diff options
Diffstat (limited to 'program/include')
-rw-r--r-- | program/include/main.inc | 60 | ||||
-rwxr-xr-x | program/include/rcube_db.inc | 52 | ||||
-rw-r--r-- | program/include/rcube_imap.inc | 23 | ||||
-rw-r--r-- | program/include/session.inc | 9 |
4 files changed, 96 insertions, 48 deletions
diff --git a/program/include/main.inc b/program/include/main.inc index 0a63b685b..e2e7a00be 100644 --- a/program/include/main.inc +++ b/program/include/main.inc @@ -55,9 +55,10 @@ function rcmail_startup($task='mail') // prepare DB connection $DB = new rcube_db($CONFIG['db_dsnw'], $CONFIG['db_dsnr']); + $DB->sqlite_initials = $INSTALL_PATH.'SQL/sqlite.initial.sql'; // we can use the database for storing session data - if (is_object($DB)) + if (is_object($DB) && $DB->db_provider!='sqlite') include_once('include/session.inc'); @@ -232,26 +233,43 @@ function load_gui() function rcmail_login($user, $pass, $host=NULL) { global $CONFIG, $IMAP, $DB, $sess_user_lang; + $user_id = NULL; if (!$host) $host = $CONFIG['default_host']; - // exit if IMAP login failed - if (!($imap_login = $IMAP->connect($host, $user, $pass))) - return FALSE; - // query if user already registered - $sql_result = $DB->query(sprintf("SELECT user_id, language, preferences - FROM %s - WHERE username='%s' AND mail_host='%s'", + $sql_result = $DB->query(sprintf("SELECT user_id, username, language, preferences + FROM %s + WHERE mail_host='%s' AND (username='%s' OR alias='%s')", get_table_name('users'), - $user, $host)); + addslashes($host), + addslashes($user), + addslashes($user))); - // user already registered + // user already registered -> overwrite username if ($sql_arr = $DB->fetch_assoc($sql_result)) { $user_id = $sql_arr['user_id']; - + $user = $sql_arr['username']; + } + + // parse $host URL + $a_host = parse_url($host); + if ($a_host['host']) + { + $host = $a_host['host']; + $imap_ssl = (isset($a_host['scheme']) && in_array($a_host['scheme'], array('ssl','imaps','tls'))) ? TRUE : FALSE; + $imap_port = isset($a_host['post']) ? $a_host['post'] : ($imap_ssl ? 993 : $CONFIG['default_port']); + } + + // exit if IMAP login failed + if (!($imap_login = $IMAP->connect($host, $user, $pass, $imap_port, $imap_ssl))) + return FALSE; + + // user already registered + if ($user_id && !empty($sql_arr)) + { // get user prefs if (strlen($sql_arr['preferences'])) { @@ -303,7 +321,8 @@ function rcmail_create_user($user, $host) (created, last_login, username, mail_host) VALUES (NOW(), NOW(), '%s', '%s')", get_table_name('users'), - $user, $host)); + addslashes($user), + addslashes($host))); if ($user_id = $DB->insert_id()) { @@ -316,8 +335,8 @@ function rcmail_create_user($user, $host) VALUES (%d, '1', '%s', '%s')", get_table_name('identities'), $user_id, - $user_name, - $user_email)); + addslashes($user_name), + addslashes($user_email))); // get existing mailboxes $a_mailboxes = $IMAP->list_mailboxes(); @@ -330,6 +349,14 @@ function rcmail_create_user($user, $host) if ($CONFIG['trash_mbox'] && !in_array_nocase($CONFIG['trash_mbox'], $a_mailboxes)) $IMAP->create_mailbox($CONFIG['trash_mbox'], TRUE); } + else + { + raise_error(array('code' => 500, + 'type' => 'php', + 'line' => __LINE__, + 'file' => __FILE__, + 'message' => "Failed to create new user"), TRUE, FALSE); + } return $user_id; } @@ -963,7 +990,10 @@ function rcmail_login_form($attrib) if (is_array($CONFIG['default_host'])) { $select_host = new select(array('name' => '_host')); - $select_host->add($CONFIG['default_host']); + + foreach ($CONFIG['default_host'] as $key => $value) + $select_host->add($value, (is_numeric($key) ? $value : $key)); + $fields['host'] = $select_host->show($_POST['_host']); } else if (!strlen($CONFIG['default_host'])) diff --git a/program/include/rcube_db.inc b/program/include/rcube_db.inc index 9c76cb340..7d9d1bb95 100755 --- a/program/include/rcube_db.inc +++ b/program/include/rcube_db.inc @@ -40,6 +40,9 @@ class rcube_db $this->db_dsnw = $db_dsnw; $this->db_dsnr = $db_dsnr; + + $dsn_array = DB::parseDSN($db_dsnw); + $this->db_provider = $dsn_array['phptype']; } // PHP 4 compatibility @@ -51,22 +54,21 @@ class rcube_db // Connect to specific database function dsn_connect($dsn) { - $dsn_array = DB::parseDSN($dsn); - $this->db_provider = $dsn_array['phptype']; - // Use persistent connections if available $dbh = DB::connect($dsn, array('persistent' => $true)); - + if (DB::isError($dbh)) raise_error(array('code' => 500, 'type' => 'db', 'line' => __LINE__, 'file' => __FILE__, 'message' => $dbh->getMessage()), TRUE, FALSE); + else if ($this->db_provider=='sqlite') { - if (!is_file($dsn_array['database']) || !filesize($dsn_array['database'])) - $this->_sqlite_create_database($dbh, 'SQL/sqlite.initial.sql'); + $dsn_array = DB::parseDSN($dsn); + if (!filesize($dsn_array['database']) && !empty($this->sqlite_initials)) + $this->_sqlite_create_database($dbh, $this->sqlite_initials); } return $dbh; @@ -75,8 +77,9 @@ class rcube_db // Connect to appropiate databse function db_connect ($mode) { + $this->db_mode = $mode; + // Already connected - if ($this->db_connected) { // no replication, current connection is ok @@ -96,7 +99,6 @@ class rcube_db $this->db_handle = $this->dsn_connect($dsn); $this->db_connected = true; - $this->db_mode = $mode; } // Query database (read operations) @@ -117,7 +119,8 @@ class rcube_db $result = $this->db_handle->query($query); if (DB::isError($result)) - raise_error(array('code' => 500, 'type' => 'db', + raise_error(array('code' => 500, + 'type' => 'db', 'line' => __LINE__, 'file' => __FILE__, 'message' => $result->getMessage()), TRUE, FALSE); @@ -127,7 +130,7 @@ class rcube_db function db_execute ($query) { - db_connect('w'); + $this->db_connect('w'); if ($this->db_provider == 'sqlite') $query = $this->_sqlite_prepare_query($query); @@ -159,7 +162,7 @@ class rcube_db function insert_id($sequence = '') { - if (!$this->db_link || $this->db_mode=='r') + if (!$this->db_handle || $this->db_mode=='r') return FALSE; switch($this->db_provider) @@ -167,13 +170,14 @@ class rcube_db case 'pgsql': // PostgreSQL uses sequences $result =& $this->db_handle->getOne("SELECT CURRVAL('$sequence')"); - if (DB::isError($result)) + if (DB::isError($result)) { raise_error( array('code' => 500, 'type' => 'db', 'line' => __LINE__, 'file' => __FILE__, 'message' => $result->getMessage()), TRUE, TRUE); + } return $result; case 'mysql': // This is unfortuneate - return mysql_insert_id($this->db_handle); + return mysql_insert_id(); case 'sqlite': return sqlite_last_insert_rowid($this->db_handle->connection); @@ -189,8 +193,11 @@ class rcube_db $result = $this->_get_result($res_id); if (DB::isError($result)) + { raise_error( array('code' => 500, 'type' => 'db', 'line' => __LINE__, 'file' => __FILE__, - 'message' => $this->db_link->getMessage()), TRUE, TRUE); + 'message' => $this->db_link->getMessage()), TRUE, FALSE); + return FALSE; + } return $result->fetchRow(DB_FETCHMODE_ASSOC); } @@ -231,16 +238,15 @@ class rcube_db if (empty($fileName) || !is_string($fileName)) return ; - $fd = fopen($fileName, 'r'); - if (!$fd) - return ; - $data = ''; - while ($line = fgets($fd, 4096)) - $data .= $line; - - fclose($fd); - sqlite_exec($dbh->connection, $data); + if ($fd = fopen($fileName, 'r')) + { + $data = fread($fd, filesize($fileName)); + fclose($fd); + } + + if (strlen($data)) + sqlite_exec($dbh->connection, $data); } // transform a query so that it is sqlite2 compliant diff --git a/program/include/rcube_imap.inc b/program/include/rcube_imap.inc index 127409dc8..21434167b 100644 --- a/program/include/rcube_imap.inc +++ b/program/include/rcube_imap.inc @@ -24,9 +24,6 @@ require_once('lib/imap.inc'); require_once('lib/mime.inc'); -// check for Open-SSL support in PHP build -//$ICL_SSL = TRUE; -//$ICL_PORT = 993; class rcube_imap { @@ -75,15 +72,29 @@ class rcube_imap } - function connect($host, $user, $pass, $port=143) + function connect($host, $user, $pass, $port=143, $use_ssl=FALSE) { - global $ICL_PORT; + global $ICL_PORT, $CONFIG; + + // check for Open-SSL support in PHP build + if ($use_ssl && in_array('openssl', get_loaded_extensions())) + $ICL_SSL = TRUE; $ICL_PORT = $port; - $this->conn = iil_Connect($host, $user, $pass); + $this->conn = iil_Connect($host, $user, $pass, array('imap' => 'check')); $this->host = $host; $this->user = $user; $this->pass = $pass; + + if ($this->conn && ($CONFIG['debug_level'] & 8)) + print $this->conn->message; + + else if (!$this->conn && $GLOBALS['iil_error']) + { + raise_error(array('code' => 403, + 'type' => 'imap', + 'message' => $GLOBALS['iil_error']), TRUE, FALSE); + } return $this->conn ? TRUE : FALSE; } diff --git a/program/include/session.inc b/program/include/session.inc index 35970c80f..ca2b0b4ce 100644 --- a/program/include/session.inc +++ b/program/include/session.inc @@ -38,7 +38,7 @@ function sess_read($key) { global $DB, $SESS_CHANGED; - $sql_result = $DB->query(sprintf("SELECT vars, UNIX_TIMESTAMP(changed) AS changed + $sql_result = $DB->query(sprintf("SELECT vars, ip, UNIX_TIMESTAMP(changed) AS changed FROM %s WHERE sess_id='%s'", get_table_name('session'), @@ -81,11 +81,12 @@ function sess_write($key, $vars) else { $DB->query(sprintf("INSERT INTO %s - (sess_id, vars, created, changed) - VALUES ('%s', '%s', NOW(), NOW())", + (sess_id, vars, ip, created, changed) + VALUES ('%s', '%s', '%s', NOW(), NOW())", get_table_name('session'), $key, - $vars)); + $vars, + $_SERVER['REMOTE_ADDR'])); } return TRUE; |