/**
* Detect whether user is logged in
*
* Function is similar to is_logged_in() function. If user is logged in, function
* returns true. If user is not logged in or session is expired, function saves $_POST
* and PAGE_NAME in session and returns false. POST information is saved in
* 'session_expired_post' variable, PAGE_NAME is saved in 'session_expired_location'.
*
* This function optionally checks the referrer of this page request. If the
* administrator wants to impose a check that the referrer of this page request
* is another page on the same domain (otherwise, the page request is likely
* the result of a XSS or phishing attack), then they need to specify the
* acceptable referrer domain in a variable named $check_referrer in
* config/config.php (or the configuration tool) for which the value is
* usually the same as the $domain setting (for example:
* $check_referrer = 'example.com';
* However, in some cases (where proxy servers are in use, etc.), the
* acceptable referrer might be different. If $check_referrer is set to
* "###DOMAIN###", then the current value of $domain is used (useful in
* situations where $domain might change at runtime (when using the Login
* Manager plugin to host multiple domains with one SquirrelMail installation,
* for example)):
* $check_referrer = '###DOMAIN###';
* NOTE HOWEVER, that referrer checks are not foolproof - they can be spoofed
* by browsers, and some browsers intentionally don't send them, in which
* case SquirrelMail silently ignores referrer checks.
*
* Script that uses this function instead of is_logged_in() function, must handle user
* level messages.
* @return boolean
* @since 1.5.1
*/
function sqauth_is_logged_in()
{
global $check_referrer, $domain;
if (!sqgetGlobalVar('HTTP_REFERER', $referrer, SQ_SERVER)) {
$referrer = '';
}
if ($check_referrer == '###DOMAIN###') {
$check_referrer = $domain;
}
if (!empty($check_referrer)) {
$ssl_check_referrer = 'https://' . $check_referrer;
$plain_check_referrer = 'http://' . $check_referrer;
}
if (sqsession_is_registered('user_is_logged_in') && (!$check_referrer || empty($referrer) || $check_referrer && !empty($referrer) && (strpos(strtolower($referrer), strtolower($plain_check_referrer)) === 0 || strpos(strtolower($referrer), strtolower($ssl_check_referrer)) === 0))) {
return true;
}
// First we store some information in the new session to prevent
// information-loss.
$session_expired_post = $_POST;
if (defined('PAGE_NAME')) {
$session_expired_location = PAGE_NAME;
} else {
$session_expired_location = '';
}
if (!sqsession_is_registered('session_expired_post')) {
sqsession_register($session_expired_post, 'session_expired_post');
}
if (!sqsession_is_registered('session_expired_location')) {
sqsession_register($session_expired_location, 'session_expired_location');
}
session_write_close();
return false;
}
/**
* Check if user has previously logged in to the SquirrelMail session. If user
* has not logged in, execution will stop inside this function.
*
* @return int A positive value is returned if user has previously logged in
* successfully.
*/
function is_logged_in()
{
if (sqsession_is_registered('user_is_logged_in')) {
return;
} else {
global $PHP_SELF, $HTTP_POST_VARS, $_POST, $session_expired_post, $session_expired_location, $squirrelmail_language;
// First we store some information in the new session to prevent
// information-loss.
//
if (!check_php_version(4, 1)) {
$session_expired_post = $HTTP_POST_VARS;
} else {
$session_expired_post = $_POST;
}
$session_expired_location = $PHP_SELF;
if (!sqsession_is_registered('session_expired_post')) {
sqsession_register($session_expired_post, 'session_expired_post');
}
if (!sqsession_is_registered('session_expired_location')) {
sqsession_register($session_expired_location, 'session_expired_location');
}
session_write_close();
// signout page will deal with users who aren't logged
// in on its own; don't show error here
//
if (strpos($PHP_SELF, 'signout.php') !== FALSE) {
return;
}
include_once SM_PATH . 'functions/display_messages.php';
set_up_language($squirrelmail_language, true);
logout_error(_("You must be logged in to access this page."));
exit;
}
}
/**
* Check if user has previously logged in to the SquirrelMail session. If user
* has not logged in, execution will stop inside this function.
*
* @return void This function returns ONLY if user has previously logged in
* successfully (otherwise, execution terminates herein).
*/
function is_logged_in()
{
if (sqsession_is_registered('user_is_logged_in')) {
return;
} else {
global $session_expired_post, $session_expired_location, $squirrelmail_language;
// use $message to indicate what logout text the user
// will see... if 0, typical "You must be logged in"
// if 1, information that the user session was saved
// and will be resumed after (re)login
//
$message = 0;
// First we store some information in the new session to prevent
// information-loss.
$session_expired_post = $_POST;
if (defined('PAGE_NAME')) {
$session_expired_location = PAGE_NAME;
}
if (!sqsession_is_registered('session_expired_post')) {
sqsession_register($session_expired_post, 'session_expired_post');
}
if (!sqsession_is_registered('session_expired_location')) {
sqsession_register($session_expired_location, 'session_expired_location');
if ($session_expired_location == 'compose') {
$message = 1;
}
}
session_write_close();
// signout page will deal with users who aren't logged
// in on its own; don't show error here
if (defined('PAGE_NAME') && PAGE_NAME == 'signout') {
return;
}
include_once SM_PATH . 'functions/display_messages.php';
set_up_language($squirrelmail_language, true);
if (!$message) {
logout_error(_("You must be logged in to access this page."));
} else {
logout_error(_("Your session has expired, but will be resumed after logging in again."));
}
exit;
}
}
function is_logged_in()
{
if (sqsession_is_registered('user_is_logged_in')) {
return;
} else {
global $PHP_SELF, $session_expired_post, $session_expired_location;
/* First we store some information in the new session to prevent
* information-loss.
*/
$session_expired_post = $_POST;
$session_expired_location = $PHP_SELF;
if (!sqsession_is_registered('session_expired_post')) {
sqsession_register($session_expired_post, 'session_expired_post');
}
if (!sqsession_is_registered('session_expired_location')) {
sqsession_register($session_expired_location, 'session_expired_location');
}
include_once SM_PATH . 'functions/display_messages.php';
logout_error(_("You must be logged in to access this page."));
exit;
}
}
*
* @author Tyler Akins
* @copyright 2000-2016 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
* @subpackage themes
*/
/** Prevent direct script loading */
if (isset($_SERVER['SCRIPT_FILENAME']) && $_SERVER['SCRIPT_FILENAME'] == __FILE__) {
die;
}
/** load required functions */
include_once SM_PATH . 'functions/global.php';
global $theme;
if (!sqsession_is_registered('random_theme_good_theme')) {
$good_themes = array();
foreach ($theme as $data) {
if (substr($data['PATH'], -18) != '/themes/random.php') {
$good_themes[] = $data['PATH'];
}
}
if (count($good_themes) == 0) {
$good_themes[] = '../themes/default.php';
}
$which = mt_rand(0, count($good_themes));
$random_theme_good_theme = $good_themes[$which];
// remove current sm_path from theme name
$path = preg_quote(SM_PATH, '/');
$random_theme_good_theme = preg_replace("/^{$path}/", '', $random_theme_good_theme);
// store it in session
function get_thread_sort($imap_stream)
{
global $thread_new, $sort_by_ref, $default_charset, $server_sort_array, $uid_support;
if (sqsession_is_registered('thread_new')) {
sqsession_unregister('thread_new');
}
if (sqsession_is_registered('server_sort_array')) {
sqsession_unregister('server_sort_array');
}
$sid = sqimap_session_id($uid_support);
$thread_temp = array();
if ($sort_by_ref == 1) {
$sort_type = 'REFERENCES';
} else {
$sort_type = 'ORDEREDSUBJECT';
}
$thread_query = "{$sid} THREAD {$sort_type} " . strtoupper($default_charset) . " ALL\r\n";
fputs($imap_stream, $thread_query);
$thread_test = sqimap_read_data($imap_stream, $sid, false, $response, $message);
if (isset($thread_test[0])) {
if (preg_match("/^\\* THREAD (.+)\$/", $thread_test[0], $regs)) {
$thread_list = trim($regs[1]);
}
} else {
$thread_list = "";
}
if (!preg_match("/OK/", $response)) {
$server_sort_array = 'no';
return $server_sort_array;
}
if (isset($thread_list)) {
$thread_temp = preg_split("//", $thread_list, -1, PREG_SPLIT_NO_EMPTY);
}
$char_count = count($thread_temp);
$counter = 0;
$thread_new = array();
$k = 0;
$thread_new[0] = "";
for ($i = 0; $i < $char_count; $i++) {
if ($thread_temp[$i] != ')' && $thread_temp[$i] != '(') {
$thread_new[$k] = $thread_new[$k] . $thread_temp[$i];
} elseif ($thread_temp[$i] == '(') {
$thread_new[$k] .= $thread_temp[$i];
$counter++;
} elseif ($thread_temp[$i] == ')') {
if ($counter > 1) {
$thread_new[$k] .= $thread_temp[$i];
$counter = $counter - 1;
} else {
$thread_new[$k] .= $thread_temp[$i];
$k++;
$thread_new[$k] = "";
$counter = $counter - 1;
}
}
}
sqsession_register($thread_new, 'thread_new');
$thread_new = array_reverse($thread_new);
$thread_list = implode(" ", $thread_new);
$thread_list = str_replace("(", " ", $thread_list);
$thread_list = str_replace(")", " ", $thread_list);
$thread_list = preg_split("/\\s/", $thread_list, -1, PREG_SPLIT_NO_EMPTY);
$server_sort_array = $thread_list;
sqsession_register($server_sort_array, 'server_sort_array');
return $thread_list;
}
*
* @copyright © 1999-2009 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id: prefs.php 13549 2009-04-15 22:00:49Z jervfors $
* @package squirrelmail
* @subpackage prefs
*/
/** Include global.php */
require_once SM_PATH . 'functions/global.php';
require_once SM_PATH . 'functions/plugin.php';
/** include this for error messages */
include_once SM_PATH . 'functions/display_messages.php';
sqgetGlobalVar('prefs_cache', $prefs_cache, SQ_SESSION);
sqgetGlobalVar('prefs_are_cached', $prefs_are_cached, SQ_SESSION);
$rg = ini_get('register_globals');
if (!sqsession_is_registered('prefs_are_cached') || !isset($prefs_cache) || !is_array($prefs_cache)) {
$prefs_are_cached = false;
$prefs_cache = array();
}
$prefs_backend = do_hook_function('prefs_backend');
if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) {
require_once SM_PATH . $prefs_backend;
} elseif (isset($prefs_dsn) && !empty($prefs_dsn)) {
require_once SM_PATH . 'functions/db_prefs.php';
} else {
require_once SM_PATH . 'functions/file_prefs.php';
}
/* Hashing functions */
/**
* Given a username and datafilename, this will return the path to the
* hashed location of that datafile.
* @copyright © 1999-2007 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id: prefs.php 12127 2007-01-13 20:07:24Z kink $
* @package squirrelmail
* @subpackage prefs
*/
/** Include global.php */
require_once SM_PATH . 'functions/global.php';
require_once SM_PATH . 'functions/plugin.php';
/** include this for error messages */
include_once SM_PATH . 'functions/display_messages.php';
sqgetGlobalVar('prefs_cache', $prefs_cache, SQ_SESSION);
sqgetGlobalVar('prefs_are_cached', $prefs_are_cached, SQ_SESSION);
$rg = ini_get('register_globals');
/* if php version >= 4.1 OR (4.0 AND $rg = off) */
if (!sqsession_is_registered('prefs_are_cached') || !isset($prefs_cache) || !is_array($prefs_cache) || check_php_version(4, 1) || empty($rg)) {
$prefs_are_cached = false;
$prefs_cache = array();
}
$prefs_backend = do_hook_function('prefs_backend');
if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) {
require_once SM_PATH . $prefs_backend;
} elseif (isset($prefs_dsn) && !empty($prefs_dsn)) {
require_once SM_PATH . 'functions/db_prefs.php';
} else {
require_once SM_PATH . 'functions/file_prefs.php';
}
/* Hashing functions */
/**
* Given a username and datafilename, this will return the path to the
* hashed location of that datafile.
$subject = str_replace(' ', ' ', $subject);
$bodyTop = str_pad(' ' . _("Original Message") . ' ', $editor_size - 2, '-', STR_PAD_BOTH) . "\n" . $display[_("Subject")] . $subject . "\n" . $display[_("From")] . $from . "\n" . $display[_("Date")] . getLongDateString($orig_header->date) . "\n" . $display[_("To")] . $to . "\n";
if ($orig_header->cc != array() && $orig_header->cc != '') {
$cc = decodeHeader($orig_header->getAddr_s('cc', "\n{$indent}"), false, false, true);
$cc = str_replace(' ', ' ', $cc);
$bodyTop .= $display[_("Cc")] . $cc . "\n";
}
$bodyTop .= str_pad('', $editor_size - 2, '-') . "\n\n";
return $bodyTop;
}
/* ----------------------------------------------------------------------- */
/*
* If the session is expired during a post this restores the compose session
* vars.
*/
if (sqsession_is_registered('session_expired_post')) {
sqgetGlobalVar('session_expired_post', $session_expired_post, SQ_SESSION);
/*
* extra check for username so we don't display previous post data from
* another user during this session.
*/
if ($session_expired_post['username'] != $username) {
unset($session_expired_post);
sqsession_unregister('session_expired_post');
session_write_close();
} else {
foreach ($session_expired_post as $postvar => $val) {
if (isset($val)) {
${$postvar} = $val;
} else {
${$postvar} = '';
}
if (strpos($emailaddress, '?') !== false) {
list($emailaddress, $a) = explode('?', $emailaddress, 2);
if (strlen(trim($a)) > 0) {
$a = explode('=', $a, 2);
$url .= $trtable[strtolower($a[0])] . '=' . urlencode($a[1]) . '&';
}
}
$url = 'send_to=' . urlencode($emailaddress) . '&' . $url;
/* CC, BCC, etc could be any case, so we'll fix them here */
foreach ($_GET as $k => $g) {
$k = strtolower($k);
if (isset($trtable[$k])) {
$k = $trtable[$k];
$url .= $k . '=' . urlencode($g) . '&';
}
}
$url = substr($url, 0, -1);
}
sqsession_is_active();
if ($force_login == false && sqsession_is_registered('user_is_logged_in')) {
if ($compose_only == true) {
$redirect = 'compose.php?' . $url;
} else {
$redirect = 'webmail.php?right_frame=compose.php?' . urlencode($url);
}
} else {
$redirect = 'login.php?mailto=' . urlencode($url);
}
session_write_close();
header('Location: ' . get_location() . '/' . $redirect);
function compatibility_sqsession_is_registered($name)
{
return sqsession_is_registered($name);
}
if (!sqGetGlobalVar('squirrelmail_language', $squirrelmail_language) || $squirrelmail_language == '') {
$squirrelmail_language = $squirrelmail_default_language;
}
if (!sqgetGlobalVar('mailtodata', $mailtodata)) {
$mailtodata = '';
}
/* end of get globals */
set_up_language($squirrelmail_language, true);
/* Refresh the language cookie. */
sqsetcookie('squirrelmail_language', $squirrelmail_language, time() + 2592000, $base_uri);
if (!isset($login_username)) {
include_once SM_PATH . 'functions/display_messages.php';
logout_error(_("You must be logged in to access this page."));
exit;
}
if (!sqsession_is_registered('user_is_logged_in')) {
do_hook('login_before');
/**
* Regenerate session id to make sure that authenticated session uses
* different ID than one used before user authenticated. This is a
* countermeasure against session fixation attacks.
* NB: session_regenerate_id() was added in PHP 4.3.2 (and new session
* cookie is only sent out in this call as of PHP 4.3.3), but PHP 4
* is not vulnerable to session fixation problems in SquirrelMail
* because it prioritizes $base_uri subdirectory cookies differently
* than PHP 5, which is otherwise vulnerable. If we really want to,
* we could define our own session_regenerate_id() when one does not
* exist, but there seems to be no reason to do so.
*/
if (function_exists('session_regenerate_id')) {
session_regenerate_id();
* registered session data. :) *
*********************************************************************/
if (!isset($use_mailbox_cache)) {
$use_mailbox_cache = 0;
}
if ($use_mailbox_cache && sqsession_is_registered('msgs')) {
showMessagesForMailbox($imapConnection, $mailbox, $numMessages, $startMessage, $sort, $color, $show_num, $use_mailbox_cache);
} else {
if (sqsession_is_registered('msgs')) {
unset($msgs);
}
if (sqsession_is_registered('msort')) {
unset($msort);
}
if (sqsession_is_registered('numMessages')) {
unset($numMessages);
}
$numMessages = sqimap_get_num_messages($imapConnection, $mailbox);
// set 8th argument to false in order to make sure that cache is not used.
showMessagesForMailbox($imapConnection, $mailbox, $numMessages, $startMessage, $sort, $color, $show_num, false);
if (sqsession_is_registered('msgs') && isset($msgs)) {
sqsession_register($msgs, 'msgs');
}
if (sqsession_is_registered('msort') && isset($msort)) {
sqsession_register($msort, 'msort');
}
sqsession_register($numMessages, 'numMessages');
}
do_hook('right_main_bottom');
sqimap_logout($imapConnection);
echo '</body></html>';
$emailaddress = substr($emailaddress, 7);
}
if (strpos($emailaddress, '?') !== FALSE) {
list($emailaddress, $a) = explode('?', $emailaddress, 2);
if (strlen(trim($a)) > 0) {
$a = explode('=', $a, 2);
$data[strtolower($a[0])] = $a[1];
}
}
$data['to'] = $emailaddress;
/* CC, BCC, etc could be any case, so we'll fix them here */
foreach ($_GET as $k => $g) {
$k = strtolower($k);
if (isset($trtable[$k])) {
$k = $trtable[$k];
$data[$k] = $g;
}
}
}
sqsession_is_active();
if (!$force_login && sqsession_is_registered('user_is_logged_in')) {
if ($compose_only) {
$redirect = 'compose.php?mailtodata=' . urlencode(serialize($data));
} else {
$redirect = 'webmail.php?right_frame=compose.php&mailtodata=' . urlencode(serialize($data));
}
} else {
$redirect = 'login.php?mailtodata=' . urlencode(serialize($data));
}
session_write_close();
header('Location: ' . get_location() . '/' . $redirect);
