aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'index.php')
-rw-r--r--index.php86
1 files changed, 52 insertions, 34 deletions
diff --git a/index.php b/index.php
index 5771dd88..236fd4e2 100644
--- a/index.php
+++ b/index.php
@@ -11,7 +11,8 @@
11date_default_timezone_set('UTC'); 11date_default_timezone_set('UTC');
12 12
13// ----------------------------------------------------------------------------------------------- 13// -----------------------------------------------------------------------------------------------
14// Hardcoded parameter (These parameters can be overwritten by creating the file /data/options.php) 14// Hardcoded parameter (These parameters can be overwritten by editing the file /data/config.php)
15// You should not touch any code below (or at your own risks!)
15$GLOBALS['config']['DATADIR'] = 'data'; // Data subdirectory 16$GLOBALS['config']['DATADIR'] = 'data'; // Data subdirectory
16$GLOBALS['config']['CONFIG_FILE'] = $GLOBALS['config']['DATADIR'].'/config.php'; // Configuration file (user login/password) 17$GLOBALS['config']['CONFIG_FILE'] = $GLOBALS['config']['DATADIR'].'/config.php'; // Configuration file (user login/password)
17$GLOBALS['config']['DATASTORE'] = $GLOBALS['config']['DATADIR'].'/datastore.php'; // Data storage file. 18$GLOBALS['config']['DATASTORE'] = $GLOBALS['config']['DATADIR'].'/datastore.php'; // Data storage file.
@@ -36,10 +37,6 @@ $GLOBALS['config']['ARCHIVE_ORG'] = false; // For each link, add a link to an ar
36$GLOBALS['config']['ENABLE_RSS_PERMALINKS'] = true; // Enable RSS permalinks by default. This corresponds to the default behavior of shaarli before this was added as an option. 37$GLOBALS['config']['ENABLE_RSS_PERMALINKS'] = true; // Enable RSS permalinks by default. This corresponds to the default behavior of shaarli before this was added as an option.
37$GLOBALS['config']['HIDE_PUBLIC_LINKS'] = false; 38$GLOBALS['config']['HIDE_PUBLIC_LINKS'] = false;
38// ----------------------------------------------------------------------------------------------- 39// -----------------------------------------------------------------------------------------------
39// You should not touch below (or at your own risks!)
40// Optional config file.
41if (is_file($GLOBALS['config']['DATADIR'].'/options.php')) require($GLOBALS['config']['DATADIR'].'/options.php');
42
43define('shaarli_version','0.0.45beta'); 40define('shaarli_version','0.0.45beta');
44// http://server.com/x/shaarli --> /shaarli/ 41// http://server.com/x/shaarli --> /shaarli/
45define('WEB_PATH', substr($_SERVER["REQUEST_URI"], 0, 1+strrpos($_SERVER["REQUEST_URI"], '/', 0))); 42define('WEB_PATH', substr($_SERVER["REQUEST_URI"], 0, 1+strrpos($_SERVER["REQUEST_URI"], '/', 0)));
@@ -69,6 +66,7 @@ error_reporting(E_ALL^E_WARNING); // See all error except warnings.
69// Shaarli library 66// Shaarli library
70require_once 'application/LinkDB.php'; 67require_once 'application/LinkDB.php';
71require_once 'application/Utils.php'; 68require_once 'application/Utils.php';
69require_once 'application/Config.php';
72 70
73include "inc/rain.tpl.class.php"; //include Rain TPL 71include "inc/rain.tpl.class.php"; //include Rain TPL
74raintpl::$tpl_dir = $GLOBALS['config']['RAINTPL_TPL']; // template directory 72raintpl::$tpl_dir = $GLOBALS['config']['RAINTPL_TPL']; // template directory
@@ -100,7 +98,6 @@ if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.escape(indexU
100if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get(); 98if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get();
101if (empty($GLOBALS['redirector'])) $GLOBALS['redirector']=''; 99if (empty($GLOBALS['redirector'])) $GLOBALS['redirector']='';
102if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false; 100if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false;
103if (empty($GLOBALS['disablejquery'])) $GLOBALS['disablejquery']=false;
104if (empty($GLOBALS['privateLinkByDefault'])) $GLOBALS['privateLinkByDefault']=false; 101if (empty($GLOBALS['privateLinkByDefault'])) $GLOBALS['privateLinkByDefault']=false;
105if (empty($GLOBALS['titleLink'])) $GLOBALS['titleLink']='?'; 102if (empty($GLOBALS['titleLink'])) $GLOBALS['titleLink']='?';
106// I really need to rewrite Shaarli with a proper configuation manager. 103// I really need to rewrite Shaarli with a proper configuation manager.
@@ -1220,7 +1217,19 @@ function renderPage()
1220 // Save new password 1217 // Save new password
1221 $GLOBALS['salt'] = sha1(uniqid('',true).'_'.mt_rand()); // Salt renders rainbow-tables attacks useless. 1218 $GLOBALS['salt'] = sha1(uniqid('',true).'_'.mt_rand()); // Salt renders rainbow-tables attacks useless.
1222 $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']); 1219 $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']);
1223 writeConfig(); 1220 try {
1221 writeConfig($GLOBALS, isLoggedIn());
1222 }
1223 catch(Exception $e) {
1224 error_log(
1225 'ERROR while writing config file after changing password.' . PHP_EOL .
1226 $e->getMessage()
1227 );
1228
1229 // TODO: do not handle exceptions/errors in JS.
1230 echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=tools\';</script>';
1231 exit;
1232 }
1224 echo '<script>alert("Your password has been changed.");document.location=\'?do=tools\';</script>'; 1233 echo '<script>alert("Your password has been changed.");document.location=\'?do=tools\';</script>';
1225 exit; 1234 exit;
1226 } 1235 }
@@ -1249,12 +1258,23 @@ function renderPage()
1249 $GLOBALS['titleLink']=$_POST['titleLink']; 1258 $GLOBALS['titleLink']=$_POST['titleLink'];
1250 $GLOBALS['redirector']=$_POST['redirector']; 1259 $GLOBALS['redirector']=$_POST['redirector'];
1251 $GLOBALS['disablesessionprotection']=!empty($_POST['disablesessionprotection']); 1260 $GLOBALS['disablesessionprotection']=!empty($_POST['disablesessionprotection']);
1252 $GLOBALS['disablejquery']=!empty($_POST['disablejquery']);
1253 $GLOBALS['privateLinkByDefault']=!empty($_POST['privateLinkByDefault']); 1261 $GLOBALS['privateLinkByDefault']=!empty($_POST['privateLinkByDefault']);
1254 $GLOBALS['config']['ENABLE_RSS_PERMALINKS']= !empty($_POST['enableRssPermalinks']); 1262 $GLOBALS['config']['ENABLE_RSS_PERMALINKS']= !empty($_POST['enableRssPermalinks']);
1255 $GLOBALS['config']['ENABLE_UPDATECHECK'] = !empty($_POST['updateCheck']); 1263 $GLOBALS['config']['ENABLE_UPDATECHECK'] = !empty($_POST['updateCheck']);
1256 $GLOBALS['config']['HIDE_PUBLIC_LINKS'] = !empty($_POST['hidePublicLinks']); 1264 $GLOBALS['config']['HIDE_PUBLIC_LINKS'] = !empty($_POST['hidePublicLinks']);
1257 writeConfig(); 1265 try {
1266 writeConfig($GLOBALS, isLoggedIn());
1267 }
1268 catch(Exception $e) {
1269 error_log(
1270 'ERROR while writing config file after configuration update.' . PHP_EOL .
1271 $e->getMessage()
1272 );
1273
1274 // TODO: do not handle exceptions/errors in JS.
1275 echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=tools\';</script>';
1276 exit;
1277 }
1258 echo '<script>alert("Configuration was saved.");document.location=\'?do=tools\';</script>'; 1278 echo '<script>alert("Configuration was saved.");document.location=\'?do=tools\';</script>';
1259 exit; 1279 exit;
1260 } 1280 }
@@ -2013,7 +2033,19 @@ function install()
2013 $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']); 2033 $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']);
2014 $GLOBALS['title'] = (empty($_POST['title']) ? 'Shared links on '.escape(indexUrl()) : $_POST['title'] ); 2034 $GLOBALS['title'] = (empty($_POST['title']) ? 'Shared links on '.escape(indexUrl()) : $_POST['title'] );
2015 $GLOBALS['config']['ENABLE_UPDATECHECK'] = !empty($_POST['updateCheck']); 2035 $GLOBALS['config']['ENABLE_UPDATECHECK'] = !empty($_POST['updateCheck']);
2016 writeConfig(); 2036 try {
2037 writeConfig($GLOBALS, isLoggedIn());
2038 }
2039 catch(Exception $e) {
2040 error_log(
2041 'ERROR while writing config file after installation.' . PHP_EOL .
2042 $e->getMessage()
2043 );
2044
2045 // TODO: do not handle exceptions/errors in JS.
2046 echo '<script>alert("'. $e->getMessage() .'");document.location=\'?\';</script>';
2047 exit;
2048 }
2017 echo '<script>alert("Shaarli is now configured. Please enter your login/password and start shaaring your links!");document.location=\'?do=login\';</script>'; 2049 echo '<script>alert("Shaarli is now configured. Please enter your login/password and start shaaring your links!");document.location=\'?do=login\';</script>';
2018 exit; 2050 exit;
2019 } 2051 }
@@ -2127,30 +2159,7 @@ if (!function_exists('json_encode')) {
2127 } 2159 }
2128} 2160}
2129 2161
2130// Re-write configuration file according to globals. 2162
2131// Requires some $GLOBALS to be set (login,hash,salt,title).
2132// If the config file cannot be saved, an error message is displayed and the user is redirected to "Tools" menu.
2133// (otherwise, the function simply returns.)
2134function writeConfig()
2135{
2136 if (is_file($GLOBALS['config']['CONFIG_FILE']) && !isLoggedIn()) die('You are not authorized to alter config.'); // Only logged in user can alter config.
2137 $config='<?php $GLOBALS[\'login\']='.var_export($GLOBALS['login'],true).'; $GLOBALS[\'hash\']='.var_export($GLOBALS['hash'],true).'; $GLOBALS[\'salt\']='.var_export($GLOBALS['salt'],true).'; ';
2138 $config .='$GLOBALS[\'timezone\']='.var_export($GLOBALS['timezone'],true).'; date_default_timezone_set('.var_export($GLOBALS['timezone'],true).'); $GLOBALS[\'title\']='.var_export($GLOBALS['title'],true).';';
2139 $config .= '$GLOBALS[\'titleLink\']='.var_export($GLOBALS['titleLink'],true).'; ';
2140 $config .= '$GLOBALS[\'redirector\']='.var_export($GLOBALS['redirector'],true).'; ';
2141 $config .= '$GLOBALS[\'disablesessionprotection\']='.var_export($GLOBALS['disablesessionprotection'],true).'; ';
2142 $config .= '$GLOBALS[\'disablejquery\']='.var_export($GLOBALS['disablejquery'],true).'; ';
2143 $config .= '$GLOBALS[\'privateLinkByDefault\']='.var_export($GLOBALS['privateLinkByDefault'],true).'; ';
2144 $config .= '$GLOBALS[\'config\'][\'ENABLE_RSS_PERMALINKS\']='.var_export($GLOBALS['config']['ENABLE_RSS_PERMALINKS'], true).'; ';
2145 $config .= '$GLOBALS[\'config\'][\'ENABLE_UPDATECHECK\']='.var_export($GLOBALS['config']['ENABLE_UPDATECHECK'], true).'; ';
2146 $config .= '$GLOBALS[\'config\'][\'HIDE_PUBLIC_LINKS\']='.var_export($GLOBALS['config']['HIDE_PUBLIC_LINKS'], true).'; ';
2147 $config .= ' ?>';
2148 if (!file_put_contents($GLOBALS['config']['CONFIG_FILE'],$config) || strcmp(file_get_contents($GLOBALS['config']['CONFIG_FILE']),$config)!=0)
2149 {
2150 echo '<script>alert("Shaarli could not create the config file. Please make sure Shaarli has the right to write in the folder is it installed in.");document.location=\'?\';</script>';
2151 exit;
2152 }
2153}
2154 2163
2155/* Because some f*cking services like flickr require an extra HTTP request to get the thumbnail URL, 2164/* Because some f*cking services like flickr require an extra HTTP request to get the thumbnail URL,
2156 I have deported the thumbnail URL code generation here, otherwise this would slow down page generation. 2165 I have deported the thumbnail URL code generation here, otherwise this would slow down page generation.
@@ -2379,6 +2388,15 @@ function invalidateCaches()
2379 pageCache::purgeCache(); // Purge page cache shared by sessions. 2388 pageCache::purgeCache(); // Purge page cache shared by sessions.
2380} 2389}
2381 2390
2391try {
2392 mergeDeprecatedConfig($GLOBALS, isLoggedIn());
2393} catch(Exception $e) {
2394 error_log(
2395 'ERROR while merging deprecated options.php file.' . PHP_EOL .
2396 $e->getMessage()
2397 );
2398}
2399
2382if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=genthumbnail')) { genThumbnail(); exit; } // Thumbnail generation/cache does not need the link database. 2400if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=genthumbnail')) { genThumbnail(); exit; } // Thumbnail generation/cache does not need the link database.
2383if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=rss')) { showRSS(); exit; } 2401if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=rss')) { showRSS(); exit; }
2384if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=atom')) { showATOM(); exit; } 2402if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=atom')) { showATOM(); exit; }