Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F2571707
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Flag For Later
Award Token
Size
114 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/CHANGELOG b/CHANGELOG
index ab5980e61..f02a1ad95 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,660 +1,666 @@
CHANGELOG RoundCube Webmail
---------------------------
+2007/03/27 (thomasb)
+----------
+- New session authentication: Change sessid cookie when login, authentication with sessauth cookie is now configurable.
+ Should close bugs #1483951 and #1484299
+
+
2007/03/23 (thomasb)
----------
- Correctly translate mailbox names (closes #1484276)
- Quote e-mail address links (closes #1484300)
2007/03/21 (thomasb)
----------
- Updated PEAR::Mail_mime package
- Added Persian localization
- Updated Catalan and Brazilian Portuguese translations
- Updated INSTALL manual with a note about database passwords
- Accept single quotes for HTML attributes when modifying message body (thanks Jason)
- Sanitize input for new users/identities (thanks Colin Alston)
2007/03/19 (thomasb)
----------
- Don't download HTML message parts
- Convert HTML parts to plaintext if 'prefer_html' is off
- Correctly parse message/rfc822 parts (closes #1484045)
- Code cleanup
2007/03/18 (thomasb)
----------
- Also use user_id for unique key in messages table (closes #1484074)
- Hide contacts drop down on blur (closes #1484203)
- Make entries in contacts drop down clickable
- Turn off browser autocompletion on login page
- Quote <? in text/html message parts
- Hide border around radio buttons
- Replaced old JS function calls.
2007/03/13 (thomasb)
----------
- Applied patch for attachment download by crichardson (closes #1484198)
- Fixed bug in Postgres DB handling (closes #1484068)
- Fixed bug of invalid calls to fetchRow() in rcube_db.inc (closes #1484280)
- Fixed array_merge bug (closes #1484281)
- Fixed flag for deletion in list view (closes #1484264)
- Finally support semicolons as recipient separator (closes ##1484251)
- Fixed message headers (subject) encoding
2007/03/04 (tomekp)
----------
- check if safe mode is on or not (closes #1484269)
2007/03/02 (thomasb)
----------
- Show "no subject" in message list if subject is missing (closes #1484243)
- Solved page caching of message preview (closes #1484153)
- Only use gzip compression if configured (closes #1484236)
2007/02/25 (estadtherr)
----------
- Fixed priority selector issue (#1484150)
- Upgraded to TinyMCE v2.1.0
2007/02/21 (thomasb)
----------
- Fixed some CSS issues in default skin (closes #1484210 and #1484161)
- Prevent from double quoting of numeric HTML character references (closes #1484253)
2007/02/07 (tomekp)
----------
- Updated (bg) translation (Doichin Dokov)
2007/02/06 (tomekp)
----------
- Updated (pl) translation
- Updated (pt_BR) translation (Robson F. Ramaldes)
- Big cleanup in program/localization
2007/02/05 (thomasb)
----------
- Updated Italian, Slovenian, Greek, Bulgarian, Hungarian and Croatian translation
2007/01/07 (estadtherr)
----------
- Fixed display of HTML message attachments (closes #1484178)
2007/01/07 (thomasb)
----------
- Applied patch for preview caching (closes #1484186)
- Added Thai and Vietnamese localization files
2006/12/29 (thomasb)
----------
- Added error handling for attachment uploads
- Use multibyte safe string functions where necessary (closes #1483988)
- Updated Swiss German localization (de_CH)
2006/12/22 (thomasb)
----------
- Applied security patch to validate the submitted host value (by Kees Cook)
- Applied security patch to validate input values when deleting contacts (by Kees Cook)
- Applied security patch that sanitizes emoticon paths when attaching them (by Kees Cook)
- Applied a patch to more aggressively sanitize a HTML message
- Visualize blocked images in HTML messages
2006/12/20 (thomasb)
----------
- Fixed wrong message listing when showing search results (closes #1484131)
- Introduced functions Q() and JQ() as aliases for rep_specialchars_output()
- Show remote images when opening HTML message part as attachment
2006/12/17 (thomasb)
----------
- Added patch by Ryan Rittenhouse & David Glick for a resizeable preview pane
2006/12/06 (thomasb)
----------
- Improve memory usage when sending mail (closes #1484098)
- Mark messages as read once the preview is loaded (closes #1484132)
- Include smtp final response in log (closes #1484081)
2006/12/04 (thomasb)
----------
- Corrected date string in sent message header (closes #1484125)
- Correclty choose "To" column in sent and draft mailboxes (closes #1483943)
- Changed srong tooltips for message browse buttons (closes #1483930)
2006/12/03 (estadtherr)
----------
- Added fix to convert HTML signatures for plain text messages
- Fixed signature delimeter character to be standard (Bug #1484035)
2006/12/01 (thomasb)
----------
- Implemented preview pane
- Fixed XSS vulnerability (Bug #1484109)
- Remove newlines from mail headers (Bug #1484031)
- Selection issues when moving/deleting (Bug #1484044)
- Applied patch of Clement Moulin for imap host auto-selection
- ISO-encode IMAP password for plaintext login (Bugs #1483977 & #1483886)
- Fixed folder name encoding in subscription list (Bug #1484113)
- Fixed JS errors in identity list (Bug #1484120)
- Show client debug console on debug_level 8
- Added Serbian translation
- Updated Spanish and Bulgarian localization
2006/11/22 (robin)
----------
- Fix a bug introduced with Shift-Del yesterday
2006/11/21 (robin)
----------
- Add missing nl_NL translations
- Translate foldernames in folder form (closes #1484113)
2006/11/21 (robin)
----------
- Added first and last buttons to message list, address book
and message detail
- Pressing Shift-Del bypasses Trash folder
- Enable purge command for Junk folder
2006/11/17 (robin)
----------
- Re-initialize message list after shift-select and delete
2006/11/16 (robin)
----------
- Fixed updating message list after expunge and purge
- Fetch all aliases if virtuser_query is used instead
of only the first one
2006/11/11 (estadtherr)
----------
- fixed deletion/moving of messages from within "show" page
2006/11/09 (thomasb)
----------
- Little bugfix in HTML encoding
- Fixed encoding issues and delete-on-reply problem
- Corrected template parsing
2006/11/07 (estadtherr)
----------
- Upgraded to TinyMCE v2.0.8
- Fixed CSS path for editor popups
2006/09/26 (estadtherr)
----------
- Added spellchecker plugin to TinyMCE configuration
- Fixed HTML/Plain toggle labels
2006/09/24 (thomasb)
----------
- Partial client re-write with a common list class
- Re-enabled multi select of contacts (Bug #1484017)
- Enable contact editing right after creation (Bug #1459641)
- Updated Hungarian, Estonian and Traditional Chinese localization
2006/09/19 (thomasb)
----------
- Correct UTF-7 to UTF-8 conversion if mbstring is not available
2006/09/13 (estadtherr)
----------
- Introduction of TinyMCE HTML editor support for message composition and signatures
Note : a new column is added to the "identities" database table
2006/09/12 (estadtherr)
----------
- Fixed html2text treatment of table headers (Bug #1484020)
- Fixed IMAP fetch of message body (Bug #1484019)
2006/09/08 (thomasb)
----------
- Fixed safe_mode problems (Bug #1418381)
- Fixed wrong header encoding (Bug #1483976)
2006/09/07 (thomasb)
----------
- Made automatic draft saving configurable
- Fixed JS bug when renaming folders (Bug #1483989)
- Don't wait for complete page load when calling JavaScript init()
- Some improvements to prevent session expiration
- Prevent from double submit of spell check requests
2006/09/01 (thomasb)
----------
- Imporoved message parsing and HTML validation
- Added quota display as image (by Brett Patterson)
- Corrected creation of a message-id
- Updated Norwegian (bokmal) localization
2006/08/30 (thomasb)
----------
- New indentation for quoted message text
- Improved HTML validity
2006/08/28 (estadtherr)
----------
- Fixed URL character set (Ticket #1445501)
- Fixed saving of contact into MySQL from LDAP query results (Ticket #1483820)
2006/08/25 (thomasb)
----------
- Fixed folder renaming: unsubscribe before rename (Bug #1483920)
- Finalized new message parsing (+ chaching)
- Updated SQL scripts and UPGRADING instructions
2006/08/23 (thomasb)
----------
- Updated Polish, Portuguese, Latvian, Chinese and Japanese localization
2006/08/20 (thomasb)
----------
- Fixed wrong usage of mbstring (Bug #1462439)
- Set default spelling language (Ticket #1483938)
- Added support for Nox Spell Server
2006/08/18 (thomasb)
----------
- Re-built message parsing (Bug #1327068)
Now based on the message structure delivered by the IMAP server.
- Fixed some XSS and SQL injection issues
2006/08/10 (thomasb)
----------
- Fixed charset problems with folder renaming
2006/08/04 (thomasb)
----------
- Fixed Bug in saving identities (Ticket #1483915)
- Set folder name in window title (Bug #1483919)
- Don't add imap_root to INBOX path (Bug #1483816)
- Attempt to create default folders only after login
- Avoid usage of $CONFIG in rcube_imap class
2006/07/30 (thomasb)
----------
- Alter links in HTML messages (Bug #1326402)
- Added fallback if host not found in 'mail_domain' array
- Applied patch of Charles to highlight droptargets (Ticket #1473034)
- Fixed folder renaming (Bug #1483914)
- Added confirmation message after deleting a folder
2006/07/25 (thomasb)
----------
- Made folder renaming a bit more ajax-style
- Changed rename-labels and German translation
- Fixed addressbox countbar width (Bug #1483845)
- Fixed refresh interval problems in Safari (Bug #1483902)
- Fixed clear_message_list_header() errors (Bug #1483898)
- Sanity check of $message_set in imap.inc (Bug #1443200)
- Added correct changing of message list headers for Sent folder
- Updated Spanish localization (Ticket #1483887)
- Applied patch #1483846
2006/07/24 (richs)
----------
- Draft window no longer reloads. It saves to an iframe in the background instead (fixes bug #1483869)
- Draft timer now part of program/js/app.js instead of skins/default/templates/compose.inc
- Draft saving now properly returns an error when saving fails
- Draft timer stops and resets properly when attachments are uploaded, or when saving manually
- Old compose session/attachments are now cleaned up when a new/forward/reply/draft is made/opened
2006/07/19 (thomasb)
----------
- Correct entity encoding of link urls (HTML validity)
- Improved usability in compose step (Ticket #1483807)
- Added absolute URLs to several buttons (for "open in new window")
- Applied patch #1328032
- Fixed Bug/Patch #1443200
2006/07/18 (thomasb)
----------
- Fixed password with spaces issue (Bug #1364122)
- Replaced _auth hash with second cookie (Ticket #1483811)
- Don't use get_input_value() for passwords (Bug #1468895)
- Made password encryption key configurable
- Minor bugfixes with charset encoding
- Added <label> tags to forms (Ticket #1483810)
2006/07/07 (thomasb)
----------
- Fixed INSTALL_PATH bug #1425663
2006/07/03 (richs)
----------
- Fixed compatibility with in-body email addresses containing "+" (Bug #1483836)
- Updated French localizations (Ticket #1483862)
- Incoming messages can now be moved to Drafts, edited, saved, then moved back (Feature #1436191)
- Added Firefox workaround when clicking whitespace to drag messages (Bug #1483857)
- Corrected Dutch and Italian localizations (Ticket #1483851 and #1483848)
- Enabled 'Empty' (purge) command for Junk mailbox (defined in main.inc.php)
2006/06/30 (richs)
----------
- Fixed empty INBOX compatibility bug (Patch #1443200)
- Temporarily fixed French "compact" localization (Patch #1483862)
- Fixed "Select All" not working with Delete interface button (Bug #1332434)
- Fixed messsage list column compatibility with Konqueror (Bug #1395711)
- Fixed "unread count" in window title when count changed (Bug #1483812)
- Fixed DB error when deleting from message table (Patch #1483835)
2006/06/29 (richs)
----------
- Added ability to remove attachments (Feature #1436721)
- Default folders are now auto-created on first login (Feature #1471594)
- Fixed compatibility with folder apostrophes (e.g.: Joe's Folder) (Bug #1429458)
- Corrected Italian localizations
- Tweaked rename-folder form to clear after a rename
2006/06/26 (richs)
----------
- Added button to immediately check for new messages
- New message checking now displays status "Checking for new messages..."
- New message checking now looks for unread messages in all mailboxes (Feature #1326401)
- Task buttons now respond to clicks by darkening (as in other applications)
- Fixed "Sender" column changing to "Recipient" for "Sent" and "Drafts" message lists
- Added ability to sort messages by "Size"
- Added ability to rename folders (Feature #1326396)
- Added 'protect_default_folders' option to main.inc.php to prevent renames/deletes/unsubscribes of default folders
- Corrected 5 typos of "INSTLL" to "INSTALL" in program/include/main.inc
2006/06/25
----------
- Changed behavior to include host-specific configuration (Bug #1483849)
- Assume ISO-8859-1 encoding of mail messages by default (Patch #1483839)
- Fixed spell checker to work with the new URL at google.com
- Some memory and security optimizations sendmail.inc
- Updated UGRADING description
2006/06/19
----------
- Added Drafts support (Feature #1326839) (richs)
2006/06/02
----------
- Updated Estonian localization and moved from ee to et
- Added Bulgarian localization
2006/05/25
----------
- Finalized GoogieSpell integration
2006/05/18
----------
- Added Arabic and Armenian localizations
- Updated Russian localization
- Removed MDB2 classes from repository. Install them seperately if used.
- Updated MDB2 wrapper class contributed by Lukas Kahwe Smith
- Allow & in e-mail addresses
2006/05/05
----------
- Fixed typos in function rcube_button() (Bugs #1473198 and #1473201)
- Check for zlib.output_compression before using ob_gzhandler (Bug #1471069)
- Casting date parts in iil_StrToTime() to avoid warnings (Bug #1482140)
- Corrected INSTALL description (Bug #1476106)
- Added charset to javascript HTTP headers
- Fixed Opera bug with CC and BCC fields (Bug #1474576)
- Changed login page title regarding product name (Bug #1476413)
- Pimped search function
- Applied attachment viewing/forwarding patches by Andrew Fladmark
- Applied prev/next patch by Leonard Bouchet
- Applied patches by Mark Bucciarelli
- Applied patch for requesting receipts by Salvatore Ansani
- Integrated GoogieSpell as suggested by phil (styling is not perfect yet, localization is missing)
2006/04/13
----------
- Added Slovenian localization
- Updated Portuguese localization
- Fixed parent.location problem for compose-links
- Added sort order saving patch by Jacob Brunson
- Added gzip compression support
2006/04/02
----------
- Added Lithuanian localization
- Improved search function
- Added version string as template object
- Load host-specific configuration file (see config/main.inc.php)
- New config parameter adding domain to user names for login
- Strip tags on _auth, _action, _task parameters
- Corrected labels for next/previous page buttons in address book
2006/03/23
----------
- Auto-detect mail header delimiters
- Regard daylight savings
- Localized quota display
- Started implementing search function
2006/03/20
----------
- Avoid error message when saving an unchanged identity (Bug #1429510)
- Fixed hard-coded cols selection for sent folder (Bug #1354586)
- Enable some HTML links for use with "open in new window" or "save target"
- Check meta-key instead of ctrl on Macs
- Ignore double clicks when holding down a modifier key
- Fixed reloading of the login page
- Fixed typo in compose template (Bug #1446852)
- Added compose button to message read step (Request #1433288)
- New config parameter for persistent database connections (Bug #1431817)
2006/03/14
----------
- Don't remove internal HTML tags in plaintext messages
- Improved error handling in DB connection failure
2006/02/22
----------
- Updated localizations
- Fixed bug #1435989
2006/02/19
----------
- Updated localizations
- Applied patch of Anders Karlsson
- Applied patch of Jacob Brunson
- Applied patch for virtuser_query by Robin Elfrink
- Added support for References header (patch by Auke)
- Added support for mbstring module by Tadashi Jokagi
- Added function for automatic remove of slashes on GET and POST vars
if magic_quotes is enabled
2006/02/05
----------
- Added Slovak, Hungarian, Bosnian and Croation translation
- Fixed bug when inserting signatures with !?&
- Chopping message headers before inserting into the message cache table
(to avoid bugs in Postgres)
- Allow one-char domains in e-mail addresses
- Make product name in page title configurable
- Make username available as skin object
- Added session_write_close() in rcube_db class destructor to avoid problems
in PHP 5.0.5
- Use move_uploaded_file() instead of copy() for a more secure handling of
uploaded attachments
- Additional config parameter to show/hide deleted messages
- Added periodic request for checking new mails (Request #1307821)
- Added EXPUNGE command
- Optimized loading time for mail interface
- Changed to full UTF-8 support
- Additional timezones (Patch #1389912)
- Added LDAP public search (experimental)
- Applied patch for correct ctrl/shift behavior for message selection (Bug #1326364)
- Casting to strings when adding empty headers to message cache (Bug #1406026)
- Skip sender-address as recipient when Reply-to-all
- Fixes in utf8-class
- Added patch for Quota display by Aury Fink Filho <nuny@aury.com.br>
- Added garbage collector for message cache
- Added patches for BCC headers
2005/12/16
----------
- Added Turkish and Simplified Chinese translation
- Use virtusertable to resolve e-mail addresses at login
- Configurable mail_domain used to compose correct e-mail addresses
on first login
2005/12/03
----------
- Added Finnish, Romanian, Polish, Czech, British, Norwegian, Greek, Russian,
Estonian and Chinese translation
- Get IMAP server capabilities in array
- Check for NAMESPACE capability before sending command
- Set default user language from config 'locale_string'
- Added sorting patch for message list
- Make default sort col/order configurable
- Fixed XSS in address book and identities
- Added more XSS protection (Bug #1308236)
- Added tab indexes for compose form
- Added 'changed' col to contacts table
- Support for 160-bit session hashes
- Added input check for contacts and identities (Patch #1346523)
- Added messages/warning to compose step (Patch #1323895)
- Added favicon to the default skin
- Fixed Bug #1334337 as far as possible
- Added Reply-To-All functionality (Request #1326395, Patch #1349777)
- Redesign of client side AJAX code (enable multi threading)
- Added keep-alive signal every minute
- Make logs dir configurable
- Added support for SMTPS
- Decode attachment file names
- Make delimiter for message headers configurable
- Add generic footer to sent messages
- Choose the rigt identity when replying
- Remove signature when replying (Request #1333167)
- Signatures for each identity
- Select charset when composing message
- Complete re-design of the caching mechanism
2005/08/11
----------
- Write list header to client even if list is empty
- Add functions "select all", "select none" to message list
- Improved filter for HTML messages to remove potentially malicious tags
(script, iframe, object) and event handlers.
- Buttons for next/previous message in view mode
- Add new created contact to list and show confirmation status
- Added folder management (subscribe/create/delete)
- Log message sending (SMTP log)
- Grant access for Camino browser
- Added German translation
2005/10/20
----------
- Added Swedish, Latvian, Portuguese and Catalan translation
- Make SMTP auth method configurable
- Make mailboxlist scrollable (Bug #1326372)
- Fixed SSL support
- Improved support for Courier IMAP (root folder and delimiter issues)
- Moved taskbar from bottom to top
- Added 'session_lifetime' parameter
- Fixed wrong unread count when deleting message (Bug #1332434)
- Srip tags when creating a new folder (Bug #1332084)
- Translate HTML tags in message headers (Bug #1330134)
- Correction in German translation (Bug #1329434)
- Display folder names with special chars correctly (Bug #1330157)
2005/10/07
----------
- Added French, Italian, Spanish, Danish, Dutch translation
- Clarified license (Bug #1305966)
- Fixed PHP warnings (Bug #1299403)
- Fixed english translation (Bug #1295406)
- Fixed bug #1290833: Last character of email not seen
- Fixed bug #1292199 when creating new user
- Allow more browsers (Bug #1285101)
- Added setting for showing pretty dates
- Added support for SQLite database
- Make use of message caching configurable
- Also add attachments when forwarding a message
- Long folder names will not flow over message list (Bug #1267232)
- Show nested mailboxes hieracically
- Enable IMAPS by host
2005/08/20
----------
- Improved cacheing of mailbox messagecount
- Fixed javascript bug when creating a new message folder
- Fixed javascript bugs #1260990 and #1260992: folder selection
- Make Trash folder configurable
- Auto create folders Inbox, Sent and Trash (if configured)
- Support for IMAP root folder
- Added support fot text/enriched messages
- Make list of special mailboxes configurable
diff --git a/UPGRADING b/UPGRADING
index 4b4d0d863..4fc257692 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -1,151 +1,152 @@
UPDATE instructions
===================
Follow these instructions if upgrading from a previous version
of RoundCube Webmail.
from version 1.0-beta2
----------------------------------------
* replace index.php
* replace all files in folder /program/
* replace all files in folder /skins/default/
* run all commands in SQL/*.update.sql or re-initalize database with *.initial.sql
* add these lines to /config/main.inc.php
$rcmail_config['draft_autosave'] = 300;
$rcmail_config['htmleditor'] = TRUE;
$rcmail_config['preview_pane'] = TRUE;
$rcmail_config['date_today'] = 'H:i';
+ $rcmail_config['double_auth'] = TRUE;
form version 0.1-beta
----------------------------------------
* replace index.php
* replace all files in folder /program/
* replace all files in folder /skins/default/
* run all commands in SQL/*.update.sql or re-initalize database with *.initial.sql
* add these line to /config/db.inc.php
$rcmail_config['db_persistent'] = TRUE;
* add these lines to /config/main.inc.php
$rcmail_config['drafts_mbox'] = 'Drafts';
$rcmail_config['junk_mbox'] = 'Junk';
$rcmail_config['product_name'] = 'RoundCube Webmail';
$rcmail_config['read_when_deleted'] = TRUE;
$rcmail_config['enable_spellcheck'] = TRUE;
$rcmail_config['protect_default_folders'] = TRUE;
* replace the following line from /config/main.inc.php
@include($_SERVER['HTTP_HOST'].'.inc.php');
with
$rcmail_config['include_host_config'] = TRUE;
from version 0.1-20051021
----------------------------------------
* replace index.php
* replace all files in folder /program/
* replace all files in folder /skins/default/
* run all commands in SQL/*.update-0.1a.sql or re-initalize database with *.initial.sql
* add these lines to /config/main.inc.php
$rcmail_config['skip_deleted'] = FALSE;
$rcmail_config['message_sort_col'] = 'date';
$rcmail_config['message_sort_order'] = 'DESC';
$rcmail_config['log_dir'] = 'logs/';
$rcmail_config['temp_dir'] = 'temp/';
$rcmail_config['message_cache_lifetime'] = '10d';
$rcmail_config['drafts_mbox'] = 'Drafts';
$rcmail_config['product_name'] = 'RoundCube Webmail';
$rcmail_config['read_when_deleted'] = TRUE;
$rcmail_config['enable_spellcheck'] = TRUE;
* add these lines to /config/db.inc.php
$rcmail_config['db_max_length'] = 512000;
$rcmail_config['db_sequence_user_ids'] = 'user_ids';
$rcmail_config['db_sequence_identity_ids'] = 'identity_ids';
$rcmail_config['db_sequence_contact_ids'] = 'contact_ids';
$rcmail_config['db_sequence_cache_ids'] = 'cache_ids';
$rcmail_config['db_sequence_message_ids'] = 'message_ids';
$rcmail_config['db_persistent'] = TRUE;
from version 0.1-20051007
----------------------------------------
* replace index.php
* replace all files in folder /program/
* replace all files in folder /skins/default/
* run all commands in SQL/*.update-0.1a.sql or re-initalize database with *.initial.sql
* add these lines to /config/main.inc.php
$rcmail_config['smtp_auth_type'] = ''; // if you need to specify an auth method for SMTP
$rcmail_config['session_lifetime'] = 20; // to specify the session lifetime in minutes
$rcmail_config['skip_deleted'] = FALSE;
$rcmail_config['message_sort_col'] = 'date';
$rcmail_config['message_sort_order'] = 'DESC';
$rcmail_config['log_dir'] = 'logs/';
$rcmail_config['temp_dir'] = 'temp/';
$rcmail_config['message_cache_lifetime'] = '10d';
$rcmail_config['drafts_mbox'] = 'Drafts';
$rcmail_config['product_name'] = 'RoundCube Webmail';
$rcmail_config['read_when_deleted'] = TRUE;
$rcmail_config['enable_spellcheck'] = TRUE;
* add these lines to /config/db.inc.php
$rcmail_config['db_max_length'] = 512000;
$rcmail_config['db_sequence_user_ids'] = 'user_ids';
$rcmail_config['db_sequence_identity_ids'] = 'identity_ids';
$rcmail_config['db_sequence_contact_ids'] = 'contact_ids';
$rcmail_config['db_sequence_cache_ids'] = 'cache_ids';
$rcmail_config['db_sequence_message_ids'] = 'message_ids';
$rcmail_config['db_persistent'] = TRUE;
from version 0.1-20050820
----------------------------------------
* replace index.php
* replace all files in folder /program/
* replace all files in folder /skins/default/
* run all commands in SQL/*.update-0.1a.sql or re-initalize database with *.initial.sql
* add these line to /config/main.inc.php
$rcmail_config['prettydate'] = TRUE;
$rcmail_config['smtp_port'] = 25;
$rcmail_config['default_port'] = 143;
$rcmail_config['session_lifetime'] = 20;
$rcmail_config['skip_deleted'] = FALSE;
$rcmail_config['message_sort_col'] = 'date';
$rcmail_config['message_sort_order'] = 'DESC';
$rcmail_config['log_dir'] = 'logs/';
$rcmail_config['temp_dir'] = 'temp/';
$rcmail_config['message_cache_lifetime'] = '10d';
* replace database properties (db_type, db_host, db_user, db_pass, $d_name)
in /config/db.inc.php with the following line:
$rcmail_config['db_dsnw'] = 'mysql://roundcube:pass@localhost/roundcubemail';
* add these lines to /config/db.inc.php
$rcmail_config['db_max_length'] = 512000;
from versions 0.1-alpha and 0.1-20050811
----------------------------------------
* replace index.php
* replace all files in folder /program/
* replace all files in folder /skins/default/
* run all commands in SQL/*.update-0.1a.sql or re-initalize database with *.initial.sql
* add these line to /config/main.inc.php
$rcmail_config['trash_mbox'] = 'Trash';
$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Junk', 'Trash');
$rcmail_config['prefer_html'] = TRUE;
$rcmail_config['prettydate'] = TRUE;
$rcmail_config['smtp_port'] = 25;
$rcmail_config['default_port'] = 143;
$rcmail_config['session_lifetime'] = 20;
$rcmail_config['skip_deleted'] = FALSE;
$rcmail_config['message_sort_col'] = 'date';
$rcmail_config['message_sort_order'] = 'DESC';
$rcmail_config['log_dir'] = 'logs/';
$rcmail_config['temp_dir'] = 'temp/';
$rcmail_config['message_cache_lifetime'] = '10d';
* replace database properties (db_type, db_host, db_user, db_pass, $d_name)
in /config/db.inc.php with the following line:
$rcmail_config['db_dsnw'] = 'mysql://roundcube:pass@localhost/roundcubemail';
* add these lines to /config/db.inc.php
$rcmail_config['db_max_length'] = 512000;
diff --git a/config/main.inc.php.dist b/config/main.inc.php.dist
index 490c62365..c2c9d3947 100644
--- a/config/main.inc.php.dist
+++ b/config/main.inc.php.dist
@@ -1,244 +1,248 @@
<?php
/*
+-----------------------------------------------------------------------+
| Main configuration file |
| |
| This file is part of the RoundCube Webmail client |
| Copyright (C) 2005, RoundCube Dev. - Switzerland |
| Licensed under the GNU GPL |
| |
+-----------------------------------------------------------------------+
*/
$rcmail_config = array();
// system error reporting: 1 = log; 2 = report (not implemented yet), 4 = show, 8 = trace
$rcmail_config['debug_level'] = 1;
// enable caching of messages and mailbox data in the local database.
// this is recommended if the IMAP server does not run on the same machine
$rcmail_config['enable_caching'] = TRUE;
// lifetime of message cache
// possible units: s, m, h, d, w
$rcmail_config['message_cache_lifetime'] = '10d';
// automatically create a new RoundCube user when log-in the first time.
// a new user will be created once the IMAP login succeeds.
// set to false if only registered users can use this service
$rcmail_config['auto_create_user'] = TRUE;
// the mail host chosen to perform the log-in
// leave blank to show a textbox at login, give a list of hosts
// to display a pulldown menu or set one host as string.
// To use SSL connection, enter ssl://hostname:993
$rcmail_config['default_host'] = '';
// TCP port used for IMAP connections
$rcmail_config['default_port'] = 143;
// Automatically add this domain to user names for login
// Only for IMAP servers that require full e-mail addresses for login
// Specify an array with 'host' => 'domain' values to support multiple hosts
$rcmail_config['username_domain'] = '';
// This domain will be used to form e-mail addresses of new users
// Specify an array with 'host' => 'domain' values to support multiple hosts
$rcmail_config['mail_domain'] = '';
// Path to a virtuser table file to resolve user names and e-mail addresses
$rcmail_config['virtuser_file'] = '';
// Query to resolve user names and e-mail addresses from the database
// %u will be replaced with the current username for login.
// The query should select the user's e-mail address as first col
$rcmail_config['virtuser_query'] = '';
// use this host for sending mails.
// to use SSL connection, set ssl://smtp.host.com
// if left blank, the PHP mail() function is used
$rcmail_config['smtp_server'] = '';
// SMTP port (default is 25; 465 for SSL)
$rcmail_config['smtp_port'] = 25;
// SMTP username (if required) if you use %u as the username RoundCube
// will use the current username for login
$rcmail_config['smtp_user'] = '';
// SMTP password (if required) if you use %p as the password RoundCube
// will use the current user's password for login
$rcmail_config['smtp_pass'] = '';
// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use
// best server supported one)
$rcmail_config['smtp_auth_type'] = '';
// Log sent messages
$rcmail_config['smtp_log'] = TRUE;
// these cols are shown in the message list
// available cols are: subject, from, to, cc, replyto, date, size, encoding
$rcmail_config['list_cols'] = array('subject', 'from', 'date', 'size');
// relative path to the skin folder
$rcmail_config['skin_path'] = 'skins/default/';
// use this folder to store temp files (must be writebale for apache user)
$rcmail_config['temp_dir'] = 'temp/';
// use this folder to store log files (must be writebale for apache user)
$rcmail_config['log_dir'] = 'logs/';
// session lifetime in minutes
$rcmail_config['session_lifetime'] = 10;
// check client IP in session athorization
-$rcmail_config['ip_check'] = TRUE;
+$rcmail_config['ip_check'] = false;
+
+// Use an additional frequently changing cookie to athenticate user sessions.
+// There have been problems reported with this feature.
+$rcmail_config['double_auth'] = false;
// this key is used to encrypt the users imap password which is stored
// in the session record (and the client cookie if remember password is enabled).
// please provide a string of exactly 24 chars.
$rcmail_config['des_key'] = 'rcmail-!24ByteDESkey*Str';
// the default locale setting
$rcmail_config['locale_string'] = 'en';
// use this format for short date display
$rcmail_config['date_short'] = 'D H:i';
// use this format for detailed date/time formatting
$rcmail_config['date_long'] = 'd.m.Y H:i';
// use this format for today's date display
$rcmail_config['date_today'] = 'H:i';
// add this user-agent to message headers when sending
$rcmail_config['useragent'] = 'RoundCube Webmail/0.1b';
// use this name to compose page titles
$rcmail_config['product_name'] = 'RoundCube Webmail';
// only list folders within this path
$rcmail_config['imap_root'] = '';
// store draft message is this mailbox
// leave blank if draft messages should not be stored
$rcmail_config['drafts_mbox'] = 'Drafts';
// store spam messages in this mailbox
$rcmail_config['junk_mbox'] = 'Junk';
// store sent message is this mailbox
// leave blank if sent messages should not be stored
$rcmail_config['sent_mbox'] = 'Sent';
// move messages to this folder when deleting them
// leave blank if they should be deleted directly
$rcmail_config['trash_mbox'] = 'Trash';
// display these folders separately in the mailbox list.
// these folders will automatically be created if they do not exist
$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Junk', 'Trash');
// protect the default folders from renames, deletes, and subscription changes
$rcmail_config['protect_default_folders'] = TRUE;
// Set TRUE if deleted messages should not be displayed
// This will make the application run slower
$rcmail_config['skip_deleted'] = FALSE;
// Set true to Mark deleted messages as read as well as deleted
// False means that a message's read status is not affected by marking it as deleted
$rcmail_config['read_when_deleted'] = TRUE;
// When a Trash folder is not present and a message is deleted, flag
// the message for deletion rather than deleting it immediately. Setting this to
// false causes deleted messages to be permanantly removed if there is no Trash folder
$rcmail_config['flag_for_deletion'] = TRUE;
// Make use of the built-in spell checker. It is based on GoogieSpell.
$rcmail_config['enable_spellcheck'] = TRUE;
// For a locally installed Nox Spell Server, please specify the URI to call it.
// Get Nox Spell Server from http://orangoo.com/labs/?page_id=72
// Leave empty to use the Google spell checking service, what means
// that the message content will be sent to Google in order to check spelling
$rcmail_config['spellcheck_uri'] = '';
// These languages can be selected for spell checking.
// Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch');
// Leave empty for default set of Google spell check languages
$rcmail_config['spellcheck_languages'] = NULL;
// path to a text file which will be added to each sent message
// paths are relative to the RoundCube root folder
$rcmail_config['generic_message_footer'] = '';
// this string is used as a delimiter for message headers when sending
// leave empty for auto-detection
$rcmail_config['mail_header_delimiter'] = NULL;
// in order to enable public ldap search, create a config array
// like the Verisign example below. if you would like to test,
// simply uncomment the Verisign example.
/**
* example config for Verisign directory
*
* $rcmail_config['ldap_public']['Verisign'] = array('hosts' => array('directory.verisign.com'),
* 'port' => 389,
* 'base_dn' => '',
* 'search_fields' => array('Email' => 'mail', 'Name' => 'cn'),
* 'name_field' => 'cn',
* 'mail_field' => 'mail',
* 'scope' => 'sub',
* 'fuzzy_search' => 0);
*/
// don't allow these settings to be overriden by the user
$rcmail_config['dont_override'] = array();
// list of configuration option names that need to be available in Javascript.
$rcmail_config['javascript_config'] = array('read_when_deleted', 'flag_for_deletion');
// try to load host-specific configuration
$rcmail_config['include_host_config'] = FALSE;
/***** these settings can be overwritten by user's preferences *****/
// show up to X items in list view
$rcmail_config['pagesize'] = 40;
// use this timezone to display date/time
$rcmail_config['timezone'] = 1;
// daylight savings are On
$rcmail_config['dst_active'] = TRUE;
// prefer displaying HTML messages
$rcmail_config['prefer_html'] = TRUE;
// compose html formatted messages by default
$rcmail_config['htmleditor'] = TRUE;
// show pretty dates as standard
$rcmail_config['prettydate'] = TRUE;
// default sort col
$rcmail_config['message_sort_col'] = 'date';
// default sort order
$rcmail_config['message_sort_order'] = 'DESC';
// save compose message every 300 seconds (5min)
$rcmail_config['draft_autosave'] = 300;
// default setting if preview pane is enabled
$rcmail_config['preview_pane'] = FALSE;
// end of config file
?>
diff --git a/index.php b/index.php
index eaecfdfc2..f365ef94d 100644
--- a/index.php
+++ b/index.php
@@ -1,389 +1,395 @@
<?php
/*
+-----------------------------------------------------------------------+
| RoundCube Webmail IMAP Client |
- | Version 0.1-20070301 |
+ | Version 0.1-20070327 |
| |
| Copyright (C) 2005-2007, RoundCube Dev. - Switzerland |
| Licensed under the GNU GPL |
| |
| Redistribution and use in source and binary forms, with or without |
| modification, are permitted provided that the following conditions |
| are met: |
| |
| o Redistributions of source code must retain the above copyright |
| notice, this list of conditions and the following disclaimer. |
| o Redistributions in binary form must reproduce the above copyright |
| notice, this list of conditions and the following disclaimer in the |
| documentation and/or other materials provided with the distribution.|
| o The names of the authors may not be used to endorse or promote |
| products derived from this software without specific prior written |
| permission. |
| |
| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
| A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
| OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
| LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| |
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
+-----------------------------------------------------------------------+
$Id$
*/
-define('RCMAIL_VERSION', '0.1-20070301');
+define('RCMAIL_VERSION', '0.1-20070327');
// define global vars
$CHARSET = 'UTF-8';
$OUTPUT_TYPE = 'html';
$JS_OBJECT_NAME = 'rcmail';
$INSTALL_PATH = dirname(__FILE__);
$MAIN_TASKS = array('mail','settings','addressbook','logout');
if (empty($INSTALL_PATH))
$INSTALL_PATH = './';
else
$INSTALL_PATH .= '/';
// make sure path_separator is defined
if (!defined('PATH_SEPARATOR'))
define('PATH_SEPARATOR', (eregi('win', PHP_OS) ? ';' : ':'));
// RC include folders MUST be included FIRST to avoid other
// possible not compatible libraries (i.e PEAR) to be included
// instead the ones provided by RC
ini_set('include_path', $INSTALL_PATH.PATH_SEPARATOR.$INSTALL_PATH.'program'.PATH_SEPARATOR.$INSTALL_PATH.'program/lib'.PATH_SEPARATOR.ini_get('include_path'));
ini_set('session.name', 'sessid');
ini_set('session.use_cookies', 1);
ini_set('session.gc_maxlifetime', 21600);
ini_set('session.gc_divisor', 500);
ini_set('error_reporting', E_ALL&~E_NOTICE);
// increase maximum execution time for php scripts
// (does not work in safe mode)
if (!ini_get('safe_mode')) @set_time_limit(120);
// include base files
require_once('include/rcube_shared.inc');
require_once('include/rcube_imap.inc');
require_once('include/bugs.inc');
require_once('include/main.inc');
require_once('include/cache.inc');
require_once('lib/html2text.inc');
require_once('PEAR.php');
// set PEAR error handling
// PEAR::setErrorHandling(PEAR_ERROR_TRIGGER, E_USER_NOTICE);
// catch some url/post parameters
$_task = strip_quotes(get_input_value('_task', RCUBE_INPUT_GPC));
$_action = strip_quotes(get_input_value('_action', RCUBE_INPUT_GPC));
$_framed = (!empty($_GET['_framed']) || !empty($_POST['_framed']));
// use main task if empty or invalid value
if (empty($_task) || !in_array($_task, $MAIN_TASKS))
$_task = 'mail';
if (!empty($_GET['_remote']))
$REMOTE_REQUEST = TRUE;
// set output buffering
if ($_action != 'get' && $_action != 'viewsource')
{
// use gzip compression if supported
if (function_exists('ob_gzhandler') && ini_get('zlib.output_compression'))
ob_start('ob_gzhandler');
else
ob_start();
}
// start session with requested task
rcmail_startup($_task);
// set session related variables
$COMM_PATH = sprintf('./?_task=%s', $_task);
$SESS_HIDDEN_FIELD = '';
// add framed parameter
if ($_framed)
{
$COMM_PATH .= '&_framed=1';
$SESS_HIDDEN_FIELD .= "\n".'<input type="hidden" name="_framed" value="1" />';
}
// init necessary objects for GUI
load_gui();
// check DB connections and exit on failure
if ($err_str = $DB->is_error())
{
raise_error(array('code' => 500, 'type' => 'db', 'line' => __LINE__, 'file' => __FILE__,
'message' => $err_str), FALSE, TRUE);
}
// error steps
if ($_action=='error' && !empty($_GET['_code']))
{
raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE);
}
// handle HTML->text conversion
if ($_action=='html2text')
{
$htmlText = $HTTP_RAW_POST_DATA;
$converter = new html2text($htmlText);
// TODO possibly replace with rcube_remote_response()
header('Content-Type: text/plain');
$plaintext = $converter->get_text();
print $plaintext;
exit;
}
// try to log in
if ($_action=='login' && $_task=='mail')
{
$host = rcmail_autoselect_host();
// check if client supports cookies
if (empty($_COOKIE))
{
show_message("cookiesdisabled", 'warning');
}
- else if (isset($_POST['_user']) && isset($_POST['_pass']) &&
+ else if ($_SESSION['temp'] && isset($_POST['_user']) && isset($_POST['_pass']) &&
rcmail_login(get_input_value('_user', RCUBE_INPUT_POST),
get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1'), $host))
{
+ // create new session ID
+ unset($_SESSION['temp']);
+ sess_regenerate_id();
+
+ // send auth cookie if necessary
+ rcmail_authenticate_session();
+
// send redirect
header("Location: $COMM_PATH");
exit;
}
else
{
show_message("loginfailed", 'warning');
$_SESSION['user_id'] = '';
}
}
// end session
else if ($_action=='logout' && isset($_SESSION['user_id']))
{
show_message('loggedout');
rcmail_kill_session();
}
// check session and auth cookie
else if ($_action != 'login' && $_SESSION['user_id'] && $_action != 'send')
{
- if (!rcmail_authenticate_session() ||
- (!empty($CONFIG['session_lifetime']) && isset($SESS_CHANGED) && $SESS_CHANGED + $CONFIG['session_lifetime']*60 < mktime()))
+ if (!rcmail_authenticate_session())
{
$message = show_message('sessionerror', 'error');
rcmail_kill_session();
}
}
// log in to imap server
if (!empty($_SESSION['user_id']) && $_task=='mail')
{
$conn = $IMAP->connect($_SESSION['imap_host'], $_SESSION['username'], decrypt_passwd($_SESSION['password']), $_SESSION['imap_port'], $_SESSION['imap_ssl']);
if (!$conn)
{
show_message('imaperror', 'error');
$_SESSION['user_id'] = '';
}
else
rcmail_set_imap_prop();
}
// not logged in -> set task to 'login
if (empty($_SESSION['user_id']))
{
if ($REMOTE_REQUEST)
{
$message .= "setTimeout(\"location.href='\"+this.env.comm_path+\"'\", 2000);";
rcube_remote_response($message);
}
$_task = 'login';
}
// set task and action to client
$script = sprintf("%s.set_env('task', '%s');", $JS_OBJECT_NAME, $_task);
if (!empty($_action))
$script .= sprintf("\n%s.set_env('action', '%s');", $JS_OBJECT_NAME, $_action);
$OUTPUT->add_script($script);
// not logged in -> show login page
if (!$_SESSION['user_id'])
{
parse_template('login');
exit;
}
// handle keep-alive signal
if ($_action=='keep-alive')
{
rcube_remote_response('');
exit;
}
// include task specific files
if ($_task=='mail')
{
include_once('program/steps/mail/func.inc');
if ($_action=='show' || $_action=='preview' || $_action=='print')
include('program/steps/mail/show.inc');
if ($_action=='get')
include('program/steps/mail/get.inc');
if ($_action=='moveto' || $_action=='delete')
include('program/steps/mail/move_del.inc');
if ($_action=='mark')
include('program/steps/mail/mark.inc');
if ($_action=='viewsource')
include('program/steps/mail/viewsource.inc');
if ($_action=='send')
include('program/steps/mail/sendmail.inc');
if ($_action=='upload')
include('program/steps/mail/upload.inc');
if ($_action=='compose' || $_action=='remove-attachment')
include('program/steps/mail/compose.inc');
if ($_action=='addcontact')
include('program/steps/mail/addcontact.inc');
if ($_action=='expunge' || $_action=='purge')
include('program/steps/mail/folders.inc');
if ($_action=='check-recent')
include('program/steps/mail/check_recent.inc');
if ($_action=='getunread')
include('program/steps/mail/getunread.inc');
if ($_action=='list' && isset($_GET['_remote']))
include('program/steps/mail/list.inc');
if ($_action=='search')
include('program/steps/mail/search.inc');
if ($_action=='spell')
include('program/steps/mail/spell.inc');
if ($_action=='rss')
include('program/steps/mail/rss.inc');
if ($_action=='quotaimg')
include('program/steps/mail/quotaimg.inc');
if ($_action=='quotadisplay')
include('program/steps/mail/quotadisplay.inc');
// make sure the message count is refreshed
$IMAP->messagecount($_SESSION['mbox'], 'ALL', TRUE);
}
// include task specific files
if ($_task=='addressbook')
{
include_once('program/steps/addressbook/func.inc');
if ($_action=='save')
include('program/steps/addressbook/save.inc');
if ($_action=='edit' || $_action=='add')
include('program/steps/addressbook/edit.inc');
if ($_action=='delete')
include('program/steps/addressbook/delete.inc');
if ($_action=='show')
include('program/steps/addressbook/show.inc');
if ($_action=='list' && $_GET['_remote'])
include('program/steps/addressbook/list.inc');
if ($_action=='ldappublicsearch')
include('program/steps/addressbook/ldapsearchform.inc');
}
// include task specific files
if ($_task=='settings')
{
include_once('program/steps/settings/func.inc');
if ($_action=='save-identity')
include('program/steps/settings/save_identity.inc');
if ($_action=='add-identity' || $_action=='edit-identity')
include('program/steps/settings/edit_identity.inc');
if ($_action=='delete-identity')
include('program/steps/settings/delete_identity.inc');
if ($_action=='identities')
include('program/steps/settings/identities.inc');
if ($_action=='save-prefs')
include('program/steps/settings/save_prefs.inc');
if ($_action=='folders' || $_action=='subscribe' || $_action=='unsubscribe' ||
$_action=='create-folder' || $_action=='rename-folder' || $_action=='delete-folder')
include('program/steps/settings/manage_folders.inc');
}
// parse main template
parse_template($_task);
// if we arrive here, something went wrong
raise_error(array('code' => 404,
'type' => 'php',
'line' => __LINE__,
'file' => __FILE__,
'message' => "Invalid request"), TRUE, TRUE);
?>
diff --git a/program/include/main.inc b/program/include/main.inc
index 3fe196a74..b6d995cc6 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -1,2041 +1,2052 @@
<?php
/*
+-----------------------------------------------------------------------+
| program/include/main.inc |
| |
| This file is part of the RoundCube Webmail client |
| Copyright (C) 2005, RoundCube Dev, - Switzerland |
| Licensed under the GNU GPL |
| |
| PURPOSE: |
| Provide basic functions for the webmail package |
| |
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
+-----------------------------------------------------------------------+
$Id$
*/
require_once('lib/des.inc');
require_once('lib/utf7.inc');
require_once('lib/utf8.class.php');
// define constannts for input reading
define('RCUBE_INPUT_GET', 0x0101);
define('RCUBE_INPUT_POST', 0x0102);
define('RCUBE_INPUT_GPC', 0x0103);
// register session and connect to server
function rcmail_startup($task='mail')
{
- global $sess_id, $sess_auth, $sess_user_lang;
+ global $sess_id, $sess_user_lang;
global $CONFIG, $INSTALL_PATH, $BROWSER, $OUTPUT, $_SESSION, $IMAP, $DB, $JS_OBJECT_NAME;
// check client
$BROWSER = rcube_browser();
// load configuration
$CONFIG = rcmail_load_config();
// set session garbage collecting time according to session_lifetime
if (!empty($CONFIG['session_lifetime']))
ini_set('session.gc_maxlifetime', ($CONFIG['session_lifetime']) * 120);
// prepare DB connection
require_once('include/rcube_'.(empty($CONFIG['db_backend']) ? 'db' : $CONFIG['db_backend']).'.inc');
$DB = new rcube_db($CONFIG['db_dsnw'], $CONFIG['db_dsnr'], $CONFIG['db_persistent']);
$DB->sqlite_initials = $INSTALL_PATH.'SQL/sqlite.initial.sql';
$DB->db_connect('w');
- // we can use the database for storing session data
- if (!$DB->is_error())
- include_once('include/session.inc');
+ // use database for storing session data
+ include_once('include/session.inc');
// init session
session_start();
$sess_id = session_id();
// create session and set session vars
if (!isset($_SESSION['auth_time']))
{
$_SESSION['user_lang'] = rcube_language_prop($CONFIG['locale_string']);
- $_SESSION['auth_time'] = mktime();
- setcookie('sessauth', rcmail_auth_hash($sess_id, $_SESSION['auth_time']));
+ $_SESSION['auth_time'] = time();
+ $_SESSION['temp'] = true;
}
// set session vars global
$sess_user_lang = rcube_language_prop($_SESSION['user_lang']);
// overwrite config with user preferences
if (is_array($_SESSION['user_prefs']))
$CONFIG = array_merge($CONFIG, $_SESSION['user_prefs']);
// reset some session parameters when changing task
if ($_SESSION['task'] != $task)
unset($_SESSION['page']);
// set current task to session
$_SESSION['task'] = $task;
// create IMAP object
if ($task=='mail')
rcmail_imap_init();
// set localization
if ($CONFIG['locale_string'])
setlocale(LC_ALL, $CONFIG['locale_string']);
else if ($sess_user_lang)
setlocale(LC_ALL, $sess_user_lang);
register_shutdown_function('rcmail_shutdown');
}
// load roundcube configuration into global var
function rcmail_load_config()
{
global $INSTALL_PATH;
// load config file
include_once('config/main.inc.php');
$conf = is_array($rcmail_config) ? $rcmail_config : array();
// load host-specific configuration
rcmail_load_host_config($conf);
$conf['skin_path'] = $conf['skin_path'] ? unslashify($conf['skin_path']) : 'skins/default';
// load db conf
include_once('config/db.inc.php');
$conf = array_merge($conf, $rcmail_config);
if (empty($conf['log_dir']))
$conf['log_dir'] = $INSTALL_PATH.'logs';
else
$conf['log_dir'] = unslashify($conf['log_dir']);
// set PHP error logging according to config
if ($conf['debug_level'] & 1)
{
ini_set('log_errors', 1);
ini_set('error_log', $conf['log_dir'].'/errors');
}
if ($conf['debug_level'] & 4)
ini_set('display_errors', 1);
else
ini_set('display_errors', 0);
return $conf;
}
// load a host-specific config file if configured
function rcmail_load_host_config(&$config)
{
$fname = NULL;
if (is_array($config['include_host_config']))
$fname = $config['include_host_config'][$_SERVER['HTTP_HOST']];
else if (!empty($config['include_host_config']))
$fname = preg_replace('/[^a-z0-9\.\-_]/i', '', $_SERVER['HTTP_HOST']) . '.inc.php';
if ($fname && is_file('config/'.$fname))
{
include('config/'.$fname);
$config = array_merge($config, $rcmail_config);
}
}
// create authorization hash
function rcmail_auth_hash($sess_id, $ts)
{
global $CONFIG;
$auth_string = sprintf('rcmail*sess%sR%s*Chk:%s;%s',
$sess_id,
$ts,
$CONFIG['ip_check'] ? $_SERVER['REMOTE_ADDR'] : '***.***.***.***',
$_SERVER['HTTP_USER_AGENT']);
if (function_exists('sha1'))
return sha1($auth_string);
else
return md5($auth_string);
}
// compare the auth hash sent by the client with the local session credentials
function rcmail_authenticate_session()
{
- $now = mktime();
- $valid = ($_COOKIE['sessauth'] == rcmail_auth_hash(session_id(), $_SESSION['auth_time']) ||
- $_COOKIE['sessauth'] == rcmail_auth_hash(session_id(), $_SESSION['last_auth']));
+ global $CONFIG, $SESS_CLIENT_IP, $SESS_CHANGED;
+
+ // advanced session authentication
+ if ($CONFIG['double_auth'])
+ {
+ $now = time();
+ $valid = ($_COOKIE['sessauth'] == rcmail_auth_hash(session_id(), $_SESSION['auth_time']) ||
+ $_COOKIE['sessauth'] == rcmail_auth_hash(session_id(), $_SESSION['last_auth']));
- // renew auth cookie every 5 minutes (only for GET requests)
- if (!$valid || ($_SERVER['REQUEST_METHOD']!='POST' && $now-$_SESSION['auth_time'] > 300))
+ // renew auth cookie every 5 minutes (only for GET requests)
+ if (!$valid || ($_SERVER['REQUEST_METHOD']!='POST' && $now-$_SESSION['auth_time'] > 300))
{
- $_SESSION['last_auth'] = $_SESSION['auth_time'];
- $_SESSION['auth_time'] = $now;
- setcookie('sessauth', rcmail_auth_hash(session_id(), $now));
+ $_SESSION['last_auth'] = $_SESSION['auth_time'];
+ $_SESSION['auth_time'] = $now;
+ setcookie('sessauth', rcmail_auth_hash(session_id(), $now));
}
+ }
+ else
+ $valid = $CONFIG['ip_check'] ? $_SERVER['REMOTE_ADDR'] == $SESS_CLIENT_IP : true;
+
+ // check session filetime
+ if (!empty($CONFIG['session_lifetime']) && isset($SESS_CHANGED) && $SESS_CHANGED + $CONFIG['session_lifetime']*60 < time())
+ $valid = false;
return $valid;
}
// create IMAP object and connect to server
function rcmail_imap_init($connect=FALSE)
{
global $CONFIG, $DB, $IMAP;
$IMAP = new rcube_imap($DB);
$IMAP->debug_level = $CONFIG['debug_level'];
$IMAP->skip_deleted = $CONFIG['skip_deleted'];
// connect with stored session data
if ($connect)
{
if (!($conn = $IMAP->connect($_SESSION['imap_host'], $_SESSION['username'], decrypt_passwd($_SESSION['password']), $_SESSION['imap_port'], $_SESSION['imap_ssl'])))
show_message('imaperror', 'error');
rcmail_set_imap_prop();
}
// enable caching of imap data
if ($CONFIG['enable_caching']===TRUE)
$IMAP->set_caching(TRUE);
// set pagesize from config
if (isset($CONFIG['pagesize']))
$IMAP->set_pagesize($CONFIG['pagesize']);
}
// set root dir and last stored mailbox
// this must be done AFTER connecting to the server
function rcmail_set_imap_prop()
{
global $CONFIG, $IMAP;
// set root dir from config
if (!empty($CONFIG['imap_root']))
$IMAP->set_rootdir($CONFIG['imap_root']);
if (is_array($CONFIG['default_imap_folders']))
$IMAP->set_default_mailboxes($CONFIG['default_imap_folders']);
if (!empty($_SESSION['mbox']))
$IMAP->set_mailbox($_SESSION['mbox']);
if (isset($_SESSION['page']))
$IMAP->set_page($_SESSION['page']);
}
// do these things on script shutdown
function rcmail_shutdown()
{
global $IMAP;
if (is_object($IMAP))
{
$IMAP->close();
$IMAP->write_cache();
}
// before closing the database connection, write session data
session_write_close();
}
// destroy session data and remove cookie
function rcmail_kill_session()
{
// save user preferences
$a_user_prefs = $_SESSION['user_prefs'];
if (!is_array($a_user_prefs))
$a_user_prefs = array();
if ((isset($_SESSION['sort_col']) && $_SESSION['sort_col']!=$a_user_prefs['message_sort_col']) ||
(isset($_SESSION['sort_order']) && $_SESSION['sort_order']!=$a_user_prefs['message_sort_order']))
{
$a_user_prefs['message_sort_col'] = $_SESSION['sort_col'];
$a_user_prefs['message_sort_order'] = $_SESSION['sort_order'];
rcmail_save_user_prefs($a_user_prefs);
}
- $_SESSION = array();
- session_destroy();
+ $_SESSION = array('user_lang' => $GLOBALS['sess_user_lang'], 'auth_time' => time(), 'temp' => true);
+ setcookie('sessauth', '-del-', time()-60);
}
// return correct name for a specific database table
function get_table_name($table)
{
global $CONFIG;
// return table name if configured
$config_key = 'db_table_'.$table;
if (strlen($CONFIG[$config_key]))
return $CONFIG[$config_key];
return $table;
}
// return correct name for a specific database sequence
// (used for Postres only)
function get_sequence_name($sequence)
{
global $CONFIG;
// return table name if configured
$config_key = 'db_sequence_'.$sequence;
if (strlen($CONFIG[$config_key]))
return $CONFIG[$config_key];
return $table;
}
// check the given string and returns language properties
function rcube_language_prop($lang, $prop='lang')
{
global $INSTALL_PATH;
static $rcube_languages, $rcube_language_aliases, $rcube_charsets;
if (empty($rcube_languages))
@include($INSTALL_PATH.'program/localization/index.inc');
// check if we have an alias for that language
if (!isset($rcube_languages[$lang]) && isset($rcube_language_aliases[$lang]))
$lang = $rcube_language_aliases[$lang];
// try the first two chars
if (!isset($rcube_languages[$lang]) && strlen($lang)>2)
{
$lang = substr($lang, 0, 2);
$lang = rcube_language_prop($lang);
}
if (!isset($rcube_languages[$lang]))
$lang = 'en_US';
// language has special charset configured
if (isset($rcube_charsets[$lang]))
$charset = $rcube_charsets[$lang];
else
$charset = 'UTF-8';
if ($prop=='charset')
return $charset;
else
return $lang;
}
// init output object for GUI and add common scripts
function load_gui()
{
global $CONFIG, $OUTPUT, $COMM_PATH, $JS_OBJECT_NAME, $sess_user_lang;
// init output page
$OUTPUT = new rcube_html_page();
// add common javascripts
$javascript = "var $JS_OBJECT_NAME = new rcube_webmail();\n";
$javascript .= sprintf("%s.set_env('comm_path', '%s');\n", $JS_OBJECT_NAME, str_replace('&', '&', $COMM_PATH));
if (isset($CONFIG['javascript_config'] )){
foreach ($CONFIG['javascript_config'] as $js_config_var){
$javascript .= "$JS_OBJECT_NAME.set_env('$js_config_var', '" . $CONFIG[$js_config_var] . "');\n";
}
}
// don't wait for page onload. Call init at the bottom of the page (delayed)
$javascript_foot = "if (window.call_init)\n call_init('$JS_OBJECT_NAME');";
if (!empty($GLOBALS['_framed']))
$javascript .= "$JS_OBJECT_NAME.set_env('framed', true);\n";
$OUTPUT->add_script($javascript, 'head');
$OUTPUT->add_script($javascript_foot, 'foot');
$OUTPUT->include_script('common.js');
$OUTPUT->include_script('app.js');
$OUTPUT->scripts_path = 'program/js/';
// set locale setting
rcmail_set_locale($sess_user_lang);
// set user-selected charset
if (!empty($CONFIG['charset']))
$OUTPUT->set_charset($CONFIG['charset']);
// add some basic label to client
rcube_add_label('loading','checkingmail');
}
// set localization charset based on the given language
function rcmail_set_locale($lang)
{
global $OUTPUT, $CHARSET, $MBSTRING;
static $s_mbstring_loaded = NULL;
// settings for mbstring module (by Tadashi Jokagi)
if (is_null($s_mbstring_loaded))
$MBSTRING = $s_mbstring_loaded = extension_loaded("mbstring");
else
$MBSTRING = $s_mbstring_loaded = FALSE;
if ($MBSTRING)
mb_internal_encoding($CHARSET);
$OUTPUT->set_charset(rcube_language_prop($lang, 'charset'));
}
// auto-select IMAP host based on the posted login information
function rcmail_autoselect_host()
{
global $CONFIG;
$host = isset($_POST['_host']) ? get_input_value('_host', RCUBE_INPUT_POST) : $CONFIG['default_host'];
if (is_array($host))
{
list($user, $domain) = explode('@', get_input_value('_user', RCUBE_INPUT_POST));
if (!empty($domain))
{
foreach ($host as $imap_host => $mail_domains)
if (is_array($mail_domains) && in_array($domain, $mail_domains))
{
$host = $imap_host;
break;
}
}
// take the first entry if $host is still an array
if (is_array($host))
$host = array_shift($host);
}
return $host;
}
// perfom login to the IMAP server and to the webmail service
function rcmail_login($user, $pass, $host=NULL)
{
global $CONFIG, $IMAP, $DB, $sess_user_lang;
$user_id = NULL;
if (!$host)
$host = $CONFIG['default_host'];
// Validate that selected host is in the list of configured hosts
if (is_array($CONFIG['default_host']))
{
$allowed = FALSE;
foreach ($CONFIG['default_host'] as $key => $host_allowed)
{
if (!is_numeric($key))
$host_allowed = $key;
if ($host == $host_allowed)
{
$allowed = TRUE;
break;
}
}
if (!$allowed)
return FALSE;
}
else if (!empty($CONFIG['default_host']) && $host != $CONFIG['default_host'])
return FALSE;
// parse $host URL
$a_host = parse_url($host);
if ($a_host['host'])
{
$host = $a_host['host'];
$imap_ssl = (isset($a_host['scheme']) && in_array($a_host['scheme'], array('ssl','imaps','tls'))) ? TRUE : FALSE;
$imap_port = isset($a_host['port']) ? $a_host['port'] : ($imap_ssl ? 993 : $CONFIG['default_port']);
}
else
$imap_port = $CONFIG['default_port'];
/* Modify username with domain if required
Inspired by Marco <P0L0_notspam_binware.org>
*/
// Check if we need to add domain
if (!empty($CONFIG['username_domain']) && !strstr($user, '@'))
{
if (is_array($CONFIG['username_domain']) && isset($CONFIG['username_domain'][$host]))
$user .= '@'.$CONFIG['username_domain'][$host];
else if (is_string($CONFIG['username_domain']))
$user .= '@'.$CONFIG['username_domain'];
}
// query if user already registered
$sql_result = $DB->query("SELECT user_id, username, language, preferences
FROM ".get_table_name('users')."
WHERE mail_host=? AND (username=? OR alias=?)",
$host,
$user,
$user);
// user already registered -> overwrite username
if ($sql_arr = $DB->fetch_assoc($sql_result))
{
$user_id = $sql_arr['user_id'];
$user = $sql_arr['username'];
}
// try to resolve email address from virtuser table
if (!empty($CONFIG['virtuser_file']) && strstr($user, '@'))
$user = rcmail_email2user($user);
// exit if IMAP login failed
if (!($imap_login = $IMAP->connect($host, $user, $pass, $imap_port, $imap_ssl)))
return FALSE;
// user already registered
if ($user_id && !empty($sql_arr))
{
// get user prefs
if (strlen($sql_arr['preferences']))
{
$user_prefs = unserialize($sql_arr['preferences']);
$_SESSION['user_prefs'] = $user_prefs;
array_merge($CONFIG, $user_prefs);
}
// set user specific language
if (strlen($sql_arr['language']))
$sess_user_lang = $_SESSION['user_lang'] = $sql_arr['language'];
// update user's record
$DB->query("UPDATE ".get_table_name('users')."
SET last_login=".$DB->now()."
WHERE user_id=?",
$user_id);
}
// create new system user
else if ($CONFIG['auto_create_user'])
{
$user_id = rcmail_create_user($user, $host);
}
if ($user_id)
{
$_SESSION['user_id'] = $user_id;
$_SESSION['imap_host'] = $host;
$_SESSION['imap_port'] = $imap_port;
$_SESSION['imap_ssl'] = $imap_ssl;
$_SESSION['username'] = $user;
$_SESSION['user_lang'] = $sess_user_lang;
$_SESSION['password'] = encrypt_passwd($pass);
$_SESSION['login_time'] = mktime();
// force reloading complete list of subscribed mailboxes
rcmail_set_imap_prop();
$IMAP->clear_cache('mailboxes');
$IMAP->create_default_folders();
return TRUE;
}
return FALSE;
}
// create new entry in users and identities table
function rcmail_create_user($user, $host)
{
global $DB, $CONFIG, $IMAP;
$user_email = '';
// try to resolve user in virtusertable
if (!empty($CONFIG['virtuser_file']) && strstr($user, '@')==FALSE)
$user_email = rcmail_user2email($user);
$DB->query("INSERT INTO ".get_table_name('users')."
(created, last_login, username, mail_host, alias, language)
VALUES (".$DB->now().", ".$DB->now().", ?, ?, ?, ?)",
strip_newlines($user),
strip_newlines($host),
strip_newlines($user_email),
$_SESSION['user_lang']);
if ($user_id = $DB->insert_id(get_sequence_name('users')))
{
$mail_domain = rcmail_mail_domain($host);
if ($user_email=='')
$user_email = strstr($user, '@') ? $user : sprintf('%s@%s', $user, $mail_domain);
$user_name = $user!=$user_email ? $user : '';
// try to resolve the e-mail address from the virtuser table
if (!empty($CONFIG['virtuser_query']) &&
($sql_result = $DB->query(preg_replace('/%u/', $user, $CONFIG['virtuser_query']))) &&
($DB->num_rows()>0))
while ($sql_arr = $DB->fetch_array($sql_result))
{
$DB->query("INSERT INTO ".get_table_name('identities')."
(user_id, del, standard, name, email)
VALUES (?, 0, 1, ?, ?)",
$user_id,
strip_newlines($user_name),
preg_replace('/^@/', $user . '@', $sql_arr[0]));
}
else
{
// also create new identity records
$DB->query("INSERT INTO ".get_table_name('identities')."
(user_id, del, standard, name, email)
VALUES (?, 0, 1, ?, ?)",
$user_id,
strip_newlines($user_name),
strip_newlines($user_email));
}
// get existing mailboxes
$a_mailboxes = $IMAP->list_mailboxes();
}
else
{
raise_error(array('code' => 500,
'type' => 'php',
'line' => __LINE__,
'file' => __FILE__,
'message' => "Failed to create new user"), TRUE, FALSE);
}
return $user_id;
}
// load virtuser table in array
function rcmail_getvirtualfile()
{
global $CONFIG;
if (empty($CONFIG['virtuser_file']) || !is_file($CONFIG['virtuser_file']))
return FALSE;
// read file
$a_lines = file($CONFIG['virtuser_file']);
return $a_lines;
}
// find matches of the given pattern in virtuser table
function rcmail_findinvirtual($pattern)
{
$result = array();
$virtual = rcmail_getvirtualfile();
if ($virtual==FALSE)
return $result;
// check each line for matches
foreach ($virtual as $line)
{
$line = trim($line);
if (empty($line) || $line{0}=='#')
continue;
if (eregi($pattern, $line))
$result[] = $line;
}
return $result;
}
// resolve username with virtuser table
function rcmail_email2user($email)
{
$user = $email;
$r = rcmail_findinvirtual("^$email");
for ($i=0; $i<count($r); $i++)
{
$data = $r[$i];
$arr = preg_split('/\s+/', $data);
if(count($arr)>0)
{
$user = trim($arr[count($arr)-1]);
break;
}
}
return $user;
}
// resolve e-mail address with virtuser table
function rcmail_user2email($user)
{
$email = "";
$r = rcmail_findinvirtual("$user$");
for ($i=0; $i<count($r); $i++)
{
$data=$r[$i];
$arr = preg_split('/\s+/', $data);
if (count($arr)>0)
{
$email = trim($arr[0]);
break;
}
}
return $email;
}
function rcmail_save_user_prefs($a_user_prefs)
{
global $DB, $CONFIG, $sess_user_lang;
$DB->query("UPDATE ".get_table_name('users')."
SET preferences=?,
language=?
WHERE user_id=?",
serialize($a_user_prefs),
$sess_user_lang,
$_SESSION['user_id']);
if ($DB->affected_rows())
{
$_SESSION['user_prefs'] = $a_user_prefs;
$CONFIG = array_merge($CONFIG, $a_user_prefs);
return TRUE;
}
return FALSE;
}
// overwrite action variable
function rcmail_overwrite_action($action)
{
global $OUTPUT, $JS_OBJECT_NAME;
$GLOBALS['_action'] = $action;
$OUTPUT->add_script(sprintf("\n%s.set_env('action', '%s');", $JS_OBJECT_NAME, $action));
}
function show_message($message, $type='notice', $vars=NULL)
{
global $OUTPUT, $JS_OBJECT_NAME, $REMOTE_REQUEST;
$framed = $GLOBALS['_framed'];
$command = sprintf("display_message('%s', '%s');",
JQ(rcube_label(array('name' => $message, 'vars' => $vars))),
$type);
if ($REMOTE_REQUEST)
return 'this.'.$command;
else
$OUTPUT->add_script(sprintf("%s%s.%s\n",
$framed ? sprintf('if(parent.%s)parent.', $JS_OBJECT_NAME) : '',
$JS_OBJECT_NAME,
$command));
}
// encrypt IMAP password using DES encryption
function encrypt_passwd($pass)
{
$cypher = des(get_des_key(), $pass, 1, 0, NULL);
return base64_encode($cypher);
}
// decrypt IMAP password using DES encryption
function decrypt_passwd($cypher)
{
$pass = des(get_des_key(), base64_decode($cypher), 0, 0, NULL);
return preg_replace('/\x00/', '', $pass);
}
// return a 24 byte key for the DES encryption
function get_des_key()
{
$key = !empty($GLOBALS['CONFIG']['des_key']) ? $GLOBALS['CONFIG']['des_key'] : 'rcmail?24BitPwDkeyF**ECB';
$len = strlen($key);
// make sure the key is exactly 24 chars long
if ($len<24)
$key .= str_repeat('_', 24-$len);
else if ($len>24)
substr($key, 0, 24);
return $key;
}
// send correct response on a remote request
function rcube_remote_response($js_code, $flush=FALSE)
{
global $OUTPUT, $CHARSET;
static $s_header_sent = FALSE;
if (!$s_header_sent)
{
$s_header_sent = TRUE;
send_nocacheing_headers();
header('Content-Type: application/x-javascript; charset='.$CHARSET);
print '/** remote response ['.date('d/M/Y h:i:s O')."] **/\n";
}
// send response code
print rcube_charset_convert($js_code, $CHARSET, $OUTPUT->get_charset());
if ($flush) // flush the output buffer
flush();
else // terminate script
exit;
}
// send correctly formatted response for a request posted to an iframe
function rcube_iframe_response($js_code='')
{
global $OUTPUT, $JS_OBJECT_NAME;
if (!empty($js_code))
$OUTPUT->add_script("if(parent.$JS_OBJECT_NAME){\n" . $js_code . "\n}");
$OUTPUT->write();
exit;
}
// read directory program/localization/ and return a list of available languages
function rcube_list_languages()
{
global $CONFIG, $INSTALL_PATH;
static $sa_languages = array();
if (!sizeof($sa_languages))
{
@include($INSTALL_PATH.'program/localization/index.inc');
if ($dh = @opendir($INSTALL_PATH.'program/localization'))
{
while (($name = readdir($dh)) !== false)
{
if ($name{0}=='.' || !is_dir($INSTALL_PATH.'program/localization/'.$name))
continue;
if ($label = $rcube_languages[$name])
$sa_languages[$name] = $label ? $label : $name;
}
closedir($dh);
}
}
return $sa_languages;
}
// add a localized label to the client environment
function rcube_add_label()
{
global $OUTPUT, $JS_OBJECT_NAME;
$arg_list = func_get_args();
foreach ($arg_list as $i => $name)
$OUTPUT->add_script(sprintf("%s.add_label('%s', '%s');",
$JS_OBJECT_NAME,
$name,
JQ(rcube_label($name))));
}
// remove temp files older than two day
function rcmail_temp_gc()
{
$tmp = unslashify($CONFIG['temp_dir']);
$expire = mktime() - 172800; // expire in 48 hours
if ($dir = opendir($tmp))
{
while (($fname = readdir($dir)) !== false)
{
if ($fname{0} == '.')
continue;
if (filemtime($tmp.'/'.$fname) < $expire)
@unlink($tmp.'/'.$fname);
}
closedir($dir);
}
}
// remove all expired message cache records
function rcmail_message_cache_gc()
{
global $DB, $CONFIG;
// no cache lifetime configured
if (empty($CONFIG['message_cache_lifetime']))
return;
// get target timestamp
$ts = get_offset_time($CONFIG['message_cache_lifetime'], -1);
$DB->query("DELETE FROM ".get_table_name('messages')."
WHERE created < ".$DB->fromunixtime($ts));
}
/**
* Convert a string from one charset to another.
* Uses mbstring and iconv functions if possible
*
* @param string Input string
* @param string Suspected charset of the input string
* @param string Target charset to convert to; defaults to $GLOBALS['CHARSET']
* @return Converted string
*/
function rcube_charset_convert($str, $from, $to=NULL)
{
global $MBSTRING;
$from = strtoupper($from);
$to = $to==NULL ? strtoupper($GLOBALS['CHARSET']) : strtoupper($to);
if ($from==$to || $str=='' || empty($from))
return $str;
// convert charset using mbstring module
if ($MBSTRING)
{
$to = $to=="UTF-7" ? "UTF7-IMAP" : $to;
$from = $from=="UTF-7" ? "UTF7-IMAP": $from;
// return if convert succeeded
if (($out = mb_convert_encoding($str, $to, $from)) != '')
return $out;
}
// convert charset using iconv module
if (function_exists('iconv') && $from!='UTF-7' && $to!='UTF-7')
return iconv($from, $to, $str);
$conv = new utf8();
// convert string to UTF-8
if ($from=='UTF-7')
$str = utf7_to_utf8($str);
else if (($from=='ISO-8859-1') && function_exists('utf8_encode'))
$str = utf8_encode($str);
else if ($from!='UTF-8')
{
$conv->loadCharset($from);
$str = $conv->strToUtf8($str);
}
// encode string for output
if ($to=='UTF-7')
return utf8_to_utf7($str);
else if ($to=='ISO-8859-1' && function_exists('utf8_decode'))
return utf8_decode($str);
else if ($to!='UTF-8')
{
$conv->loadCharset($to);
return $conv->utf8ToStr($str);
}
// return UTF-8 string
return $str;
}
/**
* Replacing specials characters to a specific encoding type
*
* @param string Input string
* @param string Encoding type: text|html|xml|js|url
* @param string Replace mode for tags: show|replace|remove
* @param boolean Convert newlines
* @return The quoted string
*/
function rep_specialchars_output($str, $enctype='', $mode='', $newlines=TRUE)
{
global $OUTPUT_TYPE, $OUTPUT;
static $html_encode_arr, $js_rep_table, $xml_rep_table;
if (!$enctype)
$enctype = $GLOBALS['OUTPUT_TYPE'];
// convert nbsps back to normal spaces if not html
if ($enctype!='html')
$str = str_replace(chr(160), ' ', $str);
// encode for plaintext
if ($enctype=='text')
return str_replace("\r\n", "\n", $mode=='remove' ? strip_tags($str) : $str);
// encode for HTML output
if ($enctype=='html')
{
if (!$html_encode_arr)
{
$html_encode_arr = get_html_translation_table(HTML_SPECIALCHARS);
unset($html_encode_arr['?']);
}
$ltpos = strpos($str, '<');
$encode_arr = $html_encode_arr;
// don't replace quotes and html tags
if (($mode=='show' || $mode=='') && $ltpos!==false && strpos($str, '>', $ltpos)!==false)
{
unset($encode_arr['"']);
unset($encode_arr['<']);
unset($encode_arr['>']);
unset($encode_arr['&']);
}
else if ($mode=='remove')
$str = strip_tags($str);
// avoid douple quotation of &
$out = preg_replace('/&([a-z]{2,5}|#[0-9]{2,4});/', '&\\1;', strtr($str, $encode_arr));
return $newlines ? nl2br($out) : $out;
}
if ($enctype=='url')
return rawurlencode($str);
// if the replace tables for XML and JS are not yet defined
if (!$js_rep_table)
{
$js_rep_table = $xml_rep_table = array();
$xml_rep_table['&'] = '&';
for ($c=160; $c<256; $c++) // can be increased to support more charsets
{
$hex = dechex($c);
$xml_rep_table[Chr($c)] = "&#$c;";
if ($OUTPUT->get_charset()=='ISO-8859-1')
$js_rep_table[Chr($c)] = sprintf("\u%s%s", str_repeat('0', 4-strlen($hex)), $hex);
}
$xml_rep_table['"'] = '"';
}
// encode for XML
if ($enctype=='xml')
return strtr($str, $xml_rep_table);
// encode for javascript use
if ($enctype=='js')
{
if ($OUTPUT->get_charset()!='UTF-8')
$str = rcube_charset_convert($str, $GLOBALS['CHARSET'], $OUTPUT->get_charset());
return addslashes(preg_replace(array("/\r\n/", "/\r/"), array('\n', '\n'), strtr($str, $js_rep_table)));
}
// no encoding given -> return original string
return $str;
}
/**
* Quote a given string. Alias function for rep_specialchars_output
* @see rep_specialchars_output
*/
function Q($str, $mode='strict', $newlines=TRUE)
{
return rep_specialchars_output($str, 'html', $mode, $newlines);
}
/**
* Quote a given string. Alias function for rep_specialchars_output
* @see rep_specialchars_output
*/
function JQ($str)
{
return rep_specialchars_output($str, 'js');
}
/**
* Read input value and convert it for internal use
* Performs stripslashes() and charset conversion if necessary
*
* @param string Field name to read
* @param int Source to get value from (GPC)
* @param boolean Allow HTML tags in field value
* @param string Charset to convert into
* @return string Field value or NULL if not available
*/
function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL)
{
global $OUTPUT;
$value = NULL;
if ($source==RCUBE_INPUT_GET && isset($_GET[$fname]))
$value = $_GET[$fname];
else if ($source==RCUBE_INPUT_POST && isset($_POST[$fname]))
$value = $_POST[$fname];
else if ($source==RCUBE_INPUT_GPC)
{
if (isset($_POST[$fname]))
$value = $_POST[$fname];
else if (isset($_GET[$fname]))
$value = $_GET[$fname];
else if (isset($_COOKIE[$fname]))
$value = $_COOKIE[$fname];
}
// strip slashes if magic_quotes enabled
if ((bool)get_magic_quotes_gpc())
$value = stripslashes($value);
// remove HTML tags if not allowed
if (!$allow_html)
$value = strip_tags($value);
// convert to internal charset
if (is_object($OUTPUT))
return rcube_charset_convert($value, $OUTPUT->get_charset(), $charset);
else
return $value;
}
/**
* Remove single and double quotes from given string
*/
function strip_quotes($str)
{
return preg_replace('/[\'"]/', '', $str);
}
/**
* Remove new lines characters from given string
*/
function strip_newlines($str)
{
return preg_replace('/[\r\n]/', '', $str);
}
// ************** template parsing and gui functions **************
// return boolean if a specific template exists
function template_exists($name)
{
global $CONFIG, $OUTPUT;
$skin_path = $CONFIG['skin_path'];
// check template file
return is_file("$skin_path/templates/$name.html");
}
// get page template an replace variable
// similar function as used in nexImage
function parse_template($name='main', $exit=TRUE)
{
global $CONFIG, $OUTPUT;
$skin_path = $CONFIG['skin_path'];
// read template file
$templ = '';
$path = "$skin_path/templates/$name.html";
if($fp = @fopen($path, 'r'))
{
$templ = fread($fp, filesize($path));
fclose($fp);
}
else
{
raise_error(array('code' => 500,
'type' => 'php',
'line' => __LINE__,
'file' => __FILE__,
'message' => "Error loading template for '$name'"), TRUE, TRUE);
return FALSE;
}
// parse for specialtags
$output = parse_rcube_xml(parse_rcube_conditions($templ));
// add debug console
if ($CONFIG['debug_level'] & 8)
$OUTPUT->footer = '<div style="position:absolute;top:5px;left:5px;width:400px;opacity:0.8;z-index:9000;"><form name="debugform"><textarea name="console" rows="15" cols="40" style="width:400px;border:none;font-size:x-small"></textarea></form>';
$OUTPUT->write(trim(parse_with_globals($output)), $skin_path);
if ($exit)
exit;
}
// replace all strings ($varname) with the content of the according global variable
function parse_with_globals($input)
{
$GLOBALS['__comm_path'] = $GLOBALS['COMM_PATH'];
$output = preg_replace('/\$(__[a-z0-9_\-]+)/e', '$GLOBALS["\\1"]', $input);
return $output;
}
// parse conditional code
function parse_rcube_conditions($input)
{
if (($matches = preg_split('/<roundcube:(if|elseif|else|endif)\s+([^>]+)>/is', $input, 2, PREG_SPLIT_DELIM_CAPTURE)) && count($matches)==4)
{
if (preg_match('/^(else|endif)$/i', $matches[1]))
return $matches[0] . parse_rcube_conditions($matches[3]);
else
{
$attrib = parse_attrib_string($matches[2]);
if (isset($attrib['condition']))
{
$condmet = rcube_xml_condition($attrib['condition']);
$submatches = preg_split('/<roundcube:(elseif|else|endif)\s+([^>]+)>/is', $matches[3], 2, PREG_SPLIT_DELIM_CAPTURE);
if ($condmet)
$result = $submatches[0] . preg_replace('/.*<roundcube:endif\s+[^>]+>/is', '', $submatches[3]);
else
$result = "<roundcube:$submatches[1] $submatches[2]>" . $submatches[3];
return $matches[0] . parse_rcube_conditions($result);
}
else
{
raise_error(array('code' => 500, 'type' => 'php', 'line' => __LINE__, 'file' => __FILE__,
'message' => "Unable to parse conditional tag " . $matches[2]), TRUE, FALSE);
}
}
}
return $input;
}
/**
* Determines if a given condition is met
*
* @return True if condition is valid, False is not
*/
function rcube_xml_condition($condition)
{
$condition = preg_replace(
array('/session:([a-z0-9_]+)/i', '/config:([a-z0-9_]+)/i', '/request:([a-z0-9_]+)/ie'),
array("\$_SESSION['\\1']", "\$GLOBALS['CONFIG']['\\1']", "get_input_value('\\1', RCUBE_INPUT_GPC)"),
$condition);
return @eval("return (".$condition.");");
}
function parse_rcube_xml($input)
{
$output = preg_replace('/<roundcube:([-_a-z]+)\s+([^>]+)>/Uie', "rcube_xml_command('\\1', '\\2')", $input);
return $output;
}
/**
* Convert a xml command tag into real content
*/
function rcube_xml_command($command, $str_attrib, $add_attrib=array())
{
global $IMAP, $CONFIG, $OUTPUT;
$command = strtolower($command);
$attrib = parse_attrib_string($str_attrib) + $add_attrib;
// empty output if required condition is not met
if (!empty($attrib['condition']) && !rcube_xml_condition($attrib['condition']))
return '';
// execute command
switch ($command)
{
// return a button
case 'button':
if ($attrib['command'])
return rcube_button($attrib);
break;
// show a label
case 'label':
if ($attrib['name'] || $attrib['command'])
return Q(rcube_label($attrib));
break;
// create a menu item
case 'menu':
if ($attrib['command'] && $attrib['group'])
rcube_menu($attrib);
break;
// include a file
case 'include':
$path = realpath($CONFIG['skin_path'].$attrib['file']);
if($fp = @fopen($path, 'r'))
{
$incl = fread($fp, filesize($path));
fclose($fp);
return parse_rcube_xml($incl);
}
break;
// return code for a specific application object
case 'object':
$object = strtolower($attrib['name']);
$object_handlers = array(
// GENERAL
'loginform' => 'rcmail_login_form',
'username' => 'rcmail_current_username',
// MAIL
'mailboxlist' => 'rcmail_mailbox_list',
'message' => 'rcmail_message_container',
'messages' => 'rcmail_message_list',
'messagecountdisplay' => 'rcmail_messagecount_display',
'quotadisplay' => 'rcmail_quota_display',
'messageheaders' => 'rcmail_message_headers',
'messagebody' => 'rcmail_message_body',
'messageattachments' => 'rcmail_message_attachments',
'blockedobjects' => 'rcmail_remote_objects_msg',
'messagecontentframe' => 'rcmail_messagecontent_frame',
'messagepartframe' => 'rcmail_message_part_frame',
'messagepartcontrols' => 'rcmail_message_part_controls',
'composeheaders' => 'rcmail_compose_headers',
'composesubject' => 'rcmail_compose_subject',
'composebody' => 'rcmail_compose_body',
'composeattachmentlist' => 'rcmail_compose_attachment_list',
'composeattachmentform' => 'rcmail_compose_attachment_form',
'composeattachment' => 'rcmail_compose_attachment_field',
'priorityselector' => 'rcmail_priority_selector',
'charsetselector' => 'rcmail_charset_selector',
'editorselector' => 'rcmail_editor_selector',
'searchform' => 'rcmail_search_form',
'receiptcheckbox' => 'rcmail_receipt_checkbox',
// ADDRESS BOOK
'addresslist' => 'rcmail_contacts_list',
'addressframe' => 'rcmail_contact_frame',
'recordscountdisplay' => 'rcmail_rowcount_display',
'contactdetails' => 'rcmail_contact_details',
'contacteditform' => 'rcmail_contact_editform',
'ldappublicsearch' => 'rcmail_ldap_public_search_form',
'ldappublicaddresslist' => 'rcmail_ldap_public_list',
// USER SETTINGS
'userprefs' => 'rcmail_user_prefs_form',
'itentitieslist' => 'rcmail_identities_list',
'identityframe' => 'rcmail_identity_frame',
'identityform' => 'rcube_identity_form',
'foldersubscription' => 'rcube_subscription_form',
'createfolder' => 'rcube_create_folder_form',
'renamefolder' => 'rcube_rename_folder_form',
'composebody' => 'rcmail_compose_body'
);
// execute object handler function
if ($object_handlers[$object] && function_exists($object_handlers[$object]))
return call_user_func($object_handlers[$object], $attrib);
else if ($object=='productname')
{
$name = !empty($CONFIG['product_name']) ? $CONFIG['product_name'] : 'RoundCube Webmail';
return Q($name);
}
else if ($object=='version')
{
return (string)RCMAIL_VERSION;
}
else if ($object=='pagetitle')
{
$task = $GLOBALS['_task'];
$title = !empty($CONFIG['product_name']) ? $CONFIG['product_name'].' :: ' : '';
if ($task=='login')
$title = rcube_label(array('name' => 'welcome', 'vars' => array('product' => $CONFIG['product_name'])));
else if ($task=='mail' && isset($GLOBALS['MESSAGE']['subject']))
$title .= $GLOBALS['MESSAGE']['subject'];
else if (isset($GLOBALS['PAGE_TITLE']))
$title .= $GLOBALS['PAGE_TITLE'];
else if ($task=='mail' && ($mbox_name = $IMAP->get_mailbox_name()))
$title .= rcube_charset_convert($mbox_name, 'UTF-7', 'UTF-8');
else
$title .= ucfirst($task);
return Q($title);
}
break;
}
return '';
}
// create and register a button
function rcube_button($attrib)
{
global $CONFIG, $OUTPUT, $JS_OBJECT_NAME, $BROWSER, $COMM_PATH, $MAIN_TASKS;
static $sa_buttons = array();
static $s_button_count = 100;
// these commands can be called directly via url
$a_static_commands = array('compose', 'list');
$skin_path = $CONFIG['skin_path'];
if (!($attrib['command'] || $attrib['name']))
return '';
// try to find out the button type
if ($attrib['type'])
$attrib['type'] = strtolower($attrib['type']);
else
$attrib['type'] = ($attrib['image'] || $attrib['imagepas'] || $attrib['imageact']) ? 'image' : 'link';
$command = $attrib['command'];
// take the button from the stack
if($attrib['name'] && $sa_buttons[$attrib['name']])
$attrib = $sa_buttons[$attrib['name']];
// add button to button stack
else if($attrib['image'] || $attrib['imageact'] || $attrib['imagepas'] || $attrib['class'])
{
if(!$attrib['name'])
$attrib['name'] = $command;
if (!$attrib['image'])
$attrib['image'] = $attrib['imagepas'] ? $attrib['imagepas'] : $attrib['imageact'];
$sa_buttons[$attrib['name']] = $attrib;
}
// get saved button for this command/name
else if ($command && $sa_buttons[$command])
$attrib = $sa_buttons[$command];
//else
// return '';
// set border to 0 because of the link arround the button
if ($attrib['type']=='image' && !isset($attrib['border']))
$attrib['border'] = 0;
if (!$attrib['id'])
$attrib['id'] = sprintf('rcmbtn%d', $s_button_count++);
// get localized text for labels and titles
if ($attrib['title'])
$attrib['title'] = Q(rcube_label($attrib['title']));
if ($attrib['label'])
$attrib['label'] = Q(rcube_label($attrib['label']));
if ($attrib['alt'])
$attrib['alt'] = Q(rcube_label($attrib['alt']));
// set title to alt attribute for IE browsers
if ($BROWSER['ie'] && $attrib['title'] && !$attrib['alt'])
{
$attrib['alt'] = $attrib['title'];
unset($attrib['title']);
}
// add empty alt attribute for XHTML compatibility
if (!isset($attrib['alt']))
$attrib['alt'] = '';
// register button in the system
if ($attrib['command'])
{
$OUTPUT->add_script(sprintf("%s.register_button('%s', '%s', '%s', '%s', '%s', '%s');",
$JS_OBJECT_NAME,
$command,
$attrib['id'],
$attrib['type'],
$attrib['imageact'] ? $skin_path.$attrib['imageact'] : $attrib['classact'],
$attrib['imagesel'] ? $skin_path.$attrib['imagesel'] : $attrib['classsel'],
$attrib['imageover'] ? $skin_path.$attrib['imageover'] : ''));
// make valid href to specific buttons
if (in_array($attrib['command'], $MAIN_TASKS))
$attrib['href'] = htmlentities(ereg_replace('_task=[a-z]+', '_task='.$attrib['command'], $COMM_PATH));
else if (in_array($attrib['command'], $a_static_commands))
$attrib['href'] = htmlentities($COMM_PATH.'&_action='.$attrib['command']);
}
// overwrite attributes
if (!$attrib['href'])
$attrib['href'] = '#';
if ($command)
$attrib['onclick'] = sprintf("return %s.command('%s','%s',this)", $JS_OBJECT_NAME, $command, $attrib['prop']);
if ($command && $attrib['imageover'])
{
$attrib['onmouseover'] = sprintf("return %s.button_over('%s','%s')", $JS_OBJECT_NAME, $command, $attrib['id']);
$attrib['onmouseout'] = sprintf("return %s.button_out('%s','%s')", $JS_OBJECT_NAME, $command, $attrib['id']);
}
if ($command && $attrib['imagesel'])
{
$attrib['onmousedown'] = sprintf("return %s.button_sel('%s','%s')", $JS_OBJECT_NAME, $command, $attrib['id']);
$attrib['onmouseup'] = sprintf("return %s.button_out('%s','%s')", $JS_OBJECT_NAME, $command, $attrib['id']);
}
$out = '';
// generate image tag
if ($attrib['type']=='image')
{
$attrib_str = create_attrib_string($attrib, array('style', 'class', 'id', 'width', 'height', 'border', 'hspace', 'vspace', 'align', 'alt'));
$img_tag = sprintf('<img src="%%s"%s />', $attrib_str);
$btn_content = sprintf($img_tag, $skin_path.$attrib['image']);
if ($attrib['label'])
$btn_content .= ' '.$attrib['label'];
$link_attrib = array('href', 'onclick', 'onmouseover', 'onmouseout', 'onmousedown', 'onmouseup', 'title');
}
else if ($attrib['type']=='link')
{
$btn_content = $attrib['label'] ? $attrib['label'] : $attrib['command'];
$link_attrib = array('href', 'onclick', 'title', 'id', 'class', 'style');
}
else if ($attrib['type']=='input')
{
$attrib['type'] = 'button';
if ($attrib['label'])
$attrib['value'] = $attrib['label'];
$attrib_str = create_attrib_string($attrib, array('type', 'value', 'onclick', 'id', 'class', 'style'));
$out = sprintf('<input%s disabled />', $attrib_str);
}
// generate html code for button
if ($btn_content)
{
$attrib_str = create_attrib_string($attrib, $link_attrib);
$out = sprintf('<a%s>%s</a>', $attrib_str, $btn_content);
}
return $out;
}
function rcube_menu($attrib)
{
return '';
}
function rcube_table_output($attrib, $table_data, $a_show_cols, $id_col)
{
global $DB;
// allow the following attributes to be added to the <table> tag
$attrib_str = create_attrib_string($attrib, array('style', 'class', 'id', 'cellpadding', 'cellspacing', 'border', 'summary'));
$table = '<table' . $attrib_str . ">\n";
// add table title
$table .= "<thead><tr>\n";
foreach ($a_show_cols as $col)
$table .= '<td class="'.$col.'">' . Q(rcube_label($col)) . "</td>\n";
$table .= "</tr></thead>\n<tbody>\n";
$c = 0;
if (!is_array($table_data))
{
while ($table_data && ($sql_arr = $DB->fetch_assoc($table_data)))
{
$zebra_class = $c%2 ? 'even' : 'odd';
$table .= sprintf('<tr id="rcmrow%d" class="contact '.$zebra_class.'">'."\n", $sql_arr[$id_col]);
// format each col
foreach ($a_show_cols as $col)
{
$cont = Q($sql_arr[$col]);
$table .= '<td class="'.$col.'">' . $cont . "</td>\n";
}
$table .= "</tr>\n";
$c++;
}
}
else
{
foreach ($table_data as $row_data)
{
$zebra_class = $c%2 ? 'even' : 'odd';
$table .= sprintf('<tr id="rcmrow%d" class="contact '.$zebra_class.'">'."\n", $row_data[$id_col]);
// format each col
foreach ($a_show_cols as $col)
{
$cont = Q($row_data[$col]);
$table .= '<td class="'.$col.'">' . $cont . "</td>\n";
}
$table .= "</tr>\n";
$c++;
}
}
// complete message table
$table .= "</tbody></table>\n";
return $table;
}
/**
* Create an edit field for inclusion on a form
*
* @param string col field name
* @param string value field value
* @param array attrib HTML element attributes for field
* @param string type HTML element type (default 'text')
* @return string HTML field definition
*/
function rcmail_get_edit_field($col, $value, $attrib, $type='text')
{
$fname = '_'.$col;
$attrib['name'] = $fname;
if ($type=='checkbox')
{
$attrib['value'] = '1';
$input = new checkbox($attrib);
}
else if ($type=='textarea')
{
$attrib['cols'] = $attrib['size'];
$input = new textarea($attrib);
}
else
$input = new textfield($attrib);
// use value from post
if (!empty($_POST[$fname]))
$value = $_POST[$fname];
$out = $input->show($value);
return $out;
}
// compose a valid attribute string for HTML tags
function create_attrib_string($attrib, $allowed_attribs=array('id', 'class', 'style'))
{
// allow the following attributes to be added to the <iframe> tag
$attrib_str = '';
foreach ($allowed_attribs as $a)
if (isset($attrib[$a]))
$attrib_str .= sprintf(' %s="%s"', $a, str_replace('"', '"', $attrib[$a]));
return $attrib_str;
}
// convert a HTML attribute string attributes to an associative array (name => value)
function parse_attrib_string($str)
{
$attrib = array();
preg_match_all('/\s*([-_a-z]+)=(["\'])([^"]+)\2/Ui', stripslashes($str), $regs, PREG_SET_ORDER);
// convert attributes to an associative array (name => value)
if ($regs)
foreach ($regs as $attr)
$attrib[strtolower($attr[1])] = $attr[3];
return $attrib;
}
function format_date($date, $format=NULL)
{
global $CONFIG, $sess_user_lang;
$ts = NULL;
if (is_numeric($date))
$ts = $date;
else if (!empty($date))
$ts = @strtotime($date);
if (empty($ts))
return '';
// get user's timezone
$tz = $CONFIG['timezone'];
if ($CONFIG['dst_active'])
$tz++;
// convert time to user's timezone
$timestamp = $ts - date('Z', $ts) + ($tz * 3600);
// get current timestamp in user's timezone
$now = time(); // local time
$now -= (int)date('Z'); // make GMT time
$now += ($tz * 3600); // user's time
$now_date = getdate($now);
$today_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday'], $now_date['year']);
$week_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday']-6, $now_date['year']);
// define date format depending on current time
if ($CONFIG['prettydate'] && !$format && $timestamp > $today_limit && $timestamp < $now)
return sprintf('%s %s', rcube_label('today'), date($CONFIG['date_today'] ? $CONFIG['date_today'] : 'H:i', $timestamp));
else if ($CONFIG['prettydate'] && !$format && $timestamp > $week_limit && $timestamp < $now)
$format = $CONFIG['date_short'] ? $CONFIG['date_short'] : 'D H:i';
else if (!$format)
$format = $CONFIG['date_long'] ? $CONFIG['date_long'] : 'd.m.Y H:i';
// parse format string manually in order to provide localized weekday and month names
// an alternative would be to convert the date() format string to fit with strftime()
$out = '';
for($i=0; $i<strlen($format); $i++)
{
if ($format{$i}=='\\') // skip escape chars
continue;
// write char "as-is"
if ($format{$i}==' ' || $format{$i-1}=='\\')
$out .= $format{$i};
// weekday (short)
else if ($format{$i}=='D')
$out .= rcube_label(strtolower(date('D', $timestamp)));
// weekday long
else if ($format{$i}=='l')
$out .= rcube_label(strtolower(date('l', $timestamp)));
// month name (short)
else if ($format{$i}=='M')
$out .= rcube_label(strtolower(date('M', $timestamp)));
// month name (long)
else if ($format{$i}=='F')
$out .= rcube_label(strtolower(date('F', $timestamp)));
else
$out .= date($format{$i}, $timestamp);
}
return $out;
}
// ************** functions delivering gui objects **************
function rcmail_message_container($attrib)
{
global $OUTPUT, $JS_OBJECT_NAME;
if (!$attrib['id'])
$attrib['id'] = 'rcmMessageContainer';
// allow the following attributes to be added to the <table> tag
$attrib_str = create_attrib_string($attrib, array('style', 'class', 'id'));
$out = '<div' . $attrib_str . "></div>";
$OUTPUT->add_script("$JS_OBJECT_NAME.gui_object('message', '$attrib[id]');");
return $out;
}
// return the IMAP username of the current session
function rcmail_current_username($attrib)
{
global $DB;
static $s_username;
// alread fetched
if (!empty($s_username))
return $s_username;
// get e-mail address form default identity
$sql_result = $DB->query("SELECT email AS mailto
FROM ".get_table_name('identities')."
WHERE user_id=?
AND standard=1
AND del<>1",
$_SESSION['user_id']);
if ($DB->num_rows($sql_result))
{
$sql_arr = $DB->fetch_assoc($sql_result);
$s_username = $sql_arr['mailto'];
}
else if (strstr($_SESSION['username'], '@'))
$s_username = $_SESSION['username'];
else
$s_username = $_SESSION['username'].'@'.$_SESSION['imap_host'];
return $s_username;
}
// return the mail domain configured for the given host
function rcmail_mail_domain($host)
{
global $CONFIG;
$domain = $host;
if (is_array($CONFIG['mail_domain']))
{
if (isset($CONFIG['mail_domain'][$host]))
$domain = $CONFIG['mail_domain'][$host];
}
else if (!empty($CONFIG['mail_domain']))
$domain = $CONFIG['mail_domain'];
return $domain;
}
// return code for the webmail login form
function rcmail_login_form($attrib)
{
global $CONFIG, $OUTPUT, $JS_OBJECT_NAME, $SESS_HIDDEN_FIELD;
$labels = array();
$labels['user'] = rcube_label('username');
$labels['pass'] = rcube_label('password');
$labels['host'] = rcube_label('server');
$input_user = new textfield(array('name' => '_user', 'id' => 'rcmloginuser', 'size' => 30, 'autocomplete' => 'off'));
$input_pass = new passwordfield(array('name' => '_pass', 'id' => 'rcmloginpwd', 'size' => 30));
$input_action = new hiddenfield(array('name' => '_action', 'value' => 'login'));
$fields = array();
$fields['user'] = $input_user->show(get_input_value('_user', RCUBE_INPUT_POST));
$fields['pass'] = $input_pass->show();
$fields['action'] = $input_action->show();
if (is_array($CONFIG['default_host']))
{
$select_host = new select(array('name' => '_host', 'id' => 'rcmloginhost'));
foreach ($CONFIG['default_host'] as $key => $value)
{
if (!is_array($value))
$select_host->add($value, (is_numeric($key) ? $value : $key));
else
{
unset($select_host);
break;
}
}
$fields['host'] = isset($select_host) ? $select_host->show($_POST['_host']) : null;
}
else if (!strlen($CONFIG['default_host']))
{
$input_host = new textfield(array('name' => '_host', 'id' => 'rcmloginhost', 'size' => 30));
$fields['host'] = $input_host->show($_POST['_host']);
}
$form_name = strlen($attrib['form']) ? $attrib['form'] : 'form';
$form_start = !strlen($attrib['form']) ? '<form name="form" action="./" method="post">' : '';
$form_end = !strlen($attrib['form']) ? '</form>' : '';
if ($fields['host'])
$form_host = <<<EOF
</tr><tr>
<td class="title"><label for="rcmloginhost">$labels[host]</label></td>
<td>$fields[host]</td>
EOF;
$OUTPUT->add_script("$JS_OBJECT_NAME.gui_object('loginform', '$form_name');");
$out = <<<EOF
$form_start
$SESS_HIDDEN_FIELD
$fields[action]
<table><tr>
<td class="title"><label for="rcmloginuser">$labels[user]</label></td>
<td>$fields[user]</td>
</tr><tr>
<td class="title"><label for="rcmloginpwd">$labels[pass]</label></td>
<td>$fields[pass]</td>
$form_host
</tr></table>
$form_end
EOF;
return $out;
}
function rcmail_charset_selector($attrib)
{
global $OUTPUT;
// pass the following attributes to the form class
$field_attrib = array('name' => '_charset');
foreach ($attrib as $attr => $value)
if (in_array($attr, array('id', 'class', 'style', 'size', 'tabindex')))
$field_attrib[$attr] = $value;
$charsets = array(
'US-ASCII' => 'ASCII (English)',
'EUC-JP' => 'EUC-JP (Japanese)',
'EUC-KR' => 'EUC-KR (Korean)',
'BIG5' => 'BIG5 (Chinese)',
'GB2312' => 'GB2312 (Chinese)',
'ISO-2022-JP' => 'ISO-2022-JP (Japanese)',
'ISO-8859-1' => 'ISO-8859-1 (Latin-1)',
'ISO-8859-2' => 'ISO-8895-2 (Central European)',
'ISO-8859-7' => 'ISO-8859-7 (Greek)',
'ISO-8859-9' => 'ISO-8859-9 (Turkish)',
'Windows-1251' => 'Windows-1251 (Cyrillic)',
'Windows-1252' => 'Windows-1252 (Western)',
'Windows-1255' => 'Windows-1255 (Hebrew)',
'Windows-1256' => 'Windows-1256 (Arabic)',
'Windows-1257' => 'Windows-1257 (Baltic)',
'UTF-8' => 'UTF-8'
);
$select = new select($field_attrib);
$select->add(array_values($charsets), array_keys($charsets));
$set = $_POST['_charset'] ? $_POST['_charset'] : $OUTPUT->get_charset();
return $select->show($set);
}
/****** debugging functions ********/
/**
* Print or write debug messages
*
* @param mixed Debug message or data
*/
function console($msg)
{
if (!is_string($msg))
$msg = var_export($msg, true);
if (!($GLOBALS['CONFIG']['debug_level'] & 4))
write_log('console', $msg);
else if ($GLOBALS['REMOTE_REQUEST'])
print "/*\n $msg \n*/\n";
else
{
print '<div style="background:#eee; border:1px solid #ccc; margin-bottom:3px; padding:6px"><pre>';
print $msg;
print "</pre></div>\n";
}
}
/**
* Append a line to a logfile in the logs directory.
* Date will be added automatically to the line.
*
* @param $name Name of logfile
* @param $line Line to append
*/
function write_log($name, $line)
{
global $CONFIG;
if (!is_string($line))
$line = var_export($line, true);
$log_entry = sprintf("[%s]: %s\n",
date("d-M-Y H:i:s O", mktime()),
$line);
if (empty($CONFIG['log_dir']))
$CONFIG['log_dir'] = $INSTALL_PATH.'logs';
// try to open specific log file for writing
if ($fp = @fopen($CONFIG['log_dir'].'/'.$name, 'a'))
{
fwrite($fp, $log_entry);
fclose($fp);
}
}
function rcube_timer()
{
list($usec, $sec) = explode(" ", microtime());
return ((float)$usec + (float)$sec);
}
function rcube_print_time($timer, $label='Timer')
{
static $print_count = 0;
$print_count++;
$now = rcube_timer();
$diff = $now-$timer;
if (empty($label))
$label = 'Timer '.$print_count;
console(sprintf("%s: %0.4f sec", $label, $diff));
}
?>
diff --git a/program/include/session.inc b/program/include/session.inc
index 6c4687e68..59631afe1 100644
--- a/program/include/session.inc
+++ b/program/include/session.inc
@@ -1,150 +1,185 @@
<?php
/*
+-----------------------------------------------------------------------+
| program/include/session.inc |
| |
| This file is part of the RoundCube Webmail client |
| Copyright (C) 2005, RoundCube Dev, - Switzerland |
| Licensed under the GNU GPL |
| |
| PURPOSE: |
| Provide database supported session management |
| |
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
+-----------------------------------------------------------------------+
$Id$
*/
function sess_open($save_path, $session_name)
{
return TRUE;
}
function sess_close()
{
return TRUE;
}
// read session data
function sess_read($key)
{
- global $DB, $SESS_CHANGED;
+ global $DB, $SESS_CHANGED, $SESS_CLIENT_IP;
+
+ if ($DB->is_error())
+ return FALSE;
$sql_result = $DB->query("SELECT vars, ip, ".$DB->unixtimestamp('changed')." AS changed
FROM ".get_table_name('session')."
WHERE sess_id=?",
$key);
if ($sql_arr = $DB->fetch_assoc($sql_result))
{
$SESS_CHANGED = $sql_arr['changed'];
+ $SESS_CLIENT_IP = $sql_arr['ip'];
if (strlen($sql_arr['vars']))
return $sql_arr['vars'];
}
return FALSE;
}
// save session data
function sess_write($key, $vars)
{
global $DB;
+
+ if ($DB->is_error())
+ return FALSE;
$sql_result = $DB->query("SELECT 1
FROM ".get_table_name('session')."
WHERE sess_id=?",
$key);
if ($DB->num_rows($sql_result))
{
session_decode($vars);
$DB->query("UPDATE ".get_table_name('session')."
SET vars=?,
changed=".$DB->now()."
WHERE sess_id=?",
$vars,
$key);
}
else
{
$DB->query("INSERT INTO ".get_table_name('session')."
(sess_id, vars, ip, created, changed)
VALUES (?, ?, ?, ".$DB->now().", ".$DB->now().")",
$key,
$vars,
$_SERVER['REMOTE_ADDR']);
}
return TRUE;
}
// handler for session_destroy()
function sess_destroy($key)
{
global $DB;
+ if ($DB->is_error())
+ return FALSE;
+
// delete session entries in cache table
$DB->query("DELETE FROM ".get_table_name('cache')."
WHERE session_id=?",
$key);
$DB->query("DELETE FROM ".get_table_name('session')."
WHERE sess_id=?",
$key);
return TRUE;
}
// garbage collecting function
function sess_gc($maxlifetime)
{
global $DB;
+ if ($DB->is_error())
+ return FALSE;
+
// get all expired sessions
$sql_result = $DB->query("SELECT sess_id
FROM ".get_table_name('session')."
WHERE ".$DB->unixtimestamp($DB->now())."-".$DB->unixtimestamp('changed')." > ?",
$maxlifetime);
$a_exp_sessions = array();
while ($sql_arr = $DB->fetch_assoc($sql_result))
$a_exp_sessions[] = $sql_arr['sess_id'];
if (sizeof($a_exp_sessions))
{
// delete session cache records
$DB->query("DELETE FROM ".get_table_name('cache')."
WHERE session_id IN ('".join("','", $a_exp_sessions)."')");
// delete session records
$DB->query("DELETE FROM ".get_table_name('session')."
WHERE sess_id IN ('".join("','", $a_exp_sessions)."')");
}
// also run message cache GC
rcmail_message_cache_gc();
rcmail_temp_gc();
return TRUE;
}
+function sess_regenerate_id()
+ {
+ $randlen = 32;
+ $randval = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+ $random = "";
+ for ($i=1; $i <= $randlen; $i++)
+ $random .= substr($randval, rand(0,(strlen($randval) - 1)), 1);
+
+ // use md5 value for id or remove capitals from string $randval
+ $random = md5($random);
+
+ // delete old session record
+ sess_destroy(session_id());
+
+ session_id($random);
+ $cookie = session_get_cookie_params();
+ setcookie(session_name(), $random, $cookie['lifetime'], $cookie['path']);
+
+ return true;
+ }
+
+
// set custom functions for PHP session management
session_set_save_handler('sess_open', 'sess_close', 'sess_read', 'sess_write', 'sess_destroy', 'sess_gc');
?>
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Thu, Mar 19, 8:53 AM (22 h, 42 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
458528
Default Alt Text
(114 KB)
Attached To
Mode
R3 roundcubemail
Attached
Detach File
Event Timeline
Log In to Comment