add PAGE_NAME constant to every page under src/.
[squirrelmail.git] / src / redirect.php
1 <?php
2
3 /**
4 * Prevents users from reposting their form data after a successful logout.
5 *
6 * Derived from webmail.php by Ralf Kraudelt <kraude@wiwi.uni-rostock.de>
7 *
8 * @copyright &copy; 1999-2007 The SquirrelMail Project Team
9 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
10 * @version $Id$
11 * @package squirrelmail
12 */
13 $sInitLocation = 'redirect';
14
15 /** This is the redirect page */
16 define('PAGE_NAME', 'redirect');
17
18 /**
19 * Include the SquirrelMail initialization file.
20 */
21 require('../include/init.php');
22
23 /* SquirrelMail required files. */
24 require_once(SM_PATH . 'functions/imap_general.php');
25 require_once(SM_PATH . 'functions/strings.php');
26
27 header('Pragma: no-cache');
28 $location = get_location();
29
30 // session_set_cookie_params (0, $base_uri);
31
32 sqsession_unregister ('user_is_logged_in');
33 sqsession_register ($base_uri, 'base_uri');
34
35 /* get globals we me need */
36 sqGetGlobalVar('login_username', $login_username);
37 sqGetGlobalVar('secretkey', $secretkey);
38 if(!sqGetGlobalVar('squirrelmail_language', $squirrelmail_language) || $squirrelmail_language == '') {
39 $squirrelmail_language = $squirrelmail_default_language;
40 }
41 if (!sqgetGlobalVar('mailtodata', $mailtodata)) {
42 $mailtodata = '';
43 }
44
45 /* end of get globals */
46
47 set_up_language($squirrelmail_language, true);
48 /* Refresh the language cookie. */
49 sqsetcookie('squirrelmail_language', $squirrelmail_language, time()+2592000,
50 $base_uri);
51
52 if (!isset($login_username)) {
53 logout_error( _("You must be logged in to access this page.") );
54 exit;
55 }
56
57 if (!sqsession_is_registered('user_is_logged_in')) {
58 do_hook('login_before', $null);
59
60 $onetimepad = OneTimePadCreate(strlen($secretkey));
61 $key = OneTimePadEncrypt($secretkey, $onetimepad);
62
63 /* remove redundant spaces */
64 $login_username = trim($login_username);
65
66 /* Verify that username and password are correct. */
67 if ($force_username_lowercase) {
68 $login_username = strtolower($login_username);
69 }
70
71 $imapConnection = sqimap_login($login_username, $key, $imapServerAddress, $imapPort, 0);
72 /* From now on we are logged it. If the login failed then sqimap_login handles it */
73
74 /* regenerate the session id to avoid session hyijacking */
75 sqsession_destroy();
76 @sqsession_is_active();
77 session_regenerate_id();
78 /**
79 * The cookie part. session_start and session_regenerate_session normally set
80 * their own cookie. SquirrelMail sets another cookie which overwites the
81 * php cookies. The sqsetcookie function sets the cookie by using the header
82 * function which gives us full control how the cookie is set. We do that
83 * to add the HttpOnly cookie attribute which blocks javascript access on
84 * IE6 SP1.
85 */
86 sqsetcookie(session_name(),session_id(),false,$base_uri);
87 sqsetcookie('key', $key, false, $base_uri);
88
89 sqsession_register($onetimepad, 'onetimepad');
90
91 $sqimap_capabilities = sqimap_capability($imapConnection);
92
93 /* Server side sorting control */
94 if (isset($sqimap_capabilities['SORT']) && $sqimap_capabilities['SORT'] == true &&
95 isset($disable_server_sort) && $disable_server_sort) {
96 unset($sqimap_capabilities['SORT']);
97 }
98
99 /* Thread sort control */
100 if (isset($sqimap_capabilities['THREAD']) && $sqimap_capabilities['THREAD'] == true &&
101 isset($disable_thread_sort) && $disable_thread_sort) {
102 unset($sqimap_capabilities['THREAD']);
103 }
104
105 sqsession_register($sqimap_capabilities, 'sqimap_capabilities');
106 $delimiter = sqimap_get_delimiter ($imapConnection);
107
108 if (isset($sqimap_capabilities['NAMESPACE']) && $sqimap_capabilities['NAMESPACE'] == true) {
109 $namespace = sqimap_get_namespace($imapConnection);
110 sqsession_register($namespace, 'sqimap_namespace');
111 }
112
113 sqimap_logout($imapConnection);
114 sqsession_register($delimiter, 'delimiter');
115
116 $username = $login_username;
117 sqsession_register ($username, 'username');
118 do_hook('login_verified', $null);
119 }
120
121 /* Set the login variables. */
122 $user_is_logged_in = true;
123 $just_logged_in = true;
124
125 /* And register with them with the session. */
126 sqsession_register ($user_is_logged_in, 'user_is_logged_in');
127 sqsession_register ($just_logged_in, 'just_logged_in');
128
129 /* parse the accepted content-types of the client */
130 $attachment_common_types = array();
131 $attachment_common_types_parsed = array();
132 sqsession_register($attachment_common_types, 'attachment_common_types');
133 sqsession_register($attachment_common_types_parsed, 'attachment_common_types_parsed');
134
135 if ( sqgetGlobalVar('HTTP_ACCEPT', $http_accept, SQ_SERVER) &&
136 !isset($attachment_common_types_parsed[$http_accept]) ) {
137 attachment_common_parse($http_accept);
138 }
139
140 /* Complete autodetection of Javascript. */
141 checkForJavascript();
142
143 /* Compute the URL to forward the user to. */
144 $redirect_url = $location . '/webmail.php';
145
146 if ( sqgetGlobalVar('session_expired_location', $session_expired_location, SQ_SESSION) ) {
147 sqsession_unregister('session_expired_location');
148 if ( strpos($session_expired_location, 'compose.php') !== FALSE ) {
149 $compose_new_win = getPref($data_dir, $username, 'compose_new_win', 0);
150 if ($compose_new_win) {
151 // do not prefix $location here because $session_expired_location is set to PHP_SELF
152 // of the last page
153 $redirect_url = $session_expired_location;
154 } else {
155 $redirect_url = $location.'/webmail.php?right_frame='.urlencode($session_expired_location);
156 }
157 }
158 unset($session_expired_location);
159 }
160
161 if($mailtodata != '') {
162 $redirect_url = $location . '/webmail.php?right_frame=compose.php&mailtodata=';
163 $redirect_url .= urlencode($mailtodata);
164 }
165
166 /* Write session data and send them off to the appropriate page. */
167 session_write_close();
168 header("Location: $redirect_url");
169 exit;
170
171 /* --------------------- end main ----------------------- */
172
173 function attachment_common_parse($str) {
174 global $attachment_common_types, $attachment_common_types_parsed;
175
176 /*
177 * Replace ", " with "," and explode on that as Mozilla 1.x seems to
178 * use "," to seperate whilst IE, and earlier versions of Mozilla use
179 * ", " to seperate
180 */
181
182 $str = str_replace( ', ' , ',' , $str );
183 $types = explode(',', $str);
184
185 foreach ($types as $val) {
186 // Ignore the ";q=1.0" stuff
187 if (strpos($val, ';') !== false)
188 $val = substr($val, 0, strpos($val, ';'));
189
190 if (! isset($attachment_common_types[$val])) {
191 $attachment_common_types[$val] = true;
192 }
193 }
194 sqsession_register($attachment_common_types, 'attachment_common_types');
195
196 /* mark as parsed */
197 $attachment_common_types_parsed[$str] = true;
198 }