diff options
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | index.php | 27 | ||||
-rw-r--r-- | program/include/rcmail.php | 45 | ||||
-rw-r--r-- | program/localization/en_US/messages.inc | 1 |
4 files changed, 62 insertions, 12 deletions
@@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Show explicit error message when provided hostname is invalid (#1488550) - Fix wrong compose screen elements focus in IE9 (#1488541) - Fix fatal error when date.timezone isn't set (#1488546) - Update to TinyMCE 3.5.4.1 @@ -103,12 +103,9 @@ if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') { 'valid' => $request_valid, )); - // check if client supports cookies - if ($auth['cookiecheck'] && empty($_COOKIE)) { - $OUTPUT->show_message("cookiesdisabled", 'warning'); - } - else if ($auth['valid'] && !$auth['abort'] && - $RCMAIL->login($auth['user'], $auth['pass'], $auth['host']) + // Login + if ($auth['valid'] && !$auth['abort'] && + $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'], $auth['cookiecheck']) ) { // create new session ID, don't destroy the current session // it was destroyed already by $RCMAIL->kill_session() above @@ -143,9 +140,23 @@ if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') { $OUTPUT->redirect($redir); } else { - $error_code = is_object($RCMAIL->storage) ? $RCMAIL->storage->get_error_code() : 1; + if (!$auth['valid']) { + $error_code = RCMAIL::ERROR_INVALID_REQUEST; + } + else { + $error_code = $auth['error'] ? $auth['error'] : $RCMAIL->login_error(); + } + + $error_labels = array( + RCMAIL::ERROR_STORAGE => 'storageerror', + RCMAIL::ERROR_COOKIES_DISABLED => 'cookiesdisabled', + RCMAIL::ERROR_INVALID_REQUEST => 'invalidrequest', + RCMAIL::ERROR_INVALID_HOST => 'invalidhost', + ); + + $error_message = $error_labels[$error_code] ? $error_labels[$error_code] : 'loginfailed'; - $OUTPUT->show_message($error_code < -1 ? 'storageerror' : (!$auth['valid'] ? 'invalidrequest' : 'loginfailed'), 'warning'); + $OUTPUT->show_message($error_message, 'warning'); $RCMAIL->plugins->exec_hook('login_failed', array( 'code' => $error_code, 'host' => $auth['host'], 'user' => $auth['user'])); $RCMAIL->kill_session(); diff --git a/program/include/rcmail.php b/program/include/rcmail.php index 66e9a5c06..b287acc2e 100644 --- a/program/include/rcmail.php +++ b/program/include/rcmail.php @@ -131,6 +131,11 @@ class rcmail private $shutdown_functions = array(); private $expunge_cache = false; + const ERROR_STORAGE = -2; + const ERROR_INVALID_REQUEST = 1; + const ERROR_INVALID_HOST = 2; + const ERROR_COOKIES_DISABLED = 3; + /** * This implements the 'singleton' design pattern @@ -814,15 +819,23 @@ class rcmail * @param string Mail storage (IMAP) user name * @param string Mail storage (IMAP) password * @param string Mail storage (IMAP) host + * @param bool Enables cookie check * * @return boolean True on success, False on failure */ - function login($username, $pass, $host=NULL) + function login($username, $pass, $host = null, $cookiecheck = false) { + $this->login_error = null; + if (empty($username)) { return false; } + if ($cookiecheck && empty($_COOKIE)) { + $this->login_error = self::ERROR_COOKIES_DISABLED; + return false; + } + $config = $this->config->all(); if (!$host) @@ -839,11 +852,18 @@ class rcmail break; } } - if (!$allowed) - return false; + if (!$allowed) { + $host = null; } - else if (!empty($config['default_host']) && $host != rcube_parse_host($config['default_host'])) + } + else if (!empty($config['default_host']) && $host != rcube_parse_host($config['default_host'])) { + $host = null; + } + + if (!$host) { + $this->login_error = self::ERROR_INVALID_HOST; return false; + } // parse $host URL $a_host = parse_url($host); @@ -983,6 +1003,23 @@ class rcmail } + /** + * Returns error code of last login operation + * + * @return int Error code + */ + public function login_error() + { + if ($this->login_error) { + return $this->login_error; + } + + if ($this->storage && $this->storage->get_error_code() < -1) { + return self::ERROR_STORAGE; + } + } + + /** * Set storage parameters. * This must be done AFTER connecting to the server! diff --git a/program/localization/en_US/messages.inc b/program/localization/en_US/messages.inc index 995be7b65..cabc9998b 100644 --- a/program/localization/en_US/messages.inc +++ b/program/localization/en_US/messages.inc @@ -33,6 +33,7 @@ $messages['requesttimedout'] = 'Request timed out'; $messages['errorreadonly'] = 'Unable to perform operation. Folder is read-only.'; $messages['errornoperm'] = 'Unable to perform operation. Permission denied.'; $messages['invalidrequest'] = 'Invalid request! No data was saved.'; +$messages['invalidhost'] = 'Invalid server name.'; $messages['nomessagesfound'] = 'No messages found in this mailbox.'; $messages['loggedout'] = 'You have successfully terminated the session. Good bye!'; $messages['mailboxempty'] = 'Mailbox is empty.'; |