init.php

   1 <?php
   2
   3 require_once __DIR__ . '/vendor/autoload.php';
   4
   5 use Shaarli\Helper\ApplicationUtils;
   6 use Shaarli\Security\SessionManager;
   7
   8 // Set 'UTC' as the default timezone if it is not defined in php.ini
   9 // See http://php.net/manual/en/datetime.configuration.php#ini.date.timezone
  10 if (date_default_timezone_get() == '') {
  11     date_default_timezone_set('UTC');
  12 }
  13
  14 // High execution time in case of problematic imports/exports.
  15 ini_set('max_input_time', '60');
  16
  17 // Try to set max upload file size and read
  18 ini_set('memory_limit', '128M');
  19 ini_set('post_max_size', '16M');
  20 ini_set('upload_max_filesize', '16M');
  21
  22 // See all error except warnings
  23 error_reporting(E_ALL^E_WARNING);
  24
  25 // 3rd-party libraries
  26 if (! file_exists(__DIR__ . '/vendor/autoload.php')) {
  27     header('Content-Type: text/plain; charset=utf-8');
  28     echo "Error: missing Composer configuration\n\n"
  29         ."If you installed Shaarli through Git or using the development branch,\n"
  30         ."please refer to the installation documentation to install PHP"
  31         ." dependencies using Composer:\n"
  32         ."- https://shaarli.readthedocs.io/en/master/Server-configuration/\n"
  33         ."- https://shaarli.readthedocs.io/en/master/Download-and-Installation/";
  34     exit;
  35 }
  36
  37 // Ensure the PHP version is supported
  38 try {
  39     ApplicationUtils::checkPHPVersion('7.1', PHP_VERSION);
  40 } catch (Exception $exc) {
  41     header('Content-Type: text/plain; charset=utf-8');
  42     echo $exc->getMessage();
  43     exit;
  44 }
  45
  46 // Force cookie path (but do not change lifetime)
  47 $cookie = session_get_cookie_params();
  48 $cookiedir = '';
  49 if (dirname($_SERVER['SCRIPT_NAME']) != '/') {
  50     $cookiedir = dirname($_SERVER["SCRIPT_NAME"]).'/';
  51 }
  52 // Set default cookie expiration and path.
  53 session_set_cookie_params($cookie['lifetime'], $cookiedir, $_SERVER['SERVER_NAME']);
  54 // Set session parameters on server side.
  55 // Use cookies to store session.
  56 ini_set('session.use_cookies', 1);
  57 // Force cookies for session (phpsessionID forbidden in URL).
  58 ini_set('session.use_only_cookies', 1);
  59 // Prevent PHP form using sessionID in URL if cookies are disabled.
  60 ini_set('session.use_trans_sid', false);
  61
  62 define('SHAARLI_VERSION', ApplicationUtils::getVersion(__DIR__ .'/'. ApplicationUtils::$VERSION_FILE));
  63 define('SHAARLI_MUTEX_FILE', __FILE__);
  64
  65 session_name('shaarli');
  66 // Start session if needed (Some server auto-start sessions).
  67 if (session_status() == PHP_SESSION_NONE) {
  68     session_start();
  69 }
  70
  71 // Regenerate session ID if invalid or not defined in cookie.
  72 if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli'])) {
  73     session_regenerate_id(true);
  74     $_COOKIE['shaarli'] = session_id();
  75 }
  76
  77 // LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead.
  78 if (! defined('LC_MESSAGES')) {
  79     define('LC_MESSAGES', LC_COLLATE);
  80 }
  81
  82 // Prevent caching on client side or proxy: (yes, it's ugly)
  83 header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
  84 header("Cache-Control: no-store, no-cache, must-revalidate");
  85 header("Cache-Control: post-check=0, pre-check=0", false);
  86 header("Pragma: no-cache");