[squirrelmail.git] / src / squirrelmail_rpc.php

<?php

/**
  * squirrelmail_rpc.php
  *
  * This file contains the entry point to the "SquirrelMail API" -- the 
  * remote procedure call request receiver.
  *
  * RPC requests are currently understood as simple HTTP GET or POST
  * requests.  The SquirrelMail default_rpc template set responds in a
  * SOAP (currently v1.2) compliant manner, but this interface does not
  * (yet?) understand SOAP requests.  The format of responses can be
  * changed by creating a different RPC template set and pointing to it
  * with $rpc_templateset in the main SquirrelMail configuration file.
  * 
  * @copyright 1999-2013 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
  * @since 1.5.2
  *
  */

/** This is the squirrelmail_rpc page */
define('PAGE_NAME', 'squirrelmail_rpc');

//FIXME: If we decide to route ALL requests, even normal page
//       requests through this file, need to change page requests
//       to something like this
//http://example.org/squirrelmail/src/squirrelmail_rpc.php?page=read_body&passed_id=47633...
//       This file would then add ".php" to the "page" variable
//       and pass the request on to that page by simply require()ing
//       that page and exiting.
//       Does this present problems, security or otherwise?  What
//       problems are created by the fact that the page request
//       is always the same thing (some parts of the code and some
//       plugins switch functionality based on $PHP_SELF and other
//       $_SERVER variables that look for specific page names -- those
//       can be fixed by looking at the "page" GET argument, but what
//       other issues are created)?  What about plugins?  How would
//       they work in this scheme?  Would they be a lot more difficult 
//       to develop?
//NOTE:  It is not entirely clear if doing the above is even desirable.
//       Initial conversations on the squirrelmail-devel list were 
//       inconclusive.  On one hand, doing so would give us one master
//       file that handles any and all incoming requests, no matter 
//       where they came from or what format/type they are.  On the
//       other, keeping page requests out of this file keeps this file
//       lean and specific to one technology: our RPC interface.


/**
 * Include the SquirrelMail initialization file.
 */
//FIXME: init.php assumes it is being called by a browser, so some error 
//       conditions are handled by immediately calling error_box() or 
//       otherwise trying to push something to the browser, which should 
//       be avoided at all costs.  This is also pervasive in the whole 
//       core and must be cleaned up entirely before this can be a very
//       functional RPC interface
require('../include/init.php');


//FIXME: do we need to put this list somewhere else?
//FIXME: do we want to use constants instead?  probably not a bad idea, although plugins probably won't, so we still want to try to keep track of the plugin error codes too if possible (new plugin website should help)
/**
  * Known core error codes:
  *
  * 1    - No RPC action was given in request (please use "rpc_action")
  * 2    - RPC action was not understood (perhaps a needed plugin is
  *        not installed and activated?)
  *
  * Known plugin error codes:
  *
  * 500  - Empty Folders plugin empty_folders_purge_trash action failed
  * 501  - Empty Folders plugin empty_folders_purge_all action failed
  * 502  - Empty Folders plugin empty_folders_delete_all action failed
  * 503  - Mark Read plugin mark_read_read_all action failed
  * 504  - Mark Read plugin mark_read_unread_all action failed
  *
  */


/**
  * Get RPC Action (can be in either GET or POST)
  *
  */
if (!sqGetGlobalVar('rpc_action', $rpc_action, SQ_FORM)) {
    sm_rpc_return_error('', 1, _("No RPC action given"), 'client', 400, 'Bad Request');
}


/**
  * No matter what our response is, the headers
  * will not change.
  *
  */
$oTemplate->header('Content-Type: text/xml');
$oTemplate->header('Content-Type: application/xml'); // required by IE
$oTemplate->header('Pragma: no-cache');
$oTemplate->header('Cache-Control: no-cache, no-store, must-revalidate, max-age=0');
$oTemplate->header('Expires: Sat, 1 Jan 2000 00:00:00 GMT');
//TODO: is this needed? $oTemplate->header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . 'GMT');


/**
  * Allow plugins to add their own RPC action
  * or modify behavior of SM core RPC actions...
  *
  * A plugin that handles a custom RPC action must
  * return TRUE to the hook so that it knows that
  * the action was handled and was not an unknown
  * action.  If the action was not handled, the plugin
  * should return FALSE to the hook.
  *
  * Developer note: the $rpc_action parameter is passed 
  * in an array in case we can think of more parameters 
  * to add in the future.
  *
  * Known users of this hook:
  *    empty_folders
  *    mark_read
  *
  */
$temp = array(&$rpc_action);
$handled_by_plugin = boolean_hook_function('squirrelmail_rpc', $temp, 1);


/**
  * Go take care of each RPC action (unless plugin already did)
  *
  */
if (!$handled_by_plugin) switch (strtolower($rpc_action)) {

    /**
      * Delete Messages
      *
      */
    case 'delete_messages':

        require_once(SM_PATH . 'functions/mailbox_display.php');
        require_once(SM_PATH . 'functions/imap.php');

        if (!sqGetGlobalVar('delete_ids', $delete_ids, SQ_FORM)) {
            sm_rpc_return_error($rpc_action, 99, _("No deletion ID given"), 'client', 400, 'Bad Request');
        }
        $delete_ids = explode(',', $delete_ids);
        if (!sqGetGlobalVar('mailbox', $mailbox, SQ_FORM)) {
            sm_rpc_return_error($rpc_action, 99, _("No mailbox given"), 'client', 400, 'Bad Request');
        }
        if (sqGetGlobalVar('startMessage', $startMessage, SQ_INORDER, 1)) {
            $startMessage = (int) $startMessage;
        }
        sqGetGlobalVar('what', $what, SQ_FORM, 0);
        if (sqGetGlobalVar('account', $iAccount,  SQ_GET, 0)) {
            $iAccount = (int) $iAccount;
        }
//FIXME: need to grab the bypass trash variable here too!  probably other vars...

/* FIXME: --- The following code was just experimental/proof-of-concept; the rest 
              of the implementation of this functionality still needs to be done "for real"
        $oImapMessage = new IMAP_Message(0, $mailbox, $startMessage, $what, $iAccount);
        foreach ($delete_ids as $id) {
            $oImapMessage->setUid($id);
            //FIXME: establish constants for $hide values (the 3 below indicates not to show errors, but to return any error string)
            $result = $oImapMessage->deleteMessage(3);
            if ($result !== TRUE) {
                sm_rpc_return_error($rpc_action, 99, $result, 'server', 500, 'Server Error');
            }
        }
--- */

        sm_rpc_return_success();
        //FIXME: Just for testing the line above can be changed to something like this:
        //sm_rpc_return_success($rpc_action, 0, 'Hooray!  Message(s) deleted.  Refresh your message list and make sure.');
        break;


    /**
      * Default: error out
      *
      */
    default:
        sm_rpc_return_error($rpc_action, 2, _("RPC action not understood"), 'client', 400, 'Bad Request');
        break;

}


/**
  * Returns an error message to the RPC caller and exits
  *
  * NOTE that this function exits and will never return
  *
  * @param string $rpc_action   The RPC action that is being handled
  *                             (OPTIONAL; default attempt to grab from GET/POST)
  * @param int    $error_code   The (application-level) error code for the current
  *                             error condition
  * @param string $error_text   Any error message associated with the error
  *                             condition (OPTIONAL; default empty string)
  * @param string $guilty_party A string indicating the party who caused the
  *                             error: either "client" or "server" (OPTIONAL;
  *                             default unspecified)
  * @param int    $http_status_code When non-zero, this value will be sent to
  *                                 the browser in the HTTP headers as the request
  *                                 status code (OPTIONAL; default not used)
  * @param string $http_status_text A string naming the HTTP status, usually the
  *                                 title of the corresponding status code as
  *                                 found on:
  *                                 http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  *                                 (OPTIONAL; default not used; $http_status_code
  *                                 must also be provided).
  *
  */
function sm_rpc_return_error($rpc_action=NULL, $error_code,
                             $error_text='', $guilty_party='',
                             $http_status_code=0, $http_status_text='') {

    global $oTemplate;

    if (is_null($rpc_action)) sqGetGlobalVar('rpc_action', $rpc_action, SQ_FORM);

    if ($http_status_code) {
       $oTemplate->header('HTTP/1.1 ' . $http_status_code . ' ' . $http_status_text);
       $oTemplate->header('Status: ' . $http_status_code . ' ' . $http_status_text);
    }

    $oTemplate->assign('rpc_action',   $rpc_action);
    $oTemplate->assign('error_code',   $error_code);
    $oTemplate->assign('error_text',   $error_text);
    $oTemplate->assign('guilty_party', $guilty_party);

    $oTemplate->display('rpc_response_error.tpl');

    exit;

}


/**
  * Returns a standard success result to the RPC caller and exits
  *
  * NOTE that this function exits and will never return
  *
  * @param string $rpc_action  The RPC action that is being handled
  *                            (OPTIONAL; default attempt to grab from GET/POST)
  * @param int    $result_code The result code (OPTIONAL; default 0)
  * @param string $result_text Any result message (OPTIONAL; default 
  *                            empty string)
  *
  */
function sm_rpc_return_success($rpc_action=NULL, $result_code=0, $result_text='') {

    if (is_null($rpc_action)) sqGetGlobalVar('rpc_action', $rpc_action, SQ_FORM);

    global $oTemplate;
    $oTemplate->assign('rpc_action', $rpc_action);
    $oTemplate->assign('result_code', $result_code);
    $oTemplate->assign('result_text', $result_text);

    $oTemplate->display('rpc_response_success.tpl');

    exit;

}
Commit	Line	Data
482956f2	1	<?php
	2
	3	/**
85ae8774	4	* squirrelmail_rpc.php
482956f2	5	*
	6	* This file contains the entry point to the "SquirrelMail API" -- the
	7	* remote procedure call request receiver.
5083f41e	8	*
	9	* RPC requests are currently understood as simple HTTP GET or POST
	10	* requests. The SquirrelMail default_rpc template set responds in a
	11	* SOAP (currently v1.2) compliant manner, but this interface does not
	12	* (yet?) understand SOAP requests. The format of responses can be
	13	* changed by creating a different RPC template set and pointing to it
	14	* with $rpc_templateset in the main SquirrelMail configuration file.
482956f2	15	*
79ba18dc	16	* @copyright 1999-2013 The SquirrelMail Project Team
482956f2	17	* @license http://opensource.org/licenses/gpl-license.php GNU Public License
	18	* @version $Id$
	19	* @package squirrelmail
	20	* @since 1.5.2
	21	*
	22	*/
ebd2391c	23
ebd2391c	24	/** This is the squirrelmail_rpc page */
85ae8774	25	define('PAGE_NAME', 'squirrelmail_rpc');
ebd2391c	26
482956f2	27	//FIXME: If we decide to route ALL requests, even normal page
	28	// requests through this file, need to change page requests
	29	// to something like this
85ae8774	30	//http://example.org/squirrelmail/src/squirrelmail_rpc.php?page=read_body&passed_id=47633...
482956f2	31	// This file would then add ".php" to the "page" variable
	32	// and pass the request on to that page by simply require()ing
	33	// that page and exiting.
	34	// Does this present problems, security or otherwise? What
	35	// problems are created by the fact that the page request
	36	// is always the same thing (some parts of the code and some
	37	// plugins switch functionality based on $PHP_SELF and other
	38	// $_SERVER variables that look for specific page names -- those
	39	// can be fixed by looking at the "page" GET argument, but what
	40	// other issues are created)? What about plugins? How would
	41	// they work in this scheme? Would they be a lot more difficult
	42	// to develop?
	43	//NOTE: It is not entirely clear if doing the above is even desirable.
	44	// Initial conversations on the squirrelmail-devel list were
	45	// inconclusive. On one hand, doing so would give us one master
	46	// file that handles any and all incoming requests, no matter
	47	// where they came from or what format/type they are. On the
	48	// other, keeping page requests out of this file keeps this file
	49	// lean and specific to one technology: our RPC interface.
	50
	51
	52	/**
	53	* Include the SquirrelMail initialization file.
	54	*/
	55	//FIXME: init.php assumes it is being called by a browser, so some error
	56	// conditions are handled by immediately calling error_box() or
	57	// otherwise trying to push something to the browser, which should
	58	// be avoided at all costs. This is also pervasive in the whole
	59	// core and must be cleaned up entirely before this can be a very
	60	// functional RPC interface
	61	require('../include/init.php');
	62
	63
	64
a49f857e	65	//FIXME: do we need to put this list somewhere else?
	66	//FIXME: do we want to use constants instead? probably not a bad idea, although plugins probably won't, so we still want to try to keep track of the plugin error codes too if possible (new plugin website should help)
	67	/**
	68	* Known core error codes:
	69	*
	70	* 1 - No RPC action was given in request (please use "rpc_action")
	71	* 2 - RPC action was not understood (perhaps a needed plugin is
	72	* not installed and activated?)
	73	*
	74	* Known plugin error codes:
	75	*
cd60d608	76	* 500 - Empty Folders plugin empty_folders_purge_trash action failed
	77	* 501 - Empty Folders plugin empty_folders_purge_all action failed
	78	* 502 - Empty Folders plugin empty_folders_delete_all action failed
5ca6518a	79	* 503 - Mark Read plugin mark_read_read_all action failed
5ca6518a	80	* 504 - Mark Read plugin mark_read_unread_all action failed
a49f857e	81	*
	82	*/
	83
	84
	85
482956f2	86	/**
	87	* Get RPC Action (can be in either GET or POST)
	88	*
	89	*/
	90	if (!sqGetGlobalVar('rpc_action', $rpc_action, SQ_FORM)) {
5083f41e	91	sm_rpc_return_error('', 1, _("No RPC action given"), 'client', 400, 'Bad Request');
482956f2	92	}
	93
	94
	95
	96	/**
	97	* No matter what our response is, the headers
	98	* will not change.
	99	*
	100	*/
	101	$oTemplate->header('Content-Type: text/xml');
	102	$oTemplate->header('Content-Type: application/xml'); // required by IE
03478654	103	$oTemplate->header('Pragma: no-cache');
	104	$oTemplate->header('Cache-Control: no-cache, no-store, must-revalidate, max-age=0');
	105	$oTemplate->header('Expires: Sat, 1 Jan 2000 00:00:00 GMT');
	106	//TODO: is this needed? $oTemplate->header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . 'GMT');
482956f2	107
	108
	109
	110	/**
	111	* Allow plugins to add their own RPC action
	112	* or modify behavior of SM core RPC actions...
	113	*
	114	* A plugin that handles a custom RPC action must
	115	* return TRUE to the hook so that it knows that
	116	* the action was handled and was not an unknown
	117	* action. If the action was not handled, the plugin
	118	* should return FALSE to the hook.
	119	*
	120	* Developer note: the $rpc_action parameter is passed
	121	* in an array in case we can think of more parameters
	122	* to add in the future.
	123	*
a49f857e	124	* Known users of this hook:
a49f857e	125	* empty_folders
5ca6518a	126	* mark_read
a49f857e	127	*
482956f2	128	*/
beb1a2f1	129	$temp = array(&$rpc_action);
beb1a2f1	130	$handled_by_plugin = boolean_hook_function('squirrelmail_rpc', $temp, 1);
482956f2	131
	132
	133
	134	/**
	135	* Go take care of each RPC action (unless plugin already did)
	136	*
	137	*/
	138	if (!$handled_by_plugin) switch (strtolower($rpc_action)) {
	139
	140	/**
	141	* Delete Messages
	142	*
	143	*/
	144	case 'delete_messages':
	145
	146	require_once(SM_PATH . 'functions/mailbox_display.php');
	147	require_once(SM_PATH . 'functions/imap.php');
	148
	149	if (!sqGetGlobalVar('delete_ids', $delete_ids, SQ_FORM)) {
5083f41e	150	sm_rpc_return_error($rpc_action, 99, _("No deletion ID given"), 'client', 400, 'Bad Request');
482956f2	151	}
	152	$delete_ids = explode(',', $delete_ids);
	153	if (!sqGetGlobalVar('mailbox', $mailbox, SQ_FORM)) {
5083f41e	154	sm_rpc_return_error($rpc_action, 99, _("No mailbox given"), 'client', 400, 'Bad Request');
482956f2	155	}
	156	if (sqGetGlobalVar('startMessage', $startMessage, SQ_INORDER, 1)) {
	157	$startMessage = (int) $startMessage;
	158	}
	159	sqGetGlobalVar('what', $what, SQ_FORM, 0);
	160	if (sqGetGlobalVar('account', $iAccount, SQ_GET, 0)) {
	161	$iAccount = (int) $iAccount;
	162	}
	163	//FIXME: need to grab the bypass trash variable here too! probably other vars...
	164
	165	/* FIXME: --- The following code was just experimental/proof-of-concept; the rest
	166	of the implementation of this functionality still needs to be done "for real"
	167	$oImapMessage = new IMAP_Message(0, $mailbox, $startMessage, $what, $iAccount);
	168	foreach ($delete_ids as $id) {
	169	$oImapMessage->setUid($id);
	170	//FIXME: establish constants for $hide values (the 3 below indicates not to show errors, but to return any error string)
	171	$result = $oImapMessage->deleteMessage(3);
	172	if ($result !== TRUE) {
5083f41e	173	sm_rpc_return_error($rpc_action, 99, $result, 'server', 500, 'Server Error');
482956f2	174	}
	175	}
	176	--- */
	177
	178	sm_rpc_return_success();
	179	//FIXME: Just for testing the line above can be changed to something like this:
5083f41e	180	//sm_rpc_return_success($rpc_action, 0, 'Hooray! Message(s) deleted. Refresh your message list and make sure.');
482956f2	181	break;
	182
	183
	184	/**
	185	* Default: error out
	186	*
	187	*/
	188	default:
5083f41e	189	sm_rpc_return_error($rpc_action, 2, _("RPC action not understood"), 'client', 400, 'Bad Request');
482956f2	190	break;
	191
	192	}
	193
	194
	195
	196	/**
	197	* Returns an error message to the RPC caller and exits
	198	*
	199	* NOTE that this function exits and will never return
	200	*
5083f41e	201	* @param string $rpc_action The RPC action that is being handled
	202	* (OPTIONAL; default attempt to grab from GET/POST)
	203	* @param int $error_code The (application-level) error code for the current
	204	* error condition
	205	* @param string $error_text Any error message associated with the error
	206	* condition (OPTIONAL; default empty string)
	207	* @param string $guilty_party A string indicating the party who caused the
	208	* error: either "client" or "server" (OPTIONAL;
	209	* default unspecified)
	210	* @param int $http_status_code When non-zero, this value will be sent to
	211	* the browser in the HTTP headers as the request
	212	* status code (OPTIONAL; default not used)
	213	* @param string $http_status_text A string naming the HTTP status, usually the
	214	* title of the corresponding status code as
	215	* found on:
	216	* http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
	217	* (OPTIONAL; default not used; $http_status_code
	218	* must also be provided).
482956f2	219	*
482956f2	220	*/
5083f41e	221	function sm_rpc_return_error($rpc_action=NULL, $error_code,
	222	$error_text='', $guilty_party='',
	223	$http_status_code=0, $http_status_text='') {
482956f2	224
482956f2	225	global $oTemplate;
5083f41e	226
	227	if (is_null($rpc_action)) sqGetGlobalVar('rpc_action', $rpc_action, SQ_FORM);
	228
	229	if ($http_status_code) {
	230	$oTemplate->header('HTTP/1.1 ' . $http_status_code . ' ' . $http_status_text);
	231	$oTemplate->header('Status: ' . $http_status_code . ' ' . $http_status_text);
	232	}
	233
	234	$oTemplate->assign('rpc_action', $rpc_action);
	235	$oTemplate->assign('error_code', $error_code);
	236	$oTemplate->assign('error_text', $error_text);
	237	$oTemplate->assign('guilty_party', $guilty_party);
482956f2	238
	239	$oTemplate->display('rpc_response_error.tpl');
	240
	241	exit;
	242
	243	}
	244
	245
	246
	247	/**
	248	* Returns a standard success result to the RPC caller and exits
	249	*
	250	* NOTE that this function exits and will never return
	251	*
5083f41e	252	* @param string $rpc_action The RPC action that is being handled
5083f41e	253	* (OPTIONAL; default attempt to grab from GET/POST)
482956f2	254	* @param int $result_code The result code (OPTIONAL; default 0)
	255	* @param string $result_text Any result message (OPTIONAL; default
	256	* empty string)
	257	*
	258	*/
5083f41e	259	function sm_rpc_return_success($rpc_action=NULL, $result_code=0, $result_text='') {
	260
	261	if (is_null($rpc_action)) sqGetGlobalVar('rpc_action', $rpc_action, SQ_FORM);
482956f2	262
482956f2	263	global $oTemplate;
5083f41e	264	$oTemplate->assign('rpc_action', $rpc_action);
482956f2	265	$oTemplate->assign('result_code', $result_code);
	266	$oTemplate->assign('result_text', $result_text);
	267
	268	$oTemplate->display('rpc_response_success.tpl');
	269
	270	exit;
	271
	272	}
	273
	274
	275