aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'index.php')
-rw-r--r--index.php202
1 files changed, 102 insertions, 100 deletions
diff --git a/index.php b/index.php
index aad65559..9546ee15 100644
--- a/index.php
+++ b/index.php
@@ -107,13 +107,13 @@ if (isset($_COOKIE['shaarli']) && !is_session_id_valid($_COOKIE['shaarli'])) {
107 107
108$conf = ConfigManager::getInstance(); 108$conf = ConfigManager::getInstance();
109 109
110RainTPL::$tpl_dir = $conf->get('config.RAINTPL_TPL'); // template directory 110RainTPL::$tpl_dir = $conf->get('path.raintpl_tpl'); // template directory
111RainTPL::$cache_dir = $conf->get('config.RAINTPL_TMP'); // cache directory 111RainTPL::$cache_dir = $conf->get('path.raintpl_tmp'); // cache directory
112 112
113$pluginManager = PluginManager::getInstance(); 113$pluginManager = PluginManager::getInstance();
114$pluginManager->load($conf->get('config.ENABLED_PLUGINS')); 114$pluginManager->load($conf->get('general.enabled_plugins'));
115 115
116date_default_timezone_set($conf->get('timezone', 'UTC')); 116date_default_timezone_set($conf->get('general.timezone', 'UTC'));
117 117
118ob_start(); // Output buffering for the page cache. 118ob_start(); // Output buffering for the page cache.
119 119
@@ -133,20 +133,20 @@ header("Cache-Control: post-check=0, pre-check=0", false);
133header("Pragma: no-cache"); 133header("Pragma: no-cache");
134 134
135// Handling of old config file which do not have the new parameters. 135// Handling of old config file which do not have the new parameters.
136if (! $conf->exists('title')) { 136if (! $conf->exists('general.title')) {
137 $conf->set('title', 'Shared links on '. escape(index_url($_SERVER))); 137 $conf->set('general.title', 'Shared links on '. escape(index_url($_SERVER)));
138} 138}
139if (! $conf->exists('timezone')) { 139if (! $conf->exists('general.timezone')) {
140 $conf->set('timezone', date_default_timezone_get()); 140 $conf->set('general.timezone', date_default_timezone_get());
141} 141}
142if (! $conf->exists('disablesessionprotection')) { 142if (! $conf->exists('security.session_protection_disabled')) {
143 $conf->set('disablesessionprotection', false); 143 $conf->set('security.session_protection_disabled', false);
144} 144}
145if (! $conf->exists('privateLinkByDefault')) { 145if (! $conf->exists('general.default_private_links')) {
146 $conf->set('privateLinkByDefault', false); 146 $conf->set('general.default_private_links', false);
147} 147}
148if (! $conf->exists('titleLink')) { 148if (! $conf->exists('general.header_link')) {
149 $conf->set('titleLink', '?'); 149 $conf->set('general.header_link', '?');
150} 150}
151 151
152if (! is_file($conf->getConfigFile())) { 152if (! is_file($conf->getConfigFile())) {
@@ -171,12 +171,12 @@ if (! is_file($conf->getConfigFile())) {
171} 171}
172 172
173// FIXME! Update these value with Updater and escpae it during the install/config save. 173// FIXME! Update these value with Updater and escpae it during the install/config save.
174$conf->set('title', escape($conf->get('title'))); 174$conf->set('general.title', escape($conf->get('general.title')));
175$conf->set('titleLink', escape($conf->get('titleLink'))); 175$conf->set('general.header_link', escape($conf->get('general.header_link')));
176$conf->set('redirector', escape($conf->get('redirector'))); 176$conf->set('extras.redirector', escape($conf->get('extras.redirector')));
177 177
178// a token depending of deployment salt, user password, and the current ip 178// a token depending of deployment salt, user password, and the current ip
179define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('salt'))); 179define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt')));
180 180
181// Sniff browser language and set date format accordingly. 181// Sniff browser language and set date format accordingly.
182if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { 182if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
@@ -191,12 +191,12 @@ header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper int
191function setup_login_state() { 191function setup_login_state() {
192 $conf = ConfigManager::getInstance(); 192 $conf = ConfigManager::getInstance();
193 193
194 if ($conf->get('config.OPEN_SHAARLI')) { 194 if ($conf->get('extras.open_shaarli')) {
195 return true; 195 return true;
196 } 196 }
197 $userIsLoggedIn = false; // By default, we do not consider the user as logged in; 197 $userIsLoggedIn = false; // By default, we do not consider the user as logged in;
198 $loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met. 198 $loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met.
199 if (! $conf->exists('login')) { 199 if (! $conf->exists('credentials.login')) {
200 $userIsLoggedIn = false; // Shaarli is not configured yet. 200 $userIsLoggedIn = false; // Shaarli is not configured yet.
201 $loginFailure = true; 201 $loginFailure = true;
202 } 202 }
@@ -209,7 +209,7 @@ function setup_login_state() {
209 } 209 }
210 // If session does not exist on server side, or IP address has changed, or session has expired, logout. 210 // If session does not exist on server side, or IP address has changed, or session has expired, logout.
211 if (empty($_SESSION['uid']) 211 if (empty($_SESSION['uid'])
212 || ($conf->get('disablesessionprotection') == false && $_SESSION['ip'] != allIPs()) 212 || ($conf->get('security.session_protection_disabled') == false && $_SESSION['ip'] != allIPs())
213 || time() >= $_SESSION['expires_on']) 213 || time() >= $_SESSION['expires_on'])
214 { 214 {
215 logout(); 215 logout();
@@ -266,7 +266,7 @@ function fillSessionInfo() {
266 $conf = ConfigManager::getInstance(); 266 $conf = ConfigManager::getInstance();
267 $_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand()); // Generate unique random number (different than phpsessionid) 267 $_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand()); // Generate unique random number (different than phpsessionid)
268 $_SESSION['ip']=allIPs(); // We store IP address(es) of the client to make sure session is not hijacked. 268 $_SESSION['ip']=allIPs(); // We store IP address(es) of the client to make sure session is not hijacked.
269 $_SESSION['username']= $conf->get('login'); 269 $_SESSION['username']= $conf->get('credentials.login');
270 $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Set session expiration. 270 $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Set session expiration.
271} 271}
272 272
@@ -274,14 +274,14 @@ function fillSessionInfo() {
274function check_auth($login,$password) 274function check_auth($login,$password)
275{ 275{
276 $conf = ConfigManager::getInstance(); 276 $conf = ConfigManager::getInstance();
277 $hash = sha1($password . $login . $conf->get('salt')); 277 $hash = sha1($password . $login . $conf->get('credentials.salt'));
278 if ($login == $conf->get('login') && $hash == $conf->get('hash')) 278 if ($login == $conf->get('credentials.login') && $hash == $conf->get('credentials.hash'))
279 { // Login/password is correct. 279 { // Login/password is correct.
280 fillSessionInfo(); 280 fillSessionInfo();
281 logm($conf->get('config.LOG_FILE'), $_SERVER['REMOTE_ADDR'], 'Login successful'); 281 logm($conf->get('path.log'), $_SERVER['REMOTE_ADDR'], 'Login successful');
282 return True; 282 return True;
283 } 283 }
284 logm($conf->get('config.LOG_FILE'), $_SERVER['REMOTE_ADDR'], 'Login failed for user '.$login); 284 logm($conf->get('path.log'), $_SERVER['REMOTE_ADDR'], 'Login failed for user '.$login);
285 return False; 285 return False;
286} 286}
287 287
@@ -307,14 +307,14 @@ function logout() {
307// ------------------------------------------------------------------------------------------ 307// ------------------------------------------------------------------------------------------
308// Brute force protection system 308// Brute force protection system
309// Several consecutive failed logins will ban the IP address for 30 minutes. 309// Several consecutive failed logins will ban the IP address for 30 minutes.
310if (!is_file($conf->get('config.IPBANS_FILENAME', 'data/ipbans.php'))) { 310if (!is_file($conf->get('path.ban_file', 'data/ipbans.php'))) {
311 // FIXME! globals 311 // FIXME! globals
312 file_put_contents( 312 file_put_contents(
313 $conf->get('config.IPBANS_FILENAME', 'data/ipbans.php'), 313 $conf->get('path.ban_file', 'data/ipbans.php'),
314 "<?php\n\$GLOBALS['IPBANS']=".var_export(array('FAILURES'=>array(),'BANS'=>array()),true).";\n?>" 314 "<?php\n\$GLOBALS['IPBANS']=".var_export(array('FAILURES'=>array(),'BANS'=>array()),true).";\n?>"
315 ); 315 );
316} 316}
317include $conf->get('config.IPBANS_FILENAME', 'data/ipbans.php'); 317include $conf->get('path.ban_file', 'data/ipbans.php');
318// Signal a failed login. Will ban the IP if too many failures: 318// Signal a failed login. Will ban the IP if too many failures:
319function ban_loginFailed() 319function ban_loginFailed()
320{ 320{
@@ -323,14 +323,14 @@ function ban_loginFailed()
323 $gb = $GLOBALS['IPBANS']; 323 $gb = $GLOBALS['IPBANS'];
324 if (!isset($gb['FAILURES'][$ip])) $gb['FAILURES'][$ip]=0; 324 if (!isset($gb['FAILURES'][$ip])) $gb['FAILURES'][$ip]=0;
325 $gb['FAILURES'][$ip]++; 325 $gb['FAILURES'][$ip]++;
326 if ($gb['FAILURES'][$ip] > ($conf->get('config.BAN_AFTER') - 1)) 326 if ($gb['FAILURES'][$ip] > ($conf->get('security.ban_after') - 1))
327 { 327 {
328 $gb['BANS'][$ip] = time() + $conf->get('config.BAN_DURATION', 1800); 328 $gb['BANS'][$ip] = time() + $conf->get('security.ban_after', 1800);
329 logm($conf->get('config.LOG_FILE'), $_SERVER['REMOTE_ADDR'], 'IP address banned from login'); 329 logm($conf->get('path.log'), $_SERVER['REMOTE_ADDR'], 'IP address banned from login');
330 } 330 }
331 $GLOBALS['IPBANS'] = $gb; 331 $GLOBALS['IPBANS'] = $gb;
332 file_put_contents( 332 file_put_contents(
333 $conf->get('config.IPBANS_FILENAME', 'data/ipbans.php'), 333 $conf->get('path.ban_file', 'data/ipbans.php'),
334 "<?php\n\$GLOBALS['IPBANS']=".var_export($gb,true).";\n?>" 334 "<?php\n\$GLOBALS['IPBANS']=".var_export($gb,true).";\n?>"
335 ); 335 );
336} 336}
@@ -344,7 +344,7 @@ function ban_loginOk()
344 unset($gb['FAILURES'][$ip]); unset($gb['BANS'][$ip]); 344 unset($gb['FAILURES'][$ip]); unset($gb['BANS'][$ip]);
345 $GLOBALS['IPBANS'] = $gb; 345 $GLOBALS['IPBANS'] = $gb;
346 file_put_contents( 346 file_put_contents(
347 $conf->get('config.IPBANS_FILENAME', 'data/ipbans.php'), 347 $conf->get('path.ban_file', 'data/ipbans.php'),
348 "<?php\n\$GLOBALS['IPBANS']=".var_export($gb,true).";\n?>" 348 "<?php\n\$GLOBALS['IPBANS']=".var_export($gb,true).";\n?>"
349 ); 349 );
350} 350}
@@ -359,10 +359,10 @@ function ban_canLogin()
359 // User is banned. Check if the ban has expired: 359 // User is banned. Check if the ban has expired:
360 if ($gb['BANS'][$ip]<=time()) 360 if ($gb['BANS'][$ip]<=time())
361 { // Ban expired, user can try to login again. 361 { // Ban expired, user can try to login again.
362 logm($conf->get('config.LOG_FILE'), $_SERVER['REMOTE_ADDR'], 'Ban lifted.'); 362 logm($conf->get('path.log'), $_SERVER['REMOTE_ADDR'], 'Ban lifted.');
363 unset($gb['FAILURES'][$ip]); unset($gb['BANS'][$ip]); 363 unset($gb['FAILURES'][$ip]); unset($gb['BANS'][$ip]);
364 file_put_contents( 364 file_put_contents(
365 $conf->get('config.IPBANS_FILENAME', 'data/ipbans.php'), 365 $conf->get('path.ban_file', 'data/ipbans.php'),
366 "<?php\n\$GLOBALS['IPBANS']=".var_export($gb,true).";\n?>" 366 "<?php\n\$GLOBALS['IPBANS']=".var_export($gb,true).";\n?>"
367 ); 367 );
368 return true; // Ban has expired, user can login. 368 return true; // Ban has expired, user can login.
@@ -479,7 +479,7 @@ if (!isset($_SESSION['tokens'])) $_SESSION['tokens']=array(); // Token are atta
479function getToken() 479function getToken()
480{ 480{
481 $conf = ConfigManager::getInstance(); 481 $conf = ConfigManager::getInstance();
482 $rnd = sha1(uniqid('', true) .'_'. mt_rand() . $conf->get('salt')); // We generate a random string. 482 $rnd = sha1(uniqid('', true) .'_'. mt_rand() . $conf->get('credentials.salt')); // We generate a random string.
483 $_SESSION['tokens'][$rnd]=1; // Store it on the server side. 483 $_SESSION['tokens'][$rnd]=1; // Store it on the server side.
484 return $rnd; 484 return $rnd;
485} 485}
@@ -518,11 +518,11 @@ function showDailyRSS() {
518 // If cached was not found (or not usable), then read the database and build the response: 518 // If cached was not found (or not usable), then read the database and build the response:
519 // Read links from database (and filter private links if used it not logged in). 519 // Read links from database (and filter private links if used it not logged in).
520 $LINKSDB = new LinkDB( 520 $LINKSDB = new LinkDB(
521 $conf->get('config.DATASTORE'), 521 $conf->get('path.datastore'),
522 isLoggedIn(), 522 isLoggedIn(),
523 $conf->get('config.HIDE_PUBLIC_LINKS'), 523 $conf->get('extras.hide_public_links'),
524 $conf->get('redirector'), 524 $conf->get('extras.redirector'),
525 $conf->get('config.REDIRECTOR_URLENCODE') 525 $conf->get('extras.redirector_encode_url')
526 ); 526 );
527 527
528 /* Some Shaarlies may have very few links, so we need to look 528 /* Some Shaarlies may have very few links, so we need to look
@@ -556,7 +556,7 @@ function showDailyRSS() {
556 $pageaddr = escape(index_url($_SERVER)); 556 $pageaddr = escape(index_url($_SERVER));
557 echo '<?xml version="1.0" encoding="UTF-8"?><rss version="2.0">'; 557 echo '<?xml version="1.0" encoding="UTF-8"?><rss version="2.0">';
558 echo '<channel>'; 558 echo '<channel>';
559 echo '<title>Daily - '. $conf->get('title') . '</title>'; 559 echo '<title>Daily - '. $conf->get('general.title') . '</title>';
560 echo '<link>'. $pageaddr .'</link>'; 560 echo '<link>'. $pageaddr .'</link>';
561 echo '<description>Daily shared links</description>'; 561 echo '<description>Daily shared links</description>';
562 echo '<language>en-en</language>'; 562 echo '<language>en-en</language>';
@@ -575,7 +575,7 @@ function showDailyRSS() {
575 // We pre-format some fields for proper output. 575 // We pre-format some fields for proper output.
576 foreach ($linkdates as $linkdate) { 576 foreach ($linkdates as $linkdate) {
577 $l = $LINKSDB[$linkdate]; 577 $l = $LINKSDB[$linkdate];
578 $l['formatedDescription'] = format_description($l['description'], $conf->get('redirector')); 578 $l['formatedDescription'] = format_description($l['description'], $conf->get('extras.redirector'));
579 $l['thumbnail'] = thumbnail($l['url']); 579 $l['thumbnail'] = thumbnail($l['url']);
580 $l_date = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $l['linkdate']); 580 $l_date = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $l['linkdate']);
581 $l['timestamp'] = $l_date->getTimestamp(); 581 $l['timestamp'] = $l_date->getTimestamp();
@@ -587,11 +587,12 @@ function showDailyRSS() {
587 587
588 // Then build the HTML for this day: 588 // Then build the HTML for this day:
589 $tpl = new RainTPL; 589 $tpl = new RainTPL;
590 $tpl->assign('title', $conf->get('title')); 590 $tpl->assign('title', $conf->get('general.title'));
591 $tpl->assign('daydate', $dayDate->getTimestamp()); 591 $tpl->assign('daydate', $dayDate->getTimestamp());
592 $tpl->assign('absurl', $absurl); 592 $tpl->assign('absurl', $absurl);
593 $tpl->assign('links', $links); 593 $tpl->assign('links', $links);
594 $tpl->assign('rssdate', escape($dayDate->format(DateTime::RSS))); 594 $tpl->assign('rssdate', escape($dayDate->format(DateTime::RSS)));
595 $tpl->assign('hide_timestamps', $conf->get('extras.hide_timestamps', false));
595 $html = $tpl->draw('dailyrss', $return_string=true); 596 $html = $tpl->draw('dailyrss', $return_string=true);
596 597
597 echo $html . PHP_EOL; 598 echo $html . PHP_EOL;
@@ -640,7 +641,7 @@ function showDaily($pageBuilder, $LINKSDB)
640 $taglist = explode(' ',$link['tags']); 641 $taglist = explode(' ',$link['tags']);
641 uasort($taglist, 'strcasecmp'); 642 uasort($taglist, 'strcasecmp');
642 $linksToDisplay[$key]['taglist']=$taglist; 643 $linksToDisplay[$key]['taglist']=$taglist;
643 $linksToDisplay[$key]['formatedDescription'] = format_description($link['description'], $conf->get('redirector')); 644 $linksToDisplay[$key]['formatedDescription'] = format_description($link['description'], $conf->get('extras.redirector'));
644 $linksToDisplay[$key]['thumbnail'] = thumbnail($link['url']); 645 $linksToDisplay[$key]['thumbnail'] = thumbnail($link['url']);
645 $date = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $link['linkdate']); 646 $date = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $link['linkdate']);
646 $linksToDisplay[$key]['timestamp'] = $date->getTimestamp(); 647 $linksToDisplay[$key]['timestamp'] = $date->getTimestamp();
@@ -700,15 +701,15 @@ function renderPage()
700{ 701{
701 $conf = ConfigManager::getInstance(); 702 $conf = ConfigManager::getInstance();
702 $LINKSDB = new LinkDB( 703 $LINKSDB = new LinkDB(
703 $conf->get('config.DATASTORE'), 704 $conf->get('path.datastore'),
704 isLoggedIn(), 705 isLoggedIn(),
705 $conf->get('config.HIDE_PUBLIC_LINKS'), 706 $conf->get('extras.hide_public_links'),
706 $conf->get('redirector'), 707 $conf->get('extras.redirector'),
707 $conf->get('config.REDIRECTOR_URLENCODE') 708 $conf->get('extras.redirector_encode_url')
708 ); 709 );
709 710
710 $updater = new Updater( 711 $updater = new Updater(
711 read_updates_file($conf->get('config.UPDATES_FILE')), 712 read_updates_file($conf->get('path.updates')),
712 $LINKSDB, 713 $LINKSDB,
713 isLoggedIn() 714 isLoggedIn()
714 ); 715 );
@@ -716,7 +717,7 @@ function renderPage()
716 $newUpdates = $updater->update(); 717 $newUpdates = $updater->update();
717 if (! empty($newUpdates)) { 718 if (! empty($newUpdates)) {
718 write_updates_file( 719 write_updates_file(
719 $conf->get('config.UPDATES_FILE'), 720 $conf->get('path.updates'),
720 $updater->getDoneUpdates() 721 $updater->getDoneUpdates()
721 ); 722 );
722 } 723 }
@@ -755,7 +756,7 @@ function renderPage()
755 // -------- Display login form. 756 // -------- Display login form.
756 if ($targetPage == Router::$PAGE_LOGIN) 757 if ($targetPage == Router::$PAGE_LOGIN)
757 { 758 {
758 if ($conf->get('config.OPEN_SHAARLI')) { header('Location: ?'); exit; } // No need to login for open Shaarli 759 if ($conf->get('extras.open_shaarli')) { header('Location: ?'); exit; } // No need to login for open Shaarli
759 $token=''; if (ban_canLogin()) $token=getToken(); // Do not waste token generation if not useful. 760 $token=''; if (ban_canLogin()) $token=getToken(); // Do not waste token generation if not useful.
760 $PAGE->assign('token',$token); 761 $PAGE->assign('token',$token);
761 if (isset($_GET['username'])) { 762 if (isset($_GET['username'])) {
@@ -768,7 +769,7 @@ function renderPage()
768 // -------- User wants to logout. 769 // -------- User wants to logout.
769 if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=logout')) 770 if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=logout'))
770 { 771 {
771 invalidateCaches($conf->get('config.PAGECACHE')); 772 invalidateCaches($conf->get('path.page_cache'));
772 logout(); 773 logout();
773 header('Location: ?'); 774 header('Location: ?');
774 exit; 775 exit;
@@ -868,7 +869,7 @@ function renderPage()
868 // Cache system 869 // Cache system
869 $query = $_SERVER['QUERY_STRING']; 870 $query = $_SERVER['QUERY_STRING'];
870 $cache = new CachedPage( 871 $cache = new CachedPage(
871 $conf->get('config.PAGECACHE'), 872 $conf->get('path.page_cache'),
872 page_url($_SERVER), 873 page_url($_SERVER),
873 startsWith($query,'do='. $targetPage) && !isLoggedIn() 874 startsWith($query,'do='. $targetPage) && !isLoggedIn()
874 ); 875 );
@@ -881,8 +882,8 @@ function renderPage()
881 // Generate data. 882 // Generate data.
882 $feedGenerator = new FeedBuilder($LINKSDB, $feedType, $_SERVER, $_GET, isLoggedIn()); 883 $feedGenerator = new FeedBuilder($LINKSDB, $feedType, $_SERVER, $_GET, isLoggedIn());
883 $feedGenerator->setLocale(strtolower(setlocale(LC_COLLATE, 0))); 884 $feedGenerator->setLocale(strtolower(setlocale(LC_COLLATE, 0)));
884 $feedGenerator->setHideDates($conf->get('config.HIDE_TIMESTAMPS') && !isLoggedIn()); 885 $feedGenerator->setHideDates($conf->get('extras.hide_timestamps') && !isLoggedIn());
885 $feedGenerator->setUsePermalinks(isset($_GET['permalinks']) || !$conf->get('config.ENABLE_RSS_PERMALINKS')); 886 $feedGenerator->setUsePermalinks(isset($_GET['permalinks']) || !$conf->get('general.rss_permalinks'));
886 $pshUrl = $conf->get('config.PUBSUBHUB_URL'); 887 $pshUrl = $conf->get('config.PUBSUBHUB_URL');
887 if (!empty($pshUrl)) { 888 if (!empty($pshUrl)) {
888 $feedGenerator->setPubsubhubUrl($pshUrl); 889 $feedGenerator->setPubsubhubUrl($pshUrl);
@@ -1046,7 +1047,7 @@ function renderPage()
1046 // -------- User wants to change his/her password. 1047 // -------- User wants to change his/her password.
1047 if ($targetPage == Router::$PAGE_CHANGEPASSWORD) 1048 if ($targetPage == Router::$PAGE_CHANGEPASSWORD)
1048 { 1049 {
1049 if ($conf->get('config.OPEN_SHAARLI')) { 1050 if ($conf->get('extras.open_shaarli')) {
1050 die('You are not supposed to change a password on an Open Shaarli.'); 1051 die('You are not supposed to change a password on an Open Shaarli.');
1051 } 1052 }
1052 1053
@@ -1055,12 +1056,12 @@ function renderPage()
1055 if (!tokenOk($_POST['token'])) die('Wrong token.'); // Go away! 1056 if (!tokenOk($_POST['token'])) die('Wrong token.'); // Go away!
1056 1057
1057 // Make sure old password is correct. 1058 // Make sure old password is correct.
1058 $oldhash = sha1($_POST['oldpassword'].$conf->get('login').$conf->get('salt')); 1059 $oldhash = sha1($_POST['oldpassword'].$conf->get('credentials.login').$conf->get('credentials.salt'));
1059 if ($oldhash!= $conf->get('hash')) { echo '<script>alert("The old password is not correct.");document.location=\'?do=changepasswd\';</script>'; exit; } 1060 if ($oldhash!= $conf->get('credentials.hash')) { echo '<script>alert("The old password is not correct.");document.location=\'?do=changepasswd\';</script>'; exit; }
1060 // Save new password 1061 // Save new password
1061 // Salt renders rainbow-tables attacks useless. 1062 // Salt renders rainbow-tables attacks useless.
1062 $conf->set('salt', sha1(uniqid('', true) .'_'. mt_rand())); 1063 $conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand()));
1063 $conf->set('hash', sha1($_POST['setpassword'] . $conf->get('login') . $conf->get('salt'))); 1064 $conf->set('credentials.hash', sha1($_POST['setpassword'] . $conf->get('credentials.login') . $conf->get('credentials.salt')));
1064 try { 1065 try {
1065 $conf->write(isLoggedIn()); 1066 $conf->write(isLoggedIn());
1066 } 1067 }
@@ -1099,15 +1100,15 @@ function renderPage()
1099 ) { 1100 ) {
1100 $tz = $_POST['continent'] . '/' . $_POST['city']; 1101 $tz = $_POST['continent'] . '/' . $_POST['city'];
1101 } 1102 }
1102 $conf->set('timezone', $tz); 1103 $conf->set('general.timezone', $tz);
1103 $conf->set('title', $_POST['title']); 1104 $conf->set('general.title', $_POST['title']);
1104 $conf->set('titleLink', $_POST['titleLink']); 1105 $conf->set('general.header_link', $_POST['titleLink']);
1105 $conf->set('redirector', $_POST['redirector']); 1106 $conf->set('extras.redirector', $_POST['redirector']);
1106 $conf->set('disablesessionprotection', !empty($_POST['disablesessionprotection'])); 1107 $conf->set('security.session_protection_disabled', !empty($_POST['disablesessionprotection']));
1107 $conf->set('privateLinkByDefault', !empty($_POST['privateLinkByDefault'])); 1108 $conf->set('general.default_private_links', !empty($_POST['privateLinkByDefault']));
1108 $conf->set('config.ENABLE_RSS_PERMALINKS', !empty($_POST['enableRssPermalinks'])); 1109 $conf->set('general.rss_permalinks', !empty($_POST['enableRssPermalinks']));
1109 $conf->set('config.ENABLE_UPDATECHECK', !empty($_POST['updateCheck'])); 1110 $conf->set('general.check_updates', !empty($_POST['updateCheck']));
1110 $conf->set('config.HIDE_PUBLIC_LINKS', !empty($_POST['hidePublicLinks'])); 1111 $conf->set('extras.hide_public_links', !empty($_POST['hidePublicLinks']));
1111 try { 1112 try {
1112 $conf->write(isLoggedIn()); 1113 $conf->write(isLoggedIn());
1113 } 1114 }
@@ -1127,15 +1128,15 @@ function renderPage()
1127 else // Show the configuration form. 1128 else // Show the configuration form.
1128 { 1129 {
1129 $PAGE->assign('token',getToken()); 1130 $PAGE->assign('token',getToken());
1130 $PAGE->assign('title', $conf->get('title')); 1131 $PAGE->assign('title', $conf->get('general.title'));
1131 $PAGE->assign('redirector', $conf->get('redirector')); 1132 $PAGE->assign('redirector', $conf->get('extras.redirector'));
1132 list($timezone_form, $timezone_js) = generateTimeZoneForm($conf->get('timezone')); 1133 list($timezone_form, $timezone_js) = generateTimeZoneForm($conf->get('general.timezone'));
1133 $PAGE->assign('timezone_form', $timezone_form); 1134 $PAGE->assign('timezone_form', $timezone_form);
1134 $PAGE->assign('timezone_js',$timezone_js); 1135 $PAGE->assign('timezone_js',$timezone_js);
1135 $PAGE->assign('private_links_default', $conf->get('privateLinkByDefault')); 1136 $PAGE->assign('private_links_default', $conf->get('general.default_private_links', false));
1136 $PAGE->assign('enable_rss_permalinks', $conf->get('config.ENABLE_RSS_PERMALINKS')); 1137 $PAGE->assign('enable_rss_permalinks', $conf->get('general.rss_permalinks', false));
1137 $PAGE->assign('enable_update_check', $conf->get('config.ENABLE_UPDATECHECK')); 1138 $PAGE->assign('enable_update_check', $conf->get('general.check_updates', true));
1138 $PAGE->assign('hide_public_links', $conf->get('config.HIDE_PUBLIC_LINKS')); 1139 $PAGE->assign('hide_public_links', $conf->get('extras.hide_public_links', false));
1139 $PAGE->renderPage('configure'); 1140 $PAGE->renderPage('configure');
1140 exit; 1141 exit;
1141 } 1142 }
@@ -1167,7 +1168,7 @@ function renderPage()
1167 $value['tags']=trim(implode(' ',$tags)); 1168 $value['tags']=trim(implode(' ',$tags));
1168 $LINKSDB[$key]=$value; 1169 $LINKSDB[$key]=$value;
1169 } 1170 }
1170 $LINKSDB->savedb($conf->get('config.PAGECACHE')); 1171 $LINKSDB->savedb($conf->get('path.page_cache'));
1171 echo '<script>alert("Tag was removed from '.count($linksToAlter).' links.");document.location=\'?\';</script>'; 1172 echo '<script>alert("Tag was removed from '.count($linksToAlter).' links.");document.location=\'?\';</script>';
1172 exit; 1173 exit;
1173 } 1174 }
@@ -1184,7 +1185,7 @@ function renderPage()
1184 $value['tags']=trim(implode(' ',$tags)); 1185 $value['tags']=trim(implode(' ',$tags));
1185 $LINKSDB[$key]=$value; 1186 $LINKSDB[$key]=$value;
1186 } 1187 }
1187 $LINKSDB->savedb($conf->get('config.PAGECACHE')); // Save to disk. 1188 $LINKSDB->savedb($conf->get('path.page_cache')); // Save to disk.
1188 echo '<script>alert("Tag was renamed in '.count($linksToAlter).' links.");document.location=\'?searchtags='.urlencode($_POST['totag']).'\';</script>'; 1189 echo '<script>alert("Tag was renamed in '.count($linksToAlter).' links.");document.location=\'?searchtags='.urlencode($_POST['totag']).'\';</script>';
1189 exit; 1190 exit;
1190 } 1191 }
@@ -1235,7 +1236,7 @@ function renderPage()
1235 $pluginManager->executeHooks('save_link', $link); 1236 $pluginManager->executeHooks('save_link', $link);
1236 1237
1237 $LINKSDB[$linkdate] = $link; 1238 $LINKSDB[$linkdate] = $link;
1238 $LINKSDB->savedb($conf->get('config.PAGECACHE')); 1239 $LINKSDB->savedb($conf->get('path.page_cache'));
1239 pubsubhub(); 1240 pubsubhub();
1240 1241
1241 // If we are called from the bookmarklet, we must close the popup: 1242 // If we are called from the bookmarklet, we must close the popup:
@@ -1277,7 +1278,7 @@ function renderPage()
1277 $pluginManager->executeHooks('delete_link', $LINKSDB[$linkdate]); 1278 $pluginManager->executeHooks('delete_link', $LINKSDB[$linkdate]);
1278 1279
1279 unset($LINKSDB[$linkdate]); 1280 unset($LINKSDB[$linkdate]);
1280 $LINKSDB->savedb('config.PAGECACHE'); // save to disk 1281 $LINKSDB->savedb('path.page_cache'); // save to disk
1281 1282
1282 // If we are called from the bookmarklet, we must close the popup: 1283 // If we are called from the bookmarklet, we must close the popup:
1283 if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo '<script>self.close();</script>'; exit; } 1284 if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo '<script>self.close();</script>'; exit; }
@@ -1391,6 +1392,7 @@ function renderPage()
1391 'http_referer' => (isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']) : ''), 1392 'http_referer' => (isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']) : ''),
1392 'source' => (isset($_GET['source']) ? $_GET['source'] : ''), 1393 'source' => (isset($_GET['source']) ? $_GET['source'] : ''),
1393 'tags' => $LINKSDB->allTags(), 1394 'tags' => $LINKSDB->allTags(),
1395 'default_private_links' => $conf->get('default_private_links', false),
1394 ); 1396 );
1395 $pluginManager->executeHooks('render_editlink', $data); 1397 $pluginManager->executeHooks('render_editlink', $data);
1396 1398
@@ -1500,7 +1502,7 @@ function renderPage()
1500 } 1502 }
1501 } 1503 }
1502 else { 1504 else {
1503 $conf->set('config.ENABLED_PLUGINS', save_plugin_config($_POST)); 1505 $conf->set('general.enabled_plugins', save_plugin_config($_POST));
1504 } 1506 }
1505 $conf->write(isLoggedIn()); 1507 $conf->write(isLoggedIn());
1506 } 1508 }
@@ -1599,7 +1601,7 @@ function importFile($LINKSDB)
1599 } 1601 }
1600 } 1602 }
1601 } 1603 }
1602 $LINKSDB->savedb($conf->get('config.PAGECACHE')); 1604 $LINKSDB->savedb($conf->get('path.page_cache'));
1603 1605
1604 echo '<script>alert("File '.json_encode($filename).' ('.$filesize.' bytes) was successfully processed: '.$import_count.' links imported.");document.location=\'?\';</script>'; 1606 echo '<script>alert("File '.json_encode($filename).' ('.$filesize.' bytes) was successfully processed: '.$import_count.' links imported.");document.location=\'?\';</script>';
1605 } 1607 }
@@ -1646,7 +1648,7 @@ function buildLinkList($PAGE,$LINKSDB)
1646 1648
1647 // If there is only a single link, we change on-the-fly the title of the page. 1649 // If there is only a single link, we change on-the-fly the title of the page.
1648 if (count($linksToDisplay) == 1) { 1650 if (count($linksToDisplay) == 1) {
1649 $conf->set('pagetitle', $linksToDisplay[$keys[0]]['title'] .' - '. $conf->get('title')); 1651 $conf->set('pagetitle', $linksToDisplay[$keys[0]]['title'] .' - '. $conf->get('general.title'));
1650 } 1652 }
1651 1653
1652 // Select articles according to paging. 1654 // Select articles according to paging.
@@ -1662,7 +1664,7 @@ function buildLinkList($PAGE,$LINKSDB)
1662 while ($i<$end && $i<count($keys)) 1664 while ($i<$end && $i<count($keys))
1663 { 1665 {
1664 $link = $linksToDisplay[$keys[$i]]; 1666 $link = $linksToDisplay[$keys[$i]];
1665 $link['description'] = format_description($link['description'], $conf->get('redirector')); 1667 $link['description'] = format_description($link['description'], $conf->get('extras.redirector'));
1666 $classLi = ($i % 2) != 0 ? '' : 'publicLinkHightLight'; 1668 $classLi = ($i % 2) != 0 ? '' : 'publicLinkHightLight';
1667 $link['class'] = $link['private'] == 0 ? $classLi : 'private'; 1669 $link['class'] = $link['private'] == 0 ? $classLi : 'private';
1668 $date = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $link['linkdate']); 1670 $date = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $link['linkdate']);
@@ -1704,7 +1706,7 @@ function buildLinkList($PAGE,$LINKSDB)
1704 'result_count' => count($linksToDisplay), 1706 'result_count' => count($linksToDisplay),
1705 'search_term' => $searchterm, 1707 'search_term' => $searchterm,
1706 'search_tags' => $searchtags, 1708 'search_tags' => $searchtags,
1707 'redirector' => $conf->get('redirector'), // Optional redirector URL. 1709 'redirector' => $conf->get('extras.redirector'), // Optional redirector URL.
1708 'token' => $token, 1710 'token' => $token,
1709 'links' => $linkDisp, 1711 'links' => $linkDisp,
1710 'tags' => $LINKSDB->allTags(), 1712 'tags' => $LINKSDB->allTags(),
@@ -1736,7 +1738,7 @@ function buildLinkList($PAGE,$LINKSDB)
1736function computeThumbnail($url,$href=false) 1738function computeThumbnail($url,$href=false)
1737{ 1739{
1738 $conf = ConfigManager::getInstance(); 1740 $conf = ConfigManager::getInstance();
1739 if (!$conf->get('config.ENABLE_THUMBNAILS')) return array(); 1741 if (!$conf->get('general.enable_thumbnails')) return array();
1740 if ($href==false) $href=$url; 1742 if ($href==false) $href=$url;
1741 1743
1742 // For most hosts, the URL of the thumbnail can be easily deduced from the URL of the link. 1744 // For most hosts, the URL of the thumbnail can be easily deduced from the URL of the link.
@@ -1804,7 +1806,7 @@ function computeThumbnail($url,$href=false)
1804 // So we deport the thumbnail generation in order not to slow down page generation 1806 // So we deport the thumbnail generation in order not to slow down page generation
1805 // (and we also cache the thumbnail) 1807 // (and we also cache the thumbnail)
1806 1808
1807 if (! $conf->get('config.ENABLE_LOCALCACHE')) return array(); // If local cache is disabled, no thumbnails for services which require the use a local cache. 1809 if (! $conf->get('general.enable_localcache')) return array(); // If local cache is disabled, no thumbnails for services which require the use a local cache.
1808 1810
1809 if ($domain=='flickr.com' || endsWith($domain,'.flickr.com') 1811 if ($domain=='flickr.com' || endsWith($domain,'.flickr.com')
1810 || $domain=='vimeo.com' 1812 || $domain=='vimeo.com'
@@ -1827,7 +1829,7 @@ function computeThumbnail($url,$href=false)
1827 $path = parse_url($url,PHP_URL_PATH); 1829 $path = parse_url($url,PHP_URL_PATH);
1828 if ("/talks/" !== substr($path,0,7)) return array(); // This is not a single video URL. 1830 if ("/talks/" !== substr($path,0,7)) return array(); // This is not a single video URL.
1829 } 1831 }
1830 $sign = hash_hmac('sha256', $url, $conf->get('salt')); // We use the salt to sign data (it's random, secret, and specific to each installation) 1832 $sign = hash_hmac('sha256', $url, $conf->get('credentials.salt')); // We use the salt to sign data (it's random, secret, and specific to each installation)
1831 return array('src'=>index_url($_SERVER).'?do=genthumbnail&hmac='.$sign.'&url='.urlencode($url), 1833 return array('src'=>index_url($_SERVER).'?do=genthumbnail&hmac='.$sign.'&url='.urlencode($url),
1832 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail'); 1834 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail');
1833 } 1835 }
@@ -1838,7 +1840,7 @@ function computeThumbnail($url,$href=false)
1838 $ext=strtolower(pathinfo($url,PATHINFO_EXTENSION)); 1840 $ext=strtolower(pathinfo($url,PATHINFO_EXTENSION));
1839 if ($ext=='jpg' || $ext=='jpeg' || $ext=='png' || $ext=='gif') 1841 if ($ext=='jpg' || $ext=='jpeg' || $ext=='png' || $ext=='gif')
1840 { 1842 {
1841 $sign = hash_hmac('sha256', $url, $conf->get('salt')); // We use the salt to sign data (it's random, secret, and specific to each installation) 1843 $sign = hash_hmac('sha256', $url, $conf->get('credentials.salt')); // We use the salt to sign data (it's random, secret, and specific to each installation)
1842 return array('src'=>index_url($_SERVER).'?do=genthumbnail&hmac='.$sign.'&url='.urlencode($url), 1844 return array('src'=>index_url($_SERVER).'?do=genthumbnail&hmac='.$sign.'&url='.urlencode($url),
1843 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail'); 1845 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail');
1844 } 1846 }
@@ -1942,18 +1944,18 @@ function install()
1942 ) { 1944 ) {
1943 $tz = $_POST['continent'].'/'.$_POST['city']; 1945 $tz = $_POST['continent'].'/'.$_POST['city'];
1944 } 1946 }
1945 $conf->set('timezone', $tz); 1947 $conf->set('general.timezone', $tz);
1946 $login = $_POST['setlogin']; 1948 $login = $_POST['setlogin'];
1947 $conf->set('login', $login); 1949 $conf->set('credentials.login', $login);
1948 $salt = sha1(uniqid('', true) .'_'. mt_rand()); 1950 $salt = sha1(uniqid('', true) .'_'. mt_rand());
1949 $conf->set('salt', $salt); 1951 $conf->set('credentials.salt', $salt);
1950 $conf->set('hash', sha1($_POST['setpassword'] . $login . $salt)); 1952 $conf->set('credentials.hash', sha1($_POST['setpassword'] . $login . $salt));
1951 if (!empty($_POST['title'])) { 1953 if (!empty($_POST['title'])) {
1952 $conf->set('title', $_POST['title']); 1954 $conf->set('general.title', $_POST['title']);
1953 } else { 1955 } else {
1954 $conf->set('title', 'Shared links on '.escape(index_url($_SERVER))); 1956 $conf->set('general.title', 'Shared links on '.escape(index_url($_SERVER)));
1955 } 1957 }
1956 $conf->set('config.ENABLE_UPDATECHECK', !empty($_POST['updateCheck'])); 1958 $conf->set('general.check_updates', !empty($_POST['updateCheck']));
1957 try { 1959 try {
1958 // Everything is ok, let's create config file. 1960 // Everything is ok, let's create config file.
1959 $conf->write(isLoggedIn()); 1961 $conf->write(isLoggedIn());
@@ -1999,10 +2001,10 @@ function genThumbnail()
1999{ 2001{
2000 $conf = ConfigManager::getInstance(); 2002 $conf = ConfigManager::getInstance();
2001 // Make sure the parameters in the URL were generated by us. 2003 // Make sure the parameters in the URL were generated by us.
2002 $sign = hash_hmac('sha256', $_GET['url'], $conf->get('salt')); 2004 $sign = hash_hmac('sha256', $_GET['url'], $conf->get('credentials.salt'));
2003 if ($sign!=$_GET['hmac']) die('Naughty boy!'); 2005 if ($sign!=$_GET['hmac']) die('Naughty boy!');
2004 2006
2005 $cacheDir = $conf->get('config.CACHEDIR', 'cache'); 2007 $cacheDir = $conf->get('path.thumbnails_cache', 'cache');
2006 // Let's see if we don't already have the image for this URL in the cache. 2008 // Let's see if we don't already have the image for this URL in the cache.
2007 $thumbname=hash('sha1',$_GET['url']).'.jpg'; 2009 $thumbname=hash('sha1',$_GET['url']).'.jpg';
2008 if (is_file($cacheDir .'/'. $thumbname)) 2010 if (is_file($cacheDir .'/'. $thumbname))
@@ -2212,7 +2214,7 @@ function resizeImage($filepath)
2212if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=genthumbnail')) { genThumbnail(); exit; } // Thumbnail generation/cache does not need the link database. 2214if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=genthumbnail')) { genThumbnail(); exit; } // Thumbnail generation/cache does not need the link database.
2213if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=dailyrss')) { showDailyRSS(); exit; } 2215if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=dailyrss')) { showDailyRSS(); exit; }
2214if (!isset($_SESSION['LINKS_PER_PAGE'])) { 2216if (!isset($_SESSION['LINKS_PER_PAGE'])) {
2215 $_SESSION['LINKS_PER_PAGE'] = $conf->get('config.LINKS_PER_PAGE', 20); 2217 $_SESSION['LINKS_PER_PAGE'] = $conf->get('general.links_per_page', 20);
2216} 2218}
2217renderPage(); 2219renderPage();
2218?> 2220?>