loading default configuration before config.php in order to make sure
[squirrelmail.git] / src / redirect.php
CommitLineData
7392739d 1<?php
895905c0 2
35586184 3/**
4b4abf93 4 * Prevents users from reposting their form data after a successful logout.
5 *
6 * Derived from webmail.php by Ralf Kraudelt <kraude@wiwi.uni-rostock.de>
7 *
47ccfad4 8 * @copyright &copy; 1999-2006 The SquirrelMail Project Team
4b4abf93 9 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
10 * @version $Id$
11 * @package squirrelmail
12 */
202bcbcc 13$sInitLocation = 'redirect';
35586184 14
30967a1e 15/**
202bcbcc 16 * Include the SquirrelMail initialization file.
30967a1e 17 */
202bcbcc 18require('../include/init.php');
86725763 19
20/* SquirrelMail required files. */
202bcbcc 21require_once(SM_PATH . 'functions/imap_general.php');
86725763 22require_once(SM_PATH . 'functions/strings.php');
5c3b0995 23
24header('Pragma: no-cache');
25$location = get_location();
26
202bcbcc 27// session_set_cookie_params (0, $base_uri);
5c3b0995 28
ad839713 29sqsession_unregister ('user_is_logged_in');
30sqsession_register ($base_uri, 'base_uri');
5c3b0995 31
a32985a5 32/* get globals we me need */
5250f7e7 33sqGetGlobalVar('login_username', $login_username);
34sqGetGlobalVar('secretkey', $secretkey);
5250f7e7 35if(!sqGetGlobalVar('squirrelmail_language', $squirrelmail_language) || $squirrelmail_language == '') {
134e4174 36 $squirrelmail_language = $squirrelmail_default_language;
a32985a5 37}
c67e4479 38if (!sqgetGlobalVar('mailto', $mailto)) {
39 $mailto = '';
40}
5250f7e7 41
a32985a5 42/* end of get globals */
43
5c3b0995 44set_up_language($squirrelmail_language, true);
45/* Refresh the language cookie. */
3a1de9f1 46sqsetcookie('squirrelmail_language', $squirrelmail_language, time()+2592000,
85b454a0 47 $base_uri);
5c3b0995 48
49if (!isset($login_username)) {
91e0dccc 50 logout_error( _("You must be logged in to access this page.") );
5c3b0995 51 exit;
52}
53
d7c82551 54if (!sqsession_is_registered('user_is_logged_in')) {
5c3b0995 55 do_hook ('login_before');
56
57 $onetimepad = OneTimePadCreate(strlen($secretkey));
58 $key = OneTimePadEncrypt($secretkey, $onetimepad);
5c3b0995 59
fd1b516b 60 /* remove redundant spaces */
61 $login_username = trim($login_username);
62
5c3b0995 63 /* Verify that username and password are correct. */
64 if ($force_username_lowercase) {
65 $login_username = strtolower($login_username);
23d6bd09 66 }
67
5c3b0995 68 $imapConnection = sqimap_login($login_username, $key, $imapServerAddress, $imapPort, 0);
202bcbcc 69 /* From now on we are logged it. If the login failed then sqimap_login handles it */
70
71 /* regenerate the session id to avoid session hyijacking */
72 sqsession_destroy();
73 sqsession_is_active();
74 session_regenerate_id();
75 /**
76 * The cookie part. session_start and session_regenerate_session normally set
77 * their own cookie. SquirrelMail sets another cookie which overwites the
78 * php cookies. The sqsetcookie function sets the cookie by using the header
79 * function which gives us full control how the cookie is set. We do that
80 * to add the HttpOnly cookie attribute which blocks javascript access on
81 * IE6 SP1.
82 * sqsetcookieflush is needed to send out the headers. sqsetcookie caches
83 * the cookies to be send. If we don't do that we only can send 1 single cookie
84 * which is not sufficient.
85 */
86 sqsetcookie(session_name(),session_id(),false,$base_uri);
87 sqsetcookie('key', $key, false, $base_uri);
88 sqsetcookieflush();
89
90 sqsession_register($onetimepad, 'onetimepad');
44925ab0 91
92 $sqimap_capabilities = sqimap_capability($imapConnection);
f027a882 93
94 /* Server side sorting control */
95 if (isset($sqimap_capabilities['SORT']) && $sqimap_capabilities['SORT'] == true &&
96 isset($disable_server_sort) && $disable_server_sort) {
97 unset($sqimap_capabilities['SORT']);
98 }
99
100 /* Thread sort control */
101 if (isset($sqimap_capabilities['THREAD']) && $sqimap_capabilities['THREAD'] == true &&
102 isset($disable_thread_sort) && $disable_thread_sort) {
103 unset($sqimap_capabilities['THREAD']);
104 }
105
44925ab0 106 sqsession_register($sqimap_capabilities, 'sqimap_capabilities');
107 $delimiter = sqimap_get_delimiter ($imapConnection);
108
5c3b0995 109 sqimap_logout($imapConnection);
a32985a5 110 sqsession_register($delimiter, 'delimiter');
111
5c3b0995 112 $username = $login_username;
ad839713 113 sqsession_register ($username, 'username');
5c3b0995 114 do_hook ('login_verified');
5c3b0995 115}
116
117/* Set the login variables. */
118$user_is_logged_in = true;
119$just_logged_in = true;
120
121/* And register with them with the session. */
a32985a5 122sqsession_register ($user_is_logged_in, 'user_is_logged_in');
123sqsession_register ($just_logged_in, 'just_logged_in');
5c3b0995 124
125/* parse the accepted content-types of the client */
126$attachment_common_types = array();
127$attachment_common_types_parsed = array();
a32985a5 128sqsession_register($attachment_common_types, 'attachment_common_types');
129sqsession_register($attachment_common_types_parsed, 'attachment_common_types_parsed');
5c3b0995 130
131$debug = false;
a32985a5 132
1e12d1ff 133if ( sqgetGlobalVar('HTTP_ACCEPT', $http_accept, SQ_SERVER) &&
134 !isset($attachment_common_types_parsed[$http_accept]) ) {
135 attachment_common_parse($http_accept, $debug);
9be8198d 136}
5c3b0995 137
138/* Complete autodetection of Javascript. */
1a531551 139checkForJavascript();
5c3b0995 140
141/* Compute the URL to forward the user to. */
d7746ca5 142$redirect_url = $location . '/webmail.php';
cab6eaea 143
144if ( sqgetGlobalVar('session_expired_location', $session_expired_location, SQ_SESSION) ) {
145 sqsession_unregister('session_expired_location');
146 $compose_new_win = getPref($data_dir, $username, 'compose_new_win', 0);
147 if ($compose_new_win) {
d7746ca5 148 // do not prefix $location here because $session_expired_location is set to PHP_SELF
149 // of the last page
cab6eaea 150 $redirect_url = $session_expired_location;
151 } elseif ( strpos($session_expired_location, 'webmail.php') === FALSE ) {
d7746ca5 152 $redirect_url = $location.'/webmail.php?right_frame='.urldecode($session_expired_location);
8e54a58b 153 }
cab6eaea 154 unset($session_expired_location);
155}
202bcbcc 156
c67e4479 157if($mailto != '') {
d7746ca5 158 $redirect_url = $location . '/webmail.php?right_frame=compose.php&mailto=';
3e56c08d 159 $redirect_url .= urlencode($mailto);
c67e4479 160}
177dde45 161
7bde5272 162/* Write session data and send them off to the appropriate page. */
163session_write_close();
5c3b0995 164header("Location: $redirect_url");
202bcbcc 165exit;
7baf86a9 166
cab99c3a 167/* --------------------- end main ----------------------- */
168
169function attachment_common_parse($str, $debug) {
170 global $attachment_common_types, $attachment_common_types_parsed;
171
172 $attachment_common_types_parsed[$str] = true;
91e0dccc 173
174 /*
175 * Replace ", " with "," and explode on that as Mozilla 1.x seems to
20511953 176 * use "," to seperate whilst IE, and earlier versions of Mozilla use
177 * ", " to seperate
178 */
91e0dccc 179
20511953 180 $str = str_replace( ', ' , ',' , $str );
6c817138 181 $types = explode(',', $str);
cab99c3a 182
183 foreach ($types as $val) {
184 // Ignore the ";q=1.0" stuff
185 if (strpos($val, ';') !== false)
186 $val = substr($val, 0, strpos($val, ';'));
187
188 if (! isset($attachment_common_types[$val])) {
189 $attachment_common_types[$val] = true;
190 }
191 }
39c7209f 192 sqsession_register($attachment_common_types, 'attachment_common_types');
cab99c3a 193}