Handle session.auto_start case and move down squirrelmail version string
[squirrelmail.git] / include / init.php
CommitLineData
202bcbcc 1<?php
2
3/**
4 * init.php -- initialisation file
5 *
6 * File should be loaded in every file in src/ or plugins that occupate an entire frame
7 *
8 * @copyright &copy; 2006 The SquirrelMail Project Team
9 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
10 * @version $Id$
11 * @package squirrelmail
12 */
13
202bcbcc 14
e8c4e350 15
16
202bcbcc 17
18/**
19 * SquirrelMail internal version number -- DO NOT CHANGE
20 * $sm_internal_version = array (release, major, minor)
21 */
22
23$SQM_INTERNAL_VERSION = array(1,5,2);
24
25/**
26 * This is a development version so in order to track programmer mistakes we
27 * set the error reporting to E_ALL
28 */
29
30error_reporting(E_ALL);
31
32
33/**
6a2a6e44 34 * If register_globals are on, unregister globals.
35 * Code requires PHP 4.1.0 or newer.
36 */
e8c4e350 37
6a2a6e44 38if ((bool) @ini_get('register_globals')) {
39 /**
40 * Remove all globals from $_GET, $_POST, and $_COOKIE.
41 */
42 foreach ($_REQUEST as $key => $value) {
43 unset($GLOBALS[$key]);
44 }
45 /**
46 * Remove globalized $_FILES variables
47 * Before 4.3.0 $_FILES are included in $_REQUEST.
48 * Unglobalize them in separate call in order to remove dependency
49 * on PHP version.
50 */
51 foreach ($_FILES as $key => $value) {
52 unset($GLOBALS[$key]);
53 // there are three undocumented $_FILES globals.
54 unset($GLOBALS[$key.'_type']);
55 unset($GLOBALS[$key.'_name']);
56 unset($GLOBALS[$key.'_size']);
57 }
58 /**
59 * Remove globalized environment variables.
60 */
61 foreach ($_ENV as $key => $value) {
62 unset($GLOBALS[$key]);
63 }
64 /**
65 * Remove globalized server variables.
66 */
67 foreach ($_SERVER as $key => $value) {
68 unset($GLOBALS[$key]);
69 }
70}
71
72
73/**
202bcbcc 74 * calculate SM_PATH and calculate the base_uri
75 * assumptions made: init.php is only called from plugins or from the src dir.
76 * files in the plugin directory may not be part of a subdirectory called "src"
77 *
78 */
79if (isset($_SERVER['SCRIPT_NAME'])) {
80 $a = explode('/',$_SERVER['SCRIPT_NAME']);
81} elseif (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) {
82 $a = explode('/',$_SERVER['SCRIPT_NAME']);
83}
84$sSM_PATH = '';
85for($i = count($a) -2;$i > -1; --$i) {
86 $sSM_PATH .= '../';
87 if ($a[$i] === 'src' || $a[$i] === 'plugins') {
88 break;
89 }
90}
91
92$base_uri = implode('/',array_slice($a,0,$i)). '/';
93
202bcbcc 94define('SM_PATH',$sSM_PATH);
6a2a6e44 95define('SM_BASE_URI', $base_uri);
202bcbcc 96/**
97 * global var $bInit is used to check if initialisation took place.
98 * At this moment it's a workarounf for the include of addrbook_search_html
99 * inside compose.php. If we found a better way then remove this. Do only use
100 * this var if you know for sure a page can be called stand alone and be included
101 * in another file.
102 */
103$bInit = true;
104
105require(SM_PATH . 'functions/global.php');
106require(SM_PATH . 'config/config.php');
107require(SM_PATH . 'functions/plugin.php');
108require(SM_PATH . 'include/constants.php');
109require(SM_PATH . 'include/languages.php');
110
111/**
112 * If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
113 * Force magic_quotes_runtime off.
114 * tassium@squirrelmail.org - I put it here in the hopes that all SM code includes this.
115 * If there's a better place, please let me know.
116 */
117ini_set('magic_quotes_runtime','0');
118
119
120/* if running with magic_quotes_gpc then strip the slashes
121 from POST and GET global arrays */
122if (get_magic_quotes_gpc()) {
123 sqstripslashes($_GET);
124 sqstripslashes($_POST);
125}
126
202bcbcc 127
128/* strip any tags added to the url from PHP_SELF.
129This fixes hand crafted url XXS expoits for any
130 page that uses PHP_SELF as the FORM action */
131$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
132
133$PHP_SELF = php_self();
134
135/**
136 * Initialize the session
137 */
138
e8c4e350 139/** set the name of the session cookie */
140if (!isset($session_name) || !$session_name) {
141 $session_name = 'SQMSESSID';
142}
143
144/**
145 * if session.auto_start is On then close the session
146 */
147$session_autostart_name = session_name();
148if ((isset($session_autostart_name) || $session_autostart_name == '') &&
149 $session_autostart_name !== $session_name) {
150 $cookiepath = ini_get('session.cookie_path');
151 $cookiedomain = ini_get('session.cookie_domain');
152 // reset the cookie
153 setcookie($session_autostart_name,'',time() - 604800,$cookiepath,$cookiedomain);
154 @session_destroy();
155 session_write_close();
156}
157
202bcbcc 158/**
159 * includes from classes stored in the session
160 */
161require(SM_PATH . 'class/mime.class.php');
162
202bcbcc 163ini_set('session.name' , $session_name);
164session_set_cookie_params (0, $base_uri);
165sqsession_is_active();
166
202bcbcc 167/**
168 * Remove globalized session data in rg=on setups
169 */
170if ((bool) @ini_get('register_globals')) {
171 foreach ($_SESSION as $key => $value) {
172 unset($GLOBALS[$key]);
173 }
174}
6a2a6e44 175
176sqsession_register($base_uri, SM_BASE_URI);
177
202bcbcc 178/**
e8c4e350 179 * SquirrelMail version number -- DO NOT CHANGE
180 */
181$version = '1.5.2 [CVS]';
182
183/**
202bcbcc 184 * Retrieve the language cookie
185 */
186if (! sqgetGlobalVar('squirrelmail_language',$squirrelmail_language,SQ_COOKIE)) {
187 $squirrelmail_language = '';
188}
189
190
191/**
192 * @var $sInitlocation From where do we include.
193 */
194if (!isset($sInitLocation)) {
195 $sInitLocation=NULL;
196}
197
198/**
199 * MAIN PLUGIN LOADING CODE HERE
200 */
201
202/**
203 * Include Compatibility plugin if available.
204 */
205if (file_exists(SM_PATH . 'plugins/compatibility/functions.php'))
206 include_once(SM_PATH . 'plugins/compatibility/functions.php');
207$squirrelmail_plugin_hooks = array();
208
209/* On init, register all plugins configured for use. */
210if (isset($plugins) && is_array($plugins)) {
211 // turn on output buffering in order to prevent output of new lines
212 ob_start();
213 foreach ($plugins as $name) {
214 use_plugin($name);
215 }
216 // get output and remove whitespace
217 $output = trim(ob_get_contents());
218 ob_end_clean();
219 // if plugins output more than newlines and spacing, stop script execution.
220 if (!empty($output)) {
221 die($output);
222 }
223}
224
225
226switch ($sInitLocation) {
227 case 'style': session_write_close(); sqsetcookieflush(); break;
228 case 'redirect':
229 $prefs_backend = do_hook_function('prefs_backend');
230 if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) {
231 require(SM_PATH . $prefs_backend);
232 } elseif (isset($prefs_dsn) && !empty($prefs_dsn)) {
233 require(SM_PATH . 'functions/db_prefs.php');
234 } else {
235 require(SM_PATH . 'functions/prefs.php');
236 require(SM_PATH . 'functions/file_prefs.php');
237 }
238 //nobreak;
239 case 'login':
240 require(SM_PATH . 'functions/display_messages.php' );
241 require(SM_PATH . 'functions/page_header.php');
242 require(SM_PATH . 'functions/html.php');
243 break;
244 default:
245 require(SM_PATH . 'functions/display_messages.php' );
246 require(SM_PATH . 'functions/page_header.php');
247 require(SM_PATH . 'functions/html.php');
248 require(SM_PATH . 'functions/strings.php');
249
250
251 /**
252 * Check if we are logged in
253 */
254 require(SM_PATH . 'functions/auth.php');
255
256 if ( !sqsession_is_registered('user_is_logged_in') ) {
257 // First we store some information in the new session to prevent
258 // information-loss.
259 //
260 $session_expired_post = $_POST;
261 $session_expired_location = $PHP_SELF;
262 if (!sqsession_is_registered('session_expired_post')) {
263 sqsession_register($session_expired_post,'session_expired_post');
264 }
265 if (!sqsession_is_registered('session_expired_location')) {
266 sqsession_register($session_expired_location,'session_expired_location');
267 }
268 // signout page will deal with users who aren't logged
269 // in on its own; don't show error here
270 //
271 if (strpos($PHP_SELF, 'signout.php') !== FALSE) {
272 return;
273 }
274
275 set_up_language($squirrelmail_language, true);
276 logout_error( _("You must be logged in to access this page.") );
277 exit;
278 }
279
280 sqgetGlobalVar('username',$username,SQ_SESSION);
281
282 /**
283 * Setting the prefs backend
284 */
285 sqgetGlobalVar('prefs_cache', $prefs_cache, SQ_SESSION );
286 sqgetGlobalVar('prefs_are_cached', $prefs_are_cached, SQ_SESSION );
287
288 if ( !sqsession_is_registered('prefs_are_cached') ||
289 !isset( $prefs_cache) ||
290 !is_array( $prefs_cache)) {
291 $prefs_are_cached = false;
292 $prefs_cache = false; //array();
293 }
294
295 $prefs_backend = do_hook_function('prefs_backend');
296 if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) {
297 require(SM_PATH . $prefs_backend);
298 } elseif (isset($prefs_dsn) && !empty($prefs_dsn)) {
299 require(SM_PATH . 'functions/db_prefs.php');
300 } else {
301 require(SM_PATH . 'functions/prefs.php');
302 require(SM_PATH . 'functions/file_prefs.php');
303 }
304
305 /**
306 * initializing user settings
307 */
308 require(SM_PATH . 'include/load_prefs.php');
309
310
311// i do not understand the frames language cookie story
312 /**
313 * We'll need this to later have a noframes version
314 *
315 * Check if the user has a language preference, but no cookie.
316 * Send him a cookie with his language preference, if there is
317 * such discrepancy.
318 */
319 $my_language = getPref($data_dir, $username, 'language');
320 if ($my_language != $squirrelmail_language) {
321 sqsetcookie('squirrelmail_language', $my_language, time()+2592000, $base_uri);
322 }
323// /dont understand
324
325 /**
326 * Set up the language.
327 */
328 $err=set_up_language(getPref($data_dir, $username, 'language'));
329 /* this is the last cookie we set so flush it. */
330 sqsetcookieflush();
331
332 // Japanese translation used without mbstring support
333 if ($err==2) {
334 $sError =
335 "<p>You need to have PHP installed with the multibyte string function \n".
336 "enabled (using configure option --enable-mbstring).</p>\n".
337 "<p>System assumed that you accidently switched to Japanese translation \n".
338 "and reverted your language preference to English.</p>\n".
339 "<p>Please refresh this page in order to use webmail.</p>\n";
340 error_box($sError);
341 }
342
343 $timeZone = getPref($data_dir, $username, 'timezone');
344
345 /* Check to see if we are allowed to set the TZ environment variable.
346 * We are able to do this if ...
347 * safe_mode is disabled OR
348 * safe_mode_allowed_env_vars is empty (you are allowed to set any) OR
349 * safe_mode_allowed_env_vars contains TZ
350 */
351 $tzChangeAllowed = (!ini_get('safe_mode')) ||
352 !strcmp(ini_get('safe_mode_allowed_env_vars'),'') ||
353 preg_match('/^([\w_]+,)*TZ/', ini_get('safe_mode_allowed_env_vars'));
354
355 if ( $timeZone != SMPREF_NONE && ($timeZone != "")
356 && $tzChangeAllowed ) {
357
358 // get time zone key, if strict or custom strict timezones are used
359 if (isset($time_zone_type) &&
360 ($time_zone_type == 1 || $time_zone_type == 3)) {
361 /* load time zone functions */
362 require(SM_PATH . 'include/timezones.php');
363 $realTimeZone = sq_get_tz_key($timeZone);
364 } else {
365 $realTimeZone = $timeZone;
366 }
367
368 // set time zone
369 if ($realTimeZone) {
370 putenv("TZ=".$realTimeZone);
371 }
372 }
373 break;
374}
375
376/**
377 * Initialize the template object
378 */
379require(SM_PATH . 'class/template/template.class.php');
380/*
381 * $sTplDir is not initialized when a user is not logged in, so we will use
382 * the config file defaults here. If the neccesary variables are net set,
383 * force a default value.
384 */
385$aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet );
386$templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default );
387
388$sTplDir = ( !isset($aTemplateSet[$templateset_default]['PATH']) ?
389 SM_PATH . 'templates/default/' :
390 $aTemplateSet[$templateset_default]['PATH'] );
391$oTemplate = new Template($sTplDir);
392
393/**
394 * Initialize our custom error handler object
395 */
396require(SM_PATH . 'class/error.class.php');
397$oErrorHandler = new ErrorHandler($oTemplate,'error_message.tpl');
398
399/**
400 * Activate custom error handling
401 */
402if (version_compare(PHP_VERSION, "4.3.0", ">=")) {
403 $oldErrorHandler = set_error_handler(array($oErrorHandler, 'SquirrelMailErrorhandler'));
404} else {
405 $oldErrorHandler = set_error_handler('SquirrelMailErrorhandler');
406}
407
408/**
409 * Javascript support detection function
410 * @param boolean $reset recheck javascript support if set to true.
411 * @return integer SMPREF_JS_ON or SMPREF_JS_OFF ({@see functions/constants.php})
412 * @since 1.5.1
413 */
414
415function checkForJavascript($reset = FALSE) {
416 global $data_dir, $username, $javascript_on, $javascript_setting;
417
418 if ( !$reset && sqGetGlobalVar('javascript_on', $javascript_on, SQ_SESSION) )
419 return $javascript_on;
420
421 if ( $reset || !isset($javascript_setting) )
422 $javascript_setting = getPref($data_dir, $username, 'javascript_setting', SMPREF_JS_AUTODETECT);
423
424 if ( !sqGetGlobalVar('new_js_autodetect_results', $js_autodetect_results) &&
425 !sqGetGlobalVar('js_autodetect_results', $js_autodetect_results) )
426 $js_autodetect_results = SMPREF_JS_OFF;
427
428 if ( $javascript_setting == SMPREF_JS_AUTODETECT )
429 $javascript_on = $js_autodetect_results;
430 else
431 $javascript_on = $javascript_setting;
432
433 sqsession_register($javascript_on, 'javascript_on');
434 return $javascript_on;
435}
436
437function sqm_baseuri() {
438 global $base_uri;
439 return $base_uri;
440}