aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
diff options
context:
space:
mode:
authornodiscc <nodiscc@gmail.com>2015-02-19 16:23:43 +0100
committernodiscc <nodiscc@gmail.com>2015-02-19 16:23:43 +0100
commit4891e2f77adc86a17284db0c7e8d57a0d8be834f (patch)
tree97ac6547c54b85c932b915c40aa6b9d0022f9257 /index.php
parent6e838176a1413ce09a4d6630f8438072af9f8fce (diff)
parentff69d87ed95747beae3fc60d450fe79ddc21398e (diff)
downloadShaarli-4891e2f77adc86a17284db0c7e8d57a0d8be834f.tar.gz
Shaarli-4891e2f77adc86a17284db0c7e8d57a0d8be834f.tar.zst
Shaarli-4891e2f77adc86a17284db0c7e8d57a0d8be834f.zip
Merge pull request #86 from pikzen/fix-cookies
Prevent shaarli from sending thousands of cookies.
Diffstat (limited to 'index.php')
-rw-r--r--index.php79
1 files changed, 57 insertions, 22 deletions
diff --git a/index.php b/index.php
index 3af38695..fdd9aecb 100644
--- a/index.php
+++ b/index.php
@@ -113,6 +113,53 @@ define('STAY_SIGNED_IN_TOKEN', sha1($GLOBALS['hash'].$_SERVER["REMOTE_ADDR"].$GL
113autoLocale(); // Sniff browser language and set date format accordingly. 113autoLocale(); // Sniff browser language and set date format accordingly.
114header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling. 114header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling.
115 115
116//==================================================================================================
117// Checking session state (i.e. is the user still logged in)
118//==================================================================================================
119
120function setup_login_state() {
121 $userIsLoggedIn = false; // By default, we do not consider the user as logged in;
122 $loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met.
123 if ($GLOBALS['config']['OPEN_SHAARLI']) {
124 $userIsLoggedIn = true;
125 }
126 if (!isset($GLOBALS['login'])) {
127 $userIsLoggedIn = false; // Shaarli is not configured yet.
128 $loginFailure = true;
129 }
130 if (isset($_COOKIE['shaarli_staySignedIn']) &&
131 $_COOKIE['shaarli_staySignedIn']===STAY_SIGNED_IN_TOKEN &&
132 !$loginFailure)
133 {
134 fillSessionInfo();
135 $userIsLoggedIn = true;
136 }
137 // If session does not exist on server side, or IP address has changed, or session has expired, logout.
138 if (empty($_SESSION['uid']) ||
139 ($GLOBALS['disablesessionprotection']==false && $_SESSION['ip']!=allIPs()) ||
140 time() >= $_SESSION['expires_on'])
141 {
142 logout();
143 $userIsLoggedIn = false;
144 $loginFailure = true;
145 }
146 if (!empty($_SESSION['longlastingsession'])) {
147 $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // In case of "Stay signed in" checked.
148 }
149 else {
150 $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Standard session expiration date.
151 }
152 if (!$loginFailure) {
153 $userIsLoggedIn = true;
154 }
155
156 return $userIsLoggedIn;
157}
158//==================================================================================================
159$userIsLoggedIn = setup_login_state();
160//==================================================================================================
161//==================================================================================================
162
116// Check PHP version 163// Check PHP version
117function checkphpversion() 164function checkphpversion()
118{ 165{
@@ -316,30 +363,19 @@ function check_auth($login,$password)
316// Returns true if the user is logged in. 363// Returns true if the user is logged in.
317function isLoggedIn() 364function isLoggedIn()
318{ 365{
319 if ($GLOBALS['config']['OPEN_SHAARLI']) return true; 366 global $userIsLoggedIn;
320 367 return $userIsLoggedIn;
321 if (!isset($GLOBALS['login'])) return false; // Shaarli is not configured yet.
322
323 if (@$_COOKIE['shaarli_staySignedIn']===STAY_SIGNED_IN_TOKEN)
324 {
325 fillSessionInfo();
326 return true;
327 }
328 // If session does not exist on server side, or IP address has changed, or session has expired, logout.
329 if (empty($_SESSION['uid']) || ($GLOBALS['disablesessionprotection']==false && $_SESSION['ip']!=allIPs()) || time()>=$_SESSION['expires_on'])
330 {
331 logout();
332 return false;
333 }
334 if (!empty($_SESSION['longlastingsession'])) $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // In case of "Stay signed in" checked.
335 else $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Standard session expiration date.
336
337 return true;
338} 368}
339 369
340// Force logout. 370// Force logout.
341function logout() { if (isset($_SESSION)) { unset($_SESSION['uid']); unset($_SESSION['ip']); unset($_SESSION['username']); unset($_SESSION['privateonly']); } 371function logout() {
342setcookie('shaarli_staySignedIn', FALSE, 0, WEB_PATH); 372 if (isset($_SESSION)) {
373 unset($_SESSION['uid']);
374 unset($_SESSION['ip']);
375 unset($_SESSION['username']);
376 unset($_SESSION['privateonly']);
377 }
378 setcookie('shaarli_staySignedIn', FALSE, 0, WEB_PATH);
343} 379}
344 380
345 381
@@ -2074,7 +2110,6 @@ function thumbnail($url,$href=false)
2074 return $html; 2110 return $html;
2075} 2111}
2076 2112
2077
2078// Returns the HTML code to display a thumbnail for a link 2113// Returns the HTML code to display a thumbnail for a link
2079// for the picture wall (using lazy image loading) 2114// for the picture wall (using lazy image loading)
2080// Understands various services (youtube.com...) 2115// Understands various services (youtube.com...)