diff options
| author | Sébastien SAUVAGE <sebsauvage@sebsauvage.net> | 2013-02-28 10:37:43 +0100 |
|---|---|---|
| committer | Sébastien SAUVAGE <sebsauvage@sebsauvage.net> | 2013-02-28 10:37:43 +0100 |
| commit | f37664a2b87668580577f3262f8e57c1ea8ad8a8 (patch) | |
| tree | e624a4b7691cc4c21ff985bd34ee0b7aadf7a7f4 /index.php | |
| parent | a1f5a6ec17896a7f3042ebfd8aae8c09d41f912d (diff) | |
| download | Shaarli-f37664a2b87668580577f3262f8e57c1ea8ad8a8.tar.gz Shaarli-f37664a2b87668580577f3262f8e57c1ea8ad8a8.tar.zst Shaarli-f37664a2b87668580577f3262f8e57c1ea8ad8a8.zip | |
Check that sessions work before installation.
This is necessary because some hosts do not have a properly set
session.save_path parameter in php config, or do not have write access
to the directory.
Diffstat (limited to 'index.php')
| -rw-r--r-- | index.php | 39 |
1 files changed, 32 insertions, 7 deletions
| @@ -37,6 +37,14 @@ $cookie=session_get_cookie_params(); | |||
| 37 | $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; | 37 | $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; |
| 38 | session_set_cookie_params($cookie['lifetime'],$cookiedir); // Set default cookie expiration and path. | 38 | session_set_cookie_params($cookie['lifetime'],$cookiedir); // Set default cookie expiration and path. |
| 39 | 39 | ||
| 40 | // Set session parameters on server side. | ||
| 41 | define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired. | ||
| 42 | ini_set('session.use_cookies', 1); // Use cookies to store session. | ||
| 43 | ini_set('session.use_only_cookies', 1); // Force cookies for session (phpsessionID forbidden in URL) | ||
| 44 | ini_set('session.use_trans_sid', false); // Prevent php to use sessionID in URL if cookies are disabled. | ||
| 45 | session_name('shaarli'); | ||
| 46 | if (session_id() == '') session_start(); // Start session if needed (Some server auto-start sessions). | ||
| 47 | |||
| 40 | // PHP Settings | 48 | // PHP Settings |
| 41 | ini_set('max_input_time','60'); // High execution time in case of problematic imports/exports. | 49 | ini_set('max_input_time','60'); // High execution time in case of problematic imports/exports. |
| 42 | ini_set('memory_limit', '128M'); // Try to set max upload file size and read (May not work on some hosts). | 50 | ini_set('memory_limit', '128M'); // Try to set max upload file size and read (May not work on some hosts). |
| @@ -89,7 +97,6 @@ if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.htmlspecialch | |||
| 89 | if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get(); | 97 | if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get(); |
| 90 | if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false; | 98 | if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false; |
| 91 | 99 | ||
| 92 | |||
| 93 | autoLocale(); // Sniff browser language and set date format accordingly. | 100 | autoLocale(); // Sniff browser language and set date format accordingly. |
| 94 | header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling. | 101 | header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling. |
| 95 | 102 | ||
| @@ -265,12 +272,6 @@ function pubsubhub() | |||
| 265 | 272 | ||
| 266 | // ------------------------------------------------------------------------------------------ | 273 | // ------------------------------------------------------------------------------------------ |
| 267 | // Session management | 274 | // Session management |
| 268 | define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired. | ||
| 269 | ini_set('session.use_cookies', 1); // Use cookies to store session. | ||
| 270 | ini_set('session.use_only_cookies', 1); // Force cookies for session (phpsessionID forbidden in URL) | ||
| 271 | ini_set('session.use_trans_sid', false); // Prevent php to use sessionID in URL if cookies are disabled. | ||
| 272 | session_name('shaarli'); | ||
| 273 | session_start(); | ||
| 274 | 275 | ||
| 275 | // Returns the IP address of the client (Used to prevent session cookie hijacking.) | 276 | // Returns the IP address of the client (Used to prevent session cookie hijacking.) |
| 276 | function allIPs() | 277 | function allIPs() |
| @@ -303,6 +304,8 @@ function check_auth($login,$password) | |||
| 303 | function isLoggedIn() | 304 | function isLoggedIn() |
| 304 | { | 305 | { |
| 305 | if ($GLOBALS['config']['OPEN_SHAARLI']) return true; | 306 | if ($GLOBALS['config']['OPEN_SHAARLI']) return true; |
| 307 | |||
| 308 | if (!isset($GLOBALS['login'])) return false; // Shaarli is not configured yet. | ||
| 306 | 309 | ||
| 307 | // If session does not exist on server side, or IP address has changed, or session has expired, logout. | 310 | // If session does not exist on server side, or IP address has changed, or session has expired, logout. |
| 308 | if (empty($_SESSION['uid']) || ($GLOBALS['disablesessionprotection']==false && $_SESSION['ip']!=allIPs()) || time()>=$_SESSION['expires_on']) | 311 | if (empty($_SESSION['uid']) || ($GLOBALS['disablesessionprotection']==false && $_SESSION['ip']!=allIPs()) || time()>=$_SESSION['expires_on']) |
| @@ -1971,6 +1974,28 @@ function install() | |||
| 1971 | // On free.fr host, make sure the /sessions directory exists, otherwise login will not work. | 1974 | // On free.fr host, make sure the /sessions directory exists, otherwise login will not work. |
| 1972 | if (endsWith($_SERVER['SERVER_NAME'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705); | 1975 | if (endsWith($_SERVER['SERVER_NAME'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705); |
| 1973 | 1976 | ||
| 1977 | |||
| 1978 | // This part makes sure sessions works correctly. | ||
| 1979 | // (Because on some hosts, session.save_path may not be set correctly, | ||
| 1980 | // or we may not have write access to it.) | ||
| 1981 | if (isset($_GET['test_session']) && ( !isset($_SESSION) || !isset($_SESSION['session_tested']) || $_SESSION['session_tested']!='Working')) | ||
| 1982 | { // Step 2: Check if data in session is correct. | ||
| 1983 | echo '<pre>Sessions do not seem to work correctly on your server.<br>'; | ||
| 1984 | echo 'Make sure the variable session.save_path is set correctly in your php config, and that you have write access to it.<br>'; | ||
| 1985 | echo 'It currently points to '.session_save_path().'<br><br><a href="?">Click to try again.</a></pre>'; | ||
| 1986 | die; | ||
| 1987 | } | ||
| 1988 | if (!isset($_SESSION['session_tested'])) | ||
| 1989 | { // Step 1 : Try to store data in session and reload page. | ||
| 1990 | $_SESSION['session_tested'] = 'Working'; // Try to set a variable in session. | ||
| 1991 | header('Location: '.indexUrl().'?test_session'); // Redirect to check stored data. | ||
| 1992 | } | ||
| 1993 | if (isset($_GET['test_session'])) | ||
| 1994 | { // Step 3: Sessions are ok. Remove test parameter from URL. | ||
| 1995 | header('Location: '.indexUrl()); | ||
| 1996 | } | ||
| 1997 | |||
| 1998 | |||
| 1974 | if (!empty($_POST['setlogin']) && !empty($_POST['setpassword'])) | 1999 | if (!empty($_POST['setlogin']) && !empty($_POST['setpassword'])) |
| 1975 | { | 2000 | { |
| 1976 | $tz = 'UTC'; | 2001 | $tz = 'UTC'; |