| | Author: Aleksander Machniak | +-----------------------------------------------------------------------+ */ /** * Application class of Roundcube Webmail * implemented as singleton * * @package Webmail */ class rcmail extends rcube { /** * Main tasks. * * @var array */ static public $main_tasks = array('mail','settings','addressbook','login','logout','utils','dummy'); /** * Current task. * * @var string */ public $task; /** * Current action. * * @var string */ public $action = ''; public $comm_path = './'; public $filename = ''; private $address_books = array(); private $action_map = array(); const ERROR_STORAGE = -2; const ERROR_INVALID_REQUEST = 1; const ERROR_INVALID_HOST = 2; const ERROR_COOKIES_DISABLED = 3; const ERROR_RATE_LIMIT = 4; /** * This implements the 'singleton' design pattern * * @param integer $mode Ignored rcube::get_instance() argument * @param string $env Environment name to run (e.g. live, dev, test) * * @return rcmail The one and only instance */ static function get_instance($mode = 0, $env = '') { if (!self::$instance || !is_a(self::$instance, 'rcmail')) { self::$instance = new rcmail($env); // init AFTER object was linked with self::$instance self::$instance->startup(); } return self::$instance; } /** * Initial startup function * to register session, create database and imap connections */ protected function startup() { $this->init(self::INIT_WITH_DB | self::INIT_WITH_PLUGINS); // set filename if not index.php if (($basename = basename($_SERVER['SCRIPT_FILENAME'])) && $basename != 'index.php') { $this->filename = $basename; } // load all configured plugins $plugins = (array) $this->config->get('plugins', array()); $required_plugins = array('filesystem_attachments', 'jqueryui'); $this->plugins->load_plugins($plugins, $required_plugins); // start session $this->session_init(); // Remember default skin, before it's replaced by user prefs $this->default_skin = $this->config->get('skin'); // create user object $this->set_user(new rcube_user($_SESSION['user_id'])); // set task and action properties $this->set_task(rcube_utils::get_input_value('_task', rcube_utils::INPUT_GPC)); $this->action = asciiwords(rcube_utils::get_input_value('_action', rcube_utils::INPUT_GPC)); // reset some session parameters when changing task if ($this->task != 'utils') { // we reset list page when switching to another task // but only to the main task interface - empty action (#1489076, #1490116) // this will prevent from unintentional page reset on cross-task requests if ($this->session && $_SESSION['task'] != $this->task && empty($this->action)) { $this->session->remove('page'); // set current task to session $_SESSION['task'] = $this->task; } } // init output class (not in CLI mode) if (!empty($_REQUEST['_remote'])) { $GLOBALS['OUTPUT'] = $this->json_init(); } else if ($_SERVER['REMOTE_ADDR']) { $GLOBALS['OUTPUT'] = $this->load_gui(!empty($_REQUEST['_framed'])); } // run init method on all the plugins $this->plugins->init($this, $this->task); } /** * Setter for application task * * @param string $task Task to set */ public function set_task($task) { if (php_sapi_name() == 'cli') { $task = 'cli'; } else if (!$this->user || !$this->user->ID) { $task = 'login'; } else { $task = asciiwords($task, true) ?: 'mail'; } $this->task = $task; $this->comm_path = $this->url(array('task' => $this->task)); if (!empty($_REQUEST['_framed'])) { $this->comm_path .= '&_framed=1'; } if ($this->output) { $this->output->set_env('task', $this->task); $this->output->set_env('comm_path', $this->comm_path); } } /** * Setter for system user object * * @param rcube_user $user Current user instance */ public function set_user($user) { parent::set_user($user); $lang = $this->language_prop($this->config->get('language', $_SESSION['language'])); $_SESSION['language'] = $this->user->language = $lang; // set localization setlocale(LC_ALL, $lang . '.utf8', $lang . '.UTF-8', 'en_US.utf8', 'en_US.UTF-8'); // Workaround for http://bugs.php.net/bug.php?id=18556 // Also strtoupper/strtolower and other methods are locale-aware // for these locales it is problematic (#1490519) if (in_array($lang, array('tr_TR', 'ku', 'az_AZ'))) { setlocale(LC_CTYPE, 'en_US.utf8', 'en_US.UTF-8', 'C'); } } /** * Return instance of the internal address book class * * @param string $id Address book identifier (-1 for default addressbook) * @param boolean $writeable True if the address book needs to be writeable * * @return rcube_contacts Address book object */ public function get_address_book($id, $writeable = false) { $contacts = null; $ldap_config = (array)$this->config->get('ldap_public'); // 'sql' is the alias for '0' used by autocomplete if ($id == 'sql') $id = '0'; else if ($id == -1) { $id = $this->config->get('default_addressbook'); $default = true; } // use existing instance if (isset($this->address_books[$id]) && ($this->address_books[$id] instanceof rcube_addressbook)) { $contacts = $this->address_books[$id]; } else if ($id && $ldap_config[$id]) { $domain = $this->config->mail_domain($_SESSION['storage_host']); $contacts = new rcube_ldap($ldap_config[$id], $this->config->get('ldap_debug'), $domain); } else if ($id === '0') { $contacts = new rcube_contacts($this->db, $this->get_user_id()); } else { $plugin = $this->plugins->exec_hook('addressbook_get', array('id' => $id, 'writeable' => $writeable)); // plugin returned instance of a rcube_addressbook if ($plugin['instance'] instanceof rcube_addressbook) { $contacts = $plugin['instance']; } } // when user requested default writeable addressbook // we need to check if default is writeable, if not we // will return first writeable book (if any exist) if ($contacts && $default && $contacts->readonly && $writeable) { $contacts = null; } // Get first addressbook from the list if configured default doesn't exist // This can happen when user deleted the addressbook (e.g. Kolab folder) if (!$contacts && (!$id || $default)) { $source = reset($this->get_address_sources($writeable, !$default)); if (!empty($source)) { $contacts = $this->get_address_book($source['id']); if ($contacts) { $id = $source['id']; } } } if (!$contacts) { // there's no default, just return if ($default) { return null; } self::raise_error(array( 'code' => 700, 'file' => __FILE__, 'line' => __LINE__, 'message' => "Addressbook source ($id) not found!" ), true, true); } // add to the 'books' array for shutdown function $this->address_books[$id] = $contacts; if ($writeable && $contacts->readonly) { return null; } // set configured sort order if ($sort_col = $this->config->get('addressbook_sort_col')) { $contacts->set_sort_order($sort_col); } return $contacts; } /** * Return identifier of the address book object * * @param rcube_addressbook $object Addressbook source object * * @return string Source identifier */ public function get_address_book_id($object) { foreach ($this->address_books as $index => $book) { if ($book === $object) { return $index; } } } /** * Return address books list * * @param boolean $writeable True if the address book needs to be writeable * @param boolean $skip_hidden True if the address book needs to be not hidden * * @return array Address books array */ public function get_address_sources($writeable = false, $skip_hidden = false) { $abook_type = strtolower((string) $this->config->get('address_book_type', 'sql')); $ldap_config = (array) $this->config->get('ldap_public'); $autocomplete = (array) $this->config->get('autocomplete_addressbooks'); $list = array(); // SQL-based (built-in) address book if ($abook_type === 'sql') { if (!isset($this->address_books['0'])) { $this->address_books['0'] = new rcube_contacts($this->db, $this->get_user_id()); } $list['0'] = array( 'id' => '0', 'name' => $this->gettext('personaladrbook'), 'groups' => $this->address_books['0']->groups, 'readonly' => $this->address_books['0']->readonly, 'undelete' => $this->address_books['0']->undelete && $this->config->get('undo_timeout'), 'autocomplete' => in_array_nocase('sql', $autocomplete), ); } // LDAP address book(s) if (!empty($ldap_config)) { foreach ($ldap_config as $id => $prop) { // handle misconfiguration if (empty($prop) || !is_array($prop)) { continue; } $list[$id] = array( 'id' => $id, 'name' => html::quote($prop['name']), 'groups' => !empty($prop['groups']) || !empty($prop['group_filters']), 'readonly' => !$prop['writable'], 'hidden' => $prop['hidden'], 'autocomplete' => in_array($id, $autocomplete) ); } } // Plugins can also add address books, or re-order the list $plugin = $this->plugins->exec_hook('addressbooks_list', array('sources' => $list)); $list = $plugin['sources']; foreach ($list as $idx => $item) { // register source for shutdown function if (!is_object($this->address_books[$item['id']])) { $this->address_books[$item['id']] = $item; } // remove from list if not writeable as requested if ($writeable && $item['readonly']) { unset($list[$idx]); } // remove from list if hidden as requested else if ($skip_hidden && $item['hidden']) { unset($list[$idx]); } } return $list; } /** * Getter for compose responses. * These are stored in local config and user preferences. * * @param boolean $sorted True to sort the list alphabetically * @param boolean $user_only True if only this user's responses shall be listed * * @return array List of the current user's stored responses */ public function get_compose_responses($sorted = false, $user_only = false) { $responses = array(); if (!$user_only) { foreach ($this->config->get('compose_responses_static', array()) as $response) { if (empty($response['key'])) { $response['key'] = substr(md5($response['name']), 0, 16); } $response['static'] = true; $response['class'] = 'readonly'; $k = $sorted ? '0000-' . mb_strtolower($response['name']) : $response['key']; $responses[$k] = $response; } } foreach ($this->config->get('compose_responses', array()) as $response) { if (empty($response['key'])) { $response['key'] = substr(md5($response['name']), 0, 16); } $k = $sorted ? mb_strtolower($response['name']) : $response['key']; $responses[$k] = $response; } // sort list by name if ($sorted) { ksort($responses, SORT_LOCALE_STRING); } $responses = array_values($responses); $hook = $this->plugins->exec_hook('get_compose_responses', array( 'list' => $responses, 'sorted' => $sorted, 'user_only' => $user_only, )); return $hook['list']; } /** * Init output object for GUI and add common scripts. * This will instantiate a rcmail_output_html object and set * environment vars according to the current session and configuration * * @param boolean $framed True if this request is loaded in a (i)frame * * @return rcube_output Reference to HTML output object */ public function load_gui($framed = false) { // init output page if (!($this->output instanceof rcmail_output_html)) { $this->output = new rcmail_output_html($this->task, $framed); } // set refresh interval $this->output->set_env('refresh_interval', $this->config->get('refresh_interval', 0)); $this->output->set_env('session_lifetime', $this->config->get('session_lifetime', 0) * 60); if ($framed) { $this->comm_path .= '&_framed=1'; $this->output->set_env('framed', true); } $this->output->set_env('task', $this->task); $this->output->set_env('action', $this->action); $this->output->set_env('comm_path', $this->comm_path); $this->output->set_charset(RCUBE_CHARSET); if ($this->user && $this->user->ID) { $this->output->set_env('user_id', $this->user->get_hash()); } // set compose mode for all tasks (message compose step can be triggered from everywhere) $this->output->set_env('compose_extwin', $this->config->get('compose_extwin',false)); // add some basic labels to client $this->output->add_label('loading', 'servererror', 'connerror', 'requesttimedout', 'refreshing', 'windowopenerror', 'uploadingmany', 'uploading', 'close', 'save', 'cancel', 'alerttitle', 'confirmationtitle', 'delete', 'continue', 'ok'); return $this->output; } /** * Create an output object for JSON responses * * @return rcube_output Reference to JSON output object */ public function json_init() { if (!($this->output instanceof rcmail_output_json)) { $this->output = new rcmail_output_json($this->task); } return $this->output; } /** * Create session object and start the session. */ public function session_init() { parent::session_init(); // set initial session vars if (!$_SESSION['user_id']) { $_SESSION['temp'] = true; } } /** * Perform login to the mail server and to the webmail service. * This will also create a new user entry if auto_create_user is configured. * * @param string $username Mail storage (IMAP) user name * @param string $password Mail storage (IMAP) password * @param string $host Mail storage (IMAP) host * @param bool $cookiecheck Enables cookie check * * @return boolean True on success, False on failure */ function login($username, $password, $host = null, $cookiecheck = false) { $this->login_error = null; if (empty($username)) { return false; } if ($cookiecheck && empty($_COOKIE)) { $this->login_error = self::ERROR_COOKIES_DISABLED; return false; } $username_filter = $this->config->get('login_username_filter'); $username_maxlen = $this->config->get('login_username_maxlen', 1024); $password_maxlen = $this->config->get('login_password_maxlen', 1024); $default_host = $this->config->get('default_host'); $default_port = $this->config->get('default_port'); $username_domain = $this->config->get('username_domain'); $login_lc = $this->config->get('login_lc', 2); // check input for security (#1490500) if (($username_maxlen && strlen($username) > $username_maxlen) || ($username_filter && !preg_match($username_filter, $username)) || ($password_maxlen && strlen($password) > $password_maxlen) ) { $this->login_error = self::ERROR_INVALID_REQUEST; return false; } // host is validated in rcmail::autoselect_host(), so here // we'll only handle unset host (if possible) if (!$host && !empty($default_host)) { if (is_array($default_host)) { $key = key($default_host); $host = is_numeric($key) ? $default_host[$key] : $key; } else { $host = $default_host; } $host = rcube_utils::parse_host($host); } if (!$host) { $this->login_error = self::ERROR_INVALID_HOST; return false; } // parse $host URL $a_host = parse_url($host); if ($a_host['host']) { $host = $a_host['host']; $ssl = (isset($a_host['scheme']) && in_array($a_host['scheme'], array('ssl','imaps','tls'))) ? $a_host['scheme'] : null; if (!empty($a_host['port'])) $port = $a_host['port']; else if ($ssl && $ssl != 'tls' && (!$default_port || $default_port == 143)) $port = 993; } if (!$port) { $port = $default_port; } // Check if we need to add/force domain to username if (!empty($username_domain)) { $domain = is_array($username_domain) ? $username_domain[$host] : $username_domain; if ($domain = rcube_utils::parse_host((string)$domain, $host)) { $pos = strpos($username, '@'); // force configured domains if ($pos !== false && $this->config->get('username_domain_forced')) { $username = substr($username, 0, $pos) . '@' . $domain; } // just add domain if not specified else if ($pos === false) { $username .= '@' . $domain; } } } // Convert username to lowercase. If storage backend // is case-insensitive we need to store always the same username (#1487113) if ($login_lc) { if ($login_lc == 2 || $login_lc === true) { $username = mb_strtolower($username); } else if (strpos($username, '@')) { // lowercase domain name list($local, $domain) = explode('@', $username); $username = $local . '@' . mb_strtolower($domain); } } // try to resolve email address from virtuser table if (strpos($username, '@') && ($virtuser = rcube_user::email2user($username))) { $username = $virtuser; } // Here we need IDNA ASCII // Only rcube_contacts class is using domain names in Unicode $host = rcube_utils::idn_to_ascii($host); if (strpos($username, '@')) { $username = rcube_utils::idn_to_ascii($username); } // user already registered -> overwrite username if ($user = rcube_user::query($username, $host)) { $username = $user->data['username']; // Brute-force prevention if ($user->is_locked()) { $this->login_error = self::ERROR_RATE_LIMIT; return false; } } $storage = $this->get_storage(); // try to log in if (!$storage->connect($host, $username, $password, $port, $ssl)) { if ($user) { $user->failed_login(); } // Wait a second to slow down brute-force attacks (#1490549) sleep(1); return false; } // user already registered -> update user's record if (is_object($user)) { // update last login timestamp $user->touch(); } // create new system user else if ($this->config->get('auto_create_user')) { if ($created = rcube_user::create($username, $host)) { $user = $created; } else { self::raise_error(array( 'code' => 620, 'file' => __FILE__, 'line' => __LINE__, 'message' => "Failed to create a user record. Maybe aborted by a plugin?" ), true, false); } } else { self::raise_error(array( 'code' => 621, 'file' => __FILE__, 'line' => __LINE__, 'message' => "Access denied for new user $username. 'auto_create_user' is disabled" ), true, false); } // login succeeded if (is_object($user) && $user->ID) { // Configure environment $this->set_user($user); $this->set_storage_prop(); // set session vars $_SESSION['user_id'] = $user->ID; $_SESSION['username'] = $user->data['username']; $_SESSION['storage_host'] = $host; $_SESSION['storage_port'] = $port; $_SESSION['storage_ssl'] = $ssl; $_SESSION['password'] = $this->encrypt($password); $_SESSION['login_time'] = time(); $timezone = rcube_utils::get_input_value('_timezone', rcube_utils::INPUT_GPC); if ($timezone && is_string($timezone) && $timezone != '_default_') { $_SESSION['timezone'] = $timezone; } // fix some old settings according to namespace prefix $this->fix_namespace_settings($user); // set/create special folders $this->set_special_folders(); // clear all mailboxes related cache(s) $storage->clear_cache('mailboxes', true); return true; } return false; } /** * Returns error code of last login operation * * @return int Error code */ public function login_error() { if ($this->login_error) { return $this->login_error; } if ($this->storage && $this->storage->get_error_code() < -1) { return self::ERROR_STORAGE; } } /** * Detects session errors * * @return string Error label */ public function session_error() { // log session failures $task = rcube_utils::get_input_value('_task', rcube_utils::INPUT_GPC); if ($task && !in_array($task, array('login', 'logout')) && ($sess_id = $_COOKIE[ini_get('session.name')])) { $log = "Aborted session $sess_id; no valid session data found"; $error = 'sessionerror'; // In rare cases web browser might end up with multiple cookies of the same name // but different params, e.g. domain (webmail.domain.tld and .webmail.domain.tld). // In such case browser will send both cookies in the request header // problem is that PHP session handler can use only one and if that one session // does not exist we'll end up here $cookie = rcube_utils::request_header('Cookie'); $cookie_sessid = $this->config->get('session_name') ?: 'roundcube_sessid'; $cookie_sessauth = $this->config->get('session_auth_name') ?: 'roundcube_sessauth'; if (substr_count($cookie, $cookie_sessid.'=') > 1 || substr_count($cookie, $cookie_sessauth.'=') > 1) { $log .= ". Cookies mismatch"; $error = 'cookiesmismatch'; } $this->session->log($log); return $error; } } /** * Auto-select IMAP host based on the posted login information * * @return string Selected IMAP host */ public function autoselect_host() { $default_host = $this->config->get('default_host'); $host = null; if (is_array($default_host)) { $post_host = rcube_utils::get_input_value('_host', rcube_utils::INPUT_POST); $post_user = rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST); list(, $domain) = explode('@', $post_user); // direct match in default_host array if ($default_host[$post_host] || in_array($post_host, array_values($default_host))) { $host = $post_host; } // try to select host by mail domain else if (!empty($domain)) { foreach ($default_host as $storage_host => $mail_domains) { if (is_array($mail_domains) && in_array_nocase($domain, $mail_domains)) { $host = $storage_host; break; } else if (stripos($storage_host, $domain) !== false || stripos(strval($mail_domains), $domain) !== false) { $host = is_numeric($storage_host) ? $mail_domains : $storage_host; break; } } } // take the first entry if $host is still not set if (empty($host)) { $key = key($default_host); $host = is_numeric($key) ? $default_host[$key] : $key; } } else if (empty($default_host)) { $host = rcube_utils::get_input_value('_host', rcube_utils::INPUT_POST); } else { $host = rcube_utils::parse_host($default_host); } return $host; } /** * Destroy session data and remove cookie */ public function kill_session() { $this->plugins->exec_hook('session_destroy'); $this->session->kill(); $_SESSION = array('language' => $this->user->language, 'temp' => true); $this->user->reset(); if ($this->config->get('skin') != $this->default_skin && method_exists($this->output, 'set_skin')) { $this->output->set_skin($this->default_skin); } } /** * Do server side actions on logout */ public function logout_actions() { $storage = $this->get_storage(); $logout_expunge = $this->config->get('logout_expunge'); $logout_purge = $this->config->get('logout_purge'); $trash_mbox = $this->config->get('trash_mbox'); if ($logout_purge && !empty($trash_mbox)) { $storage->clear_folder($trash_mbox); } if ($logout_expunge) { $storage->expunge_folder('INBOX'); } // Try to save unsaved user preferences if (!empty($_SESSION['preferences'])) { $this->user->save_prefs(unserialize($_SESSION['preferences'])); } } /** * Build a valid URL to this instance of Roundcube * * @param mixed $p Either a string with the action or * url parameters as key-value pairs * @param boolean $absolute Build an URL absolute to document root * @param boolean $full Create fully qualified URL including http(s):// and hostname * @param bool $secure Return absolute URL in secure location * * @return string Valid application URL */ public function url($p, $absolute = false, $full = false, $secure = false) { if (!is_array($p)) { if (strpos($p, 'http') === 0) { return $p; } $p = array('_action' => @func_get_arg(0)); } $pre = array(); $task = $p['_task'] ?: ($p['task'] ?: $this->task); $pre['_task'] = $task; unset($p['task'], $p['_task']); $url = $this->filename; $delm = '?'; foreach (array_merge($pre, $p) as $key => $val) { if ($val !== '' && $val !== null) { $par = $key[0] == '_' ? $key : '_'.$key; $url .= $delm.urlencode($par).'='.urlencode($val); $delm = '&'; } } $base_path = strval($_SERVER['REDIRECT_SCRIPT_URL'] ?: $_SERVER['SCRIPT_NAME']); $base_path = preg_replace('![^/]+$!', '', $base_path); if ($secure && ($token = $this->get_secure_url_token(true))) { // add token to the url $url = $token . '/' . $url; // remove old token from the path $base_path = rtrim($base_path, '/'); $base_path = preg_replace('/\/[a-zA-Z0-9]{' . strlen($token) . '}$/', '', $base_path); // this need to be full url to make redirects work $absolute = true; } else if ($secure && ($token = $this->get_request_token())) $url .= $delm . '_token=' . urlencode($token); if ($absolute || $full) { // add base path to this Roundcube installation if ($base_path == '') $base_path = '/'; $prefix = $base_path; // prepend protocol://hostname:port if ($full) { $prefix = rcube_utils::resolve_url($prefix); } $prefix = rtrim($prefix, '/') . '/'; } else { $prefix = './'; } return $prefix . $url; } /** * Function to be executed in script shutdown */ public function shutdown() { parent::shutdown(); foreach ($this->address_books as $book) { if (is_object($book) && is_a($book, 'rcube_addressbook')) { $book->close(); } } // write performance stats to logs/console if ($this->config->get('devel_mode') || $this->config->get('performance_stats')) { // we have to disable per_user_logging to make sure stats end up in the main console log $this->config->set('per_user_logging', false); // make sure logged numbers use unified format setlocale(LC_NUMERIC, 'en_US.utf8', 'en_US.UTF-8', 'en_US', 'C'); if (function_exists('memory_get_usage')) { $mem = round(memory_get_usage() / 1024 /1024, 1); } if (function_exists('memory_get_peak_usage')) { $mem .= '/'. round(memory_get_peak_usage() / 1024 / 1024, 1); } $log = $this->task . ($this->action ? '/'.$this->action : '') . ($mem ? " [$mem]" : ''); if (defined('RCMAIL_START')) { self::print_timer(RCMAIL_START, $log); } else { self::console($log); } } } /** * CSRF attack prevention code. Raises error when check fails. * * @param int $mode Request mode */ public function request_security_check($mode = rcube_utils::INPUT_POST) { // check request token if (!$this->check_request($mode)) { $error = array('code' => 403, 'message' => "Request security check failed"); self::raise_error($error, false, true); } } /** * Registers action aliases for current task * * @param array $map Alias-to-filename hash array */ public function register_action_map($map) { if (is_array($map)) { foreach ($map as $idx => $val) { $this->action_map[$idx] = $val; } } } /** * Returns current action filename * * @param array $map Alias-to-filename hash array */ public function get_action_file() { if (!empty($this->action_map[$this->action])) { return $this->action_map[$this->action]; } return strtr($this->action, '-', '_') . '.inc'; } /** * Fixes some user preferences according to namespace handling change. * Old Roundcube versions were using folder names with removed namespace prefix. * Now we need to add the prefix on servers where personal namespace has prefix. * * @param rcube_user $user User object */ private function fix_namespace_settings($user) { $prefix = $this->storage->get_namespace('prefix'); $prefix_len = strlen($prefix); if (!$prefix_len) { return; } if ($this->config->get('namespace_fixed')) { return; } $prefs = array(); // Build namespace prefix regexp $ns = $this->storage->get_namespace(); $regexp = array(); foreach ($ns as $entry) { if (!empty($entry)) { foreach ($entry as $item) { if (strlen($item[0])) { $regexp[] = preg_quote($item[0], '/'); } } } } $regexp = '/^('. implode('|', $regexp).')/'; // Fix preferences $opts = array('drafts_mbox', 'junk_mbox', 'sent_mbox', 'trash_mbox', 'archive_mbox'); foreach ($opts as $opt) { if ($value = $this->config->get($opt)) { if ($value != 'INBOX' && !preg_match($regexp, $value)) { $prefs[$opt] = $prefix.$value; } } } if (($search_mods = $this->config->get('search_mods')) && !empty($search_mods)) { $folders = array(); foreach ($search_mods as $idx => $value) { if ($idx != 'INBOX' && $idx != '*' && !preg_match($regexp, $idx)) { $idx = $prefix.$idx; } $folders[$idx] = $value; } $prefs['search_mods'] = $folders; } if (($threading = $this->config->get('message_threading')) && !empty($threading)) { $folders = array(); foreach ($threading as $idx => $value) { if ($idx != 'INBOX' && !preg_match($regexp, $idx)) { $idx = $prefix.$idx; } $folders[$prefix.$idx] = $value; } $prefs['message_threading'] = $folders; } if ($collapsed = $this->config->get('collapsed_folders')) { $folders = explode('&&', $collapsed); $count = count($folders); $folders_str = ''; if ($count) { $folders[0] = substr($folders[0], 1); $folders[$count-1] = substr($folders[$count-1], 0, -1); } foreach ($folders as $value) { if ($value != 'INBOX' && !preg_match($regexp, $value)) { $value = $prefix.$value; } $folders_str .= '&'.$value.'&'; } $prefs['collapsed_folders'] = $folders_str; } $prefs['namespace_fixed'] = true; // save updated preferences and reset imap settings (default folders) $user->save_prefs($prefs); $this->set_storage_prop(); } /** * Overwrite action variable * * @param string $action New action value */ public function overwrite_action($action) { $this->action = $action; $this->output->set_env('action', $action); } /** * Set environment variables for specified config options * * @param array $options List of configuration option names */ public function set_env_config($options) { foreach ((array) $options as $option) { if ($this->config->get($option)) { $this->output->set_env($option, true); } } } /** * Returns RFC2822 formatted current date in user's timezone * * @return string Date */ public function user_date() { // get user's timezone try { $tz = new DateTimeZone($this->config->get('timezone')); $date = new DateTime('now', $tz); } catch (Exception $e) { $date = new DateTime(); } return $date->format('r'); } /** * Write login data (name, ID, IP address) to the 'userlogins' log file. */ public function log_login($user = null, $failed_login = false, $error_code = 0) { if (!$this->config->get('log_logins')) { return; } // don't log full session id for security reasons $session_id = session_id(); $session_id = $session_id ? substr($session_id, 0, 16) : 'no-session'; // failed login if ($failed_login) { // don't fill the log with complete input, which could // have been prepared by a hacker if (strlen($user) > 256) { $user = substr($user, 0, 256) . '...'; } $message = sprintf('Failed login for %s from %s in session %s (error: %d)', $user, rcube_utils::remote_ip(), $session_id, $error_code); } // successful login else { $user_name = $this->get_user_name(); $user_id = $this->get_user_id(); if (!$user_id) { return; } $message = sprintf('Successful login for %s (ID: %d) from %s in session %s', $user_name, $user_id, rcube_utils::remote_ip(), $session_id); } // log login self::write_log('userlogins', $message); } /** * Check if specified asset file exists * * @param string $path Asset path * @param bool $minified Fallback to minified version of the file * * @return string Asset path if found (modified if minified file found) */ public function find_asset($path, $minified = true) { if (empty($path)) { return; } $assets_dir = $this->config->get('assets_dir'); $root_path = unslashify($assets_dir ?: INSTALL_PATH) . '/'; $full_path = $root_path . trim($path, '/'); if (file_exists($full_path)) { return $path; } if ($minified && preg_match('/(?add_header($col, $this->Q($this->gettext($col))); } } if (!is_array($table_data)) { $db = $this->get_dbh(); while ($table_data && ($sql_arr = $db->fetch_assoc($table_data))) { $table->add_row(array('id' => 'rcmrow' . rcube_utils::html_identifier($sql_arr[$id_col]))); // format each col foreach ($show_cols as $col) { $table->add($col, $this->Q($sql_arr[$col])); } } } else { foreach ($table_data as $row_data) { $class = !empty($row_data['class']) ? $row_data['class'] : null; if (!empty($attrib['rowclass'])) $class = trim($class . ' ' . $attrib['rowclass']); $rowid = 'rcmrow' . rcube_utils::html_identifier($row_data[$id_col]); $table->add_row(array('id' => $rowid, 'class' => $class)); // format each col foreach ($show_cols as $col) { $val = is_array($row_data[$col]) ? $row_data[$col][0] : $row_data[$col]; $table->add($col, empty($attrib['ishtml']) ? $this->Q($val) : $val); } } } return $table->show($attrib); } /** * Convert the given date to a human readable form * This uses the date formatting properties from config * * @param mixed $date Date representation (string, timestamp or DateTime object) * @param string $format Date format to use * @param bool $convert Enables date conversion according to user timezone * * @return string Formatted date string */ public function format_date($date, $format = null, $convert = true) { if (is_object($date) && is_a($date, 'DateTime')) { $timestamp = $date->format('U'); } else { if (!empty($date)) { $timestamp = rcube_utils::strtotime($date); } if (empty($timestamp)) { return ''; } try { $date = new DateTime("@".$timestamp); } catch (Exception $e) { return ''; } } if ($convert) { try { // convert to the right timezone $stz = date_default_timezone_get(); $tz = new DateTimeZone($this->config->get('timezone')); $date->setTimezone($tz); date_default_timezone_set($tz->getName()); $timestamp = $date->format('U'); } catch (Exception $e) { } } // define date format depending on current time if (!$format) { $now = time(); $now_date = getdate($now); $today_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday'], $now_date['year']); $week_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday']-6, $now_date['year']); $pretty_date = $this->config->get('prettydate'); if ($pretty_date && $timestamp > $today_limit && $timestamp <= $now) { $format = $this->config->get('date_today', $this->config->get('time_format', 'H:i')); $today = true; } else if ($pretty_date && $timestamp > $week_limit && $timestamp <= $now) { $format = $this->config->get('date_short', 'D H:i'); } else { $format = $this->config->get('date_long', 'Y-m-d H:i'); } } // strftime() format if (preg_match('/%[a-z]+/i', $format)) { $format = strftime($format, $timestamp); if ($stz) { date_default_timezone_set($stz); } return $today ? ($this->gettext('today') . ' ' . $format) : $format; } // parse format string manually in order to provide localized weekday and month names // an alternative would be to convert the date() format string to fit with strftime() $out = ''; for ($i=0; $igettext(strtolower(date('D', $timestamp))); } // weekday long else if ($format[$i] == 'l') { $out .= $this->gettext(strtolower(date('l', $timestamp))); } // month name (short) else if ($format[$i] == 'M') { $out .= $this->gettext(strtolower(date('M', $timestamp))); } // month name (long) else if ($format[$i] == 'F') { $out .= $this->gettext('long'.strtolower(date('M', $timestamp))); } else if ($format[$i] == 'x') { $out .= strftime('%x %X', $timestamp); } else { $out .= date($format[$i], $timestamp); } } if ($today) { $label = $this->gettext('today'); // replcae $ character with "Today" label (#1486120) if (strpos($out, '$') !== false) { $out = preg_replace('/\$/', $label, $out, 1); } else { $out = $label . ' ' . $out; } } if ($stz) { date_default_timezone_set($stz); } return $out; } /** * Return folders list in HTML * * @param array $attrib Named parameters * * @return string HTML code for the gui object */ public function folder_list($attrib) { static $a_mailboxes; $attrib += array('maxlength' => 100, 'realnames' => false, 'unreadwrap' => ' (%s)'); $type = $attrib['type'] ? $attrib['type'] : 'ul'; unset($attrib['type']); if ($type == 'ul' && !$attrib['id']) { $attrib['id'] = 'rcmboxlist'; } if (empty($attrib['folder_name'])) { $attrib['folder_name'] = '*'; } // get current folder $storage = $this->get_storage(); $mbox_name = $storage->get_folder(); // build the folders tree if (empty($a_mailboxes)) { // get mailbox list $a_folders = $storage->list_folders_subscribed( '', $attrib['folder_name'], $attrib['folder_filter']); $delimiter = $storage->get_hierarchy_delimiter(); $a_mailboxes = array(); foreach ($a_folders as $folder) { $this->build_folder_tree($a_mailboxes, $folder, $delimiter); } } // allow plugins to alter the folder tree or to localize folder names $hook = $this->plugins->exec_hook('render_mailboxlist', array( 'list' => $a_mailboxes, 'delimiter' => $delimiter, 'type' => $type, 'attribs' => $attrib, )); $a_mailboxes = $hook['list']; $attrib = $hook['attribs']; if ($type == 'select') { $attrib['is_escaped'] = true; $select = new html_select($attrib); // add no-selection option if ($attrib['noselection']) { $select->add(html::quote($this->gettext($attrib['noselection'])), ''); } $this->render_folder_tree_select($a_mailboxes, $mbox_name, $attrib['maxlength'], $select, $attrib['realnames']); $out = $select->show($attrib['default']); } else { $js_mailboxlist = array(); $tree = $this->render_folder_tree_html($a_mailboxes, $mbox_name, $js_mailboxlist, $attrib); if ($type != 'js') { $out = html::tag('ul', $attrib, $tree, html::$common_attrib); $this->output->include_script('treelist.js'); $this->output->add_gui_object('mailboxlist', $attrib['id']); $this->output->set_env('unreadwrap', $attrib['unreadwrap']); $this->output->set_env('collapsed_folders', (string) $this->config->get('collapsed_folders')); } $this->output->set_env('mailboxes', $js_mailboxlist); // we can't use object keys in javascript because they are unordered // we need sorted folders list for folder-selector widget $this->output->set_env('mailboxes_list', array_keys($js_mailboxlist)); } // add some labels to client $this->output->add_label('purgefolderconfirm', 'deletemessagesconfirm'); return $out; } /** * Return folders list as html_select object * * @param array $p Named parameters * * @return html_select HTML drop-down object */ public function folder_selector($p = array()) { $realnames = $this->config->get('show_real_foldernames'); $p += array('maxlength' => 100, 'realnames' => $realnames, 'is_escaped' => true); $a_mailboxes = array(); $storage = $this->get_storage(); if (empty($p['folder_name'])) { $p['folder_name'] = '*'; } if ($p['unsubscribed']) { $list = $storage->list_folders('', $p['folder_name'], $p['folder_filter'], $p['folder_rights']); } else { $list = $storage->list_folders_subscribed('', $p['folder_name'], $p['folder_filter'], $p['folder_rights']); } $delimiter = $storage->get_hierarchy_delimiter(); if (!empty($p['exceptions'])) { $list = array_diff($list, (array) $p['exceptions']); } if (!empty($p['additional'])) { foreach ($p['additional'] as $add_folder) { $add_items = explode($delimiter, $add_folder); $folder = ''; while (count($add_items)) { $folder .= array_shift($add_items); // @TODO: sorting if (!in_array($folder, $list)) { $list[] = $folder; } $folder .= $delimiter; } } } foreach ($list as $folder) { $this->build_folder_tree($a_mailboxes, $folder, $delimiter); } // allow plugins to alter the folder tree or to localize folder names $hook = $this->plugins->exec_hook('render_folder_selector', array( 'list' => $a_mailboxes, 'delimiter' => $delimiter, 'attribs' => $p, )); $a_mailboxes = $hook['list']; $p = $hook['attribs']; $select = new html_select($p); if ($p['noselection']) { $select->add(html::quote($p['noselection']), ''); } $this->render_folder_tree_select($a_mailboxes, $mbox, $p['maxlength'], $select, $p['realnames'], 0, $p); return $select; } /** * Create a hierarchical array of the mailbox list */ public function build_folder_tree(&$arrFolders, $folder, $delm = '/', $path = '') { // Handle namespace prefix $prefix = ''; if (!$path) { $n_folder = $folder; $folder = $this->storage->mod_folder($folder); if ($n_folder != $folder) { $prefix = substr($n_folder, 0, -strlen($folder)); } } $pos = strpos($folder, $delm); if ($pos !== false) { $subFolders = substr($folder, $pos+1); $currentFolder = substr($folder, 0, $pos); // sometimes folder has a delimiter as the last character if (!strlen($subFolders)) { $virtual = false; } else if (!isset($arrFolders[$currentFolder])) { $virtual = true; } else { $virtual = $arrFolders[$currentFolder]['virtual']; } } else { $subFolders = false; $currentFolder = $folder; $virtual = false; } $path .= $prefix . $currentFolder; if (!isset($arrFolders[$currentFolder])) { $arrFolders[$currentFolder] = array( 'id' => $path, 'name' => rcube_charset::convert($currentFolder, 'UTF7-IMAP'), 'virtual' => $virtual, 'folders' => array() ); } else { $arrFolders[$currentFolder]['virtual'] = $virtual; } if (strlen($subFolders)) { $this->build_folder_tree($arrFolders[$currentFolder]['folders'], $subFolders, $delm, $path.$delm); } } /** * Return html for a structured list <ul> for the mailbox tree */ public function render_folder_tree_html(&$arrFolders, &$mbox_name, &$jslist, $attrib, $nestLevel = 0) { $maxlength = intval($attrib['maxlength']); $realnames = (bool)$attrib['realnames']; $msgcounts = $this->storage->get_cache('messagecount'); $collapsed = $this->config->get('collapsed_folders'); $realnames = $this->config->get('show_real_foldernames'); $out = ''; foreach ($arrFolders as $folder) { $title = null; $folder_class = $this->folder_classname($folder['id']); $is_collapsed = strpos($collapsed, '&'.rawurlencode($folder['id']).'&') !== false; $unread = $msgcounts ? intval($msgcounts[$folder['id']]['UNSEEN']) : 0; if ($folder_class && !$realnames) { $foldername = $this->gettext($folder_class); } else { $foldername = $folder['name']; // shorten the folder name to a given length if ($maxlength && $maxlength > 1) { $fname = abbreviate_string($foldername, $maxlength); if ($fname != $foldername) { $title = $foldername; } $foldername = $fname; } } // make folder name safe for ids and class names $folder_id = rcube_utils::html_identifier($folder['id'], true); $classes = array('mailbox'); // set special class for Sent, Drafts, Trash and Junk if ($folder_class) { $classes[] = $folder_class; } if ($folder['id'] == $mbox_name) { $classes[] = 'selected'; } if ($folder['virtual']) { $classes[] = 'virtual'; } else if ($unread) { $classes[] = 'unread'; } $js_name = $this->JQ($folder['id']); $html_name = $this->Q($foldername) . ($unread ? html::span('unreadcount skip-content', sprintf($attrib['unreadwrap'], $unread)) : ''); $link_attrib = $folder['virtual'] ? array() : array( 'href' => $this->url(array('_mbox' => $folder['id'])), 'onclick' => sprintf("return %s.command('list','%s',this,event)", rcmail_output::JS_OBJECT_NAME, $js_name), 'rel' => $folder['id'], 'title' => $title, ); $out .= html::tag('li', array( 'id' => "rcmli" . $folder_id, 'class' => implode(' ', $classes), 'noclose' => true ), html::a($link_attrib, $html_name)); if (!empty($folder['folders'])) { $out .= html::div('treetoggle ' . ($is_collapsed ? 'collapsed' : 'expanded'), ' '); } $jslist[$folder['id']] = array( 'id' => $folder['id'], 'name' => $foldername, 'virtual' => $folder['virtual'], ); if (!empty($folder_class)) { $jslist[$folder['id']]['class'] = $folder_class; } if (!empty($folder['folders'])) { $out .= html::tag('ul', array('style' => ($is_collapsed ? "display:none;" : null)), $this->render_folder_tree_html($folder['folders'], $mbox_name, $jslist, $attrib, $nestLevel+1)); } $out .= "\n"; } return $out; } /** * Return html for a flat list