/** * Detect whether user is logged in * * Function is similar to is_logged_in() function. If user is logged in, function * returns true. If user is not logged in or session is expired, function saves $_POST * and PAGE_NAME in session and returns false. POST information is saved in * 'session_expired_post' variable, PAGE_NAME is saved in 'session_expired_location'. * * This function optionally checks the referrer of this page request. If the * administrator wants to impose a check that the referrer of this page request * is another page on the same domain (otherwise, the page request is likely * the result of a XSS or phishing attack), then they need to specify the * acceptable referrer domain in a variable named $check_referrer in * config/config.php (or the configuration tool) for which the value is * usually the same as the $domain setting (for example: * $check_referrer = 'example.com'; * However, in some cases (where proxy servers are in use, etc.), the * acceptable referrer might be different. If $check_referrer is set to * "###DOMAIN###", then the current value of $domain is used (useful in * situations where $domain might change at runtime (when using the Login * Manager plugin to host multiple domains with one SquirrelMail installation, * for example)): * $check_referrer = '###DOMAIN###'; * NOTE HOWEVER, that referrer checks are not foolproof - they can be spoofed * by browsers, and some browsers intentionally don't send them, in which * case SquirrelMail silently ignores referrer checks. * * Script that uses this function instead of is_logged_in() function, must handle user * level messages. * @return boolean * @since 1.5.1 */ function sqauth_is_logged_in() { global $check_referrer, $domain; if (!sqgetGlobalVar('HTTP_REFERER', $referrer, SQ_SERVER)) { $referrer = ''; } if ($check_referrer == '###DOMAIN###') { $check_referrer = $domain; } if (!empty($check_referrer)) { $ssl_check_referrer = 'https://' . $check_referrer; $plain_check_referrer = 'http://' . $check_referrer; } if (sqsession_is_registered('user_is_logged_in') && (!$check_referrer || empty($referrer) || $check_referrer && !empty($referrer) && (strpos(strtolower($referrer), strtolower($plain_check_referrer)) === 0 || strpos(strtolower($referrer), strtolower($ssl_check_referrer)) === 0))) { return true; } // First we store some information in the new session to prevent // information-loss. $session_expired_post = $_POST; if (defined('PAGE_NAME')) { $session_expired_location = PAGE_NAME; } else { $session_expired_location = ''; } if (!sqsession_is_registered('session_expired_post')) { sqsession_register($session_expired_post, 'session_expired_post'); } if (!sqsession_is_registered('session_expired_location')) { sqsession_register($session_expired_location, 'session_expired_location'); } session_write_close(); return false; }
/** * Check if user has previously logged in to the SquirrelMail session. If user * has not logged in, execution will stop inside this function. * * @return int A positive value is returned if user has previously logged in * successfully. */ function is_logged_in() { if (sqsession_is_registered('user_is_logged_in')) { return; } else { global $PHP_SELF, $HTTP_POST_VARS, $_POST, $session_expired_post, $session_expired_location, $squirrelmail_language; // First we store some information in the new session to prevent // information-loss. // if (!check_php_version(4, 1)) { $session_expired_post = $HTTP_POST_VARS; } else { $session_expired_post = $_POST; } $session_expired_location = $PHP_SELF; if (!sqsession_is_registered('session_expired_post')) { sqsession_register($session_expired_post, 'session_expired_post'); } if (!sqsession_is_registered('session_expired_location')) { sqsession_register($session_expired_location, 'session_expired_location'); } session_write_close(); // signout page will deal with users who aren't logged // in on its own; don't show error here // if (strpos($PHP_SELF, 'signout.php') !== FALSE) { return; } include_once SM_PATH . 'functions/display_messages.php'; set_up_language($squirrelmail_language, true); logout_error(_("You must be logged in to access this page.")); exit; } }
/** * Check if user has previously logged in to the SquirrelMail session. If user * has not logged in, execution will stop inside this function. * * @return void This function returns ONLY if user has previously logged in * successfully (otherwise, execution terminates herein). */ function is_logged_in() { if (sqsession_is_registered('user_is_logged_in')) { return; } else { global $session_expired_post, $session_expired_location, $squirrelmail_language; // use $message to indicate what logout text the user // will see... if 0, typical "You must be logged in" // if 1, information that the user session was saved // and will be resumed after (re)login // $message = 0; // First we store some information in the new session to prevent // information-loss. $session_expired_post = $_POST; if (defined('PAGE_NAME')) { $session_expired_location = PAGE_NAME; } if (!sqsession_is_registered('session_expired_post')) { sqsession_register($session_expired_post, 'session_expired_post'); } if (!sqsession_is_registered('session_expired_location')) { sqsession_register($session_expired_location, 'session_expired_location'); if ($session_expired_location == 'compose') { $message = 1; } } session_write_close(); // signout page will deal with users who aren't logged // in on its own; don't show error here if (defined('PAGE_NAME') && PAGE_NAME == 'signout') { return; } include_once SM_PATH . 'functions/display_messages.php'; set_up_language($squirrelmail_language, true); if (!$message) { logout_error(_("You must be logged in to access this page.")); } else { logout_error(_("Your session has expired, but will be resumed after logging in again.")); } exit; } }
function is_logged_in() { if (sqsession_is_registered('user_is_logged_in')) { return; } else { global $PHP_SELF, $session_expired_post, $session_expired_location; /* First we store some information in the new session to prevent * information-loss. */ $session_expired_post = $_POST; $session_expired_location = $PHP_SELF; if (!sqsession_is_registered('session_expired_post')) { sqsession_register($session_expired_post, 'session_expired_post'); } if (!sqsession_is_registered('session_expired_location')) { sqsession_register($session_expired_location, 'session_expired_location'); } include_once SM_PATH . 'functions/display_messages.php'; logout_error(_("You must be logged in to access this page.")); exit; } }
* * @author Tyler Akins * @copyright 2000-2016 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail * @subpackage themes */ /** Prevent direct script loading */ if (isset($_SERVER['SCRIPT_FILENAME']) && $_SERVER['SCRIPT_FILENAME'] == __FILE__) { die; } /** load required functions */ include_once SM_PATH . 'functions/global.php'; global $theme; if (!sqsession_is_registered('random_theme_good_theme')) { $good_themes = array(); foreach ($theme as $data) { if (substr($data['PATH'], -18) != '/themes/random.php') { $good_themes[] = $data['PATH']; } } if (count($good_themes) == 0) { $good_themes[] = '../themes/default.php'; } $which = mt_rand(0, count($good_themes)); $random_theme_good_theme = $good_themes[$which]; // remove current sm_path from theme name $path = preg_quote(SM_PATH, '/'); $random_theme_good_theme = preg_replace("/^{$path}/", '', $random_theme_good_theme); // store it in session
function get_thread_sort($imap_stream) { global $thread_new, $sort_by_ref, $default_charset, $server_sort_array, $uid_support; if (sqsession_is_registered('thread_new')) { sqsession_unregister('thread_new'); } if (sqsession_is_registered('server_sort_array')) { sqsession_unregister('server_sort_array'); } $sid = sqimap_session_id($uid_support); $thread_temp = array(); if ($sort_by_ref == 1) { $sort_type = 'REFERENCES'; } else { $sort_type = 'ORDEREDSUBJECT'; } $thread_query = "{$sid} THREAD {$sort_type} " . strtoupper($default_charset) . " ALL\r\n"; fputs($imap_stream, $thread_query); $thread_test = sqimap_read_data($imap_stream, $sid, false, $response, $message); if (isset($thread_test[0])) { if (preg_match("/^\\* THREAD (.+)\$/", $thread_test[0], $regs)) { $thread_list = trim($regs[1]); } } else { $thread_list = ""; } if (!preg_match("/OK/", $response)) { $server_sort_array = 'no'; return $server_sort_array; } if (isset($thread_list)) { $thread_temp = preg_split("//", $thread_list, -1, PREG_SPLIT_NO_EMPTY); } $char_count = count($thread_temp); $counter = 0; $thread_new = array(); $k = 0; $thread_new[0] = ""; for ($i = 0; $i < $char_count; $i++) { if ($thread_temp[$i] != ')' && $thread_temp[$i] != '(') { $thread_new[$k] = $thread_new[$k] . $thread_temp[$i]; } elseif ($thread_temp[$i] == '(') { $thread_new[$k] .= $thread_temp[$i]; $counter++; } elseif ($thread_temp[$i] == ')') { if ($counter > 1) { $thread_new[$k] .= $thread_temp[$i]; $counter = $counter - 1; } else { $thread_new[$k] .= $thread_temp[$i]; $k++; $thread_new[$k] = ""; $counter = $counter - 1; } } } sqsession_register($thread_new, 'thread_new'); $thread_new = array_reverse($thread_new); $thread_list = implode(" ", $thread_new); $thread_list = str_replace("(", " ", $thread_list); $thread_list = str_replace(")", " ", $thread_list); $thread_list = preg_split("/\\s/", $thread_list, -1, PREG_SPLIT_NO_EMPTY); $server_sort_array = $thread_list; sqsession_register($server_sort_array, 'server_sort_array'); return $thread_list; }
* * @copyright © 1999-2009 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id: prefs.php 13549 2009-04-15 22:00:49Z jervfors $ * @package squirrelmail * @subpackage prefs */ /** Include global.php */ require_once SM_PATH . 'functions/global.php'; require_once SM_PATH . 'functions/plugin.php'; /** include this for error messages */ include_once SM_PATH . 'functions/display_messages.php'; sqgetGlobalVar('prefs_cache', $prefs_cache, SQ_SESSION); sqgetGlobalVar('prefs_are_cached', $prefs_are_cached, SQ_SESSION); $rg = ini_get('register_globals'); if (!sqsession_is_registered('prefs_are_cached') || !isset($prefs_cache) || !is_array($prefs_cache)) { $prefs_are_cached = false; $prefs_cache = array(); } $prefs_backend = do_hook_function('prefs_backend'); if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) { require_once SM_PATH . $prefs_backend; } elseif (isset($prefs_dsn) && !empty($prefs_dsn)) { require_once SM_PATH . 'functions/db_prefs.php'; } else { require_once SM_PATH . 'functions/file_prefs.php'; } /* Hashing functions */ /** * Given a username and datafilename, this will return the path to the * hashed location of that datafile.
* @copyright © 1999-2007 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id: prefs.php 12127 2007-01-13 20:07:24Z kink $ * @package squirrelmail * @subpackage prefs */ /** Include global.php */ require_once SM_PATH . 'functions/global.php'; require_once SM_PATH . 'functions/plugin.php'; /** include this for error messages */ include_once SM_PATH . 'functions/display_messages.php'; sqgetGlobalVar('prefs_cache', $prefs_cache, SQ_SESSION); sqgetGlobalVar('prefs_are_cached', $prefs_are_cached, SQ_SESSION); $rg = ini_get('register_globals'); /* if php version >= 4.1 OR (4.0 AND $rg = off) */ if (!sqsession_is_registered('prefs_are_cached') || !isset($prefs_cache) || !is_array($prefs_cache) || check_php_version(4, 1) || empty($rg)) { $prefs_are_cached = false; $prefs_cache = array(); } $prefs_backend = do_hook_function('prefs_backend'); if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) { require_once SM_PATH . $prefs_backend; } elseif (isset($prefs_dsn) && !empty($prefs_dsn)) { require_once SM_PATH . 'functions/db_prefs.php'; } else { require_once SM_PATH . 'functions/file_prefs.php'; } /* Hashing functions */ /** * Given a username and datafilename, this will return the path to the * hashed location of that datafile.
$subject = str_replace(' ', ' ', $subject); $bodyTop = str_pad(' ' . _("Original Message") . ' ', $editor_size - 2, '-', STR_PAD_BOTH) . "\n" . $display[_("Subject")] . $subject . "\n" . $display[_("From")] . $from . "\n" . $display[_("Date")] . getLongDateString($orig_header->date) . "\n" . $display[_("To")] . $to . "\n"; if ($orig_header->cc != array() && $orig_header->cc != '') { $cc = decodeHeader($orig_header->getAddr_s('cc', "\n{$indent}"), false, false, true); $cc = str_replace(' ', ' ', $cc); $bodyTop .= $display[_("Cc")] . $cc . "\n"; } $bodyTop .= str_pad('', $editor_size - 2, '-') . "\n\n"; return $bodyTop; } /* ----------------------------------------------------------------------- */ /* * If the session is expired during a post this restores the compose session * vars. */ if (sqsession_is_registered('session_expired_post')) { sqgetGlobalVar('session_expired_post', $session_expired_post, SQ_SESSION); /* * extra check for username so we don't display previous post data from * another user during this session. */ if ($session_expired_post['username'] != $username) { unset($session_expired_post); sqsession_unregister('session_expired_post'); session_write_close(); } else { foreach ($session_expired_post as $postvar => $val) { if (isset($val)) { ${$postvar} = $val; } else { ${$postvar} = '';
} if (strpos($emailaddress, '?') !== false) { list($emailaddress, $a) = explode('?', $emailaddress, 2); if (strlen(trim($a)) > 0) { $a = explode('=', $a, 2); $url .= $trtable[strtolower($a[0])] . '=' . urlencode($a[1]) . '&'; } } $url = 'send_to=' . urlencode($emailaddress) . '&' . $url; /* CC, BCC, etc could be any case, so we'll fix them here */ foreach ($_GET as $k => $g) { $k = strtolower($k); if (isset($trtable[$k])) { $k = $trtable[$k]; $url .= $k . '=' . urlencode($g) . '&'; } } $url = substr($url, 0, -1); } sqsession_is_active(); if ($force_login == false && sqsession_is_registered('user_is_logged_in')) { if ($compose_only == true) { $redirect = 'compose.php?' . $url; } else { $redirect = 'webmail.php?right_frame=compose.php?' . urlencode($url); } } else { $redirect = 'login.php?mailto=' . urlencode($url); } session_write_close(); header('Location: ' . get_location() . '/' . $redirect);
function compatibility_sqsession_is_registered($name) { return sqsession_is_registered($name); }
if (!sqGetGlobalVar('squirrelmail_language', $squirrelmail_language) || $squirrelmail_language == '') { $squirrelmail_language = $squirrelmail_default_language; } if (!sqgetGlobalVar('mailtodata', $mailtodata)) { $mailtodata = ''; } /* end of get globals */ set_up_language($squirrelmail_language, true); /* Refresh the language cookie. */ sqsetcookie('squirrelmail_language', $squirrelmail_language, time() + 2592000, $base_uri); if (!isset($login_username)) { include_once SM_PATH . 'functions/display_messages.php'; logout_error(_("You must be logged in to access this page.")); exit; } if (!sqsession_is_registered('user_is_logged_in')) { do_hook('login_before'); /** * Regenerate session id to make sure that authenticated session uses * different ID than one used before user authenticated. This is a * countermeasure against session fixation attacks. * NB: session_regenerate_id() was added in PHP 4.3.2 (and new session * cookie is only sent out in this call as of PHP 4.3.3), but PHP 4 * is not vulnerable to session fixation problems in SquirrelMail * because it prioritizes $base_uri subdirectory cookies differently * than PHP 5, which is otherwise vulnerable. If we really want to, * we could define our own session_regenerate_id() when one does not * exist, but there seems to be no reason to do so. */ if (function_exists('session_regenerate_id')) { session_regenerate_id();
* registered session data. :) * *********************************************************************/ if (!isset($use_mailbox_cache)) { $use_mailbox_cache = 0; } if ($use_mailbox_cache && sqsession_is_registered('msgs')) { showMessagesForMailbox($imapConnection, $mailbox, $numMessages, $startMessage, $sort, $color, $show_num, $use_mailbox_cache); } else { if (sqsession_is_registered('msgs')) { unset($msgs); } if (sqsession_is_registered('msort')) { unset($msort); } if (sqsession_is_registered('numMessages')) { unset($numMessages); } $numMessages = sqimap_get_num_messages($imapConnection, $mailbox); // set 8th argument to false in order to make sure that cache is not used. showMessagesForMailbox($imapConnection, $mailbox, $numMessages, $startMessage, $sort, $color, $show_num, false); if (sqsession_is_registered('msgs') && isset($msgs)) { sqsession_register($msgs, 'msgs'); } if (sqsession_is_registered('msort') && isset($msort)) { sqsession_register($msort, 'msort'); } sqsession_register($numMessages, 'numMessages'); } do_hook('right_main_bottom'); sqimap_logout($imapConnection); echo '</body></html>';
$emailaddress = substr($emailaddress, 7); } if (strpos($emailaddress, '?') !== FALSE) { list($emailaddress, $a) = explode('?', $emailaddress, 2); if (strlen(trim($a)) > 0) { $a = explode('=', $a, 2); $data[strtolower($a[0])] = $a[1]; } } $data['to'] = $emailaddress; /* CC, BCC, etc could be any case, so we'll fix them here */ foreach ($_GET as $k => $g) { $k = strtolower($k); if (isset($trtable[$k])) { $k = $trtable[$k]; $data[$k] = $g; } } } sqsession_is_active(); if (!$force_login && sqsession_is_registered('user_is_logged_in')) { if ($compose_only) { $redirect = 'compose.php?mailtodata=' . urlencode(serialize($data)); } else { $redirect = 'webmail.php?right_frame=compose.php&mailtodata=' . urlencode(serialize($data)); } } else { $redirect = 'login.php?mailtodata=' . urlencode(serialize($data)); } session_write_close(); header('Location: ' . get_location() . '/' . $redirect);