From 060467df9d95be3768dab51ff5dd4e6214ec86a0 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Mon, 02 Sep 2013 05:45:28 -0400
Subject: [PATCH] Log also failed logins to userlogins log
---
program/include/rcmail.php | 324 ++++++++++++-----------------------------------------
1 files changed, 77 insertions(+), 247 deletions(-)
diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index b2d6966..1c9f3dd 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -51,6 +51,7 @@
*/
public $action = '';
public $comm_path = './';
+ public $filename = '';
private $address_books = array();
private $action_map = array();
@@ -65,12 +66,13 @@
/**
* This implements the 'singleton' design pattern
*
+ * @param string Environment name to run (e.g. live, dev, test)
* @return rcmail The one and only instance
*/
- static function get_instance()
+ static function get_instance($env = '')
{
if (!self::$instance || !is_a(self::$instance, 'rcmail')) {
- self::$instance = new rcmail();
+ self::$instance = new rcmail($env);
self::$instance->startup(); // init AFTER object was linked with self::$instance
}
@@ -86,6 +88,10 @@
{
$this->init(self::INIT_WITH_DB | self::INIT_WITH_PLUGINS);
+ // set filename if not index.php
+ if (($basename = basename($_SERVER['SCRIPT_FILENAME'])) && $basename != 'index.php')
+ $this->filename = $basename;
+
// start session
$this->session_init();
@@ -98,7 +104,10 @@
// reset some session parameters when changing task
if ($this->task != 'utils') {
- if ($this->session && $_SESSION['task'] != $this->task)
+ // we reset list page when switching to another task
+ // but only to the main task interface - empty action (#1489076)
+ // this will prevent from unintentional page reset on cross-task requests
+ if ($this->session && $_SESSION['task'] != $this->task && empty($this->action))
$this->session->remove('page');
// set current task to session
$_SESSION['task'] = $this->task;
@@ -123,7 +132,7 @@
*/
public function set_task($task)
{
- $task = asciiwords($task);
+ $task = asciiwords($task, true);
if ($this->user && $this->user->ID)
$task = !$task ? 'mail' : $task;
@@ -159,7 +168,7 @@
setlocale(LC_ALL, $lang . '.utf8', $lang . '.UTF-8', 'en_US.utf8', 'en_US.UTF-8');
// workaround for http://bugs.php.net/bug.php?id=18556
- if (in_array($lang, array('tr_TR', 'ku', 'az_AZ'))) {
+ if (version_compare(PHP_VERSION, '5.5.0', '<') && in_array($lang, array('tr_TR', 'ku', 'az_AZ'))) {
setlocale(LC_CTYPE, 'en_US.utf8', 'en_US.UTF-8');
}
}
@@ -225,6 +234,11 @@
}
if (!$contacts) {
+ // there's no default, just return
+ if ($default) {
+ return null;
+ }
+
self::raise_error(array(
'code' => 700, 'type' => 'php',
'file' => __FILE__, 'line' => __LINE__,
@@ -249,6 +263,23 @@
/**
+ * Return identifier of the address book object
+ *
+ * @param rcube_addressbook Addressbook source object
+ *
+ * @return string Source identifier
+ */
+ public function get_address_book_id($object)
+ {
+ foreach ($this->address_books as $index => $book) {
+ if ($book === $object) {
+ return $index;
+ }
+ }
+ }
+
+
+ /**
* Return address books list
*
* @param boolean True if the address book needs to be writeable
@@ -258,13 +289,13 @@
*/
public function get_address_sources($writeable = false, $skip_hidden = false)
{
- $abook_type = strtolower($this->config->get('address_book_type'));
- $ldap_config = $this->config->get('ldap_public');
+ $abook_type = (string) $this->config->get('address_book_type');
+ $ldap_config = (array) $this->config->get('ldap_public');
$autocomplete = (array) $this->config->get('autocomplete_addressbooks');
- $list = array();
+ $list = array();
// We are using the DB address book or a plugin address book
- if ($abook_type != 'ldap' && $abook_type != '') {
+ if (!empty($abook_type) && strtolower($abook_type) != 'ldap') {
if (!isset($this->address_books['0']))
$this->address_books['0'] = new rcube_contacts($this->db, $this->get_user_id());
$list['0'] = array(
@@ -277,8 +308,7 @@
);
}
- if ($ldap_config) {
- $ldap_config = (array) $ldap_config;
+ if (!empty($ldap_config)) {
foreach ($ldap_config as $id => $prop) {
// handle misconfiguration
if (empty($prop) || !is_array($prop)) {
@@ -287,7 +317,7 @@
$list[$id] = array(
'id' => $id,
'name' => html::quote($prop['name']),
- 'groups' => is_array($prop['groups']),
+ 'groups' => !empty($prop['groups']) || !empty($prop['group_filters']),
'readonly' => !$prop['writable'],
'hidden' => $prop['hidden'],
'autocomplete' => in_array($id, $autocomplete)
@@ -594,7 +624,7 @@
$post_host = rcube_utils::get_input_value('_host', rcube_utils::INPUT_POST);
$post_user = rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST);
- list($user, $domain) = explode('@', $post_user);
+ list(, $domain) = explode('@', $post_user);
// direct match in default_host array
if ($default_host[$post_host] || in_array($post_host, array_values($default_host))) {
@@ -698,28 +728,6 @@
/**
- * Create unique authorization hash
- *
- * @param string Session ID
- * @param int Timestamp
- * @return string The generated auth hash
- */
- private function get_auth_hash($sess_id, $ts)
- {
- $auth_string = sprintf('rcmail*sess%sR%s*Chk:%s;%s',
- $sess_id,
- $ts,
- $this->config->get('ip_check') ? $_SERVER['REMOTE_ADDR'] : '***.***.***.***',
- $_SERVER['HTTP_USER_AGENT']);
-
- if (function_exists('sha1'))
- return sha1($auth_string);
- else
- return md5($auth_string);
- }
-
-
- /**
* Build a valid URL to this instance of Roundcube
*
* @param mixed Either a string with the action or url parameters as key-value pairs
@@ -739,7 +747,7 @@
$p['_task'] = $task;
unset($p['task']);
- $url = './';
+ $url = './' . $this->filename;
$delm = '?';
foreach (array_reverse($p) as $key => $val) {
if ($val !== '' && $val !== null) {
@@ -762,11 +770,6 @@
foreach ($this->address_books as $book) {
if (is_object($book) && is_a($book, 'rcube_addressbook'))
$book->close();
- }
-
- // before closing the database connection, write session data
- if ($_SERVER['REMOTE_ADDR'] && is_object($this->session)) {
- session_write_close();
}
// write performance stats to logs/console
@@ -929,189 +932,6 @@
/**
- * Send the given message using the configured method.
- *
- * @param object $message Reference to Mail_MIME object
- * @param string $from Sender address string
- * @param array $mailto Array of recipient address strings
- * @param array $error SMTP error array (reference)
- * @param string $body_file Location of file with saved message body (reference),
- * used when delay_file_io is enabled
- * @param array $options SMTP options (e.g. DSN request)
- *
- * @return boolean Send status.
- */
- public function deliver_message(&$message, $from, $mailto, &$error, &$body_file = null, $options = null)
- {
- $plugin = $this->plugins->exec_hook('message_before_send', array(
- 'message' => $message,
- 'from' => $from,
- 'mailto' => $mailto,
- 'options' => $options,
- ));
-
- $from = $plugin['from'];
- $mailto = $plugin['mailto'];
- $options = $plugin['options'];
- $message = $plugin['message'];
- $headers = $message->headers();
-
- // send thru SMTP server using custom SMTP library
- if ($this->config->get('smtp_server')) {
- // generate list of recipients
- $a_recipients = array($mailto);
-
- if (strlen($headers['Cc']))
- $a_recipients[] = $headers['Cc'];
- if (strlen($headers['Bcc']))
- $a_recipients[] = $headers['Bcc'];
-
- // clean Bcc from header for recipients
- $send_headers = $headers;
- unset($send_headers['Bcc']);
- // here too, it because txtHeaders() below use $message->_headers not only $send_headers
- unset($message->_headers['Bcc']);
-
- $smtp_headers = $message->txtHeaders($send_headers, true);
-
- if ($message->getParam('delay_file_io')) {
- // use common temp dir
- $temp_dir = $this->config->get('temp_dir');
- $body_file = tempnam($temp_dir, 'rcmMsg');
- if (PEAR::isError($mime_result = $message->saveMessageBody($body_file))) {
- self::raise_error(array('code' => 650, 'type' => 'php',
- 'file' => __FILE__, 'line' => __LINE__,
- 'message' => "Could not create message: ".$mime_result->getMessage()),
- TRUE, FALSE);
- return false;
- }
- $msg_body = fopen($body_file, 'r');
- }
- else {
- $msg_body = $message->get();
- }
-
- // send message
- if (!is_object($this->smtp)) {
- $this->smtp_init(true);
- }
-
- $sent = $this->smtp->send_mail($from, $a_recipients, $smtp_headers, $msg_body, $options);
- $response = $this->smtp->get_response();
- $error = $this->smtp->get_error();
-
- // log error
- if (!$sent) {
- self::raise_error(array('code' => 800, 'type' => 'smtp',
- 'line' => __LINE__, 'file' => __FILE__,
- 'message' => "SMTP error: ".join("\n", $response)), TRUE, FALSE);
- }
- }
- // send mail using PHP's mail() function
- else {
- // unset some headers because they will be added by the mail() function
- $headers_enc = $message->headers($headers);
- $headers_php = $message->_headers;
- unset($headers_php['To'], $headers_php['Subject']);
-
- // reset stored headers and overwrite
- $message->_headers = array();
- $header_str = $message->txtHeaders($headers_php);
-
- // #1485779
- if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
- if (preg_match_all('/<([^@]+@[^>]+)>/', $headers_enc['To'], $m)) {
- $headers_enc['To'] = implode(', ', $m[1]);
- }
- }
-
- $msg_body = $message->get();
-
- if (PEAR::isError($msg_body)) {
- self::raise_error(array('code' => 650, 'type' => 'php',
- 'file' => __FILE__, 'line' => __LINE__,
- 'message' => "Could not create message: ".$msg_body->getMessage()),
- TRUE, FALSE);
- }
- else {
- $delim = $this->config->header_delimiter();
- $to = $headers_enc['To'];
- $subject = $headers_enc['Subject'];
- $header_str = rtrim($header_str);
-
- if ($delim != "\r\n") {
- $header_str = str_replace("\r\n", $delim, $header_str);
- $msg_body = str_replace("\r\n", $delim, $msg_body);
- $to = str_replace("\r\n", $delim, $to);
- $subject = str_replace("\r\n", $delim, $subject);
- }
-
- if (ini_get('safe_mode'))
- $sent = mail($to, $subject, $msg_body, $header_str);
- else
- $sent = mail($to, $subject, $msg_body, $header_str, "-f$from");
- }
- }
-
- if ($sent) {
- $this->plugins->exec_hook('message_sent', array('headers' => $headers, 'body' => $msg_body));
-
- // remove MDN headers after sending
- unset($headers['Return-Receipt-To'], $headers['Disposition-Notification-To']);
-
- // get all recipients
- if ($headers['Cc'])
- $mailto .= $headers['Cc'];
- if ($headers['Bcc'])
- $mailto .= $headers['Bcc'];
- if (preg_match_all('/<([^@]+@[^>]+)>/', $mailto, $m))
- $mailto = implode(', ', array_unique($m[1]));
-
- if ($this->config->get('smtp_log')) {
- self::write_log('sendmail', sprintf("User %s [%s]; Message for %s; %s",
- $this->user->get_username(),
- $_SERVER['REMOTE_ADDR'],
- $mailto,
- !empty($response) ? join('; ', $response) : ''));
- }
- }
-
- if (is_resource($msg_body)) {
- fclose($msg_body);
- }
-
- $message->_headers = array();
- $message->headers($headers);
-
- return $sent;
- }
-
-
- /**
- * Unique Message-ID generator.
- *
- * @return string Message-ID
- */
- public function gen_message_id()
- {
- $local_part = md5(uniqid('rcmail'.mt_rand(),true));
- $domain_part = $this->user->get_username('domain');
-
- // Try to find FQDN, some spamfilters doesn't like 'localhost' (#1486924)
- if (!preg_match('/\.[a-z]+$/i', $domain_part)) {
- foreach (array($_SERVER['HTTP_HOST'], $_SERVER['SERVER_NAME']) as $host) {
- $host = preg_replace('/:[0-9]+$/', '', $host);
- if ($host && preg_match('/\.[a-z]+$/i', $host)) {
- $domain_part = $host;
- }
- }
- }
-
- return sprintf('<%s@%s>', $local_part, $domain_part);
- }
-
-
- /**
* Returns RFC2822 formatted current date in user's timezone
*
* @return string Date
@@ -1134,22 +954,32 @@
/**
* Write login data (name, ID, IP address) to the 'userlogins' log file.
*/
- public function log_login()
+ public function log_login($user, $failed_login = false, $error_code = 0)
{
if (!$this->config->get('log_logins')) {
return;
}
- $user_name = $this->get_user_name();
- $user_id = $this->get_user_id();
+ // failed login
+ if ($failed_login) {
+ $message = sprintf('Failed login for %s from %s in session %s (error: %d)',
+ $user, rcube_utils::remote_ip(), session_id(), $error_code);
+ }
+ // successful login
+ else {
+ $user_name = $this->get_user_name();
+ $user_id = $this->get_user_id();
- if (!$user_id) {
- return;
+ if (!$user_id) {
+ return;
+ }
+
+ $message = sprintf('Successful login for %s (ID: %d) from %s in session %s',
+ $user_name, $user_id, rcube_utils::remote_ip(), session_id());
}
- self::write_log('userlogins',
- sprintf('Successful login for %s (ID: %d) from %s in session %s',
- $user_name, $user_id, rcube_utils::remote_ip(), session_id()));
+ // log login
+ self::write_log('userlogins', $message);
}
@@ -1165,7 +995,7 @@
*/
public function table_output($attrib, $table_data, $a_show_cols, $id_col)
{
- $table = new html_table(/*array('cols' => count($a_show_cols))*/);
+ $table = new html_table($attrib);
// add table header
if (!$attrib['noheader']) {
@@ -1528,9 +1358,10 @@
$realnames = (bool)$attrib['realnames'];
$msgcounts = $this->storage->get_cache('messagecount');
$collapsed = $this->config->get('collapsed_folders');
+ $realnames = $this->config->get('show_real_foldernames');
$out = '';
- foreach ($arrFolders as $key => $folder) {
+ foreach ($arrFolders as $folder) {
$title = null;
$folder_class = $this->folder_classname($folder['id']);
$is_collapsed = strpos($collapsed, '&'.rawurlencode($folder['id']).'&') !== false;
@@ -1616,7 +1447,7 @@
{
$out = '';
- foreach ($arrFolders as $key => $folder) {
+ foreach ($arrFolders as $folder) {
// skip exceptions (and its subfolders)
if (!empty($opts['exceptions']) && in_array($folder['id'], $opts['exceptions'])) {
continue;
@@ -1684,8 +1515,10 @@
*/
public function localize_foldername($name, $with_path = true)
{
+ $realnames = $this->config->get('show_real_foldernames');
+
// try to localize path of the folder
- if ($with_path) {
+ if ($with_path && !$realnames) {
$storage = $this->get_storage();
$delimiter = $storage->get_hierarchy_delimiter();
$path = explode($delimiter, $name);
@@ -1702,12 +1535,11 @@
}
}
- if ($folder_class = $this->folder_classname($name)) {
+ if (!$realnames && ($folder_class = $this->folder_classname($name))) {
return $this->gettext($folder_class);
}
- else {
- return rcube_charset::convert($name, 'UTF7-IMAP');
- }
+
+ return rcube_charset::convert($name, 'UTF7-IMAP');
}
@@ -1762,11 +1594,7 @@
$quota_result = (array) $quota;
$quota_result['type'] = isset($_SESSION['quota_display']) ? $_SESSION['quota_display'] : '';
- if (!$quota['total'] && $this->config->get('quota_zero_as_unlimited')) {
- $quota_result['title'] = $this->gettext('unlimited');
- $quota_result['percent'] = 0;
- }
- else if ($quota['total']) {
+ if ($quota['total'] > 0) {
if (!isset($quota['percent'])) {
$quota_result['percent'] = min(100, round(($quota['used']/max(1,$quota['total']))*100));
}
@@ -1785,7 +1613,8 @@
}
}
else {
- $quota_result['title'] = $this->gettext('unknown');
+ $unlimited = $this->config->get('quota_zero_as_unlimited');
+ $quota_result['title'] = $this->gettext($unlimited ? 'unlimited' : 'unknown');
$quota_result['percent'] = 0;
}
@@ -1964,7 +1793,8 @@
public function upload_init()
{
// Enable upload progress bar
- if (($seconds = $this->config->get('upload_progress')) && ini_get('apc.rfc1867')) {
+ $rfc1867 = filter_var(ini_get('apc.rfc1867'), FILTER_VALIDATE_BOOLEAN);
+ if ($rfc1867 && ($seconds = $this->config->get('upload_progress'))) {
if ($field_name = ini_get('apc.rfc1867_name')) {
$this->output->set_env('upload_progress_name', $field_name);
$this->output->set_env('upload_progress_time', (int) $seconds);
--
Gitblit v1.9.1