X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=include%2Finit.php;h=d677942d77d4e95127f5e8cee9d2f04b6c94fd01;hp=5a0dac87119cb793a7e809b5863dd2de8ecdf8b1;hb=f4ce081103555c40398d75324dd855a4cd6529ca;hpb=28294310abf785f22d84bd92799c6e4afe01b664 diff --git a/include/init.php b/include/init.php index 5a0dac87..d677942d 100644 --- a/include/init.php +++ b/include/init.php @@ -18,6 +18,13 @@ error_reporting(E_ALL); +/** + * Make sure we have a page name + * + */ +if ( !defined('PAGE_NAME') ) define('PAGE_NAME', NULL); + + /** * If register_globals are on, unregister globals. * Second test covers boolean set as string (php_value register_globals off). @@ -49,9 +56,6 @@ if ((bool) ini_get('register_globals') && case 'key': case 'value': break; - case 'sInitLocation': - // FIXME: variable must be set only in src/login.php - break; default: unset($GLOBALS[$key]); } @@ -61,11 +65,19 @@ if ((bool) ini_get('register_globals') && unset($GLOBALS['value']); } +/** + * Used as a dummy value, e.g., for passing as an empty + * hook argument (where the value is passed by reference, + * and therefore NULL itself is not acceptable). + */ +global $null; +$null = NULL; + /** * [#1518885] session.use_cookies = off breaks SquirrelMail * - * When session cookies are not used, all http redirects, meta refreshes, - * src/download.php and javascript URLs are broken. Setting must be set + * When session cookies are not used, all http redirects, meta refreshes, + * src/download.php and javascript URLs are broken. Setting must be set * before session is started. */ if (!(bool)ini_get('session.use_cookies') || @@ -73,6 +85,7 @@ if (!(bool)ini_get('session.use_cookies') || ini_set('session.use_cookies','1'); } + /** * calculate SM_PATH and calculate the base_uri * assumptions made: init.php is only called from plugins or from the src dir. @@ -80,27 +93,29 @@ if (!(bool)ini_get('session.use_cookies') || * */ if (isset($_SERVER['SCRIPT_NAME'])) { - $a = explode('/',$_SERVER['SCRIPT_NAME']); + $a = explode('/', $_SERVER['SCRIPT_NAME']); } elseif (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) { - $a = explode('/',$HTTP_SERVER_VARS['SCRIPT_NAME']); + $a = explode('/', $HTTP_SERVER_VARS['SCRIPT_NAME']); } else { - $error = 'Unable to detect script environment. ' - .'Please test your PHP settings and send PHP core config, $_SERVER ' - .'and $HTTP_SERVER_VARS to SquirrelMail developers.'; + $error = 'Unable to detect script environment. Please test your PHP ' + . 'settings and send your PHP core configuration, $_SERVER and ' + . '$HTTP_SERVER_VARS contents to the SquirrelMail developers.'; die($error); } $sSM_PATH = ''; -for($i = count($a) -2;$i > -1; --$i) { +for($i = count($a) -2; $i > -1; --$i) { $sSM_PATH .= '../'; if ($a[$i] === 'src' || $a[$i] === 'plugins') { break; } } -$base_uri = implode('/',array_slice($a,0,$i)). '/'; +$base_uri = implode('/', array_slice($a, 0, $i)). '/'; define('SM_PATH',$sSM_PATH); define('SM_BASE_URI', $base_uri); + + /** * global var $bInit is used to check if initialisation took place. * At this moment it's a workarounf for the include of addrbook_search_html @@ -134,6 +149,7 @@ $color[15] = '#002266'; /* (dark blue) Unselectable folders */ $color[16] = '#ff9933'; /* (orange) Highlight color */ require(SM_PATH . 'functions/global.php'); +require(SM_PATH . 'functions/strings.php'); require(SM_PATH . 'functions/arrays.php'); /* load default configuration */ @@ -142,12 +158,10 @@ require(SM_PATH . 'config/config_default.php'); $ldap_server = array(); $plugins = array(); $fontsets = array(); -$theme = array(); -$theme[0]['PATH'] = SM_PATH . 'themes/default_theme.php'; -$theme[0]['NAME'] = 'Default'; $aTemplateSet = array(); $aTemplateSet[0]['ID'] = 'default'; $aTemplateSet[0]['NAME'] = 'Default'; + /* load site configuration */ require(SM_PATH . 'config/config.php'); /* load local configuration overrides */ @@ -158,6 +172,8 @@ if (file_exists(SM_PATH . 'config/config_local.php')) { require(SM_PATH . 'functions/plugin.php'); require(SM_PATH . 'include/constants.php'); require(SM_PATH . 'include/languages.php'); +require(SM_PATH . 'class/template/Template.class.php'); +require(SM_PATH . 'class/error.class.php'); /** * If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways. @@ -193,11 +209,11 @@ if (!isset($session_name) || !$session_name) { } /** - * if session.auto_start is On then close the session + * When session.auto_start is On we want to destroy/close the session */ $sSessionAutostartName = session_name(); -if ((isset($sSessionAutostartName) || $sSessionAutostartName == '') && - $sSessionAutostartName !== $session_name) { +$sCookiePath = null; +if (isset($sSessionAutostartName) && $sSessionAutostartName !== $session_name) { $sCookiePath = ini_get('session.cookie_path'); $sCookieDomain = ini_get('session.cookie_domain'); // reset the cookie @@ -215,89 +231,174 @@ ini_set('session.name' , $session_name); session_set_cookie_params (0, $base_uri); sqsession_is_active(); -include_once(SM_PATH . 'plugins/multilogin/functions.php'); -multilogin_sqoverride_config_do(); - /** - * DISABLED. - * Remove globalized session data in rg=on setups - * - * Code can be utilized when session is started, but data is not loaded. - * We have already loaded configuration and other important vars. Can't - * clean session globals here. -if ((bool) @ini_get('register_globals') && - strtolower(ini_get('register_globals'))!='off') { - foreach ($_SESSION as $key => $value) { - unset($GLOBALS[$key]); + * When on login page, have to reset the user session, making + * sure to save session restore data first + */ +if (PAGE_NAME == 'login') { + if (!sqGetGlobalVar('session_expired_post', $sep, SQ_SESSION)) + $sep = ''; + if (!sqGetGlobalVar('session_expired_location', $sel, SQ_SESSION)) + $sel = ''; + sqsession_destroy(); + session_write_close(); + + /** + * in some rare instances, the session seems to stick + * around even after destroying it (!!), so if it does, + * we'll manually flatten the $_SESSION data + */ + if (!empty($_SESSION)) + $_SESSION = array(); + + /** + * Allow administrators to define custom session handlers + * for SquirrelMail without needing to change anything in + * php.ini (application-level). + * + * In config_local.php, admin needs to put: + * + * $custom_session_handlers = array( + * 'my_open_handler', + * 'my_close_handler', + * 'my_read_handler', + * 'my_write_handler', + * 'my_destroy_handler', + * 'my_gc_handler', + * ); + * session_module_name('user'); + * session_set_save_handler( + * $custom_session_handlers[0], + * $custom_session_handlers[1], + * $custom_session_handlers[2], + * $custom_session_handlers[3], + * $custom_session_handlers[4], + * $custom_session_handlers[5] + * ); + * + * We need to replicate that code once here because PHP has + * long had a bug that resets the session handler mechanism + * when the session data is also destroyed. Because of this + * bug, even administrators who define custom session handlers + * via a PHP pre-load defined in php.ini (auto_prepend_file) + * will still need to define the $custom_session_handlers array + * in config_local.php. + */ + global $custom_session_handlers; + if (!empty($custom_session_handlers)) { + $open = $custom_session_handlers[0]; + $close = $custom_session_handlers[1]; + $read = $custom_session_handlers[2]; + $write = $custom_session_handlers[3]; + $destroy = $custom_session_handlers[4]; + $gc = $custom_session_handlers[5]; + session_module_name('user'); + session_set_save_handler($open, $close, $read, $write, $destroy, $gc); } -} -*/ -sqsession_register(SM_BASE_URI,'base_uri'); + sqsession_is_active(); + session_regenerate_id(); -/** - * SquirrelMail version number -- DO NOT CHANGE - */ -$version = '1.5.2 [CVS]'; + // put session restore data back into session if necessary + if (!empty($sel)) { + sqsession_register($sel, 'session_expired_location'); + if (!empty($sep)) + sqsession_register($sep, 'session_expired_post'); + } +} /** * SquirrelMail internal version number -- DO NOT CHANGE * $sm_internal_version = array (release, major, minor) */ -$SQM_INTERNAL_VERSION = array(1,5,2); +$SQM_INTERNAL_VERSION = explode('.', SM_VERSION, 3); +$SQM_INTERNAL_VERSION[2] = intval($SQM_INTERNAL_VERSION[2]); -/** - * Retrieve the language cookie + +/* load prefs system; even when user not logged in, should be OK to do this here */ +require(SM_PATH . 'functions/prefs.php'); + +// FIXME: config/plugin_hooks.php has not yet been loaded (see a few lines below); so this hook call should I think not be working -- has anyone actually tested it? Is there any reason we cannot move this prefs code block down below "MAIN PLUGIN LOADING CODE HERE" (see below)? Reading the code, I *think* it should be OK, but.... Also, note that this code would then be placed immediately next to the config_override hook, and since it makes little sense to execute two hooks in a row, I will propose removing config_override (although sadly, it is less clear to plugin authors that they should use the prefs_backend hook to do any configuration override work in their plugin) +$prefs_backend = do_hook('prefs_backend', $null); +if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) { + require(SM_PATH . $prefs_backend); +} elseif (isset($prefs_dsn) && !empty($prefs_dsn)) { + require(SM_PATH . 'functions/db_prefs.php'); +} else { + require(SM_PATH . 'functions/file_prefs.php'); +} + + +/* if plugins are disabled only for one user and + * the current user is NOT that user, turn them + * back on */ -if (! sqgetGlobalVar('squirrelmail_language',$squirrelmail_language,SQ_COOKIE)) { - $squirrelmail_language = ''; +sqgetGlobalVar('username',$username,SQ_SESSION); +if ($disable_plugins && !empty($disable_plugins_user) + && $username != $disable_plugins_user) { + $disable_plugins = false; +} + +/* remove all plugins if they are disabled */ +if ($disable_plugins) { + $plugins = array(); } /** - * @var $sInitlocation From where do we include. + * Include Compatibility plugin if available. */ -if (!isset($sInitLocation)) { - $sInitLocation=NULL; -} +if (!$disable_plugins && file_exists(SM_PATH . 'plugins/compatibility/functions.php')) + include_once(SM_PATH . 'plugins/compatibility/functions.php'); /** * MAIN PLUGIN LOADING CODE HERE + * On init, we no longer need to load all plugin setup files. + * Now, we load the statically generated hook registrations here + * and let the hook calls include only the plugins needed. */ +$squirrelmail_plugin_hooks = array(); +if (!$disable_plugins && file_exists(SM_PATH . 'config/plugin_hooks.php')) { + require(SM_PATH . 'config/plugin_hooks.php'); +} /** - * Include Compatibility plugin if available. + * allow plugins to override main configuration; hook is placed + * here to allow plugins to use session information to do their work */ -if (file_exists(SM_PATH . 'plugins/compatibility/functions.php')) - include_once(SM_PATH . 'plugins/compatibility/functions.php'); -$squirrelmail_plugin_hooks = array(); +do_hook('config_override', $null); -/* On init, register all plugins configured for use. */ -if (isset($plugins) && is_array($plugins)) { - // turn on output buffering in order to prevent output of new lines - ob_start(); - foreach ($plugins as $name) { - use_plugin($name); - } - // get output and remove whitespace - $output = trim(ob_get_contents()); - ob_end_clean(); - // if plugins output more than newlines and spacing, stop script execution. - if (!empty($output)) { - die($output); +/** + * DISABLED. + * Remove globalized session data in rg=on setups + * + * Code can be utilized when session is started, but data is not loaded. + * We have already loaded configuration and other important vars. Can't + * clean session globals here. +if ((bool) @ini_get('register_globals') && + strtolower(ini_get('register_globals'))!='off') { + foreach ($_SESSION as $key => $value) { + unset($GLOBALS[$key]); } } +*/ + +sqsession_register(SM_BASE_URI,'base_uri'); /** - * Before 1.5.2 version hook was part of functions/constants.php. - * After init layout changes, hook had to be moved because include/constants.php is - * loaded before plugins are initialized. - * @since 1.2.0 + * Retrieve the language cookie */ -do_hook('loading_constants'); +if (! sqgetGlobalVar('squirrelmail_language',$squirrelmail_language,SQ_COOKIE)) { + $squirrelmail_language = ''; +} + -switch ($sInitLocation) { - case 'style': +/** + * Do something special for some pages. This is based on the PAGE_NAME constand + * set at the top of every page. + */ +switch (PAGE_NAME) { + case 'style': // need to get the right template set up // @@ -309,9 +410,6 @@ switch ($sInitLocation) { // make sure given template actually is available // - $aTemplateSet = (!isset($aTemplateSet) || !is_array($aTemplateSet) - ? array() : $aTemplateSet); - $templateset_default = (!isset($templateset_default) ? 0 : $templateset_default); $found_templateset = false; for ($i = 0; $i < count($aTemplateSet); ++$i) { if ($aTemplateSet[$i]['ID'] == $templateid) { @@ -320,40 +418,43 @@ switch ($sInitLocation) { } } -// FIXME: do we need/want to check here for actual presence of template sets? +// FIXME: do we need/want to check here for actual (physical) presence of template sets? // selected template not available, fall back to default template // if (!$found_templateset) { - $sTemplateID = (!isset($aTemplateSet[$templateset_default]['ID']) - ? 'default' : $aTemplateSet[$templateset_default]['ID']); + $sTemplateID = Template::get_default_template_set(); } else { $sTemplateID = $templateid; } session_write_close(); - sqsetcookieflush(); break; case 'redirect': - /** - * directory hashing functions are needed for all setups in case - * plugins use own pref files. - */ - require(SM_PATH . 'functions/prefs.php'); - /* hook loads custom prefs backend plugins */ - $prefs_backend = do_hook_function('prefs_backend'); - if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) { - require(SM_PATH . $prefs_backend); - } elseif (isset($prefs_dsn) && !empty($prefs_dsn)) { - require(SM_PATH . 'functions/db_prefs.php'); - } else { - require(SM_PATH . 'functions/file_prefs.php'); - } + require(SM_PATH . 'functions/auth.php'); //nobreak; + case 'login': require(SM_PATH . 'functions/display_messages.php' ); require(SM_PATH . 'functions/page_header.php'); require(SM_PATH . 'functions/html.php'); + + // reset template file cache + // + $sTemplateID = Template::get_default_template_set(); + Template::cache_template_file_hierarchy(TRUE); + + /** + * Make sure icon variables are setup for the login page. + */ + $icon_theme = $icon_themes[$icon_theme_def]['PATH']; + /* + * NOTE: The $icon_theme_path var should contain the path to the icon + * theme to use. If the admin has disabled icons, or the user has + * set the icon theme to "None," no icons will be used. + */ + $icon_theme_path = (!$use_icons || $icon_theme=='none') ? NULL : ($icon_theme == 'template' ? SM_PATH . Template::calculate_template_images_directory($sTemplateID) : $icon_theme); + /** * cleanup old cookies with a cookie path the same as the standard php.ini * cookie path. All previous SquirrelMail version used the standard php.ini @@ -365,7 +466,9 @@ switch ($sInitLocation) { * because they probably belong to other php apps */ if (ini_get('session.name') !== $sSessionAutostartName) { - sqsetcookie(ini_get('session.name'),'',0,$sCookiePath); + // This does not work. Sometimes the cookie with SQSESSID=deleted and path / + // is picked up in webmail.php => login will fail + //sqsetcookie(ini_get('session.name'),'',0,$sCookiePath); } } break; @@ -373,7 +476,6 @@ switch ($sInitLocation) { require(SM_PATH . 'functions/display_messages.php' ); require(SM_PATH . 'functions/page_header.php'); require(SM_PATH . 'functions/html.php'); - require(SM_PATH . 'functions/strings.php'); /** @@ -382,47 +484,56 @@ switch ($sInitLocation) { require(SM_PATH . 'functions/auth.php'); if ( !sqsession_is_registered('user_is_logged_in') ) { + + // use $message to indicate what logout text the user + // will see... if 0, typical "You must be logged in" + // if 1, information that the user session was saved + // and will be resumed after (re)login + // + $message = 0; + // First we store some information in the new session to prevent // information-loss. // $session_expired_post = $_POST; - $session_expired_location = $PHP_SELF; + $session_expired_location = PAGE_NAME; if (!sqsession_is_registered('session_expired_post')) { sqsession_register($session_expired_post,'session_expired_post'); } if (!sqsession_is_registered('session_expired_location')) { sqsession_register($session_expired_location,'session_expired_location'); + if ($session_expired_location == 'compose') + $message = 1; } // signout page will deal with users who aren't logged // in on its own; don't show error here // - if (strpos($PHP_SELF, 'signout.php') !== FALSE) { - return; + if ( PAGE_NAME == 'signout' ) { + return; } /** * Initialize the template object (logout_error uses it) */ - require(SM_PATH . 'class/template/Template.class.php'); /* - * $sTemplateID is not initialized when a user is not logged in, so we - * will use the config file defaults here. If the neccesary variables + * $sTemplateID is not initialized when a user is not logged in, so we + * will use the config file defaults here. If the neccesary variables * are net set, force a default value. */ - $aTemplateSet = (!isset($aTemplateSet) || !is_array($aTemplateSet) - ? array() : $aTemplateSet); - $templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default ); - - $sTemplateID = ( !isset($aTemplateSet[$templateset_default]['ID']) ? - 'default' : $aTemplateSet[$templateset_default]['ID'] ); + $sTemplateID = Template::get_default_template_set(); $oTemplate = Template::construct_template($sTemplateID); set_up_language($squirrelmail_language, true); - logout_error( _("You must be logged in to access this page.") ); + if (!$message) + logout_error( _("You must be logged in to access this page.") ); + else + logout_error( _("Your session has expired, but will be resumed after logging in again.") ); exit; } +//FIXME: remove next line if the placement of the copy of this line above does not prove to be problematic sqgetGlobalVar('username',$username,SQ_SESSION); + sqgetGlobalVar('authz',$authz,SQ_SESSION); /** * Setting the prefs backend @@ -437,18 +548,6 @@ switch ($sInitLocation) { $prefs_cache = false; //array(); } - /* see 'redirect' case */ - require(SM_PATH . 'functions/prefs.php'); - - $prefs_backend = do_hook_function('prefs_backend'); - if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) { - require(SM_PATH . $prefs_backend); - } elseif (isset($prefs_dsn) && !empty($prefs_dsn)) { - require(SM_PATH . 'functions/db_prefs.php'); - } else { - require(SM_PATH . 'functions/file_prefs.php'); - } - /** * initializing user settings */ @@ -472,8 +571,6 @@ switch ($sInitLocation) { * Set up the language. */ $err=set_up_language(getPref($data_dir, $username, 'language')); - /* this is the last cookie we set so flush it. */ - sqsetcookieflush(); // Japanese translation used without mbstring support if ($err==2) { @@ -527,36 +624,36 @@ switch ($sInitLocation) { } else { // interface runs on server's time zone. Remove php E_STRICT complains $default_timezone = @date_default_timezone_get(); - date_default_timezone_set($default_timezone); + date_default_timezone_set($default_timezone); } } break; } -/** - * Initialize the template object - */ -require(SM_PATH . 'class/template/Template.class.php'); - /* - * $sTemplateID is not initialized when a user is not logged in, so we - * will use the config file defaults here. If the neccesary variables + * $sTemplateID is not initialized when a user is not logged in, so we + * will use the config file defaults here. If the neccesary variables * are not set, force a default value. - * - * If the user is logged in, $sTemplateID will be set in load_prefs.php, + * + * If the user is logged in, $sTemplateID will be set in load_prefs.php, * so we shouldn't change it here. */ if (!isset($sTemplateID)) { - $aTemplateSet = (!isset($aTemplateSet) || !is_array($aTemplateSet) - ? array() : $aTemplateSet); - $templateset_default = ( !isset($templateset_default) ? 0 : $templateset_default ); - - $sTemplateID = !isset($aTemplateSet[$templateset_default]['ID']) ? 'default' : $aTemplateSet[$templateset_default]['ID']; + $sTemplateID = Template::get_default_template_set(); $icon_theme_path = !$use_icons ? NULL : Template::calculate_template_images_directory($sTemplateID); } -$oTemplate = Template::construct_template($sTemplateID); + +// template object may have already been constructed in load_prefs.php +// +if (empty($oTemplate)) { + $oTemplate = Template::construct_template($sTemplateID); +} // We want some variables to always be available to the template +$oTemplate->assign('javascript_on', + (sqGetGlobalVar('user_is_logged_in', $user_is_logged_in, SQ_SESSION) + ? checkForJavascript() : 0)); +$oTemplate->assign('base_uri', sqm_baseuri()); $always_include = array('sTemplateID', 'icon_theme_path'); foreach ($always_include as $var) { $oTemplate->assign($var, (isset($$var) ? $$var : NULL)); @@ -565,7 +662,6 @@ foreach ($always_include as $var) { /** * Initialize our custom error handler object */ -require(SM_PATH . 'class/error.class.php'); $oErrorHandler = new ErrorHandler($oTemplate,'error_message.tpl'); /** @@ -589,6 +685,7 @@ function checkForJavascript($reset = FALSE) { if ( !$reset && sqGetGlobalVar('javascript_on', $javascript_on, SQ_SESSION) ) return $javascript_on; + $user_is_logged_in = FALSE; if ( $reset || !isset($javascript_setting) ) $javascript_setting = getPref($data_dir, $username, 'javascript_setting', SMPREF_JS_AUTODETECT);