<?php
/**
* @package phlyMail Nahariya 4.0+ Default branch
* @subpackage Handler Calendar
* @subpackage Import / Export
* @copyright 2009-2010 phlyLabs, Berlin (http://phlylabs.de)
* @version 4.0.5 2010-06-10
*/
// Try to disable any execution time limits imposed - no effect under SAFE_MODE!
@set_time_limit(0);
define('_IN_PHM_', true);
define('PHM_NO_SESSION', 1); // This adivses init.frontend to not use any session stuff
// Setup session related directives
@ini_set('url_rewriter.tags', '');
@ini_set('arg_separator.output', '&');
@set_include_path(get_include_path().PATH_SEPARATOR.dirname(__FILE__));
// Load necessary files
$choices = 'choices.ini.php';
if (!file_exists($choices) || !is_readable($choices)) die('Could not initialise basic settings.');
$_PM_ = parse_ini_file($choices, true);
// Comaptibility layer
if (!version_compare(phpversion(), '6.0.0', '>=')) {
require_once($_PM_['path']['lib'].'/compat.5.x.php');
}
require($_PM_['path']['lib'].'/init.frontend.php');
$still_blocked = 0;
$maintained = (!isset($_PM_['core']['online_status']) || !$_PM_['core']['online_status']) ? 1 : 0;
$countonfail = (isset($_PM_['auth']['countonfail']) && $_PM_['auth']['countonfail']) ? $_PM_['auth']['countonfail'] : false;
$waitonfail = (isset($_PM_['auth']['waitonfail']) && $_PM_['auth']['waitonfail']) ? $_PM_['auth']['waitonfail'] : 5;
$lockonfail = (isset($_PM_['auth']['lockonfail']) && $_PM_['auth']['lockonfail']) ? $_PM_['auth']['lockonfail'] : 10;
if ($maintained) {
header('HTTP/1.0 503 Service Temporarily Unavailable');
header('Status: 503 Service Temporarily Unavailable');
die('System offline');
}
//
// Check for HTTP AUTH BASIC
//
if (isset($_SERVER['PHP_AUTH_USER'])) { // PHP as Apache module, AUTH environment variables populated
$phpAuthUser = $_SERVER['PHP_AUTH_USER'];
$phpAuthPass = $_SERVER['PHP_AUTH_PW'];
} elseif (isset($_GET['RewriteFakeAuth'])) { // Fallback via mod_rewrite
// Check for the HTTP authentication string in $_GET
if (preg_match('/Basic\s+(.*)$/i', $_GET['RewriteFakeAuth'], $auth)) {
$auth = explode(':', base64_decode($auth[1])); // Auth info is base64 encoded
$phpAuthUser = isset($auth[0]) ? $auth[0] : false;
$phpAuthPass = isset($auth[1]) ? $auth[1] : false;
}
} else {
header('WWW-Authenticate: Basic realm="phlyMail Web API"');
header('HTTP/1.0 401 Unauthorized');
die('Please login to use this service');
}
list ($uid, $realpass) = $DB->authenticate($phpAuthUser);
if (!$uid) {
header('HTTP/1.0 403 Forbidden');
header('Status: 403 Forbidden');
die('Unknown user');
}
$failure = $DB->get_usrfail($uid);
// Automatisches Verblassen von Fehleingaben
if ($failure['fail_count'] < $countonfail) {
if ($failure['fail_time'] < (date('U') - 600)) $DB->reset_usrfail($uid);
} else {
if ($failure['fail_time'] < (date('U') - ($lockonfail * 60))) $DB->reset_usrfail($uid);
else $still_blocked = 1;
}
if (md5($phpAuthPass) != $realpass) {
if ($still_blocked != 1) $DB->set_usrfail($uid);
$uid = false;
}
if ($still_blocked) {
header('HTTP/1.0 403 Forbidden');
header('Status: 403 Forbidden');
die('Too many failed logins');
}
if (!$uid) {
header('HTTP/1.0 403 Forbidden');
header('Status: 403 Forbidden');
die('Username or password wrong');
}
define('PHM_API_UID', $uid); // Read by the handlers
// Apply permission checks, read settings for user
if (isset($DB->features['permissions']) && $DB->features['permissions']) {
$_phM_privs = $DB->get_user_permissions($uid);
$_phM_privs['all'] = false;
} else {
$_phM_privs['all'] = true;
}
if (isset($_REQUEST['handler'])) {
$HDL = basename($_REQUEST['handler']);
if (file_exists($_PM_['path']['handler'].'/'.$HDL.'/webapi.php')) {
require_once($_PM_['path']['handler'].'/'.$HDL.'/webapi.php');
} else {
header('HTTP/1.0 415 Unsupported Media Type');
header('Status: 415 Unsupported Media Type');
die('Wrong type of service');
}
} else {
header('HTTP/1.0 400 Bad Request');
header('Status: 400 Bad Request');
die('Missing parameter');
}
exit;