aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'index.php')
-rw-r--r--index.php91
1 files changed, 58 insertions, 33 deletions
diff --git a/index.php b/index.php
index 4068a828..1dc81843 100644
--- a/index.php
+++ b/index.php
@@ -64,7 +64,6 @@ require_once 'application/FeedBuilder.php';
64require_once 'application/FileUtils.php'; 64require_once 'application/FileUtils.php';
65require_once 'application/History.php'; 65require_once 'application/History.php';
66require_once 'application/HttpUtils.php'; 66require_once 'application/HttpUtils.php';
67require_once 'application/Languages.php';
68require_once 'application/LinkDB.php'; 67require_once 'application/LinkDB.php';
69require_once 'application/LinkFilter.php'; 68require_once 'application/LinkFilter.php';
70require_once 'application/LinkUtils.php'; 69require_once 'application/LinkUtils.php';
@@ -76,6 +75,7 @@ require_once 'application/Utils.php';
76require_once 'application/PluginManager.php'; 75require_once 'application/PluginManager.php';
77require_once 'application/Router.php'; 76require_once 'application/Router.php';
78require_once 'application/Updater.php'; 77require_once 'application/Updater.php';
78use \Shaarli\Languages;
79use \Shaarli\ThemeUtils; 79use \Shaarli\ThemeUtils;
80use \Shaarli\Config\ConfigManager; 80use \Shaarli\Config\ConfigManager;
81 81
@@ -121,8 +121,16 @@ if (isset($_COOKIE['shaarli']) && !is_session_id_valid($_COOKIE['shaarli'])) {
121} 121}
122 122
123$conf = new ConfigManager(); 123$conf = new ConfigManager();
124
125// Sniff browser language and set date format accordingly.
126if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
127 autoLocale($_SERVER['HTTP_ACCEPT_LANGUAGE']);
128}
129
130new Languages(setlocale(LC_MESSAGES, 0), $conf);
131
124$conf->setEmpty('general.timezone', date_default_timezone_get()); 132$conf->setEmpty('general.timezone', date_default_timezone_get());
125$conf->setEmpty('general.title', 'Shared links on '. escape(index_url($_SERVER))); 133$conf->setEmpty('general.title', t('Shared links on '). escape(index_url($_SERVER)));
126RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme').'/'; // template directory 134RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme').'/'; // template directory
127RainTPL::$cache_dir = $conf->get('resource.raintpl_tmp'); // cache directory 135RainTPL::$cache_dir = $conf->get('resource.raintpl_tmp'); // cache directory
128 136
@@ -144,7 +152,7 @@ if (! is_file($conf->getConfigFileExt())) {
144 $errors = ApplicationUtils::checkResourcePermissions($conf); 152 $errors = ApplicationUtils::checkResourcePermissions($conf);
145 153
146 if ($errors != array()) { 154 if ($errors != array()) {
147 $message = '<p>Insufficient permissions:</p><ul>'; 155 $message = '<p>'. t('Insufficient permissions:') .'</p><ul>';
148 156
149 foreach ($errors as $error) { 157 foreach ($errors as $error) {
150 $message .= '<li>'.$error.'</li>'; 158 $message .= '<li>'.$error.'</li>';
@@ -163,11 +171,6 @@ if (! is_file($conf->getConfigFileExt())) {
163// a token depending of deployment salt, user password, and the current ip 171// a token depending of deployment salt, user password, and the current ip
164define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt'))); 172define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt')));
165 173
166// Sniff browser language and set date format accordingly.
167if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
168 autoLocale($_SERVER['HTTP_ACCEPT_LANGUAGE']);
169}
170
171/** 174/**
172 * Checking session state (i.e. is the user still logged in) 175 * Checking session state (i.e. is the user still logged in)
173 * 176 *
@@ -376,7 +379,7 @@ function ban_canLogin($conf)
376// Process login form: Check if login/password is correct. 379// Process login form: Check if login/password is correct.
377if (isset($_POST['login'])) 380if (isset($_POST['login']))
378{ 381{
379 if (!ban_canLogin($conf)) die('I said: NO. You are banned for the moment. Go away.'); 382 if (!ban_canLogin($conf)) die(t('I said: NO. You are banned for the moment. Go away.'));
380 if (isset($_POST['password']) 383 if (isset($_POST['password'])
381 && tokenOk($_POST['token']) 384 && tokenOk($_POST['token'])
382 && (check_auth($_POST['login'], $_POST['password'], $conf)) 385 && (check_auth($_POST['login'], $_POST['password'], $conf))
@@ -440,7 +443,8 @@ if (isset($_POST['login']))
440 } 443 }
441 } 444 }
442 } 445 }
443 echo '<script>alert("Wrong login/password.");document.location=\'?do=login'.$redir.'\';</script>'; // Redirect to login screen. 446 // Redirect to login screen.
447 echo '<script>alert("'. t("Wrong login/password.") .'");document.location=\'?do=login'.$redir.'\';</script>';
444 exit; 448 exit;
445 } 449 }
446} 450}
@@ -1100,16 +1104,19 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1100 if ($targetPage == Router::$PAGE_CHANGEPASSWORD) 1104 if ($targetPage == Router::$PAGE_CHANGEPASSWORD)
1101 { 1105 {
1102 if ($conf->get('security.open_shaarli')) { 1106 if ($conf->get('security.open_shaarli')) {
1103 die('You are not supposed to change a password on an Open Shaarli.'); 1107 die(t('You are not supposed to change a password on an Open Shaarli.'));
1104 } 1108 }
1105 1109
1106 if (!empty($_POST['setpassword']) && !empty($_POST['oldpassword'])) 1110 if (!empty($_POST['setpassword']) && !empty($_POST['oldpassword']))
1107 { 1111 {
1108 if (!tokenOk($_POST['token'])) die('Wrong token.'); // Go away! 1112 if (!tokenOk($_POST['token'])) die(t('Wrong token.')); // Go away!
1109 1113
1110 // Make sure old password is correct. 1114 // Make sure old password is correct.
1111 $oldhash = sha1($_POST['oldpassword'].$conf->get('credentials.login').$conf->get('credentials.salt')); 1115 $oldhash = sha1($_POST['oldpassword'].$conf->get('credentials.login').$conf->get('credentials.salt'));
1112 if ($oldhash!= $conf->get('credentials.hash')) { echo '<script>alert("The old password is not correct.");document.location=\'?do=changepasswd\';</script>'; exit; } 1116 if ($oldhash!= $conf->get('credentials.hash')) {
1117 echo '<script>alert("'. t('The old password is not correct.') .'");document.location=\'?do=changepasswd\';</script>';
1118 exit;
1119 }
1113 // Save new password 1120 // Save new password
1114 // Salt renders rainbow-tables attacks useless. 1121 // Salt renders rainbow-tables attacks useless.
1115 $conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand())); 1122 $conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand()));
@@ -1127,7 +1134,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1127 echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=tools\';</script>'; 1134 echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=tools\';</script>';
1128 exit; 1135 exit;
1129 } 1136 }
1130 echo '<script>alert("Your password has been changed.");document.location=\'?do=tools\';</script>'; 1137 echo '<script>alert("'. t('Your password has been changed') .'");document.location=\'?do=tools\';</script>';
1131 exit; 1138 exit;
1132 } 1139 }
1133 else // show the change password form. 1140 else // show the change password form.
@@ -1143,7 +1150,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1143 if (!empty($_POST['title']) ) 1150 if (!empty($_POST['title']) )
1144 { 1151 {
1145 if (!tokenOk($_POST['token'])) { 1152 if (!tokenOk($_POST['token'])) {
1146 die('Wrong token.'); // Go away! 1153 die(t('Wrong token.')); // Go away!
1147 } 1154 }
1148 $tz = 'UTC'; 1155 $tz = 'UTC';
1149 if (!empty($_POST['continent']) && !empty($_POST['city']) 1156 if (!empty($_POST['continent']) && !empty($_POST['city'])
@@ -1163,6 +1170,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1163 $conf->set('privacy.hide_public_links', !empty($_POST['hidePublicLinks'])); 1170 $conf->set('privacy.hide_public_links', !empty($_POST['hidePublicLinks']));
1164 $conf->set('api.enabled', !empty($_POST['enableApi'])); 1171 $conf->set('api.enabled', !empty($_POST['enableApi']));
1165 $conf->set('api.secret', escape($_POST['apiSecret'])); 1172 $conf->set('api.secret', escape($_POST['apiSecret']));
1173 $conf->set('translation.language', escape($_POST['language']));
1174
1166 try { 1175 try {
1167 $conf->write(isLoggedIn()); 1176 $conf->write(isLoggedIn());
1168 $history->updateSettings(); 1177 $history->updateSettings();
@@ -1178,7 +1187,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1178 echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=configure\';</script>'; 1187 echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=configure\';</script>';
1179 exit; 1188 exit;
1180 } 1189 }
1181 echo '<script>alert("Configuration was saved.");document.location=\'?do=configure\';</script>'; 1190 echo '<script>alert("'. t('Configuration was saved.') .'");document.location=\'?do=configure\';</script>';
1182 exit; 1191 exit;
1183 } 1192 }
1184 else // Show the configuration form. 1193 else // Show the configuration form.
@@ -1200,6 +1209,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1200 $PAGE->assign('hide_public_links', $conf->get('privacy.hide_public_links', false)); 1209 $PAGE->assign('hide_public_links', $conf->get('privacy.hide_public_links', false));
1201 $PAGE->assign('api_enabled', $conf->get('api.enabled', true)); 1210 $PAGE->assign('api_enabled', $conf->get('api.enabled', true));
1202 $PAGE->assign('api_secret', $conf->get('api.secret')); 1211 $PAGE->assign('api_secret', $conf->get('api.secret'));
1212 $PAGE->assign('languages', Languages::getAvailableLanguages());
1213 $PAGE->assign('language', $conf->get('translation.language'));
1203 $PAGE->renderPage('configure'); 1214 $PAGE->renderPage('configure');
1204 exit; 1215 exit;
1205 } 1216 }
@@ -1215,7 +1226,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1215 } 1226 }
1216 1227
1217 if (!tokenOk($_POST['token'])) { 1228 if (!tokenOk($_POST['token'])) {
1218 die('Wrong token.'); 1229 die(t('Wrong token.'));
1219 } 1230 }
1220 1231
1221 $alteredLinks = $LINKSDB->renameTag(escape($_POST['fromtag']), escape($_POST['totag'])); 1232 $alteredLinks = $LINKSDB->renameTag(escape($_POST['fromtag']), escape($_POST['totag']));
@@ -1225,9 +1236,10 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1225 } 1236 }
1226 $delete = empty($_POST['totag']); 1237 $delete = empty($_POST['totag']);
1227 $redirect = $delete ? 'do=changetag' : 'searchtags='. urlencode(escape($_POST['totag'])); 1238 $redirect = $delete ? 'do=changetag' : 'searchtags='. urlencode(escape($_POST['totag']));
1239 $count = count($alteredLinks);
1228 $alert = $delete 1240 $alert = $delete
1229 ? sprintf(t('The tag was removed from %d links.'), count($alteredLinks)) 1241 ? sprintf(t('The tag was removed from %d link.', 'The tag was removed from %d links.', $count), $count)
1230 : sprintf(t('The tag was renamed in %d links.'), count($alteredLinks)); 1242 : sprintf(t('The tag was renamed in %d link.', 'The tag was renamed in %d links.', $count), $count);
1231 echo '<script>alert("'. $alert .'");document.location=\'?'. $redirect .'\';</script>'; 1243 echo '<script>alert("'. $alert .'");document.location=\'?'. $redirect .'\';</script>';
1232 exit; 1244 exit;
1233 } 1245 }
@@ -1244,7 +1256,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1244 { 1256 {
1245 // Go away! 1257 // Go away!
1246 if (! tokenOk($_POST['token'])) { 1258 if (! tokenOk($_POST['token'])) {
1247 die('Wrong token.'); 1259 die(t('Wrong token.'));
1248 } 1260 }
1249 1261
1250 // lf_id should only be present if the link exists. 1262 // lf_id should only be present if the link exists.
@@ -1344,7 +1356,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1344 if ($targetPage == Router::$PAGE_DELETELINK) 1356 if ($targetPage == Router::$PAGE_DELETELINK)
1345 { 1357 {
1346 if (! tokenOk($_GET['token'])) { 1358 if (! tokenOk($_GET['token'])) {
1347 die('Wrong token.'); 1359 die(t('Wrong token.'));
1348 } 1360 }
1349 1361
1350 $ids = trim($_GET['lf_linkdate']); 1362 $ids = trim($_GET['lf_linkdate']);
@@ -1443,7 +1455,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1443 1455
1444 if ($url == '') { 1456 if ($url == '') {
1445 $url = '?' . smallHash($linkdate . $LINKSDB->getNextId()); 1457 $url = '?' . smallHash($linkdate . $LINKSDB->getNextId());
1446 $title = $conf->get('general.default_note_title', 'Note: '); 1458 $title = $conf->get('general.default_note_title', t('Note: '));
1447 } 1459 }
1448 $url = escape($url); 1460 $url = escape($url);
1449 $title = escape($title); 1461 $title = escape($title);
@@ -1550,11 +1562,14 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1550 // Import bookmarks from an uploaded file 1562 // Import bookmarks from an uploaded file
1551 if (isset($_FILES['filetoupload']['size']) && $_FILES['filetoupload']['size'] == 0) { 1563 if (isset($_FILES['filetoupload']['size']) && $_FILES['filetoupload']['size'] == 0) {
1552 // The file is too big or some form field may be missing. 1564 // The file is too big or some form field may be missing.
1553 echo '<script>alert("The file you are trying to upload is probably' 1565 $msg = sprintf(
1554 .' bigger than what this webserver can accept (' 1566 t(
1555 .get_max_upload_size(ini_get('post_max_size'), ini_get('upload_max_filesize')).').' 1567 'The file you are trying to upload is probably bigger than what this webserver can accept'
1556 .' Please upload in smaller chunks.");document.location=\'?do=' 1568 .' (%s). Please upload in smaller chunks.'
1557 .Router::$PAGE_IMPORT .'\';</script>'; 1569 ),
1570 get_max_upload_size(ini_get('post_max_size'), ini_get('upload_max_filesize'))
1571 );
1572 echo '<script>alert("'. $msg .'");document.location=\'?do='.Router::$PAGE_IMPORT .'\';</script>';
1558 exit; 1573 exit;
1559 } 1574 }
1560 if (! tokenOk($_POST['token'])) { 1575 if (! tokenOk($_POST['token'])) {
@@ -1962,12 +1977,20 @@ function install($conf)
1962 // (Because on some hosts, session.save_path may not be set correctly, 1977 // (Because on some hosts, session.save_path may not be set correctly,
1963 // or we may not have write access to it.) 1978 // or we may not have write access to it.)
1964 if (isset($_GET['test_session']) && ( !isset($_SESSION) || !isset($_SESSION['session_tested']) || $_SESSION['session_tested']!='Working')) 1979 if (isset($_GET['test_session']) && ( !isset($_SESSION) || !isset($_SESSION['session_tested']) || $_SESSION['session_tested']!='Working'))
1965 { // Step 2: Check if data in session is correct. 1980 {
1966 echo '<pre>Sessions do not seem to work correctly on your server.<br>'; 1981 // Step 2: Check if data in session is correct.
1967 echo 'Make sure the variable session.save_path is set correctly in your php config, and that you have write access to it.<br>'; 1982 $msg = t(
1968 echo 'It currently points to '.session_save_path().'<br>'; 1983 '<pre>Sessions do not seem to work correctly on your server.<br>'.
1969 echo 'Check that the hostname used to access Shaarli contains a dot. On some browsers, accessing your server via a hostname like \'localhost\' or any custom hostname without a dot causes cookie storage to fail. We recommend accessing your server via it\'s IP address or Fully Qualified Domain Name.<br>'; 1984 'Make sure the variable "session.save_path" is set correctly in your PHP config, '.
1970 echo '<br><a href="?">Click to try again.</a></pre>'; 1985 'and that you have write access to it.<br>'.
1986 'It currently points to %s.<br>'.
1987 'On some browsers, accessing your server via a hostname like \'localhost\' '.
1988 'or any custom hostname without a dot causes cookie storage to fail. '.
1989 'We recommend accessing your server via it\'s IP address or Fully Qualified Domain Name.<br>'
1990 );
1991 $msg = sprintf($msg, session_save_path());
1992 echo $msg;
1993 echo '<br><a href="?">'. t('Click to try again.') .'</a></pre>';
1971 die; 1994 die;
1972 } 1995 }
1973 if (!isset($_SESSION['session_tested'])) 1996 if (!isset($_SESSION['session_tested']))
@@ -2000,6 +2023,7 @@ function install($conf)
2000 } else { 2023 } else {
2001 $conf->set('general.title', 'Shared links on '.escape(index_url($_SERVER))); 2024 $conf->set('general.title', 'Shared links on '.escape(index_url($_SERVER)));
2002 } 2025 }
2026 $conf->set('translation.language', escape($_POST['language']));
2003 $conf->set('updates.check_updates', !empty($_POST['updateCheck'])); 2027 $conf->set('updates.check_updates', !empty($_POST['updateCheck']));
2004 $conf->set('api.enabled', !empty($_POST['enableApi'])); 2028 $conf->set('api.enabled', !empty($_POST['enableApi']));
2005 $conf->set( 2029 $conf->set(
@@ -2031,6 +2055,7 @@ function install($conf)
2031 list($continents, $cities) = generateTimeZoneData(timezone_identifiers_list(), date_default_timezone_get()); 2055 list($continents, $cities) = generateTimeZoneData(timezone_identifiers_list(), date_default_timezone_get());
2032 $PAGE->assign('continents', $continents); 2056 $PAGE->assign('continents', $continents);
2033 $PAGE->assign('cities', $cities); 2057 $PAGE->assign('cities', $cities);
2058 $PAGE->assign('languages', Languages::getAvailableLanguages());
2034 $PAGE->renderPage('install'); 2059 $PAGE->renderPage('install');
2035 exit; 2060 exit;
2036} 2061}