githubFork/roundcubemail.git

			@@ -5,7 +5,7 @@
			\| program/include/main.inc \|
			\| \|
			\| This file is part of the RoundCube Webmail client \|
			\| Copyright (C) 2005, RoundCube Dev, - Switzerland \|
			\| Copyright (C) 2005-2007, RoundCube Dev, - Switzerland \|
			\| Licensed under the GNU GPL \|
			\| \|
			\| PURPOSE: \|
			@@ -19,9 +19,17 @@

			*/

			/**
			* RoundCube Webmail common functions
			*
			* @package Core
			* @author Thomas Bruederli <roundcube@gmail.com>
			*/

			require_once('lib/des.inc');
			require_once('lib/utf7.inc');
			require_once('lib/utf8.class.php');
			require_once('include/rcmail_template.inc');


			// define constannts for input reading
			@@ -30,60 +38,38 @@
			define('RCUBE_INPUT_GPC', 0x0103);


			// register session and connect to server
			/**
			* Initial startup function
			* to register session, create database and imap connections
			*
			* @param string Current task
			*/
			function rcmail_startup($task='mail')
			{
			global $sess_id, $sess_auth, $sess_user_lang;
			global $CONFIG, $INSTALL_PATH, $BROWSER, $OUTPUT, $_SESSION, $IMAP, $DB, $JS_OBJECT_NAME;
			global $sess_id, $sess_user_lang;
			global $CONFIG, $INSTALL_PATH, $BROWSER, $OUTPUT, $_SESSION, $IMAP, $DB;

			// check client
			$BROWSER = rcube_browser();

			// load config file
			include_once('config/main.inc.php');
			$CONFIG = is_array($rcmail_config) ? $rcmail_config : array();

			// load host-specific configuration
			rcmail_load_host_config($CONFIG);

			$CONFIG['skin_path'] = $CONFIG['skin_path'] ? unslashify($CONFIG['skin_path']) : 'skins/default';

			// load db conf
			include_once('config/db.inc.php');
			$CONFIG = array_merge($CONFIG, $rcmail_config);

			if (empty($CONFIG['log_dir']))
			$CONFIG['log_dir'] = $INSTALL_PATH.'logs';
			else
			$CONFIG['log_dir'] = unslashify($CONFIG['log_dir']);

			// set PHP error logging according to config
			if ($CONFIG['debug_level'] & 1)
			{
			ini_set('log_errors', 1);
			ini_set('error_log', $CONFIG['log_dir'].'/errors');
			}
			if ($CONFIG['debug_level'] & 4)
			ini_set('display_errors', 1);
			else
			ini_set('display_errors', 0);

			// load configuration
			$CONFIG = rcmail_load_config();

			// set session garbage collecting time according to session_lifetime
			if (!empty($CONFIG['session_lifetime']))
			ini_set('session.gc_maxlifetime', ($CONFIG['session_lifetime']+2)*60);

			ini_set('session.gc_maxlifetime', ($CONFIG['session_lifetime']) * 120);

			// prepare DB connection
			require_once('include/rcube_'.(empty($CONFIG['db_backend']) ? 'db' : $CONFIG['db_backend']).'.inc');
			$dbwrapper = empty($CONFIG['db_backend']) ? 'db' : $CONFIG['db_backend'];
			$dbclass = "rcube_" . $dbwrapper;
			require_once("include/$dbclass.inc");

			$DB = new rcube_db($CONFIG['db_dsnw'], $CONFIG['db_dsnr'], $CONFIG['db_persistent']);
			$DB = new $dbclass($CONFIG['db_dsnw'], $CONFIG['db_dsnr'], $CONFIG['db_persistent']);
			$DB->sqlite_initials = $INSTALL_PATH.'SQL/sqlite.initial.sql';
			$DB->db_connect('w');

			// we can use the database for storing session data
			if (!$DB->is_error())
			include_once('include/session.inc');

			// use database for storing session data
			include_once('include/session.inc');

			// init session
			session_start();
			@@ -93,8 +79,8 @@
			if (!isset($_SESSION['auth_time']))
			{
			$_SESSION['user_lang'] = rcube_language_prop($CONFIG['locale_string']);
			$_SESSION['auth_time'] = mktime();
			setcookie('sessauth', rcmail_auth_hash($sess_id, $_SESSION['auth_time']));
			$_SESSION['auth_time'] = time();
			$_SESSION['temp'] = true;
			}

			// set session vars global
			@@ -129,7 +115,54 @@
			}


			// load a host-specific config file if configured
			/**
			* Load roundcube configuration array
			*
			* @return array Named configuration parameters
			*/
			function rcmail_load_config()
			{
			global $INSTALL_PATH;

			// load config file
			include_once('config/main.inc.php');
			$conf = is_array($rcmail_config) ? $rcmail_config : array();

			// load host-specific configuration
			rcmail_load_host_config($conf);

			$conf['skin_path'] = $conf['skin_path'] ? unslashify($conf['skin_path']) : 'skins/default';

			// load db conf
			include_once('config/db.inc.php');
			$conf = array_merge($conf, $rcmail_config);

			if (empty($conf['log_dir']))
			$conf['log_dir'] = $INSTALL_PATH.'logs';
			else
			$conf['log_dir'] = unslashify($conf['log_dir']);

			// set PHP error logging according to config
			if ($conf['debug_level'] & 1)
			{
			ini_set('log_errors', 1);
			ini_set('error_log', $conf['log_dir'].'/errors');
			}
			if ($conf['debug_level'] & 4)
			ini_set('display_errors', 1);
			else
			ini_set('display_errors', 0);

			return $conf;
			}


			/**
			* Load a host-specific config file if configured
			* This will merge the host specific configuration with the given one
			*
			* @param array Global configuration parameters
			*/
			function rcmail_load_host_config(&$config)
			{
			$fname = NULL;
			@@ -147,7 +180,13 @@
			}


			// create authorization hash
			/**
			* Create unique authorization hash
			*
			* @param string Session ID
			* @param int Timestamp
			* @return string The generated auth hash
			*/
			function rcmail_auth_hash($sess_id, $ts)
			{
			global $CONFIG;
			@@ -165,27 +204,49 @@
			}


			// compare the auth hash sent by the client with the local session credentials
			/**
			* Check the auth hash sent by the client against the local session credentials
			*
			* @return boolean True if valid, False if not
			*/
			function rcmail_authenticate_session()
			{
			$now = mktime();
			$valid = ($_COOKIE['sessauth'] == rcmail_auth_hash(session_id(), $_SESSION['auth_time']));
			global $CONFIG, $SESS_CLIENT_IP, $SESS_CHANGED;

			// advanced session authentication
			if ($CONFIG['double_auth'])
			{
			$now = time();
			$valid = ($_COOKIE['sessauth'] == rcmail_auth_hash(session_id(), $_SESSION['auth_time']) \|\|
			$_COOKIE['sessauth'] == rcmail_auth_hash(session_id(), $_SESSION['last_auth']));

			// renew auth cookie every 5 minutes (only for GET requests)
			if (!$valid \|\| ($_SERVER['REQUEST_METHOD']!='POST' && $now-$_SESSION['auth_time'] > 300))
			// renew auth cookie every 5 minutes (only for GET requests)
			if (!$valid \|\| ($_SERVER['REQUEST_METHOD']!='POST' && $now-$_SESSION['auth_time'] > 300))
			{
			$_SESSION['auth_time'] = $now;
			setcookie('sessauth', rcmail_auth_hash(session_id(), $now));
			$_SESSION['last_auth'] = $_SESSION['auth_time'];
			$_SESSION['auth_time'] = $now;
			setcookie('sessauth', rcmail_auth_hash(session_id(), $now));
			}

			}
			else
			$valid = $CONFIG['ip_check'] ? $_SERVER['REMOTE_ADDR'] == $SESS_CLIENT_IP : true;

			// check session filetime
			if (!empty($CONFIG['session_lifetime']) && isset($SESS_CHANGED) && $SESS_CHANGED + $CONFIG['session_lifetime']*60 < time())
			$valid = false;

			return $valid;
			}


			// create IMAP object and connect to server
			/**
			* Create global IMAP object and connect to server
			*
			* @param boolean True if connection should be established
			*/
			function rcmail_imap_init($connect=FALSE)
			{
			global $CONFIG, $DB, $IMAP;
			global $CONFIG, $DB, $IMAP, $OUTPUT;

			$IMAP = new rcube_imap($DB);
			$IMAP->debug_level = $CONFIG['debug_level'];
			@@ -196,7 +257,7 @@
			if ($connect)
			{
			if (!($conn = $IMAP->connect($_SESSION['imap_host'], $_SESSION['username'], decrypt_passwd($_SESSION['password']), $_SESSION['imap_port'], $_SESSION['imap_ssl'])))
			show_message('imaperror', 'error');
			$OUTPUT->show_message('imaperror', 'error');

			rcmail_set_imap_prop();
			}
			@@ -211,8 +272,10 @@
			}


			// set root dir and last stored mailbox
			// this must be done AFTER connecting to the server
			/**
			* Set root dir and last stored mailbox
			* This must be done AFTER connecting to the server!
			*/
			function rcmail_set_imap_prop()
			{
			global $CONFIG, $IMAP;
			@@ -231,10 +294,12 @@
			}


			// do these things on script shutdown
			/**
			* Do these things on script shutdown
			*/
			function rcmail_shutdown()
			{
			global $IMAP;
			global $IMAP, $CONTACTS;

			if (is_object($IMAP))
			{
			@@ -242,12 +307,17 @@
			$IMAP->write_cache();
			}

			if (is_object($CONTACTS))
			$CONTACTS->close();

			// before closing the database connection, write session data
			session_write_close();
			}


			// destroy session data and remove cookie
			/**
			* Destroy session data and remove cookie
			*/
			function rcmail_kill_session()
			{
			// save user preferences
			@@ -263,12 +333,17 @@
			rcmail_save_user_prefs($a_user_prefs);
			}

			$_SESSION = array();
			session_destroy();
			$_SESSION = array('user_lang' => $GLOBALS['sess_user_lang'], 'auth_time' => time(), 'temp' => true);
			setcookie('sessauth', '-del-', time()-60);
			}


			// return correct name for a specific database table
			/**
			* Return correct name for a specific database table
			*
			* @param string Table name
			* @return string Translated table name
			*/
			function get_table_name($table)
			{
			global $CONFIG;
			@@ -283,8 +358,13 @@
			}


			// return correct name for a specific database sequence
			// (used for Postres only)
			/**
			* Return correct name for a specific database sequence
			* (used for Postres only)
			*
			* @param string Secuence name
			* @return string Translated sequence name
			*/
			function get_sequence_name($sequence)
			{
			global $CONFIG;
			@@ -299,7 +379,13 @@
			}


			// check the given string and returns language properties
			/**
			* Check the given string and returns language properties
			*
			* @param string Language code
			* @param string Peropert name
			* @return string Property value
			*/
			function rcube_language_prop($lang, $prop='lang')
			{
			global $INSTALL_PATH;
			@@ -336,31 +422,27 @@
			}


			// init output object for GUI and add common scripts
			function load_gui()
			/**
			* Init output object for GUI and add common scripts.
			* This will instantiate a rcmail_template object and set
			* environment vars according to the current session and configuration
			*/
			function rcmail_load_gui()
			{
			global $CONFIG, $OUTPUT, $COMM_PATH, $JS_OBJECT_NAME, $sess_user_lang;
			global $CONFIG, $OUTPUT, $sess_user_lang;

			// init output page
			$OUTPUT = new rcube_html_page();

			// add common javascripts
			$javascript = "var $JS_OBJECT_NAME = new rcube_webmail();\n";
			$javascript .= "$JS_OBJECT_NAME.set_env('comm_path', '$COMM_PATH');\n";
			$OUTPUT = new rcmail_template($CONFIG, $GLOBALS['_task']);
			$OUTPUT->set_env('comm_path', $GLOBALS['COMM_PATH']);

			if (isset($CONFIG['javascript_config'] )){
			foreach ($CONFIG['javascript_config'] as $js_config_var){
			$javascript .= "$JS_OBJECT_NAME.set_env('$js_config_var', '" . $CONFIG[$js_config_var] . "');\n";
			}
			if (is_array($CONFIG['javascript_config']))
			{
			foreach ($CONFIG['javascript_config'] as $js_config_var)
			$OUTPUT->set_env($js_config_var, $CONFIG[$js_config_var]);
			}


			if (!empty($GLOBALS['_framed']))
			$javascript .= "$JS_OBJECT_NAME.set_env('framed', true);\n";

			$OUTPUT->add_script($javascript);
			$OUTPUT->include_script('common.js');
			$OUTPUT->include_script('app.js');
			$OUTPUT->scripts_path = 'program/js/';
			$OUTPUT->set_env('framed', true);

			// set locale setting
			rcmail_set_locale($sess_user_lang);
			@@ -368,53 +450,84 @@
			// set user-selected charset
			if (!empty($CONFIG['charset']))
			$OUTPUT->set_charset($CONFIG['charset']);

			// register common UI objects
			$OUTPUT->add_handlers(array(
			'loginform' => 'rcmail_login_form',
			'username' => 'rcmail_current_username',
			'message' => 'rcmail_message_container',
			'charsetselector' => 'rcmail_charset_selector',
			));

			// add some basic label to client
			rcube_add_label('loading','checkingmail');
			if (!$OUTPUT->ajax_call)
			rcube_add_label('loading', 'movingmessage');
			}


			// set localization charset based on the given language
			/**
			* Set localization charset based on the given language.
			* This also creates a global property for mbstring usage.
			*/
			function rcmail_set_locale($lang)
			{
			global $OUTPUT, $MBSTRING, $MBSTRING_ENCODING;
			global $OUTPUT, $MBSTRING;
			static $s_mbstring_loaded = NULL;

			// settings for mbstring module (by Tadashi Jokagi)
			if ($s_mbstring_loaded===NULL)
			{
			if ($s_mbstring_loaded = extension_loaded("mbstring"))
			{
			$MBSTRING = TRUE;
			if (function_exists("mb_mbstring_encodings"))
			$MBSTRING_ENCODING = mb_mbstring_encodings();
			else
			$MBSTRING_ENCODING = array("ISO-8859-1", "UTF-7", "UTF7-IMAP", "UTF-8",
			"ISO-2022-JP", "EUC-JP", "EUCJP-WIN",
			"SJIS", "SJIS-WIN");

			$MBSTRING_ENCODING = array_map("strtoupper", $MBSTRING_ENCODING);
			if (in_array("SJIS", $MBSTRING_ENCODING))
			$MBSTRING_ENCODING[] = "SHIFT_JIS";
			}
			else
			{
			$MBSTRING = FALSE;
			$MBSTRING_ENCODING = array();
			}
			}

			if ($MBSTRING && function_exists("mb_language"))
			{
			if (!@mb_language(strtok($lang, "_")))
			$MBSTRING = FALSE; // unsupport language
			}
			if (is_null($s_mbstring_loaded))
			$MBSTRING = $s_mbstring_loaded = extension_loaded("mbstring");
			else
			$MBSTRING = $s_mbstring_loaded = FALSE;

			if ($MBSTRING)
			mb_internal_encoding(RCMAIL_CHARSET);

			$OUTPUT->set_charset(rcube_language_prop($lang, 'charset'));
			}


			// perfom login to the IMAP server and to the webmail service
			/**
			* Auto-select IMAP host based on the posted login information
			*
			* @return string Selected IMAP host
			*/
			function rcmail_autoselect_host()
			{
			global $CONFIG;

			$host = isset($_POST['_host']) ? get_input_value('_host', RCUBE_INPUT_POST) : $CONFIG['default_host'];
			if (is_array($host))
			{
			list($user, $domain) = explode('@', get_input_value('_user', RCUBE_INPUT_POST));
			if (!empty($domain))
			{
			foreach ($host as $imap_host => $mail_domains)
			if (is_array($mail_domains) && in_array($domain, $mail_domains))
			{
			$host = $imap_host;
			break;
			}
			}

			// take the first entry if $host is still an array
			if (is_array($host))
			$host = array_shift($host);
			}

			return $host;
			}


			/**
			* Perfom login to the IMAP server and to the webmail service.
			* This will also create a new user entry if auto_create_user is configured.
			*
			* @param string IMAP user name
			* @param string IMAP password
			* @param string IMAP host
			* @return boolean True on success, False on failure
			*/
			function rcmail_login($user, $pass, $host=NULL)
			{
			global $CONFIG, $IMAP, $DB, $sess_user_lang;
			@@ -422,6 +535,26 @@

			if (!$host)
			$host = $CONFIG['default_host'];

			// Validate that selected host is in the list of configured hosts
			if (is_array($CONFIG['default_host']))
			{
			$allowed = FALSE;
			foreach ($CONFIG['default_host'] as $key => $host_allowed)
			{
			if (!is_numeric($key))
			$host_allowed = $key;
			if ($host == $host_allowed)
			{
			$allowed = TRUE;
			break;
			}
			}
			if (!$allowed)
			return FALSE;
			}
			else if (!empty($CONFIG['default_host']) && $host != $CONFIG['default_host'])
			return FALSE;

			// parse $host URL
			$a_host = parse_url($host);
			@@ -439,7 +572,7 @@
			Inspired by Marco <P0L0_notspam_binware.org>
			*/
			// Check if we need to add domain
			if (!empty($CONFIG['username_domain']) && !strstr($user, '@'))
			if (!empty($CONFIG['username_domain']) && !strpos($user, '@'))
			{
			if (is_array($CONFIG['username_domain']) && isset($CONFIG['username_domain'][$host]))
			$user .= '@'.$CONFIG['username_domain'][$host];
			@@ -447,6 +580,9 @@
			$user .= '@'.$CONFIG['username_domain'];
			}

			// lowercase username if it's an e-mail address (#1484473)
			if (strpos($user, '@'))
			$user = strtolower($user);

			// query if user already registered
			$sql_result = $DB->query("SELECT user_id, username, language, preferences
			@@ -464,7 +600,7 @@
			}

			// try to resolve email address from virtuser table
			if (!empty($CONFIG['virtuser_file']) && strstr($user, '@'))
			if (!empty($CONFIG['virtuser_file']) && strpos($user, '@'))
			$user = rcmail_email2user($user);


			@@ -490,7 +626,7 @@

			// update user's record
			$DB->query("UPDATE ".get_table_name('users')."
			SET last_login=now()
			SET last_login=".$DB->now()."
			WHERE user_id=?",
			$user_id);
			}
			@@ -509,6 +645,7 @@
			$_SESSION['username'] = $user;
			$_SESSION['user_lang'] = $sess_user_lang;
			$_SESSION['password'] = encrypt_passwd($pass);
			$_SESSION['login_time'] = mktime();

			// force reloading complete list of subscribed mailboxes
			rcmail_set_imap_prop();
			@@ -522,75 +659,88 @@
			}


			// create new entry in users and identities table
			/**
			* Create new entry in users and identities table
			*
			* @param string User name
			* @param string IMAP host
			* @return mixed New user ID or False on failure
			*/
			function rcmail_create_user($user, $host)
			{
			{
			global $DB, $CONFIG, $IMAP;

			$user_email = '';

			// try to resolve user in virtusertable
			if (!empty($CONFIG['virtuser_file']) && strstr($user, '@')==FALSE)
			if (!empty($CONFIG['virtuser_file']) && !strpos($user, '@'))
			$user_email = rcmail_user2email($user);

			$DB->query("INSERT INTO ".get_table_name('users')."
			(created, last_login, username, mail_host, alias, language)
			VALUES (now(), now(), ?, ?, ?, ?)",
			$user,
			$host,
			$user_email,
			$_SESSION['user_lang']);
			VALUES (".$DB->now().", ".$DB->now().", ?, ?, ?, ?)",
			strip_newlines($user),
			strip_newlines($host),
			strip_newlines($user_email),
			$_SESSION['user_lang']);

			if ($user_id = $DB->insert_id(get_sequence_name('users')))
			{
			$mail_domain = $host;
			if (is_array($CONFIG['mail_domain']))
			{
			if (isset($CONFIG['mail_domain'][$host]))
			$mail_domain = $CONFIG['mail_domain'][$host];
			}
			else if (!empty($CONFIG['mail_domain']))
			$mail_domain = $CONFIG['mail_domain'];
			{
			$mail_domain = rcmail_mail_domain($host);

			if ($user_email=='')
			$user_email = strstr($user, '@') ? $user : sprintf('%s@%s', $user, $mail_domain);
			$user_email = strpos($user, '@') ? $user : sprintf('%s@%s', $user, $mail_domain);

			$user_name = $user!=$user_email ? $user : '';

			// try to resolve the e-mail address from the virtuser table
			if (!empty($CONFIG['virtuser_query']))
			{
			$sql_result = $DB->query(preg_replace('/%u/', $user, $CONFIG['virtuser_query']));
			if ($sql_arr = $DB->fetch_array($sql_result))
			$user_email = $sql_arr[0];
			if (!empty($CONFIG['virtuser_query']) &&
			($sql_result = $DB->query(preg_replace('/%u/', $DB->quote($user), $CONFIG['virtuser_query']))) &&
			($DB->num_rows()>0))
			{
			while ($sql_arr = $DB->fetch_array($sql_result))
			{
			$DB->query("INSERT INTO ".get_table_name('identities')."
			(user_id, del, standard, name, email)
			VALUES (?, 0, 1, ?, ?)",
			$user_id,
			strip_newlines($user_name),
			preg_replace('/^@/', $user . '@', $sql_arr[0]));
			}

			// also create new identity records
			$DB->query("INSERT INTO ".get_table_name('identities')."
			(user_id, del, standard, name, email)
			VALUES (?, 0, 1, ?, ?)",
			$user_id,
			$user_name,
			$user_email);

			}
			else
			{
			// also create new identity records
			$DB->query("INSERT INTO ".get_table_name('identities')."
			(user_id, del, standard, name, email)
			VALUES (?, 0, 1, ?, ?)",
			$user_id,
			strip_newlines($user_name),
			strip_newlines($user_email));
			}

			// get existing mailboxes
			$a_mailboxes = $IMAP->list_mailboxes();
			}
			}
			else
			{
			raise_error(array('code' => 500,
			'type' => 'php',
			'line' => __LINE__,
			'file' => __FILE__,
			'message' => "Failed to create new user"), TRUE, FALSE);
			}
			{
			raise_error(array(
			'code' => 500,
			'type' => 'php',
			'line' => __LINE__,
			'file' => __FILE__,
			'message' => "Failed to create new user"), TRUE, FALSE);
			}

			return $user_id;
			}
			}


			// load virtuser table in array
			/**
			* Load virtuser table in array
			*
			* @return array Virtuser table entries
			*/
			function rcmail_getvirtualfile()
			{
			global $CONFIG;
			@@ -603,7 +753,12 @@
			}


			// find matches of the given pattern in virtuser table
			/**
			* Find matches of the given pattern in virtuser table
			*
			* @param string Regular expression to search for
			* @return array Matching entries
			*/
			function rcmail_findinvirtual($pattern)
			{
			$result = array();
			@@ -626,7 +781,12 @@
			}


			// resolve username with virtuser table
			/**
			* Resolve username using a virtuser table
			*
			* @param string E-mail address to resolve
			* @return string Resolved IMAP username
			*/
			function rcmail_email2user($email)
			{
			$user = $email;
			@@ -647,7 +807,12 @@
			}


			// resolve e-mail address with virtuser table
			/**
			* Resolve e-mail address from virtuser table
			*
			* @param string User name
			* @return string Resolved e-mail address
			*/
			function rcmail_user2email($user)
			{
			$email = "";
			@@ -668,6 +833,12 @@
			}


			/**
			* Write the given user prefs to the user's record
			*
			* @param mixed User prefs to save
			* @return boolean True on success, False on failure
			*/
			function rcmail_save_user_prefs($a_user_prefs)
			{
			global $DB, $CONFIG, $sess_user_lang;
			@@ -691,37 +862,58 @@
			}


			// overwrite action variable
			/**
			* Overwrite action variable
			*
			* @param string New action value
			*/
			function rcmail_overwrite_action($action)
			{
			global $OUTPUT, $JS_OBJECT_NAME;
			global $OUTPUT;
			$GLOBALS['_action'] = $action;

			$OUTPUT->add_script(sprintf("\n%s.set_env('action', '%s');", $JS_OBJECT_NAME, $action));
			$OUTPUT->set_env('action', $action);
			}


			/**
			* Compose an URL for a specific action
			*
			* @param string Request action
			* @param array More URL parameters
			* @param string Request task (omit if the same)
			* @return The application URL
			*/
			function rcmail_url($action, $p=array(), $task=null)
			{
			global $MAIN_TASKS, $COMM_PATH;
			$qstring = '';
			$base = $COMM_PATH;

			if ($task && in_array($task, $MAIN_TASKS))
			$base = ereg_replace('_task=[a-z]+', '_task='.$task, $COMM_PATH);

			if (is_array($p))
			foreach ($p as $key => $val)
			$qstring .= '&'.urlencode($key).'='.urlencode($val);

			return $base . ($action ? '&_action='.$action : '') . $qstring;
			}


			// @deprecated
			function show_message($message, $type='notice', $vars=NULL)
			{
			global $OUTPUT, $JS_OBJECT_NAME, $REMOTE_REQUEST;

			$framed = $GLOBALS['_framed'];
			$command = sprintf("display_message('%s', '%s');",
			rep_specialchars_output(rcube_label(array('name' => $message, 'vars' => $vars)), 'js'),
			$type);

			if ($REMOTE_REQUEST)
			return 'this.'.$command;

			else
			$OUTPUT->add_script(sprintf("%s%s.%s\n",
			$framed ? sprintf('if(parent.%s)parent.', $JS_OBJECT_NAME) : '',
			$JS_OBJECT_NAME,
			$command));
			global $OUTPUT;
			$OUTPUT->show_message($message, $type, $vars);
			}


			// encrypt IMAP password using DES encryption
			/**
			* Encrypt IMAP password using DES encryption
			*
			* @param string Password to encrypt
			* @return string Encryprted string
			*/
			function encrypt_passwd($pass)
			{
			$cypher = des(get_des_key(), $pass, 1, 0, NULL);
			@@ -729,7 +921,12 @@
			}


			// decrypt IMAP password using DES encryption
			/**
			* Decrypt IMAP password using DES encryption
			*
			* @param string Encrypted password
			* @return string Plain password
			*/
			function decrypt_passwd($cypher)
			{
			$pass = des(get_des_key(), base64_decode($cypher), 0, 0, NULL);
			@@ -737,7 +934,11 @@
			}


			// return a 24 byte key for the DES encryption
			/**
			* Return a 24 byte key for the DES encryption
			*
			* @return string DES encryption key
			*/
			function get_des_key()
			{
			$key = !empty($GLOBALS['CONFIG']['des_key']) ? $GLOBALS['CONFIG']['des_key'] : 'rcmail?24BitPwDkeyF**ECB';
			@@ -753,44 +954,11 @@
			}


			// send correct response on a remote request
			function rcube_remote_response($js_code, $flush=FALSE)
			{
			global $OUTPUT, $CHARSET;
			static $s_header_sent = FALSE;

			if (!$s_header_sent)
			{
			$s_header_sent = TRUE;
			send_nocacheing_headers();
			header('Content-Type: application/x-javascript; charset='.$CHARSET);
			print '/ remote response ['.date('d/M/Y h:i:s O')."] /\n";
			}

			// send response code
			print rcube_charset_convert($js_code, $CHARSET, $OUTPUT->get_charset());

			if ($flush) // flush the output buffer
			flush();
			else // terminate script
			exit;
			}


			// send correctly formatted response for a request posted to an iframe
			function rcube_iframe_response($js_code='')
			{
			global $OUTPUT, $JS_OBJECT_NAME;

			if (!empty($js_code))
			$OUTPUT->add_script("if(parent.$JS_OBJECT_NAME){\n" . $js_code . "\n}");

			$OUTPUT->write();
			exit;
			}


			// read directory program/localization/ and return a list of available languages
			/**
			* Read directory program/localization and return a list of available languages
			*
			* @return array List of available localizations
			*/
			function rcube_list_languages()
			{
			global $CONFIG, $INSTALL_PATH;
			@@ -817,37 +985,48 @@
			}


			// add a localized label to the client environment
			/**
			* Add a localized label to the client environment
			*/
			function rcube_add_label()
			{
			global $OUTPUT, $JS_OBJECT_NAME;
			global $OUTPUT;

			$arg_list = func_get_args();
			foreach ($arg_list as $i => $name)
			$OUTPUT->add_script(sprintf("%s.add_label('%s', '%s');",
			$JS_OBJECT_NAME,
			$name,
			rep_specialchars_output(rcube_label($name), 'js')));
			$OUTPUT->command('add_label', $name, rcube_label($name));
			}


			// remove temp files of a session
			function rcmail_clear_session_temp($sess_id)
			/**
			* Garbage collector function for temp files.
			* Remove temp files older than two days
			*/
			function rcmail_temp_gc()
			{
			global $CONFIG;
			$tmp = unslashify($CONFIG['temp_dir']);
			$expire = mktime() - 172800; // expire in 48 hours

			$temp_dir = slashify($CONFIG['temp_dir']);
			$cache_dir = $temp_dir.$sess_id;

			if (is_dir($cache_dir))
			if ($dir = opendir($tmp))
			{
			clear_directory($cache_dir);
			rmdir($cache_dir);
			}
			while (($fname = readdir($dir)) !== false)
			{
			if ($fname{0} == '.')
			continue;

			if (filemtime($tmp.'/'.$fname) < $expire)
			@unlink($tmp.'/'.$fname);
			}

			closedir($dir);
			}
			}


			// remove all expired message cache records
			/**
			* Garbage collector for cache entries.
			* Remove all expired message cache records
			*/
			function rcmail_message_cache_gc()
			{
			global $DB, $CONFIG;
			@@ -864,37 +1043,45 @@
			}


			// convert a string from one charset to another
			// this function is not complete and not tested well
			/**
			* Convert a string from one charset to another.
			* Uses mbstring and iconv functions if possible
			*
			* @param string Input string
			* @param string Suspected charset of the input string
			* @param string Target charset to convert to; defaults to RCMAIL_CHARSET
			* @return Converted string
			*/
			function rcube_charset_convert($str, $from, $to=NULL)
			{
			global $MBSTRING, $MBSTRING_ENCODING;
			global $MBSTRING;

			$from = strtoupper($from);
			$to = $to==NULL ? strtoupper($GLOBALS['CHARSET']) : strtoupper($to);
			$to = $to==NULL ? strtoupper(RCMAIL_CHARSET) : strtoupper($to);

			if ($from==$to)
			if ($from==$to \|\| $str=='' \|\| empty($from))
			return $str;


			// convert charset using iconv module
			if (function_exists('iconv') && $from != 'UTF-7' && $to != 'UTF-7')
			return iconv($from, $to . "//IGNORE", $str);

			// convert charset using mbstring module
			if ($MBSTRING)
			{
			$to = $to=="UTF-7" ? "UTF7-IMAP" : $to;
			$to = $to=="UTF-7" ? "UTF7-IMAP" : $to;
			$from = $from=="UTF-7" ? "UTF7-IMAP": $from;

			if (in_array($to, $MBSTRING_ENCODING) && in_array($from, $MBSTRING_ENCODING))
			return mb_convert_encoding($str, $to, $from);
			// return if convert succeeded
			if (($out = mb_convert_encoding($str, $to, $from)) != '')
			return $out;
			}

			// convert charset using iconv module
			if (function_exists('iconv') && $from!='UTF-7' && $to!='UTF-7')
			return iconv($from, $to, $str);

			$conv = new utf8();

			// convert string to UTF-8
			if ($from=='UTF-7')
			$str = rcube_charset_convert(UTF7DecodeString($str), 'ISO-8859-1');
			$str = utf7_to_utf8($str);
			else if (($from=='ISO-8859-1') && function_exists('utf8_encode'))
			$str = utf8_encode($str);
			else if ($from!='UTF-8')
			@@ -905,7 +1092,7 @@

			// encode string for output
			if ($to=='UTF-7')
			return UTF7EncodeString(rcube_charset_convert($str, 'UTF-8', 'ISO-8859-1'));
			return utf8_to_utf7($str);
			else if ($to=='ISO-8859-1' && function_exists('utf8_decode'))
			return utf8_decode($str);
			else if ($to!='UTF-8')
			@@ -919,12 +1106,19 @@
			}



			// replace specials characters to a specific encoding type
			/**
			* Replacing specials characters to a specific encoding type
			*
			* @param string Input string
			* @param string Encoding type: text\|html\|xml\|js\|url
			* @param string Replace mode for tags: show\|replace\|remove
			* @param boolean Convert newlines
			* @return The quoted string
			*/
			function rep_specialchars_output($str, $enctype='', $mode='', $newlines=TRUE)
			{
			global $OUTPUT_TYPE, $OUTPUT;
			static $html_encode_arr, $js_rep_table, $rtf_rep_table, $xml_rep_table;
			static $html_encode_arr, $js_rep_table, $xml_rep_table;

			if (!$enctype)
			$enctype = $GLOBALS['OUTPUT_TYPE'];
			@@ -944,7 +1138,6 @@
			{
			$html_encode_arr = get_html_translation_table(HTML_SPECIALCHARS);
			unset($html_encode_arr['?']);
			unset($html_encode_arr['&']);
			}

			$ltpos = strpos($str, '<');
			@@ -956,41 +1149,39 @@
			unset($encode_arr['"']);
			unset($encode_arr['<']);
			unset($encode_arr['>']);
			unset($encode_arr['&']);
			}
			else if ($mode=='remove')
			$str = strip_tags($str);

			$out = strtr($str, $encode_arr);

			// avoid douple quotation of &
			$out = preg_replace('/&([a-z]{2,5}\|#[0-9]{2,4});/', '&\\1;', strtr($str, $encode_arr));

			return $newlines ? nl2br($out) : $out;
			}


			if ($enctype=='url')
			return rawurlencode($str);


			// if the replace tables for RTF, XML and JS are not yet defined
			// if the replace tables for XML and JS are not yet defined
			if (!$js_rep_table)
			{
			$js_rep_table = $rtf_rep_table = $xml_rep_table = array();
			$js_rep_table = $xml_rep_table = array();
			$xml_rep_table['&'] = '&';

			for ($c=160; $c<256; $c++) // can be increased to support more charsets
			{
			$hex = dechex($c);
			$rtf_rep_table[Chr($c)] = "\\'$hex";
			$xml_rep_table[Chr($c)] = "&#$c;";

			if ($OUTPUT->get_charset()=='ISO-8859-1')
			$js_rep_table[Chr($c)] = sprintf("\u%s%s", str_repeat('0', 4-strlen($hex)), $hex);
			}

			$js_rep_table['"'] = sprintf("\u%s%s", str_repeat('0', 4-strlen(dechex(34))), dechex(34));
			$xml_rep_table['"'] = '"';
			}

			// encode for RTF
			// encode for XML
			if ($enctype=='xml')
			return strtr($str, $xml_rep_table);

			@@ -998,17 +1189,37 @@
			if ($enctype=='js')
			{
			if ($OUTPUT->get_charset()!='UTF-8')
			$str = rcube_charset_convert($str, $GLOBALS['CHARSET'], $OUTPUT->get_charset());
			$str = rcube_charset_convert($str, RCMAIL_CHARSET, $OUTPUT->get_charset());

			return addslashes(preg_replace(array("/\r\n/", "/\r/"), array('\n', '\n'), strtr($str, $js_rep_table)));
			return preg_replace(array("/\r?\n/", "/\r/"), array('\n', '\n'), addslashes(strtr($str, $js_rep_table)));
			}

			// encode for RTF
			if ($enctype=='rtf')
			return preg_replace("/\r\n/", "\par ", strtr($str, $rtf_rep_table));

			// no encoding given -> return original string
			return $str;
			}

			/**
			* Quote a given string.
			* Shortcut function for rep_specialchars_output
			*
			* @return string HTML-quoted string
			* @see rep_specialchars_output()
			*/
			function Q($str, $mode='strict', $newlines=TRUE)
			{
			return rep_specialchars_output($str, 'html', $mode, $newlines);
			}

			/**
			* Quote a given string for javascript output.
			* Shortcut function for rep_specialchars_output
			*
			* @return string JS-quoted string
			* @see rep_specialchars_output()
			*/
			function JQ($str)
			{
			return rep_specialchars_output($str, 'js');
			}


			@@ -1057,15 +1268,39 @@
			}


			/**
			* Remove single and double quotes from given string
			*
			* @param string Input value
			* @return string Dequoted string
			*/
			function strip_quotes($str)
			{
			return preg_replace('/[\'"]/', '', $str);
			}


			// ************ template parsing and gui functions ************
			/**
			* Remove new lines characters from given string
			*
			* @param string Input value
			* @return string Stripped string
			*/
			function strip_newlines($str)
			{
			return preg_replace('/[\r\n]/', '', $str);
			}


			// return boolean if a specific template exists
			/**
			* Check if a specific template exists
			*
			* @param string Template name
			* @return boolean True if template exists
			*/
			function template_exists($name)
			{
			global $CONFIG, $OUTPUT;
			global $CONFIG;
			$skin_path = $CONFIG['skin_path'];

			// check template file
			@@ -1073,356 +1308,25 @@
			}


			// get page template an replace variable
			// similar function as used in nexImage
			function parse_template($name='main', $exit=TRUE)
			/**
			* Wrapper for rcmail_template::parse()
			* @deprecated
			*/
			function parse_template($name='main', $exit=true)
			{
			global $CONFIG, $OUTPUT;
			$skin_path = $CONFIG['skin_path'];

			// read template file
			$templ = '';
			$path = "$skin_path/templates/$name.html";

			if($fp = @fopen($path, 'r'))
			{
			$templ = fread($fp, filesize($path));
			fclose($fp);
			}
			else
			{
			raise_error(array('code' => 500,
			'type' => 'php',
			'line' => __LINE__,
			'file' => __FILE__,
			'message' => "Error loading template for '$name'"), TRUE, TRUE);
			return FALSE;
			}


			// parse for specialtags
			$output = parse_rcube_xml($templ);

			$OUTPUT->write(trim(parse_with_globals($output)), $skin_path);

			if ($exit)
			exit;
			$GLOBALS['OUTPUT']->parse($name, $exit);
			}



			// replace all strings ($varname) with the content of the according global variable
			function parse_with_globals($input)
			{
			$GLOBALS['__comm_path'] = $GLOBALS['COMM_PATH'];
			$output = preg_replace('/\$(__[a-z0-9_\-]+)/e', '$GLOBALS["\\1"]', $input);
			return $output;
			}



			function parse_rcube_xml($input)
			{
			$output = preg_replace('/<roundcube:([-_a-z]+)\s+([^>]+)>/Uie', "rcube_xml_command('\\1', '\\2')", $input);
			return $output;
			}


			function rcube_xml_command($command, $str_attrib, $add_attrib=array())
			{
			global $IMAP, $CONFIG, $OUTPUT;

			$command = strtolower($command);
			$attrib = parse_attrib_string($str_attrib) + $add_attrib;

			// execute command
			switch ($command)
			{
			// return a button
			case 'button':
			if ($attrib['command'])
			return rcube_button($attrib);
			break;

			// show a label
			case 'label':
			if ($attrib['name'] \|\| $attrib['command'])
			return rep_specialchars_output(rcube_label($attrib));
			break;

			// create a menu item
			case 'menu':
			if ($attrib['command'] && $attrib['group'])
			rcube_menu($attrib);
			break;

			// include a file
			case 'include':
			$path = realpath($CONFIG['skin_path'].$attrib['file']);

			if($fp = @fopen($path, 'r'))
			{
			$incl = fread($fp, filesize($path));
			fclose($fp);
			return parse_rcube_xml($incl);
			}
			break;

			// return code for a specific application object
			case 'object':
			$object = strtolower($attrib['name']);

			$object_handlers = array(
			// GENERAL
			'loginform' => 'rcmail_login_form',
			'username' => 'rcmail_current_username',

			// MAIL
			'mailboxlist' => 'rcmail_mailbox_list',
			'message' => 'rcmail_message_container',
			'messages' => 'rcmail_message_list',
			'messagecountdisplay' => 'rcmail_messagecount_display',
			'quotadisplay' => 'rcmail_quota_display',
			'messageheaders' => 'rcmail_message_headers',
			'messagebody' => 'rcmail_message_body',
			'messageattachments' => 'rcmail_message_attachments',
			'blockedobjects' => 'rcmail_remote_objects_msg',
			'messagecontentframe' => 'rcmail_messagecontent_frame',
			'messagepartframe' => 'rcmail_message_part_frame',
			'messagepartcontrols' => 'rcmail_message_part_controls',
			'composeheaders' => 'rcmail_compose_headers',
			'composesubject' => 'rcmail_compose_subject',
			'composebody' => 'rcmail_compose_body',
			'composeattachmentlist' => 'rcmail_compose_attachment_list',
			'composeattachmentform' => 'rcmail_compose_attachment_form',
			'composeattachment' => 'rcmail_compose_attachment_field',
			'priorityselector' => 'rcmail_priority_selector',
			'charsetselector' => 'rcmail_charset_selector',
			'searchform' => 'rcmail_search_form',
			'receiptcheckbox' => 'rcmail_receipt_checkbox',

			// ADDRESS BOOK
			'addresslist' => 'rcmail_contacts_list',
			'addressframe' => 'rcmail_contact_frame',
			'recordscountdisplay' => 'rcmail_rowcount_display',
			'contactdetails' => 'rcmail_contact_details',
			'contacteditform' => 'rcmail_contact_editform',
			'ldappublicsearch' => 'rcmail_ldap_public_search_form',
			'ldappublicaddresslist' => 'rcmail_ldap_public_list',

			// USER SETTINGS
			'userprefs' => 'rcmail_user_prefs_form',
			'itentitieslist' => 'rcmail_identities_list',
			'identityframe' => 'rcmail_identity_frame',
			'identityform' => 'rcube_identity_form',
			'foldersubscription' => 'rcube_subscription_form',
			'createfolder' => 'rcube_create_folder_form',
			'renamefolder' => 'rcube_rename_folder_form',
			'composebody' => 'rcmail_compose_body'
			);


			// execute object handler function
			if ($object_handlers[$object] && function_exists($object_handlers[$object]))
			return call_user_func($object_handlers[$object], $attrib);

			else if ($object=='productname')
			{
			$name = !empty($CONFIG['product_name']) ? $CONFIG['product_name'] : 'RoundCube Webmail';
			return rep_specialchars_output($name, 'html', 'all');
			}
			else if ($object=='version')
			{
			return (string)RCMAIL_VERSION;
			}
			else if ($object=='pagetitle')
			{
			$task = $GLOBALS['_task'];
			$title = !empty($CONFIG['product_name']) ? $CONFIG['product_name'].' :: ' : '';

			if ($task=='login')
			$title = rcube_label(array('name' => 'welcome', 'vars' => array('product' => $CONFIG['product_name'])));
			else if ($task=='mail' && isset($GLOBALS['MESSAGE']['subject']))
			$title .= $GLOBALS['MESSAGE']['subject'];
			else if (isset($GLOBALS['PAGE_TITLE']))
			$title .= $GLOBALS['PAGE_TITLE'];
			else if ($task=='mail' && ($mbox_name = $IMAP->get_mailbox_name()))
			$title .= rcube_charset_convert($mbox_name, 'UTF-7', 'UTF-8');
			else
			$title .= ucfirst($task);

			return rep_specialchars_output($title, 'html', 'all');
			}

			break;
			}

			return '';
			}


			// create and register a button
			function rcube_button($attrib)
			{
			global $CONFIG, $OUTPUT, $JS_OBJECT_NAME, $BROWSER, $COMM_PATH, $MAIN_TASKS;
			static $sa_buttons = array();
			static $s_button_count = 100;

			// these commands can be called directly via url
			$a_static_commands = array('compose', 'list');

			$skin_path = $CONFIG['skin_path'];

			if (!($attrib['command'] \|\| $attrib['name']))
			return '';

			// try to find out the button type
			if ($attrib['type'])
			$attrib['type'] = strtolower($attrib['type']);
			else
			$attrib['type'] = ($attrib['image'] \|\| $attrib['imagepas'] \|\| $arg['imageact']) ? 'image' : 'link';


			$command = $attrib['command'];

			// take the button from the stack
			if($attrib['name'] && $sa_buttons[$attrib['name']])
			$attrib = $sa_buttons[$attrib['name']];

			// add button to button stack
			else if($attrib['image'] \|\| $arg['imageact'] \|\| $attrib['imagepas'] \|\| $attrib['class'])
			{
			if(!$attrib['name'])
			$attrib['name'] = $command;

			if (!$attrib['image'])
			$attrib['image'] = $attrib['imagepas'] ? $attrib['imagepas'] : $attrib['imageact'];

			$sa_buttons[$attrib['name']] = $attrib;
			}

			// get saved button for this command/name
			else if ($command && $sa_buttons[$command])
			$attrib = $sa_buttons[$command];

			//else
			// return '';


			// set border to 0 because of the link arround the button
			if ($attrib['type']=='image' && !isset($attrib['border']))
			$attrib['border'] = 0;

			if (!$attrib['id'])
			$attrib['id'] = sprintf('rcmbtn%d', $s_button_count++);

			// get localized text for labels and titles
			if ($attrib['title'])
			$attrib['title'] = rep_specialchars_output(rcube_label($attrib['title']));
			if ($attrib['label'])
			$attrib['label'] = rep_specialchars_output(rcube_label($attrib['label']));

			if ($attrib['alt'])
			$attrib['alt'] = rep_specialchars_output(rcube_label($attrib['alt']));

			// set title to alt attribute for IE browsers
			if ($BROWSER['ie'] && $attrib['title'] && !$attrib['alt'])
			{
			$attrib['alt'] = $attrib['title'];
			unset($attrib['title']);
			}

			// add empty alt attribute for XHTML compatibility
			if (!isset($attrib['alt']))
			$attrib['alt'] = '';


			// register button in the system
			if ($attrib['command'])
			{
			$OUTPUT->add_script(sprintf("%s.register_button('%s', '%s', '%s', '%s', '%s', '%s');",
			$JS_OBJECT_NAME,
			$command,
			$attrib['id'],
			$attrib['type'],
			$attrib['imageact'] ? $skin_path.$attrib['imageact'] : $attrib['classact'],
			$attrib['imagesel'] ? $skin_path.$attrib['imagesel'] : $attrib['classsel'],
			$attrib['imageover'] ? $skin_path.$attrib['imageover'] : ''));

			// make valid href to specific buttons
			if (in_array($attrib['command'], $MAIN_TASKS))
			$attrib['href'] = htmlentities(ereg_replace('_task=[a-z]+', '_task='.$attrib['command'], $COMM_PATH));
			else if (in_array($attrib['command'], $a_static_commands))
			$attrib['href'] = htmlentities($COMM_PATH.'&_action='.$attrib['command']);
			}

			// overwrite attributes
			if (!$attrib['href'])
			$attrib['href'] = '#';

			if ($command)
			$attrib['onclick'] = sprintf("return %s.command('%s','%s',this)", $JS_OBJECT_NAME, $command, $attrib['prop']);

			if ($command && $attrib['imageover'])
			{
			$attrib['onmouseover'] = sprintf("return %s.button_over('%s','%s')", $JS_OBJECT_NAME, $command, $attrib['id']);
			$attrib['onmouseout'] = sprintf("return %s.button_out('%s','%s')", $JS_OBJECT_NAME, $command, $attrib['id']);
			}

			if ($command && $attrib['imagesel'])
			{
			$attrib['onmousedown'] = sprintf("return %s.button_sel('%s','%s')", $JS_OBJECT_NAME, $command, $attrib['id']);
			$attrib['onmouseup'] = sprintf("return %s.button_out('%s','%s')", $JS_OBJECT_NAME, $command, $attrib['id']);
			}

			$out = '';

			// generate image tag
			if ($attrib['type']=='image')
			{
			$attrib_str = create_attrib_string($attrib, array('style', 'class', 'id', 'width', 'height', 'border', 'hspace', 'vspace', 'align', 'alt'));
			$img_tag = sprintf('<img src="%%s"%s />', $attrib_str);
			$btn_content = sprintf($img_tag, $skin_path.$attrib['image']);
			if ($attrib['label'])
			$btn_content .= ' '.$attrib['label'];

			$link_attrib = array('href', 'onclick', 'onmouseover', 'onmouseout', 'onmousedown', 'onmouseup', 'title');
			}
			else if ($attrib['type']=='link')
			{
			$btn_content = $attrib['label'] ? $attrib['label'] : $attrib['command'];
			$link_attrib = array('href', 'onclick', 'title', 'id', 'class', 'style');
			}
			else if ($attrib['type']=='input')
			{
			$attrib['type'] = 'button';

			if ($attrib['label'])
			$attrib['value'] = $attrib['label'];

			$attrib_str = create_attrib_string($attrib, array('type', 'value', 'onclick', 'id', 'class', 'style'));
			$out = sprintf('<input%s disabled />', $attrib_str);
			}

			// generate html code for button
			if ($btn_content)
			{
			$attrib_str = create_attrib_string($attrib, $link_attrib);
			$out = sprintf('<a%s>%s</a>', $attrib_str, $btn_content);
			}

			return $out;
			}


			function rcube_menu($attrib)
			{

			return '';
			}



			/**
			* Create a HTML table based on the given data
			*
			* @param array Named table attributes
			* @param mixed Table row data. Either a two-dimensional array or a valid SQL result set
			* @param array List of cols to show
			* @param string Name of the identifier col
			* @return string HTML table code
			*/
			function rcube_table_output($attrib, $table_data, $a_show_cols, $id_col)
			{
			global $DB;
			@@ -1436,12 +1340,11 @@
			$table .= "<thead><tr>\n";

			foreach ($a_show_cols as $col)
			$table .= '<td class="'.$col.'">' . rep_specialchars_output(rcube_label($col)) . "</td>\n";
			$table .= '<td class="'.$col.'">' . Q(rcube_label($col)) . "</td>\n";

			$table .= "</tr></thead>\n<tbody>\n";

			$c = 0;

			if (!is_array($table_data))
			{
			while ($table_data && ($sql_arr = $DB->fetch_assoc($table_data)))
			@@ -1453,8 +1356,8 @@
			// format each col
			foreach ($a_show_cols as $col)
			{
			$cont = rep_specialchars_output($sql_arr[$col]);
			$table .= '<td class="'.$col.'">' . $cont . "</td>\n";
			$cont = Q($sql_arr[$col]);
			$table .= '<td class="'.$col.'">' . $cont . "</td>\n";
			}

			$table .= "</tr>\n";
			@@ -1472,8 +1375,8 @@
			// format each col
			foreach ($a_show_cols as $col)
			{
			$cont = rep_specialchars_output($row_data[$col]);
			$table .= '<td class="'.$col.'">' . $cont . "</td>\n";
			$cont = Q($row_data[$col]);
			$table .= '<td class="'.$col.'">' . $cont . "</td>\n";
			}

			$table .= "</tr>\n";
			@@ -1488,7 +1391,15 @@
			}



			/**
			* Create an edit field for inclusion on a form
			*
			* @param string col field name
			* @param string value field value
			* @param array attrib HTML element attributes for field
			* @param string type HTML element type (default 'text')
			* @return string HTML field definition
			*/
			function rcmail_get_edit_field($col, $value, $attrib, $type='text')
			{
			$fname = '_'.$col;
			@@ -1517,7 +1428,36 @@
			}


			// compose a valid attribute string for HTML tags
			/**
			* Return the mail domain configured for the given host
			*
			* @param string IMAP host
			* @return string Resolved SMTP host
			*/
			function rcmail_mail_domain($host)
			{
			global $CONFIG;

			$domain = $host;
			if (is_array($CONFIG['mail_domain']))
			{
			if (isset($CONFIG['mail_domain'][$host]))
			$domain = $CONFIG['mail_domain'][$host];
			}
			else if (!empty($CONFIG['mail_domain']))
			$domain = $CONFIG['mail_domain'];

			return $domain;
			}


			/**
			* Compose a valid attribute string for HTML tags
			*
			* @param array Named tag attributes
			* @param array List of allowed attributes
			* @return string HTML formatted attribute string
			*/
			function create_attrib_string($attrib, $allowed_attribs=array('id', 'class', 'style'))
			{
			// allow the following attributes to be added to the <iframe> tag
			@@ -1530,21 +1470,34 @@
			}


			// convert a HTML attribute string attributes to an associative array (name => value)
			/**
			* Convert a HTML attribute string attributes to an associative array (name => value)
			*
			* @param string Input string
			* @return array Key-value pairs of parsed attributes
			*/
			function parse_attrib_string($str)
			{
			$attrib = array();
			preg_match_all('/\s*([-_a-z]+)=["]([^"]+)["]?/i', stripslashes($str), $regs, PREG_SET_ORDER);
			preg_match_all('/\s*([-_a-z]+)=(["\'])([^"]+)\2/Ui', stripslashes($str), $regs, PREG_SET_ORDER);

			// convert attributes to an associative array (name => value)
			if ($regs)
			foreach ($regs as $attr)
			$attrib[strtolower($attr[1])] = $attr[2];
			$attrib[strtolower($attr[1])] = $attr[3];

			return $attrib;
			}


			/**
			* Convert the given date to a human readable form
			* This uses the date formatting properties from config
			*
			* @param mixed Date representation (string or timestamp)
			* @param string Date format to use
			* @return string Formatted date string
			*/
			function format_date($date, $format=NULL)
			{
			global $CONFIG, $sess_user_lang;
			@@ -1571,15 +1524,15 @@
			$now = time(); // local time
			$now -= (int)date('Z'); // make GMT time
			$now += ($tz * 3600); // user's time
			$now_date = getdate();
			$now_date = getdate($now);

			$today_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday'], $now_date['year']);
			$week_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday']-6, $now_date['year']);

			// define date format depending on current time
			if ($CONFIG['prettydate'] && !$format && $timestamp > $today_limit)
			return sprintf('%s %s', rcube_label('today'), date('H:i', $timestamp));
			else if ($CONFIG['prettydate'] && !$format && $timestamp > $week_limit)
			if ($CONFIG['prettydate'] && !$format && $timestamp > $today_limit && $timestamp < $now)
			return sprintf('%s %s', rcube_label('today'), date($CONFIG['date_today'] ? $CONFIG['date_today'] : 'H:i', $timestamp));
			else if ($CONFIG['prettydate'] && !$format && $timestamp > $week_limit && $timestamp < $now)
			$format = $CONFIG['date_short'] ? $CONFIG['date_short'] : 'D H:i';
			else if (!$format)
			$format = $CONFIG['date_long'] ? $CONFIG['date_long'] : 'd.m.Y H:i';
			@@ -1616,166 +1569,21 @@
			}


			// ************ functions delivering gui objects ************



			function rcmail_message_container($attrib)
			/**
			* Compose a valid representaion of name and e-mail address
			*
			* @param string E-mail address
			* @param string Person name
			* @return string Formatted string
			*/
			function format_email_recipient($email, $name='')
			{
			global $OUTPUT, $JS_OBJECT_NAME;

			if (!$attrib['id'])
			$attrib['id'] = 'rcmMessageContainer';

			// allow the following attributes to be added to the <table> tag
			$attrib_str = create_attrib_string($attrib, array('style', 'class', 'id'));
			$out = '<div' . $attrib_str . "></div>";

			$OUTPUT->add_script("$JS_OBJECT_NAME.gui_object('message', '$attrib[id]');");

			return $out;
			}


			// return the IMAP username of the current session
			function rcmail_current_username($attrib)
			{
			global $DB;
			static $s_username;

			// alread fetched
			if (!empty($s_username))
			return $s_username;

			// get e-mail address form default identity
			$sql_result = $DB->query("SELECT email AS mailto
			FROM ".get_table_name('identities')."
			WHERE user_id=?
			AND standard=1
			AND del<>1",
			$_SESSION['user_id']);

			if ($DB->num_rows($sql_result))
			{
			$sql_arr = $DB->fetch_assoc($sql_result);
			$s_username = $sql_arr['mailto'];
			}
			else if (strstr($_SESSION['username'], '@'))
			$s_username = $_SESSION['username'];
			if ($name && $name != $email)
			return sprintf('%s <%s>', strpos($name, ",") ? '"'.$name.'"' : $name, $email);
			else
			$s_username = $_SESSION['username'].'@'.$_SESSION['imap_host'];

			return $s_username;
			return $email;
			}


			// return code for the webmail login form
			function rcmail_login_form($attrib)
			{
			global $CONFIG, $OUTPUT, $JS_OBJECT_NAME, $SESS_HIDDEN_FIELD;

			$labels = array();
			$labels['user'] = rcube_label('username');
			$labels['pass'] = rcube_label('password');
			$labels['host'] = rcube_label('server');

			$input_user = new textfield(array('name' => '_user', 'id' => 'rcmloginuser', 'size' => 30));
			$input_pass = new passwordfield(array('name' => '_pass', 'id' => 'rcmloginpwd', 'size' => 30));
			$input_action = new hiddenfield(array('name' => '_action', 'value' => 'login'));

			$fields = array();
			$fields['user'] = $input_user->show(get_input_value('_user', RCUBE_INPUT_POST));
			$fields['pass'] = $input_pass->show();
			$fields['action'] = $input_action->show();

			if (is_array($CONFIG['default_host']))
			{
			$select_host = new select(array('name' => '_host', 'id' => 'rcmloginhost'));

			foreach ($CONFIG['default_host'] as $key => $value)
			$select_host->add($value, (is_numeric($key) ? $value : $key));

			$fields['host'] = $select_host->show($_POST['_host']);
			}
			else if (!strlen($CONFIG['default_host']))
			{
			$input_host = new textfield(array('name' => '_host', 'id' => 'rcmloginhost', 'size' => 30));
			$fields['host'] = $input_host->show($_POST['_host']);
			}

			$form_name = strlen($attrib['form']) ? $attrib['form'] : 'form';
			$form_start = !strlen($attrib['form']) ? '<form name="form" action="./" method="post">' : '';
			$form_end = !strlen($attrib['form']) ? '</form>' : '';

			if ($fields['host'])
			$form_host = <<<EOF

			</tr><tr>

			<td class="title"><label for="rcmloginhost">$labels[host]</label></td>
			<td>$fields[host]</td>

			EOF;

			$OUTPUT->add_script("$JS_OBJECT_NAME.gui_object('loginform', '$form_name');");

			$out = <<<EOF
			$form_start
			$SESS_HIDDEN_FIELD
			$fields[action]
			<table><tr>

			<td class="title"><label for="rcmloginuser">$labels[user]</label></td>
			<td>$fields[user]</td>

			</tr><tr>

			<td class="title"><label for="rcmloginpwd">$labels[pass]</label></td>
			<td>$fields[pass]</td>
			$form_host
			</tr></table>
			$form_end
			EOF;

			return $out;
			}


			function rcmail_charset_selector($attrib)
			{
			global $OUTPUT;

			// pass the following attributes to the form class
			$field_attrib = array('name' => '_charset');
			foreach ($attrib as $attr => $value)
			if (in_array($attr, array('id', 'class', 'style', 'size', 'tabindex')))
			$field_attrib[$attr] = $value;

			$charsets = array(
			'US-ASCII' => 'ASCII (English)',
			'EUC-JP' => 'EUC-JP (Japanese)',
			'EUC-KR' => 'EUC-KR (Korean)',
			'BIG5' => 'BIG5 (Chinese)',
			'GB2312' => 'GB2312 (Chinese)',
			'ISO-2022-JP' => 'ISO-2022-JP (Japanese)',
			'ISO-8859-1' => 'ISO-8859-1 (Latin-1)',
			'ISO-8859-2' => 'ISO-8895-2 (Central European)',
			'ISO-8859-7' => 'ISO-8859-7 (Greek)',
			'ISO-8859-9' => 'ISO-8859-9 (Turkish)',
			'Windows-1251' => 'Windows-1251 (Cyrillic)',
			'Windows-1252' => 'Windows-1252 (Western)',
			'Windows-1255' => 'Windows-1255 (Hebrew)',
			'Windows-1256' => 'Windows-1256 (Arabic)',
			'Windows-1257' => 'Windows-1257 (Baltic)',
			'UTF-8' => 'UTF-8'
			);

			$select = new select($field_attrib);
			$select->add(array_values($charsets), array_keys($charsets));

			$set = $_POST['_charset'] ? $_POST['_charset'] : $OUTPUT->get_charset();
			return $select->show($set);
			}


			/**** debugging functions ******/
			@@ -1813,7 +1621,10 @@
			*/
			function write_log($name, $line)
			{
			global $CONFIG;
			global $CONFIG, $INSTALL_PATH;

			if (!is_string($line))
			$line = var_export($line, true);

			$log_entry = sprintf("[%s]: %s\n",
			date("d-M-Y H:i:s O", mktime()),
			@@ -1831,6 +1642,9 @@
			}


			/**
			* @access private
			*/
			function rcube_timer()
			{
			list($usec, $sec) = explode(" ", microtime());
			@@ -1838,6 +1652,9 @@
			}


			/**
			* @access private
			*/
			function rcube_print_time($timer, $label='Timer')
			{
			static $print_count = 0;
			@@ -1852,4 +1669,234 @@
			console(sprintf("%s: %0.4f sec", $label, $diff));
			}


			/**
			* Return the mailboxlist in HTML
			*
			* @param array Named parameters
			* @return string HTML code for the gui object
			*/
			function rcmail_mailbox_list($attrib)
			{
			global $IMAP, $CONFIG, $OUTPUT, $COMM_PATH;
			static $s_added_script = FALSE;
			static $a_mailboxes;

			// add some labels to client
			rcube_add_label('purgefolderconfirm');
			rcube_add_label('deletemessagesconfirm');

			// $mboxlist_start = rcube_timer();

			$type = $attrib['type'] ? $attrib['type'] : 'ul';
			$add_attrib = $type=='select' ? array('style', 'class', 'id', 'name', 'onchange') :
			array('style', 'class', 'id');

			if ($type=='ul' && !$attrib['id'])
			$attrib['id'] = 'rcmboxlist';

			// allow the following attributes to be added to the <ul> tag
			$attrib_str = create_attrib_string($attrib, $add_attrib);

			$out = '<' . $type . $attrib_str . ">\n";

			// add no-selection option
			if ($type=='select' && $attrib['noselection'])
			$out .= sprintf('<option value="0">%s</option>'."\n",
			rcube_label($attrib['noselection']));

			// get mailbox list
			$mbox_name = $IMAP->get_mailbox_name();

			// for these mailboxes we have localized labels
			$special_mailboxes = array('inbox', 'sent', 'drafts', 'trash', 'junk');


			// build the folders tree
			if (empty($a_mailboxes))
			{
			// get mailbox list
			$a_folders = $IMAP->list_mailboxes();
			$delimiter = $IMAP->get_hierarchy_delimiter();
			$a_mailboxes = array();

			// rcube_print_time($mboxlist_start, 'list_mailboxes()');

			foreach ($a_folders as $folder)
			rcmail_build_folder_tree($a_mailboxes, $folder, $delimiter);
			}

			// var_dump($a_mailboxes);

			if ($type=='select')
			$out .= rcmail_render_folder_tree_select($a_mailboxes, $special_mailboxes, $mbox_name, $attrib['maxlength']);
			else
			$out .= rcmail_render_folder_tree_html($a_mailboxes, $special_mailboxes, $mbox_name, $attrib['maxlength']);

			// rcube_print_time($mboxlist_start, 'render_folder_tree()');


			if ($type=='ul')
			$OUTPUT->add_gui_object('mailboxlist', $attrib['id']);

			return $out . "</$type>";
			}




			/**
			* Create a hierarchical array of the mailbox list
			* @access private
			*/
			function rcmail_build_folder_tree(&$arrFolders, $folder, $delm='/', $path='')
			{
			$pos = strpos($folder, $delm);
			if ($pos !== false)
			{
			$subFolders = substr($folder, $pos+1);
			$currentFolder = substr($folder, 0, $pos);
			}
			else
			{
			$subFolders = false;
			$currentFolder = $folder;
			}

			$path .= $currentFolder;

			if (!isset($arrFolders[$currentFolder]))
			{
			$arrFolders[$currentFolder] = array('id' => $path,
			'name' => rcube_charset_convert($currentFolder, 'UTF-7'),
			'folders' => array());
			}

			if (!empty($subFolders))
			rcmail_build_folder_tree($arrFolders[$currentFolder]['folders'], $subFolders, $delm, $path.$delm);
			}


			/**
			* Return html for a structured list <ul> for the mailbox tree
			* @access private
			*/
			function rcmail_render_folder_tree_html(&$arrFolders, &$special, &$mbox_name, $maxlength, $nestLevel=0)
			{
			global $COMM_PATH, $IMAP, $CONFIG, $OUTPUT;

			$idx = 0;
			$out = '';
			foreach ($arrFolders as $key => $folder)
			{
			$zebra_class = ($nestLevel*$idx)%2 ? 'even' : 'odd';
			$title = '';

			$folder_lc = strtolower($folder['id']);
			if (in_array($folder_lc, $special))
			$foldername = rcube_label($folder_lc);
			else
			{
			$foldername = $folder['name'];

			// shorten the folder name to a given length
			if ($maxlength && $maxlength>1)
			{
			$fname = abbrevate_string($foldername, $maxlength);
			if ($fname != $foldername)
			$title = ' title="'.Q($foldername).'"';
			$foldername = $fname;
			}
			}

			// add unread message count display
			if ($unread_count = $IMAP->messagecount($folder['id'], 'RECENT', ($folder['id']==$mbox_name)))
			$foldername .= sprintf(' (%d)', $unread_count);

			// make folder name safe for ids and class names
			$folder_id = preg_replace('/[^A-Za-z0-9\-_]/', '', $folder['id']);
			$class_name = preg_replace('/[^a-z0-9\-_]/', '', $folder_lc);

			// set special class for Sent, Drafts, Trash and Junk
			if ($folder['id']==$CONFIG['sent_mbox'])
			$class_name = 'sent';
			else if ($folder['id']==$CONFIG['drafts_mbox'])
			$class_name = 'drafts';
			else if ($folder['id']==$CONFIG['trash_mbox'])
			$class_name = 'trash';
			else if ($folder['id']==$CONFIG['junk_mbox'])
			$class_name = 'junk';

			$js_name = htmlspecialchars(JQ($folder['id']));
			$out .= sprintf('<li id="rcmli%s" class="mailbox %s %s%s%s"><a href="%s"'.
			' onclick="return %s.command(\'list\',\'%s\',this)"'.
			' onmouseover="return %s.focus_folder(\'%s\')"' .
			' onmouseout="return %s.unfocus_folder(\'%s\')"' .
			' onmouseup="return %s.folder_mouse_up(\'%s\')"%s>%s</a>',
			$folder_id,
			$class_name,
			$zebra_class,
			$unread_count ? ' unread' : '',
			$folder['id']==$mbox_name ? ' selected' : '',
			Q(rcmail_url('', array('_mbox' => $folder['id']))),
			JS_OBJECT_NAME,
			$js_name,
			JS_OBJECT_NAME,
			$js_name,
			JS_OBJECT_NAME,
			$js_name,
			JS_OBJECT_NAME,
			$js_name,
			$title,
			Q($foldername));

			if (!empty($folder['folders']))
			$out .= "\n<ul>\n" . rcmail_render_folder_tree_html($folder['folders'], $special, $mbox_name, $maxlength, $nestLevel+1) . "</ul>\n";

			$out .= "</li>\n";
			$idx++;
			}

			return $out;
			}


			/**
			* Return html for a flat list <select> for the mailbox tree
			* @access private
			*/
			function rcmail_render_folder_tree_select(&$arrFolders, &$special, &$mbox_name, $maxlength, $nestLevel=0)
			{
			global $IMAP, $OUTPUT;

			$idx = 0;
			$out = '';
			foreach ($arrFolders as $key=>$folder)
			{
			$folder_lc = strtolower($folder['id']);
			if (in_array($folder_lc, $special))
			$foldername = rcube_label($folder_lc);
			else
			{
			$foldername = $folder['name'];

			// shorten the folder name to a given length
			if ($maxlength && $maxlength>1)
			$foldername = abbrevate_string($foldername, $maxlength);
			}

			$out .= sprintf('<option value="%s">%s%s</option>'."\n",
			htmlspecialchars($folder['id']),
			str_repeat(' ', $nestLevel*4),
			Q($foldername));

			if (!empty($folder['folders']))
			$out .= rcmail_render_folder_tree_select($folder['folders'], $special, $mbox_name, $maxlength, $nestLevel+1);

			$idx++;
			}

			return $out;
			}

			?>