diff options
author | Arthur <arthur@hoa.ro> | 2016-07-09 07:19:48 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-07-09 07:19:48 +0200 |
commit | 649af5b501d2a90448242f53764ff693e9854039 (patch) | |
tree | 23cde80a7ee2949e552c48939ae22fa462cfa0fc /index.php | |
parent | a9cfa38df92bd2e1e2c00a67b6ac1516a2116ade (diff) | |
parent | 5ff23f02b80ec6ddee28dee869171ee8e3656b7c (diff) | |
download | Shaarli-649af5b501d2a90448242f53764ff693e9854039.tar.gz Shaarli-649af5b501d2a90448242f53764ff693e9854039.tar.zst Shaarli-649af5b501d2a90448242f53764ff693e9854039.zip |
Merge pull request #570 from ArthurHoaro/config-manager
Introduce a configuration manager
Diffstat (limited to 'index.php')
-rw-r--r-- | index.php | 703 |
1 files changed, 353 insertions, 350 deletions
@@ -22,114 +22,13 @@ if (date_default_timezone_get() == '') { | |||
22 | date_default_timezone_set('UTC'); | 22 | date_default_timezone_set('UTC'); |
23 | } | 23 | } |
24 | 24 | ||
25 | /* ----------------------------------------------------------------------------- | ||
26 | * Hardcoded parameters | ||
27 | * You should not touch any code below (or at your own risks!) | ||
28 | * (These parameters can be overwritten by editing the file /data/config.php) | ||
29 | * ----------------------------------------------------------------------------- | ||
30 | */ | ||
31 | |||
32 | /* | ||
33 | * Shaarli directories & configuration files | ||
34 | */ | ||
35 | // Data subdirectory | ||
36 | $GLOBALS['config']['DATADIR'] = 'data'; | ||
37 | |||
38 | // Main configuration file | ||
39 | $GLOBALS['config']['CONFIG_FILE'] = $GLOBALS['config']['DATADIR'].'/config.php'; | ||
40 | |||
41 | // Link datastore | ||
42 | $GLOBALS['config']['DATASTORE'] = $GLOBALS['config']['DATADIR'].'/datastore.php'; | ||
43 | |||
44 | // Banned IPs | ||
45 | $GLOBALS['config']['IPBANS_FILENAME'] = $GLOBALS['config']['DATADIR'].'/ipbans.php'; | ||
46 | |||
47 | // Processed updates file. | ||
48 | $GLOBALS['config']['UPDATES_FILE'] = $GLOBALS['config']['DATADIR'].'/updates.txt'; | ||
49 | |||
50 | // Access log | ||
51 | $GLOBALS['config']['LOG_FILE'] = $GLOBALS['config']['DATADIR'].'/log.txt'; | ||
52 | |||
53 | // For updates check of Shaarli | ||
54 | $GLOBALS['config']['UPDATECHECK_FILENAME'] = $GLOBALS['config']['DATADIR'].'/lastupdatecheck.txt'; | ||
55 | |||
56 | // Set ENABLE_UPDATECHECK to disabled by default. | ||
57 | $GLOBALS['config']['ENABLE_UPDATECHECK'] = false; | ||
58 | |||
59 | // RainTPL cache directory (keep the trailing slash!) | ||
60 | $GLOBALS['config']['RAINTPL_TMP'] = 'tmp/'; | ||
61 | // Raintpl template directory (keep the trailing slash!) | ||
62 | $GLOBALS['config']['RAINTPL_TPL'] = 'tpl/'; | ||
63 | |||
64 | // Thumbnail cache directory | ||
65 | $GLOBALS['config']['CACHEDIR'] = 'cache'; | ||
66 | |||
67 | // Atom & RSS feed cache directory | ||
68 | $GLOBALS['config']['PAGECACHE'] = 'pagecache'; | ||
69 | |||
70 | /* | ||
71 | * Global configuration | ||
72 | */ | ||
73 | // Ban IP after this many failures | ||
74 | $GLOBALS['config']['BAN_AFTER'] = 4; | ||
75 | // Ban duration for IP address after login failures (in seconds) | ||
76 | $GLOBALS['config']['BAN_DURATION'] = 1800; | ||
77 | |||
78 | // Feed options | ||
79 | // Enable RSS permalinks by default. | ||
80 | // This corresponds to the default behavior of shaarli before this was added as an option. | ||
81 | $GLOBALS['config']['ENABLE_RSS_PERMALINKS'] = true; | ||
82 | // If true, an extra "ATOM feed" button will be displayed in the toolbar | ||
83 | $GLOBALS['config']['SHOW_ATOM'] = false; | ||
84 | |||
85 | // Link display options | ||
86 | $GLOBALS['config']['HIDE_PUBLIC_LINKS'] = false; | ||
87 | $GLOBALS['config']['HIDE_TIMESTAMPS'] = false; | ||
88 | $GLOBALS['config']['LINKS_PER_PAGE'] = 20; | ||
89 | |||
90 | // Open Shaarli (true): anyone can add/edit/delete links without having to login | ||
91 | $GLOBALS['config']['OPEN_SHAARLI'] = false; | ||
92 | |||
93 | // Thumbnails | ||
94 | // Display thumbnails in links | ||
95 | $GLOBALS['config']['ENABLE_THUMBNAILS'] = true; | ||
96 | // Store thumbnails in a local cache | ||
97 | $GLOBALS['config']['ENABLE_LOCALCACHE'] = true; | ||
98 | |||
99 | // Update check frequency for Shaarli. 86400 seconds=24 hours | ||
100 | $GLOBALS['config']['UPDATECHECK_BRANCH'] = 'stable'; | ||
101 | $GLOBALS['config']['UPDATECHECK_INTERVAL'] = 86400; | ||
102 | |||
103 | $GLOBALS['config']['REDIRECTOR_URLENCODE'] = true; | ||
104 | |||
105 | /* | ||
106 | * Plugin configuration | ||
107 | * | ||
108 | * Warning: order matters! | ||
109 | * | ||
110 | * These settings may be be overriden in: | ||
111 | * - data/config.php | ||
112 | * - each plugin's configuration file | ||
113 | */ | ||
114 | //$GLOBALS['config']['ENABLED_PLUGINS'] = array( | ||
115 | // 'qrcode', 'archiveorg', 'readityourself', 'demo_plugin', 'playvideos', | ||
116 | // 'wallabag', 'markdown', 'addlink_toolbar', | ||
117 | //); | ||
118 | $GLOBALS['config']['ENABLED_PLUGINS'] = array('qrcode'); | ||
119 | |||
120 | // Initialize plugin parameters array. | ||
121 | $GLOBALS['plugins'] = array(); | ||
122 | |||
123 | // PubSubHubbub support. Put an empty string to disable, or put your hub url here to enable. | ||
124 | $GLOBALS['config']['PUBSUBHUB_URL'] = ''; | ||
125 | |||
126 | /* | 25 | /* |
127 | * PHP configuration | 26 | * PHP configuration |
128 | */ | 27 | */ |
129 | define('shaarli_version', '0.7.0'); | 28 | define('shaarli_version', '0.7.0'); |
130 | 29 | ||
131 | // http://server.com/x/shaarli --> /shaarli/ | 30 | // http://server.com/x/shaarli --> /shaarli/ |
132 | define('WEB_PATH', substr($_SERVER["REQUEST_URI"], 0, 1+strrpos($_SERVER["REQUEST_URI"], '/', 0))); | 31 | define('WEB_PATH', substr($_SERVER['REQUEST_URI'], 0, 1+strrpos($_SERVER['REQUEST_URI'], '/', 0))); |
133 | 32 | ||
134 | // High execution time in case of problematic imports/exports. | 33 | // High execution time in case of problematic imports/exports. |
135 | ini_set('max_input_time','60'); | 34 | ini_set('max_input_time','60'); |
@@ -144,17 +43,13 @@ error_reporting(E_ALL^E_WARNING); | |||
144 | // See all errors (for debugging only) | 43 | // See all errors (for debugging only) |
145 | //error_reporting(-1); | 44 | //error_reporting(-1); |
146 | 45 | ||
147 | /* | ||
148 | * User configuration | ||
149 | */ | ||
150 | if (is_file($GLOBALS['config']['CONFIG_FILE'])) { | ||
151 | require_once $GLOBALS['config']['CONFIG_FILE']; | ||
152 | } | ||
153 | 46 | ||
154 | // Shaarli library | 47 | // Shaarli library |
155 | require_once 'application/ApplicationUtils.php'; | 48 | require_once 'application/ApplicationUtils.php'; |
156 | require_once 'application/Cache.php'; | 49 | require_once 'application/Cache.php'; |
157 | require_once 'application/CachedPage.php'; | 50 | require_once 'application/CachedPage.php'; |
51 | require_once 'application/config/ConfigManager.php'; | ||
52 | require_once 'application/config/ConfigPlugin.php'; | ||
158 | require_once 'application/FeedBuilder.php'; | 53 | require_once 'application/FeedBuilder.php'; |
159 | require_once 'application/FileUtils.php'; | 54 | require_once 'application/FileUtils.php'; |
160 | require_once 'application/HttpUtils.php'; | 55 | require_once 'application/HttpUtils.php'; |
@@ -166,10 +61,10 @@ require_once 'application/PageBuilder.php'; | |||
166 | require_once 'application/TimeZone.php'; | 61 | require_once 'application/TimeZone.php'; |
167 | require_once 'application/Url.php'; | 62 | require_once 'application/Url.php'; |
168 | require_once 'application/Utils.php'; | 63 | require_once 'application/Utils.php'; |
169 | require_once 'application/Config.php'; | ||
170 | require_once 'application/PluginManager.php'; | 64 | require_once 'application/PluginManager.php'; |
171 | require_once 'application/Router.php'; | 65 | require_once 'application/Router.php'; |
172 | require_once 'application/Updater.php'; | 66 | require_once 'application/Updater.php'; |
67 | require_once 'inc/rain.tpl.class.php'; | ||
173 | 68 | ||
174 | // Ensure the PHP version is supported | 69 | // Ensure the PHP version is supported |
175 | try { | 70 | try { |
@@ -210,15 +105,18 @@ if (isset($_COOKIE['shaarli']) && !is_session_id_valid($_COOKIE['shaarli'])) { | |||
210 | $_COOKIE['shaarli'] = session_id(); | 105 | $_COOKIE['shaarli'] = session_id(); |
211 | } | 106 | } |
212 | 107 | ||
213 | include "inc/rain.tpl.class.php"; //include Rain TPL | 108 | $conf = new ConfigManager(); |
214 | raintpl::$tpl_dir = $GLOBALS['config']['RAINTPL_TPL']; // template directory | 109 | $conf->setEmpty('general.timezone', date_default_timezone_get()); |
215 | raintpl::$cache_dir = $GLOBALS['config']['RAINTPL_TMP']; // cache directory | 110 | $conf->setEmpty('general.title', 'Shared links on '. escape(index_url($_SERVER))); |
111 | RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl'); // template directory | ||
112 | RainTPL::$cache_dir = $conf->get('resource.raintpl_tmp'); // cache directory | ||
216 | 113 | ||
217 | $pluginManager = PluginManager::getInstance(); | 114 | $pluginManager = new PluginManager($conf); |
218 | $pluginManager->load($GLOBALS['config']['ENABLED_PLUGINS']); | 115 | $pluginManager->load($conf->get('general.enabled_plugins')); |
219 | 116 | ||
220 | ob_start(); // Output buffering for the page cache. | 117 | date_default_timezone_set($conf->get('general.timezone', 'UTC')); |
221 | 118 | ||
119 | ob_start(); // Output buffering for the page cache. | ||
222 | 120 | ||
223 | // In case stupid admin has left magic_quotes enabled in php.ini: | 121 | // In case stupid admin has left magic_quotes enabled in php.ini: |
224 | if (get_magic_quotes_gpc()) | 122 | if (get_magic_quotes_gpc()) |
@@ -235,18 +133,9 @@ header("Cache-Control: no-store, no-cache, must-revalidate"); | |||
235 | header("Cache-Control: post-check=0, pre-check=0", false); | 133 | header("Cache-Control: post-check=0, pre-check=0", false); |
236 | header("Pragma: no-cache"); | 134 | header("Pragma: no-cache"); |
237 | 135 | ||
238 | // Handling of old config file which do not have the new parameters. | 136 | if (! is_file($conf->getConfigFileExt())) { |
239 | if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.escape(index_url($_SERVER)); | ||
240 | if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get(); | ||
241 | if (empty($GLOBALS['redirector'])) $GLOBALS['redirector']=''; | ||
242 | if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false; | ||
243 | if (empty($GLOBALS['privateLinkByDefault'])) $GLOBALS['privateLinkByDefault']=false; | ||
244 | if (empty($GLOBALS['titleLink'])) $GLOBALS['titleLink']='?'; | ||
245 | // I really need to rewrite Shaarli with a proper configuation manager. | ||
246 | |||
247 | if (! is_file($GLOBALS['config']['CONFIG_FILE'])) { | ||
248 | // Ensure Shaarli has proper access to its resources | 137 | // Ensure Shaarli has proper access to its resources |
249 | $errors = ApplicationUtils::checkResourcePermissions($GLOBALS['config']); | 138 | $errors = ApplicationUtils::checkResourcePermissions($conf); |
250 | 139 | ||
251 | if ($errors != array()) { | 140 | if ($errors != array()) { |
252 | $message = '<p>Insufficient permissions:</p><ul>'; | 141 | $message = '<p>Insufficient permissions:</p><ul>'; |
@@ -262,15 +151,11 @@ if (! is_file($GLOBALS['config']['CONFIG_FILE'])) { | |||
262 | } | 151 | } |
263 | 152 | ||
264 | // Display the installation form if no existing config is found | 153 | // Display the installation form if no existing config is found |
265 | install(); | 154 | install($conf); |
266 | } | 155 | } |
267 | 156 | ||
268 | $GLOBALS['title'] = !empty($GLOBALS['title']) ? escape($GLOBALS['title']) : ''; | ||
269 | $GLOBALS['titleLink'] = !empty($GLOBALS['titleLink']) ? escape($GLOBALS['titleLink']) : ''; | ||
270 | $GLOBALS['redirector'] = !empty($GLOBALS['redirector']) ? escape($GLOBALS['redirector']) : ''; | ||
271 | |||
272 | // a token depending of deployment salt, user password, and the current ip | 157 | // a token depending of deployment salt, user password, and the current ip |
273 | define('STAY_SIGNED_IN_TOKEN', sha1($GLOBALS['hash'].$_SERVER["REMOTE_ADDR"].$GLOBALS['salt'])); | 158 | define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt'))); |
274 | 159 | ||
275 | // Sniff browser language and set date format accordingly. | 160 | // Sniff browser language and set date format accordingly. |
276 | if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { | 161 | if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { |
@@ -278,17 +163,21 @@ if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { | |||
278 | } | 163 | } |
279 | header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling. | 164 | header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling. |
280 | 165 | ||
281 | //================================================================================================== | 166 | /** |
282 | // Checking session state (i.e. is the user still logged in) | 167 | * Checking session state (i.e. is the user still logged in) |
283 | //================================================================================================== | 168 | * |
284 | 169 | * @param ConfigManager $conf The configuration manager. | |
285 | function setup_login_state() { | 170 | * |
286 | if ($GLOBALS['config']['OPEN_SHAARLI']) { | 171 | * @return bool: true if the user is logged in, false otherwise. |
172 | */ | ||
173 | function setup_login_state($conf) | ||
174 | { | ||
175 | if ($conf->get('security.open_shaarli')) { | ||
287 | return true; | 176 | return true; |
288 | } | 177 | } |
289 | $userIsLoggedIn = false; // By default, we do not consider the user as logged in; | 178 | $userIsLoggedIn = false; // By default, we do not consider the user as logged in; |
290 | $loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met. | 179 | $loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met. |
291 | if (!isset($GLOBALS['login'])) { | 180 | if (! $conf->exists('credentials.login')) { |
292 | $userIsLoggedIn = false; // Shaarli is not configured yet. | 181 | $userIsLoggedIn = false; // Shaarli is not configured yet. |
293 | $loginFailure = true; | 182 | $loginFailure = true; |
294 | } | 183 | } |
@@ -296,13 +185,13 @@ function setup_login_state() { | |||
296 | $_COOKIE['shaarli_staySignedIn']===STAY_SIGNED_IN_TOKEN && | 185 | $_COOKIE['shaarli_staySignedIn']===STAY_SIGNED_IN_TOKEN && |
297 | !$loginFailure) | 186 | !$loginFailure) |
298 | { | 187 | { |
299 | fillSessionInfo(); | 188 | fillSessionInfo($conf); |
300 | $userIsLoggedIn = true; | 189 | $userIsLoggedIn = true; |
301 | } | 190 | } |
302 | // If session does not exist on server side, or IP address has changed, or session has expired, logout. | 191 | // If session does not exist on server side, or IP address has changed, or session has expired, logout. |
303 | if (empty($_SESSION['uid']) || | 192 | if (empty($_SESSION['uid']) |
304 | ($GLOBALS['disablesessionprotection']==false && $_SESSION['ip']!=allIPs()) || | 193 | || ($conf->get('security.session_protection_disabled') == false && $_SESSION['ip'] != allIPs()) |
305 | time() >= $_SESSION['expires_on']) | 194 | || time() >= $_SESSION['expires_on']) |
306 | { | 195 | { |
307 | logout(); | 196 | logout(); |
308 | $userIsLoggedIn = false; | 197 | $userIsLoggedIn = false; |
@@ -320,22 +209,26 @@ function setup_login_state() { | |||
320 | 209 | ||
321 | return $userIsLoggedIn; | 210 | return $userIsLoggedIn; |
322 | } | 211 | } |
323 | $userIsLoggedIn = setup_login_state(); | 212 | $userIsLoggedIn = setup_login_state($conf); |
324 | 213 | ||
325 | // ------------------------------------------------------------------------------------------ | 214 | /** |
326 | // PubSubHubbub protocol support (if enabled) [UNTESTED] | 215 | * PubSubHubbub protocol support (if enabled) [UNTESTED] |
327 | // (Source: http://aldarone.fr/les-flux-rss-shaarli-et-pubsubhubbub/ ) | 216 | * (Source: http://aldarone.fr/les-flux-rss-shaarli-et-pubsubhubbub/ ) |
328 | if (!empty($GLOBALS['config']['PUBSUBHUB_URL'])) include './publisher.php'; | 217 | * |
329 | function pubsubhub() | 218 | * @param ConfigManager $conf Configuration Manager instance. |
219 | */ | ||
220 | function pubsubhub($conf) | ||
330 | { | 221 | { |
331 | if (!empty($GLOBALS['config']['PUBSUBHUB_URL'])) | 222 | $pshUrl = $conf->get('config.PUBSUBHUB_URL'); |
223 | if (!empty($pshUrl)) | ||
332 | { | 224 | { |
333 | $p = new Publisher($GLOBALS['config']['PUBSUBHUB_URL']); | 225 | include_once './publisher.php'; |
334 | $topic_url = array ( | 226 | $p = new Publisher($pshUrl); |
335 | index_url($_SERVER).'?do=atom', | 227 | $topic_url = array ( |
336 | index_url($_SERVER).'?do=rss' | 228 | index_url($_SERVER).'?do=atom', |
337 | ); | 229 | index_url($_SERVER).'?do=rss' |
338 | $p->publish_update($topic_url); | 230 | ); |
231 | $p->publish_update($topic_url); | ||
339 | } | 232 | } |
340 | } | 233 | } |
341 | 234 | ||
@@ -345,32 +238,46 @@ function pubsubhub() | |||
345 | // Returns the IP address of the client (Used to prevent session cookie hijacking.) | 238 | // Returns the IP address of the client (Used to prevent session cookie hijacking.) |
346 | function allIPs() | 239 | function allIPs() |
347 | { | 240 | { |
348 | $ip = $_SERVER["REMOTE_ADDR"]; | 241 | $ip = $_SERVER['REMOTE_ADDR']; |
349 | // Then we use more HTTP headers to prevent session hijacking from users behind the same proxy. | 242 | // Then we use more HTTP headers to prevent session hijacking from users behind the same proxy. |
350 | if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip=$ip.'_'.$_SERVER['HTTP_X_FORWARDED_FOR']; } | 243 | if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip=$ip.'_'.$_SERVER['HTTP_X_FORWARDED_FOR']; } |
351 | if (isset($_SERVER['HTTP_CLIENT_IP'])) { $ip=$ip.'_'.$_SERVER['HTTP_CLIENT_IP']; } | 244 | if (isset($_SERVER['HTTP_CLIENT_IP'])) { $ip=$ip.'_'.$_SERVER['HTTP_CLIENT_IP']; } |
352 | return $ip; | 245 | return $ip; |
353 | } | 246 | } |
354 | 247 | ||
355 | function fillSessionInfo() { | 248 | /** |
249 | * Load user session. | ||
250 | * | ||
251 | * @param ConfigManager $conf Configuration Manager instance. | ||
252 | */ | ||
253 | function fillSessionInfo($conf) | ||
254 | { | ||
356 | $_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand()); // Generate unique random number (different than phpsessionid) | 255 | $_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand()); // Generate unique random number (different than phpsessionid) |
357 | $_SESSION['ip']=allIPs(); // We store IP address(es) of the client to make sure session is not hijacked. | 256 | $_SESSION['ip']=allIPs(); // We store IP address(es) of the client to make sure session is not hijacked. |
358 | $_SESSION['username']=$GLOBALS['login']; | 257 | $_SESSION['username']= $conf->get('credentials.login'); |
359 | $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Set session expiration. | 258 | $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Set session expiration. |
360 | } | 259 | } |
361 | 260 | ||
362 | // Check that user/password is correct. | 261 | /** |
363 | function check_auth($login,$password) | 262 | * Check that user/password is correct. |
263 | * | ||
264 | * @param string $login Username | ||
265 | * @param string $password User password | ||
266 | * @param ConfigManager $conf Configuration Manager instance. | ||
267 | * | ||
268 | * @return bool: authentication successful or not. | ||
269 | */ | ||
270 | function check_auth($login, $password, $conf) | ||
364 | { | 271 | { |
365 | $hash = sha1($password.$login.$GLOBALS['salt']); | 272 | $hash = sha1($password . $login . $conf->get('credentials.salt')); |
366 | if ($login==$GLOBALS['login'] && $hash==$GLOBALS['hash']) | 273 | if ($login == $conf->get('credentials.login') && $hash == $conf->get('credentials.hash')) |
367 | { // Login/password is correct. | 274 | { // Login/password is correct. |
368 | fillSessionInfo(); | 275 | fillSessionInfo($conf); |
369 | logm($GLOBALS['config']['LOG_FILE'], $_SERVER['REMOTE_ADDR'], 'Login successful'); | 276 | logm($conf->get('resource.log'), $_SERVER['REMOTE_ADDR'], 'Login successful'); |
370 | return True; | 277 | return true; |
371 | } | 278 | } |
372 | logm($GLOBALS['config']['LOG_FILE'], $_SERVER['REMOTE_ADDR'], 'Login failed for user '.$login); | 279 | logm($conf->get('resource.log'), $_SERVER['REMOTE_ADDR'], 'Login failed for user '.$login); |
373 | return False; | 280 | return false; |
374 | } | 281 | } |
375 | 282 | ||
376 | // Returns true if the user is logged in. | 283 | // Returns true if the user is logged in. |
@@ -395,34 +302,62 @@ function logout() { | |||
395 | // ------------------------------------------------------------------------------------------ | 302 | // ------------------------------------------------------------------------------------------ |
396 | // Brute force protection system | 303 | // Brute force protection system |
397 | // Several consecutive failed logins will ban the IP address for 30 minutes. | 304 | // Several consecutive failed logins will ban the IP address for 30 minutes. |
398 | if (!is_file($GLOBALS['config']['IPBANS_FILENAME'])) file_put_contents($GLOBALS['config']['IPBANS_FILENAME'], "<?php\n\$GLOBALS['IPBANS']=".var_export(array('FAILURES'=>array(),'BANS'=>array()),true).";\n?>"); | 305 | if (!is_file($conf->get('resource.ban_file', 'data/ipbans.php'))) { |
399 | include $GLOBALS['config']['IPBANS_FILENAME']; | 306 | // FIXME! globals |
400 | // Signal a failed login. Will ban the IP if too many failures: | 307 | file_put_contents( |
401 | function ban_loginFailed() | 308 | $conf->get('resource.ban_file', 'data/ipbans.php'), |
309 | "<?php\n\$GLOBALS['IPBANS']=".var_export(array('FAILURES'=>array(),'BANS'=>array()),true).";\n?>" | ||
310 | ); | ||
311 | } | ||
312 | include $conf->get('resource.ban_file', 'data/ipbans.php'); | ||
313 | /** | ||
314 | * Signal a failed login. Will ban the IP if too many failures: | ||
315 | * | ||
316 | * @param ConfigManager $conf Configuration Manager instance. | ||
317 | */ | ||
318 | function ban_loginFailed($conf) | ||
402 | { | 319 | { |
403 | $ip=$_SERVER["REMOTE_ADDR"]; $gb=$GLOBALS['IPBANS']; | 320 | $ip = $_SERVER['REMOTE_ADDR']; |
321 | $gb = $GLOBALS['IPBANS']; | ||
404 | if (!isset($gb['FAILURES'][$ip])) $gb['FAILURES'][$ip]=0; | 322 | if (!isset($gb['FAILURES'][$ip])) $gb['FAILURES'][$ip]=0; |
405 | $gb['FAILURES'][$ip]++; | 323 | $gb['FAILURES'][$ip]++; |
406 | if ($gb['FAILURES'][$ip]>($GLOBALS['config']['BAN_AFTER']-1)) | 324 | if ($gb['FAILURES'][$ip] > ($conf->get('security.ban_after') - 1)) |
407 | { | 325 | { |
408 | $gb['BANS'][$ip]=time()+$GLOBALS['config']['BAN_DURATION']; | 326 | $gb['BANS'][$ip] = time() + $conf->get('security.ban_after', 1800); |
409 | logm($GLOBALS['config']['LOG_FILE'], $_SERVER['REMOTE_ADDR'], 'IP address banned from login'); | 327 | logm($conf->get('resource.log'), $_SERVER['REMOTE_ADDR'], 'IP address banned from login'); |
410 | } | 328 | } |
411 | $GLOBALS['IPBANS'] = $gb; | 329 | $GLOBALS['IPBANS'] = $gb; |
412 | file_put_contents($GLOBALS['config']['IPBANS_FILENAME'], "<?php\n\$GLOBALS['IPBANS']=".var_export($gb,true).";\n?>"); | 330 | file_put_contents( |
331 | $conf->get('resource.ban_file', 'data/ipbans.php'), | ||
332 | "<?php\n\$GLOBALS['IPBANS']=".var_export($gb,true).";\n?>" | ||
333 | ); | ||
413 | } | 334 | } |
414 | 335 | ||
415 | // Signals a successful login. Resets failed login counter. | 336 | /** |
416 | function ban_loginOk() | 337 | * Signals a successful login. Resets failed login counter. |
338 | * | ||
339 | * @param ConfigManager $conf Configuration Manager instance. | ||
340 | */ | ||
341 | function ban_loginOk($conf) | ||
417 | { | 342 | { |
418 | $ip=$_SERVER["REMOTE_ADDR"]; $gb=$GLOBALS['IPBANS']; | 343 | $ip = $_SERVER['REMOTE_ADDR']; |
344 | $gb = $GLOBALS['IPBANS']; | ||
419 | unset($gb['FAILURES'][$ip]); unset($gb['BANS'][$ip]); | 345 | unset($gb['FAILURES'][$ip]); unset($gb['BANS'][$ip]); |
420 | $GLOBALS['IPBANS'] = $gb; | 346 | $GLOBALS['IPBANS'] = $gb; |
421 | file_put_contents($GLOBALS['config']['IPBANS_FILENAME'], "<?php\n\$GLOBALS['IPBANS']=".var_export($gb,true).";\n?>"); | 347 | file_put_contents( |
348 | $conf->get('resource.ban_file', 'data/ipbans.php'), | ||
349 | "<?php\n\$GLOBALS['IPBANS']=".var_export($gb,true).";\n?>" | ||
350 | ); | ||
422 | } | 351 | } |
423 | 352 | ||
424 | // Checks if the user CAN login. If 'true', the user can try to login. | 353 | /** |
425 | function ban_canLogin() | 354 | * Checks if the user CAN login. If 'true', the user can try to login. |
355 | * | ||
356 | * @param ConfigManager $conf Configuration Manager instance. | ||
357 | * | ||
358 | * @return bool: true if the user is allowed to login. | ||
359 | */ | ||
360 | function ban_canLogin($conf) | ||
426 | { | 361 | { |
427 | $ip=$_SERVER["REMOTE_ADDR"]; $gb=$GLOBALS['IPBANS']; | 362 | $ip=$_SERVER["REMOTE_ADDR"]; $gb=$GLOBALS['IPBANS']; |
428 | if (isset($gb['BANS'][$ip])) | 363 | if (isset($gb['BANS'][$ip])) |
@@ -430,9 +365,12 @@ function ban_canLogin() | |||
430 | // User is banned. Check if the ban has expired: | 365 | // User is banned. Check if the ban has expired: |
431 | if ($gb['BANS'][$ip]<=time()) | 366 | if ($gb['BANS'][$ip]<=time()) |
432 | { // Ban expired, user can try to login again. | 367 | { // Ban expired, user can try to login again. |
433 | logm($GLOBALS['config']['LOG_FILE'], $_SERVER['REMOTE_ADDR'], 'Ban lifted.'); | 368 | logm($conf->get('resource.log'), $_SERVER['REMOTE_ADDR'], 'Ban lifted.'); |
434 | unset($gb['FAILURES'][$ip]); unset($gb['BANS'][$ip]); | 369 | unset($gb['FAILURES'][$ip]); unset($gb['BANS'][$ip]); |
435 | file_put_contents($GLOBALS['config']['IPBANS_FILENAME'], "<?php\n\$GLOBALS['IPBANS']=".var_export($gb,true).";\n?>"); | 370 | file_put_contents( |
371 | $conf->get('resource.ban_file', 'data/ipbans.php'), | ||
372 | "<?php\n\$GLOBALS['IPBANS']=".var_export($gb,true).";\n?>" | ||
373 | ); | ||
436 | return true; // Ban has expired, user can login. | 374 | return true; // Ban has expired, user can login. |
437 | } | 375 | } |
438 | return false; // User is banned. | 376 | return false; // User is banned. |
@@ -444,10 +382,12 @@ function ban_canLogin() | |||
444 | // Process login form: Check if login/password is correct. | 382 | // Process login form: Check if login/password is correct. |
445 | if (isset($_POST['login'])) | 383 | if (isset($_POST['login'])) |
446 | { | 384 | { |
447 | if (!ban_canLogin()) die('I said: NO. You are banned for the moment. Go away.'); | 385 | if (!ban_canLogin($conf)) die('I said: NO. You are banned for the moment. Go away.'); |
448 | if (isset($_POST['password']) && tokenOk($_POST['token']) && (check_auth($_POST['login'], $_POST['password']))) | 386 | if (isset($_POST['password']) |
449 | { // Login/password is OK. | 387 | && tokenOk($_POST['token']) |
450 | ban_loginOk(); | 388 | && (check_auth($_POST['login'], $_POST['password'], $conf)) |
389 | ) { // Login/password is OK. | ||
390 | ban_loginOk($conf); | ||
451 | // If user wants to keep the session cookie even after the browser closes: | 391 | // If user wants to keep the session cookie even after the browser closes: |
452 | if (!empty($_POST['longlastingsession'])) | 392 | if (!empty($_POST['longlastingsession'])) |
453 | { | 393 | { |
@@ -495,7 +435,7 @@ if (isset($_POST['login'])) | |||
495 | } | 435 | } |
496 | else | 436 | else |
497 | { | 437 | { |
498 | ban_loginFailed(); | 438 | ban_loginFailed($conf); |
499 | $redir = '&username='. $_POST['login']; | 439 | $redir = '&username='. $_POST['login']; |
500 | if (isset($_GET['post'])) { | 440 | if (isset($_GET['post'])) { |
501 | $redir .= '&post=' . urlencode($_GET['post']); | 441 | $redir .= '&post=' . urlencode($_GET['post']); |
@@ -543,10 +483,16 @@ function getMaxFileSize() | |||
543 | // Token should be used in any form which acts on data (create,update,delete,import...). | 483 | // Token should be used in any form which acts on data (create,update,delete,import...). |
544 | if (!isset($_SESSION['tokens'])) $_SESSION['tokens']=array(); // Token are attached to the session. | 484 | if (!isset($_SESSION['tokens'])) $_SESSION['tokens']=array(); // Token are attached to the session. |
545 | 485 | ||
546 | // Returns a token. | 486 | /** |
547 | function getToken() | 487 | * Returns a token. |
488 | * | ||
489 | * @param ConfigManager $conf Configuration Manager instance. | ||
490 | * | ||
491 | * @return string token. | ||
492 | */ | ||
493 | function getToken($conf) | ||
548 | { | 494 | { |
549 | $rnd = sha1(uniqid('',true).'_'.mt_rand().$GLOBALS['salt']); // We generate a random string. | 495 | $rnd = sha1(uniqid('', true) .'_'. mt_rand() . $conf->get('credentials.salt')); // We generate a random string. |
550 | $_SESSION['tokens'][$rnd]=1; // Store it on the server side. | 496 | $_SESSION['tokens'][$rnd]=1; // Store it on the server side. |
551 | return $rnd; | 497 | return $rnd; |
552 | } | 498 | } |
@@ -563,15 +509,18 @@ function tokenOk($token) | |||
563 | return false; // Wrong token, or already used. | 509 | return false; // Wrong token, or already used. |
564 | } | 510 | } |
565 | 511 | ||
566 | // ------------------------------------------------------------------------------------------ | 512 | /** |
567 | // Daily RSS feed: 1 RSS entry per day giving all the links on that day. | 513 | * Daily RSS feed: 1 RSS entry per day giving all the links on that day. |
568 | // Gives the last 7 days (which have links). | 514 | * Gives the last 7 days (which have links). |
569 | // This RSS feed cannot be filtered. | 515 | * This RSS feed cannot be filtered. |
570 | function showDailyRSS() { | 516 | * |
517 | * @param ConfigManager $conf Configuration Manager instance. | ||
518 | */ | ||
519 | function showDailyRSS($conf) { | ||
571 | // Cache system | 520 | // Cache system |
572 | $query = $_SERVER['QUERY_STRING']; | 521 | $query = $_SERVER['QUERY_STRING']; |
573 | $cache = new CachedPage( | 522 | $cache = new CachedPage( |
574 | $GLOBALS['config']['PAGECACHE'], | 523 | $conf->get('config.PAGE_CACHE'), |
575 | page_url($_SERVER), | 524 | page_url($_SERVER), |
576 | startsWith($query,'do=dailyrss') && !isLoggedIn() | 525 | startsWith($query,'do=dailyrss') && !isLoggedIn() |
577 | ); | 526 | ); |
@@ -584,11 +533,11 @@ function showDailyRSS() { | |||
584 | // If cached was not found (or not usable), then read the database and build the response: | 533 | // If cached was not found (or not usable), then read the database and build the response: |
585 | // Read links from database (and filter private links if used it not logged in). | 534 | // Read links from database (and filter private links if used it not logged in). |
586 | $LINKSDB = new LinkDB( | 535 | $LINKSDB = new LinkDB( |
587 | $GLOBALS['config']['DATASTORE'], | 536 | $conf->get('resource.datastore'), |
588 | isLoggedIn(), | 537 | isLoggedIn(), |
589 | $GLOBALS['config']['HIDE_PUBLIC_LINKS'], | 538 | $conf->get('privacy.hide_public_links'), |
590 | $GLOBALS['redirector'], | 539 | $conf->get('redirector.url'), |
591 | $GLOBALS['config']['REDIRECTOR_URLENCODE'] | 540 | $conf->get('redirector.encode_url') |
592 | ); | 541 | ); |
593 | 542 | ||
594 | /* Some Shaarlies may have very few links, so we need to look | 543 | /* Some Shaarlies may have very few links, so we need to look |
@@ -600,7 +549,7 @@ function showDailyRSS() { | |||
600 | } | 549 | } |
601 | rsort($linkdates); | 550 | rsort($linkdates); |
602 | $nb_of_days = 7; // We take 7 days. | 551 | $nb_of_days = 7; // We take 7 days. |
603 | $today = Date('Ymd'); | 552 | $today = date('Ymd'); |
604 | $days = array(); | 553 | $days = array(); |
605 | 554 | ||
606 | foreach ($linkdates as $linkdate) { | 555 | foreach ($linkdates as $linkdate) { |
@@ -622,7 +571,7 @@ function showDailyRSS() { | |||
622 | $pageaddr = escape(index_url($_SERVER)); | 571 | $pageaddr = escape(index_url($_SERVER)); |
623 | echo '<?xml version="1.0" encoding="UTF-8"?><rss version="2.0">'; | 572 | echo '<?xml version="1.0" encoding="UTF-8"?><rss version="2.0">'; |
624 | echo '<channel>'; | 573 | echo '<channel>'; |
625 | echo '<title>Daily - '. $GLOBALS['title'] . '</title>'; | 574 | echo '<title>Daily - '. $conf->get('general.title') . '</title>'; |
626 | echo '<link>'. $pageaddr .'</link>'; | 575 | echo '<link>'. $pageaddr .'</link>'; |
627 | echo '<description>Daily shared links</description>'; | 576 | echo '<description>Daily shared links</description>'; |
628 | echo '<language>en-en</language>'; | 577 | echo '<language>en-en</language>'; |
@@ -641,8 +590,8 @@ function showDailyRSS() { | |||
641 | // We pre-format some fields for proper output. | 590 | // We pre-format some fields for proper output. |
642 | foreach ($linkdates as $linkdate) { | 591 | foreach ($linkdates as $linkdate) { |
643 | $l = $LINKSDB[$linkdate]; | 592 | $l = $LINKSDB[$linkdate]; |
644 | $l['formatedDescription'] = format_description($l['description'], $GLOBALS['redirector']); | 593 | $l['formatedDescription'] = format_description($l['description'], $conf->get('redirector.url')); |
645 | $l['thumbnail'] = thumbnail($l['url']); | 594 | $l['thumbnail'] = thumbnail($conf, $l['url']); |
646 | $l_date = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $l['linkdate']); | 595 | $l_date = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $l['linkdate']); |
647 | $l['timestamp'] = $l_date->getTimestamp(); | 596 | $l['timestamp'] = $l_date->getTimestamp(); |
648 | if (startsWith($l['url'], '?')) { | 597 | if (startsWith($l['url'], '?')) { |
@@ -653,11 +602,12 @@ function showDailyRSS() { | |||
653 | 602 | ||
654 | // Then build the HTML for this day: | 603 | // Then build the HTML for this day: |
655 | $tpl = new RainTPL; | 604 | $tpl = new RainTPL; |
656 | $tpl->assign('title', $GLOBALS['title']); | 605 | $tpl->assign('title', $conf->get('general.title')); |
657 | $tpl->assign('daydate', $dayDate->getTimestamp()); | 606 | $tpl->assign('daydate', $dayDate->getTimestamp()); |
658 | $tpl->assign('absurl', $absurl); | 607 | $tpl->assign('absurl', $absurl); |
659 | $tpl->assign('links', $links); | 608 | $tpl->assign('links', $links); |
660 | $tpl->assign('rssdate', escape($dayDate->format(DateTime::RSS))); | 609 | $tpl->assign('rssdate', escape($dayDate->format(DateTime::RSS))); |
610 | $tpl->assign('hide_timestamps', $conf->get('privacy.hide_timestamps', false)); | ||
661 | $html = $tpl->draw('dailyrss', $return_string=true); | 611 | $html = $tpl->draw('dailyrss', $return_string=true); |
662 | 612 | ||
663 | echo $html . PHP_EOL; | 613 | echo $html . PHP_EOL; |
@@ -672,12 +622,14 @@ function showDailyRSS() { | |||
672 | /** | 622 | /** |
673 | * Show the 'Daily' page. | 623 | * Show the 'Daily' page. |
674 | * | 624 | * |
675 | * @param PageBuilder $pageBuilder Template engine wrapper. | 625 | * @param PageBuilder $pageBuilder Template engine wrapper. |
676 | * @param LinkDB $LINKSDB LinkDB instance. | 626 | * @param LinkDB $LINKSDB LinkDB instance. |
627 | * @param ConfigManager $conf Configuration Manager instance. | ||
628 | * @param PluginManager $pluginManager Plugin Manager instane. | ||
677 | */ | 629 | */ |
678 | function showDaily($pageBuilder, $LINKSDB) | 630 | function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager) |
679 | { | 631 | { |
680 | $day=Date('Ymd',strtotime('-1 day')); // Yesterday, in format YYYYMMDD. | 632 | $day=date('Ymd',strtotime('-1 day')); // Yesterday, in format YYYYMMDD. |
681 | if (isset($_GET['day'])) $day=$_GET['day']; | 633 | if (isset($_GET['day'])) $day=$_GET['day']; |
682 | 634 | ||
683 | $days = $LINKSDB->days(); | 635 | $days = $LINKSDB->days(); |
@@ -705,8 +657,8 @@ function showDaily($pageBuilder, $LINKSDB) | |||
705 | $taglist = explode(' ',$link['tags']); | 657 | $taglist = explode(' ',$link['tags']); |
706 | uasort($taglist, 'strcasecmp'); | 658 | uasort($taglist, 'strcasecmp'); |
707 | $linksToDisplay[$key]['taglist']=$taglist; | 659 | $linksToDisplay[$key]['taglist']=$taglist; |
708 | $linksToDisplay[$key]['formatedDescription'] = format_description($link['description'], $GLOBALS['redirector']); | 660 | $linksToDisplay[$key]['formatedDescription'] = format_description($link['description'], $conf->get('redirector.url')); |
709 | $linksToDisplay[$key]['thumbnail'] = thumbnail($link['url']); | 661 | $linksToDisplay[$key]['thumbnail'] = thumbnail($conf, $link['url']); |
710 | $date = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $link['linkdate']); | 662 | $date = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $link['linkdate']); |
711 | $linksToDisplay[$key]['timestamp'] = $date->getTimestamp(); | 663 | $linksToDisplay[$key]['timestamp'] = $date->getTimestamp(); |
712 | } | 664 | } |
@@ -741,7 +693,7 @@ function showDaily($pageBuilder, $LINKSDB) | |||
741 | 'previousday' => $previousday, | 693 | 'previousday' => $previousday, |
742 | 'nextday' => $nextday, | 694 | 'nextday' => $nextday, |
743 | ); | 695 | ); |
744 | $pluginManager = PluginManager::getInstance(); | 696 | |
745 | $pluginManager->executeHooks('render_daily', $data, array('loggedin' => isLoggedIn())); | 697 | $pluginManager->executeHooks('render_daily', $data, array('loggedin' => isLoggedIn())); |
746 | 698 | ||
747 | foreach ($data as $key => $value) { | 699 | foreach ($data as $key => $value) { |
@@ -752,36 +704,46 @@ function showDaily($pageBuilder, $LINKSDB) | |||
752 | exit; | 704 | exit; |
753 | } | 705 | } |
754 | 706 | ||
755 | // Renders the linklist | 707 | /** |
756 | function showLinkList($PAGE, $LINKSDB) { | 708 | * Renders the linklist |
757 | buildLinkList($PAGE,$LINKSDB); // Compute list of links to display | 709 | * |
710 | * @param pageBuilder $PAGE pageBuilder instance. | ||
711 | * @param LinkDB $LINKSDB LinkDB instance. | ||
712 | * @param ConfigManager $conf Configuration Manager instance. | ||
713 | * @param PluginManager $pluginManager Plugin Manager instance. | ||
714 | */ | ||
715 | function showLinkList($PAGE, $LINKSDB, $conf, $pluginManager) { | ||
716 | buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager); // Compute list of links to display | ||
758 | $PAGE->renderPage('linklist'); | 717 | $PAGE->renderPage('linklist'); |
759 | } | 718 | } |
760 | 719 | ||
761 | 720 | /** | |
762 | // ------------------------------------------------------------------------------------------ | 721 | * Render HTML page (according to URL parameters and user rights) |
763 | // Render HTML page (according to URL parameters and user rights) | 722 | * |
764 | function renderPage() | 723 | * @param ConfigManager $conf Configuration Manager instance. |
724 | * @param PluginManager $pluginManager Plugin Manager instance, | ||
725 | */ | ||
726 | function renderPage($conf, $pluginManager) | ||
765 | { | 727 | { |
766 | $LINKSDB = new LinkDB( | 728 | $LINKSDB = new LinkDB( |
767 | $GLOBALS['config']['DATASTORE'], | 729 | $conf->get('resource.datastore'), |
768 | isLoggedIn(), | 730 | isLoggedIn(), |
769 | $GLOBALS['config']['HIDE_PUBLIC_LINKS'], | 731 | $conf->get('privacy.hide_public_links'), |
770 | $GLOBALS['redirector'], | 732 | $conf->get('redirector.url'), |
771 | $GLOBALS['config']['REDIRECTOR_URLENCODE'] | 733 | $conf->get('redirector.encode_url') |
772 | ); | 734 | ); |
773 | 735 | ||
774 | $updater = new Updater( | 736 | $updater = new Updater( |
775 | read_updates_file($GLOBALS['config']['UPDATES_FILE']), | 737 | read_updates_file($conf->get('resource.updates')), |
776 | $GLOBALS, | ||
777 | $LINKSDB, | 738 | $LINKSDB, |
739 | $conf, | ||
778 | isLoggedIn() | 740 | isLoggedIn() |
779 | ); | 741 | ); |
780 | try { | 742 | try { |
781 | $newUpdates = $updater->update(); | 743 | $newUpdates = $updater->update(); |
782 | if (! empty($newUpdates)) { | 744 | if (! empty($newUpdates)) { |
783 | write_updates_file( | 745 | write_updates_file( |
784 | $GLOBALS['config']['UPDATES_FILE'], | 746 | $conf->get('resource.updates'), |
785 | $updater->getDoneUpdates() | 747 | $updater->getDoneUpdates() |
786 | ); | 748 | ); |
787 | } | 749 | } |
@@ -790,7 +752,7 @@ function renderPage() | |||
790 | die($e->getMessage()); | 752 | die($e->getMessage()); |
791 | } | 753 | } |
792 | 754 | ||
793 | $PAGE = new PageBuilder(); | 755 | $PAGE = new PageBuilder($conf); |
794 | $PAGE->assign('linkcount', count($LINKSDB)); | 756 | $PAGE->assign('linkcount', count($LINKSDB)); |
795 | $PAGE->assign('privateLinkcount', count_private($LINKSDB)); | 757 | $PAGE->assign('privateLinkcount', count_private($LINKSDB)); |
796 | 758 | ||
@@ -805,7 +767,7 @@ function renderPage() | |||
805 | 'header', | 767 | 'header', |
806 | 'footer', | 768 | 'footer', |
807 | ); | 769 | ); |
808 | $pluginManager = PluginManager::getInstance(); | 770 | |
809 | foreach($common_hooks as $name) { | 771 | foreach($common_hooks as $name) { |
810 | $plugin_data = array(); | 772 | $plugin_data = array(); |
811 | $pluginManager->executeHooks('render_' . $name, $plugin_data, | 773 | $pluginManager->executeHooks('render_' . $name, $plugin_data, |
@@ -820,8 +782,8 @@ function renderPage() | |||
820 | // -------- Display login form. | 782 | // -------- Display login form. |
821 | if ($targetPage == Router::$PAGE_LOGIN) | 783 | if ($targetPage == Router::$PAGE_LOGIN) |
822 | { | 784 | { |
823 | if ($GLOBALS['config']['OPEN_SHAARLI']) { header('Location: ?'); exit; } // No need to login for open Shaarli | 785 | if ($conf->get('security.open_shaarli')) { header('Location: ?'); exit; } // No need to login for open Shaarli |
824 | $token=''; if (ban_canLogin()) $token=getToken(); // Do not waste token generation if not useful. | 786 | $token=''; if (ban_canLogin($conf)) $token=getToken($conf); // Do not waste token generation if not useful. |
825 | $PAGE->assign('token',$token); | 787 | $PAGE->assign('token',$token); |
826 | if (isset($_GET['username'])) { | 788 | if (isset($_GET['username'])) { |
827 | $PAGE->assign('username', escape($_GET['username'])); | 789 | $PAGE->assign('username', escape($_GET['username'])); |
@@ -833,7 +795,7 @@ function renderPage() | |||
833 | // -------- User wants to logout. | 795 | // -------- User wants to logout. |
834 | if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=logout')) | 796 | if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=logout')) |
835 | { | 797 | { |
836 | invalidateCaches($GLOBALS['config']['PAGECACHE']); | 798 | invalidateCaches($conf->get('resource.page_cache')); |
837 | logout(); | 799 | logout(); |
838 | header('Location: ?'); | 800 | header('Location: ?'); |
839 | exit; | 801 | exit; |
@@ -850,7 +812,7 @@ function renderPage() | |||
850 | foreach($links as $link) | 812 | foreach($links as $link) |
851 | { | 813 | { |
852 | $permalink='?'.escape(smallhash($link['linkdate'])); | 814 | $permalink='?'.escape(smallhash($link['linkdate'])); |
853 | $thumb=lazyThumbnail($link['url'],$permalink); | 815 | $thumb=lazyThumbnail($conf, $link['url'],$permalink); |
854 | if ($thumb!='') // Only output links which have a thumbnail. | 816 | if ($thumb!='') // Only output links which have a thumbnail. |
855 | { | 817 | { |
856 | $link['thumbnail']=$thumb; // Thumbnail HTML code. | 818 | $link['thumbnail']=$thumb; // Thumbnail HTML code. |
@@ -922,7 +884,7 @@ function renderPage() | |||
922 | 884 | ||
923 | // Daily page. | 885 | // Daily page. |
924 | if ($targetPage == Router::$PAGE_DAILY) { | 886 | if ($targetPage == Router::$PAGE_DAILY) { |
925 | showDaily($PAGE, $LINKSDB); | 887 | showDaily($PAGE, $LINKSDB, $conf, $pluginManager); |
926 | } | 888 | } |
927 | 889 | ||
928 | // ATOM and RSS feed. | 890 | // ATOM and RSS feed. |
@@ -933,7 +895,7 @@ function renderPage() | |||
933 | // Cache system | 895 | // Cache system |
934 | $query = $_SERVER['QUERY_STRING']; | 896 | $query = $_SERVER['QUERY_STRING']; |
935 | $cache = new CachedPage( | 897 | $cache = new CachedPage( |
936 | $GLOBALS['config']['PAGECACHE'], | 898 | $conf->get('resource.page_cache'), |
937 | page_url($_SERVER), | 899 | page_url($_SERVER), |
938 | startsWith($query,'do='. $targetPage) && !isLoggedIn() | 900 | startsWith($query,'do='. $targetPage) && !isLoggedIn() |
939 | ); | 901 | ); |
@@ -946,15 +908,15 @@ function renderPage() | |||
946 | // Generate data. | 908 | // Generate data. |
947 | $feedGenerator = new FeedBuilder($LINKSDB, $feedType, $_SERVER, $_GET, isLoggedIn()); | 909 | $feedGenerator = new FeedBuilder($LINKSDB, $feedType, $_SERVER, $_GET, isLoggedIn()); |
948 | $feedGenerator->setLocale(strtolower(setlocale(LC_COLLATE, 0))); | 910 | $feedGenerator->setLocale(strtolower(setlocale(LC_COLLATE, 0))); |
949 | $feedGenerator->setHideDates($GLOBALS['config']['HIDE_TIMESTAMPS'] && !isLoggedIn()); | 911 | $feedGenerator->setHideDates($conf->get('privacy.hide_timestamps') && !isLoggedIn()); |
950 | $feedGenerator->setUsePermalinks(isset($_GET['permalinks']) || !$GLOBALS['config']['ENABLE_RSS_PERMALINKS']); | 912 | $feedGenerator->setUsePermalinks(isset($_GET['permalinks']) || !$conf->get('feed.rss_permalinks')); |
951 | if (!empty($GLOBALS['config']['PUBSUBHUB_URL'])) { | 913 | $pshUrl = $conf->get('config.PUBSUBHUB_URL'); |
952 | $feedGenerator->setPubsubhubUrl($GLOBALS['config']['PUBSUBHUB_URL']); | 914 | if (!empty($pshUrl)) { |
915 | $feedGenerator->setPubsubhubUrl($pshUrl); | ||
953 | } | 916 | } |
954 | $data = $feedGenerator->buildData(); | 917 | $data = $feedGenerator->buildData(); |
955 | 918 | ||
956 | // Process plugin hook. | 919 | // Process plugin hook. |
957 | $pluginManager = PluginManager::getInstance(); | ||
958 | $pluginManager->executeHooks('render_feed', $data, array( | 920 | $pluginManager->executeHooks('render_feed', $data, array( |
959 | 'loggedin' => isLoggedIn(), | 921 | 'loggedin' => isLoggedIn(), |
960 | 'target' => $targetPage, | 922 | 'target' => $targetPage, |
@@ -1080,7 +1042,7 @@ function renderPage() | |||
1080 | exit; | 1042 | exit; |
1081 | } | 1043 | } |
1082 | 1044 | ||
1083 | showLinkList($PAGE, $LINKSDB); | 1045 | showLinkList($PAGE, $LINKSDB, $conf, $pluginManager); |
1084 | if (isset($_GET['edit_link'])) { | 1046 | if (isset($_GET['edit_link'])) { |
1085 | header('Location: ?do=login&edit_link='. escape($_GET['edit_link'])); | 1047 | header('Location: ?do=login&edit_link='. escape($_GET['edit_link'])); |
1086 | exit; | 1048 | exit; |
@@ -1110,19 +1072,23 @@ function renderPage() | |||
1110 | // -------- User wants to change his/her password. | 1072 | // -------- User wants to change his/her password. |
1111 | if ($targetPage == Router::$PAGE_CHANGEPASSWORD) | 1073 | if ($targetPage == Router::$PAGE_CHANGEPASSWORD) |
1112 | { | 1074 | { |
1113 | if ($GLOBALS['config']['OPEN_SHAARLI']) die('You are not supposed to change a password on an Open Shaarli.'); | 1075 | if ($conf->get('security.open_shaarli')) { |
1076 | die('You are not supposed to change a password on an Open Shaarli.'); | ||
1077 | } | ||
1078 | |||
1114 | if (!empty($_POST['setpassword']) && !empty($_POST['oldpassword'])) | 1079 | if (!empty($_POST['setpassword']) && !empty($_POST['oldpassword'])) |
1115 | { | 1080 | { |
1116 | if (!tokenOk($_POST['token'])) die('Wrong token.'); // Go away! | 1081 | if (!tokenOk($_POST['token'])) die('Wrong token.'); // Go away! |
1117 | 1082 | ||
1118 | // Make sure old password is correct. | 1083 | // Make sure old password is correct. |
1119 | $oldhash = sha1($_POST['oldpassword'].$GLOBALS['login'].$GLOBALS['salt']); | 1084 | $oldhash = sha1($_POST['oldpassword'].$conf->get('credentials.login').$conf->get('credentials.salt')); |
1120 | if ($oldhash!=$GLOBALS['hash']) { echo '<script>alert("The old password is not correct.");document.location=\'?do=changepasswd\';</script>'; exit; } | 1085 | if ($oldhash!= $conf->get('credentials.hash')) { echo '<script>alert("The old password is not correct.");document.location=\'?do=changepasswd\';</script>'; exit; } |
1121 | // Save new password | 1086 | // Save new password |
1122 | $GLOBALS['salt'] = sha1(uniqid('',true).'_'.mt_rand()); // Salt renders rainbow-tables attacks useless. | 1087 | // Salt renders rainbow-tables attacks useless. |
1123 | $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']); | 1088 | $conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand())); |
1089 | $conf->set('credentials.hash', sha1($_POST['setpassword'] . $conf->get('credentials.login') . $conf->get('credentials.salt'))); | ||
1124 | try { | 1090 | try { |
1125 | writeConfig($GLOBALS, isLoggedIn()); | 1091 | $conf->write(isLoggedIn()); |
1126 | } | 1092 | } |
1127 | catch(Exception $e) { | 1093 | catch(Exception $e) { |
1128 | error_log( | 1094 | error_log( |
@@ -1139,7 +1105,7 @@ function renderPage() | |||
1139 | } | 1105 | } |
1140 | else // show the change password form. | 1106 | else // show the change password form. |
1141 | { | 1107 | { |
1142 | $PAGE->assign('token',getToken()); | 1108 | $PAGE->assign('token',getToken($conf)); |
1143 | $PAGE->renderPage('changepassword'); | 1109 | $PAGE->renderPage('changepassword'); |
1144 | exit; | 1110 | exit; |
1145 | } | 1111 | } |
@@ -1159,17 +1125,17 @@ function renderPage() | |||
1159 | ) { | 1125 | ) { |
1160 | $tz = $_POST['continent'] . '/' . $_POST['city']; | 1126 | $tz = $_POST['continent'] . '/' . $_POST['city']; |
1161 | } | 1127 | } |
1162 | $GLOBALS['timezone'] = $tz; | 1128 | $conf->set('general.timezone', $tz); |
1163 | $GLOBALS['title']=$_POST['title']; | 1129 | $conf->set('general.title', escape($_POST['title'])); |
1164 | $GLOBALS['titleLink']=$_POST['titleLink']; | 1130 | $conf->set('general.header_link', escape($_POST['titleLink'])); |
1165 | $GLOBALS['redirector']=$_POST['redirector']; | 1131 | $conf->set('redirector.url', escape($_POST['redirector'])); |
1166 | $GLOBALS['disablesessionprotection']=!empty($_POST['disablesessionprotection']); | 1132 | $conf->set('security.session_protection_disabled', !empty($_POST['disablesessionprotection'])); |
1167 | $GLOBALS['privateLinkByDefault']=!empty($_POST['privateLinkByDefault']); | 1133 | $conf->set('privacy.default_private_links', !empty($_POST['privateLinkByDefault'])); |
1168 | $GLOBALS['config']['ENABLE_RSS_PERMALINKS']= !empty($_POST['enableRssPermalinks']); | 1134 | $conf->set('feed.rss_permalinks', !empty($_POST['enableRssPermalinks'])); |
1169 | $GLOBALS['config']['ENABLE_UPDATECHECK'] = !empty($_POST['updateCheck']); | 1135 | $conf->set('updates.check_updates', !empty($_POST['updateCheck'])); |
1170 | $GLOBALS['config']['HIDE_PUBLIC_LINKS'] = !empty($_POST['hidePublicLinks']); | 1136 | $conf->set('privacy.hide_public_links', !empty($_POST['hidePublicLinks'])); |
1171 | try { | 1137 | try { |
1172 | writeConfig($GLOBALS, isLoggedIn()); | 1138 | $conf->write(isLoggedIn()); |
1173 | } | 1139 | } |
1174 | catch(Exception $e) { | 1140 | catch(Exception $e) { |
1175 | error_log( | 1141 | error_log( |
@@ -1178,20 +1144,24 @@ function renderPage() | |||
1178 | ); | 1144 | ); |
1179 | 1145 | ||
1180 | // TODO: do not handle exceptions/errors in JS. | 1146 | // TODO: do not handle exceptions/errors in JS. |
1181 | echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=tools\';</script>'; | 1147 | echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=configure\';</script>'; |
1182 | exit; | 1148 | exit; |
1183 | } | 1149 | } |
1184 | echo '<script>alert("Configuration was saved.");document.location=\'?do=tools\';</script>'; | 1150 | echo '<script>alert("Configuration was saved.");document.location=\'?do=configure\';</script>'; |
1185 | exit; | 1151 | exit; |
1186 | } | 1152 | } |
1187 | else // Show the configuration form. | 1153 | else // Show the configuration form. |
1188 | { | 1154 | { |
1189 | $PAGE->assign('token',getToken()); | 1155 | $PAGE->assign('token',getToken($conf)); |
1190 | $PAGE->assign('title', empty($GLOBALS['title']) ? '' : $GLOBALS['title'] ); | 1156 | $PAGE->assign('title', $conf->get('general.title')); |
1191 | $PAGE->assign('redirector', empty($GLOBALS['redirector']) ? '' : $GLOBALS['redirector'] ); | 1157 | $PAGE->assign('redirector', $conf->get('redirector.url')); |
1192 | list($timezone_form, $timezone_js) = generateTimeZoneForm($GLOBALS['timezone']); | 1158 | list($timezone_form, $timezone_js) = generateTimeZoneForm($conf->get('general.timezone')); |
1193 | $PAGE->assign('timezone_form', $timezone_form); | 1159 | $PAGE->assign('timezone_form', $timezone_form); |
1194 | $PAGE->assign('timezone_js',$timezone_js); | 1160 | $PAGE->assign('timezone_js',$timezone_js); |
1161 | $PAGE->assign('private_links_default', $conf->get('privacy.default_private_links', false)); | ||
1162 | $PAGE->assign('enable_rss_permalinks', $conf->get('feed.rss_permalinks', false)); | ||
1163 | $PAGE->assign('enable_update_check', $conf->get('updates.check_updates', true)); | ||
1164 | $PAGE->assign('hide_public_links', $conf->get('privacy.hide_public_links', false)); | ||
1195 | $PAGE->renderPage('configure'); | 1165 | $PAGE->renderPage('configure'); |
1196 | exit; | 1166 | exit; |
1197 | } | 1167 | } |
@@ -1201,7 +1171,7 @@ function renderPage() | |||
1201 | if ($targetPage == Router::$PAGE_CHANGETAG) | 1171 | if ($targetPage == Router::$PAGE_CHANGETAG) |
1202 | { | 1172 | { |
1203 | if (empty($_POST['fromtag']) || (empty($_POST['totag']) && isset($_POST['renametag']))) { | 1173 | if (empty($_POST['fromtag']) || (empty($_POST['totag']) && isset($_POST['renametag']))) { |
1204 | $PAGE->assign('token', getToken()); | 1174 | $PAGE->assign('token', getToken($conf)); |
1205 | $PAGE->assign('tags', $LINKSDB->allTags()); | 1175 | $PAGE->assign('tags', $LINKSDB->allTags()); |
1206 | $PAGE->renderPage('changetag'); | 1176 | $PAGE->renderPage('changetag'); |
1207 | exit; | 1177 | exit; |
@@ -1223,7 +1193,7 @@ function renderPage() | |||
1223 | $value['tags']=trim(implode(' ',$tags)); | 1193 | $value['tags']=trim(implode(' ',$tags)); |
1224 | $LINKSDB[$key]=$value; | 1194 | $LINKSDB[$key]=$value; |
1225 | } | 1195 | } |
1226 | $LINKSDB->savedb($GLOBALS['config']['PAGECACHE']); | 1196 | $LINKSDB->savedb($conf->get('resource.page_cache')); |
1227 | echo '<script>alert("Tag was removed from '.count($linksToAlter).' links.");document.location=\'?\';</script>'; | 1197 | echo '<script>alert("Tag was removed from '.count($linksToAlter).' links.");document.location=\'?\';</script>'; |
1228 | exit; | 1198 | exit; |
1229 | } | 1199 | } |
@@ -1240,7 +1210,7 @@ function renderPage() | |||
1240 | $value['tags']=trim(implode(' ',$tags)); | 1210 | $value['tags']=trim(implode(' ',$tags)); |
1241 | $LINKSDB[$key]=$value; | 1211 | $LINKSDB[$key]=$value; |
1242 | } | 1212 | } |
1243 | $LINKSDB->savedb($GLOBALS['config']['PAGECACHE']); // Save to disk. | 1213 | $LINKSDB->savedb($conf->get('resource.page_cache')); // Save to disk. |
1244 | echo '<script>alert("Tag was renamed in '.count($linksToAlter).' links.");document.location=\'?searchtags='.urlencode($_POST['totag']).'\';</script>'; | 1214 | echo '<script>alert("Tag was renamed in '.count($linksToAlter).' links.");document.location=\'?searchtags='.urlencode($_POST['totag']).'\';</script>'; |
1245 | exit; | 1215 | exit; |
1246 | } | 1216 | } |
@@ -1291,8 +1261,8 @@ function renderPage() | |||
1291 | $pluginManager->executeHooks('save_link', $link); | 1261 | $pluginManager->executeHooks('save_link', $link); |
1292 | 1262 | ||
1293 | $LINKSDB[$linkdate] = $link; | 1263 | $LINKSDB[$linkdate] = $link; |
1294 | $LINKSDB->savedb($GLOBALS['config']['PAGECACHE']); | 1264 | $LINKSDB->savedb($conf->get('resource.page_cache')); |
1295 | pubsubhub(); | 1265 | pubsubhub($conf); |
1296 | 1266 | ||
1297 | // If we are called from the bookmarklet, we must close the popup: | 1267 | // If we are called from the bookmarklet, we must close the popup: |
1298 | if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { | 1268 | if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { |
@@ -1333,7 +1303,7 @@ function renderPage() | |||
1333 | $pluginManager->executeHooks('delete_link', $LINKSDB[$linkdate]); | 1303 | $pluginManager->executeHooks('delete_link', $LINKSDB[$linkdate]); |
1334 | 1304 | ||
1335 | unset($LINKSDB[$linkdate]); | 1305 | unset($LINKSDB[$linkdate]); |
1336 | $LINKSDB->savedb($GLOBALS['config']['PAGECACHE']); // save to disk | 1306 | $LINKSDB->savedb('resource.page_cache'); // save to disk |
1337 | 1307 | ||
1338 | // If we are called from the bookmarklet, we must close the popup: | 1308 | // If we are called from the bookmarklet, we must close the popup: |
1339 | if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo '<script>self.close();</script>'; exit; } | 1309 | if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo '<script>self.close();</script>'; exit; } |
@@ -1376,7 +1346,7 @@ function renderPage() | |||
1376 | $data = array( | 1346 | $data = array( |
1377 | 'link' => $link, | 1347 | 'link' => $link, |
1378 | 'link_is_new' => false, | 1348 | 'link_is_new' => false, |
1379 | 'token' => getToken(), | 1349 | 'token' => getToken($conf), |
1380 | 'http_referer' => (isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']) : ''), | 1350 | 'http_referer' => (isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']) : ''), |
1381 | 'tags' => $LINKSDB->allTags(), | 1351 | 'tags' => $LINKSDB->allTags(), |
1382 | ); | 1352 | ); |
@@ -1443,10 +1413,11 @@ function renderPage() | |||
1443 | $data = array( | 1413 | $data = array( |
1444 | 'link' => $link, | 1414 | 'link' => $link, |
1445 | 'link_is_new' => $link_is_new, | 1415 | 'link_is_new' => $link_is_new, |
1446 | 'token' => getToken(), // XSRF protection. | 1416 | 'token' => getToken($conf), // XSRF protection. |
1447 | 'http_referer' => (isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']) : ''), | 1417 | 'http_referer' => (isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']) : ''), |
1448 | 'source' => (isset($_GET['source']) ? $_GET['source'] : ''), | 1418 | 'source' => (isset($_GET['source']) ? $_GET['source'] : ''), |
1449 | 'tags' => $LINKSDB->allTags(), | 1419 | 'tags' => $LINKSDB->allTags(), |
1420 | 'default_private_links' => $conf->get('default_private_links', false), | ||
1450 | ); | 1421 | ); |
1451 | $pluginManager->executeHooks('render_editlink', $data); | 1422 | $pluginManager->executeHooks('render_editlink', $data); |
1452 | 1423 | ||
@@ -1520,7 +1491,7 @@ function renderPage() | |||
1520 | // -------- Show upload/import dialog: | 1491 | // -------- Show upload/import dialog: |
1521 | if ($targetPage == Router::$PAGE_IMPORT) | 1492 | if ($targetPage == Router::$PAGE_IMPORT) |
1522 | { | 1493 | { |
1523 | $PAGE->assign('token',getToken()); | 1494 | $PAGE->assign('token',getToken($conf)); |
1524 | $PAGE->assign('maxfilesize',getMaxFileSize()); | 1495 | $PAGE->assign('maxfilesize',getMaxFileSize()); |
1525 | $PAGE->renderPage('import'); | 1496 | $PAGE->renderPage('import'); |
1526 | exit; | 1497 | exit; |
@@ -1533,7 +1504,7 @@ function renderPage() | |||
1533 | // Split plugins into 2 arrays: ordered enabled plugins and disabled. | 1504 | // Split plugins into 2 arrays: ordered enabled plugins and disabled. |
1534 | $enabledPlugins = array_filter($pluginMeta, function($v) { return $v['order'] !== false; }); | 1505 | $enabledPlugins = array_filter($pluginMeta, function($v) { return $v['order'] !== false; }); |
1535 | // Load parameters. | 1506 | // Load parameters. |
1536 | $enabledPlugins = load_plugin_parameter_values($enabledPlugins, $GLOBALS['plugins']); | 1507 | $enabledPlugins = load_plugin_parameter_values($enabledPlugins, $conf->get('plugins', array())); |
1537 | uasort( | 1508 | uasort( |
1538 | $enabledPlugins, | 1509 | $enabledPlugins, |
1539 | function($a, $b) { return $a['order'] - $b['order']; } | 1510 | function($a, $b) { return $a['order'] - $b['order']; } |
@@ -1552,13 +1523,13 @@ function renderPage() | |||
1552 | if (isset($_POST['parameters_form'])) { | 1523 | if (isset($_POST['parameters_form'])) { |
1553 | unset($_POST['parameters_form']); | 1524 | unset($_POST['parameters_form']); |
1554 | foreach ($_POST as $param => $value) { | 1525 | foreach ($_POST as $param => $value) { |
1555 | $GLOBALS['plugins'][$param] = escape($value); | 1526 | $conf->set('plugins.'. $param, escape($value)); |
1556 | } | 1527 | } |
1557 | } | 1528 | } |
1558 | else { | 1529 | else { |
1559 | $GLOBALS['config']['ENABLED_PLUGINS'] = save_plugin_config($_POST); | 1530 | $conf->set('general.enabled_plugins', save_plugin_config($_POST)); |
1560 | } | 1531 | } |
1561 | writeConfig($GLOBALS, isLoggedIn()); | 1532 | $conf->write(isLoggedIn()); |
1562 | } | 1533 | } |
1563 | catch (Exception $e) { | 1534 | catch (Exception $e) { |
1564 | error_log( | 1535 | error_log( |
@@ -1575,13 +1546,17 @@ function renderPage() | |||
1575 | } | 1546 | } |
1576 | 1547 | ||
1577 | // -------- Otherwise, simply display search form and links: | 1548 | // -------- Otherwise, simply display search form and links: |
1578 | showLinkList($PAGE, $LINKSDB); | 1549 | showLinkList($PAGE, $LINKSDB, $conf, $pluginManager); |
1579 | exit; | 1550 | exit; |
1580 | } | 1551 | } |
1581 | 1552 | ||
1582 | // ----------------------------------------------------------------------------------------------- | 1553 | /** |
1583 | // Process the import file form. | 1554 | * Process the import file form. |
1584 | function importFile($LINKSDB) | 1555 | * |
1556 | * @param LinkDB $LINKSDB Loaded LinkDB instance. | ||
1557 | * @param ConfigManager $conf Configuration Manager instance. | ||
1558 | */ | ||
1559 | function importFile($LINKSDB, $conf) | ||
1585 | { | 1560 | { |
1586 | if (!isLoggedIn()) { die('Not allowed.'); } | 1561 | if (!isLoggedIn()) { die('Not allowed.'); } |
1587 | 1562 | ||
@@ -1654,7 +1629,7 @@ function importFile($LINKSDB) | |||
1654 | } | 1629 | } |
1655 | } | 1630 | } |
1656 | } | 1631 | } |
1657 | $LINKSDB->savedb($GLOBALS['config']['PAGECACHE']); | 1632 | $LINKSDB->savedb($conf->get('resource.page_cache')); |
1658 | 1633 | ||
1659 | echo '<script>alert("File '.json_encode($filename).' ('.$filesize.' bytes) was successfully processed: '.$import_count.' links imported.");document.location=\'?\';</script>'; | 1634 | echo '<script>alert("File '.json_encode($filename).' ('.$filesize.' bytes) was successfully processed: '.$import_count.' links imported.");document.location=\'?\';</script>'; |
1660 | } | 1635 | } |
@@ -1668,10 +1643,12 @@ function importFile($LINKSDB) | |||
1668 | * Template for the list of links (<div id="linklist">) | 1643 | * Template for the list of links (<div id="linklist">) |
1669 | * This function fills all the necessary fields in the $PAGE for the template 'linklist.html' | 1644 | * This function fills all the necessary fields in the $PAGE for the template 'linklist.html' |
1670 | * | 1645 | * |
1671 | * @param pageBuilder $PAGE pageBuilder instance. | 1646 | * @param pageBuilder $PAGE pageBuilder instance. |
1672 | * @param LinkDB $LINKSDB LinkDB instance. | 1647 | * @param LinkDB $LINKSDB LinkDB instance. |
1648 | * @param ConfigManager $conf Configuration Manager instance. | ||
1649 | * @param PluginManager $pluginManager Plugin Manager instance. | ||
1673 | */ | 1650 | */ |
1674 | function buildLinkList($PAGE,$LINKSDB) | 1651 | function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager) |
1675 | { | 1652 | { |
1676 | // Used in templates | 1653 | // Used in templates |
1677 | $searchtags = !empty($_GET['searchtags']) ? escape($_GET['searchtags']) : ''; | 1654 | $searchtags = !empty($_GET['searchtags']) ? escape($_GET['searchtags']) : ''; |
@@ -1700,7 +1677,7 @@ function buildLinkList($PAGE,$LINKSDB) | |||
1700 | 1677 | ||
1701 | // If there is only a single link, we change on-the-fly the title of the page. | 1678 | // If there is only a single link, we change on-the-fly the title of the page. |
1702 | if (count($linksToDisplay) == 1) { | 1679 | if (count($linksToDisplay) == 1) { |
1703 | $GLOBALS['pagetitle'] = $linksToDisplay[$keys[0]]['title'].' - '.$GLOBALS['title']; | 1680 | $conf->set('pagetitle', $linksToDisplay[$keys[0]]['title'] .' - '. $conf->get('general.title')); |
1704 | } | 1681 | } |
1705 | 1682 | ||
1706 | // Select articles according to paging. | 1683 | // Select articles according to paging. |
@@ -1716,7 +1693,7 @@ function buildLinkList($PAGE,$LINKSDB) | |||
1716 | while ($i<$end && $i<count($keys)) | 1693 | while ($i<$end && $i<count($keys)) |
1717 | { | 1694 | { |
1718 | $link = $linksToDisplay[$keys[$i]]; | 1695 | $link = $linksToDisplay[$keys[$i]]; |
1719 | $link['description'] = format_description($link['description'], $GLOBALS['redirector']); | 1696 | $link['description'] = format_description($link['description'], $conf->get('redirector.url')); |
1720 | $classLi = ($i % 2) != 0 ? '' : 'publicLinkHightLight'; | 1697 | $classLi = ($i % 2) != 0 ? '' : 'publicLinkHightLight'; |
1721 | $link['class'] = $link['private'] == 0 ? $classLi : 'private'; | 1698 | $link['class'] = $link['private'] == 0 ? $classLi : 'private'; |
1722 | $date = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $link['linkdate']); | 1699 | $date = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $link['linkdate']); |
@@ -1747,7 +1724,7 @@ function buildLinkList($PAGE,$LINKSDB) | |||
1747 | $next_page_url = '?page=' . ($page-1) . $searchtermUrl . $searchtagsUrl; | 1724 | $next_page_url = '?page=' . ($page-1) . $searchtermUrl . $searchtagsUrl; |
1748 | } | 1725 | } |
1749 | 1726 | ||
1750 | $token = isLoggedIn() ? getToken() : ''; | 1727 | $token = isLoggedIn() ? getToken($conf) : ''; |
1751 | 1728 | ||
1752 | // Fill all template fields. | 1729 | // Fill all template fields. |
1753 | $data = array( | 1730 | $data = array( |
@@ -1758,17 +1735,16 @@ function buildLinkList($PAGE,$LINKSDB) | |||
1758 | 'result_count' => count($linksToDisplay), | 1735 | 'result_count' => count($linksToDisplay), |
1759 | 'search_term' => $searchterm, | 1736 | 'search_term' => $searchterm, |
1760 | 'search_tags' => $searchtags, | 1737 | 'search_tags' => $searchtags, |
1761 | 'redirector' => empty($GLOBALS['redirector']) ? '' : $GLOBALS['redirector'], // Optional redirector URL. | 1738 | 'redirector' => $conf->get('redirector.url'), // Optional redirector URL. |
1762 | 'token' => $token, | 1739 | 'token' => $token, |
1763 | 'links' => $linkDisp, | 1740 | 'links' => $linkDisp, |
1764 | 'tags' => $LINKSDB->allTags(), | 1741 | 'tags' => $LINKSDB->allTags(), |
1765 | ); | 1742 | ); |
1766 | // FIXME! temporary fix - see #399. | 1743 | // FIXME! temporary fix - see #399. |
1767 | if (!empty($GLOBALS['pagetitle']) && count($linkDisp) == 1) { | 1744 | if ($conf->exists('pagetitle') && count($linkDisp) == 1) { |
1768 | $data['pagetitle'] = $GLOBALS['pagetitle']; | 1745 | $data['pagetitle'] = $conf->get('pagetitle'); |
1769 | } | 1746 | } |
1770 | 1747 | ||
1771 | $pluginManager = PluginManager::getInstance(); | ||
1772 | $pluginManager->executeHooks('render_linklist', $data, array('loggedin' => isLoggedIn())); | 1748 | $pluginManager->executeHooks('render_linklist', $data, array('loggedin' => isLoggedIn())); |
1773 | 1749 | ||
1774 | foreach ($data as $key => $value) { | 1750 | foreach ($data as $key => $value) { |
@@ -1778,18 +1754,26 @@ function buildLinkList($PAGE,$LINKSDB) | |||
1778 | return; | 1754 | return; |
1779 | } | 1755 | } |
1780 | 1756 | ||
1781 | // Compute the thumbnail for a link. | 1757 | /** |
1782 | // | 1758 | * Compute the thumbnail for a link. |
1783 | // With a link to the original URL. | 1759 | * |
1784 | // Understands various services (youtube.com...) | 1760 | * With a link to the original URL. |
1785 | // Input: $url = URL for which the thumbnail must be found. | 1761 | * Understands various services (youtube.com...) |
1786 | // $href = if provided, this URL will be followed instead of $url | 1762 | * Input: $url = URL for which the thumbnail must be found. |
1787 | // Returns an associative array with thumbnail attributes (src,href,width,height,style,alt) | 1763 | * $href = if provided, this URL will be followed instead of $url |
1788 | // Some of them may be missing. | 1764 | * Returns an associative array with thumbnail attributes (src,href,width,height,style,alt) |
1789 | // Return an empty array if no thumbnail available. | 1765 | * Some of them may be missing. |
1790 | function computeThumbnail($url,$href=false) | 1766 | * Return an empty array if no thumbnail available. |
1767 | * | ||
1768 | * @param ConfigManager $conf Configuration Manager instance. | ||
1769 | * @param string $url | ||
1770 | * @param string|bool $href | ||
1771 | * | ||
1772 | * @return array | ||
1773 | */ | ||
1774 | function computeThumbnail($conf, $url, $href = false) | ||
1791 | { | 1775 | { |
1792 | if (!$GLOBALS['config']['ENABLE_THUMBNAILS']) return array(); | 1776 | if (!$conf->get('thumbnail.enable_thumbnails')) return array(); |
1793 | if ($href==false) $href=$url; | 1777 | if ($href==false) $href=$url; |
1794 | 1778 | ||
1795 | // For most hosts, the URL of the thumbnail can be easily deduced from the URL of the link. | 1779 | // For most hosts, the URL of the thumbnail can be easily deduced from the URL of the link. |
@@ -1857,7 +1841,7 @@ function computeThumbnail($url,$href=false) | |||
1857 | // So we deport the thumbnail generation in order not to slow down page generation | 1841 | // So we deport the thumbnail generation in order not to slow down page generation |
1858 | // (and we also cache the thumbnail) | 1842 | // (and we also cache the thumbnail) |
1859 | 1843 | ||
1860 | if (!$GLOBALS['config']['ENABLE_LOCALCACHE']) return array(); // If local cache is disabled, no thumbnails for services which require the use a local cache. | 1844 | if (! $conf->get('thumbnail.enable_localcache')) return array(); // If local cache is disabled, no thumbnails for services which require the use a local cache. |
1861 | 1845 | ||
1862 | if ($domain=='flickr.com' || endsWith($domain,'.flickr.com') | 1846 | if ($domain=='flickr.com' || endsWith($domain,'.flickr.com') |
1863 | || $domain=='vimeo.com' | 1847 | || $domain=='vimeo.com' |
@@ -1880,7 +1864,7 @@ function computeThumbnail($url,$href=false) | |||
1880 | $path = parse_url($url,PHP_URL_PATH); | 1864 | $path = parse_url($url,PHP_URL_PATH); |
1881 | if ("/talks/" !== substr($path,0,7)) return array(); // This is not a single video URL. | 1865 | if ("/talks/" !== substr($path,0,7)) return array(); // This is not a single video URL. |
1882 | } | 1866 | } |
1883 | $sign = hash_hmac('sha256', $url, $GLOBALS['salt']); // We use the salt to sign data (it's random, secret, and specific to each installation) | 1867 | $sign = hash_hmac('sha256', $url, $conf->get('credentials.salt')); // We use the salt to sign data (it's random, secret, and specific to each installation) |
1884 | return array('src'=>index_url($_SERVER).'?do=genthumbnail&hmac='.$sign.'&url='.urlencode($url), | 1868 | return array('src'=>index_url($_SERVER).'?do=genthumbnail&hmac='.$sign.'&url='.urlencode($url), |
1885 | 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail'); | 1869 | 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail'); |
1886 | } | 1870 | } |
@@ -1891,7 +1875,7 @@ function computeThumbnail($url,$href=false) | |||
1891 | $ext=strtolower(pathinfo($url,PATHINFO_EXTENSION)); | 1875 | $ext=strtolower(pathinfo($url,PATHINFO_EXTENSION)); |
1892 | if ($ext=='jpg' || $ext=='jpeg' || $ext=='png' || $ext=='gif') | 1876 | if ($ext=='jpg' || $ext=='jpeg' || $ext=='png' || $ext=='gif') |
1893 | { | 1877 | { |
1894 | $sign = hash_hmac('sha256', $url, $GLOBALS['salt']); // We use the salt to sign data (it's random, secret, and specific to each installation) | 1878 | $sign = hash_hmac('sha256', $url, $conf->get('credentials.salt')); // We use the salt to sign data (it's random, secret, and specific to each installation) |
1895 | return array('src'=>index_url($_SERVER).'?do=genthumbnail&hmac='.$sign.'&url='.urlencode($url), | 1879 | return array('src'=>index_url($_SERVER).'?do=genthumbnail&hmac='.$sign.'&url='.urlencode($url), |
1896 | 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail'); | 1880 | 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail'); |
1897 | } | 1881 | } |
@@ -1908,7 +1892,9 @@ function computeThumbnail($url,$href=false) | |||
1908 | // Returns '' if no thumbnail available. | 1892 | // Returns '' if no thumbnail available. |
1909 | function thumbnail($url,$href=false) | 1893 | function thumbnail($url,$href=false) |
1910 | { | 1894 | { |
1911 | $t = computeThumbnail($url,$href); | 1895 | // FIXME! |
1896 | global $conf; | ||
1897 | $t = computeThumbnail($conf, $url,$href); | ||
1912 | if (count($t)==0) return ''; // Empty array = no thumbnail for this URL. | 1898 | if (count($t)==0) return ''; // Empty array = no thumbnail for this URL. |
1913 | 1899 | ||
1914 | $html='<a href="'.escape($t['href']).'"><img src="'.escape($t['src']).'"'; | 1900 | $html='<a href="'.escape($t['href']).'"><img src="'.escape($t['src']).'"'; |
@@ -1926,9 +1912,11 @@ function thumbnail($url,$href=false) | |||
1926 | // Input: $url = URL for which the thumbnail must be found. | 1912 | // Input: $url = URL for which the thumbnail must be found. |
1927 | // $href = if provided, this URL will be followed instead of $url | 1913 | // $href = if provided, this URL will be followed instead of $url |
1928 | // Returns '' if no thumbnail available. | 1914 | // Returns '' if no thumbnail available. |
1929 | function lazyThumbnail($url,$href=false) | 1915 | function lazyThumbnail($conf, $url,$href=false) |
1930 | { | 1916 | { |
1931 | $t = computeThumbnail($url,$href); | 1917 | // FIXME! |
1918 | global $conf; | ||
1919 | $t = computeThumbnail($conf, $url,$href); | ||
1932 | if (count($t)==0) return ''; // Empty array = no thumbnail for this URL. | 1920 | if (count($t)==0) return ''; // Empty array = no thumbnail for this URL. |
1933 | 1921 | ||
1934 | $html='<a href="'.escape($t['href']).'">'; | 1922 | $html='<a href="'.escape($t['href']).'">'; |
@@ -1954,10 +1942,13 @@ function lazyThumbnail($url,$href=false) | |||
1954 | } | 1942 | } |
1955 | 1943 | ||
1956 | 1944 | ||
1957 | // ----------------------------------------------------------------------------------------------- | 1945 | /** |
1958 | // Installation | 1946 | * Installation |
1959 | // This function should NEVER be called if the file data/config.php exists. | 1947 | * This function should NEVER be called if the file data/config.php exists. |
1960 | function install() | 1948 | * |
1949 | * @param ConfigManager $conf Configuration Manager instance. | ||
1950 | */ | ||
1951 | function install($conf) | ||
1961 | { | 1952 | { |
1962 | // On free.fr host, make sure the /sessions directory exists, otherwise login will not work. | 1953 | // On free.fr host, make sure the /sessions directory exists, otherwise login will not work. |
1963 | if (endsWith($_SERVER['HTTP_HOST'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705); | 1954 | if (endsWith($_SERVER['HTTP_HOST'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705); |
@@ -1994,15 +1985,21 @@ function install() | |||
1994 | ) { | 1985 | ) { |
1995 | $tz = $_POST['continent'].'/'.$_POST['city']; | 1986 | $tz = $_POST['continent'].'/'.$_POST['city']; |
1996 | } | 1987 | } |
1997 | $GLOBALS['timezone'] = $tz; | 1988 | $conf->set('general.timezone', $tz); |
1998 | // Everything is ok, let's create config file. | 1989 | $login = $_POST['setlogin']; |
1999 | $GLOBALS['login'] = $_POST['setlogin']; | 1990 | $conf->set('credentials.login', $login); |
2000 | $GLOBALS['salt'] = sha1(uniqid('',true).'_'.mt_rand()); // Salt renders rainbow-tables attacks useless. | 1991 | $salt = sha1(uniqid('', true) .'_'. mt_rand()); |
2001 | $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']); | 1992 | $conf->set('credentials.salt', $salt); |
2002 | $GLOBALS['title'] = (empty($_POST['title']) ? 'Shared links on '.escape(index_url($_SERVER)) : $_POST['title'] ); | 1993 | $conf->set('credentials.hash', sha1($_POST['setpassword'] . $login . $salt)); |
2003 | $GLOBALS['config']['ENABLE_UPDATECHECK'] = !empty($_POST['updateCheck']); | 1994 | if (!empty($_POST['title'])) { |
1995 | $conf->set('general.title', escape($_POST['title'])); | ||
1996 | } else { | ||
1997 | $conf->set('general.title', 'Shared links on '.escape(index_url($_SERVER))); | ||
1998 | } | ||
1999 | $conf->set('updates.check_updates', !empty($_POST['updateCheck'])); | ||
2004 | try { | 2000 | try { |
2005 | writeConfig($GLOBALS, isLoggedIn()); | 2001 | // Everything is ok, let's create config file. |
2002 | $conf->write(isLoggedIn()); | ||
2006 | } | 2003 | } |
2007 | catch(Exception $e) { | 2004 | catch(Exception $e) { |
2008 | error_log( | 2005 | error_log( |
@@ -2025,42 +2022,46 @@ function install() | |||
2025 | $timezone_html = '<tr><td><b>Timezone:</b></td><td>'.$timezone_form.'</td></tr>'; | 2022 | $timezone_html = '<tr><td><b>Timezone:</b></td><td>'.$timezone_form.'</td></tr>'; |
2026 | } | 2023 | } |
2027 | 2024 | ||
2028 | $PAGE = new PageBuilder(); | 2025 | $PAGE = new PageBuilder($conf); |
2029 | $PAGE->assign('timezone_html',$timezone_html); | 2026 | $PAGE->assign('timezone_html',$timezone_html); |
2030 | $PAGE->assign('timezone_js',$timezone_js); | 2027 | $PAGE->assign('timezone_js',$timezone_js); |
2031 | $PAGE->renderPage('install'); | 2028 | $PAGE->renderPage('install'); |
2032 | exit; | 2029 | exit; |
2033 | } | 2030 | } |
2034 | 2031 | ||
2035 | /* Because some f*cking services like flickr require an extra HTTP request to get the thumbnail URL, | 2032 | /** |
2036 | I have deported the thumbnail URL code generation here, otherwise this would slow down page generation. | 2033 | * Because some f*cking services like flickr require an extra HTTP request to get the thumbnail URL, |
2037 | The following function takes the URL a link (e.g. a flickr page) and return the proper thumbnail. | 2034 | * I have deported the thumbnail URL code generation here, otherwise this would slow down page generation. |
2038 | This function is called by passing the URL: | 2035 | * The following function takes the URL a link (e.g. a flickr page) and return the proper thumbnail. |
2039 | http://mywebsite.com/shaarli/?do=genthumbnail&hmac=[HMAC]&url=[URL] | 2036 | * This function is called by passing the URL: |
2040 | [URL] is the URL of the link (e.g. a flickr page) | 2037 | * http://mywebsite.com/shaarli/?do=genthumbnail&hmac=[HMAC]&url=[URL] |
2041 | [HMAC] is the signature for the [URL] (so that these URL cannot be forged). | 2038 | * [URL] is the URL of the link (e.g. a flickr page) |
2042 | The function below will fetch the image from the webservice and store it in the cache. | 2039 | * [HMAC] is the signature for the [URL] (so that these URL cannot be forged). |
2043 | */ | 2040 | * The function below will fetch the image from the webservice and store it in the cache. |
2044 | function genThumbnail() | 2041 | * |
2042 | * @param ConfigManager $conf Configuration Manager instance, | ||
2043 | */ | ||
2044 | function genThumbnail($conf) | ||
2045 | { | 2045 | { |
2046 | // Make sure the parameters in the URL were generated by us. | 2046 | // Make sure the parameters in the URL were generated by us. |
2047 | $sign = hash_hmac('sha256', $_GET['url'], $GLOBALS['salt']); | 2047 | $sign = hash_hmac('sha256', $_GET['url'], $conf->get('credentials.salt')); |
2048 | if ($sign!=$_GET['hmac']) die('Naughty boy!'); | 2048 | if ($sign!=$_GET['hmac']) die('Naughty boy!'); |
2049 | 2049 | ||
2050 | $cacheDir = $conf->get('resource.thumbnails_cache', 'cache'); | ||
2050 | // Let's see if we don't already have the image for this URL in the cache. | 2051 | // Let's see if we don't already have the image for this URL in the cache. |
2051 | $thumbname=hash('sha1',$_GET['url']).'.jpg'; | 2052 | $thumbname=hash('sha1',$_GET['url']).'.jpg'; |
2052 | if (is_file($GLOBALS['config']['CACHEDIR'].'/'.$thumbname)) | 2053 | if (is_file($cacheDir .'/'. $thumbname)) |
2053 | { // We have the thumbnail, just serve it: | 2054 | { // We have the thumbnail, just serve it: |
2054 | header('Content-Type: image/jpeg'); | 2055 | header('Content-Type: image/jpeg'); |
2055 | echo file_get_contents($GLOBALS['config']['CACHEDIR'].'/'.$thumbname); | 2056 | echo file_get_contents($cacheDir .'/'. $thumbname); |
2056 | return; | 2057 | return; |
2057 | } | 2058 | } |
2058 | // We may also serve a blank image (if service did not respond) | 2059 | // We may also serve a blank image (if service did not respond) |
2059 | $blankname=hash('sha1',$_GET['url']).'.gif'; | 2060 | $blankname=hash('sha1',$_GET['url']).'.gif'; |
2060 | if (is_file($GLOBALS['config']['CACHEDIR'].'/'.$blankname)) | 2061 | if (is_file($cacheDir .'/'. $blankname)) |
2061 | { | 2062 | { |
2062 | header('Content-Type: image/gif'); | 2063 | header('Content-Type: image/gif'); |
2063 | echo file_get_contents($GLOBALS['config']['CACHEDIR'].'/'.$blankname); | 2064 | echo file_get_contents($cacheDir .'/'. $blankname); |
2064 | return; | 2065 | return; |
2065 | } | 2066 | } |
2066 | 2067 | ||
@@ -2107,7 +2108,7 @@ function genThumbnail() | |||
2107 | list($headers, $content) = get_http_response($imageurl, 10); | 2108 | list($headers, $content) = get_http_response($imageurl, 10); |
2108 | if (strpos($headers[0], '200 OK') !== false) { | 2109 | if (strpos($headers[0], '200 OK') !== false) { |
2109 | // Save image to cache. | 2110 | // Save image to cache. |
2110 | file_put_contents($GLOBALS['config']['CACHEDIR'].'/' . $thumbname, $content); | 2111 | file_put_contents($cacheDir .'/'. $thumbname, $content); |
2111 | header('Content-Type: image/jpeg'); | 2112 | header('Content-Type: image/jpeg'); |
2112 | echo $content; | 2113 | echo $content; |
2113 | return; | 2114 | return; |
@@ -2128,7 +2129,7 @@ function genThumbnail() | |||
2128 | list($headers, $content) = get_http_response($imageurl, 10); | 2129 | list($headers, $content) = get_http_response($imageurl, 10); |
2129 | if (strpos($headers[0], '200 OK') !== false) { | 2130 | if (strpos($headers[0], '200 OK') !== false) { |
2130 | // Save image to cache. | 2131 | // Save image to cache. |
2131 | file_put_contents($GLOBALS['config']['CACHEDIR'] . '/' . $thumbname, $content); | 2132 | file_put_contents($cacheDir .'/'. $thumbname, $content); |
2132 | header('Content-Type: image/jpeg'); | 2133 | header('Content-Type: image/jpeg'); |
2133 | echo $content; | 2134 | echo $content; |
2134 | return; | 2135 | return; |
@@ -2151,7 +2152,7 @@ function genThumbnail() | |||
2151 | // No control on image size, so wait long enough | 2152 | // No control on image size, so wait long enough |
2152 | list($headers, $content) = get_http_response($imageurl, 20); | 2153 | list($headers, $content) = get_http_response($imageurl, 20); |
2153 | if (strpos($headers[0], '200 OK') !== false) { | 2154 | if (strpos($headers[0], '200 OK') !== false) { |
2154 | $filepath=$GLOBALS['config']['CACHEDIR'].'/'.$thumbname; | 2155 | $filepath = $cacheDir .'/'. $thumbname; |
2155 | file_put_contents($filepath, $content); // Save image to cache. | 2156 | file_put_contents($filepath, $content); // Save image to cache. |
2156 | if (resizeImage($filepath)) | 2157 | if (resizeImage($filepath)) |
2157 | { | 2158 | { |
@@ -2179,7 +2180,7 @@ function genThumbnail() | |||
2179 | // No control on image size, so wait long enough | 2180 | // No control on image size, so wait long enough |
2180 | list($headers, $content) = get_http_response($imageurl, 20); | 2181 | list($headers, $content) = get_http_response($imageurl, 20); |
2181 | if (strpos($headers[0], '200 OK') !== false) { | 2182 | if (strpos($headers[0], '200 OK') !== false) { |
2182 | $filepath=$GLOBALS['config']['CACHEDIR'].'/'.$thumbname; | 2183 | $filepath = $cacheDir.'/'.$thumbname; |
2183 | // Save image to cache. | 2184 | // Save image to cache. |
2184 | file_put_contents($filepath, $content); | 2185 | file_put_contents($filepath, $content); |
2185 | if (resizeImage($filepath)) | 2186 | if (resizeImage($filepath)) |
@@ -2199,7 +2200,7 @@ function genThumbnail() | |||
2199 | // We allow 30 seconds max to download (and downloads are limited to 4 Mb) | 2200 | // We allow 30 seconds max to download (and downloads are limited to 4 Mb) |
2200 | list($headers, $content) = get_http_response($url, 30); | 2201 | list($headers, $content) = get_http_response($url, 30); |
2201 | if (strpos($headers[0], '200 OK') !== false) { | 2202 | if (strpos($headers[0], '200 OK') !== false) { |
2202 | $filepath=$GLOBALS['config']['CACHEDIR'].'/'.$thumbname; | 2203 | $filepath = $cacheDir .'/'.$thumbname; |
2203 | // Save image to cache. | 2204 | // Save image to cache. |
2204 | file_put_contents($filepath, $content); | 2205 | file_put_contents($filepath, $content); |
2205 | if (resizeImage($filepath)) | 2206 | if (resizeImage($filepath)) |
@@ -2214,7 +2215,8 @@ function genThumbnail() | |||
2214 | 2215 | ||
2215 | // Otherwise, return an empty image (8x8 transparent gif) | 2216 | // Otherwise, return an empty image (8x8 transparent gif) |
2216 | $blankgif = base64_decode('R0lGODlhCAAIAIAAAP///////yH5BAEKAAEALAAAAAAIAAgAAAIHjI+py+1dAAA7'); | 2217 | $blankgif = base64_decode('R0lGODlhCAAIAIAAAP///////yH5BAEKAAEALAAAAAAIAAgAAAIHjI+py+1dAAA7'); |
2217 | file_put_contents($GLOBALS['config']['CACHEDIR'].'/'.$blankname,$blankgif); // Also put something in cache so that this URL is not requested twice. | 2218 | // Also put something in cache so that this URL is not requested twice. |
2219 | file_put_contents($cacheDir .'/'. $blankname, $blankgif); | ||
2218 | header('Content-Type: image/gif'); | 2220 | header('Content-Type: image/gif'); |
2219 | echo $blankgif; | 2221 | echo $blankgif; |
2220 | } | 2222 | } |
@@ -2252,8 +2254,9 @@ function resizeImage($filepath) | |||
2252 | return true; | 2254 | return true; |
2253 | } | 2255 | } |
2254 | 2256 | ||
2255 | if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=genthumbnail')) { genThumbnail(); exit; } // Thumbnail generation/cache does not need the link database. | 2257 | if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=genthumbnail')) { genThumbnail($conf); exit; } // Thumbnail generation/cache does not need the link database. |
2256 | if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=dailyrss')) { showDailyRSS(); exit; } | 2258 | if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=dailyrss')) { showDailyRSS($conf); exit; } |
2257 | if (!isset($_SESSION['LINKS_PER_PAGE'])) $_SESSION['LINKS_PER_PAGE']=$GLOBALS['config']['LINKS_PER_PAGE']; | 2259 | if (!isset($_SESSION['LINKS_PER_PAGE'])) { |
2258 | renderPage(); | 2260 | $_SESSION['LINKS_PER_PAGE'] = $conf->get('general.links_per_page', 20); |
2259 | ?> | 2261 | } |
2262 | renderPage($conf, $pluginManager); | ||