diff options
author | nodiscc <nodiscc@gmail.com> | 2015-03-15 14:21:33 +0100 |
---|---|---|
committer | nodiscc <nodiscc@gmail.com> | 2015-03-15 14:21:33 +0100 |
commit | bc66d513a9aa6da9361dbfc2f0b4bf384e9597a6 (patch) | |
tree | 204253dc05d4b21e59d10449c8d6bae551ab6e53 /doc/Home.md | |
parent | 4f8063b6394351749dee7fa3f5ab23cacbbd19a8 (diff) | |
parent | 1acc87eeac036b3ccfad5553b9092899cf2ecaa0 (diff) | |
download | Shaarli-bc66d513a9aa6da9361dbfc2f0b4bf384e9597a6.tar.gz Shaarli-bc66d513a9aa6da9361dbfc2f0b4bf384e9597a6.tar.zst Shaarli-bc66d513a9aa6da9361dbfc2f0b4bf384e9597a6.zip |
Merge branch 'include-doc' into next
Diffstat (limited to 'doc/Home.md')
-rw-r--r-- | doc/Home.md | 347 |
1 files changed, 347 insertions, 0 deletions
diff --git a/doc/Home.md b/doc/Home.md new file mode 100644 index 00000000..d68656e9 --- /dev/null +++ b/doc/Home.md | |||
@@ -0,0 +1,347 @@ | |||
1 | # Shaarli wiki | ||
2 | |||
3 | Welcome to the [Shaarli](https://github.com/shaarli/Shaarli/) wiki! Here you can find some info on how to use, configure, tweak and solve problems with your Shaarli. For general info, read the [README](https://github.com/shaarli/Shaarli/blob/master/README.md). | ||
4 | |||
5 | If you have any questions or ideas, please join the [chat](https://gitter.im/shaarli/Shaarli) (also reachable via [IRC](https://irc.gitter.im/)), post them in our [general discussion](https://github.com/shaarli/Shaarli/issues/44) or read the current [issues](https://github.com/shaarli/Shaarli/issues). If you've found a bug, please create a [new issue](https://github.com/shaarli/Shaarli/issues/new). | ||
6 | |||
7 | If you'd like a feature added, see if it fits in the list of [Ideas for Plugins](Ideas-for-plugins) and update the corresponding bug report. | ||
8 | |||
9 | _Note: This documentation is available online at https://github.com/shaarli/Shaarli/wiki, and locally in the `doc/` directory of your Shaarli installation._ | ||
10 | |||
11 | ------------------------------------------------------------------ | ||
12 | |||
13 | # Basic Usage | ||
14 | |||
15 | ### Add the sharing button (_bookmarklet_) to your browser | ||
16 | |||
17 | * Open your Shaarli and `Login` | ||
18 | * Click the `Tools` button in the top bar | ||
19 | * Drag the **`✚Shaare link` button**, and drop it to your browser's bookmarks bar. | ||
20 | |||
21 | _This bookmarklet button in compatible with Firefox, Opera, Chrome and Safari. Under Opera, you can't drag'n drop the button: You have to right-click on it and add a bookmark to your personal toolbar._ | ||
22 | |||
23 | ![](images/bookmarklet.png) | ||
24 | |||
25 | ### Share links using the _bookmarklet_ | ||
26 | |||
27 | * When you are visiting a webpage you would like to share with Shaarli, click the _bookmarklet_ you just added. | ||
28 | * A window opens. | ||
29 | * You can freely edit title, description, tags... to find it later using the text search or tag filtering. | ||
30 | * You will be able to edit this link later using the ![](https://raw.githubusercontent.com/shaarli/Shaarli/master/images/edit_icon.png) edit button. | ||
31 | * You can also check the “Private” box so that the link is saved but only visible to you. | ||
32 | * Click `Save`.**Voila! Your link is now shared.** | ||
33 | |||
34 | |||
35 | |||
36 | |||
37 | # Other usage examples | ||
38 | Shaarli can be used: | ||
39 | |||
40 | * to share, comment and save interesting links and news | ||
41 | * to bookmark useful/frequent personal links (as private links) and share them between computers | ||
42 | * as a minimal blog/microblog/writing platform (no character limit) | ||
43 | * as a read-it-later list (for example items tagged `readlater`) | ||
44 | * to draft and save articles/ideas | ||
45 | * to keep code snippets | ||
46 | * to keep notes and documentation | ||
47 | * as a shared clipboard between machines | ||
48 | * as a todo list | ||
49 | * to store playlists (e.g. with the `music` or `video` tags) | ||
50 | * to keep extracts/comments from webpages that may disappear | ||
51 | * to keep track of ongoing discussions (for example items tagged `discussion`) | ||
52 | * [to feed RSS aggregators](http://shaarli.chassegnouf.net/?9Efeiw) (planets) with specific tags | ||
53 | * to feed other social networks, blogs... using RSS feeds and external services (dlvr.it, ifttt.com ...) | ||
54 | |||
55 | ### Using Shaarli as a blog, notepad, pastebin... | ||
56 | |||
57 | * Go to your Shaarli setup and log in | ||
58 | * Click the `Add Link` button | ||
59 | * To share text only, do not enter any URL in the corresponding input field and click `Add Link` | ||
60 | * Pick a title and enter your article, or note, in the description field; add a few tags; optionally check `Private` then click `Save` | ||
61 | * Voilà! Your article is now published (privately if you selected that option) and accessible using its permalink. | ||
62 | |||
63 | |||
64 | ### RSS Feeds or Picture Wall for a specific search/tag | ||
65 | It is possible to filter RSS/ATOM feeds and Picture Wall on a Shaarli to **only display results of a specific search, or for a specific tag**. For example, if you want to subscribe only to links tagged `photography`: | ||
66 | * Go to the desired Shaarli instance. | ||
67 | * Search for the `photography` tag in the _Filter by tag_ box. Links tagged `photography` are displayed. | ||
68 | * Click on the `RSS Feed` button. | ||
69 | * You are presented with an RSS feed showing only these links. Subscribe to it to receive only updates with this tag. | ||
70 | * The same method **also works for a full-text search** (_Search_ box) **and for the Picture Wall** (want to only see pictures about `nature`?) | ||
71 | * You can also build the URL manually: `https://my.shaarli.domain/?do=rss&searchtags=nature`, `https://my.shaarli.domain/links/?do=picwall&searchterm=poney` | ||
72 | |||
73 | ![](rss-filter-1.png) ![](rss-filter-2.png) | ||
74 | |||
75 | # Configuration | ||
76 | |||
77 | ### Main data/options.php file | ||
78 | |||
79 | To change the configuration, create the file `data/options.php`, example: | ||
80 | ``` | ||
81 | <?php | ||
82 | $GLOBALS['config']['LINKS_PER_PAGE'] = 30; | ||
83 | $GLOBALS['config']['HIDE_TIMESTAMPS'] = true; | ||
84 | $GLOBALS['config']['ENABLE_THUMBNAILS'] = false; | ||
85 | ?> | ||
86 | ``` | ||
87 | The following parameters are available (parameters (default value)): | ||
88 | |||
89 | * `DATADIR ('data')` : This is the name of the subdirectory where Shaarli stores is data file. You can change it for better security. | ||
90 | * `CONFIG_FILE ($GLOBALS['config']['DATADIR'].'/config.php')` : Name of file which is used to store login/password. | ||
91 | * `DATASTORE ($GLOBALS['config']['DATADIR'].'/datastore.php')` : Name of file which contains the link database. | ||
92 | * `LINKS_PER_PAGE (20)` : Default number of links per page displayed. | ||
93 | * `IPBANS_FILENAME ($GLOBALS['config']['DATADIR'].'/ipbans.php')` : Name of file which records login attempts and IP bans. | ||
94 | * `BAN_AFTER (4)` : An IP address will be banned after this many failed login attempts. | ||
95 | * `BAN_DURATION (1800)` : Duration of ban (in seconds). (1800 seconds = 30 minutes) | ||
96 | * `OPEN_SHAARLI (false)` : If you set this option to true, anyone will be able to add/modify/delete/import/exports links without having to login. | ||
97 | * `HIDE_TIMESTAMPS (false)` : If you set this option to true, the date/time of each link will not be displayed (including in RSS Feed). | ||
98 | * `ENABLE_THUMBNAILS (true)` : Enable/disable thumbnails. | ||
99 | * `CACHEDIR ('cache')` : Directory where the thumbnails are stored. | ||
100 | * `ENABLE_LOCALCACHE (true)` : If you have a limited quota on your webspace, you can set this option to false: Shaarli will not generate thumbnails which need to be cached locally (vimeo, flickr, etc.). Thumbnails will still be visible for the services which do not use the local cache (youtube.com, imgur.com, dailymotion.com, imageshack.us) | ||
101 | * `UPDATECHECK_FILENAME ($GLOBALS['config']['DATADIR'].'/lastupdatecheck.txt')` : name of the file used to store available shaarli version. | ||
102 | * `UPDATECHECK_INTERVAL (86400)` : Delay between new Shaarli version check. 86400 seconds = 24 hours. Note that if you do not login for a week, Shaarli will not check for new version for a week. | ||
103 | * `ENABLE_UPDATECHECK`: Determines whether Shaarli check for new releases at https://github.com/shaarli/Shaarli | ||
104 | * `SHOW_ATOM (false)` : Show an `ATOM Feed` button next to the `Subscribe` (RSS) button. ATOM feeds are available at the address `?do=atom` regardless of this option. | ||
105 | * `ARCHIVE_ORG (false)` : For each link, display a link to an archived version on archive.org | ||
106 | * `ENABLE_RSS_PERMALINKS (true)`: choose whether the RSS item title link points directly to the link, or to the entry on Shaarli (permalink). `true` is the original Shaarli bahevior (point directly to the link) | ||
107 | |||
108 | |||
109 | ### Changing theme | ||
110 | * Shaarli's apparence can be modified by editing CSS rules in `inc/user.css`. This file allows to override rules defined in the main `inc/shaarli.css` (only add changed rules), or define a whole new theme. | ||
111 | * Do not edit `inc/shaarli.css`! Your changes would be overriden when updating Shaarli. | ||
112 | * Some themes are available at https://github.com/shaarli/shaarli-themes. | ||
113 | |||
114 | See also: | ||
115 | * [Download CSS styles for shaarlis listed in an opml file](https://github.com/shaarli/Shaarli/wiki/Download-CSS-styles-for-shaarlis-listed-in-an-opml-file) | ||
116 | |||
117 | |||
118 | # Backup | ||
119 | |||
120 | You have two ways of backing up your database: | ||
121 | * **Backup the file `data/datastore.php`** (by FTP or SSH). Restore by putting the file back in place. | ||
122 | * Example command: `rsync -avzP my.server.com:/var/www/shaarli/data/datastore.php datastore-$(date +%Y-%m-%d_%H%M).php` | ||
123 | * **Export your links as HTML** (Menu `Tools` > `Export`). Restore by using the `Import` feature. | ||
124 | * This can be done using the [shaarchiver](https://github.com/nodiscc/shaarchiver) tool. Example command: `./export-bookmarks.py --url=https://my.server.com/shaarli --username=myusername --password=mysupersecretpassword --download-dir=./ --type=all` | ||
125 | |||
126 | |||
127 | |||
128 | # Login bruteforce protection | ||
129 | Login form is protected against brute force attacks: 4 failed logins will ban the IP address from login for 30 minutes. Banned IPs can still browse links. | ||
130 | |||
131 | To remove the current IP bans, delete the file `data/ipbans.php` | ||
132 | |||
133 | ## List of all login attempts | ||
134 | |||
135 | The file `data/log.txt` shows all logins (successful or failed) and bans/lifted bans. | ||
136 | Search for `failed` in this file to look for unauthorized login attempts. | ||
137 | |||
138 | # Troubleshooting | ||
139 | |||
140 | ### I forgot my password ! | ||
141 | |||
142 | Delete the file data/config.php and display the page again. You will be asked for a new login/password. | ||
143 | |||
144 | |||
145 | ### Exporting from Diigo | ||
146 | |||
147 | If you export your bookmark from Diigo, make sure you use the Delicious export, not the Netscape export. (Their Netscape export is broken, and they don't seem to be interested in fixing it.) | ||
148 | |||
149 | ### Importing from SemanticScuttle | ||
150 | |||
151 | To correctly import the tags from a [SemanticScuttle](http://semanticscuttle.sourceforge.net/) HTML export, edit the HTML file before importing and replace all occurences of `tags=` (lowercase) to `TAGS=` (uppercase). | ||
152 | |||
153 | ### Importing from Mister Wong | ||
154 | See [this issue](https://github.com/sebsauvage/Shaarli/issues/146) for import tweaks. | ||
155 | |||
156 | |||
157 | ### Hosting problems | ||
158 | * On **free.fr** : Please note that free uses php 5.1 and thus you will not have autocomplete in tag editing. Don't forget to create a `sessions` directory at the root of your webspace. Change the file extension to `.php5` or create a `.htaccess` file in the directory where Shaarli is located containing: | ||
159 | |||
160 | ``` | ||
161 | php 1 | ||
162 | SetEnv PHP_VER 5 | ||
163 | ``` | ||
164 | |||
165 | * If you have an error such as: `Parse error: syntax error, unexpected '=', expecting '(' in /links/index.php on line xxx`, it means that your host is using php4, not php5. Shaarli requires php 5.1. Try changing the file extension to `.php5` | ||
166 | * On **1and1** : If you add the link from the page (and not from the bookmarklet), Shaarli will no be able to get the title of the page. You will have to enter it manually. (Because they have disabled the ability to download a file through HTTP). | ||
167 | * If you have the error `Warning: file_get_contents() [function.file-get-contents]: URL file-access is disabled in the server configuration in /…/index.php on line xxx`, it means that your host has disabled the ability to fetch a file by HTTP in the php config (Typically in 1and1 hosting). Bad host. Change host. Or comment the following lines: | ||
168 | |||
169 | ``` | ||
170 | //list($status,$headers,$data) = getHTTP($url,4); // Short timeout to keep the application responsive. | ||
171 | // FIXME: Decode charset according to charset specified in either 1) HTTP response headers or 2) <head> in html | ||
172 | //if (strpos($status,'200 OK')) $title=html_extract_title($data); | ||
173 | ``` | ||
174 | |||
175 | * On hosts which forbid outgoing HTTP requests (such as free.fr), some thumbnails will not work. | ||
176 | * On **lost-oasis**, RSS doesn't work correctly, because of this message at the begining of the RSS/ATOM feed : `<? // tout ce qui est charge ici (generalement des includes et require) est charge en permanence. ?>`. To fix this, remove this message from `php-include/prepend.php` | ||
177 | |||
178 | ### Dates are not properly formatted | ||
179 | Shaarli tries to sniff the language of the browser (using HTTP_ACCEPT_LANGUAGE headers) and choose a date format accordingly. But Shaarli can only use the date formats (and more generaly speaking, the locales) provided by the webserver. So even if you have a browser in French, you may end up with dates in US format (it's the case on sebsauvage.net :-( ) | ||
180 | |||
181 | ### Problems on CentOS servers | ||
182 | On **CentOS**/RedHat derivatives, you may need to install the `php-mbstring` package. | ||
183 | |||
184 | |||
185 | ### My session expires ! I can't stay logged in | ||
186 | This can be caused by several things: | ||
187 | |||
188 | * Your php installation may not have a proper directory setup for session files. (eg. on Free.fr you need to create a `session` directory on the root of your website.) You may need to create the session directory of set it up. | ||
189 | * Most hosts regularly clean the temporary and session directories. Your host may be cleaning those directories too aggressively (eg.OVH hosts), forcing an expire of the session. You may want to set the session directory in your web root. (eg. Create the `sessions` subdirectory and add `ini_set('session.save_path', $_SERVER['DOCUMENT_ROOT'].'/../sessions');`. Make sure this directory is not browsable !) | ||
190 | * If your IP address changes during surfing, Shaarli will force expire your session for security reasons (to prevent session cookie hijacking). This can happen when surfing from WiFi or 3G (you may have switched WiFi/3G access point), or in some corporate/university proxies which use load balancing (and may have proxies with several external IP addresses). | ||
191 | * Some browser addons may interfer with HTTP headers (ipfuck/ipflood/GreaseMonkey…). Try disabling those. | ||
192 | * You may be using OperaTurbo or OperaMini, which use their own proxies which may change from time to time. | ||
193 | * If you have another application on the same webserver where Shaarli is installed, these application may forcefully expire php sessions. | ||
194 | |||
195 | ### `Sessions do not seem to work correctly on your server` | ||
196 | Follow the instructions in the error message. Make sure you are accessing shaarli via a direct IP address or a proper hostname. If you have **no dots** in the hostname (e.g. `localhost` or `http://my-webserver/shaarli/`), some browsers will not store cookies at all (this respects the [HTTP cookie specification](http://curl.haxx.se/rfc/cookie_spec.html)). | ||
197 | |||
198 | |||
199 | ### pubsubhubbub support | ||
200 | |||
201 | Download [publisher.php](https://pubsubhubbub.googlecode.com/git/publisher_clients/php/library/publisher.php) at the root of your Shaarli installation and set `$GLOBALS['config']['PUBSUBHUB_URL']` in your `config.php` | ||
202 | |||
203 | # Notes | ||
204 | ### Various hacks | ||
205 | |||
206 | * [Example patch: add a new "via" field for links](Example-patch---add-new-via-field-for-links) | ||
207 | * [Copy a Shaarli installation over SSH SCP, serve it locally with php cli](Copy-a-Shaarli-installation-over-SSH-SCP,-serve-it-locally-with-php-cli) | ||
208 | * To display the array representing the data saved in datastore.php, use the following snippet | ||
209 | |||
210 | ### Changing timestamp for a link | ||
211 | * Look for `<input type="hidden" name="lf_linkdate" value="{$link.linkdate}">` in `tpl/editlink.tpl` (line 14) | ||
212 | * Remove `type="hidden"` from this line | ||
213 | * A new date/time field becomes available in the edit/new link dialog. You can set the timestamp manually by entering it in the format `YYYMMDD_HHMMS`. | ||
214 | |||
215 | ``` | ||
216 | $data = "tZNdb9MwFIb... <Commented content inside datastore.php>"; | ||
217 | $out = unserialize(gzinflate(base64_decode($data))); | ||
218 | echo "<pre>"; // Pretty printing is love, pretty printing is life | ||
219 | print_r($out); | ||
220 | echo "</pre>"; | ||
221 | exit; | ||
222 | ``` | ||
223 | This will output the internal representation of the datastore, "unobfuscated" (if this can really be considered obfuscation) | ||
224 | |||
225 | |||
226 | # Related software | ||
227 | Unofficial but relatedd work on Shaarli. If you maintain one of these, please get in touch with us to help us find a way to adapt your work to our fork. **TODO** contact repos owners to see if they'd like to standardize their work for the community fork. | ||
228 | |||
229 | * [shaarchiver](https://github.com/nodiscc/shaarchiver) - Archive your Shaarli bookmarks and their content | ||
230 | * [Shaarli for Android](http://sebsauvage.net/links/?ZAyDzg) - Android application that adds Shaarli as a sharing provider | ||
231 | * [shaarli-river](https://github.com/mknexen/shaarli-river) - an aggregator for shaarlis with many features | ||
232 | * [Shaarlo](https://github.com/DMeloni/shaarlo) - an aggregator for shaarlis with many features ([Demo](http://shaarli.fr/)) | ||
233 | * [kalvn/shaarli-blocks](https://github.com/kalvn/shaarli-blocks) - A template/theme for Shaarli | ||
234 | * [Vinm/Blue-theme-for Shaarli](https://github.com/Vinm/Blue-theme-for-Shaarli) - A template/theme for Shaarli | ||
235 | * [vivienhaese/shaarlitheme](https://github.com/vivienhaese/shaarlitheme) - A Shaarli fork meant to be run in an openshift instance | ||
236 | * [tt-rss-shaarli](https://github.com/jcsaaddupuy/tt-rss-shaarli) - [TinyTiny RSS](http://tt-rss.org/) plugin that adds support for sharing articles with Shaarli | ||
237 | * [dhoko/ShaarliTemplate](https://github.com/dhoko/ShaarliTemplate) - A template/theme for Shaarli | ||
238 | * [mknexen/shaarli-api](https://github.com/mknexen/shaarli-api) - a REST API for Shaarli | ||
239 | * [Shaarli-Albinomouse](https://github.com/alexisju/Shaarli-AlbinoMouse) - A fork of Shaarli with a different template | ||
240 | * [Shaarlimages](https://github.com/BoboTiG/shaarlimages) - An image-oriented aggregator for Shaarlis | ||
241 | * [Shaarli Superhero Theme](https://github.com/AkibaTech/Shaarli---SuperHero-Theme) - A template/theme for Shaarli | ||
242 | * [Limonade](https://github.com/misterair/limonade) - A fork of Shaarli with a new template | ||
243 | * [octopress-shaarli](https://github.com/ahmet2mir/octopress-shaarli) - octoprress plugin to retrieve SHaarli links on the sidebara | ||
244 | * [Bookie](https://github.com/bookieio/bookie) - Another self-hostable, Free bookmark sharing software, written in Python | ||
245 | |||
246 | |||
247 | |||
248 | # Other links | ||
249 | * [Liens en vrac de sebsauvage](http://sebsauvage.net/links/) - the original Shaarli | ||
250 | * [A large list of Shaarlis](http://porneia.free.fr/pub/links/ou-est-shaarli.html) | ||
251 | * [A list of working Shaarli aggregators](https://raw.githubusercontent.com/Oros42/find_shaarlis/master/annuaires.json) | ||
252 | * [A list of some known Shaarlis](https://github.com/Oros42/shaarlis_list) | ||
253 | * [Adieu Delicious, Diigo et StumbleUpon. Salut Shaarli ! - sebsauvage.net](http://sebsauvage.net/rhaa/index.php?2011/09/16/09/29/58-adieu-delicious-diigo-et-stumbleupon-salut-shaarli-) (fr) _16/09/2011 - the original post about Shaarli_ | ||
254 | * [Mentions of Shaarli in the press](Mentions-of-Shaarli-in-%22the-press%22) | ||
255 | * [Original ideas/fixme/TODO page](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:ideas) | ||
256 | * [Original discussion page](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:discussion) (fr) | ||
257 | * [Original revisions history](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history) | ||
258 | * [Shaarli.fr/my](https://www.shaarli.fr/my.php) - Unofficial, unsupported (old fork) hosted Shaarlis provider, courtesy of [DMeloni](https://github.com/DMeloni) | ||
259 | * [Shaarli Communauty](http://shaarferme.etudiant-libre.fr.nf/index.php) - Another unofficial Shaarli hoster (unsupported, old fork), hoster unknown | ||
260 | |||
261 | |||
262 | |||
263 | |||
264 | # FAQ | ||
265 | |||
266 | ### Why did you create Shaarli ? | ||
267 | |||
268 | I was a StumbleUpon user. Then I got fed up with they big toolbar. I switched to delicious, which was lighter, faster and more beautiful. Until Yahoo bought it. Then the export API broke all the time, delicious became slow and was ditched by Yahoo. I switched to Diigo, which is not bad, but does too much. And Diigo is sslllooooowww and their Firefox extension a bit buggy. And… oh… **their Firefox addon sends to Diigo every single URL you visit** (Don't believe me ? Use [Tamper Data](https://addons.mozilla.org/en-US/firefox/addon/tamper-data/) and open any page). | ||
269 | |||
270 | Enough is enough. Saving simple links should not be a complicated heavy thing. I ditched them all and wrote my own: Shaarli. It's simple, but it does the job and does it well. And my data is not hosted on a foreign server, but on my server. | ||
271 | |||
272 | ### Why use Shaarli and not Delicious/Diigo ? | ||
273 | |||
274 | With Shaarli: | ||
275 | |||
276 | * The data is yours: It's hosted on your server. | ||
277 | * Never fear of having your data locked-in. | ||
278 | * Never fear to have your data sold to third party. | ||
279 | * Your private links are not hosted on a third party server. | ||
280 | * You are not tracked by browser addons (like Diigo does) | ||
281 | * You can change the look and feel of the pages if you want. | ||
282 | * You can change the behaviour of the program. | ||
283 | * It's magnitude faster than most bookmarking services. | ||
284 | |||
285 | ### What does Shaarli mean ? | ||
286 | |||
287 | Shaarli is for shaaring your links. | ||
288 | |||
289 | |||
290 | |||
291 | # Technical details | ||
292 | * Application is protected against XSRF (Cross-site requests forgery): Forms which act on data (save,delete…) contain a token generated by the server. Any posted form which does not contain a valid token is rejected. Any token can only be used once. Token are attached to the session and cannot be reused in another session. | ||
293 | * Sessions automatically expires after 60 minutes. Sessions are protected against highjacking: The sessionID cannot be used from a different IP address. | ||
294 | * An .htaccess file protects the data file. | ||
295 | * Link database is an associative array which is serialized, compressed (with deflate), base64-encoded and saved as a comment in a .php file. Thus even if the server does not support htaccess files, the data file will still not be readable by URL. The database looks like this: | ||
296 | ``` | ||
297 | <?php /* zP1ZjxxJtiYIvvevEPJ2lDOaLrZv7o... | ||
298 | ...ka7gaco/Z+TFXM2i7BlfMf8qxpaSSYfKlvqv/x8= */ ?> | ||
299 | ``` | ||
300 | |||
301 | * The password is salted, hashed and stored in the data subdirectory, in a php file, and protected by htaccess. Even if the webserver does not support htaccess, the hash is not readable by URL. Even if the .php file is stolen, the password cannot deduced from the hash. The salt prevents rainbow-tables attacks. | ||
302 | * Shaarli relies on `HTTP_REFERER` for some functions (like redirects and clicking on tags). If you have disabled or masqueraded `HTTP_REFERER` in your browser, some features of Shaarli may not work | ||
303 | * `magic_quotes` is a horrible option of php which is often activated on servers. No serious developer should rely on this horror to secure their code against SQL injections. You should disable it (and Shaarli expects this option to be disabled). Nevertheless, I have added code to cope with magic_quotes on, so you should not be bothered even on crappy hosts. | ||
304 | * Small hashes are used to make a link to an entry in Shaarli. They are unique. In fact, the date of the items (eg.20110923_150523) is hashed with CRC32, then converted to base64 and some characters are replaced. They are always 6 characters longs and use only A-Z a-z 0-9 - _ and @. | ||
305 | |||
306 | ### Directory structure | ||
307 | |||
308 | Here is the directory structure of Shaarli and the purpose of the different files: | ||
309 | |||
310 | ``` | ||
311 | index.php : Main program. | ||
312 | COPYING : Shaarli license. | ||
313 | inc/ : Includes (libraries, CSS…) | ||
314 | shaarli.css : Shaarli stylesheet. | ||
315 | jquery.min.js : jQuery javascript library. | ||
316 | jquery-ui.min.js : jQuery-UI javascript library. | ||
317 | jquery-MIT-LICENSE.txt: jQuery license. | ||
318 | jquery.lazyload.min.js: LazyLoad javascript library. | ||
319 | rain.tpl.class.php : RainTPL templating library. | ||
320 | tpl/ : RainTPL templates for Shaarli. They are used to build the pages. | ||
321 | images/ : Images and icons used in Shaarli. | ||
322 | data/ : Directory where data is stored (bookmark database, configuration, logs, banlist…) | ||
323 | config.php : Shaarli configuration (login, password, timezone, title…) | ||
324 | datastore.php : Your link database (compressed). | ||
325 | ipban.php : IP address ban system data. | ||
326 | lastupdatecheck.txt : Update check timestamp file (used to check every 24 hours if a new version of Shaarli is available). | ||
327 | log.txt : login/IPban log. | ||
328 | cache/ : Directory containing the thumbnails cache. This directory is automatically created. You can erase it anytime you want. | ||
329 | tmp/ : Temporary directory for compiled RainTPL templates. This directory is automatically created. You can erase it anytime you want. | ||
330 | ``` | ||
331 | |||
332 | ### Why not use a real database ? Files are slow ! | ||
333 | |||
334 | Does browsing [this page](http://sebsauvage.net/links/) feel slow ? Try browsing older pages, too. | ||
335 | |||
336 | It's not slow at all, is it ? And don't forget the database contains more than 16000 links, and it's on a shared host, with 32000 visitors/day for my website alone. And it's still damn fast. Why ? | ||
337 | |||
338 | The data file is only 3.7 Mb. It's read 99% of the time, and is probably already in the operation system disk cache. So generating a page involves no I/O at all most of the time. | ||
339 | |||
340 | # Wiki - TODO | ||
341 | * Translate (new page can be called Home.fr, Home.es ...) and linked from Home | ||
342 | * add more screenshots | ||
343 | * add developer documentation (storage architecture, classes and functions, security handling, ...) | ||
344 | * Contact related projects | ||
345 | * Add a Table of Contents to the wiki (can be added to the sidebar) | ||
346 | |||
347 | ... \ No newline at end of file | ||