]>
Commit | Line | Data |
---|---|---|
1 | <?php | |
2 | /** | |
3 | * Shaarli - The personal, minimalist, super-fast, database free, bookmarking service. | |
4 | * | |
5 | * Friendly fork by the Shaarli community: | |
6 | * - https://github.com/shaarli/Shaarli | |
7 | * | |
8 | * Original project by sebsauvage.net: | |
9 | * - http://sebsauvage.net/wiki/doku.php?id=php:shaarli | |
10 | * - https://github.com/sebsauvage/Shaarli | |
11 | * | |
12 | * Licence: http://www.opensource.org/licenses/zlib-license.php | |
13 | */ | |
14 | ||
15 | // Set 'UTC' as the default timezone if it is not defined in php.ini | |
16 | // See http://php.net/manual/en/datetime.configuration.php#ini.date.timezone | |
17 | if (date_default_timezone_get() == '') { | |
18 | date_default_timezone_set('UTC'); | |
19 | } | |
20 | ||
21 | /* | |
22 | * PHP configuration | |
23 | */ | |
24 | ||
25 | // http://server.com/x/shaarli --> /shaarli/ | |
26 | define('WEB_PATH', substr($_SERVER['REQUEST_URI'], 0, 1+strrpos($_SERVER['REQUEST_URI'], '/', 0))); | |
27 | ||
28 | // High execution time in case of problematic imports/exports. | |
29 | ini_set('max_input_time', '60'); | |
30 | ||
31 | // Try to set max upload file size and read | |
32 | ini_set('memory_limit', '128M'); | |
33 | ini_set('post_max_size', '16M'); | |
34 | ini_set('upload_max_filesize', '16M'); | |
35 | ||
36 | // See all error except warnings | |
37 | error_reporting(E_ALL^E_WARNING); | |
38 | ||
39 | // 3rd-party libraries | |
40 | if (! file_exists(__DIR__ . '/vendor/autoload.php')) { | |
41 | header('Content-Type: text/plain; charset=utf-8'); | |
42 | echo "Error: missing Composer configuration\n\n" | |
43 | ."If you installed Shaarli through Git or using the development branch,\n" | |
44 | ."please refer to the installation documentation to install PHP" | |
45 | ." dependencies using Composer:\n" | |
46 | ."- https://shaarli.readthedocs.io/en/master/Server-configuration/\n" | |
47 | ."- https://shaarli.readthedocs.io/en/master/Download-and-Installation/"; | |
48 | exit; | |
49 | } | |
50 | require_once 'inc/rain.tpl.class.php'; | |
51 | require_once __DIR__ . '/vendor/autoload.php'; | |
52 | ||
53 | // Shaarli library | |
54 | require_once 'application/bookmark/LinkUtils.php'; | |
55 | require_once 'application/config/ConfigPlugin.php'; | |
56 | require_once 'application/http/HttpUtils.php'; | |
57 | require_once 'application/http/UrlUtils.php'; | |
58 | require_once 'application/updater/UpdaterUtils.php'; | |
59 | require_once 'application/FileUtils.php'; | |
60 | require_once 'application/TimeZone.php'; | |
61 | require_once 'application/Utils.php'; | |
62 | ||
63 | use Shaarli\ApplicationUtils; | |
64 | use Shaarli\Config\ConfigManager; | |
65 | use Shaarli\Container\ContainerBuilder; | |
66 | use Shaarli\Languages; | |
67 | use Shaarli\Plugin\PluginManager; | |
68 | use Shaarli\Security\CookieManager; | |
69 | use Shaarli\Security\LoginManager; | |
70 | use Shaarli\Security\SessionManager; | |
71 | use Slim\App; | |
72 | ||
73 | // Ensure the PHP version is supported | |
74 | try { | |
75 | ApplicationUtils::checkPHPVersion('7.1', PHP_VERSION); | |
76 | } catch (Exception $exc) { | |
77 | header('Content-Type: text/plain; charset=utf-8'); | |
78 | echo $exc->getMessage(); | |
79 | exit; | |
80 | } | |
81 | ||
82 | define('SHAARLI_VERSION', ApplicationUtils::getVersion(__DIR__ .'/'. ApplicationUtils::$VERSION_FILE)); | |
83 | ||
84 | // Force cookie path (but do not change lifetime) | |
85 | $cookie = session_get_cookie_params(); | |
86 | $cookiedir = ''; | |
87 | if (dirname($_SERVER['SCRIPT_NAME']) != '/') { | |
88 | $cookiedir = dirname($_SERVER["SCRIPT_NAME"]).'/'; | |
89 | } | |
90 | // Set default cookie expiration and path. | |
91 | session_set_cookie_params($cookie['lifetime'], $cookiedir, $_SERVER['SERVER_NAME']); | |
92 | // Set session parameters on server side. | |
93 | // Use cookies to store session. | |
94 | ini_set('session.use_cookies', 1); | |
95 | // Force cookies for session (phpsessionID forbidden in URL). | |
96 | ini_set('session.use_only_cookies', 1); | |
97 | // Prevent PHP form using sessionID in URL if cookies are disabled. | |
98 | ini_set('session.use_trans_sid', false); | |
99 | ||
100 | session_name('shaarli'); | |
101 | // Start session if needed (Some server auto-start sessions). | |
102 | if (session_status() == PHP_SESSION_NONE) { | |
103 | session_start(); | |
104 | } | |
105 | ||
106 | // Regenerate session ID if invalid or not defined in cookie. | |
107 | if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli'])) { | |
108 | session_regenerate_id(true); | |
109 | $_COOKIE['shaarli'] = session_id(); | |
110 | } | |
111 | ||
112 | $conf = new ConfigManager(); | |
113 | ||
114 | // In dev mode, throw exception on any warning | |
115 | if ($conf->get('dev.debug', false)) { | |
116 | // See all errors (for debugging only) | |
117 | error_reporting(-1); | |
118 | ||
119 | set_error_handler(function ($errno, $errstr, $errfile, $errline, array $errcontext) { | |
120 | throw new ErrorException($errstr, 0, $errno, $errfile, $errline); | |
121 | }); | |
122 | } | |
123 | ||
124 | $sessionManager = new SessionManager($_SESSION, $conf, session_save_path()); | |
125 | $cookieManager = new CookieManager($_COOKIE); | |
126 | $loginManager = new LoginManager($conf, $sessionManager, $cookieManager); | |
127 | $loginManager->generateStaySignedInToken($_SERVER['REMOTE_ADDR']); | |
128 | $clientIpId = client_ip_id($_SERVER); | |
129 | ||
130 | // LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead. | |
131 | if (! defined('LC_MESSAGES')) { | |
132 | define('LC_MESSAGES', LC_COLLATE); | |
133 | } | |
134 | ||
135 | // Sniff browser language and set date format accordingly. | |
136 | if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { | |
137 | autoLocale($_SERVER['HTTP_ACCEPT_LANGUAGE']); | |
138 | } | |
139 | ||
140 | new Languages(setlocale(LC_MESSAGES, 0), $conf); | |
141 | ||
142 | $conf->setEmpty('general.timezone', date_default_timezone_get()); | |
143 | $conf->setEmpty('general.title', t('Shared bookmarks on '). escape(index_url($_SERVER))); | |
144 | RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme').'/'; // template directory | |
145 | RainTPL::$cache_dir = $conf->get('resource.raintpl_tmp'); // cache directory | |
146 | ||
147 | $pluginManager = new PluginManager($conf); | |
148 | $pluginManager->load($conf->get('general.enabled_plugins')); | |
149 | ||
150 | date_default_timezone_set($conf->get('general.timezone', 'UTC')); | |
151 | ||
152 | ob_start(); // Output buffering for the page cache. | |
153 | ||
154 | // Prevent caching on client side or proxy: (yes, it's ugly) | |
155 | header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); | |
156 | header("Cache-Control: no-store, no-cache, must-revalidate"); | |
157 | header("Cache-Control: post-check=0, pre-check=0", false); | |
158 | header("Pragma: no-cache"); | |
159 | ||
160 | $loginManager->checkLoginState($clientIpId); | |
161 | ||
162 | // ------------------------------------------------------------------------------------------ | |
163 | // Process login form: Check if login/password is correct. | |
164 | if (isset($_POST['login'])) { | |
165 | if (! $loginManager->canLogin($_SERVER)) { | |
166 | die(t('I said: NO. You are banned for the moment. Go away.')); | |
167 | } | |
168 | if (isset($_POST['password']) | |
169 | && $sessionManager->checkToken($_POST['token']) | |
170 | && $loginManager->checkCredentials($_SERVER['REMOTE_ADDR'], $clientIpId, $_POST['login'], $_POST['password']) | |
171 | ) { | |
172 | $loginManager->handleSuccessfulLogin($_SERVER); | |
173 | ||
174 | $cookiedir = ''; | |
175 | if (dirname($_SERVER['SCRIPT_NAME']) != '/') { | |
176 | // Note: Never forget the trailing slash on the cookie path! | |
177 | $cookiedir = dirname($_SERVER["SCRIPT_NAME"]) . '/'; | |
178 | } | |
179 | ||
180 | if (!empty($_POST['longlastingsession'])) { | |
181 | // Keep the session cookie even after the browser closes | |
182 | $sessionManager->setStaySignedIn(true); | |
183 | $expirationTime = $sessionManager->extendSession(); | |
184 | ||
185 | setcookie( | |
186 | CookieManager::STAY_SIGNED_IN, | |
187 | $loginManager->getStaySignedInToken(), | |
188 | $expirationTime, | |
189 | WEB_PATH | |
190 | ); | |
191 | } else { | |
192 | // Standard session expiration (=when browser closes) | |
193 | $expirationTime = 0; | |
194 | } | |
195 | ||
196 | // Send cookie with the new expiration date to the browser | |
197 | session_destroy(); | |
198 | session_set_cookie_params($expirationTime, $cookiedir, $_SERVER['SERVER_NAME']); | |
199 | session_start(); | |
200 | session_regenerate_id(true); | |
201 | ||
202 | // Optional redirect after login: | |
203 | if (isset($_GET['post'])) { | |
204 | $uri = './?post='. urlencode($_GET['post']); | |
205 | foreach (array('description', 'source', 'title', 'tags') as $param) { | |
206 | if (!empty($_GET[$param])) { | |
207 | $uri .= '&'.$param.'='.urlencode($_GET[$param]); | |
208 | } | |
209 | } | |
210 | header('Location: '. $uri); | |
211 | exit; | |
212 | } | |
213 | ||
214 | if (isset($_GET['edit_link'])) { | |
215 | header('Location: ./?edit_link='. escape($_GET['edit_link'])); | |
216 | exit; | |
217 | } | |
218 | ||
219 | if (isset($_POST['returnurl'])) { | |
220 | // Prevent loops over login screen. | |
221 | if (strpos($_POST['returnurl'], '/login') === false) { | |
222 | header('Location: '. generateLocation($_POST['returnurl'], $_SERVER['HTTP_HOST'])); | |
223 | exit; | |
224 | } | |
225 | } | |
226 | header('Location: ./?'); | |
227 | exit; | |
228 | } else { | |
229 | $loginManager->handleFailedLogin($_SERVER); | |
230 | $redir = '?username='. urlencode($_POST['login']); | |
231 | if (isset($_GET['post'])) { | |
232 | $redir .= '&post=' . urlencode($_GET['post']); | |
233 | foreach (array('description', 'source', 'title', 'tags') as $param) { | |
234 | if (!empty($_GET[$param])) { | |
235 | $redir .= '&' . $param . '=' . urlencode($_GET[$param]); | |
236 | } | |
237 | } | |
238 | } | |
239 | // Redirect to login screen. | |
240 | echo '<script>alert("'. t("Wrong login/password.") .'");document.location=\'./login'.$redir.'\';</script>'; | |
241 | exit; | |
242 | } | |
243 | } | |
244 | ||
245 | // ------------------------------------------------------------------------------------------ | |
246 | // Token management for XSRF protection | |
247 | // Token should be used in any form which acts on data (create,update,delete,import...). | |
248 | if (!isset($_SESSION['tokens'])) { | |
249 | $_SESSION['tokens']=array(); // Token are attached to the session. | |
250 | } | |
251 | ||
252 | if (!isset($_SESSION['LINKS_PER_PAGE'])) { | |
253 | $_SESSION['LINKS_PER_PAGE'] = $conf->get('general.links_per_page', 20); | |
254 | } | |
255 | ||
256 | $containerBuilder = new ContainerBuilder($conf, $sessionManager, $cookieManager, $loginManager); | |
257 | $container = $containerBuilder->build(); | |
258 | $app = new App($container); | |
259 | ||
260 | // REST API routes | |
261 | $app->group('/api/v1', function () { | |
262 | $this->get('/info', '\Shaarli\Api\Controllers\Info:getInfo')->setName('getInfo'); | |
263 | $this->get('/links', '\Shaarli\Api\Controllers\Links:getLinks')->setName('getLinks'); | |
264 | $this->get('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:getLink')->setName('getLink'); | |
265 | $this->post('/links', '\Shaarli\Api\Controllers\Links:postLink')->setName('postLink'); | |
266 | $this->put('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:putLink')->setName('putLink'); | |
267 | $this->delete('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:deleteLink')->setName('deleteLink'); | |
268 | ||
269 | $this->get('/tags', '\Shaarli\Api\Controllers\Tags:getTags')->setName('getTags'); | |
270 | $this->get('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:getTag')->setName('getTag'); | |
271 | $this->put('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:putTag')->setName('putTag'); | |
272 | $this->delete('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:deleteTag')->setName('deleteTag'); | |
273 | ||
274 | $this->get('/history', '\Shaarli\Api\Controllers\HistoryController:getHistory')->setName('getHistory'); | |
275 | })->add('\Shaarli\Api\ApiMiddleware'); | |
276 | ||
277 | $app->group('', function () { | |
278 | $this->get('/install', '\Shaarli\Front\Controller\Visitor\InstallController:index')->setName('displayInstall'); | |
279 | $this->get('/install/session-test', '\Shaarli\Front\Controller\Visitor\InstallController:sessionTest'); | |
280 | $this->post('/install', '\Shaarli\Front\Controller\Visitor\InstallController:save')->setName('saveInstall'); | |
281 | ||
282 | /* -- PUBLIC --*/ | |
283 | $this->get('/', '\Shaarli\Front\Controller\Visitor\BookmarkListController:index'); | |
284 | $this->get('/shaare/{hash}', '\Shaarli\Front\Controller\Visitor\BookmarkListController:permalink'); | |
285 | $this->get('/login', '\Shaarli\Front\Controller\Visitor\LoginController:index')->setName('login'); | |
286 | $this->get('/picture-wall', '\Shaarli\Front\Controller\Visitor\PictureWallController:index'); | |
287 | $this->get('/tags/cloud', '\Shaarli\Front\Controller\Visitor\TagCloudController:cloud'); | |
288 | $this->get('/tags/list', '\Shaarli\Front\Controller\Visitor\TagCloudController:list'); | |
289 | $this->get('/daily', '\Shaarli\Front\Controller\Visitor\DailyController:index'); | |
290 | $this->get('/daily-rss', '\Shaarli\Front\Controller\Visitor\DailyController:rss')->setName('rss'); | |
291 | $this->get('/feed/atom', '\Shaarli\Front\Controller\Visitor\FeedController:atom')->setName('atom'); | |
292 | $this->get('/feed/rss', '\Shaarli\Front\Controller\Visitor\FeedController:rss'); | |
293 | $this->get('/open-search', '\Shaarli\Front\Controller\Visitor\OpenSearchController:index'); | |
294 | ||
295 | $this->get('/add-tag/{newTag}', '\Shaarli\Front\Controller\Visitor\TagController:addTag'); | |
296 | $this->get('/remove-tag/{tag}', '\Shaarli\Front\Controller\Visitor\TagController:removeTag'); | |
297 | ||
298 | /* -- LOGGED IN -- */ | |
299 | $this->get('/logout', '\Shaarli\Front\Controller\Admin\LogoutController:index'); | |
300 | $this->get('/admin/tools', '\Shaarli\Front\Controller\Admin\ToolsController:index'); | |
301 | $this->get('/admin/password', '\Shaarli\Front\Controller\Admin\PasswordController:index'); | |
302 | $this->post('/admin/password', '\Shaarli\Front\Controller\Admin\PasswordController:change'); | |
303 | $this->get('/admin/configure', '\Shaarli\Front\Controller\Admin\ConfigureController:index'); | |
304 | $this->post('/admin/configure', '\Shaarli\Front\Controller\Admin\ConfigureController:save'); | |
305 | $this->get('/admin/tags', '\Shaarli\Front\Controller\Admin\ManageTagController:index'); | |
306 | $this->post('/admin/tags', '\Shaarli\Front\Controller\Admin\ManageTagController:save'); | |
307 | $this->get('/admin/add-shaare', '\Shaarli\Front\Controller\Admin\ManageShaareController:addShaare'); | |
308 | $this->get('/admin/shaare', '\Shaarli\Front\Controller\Admin\ManageShaareController:displayCreateForm'); | |
309 | $this->get('/admin/shaare/{id:[0-9]+}', '\Shaarli\Front\Controller\Admin\ManageShaareController:displayEditForm'); | |
310 | $this->post('/admin/shaare', '\Shaarli\Front\Controller\Admin\ManageShaareController:save'); | |
311 | $this->get('/admin/shaare/delete', '\Shaarli\Front\Controller\Admin\ManageShaareController:deleteBookmark'); | |
312 | $this->get('/admin/shaare/visibility', '\Shaarli\Front\Controller\Admin\ManageShaareController:changeVisibility'); | |
313 | $this->get('/admin/shaare/{id:[0-9]+}/pin', '\Shaarli\Front\Controller\Admin\ManageShaareController:pinBookmark'); | |
314 | $this->patch( | |
315 | '/admin/shaare/{id:[0-9]+}/update-thumbnail', | |
316 | '\Shaarli\Front\Controller\Admin\ThumbnailsController:ajaxUpdate' | |
317 | ); | |
318 | $this->get('/admin/export', '\Shaarli\Front\Controller\Admin\ExportController:index'); | |
319 | $this->post('/admin/export', '\Shaarli\Front\Controller\Admin\ExportController:export'); | |
320 | $this->get('/admin/import', '\Shaarli\Front\Controller\Admin\ImportController:index'); | |
321 | $this->post('/admin/import', '\Shaarli\Front\Controller\Admin\ImportController:import'); | |
322 | $this->get('/admin/plugins', '\Shaarli\Front\Controller\Admin\PluginsController:index'); | |
323 | $this->post('/admin/plugins', '\Shaarli\Front\Controller\Admin\PluginsController:save'); | |
324 | $this->get('/admin/token', '\Shaarli\Front\Controller\Admin\TokenController:getToken'); | |
325 | $this->get('/admin/thumbnails', '\Shaarli\Front\Controller\Admin\ThumbnailsController:index'); | |
326 | ||
327 | $this->get('/links-per-page', '\Shaarli\Front\Controller\Admin\SessionFilterController:linksPerPage'); | |
328 | $this->get('/visibility/{visibility}', '\Shaarli\Front\Controller\Admin\SessionFilterController:visibility'); | |
329 | $this->get('/untagged-only', '\Shaarli\Front\Controller\Admin\SessionFilterController:untaggedOnly'); | |
330 | })->add('\Shaarli\Front\ShaarliMiddleware'); | |
331 | ||
332 | $response = $app->run(true); | |
333 | ||
334 | $app->respond($response); |