X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=include%2Finit.php;h=226964729d8302a4dd903db500bdaec578a362e3;hp=935515219b8cac75a4f0ef31764db695fac5cb9c;hb=c7ebdfcf0b4f318f9ae50f4da877f9471e20b435;hpb=918fcc1d131a60df5ba01212d61d82d753014468 diff --git a/include/init.php b/include/init.php index 93551521..22696472 100644 --- a/include/init.php +++ b/include/init.php @@ -18,6 +18,13 @@ error_reporting(E_ALL); +/** + * Make sure we have a page name + * + */ +if ( !defined('PAGE_NAME') ) define('PAGE_NAME', NULL); + + /** * If register_globals are on, unregister globals. * Second test covers boolean set as string (php_value register_globals off). @@ -49,9 +56,6 @@ if ((bool) ini_get('register_globals') && case 'key': case 'value': break; - case 'sInitLocation': - // FIXME: variable must be set only in src/login.php - break; default: unset($GLOBALS[$key]); } @@ -61,11 +65,19 @@ if ((bool) ini_get('register_globals') && unset($GLOBALS['value']); } +/** + * Used as a dummy value, e.g., for passing as an empty + * hook argument (where the value is passed by reference, + * and therefore NULL itself is not acceptable). + */ +global $null; +$null = NULL; + /** * [#1518885] session.use_cookies = off breaks SquirrelMail * - * When session cookies are not used, all http redirects, meta refreshes, - * src/download.php and javascript URLs are broken. Setting must be set + * When session cookies are not used, all http redirects, meta refreshes, + * src/download.php and javascript URLs are broken. Setting must be set * before session is started. */ if (!(bool)ini_get('session.use_cookies') || @@ -134,6 +146,7 @@ $color[15] = '#002266'; /* (dark blue) Unselectable folders */ $color[16] = '#ff9933'; /* (orange) Highlight color */ require(SM_PATH . 'functions/global.php'); +require(SM_PATH . 'functions/strings.php'); require(SM_PATH . 'functions/arrays.php'); /* load default configuration */ @@ -142,12 +155,10 @@ require(SM_PATH . 'config/config_default.php'); $ldap_server = array(); $plugins = array(); $fontsets = array(); -$theme = array(); -$theme[0]['PATH'] = SM_PATH . 'themes/default_theme.php'; -$theme[0]['NAME'] = 'Default'; $aTemplateSet = array(); -$aTemplateSet[0]['PATH'] = SM_PATH . 'templates/default/'; -$aTemplateSet[0]['NAME'] = 'Default template'; +$aTemplateSet[0]['ID'] = 'default'; +$aTemplateSet[0]['NAME'] = 'Default'; + /* load site configuration */ require(SM_PATH . 'config/config.php'); /* load local configuration overrides */ @@ -158,6 +169,8 @@ if (file_exists(SM_PATH . 'config/config_local.php')) { require(SM_PATH . 'functions/plugin.php'); require(SM_PATH . 'include/constants.php'); require(SM_PATH . 'include/languages.php'); +require(SM_PATH . 'class/template/Template.class.php'); +require(SM_PATH . 'class/error.class.php'); /** * If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways. @@ -193,17 +206,32 @@ if (!isset($session_name) || !$session_name) { } /** - * if session.auto_start is On then close the session + * When on login page or if session.auto_start is On + * we want to destroy/close the session (save off + * possible session restoration values first) */ +if (!sqGetGlobalVar('session_expired_post', $sep, SQ_SESSION)) + $sep = ''; +if (!sqGetGlobalVar('session_expired_location', $sel, SQ_SESSION)) + $sel = ''; $sSessionAutostartName = session_name(); -if ((isset($sSessionAutostartName) || $sSessionAutostartName == '') && - $sSessionAutostartName !== $session_name) { +$sCookiePath = null; +if (PAGE_NAME == 'login' + || (isset($sSessionAutostartName) && $sSessionAutostartName !== $session_name)) { $sCookiePath = ini_get('session.cookie_path'); $sCookieDomain = ini_get('session.cookie_domain'); // reset the cookie setcookie($sSessionAutostartName,'',time() - 604800,$sCookiePath,$sCookieDomain); @session_destroy(); session_write_close(); + + /** + * in some rare instances, the session seems to stick + * around even after destroying it (!!), so if it does, + * we'll manually flatten the $_SESSION data + */ + if (!empty($_SESSION)) + $_SESSION = array(); } /** @@ -215,124 +243,160 @@ ini_set('session.name' , $session_name); session_set_cookie_params (0, $base_uri); sqsession_is_active(); -/** - * DISABLED. - * Remove globalized session data in rg=on setups - * - * Code can be utilized when session is started, but data is not loaded. - * We have already loaded configuration and other important vars. Can't - * clean session globals here. -if ((bool) @ini_get('register_globals') && - strtolower(ini_get('register_globals'))!='off') { - foreach ($_SESSION as $key => $value) { - unset($GLOBALS[$key]); - } -} -*/ - -sqsession_register(SM_BASE_URI,'base_uri'); - -/** - * SquirrelMail version number -- DO NOT CHANGE - */ -$version = '1.5.2 [CVS]'; - /** * SquirrelMail internal version number -- DO NOT CHANGE * $sm_internal_version = array (release, major, minor) */ -$SQM_INTERNAL_VERSION = array(1,5,2); +$SQM_INTERNAL_VERSION = explode('.', SM_VERSION, 3); +$SQM_INTERNAL_VERSION[2] = intval($SQM_INTERNAL_VERSION[2]); -/** - * Retrieve the language cookie + +/* load prefs system; even when user not logged in, should be OK to do this here */ +require(SM_PATH . 'functions/prefs.php'); + +$prefs_backend = do_hook('prefs_backend', $null); +if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) { + require(SM_PATH . $prefs_backend); +} elseif (isset($prefs_dsn) && !empty($prefs_dsn)) { + require(SM_PATH . 'functions/db_prefs.php'); +} else { + require(SM_PATH . 'functions/file_prefs.php'); +} + + +/* if plugins are disabled only for one user and + * the current user is NOT that user, turn them + * back on */ -if (! sqgetGlobalVar('squirrelmail_language',$squirrelmail_language,SQ_COOKIE)) { - $squirrelmail_language = ''; +sqgetGlobalVar('username',$username,SQ_SESSION); +if ($disable_plugins && !empty($disable_plugins_user) + && $username != $disable_plugins_user) { + $disable_plugins = false; +} + +/* remove all plugins if they are disabled */ +if ($disable_plugins) { + $plugins = array(); } /** - * @var $sInitlocation From where do we include. + * Include Compatibility plugin if available. */ -if (!isset($sInitLocation)) { - $sInitLocation=NULL; -} +if (!$disable_plugins && file_exists(SM_PATH . 'plugins/compatibility/functions.php')) + include_once(SM_PATH . 'plugins/compatibility/functions.php'); /** * MAIN PLUGIN LOADING CODE HERE + * On init, we no longer need to load all plugin setup files. + * Now, we load the statically generated hook registrations here + * and let the hook calls include only the plugins needed. */ +$squirrelmail_plugin_hooks = array(); +if (!$disable_plugins && file_exists(SM_PATH . 'config/plugin_hooks.php')) { + require(SM_PATH . 'config/plugin_hooks.php'); +} /** - * Include Compatibility plugin if available. + * allow plugins to override main configuration; hook is placed + * here to allow plugins to use session information to do their work */ -if (file_exists(SM_PATH . 'plugins/compatibility/functions.php')) - include_once(SM_PATH . 'plugins/compatibility/functions.php'); -$squirrelmail_plugin_hooks = array(); +do_hook('config_override', $null); -/* On init, register all plugins configured for use. */ -if (isset($plugins) && is_array($plugins)) { - // turn on output buffering in order to prevent output of new lines - ob_start(); - foreach ($plugins as $name) { - use_plugin($name); - } - // get output and remove whitespace - $output = trim(ob_get_contents()); - ob_end_clean(); - // if plugins output more than newlines and spacing, stop script execution. - if (!empty($output)) { - die($output); +/** + * DISABLED. + * Remove globalized session data in rg=on setups + * + * Code can be utilized when session is started, but data is not loaded. + * We have already loaded configuration and other important vars. Can't + * clean session globals here. +if ((bool) @ini_get('register_globals') && + strtolower(ini_get('register_globals'))!='off') { + foreach ($_SESSION as $key => $value) { + unset($GLOBALS[$key]); } } +*/ + +sqsession_register(SM_BASE_URI,'base_uri'); /** - * Before 1.5.2 version hook was part of functions/constants.php. - * After init layout changes, hook had to be moved because include/constants.php is - * loaded before plugins are initialized. - * @since 1.2.0 + * Retrieve the language cookie */ -do_hook('loading_constants'); +if (! sqgetGlobalVar('squirrelmail_language',$squirrelmail_language,SQ_COOKIE)) { + $squirrelmail_language = ''; +} -switch ($sInitLocation) { - case 'style': + +/** + * Do something special for some pages. This is based on the PAGE_NAME constand + * set at the top of every page. + */ +switch (PAGE_NAME) { + case 'style': // need to get the right template set up - sqGetGlobalVar('templatedir', $templatedir, SQ_GET); + // + sqGetGlobalVar('templateid', $templateid, SQ_GET); // sanitize just in case... - $templatedir = preg_replace('/(\.\.\/){1,}/', '', $templatedir); - - // could also conceivably make sure given templatedir is in $aTemplateSet + // + $templateid = preg_replace('/(\.\.\/){1,}/', '', $templateid); + + // make sure given template actually is available + // + $found_templateset = false; + for ($i = 0; $i < count($aTemplateSet); ++$i) { + if ($aTemplateSet[$i]['ID'] == $templateid) { + $found_templateset = true; + break; + } + } - // set template directory only if what was given is valid - if (is_dir(SM_PATH . 'templates/' . $templatedir . '/')) { - $sTplDir = SM_PATH . 'templates/' . $templatedir . '/'; +// FIXME: do we need/want to check here for actual (physical) presence of template sets? + // selected template not available, fall back to default template + // + if (!$found_templateset) { + $sTemplateID = Template::get_default_template_set(); + } else { + $sTemplateID = $templateid; } session_write_close(); - sqsetcookieflush(); break; case 'redirect': - /** - * directory hashing functions are needed for all setups in case - * plugins use own pref files. - */ - require(SM_PATH . 'functions/prefs.php'); - /* hook loads custom prefs backend plugins */ - $prefs_backend = do_hook_function('prefs_backend'); - if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) { - require(SM_PATH . $prefs_backend); - } elseif (isset($prefs_dsn) && !empty($prefs_dsn)) { - require(SM_PATH . 'functions/db_prefs.php'); - } else { - require(SM_PATH . 'functions/file_prefs.php'); - } + require(SM_PATH . 'functions/auth.php'); //nobreak; + case 'login': require(SM_PATH . 'functions/display_messages.php' ); require(SM_PATH . 'functions/page_header.php'); require(SM_PATH . 'functions/html.php'); + + // put session restore data back into session if necessary + if (!empty($sel)) { + sqsession_register($sel, 'session_expired_location'); + if (!empty($sep)) + sqsession_register($sep, 'session_expired_post'); + } + + // reset template file cache + // + $sTemplateID = Template::get_default_template_set(); + Template::cache_template_file_hierarchy(TRUE); + + /** + * Make sure icon variables are setup for the login page. + */ + $icon_theme = $icon_themes[$icon_theme_def]['PATH']; + /* + * NOTE: The $icon_theme_path var should contain the path to the icon + * theme to use. If the admin has disabled icons, or the user has + * set the icon theme to "None," no icons will be used. + */ + $icon_theme_path = (!$use_icons || $icon_theme=='none') ? NULL : ($icon_theme == 'template' ? SM_PATH . Template::calculate_template_images_directory($sTemplateID) : $icon_theme); + /** * cleanup old cookies with a cookie path the same as the standard php.ini * cookie path. All previous SquirrelMail version used the standard php.ini @@ -344,7 +408,9 @@ switch ($sInitLocation) { * because they probably belong to other php apps */ if (ini_get('session.name') !== $sSessionAutostartName) { - sqsetcookie(ini_get('session.name'),'',0,$sCookiePath); + // This does not work. Sometimes the cookie with SQSESSID=deleted and path / + // is picked up in webmail.php => login will fail + //sqsetcookie(ini_get('session.name'),'',0,$sCookiePath); } } break; @@ -352,7 +418,6 @@ switch ($sInitLocation) { require(SM_PATH . 'functions/display_messages.php' ); require(SM_PATH . 'functions/page_header.php'); require(SM_PATH . 'functions/html.php'); - require(SM_PATH . 'functions/strings.php'); /** @@ -361,47 +426,56 @@ switch ($sInitLocation) { require(SM_PATH . 'functions/auth.php'); if ( !sqsession_is_registered('user_is_logged_in') ) { + + // use $message to indicate what logout text the user + // will see... if 0, typical "You must be logged in" + // if 1, information that the user session was saved + // and will be resumed after (re)login + // + $message = 0; + // First we store some information in the new session to prevent // information-loss. // $session_expired_post = $_POST; - $session_expired_location = $PHP_SELF; + $session_expired_location = PAGE_NAME; if (!sqsession_is_registered('session_expired_post')) { sqsession_register($session_expired_post,'session_expired_post'); } if (!sqsession_is_registered('session_expired_location')) { sqsession_register($session_expired_location,'session_expired_location'); + if ($session_expired_location == 'compose') + $message = 1; } // signout page will deal with users who aren't logged // in on its own; don't show error here // - if (strpos($PHP_SELF, 'signout.php') !== FALSE) { - return; + if ( PAGE_NAME == 'signout' ) { + return; } /** * Initialize the template object (logout_error uses it) */ - require(SM_PATH . 'class/template/template.class.php'); /* - * $sTplDir is not initialized when a user is not logged in, so we will use - * the config file defaults here. If the neccesary variables are net set, - * force a default value. + * $sTemplateID is not initialized when a user is not logged in, so we + * will use the config file defaults here. If the neccesary variables + * are net set, force a default value. */ - $aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet ); - $templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default ); - - $sTplDir = ( !isset($aTemplateSet[$templateset_default]['PATH']) ? - SM_PATH . 'templates/default/' : - $aTemplateSet[$templateset_default]['PATH'] ); - $oTemplate = new Template($sTplDir); + $sTemplateID = Template::get_default_template_set(); + $oTemplate = Template::construct_template($sTemplateID); set_up_language($squirrelmail_language, true); - logout_error( _("You must be logged in to access this page.") ); + if (!$message) + logout_error( _("You must be logged in to access this page.") ); + else + logout_error( _("Your session has expired, but will be resumed after logging in again.") ); exit; } +//FIXME: remove next line if the placement of the copy of this line above does not prove to be problematic sqgetGlobalVar('username',$username,SQ_SESSION); + sqgetGlobalVar('authz',$authz,SQ_SESSION); /** * Setting the prefs backend @@ -416,18 +490,6 @@ switch ($sInitLocation) { $prefs_cache = false; //array(); } - /* see 'redirect' case */ - require(SM_PATH . 'functions/prefs.php'); - - $prefs_backend = do_hook_function('prefs_backend'); - if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) { - require(SM_PATH . $prefs_backend); - } elseif (isset($prefs_dsn) && !empty($prefs_dsn)) { - require(SM_PATH . 'functions/db_prefs.php'); - } else { - require(SM_PATH . 'functions/file_prefs.php'); - } - /** * initializing user settings */ @@ -451,8 +513,6 @@ switch ($sInitLocation) { * Set up the language. */ $err=set_up_language(getPref($data_dir, $username, 'language')); - /* this is the last cookie we set so flush it. */ - sqsetcookieflush(); // Japanese translation used without mbstring support if ($err==2) { @@ -506,36 +566,37 @@ switch ($sInitLocation) { } else { // interface runs on server's time zone. Remove php E_STRICT complains $default_timezone = @date_default_timezone_get(); - date_default_timezone_set($default_timezone); + date_default_timezone_set($default_timezone); } } break; } -/** - * Initialize the template object - */ -require(SM_PATH . 'class/template/template.class.php'); - /* - * $sTplDir is not initialized when a user is not logged in, so we will use - * the config file defaults here. If the neccesary variables are not set, - * force a default value. - * - * If the user is logged in, $sTplDir will be set in load_prefs.php, so we - * shouldn't change it here. + * $sTemplateID is not initialized when a user is not logged in, so we + * will use the config file defaults here. If the neccesary variables + * are not set, force a default value. + * + * If the user is logged in, $sTemplateID will be set in load_prefs.php, + * so we shouldn't change it here. */ -if (!isset($sTplDir)) { - $aTemplateSet = ( !isset($aTemplateSet) ? array() : $aTemplateSet ); - $templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default ); - - $sTplDir = !isset($aTemplateSet[$templateset_default]['PATH']) ? SM_PATH . 'templates/default/' : $aTemplateSet[$templateset_default]['PATH']; - $icon_theme_path = !$use_icons ? NULL : $sTplDir . 'images/'; +if (!isset($sTemplateID)) { + $sTemplateID = Template::get_default_template_set(); + $icon_theme_path = !$use_icons ? NULL : Template::calculate_template_images_directory($sTemplateID); +} + +// template object may have already been constructed in load_prefs.php +// +if (empty($oTemplate)) { + $oTemplate = Template::construct_template($sTemplateID); } -$oTemplate = new Template($sTplDir); // We want some variables to always be available to the template -$always_include = array('sTplDir', 'icon_theme_path'); +$oTemplate->assign('javascript_on', + (sqGetGlobalVar('user_is_logged_in', $user_is_logged_in, SQ_SESSION) + ? checkForJavascript() : 0)); +$oTemplate->assign('base_uri', sqm_baseuri()); +$always_include = array('sTemplateID', 'icon_theme_path'); foreach ($always_include as $var) { $oTemplate->assign($var, (isset($$var) ? $$var : NULL)); } @@ -543,7 +604,6 @@ foreach ($always_include as $var) { /** * Initialize our custom error handler object */ -require(SM_PATH . 'class/error.class.php'); $oErrorHandler = new ErrorHandler($oTemplate,'error_message.tpl'); /** @@ -567,6 +627,7 @@ function checkForJavascript($reset = FALSE) { if ( !$reset && sqGetGlobalVar('javascript_on', $javascript_on, SQ_SESSION) ) return $javascript_on; + $user_is_logged_in = FALSE; if ( $reset || !isset($javascript_setting) ) $javascript_setting = getPref($data_dir, $username, 'javascript_setting', SMPREF_JS_AUTODETECT);