Source for file redirect.php
Documentation is available at redirect.php
* Prevents users from reposting their form data after a successful logout.
* @copyright 1999-2020 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id: redirect.php 14845 2020-01-07 08:09:34Z pdontthink $
/** This is the redirect page */
define('PAGE_NAME', 'redirect');
* Include the SquirrelMail initialization file.
require
('../include/init.php');
/* SquirrelMail required files. */
require_once(SM_PATH .
'functions/imap_general.php');
require_once(SM_PATH .
'functions/strings.php');
// Disable browser caching
header('Cache-Control: no-cache, no-store, must-revalidate, max-age=0');
header('Expires: Sat, 1 Jan 2000 00:00:00 GMT');
// session_set_cookie_params (0, $base_uri);
/* get globals we me need */
sqGetGlobalVar('login_username', $login_username);
sqGetGlobalVar('secretkey', $secretkey);
if(!sqGetGlobalVar('squirrelmail_language', $squirrelmail_language) ||
$squirrelmail_language ==
'') {
$squirrelmail_language =
$squirrelmail_default_language;
/* Refresh the language cookie. */
sqsetcookie('squirrelmail_language', $squirrelmail_language, time()+
2592000,
if (!isset
($login_username)) {
/* remove redundant spaces */
$login_username =
trim($login_username);
/* Case-normalise username if so desired */
if ($force_username_lowercase) {
/* Verify that username and password are correct. */
global $imap_stream_options; // in case not defined in config
$imapConnection =
sqimap_login($login_username, $key, $imapServerAddress, $imapPort, 0, $imap_stream_options);
/* From now on we are logged it. If the login failed then sqimap_login handles it */
* Regenerate session id to make sure that authenticated session uses
* different ID than one used before user authenticated. This is a
* countermeasure against session fixation attacks.
* NB: session_regenerate_id() was added in PHP 4.3.2 (and new session
* cookie is only sent out in this call as of PHP 4.3.3), but PHP 4
* is not vulnerable to session fixation problems in SquirrelMail
* because it prioritizes $base_uri subdirectory cookies differently
* than PHP 5, which is otherwise vulnerable. If we really want to,
* we could define our own session_regenerate_id() when one does not
* exist, but there seems to be no reason to do so.
* The cookie part. session_start and session_regenerate_session normally set
* their own cookie. SquirrelMail sets another cookie which overwites the
* php cookies. The sqsetcookie function sets the cookie by using the header
* function which gives us full control how the cookie is set. We do that
* to add the HttpOnly cookie attribute which blocks javascript access on
/* Server side sorting control */
if (isset
($sqimap_capabilities['SORT']) &&
$sqimap_capabilities['SORT'] ==
true &&
isset
($disable_server_sort) &&
$disable_server_sort) {
unset
($sqimap_capabilities['SORT']);
/* Thread sort control */
if (isset
($sqimap_capabilities['THREAD']) &&
$sqimap_capabilities['THREAD'] ==
true &&
isset
($disable_thread_sort) &&
$disable_thread_sort) {
unset
($sqimap_capabilities['THREAD']);
if (isset
($sqimap_capabilities['NAMESPACE']) &&
$sqimap_capabilities['NAMESPACE'] ==
true) {
$username =
$login_username;
/* Set the login variables. */
$user_is_logged_in =
true;
/* And register with them with the session. */
/* parse the accepted content-types of the client */
$attachment_common_types =
array();
$attachment_common_types_parsed =
array();
!isset
($attachment_common_types_parsed[$http_accept]) ) {
// having just logged in, need to synch the template file cache
// so the right template set is displayed (per user prefs)
require
(SM_PATH .
'include/load_prefs.php');
/* Complete autodetection of Javascript. */
/* Compute the URL to forward the user to. */
$redirect_url =
$location .
'/webmail.php';
if ( $session_expired_location ==
'compose' ) {
$compose_new_win =
getPref($data_dir, $username, 'compose_new_win', 0);
// do not prefix $location here because $session_expired_location is set to the PAGE_NAME
$redirect_url =
$location .
'/' .
$session_expired_location .
'.php';
$redirect_url =
$location .
'/webmail.php?right_frame=' .
urlencode($session_expired_location .
'.php');
} else if ($session_expired_location !=
'webmail'
&&
$session_expired_location !=
'left_main') {
$redirect_url =
$location .
'/webmail.php?right_frame=' .
urlencode($session_expired_location .
'.php');
unset
($session_expired_location);
$redirect_url =
$location .
'/webmail.php?right_frame=compose.php&mailtodata=';
/* Write session data and send them off to the appropriate page. */
header("Location: $redirect_url");
/* --------------------- end main ----------------------- */
global $attachment_common_types, $attachment_common_types_parsed;
* Replace ", " with "," and explode on that as Mozilla 1.x seems to
* use "," to seperate whilst IE, and earlier versions of Mozilla use
foreach ($types as $val) {
// Ignore the ";q=1.0" stuff
if (strpos($val, ';') !==
false) {
if (! isset
($attachment_common_types[$val])) {
$attachment_common_types[$val] =
true;
$attachment_common_types_parsed[$str] =
true;
Documentation generated on Mon, 13 Jan 2020 04:23:25 +0100 by phpDocumentor 1.4.3