From 11526305f506245af55e8ae7ea31faec49dfd98d Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Mon, 02 Mar 2009 12:34:18 -0500
Subject: [PATCH] Revert r2322; this is done in rcmail_html4inline() and now secured + fix tests

---
 index.php |   65 +++++++++++++++++---------------
 1 files changed, 34 insertions(+), 31 deletions(-)

diff --git a/index.php b/index.php
index 839a75f..172d57c 100644
--- a/index.php
+++ b/index.php
@@ -2,9 +2,9 @@
 /*
  +-------------------------------------------------------------------------+
  | RoundCube Webmail IMAP Client                                           |
- | Version 0.2-20080620                                                    |
+ | Version 0.2-20080829                                                    |
  |                                                                         |
- | Copyright (C) 2005-2008, RoundCube Dev. - Switzerland                   |
+ | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland                   |
  |                                                                         |
  | This program is free software; you can redistribute it and/or modify    |
  | it under the terms of the GNU General Public License version 2          |
@@ -30,9 +30,6 @@
 // include environment
 require_once 'program/include/iniset.php';
 
-// define global vars
-$OUTPUT_TYPE = 'html';
-
 // init application and start session with requested task
 $RCMAIL = rcmail::get_instance();
 
@@ -52,6 +49,14 @@
   }
 }
 
+// check if config files had errors
+if ($err_str = $RCMAIL->config->get_error()) {
+  raise_error(array(
+    'code' => 601,
+    'type' => 'php',
+    'message' => $err_str), false, true);
+}
+
 // check DB connections and exit on failure
 if ($err_str = $DB->is_error()) {
   raise_error(array(
@@ -60,7 +65,6 @@
     'message' => $err_str), FALSE, TRUE);
 }
 
-
 // error steps
 if ($RCMAIL->action=='error' && !empty($_GET['_code'])) {
   raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE);
@@ -68,34 +72,39 @@
 
 // try to log in
 if ($RCMAIL->action=='login' && $RCMAIL->task=='mail') {
+  // purge the session in case of new login when a session already exists 
+  $RCMAIL->kill_session(); 
+  
+  // set IMAP host
   $host = $RCMAIL->autoselect_host();
   
   // check if client supports cookies
   if (empty($_COOKIE)) {
     $OUTPUT->show_message("cookiesdisabled", 'warning');
   }
-  else if ($_SESSION['temp'] && !empty($_POST['_user']) && isset($_POST['_pass']) &&
+  else if ($_SESSION['temp'] && !empty($_POST['_user']) && !empty($_POST['_pass']) &&
            $RCMAIL->login(trim(get_input_value('_user', RCUBE_INPUT_POST), ' '),
               get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1'), $host)) {
     // create new session ID
     unset($_SESSION['temp']);
-    sess_regenerate_id();
+    rcube_sess_regenerate_id();
 
     // send auth cookie if necessary
     $RCMAIL->authenticate_session();
 
     // log successful login
-    if ($RCMAIL->config->get('log_logins') && $RCMAIL->config->get('debug_level') & 1)
-      console(sprintf('Successful login for %s (id %d) from %s',
-                      trim(get_input_value('_user', RCUBE_INPUT_POST), ' '),
-                      $_SESSION['user_id'],
-                      $_SERVER['REMOTE_ADDR']));
+    if ($RCMAIL->config->get('log_logins')) {
+      write_log('userlogins', sprintf('Successful login for %s (id %d) from %s',
+        $RCMAIL->user->get_username(),
+        $RCMAIL->user->ID,
+        $_SERVER['REMOTE_ADDR']));
+    }
 
     // send redirect
     $OUTPUT->redirect();
   }
   else {
-    $OUTPUT->show_message($IMAP->error_code == -1 ? 'imaperror' : 'loginfailed', 'warning');
+    $OUTPUT->show_message($IMAP->error_code < -1 ? 'imaperror' : 'loginfailed', 'warning');
     $RCMAIL->kill_session();
   }
 }
@@ -116,17 +125,9 @@
 }
 
 
-// log in to imap server
-if (!empty($RCMAIL->user->ID) && $RCMAIL->task == 'mail') {
-  if (!$RCMAIL->imap_connect()) {
-    $RCMAIL->kill_session();
-  }
-}
-
-
 // check client X-header to verify request origin
 if ($OUTPUT->ajax_call) {
-  if ($RCMAIL->config->get('devel_mode') && !rc_request_header('X-RoundCube-Referer')) {
+  if (!$RCMAIL->config->get('devel_mode') && !rc_request_header('X-RoundCube-Referer')) {
     header('HTTP/1.1 404 Not Found');
     die("Invalid Request");
   }
@@ -157,7 +158,13 @@
 
 
 // handle keep-alive signal
-if ($RCMAIL->action=='keep-alive') {
+if ($RCMAIL->action == 'keep-alive') {
+  $OUTPUT->reset();
+  $OUTPUT->send();
+}
+// save preference value
+else if ($RCMAIL->action == 'save-pref') {
+  $RCMAIL->user->save_prefs(array(get_input_value('_name', RCUBE_INPUT_POST) => get_input_value('_value', RCUBE_INPUT_POST)));
   $OUTPUT->reset();
   $OUTPUT->send();
 }
@@ -173,8 +180,9 @@
     'send'    => 'sendmail.inc',
     'expunge' => 'folders.inc',
     'purge'   => 'folders.inc',
-    'remove-attachment'  => 'compose.inc',
-    'display-attachment' => 'compose.inc',
+    'remove-attachment'  => 'attachments.inc',
+    'display-attachment' => 'attachments.inc',
+    'upload' => 'attachments.inc',
   ),
   
   'addressbook' => array(
@@ -211,11 +219,6 @@
   }
 }
 
-
-// make sure the message count is refreshed (for default view)
-if ($RCMAIL->task == 'mail') {
-  $IMAP->messagecount($_SESSION['mbox'], 'ALL', true);
-}
 
 // parse main template (default)
 $OUTPUT->send($RCMAIL->task);

--
Gitblit v1.9.1