| +-----------------------------------------------------------------------+ $Id$ */ define('RCMAIL_VERSION', '0.1-20060220'); // define global vars $INSTALL_PATH = dirname($_SERVER['SCRIPT_FILENAME']); $OUTPUT_TYPE = 'html'; $JS_OBJECT_NAME = 'rcmail'; $CHARSET = 'UTF-8'; if (empty($INSTALL_PATH)) $INSTALL_PATH = './'; else $INSTALL_PATH .= '/'; // RC include folders MUST be included FIRST to avoid other // possible not compatible libraries (i.e PEAR) to be included // instead the ones provided by RC ini_set('include_path', $INSTALL_PATH.PATH_SEPARATOR.$INSTALL_PATH.'program'.PATH_SEPARATOR.$INSTALL_PATH.'program/lib'.PATH_SEPARATOR.ini_get('include_path')); ini_set('session.name', 'sessid'); ini_set('session.use_cookies', 1); ini_set('session.gc_maxlifetime', 21600); ini_set('session.gc_divisor', 500); ini_set('error_reporting', E_ALL&~E_NOTICE); // increase maximum execution time for php scripts // (does not work in safe mode) @set_time_limit(120); // include base files require_once('include/rcube_shared.inc'); require_once('include/rcube_imap.inc'); require_once('include/bugs.inc'); require_once('include/main.inc'); require_once('include/cache.inc'); require_once('PEAR.php'); // set PEAR error handling // PEAR::setErrorHandling(PEAR_ERROR_TRIGGER, E_USER_NOTICE); // strip magic quotes from Superglobals... if ((bool)get_magic_quotes_gpc()) // by "php Pest" { // Really EGPCSR - Environment $_ENV, GET $_GET , POST $_POST, Cookie $_COOKIE, Server $_SERVER // and their HTTP_*_VARS cousins (separate arrays, not references) and $_REQUEST $fnStripMagicQuotes = create_function( '&$mData, $fnSelf', 'if (is_array($mData)) { foreach ($mData as $mKey=>$mValue) $fnSelf($mData[$mKey], $fnSelf); return; } '. '$mData = stripslashes($mData);' ); // do each set of EGPCSR as you find necessary $fnStripMagicQuotes($_POST, $fnStripMagicQuotes); $fnStripMagicQuotes($_GET, $fnStripMagicQuotes); } // catch some url/post parameters $_auth = !empty($_POST['_auth']) ? $_POST['_auth'] : $_GET['_auth']; $_task = !empty($_POST['_task']) ? $_POST['_task'] : (!empty($_GET['_task']) ? $_GET['_task'] : 'mail'); $_action = !empty($_POST['_action']) ? $_POST['_action'] : (!empty($_GET['_action']) ? $_GET['_action'] : ''); $_framed = (!empty($_GET['_framed']) || !empty($_POST['_framed'])); if (!empty($_GET['_remote'])) $REMOTE_REQUEST = TRUE; // start session with requested task rcmail_startup($_task); // set session related variables $COMM_PATH = sprintf('./?_auth=%s&_task=%s', $sess_auth, $_task); $SESS_HIDDEN_FIELD = sprintf('', $sess_auth); // add framed parameter if ($_framed) { $COMM_PATH .= '&_framed=1'; $SESS_HIDDEN_FIELD .= "\n".''; } // init necessary objects for GUI load_gui(); // error steps if ($_action=='error' && !empty($_GET['_code'])) { raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE); } // try to log in if ($_action=='login' && $_task=='mail') { $host = $_POST['_host'] ? $_POST['_host'] : $CONFIG['default_host']; // check if client supports cookies if (empty($_COOKIE)) { show_message("cookiesdisabled", 'warning'); } else if (isset($_POST['_user']) && isset($_POST['_pass']) && rcmail_login($_POST['_user'], $_POST['_pass'], $host)) { // send redirect header("Location: $COMM_PATH"); exit; } else { show_message("loginfailed", 'warning'); $_SESSION['user_id'] = ''; } } // end session else if ($_action=='logout' && isset($_SESSION['user_id'])) { show_message('loggedout'); rcmail_kill_session(); } // check session cookie and auth string else if ($_action!='login' && $sess_auth && $_SESSION['user_id']) { if ($_auth !== $sess_auth || $_auth != rcmail_auth_hash($_SESSION['client_id'], $_SESSION['auth_time']) || ($CONFIG['session_lifetime'] && isset($SESS_CHANGED) && $SESS_CHANGED + $CONFIG['session_lifetime']*60 < mktime())) { $message = show_message('sessionerror', 'error'); rcmail_kill_session(); } } // log in to imap server if (!empty($_SESSION['user_id']) && $_task=='mail') { $conn = $IMAP->connect($_SESSION['imap_host'], $_SESSION['username'], decrypt_passwd($_SESSION['password']), $_SESSION['imap_port'], $_SESSION['imap_ssl']); if (!$conn) { show_message('imaperror', 'error'); $_SESSION['user_id'] = ''; } else rcmail_set_imap_prop(); } // not logged in -> set task to 'login if (empty($_SESSION['user_id'])) { if ($REMOTE_REQUEST) { $message .= "setTimeout(\"location.href='\"+this.env.comm_path+\"'\", 2000);"; rcube_remote_response($message); } $_task = 'login'; } // set task and action to client $script = sprintf("%s.set_env('task', '%s');", $JS_OBJECT_NAME, $_task); if (!empty($_action)) $script .= sprintf("\n%s.set_env('action', '%s');", $JS_OBJECT_NAME, $_action); $OUTPUT->add_script($script); // not logged in -> show login page if (!$_SESSION['user_id']) { parse_template('login'); exit; } // handle keep-alive signal if ($_action=='keep-alive') { rcube_remote_response(''); exit; } // include task specific files if ($_task=='mail') { include_once('program/steps/mail/func.inc'); if ($_action=='show' || $_action=='print') include('program/steps/mail/show.inc'); if ($_action=='get') include('program/steps/mail/get.inc'); if ($_action=='moveto' || $_action=='delete') include('program/steps/mail/move_del.inc'); if ($_action=='mark') include('program/steps/mail/mark.inc'); if ($_action=='viewsource') include('program/steps/mail/viewsource.inc'); if ($_action=='send') include('program/steps/mail/sendmail.inc'); if ($_action=='upload') include('program/steps/mail/upload.inc'); if ($_action=='compose') include('program/steps/mail/compose.inc'); if ($_action=='addcontact') include('program/steps/mail/addcontact.inc'); if ($_action=='expunge' || $_action=='purge') include('program/steps/mail/folders.inc'); if ($_action=='check-recent') include('program/steps/mail/check_recent.inc'); if ($_action=='getunread') include('program/steps/mail/getunread.inc'); if ($_action=='list' && $_GET['_remote']) include('program/steps/mail/list.inc'); if ($_action=='rss') include('program/steps/mail/rss.inc'); // kill compose entry from session if (isset($_SESSION['compose'])) rcmail_compose_cleanup(); } // include task specific files if ($_task=='addressbook') { include_once('program/steps/addressbook/func.inc'); if ($_action=='save') include('program/steps/addressbook/save.inc'); if ($_action=='edit' || $_action=='add') include('program/steps/addressbook/edit.inc'); if ($_action=='delete') include('program/steps/addressbook/delete.inc'); if ($_action=='show') include('program/steps/addressbook/show.inc'); if ($_action=='list' && $_GET['_remote']) include('program/steps/addressbook/list.inc'); if ($_action=='ldappublicsearch') include('program/steps/addressbook/ldapsearchform.inc'); } // include task specific files if ($_task=='settings') { include_once('program/steps/settings/func.inc'); if ($_action=='save-identity') include('program/steps/settings/save_identity.inc'); if ($_action=='add-identity' || $_action=='edit-identity') include('program/steps/settings/edit_identity.inc'); if ($_action=='delete-identity') include('program/steps/settings/delete_identity.inc'); if ($_action=='identities') include('program/steps/settings/identities.inc'); if ($_action=='save-prefs') include('program/steps/settings/save_prefs.inc'); if ($_action=='folders' || $_action=='subscribe' || $_action=='unsubscribe' || $_action=='create-folder' || $_action=='delete-folder') include('program/steps/settings/manage_folders.inc'); } // only allow these templates to be included $valid_tasks = array('mail','settings','addressbook'); // parse main template if (in_array($_task, $valid_tasks)) parse_template($_task); // if we arrive here, something went wrong raise_error(array('code' => 404, 'type' => 'php', 'line' => __LINE__, 'file' => __FILE__, 'message' => "Invalid request"), TRUE, TRUE); ?>