aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'index.php')
-rw-r--r--index.php84
1 files changed, 1 insertions, 83 deletions
diff --git a/index.php b/index.php
index 4627438e..1a121f37 100644
--- a/index.php
+++ b/index.php
@@ -160,89 +160,6 @@ header("Pragma: no-cache");
160$loginManager->checkLoginState($clientIpId); 160$loginManager->checkLoginState($clientIpId);
161 161
162// ------------------------------------------------------------------------------------------ 162// ------------------------------------------------------------------------------------------
163// Process login form: Check if login/password is correct.
164if (isset($_POST['login'])) {
165 if (! $loginManager->canLogin($_SERVER)) {
166 die(t('I said: NO. You are banned for the moment. Go away.'));
167 }
168 if (isset($_POST['password'])
169 && $sessionManager->checkToken($_POST['token'])
170 && $loginManager->checkCredentials($_SERVER['REMOTE_ADDR'], $clientIpId, $_POST['login'], $_POST['password'])
171 ) {
172 $loginManager->handleSuccessfulLogin($_SERVER);
173
174 $cookiedir = '';
175 if (dirname($_SERVER['SCRIPT_NAME']) != '/') {
176 // Note: Never forget the trailing slash on the cookie path!
177 $cookiedir = dirname($_SERVER["SCRIPT_NAME"]) . '/';
178 }
179
180 if (!empty($_POST['longlastingsession'])) {
181 // Keep the session cookie even after the browser closes
182 $sessionManager->setStaySignedIn(true);
183 $expirationTime = $sessionManager->extendSession();
184
185 setcookie(
186 CookieManager::STAY_SIGNED_IN,
187 $loginManager->getStaySignedInToken(),
188 $expirationTime,
189 WEB_PATH
190 );
191 } else {
192 // Standard session expiration (=when browser closes)
193 $expirationTime = 0;
194 }
195
196 // Send cookie with the new expiration date to the browser
197 session_destroy();
198 session_set_cookie_params($expirationTime, $cookiedir, $_SERVER['SERVER_NAME']);
199 session_start();
200 session_regenerate_id(true);
201
202 // Optional redirect after login:
203 if (isset($_GET['post'])) {
204 $uri = './?post='. urlencode($_GET['post']);
205 foreach (array('description', 'source', 'title', 'tags') as $param) {
206 if (!empty($_GET[$param])) {
207 $uri .= '&'.$param.'='.urlencode($_GET[$param]);
208 }
209 }
210 header('Location: '. $uri);
211 exit;
212 }
213
214 if (isset($_GET['edit_link'])) {
215 header('Location: ./?edit_link='. escape($_GET['edit_link']));
216 exit;
217 }
218
219 if (isset($_POST['returnurl'])) {
220 // Prevent loops over login screen.
221 if (strpos($_POST['returnurl'], '/login') === false) {
222 header('Location: '. generateLocation($_POST['returnurl'], $_SERVER['HTTP_HOST']));
223 exit;
224 }
225 }
226 header('Location: ./?');
227 exit;
228 } else {
229 $loginManager->handleFailedLogin($_SERVER);
230 $redir = '?username='. urlencode($_POST['login']);
231 if (isset($_GET['post'])) {
232 $redir .= '&post=' . urlencode($_GET['post']);
233 foreach (array('description', 'source', 'title', 'tags') as $param) {
234 if (!empty($_GET[$param])) {
235 $redir .= '&' . $param . '=' . urlencode($_GET[$param]);
236 }
237 }
238 }
239 // Redirect to login screen.
240 echo '<script>alert("'. t("Wrong login/password.") .'");document.location=\'./login'.$redir.'\';</script>';
241 exit;
242 }
243}
244
245// ------------------------------------------------------------------------------------------
246// Token management for XSRF protection 163// Token management for XSRF protection
247// Token should be used in any form which acts on data (create,update,delete,import...). 164// Token should be used in any form which acts on data (create,update,delete,import...).
248if (!isset($_SESSION['tokens'])) { 165if (!isset($_SESSION['tokens'])) {
@@ -283,6 +200,7 @@ $app->group('', function () {
283 $this->get('/', '\Shaarli\Front\Controller\Visitor\BookmarkListController:index'); 200 $this->get('/', '\Shaarli\Front\Controller\Visitor\BookmarkListController:index');
284 $this->get('/shaare/{hash}', '\Shaarli\Front\Controller\Visitor\BookmarkListController:permalink'); 201 $this->get('/shaare/{hash}', '\Shaarli\Front\Controller\Visitor\BookmarkListController:permalink');
285 $this->get('/login', '\Shaarli\Front\Controller\Visitor\LoginController:index')->setName('login'); 202 $this->get('/login', '\Shaarli\Front\Controller\Visitor\LoginController:index')->setName('login');
203 $this->post('/login', '\Shaarli\Front\Controller\Visitor\LoginController:login')->setName('processLogin');
286 $this->get('/picture-wall', '\Shaarli\Front\Controller\Visitor\PictureWallController:index'); 204 $this->get('/picture-wall', '\Shaarli\Front\Controller\Visitor\PictureWallController:index');
287 $this->get('/tags/cloud', '\Shaarli\Front\Controller\Visitor\TagCloudController:cloud'); 205 $this->get('/tags/cloud', '\Shaarli\Front\Controller\Visitor\TagCloudController:cloud');
288 $this->get('/tags/list', '\Shaarli\Front\Controller\Visitor\TagCloudController:list'); 206 $this->get('/tags/list', '\Shaarli\Front\Controller\Visitor\TagCloudController:list');