT )
	515	$javascript_on = $js_autodetect_results;
	516	else
	517	$javascript_on = $javascript_setting;
	518
	519	sqsession_register($javascript_on, 'javascript_on');
	520	return $javascript_on;
	521	}
	522
	523	function sqm_baseuri() {
	524	global $base_uri;
	525	return $base_uri;
8e1e2794	526	}