]> git.immae.eu Git - github/shaarli/Shaarli.git/blame - application/Utils.php
SessionManager+LoginManager: fix checkLoginState logic
[github/shaarli/Shaarli.git] / application / Utils.php
CommitLineData
ca74886f
V
1<?php
2/**
3 * Shaarli utilities
4 */
5
1abe6555
V
6/**
7 * Logs a message to a text file
8 *
478ce8af
V
9 * The log format is compatible with fail2ban.
10 *
1abe6555
V
11 * @param string $logFile where to write the logs
12 * @param string $clientIp the client's remote IPv4/IPv6 address
13 * @param string $message the message to log
14 */
15function logm($logFile, $clientIp, $message)
16{
478ce8af
V
17 file_put_contents(
18 $logFile,
aa7f7b3e 19 date('Y/m/d H:i:s').' - '.$clientIp.' - '.strval($message).PHP_EOL,
478ce8af
V
20 FILE_APPEND
21 );
1abe6555
V
22}
23
ca74886f
V
24/**
25 * Returns the small hash of a string, using RFC 4648 base64url format
26 *
27 * Small hashes:
28 * - are unique (well, as unique as crc32, at last)
29 * - are always 6 characters long.
30 * - only use the following characters: a-z A-Z 0-9 - _ @
31 * - are NOT cryptographically secure (they CAN be forged)
32 *
33 * In Shaarli, they are used as a tinyurl-like link to individual entries,
d592daea
A
34 * built once with the combination of the date and item ID.
35 * e.g. smallHash('20111006_131924' . 142) --> eaWxtQ
36 *
37 * @warning before v0.8.1, smallhashes were built only with the date,
38 * and their value has been preserved.
7af9a418
A
39 *
40 * @param string $text Create a hash from this text.
41 *
42 * @return string generated small hash.
ca74886f
V
43 */
44function smallHash($text)
45{
46 $t = rtrim(base64_encode(hash('crc32', $text, true)), '=');
47 return strtr($t, '+/', '-_');
48}
49
50/**
51 * Tells if a string start with a substring
5046bcb6
A
52 *
53 * @param string $haystack Given string.
54 * @param string $needle String to search at the beginning of $haystack.
55 * @param bool $case Case sensitive.
56 *
57 * @return bool True if $haystack starts with $needle.
ca74886f 58 */
5046bcb6 59function startsWith($haystack, $needle, $case = true)
ca74886f
V
60{
61 if ($case) {
62 return (strcmp(substr($haystack, 0, strlen($needle)), $needle) === 0);
63 }
64 return (strcasecmp(substr($haystack, 0, strlen($needle)), $needle) === 0);
65}
66
67/**
68 * Tells if a string ends with a substring
5046bcb6
A
69 *
70 * @param string $haystack Given string.
71 * @param string $needle String to search at the end of $haystack.
72 * @param bool $case Case sensitive.
73 *
74 * @return bool True if $haystack ends with $needle.
ca74886f 75 */
5046bcb6 76function endsWith($haystack, $needle, $case = true)
ca74886f
V
77{
78 if ($case) {
79 return (strcmp(substr($haystack, strlen($haystack) - strlen($needle)), $needle) === 0);
80 }
81 return (strcasecmp(substr($haystack, strlen($haystack) - strlen($needle)), $needle) === 0);
82}
64bc92e3 83
64bc92e3 84/**
2925687e 85 * Htmlspecialchars wrapper
ee88a4bc 86 * Support multidimensional array of strings.
2925687e 87 *
ee88a4bc 88 * @param mixed $input Data to escape: a single string or an array of strings.
2925687e
A
89 *
90 * @return string escaped.
64bc92e3 91 */
ee88a4bc 92function escape($input)
64bc92e3 93{
7d86f40b
A
94 if (is_bool($input)) {
95 return $input;
96 }
97
ee88a4bc
A
98 if (is_array($input)) {
99 $out = array();
100 foreach($input as $key => $value) {
101 $out[$key] = escape($value);
102 }
103 return $out;
104 }
105 return htmlspecialchars($input, ENT_COMPAT, 'UTF-8', false);
64bc92e3 106}
107
2925687e
A
108/**
109 * Reverse the escape function.
110 *
111 * @param string $str the string to unescape.
112 *
113 * @return string unescaped string.
114 */
115function unescape($str)
116{
117 return htmlspecialchars_decode($str);
118}
119
64bc92e3 120/**
7af9a418
A
121 * Sanitize link before rendering.
122 *
123 * @param array $link Link to escape.
64bc92e3 124 */
125function sanitizeLink(&$link)
126{
127 $link['url'] = escape($link['url']); // useful?
128 $link['title'] = escape($link['title']);
129 $link['description'] = escape($link['description']);
130 $link['tags'] = escape($link['tags']);
131}
9186ab95
V
132
133/**
134 * Checks if a string represents a valid date
822bffce
A
135
136 * @param string $format The expected DateTime format of the string
137 * @param string $string A string-formatted date
138 *
139 * @return bool whether the string is a valid date
9186ab95 140 *
822bffce
A
141 * @see http://php.net/manual/en/class.datetime.php
142 * @see http://php.net/manual/en/datetime.createfromformat.php
9186ab95
V
143 */
144function checkDateFormat($format, $string)
145{
146 $date = DateTime::createFromFormat($format, $string);
147 return $date && $date->format($string) == $string;
148}
775803a0
A
149
150/**
151 * Generate a header location from HTTP_REFERER.
152 * Make sure the referer is Shaarli itself and prevent redirection loop.
153 *
154 * @param string $referer - HTTP_REFERER.
155 * @param string $host - Server HOST.
156 * @param array $loopTerms - Contains list of term to prevent redirection loop.
157 *
158 * @return string $referer - final referer.
159 */
160function generateLocation($referer, $host, $loopTerms = array())
161{
d01c2342 162 $finalReferer = '?';
775803a0
A
163
164 // No referer if it contains any value in $loopCriteria.
165 foreach ($loopTerms as $value) {
166 if (strpos($referer, $value) !== false) {
d01c2342 167 return $finalReferer;
775803a0
A
168 }
169 }
170
171 // Remove port from HTTP_HOST
172 if ($pos = strpos($host, ':')) {
173 $host = substr($host, 0, $pos);
174 }
175
d01c2342
A
176 $refererHost = parse_url($referer, PHP_URL_HOST);
177 if (!empty($referer) && (strpos($refererHost, $host) !== false || startsWith('?', $refererHost))) {
178 $finalReferer = $referer;
775803a0
A
179 }
180
d01c2342 181 return $finalReferer;
775803a0 182}
d1e2f8e5 183
7b63e4ca
A
184/**
185 * Sniff browser language to set the locale automatically.
186 * Note that is may not work on your server if the corresponding locale is not installed.
187 *
188 * @param string $headerLocale Locale send in HTTP headers (e.g. "fr,fr-fr;q=0.8,en;q=0.5,en-us;q=0.3").
189 **/
190function autoLocale($headerLocale)
191{
192 // Default if browser does not send HTTP_ACCEPT_LANGUAGE
03b9cb60
A
193 $locales = array('en_US', 'en_US.utf8', 'en_US.UTF-8');
194 if (! empty($headerLocale)) {
195 if (preg_match_all('/([a-z]{2,3})[-_]?([a-z]{2})?,?/i', $headerLocale, $matches, PREG_SET_ORDER)) {
196 $attempts = [];
197 foreach ($matches as $match) {
198 $first = [strtolower($match[1]), strtoupper($match[1])];
199 $separators = ['_', '-'];
200 $encodings = ['utf8', 'UTF-8'];
201 if (!empty($match[2])) {
202 $second = [strtoupper($match[2]), strtolower($match[2])];
203 $items = [$first, $separators, $second, ['.'], $encodings];
204 } else {
205 $items = [$first, $separators, $first, ['.'], $encodings];
206 }
207 $attempts = array_merge($attempts, iterator_to_array(cartesian_product_generator($items)));
208 }
209
210 if (! empty($attempts)) {
211 $locales = array_merge(array_map('implode', $attempts), $locales);
1255a42c 212 }
7b63e4ca
A
213 }
214 }
03b9cb60
A
215
216 setlocale(LC_ALL, $locales);
9ccca401 217}
cbfdcff2 218
1255a42c 219/**
52b50310 220 * Build a Generator object representing the cartesian product from given $items.
1255a42c
A
221 *
222 * Example:
223 * [['a'], ['b', 'c']]
224 * will generate:
52b50310
A
225 * [
226 * ['a', 'b'],
227 * ['a', 'c'],
228 * ]
1255a42c
A
229 *
230 * @param array $items array of array of string
231 *
52b50310
A
232 * @return Generator representing the cartesian product of given array.
233 *
234 * @see https://en.wikipedia.org/wiki/Cartesian_product
1255a42c 235 */
52b50310 236function cartesian_product_generator($items)
1255a42c 237{
52b50310
A
238 if (empty($items)) {
239 yield [];
240 }
241 $subArray = array_pop($items);
242 if (empty($subArray)) {
243 return;
244 }
245 foreach (cartesian_product_generator($items) as $item) {
246 foreach ($subArray as $value) {
247 yield $item + [count($item) => $value];
1255a42c 248 }
1255a42c 249 }
1255a42c
A
250}
251
cbfdcff2
A
252/**
253 * Generates a default API secret.
254 *
255 * Note that the random-ish methods used in this function are predictable,
256 * which makes them NOT suitable for crypto.
257 * BUT the random string is salted with the salt and hashed with the username.
258 * It makes the generated API secret secured enough for Shaarli.
259 *
260 * PHP 7 provides random_int(), designed for cryptography.
261 * More info: http://stackoverflow.com/questions/4356289/php-random-string-generator
262
263 * @param string $username Shaarli login username
264 * @param string $salt Shaarli password hash salt
265 *
266 * @return string|bool Generated API secret, 12 char length.
267 * Or false if invalid parameters are provided (which will make the API unusable).
268 */
269function generate_api_secret($username, $salt)
270{
271 if (empty($username) || empty($salt)) {
272 return false;
273 }
274
275 return str_shuffle(substr(hash_hmac('sha512', uniqid($salt), $username), 10, 12));
276}
b3051a6a
A
277
278/**
279 * Trim string, replace sequences of whitespaces by a single space.
280 * PHP equivalent to `normalize-space` XSLT function.
281 *
282 * @param string $string Input string.
283 *
284 * @return mixed Normalized string.
285 */
286function normalize_spaces($string)
287{
288 return preg_replace('/\s{2,}/', ' ', trim($string));
289}
52b50310
A
290
291/**
292 * Format the date according to the locale.
293 *
294 * Requires php-intl to display international datetimes,
295 * otherwise default format '%c' will be returned.
296 *
297 * @param DateTime $date to format.
81bd104d 298 * @param bool $time Displays time if true.
52b50310
A
299 * @param bool $intl Use international format if true.
300 *
301 * @return bool|string Formatted date, or false if the input is invalid.
302 */
81bd104d 303function format_date($date, $time = true, $intl = true)
52b50310
A
304{
305 if (! $date instanceof DateTime) {
306 return false;
307 }
308
309 if (! $intl || ! class_exists('IntlDateFormatter')) {
81bd104d
A
310 $format = $time ? '%c' : '%x';
311 return strftime($format, $date->getTimestamp());
52b50310
A
312 }
313
314 $formatter = new IntlDateFormatter(
315 setlocale(LC_TIME, 0),
316 IntlDateFormatter::LONG,
81bd104d 317 $time ? IntlDateFormatter::LONG : IntlDateFormatter::NONE
52b50310
A
318 );
319
320 return $formatter->format($date);
321}
84315a3b
A
322
323/**
324 * Check if the input is an integer, no matter its real type.
325 *
326 * PHP is a bit messy regarding this:
327 * - is_int returns false if the input is a string
328 * - ctype_digit returns false if the input is an integer or negative
329 *
330 * @param mixed $input value
331 *
332 * @return bool true if the input is an integer, false otherwise
333 */
334function is_integer_mixed($input)
335{
336 if (is_array($input) || is_bool($input) || is_object($input)) {
337 return false;
338 }
339 $input = strval($input);
340 return ctype_digit($input) || (startsWith($input, '-') && ctype_digit(substr($input, 1)));
341}
342
343/**
344 * Convert post_max_size/upload_max_filesize (e.g. '16M') parameters to bytes.
345 *
346 * @param string $val Size expressed in string.
347 *
348 * @return int Size expressed in bytes.
349 */
350function return_bytes($val)
351{
352 if (is_integer_mixed($val) || $val === '0' || empty($val)) {
353 return $val;
354 }
355 $val = trim($val);
356 $last = strtolower($val[strlen($val)-1]);
357 $val = intval(substr($val, 0, -1));
358 switch($last) {
359 case 'g': $val *= 1024;
360 case 'm': $val *= 1024;
361 case 'k': $val *= 1024;
362 }
363 return $val;
364}
365
366/**
367 * Return a human readable size from bytes.
368 *
369 * @param int $bytes value
370 *
371 * @return string Human readable size
372 */
373function human_bytes($bytes)
374{
375 if ($bytes === '') {
376 return t('Setting not set');
377 }
378 if (! is_integer_mixed($bytes)) {
379 return $bytes;
380 }
381 $bytes = intval($bytes);
382 if ($bytes === 0) {
383 return t('Unlimited');
384 }
385
386 $units = [t('B'), t('kiB'), t('MiB'), t('GiB')];
387 for ($i = 0; $i < count($units) && $bytes >= 1024; ++$i) {
388 $bytes /= 1024;
389 }
390
6a19124a 391 return round($bytes) . $units[$i];
84315a3b
A
392}
393
394/**
395 * Try to determine max file size for uploads (POST).
6a19124a 396 * Returns an integer (in bytes) or formatted depending on $format.
84315a3b
A
397 *
398 * @param mixed $limitPost post_max_size PHP setting
399 * @param mixed $limitUpload upload_max_filesize PHP setting
6a19124a 400 * @param bool $format Format max upload size to human readable size
84315a3b 401 *
6a19124a 402 * @return int|string max upload file size
84315a3b 403 */
6a19124a 404function get_max_upload_size($limitPost, $limitUpload, $format = true)
84315a3b
A
405{
406 $size1 = return_bytes($limitPost);
407 $size2 = return_bytes($limitUpload);
408 // Return the smaller of two:
409 $maxsize = min($size1, $size2);
6a19124a 410 return $format ? human_bytes($maxsize) : $maxsize;
84315a3b 411}
aa4797ba
A
412
413/**
414 * Sort the given array alphabetically using php-intl if available.
415 * Case sensitive.
416 *
417 * Note: doesn't support multidimensional arrays
418 *
419 * @param array $data Input array, passed by reference
420 * @param bool $reverse Reverse sort if set to true
421 * @param bool $byKeys Sort the array by keys if set to true, by value otherwise.
422 */
423function alphabetical_sort(&$data, $reverse = false, $byKeys = false)
424{
12266213 425 $callback = function ($a, $b) use ($reverse) {
aa4797ba
A
426 // Collator is part of PHP intl.
427 if (class_exists('Collator')) {
428 $collator = new Collator(setlocale(LC_COLLATE, 0));
429 if (!intl_is_failure(intl_get_error_code())) {
430 return $collator->compare($a, $b) * ($reverse ? -1 : 1);
431 }
432 }
433
434 return strcasecmp($a, $b) * ($reverse ? -1 : 1);
435 };
436
437 if ($byKeys) {
438 uksort($data, $callback);
439 } else {
440 usort($data, $callback);
441 }
442}
12266213
A
443
444/**
445 * Wrapper function for translation which match the API
446 * of gettext()/_() and ngettext().
447 *
448 * @param string $text Text to translate.
449 * @param string $nText The plural message ID.
450 * @param int $nb The number of items for plural forms.
451 * @param string $domain The domain where the translation is stored (default: shaarli).
452 *
6a65bc57 453 * @return string Text translated.
12266213
A
454 */
455function t($text, $nText = '', $nb = 1, $domain = 'shaarli') {
456 return dn__($domain, $text, $nText, $nb);
457}