aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'index.php')
-rw-r--r--index.php144
1 files changed, 38 insertions, 106 deletions
diff --git a/index.php b/index.php
index 34785209..5e15b9c2 100644
--- a/index.php
+++ b/index.php
@@ -121,8 +121,8 @@ if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli']))
121} 121}
122 122
123$conf = new ConfigManager(); 123$conf = new ConfigManager();
124$loginManager = new LoginManager($GLOBALS, $conf);
125$sessionManager = new SessionManager($_SESSION, $conf); 124$sessionManager = new SessionManager($_SESSION, $conf);
125$loginManager = new LoginManager($GLOBALS, $conf, $sessionManager);
126 126
127// LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead. 127// LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead.
128if (! defined('LC_MESSAGES')) { 128if (! defined('LC_MESSAGES')) {
@@ -178,88 +178,20 @@ if (! is_file($conf->getConfigFileExt())) {
178// a token depending of deployment salt, user password, and the current ip 178// a token depending of deployment salt, user password, and the current ip
179define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt'))); 179define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt')));
180 180
181/** 181$loginManager->checkLoginState($_SERVER, $_SESSION, $_COOKIE, WEB_PATH, STAY_SIGNED_IN_TOKEN);
182 * Checking session state (i.e. is the user still logged in)
183 *
184 * @param ConfigManager $conf Configuration Manager instance.
185 * @param SessionManager $sessionManager SessionManager instance
186 *
187 * @return bool true if the user is logged in, false otherwise.
188 */
189function setup_login_state($conf, $sessionManager)
190{
191 if ($conf->get('security.open_shaarli')) {
192 return true;
193 }
194 $userIsLoggedIn = false; // By default, we do not consider the user as logged in;
195 $loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met.
196 if (! $conf->exists('credentials.login')) {
197 $userIsLoggedIn = false; // Shaarli is not configured yet.
198 $loginFailure = true;
199 }
200 if (isset($_COOKIE[SessionManager::$LOGGED_IN_COOKIE])
201 && $_COOKIE[SessionManager::$LOGGED_IN_COOKIE] === STAY_SIGNED_IN_TOKEN
202 && !$loginFailure
203 ) {
204 $sessionManager->storeLoginInfo($_SERVER);
205 $userIsLoggedIn = true;
206 }
207 // If session does not exist on server side, or IP address has changed, or session has expired, logout.
208 if (empty($_SESSION['uid'])
209 || ($conf->get('security.session_protection_disabled') === false && $_SESSION['ip'] != client_ip_id($_SERVER))
210 || time() >= $_SESSION['expires_on'])
211 {
212 $sessionManager->logout(WEB_PATH);
213 $userIsLoggedIn = false;
214 $loginFailure = true;
215 }
216 if (!empty($_SESSION['longlastingsession'])) {
217 $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // In case of "Stay signed in" checked.
218 } else {
219 $_SESSION['expires_on'] = time() + $sessionManager::$INACTIVITY_TIMEOUT;
220 }
221 if (!$loginFailure) {
222 $userIsLoggedIn = true;
223 }
224
225 return $userIsLoggedIn;
226}
227
228$userIsLoggedIn = setup_login_state($conf, $sessionManager);
229
230// ------------------------------------------------------------------------------------------
231// Session management
232 182
233/** 183/**
234 * Check that user/password is correct. 184 * Adapter function for PageBuilder
235 *
236 * @param string $login Username
237 * @param string $password User password
238 * @param ConfigManager $conf Configuration Manager instance.
239 * @param SessionManager $sessionManager SessionManager instance
240 * 185 *
241 * @return bool: authentication successful or not. 186 * TODO: update PageBuilder and tests
242 */ 187 */
243function check_auth($login, $password, $conf, $sessionManager)
244{
245 $hash = sha1($password . $login . $conf->get('credentials.salt'));
246 if ($login == $conf->get('credentials.login') && $hash == $conf->get('credentials.hash')) {
247 // Login/password is correct.
248 $sessionManager->storeLoginInfo($_SERVER);
249 logm($conf->get('resource.log'), $_SERVER['REMOTE_ADDR'], 'Login successful');
250 return true;
251 }
252 logm($conf->get('resource.log'), $_SERVER['REMOTE_ADDR'], 'Login failed for user '.$login);
253 return false;
254}
255
256// Returns true if the user is logged in.
257function isLoggedIn() 188function isLoggedIn()
258{ 189{
259 global $userIsLoggedIn; 190 global $loginManager;
260 return $userIsLoggedIn; 191 return $loginManager->isLoggedIn();
261} 192}
262 193
194
263// ------------------------------------------------------------------------------------------ 195// ------------------------------------------------------------------------------------------
264// Process login form: Check if login/password is correct. 196// Process login form: Check if login/password is correct.
265if (isset($_POST['login'])) { 197if (isset($_POST['login'])) {
@@ -268,7 +200,7 @@ if (isset($_POST['login'])) {
268 } 200 }
269 if (isset($_POST['password']) 201 if (isset($_POST['password'])
270 && $sessionManager->checkToken($_POST['token']) 202 && $sessionManager->checkToken($_POST['token'])
271 && (check_auth($_POST['login'], $_POST['password'], $conf, $sessionManager)) 203 && $loginManager->checkCredentials($_SERVER, $_POST['login'], $_POST['password'])
272 ) { 204 ) {
273 // Login/password is OK. 205 // Login/password is OK.
274 $loginManager->handleSuccessfulLogin($_SERVER); 206 $loginManager->handleSuccessfulLogin($_SERVER);
@@ -347,15 +279,16 @@ if (!isset($_SESSION['tokens'])) $_SESSION['tokens']=array(); // Token are atta
347 * Gives the last 7 days (which have links). 279 * Gives the last 7 days (which have links).
348 * This RSS feed cannot be filtered. 280 * This RSS feed cannot be filtered.
349 * 281 *
350 * @param ConfigManager $conf Configuration Manager instance. 282 * @param ConfigManager $conf Configuration Manager instance
283 * @param LoginManager $loginManager LoginManager instance
351 */ 284 */
352function showDailyRSS($conf) { 285function showDailyRSS($conf, $loginManager) {
353 // Cache system 286 // Cache system
354 $query = $_SERVER['QUERY_STRING']; 287 $query = $_SERVER['QUERY_STRING'];
355 $cache = new CachedPage( 288 $cache = new CachedPage(
356 $conf->get('config.PAGE_CACHE'), 289 $conf->get('config.PAGE_CACHE'),
357 page_url($_SERVER), 290 page_url($_SERVER),
358 startsWith($query,'do=dailyrss') && !isLoggedIn() 291 startsWith($query,'do=dailyrss') && !$loginManager->isLoggedIn()
359 ); 292 );
360 $cached = $cache->cachedVersion(); 293 $cached = $cache->cachedVersion();
361 if (!empty($cached)) { 294 if (!empty($cached)) {
@@ -367,7 +300,7 @@ function showDailyRSS($conf) {
367 // Read links from database (and filter private links if used it not logged in). 300 // Read links from database (and filter private links if used it not logged in).
368 $LINKSDB = new LinkDB( 301 $LINKSDB = new LinkDB(
369 $conf->get('resource.datastore'), 302 $conf->get('resource.datastore'),
370 isLoggedIn(), 303 $loginManager->isLoggedIn(),
371 $conf->get('privacy.hide_public_links'), 304 $conf->get('privacy.hide_public_links'),
372 $conf->get('redirector.url'), 305 $conf->get('redirector.url'),
373 $conf->get('redirector.encode_url') 306 $conf->get('redirector.encode_url')
@@ -509,7 +442,7 @@ function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager)
509 442
510 /* Hook is called before column construction so that plugins don't have 443 /* Hook is called before column construction so that plugins don't have
511 to deal with columns. */ 444 to deal with columns. */
512 $pluginManager->executeHooks('render_daily', $data, array('loggedin' => isLoggedIn())); 445 $pluginManager->executeHooks('render_daily', $data, array('loggedin' => $loginManager->isLoggedIn()));
513 446
514 /* We need to spread the articles on 3 columns. 447 /* We need to spread the articles on 3 columns.
515 I did not want to use a JavaScript lib like http://masonry.desandro.com/ 448 I did not want to use a JavaScript lib like http://masonry.desandro.com/
@@ -553,8 +486,8 @@ function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager)
553 * @param ConfigManager $conf Configuration Manager instance. 486 * @param ConfigManager $conf Configuration Manager instance.
554 * @param PluginManager $pluginManager Plugin Manager instance. 487 * @param PluginManager $pluginManager Plugin Manager instance.
555 */ 488 */
556function showLinkList($PAGE, $LINKSDB, $conf, $pluginManager) { 489function showLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager) {
557 buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager); // Compute list of links to display 490 buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager, $loginManager);
558 $PAGE->renderPage('linklist'); 491 $PAGE->renderPage('linklist');
559} 492}
560 493
@@ -574,7 +507,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
574 read_updates_file($conf->get('resource.updates')), 507 read_updates_file($conf->get('resource.updates')),
575 $LINKSDB, 508 $LINKSDB,
576 $conf, 509 $conf,
577 isLoggedIn() 510 $loginManager->isLoggedIn()
578 ); 511 );
579 try { 512 try {
580 $newUpdates = $updater->update(); 513 $newUpdates = $updater->update();
@@ -596,11 +529,11 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
596 529
597 // Determine which page will be rendered. 530 // Determine which page will be rendered.
598 $query = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : ''; 531 $query = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : '';
599 $targetPage = Router::findPage($query, $_GET, isLoggedIn()); 532 $targetPage = Router::findPage($query, $_GET, $loginManager->isLoggedIn());
600 533
601 if ( 534 if (
602 // if the user isn't logged in 535 // if the user isn't logged in
603 !isLoggedIn() && 536 !$loginManager->isLoggedIn() &&
604 // and Shaarli doesn't have public content... 537 // and Shaarli doesn't have public content...
605 $conf->get('privacy.hide_public_links') && 538 $conf->get('privacy.hide_public_links') &&
606 // and is configured to enforce the login 539 // and is configured to enforce the login
@@ -628,7 +561,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
628 $pluginManager->executeHooks('render_' . $name, $plugin_data, 561 $pluginManager->executeHooks('render_' . $name, $plugin_data,
629 array( 562 array(
630 'target' => $targetPage, 563 'target' => $targetPage,
631 'loggedin' => isLoggedIn() 564 'loggedin' => $loginManager->isLoggedIn()
632 ) 565 )
633 ); 566 );
634 $PAGE->assign('plugins_' . $name, $plugin_data); 567 $PAGE->assign('plugins_' . $name, $plugin_data);
@@ -680,7 +613,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
680 $data = array( 613 $data = array(
681 'linksToDisplay' => $linksToDisplay, 614 'linksToDisplay' => $linksToDisplay,
682 ); 615 );
683 $pluginManager->executeHooks('render_picwall', $data, array('loggedin' => isLoggedIn())); 616 $pluginManager->executeHooks('render_picwall', $data, array('loggedin' => $loginManager->isLoggedIn()));
684 617
685 foreach ($data as $key => $value) { 618 foreach ($data as $key => $value) {
686 $PAGE->assign($key, $value); 619 $PAGE->assign($key, $value);
@@ -727,7 +660,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
727 'search_tags' => $searchTags, 660 'search_tags' => $searchTags,
728 'tags' => $tagList, 661 'tags' => $tagList,
729 ); 662 );
730 $pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn())); 663 $pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => $loginManager->isLoggedIn()));
731 664
732 foreach ($data as $key => $value) { 665 foreach ($data as $key => $value) {
733 $PAGE->assign($key, $value); 666 $PAGE->assign($key, $value);
@@ -760,7 +693,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
760 'search_tags' => $searchTags, 693 'search_tags' => $searchTags,
761 'tags' => $tags, 694 'tags' => $tags,
762 ]; 695 ];
763 $pluginManager->executeHooks('render_taglist', $data, ['loggedin' => isLoggedIn()]); 696 $pluginManager->executeHooks('render_taglist', $data, ['loggedin' => $loginManager->isLoggedIn()]);
764 697
765 foreach ($data as $key => $value) { 698 foreach ($data as $key => $value) {
766 $PAGE->assign($key, $value); 699 $PAGE->assign($key, $value);
@@ -787,7 +720,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
787 $cache = new CachedPage( 720 $cache = new CachedPage(
788 $conf->get('resource.page_cache'), 721 $conf->get('resource.page_cache'),
789 page_url($_SERVER), 722 page_url($_SERVER),
790 startsWith($query,'do='. $targetPage) && !isLoggedIn() 723 startsWith($query,'do='. $targetPage) && !$loginManager->isLoggedIn()
791 ); 724 );
792 $cached = $cache->cachedVersion(); 725 $cached = $cache->cachedVersion();
793 if (!empty($cached)) { 726 if (!empty($cached)) {
@@ -796,15 +729,15 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
796 } 729 }
797 730
798 // Generate data. 731 // Generate data.
799 $feedGenerator = new FeedBuilder($LINKSDB, $feedType, $_SERVER, $_GET, isLoggedIn()); 732 $feedGenerator = new FeedBuilder($LINKSDB, $feedType, $_SERVER, $_GET, $loginManager->isLoggedIn());
800 $feedGenerator->setLocale(strtolower(setlocale(LC_COLLATE, 0))); 733 $feedGenerator->setLocale(strtolower(setlocale(LC_COLLATE, 0)));
801 $feedGenerator->setHideDates($conf->get('privacy.hide_timestamps') && !isLoggedIn()); 734 $feedGenerator->setHideDates($conf->get('privacy.hide_timestamps') && !$loginManager->isLoggedIn());
802 $feedGenerator->setUsePermalinks(isset($_GET['permalinks']) || !$conf->get('feed.rss_permalinks')); 735 $feedGenerator->setUsePermalinks(isset($_GET['permalinks']) || !$conf->get('feed.rss_permalinks'));
803 $data = $feedGenerator->buildData(); 736 $data = $feedGenerator->buildData();
804 737
805 // Process plugin hook. 738 // Process plugin hook.
806 $pluginManager->executeHooks('render_feed', $data, array( 739 $pluginManager->executeHooks('render_feed', $data, array(
807 'loggedin' => isLoggedIn(), 740 'loggedin' => $loginManager->isLoggedIn(),
808 'target' => $targetPage, 741 'target' => $targetPage,
809 )); 742 ));
810 743
@@ -952,7 +885,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
952 } 885 }
953 886
954 // -------- Handle other actions allowed for non-logged in users: 887 // -------- Handle other actions allowed for non-logged in users:
955 if (!isLoggedIn()) 888 if (!$loginManager->isLoggedIn())
956 { 889 {
957 // User tries to post new link but is not logged in: 890 // User tries to post new link but is not logged in:
958 // Show login screen, then redirect to ?post=... 891 // Show login screen, then redirect to ?post=...
@@ -968,7 +901,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
968 exit; 901 exit;
969 } 902 }
970 903
971 showLinkList($PAGE, $LINKSDB, $conf, $pluginManager); 904 showLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager);
972 if (isset($_GET['edit_link'])) { 905 if (isset($_GET['edit_link'])) {
973 header('Location: ?do=login&edit_link='. escape($_GET['edit_link'])); 906 header('Location: ?do=login&edit_link='. escape($_GET['edit_link']));
974 exit; 907 exit;
@@ -1019,7 +952,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
1019 $conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand())); 952 $conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand()));
1020 $conf->set('credentials.hash', sha1($_POST['setpassword'] . $conf->get('credentials.login') . $conf->get('credentials.salt'))); 953 $conf->set('credentials.hash', sha1($_POST['setpassword'] . $conf->get('credentials.login') . $conf->get('credentials.salt')));
1021 try { 954 try {
1022 $conf->write(isLoggedIn()); 955 $conf->write($loginManager->isLoggedIn());
1023 } 956 }
1024 catch(Exception $e) { 957 catch(Exception $e) {
1025 error_log( 958 error_log(
@@ -1070,7 +1003,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
1070 $conf->set('translation.language', escape($_POST['language'])); 1003 $conf->set('translation.language', escape($_POST['language']));
1071 1004
1072 try { 1005 try {
1073 $conf->write(isLoggedIn()); 1006 $conf->write($loginManager->isLoggedIn());
1074 $history->updateSettings(); 1007 $history->updateSettings();
1075 invalidateCaches($conf->get('resource.page_cache')); 1008 invalidateCaches($conf->get('resource.page_cache'));
1076 } 1009 }
@@ -1522,7 +1455,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
1522 else { 1455 else {
1523 $conf->set('general.enabled_plugins', save_plugin_config($_POST)); 1456 $conf->set('general.enabled_plugins', save_plugin_config($_POST));
1524 } 1457 }
1525 $conf->write(isLoggedIn()); 1458 $conf->write($loginManager->isLoggedIn());
1526 $history->updateSettings(); 1459 $history->updateSettings();
1527 } 1460 }
1528 catch (Exception $e) { 1461 catch (Exception $e) {
@@ -1547,7 +1480,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
1547 } 1480 }
1548 1481
1549 // -------- Otherwise, simply display search form and links: 1482 // -------- Otherwise, simply display search form and links:
1550 showLinkList($PAGE, $LINKSDB, $conf, $pluginManager); 1483 showLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager);
1551 exit; 1484 exit;
1552} 1485}
1553 1486
@@ -1559,8 +1492,9 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
1559 * @param LinkDB $LINKSDB LinkDB instance. 1492 * @param LinkDB $LINKSDB LinkDB instance.
1560 * @param ConfigManager $conf Configuration Manager instance. 1493 * @param ConfigManager $conf Configuration Manager instance.
1561 * @param PluginManager $pluginManager Plugin Manager instance. 1494 * @param PluginManager $pluginManager Plugin Manager instance.
1495 * @param LoginManager $loginManager LoginManager instance
1562 */ 1496 */
1563function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager) 1497function buildLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager)
1564{ 1498{
1565 // Used in templates 1499 // Used in templates
1566 if (isset($_GET['searchtags'])) { 1500 if (isset($_GET['searchtags'])) {
@@ -1599,8 +1533,6 @@ function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager)
1599 $keys[] = $key; 1533 $keys[] = $key;
1600 } 1534 }
1601 1535
1602
1603
1604 // Select articles according to paging. 1536 // Select articles according to paging.
1605 $pagecount = ceil(count($keys) / $_SESSION['LINKS_PER_PAGE']); 1537 $pagecount = ceil(count($keys) / $_SESSION['LINKS_PER_PAGE']);
1606 $pagecount = $pagecount == 0 ? 1 : $pagecount; 1538 $pagecount = $pagecount == 0 ? 1 : $pagecount;
@@ -1681,7 +1613,7 @@ function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager)
1681 $data['pagetitle'] .= '- '. $conf->get('general.title'); 1613 $data['pagetitle'] .= '- '. $conf->get('general.title');
1682 } 1614 }
1683 1615
1684 $pluginManager->executeHooks('render_linklist', $data, array('loggedin' => isLoggedIn())); 1616 $pluginManager->executeHooks('render_linklist', $data, array('loggedin' => $loginManager->isLoggedIn()));
1685 1617
1686 foreach ($data as $key => $value) { 1618 foreach ($data as $key => $value) {
1687 $PAGE->assign($key, $value); 1619 $PAGE->assign($key, $value);
@@ -1952,7 +1884,7 @@ function install($conf, $sessionManager) {
1952 ); 1884 );
1953 try { 1885 try {
1954 // Everything is ok, let's create config file. 1886 // Everything is ok, let's create config file.
1955 $conf->write(isLoggedIn()); 1887 $conf->write($loginManager->isLoggedIn());
1956 } 1888 }
1957 catch(Exception $e) { 1889 catch(Exception $e) {
1958 error_log( 1890 error_log(
@@ -2216,7 +2148,7 @@ try {
2216 2148
2217$linkDb = new LinkDB( 2149$linkDb = new LinkDB(
2218 $conf->get('resource.datastore'), 2150 $conf->get('resource.datastore'),
2219 isLoggedIn(), 2151 $loginManager->isLoggedIn(),
2220 $conf->get('privacy.hide_public_links'), 2152 $conf->get('privacy.hide_public_links'),
2221 $conf->get('redirector.url'), 2153 $conf->get('redirector.url'),
2222 $conf->get('redirector.encode_url') 2154 $conf->get('redirector.encode_url')