summaryrefslogtreecommitdiff
path: root/program/include
diff options
context:
space:
mode:
Diffstat (limited to 'program/include')
-rw-r--r--program/include/main.inc60
-rwxr-xr-xprogram/include/rcube_db.inc52
-rw-r--r--program/include/rcube_imap.inc23
-rw-r--r--program/include/session.inc9
4 files changed, 96 insertions, 48 deletions
diff --git a/program/include/main.inc b/program/include/main.inc
index 0a63b685b..e2e7a00be 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -55,9 +55,10 @@ function rcmail_startup($task='mail')
// prepare DB connection
$DB = new rcube_db($CONFIG['db_dsnw'], $CONFIG['db_dsnr']);
+ $DB->sqlite_initials = $INSTALL_PATH.'SQL/sqlite.initial.sql';
// we can use the database for storing session data
- if (is_object($DB))
+ if (is_object($DB) && $DB->db_provider!='sqlite')
include_once('include/session.inc');
@@ -232,26 +233,43 @@ function load_gui()
function rcmail_login($user, $pass, $host=NULL)
{
global $CONFIG, $IMAP, $DB, $sess_user_lang;
+ $user_id = NULL;
if (!$host)
$host = $CONFIG['default_host'];
- // exit if IMAP login failed
- if (!($imap_login = $IMAP->connect($host, $user, $pass)))
- return FALSE;
-
// query if user already registered
- $sql_result = $DB->query(sprintf("SELECT user_id, language, preferences
- FROM %s
- WHERE username='%s' AND mail_host='%s'",
+ $sql_result = $DB->query(sprintf("SELECT user_id, username, language, preferences
+ FROM %s
+ WHERE mail_host='%s' AND (username='%s' OR alias='%s')",
get_table_name('users'),
- $user, $host));
+ addslashes($host),
+ addslashes($user),
+ addslashes($user)));
- // user already registered
+ // user already registered -> overwrite username
if ($sql_arr = $DB->fetch_assoc($sql_result))
{
$user_id = $sql_arr['user_id'];
-
+ $user = $sql_arr['username'];
+ }
+
+ // parse $host URL
+ $a_host = parse_url($host);
+ if ($a_host['host'])
+ {
+ $host = $a_host['host'];
+ $imap_ssl = (isset($a_host['scheme']) && in_array($a_host['scheme'], array('ssl','imaps','tls'))) ? TRUE : FALSE;
+ $imap_port = isset($a_host['post']) ? $a_host['post'] : ($imap_ssl ? 993 : $CONFIG['default_port']);
+ }
+
+ // exit if IMAP login failed
+ if (!($imap_login = $IMAP->connect($host, $user, $pass, $imap_port, $imap_ssl)))
+ return FALSE;
+
+ // user already registered
+ if ($user_id && !empty($sql_arr))
+ {
// get user prefs
if (strlen($sql_arr['preferences']))
{
@@ -303,7 +321,8 @@ function rcmail_create_user($user, $host)
(created, last_login, username, mail_host)
VALUES (NOW(), NOW(), '%s', '%s')",
get_table_name('users'),
- $user, $host));
+ addslashes($user),
+ addslashes($host)));
if ($user_id = $DB->insert_id())
{
@@ -316,8 +335,8 @@ function rcmail_create_user($user, $host)
VALUES (%d, '1', '%s', '%s')",
get_table_name('identities'),
$user_id,
- $user_name,
- $user_email));
+ addslashes($user_name),
+ addslashes($user_email)));
// get existing mailboxes
$a_mailboxes = $IMAP->list_mailboxes();
@@ -330,6 +349,14 @@ function rcmail_create_user($user, $host)
if ($CONFIG['trash_mbox'] && !in_array_nocase($CONFIG['trash_mbox'], $a_mailboxes))
$IMAP->create_mailbox($CONFIG['trash_mbox'], TRUE);
}
+ else
+ {
+ raise_error(array('code' => 500,
+ 'type' => 'php',
+ 'line' => __LINE__,
+ 'file' => __FILE__,
+ 'message' => "Failed to create new user"), TRUE, FALSE);
+ }
return $user_id;
}
@@ -963,7 +990,10 @@ function rcmail_login_form($attrib)
if (is_array($CONFIG['default_host']))
{
$select_host = new select(array('name' => '_host'));
- $select_host->add($CONFIG['default_host']);
+
+ foreach ($CONFIG['default_host'] as $key => $value)
+ $select_host->add($value, (is_numeric($key) ? $value : $key));
+
$fields['host'] = $select_host->show($_POST['_host']);
}
else if (!strlen($CONFIG['default_host']))
diff --git a/program/include/rcube_db.inc b/program/include/rcube_db.inc
index 9c76cb340..7d9d1bb95 100755
--- a/program/include/rcube_db.inc
+++ b/program/include/rcube_db.inc
@@ -40,6 +40,9 @@ class rcube_db
$this->db_dsnw = $db_dsnw;
$this->db_dsnr = $db_dsnr;
+
+ $dsn_array = DB::parseDSN($db_dsnw);
+ $this->db_provider = $dsn_array['phptype'];
}
// PHP 4 compatibility
@@ -51,22 +54,21 @@ class rcube_db
// Connect to specific database
function dsn_connect($dsn)
{
- $dsn_array = DB::parseDSN($dsn);
- $this->db_provider = $dsn_array['phptype'];
-
// Use persistent connections if available
$dbh = DB::connect($dsn, array('persistent' => $true));
-
+
if (DB::isError($dbh))
raise_error(array('code' => 500,
'type' => 'db',
'line' => __LINE__,
'file' => __FILE__,
'message' => $dbh->getMessage()), TRUE, FALSE);
+
else if ($this->db_provider=='sqlite')
{
- if (!is_file($dsn_array['database']) || !filesize($dsn_array['database']))
- $this->_sqlite_create_database($dbh, 'SQL/sqlite.initial.sql');
+ $dsn_array = DB::parseDSN($dsn);
+ if (!filesize($dsn_array['database']) && !empty($this->sqlite_initials))
+ $this->_sqlite_create_database($dbh, $this->sqlite_initials);
}
return $dbh;
@@ -75,8 +77,9 @@ class rcube_db
// Connect to appropiate databse
function db_connect ($mode)
{
+ $this->db_mode = $mode;
+
// Already connected
-
if ($this->db_connected)
{
// no replication, current connection is ok
@@ -96,7 +99,6 @@ class rcube_db
$this->db_handle = $this->dsn_connect($dsn);
$this->db_connected = true;
- $this->db_mode = $mode;
}
// Query database (read operations)
@@ -117,7 +119,8 @@ class rcube_db
$result = $this->db_handle->query($query);
if (DB::isError($result))
- raise_error(array('code' => 500, 'type' => 'db',
+ raise_error(array('code' => 500,
+ 'type' => 'db',
'line' => __LINE__,
'file' => __FILE__,
'message' => $result->getMessage()), TRUE, FALSE);
@@ -127,7 +130,7 @@ class rcube_db
function db_execute ($query)
{
- db_connect('w');
+ $this->db_connect('w');
if ($this->db_provider == 'sqlite')
$query = $this->_sqlite_prepare_query($query);
@@ -159,7 +162,7 @@ class rcube_db
function insert_id($sequence = '')
{
- if (!$this->db_link || $this->db_mode=='r')
+ if (!$this->db_handle || $this->db_mode=='r')
return FALSE;
switch($this->db_provider)
@@ -167,13 +170,14 @@ class rcube_db
case 'pgsql':
// PostgreSQL uses sequences
$result =& $this->db_handle->getOne("SELECT CURRVAL('$sequence')");
- if (DB::isError($result))
+ if (DB::isError($result)) {
raise_error( array('code' => 500, 'type' => 'db', 'line' => __LINE__, 'file' => __FILE__,
'message' => $result->getMessage()), TRUE, TRUE);
+ }
return $result;
case 'mysql': // This is unfortuneate
- return mysql_insert_id($this->db_handle);
+ return mysql_insert_id();
case 'sqlite':
return sqlite_last_insert_rowid($this->db_handle->connection);
@@ -189,8 +193,11 @@ class rcube_db
$result = $this->_get_result($res_id);
if (DB::isError($result))
+ {
raise_error( array('code' => 500, 'type' => 'db', 'line' => __LINE__, 'file' => __FILE__,
- 'message' => $this->db_link->getMessage()), TRUE, TRUE);
+ 'message' => $this->db_link->getMessage()), TRUE, FALSE);
+ return FALSE;
+ }
return $result->fetchRow(DB_FETCHMODE_ASSOC);
}
@@ -231,16 +238,15 @@ class rcube_db
if (empty($fileName) || !is_string($fileName))
return ;
- $fd = fopen($fileName, 'r');
- if (!$fd)
- return ;
-
$data = '';
- while ($line = fgets($fd, 4096))
- $data .= $line;
-
- fclose($fd);
- sqlite_exec($dbh->connection, $data);
+ if ($fd = fopen($fileName, 'r'))
+ {
+ $data = fread($fd, filesize($fileName));
+ fclose($fd);
+ }
+
+ if (strlen($data))
+ sqlite_exec($dbh->connection, $data);
}
// transform a query so that it is sqlite2 compliant
diff --git a/program/include/rcube_imap.inc b/program/include/rcube_imap.inc
index 127409dc8..21434167b 100644
--- a/program/include/rcube_imap.inc
+++ b/program/include/rcube_imap.inc
@@ -24,9 +24,6 @@
require_once('lib/imap.inc');
require_once('lib/mime.inc');
-// check for Open-SSL support in PHP build
-//$ICL_SSL = TRUE;
-//$ICL_PORT = 993;
class rcube_imap
{
@@ -75,15 +72,29 @@ class rcube_imap
}
- function connect($host, $user, $pass, $port=143)
+ function connect($host, $user, $pass, $port=143, $use_ssl=FALSE)
{
- global $ICL_PORT;
+ global $ICL_PORT, $CONFIG;
+
+ // check for Open-SSL support in PHP build
+ if ($use_ssl && in_array('openssl', get_loaded_extensions()))
+ $ICL_SSL = TRUE;
$ICL_PORT = $port;
- $this->conn = iil_Connect($host, $user, $pass);
+ $this->conn = iil_Connect($host, $user, $pass, array('imap' => 'check'));
$this->host = $host;
$this->user = $user;
$this->pass = $pass;
+
+ if ($this->conn && ($CONFIG['debug_level'] & 8))
+ print $this->conn->message;
+
+ else if (!$this->conn && $GLOBALS['iil_error'])
+ {
+ raise_error(array('code' => 403,
+ 'type' => 'imap',
+ 'message' => $GLOBALS['iil_error']), TRUE, FALSE);
+ }
return $this->conn ? TRUE : FALSE;
}
diff --git a/program/include/session.inc b/program/include/session.inc
index 35970c80f..ca2b0b4ce 100644
--- a/program/include/session.inc
+++ b/program/include/session.inc
@@ -38,7 +38,7 @@ function sess_read($key)
{
global $DB, $SESS_CHANGED;
- $sql_result = $DB->query(sprintf("SELECT vars, UNIX_TIMESTAMP(changed) AS changed
+ $sql_result = $DB->query(sprintf("SELECT vars, ip, UNIX_TIMESTAMP(changed) AS changed
FROM %s
WHERE sess_id='%s'",
get_table_name('session'),
@@ -81,11 +81,12 @@ function sess_write($key, $vars)
else
{
$DB->query(sprintf("INSERT INTO %s
- (sess_id, vars, created, changed)
- VALUES ('%s', '%s', NOW(), NOW())",
+ (sess_id, vars, ip, created, changed)
+ VALUES ('%s', '%s', '%s', NOW(), NOW())",
get_table_name('session'),
$key,
- $vars));
+ $vars,
+ $_SERVER['REMOTE_ADDR']));
}
return TRUE;