nocc_webmail/webmail/common.php
2023-03-06 13:25:47 +01:00

407 lines
15 KiB
PHP

<?php
/**
* Stuff that is always checked or run or initialised for every hit
*
* Copyright 2002 Ross Golder <ross@golder.org>
* Copyright 2008-2011 Tim Gerundt <tim@gerundt.de>
*
* This file is part of NOCC. NOCC is free software under the terms of the
* GNU General Public License. You should have received a copy of the license
* along with NOCC. If not, see <http://www.gnu.org/licenses/>.
*
* @package NOCC
* @license http://www.gnu.org/licenses/ GNU General Public License
* @version SVN: $Id: common.php 3067 2023-03-06 12:25:34Z oheil $
*/
define('NOCC_DEBUG_LEVEL', 0);
if (NOCC_DEBUG_LEVEL > 0) {
define('NOCC_START_TIME', microtime(true));
}
if (version_compare(phpversion(), '5.4', '<')) {
if( ! defined('ENT_SUBSTITUTE') ) {
define('ENT_SUBSTITUTE',8);
}
}
// Define variables
if (!isset($from_rss)) { $from_rss=false; }
if (file_exists('./config/conf.php')) {
require_once './config/conf.php';
// code extraction from conf.php, legacy code support
if ((file_exists('./utils/config_check.php')) && (!function_exists('get_default_from_address'))) {
require_once './utils/config_check.php';
}
}
else {
//TODO: Make error msg translateble and show nicer error...
print("The main configuration file (./config/conf.php) couldn't be found! <p />Please rename the file './config/conf.php.dist' to './config/conf.php'. ");
die();
}
require_once './classes/nocc_request.php';
require_once './classes/nocc_session.php';
require_once './classes/nocc_security.php';
require_once './classes/nocc_body.php';
require_once './classes/nocc_languages.php';
require_once './classes/nocc_themes.php';
require_once './classes/nocc_domain.php';
require_once './classes/nocc_attachedfile.php';
require_once './classes/user_prefs.php';
require_once './classes/user_filters.php';
require_once './utils/functions.php';
require_once './utils/crypt.php';
require_once './utils/translation.php';
$conf->nocc_name = 'NOCC';
$conf->nocc_version = '1.9.13-dev';
$conf->nocc_url = 'http://nocc.sourceforge.net/';
$pwd_to_encrypt = false;
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'login') {
$pwd_to_encrypt = true;
}
$persistent=0;
if (isset($_REQUEST['remember']) && $_REQUEST['remember']==true ) {
$persistent=1;
}
$session_has_expired=0;
if ($from_rss == false) {
$session_has_expired=NOCC_Session::start($persistent);
}
// Set defaults
if (isset($_REQUEST['folder'])) {
$_SESSION['nocc_folder'] = $_REQUEST['folder'];
}
if (!isset($_SESSION['nocc_folder'])) {
$_SESSION['nocc_folder'] = $conf->default_folder;
}
if( isset($_POST['folder']) || ! isset($_SESSION['goto_folder']) )
{
$_SESSION['goto_folder']=$_SESSION['nocc_folder'];
}
// Have we changed sort order?
if (!isset($_SESSION['nocc_sort']))
$_SESSION['nocc_sort'] = $conf->default_sort;
if (!isset($_SESSION['nocc_sortdir']))
$_SESSION['nocc_sortdir'] = $conf->default_sortdir;
// Override session variables from request, if supplied
if (isset($_REQUEST['user']) && !isset($_SESSION['nocc_loggedin'])) {
unset($_SESSION['nocc_login']);
$_SESSION['nocc_user'] = NOCC_Request::getStringValue('user');
if( ! isset($conf->utf8_decode) || $conf->utf8_decode ) {
if( mb_detect_encoding($_SESSION['nocc_user'],'UTF-8',true) == "UTF-8" ) {
//deprecated in php8.2
//$_SESSION['nocc_user'] = utf8_decode($_SESSION['nocc_user']);
$_SESSION['nocc_user'] = iconv('UTF-8', 'ISO-8859-1', $_SESSION['nocc_user']);
}
}
}
if (isset($_REQUEST['passwd'])) {
$_SESSION['nocc_passwd'] = NOCC_Request::getStringValue('passwd');
if( ! isset($conf->utf8_decode) || $conf->utf8_decode ) {
if( mb_detect_encoding($_SESSION['nocc_passwd'],'UTF-8',true) == "UTF-8" ) {
//deprecated in php8.2
//$_SESSION['nocc_passwd'] = utf8_decode($_SESSION['nocc_passwd']);
$_SESSION['nocc_passwd'] = iconv('UTF-8', 'ISO-8859-1', $_SESSION['nocc_passwd']);
}
}
$pwd_to_encrypt = true;
}
if ($pwd_to_encrypt == true) {
/* encrypt session password */
/* store into session encrypted password */
$_SESSION['nocc_passwd'] = encpass($_SESSION['nocc_passwd'], $conf->master_key);
}
if (isset($_REQUEST['sort']))
$_SESSION['nocc_sort'] = NOCC_Request::getStringValue('sort');
if (isset($_REQUEST['sortdir']))
$_SESSION['nocc_sortdir'] = NOCC_Request::getStringValue('sortdir');
//--------------------------------------------------------------------------------
// Set and load the language...
//--------------------------------------------------------------------------------
$languages = new NOCC_Languages('./lang/', $conf->default_lang);
//TODO: Check $_REQUEST['lang'] also when force_default_lang?
if (isset($_REQUEST['lang'])) { //if a language is requested...
if( $languages->setSelectedLangId($_REQUEST['lang']) || $_REQUEST['lang']=="default" ) { //if the language exists...
$_SESSION['nocc_lang'] = $languages->getSelectedLangId();
}
}
if( isset($_SESSION['nocc_lang']) && $_SESSION['nocc_lang'] != "default" ) { //if session language already set...
$languages->setSelectedLangId($_SESSION['nocc_lang']);
}
else { //if session language NOT already set...
if (!isset($conf->force_default_lang) || !$conf->force_default_lang) { //if NOT force default language...
$languages->detectFromBrowser();
}
else {
if( isset($conf->default_lang) ) {
$languages->setSelectedLangId($conf->default_lang);
}
else {
$languages->setSelectedLangId('en');
}
}
if( ! isset($_SESSION['nocc_lang']) || $_SESSION['nocc_lang'] != "default" ) {
$_SESSION['nocc_lang'] = $languages->getSelectedLangId();
}
}
$lang = $languages->getSelectedLangId();
require './lang/en.php';
if ($lang != 'en') { //if NOT English...
$lang_file='./lang/'.basename($lang).'.php';
if( is_file($lang_file) ) {
require $lang_file;
}
}
//--------------------------------------------------------------------------------
//--------------------------------------------------------------------------------
// Set the theme...
//--------------------------------------------------------------------------------
$themes = new NOCC_Themes('./themes/', $conf->default_theme);
//TODO: Check $_REQUEST['theme'] also when NOT use_theme?
if( isset($_REQUEST['theme']) && isset($conf->use_theme) && $conf->use_theme ) {
if( $themes->setSelectedThemeName($_REQUEST['theme']) ) { //if the theme exists...
$_SESSION['nocc_theme'] = $themes->getSelectedThemeName();
}
}
$default_theme_set=false;
if( !isset($_SESSION['nocc_theme']) ) { //if session theme NOT already set...
$_SESSION['nocc_theme'] = $themes->getDefaultThemeName();
$default_theme_set=true;
}
//--------------------------------------------------------------------------------
if( isset($_SESSION['nocc_passwd']) && $_SESSION['nocc_passwd'] === false ) {
$ev = new NoccException($lang_strong_encryption_required.".");
require './html/header.php';
require './html/error.php';
require './html/footer.php';
exit;
}
if( $session_has_expired > 0 ) {
$_SESSION['nocc_login']="";
if( $session_has_expired == 1 ) {
$ev = new NoccException($html_session_expired.".");
}
if( $session_has_expired == 2 ) {
$ev = new NoccException($html_session_expired." ".$html_session_ip_changed.".");
}
require './html/header.php';
require './html/error.php';
require './html/footer.php';
exit;
}
// Start with default smtp server/port, override later
if (empty($_SESSION['nocc_smtp_server']))
$_SESSION['nocc_smtp_server'] = $conf->default_smtp_server;
if (empty($_SESSION['nocc_smtp_port']))
$_SESSION['nocc_smtp_port'] = $conf->default_smtp_port;
// Default login to just the username
if (isset($_SESSION['nocc_user']) && !isset($_SESSION['nocc_login']))
$_SESSION['nocc_login'] = $_SESSION['nocc_user'];
// Check allowed chars for login
if (isset($_SESSION['nocc_login']) && $_SESSION['nocc_login'] != ''
&& isset($conf->allowed_char) && $conf->allowed_char != ''
&& !preg_match("|".$conf->allowed_char."|", $_SESSION['nocc_login'])) {
$ev = new NoccException($html_wrong);
require './html/header.php';
require './html/error.php';
require './html/footer.php';
exit;
}
// Were we provided with a fillindomain to use?
if (isset($_REQUEST['fillindomain']) && isset( $conf->typed_domain_login )) {
for ($count=0; $count < count($conf->domains); $count++) {
if ($_REQUEST['fillindomain'] == $conf->domains[$count]->domain)
$_REQUEST['domainnum'] = $count;
}
}
// Were we provided with a domainnum to use
if (isset($_REQUEST['domainnum']) && !(isset($_REQUEST['server']))) {
$domainnum = $_REQUEST['domainnum'];
if (!isset($conf->domains[$domainnum])) {
$ev = new NoccException($lang_could_not_connect);
require './html/header.php';
require './html/error.php';
require './html/footer.php';
exit;
}
$domain = new NOCC_Domain($conf->domains[$domainnum]);
$_SESSION['nocc_domainnum'] = $domainnum;
$_SESSION['nocc_domain'] = $conf->domains[$domainnum]->domain;
$_SESSION['nocc_servr'] = $conf->domains[$domainnum]->in;
$_SESSION['nocc_smtp_server'] = $conf->domains[$domainnum]->smtp;
$_SESSION['nocc_smtp_port'] = $conf->domains[$domainnum]->smtp_port;
$_SESSION['smtp_auth'] = $conf->domains[$domainnum]->smtp_auth_method;
$_SESSION['imap_namespace'] = $conf->domains[$domainnum]->imap_namespace;
$_SESSION['ucb_pop_server'] = $conf->domains[$domainnum]->have_ucb_pop_server;
$_SESSION['quota_enable'] = $conf->domains[$domainnum]->quota_enable;
$_SESSION['quota_type'] = $conf->domains[$domainnum]->quota_type;
// Check allowed logins
if (!$domain->isAllowedLogin($_SESSION['nocc_login'])) {
//php.log,syslog message to be used against brute force attempts e.g. with fail2ban
//don't change text or rules may fail
$log_string='NOCC: failed login from rhost='.$_SERVER['REMOTE_ADDR'].' to server='.$_SESSION['nocc_servr'].' as user='.$_SESSION['nocc_login'].'';
error_log($log_string);
if( isset($conf->syslog) && $conf->syslog ) {
syslog(LOG_INFO,$log_string);
}
$ev = new NoccException($html_login_not_allowed);
require './html/header.php';
require './html/error.php';
require './html/footer.php';
exit;
}
//Do we have login aliases?
$_SESSION['nocc_login'] = $domain->replaceLoginAlias($_SESSION['nocc_login']);
// Do we provide the domain with the login?
if ($domain->useLoginWithDomain()) {
if ($domain->hasLoginWithDomainCharacter()) {
$_SESSION['nocc_login'] .= $domain->getLoginWithDomainCharacter() . $_SESSION['nocc_domain'];
} else if (preg_match("|([A-Za-z0-9]+)@([A-Za-z0-9]+)|", $_SESSION['nocc_login'], $regs)) {
$_SESSION['nocc_login'] = $_SESSION['nocc_login'];
$_SESSION['nocc_domain'] = $regs[2];
} else {
$_SESSION['nocc_login'] .= '@' . $_SESSION['nocc_domain'];
}
$_SESSION['nocc_login_mailaddress'] = $_SESSION['nocc_login'];
//TODO: Drop $_SESSION['nocc_login_with_domain'] first, if we drop get_default_from_address() and "config_check.php"!
$_SESSION['nocc_login_with_domain'] = true;
}
//append prefix to login
$_SESSION['nocc_login'] = $domain->addLoginPrefix($_SESSION['nocc_login']);
//append suffix to login
$_SESSION['nocc_login'] = $domain->addLoginSuffix($_SESSION['nocc_login']);
unset($domain);
}
// Or did the user provide the details themselves
if (isset($_REQUEST['server'])) {
$server = NOCC_Request::getStringValue('server');
$servtype = strtolower($_REQUEST['servtype']);
$port = NOCC_Request::getStringValue('port');
$servr = $server.'/'.$servtype.':'.$port;
// Use as default domain for user's address
$_SESSION['nocc_domain'] = $server;
$_SESSION['nocc_servr'] = $servr;
}
// Cache the user's preferences/filters
if (isset($_SESSION['nocc_user']) && isset($_SESSION['nocc_domain'])) {
//is user in auto update list?
if( isset($conf->auto_update['user'][0]) ) {
if( $conf->auto_update['user'][0]=="all" ||
in_array($_SESSION['nocc_user'].'@'.$_SESSION['nocc_domain'],$conf->auto_update['user'])
) {
$_SESSION['auto_update']=true;
}
}
//TODO: Move to NOCC_Session::loadUserPrefs()?
$ev = null;
$user_key = NOCC_Session::getUserKey();
// Preferences
if (!NOCC_Session::existsUserPrefs()) {
//TODO: Move to NOCC_Session::loadUserPrefs()?
NOCC_Session::setUserPrefs(NOCCUserPrefs::read($user_key, $ev));
if(NoccException::isException($ev)) {
echo "<p>User prefs error ($user_key): ".$ev->getMessage()."</p>";
exit(1);
}
}
$user_prefs = NOCC_Session::getUserPrefs();
//--------------------------------------------------------------------------------
// Set and load the user prefs language...
//--------------------------------------------------------------------------------
if( !isset($_SESSION['nocc_lang']) || (isset($_SESSION['nocc_lang']) && $_SESSION['nocc_lang']=='default') ) {
if( isset($user_prefs->lang) && $user_prefs->lang != '' && $user_prefs->lang != 'default' ) {
$userLang = $languages->getSelectedLangId();
if ($languages->setSelectedLangId($user_prefs->lang)) { //if the language exists...
$userLang = $languages->getSelectedLangId();
//if (($userLang != 'en') && ($userLang != $lang)) { //if NOT English AND current language...
if( $userLang != $lang ) { //if NOT current language...
$_SESSION['nocc_lang'] = $languages->getSelectedLangId();
$lang = $languages->getSelectedLangId();
require './lang/'. $lang . '.php';
}
}
unset($userLang);
}
}
unset($languages);
//--------------------------------------------------------------------------------
//--------------------------------------------------------------------------------
// Set the user prefs theme...
//--------------------------------------------------------------------------------
if( $default_theme_set || !isset($_SESSION['nocc_theme']) || (isset($_SESSION['nocc_theme']) && $_SESSION['nocc_theme']=='default') ) {
if (isset($conf->use_theme) && ($conf->use_theme == true)) { //if allow theme changing...
if( isset($user_prefs->theme) && $user_prefs->theme != '' && $user_prefs->theme != 'default' ) {
if ($themes->setSelectedThemeName($user_prefs->theme)) { //if the theme exists...
$_SESSION['nocc_theme'] = $themes->getSelectedThemeName();
}
}
}
}
unset($themes);
//--------------------------------------------------------------------------------
// Filters
if (!empty($conf->prefs)) {
if (!isset($_SESSION['nocc_user_filters'])) {
$_SESSION['nocc_user_filters'] = NOCCUserFilters::read($user_key, $ev);
if (NoccException::isException($ev)) {
echo "<p>User filters error ($user_key): ".$ev->getMessage()."</p>";
exit(1);
}
}
$user_filters = $_SESSION['nocc_user_filters'];
}
}
require_once './config/conf_lang.php';
require_once './config/conf_charset.php';
// allow PHP script to consume more memory than default setting for
// big attachments
if (isset($conf->memory_limit) && $conf->memory_limit != '') {
@ini_set("memory_limit", $conf->memory_limit);
}