Viewing file:  dologin.php (17.26 KB) -rwxr-xr-x
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
<?php
/*
############################################################################
# DWmail
# - version 4.0
# - Copyright (c) 2003-2006 Dominion Web Design
# - http://www.dominion-web.com/products/dwmail/
############################################################################
#
# The contents of this file are subject to the DWmail License version
# 2.2 ('License'). You may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.dominion-web.com/products/dwmail/license.php
# Software distributed under the License is distributed on an "AS IS" basis,
# without warranty of any kind, either express or implied.
#
# This code is Copyright (c) 2003-2006 Dominion Web Design.
# All rights reserved.
#
# This software may not be redistributed outside the terms of the
# license agreement.
#
############################################################################
*/
require ("./includes/init.inc.php");
require ("./includes/global.inc.php");
require ("./includes/imap.inc.php");
require ("./includes/functions.inc.php");
require ("./includes/config.inc.php");
if (isset($_POST['l'])) {
$DefaultLang = $_POST['l'];
$DefaultCharSet = $AvailLangs[$_POST['l']]['charset'];
}
$MainSettings = new GlobalInit();
$TransIDEnabled = $MainSettings->INIGet('session.use_trans_sid');
session_cache_limiter($DefaultSessionCache);
session_start();
if (isset($_POST['l'])) {
$_SESSION['DefaultLang'] = $_POST['l'];
$_SESSION['DefaultCharSet'] = $AvailLangs[$_POST['l']]['charset'];
}
else {
$_SESSION['DefaultLang'] = $DefaultLang;
$_SESSION['DefaultCharSet'] = $AvailLangs[$DefaultLang]['charset'];
}
if (isset($_POST['tpl'])) {
$_SESSION['tpl'] = stripslashes(strip_tags($_POST['tpl']));
}
else {
$_SESSION['tpl'] = $DefaultTemplate;
}
if (!$_SESSION['DefaultLang']) {
$_SESSION['DefaultLang'] = $DefaultLang;
}
if (!$_SESSION['tpl']) {
$_SESSION['tpl'] = $DefaultTemplate;
}
$_SESSION['fs'] = 0;
if (is_array($SelectTemplates)) {
while(list($key, $value) = each($SelectTemplates)) {
if ($value[1] == $_SESSION['tpl']) {
$_SESSION['fs'] = $value[2];
}
}
}
$redir = '';
if ($_REQUEST['redir'] <> '') {
$redir = strip_tags(stripslashes(trim(urldecode($_REQUEST['redir']))));
}
require ("./lang/" . strip_tags(str_replace("..", "", trim($_SESSION['DefaultLang']))) . "/global.inc.php");
require ("./lang/" . strip_tags(str_replace("..", "", trim($_SESSION['DefaultLang']))) . "/login.inc.php");
@setlocale(LC_TIME, $AvailLangs[$_SESSION['DefaultLang']]['locale']);
// Setup login and session variables
$u = stripslashes($_POST['u']);
$p = stripslashes($_POST['p']);
if (isset($_POST['d'])) {
$u = $u . '@' . strip_tags(stripslashes($_POST['d']));
}
$DefaultTemplate = $_SESSION['tpl'];
if ($DWmailMode <> 1) {
$e = $_POST['e'];
$mailserver2 = strip_tags($_POST['s']);
$servertype2 = strip_tags($_POST['t']);
$portnumber2 = strip_tags($_POST['port']);
$advancedlogin = strip_tags($_POST['a']);
$loginname_array = imap_rfc822_parse_adrlist($u, $DefaultDomain);
if ($FullLogin == 0 || $_POST['a'] == 1) {
if (!isset($e)) {
// Split username from host by using a built in PHP function
$u = $loginname_array[0]->mailbox;
$domain = $loginname_array[0]->host;
}
else {
$u = $_POST['u'];
$e = $_POST['e'];
// Split username from host by using a built in PHP function
$loginname_array2 = imap_rfc822_parse_adrlist($e, $DefaultDomain);
$e = $loginname_array2[0]->mailbox;
$domain = $loginname_array2[0]->host;
}
}
else {
$u = $loginname_array[0]->mailbox . "@" . $loginname_array[0]->host;
$e = $loginname_array[0]->mailbox;
}
if (!isset($domain)) {
$domain = $loginname_array[0]->host;
}
}
else {
$e = $_POST['e'];
$servertype2 = strip_tags($_POST['t']);
$portnumber2 = strip_tags($_POST['port']);
// Split username from host by using a built in PHP function
$loginname_array = imap_rfc822_parse_adrlist($u, $DefaultDomain);
if ($FullLogin == 0 || strip_tags($_POST['a']) == 1) {
if (isset($e)) {
$loginname_array2 = imap_rfc822_parse_adrlist($e, $DefaultDomain);
$e = $loginname_array2[0]->mailbox;
$domain = $loginname_array2[0]->host;
}
$u = $loginname_array[0]->mailbox;
}
else {
$u = $loginname_array[0]->mailbox . "@" . $loginname_array[0]->host;
$e = $loginname_array[0]->mailbox;
}
if (!isset($domain)) {
$domain = $loginname_array[0]->host;
}
}
$SSLSet = 0;
if ($_POST['s']) {
$mailserver2 = strip_tags($_POST['s']);
}
else {
// If no mail server has been sent via post we'll set a default
// Note: if DWmailMode is set to local we'll reset this later on
// First see if we're running a windows installation of PHP
// as the checkdnsrr() function isn't supported
$IsWindows = $MainSettings->IsWindows();
if ($IsWindows == true) {
$mailserver2 = "mail." . $domain;
}
else {
// Now check for certain subdomains to see if they exist.
// If we come across one that exists we'll use it as the
// default server
// In each iteration of the loop also check that $mailserver2 isn't currently set
$checkservers = array("mail." . $domain,
"pop3." . $domain,
"imap." . $domain,
"imap4." . $domain,
"pop." . $domain);
for ($i=0; $i<count($checkservers); $i++) {
if (checkdnsrr($checkservers[$i], "A") && !$mailserver2) {
$mailserver2 = $checkservers[$i];
break;
}
elseif (checkdnsrr($checkservers[$i], "CNAME") && !$mailserver2) {
$mailserver2 = $checkservers[$i];
break;
}
}
// If we get here we haven't found a domain to check so it'll most likely fail
// but we have to pass DWmail something to try to connect to so we'll use just
// the domain
if (!$mailserver2) {
$mailserver2 = $domain;
}
}
}
// If we have advanced login, remote mode and spoof protection enabled
// Check that the domain of the email address is contained in the mail
// Server details
if (($advancedlogin == 1) && ($DWmailMode <> 1) && ($SpoofProtection == 1)) {
if (!strstr($mailserver2, $domain)) {
$spooffailure = 1;
}
else {
$spooffailure = 0;
}
}
if ($_POST['t'] == "") {
$servertype2 = $DefaultType;
}
if ($_POST['port'] == "") {
if ($servertype2 == "imap") {
$portnumber2 = $DefaultIMAPPort;
}
elseif ($servertype2 == "imapssl") {
if ($AllowSSLConnections == 1) {
$portnumber2 = $DefaultIMAPSSLPort;
$SSLSet = 1;
}
else {
$portnumber2 = $DefaultIMAPPort;
}
}
elseif ($servertype2 == "pop3ssl") {
if ($AllowSSLConnections == 1) {
$portnumber2 = $DefaultPOP3SSLPort;
$SSLSet = 1;
}
else {
$portnumber2 = $DefaultPOP3Port;
}
}
else {
$portnumber2 = $DefaultPOP3Port;
}
}
// Checks that the domain is in the allowed array for DWmailMode set to domain mode
// This must be called before we set the initial session so it's only
// executed on FIRST login
if (!isset($_SESSION['sess_domain']) && $DWmailMode == 2) {
$domainfailure = 1;
if (is_array($AllowedDomains)) {
for($i=0; $i<sizeof($AllowedDomains); $i++) {
// Convert both to upper case so we we can try to get a match
if (strtoupper($AllowedDomains[$i]) == strtoupper($domain)) {
$domainfailure = 0;
break;
}
}
}
else {
$domainfailure = 2;
}
}
if ((!isset($_SESSION['sess_u'])) && (!isset($_SESSION['sess_p'])) && (!isset($_SESSION['sess_domain'])) && (!isset($_SESSION['servertype'])) && (!isset($_SESSION['serverport'])) && (!isset($_SESSION['folder']))) {
$_SESSION['sess_u'] = $u;
$_SESSION['sess_p'] = $p;
$_SESSION['sess_domain'] = $domain;
$_SESSION['servertype'] = $servertype2;
$_SESSION['portnumber'] = $portnumber2;
$_SESSION['folder'] = 'INBOX';
$_SESSION['remoteip'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['ssl'] = $SSLSet;
$_SESSION['compatibilitymode'] = $CompatibilityMode;
if (isset($e)) {
$_SESSION['sess_e'] = $e;
}
}
if (!isset($_SESSION['mailserver'])) {
if ($DWmailMode == 1) {
$_SESSION['mailserver'] = $DefaultServer;
}
else {
$_SESSION['mailserver'] = $mailserver2;
}
}
// Setup templates
$DefaultTemplate = strip_tags(trim($DefaultTemplate));
$getFile = new fileProperties($DefaultTemplate);
$PageHeader = $getFile->fileRead('login-header');
$PageFooter = $getFile->fileRead('login-footer');
$PageCopyright = $getFile->fileRead('copyright');
$PageMenu = $getFile->fileRead('menu');
$PageMenu = str_replace("[session]", $MainSettings->SessAppend_noecho($TransIDEnabled, 1), $PageMenu);
$PageMenu = str_replace("[session_append]", $MainSettings->SessAppend_noecho($TransIDEnabled, 0), $PageMenu);
if (isset($_SESSION['sess_e'])) {
if (strstr($_SESSION['sess_e'], "@")) {
$currentemailaddress = $_SESSION['sess_e'];
}
else {
$currentemailaddress = $_SESSION['sess_e'] . "@" . $_SESSION['sess_domain'];
}
}
else {
$currentemailaddress = $_SESSION['sess_u'] . "@" . $_SESSION['sess_domain'];
}
$_SESSION['currentemailaddress'] = $currentemailaddress;
if ($UseDatabase == 1) {
$hash = strip_tags(stripslashes($_GET['key']));
$userid = strip_tags(stripslashes($_GET['userid']));
if ($hash <> '' && $userid <> '') {
switch ($DatabaseType) {
case 'mysqli':
$DBLib = 'mysqli';
break;
case 'postgresql':
$DBLib = 'postgresql';
break;
default:
$DBLib = 'mysql';
break;
}
require_once ("./includes/db_" . $DBLib . ".inc.php");
$MySQLConnection = new DB_Connection($MySQLServer, $MySQLUsername, $MySQLPassword, $MySQLDBName);
$MySQLMakeConnection = $MySQLConnection->DB_MakeConnection();
$MySQLConnection->_DBUserID = $userid;
$rsshash = $MySQLConnection->DB_GetHash($hash, $MySQLConnection->_DBUserID);
if ($rsshash == FALSE) {
exit;
}
$GetRSS = trim($MySQLConnection->DB_GetPrefs('rss'));
$GetRSS = $MainSettings->CheckSlashes($GetRSS);
$UserDetails = unserialize($GetRSS);
if ($UserDetails['enabled'] <> 1) {
exit;
}
if ($UserDetails['bypasslogin'] == 1) {
$_SESSION['sess_u'] = $UserDetails['sess_u'];
$_SESSION['sess_p'] = $UserDetails['sess_p'];
$_SESSION['mailserver'] = $UserDetails['mailserver'];
$_SESSION['sess_domain'] = $UserDetails['sess_domain'];
$_SESSION['servertype'] = $UserDetails['servertype'];
$_SESSION['portnumber'] = $UserDetails['portnumber'];
$_SESSION['ssl'] = $UserDetails['ssl'];
$_SESSION['sess_e'] = $UserDetails['sess_e'];
$_SESSION['currentemailaddress'] = $UserDetails['currentemailaddress'];
$_SESSION['compatibilitymode'] = $CompatibilityMode;
}
}
}
// options must be called after currentemailaddress in mailbox.php for the
// database login to work
require ("./includes/options.inc.php");
$checkblocked = $MySQLConnection->DB_CheckBlocked($mailserver2);
if ($checkblocked >= 1) {
echo $mailserver2 . " " . $lang['SLogin']['Block'];
session_unset();
session_destroy();
exit;
}
if ($VerifyImage == 2) {
require ("./includes/image.inc.php");
$gdimg = new GDImage();
$gdimg->imgSupport();
$gdimg->ftSupport();
if ($gdimg->_imgsupport == true && $gdimg->_ftsupport == true) {
require ("./includes/3rdparty/captcha/php-captcha.inc.php");
if (PhpCaptcha::Validate(strip_tags(stripslashes($_POST['vi'])))) {
$verifyfail = 0;
}
else {
$verifyfail = 1;
}
}
else {
$VerifyImage = 1;
}
}
if ($VerifyImage == 1) {
require ("./includes/image.inc.php");
$gdimg = new GDImage();
$gdimg->imgSupport();
if ($gdimg->_imgsupport == true) {
if (strip_tags(stripslashes(strtolower($_POST['vi']))) <> $_SESSION['verify']) {
$verifyfail = 1;
}
else {
$verifyfail = 0;
unset ($_SESSION['verify']);
}
}
else {
$VerifyImage = 0;
}
}
if ($_POST['u'] && $InterstitialLogin == 1) {
$initiallogin = 1;
}
else {
$initiallogin = 0;
}
$PageMenu = str_replace("[emailaddress]", $_SESSION['currentemailaddress'], $PageMenu);
if ($_SESSION['fs'] == 1) {
$FinalDest = 'frameset.php';
}
else {
$FinalDest = 'mailbox.php';
}
if ($initiallogin == 1 && $_SESSION['sess_u']) {
$headerrefresh = "<meta http-equiv=\"refresh\" content=\"1;URL=" . $FinalDest . "?f=" . $_SESSION['folder'] . "&il=1&" . strip_tags(SID) . "\" />";
$PageMenu = $getFile->fileRead('blankmenu');
}
else {
$headerrefresh = "";
}
$CodeSearch = array (
"[mainmenu]",
"[copyright]",
"[charset]",
"[lang]",
"[langdir]"
);
$CodeReplace = array (
$PageMenu,
$PageCopyright,
$_SESSION['DefaultCharSet'],
$_SESSION['DefaultLang'],
$AvailLangs[$_SESSION['DefaultLang']]['dir']
);
$PageHeader = str_replace ($CodeSearch, $CodeReplace, $PageHeader);
$PageFooter = str_replace ($CodeSearch, $CodeReplace, $PageFooter);
$PageHeader = LangReplace('Generic', $PageHeader, $lang);
$PageHeader = LangReplace('SFolderPane', $PageHeader, $lang);
$PageFooter = LangReplace('Generic', $PageFooter, $lang);
$PageFooter = LangReplace('SFolderPane', $PageFooter, $lang);
$genericerror = $getFile->fileRead('generic_message');
$genericerror = str_replace ('[pagetitle]', $lang['SErrors']['Title'], $genericerror);
$error_session = str_replace ('[pagemessage]', $lang['SLogin']['Session'], $genericerror);
CheckValidSession($_SESSION, $PageFooter, $error_session, $PageHeader);
if ($advancedlogin == 1 && $_POST['e'] == "") {
session_unset();
session_destroy();
$PageHeader = str_replace ("[folders]", "", $PageHeader);
$PageHeader = str_replace ("[header_refresh]", "", $PageHeader);
$PageHeader = str_replace ("[pagetitle]", "", $PageHeader);
$error_noemail = str_replace ('[pagemessage]', $lang['SLogin']['Session'], $genericerror);
header ("Content-Type: text/html; charset=" . $_SESSION['DefaultCharSet']);
echo $PageHeader;
echo $error_noemail;
echo $PageFooter;
exit;
}
if ($spooffailure == 1) {
session_unset();
session_destroy();
$PageHeader = str_replace ("[folders]", "", $PageHeader);
$PageHeader = str_replace ("[header_refresh]", "", $PageHeader);
$PageHeader = str_replace ("[pagetitle]", "", $PageHeader);
$error_spoofprotection = str_replace ('[pagemessage]', $lang['SLogin']['SpoofProtection'], $genericerror);
header ("Content-Type: text/html; charset=" . $_SESSION['DefaultCharSet']);
echo $PageHeader;
echo $error_spoofprotection;
echo $PageFooter;
exit;
}
if ($verifyfail == 1) {
session_unset();
session_destroy();
$PageHeader = str_replace ("[folders]", "", $PageHeader);
$PageHeader = str_replace ("[header_refresh]", "", $PageHeader);
$PageHeader = str_replace ("[pagetitle]", "", $PageHeader);
$error_spoofprotection = str_replace ('[pagemessage]', $lang['SLogin']['VerifyFailure'], $genericerror);
header ("Content-Type: text/html; charset=" . $_SESSION['DefaultCharSet']);
echo $PageHeader;
echo $error_spoofprotection;
echo $PageFooter;
exit;
}
if ($domainfailure >= 1) {
session_unset();
session_destroy();
$PageHeader = str_replace ("[folders]", "", $PageHeader);
$PageHeader = str_replace ("[header_refresh]", "", $PageHeader);
$PageHeader = str_replace ("[pagetitle]", "", $PageHeader);
$error_domainmodefailure = str_replace ('[pagemessage]', $lang['SLogin']['DomainMode'], $genericerror);
$error_domainmodefailure = str_replace ("[domain]", $domain, $error_domainmodefailure);
header ("Content-Type: text/html; charset=" . $_SESSION['DefaultCharSet']);
echo $PageHeader;
echo $error_domainmodefailure;
echo $PageFooter;
exit;
}
// If we are using a database we need to insert the email address and password into the database
// We MD5 encrypt the username and password to ensure privacy
if ($UseDatabase == 1) {
if ($MySQLMakeConnection) {
$MySQLID = $MySQLConnection->DB_CheckUser($_SESSION['currentemailaddress'], $_SESSION['sess_p']);
if ($_POST['u'] || $initiallogin == 1) {
$MySQLUpdateLogin = $MySQLConnection->DB_UpdateLastLogin();
}
}
}
if ($StatsLogging == 1 && $UseDatabase == 1) {
$LogAccess = $MySQLConnection->DB_LogAccess($IPLogging);
}
if ($initiallogin == 1 && $redir == '') {
$PageInterstitiallogin = $getFile->fileRead('interstitiallogin');
$PageHeader = str_replace ("[folders]", "", $PageHeader);
$PageHeader = str_replace ("[header_refresh]", $headerrefresh, $PageHeader);
$PageHeader = str_replace ("[pagetitle]", "", $PageHeader);
if ($_SESSION['fs'] == 1) {
$PageInterstitiallogin = str_replace ("[login_redirect]", "frameset.php?f=" . $_SESSION['folder'] . "&il=1" . $MainSettings->SessAppend_noecho($TransIDEnabled, 0), $PageInterstitiallogin);
}
else {
$PageInterstitiallogin = str_replace ("[login_redirect]", "mailbox.php?f=" . $_SESSION['folder'] . "&il=1" . $MainSettings->SessAppend_noecho($TransIDEnabled, 0), $PageInterstitiallogin);
}
$PageInterstitiallogin = str_replace ("[session]", $MainSettings->SessAppend_noecho($TransIDEnabled, 1), $PageInterstitiallogin);
$PageInterstitiallogin = str_replace ("[login_emailaddress]", $_SESSION['currentemailaddress'], $PageInterstitiallogin);
$PageInterstitiallogin = LangReplace('SLogin', $PageInterstitiallogin, $lang);
header ("Content-Type: text/html; charset=" . $_SESSION['DefaultCharSet']);
echo $PageHeader;
echo $PageInterstitiallogin;
echo $PageFooter;
exit;
}
else {
if ($redir <> '') {
header ("Location: ./" . $redir . "&" . strip_tags(SID));
}
else {
header ("Location: ./" . $FinalDest . "?f=INBOX&il=1&" . strip_tags(SID));
}
exit;
}
?>
|