X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=functions%2Fprefs.php;h=90a17673cf8a8aaa35ce9ebed66c95dc24c73983;hp=097c2dac2d0bc53a9ab4a92a8a73c129962096d7;hb=c2503a4e44d5f357538180126fd5740033ed5115;hpb=32c7898caf59016a8b858f2dc3beb7f9e0049064

diff --git a/functions/prefs.php b/functions/prefs.php
index 097c2dac..90a17673 100644
--- a/functions/prefs.php
+++ b/functions/prefs.php
@@ -1,111 +1,180 @@
-<?
-   /**
-    **  prefs.php
-    **
-    **  This contains functions for manipulating user preferences
-    **/
-
-   /** returns the value for $string **/
-   function getPref($data_dir, $username, $string) {
-      $filename = "$data_dir$username.pref";
-      if (!file_exists($filename)) {
-         echo _("Preference file ") . "\"$filename\"" . _(" not found.  Exiting abnormally");
-         exit;
-      }
-
-      $file = fopen($filename, "r");
-
-      /** read in all the preferences **/
-      for ($i=0; !feof($file); $i++) {
-         $pref = fgets($file, 1024);
-         if (substr($pref, 0, strpos($pref, "=")) == $string) {
-            fclose($file);
-            return trim(substr($pref, strpos($pref, "=")+1));
-         }
-      }
-      fclose($file);
-      return "";
-   }
-
-   /** sets the pref, $string, to $set_to **/
-   function setPref($data_dir, $username, $string, $set_to) {
-      $filename = "$data_dir$username.pref";
-      $found = false;
-      if (!file_exists($filename)) {
-         echo _("Preference file, ") . "\"$filename\"" . _(", does not exist.  Log out, and log back in to create a default preference file. ") ."<BR>";
-         exit;
-      }
-      $file = fopen($filename, "r");
-
-      /** read in all the preferences **/
-      for ($i=0; !feof($file); $i++) {
-         $pref[$i] = fgets($file, 1024);
-         if (substr($pref[$i], 0, strpos($pref[$i], "=")) == $string) {
-            $found = true;
-            $pos = $i;
-         }
-      }
-      fclose($file);
-
-      $file = fopen($filename, "w");
-      if ($found == true) {
-         for ($i=0; $i < count($pref); $i++) {
-            if ($i == $pos) {
-               fwrite($file, "$string=$set_to\n", 1024);
-            } else {
-               fwrite($file, "$pref[$i]", 1024);
+<?php
+
+/**
+ * prefs.php
+ *
+ * This contains functions for filebased user prefs locations
+ *
+ * @copyright 1999-2017 The SquirrelMail Project Team
+ * @license http://opensource.org/licenses/gpl-license.php GNU Public License
+ * @version $Id$
+ * @package squirrelmail
+ * @subpackage prefs
+ */
+
+
+
+/* Hashing functions */
+
+/**
+ * Given a username and datafilename, this will return the path to the
+ * hashed location of that datafile.
+ *
+ * @param string username the username of the current user
+ * @param string dir the SquirrelMail datadir
+ * @param string datafile the name of the file to open
+ * @param bool hash_seach default true
+ * @return string the hashed location of datafile
+ * @since 1.2.0
+ */
+function getHashedFile($username, $dir, $datafile, $hash_search = true) {
+
+    /* Remove trailing slash from $dir if found */
+    if (substr($dir, -1) == '/') {
+        $dir = substr($dir, 0, strlen($dir) - 1);
+    }
+
+    /* Compute the hash for this user and extract the hash directories. */
+    $hash_dirs = computeHashDirs($username);
+
+    /* First, get and make sure the full hash directory exists. */
+    $real_hash_dir = getHashedDir($username, $dir, $hash_dirs);
+
+    /* Set the value of our real data file, after we've removed unwanted characters. */
+    $datafile = str_replace('/', '_', $datafile);
+    $result = "$real_hash_dir/$datafile";
+
+    /* Check for this file in the real hash directory. */
+    if ($hash_search && !@file_exists($result)) {
+        /* First check the base directory, the most common location. */
+        if (@file_exists("$dir/$datafile")) {
+            rename("$dir/$datafile", $result);
+
+        /* Then check the full range of possible hash directories. */
+        } else {
+            $check_hash_dir = $dir;
+            for ($h = 0; $h < 4; ++$h) {
+                $check_hash_dir .= '/' . $hash_dirs[$h];
+                if (@is_readable("$check_hash_dir/$datafile")) {
+                    rename("$check_hash_dir/$datafile", $result);
+                    break;
+                }
             }
-         }
-      } else {
-         for ($i=0; $i < count($pref); $i++) {
-            fwrite($file, "$pref[$i]", 1024);
-         }
-         fwrite($file, "$string=$set_to\n", 1024);
-      }
-
-      fclose($file);
-   }
-
-
-
-
-   /** This checks if there is a pref file, if there isn't, it will create it. **/
-   function checkForPrefs($data_dir, $username) {
-      $filename = "$data_dir$username.pref";
-      if (!file_exists($filename)) {
-         if (!copy("$data_dir" . "default_pref", $filename)) {
-            echo _("Error opening ") ."$filename";
-            exit;
-         }
-      }
-      return;
-   }
-
-
-
-   /** Writes the Signature **/
-   function setSig($data_dir, $username, $string) {
-      $filename = "$data_dir$username.sig";
-      $file = fopen($filename, "w");
-      fwrite($file, $string);
-      fclose($file);
-   }
-
-
-
-   /** Gets the signature **/
-   function getSig($data_dir, $username) {
-      $filename = "$data_dir$username.sig";
-      if (file_exists($filename)) {
-         $file = fopen($filename, "r");
-         while (!feof($file)) {
-            $sig .= fgets($file, 1024);
-         }
-         fclose($file);
-      } else {
-         echo _("Signature file not found.");
-         exit;
-      }
-      return $sig;
-   }
-?>
+        }
+    }
+
+    /* Return the full hashed datafile path. */
+    return ($result);
+}
+
+/**
+ * Helper function for getHashedFile, given a username returns the hashed
+ * dir for that username.
+ *
+ * @param string username the username of the current user
+ * @param string dir the SquirrelMail datadir
+ * @param string hash_dirs default ''
+ * @return the path to the hash dir for username
+ * @since 1.2.0
+ */
+function getHashedDir($username, $dir, $hash_dirs = '') {
+    global $dir_hash_level;
+
+    /* Remove trailing slash from $dir if found */
+    if (substr($dir, -1) == '/') {
+        $dir = substr($dir, 0, strlen($dir) - 1);
+    }
+
+    /* If necessary, populate the hash dir variable. */
+    if ($hash_dirs == '') {
+        $hash_dirs = computeHashDirs($username);
+    }
+
+    /* Make sure the full hash directory exists. */
+    $real_hash_dir = $dir;
+    for ($h = 0; $h < $dir_hash_level; ++$h) {
+        $real_hash_dir .= '/' . $hash_dirs[$h];
+        if (!@is_dir($real_hash_dir)) {
+//FIXME: When safe_mode is turned on, the error suppression below makes debugging safe_mode UID/GID restrictions tricky... for now, I will add a check in configtest
+            if (!@mkdir($real_hash_dir, 0770)) {
+                error_box ( sprintf(_("Error creating directory %s."), $real_hash_dir) . "\n" .
+                     _("Could not create hashed directory structure!") . "\n" .
+                     _("Please contact your system administrator and report this error.") );
+                exit;
+            }
+        }
+    }
+
+    /* And return that directory. */
+    return ($real_hash_dir);
+}
+
+/**
+ * Helper function for getHashDir which does the actual hash calculation.
+ *
+ * Uses a crc32 algorithm by default, but if you put
+ * the following in config/config_local.php, you can
+ * force md5 instead:
+ *    $hash_dirs_use_md5 = TRUE;
+ *
+ * You may also specify that if usernames are in full
+ * email address format, the domain part (beginning
+ * with "@") be stripped before calculating the crc
+ * or md5.  Do that by putting the following in
+ * config/config_local.php:
+ *    $hash_dirs_strip_domain = TRUE;
+ *
+ * @param string username the username to calculate the hash dir for
+ *
+ * @return array a list of hash dirs for this username
+ *
+ * @since 1.2.0
+ *
+ */
+function computeHashDirs($username) {
+
+    global $hash_dirs_use_md5, $hash_dirs_strip_domain;
+    static $hash_dirs = array();
+
+
+    // strip domain from username
+    if ($hash_dirs_strip_domain)
+        $user = substr($username, 0, strpos($username, '@'));
+    else
+        $user = $username;
+
+
+    // have we already calculated it?
+    if (!empty($hash_dirs[$user]))
+        return $hash_dirs[$user];
+
+
+    if ($hash_dirs_use_md5) {
+
+        $hash = md5($user);
+        //$hash = md5bin($user);
+
+    } else {
+
+        /* Compute the hash for this user and extract the hash directories.  */
+        /* Note that the crc32() function result will be different on 32 and */
+        /* 64 bit systems, thus the hack below.                              */
+        $crc = crc32($user);
+        if ($crc & 0x80000000) {
+            $crc ^= 0xffffffff;
+            $crc += 1;
+        }
+        $hash = base_convert($crc, 10, 16);
+    }
+
+
+    $my_hash_dirs = array();
+    for ($h = 0; $h < 4; ++ $h) {
+        $my_hash_dirs[] = substr($hash, $h, 1);
+    }
+
+    // Return our array of hash directories
+    $hash_dirs[$user] = $my_hash_dirs;
+    return ($my_hash_dirs);
+}
+