Add note about erroneous hook placement - PLEASE read the comment and reply if you...

[squirrelmail.git] / include / init.php

diff --git a/include/init.php b/include/init.php
index 226964729d8302a4dd903db500bdaec578a362e3..50124500e4bfc8bc9e83f57e346337e440600f98 100644 (file)
--- a/include/init.php
+++ b/include/init.php
@@ -85,6 +85,7 @@ if (!(bool)ini_get('session.use_cookies') ||
     ini_set('session.use_cookies','1');
 }
 
+
 /**
  * calculate SM_PATH and calculate the base_uri
  * assumptions made: init.php is only called from plugins or from the src dir.
@@ -92,27 +93,29 @@ if (!(bool)ini_get('session.use_cookies') ||
  *
  */
 if (isset($_SERVER['SCRIPT_NAME'])) {
-    $a = explode('/',$_SERVER['SCRIPT_NAME']);
+    $a = explode('/', $_SERVER['SCRIPT_NAME']);
 } elseif (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) {
-    $a = explode('/',$HTTP_SERVER_VARS['SCRIPT_NAME']);
+    $a = explode('/', $HTTP_SERVER_VARS['SCRIPT_NAME']);
 } else {
-    $error = 'Unable to detect script environment. '
-       .'Please test your PHP settings and send PHP core config, $_SERVER '
-       .'and $HTTP_SERVER_VARS to SquirrelMail developers.';
+    $error = 'Unable to detect script environment. Please test your PHP '
+           . 'settings and send your PHP core configuration, $_SERVER and '
+           . '$HTTP_SERVER_VARS contents to the SquirrelMail developers.';
     die($error);
 }
 $sSM_PATH = '';
-for($i = count($a) -2;$i > -1; --$i) {
+for($i = count($a) -2; $i > -1; --$i) {
     $sSM_PATH .= '../';
     if ($a[$i] === 'src' || $a[$i] === 'plugins') {
         break;
     }
 }
 
-$base_uri = implode('/',array_slice($a,0,$i)). '/';
+$base_uri = implode('/', array_slice($a, 0, $i)). '/';
 
 define('SM_PATH',$sSM_PATH);
 define('SM_BASE_URI', $base_uri);
+
+
 /**
  * global var $bInit is used to check if initialisation took place.
  * At this moment it's a workarounf for the include of addrbook_search_html
@@ -206,32 +209,17 @@ if (!isset($session_name) || !$session_name) {
 }
 
 /**
- * When on login page or if session.auto_start is On 
- * we want to destroy/close the session (save off 
- * possible session restoration values first)
+ * When session.auto_start is On we want to destroy/close the session
  */
-if (!sqGetGlobalVar('session_expired_post', $sep, SQ_SESSION))
-    $sep = '';
-if (!sqGetGlobalVar('session_expired_location', $sel, SQ_SESSION))
-    $sel = '';
 $sSessionAutostartName = session_name();
 $sCookiePath = null;
-if (PAGE_NAME == 'login' 
- || (isset($sSessionAutostartName) && $sSessionAutostartName !== $session_name)) {
+if (isset($sSessionAutostartName) && $sSessionAutostartName !== $session_name) {
     $sCookiePath = ini_get('session.cookie_path');
     $sCookieDomain = ini_get('session.cookie_domain');
     // reset the cookie
     setcookie($sSessionAutostartName,'',time() - 604800,$sCookiePath,$sCookieDomain);
     @session_destroy();
     session_write_close();
-
-    /**
-     * in some rare instances, the session seems to stick
-     * around even after destroying it (!!), so if it does,
-     * we'll manually flatten the $_SESSION data
-     */
-    if (!empty($_SESSION))
-        $_SESSION = array();
 }
 
 /**
@@ -243,6 +231,37 @@ ini_set('session.name' , $session_name);
 session_set_cookie_params (0, $base_uri);
 sqsession_is_active();
 
+/**
+ * When on login page, have to reset the user session, making
+ * sure to save session restore data first
+ */
+if (PAGE_NAME == 'login') {
+    if (!sqGetGlobalVar('session_expired_post', $sep, SQ_SESSION))
+        $sep = '';
+    if (!sqGetGlobalVar('session_expired_location', $sel, SQ_SESSION))
+        $sel = '';
+    sqsession_destroy();
+    session_write_close();
+
+    /**
+     * in some rare instances, the session seems to stick
+     * around even after destroying it (!!), so if it does,
+     * we'll manually flatten the $_SESSION data
+     */
+    if (!empty($_SESSION))
+        $_SESSION = array();
+
+    sqsession_is_active();
+    session_regenerate_id();
+
+    // put session restore data back into session if necessary
+    if (!empty($sel)) {
+        sqsession_register($sel, 'session_expired_location');
+        if (!empty($sep))
+            sqsession_register($sep, 'session_expired_post');
+    }
+}
+
 /**
  * SquirrelMail internal version number -- DO NOT CHANGE
  * $sm_internal_version = array (release, major, minor)
@@ -254,6 +273,7 @@ $SQM_INTERNAL_VERSION[2] = intval($SQM_INTERNAL_VERSION[2]);
 /* load prefs system; even when user not logged in, should be OK to do this here */
 require(SM_PATH . 'functions/prefs.php');
 
+// FIXME: config/plugin_hooks.php has not yet been loaded (see a few lines below); so this hook call should I think not be working -- has anyone actually tested it?  Is there any reason we cannot move this prefs code block down below "MAIN PLUGIN LOADING CODE HERE" (see below)?  Reading the code, I *think* it should be OK, but....
 $prefs_backend = do_hook('prefs_backend', $null);
 if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) {
     require(SM_PATH . $prefs_backend);
@@ -374,13 +394,6 @@ switch (PAGE_NAME) {
         require(SM_PATH . 'functions/page_header.php');
         require(SM_PATH . 'functions/html.php');
 
-        // put session restore data back into session if necessary
-        if (!empty($sel)) {
-            sqsession_register($sel, 'session_expired_location');
-            if (!empty($sep))
-                sqsession_register($sep, 'session_expired_post');
-        }
-
         // reset template file cache
         //
         $sTemplateID = Template::get_default_template_set();