]> git.immae.eu Git - github/shaarli/Shaarli.git/blame - index.php
projects / github / shaarli / Shaarli.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
bump version to 0.0.43beta
[github/shaarli/Shaarli.git] / index.php
CommitLineData
45034273 1<?php
be3f0b4e 2// Shaarli 0.0.43beta - Shaare your links...
ad6c27b7 3// The personal, minimalist, super-fast, no-database Delicious clone. By sebsauvage.net
45034273
SS		 4// http://sebsauvage.net/wiki/doku.php?id=php:shaarli
5// Licence: http://www.opensource.org/licenses/zlib-license.php
ad6c27b7 6// Requires: PHP 5.1.x (but autocomplete fields will only work if you have PHP 5.2.x)
45034273 7// -----------------------------------------------------------------------------------------------
cb49ab94
MC		 8// NEVER TRUST IN PHP.INI
9// Some hosts do not define a default timezone in php.ini,
10// so we have to do this for avoid the strict standard error.
11date_default_timezone_set('UTC');
12
45034273 13// -----------------------------------------------------------------------------------------------
ed5b38dd 14// Hardcoded parameter (These parameters can be overwritten by creating the file /data/options.php)
45034273
SS		 15$GLOBALS['config']['DATADIR'] = 'data'; // Data subdirectory
16$GLOBALS['config']['CONFIG_FILE'] = $GLOBALS['config']['DATADIR'].'/config.php'; // Configuration file (user login/password)
17$GLOBALS['config']['DATASTORE'] = $GLOBALS['config']['DATADIR'].'/datastore.php'; // Data storage file.
18$GLOBALS['config']['LINKS_PER_PAGE'] = 20; // Default links per page.
19$GLOBALS['config']['IPBANS_FILENAME'] = $GLOBALS['config']['DATADIR'].'/ipbans.php'; // File storage for failures and bans.
20$GLOBALS['config']['BAN_AFTER'] = 4; // Ban IP after this many failures.
21$GLOBALS['config']['BAN_DURATION'] = 1800; // Ban duration for IP address after login failures (in seconds) (1800 sec. = 30 minutes)
22$GLOBALS['config']['OPEN_SHAARLI'] = false; // If true, anyone can add/edit/delete links without having to login
23$GLOBALS['config']['HIDE_TIMESTAMPS'] = false; // If true, the moment when links were saved are not shown to users that are not logged in.
1099d8fc 24$GLOBALS['config']['SHOW_ATOM'] = false; // If true, an extra "ATOM feed" button will be displayed in the toolbar
45034273
SS		 25$GLOBALS['config']['ENABLE_THUMBNAILS'] = true; // Enable thumbnails in links.
26$GLOBALS['config']['CACHEDIR'] = 'cache'; // Cache directory for thumbnails for SLOW services (like flickr)
27$GLOBALS['config']['PAGECACHE'] = 'pagecache'; // Page cache directory.
ad6c27b7 28$GLOBALS['config']['ENABLE_LOCALCACHE'] = true; // Enable Shaarli to store thumbnail in a local cache. Disable to reduce web space usage.
45034273 29$GLOBALS['config']['PUBSUBHUB_URL'] = ''; // PubSubHubbub support. Put an empty string to disable, or put your hub url here to enable.
2f2aa06b
V		 30$GLOBALS['config']['RAINTPL_TMP'] = 'tmp/' ; // Raintpl cache directory (keep the trailing slash!)
31$GLOBALS['config']['RAINTPL_TPL'] = 'tpl/' ; // Raintpl template directory (keep the trailing slash!)
45034273
SS		 32$GLOBALS['config']['UPDATECHECK_FILENAME'] = $GLOBALS['config']['DATADIR'].'/lastupdatecheck.txt'; // For updates check of Shaarli.
33$GLOBALS['config']['UPDATECHECK_INTERVAL'] = 86400 ; // Updates check frequency for Shaarli. 86400 seconds=24 hours
34 // Note: You must have publisher.php in the same directory as Shaarli index.php
d2f51763 35$GLOBALS['config']['ARCHIVE_ORG'] = false; // For each link, add a link to an archived version on archive.org
ed5b38dd 36$GLOBALS['config']['ENABLE_RSS_PERMALINKS'] = true; // Enable RSS permalinks by default. This corresponds to the default behavior of shaarli before this was added as an option.
45034273 37// -----------------------------------------------------------------------------------------------
ad6c27b7 38// You should not touch below (or at your own risks!)
39// Optional config file.
45034273
SS		 40if (is_file($GLOBALS['config']['DATADIR'].'/options.php')) require($GLOBALS['config']['DATADIR'].'/options.php');
41
be3f0b4e 42define('shaarli_version','0.0.43beta');
ad6c27b7 43define('PHPPREFIX','<?php /* '); // Prefix to encapsulate data in PHP code.
44define('PHPSUFFIX',' */ ?>'); // Suffix to encapsulate data in PHP code.
ae00595b
CH		 45// http://server.com/x/shaarli --> /shaarli/
46define('WEB_PATH', substr($_SERVER["REQUEST_URI"], 0, 1+strrpos($_SERVER["REQUEST_URI"], '/', 0)));
45034273
SS		 47
48// Force cookie path (but do not change lifetime)
49$cookie=session_get_cookie_params();
2d9fab88 50$cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
2f32d074 51session_set_cookie_params($cookie['lifetime'],$cookiedir,$_SERVER['SERVER_NAME']); // Set default cookie expiration and path.
45034273 52
f37664a2
SS		 53// Set session parameters on server side.
54define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired.
55ini_set('session.use_cookies', 1); // Use cookies to store session.
ad6c27b7 56ini_set('session.use_only_cookies', 1); // Force cookies for session (phpsessionID forbidden in URL).
57ini_set('session.use_trans_sid', false); // Prevent PHP form using sessionID in URL if cookies are disabled.
f37664a2
SS		 58session_name('shaarli');
59if (session_id() == '') session_start(); // Start session if needed (Some server auto-start sessions).
60
45034273
SS		 61// PHP Settings
62ini_set('max_input_time','60'); // High execution time in case of problematic imports/exports.
63ini_set('memory_limit', '128M'); // Try to set max upload file size and read (May not work on some hosts).
64ini_set('post_max_size', '16M');
65ini_set('upload_max_filesize', '16M');
66checkphpversion();
67error_reporting(E_ALL^E_WARNING); // See all error except warnings.
68//error_reporting(-1); // See all errors (for debugging only)
69
70include "inc/rain.tpl.class.php"; //include Rain TPL
25f5c59d 71raintpl::$tpl_dir = $GLOBALS['config']['RAINTPL_TPL']; // template directory
25f5c59d 72raintpl::$cache_dir = $GLOBALS['config']['RAINTPL_TMP']; // cache directory
45034273
SS		 73
74ob_start(); // Output buffering for the page cache.
75
76
77// In case stupid admin has left magic_quotes enabled in php.ini:
78if (get_magic_quotes_gpc())
79{
80 function stripslashes_deep($value) { $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value); return $value; }
81 $_POST = array_map('stripslashes_deep', $_POST);
82 $_GET = array_map('stripslashes_deep', $_GET);
83 $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
84}
85
86// Prevent caching on client side or proxy: (yes, it's ugly)
87header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
88header("Cache-Control: no-store, no-cache, must-revalidate");
89header("Cache-Control: post-check=0, pre-check=0", false);
90header("Pragma: no-cache");
91
ad6c27b7 92// Directories creations (Note that your web host may require different rights than 705.)
60b83e7c 93if (!is_writable(realpath(dirname(__FILE__)))) die('<pre>ERROR: Shaarli does not have the right to write in its own directory.</pre>');
45034273 94
45034273
SS		 95// Handling of old config file which do not have the new parameters.
96if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.htmlspecialchars(indexUrl());
97if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get();
8a80e4fe 98if (empty($GLOBALS['redirector'])) $GLOBALS['redirector']='';
45034273 99if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false;
858c5c2b 100if (empty($GLOBALS['disablejquery'])) $GLOBALS['disablejquery']=false;
bb8f712d 101if (empty($GLOBALS['privateLinkByDefault'])) $GLOBALS['privateLinkByDefault']=false;
ebb2880d 102if (empty($GLOBALS['titleLink'])) $GLOBALS['titleLink']='?';
858c5c2b 103// I really need to rewrite Shaarli with a proper configuation manager.
45034273 104
8a80e4fe
SS		 105// Run config screen if first run:
106if (!is_file($GLOBALS['config']['CONFIG_FILE'])) install();
107
108require $GLOBALS['config']['CONFIG_FILE']; // Read login/password hash into $GLOBALS.
109
ae00595b
CH		 110// a token depending of deployment salt, user password, and the current ip
111define('STAY_SIGNED_IN_TOKEN', sha1($GLOBALS['hash'].$_SERVER["REMOTE_ADDR"].$GLOBALS['salt']));
8a80e4fe 112
45034273
SS		 113autoLocale(); // Sniff browser language and set date format accordingly.
114header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling.
115
ff69d87e
FE		 116//==================================================================================================
117// Checking session state (i.e. is the user still logged in)
118//==================================================================================================
119
120function setup_login_state() {
121 $userIsLoggedIn = false; // By default, we do not consider the user as logged in;
122 $loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met.
123 if ($GLOBALS['config']['OPEN_SHAARLI']) {
124 $userIsLoggedIn = true;
125 }
126 if (!isset($GLOBALS['login'])) {
127 $userIsLoggedIn = false; // Shaarli is not configured yet.
128 $loginFailure = true;
129 }
130 if (isset($_COOKIE['shaarli_staySignedIn']) &&
131 $_COOKIE['shaarli_staySignedIn']===STAY_SIGNED_IN_TOKEN &&
132 !$loginFailure)
133 {
134 fillSessionInfo();
135 $userIsLoggedIn = true;
136 }
137 // If session does not exist on server side, or IP address has changed, or session has expired, logout.
138 if (empty($_SESSION['uid']) ||
139 ($GLOBALS['disablesessionprotection']==false && $_SESSION['ip']!=allIPs()) ||
140 time() >= $_SESSION['expires_on'])
141 {
142 logout();
143 $userIsLoggedIn = false;
144 $loginFailure = true;
145 }
146 if (!empty($_SESSION['longlastingsession'])) {
147 $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // In case of "Stay signed in" checked.
148 }
149 else {
150 $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Standard session expiration date.
151 }
152 if (!$loginFailure) {
153 $userIsLoggedIn = true;
154 }
155
156 return $userIsLoggedIn;
157}
158//==================================================================================================
159$userIsLoggedIn = setup_login_state();
160//==================================================================================================
161//==================================================================================================
162
ad6c27b7 163// Check PHP version
45034273
SS		 164function checkphpversion()
165{
166 if (version_compare(PHP_VERSION, '5.1.0') < 0)
167 {
168 header('Content-Type: text/plain; charset=utf-8');
50976223 169 echo 'Your PHP version is obsolete! Shaarli requires at least php 5.1.0, and thus cannot run. Sorry. Your PHP version has known security vulnerabilities and should be updated as soon as possible.';
45034273
SS		 170 exit;
171 }
172}
173
174// Checks if an update is available for Shaarli.
175// (at most once a day, and only for registered user.)
176// Output: '' = no new version.
177// other= the available version.
178function checkUpdate()
179{
180 if (!isLoggedIn()) return ''; // Do not check versions for visitors.
181
182 // Get latest version number at most once a day.
183 if (!is_file($GLOBALS['config']['UPDATECHECK_FILENAME']) || (filemtime($GLOBALS['config']['UPDATECHECK_FILENAME'])<time()-($GLOBALS['config']['UPDATECHECK_INTERVAL'])))
184 {
185 $version=shaarli_version;
b11bc5b6 186 list($httpstatus,$headers,$data) = getHTTP('https://raw.githubusercontent.com/shaarli/Shaarli/master/shaarli_version.txt',2);
45034273 187 if (strpos($httpstatus,'200 OK')!==false) $version=$data;
ad6c27b7 188 // If failed, never mind. We don't want to bother the user with that.
45034273
SS		 189 file_put_contents($GLOBALS['config']['UPDATECHECK_FILENAME'],$version); // touch file date
190 }
191 // Compare versions:
192 $newestversion=file_get_contents($GLOBALS['config']['UPDATECHECK_FILENAME']);
193 if (version_compare($newestversion,shaarli_version)==1) return $newestversion;
194 return '';
195}
196
197
198// -----------------------------------------------------------------------------------------------
199// Simple cache system (mainly for the RSS/ATOM feeds).
200
201class pageCache
202{
203 private $url; // Full URL of the page to cache (typically the value returned by pageUrl())
ad6c27b7 204 private $shouldBeCached; // boolean: Should this url be cached?
205 private $filename; // Name of the cache file for this url.
45034273 206
bb8f712d 207 /*
ad6c27b7 208 $url = URL (typically the value returned by pageUrl())
45034273
SS		 209 $shouldBeCached = boolean. If false, the cache will be disabled.
210 */
211 public function __construct($url,$shouldBeCached)
212 {
213 $this->url = $url;
214 $this->filename = $GLOBALS['config']['PAGECACHE'].'/'.sha1($url).'.cache';
215 $this->shouldBeCached = $shouldBeCached;
bb8f712d 216 }
45034273
SS		 217
218 // If the page should be cached and a cached version exists,
219 // returns the cached version (otherwise, return null).
220 public function cachedVersion()
221 {
222 if (!$this->shouldBeCached) return null;
223 if (is_file($this->filename)) { return file_get_contents($this->filename); exit; }
224 return null;
225 }
226
227 // Put a page in the cache.
228 public function cache($page)
229 {
230 if (!$this->shouldBeCached) return;
45034273
SS		 231 file_put_contents($this->filename,$page);
232 }
233
234 // Purge the whole cache.
235 // (call with pageCache::purgeCache())
236 public static function purgeCache()
237 {
238 if (is_dir($GLOBALS['config']['PAGECACHE']))
239 {
240 $handler = opendir($GLOBALS['config']['PAGECACHE']);
64bf914a 241 if ($handler!==false)
45034273 242 {
bb8f712d 243 while (($filename = readdir($handler))!==false)
45034273
SS		 244 {
245 if (endsWith($filename,'.cache')) { unlink($GLOBALS['config']['PAGECACHE'].'/'.$filename); }
246 }
247 closedir($handler);
248 }
249 }
250 }
251
252}
253
254
255// -----------------------------------------------------------------------------------------------
256// Log to text file
257function logm($message)
258{
259 $t = strval(date('Y/m/d_H:i:s')).' - '.$_SERVER["REMOTE_ADDR"].' - '.strval($message)."\n";
260 file_put_contents($GLOBALS['config']['DATADIR'].'/log.txt',$t,FILE_APPEND);
261}
262
263// Same as nl2br(), but escapes < and >
264function nl2br_escaped($html)
265{
266 return str_replace('>','&gt;',str_replace('<','&lt;',nl2br($html)));
267}
268
c002ca9c 269/* Returns the small hash of a string, using RFC 4648 base64url format
ad6c27b7 270 e.g. smallHash('20111006_131924') --> yZH23w
45034273
SS		 271 Small hashes:
272 - are unique (well, as unique as crc32, at last)
273 - are always 6 characters long.
274 - only use the following characters: a-z A-Z 0-9 - _ @
275 - are NOT cryptographically secure (they CAN be forged)
276 In Shaarli, they are used as a tinyurl-like link to individual entries.
277*/
278function smallHash($text)
279{
280 $t = rtrim(base64_encode(hash('crc32',$text,true)),'=');
c002ca9c 281 return strtr($t, '+/', '-_');
45034273
SS		 282}
283
ad6c27b7 284// In a string, converts URLs to clickable links.
45034273
SS		 285// Function inspired from http://www.php.net/manual/en/function.preg-replace.php#85722
286function text2clickable($url)
287{
288 $redir = empty($GLOBALS['redirector']) ? '' : $GLOBALS['redirector'];
30b0672d 289 return preg_replace('!(((?:https?|ftp|file)://|apt:|magnet:)\S+[[:alnum:]]/?)!si','<a href="'.$redir.'$1" rel="nofollow">$1</a>',$url);
45034273
SS		 290}
291
292// This function inserts &nbsp; where relevant so that multiple spaces are properly displayed in HTML
293// even in the absence of <pre> (This is used in description to keep text formatting)
294function keepMultipleSpaces($text)
295{
296 return str_replace(' ',' &nbsp;',$text);
bb8f712d 297
45034273
SS		 298}
299// ------------------------------------------------------------------------------------------
300// Sniff browser language to display dates in the right format automatically.
301// (Note that is may not work on your server if the corresponding local is not installed.)
302function autoLocale()
303{
304 $loc='en_US'; // Default if browser does not send HTTP_ACCEPT_LANGUAGE
ad6c27b7 305 if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) // e.g. "fr,fr-fr;q=0.8,en;q=0.5,en-us;q=0.3"
306 { // (It's a bit crude, but it works very well. Preferred language is always presented first.)
45034273
SS		 307 if (preg_match('/([a-z]{2}(-[a-z]{2})?)/i',$_SERVER['HTTP_ACCEPT_LANGUAGE'],$matches)) $loc=$matches[1];
308 }
309 setlocale(LC_TIME,$loc); // LC_TIME = Set local for date/time format only.
310}
311
312// ------------------------------------------------------------------------------------------
313// PubSubHubbub protocol support (if enabled) [UNTESTED]
314// (Source: http://aldarone.fr/les-flux-rss-shaarli-et-pubsubhubbub/ )
315if (!empty($GLOBALS['config']['PUBSUBHUB_URL'])) include './publisher.php';
316function pubsubhub()
317{
318 if (!empty($GLOBALS['config']['PUBSUBHUB_URL']))
319 {
320 $p = new Publisher($GLOBALS['config']['PUBSUBHUB_URL']);
321 $topic_url = array (
322 indexUrl().'?do=atom',
323 indexUrl().'?do=rss'
324 );
325 $p->publish_update($topic_url);
326 }
327}
328
329// ------------------------------------------------------------------------------------------
330// Session management
45034273
SS		 331
332// Returns the IP address of the client (Used to prevent session cookie hijacking.)
333function allIPs()
334{
335 $ip = $_SERVER["REMOTE_ADDR"];
336 // Then we use more HTTP headers to prevent session hijacking from users behind the same proxy.
337 if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip=$ip.'_'.$_SERVER['HTTP_X_FORWARDED_FOR']; }
338 if (isset($_SERVER['HTTP_CLIENT_IP'])) { $ip=$ip.'_'.$_SERVER['HTTP_CLIENT_IP']; }
339 return $ip;
340}
341
ae00595b 342function fillSessionInfo() {
ad6c27b7 343 $_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand()); // Generate unique random number (different than phpsessionid)
ae00595b
CH		 344 $_SESSION['ip']=allIPs(); // We store IP address(es) of the client to make sure session is not hijacked.
345 $_SESSION['username']=$GLOBALS['login'];
346 $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Set session expiration.
347}
348
45034273
SS		 349// Check that user/password is correct.
350function check_auth($login,$password)
351{
352 $hash = sha1($password.$login.$GLOBALS['salt']);
353 if ($login==$GLOBALS['login'] && $hash==$GLOBALS['hash'])
354 { // Login/password is correct.
ae00595b 355 fillSessionInfo();
45034273
SS		 356 logm('Login successful');
357 return True;
358 }
359 logm('Login failed for user '.$login);
360 return False;
361}
362
363// Returns true if the user is logged in.
364function isLoggedIn()
365{
ff69d87e
FE		 366 global $userIsLoggedIn;
367 return $userIsLoggedIn;
45034273
SS		 368}
369
370// Force logout.
ff69d87e
FE		 371function logout() {
372 if (isset($_SESSION)) {
373 unset($_SESSION['uid']);
374 unset($_SESSION['ip']);
375 unset($_SESSION['username']);
376 unset($_SESSION['privateonly']);
377 }
378 setcookie('shaarli_staySignedIn', FALSE, 0, WEB_PATH);
ae00595b 379}
45034273
SS		 380
381
382// ------------------------------------------------------------------------------------------
383// Brute force protection system
384// Several consecutive failed logins will ban the IP address for 30 minutes.
385if (!is_file($GLOBALS['config']['IPBANS_FILENAME'])) file_put_contents($GLOBALS['config']['IPBANS_FILENAME'], "<?php\n\$GLOBALS['IPBANS']=".var_export(array('FAILURES'=>array(),'BANS'=>array()),true).";\n?>");
386include $GLOBALS['config']['IPBANS_FILENAME'];
387// Signal a failed login. Will ban the IP if too many failures:
388function ban_loginFailed()
389{
390 $ip=$_SERVER["REMOTE_ADDR"]; $gb=$GLOBALS['IPBANS'];
391 if (!isset($gb['FAILURES'][$ip])) $gb['FAILURES'][$ip]=0;
392 $gb['FAILURES'][$ip]++;
393 if ($gb['FAILURES'][$ip]>($GLOBALS['config']['BAN_AFTER']-1))
394 {
395 $gb['BANS'][$ip]=time()+$GLOBALS['config']['BAN_DURATION'];
396 logm('IP address banned from login');
397 }
398 $GLOBALS['IPBANS'] = $gb;
399 file_put_contents($GLOBALS['config']['IPBANS_FILENAME'], "<?php\n\$GLOBALS['IPBANS']=".var_export($gb,true).";\n?>");
400}
401
402// Signals a successful login. Resets failed login counter.
403function ban_loginOk()
404{
405 $ip=$_SERVER["REMOTE_ADDR"]; $gb=$GLOBALS['IPBANS'];
406 unset($gb['FAILURES'][$ip]); unset($gb['BANS'][$ip]);
407 $GLOBALS['IPBANS'] = $gb;
408 file_put_contents($GLOBALS['config']['IPBANS_FILENAME'], "<?php\n\$GLOBALS['IPBANS']=".var_export($gb,true).";\n?>");
409}
410
411// Checks if the user CAN login. If 'true', the user can try to login.
412function ban_canLogin()
413{
414 $ip=$_SERVER["REMOTE_ADDR"]; $gb=$GLOBALS['IPBANS'];
415 if (isset($gb['BANS'][$ip]))
416 {
417 // User is banned. Check if the ban has expired:
418 if ($gb['BANS'][$ip]<=time())
419 { // Ban expired, user can try to login again.
420 logm('Ban lifted.');
421 unset($gb['FAILURES'][$ip]); unset($gb['BANS'][$ip]);
422 file_put_contents($GLOBALS['config']['IPBANS_FILENAME'], "<?php\n\$GLOBALS['IPBANS']=".var_export($gb,true).";\n?>");
423 return true; // Ban has expired, user can login.
424 }
425 return false; // User is banned.
426 }
427 return true; // User is not banned.
428}
429
430// ------------------------------------------------------------------------------------------
431// Process login form: Check if login/password is correct.
432if (isset($_POST['login']))
433{
434 if (!ban_canLogin()) die('I said: NO. You are banned for the moment. Go away.');
435 if (isset($_POST['password']) && tokenOk($_POST['token']) && (check_auth($_POST['login'], $_POST['password'])))
ad6c27b7 436 { // Login/password is OK.
45034273
SS		 437 ban_loginOk();
438 // If user wants to keep the session cookie even after the browser closes:
439 if (!empty($_POST['longlastingsession']))
440 {
ae00595b 441 setcookie('shaarli_staySignedIn', STAY_SIGNED_IN_TOKEN, time()+31536000, WEB_PATH);
45034273
SS		 442 $_SESSION['longlastingsession']=31536000; // (31536000 seconds = 1 year)
443 $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // Set session expiration on server-side.
2d9fab88
SS		 444
445 $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
2f32d074 446 session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir,$_SERVER['SERVER_NAME']); // Set session cookie expiration on client side
ad6c27b7 447 // Note: Never forget the trailing slash on the cookie path!
45034273
SS		 448 session_regenerate_id(true); // Send cookie with new expiration date to browser.
449 }
450 else // Standard session expiration (=when browser closes)
451 {
2d9fab88 452 $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
2f32d074 453 session_set_cookie_params(0,$cookiedir,$_SERVER['SERVER_NAME']); // 0 means "When browser closes"
45034273
SS		 454 session_regenerate_id(true);
455 }
456 // Optional redirect after login:
a1795ddc 457 if (isset($_GET['post'])) { header('Location: ?post='.urlencode($_GET['post']).(!empty($_GET['title'])?'&title='.urlencode($_GET['title']):'').(!empty($_GET['description'])?'&description='.urlencode($_GET['description']):'').(!empty($_GET['source'])?'&source='.urlencode($_GET['source']):'')); exit; }
45034273
SS		 458 if (isset($_POST['returnurl']))
459 {
460 if (endsWith($_POST['returnurl'],'?do=login')) { header('Location: ?'); exit; } // Prevent loops over login screen.
461 header('Location: '.$_POST['returnurl']); exit;
462 }
463 header('Location: ?'); exit;
464 }
465 else
466 {
467 ban_loginFailed();
705f8355 468 $redir = '';
a1795ddc 469 if (isset($_GET['post'])) { $redir = '&post='.urlencode($_GET['post']).(!empty($_GET['title'])?'&title='.urlencode($_GET['title']):'').(!empty($_GET['description'])?'&description='.urlencode($_GET['description']):'').(!empty($_GET['source'])?'&source='.urlencode($_GET['source']):''); }
fe16b01e 470 echo '<script>alert("Wrong login/password.");document.location=\'?do=login'.$redir.'\';</script>'; // Redirect to login screen.
45034273
SS		 471 exit;
472 }
473}
474
475// ------------------------------------------------------------------------------------------
476// Misc utility functions:
477
478// Returns the server URL (including port and http/https), without path.
ad6c27b7 479// e.g. "http://myserver.com:8080"
45034273
SS		 480// You can append $_SERVER['SCRIPT_NAME'] to get the current script URL.
481function serverUrl()
482{
483 $https = (!empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS'])=='on')) || $_SERVER["SERVER_PORT"]=='443'; // HTTPS detection.
484 $serverport = ($_SERVER["SERVER_PORT"]=='80' || ($https && $_SERVER["SERVER_PORT"]=='443') ? '' : ':'.$_SERVER["SERVER_PORT"]);
2f32d074 485 return 'http'.($https?'s':'').'://'.$_SERVER['SERVER_NAME'].$serverport;
45034273
SS		 486}
487
488// Returns the absolute URL of current script, without the query.
ad6c27b7 489// (e.g. http://sebsauvage.net/links/)
45034273
SS		 490function indexUrl()
491{
9e975d86
SS		 492 $scriptname = $_SERVER["SCRIPT_NAME"];
493 // If the script is named 'index.php', we remove it (for better looking URLs,
ad6c27b7 494 // e.g. http://mysite.com/shaarli/?abcde instead of http://mysite.com/shaarli/index.php?abcde)
9e975d86
SS		 495 if (endswith($scriptname,'index.php')) $scriptname = substr($scriptname,0,strlen($scriptname)-9);
496 return serverUrl() . $scriptname;
45034273
SS		 497}
498
499// Returns the absolute URL of current script, WITH the query.
ad6c27b7 500// (e.g. http://sebsauvage.net/links/?toto=titi&spamspamspam=humbug)
45034273
SS		 501function pageUrl()
502{
503 return indexUrl().(!empty($_SERVER["QUERY_STRING"]) ? '?'.$_SERVER["QUERY_STRING"] : '');
504}
505
ad6c27b7 506// Convert post_max_size/upload_max_filesize (e.g. '16M') parameters to bytes.
45034273
SS		 507function return_bytes($val)
508{
509 $val = trim($val); $last=strtolower($val[strlen($val)-1]);
510 switch($last)
511 {
512 case 'g': $val *= 1024;
513 case 'm': $val *= 1024;
514 case 'k': $val *= 1024;
515 }
516 return $val;
517}
518
519// Try to determine max file size for uploads (POST).
520// Returns an integer (in bytes)
521function getMaxFileSize()
522{
523 $size1 = return_bytes(ini_get('post_max_size'));
524 $size2 = return_bytes(ini_get('upload_max_filesize'));
525 // Return the smaller of two:
526 $maxsize = min($size1,$size2);
ad6c27b7 527 // FIXME: Then convert back to readable notations ? (e.g. 2M instead of 2000000)
45034273
SS		 528 return $maxsize;
529}
530
531// Tells if a string start with a substring or not.
532function startsWith($haystack,$needle,$case=true)
533{
534 if($case){return (strcmp(substr($haystack, 0, strlen($needle)),$needle)===0);}
535 return (strcasecmp(substr($haystack, 0, strlen($needle)),$needle)===0);
536}
537
538// Tells if a string ends with a substring or not.
539function endsWith($haystack,$needle,$case=true)
540{
541 if($case){return (strcmp(substr($haystack, strlen($haystack) - strlen($needle)),$needle)===0);}
542 return (strcasecmp(substr($haystack, strlen($haystack) - strlen($needle)),$needle)===0);
543}
544
545/* Converts a linkdate time (YYYYMMDD_HHMMSS) of an article to a timestamp (Unix epoch)
546 (used to build the ADD_DATE attribute in Netscape-bookmarks file)
547 PS: I could have used strptime(), but it does not exist on Windows. I'm too kind. */
548function linkdate2timestamp($linkdate)
549{
550 $Y=$M=$D=$h=$m=$s=0;
551 $r = sscanf($linkdate,'%4d%2d%2d_%2d%2d%2d',$Y,$M,$D,$h,$m,$s);
552 return mktime($h,$m,$s,$M,$D,$Y);
553}
554
555/* Converts a linkdate time (YYYYMMDD_HHMMSS) of an article to a RFC822 date.
556 (used to build the pubDate attribute in RSS feed.) */
557function linkdate2rfc822($linkdate)
558{
559 return date('r',linkdate2timestamp($linkdate)); // 'r' is for RFC822 date format.
560}
561
562/* Converts a linkdate time (YYYYMMDD_HHMMSS) of an article to a ISO 8601 date.
563 (used to build the updated tags in ATOM feed.) */
564function linkdate2iso8601($linkdate)
565{
566 return date('c',linkdate2timestamp($linkdate)); // 'c' is for ISO 8601 date format.
567}
568
569/* Converts a linkdate time (YYYYMMDD_HHMMSS) of an article to a localized date format.
570 (used to display link date on screen)
571 The date format is automatically chosen according to locale/languages sniffed from browser headers (see autoLocale()). */
572function linkdate2locale($linkdate)
573{
574 return utf8_encode(strftime('%c',linkdate2timestamp($linkdate))); // %c is for automatic date format according to locale.
ad6c27b7 575 // Note that if you use a locale which is not installed on your webserver,
45034273
SS		 576 // the date will not be displayed in the chosen locale, but probably in US notation.
577}
578
579// Parse HTTP response headers and return an associative array.
580function http_parse_headers_shaarli( $headers )
581{
582 $res=array();
583 foreach($headers as $header)
584 {
585 $i = strpos($header,': ');
586 if ($i!==false)
587 {
588 $key=substr($header,0,$i);
589 $value=substr($header,$i+2,strlen($header)-$i-2);
590 $res[$key]=$value;
591 }
592 }
593 return $res;
594}
595
596/* GET an URL.
ad6c27b7 597 Input: $url : URL to get (http://...)
45034273 598 $timeout : Network timeout (will wait this many seconds for an anwser before giving up).
ad6c27b7 599 Output: An array. [0] = HTTP status message (e.g. "HTTP/1.1 200 OK") or error message
600 [1] = associative array containing HTTP response headers (e.g. echo getHTTP($url)[1]['Content-Type'])
45034273
SS		 601 [2] = data
602 Example: list($httpstatus,$headers,$data) = getHTTP('http://sebauvage.net/');
603 if (strpos($httpstatus,'200 OK')!==false)
604 echo 'Data type: '.htmlspecialchars($headers['Content-Type']);
605 else
606 echo 'There was an error: '.htmlspecialchars($httpstatus)
607*/
608function getHTTP($url,$timeout=30)
609{
610 try
611 {
03545ef6 612 $options = array('http'=>array('method'=>'GET','timeout' => $timeout, 'user_agent' => 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0')); // Force network timeout
45034273
SS		 613 $context = stream_context_create($options);
614 $data=file_get_contents($url,false,$context,-1, 4000000); // We download at most 4 Mb from source.
615 if (!$data) { return array('HTTP Error',array(),''); }
ad6c27b7 616 $httpStatus=$http_response_header[0]; // e.g. "HTTP/1.1 200 OK"
45034273
SS		 617 $responseHeaders=http_parse_headers_shaarli($http_response_header);
618 return array($httpStatus,$responseHeaders,$data);
619 }
ad6c27b7 620 catch (Exception $e) // getHTTP *can* fail silently (we don't care if the title cannot be fetched)
45034273
SS		 621 {
622 return array($e->getMessage(),'','');
623 }
624}
625
626// Extract title from an HTML document.
627// (Returns an empty string if not found.)
628function html_extract_title($html)
629{
630 return preg_match('!<title>(.*?)</title>!is', $html, $matches) ? trim(str_replace("\n",' ', $matches[1])) : '' ;
631}
632
633// ------------------------------------------------------------------------------------------
634// Token management for XSRF protection
635// Token should be used in any form which acts on data (create,update,delete,import...).
636if (!isset($_SESSION['tokens'])) $_SESSION['tokens']=array(); // Token are attached to the session.
637
638// Returns a token.
639function getToken()
640{
a1f5a6ec 641 $rnd = sha1(uniqid('',true).'_'.mt_rand().$GLOBALS['salt']); // We generate a random string.
45034273
SS		 642 $_SESSION['tokens'][$rnd]=1; // Store it on the server side.
643 return $rnd;
644}
645
ad6c27b7 646// Tells if a token is OK. Using this function will destroy the token.
647// true=token is OK.
45034273
SS		 648function tokenOk($token)
649{
650 if (isset($_SESSION['tokens'][$token]))
651 {
652 unset($_SESSION['tokens'][$token]); // Token is used: destroy it.
ad6c27b7 653 return true; // Token is OK.
45034273
SS		 654 }
655 return false; // Wrong token, or already used.
656}
657
658// ------------------------------------------------------------------------------------------
659/* This class is in charge of building the final page.
660 (This is basically a wrapper around RainTPL which pre-fills some fields.)
661 p = new pageBuilder;
662 p.assign('myfield','myvalue');
663 p.renderPage('mytemplate');
bb8f712d 664
45034273
SS		 665*/
666class pageBuilder
667{
668 private $tpl; // RainTPL template
669
670 function __construct()
671 {
672 $this->tpl=false;
bb8f712d 673 }
45034273
SS		 674
675 private function initialize()
bb8f712d
KT		 676 {
677 $this->tpl = new RainTPL;
45034273
SS		 678 $this->tpl->assign('newversion',checkUpdate());
679 $this->tpl->assign('feedurl',htmlspecialchars(indexUrl()));
680 $searchcrits=''; // Search criteria
681 if (!empty($_GET['searchtags'])) $searchcrits.='&searchtags='.urlencode($_GET['searchtags']);
682 elseif (!empty($_GET['searchterm'])) $searchcrits.='&searchterm='.urlencode($_GET['searchterm']);
683 $this->tpl->assign('searchcrits',$searchcrits);
684 $this->tpl->assign('source',indexUrl());
685 $this->tpl->assign('version',shaarli_version);
686 $this->tpl->assign('scripturl',indexUrl());
687 $this->tpl->assign('pagetitle','Shaarli');
ad6c27b7 688 $this->tpl->assign('privateonly',!empty($_SESSION['privateonly'])); // Show only private links?
45034273 689 if (!empty($GLOBALS['title'])) $this->tpl->assign('pagetitle',$GLOBALS['title']);
ebb2880d 690 if (!empty($GLOBALS['titleLink'])) $this->tpl->assign('titleLink',$GLOBALS['titleLink']);
45034273
SS		 691 if (!empty($GLOBALS['pagetitle'])) $this->tpl->assign('pagetitle',$GLOBALS['pagetitle']);
692 $this->tpl->assign('shaarlititle',empty($GLOBALS['title']) ? 'Shaarli': $GLOBALS['title'] );
bb8f712d 693 return;
45034273 694 }
bb8f712d 695
45034273
SS		 696 // The following assign() method is basically the same as RainTPL (except that it's lazy)
697 public function assign($what,$where)
698 {
699 if ($this->tpl===false) $this->initialize(); // Lazy initialization
700 $this->tpl->assign($what,$where);
701 }
bb8f712d 702
45034273 703 // Render a specific page (using a template).
ad6c27b7 704 // e.g. pb.renderPage('picwall')
45034273
SS		 705 public function renderPage($page)
706 {
707 if ($this->tpl===false) $this->initialize(); // Lazy initialization
708 $this->tpl->draw($page);
709 }
710}
711
712// ------------------------------------------------------------------------------------------
713/* Data storage for links.
714 This object behaves like an associative array.
715 Example:
716 $mylinks = new linkdb();
717 echo $mylinks['20110826_161819']['title'];
718 foreach($mylinks as $link)
719 echo $link['title'].' at url '.$link['url'].' ; description:'.$link['description'];
bb8f712d 720
45034273
SS		 721 Available keys:
722 title : Title of the link
ad6c27b7 723 url : URL of the link. Can be absolute or relative. Relative URLs are permalinks (e.g.'?m-ukcw')
45034273 724 description : description of the entry
ad6c27b7 725 private : Is this link private? 0=no, other value=yes
726 linkdate : date of the creation of this entry, in the form YYYYMMDD_HHMMSS (e.g.'20110914_192317')
bb8f712d 727 tags : tags attached to this entry (separated by spaces)
45034273
SS		 728
729 We implement 3 interfaces:
730 - ArrayAccess so that this object behaves like an associative array.
731 - Iterator so that this object can be used in foreach() loops.
732 - Countable interface so that we can do a count() on this object.
733*/
734class linkdb implements Iterator, Countable, ArrayAccess
735{
ad6c27b7 736 private $links; // List of links (associative array. Key=linkdate (e.g. "20110823_124546"), value= associative array (keys:title,description...)
45034273
SS		 737 private $urls; // List of all recorded URLs (key=url, value=linkdate) for fast reserve search (url-->linkdate)
738 private $keys; // List of linkdate keys (for the Iterator interface implementation)
739 private $position; // Position in the $this->keys array. (for the Iterator interface implementation.)
ad6c27b7 740 private $loggedin; // Is the user logged in? (used to filter private links)
45034273
SS		 741
742 // Constructor:
743 function __construct($isLoggedIn)
ad6c27b7 744 // Input : $isLoggedIn : is the user logged in?
45034273
SS		 745 {
746 $this->loggedin = $isLoggedIn;
747 $this->checkdb(); // Make sure data file exists.
748 $this->readdb(); // Then read it.
749 }
750
751 // ---- Countable interface implementation
752 public function count() { return count($this->links); }
753
754 // ---- ArrayAccess interface implementation
755 public function offsetSet($offset, $value)
756 {
757 if (!$this->loggedin) die('You are not authorized to add a link.');
ad6c27b7 758 if (empty($value['linkdate']) || empty($value['url'])) die('Internal Error: A link should always have a linkdate and URL.');
45034273
SS		 759 if (empty($offset)) die('You must specify a key.');
760 $this->links[$offset] = $value;
761 $this->urls[$value['url']]=$offset;
762 }
763 public function offsetExists($offset) { return array_key_exists($offset,$this->links); }
764 public function offsetUnset($offset)
765 {
766 if (!$this->loggedin) die('You are not authorized to delete a link.');
767 $url = $this->links[$offset]['url']; unset($this->urls[$url]);
768 unset($this->links[$offset]);
769 }
770 public function offsetGet($offset) { return isset($this->links[$offset]) ? $this->links[$offset] : null; }
771
772 // ---- Iterator interface implementation
773 function rewind() { $this->keys=array_keys($this->links); rsort($this->keys); $this->position=0; } // Start over for iteration, ordered by date (latest first).
774 function key() { return $this->keys[$this->position]; } // current key
775 function current() { return $this->links[$this->keys[$this->position]]; } // current value
776 function next() { ++$this->position; } // go to next item
777 function valid() { return isset($this->keys[$this->position]); } // Check if current position is valid.
778
779 // ---- Misc methods
780 private function checkdb() // Check if db directory and file exists.
781 {
782 if (!file_exists($GLOBALS['config']['DATASTORE'])) // Create a dummy database for example.
783 {
784 $this->links = array();
785 $link = array('title'=>'Shaarli - sebsauvage.net','url'=>'http://sebsauvage.net/wiki/doku.php?id=php:shaarli','description'=>'Welcome to Shaarli ! This is a bookmark. To edit or delete me, you must first login.','private'=>0,'linkdate'=>'20110914_190000','tags'=>'opensource software');
786 $this->links[$link['linkdate']] = $link;
58a8f4ca 787 $link = array('title'=>'My secret stuff... - Pastebin.com','url'=>'http://sebsauvage.net/paste/?8434b27936c09649#bR7XsXhoTiLcqCpQbmOpBi3rq2zzQUC5hBI7ZT1O3x8=','description'=>'SShhhh!! I\'m a private link only YOU can see. You can delete me too.','private'=>1,'linkdate'=>'20110914_074522','tags'=>'secretstuff');
45034273
SS		 788 $this->links[$link['linkdate']] = $link;
789 file_put_contents($GLOBALS['config']['DATASTORE'], PHPPREFIX.base64_encode(gzdeflate(serialize($this->links))).PHPSUFFIX); // Write database to disk
790 }
791 }
792
793 // Read database from disk to memory
794 private function readdb()
795 {
796 // Read data
797 $this->links=(file_exists($GLOBALS['config']['DATASTORE']) ? unserialize(gzinflate(base64_decode(substr(file_get_contents($GLOBALS['config']['DATASTORE']),strlen(PHPPREFIX),-strlen(PHPSUFFIX))))) : array() );
798 // Note that gzinflate is faster than gzuncompress. See: http://www.php.net/manual/en/function.gzdeflate.php#96439
799
800 // If user is not logged in, filter private links.
801 if (!$this->loggedin)
802 {
803 $toremove=array();
804 foreach($this->links as $link) { if ($link['private']!=0) $toremove[]=$link['linkdate']; }
805 foreach($toremove as $linkdate) { unset($this->links[$linkdate]); }
806 }
807
808 // Keep the list of the mapping URLs-->linkdate up-to-date.
809 $this->urls=array();
810 foreach($this->links as $link) { $this->urls[$link['url']]=$link['linkdate']; }
811 }
812
813 // Save database from memory to disk.
814 public function savedb()
815 {
816 if (!$this->loggedin) die('You are not authorized to change the database.');
817 file_put_contents($GLOBALS['config']['DATASTORE'], PHPPREFIX.base64_encode(gzdeflate(serialize($this->links))).PHPSUFFIX);
818 invalidateCaches();
819 }
820
ad6c27b7 821 // Returns the link for a given URL (if it exists). False if it does not exist.
45034273
SS		 822 public function getLinkFromUrl($url)
823 {
824 if (isset($this->urls[$url])) return $this->links[$this->urls[$url]];
825 return false;
826 }
827
ad6c27b7 828 // Case insensitive search among links (in the URLs, title and description). Returns filtered list of links.
829 // e.g. print_r($mydb->filterFulltext('hollandais'));
45034273
SS		 830 public function filterFulltext($searchterms)
831 {
832 // FIXME: explode(' ',$searchterms) and perform a AND search.
ad6c27b7 833 // FIXME: accept double-quotes to search for a string "as is"?
2e45fdd8
FE		 834 // Using mb_convert_case($val, MB_CASE_LOWER, 'UTF-8') allows us to perform searches on
835 // Unicode text. See https://github.com/shaarli/Shaarli/issues/75 for examples.
45034273 836 $filtered=array();
2e45fdd8 837 $s = mb_convert_case($searchterms, MB_CASE_LOWER, 'UTF-8');
45034273
SS		 838 foreach($this->links as $l)
839 {
2e45fdd8
FE		 840 $found= (strpos(mb_convert_case($l['title'], MB_CASE_LOWER, 'UTF-8'),$s) !== false)
841 || (strpos(mb_convert_case($l['description'], MB_CASE_LOWER, 'UTF-8'),$s) !== false)
842 || (strpos(mb_convert_case($l['url'], MB_CASE_LOWER, 'UTF-8'),$s) !== false)
843 || (strpos(mb_convert_case($l['tags'], MB_CASE_LOWER, 'UTF-8'),$s) !== false);
45034273
SS		 844 if ($found) $filtered[$l['linkdate']] = $l;
845 }
846 krsort($filtered);
847 return $filtered;
848 }
849
850 // Filter by tag.
851 // You can specify one or more tags (tags can be separated by space or comma).
ad6c27b7 852 // e.g. print_r($mydb->filterTags('linux programming'));
45034273
SS		 853 public function filterTags($tags,$casesensitive=false)
854 {
2e45fdd8
FE		 855 // Same as above, we use UTF-8 conversion to handle various graphemes (i.e. cyrillic, or greek)
856 // TODO: is $casesensitive ever true ?
857 $t = str_replace(',',' ',($casesensitive?$tags:mb_convert_case($tags, MB_CASE_LOWER, 'UTF-8')));
45034273
SS		 858 $searchtags=explode(' ',$t);
859 $filtered=array();
860 foreach($this->links as $l)
861 {
2e45fdd8 862 $linktags = explode(' ',($casesensitive?$l['tags']:mb_convert_case($l['tags'], MB_CASE_LOWER, 'UTF-8')));
45034273
SS		 863 if (count(array_intersect($linktags,$searchtags)) == count($searchtags))
864 $filtered[$l['linkdate']] = $l;
865 }
866 krsort($filtered);
867 return $filtered;
868 }
869
ad6c27b7 870 // Filter by day. Day must be in the form 'YYYYMMDD' (e.g. '20120125')
45034273 871 // Sort order is: older articles first.
ad6c27b7 872 // e.g. print_r($mydb->filterDay('20120125'));
45034273
SS		 873 public function filterDay($day)
874 {
875 $filtered=array();
876 foreach($this->links as $l)
877 {
878 if (startsWith($l['linkdate'],$day)) $filtered[$l['linkdate']] = $l;
879 }
880 ksort($filtered);
881 return $filtered;
882 }
883 // Filter by smallHash.
884 // Only 1 article is returned.
885 public function filterSmallHash($smallHash)
886 {
887 $filtered=array();
888 foreach($this->links as $l)
889 {
890 if ($smallHash==smallHash($l['linkdate'])) // Yes, this is ugly and slow
891 {
892 $filtered[$l['linkdate']] = $l;
893 return $filtered;
894 }
895 }
896 return $filtered;
897 }
898
899 // Returns the list of all tags
900 // Output: associative array key=tags, value=0
901 public function allTags()
902 {
903 $tags=array();
904 foreach($this->links as $link)
905 foreach(explode(' ',$link['tags']) as $tag)
906 if (!empty($tag)) $tags[$tag]=(empty($tags[$tag]) ? 1 : $tags[$tag]+1);
907 arsort($tags); // Sort tags by usage (most used tag first)
908 return $tags;
909 }
bb8f712d 910
45034273
SS		 911 // Returns the list of days containing articles (oldest first)
912 // Output: An array containing days (in format YYYYMMDD).
913 public function days()
914 {
915 $linkdays=array();
916 foreach(array_keys($this->links) as $day)
917 {
918 $linkdays[substr($day,0,8)]=0;
919 }
920 $linkdays=array_keys($linkdays);
921 sort($linkdays);
922 return $linkdays;
923 }
924}
925
926// ------------------------------------------------------------------------------------------
ad6c27b7 927// Output the last N links in RSS 2.0 format.
45034273
SS		 928function showRSS()
929{
930 header('Content-Type: application/rss+xml; charset=utf-8');
931
2abd3905 932 // $usepermalink : If true, use permalink instead of final link.
ad6c27b7 933 // User just has to add 'permalink' in URL parameters. e.g. http://mysite.com/shaarli/?do=rss&permalinks
ed5b38dd
FE		 934 // Also enabled through a config option
935 $usepermalinks = isset($_GET['permalinks']) || !$GLOBALS['config']['ENABLE_RSS_PERMALINKS'];
2abd3905 936
45034273
SS		 937 // Cache system
938 $query = $_SERVER["QUERY_STRING"];
939 $cache = new pageCache(pageUrl(),startsWith($query,'do=rss') && !isLoggedIn());
940 $cached = $cache->cachedVersion(); if (!empty($cached)) { echo $cached; exit; }
941
942 // If cached was not found (or not usable), then read the database and build the response:
ad6c27b7 943 $LINKSDB=new linkdb(isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI']); // Read links from database (and filter private links if user it not logged in).
45034273 944
ad6c27b7 945 // Optionally filter the results:
45034273
SS		 946 $linksToDisplay=array();
947 if (!empty($_GET['searchterm'])) $linksToDisplay = $LINKSDB->filterFulltext($_GET['searchterm']);
948 elseif (!empty($_GET['searchtags'])) $linksToDisplay = $LINKSDB->filterTags(trim($_GET['searchtags']));
949 else $linksToDisplay = $LINKSDB;
c677013b
SS		 950 $nblinksToDisplay = 50; // Number of links to display.
951 if (!empty($_GET['nb'])) // In URL, you can specificy the number of links. Example: nb=200 or nb=all for all links.
732e683b 952 {
c677013b
SS		 953 $nblinksToDisplay = $_GET['nb']=='all' ? count($linksToDisplay) : max($_GET['nb']+0,1) ;
954 }
45034273
SS		 955
956 $pageaddr=htmlspecialchars(indexUrl());
957 echo '<?xml version="1.0" encoding="UTF-8"?><rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/">';
958 echo '<channel><title>'.htmlspecialchars($GLOBALS['title']).'</title><link>'.$pageaddr.'</link>';
959 echo '<description>Shared links</description><language>en-en</language><copyright>'.$pageaddr.'</copyright>'."\n\n";
960 if (!empty($GLOBALS['config']['PUBSUBHUB_URL']))
961 {
962 echo '<!-- PubSubHubbub Discovery -->';
963 echo '<link rel="hub" href="'.htmlspecialchars($GLOBALS['config']['PUBSUBHUB_URL']).'" xmlns="http://www.w3.org/2005/Atom" />';
964 echo '<link rel="self" href="'.htmlspecialchars($pageaddr).'?do=rss" xmlns="http://www.w3.org/2005/Atom" />';
965 echo '<!-- End Of PubSubHubbub Discovery -->';
966 }
967 $i=0;
968 $keys=array(); foreach($linksToDisplay as $key=>$value) { $keys[]=$key; } // No, I can't use array_keys().
fbd9e527 969 while ($i<$nblinksToDisplay && $i<count($keys))
45034273
SS		 970 {
971 $link = $linksToDisplay[$keys[$i]];
972 $guid = $pageaddr.'?'.smallHash($link['linkdate']);
973 $rfc822date = linkdate2rfc822($link['linkdate']);
974 $absurl = htmlspecialchars($link['url']);
975 if (startsWith($absurl,'?')) $absurl=$pageaddr.$absurl; // make permalink URL absolute
2abd3905 976 if ($usepermalinks===true)
ed5b38dd 977 echo '<item><title>'.htmlspecialchars($link['title']).'</title><guid isPermaLink="true">'.$guid.'</guid><link>'.$guid.'</link>';
2abd3905 978 else
3e0ef647 979 echo '<item><title>'.htmlspecialchars($link['title']).'</title><guid isPermaLink="false">'.$guid.'</guid><link>'.$absurl.'</link>';
45034273
SS		 980 if (!$GLOBALS['config']['HIDE_TIMESTAMPS'] || isLoggedIn()) echo '<pubDate>'.htmlspecialchars($rfc822date)."</pubDate>\n";
981 if ($link['tags']!='') // Adding tags to each RSS entry (as mentioned in RSS specification)
982 {
983 foreach(explode(' ',$link['tags']) as $tag) { echo '<category domain="'.htmlspecialchars($pageaddr).'">'.htmlspecialchars($tag).'</category>'."\n"; }
984 }
2abd3905
SS		 985
986 // Add permalink in description
987 $descriptionlink = '(<a href="'.$guid.'">Permalink</a>)';
988 // If user wants permalinks first, put the final link in description
989 if ($usepermalinks===true) $descriptionlink = '(<a href="'.$absurl.'">Link</a>)';
990 if (strlen($link['description'])>0) $descriptionlink = '<br>'.$descriptionlink;
991 echo '<description><![CDATA['.nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($link['description'])))).$descriptionlink.']]></description>'."\n</item>\n";
45034273
SS		 992 $i++;
993 }
53da2017 994 echo '</channel></rss><!-- Cached version of '.htmlspecialchars(pageUrl()).' -->';
45034273
SS		 995
996 $cache->cache(ob_get_contents());
997 ob_end_flush();
998 exit;
999}
1000
1001// ------------------------------------------------------------------------------------------
ad6c27b7 1002// Output the last N links in ATOM format.
45034273
SS		 1003function showATOM()
1004{
1005 header('Content-Type: application/atom+xml; charset=utf-8');
1006
2abd3905 1007 // $usepermalink : If true, use permalink instead of final link.
ad6c27b7 1008 // User just has to add 'permalink' in URL parameters. e.g. http://mysite.com/shaarli/?do=atom&permalinks
ed5b38dd 1009 $usepermalinks = isset($_GET['permalinks']) || !$GLOBALS['config']['ENABLE_RSS_PERMALINKS'];
2abd3905 1010
45034273
SS		 1011 // Cache system
1012 $query = $_SERVER["QUERY_STRING"];
1013 $cache = new pageCache(pageUrl(),startsWith($query,'do=atom') && !isLoggedIn());
1014 $cached = $cache->cachedVersion(); if (!empty($cached)) { echo $cached; exit; }
1015 // If cached was not found (or not usable), then read the database and build the response:
1016
1017 $LINKSDB=new linkdb(isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI']); // Read links from database (and filter private links if used it not logged in).
1018
1019
ad6c27b7 1020 // Optionally filter the results:
45034273
SS		 1021 $linksToDisplay=array();
1022 if (!empty($_GET['searchterm'])) $linksToDisplay = $LINKSDB->filterFulltext($_GET['searchterm']);
1023 elseif (!empty($_GET['searchtags'])) $linksToDisplay = $LINKSDB->filterTags(trim($_GET['searchtags']));
1024 else $linksToDisplay = $LINKSDB;
c677013b
SS		 1025 $nblinksToDisplay = 50; // Number of links to display.
1026 if (!empty($_GET['nb'])) // In URL, you can specificy the number of links. Example: nb=200 or nb=all for all links.
732e683b 1027 {
c677013b
SS		 1028 $nblinksToDisplay = $_GET['nb']=='all' ? count($linksToDisplay) : max($_GET['nb']+0,1) ;
1029 }
45034273
SS		 1030
1031 $pageaddr=htmlspecialchars(indexUrl());
1032 $latestDate = '';
1033 $entries='';
1034 $i=0;
1035 $keys=array(); foreach($linksToDisplay as $key=>$value) { $keys[]=$key; } // No, I can't use array_keys().
fbd9e527 1036 while ($i<$nblinksToDisplay && $i<count($keys))
45034273
SS		 1037 {
1038 $link = $linksToDisplay[$keys[$i]];
1039 $guid = $pageaddr.'?'.smallHash($link['linkdate']);
1040 $iso8601date = linkdate2iso8601($link['linkdate']);
1041 $latestDate = max($latestDate,$iso8601date);
1042 $absurl = htmlspecialchars($link['url']);
1043 if (startsWith($absurl,'?')) $absurl=$pageaddr.$absurl; // make permalink URL absolute
2abd3905
SS		 1044 $entries.='<entry><title>'.htmlspecialchars($link['title']).'</title>';
1045 if ($usepermalinks===true)
1046 $entries.='<link href="'.$guid.'" /><id>'.$guid.'</id>';
1047 else
1048 $entries.='<link href="'.$absurl.'" /><id>'.$guid.'</id>';
45034273 1049 if (!$GLOBALS['config']['HIDE_TIMESTAMPS'] || isLoggedIn()) $entries.='<updated>'.htmlspecialchars($iso8601date).'</updated>';
2abd3905
SS		 1050
1051 // Add permalink in description
1052 $descriptionlink = htmlspecialchars('(<a href="'.$guid.'">Permalink</a>)');
1053 // If user wants permalinks first, put the final link in description
1054 if ($usepermalinks===true) $descriptionlink = htmlspecialchars('(<a href="'.$absurl.'">Link</a>)');
1055 if (strlen($link['description'])>0) $descriptionlink = '&lt;br&gt;'.$descriptionlink;
1056
1057 $entries.='<content type="html">'.htmlspecialchars(nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($link['description']))))).$descriptionlink."</content>\n";
45034273
SS		 1058 if ($link['tags']!='') // Adding tags to each ATOM entry (as mentioned in ATOM specification)
1059 {
1060 foreach(explode(' ',$link['tags']) as $tag)
1061 { $entries.='<category scheme="'.htmlspecialchars($pageaddr,ENT_QUOTES).'" term="'.htmlspecialchars($tag,ENT_QUOTES).'" />'."\n"; }
1062 }
1063 $entries.="</entry>\n";
1064 $i++;
1065 }
1066 $feed='<?xml version="1.0" encoding="UTF-8"?><feed xmlns="http://www.w3.org/2005/Atom">';
1067 $feed.='<title>'.htmlspecialchars($GLOBALS['title']).'</title>';
1068 if (!$GLOBALS['config']['HIDE_TIMESTAMPS'] || isLoggedIn()) $feed.='<updated>'.htmlspecialchars($latestDate).'</updated>';
1069 $feed.='<link rel="self" href="'.htmlspecialchars(serverUrl().$_SERVER["REQUEST_URI"]).'" />';
1070 if (!empty($GLOBALS['config']['PUBSUBHUB_URL']))
1071 {
1072 $feed.='<!-- PubSubHubbub Discovery -->';
1073 $feed.='<link rel="hub" href="'.htmlspecialchars($GLOBALS['config']['PUBSUBHUB_URL']).'" />';
1074 $feed.='<!-- End Of PubSubHubbub Discovery -->';
1075 }
1076 $feed.='<author><name>'.htmlspecialchars($pageaddr).'</name><uri>'.htmlspecialchars($pageaddr).'</uri></author>';
1077 $feed.='<id>'.htmlspecialchars($pageaddr).'</id>'."\n\n"; // Yes, I know I should use a real IRI (RFC3987), but the site URL will do.
1078 $feed.=$entries;
53da2017 1079 $feed.='</feed><!-- Cached version of '.htmlspecialchars(pageUrl()).' -->';
45034273 1080 echo $feed;
bb8f712d 1081
45034273
SS		 1082 $cache->cache(ob_get_contents());
1083 ob_end_flush();
1084 exit;
1085}
1086
1087// ------------------------------------------------------------------------------------------
1088// Daily RSS feed: 1 RSS entry per day giving all the links on that day.
1089// Gives the last 7 days (which have links).
1090// This RSS feed cannot be filtered.
1091function showDailyRSS()
1092{
1093 // Cache system
1094 $query = $_SERVER["QUERY_STRING"];
1095 $cache = new pageCache(pageUrl(),startsWith($query,'do=dailyrss') && !isLoggedIn());
1096 $cached = $cache->cachedVersion(); if (!empty($cached)) { echo $cached; exit; }
1097 // If cached was not found (or not usable), then read the database and build the response:
1098 $LINKSDB=new linkdb(isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI']); // Read links from database (and filter private links if used it not logged in).
bb8f712d 1099
45034273
SS		 1100 /* Some Shaarlies may have very few links, so we need to look
1101 back in time (rsort()) until we have enough days ($nb_of_days).
1102 */
bb8f712d 1103 $linkdates=array(); foreach($LINKSDB as $linkdate=>$value) { $linkdates[]=$linkdate; }
45034273
SS		 1104 rsort($linkdates);
1105 $nb_of_days=7; // We take 7 days.
1106 $today=Date('Ymd');
1107 $days=array();
1108 foreach($linkdates as $linkdate)
1109 {
1110 $day=substr($linkdate,0,8); // Extract day (without time)
1111 if (strcmp($day,$today)<0)
1112 {
1113 if (empty($days[$day])) $days[$day]=array();
1114 $days[$day][]=$linkdate;
1115 }
ad6c27b7 1116 if (count($days)>$nb_of_days) break; // Have we collected enough days?
45034273 1117 }
bb8f712d 1118
45034273
SS		 1119 // Build the RSS feed.
1120 header('Content-Type: application/rss+xml; charset=utf-8');
1121 $pageaddr=htmlspecialchars(indexUrl());
1122 echo '<?xml version="1.0" encoding="UTF-8"?><rss version="2.0">';
1123 echo '<channel><title>Daily - '.htmlspecialchars($GLOBALS['title']).'</title><link>'.$pageaddr.'</link>';
1124 echo '<description>Daily shared links</description><language>en-en</language><copyright>'.$pageaddr.'</copyright>'."\n";
bb8f712d 1125
45034273
SS		 1126 foreach($days as $day=>$linkdates) // For each day.
1127 {
1128 $daydate = utf8_encode(strftime('%A %d, %B %Y',linkdate2timestamp($day.'_000000'))); // Full text date
1129 $rfc822date = linkdate2rfc822($day.'_000000');
1130 $absurl=htmlspecialchars(indexUrl().'?do=daily&day='.$day); // Absolute URL of the corresponding "Daily" page.
1131 echo '<item><title>'.htmlspecialchars($GLOBALS['title'].' - '.$daydate).'</title><guid>'.$absurl.'</guid><link>'.$absurl.'</link>';
1132 echo '<pubDate>'.htmlspecialchars($rfc822date)."</pubDate>";
bb8f712d 1133
45034273
SS		 1134 // Build the HTML body of this RSS entry.
1135 $html='';
1136 $href='';
1137 $links=array();
1138 // We pre-format some fields for proper output.
1139 foreach($linkdates as $linkdate)
1140 {
1141 $l = $LINKSDB[$linkdate];
1142 $l['formatedDescription']=nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($l['description']))));
bb8f712d
KT		 1143 $l['thumbnail'] = thumbnail($l['url']);
1144 $l['localdate']=linkdate2locale($l['linkdate']);
45034273 1145 if (startsWith($l['url'],'?')) $l['url']=indexUrl().$l['url']; // make permalink URL absolute
bb8f712d 1146 $links[$linkdate]=$l;
45034273
SS		 1147 }
1148 // Then build the HTML for this day:
bb8f712d 1149 $tpl = new RainTPL;
45034273
SS		 1150 $tpl->assign('links',$links);
1151 $html = $tpl->draw('dailyrss',$return_string=true);
1152 echo "\n";
1153 echo '<description><![CDATA['.$html.']]></description>'."\n</item>\n\n";
1154
bb8f712d 1155 }
53da2017 1156 echo '</channel></rss><!-- Cached version of '.htmlspecialchars(pageUrl()).' -->';
bb8f712d 1157
45034273
SS		 1158 $cache->cache(ob_get_contents());
1159 ob_end_flush();
1160 exit;
1161}
1162
1163// "Daily" page.
1164function showDaily()
1165{
1166 $LINKSDB=new linkdb(isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI']); // Read links from database (and filter private links if used it not logged in).
1167
1168
1169 $day=Date('Ymd',strtotime('-1 day')); // Yesterday, in format YYYYMMDD.
1170 if (isset($_GET['day'])) $day=$_GET['day'];
bb8f712d 1171
45034273
SS		 1172 $days = $LINKSDB->days();
1173 $i = array_search($day,$days);
1174 if ($i==false) { $i=count($days)-1; $day=$days[$i]; }
bb8f712d
KT		 1175 $previousday='';
1176 $nextday='';
45034273
SS		 1177 if ($i!==false)
1178 {
1179 if ($i>1) $previousday=$days[$i-1];
1180 if ($i<count($days)-1) $nextday=$days[$i+1];
1181 }
1182
1183 $linksToDisplay=$LINKSDB->filterDay($day);
1184 // We pre-format some fields for proper output.
1185 foreach($linksToDisplay as $key=>$link)
1186 {
dd62b9ba
SS		 1187 $taglist = explode(' ',$link['tags']);
1188 uasort($taglist, 'strcasecmp');
1189 $linksToDisplay[$key]['taglist']=$taglist;
45034273 1190 $linksToDisplay[$key]['formatedDescription']=nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($link['description']))));
bb8f712d 1191 $linksToDisplay[$key]['thumbnail'] = thumbnail($link['url']);
38a2d03e 1192 $linksToDisplay[$key]['localdate'] = linkdate2locale($link['linkdate']);
45034273 1193 }
bb8f712d 1194
45034273 1195 /* We need to spread the articles on 3 columns.
ad6c27b7 1196 I did not want to use a JavaScript lib like http://masonry.desandro.com/
bb8f712d 1197 so I manually spread entries with a simple method: I roughly evaluate the
45034273
SS		 1198 height of a div according to title and description length.
1199 */
1200 $columns=array(array(),array(),array()); // Entries to display, for each column.
1201 $fill=array(0,0,0); // Rough estimate of columns fill.
1202 foreach($linksToDisplay as $key=>$link)
1203 {
1204 // Roughly estimate length of entry (by counting characters)
1205 // Title: 30 chars = 1 line. 1 line is 30 pixels height.
1206 // Description: 836 characters gives roughly 342 pixel height.
ad6c27b7 1207 // This is not perfect, but it's usually OK.
45034273
SS		 1208 $length=strlen($link['title'])+(342*strlen($link['description']))/836;
1209 if ($link['thumbnail']) $length +=100; // 1 thumbnails roughly takes 100 pixels height.
1210 // Then put in column which is the less filled:
1211 $smallest=min($fill); // find smallest value in array.
1212 $index=array_search($smallest,$fill); // find index of this smallest value.
1213 array_push($columns[$index],$link); // Put entry in this column.
1214 $fill[$index]+=$length;
1215 }
1216 $PAGE = new pageBuilder;
1217 $PAGE->assign('linksToDisplay',$linksToDisplay);
1218 $PAGE->assign('linkcount',count($LINKSDB));
cae64e52 1219 $PAGE->assign('cols', $columns);
45034273
SS		 1220 $PAGE->assign('day',utf8_encode(strftime('%A %d, %B %Y',linkdate2timestamp($day.'_000000'))));
1221 $PAGE->assign('previousday',$previousday);
bb8f712d 1222 $PAGE->assign('nextday',$nextday);
45034273
SS		 1223 $PAGE->renderPage('daily');
1224 exit;
1225}
1226
1227
1228// ------------------------------------------------------------------------------------------
1229// Render HTML page (according to URL parameters and user rights)
1230function renderPage()
1231{
1232 $LINKSDB=new linkdb(isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI']); // Read links from database (and filter private links if used it not logged in).
1233
1234 // -------- Display login form.
1235 if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=login'))
1236 {
1237 if ($GLOBALS['config']['OPEN_SHAARLI']) { header('Location: ?'); exit; } // No need to login for open Shaarli
1238 $token=''; if (ban_canLogin()) $token=getToken(); // Do not waste token generation if not useful.
1239 $PAGE = new pageBuilder;
1240 $PAGE->assign('token',$token);
1241 $PAGE->assign('returnurl',(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER']:''));
1242 $PAGE->renderPage('loginform');
1243 exit;
1244 }
1245 // -------- User wants to logout.
1246 if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=logout'))
1247 {
1248 invalidateCaches();
1249 logout();
1250 header('Location: ?');
1251 exit;
1252 }
1253
1254 // -------- Picture wall
1255 if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=picwall'))
1256 {
ad6c27b7 1257 // Optionally filter the results:
45034273
SS		 1258 $links=array();
1259 if (!empty($_GET['searchterm'])) $links = $LINKSDB->filterFulltext($_GET['searchterm']);
1260 elseif (!empty($_GET['searchtags'])) $links = $LINKSDB->filterTags(trim($_GET['searchtags']));
1261 else $links = $LINKSDB;
1262 $body='';
1263 $linksToDisplay=array();
1264
1265 // Get only links which have a thumbnail.
1266 foreach($links as $link)
1267 {
1268 $permalink='?'.htmlspecialchars(smallhash($link['linkdate']),ENT_QUOTES);
1269 $thumb=lazyThumbnail($link['url'],$permalink);
1270 if ($thumb!='') // Only output links which have a thumbnail.
1271 {
1272 $link['thumbnail']=$thumb; // Thumbnail HTML code.
1273 $link['permalink']=$permalink;
1274 $linksToDisplay[]=$link; // Add to array.
1275 }
1276 }
1277 $PAGE = new pageBuilder;
1278 $PAGE->assign('linkcount',count($LINKSDB));
1279 $PAGE->assign('linksToDisplay',$linksToDisplay);
1280 $PAGE->renderPage('picwall');
1281 exit;
1282 }
1283
1284 // -------- Tag cloud
1285 if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=tagcloud'))
1286 {
1287 $tags= $LINKSDB->allTags();
1288 // We sort tags alphabetically, then choose a font size according to count.
1289 // First, find max value.
1290 $maxcount=0; foreach($tags as $key=>$value) $maxcount=max($maxcount,$value);
1291 ksort($tags);
1292 $tagList=array();
1293 foreach($tags as $key=>$value)
1e3b2740 1294 // Tag font size scaling: default 15 and 30 logarithm bases affect scaling, 22 and 6 are arbitrary font sizes for max and min sizes.
45034273 1295 {
1e3b2740 1296 $tagList[$key] = array('count'=>$value,'size'=>log($value, 15) / log($maxcount, 30) * (22-6) + 6);
45034273
SS		 1297 }
1298 $PAGE = new pageBuilder;
1299 $PAGE->assign('linkcount',count($LINKSDB));
1300 $PAGE->assign('tags',$tagList);
1301 $PAGE->renderPage('tagcloud');
bb8f712d 1302 exit;
45034273
SS		 1303 }
1304
1305 // -------- User clicks on a tag in a link: The tag is added to the list of searched tags (searchtags=...)
1306 if (isset($_GET['addtag']))
1307 {
1308 // Get previous URL (http_referer) and add the tag to the searchtags parameters in query.
1309 if (empty($_SERVER['HTTP_REFERER'])) { header('Location: ?searchtags='.urlencode($_GET['addtag'])); exit; } // In case browser does not send HTTP_REFERER
1310 parse_str(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_QUERY), $params);
732e683b
FE		 1311
1312 // Check if this tag is already in the search query and ignore it if it is.
1313 // Each tag is always separated by a space
1314 $current_tags = explode(' ', $params['searchtags']);
1315 $addtag = true;
1316 foreach ($current_tags as $value) {
1317 if ($value === $_GET['addtag']) {
1318 $addtag = false;
1319 break;
1320 }
1321 }
1322 // Append the tag if necessary
1323 if (empty($params['searchtags'])) {
1324 $params['searchtags'] = trim($_GET['addtag']);
1325 }
1326 else if ($addtag) {
1327 $params['searchtags'] = trim($params['searchtags']).' '.trim($_GET['addtag']);
1328 }
1329
45034273
SS		 1330 unset($params['page']); // We also remove page (keeping the same page has no sense, since the results are different)
1331 header('Location: ?'.http_build_query($params));
1332 exit;
1333 }
1334
1335 // -------- User clicks on a tag in result count: Remove the tag from the list of searched tags (searchtags=...)
1336 if (isset($_GET['removetag']))
1337 {
1338 // Get previous URL (http_referer) and remove the tag from the searchtags parameters in query.
1339 if (empty($_SERVER['HTTP_REFERER'])) { header('Location: ?'); exit; } // In case browser does not send HTTP_REFERER
1340 parse_str(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_QUERY), $params);
1341 if (isset($params['searchtags']))
1342 {
1343 $tags = explode(' ',$params['searchtags']);
1344 $tags=array_diff($tags, array($_GET['removetag'])); // Remove value from array $tags.
1345 if (count($tags)==0) unset($params['searchtags']); else $params['searchtags'] = implode(' ',$tags);
1346 unset($params['page']); // We also remove page (keeping the same page has no sense, since the results are different)
1347 }
1348 header('Location: ?'.http_build_query($params));
1349 exit;
1350 }
1351
1352 // -------- User wants to change the number of links per page (linksperpage=...)
1353 if (isset($_GET['linksperpage']))
1354 {
1355 if (is_numeric($_GET['linksperpage'])) { $_SESSION['LINKS_PER_PAGE']=abs(intval($_GET['linksperpage'])); }
ad6c27b7 1356 // Make sure the referrer is Shaarli itself.
feebc6d4 1357 $referer = '?';
f6a6ca0a 1358 if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['HTTP_HOST'])==0)
feebc6d4
SS		 1359 $referer = $_SERVER['HTTP_REFERER'];
1360 header('Location: '.$referer);
45034273
SS		 1361 exit;
1362 }
bb8f712d 1363
45034273
SS		 1364 // -------- User wants to see only private links (toggle)
1365 if (isset($_GET['privateonly']))
1366 {
1367 if (empty($_SESSION['privateonly']))
1368 {
1369 $_SESSION['privateonly']=1; // See only private links
1370 }
1371 else
1372 {
1373 unset($_SESSION['privateonly']); // See all links
1374 }
ad6c27b7 1375 // Make sure the referrer is Shaarli itself.
feebc6d4 1376 $referer = '?';
f6a6ca0a 1377 if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['HTTP_HOST'])==0)
feebc6d4
SS		 1378 $referer = $_SERVER['HTTP_REFERER'];
1379 header('Location: '.$referer);
45034273
SS		 1380 exit;
1381 }
1382
1383 // -------- Handle other actions allowed for non-logged in users:
1384 if (!isLoggedIn())
1385 {
ad6c27b7 1386 // User tries to post new link but is not logged in:
45034273
SS		 1387 // Show login screen, then redirect to ?post=...
1388 if (isset($_GET['post']))
1389 {
a1795ddc 1390 header('Location: ?do=login&post='.urlencode($_GET['post']).(!empty($_GET['title'])?'&title='.urlencode($_GET['title']):'').(!empty($_GET['description'])?'&description='.urlencode($_GET['description']):'').(!empty($_GET['source'])?'&source='.urlencode($_GET['source']):'')); // Redirect to login page, then back to post link.
45034273
SS		 1391 exit;
1392 }
aedc912d
FE		 1393
1394 // Same case as above except that user tried to access ?do=addlink without being logged in
1395 // Note: passing empty parameters makes Shaarli generate default URLs and descriptions.
1396 if (isset($_GET['do']) && $_GET['do'] === 'addlink') {
1397 header('Location: ?do=login&post=');
1398 exit;
1399 }
1400
45034273
SS		 1401 $PAGE = new pageBuilder;
1402 buildLinkList($PAGE,$LINKSDB); // Compute list of links to display
1403 $PAGE->renderPage('linklist');
ad6c27b7 1404 exit; // Never remove this one! All operations below are reserved for logged in user.
45034273
SS		 1405 }
1406
1407 // -------- All other functions are reserved for the registered user:
1408
1409 // -------- Display the Tools menu if requested (import/export/bookmarklet...)
1410 if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=tools'))
1411 {
1412 $PAGE = new pageBuilder;
1413 $PAGE->assign('linkcount',count($LINKSDB));
1414 $PAGE->assign('pageabsaddr',indexUrl());
1415 $PAGE->renderPage('tools');
1416 exit;
1417 }
1418
1419 // -------- User wants to change his/her password.
1420 if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=changepasswd'))
1421 {
1422 if ($GLOBALS['config']['OPEN_SHAARLI']) die('You are not supposed to change a password on an Open Shaarli.');
1423 if (!empty($_POST['setpassword']) && !empty($_POST['oldpassword']))
1424 {
ad6c27b7 1425 if (!tokenOk($_POST['token'])) die('Wrong token.'); // Go away!
45034273
SS		 1426
1427 // Make sure old password is correct.
1428 $oldhash = sha1($_POST['oldpassword'].$GLOBALS['login'].$GLOBALS['salt']);
fe16b01e 1429 if ($oldhash!=$GLOBALS['hash']) { echo '<script>alert("The old password is not correct.");document.location=\'?do=changepasswd\';</script>'; exit; }
45034273
SS		 1430 // Save new password
1431 $GLOBALS['salt'] = sha1(uniqid('',true).'_'.mt_rand()); // Salt renders rainbow-tables attacks useless.
1432 $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']);
1433 writeConfig();
fe16b01e 1434 echo '<script>alert("Your password has been changed.");document.location=\'?do=tools\';</script>';
45034273
SS		 1435 exit;
1436 }
1437 else // show the change password form.
1438 {
1439 $PAGE = new pageBuilder;
1440 $PAGE->assign('linkcount',count($LINKSDB));
1441 $PAGE->assign('token',getToken());
1442 $PAGE->renderPage('changepassword');
1443 exit;
1444 }
1445 }
1446
1447 // -------- User wants to change configuration
1448 if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=configure'))
1449 {
1450 if (!empty($_POST['title']) )
1451 {
ad6c27b7 1452 if (!tokenOk($_POST['token'])) die('Wrong token.'); // Go away!
45034273
SS		 1453 $tz = 'UTC';
1454 if (!empty($_POST['continent']) && !empty($_POST['city']))
1455 if (isTZvalid($_POST['continent'],$_POST['city']))
1456 $tz = $_POST['continent'].'/'.$_POST['city'];
1457 $GLOBALS['timezone'] = $tz;
1458 $GLOBALS['title']=$_POST['title'];
ebb2880d 1459 $GLOBALS['titleLink']=$_POST['titleLink'];
45034273
SS		 1460 $GLOBALS['redirector']=$_POST['redirector'];
1461 $GLOBALS['disablesessionprotection']=!empty($_POST['disablesessionprotection']);
858c5c2b 1462 $GLOBALS['disablejquery']=!empty($_POST['disablejquery']);
bb8f712d 1463 $GLOBALS['privateLinkByDefault']=!empty($_POST['privateLinkByDefault']);
ed5b38dd 1464 $GLOBALS['config']['ENABLE_RSS_PERMALINKS']= !empty($_POST['enableRssPermalinks']);
45034273 1465 writeConfig();
fe16b01e 1466 echo '<script>alert("Configuration was saved.");document.location=\'?do=tools\';</script>';
45034273
SS		 1467 exit;
1468 }
1469 else // Show the configuration form.
1470 {
1471 $PAGE = new pageBuilder;
1472 $PAGE->assign('linkcount',count($LINKSDB));
1473 $PAGE->assign('token',getToken());
1474 $PAGE->assign('title',htmlspecialchars( empty($GLOBALS['title']) ? '' : $GLOBALS['title'] , ENT_QUOTES));
1475 $PAGE->assign('redirector',htmlspecialchars( empty($GLOBALS['redirector']) ? '' : $GLOBALS['redirector'] , ENT_QUOTES));
1476 list($timezone_form,$timezone_js) = templateTZform($GLOBALS['timezone']);
ad6c27b7 1477 $PAGE->assign('timezone_form',$timezone_form); // FIXME: Put entire tz form generation in template?
45034273
SS		 1478 $PAGE->assign('timezone_js',$timezone_js);
1479 $PAGE->renderPage('configure');
1480 exit;
1481 }
1482 }
1483
1484 // -------- User wants to rename a tag or delete it
1485 if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=changetag'))
1486 {
1487 if (empty($_POST['fromtag']))
1488 {
1489 $PAGE = new pageBuilder;
1490 $PAGE->assign('linkcount',count($LINKSDB));
1491 $PAGE->assign('token',getToken());
1492 $PAGE->renderPage('changetag');
1493 exit;
1494 }
1495 if (!tokenOk($_POST['token'])) die('Wrong token.');
1496
1497 // Delete a tag:
1498 if (!empty($_POST['deletetag']) && !empty($_POST['fromtag']))
1499 {
1500 $needle=trim($_POST['fromtag']);
ad6c27b7 1501 $linksToAlter = $LINKSDB->filterTags($needle,true); // True for case-sensitive tag search.
45034273
SS		 1502 foreach($linksToAlter as $key=>$value)
1503 {
1504 $tags = explode(' ',trim($value['tags']));
1505 unset($tags[array_search($needle,$tags)]); // Remove tag.
1506 $value['tags']=trim(implode(' ',$tags));
1507 $LINKSDB[$key]=$value;
1508 }
ad6c27b7 1509 $LINKSDB->savedb(); // Save to disk.
fe16b01e 1510 echo '<script>alert("Tag was removed from '.count($linksToAlter).' links.");document.location=\'?\';</script>';
45034273
SS		 1511 exit;
1512 }
1513
1514 // Rename a tag:
1515 if (!empty($_POST['renametag']) && !empty($_POST['fromtag']) && !empty($_POST['totag']))
1516 {
1517 $needle=trim($_POST['fromtag']);
1518 $linksToAlter = $LINKSDB->filterTags($needle,true); // true for case-sensitive tag search.
1519 foreach($linksToAlter as $key=>$value)
1520 {
1521 $tags = explode(' ',trim($value['tags']));
ad6c27b7 1522 $tags[array_search($needle,$tags)] = trim($_POST['totag']); // Replace tags value.
45034273
SS		 1523 $value['tags']=trim(implode(' ',$tags));
1524 $LINKSDB[$key]=$value;
1525 }
ad6c27b7 1526 $LINKSDB->savedb(); // Save to disk.
fe16b01e 1527 echo '<script>alert("Tag was renamed in '.count($linksToAlter).' links.");document.location=\'?searchtags='.urlencode($_POST['totag']).'\';</script>';
45034273
SS		 1528 exit;
1529 }
1530 }
1531
ad6c27b7 1532 // -------- User wants to add a link without using the bookmarklet: Show form.
45034273
SS		 1533 if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=addlink'))
1534 {
1535 $PAGE = new pageBuilder;
1536 $PAGE->assign('linkcount',count($LINKSDB));
1537 $PAGE->renderPage('addlink');
1538 exit;
1539 }
1540
1541 // -------- User clicked the "Save" button when editing a link: Save link to database.
1542 if (isset($_POST['save_edit']))
1543 {
ad6c27b7 1544 if (!tokenOk($_POST['token'])) die('Wrong token.'); // Go away!
45034273
SS		 1545 $tags = trim(preg_replace('/\s\s+/',' ', $_POST['lf_tags'])); // Remove multiple spaces.
1546 $linkdate=$_POST['lf_linkdate'];
feebc6d4 1547 $url = trim($_POST['lf_url']);
dd064cc3 1548 if (!startsWith($url,'http:') && !startsWith($url,'https:') && !startsWith($url,'ftp:') && !startsWith($url,'magnet:') && !startsWith($url,'?'))
feebc6d4
SS		 1549 $url = 'http://'.$url;
1550 $link = array('title'=>trim($_POST['lf_title']),'url'=>$url,'description'=>trim($_POST['lf_description']),'private'=>(isset($_POST['lf_private']) ? 1 : 0),
45034273
SS		 1551 'linkdate'=>$linkdate,'tags'=>str_replace(',',' ',$tags));
1552 if ($link['title']=='') $link['title']=$link['url']; // If title is empty, use the URL as title.
1553 $LINKSDB[$linkdate] = $link;
ad6c27b7 1554 $LINKSDB->savedb(); // Save to disk.
45034273
SS		 1555 pubsubhub();
1556
1557 // If we are called from the bookmarklet, we must close the popup:
fe16b01e 1558 if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo '<script>self.close();</script>'; exit; }
45034273 1559 $returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' );
b342b2a4 1560 $returnurl .= '#'.smallHash($linkdate); // Scroll to the link which has been edited.
45034273
SS		 1561 header('Location: '.$returnurl); // After saving the link, redirect to the page the user was on.
1562 exit;
1563 }
1564
1565 // -------- User clicked the "Cancel" button when editing a link.
1566 if (isset($_POST['cancel_edit']))
1567 {
ad6c27b7 1568 // If we are called from the bookmarklet, we must close the popup:
fe16b01e 1569 if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo '<script>self.close();</script>'; exit; }
45034273 1570 $returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' );
b342b2a4 1571 $returnurl .= '#'.smallHash($_POST['lf_linkdate']); // Scroll to the link which has been edited.
45034273
SS		 1572 header('Location: '.$returnurl); // After canceling, redirect to the page the user was on.
1573 exit;
1574 }
1575
ad6c27b7 1576 // -------- User clicked the "Delete" button when editing a link: Delete link from database.
45034273
SS		 1577 if (isset($_POST['delete_link']))
1578 {
1579 if (!tokenOk($_POST['token'])) die('Wrong token.');
1580 // We do not need to ask for confirmation:
ad6c27b7 1581 // - confirmation is handled by JavaScript
45034273
SS		 1582 // - we are protected from XSRF by the token.
1583 $linkdate=$_POST['lf_linkdate'];
1584 unset($LINKSDB[$linkdate]);
1585 $LINKSDB->savedb(); // save to disk
1586
1587 // If we are called from the bookmarklet, we must close the popup:
fe16b01e 1588 if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo '<script>self.close();</script>'; exit; }
d528433d 1589 // Pick where we're going to redirect
1590 // =============================================================
1591 // Basically, we can't redirect to where we were previously if it was a permalink
1592 // or an edit_link, because it would 404.
1593 // Cases:
1594 // - / : nothing in $_GET, redirect to self
1595 // - /?page : redirect to self
1596 // - /?searchterm : redirect to self (there might be other links)
1597 // - /?searchtags : redirect to self
1598 // - /permalink : redirect to / (the link does not exist anymore)
1599 // - /?edit_link : redirect to / (the link does not exist anymore)
1600 // PHP treats the permalink as a $_GET variable, so we need to check if every condition for self
1601 // redirect is not satisfied, and only then redirect to /
1602 $location = "?";
1603 // Self redirection
1604 if (count($_GET) == 0 ||
1605 isset($_GET['page']) ||
1606 isset($_GET['searchterm']) ||
1607 isset($_GET['searchtags'])) {
1608
1609 if (isset($_POST['returnurl'])) {
1610 $location = $_POST['returnurl']; // Handle redirects given by the form
1611 }
1612
1613 if ($location === "?" &&
1614 isset($_SERVER['HTTP_REFERER'])) { // Handle HTTP_REFERER in case we're not coming from the same place.
1615 $location = $_SERVER['HTTP_REFERER'];
1616 }
1617 }
1618
1619 header('Location: ' . $location); // After deleting the link, redirect to appropriate location
45034273
SS		 1620 exit;
1621 }
1622
1623 // -------- User clicked the "EDIT" button on a link: Display link edit form.
1624 if (isset($_GET['edit_link']))
1625 {
1626 $link = $LINKSDB[$_GET['edit_link']]; // Read database
1627 if (!$link) { header('Location: ?'); exit; } // Link not found in database.
1628 $PAGE = new pageBuilder;
1629 $PAGE->assign('linkcount',count($LINKSDB));
1630 $PAGE->assign('link',$link);
1631 $PAGE->assign('link_is_new',false);
1632 $PAGE->assign('token',getToken()); // XSRF protection.
1633 $PAGE->assign('http_referer',(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''));
1634 $PAGE->renderPage('editlink');
1635 exit;
1636 }
1637
1638 // -------- User want to post a new link: Display link edit form.
1639 if (isset($_GET['post']))
1640 {
1641 $url=$_GET['post'];
1642
1643 // We remove the annoying parameters added by FeedBurner and GoogleFeedProxy (?utm_source=...)
1644 $i=strpos($url,'&utm_source='); if ($i!==false) $url=substr($url,0,$i);
1645 $i=strpos($url,'?utm_source='); if ($i!==false) $url=substr($url,0,$i);
1646 $i=strpos($url,'#xtor=RSS-'); if ($i!==false) $url=substr($url,0,$i);
1647
1648 $link_is_new = false;
1649 $link = $LINKSDB->getLinkFromUrl($url); // Check if URL is not already in database (in this case, we will edit the existing link)
1650 if (!$link)
1651 {
1652 $link_is_new = true; // This is a new link
1653 $linkdate = strval(date('Ymd_His'));
1654 $title = (empty($_GET['title']) ? '' : $_GET['title'] ); // Get title if it was provided in URL (by the bookmarklet).
7b2186a6 1655 $description = (empty($_GET['description']) ? '' : $_GET['description']); // Get description if it was provided in URL (by the bookmarklet). [Bronco added that]
3fac0a52 1656 $tags = (empty($_GET['tags']) ? '' : $_GET['tags'] ); // Get tags if it was provided in URL
732e683b 1657 $private = (!empty($_GET['private']) && $_GET['private'] === "1" ? 1 : 0); // Get private if it was provided in URL
45034273 1658 if (($url!='') && parse_url($url,PHP_URL_SCHEME)=='') $url = 'http://'.$url;
ad6c27b7 1659 // If this is an HTTP link, we try go get the page to extract the title (otherwise we will to straight to the edit form.)
45034273
SS		 1660 if (empty($title) && parse_url($url,PHP_URL_SCHEME)=='http')
1661 {
1662 list($status,$headers,$data) = getHTTP($url,4); // Short timeout to keep the application responsive.
1663 // FIXME: Decode charset according to specified in either 1) HTTP response headers or 2) <head> in html
002ef0e5
SS		 1664 if (strpos($status,'200 OK')!==false)
1665 {
1666 // Look for charset in html header.
1667 preg_match('#<meta .*charset=.*>#Usi', $data, $meta);
732e683b 1668
002ef0e5
SS		 1669 // If found, extract encoding.
1670 if (!empty($meta[0]))
1671 {
1672 // Get encoding specified in header.
1673 preg_match('#charset="?(.*)"#si', $meta[0], $enc);
1674 // If charset not found, use utf-8.
1675 $html_charset = (!empty($enc[1])) ? strtolower($enc[1]) : 'utf-8';
1676 }
1677 else { $html_charset = 'utf-8'; }
732e683b 1678
002ef0e5
SS		 1679 // Extract title
1680 $title = html_extract_title($data);
1681 if (!empty($title))
1682 {
1683 // Re-encode title in utf-8 if necessary.
1684 $title = ($html_charset == 'iso-8859-1') ? utf8_encode($title) : $title;
1685 }
1686 }
45034273 1687 }
27646ca5 1688 if ($url=='') // In case of empty URL, this is just a text (with a link that points to itself)
1689 {
1690 $url='?'.smallHash($linkdate);
1691 $title='Note: ';
1692 }
3fac0a52 1693 $link = array('linkdate'=>$linkdate,'title'=>$title,'url'=>$url,'description'=>$description,'tags'=>$tags,'private'=>$private);
45034273
SS		 1694 }
1695
1696 $PAGE = new pageBuilder;
1697 $PAGE->assign('linkcount',count($LINKSDB));
1698 $PAGE->assign('link',$link);
1699 $PAGE->assign('link_is_new',$link_is_new);
1700 $PAGE->assign('token',getToken()); // XSRF protection.
1701 $PAGE->assign('http_referer',(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''));
1702 $PAGE->renderPage('editlink');
1703 exit;
1704 }
1705
1706 // -------- Export as Netscape Bookmarks HTML file.
1707 if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=export'))
1708 {
1709 if (empty($_GET['what']))
1710 {
1711 $PAGE = new pageBuilder;
1712 $PAGE->assign('linkcount',count($LINKSDB));
1713 $PAGE->renderPage('export');
1714 exit;
1715 }
1716 $exportWhat=$_GET['what'];
ad6c27b7 1717 if (!array_intersect(array('all','public','private'),array($exportWhat))) die('What are you trying to export???');
45034273
SS		 1718
1719 header('Content-Type: text/html; charset=utf-8');
1720 header('Content-disposition: attachment; filename=bookmarks_'.$exportWhat.'_'.strval(date('Ymd_His')).'.html');
1721 $currentdate=date('Y/m/d H:i:s');
1722 echo <<<HTML
1723<!DOCTYPE NETSCAPE-Bookmark-file-1>
1724<!-- This is an automatically generated file.
1725 It will be read and overwritten.
1726 DO NOT EDIT! -->
1727<!-- Shaarli {$exportWhat} bookmarks export on {$currentdate} -->
1728<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8">
1729<TITLE>Bookmarks</TITLE>
1730<H1>Bookmarks</H1>
1731HTML;
1732 foreach($LINKSDB as $link)
1733 {
1734 if ($exportWhat=='all' ||
1735 ($exportWhat=='private' && $link['private']!=0) ||
1736 ($exportWhat=='public' && $link['private']==0))
1737 {
1738 echo '<DT><A HREF="'.htmlspecialchars($link['url']).'" ADD_DATE="'.linkdate2timestamp($link['linkdate']).'" PRIVATE="'.$link['private'].'"';
1739 if ($link['tags']!='') echo ' TAGS="'.htmlspecialchars(str_replace(' ',',',$link['tags'])).'"';
1740 echo '>'.htmlspecialchars($link['title'])."</A>\n";
1741 if ($link['description']!='') echo '<DD>'.htmlspecialchars($link['description'])."\n";
1742 }
1743 }
1744 exit;
1745 }
1746
1747 // -------- User is uploading a file for import
1748 if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=upload'))
1749 {
1750 // If file is too big, some form field may be missing.
1751 if (!isset($_POST['token']) || (!isset($_FILES)) || (isset($_FILES['filetoupload']['size']) && $_FILES['filetoupload']['size']==0))
1752 {
1753 $returnurl = ( empty($_SERVER['HTTP_REFERER']) ? '?' : $_SERVER['HTTP_REFERER'] );
fe16b01e 1754 echo '<script>alert("The file you are trying to upload is probably bigger than what this webserver can accept ('.getMaxFileSize().' bytes). Please upload in smaller chunks.");document.location=\''.htmlspecialchars($returnurl).'\';</script>';
45034273
SS		 1755 exit;
1756 }
1757 if (!tokenOk($_POST['token'])) die('Wrong token.');
1758 importFile();
1759 exit;
1760 }
1761
1762 // -------- Show upload/import dialog:
1763 if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=import'))
1764 {
1765 $PAGE = new pageBuilder;
1766 $PAGE->assign('linkcount',count($LINKSDB));
1767 $PAGE->assign('token',getToken());
1768 $PAGE->assign('maxfilesize',getMaxFileSize());
1769 $PAGE->renderPage('import');
1770 exit;
1771 }
1772
1773 // -------- Otherwise, simply display search form and links:
1774 $PAGE = new pageBuilder;
1775 $PAGE->assign('linkcount',count($LINKSDB));
1776 buildLinkList($PAGE,$LINKSDB); // Compute list of links to display
1777 $PAGE->renderPage('linklist');
1778 exit;
1779}
1780
1781// -----------------------------------------------------------------------------------------------
1782// Process the import file form.
1783function importFile()
1784{
1785 if (!(isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI'])) { die('Not allowed.'); }
1786 $LINKSDB=new linkdb(isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI']); // Read links from database (and filter private links if used it not logged in).
1787 $filename=$_FILES['filetoupload']['name'];
1788 $filesize=$_FILES['filetoupload']['size'];
1789 $data=file_get_contents($_FILES['filetoupload']['tmp_name']);
ad6c27b7 1790 $private = (empty($_POST['private']) ? 0 : 1); // Should the links be imported as private?
1791 $overwrite = !empty($_POST['overwrite']) ; // Should the imported links overwrite existing ones?
45034273
SS		 1792 $import_count=0;
1793
1794 // Sniff file type:
1795 $type='unknown';
1796 if (startsWith($data,'<!DOCTYPE NETSCAPE-Bookmark-file-1>')) $type='netscape'; // Netscape bookmark file (aka Firefox).
1797
1798 // Then import the bookmarks.
1799 if ($type=='netscape')
1800 {
1801 // This is a standard Netscape-style bookmark file.
ad6c27b7 1802 // This format is supported by all browsers (except IE, of course), also Delicious, Diigo and others.
45034273
SS		 1803 foreach(explode('<DT>',$data) as $html) // explode is very fast
1804 {
1805 $link = array('linkdate'=>'','title'=>'','url'=>'','description'=>'','tags'=>'','private'=>0);
1806 $d = explode('<DD>',$html);
1807 if (startswith($d[0],'<A '))
1808 {
1809 $link['description'] = (isset($d[1]) ? html_entity_decode(trim($d[1]),ENT_QUOTES,'UTF-8') : ''); // Get description (optional)
1810 preg_match('!<A .*?>(.*?)</A>!i',$d[0],$matches); $link['title'] = (isset($matches[1]) ? trim($matches[1]) : ''); // Get title
1811 $link['title'] = html_entity_decode($link['title'],ENT_QUOTES,'UTF-8');
1812 preg_match_all('! ([A-Z_]+)=\"(.*?)"!i',$html,$matches,PREG_SET_ORDER); // Get all other attributes
1813 $raw_add_date=0;
1814 foreach($matches as $m)
1815 {
1816 $attr=$m[1]; $value=$m[2];
1817 if ($attr=='HREF') $link['url']=html_entity_decode($value,ENT_QUOTES,'UTF-8');
fc93ae1d
AA		 1818 elseif ($attr=='ADD_DATE')
1819 {
1820 $raw_add_date=intval($value);
1821 if ($raw_add_date>30000000000) $raw_add_date/=1000; //If larger than year 2920, then was likely stored in milliseconds instead of seconds
1822 }
45034273
SS		 1823 elseif ($attr=='PRIVATE') $link['private']=($value=='0'?0:1);
1824 elseif ($attr=='TAGS') $link['tags']=html_entity_decode(str_replace(',',' ',$value),ENT_QUOTES,'UTF-8');
1825 }
1826 if ($link['url']!='')
1827 {
1828 if ($private==1) $link['private']=1;
1829 $dblink = $LINKSDB->getLinkFromUrl($link['url']); // See if the link is already in database.
1830 if ($dblink==false)
1831 { // Link not in database, let's import it...
1832 if (empty($raw_add_date)) $raw_add_date=time(); // In case of shitty bookmark file with no ADD_DATE
1833
1834 // Make sure date/time is not already used by another link.
1835 // (Some bookmark files have several different links with the same ADD_DATE)
ad6c27b7 1836 // We increment date by 1 second until we find a date which is not used in DB.
45034273
SS		 1837 // (so that links that have the same date/time are more or less kept grouped by date, but do not conflict.)
1838 while (!empty($LINKSDB[date('Ymd_His',$raw_add_date)])) { $raw_add_date++; }// Yes, I know it's ugly.
1839 $link['linkdate']=date('Ymd_His',$raw_add_date);
1840 $LINKSDB[$link['linkdate']] = $link;
1841 $import_count++;
1842 }
ad6c27b7 1843 else // Link already present in database.
45034273
SS		 1844 {
1845 if ($overwrite)
1846 { // If overwrite is required, we import link data, except date/time.
1847 $link['linkdate']=$dblink['linkdate'];
1848 $LINKSDB[$link['linkdate']] = $link;
1849 $import_count++;
1850 }
1851 }
1852
1853 }
1854 }
1855 }
1856 $LINKSDB->savedb();
1857
fe16b01e 1858 echo '<script>alert("File '.json_encode($filename).' ('.$filesize.' bytes) was successfully processed: '.$import_count.' links imported.");document.location=\'?\';</script>';
45034273
SS		 1859 }
1860 else
1861 {
fe16b01e 1862 echo '<script>alert("File '.json_encode($filename).' ('.$filesize.' bytes) has an unknown file format. Nothing was imported.");document.location=\'?\';</script>';
45034273
SS		 1863 }
1864}
1865
1866// -----------------------------------------------------------------------------------------------
1867// Template for the list of links (<div id="linklist">)
1868// This function fills all the necessary fields in the $PAGE for the template 'linklist.html'
1869function buildLinkList($PAGE,$LINKSDB)
1870{
1871 // ---- Filter link database according to parameters
1872 $linksToDisplay=array();
1873 $search_type='';
1874 $search_crits='';
1875 if (isset($_GET['searchterm'])) // Fulltext search
1876 {
1877 $linksToDisplay = $LINKSDB->filterFulltext(trim($_GET['searchterm']));
1878 $search_crits=htmlspecialchars(trim($_GET['searchterm']));
1879 $search_type='fulltext';
1880 }
1881 elseif (isset($_GET['searchtags'])) // Search by tag
1882 {
1883 $linksToDisplay = $LINKSDB->filterTags(trim($_GET['searchtags']));
1884 $search_crits=explode(' ',trim($_GET['searchtags']));
1885 $search_type='tags';
1886 }
1887 elseif (isset($_SERVER['QUERY_STRING']) && preg_match('/[a-zA-Z0-9-_@]{6}(&.+?)?/',$_SERVER['QUERY_STRING'])) // Detect smallHashes in URL
1888 {
1889 $linksToDisplay = $LINKSDB->filterSmallHash(substr(trim($_SERVER["QUERY_STRING"], '/'),0,6));
1890 if (count($linksToDisplay)==0)
1891 {
1892 header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");
1893 echo '<h1>404 Not found.</h1>Oh crap. The link you are trying to reach does not exist or has been deleted.';
ad6c27b7 1894 echo '<br>You would mind <a href="?">clicking here</a>?';
45034273
SS		 1895 exit;
1896 }
1897 $search_type='permalink';
1898 }
1899 else
ad6c27b7 1900 $linksToDisplay = $LINKSDB; // Otherwise, display without filtering.
bb8f712d 1901
45034273
SS		 1902 // Option: Show only private links
1903 if (!empty($_SESSION['privateonly']))
1904 {
1905 $tmp = array();
1906 foreach($linksToDisplay as $linkdate=>$link)
1907 {
1908 if ($link['private']!=0) $tmp[$linkdate]=$link;
1909 }
1910 $linksToDisplay=$tmp;
1911 }
1912
1913 // ---- Handle paging.
ad6c27b7 1914 /* Can someone explain to me why you get the following error when using array_keys() on an object which implements the interface ArrayAccess???
45034273
SS		 1915 "Warning: array_keys() expects parameter 1 to be array, object given in ... "
1916 If my class implements ArrayAccess, why won't array_keys() accept it ? ( $keys=array_keys($linksToDisplay); )
1917 */
ad6c27b7 1918 $keys=array(); foreach($linksToDisplay as $key=>$value) { $keys[]=$key; } // Stupid and ugly. Thanks PHP.
45034273
SS		 1919
1920 // If there is only a single link, we change on-the-fly the title of the page.
1921 if (count($linksToDisplay)==1) $GLOBALS['pagetitle'] = $linksToDisplay[$keys[0]]['title'].' - '.$GLOBALS['title'];
1922
1923 // Select articles according to paging.
1924 $pagecount = ceil(count($keys)/$_SESSION['LINKS_PER_PAGE']);
1925 $pagecount = ($pagecount==0 ? 1 : $pagecount);
1926 $page=( empty($_GET['page']) ? 1 : intval($_GET['page']));
1927 $page = ( $page<1 ? 1 : $page );
1928 $page = ( $page>$pagecount ? $pagecount : $page );
1929 $i = ($page-1)*$_SESSION['LINKS_PER_PAGE']; // Start index.
1930 $end = $i+$_SESSION['LINKS_PER_PAGE'];
1931 $linkDisp=array(); // Links to display
1932 while ($i<$end && $i<count($keys))
1933 {
1934 $link = $linksToDisplay[$keys[$i]];
1935 $link['description']=nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($link['description']))));
1936 $title=$link['title'];
1937 $classLi = $i%2!=0 ? '' : 'publicLinkHightLight';
1938 $link['class'] = ($link['private']==0 ? $classLi : 'private');
1939 $link['localdate']=linkdate2locale($link['linkdate']);
dd62b9ba
SS		 1940 $taglist = explode(' ',$link['tags']);
1941 uasort($taglist, 'strcasecmp');
1942 $link['taglist']=$taglist;
45034273
SS		 1943 $linkDisp[$keys[$i]] = $link;
1944 $i++;
1945 }
bb8f712d 1946
45034273
SS		 1947 // Compute paging navigation
1948 $searchterm= ( empty($_GET['searchterm']) ? '' : '&searchterm='.$_GET['searchterm'] );
1949 $searchtags= ( empty($_GET['searchtags']) ? '' : '&searchtags='.$_GET['searchtags'] );
1950 $paging='';
1951 $previous_page_url=''; if ($i!=count($keys)) $previous_page_url='?page='.($page+1).$searchterm.$searchtags;
1952 $next_page_url='';if ($page>1) $next_page_url='?page='.($page-1).$searchterm.$searchtags;
1953
bb8f712d
KT		 1954 $token = ''; if (isLoggedIn()) $token=getToken();
1955
45034273
SS		 1956 // Fill all template fields.
1957 $PAGE->assign('linkcount',count($LINKSDB));
1958 $PAGE->assign('previous_page_url',$previous_page_url);
1959 $PAGE->assign('next_page_url',$next_page_url);
1960 $PAGE->assign('page_current',$page);
1961 $PAGE->assign('page_max',$pagecount);
1962 $PAGE->assign('result_count',count($linksToDisplay));
1963 $PAGE->assign('search_type',$search_type);
bb8f712d 1964 $PAGE->assign('search_crits',$search_crits);
ad6c27b7 1965 $PAGE->assign('redirector',empty($GLOBALS['redirector']) ? '' : $GLOBALS['redirector']); // Optional redirector URL.
45034273
SS		 1966 $PAGE->assign('token',$token);
1967 $PAGE->assign('links',$linkDisp);
1968 return;
1969}
1970
1971// Compute the thumbnail for a link.
bb8f712d 1972//
ad6c27b7 1973// With a link to the original URL.
45034273 1974// Understands various services (youtube.com...)
ad6c27b7 1975// Input: $url = URL for which the thumbnail must be found.
45034273
SS		 1976// $href = if provided, this URL will be followed instead of $url
1977// Returns an associative array with thumbnail attributes (src,href,width,height,style,alt)
1978// Some of them may be missing.
1979// Return an empty array if no thumbnail available.
1980function computeThumbnail($url,$href=false)
1981{
1982 if (!$GLOBALS['config']['ENABLE_THUMBNAILS']) return array();
1983 if ($href==false) $href=$url;
1984
1985 // For most hosts, the URL of the thumbnail can be easily deduced from the URL of the link.
ad6c27b7 1986 // (e.g. http://www.youtube.com/watch?v=spVypYk4kto ---> http://img.youtube.com/vi/spVypYk4kto/default.jpg )
45034273
SS		 1987 // ^^^^^^^^^^^ ^^^^^^^^^^^
1988 $domain = parse_url($url,PHP_URL_HOST);
1989 if ($domain=='youtube.com' || $domain=='www.youtube.com')
1990 {
1991 parse_str(parse_url($url,PHP_URL_QUERY), $params); // Extract video ID and get thumbnail
1a663a0f 1992 if (!empty($params['v'])) return array('src'=>'https://img.youtube.com/vi/'.$params['v'].'/default.jpg',
45034273
SS		 1993 'href'=>$href,'width'=>'120','height'=>'90','alt'=>'YouTube thumbnail');
1994 }
1995 if ($domain=='youtu.be') // Youtube short links
1996 {
1997 $path = parse_url($url,PHP_URL_PATH);
1a663a0f 1998 return array('src'=>'https://img.youtube.com/vi'.$path.'/default.jpg',
bb8f712d 1999 'href'=>$href,'width'=>'120','height'=>'90','alt'=>'YouTube thumbnail');
45034273
SS		 2000 }
2001 if ($domain=='pix.toile-libre.org') // pix.toile-libre.org image hosting
2002 {
2003 parse_str(parse_url($url,PHP_URL_QUERY), $params); // Extract image filename.
2004 if (!empty($params) && !empty($params['img'])) return array('src'=>'http://pix.toile-libre.org/upload/thumb/'.urlencode($params['img']),
bb8f712d
KT		 2005 'href'=>$href,'style'=>'max-width:120px; max-height:150px','alt'=>'pix.toile-libre.org thumbnail');
2006 }
2007
45034273
SS		 2008 if ($domain=='imgur.com')
2009 {
2010 $path = parse_url($url,PHP_URL_PATH);
2011 if (startsWith($path,'/a/')) return array(); // Thumbnails for albums are not available.
1a663a0f 2012 if (startsWith($path,'/r/')) return array('src'=>'https://i.imgur.com/'.basename($path).'s.jpg',
45034273 2013 'href'=>$href,'width'=>'90','height'=>'90','alt'=>'imgur.com thumbnail');
1a663a0f 2014 if (startsWith($path,'/gallery/')) return array('src'=>'https://i.imgur.com'.substr($path,8).'s.jpg',
45034273
SS		 2015 'href'=>$href,'width'=>'90','height'=>'90','alt'=>'imgur.com thumbnail');
2016
1a663a0f 2017 if (substr_count($path,'/')==1) return array('src'=>'https://i.imgur.com/'.substr($path,1).'s.jpg',
45034273
SS		 2018 'href'=>$href,'width'=>'90','height'=>'90','alt'=>'imgur.com thumbnail');
2019 }
2020 if ($domain=='i.imgur.com')
2021 {
2022 $pi = pathinfo(parse_url($url,PHP_URL_PATH));
1a663a0f 2023 if (!empty($pi['filename'])) return array('src'=>'https://i.imgur.com/'.$pi['filename'].'s.jpg',
45034273
SS		 2024 'href'=>$href,'width'=>'90','height'=>'90','alt'=>'imgur.com thumbnail');
2025 }
2026 if ($domain=='dailymotion.com' || $domain=='www.dailymotion.com')
2027 {
2028 if (strpos($url,'dailymotion.com/video/')!==false)
2029 {
2030 $thumburl=str_replace('dailymotion.com/video/','dailymotion.com/thumbnail/video/',$url);
2031 return array('src'=>$thumburl,
2032 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'DailyMotion thumbnail');
2033 }
2034 }
2035 if (endsWith($domain,'.imageshack.us'))
2036 {
2037 $ext=strtolower(pathinfo($url,PATHINFO_EXTENSION));
2038 if ($ext=='jpg' || $ext=='jpeg' || $ext=='png' || $ext=='gif')
2039 {
2040 $thumburl = substr($url,0,strlen($url)-strlen($ext)).'th.'.$ext;
2041 return array('src'=>$thumburl,
2042 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'imageshack.us thumbnail');
2043 }
2044 }
2045
2046 // Some other hosts are SLOW AS HELL and usually require an extra HTTP request to get the thumbnail URL.
2047 // So we deport the thumbnail generation in order not to slow down page generation
2048 // (and we also cache the thumbnail)
2049
2050 if (!$GLOBALS['config']['ENABLE_LOCALCACHE']) return array(); // If local cache is disabled, no thumbnails for services which require the use a local cache.
2051
2052 if ($domain=='flickr.com' || endsWith($domain,'.flickr.com')
2053 || $domain=='vimeo.com'
2054 || $domain=='ted.com' || endsWith($domain,'.ted.com')
2055 || $domain=='xkcd.com' || endsWith($domain,'.xkcd.com')
2056 )
2057 {
2058 if ($domain=='vimeo.com')
ad6c27b7 2059 { // Make sure this vimeo URL points to a video (/xxx... where xxx is numeric)
45034273
SS		 2060 $path = parse_url($url,PHP_URL_PATH);
2061 if (!preg_match('!/\d+.+?!',$path)) return array(); // This is not a single video URL.
2062 }
2063 if ($domain=='xkcd.com' || endsWith($domain,'.xkcd.com'))
ad6c27b7 2064 { // Make sure this URL points to a single comic (/xxx... where xxx is numeric)
45034273
SS		 2065 $path = parse_url($url,PHP_URL_PATH);
2066 if (!preg_match('!/\d+.+?!',$path)) return array();
2067 }
2068 if ($domain=='ted.com' || endsWith($domain,'.ted.com'))
ad6c27b7 2069 { // Make sure this TED URL points to a video (/talks/...)
45034273
SS		 2070 $path = parse_url($url,PHP_URL_PATH);
2071 if ("/talks/" !== substr($path,0,7)) return array(); // This is not a single video URL.
2072 }
2073 $sign = hash_hmac('sha256', $url, $GLOBALS['salt']); // We use the salt to sign data (it's random, secret, and specific to each installation)
2074 return array('src'=>indexUrl().'?do=genthumbnail&hmac='.htmlspecialchars($sign).'&url='.urlencode($url),
2075 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail');
2076 }
2077
2078 // For all other, we try to make a thumbnail of links ending with .jpg/jpeg/png/gif
2079 // Technically speaking, we should download ALL links and check their Content-Type to see if they are images.
2080 // But using the extension will do.
2081 $ext=strtolower(pathinfo($url,PATHINFO_EXTENSION));
2082 if ($ext=='jpg' || $ext=='jpeg' || $ext=='png' || $ext=='gif')
2083 {
2084 $sign = hash_hmac('sha256', $url, $GLOBALS['salt']); // We use the salt to sign data (it's random, secret, and specific to each installation)
2085 return array('src'=>indexUrl().'?do=genthumbnail&hmac='.htmlspecialchars($sign).'&url='.urlencode($url),
bb8f712d 2086 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail');
45034273
SS		 2087 }
2088 return array(); // No thumbnail.
2089
2090}
2091
2092
2093// Returns the HTML code to display a thumbnail for a link
2094// with a link to the original URL.
2095// Understands various services (youtube.com...)
ad6c27b7 2096// Input: $url = URL for which the thumbnail must be found.
45034273
SS		 2097// $href = if provided, this URL will be followed instead of $url
2098// Returns '' if no thumbnail available.
2099function thumbnail($url,$href=false)
2100{
2101 $t = computeThumbnail($url,$href);
2102 if (count($t)==0) return ''; // Empty array = no thumbnail for this URL.
bb8f712d 2103
45034273
SS		 2104 $html='<a href="'.htmlspecialchars($t['href']).'"><img src="'.htmlspecialchars($t['src']).'"';
2105 if (!empty($t['width'])) $html.=' width="'.htmlspecialchars($t['width']).'"';
2106 if (!empty($t['height'])) $html.=' height="'.htmlspecialchars($t['height']).'"';
2107 if (!empty($t['style'])) $html.=' style="'.htmlspecialchars($t['style']).'"';
2108 if (!empty($t['alt'])) $html.=' alt="'.htmlspecialchars($t['alt']).'"';
2109 $html.='></a>';
2110 return $html;
2111}
2112
45034273
SS		 2113// Returns the HTML code to display a thumbnail for a link
2114// for the picture wall (using lazy image loading)
2115// Understands various services (youtube.com...)
ad6c27b7 2116// Input: $url = URL for which the thumbnail must be found.
45034273
SS		 2117// $href = if provided, this URL will be followed instead of $url
2118// Returns '' if no thumbnail available.
2119function lazyThumbnail($url,$href=false)
2120{
bb8f712d 2121 $t = computeThumbnail($url,$href);
45034273
SS		 2122 if (count($t)==0) return ''; // Empty array = no thumbnail for this URL.
2123
2124 $html='<a href="'.htmlspecialchars($t['href']).'">';
bb8f712d 2125
ad6c27b7 2126 // Lazy image (only loaded by JavaScript when in the viewport).
858c5c2b
SS		 2127 if (!empty($GLOBALS['disablejquery'])) // (except if jQuery is disabled)
2128 $html.='<img class="lazyimage" src="'.htmlspecialchars($t['src']).'"';
2129 else
2130 $html.='<img class="lazyimage" src="#" data-original="'.htmlspecialchars($t['src']).'"';
2131
45034273
SS		 2132 if (!empty($t['width'])) $html.=' width="'.htmlspecialchars($t['width']).'"';
2133 if (!empty($t['height'])) $html.=' height="'.htmlspecialchars($t['height']).'"';
2134 if (!empty($t['style'])) $html.=' style="'.htmlspecialchars($t['style']).'"';
2135 if (!empty($t['alt'])) $html.=' alt="'.htmlspecialchars($t['alt']).'"';
2136 $html.='>';
bb8f712d 2137
ad6c27b7 2138 // No-JavaScript fallback.
45034273
SS		 2139 $html.='<noscript><img src="'.htmlspecialchars($t['src']).'"';
2140 if (!empty($t['width'])) $html.=' width="'.htmlspecialchars($t['width']).'"';
2141 if (!empty($t['height'])) $html.=' height="'.htmlspecialchars($t['height']).'"';
2142 if (!empty($t['style'])) $html.=' style="'.htmlspecialchars($t['style']).'"';
2143 if (!empty($t['alt'])) $html.=' alt="'.htmlspecialchars($t['alt']).'"';
2144 $html.='></noscript></a>';
bb8f712d 2145
45034273
SS		 2146 return $html;
2147}
2148
2149
2150// -----------------------------------------------------------------------------------------------
2151// Installation
2152// This function should NEVER be called if the file data/config.php exists.
2153function install()
2154{
2155 // On free.fr host, make sure the /sessions directory exists, otherwise login will not work.
f6a6ca0a 2156 if (endsWith($_SERVER['HTTP_HOST'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705);
45034273 2157
f37664a2
SS		 2158
2159 // This part makes sure sessions works correctly.
2160 // (Because on some hosts, session.save_path may not be set correctly,
2161 // or we may not have write access to it.)
2162 if (isset($_GET['test_session']) && ( !isset($_SESSION) || !isset($_SESSION['session_tested']) || $_SESSION['session_tested']!='Working'))
2163 { // Step 2: Check if data in session is correct.
2164 echo '<pre>Sessions do not seem to work correctly on your server.<br>';
2165 echo 'Make sure the variable session.save_path is set correctly in your php config, and that you have write access to it.<br>';
01ec1791 2166 echo 'It currently points to '.session_save_path().'<br>';
2167 echo 'Check that the hostname used to access Shaarli contains a dot. On some browsers, accessing your server via a hostname like \'localhost\' or any custom hostname without a dot causes cookie storage to fail. We recommend accessing your server via it\'s IP address or Fully Qualified Domain Name.<br>';
2168 echo '<br><a href="?">Click to try again.</a></pre>';
f37664a2
SS		 2169 die;
2170 }
2171 if (!isset($_SESSION['session_tested']))
2172 { // Step 1 : Try to store data in session and reload page.
2173 $_SESSION['session_tested'] = 'Working'; // Try to set a variable in session.
2174 header('Location: '.indexUrl().'?test_session'); // Redirect to check stored data.
2175 }
2176 if (isset($_GET['test_session']))
ad6c27b7 2177 { // Step 3: Sessions are OK. Remove test parameter from URL.
f37664a2
SS		 2178 header('Location: '.indexUrl());
2179 }
2180
2181
45034273
SS		 2182 if (!empty($_POST['setlogin']) && !empty($_POST['setpassword']))
2183 {
2184 $tz = 'UTC';
2185 if (!empty($_POST['continent']) && !empty($_POST['city']))
2186 if (isTZvalid($_POST['continent'],$_POST['city']))
2187 $tz = $_POST['continent'].'/'.$_POST['city'];
2188 $GLOBALS['timezone'] = $tz;
2189 // Everything is ok, let's create config file.
2190 $GLOBALS['login'] = $_POST['setlogin'];
2191 $GLOBALS['salt'] = sha1(uniqid('',true).'_'.mt_rand()); // Salt renders rainbow-tables attacks useless.
2192 $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']);
2193 $GLOBALS['title'] = (empty($_POST['title']) ? 'Shared links on '.htmlspecialchars(indexUrl()) : $_POST['title'] );
2194 writeConfig();
fe16b01e 2195 echo '<script>alert("Shaarli is now configured. Please enter your login/password and start shaaring your links!");document.location=\'?do=login\';</script>';
45034273
SS		 2196 exit;
2197 }
2198
2199 // Display config form:
2200 list($timezone_form,$timezone_js) = templateTZform();
04751e04 2201 $timezone_html=''; if ($timezone_form!='') $timezone_html='<tr><td><b>Timezone:</b></td><td>'.$timezone_form.'</td></tr>';
bb8f712d 2202
45034273
SS		 2203 $PAGE = new pageBuilder;
2204 $PAGE->assign('timezone_html',$timezone_html);
2205 $PAGE->assign('timezone_js',$timezone_js);
2206 $PAGE->renderPage('install');
2207 exit;
2208}
2209
ad6c27b7 2210// Generates the timezone selection form and JavaScript.
45034273
SS		 2211// Input: (optional) current timezone (can be 'UTC/UTC'). It will be pre-selected.
2212// Output: array(html,js)
2213// Example: list($htmlform,$js) = templateTZform('Europe/Paris'); // Europe/Paris pre-selected.
ad6c27b7 2214// Returns array('','') if server does not support timezones list. (e.g. PHP 5.1 on free.fr)
45034273
SS		 2215function templateTZform($ptz=false)
2216{
ad6c27b7 2217 if (function_exists('timezone_identifiers_list')) // because of old PHP version (5.1) which can be found on free.fr
45034273
SS		 2218 {
2219 // Try to split the provided timezone.
2220 if ($ptz==false) { $l=timezone_identifiers_list(); $ptz=$l[0]; }
2221 $spos=strpos($ptz,'/'); $pcontinent=substr($ptz,0,$spos); $pcity=substr($ptz,$spos+1);
2222
2223 // Display config form:
2224 $timezone_form = '';
2225 $timezone_js = '';
ad6c27b7 2226 // The list is in the form "Europe/Paris", "America/Argentina/Buenos_Aires"...
45034273
SS		 2227 // We split the list in continents/cities.
2228 $continents = array();
2229 $cities = array();
2230 foreach(timezone_identifiers_list() as $tz)
2231 {
2232 if ($tz=='UTC') $tz='UTC/UTC';
2233 $spos = strpos($tz,'/');
2234 if ($spos!==false)
2235 {
2236 $continent=substr($tz,0,$spos); $city=substr($tz,$spos+1);
2237 $continents[$continent]=1;
2238 if (!isset($cities[$continent])) $cities[$continent]='';
e5aab50a 2239 $cities[$continent].='<option value="'.$city.'"'.($pcity==$city?' selected':'').'>'.$city.'</option>';
45034273
SS		 2240 }
2241 }
2242 $continents_html = '';
2243 $continents = array_keys($continents);
2244 foreach($continents as $continent)
e5aab50a 2245 $continents_html.='<option value="'.$continent.'"'.($pcontinent==$continent?' selected':'').'>'.$continent.'</option>';
45034273 2246 $cities_html = $cities[$pcontinent];
858c5c2b
SS		 2247 $timezone_form = "Continent: <select name=\"continent\" id=\"continent\" onChange=\"onChangecontinent();\">${continents_html}</select>";
2248 $timezone_form .= "&nbsp;&nbsp;&nbsp;&nbsp;City: <select name=\"city\" id=\"city\">${cities[$pcontinent]}</select><br />";
fe16b01e 2249 $timezone_js = "<script>";
45034273
SS		 2250 $timezone_js .= "function onChangecontinent(){document.getElementById(\"city\").innerHTML = citiescontinent[document.getElementById(\"continent\").value];}";
2251 $timezone_js .= "var citiescontinent = ".json_encode($cities).";" ;
2252 $timezone_js .= "</script>" ;
2253 return array($timezone_form,$timezone_js);
2254 }
2255 return array('','');
2256}
2257
2258// Tells if a timezone is valid or not.
2259// If not valid, returns false.
2260// If system does not support timezone list, returns false.
2261function isTZvalid($continent,$city)
2262{
2263 $tz = $continent.'/'.$city;
ad6c27b7 2264 if (function_exists('timezone_identifiers_list')) // because of old PHP version (5.1) which can be found on free.fr
45034273 2265 {
ad6c27b7 2266 if (in_array($tz, timezone_identifiers_list())) // it's a valid timezone?
45034273
SS		 2267 return true;
2268 }
2269 return false;
2270}
3385af12
LM		 2271if (!function_exists('json_encode')) {
2272 function json_encode($data) {
2273 switch ($type = gettype($data)) {
2274 case 'NULL':
2275 return 'null';
2276 case 'boolean':
2277 return ($data ? 'true' : 'false');
2278 case 'integer':
2279 case 'double':
2280 case 'float':
2281 return $data;
2282 case 'string':
2283 return '"' . addslashes($data) . '"';
2284 case 'object':
2285 $data = get_object_vars($data);
2286 case 'array':
2287 $output_index_count = 0;
2288 $output_indexed = array();
2289 $output_associative = array();
2290 foreach ($data as $key => $value) {
2291 $output_indexed[] = json_encode($value);
2292 $output_associative[] = json_encode($key) . ':' . json_encode($value);
2293 if ($output_index_count !== NULL && $output_index_count++ !== $key) {
2294 $output_index_count = NULL;
2295 }
2296 }
2297 if ($output_index_count !== NULL) {
2298 return '[' . implode(',', $output_indexed) . ']';
2299 } else {
2300 return '{' . implode(',', $output_associative) . '}';
2301 }
2302 default:
2303 return ''; // Not supported
2304 }
2305 }
2306}
45034273
SS		 2307
2308// Webservices (for use with jQuery/jQueryUI)
ad6c27b7 2309// e.g. index.php?ws=tags&term=minecr
45034273
SS		 2310function processWS()
2311{
2312 if (empty($_GET['ws']) || empty($_GET['term'])) return;
2313 $term = $_GET['term'];
2314 $LINKSDB=new linkdb(isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI']); // Read links from database (and filter private links if used it not logged in).
2315 header('Content-Type: application/json; charset=utf-8');
2316
ad6c27b7 2317 // Search in tags (case insensitive, cumulative search)
45034273
SS		 2318 if ($_GET['ws']=='tags')
2319 {
2320 $tags=explode(' ',str_replace(',',' ',$term)); $last = array_pop($tags); // Get the last term ("a b c d" ==> "a b c", "d")
2321 $addtags=''; if ($tags) $addtags=implode(' ',$tags).' '; // We will pre-pend previous tags
2322 $suggested=array();
2323 /* To speed up things, we store list of tags in session */
2324 if (empty($_SESSION['tags'])) $_SESSION['tags'] = $LINKSDB->allTags();
2325 foreach($_SESSION['tags'] as $key=>$value)
2326 {
2327 if (startsWith($key,$last,$case=false) && !in_array($key,$tags)) $suggested[$addtags.$key.' ']=0;
2328 }
2329 echo json_encode(array_keys($suggested));
2330 exit;
2331 }
2332
ad6c27b7 2333 // Search a single tag (case sensitive, single tag search)
45034273
SS		 2334 if ($_GET['ws']=='singletag')
2335 {
2336 /* To speed up things, we store list of tags in session */
2337 if (empty($_SESSION['tags'])) $_SESSION['tags'] = $LINKSDB->allTags();
2338 foreach($_SESSION['tags'] as $key=>$value)
2339 {
2340 if (startsWith($key,$term,$case=true)) $suggested[$key]=0;
2341 }
2342 echo json_encode(array_keys($suggested));
2343 exit;
2344 }
2345}
2346
2347// Re-write configuration file according to globals.
2348// Requires some $GLOBALS to be set (login,hash,salt,title).
ad6c27b7 2349// If the config file cannot be saved, an error message is displayed and the user is redirected to "Tools" menu.
45034273
SS		 2350// (otherwise, the function simply returns.)
2351function writeConfig()
2352{
2353 if (is_file($GLOBALS['config']['CONFIG_FILE']) && !isLoggedIn()) die('You are not authorized to alter config.'); // Only logged in user can alter config.
45034273
SS		 2354 $config='<?php $GLOBALS[\'login\']='.var_export($GLOBALS['login'],true).'; $GLOBALS[\'hash\']='.var_export($GLOBALS['hash'],true).'; $GLOBALS[\'salt\']='.var_export($GLOBALS['salt'],true).'; ';
2355 $config .='$GLOBALS[\'timezone\']='.var_export($GLOBALS['timezone'],true).'; date_default_timezone_set('.var_export($GLOBALS['timezone'],true).'); $GLOBALS[\'title\']='.var_export($GLOBALS['title'],true).';';
ebb2880d 2356 $config .= '$GLOBALS[\'titleLink\']='.var_export($GLOBALS['titleLink'],true).'; ';
45034273
SS		 2357 $config .= '$GLOBALS[\'redirector\']='.var_export($GLOBALS['redirector'],true).'; ';
2358 $config .= '$GLOBALS[\'disablesessionprotection\']='.var_export($GLOBALS['disablesessionprotection'],true).'; ';
858c5c2b 2359 $config .= '$GLOBALS[\'disablejquery\']='.var_export($GLOBALS['disablejquery'],true).'; ';
bb8f712d 2360 $config .= '$GLOBALS[\'privateLinkByDefault\']='.var_export($GLOBALS['privateLinkByDefault'],true).'; ';
ed5b38dd 2361 $config .= '$GLOBALS[\'config\'][\'ENABLE_RSS_PERMALINKS\']='.var_export($GLOBALS['config']['ENABLE_RSS_PERMALINKS'], true).'; ';
45034273
SS		 2362 $config .= ' ?>';
2363 if (!file_put_contents($GLOBALS['config']['CONFIG_FILE'],$config) || strcmp(file_get_contents($GLOBALS['config']['CONFIG_FILE']),$config)!=0)
2364 {
fe16b01e 2365 echo '<script>alert("Shaarli could not create the config file. Please make sure Shaarli has the right to write in the folder is it installed in.");document.location=\'?\';</script>';
45034273
SS		 2366 exit;
2367 }
2368}
2369
ad6c27b7 2370/* Because some f*cking services like flickr require an extra HTTP request to get the thumbnail URL,
45034273 2371 I have deported the thumbnail URL code generation here, otherwise this would slow down page generation.
ad6c27b7 2372 The following function takes the URL a link (e.g. a flickr page) and return the proper thumbnail.
2373 This function is called by passing the URL:
45034273 2374 http://mywebsite.com/shaarli/?do=genthumbnail&hmac=[HMAC]&url=[URL]
ad6c27b7 2375 [URL] is the URL of the link (e.g. a flickr page)
45034273
SS		 2376 [HMAC] is the signature for the [URL] (so that these URL cannot be forged).
2377 The function below will fetch the image from the webservice and store it in the cache.
2378*/
2379function genThumbnail()
2380{
2381 // Make sure the parameters in the URL were generated by us.
2382 $sign = hash_hmac('sha256', $_GET['url'], $GLOBALS['salt']);
ad6c27b7 2383 if ($sign!=$_GET['hmac']) die('Naughty boy!');
45034273
SS		 2384
2385 // Let's see if we don't already have the image for this URL in the cache.
2386 $thumbname=hash('sha1',$_GET['url']).'.jpg';
2387 if (is_file($GLOBALS['config']['CACHEDIR'].'/'.$thumbname))
2388 { // We have the thumbnail, just serve it:
2389 header('Content-Type: image/jpeg');
2390 echo file_get_contents($GLOBALS['config']['CACHEDIR'].'/'.$thumbname);
2391 return;
2392 }
2393 // We may also serve a blank image (if service did not respond)
2394 $blankname=hash('sha1',$_GET['url']).'.gif';
2395 if (is_file($GLOBALS['config']['CACHEDIR'].'/'.$blankname))
2396 {
2397 header('Content-Type: image/gif');
2398 echo file_get_contents($GLOBALS['config']['CACHEDIR'].'/'.$blankname);
2399 return;
2400 }
2401
2402 // Otherwise, generate the thumbnail.
2403 $url = $_GET['url'];
2404 $domain = parse_url($url,PHP_URL_HOST);
2405
2406 if ($domain=='flickr.com' || endsWith($domain,'.flickr.com'))
2407 {
ad6c27b7 2408 // Crude replacement to handle new flickr domain policy (They prefer www. now)
45034273
SS		 2409 $url = str_replace('http://flickr.com/','http://www.flickr.com/',$url);
2410
2411 // Is this a link to an image, or to a flickr page ?
2412 $imageurl='';
2413 if (endswith(parse_url($url,PHP_URL_PATH),'.jpg'))
ad6c27b7 2414 { // This is a direct link to an image. e.g. http://farm1.staticflickr.com/5/5921913_ac83ed27bd_o.jpg
45034273
SS		 2415 preg_match('!(http://farm\d+\.staticflickr\.com/\d+/\d+_\w+_)\w.jpg!',$url,$matches);
2416 if (!empty($matches[1])) $imageurl=$matches[1].'m.jpg';
2417 }
ad6c27b7 2418 else // This is a flickr page (html)
45034273
SS		 2419 {
2420 list($httpstatus,$headers,$data) = getHTTP($url,20); // Get the flickr html page.
2421 if (strpos($httpstatus,'200 OK')!==false)
2422 {
ad6c27b7 2423 // flickr now nicely provides the URL of the thumbnail in each flickr page.
45034273
SS		 2424 preg_match('!<link rel=\"image_src\" href=\"(.+?)\"!',$data,$matches);
2425 if (!empty($matches[1])) $imageurl=$matches[1];
2426
2427 // In albums (and some other pages), the link rel="image_src" is not provided,
2428 // but flickr provides:
2429 // <meta property="og:image" content="http://farm4.staticflickr.com/3398/3239339068_25d13535ff_z.jpg" />
2430 if ($imageurl=='')
2431 {
2432 preg_match('!<meta property=\"og:image\" content=\"(.+?)\"!',$data,$matches);
2433 if (!empty($matches[1])) $imageurl=$matches[1];
2434 }
2435 }
2436 }
2437
2438 if ($imageurl!='')
2439 { // Let's download the image.
2440 list($httpstatus,$headers,$data) = getHTTP($imageurl,10); // Image is 240x120, so 10 seconds to download should be enough.
2441 if (strpos($httpstatus,'200 OK')!==false)
2442 {
2443 file_put_contents($GLOBALS['config']['CACHEDIR'].'/'.$thumbname,$data); // Save image to cache.
2444 header('Content-Type: image/jpeg');
2445 echo $data;
2446 return;
2447 }
2448 }
2449 }
2450
2451 elseif ($domain=='vimeo.com' )
2452 {
2453 // This is more complex: we have to perform a HTTP request, then parse the result.
ad6c27b7 2454 // Maybe we should deport this to JavaScript ? Example: http://stackoverflow.com/questions/1361149/get-img-thumbnails-from-vimeo/4285098#4285098
45034273 2455 $vid = substr(parse_url($url,PHP_URL_PATH),1);
1a663a0f 2456 list($httpstatus,$headers,$data) = getHTTP('https://vimeo.com/api/v2/video/'.htmlspecialchars($vid).'.php',5);
45034273
SS		 2457 if (strpos($httpstatus,'200 OK')!==false)
2458 {
2459 $t = unserialize($data);
2460 $imageurl = $t[0]['thumbnail_medium'];
2461 // Then we download the image and serve it to our client.
2462 list($httpstatus,$headers,$data) = getHTTP($imageurl,10);
2463 if (strpos($httpstatus,'200 OK')!==false)
2464 {
2465 file_put_contents($GLOBALS['config']['CACHEDIR'].'/'.$thumbname,$data); // Save image to cache.
2466 header('Content-Type: image/jpeg');
2467 echo $data;
2468 return;
2469 }
2470 }
2471 }
2472
2473 elseif ($domain=='ted.com' || endsWith($domain,'.ted.com'))
2474 {
2475 // The thumbnail for TED talks is located in the <link rel="image_src" [...]> tag on that page
2476 // http://www.ted.com/talks/mikko_hypponen_fighting_viruses_defending_the_net.html
2477 // <link rel="image_src" href="http://images.ted.com/images/ted/28bced335898ba54d4441809c5b1112ffaf36781_389x292.jpg" />
bb8f712d 2478 list($httpstatus,$headers,$data) = getHTTP($url,5);
45034273
SS		 2479 if (strpos($httpstatus,'200 OK')!==false)
2480 {
2481 // Extract the link to the thumbnail
2482 preg_match('!link rel="image_src" href="(http://images.ted.com/images/ted/.+_\d+x\d+\.jpg)"!',$data,$matches);
2483 if (!empty($matches[1]))
2484 { // Let's download the image.
2485 $imageurl=$matches[1];
2486 list($httpstatus,$headers,$data) = getHTTP($imageurl,20); // No control on image size, so wait long enough.
2487 if (strpos($httpstatus,'200 OK')!==false)
2488 {
2489 $filepath=$GLOBALS['config']['CACHEDIR'].'/'.$thumbname;
2490 file_put_contents($filepath,$data); // Save image to cache.
2491 if (resizeImage($filepath))
2492 {
2493 header('Content-Type: image/jpeg');
2494 echo file_get_contents($filepath);
2495 return;
2496 }
2497 }
2498 }
2499 }
2500 }
bb8f712d 2501
45034273
SS		 2502 elseif ($domain=='xkcd.com' || endsWith($domain,'.xkcd.com'))
2503 {
2504 // There is no thumbnail available for xkcd comics, so download the whole image and resize it.
2505 // http://xkcd.com/327/
2506 // <img src="http://imgs.xkcd.com/comics/exploits_of_a_mom.png" title="<BLABLA>" alt="<BLABLA>" />
2507 list($httpstatus,$headers,$data) = getHTTP($url,5);
2508 if (strpos($httpstatus,'200 OK')!==false)
2509 {
2510 // Extract the link to the thumbnail
2511 preg_match('!<img src="(http://imgs.xkcd.com/comics/.*)" title="[^s]!',$data,$matches);
2512 if (!empty($matches[1]))
2513 { // Let's download the image.
2514 $imageurl=$matches[1];
2515 list($httpstatus,$headers,$data) = getHTTP($imageurl,20); // No control on image size, so wait long enough.
2516 if (strpos($httpstatus,'200 OK')!==false)
2517 {
2518 $filepath=$GLOBALS['config']['CACHEDIR'].'/'.$thumbname;
2519 file_put_contents($filepath,$data); // Save image to cache.
2520 if (resizeImage($filepath))
2521 {
2522 header('Content-Type: image/jpeg');
2523 echo file_get_contents($filepath);
2524 return;
2525 }
2526 }
2527 }
2528 }
bb8f712d 2529 }
45034273
SS		 2530
2531 else
2532 {
2533 // For all other domains, we try to download the image and make a thumbnail.
2534 list($httpstatus,$headers,$data) = getHTTP($url,30); // We allow 30 seconds max to download (and downloads are limited to 4 Mb)
2535 if (strpos($httpstatus,'200 OK')!==false)
2536 {
2537 $filepath=$GLOBALS['config']['CACHEDIR'].'/'.$thumbname;
2538 file_put_contents($filepath,$data); // Save image to cache.
2539 if (resizeImage($filepath))
2540 {
2541 header('Content-Type: image/jpeg');
2542 echo file_get_contents($filepath);
2543 return;
2544 }
2545 }
2546 }
2547
2548
2549 // Otherwise, return an empty image (8x8 transparent gif)
2550 $blankgif = base64_decode('R0lGODlhCAAIAIAAAP///////yH5BAEKAAEALAAAAAAIAAgAAAIHjI+py+1dAAA7');
2551 file_put_contents($GLOBALS['config']['CACHEDIR'].'/'.$blankname,$blankgif); // Also put something in cache so that this URL is not requested twice.
2552 header('Content-Type: image/gif');
2553 echo $blankgif;
2554}
2555
2556// Make a thumbnail of the image (to width: 120 pixels)
2557// Returns true if success, false otherwise.
2558function resizeImage($filepath)
2559{
2560 if (!function_exists('imagecreatefromjpeg')) return false; // GD not present: no thumbnail possible.
2561
2562 // Trick: some stupid people rename GIF as JPEG... or else.
2563 // So we really try to open each image type whatever the extension is.
2564 $header=file_get_contents($filepath,false,NULL,0,256); // Read first 256 bytes and try to sniff file type.
2565 $im=false;
2566 $i=strpos($header,'GIF8'); if (($i!==false) && ($i==0)) $im = imagecreatefromgif($filepath); // Well this is crude, but it should be enough.
2567 $i=strpos($header,'PNG'); if (($i!==false) && ($i==1)) $im = imagecreatefrompng($filepath);
2568 $i=strpos($header,'JFIF'); if ($i!==false) $im = imagecreatefromjpeg($filepath);
2569 if (!$im) return false; // Unable to open image (corrupted or not an image)
2570 $w = imagesx($im);
2571 $h = imagesy($im);
2572 $ystart = 0; $yheight=$h;
2573 if ($h>$w) { $ystart= ($h/2)-($w/2); $yheight=$w/2; }
2574 $nw = 120; // Desired width
2575 $nh = min(floor(($h*$nw)/$w),120); // Compute new width/height, but maximum 120 pixels height.
2576 // Resize image:
2577 $im2 = imagecreatetruecolor($nw,$nh);
2578 imagecopyresampled($im2, $im, 0, 0, 0, $ystart, $nw, $nh, $w, $yheight);
2579 imageinterlace($im2,true); // For progressive JPEG.
2580 $tempname=$filepath.'_TEMP.jpg';
2581 imagejpeg($im2, $tempname, 90);
2582 imagedestroy($im);
2583 imagedestroy($im2);
9e820906 2584 unlink($filepath);
45034273
SS		 2585 rename($tempname,$filepath); // Overwrite original picture with thumbnail.
2586 return true;
2587}
2588
2589// Invalidate caches when the database is changed or the user logs out.
ad6c27b7 2590// (e.g. tags cache).
45034273
SS		 2591function invalidateCaches()
2592{
2593 unset($_SESSION['tags']); // Purge cache attached to session.
2594 pageCache::purgeCache(); // Purge page cache shared by sessions.
2595}
2596
2597if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=genthumbnail')) { genThumbnail(); exit; } // Thumbnail generation/cache does not need the link database.
2598if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=rss')) { showRSS(); exit; }
2599if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=atom')) { showATOM(); exit; }
2600if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=dailyrss')) { showDailyRSS(); exit; }
bb8f712d 2601if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=daily')) { showDaily(); exit; }
45034273
SS		 2602if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'ws=')) { processWS(); exit; } // Webservices (for jQuery/jQueryUI)
2603if (!isset($_SESSION['LINKS_PER_PAGE'])) $_SESSION['LINKS_PER_PAGE']=$GLOBALS['config']['LINKS_PER_PAGE'];
2604renderPage();
03545ef6 2605?>
The personal, minimalist, super-fast, database free, bookmarking service - community repo