$cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
session_set_cookie_params($cookie['lifetime'],$cookiedir); // Set default cookie expiration and path.
+// Set session parameters on server side.
+define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired.
+ini_set('session.use_cookies', 1); // Use cookies to store session.
+ini_set('session.use_only_cookies', 1); // Force cookies for session (phpsessionID forbidden in URL)
+ini_set('session.use_trans_sid', false); // Prevent php to use sessionID in URL if cookies are disabled.
+session_name('shaarli');
+if (session_id() == '') session_start(); // Start session if needed (Some server auto-start sessions).
+
// PHP Settings
ini_set('max_input_time','60'); // High execution time in case of problematic imports/exports.
ini_set('memory_limit', '128M'); // Try to set max upload file size and read (May not work on some hosts).
if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get();
if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false;
-
autoLocale(); // Sniff browser language and set date format accordingly.
header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling.
if (version_compare(PHP_VERSION, '5.1.0') < 0)
{
header('Content-Type: text/plain; charset=utf-8');
- echo 'Your server supports php '.PHP_VERSION.'. Shaarli requires at last php 5.1.0, and thus cannot run. Sorry.';
+ echo 'Your server supports php '.PHP_VERSION.'. Shaarli requires at least php 5.1.0, and thus cannot run. Sorry.';
exit;
}
}
if (is_dir($GLOBALS['config']['PAGECACHE']))
{
$handler = opendir($GLOBALS['config']['PAGECACHE']);
- if ($handle!==false)
+ if ($handler!==false)
{
while (($filename = readdir($handler))!==false)
{
function text2clickable($url)
{
$redir = empty($GLOBALS['redirector']) ? '' : $GLOBALS['redirector'];
- return preg_replace('!(((?:https?|ftp|file)://|apt:)\S+[[:alnum:]]/?)!si','<a href="'.$redir.'$1" rel="nofollow">$1</a>',$url);
+ return preg_replace('!(((?:https?|ftp|file)://|apt:
|magnet:)\S+[[:alnum:]]/?)!si','<a href="'.$redir.'$1" rel="nofollow">$1</a>',$url);
}
// This function inserts where relevant so that multiple spaces are properly displayed in HTML
// ------------------------------------------------------------------------------------------
// Session management
-define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired.
-ini_set('session.use_cookies', 1); // Use cookies to store session.
-ini_set('session.use_only_cookies', 1); // Force cookies for session (phpsessionID forbidden in URL)
-ini_set('session.use_trans_sid', false); // Prevent php to use sessionID in URL if cookies are disabled.
-session_name('shaarli');
-session_start();
// Returns the IP address of the client (Used to prevent session cookie hijacking.)
function allIPs()
function isLoggedIn()
{
if ($GLOBALS['config']['OPEN_SHAARLI']) return true;
+
+ if (!isset($GLOBALS['login'])) return false; // Shaarli is not configured yet.
// If session does not exist on server side, or IP address has changed, or session has expired, logout.
if (empty($_SESSION['uid']) || ($GLOBALS['disablesessionprotection']==false && $_SESSION['ip']!=allIPs()) || time()>=$_SESSION['expires_on'])
}
// Force logout.
-function logout() { if (isset($_SESSION)) { unset($_SESSION['uid']); unset($_SESSION['ip']); unset($_SESSION['username']);} }
+function logout() { if (isset($_SESSION)) { unset($_SESSION['uid']); unset($_SESSION['ip']); unset($_SESSION['username']); unset($_SESSION['privateonly']); } }
// ------------------------------------------------------------------------------------------
// (eg. http://sebsauvage.net/links/)
function indexUrl()
{
- return serverUrl() . ($_SERVER["SCRIPT_NAME"] == '/index.php' ? '/' : $_SERVER["SCRIPT_NAME"]);
+ $scriptname = $_SERVER["SCRIPT_NAME"];
+ // If the script is named 'index.php', we remove it (for better looking URLs,
+ // eg. http://mysite.com/shaarli/?abcde instead of http://mysite.com/shaarli/index.php?abcde)
+ if (endswith($scriptname,'index.php')) $scriptname = substr($scriptname,0,strlen($scriptname)-9);
+ return serverUrl() . $scriptname;
}
// Returns the absolute URL of current script, WITH the query.
// Returns a token.
function getToken()
{
- $rnd = sha1(uniqid('',true).'_'.mt_rand()); // We generate a random string.
+ $rnd = sha1(uniqid('',true).'_'.mt_rand().$GLOBALS['salt']); // We generate a random string.
$_SESSION['tokens'][$rnd]=1; // Store it on the server side.
return $rnd;
}
{
header('Content-Type: application/rss+xml; charset=utf-8');
+ // $usepermalink : If true, use permalink instead of final link.
+ // User just has to add 'permalink' in URL parameters. eg. http://mysite.com/shaarli/?do=rss&permalinks
+ $usepermalinks = isset($_GET['permalinks']);
+
// Cache system
$query = $_SERVER["QUERY_STRING"];
$cache = new pageCache(pageUrl(),startsWith($query,'do=rss') && !isLoggedIn());
$rfc822date = linkdate2rfc822($link['linkdate']);
$absurl = htmlspecialchars($link['url']);
if (startsWith($absurl,'?')) $absurl=$pageaddr.$absurl; // make permalink URL absolute
- echo '<item><title>'.htmlspecialchars($link['title']).'</title><guid>'.$guid.'</guid><link>'.$absurl.'</link>';
+ if ($usepermalinks===true)
+ echo '<item><title>'.htmlspecialchars($link['title']).'</title><guid isPermaLink="false">'.$guid.'</guid><link>'.$guid.'</link>';
+ else
+ echo '<item><title>'.htmlspecialchars($link['title']).'</title><guid isPermaLink="false">'.$guid.'</guid><link>'.$absurl.'</link>';
if (!$GLOBALS['config']['HIDE_TIMESTAMPS'] || isLoggedIn()) echo '<pubDate>'.htmlspecialchars($rfc822date)."</pubDate>\n";
if ($link['tags']!='') // Adding tags to each RSS entry (as mentioned in RSS specification)
{
foreach(explode(' ',$link['tags']) as $tag) { echo '<category domain="'.htmlspecialchars($pageaddr).'">'.htmlspecialchars($tag).'</category>'."\n"; }
}
- echo '<description><![CDATA['.nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($link['description'])))).']]></description>'."\n</item>\n";
+
+ // Add permalink in description
+ $descriptionlink = '(<a href="'.$guid.'">Permalink</a>)';
+ // If user wants permalinks first, put the final link in description
+ if ($usepermalinks===true) $descriptionlink = '(<a href="'.$absurl.'">Link</a>)';
+ if (strlen($link['description'])>0) $descriptionlink = '<br>'.$descriptionlink;
+ echo '<description><![CDATA['.nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($link['description'])))).$descriptionlink.']]></description>'."\n</item>\n";
$i++;
}
echo '</channel></rss>';
{
header('Content-Type: application/atom+xml; charset=utf-8');
+ // $usepermalink : If true, use permalink instead of final link.
+ // User just has to add 'permalink' in URL parameters. eg. http://mysite.com/shaarli/?do=atom&permalinks
+ $usepermalinks = isset($_GET['permalinks']);
+
// Cache system
$query = $_SERVER["QUERY_STRING"];
$cache = new pageCache(pageUrl(),startsWith($query,'do=atom') && !isLoggedIn());
$latestDate = max($latestDate,$iso8601date);
$absurl = htmlspecialchars($link['url']);
if (startsWith($absurl,'?')) $absurl=$pageaddr.$absurl; // make permalink URL absolute
- $entries.='<entry><title>'.htmlspecialchars($link['title']).'</title><link href="'.$absurl.'" /><id>'.$guid.'</id>';
+ $entries.='<entry><title>'.htmlspecialchars($link['title']).'</title>';
+ if ($usepermalinks===true)
+ $entries.='<link href="'.$guid.'" /><id>'.$guid.'</id>';
+ else
+ $entries.='<link href="'.$absurl.'" /><id>'.$guid.'</id>';
if (!$GLOBALS['config']['HIDE_TIMESTAMPS'] || isLoggedIn()) $entries.='<updated>'.htmlspecialchars($iso8601date).'</updated>';
- $entries.='<content type="html">'.htmlspecialchars(nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($link['description'])))))."</content>\n";
+
+ // Add permalink in description
+ $descriptionlink = htmlspecialchars('(<a href="'.$guid.'">Permalink</a>)');
+ // If user wants permalinks first, put the final link in description
+ if ($usepermalinks===true) $descriptionlink = htmlspecialchars('(<a href="'.$absurl.'">Link</a>)');
+ if (strlen($link['description'])>0) $descriptionlink = '<br>'.$descriptionlink;
+
+ $entries.='<content type="html">'.htmlspecialchars(nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($link['description']))))).$descriptionlink."</content>\n";
if ($link['tags']!='') // Adding tags to each ATOM entry (as mentioned in ATOM specification)
{
foreach(explode(' ',$link['tags']) as $tag)
// If we are called from the bookmarklet, we must close the popup:
if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo '<script language="JavaScript">self.close();</script>'; exit; }
$returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' );
+ $returnurl .= '#'.smallHash($linkdate); // Scroll to the link which has been edited.
header('Location: '.$returnurl); // After saving the link, redirect to the page the user was on.
exit;
}
// If we are called from the bookmarklet, we must close the popup;
if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo '<script language="JavaScript">self.close();</script>'; exit; }
$returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' );
+ $returnurl .= '#'.smallHash($_POST['lf_linkdate']); // Scroll to the link which has been edited.
header('Location: '.$returnurl); // After canceling, redirect to the page the user was on.
exit;
}
// On free.fr host, make sure the /sessions directory exists, otherwise login will not work.
if (endsWith($_SERVER['SERVER_NAME'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705);
+
+ // This part makes sure sessions works correctly.
+ // (Because on some hosts, session.save_path may not be set correctly,
+ // or we may not have write access to it.)
+ if (isset($_GET['test_session']) && ( !isset($_SESSION) || !isset($_SESSION['session_tested']) || $_SESSION['session_tested']!='Working'))
+ { // Step 2: Check if data in session is correct.
+ echo '<pre>Sessions do not seem to work correctly on your server.<br>';
+ echo 'Make sure the variable session.save_path is set correctly in your php config, and that you have write access to it.<br>';
+ echo 'It currently points to '.session_save_path().'<br><br><a href="?">Click to try again.</a></pre>';
+ die;
+ }
+ if (!isset($_SESSION['session_tested']))
+ { // Step 1 : Try to store data in session and reload page.
+ $_SESSION['session_tested'] = 'Working'; // Try to set a variable in session.
+ header('Location: '.indexUrl().'?test_session'); // Redirect to check stored data.
+ }
+ if (isset($_GET['test_session']))
+ { // Step 3: Sessions are ok. Remove test parameter from URL.
+ header('Location: '.indexUrl());
+ }
+
+
if (!empty($_POST['setlogin']) && !empty($_POST['setpassword']))
{
$tz = 'UTC';
imagejpeg($im2, $tempname, 90);
imagedestroy($im);
imagedestroy($im2);
+ unlink($filepath);
rename($tempname,$filepath); // Overwrite original picture with thumbnail.
return true;
}
projects / github / shaarli / Shaarli.git / blobdiff