aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'index.php')
-rw-r--r--index.php94
1 files changed, 56 insertions, 38 deletions
diff --git a/index.php b/index.php
index bbe302a6..b73e0b98 100644
--- a/index.php
+++ b/index.php
@@ -11,7 +11,8 @@
11date_default_timezone_set('UTC'); 11date_default_timezone_set('UTC');
12 12
13// ----------------------------------------------------------------------------------------------- 13// -----------------------------------------------------------------------------------------------
14// Hardcoded parameter (These parameters can be overwritten by creating the file /data/options.php) 14// Hardcoded parameter (These parameters can be overwritten by editing the file /data/config.php)
15// You should not touch any code below (or at your own risks!)
15$GLOBALS['config']['DATADIR'] = 'data'; // Data subdirectory 16$GLOBALS['config']['DATADIR'] = 'data'; // Data subdirectory
16$GLOBALS['config']['CONFIG_FILE'] = $GLOBALS['config']['DATADIR'].'/config.php'; // Configuration file (user login/password) 17$GLOBALS['config']['CONFIG_FILE'] = $GLOBALS['config']['DATADIR'].'/config.php'; // Configuration file (user login/password)
17$GLOBALS['config']['DATASTORE'] = $GLOBALS['config']['DATADIR'].'/datastore.php'; // Data storage file. 18$GLOBALS['config']['DATASTORE'] = $GLOBALS['config']['DATADIR'].'/datastore.php'; // Data storage file.
@@ -36,10 +37,6 @@ $GLOBALS['config']['ARCHIVE_ORG'] = false; // For each link, add a link to an ar
36$GLOBALS['config']['ENABLE_RSS_PERMALINKS'] = true; // Enable RSS permalinks by default. This corresponds to the default behavior of shaarli before this was added as an option. 37$GLOBALS['config']['ENABLE_RSS_PERMALINKS'] = true; // Enable RSS permalinks by default. This corresponds to the default behavior of shaarli before this was added as an option.
37$GLOBALS['config']['HIDE_PUBLIC_LINKS'] = false; 38$GLOBALS['config']['HIDE_PUBLIC_LINKS'] = false;
38// ----------------------------------------------------------------------------------------------- 39// -----------------------------------------------------------------------------------------------
39// You should not touch below (or at your own risks!)
40// Optional config file.
41if (is_file($GLOBALS['config']['DATADIR'].'/options.php')) require($GLOBALS['config']['DATADIR'].'/options.php');
42
43define('shaarli_version','0.0.45beta'); 40define('shaarli_version','0.0.45beta');
44// http://server.com/x/shaarli --> /shaarli/ 41// http://server.com/x/shaarli --> /shaarli/
45define('WEB_PATH', substr($_SERVER["REQUEST_URI"], 0, 1+strrpos($_SERVER["REQUEST_URI"], '/', 0))); 42define('WEB_PATH', substr($_SERVER["REQUEST_URI"], 0, 1+strrpos($_SERVER["REQUEST_URI"], '/', 0)));
@@ -69,6 +66,7 @@ error_reporting(E_ALL^E_WARNING); // See all error except warnings.
69// Shaarli library 66// Shaarli library
70require_once 'application/LinkDB.php'; 67require_once 'application/LinkDB.php';
71require_once 'application/Utils.php'; 68require_once 'application/Utils.php';
69require_once 'application/Config.php';
72 70
73include "inc/rain.tpl.class.php"; //include Rain TPL 71include "inc/rain.tpl.class.php"; //include Rain TPL
74raintpl::$tpl_dir = $GLOBALS['config']['RAINTPL_TPL']; // template directory 72raintpl::$tpl_dir = $GLOBALS['config']['RAINTPL_TPL']; // template directory
@@ -100,7 +98,6 @@ if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.escape(indexU
100if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get(); 98if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get();
101if (empty($GLOBALS['redirector'])) $GLOBALS['redirector']=''; 99if (empty($GLOBALS['redirector'])) $GLOBALS['redirector']='';
102if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false; 100if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false;
103if (empty($GLOBALS['disablejquery'])) $GLOBALS['disablejquery']=false;
104if (empty($GLOBALS['privateLinkByDefault'])) $GLOBALS['privateLinkByDefault']=false; 101if (empty($GLOBALS['privateLinkByDefault'])) $GLOBALS['privateLinkByDefault']=false;
105if (empty($GLOBALS['titleLink'])) $GLOBALS['titleLink']='?'; 102if (empty($GLOBALS['titleLink'])) $GLOBALS['titleLink']='?';
106// I really need to rewrite Shaarli with a proper configuation manager. 103// I really need to rewrite Shaarli with a proper configuation manager.
@@ -709,7 +706,7 @@ function showRSS()
709 if (!empty($_GET['searchterm'])) $linksToDisplay = $LINKSDB->filterFulltext($_GET['searchterm']); 706 if (!empty($_GET['searchterm'])) $linksToDisplay = $LINKSDB->filterFulltext($_GET['searchterm']);
710 else if (!empty($_GET['searchtags'])) $linksToDisplay = $LINKSDB->filterTags(trim($_GET['searchtags'])); 707 else if (!empty($_GET['searchtags'])) $linksToDisplay = $LINKSDB->filterTags(trim($_GET['searchtags']));
711 else $linksToDisplay = $LINKSDB; 708 else $linksToDisplay = $LINKSDB;
712 709
713 $nblinksToDisplay = 50; // Number of links to display. 710 $nblinksToDisplay = 50; // Number of links to display.
714 if (!empty($_GET['nb'])) // In URL, you can specificy the number of links. Example: nb=200 or nb=all for all links. 711 if (!empty($_GET['nb'])) // In URL, you can specificy the number of links. Example: nb=200 or nb=all for all links.
715 { 712 {
@@ -789,7 +786,7 @@ function showATOM()
789 if (!empty($_GET['searchterm'])) $linksToDisplay = $LINKSDB->filterFulltext($_GET['searchterm']); 786 if (!empty($_GET['searchterm'])) $linksToDisplay = $LINKSDB->filterFulltext($_GET['searchterm']);
790 else if (!empty($_GET['searchtags'])) $linksToDisplay = $LINKSDB->filterTags(trim($_GET['searchtags'])); 787 else if (!empty($_GET['searchtags'])) $linksToDisplay = $LINKSDB->filterTags(trim($_GET['searchtags']));
791 else $linksToDisplay = $LINKSDB; 788 else $linksToDisplay = $LINKSDB;
792 789
793 $nblinksToDisplay = 50; // Number of links to display. 790 $nblinksToDisplay = 50; // Number of links to display.
794 if (!empty($_GET['nb'])) // In URL, you can specificy the number of links. Example: nb=200 or nb=all for all links. 791 if (!empty($_GET['nb'])) // In URL, you can specificy the number of links. Example: nb=200 or nb=all for all links.
795 { 792 {
@@ -1041,7 +1038,7 @@ function renderPage()
1041 if (!empty($_GET['searchterm'])) $links = $LINKSDB->filterFulltext($_GET['searchterm']); 1038 if (!empty($_GET['searchterm'])) $links = $LINKSDB->filterFulltext($_GET['searchterm']);
1042 elseif (!empty($_GET['searchtags'])) $links = $LINKSDB->filterTags(trim($_GET['searchtags'])); 1039 elseif (!empty($_GET['searchtags'])) $links = $LINKSDB->filterTags(trim($_GET['searchtags']));
1043 else $links = $LINKSDB; 1040 else $links = $LINKSDB;
1044 1041
1045 $body=''; 1042 $body='';
1046 $linksToDisplay=array(); 1043 $linksToDisplay=array();
1047 1044
@@ -1056,7 +1053,7 @@ function renderPage()
1056 $linksToDisplay[]=$link; // Add to array. 1053 $linksToDisplay[]=$link; // Add to array.
1057 } 1054 }
1058 } 1055 }
1059 1056
1060 $PAGE = new pageBuilder; 1057 $PAGE = new pageBuilder;
1061 $PAGE->assign('linkcount',count($LINKSDB)); 1058 $PAGE->assign('linkcount',count($LINKSDB));
1062 $PAGE->assign('linksToDisplay',$linksToDisplay); 1059 $PAGE->assign('linksToDisplay',$linksToDisplay);
@@ -1214,7 +1211,19 @@ function renderPage()
1214 // Save new password 1211 // Save new password
1215 $GLOBALS['salt'] = sha1(uniqid('',true).'_'.mt_rand()); // Salt renders rainbow-tables attacks useless. 1212 $GLOBALS['salt'] = sha1(uniqid('',true).'_'.mt_rand()); // Salt renders rainbow-tables attacks useless.
1216 $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']); 1213 $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']);
1217 writeConfig(); 1214 try {
1215 writeConfig($GLOBALS, isLoggedIn());
1216 }
1217 catch(Exception $e) {
1218 error_log(
1219 'ERROR while writing config file after changing password.' . PHP_EOL .
1220 $e->getMessage()
1221 );
1222
1223 // TODO: do not handle exceptions/errors in JS.
1224 echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=tools\';</script>';
1225 exit;
1226 }
1218 echo '<script>alert("Your password has been changed.");document.location=\'?do=tools\';</script>'; 1227 echo '<script>alert("Your password has been changed.");document.location=\'?do=tools\';</script>';
1219 exit; 1228 exit;
1220 } 1229 }
@@ -1243,12 +1252,23 @@ function renderPage()
1243 $GLOBALS['titleLink']=$_POST['titleLink']; 1252 $GLOBALS['titleLink']=$_POST['titleLink'];
1244 $GLOBALS['redirector']=$_POST['redirector']; 1253 $GLOBALS['redirector']=$_POST['redirector'];
1245 $GLOBALS['disablesessionprotection']=!empty($_POST['disablesessionprotection']); 1254 $GLOBALS['disablesessionprotection']=!empty($_POST['disablesessionprotection']);
1246 $GLOBALS['disablejquery']=!empty($_POST['disablejquery']);
1247 $GLOBALS['privateLinkByDefault']=!empty($_POST['privateLinkByDefault']); 1255 $GLOBALS['privateLinkByDefault']=!empty($_POST['privateLinkByDefault']);
1248 $GLOBALS['config']['ENABLE_RSS_PERMALINKS']= !empty($_POST['enableRssPermalinks']); 1256 $GLOBALS['config']['ENABLE_RSS_PERMALINKS']= !empty($_POST['enableRssPermalinks']);
1249 $GLOBALS['config']['ENABLE_UPDATECHECK'] = !empty($_POST['updateCheck']); 1257 $GLOBALS['config']['ENABLE_UPDATECHECK'] = !empty($_POST['updateCheck']);
1250 $GLOBALS['config']['HIDE_PUBLIC_LINKS'] = !empty($_POST['hidePublicLinks']); 1258 $GLOBALS['config']['HIDE_PUBLIC_LINKS'] = !empty($_POST['hidePublicLinks']);
1251 writeConfig(); 1259 try {
1260 writeConfig($GLOBALS, isLoggedIn());
1261 }
1262 catch(Exception $e) {
1263 error_log(
1264 'ERROR while writing config file after configuration update.' . PHP_EOL .
1265 $e->getMessage()
1266 );
1267
1268 // TODO: do not handle exceptions/errors in JS.
1269 echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=tools\';</script>';
1270 exit;
1271 }
1252 echo '<script>alert("Configuration was saved.");document.location=\'?do=tools\';</script>'; 1272 echo '<script>alert("Configuration was saved.");document.location=\'?do=tools\';</script>';
1253 exit; 1273 exit;
1254 } 1274 }
@@ -2007,7 +2027,19 @@ function install()
2007 $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']); 2027 $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']);
2008 $GLOBALS['title'] = (empty($_POST['title']) ? 'Shared links on '.escape(indexUrl()) : $_POST['title'] ); 2028 $GLOBALS['title'] = (empty($_POST['title']) ? 'Shared links on '.escape(indexUrl()) : $_POST['title'] );
2009 $GLOBALS['config']['ENABLE_UPDATECHECK'] = !empty($_POST['updateCheck']); 2029 $GLOBALS['config']['ENABLE_UPDATECHECK'] = !empty($_POST['updateCheck']);
2010 writeConfig(); 2030 try {
2031 writeConfig($GLOBALS, isLoggedIn());
2032 }
2033 catch(Exception $e) {
2034 error_log(
2035 'ERROR while writing config file after installation.' . PHP_EOL .
2036 $e->getMessage()
2037 );
2038
2039 // TODO: do not handle exceptions/errors in JS.
2040 echo '<script>alert("'. $e->getMessage() .'");document.location=\'?\';</script>';
2041 exit;
2042 }
2011 echo '<script>alert("Shaarli is now configured. Please enter your login/password and start shaaring your links!");document.location=\'?do=login\';</script>'; 2043 echo '<script>alert("Shaarli is now configured. Please enter your login/password and start shaaring your links!");document.location=\'?do=login\';</script>';
2012 exit; 2044 exit;
2013 } 2045 }
@@ -2121,30 +2153,7 @@ if (!function_exists('json_encode')) {
2121 } 2153 }
2122} 2154}
2123 2155
2124// Re-write configuration file according to globals. 2156
2125// Requires some $GLOBALS to be set (login,hash,salt,title).
2126// If the config file cannot be saved, an error message is displayed and the user is redirected to "Tools" menu.
2127// (otherwise, the function simply returns.)
2128function writeConfig()
2129{
2130 if (is_file($GLOBALS['config']['CONFIG_FILE']) && !isLoggedIn()) die('You are not authorized to alter config.'); // Only logged in user can alter config.
2131 $config='<?php $GLOBALS[\'login\']='.var_export($GLOBALS['login'],true).'; $GLOBALS[\'hash\']='.var_export($GLOBALS['hash'],true).'; $GLOBALS[\'salt\']='.var_export($GLOBALS['salt'],true).'; ';
2132 $config .='$GLOBALS[\'timezone\']='.var_export($GLOBALS['timezone'],true).'; date_default_timezone_set('.var_export($GLOBALS['timezone'],true).'); $GLOBALS[\'title\']='.var_export($GLOBALS['title'],true).';';
2133 $config .= '$GLOBALS[\'titleLink\']='.var_export($GLOBALS['titleLink'],true).'; ';
2134 $config .= '$GLOBALS[\'redirector\']='.var_export($GLOBALS['redirector'],true).'; ';
2135 $config .= '$GLOBALS[\'disablesessionprotection\']='.var_export($GLOBALS['disablesessionprotection'],true).'; ';
2136 $config .= '$GLOBALS[\'disablejquery\']='.var_export($GLOBALS['disablejquery'],true).'; ';
2137 $config .= '$GLOBALS[\'privateLinkByDefault\']='.var_export($GLOBALS['privateLinkByDefault'],true).'; ';
2138 $config .= '$GLOBALS[\'config\'][\'ENABLE_RSS_PERMALINKS\']='.var_export($GLOBALS['config']['ENABLE_RSS_PERMALINKS'], true).'; ';
2139 $config .= '$GLOBALS[\'config\'][\'ENABLE_UPDATECHECK\']='.var_export($GLOBALS['config']['ENABLE_UPDATECHECK'], true).'; ';
2140 $config .= '$GLOBALS[\'config\'][\'HIDE_PUBLIC_LINKS\']='.var_export($GLOBALS['config']['HIDE_PUBLIC_LINKS'], true).'; ';
2141 $config .= ' ?>';
2142 if (!file_put_contents($GLOBALS['config']['CONFIG_FILE'],$config) || strcmp(file_get_contents($GLOBALS['config']['CONFIG_FILE']),$config)!=0)
2143 {
2144 echo '<script>alert("Shaarli could not create the config file. Please make sure Shaarli has the right to write in the folder is it installed in.");document.location=\'?\';</script>';
2145 exit;
2146 }
2147}
2148 2157
2149/* Because some f*cking services like flickr require an extra HTTP request to get the thumbnail URL, 2158/* Because some f*cking services like flickr require an extra HTTP request to get the thumbnail URL,
2150 I have deported the thumbnail URL code generation here, otherwise this would slow down page generation. 2159 I have deported the thumbnail URL code generation here, otherwise this would slow down page generation.
@@ -2373,6 +2382,15 @@ function invalidateCaches()
2373 pageCache::purgeCache(); // Purge page cache shared by sessions. 2382 pageCache::purgeCache(); // Purge page cache shared by sessions.
2374} 2383}
2375 2384
2385try {
2386 mergeDeprecatedConfig($GLOBALS, isLoggedIn());
2387} catch(Exception $e) {
2388 error_log(
2389 'ERROR while merging deprecated options.php file.' . PHP_EOL .
2390 $e->getMessage()
2391 );
2392}
2393
2376if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=genthumbnail')) { genThumbnail(); exit; } // Thumbnail generation/cache does not need the link database. 2394if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=genthumbnail')) { genThumbnail(); exit; } // Thumbnail generation/cache does not need the link database.
2377if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=rss')) { showRSS(); exit; } 2395if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=rss')) { showRSS(); exit; }
2378if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=atom')) { showATOM(); exit; } 2396if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=atom')) { showATOM(); exit; }