aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'index.php')
-rw-r--r--index.php78
1 files changed, 48 insertions, 30 deletions
diff --git a/index.php b/index.php
index 4068a828..98171d78 100644
--- a/index.php
+++ b/index.php
@@ -64,7 +64,6 @@ require_once 'application/FeedBuilder.php';
64require_once 'application/FileUtils.php'; 64require_once 'application/FileUtils.php';
65require_once 'application/History.php'; 65require_once 'application/History.php';
66require_once 'application/HttpUtils.php'; 66require_once 'application/HttpUtils.php';
67require_once 'application/Languages.php';
68require_once 'application/LinkDB.php'; 67require_once 'application/LinkDB.php';
69require_once 'application/LinkFilter.php'; 68require_once 'application/LinkFilter.php';
70require_once 'application/LinkUtils.php'; 69require_once 'application/LinkUtils.php';
@@ -76,6 +75,7 @@ require_once 'application/Utils.php';
76require_once 'application/PluginManager.php'; 75require_once 'application/PluginManager.php';
77require_once 'application/Router.php'; 76require_once 'application/Router.php';
78require_once 'application/Updater.php'; 77require_once 'application/Updater.php';
78use \Shaarli\Languages;
79use \Shaarli\ThemeUtils; 79use \Shaarli\ThemeUtils;
80use \Shaarli\Config\ConfigManager; 80use \Shaarli\Config\ConfigManager;
81 81
@@ -121,8 +121,16 @@ if (isset($_COOKIE['shaarli']) && !is_session_id_valid($_COOKIE['shaarli'])) {
121} 121}
122 122
123$conf = new ConfigManager(); 123$conf = new ConfigManager();
124
125// Sniff browser language and set date format accordingly.
126if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
127 autoLocale($_SERVER['HTTP_ACCEPT_LANGUAGE']);
128}
129
130new Languages(setlocale(LC_MESSAGES, 0), $conf);
131
124$conf->setEmpty('general.timezone', date_default_timezone_get()); 132$conf->setEmpty('general.timezone', date_default_timezone_get());
125$conf->setEmpty('general.title', 'Shared links on '. escape(index_url($_SERVER))); 133$conf->setEmpty('general.title', t('Shared links on '). escape(index_url($_SERVER)));
126RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme').'/'; // template directory 134RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme').'/'; // template directory
127RainTPL::$cache_dir = $conf->get('resource.raintpl_tmp'); // cache directory 135RainTPL::$cache_dir = $conf->get('resource.raintpl_tmp'); // cache directory
128 136
@@ -144,7 +152,7 @@ if (! is_file($conf->getConfigFileExt())) {
144 $errors = ApplicationUtils::checkResourcePermissions($conf); 152 $errors = ApplicationUtils::checkResourcePermissions($conf);
145 153
146 if ($errors != array()) { 154 if ($errors != array()) {
147 $message = '<p>Insufficient permissions:</p><ul>'; 155 $message = '<p>'. t('Insufficient permissions:') .'</p><ul>';
148 156
149 foreach ($errors as $error) { 157 foreach ($errors as $error) {
150 $message .= '<li>'.$error.'</li>'; 158 $message .= '<li>'.$error.'</li>';
@@ -163,11 +171,6 @@ if (! is_file($conf->getConfigFileExt())) {
163// a token depending of deployment salt, user password, and the current ip 171// a token depending of deployment salt, user password, and the current ip
164define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt'))); 172define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt')));
165 173
166// Sniff browser language and set date format accordingly.
167if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
168 autoLocale($_SERVER['HTTP_ACCEPT_LANGUAGE']);
169}
170
171/** 174/**
172 * Checking session state (i.e. is the user still logged in) 175 * Checking session state (i.e. is the user still logged in)
173 * 176 *
@@ -376,7 +379,7 @@ function ban_canLogin($conf)
376// Process login form: Check if login/password is correct. 379// Process login form: Check if login/password is correct.
377if (isset($_POST['login'])) 380if (isset($_POST['login']))
378{ 381{
379 if (!ban_canLogin($conf)) die('I said: NO. You are banned for the moment. Go away.'); 382 if (!ban_canLogin($conf)) die(t('I said: NO. You are banned for the moment. Go away.'));
380 if (isset($_POST['password']) 383 if (isset($_POST['password'])
381 && tokenOk($_POST['token']) 384 && tokenOk($_POST['token'])
382 && (check_auth($_POST['login'], $_POST['password'], $conf)) 385 && (check_auth($_POST['login'], $_POST['password'], $conf))
@@ -440,7 +443,8 @@ if (isset($_POST['login']))
440 } 443 }
441 } 444 }
442 } 445 }
443 echo '<script>alert("Wrong login/password.");document.location=\'?do=login'.$redir.'\';</script>'; // Redirect to login screen. 446 // Redirect to login screen.
447 echo '<script>alert("'. t("Wrong login/password.") .'");document.location=\'?do=login'.$redir.'\';</script>';
444 exit; 448 exit;
445 } 449 }
446} 450}
@@ -1100,16 +1104,19 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1100 if ($targetPage == Router::$PAGE_CHANGEPASSWORD) 1104 if ($targetPage == Router::$PAGE_CHANGEPASSWORD)
1101 { 1105 {
1102 if ($conf->get('security.open_shaarli')) { 1106 if ($conf->get('security.open_shaarli')) {
1103 die('You are not supposed to change a password on an Open Shaarli.'); 1107 die(t('You are not supposed to change a password on an Open Shaarli.'));
1104 } 1108 }
1105 1109
1106 if (!empty($_POST['setpassword']) && !empty($_POST['oldpassword'])) 1110 if (!empty($_POST['setpassword']) && !empty($_POST['oldpassword']))
1107 { 1111 {
1108 if (!tokenOk($_POST['token'])) die('Wrong token.'); // Go away! 1112 if (!tokenOk($_POST['token'])) die(t('Wrong token.')); // Go away!
1109 1113
1110 // Make sure old password is correct. 1114 // Make sure old password is correct.
1111 $oldhash = sha1($_POST['oldpassword'].$conf->get('credentials.login').$conf->get('credentials.salt')); 1115 $oldhash = sha1($_POST['oldpassword'].$conf->get('credentials.login').$conf->get('credentials.salt'));
1112 if ($oldhash!= $conf->get('credentials.hash')) { echo '<script>alert("The old password is not correct.");document.location=\'?do=changepasswd\';</script>'; exit; } 1116 if ($oldhash!= $conf->get('credentials.hash')) {
1117 echo '<script>alert("'. t('The old password is not correct.') .'");document.location=\'?do=changepasswd\';</script>';
1118 exit;
1119 }
1113 // Save new password 1120 // Save new password
1114 // Salt renders rainbow-tables attacks useless. 1121 // Salt renders rainbow-tables attacks useless.
1115 $conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand())); 1122 $conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand()));
@@ -1127,7 +1134,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1127 echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=tools\';</script>'; 1134 echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=tools\';</script>';
1128 exit; 1135 exit;
1129 } 1136 }
1130 echo '<script>alert("Your password has been changed.");document.location=\'?do=tools\';</script>'; 1137 echo '<script>alert("'. t('Your password has been changed') .'");document.location=\'?do=tools\';</script>';
1131 exit; 1138 exit;
1132 } 1139 }
1133 else // show the change password form. 1140 else // show the change password form.
@@ -1143,7 +1150,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1143 if (!empty($_POST['title']) ) 1150 if (!empty($_POST['title']) )
1144 { 1151 {
1145 if (!tokenOk($_POST['token'])) { 1152 if (!tokenOk($_POST['token'])) {
1146 die('Wrong token.'); // Go away! 1153 die(t('Wrong token.')); // Go away!
1147 } 1154 }
1148 $tz = 'UTC'; 1155 $tz = 'UTC';
1149 if (!empty($_POST['continent']) && !empty($_POST['city']) 1156 if (!empty($_POST['continent']) && !empty($_POST['city'])
@@ -1178,7 +1185,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1178 echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=configure\';</script>'; 1185 echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=configure\';</script>';
1179 exit; 1186 exit;
1180 } 1187 }
1181 echo '<script>alert("Configuration was saved.");document.location=\'?do=configure\';</script>'; 1188 echo '<script>alert("'. t('Configuration was saved.') .'");document.location=\'?do=configure\';</script>';
1182 exit; 1189 exit;
1183 } 1190 }
1184 else // Show the configuration form. 1191 else // Show the configuration form.
@@ -1215,7 +1222,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1215 } 1222 }
1216 1223
1217 if (!tokenOk($_POST['token'])) { 1224 if (!tokenOk($_POST['token'])) {
1218 die('Wrong token.'); 1225 die(t('Wrong token.'));
1219 } 1226 }
1220 1227
1221 $alteredLinks = $LINKSDB->renameTag(escape($_POST['fromtag']), escape($_POST['totag'])); 1228 $alteredLinks = $LINKSDB->renameTag(escape($_POST['fromtag']), escape($_POST['totag']));
@@ -1244,7 +1251,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1244 { 1251 {
1245 // Go away! 1252 // Go away!
1246 if (! tokenOk($_POST['token'])) { 1253 if (! tokenOk($_POST['token'])) {
1247 die('Wrong token.'); 1254 die(t('Wrong token.'));
1248 } 1255 }
1249 1256
1250 // lf_id should only be present if the link exists. 1257 // lf_id should only be present if the link exists.
@@ -1344,7 +1351,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1344 if ($targetPage == Router::$PAGE_DELETELINK) 1351 if ($targetPage == Router::$PAGE_DELETELINK)
1345 { 1352 {
1346 if (! tokenOk($_GET['token'])) { 1353 if (! tokenOk($_GET['token'])) {
1347 die('Wrong token.'); 1354 die(t('Wrong token.'));
1348 } 1355 }
1349 1356
1350 $ids = trim($_GET['lf_linkdate']); 1357 $ids = trim($_GET['lf_linkdate']);
@@ -1550,11 +1557,14 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1550 // Import bookmarks from an uploaded file 1557 // Import bookmarks from an uploaded file
1551 if (isset($_FILES['filetoupload']['size']) && $_FILES['filetoupload']['size'] == 0) { 1558 if (isset($_FILES['filetoupload']['size']) && $_FILES['filetoupload']['size'] == 0) {
1552 // The file is too big or some form field may be missing. 1559 // The file is too big or some form field may be missing.
1553 echo '<script>alert("The file you are trying to upload is probably' 1560 $msg = sprintf(
1554 .' bigger than what this webserver can accept (' 1561 t(
1555 .get_max_upload_size(ini_get('post_max_size'), ini_get('upload_max_filesize')).').' 1562 'The file you are trying to upload is probably bigger than what this webserver can accept'
1556 .' Please upload in smaller chunks.");document.location=\'?do=' 1563 .' (%s). Please upload in smaller chunks.'
1557 .Router::$PAGE_IMPORT .'\';</script>'; 1564 ),
1565 get_max_upload_size(ini_get('post_max_size'), ini_get('upload_max_filesize'))
1566 );
1567 echo '<script>alert("'. $msg .'");document.location=\'?do='.Router::$PAGE_IMPORT .'\';</script>';
1558 exit; 1568 exit;
1559 } 1569 }
1560 if (! tokenOk($_POST['token'])) { 1570 if (! tokenOk($_POST['token'])) {
@@ -1962,12 +1972,20 @@ function install($conf)
1962 // (Because on some hosts, session.save_path may not be set correctly, 1972 // (Because on some hosts, session.save_path may not be set correctly,
1963 // or we may not have write access to it.) 1973 // or we may not have write access to it.)
1964 if (isset($_GET['test_session']) && ( !isset($_SESSION) || !isset($_SESSION['session_tested']) || $_SESSION['session_tested']!='Working')) 1974 if (isset($_GET['test_session']) && ( !isset($_SESSION) || !isset($_SESSION['session_tested']) || $_SESSION['session_tested']!='Working'))
1965 { // Step 2: Check if data in session is correct. 1975 {
1966 echo '<pre>Sessions do not seem to work correctly on your server.<br>'; 1976 // Step 2: Check if data in session is correct.
1967 echo 'Make sure the variable session.save_path is set correctly in your php config, and that you have write access to it.<br>'; 1977 $msg = t(
1968 echo 'It currently points to '.session_save_path().'<br>'; 1978 '<pre>Sessions do not seem to work correctly on your server.<br>'.
1969 echo 'Check that the hostname used to access Shaarli contains a dot. On some browsers, accessing your server via a hostname like \'localhost\' or any custom hostname without a dot causes cookie storage to fail. We recommend accessing your server via it\'s IP address or Fully Qualified Domain Name.<br>'; 1979 'Make sure the variable "session.save_path" is set correctly in your PHP config, '.
1970 echo '<br><a href="?">Click to try again.</a></pre>'; 1980 'and that you have write access to it.<br>'.
1981 'It currently points to %s.<br>'.
1982 'On some browsers, accessing your server via a hostname like \'localhost\' '.
1983 'or any custom hostname without a dot causes cookie storage to fail. '.
1984 'We recommend accessing your server via it\'s IP address or Fully Qualified Domain Name.<br>'
1985 );
1986 $msg = sprintf($msg, session_save_path());
1987 echo $msg;
1988 echo '<br><a href="?">'. t('Click to try again.') .'</a></pre>';
1971 die; 1989 die;
1972 } 1990 }
1973 if (!isset($_SESSION['session_tested'])) 1991 if (!isset($_SESSION['session_tested']))