Source for file redirect.php
Documentation is available at redirect.php
* Prevents users from reposting their form data after a successful logout.
* @copyright 1999-2020 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id: redirect.php 14840 2020-01-07 07:42:38Z pdontthink $
/** This is the redirect page */
define('PAGE_NAME', 'redirect');
* Path for SquirrelMail required files.
/* SquirrelMail required files. */
require_once(SM_PATH .
'functions/global.php');
require_once(SM_PATH .
'functions/i18n.php');
require_once(SM_PATH .
'functions/strings.php');
require_once(SM_PATH .
'functions/prefs.php');
require_once(SM_PATH .
'functions/imap.php');
require_once(SM_PATH .
'functions/plugin.php');
require_once(SM_PATH .
'functions/constants.php');
require_once(SM_PATH .
'functions/page_header.php');
// Disable Browser Caching
header('Cache-Control: no-cache, no-store, must-revalidate');
header('Expires: Sat, 1 Jan 2000 00:00:00 GMT');
/* get globals we me need */
sqGetGlobalVar('login_username', $login_username);
sqGetGlobalVar('secretkey', $secretkey);
sqGetGlobalVar('js_autodetect_results', $js_autodetect_results);
if(!sqGetGlobalVar('squirrelmail_language', $squirrelmail_language) ||
$squirrelmail_language ==
'') {
$squirrelmail_language =
$squirrelmail_default_language;
/* Refresh the language cookie. */
sqsetcookie('squirrelmail_language', $squirrelmail_language, time()+
2592000, $base_uri);
if (!isset
($login_username)) {
include_once(SM_PATH .
'functions/display_messages.php' );
* Regenerate session id to make sure that authenticated session uses
* different ID than one used before user authenticated. This is a
* countermeasure against session fixation attacks.
* NB: session_regenerate_id() was added in PHP 4.3.2 (and new session
* cookie is only sent out in this call as of PHP 4.3.3), but PHP 4
* is not vulnerable to session fixation problems in SquirrelMail
* because it prioritizes $base_uri subdirectory cookies differently
* than PHP 5, which is otherwise vulnerable. If we really want to,
* we could define our own session_regenerate_id() when one does not
* exist, but there seems to be no reason to do so.
// re-send session cookie so we get the right parameters on it
// (such as HTTPOnly, if necessary - PHP doesn't do this itself
/* remove redundant spaces */
$login_username =
trim($login_username);
/* Verify that username and password are correct. */
if ($force_username_lowercase) {
global $imap_stream_options; // in case not defined in config
$imapConnection =
sqimap_login($login_username, $key, $imapServerAddress, $imapPort, 0, $imap_stream_options);
$username =
$login_username;
$is_login_verified_hook =
TRUE;
$is_login_verified_hook =
FALSE;
/* Set the login variables. */
$user_is_logged_in =
true;
/* And register with them with the session. */
/* parse the accepted content-types of the client */
$attachment_common_types =
array();
$attachment_common_types_parsed =
array();
!isset
($attachment_common_types_parsed[$http_accept]) ) {
/* Complete autodetection of Javascript. */
$js_autodetect_results =
(isset
($js_autodetect_results) ?
/* See if it's set to "Always on" */
setPref($data_dir, $username, 'javascript_on', $js_pref);
/* Compute the URL to forward the user to. */
$redirect_url =
'webmail.php';
if ( $session_expired_location ==
'compose' ) {
$compose_new_win =
getPref($data_dir, $username, 'compose_new_win', 0);
// do not prefix $location here because $session_expired_location is set to the PAGE_NAME
$redirect_url =
$session_expired_location .
'.php';
$redirect_url =
'webmail.php?right_frame=' .
urlencode($session_expired_location .
'.php');
} else if ($session_expired_location !=
'webmail'
&&
$session_expired_location !=
'left_main') {
$redirect_url =
'webmail.php?right_frame=' .
urlencode($session_expired_location .
'.php');
unset
($session_expired_location);
$redirect_url =
$location .
'/webmail.php?right_frame=compose.php&mailtodata=';
/* Write session data and send them off to the appropriate page. */
header("Location: $redirect_url");
/* --------------------- end main ----------------------- */
global $attachment_common_types, $attachment_common_types_parsed;
$attachment_common_types_parsed[$str] =
true;
* Replace ", " with "," and explode on that as Mozilla 1.x seems to
* use "," to seperate whilst IE, and earlier versions of Mozilla use
foreach ($types as $val) {
// Ignore the ";q=1.0" stuff
if (strpos($val, ';') !==
false)
if (! isset
($attachment_common_types[$val])) {
$attachment_common_types[$val] =
true;
Documentation generated on Mon, 13 Jan 2020 04:25:13 +0100 by phpDocumentor 1.4.3