X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;ds=sidebyside;f=index.php;h=a0a3a8c70648f26098675a21d45387325edda3f3;hb=49f183231662c642ca9df6ceabf43fe128a5ffc1;hp=aad65559b10218773d69141af4b8867fe79645a1;hpb=d93d51b213bd3bda9bfa67d23c31dcce5a8b7fc0;p=github%2Fshaarli%2FShaarli.git diff --git a/index.php b/index.php index aad65559..34785209 100644 --- a/index.php +++ b/index.php @@ -1,8 +1,6 @@ /shaarli/ define('WEB_PATH', substr($_SERVER['REQUEST_URI'], 0, 1+strrpos($_SERVER['REQUEST_URI'], '/', 0))); @@ -44,12 +41,28 @@ error_reporting(E_ALL^E_WARNING); //error_reporting(-1); +// 3rd-party libraries +if (! file_exists(__DIR__ . '/vendor/autoload.php')) { + header('Content-Type: text/plain; charset=utf-8'); + echo "Error: missing Composer configuration\n\n" + ."If you installed Shaarli through Git or using the development branch,\n" + ."please refer to the installation documentation to install PHP" + ." dependencies using Composer:\n" + ."- https://shaarli.readthedocs.io/en/master/Server-requirements/\n" + ."- https://shaarli.readthedocs.io/en/master/Download-and-Installation/"; + exit; +} +require_once 'inc/rain.tpl.class.php'; +require_once __DIR__ . '/vendor/autoload.php'; + // Shaarli library require_once 'application/ApplicationUtils.php'; require_once 'application/Cache.php'; require_once 'application/CachedPage.php'; +require_once 'application/config/ConfigPlugin.php'; require_once 'application/FeedBuilder.php'; require_once 'application/FileUtils.php'; +require_once 'application/History.php'; require_once 'application/HttpUtils.php'; require_once 'application/LinkDB.php'; require_once 'application/LinkFilter.php'; @@ -59,22 +72,26 @@ require_once 'application/PageBuilder.php'; require_once 'application/TimeZone.php'; require_once 'application/Url.php'; require_once 'application/Utils.php'; -require_once 'application/config/ConfigManager.php'; -require_once 'application/config/ConfigPlugin.php'; require_once 'application/PluginManager.php'; require_once 'application/Router.php'; require_once 'application/Updater.php'; -require_once 'inc/rain.tpl.class.php'; +use \Shaarli\Languages; +use \Shaarli\ThemeUtils; +use \Shaarli\Config\ConfigManager; +use \Shaarli\LoginManager; +use \Shaarli\SessionManager; // Ensure the PHP version is supported try { - ApplicationUtils::checkPHPVersion('5.3', PHP_VERSION); + ApplicationUtils::checkPHPVersion('5.5', PHP_VERSION); } catch(Exception $exc) { header('Content-Type: text/plain; charset=utf-8'); echo $exc->getMessage(); exit; } +define('SHAARLI_VERSION', ApplicationUtils::getVersion(__DIR__ .'/'. ApplicationUtils::$VERSION_FILE)); + // Force cookie path (but do not change lifetime) $cookie = session_get_cookie_params(); $cookiedir = ''; @@ -84,8 +101,6 @@ if (dirname($_SERVER['SCRIPT_NAME']) != '/') { // Set default cookie expiration and path. session_set_cookie_params($cookie['lifetime'], $cookiedir, $_SERVER['SERVER_NAME']); // Set session parameters on server side. -// If the user does not access any page within this time, his/her session is considered expired. -define('INACTIVITY_TIMEOUT', 3600); // in seconds. // Use cookies to store session. ini_set('session.use_cookies', 1); // Force cookies for session (phpsessionID forbidden in URL). @@ -100,31 +115,38 @@ if (session_id() == '') { } // Regenerate session ID if invalid or not defined in cookie. -if (isset($_COOKIE['shaarli']) && !is_session_id_valid($_COOKIE['shaarli'])) { +if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli'])) { session_regenerate_id(true); $_COOKIE['shaarli'] = session_id(); } -$conf = ConfigManager::getInstance(); +$conf = new ConfigManager(); +$loginManager = new LoginManager($GLOBALS, $conf); +$sessionManager = new SessionManager($_SESSION, $conf); -RainTPL::$tpl_dir = $conf->get('config.RAINTPL_TPL'); // template directory -RainTPL::$cache_dir = $conf->get('config.RAINTPL_TMP'); // cache directory +// LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead. +if (! defined('LC_MESSAGES')) { + define('LC_MESSAGES', LC_COLLATE); +} -$pluginManager = PluginManager::getInstance(); -$pluginManager->load($conf->get('config.ENABLED_PLUGINS')); +// Sniff browser language and set date format accordingly. +if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { + autoLocale($_SERVER['HTTP_ACCEPT_LANGUAGE']); +} -date_default_timezone_set($conf->get('timezone', 'UTC')); +new Languages(setlocale(LC_MESSAGES, 0), $conf); -ob_start(); // Output buffering for the page cache. +$conf->setEmpty('general.timezone', date_default_timezone_get()); +$conf->setEmpty('general.title', t('Shared links on '). escape(index_url($_SERVER))); +RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme').'/'; // template directory +RainTPL::$cache_dir = $conf->get('resource.raintpl_tmp'); // cache directory -// In case stupid admin has left magic_quotes enabled in php.ini: -if (get_magic_quotes_gpc()) -{ - function stripslashes_deep($value) { $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value); return $value; } - $_POST = array_map('stripslashes_deep', $_POST); - $_GET = array_map('stripslashes_deep', $_GET); - $_COOKIE = array_map('stripslashes_deep', $_COOKIE); -} +$pluginManager = new PluginManager($conf); +$pluginManager->load($conf->get('general.enabled_plugins')); + +date_default_timezone_set($conf->get('general.timezone', 'UTC')); + +ob_start(); // Output buffering for the page cache. // Prevent caching on client side or proxy: (yes, it's ugly) header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); @@ -132,29 +154,12 @@ header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); -// Handling of old config file which do not have the new parameters. -if (! $conf->exists('title')) { - $conf->set('title', 'Shared links on '. escape(index_url($_SERVER))); -} -if (! $conf->exists('timezone')) { - $conf->set('timezone', date_default_timezone_get()); -} -if (! $conf->exists('disablesessionprotection')) { - $conf->set('disablesessionprotection', false); -} -if (! $conf->exists('privateLinkByDefault')) { - $conf->set('privateLinkByDefault', false); -} -if (! $conf->exists('titleLink')) { - $conf->set('titleLink', '?'); -} - -if (! is_file($conf->getConfigFile())) { +if (! is_file($conf->getConfigFileExt())) { // Ensure Shaarli has proper access to its resources - $errors = ApplicationUtils::checkResourcePermissions(); + $errors = ApplicationUtils::checkResourcePermissions($conf); if ($errors != array()) { - $message = '
Insufficient permissions:
'. t('Insufficient permissions:') .'
Sessions do not seem to work correctly on your server.'; + { + // Step 2: Check if data in session is correct. + $msg = t( + '
'; - echo 'Make sure the variable session.save_path is set correctly in your php config, and that you have write access to it.
'; - echo 'It currently points to '.session_save_path().'
'; - echo 'Check that the hostname used to access Shaarli contains a dot. On some browsers, accessing your server via a hostname like \'localhost\' or any custom hostname without a dot causes cookie storage to fail. We recommend accessing your server via it\'s IP address or Fully Qualified Domain Name.
'; - echo '
Click to try again.
Sessions do not seem to work correctly on your server.'; die; } if (!isset($_SESSION['session_tested'])) @@ -1935,25 +1923,33 @@ function install() if (!empty($_POST['setlogin']) && !empty($_POST['setpassword'])) { - $conf = ConfigManager::getInstance(); $tz = 'UTC'; if (!empty($_POST['continent']) && !empty($_POST['city']) && isTimeZoneValid($_POST['continent'], $_POST['city']) ) { $tz = $_POST['continent'].'/'.$_POST['city']; } - $conf->set('timezone', $tz); + $conf->set('general.timezone', $tz); $login = $_POST['setlogin']; - $conf->set('login', $login); + $conf->set('credentials.login', $login); $salt = sha1(uniqid('', true) .'_'. mt_rand()); - $conf->set('salt', $salt); - $conf->set('hash', sha1($_POST['setpassword'] . $login . $salt)); + $conf->set('credentials.salt', $salt); + $conf->set('credentials.hash', sha1($_POST['setpassword'] . $login . $salt)); if (!empty($_POST['title'])) { - $conf->set('title', $_POST['title']); + $conf->set('general.title', escape($_POST['title'])); } else { - $conf->set('title', 'Shared links on '.escape(index_url($_SERVER))); - } - $conf->set('config.ENABLE_UPDATECHECK', !empty($_POST['updateCheck'])); + $conf->set('general.title', 'Shared links on '.escape(index_url($_SERVER))); + } + $conf->set('translation.language', escape($_POST['language'])); + $conf->set('updates.check_updates', !empty($_POST['updateCheck'])); + $conf->set('api.enabled', !empty($_POST['enableApi'])); + $conf->set( + 'api.secret', + generate_api_secret( + $conf->get('credentials.login'), + $conf->get('credentials.salt') + ) + ); try { // Everything is ok, let's create config file. $conf->write(isLoggedIn()); @@ -1972,37 +1968,34 @@ function install() exit; } - // Display config form: - list($timezone_form, $timezone_js) = generateTimeZoneForm(); - $timezone_html = ''; - if ($timezone_form != '') { - $timezone_html = '
'. + 'Make sure the variable "session.save_path" is set correctly in your PHP config, '. + 'and that you have write access to it.
'. + 'It currently points to %s.
'. + 'On some browsers, accessing your server via a hostname like \'localhost\' '. + 'or any custom hostname without a dot causes cookie storage to fail. '. + 'We recommend accessing your server via it\'s IP address or Fully Qualified Domain Name.
' + ); + $msg = sprintf($msg, session_save_path()); + echo $msg; + echo '
'. t('Click to try again.') .'