X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=eb717536c58f33d8b8a63b7933765c075d364b35;hb=4fa9a3c5d83a1024678596a586afe5df14a345b5;hp=9566fb016f14156fa3efc7bec609d5e2b9763e31;hpb=986a52106766e7497322951c2bf3a3cbd0b42bf9;p=github%2Fshaarli%2FShaarli.git diff --git a/index.php b/index.php index 9566fb01..eb717536 100644 --- a/index.php +++ b/index.php @@ -48,8 +48,8 @@ if (! file_exists(__DIR__ . '/vendor/autoload.php')) { ."If you installed Shaarli through Git or using the development branch,\n" ."please refer to the installation documentation to install PHP" ." dependencies using Composer:\n" - ."- https://github.com/shaarli/Shaarli/wiki/Server-requirements\n" - ."- https://github.com/shaarli/Shaarli/wiki/Download-and-Installation"; + ."- https://shaarli.readthedocs.io/en/master/Server-configuration/\n" + ."- https://shaarli.readthedocs.io/en/master/Download-and-Installation/"; exit; } require_once 'inc/rain.tpl.class.php'; @@ -64,7 +64,6 @@ require_once 'application/FeedBuilder.php'; require_once 'application/FileUtils.php'; require_once 'application/History.php'; require_once 'application/HttpUtils.php'; -require_once 'application/Languages.php'; require_once 'application/LinkDB.php'; require_once 'application/LinkFilter.php'; require_once 'application/LinkUtils.php'; @@ -76,8 +75,12 @@ require_once 'application/Utils.php'; require_once 'application/PluginManager.php'; require_once 'application/Router.php'; require_once 'application/Updater.php'; -use \Shaarli\ThemeUtils; use \Shaarli\Config\ConfigManager; +use \Shaarli\Languages; +use \Shaarli\Security\LoginManager; +use \Shaarli\Security\SessionManager; +use \Shaarli\ThemeUtils; +use \Shaarli\Thumbnailer; // Ensure the PHP version is supported try { @@ -88,7 +91,7 @@ try { exit; } -define('shaarli_version', ApplicationUtils::getVersion(__DIR__ .'/'. ApplicationUtils::$VERSION_FILE)); +define('SHAARLI_VERSION', ApplicationUtils::getVersion(__DIR__ .'/'. ApplicationUtils::$VERSION_FILE)); // Force cookie path (but do not change lifetime) $cookie = session_get_cookie_params(); @@ -99,8 +102,6 @@ if (dirname($_SERVER['SCRIPT_NAME']) != '/') { // Set default cookie expiration and path. session_set_cookie_params($cookie['lifetime'], $cookiedir, $_SERVER['SERVER_NAME']); // Set session parameters on server side. -// If the user does not access any page within this time, his/her session is considered expired. -define('INACTIVITY_TIMEOUT', 3600); // in seconds. // Use cookies to store session. ini_set('session.use_cookies', 1); // Force cookies for session (phpsessionID forbidden in URL). @@ -115,14 +116,31 @@ if (session_id() == '') { } // Regenerate session ID if invalid or not defined in cookie. -if (isset($_COOKIE['shaarli']) && !is_session_id_valid($_COOKIE['shaarli'])) { +if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli'])) { session_regenerate_id(true); $_COOKIE['shaarli'] = session_id(); } $conf = new ConfigManager(); +$sessionManager = new SessionManager($_SESSION, $conf); +$loginManager = new LoginManager($GLOBALS, $conf, $sessionManager); +$loginManager->generateStaySignedInToken($_SERVER['REMOTE_ADDR']); +$clientIpId = client_ip_id($_SERVER); + +// LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead. +if (! defined('LC_MESSAGES')) { + define('LC_MESSAGES', LC_COLLATE); +} + +// Sniff browser language and set date format accordingly. +if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { + autoLocale($_SERVER['HTTP_ACCEPT_LANGUAGE']); +} + +new Languages(setlocale(LC_MESSAGES, 0), $conf); + $conf->setEmpty('general.timezone', date_default_timezone_get()); -$conf->setEmpty('general.title', 'Shared links on '. escape(index_url($_SERVER))); +$conf->setEmpty('general.title', t('Shared links on '). escape(index_url($_SERVER))); RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme').'/'; // template directory RainTPL::$cache_dir = $conf->get('resource.raintpl_tmp'); // cache directory @@ -133,15 +151,6 @@ date_default_timezone_set($conf->get('general.timezone', 'UTC')); ob_start(); // Output buffering for the page cache. -// In case stupid admin has left magic_quotes enabled in php.ini: -if (get_magic_quotes_gpc()) -{ - function stripslashes_deep($value) { $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value); return $value; } - $_POST = array_map('stripslashes_deep', $_POST); - $_GET = array_map('stripslashes_deep', $_GET); - $_COOKIE = array_map('stripslashes_deep', $_COOKIE); -} - // Prevent caching on client side or proxy: (yes, it's ugly) header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); @@ -153,7 +162,7 @@ if (! is_file($conf->getConfigFileExt())) { $errors = ApplicationUtils::checkResourcePermissions($conf); if ($errors != array()) { - $message = '
Insufficient permissions:
'. t('Insufficient permissions:') .'
Sessions do not seem to work correctly on your server.'; + { + // Step 2: Check if data in session is correct. + $msg = t( + '
'; - echo 'Make sure the variable session.save_path is set correctly in your php config, and that you have write access to it.
'; - echo 'It currently points to '.session_save_path().'
'; - echo 'Check that the hostname used to access Shaarli contains a dot. On some browsers, accessing your server via a hostname like \'localhost\' or any custom hostname without a dot causes cookie storage to fail. We recommend accessing your server via it\'s IP address or Fully Qualified Domain Name.
'; - echo '
Click to try again.
Sessions do not seem to work correctly on your server.'; die; } if (!isset($_SESSION['session_tested'])) @@ -1949,6 +1775,7 @@ function install($conf) } else { $conf->set('general.title', 'Shared links on '.escape(index_url($_SERVER))); } + $conf->set('translation.language', escape($_POST['language'])); $conf->set('updates.check_updates', !empty($_POST['updateCheck'])); $conf->set('api.enabled', !empty($_POST['enableApi'])); $conf->set( @@ -1960,7 +1787,7 @@ function install($conf) ); try { // Everything is ok, let's create config file. - $conf->write(isLoggedIn()); + $conf->write($loginManager->isLoggedIn()); } catch(Exception $e) { error_log( @@ -1976,259 +1803,38 @@ function install($conf) exit; } - $PAGE = new PageBuilder($conf); + $PAGE = new PageBuilder($conf, $_SESSION, null, $sessionManager->generateToken()); list($continents, $cities) = generateTimeZoneData(timezone_identifiers_list(), date_default_timezone_get()); $PAGE->assign('continents', $continents); $PAGE->assign('cities', $cities); + $PAGE->assign('languages', Languages::getAvailableLanguages()); $PAGE->renderPage('install'); exit; } -/** - * Because some f*cking services like flickr require an extra HTTP request to get the thumbnail URL, - * I have deported the thumbnail URL code generation here, otherwise this would slow down page generation. - * The following function takes the URL a link (e.g. a flickr page) and return the proper thumbnail. - * This function is called by passing the URL: - * http://mywebsite.com/shaarli/?do=genthumbnail&hmac=[HMAC]&url=[URL] - * [URL] is the URL of the link (e.g. a flickr page) - * [HMAC] is the signature for the [URL] (so that these URL cannot be forged). - * The function below will fetch the image from the webservice and store it in the cache. - * - * @param ConfigManager $conf Configuration Manager instance, - */ -function genThumbnail($conf) -{ - // Make sure the parameters in the URL were generated by us. - $sign = hash_hmac('sha256', $_GET['url'], $conf->get('credentials.salt')); - if ($sign!=$_GET['hmac']) die('Naughty boy!'); - - $cacheDir = $conf->get('resource.thumbnails_cache', 'cache'); - // Let's see if we don't already have the image for this URL in the cache. - $thumbname=hash('sha1',$_GET['url']).'.jpg'; - if (is_file($cacheDir .'/'. $thumbname)) - { // We have the thumbnail, just serve it: - header('Content-Type: image/jpeg'); - echo file_get_contents($cacheDir .'/'. $thumbname); - return; - } - // We may also serve a blank image (if service did not respond) - $blankname=hash('sha1',$_GET['url']).'.gif'; - if (is_file($cacheDir .'/'. $blankname)) - { - header('Content-Type: image/gif'); - echo file_get_contents($cacheDir .'/'. $blankname); - return; - } - - // Otherwise, generate the thumbnail. - $url = $_GET['url']; - $domain = parse_url($url,PHP_URL_HOST); - - if ($domain=='flickr.com' || endsWith($domain,'.flickr.com')) - { - // Crude replacement to handle new flickr domain policy (They prefer www. now) - $url = str_replace('http://flickr.com/','http://www.flickr.com/',$url); - - // Is this a link to an image, or to a flickr page ? - $imageurl=''; - if (endsWith(parse_url($url, PHP_URL_PATH), '.jpg')) - { // This is a direct link to an image. e.g. http://farm1.staticflickr.com/5/5921913_ac83ed27bd_o.jpg - preg_match('!(http://farm\d+\.staticflickr\.com/\d+/\d+_\w+_)\w.jpg!',$url,$matches); - if (!empty($matches[1])) $imageurl=$matches[1].'m.jpg'; - } - else // This is a flickr page (html) - { - // Get the flickr html page. - list($headers, $content) = get_http_response($url, 20); - if (strpos($headers[0], '200 OK') !== false) - { - // flickr now nicely provides the URL of the thumbnail in each flickr page. - preg_match('! - if ($imageurl=='') - { - preg_match('! tag on that page - // http://www.ted.com/talks/mikko_hypponen_fighting_viruses_defending_the_net.html - // - list($headers, $content) = get_http_response($url, 5); - if (strpos($headers[0], '200 OK') !== false) { - // Extract the link to the thumbnail - preg_match('!link rel="image_src" href="(http://images.ted.com/images/ted/.+_\d+x\d+\.jpg)"!', $content, $matches); - if (!empty($matches[1])) - { // Let's download the image. - $imageurl=$matches[1]; - // No control on image size, so wait long enough - list($headers, $content) = get_http_response($imageurl, 20); - if (strpos($headers[0], '200 OK') !== false) { - $filepath = $cacheDir .'/'. $thumbname; - file_put_contents($filepath, $content); // Save image to cache. - if (resizeImage($filepath)) - { - header('Content-Type: image/jpeg'); - echo file_get_contents($filepath); - return; - } - } - } - } - } - - elseif ($domain=='xkcd.com' || endsWith($domain,'.xkcd.com')) - { - // There is no thumbnail available for xkcd comics, so download the whole image and resize it. - // http://xkcd.com/327/ - // - list($headers, $content) = get_http_response($url, 5); - if (strpos($headers[0], '200 OK') !== false) { - // Extract the link to the thumbnail - preg_match('!
'. + 'Make sure the variable "session.save_path" is set correctly in your PHP config, '. + 'and that you have write access to it.
'. + 'It currently points to %s.
'. + 'On some browsers, accessing your server via a hostname like \'localhost\' '. + 'or any custom hostname without a dot causes cookie storage to fail. '. + 'We recommend accessing your server via it\'s IP address or Fully Qualified Domain Name.
' + ); + $msg = sprintf($msg, session_save_path()); + echo $msg; + echo '
'. t('Click to try again.') .'