Context Navigation

source: subversion/trunk/roundcubemail/index.php @ 871

Last change on this file since 871 was 871, checked in by thomasb, 6 years ago
Use common function to mark the user session as not logged in
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 11.1 KB

Line
1	<?php
2	/*
3	+-----------------------------------------------------------------------+
4	\| RoundCube Webmail IMAP Client \|
5	\| Version 0.1-20070809 \|
6	\| \|
7	\| Copyright (C) 2005-2007, RoundCube Dev. - Switzerland \|
8	\| Licensed under the GNU GPL \|
9	\| \|
10	\| Redistribution and use in source and binary forms, with or without \|
11	\| modification, are permitted provided that the following conditions \|
12	\| are met: \|
13	\| \|
14	\| o Redistributions of source code must retain the above copyright \|
15	\| notice, this list of conditions and the following disclaimer. \|
16	\| o Redistributions in binary form must reproduce the above copyright \|
17	\| notice, this list of conditions and the following disclaimer in the \|
18	\| documentation and/or other materials provided with the distribution.\|
19	\| o The names of the authors may not be used to endorse or promote \|
20	\| products derived from this software without specific prior written \|
21	\| permission. \|
22	\| \|
23	\| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \|
24	\| "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT \|
25	\| LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR \|
26	\| A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT \|
27	\| OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, \|
28	\| SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT \|
29	\| LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, \|
30	\| DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY \|
31	\| THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT \|
32	\| (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE \|
33	\| OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \|
34	\| \|
35	+-----------------------------------------------------------------------+
36	\| Author: Thomas Bruederli <roundcube@gmail.com> \|
37	+-----------------------------------------------------------------------+
38
39	$Id$
40
41	*/
42
43	// application constants
44	define('RCMAIL_VERSION', '0.1-20070809');
45	define('RCMAIL_CHARSET', 'UTF-8');
46	define('JS_OBJECT_NAME', 'rcmail');
47
48	// define global vars
49	$OUTPUT_TYPE = 'html';
50	$INSTALL_PATH = dirname(__FILE__);
51	$MAIN_TASKS = array('mail','settings','addressbook','logout');
52
53	if (empty($INSTALL_PATH))
54	$INSTALL_PATH = './';
55	else
56	$INSTALL_PATH .= '/';
57
58
59	// make sure path_separator is defined
60	if (!defined('PATH_SEPARATOR'))
61	define('PATH_SEPARATOR', (eregi('win', PHP_OS) ? ';' : ':'));
62
63
64	// RC include folders MUST be included FIRST to avoid other
65	// possible not compatible libraries (i.e PEAR) to be included
66	// instead the ones provided by RC
67	ini_set('include_path', $INSTALL_PATH.PATH_SEPARATOR.$INSTALL_PATH.'program'.PATH_SEPARATOR.$INSTALL_PATH.'program/lib'.PATH_SEPARATOR.ini_get('include_path'));
68
69	ini_set('session.name', 'roundcube_sessid');
70	ini_set('session.use_cookies', 1);
71	ini_set('session.gc_maxlifetime', 21600);
72	ini_set('session.gc_divisor', 500);
73	ini_set('error_reporting', E_ALL&~E_NOTICE);
74	set_magic_quotes_runtime(0);
75
76	// increase maximum execution time for php scripts
77	// (does not work in safe mode)
78	if (!ini_get('safe_mode')) @set_time_limit(120);
79
80	// include base files
81	require_once('include/rcube_shared.inc');
82	require_once('include/rcube_imap.inc');
83	require_once('include/bugs.inc');
84	require_once('include/main.inc');
85	require_once('PEAR.php');
86
87
88	// set PEAR error handling
89	// PEAR::setErrorHandling(PEAR_ERROR_TRIGGER, E_USER_NOTICE);
90
91
92	// catch some url/post parameters
93	$_task = strip_quotes(get_input_value('_task', RCUBE_INPUT_GPC));
94	$_action = strip_quotes(get_input_value('_action', RCUBE_INPUT_GPC));
95	$_framed = (!empty($_GET['_framed']) \|\| !empty($_POST['_framed']));
96
97	// use main task if empty or invalid value
98	if (empty($_task) \|\| !in_array($_task, $MAIN_TASKS))
99	$_task = 'mail';
100
101
102	// set output buffering
103	if ($_action != 'get' && $_action != 'viewsource')
104	{
105	// use gzip compression if supported
106	if (function_exists('ob_gzhandler') && ini_get('zlib.output_compression'))
107	ob_start('ob_gzhandler');
108	else
109	ob_start();
110	}
111
112
113	// start session with requested task
114	rcmail_startup($_task);
115
116	// set session related variables
117	$COMM_PATH = sprintf('./?_task=%s', $_task);
118	$SESS_HIDDEN_FIELD = '';
119
120
121	// add framed parameter
122	if ($_framed)
123	{
124	$COMM_PATH .= '&_framed=1';
125	$SESS_HIDDEN_FIELD .= "\n".'<input type="hidden" name="_framed" value="1" />';
126	}
127
128
129	// init necessary objects for GUI
130	rcmail_load_gui();
131
132
133	// check DB connections and exit on failure
134	if ($err_str = $DB->is_error())
135	{
136	raise_error(array(
137	'code' => 603,
138	'type' => 'db',
139	'message' => $err_str), FALSE, TRUE);
140	}
141
142
143	// error steps
144	if ($_action=='error' && !empty($_GET['_code']))
145	raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE);
146
147
148	// try to log in
149	if ($_action=='login' && $_task=='mail')
150	{
151	$host = rcmail_autoselect_host();
152
153	// check if client supports cookies
154	if (empty($_COOKIE))
155	{
156	$OUTPUT->show_message("cookiesdisabled", 'warning');
157	}
158	else if ($_SESSION['temp'] && !empty($_POST['_user']) && isset($_POST['_pass']) &&
159	rcmail_login(get_input_value('_user', RCUBE_INPUT_POST),
160	get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1'), $host))
161	{
162	// create new session ID
163	unset($_SESSION['temp']);
164	sess_regenerate_id();
165
166	// send auth cookie if necessary
167	rcmail_authenticate_session();
168
169	// send redirect
170	header("Location: $COMM_PATH");
171	exit;
172	}
173	else
174	{
175	$OUTPUT->show_message("loginfailed", 'warning');
176	rcmail_kill_session();
177	}
178	}
179
180	// end session
181	else if (($_task=='logout' \|\| $_action=='logout') && isset($_SESSION['user_id']))
182	{
183	$OUTPUT->show_message('loggedout');
184	rcmail_kill_session();
185	}
186
187	// check session and auth cookie
188	else if ($_action != 'login' && $_SESSION['user_id'] && $_action != 'send')
189	{
190	if (!rcmail_authenticate_session())
191	{
192	$OUTPUT->show_message('sessionerror', 'error');
193	rcmail_kill_session();
194	}
195	}
196
197
198	// log in to imap server
199	if (!empty($_SESSION['user_id']) && $_task=='mail')
200	{
201	$conn = $IMAP->connect($_SESSION['imap_host'], $_SESSION['username'], decrypt_passwd($_SESSION['password']), $_SESSION['imap_port'], $_SESSION['imap_ssl']);
202	if (!$conn)
203	{
204	$OUTPUT->show_message('imaperror', 'error');
205	rcmail_kill_session();
206	}
207	else
208	rcmail_set_imap_prop();
209	}
210
211
212	// not logged in -> set task to 'login
213	if (empty($_SESSION['user_id']))
214	{
215	if ($OUTPUT->ajax_call)
216	$OUTPUT->remote_response("setTimeout(\"location.href='\"+this.env.comm_path+\"'\", 2000);");
217
218	$_task = 'login';
219	}
220
221
222	// check client X-header to verify request origin
223	if ($OUTPUT->ajax_call)
224	{
225	if (empty($CONFIG['devel_mode']) && !rc_request_header('X-RoundCube-Referer'))
226	{
227	header('HTTP/1.1 404 Not Found');
228	die("Invalid Request");
229	}
230	}
231
232
233	// set task and action to client
234	$OUTPUT->set_env('task', $_task);
235	if (!empty($_action))
236	$OUTPUT->set_env('action', $_action);
237
238
239
240	// not logged in -> show login page
241	if (!$_SESSION['user_id'])
242	{
243	$OUTPUT->task = 'login';
244	$OUTPUT->send('login');
245	exit;
246	}
247
248
249	// handle keep-alive signal
250	if ($_action=='keep-alive')
251	{
252	$OUTPUT->reset();
253	$OUTPUT->send('');
254	exit;
255	}
256
257	// include task specific files
258	if ($_task=='mail')
259	{
260	include_once('program/steps/mail/func.inc');
261
262	if ($_action=='show' \|\| $_action=='preview' \|\| $_action=='print')
263	include('program/steps/mail/show.inc');
264
265	if ($_action=='get')
266	include('program/steps/mail/get.inc');
267
268	if ($_action=='moveto' \|\| $_action=='delete')
269	include('program/steps/mail/move_del.inc');
270
271	if ($_action=='mark')
272	include('program/steps/mail/mark.inc');
273
274	if ($_action=='viewsource')
275	include('program/steps/mail/viewsource.inc');
276
277	if ($_action=='send')
278	include('program/steps/mail/sendmail.inc');
279
280	if ($_action=='upload')
281	include('program/steps/mail/upload.inc');
282
283	if ($_action=='compose' \|\| $_action=='remove-attachment')
284	include('program/steps/mail/compose.inc');
285
286	if ($_action=='addcontact')
287	include('program/steps/mail/addcontact.inc');
288
289	if ($_action=='expunge' \|\| $_action=='purge')
290	include('program/steps/mail/folders.inc');
291
292	if ($_action=='check-recent')
293	include('program/steps/mail/check_recent.inc');
294
295	if ($_action=='getunread')
296	include('program/steps/mail/getunread.inc');
297
298	if ($_action=='list' && isset($_REQUEST['_remote']))
299	include('program/steps/mail/list.inc');
300
301	if ($_action=='search')
302	include('program/steps/mail/search.inc');
303
304	if ($_action=='spell')
305	include('program/steps/mail/spell.inc');
306
307	if ($_action=='rss')
308	include('program/steps/mail/rss.inc');
309
310	if ($_action=='quotadisplay')
311	include('program/steps/mail/quotadisplay.inc');
312
313
314	// make sure the message count is refreshed
315	$IMAP->messagecount($_SESSION['mbox'], 'ALL', TRUE);
316	}
317
318
319	// include task specific files
320	if ($_task=='addressbook')
321	{
322	include_once('program/steps/addressbook/func.inc');
323
324	if ($_action=='save')
325	include('program/steps/addressbook/save.inc');
326
327	if ($_action=='edit' \|\| $_action=='add')
328	include('program/steps/addressbook/edit.inc');
329
330	if ($_action=='delete')
331	include('program/steps/addressbook/delete.inc');
332
333	if ($_action=='show')
334	include('program/steps/addressbook/show.inc');
335
336	if ($_action=='list' && $_REQUEST['_remote'])
337	include('program/steps/addressbook/list.inc');
338
339	if ($_action=='search')
340	include('program/steps/addressbook/search.inc');
341
342	if ($_action=='copy')
343	include('program/steps/addressbook/copy.inc');
344
345	if ($_action=='mailto')
346	include('program/steps/addressbook/mailto.inc');
347	}
348
349
350	// include task specific files
351	if ($_task=='settings')
352	{
353	include_once('program/steps/settings/func.inc');
354
355	if ($_action=='save-identity')
356	include('program/steps/settings/save_identity.inc');
357
358	if ($_action=='add-identity' \|\| $_action=='edit-identity')
359	include('program/steps/settings/edit_identity.inc');
360
361	if ($_action=='delete-identity')
362	include('program/steps/settings/delete_identity.inc');
363
364	if ($_action=='identities')
365	include('program/steps/settings/identities.inc');
366
367	if ($_action=='save-prefs')
368	include('program/steps/settings/save_prefs.inc');
369
370	if ($_action=='folders' \|\| $_action=='subscribe' \|\| $_action=='unsubscribe' \|\|
371	$_action=='create-folder' \|\| $_action=='rename-folder' \|\| $_action=='delete-folder')
372	include('program/steps/settings/manage_folders.inc');
373
374	}
375
376
377	// parse main template
378	$OUTPUT->send($_task);
379
380
381	// if we arrive here, something went wrong
382	raise_error(array(
383	'code' => 404,
384	'type' => 'php',
385	'line' => __LINE__,
386	'file' => __FILE__,
387	'message' => "Invalid request"), TRUE, TRUE);
388
389	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: