ilohamail 0.8.14-0rc3sid6.2 / usr / share / IlohaMail / include / write_sinc.FS.inc

This file is indexed.

/usr/share/IlohaMail/include/write_sinc.FS.inc is in ilohamail 0.8.14-0rc3sid6.2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
<?php
/////////////////////////////////////////////////////////
//	
//	include/write_sinc.inc
//
//	(C)Copyright 2001-2002 Ryo Chijiiwa <Ryo@IlohaMail.org>
//
//	This file is part of IlohaMail. IlohaMail is free software released 
//	under the GPL license.  See enclosed file COPYING for details, or 
//	see http://www.fsf.org/copyleft/gpl.html
//
/////////////////////////////////////////////////////////

/********************************************************

	PURPOSE:
		1.  Generate session ID
		2.	Read user preference settings from data source, and write into session file.
		3. Initialize session
	PRE-CONDITIONS:
		$user_name - User name
		$host - IMAP server
	POST-CONDITIONS:
		$user - Session ID
        $new_user - true if new user, else false
		Session file (in the form of a PHP include) is written into sessions folder,
		with file name $user."inc".
	COMMENTS:
		This file is fairly specific to the file-based data back-end.  For DB-based 
		back-ends, session data should be registered.
		Session data include:
			-session ID
			-remote IP
			-user name
			-password (clear or encrypted)
			-host
			-time of login (optional)
	NOTE:
		How to crack the session/password encryption mechanism:
			If you know the user name, host, and session ID
				1. Get session encryption key in user's directory
				2. Access session file.
				3.  Decrypt password
			If you don't know the user name, but have a session ID
				1.  Get IP address the session was opened from
				2.  Encrypt path using IP address 
                                    (in reverse order, no '.'s, as string)
                                    (e.g. 127.0.0.1 -> "100127")
				3.  Access user's directory and get session key
				4.  Decrypt password

********************************************************/

function GetPrefsFolder($user, $host, &$created){
	global $USER_DIR;
	
    $created = false;
	$result = false;
	
	$user = strtolower($user);
	$host = strtolower($host);
	
	$path = $USER_DIR.ereg_replace("[\\/]", "", $user.".".$host);
	if (@file_exists(realpath($path))){
		$result=$path;
	}else{
		if (@mkdir($path, 0700)){
            $created = true;
            $result=$path;
        }else{
            $result = false;
        }
	}
	return $result;
}

function GetSettings($result, $file){
	$lines = file($file);
	if (is_array($lines)){
                while ( list($k, $line) = each($lines) ){
			list($key, $val) = explode(":", $line);
			$result[$key] = base64_decode($val);
		}
	}else{
		$result=false;
	}
	
	return $result;
}

    include_once('../include/array2php.inc');
	include_once('../conf/defaults.inc');

    // find user's directory, or create one
    $path=GetPrefsFolder($user_name, $host, $new_user);
    if ($path){

        // create session ID
        if (!isset($session)){
            $session=time()."-".GenerateRandomString(5,"0123456789");
            $user=$session;	
        }
    
        // generate random session key
        $key=GenerateMessage(strlen($password)+5);
    
        // save session key in $userPath/key.inc
        $fp=fopen($path."/key.inc", 'w');
        if ($fp){
            fputs($fp, '<?php $passkey="'.$key.'"; ?>');
            fclose($fp);
        }

        // encrypt login ID, host, and passwords
        $encpass = EncryptMessage($key, $password);
        $encHost = EncryptMessage($key, $host);
        $encUser = EncryptMessage($key, $user_name);
    
		$ipkey = InitSessionEncKey($session);        
        $encPath = EncryptMessage($ipkey, $path);

        // dynamically generate code to put in session include file.
        $string="<?php\n";
        $string.="function GetPassword(){ return \"".$encpass."\";}\n";
        $string.="function GetHost(){ return \"".$encHost."\"; }\n";
        $string.="function GetUserName(){ return \"".$encUser."\";}\n";
        $string.="\$userPath=\"".$encPath."\";\n";
        $string.="\$port=".$port.";\n";
        $string.="\n?>";
    
		// write code to session include file (in sessions folder)
		$session_file_path = $SESSION_DIR.$user.".inc";
		$fp=fopen($session_file_path, 'w');
		if ($fp){
			if (!fputs($fp,$string))
				$error.= "Failed to write to \"$session_file_path\"\n";
			fclose($fp);
		}else{
			$error .= "Failed to open \"$session_file_path\"\n";
			echo "filesystem error";
		}

        // initialize $my_prefs, and create $userPath/prefs.inc file
        if (@file_exists(realpath($path."/prefs"))) $my_prefs = GetSettings($init["my_prefs"], $path."/prefs");
        else $my_prefs = $init["my_prefs"];
        include("../include/save_prefs.inc");

        // initialize $my_colors, and create $userPath/colors.inc file
        if (@file_exists(realpath($path."/colors"))) $my_colors = GetSettings($init["my_colors"], $path."/colors");
        else $my_colors = $init["my_colors"];
        include("../include/save_colors.inc");
    }else{
        $error .= "Couldn't create user dir<br>\n";
    }
?>

APT Browse - Built by Thomas Orozco.