Show explicit error message when provided hostname is invalid (#1488550)

Conflicts: program/include/rcmail.php
13 years ago · ecc3ba134e
4 changed files with 62 additions and 12 deletions
--- a/1
+++ b/1
@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================

+- Show explicit error message when provided hostname is invalid (#1488550)
 - Fix wrong compose screen elements focus in IE9 (#1488541)
 - Fix fatal error when date.timezone isn't set (#1488546)
 - Update to TinyMCE 3.5.4.1
--- a/index.php
+++ b/index.php
@ -103,12 +103,9 @@ if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') {
    'valid' => $request_valid,
  ));

-  // check if client supports cookies
-  if ($auth['cookiecheck'] && empty($_COOKIE)) {
-    $OUTPUT->show_message("cookiesdisabled", 'warning');
-  }
-  else if ($auth['valid'] && !$auth['abort'] &&
-    $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'])
+  // Login
+  if ($auth['valid'] && !$auth['abort'] &&
+    $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'], $auth['cookiecheck'])
  ) {
    // create new session ID, don't destroy the current session
    // it was destroyed already by $RCMAIL->kill_session() above
@ -143,9 +140,23 @@ if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') {
    $OUTPUT->redirect($redir);
  }
  else {
-    $error_code = is_object($RCMAIL->storage) ? $RCMAIL->storage->get_error_code() : 1;
+    if (!$auth['valid']) {
+      $error_code  = RCMAIL::ERROR_INVALID_REQUEST;
+    }
+    else {
+      $error_code = $auth['error'] ? $auth['error'] : $RCMAIL->login_error();
+    }
+
+    $error_labels = array(
+      RCMAIL::ERROR_STORAGE          => 'storageerror',
+      RCMAIL::ERROR_COOKIES_DISABLED => 'cookiesdisabled',
+      RCMAIL::ERROR_INVALID_REQUEST  => 'invalidrequest',
+      RCMAIL::ERROR_INVALID_HOST     => 'invalidhost',
+    );
+
+    $error_message = $error_labels[$error_code] ? $error_labels[$error_code] : 'loginfailed';

-    $OUTPUT->show_message($error_code < -1 ? 'storageerror' : (!$auth['valid'] ? 'invalidrequest' : 'loginfailed'), 'warning');
+    $OUTPUT->show_message($error_message, 'warning');
    $RCMAIL->plugins->exec_hook('login_failed', array(
      'code' => $error_code, 'host' => $auth['host'], 'user' => $auth['user']));
    $RCMAIL->kill_session();
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@ -131,6 +131,11 @@ class rcmail
  private $shutdown_functions = array();
  private $expunge_cache = false;

+  const ERROR_STORAGE          = -2;
+  const ERROR_INVALID_REQUEST  = 1;
+  const ERROR_INVALID_HOST     = 2;
+  const ERROR_COOKIES_DISABLED = 3;
+

  /**
   * This implements the 'singleton' design pattern
@ -814,15 +819,23 @@ class rcmail
   * @param string Mail storage (IMAP) user name
   * @param string Mail storage (IMAP) password
   * @param string Mail storage (IMAP) host
+   * @param bool   Enables cookie check
   *
   * @return boolean True on success, False on failure
   */
-  function login($username, $pass, $host=NULL)
+  function login($username, $pass, $host = null, $cookiecheck = false)
  {
+    $this->login_error = null;
+
    if (empty($username)) {
      return false;
    }

+    if ($cookiecheck && empty($_COOKIE)) {
+      $this->login_error = self::ERROR_COOKIES_DISABLED;
+      return false;
+    }
+
    $config = $this->config->all();

    if (!$host)
@ -839,11 +852,18 @@ class rcmail
          break;
        }
      }
-      if (!$allowed)
-        return false;
+      if (!$allowed) {
+        $host = null;
      }
-    else if (!empty($config['default_host']) && $host != rcube_parse_host($config['default_host']))
+    }
+    else if (!empty($config['default_host']) && $host != rcube_parse_host($config['default_host'])) {
+      $host = null;
+    }
+
+    if (!$host) {
+      $this->login_error = self::ERROR_INVALID_HOST;
      return false;
+    }

    // parse $host URL
    $a_host = parse_url($host);
@ -983,6 +1003,23 @@ class rcmail
  }


+    /**
+     * Returns error code of last login operation
+     *
+     * @return int Error code
+     */
+    public function login_error()
+    {
+        if ($this->login_error) {
+            return $this->login_error;
+        }
+
+        if ($this->storage && $this->storage->get_error_code() < -1) {
+            return self::ERROR_STORAGE;
+        }
+    }
+
+
  /**
   * Set storage parameters.
   * This must be done AFTER connecting to the server!
--- a/program/localization/en_US/messages.inc
+++ b/program/localization/en_US/messages.inc
@ -33,6 +33,7 @@ $messages['requesttimedout'] = 'Request timed out';
 $messages['errorreadonly'] = 'Unable to perform operation. Folder is read-only.';
 $messages['errornoperm'] = 'Unable to perform operation. Permission denied.';
 $messages['invalidrequest'] = 'Invalid request! No data was saved.';
+$messages['invalidhost'] = 'Invalid server name.';
 $messages['nomessagesfound'] = 'No messages found in this mailbox.';
 $messages['loggedout'] = 'You have successfully terminated the session. Good bye!';
 $messages['mailboxempty'] = 'Mailbox is empty.';