41 files changed, 2623 insertions, 1521 deletions
diff --git a/.eslintrc.js b/.dev/.eslintrc.js
index 151b785b..151b785b 100644
--- a/.eslintrc.js
+++ b/.dev/.eslintrc.js
diff --git a/.dev/.sasslintrc b/.dev/.sasslintrc
new file mode 100644
index 00000000..ac406d7b
--- /dev/null
+++ b/.dev/.sasslintrc
@@ -0,0 +1,15 @@
+options:
+  max-warnings: 0
+rules:
+  property-sort-order:
+    - 1
+    -
+      order: 'concentric'
+  no-important:
+    - 0
+  no-vendor-prefixes:
+    - 0 # this will be fixed with v2: see https://github.com/sasstools/sass-lint/pull/1137
+  nesting-depth:
+    - 1
+    -
+      max-depth: 4
diff --git a/.editorconfig b/.editorconfig
index f0d83ee3..34bd7994 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -10,7 +10,7 @@ trim_trailing_whitespace = true
 indent_style = space
 indent_size = 4
-[*.{htaccess,html,js,json,xml,yml}]
+[*.{htaccess,html,scss,js,json,xml,yml}]
 indent_size = 2
 [*.php]
diff --git a/.gitattributes b/.gitattributes
index 549777ef..6b6ffbd5 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -26,6 +26,7 @@ Dockerfile      text
 # Exclude from Git archives
 .editorconfig     export-ignore
+.dev              export-ignore
 .gitattributes    export-ignore
 .github           export-ignore
 .gitignore        export-ignore
diff --git a/.travis.yml b/.travis.yml
index 14b91cf2..eee1ca74 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -27,6 +27,7 @@ matrix:
      script:
        - yarn run build # Just to be sure that the build isn't broken
        - make eslint
+        - make sasslint
 cache:
  directories:
diff --git a/Makefile b/Makefile
index d1216569..4adbdd68 100644
--- a/Makefile
+++ b/Makefile
@@ -218,5 +218,9 @@ translate:
 ### Run ESLint check against Shaarli's JS files
 eslint:
-        @yarn run eslint assets/vintage/js/
+        @yarn run eslint -c .dev/.eslintrc.js assets/vintage/js/
-        @yarn run eslint assets/default/js/
+        @yarn run eslint -c .dev/.eslintrc.js assets/default/js/
+### Run CSSLint check against Shaarli's SCSS files
+sasslint:
+        @yarn run sass-lint -c .dev/.sasslintrc 'assets/default/scss/*.scss' -v -q
diff --git a/application/HttpUtils.php b/application/HttpUtils.php
index 83a4c5e2..e9282506 100644
--- a/application/HttpUtils.php
+++ b/application/HttpUtils.php
@@ -1,7 +1,7 @@
 <?php
 /**
 * GET an HTTP URL to retrieve its content
- * Uses the cURL library or a fallback method 
+ * Uses the cURL library or a fallback method
 *
 * @param string          $url               URL to get (http://...)
 * @param int             $timeout           network timeout (in seconds)
@@ -415,6 +415,37 @@ function getIpAddressFromProxy($server, $trustedIps)
    return array_pop($ips);
 }
+/**
+ * Return an identifier based on the advertised client IP address(es)
+ *
+ * This aims at preventing session hijacking from users behind the same proxy
+ * by relying on HTTP headers.
+ *
+ * See:
+ * - https://secure.php.net/manual/en/reserved.variables.server.php
+ * - https://stackoverflow.com/questions/3003145/how-to-get-the-client-ip-address-in-php
+ * - https://stackoverflow.com/questions/12233406/preventing-session-hijacking
+ * - https://stackoverflow.com/questions/21354859/trusting-x-forwarded-for-to-identify-a-visitor
+ *
+ * @param array $server The $_SERVER array
+ *
+ * @return string An identifier based on client IP address information
+ */
+function client_ip_id($server)
+{
+    $ip = $server['REMOTE_ADDR'];
+    if (isset($server['HTTP_X_FORWARDED_FOR'])) {
+        $ip = $ip . '_' . $server['HTTP_X_FORWARDED_FOR'];
+    }
+    if (isset($server['HTTP_CLIENT_IP'])) {
+        $ip = $ip . '_' . $server['HTTP_CLIENT_IP'];
+    }
+    return $ip;
+}
 /**
 * Returns true if Shaarli's currently browsed in HTTPS.
 * Supports reverse proxies (if the headers are correctly set).
diff --git a/application/LoginManager.php b/application/LoginManager.php
deleted file mode 100644
index 397bc6e3..00000000
--- a/application/LoginManager.php
+++ /dev/null
@@ -1,134 +0,0 @@
-<?php
-namespace Shaarli;
-/**
- * User login management
- */
-class LoginManager
-{
-    protected $globals = [];
-    protected $configManager = null;
-    protected $banFile = '';
-    /**
-     * Constructor
-     *
-     * @param array         $globals       The $GLOBALS array (reference)
-     * @param ConfigManager $configManager Configuration Manager instance.
-     */
-    public function __construct(& $globals, $configManager)
-    {
-        $this->globals = &$globals;
-        $this->configManager = $configManager;
-        $this->banFile = $this->configManager->get('resource.ban_file', 'data/ipbans.php');
-        $this->readBanFile();
-    }
-    /**
-     * Read a file containing banned IPs
-     */
-    protected function readBanFile()
-    {
-        if (! file_exists($this->banFile)) {
-            return;
-        }
-        include $this->banFile;
-    }
-    /**
-     * Write the banned IPs to a file
-     */
-    protected function writeBanFile()
-    {
-        if (! array_key_exists('IPBANS', $this->globals)) {
-            return;
-        }
-        file_put_contents(
-            $this->banFile,
-            "<?php\n\$GLOBALS['IPBANS']=" . var_export($this->globals['IPBANS'], true) . ";\n?>"
-        );
-    }
-    /**
-     * Handle a failed login and ban the IP after too many failed attempts
-     *
-     * @param array $server The $_SERVER array
-     */
-    public function handleFailedLogin($server)
-    {
-        $ip = $server['REMOTE_ADDR'];
-        $trusted = $this->configManager->get('security.trusted_proxies', []);
-        if (in_array($ip, $trusted)) {
-            $ip = getIpAddressFromProxy($server, $trusted);
-            if (! $ip) {
-                // the IP is behind a trusted forward proxy, but is not forwarded
-                // in the HTTP headers, so we do nothing
-                return;
-            }
-        }
-        // increment the fail count for this IP
-        if (isset($this->globals['IPBANS']['FAILURES'][$ip])) {
-            $this->globals['IPBANS']['FAILURES'][$ip]++;
-        } else {
-            $this->globals['IPBANS']['FAILURES'][$ip] = 1;
-        }
-        if ($this->globals['IPBANS']['FAILURES'][$ip] >= $this->configManager->get('security.ban_after')) {
-            $this->globals['IPBANS']['BANS'][$ip] = time() + $this->configManager->get('security.ban_duration', 1800);
-            logm(
-                $this->configManager->get('resource.log'),
-                $server['REMOTE_ADDR'],
-                'IP address banned from login'
-            );
-        }
-        $this->writeBanFile();
-    }
-    /**
-     * Handle a successful login
-     *
-     * @param array $server The $_SERVER array
-     */
-    public function handleSuccessfulLogin($server)
-    {
-        $ip = $server['REMOTE_ADDR'];
-        // FIXME unban when behind a trusted proxy?
-        unset($this->globals['IPBANS']['FAILURES'][$ip]);
-        unset($this->globals['IPBANS']['BANS'][$ip]);
-        $this->writeBanFile();
-    }
-    /**
-     * Check if the user can login from this IP
-     *
-     * @param array $server The $_SERVER array
-     *
-     * @return bool true if the user is allowed to login
-     */
-    public function canLogin($server)
-    {
-        $ip = $server['REMOTE_ADDR'];
-        if (! isset($this->globals['IPBANS']['BANS'][$ip])) {
-            // the user is not banned
-            return true;
-        }
-        if ($this->globals['IPBANS']['BANS'][$ip] > time()) {
-            // the user is still banned
-            return false;
-        }
-        // the ban has expired, the user can attempt to log in again
-        logm($this->configManager->get('resource.log'), $server['REMOTE_ADDR'], 'Ban lifted.');
-        unset($this->globals['IPBANS']['FAILURES'][$ip]);
-        unset($this->globals['IPBANS']['BANS'][$ip]);
-        $this->writeBanFile();
-        return true;
-    }
-}
diff --git a/application/PageBuilder.php b/application/PageBuilder.php
index 3233d6b6..a4483870 100644
--- a/application/PageBuilder.php
+++ b/application/PageBuilder.php
@@ -25,6 +25,9 @@ class PageBuilder
     * @var LinkDB $linkDB instance.
     */
    protected $linkDB;
+    
+    /** @var bool $isLoggedIn Whether the user is logged in **/
+    protected $isLoggedIn = false;
    /**
     * PageBuilder constructor.
@@ -34,12 +37,13 @@ class PageBuilder
     * @param LinkDB        $linkDB instance.
     * @param string        $token  Session token
     */
-    public function __construct(&$conf, $linkDB = null, $token = null)
+    public function __construct(&$conf, $linkDB = null, $token = null, $isLoggedIn = false)
    {
        $this->tpl = false;
        $this->conf = $conf;
        $this->linkDB = $linkDB;
        $this->token = $token;
+        $this->isLoggedIn = $isLoggedIn;
    }
    /**
@@ -55,7 +59,7 @@ class PageBuilder
                $this->conf->get('resource.update_check'),
                $this->conf->get('updates.check_updates_interval'),
                $this->conf->get('updates.check_updates'),
-                isLoggedIn(),
+                $this->isLoggedIn,
                $this->conf->get('updates.check_updates_branch')
            );
            $this->tpl->assign('newVersion', escape($version));
@@ -67,6 +71,7 @@ class PageBuilder
            $this->tpl->assign('versionError', escape($exc->getMessage()));
        }
+        $this->tpl->assign('is_logged_in', $this->isLoggedIn);
        $this->tpl->assign('feedurl', escape(index_url($_SERVER)));
        $searchcrits = ''; // Search criteria
        if (!empty($_GET['searchtags'])) {
diff --git a/application/SessionManager.php b/application/SessionManager.php
deleted file mode 100644
index 71f0b38d..00000000
--- a/application/SessionManager.php
+++ /dev/null
@@ -1,83 +0,0 @@
-<?php
-namespace Shaarli;
-/**
- * Manages the server-side session
- */
-class SessionManager
-{
-    protected $session = [];
-    /**
-     * Constructor
-     *
-     * @param array         $session The $_SESSION array (reference)
-     * @param ConfigManager $conf    ConfigManager instance
-     */
-    public function __construct(& $session, $conf)
-    {
-        $this->session = &$session;
-        $this->conf = $conf;
-    }
-    /**
-     * Generates a session token
-     *
-     * @return string token
-     */
-    public function generateToken()
-    {
-        $token = sha1(uniqid('', true) .'_'. mt_rand() . $this->conf->get('credentials.salt'));
-        $this->session['tokens'][$token] = 1;
-        return $token;
-    }
-    /**
-     * Checks the validity of a session token, and destroys it afterwards
-     *
-     * @param string $token The token to check
-     *
-     * @return bool true if the token is valid, else false
-     */
-    public function checkToken($token)
-    {
-        if (! isset($this->session['tokens'][$token])) {
-            // the token is wrong, or has already been used
-            return false;
-        }
-        // destroy the token to prevent future use
-        unset($this->session['tokens'][$token]);
-        return true;
-    }
-    /**
-     * Validate session ID to prevent Full Path Disclosure.
-     *
-     * See #298.
-     * The session ID's format depends on the hash algorithm set in PHP settings
-     *
-     * @param string $sessionId Session ID
-     *
-     * @return true if valid, false otherwise.
-     *
-     * @see http://php.net/manual/en/function.hash-algos.php
-     * @see http://php.net/manual/en/session.configuration.php
-     */
-    public static function checkId($sessionId)
-    {
-        if (empty($sessionId)) {
-            return false;
-        }
-        if (!$sessionId) {
-            return false;
-        }
-        if (!preg_match('/^[a-zA-Z0-9,-]{2,128}$/', $sessionId)) {
-            return false;
-        }
-        return true;
-    }
-}
diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php
new file mode 100644
index 00000000..d6784d6d
--- /dev/null
+++ b/application/security/LoginManager.php
@@ -0,0 +1,265 @@
+<?php
+namespace Shaarli\Security;
+use Shaarli\Config\ConfigManager;
+/**
+ * User login management
+ */
+class LoginManager
+{
+    /** @var string Name of the cookie set after logging in **/
+    public static $STAY_SIGNED_IN_COOKIE = 'shaarli_staySignedIn';
+    /** @var array A reference to the $_GLOBALS array */
+    protected $globals = [];
+    /** @var ConfigManager Configuration Manager instance **/
+    protected $configManager = null;
+    /** @var SessionManager Session Manager instance **/
+    protected $sessionManager = null;
+    /** @var string Path to the file containing IP bans */
+    protected $banFile = '';
+    /** @var bool Whether the user is logged in **/
+    protected $isLoggedIn = false;
+    /** @var bool Whether the Shaarli instance is open to public edition **/
+    protected $openShaarli = false;
+    /** @var string User sign-in token depending on remote IP and credentials */
+    protected $staySignedInToken = '';
+    /**
+     * Constructor
+     *
+     * @param array          $globals        The $GLOBALS array (reference)
+     * @param ConfigManager  $configManager  Configuration Manager instance
+     * @param SessionManager $sessionManager SessionManager instance
+     */
+    public function __construct(& $globals, $configManager, $sessionManager)
+    {
+        $this->globals = &$globals;
+        $this->configManager = $configManager;
+        $this->sessionManager = $sessionManager;
+        $this->banFile = $this->configManager->get('resource.ban_file', 'data/ipbans.php');
+        $this->readBanFile();
+        if ($this->configManager->get('security.open_shaarli') === true) {
+            $this->openShaarli = true;
+        }
+    }
+    /**
+     * Generate a token depending on deployment salt, user password and client IP
+     *
+     * @param string $clientIpAddress The remote client IP address
+     */
+    public function generateStaySignedInToken($clientIpAddress)
+    {
+        $this->staySignedInToken = sha1(
+            $this->configManager->get('credentials.hash')
+            . $clientIpAddress
+            . $this->configManager->get('credentials.salt')
+        );
+    }
+    /**
+     * Return the user's client stay-signed-in token
+     *
+     * @return string User's client stay-signed-in token
+     */
+    public function getStaySignedInToken()
+    {
+        return $this->staySignedInToken;
+    }
+    /**
+     * Check user session state and validity (expiration)
+     *
+     * @param array  $cookie     The $_COOKIE array
+     * @param string $clientIpId Client IP address identifier
+     */
+    public function checkLoginState($cookie, $clientIpId)
+    {
+        if (! $this->configManager->exists('credentials.login')) {
+            // Shaarli is not configured yet
+            $this->isLoggedIn = false;
+            return;
+        }
+        if (isset($cookie[self::$STAY_SIGNED_IN_COOKIE])
+            && $cookie[self::$STAY_SIGNED_IN_COOKIE] === $this->staySignedInToken
+        ) {
+            // The user client has a valid stay-signed-in cookie
+            // Session information is updated with the current client information
+            $this->sessionManager->storeLoginInfo($clientIpId);
+        } elseif ($this->sessionManager->hasSessionExpired()
+            || $this->sessionManager->hasClientIpChanged($clientIpId)
+        ) {
+            $this->sessionManager->logout();
+            $this->isLoggedIn = false;
+            return;
+        }
+        $this->isLoggedIn = true;
+        $this->sessionManager->extendSession();
+    }
+    /**
+     * Return whether the user is currently logged in
+     *
+     * @return true when the user is logged in, false otherwise
+     */
+    public function isLoggedIn()
+    {
+        if ($this->openShaarli) {
+            return true;
+        }
+        return $this->isLoggedIn;
+    }
+    /**
+     * Check user credentials are valid
+     *
+     * @param string $remoteIp   Remote client IP address
+     * @param string $clientIpId Client IP address identifier
+     * @param string $login      Username
+     * @param string $password   Password
+     *
+     * @return bool true if the provided credentials are valid, false otherwise
+     */
+    public function checkCredentials($remoteIp, $clientIpId, $login, $password)
+    {
+        $hash = sha1($password . $login . $this->configManager->get('credentials.salt'));
+        if ($login != $this->configManager->get('credentials.login')
+            || $hash != $this->configManager->get('credentials.hash')
+        ) {
+            logm(
+                $this->configManager->get('resource.log'),
+                $remoteIp,
+                'Login failed for user ' . $login
+            );
+            return false;
+        }
+        $this->sessionManager->storeLoginInfo($clientIpId);
+        logm(
+            $this->configManager->get('resource.log'),
+            $remoteIp,
+            'Login successful'
+        );
+        return true;
+    }
+    /**
+     * Read a file containing banned IPs
+     */
+    protected function readBanFile()
+    {
+        if (! file_exists($this->banFile)) {
+            return;
+        }
+        include $this->banFile;
+    }
+    /**
+     * Write the banned IPs to a file
+     */
+    protected function writeBanFile()
+    {
+        if (! array_key_exists('IPBANS', $this->globals)) {
+            return;
+        }
+        file_put_contents(
+            $this->banFile,
+            "<?php\n\$GLOBALS['IPBANS']=" . var_export($this->globals['IPBANS'], true) . ";\n?>"
+        );
+    }
+    /**
+     * Handle a failed login and ban the IP after too many failed attempts
+     *
+     * @param array $server The $_SERVER array
+     */
+    public function handleFailedLogin($server)
+    {
+        $ip = $server['REMOTE_ADDR'];
+        $trusted = $this->configManager->get('security.trusted_proxies', []);
+        if (in_array($ip, $trusted)) {
+            $ip = getIpAddressFromProxy($server, $trusted);
+            if (! $ip) {
+                // the IP is behind a trusted forward proxy, but is not forwarded
+                // in the HTTP headers, so we do nothing
+                return;
+            }
+        }
+        // increment the fail count for this IP
+        if (isset($this->globals['IPBANS']['FAILURES'][$ip])) {
+            $this->globals['IPBANS']['FAILURES'][$ip]++;
+        } else {
+            $this->globals['IPBANS']['FAILURES'][$ip] = 1;
+        }
+        if ($this->globals['IPBANS']['FAILURES'][$ip] >= $this->configManager->get('security.ban_after')) {
+            $this->globals['IPBANS']['BANS'][$ip] = time() + $this->configManager->get('security.ban_duration', 1800);
+            logm(
+                $this->configManager->get('resource.log'),
+                $server['REMOTE_ADDR'],
+                'IP address banned from login'
+            );
+        }
+        $this->writeBanFile();
+    }
+    /**
+     * Handle a successful login
+     *
+     * @param array $server The $_SERVER array
+     */
+    public function handleSuccessfulLogin($server)
+    {
+        $ip = $server['REMOTE_ADDR'];
+        // FIXME unban when behind a trusted proxy?
+        unset($this->globals['IPBANS']['FAILURES'][$ip]);
+        unset($this->globals['IPBANS']['BANS'][$ip]);
+        $this->writeBanFile();
+    }
+    /**
+     * Check if the user can login from this IP
+     *
+     * @param array $server The $_SERVER array
+     *
+     * @return bool true if the user is allowed to login
+     */
+    public function canLogin($server)
+    {
+        $ip = $server['REMOTE_ADDR'];
+        if (! isset($this->globals['IPBANS']['BANS'][$ip])) {
+            // the user is not banned
+            return true;
+        }
+        if ($this->globals['IPBANS']['BANS'][$ip] > time()) {
+            // the user is still banned
+            return false;
+        }
+        // the ban has expired, the user can attempt to log in again
+        logm($this->configManager->get('resource.log'), $server['REMOTE_ADDR'], 'Ban lifted.');
+        unset($this->globals['IPBANS']['FAILURES'][$ip]);
+        unset($this->globals['IPBANS']['BANS'][$ip]);
+        $this->writeBanFile();
+        return true;
+    }
+}
diff --git a/application/security/SessionManager.php b/application/security/SessionManager.php
new file mode 100644
index 00000000..b8b8ab8d
--- /dev/null
+++ b/application/security/SessionManager.php
@@ -0,0 +1,199 @@
+<?php
+namespace Shaarli\Security;
+use Shaarli\Config\ConfigManager;
+/**
+ * Manages the server-side session
+ */
+class SessionManager
+{
+    /** @var int Session expiration timeout, in seconds */
+    public static $SHORT_TIMEOUT = 3600;    // 1 hour
+    /** @var int Session expiration timeout, in seconds */
+    public static $LONG_TIMEOUT = 31536000; // 1 year
+    /** @var array Local reference to the global $_SESSION array */
+    protected $session = [];
+    /** @var ConfigManager Configuration Manager instance **/
+    protected $conf = null;
+    /** @var bool Whether the user should stay signed in (LONG_TIMEOUT) */
+    protected $staySignedIn = false;
+    /**
+     * Constructor
+     *
+     * @param array         $session The $_SESSION array (reference)
+     * @param ConfigManager $conf    ConfigManager instance
+     */
+    public function __construct(& $session, $conf)
+    {
+        $this->session = &$session;
+        $this->conf = $conf;
+    }
+    /**
+     * Define whether the user should stay signed in across browser sessions
+     *
+     * @param bool $staySignedIn Keep the user signed in
+     */
+    public function setStaySignedIn($staySignedIn)
+    {
+        $this->staySignedIn = $staySignedIn;
+    }
+    /**
+     * Generates a session token
+     *
+     * @return string token
+     */
+    public function generateToken()
+    {
+        $token = sha1(uniqid('', true) .'_'. mt_rand() . $this->conf->get('credentials.salt'));
+        $this->session['tokens'][$token] = 1;
+        return $token;
+    }
+    /**
+     * Checks the validity of a session token, and destroys it afterwards
+     *
+     * @param string $token The token to check
+     *
+     * @return bool true if the token is valid, else false
+     */
+    public function checkToken($token)
+    {
+        if (! isset($this->session['tokens'][$token])) {
+            // the token is wrong, or has already been used
+            return false;
+        }
+        // destroy the token to prevent future use
+        unset($this->session['tokens'][$token]);
+        return true;
+    }
+    /**
+     * Validate session ID to prevent Full Path Disclosure.
+     *
+     * See #298.
+     * The session ID's format depends on the hash algorithm set in PHP settings
+     *
+     * @param string $sessionId Session ID
+     *
+     * @return true if valid, false otherwise.
+     *
+     * @see http://php.net/manual/en/function.hash-algos.php
+     * @see http://php.net/manual/en/session.configuration.php
+     */
+    public static function checkId($sessionId)
+    {
+        if (empty($sessionId)) {
+            return false;
+        }
+        if (!$sessionId) {
+            return false;
+        }
+        if (!preg_match('/^[a-zA-Z0-9,-]{2,128}$/', $sessionId)) {
+            return false;
+        }
+        return true;
+    }
+    /**
+     * Store user login information after a successful login
+     *
+     * @param string $clientIpId Client IP address identifier
+     */
+    public function storeLoginInfo($clientIpId)
+    {
+        $this->session['ip'] = $clientIpId;
+        $this->session['username'] = $this->conf->get('credentials.login');
+        $this->extendTimeValidityBy(self::$SHORT_TIMEOUT);
+    }
+    /**
+     * Extend session validity
+     */
+    public function extendSession()
+    {
+        if ($this->staySignedIn) {
+            return $this->extendTimeValidityBy(self::$LONG_TIMEOUT);
+        }
+        return $this->extendTimeValidityBy(self::$SHORT_TIMEOUT);
+    }
+    /**
+     * Extend expiration time
+     *
+     * @param int $duration Expiration time extension (seconds)
+     *
+     * @return int New session expiration time
+     */
+    protected function extendTimeValidityBy($duration)
+    {
+        $expirationTime = time() + $duration;
+        $this->session['expires_on'] = $expirationTime;
+        return $expirationTime;
+    }
+    /**
+     * Logout a user by unsetting all login information
+     *
+     * See:
+     * - https://secure.php.net/manual/en/function.setcookie.php
+     */
+    public function logout()
+    {
+        if (isset($this->session)) {
+            unset($this->session['ip']);
+            unset($this->session['expires_on']);
+            unset($this->session['username']);
+            unset($this->session['visibility']);
+            unset($this->session['untaggedonly']);
+        }
+    }
+    /**
+     * Check whether the session has expired
+     *
+     * @param string $clientIpId Client IP address identifier
+     *
+     * @return bool true if the session has expired, false otherwise
+     */
+    public function hasSessionExpired()
+    {
+        if (empty($this->session['expires_on'])) {
+            return true;
+        }
+        if (time() >= $this->session['expires_on']) {
+            return true;
+        }
+        return false;
+    }
+    /**
+     * Check whether the client IP address has changed
+     *
+     * @param string $clientIpId Client IP address identifier
+     *
+     * @return bool true if the IP has changed, false if it has not, or
+     *              if session protection has been disabled
+     */
+    public function hasClientIpChanged($clientIpId)
+    {
+        if ($this->conf->get('security.session_protection_disabled') === true) {
+            return false;
+        }
+        if (isset($this->session['ip']) && $this->session['ip'] === $clientIpId) {
+            return false;
+        }
+        return true;
+    }
+}
diff --git a/assets/default/scss/shaarli.scss b/assets/default/scss/shaarli.scss
index 25440de1..09d5efbe 100644
--- a/assets/default/scss/shaarli.scss
+++ b/assets/default/scss/shaarli.scss
@@ -1,1357 +1,1545 @@
-$fa-font-path: "~font-awesome/fonts";
+$fa-font-path: '~font-awesome/fonts';
-@import "~font-awesome/scss/font-awesome.scss";
+@import '~font-awesome/scss/font-awesome';
 @import '~purecss/build/pure.css';
 @import '~purecss/build/grids-responsive.css';
 @import '~pure-extras/css/pure-extras.css';
 @import '~awesomplete/awesomplete.css';
-/**
+$white: #fff;
- * General
+$black: #000;
- */
+$almost-white: #f5f5f5;
+$dark-grey: #252525;
+$light-grey: #797979;
+$main-green: #1b926c;
+$light-green: #b0ddce;
+$dark-green: #2a4c41;
+$red: #ac2925;
+$orange: #f89406;
+$blue: #0b5ea6;
+$background-color: #d0d0d0;
+$background-linklist-info: #ddd;
+$light-shadow: rgba(255, 255, 255, .078);
+$dark-shadow: rgba(0, 0, 0, .298);
+$warning-text: #97600d;
+$form-input-border: #d8d8d8;
+$form-input-background: #eee;
+// General
 body {
-    background: #d0d0d0;
+  background: $background-color;
 }
 .strong {
-    font-weight: bold;
+  font-weight: bold;
 }
 .clear {
-    clear: both;
+  clear: both;
 }
 .center {
-    text-align: center;
+  margin: auto;
-    margin: auto;
+  text-align: center;
 }
 .label {
-    display: inline-block;
+  display: inline-block;
-    padding: .25em .4em;
+  border-radius: .25rem;
-    font-size: 75%;
+  padding: .25em .4em;
-    font-weight: 700;
+  vertical-align: baseline;
-    line-height: 1;
+  text-align: center;
-    text-align: center;
+  line-height: 1;
-    white-space: nowrap;
+  white-space: nowrap;
-    vertical-align: baseline;
+  font-size: 75%;
-    border-radius: .25rem;
+  font-weight: 700;
 }
 pre {
-    max-width: 100%;
+  max-width: 100%;
 }
 @font-face {
-    font-family: 'Roboto';
+  font-family: 'Roboto';
-    font-weight: 400;
+  font-weight: 400;
-    font-style: normal;
+  font-style: normal;
-    src:
+  src: local('Roboto'),
-            local('Roboto'),
+  local('Roboto-Regular'),
-            local('Roboto-Regular'),
+  url('../fonts/Roboto-Regular.woff2') format('woff2'),
-            url('../fonts/Roboto-Regular.woff2') format('woff2'),
+  url('../fonts/Roboto-Regular.woff') format('woff');
-            url('../fonts/Roboto-Regular.woff') format('woff');
 }
 @font-face {
-    font-family: 'Roboto';
+  font-family: 'Roboto';
-    font-weight: 700;
+  font-weight: 700;
-    font-style: normal;
+  font-style: normal;
-    src:
+  src: local('Roboto'),
-            local('Roboto'),
+  local('Roboto-Bold'),
-            local('Roboto-Bold'),
+  url('../fonts/Roboto-Bold.woff2') format('woff2'),
-            url('../fonts/Roboto-Bold.woff2') format('woff2'),
+  url('../fonts/Roboto-Bold.woff') format('woff');
-            url('../fonts/Roboto-Bold.woff') format('woff');
+}
-}
+body,
-body, .pure-g [class*="pure-u"] {
+.pure-g [class*='pure-u'] {
-    font-family: Roboto, Arial, sans-serif;
+  font-family: Roboto, Arial, sans-serif;
-}
+}
-/**
+// Extends Pure grids responsive to hide items.
- * Extends Pure grids responsive to hide items.
+// Use xx-0 to hide an item on xx screen.
- * Use xx-0 to hide an item on xx screen.
+// Display it at any level with xx-visible.
- * Display it at any level with xx-visible.
+.pure-u-0 {
- */
+  display: none !important;
-.pure-u-0 { display: none !important; }
+}
 @media screen and (min-width: 35.5em) {
-    .pure-u-sm-0 { display: none !important; }
+  .pure-u-sm-0 {
-    .pure-u-sm-visible { display: inline-block !important; }
+    display: none !important;
+  }
+  .pure-u-sm-visible {
+    display: inline-block !important;
+  }
 }
 @media screen and (min-width: 48em) {
-    .pure-u-md-0 { display: none !important; }
+  .pure-u-md-0 {
-    .pure-u-md-visible { display: inline-block !important; }
+    display: none !important;
+  }
+  .pure-u-md-visible {
+    display: inline-block !important;
+  }
 }
 @media screen and (min-width: 64em) {
-    .pure-u-lg-0 { display: none !important; }
+  .pure-u-lg-0 {
-    .pure-u-lg-visible { display: inline-block !important; }
+    display: none !important;
+  }
+  .pure-u-lg-visible {
+    display: inline-block !important;
+  }
 }
 @media screen and (min-width: 80em) {
-    .pure-u-xl-0 { display: none !important; }
+  .pure-u-xl-0 {
-    .pure-u-xl-visible { display: inline-block !important; }
+    display: none !important;
+  }
+  .pure-u-xl-visible {
+    display: inline-block !important;
+  }
 }
-/**
+// Make pure-extras alert closable.
- * Make pure-extras alert closable.
+.pure-alert-closable {
- */
+  .fa-times {
-.pure-alert-closable .fa-times {
    float: right;
+  }
 }
 .pure-alert-close {
-    cursor: pointer;
+  cursor: pointer;
 }
 .pure-alert-success {
-    background-color: #1b926c;
+  background-color: $main-green;
 }
-.anchor:target {
+.anchor {
+  &:target {
    padding-top: 40px;
+  }
 }
-/**
- * MENU
+// MENU
- **/
 .shaarli-menu {
-    position: fixed;
+  position: fixed;
-    top: 0;
+  top: 0;
-    width: 100%;
+  transition: max-height .5s;
-    --height: 50px;
+  z-index: 999;
-    background: #1b926c;
+  background: $main-green;
-    -webkit-font-smoothing: antialiased;
+  width: 100%;
-    /* Hack to transition with auto height: http://stackoverflow.com/a/8331169/1484919 */
+  // Hack to transition with auto height: http://stackoverflow.com/a/8331169/1484919
-    max-height: 45px;
+  max-height: 45px;
-    transition: max-height 0.5s;
+  overflow: hidden;
-    overflow: hidden;
+  -webkit-font-smoothing: antialiased;
-    z-index: 999;
+  &.open {
+    transition: max-height .75s;
+    max-height: 500px;
+  }
 }
-/* Chrome bugfix: with 100% height, it only displays the first element. */
 .pure-menu-item {
-    height: 45px;
+  // Chrome bugfix: with 100% height, it only displays the first element.
-}
+  height: 45px;
-.shaarli-menu.open {
+  &:hover {
-    max-height: 500px;
+    &::after {
-    transition: max-height 0.75s;
+      display: block;
+      margin: -4px auto 0;
+      background: $white;
+      width: 100%;
+      height: 4px;
+      content: '';
+    }
+  }
 }
 .head-logo {
-    float: left;
+  float: left;
-    margin: 0 5px 0 0;
+  margin: 0 5px 0 0;
 }
-.pure-menu-link,
+%menu-link {
-.pure-menu-link:visited,
+  padding: .8em 1em;
-.pure-menu-selected .pure-menu-link,
+  color: $almost-white;
-.pure-menu-selected .pure-menu-link:visited {
-    padding: 0.8em 1em;
-    color: #f5f5f5;
 }
-.pure-menu-link:hover, .pure-menu-link:focus,
+%menu-link-hover {
-.pure-menu-selected .pure-menu-link:hover,
+  background: transparent;
-.pure-menu-selected .pure-menu-link:focus {
+  color: $white;
-    color: #fff;
-    background: transparent;
 }
-.pure-menu-item:hover::after {
+.pure-menu-link {
-    margin: -4px auto 0 auto;
+  @extend %menu-link;
-    display: block;
-    content:"";
+  &:visited {
-    background: #fff;
+    @extend %menu-link;
-    height: 4px;
+  }
-    width: 100%;
+  &:hover,
+  &:focus {
+    @extend %menu-link-hover;
+  }
 }
-.menu-toggle {
+.pure-menu-selected {
-    width: 34px;
+  .pure-menu-link {
-    height: 45px;
+    @extend %menu-link;
-    position: absolute;
-    top: 5px;
+    &:visited {
-    right: 0;
+      @extend %menu-link;
-    display: none;
+    }
+    &:hover,
+    &:focus {
+      @extend %menu-link-hover;
+    }
+  }
 }
-.menu-toggle .bar {
+.menu-toggle {
-    background-color: #b0ddce;
+  display: none;
+  position: absolute;
+  top: 5px;
+  right: 0;
+  width: 34px;
+  height: 45px;
+  .bar {
    display: block;
-    width: 20px;
-    height: 2px;
-    border-radius: 100px;
    position: absolute;
    top: 18px;
    right: 7px;
-    transition: all 0.5s;
+    border-radius: 100px;
-}
+    background-color: $light-green;
+    width: 20px;
+    height: 2px;
+    transition-duration: .5s;
-.menu-toggle .bar:first-child {
+    &:first-child {
-    transform: translateY(-6px);
+      transform: translateY(-6px);
-}
+    }
+  }
-.menu-toggle.x .bar {
+  &.x {
-    transform: rotate(45deg);
+    .bar {
-}
+      transform: rotate(45deg);
-.menu-toggle.x .bar:first-child {
+      &:first-child {
-    transform: rotate(-45deg);
+        transform: rotate(-45deg);
+      }
+    }
+  }
 }
 @media screen and (max-width: 64em) {
-    .menu-toggle {
+  .menu-toggle {
-        display: block;
+    display: block;
-    }
+  }
 }
 .header-buttons {
-    text-align: right;
+  text-align: right;
 }
 .linkcount {
-    color: #252525;
+  color: $dark-grey;
-    font-size: 0.8em;
+  font-size: .8em;
 }
 @media screen and (min-width: 64em) {
-    .linkcount {
+  .linkcount {
-        position: absolute;
+    position: absolute;
-        right: 5px;
+    right: 5px;
+  }
+}
+.searchform-block {
+  width: 100%;
+  text-align: center;
+  input {
+    &[type='text'] {
+      border: medium none currentColor;
+      border-radius: 2px;
+      box-shadow: 0 1px 0 $light-shadow, 0 1px 1px $dark-shadow inset;
+      background: $almost-white;
+      padding: 0 5px;
+      width: 260px;
+      height: 30px;
+      color: $dark-grey;
+      &::-webkit-input-placeholder {
+        color: $light-grey;
+      }
    }
-}
+  }
-#search, #search-linklist, #search-tagcloud {
-    text-align: center;
-    width: 100%;
-}
-#search input[type="text"], #search-linklist input[type="text"] {
+  button {
-    padding: 0 5px;
+    border: 0;
-    height: 30px;
-    width: 260px;
-    background: #f5f5f5;
-    border: medium none currentColor;
-    box-shadow: 0 1px 0 rgba(255, 255, 255, 0.078), 0 1px 1px rgba(0, 0, 0, 0.298) inset;
    border-radius: 2px;
-    color: #252525;
+    background-color: $main-green;
-}
+    padding: 4px 8px 6px;
-@media screen and (max-width: 64em) {
+    color: $almost-white;
-    .searchform {
+  }
-        max-width: 260px;
-        margin: 0 auto;
-    }
-}
-/* because chrome */
-#search input[type="text"]::-webkit-input-placeholder,
-#search-linklist input[type="text"]::-webkit-input-placeholder {
-    color: #777777;
 }
-#search button,
+@media screen and (max-width: 64em) {
-#search-tagcloud button,
+  .searchform {
-#search-linklist button {
+    margin: 0 auto;
-    padding: 4px 8px 6px 8px;
+    max-width: 260px;
-    background-color: #1B926C;
+  }
-    color: #f5f5f5;
-    border: none;
-    border-radius: 2px;
 }
-#search-tagcloud button {
+.search-tagcloud {
+  button {
    width: 90%;
+  }
 }
 @media screen and (max-width: 64em) {
-    #search-linklist button {
+  .search-linklist {
-        width: 100%;
+    button {
+      width: 100%;
    }
-    #search-linklist .awesomplete {
-        margin: 5px 0;
-    }
-}
-#search button:hover,
+    .awesomplete {
-#search-linklist button:hover,
+      margin: 5px 0;
-#search-tagcloud button:hover {
-    color: #d0d0d0;
-}
-#search,
-#search-linklist {
-    padding: 6px 0;
-}
-@media screen and (max-width: 64em) {
-    #search, #search * {
-        visibility: hidden;
    }
+  }
 }
-.subheader-form a.button {
+.header-search,
-    color: #f5f5f5;
+.search-linklist,
-    font-weight: bold;
+.search-tagcloud {
-    text-decoration: none;
+  button {
-    border: 2px solid #f5f5f5;
+    &:hover {
-    border-radius: 5px;
+      color: $background-color;
-    padding: 3px 10px;
+    }
+  }
 }
-.linklist-item-editbuttons .delete-checkbox {
+.header-search,
-    display: none;
+.search-linklist {
+  padding: 6px 0;
 }
-#header-login-form input[type="text"], #header-login-form input[type="password"] {
+@media screen and (max-width: 64em) {
-    width: 200px;
+  .header-search ,
+  .header-search * {
+    visibility: hidden;
+  }
 }
-/* because chrome */
+%subheader-form-input {
-#header-login-form input[type="text"]::-webkit-input-placeholder,
+  border: medium none currentColor;
-#header-login-form input[type="password"]::-webkit-input-placeholder {
+  border-radius: 2px;
-    color: #777777;
+  box-shadow: 0 1px 0 $light-shadow, 0 1px 4px $dark-shadow inset;
+  background: $almost-white;
+  padding: 5px 5px 3px 15px;
+  width: 20%;
+  height: 20px;
+  color: $dark-grey;
 }
 .subheader-form {
-    visibility: hidden;
+  display: block;
-    position: fixed;
+  position: fixed;
-    width: 100%;
+  visibility: hidden;
-    text-align: center;
+  z-index: 999;
-    background: #1b926c;
+  background: $main-green;
-    display: block;
+  padding: 5px 0;
-    z-index: 999;
+  width: 100%;
-    height: 30px;
+  height: 30px;
-    padding: 5px 0;
+  text-align: center;
-}
+  input {
-@media screen and (min-width: 64em) {
+    &[type='text'],
-    .subheader-form.open, .subheader-form.open * {
+    &[type='password'] {
-        visibility: visible;
+      @extend %subheader-form-input;
+      &::-webkit-input-placeholder {
+        color: $dark-grey;
+      }
    }
-}
+  }
-.subheader-form input[type="text"], .subheader-form input[type="password"], .subheader-form .remember-me {
+  &[type='submit'] {
-    padding: 5px 5px 3px 15px;
+    display: inline-block;
-    height: 20px;
+    margin: 0 0 5px;
-    width: 20%;
+    border: 1px solid $almost-white;
-    background: #f5f5f5;
-    border: medium none currentColor;
    border-radius: 2px;
-    box-shadow: 0 1px 0 rgba(255, 255, 255, 0.078), 0 1px 4px rgba(0, 0, 0, 0.298) inset;
+    background: $main-green;
-    color: #252525;
+    padding: 4px 0;
-}
+    width: 100px;
+    height: 28px;
+    color: $almost-white;
-/* because chrome */
+    &:hover {
-.subheader-form input[type="text"]::-webkit-input-placeholder,
+      background: $almost-white;
-.subheader-form input[type="password"]::-webkit-input-placeholder
+      color: $main-green;
-{
+    }
-    color: #252525;
+  }
-}
+  .remember-me {
+    @extend %subheader-form-input;
-.subheader-form .remember-me {
    display: inline-block;
-    width: auto;
-    padding: 5px 20px 3px 20px;
    cursor: pointer;
-}
+    padding: 5px 20px 3px;
+    width: auto;
-.subheader-form .remember-me label, .subheader-form .remember-me input {
+    label,
-    cursor: pointer;
+    input {
+      cursor: pointer;
+    }
+  }
+  a {
+    &.button {
+      border: 2px solid $almost-white;
+      border-radius: 5px;
+      padding: 3px 10px;
+      text-decoration: none;
+      color: $almost-white;
+      font-weight: bold;
+    }
+  }
 }
-.subheader-form input[type="submit"] {
+.header-login-form {
-    display: inline-block;
+  input {
-    margin: 0 0 5px 0;
+    &[type='text'],
-    padding: 4px 0 4px 0;
+    &[type='password'] {
-    height: 28px;
+      width: 200px;
-    width: 100px;
-    background: #1b926c;
+      // because chrome
-    border: 1px solid #f5f5f5;
+      &::-webkit-input-placeholder {
-    color: #f5f5f5;
+        color: $light-grey;
-    border-radius: 2px;
+      }
+    }
+  }
 }
-.subheader-form input[type="submit"]:hover {
+@media screen and (min-width: 64em) {
-    background: #f5f5f5;
+  .subheader-form {
-    color: #1b926c;
+    &.open {
+      visibility: visible;
+      * {
+        visibility: visible;
+      }
+    }
+  }
 }
 .new-version-message {
-    text-align: center;
+  text-align: center;
-}
-.new-version-message a {
+  a {
-    color: rgb(151, 96, 13);
+    color: $warning-text;
    font-weight: bold;
+  }
 }
-/**
+// CONTENT - GENERAL
- * CONTENT - GENERAL
+.container {
- */
+  position: relative;
-#content {
+  z-index: 2;
-    position: relative;
+  margin-top: 45px;
-    z-index: 2;
-    margin-top: 45px;
 }
-/**
+// Plugins additional forms
- * Plugins additional forms
- */
 .toolbar-plugin {
-    margin: 5px 0;
+  margin: 5px 0;
-    text-align: center;
+  text-align: center;
-}
+  input {
-.toolbar-plugin input[type="text"] {
+    &[type='text'] {
-    padding: 0 5px;
+      border: medium none currentColor;
-    height: 30px;
+      border-radius: 2px;
-    width: 300px;
+      box-shadow: 0 1px 0 $light-shadow, 0 1px 1px $dark-shadow inset;
-    background: #f5f5f5;
+      background: $almost-white;
-    border: medium none currentColor;
+      padding: 0 5px;
-    box-shadow: 0 1px 0 rgba(255, 255, 255, 0.078), 0 1px 1px rgba(0, 0, 0, 0.298) inset;
+      width: 300px;
-    border-radius: 2px;
+      height: 30px;
-    color: #252525;
+      color: $dark-grey;
-}
+      &::-webkit-input-placeholder {
-/* because chrome */
+        color: $light-grey;
-.toolbar-plugin input[type="text"]::-webkit-input-placeholder {
+      }
-    color: #777777;
+    }
-}
-.toolbar-plugin input[type="submit"] {
-    padding: 0 10px;
-    height: 30px;
-    background: #f5f5f5;
-    border: medium none currentColor;
-    border-radius: 2px;
-    color: #252525;
-}
-.toolbar-plugin input[type="submit"]:hover {
+    &[type='submit'] {
-    background: #fff;
+      border: medium none currentColor;
+      border-radius: 2px;
+      background: $almost-white;
+      padding: 0 10px;
+      height: 30px;
+      color: $dark-grey;
+      &:hover {
+        background: $white;
+      }
+    }
+  }
 }
 @media screen and (max-width: 64em) {
-    .toolbar-plugin input[type="text"] {
+  .toolbar-plugin {
+    input {
+      &[type='text'] {
        width: 70%;
+      }
    }
+  }
 }
-/**
+// CONTENT - LINKLIST PAGING
- * CONTENT - LINKLIST PAGING
+// 64em -> lg
- * 64em -> lg
- */
 .linklist-filters {
-    margin: 5px 0;
+  margin: 5px 0;
-    color: #252525;
+  color: $dark-grey;
-    font-size: 0.9em;
+  font-size: .9em;
-}
-.linklist-filters a {
+  a {
    padding: 5px 8px;
    text-decoration: none;
-}
+  }
-.linklist-filters .filter-off {
+  .filter-off {
-    color: #252525;
+    background: $almost-white;
-    background: #f5f5f5;
+    color: $dark-grey;
-}
+  }
-.linklist-filters .filter-on {
+  .filter-on {
-    color: #b0ddce;
+    background: $main-green;
-    background: #1b926c;
+    color: $light-green;
-}
+  }
-.linklist-filters .filter-block {
+  .filter-block {
-    color: #f5f5f5;
+    background: $red;
-    background: #ac2925;
+    color: $almost-white;
+  }
 }
 .linklist-pages {
-    margin: 5px 0;
+  margin: 5px 0;
-    color: #252525;
+  text-align: center;
-    text-align: center;
+  color: $dark-grey;
-}
-.linklist-pages a {
+  a {
-    color: #252525;
    text-decoration: none;
+    color: $dark-grey;
+    &:hover {
+      color: $white;
+    }
+  }
 }
-.linklist-pages a:hover {
+%linksperpage-button {
-    color: #fff;
+  display: inline-block;
+  width: 20px;
+  text-align: center;
 }
 .linksperpage {
-    margin: 5px 0;
+  margin: 5px 0;
-    text-align: right;
+  text-align: right;
-    color: #252525;
+  color: $dark-grey;
-    font-size: 0.9em;
+  font-size: .9em;
-}
-.linksperpage a {
+  form {
-    padding: 5px 5px;
+    display: inline;
-    text-decoration: none;
+  }
-    color: #252525;
-    background: #f5f5f5;
-}
-.linksperpage a, .linksperpage input[type="text"] {
+  a {
-    display: inline-block;
+    @extend %linksperpage-button;
-    width: 20px;
-    text-align: center;
-}
-.linksperpage form {
+    background: $almost-white;
-    display: inline;
+    padding: 5px;
+    text-decoration: none;
+    color: $dark-grey;
+  }
+  input {
+    &[type='text'] {
+      @extend %linksperpage-button;
+      margin: 0;
+      border: medium none currentColor;
+      background: $almost-white;
+      padding: 4px 5px 3px 8px;
+      height: 20px;
+      color: $dark-grey;
+      font-size: .8em;
+    }
+  }
 }
-.linksperpage input[type="text"] {
+// CONTENT - LINKLIST ITEMS
-    height: 20px;
+%private-border {
-    margin: 0;
+  display: block;
-    padding: 4px 5px 3px 8px;
+  position: absolute;
-    background: #f5f5f5;
+  top: 0;
-    border: medium none currentColor;
+  left: 3px;
-    color: #252525;
+  z-index: 1;
-    font-size: 0.8em;
+  background: $orange;
+  width: 2px;
+  height: 96%;
+  content: '';
 }
-/**
- * CONTENT - LINKLIST ITEMS
- */
 .linklist-item {
-    margin: 0 0 10px 0;
+  margin: 0 0 10px;
-    background: #f5f5f5;
+  box-shadow: 1px 1px 3px $light-grey;
-    box-shadow: 1px 1px 3px #797979;
+  background: $almost-white;
+  &.private {
+    .linklist-item-title {
+      &::before {
+        @extend %private-border;
+        margin-top: 3px;
+      }
+    }
+    .linklist-item-description {
+      &::before {
+        @extend %private-border;
+        height: 100%;
+      }
+    }
+  }
 }
 .linklist-item-buttons {
-    background: transparent;
+  position: relative;
-    position: relative;
+  z-index: 99;
-    width: 23px;
+  background: transparent;
-    z-index: 99;
+  width: 23px;
 }
 .linklist-item-buttons-right {
-    float: right;
+  float: right;
-    margin-right: -25px;
+  margin-right: -25px;
 }
 .linklist-item-buttons * {
-    display: block;
+  display: block;
-    float: left;
+  float: left;
-    width:100%;
+  margin: auto;
-    margin: auto;
+  width: 100%;
-    text-align: center;
+  text-align: center;
-}
-.linklist-item-title, .linklist-item-title h2  {
-    margin: 0;
-    word-wrap: break-word;
 }
 .linklist-item-title {
-    position: relative;
+  position: relative;
-    background: #f5f5f5;
+  margin: 0;
-}
+  background: $almost-white;
+  word-wrap: break-word;
-.linklist-item-title h2 {
+  h2 {
-    padding: 3px 10px 0 10px;
+    margin: 0;
+    padding: 3px 10px 0;
    line-height: 30px;
-}
+    word-wrap: break-word;
-.linklist-item-title h2 a {
+    a {
-    font-size: 0.7em;
+      vertical-align: middle;
-    color: #252525;
+      text-decoration: none;
-    text-decoration: none;
+      color: $dark-grey;
-    vertical-align: middle;
+      font-size: .7em;
-}
+      &:visited {
+        .linklist-link {
+          color: $dark-green;
+        }
+      }
+      &:hover {
+        color: $dark-grey;
+      }
+    }
+  }
-.linklist-item-title .linklist-link {
+  .linklist-link {
+    color: $main-green;
    font-size: 1.1em;
-    color: #1b926c;
-}
-.linklist-item-title h2 a:visited .linklist-link {
-    color: #2a4c41;
-}
-.linklist-item-title h2 a:hover, .linklist-item-title .linklist-link:hover{
-    color: #252525;
-}
+    &:hover {
+      color: $dark-grey;
+    }
+  }
-.linklist-item-title .label-private {
+  .label-private {
-    border: solid 1px #F89406;
+    border: solid 1px $orange;
+    color: $orange;
    font-family: Arial, sans-serif;
-    font-size: 0.65em;
+    font-size: .65em;
-    color: #F89406;
+  }
 }
 .fold-button {
-    display: none;
+  display: none;
-    color: #252525;
+  color: $dark-grey;
 }
 .linklist-item-editbuttons {
-    float: right;
+  float: right;
-    padding: 8px 5px;
+  padding: 8px 5px;
-}
-.linklist-item-editbuttons * {
+  * {
    display: block;
    float: left;
    margin: 0 1px;
-}
+  }
-.linklist-item-editbuttons a {
+  a {
    font-size: 1em;
+  }
+  .delete-checkbox {
+    display: none;
+  }
 }
 .edit-link {
-    font-size: 1.2em;
+  color: $blue;
-    color: #0b5ea6;
+  font-size: 1.2em;
 }
 .delete-link {
-    font-size: 1.3em;
+  color: $red !important;
-    color: #ac2925 !important;
+  font-size: 1.3em;
 }
 .linklist-item-description {
-    position: relative;
+  position: relative;
-    padding: 0 10px;
+  padding: 0 10px;
-    word-wrap: break-word;
+  line-height: 1.3em;
-    color: #252525;
+  color: $dark-grey;
-    line-height: 1.3em;
+  word-wrap: break-word;
-}
-.linklist-item-description a {
+  a {
    text-decoration: none;
-    color: #1b926c;
+    color: $main-green;
-}
-.linklist-item-description a:hover {
+    &:hover {
-    color: #252525;
+      color: $dark-grey;
-}
+    }
-.linklist-item-description a:visited {
+    &:visited {
-    color: #14553f;
+      color: $dark-green;
+    }
+  }
 }
 .linklist-item-thumbnail {
-    position: relative;
+  position: relative;
-    padding: 0 0 0 5px;
+  float: right;
-    margin: 0;
+  z-index: 50;
-    float: right;
+  margin: 0;
-    z-index: 50;
+  padding: 0 0 0 5px;
-    height: 90px;
+  height: 90px;
-}
-.linklist-item.private .linklist-item-title::before,
-.linklist-item.private .linklist-item-description::before {
-    position: absolute;
-    left: 3px;
-    top: 0;
-    display: block;
-    content:"";
-    background: #F89406;
-    height: 96%;
-    width: 2px;
-    z-index: 1;
-}
-.linklist-item.private .linklist-item-description::before {
-    height: 100%;
-}
-.linklist-item.private .linklist-item-title::before {
-    margin-top: 3px;
 }
 .linklist-item-infos {
-    padding: 4px 8px 4px 8px;
+  background: $background-linklist-info;
-    background: #ddd;
+  padding: 4px 8px;
-    color: #252525;
+  color: $dark-grey;
-}
-.linklist-item-infos a {
+  a {
-    color: #252525;
    text-decoration: none;
-}
+    color: $dark-grey;
-.linklist-item-infos a:hover {
+    &:hover {
-    color: #000;
+      color: $black;
-}
+    }
+  }
-.linklist-item-infos .linklist-item-tags {
+  .linklist-item-tags {
-    font-size: 0.8em;
+    font-size: .8em;
-}
+  }
-.linklist-item-infos .label-tag {
+  .label-tag {
    font-size: 1em;
+  }
+  .mobile-buttons {
+    text-align: right;
+  }
+  .linklist-plugin-icon {
+    display: inline-block;
+    margin: 0 2px;
+    width: 16px;
+    height: 16px;
+  }
 }
 .linklist-item-infos-dateblock {
-    font-size: 0.9em;
+  font-size: .9em;
 }
 .linklist-plugin-icon {
-    width: 13px;
+  width: 13px;
-    height: 13px;
+  height: 13px;
 }
 .linklist-item-infos-url {
-    text-align: right;
+  height: 23px;
-    white-space: nowrap;
+  overflow: hidden;
-    overflow: hidden;
+  text-align: right;
-    text-overflow: ellipsis;
+  text-overflow: ellipsis;
-    font-size: 0.8em;
+  line-height: 23px;
-    height:23px;
+  white-space: nowrap;
-    line-height:23px;
+  font-size: .8em;
-}
-.linklist-item-infos .mobile-buttons {
-    text-align: right;
-}
-.linklist-item-infos .linklist-plugin-icon {
-    display: inline-block;
-    margin: 0 2px;
-    width: 16px;
-    height: 16px;
 }
 .linklist-item-infos-controls-group {
-    display: inline-block;
+  display: inline-block;
-    border-right: 1px solid #5d5d5d;
+  border-right: 1px solid $light-grey;
-    padding-right: 6px;
+  padding-right: 6px;
 }
 .ctrl-edit {
-    margin: 0 7px;
+  margin: 0 7px;
 }
-/** 64em -> lg **/
+// 64em -> lg
 @media screen and (max-width: 64em) {
-    .linklist-item-infos-url {
+  .linklist-item-infos-url {
-        text-align: left;
+    text-align: left;
-    }
+  }
 }
-/**
+// Footer
- * Footer
+.footer-container {
- */
+  margin: 20px 0;
-#footer {
+  padding: 5px;
-    margin: 20px 0;
+  text-align: center;
-    padding: 5px;
+  color: $dark-grey;
-    text-align: center;
-    color: #252525;
-}
-#footer:before {
+  &::before {
    display: block;
-    content:"";
-    background: linear-gradient(to right, #949393, #252525, #949393);
-    height: 1px;
-    width: 80%;
    margin: 10px auto;
+    background: linear-gradient(to right, $background-color, $dark-grey, $background-color);
+    width: 80%;
+    height: 1px;
+    content: '';
+  }
+  a {
+    color: $dark-grey;
+  }
+}
+// PAGE FORM
+%page-form-input {
+  margin: 10px 0;
+  border: solid 1px $form-input-border;
+  border-radius: 2px;
+  background: $form-input-background;
+  padding: 5px 5px 3px 15px;
+  width: 90%;
+  height: 35px;
+  color: $dark-grey;
+  box-sizing: border-box;
+}
+%page-form-button {
+  display: inline-block;
+  margin: 15px 5px;
+  border: 0;
+  box-shadow: 1px 1px 1px $form-input-border, -1px -1px 6px $form-input-border, -1px 1px 2px $form-input-border, 1px -1px 2px $form-input-border;
+  background: $main-green;
+  min-width: 150px;
+  height: 35px;
+  vertical-align: center;
+  text-decoration: none;
+  line-height: 35px;
+  color: $almost-white;
+  font-size: 1.2em;
+  font-weight: normal;
 }
-#footer a {
-    color: #252525;
-}
-/**
- * PAGE FORM
- */
 .page-form {
-    margin: 20px 0 0 0;
+  margin: 20px 0 0;
-    background: #f5f5f5;
+  box-shadow: 1px 1px 2px $light-grey;
-    box-shadow: 1px 1px 2px #797979;
+  background: $almost-white;
-    color: #252525;
+  overflow: hidden;
-    overflow: hidden;
+  color: $dark-grey;
-}
+  .window-title {
-.page-form .window-title {
+    margin: 0 0 10px;
-    margin: 0 0 10px 0;
+    background: $almost-white;
    padding: 10px 0;
    width: 100%;
-    color: #1b926c;
-    background: #f5f5f5;
    text-align: center;
-}
+    color: $main-green;
+  }
-.page-form .window-subtitle {
+  .window-subtitle {
    text-align: center;
-}
+  }
-.page-form a {
+  a {
-    color: #1b926c;
-    font-weight: bold;
    text-decoration: none;
-}
+    color: $main-green;
+    font-weight: bold;
-.page-form p {
+    &.button {
-    padding: 5px 10px;
+      @extend %page-form-button;
+    }
+  }
+  p {
    margin: 0;
-}
+    padding: 5px 10px;
+  }
-.page-form input[type="text"],
+  input {
-.page-form input[type="password"],
+    &[type='text'] {
-.page-form textarea {
+      @extend %page-form-input;
-    box-sizing: border-box;
-    margin: 10px 0;
+      &::-webkit-input-placeholder {
-    padding: 5px 5px 3px 15px;
+        color: $light-grey;
-    height: 35px;
+      }
-    width: 90%;
+    }
-    background: #eeeeee;
-    border: solid 1px #d8d8d8;
+    &[type='password'] {
-    border-radius: 2px;
+      @extend %page-form-input;
-    color: #252525;
-}
+      &::-webkit-input-placeholder {
+        color: $light-grey;
+      }
+    }
+    &[type='submit'] {
+      @extend %page-form-button;
+    }
+  }
+  textarea {
+    @extend %page-form-input;
-.page-form textarea {
-    min-height: 240px;
    padding: 15px 5px 3px 15px;
+    min-height: 240px;
    resize: vertical;
    overflow-y: auto;
-    word-wrap:break-word
+    word-wrap: break-word;
-}
+  }
-/* because chrome */
+  select {
-.page-form input[type="text"]::-webkit-input-placeholder,
+    color: $dark-grey;
-.page-form input[type="password"]::-webkit-input-placeholder {
+  }
-    color: #777777;
-}
-.page-form input[type="submit"], .page-form a.button {
+  .button {
-    margin: 15px 5px;
+    &.button-red {
-    height: 35px;
+      background: $red;
-    line-height: 35px;
+    }
-    width: 150px;
+  }
-    background: #1b926c;
-    color: #f5f5f5;
-    border: none;
-    box-shadow: 1px 1px 1px #ddd, -1px -1px 6px #ddd, -1px 1px 2px #ddd, 1px -1px 2px #ddd;
-    font-size: 1.2em;
-    text-decoration: none;
-    vertical-align: center;
-    font-weight: normal;
-    display: inline-block;
-}
+  .submit-buttons {
+    margin-bottom: 10px;
+  }
-.page-form .button.button-red {
+  section {
-    background: #ac2925;
+    margin: 10px 0 25px;
-}
+  }
-.page-form .submit-buttons {
+  table,
-    margin-bottom: 10px;
+  th,
-}
+  td {
+    border-width: 1px 0;
+    border-style: solid;
+    border-color: $light-grey;
+  }
-@media screen and (min-width: 64em) {
+  th,
-    .page-form .submit-buttons {
+  td {
-        position: relative;
+    padding: 5px;
+  }
+  table {
+    margin: auto;
+    width: 90%;
+    .order {
+      text-decoration: none;
+      color: $dark-grey;
    }
+  }
-    .page-form .submit-buttons .button.button-red {
+  .awesomplete {
-        position: absolute;
+    width: 90%;
-        right: 5%;
+    input {
+      width: 100%;
+    }
+  }
+  div {
+    .awesomplete {
+      > ul {
+        color: $black;
+      }
    }
+  }
+}
+@media screen and (min-width: 64em) {
+  .page-form {
+    .submit-buttons {
+      position: relative;
+      .button {
+        &.button-red {
+          position: absolute;
+          right: 5%;
+        }
+      }
+    }
+  }
 }
 @media screen and (max-width: 64em) {
-    .page-form .submit-buttons .button {
+  .page-form {
+    .submit-buttons {
+      .button {
        display: block;
        margin: auto;
+      }
    }
+  }
 }
-.page-form select {
+// PAGE FORM - LIGHT
-    color: #252525;
+.page-form-light {
-}
+  div,
+  p {
-/**
- * PAGE FORM - LIGHT
- */
-.page-form-light div, .page-form-light p {
    text-align: center;
+  }
 }
-/**
+// PAGE FORM - COMPLETE
- * PAGE FORM - COMPLETE
+%page-form-valign {
- */
+  position: absolute;
-.page-form-complete div, .page-form-complete p {
+  top: 50%;
-    color: #252525;
+  transform: translateY(-50%);
 }
-.page-form-complete .form-label, .page-form-complete .form-input {
+.page-form-complete {
+  div,
+  p {
+    color: $dark-grey;
+  }
+  .form-label,
+  .form-input {
    position: relative;
    height: 60px;
-}
+  }
-.page-form-complete .form-label label,
+  .form-label {
-.page-form-complete .form-input input,
+    label {
-.page-form-complete .form-input select.align,
+      @extend %page-form-valign;
-.page-form-complete .timezone {
-    position: absolute;
-    top: 50%;
-    transform: translateY(-50%);
-}
-.page-form-complete .form-label label {
+      right: 0;
-    text-align: right;
+      padding: 0 20px;
-    right: 0;
+      text-align: right;
-    padding: 0 20px;
+    }
-}
+  }
-.page-form-complete .label-name {
+  .label-name {
    font-weight: bold;
-}
+  }
-.page-form-complete .label-desc {
-    font-size: 0.8em;
-}
-.page-form-complete input[type="text"],
+  .label-desc {
-.page-form-complete input[type="password"],
+    font-size: .8em;
-.page-form-complete textarea {
+  }
-    margin: 0;
-}
-.page-form section {
-    margin: 10px 0 25px 0;
-}
-.page-form table {
+  .form-input {
-    margin: auto;
+    input {
-    width: 90%;
+      @extend %page-form-valign;
-}
-.page-form table .order {
+      &[type='text'],
-    text-decoration: none;
+      &[type='password'] {
-    color: #252525;
+        margin: 0;
-}
+      }
+    }
-.page-form table, .page-form th, .page-form td {
+    select {
-    border-width: 1px 0;
+      &.align {
-    border-style: solid;
+        @extend %page-form-valign;
-    border-color: #aaaaaa;
+      }
-}
+    }
+  }
-.page-form th, .page-form td {
+  textarea {
-    padding: 5px;
+    margin: 0;
+  }
+  .timezone {
+    @extend %page-form-valign;
+  }
 }
-/* Awesomeplete fix */
+// Awesomeplete fix
-div.awesomplete {
+div {
+  &.awesomplete {
    width: inherit;
-}
-div.awesomplete > input {
+    > input {
-    display: inherit;
+      display: inherit;
-}
+    }
-div.awesomplete > ul {
+    > ul {
-    z-index: 9999;
+      z-index: 9999;
+    }
+  }
 }
-.page-form .awesomplete {
+form {
-    width: 90%;
+  &[name='linkform'] {
+    &.page-form {
+      overflow: visible;
+    }
+  }
 }
-.page-form .awesomplete input {
+@media screen and (max-width: 64em) {
-    width: 100%;
+  %page-form-valign-mobile {
-}
+    position: inherit;
+    top: inherit;
+    transform: translateY(0);
+  }
-.page-form div.awesomplete > ul {
+  .page-form-complete {
-    color: black;
+    .form-label {
-}
+      height: inherit;
-form[name="linkform"].page-form {
+      label {
-    overflow: visible;
+        @extend %page-form-valign-mobile;
-}
-@media screen and (max-width: 64em) {
+        display: block;
-    .page-form-complete .form-label {
+        margin: 10px 0 0;
-        height: inherit;
+        text-align: left;
+      }
    }
-    .page-form-complete .form-label label,
+    .form-input {
-    .page-form-complete .form-input input,
+      text-align: center;
-    .page-form-complete .timezone {
-        position: inherit;
-        top: inherit;
-        transform: translateY(0);
-    }
-    .page-form-complete .form-input input[type="checkbox"] {
+      input {
-        position: absolute;
+        @extend %page-form-valign-mobile;
-        top: 50%;
-        right: 50%;
-        transform: translateY(-50%);
-    }
-    .page-form-complete .form-input {
+        &[type='checkbox'] {
-        text-align: center;
+          position: absolute;
+          top: 50%;
+          right: 50%;
+          transform: translateY(-50%);
+        }
+      }
    }
-    .page-form-complete .form-label label {
+    .timezone {
-        display: block;
+      @extend %page-form-valign-mobile;
-        text-align: left;
-        margin: 10px 0 0 0;
    }
-    .timezone-continent:after {
+    .radio-buttons {
-        content:"\a\a";
+      padding: 5px 15px;
-        white-space: pre;
+      text-align: left;
    }
+  }
-    .page-form-complete .radio-buttons {
+  .timezone-continent {
-        text-align: left;
+    &::after {
-        padding: 5px 15px;
+      white-space: pre;
+      content: '\a\a';
    }
+  }
 }
-/**
+// Page visitor (page form extended)
- * Page visitor (page form extended)
- */
 .page-visitor {
-    color: #252525;
+  color: $dark-grey;
 }
-#page404 {
+.page404-container {
-    color: #3f3f3f;
+  color: $dark-grey;
 }
-/**
+// EDIT LINK
- * EDIT LINK
+.edit-link-container {
- */
+  .created-date {
-#editlinkform .created-date {
-    color: #767676;
    margin-bottom: 10px;
+    color: $light-grey;
+  }
 }
-/**
+// LOGIN
- * LOGIN
+.login-form-container {
- */
+  .remember-me {
-#login-form .remember-me {
    margin: 5px 0;
+  }
 }
-/**
+// Search results
- * Search results
+.search-result {
- */
+  a {
-.search-result a {
-    color: white;
    text-decoration: none;
-}
+    color: $white;
+  }
-.search-result .label-tag {
+  .label-tag {
-    border-color: white;
+    border-color: $white;
-}
-.search-result .label-tag .remove {
+    .remove {
-    border-left: white 1px solid;
+      margin: 0 0 0 5px;
-    padding: 0 0 0 5px;
+      border-left: $white 1px solid;
-    margin: 0 0 0 5px;
+      padding: 0 0 0 5px;
-}
+    }
+  }
-.search-result .label-private {
+  .label-private {
-    border: 1px solid white;
+    border: 1px solid $white;
+  }
 }
-/**
+// TOOLS
- * TOOLS
- */
 .tools-item {
-    margin: 10px 0;
+  margin: 10px 0;
-}
-.tools-item .pure-button:hover {
+  .pure-button {
-    background-image: none;
+    &:hover {
-    background-color: #1b926c;
+      background-color: $main-green;
-    color: #f5f5f5;
+      background-image: none;
+      color: $almost-white;
+    }
+  }
 }
-/**
+// PLUGIN ADMIN
- * PLUGIN ADMIN
+.pluginform-container {
- */
+  .mobile-row {
-#pluginform .mobile-row {
+    font-size: .9em;
-    font-size: 0.9em;
+  }
-}
-#pluginform .more {
+  .more {
    margin-top: 10px;
+  }
 }
 @media screen and (max-width: 64em) {
-    #pluginform .main-row, #pluginform .main-row td {
+  .pluginform-container {
-        border-bottom-style: none;
+    .main-row {
-    }
+      border-top-style: none;
+      border-bottom-style: none;
-    #pluginform .mobile-row, #pluginform .mobile-row td {
+      td {
        border-top-style: none;
+        border-bottom-style: none;
+      }
    }
+  }
 }
-/**
+// IMPORT
- * IMPORT
+.import-field-container {
- */
+  margin: 15px 0;
-#import-field {
-    margin: 15px 0;
 }
-/**
+// TAG CLOUD
- * TAG CLOUD
+.cloudtag-container {
- */
+  padding: 10px;
-#cloudtag {
+  text-align: center;
-    padding: 10px;
+  text-decoration: none;
-    text-align: center;
+  color: $dark-grey;
-}
-#cloudtag, #cloudtag a {
+  a {
-    color: #252525;
    text-decoration: none;
-}
+    color: $dark-grey;
+  }
-#cloudtag .count {
+  .count {
-    color: #7f7f7f;
+    color: $light-grey;
+  }
 }
-/**
+// TAG LIST
- * TAG LIST
+.taglist-container {
- */
+  padding: 0 10px;
-#taglist {
-    padding: 0 10px;
-}
-#taglist a {
+  a {
-    color: #252525;
    text-decoration: none;
-}
+    color: $dark-grey;
+  }
-#taglist .count {
+  .count {
    display: inline-block;
    width: 35px;
    text-align: right;
-    color: #7f7f7f;
+    color: $light-grey;
-}
+  }
-#taglist .rename-tag-form {
+  .rename-tag-form {
    display: none;
-}
+  }
-#taglist .delete-tag {
+  .delete-tag {
-    color: #ac2925;
    display: none;
-}
+    color: $red;
+  }
-#taglist .rename-tag {
-    color: #0b5ea6;
+  .rename-tag {
-}
+    color: $blue;
+  }
-#taglist .validate-rename-tag {
-    color: #1b926c;
+  .validate-rename-tag {
-}
+    color: $main-green;
+  }
-/**
+}
- * Picture wall CSS
- */
+// Picture wall CSS
-#picwall_container {
+.picwall-container {
-    margin: 0 10px 10px 10px;
+  clear: both;
-    color: #252525;
+  margin: 0 10px 10px;
-    background-color: #f5f5f5;
+  background-color: $almost-white;
-    clear: both;
+  color: $dark-grey;
-}
+}
-.picwall_pictureframe {
+.picwall-pictureframe {
-    margin: 2px;
+  display: table-cell;
-    background-color: #f5f5f5;
+  position: relative;
-    z-index: 5;
+  float: left;
-    position: relative;
+  z-index: 5;
-    display: table-cell;
+  margin: 2px;
-    vertical-align: middle;
+  background-color: $almost-white;
-    width: 90px;
+  width: 90px;
-    height: 90px;
+  height: 90px;
-    overflow: hidden;
+  overflow: hidden;
-    text-align: center;
+  vertical-align: middle;
-    float: left;
+  text-align: center;
-}
+  // Adapt the width of the image
-.b-lazy {
+  img {
-    -webkit-transition: opacity 500ms ease-in-out;
-    -moz-transition: opacity 500ms ease-in-out;
-    -o-transition: opacity 500ms ease-in-out;
-    transition: opacity 500ms ease-in-out;
-    opacity: 0;
-}
-.b-lazy.b-loaded {
-    opacity: 1;
-}
-.picwall_pictureframe img {
    max-width: 100%;
    height: auto;
    color: transparent;
-} /* Adapt the width of the image */
+  }
-.picwall_pictureframe a {
+  a {
    text-decoration: none;
-}
+  }
-/* CSS to show title when hovering an image - no javascript required. */
+  span {
-.picwall_pictureframe span.info {
+    &.info {
-    display: none;
+      display: none;
-    font-family: Arial, sans-serif;
+      font-family: Arial, sans-serif;
+    }
+  }
+  // CSS to show title when hovering an image - no javascript required.
+  &:hover {
+    span {
+      &.info {
+        display: block;
+        position: absolute;
+        top: 0;
+        left: 0;
+        background-color: $dark-shadow;
+        width: 90px;
+        height: 90px;
+        text-align: left;
+        color: $almost-white;
+        font-size: 9pt;
+        font-weight: bold;
+      }
+    }
+  }
 }
-.picwall_pictureframe:hover span.info {
+.b-lazy {
-    display: block;
+  transition: opacity 500ms ease-in-out;
-    position: absolute;
+  opacity: 0;
-    top: 0;
+  -webkit-transition: opacity 500ms ease-in-out;
-    left: 0;
+  -moz-transition: opacity 500ms ease-in-out;
-    width: 90px;
+  -o-transition: opacity 500ms ease-in-out;
-    height: 90px;
-    font-weight: bold;
+  &.b-loaded {
-    font-size: 9pt;
+    opacity: 1;
-    color: #f5f5f5;
+  }
-    text-align: left;
-    background-color: rgba(0, 0, 0, 0.8);
 }
-/**
+// DAILY
- * DAILY
- */
 .daily-desc {
-    color: #7f7f7f;
+  color: $light-grey;
-    font-size: 0.8em;
+  font-size: .8em;
-}
-.daily-about a {
+  a {
-    color: #343434;
    text-decoration: none;
-}
+    color: $dark-grey;
-.daily-about a:hover {
-    color: #7f7f7f;
-}
-.daily-about h3:before, .daily-about h3:after {
+    &:hover {
-    display: block;
+      color: $light-grey;
-    content:"";
+    }
-    background: linear-gradient(to right, #d5d4d4, #252525, #d5d4d4);
+  }
-    height: 1px;
+}
-    width: 90%;
-    margin: 10px auto;
+.daily-about {
+  h3 {
+    &::before,
+    &::after {
+      display: block;
+      margin: 10px auto;
+      background: linear-gradient(to right, $background-color, $dark-grey, $background-color);
+      width: 90%;
+      height: 1px;
+      content: '';
+    }
+  }
 }
 .daily-entry {
-    padding: 0 10px;
+  padding: 0 10px;
-}
-.daily-entry .daily-entry-title:after {
+  .daily-entry-title {
-    display: block;
+    margin: 10px 0 0;
-    content:"";
-    background: linear-gradient(to right, #fff, #515151, #fff);
-    height: 1px;
-    width: 70%;
-    margin: 5px auto;
-}
-.daily-entry .daily-entry-title {
+    a {
-    margin: 10px 0 0 0;
+      text-decoration: none;
-}
+      color: $black;
+    }
-.daily-entry .daily-entry-title a {
+    &::after {
-    color: #000;
+      display: block;
-    text-decoration: none;
+      margin: 5px auto;
-}
+      background: linear-gradient(to right, $white, $light-grey, $white);
+      width: 70%;
+      height: 1px;
+      content: '';
+    }
+  }
-.daily-entry .daily-entry-description {
+  .daily-entry-description {
-    padding: 5px 5px 0 5px;
+    padding: 5px 5px 0;
-    font-size: 0.9em;
    text-align: justify;
+    font-size: .9em;
    word-wrap: break-word;
-}
+  }
-.daily-entry .daily-entry-tags {
+  .daily-entry-tags {
-    padding: 0 5px 5px 5px;
+    padding: 0 5px 5px;
-    font-size: 0.8em;
+    font-size: .8em;
+  }
 }
 .daily-entry-thumbnail {
-    float: left;
+  float: left;
-    margin: 15px 5px 5px 15px;
+  margin: 15px 5px 5px 15px;
 }
-.daily-entry-description a {
+.daily-entry-description {
+  a {
    text-decoration: none;
-    color: #1b926c;
+    color: $main-green;
-}
-.daily-entry-description a:hover {
+    &:hover {
-    text-shadow: 1px 1px #ddd;
+      text-shadow: 1px 1px $background-linklist-info;
-}
+    }
-.daily-entry-description a:visited {
+    &:visited {
-    color: #20b988;
+      color: $dark-green;
+    }
+  }
 }
-/*
+// Fix empty bookmarklet name in Firefox
- * Fix empty bookmarklet name in Firefox
- */
 .pure-button {
-    -moz-user-select: auto;
+  -moz-user-select: auto;
 }
 .tag-sort {
-    margin-top: 30px;
+  margin-top: 30px;
-    text-align: center;
+  text-align: center;
-}
-.tag-sort a {
+  a {
    display: inline-block;
    margin: 0 15px;
-    color: white;
    text-decoration: none;
+    color: $white;
    font-weight: bold;
+  }
 }
-/**
+// Markdown
- * Markdown
+.markdown {
- */
+  p {
-.markdown p {
    margin: 0 !important;
-}
+  }
-.markdown p + p {
+  p + p {
-    margin: 0.5em 0 0 0 !important;
+    margin: .5em 0 0 !important;
-}
+  }
-.markdown *:first-child {
+  * {
-    margin-top: 0 !important;
+    &:first-child {
-}
+      margin-top: 0 !important;
+    }
-.markdown *:last-child {
+    &:last-child {
-    margin-bottom: 5px !important;
+      margin-bottom: 5px !important;
+    }
+  }
 }
-/**
+// Pure Button
- * Pure Button
- */
 .pure-button-success,
 .pure-button-error,
 .pure-button-warning,
 .pure-button-primary,
 .pure-button-shaarli,
 .pure-button-secondary {
-    color: white !important;
+  border-radius: 4px;
-    border-radius: 4px;
+  text-shadow: 0 1px 1px $dark-shadow;
-    text-shadow: 0 1px 1px rgba(0, 0, 0, 0.2);
+  color: $white !important;
 }
 .pure-button-shaarli {
-    background-color: #1B926C;
+  background-color: $main-green;
 }
diff --git a/composer.json b/composer.json
index 15e082f8..0d4c623c 100644
--- a/composer.json
+++ b/composer.json
@@ -36,7 +36,8 @@
            "Shaarli\\Api\\Controllers\\": "application/api/controllers",
            "Shaarli\\Api\\Exceptions\\": "application/api/exceptions",
            "Shaarli\\Config\\": "application/config/",
-            "Shaarli\\Config\\Exception\\": "application/config/exception"
+            "Shaarli\\Config\\Exception\\": "application/config/exception",
+            "Shaarli\\Security\\": "application/security"
        }
    }
 }
diff --git a/index.php b/index.php
index 2fe3f821..c34434dd 100644
--- a/index.php
+++ b/index.php
@@ -78,8 +78,8 @@ require_once 'application/Updater.php';
 use \Shaarli\Languages;
 use \Shaarli\ThemeUtils;
 use \Shaarli\Config\ConfigManager;
-use \Shaarli\LoginManager;
+use \Shaarli\Security\LoginManager;
-use \Shaarli\SessionManager;
+use \Shaarli\Security\SessionManager;
 // Ensure the PHP version is supported
 try {
@@ -101,8 +101,6 @@ if (dirname($_SERVER['SCRIPT_NAME']) != '/') {
 // Set default cookie expiration and path.
 session_set_cookie_params($cookie['lifetime'], $cookiedir, $_SERVER['SERVER_NAME']);
 // Set session parameters on server side.
-// If the user does not access any page within this time, his/her session is considered expired.
-define('INACTIVITY_TIMEOUT', 3600); // in seconds.
 // Use cookies to store session.
 ini_set('session.use_cookies', 1);
 // Force cookies for session (phpsessionID forbidden in URL).
@@ -123,8 +121,10 @@ if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli']))
 }
 $conf = new ConfigManager();
-$loginManager = new LoginManager($GLOBALS, $conf);
 $sessionManager = new SessionManager($_SESSION, $conf);
+$loginManager = new LoginManager($GLOBALS, $conf, $sessionManager);
+$loginManager->generateStaySignedInToken($_SERVER['REMOTE_ADDR']);
+$clientIpId = client_ip_id($_SERVER);
 // LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead.
 if (! defined('LC_MESSAGES')) {
@@ -177,157 +177,61 @@ if (! is_file($conf->getConfigFileExt())) {
    install($conf, $sessionManager);
 }
-// a token depending of deployment salt, user password, and the current ip
+$loginManager->checkLoginState($_COOKIE, $clientIpId);
-define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt')));
 /**
- * Checking session state (i.e. is the user still logged in)
+ * Adapter function to ensure compatibility with third-party templates
 *
- * @param ConfigManager $conf The configuration manager.
+ * @see https://github.com/shaarli/Shaarli/pull/1086
 *
- * @return bool: true if the user is logged in, false otherwise.
+ * @return bool true when the user is logged in, false otherwise
 */
-function setup_login_state($conf)
-{
-    if ($conf->get('security.open_shaarli')) {
-        return true;
-    }
-    $userIsLoggedIn = false; // By default, we do not consider the user as logged in;
-    $loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met.
-    if (! $conf->exists('credentials.login')) {
-        $userIsLoggedIn = false;  // Shaarli is not configured yet.
-        $loginFailure = true;
-    }
-    if (isset($_COOKIE['shaarli_staySignedIn']) &&
-        $_COOKIE['shaarli_staySignedIn']===STAY_SIGNED_IN_TOKEN &&
-        !$loginFailure)
-    {
-        fillSessionInfo($conf);
-        $userIsLoggedIn = true;
-    }
-    // If session does not exist on server side, or IP address has changed, or session has expired, logout.
-    if (empty($_SESSION['uid'])
-        || ($conf->get('security.session_protection_disabled') === false && $_SESSION['ip'] != allIPs())
-        || time() >= $_SESSION['expires_on'])
-    {
-        logout();
-        $userIsLoggedIn = false;
-        $loginFailure = true;
-    }
-    if (!empty($_SESSION['longlastingsession'])) {
-        $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // In case of "Stay signed in" checked.
-    }
-    else {
-        $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Standard session expiration date.
-    }
-    if (!$loginFailure) {
-        $userIsLoggedIn = true;
-    }
-    return $userIsLoggedIn;
-}
-$userIsLoggedIn = setup_login_state($conf);
-// ------------------------------------------------------------------------------------------
-// Session management
-// Returns the IP address of the client (Used to prevent session cookie hijacking.)
-function allIPs()
-{
-    $ip = $_SERVER['REMOTE_ADDR'];
-    // Then we use more HTTP headers to prevent session hijacking from users behind the same proxy.
-    if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip=$ip.'_'.$_SERVER['HTTP_X_FORWARDED_FOR']; }
-    if (isset($_SERVER['HTTP_CLIENT_IP'])) { $ip=$ip.'_'.$_SERVER['HTTP_CLIENT_IP']; }
-    return $ip;
-}
-/**
- * Load user session.
- *
- * @param ConfigManager $conf Configuration Manager instance.
- */
-function fillSessionInfo($conf)
-{
-    $_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand()); // Generate unique random number (different than phpsessionid)
-    $_SESSION['ip']=allIPs();                // We store IP address(es) of the client to make sure session is not hijacked.
-    $_SESSION['username']= $conf->get('credentials.login');
-    $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT;  // Set session expiration.
-}
-/**
- * Check that user/password is correct.
- *
- * @param string        $login    Username
- * @param string        $password User password
- * @param ConfigManager $conf     Configuration Manager instance.
- *
- * @return bool: authentication successful or not.
- */
-function check_auth($login, $password, $conf)
-{
-    $hash = sha1($password . $login . $conf->get('credentials.salt'));
-    if ($login == $conf->get('credentials.login') && $hash == $conf->get('credentials.hash'))
-    {   // Login/password is correct.
-        fillSessionInfo($conf);
-        logm($conf->get('resource.log'), $_SERVER['REMOTE_ADDR'], 'Login successful');
-        return true;
-    }
-    logm($conf->get('resource.log'), $_SERVER['REMOTE_ADDR'], 'Login failed for user '.$login);
-    return false;
-}
-// Returns true if the user is logged in.
 function isLoggedIn()
 {
-    global $userIsLoggedIn;
+    global $loginManager;
-    return $userIsLoggedIn;
+    return $loginManager->isLoggedIn();
 }
-// Force logout.
-function logout() {
-    if (isset($_SESSION)) {
-        unset($_SESSION['uid']);
-        unset($_SESSION['ip']);
-        unset($_SESSION['username']);
-        unset($_SESSION['visibility']);
-        unset($_SESSION['untaggedonly']);
-    }
-    setcookie('shaarli_staySignedIn', FALSE, 0, WEB_PATH);
-}
 // ------------------------------------------------------------------------------------------
 // Process login form: Check if login/password is correct.
-if (isset($_POST['login']))
+if (isset($_POST['login'])) {
-{
    if (! $loginManager->canLogin($_SERVER)) {
        die(t('I said: NO. You are banned for the moment. Go away.'));
    }
    if (isset($_POST['password'])
        && $sessionManager->checkToken($_POST['token'])
-        && (check_auth($_POST['login'], $_POST['password'], $conf))
+        && $loginManager->checkCredentials($_SERVER['REMOTE_ADDR'], $clientIpId, $_POST['login'], $_POST['password'])
    ) {
-        // Login/password is OK.
        $loginManager->handleSuccessfulLogin($_SERVER);
-        // If user wants to keep the session cookie even after the browser closes:
+        $cookiedir = '';
-        if (!empty($_POST['longlastingsession'])) {
+        if (dirname($_SERVER['SCRIPT_NAME']) != '/') {
-            $_SESSION['longlastingsession'] = 31536000; // (31536000 seconds = 1 year)
-            $expiration = time() + $_SESSION['longlastingsession']; // calculate relative cookie expiration (1 year from now)
-            setcookie('shaarli_staySignedIn', STAY_SIGNED_IN_TOKEN, $expiration, WEB_PATH);
-            $_SESSION['expires_on'] = $expiration;  // Set session expiration on server-side.
-            $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
-            session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir,$_SERVER['SERVER_NAME']); // Set session cookie expiration on client side
            // Note: Never forget the trailing slash on the cookie path!
-            session_regenerate_id(true);  // Send cookie with new expiration date to browser.
+            $cookiedir = dirname($_SERVER["SCRIPT_NAME"]) . '/';
        }
-        else // Standard session expiration (=when browser closes)
-        {
+        if (!empty($_POST['longlastingsession'])) {
-            $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
+            // Keep the session cookie even after the browser closes
-            session_set_cookie_params(0,$cookiedir,$_SERVER['SERVER_NAME']); // 0 means "When browser closes"
+            $sessionManager->setStaySignedIn(true);
-            session_regenerate_id(true);
+            $expirationTime = $sessionManager->extendSession();
+            setcookie(
+                $loginManager::$STAY_SIGNED_IN_COOKIE,
+                $loginManager->getStaySignedInToken(),
+                $expirationTime,
+                WEB_PATH
+            );
+        } else {
+            // Standard session expiration (=when browser closes)
+            $expirationTime = 0;
        }
+        // Send cookie with the new expiration date to the browser
+        session_set_cookie_params($expirationTime, $cookiedir, $_SERVER['SERVER_NAME']);
+        session_regenerate_id(true);
        // Optional redirect after login:
        if (isset($_GET['post'])) {
            $uri = '?post='. urlencode($_GET['post']);
@@ -380,15 +284,16 @@ if (!isset($_SESSION['tokens'])) $_SESSION['tokens']=array();  // Token are atta
 * Gives the last 7 days (which have links).
 * This RSS feed cannot be filtered.
 *
- * @param ConfigManager $conf Configuration Manager instance.
+ * @param ConfigManager $conf         Configuration Manager instance
+ * @param LoginManager  $loginManager LoginManager instance
 */
-function showDailyRSS($conf) {
+function showDailyRSS($conf, $loginManager) {
    // Cache system
    $query = $_SERVER['QUERY_STRING'];
    $cache = new CachedPage(
        $conf->get('config.PAGE_CACHE'),
        page_url($_SERVER),
-        startsWith($query,'do=dailyrss') && !isLoggedIn()
+        startsWith($query,'do=dailyrss') && !$loginManager->isLoggedIn()
    );
    $cached = $cache->cachedVersion();
    if (!empty($cached)) {
@@ -400,7 +305,7 @@ function showDailyRSS($conf) {
    // Read links from database (and filter private links if used it not logged in).
    $LINKSDB = new LinkDB(
        $conf->get('resource.datastore'),
-        isLoggedIn(),
+        $loginManager->isLoggedIn(),
        $conf->get('privacy.hide_public_links'),
        $conf->get('redirector.url'),
        $conf->get('redirector.encode_url')
@@ -482,9 +387,10 @@ function showDailyRSS($conf) {
 * @param PageBuilder   $pageBuilder   Template engine wrapper.
 * @param LinkDB        $LINKSDB       LinkDB instance.
 * @param ConfigManager $conf          Configuration Manager instance.
- * @param PluginManager $pluginManager Plugin Manager instane.
+ * @param PluginManager $pluginManager Plugin Manager instance.
+ * @param LoginManager  $loginManager  Login Manager instance
 */
-function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager)
+function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager, $loginManager)
 {
    $day = date('Ymd', strtotime('-1 day')); // Yesterday, in format YYYYMMDD.
    if (isset($_GET['day'])) {
@@ -542,7 +448,7 @@ function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager)
    /* Hook is called before column construction so that plugins don't have
       to deal with columns. */
-    $pluginManager->executeHooks('render_daily', $data, array('loggedin' => isLoggedIn()));
+    $pluginManager->executeHooks('render_daily', $data, array('loggedin' => $loginManager->isLoggedIn()));
    /* We need to spread the articles on 3 columns.
       I did not want to use a JavaScript lib like http://masonry.desandro.com/
@@ -586,8 +492,8 @@ function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager)
 * @param ConfigManager $conf    Configuration Manager instance.
 * @param PluginManager $pluginManager Plugin Manager instance.
 */
-function showLinkList($PAGE, $LINKSDB, $conf, $pluginManager) {
+function showLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager) {
-    buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager); // Compute list of links to display
+    buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager, $loginManager);
    $PAGE->renderPage('linklist');
 }
@@ -607,7 +513,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
        read_updates_file($conf->get('resource.updates')),
        $LINKSDB,
        $conf,
-        isLoggedIn()
+        $loginManager->isLoggedIn()
    );
    try {
        $newUpdates = $updater->update();
@@ -622,18 +528,18 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
        die($e->getMessage());
    }
-    $PAGE = new PageBuilder($conf, $LINKSDB, $sessionManager->generateToken());
+    $PAGE = new PageBuilder($conf, $LINKSDB, $sessionManager->generateToken(), $loginManager->isLoggedIn());
    $PAGE->assign('linkcount', count($LINKSDB));
    $PAGE->assign('privateLinkcount', count_private($LINKSDB));
    $PAGE->assign('plugin_errors', $pluginManager->getErrors());
    // Determine which page will be rendered.
    $query = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : '';
-    $targetPage = Router::findPage($query, $_GET, isLoggedIn());
+    $targetPage = Router::findPage($query, $_GET, $loginManager->isLoggedIn());
    if (
        // if the user isn't logged in
-        !isLoggedIn() &&
+        !$loginManager->isLoggedIn() &&
        // and Shaarli doesn't have public content...
        $conf->get('privacy.hide_public_links') &&
        // and is configured to enforce the login
@@ -661,7 +567,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
        $pluginManager->executeHooks('render_' . $name, $plugin_data,
            array(
                'target' => $targetPage,
-                'loggedin' => isLoggedIn()
+                'loggedin' => $loginManager->isLoggedIn()
            )
        );
        $PAGE->assign('plugins_' . $name, $plugin_data);
@@ -686,7 +592,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
    if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=logout'))
    {
        invalidateCaches($conf->get('resource.page_cache'));
-        logout();
+        $sessionManager->logout();
+        setcookie(LoginManager::$STAY_SIGNED_IN_COOKIE, 'false', 0, WEB_PATH);
        header('Location: ?');
        exit;
    }
@@ -713,7 +620,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
        $data = array(
            'linksToDisplay' => $linksToDisplay,
        );
-        $pluginManager->executeHooks('render_picwall', $data, array('loggedin' => isLoggedIn()));
+        $pluginManager->executeHooks('render_picwall', $data, array('loggedin' => $loginManager->isLoggedIn()));
        foreach ($data as $key => $value) {
            $PAGE->assign($key, $value);
@@ -760,7 +667,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
            'search_tags' => $searchTags,
            'tags' => $tagList,
        );
-        $pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn()));
+        $pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => $loginManager->isLoggedIn()));
        foreach ($data as $key => $value) {
            $PAGE->assign($key, $value);
@@ -793,7 +700,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
            'search_tags' => $searchTags,
            'tags' => $tags,
        ];
-        $pluginManager->executeHooks('render_taglist', $data, ['loggedin' => isLoggedIn()]);
+        $pluginManager->executeHooks('render_taglist', $data, ['loggedin' => $loginManager->isLoggedIn()]);
        foreach ($data as $key => $value) {
            $PAGE->assign($key, $value);
@@ -807,7 +714,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
    // Daily page.
    if ($targetPage == Router::$PAGE_DAILY) {
-        showDaily($PAGE, $LINKSDB, $conf, $pluginManager);
+        showDaily($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager);
    }
    // ATOM and RSS feed.
@@ -820,7 +727,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
        $cache = new CachedPage(
            $conf->get('resource.page_cache'),
            page_url($_SERVER),
-            startsWith($query,'do='. $targetPage) && !isLoggedIn()
+            startsWith($query,'do='. $targetPage) && !$loginManager->isLoggedIn()
        );
        $cached = $cache->cachedVersion();
        if (!empty($cached)) {
@@ -829,15 +736,15 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
        }
        // Generate data.
-        $feedGenerator = new FeedBuilder($LINKSDB, $feedType, $_SERVER, $_GET, isLoggedIn());
+        $feedGenerator = new FeedBuilder($LINKSDB, $feedType, $_SERVER, $_GET, $loginManager->isLoggedIn());
        $feedGenerator->setLocale(strtolower(setlocale(LC_COLLATE, 0)));
-        $feedGenerator->setHideDates($conf->get('privacy.hide_timestamps') && !isLoggedIn());
+        $feedGenerator->setHideDates($conf->get('privacy.hide_timestamps') && !$loginManager->isLoggedIn());
        $feedGenerator->setUsePermalinks(isset($_GET['permalinks']) || !$conf->get('feed.rss_permalinks'));
        $data = $feedGenerator->buildData();
        // Process plugin hook.
        $pluginManager->executeHooks('render_feed', $data, array(
-            'loggedin' => isLoggedIn(),
+            'loggedin' => $loginManager->isLoggedIn(),
            'target' => $targetPage,
        ));
@@ -985,7 +892,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
    }
    // -------- Handle other actions allowed for non-logged in users:
-    if (!isLoggedIn())
+    if (!$loginManager->isLoggedIn())
    {
        // User tries to post new link but is not logged in:
        // Show login screen, then redirect to ?post=...
@@ -1001,7 +908,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
            exit;
        }
-        showLinkList($PAGE, $LINKSDB, $conf, $pluginManager);
+        showLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager);
        if (isset($_GET['edit_link'])) {
            header('Location: ?do=login&edit_link='. escape($_GET['edit_link']));
            exit;
@@ -1052,7 +959,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
            $conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand()));
            $conf->set('credentials.hash', sha1($_POST['setpassword'] . $conf->get('credentials.login') . $conf->get('credentials.salt')));
            try {
-                $conf->write(isLoggedIn());
+                $conf->write($loginManager->isLoggedIn());
            }
            catch(Exception $e) {
                error_log(
@@ -1103,7 +1010,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
            $conf->set('translation.language', escape($_POST['language']));
            try {
-                $conf->write(isLoggedIn());
+                $conf->write($loginManager->isLoggedIn());
                $history->updateSettings();
                invalidateCaches($conf->get('resource.page_cache'));
            }
@@ -1555,7 +1462,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
            else {
                $conf->set('general.enabled_plugins', save_plugin_config($_POST));
            }
-            $conf->write(isLoggedIn());
+            $conf->write($loginManager->isLoggedIn());
            $history->updateSettings();
        }
        catch (Exception $e) {
@@ -1580,7 +1487,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
    }
    // -------- Otherwise, simply display search form and links:
-    showLinkList($PAGE, $LINKSDB, $conf, $pluginManager);
+    showLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager);
    exit;
 }
@@ -1592,8 +1499,9 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
 * @param LinkDB        $LINKSDB       LinkDB instance.
 * @param ConfigManager $conf          Configuration Manager instance.
 * @param PluginManager $pluginManager Plugin Manager instance.
+ * @param LoginManager  $loginManager  LoginManager instance
 */
-function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager)
+function buildLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager)
 {
    // Used in templates
    if (isset($_GET['searchtags'])) {
@@ -1632,8 +1540,6 @@ function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager)
        $keys[] = $key;
    }
    // Select articles according to paging.
    $pagecount = ceil(count($keys) / $_SESSION['LINKS_PER_PAGE']);
    $pagecount = $pagecount == 0 ? 1 : $pagecount;
@@ -1714,7 +1620,7 @@ function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager)
        $data['pagetitle'] .= '- '. $conf->get('general.title');
    }
-    $pluginManager->executeHooks('render_linklist', $data, array('loggedin' => isLoggedIn()));
+    $pluginManager->executeHooks('render_linklist', $data, array('loggedin' => $loginManager->isLoggedIn()));
    foreach ($data as $key => $value) {
        $PAGE->assign($key, $value);
@@ -1985,7 +1891,7 @@ function install($conf, $sessionManager) {
        );
        try {
            // Everything is ok, let's create config file.
-            $conf->write(isLoggedIn());
+            $conf->write($loginManager->isLoggedIn());
        }
        catch(Exception $e) {
            error_log(
@@ -2249,7 +2155,7 @@ try {
 $linkDb = new LinkDB(
    $conf->get('resource.datastore'),
-    isLoggedIn(),
+    $loginManager->isLoggedIn(),
    $conf->get('privacy.hide_public_links'),
    $conf->get('redirector.url'),
    $conf->get('redirector.encode_url')
diff --git a/package.json b/package.json
index ba997c9a..3dd1e0fc 100644
--- a/package.json
+++ b/package.json
@@ -22,6 +22,7 @@
    "extract-text-webpack-plugin": "^3.0.2",
    "file-loader": "^1.1.6",
    "node-sass": "^4.7.2",
+    "sass-lint": "^1.12.1",
    "sass-loader": "^6.0.6",
    "style-loader": "^0.19.1",
    "url-loader": "^0.6.2",
diff --git a/plugins/markdown/markdown.php b/plugins/markdown/markdown.php
index 2f24e417..821bb125 100644
--- a/plugins/markdown/markdown.php
+++ b/plugins/markdown/markdown.php
@@ -6,6 +6,8 @@
 * Shaare's descriptions are parsed with Markdown.
 */
+use Shaarli\Config\ConfigManager;
 /*
 * If this tag is used on a shaare, the description won't be processed by Parsedown.
 */
@@ -50,6 +52,7 @@ function hook_markdown_render_feed($data, $conf)
            $value = stripNoMarkdownTag($value);
            continue;
        }
+        $value['description'] = reverse_feed_permalink($value['description']);
        $value['description'] = process_markdown(
            $value['description'],
            $conf->get('security.markdown_escape', true),
@@ -244,6 +247,11 @@ function reverse_space2nbsp($description)
    return preg_replace('/(^| )&nbsp;/m', '$1 ', $description);
 }
+function reverse_feed_permalink($description)
+{
+    return preg_replace('@&#8212; <a href="([^"]+)" title="[^"]+">(\w+)</a>$@im', '&#8212; [$2]($1)', $description);
+}
 /**
 * Replace not whitelisted protocols with http:// in given description.
 *
diff --git a/tests/HttpUtils/ClientIpIdTest.php b/tests/HttpUtils/ClientIpIdTest.php
new file mode 100644
index 00000000..c15ac5cc
--- /dev/null
+++ b/tests/HttpUtils/ClientIpIdTest.php
@@ -0,0 +1,52 @@
+<?php
+/**
+ * HttpUtils' tests
+ */
+require_once 'application/HttpUtils.php';
+/**
+ * Unitary tests for client_ip_id()
+ */
+class ClientIpIdTest extends PHPUnit_Framework_TestCase
+{
+    /**
+     * Get a remote client ID based on its IP
+     */
+    public function testClientIpIdRemote()
+    {
+        $this->assertEquals(
+            '10.1.167.42',
+            client_ip_id(['REMOTE_ADDR' => '10.1.167.42'])
+        );
+    }
+    /**
+     * Get a remote client ID based on its IP and proxy information (1)
+     */
+    public function testClientIpIdRemoteForwarded()
+    {
+        $this->assertEquals(
+            '10.1.167.42_127.0.1.47',
+            client_ip_id([
+                'REMOTE_ADDR' => '10.1.167.42',
+                'HTTP_X_FORWARDED_FOR' => '127.0.1.47'
+            ])
+        );
+    }
+    /**
+     * Get a remote client ID based on its IP and proxy information (2)
+     */
+    public function testClientIpIdRemoteForwardedClient()
+    {
+        $this->assertEquals(
+            '10.1.167.42_10.1.167.56_127.0.1.47',
+            client_ip_id([
+                'REMOTE_ADDR' => '10.1.167.42',
+                'HTTP_X_FORWARDED_FOR' => '10.1.167.56',
+                'HTTP_CLIENT_IP' => '127.0.1.47'
+            ])
+        );
+    }
+}
diff --git a/tests/SessionManagerTest.php b/tests/SessionManagerTest.php
deleted file mode 100644
index aa75962a..00000000
--- a/tests/SessionManagerTest.php
+++ /dev/null
@@ -1,149 +0,0 @@
-<?php
-require_once 'tests/utils/FakeConfigManager.php';
-// Initialize reference data _before_ PHPUnit starts a session
-require_once 'tests/utils/ReferenceSessionIdHashes.php';
-ReferenceSessionIdHashes::genAllHashes();
-use \Shaarli\SessionManager;
-use \PHPUnit\Framework\TestCase;
-/**
- * Test coverage for SessionManager
- */
-class SessionManagerTest extends TestCase
-{
-    // Session ID hashes
-    protected static $sidHashes = null;
-    // Fake ConfigManager
-    protected static $conf = null;
-    /**
-     * Assign reference data
-     */
-    public static function setUpBeforeClass()
-    {
-        self::$sidHashes = ReferenceSessionIdHashes::getHashes();
-        self::$conf = new FakeConfigManager();
-    }
-    /**
-     * Generate a session token
-     */
-    public function testGenerateToken()
-    {
-        $session = [];
-        $sessionManager = new SessionManager($session, self::$conf);
-        $token = $sessionManager->generateToken();
-        $this->assertEquals(1, $session['tokens'][$token]);
-        $this->assertEquals(40, strlen($token));
-    }
-    /**
-     * Check a session token
-     */
-    public function testCheckToken()
-    {
-        $token = '4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b';
-        $session = [
-            'tokens' => [
-                $token => 1,
-            ],
-        ];
-        $sessionManager = new SessionManager($session, self::$conf);
-        // check and destroy the token
-        $this->assertTrue($sessionManager->checkToken($token));
-        $this->assertFalse(isset($session['tokens'][$token]));
-        // ensure the token has been destroyed
-        $this->assertFalse($sessionManager->checkToken($token));
-    }
-    /**
-     * Generate and check a session token
-     */
-    public function testGenerateAndCheckToken()
-    {
-        $session = [];
-        $sessionManager = new SessionManager($session, self::$conf);
-        $token = $sessionManager->generateToken();
-        // ensure a token has been generated
-        $this->assertEquals(1, $session['tokens'][$token]);
-        $this->assertEquals(40, strlen($token));
-        // check and destroy the token
-        $this->assertTrue($sessionManager->checkToken($token));
-        $this->assertFalse(isset($session['tokens'][$token]));
-        // ensure the token has been destroyed
-        $this->assertFalse($sessionManager->checkToken($token));
-    }
-    /**
-     * Check an invalid session token
-     */
-    public function testCheckInvalidToken()
-    {
-        $session = [];
-        $sessionManager = new SessionManager($session, self::$conf);
-        $this->assertFalse($sessionManager->checkToken('4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b'));
-    }
-    /**
-     * Test SessionManager::checkId with a valid ID - TEST ALL THE HASHES!
-     *
-     * This tests extensively covers all hash algorithms / bit representations
-     */
-    public function testIsAnyHashSessionIdValid()
-    {
-        foreach (self::$sidHashes as $algo => $bpcs) {
-            foreach ($bpcs as $bpc => $hash) {
-                $this->assertTrue(SessionManager::checkId($hash));
-            }
-        }
-    }
-    /**
-     * Test checkId with a valid ID - SHA-1 hashes
-     */
-    public function testIsSha1SessionIdValid()
-    {
-        $this->assertTrue(SessionManager::checkId(sha1('shaarli')));
-    }
-    /**
-     * Test checkId with a valid ID - SHA-256 hashes
-     */
-    public function testIsSha256SessionIdValid()
-    {
-        $this->assertTrue(SessionManager::checkId(hash('sha256', 'shaarli')));
-    }
-    /**
-     * Test checkId with a valid ID - SHA-512 hashes
-     */
-    public function testIsSha512SessionIdValid()
-    {
-        $this->assertTrue(SessionManager::checkId(hash('sha512', 'shaarli')));
-    }
-    /**
-     * Test checkId with invalid IDs.
-     */
-    public function testIsSessionIdInvalid()
-    {
-        $this->assertFalse(SessionManager::checkId(''));
-        $this->assertFalse(SessionManager::checkId([]));
-        $this->assertFalse(
-            SessionManager::checkId('c0ZqcWF3VFE2NmJBdm1HMVQ0ZHJ3UmZPbTFsNGhkNHI=')
-        );
-    }
-}
diff --git a/tests/plugins/PluginMarkdownTest.php b/tests/plugins/PluginMarkdownTest.php
index ddc2728d..b31e817f 100644
--- a/tests/plugins/PluginMarkdownTest.php
+++ b/tests/plugins/PluginMarkdownTest.php
@@ -50,6 +50,30 @@ class PluginMarkdownTest extends PHPUnit_Framework_TestCase
    }
    /**
+     * Test render_feed hook.
+     */
+    public function testMarkdownFeed()
+    {
+        $markdown = '# My title' . PHP_EOL . 'Very interesting content.';
+        $markdown .= '&#8212; <a href="http://domain.tld/?0oc_VQ" title="Permalien">Permalien</a>';
+        $data = array(
+            'links' => array(
+                0 => array(
+                    'description' => $markdown,
+                ),
+            ),
+        );
+        $data = hook_markdown_render_feed($data, $this->conf);
+        $this->assertNotFalse(strpos($data['links'][0]['description'], '<h1>'));
+        $this->assertNotFalse(strpos($data['links'][0]['description'], '<p>'));
+        $this->assertStringEndsWith(
+            '&#8212; <a href="http://domain.tld/?0oc_VQ">Permalien</a></p></div>',
+            $data['links'][0]['description']
+        );
+    }
+    /**
     * Test render_daily hook.
     * Only check that there is basic markdown rendering.
     */
@@ -104,6 +128,37 @@ class PluginMarkdownTest extends PHPUnit_Framework_TestCase
        $this->assertEquals($text, $reversedText);
    }
+    public function testReverseFeedPermalink()
+    {
+        $text = 'Description... ';
+        $text .= '&#8212; <a href="http://domain.tld/?0oc_VQ" title="Permalien">Permalien</a>';
+        $expected = 'Description... &#8212; [Permalien](http://domain.tld/?0oc_VQ)';
+        $processedText = reverse_feed_permalink($text);
+        $this->assertEquals($expected, $processedText);
+    }
+    public function testReverseLastFeedPermalink()
+    {
+        $text = 'Description... ';
+        $text .= '<br>&#8212; <a href="http://domain.tld/?0oc_VQ" title="Permalien">Permalien</a>';
+        $expected = $text;
+        $text .= '<br>&#8212; <a href="http://domain.tld/?0oc_VQ" title="Permalien">Permalien</a>';
+        $expected .= '<br>&#8212; [Permalien](http://domain.tld/?0oc_VQ)';
+        $processedText = reverse_feed_permalink($text);
+        $this->assertEquals($expected, $processedText);
+    }
+    public function testReverseNoFeedPermalink()
+    {
+        $text = 'Hello! Where are you from?';
+        $expected = $text;
+        $processedText = reverse_feed_permalink($text);
+        $this->assertEquals($expected, $processedText);
+    }
    /**
     * Test sanitize_html().
     */
diff --git a/tests/LoginManagerTest.php b/tests/security/LoginManagerTest.php
index 4159038e..f26cd1eb 100644
--- a/tests/LoginManagerTest.php
+++ b/tests/security/LoginManagerTest.php
@@ -1,5 +1,5 @@
 <?php
-namespace Shaarli;
+namespace Shaarli\Security;
 require_once 'tests/utils/FakeConfigManager.php';
 use \PHPUnit\Framework\TestCase;
@@ -9,15 +9,54 @@ use \PHPUnit\Framework\TestCase;
 */
 class LoginManagerTest extends TestCase
 {
+    /** @var \FakeConfigManager Configuration Manager instance */
    protected $configManager = null;
+    /** @var LoginManager Login Manager instance */
    protected $loginManager = null;
+    /** @var SessionManager Session Manager instance */
+    protected $sessionManager = null;
+    /** @var string Banned IP filename */
    protected $banFile = 'sandbox/ipbans.php';
+    /** @var string Log filename */
    protected $logFile = 'sandbox/shaarli.log';
+    /** @var array Simulates the $_COOKIE array */
+    protected $cookie = [];
+    /** @var array Simulates the $GLOBALS array */
    protected $globals = [];
-    protected $ipAddr = '127.0.0.1';
+    /** @var array Simulates the $_SERVER array */
    protected $server = [];
+    /** @var array Simulates the $_SESSION array */
+    protected $session = [];
+    /** @var string Advertised client IP address */
+    protected $clientIpAddress = '10.1.47.179';
+    /** @var string Local client IP address */
+    protected $ipAddr = '127.0.0.1';
+    /** @var string Trusted proxy IP address */
    protected $trustedProxy = '10.1.1.100';
+    /** @var string User login */
+    protected $login = 'johndoe';
+    /** @var string User password */
+    protected $password = 'IC4nHazL0g1n?';
+    /** @var string Hash of the salted user password */
+    protected $passwordHash = '';
+    /** @var string Salt used by hash functions */
+    protected $salt = '669e24fa9c5a59a613f98e8e38327384504a4af2';
    /**
     * Prepare or reset test resources
     */
@@ -27,7 +66,12 @@ class LoginManagerTest extends TestCase
            unlink($this->banFile);
        }
+        $this->passwordHash = sha1($this->password . $this->login . $this->salt);
        $this->configManager = new \FakeConfigManager([
+            'credentials.login' => $this->login,
+            'credentials.hash' => $this->passwordHash,
+            'credentials.salt' => $this->salt,
            'resource.ban_file' => $this->banFile,
            'resource.log' => $this->logFile,
            'security.ban_after' => 4,
@@ -35,10 +79,15 @@ class LoginManagerTest extends TestCase
            'security.trusted_proxies' => [$this->trustedProxy],
        ]);
+        $this->cookie = [];
        $this->globals = &$GLOBALS;
        unset($this->globals['IPBANS']);
-        $this->loginManager = new LoginManager($this->globals, $this->configManager);
+        $this->session = [];
+        $this->sessionManager = new SessionManager($this->session, $this->configManager);
+        $this->loginManager = new LoginManager($this->globals, $this->configManager, $this->sessionManager);
        $this->server['REMOTE_ADDR'] = $this->ipAddr;
    }
@@ -59,7 +108,7 @@ class LoginManagerTest extends TestCase
            $this->banFile,
            "<?php\n\$GLOBALS['IPBANS']=array('FAILURES' => array('127.0.0.1' => 99));\n?>"
        );
-        new LoginManager($this->globals, $this->configManager);
+        new LoginManager($this->globals, $this->configManager, null);
        $this->assertEquals(99, $this->globals['IPBANS']['FAILURES']['127.0.0.1']);
    }
@@ -196,4 +245,130 @@ class LoginManagerTest extends TestCase
        $this->globals['IPBANS']['BANS'][$this->ipAddr] = time() - 3600;
        $this->assertTrue($this->loginManager->canLogin($this->server));
    }
+    /**
+     * Generate a token depending on the user credentials and client IP
+     */
+    public function testGenerateStaySignedInToken()
+    {
+        $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
+        $this->assertEquals(
+            sha1($this->passwordHash . $this->clientIpAddress . $this->salt),
+            $this->loginManager->getStaySignedInToken()
+        );
+    }
+    /**
+     * Check user login - Shaarli has not yet been configured
+     */
+    public function testCheckLoginStateNotConfigured()
+    {
+        $configManager = new \FakeConfigManager([
+            'resource.ban_file' => $this->banFile,
+        ]);
+        $loginManager = new LoginManager($this->globals, $configManager, null);
+        $loginManager->checkLoginState([], '');
+        $this->assertFalse($loginManager->isLoggedIn());
+    }
+    /**
+     * Check user login - the client cookie does not match the server token
+     */
+    public function testCheckLoginStateStaySignedInWithInvalidToken()
+    {
+        // simulate a previous login
+        $this->session = [
+            'ip' => $this->clientIpAddress,
+            'expires_on' => time() + 100,
+        ];
+        $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
+        $this->cookie[LoginManager::$STAY_SIGNED_IN_COOKIE] = 'nope';
+        $this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress);
+        $this->assertTrue($this->loginManager->isLoggedIn());
+        $this->assertTrue(empty($this->session['username']));
+    }
+    /**
+     * Check user login - the client cookie matches the server token
+     */
+    public function testCheckLoginStateStaySignedInWithValidToken()
+    {
+        $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
+        $this->cookie[LoginManager::$STAY_SIGNED_IN_COOKIE] = $this->loginManager->getStaySignedInToken();
+        $this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress);
+        $this->assertTrue($this->loginManager->isLoggedIn());
+        $this->assertEquals($this->login, $this->session['username']);
+        $this->assertEquals($this->clientIpAddress, $this->session['ip']);
+    }
+    /**
+     * Check user login - the session has expired
+     */
+    public function testCheckLoginStateSessionExpired()
+    {
+        $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
+        $this->session['expires_on'] = time() - 100;
+        $this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress);
+        $this->assertFalse($this->loginManager->isLoggedIn());
+    }
+    /**
+     * Check user login - the remote client IP has changed
+     */
+    public function testCheckLoginStateClientIpChanged()
+    {
+        $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
+        $this->loginManager->checkLoginState($this->cookie, '10.7.157.98');
+        $this->assertFalse($this->loginManager->isLoggedIn());
+    }
+    /**
+     * Check user credentials - wrong login supplied
+     */
+    public function testCheckCredentialsWrongLogin()
+    {
+        $this->assertFalse(
+            $this->loginManager->checkCredentials('', '', 'b4dl0g1n', $this->password)
+        );
+    }
+    /**
+     * Check user credentials - wrong password supplied
+     */
+    public function testCheckCredentialsWrongPassword()
+    {
+        $this->assertFalse(
+            $this->loginManager->checkCredentials('', '', $this->login, 'b4dp455wd')
+        );
+    }
+    /**
+     * Check user credentials - wrong login and password supplied
+     */
+    public function testCheckCredentialsWrongLoginAndPassword()
+    {
+        $this->assertFalse(
+            $this->loginManager->checkCredentials('', '', 'b4dl0g1n', 'b4dp455wd')
+        );
+    }
+    /**
+     * Check user credentials - correct login and password supplied
+     */
+    public function testCheckCredentialsGoodLoginAndPassword()
+    {
+        $this->assertTrue(
+            $this->loginManager->checkCredentials('', '', $this->login, $this->password)
+        );
+    }
 }
diff --git a/tests/security/SessionManagerTest.php b/tests/security/SessionManagerTest.php
new file mode 100644
index 00000000..9bd868f8
--- /dev/null
+++ b/tests/security/SessionManagerTest.php
@@ -0,0 +1,273 @@
+<?php
+require_once 'tests/utils/FakeConfigManager.php';
+// Initialize reference data _before_ PHPUnit starts a session
+require_once 'tests/utils/ReferenceSessionIdHashes.php';
+ReferenceSessionIdHashes::genAllHashes();
+use \Shaarli\Security\SessionManager;
+use \PHPUnit\Framework\TestCase;
+/**
+ * Test coverage for SessionManager
+ */
+class SessionManagerTest extends TestCase
+{
+    /** @var array Session ID hashes */
+    protected static $sidHashes = null;
+    /** @var \FakeConfigManager ConfigManager substitute for testing */
+    protected $conf = null;
+    /** @var array $_SESSION array for testing */
+    protected $session = [];
+    /** @var SessionManager Server-side session management abstraction */
+    protected $sessionManager = null;
+    /**
+     * Assign reference data
+     */
+    public static function setUpBeforeClass()
+    {
+        self::$sidHashes = ReferenceSessionIdHashes::getHashes();
+    }
+    /**
+     * Initialize or reset test resources
+     */
+    public function setUp()
+    {
+        $this->conf = new FakeConfigManager([
+            'credentials.login' => 'johndoe',
+            'credentials.salt' => 'salt',
+            'security.session_protection_disabled' => false,
+        ]);
+        $this->session = [];
+        $this->sessionManager = new SessionManager($this->session, $this->conf);
+    }
+    /**
+     * Generate a session token
+     */
+    public function testGenerateToken()
+    {
+        $token = $this->sessionManager->generateToken();
+        $this->assertEquals(1, $this->session['tokens'][$token]);
+        $this->assertEquals(40, strlen($token));
+    }
+    /**
+     * Check a session token
+     */
+    public function testCheckToken()
+    {
+        $token = '4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b';
+        $session = [
+            'tokens' => [
+                $token => 1,
+            ],
+        ];
+        $sessionManager = new SessionManager($session, $this->conf);
+        // check and destroy the token
+        $this->assertTrue($sessionManager->checkToken($token));
+        $this->assertFalse(isset($session['tokens'][$token]));
+        // ensure the token has been destroyed
+        $this->assertFalse($sessionManager->checkToken($token));
+    }
+    /**
+     * Generate and check a session token
+     */
+    public function testGenerateAndCheckToken()
+    {
+        $token = $this->sessionManager->generateToken();
+        // ensure a token has been generated
+        $this->assertEquals(1, $this->session['tokens'][$token]);
+        $this->assertEquals(40, strlen($token));
+        // check and destroy the token
+        $this->assertTrue($this->sessionManager->checkToken($token));
+        $this->assertFalse(isset($this->session['tokens'][$token]));
+        // ensure the token has been destroyed
+        $this->assertFalse($this->sessionManager->checkToken($token));
+    }
+    /**
+     * Check an invalid session token
+     */
+    public function testCheckInvalidToken()
+    {
+        $this->assertFalse($this->sessionManager->checkToken('4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b'));
+    }
+    /**
+     * Test SessionManager::checkId with a valid ID - TEST ALL THE HASHES!
+     *
+     * This tests extensively covers all hash algorithms / bit representations
+     */
+    public function testIsAnyHashSessionIdValid()
+    {
+        foreach (self::$sidHashes as $algo => $bpcs) {
+            foreach ($bpcs as $bpc => $hash) {
+                $this->assertTrue(SessionManager::checkId($hash));
+            }
+        }
+    }
+    /**
+     * Test checkId with a valid ID - SHA-1 hashes
+     */
+    public function testIsSha1SessionIdValid()
+    {
+        $this->assertTrue(SessionManager::checkId(sha1('shaarli')));
+    }
+    /**
+     * Test checkId with a valid ID - SHA-256 hashes
+     */
+    public function testIsSha256SessionIdValid()
+    {
+        $this->assertTrue(SessionManager::checkId(hash('sha256', 'shaarli')));
+    }
+    /**
+     * Test checkId with a valid ID - SHA-512 hashes
+     */
+    public function testIsSha512SessionIdValid()
+    {
+        $this->assertTrue(SessionManager::checkId(hash('sha512', 'shaarli')));
+    }
+    /**
+     * Test checkId with invalid IDs.
+     */
+    public function testIsSessionIdInvalid()
+    {
+        $this->assertFalse(SessionManager::checkId(''));
+        $this->assertFalse(SessionManager::checkId([]));
+        $this->assertFalse(
+            SessionManager::checkId('c0ZqcWF3VFE2NmJBdm1HMVQ0ZHJ3UmZPbTFsNGhkNHI=')
+        );
+    }
+    /**
+     * Store login information after a successful login
+     */
+    public function testStoreLoginInfo()
+    {
+        $this->sessionManager->storeLoginInfo('ip_id');
+        $this->assertGreaterThan(time(), $this->session['expires_on']);
+        $this->assertEquals('ip_id', $this->session['ip']);
+        $this->assertEquals('johndoe', $this->session['username']);
+    }
+    /**
+     * Extend a server-side session by SessionManager::$SHORT_TIMEOUT
+     */
+    public function testExtendSession()
+    {
+        $this->sessionManager->extendSession();
+        $this->assertGreaterThan(time(), $this->session['expires_on']);
+        $this->assertLessThanOrEqual(
+            time() + SessionManager::$SHORT_TIMEOUT,
+            $this->session['expires_on']
+        );
+    }
+    /**
+     * Extend a server-side session by SessionManager::$LONG_TIMEOUT
+     */
+    public function testExtendSessionStaySignedIn()
+    {
+        $this->sessionManager->setStaySignedIn(true);
+        $this->sessionManager->extendSession();
+        $this->assertGreaterThan(time(), $this->session['expires_on']);
+        $this->assertGreaterThan(
+            time() + SessionManager::$LONG_TIMEOUT - 10,
+            $this->session['expires_on']
+        );
+        $this->assertLessThanOrEqual(
+            time() + SessionManager::$LONG_TIMEOUT,
+            $this->session['expires_on']
+        );
+    }
+    /**
+     * Unset session variables after logging out
+     */
+    public function testLogout()
+    {
+        $this->session = [
+            'ip' => 'ip_id',
+            'expires_on' => time() + 1000,
+            'username' => 'johndoe',
+            'visibility' => 'public',
+            'untaggedonly' => false,
+        ];
+        $this->sessionManager->logout();
+        $this->assertFalse(isset($this->session['ip']));
+        $this->assertFalse(isset($this->session['expires_on']));
+        $this->assertFalse(isset($this->session['username']));
+        $this->assertFalse(isset($this->session['visibility']));
+        $this->assertFalse(isset($this->session['untaggedonly']));
+    }
+    /**
+     * The session is active and expiration time has been reached
+     */
+    public function testHasExpiredTimeElapsed()
+    {
+        $this->session['expires_on'] = time() - 10;
+        $this->assertTrue($this->sessionManager->hasSessionExpired());
+    }
+    /**
+     * The session is active and expiration time has not been reached
+     */
+    public function testHasNotExpired()
+    {
+        $this->session['expires_on'] = time() + 1000;
+        $this->assertFalse($this->sessionManager->hasSessionExpired());
+    }
+    /**
+     * Session hijacking protection is disabled, we assume the IP has not changed
+     */
+    public function testHasClientIpChangedNoSessionProtection()
+    {
+        $this->conf->set('security.session_protection_disabled', true);
+        $this->assertFalse($this->sessionManager->hasClientIpChanged(''));
+    }
+    /**
+     * The client IP identifier has not changed
+     */
+    public function testHasClientIpChangedNope()
+    {
+        $this->session['ip'] = 'ip_id';
+        $this->assertFalse($this->sessionManager->hasClientIpChanged('ip_id'));
+    }
+    /**
+     * The client IP identifier has changed
+     */
+    public function testHasClientIpChanged()
+    {
+        $this->session['ip'] = 'ip_id_one';
+        $this->assertTrue($this->sessionManager->hasClientIpChanged('ip_id_two'));
+    }
+}
diff --git a/tests/utils/FakeConfigManager.php b/tests/utils/FakeConfigManager.php
index 85434de7..360b34a9 100644
--- a/tests/utils/FakeConfigManager.php
+++ b/tests/utils/FakeConfigManager.php
@@ -42,4 +42,16 @@ class FakeConfigManager
        }
        return $key;
    }
+    /**
+     * Check if a setting exists
+     *
+     * @param string $setting Asked setting, keys separated with dots
+     *
+     * @return bool true if the setting exists, false otherwise
+     */
+    public function exists($setting)
+    {
+        return array_key_exists($setting, $this->values);
+    }
 }
diff --git a/tpl/default/404.html b/tpl/default/404.html
index 2de6b6da..fd337cad 100644
--- a/tpl/default/404.html
+++ b/tpl/default/404.html
@@ -6,7 +6,7 @@
 <body>
 <div id="pageheader">
  {include="page.header"}
-<div class="center" id="page404">
+<div class="center" id="page404" class="page404-container">
  <h2>{'Sorry, nothing to see here.'|t}</h2>
  <img src="img/sad_star.png">
  <p>{$error_message}</p>
diff --git a/tpl/default/editlink.html b/tpl/default/editlink.html
index f8e968f1..d8c57155 100644
--- a/tpl/default/editlink.html
+++ b/tpl/default/editlink.html
@@ -5,7 +5,7 @@
 </head>
 <body>
  {include="page.header"}
-  <div id="editlinkform" class="pure-g">
+  <div id="editlinkform" class="edit-link-container" class="pure-g">
    <div class="pure-u-lg-1-5 pure-u-1-24"></div>
    <form method="post" name="linkform" class="page-form pure-u-lg-3-5 pure-u-22-24 page-form page-form-light">
      <h2 class="window-title">
diff --git a/tpl/default/import.html b/tpl/default/import.html
index 000a50ac..bdc9086e 100644
--- a/tpl/default/import.html
+++ b/tpl/default/import.html
@@ -15,7 +15,7 @@
      </div>
      <input type="hidden" name="token" value="{$token}">
-      <div class="center" id="import-field">
+      <div class="center import-field-container" id="import-field">
        <input type="hidden" name="MAX_FILE_SIZE" value="{$maxfilesize}">
        <input type="file" name="filetoupload">
        <p><br>{'Maximum size allowed:'|t} <strong>{$maxfilesizeHuman}</strong></p>
diff --git a/tpl/default/linklist.html b/tpl/default/linklist.html
index 933c1ef2..322cddd5 100644
--- a/tpl/default/linklist.html
+++ b/tpl/default/linklist.html
@@ -16,7 +16,7 @@
 </div>
 <input type="hidden" name="token" value="{$token}">
-<div id="search-linklist">
+<div id="search-linklist" class="searchform-block search-linklist">
  <form method="GET" class="pure-form searchform" name="searchform">
    <input type="text" tabindex="1" name="searchterm" class="searchterm" placeholder="{'Search text'|t}"
@@ -136,7 +136,7 @@
              <div class="linklist-item-thumbnail">{$thumb}</div>
            {/if}
-            {if="isLoggedIn()"}
+            {if="$is_logged_in"}
              <div class="linklist-item-editbuttons">
                {if="$value.private"}
                  <span class="label label-private">{$strPrivate}</span>
@@ -179,7 +179,7 @@
            <div class="linklist-item-infos-date-url-block pure-g">
              <div class="linklist-item-infos-dateblock pure-u-lg-7-12 pure-u-1">
-                {if="isLoggedIn()"}
+                {if="$is_logged_in"}
                  <div class="linklist-item-infos-controls-group pure-u-0 pure-u-lg-visible">
                    <span class="linklist-item-infos-controls-item ctrl-checkbox">
                      <input type="checkbox" class="delete-checkbox" value="{$value.id}">
@@ -196,7 +196,7 @@
                  </div>
                {/if}
                <a href="?{$value.shorturl}" title="{$strPermalink}">
-                  {if="!$hide_timestamps || isLoggedIn()"}
+                  {if="!$hide_timestamps || $is_logged_in"}
                    {$updated=$value.updated_timestamp ? $strEdited. format_date($value.updated) : $strPermalink}
                    <span class="linkdate" title="{$updated}">
                      <i class="fa fa-clock-o"></i>
@@ -236,7 +236,7 @@
                    {if="$link_plugin_counter - 1 != $counter"}&middot;{/if}
                  {/loop}
                {/if}
-                {if="isLoggedIn()"}
+                {if="$is_logged_in"}
                  &middot;
                  <a href="?delete_link&amp;lf_linkdate={$value.id}&amp;token={$token}"
                     title="{$strDelete}" class="delete-link confirm-delete">
diff --git a/tpl/default/linklist.paging.html b/tpl/default/linklist.paging.html
index 72bdd931..5309e348 100644
--- a/tpl/default/linklist.paging.html
+++ b/tpl/default/linklist.paging.html
@@ -1,11 +1,11 @@
 <div class="linklist-paging">
  <div class="paging pure-g">
    <div class="linklist-filters pure-u-1-3">
-      {if="isLoggedIn() or !empty($action_plugin)"}
+      {if="$is_logged_in or !empty($action_plugin)"}
        <span class="linklist-filters-text pure-u-0 pure-u-lg-visible">
          {'Filters'|t}
        </span>
-        {if="isLoggedIn()"}
+        {if="$is_logged_in"}
        <a href="?visibility=private" title="{'Only display private links'|t}"
           class="{if="$visibility==='private'"}filter-on{else}filter-off{/if}"
        ><i class="fa fa-user-secret"></i></a>
diff --git a/tpl/default/loginform.html b/tpl/default/loginform.html
index d481f452..3cdab65a 100644
--- a/tpl/default/loginform.html
+++ b/tpl/default/loginform.html
@@ -18,7 +18,7 @@
 {else}
  <div class="pure-g">
    <div class="pure-u-lg-1-3 pure-u-1-24"></div>
-    <div id="login-form" class="page-form page-form-light pure-u-lg-1-3 pure-u-22-24">
+    <div id="login-form" class="page-form page-form-light pure-u-lg-1-3 pure-u-22-24 login-form-container">
      <form method="post" name="loginform">
        <h2 class="window-title">{'Login'|t}</h2>
        <div>
diff --git a/tpl/default/page.footer.html b/tpl/default/page.footer.html
index f4f09e92..5af39be7 100644
--- a/tpl/default/page.footer.html
+++ b/tpl/default/page.footer.html
@@ -2,9 +2,9 @@
 <div class="pure-g">
  <div class="pure-u-2-24"></div>
-  <div id="footer" class="pure-u-20-24">
+  <div id="footer" class="pure-u-20-24 footer-container">
    <strong><a href="https://github.com/shaarli/Shaarli">Shaarli</a></strong>
-    {if="isLoggedIn()===true"}
+    {if="$is_logged_in===true"}
      {$version}
    {/if}
    &middot;
diff --git a/tpl/default/page.header.html b/tpl/default/page.header.html
index 6f15c1c5..82568d63 100644
--- a/tpl/default/page.header.html
+++ b/tpl/default/page.header.html
@@ -17,7 +17,7 @@
            {$shaarlititle}
          </a>
        </li>
-        {if="isLoggedIn() || $openshaarli"}
+        {if="$is_logged_in || $openshaarli"}
          <li class="pure-menu-item">
            <a href="?do=addlink" class="pure-menu-link" id="shaarli-menu-shaare">
              <i class="fa fa-plus" ></i> {'Shaare'|t}
@@ -50,7 +50,7 @@
        <li class="pure-menu-item pure-u-lg-0 shaarli-menu-mobile" id="shaarli-menu-mobile-rss">
            <a href="?do={$feed_type}{$searchcrits}" class="pure-menu-link">{'RSS Feed'|t}</a>
        </li>
-        {if="isLoggedIn()"}
+        {if="$is_logged_in"}
          <li class="pure-menu-item pure-u-lg-0 shaarli-menu-mobile" id="shaarli-menu-mobile-logout">
            <a href="?do=logout" class="pure-menu-link">{'Logout'|t}</a>
          </li>
@@ -74,7 +74,7 @@
              <i class="fa fa-rss"></i>
            </a>
          </li>
-          {if="!isLoggedIn()"}
+          {if="!$is_logged_in"}
            <li class="pure-menu-item" id="shaarli-menu-desktop-login">
              <a href="?do=login" class="pure-menu-link"
                 data-open-id="header-login-form"
@@ -95,8 +95,8 @@
  </div>
 </div>
-<div id="content">
+<div id="content" class="container">
-  <div id="search" class="subheader-form">
+  <div id="search" class="subheader-form searchform-block header-search">
    <form method="GET" class="pure-form searchform" name="searchform">
      <input type="text" tabindex="1" id="searchform_value" name="searchterm" placeholder="{'Search text'|t}"
             {if="!empty($search_term)"}
@@ -120,9 +120,9 @@
      </div>
    </div>
  </div>
-  {if="!isLoggedIn()"}
+  {if="!$is_logged_in"}
    <form method="post" name="loginform">
-      <div class="subheader-form" id="header-login-form">
+      <div class="subheader-form header-login-form" id="header-login-form">
        <input type="text" name="login" placeholder="{'Username'|t}" tabindex="3">
        <input type="password" name="password" placeholder="{'Password'|t}" tabindex="5">
        <div class="remember-me">
@@ -155,7 +155,7 @@
  </div>
 {/if}
-{if="!empty($plugin_errors) && isLoggedIn()"}
+{if="!empty($plugin_errors) && $is_logged_in"}
  <div class="pure-g new-version-message pure-alert pure-alert-error pure-alert-closable" id="shaarli-errors-alert">
    <div class="pure-u-2-24"></div>
    <div class="pure-u-20-24">
diff --git a/tpl/default/picwall.html b/tpl/default/picwall.html
index 23796ac9..2f7e03dc 100644
--- a/tpl/default/picwall.html
+++ b/tpl/default/picwall.html
@@ -18,9 +18,9 @@
      {/loop}
    </div>
-    <div id="picwall_container">
+    <div id="picwall_container" class="picwall-container">
      {loop="$linksToDisplay"}
-        <div class="picwall_pictureframe">
+        <div class="picwall-pictureframe">
          {$value.thumbnail}<a href="{$value.real_url}"><span class="info">{$value.title}</span></a>
          {loop="$value.picwall_plugin"}
            {$value}
diff --git a/tpl/default/pluginsadmin.html b/tpl/default/pluginsadmin.html
index fa26c859..8f2597df 100644
--- a/tpl/default/pluginsadmin.html
+++ b/tpl/default/pluginsadmin.html
@@ -16,7 +16,7 @@
  <div class="clear"></div>
 </noscript>
-<form method="POST" action="?do=save_pluginadmin" name="pluginform" id="pluginform">
+<form method="POST" action="?do=save_pluginadmin" name="pluginform" id="pluginform" class="pluginform-container">
  <div class="pure-g">
    <div class="pure-u-lg-1-8 pure-u-1-24"></div>
    <div class="pure-u-lg-3-4 pure-u-22-24 page-form page-form-complete">
diff --git a/tpl/default/tag.cloud.html b/tpl/default/tag.cloud.html
index 12701465..9e52158d 100644
--- a/tpl/default/tag.cloud.html
+++ b/tpl/default/tag.cloud.html
@@ -45,7 +45,7 @@
      {/loop}
    </div>
-    <div id="cloudtag">
+    <div id="cloudtag" class="cloudtag-container">
      {loop="tags"}
        <a href="?searchtags={$key|urlencode} {$search_tags|urlencode}" style="font-size:{$value.size}em;">{$key}</a
        ><a href="?addtag={$key|urlencode}" title="{'Filter by tag'|t}" class="count">{$value.count}</a>
diff --git a/tpl/default/tag.list.html b/tpl/default/tag.list.html
index 7140c67a..bcddcd56 100644
--- a/tpl/default/tag.list.html
+++ b/tpl/default/tag.list.html
@@ -21,7 +21,7 @@
      </p>
    {/if}
-    <div id="search-tagcloud" class="pure-g">
+    <div id="search-tagcloud" class="pure-g searchform-block search-tagcloud">
      <div class="pure-u-lg-1-4"></div>
      <div class="pure-u-1 pure-u-lg-1-2">
        <form method="GET">
@@ -45,11 +45,11 @@
      {/loop}
    </div>
-    <div id="taglist">
+    <div id="taglist" class="taglist-container">
      {loop="tags"}
        <div class="tag-list-item pure-g" data-tag="{$key}">
          <div class="pure-u-1">
-            {if="isLoggedIn()===true"}
+            {if="$is_logged_in===true"}
              <a href="#" class="delete-tag"><i class="fa fa-trash"></i></a>&nbsp;&nbsp;
              <a href="?do=changetag&fromtag={$key|urlencode}" class="rename-tag">
                <i class="fa fa-pencil-square-o {$key}"></i>
@@ -63,7 +63,7 @@
              {$value}
            {/loop}
          </div>
-          {if="isLoggedIn()===true"}
+          {if="$is_logged_in===true"}
            <div class="rename-tag-form pure-u-1">
              <input type="text" name="{$key}" value="{$key}" class="rename-tag-input" />
              <a href="#" class="validate-rename-tag"><i class="fa fa-check"></i></a>
@@ -81,7 +81,7 @@
  </div>
 </div>
-{if="isLoggedIn()===true"}
+{if="$is_logged_in===true"}
  <input type="hidden" name="taglist" value="{loop="$tags"}{$key} {/loop}"
 {/if}
diff --git a/tpl/vintage/daily.html b/tpl/vintage/daily.html
index 42db16a7..ede35910 100644
--- a/tpl/vintage/daily.html
+++ b/tpl/vintage/daily.html
@@ -53,7 +53,7 @@
                                <img src="img/squiggle.png" width="25" height="26" title="permalink" alt="permalink">
                            </a>
                        </div>
-                        {if="!$hide_timestamps || isLoggedIn()"}
+                        {if="!$hide_timestamps || $is_logged_in"}
                            <div class="dailyEntryLinkdate">
                                <a href="?{$value.shorturl}">{function="strftime('%c', $link.timestamp)"}</a>
                            </div>
diff --git a/tpl/vintage/linklist.html b/tpl/vintage/linklist.html
index e7137246..1ca51be3 100644
--- a/tpl/vintage/linklist.html
+++ b/tpl/vintage/linklist.html
@@ -82,7 +82,7 @@
            <a id="{$value.shorturl}"></a>
            <div class="thumbnail">{$value.url|thumbnail}</div>
            <div class="linkcontainer">
-                {if="isLoggedIn()"}
+                {if="$is_logged_in"}
                    <div class="linkeditbuttons">
                        <form method="GET" class="buttoneditform">
                            <input type="hidden" name="edit_link" value="{$value.id}">
@@ -102,7 +102,7 @@
                </span>
                <br>
                {if="$value.description"}<div class="linkdescription">{$value.description}</div>{/if}
-                {if="!$hide_timestamps || isLoggedIn()"}
+                {if="!$hide_timestamps || $is_logged_in"}
                    {$updated=$value.updated_timestamp ? 'Edited: '. format_date($value.updated) : 'Permalink'}
                    <span class="linkdate" title="Permalink">
                        <a href="?{$value.shorturl}">
diff --git a/tpl/vintage/linklist.paging.html b/tpl/vintage/linklist.paging.html
index e3b88ee6..35149a6b 100644
--- a/tpl/vintage/linklist.paging.html
+++ b/tpl/vintage/linklist.paging.html
@@ -1,5 +1,5 @@
 <div class="paging">
-{if="isLoggedIn()"}
+{if="$is_logged_in"}
    <div class="paging_privatelinks">
      <a href="?visibility=private">
                {if="$visibility=='private'"}
diff --git a/tpl/vintage/page.footer.html b/tpl/vintage/page.footer.html
index 1485e1ce..f409721e 100644
--- a/tpl/vintage/page.footer.html
+++ b/tpl/vintage/page.footer.html
@@ -25,7 +25,7 @@
 <script src="js/shaarli.min.js"></script>
-{if="isLoggedIn()"}
+{if="$is_logged_in"}
 <script>function confirmDeleteLink() { var agree=confirm("Are you sure you want to delete this link ?"); if (agree) return true ; else return false ; }</script>
 {/if}
diff --git a/tpl/vintage/page.header.html b/tpl/vintage/page.header.html
index 8a58844e..40c53e5b 100644
--- a/tpl/vintage/page.header.html
+++ b/tpl/vintage/page.header.html
@@ -17,7 +17,7 @@
    {ignore} When called as a popup from bookmarklet, do not display menu. {/ignore}
 {else}
 <li><a href="{$titleLink}" class="nomobile">Home</a></li>
-    {if="isLoggedIn()"}
+    {if="$is_logged_in"}
    <li><a href="?do=logout">Logout</a></li>
    <li><a href="?do=tools">Tools</a></li>
    <li><a href="?do=addlink">Add link</a></li>
@@ -46,7 +46,7 @@
  </ul>
 </div>
-{if="!empty($plugin_errors) && isLoggedIn()"}
+{if="!empty($plugin_errors) && $is_logged_in"}
    <ul class="errors">
        {loop="$plugin_errors"}
            <li>{$value}</li>
diff --git a/yarn.lock b/yarn.lock
index aeeef8a7..f1c8e9cf 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -30,11 +30,19 @@ acorn@^5.0.0, acorn@^5.4.0:
  version "5.4.1"
  resolved "https://registry.yarnpkg.com/acorn/-/acorn-5.4.1.tgz#fdc58d9d17f4a4e98d102ded826a9b9759125102"
+acorn@^5.5.0:
+  version "5.5.3"
+  resolved "https://registry.yarnpkg.com/acorn/-/acorn-5.5.3.tgz#f473dd47e0277a08e28e9bec5aeeb04751f0b8c9"
+ajv-keywords@^1.0.0:
+  version "1.5.1"
+  resolved "https://registry.yarnpkg.com/ajv-keywords/-/ajv-keywords-1.5.1.tgz#314dd0a4b3368fad3dfcdc54ede6171b886daf3c"
 ajv-keywords@^2.0.0, ajv-keywords@^2.1.0:
  version "2.1.1"
  resolved "https://registry.yarnpkg.com/ajv-keywords/-/ajv-keywords-2.1.1.tgz#617997fc5f60576894c435f940d819e135b80762"
-ajv@^4.9.1:
+ajv@^4.7.0, ajv@^4.9.1:
  version "4.11.8"
  resolved "https://registry.yarnpkg.com/ajv/-/ajv-4.11.8.tgz#82ffb02b29e662ae53bdc20af15947706739c536"
  dependencies:
@@ -66,6 +74,10 @@ amdefine@>=0.0.4:
  version "1.0.1"
  resolved "https://registry.yarnpkg.com/amdefine/-/amdefine-1.0.1.tgz#4a5282ac164729e93619bcfd3ad151f817ce91f5"
+ansi-escapes@^1.1.0:
+  version "1.4.0"
+  resolved "https://registry.yarnpkg.com/ansi-escapes/-/ansi-escapes-1.4.0.tgz#d3a8a83b319aa67793662b13e761c7911422306e"
 ansi-escapes@^3.0.0:
  version "3.0.0"
  resolved "https://registry.yarnpkg.com/ansi-escapes/-/ansi-escapes-3.0.0.tgz#ec3e8b4e9f8064fc02c3ac9b65f1c275bda8ef92"
@@ -1001,6 +1013,10 @@ browserslist@^2.1.2:
    caniuse-lite "^1.0.30000792"
    electron-to-chromium "^1.3.30"
+buffer-from@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/buffer-from/-/buffer-from-1.0.0.tgz#4cb8832d23612589b0406e9e2956c17f06fdf531"
 buffer-xor@^1.0.3:
  version "1.0.3"
  resolved "https://registry.yarnpkg.com/buffer-xor/-/buffer-xor-1.0.3.tgz#26e61ed1422fb70dd42e6e36729ed51d855fe8d9"
@@ -1086,7 +1102,7 @@ center-align@^0.1.1:
    align-text "^0.1.3"
    lazy-cache "^1.0.3"
-chalk@^1.1.1, chalk@^1.1.3:
+chalk@^1.0.0, chalk@^1.1.1, chalk@^1.1.3:
  version "1.1.3"
  resolved "https://registry.yarnpkg.com/chalk/-/chalk-1.1.3.tgz#a8115c55e4a702fe4d150abd3872822a7e09fc98"
  dependencies:
@@ -1140,6 +1156,12 @@ clap@^1.0.9:
  dependencies:
    chalk "^1.1.3"
+cli-cursor@^1.0.1:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/cli-cursor/-/cli-cursor-1.0.2.tgz#64da3f7d56a54412e59794bd62dc35295e8f2987"
+  dependencies:
+    restore-cursor "^1.0.1"
 cli-cursor@^2.1.0:
  version "2.1.0"
  resolved "https://registry.yarnpkg.com/cli-cursor/-/cli-cursor-2.1.0.tgz#b35dac376479facc3e94747d41d0d0f5238ffcb5"
@@ -1235,6 +1257,10 @@ combined-stream@^1.0.5, combined-stream@~1.0.5:
  dependencies:
    delayed-stream "~1.0.0"
+commander@^2.8.1:
+  version "2.15.1"
+  resolved "https://registry.yarnpkg.com/commander/-/commander-2.15.1.tgz#df46e867d0fc2aec66a34662b406a9ccafff5b0f"
 commander@^2.9.0:
  version "2.13.0"
  resolved "https://registry.yarnpkg.com/commander/-/commander-2.13.0.tgz#6964bca67685df7c1f1430c584f07d7597885b9c"
@@ -1247,6 +1273,15 @@ concat-map@0.0.1:
  version "0.0.1"
  resolved "https://registry.yarnpkg.com/concat-map/-/concat-map-0.0.1.tgz#d8a96bd77fd68df7793a73036a3ba0d5405d477b"
+concat-stream@^1.4.6:
+  version "1.6.2"
+  resolved "https://registry.yarnpkg.com/concat-stream/-/concat-stream-1.6.2.tgz#904bdf194cd3122fc675c77fc4ac3d4ff0fd1a34"
+  dependencies:
+    buffer-from "^1.0.0"
+    inherits "^2.0.3"
+    readable-stream "^2.2.2"
+    typedarray "^0.0.6"
 concat-stream@^1.6.0:
  version "1.6.0"
  resolved "https://registry.yarnpkg.com/concat-stream/-/concat-stream-1.6.0.tgz#0aac662fd52be78964d5532f694784e70110acf7"
@@ -1456,7 +1491,7 @@ date-now@^0.1.4:
  version "0.1.4"
  resolved "https://registry.yarnpkg.com/date-now/-/date-now-0.1.4.tgz#eaf439fd4d4848ad74e5cc7dbef200672b9e345b"
-debug@^2.2.0, debug@^2.6.8, debug@^2.6.9:
+debug@^2.1.1, debug@^2.2.0, debug@^2.6.8, debug@^2.6.9:
  version "2.6.9"
  resolved "https://registry.yarnpkg.com/debug/-/debug-2.6.9.tgz#5d128515df134ff327e90a4c93f4e077a536341f"
  dependencies:
@@ -1529,7 +1564,7 @@ diffie-hellman@^5.0.0:
    miller-rabin "^4.0.0"
    randombytes "^2.0.0"
-doctrine@1.5.0:
+doctrine@1.5.0, doctrine@^1.2.2:
  version "1.5.0"
  resolved "https://registry.yarnpkg.com/doctrine/-/doctrine-1.5.0.tgz#379dce730f6166f76cefa4e6707a159b02c5a6fa"
  dependencies:
@@ -1708,6 +1743,44 @@ eslint-visitor-keys@^1.0.0:
  version "1.0.0"
  resolved "https://registry.yarnpkg.com/eslint-visitor-keys/-/eslint-visitor-keys-1.0.0.tgz#3f3180fb2e291017716acb4c9d6d5b5c34a6a81d"
+eslint@^2.7.0:
+  version "2.13.1"
+  resolved "https://registry.yarnpkg.com/eslint/-/eslint-2.13.1.tgz#e4cc8fa0f009fb829aaae23855a29360be1f6c11"
+  dependencies:
+    chalk "^1.1.3"
+    concat-stream "^1.4.6"
+    debug "^2.1.1"
+    doctrine "^1.2.2"
+    es6-map "^0.1.3"
+    escope "^3.6.0"
+    espree "^3.1.6"
+    estraverse "^4.2.0"
+    esutils "^2.0.2"
+    file-entry-cache "^1.1.1"
+    glob "^7.0.3"
+    globals "^9.2.0"
+    ignore "^3.1.2"
+    imurmurhash "^0.1.4"
+    inquirer "^0.12.0"
+    is-my-json-valid "^2.10.0"
+    is-resolvable "^1.0.0"
+    js-yaml "^3.5.1"
+    json-stable-stringify "^1.0.0"
+    levn "^0.3.0"
+    lodash "^4.0.0"
+    mkdirp "^0.5.0"
+    optionator "^0.8.1"
+    path-is-absolute "^1.0.0"
+    path-is-inside "^1.0.1"
+    pluralize "^1.2.1"
+    progress "^1.1.8"
+    require-uncached "^1.0.2"
+    shelljs "^0.6.0"
+    strip-json-comments "~1.0.1"
+    table "^3.7.8"
+    text-table "~0.2.0"
+    user-home "^2.0.0"
 eslint@^4.16.0:
  version "4.17.0"
  resolved "https://registry.yarnpkg.com/eslint/-/eslint-4.17.0.tgz#dc24bb51ede48df629be7031c71d9dc0ee4f3ddf"
@@ -1750,6 +1823,13 @@ eslint@^4.16.0:
    table "^4.0.1"
    text-table "~0.2.0"
+espree@^3.1.6:
+  version "3.5.4"
+  resolved "https://registry.yarnpkg.com/espree/-/espree-3.5.4.tgz#b0f447187c8a8bed944b815a660bddf5deb5d1a7"
+  dependencies:
+    acorn "^5.5.0"
+    acorn-jsx "^3.0.0"
 espree@^3.5.2:
  version "3.5.3"
  resolved "https://registry.yarnpkg.com/espree/-/espree-3.5.3.tgz#931e0af64e7fbbed26b050a29daad1fc64799fa6"
@@ -1778,7 +1858,7 @@ esrecurse@^4.1.0:
    estraverse "^4.1.0"
    object-assign "^4.0.1"
-estraverse@^4.0.0, estraverse@^4.1.0, estraverse@^4.1.1:
+estraverse@^4.0.0, estraverse@^4.1.0, estraverse@^4.1.1, estraverse@^4.2.0:
  version "4.2.0"
  resolved "https://registry.yarnpkg.com/estraverse/-/estraverse-4.2.0.tgz#0dee3fed31fcd469618ce7342099fc1afa0bdb13"
@@ -1816,6 +1896,10 @@ execa@^0.7.0:
    signal-exit "^3.0.0"
    strip-eof "^1.0.0"
+exit-hook@^1.0.0:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/exit-hook/-/exit-hook-1.1.1.tgz#f05ca233b48c05d54fff07765df8507e95c02ff8"
 expand-brackets@^0.1.4:
  version "0.1.5"
  resolved "https://registry.yarnpkg.com/expand-brackets/-/expand-brackets-0.1.5.tgz#df07284e342a807cd733ac5af72411e581d1177b"
@@ -1879,12 +1963,26 @@ fastparse@^1.1.1:
  version "1.1.1"
  resolved "https://registry.yarnpkg.com/fastparse/-/fastparse-1.1.1.tgz#d1e2643b38a94d7583b479060e6c4affc94071f8"
+figures@^1.3.5:
+  version "1.7.0"
+  resolved "https://registry.yarnpkg.com/figures/-/figures-1.7.0.tgz#cbe1e3affcf1cd44b80cadfed28dc793a9701d2e"
+  dependencies:
+    escape-string-regexp "^1.0.5"
+    object-assign "^4.1.0"
 figures@^2.0.0:
  version "2.0.0"
  resolved "https://registry.yarnpkg.com/figures/-/figures-2.0.0.tgz#3ab1a2d2a62c8bfb431a0c94cb797a2fce27c962"
  dependencies:
    escape-string-regexp "^1.0.5"
+file-entry-cache@^1.1.1:
+  version "1.3.1"
+  resolved "https://registry.yarnpkg.com/file-entry-cache/-/file-entry-cache-1.3.1.tgz#44c61ea607ae4be9c1402f41f44270cbfe334ff8"
+  dependencies:
+    flat-cache "^1.2.1"
+    object-assign "^4.0.1"
 file-entry-cache@^2.0.0:
  version "2.0.0"
  resolved "https://registry.yarnpkg.com/file-entry-cache/-/file-entry-cache-2.0.0.tgz#c392990c3e684783d838b8c84a45d8a048458361"
@@ -1991,6 +2089,20 @@ form-data@~2.3.1:
    combined-stream "^1.0.5"
    mime-types "^2.1.12"
+front-matter@2.1.2:
+  version "2.1.2"
+  resolved "https://registry.yarnpkg.com/front-matter/-/front-matter-2.1.2.tgz#f75983b9f2f413be658c93dfd7bd8ce4078f5cdb"
+  dependencies:
+    js-yaml "^3.4.6"
+fs-extra@^3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-3.0.1.tgz#3794f378c58b342ea7dbbb23095109c4b3b62291"
+  dependencies:
+    graceful-fs "^4.1.2"
+    jsonfile "^3.0.0"
+    universalify "^0.1.0"
 fs.realpath@^1.0.0:
  version "1.0.0"
  resolved "https://registry.yarnpkg.com/fs.realpath/-/fs.realpath-1.0.0.tgz#1504ad2523158caa40db4a2787cb01411994ea4f"
@@ -2112,7 +2224,7 @@ globals@^11.0.1:
  version "11.3.0"
  resolved "https://registry.yarnpkg.com/globals/-/globals-11.3.0.tgz#e04fdb7b9796d8adac9c8f64c14837b2313378b0"
-globals@^9.18.0:
+globals@^9.18.0, globals@^9.2.0:
  version "9.18.0"
  resolved "https://registry.yarnpkg.com/globals/-/globals-9.18.0.tgz#aa3896b3e69b487f17e31ed2143d69a8e30c2d8a"
@@ -2135,7 +2247,13 @@ globule@^1.0.0:
    lodash "~4.17.4"
    minimatch "~3.0.2"
-graceful-fs@^4.1.2:
+gonzales-pe-sl@^4.2.3:
+  version "4.2.3"
+  resolved "https://registry.yarnpkg.com/gonzales-pe-sl/-/gonzales-pe-sl-4.2.3.tgz#6a868bc380645f141feeb042c6f97fcc71b59fe6"
+  dependencies:
+    minimist "1.1.x"
+graceful-fs@^4.1.2, graceful-fs@^4.1.6:
  version "4.1.11"
  resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.1.11.tgz#0e8bdfe4d1ddb8854d64e04ea7c00e2a026e5658"
@@ -2301,7 +2419,7 @@ ieee754@^1.1.4:
  version "1.1.8"
  resolved "https://registry.yarnpkg.com/ieee754/-/ieee754-1.1.8.tgz#be33d40ac10ef1926701f6f08a2d86fbfd1ad3e4"
-ignore@^3.3.3:
+ignore@^3.1.2, ignore@^3.3.3:
  version "3.3.7"
  resolved "https://registry.yarnpkg.com/ignore/-/ignore-3.3.7.tgz#612289bfb3c220e186a58118618d5be8c1bab021"
@@ -2346,6 +2464,24 @@ ini@~1.3.0:
  version "1.3.5"
  resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.5.tgz#eee25f56db1c9ec6085e0c22778083f596abf927"
+inquirer@^0.12.0:
+  version "0.12.0"
+  resolved "https://registry.yarnpkg.com/inquirer/-/inquirer-0.12.0.tgz#1ef2bfd63504df0bc75785fff8c2c41df12f077e"
+  dependencies:
+    ansi-escapes "^1.1.0"
+    ansi-regex "^2.0.0"
+    chalk "^1.0.0"
+    cli-cursor "^1.0.1"
+    cli-width "^2.0.0"
+    figures "^1.3.5"
+    lodash "^4.3.0"
+    readline2 "^1.0.1"
+    run-async "^0.1.0"
+    rx-lite "^3.1.2"
+    string-width "^1.0.1"
+    strip-ansi "^3.0.0"
+    through "^2.3.6"
 inquirer@^3.0.6:
  version "3.3.0"
  resolved "https://registry.yarnpkg.com/inquirer/-/inquirer-3.3.0.tgz#9dd2f2ad765dcab1ff0443b491442a20ba227dc9"
@@ -2443,6 +2579,20 @@ is-glob@^2.0.0, is-glob@^2.0.1:
  dependencies:
    is-extglob "^1.0.0"
+is-my-ip-valid@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/is-my-ip-valid/-/is-my-ip-valid-1.0.0.tgz#7b351b8e8edd4d3995d4d066680e664d94696824"
+is-my-json-valid@^2.10.0:
+  version "2.17.2"
+  resolved "https://registry.yarnpkg.com/is-my-json-valid/-/is-my-json-valid-2.17.2.tgz#6b2103a288e94ef3de5cf15d29dd85fc4b78d65c"
+  dependencies:
+    generate-function "^2.0.0"
+    generate-object-property "^1.1.0"
+    is-my-ip-valid "^1.0.0"
+    jsonpointer "^4.0.0"
+    xtend "^4.0.0"
 is-my-json-valid@^2.12.4:
  version "2.17.1"
  resolved "https://registry.yarnpkg.com/is-my-json-valid/-/is-my-json-valid-2.17.1.tgz#3da98914a70a22f0a8563ef1511a246c6fc55471"
@@ -2558,6 +2708,13 @@ js-tokens@^3.0.0, js-tokens@^3.0.2:
  version "3.0.2"
  resolved "https://registry.yarnpkg.com/js-tokens/-/js-tokens-3.0.2.tgz#9866df395102130e38f7f996bceb65443209c25b"
+js-yaml@^3.4.6, js-yaml@^3.5.1, js-yaml@^3.5.4:
+  version "3.11.0"
+  resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-3.11.0.tgz#597c1a8bd57152f26d622ce4117851a51f5ebaef"
+  dependencies:
+    argparse "^1.0.7"
+    esprima "^4.0.0"
 js-yaml@^3.9.1:
  version "3.10.0"
  resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-3.10.0.tgz#2e78441646bd4682e963f22b6e92823c309c62dc"
@@ -2600,7 +2757,7 @@ json-stable-stringify-without-jsonify@^1.0.1:
  version "1.0.1"
  resolved "https://registry.yarnpkg.com/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz#9db7b59496ad3f3cfef30a75142d2d930ad72651"
-json-stable-stringify@^1.0.1:
+json-stable-stringify@^1.0.0, json-stable-stringify@^1.0.1:
  version "1.0.1"
  resolved "https://registry.yarnpkg.com/json-stable-stringify/-/json-stable-stringify-1.0.1.tgz#9a759d39c5f2ff503fd5300646ed445f88c4f9af"
  dependencies:
@@ -2614,6 +2771,12 @@ json5@^0.5.0, json5@^0.5.1:
  version "0.5.1"
  resolved "https://registry.yarnpkg.com/json5/-/json5-0.5.1.tgz#1eade7acc012034ad84e2396767ead9fa5495821"
+jsonfile@^3.0.0:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/jsonfile/-/jsonfile-3.0.1.tgz#a5ecc6f65f53f662c4415c7675a0331d0992ec66"
+  optionalDependencies:
+    graceful-fs "^4.1.6"
 jsonify@~0.0.0:
  version "0.0.0"
  resolved "https://registry.yarnpkg.com/jsonify/-/jsonify-0.0.0.tgz#2c74b6ee41d93ca51b7b5aaee8f503631d252a73"
@@ -2649,6 +2812,10 @@ kind-of@^4.0.0:
  dependencies:
    is-buffer "^1.1.5"
+known-css-properties@^0.3.0:
+  version "0.3.0"
+  resolved "https://registry.yarnpkg.com/known-css-properties/-/known-css-properties-0.3.0.tgz#a3d135bbfc60ee8c6eacf2f7e7e6f2d4755e49a4"
 lazy-cache@^0.2.3:
  version "0.2.7"
  resolved "https://registry.yarnpkg.com/lazy-cache/-/lazy-cache-0.2.7.tgz#7feddf2dcb6edb77d11ef1d117ab5ffdf0ab1b65"
@@ -2716,6 +2883,10 @@ lodash.camelcase@^4.3.0:
  version "4.3.0"
  resolved "https://registry.yarnpkg.com/lodash.camelcase/-/lodash.camelcase-4.3.0.tgz#b28aa6288a2b9fc651035c7711f65ab6190331a6"
+lodash.capitalize@^4.1.0:
+  version "4.2.1"
+  resolved "https://registry.yarnpkg.com/lodash.capitalize/-/lodash.capitalize-4.2.1.tgz#f826c9b4e2a8511d84e3aca29db05e1a4f3b72a9"
 lodash.clonedeep@^4.3.2:
  version "4.5.0"
  resolved "https://registry.yarnpkg.com/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz#e23f3f9c4f8fbdde872529c1071857a086e5ccef"
@@ -2728,6 +2899,10 @@ lodash.isplainobject@^4.0.6:
  version "4.0.6"
  resolved "https://registry.yarnpkg.com/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz#7c526a52d89b45c45cc690b88163be0497f550cb"
+lodash.kebabcase@^4.0.0:
+  version "4.1.1"
+  resolved "https://registry.yarnpkg.com/lodash.kebabcase/-/lodash.kebabcase-4.1.1.tgz#8489b1cb0d29ff88195cceca448ff6d6cc295c36"
 lodash.memoize@^4.1.2:
  version "4.1.2"
  resolved "https://registry.yarnpkg.com/lodash.memoize/-/lodash.memoize-4.1.2.tgz#bcc6c49a42a2840ed997f323eada5ecd182e0bfe"
@@ -2829,6 +3004,10 @@ meow@^3.7.0:
    redent "^1.0.0"
    trim-newlines "^1.0.0"
+merge@^1.2.0:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/merge/-/merge-1.2.0.tgz#7531e39d4949c281a66b8c5a6e0265e8b05894da"
 micromatch@^2.1.5:
  version "2.3.11"
  resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-2.3.11.tgz#86677c97d1720b363431d04d0d15293bd38c1565"
@@ -2890,6 +3069,10 @@ minimist@0.0.8:
  version "0.0.8"
  resolved "https://registry.yarnpkg.com/minimist/-/minimist-0.0.8.tgz#857fcabfc3397d2625b8228262e86aa7a011b05d"
+minimist@1.1.x:
+  version "1.1.3"
+  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.1.3.tgz#3bedfd91a92d39016fcfaa1c681e8faa1a1efda8"
 minimist@^1.1.3, minimist@^1.2.0:
  version "1.2.0"
  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.0.tgz#a35008b20f41383eec1fb914f4cd5df79a264284"
@@ -2911,6 +3094,10 @@ ms@2.0.0:
  version "2.0.0"
  resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8"
+mute-stream@0.0.5:
+  version "0.0.5"
+  resolved "https://registry.yarnpkg.com/mute-stream/-/mute-stream-0.0.5.tgz#8fbfabb0a98a253d3184331f9e8deb7372fac6c0"
 mute-stream@0.0.7:
  version "0.0.7"
  resolved "https://registry.yarnpkg.com/mute-stream/-/mute-stream-0.0.7.tgz#3075ce93bc21b8fab43e1bc4da7e8115ed1e7bab"
@@ -3094,13 +3281,17 @@ once@^1.3.0, once@^1.3.3:
  dependencies:
    wrappy "1"
+onetime@^1.0.0:
+  version "1.1.0"
+  resolved "http://registry.npmjs.org/onetime/-/onetime-1.1.0.tgz#a1f7838f8314c516f05ecefcbc4ccfe04b4ed789"
 onetime@^2.0.0:
  version "2.0.1"
  resolved "https://registry.yarnpkg.com/onetime/-/onetime-2.0.1.tgz#067428230fd67443b2794b22bba528b6867962d4"
  dependencies:
    mimic-fn "^1.0.0"
-optionator@^0.8.2:
+optionator@^0.8.1, optionator@^0.8.2:
  version "0.8.2"
  resolved "https://registry.yarnpkg.com/optionator/-/optionator-0.8.2.tgz#364c5e409d3f4d6301d6c0b4c05bba50180aeb64"
  dependencies:
@@ -3285,6 +3476,10 @@ pkg-dir@^2.0.0:
  dependencies:
    find-up "^2.1.0"
+pluralize@^1.2.1:
+  version "1.2.1"
+  resolved "https://registry.yarnpkg.com/pluralize/-/pluralize-1.2.1.tgz#d1a21483fd22bb41e58a12fa3421823140897c45"
 pluralize@^7.0.0:
  version "7.0.0"
  resolved "https://registry.yarnpkg.com/pluralize/-/pluralize-7.0.0.tgz#298b89df8b93b0221dbf421ad2b1b1ea23fc6777"
@@ -3559,6 +3754,10 @@ process@^0.11.10:
  version "0.11.10"
  resolved "https://registry.yarnpkg.com/process/-/process-0.11.10.tgz#7332300e840161bda3e69a1d1d91a7d4bc16f182"
+progress@^1.1.8:
+  version "1.1.8"
+  resolved "https://registry.yarnpkg.com/progress/-/progress-1.1.8.tgz#e260c78f6161cdd9b0e56cc3e0a85de17c7a57be"
 progress@^2.0.0:
  version "2.0.0"
  resolved "https://registry.yarnpkg.com/progress/-/progress-2.0.0.tgz#8a1be366bf8fc23db2bd23f10c6fe920b4389d1f"
@@ -3708,6 +3907,14 @@ readdirp@^2.0.0:
    readable-stream "^2.0.2"
    set-immediate-shim "^1.0.1"
+readline2@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/readline2/-/readline2-1.0.1.tgz#41059608ffc154757b715d9989d199ffbf372e35"
+  dependencies:
+    code-point-at "^1.0.0"
+    is-fullwidth-code-point "^1.0.0"
+    mute-stream "0.0.5"
 redent@^1.0.0:
  version "1.0.0"
  resolved "https://registry.yarnpkg.com/redent/-/redent-1.0.0.tgz#cf916ab1fd5f1f16dfb20822dd6ec7f730c2afde"
@@ -3882,7 +4089,7 @@ require-main-filename@^1.0.1:
  version "1.0.1"
  resolved "https://registry.yarnpkg.com/require-main-filename/-/require-main-filename-1.0.1.tgz#97f717b69d48784f5f526a6c5aa8ffdda055a4d1"
-require-uncached@^1.0.3:
+require-uncached@^1.0.2, require-uncached@^1.0.3:
  version "1.0.3"
  resolved "https://registry.yarnpkg.com/require-uncached/-/require-uncached-1.0.3.tgz#4e0d56d6c9662fd31e43011c4b95aa49955421d3"
  dependencies:
@@ -3899,6 +4106,13 @@ resolve@^1.5.0:
  dependencies:
    path-parse "^1.0.5"
+restore-cursor@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/restore-cursor/-/restore-cursor-1.0.1.tgz#34661f46886327fed2991479152252df92daa541"
+  dependencies:
+    exit-hook "^1.0.0"
+    onetime "^1.0.0"
 restore-cursor@^2.0.0:
  version "2.0.0"
  resolved "https://registry.yarnpkg.com/restore-cursor/-/restore-cursor-2.0.0.tgz#9f7ee287f82fd326d4fd162923d62129eee0dfaf"
@@ -3925,6 +4139,12 @@ ripemd160@^2.0.0, ripemd160@^2.0.1:
    hash-base "^2.0.0"
    inherits "^2.0.1"
+run-async@^0.1.0:
+  version "0.1.0"
+  resolved "https://registry.yarnpkg.com/run-async/-/run-async-0.1.0.tgz#c8ad4a5e110661e402a7d21b530e009f25f8e389"
+  dependencies:
+    once "^1.3.0"
 run-async@^2.2.0:
  version "2.3.0"
  resolved "https://registry.yarnpkg.com/run-async/-/run-async-2.3.0.tgz#0371ab4ae0bdd720d4166d7dfda64ff7a445a6c0"
@@ -3941,6 +4161,10 @@ rx-lite@*, rx-lite@^4.0.8:
  version "4.0.8"
  resolved "https://registry.yarnpkg.com/rx-lite/-/rx-lite-4.0.8.tgz#0b1e11af8bc44836f04a6407e92da42467b79444"
+rx-lite@^3.1.2:
+  version "3.1.2"
+  resolved "https://registry.yarnpkg.com/rx-lite/-/rx-lite-3.1.2.tgz#19ce502ca572665f3b647b10939f97fd1615f102"
 safe-buffer@^5.0.1, safe-buffer@^5.1.0, safe-buffer@^5.1.1, safe-buffer@~5.1.0, safe-buffer@~5.1.1:
  version "5.1.1"
  resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.1.tgz#893312af69b2123def71f57889001671eeb2c853"
@@ -3954,6 +4178,25 @@ sass-graph@^2.2.4:
    scss-tokenizer "^0.2.3"
    yargs "^7.0.0"
+sass-lint@^1.12.1:
+  version "1.12.1"
+  resolved "https://registry.yarnpkg.com/sass-lint/-/sass-lint-1.12.1.tgz#630f69c216aa206b8232fb2aa907bdf3336b6d83"
+  dependencies:
+    commander "^2.8.1"
+    eslint "^2.7.0"
+    front-matter "2.1.2"
+    fs-extra "^3.0.1"
+    glob "^7.0.0"
+    globule "^1.0.0"
+    gonzales-pe-sl "^4.2.3"
+    js-yaml "^3.5.4"
+    known-css-properties "^0.3.0"
+    lodash.capitalize "^4.1.0"
+    lodash.kebabcase "^4.0.0"
+    merge "^1.2.0"
+    path-is-absolute "^1.0.0"
+    util "^0.10.3"
 sass-loader@^6.0.6:
  version "6.0.6"
  resolved "https://registry.yarnpkg.com/sass-loader/-/sass-loader-6.0.6.tgz#e9d5e6c1f155faa32a4b26d7a9b7107c225e40f9"
@@ -4027,6 +4270,10 @@ shebang-regex@^1.0.0:
  version "1.0.0"
  resolved "https://registry.yarnpkg.com/shebang-regex/-/shebang-regex-1.0.0.tgz#da42f49740c0b42db2ca9728571cb190c98efea3"
+shelljs@^0.6.0:
+  version "0.6.1"
+  resolved "https://registry.yarnpkg.com/shelljs/-/shelljs-0.6.1.tgz#ec6211bed1920442088fe0f70b2837232ed2c8a8"
 signal-exit@^3.0.0, signal-exit@^3.0.2:
  version "3.0.2"
  resolved "https://registry.yarnpkg.com/signal-exit/-/signal-exit-3.0.2.tgz#b5fdc08f1287ea1178628e415e25132b73646c6d"
@@ -4035,6 +4282,10 @@ slash@^1.0.0:
  version "1.0.0"
  resolved "https://registry.yarnpkg.com/slash/-/slash-1.0.0.tgz#c41f2f6c39fc16d1cd17ad4b5d896114ae470d55"
+slice-ansi@0.0.4:
+  version "0.0.4"
+  resolved "https://registry.yarnpkg.com/slice-ansi/-/slice-ansi-0.0.4.tgz#edbf8903f66f7ce2f8eafd6ceed65e264c831b35"
 slice-ansi@1.0.0:
  version "1.0.0"
  resolved "https://registry.yarnpkg.com/slice-ansi/-/slice-ansi-1.0.0.tgz#044f1a49d8842ff307aad6b505ed178bd950134d"
@@ -4199,6 +4450,10 @@ strip-indent@^1.0.1:
  dependencies:
    get-stdin "^4.0.1"
+strip-json-comments@~1.0.1:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-1.0.4.tgz#1e15fbcac97d3ee99bf2d73b4c656b082bbafb91"
 strip-json-comments@~2.0.1:
  version "2.0.1"
  resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-2.0.1.tgz#3c531942e908c2697c0ec344858c286c7ca0a60a"
@@ -4244,6 +4499,17 @@ svgo@^0.7.0:
    sax "~1.2.1"
    whet.extend "~0.9.9"
+table@^3.7.8:
+  version "3.8.3"
+  resolved "https://registry.yarnpkg.com/table/-/table-3.8.3.tgz#2bbc542f0fda9861a755d3947fefd8b3f513855f"
+  dependencies:
+    ajv "^4.7.0"
+    ajv-keywords "^1.0.0"
+    chalk "^1.1.1"
+    lodash "^4.0.0"
+    slice-ansi "0.0.4"
+    string-width "^2.0.0"
 table@^4.0.1:
  version "4.0.2"
  resolved "https://registry.yarnpkg.com/table/-/table-4.0.2.tgz#a33447375391e766ad34d3486e6e2aedc84d2e36"
@@ -4395,6 +4661,10 @@ uniqs@^2.0.0:
  version "2.0.0"
  resolved "https://registry.yarnpkg.com/uniqs/-/uniqs-2.0.0.tgz#ffede4b36b25290696e6e165d4a59edb998e6b02"
+universalify@^0.1.0:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/universalify/-/universalify-0.1.1.tgz#fa71badd4437af4c148841e3b3b165f9e9e590b7"
 url-loader@^0.6.2:
  version "0.6.2"
  resolved "https://registry.yarnpkg.com/url-loader/-/url-loader-0.6.2.tgz#a007a7109620e9d988d14bce677a1decb9a993f7"
@@ -4410,6 +4680,12 @@ url@^0.11.0:
    punycode "1.3.2"
    querystring "0.2.0"
+user-home@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/user-home/-/user-home-2.0.0.tgz#9c70bfd8169bc1dcbf48604e0f04b8b49cde9e9f"
+  dependencies:
+    os-homedir "^1.0.0"
 util-deprecate@~1.0.1:
  version "1.0.2"
  resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf"