Mercurial > hg > rc2

comparison index.php @ 8:bf99236cc5cd

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
try to recover from upgrade fail
author Charlie Root
date Sat, 29 Dec 2018 07:07:34 -0500
parents 4681f974d28b
children
comparison
equal deleted inserted replaced
7:65fd7d441cf1 8:bf99236cc5cd
1 <?php 1 <?php
2 /* 2 /**
3 +-------------------------------------------------------------------------+ 3 +-------------------------------------------------------------------------+
4 | Roundcube Webmail IMAP Client | 4 | Roundcube Webmail IMAP Client |
5 | Version 1.1.5 | 5 | Version 1.3.3 |
6 | | 6 | |
7 | Copyright (C) 2005-2015, The Roundcube Dev Team | 7 | Copyright (C) 2005-2017, The Roundcube Dev Team |
8 | | 8 | |
9 | This program is free software: you can redistribute it and/or modify | 9 | This program is free software: you can redistribute it and/or modify |
10 | it under the terms of the GNU General Public License (with exceptions | 10 | it under the terms of the GNU General Public License (with exceptions |
11 | for skins & plugins) as published by the Free Software Foundation, | 11 | for skins & plugins) as published by the Free Software Foundation, |
12 | either version 3 of the License, or (at your option) any later version. | 12 | either version 3 of the License, or (at your option) any later version. |
38 38
39 // include environment 39 // include environment
40 require_once 'program/include/iniset.php'; 40 require_once 'program/include/iniset.php';
41 41
42 // init application, start session, init output class, etc. 42 // init application, start session, init output class, etc.
43 $RCMAIL = rcmail::get_instance($GLOBALS['env']); 43 $RCMAIL = rcmail::get_instance(0, $GLOBALS['env']);
44 44
45 // Make the whole PHP output non-cacheable (#1487797) 45 // Make the whole PHP output non-cacheable (#1487797)
46 $RCMAIL->output->nocacheing_headers(); 46 $RCMAIL->output->nocacheing_headers();
47 $RCMAIL->output->common_headers(); 47 $RCMAIL->output->common_headers();
48 48
60 // check DB connections and exit on failure 60 // check DB connections and exit on failure
61 if ($err_str = $RCMAIL->db->is_error()) { 61 if ($err_str = $RCMAIL->db->is_error()) {
62 rcmail::raise_error(array( 62 rcmail::raise_error(array(
63 'code' => 603, 63 'code' => 603,
64 'type' => 'db', 64 'type' => 'db',
65 'message' => $err_str), FALSE, TRUE); 65 'message' => $err_str), false, true);
66 } 66 }
67 67
68 // error steps 68 // error steps
69 if ($RCMAIL->action == 'error' && !empty($_GET['_code'])) { 69 if ($RCMAIL->action == 'error' && !empty($_GET['_code'])) {
70 rcmail::raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE); 70 rcmail::raise_error(array('code' => hexdec($_GET['_code'])), false, true);
71 } 71 }
72 72
73 // check if https is required (for login) and redirect if necessary 73 // check if https is required (for login) and redirect if necessary
74 if (empty($_SESSION['user_id']) && ($force_https = $RCMAIL->config->get('force_https', false))) { 74 if (empty($_SESSION['user_id']) && ($force_https = $RCMAIL->config->get('force_https', false))) {
75 $https_port = is_bool($force_https) ? 443 : $force_https; 75 // force_https can be true, <hostname>, <hostname>:<port>, <port>
76 76 if (!is_bool($force_https)) {
77 if (!rcube_utils::https_check($https_port)) { 77 list($host, $port) = explode(':', $force_https);
78 $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']); 78
79 $host .= ($https_port != 443 ? ':' . $https_port : ''); 79 if (is_numeric($host) && empty($port)) {
80 $port = $host;
81 $host = '';
82 }
83 }
84
85 if (!rcube_utils::https_check($port ?: 443)) {
86 if (empty($host)) {
87 $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);
88 }
89 if ($port && $port != 443) {
90 $host .= ':' . $port;
91 }
80 92
81 header('Location: https://' . $host . $_SERVER['REQUEST_URI']); 93 header('Location: https://' . $host . $_SERVER['REQUEST_URI']);
82 exit; 94 exit;
83 } 95 }
84 } 96 }
89 $RCMAIL->action = $startup['action']; 101 $RCMAIL->action = $startup['action'];
90 102
91 // try to log in 103 // try to log in
92 if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') { 104 if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') {
93 $request_valid = $_SESSION['temp'] && $RCMAIL->check_request(); 105 $request_valid = $_SESSION['temp'] && $RCMAIL->check_request();
106 $pass_charset = $RCMAIL->config->get('password_charset', 'ISO-8859-1');
94 107
95 // purge the session in case of new login when a session already exists 108 // purge the session in case of new login when a session already exists
96 $RCMAIL->kill_session(); 109 $RCMAIL->kill_session();
97 110
98 $auth = $RCMAIL->plugins->exec_hook('authenticate', array( 111 $auth = $RCMAIL->plugins->exec_hook('authenticate', array(
99 'host' => $RCMAIL->autoselect_host(), 112 'host' => $RCMAIL->autoselect_host(),
100 'user' => trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST)), 113 'user' => trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST)),
101 'pass' => rcube_utils::get_input_value('_pass', rcube_utils::INPUT_POST, true, 114 'pass' => rcube_utils::get_input_value('_pass', rcube_utils::INPUT_POST, true, $pass_charset),
102 $RCMAIL->config->get('password_charset', 'ISO-8859-1')), 115 'valid' => $request_valid,
103 'cookiecheck' => true, 116 'cookiecheck' => true,
104 'valid' => $request_valid,
105 )); 117 ));
106 118
107 // Login 119 // Login
108 if ($auth['valid'] && !$auth['abort'] 120 if ($auth['valid'] && !$auth['abort']
109 && $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'], $auth['cookiecheck']) 121 && $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'], $auth['cookiecheck'])
142 // send redirect 154 // send redirect
143 $OUTPUT->redirect($redir, 0, true); 155 $OUTPUT->redirect($redir, 0, true);
144 } 156 }
145 else { 157 else {
146 if (!$auth['valid']) { 158 if (!$auth['valid']) {
147 $error_code = RCMAIL::ERROR_INVALID_REQUEST; 159 $error_code = rcmail::ERROR_INVALID_REQUEST;
148 } 160 }
149 else { 161 else {
150 $error_code = is_numeric($auth['error']) ? $auth['error'] : $RCMAIL->login_error(); 162 $error_code = is_numeric($auth['error']) ? $auth['error'] : $RCMAIL->login_error();
151 } 163 }
152 164
153 $error_labels = array( 165 $error_labels = array(
154 RCMAIL::ERROR_STORAGE => 'storageerror', 166 rcmail::ERROR_STORAGE => 'storageerror',
155 RCMAIL::ERROR_COOKIES_DISABLED => 'cookiesdisabled', 167 rcmail::ERROR_COOKIES_DISABLED => 'cookiesdisabled',
156 RCMAIL::ERROR_INVALID_REQUEST => 'invalidrequest', 168 rcmail::ERROR_INVALID_REQUEST => 'invalidrequest',
157 RCMAIL::ERROR_INVALID_HOST => 'invalidhost', 169 rcmail::ERROR_INVALID_HOST => 'invalidhost',
170 rcmail::ERROR_RATE_LIMIT => 'accountlocked',
158 ); 171 );
159 172
160 $error_message = !empty($auth['error']) && !is_numeric($auth['error']) ? $auth['error'] : ($error_labels[$error_code] ?: 'loginfailed'); 173 $error_message = !empty($auth['error']) && !is_numeric($auth['error']) ? $auth['error'] : ($error_labels[$error_code] ?: 'loginfailed');
161 174
162 $OUTPUT->show_message($error_message, 'warning'); 175 $OUTPUT->show_message($error_message, 'warning');
220 // check if installer is still active 233 // check if installer is still active
221 if ($RCMAIL->config->get('enable_installer') && is_readable('./installer/index.php')) { 234 if ($RCMAIL->config->get('enable_installer') && is_readable('./installer/index.php')) {
222 $OUTPUT->add_footer(html::div(array('style' => "background:#ef9398; border:2px solid #dc5757; padding:0.5em; margin:2em auto; width:50em"), 235 $OUTPUT->add_footer(html::div(array('style' => "background:#ef9398; border:2px solid #dc5757; padding:0.5em; margin:2em auto; width:50em"),
223 html::tag('h2', array('style' => "margin-top:0.2em"), "Installer script is still accessible") . 236 html::tag('h2', array('style' => "margin-top:0.2em"), "Installer script is still accessible") .
224 html::p(null, "The install script of your Roundcube installation is still stored in its default location!") . 237 html::p(null, "The install script of your Roundcube installation is still stored in its default location!") .
225 html::p(null, "Please <b>remove</b> the whole <tt>installer</tt> folder from the Roundcube directory because . 238 html::p(null, "Please <b>remove</b> the whole <tt>installer</tt> folder from the Roundcube directory because
226 these files may expose sensitive configuration data like server passwords and encryption keys 239 these files may expose sensitive configuration data like server passwords and encryption keys
227 to the public. Make sure you cannot access the <a href=\"./installer/\">installer script</a> from your browser.") 240 to the public. Make sure you cannot access the <a href=\"./installer/\">installer script</a> from your browser.")
228 )); 241 ));
229 } 242 }
230 243
240 253
241 // check access to disabled actions 254 // check access to disabled actions
242 $disabled_actions = (array) $RCMAIL->config->get('disabled_actions'); 255 $disabled_actions = (array) $RCMAIL->config->get('disabled_actions');
243 if (in_array($RCMAIL->task . '.' . ($RCMAIL->action ?: 'index'), $disabled_actions)) { 256 if (in_array($RCMAIL->task . '.' . ($RCMAIL->action ?: 'index'), $disabled_actions)) {
244 rcube::raise_error(array( 257 rcube::raise_error(array(
245 'code' => 403, 'type' => 'php', 258 'code' => 404, 'type' => 'php',
246 'message' => "Action disabled"), true, true); 259 'message' => "Action disabled"), true, true);
247 } 260 }
248 } 261 }
249 262
250 // we're ready, user is authenticated and the request is safe 263 // we're ready, user is authenticated and the request is safe
289 // include action file only once (in case it don't exit) 302 // include action file only once (in case it don't exit)
290 include_once $incfile; 303 include_once $incfile;
291 $redirects++; 304 $redirects++;
292 } 305 }
293 else { 306 else {
307 #rcube::write_log('mail',$incfile." not found");
294 break; 308 break;
295 } 309 }
296 } 310 }
297 311
298 if ($RCMAIL->action == 'refresh') { 312 if ($RCMAIL->action == 'refresh') {
299 $RCMAIL->plugins->exec_hook('refresh', array('last' => intval(rcube_utils::get_input_value('_last', rcube_utils::INPUT_GPC)))); 313 $RCMAIL->plugins->exec_hook('refresh', array('last' => intval(rcube_utils::get_input_value('_last', rcube_utils::INPUT_GPC))));
300 } 314 }
301 315
316 #rcube::write_log('mail',"task: ".$RCMAIL->task." action: ".$RCMAIL->action);
302 // parse main template (default) 317 // parse main template (default)
303 $OUTPUT->send($RCMAIL->task); 318 $OUTPUT->send($RCMAIL->task);
304 319
305 // if we arrive here, something went wrong 320 // if we arrive here, something went wrong
306 rcmail::raise_error(array( 321 rcmail::raise_error(array(