7 files changed, 382 insertions, 15 deletions
diff --git a/check_setup.php b/check_setup.php
new file mode 100644
index 00000000..96dd0f7d
--- /dev/null
+++ b/check_setup.php
@@ -0,0 +1,40 @@
+<?php
+// PHP 5.3 minimum
+if (version_compare(PHP_VERSION, '5.3.3', '<')) {
+    die('This software require PHP 5.3.3 minimum');
+}
+// Short tags must be enabled for PHP < 5.4
+if (version_compare(PHP_VERSION, '5.4.0', '<')) {
+    if (! ini_get('short_open_tag')) {
+        die('This software require to have short tags enabled, check your php.ini => "short_open_tag = On"');
+    }
+}
+// Check PDO Sqlite
+if (! extension_loaded('pdo_sqlite')) {
+    die('PHP extension required: pdo_sqlite');
+}
+// Check ZIP
+if (! extension_loaded('zip')) {
+    die('PHP extension required: zip');
+}
+// Check if /cache is writeable
+if (! is_writable('cache')) {
+    die('The directory "cache" must be writeable by your web server user');
+}
+// Check if /db is writeable
+if (! is_writable('db')) {
+    die('The directory "db" must be writeable by your web server user');
+}
+// install folder still present, need to install wallabag
+if (is_dir('install')) {
+    require('install/index.php');
+    exit;
+}
+\ No newline at end of file
diff --git a/inc/poche/Database.class.php b/inc/poche/Database.class.php
index 58583bf5..3332b5a3 100644
--- a/inc/poche/Database.class.php
+++ b/inc/poche/Database.class.php
@@ -344,30 +344,36 @@ class Database {
        return $this->getHandle()->lastInsertId($column);
    }
-    public function retrieveAllTags() {
+    public function retrieveAllTags($user_id) {
-        $sql = "SELECT * FROM tags";
+        $sql = "SELECT tags.* FROM tags
-        $query = $this->executeQuery($sql, array());
+          LEFT JOIN tags_entries ON tags_entries.tag_id=tags.id
+          LEFT JOIN entries ON tags_entries.entry_id=entries.id
+          WHERE entries.user_id=?";
+        $query = $this->executeQuery($sql, array($user_id));
        $tags = $query->fetchAll();
        return $tags;
    }
-    public function retrieveTag($id) {
+    public function retrieveTag($id, $user_id) {
        $tag  = NULL;
-        $sql    = "SELECT * FROM tags WHERE id=?";
+        $sql    = "SELECT tags.* FROM tags
-        $params = array(intval($id));
+          LEFT JOIN tags_entries ON tags_entries.tag_id=tags.id
+          LEFT JOIN entries ON tags_entries.entry_id=entries.id
+          WHERE tags.id=? AND entries.user_id=?";
+        $params = array(intval($id), $user_id);
        $query  = $this->executeQuery($sql, $params);
        $tag  = $query->fetchAll();
        return isset($tag[0]) ? $tag[0] : null;
    }
-    public function retrieveEntriesByTag($tag_id) {
+    public function retrieveEntriesByTag($tag_id, $user_id) {
        $sql = 
            "SELECT entries.* FROM entries
            LEFT JOIN tags_entries ON tags_entries.entry_id=entries.id
-            WHERE tags_entries.tag_id = ?";
+            WHERE tags_entries.tag_id = ? AND entries.user_id=?";
-        $query = $this->executeQuery($sql, array($tag_id));
+        $query = $this->executeQuery($sql, array($tag_id, $user_id));
        $entries = $query->fetchAll();
        return $entries;
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php
index 76169297..753bd7f0 100644
--- a/inc/poche/Poche.class.php
+++ b/inc/poche/Poche.class.php
@@ -463,6 +463,12 @@ class Poche
            case 'add_tag' :
                $tags = explode(',', $_POST['value']);
                $entry_id = $_POST['entry_id'];
+                $entry = $this->store->retrieveOneById($entry_id, $this->user->getId());
+                if (!$entry) {
+                    $this->messages->add('e', _('Article not found!'));
+                    Tools::logm('error : article not found');
+                    Tools::redirect();
+                }
                foreach($tags as $key => $tag_value) {
                    $value = trim($tag_value);
                    $tag = $this->store->retrieveTagByValue($value);
@@ -487,6 +493,12 @@ class Poche
                break;
            case 'remove_tag' :
                $tag_id = $_GET['tag_id'];
+                $entry = $this->store->retrieveOneById($id, $this->user->getId());
+                if (!$entry) {
+                    $this->messages->add('e', _('Article not found!'));
+                    Tools::logm('error : article not found');
+                    Tools::redirect();
+                }
                $this->store->removeTagForEntry($id, $tag_id);
                Tools::redirect();
                break;
@@ -525,6 +537,12 @@ class Poche
                break;
            case 'edit-tags':
                # tags
+                $entry = $this->store->retrieveOneById($id, $this->user->getId());
+                if (!$entry) {
+                    $this->messages->add('e', _('Article not found!'));
+                    Tools::logm('error : article not found');
+                    Tools::redirect();
+                }
                $tags = $this->store->retrieveTagsByEntry($id);
                $tpl_vars = array(
                    'entry_id' => $id,
@@ -532,8 +550,8 @@ class Poche
                );
                break;
            case 'tag':
-                $entries = $this->store->retrieveEntriesByTag($id);
+                $entries = $this->store->retrieveEntriesByTag($id, $this->user->getId());
-                $tag = $this->store->retrieveTag($id);
+                $tag = $this->store->retrieveTag($id, $this->user->getId());
                $tpl_vars = array(
                    'tag' => $tag,
                    'entries' => $entries,
@@ -541,7 +559,7 @@ class Poche
                break;
            case 'tags':
                $token = $this->user->getConfigValue('token');
-                $tags = $this->store->retrieveAllTags();
+                $tags = $this->store->retrieveAllTags($this->user->getId());
                $tpl_vars = array(
                    'token' => $token,
                    'user_id' => $this->user->getId(),
@@ -1056,7 +1074,7 @@ class Poche
        $feed->setChannelElement('author', 'wallabag');
        if ($type == 'tag') {
-            $entries = $this->store->retrieveEntriesByTag($tag_id);
+            $entries = $this->store->retrieveEntriesByTag($tag_id, $user_id);
        }
        else {
            $entries = $this->store->getEntriesByView($type, $user_id);
diff --git a/index.php b/index.php
index 1a595ece..2c81afd6 100644
--- a/index.php
+++ b/index.php
@@ -8,7 +8,8 @@
 * @license    http://www.wtfpl.net/ see COPYING file
 */
-define ('POCHE', '1.5.0');
+define ('POCHE', '1.5.1');
+require 'check_setup.php';
 require_once 'inc/poche/global.inc.php';
 session_start(); 
diff --git a/install/index.php b/install/index.php
new file mode 100644
index 00000000..d31bad89
--- /dev/null
+++ b/install/index.php
@@ -0,0 +1,283 @@
+<?php
+$errors = array();
+$successes = array();
+if ($_POST['download']) {
+    if (!file_put_contents("cache/vendor.zip", fopen("http://static.wallabag.org/files/vendor.zip", 'r'))) {
+        $errors[] = 'Impossible to download vendor.zip. Please <a href="http://wllbg.org/vendor">download it manually<∕a> and unzip it in your wallabag folder.';
+    }
+    else {
+        if (extension_loaded('zip')) {
+            $zip = new ZipArchive();
+            if ($zip->open("cache/vendor.zip") !== TRUE){
+                $errors[] = 'Impossible to open cache/vendor.zip. Please unzip it manually in your wallabag folder.';
+            }
+            if ($zip->extractTo(realpath(''))) {
+                @unlink("cache/vendor.zip");
+                $successes[] = 'twig is now installed, you can install wallabag.';
+            }
+            else {
+                $errors[] = 'Impossible to extract cache/vendor.zip. Please unzip it manually in your wallabag folder.';
+            }
+            $zip->close();
+        }
+        else {
+            $errors[] = 'zip extension is not enabled in your PHP configuration. Please unzip cache/vendor.zip in your wallabag folder.';
+        }
+    }
+}
+else if ($_POST['install']) {
+    if (!is_dir('vendor')) {
+        $errors[] = 'You must install twig before.';
+    }
+    else {
+        $continue = true;
+        // Create config.inc.php
+        if (!copy('inc/poche/config.inc.php.new', 'inc/poche/config.inc.php')) {
+            $errors[] = 'Installation aborted, impossible to create inc/poche/config.inc.php file. Maybe you don\'t have write access to create it.';
+            $continue = false;
+        }
+        else {
+            function generate_salt() {
+                mt_srand(microtime(true)*100000 + memory_get_usage(true));
+                return md5(uniqid(mt_rand(), true));
+            }
+            $content = file_get_contents('inc/poche/config.inc.php');
+            $salt = generate_salt();
+            $content = str_replace("define ('SALT', '');", "define ('SALT', '".$salt."');", $content);
+            file_put_contents('inc/poche/config.inc.php', $content);
+        }
+        if ($continue) {
+            // User informations
+            $username = trim($_POST['username']);
+            $password = trim($_POST['password']);
+            $salted_password = sha1($password . $username . $salt);
+            // Database informations
+            if ($_POST['db_engine'] == 'sqlite') {
+                if (!copy('install/poche.sqlite', 'db/poche.sqlite')) {
+                    $errors[] = 'Impossible to create inc/poche/config.inc.php file.';
+                    $continue = false;
+                }
+                else {
+                    $db_path = 'sqlite:' . realpath('') . '/db/poche.sqlite';
+                    $handle = new PDO($db_path);
+                }
+            }
+            else {
+                $content = file_get_contents('inc/poche/config.inc.php');
+                if ($_POST['db_engine'] == 'mysql') {
+                    $db_path = 'mysql:host=' . $_POST['mysql_server'] . ';dbname=' . $_POST['mysql_database'];
+                    $content = str_replace("define ('STORAGE_SERVER', 'localhost');", "define ('STORAGE_SERVER', '".$_POST['mysql_server']."');", $content);
+                    $content = str_replace("define ('STORAGE_DB', 'poche');", "define ('STORAGE_DB', '".$_POST['mysql_database']."');", $content);
+                    $content = str_replace("define ('STORAGE_USER', 'poche');", "define ('STORAGE_USER', '".$_POST['mysql_user']."');", $content);
+                    $content = str_replace("define ('STORAGE_PASSWORD', 'poche');", "define ('STORAGE_PASSWORD', '".$_POST['mysql_password']."');", $content);
+                    $handle = new PDO($db_path, $_POST['mysql_user'], $_POST['mysql_password']); 
+                    $sql_structure = file_get_contents('install/mysql.sql');
+                }
+                else if ($_POST['db_engine'] == 'postgresql') {
+                    $db_path = 'pgsql:host=' . $_POST['pg_server'] . ';dbname=' . $_POST['pg_database'];
+                    $content = str_replace("define ('STORAGE_SERVER', 'localhost');", "define ('STORAGE_SERVER', '".$_POST['pg_server']."');", $content);
+                    $content = str_replace("define ('STORAGE_DB', 'poche');", "define ('STORAGE_DB', '".$_POST['pg_database']."');", $content);
+                    $content = str_replace("define ('STORAGE_USER', 'poche');", "define ('STORAGE_USER', '".$_POST['pg_user']."');", $content);
+                    $content = str_replace("define ('STORAGE_PASSWORD', 'poche');", "define ('STORAGE_PASSWORD', '".$_POST['pg_password']."');", $content);
+                    $handle = new PDO($db_path, $_POST['pg_user'], $_POST['pg_password']);
+                    $sql_structure = file_get_contents('install/postgres.sql');
+                }
+                $content = str_replace("define ('STORAGE', 'sqlite');", "define ('STORAGE', '".$_POST['db_engine']."');", $content);
+                file_put_contents('inc/poche/config.inc.php', $content);
+            }
+            if ($continue) {
+                function executeQuery($handle, $sql, $params) {
+                    try
+                    {
+                        $query = $handle->prepare($sql);
+                        $query->execute($params);
+                        return $query->fetchAll();
+                    }
+                    catch (Exception $e)
+                    {
+                        return FALSE;
+                    }
+                }
+                // create database structure
+                $query = executeQuery($handle, $sql_structure, array());
+                // Create user
+                $handle->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+                $sql = 'INSERT INTO users (username, password, name) VALUES (?, ?, ?)';
+                $params = array($username, $salted_password, $username);
+                $query = executeQuery($handle, $sql, $params);
+                $id_user = $handle->lastInsertId();
+                $sql = 'INSERT INTO users_config ( user_id, name, value ) VALUES (?, ?, ?)';
+                $params = array($id_user, 'pager', '10');
+                $query = executeQuery($handle, $sql, $params);
+                $sql = 'INSERT INTO users_config ( user_id, name, value ) VALUES (?, ?, ?)';
+                $params = array($id_user, 'language', 'en_EN.UTF8');
+                $query = executeQuery($handle, $sql, $params);
+                $successes[] = 'wallabag is now installed. Don\'t forget to delete install folder. Then, <a href="index.php">reload this page</a>.';
+            }
+        }
+    }
+}
+?>
+<!DOCTYPE html>
+<html>
+    <head>
+        <meta name="viewport" content="initial-scale=1.0">
+        <meta charset="utf-8">
+        <!--[if IE]>
+        <meta http-equiv="X-UA-Compatible" content="IE=10">
+        <![endif]-->
+        <title>wallabag — installation</title>
+        <link rel="shortcut icon" type="image/x-icon" href="themes/baggy/img/favicon.ico" />
+        <link rel="apple-touch-icon-precomposed" sizes="144x144" href="themes/baggy/img/apple-touch-icon-144x144-precomposed.png">
+        <link rel="apple-touch-icon-precomposed" sizes="72x72" href="themes/baggy/img/apple-touch-icon-72x72-precomposed.png">
+        <link rel="apple-touch-icon-precomposed" href="themes/baggy/img/apple-touch-icon-precomposed.png">
+        <link href='//fonts.googleapis.com/css?family=PT+Sans:700' rel='stylesheet' type='text/css'>
+        <link rel="stylesheet" href="themes/baggy/css/ratatouille.css" media="all">
+        <link rel="stylesheet" href="themes/baggy/css/font.css" media="all">
+        <link rel="stylesheet" href="themes/baggy/css/main.css" media="all">
+        <link rel="stylesheet" href="themes/baggy/css/messages.css" media="all">
+        <link rel="stylesheet" href="themes/baggy/css/print.css" media="print">
+        <script src="themes/baggy/js/jquery-2.0.3.min.js"></script>
+        <script src="themes/baggy/js/init.js"></script>
+    </head>
+    <body>
+        <header class="w600p center mbm">
+            <h1 class="logo">
+                <img width="100" height="100" src="themes/baggy/img/logo-w.png" alt="logo poche" />
+            </h1>
+        </header>
+        <div id="main">
+            <button id="menu" class="icon icon-menu desktopHide"><span>Menu</span></button>
+            <ul id="links" class="links">
+                <li><a href="http://www.wallabag.org/frequently-asked-questions/">FAQ</a></li>
+                <li><a href="http://doc.wallabag.org/">doc</a></li>
+                <li><a href="http://www.wallabag.org/help/">help</a></li>
+                <li><a href="http://www.wallabag.org/">wallabag.org</a></li>
+            </ul> 
+            <?php if (!empty($errors)) : ?>
+                <div class='messages error'>
+                    <p>Errors during installation:</p>
+                    <p>
+                        <ul>
+                        <?php foreach($errors as $error) :?>
+                            <li><?php echo $error; ?></li>
+                        <?php endforeach; ?>
+                        </ul>
+                    </p>
+                    <p><a href="index.php">Please reload</a> this page when you think you resolved these problems.</p>
+                </div>
+            <?php endif; ?>
+            <?php if (!empty($successes)) : ?>
+                <div class='messages success'>
+                    <p>
+                        <ul>
+                        <?php foreach($successes as $success) :?>
+                            <li><?php echo $success; ?></li>
+                        <?php endforeach; ?>
+                        </ul>
+                    </p>
+                </div>
+            <?php endif; ?>
+            <p>To install wallabag, you just have to fill the following fields. That's all.</p>
+            <p>Don't forget to check your server compatibility <a href="wallabag_compatibility_test.php">here</a>.</p>
+            <form method="post">
+                <fieldset>
+                    <legend><strong>Technical settings</strong></legend>
+                    <?php if (!is_dir('vendor')) : ?>
+                        <div class='messages notice'>wallabag needs twig, a template engine (<a href="http://twig.sensiolabs.org/">?</a>). Two ways to install it: 
+                        <ul>
+                            <li>automatically download and extract vendor.zip into your wallabag folder. 
+                            <p><input type="submit" name="download" value="Download vendor.zip" /></p>
+                            <?php if (!extension_loaded('zip')) : ?>
+                                <b>Be careful, zip extension is not enabled in your PHP configuration. You'll have to unzip vendor.zip manually.</b>
+                            <?php endif; ?>
+                                <em>This method is mainly recommended if you don't have a dedicated server.</em></li>
+                            <li>use <a href="http://getcomposer.org/">Composer</a> :<pre><code>curl -s http://getcomposer.org/installer | php
+php composer.phar install</code></pre></li>
+                        </ul>
+                        </div>
+                    <?php endif; ?>
+                    <p>
+                        Database engine:
+                        <ul>
+                            <li><label for="sqlite">SQLite</label> <input name="db_engine" type="radio" checked="" id="sqlite" value="sqlite" /></li>
+                            <li>
+                                <label for="mysql">MySQL</label> <input name="db_engine" type="radio" id="mysql" value="mysql" />
+                                <ul id="mysql_infos">
+                                    <li><label for="mysql_server">Server</label> <input type="text" placeholder="localhost" id="mysql_server" name="mysql_server" /></li>
+                                    <li><label for="mysql_database">Database</label> <input type="text" placeholder="wallabag" id="mysql_database" name="mysql_database" /></li>
+                                    <li><label for="mysql_user">User</label> <input type="text" placeholder="user" id="mysql_user" name="mysql_user" /></li>
+                                    <li><label for="mysql_password">Password</label> <input type="text" placeholder="p4ssw0rd" id="mysql_password" name="mysql_password" /></li>
+                                </ul>
+                            </li>
+                            <li>
+                                <label for="postgresql">PostgreSQL</label> <input name="db_engine" type="radio" id="postgresql" value="postgresql" />
+                                <ul id="pg_infos">
+                                    <li><label for="pg_server">Server</label> <input type="text" placeholder="localhost" id="pg_server" name="pg_server" /></li>
+                                    <li><label for="pg_database">Database</label> <input type="text" placeholder="wallabag" id="pg_database" name="pg_database" /></li>
+                                    <li><label for="pg_user">User</label> <input type="text" placeholder="user" id="pg_user" name="pg_user" /></li>
+                                  id  <li><label for="pg_password">Password</label> <input type="text" placeholder="p4ssw0rd" id="pg_password" name="pg_password" /></li>
+                                </ul>
+                            </li>
+                        </ul>
+                    </p>
+                </fieldset>
+                <fieldset>
+                    <legend><strong>User settings</strong></legend>
+                    <p>
+                        <label for="username">Username</label>
+                        <input type="text" required id="username" name="username" value="wallabag" />
+                    </p>
+                    <p>
+                        <label for="password">Password</label>
+                        <input type="password" required id="password" name="password" value="wallabag" />
+                    </p>
+                    <p>
+                        <label for="show">Show password:</label> <input name="show" id="show" type="checkbox" onchange="document.getElementById('password').type = this.checked ? 'text' : 'password'">
+                    </p>
+                </fieldset>
+                <input type="submit" value="Install wallabag" name="install" />
+            </form>
+        </div>
+        <script>
+            $("#mysql_infos").hide();
+            $("#pg_infos").hide();
+            $("input[name=db_engine]").click(function() 
+                {
+                    if ( $("#mysql").prop('checked')) {
+                        $("#mysql_infos").show();
+                        $("#pg_infos").hide();
+                    }
+                    else {
+                        if ( $("#postgresql").prop('checked')) {
+                            $("#mysql_infos").hide();
+                            $("#pg_infos").show();
+                        }
+                        else {
+                            $("#mysql_infos").hide();
+                            $("#pg_infos").hide();
+                        }
+                    }
+                });
+        </script>
+    </body>
+</html>
+\ No newline at end of file
diff --git a/themes/baggy/css/messages.css b/themes/baggy/css/messages.css
index e69de29b..0cd89a9e 100755
--- a/themes/baggy/css/messages.css
+++ b/themes/baggy/css/messages.css
@@ -0,0 +1,19 @@
+.messages.error {
+    border: 1px solid #c42608;
+    color: #c00 !important;
+    background: #fff0ef;
+    text-align: left;
+}
+.messages.notice {
+    border: 1px solid #ebcd41;
+    color: #000;
+    background: #fffcd3;
+    text-align: left;
+}
+.messages.success {
+    border: 1px solid #6dc70c;
+    background: #e0fbcc;
+    text-align: left;
+}
+\ No newline at end of file
diff --git a/wallabag_compatibility_test.php b/wallabag_compatibility_test.php
index fd285042..26dce018 100644
--- a/wallabag_compatibility_test.php
+++ b/wallabag_compatibility_test.php
@@ -176,7 +176,7 @@ div.chunk {
                                <tbody>
                                        <tr class="<?php echo ($php_ok) ? 'enabled' : 'disabled'; ?>">
                                                <td>PHP</td>
-                                                <td>5.2.0 or higher</td>
+                                                <td>5.3.3 or higher</td>
                                                <td><?php echo phpversion(); ?></td>
                                        </tr>
                                        <tr class="<?php echo ($xml_ok) ? 'enabled, and sane' : 'disabled, or broken'; ?>">

diff --git a/check_setup.php b/check_setup.php new file mode 100644 index 00000000..96dd0f7d --- /dev/null +++ b/check_setup.php
@@ -0,0 +1,40 @@
		1	<?php
		2
		3	// PHP 5.3 minimum
		4	if (version_compare(PHP_VERSION, '5.3.3', '<')) {
		5	die('This software require PHP 5.3.3 minimum');
		6	}
		7
		8	// Short tags must be enabled for PHP < 5.4
		9	if (version_compare(PHP_VERSION, '5.4.0', '<')) {
		10
		11	if (! ini_get('short_open_tag')) {
		12	die('This software require to have short tags enabled, check your php.ini => "short_open_tag = On"');
		13	}
		14	}
		15
		16	// Check PDO Sqlite
		17	if (! extension_loaded('pdo_sqlite')) {
		18	die('PHP extension required: pdo_sqlite');
		19	}
		20
		21	// Check ZIP
		22	if (! extension_loaded('zip')) {
		23	die('PHP extension required: zip');
		24	}
		25
		26	// Check if /cache is writeable
		27	if (! is_writable('cache')) {
		28	die('The directory "cache" must be writeable by your web server user');
		29	}
		30
		31	// Check if /db is writeable
		32	if (! is_writable('db')) {
		33	die('The directory "db" must be writeable by your web server user');
		34	}
		35
		36	// install folder still present, need to install wallabag
		37	if (is_dir('install')) {
		38	require('install/index.php');
		39	exit;
		40	} \ No newline at end of file


diff --git a/inc/poche/Database.class.php b/inc/poche/Database.class.php index 58583bf5..3332b5a3 100644 --- a/inc/poche/Database.class.php +++ b/inc/poche/Database.class.php
@@ -344,30 +344,36 @@ class Database {
344	return $this->getHandle()->lastInsertId($column);	344	return $this->getHandle()->lastInsertId($column);
345	}	345	}
346		346
347	public function retrieveAllTags() {	347	public function retrieveAllTags($user_id) {
348	$sql = "SELECT * FROM tags";	348	$sql = "SELECT tags.* FROM tags
349	$query = $this->executeQuery($sql, array());	349	LEFT JOIN tags_entries ON tags_entries.tag_id=tags.id
		350	LEFT JOIN entries ON tags_entries.entry_id=entries.id
		351	WHERE entries.user_id=?";
		352	$query = $this->executeQuery($sql, array($user_id));
350	$tags = $query->fetchAll();	353	$tags = $query->fetchAll();
351		354
352	return $tags;	355	return $tags;
353	}	356	}
354		357
355	public function retrieveTag($id) {	358	public function retrieveTag($id, $user_id) {
356	$tag = NULL;	359	$tag = NULL;
357	$sql = "SELECT * FROM tags WHERE id=?";	360	$sql = "SELECT tags.* FROM tags
358	$params = array(intval($id));	361	LEFT JOIN tags_entries ON tags_entries.tag_id=tags.id
		362	LEFT JOIN entries ON tags_entries.entry_id=entries.id
		363	WHERE tags.id=? AND entries.user_id=?";
		364	$params = array(intval($id), $user_id);
359	$query = $this->executeQuery($sql, $params);	365	$query = $this->executeQuery($sql, $params);
360	$tag = $query->fetchAll();	366	$tag = $query->fetchAll();
361		367
362	return isset($tag[0]) ? $tag[0] : null;	368	return isset($tag[0]) ? $tag[0] : null;
363	}	369	}
364		370
365	public function retrieveEntriesByTag($tag_id) {	371	public function retrieveEntriesByTag($tag_id, $user_id) {
366	$sql =	372	$sql =
367	"SELECT entries.* FROM entries	373	"SELECT entries.* FROM entries
368	LEFT JOIN tags_entries ON tags_entries.entry_id=entries.id	374	LEFT JOIN tags_entries ON tags_entries.entry_id=entries.id
369	WHERE tags_entries.tag_id = ?";	375	WHERE tags_entries.tag_id = ? AND entries.user_id=?";
370	$query = $this->executeQuery($sql, array($tag_id));	376	$query = $this->executeQuery($sql, array($tag_id, $user_id));
371	$entries = $query->fetchAll();	377	$entries = $query->fetchAll();
372		378
373	return $entries;	379	return $entries;


diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index 76169297..753bd7f0 100644 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php
@@ -463,6 +463,12 @@ class Poche
463	case 'add_tag' :	463	case 'add_tag' :
464	$tags = explode(',', $_POST['value']);	464	$tags = explode(',', $_POST['value']);
465	$entry_id = $_POST['entry_id'];	465	$entry_id = $_POST['entry_id'];
		466	$entry = $this->store->retrieveOneById($entry_id, $this->user->getId());
		467	if (!$entry) {
		468	$this->messages->add('e', _('Article not found!'));
		469	Tools::logm('error : article not found');
		470	Tools::redirect();
		471	}
466	foreach($tags as $key => $tag_value) {	472	foreach($tags as $key => $tag_value) {
467	$value = trim($tag_value);	473	$value = trim($tag_value);
468	$tag = $this->store->retrieveTagByValue($value);	474	$tag = $this->store->retrieveTagByValue($value);
@@ -487,6 +493,12 @@ class Poche
487	break;	493	break;
488	case 'remove_tag' :	494	case 'remove_tag' :
489	$tag_id = $_GET['tag_id'];	495	$tag_id = $_GET['tag_id'];
		496	$entry = $this->store->retrieveOneById($id, $this->user->getId());
		497	if (!$entry) {
		498	$this->messages->add('e', _('Article not found!'));
		499	Tools::logm('error : article not found');
		500	Tools::redirect();
		501	}
490	$this->store->removeTagForEntry($id, $tag_id);	502	$this->store->removeTagForEntry($id, $tag_id);
491	Tools::redirect();	503	Tools::redirect();
492	break;	504	break;
@@ -525,6 +537,12 @@ class Poche
525	break;	537	break;
526	case 'edit-tags':	538	case 'edit-tags':
527	# tags	539	# tags
		540	$entry = $this->store->retrieveOneById($id, $this->user->getId());
		541	if (!$entry) {
		542	$this->messages->add('e', _('Article not found!'));
		543	Tools::logm('error : article not found');
		544	Tools::redirect();
		545	}
528	$tags = $this->store->retrieveTagsByEntry($id);	546	$tags = $this->store->retrieveTagsByEntry($id);
529	$tpl_vars = array(	547	$tpl_vars = array(
530	'entry_id' => $id,	548	'entry_id' => $id,
@@ -532,8 +550,8 @@ class Poche
532	);	550	);
533	break;	551	break;
534	case 'tag':	552	case 'tag':
535	$entries = $this->store->retrieveEntriesByTag($id);	553	$entries = $this->store->retrieveEntriesByTag($id, $this->user->getId());
536	$tag = $this->store->retrieveTag($id);	554	$tag = $this->store->retrieveTag($id, $this->user->getId());
537	$tpl_vars = array(	555	$tpl_vars = array(
538	'tag' => $tag,	556	'tag' => $tag,
539	'entries' => $entries,	557	'entries' => $entries,
@@ -541,7 +559,7 @@ class Poche
541	break;	559	break;
542	case 'tags':	560	case 'tags':
543	$token = $this->user->getConfigValue('token');	561	$token = $this->user->getConfigValue('token');
544	$tags = $this->store->retrieveAllTags();	562	$tags = $this->store->retrieveAllTags($this->user->getId());
545	$tpl_vars = array(	563	$tpl_vars = array(
546	'token' => $token,	564	'token' => $token,
547	'user_id' => $this->user->getId(),	565	'user_id' => $this->user->getId(),
@@ -1056,7 +1074,7 @@ class Poche
1056	$feed->setChannelElement('author', 'wallabag');	1074	$feed->setChannelElement('author', 'wallabag');
1057		1075
1058	if ($type == 'tag') {	1076	if ($type == 'tag') {
1059	$entries = $this->store->retrieveEntriesByTag($tag_id);	1077	$entries = $this->store->retrieveEntriesByTag($tag_id, $user_id);
1060	}	1078	}
1061	else {	1079	else {
1062	$entries = $this->store->getEntriesByView($type, $user_id);	1080	$entries = $this->store->getEntriesByView($type, $user_id);


diff --git a/index.php b/index.php index 1a595ece..2c81afd6 100644 --- a/index.php +++ b/index.php
@@ -8,7 +8,8 @@
8	* @license http://www.wtfpl.net/ see COPYING file	8	* @license http://www.wtfpl.net/ see COPYING file
9	*/	9	*/
10		10
11	define ('POCHE', '1.5.0');	11	define ('POCHE', '1.5.1');
		12	require 'check_setup.php';
12	require_once 'inc/poche/global.inc.php';	13	require_once 'inc/poche/global.inc.php';
13	session_start();	14	session_start();
14		15


diff --git a/install/index.php b/install/index.php new file mode 100644 index 00000000..d31bad89 --- /dev/null +++ b/install/index.php
@@ -0,0 +1,283 @@
		1	<?php
		2	$errors = array();
		3	$successes = array();
		4	if ($_POST['download']) {
		5	if (!file_put_contents("cache/vendor.zip", fopen("http://static.wallabag.org/files/vendor.zip", 'r'))) {
		6	$errors[] = 'Impossible to download vendor.zip. Please <a href="http://wllbg.org/vendor">download it manually<∕a> and unzip it in your wallabag folder.';
		7	}
		8	else {
		9	if (extension_loaded('zip')) {
		10	$zip = new ZipArchive();
		11	if ($zip->open("cache/vendor.zip") !== TRUE){
		12	$errors[] = 'Impossible to open cache/vendor.zip. Please unzip it manually in your wallabag folder.';
		13	}
		14	if ($zip->extractTo(realpath(''))) {
		15	@unlink("cache/vendor.zip");
		16	$successes[] = 'twig is now installed, you can install wallabag.';
		17	}
		18	else {
		19	$errors[] = 'Impossible to extract cache/vendor.zip. Please unzip it manually in your wallabag folder.';
		20	}
		21	$zip->close();
		22	}
		23	else {
		24	$errors[] = 'zip extension is not enabled in your PHP configuration. Please unzip cache/vendor.zip in your wallabag folder.';
		25	}
		26	}
		27	}
		28	else if ($_POST['install']) {
		29	if (!is_dir('vendor')) {
		30	$errors[] = 'You must install twig before.';
		31	}
		32	else {
		33	$continue = true;
		34	// Create config.inc.php
		35	if (!copy('inc/poche/config.inc.php.new', 'inc/poche/config.inc.php')) {
		36	$errors[] = 'Installation aborted, impossible to create inc/poche/config.inc.php file. Maybe you don\'t have write access to create it.';
		37	$continue = false;
		38	}
		39	else {
		40	function generate_salt() {
		41	mt_srand(microtime(true)*100000 + memory_get_usage(true));
		42	return md5(uniqid(mt_rand(), true));
		43	}
		44
		45	$content = file_get_contents('inc/poche/config.inc.php');
		46	$salt = generate_salt();
		47	$content = str_replace("define ('SALT', '');", "define ('SALT', '".$salt."');", $content);
		48	file_put_contents('inc/poche/config.inc.php', $content);
		49	}
		50
		51	if ($continue) {
		52
		53	// User informations
		54	$username = trim($_POST['username']);
		55	$password = trim($_POST['password']);
		56	$salted_password = sha1($password . $username . $salt);
		57
		58	// Database informations
		59	if ($_POST['db_engine'] == 'sqlite') {
		60	if (!copy('install/poche.sqlite', 'db/poche.sqlite')) {
		61	$errors[] = 'Impossible to create inc/poche/config.inc.php file.';
		62	$continue = false;
		63	}
		64	else {
		65	$db_path = 'sqlite:' . realpath('') . '/db/poche.sqlite';
		66	$handle = new PDO($db_path);
		67	}
		68	}
		69	else {
		70	$content = file_get_contents('inc/poche/config.inc.php');
		71
		72	if ($_POST['db_engine'] == 'mysql') {
		73	$db_path = 'mysql:host=' . $_POST['mysql_server'] . ';dbname=' . $_POST['mysql_database'];
		74	$content = str_replace("define ('STORAGE_SERVER', 'localhost');", "define ('STORAGE_SERVER', '".$_POST['mysql_server']."');", $content);
		75	$content = str_replace("define ('STORAGE_DB', 'poche');", "define ('STORAGE_DB', '".$_POST['mysql_database']."');", $content);
		76	$content = str_replace("define ('STORAGE_USER', 'poche');", "define ('STORAGE_USER', '".$_POST['mysql_user']."');", $content);
		77	$content = str_replace("define ('STORAGE_PASSWORD', 'poche');", "define ('STORAGE_PASSWORD', '".$_POST['mysql_password']."');", $content);
		78	$handle = new PDO($db_path, $_POST['mysql_user'], $_POST['mysql_password']);
		79
		80	$sql_structure = file_get_contents('install/mysql.sql');
		81	}
		82	else if ($_POST['db_engine'] == 'postgresql') {
		83	$db_path = 'pgsql:host=' . $_POST['pg_server'] . ';dbname=' . $_POST['pg_database'];
		84	$content = str_replace("define ('STORAGE_SERVER', 'localhost');", "define ('STORAGE_SERVER', '".$_POST['pg_server']."');", $content);
		85	$content = str_replace("define ('STORAGE_DB', 'poche');", "define ('STORAGE_DB', '".$_POST['pg_database']."');", $content);
		86	$content = str_replace("define ('STORAGE_USER', 'poche');", "define ('STORAGE_USER', '".$_POST['pg_user']."');", $content);
		87	$content = str_replace("define ('STORAGE_PASSWORD', 'poche');", "define ('STORAGE_PASSWORD', '".$_POST['pg_password']."');", $content);
		88	$handle = new PDO($db_path, $_POST['pg_user'], $_POST['pg_password']);
		89
		90	$sql_structure = file_get_contents('install/postgres.sql');
		91	}
		92
		93	$content = str_replace("define ('STORAGE', 'sqlite');", "define ('STORAGE', '".$_POST['db_engine']."');", $content);
		94	file_put_contents('inc/poche/config.inc.php', $content);
		95	}
		96
		97	if ($continue) {
		98
		99	function executeQuery($handle, $sql, $params) {
		100	try
		101	{
		102	$query = $handle->prepare($sql);
		103	$query->execute($params);
		104	return $query->fetchAll();
		105	}
		106	catch (Exception $e)
		107	{
		108	return FALSE;
		109	}
		110	}
		111
		112	// create database structure
		113	$query = executeQuery($handle, $sql_structure, array());
		114
		115	// Create user
		116	$handle->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
		117
		118	$sql = 'INSERT INTO users (username, password, name) VALUES (?, ?, ?)';
		119	$params = array($username, $salted_password, $username);
		120	$query = executeQuery($handle, $sql, $params);
		121
		122	$id_user = $handle->lastInsertId();
		123
		124	$sql = 'INSERT INTO users_config ( user_id, name, value ) VALUES (?, ?, ?)';
		125	$params = array($id_user, 'pager', '10');
		126	$query = executeQuery($handle, $sql, $params);
		127
		128	$sql = 'INSERT INTO users_config ( user_id, name, value ) VALUES (?, ?, ?)';
		129	$params = array($id_user, 'language', 'en_EN.UTF8');
		130	$query = executeQuery($handle, $sql, $params);
		131
		132	$successes[] = 'wallabag is now installed. Don\'t forget to delete install folder. Then, <a href="index.php">reload this page</a>.';
		133	}
		134	}
		135	}
		136	}
		137	?>
		138	<!DOCTYPE html>
		139	<html>
		140	<head>
		141	<meta name="viewport" content="initial-scale=1.0">
		142	<meta charset="utf-8">
		143	<!--[if IE]>
		144	<meta http-equiv="X-UA-Compatible" content="IE=10">
		145	<![endif]-->
		146	<title>wallabag — installation</title>
		147	<link rel="shortcut icon" type="image/x-icon" href="themes/baggy/img/favicon.ico" />
		148	<link rel="apple-touch-icon-precomposed" sizes="144x144" href="themes/baggy/img/apple-touch-icon-144x144-precomposed.png">
		149	<link rel="apple-touch-icon-precomposed" sizes="72x72" href="themes/baggy/img/apple-touch-icon-72x72-precomposed.png">
		150	<link rel="apple-touch-icon-precomposed" href="themes/baggy/img/apple-touch-icon-precomposed.png">
		151	<link href='//fonts.googleapis.com/css?family=PT+Sans:700' rel='stylesheet' type='text/css'>
		152	<link rel="stylesheet" href="themes/baggy/css/ratatouille.css" media="all">
		153	<link rel="stylesheet" href="themes/baggy/css/font.css" media="all">
		154	<link rel="stylesheet" href="themes/baggy/css/main.css" media="all">
		155	<link rel="stylesheet" href="themes/baggy/css/messages.css" media="all">
		156	<link rel="stylesheet" href="themes/baggy/css/print.css" media="print">
		157	<script src="themes/baggy/js/jquery-2.0.3.min.js"></script>
		158	<script src="themes/baggy/js/init.js"></script>
		159	</head>
		160	<body>
		161	<header class="w600p center mbm">
		162	<h1 class="logo">
		163	<img width="100" height="100" src="themes/baggy/img/logo-w.png" alt="logo poche" />
		164	</h1>
		165	</header>
		166	<div id="main">
		167	<button id="menu" class="icon icon-menu desktopHide"><span>Menu</span></button>
		168	<ul id="links" class="links">
		169	<li><a href="http://www.wallabag.org/frequently-asked-questions/">FAQ</a></li>
		170	<li><a href="http://doc.wallabag.org/">doc</a></li>
		171	<li><a href="http://www.wallabag.org/help/">help</a></li>
		172	<li><a href="http://www.wallabag.org/">wallabag.org</a></li>
		173	</ul>
		174	<?php if (!empty($errors)) : ?>
		175	<div class='messages error'>
		176	<p>Errors during installation:</p>
		177	<p>
		178	<ul>
		179	<?php foreach($errors as $error) :?>
		180	<li><?php echo $error; ?></li>
		181	<?php endforeach; ?>
		182	</ul>
		183	</p>
		184	<p><a href="index.php">Please reload</a> this page when you think you resolved these problems.</p>
		185	</div>
		186	<?php endif; ?>
		187	<?php if (!empty($successes)) : ?>
		188	<div class='messages success'>
		189	<p>
		190	<ul>
		191	<?php foreach($successes as $success) :?>
		192	<li><?php echo $success; ?></li>
		193	<?php endforeach; ?>
		194	</ul>
		195	</p>
		196	</div>
		197	<?php endif; ?>
		198	<p>To install wallabag, you just have to fill the following fields. That's all.</p>
		199	<p>Don't forget to check your server compatibility <a href="wallabag_compatibility_test.php">here</a>.</p>
		200	<form method="post">
		201	<fieldset>
		202	<legend><strong>Technical settings</strong></legend>
		203	<?php if (!is_dir('vendor')) : ?>
		204	<div class='messages notice'>wallabag needs twig, a template engine (<a href="http://twig.sensiolabs.org/">?</a>). Two ways to install it:
		205	<ul>
		206	<li>automatically download and extract vendor.zip into your wallabag folder.
		207	<p><input type="submit" name="download" value="Download vendor.zip" /></p>
		208	<?php if (!extension_loaded('zip')) : ?>
		209	<b>Be careful, zip extension is not enabled in your PHP configuration. You'll have to unzip vendor.zip manually.</b>
		210	<?php endif; ?>
		211	<em>This method is mainly recommended if you don't have a dedicated server.</em></li>
		212	<li>use <a href="http://getcomposer.org/">Composer</a> :<pre><code>curl -s http://getcomposer.org/installer \| php
		213	php composer.phar install</code></pre></li>
		214	</ul>
		215	</div>
		216	<?php endif; ?>
		217	<p>
		218	Database engine:
		219	<ul>
		220	<li><label for="sqlite">SQLite</label> <input name="db_engine" type="radio" checked="" id="sqlite" value="sqlite" /></li>
		221	<li>
		222	<label for="mysql">MySQL</label> <input name="db_engine" type="radio" id="mysql" value="mysql" />
		223	<ul id="mysql_infos">
		224	<li><label for="mysql_server">Server</label> <input type="text" placeholder="localhost" id="mysql_server" name="mysql_server" /></li>
		225	<li><label for="mysql_database">Database</label> <input type="text" placeholder="wallabag" id="mysql_database" name="mysql_database" /></li>
		226	<li><label for="mysql_user">User</label> <input type="text" placeholder="user" id="mysql_user" name="mysql_user" /></li>
		227	<li><label for="mysql_password">Password</label> <input type="text" placeholder="p4ssw0rd" id="mysql_password" name="mysql_password" /></li>
		228	</ul>
		229	</li>
		230	<li>
		231	<label for="postgresql">PostgreSQL</label> <input name="db_engine" type="radio" id="postgresql" value="postgresql" />
		232	<ul id="pg_infos">
		233	<li><label for="pg_server">Server</label> <input type="text" placeholder="localhost" id="pg_server" name="pg_server" /></li>
		234	<li><label for="pg_database">Database</label> <input type="text" placeholder="wallabag" id="pg_database" name="pg_database" /></li>
		235	<li><label for="pg_user">User</label> <input type="text" placeholder="user" id="pg_user" name="pg_user" /></li>
		236	id <li><label for="pg_password">Password</label> <input type="text" placeholder="p4ssw0rd" id="pg_password" name="pg_password" /></li>
		237	</ul>
		238	</li>
		239	</ul>
		240	</p>
		241	</fieldset>
		242
		243	<fieldset>
		244	<legend><strong>User settings</strong></legend>
		245	<p>
		246	<label for="username">Username</label>
		247	<input type="text" required id="username" name="username" value="wallabag" />
		248	</p>
		249	<p>
		250	<label for="password">Password</label>
		251	<input type="password" required id="password" name="password" value="wallabag" />
		252	</p>
		253	<p>
		254	<label for="show">Show password:</label> <input name="show" id="show" type="checkbox" onchange="document.getElementById('password').type = this.checked ? 'text' : 'password'">
		255	</p>
		256	</fieldset>
		257
		258	<input type="submit" value="Install wallabag" name="install" />
		259	</form>
		260	</div>
		261	<script>
		262	$("#mysql_infos").hide();
		263	$("#pg_infos").hide();
		264	$("input[name=db_engine]").click(function()
		265	{
		266	if ( $("#mysql").prop('checked')) {
		267	$("#mysql_infos").show();
		268	$("#pg_infos").hide();
		269	}
		270	else {
		271	if ( $("#postgresql").prop('checked')) {
		272	$("#mysql_infos").hide();
		273	$("#pg_infos").show();
		274	}
		275	else {
		276	$("#mysql_infos").hide();
		277	$("#pg_infos").hide();
		278	}
		279	}
		280	});
		281	</script>
		282	</body>
		283	</html> \ No newline at end of file


diff --git a/themes/baggy/css/messages.css b/themes/baggy/css/messages.css index e69de29b..0cd89a9e 100755 --- a/themes/baggy/css/messages.css +++ b/themes/baggy/css/messages.css
@@ -0,0 +1,19 @@
		1	.messages.error {
		2	border: 1px solid #c42608;
		3	color: #c00 !important;
		4	background: #fff0ef;
		5	text-align: left;
		6	}
		7
		8	.messages.notice {
		9	border: 1px solid #ebcd41;
		10	color: #000;
		11	background: #fffcd3;
		12	text-align: left;
		13	}
		14
		15	.messages.success {
		16	border: 1px solid #6dc70c;
		17	background: #e0fbcc;
		18	text-align: left;
		19	} \ No newline at end of file


diff --git a/wallabag_compatibility_test.php b/wallabag_compatibility_test.php index fd285042..26dce018 100644 --- a/wallabag_compatibility_test.php +++ b/wallabag_compatibility_test.php
@@ -176,7 +176,7 @@ div.chunk {
176	<tbody>	176	<tbody>
177	<tr class="<?php echo ($php_ok) ? 'enabled' : 'disabled'; ?>">	177	<tr class="<?php echo ($php_ok) ? 'enabled' : 'disabled'; ?>">
178	<td>PHP</td>	178	<td>PHP</td>
179	<td>5.2.0 or higher</td>	179	<td>5.3.3 or higher</td>
180	<td><?php echo phpversion(); ?></td>	180	<td><?php echo phpversion(); ?></td>
181	</tr>	181	</tr>
182	<tr class="<?php echo ($xml_ok) ? 'enabled, and sane' : 'disabled, or broken'; ?>">	182	<tr class="<?php echo ($xml_ok) ? 'enabled, and sane' : 'disabled, or broken'; ?>">