diff options
Diffstat (limited to 'init.php')
-rw-r--r-- | init.php | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/init.php b/init.php new file mode 100644 index 00000000..f0b84368 --- /dev/null +++ b/init.php | |||
@@ -0,0 +1,85 @@ | |||
1 | <?php | ||
2 | |||
3 | require_once __DIR__ . '/vendor/autoload.php'; | ||
4 | |||
5 | use Shaarli\ApplicationUtils; | ||
6 | use Shaarli\Security\SessionManager; | ||
7 | |||
8 | // Set 'UTC' as the default timezone if it is not defined in php.ini | ||
9 | // See http://php.net/manual/en/datetime.configuration.php#ini.date.timezone | ||
10 | if (date_default_timezone_get() == '') { | ||
11 | date_default_timezone_set('UTC'); | ||
12 | } | ||
13 | |||
14 | // High execution time in case of problematic imports/exports. | ||
15 | ini_set('max_input_time', '60'); | ||
16 | |||
17 | // Try to set max upload file size and read | ||
18 | ini_set('memory_limit', '128M'); | ||
19 | ini_set('post_max_size', '16M'); | ||
20 | ini_set('upload_max_filesize', '16M'); | ||
21 | |||
22 | // See all error except warnings | ||
23 | error_reporting(E_ALL^E_WARNING); | ||
24 | |||
25 | // 3rd-party libraries | ||
26 | if (! file_exists(__DIR__ . '/vendor/autoload.php')) { | ||
27 | header('Content-Type: text/plain; charset=utf-8'); | ||
28 | echo "Error: missing Composer configuration\n\n" | ||
29 | ."If you installed Shaarli through Git or using the development branch,\n" | ||
30 | ."please refer to the installation documentation to install PHP" | ||
31 | ." dependencies using Composer:\n" | ||
32 | ."- https://shaarli.readthedocs.io/en/master/Server-configuration/\n" | ||
33 | ."- https://shaarli.readthedocs.io/en/master/Download-and-Installation/"; | ||
34 | exit; | ||
35 | } | ||
36 | |||
37 | // Ensure the PHP version is supported | ||
38 | try { | ||
39 | ApplicationUtils::checkPHPVersion('7.1', PHP_VERSION); | ||
40 | } catch (Exception $exc) { | ||
41 | header('Content-Type: text/plain; charset=utf-8'); | ||
42 | echo $exc->getMessage(); | ||
43 | exit; | ||
44 | } | ||
45 | |||
46 | // Force cookie path (but do not change lifetime) | ||
47 | $cookie = session_get_cookie_params(); | ||
48 | $cookiedir = ''; | ||
49 | if (dirname($_SERVER['SCRIPT_NAME']) != '/') { | ||
50 | $cookiedir = dirname($_SERVER["SCRIPT_NAME"]).'/'; | ||
51 | } | ||
52 | // Set default cookie expiration and path. | ||
53 | session_set_cookie_params($cookie['lifetime'], $cookiedir, $_SERVER['SERVER_NAME']); | ||
54 | // Set session parameters on server side. | ||
55 | // Use cookies to store session. | ||
56 | ini_set('session.use_cookies', 1); | ||
57 | // Force cookies for session (phpsessionID forbidden in URL). | ||
58 | ini_set('session.use_only_cookies', 1); | ||
59 | // Prevent PHP form using sessionID in URL if cookies are disabled. | ||
60 | ini_set('session.use_trans_sid', false); | ||
61 | |||
62 | define('SHAARLI_VERSION', ApplicationUtils::getVersion(__DIR__ .'/'. ApplicationUtils::$VERSION_FILE)); | ||
63 | |||
64 | session_name('shaarli'); | ||
65 | // Start session if needed (Some server auto-start sessions). | ||
66 | if (session_status() == PHP_SESSION_NONE) { | ||
67 | session_start(); | ||
68 | } | ||
69 | |||
70 | // Regenerate session ID if invalid or not defined in cookie. | ||
71 | if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli'])) { | ||
72 | session_regenerate_id(true); | ||
73 | $_COOKIE['shaarli'] = session_id(); | ||
74 | } | ||
75 | |||
76 | // LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead. | ||
77 | if (! defined('LC_MESSAGES')) { | ||
78 | define('LC_MESSAGES', LC_COLLATE); | ||
79 | } | ||
80 | |||
81 | // Prevent caching on client side or proxy: (yes, it's ugly) | ||
82 | header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); | ||
83 | header("Cache-Control: no-store, no-cache, must-revalidate"); | ||
84 | header("Cache-Control: post-check=0, pre-check=0", false); | ||
85 | header("Pragma: no-cache"); | ||