'. t('Insufficient permissions:') .'
- ';
foreach ($errors as $error) {
$message .= '
- '.$error.' '; @@ -165,242 +174,68 @@ if (! is_file($conf->getConfigFile())) { } // Display the installation form if no existing config is found - install(); -} - -// FIXME! Update these value with Updater and escpae it during the install/config save. -$conf->set('title', escape($conf->get('title'))); -$conf->set('titleLink', escape($conf->get('titleLink'))); -$conf->set('redirector', escape($conf->get('redirector'))); - -// a token depending of deployment salt, user password, and the current ip -define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('salt'))); - -// Sniff browser language and set date format accordingly. -if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { - autoLocale($_SERVER['HTTP_ACCEPT_LANGUAGE']); -} -header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling. - -//================================================================================================== -// Checking session state (i.e. is the user still logged in) -//================================================================================================== - -function setup_login_state() { - $conf = ConfigManager::getInstance(); - - if ($conf->get('config.OPEN_SHAARLI')) { - return true; - } - $userIsLoggedIn = false; // By default, we do not consider the user as logged in; - $loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met. - if (! $conf->exists('login')) { - $userIsLoggedIn = false; // Shaarli is not configured yet. - $loginFailure = true; - } - if (isset($_COOKIE['shaarli_staySignedIn']) && - $_COOKIE['shaarli_staySignedIn']===STAY_SIGNED_IN_TOKEN && - !$loginFailure) - { - fillSessionInfo(); - $userIsLoggedIn = true; - } - // If session does not exist on server side, or IP address has changed, or session has expired, logout. - if (empty($_SESSION['uid']) - || ($conf->get('disablesessionprotection') == false && $_SESSION['ip'] != allIPs()) - || time() >= $_SESSION['expires_on']) - { - logout(); - $userIsLoggedIn = false; - $loginFailure = true; - } - if (!empty($_SESSION['longlastingsession'])) { - $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // In case of "Stay signed in" checked. - } - else { - $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Standard session expiration date. - } - if (!$loginFailure) { - $userIsLoggedIn = true; - } - - return $userIsLoggedIn; -} -$userIsLoggedIn = setup_login_state(); - -// ------------------------------------------------------------------------------------------ -// PubSubHubbub protocol support (if enabled) [UNTESTED] -// (Source: http://aldarone.fr/les-flux-rss-shaarli-et-pubsubhubbub/ ) -function pubsubhub() -{ - $conf = ConfigManager::getInstance(); - $pshUrl = $conf->get('config.PUBSUBHUB_URL'); - if (!empty($pshUrl)) - { - include_once './publisher.php'; - $p = new Publisher($pshUrl); - $topic_url = array ( - index_url($_SERVER).'?do=atom', - index_url($_SERVER).'?do=rss' - ); - $p->publish_update($topic_url); - } -} - -// ------------------------------------------------------------------------------------------ -// Session management - -// Returns the IP address of the client (Used to prevent session cookie hijacking.) -function allIPs() -{ - $ip = $_SERVER['REMOTE_ADDR']; - // Then we use more HTTP headers to prevent session hijacking from users behind the same proxy. - if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip=$ip.'_'.$_SERVER['HTTP_X_FORWARDED_FOR']; } - if (isset($_SERVER['HTTP_CLIENT_IP'])) { $ip=$ip.'_'.$_SERVER['HTTP_CLIENT_IP']; } - return $ip; -} - -function fillSessionInfo() { - $conf = ConfigManager::getInstance(); - $_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand()); // Generate unique random number (different than phpsessionid) - $_SESSION['ip']=allIPs(); // We store IP address(es) of the client to make sure session is not hijacked. - $_SESSION['username']= $conf->get('login'); - $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Set session expiration. + install($conf, $sessionManager); } -// Check that user/password is correct. -function check_auth($login,$password) -{ - $conf = ConfigManager::getInstance(); - $hash = sha1($password . $login . $conf->get('salt')); - if ($login == $conf->get('login') && $hash == $conf->get('hash')) - { // Login/password is correct. - fillSessionInfo(); - logm($conf->get('config.LOG_FILE'), $_SERVER['REMOTE_ADDR'], 'Login successful'); - return True; - } - logm($conf->get('config.LOG_FILE'), $_SERVER['REMOTE_ADDR'], 'Login failed for user '.$login); - return False; -} +$loginManager->checkLoginState($_COOKIE, $clientIpId); -// Returns true if the user is logged in. +/** + * Adapter function to ensure compatibility with third-party templates + * + * @see https://github.com/shaarli/Shaarli/pull/1086 + * + * @return bool true when the user is logged in, false otherwise + */ function isLoggedIn() { - global $userIsLoggedIn; - return $userIsLoggedIn; -} - -// Force logout. -function logout() { - if (isset($_SESSION)) { - unset($_SESSION['uid']); - unset($_SESSION['ip']); - unset($_SESSION['username']); - unset($_SESSION['privateonly']); - } - setcookie('shaarli_staySignedIn', FALSE, 0, WEB_PATH); + global $loginManager; + return $loginManager->isLoggedIn(); } // ------------------------------------------------------------------------------------------ -// Brute force protection system -// Several consecutive failed logins will ban the IP address for 30 minutes. -if (!is_file($conf->get('config.IPBANS_FILENAME', 'data/ipbans.php'))) { - // FIXME! globals - file_put_contents( - $conf->get('config.IPBANS_FILENAME', 'data/ipbans.php'), - "array(),'BANS'=>array()),true).";\n?>" - ); -} -include $conf->get('config.IPBANS_FILENAME', 'data/ipbans.php'); -// Signal a failed login. Will ban the IP if too many failures: -function ban_loginFailed() -{ - $conf = ConfigManager::getInstance(); - $ip = $_SERVER['REMOTE_ADDR']; - $gb = $GLOBALS['IPBANS']; - if (!isset($gb['FAILURES'][$ip])) $gb['FAILURES'][$ip]=0; - $gb['FAILURES'][$ip]++; - if ($gb['FAILURES'][$ip] > ($conf->get('config.BAN_AFTER') - 1)) - { - $gb['BANS'][$ip] = time() + $conf->get('config.BAN_DURATION', 1800); - logm($conf->get('config.LOG_FILE'), $_SERVER['REMOTE_ADDR'], 'IP address banned from login'); - } - $GLOBALS['IPBANS'] = $gb; - file_put_contents( - $conf->get('config.IPBANS_FILENAME', 'data/ipbans.php'), - "" - ); -} +// Process login form: Check if login/password is correct. +if (isset($_POST['login'])) { + if (! $loginManager->canLogin($_SERVER)) { + die(t('I said: NO. You are banned for the moment. Go away.')); + } + if (isset($_POST['password']) + && $sessionManager->checkToken($_POST['token']) + && $loginManager->checkCredentials($_SERVER['REMOTE_ADDR'], $clientIpId, $_POST['login'], $_POST['password']) + ) { + $loginManager->handleSuccessfulLogin($_SERVER); + + $cookiedir = ''; + if (dirname($_SERVER['SCRIPT_NAME']) != '/') { + // Note: Never forget the trailing slash on the cookie path! + $cookiedir = dirname($_SERVER["SCRIPT_NAME"]) . '/'; + } -// Signals a successful login. Resets failed login counter. -function ban_loginOk() -{ - $conf = ConfigManager::getInstance(); - $ip = $_SERVER['REMOTE_ADDR']; - $gb = $GLOBALS['IPBANS']; - unset($gb['FAILURES'][$ip]); unset($gb['BANS'][$ip]); - $GLOBALS['IPBANS'] = $gb; - file_put_contents( - $conf->get('config.IPBANS_FILENAME', 'data/ipbans.php'), - "" - ); -} + if (!empty($_POST['longlastingsession'])) { + // Keep the session cookie even after the browser closes + $sessionManager->setStaySignedIn(true); + $expirationTime = $sessionManager->extendSession(); -// Checks if the user CAN login. If 'true', the user can try to login. -function ban_canLogin() -{ - $conf = ConfigManager::getInstance(); - $ip=$_SERVER["REMOTE_ADDR"]; $gb=$GLOBALS['IPBANS']; - if (isset($gb['BANS'][$ip])) - { - // User is banned. Check if the ban has expired: - if ($gb['BANS'][$ip]<=time()) - { // Ban expired, user can try to login again. - logm($conf->get('config.LOG_FILE'), $_SERVER['REMOTE_ADDR'], 'Ban lifted.'); - unset($gb['FAILURES'][$ip]); unset($gb['BANS'][$ip]); - file_put_contents( - $conf->get('config.IPBANS_FILENAME', 'data/ipbans.php'), - "" + setcookie( + $loginManager::$STAY_SIGNED_IN_COOKIE, + $loginManager->getStaySignedInToken(), + $expirationTime, + WEB_PATH ); - return true; // Ban has expired, user can login. - } - return false; // User is banned. - } - return true; // User is not banned. -} -// ------------------------------------------------------------------------------------------ -// Process login form: Check if login/password is correct. -if (isset($_POST['login'])) -{ - if (!ban_canLogin()) die('I said: NO. You are banned for the moment. Go away.'); - if (isset($_POST['password']) && tokenOk($_POST['token']) && (check_auth($_POST['login'], $_POST['password']))) - { // Login/password is OK. - ban_loginOk(); - // If user wants to keep the session cookie even after the browser closes: - if (!empty($_POST['longlastingsession'])) - { - setcookie('shaarli_staySignedIn', STAY_SIGNED_IN_TOKEN, time()+31536000, WEB_PATH); - $_SESSION['longlastingsession']=31536000; // (31536000 seconds = 1 year) - $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // Set session expiration on server-side. - - $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; - session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir,$_SERVER['SERVER_NAME']); // Set session cookie expiration on client side - // Note: Never forget the trailing slash on the cookie path! - session_regenerate_id(true); // Send cookie with new expiration date to browser. - } - else // Standard session expiration (=when browser closes) - { - $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; - session_set_cookie_params(0,$cookiedir,$_SERVER['SERVER_NAME']); // 0 means "When browser closes" - session_regenerate_id(true); + } else { + // Standard session expiration (=when browser closes) + $expirationTime = 0; } + // Send cookie with the new expiration date to the browser + session_set_cookie_params($expirationTime, $cookiedir, $_SERVER['SERVER_NAME']); + session_regenerate_id(true); + // Optional redirect after login: if (isset($_GET['post'])) { $uri = '?post='. urlencode($_GET['post']); - foreach (array('description', 'source', 'title') as $param) { + foreach (array('description', 'source', 'title', 'tags') as $param) { if (!empty($_GET[$param])) { $uri .= '&'.$param.'='.urlencode($_GET[$param]); } @@ -422,90 +257,43 @@ if (isset($_POST['login'])) } } header('Location: ?'); exit; - } - else - { - ban_loginFailed(); - $redir = '&username='. $_POST['login']; + } else { + $loginManager->handleFailedLogin($_SERVER); + $redir = '&username='. urlencode($_POST['login']); if (isset($_GET['post'])) { $redir .= '&post=' . urlencode($_GET['post']); - foreach (array('description', 'source', 'title') as $param) { + foreach (array('description', 'source', 'title', 'tags') as $param) { if (!empty($_GET[$param])) { $redir .= '&' . $param . '=' . urlencode($_GET[$param]); } } } - echo ''; // Redirect to login screen. + // Redirect to login screen. + echo ''; exit; } } -// ------------------------------------------------------------------------------------------ -// Misc utility functions: - -// Convert post_max_size/upload_max_filesize (e.g. '16M') parameters to bytes. -function return_bytes($val) -{ - $val = trim($val); $last=strtolower($val[strlen($val)-1]); - switch($last) - { - case 'g': $val *= 1024; - case 'm': $val *= 1024; - case 'k': $val *= 1024; - } - return $val; -} - -// Try to determine max file size for uploads (POST). -// Returns an integer (in bytes) -function getMaxFileSize() -{ - $size1 = return_bytes(ini_get('post_max_size')); - $size2 = return_bytes(ini_get('upload_max_filesize')); - // Return the smaller of two: - $maxsize = min($size1,$size2); - // FIXME: Then convert back to readable notations ? (e.g. 2M instead of 2000000) - return $maxsize; -} - // ------------------------------------------------------------------------------------------ // Token management for XSRF protection // Token should be used in any form which acts on data (create,update,delete,import...). if (!isset($_SESSION['tokens'])) $_SESSION['tokens']=array(); // Token are attached to the session. -// Returns a token. -function getToken() -{ - $conf = ConfigManager::getInstance(); - $rnd = sha1(uniqid('', true) .'_'. mt_rand() . $conf->get('salt')); // We generate a random string. - $_SESSION['tokens'][$rnd]=1; // Store it on the server side. - return $rnd; -} - -// Tells if a token is OK. Using this function will destroy the token. -// true=token is OK. -function tokenOk($token) -{ - if (isset($_SESSION['tokens'][$token])) - { - unset($_SESSION['tokens'][$token]); // Token is used: destroy it. - return true; // Token is OK. - } - return false; // Wrong token, or already used. -} - -// ------------------------------------------------------------------------------------------ -// Daily RSS feed: 1 RSS entry per day giving all the links on that day. -// Gives the last 7 days (which have links). -// This RSS feed cannot be filtered. -function showDailyRSS() { - $conf = ConfigManager::getInstance(); +/** + * Daily RSS feed: 1 RSS entry per day giving all the links on that day. + * Gives the last 7 days (which have links). + * This RSS feed cannot be filtered. + * + * @param ConfigManager $conf Configuration Manager instance + * @param LoginManager $loginManager LoginManager instance + */ +function showDailyRSS($conf, $loginManager) { // Cache system $query = $_SERVER['QUERY_STRING']; $cache = new CachedPage( $conf->get('config.PAGE_CACHE'), page_url($_SERVER), - startsWith($query,'do=dailyrss') && !isLoggedIn() + startsWith($query,'do=dailyrss') && !$loginManager->isLoggedIn() ); $cached = $cache->cachedVersion(); if (!empty($cached)) { @@ -516,32 +304,27 @@ function showDailyRSS() { // If cached was not found (or not usable), then read the database and build the response: // Read links from database (and filter private links if used it not logged in). $LINKSDB = new LinkDB( - $conf->get('config.DATASTORE'), - isLoggedIn(), - $conf->get('config.HIDE_PUBLIC_LINKS'), - $conf->get('redirector'), - $conf->get('config.REDIRECTOR_URLENCODE') + $conf->get('resource.datastore'), + $loginManager->isLoggedIn(), + $conf->get('privacy.hide_public_links'), + $conf->get('redirector.url'), + $conf->get('redirector.encode_url') ); /* Some Shaarlies may have very few links, so we need to look - back in time (rsort()) until we have enough days ($nb_of_days). + back in time until we have enough days ($nb_of_days). */ - $linkdates = array(); - foreach ($LINKSDB as $linkdate => $value) { - $linkdates[] = $linkdate; - } - rsort($linkdates); $nb_of_days = 7; // We take 7 days. $today = date('Ymd'); $days = array(); - foreach ($linkdates as $linkdate) { - $day = substr($linkdate, 0, 8); // Extract day (without time) - if (strcmp($day,$today) < 0) { + foreach ($LINKSDB as $link) { + $day = $link['created']->format('Ymd'); // Extract day (without time) + if (strcmp($day, $today) < 0) { if (empty($days[$day])) { $days[$day] = array(); } - $days[$day][] = $linkdate; + $days[$day][] = $link; } if (count($days) > $nb_of_days) { @@ -554,43 +337,40 @@ function showDailyRSS() { $pageaddr = escape(index_url($_SERVER)); echo '
- ',$data) as $html) // explode is very fast - { - $link = array('linkdate'=>'','title'=>'','url'=>'','description'=>'','tags'=>'','private'=>0); - $d = explode('
- ',$html);
- if (startsWith($d[0], '(.*?)!i',$d[0],$matches); $link['title'] = (isset($matches[1]) ? trim($matches[1]) : ''); // Get title
- $link['title'] = html_entity_decode($link['title'],ENT_QUOTES,'UTF-8');
- preg_match_all('! ([A-Z_]+)=\"(.*?)"!i',$html,$matches,PREG_SET_ORDER); // Get all other attributes
- $raw_add_date=0;
- foreach($matches as $m)
- {
- $attr=$m[1]; $value=$m[2];
- if ($attr=='HREF') $link['url']=html_entity_decode($value,ENT_QUOTES,'UTF-8');
- elseif ($attr=='ADD_DATE')
- {
- $raw_add_date=intval($value);
- if ($raw_add_date>30000000000) $raw_add_date/=1000; //If larger than year 2920, then was likely stored in milliseconds instead of seconds
- }
- elseif ($attr=='PRIVATE') $link['private']=($value=='0'?0:1);
- elseif ($attr=='TAGS') $link['tags']=html_entity_decode(str_replace(',',' ',$value),ENT_QUOTES,'UTF-8');
- }
- if ($link['url']!='')
- {
- if ($private==1) $link['private']=1;
- $dblink = $LINKSDB->getLinkFromUrl($link['url']); // See if the link is already in database.
- if ($dblink==false)
- { // Link not in database, let's import it...
- if (empty($raw_add_date)) $raw_add_date=time(); // In case of shitty bookmark file with no ADD_DATE
-
- // Make sure date/time is not already used by another link.
- // (Some bookmark files have several different links with the same ADD_DATE)
- // We increment date by 1 second until we find a date which is not used in DB.
- // (so that links that have the same date/time are more or less kept grouped by date, but do not conflict.)
- while (!empty($LINKSDB[date('Ymd_His',$raw_add_date)])) { $raw_add_date++; }// Yes, I know it's ugly.
- $link['linkdate']=date('Ymd_His',$raw_add_date);
- $LINKSDB[$link['linkdate']] = $link;
- $import_count++;
- }
- else // Link already present in database.
- {
- if ($overwrite)
- { // If overwrite is required, we import link data, except date/time.
- $link['linkdate']=$dblink['linkdate'];
- $LINKSDB[$link['linkdate']] = $link;
- $import_count++;
- }
- }
-
- }
- }
- }
- $LINKSDB->savedb($conf->get('config.PAGECACHE'));
-
- echo '';
- }
- else
- {
- echo '';
- }
-}
-
/**
* Template for the list of links () * This function fills all the necessary fields in the $PAGE for the template 'linklist.html' * - * @param pageBuilder $PAGE pageBuilder instance. - * @param LinkDB $LINKSDB LinkDB instance. + * @param pageBuilder $PAGE pageBuilder instance. + * @param LinkDB $LINKSDB LinkDB instance. + * @param ConfigManager $conf Configuration Manager instance. + * @param PluginManager $pluginManager Plugin Manager instance. + * @param LoginManager $loginManager LoginManager instance */ -function buildLinkList($PAGE,$LINKSDB) +function buildLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager) { - $conf = ConfigManager::getInstance(); // Used in templates - $searchtags = !empty($_GET['searchtags']) ? escape($_GET['searchtags']) : ''; - $searchterm = !empty($_GET['searchterm']) ? escape($_GET['searchterm']) : ''; + if (isset($_GET['searchtags'])) { + if (! empty($_GET['searchtags'])) { + $searchtags = escape(normalize_spaces($_GET['searchtags'])); + } else { + $searchtags = false; + } + } else { + $searchtags = ''; + } + $searchterm = !empty($_GET['searchterm']) ? escape(normalize_spaces($_GET['searchterm'])) : ''; // Smallhash filter if (! empty($_SERVER['QUERY_STRING']) @@ -1632,8 +1526,12 @@ function buildLinkList($PAGE,$LINKSDB) } } else { // Filter links according search parameters. - $privateonly = !empty($_SESSION['privateonly']); - $linksToDisplay = $LINKSDB->filterSearch($_GET, false, $privateonly); + $visibility = ! empty($_SESSION['visibility']) ? $_SESSION['visibility'] : ''; + $request = [ + 'searchtags' => $searchtags, + 'searchterm' => $searchterm, + ]; + $linksToDisplay = $LINKSDB->filterSearch($request, false, $visibility, !empty($_SESSION['untaggedonly'])); } // ---- Handle paging. @@ -1642,11 +1540,6 @@ function buildLinkList($PAGE,$LINKSDB) $keys[] = $key; } - // If there is only a single link, we change on-the-fly the title of the page. - if (count($linksToDisplay) == 1) { - $conf->set('pagetitle', $linksToDisplay[$keys[0]]['title'] .' - '. $conf->get('title')); - } - // Select articles according to paging. $pagecount = ceil(count($keys) / $_SESSION['LINKS_PER_PAGE']); $pagecount = $pagecount == 0 ? 1 : $pagecount; @@ -1660,15 +1553,22 @@ function buildLinkList($PAGE,$LINKSDB) while ($i<$end && $i
'; @@ -1899,11 +1817,14 @@ function lazyThumbnail($url,$href=false) } -// ----------------------------------------------------------------------------------------------- -// Installation -// This function should NEVER be called if the file data/config.php exists. -function install() -{ +/** + * Installation + * This function should NEVER be called if the file data/config.php exists. + * + * @param ConfigManager $conf Configuration Manager instance. + * @param SessionManager $sessionManager SessionManager instance + */ +function install($conf, $sessionManager) { // On free.fr host, make sure the /sessions directory exists, otherwise login will not work. if (endsWith($_SERVER['HTTP_HOST'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705); @@ -1912,12 +1833,20 @@ function install() // (Because on some hosts, session.save_path may not be set correctly, // or we may not have write access to it.) if (isset($_GET['test_session']) && ( !isset($_SESSION) || !isset($_SESSION['session_tested']) || $_SESSION['session_tested']!='Working')) - { // Step 2: Check if data in session is correct. - echo '
Sessions do not seem to work correctly on your server.
'; + { + // Step 2: Check if data in session is correct. + $msg = t( + '
'; - echo 'Make sure the variable session.save_path is set correctly in your php config, and that you have write access to it.
'; - echo 'It currently points to '.session_save_path().'
'; - echo 'Check that the hostname used to access Shaarli contains a dot. On some browsers, accessing your server via a hostname like \'localhost\' or any custom hostname without a dot causes cookie storage to fail. We recommend accessing your server via it\'s IP address or Fully Qualified Domain Name.
'; - echo '
Click to try again.Sessions do not seem to work correctly on your server.
'; die; } if (!isset($_SESSION['session_tested'])) @@ -1933,28 +1862,36 @@ function install() if (!empty($_POST['setlogin']) && !empty($_POST['setpassword'])) { - $conf = ConfigManager::getInstance(); $tz = 'UTC'; if (!empty($_POST['continent']) && !empty($_POST['city']) && isTimeZoneValid($_POST['continent'], $_POST['city']) ) { $tz = $_POST['continent'].'/'.$_POST['city']; } - $conf->set('timezone', $tz); + $conf->set('general.timezone', $tz); $login = $_POST['setlogin']; - $conf->set('login', $login); + $conf->set('credentials.login', $login); $salt = sha1(uniqid('', true) .'_'. mt_rand()); - $conf->set('salt', $salt); - $conf->set('hash', sha1($_POST['setpassword'] . $login . $salt)); + $conf->set('credentials.salt', $salt); + $conf->set('credentials.hash', sha1($_POST['setpassword'] . $login . $salt)); if (!empty($_POST['title'])) { - $conf->set('title', $_POST['title']); + $conf->set('general.title', escape($_POST['title'])); } else { - $conf->set('title', 'Shared links on '.escape(index_url($_SERVER))); - } - $conf->set('config.ENABLE_UPDATECHECK', !empty($_POST['updateCheck'])); + $conf->set('general.title', 'Shared links on '.escape(index_url($_SERVER))); + } + $conf->set('translation.language', escape($_POST['language'])); + $conf->set('updates.check_updates', !empty($_POST['updateCheck'])); + $conf->set('api.enabled', !empty($_POST['enableApi'])); + $conf->set( + 'api.secret', + generate_api_secret( + $conf->get('credentials.login'), + $conf->get('credentials.salt') + ) + ); try { // Everything is ok, let's create config file. - $conf->write(isLoggedIn()); + $conf->write($loginManager->isLoggedIn()); } catch(Exception $e) { error_log( @@ -1970,37 +1907,34 @@ function install() exit; } - // Display config form: - list($timezone_form, $timezone_js) = generateTimeZoneForm(); - $timezone_html = ''; - if ($timezone_form != '') { - $timezone_html = '
'. + 'Make sure the variable "session.save_path" is set correctly in your PHP config, '. + 'and that you have write access to it.
'. + 'It currently points to %s.
'. + 'On some browsers, accessing your server via a hostname like \'localhost\' '. + 'or any custom hostname without a dot causes cookie storage to fail. '. + 'We recommend accessing your server via it\'s IP address or Fully Qualified Domain Name.
' + ); + $msg = sprintf($msg, session_save_path()); + echo $msg; + echo '
'. t('Click to try again.') .'Timezone: '.$timezone_form.'