aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--composer.json7
-rw-r--r--composer.lock42
-rw-r--r--inc/3rdparty/Session.class.php346
-rw-r--r--inc/3rdparty/paginator.php202
-rw-r--r--inc/poche/FlattrItem.class.php (renamed from inc/3rdparty/FlattrItem.class.php)0
-rwxr-xr-xinc/poche/global.inc.php2
6 files changed, 47 insertions, 552 deletions
diff --git a/composer.json b/composer.json
index 56dea960..32ca9c28 100644
--- a/composer.json
+++ b/composer.json
@@ -30,6 +30,10 @@
30 { 30 {
31 "type": "vcs", 31 "type": "vcs",
32 "url": "https://github.com/wallabag/kriss_php5" 32 "url": "https://github.com/wallabag/kriss_php5"
33 },
34 {
35 "type": "vcs",
36 "url": "https://github.com/wallabag/pagination"
33 } 37 }
34 ], 38 ],
35 "require": { 39 "require": {
@@ -40,6 +44,7 @@
40 "ezyang/htmlpurifier": "dev-master", 44 "ezyang/htmlpurifier": "dev-master",
41 "mgargano/simplehtmldom": "dev-master", 45 "mgargano/simplehtmldom": "dev-master",
42 "wallabag/PHP-Flash-Messages": "dev-master", 46 "wallabag/PHP-Flash-Messages": "dev-master",
43 "wallabag/kriss_php5": "dev-master" 47 "wallabag/kriss_php5": "dev-master",
48 "wallabag/pagination": "dev-master"
44 } 49 }
45} \ No newline at end of file 50} \ No newline at end of file
diff --git a/composer.lock b/composer.lock
index 48df2b16..00d31c5b 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
4 "Read more about it at http://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", 4 "Read more about it at http://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
5 "This file is @generated automatically" 5 "This file is @generated automatically"
6 ], 6 ],
7 "hash": "aaf0d0bb3208c2dfc0b6cc95cbfab5f6", 7 "hash": "01683220c560fe335307baeb1018293c",
8 "packages": [ 8 "packages": [
9 { 9 {
10 "name": "ezyang/htmlpurifier", 10 "name": "ezyang/htmlpurifier",
@@ -1374,6 +1374,43 @@
1374 "time": "2015-01-18 21:21:43" 1374 "time": "2015-01-18 21:21:43"
1375 }, 1375 },
1376 { 1376 {
1377 "name": "wallabag/pagination",
1378 "version": "dev-master",
1379 "source": {
1380 "type": "git",
1381 "url": "https://github.com/wallabag/pagination.git",
1382 "reference": "54e442b31c90e50e331cb8ac400537e0eda30deb"
1383 },
1384 "dist": {
1385 "type": "zip",
1386 "url": "https://api.github.com/repos/wallabag/pagination/zipball/54e442b31c90e50e331cb8ac400537e0eda30deb",
1387 "reference": "54e442b31c90e50e331cb8ac400537e0eda30deb",
1388 "shasum": ""
1389 },
1390 "require": {
1391 "php": ">=5.3.0"
1392 },
1393 "type": "library",
1394 "autoload": {
1395 "files": [
1396 "paginator.php"
1397 ]
1398 },
1399 "authors": [
1400 {
1401 "name": "Nicolas Lœuillet",
1402 "email": "nicolas@loeuillet.org",
1403 "homepage": "http://www.cdetc.fr"
1404 }
1405 ],
1406 "description": "Paginate record sets, not tied in directly to a database.",
1407 "homepage": "https://github.com/wallabag/pagination",
1408 "support": {
1409 "source": "https://github.com/wallabag/pagination/tree/master"
1410 },
1411 "time": "2015-01-19 09:24:39"
1412 },
1413 {
1377 "name": "wallabag/php-flash-messages", 1414 "name": "wallabag/php-flash-messages",
1378 "version": "dev-master", 1415 "version": "dev-master",
1379 "source": { 1416 "source": {
@@ -1428,7 +1465,8 @@
1428 "ezyang/htmlpurifier": 20, 1465 "ezyang/htmlpurifier": 20,
1429 "mgargano/simplehtmldom": 20, 1466 "mgargano/simplehtmldom": 20,
1430 "wallabag/php-flash-messages": 20, 1467 "wallabag/php-flash-messages": 20,
1431 "wallabag/kriss_php5": 20 1468 "wallabag/kriss_php5": 20,
1469 "wallabag/pagination": 20
1432 }, 1470 },
1433 "prefer-stable": false, 1471 "prefer-stable": false,
1434 "prefer-lowest": false, 1472 "prefer-lowest": false,
diff --git a/inc/3rdparty/Session.class.php b/inc/3rdparty/Session.class.php
deleted file mode 100644
index b56e4c54..00000000
--- a/inc/3rdparty/Session.class.php
+++ /dev/null
@@ -1,346 +0,0 @@
1<?php
2/**
3 * Session management class
4 *
5 * http://www.developpez.net/forums/d51943/php/langage/sessions/
6 * http://sebsauvage.net/wiki/doku.php?id=php:session
7 * http://sebsauvage.net/wiki/doku.php?id=php:shaarli
8 *
9 * Features:
10 * - Everything is stored on server-side (we do not trust client-side data,
11 * such as cookie expiration)
12 * - IP addresses are checked on each access to prevent session cookie hijacking
13 * (such as Firesheep)
14 * - Session expires on user inactivity (Session expiration date is
15 * automatically updated everytime the user accesses a page.)
16 * - A unique secret key is generated on server-side for this session
17 * (and never sent over the wire) which can be used to sign forms (HMAC)
18 * (See $_SESSION['uid'])
19 * - Token management to prevent XSRF attacks
20 * - Brute force protection with ban management
21 *
22 * TODOs
23 * - Replace globals with variables in Session class
24 *
25 * How to use:
26 * - http://tontof.net/kriss/php5/session
27 */
28class Session
29{
30 // Personnalize PHP session name
31 public static $sessionName = '';
32 // If the user does not access any page within this time,
33 // his/her session is considered expired (3600 sec. = 1 hour)
34 public static $inactivityTimeout = 3600;
35 // Extra timeout for long sessions (if enabled) (82800 sec. = 23 hours)
36 public static $longSessionTimeout = 7776000; // 7776000 = 90 days
37 // If you get disconnected often or if your IP address changes often.
38 // Let you disable session cookie hijacking protection
39 public static $disableSessionProtection = false;
40 // Ban IP after this many failures.
41 public static $banAfter = 4;
42 // Ban duration for IP address after login failures (in seconds).
43 // (1800 sec. = 30 minutes)
44 public static $banDuration = 1800;
45 // File storage for failures and bans. If empty, no ban management.
46 public static $banFile = '';
47
48 /**
49 * Initialize session
50 */
51 public static function init($longlastingsession = false)
52 {
53 //check if session name is correct
54 if ( (session_id() && !empty(self::$sessionName) && session_name()!=self::$sessionName) || $longlastingsession ) {
55 session_destroy();
56 }
57
58 // Force cookie path (but do not change lifetime)
59 $cookie = session_get_cookie_params();
60 // Default cookie expiration and path.
61 $cookiedir = '';
62 if (dirname($_SERVER['SCRIPT_NAME'])!='/') {
63 $cookiedir = dirname($_SERVER["SCRIPT_NAME"]).'/';
64 }
65 $ssl = false;
66 if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") {
67 $ssl = true;
68 }
69
70 if ( $longlastingsession ) {
71 session_set_cookie_params(self::$longSessionTimeout, $cookiedir, null, $ssl, true);
72 }
73 else {
74 session_set_cookie_params(0, $cookiedir, null, $ssl, true);
75 }
76 //set server side valid session timeout
77 //WARNING! this may not work in shared session environment. See http://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime about min value: it can be set in any application
78 ini_set('session.gc_maxlifetime', self::$longSessionTimeout);
79
80 // Use cookies to store session.
81 ini_set('session.use_cookies', 1);
82 // Force cookies for session (phpsessionID forbidden in URL)
83 ini_set('session.use_only_cookies', 1);
84 if ( !session_id() ) {
85 // Prevent php to use sessionID in URL if cookies are disabled.
86 ini_set('session.use_trans_sid', false);
87 if (!empty(self::$sessionName)) {
88 session_name(self::$sessionName);
89 }
90 session_start();
91 }
92 }
93
94 /**
95 * Returns the IP address
96 * (Used to prevent session cookie hijacking.)
97 *
98 * @return string IP addresses
99 */
100 private static function _allIPs()
101 {
102 $ip = $_SERVER["REMOTE_ADDR"];
103 $ip.= isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? '_'.$_SERVER['HTTP_X_FORWARDED_FOR'] : '';
104 $ip.= isset($_SERVER['HTTP_CLIENT_IP']) ? '_'.$_SERVER['HTTP_CLIENT_IP'] : '';
105
106 return $ip;
107 }
108
109 /**
110 * Check that user/password is correct and then init some SESSION variables.
111 *
112 * @param string $login Login reference
113 * @param string $password Password reference
114 * @param string $loginTest Login to compare with login reference
115 * @param string $passwordTest Password to compare with password reference
116 * @param array $pValues Array of variables to store in SESSION
117 *
118 * @return true|false True if login and password are correct, false
119 * otherwise
120 */
121 public static function login (
122 $login,
123 $password,
124 $loginTest,
125 $passwordTest,
126 $longlastingsession,
127 $pValues = array())
128 {
129 self::banInit();
130 if (self::banCanLogin()) {
131 if ($login === $loginTest && $password === $passwordTest) {
132 self::banLoginOk();
133
134 self::init($longlastingsession);
135
136 // Generate unique random number to sign forms (HMAC)
137 $_SESSION['uid'] = sha1(uniqid('', true).'_'.mt_rand());
138 $_SESSION['ip'] = self::_allIPs();
139 $_SESSION['username'] = $login;
140 // Set session expiration.
141 $_SESSION['expires_on'] = time() + self::$inactivityTimeout;
142 if ($longlastingsession) {
143 $_SESSION['longlastingsession'] = self::$longSessionTimeout;
144 $_SESSION['expires_on'] += $_SESSION['longlastingsession'];
145 }
146
147 foreach ($pValues as $key => $value) {
148 $_SESSION[$key] = $value;
149 }
150
151 return true;
152 }
153 self::banLoginFailed();
154 }
155
156 self::init();
157 return false;
158 }
159
160 /**
161 * Unset SESSION variable to force logout
162 */
163 public static function logout()
164 {
165 // unset($_SESSION['uid'],$_SESSION['ip'],$_SESSION['expires_on'],$_SESSION['tokens'], $_SESSION['login'], $_SESSION['pass'], $_SESSION['longlastingsession'], $_SESSION['poche_user']);
166
167 // Destruction du cookie (le code peut paraître complexe mais c'est pour être certain de reprendre les mêmes paramètres)
168 $args = array_merge(array(session_name(), ''), array_values(session_get_cookie_params()));
169 $args[2] = time() - 3600;
170 call_user_func_array('setcookie', $args);
171 // Suppression physique de la session
172 session_destroy();
173 }
174
175 /**
176 * Make sure user is logged in.
177 *
178 * @return true|false True if user is logged in, false otherwise
179 */
180 public static function isLogged()
181 {
182 if (!isset ($_SESSION['uid'])
183 || (self::$disableSessionProtection === false
184 && $_SESSION['ip'] !== self::_allIPs())
185 || time() >= $_SESSION['expires_on']) {
186 //self::logout();
187
188 return false;
189 }
190 // User accessed a page : Update his/her session expiration date.
191 $_SESSION['expires_on'] = time() + self::$inactivityTimeout;
192 if (!empty($_SESSION['longlastingsession'])) {
193 $_SESSION['expires_on'] += $_SESSION['longlastingsession'];
194 }
195
196 return true;
197 }
198
199 /**
200 * Create a token, store it in SESSION and return it
201 *
202 * @param string $salt to prevent birthday attack
203 *
204 * @return string Token created
205 */
206 public static function getToken($salt = '')
207 {
208 if (!isset($_SESSION['tokens'])) {
209 $_SESSION['tokens']=array();
210 }
211 // We generate a random string and store it on the server side.
212 $rnd = sha1(uniqid('', true).'_'.mt_rand().$salt);
213 $_SESSION['tokens'][$rnd]=1;
214
215 return $rnd;
216 }
217
218 /**
219 * Tells if a token is ok. Using this function will destroy the token.
220 *
221 * @param string $token Token to test
222 *
223 * @return true|false True if token is correct, false otherwise
224 */
225 public static function isToken($token)
226 {
227 if (isset($_SESSION['tokens'][$token])) {
228 unset($_SESSION['tokens'][$token]); // Token is used: destroy it.
229
230 return true; // Token is ok.
231 }
232
233 return false; // Wrong token, or already used.
234 }
235
236 /**
237 * Signal a failed login. Will ban the IP if too many failures:
238 */
239 public static function banLoginFailed()
240 {
241 if (self::$banFile !== '') {
242 $ip = $_SERVER["REMOTE_ADDR"];
243 $gb = $GLOBALS['IPBANS'];
244
245 if (!isset($gb['FAILURES'][$ip])) {
246 $gb['FAILURES'][$ip] = 0;
247 }
248 $gb['FAILURES'][$ip]++;
249 if ($gb['FAILURES'][$ip] > (self::$banAfter - 1)) {
250 $gb['BANS'][$ip]= time() + self::$banDuration;
251 }
252
253 $GLOBALS['IPBANS'] = $gb;
254 file_put_contents(self::$banFile, "<?php\n\$GLOBALS['IPBANS']=".var_export($gb, true).";\n?>");
255 }
256 }
257
258 /**
259 * Signals a successful login. Resets failed login counter.
260 */
261 public static function banLoginOk()
262 {
263 if (self::$banFile !== '') {
264 $ip = $_SERVER["REMOTE_ADDR"];
265 $gb = $GLOBALS['IPBANS'];
266 unset($gb['FAILURES'][$ip]); unset($gb['BANS'][$ip]);
267 $GLOBALS['IPBANS'] = $gb;
268 file_put_contents(self::$banFile, "<?php\n\$GLOBALS['IPBANS']=".var_export($gb, true).";\n?>");
269 }
270 }
271
272 /**
273 * Ban init
274 */
275 public static function banInit()
276 {
277 if (self::$banFile !== '') {
278 if (!is_file(self::$banFile)) {
279 file_put_contents(self::$banFile, "<?php\n\$GLOBALS['IPBANS']=".var_export(array('FAILURES'=>array(), 'BANS'=>array()), true).";\n?>");
280 }
281 include self::$banFile;
282 }
283 }
284
285 /**
286 * Checks if the user CAN login. If 'true', the user can try to login.
287 *
288 * @return boolean true if user is banned, false otherwise
289 */
290 public static function banCanLogin()
291 {
292 if (self::$banFile !== '') {
293 $ip = $_SERVER["REMOTE_ADDR"];
294 $gb = $GLOBALS['IPBANS'];
295 if (isset($gb['BANS'][$ip])) {
296 // User is banned. Check if the ban has expired:
297 if ($gb['BANS'][$ip] <= time()) {
298 // Ban expired, user can try to login again.
299 unset($gb['FAILURES'][$ip]);
300 unset($gb['BANS'][$ip]);
301 file_put_contents(self::$banFile, "<?php\n\$GLOBALS['IPBANS']=".var_export($gb, true).";\n?>");
302
303 return true; // Ban has expired, user can login.
304 }
305
306 return false; // User is banned.
307 }
308 }
309
310 return true; // User is not banned.
311 }
312
313
314 /**
315 * Tells if a param exists in session
316 *
317 * @param $name name of the param to test
318 * @return bool
319 */
320 public static function isInSession($name)
321 {
322 return (isset($_SESSION[$name]) ? : FALSE);
323 }
324
325 /**
326 * Returns param in session
327 *
328 * @param $name name of the param to return
329 * @return mixed param or null
330 */
331 public static function getParam($name)
332 {
333 return (self::isInSession($name) ? $_SESSION[$name] : NULL);
334 }
335
336 /**
337 * Store value in session
338 *
339 * @param $name name of the variable to store
340 * @param $value value to store
341 */
342 public static function setParam($name, $value)
343 {
344 $_SESSION[$name] = $value;
345 }
346}
diff --git a/inc/3rdparty/paginator.php b/inc/3rdparty/paginator.php
deleted file mode 100644
index 306756c0..00000000
--- a/inc/3rdparty/paginator.php
+++ /dev/null
@@ -1,202 +0,0 @@
1<?php
2/*
3 * PHP Pagination Class
4 *
5 * @author David Carr - dave@daveismyname.com - http://www.daveismyname.com
6 * @version 1.0
7 * @date October 20, 2013
8 */
9class Paginator{
10
11 /**
12 * set the number of items per page.
13 *
14 * @var numeric
15 */
16 private $_perPage;
17
18 /**
19 * set get parameter for fetching the page number
20 *
21 * @var string
22 */
23 private $_instance;
24
25 /**
26 * sets the page number.
27 *
28 * @var numeric
29 */
30 private $_page;
31
32 /**
33 * set the limit for the data source
34 *
35 * @var string
36 */
37 private $_limit;
38
39 /**
40 * set the total number of records/items.
41 *
42 * @var numeric
43 */
44 private $_totalRows = 0;
45
46
47
48 /**
49 * __construct
50 *
51 * pass values when class is istantiated
52 *
53 * @param numeric $_perPage sets the number of iteems per page
54 * @param numeric $_instance sets the instance for the GET parameter
55 */
56 public function __construct($perPage,$instance){
57 $this->_instance = $instance;
58 $this->_perPage = $perPage;
59 $this->set_instance();
60 }
61
62 /**
63 * get_start
64 *
65 * creates the starting point for limiting the dataset
66 * @return numeric
67 */
68 private function get_start(){
69 return ($this->_page * $this->_perPage) - $this->_perPage;
70 }
71
72 /**
73 * set_instance
74 *
75 * sets the instance parameter, if numeric value is 0 then set to 1
76 *
77 * @var numeric
78 */
79 private function set_instance(){
80 $this->_page = (int) (!isset($_GET[$this->_instance]) ? 1 : $_GET[$this->_instance]);
81 $this->_page = ($this->_page == 0 ? 1 : $this->_page);
82 }
83
84 /**
85 * set_total
86 *
87 * collect a numberic value and assigns it to the totalRows
88 *
89 * @var numeric
90 */
91 public function set_total($_totalRows){
92 $this->_totalRows = $_totalRows;
93 }
94
95 /**
96 * get_limit
97 *
98 * returns the limit for the data source, calling the get_start method and passing in the number of items perp page
99 *
100 * @return string
101 */
102 public function get_limit(){
103 if (STORAGE == 'postgres') {
104 return "LIMIT ".$this->_perPage." OFFSET ".$this->get_start();
105 } else {
106 return "LIMIT ".$this->get_start().",".$this->_perPage;
107 }
108 }
109
110 /**
111 * page_links
112 *
113 * create the html links for navigating through the dataset
114 *
115 * @var sting $path optionally set the path for the link
116 * @var sting $ext optionally pass in extra parameters to the GET
117 * @return string returns the html menu
118 */
119 public function page_links($path='?',$ext=null)
120 {
121 $adjacents = "2";
122 $prev = $this->_page - 1;
123 $next = $this->_page + 1;
124 $lastpage = ceil($this->_totalRows/$this->_perPage);
125 $lpm1 = $lastpage - 1;
126
127 $pagination = "";
128 if($lastpage > 1)
129 {
130 $pagination .= "<div class='pagination'>";
131 if ($this->_page > 1)
132 $pagination.= "<a href='".$path."$this->_instance=$prev"."$ext'>« previous</a>";
133 else
134 $pagination.= "<span class='disabled'>« previous</span>";
135
136 if ($lastpage < 7 + ($adjacents * 2))
137 {
138 for ($counter = 1; $counter <= $lastpage; $counter++)
139 {
140 if ($counter == $this->_page)
141 $pagination.= "<span class='current'>$counter</span>";
142 else
143 $pagination.= "<a href='".$path."$this->_instance=$counter"."$ext'>$counter</a>";
144 }
145 }
146 elseif($lastpage > 5 + ($adjacents * 2))
147 {
148 if($this->_page < 1 + ($adjacents * 2))
149 {
150 for ($counter = 1; $counter < 4 + ($adjacents * 2); $counter++)
151 {
152 if ($counter == $this->_page)
153 $pagination.= "<span class='current'>$counter</span>";
154 else
155 $pagination.= "<a href='".$path."$this->_instance=$counter"."$ext'>$counter</a>";
156 }
157 $pagination.= "...";
158 $pagination.= "<a href='".$path."$this->_instance=$lpm1"."$ext'>$lpm1</a>";
159 $pagination.= "<a href='".$path."$this->_instance=$lastpage"."$ext'>$lastpage</a>";
160 }
161 elseif($lastpage - ($adjacents * 2) > $this->_page && $this->_page > ($adjacents * 2))
162 {
163 $pagination.= "<a href='".$path."$this->_instance=1"."$ext'>1</a>";
164 $pagination.= "<a href='".$path."$this->_instance=2"."$ext'>2</a>";
165 $pagination.= "...";
166 for ($counter = $this->_page - $adjacents; $counter <= $this->_page + $adjacents; $counter++)
167 {
168 if ($counter == $this->_page)
169 $pagination.= "<span class='current'>$counter</span>";
170 else
171 $pagination.= "<a href='".$path."$this->_instance=$counter"."$ext'>$counter</a>";
172 }
173 $pagination.= "..";
174 $pagination.= "<a href='".$path."$this->_instance=$lpm1"."$ext'>$lpm1</a>";
175 $pagination.= "<a href='".$path."$this->_instance=$lastpage"."$ext'>$lastpage</a>";
176 }
177 else
178 {
179 $pagination.= "<a href='".$path."$this->_instance=1"."$ext'>1</a>";
180 $pagination.= "<a href='".$path."$this->_instance=2"."$ext'>2</a>";
181 $pagination.= "..";
182 for ($counter = $lastpage - (2 + ($adjacents * 2)); $counter <= $lastpage; $counter++)
183 {
184 if ($counter == $this->_page)
185 $pagination.= "<span class='current'>$counter</span>";
186 else
187 $pagination.= "<a href='".$path."$this->_instance=$counter"."$ext'>$counter</a>";
188 }
189 }
190 }
191
192 if ($this->_page < $counter - 1)
193 $pagination.= "<a href='".$path."$this->_instance=$next"."$ext'>next »</a>";
194 else
195 $pagination.= "<span class='disabled'>next »</span>";
196 $pagination.= "</div>\n";
197 }
198
199
200 return $pagination;
201 }
202}
diff --git a/inc/3rdparty/FlattrItem.class.php b/inc/poche/FlattrItem.class.php
index ef8c62f7..ef8c62f7 100644
--- a/inc/3rdparty/FlattrItem.class.php
+++ b/inc/poche/FlattrItem.class.php
diff --git a/inc/poche/global.inc.php b/inc/poche/global.inc.php
index 4d119456..c17d54e6 100755
--- a/inc/poche/global.inc.php
+++ b/inc/poche/global.inc.php
@@ -29,7 +29,7 @@ require_once INCLUDES . '/3rdparty/paginator.php';
29 29
30require_once INCLUDES . '/3rdparty/libraries/feedwriter/FeedItem.php'; 30require_once INCLUDES . '/3rdparty/libraries/feedwriter/FeedItem.php';
31require_once INCLUDES . '/3rdparty/libraries/feedwriter/FeedWriter.php'; 31require_once INCLUDES . '/3rdparty/libraries/feedwriter/FeedWriter.php';
32require_once INCLUDES . '/3rdparty/FlattrItem.class.php'; 32require_once INCLUDES . '/poche/FlattrItem.class.php';
33 33
34# epub library 34# epub library
35require_once INCLUDES . '/3rdparty/libraries/PHPePub/Logger.php'; 35require_once INCLUDES . '/3rdparty/libraries/PHPePub/Logger.php';