X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=8a456357610e4f2a3dba61a612db2c34d24ce492;hb=858c5c2b43ce16f6d4b388725ef2d7a95e4a1986;hp=b7ed370dcad9cb11845dbca098e317d79476cfd1;hpb=2abd39052da6f5b050bb29232548f17c2ea7e2ee;p=github%2Fshaarli%2FShaarli.git diff --git a/index.php b/index.php index b7ed370d..8a456357 100644 --- a/index.php +++ b/index.php @@ -37,6 +37,14 @@ $cookie=session_get_cookie_params(); $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; session_set_cookie_params($cookie['lifetime'],$cookiedir); // Set default cookie expiration and path. +// Set session parameters on server side. +define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired. +ini_set('session.use_cookies', 1); // Use cookies to store session. +ini_set('session.use_only_cookies', 1); // Force cookies for session (phpsessionID forbidden in URL) +ini_set('session.use_trans_sid', false); // Prevent php to use sessionID in URL if cookies are disabled. +session_name('shaarli'); +if (session_id() == '') session_start(); // Start session if needed (Some server auto-start sessions). + // PHP Settings ini_set('max_input_time','60'); // High execution time in case of problematic imports/exports. ini_set('memory_limit', '128M'); // Try to set max upload file size and read (May not work on some hosts). @@ -88,7 +96,8 @@ require $GLOBALS['config']['CONFIG_FILE']; // Read login/password hash into $GL if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.htmlspecialchars(indexUrl()); if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get(); if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false; - +if (empty($GLOBALS['disablejquery'])) $GLOBALS['disablejquery']=false; +// I really need to rewrite Shaarli with a proper configuation manager. autoLocale(); // Sniff browser language and set date format accordingly. header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling. @@ -265,12 +274,6 @@ function pubsubhub() // ------------------------------------------------------------------------------------------ // Session management -define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired. -ini_set('session.use_cookies', 1); // Use cookies to store session. -ini_set('session.use_only_cookies', 1); // Force cookies for session (phpsessionID forbidden in URL) -ini_set('session.use_trans_sid', false); // Prevent php to use sessionID in URL if cookies are disabled. -session_name('shaarli'); -session_start(); // Returns the IP address of the client (Used to prevent session cookie hijacking.) function allIPs() @@ -303,6 +306,8 @@ function check_auth($login,$password) function isLoggedIn() { if ($GLOBALS['config']['OPEN_SHAARLI']) return true; + + if (!isset($GLOBALS['login'])) return false; // Shaarli is not configured yet. // If session does not exist on server side, or IP address has changed, or session has expired, logout. if (empty($_SESSION['uid']) || ($GLOBALS['disablesessionprotection']==false && $_SESSION['ip']!=allIPs()) || time()>=$_SESSION['expires_on']) @@ -317,7 +322,7 @@ function isLoggedIn() } // Force logout. -function logout() { if (isset($_SESSION)) { unset($_SESSION['uid']); unset($_SESSION['ip']); unset($_SESSION['username']);} } +function logout() { if (isset($_SESSION)) { unset($_SESSION['uid']); unset($_SESSION['ip']); unset($_SESSION['username']); unset($_SESSION['privateonly']); } } // ------------------------------------------------------------------------------------------ @@ -427,7 +432,11 @@ function serverUrl() // (eg. http://sebsauvage.net/links/) function indexUrl() { - return serverUrl() . ($_SERVER["SCRIPT_NAME"] == '/index.php' ? '/' : $_SERVER["SCRIPT_NAME"]); + $scriptname = $_SERVER["SCRIPT_NAME"]; + // If the script is named 'index.php', we remove it (for better looking URLs, + // eg. http://mysite.com/shaarli/?abcde instead of http://mysite.com/shaarli/index.php?abcde) + if (endswith($scriptname,'index.php')) $scriptname = substr($scriptname,0,strlen($scriptname)-9); + return serverUrl() . $scriptname; } // Returns the absolute URL of current script, WITH the query. @@ -572,7 +581,7 @@ if (!isset($_SESSION['tokens'])) $_SESSION['tokens']=array(); // Token are atta // Returns a token. function getToken() { - $rnd = sha1(uniqid('',true).'_'.mt_rand()); // We generate a random string. + $rnd = sha1(uniqid('',true).'_'.mt_rand().$GLOBALS['salt']); // We generate a random string. $_SESSION['tokens'][$rnd]=1; // Store it on the server side. return $rnd; } @@ -897,9 +906,9 @@ function showRSS() $absurl = htmlspecialchars($link['url']); if (startsWith($absurl,'?')) $absurl=$pageaddr.$absurl; // make permalink URL absolute if ($usepermalinks===true) - echo ''.htmlspecialchars($link['title']).''.$guid.''.$guid.''; + echo ''.htmlspecialchars($link['title']).''.$guid.''.$guid.''; else - echo ''.htmlspecialchars($link['title']).''.$guid.''.$absurl.''; + echo ''.htmlspecialchars($link['title']).''.$guid.''.$absurl.''; if (!$GLOBALS['config']['HIDE_TIMESTAMPS'] || isLoggedIn()) echo ''.htmlspecialchars($rfc822date)."\n"; if ($link['tags']!='') // Adding tags to each RSS entry (as mentioned in RSS specification) { @@ -914,7 +923,7 @@ function showRSS() echo ''."\n\n"; $i++; } - echo ''; + echo ''; $cache->cache(ob_get_contents()); ob_end_flush(); @@ -994,7 +1003,7 @@ function showATOM() $feed.=''.htmlspecialchars($pageaddr).''.htmlspecialchars($pageaddr).''; $feed.=''.htmlspecialchars($pageaddr).''."\n\n"; // Yes, I know I should use a real IRI (RFC3987), but the site URL will do. $feed.=$entries; - $feed.=''; + $feed.=''; echo $feed; $cache->cache(ob_get_contents()); @@ -1071,7 +1080,7 @@ function showDailyRSS() echo ''."\n\n\n"; } - echo ''; + echo ''; $cache->cache(ob_get_contents()); ob_end_flush(); @@ -1102,7 +1111,9 @@ function showDaily() // We pre-format some fields for proper output. foreach($linksToDisplay as $key=>$link) { - $linksToDisplay[$key]['taglist']=explode(' ',$link['tags']); + $taglist = explode(' ',$link['tags']); + uasort($taglist, 'strcasecmp'); + $linksToDisplay[$key]['taglist']=$taglist; $linksToDisplay[$key]['formatedDescription']=nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($link['description'])))); $linksToDisplay[$key]['thumbnail'] = thumbnail($link['url']); } @@ -1341,6 +1352,7 @@ function renderPage() $GLOBALS['title']=$_POST['title']; $GLOBALS['redirector']=$_POST['redirector']; $GLOBALS['disablesessionprotection']=!empty($_POST['disablesessionprotection']); + $GLOBALS['disablejquery']=!empty($_POST['disablejquery']); writeConfig(); echo ''; exit; @@ -1433,6 +1445,7 @@ function renderPage() // If we are called from the bookmarklet, we must close the popup: if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo ''; exit; } $returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' ); + $returnurl .= '#'.smallHash($linkdate); // Scroll to the link which has been edited. header('Location: '.$returnurl); // After saving the link, redirect to the page the user was on. exit; } @@ -1443,6 +1456,7 @@ function renderPage() // If we are called from the bookmarklet, we must close the popup; if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo ''; exit; } $returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' ); + $returnurl .= '#'.smallHash($_POST['lf_linkdate']); // Scroll to the link which has been edited. header('Location: '.$returnurl); // After canceling, redirect to the page the user was on. exit; } @@ -1752,7 +1766,9 @@ function buildLinkList($PAGE,$LINKSDB) $classLi = $i%2!=0 ? '' : 'publicLinkHightLight'; $link['class'] = ($link['private']==0 ? $classLi : 'private'); $link['localdate']=linkdate2locale($link['linkdate']); - $link['taglist']=explode(' ',$link['tags']); + $taglist = explode(' ',$link['tags']); + uasort($taglist, 'strcasecmp'); + $link['taglist']=$taglist; $linkDisp[$keys[$i]] = $link; $i++; } @@ -1938,6 +1954,11 @@ function lazyThumbnail($url,$href=false) $html=''; // Lazy image (only loaded by javascript when in the viewport). + if (!empty($GLOBALS['disablejquery'])) // (except if jQuery is disabled) + $html.='Sessions do not seem to work correctly on your server.
'; + echo 'Make sure the variable session.save_path is set correctly in your php config, and that you have write access to it.
'; + echo 'It currently points to '.session_save_path().'

Click to try again.'; + die; + } + if (!isset($_SESSION['session_tested'])) + { // Step 1 : Try to store data in session and reload page. + $_SESSION['session_tested'] = 'Working'; // Try to set a variable in session. + header('Location: '.indexUrl().'?test_session'); // Redirect to check stored data. + } + if (isset($_GET['test_session'])) + { // Step 3: Sessions are ok. Remove test parameter from URL. + header('Location: '.indexUrl()); + } + + if (!empty($_POST['setlogin']) && !empty($_POST['setpassword'])) { $tz = 'UTC'; @@ -2030,8 +2073,8 @@ function templateTZform($ptz=false) foreach($continents as $continent) $continents_html.=''; $cities_html = $cities[$pcontinent]; - $timezone_form = "Continent:

"; - $timezone_form .= "City:

"; + $timezone_form = "Continent: "; + $timezone_form .= "    City:
"; $timezone_js = "