X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=cda918df82c45a7dd56d90280eb7e8bc6a2e53d3;hb=a056d988e7c4e6610fbfc0d6207d2809998574af;hp=8b5ba334498dc161011f6c9f46f30055e3c194a5;hpb=2f32d0746b55243477837d5713e8d28056bb2f90;p=github%2Fshaarli%2FShaarli.git diff --git a/index.php b/index.php index 8b5ba334..cda918df 100644 --- a/index.php +++ b/index.php @@ -1,5 +1,5 @@ '); // Suffix to encapsulate data in PHP code. // http://server.com/x/shaarli --> /shaarli/ @@ -112,6 +113,53 @@ define('STAY_SIGNED_IN_TOKEN', sha1($GLOBALS['hash'].$_SERVER["REMOTE_ADDR"].$GL autoLocale(); // Sniff browser language and set date format accordingly. header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling. +//================================================================================================== +// Checking session state (i.e. is the user still logged in) +//================================================================================================== + +function setup_login_state() { + $userIsLoggedIn = false; // By default, we do not consider the user as logged in; + $loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met. + if ($GLOBALS['config']['OPEN_SHAARLI']) { + $userIsLoggedIn = true; + } + if (!isset($GLOBALS['login'])) { + $userIsLoggedIn = false; // Shaarli is not configured yet. + $loginFailure = true; + } + if (isset($_COOKIE['shaarli_staySignedIn']) && + $_COOKIE['shaarli_staySignedIn']===STAY_SIGNED_IN_TOKEN && + !$loginFailure) + { + fillSessionInfo(); + $userIsLoggedIn = true; + } + // If session does not exist on server side, or IP address has changed, or session has expired, logout. + if (empty($_SESSION['uid']) || + ($GLOBALS['disablesessionprotection']==false && $_SESSION['ip']!=allIPs()) || + time() >= $_SESSION['expires_on']) + { + logout(); + $userIsLoggedIn = false; + $loginFailure = true; + } + if (!empty($_SESSION['longlastingsession'])) { + $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // In case of "Stay signed in" checked. + } + else { + $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Standard session expiration date. + } + if (!$loginFailure) { + $userIsLoggedIn = true; + } + + return $userIsLoggedIn; +} +//================================================================================================== +$userIsLoggedIn = setup_login_state(); +//================================================================================================== +//================================================================================================== + // Check PHP version function checkphpversion() { @@ -130,13 +178,14 @@ function checkphpversion() function checkUpdate() { if (!isLoggedIn()) return ''; // Do not check versions for visitors. + if (empty($GLOBALS['config']['ENABLE_UPDATECHECK'])) return ''; // Do not check if the user doesn't want to. // Get latest version number at most once a day. if (!is_file($GLOBALS['config']['UPDATECHECK_FILENAME']) || (filemtime($GLOBALS['config']['UPDATECHECK_FILENAME'])','',str_replace('=$_SESSION['expires_on']) - { - logout(); - return false; - } - if (!empty($_SESSION['longlastingsession'])) $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // In case of "Stay signed in" checked. - else $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Standard session expiration date. - - return true; + global $userIsLoggedIn; + return $userIsLoggedIn; } // Force logout. -function logout() { if (isset($_SESSION)) { unset($_SESSION['uid']); unset($_SESSION['ip']); unset($_SESSION['username']); unset($_SESSION['privateonly']); } -setcookie('shaarli_staySignedIn', FALSE, 0, WEB_PATH); +function logout() { + if (isset($_SESSION)) { + unset($_SESSION['uid']); + unset($_SESSION['ip']); + unset($_SESSION['username']); + unset($_SESSION['privateonly']); + } + setcookie('shaarli_staySignedIn', FALSE, 0, WEB_PATH); } @@ -430,7 +468,7 @@ if (isset($_POST['login'])) ban_loginFailed(); $redir = ''; if (isset($_GET['post'])) { $redir = '&post='.urlencode($_GET['post']).(!empty($_GET['title'])?'&title='.urlencode($_GET['title']):'').(!empty($_GET['description'])?'&description='.urlencode($_GET['description']):'').(!empty($_GET['source'])?'&source='.urlencode($_GET['source']):''); } - echo ''; // Redirect to login screen. + echo ''; // Redirect to login screen. exit; } } @@ -894,7 +932,8 @@ function showRSS() // $usepermalink : If true, use permalink instead of final link. // User just has to add 'permalink' in URL parameters. e.g. http://mysite.com/shaarli/?do=rss&permalinks - $usepermalinks = isset($_GET['permalinks']); + // Also enabled through a config option + $usepermalinks = isset($_GET['permalinks']) || !$GLOBALS['config']['ENABLE_RSS_PERMALINKS']; // Cache system $query = $_SERVER["QUERY_STRING"]; @@ -936,7 +975,7 @@ function showRSS() $absurl = htmlspecialchars($link['url']); if (startsWith($absurl,'?')) $absurl=$pageaddr.$absurl; // make permalink URL absolute if ($usepermalinks===true) - echo ''.htmlspecialchars($link['title']).''.$guid.''.$guid.''; + echo ''.htmlspecialchars($link['title']).''.$guid.''.$guid.''; else echo ''.htmlspecialchars($link['title']).''.$guid.''.$absurl.''; if (!$GLOBALS['config']['HIDE_TIMESTAMPS'] || isLoggedIn()) echo ''.htmlspecialchars($rfc822date)."\n"; @@ -968,7 +1007,7 @@ function showATOM() // $usepermalink : If true, use permalink instead of final link. // User just has to add 'permalink' in URL parameters. e.g. http://mysite.com/shaarli/?do=atom&permalinks - $usepermalinks = isset($_GET['permalinks']); + $usepermalinks = isset($_GET['permalinks']) || !$GLOBALS['config']['ENABLE_RSS_PERMALINKS']; // Cache system $query = $_SERVER["QUERY_STRING"]; @@ -1151,6 +1190,7 @@ function showDaily() $linksToDisplay[$key]['taglist']=$taglist; $linksToDisplay[$key]['formatedDescription']=nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($link['description'])))); $linksToDisplay[$key]['thumbnail'] = thumbnail($link['url']); + $linksToDisplay[$key]['localdate'] = linkdate2locale($link['linkdate']); } /* We need to spread the articles on 3 columns. @@ -1387,12 +1427,12 @@ function renderPage() // Make sure old password is correct. $oldhash = sha1($_POST['oldpassword'].$GLOBALS['login'].$GLOBALS['salt']); - if ($oldhash!=$GLOBALS['hash']) { echo ''; exit; } + if ($oldhash!=$GLOBALS['hash']) { echo ''; exit; } // Save new password $GLOBALS['salt'] = sha1(uniqid('',true).'_'.mt_rand()); // Salt renders rainbow-tables attacks useless. $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']); writeConfig(); - echo ''; + echo ''; exit; } else // show the change password form. @@ -1422,8 +1462,10 @@ function renderPage() $GLOBALS['disablesessionprotection']=!empty($_POST['disablesessionprotection']); $GLOBALS['disablejquery']=!empty($_POST['disablejquery']); $GLOBALS['privateLinkByDefault']=!empty($_POST['privateLinkByDefault']); + $GLOBALS['config']['ENABLE_RSS_PERMALINKS']= !empty($_POST['enableRssPermalinks']); + $GLOBALS['config']['ENABLE_UPDATECHECK'] = !empty($_POST['updateCheck']); writeConfig(); - echo ''; + echo ''; exit; } else // Show the configuration form. @@ -1467,7 +1509,7 @@ function renderPage() $LINKSDB[$key]=$value; } $LINKSDB->savedb(); // Save to disk. - echo ''; + echo ''; exit; } @@ -1484,7 +1526,7 @@ function renderPage() $LINKSDB[$key]=$value; } $LINKSDB->savedb(); // Save to disk. - echo ''; + echo ''; exit; } } @@ -1515,9 +1557,10 @@ function renderPage() pubsubhub(); // If we are called from the bookmarklet, we must close the popup: - if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo ''; exit; } + if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo ''; exit; } $returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' ); $returnurl .= '#'.smallHash($linkdate); // Scroll to the link which has been edited. + if (strstr($returnurl, "do=addlink")) { $returnurl = '?'; } //if we come from ?do=addlink, set returnurl to homepage instead header('Location: '.$returnurl); // After saving the link, redirect to the page the user was on. exit; } @@ -1526,7 +1569,7 @@ function renderPage() if (isset($_POST['cancel_edit'])) { // If we are called from the bookmarklet, we must close the popup: - if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo ''; exit; } + if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo ''; exit; } $returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' ); $returnurl .= '#'.smallHash($_POST['lf_linkdate']); // Scroll to the link which has been edited. header('Location: '.$returnurl); // After canceling, redirect to the page the user was on. @@ -1545,8 +1588,38 @@ function renderPage() $LINKSDB->savedb(); // save to disk // If we are called from the bookmarklet, we must close the popup: - if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo ''; exit; } - header('Location: ?'); // After deleting the link, redirect to the home page. + if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo ''; exit; } + // Pick where we're going to redirect + // ============================================================= + // Basically, we can't redirect to where we were previously if it was a permalink + // or an edit_link, because it would 404. + // Cases: + // - / : nothing in $_GET, redirect to self + // - /?page : redirect to self + // - /?searchterm : redirect to self (there might be other links) + // - /?searchtags : redirect to self + // - /permalink : redirect to / (the link does not exist anymore) + // - /?edit_link : redirect to / (the link does not exist anymore) + // PHP treats the permalink as a $_GET variable, so we need to check if every condition for self + // redirect is not satisfied, and only then redirect to / + $location = "?"; + // Self redirection + if (count($_GET) == 0 || + isset($_GET['page']) || + isset($_GET['searchterm']) || + isset($_GET['searchtags'])) { + + if (isset($_POST['returnurl'])) { + $location = $_POST['returnurl']; // Handle redirects given by the form + } + + if ($location === "?" && + isset($_SERVER['HTTP_REFERER'])) { // Handle HTTP_REFERER in case we're not coming from the same place. + $location = $_SERVER['HTTP_REFERER']; + } + } + + header('Location: ' . $location); // After deleting the link, redirect to appropriate location exit; } @@ -1570,10 +1643,13 @@ function renderPage() { $url=$_GET['post']; - // We remove the annoying parameters added by FeedBurner and GoogleFeedProxy (?utm_source=...) - $i=strpos($url,'&utm_source='); if ($i!==false) $url=substr($url,0,$i); - $i=strpos($url,'?utm_source='); if ($i!==false) $url=substr($url,0,$i); - $i=strpos($url,'#xtor=RSS-'); if ($i!==false) $url=substr($url,0,$i); + + // We remove the annoying parameters added by FeedBurner, GoogleFeedProxy, Facebook... + $annoyingpatterns = array('/[\?&]utm_source=[^&]*/', '/[\?&]utm_campaign=[^&]*/', '/[\?&]utm_medium=[^&]*/', '/#xtor=RSS-[^&]*/', '/[\?&]fb_[^&]*/', '/[\?&]__scoop[^&]*/', '/#tk\.rss_all\?/', '/[\?&]action_ref_map=[^&]*/', '/[\?&]action_type_map=[^&]*/', '/[\?&]action_object_map=[^&]*/'); + foreach($annoyingpatterns as $pattern) + { + $url = preg_replace($pattern, "", $url); + } $link_is_new = false; $link = $LINKSDB->getLinkFromUrl($url); // Check if URL is not already in database (in this case, we will edit the existing link) @@ -1681,7 +1757,7 @@ HTML; if (!isset($_POST['token']) || (!isset($_FILES)) || (isset($_FILES['filetoupload']['size']) && $_FILES['filetoupload']['size']==0)) { $returnurl = ( empty($_SERVER['HTTP_REFERER']) ? '?' : $_SERVER['HTTP_REFERER'] ); - echo ''; + echo ''; exit; } if (!tokenOk($_POST['token'])) die('Wrong token.'); @@ -1785,11 +1861,11 @@ function importFile() } $LINKSDB->savedb(); - echo ''; + echo ''; } else { - echo ''; + echo ''; } } @@ -2040,7 +2116,6 @@ function thumbnail($url,$href=false) return $html; } - // Returns the HTML code to display a thumbnail for a link // for the picture wall (using lazy image loading) // Understands various services (youtube.com...) @@ -2054,11 +2129,8 @@ function lazyThumbnail($url,$href=false) $html=''; - // Lazy image (only loaded by JavaScript when in the viewport). - if (!empty($GLOBALS['disablejquery'])) // (except if jQuery is disabled) - $html.='alert("Shaarli is now configured. Please enter your login/password and start shaaring your links!");document.location=\'?do=login\';'; + echo ''; exit; } // Display config form: list($timezone_form,$timezone_js) = templateTZform(); - $timezone_html=''; if ($timezone_form!='') $timezone_html='Timezone:'.$timezone_form.''; + $timezone_html=''; if ($timezone_form!='') $timezone_html='Timezone:'.$timezone_form.''; $PAGE = new pageBuilder; $PAGE->assign('timezone_html',$timezone_html); @@ -2177,7 +2250,7 @@ function templateTZform($ptz=false) $cities_html = $cities[$pcontinent]; $timezone_form = "Continent: "; $timezone_form .= "    City:
"; - $timezone_js = "" ; @@ -2289,10 +2362,12 @@ function writeConfig() $config .= '$GLOBALS[\'disablesessionprotection\']='.var_export($GLOBALS['disablesessionprotection'],true).'; '; $config .= '$GLOBALS[\'disablejquery\']='.var_export($GLOBALS['disablejquery'],true).'; '; $config .= '$GLOBALS[\'privateLinkByDefault\']='.var_export($GLOBALS['privateLinkByDefault'],true).'; '; + $config .= '$GLOBALS[\'config\'][\'ENABLE_RSS_PERMALINKS\']='.var_export($GLOBALS['config']['ENABLE_RSS_PERMALINKS'], true).'; '; + $config .= '$GLOBALS[\'config\'][\'ENABLE_UPDATECHECK\']='.var_export($GLOBALS['config']['ENABLE_UPDATECHECK'], true).'; '; $config .= ' ?>'; if (!file_put_contents($GLOBALS['config']['CONFIG_FILE'],$config) || strcmp(file_get_contents($GLOBALS['config']['CONFIG_FILE']),$config)!=0) { - echo ''; + echo ''; exit; } }