]> git.immae.eu Git - github/shaarli/Shaarli.git/blame - index.php
projects / github / shaarli / Shaarli.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
doc: point footer link to local html documentation
[github/shaarli/Shaarli.git] / index.php
CommitLineData
45034273 1<?php
129ff3c2 2// Shaarli 0.0.45beta - Shaare your links...
ad6c27b7 3// The personal, minimalist, super-fast, no-database Delicious clone. By sebsauvage.net
45034273
SS		 4// http://sebsauvage.net/wiki/doku.php?id=php:shaarli
5// Licence: http://www.opensource.org/licenses/zlib-license.php
ad6c27b7 6// Requires: PHP 5.1.x (but autocomplete fields will only work if you have PHP 5.2.x)
45034273 7// -----------------------------------------------------------------------------------------------
cb49ab94
MC		 8// NEVER TRUST IN PHP.INI
9// Some hosts do not define a default timezone in php.ini,
10// so we have to do this for avoid the strict standard error.
11date_default_timezone_set('UTC');
12
45034273 13// -----------------------------------------------------------------------------------------------
ed5b38dd 14// Hardcoded parameter (These parameters can be overwritten by creating the file /data/options.php)
45034273
SS		 15$GLOBALS['config']['DATADIR'] = 'data'; // Data subdirectory
16$GLOBALS['config']['CONFIG_FILE'] = $GLOBALS['config']['DATADIR'].'/config.php'; // Configuration file (user login/password)
17$GLOBALS['config']['DATASTORE'] = $GLOBALS['config']['DATADIR'].'/datastore.php'; // Data storage file.
18$GLOBALS['config']['LINKS_PER_PAGE'] = 20; // Default links per page.
19$GLOBALS['config']['IPBANS_FILENAME'] = $GLOBALS['config']['DATADIR'].'/ipbans.php'; // File storage for failures and bans.
20$GLOBALS['config']['BAN_AFTER'] = 4; // Ban IP after this many failures.
21$GLOBALS['config']['BAN_DURATION'] = 1800; // Ban duration for IP address after login failures (in seconds) (1800 sec. = 30 minutes)
22$GLOBALS['config']['OPEN_SHAARLI'] = false; // If true, anyone can add/edit/delete links without having to login
23$GLOBALS['config']['HIDE_TIMESTAMPS'] = false; // If true, the moment when links were saved are not shown to users that are not logged in.
1099d8fc 24$GLOBALS['config']['SHOW_ATOM'] = false; // If true, an extra "ATOM feed" button will be displayed in the toolbar
45034273
SS		 25$GLOBALS['config']['ENABLE_THUMBNAILS'] = true; // Enable thumbnails in links.
26$GLOBALS['config']['CACHEDIR'] = 'cache'; // Cache directory for thumbnails for SLOW services (like flickr)
27$GLOBALS['config']['PAGECACHE'] = 'pagecache'; // Page cache directory.
ad6c27b7 28$GLOBALS['config']['ENABLE_LOCALCACHE'] = true; // Enable Shaarli to store thumbnail in a local cache. Disable to reduce web space usage.
45034273 29$GLOBALS['config']['PUBSUBHUB_URL'] = ''; // PubSubHubbub support. Put an empty string to disable, or put your hub url here to enable.
2f2aa06b
V		 30$GLOBALS['config']['RAINTPL_TMP'] = 'tmp/' ; // Raintpl cache directory (keep the trailing slash!)
31$GLOBALS['config']['RAINTPL_TPL'] = 'tpl/' ; // Raintpl template directory (keep the trailing slash!)
45034273
SS		 32$GLOBALS['config']['UPDATECHECK_FILENAME'] = $GLOBALS['config']['DATADIR'].'/lastupdatecheck.txt'; // For updates check of Shaarli.
33$GLOBALS['config']['UPDATECHECK_INTERVAL'] = 86400 ; // Updates check frequency for Shaarli. 86400 seconds=24 hours
34 // Note: You must have publisher.php in the same directory as Shaarli index.php
d2f51763 35$GLOBALS['config']['ARCHIVE_ORG'] = false; // For each link, add a link to an archived version on archive.org
ed5b38dd 36$GLOBALS['config']['ENABLE_RSS_PERMALINKS'] = true; // Enable RSS permalinks by default. This corresponds to the default behavior of shaarli before this was added as an option.
45034273 37// -----------------------------------------------------------------------------------------------
ad6c27b7 38// You should not touch below (or at your own risks!)
39// Optional config file.
45034273
SS		 40if (is_file($GLOBALS['config']['DATADIR'].'/options.php')) require($GLOBALS['config']['DATADIR'].'/options.php');
41
129ff3c2 42define('shaarli_version','0.0.45beta');
ad6c27b7 43define('PHPPREFIX','<?php /* '); // Prefix to encapsulate data in PHP code.
44define('PHPSUFFIX',' */ ?>'); // Suffix to encapsulate data in PHP code.
ae00595b
CH		 45// http://server.com/x/shaarli --> /shaarli/
46define('WEB_PATH', substr($_SERVER["REQUEST_URI"], 0, 1+strrpos($_SERVER["REQUEST_URI"], '/', 0)));
45034273
SS		 47
48// Force cookie path (but do not change lifetime)
49$cookie=session_get_cookie_params();
2d9fab88 50$cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
2f32d074 51session_set_cookie_params($cookie['lifetime'],$cookiedir,$_SERVER['SERVER_NAME']); // Set default cookie expiration and path.
45034273 52
f37664a2
SS		 53// Set session parameters on server side.
54define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired.
55ini_set('session.use_cookies', 1); // Use cookies to store session.
ad6c27b7 56ini_set('session.use_only_cookies', 1); // Force cookies for session (phpsessionID forbidden in URL).
57ini_set('session.use_trans_sid', false); // Prevent PHP form using sessionID in URL if cookies are disabled.
f37664a2
SS		 58session_name('shaarli');
59if (session_id() == '') session_start(); // Start session if needed (Some server auto-start sessions).
60
45034273
SS		 61// PHP Settings
62ini_set('max_input_time','60'); // High execution time in case of problematic imports/exports.
63ini_set('memory_limit', '128M'); // Try to set max upload file size and read (May not work on some hosts).
64ini_set('post_max_size', '16M');
65ini_set('upload_max_filesize', '16M');
66checkphpversion();
67error_reporting(E_ALL^E_WARNING); // See all error except warnings.
68//error_reporting(-1); // See all errors (for debugging only)
69
70include "inc/rain.tpl.class.php"; //include Rain TPL
25f5c59d 71raintpl::$tpl_dir = $GLOBALS['config']['RAINTPL_TPL']; // template directory
25f5c59d 72raintpl::$cache_dir = $GLOBALS['config']['RAINTPL_TMP']; // cache directory
45034273
SS		 73
74ob_start(); // Output buffering for the page cache.
75
76
77// In case stupid admin has left magic_quotes enabled in php.ini:
78if (get_magic_quotes_gpc())
79{
80 function stripslashes_deep($value) { $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value); return $value; }
81 $_POST = array_map('stripslashes_deep', $_POST);
82 $_GET = array_map('stripslashes_deep', $_GET);
83 $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
84}
85
86// Prevent caching on client side or proxy: (yes, it's ugly)
87header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
88header("Cache-Control: no-store, no-cache, must-revalidate");
89header("Cache-Control: post-check=0, pre-check=0", false);
90header("Pragma: no-cache");
91
ad6c27b7 92// Directories creations (Note that your web host may require different rights than 705.)
60b83e7c 93if (!is_writable(realpath(dirname(__FILE__)))) die('<pre>ERROR: Shaarli does not have the right to write in its own directory.</pre>');
45034273 94
45034273
SS		 95// Handling of old config file which do not have the new parameters.
96if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.htmlspecialchars(indexUrl());
97if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get();
8a80e4fe 98if (empty($GLOBALS['redirector'])) $GLOBALS['redirector']='';
45034273 99if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false;
858c5c2b 100if (empty($GLOBALS['disablejquery'])) $GLOBALS['disablejquery']=false;
bb8f712d 101if (empty($GLOBALS['privateLinkByDefault'])) $GLOBALS['privateLinkByDefault']=false;
ebb2880d 102if (empty($GLOBALS['titleLink'])) $GLOBALS['titleLink']='?';
858c5c2b 103// I really need to rewrite Shaarli with a proper configuation manager.
45034273 104
8a80e4fe
SS		 105// Run config screen if first run:
106if (!is_file($GLOBALS['config']['CONFIG_FILE'])) install();
107
108require $GLOBALS['config']['CONFIG_FILE']; // Read login/password hash into $GLOBALS.
109
ae00595b
CH		 110// a token depending of deployment salt, user password, and the current ip
111define('STAY_SIGNED_IN_TOKEN', sha1($GLOBALS['hash'].$_SERVER["REMOTE_ADDR"].$GLOBALS['salt']));
8a80e4fe 112
45034273
SS		 113autoLocale(); // Sniff browser language and set date format accordingly.
114header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling.
115
ff69d87e
FE		 116//==================================================================================================
117// Checking session state (i.e. is the user still logged in)
118//==================================================================================================
119
120function setup_login_state() {
121 $userIsLoggedIn = false; // By default, we do not consider the user as logged in;
122 $loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met.
123 if ($GLOBALS['config']['OPEN_SHAARLI']) {
124 $userIsLoggedIn = true;
125 }
126 if (!isset($GLOBALS['login'])) {
127 $userIsLoggedIn = false; // Shaarli is not configured yet.
128 $loginFailure = true;
129 }
130 if (isset($_COOKIE['shaarli_staySignedIn']) &&
131 $_COOKIE['shaarli_staySignedIn']===STAY_SIGNED_IN_TOKEN &&
132 !$loginFailure)
133 {
134 fillSessionInfo();
135 $userIsLoggedIn = true;
136 }
137 // If session does not exist on server side, or IP address has changed, or session has expired, logout.
138 if (empty($_SESSION['uid']) ||
139 ($GLOBALS['disablesessionprotection']==false && $_SESSION['ip']!=allIPs()) ||
140 time() >= $_SESSION['expires_on'])
141 {
142 logout();
143 $userIsLoggedIn = false;
144 $loginFailure = true;
145 }
146 if (!empty($_SESSION['longlastingsession'])) {
147 $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // In case of "Stay signed in" checked.
148 }
149 else {
150 $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Standard session expiration date.
151 }
152 if (!$loginFailure) {
153 $userIsLoggedIn = true;
154 }
155
156 return $userIsLoggedIn;
157}
158//==================================================================================================
159$userIsLoggedIn = setup_login_state();
160//==================================================================================================
161//==================================================================================================
162
ad6c27b7 163// Check PHP version
45034273
SS		 164function checkphpversion()
165{
166 if (version_compare(PHP_VERSION, '5.1.0') < 0)
167 {
168 header('Content-Type: text/plain; charset=utf-8');
50976223 169 echo 'Your PHP version is obsolete! Shaarli requires at least php 5.1.0, and thus cannot run. Sorry. Your PHP version has known security vulnerabilities and should be updated as soon as possible.';
45034273
SS		 170 exit;
171 }
172}
173
174// Checks if an update is available for Shaarli.
175// (at most once a day, and only for registered user.)
176// Output: '' = no new version.
177// other= the available version.
178function checkUpdate()
179{
180 if (!isLoggedIn()) return ''; // Do not check versions for visitors.
329e0768 181 if (empty($GLOBALS['config']['ENABLE_UPDATECHECK'])) return ''; // Do not check if the user doesn't want to.
45034273
SS		 182
183 // Get latest version number at most once a day.
184 if (!is_file($GLOBALS['config']['UPDATECHECK_FILENAME']) || (filemtime($GLOBALS['config']['UPDATECHECK_FILENAME'])<time()-($GLOBALS['config']['UPDATECHECK_INTERVAL'])))
185 {
186 $version=shaarli_version;
dbcad740 187 list($httpstatus,$headers,$data) = getHTTP('https://raw.githubusercontent.com/shaarli/Shaarli/master/shaarli_version.php',2);
188 if (strpos($httpstatus,'200 OK')!==false) $version=str_replace(' */ ?>','',str_replace('<?php /* ','',$data));
ad6c27b7 189 // If failed, never mind. We don't want to bother the user with that.
45034273
SS		 190 file_put_contents($GLOBALS['config']['UPDATECHECK_FILENAME'],$version); // touch file date
191 }
192 // Compare versions:
193 $newestversion=file_get_contents($GLOBALS['config']['UPDATECHECK_FILENAME']);
194 if (version_compare($newestversion,shaarli_version)==1) return $newestversion;
195 return '';
196}
197
198
199// -----------------------------------------------------------------------------------------------
200// Simple cache system (mainly for the RSS/ATOM feeds).
201
202class pageCache
203{
204 private $url; // Full URL of the page to cache (typically the value returned by pageUrl())
ad6c27b7 205 private $shouldBeCached; // boolean: Should this url be cached?
206 private $filename; // Name of the cache file for this url.
45034273 207
bb8f712d 208 /*
ad6c27b7 209 $url = URL (typically the value returned by pageUrl())
45034273
SS		 210 $shouldBeCached = boolean. If false, the cache will be disabled.
211 */
212 public function __construct($url,$shouldBeCached)
213 {
214 $this->url = $url;
215 $this->filename = $GLOBALS['config']['PAGECACHE'].'/'.sha1($url).'.cache';
216 $this->shouldBeCached = $shouldBeCached;
bb8f712d 217 }
45034273
SS		 218
219 // If the page should be cached and a cached version exists,
220 // returns the cached version (otherwise, return null).
221 public function cachedVersion()
222 {
223 if (!$this->shouldBeCached) return null;
224 if (is_file($this->filename)) { return file_get_contents($this->filename); exit; }
225 return null;
226 }
227
228 // Put a page in the cache.
229 public function cache($page)
230 {
231 if (!$this->shouldBeCached) return;
45034273
SS		 232 file_put_contents($this->filename,$page);
233 }
234
235 // Purge the whole cache.
236 // (call with pageCache::purgeCache())
237 public static function purgeCache()
238 {
239 if (is_dir($GLOBALS['config']['PAGECACHE']))
240 {
241 $handler = opendir($GLOBALS['config']['PAGECACHE']);
64bf914a 242 if ($handler!==false)
45034273 243 {
bb8f712d 244 while (($filename = readdir($handler))!==false)
45034273
SS		 245 {
246 if (endsWith($filename,'.cache')) { unlink($GLOBALS['config']['PAGECACHE'].'/'.$filename); }
247 }
248 closedir($handler);
249 }
250 }
251 }
252
253}
254
255
256// -----------------------------------------------------------------------------------------------
257// Log to text file
258function logm($message)
259{
260 $t = strval(date('Y/m/d_H:i:s')).' - '.$_SERVER["REMOTE_ADDR"].' - '.strval($message)."\n";
261 file_put_contents($GLOBALS['config']['DATADIR'].'/log.txt',$t,FILE_APPEND);
262}
263
264// Same as nl2br(), but escapes < and >
265function nl2br_escaped($html)
266{
267 return str_replace('>','&gt;',str_replace('<','&lt;',nl2br($html)));
268}
269
c002ca9c 270/* Returns the small hash of a string, using RFC 4648 base64url format
ad6c27b7 271 e.g. smallHash('20111006_131924') --> yZH23w
45034273
SS		 272 Small hashes:
273 - are unique (well, as unique as crc32, at last)
274 - are always 6 characters long.
275 - only use the following characters: a-z A-Z 0-9 - _ @
276 - are NOT cryptographically secure (they CAN be forged)
277 In Shaarli, they are used as a tinyurl-like link to individual entries.
278*/
279function smallHash($text)
280{
281 $t = rtrim(base64_encode(hash('crc32',$text,true)),'=');
c002ca9c 282 return strtr($t, '+/', '-_');
45034273
SS		 283}
284
ad6c27b7 285// In a string, converts URLs to clickable links.
45034273
SS		 286// Function inspired from http://www.php.net/manual/en/function.preg-replace.php#85722
287function text2clickable($url)
288{
289 $redir = empty($GLOBALS['redirector']) ? '' : $GLOBALS['redirector'];
30b0672d 290 return preg_replace('!(((?:https?|ftp|file)://|apt:|magnet:)\S+[[:alnum:]]/?)!si','<a href="'.$redir.'$1" rel="nofollow">$1</a>',$url);
45034273
SS		 291}
292
293// This function inserts &nbsp; where relevant so that multiple spaces are properly displayed in HTML
294// even in the absence of <pre> (This is used in description to keep text formatting)
295function keepMultipleSpaces($text)
296{
297 return str_replace(' ',' &nbsp;',$text);
bb8f712d 298
45034273
SS		 299}
300// ------------------------------------------------------------------------------------------
301// Sniff browser language to display dates in the right format automatically.
302// (Note that is may not work on your server if the corresponding local is not installed.)
303function autoLocale()
304{
8438a2e5 305 $attempts = array('en_US'); // Default if browser does not send HTTP_ACCEPT_LANGUAGE
ad6c27b7 306 if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) // e.g. "fr,fr-fr;q=0.8,en;q=0.5,en-us;q=0.3"
307 { // (It's a bit crude, but it works very well. Preferred language is always presented first.)
8438a2e5
A		 308 if (preg_match('/([a-z]{2})-?([a-z]{2})?/i',$_SERVER['HTTP_ACCEPT_LANGUAGE'],$matches)) {
309 $loc = $matches[1] . (!empty($matches[2]) ? '_' . strtoupper($matches[2]) : '');
310 $attempts = array($loc, str_replace('_', '-', $loc),
311 $loc . '_' . strtoupper($loc), $loc . '_' . $loc,
312 $loc . '-' . strtoupper($loc), $loc . '-' . $loc);
313 }
45034273 314 }
8438a2e5 315 setlocale(LC_TIME, $attempts); // LC_TIME = Set local for date/time format only.
45034273
SS		 316}
317
318// ------------------------------------------------------------------------------------------
319// PubSubHubbub protocol support (if enabled) [UNTESTED]
320// (Source: http://aldarone.fr/les-flux-rss-shaarli-et-pubsubhubbub/ )
321if (!empty($GLOBALS['config']['PUBSUBHUB_URL'])) include './publisher.php';
322function pubsubhub()
323{
324 if (!empty($GLOBALS['config']['PUBSUBHUB_URL']))
325 {
326 $p = new Publisher($GLOBALS['config']['PUBSUBHUB_URL']);
327 $topic_url = array (
328 indexUrl().'?do=atom',
329 indexUrl().'?do=rss'
330 );
331 $p->publish_update($topic_url);
332 }
333}
334
335// ------------------------------------------------------------------------------------------
336// Session management
45034273
SS		 337
338// Returns the IP address of the client (Used to prevent session cookie hijacking.)
339function allIPs()
340{
341 $ip = $_SERVER["REMOTE_ADDR"];
342 // Then we use more HTTP headers to prevent session hijacking from users behind the same proxy.
343 if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip=$ip.'_'.$_SERVER['HTTP_X_FORWARDED_FOR']; }
344 if (isset($_SERVER['HTTP_CLIENT_IP'])) { $ip=$ip.'_'.$_SERVER['HTTP_CLIENT_IP']; }
345 return $ip;
346}
347
ae00595b 348function fillSessionInfo() {
ad6c27b7 349 $_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand()); // Generate unique random number (different than phpsessionid)
ae00595b
CH		 350 $_SESSION['ip']=allIPs(); // We store IP address(es) of the client to make sure session is not hijacked.
351 $_SESSION['username']=$GLOBALS['login'];
352 $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Set session expiration.
353}
354
45034273
SS		 355// Check that user/password is correct.
356function check_auth($login,$password)
357{
358 $hash = sha1($password.$login.$GLOBALS['salt']);
359 if ($login==$GLOBALS['login'] && $hash==$GLOBALS['hash'])
360 { // Login/password is correct.
ae00595b 361 fillSessionInfo();
45034273
SS		 362 logm('Login successful');
363 return True;
364 }
365 logm('Login failed for user '.$login);
366 return False;
367}
368
369// Returns true if the user is logged in.
370function isLoggedIn()
371{
ff69d87e
FE		 372 global $userIsLoggedIn;
373 return $userIsLoggedIn;
45034273
SS		 374}
375
376// Force logout.
ff69d87e
FE		 377function logout() {
378 if (isset($_SESSION)) {
379 unset($_SESSION['uid']);
380 unset($_SESSION['ip']);
381 unset($_SESSION['username']);
382 unset($_SESSION['privateonly']);
383 }
384 setcookie('shaarli_staySignedIn', FALSE, 0, WEB_PATH);
ae00595b 385}
45034273
SS		 386
387
388// ------------------------------------------------------------------------------------------
389// Brute force protection system
390// Several consecutive failed logins will ban the IP address for 30 minutes.
391if (!is_file($GLOBALS['config']['IPBANS_FILENAME'])) file_put_contents($GLOBALS['config']['IPBANS_FILENAME'], "<?php\n\$GLOBALS['IPBANS']=".var_export(array('FAILURES'=>array(),'BANS'=>array()),true).";\n?>");
392include $GLOBALS['config']['IPBANS_FILENAME'];
393// Signal a failed login. Will ban the IP if too many failures:
394function ban_loginFailed()
395{
396 $ip=$_SERVER["REMOTE_ADDR"]; $gb=$GLOBALS['IPBANS'];
397 if (!isset($gb['FAILURES'][$ip])) $gb['FAILURES'][$ip]=0;
398 $gb['FAILURES'][$ip]++;
399 if ($gb['FAILURES'][$ip]>($GLOBALS['config']['BAN_AFTER']-1))
400 {
401 $gb['BANS'][$ip]=time()+$GLOBALS['config']['BAN_DURATION'];
402 logm('IP address banned from login');
403 }
404 $GLOBALS['IPBANS'] = $gb;
405 file_put_contents($GLOBALS['config']['IPBANS_FILENAME'], "<?php\n\$GLOBALS['IPBANS']=".var_export($gb,true).";\n?>");
406}
407
408// Signals a successful login. Resets failed login counter.
409function ban_loginOk()
410{
411 $ip=$_SERVER["REMOTE_ADDR"]; $gb=$GLOBALS['IPBANS'];
412 unset($gb['FAILURES'][$ip]); unset($gb['BANS'][$ip]);
413 $GLOBALS['IPBANS'] = $gb;
414 file_put_contents($GLOBALS['config']['IPBANS_FILENAME'], "<?php\n\$GLOBALS['IPBANS']=".var_export($gb,true).";\n?>");
415}
416
417// Checks if the user CAN login. If 'true', the user can try to login.
418function ban_canLogin()
419{
420 $ip=$_SERVER["REMOTE_ADDR"]; $gb=$GLOBALS['IPBANS'];
421 if (isset($gb['BANS'][$ip]))
422 {
423 // User is banned. Check if the ban has expired:
424 if ($gb['BANS'][$ip]<=time())
425 { // Ban expired, user can try to login again.
426 logm('Ban lifted.');
427 unset($gb['FAILURES'][$ip]); unset($gb['BANS'][$ip]);
428 file_put_contents($GLOBALS['config']['IPBANS_FILENAME'], "<?php\n\$GLOBALS['IPBANS']=".var_export($gb,true).";\n?>");
429 return true; // Ban has expired, user can login.
430 }
431 return false; // User is banned.
432 }
433 return true; // User is not banned.
434}
435
436// ------------------------------------------------------------------------------------------
437// Process login form: Check if login/password is correct.
438if (isset($_POST['login']))
439{
440 if (!ban_canLogin()) die('I said: NO. You are banned for the moment. Go away.');
441 if (isset($_POST['password']) && tokenOk($_POST['token']) && (check_auth($_POST['login'], $_POST['password'])))
ad6c27b7 442 { // Login/password is OK.
45034273
SS		 443 ban_loginOk();
444 // If user wants to keep the session cookie even after the browser closes:
445 if (!empty($_POST['longlastingsession']))
446 {
ae00595b 447 setcookie('shaarli_staySignedIn', STAY_SIGNED_IN_TOKEN, time()+31536000, WEB_PATH);
45034273
SS		 448 $_SESSION['longlastingsession']=31536000; // (31536000 seconds = 1 year)
449 $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // Set session expiration on server-side.
2d9fab88
SS		 450
451 $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
2f32d074 452 session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir,$_SERVER['SERVER_NAME']); // Set session cookie expiration on client side
ad6c27b7 453 // Note: Never forget the trailing slash on the cookie path!
45034273
SS		 454 session_regenerate_id(true); // Send cookie with new expiration date to browser.
455 }
456 else // Standard session expiration (=when browser closes)
457 {
2d9fab88 458 $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
2f32d074 459 session_set_cookie_params(0,$cookiedir,$_SERVER['SERVER_NAME']); // 0 means "When browser closes"
45034273
SS		 460 session_regenerate_id(true);
461 }
462 // Optional redirect after login:
a1795ddc 463 if (isset($_GET['post'])) { header('Location: ?post='.urlencode($_GET['post']).(!empty($_GET['title'])?'&title='.urlencode($_GET['title']):'').(!empty($_GET['description'])?'&description='.urlencode($_GET['description']):'').(!empty($_GET['source'])?'&source='.urlencode($_GET['source']):'')); exit; }
45034273
SS		 464 if (isset($_POST['returnurl']))
465 {
466 if (endsWith($_POST['returnurl'],'?do=login')) { header('Location: ?'); exit; } // Prevent loops over login screen.
467 header('Location: '.$_POST['returnurl']); exit;
468 }
469 header('Location: ?'); exit;
470 }
471 else
472 {
473 ban_loginFailed();
705f8355 474 $redir = '';
a1795ddc 475 if (isset($_GET['post'])) { $redir = '&post='.urlencode($_GET['post']).(!empty($_GET['title'])?'&title='.urlencode($_GET['title']):'').(!empty($_GET['description'])?'&description='.urlencode($_GET['description']):'').(!empty($_GET['source'])?'&source='.urlencode($_GET['source']):''); }
fe16b01e 476 echo '<script>alert("Wrong login/password.");document.location=\'?do=login'.$redir.'\';</script>'; // Redirect to login screen.
45034273
SS		 477 exit;
478 }
479}
480
481// ------------------------------------------------------------------------------------------
482// Misc utility functions:
483
484// Returns the server URL (including port and http/https), without path.
ad6c27b7 485// e.g. "http://myserver.com:8080"
45034273
SS		 486// You can append $_SERVER['SCRIPT_NAME'] to get the current script URL.
487function serverUrl()
488{
489 $https = (!empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS'])=='on')) || $_SERVER["SERVER_PORT"]=='443'; // HTTPS detection.
490 $serverport = ($_SERVER["SERVER_PORT"]=='80' || ($https && $_SERVER["SERVER_PORT"]=='443') ? '' : ':'.$_SERVER["SERVER_PORT"]);
2f32d074 491 return 'http'.($https?'s':'').'://'.$_SERVER['SERVER_NAME'].$serverport;
45034273
SS		 492}
493
494// Returns the absolute URL of current script, without the query.
ad6c27b7 495// (e.g. http://sebsauvage.net/links/)
45034273
SS		 496function indexUrl()
497{
9e975d86
SS		 498 $scriptname = $_SERVER["SCRIPT_NAME"];
499 // If the script is named 'index.php', we remove it (for better looking URLs,
ad6c27b7 500 // e.g. http://mysite.com/shaarli/?abcde instead of http://mysite.com/shaarli/index.php?abcde)
9e975d86
SS		 501 if (endswith($scriptname,'index.php')) $scriptname = substr($scriptname,0,strlen($scriptname)-9);
502 return serverUrl() . $scriptname;
45034273
SS		 503}
504
505// Returns the absolute URL of current script, WITH the query.
ad6c27b7 506// (e.g. http://sebsauvage.net/links/?toto=titi&spamspamspam=humbug)
45034273
SS		 507function pageUrl()
508{
509 return indexUrl().(!empty($_SERVER["QUERY_STRING"]) ? '?'.$_SERVER["QUERY_STRING"] : '');
510}
511
ad6c27b7 512// Convert post_max_size/upload_max_filesize (e.g. '16M') parameters to bytes.
45034273
SS		 513function return_bytes($val)
514{
515 $val = trim($val); $last=strtolower($val[strlen($val)-1]);
516 switch($last)
517 {
518 case 'g': $val *= 1024;
519 case 'm': $val *= 1024;
520 case 'k': $val *= 1024;
521 }
522 return $val;
523}
524
525// Try to determine max file size for uploads (POST).
526// Returns an integer (in bytes)
527function getMaxFileSize()
528{
529 $size1 = return_bytes(ini_get('post_max_size'));
530 $size2 = return_bytes(ini_get('upload_max_filesize'));
531 // Return the smaller of two:
532 $maxsize = min($size1,$size2);
ad6c27b7 533 // FIXME: Then convert back to readable notations ? (e.g. 2M instead of 2000000)
45034273
SS		 534 return $maxsize;
535}
536
537// Tells if a string start with a substring or not.
538function startsWith($haystack,$needle,$case=true)
539{
540 if($case){return (strcmp(substr($haystack, 0, strlen($needle)),$needle)===0);}
541 return (strcasecmp(substr($haystack, 0, strlen($needle)),$needle)===0);
542}
543
544// Tells if a string ends with a substring or not.
545function endsWith($haystack,$needle,$case=true)
546{
547 if($case){return (strcmp(substr($haystack, strlen($haystack) - strlen($needle)),$needle)===0);}
548 return (strcasecmp(substr($haystack, strlen($haystack) - strlen($needle)),$needle)===0);
549}
550
551/* Converts a linkdate time (YYYYMMDD_HHMMSS) of an article to a timestamp (Unix epoch)
552 (used to build the ADD_DATE attribute in Netscape-bookmarks file)
553 PS: I could have used strptime(), but it does not exist on Windows. I'm too kind. */
554function linkdate2timestamp($linkdate)
555{
556 $Y=$M=$D=$h=$m=$s=0;
8438a2e5 557 sscanf($linkdate,'%4d%2d%2d_%2d%2d%2d',$Y,$M,$D,$h,$m,$s);
45034273
SS		 558 return mktime($h,$m,$s,$M,$D,$Y);
559}
560
561/* Converts a linkdate time (YYYYMMDD_HHMMSS) of an article to a RFC822 date.
562 (used to build the pubDate attribute in RSS feed.) */
563function linkdate2rfc822($linkdate)
564{
565 return date('r',linkdate2timestamp($linkdate)); // 'r' is for RFC822 date format.
566}
567
568/* Converts a linkdate time (YYYYMMDD_HHMMSS) of an article to a ISO 8601 date.
569 (used to build the updated tags in ATOM feed.) */
570function linkdate2iso8601($linkdate)
571{
572 return date('c',linkdate2timestamp($linkdate)); // 'c' is for ISO 8601 date format.
573}
574
45034273
SS		 575// Parse HTTP response headers and return an associative array.
576function http_parse_headers_shaarli( $headers )
577{
578 $res=array();
579 foreach($headers as $header)
580 {
581 $i = strpos($header,': ');
582 if ($i!==false)
583 {
584 $key=substr($header,0,$i);
585 $value=substr($header,$i+2,strlen($header)-$i-2);
586 $res[$key]=$value;
587 }
588 }
589 return $res;
590}
591
592/* GET an URL.
ad6c27b7 593 Input: $url : URL to get (http://...)
45034273 594 $timeout : Network timeout (will wait this many seconds for an anwser before giving up).
ad6c27b7 595 Output: An array. [0] = HTTP status message (e.g. "HTTP/1.1 200 OK") or error message
596 [1] = associative array containing HTTP response headers (e.g. echo getHTTP($url)[1]['Content-Type'])
45034273
SS		 597 [2] = data
598 Example: list($httpstatus,$headers,$data) = getHTTP('http://sebauvage.net/');
599 if (strpos($httpstatus,'200 OK')!==false)
600 echo 'Data type: '.htmlspecialchars($headers['Content-Type']);
601 else
602 echo 'There was an error: '.htmlspecialchars($httpstatus)
603*/
604function getHTTP($url,$timeout=30)
605{
606 try
607 {
03545ef6 608 $options = array('http'=>array('method'=>'GET','timeout' => $timeout, 'user_agent' => 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0')); // Force network timeout
45034273
SS		 609 $context = stream_context_create($options);
610 $data=file_get_contents($url,false,$context,-1, 4000000); // We download at most 4 Mb from source.
611 if (!$data) { return array('HTTP Error',array(),''); }
ad6c27b7 612 $httpStatus=$http_response_header[0]; // e.g. "HTTP/1.1 200 OK"
45034273
SS		 613 $responseHeaders=http_parse_headers_shaarli($http_response_header);
614 return array($httpStatus,$responseHeaders,$data);
615 }
ad6c27b7 616 catch (Exception $e) // getHTTP *can* fail silently (we don't care if the title cannot be fetched)
45034273
SS		 617 {
618 return array($e->getMessage(),'','');
619 }
620}
621
622// Extract title from an HTML document.
623// (Returns an empty string if not found.)
624function html_extract_title($html)
625{
626 return preg_match('!<title>(.*?)</title>!is', $html, $matches) ? trim(str_replace("\n",' ', $matches[1])) : '' ;
627}
628
629// ------------------------------------------------------------------------------------------
630// Token management for XSRF protection
631// Token should be used in any form which acts on data (create,update,delete,import...).
632if (!isset($_SESSION['tokens'])) $_SESSION['tokens']=array(); // Token are attached to the session.
633
634// Returns a token.
635function getToken()
636{
a1f5a6ec 637 $rnd = sha1(uniqid('',true).'_'.mt_rand().$GLOBALS['salt']); // We generate a random string.
45034273
SS		 638 $_SESSION['tokens'][$rnd]=1; // Store it on the server side.
639 return $rnd;
640}
641
ad6c27b7 642// Tells if a token is OK. Using this function will destroy the token.
643// true=token is OK.
45034273
SS		 644function tokenOk($token)
645{
646 if (isset($_SESSION['tokens'][$token]))
647 {
648 unset($_SESSION['tokens'][$token]); // Token is used: destroy it.
ad6c27b7 649 return true; // Token is OK.
45034273
SS		 650 }
651 return false; // Wrong token, or already used.
652}
653
654// ------------------------------------------------------------------------------------------
655/* This class is in charge of building the final page.
656 (This is basically a wrapper around RainTPL which pre-fills some fields.)
657 p = new pageBuilder;
658 p.assign('myfield','myvalue');
659 p.renderPage('mytemplate');
bb8f712d 660
45034273
SS		 661*/
662class pageBuilder
663{
664 private $tpl; // RainTPL template
665
666 function __construct()
667 {
668 $this->tpl=false;
bb8f712d 669 }
45034273
SS		 670
671 private function initialize()
bb8f712d
KT		 672 {
673 $this->tpl = new RainTPL;
45034273
SS		 674 $this->tpl->assign('newversion',checkUpdate());
675 $this->tpl->assign('feedurl',htmlspecialchars(indexUrl()));
676 $searchcrits=''; // Search criteria
677 if (!empty($_GET['searchtags'])) $searchcrits.='&searchtags='.urlencode($_GET['searchtags']);
678 elseif (!empty($_GET['searchterm'])) $searchcrits.='&searchterm='.urlencode($_GET['searchterm']);
679 $this->tpl->assign('searchcrits',$searchcrits);
680 $this->tpl->assign('source',indexUrl());
681 $this->tpl->assign('version',shaarli_version);
682 $this->tpl->assign('scripturl',indexUrl());
683 $this->tpl->assign('pagetitle','Shaarli');
ad6c27b7 684 $this->tpl->assign('privateonly',!empty($_SESSION['privateonly'])); // Show only private links?
45034273 685 if (!empty($GLOBALS['title'])) $this->tpl->assign('pagetitle',$GLOBALS['title']);
ebb2880d 686 if (!empty($GLOBALS['titleLink'])) $this->tpl->assign('titleLink',$GLOBALS['titleLink']);
45034273
SS		 687 if (!empty($GLOBALS['pagetitle'])) $this->tpl->assign('pagetitle',$GLOBALS['pagetitle']);
688 $this->tpl->assign('shaarlititle',empty($GLOBALS['title']) ? 'Shaarli': $GLOBALS['title'] );
bb8f712d 689 return;
45034273 690 }
bb8f712d 691
45034273
SS		 692 // The following assign() method is basically the same as RainTPL (except that it's lazy)
693 public function assign($what,$where)
694 {
695 if ($this->tpl===false) $this->initialize(); // Lazy initialization
696 $this->tpl->assign($what,$where);
697 }
bb8f712d 698
45034273 699 // Render a specific page (using a template).
ad6c27b7 700 // e.g. pb.renderPage('picwall')
45034273
SS		 701 public function renderPage($page)
702 {
703 if ($this->tpl===false) $this->initialize(); // Lazy initialization
704 $this->tpl->draw($page);
705 }
706}
707
708// ------------------------------------------------------------------------------------------
709/* Data storage for links.
710 This object behaves like an associative array.
711 Example:
712 $mylinks = new linkdb();
713 echo $mylinks['20110826_161819']['title'];
714 foreach($mylinks as $link)
715 echo $link['title'].' at url '.$link['url'].' ; description:'.$link['description'];
bb8f712d 716
45034273
SS		 717 Available keys:
718 title : Title of the link
ad6c27b7 719 url : URL of the link. Can be absolute or relative. Relative URLs are permalinks (e.g.'?m-ukcw')
45034273 720 description : description of the entry
ad6c27b7 721 private : Is this link private? 0=no, other value=yes
722 linkdate : date of the creation of this entry, in the form YYYYMMDD_HHMMSS (e.g.'20110914_192317')
bb8f712d 723 tags : tags attached to this entry (separated by spaces)
45034273
SS		 724
725 We implement 3 interfaces:
726 - ArrayAccess so that this object behaves like an associative array.
727 - Iterator so that this object can be used in foreach() loops.
728 - Countable interface so that we can do a count() on this object.
729*/
730class linkdb implements Iterator, Countable, ArrayAccess
731{
ad6c27b7 732 private $links; // List of links (associative array. Key=linkdate (e.g. "20110823_124546"), value= associative array (keys:title,description...)
45034273
SS		 733 private $urls; // List of all recorded URLs (key=url, value=linkdate) for fast reserve search (url-->linkdate)
734 private $keys; // List of linkdate keys (for the Iterator interface implementation)
735 private $position; // Position in the $this->keys array. (for the Iterator interface implementation.)
ad6c27b7 736 private $loggedin; // Is the user logged in? (used to filter private links)
45034273
SS		 737
738 // Constructor:
739 function __construct($isLoggedIn)
ad6c27b7 740 // Input : $isLoggedIn : is the user logged in?
45034273
SS		 741 {
742 $this->loggedin = $isLoggedIn;
743 $this->checkdb(); // Make sure data file exists.
744 $this->readdb(); // Then read it.
745 }
746
747 // ---- Countable interface implementation
748 public function count() { return count($this->links); }
749
750 // ---- ArrayAccess interface implementation
751 public function offsetSet($offset, $value)
752 {
753 if (!$this->loggedin) die('You are not authorized to add a link.');
ad6c27b7 754 if (empty($value['linkdate']) || empty($value['url'])) die('Internal Error: A link should always have a linkdate and URL.');
45034273
SS		 755 if (empty($offset)) die('You must specify a key.');
756 $this->links[$offset] = $value;
757 $this->urls[$value['url']]=$offset;
758 }
759 public function offsetExists($offset) { return array_key_exists($offset,$this->links); }
760 public function offsetUnset($offset)
761 {
762 if (!$this->loggedin) die('You are not authorized to delete a link.');
763 $url = $this->links[$offset]['url']; unset($this->urls[$url]);
764 unset($this->links[$offset]);
765 }
766 public function offsetGet($offset) { return isset($this->links[$offset]) ? $this->links[$offset] : null; }
767
768 // ---- Iterator interface implementation
769 function rewind() { $this->keys=array_keys($this->links); rsort($this->keys); $this->position=0; } // Start over for iteration, ordered by date (latest first).
770 function key() { return $this->keys[$this->position]; } // current key
771 function current() { return $this->links[$this->keys[$this->position]]; } // current value
772 function next() { ++$this->position; } // go to next item
773 function valid() { return isset($this->keys[$this->position]); } // Check if current position is valid.
774
775 // ---- Misc methods
776 private function checkdb() // Check if db directory and file exists.
777 {
778 if (!file_exists($GLOBALS['config']['DATASTORE'])) // Create a dummy database for example.
779 {
780 $this->links = array();
781 $link = array('title'=>'Shaarli - sebsauvage.net','url'=>'http://sebsauvage.net/wiki/doku.php?id=php:shaarli','description'=>'Welcome to Shaarli ! This is a bookmark. To edit or delete me, you must first login.','private'=>0,'linkdate'=>'20110914_190000','tags'=>'opensource software');
782 $this->links[$link['linkdate']] = $link;
58a8f4ca 783 $link = array('title'=>'My secret stuff... - Pastebin.com','url'=>'http://sebsauvage.net/paste/?8434b27936c09649#bR7XsXhoTiLcqCpQbmOpBi3rq2zzQUC5hBI7ZT1O3x8=','description'=>'SShhhh!! I\'m a private link only YOU can see. You can delete me too.','private'=>1,'linkdate'=>'20110914_074522','tags'=>'secretstuff');
45034273
SS		 784 $this->links[$link['linkdate']] = $link;
785 file_put_contents($GLOBALS['config']['DATASTORE'], PHPPREFIX.base64_encode(gzdeflate(serialize($this->links))).PHPSUFFIX); // Write database to disk
786 }
787 }
788
789 // Read database from disk to memory
790 private function readdb()
791 {
792 // Read data
793 $this->links=(file_exists($GLOBALS['config']['DATASTORE']) ? unserialize(gzinflate(base64_decode(substr(file_get_contents($GLOBALS['config']['DATASTORE']),strlen(PHPPREFIX),-strlen(PHPSUFFIX))))) : array() );
794 // Note that gzinflate is faster than gzuncompress. See: http://www.php.net/manual/en/function.gzdeflate.php#96439
795
796 // If user is not logged in, filter private links.
797 if (!$this->loggedin)
798 {
799 $toremove=array();
800 foreach($this->links as $link) { if ($link['private']!=0) $toremove[]=$link['linkdate']; }
801 foreach($toremove as $linkdate) { unset($this->links[$linkdate]); }
802 }
803
804 // Keep the list of the mapping URLs-->linkdate up-to-date.
805 $this->urls=array();
806 foreach($this->links as $link) { $this->urls[$link['url']]=$link['linkdate']; }
807 }
808
809 // Save database from memory to disk.
810 public function savedb()
811 {
812 if (!$this->loggedin) die('You are not authorized to change the database.');
813 file_put_contents($GLOBALS['config']['DATASTORE'], PHPPREFIX.base64_encode(gzdeflate(serialize($this->links))).PHPSUFFIX);
814 invalidateCaches();
815 }
816
ad6c27b7 817 // Returns the link for a given URL (if it exists). False if it does not exist.
45034273
SS		 818 public function getLinkFromUrl($url)
819 {
820 if (isset($this->urls[$url])) return $this->links[$this->urls[$url]];
821 return false;
822 }
823
ad6c27b7 824 // Case insensitive search among links (in the URLs, title and description). Returns filtered list of links.
825 // e.g. print_r($mydb->filterFulltext('hollandais'));
45034273
SS		 826 public function filterFulltext($searchterms)
827 {
828 // FIXME: explode(' ',$searchterms) and perform a AND search.
ad6c27b7 829 // FIXME: accept double-quotes to search for a string "as is"?
2e45fdd8
FE		 830 // Using mb_convert_case($val, MB_CASE_LOWER, 'UTF-8') allows us to perform searches on
831 // Unicode text. See https://github.com/shaarli/Shaarli/issues/75 for examples.
45034273 832 $filtered=array();
2e45fdd8 833 $s = mb_convert_case($searchterms, MB_CASE_LOWER, 'UTF-8');
45034273
SS		 834 foreach($this->links as $l)
835 {
2e45fdd8
FE		 836 $found= (strpos(mb_convert_case($l['title'], MB_CASE_LOWER, 'UTF-8'),$s) !== false)
837 || (strpos(mb_convert_case($l['description'], MB_CASE_LOWER, 'UTF-8'),$s) !== false)
838 || (strpos(mb_convert_case($l['url'], MB_CASE_LOWER, 'UTF-8'),$s) !== false)
839 || (strpos(mb_convert_case($l['tags'], MB_CASE_LOWER, 'UTF-8'),$s) !== false);
45034273
SS		 840 if ($found) $filtered[$l['linkdate']] = $l;
841 }
842 krsort($filtered);
843 return $filtered;
844 }
845
846 // Filter by tag.
847 // You can specify one or more tags (tags can be separated by space or comma).
ad6c27b7 848 // e.g. print_r($mydb->filterTags('linux programming'));
45034273
SS		 849 public function filterTags($tags,$casesensitive=false)
850 {
2e45fdd8
FE		 851 // Same as above, we use UTF-8 conversion to handle various graphemes (i.e. cyrillic, or greek)
852 // TODO: is $casesensitive ever true ?
853 $t = str_replace(',',' ',($casesensitive?$tags:mb_convert_case($tags, MB_CASE_LOWER, 'UTF-8')));
45034273
SS		 854 $searchtags=explode(' ',$t);
855 $filtered=array();
856 foreach($this->links as $l)
857 {
2e45fdd8 858 $linktags = explode(' ',($casesensitive?$l['tags']:mb_convert_case($l['tags'], MB_CASE_LOWER, 'UTF-8')));
45034273
SS		 859 if (count(array_intersect($linktags,$searchtags)) == count($searchtags))
860 $filtered[$l['linkdate']] = $l;
861 }
862 krsort($filtered);
863 return $filtered;
864 }
865
ad6c27b7 866 // Filter by day. Day must be in the form 'YYYYMMDD' (e.g. '20120125')
45034273 867 // Sort order is: older articles first.
ad6c27b7 868 // e.g. print_r($mydb->filterDay('20120125'));
45034273
SS		 869 public function filterDay($day)
870 {
871 $filtered=array();
872 foreach($this->links as $l)
873 {
874 if (startsWith($l['linkdate'],$day)) $filtered[$l['linkdate']] = $l;
875 }
876 ksort($filtered);
877 return $filtered;
878 }
879 // Filter by smallHash.
880 // Only 1 article is returned.
881 public function filterSmallHash($smallHash)
882 {
883 $filtered=array();
884 foreach($this->links as $l)
885 {
886 if ($smallHash==smallHash($l['linkdate'])) // Yes, this is ugly and slow
887 {
888 $filtered[$l['linkdate']] = $l;
889 return $filtered;
890 }
891 }
892 return $filtered;
893 }
894
895 // Returns the list of all tags
896 // Output: associative array key=tags, value=0
897 public function allTags()
898 {
899 $tags=array();
900 foreach($this->links as $link)
901 foreach(explode(' ',$link['tags']) as $tag)
902 if (!empty($tag)) $tags[$tag]=(empty($tags[$tag]) ? 1 : $tags[$tag]+1);
903 arsort($tags); // Sort tags by usage (most used tag first)
904 return $tags;
905 }
bb8f712d 906
45034273
SS		 907 // Returns the list of days containing articles (oldest first)
908 // Output: An array containing days (in format YYYYMMDD).
909 public function days()
910 {
911 $linkdays=array();
912 foreach(array_keys($this->links) as $day)
913 {
914 $linkdays[substr($day,0,8)]=0;
915 }
916 $linkdays=array_keys($linkdays);
917 sort($linkdays);
918 return $linkdays;
919 }
920}
921
922// ------------------------------------------------------------------------------------------
ad6c27b7 923// Output the last N links in RSS 2.0 format.
45034273
SS		 924function showRSS()
925{
926 header('Content-Type: application/rss+xml; charset=utf-8');
927
2abd3905 928 // $usepermalink : If true, use permalink instead of final link.
ad6c27b7 929 // User just has to add 'permalink' in URL parameters. e.g. http://mysite.com/shaarli/?do=rss&permalinks
ed5b38dd
FE		 930 // Also enabled through a config option
931 $usepermalinks = isset($_GET['permalinks']) || !$GLOBALS['config']['ENABLE_RSS_PERMALINKS'];
2abd3905 932
45034273
SS		 933 // Cache system
934 $query = $_SERVER["QUERY_STRING"];
935 $cache = new pageCache(pageUrl(),startsWith($query,'do=rss') && !isLoggedIn());
936 $cached = $cache->cachedVersion(); if (!empty($cached)) { echo $cached; exit; }
937
938 // If cached was not found (or not usable), then read the database and build the response:
ad6c27b7 939 $LINKSDB=new linkdb(isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI']); // Read links from database (and filter private links if user it not logged in).
45034273 940
ad6c27b7 941 // Optionally filter the results:
45034273
SS		 942 $linksToDisplay=array();
943 if (!empty($_GET['searchterm'])) $linksToDisplay = $LINKSDB->filterFulltext($_GET['searchterm']);
944 elseif (!empty($_GET['searchtags'])) $linksToDisplay = $LINKSDB->filterTags(trim($_GET['searchtags']));
945 else $linksToDisplay = $LINKSDB;
c677013b
SS		 946 $nblinksToDisplay = 50; // Number of links to display.
947 if (!empty($_GET['nb'])) // In URL, you can specificy the number of links. Example: nb=200 or nb=all for all links.
732e683b 948 {
c677013b
SS		 949 $nblinksToDisplay = $_GET['nb']=='all' ? count($linksToDisplay) : max($_GET['nb']+0,1) ;
950 }
45034273
SS		 951
952 $pageaddr=htmlspecialchars(indexUrl());
953 echo '<?xml version="1.0" encoding="UTF-8"?><rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/">';
954 echo '<channel><title>'.htmlspecialchars($GLOBALS['title']).'</title><link>'.$pageaddr.'</link>';
955 echo '<description>Shared links</description><language>en-en</language><copyright>'.$pageaddr.'</copyright>'."\n\n";
956 if (!empty($GLOBALS['config']['PUBSUBHUB_URL']))
957 {
958 echo '<!-- PubSubHubbub Discovery -->';
959 echo '<link rel="hub" href="'.htmlspecialchars($GLOBALS['config']['PUBSUBHUB_URL']).'" xmlns="http://www.w3.org/2005/Atom" />';
960 echo '<link rel="self" href="'.htmlspecialchars($pageaddr).'?do=rss" xmlns="http://www.w3.org/2005/Atom" />';
961 echo '<!-- End Of PubSubHubbub Discovery -->';
962 }
963 $i=0;
964 $keys=array(); foreach($linksToDisplay as $key=>$value) { $keys[]=$key; } // No, I can't use array_keys().
fbd9e527 965 while ($i<$nblinksToDisplay && $i<count($keys))
45034273
SS		 966 {
967 $link = $linksToDisplay[$keys[$i]];
968 $guid = $pageaddr.'?'.smallHash($link['linkdate']);
969 $rfc822date = linkdate2rfc822($link['linkdate']);
970 $absurl = htmlspecialchars($link['url']);
971 if (startsWith($absurl,'?')) $absurl=$pageaddr.$absurl; // make permalink URL absolute
2abd3905 972 if ($usepermalinks===true)
ed5b38dd 973 echo '<item><title>'.htmlspecialchars($link['title']).'</title><guid isPermaLink="true">'.$guid.'</guid><link>'.$guid.'</link>';
2abd3905 974 else
3e0ef647 975 echo '<item><title>'.htmlspecialchars($link['title']).'</title><guid isPermaLink="false">'.$guid.'</guid><link>'.$absurl.'</link>';
45034273
SS		 976 if (!$GLOBALS['config']['HIDE_TIMESTAMPS'] || isLoggedIn()) echo '<pubDate>'.htmlspecialchars($rfc822date)."</pubDate>\n";
977 if ($link['tags']!='') // Adding tags to each RSS entry (as mentioned in RSS specification)
978 {
979 foreach(explode(' ',$link['tags']) as $tag) { echo '<category domain="'.htmlspecialchars($pageaddr).'">'.htmlspecialchars($tag).'</category>'."\n"; }
980 }
2abd3905
SS		 981
982 // Add permalink in description
983 $descriptionlink = '(<a href="'.$guid.'">Permalink</a>)';
984 // If user wants permalinks first, put the final link in description
985 if ($usepermalinks===true) $descriptionlink = '(<a href="'.$absurl.'">Link</a>)';
986 if (strlen($link['description'])>0) $descriptionlink = '<br>'.$descriptionlink;
987 echo '<description><![CDATA['.nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($link['description'])))).$descriptionlink.']]></description>'."\n</item>\n";
45034273
SS		 988 $i++;
989 }
53da2017 990 echo '</channel></rss><!-- Cached version of '.htmlspecialchars(pageUrl()).' -->';
45034273
SS		 991
992 $cache->cache(ob_get_contents());
993 ob_end_flush();
994 exit;
995}
996
997// ------------------------------------------------------------------------------------------
ad6c27b7 998// Output the last N links in ATOM format.
45034273
SS		 999function showATOM()
1000{
1001 header('Content-Type: application/atom+xml; charset=utf-8');
1002
2abd3905 1003 // $usepermalink : If true, use permalink instead of final link.
ad6c27b7 1004 // User just has to add 'permalink' in URL parameters. e.g. http://mysite.com/shaarli/?do=atom&permalinks
ed5b38dd 1005 $usepermalinks = isset($_GET['permalinks']) || !$GLOBALS['config']['ENABLE_RSS_PERMALINKS'];
2abd3905 1006
45034273
SS		 1007 // Cache system
1008 $query = $_SERVER["QUERY_STRING"];
1009 $cache = new pageCache(pageUrl(),startsWith($query,'do=atom') && !isLoggedIn());
1010 $cached = $cache->cachedVersion(); if (!empty($cached)) { echo $cached; exit; }
1011 // If cached was not found (or not usable), then read the database and build the response:
1012
1013 $LINKSDB=new linkdb(isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI']); // Read links from database (and filter private links if used it not logged in).
1014
1015
ad6c27b7 1016 // Optionally filter the results:
45034273
SS		 1017 $linksToDisplay=array();
1018 if (!empty($_GET['searchterm'])) $linksToDisplay = $LINKSDB->filterFulltext($_GET['searchterm']);
1019 elseif (!empty($_GET['searchtags'])) $linksToDisplay = $LINKSDB->filterTags(trim($_GET['searchtags']));
1020 else $linksToDisplay = $LINKSDB;
c677013b
SS		 1021 $nblinksToDisplay = 50; // Number of links to display.
1022 if (!empty($_GET['nb'])) // In URL, you can specificy the number of links. Example: nb=200 or nb=all for all links.
732e683b 1023 {
c677013b
SS		 1024 $nblinksToDisplay = $_GET['nb']=='all' ? count($linksToDisplay) : max($_GET['nb']+0,1) ;
1025 }
45034273
SS		 1026
1027 $pageaddr=htmlspecialchars(indexUrl());
1028 $latestDate = '';
1029 $entries='';
1030 $i=0;
1031 $keys=array(); foreach($linksToDisplay as $key=>$value) { $keys[]=$key; } // No, I can't use array_keys().
fbd9e527 1032 while ($i<$nblinksToDisplay && $i<count($keys))
45034273
SS		 1033 {
1034 $link = $linksToDisplay[$keys[$i]];
1035 $guid = $pageaddr.'?'.smallHash($link['linkdate']);
1036 $iso8601date = linkdate2iso8601($link['linkdate']);
1037 $latestDate = max($latestDate,$iso8601date);
1038 $absurl = htmlspecialchars($link['url']);
1039 if (startsWith($absurl,'?')) $absurl=$pageaddr.$absurl; // make permalink URL absolute
2abd3905
SS		 1040 $entries.='<entry><title>'.htmlspecialchars($link['title']).'</title>';
1041 if ($usepermalinks===true)
1042 $entries.='<link href="'.$guid.'" /><id>'.$guid.'</id>';
1043 else
1044 $entries.='<link href="'.$absurl.'" /><id>'.$guid.'</id>';
45034273 1045 if (!$GLOBALS['config']['HIDE_TIMESTAMPS'] || isLoggedIn()) $entries.='<updated>'.htmlspecialchars($iso8601date).'</updated>';
2abd3905
SS		 1046
1047 // Add permalink in description
1048 $descriptionlink = htmlspecialchars('(<a href="'.$guid.'">Permalink</a>)');
1049 // If user wants permalinks first, put the final link in description
1050 if ($usepermalinks===true) $descriptionlink = htmlspecialchars('(<a href="'.$absurl.'">Link</a>)');
1051 if (strlen($link['description'])>0) $descriptionlink = '&lt;br&gt;'.$descriptionlink;
1052
1053 $entries.='<content type="html">'.htmlspecialchars(nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($link['description']))))).$descriptionlink."</content>\n";
45034273
SS		 1054 if ($link['tags']!='') // Adding tags to each ATOM entry (as mentioned in ATOM specification)
1055 {
1056 foreach(explode(' ',$link['tags']) as $tag)
1057 { $entries.='<category scheme="'.htmlspecialchars($pageaddr,ENT_QUOTES).'" term="'.htmlspecialchars($tag,ENT_QUOTES).'" />'."\n"; }
1058 }
1059 $entries.="</entry>\n";
1060 $i++;
1061 }
1062 $feed='<?xml version="1.0" encoding="UTF-8"?><feed xmlns="http://www.w3.org/2005/Atom">';
1063 $feed.='<title>'.htmlspecialchars($GLOBALS['title']).'</title>';
1064 if (!$GLOBALS['config']['HIDE_TIMESTAMPS'] || isLoggedIn()) $feed.='<updated>'.htmlspecialchars($latestDate).'</updated>';
1065 $feed.='<link rel="self" href="'.htmlspecialchars(serverUrl().$_SERVER["REQUEST_URI"]).'" />';
1066 if (!empty($GLOBALS['config']['PUBSUBHUB_URL']))
1067 {
1068 $feed.='<!-- PubSubHubbub Discovery -->';
1069 $feed.='<link rel="hub" href="'.htmlspecialchars($GLOBALS['config']['PUBSUBHUB_URL']).'" />';
1070 $feed.='<!-- End Of PubSubHubbub Discovery -->';
1071 }
1072 $feed.='<author><name>'.htmlspecialchars($pageaddr).'</name><uri>'.htmlspecialchars($pageaddr).'</uri></author>';
1073 $feed.='<id>'.htmlspecialchars($pageaddr).'</id>'."\n\n"; // Yes, I know I should use a real IRI (RFC3987), but the site URL will do.
1074 $feed.=$entries;
53da2017 1075 $feed.='</feed><!-- Cached version of '.htmlspecialchars(pageUrl()).' -->';
45034273 1076 echo $feed;
bb8f712d 1077
45034273
SS		 1078 $cache->cache(ob_get_contents());
1079 ob_end_flush();
1080 exit;
1081}
1082
1083// ------------------------------------------------------------------------------------------
1084// Daily RSS feed: 1 RSS entry per day giving all the links on that day.
1085// Gives the last 7 days (which have links).
1086// This RSS feed cannot be filtered.
1087function showDailyRSS()
1088{
1089 // Cache system
1090 $query = $_SERVER["QUERY_STRING"];
1091 $cache = new pageCache(pageUrl(),startsWith($query,'do=dailyrss') && !isLoggedIn());
1092 $cached = $cache->cachedVersion(); if (!empty($cached)) { echo $cached; exit; }
1093 // If cached was not found (or not usable), then read the database and build the response:
1094 $LINKSDB=new linkdb(isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI']); // Read links from database (and filter private links if used it not logged in).
bb8f712d 1095
45034273
SS		 1096 /* Some Shaarlies may have very few links, so we need to look
1097 back in time (rsort()) until we have enough days ($nb_of_days).
1098 */
bb8f712d 1099 $linkdates=array(); foreach($LINKSDB as $linkdate=>$value) { $linkdates[]=$linkdate; }
45034273
SS		 1100 rsort($linkdates);
1101 $nb_of_days=7; // We take 7 days.
1102 $today=Date('Ymd');
1103 $days=array();
1104 foreach($linkdates as $linkdate)
1105 {
1106 $day=substr($linkdate,0,8); // Extract day (without time)
1107 if (strcmp($day,$today)<0)
1108 {
1109 if (empty($days[$day])) $days[$day]=array();
1110 $days[$day][]=$linkdate;
1111 }
ad6c27b7 1112 if (count($days)>$nb_of_days) break; // Have we collected enough days?
45034273 1113 }
bb8f712d 1114
45034273
SS		 1115 // Build the RSS feed.
1116 header('Content-Type: application/rss+xml; charset=utf-8');
1117 $pageaddr=htmlspecialchars(indexUrl());
1118 echo '<?xml version="1.0" encoding="UTF-8"?><rss version="2.0">';
1119 echo '<channel><title>Daily - '.htmlspecialchars($GLOBALS['title']).'</title><link>'.$pageaddr.'</link>';
1120 echo '<description>Daily shared links</description><language>en-en</language><copyright>'.$pageaddr.'</copyright>'."\n";
bb8f712d 1121
45034273
SS		 1122 foreach($days as $day=>$linkdates) // For each day.
1123 {
1124 $daydate = utf8_encode(strftime('%A %d, %B %Y',linkdate2timestamp($day.'_000000'))); // Full text date
1125 $rfc822date = linkdate2rfc822($day.'_000000');
1126 $absurl=htmlspecialchars(indexUrl().'?do=daily&day='.$day); // Absolute URL of the corresponding "Daily" page.
1127 echo '<item><title>'.htmlspecialchars($GLOBALS['title'].' - '.$daydate).'</title><guid>'.$absurl.'</guid><link>'.$absurl.'</link>';
1128 echo '<pubDate>'.htmlspecialchars($rfc822date)."</pubDate>";
bb8f712d 1129
45034273
SS		 1130 // Build the HTML body of this RSS entry.
1131 $html='';
1132 $href='';
1133 $links=array();
1134 // We pre-format some fields for proper output.
1135 foreach($linkdates as $linkdate)
1136 {
1137 $l = $LINKSDB[$linkdate];
1138 $l['formatedDescription']=nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($l['description']))));
bb8f712d 1139 $l['thumbnail'] = thumbnail($l['url']);
a5752e77 1140 $l['timestamp'] = linkdate2timestamp($l['linkdate']);
45034273 1141 if (startsWith($l['url'],'?')) $l['url']=indexUrl().$l['url']; // make permalink URL absolute
bb8f712d 1142 $links[$linkdate]=$l;
45034273
SS		 1143 }
1144 // Then build the HTML for this day:
bb8f712d 1145 $tpl = new RainTPL;
45034273
SS		 1146 $tpl->assign('links',$links);
1147 $html = $tpl->draw('dailyrss',$return_string=true);
1148 echo "\n";
1149 echo '<description><![CDATA['.$html.']]></description>'."\n</item>\n\n";
1150
bb8f712d 1151 }
53da2017 1152 echo '</channel></rss><!-- Cached version of '.htmlspecialchars(pageUrl()).' -->';
bb8f712d 1153
45034273
SS		 1154 $cache->cache(ob_get_contents());
1155 ob_end_flush();
1156 exit;
1157}
1158
1159// "Daily" page.
1160function showDaily()
1161{
1162 $LINKSDB=new linkdb(isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI']); // Read links from database (and filter private links if used it not logged in).
1163
1164
1165 $day=Date('Ymd',strtotime('-1 day')); // Yesterday, in format YYYYMMDD.
1166 if (isset($_GET['day'])) $day=$_GET['day'];
bb8f712d 1167
45034273
SS		 1168 $days = $LINKSDB->days();
1169 $i = array_search($day,$days);
1170 if ($i==false) { $i=count($days)-1; $day=$days[$i]; }
bb8f712d
KT		 1171 $previousday='';
1172 $nextday='';
45034273
SS		 1173 if ($i!==false)
1174 {
1175 if ($i>1) $previousday=$days[$i-1];
1176 if ($i<count($days)-1) $nextday=$days[$i+1];
1177 }
1178
1179 $linksToDisplay=$LINKSDB->filterDay($day);
1180 // We pre-format some fields for proper output.
1181 foreach($linksToDisplay as $key=>$link)
1182 {
dd62b9ba
SS		 1183 $taglist = explode(' ',$link['tags']);
1184 uasort($taglist, 'strcasecmp');
1185 $linksToDisplay[$key]['taglist']=$taglist;
45034273 1186 $linksToDisplay[$key]['formatedDescription']=nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($link['description']))));
bb8f712d 1187 $linksToDisplay[$key]['thumbnail'] = thumbnail($link['url']);
a5752e77 1188 $linksToDisplay[$key]['timestamp'] = linkdate2timestamp($link['linkdate']);
45034273 1189 }
bb8f712d 1190
45034273 1191 /* We need to spread the articles on 3 columns.
ad6c27b7 1192 I did not want to use a JavaScript lib like http://masonry.desandro.com/
bb8f712d 1193 so I manually spread entries with a simple method: I roughly evaluate the
45034273
SS		 1194 height of a div according to title and description length.
1195 */
1196 $columns=array(array(),array(),array()); // Entries to display, for each column.
1197 $fill=array(0,0,0); // Rough estimate of columns fill.
1198 foreach($linksToDisplay as $key=>$link)
1199 {
1200 // Roughly estimate length of entry (by counting characters)
1201 // Title: 30 chars = 1 line. 1 line is 30 pixels height.
1202 // Description: 836 characters gives roughly 342 pixel height.
ad6c27b7 1203 // This is not perfect, but it's usually OK.
45034273
SS		 1204 $length=strlen($link['title'])+(342*strlen($link['description']))/836;
1205 if ($link['thumbnail']) $length +=100; // 1 thumbnails roughly takes 100 pixels height.
1206 // Then put in column which is the less filled:
1207 $smallest=min($fill); // find smallest value in array.
1208 $index=array_search($smallest,$fill); // find index of this smallest value.
1209 array_push($columns[$index],$link); // Put entry in this column.
1210 $fill[$index]+=$length;
1211 }
1212 $PAGE = new pageBuilder;
1213 $PAGE->assign('linksToDisplay',$linksToDisplay);
1214 $PAGE->assign('linkcount',count($LINKSDB));
cae64e52 1215 $PAGE->assign('cols', $columns);
45034273
SS		 1216 $PAGE->assign('day',utf8_encode(strftime('%A %d, %B %Y',linkdate2timestamp($day.'_000000'))));
1217 $PAGE->assign('previousday',$previousday);
bb8f712d 1218 $PAGE->assign('nextday',$nextday);
45034273
SS		 1219 $PAGE->renderPage('daily');
1220 exit;
1221}
1222
1223
1224// ------------------------------------------------------------------------------------------
1225// Render HTML page (according to URL parameters and user rights)
1226function renderPage()
1227{
1228 $LINKSDB=new linkdb(isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI']); // Read links from database (and filter private links if used it not logged in).
1229
1230 // -------- Display login form.
1231 if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=login'))
1232 {
1233 if ($GLOBALS['config']['OPEN_SHAARLI']) { header('Location: ?'); exit; } // No need to login for open Shaarli
1234 $token=''; if (ban_canLogin()) $token=getToken(); // Do not waste token generation if not useful.
1235 $PAGE = new pageBuilder;
1236 $PAGE->assign('token',$token);
1237 $PAGE->assign('returnurl',(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER']:''));
1238 $PAGE->renderPage('loginform');
1239 exit;
1240 }
1241 // -------- User wants to logout.
1242 if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=logout'))
1243 {
1244 invalidateCaches();
1245 logout();
1246 header('Location: ?');
1247 exit;
1248 }
1249
1250 // -------- Picture wall
1251 if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=picwall'))
1252 {
ad6c27b7 1253 // Optionally filter the results:
45034273
SS		 1254 $links=array();
1255 if (!empty($_GET['searchterm'])) $links = $LINKSDB->filterFulltext($_GET['searchterm']);
1256 elseif (!empty($_GET['searchtags'])) $links = $LINKSDB->filterTags(trim($_GET['searchtags']));
1257 else $links = $LINKSDB;
1258 $body='';
1259 $linksToDisplay=array();
1260
1261 // Get only links which have a thumbnail.
1262 foreach($links as $link)
1263 {
1264 $permalink='?'.htmlspecialchars(smallhash($link['linkdate']),ENT_QUOTES);
1265 $thumb=lazyThumbnail($link['url'],$permalink);
1266 if ($thumb!='') // Only output links which have a thumbnail.
1267 {
1268 $link['thumbnail']=$thumb; // Thumbnail HTML code.
45034273
SS		 1269 $linksToDisplay[]=$link; // Add to array.
1270 }
1271 }
1272 $PAGE = new pageBuilder;
1273 $PAGE->assign('linkcount',count($LINKSDB));
1274 $PAGE->assign('linksToDisplay',$linksToDisplay);
1275 $PAGE->renderPage('picwall');
1276 exit;
1277 }
1278
1279 // -------- Tag cloud
1280 if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=tagcloud'))
1281 {
1282 $tags= $LINKSDB->allTags();
1283 // We sort tags alphabetically, then choose a font size according to count.
1284 // First, find max value.
1285 $maxcount=0; foreach($tags as $key=>$value) $maxcount=max($maxcount,$value);
1286 ksort($tags);
1287 $tagList=array();
1288 foreach($tags as $key=>$value)
1e3b2740 1289 // Tag font size scaling: default 15 and 30 logarithm bases affect scaling, 22 and 6 are arbitrary font sizes for max and min sizes.
45034273 1290 {
1e3b2740 1291 $tagList[$key] = array('count'=>$value,'size'=>log($value, 15) / log($maxcount, 30) * (22-6) + 6);
45034273
SS		 1292 }
1293 $PAGE = new pageBuilder;
1294 $PAGE->assign('linkcount',count($LINKSDB));
1295 $PAGE->assign('tags',$tagList);
1296 $PAGE->renderPage('tagcloud');
bb8f712d 1297 exit;
45034273
SS		 1298 }
1299
1300 // -------- User clicks on a tag in a link: The tag is added to the list of searched tags (searchtags=...)
1301 if (isset($_GET['addtag']))
1302 {
1303 // Get previous URL (http_referer) and add the tag to the searchtags parameters in query.
1304 if (empty($_SERVER['HTTP_REFERER'])) { header('Location: ?searchtags='.urlencode($_GET['addtag'])); exit; } // In case browser does not send HTTP_REFERER
1305 parse_str(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_QUERY), $params);
732e683b
FE		 1306
1307 // Check if this tag is already in the search query and ignore it if it is.
1308 // Each tag is always separated by a space
1309 $current_tags = explode(' ', $params['searchtags']);
1310 $addtag = true;
1311 foreach ($current_tags as $value) {
1312 if ($value === $_GET['addtag']) {
1313 $addtag = false;
1314 break;
1315 }
1316 }
1317 // Append the tag if necessary
1318 if (empty($params['searchtags'])) {
1319 $params['searchtags'] = trim($_GET['addtag']);
1320 }
1321 else if ($addtag) {
1322 $params['searchtags'] = trim($params['searchtags']).' '.trim($_GET['addtag']);
1323 }
1324
45034273
SS		 1325 unset($params['page']); // We also remove page (keeping the same page has no sense, since the results are different)
1326 header('Location: ?'.http_build_query($params));
1327 exit;
1328 }
1329
1330 // -------- User clicks on a tag in result count: Remove the tag from the list of searched tags (searchtags=...)
1331 if (isset($_GET['removetag']))
1332 {
1333 // Get previous URL (http_referer) and remove the tag from the searchtags parameters in query.
1334 if (empty($_SERVER['HTTP_REFERER'])) { header('Location: ?'); exit; } // In case browser does not send HTTP_REFERER
1335 parse_str(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_QUERY), $params);
1336 if (isset($params['searchtags']))
1337 {
1338 $tags = explode(' ',$params['searchtags']);
1339 $tags=array_diff($tags, array($_GET['removetag'])); // Remove value from array $tags.
1340 if (count($tags)==0) unset($params['searchtags']); else $params['searchtags'] = implode(' ',$tags);
1341 unset($params['page']); // We also remove page (keeping the same page has no sense, since the results are different)
1342 }
1343 header('Location: ?'.http_build_query($params));
1344 exit;
1345 }
1346
1347 // -------- User wants to change the number of links per page (linksperpage=...)
1348 if (isset($_GET['linksperpage']))
1349 {
1350 if (is_numeric($_GET['linksperpage'])) { $_SESSION['LINKS_PER_PAGE']=abs(intval($_GET['linksperpage'])); }
ad6c27b7 1351 // Make sure the referrer is Shaarli itself.
feebc6d4 1352 $referer = '?';
f6a6ca0a 1353 if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['HTTP_HOST'])==0)
feebc6d4
SS		 1354 $referer = $_SERVER['HTTP_REFERER'];
1355 header('Location: '.$referer);
45034273
SS		 1356 exit;
1357 }
bb8f712d 1358
45034273
SS		 1359 // -------- User wants to see only private links (toggle)
1360 if (isset($_GET['privateonly']))
1361 {
1362 if (empty($_SESSION['privateonly']))
1363 {
1364 $_SESSION['privateonly']=1; // See only private links
1365 }
1366 else
1367 {
1368 unset($_SESSION['privateonly']); // See all links
1369 }
ad6c27b7 1370 // Make sure the referrer is Shaarli itself.
feebc6d4 1371 $referer = '?';
f6a6ca0a 1372 if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['HTTP_HOST'])==0)
feebc6d4
SS		 1373 $referer = $_SERVER['HTTP_REFERER'];
1374 header('Location: '.$referer);
45034273
SS		 1375 exit;
1376 }
1377
1378 // -------- Handle other actions allowed for non-logged in users:
1379 if (!isLoggedIn())
1380 {
ad6c27b7 1381 // User tries to post new link but is not logged in:
45034273
SS		 1382 // Show login screen, then redirect to ?post=...
1383 if (isset($_GET['post']))
1384 {
a1795ddc 1385 header('Location: ?do=login&post='.urlencode($_GET['post']).(!empty($_GET['title'])?'&title='.urlencode($_GET['title']):'').(!empty($_GET['description'])?'&description='.urlencode($_GET['description']):'').(!empty($_GET['source'])?'&source='.urlencode($_GET['source']):'')); // Redirect to login page, then back to post link.
45034273
SS		 1386 exit;
1387 }
aedc912d
FE		 1388
1389 // Same case as above except that user tried to access ?do=addlink without being logged in
1390 // Note: passing empty parameters makes Shaarli generate default URLs and descriptions.
1391 if (isset($_GET['do']) && $_GET['do'] === 'addlink') {
1392 header('Location: ?do=login&post=');
1393 exit;
1394 }
1395
45034273
SS		 1396 $PAGE = new pageBuilder;
1397 buildLinkList($PAGE,$LINKSDB); // Compute list of links to display
1398 $PAGE->renderPage('linklist');
ad6c27b7 1399 exit; // Never remove this one! All operations below are reserved for logged in user.
45034273
SS		 1400 }
1401
1402 // -------- All other functions are reserved for the registered user:
1403
1404 // -------- Display the Tools menu if requested (import/export/bookmarklet...)
1405 if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=tools'))
1406 {
1407 $PAGE = new pageBuilder;
1408 $PAGE->assign('linkcount',count($LINKSDB));
1409 $PAGE->assign('pageabsaddr',indexUrl());
1410 $PAGE->renderPage('tools');
1411 exit;
1412 }
1413
1414 // -------- User wants to change his/her password.
1415 if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=changepasswd'))
1416 {
1417 if ($GLOBALS['config']['OPEN_SHAARLI']) die('You are not supposed to change a password on an Open Shaarli.');
1418 if (!empty($_POST['setpassword']) && !empty($_POST['oldpassword']))
1419 {
ad6c27b7 1420 if (!tokenOk($_POST['token'])) die('Wrong token.'); // Go away!
45034273
SS		 1421
1422 // Make sure old password is correct.
1423 $oldhash = sha1($_POST['oldpassword'].$GLOBALS['login'].$GLOBALS['salt']);
fe16b01e 1424 if ($oldhash!=$GLOBALS['hash']) { echo '<script>alert("The old password is not correct.");document.location=\'?do=changepasswd\';</script>'; exit; }
45034273
SS		 1425 // Save new password
1426 $GLOBALS['salt'] = sha1(uniqid('',true).'_'.mt_rand()); // Salt renders rainbow-tables attacks useless.
1427 $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']);
1428 writeConfig();
fe16b01e 1429 echo '<script>alert("Your password has been changed.");document.location=\'?do=tools\';</script>';
45034273
SS		 1430 exit;
1431 }
1432 else // show the change password form.
1433 {
1434 $PAGE = new pageBuilder;
1435 $PAGE->assign('linkcount',count($LINKSDB));
1436 $PAGE->assign('token',getToken());
1437 $PAGE->renderPage('changepassword');
1438 exit;
1439 }
1440 }
1441
1442 // -------- User wants to change configuration
1443 if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=configure'))
1444 {
1445 if (!empty($_POST['title']) )
1446 {
ad6c27b7 1447 if (!tokenOk($_POST['token'])) die('Wrong token.'); // Go away!
45034273
SS		 1448 $tz = 'UTC';
1449 if (!empty($_POST['continent']) && !empty($_POST['city']))
1450 if (isTZvalid($_POST['continent'],$_POST['city']))
1451 $tz = $_POST['continent'].'/'.$_POST['city'];
1452 $GLOBALS['timezone'] = $tz;
1453 $GLOBALS['title']=$_POST['title'];
ebb2880d 1454 $GLOBALS['titleLink']=$_POST['titleLink'];
45034273
SS		 1455 $GLOBALS['redirector']=$_POST['redirector'];
1456 $GLOBALS['disablesessionprotection']=!empty($_POST['disablesessionprotection']);
858c5c2b 1457 $GLOBALS['disablejquery']=!empty($_POST['disablejquery']);
bb8f712d 1458 $GLOBALS['privateLinkByDefault']=!empty($_POST['privateLinkByDefault']);
ed5b38dd 1459 $GLOBALS['config']['ENABLE_RSS_PERMALINKS']= !empty($_POST['enableRssPermalinks']);
329e0768 1460 $GLOBALS['config']['ENABLE_UPDATECHECK'] = !empty($_POST['updateCheck']);
45034273 1461 writeConfig();
fe16b01e 1462 echo '<script>alert("Configuration was saved.");document.location=\'?do=tools\';</script>';
45034273
SS		 1463 exit;
1464 }
1465 else // Show the configuration form.
1466 {
1467 $PAGE = new pageBuilder;
1468 $PAGE->assign('linkcount',count($LINKSDB));
1469 $PAGE->assign('token',getToken());
1470 $PAGE->assign('title',htmlspecialchars( empty($GLOBALS['title']) ? '' : $GLOBALS['title'] , ENT_QUOTES));
1471 $PAGE->assign('redirector',htmlspecialchars( empty($GLOBALS['redirector']) ? '' : $GLOBALS['redirector'] , ENT_QUOTES));
1472 list($timezone_form,$timezone_js) = templateTZform($GLOBALS['timezone']);
ad6c27b7 1473 $PAGE->assign('timezone_form',$timezone_form); // FIXME: Put entire tz form generation in template?
45034273
SS		 1474 $PAGE->assign('timezone_js',$timezone_js);
1475 $PAGE->renderPage('configure');
1476 exit;
1477 }
1478 }
1479
1480 // -------- User wants to rename a tag or delete it
1481 if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=changetag'))
1482 {
1483 if (empty($_POST['fromtag']))
1484 {
1485 $PAGE = new pageBuilder;
1486 $PAGE->assign('linkcount',count($LINKSDB));
1487 $PAGE->assign('token',getToken());
bdd1715b 1488 $PAGE->assign('tags', $LINKSDB->allTags());
45034273
SS		 1489 $PAGE->renderPage('changetag');
1490 exit;
1491 }
1492 if (!tokenOk($_POST['token'])) die('Wrong token.');
1493
1494 // Delete a tag:
1495 if (!empty($_POST['deletetag']) && !empty($_POST['fromtag']))
1496 {
1497 $needle=trim($_POST['fromtag']);
ad6c27b7 1498 $linksToAlter = $LINKSDB->filterTags($needle,true); // True for case-sensitive tag search.
45034273
SS		 1499 foreach($linksToAlter as $key=>$value)
1500 {
1501 $tags = explode(' ',trim($value['tags']));
1502 unset($tags[array_search($needle,$tags)]); // Remove tag.
1503 $value['tags']=trim(implode(' ',$tags));
1504 $LINKSDB[$key]=$value;
1505 }
ad6c27b7 1506 $LINKSDB->savedb(); // Save to disk.
fe16b01e 1507 echo '<script>alert("Tag was removed from '.count($linksToAlter).' links.");document.location=\'?\';</script>';
45034273
SS		 1508 exit;
1509 }
1510
1511 // Rename a tag:
1512 if (!empty($_POST['renametag']) && !empty($_POST['fromtag']) && !empty($_POST['totag']))
1513 {
1514 $needle=trim($_POST['fromtag']);
1515 $linksToAlter = $LINKSDB->filterTags($needle,true); // true for case-sensitive tag search.
1516 foreach($linksToAlter as $key=>$value)
1517 {
1518 $tags = explode(' ',trim($value['tags']));
ad6c27b7 1519 $tags[array_search($needle,$tags)] = trim($_POST['totag']); // Replace tags value.
45034273
SS		 1520 $value['tags']=trim(implode(' ',$tags));
1521 $LINKSDB[$key]=$value;
1522 }
ad6c27b7 1523 $LINKSDB->savedb(); // Save to disk.
fe16b01e 1524 echo '<script>alert("Tag was renamed in '.count($linksToAlter).' links.");document.location=\'?searchtags='.urlencode($_POST['totag']).'\';</script>';
45034273
SS		 1525 exit;
1526 }
1527 }
1528
ad6c27b7 1529 // -------- User wants to add a link without using the bookmarklet: Show form.
45034273
SS		 1530 if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=addlink'))
1531 {
1532 $PAGE = new pageBuilder;
1533 $PAGE->assign('linkcount',count($LINKSDB));
1534 $PAGE->renderPage('addlink');
1535 exit;
1536 }
1537
1538 // -------- User clicked the "Save" button when editing a link: Save link to database.
1539 if (isset($_POST['save_edit']))
1540 {
ad6c27b7 1541 if (!tokenOk($_POST['token'])) die('Wrong token.'); // Go away!
45034273
SS		 1542 $tags = trim(preg_replace('/\s\s+/',' ', $_POST['lf_tags'])); // Remove multiple spaces.
1543 $linkdate=$_POST['lf_linkdate'];
feebc6d4 1544 $url = trim($_POST['lf_url']);
f81139c9 1545 if (!startsWith($url,'http:') && !startsWith($url,'https:') && !startsWith($url,'ftp:') && !startsWith($url,'magnet:') && !startsWith($url,'?') && !startsWith($url,'javascript:'))
feebc6d4
SS		 1546 $url = 'http://'.$url;
1547 $link = array('title'=>trim($_POST['lf_title']),'url'=>$url,'description'=>trim($_POST['lf_description']),'private'=>(isset($_POST['lf_private']) ? 1 : 0),
45034273
SS		 1548 'linkdate'=>$linkdate,'tags'=>str_replace(',',' ',$tags));
1549 if ($link['title']=='') $link['title']=$link['url']; // If title is empty, use the URL as title.
1550 $LINKSDB[$linkdate] = $link;
ad6c27b7 1551 $LINKSDB->savedb(); // Save to disk.
45034273
SS		 1552 pubsubhub();
1553
1554 // If we are called from the bookmarklet, we must close the popup:
fe16b01e 1555 if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo '<script>self.close();</script>'; exit; }
45034273 1556 $returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' );
b342b2a4 1557 $returnurl .= '#'.smallHash($linkdate); // Scroll to the link which has been edited.
35c2c4db 1558 if (strstr($returnurl, "do=addlink")) { $returnurl = '?'; } //if we come from ?do=addlink, set returnurl to homepage instead
45034273
SS		 1559 header('Location: '.$returnurl); // After saving the link, redirect to the page the user was on.
1560 exit;
1561 }
1562
1563 // -------- User clicked the "Cancel" button when editing a link.
1564 if (isset($_POST['cancel_edit']))
1565 {
ad6c27b7 1566 // If we are called from the bookmarklet, we must close the popup:
fe16b01e 1567 if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo '<script>self.close();</script>'; exit; }
45034273 1568 $returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' );
b342b2a4 1569 $returnurl .= '#'.smallHash($_POST['lf_linkdate']); // Scroll to the link which has been edited.
45034273
SS		 1570 header('Location: '.$returnurl); // After canceling, redirect to the page the user was on.
1571 exit;
1572 }
1573
ad6c27b7 1574 // -------- User clicked the "Delete" button when editing a link: Delete link from database.
45034273
SS		 1575 if (isset($_POST['delete_link']))
1576 {
1577 if (!tokenOk($_POST['token'])) die('Wrong token.');
1578 // We do not need to ask for confirmation:
ad6c27b7 1579 // - confirmation is handled by JavaScript
45034273
SS		 1580 // - we are protected from XSRF by the token.
1581 $linkdate=$_POST['lf_linkdate'];
1582 unset($LINKSDB[$linkdate]);
1583 $LINKSDB->savedb(); // save to disk
1584
1585 // If we are called from the bookmarklet, we must close the popup:
fe16b01e 1586 if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo '<script>self.close();</script>'; exit; }
d528433d 1587 // Pick where we're going to redirect
1588 // =============================================================
1589 // Basically, we can't redirect to where we were previously if it was a permalink
1590 // or an edit_link, because it would 404.
1591 // Cases:
1592 // - / : nothing in $_GET, redirect to self
1593 // - /?page : redirect to self
1594 // - /?searchterm : redirect to self (there might be other links)
1595 // - /?searchtags : redirect to self
1596 // - /permalink : redirect to / (the link does not exist anymore)
1597 // - /?edit_link : redirect to / (the link does not exist anymore)
1598 // PHP treats the permalink as a $_GET variable, so we need to check if every condition for self
1599 // redirect is not satisfied, and only then redirect to /
1600 $location = "?";
1601 // Self redirection
1602 if (count($_GET) == 0 ||
1603 isset($_GET['page']) ||
1604 isset($_GET['searchterm']) ||
1605 isset($_GET['searchtags'])) {
1606
1607 if (isset($_POST['returnurl'])) {
1608 $location = $_POST['returnurl']; // Handle redirects given by the form
1609 }
1610
1611 if ($location === "?" &&
1612 isset($_SERVER['HTTP_REFERER'])) { // Handle HTTP_REFERER in case we're not coming from the same place.
1613 $location = $_SERVER['HTTP_REFERER'];
1614 }
1615 }
1616
1617 header('Location: ' . $location); // After deleting the link, redirect to appropriate location
45034273
SS		 1618 exit;
1619 }
1620
1621 // -------- User clicked the "EDIT" button on a link: Display link edit form.
1622 if (isset($_GET['edit_link']))
1623 {
1624 $link = $LINKSDB[$_GET['edit_link']]; // Read database
1625 if (!$link) { header('Location: ?'); exit; } // Link not found in database.
1626 $PAGE = new pageBuilder;
1627 $PAGE->assign('linkcount',count($LINKSDB));
1628 $PAGE->assign('link',$link);
1629 $PAGE->assign('link_is_new',false);
1630 $PAGE->assign('token',getToken()); // XSRF protection.
1631 $PAGE->assign('http_referer',(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''));
bdd1715b 1632 $PAGE->assign('tags', $LINKSDB->allTags());
45034273
SS		 1633 $PAGE->renderPage('editlink');
1634 exit;
1635 }
1636
1637 // -------- User want to post a new link: Display link edit form.
1638 if (isset($_GET['post']))
1639 {
1640 $url=$_GET['post'];
1641
403a1994 1642
ad2a397c 1643 // We remove the annoying parameters added by FeedBurner, GoogleFeedProxy, Facebook...
baf5cbf2 1644 $annoyingpatterns = array('/[\?&]utm_source=[^&]*/', '/[\?&]utm_campaign=[^&]*/', '/[\?&]utm_medium=[^&]*/', '/#xtor=RSS-[^&]*/', '/[\?&]fb_[^&]*/', '/[\?&]__scoop[^&]*/', '/#tk\.rss_all\?/', '/[\?&]action_ref_map=[^&]*/', '/[\?&]action_type_map=[^&]*/', '/[\?&]action_object_map=[^&]*/');
ad2a397c 1645 foreach($annoyingpatterns as $pattern)
1646 {
403a1994 1647 $url = preg_replace($pattern, "", $url);
ad2a397c 1648 }
45034273
SS		 1649
1650 $link_is_new = false;
1651 $link = $LINKSDB->getLinkFromUrl($url); // Check if URL is not already in database (in this case, we will edit the existing link)
1652 if (!$link)
1653 {
1654 $link_is_new = true; // This is a new link
1655 $linkdate = strval(date('Ymd_His'));
1656 $title = (empty($_GET['title']) ? '' : $_GET['title'] ); // Get title if it was provided in URL (by the bookmarklet).
7b2186a6 1657 $description = (empty($_GET['description']) ? '' : $_GET['description']); // Get description if it was provided in URL (by the bookmarklet). [Bronco added that]
3fac0a52 1658 $tags = (empty($_GET['tags']) ? '' : $_GET['tags'] ); // Get tags if it was provided in URL
732e683b 1659 $private = (!empty($_GET['private']) && $_GET['private'] === "1" ? 1 : 0); // Get private if it was provided in URL
45034273 1660 if (($url!='') && parse_url($url,PHP_URL_SCHEME)=='') $url = 'http://'.$url;
ad6c27b7 1661 // If this is an HTTP link, we try go get the page to extract the title (otherwise we will to straight to the edit form.)
45034273
SS		 1662 if (empty($title) && parse_url($url,PHP_URL_SCHEME)=='http')
1663 {
1664 list($status,$headers,$data) = getHTTP($url,4); // Short timeout to keep the application responsive.
1665 // FIXME: Decode charset according to specified in either 1) HTTP response headers or 2) <head> in html
002ef0e5
SS		 1666 if (strpos($status,'200 OK')!==false)
1667 {
1668 // Look for charset in html header.
1669 preg_match('#<meta .*charset=.*>#Usi', $data, $meta);
732e683b 1670
002ef0e5
SS		 1671 // If found, extract encoding.
1672 if (!empty($meta[0]))
1673 {
1674 // Get encoding specified in header.
1675 preg_match('#charset="?(.*)"#si', $meta[0], $enc);
1676 // If charset not found, use utf-8.
1677 $html_charset = (!empty($enc[1])) ? strtolower($enc[1]) : 'utf-8';
1678 }
1679 else { $html_charset = 'utf-8'; }
732e683b 1680
002ef0e5
SS		 1681 // Extract title
1682 $title = html_extract_title($data);
1683 if (!empty($title))
1684 {
1685 // Re-encode title in utf-8 if necessary.
1686 $title = ($html_charset == 'iso-8859-1') ? utf8_encode($title) : $title;
1687 }
1688 }
45034273 1689 }
27646ca5 1690 if ($url=='') // In case of empty URL, this is just a text (with a link that points to itself)
1691 {
1692 $url='?'.smallHash($linkdate);
1693 $title='Note: ';
1694 }
3fac0a52 1695 $link = array('linkdate'=>$linkdate,'title'=>$title,'url'=>$url,'description'=>$description,'tags'=>$tags,'private'=>$private);
45034273
SS		 1696 }
1697
1698 $PAGE = new pageBuilder;
1699 $PAGE->assign('linkcount',count($LINKSDB));
1700 $PAGE->assign('link',$link);
1701 $PAGE->assign('link_is_new',$link_is_new);
1702 $PAGE->assign('token',getToken()); // XSRF protection.
1703 $PAGE->assign('http_referer',(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''));
bdd1715b 1704 $PAGE->assign('tags', $LINKSDB->allTags());
45034273
SS		 1705 $PAGE->renderPage('editlink');
1706 exit;
1707 }
1708
1709 // -------- Export as Netscape Bookmarks HTML file.
1710 if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=export'))
1711 {
1712 if (empty($_GET['what']))
1713 {
1714 $PAGE = new pageBuilder;
1715 $PAGE->assign('linkcount',count($LINKSDB));
1716 $PAGE->renderPage('export');
1717 exit;
1718 }
1719 $exportWhat=$_GET['what'];
ad6c27b7 1720 if (!array_intersect(array('all','public','private'),array($exportWhat))) die('What are you trying to export???');
45034273
SS		 1721
1722 header('Content-Type: text/html; charset=utf-8');
1723 header('Content-disposition: attachment; filename=bookmarks_'.$exportWhat.'_'.strval(date('Ymd_His')).'.html');
1724 $currentdate=date('Y/m/d H:i:s');
1725 echo <<<HTML
1726<!DOCTYPE NETSCAPE-Bookmark-file-1>
1727<!-- This is an automatically generated file.
1728 It will be read and overwritten.
1729 DO NOT EDIT! -->
1730<!-- Shaarli {$exportWhat} bookmarks export on {$currentdate} -->
1731<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8">
1732<TITLE>Bookmarks</TITLE>
1733<H1>Bookmarks</H1>
1734HTML;
1735 foreach($LINKSDB as $link)
1736 {
1737 if ($exportWhat=='all' ||
1738 ($exportWhat=='private' && $link['private']!=0) ||
1739 ($exportWhat=='public' && $link['private']==0))
1740 {
1741 echo '<DT><A HREF="'.htmlspecialchars($link['url']).'" ADD_DATE="'.linkdate2timestamp($link['linkdate']).'" PRIVATE="'.$link['private'].'"';
1742 if ($link['tags']!='') echo ' TAGS="'.htmlspecialchars(str_replace(' ',',',$link['tags'])).'"';
1743 echo '>'.htmlspecialchars($link['title'])."</A>\n";
1744 if ($link['description']!='') echo '<DD>'.htmlspecialchars($link['description'])."\n";
1745 }
1746 }
1747 exit;
1748 }
1749
1750 // -------- User is uploading a file for import
1751 if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=upload'))
1752 {
1753 // If file is too big, some form field may be missing.
1754 if (!isset($_POST['token']) || (!isset($_FILES)) || (isset($_FILES['filetoupload']['size']) && $_FILES['filetoupload']['size']==0))
1755 {
1756 $returnurl = ( empty($_SERVER['HTTP_REFERER']) ? '?' : $_SERVER['HTTP_REFERER'] );
fe16b01e 1757 echo '<script>alert("The file you are trying to upload is probably bigger than what this webserver can accept ('.getMaxFileSize().' bytes). Please upload in smaller chunks.");document.location=\''.htmlspecialchars($returnurl).'\';</script>';
45034273
SS		 1758 exit;
1759 }
1760 if (!tokenOk($_POST['token'])) die('Wrong token.');
1761 importFile();
1762 exit;
1763 }
1764
1765 // -------- Show upload/import dialog:
1766 if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=import'))
1767 {
1768 $PAGE = new pageBuilder;
1769 $PAGE->assign('linkcount',count($LINKSDB));
1770 $PAGE->assign('token',getToken());
1771 $PAGE->assign('maxfilesize',getMaxFileSize());
1772 $PAGE->renderPage('import');
1773 exit;
1774 }
1775
1776 // -------- Otherwise, simply display search form and links:
1777 $PAGE = new pageBuilder;
1778 $PAGE->assign('linkcount',count($LINKSDB));
1779 buildLinkList($PAGE,$LINKSDB); // Compute list of links to display
1780 $PAGE->renderPage('linklist');
1781 exit;
1782}
1783
1784// -----------------------------------------------------------------------------------------------
1785// Process the import file form.
1786function importFile()
1787{
1788 if (!(isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI'])) { die('Not allowed.'); }
1789 $LINKSDB=new linkdb(isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI']); // Read links from database (and filter private links if used it not logged in).
1790 $filename=$_FILES['filetoupload']['name'];
1791 $filesize=$_FILES['filetoupload']['size'];
1792 $data=file_get_contents($_FILES['filetoupload']['tmp_name']);
ad6c27b7 1793 $private = (empty($_POST['private']) ? 0 : 1); // Should the links be imported as private?
1794 $overwrite = !empty($_POST['overwrite']) ; // Should the imported links overwrite existing ones?
45034273
SS		 1795 $import_count=0;
1796
1797 // Sniff file type:
1798 $type='unknown';
1799 if (startsWith($data,'<!DOCTYPE NETSCAPE-Bookmark-file-1>')) $type='netscape'; // Netscape bookmark file (aka Firefox).
1800
1801 // Then import the bookmarks.
1802 if ($type=='netscape')
1803 {
1804 // This is a standard Netscape-style bookmark file.
ad6c27b7 1805 // This format is supported by all browsers (except IE, of course), also Delicious, Diigo and others.
45034273
SS		 1806 foreach(explode('<DT>',$data) as $html) // explode is very fast
1807 {
1808 $link = array('linkdate'=>'','title'=>'','url'=>'','description'=>'','tags'=>'','private'=>0);
1809 $d = explode('<DD>',$html);
1810 if (startswith($d[0],'<A '))
1811 {
1812 $link['description'] = (isset($d[1]) ? html_entity_decode(trim($d[1]),ENT_QUOTES,'UTF-8') : ''); // Get description (optional)
1813 preg_match('!<A .*?>(.*?)</A>!i',$d[0],$matches); $link['title'] = (isset($matches[1]) ? trim($matches[1]) : ''); // Get title
1814 $link['title'] = html_entity_decode($link['title'],ENT_QUOTES,'UTF-8');
1815 preg_match_all('! ([A-Z_]+)=\"(.*?)"!i',$html,$matches,PREG_SET_ORDER); // Get all other attributes
1816 $raw_add_date=0;
1817 foreach($matches as $m)
1818 {
1819 $attr=$m[1]; $value=$m[2];
1820 if ($attr=='HREF') $link['url']=html_entity_decode($value,ENT_QUOTES,'UTF-8');
fc93ae1d
AA		 1821 elseif ($attr=='ADD_DATE')
1822 {
1823 $raw_add_date=intval($value);
1824 if ($raw_add_date>30000000000) $raw_add_date/=1000; //If larger than year 2920, then was likely stored in milliseconds instead of seconds
1825 }
45034273
SS		 1826 elseif ($attr=='PRIVATE') $link['private']=($value=='0'?0:1);
1827 elseif ($attr=='TAGS') $link['tags']=html_entity_decode(str_replace(',',' ',$value),ENT_QUOTES,'UTF-8');
1828 }
1829 if ($link['url']!='')
1830 {
1831 if ($private==1) $link['private']=1;
1832 $dblink = $LINKSDB->getLinkFromUrl($link['url']); // See if the link is already in database.
1833 if ($dblink==false)
1834 { // Link not in database, let's import it...
1835 if (empty($raw_add_date)) $raw_add_date=time(); // In case of shitty bookmark file with no ADD_DATE
1836
1837 // Make sure date/time is not already used by another link.
1838 // (Some bookmark files have several different links with the same ADD_DATE)
ad6c27b7 1839 // We increment date by 1 second until we find a date which is not used in DB.
45034273
SS		 1840 // (so that links that have the same date/time are more or less kept grouped by date, but do not conflict.)
1841 while (!empty($LINKSDB[date('Ymd_His',$raw_add_date)])) { $raw_add_date++; }// Yes, I know it's ugly.
1842 $link['linkdate']=date('Ymd_His',$raw_add_date);
1843 $LINKSDB[$link['linkdate']] = $link;
1844 $import_count++;
1845 }
ad6c27b7 1846 else // Link already present in database.
45034273
SS		 1847 {
1848 if ($overwrite)
1849 { // If overwrite is required, we import link data, except date/time.
1850 $link['linkdate']=$dblink['linkdate'];
1851 $LINKSDB[$link['linkdate']] = $link;
1852 $import_count++;
1853 }
1854 }
1855
1856 }
1857 }
1858 }
1859 $LINKSDB->savedb();
1860
fe16b01e 1861 echo '<script>alert("File '.json_encode($filename).' ('.$filesize.' bytes) was successfully processed: '.$import_count.' links imported.");document.location=\'?\';</script>';
45034273
SS		 1862 }
1863 else
1864 {
fe16b01e 1865 echo '<script>alert("File '.json_encode($filename).' ('.$filesize.' bytes) has an unknown file format. Nothing was imported.");document.location=\'?\';</script>';
45034273
SS		 1866 }
1867}
1868
1869// -----------------------------------------------------------------------------------------------
1870// Template for the list of links (<div id="linklist">)
1871// This function fills all the necessary fields in the $PAGE for the template 'linklist.html'
1872function buildLinkList($PAGE,$LINKSDB)
1873{
1874 // ---- Filter link database according to parameters
1875 $linksToDisplay=array();
1876 $search_type='';
1877 $search_crits='';
1878 if (isset($_GET['searchterm'])) // Fulltext search
1879 {
1880 $linksToDisplay = $LINKSDB->filterFulltext(trim($_GET['searchterm']));
1881 $search_crits=htmlspecialchars(trim($_GET['searchterm']));
1882 $search_type='fulltext';
1883 }
1884 elseif (isset($_GET['searchtags'])) // Search by tag
1885 {
1886 $linksToDisplay = $LINKSDB->filterTags(trim($_GET['searchtags']));
1887 $search_crits=explode(' ',trim($_GET['searchtags']));
1888 $search_type='tags';
1889 }
1890 elseif (isset($_SERVER['QUERY_STRING']) && preg_match('/[a-zA-Z0-9-_@]{6}(&.+?)?/',$_SERVER['QUERY_STRING'])) // Detect smallHashes in URL
1891 {
1892 $linksToDisplay = $LINKSDB->filterSmallHash(substr(trim($_SERVER["QUERY_STRING"], '/'),0,6));
1893 if (count($linksToDisplay)==0)
1894 {
1895 header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");
1896 echo '<h1>404 Not found.</h1>Oh crap. The link you are trying to reach does not exist or has been deleted.';
ad6c27b7 1897 echo '<br>You would mind <a href="?">clicking here</a>?';
45034273
SS		 1898 exit;
1899 }
1900 $search_type='permalink';
1901 }
1902 else
ad6c27b7 1903 $linksToDisplay = $LINKSDB; // Otherwise, display without filtering.
bb8f712d 1904
45034273
SS		 1905 // Option: Show only private links
1906 if (!empty($_SESSION['privateonly']))
1907 {
1908 $tmp = array();
1909 foreach($linksToDisplay as $linkdate=>$link)
1910 {
1911 if ($link['private']!=0) $tmp[$linkdate]=$link;
1912 }
1913 $linksToDisplay=$tmp;
1914 }
1915
1916 // ---- Handle paging.
ad6c27b7 1917 /* Can someone explain to me why you get the following error when using array_keys() on an object which implements the interface ArrayAccess???
45034273
SS		 1918 "Warning: array_keys() expects parameter 1 to be array, object given in ... "
1919 If my class implements ArrayAccess, why won't array_keys() accept it ? ( $keys=array_keys($linksToDisplay); )
1920 */
ad6c27b7 1921 $keys=array(); foreach($linksToDisplay as $key=>$value) { $keys[]=$key; } // Stupid and ugly. Thanks PHP.
45034273
SS		 1922
1923 // If there is only a single link, we change on-the-fly the title of the page.
1924 if (count($linksToDisplay)==1) $GLOBALS['pagetitle'] = $linksToDisplay[$keys[0]]['title'].' - '.$GLOBALS['title'];
1925
1926 // Select articles according to paging.
1927 $pagecount = ceil(count($keys)/$_SESSION['LINKS_PER_PAGE']);
1928 $pagecount = ($pagecount==0 ? 1 : $pagecount);
1929 $page=( empty($_GET['page']) ? 1 : intval($_GET['page']));
1930 $page = ( $page<1 ? 1 : $page );
1931 $page = ( $page>$pagecount ? $pagecount : $page );
1932 $i = ($page-1)*$_SESSION['LINKS_PER_PAGE']; // Start index.
1933 $end = $i+$_SESSION['LINKS_PER_PAGE'];
1934 $linkDisp=array(); // Links to display
1935 while ($i<$end && $i<count($keys))
1936 {
1937 $link = $linksToDisplay[$keys[$i]];
1938 $link['description']=nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($link['description']))));
a5752e77
A		 1939 $title=$link['title'];
1940 $classLi = $i%2!=0 ? '' : 'publicLinkHightLight';
45034273 1941 $link['class'] = ($link['private']==0 ? $classLi : 'private');
bec18701 1942 $link['timestamp']=linkdate2timestamp($link['linkdate']);
a5752e77
A		 1943 $taglist = explode(' ',$link['tags']);
1944 uasort($taglist, 'strcasecmp');
dd62b9ba 1945 $link['taglist']=$taglist;
b47f515a
FE		 1946
1947 if ($link["url"][0] === '?' && // Check for both signs of a note: starting with ? and 7 chars long. I doubt that you'll post any links that look like this.
1948 strlen($link["url"]) === 7) {
1949 $link["url"] = indexUrl() . $link["url"];
1950 }
1951
45034273
SS		 1952 $linkDisp[$keys[$i]] = $link;
1953 $i++;
1954 }
bb8f712d 1955
45034273
SS		 1956 // Compute paging navigation
1957 $searchterm= ( empty($_GET['searchterm']) ? '' : '&searchterm='.$_GET['searchterm'] );
1958 $searchtags= ( empty($_GET['searchtags']) ? '' : '&searchtags='.$_GET['searchtags'] );
1959 $paging='';
1960 $previous_page_url=''; if ($i!=count($keys)) $previous_page_url='?page='.($page+1).$searchterm.$searchtags;
1961 $next_page_url='';if ($page>1) $next_page_url='?page='.($page-1).$searchterm.$searchtags;
1962
bb8f712d
KT		 1963 $token = ''; if (isLoggedIn()) $token=getToken();
1964
45034273
SS		 1965 // Fill all template fields.
1966 $PAGE->assign('linkcount',count($LINKSDB));
1967 $PAGE->assign('previous_page_url',$previous_page_url);
1968 $PAGE->assign('next_page_url',$next_page_url);
1969 $PAGE->assign('page_current',$page);
1970 $PAGE->assign('page_max',$pagecount);
1971 $PAGE->assign('result_count',count($linksToDisplay));
1972 $PAGE->assign('search_type',$search_type);
bb8f712d 1973 $PAGE->assign('search_crits',$search_crits);
ad6c27b7 1974 $PAGE->assign('redirector',empty($GLOBALS['redirector']) ? '' : $GLOBALS['redirector']); // Optional redirector URL.
45034273
SS		 1975 $PAGE->assign('token',$token);
1976 $PAGE->assign('links',$linkDisp);
1977 return;
1978}
1979
1980// Compute the thumbnail for a link.
bb8f712d 1981//
ad6c27b7 1982// With a link to the original URL.
45034273 1983// Understands various services (youtube.com...)
ad6c27b7 1984// Input: $url = URL for which the thumbnail must be found.
45034273
SS		 1985// $href = if provided, this URL will be followed instead of $url
1986// Returns an associative array with thumbnail attributes (src,href,width,height,style,alt)
1987// Some of them may be missing.
1988// Return an empty array if no thumbnail available.
1989function computeThumbnail($url,$href=false)
1990{
1991 if (!$GLOBALS['config']['ENABLE_THUMBNAILS']) return array();
1992 if ($href==false) $href=$url;
1993
1994 // For most hosts, the URL of the thumbnail can be easily deduced from the URL of the link.
ad6c27b7 1995 // (e.g. http://www.youtube.com/watch?v=spVypYk4kto ---> http://img.youtube.com/vi/spVypYk4kto/default.jpg )
45034273
SS		 1996 // ^^^^^^^^^^^ ^^^^^^^^^^^
1997 $domain = parse_url($url,PHP_URL_HOST);
1998 if ($domain=='youtube.com' || $domain=='www.youtube.com')
1999 {
2000 parse_str(parse_url($url,PHP_URL_QUERY), $params); // Extract video ID and get thumbnail
1a663a0f 2001 if (!empty($params['v'])) return array('src'=>'https://img.youtube.com/vi/'.$params['v'].'/default.jpg',
45034273
SS		 2002 'href'=>$href,'width'=>'120','height'=>'90','alt'=>'YouTube thumbnail');
2003 }
2004 if ($domain=='youtu.be') // Youtube short links
2005 {
2006 $path = parse_url($url,PHP_URL_PATH);
1a663a0f 2007 return array('src'=>'https://img.youtube.com/vi'.$path.'/default.jpg',
bb8f712d 2008 'href'=>$href,'width'=>'120','height'=>'90','alt'=>'YouTube thumbnail');
45034273
SS		 2009 }
2010 if ($domain=='pix.toile-libre.org') // pix.toile-libre.org image hosting
2011 {
2012 parse_str(parse_url($url,PHP_URL_QUERY), $params); // Extract image filename.
2013 if (!empty($params) && !empty($params['img'])) return array('src'=>'http://pix.toile-libre.org/upload/thumb/'.urlencode($params['img']),
bb8f712d
KT		 2014 'href'=>$href,'style'=>'max-width:120px; max-height:150px','alt'=>'pix.toile-libre.org thumbnail');
2015 }
2016
45034273
SS		 2017 if ($domain=='imgur.com')
2018 {
2019 $path = parse_url($url,PHP_URL_PATH);
2020 if (startsWith($path,'/a/')) return array(); // Thumbnails for albums are not available.
1a663a0f 2021 if (startsWith($path,'/r/')) return array('src'=>'https://i.imgur.com/'.basename($path).'s.jpg',
45034273 2022 'href'=>$href,'width'=>'90','height'=>'90','alt'=>'imgur.com thumbnail');
1a663a0f 2023 if (startsWith($path,'/gallery/')) return array('src'=>'https://i.imgur.com'.substr($path,8).'s.jpg',
45034273
SS		 2024 'href'=>$href,'width'=>'90','height'=>'90','alt'=>'imgur.com thumbnail');
2025
1a663a0f 2026 if (substr_count($path,'/')==1) return array('src'=>'https://i.imgur.com/'.substr($path,1).'s.jpg',
45034273
SS		 2027 'href'=>$href,'width'=>'90','height'=>'90','alt'=>'imgur.com thumbnail');
2028 }
2029 if ($domain=='i.imgur.com')
2030 {
2031 $pi = pathinfo(parse_url($url,PHP_URL_PATH));
1a663a0f 2032 if (!empty($pi['filename'])) return array('src'=>'https://i.imgur.com/'.$pi['filename'].'s.jpg',
45034273
SS		 2033 'href'=>$href,'width'=>'90','height'=>'90','alt'=>'imgur.com thumbnail');
2034 }
2035 if ($domain=='dailymotion.com' || $domain=='www.dailymotion.com')
2036 {
2037 if (strpos($url,'dailymotion.com/video/')!==false)
2038 {
2039 $thumburl=str_replace('dailymotion.com/video/','dailymotion.com/thumbnail/video/',$url);
2040 return array('src'=>$thumburl,
2041 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'DailyMotion thumbnail');
2042 }
2043 }
2044 if (endsWith($domain,'.imageshack.us'))
2045 {
2046 $ext=strtolower(pathinfo($url,PATHINFO_EXTENSION));
2047 if ($ext=='jpg' || $ext=='jpeg' || $ext=='png' || $ext=='gif')
2048 {
2049 $thumburl = substr($url,0,strlen($url)-strlen($ext)).'th.'.$ext;
2050 return array('src'=>$thumburl,
2051 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'imageshack.us thumbnail');
2052 }
2053 }
2054
2055 // Some other hosts are SLOW AS HELL and usually require an extra HTTP request to get the thumbnail URL.
2056 // So we deport the thumbnail generation in order not to slow down page generation
2057 // (and we also cache the thumbnail)
2058
2059 if (!$GLOBALS['config']['ENABLE_LOCALCACHE']) return array(); // If local cache is disabled, no thumbnails for services which require the use a local cache.
2060
2061 if ($domain=='flickr.com' || endsWith($domain,'.flickr.com')
2062 || $domain=='vimeo.com'
2063 || $domain=='ted.com' || endsWith($domain,'.ted.com')
2064 || $domain=='xkcd.com' || endsWith($domain,'.xkcd.com')
2065 )
2066 {
2067 if ($domain=='vimeo.com')
ad6c27b7 2068 { // Make sure this vimeo URL points to a video (/xxx... where xxx is numeric)
45034273
SS		 2069 $path = parse_url($url,PHP_URL_PATH);
2070 if (!preg_match('!/\d+.+?!',$path)) return array(); // This is not a single video URL.
2071 }
2072 if ($domain=='xkcd.com' || endsWith($domain,'.xkcd.com'))
ad6c27b7 2073 { // Make sure this URL points to a single comic (/xxx... where xxx is numeric)
45034273
SS		 2074 $path = parse_url($url,PHP_URL_PATH);
2075 if (!preg_match('!/\d+.+?!',$path)) return array();
2076 }
2077 if ($domain=='ted.com' || endsWith($domain,'.ted.com'))
ad6c27b7 2078 { // Make sure this TED URL points to a video (/talks/...)
45034273
SS		 2079 $path = parse_url($url,PHP_URL_PATH);
2080 if ("/talks/" !== substr($path,0,7)) return array(); // This is not a single video URL.
2081 }
2082 $sign = hash_hmac('sha256', $url, $GLOBALS['salt']); // We use the salt to sign data (it's random, secret, and specific to each installation)
2083 return array('src'=>indexUrl().'?do=genthumbnail&hmac='.htmlspecialchars($sign).'&url='.urlencode($url),
2084 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail');
2085 }
2086
2087 // For all other, we try to make a thumbnail of links ending with .jpg/jpeg/png/gif
2088 // Technically speaking, we should download ALL links and check their Content-Type to see if they are images.
2089 // But using the extension will do.
2090 $ext=strtolower(pathinfo($url,PATHINFO_EXTENSION));
2091 if ($ext=='jpg' || $ext=='jpeg' || $ext=='png' || $ext=='gif')
2092 {
2093 $sign = hash_hmac('sha256', $url, $GLOBALS['salt']); // We use the salt to sign data (it's random, secret, and specific to each installation)
2094 return array('src'=>indexUrl().'?do=genthumbnail&hmac='.htmlspecialchars($sign).'&url='.urlencode($url),
bb8f712d 2095 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail');
45034273
SS		 2096 }
2097 return array(); // No thumbnail.
2098
2099}
2100
2101
2102// Returns the HTML code to display a thumbnail for a link
2103// with a link to the original URL.
2104// Understands various services (youtube.com...)
ad6c27b7 2105// Input: $url = URL for which the thumbnail must be found.
45034273
SS		 2106// $href = if provided, this URL will be followed instead of $url
2107// Returns '' if no thumbnail available.
2108function thumbnail($url,$href=false)
2109{
2110 $t = computeThumbnail($url,$href);
2111 if (count($t)==0) return ''; // Empty array = no thumbnail for this URL.
bb8f712d 2112
45034273
SS		 2113 $html='<a href="'.htmlspecialchars($t['href']).'"><img src="'.htmlspecialchars($t['src']).'"';
2114 if (!empty($t['width'])) $html.=' width="'.htmlspecialchars($t['width']).'"';
2115 if (!empty($t['height'])) $html.=' height="'.htmlspecialchars($t['height']).'"';
2116 if (!empty($t['style'])) $html.=' style="'.htmlspecialchars($t['style']).'"';
2117 if (!empty($t['alt'])) $html.=' alt="'.htmlspecialchars($t['alt']).'"';
2118 $html.='></a>';
2119 return $html;
2120}
2121
45034273
SS		 2122// Returns the HTML code to display a thumbnail for a link
2123// for the picture wall (using lazy image loading)
2124// Understands various services (youtube.com...)
ad6c27b7 2125// Input: $url = URL for which the thumbnail must be found.
45034273
SS		 2126// $href = if provided, this URL will be followed instead of $url
2127// Returns '' if no thumbnail available.
2128function lazyThumbnail($url,$href=false)
2129{
bb8f712d 2130 $t = computeThumbnail($url,$href);
45034273
SS		 2131 if (count($t)==0) return ''; // Empty array = no thumbnail for this URL.
2132
2133 $html='<a href="'.htmlspecialchars($t['href']).'">';
bb8f712d 2134
34047d23
A		 2135 // Lazy image
2136 $html.='<img class="b-lazy" src="#" data-src="'.htmlspecialchars($t['src']).'"';
858c5c2b 2137
45034273
SS		 2138 if (!empty($t['width'])) $html.=' width="'.htmlspecialchars($t['width']).'"';
2139 if (!empty($t['height'])) $html.=' height="'.htmlspecialchars($t['height']).'"';
2140 if (!empty($t['style'])) $html.=' style="'.htmlspecialchars($t['style']).'"';
2141 if (!empty($t['alt'])) $html.=' alt="'.htmlspecialchars($t['alt']).'"';
2142 $html.='>';
bb8f712d 2143
ad6c27b7 2144 // No-JavaScript fallback.
45034273
SS		 2145 $html.='<noscript><img src="'.htmlspecialchars($t['src']).'"';
2146 if (!empty($t['width'])) $html.=' width="'.htmlspecialchars($t['width']).'"';
2147 if (!empty($t['height'])) $html.=' height="'.htmlspecialchars($t['height']).'"';
2148 if (!empty($t['style'])) $html.=' style="'.htmlspecialchars($t['style']).'"';
2149 if (!empty($t['alt'])) $html.=' alt="'.htmlspecialchars($t['alt']).'"';
2150 $html.='></noscript></a>';
bb8f712d 2151
45034273
SS		 2152 return $html;
2153}
2154
2155
2156// -----------------------------------------------------------------------------------------------
2157// Installation
2158// This function should NEVER be called if the file data/config.php exists.
2159function install()
2160{
2161 // On free.fr host, make sure the /sessions directory exists, otherwise login will not work.
f6a6ca0a 2162 if (endsWith($_SERVER['HTTP_HOST'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705);
45034273 2163
f37664a2
SS		 2164
2165 // This part makes sure sessions works correctly.
2166 // (Because on some hosts, session.save_path may not be set correctly,
2167 // or we may not have write access to it.)
2168 if (isset($_GET['test_session']) && ( !isset($_SESSION) || !isset($_SESSION['session_tested']) || $_SESSION['session_tested']!='Working'))
2169 { // Step 2: Check if data in session is correct.
2170 echo '<pre>Sessions do not seem to work correctly on your server.<br>';
2171 echo 'Make sure the variable session.save_path is set correctly in your php config, and that you have write access to it.<br>';
01ec1791 2172 echo 'It currently points to '.session_save_path().'<br>';
2173 echo 'Check that the hostname used to access Shaarli contains a dot. On some browsers, accessing your server via a hostname like \'localhost\' or any custom hostname without a dot causes cookie storage to fail. We recommend accessing your server via it\'s IP address or Fully Qualified Domain Name.<br>';
2174 echo '<br><a href="?">Click to try again.</a></pre>';
f37664a2
SS		 2175 die;
2176 }
2177 if (!isset($_SESSION['session_tested']))
2178 { // Step 1 : Try to store data in session and reload page.
2179 $_SESSION['session_tested'] = 'Working'; // Try to set a variable in session.
2180 header('Location: '.indexUrl().'?test_session'); // Redirect to check stored data.
2181 }
2182 if (isset($_GET['test_session']))
ad6c27b7 2183 { // Step 3: Sessions are OK. Remove test parameter from URL.
f37664a2
SS		 2184 header('Location: '.indexUrl());
2185 }
2186
2187
45034273
SS		 2188 if (!empty($_POST['setlogin']) && !empty($_POST['setpassword']))
2189 {
2190 $tz = 'UTC';
2191 if (!empty($_POST['continent']) && !empty($_POST['city']))
2192 if (isTZvalid($_POST['continent'],$_POST['city']))
2193 $tz = $_POST['continent'].'/'.$_POST['city'];
2194 $GLOBALS['timezone'] = $tz;
2195 // Everything is ok, let's create config file.
2196 $GLOBALS['login'] = $_POST['setlogin'];
2197 $GLOBALS['salt'] = sha1(uniqid('',true).'_'.mt_rand()); // Salt renders rainbow-tables attacks useless.
2198 $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']);
2199 $GLOBALS['title'] = (empty($_POST['title']) ? 'Shared links on '.htmlspecialchars(indexUrl()) : $_POST['title'] );
329e0768 2200 $GLOBALS['config']['ENABLE_UPDATECHECK'] = !empty($_POST['updateCheck']);
45034273 2201 writeConfig();
fe16b01e 2202 echo '<script>alert("Shaarli is now configured. Please enter your login/password and start shaaring your links!");document.location=\'?do=login\';</script>';
45034273
SS		 2203 exit;
2204 }
2205
2206 // Display config form:
2207 list($timezone_form,$timezone_js) = templateTZform();
04751e04 2208 $timezone_html=''; if ($timezone_form!='') $timezone_html='<tr><td><b>Timezone:</b></td><td>'.$timezone_form.'</td></tr>';
bb8f712d 2209
45034273
SS		 2210 $PAGE = new pageBuilder;
2211 $PAGE->assign('timezone_html',$timezone_html);
2212 $PAGE->assign('timezone_js',$timezone_js);
2213 $PAGE->renderPage('install');
2214 exit;
2215}
2216
ad6c27b7 2217// Generates the timezone selection form and JavaScript.
45034273
SS		 2218// Input: (optional) current timezone (can be 'UTC/UTC'). It will be pre-selected.
2219// Output: array(html,js)
2220// Example: list($htmlform,$js) = templateTZform('Europe/Paris'); // Europe/Paris pre-selected.
ad6c27b7 2221// Returns array('','') if server does not support timezones list. (e.g. PHP 5.1 on free.fr)
45034273
SS		 2222function templateTZform($ptz=false)
2223{
ad6c27b7 2224 if (function_exists('timezone_identifiers_list')) // because of old PHP version (5.1) which can be found on free.fr
45034273
SS		 2225 {
2226 // Try to split the provided timezone.
2227 if ($ptz==false) { $l=timezone_identifiers_list(); $ptz=$l[0]; }
2228 $spos=strpos($ptz,'/'); $pcontinent=substr($ptz,0,$spos); $pcity=substr($ptz,$spos+1);
2229
2230 // Display config form:
2231 $timezone_form = '';
2232 $timezone_js = '';
ad6c27b7 2233 // The list is in the form "Europe/Paris", "America/Argentina/Buenos_Aires"...
45034273
SS		 2234 // We split the list in continents/cities.
2235 $continents = array();
2236 $cities = array();
2237 foreach(timezone_identifiers_list() as $tz)
2238 {
2239 if ($tz=='UTC') $tz='UTC/UTC';
2240 $spos = strpos($tz,'/');
2241 if ($spos!==false)
2242 {
2243 $continent=substr($tz,0,$spos); $city=substr($tz,$spos+1);
2244 $continents[$continent]=1;
2245 if (!isset($cities[$continent])) $cities[$continent]='';
e5aab50a 2246 $cities[$continent].='<option value="'.$city.'"'.($pcity==$city?' selected':'').'>'.$city.'</option>';
45034273
SS		 2247 }
2248 }
2249 $continents_html = '';
2250 $continents = array_keys($continents);
2251 foreach($continents as $continent)
e5aab50a 2252 $continents_html.='<option value="'.$continent.'"'.($pcontinent==$continent?' selected':'').'>'.$continent.'</option>';
45034273 2253 $cities_html = $cities[$pcontinent];
858c5c2b
SS		 2254 $timezone_form = "Continent: <select name=\"continent\" id=\"continent\" onChange=\"onChangecontinent();\">${continents_html}</select>";
2255 $timezone_form .= "&nbsp;&nbsp;&nbsp;&nbsp;City: <select name=\"city\" id=\"city\">${cities[$pcontinent]}</select><br />";
fe16b01e 2256 $timezone_js = "<script>";
45034273
SS		 2257 $timezone_js .= "function onChangecontinent(){document.getElementById(\"city\").innerHTML = citiescontinent[document.getElementById(\"continent\").value];}";
2258 $timezone_js .= "var citiescontinent = ".json_encode($cities).";" ;
2259 $timezone_js .= "</script>" ;
2260 return array($timezone_form,$timezone_js);
2261 }
2262 return array('','');
2263}
2264
2265// Tells if a timezone is valid or not.
2266// If not valid, returns false.
2267// If system does not support timezone list, returns false.
2268function isTZvalid($continent,$city)
2269{
2270 $tz = $continent.'/'.$city;
ad6c27b7 2271 if (function_exists('timezone_identifiers_list')) // because of old PHP version (5.1) which can be found on free.fr
45034273 2272 {
ad6c27b7 2273 if (in_array($tz, timezone_identifiers_list())) // it's a valid timezone?
45034273
SS		 2274 return true;
2275 }
2276 return false;
2277}
3385af12
LM		 2278if (!function_exists('json_encode')) {
2279 function json_encode($data) {
2280 switch ($type = gettype($data)) {
2281 case 'NULL':
2282 return 'null';
2283 case 'boolean':
2284 return ($data ? 'true' : 'false');
2285 case 'integer':
2286 case 'double':
2287 case 'float':
2288 return $data;
2289 case 'string':
2290 return '"' . addslashes($data) . '"';
2291 case 'object':
2292 $data = get_object_vars($data);
2293 case 'array':
2294 $output_index_count = 0;
2295 $output_indexed = array();
2296 $output_associative = array();
2297 foreach ($data as $key => $value) {
2298 $output_indexed[] = json_encode($value);
2299 $output_associative[] = json_encode($key) . ':' . json_encode($value);
2300 if ($output_index_count !== NULL && $output_index_count++ !== $key) {
2301 $output_index_count = NULL;
2302 }
2303 }
2304 if ($output_index_count !== NULL) {
2305 return '[' . implode(',', $output_indexed) . ']';
2306 } else {
2307 return '{' . implode(',', $output_associative) . '}';
2308 }
2309 default:
2310 return ''; // Not supported
2311 }
2312 }
2313}
45034273 2314
45034273
SS		 2315// Re-write configuration file according to globals.
2316// Requires some $GLOBALS to be set (login,hash,salt,title).
ad6c27b7 2317// If the config file cannot be saved, an error message is displayed and the user is redirected to "Tools" menu.
45034273
SS		 2318// (otherwise, the function simply returns.)
2319function writeConfig()
2320{
2321 if (is_file($GLOBALS['config']['CONFIG_FILE']) && !isLoggedIn()) die('You are not authorized to alter config.'); // Only logged in user can alter config.
45034273
SS		 2322 $config='<?php $GLOBALS[\'login\']='.var_export($GLOBALS['login'],true).'; $GLOBALS[\'hash\']='.var_export($GLOBALS['hash'],true).'; $GLOBALS[\'salt\']='.var_export($GLOBALS['salt'],true).'; ';
2323 $config .='$GLOBALS[\'timezone\']='.var_export($GLOBALS['timezone'],true).'; date_default_timezone_set('.var_export($GLOBALS['timezone'],true).'); $GLOBALS[\'title\']='.var_export($GLOBALS['title'],true).';';
ebb2880d 2324 $config .= '$GLOBALS[\'titleLink\']='.var_export($GLOBALS['titleLink'],true).'; ';
45034273
SS		 2325 $config .= '$GLOBALS[\'redirector\']='.var_export($GLOBALS['redirector'],true).'; ';
2326 $config .= '$GLOBALS[\'disablesessionprotection\']='.var_export($GLOBALS['disablesessionprotection'],true).'; ';
858c5c2b 2327 $config .= '$GLOBALS[\'disablejquery\']='.var_export($GLOBALS['disablejquery'],true).'; ';
bb8f712d 2328 $config .= '$GLOBALS[\'privateLinkByDefault\']='.var_export($GLOBALS['privateLinkByDefault'],true).'; ';
ed5b38dd 2329 $config .= '$GLOBALS[\'config\'][\'ENABLE_RSS_PERMALINKS\']='.var_export($GLOBALS['config']['ENABLE_RSS_PERMALINKS'], true).'; ';
329e0768 2330 $config .= '$GLOBALS[\'config\'][\'ENABLE_UPDATECHECK\']='.var_export($GLOBALS['config']['ENABLE_UPDATECHECK'], true).'; ';
45034273
SS		 2331 $config .= ' ?>';
2332 if (!file_put_contents($GLOBALS['config']['CONFIG_FILE'],$config) || strcmp(file_get_contents($GLOBALS['config']['CONFIG_FILE']),$config)!=0)
2333 {
fe16b01e 2334 echo '<script>alert("Shaarli could not create the config file. Please make sure Shaarli has the right to write in the folder is it installed in.");document.location=\'?\';</script>';
45034273
SS		 2335 exit;
2336 }
2337}
2338
ad6c27b7 2339/* Because some f*cking services like flickr require an extra HTTP request to get the thumbnail URL,
45034273 2340 I have deported the thumbnail URL code generation here, otherwise this would slow down page generation.
ad6c27b7 2341 The following function takes the URL a link (e.g. a flickr page) and return the proper thumbnail.
2342 This function is called by passing the URL:
45034273 2343 http://mywebsite.com/shaarli/?do=genthumbnail&hmac=[HMAC]&url=[URL]
ad6c27b7 2344 [URL] is the URL of the link (e.g. a flickr page)
45034273
SS		 2345 [HMAC] is the signature for the [URL] (so that these URL cannot be forged).
2346 The function below will fetch the image from the webservice and store it in the cache.
2347*/
2348function genThumbnail()
2349{
2350 // Make sure the parameters in the URL were generated by us.
2351 $sign = hash_hmac('sha256', $_GET['url'], $GLOBALS['salt']);
ad6c27b7 2352 if ($sign!=$_GET['hmac']) die('Naughty boy!');
45034273
SS		 2353
2354 // Let's see if we don't already have the image for this URL in the cache.
2355 $thumbname=hash('sha1',$_GET['url']).'.jpg';
2356 if (is_file($GLOBALS['config']['CACHEDIR'].'/'.$thumbname))
2357 { // We have the thumbnail, just serve it:
2358 header('Content-Type: image/jpeg');
2359 echo file_get_contents($GLOBALS['config']['CACHEDIR'].'/'.$thumbname);
2360 return;
2361 }
2362 // We may also serve a blank image (if service did not respond)
2363 $blankname=hash('sha1',$_GET['url']).'.gif';
2364 if (is_file($GLOBALS['config']['CACHEDIR'].'/'.$blankname))
2365 {
2366 header('Content-Type: image/gif');
2367 echo file_get_contents($GLOBALS['config']['CACHEDIR'].'/'.$blankname);
2368 return;
2369 }
2370
2371 // Otherwise, generate the thumbnail.
2372 $url = $_GET['url'];
2373 $domain = parse_url($url,PHP_URL_HOST);
2374
2375 if ($domain=='flickr.com' || endsWith($domain,'.flickr.com'))
2376 {
ad6c27b7 2377 // Crude replacement to handle new flickr domain policy (They prefer www. now)
45034273
SS		 2378 $url = str_replace('http://flickr.com/','http://www.flickr.com/',$url);
2379
2380 // Is this a link to an image, or to a flickr page ?
2381 $imageurl='';
2382 if (endswith(parse_url($url,PHP_URL_PATH),'.jpg'))
ad6c27b7 2383 { // This is a direct link to an image. e.g. http://farm1.staticflickr.com/5/5921913_ac83ed27bd_o.jpg
45034273
SS		 2384 preg_match('!(http://farm\d+\.staticflickr\.com/\d+/\d+_\w+_)\w.jpg!',$url,$matches);
2385 if (!empty($matches[1])) $imageurl=$matches[1].'m.jpg';
2386 }
ad6c27b7 2387 else // This is a flickr page (html)
45034273
SS		 2388 {
2389 list($httpstatus,$headers,$data) = getHTTP($url,20); // Get the flickr html page.
2390 if (strpos($httpstatus,'200 OK')!==false)
2391 {
ad6c27b7 2392 // flickr now nicely provides the URL of the thumbnail in each flickr page.
45034273
SS		 2393 preg_match('!<link rel=\"image_src\" href=\"(.+?)\"!',$data,$matches);
2394 if (!empty($matches[1])) $imageurl=$matches[1];
2395
2396 // In albums (and some other pages), the link rel="image_src" is not provided,
2397 // but flickr provides:
2398 // <meta property="og:image" content="http://farm4.staticflickr.com/3398/3239339068_25d13535ff_z.jpg" />
2399 if ($imageurl=='')
2400 {
2401 preg_match('!<meta property=\"og:image\" content=\"(.+?)\"!',$data,$matches);
2402 if (!empty($matches[1])) $imageurl=$matches[1];
2403 }
2404 }
2405 }
2406
2407 if ($imageurl!='')
2408 { // Let's download the image.
2409 list($httpstatus,$headers,$data) = getHTTP($imageurl,10); // Image is 240x120, so 10 seconds to download should be enough.
2410 if (strpos($httpstatus,'200 OK')!==false)
2411 {
2412 file_put_contents($GLOBALS['config']['CACHEDIR'].'/'.$thumbname,$data); // Save image to cache.
2413 header('Content-Type: image/jpeg');
2414 echo $data;
2415 return;
2416 }
2417 }
2418 }
2419
2420 elseif ($domain=='vimeo.com' )
2421 {
2422 // This is more complex: we have to perform a HTTP request, then parse the result.
ad6c27b7 2423 // Maybe we should deport this to JavaScript ? Example: http://stackoverflow.com/questions/1361149/get-img-thumbnails-from-vimeo/4285098#4285098
45034273 2424 $vid = substr(parse_url($url,PHP_URL_PATH),1);
1a663a0f 2425 list($httpstatus,$headers,$data) = getHTTP('https://vimeo.com/api/v2/video/'.htmlspecialchars($vid).'.php',5);
45034273
SS		 2426 if (strpos($httpstatus,'200 OK')!==false)
2427 {
2428 $t = unserialize($data);
2429 $imageurl = $t[0]['thumbnail_medium'];
2430 // Then we download the image and serve it to our client.
2431 list($httpstatus,$headers,$data) = getHTTP($imageurl,10);
2432 if (strpos($httpstatus,'200 OK')!==false)
2433 {
2434 file_put_contents($GLOBALS['config']['CACHEDIR'].'/'.$thumbname,$data); // Save image to cache.
2435 header('Content-Type: image/jpeg');
2436 echo $data;
2437 return;
2438 }
2439 }
2440 }
2441
2442 elseif ($domain=='ted.com' || endsWith($domain,'.ted.com'))
2443 {
2444 // The thumbnail for TED talks is located in the <link rel="image_src" [...]> tag on that page
2445 // http://www.ted.com/talks/mikko_hypponen_fighting_viruses_defending_the_net.html
2446 // <link rel="image_src" href="http://images.ted.com/images/ted/28bced335898ba54d4441809c5b1112ffaf36781_389x292.jpg" />
bb8f712d 2447 list($httpstatus,$headers,$data) = getHTTP($url,5);
45034273
SS		 2448 if (strpos($httpstatus,'200 OK')!==false)
2449 {
2450 // Extract the link to the thumbnail
2451 preg_match('!link rel="image_src" href="(http://images.ted.com/images/ted/.+_\d+x\d+\.jpg)"!',$data,$matches);
2452 if (!empty($matches[1]))
2453 { // Let's download the image.
2454 $imageurl=$matches[1];
2455 list($httpstatus,$headers,$data) = getHTTP($imageurl,20); // No control on image size, so wait long enough.
2456 if (strpos($httpstatus,'200 OK')!==false)
2457 {
2458 $filepath=$GLOBALS['config']['CACHEDIR'].'/'.$thumbname;
2459 file_put_contents($filepath,$data); // Save image to cache.
2460 if (resizeImage($filepath))
2461 {
2462 header('Content-Type: image/jpeg');
2463 echo file_get_contents($filepath);
2464 return;
2465 }
2466 }
2467 }
2468 }
2469 }
bb8f712d 2470
45034273
SS		 2471 elseif ($domain=='xkcd.com' || endsWith($domain,'.xkcd.com'))
2472 {
2473 // There is no thumbnail available for xkcd comics, so download the whole image and resize it.
2474 // http://xkcd.com/327/
2475 // <img src="http://imgs.xkcd.com/comics/exploits_of_a_mom.png" title="<BLABLA>" alt="<BLABLA>" />
2476 list($httpstatus,$headers,$data) = getHTTP($url,5);
2477 if (strpos($httpstatus,'200 OK')!==false)
2478 {
2479 // Extract the link to the thumbnail
2480 preg_match('!<img src="(http://imgs.xkcd.com/comics/.*)" title="[^s]!',$data,$matches);
2481 if (!empty($matches[1]))
2482 { // Let's download the image.
2483 $imageurl=$matches[1];
2484 list($httpstatus,$headers,$data) = getHTTP($imageurl,20); // No control on image size, so wait long enough.
2485 if (strpos($httpstatus,'200 OK')!==false)
2486 {
2487 $filepath=$GLOBALS['config']['CACHEDIR'].'/'.$thumbname;
2488 file_put_contents($filepath,$data); // Save image to cache.
2489 if (resizeImage($filepath))
2490 {
2491 header('Content-Type: image/jpeg');
2492 echo file_get_contents($filepath);
2493 return;
2494 }
2495 }
2496 }
2497 }
bb8f712d 2498 }
45034273
SS		 2499
2500 else
2501 {
2502 // For all other domains, we try to download the image and make a thumbnail.
2503 list($httpstatus,$headers,$data) = getHTTP($url,30); // We allow 30 seconds max to download (and downloads are limited to 4 Mb)
2504 if (strpos($httpstatus,'200 OK')!==false)
2505 {
2506 $filepath=$GLOBALS['config']['CACHEDIR'].'/'.$thumbname;
2507 file_put_contents($filepath,$data); // Save image to cache.
2508 if (resizeImage($filepath))
2509 {
2510 header('Content-Type: image/jpeg');
2511 echo file_get_contents($filepath);
2512 return;
2513 }
2514 }
2515 }
2516
2517
2518 // Otherwise, return an empty image (8x8 transparent gif)
2519 $blankgif = base64_decode('R0lGODlhCAAIAIAAAP///////yH5BAEKAAEALAAAAAAIAAgAAAIHjI+py+1dAAA7');
2520 file_put_contents($GLOBALS['config']['CACHEDIR'].'/'.$blankname,$blankgif); // Also put something in cache so that this URL is not requested twice.
2521 header('Content-Type: image/gif');
2522 echo $blankgif;
2523}
2524
2525// Make a thumbnail of the image (to width: 120 pixels)
2526// Returns true if success, false otherwise.
2527function resizeImage($filepath)
2528{
2529 if (!function_exists('imagecreatefromjpeg')) return false; // GD not present: no thumbnail possible.
2530
2531 // Trick: some stupid people rename GIF as JPEG... or else.
2532 // So we really try to open each image type whatever the extension is.
2533 $header=file_get_contents($filepath,false,NULL,0,256); // Read first 256 bytes and try to sniff file type.
2534 $im=false;
2535 $i=strpos($header,'GIF8'); if (($i!==false) && ($i==0)) $im = imagecreatefromgif($filepath); // Well this is crude, but it should be enough.
2536 $i=strpos($header,'PNG'); if (($i!==false) && ($i==1)) $im = imagecreatefrompng($filepath);
2537 $i=strpos($header,'JFIF'); if ($i!==false) $im = imagecreatefromjpeg($filepath);
2538 if (!$im) return false; // Unable to open image (corrupted or not an image)
2539 $w = imagesx($im);
2540 $h = imagesy($im);
2541 $ystart = 0; $yheight=$h;
2542 if ($h>$w) { $ystart= ($h/2)-($w/2); $yheight=$w/2; }
2543 $nw = 120; // Desired width
2544 $nh = min(floor(($h*$nw)/$w),120); // Compute new width/height, but maximum 120 pixels height.
2545 // Resize image:
2546 $im2 = imagecreatetruecolor($nw,$nh);
2547 imagecopyresampled($im2, $im, 0, 0, 0, $ystart, $nw, $nh, $w, $yheight);
2548 imageinterlace($im2,true); // For progressive JPEG.
2549 $tempname=$filepath.'_TEMP.jpg';
2550 imagejpeg($im2, $tempname, 90);
2551 imagedestroy($im);
2552 imagedestroy($im2);
9e820906 2553 unlink($filepath);
45034273
SS		 2554 rename($tempname,$filepath); // Overwrite original picture with thumbnail.
2555 return true;
2556}
2557
2558// Invalidate caches when the database is changed or the user logs out.
ad6c27b7 2559// (e.g. tags cache).
45034273
SS		 2560function invalidateCaches()
2561{
2562 unset($_SESSION['tags']); // Purge cache attached to session.
2563 pageCache::purgeCache(); // Purge page cache shared by sessions.
2564}
2565
2566if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=genthumbnail')) { genThumbnail(); exit; } // Thumbnail generation/cache does not need the link database.
2567if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=rss')) { showRSS(); exit; }
2568if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=atom')) { showATOM(); exit; }
2569if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=dailyrss')) { showDailyRSS(); exit; }
bb8f712d 2570if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=daily')) { showDaily(); exit; }
45034273
SS		 2571if (!isset($_SESSION['LINKS_PER_PAGE'])) $_SESSION['LINKS_PER_PAGE']=$GLOBALS['config']['LINKS_PER_PAGE'];
2572renderPage();
03545ef6 2573?>
The personal, minimalist, super-fast, database free, bookmarking service - community repo