X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=99c37652c78b82be53097f98e0bce2ff1152dddd;hb=dbcad7406eedaeba259a6e1584ba3b0823115c8d;hp=38958a79f199b1104acadf81fd7f4573df00c553;hpb=e5aab50ac4b76a167fa1938e318e77e5c7e4c855;p=github%2Fshaarli%2FShaarli.git
diff --git a/index.php b/index.php
index 38958a79..99c37652 100644
--- a/index.php
+++ b/index.php
@@ -1,5 +1,5 @@
'); // Suffix to encapsulate data in PHP code.
// http://server.com/x/shaarli --> /shaarli/
@@ -47,7 +48,7 @@ define('WEB_PATH', substr($_SERVER["REQUEST_URI"], 0, 1+strrpos($_SERVER["REQUES
// Force cookie path (but do not change lifetime)
$cookie=session_get_cookie_params();
$cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
-session_set_cookie_params($cookie['lifetime'],$cookiedir,$_SERVER['HTTP_HOST']); // Set default cookie expiration and path.
+session_set_cookie_params($cookie['lifetime'],$cookiedir,$_SERVER['SERVER_NAME']); // Set default cookie expiration and path.
// Set session parameters on server side.
define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired.
@@ -89,7 +90,7 @@ header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
// Directories creations (Note that your web host may require different rights than 705.)
-if (!is_writable(realpath(dirname(__FILE__)))) die('
ERROR: Shaarli does not have the right to write in its own directory ('.realpath(dirname(__FILE__)).').
ERROR: Shaarli does not have the right to write in its own directory.
');
// Handling of old config file which do not have the new parameters.
if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.htmlspecialchars(indexUrl());
@@ -112,13 +113,60 @@ define('STAY_SIGNED_IN_TOKEN', sha1($GLOBALS['hash'].$_SERVER["REMOTE_ADDR"].$GL
autoLocale(); // Sniff browser language and set date format accordingly.
header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling.
+//==================================================================================================
+// Checking session state (i.e. is the user still logged in)
+//==================================================================================================
+
+function setup_login_state() {
+ $userIsLoggedIn = false; // By default, we do not consider the user as logged in;
+ $loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met.
+ if ($GLOBALS['config']['OPEN_SHAARLI']) {
+ $userIsLoggedIn = true;
+ }
+ if (!isset($GLOBALS['login'])) {
+ $userIsLoggedIn = false; // Shaarli is not configured yet.
+ $loginFailure = true;
+ }
+ if (isset($_COOKIE['shaarli_staySignedIn']) &&
+ $_COOKIE['shaarli_staySignedIn']===STAY_SIGNED_IN_TOKEN &&
+ !$loginFailure)
+ {
+ fillSessionInfo();
+ $userIsLoggedIn = true;
+ }
+ // If session does not exist on server side, or IP address has changed, or session has expired, logout.
+ if (empty($_SESSION['uid']) ||
+ ($GLOBALS['disablesessionprotection']==false && $_SESSION['ip']!=allIPs()) ||
+ time() >= $_SESSION['expires_on'])
+ {
+ logout();
+ $userIsLoggedIn = false;
+ $loginFailure = true;
+ }
+ if (!empty($_SESSION['longlastingsession'])) {
+ $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // In case of "Stay signed in" checked.
+ }
+ else {
+ $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Standard session expiration date.
+ }
+ if (!$loginFailure) {
+ $userIsLoggedIn = true;
+ }
+
+ return $userIsLoggedIn;
+}
+//==================================================================================================
+$userIsLoggedIn = setup_login_state();
+//==================================================================================================
+//==================================================================================================
+
// Check PHP version
function checkphpversion()
{
if (version_compare(PHP_VERSION, '5.1.0') < 0)
{
header('Content-Type: text/plain; charset=utf-8');
- echo 'Your server supports PHP '.PHP_VERSION.'. Shaarli requires at least php 5.1.0, and thus cannot run. Sorry.';
+ echo 'Your PHP version is obsolete! Shaarli requires at least php 5.1.0, and thus cannot run. Sorry. Your PHP version has known security vulnerabilities and should be updated as soon as possible.';
exit;
}
}
@@ -130,13 +178,14 @@ function checkphpversion()
function checkUpdate()
{
if (!isLoggedIn()) return ''; // Do not check versions for visitors.
+ if (empty($GLOBALS['config']['ENABLE_UPDATECHECK'])) return ''; // Do not check if the user doesn't want to.
// Get latest version number at most once a day.
if (!is_file($GLOBALS['config']['UPDATECHECK_FILENAME']) || (filemtime($GLOBALS['config']['UPDATECHECK_FILENAME'])