- Applied fixes from trunk
| | |
| | | CHANGELOG Roundcube Webmail |
| | | =========================== |
| | | |
| | | - Fix SQL query in rcube_user::query() so it uses index on MySQL again |
| | | - Use only one from IMAP authentication methods to prevent login delays (1487784) |
| | | - Fix strftime format support in date_today option |
| | | - Removed redundant </form> tags from contact add/edit pages |
| | | - Fix CSS error in contact details screen on IE7 (#1487775) |
| | | |
| | |
| | | * @return string Formatted date string |
| | | */ |
| | | function format_date($date, $format=NULL) |
| | | { |
| | | { |
| | | global $CONFIG; |
| | | |
| | | $ts = NULL; |
| | |
| | | |
| | | if (empty($ts)) |
| | | return ''; |
| | | |
| | | |
| | | // get user's timezone |
| | | if ($CONFIG['timezone'] === 'auto') |
| | | $tz = isset($_SESSION['timezone']) ? $_SESSION['timezone'] : date('Z')/3600; |
| | |
| | | |
| | | // convert time to user's timezone |
| | | $timestamp = $ts - date('Z', $ts) + ($tz * 3600); |
| | | |
| | | |
| | | // get current timestamp in user's timezone |
| | | $now = time(); // local time |
| | | $now -= (int)date('Z'); // make GMT time |
| | |
| | | $now_date = getdate($now); |
| | | |
| | | $today_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday'], $now_date['year']); |
| | | $week_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday']-6, $now_date['year']); |
| | | $week_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday']-6, $now_date['year']); |
| | | |
| | | // define date format depending on current time |
| | | if (!$format) { |
| | | if ($CONFIG['prettydate'] && $timestamp > $today_limit && $timestamp < $now) |
| | | return sprintf('%s %s', rcube_label('today'), date($CONFIG['date_today'] ? $CONFIG['date_today'] : 'H:i', $timestamp)); |
| | | if ($CONFIG['prettydate'] && $timestamp > $today_limit && $timestamp < $now) { |
| | | $format = $CONFIG['date_today'] ? $CONFIG['date_today'] : 'H:i'; |
| | | $today = true; |
| | | } |
| | | else if ($CONFIG['prettydate'] && $timestamp > $week_limit && $timestamp < $now) |
| | | $format = $CONFIG['date_short'] ? $CONFIG['date_short'] : 'D H:i'; |
| | | else |
| | | $format = $CONFIG['date_long'] ? $CONFIG['date_long'] : 'd.m.Y H:i'; |
| | | } |
| | | } |
| | | |
| | | // strftime() format |
| | | if (preg_match('/%[a-z]+/i', $format)) |
| | | return strftime($format, $timestamp); |
| | | if (preg_match('/%[a-z]+/i', $format)) { |
| | | $format = strftime($format, $timestamp); |
| | | return $today ? (rcube_label('today') . ' ' . $format) : $format; |
| | | } |
| | | |
| | | // parse format string manually in order to provide localized weekday and month names |
| | | // an alternative would be to convert the date() format string to fit with strftime() |
| | | $out = ''; |
| | | for($i=0; $i<strlen($format); $i++) |
| | | { |
| | | for($i=0; $i<strlen($format); $i++) { |
| | | if ($format{$i}=='\\') // skip escape chars |
| | | continue; |
| | | |
| | | |
| | | // write char "as-is" |
| | | if ($format{$i}==' ' || $format{$i-1}=='\\') |
| | | $out .= $format{$i}; |
| | |
| | | $out .= strftime('%x %X', $timestamp); |
| | | else |
| | | $out .= date($format{$i}, $timestamp); |
| | | } |
| | | |
| | | return $out; |
| | | } |
| | | |
| | | return $today ? (rcube_label('today') . ' ' . $out) : $out; |
| | | } |
| | | |
| | | |
| | | /** |
| | | * Compose a valid representation of name and e-mail address |
| | |
| | | */ |
| | | public function shutdown() |
| | | { |
| | | if (is_object($this->imap)) |
| | | $this->imap->close(); |
| | | |
| | | if (is_object($this->smtp)) |
| | | $this->smtp->disconnect(); |
| | | |
| | |
| | | } |
| | | } |
| | | |
| | | if (is_object($this->imap)) |
| | | $this->imap->close(); |
| | | |
| | | return $base64 ? base64_encode($cipher) : $cipher; |
| | | } |
| | | |
| | |
| | | // Now we're secure, capabilities need to be reread |
| | | $this->clearCapability(); |
| | | } |
| | | |
| | | // Use best (for security) supported authentication method |
| | | foreach (array('DIGEST-MD5', 'CRAM-MD5', 'CRAM_MD5', 'PLAIN', 'LOGIN') as $auth_method) { |
| | | if (in_array($auth_method, $auth_methods)) { |
| | | break; |
| | | } |
| | | } |
| | | } |
| | | |
| | | // Send ID info |
| | |
| | | else if (!$login_disabled) { |
| | | $auth_methods[] = 'LOGIN'; |
| | | } |
| | |
|
| | | // Use best (for security) supported authentication method
|
| | | foreach (array('DIGEST-MD5', 'CRAM-MD5', 'CRAM_MD5', 'PLAIN', 'LOGIN') as $auth_method) {
|
| | | if (in_array($auth_method, $auth_methods)) {
|
| | | break;
|
| | | }
|
| | | }
|
| | | } |
| | | else { |
| | | // Prevent from sending credentials in plain text when connection is not secure |
| | |
| | | return false; |
| | | } |
| | | // replace AUTH with CRAM-MD5 for backward compat. |
| | | $auth_methods[] = $auth_method == 'AUTH' ? 'CRAM-MD5' : $auth_method; |
| | | if ($auth_method == 'AUTH') { |
| | | $auth_method = 'CRAM-MD5'; |
| | | } |
| | | } |
| | | |
| | | // pre-login capabilities can be not complete |
| | | $this->capability_readed = false; |
| | | |
| | | // Authenticate |
| | | foreach ($auth_methods as $method) { |
| | | switch ($method) { |
| | | switch ($auth_method) { |
| | | case 'CRAM_MD5': |
| | | $method = 'CRAM-MD5'; |
| | | $auth_method = 'CRAM-MD5'; |
| | | case 'CRAM-MD5': |
| | | case 'DIGEST-MD5': |
| | | case 'PLAIN': |
| | | $result = $this->authenticate($user, $password, $method); |
| | | $result = $this->authenticate($user, $password, $auth_method); |
| | | break; |
| | | case 'LOGIN': |
| | | $result = $this->login($user, $password); |
| | | break; |
| | | default: |
| | | $this->setError(self::ERROR_BAD, "Configuration error. Unknown auth method: $method"); |
| | | } |
| | | |
| | | if (is_resource($result)) { |
| | | break; |
| | | } |
| | | $this->setError(self::ERROR_BAD, "Configuration error. Unknown auth method: $auth_method"); |
| | | } |
| | | |
| | | // Connected and authenticated |
| | |
| | | $dbh = rcmail::get_instance()->get_dbh(); |
| | | |
| | | // use BINARY (case-sensitive) comparison on MySQL, other engines are case-sensitive |
| | | $prefix = preg_match('/^mysql/', $dbh->db_provider) ? 'BINARY ' : ''; |
| | | $mod = preg_match('/^mysql/', $dbh->db_provider) ? 'BINARY' : ''; |
| | | |
| | | // query for matching user name |
| | | $query = "SELECT * FROM ".get_table_name('users')." WHERE mail_host = ? AND %s = ?"; |
| | | |
| | | $sql_result = $dbh->query(sprintf($query, $prefix.'username'), $host, $user); |
| | | $query = "SELECT * FROM ".get_table_name('users')." WHERE mail_host = ? AND %s = $mod ?"; |
| | | $sql_result = $dbh->query(sprintf($query, 'username'), $host, $user); |
| | | |
| | | // query for matching alias |
| | | if (!($sql_arr = $dbh->fetch_assoc($sql_result))) { |
| | | $sql_result = $dbh->query(sprintf($query, $prefix.'alias'), $host, $user); |
| | | $sql_result = $dbh->query(sprintf($query, 'alias'), $host, $user); |
| | | $sql_arr = $dbh->fetch_assoc($sql_result); |
| | | } |
| | | |