X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=dfebdcad312c58dedaebf0ee893499fd050d5e26;hb=be3f0b4ec361f63a6fa4ed8291c912c9a426cd16;hp=b280ee9b4d54d2df4511ebea2bad234635d7cce3;hpb=cae64e52e47811a3fbef534f296b8952680d0d8f;p=github%2Fshaarli%2FShaarli.git diff --git a/index.php b/index.php index b280ee9b..dfebdcad 100644 --- a/index.php +++ b/index.php @@ -1,5 +1,5 @@ '); // Suffix to encapsulate data in PHP code. // http://server.com/x/shaarli --> /shaarli/ @@ -47,7 +48,7 @@ define('WEB_PATH', substr($_SERVER["REQUEST_URI"], 0, 1+strrpos($_SERVER["REQUES // Force cookie path (but do not change lifetime) $cookie=session_get_cookie_params(); $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; -session_set_cookie_params($cookie['lifetime'],$cookiedir,$_SERVER['HTTP_HOST']); // Set default cookie expiration and path. +session_set_cookie_params($cookie['lifetime'],$cookiedir,$_SERVER['SERVER_NAME']); // Set default cookie expiration and path. // Set session parameters on server side. define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired. @@ -112,6 +113,53 @@ define('STAY_SIGNED_IN_TOKEN', sha1($GLOBALS['hash'].$_SERVER["REMOTE_ADDR"].$GL autoLocale(); // Sniff browser language and set date format accordingly. header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling. +//================================================================================================== +// Checking session state (i.e. is the user still logged in) +//================================================================================================== + +function setup_login_state() { + $userIsLoggedIn = false; // By default, we do not consider the user as logged in; + $loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met. + if ($GLOBALS['config']['OPEN_SHAARLI']) { + $userIsLoggedIn = true; + } + if (!isset($GLOBALS['login'])) { + $userIsLoggedIn = false; // Shaarli is not configured yet. + $loginFailure = true; + } + if (isset($_COOKIE['shaarli_staySignedIn']) && + $_COOKIE['shaarli_staySignedIn']===STAY_SIGNED_IN_TOKEN && + !$loginFailure) + { + fillSessionInfo(); + $userIsLoggedIn = true; + } + // If session does not exist on server side, or IP address has changed, or session has expired, logout. + if (empty($_SESSION['uid']) || + ($GLOBALS['disablesessionprotection']==false && $_SESSION['ip']!=allIPs()) || + time() >= $_SESSION['expires_on']) + { + logout(); + $userIsLoggedIn = false; + $loginFailure = true; + } + if (!empty($_SESSION['longlastingsession'])) { + $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // In case of "Stay signed in" checked. + } + else { + $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Standard session expiration date. + } + if (!$loginFailure) { + $userIsLoggedIn = true; + } + + return $userIsLoggedIn; +} +//================================================================================================== +$userIsLoggedIn = setup_login_state(); +//================================================================================================== +//================================================================================================== + // Check PHP version function checkphpversion() { @@ -315,30 +363,19 @@ function check_auth($login,$password) // Returns true if the user is logged in. function isLoggedIn() { - if ($GLOBALS['config']['OPEN_SHAARLI']) return true; - - if (!isset($GLOBALS['login'])) return false; // Shaarli is not configured yet. - - if (@$_COOKIE['shaarli_staySignedIn']===STAY_SIGNED_IN_TOKEN) - { - fillSessionInfo(); - return true; - } - // If session does not exist on server side, or IP address has changed, or session has expired, logout. - if (empty($_SESSION['uid']) || ($GLOBALS['disablesessionprotection']==false && $_SESSION['ip']!=allIPs()) || time()>=$_SESSION['expires_on']) - { - logout(); - return false; - } - if (!empty($_SESSION['longlastingsession'])) $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // In case of "Stay signed in" checked. - else $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Standard session expiration date. - - return true; + global $userIsLoggedIn; + return $userIsLoggedIn; } // Force logout. -function logout() { if (isset($_SESSION)) { unset($_SESSION['uid']); unset($_SESSION['ip']); unset($_SESSION['username']); unset($_SESSION['privateonly']); } -setcookie('shaarli_staySignedIn', FALSE, 0, WEB_PATH); +function logout() { + if (isset($_SESSION)) { + unset($_SESSION['uid']); + unset($_SESSION['ip']); + unset($_SESSION['username']); + unset($_SESSION['privateonly']); + } + setcookie('shaarli_staySignedIn', FALSE, 0, WEB_PATH); } @@ -406,14 +443,14 @@ if (isset($_POST['login'])) $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // Set session expiration on server-side. $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; - session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir,$_SERVER['HTTP_HOST']); // Set session cookie expiration on client side + session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir,$_SERVER['SERVER_NAME']); // Set session cookie expiration on client side // Note: Never forget the trailing slash on the cookie path! session_regenerate_id(true); // Send cookie with new expiration date to browser. } else // Standard session expiration (=when browser closes) { $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; - session_set_cookie_params(0,$cookiedir,$_SERVER['HTTP_HOST']); // 0 means "When browser closes" + session_set_cookie_params(0,$cookiedir,$_SERVER['SERVER_NAME']); // 0 means "When browser closes" session_regenerate_id(true); } // Optional redirect after login: @@ -430,7 +467,7 @@ if (isset($_POST['login'])) ban_loginFailed(); $redir = ''; if (isset($_GET['post'])) { $redir = '&post='.urlencode($_GET['post']).(!empty($_GET['title'])?'&title='.urlencode($_GET['title']):'').(!empty($_GET['description'])?'&description='.urlencode($_GET['description']):'').(!empty($_GET['source'])?'&source='.urlencode($_GET['source']):''); } - echo ''; // Redirect to login screen. + echo ''; // Redirect to login screen. exit; } } @@ -445,7 +482,7 @@ function serverUrl() { $https = (!empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS'])=='on')) || $_SERVER["SERVER_PORT"]=='443'; // HTTPS detection. $serverport = ($_SERVER["SERVER_PORT"]=='80' || ($https && $_SERVER["SERVER_PORT"]=='443') ? '' : ':'.$_SERVER["SERVER_PORT"]); - return 'http'.($https?'s':'').'://'.$_SERVER['HTTP_HOST'].$serverport; + return 'http'.($https?'s':'').'://'.$_SERVER['SERVER_NAME'].$serverport; } // Returns the absolute URL of current script, without the query. @@ -794,14 +831,16 @@ class linkdb implements Iterator, Countable, ArrayAccess { // FIXME: explode(' ',$searchterms) and perform a AND search. // FIXME: accept double-quotes to search for a string "as is"? + // Using mb_convert_case($val, MB_CASE_LOWER, 'UTF-8') allows us to perform searches on + // Unicode text. See https://github.com/shaarli/Shaarli/issues/75 for examples. $filtered=array(); - $s = strtolower($searchterms); + $s = mb_convert_case($searchterms, MB_CASE_LOWER, 'UTF-8'); foreach($this->links as $l) { - $found= (strpos(strtolower($l['title']),$s)!==false) - || (strpos(strtolower($l['description']),$s)!==false) - || (strpos(strtolower($l['url']),$s)!==false) - || (strpos(strtolower($l['tags']),$s)!==false); + $found= (strpos(mb_convert_case($l['title'], MB_CASE_LOWER, 'UTF-8'),$s) !== false) + || (strpos(mb_convert_case($l['description'], MB_CASE_LOWER, 'UTF-8'),$s) !== false) + || (strpos(mb_convert_case($l['url'], MB_CASE_LOWER, 'UTF-8'),$s) !== false) + || (strpos(mb_convert_case($l['tags'], MB_CASE_LOWER, 'UTF-8'),$s) !== false); if ($found) $filtered[$l['linkdate']] = $l; } krsort($filtered); @@ -813,12 +852,14 @@ class linkdb implements Iterator, Countable, ArrayAccess // e.g. print_r($mydb->filterTags('linux programming')); public function filterTags($tags,$casesensitive=false) { - $t = str_replace(',',' ',($casesensitive?$tags:strtolower($tags))); + // Same as above, we use UTF-8 conversion to handle various graphemes (i.e. cyrillic, or greek) + // TODO: is $casesensitive ever true ? + $t = str_replace(',',' ',($casesensitive?$tags:mb_convert_case($tags, MB_CASE_LOWER, 'UTF-8'))); $searchtags=explode(' ',$t); $filtered=array(); foreach($this->links as $l) { - $linktags = explode(' ',($casesensitive?$l['tags']:strtolower($l['tags']))); + $linktags = explode(' ',($casesensitive?$l['tags']:mb_convert_case($l['tags'], MB_CASE_LOWER, 'UTF-8'))); if (count(array_intersect($linktags,$searchtags)) == count($searchtags)) $filtered[$l['linkdate']] = $l; } @@ -890,7 +931,8 @@ function showRSS() // $usepermalink : If true, use permalink instead of final link. // User just has to add 'permalink' in URL parameters. e.g. http://mysite.com/shaarli/?do=rss&permalinks - $usepermalinks = isset($_GET['permalinks']); + // Also enabled through a config option + $usepermalinks = isset($_GET['permalinks']) || !$GLOBALS['config']['ENABLE_RSS_PERMALINKS']; // Cache system $query = $_SERVER["QUERY_STRING"]; @@ -932,7 +974,7 @@ function showRSS() $absurl = htmlspecialchars($link['url']); if (startsWith($absurl,'?')) $absurl=$pageaddr.$absurl; // make permalink URL absolute if ($usepermalinks===true) - echo ''.htmlspecialchars($link['title']).''.$guid.''.$guid.''; + echo ''.htmlspecialchars($link['title']).''.$guid.''.$guid.''; else echo ''.htmlspecialchars($link['title']).''.$guid.''.$absurl.''; if (!$GLOBALS['config']['HIDE_TIMESTAMPS'] || isLoggedIn()) echo ''.htmlspecialchars($rfc822date)."\n"; @@ -964,7 +1006,7 @@ function showATOM() // $usepermalink : If true, use permalink instead of final link. // User just has to add 'permalink' in URL parameters. e.g. http://mysite.com/shaarli/?do=atom&permalinks - $usepermalinks = isset($_GET['permalinks']); + $usepermalinks = isset($_GET['permalinks']) || !$GLOBALS['config']['ENABLE_RSS_PERMALINKS']; // Cache system $query = $_SERVER["QUERY_STRING"]; @@ -1147,6 +1189,7 @@ function showDaily() $linksToDisplay[$key]['taglist']=$taglist; $linksToDisplay[$key]['formatedDescription']=nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($link['description'])))); $linksToDisplay[$key]['thumbnail'] = thumbnail($link['url']); + $linksToDisplay[$key]['localdate'] = linkdate2locale($link['linkdate']); } /* We need to spread the articles on 3 columns. @@ -1248,8 +1291,9 @@ function renderPage() ksort($tags); $tagList=array(); foreach($tags as $key=>$value) + // Tag font size scaling: default 15 and 30 logarithm bases affect scaling, 22 and 6 are arbitrary font sizes for max and min sizes. { - $tagList[$key] = array('count'=>$value,'size'=>max(40*$value/$maxcount,8)); + $tagList[$key] = array('count'=>$value,'size'=>log($value, 15) / log($maxcount, 30) * (22-6) + 6); } $PAGE = new pageBuilder; $PAGE->assign('linkcount',count($LINKSDB)); @@ -1382,12 +1426,12 @@ function renderPage() // Make sure old password is correct. $oldhash = sha1($_POST['oldpassword'].$GLOBALS['login'].$GLOBALS['salt']); - if ($oldhash!=$GLOBALS['hash']) { echo ''; exit; } + if ($oldhash!=$GLOBALS['hash']) { echo ''; exit; } // Save new password $GLOBALS['salt'] = sha1(uniqid('',true).'_'.mt_rand()); // Salt renders rainbow-tables attacks useless. $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']); writeConfig(); - echo ''; + echo ''; exit; } else // show the change password form. @@ -1417,8 +1461,9 @@ function renderPage() $GLOBALS['disablesessionprotection']=!empty($_POST['disablesessionprotection']); $GLOBALS['disablejquery']=!empty($_POST['disablejquery']); $GLOBALS['privateLinkByDefault']=!empty($_POST['privateLinkByDefault']); + $GLOBALS['config']['ENABLE_RSS_PERMALINKS']= !empty($_POST['enableRssPermalinks']); writeConfig(); - echo ''; + echo ''; exit; } else // Show the configuration form. @@ -1462,7 +1507,7 @@ function renderPage() $LINKSDB[$key]=$value; } $LINKSDB->savedb(); // Save to disk. - echo ''; + echo ''; exit; } @@ -1479,7 +1524,7 @@ function renderPage() $LINKSDB[$key]=$value; } $LINKSDB->savedb(); // Save to disk. - echo ''; + echo ''; exit; } } @@ -1510,7 +1555,7 @@ function renderPage() pubsubhub(); // If we are called from the bookmarklet, we must close the popup: - if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo ''; exit; } + if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo ''; exit; } $returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' ); $returnurl .= '#'.smallHash($linkdate); // Scroll to the link which has been edited. header('Location: '.$returnurl); // After saving the link, redirect to the page the user was on. @@ -1521,7 +1566,7 @@ function renderPage() if (isset($_POST['cancel_edit'])) { // If we are called from the bookmarklet, we must close the popup: - if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo ''; exit; } + if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo ''; exit; } $returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' ); $returnurl .= '#'.smallHash($_POST['lf_linkdate']); // Scroll to the link which has been edited. header('Location: '.$returnurl); // After canceling, redirect to the page the user was on. @@ -1540,10 +1585,38 @@ function renderPage() $LINKSDB->savedb(); // save to disk // If we are called from the bookmarklet, we must close the popup: - if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo ''; exit; } - $returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' ); - if ($returnurl=='?') { $returnurl = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '?'); } - header('Location: '.$returnurl); // After deleting the link, redirect to the page the user was on. + if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo ''; exit; } + // Pick where we're going to redirect + // ============================================================= + // Basically, we can't redirect to where we were previously if it was a permalink + // or an edit_link, because it would 404. + // Cases: + // - / : nothing in $_GET, redirect to self + // - /?page : redirect to self + // - /?searchterm : redirect to self (there might be other links) + // - /?searchtags : redirect to self + // - /permalink : redirect to / (the link does not exist anymore) + // - /?edit_link : redirect to / (the link does not exist anymore) + // PHP treats the permalink as a $_GET variable, so we need to check if every condition for self + // redirect is not satisfied, and only then redirect to / + $location = "?"; + // Self redirection + if (count($_GET) == 0 || + isset($_GET['page']) || + isset($_GET['searchterm']) || + isset($_GET['searchtags'])) { + + if (isset($_POST['returnurl'])) { + $location = $_POST['returnurl']; // Handle redirects given by the form + } + + if ($location === "?" && + isset($_SERVER['HTTP_REFERER'])) { // Handle HTTP_REFERER in case we're not coming from the same place. + $location = $_SERVER['HTTP_REFERER']; + } + } + + header('Location: ' . $location); // After deleting the link, redirect to appropriate location exit; } @@ -1678,7 +1751,7 @@ HTML; if (!isset($_POST['token']) || (!isset($_FILES)) || (isset($_FILES['filetoupload']['size']) && $_FILES['filetoupload']['size']==0)) { $returnurl = ( empty($_SERVER['HTTP_REFERER']) ? '?' : $_SERVER['HTTP_REFERER'] ); - echo ''; + echo ''; exit; } if (!tokenOk($_POST['token'])) die('Wrong token.'); @@ -1782,11 +1855,11 @@ function importFile() } $LINKSDB->savedb(); - echo ''; + echo ''; } else { - echo ''; + echo ''; } } @@ -2037,7 +2110,6 @@ function thumbnail($url,$href=false) return $html; } - // Returns the HTML code to display a thumbnail for a link // for the picture wall (using lazy image loading) // Understands various services (youtube.com...) @@ -2120,13 +2192,13 @@ function install() $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']); $GLOBALS['title'] = (empty($_POST['title']) ? 'Shared links on '.htmlspecialchars(indexUrl()) : $_POST['title'] ); writeConfig(); - echo ''; + echo ''; exit; } // Display config form: list($timezone_form,$timezone_js) = templateTZform(); - $timezone_html=''; if ($timezone_form!='') $timezone_html='Timezone:'.$timezone_form.''; + $timezone_html=''; if ($timezone_form!='') $timezone_html='Timezone:'.$timezone_form.''; $PAGE = new pageBuilder; $PAGE->assign('timezone_html',$timezone_html); @@ -2174,7 +2246,7 @@ function templateTZform($ptz=false) $cities_html = $cities[$pcontinent]; $timezone_form = "Continent: "; $timezone_form .= "    City:
"; - $timezone_js = "" ; @@ -2286,10 +2358,11 @@ function writeConfig() $config .= '$GLOBALS[\'disablesessionprotection\']='.var_export($GLOBALS['disablesessionprotection'],true).'; '; $config .= '$GLOBALS[\'disablejquery\']='.var_export($GLOBALS['disablejquery'],true).'; '; $config .= '$GLOBALS[\'privateLinkByDefault\']='.var_export($GLOBALS['privateLinkByDefault'],true).'; '; + $config .= '$GLOBALS[\'config\'][\'ENABLE_RSS_PERMALINKS\']='.var_export($GLOBALS['config']['ENABLE_RSS_PERMALINKS'], true).'; '; $config .= ' ?>'; if (!file_put_contents($GLOBALS['config']['CONFIG_FILE'],$config) || strcmp(file_get_contents($GLOBALS['config']['CONFIG_FILE']),$config)!=0) { - echo ''; + echo ''; exit; } }