]>
Commit | Line | Data |
---|---|---|
45034273 | 1 | <?php |
49e2b35b | 2 | /** |
b786c883 | 3 | * Shaarli - The personal, minimalist, super-fast, database free, bookmarking service. |
49e2b35b V |
4 | * |
5 | * Friendly fork by the Shaarli community: | |
6 | * - https://github.com/shaarli/Shaarli | |
7 | * | |
8 | * Original project by sebsauvage.net: | |
9 | * - http://sebsauvage.net/wiki/doku.php?id=php:shaarli | |
10 | * - https://github.com/sebsauvage/Shaarli | |
11 | * | |
12 | * Licence: http://www.opensource.org/licenses/zlib-license.php | |
49e2b35b | 13 | */ |
afd7b77b V |
14 | |
15 | // Set 'UTC' as the default timezone if it is not defined in php.ini | |
16 | // See http://php.net/manual/en/datetime.configuration.php#ini.date.timezone | |
17 | if (date_default_timezone_get() == '') { | |
18 | date_default_timezone_set('UTC'); | |
19 | } | |
cb49ab94 | 20 | |
28bb2b74 V |
21 | /* |
22 | * PHP configuration | |
23 | */ | |
28bb2b74 | 24 | |
ae00595b | 25 | // http://server.com/x/shaarli --> /shaarli/ |
684e662a | 26 | define('WEB_PATH', substr($_SERVER['REQUEST_URI'], 0, 1+strrpos($_SERVER['REQUEST_URI'], '/', 0))); |
45034273 | 27 | |
28bb2b74 | 28 | // High execution time in case of problematic imports/exports. |
93bf0918 | 29 | ini_set('max_input_time', '60'); |
28bb2b74 V |
30 | |
31 | // Try to set max upload file size and read | |
32 | ini_set('memory_limit', '128M'); | |
45034273 SS |
33 | ini_set('post_max_size', '16M'); |
34 | ini_set('upload_max_filesize', '16M'); | |
45034273 | 35 | |
28bb2b74 V |
36 | // See all error except warnings |
37 | error_reporting(E_ALL^E_WARNING); | |
50c9a12e | 38 | |
a973afea | 39 | // 3rd-party libraries |
52831753 V |
40 | if (! file_exists(__DIR__ . '/vendor/autoload.php')) { |
41 | header('Content-Type: text/plain; charset=utf-8'); | |
42 | echo "Error: missing Composer configuration\n\n" | |
43 | ."If you installed Shaarli through Git or using the development branch,\n" | |
44 | ."please refer to the installation documentation to install PHP" | |
45 | ." dependencies using Composer:\n" | |
87f14312 | 46 | ."- https://shaarli.readthedocs.io/en/master/Server-configuration/\n" |
cc8f572b | 47 | ."- https://shaarli.readthedocs.io/en/master/Download-and-Installation/"; |
52831753 V |
48 | exit; |
49 | } | |
a973afea V |
50 | require_once 'inc/rain.tpl.class.php'; |
51 | require_once __DIR__ . '/vendor/autoload.php'; | |
52 | ||
ca74886f | 53 | // Shaarli library |
fe3713d2 | 54 | require_once 'application/bookmark/LinkUtils.php'; |
e6cd773f | 55 | require_once 'application/config/ConfigPlugin.php'; |
51753e40 V |
56 | require_once 'application/http/HttpUtils.php'; |
57 | require_once 'application/http/UrlUtils.php'; | |
bcf056c9 | 58 | require_once 'application/updater/UpdaterUtils.php'; |
2e28269b | 59 | require_once 'application/FileUtils.php'; |
d1e2f8e5 | 60 | require_once 'application/TimeZone.php'; |
ca74886f | 61 | require_once 'application/Utils.php'; |
f24896b2 | 62 | |
6c50a6cc | 63 | use Shaarli\ApplicationUtils; |
6c50a6cc A |
64 | use Shaarli\Config\ConfigManager; |
65 | use Shaarli\Container\ContainerBuilder; | |
6c50a6cc | 66 | use Shaarli\Languages; |
6c50a6cc | 67 | use Shaarli\Plugin\PluginManager; |
c4ad3d4f | 68 | use Shaarli\Security\CookieManager; |
6c50a6cc A |
69 | use Shaarli\Security\LoginManager; |
70 | use Shaarli\Security\SessionManager; | |
6c50a6cc | 71 | use Slim\App; |
ca74886f | 72 | |
d1e2f8e5 V |
73 | // Ensure the PHP version is supported |
74 | try { | |
b405a44f | 75 | ApplicationUtils::checkPHPVersion('7.1', PHP_VERSION); |
93bf0918 | 76 | } catch (Exception $exc) { |
d1e2f8e5 | 77 | header('Content-Type: text/plain; charset=utf-8'); |
2e28269b | 78 | echo $exc->getMessage(); |
d1e2f8e5 V |
79 | exit; |
80 | } | |
81 | ||
b3e1f92e | 82 | define('SHAARLI_VERSION', ApplicationUtils::getVersion(__DIR__ .'/'. ApplicationUtils::$VERSION_FILE)); |
b786c883 | 83 | |
06b6660a A |
84 | // Force cookie path (but do not change lifetime) |
85 | $cookie = session_get_cookie_params(); | |
86 | $cookiedir = ''; | |
87 | if (dirname($_SERVER['SCRIPT_NAME']) != '/') { | |
88 | $cookiedir = dirname($_SERVER["SCRIPT_NAME"]).'/'; | |
89 | } | |
90 | // Set default cookie expiration and path. | |
91 | session_set_cookie_params($cookie['lifetime'], $cookiedir, $_SERVER['SERVER_NAME']); | |
92 | // Set session parameters on server side. | |
06b6660a A |
93 | // Use cookies to store session. |
94 | ini_set('session.use_cookies', 1); | |
95 | // Force cookies for session (phpsessionID forbidden in URL). | |
96 | ini_set('session.use_only_cookies', 1); | |
97 | // Prevent PHP form using sessionID in URL if cookies are disabled. | |
98 | ini_set('session.use_trans_sid', false); | |
99 | ||
06b6660a A |
100 | session_name('shaarli'); |
101 | // Start session if needed (Some server auto-start sessions). | |
f6380409 | 102 | if (session_status() == PHP_SESSION_NONE) { |
06b6660a A |
103 | session_start(); |
104 | } | |
105 | ||
68bc2135 | 106 | // Regenerate session ID if invalid or not defined in cookie. |
fd7d8461 | 107 | if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli'])) { |
68bc2135 V |
108 | session_regenerate_id(true); |
109 | $_COOKIE['shaarli'] = session_id(); | |
110 | } | |
111 | ||
278d9ee2 | 112 | $conf = new ConfigManager(); |
cf92b4dd A |
113 | |
114 | // In dev mode, throw exception on any warning | |
115 | if ($conf->get('dev.debug', false)) { | |
116 | // See all errors (for debugging only) | |
117 | error_reporting(-1); | |
118 | ||
c4ad3d4f | 119 | set_error_handler(function ($errno, $errstr, $errfile, $errline, array $errcontext) { |
cf92b4dd A |
120 | throw new ErrorException($errstr, 0, $errno, $errfile, $errline); |
121 | }); | |
122 | } | |
123 | ||
c4ad3d4f A |
124 | $sessionManager = new SessionManager($_SESSION, $conf, session_save_path()); |
125 | $cookieManager = new CookieManager($_COOKIE); | |
126 | $loginManager = new LoginManager($conf, $sessionManager, $cookieManager); | |
c689e108 | 127 | $loginManager->generateStaySignedInToken($_SERVER['REMOTE_ADDR']); |
84742084 | 128 | $clientIpId = client_ip_id($_SERVER); |
12266213 | 129 | |
b7c412d4 A |
130 | // LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead. |
131 | if (! defined('LC_MESSAGES')) { | |
132 | define('LC_MESSAGES', LC_COLLATE); | |
133 | } | |
134 | ||
12266213 A |
135 | // Sniff browser language and set date format accordingly. |
136 | if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { | |
137 | autoLocale($_SERVER['HTTP_ACCEPT_LANGUAGE']); | |
138 | } | |
139 | ||
140 | new Languages(setlocale(LC_MESSAGES, 0), $conf); | |
141 | ||
7f179985 | 142 | $conf->setEmpty('general.timezone', date_default_timezone_get()); |
cf92b4dd | 143 | $conf->setEmpty('general.title', t('Shared bookmarks on '). escape(index_url($_SERVER))); |
adc4aee8 | 144 | RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme').'/'; // template directory |
894a3c4b | 145 | RainTPL::$cache_dir = $conf->get('resource.raintpl_tmp'); // cache directory |
45034273 | 146 | |
278d9ee2 | 147 | $pluginManager = new PluginManager($conf); |
da10377b | 148 | $pluginManager->load($conf->get('general.enabled_plugins')); |
6fc14d53 | 149 | |
da10377b | 150 | date_default_timezone_set($conf->get('general.timezone', 'UTC')); |
d93d51b2 | 151 | |
45034273 SS |
152 | ob_start(); // Output buffering for the page cache. |
153 | ||
45034273 SS |
154 | // Prevent caching on client side or proxy: (yes, it's ugly) |
155 | header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); | |
156 | header("Cache-Control: no-store, no-cache, must-revalidate"); | |
157 | header("Cache-Control: post-check=0, pre-check=0", false); | |
158 | header("Pragma: no-cache"); | |
159 | ||
c4ad3d4f | 160 | $loginManager->checkLoginState($clientIpId); |
45034273 | 161 | |
45034273 SS |
162 | // ------------------------------------------------------------------------------------------ |
163 | // Process login form: Check if login/password is correct. | |
db45a36a | 164 | if (isset($_POST['login'])) { |
44acf706 V |
165 | if (! $loginManager->canLogin($_SERVER)) { |
166 | die(t('I said: NO. You are banned for the moment. Go away.')); | |
167 | } | |
278d9ee2 | 168 | if (isset($_POST['password']) |
ebd650c0 | 169 | && $sessionManager->checkToken($_POST['token']) |
84742084 | 170 | && $loginManager->checkCredentials($_SERVER['REMOTE_ADDR'], $clientIpId, $_POST['login'], $_POST['password']) |
44acf706 | 171 | ) { |
44acf706 V |
172 | $loginManager->handleSuccessfulLogin($_SERVER); |
173 | ||
51f0128c V |
174 | $cookiedir = ''; |
175 | if (dirname($_SERVER['SCRIPT_NAME']) != '/') { | |
ad6c27b7 | 176 | // Note: Never forget the trailing slash on the cookie path! |
51f0128c | 177 | $cookiedir = dirname($_SERVER["SCRIPT_NAME"]) . '/'; |
45034273 | 178 | } |
51f0128c V |
179 | |
180 | if (!empty($_POST['longlastingsession'])) { | |
181 | // Keep the session cookie even after the browser closes | |
182 | $sessionManager->setStaySignedIn(true); | |
183 | $expirationTime = $sessionManager->extendSession(); | |
184 | ||
185 | setcookie( | |
c4ad3d4f | 186 | CookieManager::STAY_SIGNED_IN, |
c689e108 | 187 | $loginManager->getStaySignedInToken(), |
51f0128c V |
188 | $expirationTime, |
189 | WEB_PATH | |
190 | ); | |
51f0128c V |
191 | } else { |
192 | // Standard session expiration (=when browser closes) | |
193 | $expirationTime = 0; | |
45034273 | 194 | } |
f4c84ad7 | 195 | |
51f0128c | 196 | // Send cookie with the new expiration date to the browser |
09390a50 | 197 | session_destroy(); |
51f0128c | 198 | session_set_cookie_params($expirationTime, $cookiedir, $_SERVER['SERVER_NAME']); |
09390a50 | 199 | session_start(); |
51f0128c V |
200 | session_regenerate_id(true); |
201 | ||
45034273 | 202 | // Optional redirect after login: |
5fbabbb9 | 203 | if (isset($_GET['post'])) { |
9e4cc28e | 204 | $uri = './?post='. urlencode($_GET['post']); |
0b04f797 | 205 | foreach (array('description', 'source', 'title', 'tags') as $param) { |
5fbabbb9 A |
206 | if (!empty($_GET[$param])) { |
207 | $uri .= '&'.$param.'='.urlencode($_GET[$param]); | |
208 | } | |
209 | } | |
210 | header('Location: '. $uri); | |
211 | exit; | |
212 | } | |
213 | ||
214 | if (isset($_GET['edit_link'])) { | |
9e4cc28e | 215 | header('Location: ./?edit_link='. escape($_GET['edit_link'])); |
5fbabbb9 A |
216 | exit; |
217 | } | |
218 | ||
219 | if (isset($_POST['returnurl'])) { | |
220 | // Prevent loops over login screen. | |
9e4cc28e | 221 | if (strpos($_POST['returnurl'], '/login') === false) { |
e15f08d7 | 222 | header('Location: '. generateLocation($_POST['returnurl'], $_SERVER['HTTP_HOST'])); |
5fbabbb9 A |
223 | exit; |
224 | } | |
45034273 | 225 | } |
9e4cc28e | 226 | header('Location: ./?'); |
93bf0918 | 227 | exit; |
44acf706 V |
228 | } else { |
229 | $loginManager->handleFailedLogin($_SERVER); | |
9e4cc28e | 230 | $redir = '?username='. urlencode($_POST['login']); |
5fbabbb9 | 231 | if (isset($_GET['post'])) { |
85c4bdc2 | 232 | $redir .= '&post=' . urlencode($_GET['post']); |
0b04f797 | 233 | foreach (array('description', 'source', 'title', 'tags') as $param) { |
5fbabbb9 A |
234 | if (!empty($_GET[$param])) { |
235 | $redir .= '&' . $param . '=' . urlencode($_GET[$param]); | |
236 | } | |
237 | } | |
238 | } | |
12266213 | 239 | // Redirect to login screen. |
9e4cc28e | 240 | echo '<script>alert("'. t("Wrong login/password.") .'");document.location=\'./login'.$redir.'\';</script>'; |
45034273 SS |
241 | exit; |
242 | } | |
243 | } | |
244 | ||
45034273 SS |
245 | // ------------------------------------------------------------------------------------------ |
246 | // Token management for XSRF protection | |
247 | // Token should be used in any form which acts on data (create,update,delete,import...). | |
93bf0918 V |
248 | if (!isset($_SESSION['tokens'])) { |
249 | $_SESSION['tokens']=array(); // Token are attached to the session. | |
250 | } | |
45034273 | 251 | |
684e662a | 252 | if (!isset($_SESSION['LINKS_PER_PAGE'])) { |
da10377b | 253 | $_SESSION['LINKS_PER_PAGE'] = $conf->get('general.links_per_page', 20); |
684e662a | 254 | } |
18e67967 | 255 | |
c4ad3d4f | 256 | $containerBuilder = new ContainerBuilder($conf, $sessionManager, $cookieManager, $loginManager); |
6c50a6cc A |
257 | $container = $containerBuilder->build(); |
258 | $app = new App($container); | |
18e67967 A |
259 | |
260 | // REST API routes | |
93bf0918 | 261 | $app->group('/api/v1', function () { |
68016e37 | 262 | $this->get('/info', '\Shaarli\Api\Controllers\Info:getInfo')->setName('getInfo'); |
20433ea7 A |
263 | $this->get('/links', '\Shaarli\Api\Controllers\Links:getLinks')->setName('getLinks'); |
264 | $this->get('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:getLink')->setName('getLink'); | |
265 | $this->post('/links', '\Shaarli\Api\Controllers\Links:postLink')->setName('postLink'); | |
266 | $this->put('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:putLink')->setName('putLink'); | |
267 | $this->delete('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:deleteLink')->setName('deleteLink'); | |
d3f42ca4 A |
268 | |
269 | $this->get('/tags', '\Shaarli\Api\Controllers\Tags:getTags')->setName('getTags'); | |
270 | $this->get('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:getTag')->setName('getTag'); | |
271 | $this->put('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:putTag')->setName('putTag'); | |
272 | $this->delete('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:deleteTag')->setName('deleteTag'); | |
273 | ||
18d2d3ae | 274 | $this->get('/history', '\Shaarli\Api\Controllers\HistoryController:getHistory')->setName('getHistory'); |
465b1c40 | 275 | })->add('\Shaarli\Api\ApiMiddleware'); |
18e67967 | 276 | |
6c50a6cc | 277 | $app->group('', function () { |
c4ad3d4f A |
278 | $this->get('/install', '\Shaarli\Front\Controller\Visitor\InstallController:index')->setName('displayInstall'); |
279 | $this->get('/install/session-test', '\Shaarli\Front\Controller\Visitor\InstallController:sessionTest'); | |
280 | $this->post('/install', '\Shaarli\Front\Controller\Visitor\InstallController:save')->setName('saveInstall'); | |
281 | ||
2899ebb5 | 282 | /* -- PUBLIC --*/ |
1a8ac737 A |
283 | $this->get('/', '\Shaarli\Front\Controller\Visitor\BookmarkListController:index'); |
284 | $this->get('/shaare/{hash}', '\Shaarli\Front\Controller\Visitor\BookmarkListController:permalink'); | |
285 | $this->get('/login', '\Shaarli\Front\Controller\Visitor\LoginController:index')->setName('login'); | |
9c75f877 A |
286 | $this->get('/picture-wall', '\Shaarli\Front\Controller\Visitor\PictureWallController:index'); |
287 | $this->get('/tags/cloud', '\Shaarli\Front\Controller\Visitor\TagCloudController:cloud'); | |
288 | $this->get('/tags/list', '\Shaarli\Front\Controller\Visitor\TagCloudController:list'); | |
289 | $this->get('/daily', '\Shaarli\Front\Controller\Visitor\DailyController:index'); | |
1a8ac737 A |
290 | $this->get('/daily-rss', '\Shaarli\Front\Controller\Visitor\DailyController:rss')->setName('rss'); |
291 | $this->get('/feed/atom', '\Shaarli\Front\Controller\Visitor\FeedController:atom')->setName('atom'); | |
9c75f877 A |
292 | $this->get('/feed/rss', '\Shaarli\Front\Controller\Visitor\FeedController:rss'); |
293 | $this->get('/open-search', '\Shaarli\Front\Controller\Visitor\OpenSearchController:index'); | |
294 | ||
295 | $this->get('/add-tag/{newTag}', '\Shaarli\Front\Controller\Visitor\TagController:addTag'); | |
296 | $this->get('/remove-tag/{tag}', '\Shaarli\Front\Controller\Visitor\TagController:removeTag'); | |
2899ebb5 A |
297 | |
298 | /* -- LOGGED IN -- */ | |
9c75f877 A |
299 | $this->get('/logout', '\Shaarli\Front\Controller\Admin\LogoutController:index'); |
300 | $this->get('/admin/tools', '\Shaarli\Front\Controller\Admin\ToolsController:index'); | |
301 | $this->get('/admin/password', '\Shaarli\Front\Controller\Admin\PasswordController:index'); | |
302 | $this->post('/admin/password', '\Shaarli\Front\Controller\Admin\PasswordController:change'); | |
303 | $this->get('/admin/configure', '\Shaarli\Front\Controller\Admin\ConfigureController:index'); | |
304 | $this->post('/admin/configure', '\Shaarli\Front\Controller\Admin\ConfigureController:save'); | |
305 | $this->get('/admin/tags', '\Shaarli\Front\Controller\Admin\ManageTagController:index'); | |
306 | $this->post('/admin/tags', '\Shaarli\Front\Controller\Admin\ManageTagController:save'); | |
baa69791 A |
307 | $this->get('/admin/add-shaare', '\Shaarli\Front\Controller\Admin\ManageShaareController:addShaare'); |
308 | $this->get('/admin/shaare', '\Shaarli\Front\Controller\Admin\ManageShaareController:displayCreateForm'); | |
309 | $this->get('/admin/shaare/{id:[0-9]+}', '\Shaarli\Front\Controller\Admin\ManageShaareController:displayEditForm'); | |
310 | $this->post('/admin/shaare', '\Shaarli\Front\Controller\Admin\ManageShaareController:save'); | |
311 | $this->get('/admin/shaare/delete', '\Shaarli\Front\Controller\Admin\ManageShaareController:deleteBookmark'); | |
7b8a6f28 | 312 | $this->get('/admin/shaare/visibility', '\Shaarli\Front\Controller\Admin\ManageShaareController:changeVisibility'); |
3447d888 | 313 | $this->get('/admin/shaare/{id:[0-9]+}/pin', '\Shaarli\Front\Controller\Admin\ManageShaareController:pinBookmark'); |
6132d647 A |
314 | $this->patch( |
315 | '/admin/shaare/{id:[0-9]+}/update-thumbnail', | |
316 | '\Shaarli\Front\Controller\Admin\ThumbnailsController:ajaxUpdate' | |
317 | ); | |
c70ff64a A |
318 | $this->get('/admin/export', '\Shaarli\Front\Controller\Admin\ExportController:index'); |
319 | $this->post('/admin/export', '\Shaarli\Front\Controller\Admin\ExportController:export'); | |
78657347 A |
320 | $this->get('/admin/import', '\Shaarli\Front\Controller\Admin\ImportController:index'); |
321 | $this->post('/admin/import', '\Shaarli\Front\Controller\Admin\ImportController:import'); | |
1b8620b1 A |
322 | $this->get('/admin/plugins', '\Shaarli\Front\Controller\Admin\PluginsController:index'); |
323 | $this->post('/admin/plugins', '\Shaarli\Front\Controller\Admin\PluginsController:save'); | |
764d34a7 | 324 | $this->get('/admin/token', '\Shaarli\Front\Controller\Admin\TokenController:getToken'); |
6132d647 | 325 | $this->get('/admin/thumbnails', '\Shaarli\Front\Controller\Admin\ThumbnailsController:index'); |
9c75f877 A |
326 | |
327 | $this->get('/links-per-page', '\Shaarli\Front\Controller\Admin\SessionFilterController:linksPerPage'); | |
328 | $this->get('/visibility/{visibility}', '\Shaarli\Front\Controller\Admin\SessionFilterController:visibility'); | |
329 | $this->get('/untagged-only', '\Shaarli\Front\Controller\Admin\SessionFilterController:untaggedOnly'); | |
6c50a6cc A |
330 | })->add('\Shaarli\Front\ShaarliMiddleware'); |
331 | ||
18e67967 | 332 | $response = $app->run(true); |
5d9bc40d | 333 | |
1a8ac737 | 334 | $app->respond($response); |