added use of PHP's session management

INSTALL

@@ -28,7 +28,29 @@ a. Obtaining and compiling PHP4
   You might also want to read the INSTALL file in the PHP-distribution
   :-)
 
-b. Setting up .php files to use PHP4
+b. Changing php.ini
+
+  PHP defaults to look for php.ini (PHP's configuration file) in
+  /usr/local/lib.  However, for security reasons, it is suggested
+  that the location of this file is changed to someplace else.  This
+  can be done at configure time with the configuration directive
+  --with-config-file-path=PATH.
+
+  Squirrelmail does not use cookies as of version 0.4.  Edit the 
+  php.ini file and change session.use_cookies to 0 (false).  Also be
+  sure to change the session.save_path to someplace that can only be
+  read and written to by the webserver.  session.save_path is the
+  location that PHP's session data will be written to.
+
+  SECURITY WARNING - SquirrelMail saves non plaintext passwords in 
+  PHP's session data to log on to the IMAP server.  If a user has 
+  access to write PHP scripts on your system and knows the location 
+  where PHP stores session data, he could get a listing of the 
+  sessions being used and then read a given session's data with his 
+  own PHP script.  Caution should be used when setting up permissions
+  and locations of php.ini and the session data.
+
+c. Setting up .php files to use PHP4
 
   You need to create a .htaccess file in you SquirrelMail directory
   that looks something like this:
@@ -38,7 +60,7 @@ b. Setting up .php files to use PHP4
 
   You could also add these lines to your Apache configuration file.
 
-c. Running into trouble
+d. Running into trouble
 
   Setting up Apache with PHP4 can be a non-trivial task. Read the PHP4
   and Apache documentation carefully if you run into trouble. If you

TODO

@@ -4,7 +4,7 @@ Ideas to be implemented
 initials = taken by that person
 
 (pl?)   Importing of address books
-  -     Use PHP4 Session management, get rid of cookies
+(nre)   Use PHP4 Session management, get rid of cookies
   -     Make it possible to save preferences in MySQL DB or on Filesystem
   -     Navigation between messages without going to folder list (next, prev)
   -     Configurable headers shown on the message listing, like:  cc, to, etc

functions/display_messages.php

@@ -10,13 +10,15 @@
     $display_messages_php = true;
 
     function error_username_password_incorrect($color) {
+      global $PHPSESSID;
+
       echo "<BR>";
       echo "<TABLE COLS=1 WIDTH=75% NOBORDER BGCOLOR=\"$color[4]\" ALIGN=CENTER>";
       echo "   <TR>";
       echo "      <TD BGCOLOR=\"$color[0]\">";
       echo "         <B><CENTER>ERROR</CENTER></B>";
       echo "   </TD></TR><TR><TD>";
-      echo "      <CENTER><BR>". _("Unknown user or password incorrect.") ."<BR><A HREF=\"login.php\" TARGET=_top>". _("Click here to try again") ."</A>.</CENTER>";
+      echo "      <CENTER><BR>". _("Unknown user or password incorrect.") ."<BR><A HREF=\"login.php?PHPSESSID=$PHPSESSID\" TARGET=_top>". _("Click here to try again") ."</A>.</CENTER>";
       echo "   </TD></TR>";
       echo "</TABLE>";
       echo "</BODY></HTML>";
@@ -50,7 +52,9 @@
    }
 
     function messages_deleted_message($mailbox, $sort, $startMessage, $color) {
+      global $PHPSESSID;
       $urlMailbox = urlencode($mailbox);
+
       echo "<BR>";
       echo "<TABLE COLS=1 WIDTH=70% NOBORDER BGCOLOR=\"$color[4]\" ALIGN=CENTER>";
       echo "   <TR>";
@@ -59,7 +63,7 @@
       echo "   </TD></TR><TR><TD>";
       echo "      <CENTER><BR>". _("The selected messages were deleted successfully.") ."<BR>\n";
       echo "      <BR>";
-      echo "              <A HREF=\"webmail.php?right_frame=right_main.php&sort=$sort&startMessage=$startMessage&mailbox=$urlMailbox\" TARGET=_top>";
+      echo "              <A HREF=\"webmail.php?PHPSESSID=$PHPSESSID&right_frame=right_main.php&sort=$sort&startMessage=$startMessage&mailbox=$urlMailbox\" TARGET=_top>";
       echo "              ". _("Click here to return to ") ."$mailbox</A>.";
       echo "      </CENTER>";
       echo "   </TD></TR>";
@@ -67,7 +71,9 @@
     }
 
     function messages_moved_message($mailbox, $sort, $startMessage, $color) {
+      global $PHPSESSID;
       $urlMailbox = urlencode($mailbox);
+
       echo "<BR>";
       echo "<TABLE COLS=1 WIDTH=70% NOBORDER BGCOLOR=\"$color[4]\" ALIGN=CENTER>";
       echo "   <TR>";
@@ -76,7 +82,7 @@
       echo "   </TD></TR><TR><TD>";
       echo "      <CENTER><BR>". _("The selected messages were moved successfully.") ."<BR>\n";
       echo "      <BR>";
-      echo "              <A HREF=\"webmail.php?right_frame=right_main.php&sort=$sort&startMessage=$startMessage&mailbox=$urlMailbox\" TARGET=_top>";
+      echo "              <A HREF=\"webmail.php?PHPSESSID=$PHPSESSID&right_frame=right_main.php&sort=$sort&startMessage=$startMessage&mailbox=$urlMailbox\" TARGET=_top>";
       echo "              ". _("Click here to return to ") ."$mailbox</A>.";
       echo "      </CENTER>";
       echo "   </TD></TR>";
@@ -84,7 +90,9 @@
     }
 
     function error_message($message, $mailbox, $sort, $startMessage, $color) {
+      global $PHPSESSID;
       $urlMailbox = urlencode($mailbox);
+
       echo "<BR>";
       echo "<TABLE COLS=1 WIDTH=70% NOBORDER BGCOLOR=\"$color[4]\" ALIGN=CENTER>";
       echo "   <TR>";
@@ -93,7 +101,7 @@
       echo "   </TD></TR><TR><TD>";
       echo "      <CENTER><BR>$message<BR>\n";
       echo "      <BR>";
-      echo "              <A HREF=\"webmail.php?right_frame=right_main.php&sort=$sort&startMessage=$startMessage&mailbox=$urlMailbox\" TARGET=_top>";
+      echo "              <A HREF=\"webmail.php?PHPSESSID=$PHPSESSID&right_frame=right_main.php&sort=$sort&startMessage=$startMessage&mailbox=$urlMailbox\" TARGET=_top>";
       echo "              ". _("Click here to return to ") ."$mailbox</A>.";
       echo "      </CENTER>";
       echo "   </TD></TR>";

functions/imap_general.php

@@ -65,6 +65,7 @@
     ******************************************************************************/
    function sqimap_login ($username, $password, $imap_server_address, $imap_port, $hide) {
       global $color;
+      global $PHPSESSID;
       $imap_stream = fsockopen ($imap_server_address, $imap_port, &$error_number, &$error_string);
       $server_info = fgets ($imap_stream, 1024);
       
@@ -115,6 +116,7 @@
                      </body>
                   </html>
                <?
+               session_destroy();
                exit;
             } else {
                echo "Unknown error: $read<br>";

functions/mailbox_display.php

@@ -12,6 +12,7 @@
 
    function printMessageInfo($imapConnection, $t, $i, $from, $subject, $dateString, $answered, $seen, $mailbox, $sort, $startMessage) {
       require ("../config/config.php");
+      global $PHPSESSID;
 
       $senderName = $from;
       $urlMailbox = urlencode($mailbox);
@@ -21,12 +22,12 @@
          echo "   <TD><nobr><B><input type=checkbox name=\"msg[$t]\" value=$i></B></nobr></TD>\n";
          echo "   <TD><B>$senderName</B></TD>\n";
          echo "   <TD NOWRAP><CENTER><B>$dateString</B></CENTER></TD>\n";
-         echo "   <TD><B><A HREF=\"read_body.php?mailbox=$urlMailbox&passed_id=$i&sort=$sort&startMessage=$startMessage&show_more=0\">$subject</A></B></TD>\n";
+         echo "   <TD><B><A HREF=\"read_body.php?PHPSESSID=$PHPSESSID&mailbox=$urlMailbox&passed_id=$i&sort=$sort&startMessage=$startMessage&show_more=0\">$subject</A></B></TD>\n";
       } else {
          echo "   <TD><nobr><input type=checkbox name=\"msg[$t]\" value=$i></nobr></TD>\n";
          echo "   <TD>$senderName</TD>\n";
          echo "   <TD NOWRAP><CENTER>$dateString</CENTER></TD>\n";
-         echo "   <TD><A HREF=\"read_body.php?mailbox=$urlMailbox&passed_id=$i&sort=$sort&startMessage=$startMessage&show_more=0\">$subject</A></TD>\n";
+         echo "   <TD><A HREF=\"read_body.php?PHPSESSID=$PHPSESSID&mailbox=$urlMailbox&passed_id=$i&sort=$sort&startMessage=$startMessage&show_more=0\">$subject</A></TD>\n";
       }
       echo "</TR>\n";
    }
@@ -36,6 +37,7 @@
     **/
    function showMessagesForMailbox($imapConnection, $mailbox, $numMessages, $startMessage, $sort, $color) {
       include ("../config/config.php");
+      global $PHPSESSID;
 
       if ($numMessages >= 1) {
          for ($q = 0; $q < $numMessages; $q++) {
@@ -177,23 +179,23 @@
 
       echo "<TR BGCOLOR=\"$color[4]\"><TD>";
       if (($nextGroup <= $numMessages) && ($prevGroup >= 0)) {
-         echo "<A HREF=\"right_main.php?sort=$sort&startMessage=$prevGroup&mailbox=$urlMailbox\" TARGET=\"right\">". _("Previous") ."</A>\n";
-         echo "<A HREF=\"right_main.php?sort=$sort&startMessage=$nextGroup&mailbox=$urlMailbox\" TARGET=\"right\">". _("Next") ."</A>\n";
+         echo "<A HREF=\"right_main.php?PHPSESSID=$PHPSESSID&sort=$sort&startMessage=$prevGroup&mailbox=$urlMailbox\" TARGET=\"right\">". _("Previous") ."</A>\n";
+         echo "<A HREF=\"right_main.php?PHPSESSID=$PHPSESSID&sort=$sort&startMessage=$nextGroup&mailbox=$urlMailbox\" TARGET=\"right\">". _("Next") ."</A>\n";
       }
       else if (($nextGroup > $numMessages) && ($prevGroup >= 0)) {
-         echo "<A HREF=\"right_main.php?sort=$sort&startMessage=$prevGroup&mailbox=$urlMailbox\" TARGET=\"right\">". _("Previous") ."</A>\n";
+         echo "<A HREF=\"right_main.php?PHPSESSID=$PHPSESSID&sort=$sort&startMessage=$prevGroup&mailbox=$urlMailbox\" TARGET=\"right\">". _("Previous") ."</A>\n";
          echo "<FONT COLOR=\"$color[9]\">Next</FONT>\n";
       }
       else if (($nextGroup <= $numMessages) && ($prevGroup < 0)) {
          echo "<FONT COLOR=\"$color[9]\">Previous</FONT>\n";
-         echo "<A HREF=\"right_main.php?sort=$sort&startMessage=$nextGroup&mailbox=$urlMailbox\" TARGET=\"right\">". _("Next") ."</A>\n";
+         echo "<A HREF=\"right_main.php?PHPSESSID=$PHPSESSID&sort=$sort&startMessage=$nextGroup&mailbox=$urlMailbox\" TARGET=\"right\">". _("Next") ."</A>\n";
       }
       echo "</TD></TR>\n";
 
       /** The delete and move options */
       echo "<TR><TD BGCOLOR=\"$color[0]\">";
 
-      echo "\n\n\n<FORM name=messageList method=post action=\"move_messages.php?msg=$msg&mailbox=$urlMailbox&sort=$sort&startMessage=$startMessage\">";
+      echo "\n\n\n<FORM name=messageList method=post action=\"move_messages.php?PHPSESSID=$PHPSESSID&msg=$msg&mailbox=$urlMailbox&sort=$sort&startMessage=$startMessage\">";
       echo "<TABLE BGCOLOR=\"$color[0]\" COLS=2 BORDER=0>\n";
       echo "   <TR>\n";
       echo "      <TD WIDTH=60% ALIGN=LEFT>\n";
@@ -237,27 +239,27 @@
       /** FROM HEADER **/
       echo "   <TD WIDTH=25%><B>". _("From") ."</B>";
       if ($sort == 2)
-         echo "   <A HREF=\"right_main.php?sort=3&startMessage=1&mailbox=$urlMailbox\" TARGET=\"right\"><IMG SRC=\"../images/up_pointer.gif\" BORDER=0></A></TD>\n";
+         echo "   <A HREF=\"right_main.php?PHPSESSID=$PHPSESSID&sort=3&startMessage=1&mailbox=$urlMailbox\" TARGET=\"right\"><IMG SRC=\"../images/up_pointer.gif\" BORDER=0></A></TD>\n";
       else if ($sort == 3)
-         echo "   <A HREF=\"right_main.php?sort=2&startMessage=1&mailbox=$urlMailbox\" TARGET=\"right\"><IMG SRC=\"../images/down_pointer.gif\" BORDER=0></A></TD>\n";
+         echo "   <A HREF=\"right_main.php?PHPSESSID=$PHPSESSID&sort=2&startMessage=1&mailbox=$urlMailbox\" TARGET=\"right\"><IMG SRC=\"../images/down_pointer.gif\" BORDER=0></A></TD>\n";
       else
-         echo "   <A HREF=\"right_main.php?sort=3&startMessage=1&mailbox=$urlMailbox\" TARGET=\"right\"><IMG SRC=\"../images/sort_none.gif\" BORDER=0></A></TD>\n";
+         echo "   <A HREF=\"right_main.php?PHPSESSID=$PHPSESSID&sort=3&startMessage=1&mailbox=$urlMailbox\" TARGET=\"right\"><IMG SRC=\"../images/sort_none.gif\" BORDER=0></A></TD>\n";
       /** DATE HEADER **/
       echo "   <TD WIDTH=15%><B>". _("Date") ."</B>";
       if ($sort == 0)
-         echo "   <A HREF=\"right_main.php?sort=1&startMessage=1&mailbox=$urlMailbox\" TARGET=\"right\"><IMG SRC=\"../images/up_pointer.gif\" BORDER=0></A></TD>\n";
+         echo "   <A HREF=\"right_main.php?PHPSESSID=$PHPSESSID&sort=1&startMessage=1&mailbox=$urlMailbox\" TARGET=\"right\"><IMG SRC=\"../images/up_pointer.gif\" BORDER=0></A></TD>\n";
       else if ($sort == 1)
-         echo "   <A HREF=\"right_main.php?sort=0&startMessage=1&mailbox=$urlMailbox\" TARGET=\"right\"><IMG SRC=\"../images/down_pointer.gif\" BORDER=0></A></TD>\n";
+         echo "   <A HREF=\"right_main.php?PHPSESSID=$PHPSESSID&sort=0&startMessage=1&mailbox=$urlMailbox\" TARGET=\"right\"><IMG SRC=\"../images/down_pointer.gif\" BORDER=0></A></TD>\n";
       else
-         echo "   <A HREF=\"right_main.php?sort=0&startMessage=1&mailbox=$urlMailbox\" TARGET=\"right\"><IMG SRC=\"../images/sort_none.gif\" BORDER=0></A></TD>\n";
+         echo "   <A HREF=\"right_main.php?PHPSESSID=$PHPSESSID&sort=0&startMessage=1&mailbox=$urlMailbox\" TARGET=\"right\"><IMG SRC=\"../images/sort_none.gif\" BORDER=0></A></TD>\n";
       /** SUBJECT HEADER **/
       echo "   <TD WIDTH=%><B>". _("Subject") ."</B>\n";
       if ($sort == 4)
-        echo "   <A HREF=\"right_main.php?sort=5&startMessage=1&mailbox=$urlMailbox\" TARGET=\"right\"><IMG SRC=\"../images/up_pointer.gif\" BORDER=0></A></TD>\n";
+        echo "   <A HREF=\"right_main.php?PHPSESSID=$PHPSESSID&sort=5&startMessage=1&mailbox=$urlMailbox\" TARGET=\"right\"><IMG SRC=\"../images/up_pointer.gif\" BORDER=0></A></TD>\n";
       else if ($sort == 5)
-         echo "   <A HREF=\"right_main.php?sort=4&startMessage=1&mailbox=$urlMailbox\" TARGET=\"right\"><IMG SRC=\"../images/down_pointer.gif\" BORDER=0></A></TD>\n";
+         echo "   <A HREF=\"right_main.php?PHPSESSID=$PHPSESSID&sort=4&startMessage=1&mailbox=$urlMailbox\" TARGET=\"right\"><IMG SRC=\"../images/down_pointer.gif\" BORDER=0></A></TD>\n";
       else
-         echo "   <A HREF=\"right_main.php?sort=5&startMessage=1&mailbox=$urlMailbox\" TARGET=\"right\"><IMG SRC=\"../images/sort_none.gif\" BORDER=0></A></TD>\n";
+         echo "   <A HREF=\"right_main.php?PHPSESSID=$PHPSESSID&sort=5&startMessage=1&mailbox=$urlMailbox\" TARGET=\"right\"><IMG SRC=\"../images/sort_none.gif\" BORDER=0></A></TD>\n";
       echo "</TR>";
 
       
@@ -281,16 +283,16 @@
 
       echo "<TR BGCOLOR=\"$color[4]\"><TD>";
       if (($nextGroup <= $numMessages) && ($prevGroup >= 0)) {
-         echo "<A HREF=\"right_main.php?sort=$sort&startMessage=$prevGroup&mailbox=$urlMailbox\" TARGET=\"right\">" . _("Previous") . "</A>\n";
-         echo "<A HREF=\"right_main.php?sort=$sort&startMessage=$nextGroup&mailbox=$urlMailbox\" TARGET=\"right\">" . _("Next") . "</A>\n";
+         echo "<A HREF=\"right_main.php?PHPSESSID=$PHPSESSID&sort=$sort&startMessage=$prevGroup&mailbox=$urlMailbox\" TARGET=\"right\">" . _("Previous") . "</A>\n";
+         echo "<A HREF=\"right_main.php?PHPSESSID=$PHPSESSID&sort=$sort&startMessage=$nextGroup&mailbox=$urlMailbox\" TARGET=\"right\">" . _("Next") . "</A>\n";
       }
       else if (($nextGroup > $numMessages) && ($prevGroup >= 0)) {
-         echo "<A HREF=\"right_main.php?sort=$sort&startMessage=$prevGroup&mailbox=$urlMailbox\" TARGET=\"right\">" . _("Previous") . "</A>\n";
+         echo "<A HREF=\"right_main.php?PHPSESSID=$PHPSESSID&sort=$sort&startMessage=$prevGroup&mailbox=$urlMailbox\" TARGET=\"right\">" . _("Previous") . "</A>\n";
          echo "<FONT COLOR=\"$color[9]\">" . _("Next") . "</FONT>\n";
       }
       else if (($nextGroup <= $numMessages) && ($prevGroup < 0)) {
          echo "<FONT COLOR=\"$color[9]\">Previous</FONT>\n";
-         echo "<A HREF=\"right_main.php?sort=$sort&startMessage=$nextGroup&mailbox=$urlMailbox\" TARGET=\"right\">" . _("Next") . "</A>\n";
+         echo "<A HREF=\"right_main.php?PHPSESSID=$PHPSESSID&sort=$sort&startMessage=$nextGroup&mailbox=$urlMailbox\" TARGET=\"right\">" . _("Next") . "</A>\n";
       }
       echo "</TD></TR></TABLE>"; /** End of message-list table */
    }

functions/mime.php

@@ -128,6 +128,7 @@
        bottom, etc.
     **/
    function formatBody($message, $color, $wrap_at) {
+      global $PHPSESSID;
 
       /** this if statement checks for the entity to show as the
           primary message. To add more of them, just put them in the
@@ -161,7 +162,7 @@
          $body = translateText($body, $wrap_at, $charset);
 
 
-      $body .= "<BR><SMALL><CENTER><A HREF=\"../src/download.php?absolute_dl=true&passed_id=$id&passed_ent_id=$ent_num&mailbox=$urlmailbox\">". _("Download this as a file") ."</A></CENTER><BR></SMALL>";
+      $body .= "<BR><SMALL><CENTER><A HREF=\"../src/download.php?PHPSESSID=$PHPSESSID&absolute_dl=true&passed_id=$id&passed_ent_id=$ent_num&mailbox=$urlmailbox\">". _("Download this as a file") ."</A></CENTER><BR></SMALL>";
 
       /** Display the ATTACHMENTS: message if there's more than one part **/
       if (count($message["ENTITIES"]) > 1) {
@@ -188,7 +189,7 @@
 
             $urlMailbox = urlencode($message["INFO"]["MAILBOX"]);
             $id = $message["INFO"]["ID"];
-            $body .= "<TT>&nbsp;&nbsp;&nbsp;<A HREF=\"../src/download.php?passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$i\">" . $display_filename . "</A>&nbsp;&nbsp;<SMALL>(TYPE: $type0/$type1)</SMALL></TT><BR>";
+            $body .= "<TT>&nbsp;&nbsp;&nbsp;<A HREF=\"../src/download.php?PHPSESSID=$PHPSESSID&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$i\">" . $display_filename . "</A>&nbsp;&nbsp;<SMALL>(TYPE: $type0/$type1)</SMALL></TT><BR>";
          }
          $body .= "</TD></TR></TABLE>";
       }

functions/page_header.php

@@ -6,6 +6,8 @@
     **
     **/
 
+   session_start();
+
    $page_header_php = true;
 
    if (!isset($prefs_php))
@@ -40,23 +42,25 @@
       header ("Content-Type: text/html; charset=$default_charset");
 
    function displayPageHeader($color, $mailbox) {
+      global $PHPSESSID;
+
       /** Here is the header and wrapping table **/
       $shortBoxName = readShortMailboxName($mailbox, ".");
       $shortBoxName = stripslashes($shortBoxName);
       echo "<TABLE BGCOLOR=\"$color[4]\" BORDER=0 COLS=2 WIDTH=100% CELLSPACING=0 CELLPADDING=2>";
       echo "   <TR BGCOLOR=\"$color[9]\" WIDTH=100%>";
       echo "      <TD ALIGN=left WIDTH=30%>";
-      echo "         <A HREF=\"signout.php\" TARGET=_top><B>" . _("Sign Out") . "</B></A>";
+      echo "         <A HREF=\"signout.php?PHPSESSID=$PHPSESSID\" TARGET=_top><B>" . _("Sign Out") . "</B></A>";
       echo "      </TD><TD ALIGN=right WIDTH=70%>";
       echo "         <div align=right>" . _("Current Folder: ") . "<B>$shortBoxName&nbsp;</div></B>";
       echo "      </TD>";
       echo "   </TR></TABLE>\n";
       echo "<TABLE BGCOLOR=\"$color[4]\" BORDER=0 COLS=2 WIDTH=100% CELLSPACING=0 CELLPADDING=2><TR>";
       echo "      <TD ALIGN=left WIDTH=70%>";
-      echo "         <A HREF=\"compose.php\">" . _("Compose") . "</A>&nbsp&nbsp";
-      echo "         <A HREF=\"addressbook.php\">" . _("Addresses") . "</A>&nbsp&nbsp";
-      echo "         <A HREF=\"folders.php\">" . _("Folders") . "</A>&nbsp&nbsp";
-      echo "         <A HREF=\"options.php\">" . _("Options") . "</A>&nbsp&nbsp";
+      echo "         <A HREF=\"compose.php?PHPSESSID=$PHPSESSID\">" . _("Compose") . "</A>&nbsp&nbsp";
+      echo "         <A HREF=\"addressbook.php?PHPSESSID=$PHPSESSID\">" . _("Addresses") . "</A>&nbsp&nbsp";
+      echo "         <A HREF=\"folders.php?PHPSESSID=$PHPSESSID\">" . _("Folders") . "</A>&nbsp&nbsp";
+      echo "         <A HREF=\"options.php?PHPSESSID=$PHPSESSID\">" . _("Options") . "</A>&nbsp&nbsp";
       echo "      </TD><TD ALIGN=right WIDTH=30%>";
       echo "         <A HREF=\"http://squirrelmail.sourceforge.net/index.php3?from=1\" TARGET=_top>SquirrelMail</A>";
       echo "      </TD>";

src/addrbook_popup.php

@@ -6,6 +6,8 @@
     **
     **/
 
+   session_start();
+
    if(!isset($logged_in)) {
       echo _("You must login first.");
       exit;
@@ -33,8 +35,8 @@
 
 <FRAMESET ROWS="60,*" BORDER=0>
  <FRAME NAME="abookmain" MARGINWIDTH=0 SCROLLING=NO
-        SRC="addrbook_search.php?show=form" BORDER=0>
- <FRAME NAME="abookres" MARGINWIDTH=0 SRC="addrbook_search.php?show=blank"
+        SRC="addrbook_search.php?PHPSESSID=<? echo $PHPSESSID; ?>&show=form" BORDER=0>
+ <FRAME NAME="abookres" MARGINWIDTH=0 SRC="addrbook_search.php?PHPSESSID=<? echo $PHPSESSID; ?>&show=blank"
         BORDER=0>
 </FRAMESET>
 

src/addrbook_search.php

@@ -6,6 +6,8 @@
     **
     **/
 
+   session_start();
+
    if(!isset($logged_in)) {
       echo _("You must login first.");
       exit;
@@ -64,8 +66,8 @@
 
    // Create search form 
    if($show == "form") {
-      printf("<FORM NAME=sform TARGET=abookres ACTION=\"%s\" METHOD=GET>\n",
-	     $PHP_SELF);
+      printf("<FORM NAME=sform TARGET=abookres ACTION=\"%s\" METHOD=\"POST\">\n",
+	     $PHP_SELF . "?PHPSESSID=$PHPSESSID");
       printf("<TABLE BORDER=0 WIDTH=\"100%%\" HEIGHT=\"100%%\">");
       printf("<TR><TD NOWRAP VALIGN=middle>\n");
       printf("  <STRONG>%s:</STRONG>\n</TD><TD VALIGN=middle>\n",

src/addressbook.php

@@ -6,6 +6,8 @@
     **
     **/
 
+   session_start();
+
    if(!isset($logged_in)) {
       echo _("You must login first.");
       exit;
@@ -335,7 +337,7 @@
 	 printf("<TR%s NOWRAP>\n <TD align=center><SMALL>".
 		"<INPUT TYPE=checkbox %s NAME=\"sel[]\" VALUE=\"%d:%s\">".
 		"</SMALL><TD NOWRAP>&nbsp;%s&nbsp;<TD NOWRAP>&nbsp;%s&nbsp;".
-		"<TD NOWRAP>&nbsp;<A HREF=\"compose.php?send_to=%s\">%s</A>".
+		"<TD NOWRAP>&nbsp;<A HREF=\"compose.php?PHPSESSID=$PHPSESSID&send_to=%s\">%s</A>".
 		"&nbsp;<TD NOWRAP>&nbsp;%s</TR>\n", 
 		($line % 2) ? " bgcolor=\"$color[0]\"" : "", 
 		$selected, $row["backend"], $row["nickname"], 

src/compose.php

@@ -7,6 +7,8 @@
     **  - Send mail
     **/
 
+   session_start();
+
    if (!isset($config_php))
       include("../config/config.php");
    if (!isset($strings_php))
@@ -140,7 +142,7 @@
    function showInputForm () {
       global $send_to, $send_to_cc, $reply_subj, $forward_subj, $body,
          $passed_body, $color, $use_signature, $signature, $editor_size,
-         $attachments, $subject, $newmail;
+         $attachments, $subject, $newmail, $PHPSESSID;
 
       $subject = decodeHeader($subject);
       $reply_subj = decodeHeader($reply_subj);
@@ -148,14 +150,14 @@
 
       echo "\n<SCRIPT LANGUAGE=JavaScript><!--\n";
       echo "function open_abook() { \n";
-      echo "  var nwin = window.open(\"addrbook_popup.php\",\"abookpopup\",";
+      echo "  var nwin = window.open(\"addrbook_popup.php?PHPSESSID=$PHPSESSID\",\"abookpopup\",";
       echo "\"width=670,height=300,resizable=yes,scrollbars=yes\");\n";
       echo "  if((!nwin.opener) && (document.windows != null))\n";
       echo "    nwin.opener = document.windows;\n";
       echo "}\n";
       echo "// --></SCRIPT>\n\n";
 
-      echo "\n<FORM name=compose action=\"compose.php\" METHOD=POST\n";
+      echo "\n<FORM name=compose action=\"compose.php?PHPSESSID=$PHPSESSID\" METHOD=POST\n";
       echo "ENCTYPE=\"multipart/form-data\">\n";
       echo "<TABLE COLS=2 WIDTH=50 ALIGN=center CELLSPACING=0 BORDER=0>\n";
       echo "   <TR>\n";
@@ -268,8 +270,10 @@
    }
 
    function showSentForm () {
+      global $PHPSESSID;
+
       echo "<BR><BR><BR><CENTER><B>Message Sent!</B><BR><BR>";
-      echo "You will be automatically forwarded.<BR>If not, <A HREF=\"right_main.php\">click here</A>";
+      echo "You will be automatically forwarded.<BR>If not, <A HREF=\"right_main.php?PHPSESSID=$PHPSESSID\">click here</A>";
       echo "</CENTER>";
    }
 
@@ -299,7 +303,7 @@
    if(isset($send)) {
       if (checkInput(false)) {
          sendMessage($send_to, $send_to_cc, $send_to_bcc, $subject, $body);
-         header ("Location: right_main.php");
+         header ("Location: right_main.php?PHPSESSID=$PHPSESSID");
       } else {
          echo "<HTML><BODY TEXT=\"$color[8]\" BGCOLOR=\"$color[4]\" LINK=\"$color[7]\" VLINK=\"$color[7]\" ALINK=\"$color[7]\">\n";
          $imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);

src/delete_message.php

@@ -1,4 +1,6 @@
 <?
+   session_start();
+
    if (!isset($config_php))
       include("../config/config.php");
    if (!isset($strings_php))

src/download.php

@@ -1,4 +1,6 @@
 <?
+   session_start();
+
    if (!isset($config_php))
       include("../config/config.php");
    if (!isset($strings_php))
@@ -24,7 +26,7 @@
       echo "</CENTER></B>";
       echo "</TD></TR><TR><TD BGCOLOR=\"$color[4]\">";
       $urlmailbox = urlencode($mailbox);
-      echo "<CENTER><A HREF=\"../src/download.php?absolute_dl=true&passed_id=$id&passed_ent_id=$entid&mailbox=$urlmailbox\">";
+      echo "<CENTER><A HREF=\"../src/download.php?PHPSESSID=$PHPSESSID&absolute_dl=true&passed_id=$id&passed_ent_id=$entid&mailbox=$urlmailbox\">";
       echo _("Download this as a file");
       echo "</A></CENTER><BR><BR><TT>";
       if ($type1 == "html")

src/empty_trash.php

@@ -1,4 +1,6 @@
 <?
+   session_start();
+
    include("../config/config.php");
    include("../functions/strings.php");
    include("../functions/page_header.php");

src/folders.php

@@ -1,4 +1,6 @@
 <?
+   session_start();
+
    if (!isset($config_php))
       include("../config/config.php");
    if (!isset($strings_php))
@@ -41,7 +43,7 @@
    }
 
    if ($count_special_folders < count($boxes)) {
-      echo "<FORM ACTION=folders_delete.php METHOD=SUBMIT>\n";
+      echo "<FORM ACTION=\"folders_delete.php?PHPSESSID=$PHPSESSID\" METHOD=\"POST\">\n";
       echo "<TT><SELECT NAME=mailbox>\n";
       for ($i = 0; $i < count($boxes); $i++) {
          $use_folder = true;
@@ -73,7 +75,7 @@
    echo _("Create Folder");
    echo "</B></TD></TR>";
    echo "<TR><TD BGCOLOR=\"$color[4]\" ALIGN=CENTER>";
-   echo "<FORM ACTION=folders_create.php METHOD=POST>\n";
+   echo "<FORM ACTION=\"folders_create.php?PHPSESSID=$PHPSESSID\" METHOD=\"POST\">\n";
    echo "<INPUT TYPE=TEXT SIZE=25 NAME=folder_name><BR>\n";
    echo _("as a subfolder of");
    echo "<BR>";
@@ -125,7 +127,7 @@
    echo "</B></TD></TR>";
    echo "<TR><TD BGCOLOR=\"$color[4]\" ALIGN=CENTER>";
    if ($count_special_folders < count($boxes)) {
-      echo "<FORM ACTION=folders_rename_getname.php METHOD=POST>\n";
+      echo "<FORM ACTION=\"folders_rename_getname.php?PHPSESSID=$PHPSESSID\" METHOD=\"POST\">\n";
       echo "<TT><SELECT NAME=old>\n";
       for ($i = 0; $i < count($boxes); $i++) {
          $use_folder = true;
@@ -158,7 +160,7 @@
    echo "</B></TD></TR>";
    echo "<TR><TD BGCOLOR=\"$color[4]\" ALIGN=CENTER>";
    if ($count_special_folders < count($boxes)) {
-      echo "<FORM ACTION=\"folders_subscribe.php?method=unsub\" METHOD=POST>\n";
+      echo "<FORM ACTION=\"folders_subscribe.php?PHPSESSID=$PHPSESSID&method=unsub\" METHOD=\"POST\">\n";
       echo "<TT><SELECT NAME=mailbox>\n";
       for ($i = 0; $i < count($boxes); $i++) {
          $use_folder = true;
@@ -192,7 +194,7 @@
       $imap_stream = sqimap_login ($username, $key, $imapServerAddress, $imapPort, 1);
       $boxes = sqimap_mailbox_list_all ($imap_stream);
       
-      echo "<FORM ACTION=\"folders_subscribe.php?method=sub\" METHOD=POST>\n";
+      echo "<FORM ACTION=\"folders_subscribe.php?PHPSESSID=$PHPSESSID&method=sub\" METHOD=\"POST\">\n";
       echo "<tt><input type=text size=32 name=mailbox></tt>";
       echo "<INPUT TYPE=SUBMIT VALUE=\"";
       echo _("Subscribe");

src/folders_create.php

@@ -1,4 +1,6 @@
 <?
+   session_start();
+
    if (!isset($config_php))
       include("../config/config.php");
    if (!isset($strings_php))
@@ -18,7 +20,7 @@
    if (strpos($folder_name, "\"") || strpos($folder_name, ".") ||
        strpos($folder_name, "/") || strpos($folder_name, "\\") ||
        strpos($folder_name, "'") || strpos($folder_name, "$dm")) {
-      plain_error_message(_("Illegal folder name.  Please select a different name.")."<BR><A HREF=\"../src/folders.php\">"._("Click here to go back")."</A>.", $color);
+      plain_error_message(_("Illegal folder name.  Please select a different name.")."<BR><A HREF=\"../src/folders.php?PHPSESSID=$PHPSESSID\">"._("Click here to go back")."</A>.", $color);
       exit;
    }
 
@@ -49,7 +51,7 @@
       echo _("Folder Created!");
       echo "</B><BR><BR>";
       echo _("The folder has been successfully created.");
-      echo "<BR><A HREF=\"webmail.php?right_frame=folders.php\" TARGET=_top>";
+      echo "<BR><A HREF=\"webmail.php?right_frame=folders.php?PHPSESSID=$PHPSESSID\" TARGET=_top>";
       echo _("Click here");
       echo "</A> ";
       echo _("to continue.");

src/folders_delete.php

@@ -1,4 +1,6 @@
 <?
+   session_start();
+
    /*
    *  Incoming values:
    *     $mailbox - selected mailbox from the form
@@ -80,7 +82,7 @@
    echo _("Folder Deleted!");
    echo "</B><BR><BR>";
    echo _("The folder has been successfully deleted.");
-   echo "<BR><A HREF=\"webmail.php?right_frame=folders.php\" TARGET=_top>";
+   echo "<BR><A HREF=\"webmail.php?PHPSESSID=$PHPSESSID&right_frame=folders.php\" TARGET=_top>";
    echo _("Click here");
    echo "</A> ";
    echo _("to continue.");

src/folders_rename_do.php

@@ -1,4 +1,6 @@
 <?
+   session_start();
+
    if (!isset($config_php))
       include("../config/config.php");
    if (!isset($strings_php))
@@ -48,7 +50,7 @@
    echo _("Folder Renamed!");
    echo "</B><BR><BR>";
    echo _("The folder has been successfully renamed.");
-   echo "<BR><A HREF=\"webmail.php?right_frame=folders.php\" TARGET=_top>";
+   echo "<BR><A HREF=\"webmail.php?PHPSESSID=$PHPSESSID&right_frame=folders.php\" TARGET=_top>";
    echo _("Click here");
    echo "</A> ";
    echo _("to continue.");

src/folders_rename_getname.php

@@ -1,4 +1,6 @@
 <?
+   session_start();
+
    if (!isset($config_php))
       include("../config/config.php");
    if (!isset($strings_php))
@@ -35,7 +37,7 @@
    echo _("Rename a folder");
    echo "</B></TD></TR>";
    echo "<TR><TD BGCOLOR=\"$color[4]\" ALIGN=CENTER>";
-   echo "<FORM ACTION=folders_rename_do.php METHOD=POST>\n";
+   echo "<FORM ACTION=\"folders_rename_do.php?PHPSESSID=$PHPSESSID\" METHOD=\"POST\">\n";
    echo _("New name:");
    echo " &nbsp;&nbsp;<INPUT TYPE=TEXT SIZE=25 NAME=new_name VALUE=\"$old_name\"><BR>\n";
    if ($isfolder)

src/folders_subscribe.php

@@ -1,4 +1,6 @@
 <?
+   session_start();
+
    if (!isset($config_php))
       include("../config/config.php");
    if (!isset($strings_php))
@@ -34,7 +36,7 @@
       echo "</B><BR><BR>";
       echo _("You have been successfully unsubscribed.");
    }
-   echo "<BR><A HREF=\"webmail.php?right_frame=folders.php\" TARGET=_top>";
+   echo "<BR><A HREF=\"webmail.php?PHPSESSID=$PHPSESSID&right_frame=folders.php\" TARGET=_top>";
    echo _("Click here");
    echo "</A> ";
    echo _("to continue.");

src/left_main.php

@@ -7,6 +7,8 @@
     **
     **/
 
+   session_start();
+
    if(!isset($username)) {
       echo "You need a valid user and password to access this page!";
       exit;
@@ -30,6 +32,7 @@
 
    function formatMailboxName($imapConnection, $mailbox, $real_box, $delimeter, $color, $move_to_trash) {
       require ("../config/config.php");
+      global $PHPSESSID;
 
       $mailboxURL = urlencode($real_box);
       sqimap_mailbox_select ($imapConnection, $real_box);
@@ -46,11 +49,11 @@
       }
 
       if ($special_color == true) {
-         $line .= "<a href=\"right_main.php?sort=0&startMessage=1&mailbox=$mailboxURL\" target=\"right\" style=\"text-decoration:none\"><FONT COLOR=\"$color[11]\">";
+         $line .= "<a href=\"right_main.php?PHPSESSID=$PHPSESSID&sort=0&startMessage=1&mailbox=$mailboxURL\" target=\"right\" style=\"text-decoration:none\"><FONT COLOR=\"$color[11]\">";
          $line .= replace_spaces($mailbox);
          $line .= "</font></a>";
       } else {
-         $line .= "<a href=\"right_main.php?sort=0&startMessage=1&mailbox=$mailboxURL\" target=\"right\" style=\"text-decoration:none\">";
+         $line .= "<a href=\"right_main.php?PHPSESSID=$PHPSESSID&sort=0&startMessage=1&mailbox=$mailboxURL\" target=\"right\" style=\"text-decoration:none\">";
          $line .= replace_spaces($mailbox);
          $line .= "</font></a>";
       }
@@ -65,7 +68,7 @@
       if (($move_to_trash == true) && (trim($real_box) == $trash_folder)) {
          $urlMailbox = urlencode($real_box);
          $line .= "<small>";
-         $line .= "&nbsp;&nbsp;&nbsp;&nbsp;(<B><A HREF=\"empty_trash.php?numMessages=$numMessages&mailbox=$urlMailbox\" TARGET=right style=\"text-decoration:none\">"._("purge")."</A></B>)";
+         $line .= "&nbsp;&nbsp;&nbsp;&nbsp;(<B><A HREF=\"empty_trash.php?PHPSESSID=$PHPSESSID&numMessages=$numMessages&mailbox=$urlMailbox\" TARGET=right style=\"text-decoration:none\">"._("purge")."</A></B>)";
          $line .= "</small></a>\n";
       }
 
@@ -92,7 +95,7 @@
    echo "<FONT SIZE=4><B><CENTER>";
    echo _("Folders") . "</B><BR></FONT>";
 
-   echo "<small>(<A HREF=\"../src/left_main.php\" TARGET=\"left\">";
+   echo "<small>(<A HREF=\"../src/left_main.php?PHPSESSID=$PHPSESSID\" TARGET=\"left\">";
    echo _("refresh folder list");
    echo "</A>)</small></CENTER><BR>";
    $delimeter = sqimap_get_delimiter($imapConnection);

src/login.php

@@ -6,9 +6,9 @@
     **
     **/
 
-   setcookie("username", "", time(), "/");
-   setcookie("key", "", time(), "/");
-   setcookie("logged_in", 0, time(), "/");
+#   setcookie("username", "", time(), "/");
+#   setcookie("key", "", time(), "/");
+#   setcookie("logged_in", 0, time(), "/");
 
    if (!isset($config_php))
       include("../config/config.php");
@@ -38,7 +38,7 @@
    echo "</TITLE></HEAD>\n";
    echo "<BODY TEXT=000000 BGCOLOR=#FFFFFF LINK=0000CC VLINK=0000CC ALINK=0000CC>\n";
  
-   echo "<FORM ACTION=webmail.php METHOD=\"POST\" NAME=f>\n";
+   echo "<FORM ACTION=\"webmail.php\" METHOD=\"POST\" NAME=f>\n";
    echo "<CENTER><IMG SRC=\"$org_logo\"</CENTER>\n";
    echo "<CENTER><SMALL>";
    echo _("SquirrelMail version $version<BR>By the SquirrelMail Development Team");

src/move_messages.php

@@ -1,4 +1,6 @@
 <?
+   session_start();
+
    if (!isset($config_php))
       include("../config/config.php");
    if (!isset($strings_php))
@@ -61,7 +63,7 @@
             sqimap_mailbox_expunge($imapConnection, $mailbox);
 
          if ($auto_forward) {   
-            header ("Location: right_main.php");
+            header ("Location: right_main.php?PHPSESSID=$PHPSESSID");
          } else {
             echo "<HTML><BODY TEXT=\"$color[8]\" BGCOLOR=\"$color[4]\" LINK=\"$color[7]\" VLINK=\"$color[7]\" ALINK=\"$color[7]\">\n";
             displayPageHeader($color, $mailbox);
@@ -94,7 +96,7 @@
             sqimap_mailbox_expunge($imapConnection, $mailbox);
 
          if ($auto_forward) {   
-            header ("Location: right_main.php");
+            header ("Location: right_main.php?PHPSESSID=$PHPSESSID");
          } else {
             echo "<HTML><BODY TEXT=\"$color[8]\" BGCOLOR=\"$color[4]\" LINK=\"$color[7]\" VLINK=\"$color[7]\" ALINK=\"$color[7]\">\n";
             displayPageHeader($color, $mailbox);

src/options.php

@@ -1,4 +1,6 @@
 <?
+   session_start();
+
    if (!isset($config_php))
       include("../config/config.php");
    if (!isset($strings_php))
@@ -36,7 +38,7 @@
    echo "   </TD></TR>\n";
    echo "</TABLE>\n";
 
-   echo "<FORM action=\"options_submit.php\" METHOD=POST>\n";
+   echo "<FORM action=\"options_submit.php?PHPSESSID=$PHPSESSID\" METHOD=POST>\n";
    echo "<TABLE WIDTH=100% COLS=2 ALIGN=CENTER>\n";
    // FULL NAME
    echo "   <TR>";

src/options_submit.php

@@ -1,4 +1,6 @@
 <?
+   session_start();
+
    if (!isset($config_php))
       include("../config/config.php");
    if (!isset($strings_php))
@@ -39,7 +41,7 @@
    echo _("Options Saved!");
    echo "</B><BR><BR>";
    echo _("Your options have been saved.");
-   echo "<BR><A HREF=\"webmail.php\" TARGET=_top>";
+   echo "<BR><A HREF=\"webmail.php?PHPSESSID=$PHPSESSID\" TARGET=_top>";
    echo _("Click here");
    echo "</A> ";
    echo _("to continue.");

src/read_body.php

@@ -1,4 +1,6 @@
 <?
+   session_start();
+
    if (!isset($config_php))
       include("../config/config.php");
    if (!isset($strings_php))
@@ -54,11 +56,11 @@
       if (count($to_ary) > 1) {
          if ($show_more == false) {
             if ($i == 1) {
-               $to_string = "$to_string&nbsp;(<A HREF=\"read_body.php?mailbox=$urlMailbox&passed_id=$passed_id&sort=$sort&startMessage=$startMessage&show_more=1&show_more_cc=$show_more_cc\">$echo_more</A>)";
+               $to_string = "$to_string&nbsp;(<A HREF=\"read_body.php?PHPSESSID=$PHPSESSID&mailbox=$urlMailbox&passed_id=$passed_id&sort=$sort&startMessage=$startMessage&show_more=1&show_more_cc=$show_more_cc\">$echo_more</A>)";
                $i = count($to_ary);
             }
          } else if ($i == 1) {
-            $to_string = "$to_string&nbsp;(<A HREF=\"read_body.php?mailbox=$urlMailbox&passed_id=$passed_id&sort=$sort&startMessage=$startMessage&show_more=0&show_more_cc=$show_more_cc\">$echo_less</A>)";
+            $to_string = "$to_string&nbsp;(<A HREF=\"read_body.php?PHPSESSID=$PHPSESSID&mailbox=$urlMailbox&passed_id=$passed_id&sort=$sort&startMessage=$startMessage&show_more=0&show_more_cc=$show_more_cc\">$echo_less</A>)";
          }
       }
    }
@@ -78,11 +80,11 @@
       if (count($cc_ary) > 1) {
          if ($show_more_cc == false) {
             if ($i == 1) {
-               $cc_string = "$cc_string&nbsp;(<A HREF=\"read_body.php?mailbox=$urlMailbox&passed_id=$passed_id&sort=$sort&startMessage=$startMessage&show_more_cc=1&show_more=$show_more\">$echo_more</A>)";
+               $cc_string = "$cc_string&nbsp;(<A HREF=\"read_body.php?PHPSESSID=$PHPSESSID&mailbox=$urlMailbox&passed_id=$passed_id&sort=$sort&startMessage=$startMessage&show_more_cc=1&show_more=$show_more\">$echo_more</A>)";
                $i = count($cc_ary);
             }
          } else if ($i == 1) {
-            $cc_string = "$cc_string&nbsp;(<A HREF=\"read_body.php?mailbox=$urlMailbox&passed_id=$passed_id&sort=$sort&startMessage=$startMessage&show_more_cc=0&show_more=$show_more\">$echo_less</A>)";
+            $cc_string = "$cc_string&nbsp;(<A HREF=\"read_body.php?PHPSESSID=$PHPSESSID&mailbox=$urlMailbox&passed_id=$passed_id&sort=$sort&startMessage=$startMessage&show_more_cc=0&show_more=$show_more\">$echo_less</A>)";
          }
       }
    }
@@ -98,22 +100,22 @@
    echo "         <TR>";
    echo "            <TD ALIGN=LEFT WIDTH=50%>";
    echo "               <SMALL>";
-   echo "               <A HREF=\"right_main.php?sort=$sort&startMessage=$startMessage&mailbox=$urlMailbox\">";
+   echo "               <A HREF=\"right_main.php?PHPSESSID=$PHPSESSID&sort=$sort&startMessage=$startMessage&mailbox=$urlMailbox\">";
    echo _("Message List");
    echo "</A>&nbsp;|&nbsp;";
-   echo "               <A HREF=\"delete_message.php?mailbox=$urlMailbox&message=$passed_id&sort=$sort&startMessage=1\">";
+   echo "               <A HREF=\"delete_message.php?PHPSESSID=$PHPSESSID&mailbox=$urlMailbox&message=$passed_id&sort=$sort&startMessage=1\">";
    echo _("Delete");
    echo "</A>&nbsp;&nbsp;";
    echo "               </SMALL>";
    echo "            </TD><TD WIDTH=50% ALIGN=RIGHT>";
    echo "               <SMALL>";
-   echo "               <A HREF=\"compose.php?forward_id=$passed_id&forward_subj=$url_subj&mailbox=$urlMailbox\">";
+   echo "               <A HREF=\"compose.php?PHPSESSID=$PHPSESSID&forward_id=$passed_id&forward_subj=$url_subj&mailbox=$urlMailbox\">";
    echo _("Forward");
    echo "</A>&nbsp;|&nbsp;";
-   echo "               <A HREF=\"compose.php?send_to=$url_replyto&reply_subj=$url_subj&reply_id=$passed_id&mailbox=$urlMailbox\">";
+   echo "               <A HREF=\"compose.php?PHPSESSID=$PHPSESSID&send_to=$url_replyto&reply_subj=$url_subj&reply_id=$passed_id&mailbox=$urlMailbox\">";
    echo _("Reply");
    echo "</A>&nbsp;|&nbsp;";
-   echo "               <A HREF=\"compose.php?send_to=$url_replytoall&send_to_cc=$url_replytoallcc&reply_subj=$url_subj&reply_id=$passed_id&mailbox=$urlMailbox\">";
+   echo "               <A HREF=\"compose.php?PHPSESSID=$PHPSESSID&send_to=$url_replytoall&send_to_cc=$url_replytoallcc&reply_subj=$url_subj&reply_id=$passed_id&mailbox=$urlMailbox\">";
    echo _("Reply All");
    echo "</A>&nbsp;&nbsp;";
    echo "               </SMALL>";

src/right_main.php

@@ -7,6 +7,8 @@
     **
     **/
 
+   session_start();
+
    if(!isset($logged_in)) {
       echo _("You must login first.");
       exit;

src/signout.php

@@ -1,4 +1,6 @@
 <?
+   session_start();
+
 	/**
 	 **  signout.php
 	 **
@@ -20,9 +22,9 @@
            }
         }
 	
-	setcookie("username", "", time(), "/");
-	setcookie("key", "", time(), "/");
-	setcookie("logged_in", 0, time(), "/");
+#	setcookie("username", "", time(), "/");
+#	setcookie("key", "", time(), "/");
+#	setcookie("logged_in", 0, time(), "/");
 ?>
 <HTML>
 <?
@@ -55,4 +57,6 @@
 ?>
 </BODY>
 </HTML>
-
+<?
+   session_destroy();
+?>

src/webmail.php

@@ -6,18 +6,29 @@
     **
     **/
 
+   session_start();
+
    if(!isset($username)) {
       echo _("You need a valid user and password to access this page!");
       exit;
    }
 
-   setcookie("username", $username, 0, "/");
-   setcookie("key", $key, 0, "/");
-   setcookie("logged_in", 1, 0, "/");
+#   setcookie("username", $username, 0, "/");
+#   setcookie("key", $key, 0, "/");
+#   setcookie("logged_in", 1, 0, "/");
+   
+   session_register("username");
+   session_register("key");
+   session_register("logged_in");
+   $logged_in = 0;
+
+   $PHPSESSID = session_id();
+   
    // Refresh the language cookie.
-   if (isset($squirrelmail_language))
-      setcookie("squirrelmail_language", $squirrelmail_language,
-                time()+2592000);
+   if (isset($squirrelmail_language)) {
+      session_register("squirrelmail_language");
+#      setcookie("squirrelmail_language", $squirrelmail_language, time()+2592000);
+   }
 ?>
 <HTML><HEAD>
 <?
@@ -49,15 +60,15 @@
 **/
    if ($right_frame == "right_main.php") {
       $urlMailbox = urlencode($mailbox);
-      echo "<FRAME SRC=\"left_main.php\" NAME=\"left\">";
-      echo "<FRAME SRC=\"right_main.php?mailbox=$urlMailbox&sort=$sort&startMessage=$startMessage\" NAME=\"right\">";
+      echo "<FRAME SRC=\"left_main.php?PHPSESSID=$PHPSESSID\" NAME=\"left\">";
+      echo "<FRAME SRC=\"right_main.php?PHPSESSID=$PHPSESSID&mailbox=$urlMailbox&sort=$sort&startMessage=$startMessage\" NAME=\"right\">";
    } else if ($right_frame == "folders.php") {
       $urlMailbox = urlencode($mailbox);
-      echo "<FRAME SRC=\"left_main.php\" NAME=\"left\">";
-      echo "<FRAME SRC=\"folders.php\" NAME=\"right\">";
+      echo "<FRAME SRC=\"left_main.php?PHPSESSID=$PHPSESSID\" NAME=\"left\">";
+      echo "<FRAME SRC=\"folders.php?PHPSESSID=$PHPSESSID\" NAME=\"right\">";
    } else {
-      echo "<FRAME SRC=\"left_main.php\" NAME=\"left\">";
-      echo "<FRAME SRC=\"right_main.php\" NAME=\"right\">";
+      echo "<FRAME SRC=\"left_main.php?PHPSESSID=$PHPSESSID\" NAME=\"left\">";
+      echo "<FRAME SRC=\"right_main.php?PHPSESSID=$PHPSESSID\" NAME=\"right\">";
    }
 ?>
 </FRAMESET>