functions/global.php

   1 <?php
   2
   3 /**
   4  * global.php
   5  *
   6  * This includes code to update < 4.1.0 globals to the newer format
   7  * It also has some session register functions that work across various
   8  * php versions.
   9  *
  10  * @copyright &copy; 1999-2006 The SquirrelMail Project Team
  11  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  12  * @version $Id$
  13  * @package squirrelmail
  14  */
  15
  16 /**
  17  */
  18 define('SQ_INORDER',0);
  19 define('SQ_GET',1);
  20 define('SQ_POST',2);
  21 define('SQ_SESSION',3);
  22 define('SQ_COOKIE',4);
  23 define('SQ_SERVER',5);
  24 define('SQ_FORM',6);
  25
  26
  27 /**
  28  * returns true if current php version is at mimimum a.b.c
  29  *
  30  * Called: check_php_version(4,1)
  31  * @param int a major version number
  32  * @param int b minor version number
  33  * @param int c release number
  34  * @return bool
  35  */
  36 function check_php_version ($a = '0', $b = '0', $c = '0')
  37 {
  38     return version_compare ( PHP_VERSION, "$a.$b.$c", 'ge' );
  39 }
  40
  41 /**
  42  * returns true if the current internal SM version is at minimum a.b.c
  43  * These are plain integer comparisons, as our internal version is
  44  * constructed by us, as an array of 3 ints.
  45  *
  46  * Called: check_sm_version(1,3,3)
  47  * @param int a major version number
  48  * @param int b minor version number
  49  * @param int c release number
  50  * @return bool
  51  */
  52 function check_sm_version($a = 0, $b = 0, $c = 0)
  53 {
  54     global $SQM_INTERNAL_VERSION;
  55     if ( !isset($SQM_INTERNAL_VERSION) ||
  56          $SQM_INTERNAL_VERSION[0] < $a ||
  57          ( $SQM_INTERNAL_VERSION[0] == $a &&
  58            $SQM_INTERNAL_VERSION[1] < $b) ||
  59          ( $SQM_INTERNAL_VERSION[0] == $a &&
  60            $SQM_INTERNAL_VERSION[1] == $b &&
  61            $SQM_INTERNAL_VERSION[2] < $c ) ) {
  62         return FALSE;
  63     }
  64     return TRUE;
  65 }
  66
  67
  68 /**
  69  * Recursively strip slashes from the values of an array.
  70  * @param array array the array to strip, passed by reference
  71  * @return void
  72  */
  73 function sqstripslashes(&$array) {
  74     if(count($array) > 0) {
  75         foreach ($array as $index=>$value) {
  76             if (is_array($array[$index])) {
  77                 sqstripslashes($array[$index]);
  78             }
  79             else {
  80                 $array[$index] = stripslashes($value);
  81             }
  82         }
  83     }
  84 }
  85
  86 /**
  87  * Add a variable to the session.
  88  * @param mixed $var the variable to register
  89  * @param string $name the name to refer to this variable
  90  * @return void
  91  */
  92 function sqsession_register ($var, $name) {
  93
  94     sqsession_is_active();
  95
  96     $_SESSION["$name"] = $var;
  97
  98     session_register("$name");
  99 }
 100
 101 /**
 102  * Delete a variable from the session.
 103  * @param string $name the name of the var to delete
 104  * @return void
 105  */
 106 function sqsession_unregister ($name) {
 107
 108     sqsession_is_active();
 109
 110     unset($_SESSION[$name]);
 111
 112     session_unregister("$name");
 113 }
 114
 115 /**
 116  * Checks to see if a variable has already been registered
 117  * in the session.
 118  * @param string $name the name of the var to check
 119  * @return bool whether the var has been registered
 120  */
 121 function sqsession_is_registered ($name) {
 122     $test_name = &$name;
 123     $result = false;
 124
 125     if (isset($_SESSION[$test_name])) {
 126         $result = true;
 127     }
 128
 129     return $result;
 130 }
 131
 132 /**
 133  * Search for the var $name in $_SESSION, $_POST, $_GET, $_COOKIE, or $_SERVER
 134  * and set it in provided var.
 135  *
 136  * If $search is not provided, or if it is SQ_INORDER, it will search $_SESSION,
 137  * then $_POST, then $_GET. If $search is SQ_FORM it will search $_POST and
 138  * $_GET.  Otherwise, use one of the defined constants to look for a var in one
 139  * place specifically.
 140  *
 141  * Note: $search is an int value equal to one of the constants defined above.
 142  *
 143  * Example:
 144  * sqgetGlobalVar('username',$username,SQ_SESSION);
 145  * // No quotes around last param, it's a constant - not a string!
 146  *
 147  * @param string name the name of the var to search
 148  * @param mixed value the variable to return
 149  * @param int search constant defining where to look
 150  * @return bool whether variable is found.
 151  */
 152 function sqgetGlobalVar($name, &$value, $search = SQ_INORDER, $default = NULL, $typecast = false) {
 153
 154     $result = false;
 155
 156     switch ($search) {
 157         /* we want the default case to be first here,
 158            so that if a valid value isn't specified,
 159            all three arrays will be searched. */
 160       default:
 161       case SQ_INORDER: // check session, post, get
 162       case SQ_SESSION:
 163         if( isset($_SESSION[$name]) ) {
 164             $value = $_SESSION[$name];
 165             $result = TRUE;
 166             break;
 167         } elseif ( $search == SQ_SESSION ) {
 168             break;
 169         }
 170       case SQ_FORM:   // check post, get
 171       case SQ_POST:
 172         if( isset($_POST[$name]) ) {
 173             $value = $_POST[$name];
 174             $result = TRUE;
 175             break;
 176         } elseif ( $search == SQ_POST ) {
 177           break;
 178         }
 179       case SQ_GET:
 180         if ( isset($_GET[$name]) ) {
 181             $value = $_GET[$name];
 182             $result = TRUE;
 183             break;
 184         }
 185         /* NO IF HERE. FOR SQ_INORDER CASE, EXIT after GET */
 186         break;
 187       case SQ_COOKIE:
 188         if ( isset($_COOKIE[$name]) ) {
 189             $value = $_COOKIE[$name];
 190             $result = TRUE;
 191             break;
 192         }
 193         break;
 194       case SQ_SERVER:
 195         if ( isset($_SERVER[$name]) ) {
 196             $value = $_SERVER[$name];
 197             $result = TRUE;
 198             break;
 199         }
 200         break;
 201     }
 202     if ($result && $typecast) {
 203         switch ($typecast) {
 204             case 'int': $value = (int) $value; break;
 205             case 'bool': $value = (bool) $value; break;
 206             default: break;
 207         }
 208     } else if (!is_null($default)) {
 209         $value = $default;
 210     }
 211     return $result;
 212 }
 213
 214 /**
 215  * Deletes an existing session, more advanced than the standard PHP
 216  * session_destroy(), it explicitly deletes the cookies and global vars.
 217  */
 218 function sqsession_destroy() {
 219
 220     /*
 221      * php.net says we can kill the cookie by setting just the name:
 222      * http://www.php.net/manual/en/function.setcookie.php
 223      * maybe this will help fix the session merging again.
 224      *
 225      * Changed the theory on this to kill the cookies first starting
 226      * a new session will provide a new session for all instances of
 227      * the browser, we don't want that, as that is what is causing the
 228      * merging of sessions.
 229      */
 230
 231     global $base_uri;
 232
 233     if (isset($_COOKIE[session_name()])) sqsetcookie(session_name(), '', 0, $base_uri);
 234     if (isset($_COOKIE['username'])) sqsetcookie('username','',0,$base_uri);
 235     if (isset($_COOKIE['key'])) sqsetcookie('key','',0,$base_uri);
 236
 237     $sessid = session_id();
 238     if (!empty( $sessid )) {
 239         $_SESSION = array();
 240         @session_destroy();
 241     }
 242 }
 243
 244 /**
 245  * Function to verify a session has been started.  If it hasn't
 246  * start a session up.  php.net doesn't tell you that $_SESSION
 247  * (even though autoglobal), is not created unless a session is
 248  * started, unlike $_POST, $_GET and such
 249  */
 250 function sqsession_is_active() {
 251     $sessid = session_id();
 252     if ( empty( $sessid ) ) {
 253         sqsession_start();
 254     }
 255 }
 256
 257 /**
 258  * Function to start the session and store the cookie with the session_id as
 259  * HttpOnly cookie which means that the cookie isn't accessible by javascript
 260  * (IE6 only)
 261  */
 262 function sqsession_start() {
 263     global $base_uri;
 264
 265     session_start();
 266     $session_id = session_id();
 267
 268     // session_starts sets the sessionid cookie buth without the httponly var
 269     // setting the cookie again sets the httponly cookie attribute
 270
 271     // disable, @see sqsetcookie and php 5.1.2
 272     // sqsetcookie(session_name(),session_id(),false,$base_uri);
 273 }
 274
 275
 276 /**
 277  * Set a cookie
 278  * @param string  $sName     The name of the cookie.
 279  * @param string  $sValue    The value of the cookie.
 280  * @param int     $iExpire   The time the cookie expires. This is a Unix timestamp so is in number of seconds since the epoch.
 281  * @param string  $sPath     The path on the server in which the cookie will be available on.
 282  * @param string  $sDomain   The domain that the cookie is available.
 283  * @param boolean $bSecure   Indicates that the cookie should only be transmitted over a secure HTTPS connection.
 284  * @param boolean $bHttpOnly Disallow JS to access the cookie (IE6 only)
 285  * @return void
 286  */
 287 function sqsetcookie($sName,$sValue,$iExpire=false,$sPath="",$sDomain="",$bSecure=false,$bHttpOnly=true,$bFlush=false) {
 288     static $sCookieCache;
 289     if (!isset($sCache)) {
 290         $sCache = '';
 291     }
 292     /**
 293      * We have to send all cookies with one header call otherwise we loose cookies.
 294      * In order to achieve that the sqsetcookieflush function calls this function with $bFlush = true.
 295      * If that happens we send the cookie header.
 296      */
 297     if ($bFlush) {
 298         // header($sCookieCache);
 299         return;
 300     }
 301     if (!$sName) return;
 302
 303     // php 5.1.2 and 4.4.2 do not allow to send multiple headers at once.
 304     // Because that's the only way to get this thing working we fallback to
 305     // setcookie until we solved this
 306     if ($iExpire===false) $iExpire = 0;
 307     setcookie($sName, $sValue, $iExpire, $sPath);
 308     return;
 309
 310     $sHeader = "Set-Cookie: $sName=$sValue";
 311     if ($sPath) {
 312         $sHeader .= "; path=$sPath";
 313     }
 314     if ($iExpire !== false) {
 315         $sHeader .= "; Max-Age=$iExpire";
 316         // php uses Expire header, also add the expire header
 317         $sHeader .= "; expires=". gmdate('D, d-M-Y H:i:s T',$iExpire);
 318     }
 319     if ($sDomain) {
 320         $sHeader .= "; Domain=$sDomain";
 321     }
 322     // TODO: IE for Mac (5.2) thinks that semicolon is part of cookie domain
 323     if ($bSecure) {
 324         $sHeader .= "; Secure";
 325     }
 326     if ($bHttpOnly) {
 327         $sHeader .= "; HttpOnly";
 328     }
 329     // $sHeader .= "; Version=1";
 330     $sCookieCache .= $sHeader ."\r\n";
 331     //header($sHeader."\r\n");
 332 }
 333
 334 /**
 335  * Send the cookie header
 336  *
 337  * Cookies set with sqsetcookie will bet set after a sqsetcookieflush call.
 338  * @return void
 339  */
 340 function sqsetcookieflush() {
 341     sqsetcookie('','','','','','','',true);
 342 }
 343
 344 /**
 345  * session_regenerate_id replacement for PHP < 4.3.2
 346  *
 347  * This code is borrowed from Gallery, session.php version 1.53.2.1
 348  */
 349 if (!function_exists('session_regenerate_id')) {
 350     function make_seed() {
 351         list($usec, $sec) = explode(' ', microtime());
 352         return (float)$sec + ((float)$usec * 100000);
 353     }
 354
 355     function php_combined_lcg() {
 356         mt_srand(make_seed());
 357         $tv = gettimeofday();
 358         $lcg['s1'] = $tv['sec'] ^ (~$tv['usec']);
 359         $lcg['s2'] = mt_rand();
 360         $q = (int) ($lcg['s1'] / 53668);
 361         $lcg['s1'] = (int) (40014 * ($lcg['s1'] - 53668 * $q) - 12211 * $q);
 362         if ($lcg['s1'] < 0) {
 363             $lcg['s1'] += 2147483563;
 364         }
 365         $q = (int) ($lcg['s2'] / 52774);
 366         $lcg['s2'] = (int) (40692 * ($lcg['s2'] - 52774 * $q) - 3791 * $q);
 367         if ($lcg['s2'] < 0) {
 368             $lcg['s2'] += 2147483399;
 369         }
 370         $z = (int) ($lcg['s1'] - $lcg['s2']);
 371         if ($z < 1) {
 372             $z += 2147483562;
 373         }
 374         return $z * 4.656613e-10;
 375     }
 376
 377     function session_regenerate_id() {
 378         global $base_uri;
 379         $tv = gettimeofday();
 380         sqgetGlobalVar('REMOTE_ADDR',$remote_addr,SQ_SERVER);
 381         $buf = sprintf("%.15s%ld%ld%0.8f", $remote_addr, $tv['sec'], $tv['usec'], php_combined_lcg() * 10);
 382         session_id(md5($buf));
 383         if (ini_get('session.use_cookies')) {
 384             // at a later stage we use sqsetcookie. At this point just do
 385             // what session_regenerate_id would do
 386             setcookie(session_name(), session_id(), NULL, $base_uri);
 387         }
 388         return TRUE;
 389     }
 390 }
 391
 392
 393 /**
 394  * php_self
 395  *
 396  * Creates an URL for the page calling this function, using either the PHP global
 397  * REQUEST_URI, or the PHP global PHP_SELF with QUERY_STRING added. Before 1.5.1
 398  * function was stored in function/strings.php.
 399  *
 400  * @return string the complete url for this page
 401  * @since 1.2.3
 402  */
 403 function php_self () {
 404     if ( sqgetGlobalVar('REQUEST_URI', $req_uri, SQ_SERVER) && !empty($req_uri) ) {
 405       return $req_uri;
 406     }
 407
 408     if ( sqgetGlobalVar('PHP_SELF', $php_self, SQ_SERVER) && !empty($php_self) ) {
 409
 410       // need to add query string to end of PHP_SELF to match REQUEST_URI
 411       //
 412       if ( sqgetGlobalVar('QUERY_STRING', $query_string, SQ_SERVER) && !empty($query_string) ) {
 413          $php_self .= '?' . $query_string;
 414       }
 415
 416       return $php_self;
 417     }
 418
 419     return '';
 420 }