· 6 years ago · Feb 19, 2019, 08:38 PM
1<?php
2
3/**
4 * login.php -- simple login screen
5 *
6 * This a simple login screen. Some housekeeping is done to clean
7 * cookies and find language.
8 *
9 * @copyright 1999-2011 The SquirrelMail Project Team
10 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
11 * @version $Id: login.php 14084 2011-01-06 02:44:03Z pdontthink $
12 * @package squirrelmail
13 */
14
15/** This is the login page */
16define('PAGE_NAME', 'login');
17
18/**
19 * Path for SquirrelMail required files.
20 * @ignore
21 */
22define('SM_PATH','../');
23
24/* SquirrelMail required files. */
25require_once(SM_PATH . 'functions/global.php');
26require_once(SM_PATH . 'functions/i18n.php');
27require_once(SM_PATH . 'functions/plugin.php');
28require_once(SM_PATH . 'functions/constants.php');
29require_once(SM_PATH . 'functions/page_header.php');
30require_once(SM_PATH . 'functions/html.php');
31require_once(SM_PATH . 'functions/forms.php');
32
33/**
34 * $squirrelmail_language is set by a cookie when the user selects
35 * language and logs out
36 */
37set_up_language($squirrelmail_language, TRUE, TRUE);
38
39/**
40 * In case the last session was not terminated properly, make sure
41 * we get a new one, but make sure we preserve session_expired_*
42 */
43$sep = '';
44$sel = '';
45sqGetGlobalVar('session_expired_post', $sep, SQ_SESSION);
46sqGetGlobalVar('session_expired_location', $sel, SQ_SESSION);
47
48/* blow away session */
49sqsession_destroy();
50
51/**
52 * in some rare instances, the session seems to stick
53 * around even after destroying it (!!), so if it does,
54 * we'll manually flatten the $_SESSION data
55 */
56if (!empty($_SESSION)) {
57 $_SESSION = array();
58}
59
60/**
61 * Allow administrators to define custom session handlers
62 * for SquirrelMail without needing to change anything in
63 * php.ini (application-level).
64 *
65 * In config_local.php, admin needs to put:
66 *
67 * $custom_session_handlers = array(
68 * 'my_open_handler',
69 * 'my_close_handler',
70 * 'my_read_handler',
71 * 'my_write_handler',
72 * 'my_destroy_handler',
73 * 'my_gc_handler',
74 * );
75 * session_module_name('user');
76 * session_set_save_handler(
77 * $custom_session_handlers[0],
78 * $custom_session_handlers[1],
79 * $custom_session_handlers[2],
80 * $custom_session_handlers[3],
81 * $custom_session_handlers[4],
82 * $custom_session_handlers[5]
83 * );
84 *
85 * We need to replicate that code once here because PHP has
86 * long had a bug that resets the session handler mechanism
87 * when the session data is also destroyed. Because of this
88 * bug, even administrators who define custom session handlers
89 * via a PHP pre-load defined in php.ini (auto_prepend_file)
90 * will still need to define the $custom_session_handlers array
91 * in config_local.php.
92 */
93global $custom_session_handlers;
94if (!empty($custom_session_handlers)) {
95 $open = $custom_session_handlers[0];
96 $close = $custom_session_handlers[1];
97 $read = $custom_session_handlers[2];
98 $write = $custom_session_handlers[3];
99 $destroy = $custom_session_handlers[4];
100 $gc = $custom_session_handlers[5];
101 session_module_name('user');
102 session_set_save_handler($open, $close, $read, $write, $destroy, $gc);
103}
104
105/* put session_expired_* variables back in session */
106sqsession_is_active();
107if (!empty($sel)) {
108 sqsession_register($sel, 'session_expired_location');
109 if (!empty($sep))
110 sqsession_register($sep, 'session_expired_post');
111}
112
113// Disable Browser Caching
114//
115header('Cache-Control: no-cache, no-store, must-revalidate');
116header('Pragma: no-cache');
117header('Expires: Sat, 1 Jan 2000 00:00:00 GMT');
118
119do_hook('login_cookie');
120
121$loginname_value = (sqGetGlobalVar('loginname', $loginname) ? htmlspecialchars($loginname) : '');
122
123/* Output the javascript onload function. */
124
125$header = "<script language=\"JavaScript\" type=\"text/javascript\">\n" .
126 "<!--\n".
127 " var alreadyFocused = false;\n".
128 " function squirrelmail_loginpage_onload() {\n".
129 " document.login_form.js_autodetect_results.value = '" . SMPREF_JS_ON . "';\n".
130 " if (alreadyFocused) return;\n".
131 " var textElements = 0;\n".
132 " for (i = 0; i < document.login_form.elements.length; i++) {\n".
133 " if (document.login_form.elements[i].type == \"text\" || document.login_form.elements[i].type == \"password\") {\n".
134 " textElements++;\n".
135 " if (textElements == " . (isset($loginname) ? 2 : 1) . ") {\n".
136 " document.login_form.elements[i].focus();\n".
137 " break;\n".
138 " }\n".
139 " }\n".
140 " }\n".
141 " }\n".
142 "// -->\n".
143 "</script>\n";
144$custom_css = 'none';
145
146// Load default theme if possible
147if (@file_exists($theme[$theme_default]['PATH']))
148 @include ($theme[$theme_default]['PATH']);
149
150if (! isset($color) || ! is_array($color)) {
151 // Add default color theme, if theme loading fails
152 $color = array();
153 $color[0] = '#dcdcdc'; /* light gray TitleBar */
154 $color[1] = '#800000'; /* red */
155 $color[2] = '#cc0000'; /* light red Warning/Error Messages */
156 $color[4] = '#ffffff'; /* white Normal Background */
157 $color[7] = '#0000cc'; /* blue Links */
158 $color[8] = '#000000'; /* black Normal text */
159}
160
161displayHtmlHeader( "$org_name - " . _("Login"), $header, FALSE );
162
163echo "<body text=\"$color[8]\" bgcolor=\"$color[4]\" link=\"$color[7]\" vlink=\"$color[7]\" alink=\"$color[7]\" onLoad=\"squirrelmail_loginpage_onload();\">" .
164 "\n" . addForm('redirect.php', 'post', 'login_form');
165
166$username_form_name = 'login_username';
167$password_form_name = 'secretkey';
168do_hook('login_top');
169
170
171if(sqgetGlobalVar('mailtodata', $mailtodata)) {
172 $mailtofield = addHidden('mailtodata', $mailtodata);
173} else {
174 $mailtofield = '';
175}
176
177/* If they don't have a logo, don't bother.. */
178if (isset($org_logo) && $org_logo) {
179 /* Display width and height like good little people */
180 $width_and_height = '';
181 if (isset($org_logo_width) && is_numeric($org_logo_width) &&
182 $org_logo_width>0) {
183 $width_and_height = " width=\"$org_logo_width\"";
184 }
185 if (isset($org_logo_height) && is_numeric($org_logo_height) &&
186 $org_logo_height>0) {
187 $width_and_height .= " height=\"$org_logo_height\"";
188 }
189}
190
191echo html_tag( 'table',
192 html_tag( 'tr',
193 html_tag( 'td',
194 '<center>'.
195 ( isset($org_logo) && $org_logo
196 ? '<img src="' . $org_logo . '" alt="' .
197 sprintf(_("%s Logo"), $org_name) .'"' . $width_and_height .
198 ' /><br />' . "\n"
199 : '' ).
200 ( (isset($hide_sm_attributions) && $hide_sm_attributions) ? '' :
201 '<small>' . sprintf (_("SquirrelMail version %s"), $version) . '<br />' ."\n".
202 ' ' . _("By the SquirrelMail Project Team") . '<br /></small>' . "\n" ) .
203 html_tag( 'table',
204 html_tag( 'tr',
205 html_tag( 'td',
206 '<b>' . sprintf (_("%s Login"), $org_name) . "</b>\n",
207 'center', $color[0] )
208 ) .
209 html_tag( 'tr',
210 html_tag( 'td', "\n" .
211 html_tag( 'table',
212 html_tag( 'tr',
213 html_tag( 'td',
214 _("Name:") ,
215 'right', '', 'width="30%"' ) .
216 html_tag( 'td',
217 addInput($username_form_name, $loginname_value, 0, 0, ' onfocus="alreadyFocused=true;"'),
218 'left', '', 'width="70%"' )
219 ) . "\n" .
220 html_tag( 'tr',
221 html_tag( 'td',
222 _("Password:") ,
223 'right', '', 'width="30%"' ) .
224 html_tag( 'td',
225 addPwField($password_form_name, null, ' onfocus="alreadyFocused=true;"').
226 addHidden('js_autodetect_results', SMPREF_JS_OFF).
227 $mailtofield .
228 addHidden('just_logged_in', '1'),
229 'left', '', 'width="70%"' )
230 ) ,
231 'center', $color[4], 'border="0" width="100%"' ) ,
232 'left',$color[4] )
233 ) .
234 html_tag( 'tr',
235 html_tag( 'td',
236 '<center>'. addSubmit(_("Login")) .'</center>',
237 'left' )
238 ),
239 '', $color[4], 'border="0" width="350"' ) . '</center>',
240 'center' )
241 ) ,
242'', $color[4], 'border="0" cellspacing="0" cellpadding="0" width="100%"' );
243do_hook('login_form');
244echo '</form>' . "\n";
245
246do_hook('login_bottom');
247?>
248</body></html>