diff options
author | nodiscc <nodiscc@gmail.com> | 2015-02-19 16:23:43 +0100 |
---|---|---|
committer | nodiscc <nodiscc@gmail.com> | 2015-02-19 16:23:43 +0100 |
commit | 4891e2f77adc86a17284db0c7e8d57a0d8be834f (patch) | |
tree | 97ac6547c54b85c932b915c40aa6b9d0022f9257 /index.php | |
parent | 6e838176a1413ce09a4d6630f8438072af9f8fce (diff) | |
parent | ff69d87ed95747beae3fc60d450fe79ddc21398e (diff) | |
download | Shaarli-4891e2f77adc86a17284db0c7e8d57a0d8be834f.tar.gz Shaarli-4891e2f77adc86a17284db0c7e8d57a0d8be834f.tar.zst Shaarli-4891e2f77adc86a17284db0c7e8d57a0d8be834f.zip |
Merge pull request #86 from pikzen/fix-cookies
Prevent shaarli from sending thousands of cookies.
Diffstat (limited to 'index.php')
-rw-r--r-- | index.php | 79 |
1 files changed, 57 insertions, 22 deletions
@@ -113,6 +113,53 @@ define('STAY_SIGNED_IN_TOKEN', sha1($GLOBALS['hash'].$_SERVER["REMOTE_ADDR"].$GL | |||
113 | autoLocale(); // Sniff browser language and set date format accordingly. | 113 | autoLocale(); // Sniff browser language and set date format accordingly. |
114 | header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling. | 114 | header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling. |
115 | 115 | ||
116 | //================================================================================================== | ||
117 | // Checking session state (i.e. is the user still logged in) | ||
118 | //================================================================================================== | ||
119 | |||
120 | function setup_login_state() { | ||
121 | $userIsLoggedIn = false; // By default, we do not consider the user as logged in; | ||
122 | $loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met. | ||
123 | if ($GLOBALS['config']['OPEN_SHAARLI']) { | ||
124 | $userIsLoggedIn = true; | ||
125 | } | ||
126 | if (!isset($GLOBALS['login'])) { | ||
127 | $userIsLoggedIn = false; // Shaarli is not configured yet. | ||
128 | $loginFailure = true; | ||
129 | } | ||
130 | if (isset($_COOKIE['shaarli_staySignedIn']) && | ||
131 | $_COOKIE['shaarli_staySignedIn']===STAY_SIGNED_IN_TOKEN && | ||
132 | !$loginFailure) | ||
133 | { | ||
134 | fillSessionInfo(); | ||
135 | $userIsLoggedIn = true; | ||
136 | } | ||
137 | // If session does not exist on server side, or IP address has changed, or session has expired, logout. | ||
138 | if (empty($_SESSION['uid']) || | ||
139 | ($GLOBALS['disablesessionprotection']==false && $_SESSION['ip']!=allIPs()) || | ||
140 | time() >= $_SESSION['expires_on']) | ||
141 | { | ||
142 | logout(); | ||
143 | $userIsLoggedIn = false; | ||
144 | $loginFailure = true; | ||
145 | } | ||
146 | if (!empty($_SESSION['longlastingsession'])) { | ||
147 | $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // In case of "Stay signed in" checked. | ||
148 | } | ||
149 | else { | ||
150 | $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Standard session expiration date. | ||
151 | } | ||
152 | if (!$loginFailure) { | ||
153 | $userIsLoggedIn = true; | ||
154 | } | ||
155 | |||
156 | return $userIsLoggedIn; | ||
157 | } | ||
158 | //================================================================================================== | ||
159 | $userIsLoggedIn = setup_login_state(); | ||
160 | //================================================================================================== | ||
161 | //================================================================================================== | ||
162 | |||
116 | // Check PHP version | 163 | // Check PHP version |
117 | function checkphpversion() | 164 | function checkphpversion() |
118 | { | 165 | { |
@@ -316,30 +363,19 @@ function check_auth($login,$password) | |||
316 | // Returns true if the user is logged in. | 363 | // Returns true if the user is logged in. |
317 | function isLoggedIn() | 364 | function isLoggedIn() |
318 | { | 365 | { |
319 | if ($GLOBALS['config']['OPEN_SHAARLI']) return true; | 366 | global $userIsLoggedIn; |
320 | 367 | return $userIsLoggedIn; | |
321 | if (!isset($GLOBALS['login'])) return false; // Shaarli is not configured yet. | ||
322 | |||
323 | if (@$_COOKIE['shaarli_staySignedIn']===STAY_SIGNED_IN_TOKEN) | ||
324 | { | ||
325 | fillSessionInfo(); | ||
326 | return true; | ||
327 | } | ||
328 | // If session does not exist on server side, or IP address has changed, or session has expired, logout. | ||
329 | if (empty($_SESSION['uid']) || ($GLOBALS['disablesessionprotection']==false && $_SESSION['ip']!=allIPs()) || time()>=$_SESSION['expires_on']) | ||
330 | { | ||
331 | logout(); | ||
332 | return false; | ||
333 | } | ||
334 | if (!empty($_SESSION['longlastingsession'])) $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // In case of "Stay signed in" checked. | ||
335 | else $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Standard session expiration date. | ||
336 | |||
337 | return true; | ||
338 | } | 368 | } |
339 | 369 | ||
340 | // Force logout. | 370 | // Force logout. |
341 | function logout() { if (isset($_SESSION)) { unset($_SESSION['uid']); unset($_SESSION['ip']); unset($_SESSION['username']); unset($_SESSION['privateonly']); } | 371 | function logout() { |
342 | setcookie('shaarli_staySignedIn', FALSE, 0, WEB_PATH); | 372 | if (isset($_SESSION)) { |
373 | unset($_SESSION['uid']); | ||
374 | unset($_SESSION['ip']); | ||
375 | unset($_SESSION['username']); | ||
376 | unset($_SESSION['privateonly']); | ||
377 | } | ||
378 | setcookie('shaarli_staySignedIn', FALSE, 0, WEB_PATH); | ||
343 | } | 379 | } |
344 | 380 | ||
345 | 381 | ||
@@ -2074,7 +2110,6 @@ function thumbnail($url,$href=false) | |||
2074 | return $html; | 2110 | return $html; |
2075 | } | 2111 | } |
2076 | 2112 | ||
2077 | |||
2078 | // Returns the HTML code to display a thumbnail for a link | 2113 | // Returns the HTML code to display a thumbnail for a link |
2079 | // for the picture wall (using lazy image loading) | 2114 | // for the picture wall (using lazy image loading) |
2080 | // Understands various services (youtube.com...) | 2115 | // Understands various services (youtube.com...) |