X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=functions%2Fprefs.php;h=ad4b1ed363ea3f4c0c92cc6349db3e3c9cc4f99f;hp=f636ec4a836085385c34813c75a74f8cfb7b3585;hb=e063ce26545adbebf2076b4dad82ba622e5c883c;hpb=5917742752bea11a547aeba6e4102dd3655b4800 diff --git a/functions/prefs.php b/functions/prefs.php index f636ec4a..ad4b1ed3 100644 --- a/functions/prefs.php +++ b/functions/prefs.php @@ -1,113 +1,180 @@ "; - exit; - } - $file = fopen($filename, "r"); - - /** read in all the preferences **/ - for ($i=0; !feof($file); $i++) { - $pref[$i] = fgets($file, 1024); - if (substr($pref[$i], 0, strpos($pref[$i], "=")) == $string) { - $found = true; - $pos = $i; - } - } - fclose($file); - - $file = fopen($filename, "w"); - if ($found == true) { - for ($i=0; $i < count($pref); $i++) { - if ($i == $pos) { - fwrite($file, "$string=$set_to\n", 1024); - } else { - fwrite($file, "$pref[$i]", 1024); + +/** + * prefs.php + * + * This contains functions for filebased user prefs locations + * + * @copyright 1999-2021 The SquirrelMail Project Team + * @license http://opensource.org/licenses/gpl-license.php GNU Public License + * @version $Id$ + * @package squirrelmail + * @subpackage prefs + */ + + + +/* Hashing functions */ + +/** + * Given a username and datafilename, this will return the path to the + * hashed location of that datafile. + * + * @param string username the username of the current user + * @param string dir the SquirrelMail datadir + * @param string datafile the name of the file to open + * @param bool hash_seach default true + * @return string the hashed location of datafile + * @since 1.2.0 + */ +function getHashedFile($username, $dir, $datafile, $hash_search = true) { + + /* Remove trailing slash from $dir if found */ + if (substr($dir, -1) == '/') { + $dir = substr($dir, 0, strlen($dir) - 1); + } + + /* Compute the hash for this user and extract the hash directories. */ + $hash_dirs = computeHashDirs($username); + + /* First, get and make sure the full hash directory exists. */ + $real_hash_dir = getHashedDir($username, $dir, $hash_dirs); + + /* Set the value of our real data file, after we've removed unwanted characters. */ + $datafile = str_replace('/', '_', $datafile); + $result = "$real_hash_dir/$datafile"; + + /* Check for this file in the real hash directory. */ + if ($hash_search && !@file_exists($result)) { + /* First check the base directory, the most common location. */ + if (@file_exists("$dir/$datafile")) { + rename("$dir/$datafile", $result); + + /* Then check the full range of possible hash directories. */ + } else { + $check_hash_dir = $dir; + for ($h = 0; $h < 4; ++$h) { + $check_hash_dir .= '/' . $hash_dirs[$h]; + if (@is_readable("$check_hash_dir/$datafile")) { + rename("$check_hash_dir/$datafile", $result); + break; + } + } + } + } + + /* Return the full hashed datafile path. */ + return ($result); +} + +/** + * Helper function for getHashedFile, given a username returns the hashed + * dir for that username. + * + * @param string username the username of the current user + * @param string dir the SquirrelMail datadir + * @param string hash_dirs default '' + * @return the path to the hash dir for username + * @since 1.2.0 + */ +function getHashedDir($username, $dir, $hash_dirs = '') { + global $dir_hash_level; + + /* Remove trailing slash from $dir if found */ + if (substr($dir, -1) == '/') { + $dir = substr($dir, 0, strlen($dir) - 1); + } + + /* If necessary, populate the hash dir variable. */ + if ($hash_dirs == '') { + $hash_dirs = computeHashDirs($username); + } + + /* Make sure the full hash directory exists. */ + $real_hash_dir = $dir; + for ($h = 0; $h < $dir_hash_level; ++$h) { + $real_hash_dir .= '/' . $hash_dirs[$h]; + if (!@is_dir($real_hash_dir)) { +//FIXME: When safe_mode is turned on, the error suppression below makes debugging safe_mode UID/GID restrictions tricky... for now, I will add a check in configtest + if (!@mkdir($real_hash_dir, 0770)) { + error_box ( sprintf(_("Error creating directory %s."), $real_hash_dir) . "\n" . + _("Could not create hashed directory structure!") . "\n" . + _("Please contact your system administrator and report this error.") ); + exit; } - } - } else { - for ($i=0; $i < count($pref); $i++) { - fwrite($file, "$pref[$i]", 1024); - } - fwrite($file, "$string=$set_to\n", 1024); - } - - fclose($file); - } - - - - - /** This checks if there is a pref file, if there isn't, it will - create it. **/ - function checkForPrefs($data_dir, $username) { - $filename = "$data_dir$username.pref"; - if (!file_exists($filename)) { - if (!copy("$data_dir" . "default_pref", $filename)) { - echo _("Error opening ") ."$filename"; - exit; - } - } - } - - - - /** Writes the Signature **/ - function setSig($data_dir, $username, $string) { - $filename = "$data_dir$username.sig"; - $file = fopen($filename, "w"); - fwrite($file, $string); - fclose($file); - } - - - - /** Gets the signature **/ - function getSig($data_dir, $username) { - $filename = "$data_dir$username.sig"; - if (file_exists($filename)) { - $file = fopen($filename, "r"); - while (!feof($file)) { - $sig .= fgets($file, 1024); - } - fclose($file); - } else { - echo _("Signature file not found."); - exit; - } - return $sig; - } -?> + } + } + + /* And return that directory. */ + return ($real_hash_dir); +} + +/** + * Helper function for getHashDir which does the actual hash calculation. + * + * Uses a crc32 algorithm by default, but if you put + * the following in config/config_local.php, you can + * force md5 instead: + * $hash_dirs_use_md5 = TRUE; + * + * You may also specify that if usernames are in full + * email address format, the domain part (beginning + * with "@") be stripped before calculating the crc + * or md5. Do that by putting the following in + * config/config_local.php: + * $hash_dirs_strip_domain = TRUE; + * + * @param string username the username to calculate the hash dir for + * + * @return array a list of hash dirs for this username + * + * @since 1.2.0 + * + */ +function computeHashDirs($username) { + + global $hash_dirs_use_md5, $hash_dirs_strip_domain; + static $hash_dirs = array(); + + + // strip domain from username + if ($hash_dirs_strip_domain) + $user = substr($username, 0, strpos($username, '@')); + else + $user = $username; + + + // have we already calculated it? + if (!empty($hash_dirs[$user])) + return $hash_dirs[$user]; + + + if ($hash_dirs_use_md5) { + + $hash = md5($user); + //$hash = md5bin($user); + + } else { + + /* Compute the hash for this user and extract the hash directories. */ + /* Note that the crc32() function result will be different on 32 and */ + /* 64 bit systems, thus the hack below. */ + $crc = crc32($user); + if ($crc & 0x80000000) { + $crc ^= 0xffffffff; + $crc += 1; + } + $hash = base_convert($crc, 10, 16); + } + + + $my_hash_dirs = array(); + for ($h = 0; $h < 4; ++ $h) { + $my_hash_dirs[] = substr($hash, $h, 1); + } + + // Return our array of hash directories + $hash_dirs[$user] = $my_hash_dirs; + return ($my_hash_dirs); +} +