From: nehresma Date: Mon, 10 Apr 2000 13:34:01 +0000 (+0000) Subject: added use of PHP's session management X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=commitdiff_plain;h=2a32fc83f95eba42be0d1752ef685adf10e1edc9 added use of PHP's session management git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@393 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- diff --git a/INSTALL b/INSTALL index 4117c2e0..33c223a0 100644 --- a/INSTALL +++ b/INSTALL @@ -28,7 +28,29 @@ a. Obtaining and compiling PHP4 You might also want to read the INSTALL file in the PHP-distribution :-) -b. Setting up .php files to use PHP4 +b. Changing php.ini + + PHP defaults to look for php.ini (PHP's configuration file) in + /usr/local/lib. However, for security reasons, it is suggested + that the location of this file is changed to someplace else. This + can be done at configure time with the configuration directive + --with-config-file-path=PATH. + + Squirrelmail does not use cookies as of version 0.4. Edit the + php.ini file and change session.use_cookies to 0 (false). Also be + sure to change the session.save_path to someplace that can only be + read and written to by the webserver. session.save_path is the + location that PHP's session data will be written to. + + SECURITY WARNING - SquirrelMail saves non plaintext passwords in + PHP's session data to log on to the IMAP server. If a user has + access to write PHP scripts on your system and knows the location + where PHP stores session data, he could get a listing of the + sessions being used and then read a given session's data with his + own PHP script. Caution should be used when setting up permissions + and locations of php.ini and the session data. + +c. Setting up .php files to use PHP4 You need to create a .htaccess file in you SquirrelMail directory that looks something like this: @@ -38,7 +60,7 @@ b. Setting up .php files to use PHP4 You could also add these lines to your Apache configuration file. -c. Running into trouble +d. Running into trouble Setting up Apache with PHP4 can be a non-trivial task. Read the PHP4 and Apache documentation carefully if you run into trouble. If you diff --git a/TODO b/TODO index 28ae559d..fda56d8d 100644 --- a/TODO +++ b/TODO @@ -4,7 +4,7 @@ Ideas to be implemented initials = taken by that person (pl?) Importing of address books - - Use PHP4 Session management, get rid of cookies +(nre) Use PHP4 Session management, get rid of cookies - Make it possible to save preferences in MySQL DB or on Filesystem - Navigation between messages without going to folder list (next, prev) - Configurable headers shown on the message listing, like: cc, to, etc diff --git a/functions/display_messages.php b/functions/display_messages.php index b07e2ae4..639c7e9e 100644 --- a/functions/display_messages.php +++ b/functions/display_messages.php @@ -10,13 +10,15 @@ $display_messages_php = true; function error_username_password_incorrect($color) { + global $PHPSESSID; + echo "
"; echo ""; echo " "; echo " "; echo "
"; echo "
ERROR
"; echo "
"; - echo "

". _("Unknown user or password incorrect.") ."
". _("Click here to try again") .".
"; + echo "

". _("Unknown user or password incorrect.") ."
". _("Click here to try again") .".
"; echo "
"; echo ""; @@ -50,7 +52,9 @@ } function messages_deleted_message($mailbox, $sort, $startMessage, $color) { + global $PHPSESSID; $urlMailbox = urlencode($mailbox); + echo "
"; echo ""; echo " "; @@ -59,7 +63,7 @@ echo " "; @@ -67,7 +71,9 @@ } function messages_moved_message($mailbox, $sort, $startMessage, $color) { + global $PHPSESSID; $urlMailbox = urlencode($mailbox); + echo "
"; echo "
"; echo "

". _("The selected messages were deleted successfully.") ."
\n"; echo "
"; - echo " "; + echo " "; echo " ". _("Click here to return to ") ."$mailbox."; echo "
"; echo "
"; echo " "; @@ -76,7 +82,7 @@ echo " "; @@ -84,7 +90,9 @@ } function error_message($message, $mailbox, $sort, $startMessage, $color) { + global $PHPSESSID; $urlMailbox = urlencode($mailbox); + echo "
"; echo "
"; echo "

". _("The selected messages were moved successfully.") ."
\n"; echo "
"; - echo " "; + echo " "; echo " ". _("Click here to return to ") ."$mailbox."; echo "
"; echo "
"; echo " "; @@ -93,7 +101,7 @@ echo " "; diff --git a/functions/imap_general.php b/functions/imap_general.php index 7adb2258..9d963825 100755 --- a/functions/imap_general.php +++ b/functions/imap_general.php @@ -65,6 +65,7 @@ ******************************************************************************/ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $hide) { global $color; + global $PHPSESSID; $imap_stream = fsockopen ($imap_server_address, $imap_port, &$error_number, &$error_string); $server_info = fgets ($imap_stream, 1024); @@ -115,6 +116,7 @@ "; diff --git a/functions/mailbox_display.php b/functions/mailbox_display.php index 612a1562..e39f6ec0 100644 --- a/functions/mailbox_display.php +++ b/functions/mailbox_display.php @@ -12,6 +12,7 @@ function printMessageInfo($imapConnection, $t, $i, $from, $subject, $dateString, $answered, $seen, $mailbox, $sort, $startMessage) { require ("../config/config.php"); + global $PHPSESSID; $senderName = $from; $urlMailbox = urlencode($mailbox); @@ -21,12 +22,12 @@ echo " \n"; echo " \n"; echo " \n"; - echo " \n"; + echo " \n"; } else { echo " \n"; echo " \n"; echo " \n"; - echo " \n"; + echo " \n"; } echo "\n"; } @@ -36,6 +37,7 @@ **/ function showMessagesForMailbox($imapConnection, $mailbox, $numMessages, $startMessage, $sort, $color) { include ("../config/config.php"); + global $PHPSESSID; if ($numMessages >= 1) { for ($q = 0; $q < $numMessages; $q++) { @@ -177,23 +179,23 @@ echo "\n"; /** The delete and move options */ echo "
"; echo "

$message
\n"; echo "
"; - echo " "; + echo " "; echo " ". _("Click here to return to ") ."$mailbox."; echo "
"; echo "
$senderName
$dateString
$subject$subject$senderName
$dateString
$subject$subject
"; if (($nextGroup <= $numMessages) && ($prevGroup >= 0)) { - echo "". _("Previous") ."\n"; - echo "". _("Next") ."\n"; + echo "". _("Previous") ."\n"; + echo "". _("Next") ."\n"; } else if (($nextGroup > $numMessages) && ($prevGroup >= 0)) { - echo "". _("Previous") ."\n"; + echo "". _("Previous") ."\n"; echo "Next\n"; } else if (($nextGroup <= $numMessages) && ($prevGroup < 0)) { echo "Previous\n"; - echo "". _("Next") ."\n"; + echo "". _("Next") ."\n"; } echo "
"; - echo "\n\n\n
"; + echo "\n\n\n"; echo "\n"; echo " \n"; echo " \n"; + echo " \n"; else if ($sort == 3) - echo " \n"; + echo " \n"; else - echo " \n"; + echo " \n"; /** DATE HEADER **/ echo " \n"; + echo " \n"; else if ($sort == 1) - echo " \n"; + echo " \n"; else - echo " \n"; + echo " \n"; /** SUBJECT HEADER **/ echo " \n"; + echo " \n"; else if ($sort == 5) - echo " \n"; + echo " \n"; else - echo " \n"; + echo " \n"; echo ""; @@ -281,16 +283,16 @@ echo "
\n"; @@ -237,27 +239,27 @@ /** FROM HEADER **/ echo " ". _("From") .""; if ($sort == 2) - echo " ". _("Date") .""; if ($sort == 0) - echo " ". _("Subject") ."\n"; if ($sort == 4) - echo "
"; if (($nextGroup <= $numMessages) && ($prevGroup >= 0)) { - echo "" . _("Previous") . "\n"; - echo "" . _("Next") . "\n"; + echo "" . _("Previous") . "\n"; + echo "" . _("Next") . "\n"; } else if (($nextGroup > $numMessages) && ($prevGroup >= 0)) { - echo "" . _("Previous") . "\n"; + echo "" . _("Previous") . "\n"; echo "" . _("Next") . "\n"; } else if (($nextGroup <= $numMessages) && ($prevGroup < 0)) { echo "Previous\n"; - echo "" . _("Next") . "\n"; + echo "" . _("Next") . "\n"; } echo "
"; /** End of message-list table */ } diff --git a/functions/mime.php b/functions/mime.php index ac0ad306..43bcad88 100644 --- a/functions/mime.php +++ b/functions/mime.php @@ -128,6 +128,7 @@ bottom, etc. **/ function formatBody($message, $color, $wrap_at) { + global $PHPSESSID; /** this if statement checks for the entity to show as the primary message. To add more of them, just put them in the @@ -161,7 +162,7 @@ $body = translateText($body, $wrap_at, $charset); - $body .= "
". _("Download this as a file") ."

"; + $body .= "
". _("Download this as a file") ."

"; /** Display the ATTACHMENTS: message if there's more than one part **/ if (count($message["ENTITIES"]) > 1) { @@ -188,7 +189,7 @@ $urlMailbox = urlencode($message["INFO"]["MAILBOX"]); $id = $message["INFO"]["ID"]; - $body .= "   " . $display_filename . "  (TYPE: $type0/$type1)
"; + $body .= "   " . $display_filename . "  (TYPE: $type0/$type1)
"; } $body .= "
"; } diff --git a/functions/page_header.php b/functions/page_header.php index cc347f2a..ec11e18b 100644 --- a/functions/page_header.php +++ b/functions/page_header.php @@ -6,6 +6,8 @@ ** **/ + session_start(); + $page_header_php = true; if (!isset($prefs_php)) @@ -40,23 +42,25 @@ header ("Content-Type: text/html; charset=$default_charset"); function displayPageHeader($color, $mailbox) { + global $PHPSESSID; + /** Here is the header and wrapping table **/ $shortBoxName = readShortMailboxName($mailbox, "."); $shortBoxName = stripslashes($shortBoxName); echo ""; echo " "; echo " "; echo "
"; - echo " " . _("Sign Out") . ""; + echo " " . _("Sign Out") . ""; echo " "; echo "
" . _("Current Folder: ") . "$shortBoxName 
"; echo "
\n"; echo ""; echo " "; diff --git a/src/addrbook_popup.php b/src/addrbook_popup.php index b646a695..8183997f 100644 --- a/src/addrbook_popup.php +++ b/src/addrbook_popup.php @@ -6,6 +6,8 @@ ** **/ + session_start(); + if(!isset($logged_in)) { echo _("You must login first."); exit; @@ -33,8 +35,8 @@ - + diff --git a/src/addrbook_search.php b/src/addrbook_search.php index 1c172079..5181632c 100644 --- a/src/addrbook_search.php +++ b/src/addrbook_search.php @@ -6,6 +6,8 @@ ** **/ + session_start(); + if(!isset($logged_in)) { echo _("You must login first."); exit; @@ -64,8 +66,8 @@ // Create search form if($show == "form") { - printf("\n", - $PHP_SELF); + printf("\n", + $PHP_SELF . "?PHPSESSID=$PHPSESSID"); printf("
"; - echo " " . _("Compose") . "  "; - echo " " . _("Addresses") . "  "; - echo " " . _("Folders") . "  "; - echo " " . _("Options") . "  "; + echo " " . _("Compose") . "  "; + echo " " . _("Addresses") . "  "; + echo " " . _("Folders") . "  "; + echo " " . _("Options") . "  "; echo " "; echo " SquirrelMail"; echo "
"); printf("\n", ($line % 2) ? " bgcolor=\"$color[0]\"" : "", $selected, $row["backend"], $row["nickname"], diff --git a/src/compose.php b/src/compose.php index e2188082..988cd76b 100644 --- a/src/compose.php +++ b/src/compose.php @@ -7,6 +7,8 @@ ** - Send mail **/ + session_start(); + if (!isset($config_php)) include("../config/config.php"); if (!isset($strings_php)) @@ -140,7 +142,7 @@ function showInputForm () { global $send_to, $send_to_cc, $reply_subj, $forward_subj, $body, $passed_body, $color, $use_signature, $signature, $editor_size, - $attachments, $subject, $newmail; + $attachments, $subject, $newmail, $PHPSESSID; $subject = decodeHeader($subject); $reply_subj = decodeHeader($reply_subj); @@ -148,14 +150,14 @@ echo "\n\n\n"; - echo "\n\n"; echo "
\n"); printf(" %s:\n\n", diff --git a/src/addressbook.php b/src/addressbook.php index 0220747b..e46ba62f 100644 --- a/src/addressbook.php +++ b/src/addressbook.php @@ -6,6 +6,8 @@ ** **/ + session_start(); + if(!isset($logged_in)) { echo _("You must login first."); exit; @@ -335,7 +337,7 @@ printf("\n ". "". " %s  %s ". - " %s". + " %s". "  %s
\n"; echo " \n"; @@ -268,8 +270,10 @@ } function showSentForm () { + global $PHPSESSID; + echo "


Message Sent!

"; - echo "You will be automatically forwarded.
If not, click here"; + echo "You will be automatically forwarded.
If not, click here"; echo "
"; } @@ -299,7 +303,7 @@ if(isset($send)) { if (checkInput(false)) { sendMessage($send_to, $send_to_cc, $send_to_bcc, $subject, $body); - header ("Location: right_main.php"); + header ("Location: right_main.php?PHPSESSID=$PHPSESSID"); } else { echo "\n"; $imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0); diff --git a/src/delete_message.php b/src/delete_message.php index 7795829e..e1ebb06c 100644 --- a/src/delete_message.php +++ b/src/delete_message.php @@ -1,4 +1,6 @@ "; echo ""; echo ""; echo ""; echo ""; echo "\n"; echo "
"; $urlmailbox = urlencode($mailbox); - echo "
"; + echo "
"; echo _("Download this as a file"); echo "


"; if ($type1 == "html") diff --git a/src/empty_trash.php b/src/empty_trash.php index 85450fb2..a89b2cc3 100644 --- a/src/empty_trash.php +++ b/src/empty_trash.php @@ -1,4 +1,6 @@ \n"; + echo "\n"; echo "
"; - echo "\n"; + echo "\n"; echo "
\n"; echo _("as a subfolder of"); echo "
"; @@ -125,7 +127,7 @@ echo "
"; if ($count_special_folders < count($boxes)) { - echo "\n"; + echo "\n"; echo "
"; if ($count_special_folders < count($boxes)) { - echo "\n"; + echo "\n"; echo ""; echo ""._("Click here to go back").".", $color); + plain_error_message(_("Illegal folder name. Please select a different name.")."
"._("Click here to go back").".", $color); exit; } @@ -49,7 +51,7 @@ echo _("Folder Created!"); echo "

"; echo _("The folder has been successfully created."); - echo "
"; + echo "
"; echo _("Click here"); echo " "; echo _("to continue."); diff --git a/src/folders_delete.php b/src/folders_delete.php index f7afeb70..23f18c05 100644 --- a/src/folders_delete.php +++ b/src/folders_delete.php @@ -1,4 +1,6 @@

"; echo _("The folder has been successfully deleted."); - echo "
"; + echo "
"; echo _("Click here"); echo " "; echo _("to continue."); diff --git a/src/folders_rename_do.php b/src/folders_rename_do.php index 38442c9d..368ccade 100644 --- a/src/folders_rename_do.php +++ b/src/folders_rename_do.php @@ -1,4 +1,6 @@

"; echo _("The folder has been successfully renamed."); - echo "
"; + echo "
"; echo _("Click here"); echo " "; echo _("to continue."); diff --git a/src/folders_rename_getname.php b/src/folders_rename_getname.php index cadb70fe..a745c90e 100644 --- a/src/folders_rename_getname.php +++ b/src/folders_rename_getname.php @@ -1,4 +1,6 @@
"; - echo "\n"; + echo "\n"; echo _("New name:"); echo "   
\n"; if ($isfolder) diff --git a/src/folders_subscribe.php b/src/folders_subscribe.php index c2d4f334..e0540451 100644 --- a/src/folders_subscribe.php +++ b/src/folders_subscribe.php @@ -1,4 +1,6 @@

"; echo _("You have been successfully unsubscribed."); } - echo "
"; + echo "
"; echo _("Click here"); echo " "; echo _("to continue."); diff --git a/src/left_main.php b/src/left_main.php index d4d1e04f..06f4ecde 100644 --- a/src/left_main.php +++ b/src/left_main.php @@ -7,6 +7,8 @@ ** **/ + session_start(); + if(!isset($username)) { echo "You need a valid user and password to access this page!"; exit; @@ -30,6 +32,7 @@ function formatMailboxName($imapConnection, $mailbox, $real_box, $delimeter, $color, $move_to_trash) { require ("../config/config.php"); + global $PHPSESSID; $mailboxURL = urlencode($real_box); sqimap_mailbox_select ($imapConnection, $real_box); @@ -46,11 +49,11 @@ } if ($special_color == true) { - $line .= ""; + $line .= ""; $line .= replace_spaces($mailbox); $line .= ""; } else { - $line .= ""; + $line .= ""; $line .= replace_spaces($mailbox); $line .= ""; } @@ -65,7 +68,7 @@ if (($move_to_trash == true) && (trim($real_box) == $trash_folder)) { $urlMailbox = urlencode($real_box); $line .= ""; - $line .= "    ("._("purge").")"; + $line .= "    ("._("purge").")"; $line .= "\n"; } @@ -92,7 +95,7 @@ echo "
"; echo _("Folders") . "
"; - echo "("; + echo "("; echo _("refresh folder list"); echo ")

"; $delimeter = sqimap_get_delimiter($imapConnection); diff --git a/src/login.php b/src/login.php index c6f4a10c..0466b50c 100644 --- a/src/login.php +++ b/src/login.php @@ -6,9 +6,9 @@ ** **/ - setcookie("username", "", time(), "/"); - setcookie("key", "", time(), "/"); - setcookie("logged_in", 0, time(), "/"); +# setcookie("username", "", time(), "/"); +# setcookie("key", "", time(), "/"); +# setcookie("logged_in", 0, time(), "/"); if (!isset($config_php)) include("../config/config.php"); @@ -38,7 +38,7 @@ echo "\n"; echo "\n"; - echo "\n"; + echo "\n"; echo "
\n"; echo "
"; echo _("SquirrelMail version $version
By the SquirrelMail Development Team"); diff --git a/src/move_messages.php b/src/move_messages.php index e2361745..6ddcc1e0 100644 --- a/src/move_messages.php +++ b/src/move_messages.php @@ -1,4 +1,6 @@ \n"; displayPageHeader($color, $mailbox); @@ -94,7 +96,7 @@ sqimap_mailbox_expunge($imapConnection, $mailbox); if ($auto_forward) { - header ("Location: right_main.php"); + header ("Location: right_main.php?PHPSESSID=$PHPSESSID"); } else { echo "\n"; displayPageHeader($color, $mailbox); diff --git a/src/options.php b/src/options.php index 6ef3accf..d0b1995c 100644 --- a/src/options.php +++ b/src/options.php @@ -1,4 +1,6 @@
\n"; - echo "\n"; + echo "\n"; echo "\n"; // FULL NAME echo " "; diff --git a/src/options_submit.php b/src/options_submit.php index 193cf262..6e439ded 100644 --- a/src/options_submit.php +++ b/src/options_submit.php @@ -1,4 +1,6 @@

"; echo _("Your options have been saved."); - echo "
"; + echo "
"; echo _("Click here"); echo " "; echo _("to continue."); diff --git a/src/read_body.php b/src/read_body.php index cf2d331c..46591cb7 100644 --- a/src/read_body.php +++ b/src/read_body.php @@ -1,4 +1,6 @@ 1) { if ($show_more == false) { if ($i == 1) { - $to_string = "$to_string ($echo_more)"; + $to_string = "$to_string ($echo_more)"; $i = count($to_ary); } } else if ($i == 1) { - $to_string = "$to_string ($echo_less)"; + $to_string = "$to_string ($echo_less)"; } } } @@ -78,11 +80,11 @@ if (count($cc_ary) > 1) { if ($show_more_cc == false) { if ($i == 1) { - $cc_string = "$cc_string ($echo_more)"; + $cc_string = "$cc_string ($echo_more)"; $i = count($cc_ary); } } else if ($i == 1) { - $cc_string = "$cc_string ($echo_less)"; + $cc_string = "$cc_string ($echo_less)"; } } } @@ -98,22 +100,22 @@ echo " "; echo "
"; echo " "; - echo " "; + echo " "; echo _("Message List"); echo " | "; - echo " "; + echo " "; echo _("Delete"); echo "  "; echo " "; echo " "; echo " "; - echo " "; + echo " "; echo _("Forward"); echo " | "; - echo " "; + echo " "; echo _("Reply"); echo " | "; - echo " "; + echo " "; echo _("Reply All"); echo "  "; echo " "; diff --git a/src/right_main.php b/src/right_main.php index eaec8346..18eb5539 100644 --- a/src/right_main.php +++ b/src/right_main.php @@ -7,6 +7,8 @@ ** **/ + session_start(); + if(!isset($logged_in)) { echo _("You must login first."); exit; diff --git a/src/signout.php b/src/signout.php index 74114c33..e7e6f20a 100644 --- a/src/signout.php +++ b/src/signout.php @@ -1,4 +1,6 @@ - + diff --git a/src/webmail.php b/src/webmail.php index 41cf17c2..dc20b44e 100644 --- a/src/webmail.php +++ b/src/webmail.php @@ -6,18 +6,29 @@ ** **/ + session_start(); + if(!isset($username)) { echo _("You need a valid user and password to access this page!"); exit; } - setcookie("username", $username, 0, "/"); - setcookie("key", $key, 0, "/"); - setcookie("logged_in", 1, 0, "/"); +# setcookie("username", $username, 0, "/"); +# setcookie("key", $key, 0, "/"); +# setcookie("logged_in", 1, 0, "/"); + + session_register("username"); + session_register("key"); + session_register("logged_in"); + $logged_in = 0; + + $PHPSESSID = session_id(); + // Refresh the language cookie. - if (isset($squirrelmail_language)) - setcookie("squirrelmail_language", $squirrelmail_language, - time()+2592000); + if (isset($squirrelmail_language)) { + session_register("squirrelmail_language"); +# setcookie("squirrelmail_language", $squirrelmail_language, time()+2592000); + } ?> "; - echo ""; + echo ""; + echo ""; } else if ($right_frame == "folders.php") { $urlMailbox = urlencode($mailbox); - echo ""; - echo ""; + echo ""; + echo ""; } else { - echo ""; - echo ""; + echo ""; + echo ""; } ?>