src/redirect.php

   1 <?php
   2
   3 /**
   4  * Prevents users from reposting their form data after a successful logout.
   5  *
   6  * Derived from webmail.php by Ralf Kraudelt <kraude@wiwi.uni-rostock.de>
   7  *
   8  * @copyright &copy; 1999-2007 The SquirrelMail Project Team
   9  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  10  * @version $Id$
  11  * @package squirrelmail
  12  */
  13
  14 /** This is the redirect page */
  15 define('PAGE_NAME', 'redirect');
  16
  17 /**
  18  * Include the SquirrelMail initialization file.
  19  */
  20 require('../include/init.php');
  21
  22 /* SquirrelMail required files. */
  23 require_once(SM_PATH . 'functions/imap_general.php');
  24 require_once(SM_PATH . 'functions/strings.php');
  25
  26 header('Pragma: no-cache');
  27 $location = get_location();
  28
  29 // session_set_cookie_params (0, $base_uri);
  30
  31 sqsession_unregister ('user_is_logged_in');
  32 sqsession_register ($base_uri, 'base_uri');
  33
  34 /* get globals we me need */
  35 sqGetGlobalVar('login_username', $login_username);
  36 sqGetGlobalVar('secretkey', $secretkey);
  37 if(!sqGetGlobalVar('squirrelmail_language', $squirrelmail_language) || $squirrelmail_language == '') {
  38     $squirrelmail_language = $squirrelmail_default_language;
  39 }
  40 if (!sqgetGlobalVar('mailtodata', $mailtodata)) {
  41     $mailtodata = '';
  42 }
  43
  44 /* end of get globals */
  45
  46 set_up_language($squirrelmail_language, true);
  47 /* Refresh the language cookie. */
  48 sqsetcookie('squirrelmail_language', $squirrelmail_language, time()+2592000,
  49           $base_uri);
  50
  51 if (!isset($login_username)) {
  52     logout_error( _("You must be logged in to access this page.") );
  53     exit;
  54 }
  55
  56 do_hook('login_before', $null);
  57
  58 $onetimepad = OneTimePadCreate(strlen($secretkey));
  59 $key = OneTimePadEncrypt($secretkey, $onetimepad);
  60
  61 /* remove redundant spaces */
  62 $login_username = trim($login_username);
  63
  64 /* Case-normalise username if so desired */
  65 if ($force_username_lowercase) {
  66     $login_username = strtolower($login_username);
  67 }
  68
  69 /* Verify that username and password are correct. */
  70 $imapConnection = sqimap_login($login_username, $key, $imapServerAddress, $imapPort, 0);
  71 /* From now on we are logged it. If the login failed then sqimap_login handles it */
  72
  73 /* regenerate the session id to avoid session hyijacking */
  74 sqsession_destroy();
  75 @sqsession_is_active();
  76 session_regenerate_id();
  77 /**
  78 * The cookie part. session_start and session_regenerate_session normally set
  79 * their own cookie. SquirrelMail sets another cookie which overwites the
  80 * php cookies. The sqsetcookie function sets the cookie by using the header
  81 * function which gives us full control how the cookie is set. We do that
  82 * to add the HttpOnly cookie attribute which blocks javascript access on
  83 * IE6 SP1.
  84 */
  85 sqsetcookie(session_name(),session_id(),false,$base_uri);
  86 sqsetcookie('key', $key, false, $base_uri);
  87
  88 sqsession_register($onetimepad, 'onetimepad');
  89
  90 $sqimap_capabilities = sqimap_capability($imapConnection);
  91
  92 /* Server side sorting control */
  93 if (isset($sqimap_capabilities['SORT']) && $sqimap_capabilities['SORT'] == true &&
  94     isset($disable_server_sort) && $disable_server_sort) {
  95     unset($sqimap_capabilities['SORT']);
  96 }
  97
  98 /* Thread sort control */
  99 if (isset($sqimap_capabilities['THREAD']) && $sqimap_capabilities['THREAD'] == true &&
 100     isset($disable_thread_sort) && $disable_thread_sort) {
 101     unset($sqimap_capabilities['THREAD']);
 102 }
 103
 104 sqsession_register($sqimap_capabilities, 'sqimap_capabilities');
 105 $delimiter = sqimap_get_delimiter ($imapConnection);
 106
 107 if (isset($sqimap_capabilities['NAMESPACE']) && $sqimap_capabilities['NAMESPACE'] == true) {
 108     $namespace = sqimap_get_namespace($imapConnection);
 109     sqsession_register($namespace, 'sqimap_namespace');
 110 }
 111
 112 sqimap_logout($imapConnection);
 113 sqsession_register($delimiter, 'delimiter');
 114
 115 $username = $login_username;
 116 sqsession_register ($username, 'username');
 117 do_hook('login_verified', $null);
 118
 119 /* Set the login variables. */
 120 $user_is_logged_in = true;
 121 $just_logged_in = true;
 122
 123 /* And register with them with the session. */
 124 sqsession_register ($user_is_logged_in, 'user_is_logged_in');
 125 sqsession_register ($just_logged_in, 'just_logged_in');
 126
 127 /* parse the accepted content-types of the client */
 128 $attachment_common_types = array();
 129 $attachment_common_types_parsed = array();
 130 sqsession_register($attachment_common_types, 'attachment_common_types');
 131 sqsession_register($attachment_common_types_parsed, 'attachment_common_types_parsed');
 132
 133 if ( sqgetGlobalVar('HTTP_ACCEPT', $http_accept, SQ_SERVER) &&
 134     !isset($attachment_common_types_parsed[$http_accept]) ) {
 135     attachment_common_parse($http_accept);
 136 }
 137
 138 /* Complete autodetection of Javascript. */
 139 checkForJavascript();
 140
 141 /* Compute the URL to forward the user to. */
 142 $redirect_url = $location . '/webmail.php';
 143
 144 if ( sqgetGlobalVar('session_expired_location', $session_expired_location, SQ_SESSION) ) {
 145     sqsession_unregister('session_expired_location');
 146     if ( $session_expired_location == 'compose' ) {
 147         $compose_new_win = getPref($data_dir, $username, 'compose_new_win', 0);
 148         if ($compose_new_win) {
 149             // do not prefix $location here because $session_expired_location is set to the PAGE_NAME
 150             // of the last page
 151             $redirect_url = $session_expired_location.'.php';
 152         } else {
 153             $redirect_url = $location.'/webmail.php?right_frame='.urlencode($session_expired_location).'php';
 154         }
 155     }
 156     unset($session_expired_location);
 157 }
 158
 159 if($mailtodata != '') {
 160     $redirect_url  = $location . '/webmail.php?right_frame=compose.php&mailtodata=';
 161     $redirect_url .= urlencode($mailtodata);
 162 }
 163
 164 /* Write session data and send them off to the appropriate page. */
 165 session_write_close();
 166 header("Location: $redirect_url");
 167 exit;
 168
 169 /* --------------------- end main ----------------------- */
 170
 171 function attachment_common_parse($str) {
 172     global $attachment_common_types, $attachment_common_types_parsed;
 173
 174     /*
 175      * Replace ", " with "," and explode on that as Mozilla 1.x seems to
 176      * use "," to seperate whilst IE, and earlier versions of Mozilla use
 177      * ", " to seperate
 178      */
 179
 180     $str = str_replace( ', ' , ',' , $str );
 181     $types = explode(',', $str);
 182
 183     foreach ($types as $val) {
 184         // Ignore the ";q=1.0" stuff
 185         if (strpos($val, ';') !== false) {
 186             $val = substr($val, 0, strpos($val, ';'));
 187         }
 188         if (! isset($attachment_common_types[$val])) {
 189             $attachment_common_types[$val] = true;
 190         }
 191     }
 192     sqsession_register($attachment_common_types, 'attachment_common_types');
 193
 194     /* mark as parsed */
 195     $attachment_common_types_parsed[$str] = true;
 196 }