| +-----------------------------------------------------------------------+ $Id$ */ // application constants define('RCMAIL_VERSION', '0.1-trunk'); define('RCMAIL_CHARSET', 'UTF-8'); define('JS_OBJECT_NAME', 'rcmail'); // define global vars $OUTPUT_TYPE = 'html'; $INSTALL_PATH = dirname(__FILE__); $MAIN_TASKS = array('mail','settings','addressbook','logout'); if (empty($INSTALL_PATH)) $INSTALL_PATH = './'; else $INSTALL_PATH .= '/'; // make sure path_separator is defined if (!defined('PATH_SEPARATOR')) define('PATH_SEPARATOR', (eregi('win', PHP_OS) ? ';' : ':')); // RC include folders MUST be included FIRST to avoid other // possible not compatible libraries (i.e PEAR) to be included // instead the ones provided by RC ini_set('include_path', $INSTALL_PATH.PATH_SEPARATOR.$INSTALL_PATH.'program'.PATH_SEPARATOR.$INSTALL_PATH.'program/lib'.PATH_SEPARATOR.ini_get('include_path')); ini_set('session.name', 'roundcube_sessid'); ini_set('session.use_cookies', 1); ini_set('session.gc_maxlifetime', 21600); ini_set('session.gc_divisor', 500); ini_set('error_reporting', E_ALL&~E_NOTICE); set_magic_quotes_runtime(0); // increase maximum execution time for php scripts // (does not work in safe mode) if (!ini_get('safe_mode')) @set_time_limit(120); // include base files require_once('include/rcube_shared.inc'); require_once('include/rcube_imap.inc'); require_once('include/bugs.inc'); require_once('include/main.inc'); require_once('PEAR.php'); // set PEAR error handling // PEAR::setErrorHandling(PEAR_ERROR_TRIGGER, E_USER_NOTICE); // catch some url/post parameters $_task = strip_quotes(get_input_value('_task', RCUBE_INPUT_GPC)); $_action = strip_quotes(get_input_value('_action', RCUBE_INPUT_GPC)); $_framed = (!empty($_GET['_framed']) || !empty($_POST['_framed'])); // use main task if empty or invalid value if (empty($_task) || !in_array($_task, $MAIN_TASKS)) $_task = 'mail'; // set output buffering if ($_action != 'get' && $_action != 'viewsource') { // use gzip compression if supported if (function_exists('ob_gzhandler') && !ini_get('zlib.output_compression') && ini_get('output_handler') != 'ob_gzhandler') { ob_start('ob_gzhandler'); } else ob_start(); } // start session with requested task rcmail_startup($_task); // set session related variables $COMM_PATH = sprintf('./?_task=%s', $_task); $SESS_HIDDEN_FIELD = ''; // add framed parameter if ($_framed) { $COMM_PATH .= '&_framed=1'; $SESS_HIDDEN_FIELD .= "\n".''; } // init necessary objects for GUI rcmail_load_gui(); // check DB connections and exit on failure if ($err_str = $DB->is_error()) { raise_error(array( 'code' => 603, 'type' => 'db', 'message' => $err_str), FALSE, TRUE); } // error steps if ($_action=='error' && !empty($_GET['_code'])) raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE); // try to log in if ($_action=='login' && $_task=='mail') { $host = rcmail_autoselect_host(); // check if client supports cookies if (empty($_COOKIE)) { $OUTPUT->show_message("cookiesdisabled", 'warning'); } else if ($_SESSION['temp'] && !empty($_POST['_user']) && isset($_POST['_pass']) && rcmail_login(trim(get_input_value('_user', RCUBE_INPUT_POST), ' '), get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1'), $host)) { // create new session ID unset($_SESSION['temp']); sess_regenerate_id(); // send auth cookie if necessary rcmail_authenticate_session(); // send redirect header("Location: $COMM_PATH"); exit; } else { $OUTPUT->show_message($IMAP->error_code == -1 ? 'imaperror' : 'loginfailed', 'warning'); rcmail_kill_session(); } } // end session else if (($_task=='logout' || $_action=='logout') && isset($_SESSION['user_id'])) { $OUTPUT->show_message('loggedout'); rcmail_logout_actions(); rcmail_kill_session(); } // check session and auth cookie else if ($_action != 'login' && $_SESSION['user_id'] && $_action != 'send') { if (!rcmail_authenticate_session()) { $OUTPUT->show_message('sessionerror', 'error'); rcmail_kill_session(); } } // log in to imap server if (!empty($USER->ID) && $_task=='mail') { $conn = $IMAP->connect($_SESSION['imap_host'], $_SESSION['username'], decrypt_passwd($_SESSION['password']), $_SESSION['imap_port'], $_SESSION['imap_ssl']); if (!$conn) { $OUTPUT->show_message($IMAP->error_code == -1 ? 'imaperror' : 'sessionerror', 'error'); rcmail_kill_session(); } else rcmail_set_imap_prop(); } // not logged in -> set task to 'login if (empty($USER->ID)) { if ($OUTPUT->ajax_call) $OUTPUT->remote_response("setTimeout(\"location.href='\"+this.env.comm_path+\"'\", 2000);"); $_task = 'login'; } // check client X-header to verify request origin if ($OUTPUT->ajax_call) { if (empty($CONFIG['devel_mode']) && !rc_request_header('X-RoundCube-Referer')) { header('HTTP/1.1 404 Not Found'); die("Invalid Request"); } } // set task and action to client $OUTPUT->set_env('task', $_task); if (!empty($_action)) $OUTPUT->set_env('action', $_action); // not logged in -> show login page if (empty($USER->ID)) { // check if installer is still active if ($CONFIG['enable_installer'] && is_readable('./installer/index.php')) $OUTPUT->add_footer('
The install script of your RoundCube installation is still stored in its default location!
Please remove the whole installer folder from the RoundCube directory because these files may expose sensitive configuration data like server passwords and encryption keys to the public. Make sure you cannot access the installer script from your browser.