// check if config files had errors if ($err_str = $RCMAIL->config->get_error()) { rcmail::raise_error(array('code' => 601, 'type' => 'php', 'message' => $err_str), false, true); } // check DB connections and exit on failure if ($err_str = $RCMAIL->db->is_error()) { rcmail::raise_error(array('code' => 603, 'type' => 'db', 'message' => $err_str), FALSE, TRUE); } // error steps if ($RCMAIL->action == 'error' && !empty($_GET['_code'])) { rcmail::raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE); } // check if https is required (for login) and redirect if necessary if (empty($_SESSION['user_id']) && ($force_https = $RCMAIL->config->get('force_https', false))) { $https_port = is_bool($force_https) ? 443 : $force_https; if (!rcube_utils::https_check($https_port)) { $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']); $host .= $https_port != 443 ? ':' . $https_port : ''; header('Location: https://' . $host . $_SERVER['REQUEST_URI']); exit; } } // trigger startup plugin hook $startup = $RCMAIL->plugins->exec_hook('startup', array('task' => $RCMAIL->task, 'action' => $RCMAIL->action)); $RCMAIL->set_task($startup['task']); $RCMAIL->action = $startup['action']; // try to log in if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') { $request_valid = $_SESSION['temp'] && $RCMAIL->check_request(rcube_utils::INPUT_POST, 'login'); // purge the session in case of new login when a session already exists $RCMAIL->kill_session();
/** * Create session object and start the session. */ public function session_init() { // session started (Installer?) if (session_id()) { return; } $sess_name = $this->config->get('session_name'); $sess_domain = $this->config->get('session_domain'); $sess_path = $this->config->get('session_path'); $lifetime = $this->config->get('session_lifetime', 0) * 60; $is_secure = $this->config->get('use_https') || rcube_utils::https_check(); // set session domain if ($sess_domain) { ini_set('session.cookie_domain', $sess_domain); } // set session path if ($sess_path) { ini_set('session.cookie_path', $sess_path); } // set session garbage collecting time according to session_lifetime if ($lifetime) { ini_set('session.gc_maxlifetime', $lifetime * 2); } ini_set('session.cookie_secure', $is_secure); ini_set('session.name', $sess_name ? $sess_name : 'roundcube_sessid'); ini_set('session.use_cookies', 1); ini_set('session.use_only_cookies', 1); ini_set('session.cookie_httponly', 1); // use database for storing session data $this->session = new rcube_session($this->get_dbh(), $this->config); $this->session->register_gc_handler(array($this, 'gc')); $this->session->set_secret($this->config->get('des_key') . dirname($_SERVER['SCRIPT_NAME'])); $this->session->set_ip_check($this->config->get('ip_check')); if ($this->config->get('session_auth_name')) { $this->session->set_cookiename($this->config->get('session_auth_name')); } // start PHP session (if not in CLI mode) if ($_SERVER['REMOTE_ADDR']) { $this->session->start(); } }
/** * Create session object and start the session. */ public function session_init() { // session started (Installer?) if (session_id()) { return; } $sess_name = $this->config->get('session_name'); $sess_domain = $this->config->get('session_domain'); $lifetime = $this->config->get('session_lifetime', 0) * 60; // set session domain if ($sess_domain) { ini_set('session.cookie_domain', $sess_domain); } // set session garbage collecting time according to session_lifetime if ($lifetime) { ini_set('session.gc_maxlifetime', $lifetime * 2); } ini_set('session.cookie_secure', rcube_utils::https_check()); ini_set('session.name', $sess_name ? $sess_name : 'roundcube_sessid'); ini_set('session.use_cookies', 1); ini_set('session.use_only_cookies', 1); ini_set('session.serialize_handler', 'php'); // use database for storing session data $this->session = new rcube_session($this->get_dbh(), $this->config); $this->session->register_gc_handler(array($this, 'temp_gc')); $this->session->register_gc_handler(array($this, 'cache_gc')); // start PHP session (if not in CLI mode) if ($_SERVER['REMOTE_ADDR']) { session_start(); } }
function rcube_https_check($port = null, $use_https = true) { return rcube_utils::https_check($port, $use_https); }
/** * Send HTTP headers to prevent caching a page */ public function nocacheing_headers() { if (headers_sent()) { return; } header("Expires: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // We need to set the following headers to make downloads work using IE in HTTPS mode. if ($this->browser->ie && rcube_utils::https_check()) { header('Pragma: private'); header("Cache-Control: private, must-revalidate"); } else { header("Cache-Control: private, no-cache, no-store, must-revalidate, post-check=0, pre-check=0"); header("Pragma: no-cache"); } }
/** * Create session object and start the session. */ public function session_init() { // session started (Installer?) if (session_id()) { return; } $sess_name = $this->config->get('session_name'); $sess_domain = $this->config->get('session_domain'); $sess_path = $this->config->get('session_path'); $lifetime = $this->config->get('session_lifetime', 0) * 60; $is_secure = $this->config->get('use_https') || rcube_utils::https_check(); // set session domain if ($sess_domain) { ini_set('session.cookie_domain', $sess_domain); } // set session path if ($sess_path) { ini_set('session.cookie_path', $sess_path); } // set session garbage collecting time according to session_lifetime if ($lifetime) { ini_set('session.gc_maxlifetime', $lifetime * 2); } ini_set('session.cookie_secure', $is_secure); ini_set('session.name', $sess_name ? $sess_name : 'roundcube_sessid'); ini_set('session.use_cookies', 1); ini_set('session.use_only_cookies', 1); ini_set('session.cookie_httponly', 1); // get session driver instance $this->session = rcube_session::factory($this->config); $this->session->register_gc_handler(array($this, 'gc')); // start PHP session (if not in CLI mode) if ($_SERVER['REMOTE_ADDR']) { $this->session->start(); } }
} // error steps if ($RCMAIL->action == 'error' && !empty($_GET['_code'])) { rcmail::raise_error(array('code' => hexdec($_GET['_code'])), false, true); } // check if https is required (for login) and redirect if necessary if (empty($_SESSION['user_id']) && ($force_https = $RCMAIL->config->get('force_https', false))) { // force_https can be true, <hostname>, <hostname>:<port>, <port> if (!is_bool($force_https)) { list($host, $port) = explode(':', $force_https); if (is_numeric($host) && empty($port)) { $port = $host; $host = ''; } } if (!rcube_utils::https_check($port ?: 443)) { if (empty($host)) { $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']); } if ($port && $port != 443) { $host .= ':' . $port; } header('Location: https://' . $host . $_SERVER['REQUEST_URI']); exit; } } // trigger startup plugin hook $startup = $RCMAIL->plugins->exec_hook('startup', array('task' => $RCMAIL->task, 'action' => $RCMAIL->action)); $RCMAIL->set_task($startup['task']); $RCMAIL->action = $startup['action']; // try to log in
function rcube_https_check($port = null, $use_https = true) { _deprecation_warning(__FUNCTION__); return rcube_utils::https_check($port, $use_https); }