Roundcubemail devel
view | history | commit | commitdiff
alecpl
2008-05-02 c5cc386da4d2a8a3fb11254127fb36c11bdc326a
commit | author | age
4e17e6 1 <?php
T 2 /*
3  +-----------------------------------------------------------------------+
4  | RoundCube Webmail IMAP Client                                         |
197601 5  | Version 0.1-20080430                                                  |
4e17e6 6  |                                                                       |
0714b7 7  | Copyright (C) 2005-2008, RoundCube Dev. - Switzerland                 |
15fee7 8  | Licensed under the GNU GPL                                            |
4e17e6 9  |                                                                       |
T 10  | Redistribution and use in source and binary forms, with or without    |
11  | modification, are permitted provided that the following conditions    |
12  | are met:                                                              |
13  |                                                                       |
14  | o Redistributions of source code must retain the above copyright      |
15  |   notice, this list of conditions and the following disclaimer.       |
16  | o Redistributions in binary form must reproduce the above copyright   |
17  |   notice, this list of conditions and the following disclaimer in the |
18  |   documentation and/or other materials provided with the distribution.|
19  | o The names of the authors may not be used to endorse or promote      |
20  |   products derived from this software without specific prior written  |
21  |   permission.                                                         |
22  |                                                                       |
23  | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS   |
24  | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT     |
25  | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
26  | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT  |
27  | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
28  | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT      |
29  | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
30  | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
31  | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT   |
32  | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
33  | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.  |
34  |                                                                       |
35  +-----------------------------------------------------------------------+
36  | Author: Thomas Bruederli <roundcube@gmail.com>                        |
37  +-----------------------------------------------------------------------+
38
39  $Id$
40
41 */
15a9d1 42
47124c 43 // include environment
T 44 require_once 'program/include/iniset.php';
15a9d1 45
4e17e6 46 // define global vars
T 47 $OUTPUT_TYPE = 'html';
2f2f15 48
T 49 // set output buffering
197601 50 if ($RCMAIL->action != 'get' && $RCMAIL->action != 'viewsource') {
2f2f15 51   // use gzip compression if supported
03fcc1 52   if (function_exists('ob_gzhandler')
47124c 53       && !ini_get('zlib.output_compression')
T 54       && ini_get('output_handler') != 'ob_gzhandler') {
2f2f15 55     ob_start('ob_gzhandler');
03fcc1 56   }
47124c 57   else {
2f2f15 58     ob_start();
47124c 59   }
f11541 60 }
2f2f15 61
42b113 62
197601 63 // init application and start session with requested task
T 64 $RCMAIL = rcmail::get_instance();
4e17e6 65
47124c 66 // init output class
197601 67 $OUTPUT = (!empty($_GET['_remote']) || !empty($_POST['_remote'])) ? $RCMAIL->init_json() : $RCMAIL->load_gui((!empty($_GET['_framed']) || !empty($_POST['_framed'])));
4e17e6 68
8affba 69
T 70 // check DB connections and exit on failure
47124c 71 if ($err_str = $DB->is_error()) {
f11541 72   raise_error(array(
T 73     'code' => 603,
74     'type' => 'db',
75     'message' => $err_str), FALSE, TRUE);
76 }
8affba 77
T 78
4e17e6 79 // error steps
197601 80 if ($RCMAIL->action=='error' && !empty($_GET['_code'])) {
4e17e6 81   raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE);
47124c 82 }
570f0b 83
4e17e6 84 // try to log in
197601 85 if ($RCMAIL->action=='login' && $RCMAIL->task=='mail') {
0a020c 86   $host = rcmail_autoselect_host();
4e17e6 87   
T 88   // check if client supports cookies
47124c 89   if (empty($_COOKIE)) {
f11541 90     $OUTPUT->show_message("cookiesdisabled", 'warning');
T 91   }
f15c26 92   else if ($_SESSION['temp'] && !empty($_POST['_user']) && isset($_POST['_pass']) &&
197601 93            $RCMAIL->login(trim(get_input_value('_user', RCUBE_INPUT_POST), ' '),
47124c 94               get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1'), $host)) {
aad6e2 95     // create new session ID
T 96     unset($_SESSION['temp']);
97     sess_regenerate_id();
98
99     // send auth cookie if necessary
100     rcmail_authenticate_session();
101
4e17e6 102     // send redirect
197601 103     header("Location: {$RCMAIL->comm_path}");
4e17e6 104     exit;
T 105   }
47124c 106   else {
fc6725 107     $OUTPUT->show_message($IMAP->error_code == -1 ? 'imaperror' : 'loginfailed', 'warning');
b9183e 108     rcmail_kill_session();
f11541 109   }
T 110 }
4e17e6 111
T 112 // end session
197601 113 else if (($RCMAIL->task=='logout' || $RCMAIL->action=='logout') && isset($_SESSION['user_id'])) {
f11541 114   $OUTPUT->show_message('loggedout');
eaa394 115   rcmail_logout_actions();
4e17e6 116   rcmail_kill_session();
f11541 117 }
4e17e6 118
bac7d1 119 // check session and auth cookie
197601 120 else if ($RCMAIL->action != 'login' && $_SESSION['user_id'] && $RCMAIL->action != 'send') {
47124c 121   if (!rcmail_authenticate_session()) {
f11541 122     $OUTPUT->show_message('sessionerror', 'error');
4e17e6 123     rcmail_kill_session();
T 124   }
f11541 125 }
4e17e6 126
T 127
128 // log in to imap server
197601 129 if (!empty($RCMAIL->user->ID) && $RCMAIL->task == 'mail') {
7902df 130   $conn = $IMAP->connect($_SESSION['imap_host'], $_SESSION['username'], decrypt_passwd($_SESSION['password']), $_SESSION['imap_port'], $_SESSION['imap_ssl']);
47124c 131   if (!$conn) {
fc6725 132     $OUTPUT->show_message($IMAP->error_code == -1 ? 'imaperror' : 'sessionerror', 'error');
b9183e 133     rcmail_kill_session();
f11541 134   }
47124c 135   else {
197601 136     $RCMAIL->set_imap_prop();
47124c 137   }
f11541 138 }
4e17e6 139
T 140
141 // not logged in -> set task to 'login
197601 142 if (empty($RCMAIL->user->ID)) {
f11541 143   if ($OUTPUT->ajax_call)
T 144     $OUTPUT->remote_response("setTimeout(\"location.href='\"+this.env.comm_path+\"'\", 2000);");
42b113 145   
197601 146   $RCMAIL->task = 'login';
f11541 147 }
4e17e6 148
T 149
719a25 150 // check client X-header to verify request origin
47124c 151 if ($OUTPUT->ajax_call) {
T 152   if (empty($CONFIG['devel_mode']) && !rc_request_header('X-RoundCube-Referer')) {
719a25 153     header('HTTP/1.1 404 Not Found');
T 154     die("Invalid Request");
155   }
156 }
157
4e17e6 158
T 159 // not logged in -> show login page
197601 160 if (empty($RCMAIL->user->ID)) {
330127 161   // check if installer is still active
47124c 162   if ($CONFIG['enable_installer'] && is_readable('./installer/index.php')) {
T 163     $OUTPUT->add_footer(html::div(array('style' => "background:#ef9398; border:2px solid #dc5757; padding:0.5em; margin:2em auto; width:50em"),
164       html::tag('h2', array('style' => "margin-top:0.2em"), "Installer script is still accessible") .
165       html::p(null, "The install script of your RoundCube installation is still stored in its default location!") .
166       html::p(null, "Please <b>remove</b> the whole <tt>installer</tt> folder from the RoundCube directory because .
167         these files may expose sensitive configuration data like server passwords and encryption keys
168         to the public. Make sure you cannot access the <a href=\"./installer/\">installer script</a> from your browser.")
169       )
170     );
171   }
330127 172   
bbf15d 173   $OUTPUT->set_env('task', 'login');
f11541 174   $OUTPUT->task = 'login';
T 175   $OUTPUT->send('login');
4e17e6 176   exit;
f11541 177 }
4e17e6 178
T 179
1cded8 180 // handle keep-alive signal
197601 181 if ($RCMAIL->action=='keep-alive') {
f11541 182   $OUTPUT->reset();
T 183   $OUTPUT->send('');
1cded8 184   exit;
f11541 185 }
4e17e6 186
T 187 // include task specific files
197601 188 if ($RCMAIL->task=='mail') {
4e17e6 189   include_once('program/steps/mail/func.inc');
88375f 190   
197601 191   if ($RCMAIL->action=='show' || $RCMAIL->action=='preview' || $RCMAIL->action=='print')
4e17e6 192     include('program/steps/mail/show.inc');
T 193
197601 194   if ($RCMAIL->action=='get')
4e17e6 195     include('program/steps/mail/get.inc');
T 196
197601 197   if ($RCMAIL->action=='moveto' || $RCMAIL->action=='delete')
4e17e6 198     include('program/steps/mail/move_del.inc');
T 199
197601 200   if ($RCMAIL->action=='mark')
4e17e6 201     include('program/steps/mail/mark.inc');
T 202
197601 203   if ($RCMAIL->action=='viewsource')
4e17e6 204     include('program/steps/mail/viewsource.inc');
T 205
197601 206   if ($RCMAIL->action=='sendmdn')
fba1f5 207     include('program/steps/mail/sendmdn.inc');
T 208
197601 209   if ($RCMAIL->action=='send')
4e17e6 210     include('program/steps/mail/sendmail.inc');
T 211
197601 212   if ($RCMAIL->action=='upload')
4e17e6 213     include('program/steps/mail/upload.inc');
T 214
197601 215   if ($RCMAIL->action=='compose' || $RCMAIL->action=='remove-attachment' || $RCMAIL->action=='display-attachment')
4e17e6 216     include('program/steps/mail/compose.inc');
T 217
197601 218   if ($RCMAIL->action=='addcontact')
4e17e6 219     include('program/steps/mail/addcontact.inc');
15a9d1 220
197601 221   if ($RCMAIL->action=='expunge' || $RCMAIL->action=='purge')
15a9d1 222     include('program/steps/mail/folders.inc');
T 223
197601 224   if ($RCMAIL->action=='check-recent')
15a9d1 225     include('program/steps/mail/check_recent.inc');
T 226
197601 227   if ($RCMAIL->action=='getunread')
15a9d1 228     include('program/steps/mail/getunread.inc');
4e17e6 229     
197601 230   if ($RCMAIL->action=='list' && isset($_REQUEST['_remote']))
4e17e6 231     include('program/steps/mail/list.inc');
T 232
197601 233    if ($RCMAIL->action=='search')
dd53e2 234      include('program/steps/mail/search.inc');
T 235      
197601 236   if ($RCMAIL->action=='spell')
dd53e2 237     include('program/steps/mail/spell.inc');
4647e1 238
197601 239   if ($RCMAIL->action=='rss')
88375f 240     include('program/steps/mail/rss.inc');
3ea0e3 241     
01c86f 242   // make sure the message count is refreshed
47124c 243   $IMAP->messagecount($_SESSION['mbox'], 'ALL', true);
f11541 244 }
4e17e6 245
T 246
247 // include task specific files
197601 248 if ($RCMAIL->task=='addressbook') {
4e17e6 249   include_once('program/steps/addressbook/func.inc');
T 250
197601 251   if ($RCMAIL->action=='save')
4e17e6 252     include('program/steps/addressbook/save.inc');
T 253   
197601 254   if ($RCMAIL->action=='edit' || $RCMAIL->action=='add')
4e17e6 255     include('program/steps/addressbook/edit.inc');
T 256   
197601 257   if ($RCMAIL->action=='delete')
4e17e6 258     include('program/steps/addressbook/delete.inc');
T 259
197601 260   if ($RCMAIL->action=='show')
4e17e6 261     include('program/steps/addressbook/show.inc');  
T 262
197601 263   if ($RCMAIL->action=='list' && $_REQUEST['_remote'])
4e17e6 264     include('program/steps/addressbook/list.inc');
d1d2c4 265
197601 266   if ($RCMAIL->action=='search')
f11541 267     include('program/steps/addressbook/search.inc');
T 268
197601 269   if ($RCMAIL->action=='copy')
f11541 270     include('program/steps/addressbook/copy.inc');
T 271
197601 272   if ($RCMAIL->action=='mailto')
f11541 273     include('program/steps/addressbook/mailto.inc');
T 274 }
4e17e6 275
T 276
277 // include task specific files
197601 278 if ($RCMAIL->task=='settings') {
4e17e6 279   include_once('program/steps/settings/func.inc');
T 280
197601 281   if ($RCMAIL->action=='save-identity')
4e17e6 282     include('program/steps/settings/save_identity.inc');
T 283
197601 284   if ($RCMAIL->action=='add-identity' || $RCMAIL->action=='edit-identity')
4e17e6 285     include('program/steps/settings/edit_identity.inc');
T 286
197601 287   if ($RCMAIL->action=='delete-identity')
4e17e6 288     include('program/steps/settings/delete_identity.inc');
T 289   
197601 290   if ($RCMAIL->action=='identities')
4e17e6 291     include('program/steps/settings/identities.inc');  
T 292
197601 293   if ($RCMAIL->action=='save-prefs')
4e17e6 294     include('program/steps/settings/save_prefs.inc');  
T 295
197601 296   if ($RCMAIL->action=='folders' || $RCMAIL->action=='subscribe' || $RCMAIL->action=='unsubscribe' ||
T 297       $RCMAIL->action=='create-folder' || $RCMAIL->action=='rename-folder' || $RCMAIL->action=='delete-folder')
4e17e6 298     include('program/steps/settings/manage_folders.inc');
f11541 299 }
ecf759 300
T 301
539cd4 302 // parse main template
197601 303 $OUTPUT->send($RCMAIL->task);
539cd4 304
T 305
306 // if we arrive here, something went wrong
f11541 307 raise_error(array(
T 308   'code' => 404,
309   'type' => 'php',
310   'line' => __LINE__,
311   'file' => __FILE__,
47124c 312   'message' => "Invalid request"), true, true);
539cd4 313                       
d1d2c4 314 ?>