| | |
|---|
| | | |
|---|
| | | // try to log in |
|---|
| | | if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') { |
|---|
| | | $request_valid = $_SESSION['temp'] && $RCMAIL->check_request(RCUBE_INPUT_POST, 'login'); |
|---|
| | | |
|---|
| | | // purge the session in case of new login when a session already exists |
|---|
| | | $RCMAIL->kill_session(); |
|---|
| | | |
|---|
| | |
|---|
| | | 'pass' => get_input_value('_pass', RCUBE_INPUT_POST, true, |
|---|
| | | $RCMAIL->config->get('password_charset', 'ISO-8859-1')), |
|---|
| | | 'cookiecheck' => true, |
|---|
| | | 'valid' => $request_valid, |
|---|
| | | )); |
|---|
| | | |
|---|
| | | // check if client supports cookies |
|---|
| | | if ($auth['cookiecheck'] && empty($_COOKIE)) { |
|---|
| | | $OUTPUT->show_message("cookiesdisabled", 'warning'); |
|---|
| | | } |
|---|
| | | else if ($_SESSION['temp'] && !$auth['abort'] && |
|---|
| | | else if ($auth['valid'] && !$auth['abort'] && |
|---|
| | | !empty($auth['host']) && !empty($auth['user']) && |
|---|
| | | $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'])) { |
|---|
| | | // create new session ID |
|---|
| | |
|---|
| | | else { |
|---|
| | | $error_code = is_object($IMAP) ? $IMAP->get_error_code() : -1; |
|---|
| | | |
|---|
| | | $OUTPUT->show_message($error_code < -1 ? 'imaperror' : 'loginfailed', 'warning'); |
|---|
| | | $OUTPUT->show_message($error_code < -1 ? 'imaperror' : (!$auth['valid'] ? 'invalidrequest' : 'loginfailed'), 'warning'); |
|---|
| | | $RCMAIL->plugins->exec_hook('login_failed', array( |
|---|
| | | 'code' => $error_code, 'host' => $auth['host'], 'user' => $auth['user'])); |
|---|
| | | $RCMAIL->kill_session(); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | // end session |
|---|
| | | else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id'])) { |
|---|
| | | // end session (after optional referer check) |
|---|
| | | else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id']) && (!$RCMAIL->config->get('referer_check') || rcube_check_referer())) { |
|---|
| | | $userdata = array('user' => $_SESSION['username'], 'host' => $_SESSION['imap_host'], 'lang' => $RCMAIL->user->language); |
|---|
| | | $OUTPUT->show_message('loggedout'); |
|---|
| | | $RCMAIL->logout_actions(); |
|---|
| | |
|---|
| | | ); |
|---|
| | | } |
|---|
| | | |
|---|
| | | $OUTPUT->set_env('task', 'login'); |
|---|
| | | $RCMAIL->set_task('login'); |
|---|
| | | $OUTPUT->send('login'); |
|---|
| | | } |
|---|
| | | // CSRF prevention |
|---|
| | |
|---|
| | | $OUTPUT->show_message('invalidrequest', 'error'); |
|---|
| | | $OUTPUT->send($RCMAIL->task); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // check referer if configured |
|---|
| | | if (!$request_check_whitelist[$RCMAIL->action] && $RCMAIL->config->get('referer_check') && !rcube_check_referer()) { |
|---|
| | | raise_error(array( |
|---|
| | | 'code' => 403, |
|---|
| | | 'type' => 'php', |
|---|
| | | 'message' => "Referer check failed"), true, true); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | // handle special actions |
|---|
