X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=dfebdcad312c58dedaebf0ee893499fd050d5e26;hb=be3f0b4ec361f63a6fa4ed8291c912c9a426cd16;hp=818fa680a347009c5596d55fa1472fa4185787a9;hpb=aa69403cfff6734243f74a14251afd775bacc11a;p=github%2Fshaarli%2FShaarli.git diff --git a/index.php b/index.php index 818fa680..dfebdcad 100644 --- a/index.php +++ b/index.php @@ -1,5 +1,5 @@ '); // Suffix to encapsulate data in PHP code. // http://server.com/x/shaarli --> /shaarli/ @@ -113,6 +113,53 @@ define('STAY_SIGNED_IN_TOKEN', sha1($GLOBALS['hash'].$_SERVER["REMOTE_ADDR"].$GL autoLocale(); // Sniff browser language and set date format accordingly. header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling. +//================================================================================================== +// Checking session state (i.e. is the user still logged in) +//================================================================================================== + +function setup_login_state() { + $userIsLoggedIn = false; // By default, we do not consider the user as logged in; + $loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met. + if ($GLOBALS['config']['OPEN_SHAARLI']) { + $userIsLoggedIn = true; + } + if (!isset($GLOBALS['login'])) { + $userIsLoggedIn = false; // Shaarli is not configured yet. + $loginFailure = true; + } + if (isset($_COOKIE['shaarli_staySignedIn']) && + $_COOKIE['shaarli_staySignedIn']===STAY_SIGNED_IN_TOKEN && + !$loginFailure) + { + fillSessionInfo(); + $userIsLoggedIn = true; + } + // If session does not exist on server side, or IP address has changed, or session has expired, logout. + if (empty($_SESSION['uid']) || + ($GLOBALS['disablesessionprotection']==false && $_SESSION['ip']!=allIPs()) || + time() >= $_SESSION['expires_on']) + { + logout(); + $userIsLoggedIn = false; + $loginFailure = true; + } + if (!empty($_SESSION['longlastingsession'])) { + $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // In case of "Stay signed in" checked. + } + else { + $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Standard session expiration date. + } + if (!$loginFailure) { + $userIsLoggedIn = true; + } + + return $userIsLoggedIn; +} +//================================================================================================== +$userIsLoggedIn = setup_login_state(); +//================================================================================================== +//================================================================================================== + // Check PHP version function checkphpversion() { @@ -316,30 +363,19 @@ function check_auth($login,$password) // Returns true if the user is logged in. function isLoggedIn() { - if ($GLOBALS['config']['OPEN_SHAARLI']) return true; - - if (!isset($GLOBALS['login'])) return false; // Shaarli is not configured yet. - - if (@$_COOKIE['shaarli_staySignedIn']===STAY_SIGNED_IN_TOKEN) - { - fillSessionInfo(); - return true; - } - // If session does not exist on server side, or IP address has changed, or session has expired, logout. - if (empty($_SESSION['uid']) || ($GLOBALS['disablesessionprotection']==false && $_SESSION['ip']!=allIPs()) || time()>=$_SESSION['expires_on']) - { - logout(); - return false; - } - if (!empty($_SESSION['longlastingsession'])) $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // In case of "Stay signed in" checked. - else $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Standard session expiration date. - - return true; + global $userIsLoggedIn; + return $userIsLoggedIn; } // Force logout. -function logout() { if (isset($_SESSION)) { unset($_SESSION['uid']); unset($_SESSION['ip']); unset($_SESSION['username']); unset($_SESSION['privateonly']); } -setcookie('shaarli_staySignedIn', FALSE, 0, WEB_PATH); +function logout() { + if (isset($_SESSION)) { + unset($_SESSION['uid']); + unset($_SESSION['ip']); + unset($_SESSION['username']); + unset($_SESSION['privateonly']); + } + setcookie('shaarli_staySignedIn', FALSE, 0, WEB_PATH); } @@ -1550,7 +1586,37 @@ function renderPage() // If we are called from the bookmarklet, we must close the popup: if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo ''; exit; } - header('Location: ?'); // After deleting the link, redirect to the home page. + // Pick where we're going to redirect + // ============================================================= + // Basically, we can't redirect to where we were previously if it was a permalink + // or an edit_link, because it would 404. + // Cases: + // - / : nothing in $_GET, redirect to self + // - /?page : redirect to self + // - /?searchterm : redirect to self (there might be other links) + // - /?searchtags : redirect to self + // - /permalink : redirect to / (the link does not exist anymore) + // - /?edit_link : redirect to / (the link does not exist anymore) + // PHP treats the permalink as a $_GET variable, so we need to check if every condition for self + // redirect is not satisfied, and only then redirect to / + $location = "?"; + // Self redirection + if (count($_GET) == 0 || + isset($_GET['page']) || + isset($_GET['searchterm']) || + isset($_GET['searchtags'])) { + + if (isset($_POST['returnurl'])) { + $location = $_POST['returnurl']; // Handle redirects given by the form + } + + if ($location === "?" && + isset($_SERVER['HTTP_REFERER'])) { // Handle HTTP_REFERER in case we're not coming from the same place. + $location = $_SERVER['HTTP_REFERER']; + } + } + + header('Location: ' . $location); // After deleting the link, redirect to appropriate location exit; } @@ -2044,7 +2110,6 @@ function thumbnail($url,$href=false) return $html; } - // Returns the HTML code to display a thumbnail for a link // for the picture wall (using lazy image loading) // Understands various services (youtube.com...)