*$fdt = time()-$t+microtime()-$m; echo "\r\n";/*<*/ /** * APPLICATION INCLUDES **/ define('SESSION_COOKIE_NAME', 'PHPSESSID_BASIC'); ini_set('session.name', SESSION_COOKIE_NAME); /*>*$t1 = time();$m1 = microtime();/*<*/ require_once('model/webmail.php'); //Import application files require_once(SHAREDLIB_PATH . 'system.php'); slSystem::import('model/webmail', APP_PATH); slSystem::import('model/settings', APP_PATH); if (defined('SECURE_COOKIE') && SECURE_COOKIE) { header('Strict-Transport-Security: max-age=31536000; includeSubDomains; preload'); } $cookie = new slToolsCookie(); $api = createobject('API'); $xml = simplexml_load_file($api->GetProperty('C_ConfigPath').'_webmail/server.xml'); if(!filter_var($xml->item->allow_iframe, FILTER_VALIDATE_BOOLEAN)) header('X-Frame-Options: SAMEORIGIN'); /* if user tries go to PRO without JS */ if (isset($_GET['jscrash'])) { $cookie->setcookie('login_sid', "", mktime(0, 0, 0, 1, 1, 2000), '/'); } // persist in old version if (isset($_COOKIE['prefered_version'])) { $cookie->setcookie('prefered_version', '1', mktime(0, 0, 0, 1, 1, 2030), '/'); } //Timeout variables for server $sTime = time(); $sMicroTime = microtime(); slSystem::import('application'); slSystem::import('io/router'); slSystem::import('system/session'); //AppSystem::import( 'storage/database' ); slSystem::import('storage/settings'); slSystem::import('tools/debug'); /*>*$frt = time()-$t1+microtime()-$m1;echo "\r\n";/*<*/ //Model - init required classes and objects / create some requirements on model... /*>*$t1 = time();$m1 = microtime();/*<*/ //Change download path /******* unilogin *****/ if (isset($_GET['l'])) { if (isset($_REQUEST['PHPSESSID_LOGIN'])) session_id($_REQUEST['PHPSESSID_LOGIN']); if (isset($_COOKIE['PHPSESSID_LOGIN']) && $_COOKIE['PHPSESSID_LOGIN'] != '') session_id($_COOKIE['PHPSESSID_LOGIN']); $cookie = new slToolsCookie(); if ($cookie->isSecure()) ini_set('session.cookie_secure', 'on'); session_start(); if (!isset($_SESSION['_unilogin'])){ /*print_r($_SESSION);print_r($_REQUEST);*/ /*echo "

".print_r($_SESSION,true)."

";*/ die('NO LOGIN INFORMATION GIVEN'); } //die(); //echo '

'.print_r($_SESSION['_unilogin'],true).'

';die(); $_POST = $_SESSION['_unilogin']; $_REQUEST = $_SESSION['_unilogin']; unset($_SESSION['_unilogin']); if (!$_SESSION['user']) session_destroy(); if (Storage::getLicenseType() == 'simple') { $_POST['to'] = 'basic'; $_REQUEST['to'] = 'basic'; } } else { // set BASIC as last used interface $lastLanguage = 'en'; if (isset($_COOKIE['lastLogin'])) { $parse = explode('|', $_COOKIE['lastLogin']); $lastLanguage = $parse[0]; } if (isset($_REQUEST['_a']['login']) || isset($_REQUEST['sid'])) { $cookie->setcookie('lastLogin', $lastLanguage . '|basic', mktime(0, 0, 0, 1, 1, 2030), '/'); } } if (!$_REQUEST['to'] || $_REQUEST['to'] == 'basic') { define('HTML_MAILTO_FORMAT', 'index.html?_n[p][main]=win.main.tree&_n[p][content]=mail.compose&to=__#address'); define('EMAIL_LINK_FORMAT', "#__w_o#a target=#__w_q#_top#__w_q# href=#__w_q#index.html?_n[p][main]=win.main.tree&_n[p][content]=mail.compose&to=$1#__w_q##__w_c#$1#__w_o#/a#__w_c#"); define('LANGUAGE_PATH', '../basic/language/'); } if (isset($_POST['iw_username'])) $_POST['username'] = $_POST['iw_username']; /** * APPLICATION - INPUT - create request(sent data) and session(client data) **/ //Object to handle all form / get / files data $request = slRequest::instance(); //Object to store user session $session = slSession::instance($request); // logout action should be CSRF protected if (isset($_GET['_a']['logout']) && $_GET['token'] !== session_id()) { // no CSRF logout hack - continue slRouter::redirect($request->getPath() . '?_n[w]=main&_n[p][main]=' . APP_SCREEN_LOGGED, true); } function checkCSRFToken(slRequest $request) { // check for the CSRF token if (empty($_POST)) return; // no POST parameters were sent - no write operation - continue if (isset($_POST['token']) && $_POST['token'] === session_id()) return; // the token was sent and is OK - continue if ((isset($_POST['password']) || isset($_POST['password_rsa'])) && isset($_POST['_a']['login'])) return; // no protection while login into application // go to "logged" screen in case of CSRF attack slRouter::redirect($request->getPath() . '?_n[w]=main&_n[p][main]=' . APP_SCREEN_LOGGED, true); } checkCSRFToken($request); if ($session->onetimelogin) { $_SESSION['CTZ'] = $_SESSION['CLIENT_TIMEZONE_OFFSET']; slRouter::redirect($request->getPath() . '?_n[w]=main&_n[p][main]=' . APP_SCREEN_LOGGED . APP_SCREEN_LOGGED_PARAMS, true); } /** * ATOKEN LOGIN **/ if ($request->get('get.atoken')) { function getClearGet($qs = array()) { $getKeys = ['xml', 'frm', 'subject', 'video', 'telemetry', 'meeting', 'ref', 'username', 'password', 'drafts_imap_id', 'sms', 'open', 'page', 'from', 'token', 'tconly', 'notifyuri']; $getKeysEncode = ['debug', 'mailto', 'cc', 'bcc', 'body']; foreach ($getKeys as $getKey) { if(isset($_GET[$getKey])) $qs[] = $getKey . '=' . $_GET[$getKey]; } foreach ($getKeysEncode as $getKey) { if(isset($_GET[$getKey])) $qs[] = $getKey . '=' . urlencode($_GET[$getKey]); } if (!empty($qs)) { $qs = '?' . join('&', $qs); } else { $qs = ''; } return str_replace(array('<', '>'), array('', ''), $qs); } try { $sid = WebmailIqAuth::createSidByAToken($request->get('get.atoken'), $request->get('get.language'), $request->get('get.remember'), $request->get('all.ctz')); header("Location: ./" . getClearGet()); } catch (Exc $e) { header("Location: ../?eid=" . $e->wmcode); } die(); } /** * APPLICATION MODEL INITIALIZATION (usually require model libraries,basic initialization etc...) **/ //Model configuration $settings = WebmailSettings::instance($session); $model = WebmailModel::instance($settings); $layoutSettings = $settings->getPrivate('layout_settings'); $layoutSettings = $layoutSettings['@childnodes']['item']['0']['@childnodes']['activity'][0]['@value']; if ($layoutSettings && $layoutSettings != 0) { if (isset($_SESSION['LAST_ACTIVITY']) && $_SESSION['LAST_ACTIVITY'] < time() - $layoutSettings * 60) { $_SESSION['LAST_ACTIVITY'] = time(); header("HTTP/1.0 302 Moved Temporarely"); header('Location: ?_n[w]=main&_n[p][main]=win.login&_c=auth&_a[logout]=1&token=' + $_SESSION['SID']); die(); } $_SESSION['LAST_ACTIVITY'] = time(); } /** * APPLICATION - EXECUTIVE PART **/ try { $application = slApplication::instance(APP, $model, $session); $response = $application->dispatch($request); $application->respond($response); } catch (Exception $e) { if (explode(':', $e->getMessage())[0] == 'file_does_not_exist') { header("HTTP/1.1 403 Forbidden"); } else { throw $e; } } ?>