diff options
Diffstat (limited to 'index.php')
-rw-r--r-- | index.php | 39 |
1 files changed, 32 insertions, 7 deletions
@@ -37,6 +37,14 @@ $cookie=session_get_cookie_params(); | |||
37 | $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; | 37 | $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; |
38 | session_set_cookie_params($cookie['lifetime'],$cookiedir); // Set default cookie expiration and path. | 38 | session_set_cookie_params($cookie['lifetime'],$cookiedir); // Set default cookie expiration and path. |
39 | 39 | ||
40 | // Set session parameters on server side. | ||
41 | define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired. | ||
42 | ini_set('session.use_cookies', 1); // Use cookies to store session. | ||
43 | ini_set('session.use_only_cookies', 1); // Force cookies for session (phpsessionID forbidden in URL) | ||
44 | ini_set('session.use_trans_sid', false); // Prevent php to use sessionID in URL if cookies are disabled. | ||
45 | session_name('shaarli'); | ||
46 | if (session_id() == '') session_start(); // Start session if needed (Some server auto-start sessions). | ||
47 | |||
40 | // PHP Settings | 48 | // PHP Settings |
41 | ini_set('max_input_time','60'); // High execution time in case of problematic imports/exports. | 49 | ini_set('max_input_time','60'); // High execution time in case of problematic imports/exports. |
42 | ini_set('memory_limit', '128M'); // Try to set max upload file size and read (May not work on some hosts). | 50 | ini_set('memory_limit', '128M'); // Try to set max upload file size and read (May not work on some hosts). |
@@ -89,7 +97,6 @@ if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.htmlspecialch | |||
89 | if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get(); | 97 | if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get(); |
90 | if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false; | 98 | if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false; |
91 | 99 | ||
92 | |||
93 | autoLocale(); // Sniff browser language and set date format accordingly. | 100 | autoLocale(); // Sniff browser language and set date format accordingly. |
94 | header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling. | 101 | header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling. |
95 | 102 | ||
@@ -265,12 +272,6 @@ function pubsubhub() | |||
265 | 272 | ||
266 | // ------------------------------------------------------------------------------------------ | 273 | // ------------------------------------------------------------------------------------------ |
267 | // Session management | 274 | // Session management |
268 | define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired. | ||
269 | ini_set('session.use_cookies', 1); // Use cookies to store session. | ||
270 | ini_set('session.use_only_cookies', 1); // Force cookies for session (phpsessionID forbidden in URL) | ||
271 | ini_set('session.use_trans_sid', false); // Prevent php to use sessionID in URL if cookies are disabled. | ||
272 | session_name('shaarli'); | ||
273 | session_start(); | ||
274 | 275 | ||
275 | // Returns the IP address of the client (Used to prevent session cookie hijacking.) | 276 | // Returns the IP address of the client (Used to prevent session cookie hijacking.) |
276 | function allIPs() | 277 | function allIPs() |
@@ -303,6 +304,8 @@ function check_auth($login,$password) | |||
303 | function isLoggedIn() | 304 | function isLoggedIn() |
304 | { | 305 | { |
305 | if ($GLOBALS['config']['OPEN_SHAARLI']) return true; | 306 | if ($GLOBALS['config']['OPEN_SHAARLI']) return true; |
307 | |||
308 | if (!isset($GLOBALS['login'])) return false; // Shaarli is not configured yet. | ||
306 | 309 | ||
307 | // If session does not exist on server side, or IP address has changed, or session has expired, logout. | 310 | // If session does not exist on server side, or IP address has changed, or session has expired, logout. |
308 | if (empty($_SESSION['uid']) || ($GLOBALS['disablesessionprotection']==false && $_SESSION['ip']!=allIPs()) || time()>=$_SESSION['expires_on']) | 311 | if (empty($_SESSION['uid']) || ($GLOBALS['disablesessionprotection']==false && $_SESSION['ip']!=allIPs()) || time()>=$_SESSION['expires_on']) |
@@ -1971,6 +1974,28 @@ function install() | |||
1971 | // On free.fr host, make sure the /sessions directory exists, otherwise login will not work. | 1974 | // On free.fr host, make sure the /sessions directory exists, otherwise login will not work. |
1972 | if (endsWith($_SERVER['SERVER_NAME'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705); | 1975 | if (endsWith($_SERVER['SERVER_NAME'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705); |
1973 | 1976 | ||
1977 | |||
1978 | // This part makes sure sessions works correctly. | ||
1979 | // (Because on some hosts, session.save_path may not be set correctly, | ||
1980 | // or we may not have write access to it.) | ||
1981 | if (isset($_GET['test_session']) && ( !isset($_SESSION) || !isset($_SESSION['session_tested']) || $_SESSION['session_tested']!='Working')) | ||
1982 | { // Step 2: Check if data in session is correct. | ||
1983 | echo '<pre>Sessions do not seem to work correctly on your server.<br>'; | ||
1984 | echo 'Make sure the variable session.save_path is set correctly in your php config, and that you have write access to it.<br>'; | ||
1985 | echo 'It currently points to '.session_save_path().'<br><br><a href="?">Click to try again.</a></pre>'; | ||
1986 | die; | ||
1987 | } | ||
1988 | if (!isset($_SESSION['session_tested'])) | ||
1989 | { // Step 1 : Try to store data in session and reload page. | ||
1990 | $_SESSION['session_tested'] = 'Working'; // Try to set a variable in session. | ||
1991 | header('Location: '.indexUrl().'?test_session'); // Redirect to check stored data. | ||
1992 | } | ||
1993 | if (isset($_GET['test_session'])) | ||
1994 | { // Step 3: Sessions are ok. Remove test parameter from URL. | ||
1995 | header('Location: '.indexUrl()); | ||
1996 | } | ||
1997 | |||
1998 | |||
1974 | if (!empty($_POST['setlogin']) && !empty($_POST['setpassword'])) | 1999 | if (!empty($_POST['setlogin']) && !empty($_POST['setpassword'])) |
1975 | { | 2000 | { |
1976 | $tz = 'UTC'; | 2001 | $tz = 'UTC'; |