diff options
Diffstat (limited to 'index.php')
-rw-r--r-- | index.php | 91 |
1 files changed, 58 insertions, 33 deletions
@@ -64,7 +64,6 @@ require_once 'application/FeedBuilder.php'; | |||
64 | require_once 'application/FileUtils.php'; | 64 | require_once 'application/FileUtils.php'; |
65 | require_once 'application/History.php'; | 65 | require_once 'application/History.php'; |
66 | require_once 'application/HttpUtils.php'; | 66 | require_once 'application/HttpUtils.php'; |
67 | require_once 'application/Languages.php'; | ||
68 | require_once 'application/LinkDB.php'; | 67 | require_once 'application/LinkDB.php'; |
69 | require_once 'application/LinkFilter.php'; | 68 | require_once 'application/LinkFilter.php'; |
70 | require_once 'application/LinkUtils.php'; | 69 | require_once 'application/LinkUtils.php'; |
@@ -76,6 +75,7 @@ require_once 'application/Utils.php'; | |||
76 | require_once 'application/PluginManager.php'; | 75 | require_once 'application/PluginManager.php'; |
77 | require_once 'application/Router.php'; | 76 | require_once 'application/Router.php'; |
78 | require_once 'application/Updater.php'; | 77 | require_once 'application/Updater.php'; |
78 | use \Shaarli\Languages; | ||
79 | use \Shaarli\ThemeUtils; | 79 | use \Shaarli\ThemeUtils; |
80 | use \Shaarli\Config\ConfigManager; | 80 | use \Shaarli\Config\ConfigManager; |
81 | 81 | ||
@@ -121,8 +121,16 @@ if (isset($_COOKIE['shaarli']) && !is_session_id_valid($_COOKIE['shaarli'])) { | |||
121 | } | 121 | } |
122 | 122 | ||
123 | $conf = new ConfigManager(); | 123 | $conf = new ConfigManager(); |
124 | |||
125 | // Sniff browser language and set date format accordingly. | ||
126 | if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { | ||
127 | autoLocale($_SERVER['HTTP_ACCEPT_LANGUAGE']); | ||
128 | } | ||
129 | |||
130 | new Languages(setlocale(LC_MESSAGES, 0), $conf); | ||
131 | |||
124 | $conf->setEmpty('general.timezone', date_default_timezone_get()); | 132 | $conf->setEmpty('general.timezone', date_default_timezone_get()); |
125 | $conf->setEmpty('general.title', 'Shared links on '. escape(index_url($_SERVER))); | 133 | $conf->setEmpty('general.title', t('Shared links on '). escape(index_url($_SERVER))); |
126 | RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme').'/'; // template directory | 134 | RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme').'/'; // template directory |
127 | RainTPL::$cache_dir = $conf->get('resource.raintpl_tmp'); // cache directory | 135 | RainTPL::$cache_dir = $conf->get('resource.raintpl_tmp'); // cache directory |
128 | 136 | ||
@@ -144,7 +152,7 @@ if (! is_file($conf->getConfigFileExt())) { | |||
144 | $errors = ApplicationUtils::checkResourcePermissions($conf); | 152 | $errors = ApplicationUtils::checkResourcePermissions($conf); |
145 | 153 | ||
146 | if ($errors != array()) { | 154 | if ($errors != array()) { |
147 | $message = '<p>Insufficient permissions:</p><ul>'; | 155 | $message = '<p>'. t('Insufficient permissions:') .'</p><ul>'; |
148 | 156 | ||
149 | foreach ($errors as $error) { | 157 | foreach ($errors as $error) { |
150 | $message .= '<li>'.$error.'</li>'; | 158 | $message .= '<li>'.$error.'</li>'; |
@@ -163,11 +171,6 @@ if (! is_file($conf->getConfigFileExt())) { | |||
163 | // a token depending of deployment salt, user password, and the current ip | 171 | // a token depending of deployment salt, user password, and the current ip |
164 | define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt'))); | 172 | define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt'))); |
165 | 173 | ||
166 | // Sniff browser language and set date format accordingly. | ||
167 | if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { | ||
168 | autoLocale($_SERVER['HTTP_ACCEPT_LANGUAGE']); | ||
169 | } | ||
170 | |||
171 | /** | 174 | /** |
172 | * Checking session state (i.e. is the user still logged in) | 175 | * Checking session state (i.e. is the user still logged in) |
173 | * | 176 | * |
@@ -376,7 +379,7 @@ function ban_canLogin($conf) | |||
376 | // Process login form: Check if login/password is correct. | 379 | // Process login form: Check if login/password is correct. |
377 | if (isset($_POST['login'])) | 380 | if (isset($_POST['login'])) |
378 | { | 381 | { |
379 | if (!ban_canLogin($conf)) die('I said: NO. You are banned for the moment. Go away.'); | 382 | if (!ban_canLogin($conf)) die(t('I said: NO. You are banned for the moment. Go away.')); |
380 | if (isset($_POST['password']) | 383 | if (isset($_POST['password']) |
381 | && tokenOk($_POST['token']) | 384 | && tokenOk($_POST['token']) |
382 | && (check_auth($_POST['login'], $_POST['password'], $conf)) | 385 | && (check_auth($_POST['login'], $_POST['password'], $conf)) |
@@ -440,7 +443,8 @@ if (isset($_POST['login'])) | |||
440 | } | 443 | } |
441 | } | 444 | } |
442 | } | 445 | } |
443 | echo '<script>alert("Wrong login/password.");document.location=\'?do=login'.$redir.'\';</script>'; // Redirect to login screen. | 446 | // Redirect to login screen. |
447 | echo '<script>alert("'. t("Wrong login/password.") .'");document.location=\'?do=login'.$redir.'\';</script>'; | ||
444 | exit; | 448 | exit; |
445 | } | 449 | } |
446 | } | 450 | } |
@@ -1100,16 +1104,19 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history) | |||
1100 | if ($targetPage == Router::$PAGE_CHANGEPASSWORD) | 1104 | if ($targetPage == Router::$PAGE_CHANGEPASSWORD) |
1101 | { | 1105 | { |
1102 | if ($conf->get('security.open_shaarli')) { | 1106 | if ($conf->get('security.open_shaarli')) { |
1103 | die('You are not supposed to change a password on an Open Shaarli.'); | 1107 | die(t('You are not supposed to change a password on an Open Shaarli.')); |
1104 | } | 1108 | } |
1105 | 1109 | ||
1106 | if (!empty($_POST['setpassword']) && !empty($_POST['oldpassword'])) | 1110 | if (!empty($_POST['setpassword']) && !empty($_POST['oldpassword'])) |
1107 | { | 1111 | { |
1108 | if (!tokenOk($_POST['token'])) die('Wrong token.'); // Go away! | 1112 | if (!tokenOk($_POST['token'])) die(t('Wrong token.')); // Go away! |
1109 | 1113 | ||
1110 | // Make sure old password is correct. | 1114 | // Make sure old password is correct. |
1111 | $oldhash = sha1($_POST['oldpassword'].$conf->get('credentials.login').$conf->get('credentials.salt')); | 1115 | $oldhash = sha1($_POST['oldpassword'].$conf->get('credentials.login').$conf->get('credentials.salt')); |
1112 | if ($oldhash!= $conf->get('credentials.hash')) { echo '<script>alert("The old password is not correct.");document.location=\'?do=changepasswd\';</script>'; exit; } | 1116 | if ($oldhash!= $conf->get('credentials.hash')) { |
1117 | echo '<script>alert("'. t('The old password is not correct.') .'");document.location=\'?do=changepasswd\';</script>'; | ||
1118 | exit; | ||
1119 | } | ||
1113 | // Save new password | 1120 | // Save new password |
1114 | // Salt renders rainbow-tables attacks useless. | 1121 | // Salt renders rainbow-tables attacks useless. |
1115 | $conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand())); | 1122 | $conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand())); |
@@ -1127,7 +1134,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history) | |||
1127 | echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=tools\';</script>'; | 1134 | echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=tools\';</script>'; |
1128 | exit; | 1135 | exit; |
1129 | } | 1136 | } |
1130 | echo '<script>alert("Your password has been changed.");document.location=\'?do=tools\';</script>'; | 1137 | echo '<script>alert("'. t('Your password has been changed') .'");document.location=\'?do=tools\';</script>'; |
1131 | exit; | 1138 | exit; |
1132 | } | 1139 | } |
1133 | else // show the change password form. | 1140 | else // show the change password form. |
@@ -1143,7 +1150,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history) | |||
1143 | if (!empty($_POST['title']) ) | 1150 | if (!empty($_POST['title']) ) |
1144 | { | 1151 | { |
1145 | if (!tokenOk($_POST['token'])) { | 1152 | if (!tokenOk($_POST['token'])) { |
1146 | die('Wrong token.'); // Go away! | 1153 | die(t('Wrong token.')); // Go away! |
1147 | } | 1154 | } |
1148 | $tz = 'UTC'; | 1155 | $tz = 'UTC'; |
1149 | if (!empty($_POST['continent']) && !empty($_POST['city']) | 1156 | if (!empty($_POST['continent']) && !empty($_POST['city']) |
@@ -1163,6 +1170,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history) | |||
1163 | $conf->set('privacy.hide_public_links', !empty($_POST['hidePublicLinks'])); | 1170 | $conf->set('privacy.hide_public_links', !empty($_POST['hidePublicLinks'])); |
1164 | $conf->set('api.enabled', !empty($_POST['enableApi'])); | 1171 | $conf->set('api.enabled', !empty($_POST['enableApi'])); |
1165 | $conf->set('api.secret', escape($_POST['apiSecret'])); | 1172 | $conf->set('api.secret', escape($_POST['apiSecret'])); |
1173 | $conf->set('translation.language', escape($_POST['language'])); | ||
1174 | |||
1166 | try { | 1175 | try { |
1167 | $conf->write(isLoggedIn()); | 1176 | $conf->write(isLoggedIn()); |
1168 | $history->updateSettings(); | 1177 | $history->updateSettings(); |
@@ -1178,7 +1187,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history) | |||
1178 | echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=configure\';</script>'; | 1187 | echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=configure\';</script>'; |
1179 | exit; | 1188 | exit; |
1180 | } | 1189 | } |
1181 | echo '<script>alert("Configuration was saved.");document.location=\'?do=configure\';</script>'; | 1190 | echo '<script>alert("'. t('Configuration was saved.') .'");document.location=\'?do=configure\';</script>'; |
1182 | exit; | 1191 | exit; |
1183 | } | 1192 | } |
1184 | else // Show the configuration form. | 1193 | else // Show the configuration form. |
@@ -1200,6 +1209,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history) | |||
1200 | $PAGE->assign('hide_public_links', $conf->get('privacy.hide_public_links', false)); | 1209 | $PAGE->assign('hide_public_links', $conf->get('privacy.hide_public_links', false)); |
1201 | $PAGE->assign('api_enabled', $conf->get('api.enabled', true)); | 1210 | $PAGE->assign('api_enabled', $conf->get('api.enabled', true)); |
1202 | $PAGE->assign('api_secret', $conf->get('api.secret')); | 1211 | $PAGE->assign('api_secret', $conf->get('api.secret')); |
1212 | $PAGE->assign('languages', Languages::getAvailableLanguages()); | ||
1213 | $PAGE->assign('language', $conf->get('translation.language')); | ||
1203 | $PAGE->renderPage('configure'); | 1214 | $PAGE->renderPage('configure'); |
1204 | exit; | 1215 | exit; |
1205 | } | 1216 | } |
@@ -1215,7 +1226,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history) | |||
1215 | } | 1226 | } |
1216 | 1227 | ||
1217 | if (!tokenOk($_POST['token'])) { | 1228 | if (!tokenOk($_POST['token'])) { |
1218 | die('Wrong token.'); | 1229 | die(t('Wrong token.')); |
1219 | } | 1230 | } |
1220 | 1231 | ||
1221 | $alteredLinks = $LINKSDB->renameTag(escape($_POST['fromtag']), escape($_POST['totag'])); | 1232 | $alteredLinks = $LINKSDB->renameTag(escape($_POST['fromtag']), escape($_POST['totag'])); |
@@ -1225,9 +1236,10 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history) | |||
1225 | } | 1236 | } |
1226 | $delete = empty($_POST['totag']); | 1237 | $delete = empty($_POST['totag']); |
1227 | $redirect = $delete ? 'do=changetag' : 'searchtags='. urlencode(escape($_POST['totag'])); | 1238 | $redirect = $delete ? 'do=changetag' : 'searchtags='. urlencode(escape($_POST['totag'])); |
1239 | $count = count($alteredLinks); | ||
1228 | $alert = $delete | 1240 | $alert = $delete |
1229 | ? sprintf(t('The tag was removed from %d links.'), count($alteredLinks)) | 1241 | ? sprintf(t('The tag was removed from %d link.', 'The tag was removed from %d links.', $count), $count) |
1230 | : sprintf(t('The tag was renamed in %d links.'), count($alteredLinks)); | 1242 | : sprintf(t('The tag was renamed in %d link.', 'The tag was renamed in %d links.', $count), $count); |
1231 | echo '<script>alert("'. $alert .'");document.location=\'?'. $redirect .'\';</script>'; | 1243 | echo '<script>alert("'. $alert .'");document.location=\'?'. $redirect .'\';</script>'; |
1232 | exit; | 1244 | exit; |
1233 | } | 1245 | } |
@@ -1244,7 +1256,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history) | |||
1244 | { | 1256 | { |
1245 | // Go away! | 1257 | // Go away! |
1246 | if (! tokenOk($_POST['token'])) { | 1258 | if (! tokenOk($_POST['token'])) { |
1247 | die('Wrong token.'); | 1259 | die(t('Wrong token.')); |
1248 | } | 1260 | } |
1249 | 1261 | ||
1250 | // lf_id should only be present if the link exists. | 1262 | // lf_id should only be present if the link exists. |
@@ -1344,7 +1356,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history) | |||
1344 | if ($targetPage == Router::$PAGE_DELETELINK) | 1356 | if ($targetPage == Router::$PAGE_DELETELINK) |
1345 | { | 1357 | { |
1346 | if (! tokenOk($_GET['token'])) { | 1358 | if (! tokenOk($_GET['token'])) { |
1347 | die('Wrong token.'); | 1359 | die(t('Wrong token.')); |
1348 | } | 1360 | } |
1349 | 1361 | ||
1350 | $ids = trim($_GET['lf_linkdate']); | 1362 | $ids = trim($_GET['lf_linkdate']); |
@@ -1443,7 +1455,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history) | |||
1443 | 1455 | ||
1444 | if ($url == '') { | 1456 | if ($url == '') { |
1445 | $url = '?' . smallHash($linkdate . $LINKSDB->getNextId()); | 1457 | $url = '?' . smallHash($linkdate . $LINKSDB->getNextId()); |
1446 | $title = $conf->get('general.default_note_title', 'Note: '); | 1458 | $title = $conf->get('general.default_note_title', t('Note: ')); |
1447 | } | 1459 | } |
1448 | $url = escape($url); | 1460 | $url = escape($url); |
1449 | $title = escape($title); | 1461 | $title = escape($title); |
@@ -1550,11 +1562,14 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history) | |||
1550 | // Import bookmarks from an uploaded file | 1562 | // Import bookmarks from an uploaded file |
1551 | if (isset($_FILES['filetoupload']['size']) && $_FILES['filetoupload']['size'] == 0) { | 1563 | if (isset($_FILES['filetoupload']['size']) && $_FILES['filetoupload']['size'] == 0) { |
1552 | // The file is too big or some form field may be missing. | 1564 | // The file is too big or some form field may be missing. |
1553 | echo '<script>alert("The file you are trying to upload is probably' | 1565 | $msg = sprintf( |
1554 | .' bigger than what this webserver can accept (' | 1566 | t( |
1555 | .get_max_upload_size(ini_get('post_max_size'), ini_get('upload_max_filesize')).').' | 1567 | 'The file you are trying to upload is probably bigger than what this webserver can accept' |
1556 | .' Please upload in smaller chunks.");document.location=\'?do=' | 1568 | .' (%s). Please upload in smaller chunks.' |
1557 | .Router::$PAGE_IMPORT .'\';</script>'; | 1569 | ), |
1570 | get_max_upload_size(ini_get('post_max_size'), ini_get('upload_max_filesize')) | ||
1571 | ); | ||
1572 | echo '<script>alert("'. $msg .'");document.location=\'?do='.Router::$PAGE_IMPORT .'\';</script>'; | ||
1558 | exit; | 1573 | exit; |
1559 | } | 1574 | } |
1560 | if (! tokenOk($_POST['token'])) { | 1575 | if (! tokenOk($_POST['token'])) { |
@@ -1962,12 +1977,20 @@ function install($conf) | |||
1962 | // (Because on some hosts, session.save_path may not be set correctly, | 1977 | // (Because on some hosts, session.save_path may not be set correctly, |
1963 | // or we may not have write access to it.) | 1978 | // or we may not have write access to it.) |
1964 | if (isset($_GET['test_session']) && ( !isset($_SESSION) || !isset($_SESSION['session_tested']) || $_SESSION['session_tested']!='Working')) | 1979 | if (isset($_GET['test_session']) && ( !isset($_SESSION) || !isset($_SESSION['session_tested']) || $_SESSION['session_tested']!='Working')) |
1965 | { // Step 2: Check if data in session is correct. | 1980 | { |
1966 | echo '<pre>Sessions do not seem to work correctly on your server.<br>'; | 1981 | // Step 2: Check if data in session is correct. |
1967 | echo 'Make sure the variable session.save_path is set correctly in your php config, and that you have write access to it.<br>'; | 1982 | $msg = t( |
1968 | echo 'It currently points to '.session_save_path().'<br>'; | 1983 | '<pre>Sessions do not seem to work correctly on your server.<br>'. |
1969 | echo 'Check that the hostname used to access Shaarli contains a dot. On some browsers, accessing your server via a hostname like \'localhost\' or any custom hostname without a dot causes cookie storage to fail. We recommend accessing your server via it\'s IP address or Fully Qualified Domain Name.<br>'; | 1984 | 'Make sure the variable "session.save_path" is set correctly in your PHP config, '. |
1970 | echo '<br><a href="?">Click to try again.</a></pre>'; | 1985 | 'and that you have write access to it.<br>'. |
1986 | 'It currently points to %s.<br>'. | ||
1987 | 'On some browsers, accessing your server via a hostname like \'localhost\' '. | ||
1988 | 'or any custom hostname without a dot causes cookie storage to fail. '. | ||
1989 | 'We recommend accessing your server via it\'s IP address or Fully Qualified Domain Name.<br>' | ||
1990 | ); | ||
1991 | $msg = sprintf($msg, session_save_path()); | ||
1992 | echo $msg; | ||
1993 | echo '<br><a href="?">'. t('Click to try again.') .'</a></pre>'; | ||
1971 | die; | 1994 | die; |
1972 | } | 1995 | } |
1973 | if (!isset($_SESSION['session_tested'])) | 1996 | if (!isset($_SESSION['session_tested'])) |
@@ -2000,6 +2023,7 @@ function install($conf) | |||
2000 | } else { | 2023 | } else { |
2001 | $conf->set('general.title', 'Shared links on '.escape(index_url($_SERVER))); | 2024 | $conf->set('general.title', 'Shared links on '.escape(index_url($_SERVER))); |
2002 | } | 2025 | } |
2026 | $conf->set('translation.language', escape($_POST['language'])); | ||
2003 | $conf->set('updates.check_updates', !empty($_POST['updateCheck'])); | 2027 | $conf->set('updates.check_updates', !empty($_POST['updateCheck'])); |
2004 | $conf->set('api.enabled', !empty($_POST['enableApi'])); | 2028 | $conf->set('api.enabled', !empty($_POST['enableApi'])); |
2005 | $conf->set( | 2029 | $conf->set( |
@@ -2031,6 +2055,7 @@ function install($conf) | |||
2031 | list($continents, $cities) = generateTimeZoneData(timezone_identifiers_list(), date_default_timezone_get()); | 2055 | list($continents, $cities) = generateTimeZoneData(timezone_identifiers_list(), date_default_timezone_get()); |
2032 | $PAGE->assign('continents', $continents); | 2056 | $PAGE->assign('continents', $continents); |
2033 | $PAGE->assign('cities', $cities); | 2057 | $PAGE->assign('cities', $cities); |
2058 | $PAGE->assign('languages', Languages::getAvailableLanguages()); | ||
2034 | $PAGE->renderPage('install'); | 2059 | $PAGE->renderPage('install'); |
2035 | exit; | 2060 | exit; |
2036 | } | 2061 | } |