src/login.php

   1 <?php
   2
   3 /**
   4  * login.php -- simple login screen
   5  *
   6  * This a simple login screen. Some housekeeping is done to clean
   7  * cookies and find language.
   8  *
   9  * @copyright &copy; 1999-2006 The SquirrelMail Project Team
  10  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  11  * @version $Id$
  12  * @package squirrelmail
  13  */
  14
  15 // reduces the files included in init.php
  16 $sInitLocation = 'login';
  17
  18 /**
  19  * Include the SquirrelMail initialization file.
  20  */
  21 require('../include/init.php');
  22
  23
  24 /* SquirrelMail required files. */
  25 require_once(SM_PATH . 'functions/imap_general.php');
  26 require_once(SM_PATH . 'functions/forms.php');
  27
  28 /**
  29  * $squirrelmail_language is set by a cookie when the user selects
  30  * language and logs out
  31  */
  32 set_up_language($squirrelmail_language, TRUE, TRUE);
  33
  34 /**
  35  * In case the last session was not terminated properly, make sure
  36  * we get a new one, but make sure we preserve session_expired_*
  37  */
  38 /**
  39  * PHP bug. http://bugs.php.net/11643 (warning, spammed bug tracker) and
  40  * http://bugs.php.net/13834
  41  * SID constant is not destroyed in PHP 4.1.2, 4.2.3 and maybe other
  42  * versions. Produces warning on login page. Bug should be fixed only in 4.3.0
  43  */
  44 if ( !empty($_SESSION['session_expired_post']) && !empty($_SESSION['session_expired_location']) ) {
  45     $sep = $_SESSION['session_expired_post'];
  46     $sel = $_SESSION['session_expired_location'];
  47
  48     sqsession_destroy();
  49
  50     sqsession_is_active();
  51     $_SESSION=array();
  52     sqsession_register($sep, 'session_expired_post');
  53     sqsession_register($sel, 'session_expired_location');
  54 } else {
  55     sqsession_destroy();
  56     @sqsession_is_active();
  57     $_SESSION=array();
  58 }
  59
  60 /**
  61  * This detects if the IMAP server has logins disabled, and if so,
  62  * squelches the display of the login form and puts up a message
  63  * explaining the situation.
  64  */
  65 if($imap_auth_mech == 'login') {
  66     /**
  67      * detect disabled login, only when imapServerAddress contains
  68      * server address and not mapping. See sqimap_get_user_server()
  69      */
  70     if (substr($imapServerAddress, 0, 4) != "map:") {
  71         $imap = sqimap_create_stream($imapServerAddress, $imapPort, $use_imap_tls);
  72         $logindisabled = sqimap_capability($imap,'LOGINDISABLED');
  73         sqimap_logout($imap);
  74         if ($logindisabled) {
  75             $string = _("The IMAP server is reporting that plain text logins are disabled.").'<br />'.
  76                 _("Using CRAM-MD5 or DIGEST-MD5 authentication instead may work.").'<br />';
  77             if (!$use_imap_tls) {
  78                 $string .= _("Also, the use of TLS may allow SquirrelMail to login.").'<br />';
  79             }
  80             $string .= _("Please contact your system administrator and report this error.");
  81             error_box($string);
  82             // display footer (closes html tags) and stop script execution
  83             $oTemplate->display('footer.tpl');
  84             exit;
  85         }
  86     }
  87 }
  88
  89 do_hook('login_cookie');
  90
  91 $loginname_value = (sqGetGlobalVar('loginname', $loginname) ? htmlspecialchars($loginname) : '');
  92
  93 /* Output the javascript onload function. */
  94 $header = "<script type=\"text/javascript\">\n" .
  95           "<!--\n".
  96           "  function squirrelmail_loginpage_onload() {\n".
  97           "    var textElements = 0;\n".
  98           "    for (i = 0; i < document.forms[0].elements.length; i++) {\n".
  99           "      if (document.forms[0].elements[i].type == \"text\" || document.forms[0].elements[i].type == \"password\") {\n".
 100           "        textElements++;\n".
 101           "        if (textElements == " . (isset($loginname) ? 2 : 1) . ") {\n".
 102           "          document.forms[0].elements[i].focus();\n".
 103           "          break;\n".
 104           "        }\n".
 105           "      }\n".
 106           "    }\n".
 107           "  }\n".
 108           "// -->\n".
 109           "</script>\n";
 110
 111 if (@file_exists($theme[$theme_default]['PATH']))
 112    @include ($theme[$theme_default]['PATH']);
 113
 114 if (! isset($color) || ! is_array($color)) {
 115     // Add default color theme, if theme loading fails
 116     $color = array();
 117     $color[0]  = '#dcdcdc';  /* light gray    TitleBar               */
 118     $color[1]  = '#800000';  /* red                                  */
 119     $color[2]  = '#cc0000';  /* light red     Warning/Error Messages */
 120     $color[4]  = '#ffffff';  /* white         Normal Background      */
 121     $color[7]  = '#0000cc';  /* blue          Links                  */
 122     $color[8]  = '#000000';  /* black         Normal text            */
 123 }
 124 /**
 125  * send out all the cookies
 126  */
 127 sqsetcookieflush();
 128
 129 displayHtmlHeader( "$org_name - " . _("Login"), $header, FALSE );
 130
 131
 132 /* If they don't have a logo, don't bother.. */
 133 $logo_str = '';
 134 if (isset($org_logo) && $org_logo) {
 135     /* Display width and height like good little people */
 136     $width_and_height = '';
 137     if (isset($org_logo_width) && is_numeric($org_logo_width) &&
 138      $org_logo_width>0) {
 139         $width_and_height = "width=\"$org_logo_width\" ";
 140     }
 141     if (isset($org_logo_height) && is_numeric($org_logo_height) &&
 142      $org_logo_height>0) {
 143         $width_and_height .= "height=\"$org_logo_height\" ";
 144     }
 145
 146     $logo_str = '<img src="'.$org_logo.'" ' .
 147                 'alt="'. sprintf(_("%s Logo"), $org_name).'" ' .
 148                 $width_and_height .
 149                 'class="sqm_loginImage" /><br />'."\n";
 150 }
 151
 152 $sm_attribute_str = '';
 153 if (isset($hide_sm_attributions) && !$hide_sm_attributions) {
 154     $sm_attribute_str = _("SquirrelMail Webmail Application")."<br />\n" .
 155                         _("By the SquirrelMail Project Team")."<br />\n";
 156 }
 157
 158 $username_form_name = 'login_username';
 159 $password_form_name = 'secretkey';
 160
 161 if(sqgetGlobalVar('mailto', $mailto)) {
 162     $rcptaddress = addHidden('mailto', $mailto);
 163 } else {
 164     $rcptaddress = '';
 165 }
 166
 167 $password_field = addPwField($password_form_name);
 168 $login_extra = addHidden('js_autodetect_results', SMPREF_JS_OFF).
 169                $rcptaddress .
 170                addHidden('just_logged_in', '1') .
 171                concat_hook_function('login_form');
 172
 173 session_write_close();
 174
 175 $oTemplate->assign('logo_str', $logo_str);
 176 $oTemplate->assign('sm_attribute_str', $sm_attribute_str);
 177 $oTemplate->assign('org_name_str', sprintf (_("%s Login"), $org_name));
 178 $oTemplate->assign('login_field_value', $loginname_value);
 179 $oTemplate->assign('login_extra', $login_extra);
 180
 181 echo '<body onLoad="squirrelmail_loginpage_onload()" style="text-align:center">'."\n";
 182 echo '<form action="redirect.php" method="post" onSubmit="document.forms[0].js_autodetect_results.value='. SMPREF_JS_ON .'">'."\n";
 183 do_hook('login_top');
 184
 185 $oTemplate->display('login.tpl');
 186
 187 echo "</form>\n";
 188 do_hook('login_bottom');
 189
 190 // Turn off delayed error handling to make sure all errors are dumped.
 191 #$oErrorHandler->delayedErrors(false);
 192
 193 #trigger_error('login');
 194 $oTemplate->display('footer.tpl');
 195 ?>