X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=include%2Finit.php;h=50124500e4bfc8bc9e83f57e346337e440600f98;hp=054f3a7b6b0696af562d3fca37692fcf2822b92f;hb=d9188d9ad875c5e29b88f3be6d65447f48984fff;hpb=457e85930298524fc08003d262c71ab621470ab4 diff --git a/include/init.php b/include/init.php index 054f3a7b..50124500 100644 --- a/include/init.php +++ b/include/init.php @@ -18,6 +18,13 @@ error_reporting(E_ALL); +/** + * Make sure we have a page name + * + */ +if ( !defined('PAGE_NAME') ) define('PAGE_NAME', NULL); + + /** * If register_globals are on, unregister globals. * Second test covers boolean set as string (php_value register_globals off). @@ -49,9 +56,6 @@ if ((bool) ini_get('register_globals') && case 'key': case 'value': break; - case 'sInitLocation': - // FIXME: variable must be set only in src/login.php - break; default: unset($GLOBALS[$key]); } @@ -63,16 +67,17 @@ if ((bool) ini_get('register_globals') && /** * Used as a dummy value, e.g., for passing as an empty - * hook argument. + * hook argument (where the value is passed by reference, + * and therefore NULL itself is not acceptable). */ -global $null; +global $null; $null = NULL; /** * [#1518885] session.use_cookies = off breaks SquirrelMail * - * When session cookies are not used, all http redirects, meta refreshes, - * src/download.php and javascript URLs are broken. Setting must be set + * When session cookies are not used, all http redirects, meta refreshes, + * src/download.php and javascript URLs are broken. Setting must be set * before session is started. */ if (!(bool)ini_get('session.use_cookies') || @@ -80,6 +85,7 @@ if (!(bool)ini_get('session.use_cookies') || ini_set('session.use_cookies','1'); } + /** * calculate SM_PATH and calculate the base_uri * assumptions made: init.php is only called from plugins or from the src dir. @@ -87,27 +93,29 @@ if (!(bool)ini_get('session.use_cookies') || * */ if (isset($_SERVER['SCRIPT_NAME'])) { - $a = explode('/',$_SERVER['SCRIPT_NAME']); + $a = explode('/', $_SERVER['SCRIPT_NAME']); } elseif (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) { - $a = explode('/',$HTTP_SERVER_VARS['SCRIPT_NAME']); + $a = explode('/', $HTTP_SERVER_VARS['SCRIPT_NAME']); } else { - $error = 'Unable to detect script environment. ' - .'Please test your PHP settings and send PHP core config, $_SERVER ' - .'and $HTTP_SERVER_VARS to SquirrelMail developers.'; + $error = 'Unable to detect script environment. Please test your PHP ' + . 'settings and send your PHP core configuration, $_SERVER and ' + . '$HTTP_SERVER_VARS contents to the SquirrelMail developers.'; die($error); } $sSM_PATH = ''; -for($i = count($a) -2;$i > -1; --$i) { +for($i = count($a) -2; $i > -1; --$i) { $sSM_PATH .= '../'; if ($a[$i] === 'src' || $a[$i] === 'plugins') { break; } } -$base_uri = implode('/',array_slice($a,0,$i)). '/'; +$base_uri = implode('/', array_slice($a, 0, $i)). '/'; define('SM_PATH',$sSM_PATH); define('SM_BASE_URI', $base_uri); + + /** * global var $bInit is used to check if initialisation took place. * At this moment it's a workarounf for the include of addrbook_search_html @@ -141,6 +149,7 @@ $color[15] = '#002266'; /* (dark blue) Unselectable folders */ $color[16] = '#ff9933'; /* (orange) Highlight color */ require(SM_PATH . 'functions/global.php'); +require(SM_PATH . 'functions/strings.php'); require(SM_PATH . 'functions/arrays.php'); /* load default configuration */ @@ -200,11 +209,11 @@ if (!isset($session_name) || !$session_name) { } /** - * if session.auto_start is On then close the session + * When session.auto_start is On we want to destroy/close the session */ $sSessionAutostartName = session_name(); -if ((isset($sSessionAutostartName) || $sSessionAutostartName == '') && - $sSessionAutostartName !== $session_name) { +$sCookiePath = null; +if (isset($sSessionAutostartName) && $sSessionAutostartName !== $session_name) { $sCookiePath = ini_get('session.cookie_path'); $sCookieDomain = ini_get('session.cookie_domain'); // reset the cookie @@ -223,18 +232,59 @@ session_set_cookie_params (0, $base_uri); sqsession_is_active(); /** - * SquirrelMail version number -- DO NOT CHANGE + * When on login page, have to reset the user session, making + * sure to save session restore data first */ -$version = '1.5.2 [CVS]'; +if (PAGE_NAME == 'login') { + if (!sqGetGlobalVar('session_expired_post', $sep, SQ_SESSION)) + $sep = ''; + if (!sqGetGlobalVar('session_expired_location', $sel, SQ_SESSION)) + $sel = ''; + sqsession_destroy(); + session_write_close(); + + /** + * in some rare instances, the session seems to stick + * around even after destroying it (!!), so if it does, + * we'll manually flatten the $_SESSION data + */ + if (!empty($_SESSION)) + $_SESSION = array(); + + sqsession_is_active(); + session_regenerate_id(); + + // put session restore data back into session if necessary + if (!empty($sel)) { + sqsession_register($sel, 'session_expired_location'); + if (!empty($sep)) + sqsession_register($sep, 'session_expired_post'); + } +} /** * SquirrelMail internal version number -- DO NOT CHANGE * $sm_internal_version = array (release, major, minor) */ -$SQM_INTERNAL_VERSION = array(1,5,2); +$SQM_INTERNAL_VERSION = explode('.', SM_VERSION, 3); +$SQM_INTERNAL_VERSION[2] = intval($SQM_INTERNAL_VERSION[2]); + + +/* load prefs system; even when user not logged in, should be OK to do this here */ +require(SM_PATH . 'functions/prefs.php'); + +// FIXME: config/plugin_hooks.php has not yet been loaded (see a few lines below); so this hook call should I think not be working -- has anyone actually tested it? Is there any reason we cannot move this prefs code block down below "MAIN PLUGIN LOADING CODE HERE" (see below)? Reading the code, I *think* it should be OK, but.... +$prefs_backend = do_hook('prefs_backend', $null); +if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) { + require(SM_PATH . $prefs_backend); +} elseif (isset($prefs_dsn) && !empty($prefs_dsn)) { + require(SM_PATH . 'functions/db_prefs.php'); +} else { + require(SM_PATH . 'functions/file_prefs.php'); +} -/* if plugins are disabled only for one user and +/* if plugins are disabled only for one user and * the current user is NOT that user, turn them * back on */ @@ -258,7 +308,7 @@ if (!$disable_plugins && file_exists(SM_PATH . 'plugins/compatibility/functions. /** * MAIN PLUGIN LOADING CODE HERE - * On init, we no longer need to load all plugin setup files. + * On init, we no longer need to load all plugin setup files. * Now, we load the statically generated hook registrations here * and let the hook calls include only the plugins needed. */ @@ -276,9 +326,9 @@ do_hook('config_override', $null); /** * DISABLED. * Remove globalized session data in rg=on setups - * + * * Code can be utilized when session is started, but data is not loaded. - * We have already loaded configuration and other important vars. Can't + * We have already loaded configuration and other important vars. Can't * clean session globals here. if ((bool) @ini_get('register_globals') && strtolower(ini_get('register_globals'))!='off') { @@ -299,14 +349,11 @@ if (! sqgetGlobalVar('squirrelmail_language',$squirrelmail_language,SQ_COOKIE)) /** - * @var $sInitlocation From where do we include. + * Do something special for some pages. This is based on the PAGE_NAME constand + * set at the top of every page. */ -if (!isset($sInitLocation)) { - $sInitLocation=NULL; -} - -switch ($sInitLocation) { - case 'style': +switch (PAGE_NAME) { + case 'style': // need to get the right template set up // @@ -336,26 +383,12 @@ switch ($sInitLocation) { } session_write_close(); - sqsetcookieflush(); break; case 'redirect': - /** - * directory hashing functions are needed for all setups in case - * plugins use own pref files. - */ - require(SM_PATH . 'functions/prefs.php'); require(SM_PATH . 'functions/auth.php'); - /* hook loads custom prefs backend plugins */ - $prefs_backend = do_hook('prefs_backend', $null); - if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) { - require(SM_PATH . $prefs_backend); - } elseif (isset($prefs_dsn) && !empty($prefs_dsn)) { - require(SM_PATH . 'functions/db_prefs.php'); - } else { - require(SM_PATH . 'functions/file_prefs.php'); - } //nobreak; + case 'login': require(SM_PATH . 'functions/display_messages.php' ); require(SM_PATH . 'functions/page_header.php'); @@ -388,7 +421,9 @@ switch ($sInitLocation) { * because they probably belong to other php apps */ if (ini_get('session.name') !== $sSessionAutostartName) { - sqsetcookie(ini_get('session.name'),'',0,$sCookiePath); + // This does not work. Sometimes the cookie with SQSESSID=deleted and path / + // is picked up in webmail.php => login will fail + //sqsetcookie(ini_get('session.name'),'',0,$sCookiePath); } } break; @@ -396,7 +431,6 @@ switch ($sInitLocation) { require(SM_PATH . 'functions/display_messages.php' ); require(SM_PATH . 'functions/page_header.php'); require(SM_PATH . 'functions/html.php'); - require(SM_PATH . 'functions/strings.php'); /** @@ -405,37 +439,50 @@ switch ($sInitLocation) { require(SM_PATH . 'functions/auth.php'); if ( !sqsession_is_registered('user_is_logged_in') ) { + + // use $message to indicate what logout text the user + // will see... if 0, typical "You must be logged in" + // if 1, information that the user session was saved + // and will be resumed after (re)login + // + $message = 0; + // First we store some information in the new session to prevent // information-loss. // $session_expired_post = $_POST; - $session_expired_location = $PHP_SELF; + $session_expired_location = PAGE_NAME; if (!sqsession_is_registered('session_expired_post')) { sqsession_register($session_expired_post,'session_expired_post'); } if (!sqsession_is_registered('session_expired_location')) { sqsession_register($session_expired_location,'session_expired_location'); + if ($session_expired_location == 'compose') + $message = 1; } // signout page will deal with users who aren't logged // in on its own; don't show error here // - if (strpos($PHP_SELF, 'signout.php') !== FALSE) { - return; + if ( PAGE_NAME == 'signout' ) { + return; } /** * Initialize the template object (logout_error uses it) */ /* - * $sTemplateID is not initialized when a user is not logged in, so we - * will use the config file defaults here. If the neccesary variables + * $sTemplateID is not initialized when a user is not logged in, so we + * will use the config file defaults here. If the neccesary variables * are net set, force a default value. */ $sTemplateID = Template::get_default_template_set(); $oTemplate = Template::construct_template($sTemplateID); set_up_language($squirrelmail_language, true); - logout_error( _("You must be logged in to access this page.") ); + if (!$message) + logout_error( _("You must be logged in to access this page.") ); + else + logout_error( _("Your session has expired, but will be resumed after logging in again.") ); exit; } @@ -456,18 +503,6 @@ switch ($sInitLocation) { $prefs_cache = false; //array(); } - /* see 'redirect' case */ - require(SM_PATH . 'functions/prefs.php'); - - $prefs_backend = do_hook('prefs_backend', $null); - if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) { - require(SM_PATH . $prefs_backend); - } elseif (isset($prefs_dsn) && !empty($prefs_dsn)) { - require(SM_PATH . 'functions/db_prefs.php'); - } else { - require(SM_PATH . 'functions/file_prefs.php'); - } - /** * initializing user settings */ @@ -491,8 +526,6 @@ switch ($sInitLocation) { * Set up the language. */ $err=set_up_language(getPref($data_dir, $username, 'language')); - /* this is the last cookie we set so flush it. */ - sqsetcookieflush(); // Japanese translation used without mbstring support if ($err==2) { @@ -546,18 +579,18 @@ switch ($sInitLocation) { } else { // interface runs on server's time zone. Remove php E_STRICT complains $default_timezone = @date_default_timezone_get(); - date_default_timezone_set($default_timezone); + date_default_timezone_set($default_timezone); } } break; } /* - * $sTemplateID is not initialized when a user is not logged in, so we - * will use the config file defaults here. If the neccesary variables + * $sTemplateID is not initialized when a user is not logged in, so we + * will use the config file defaults here. If the neccesary variables * are not set, force a default value. - * - * If the user is logged in, $sTemplateID will be set in load_prefs.php, + * + * If the user is logged in, $sTemplateID will be set in load_prefs.php, * so we shouldn't change it here. */ if (!isset($sTemplateID)) { @@ -572,7 +605,10 @@ if (empty($oTemplate)) { } // We want some variables to always be available to the template -$oTemplate->assign('javascript_on', checkForJavascript()); +$oTemplate->assign('javascript_on', + (sqGetGlobalVar('user_is_logged_in', $user_is_logged_in, SQ_SESSION) + ? checkForJavascript() : 0)); +$oTemplate->assign('base_uri', sqm_baseuri()); $always_include = array('sTemplateID', 'icon_theme_path'); foreach ($always_include as $var) { $oTemplate->assign($var, (isset($$var) ? $$var : NULL)); @@ -604,12 +640,8 @@ function checkForJavascript($reset = FALSE) { if ( !$reset && sqGetGlobalVar('javascript_on', $javascript_on, SQ_SESSION) ) return $javascript_on; - if ( ( $reset || !isset($javascript_setting) ) - // getPref() not defined (nor is it meaningful) when user not - // logged in, but that begs the question if $javascript_on is - // not in the session in that case, where do we get it from? - && ( sqGetGlobalVar('user_is_logged_in', $user_is_logged_in, SQ_SESSION) - && $user_is_logged_in) ) + $user_is_logged_in = FALSE; + if ( $reset || !isset($javascript_setting) ) $javascript_setting = getPref($data_dir, $username, 'javascript_setting', SMPREF_JS_AUTODETECT); if ( !sqGetGlobalVar('new_js_autodetect_results', $js_autodetect_results) &&