Exemple #1
function buildLinkList($PAGE, $LINKSDB)
    // ---- Filter link database according to parameters
    $search_type = '';
    $search_crits = '';
    $privateonly = !empty($_SESSION['privateonly']) ? true : false;
    // Fulltext search
    if (isset($_GET['searchterm'])) {
        $search_crits = escape(trim($_GET['searchterm']));
        $search_type = LinkFilter::$FILTER_TEXT;
        $linksToDisplay = $LINKSDB->filter($search_type, $search_crits, false, $privateonly);
    } elseif (isset($_GET['searchtags'])) {
        $search_crits = explode(' ', escape(trim($_GET['searchtags'])));
        $search_type = LinkFilter::$FILTER_TAG;
        $linksToDisplay = $LINKSDB->filter($search_type, $search_crits, false, $privateonly);
    } elseif (isset($_SERVER['QUERY_STRING']) && preg_match('/[a-zA-Z0-9-_@]{6}(&.+?)?/', $_SERVER['QUERY_STRING'])) {
        $search_type = LinkFilter::$FILTER_HASH;
        $search_crits = substr(trim($_SERVER["QUERY_STRING"], '/'), 0, 6);
        $linksToDisplay = $LINKSDB->filter($search_type, $search_crits);
        if (count($linksToDisplay) == 0) {
            header($_SERVER['SERVER_PROTOCOL'] . ' 404 Not Found');
            echo '<h1>404 Not found.</h1>Oh crap.
                  The link you are trying to reach does not exist or has been deleted.';
            echo '<br>Would you mind <a href="?">clicking here</a>?';
    } else {
        $linksToDisplay = $LINKSDB->filter('', '', false, $privateonly);
    // ---- Handle paging.
    $keys = array();
    foreach ($linksToDisplay as $key => $value) {
        $keys[] = $key;
    // If there is only a single link, we change on-the-fly the title of the page.
    if (count($linksToDisplay) == 1) {
        $GLOBALS['pagetitle'] = $linksToDisplay[$keys[0]]['title'] . ' - ' . $GLOBALS['title'];
    // Select articles according to paging.
    $pagecount = ceil(count($keys) / $_SESSION['LINKS_PER_PAGE']);
    $pagecount = $pagecount == 0 ? 1 : $pagecount;
    $page = empty($_GET['page']) ? 1 : intval($_GET['page']);
    $page = $page < 1 ? 1 : $page;
    $page = $page > $pagecount ? $pagecount : $page;
    // Start index.
    $i = ($page - 1) * $_SESSION['LINKS_PER_PAGE'];
    $end = $i + $_SESSION['LINKS_PER_PAGE'];
    $linkDisp = array();
    while ($i < $end && $i < count($keys)) {
        $link = $linksToDisplay[$keys[$i]];
        $link['description'] = format_description($link['description'], $GLOBALS['redirector']);
        $classLi = $i % 2 != 0 ? '' : 'publicLinkHightLight';
        $link['class'] = $link['private'] == 0 ? $classLi : 'private';
        $link['timestamp'] = linkdate2timestamp($link['linkdate']);
        $taglist = explode(' ', $link['tags']);
        uasort($taglist, 'strcasecmp');
        $link['taglist'] = $taglist;
        $link['shorturl'] = smallHash($link['linkdate']);
        // Check for both signs of a note: starting with ? and 7 chars long.
        if ($link['url'][0] === '?' && strlen($link['url']) === 7) {
            $link['url'] = index_url($_SERVER) . $link['url'];
        $linkDisp[$keys[$i]] = $link;
    // Compute paging navigation
    $searchterm = empty($_GET['searchterm']) ? '' : '&searchterm=' . $_GET['searchterm'];
    $searchtags = empty($_GET['searchtags']) ? '' : '&searchtags=' . $_GET['searchtags'];
    $previous_page_url = '';
    if ($i != count($keys)) {
        $previous_page_url = '?page=' . ($page + 1) . $searchterm . $searchtags;
    $next_page_url = '';
    if ($page > 1) {
        $next_page_url = '?page=' . ($page - 1) . $searchterm . $searchtags;
    $token = '';
    if (isLoggedIn()) {
        $token = getToken();
    // Fill all template fields.
    $data = array('linkcount' => count($LINKSDB), 'previous_page_url' => $previous_page_url, 'next_page_url' => $next_page_url, 'page_current' => $page, 'page_max' => $pagecount, 'result_count' => count($linksToDisplay), 'search_type' => $search_type, 'search_crits' => $search_crits, 'redirector' => empty($GLOBALS['redirector']) ? '' : $GLOBALS['redirector'], 'token' => $token, 'links' => $linkDisp, 'tags' => $LINKSDB->allTags());
    // FIXME! temporary fix - see #399.
    if (!empty($GLOBALS['pagetitle']) && count($linkDisp) == 1) {
        $data['pagetitle'] = $GLOBALS['pagetitle'];
    $pluginManager = PluginManager::getInstance();
    $pluginManager->executeHooks('render_linklist', $data, array('loggedin' => isLoggedIn()));
    foreach ($data as $key => $value) {
        $PAGE->assign($key, $value);
function renderPage()
    $LINKSDB = new linkdb(isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI']);
    // Read links from database (and filter private links if used it not logged in).
    // -------- Display login form.
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=login')) {
        if ($GLOBALS['config']['OPEN_SHAARLI']) {
            header('Location: ?');
        // No need to login for open Shaarli
        $token = '';
        if (ban_canLogin()) {
            $token = getToken();
        // Do not waste token generation if not useful.
        $PAGE = new pageBuilder();
        $PAGE->assign('token', $token);
        $PAGE->assign('returnurl', isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '');
    // -------- User wants to logout.
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=logout')) {
        header('Location: ?');
    // -------- Picture wall
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=picwall')) {
        // Optionnaly filter the results:
        $links = array();
        if (!empty($_GET['searchterm'])) {
            $links = $LINKSDB->filterFulltext($_GET['searchterm']);
        } elseif (!empty($_GET['searchtags'])) {
            $links = $LINKSDB->filterTags(trim($_GET['searchtags']));
        } else {
            $links = $LINKSDB;
        $body = '';
        $linksToDisplay = array();
        // Get only links which have a thumbnail.
        foreach ($links as $link) {
            $permalink = '?' . htmlspecialchars(smallhash($link['linkdate']), ENT_QUOTES);
            $thumb = lazyThumbnail($link['url'], $permalink);
            if ($thumb != '') {
                $link['thumbnail'] = $thumb;
                // Thumbnail HTML code.
                $link['permalink'] = $permalink;
                $linksToDisplay[] = $link;
                // Add to array.
        $PAGE = new pageBuilder();
        $PAGE->assign('linkcount', count($LINKSDB));
        $PAGE->assign('linksToDisplay', $linksToDisplay);
    // -------- Tag cloud
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=tagcloud')) {
        $tags = $LINKSDB->allTags();
        // We sort tags alphabetically, then choose a font size according to count.
        // First, find max value.
        $maxcount = 0;
        foreach ($tags as $key => $value) {
            $maxcount = max($maxcount, $value);
        $tagList = array();
        foreach ($tags as $key => $value) {
            $tagList[$key] = array('count' => $value, 'size' => max(40 * $value / $maxcount, 8));
        $PAGE = new pageBuilder();
        $PAGE->assign('linkcount', count($LINKSDB));
        $PAGE->assign('tags', $tagList);
    // -------- User clicks on a tag in a link: The tag is added to the list of searched tags (searchtags=...)
    if (isset($_GET['addtag'])) {
        // Get previous URL (http_referer) and add the tag to the searchtags parameters in query.
        if (empty($_SERVER['HTTP_REFERER'])) {
            header('Location: ?searchtags=' . urlencode($_GET['addtag']));
        // In case browser does not send HTTP_REFERER
        parse_str(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY), $params);
        $params['searchtags'] = empty($params['searchtags']) ? trim($_GET['addtag']) : trim($params['searchtags']) . ' ' . trim($_GET['addtag']);
        // We also remove page (keeping the same page has no sense, since the results are different)
        header('Location: ?' . http_build_query($params));
    // -------- User clicks on a tag in result count: Remove the tag from the list of searched tags (searchtags=...)
    if (isset($_GET['removetag'])) {
        // Get previous URL (http_referer) and remove the tag from the searchtags parameters in query.
        if (empty($_SERVER['HTTP_REFERER'])) {
            header('Location: ?');
        // In case browser does not send HTTP_REFERER
        parse_str(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY), $params);
        if (isset($params['searchtags'])) {
            $tags = explode(' ', $params['searchtags']);
            $tags = array_diff($tags, array($_GET['removetag']));
            // Remove value from array $tags.
            if (count($tags) == 0) {
            } else {
                $params['searchtags'] = implode(' ', $tags);
            // We also remove page (keeping the same page has no sense, since the results are different)
        header('Location: ?' . http_build_query($params));
    // -------- User wants to change the number of links per page (linksperpage=...)
    if (isset($_GET['linksperpage'])) {
        if (is_numeric($_GET['linksperpage'])) {
            $_SESSION['LINKS_PER_PAGE'] = abs(intval($_GET['linksperpage']));
        header('Location: ' . (empty($_SERVER['HTTP_REFERER']) ? '?' : $_SERVER['HTTP_REFERER']));
    // -------- User wants to see only private links (toggle)
    if (isset($_GET['privateonly'])) {
        if (empty($_SESSION['privateonly'])) {
            $_SESSION['privateonly'] = 1;
            // See only private links
        } else {
            // See all links
        header('Location: ' . (empty($_SERVER['HTTP_REFERER']) ? '?' : $_SERVER['HTTP_REFERER']));
    // --------- Weekly (all links form a specific week) ----------------------
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=weekly')) {
        $day_to_publish = 1;
        // 1 for monday, 7 for sunday
        $day_of_the_week = Date('N') - $day_to_publish;
        $week = Date('Ymd', time() - 3600 * 24 * $day_of_the_week);
        // one week ago
        if (isset($_GET['week'])) {
            $weektime = mktime(0, 0, 0, substr($_GET['week'], 4, 2), substr($_GET['week'], 6, 2), substr($_GET['week'], 0, 4));
            $day_of_the_week = Date('N', $weektime) - $day_to_publish;
            $week = Date('Ymd', $weektime - 3600 * 24 * $day_of_the_week);
            // one week ago
        $previousweek = Date('Ymd', strtotime('-7 days', strtotime($week)));
        $nextweek = Date('Ymd', strtotime('+7 days', strtotime($week)));
        $linksToDisplay = $LINKSDB->filterWeek($week);
        // We pre-format some fields for proper output.
        foreach ($linksToDisplay as $key => $link) {
            $linksToDisplay[$key]['taglist'] = explode(' ', $link['tags']);
            $linksToDisplay[$key]['formatedDescription'] = nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($link['description']))));
            $linksToDisplay[$key]['thumbnail'] = thumbnail($link['url']);
        /* We need to spread the articles on 3 columns.
              I did not want to use a javascript lib like http://masonry.desandro.com/
              so I manually spread entries with a simple method: I roughly evaluate the 
              height of a div according to title and description length.
        $columns = array(array(), array(), array());
        // Entries to display, for each column.
        $fill = array(0, 0, 0);
        // Rough estimate of columns fill.
        foreach ($linksToDisplay as $key => $link) {
            // Roughly estimate length of entry (by counting characters)
            // Title: 30 chars = 1 line. 1 line is 30 pixels height.
            // Description: 836 characters gives roughly 342 pixel height.
            // This is not perfect, but it's usually ok.
            $length = strlen($link['title']) + 342 * strlen($link['description']) / 836;
            if ($link['thumbnail']) {
                $length += 100;
            // 1 thumbnails roughly takes 100 pixels height.
            // Then put in column which is the less filled:
            $smallest = min($fill);
            // find smallest value in array.
            $index = array_search($smallest, $fill);
            // find index of this smallest value.
            array_push($columns[$index], $link);
            // Put entry in this column.
            $fill[$index] += $length;
        $PAGE = new pageBuilder();
        $PAGE->assign('linksToDisplay', $linksToDisplay);
        $PAGE->assign('col1', $columns[0]);
        $PAGE->assign('col2', $columns[1]);
        $PAGE->assign('col3', $columns[2]);
        $PAGE->assign('week', utf8_encode(strftime('%A %d, %B %Y', linkdate2timestamp($week . '_000000'))));
        $PAGE->assign('previousweek', $previousweek);
        $PAGE->assign('nextweek', $nextweek);
    // --------- Monthly (all links form a specific month) ----------------------
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=monthly')) {
        $month = Date('Ym', strtotime('-1 month'));
        // Previous month, in format YYYYMM.
        if (isset($_GET['month'])) {
            $month = $_GET['month'];
        $months = $LINKSDB->months();
        $i = array_search($month, $months);
        if ($i === false) {
            $i = count($months) - 1;
            $month = $months[$i];
        $previousmonth = '';
        $nextmonth = '';
        if ($i !== false) {
            if ($i >= 1) {
                $previousmonth = $months[$i - 1];
            if ($i < count($months) - 1) {
                $nextmonth = $months[$i + 1];
        $linksToDisplay = $LINKSDB->filterMonth($month);
        // We pre-format some fields for proper output.
        foreach ($linksToDisplay as $key => $link) {
            $linksToDisplay[$key]['taglist'] = explode(' ', $link['tags']);
            $linksToDisplay[$key]['formatedDescription'] = nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($link['description']))));
            $linksToDisplay[$key]['thumbnail'] = thumbnail($link['url']);
        /* We need to spread the articles on 3 columns.
              I did not want to use a javascript lib like http://masonry.desandro.com/
              so I manually spread entries with a simple method: I roughly evaluate the 
              height of a div according to title and description length.
        $columns = array(array(), array(), array());
        // Entries to display, for each column.
        $fill = array(0, 0, 0);
        // Rough estimate of columns fill.
        foreach ($linksToDisplay as $key => $link) {
            // Roughly estimate length of entry (by counting characters)
            // Title: 30 chars = 1 line. 1 line is 30 pixels height.
            // Description: 836 characters gives roughly 342 pixel height.
            // This is not perfect, but it's usually ok.
            $length = strlen($link['title']) + 342 * strlen($link['description']) / 836;
            if ($link['thumbnail']) {
                $length += 100;
            // 1 thumbnails roughly takes 100 pixels height.
            // Then put in column which is the less filled:
            $smallest = min($fill);
            // find smallest value in array.
            $index = array_search($smallest, $fill);
            // find index of this smallest value.
            array_push($columns[$index], $link);
            // Put entry in this column.
            $fill[$index] += $length;
        $PAGE = new pageBuilder();
        $PAGE->assign('linksToDisplay', $linksToDisplay);
        $PAGE->assign('col1', $columns[0]);
        $PAGE->assign('col2', $columns[1]);
        $PAGE->assign('col3', $columns[2]);
        $PAGE->assign('month', utf8_encode(strftime('%B %Y', linkdate2timestamp($month . '01_000000'))));
        $PAGE->assign('previousmonth', $previousmonth);
        $PAGE->assign('nextmonth', $nextmonth);
    // -------- Handle other actions allowed for non-logged in users:
    if (!isLoggedIn()) {
        // User tries to post new link but is not loggedin:
        // Show login screen, then redirect to ?post=...
        if (isset($_GET['post'])) {
            header('Location: ?do=login&post=' . urlencode($_GET['post']) . (!empty($_GET['title']) ? '&title=' . urlencode($_GET['title']) : '') . (!empty($_GET['source']) ? '&source=' . urlencode($_GET['source']) : ''));
            // Redirect to login page, then back to post link.
        $PAGE = new pageBuilder();
        buildLinkList($PAGE, $LINKSDB);
        // Compute list of links to display
        // Never remove this one ! All operations below are reserved for logged in user.
    // -------- All other functions are reserved for the registered user:
    // -------- Display the Tools menu if requested (import/export/bookmarklet...)
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=tools')) {
        $PAGE = new pageBuilder();
        $PAGE->assign('linkcount', count($LINKSDB));
        $PAGE->assign('pageabsaddr', indexUrl());
    // -------- User wants to change his/her password.
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=changepasswd')) {
        if ($GLOBALS['config']['OPEN_SHAARLI']) {
            die('You are not supposed to change a password on an Open Shaarli.');
        if (!empty($_POST['setpassword']) && !empty($_POST['oldpassword'])) {
            if (!tokenOk($_POST['token'])) {
                die('Wrong token.');
            // Go away !
            // Make sure old password is correct.
            $oldhash = sha1($_POST['oldpassword'] . $GLOBALS['login'] . $GLOBALS['salt']);
            if ($oldhash != $GLOBALS['hash']) {
                echo '<script language="JavaScript">alert("The old password is not correct.");document.location=\'?do=changepasswd\';</script>';
            // Save new password
            $GLOBALS['salt'] = sha1(uniqid('', true) . '_' . mt_rand());
            // Salt renders rainbow-tables attacks useless.
            $GLOBALS['hash'] = sha1($_POST['setpassword'] . $GLOBALS['login'] . $GLOBALS['salt']);
            echo '<script language="JavaScript">alert("Your password has been changed.");document.location=\'?do=tools\';</script>';
        } else {
            $PAGE = new pageBuilder();
            $PAGE->assign('linkcount', count($LINKSDB));
            $PAGE->assign('token', getToken());
    // -------- User wants to change configuration
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=configure')) {
        if (!empty($_POST['title'])) {
            if (!tokenOk($_POST['token'])) {
                die('Wrong token.');
            // Go away !
            $tz = 'UTC';
            if (!empty($_POST['continent']) && !empty($_POST['city'])) {
                if (isTZvalid($_POST['continent'], $_POST['city'])) {
                    $tz = $_POST['continent'] . '/' . $_POST['city'];
            $GLOBALS['timezone'] = $tz;
            $GLOBALS['title'] = $_POST['title'];
            $GLOBALS['redirector'] = $_POST['redirector'];
            $GLOBALS['disablesessionprotection'] = !empty($_POST['disablesessionprotection']);
            echo '<script language="JavaScript">alert("Configuration was saved.");document.location=\'?do=tools\';</script>';
        } else {
            $PAGE = new pageBuilder();
            $PAGE->assign('linkcount', count($LINKSDB));
            $PAGE->assign('token', getToken());
            $PAGE->assign('title', htmlspecialchars(empty($GLOBALS['title']) ? '' : $GLOBALS['title'], ENT_QUOTES));
            $PAGE->assign('redirector', htmlspecialchars(empty($GLOBALS['redirector']) ? '' : $GLOBALS['redirector'], ENT_QUOTES));
            list($timezone_form, $timezone_js) = templateTZform($GLOBALS['timezone']);
            $PAGE->assign('timezone_form', $timezone_form);
            // FIXME: put entire tz form generation in template ?
            $PAGE->assign('timezone_js', $timezone_js);
    // -------- User wants to rename a tag or delete it
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=changetag')) {
        if (empty($_POST['fromtag'])) {
            $PAGE = new pageBuilder();
            $PAGE->assign('linkcount', count($LINKSDB));
            $PAGE->assign('token', getToken());
        if (!tokenOk($_POST['token'])) {
            die('Wrong token.');
        // Delete a tag:
        if (!empty($_POST['deletetag']) && !empty($_POST['fromtag'])) {
            $needle = trim($_POST['fromtag']);
            $linksToAlter = $LINKSDB->filterTags($needle, true);
            // true for case-sensitive tag search.
            foreach ($linksToAlter as $key => $value) {
                $tags = explode(' ', trim($value['tags']));
                unset($tags[array_search($needle, $tags)]);
                // Remove tag.
                $value['tags'] = trim(implode(' ', $tags));
                $LINKSDB[$key] = $value;
            // save to disk
            echo '<script language="JavaScript">alert("Tag was removed from ' . count($linksToAlter) . ' links.");document.location=\'?\';</script>';
        // Rename a tag:
        if (!empty($_POST['renametag']) && !empty($_POST['fromtag']) && !empty($_POST['totag'])) {
            $needle = trim($_POST['fromtag']);
            $linksToAlter = $LINKSDB->filterTags($needle, true);
            // true for case-sensitive tag search.
            foreach ($linksToAlter as $key => $value) {
                $tags = explode(' ', trim($value['tags']));
                $tags[array_search($needle, $tags)] = trim($_POST['totag']);
                // Remplace tags value.
                $value['tags'] = trim(implode(' ', $tags));
                $LINKSDB[$key] = $value;
            // save to disk
            echo '<script language="JavaScript">alert("Tag was renamed in ' . count($linksToAlter) . ' links.");document.location=\'?searchtags=' . urlencode($_POST['totag']) . '\';</script>';
    // -------- User wants to add a link without using the bookmarklet: show form.
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=addlink')) {
        $PAGE = new pageBuilder();
        $PAGE->assign('linkcount', count($LINKSDB));
    // -------- User clicked the "Save" button when editing a link: Save link to database.
    if (isset($_POST['save_edit'])) {
        if (!tokenOk($_POST['token'])) {
            die('Wrong token.');
        // Go away !
        $tags = trim(preg_replace('/\\s\\s+/', ' ', $_POST['lf_tags']));
        // Remove multiple spaces.
        $linkdate = $_POST['lf_linkdate'];
        $link = array('title' => trim($_POST['lf_title']), 'url' => trim($_POST['lf_url']), 'description' => trim($_POST['lf_description']), 'private' => isset($_POST['lf_private']) ? 1 : 0, 'linkdate' => $linkdate, 'tags' => str_replace(',', ' ', $tags));
        if ($link['title'] == '') {
            $link['title'] = $link['url'];
        // If title is empty, use the URL as title.
        $LINKSDB[$linkdate] = $link;
        // save to disk
        // If we are called from the bookmarklet, we must close the popup:
        if (isset($_GET['source']) && $_GET['source'] == 'bookmarklet') {
            echo '<script language="JavaScript">self.close();</script>';
        $returnurl = isset($_POST['returnurl']) ? $_POST['returnurl'] : '?';
        header('Location: ' . $returnurl);
        // After saving the link, redirect to the page the user was on.
    // -------- User clicked the "Cancel" button when editing a link.
    if (isset($_POST['cancel_edit'])) {
        // If we are called from the bookmarklet, we must close the popup;
        if (isset($_GET['source']) && $_GET['source'] == 'bookmarklet') {
            echo '<script language="JavaScript">self.close();</script>';
        $returnurl = isset($_POST['returnurl']) ? $_POST['returnurl'] : '?';
        header('Location: ' . $returnurl);
        // After canceling, redirect to the page the user was on.
    // -------- User clicked the "Delete" button when editing a link : Delete link from database.
    if (isset($_POST['delete_link'])) {
        if (!tokenOk($_POST['token'])) {
            die('Wrong token.');
        // We do not need to ask for confirmation:
        // - confirmation is handled by javascript
        // - we are protected from XSRF by the token.
        $linkdate = $_POST['lf_linkdate'];
        // save to disk
        // If we are called from the bookmarklet, we must close the popup:
        if (isset($_GET['source']) && $_GET['source'] == 'bookmarklet') {
            echo '<script language="JavaScript">self.close();</script>';
        $returnurl = isset($_POST['returnurl']) ? $_POST['returnurl'] : '?';
        if ($returnurl == '?') {
            $returnurl = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '?';
        header('Location: ' . $returnurl);
        // After deleting the link, redirect to the page the user was on.
    // -------- User clicked the "EDIT" button on a link: Display link edit form.
    if (isset($_GET['edit_link'])) {
        $link = $LINKSDB[$_GET['edit_link']];
        // Read database
        if (!$link) {
            header('Location: ?');
        // Link not found in database.
        $PAGE = new pageBuilder();
        $PAGE->assign('linkcount', count($LINKSDB));
        $PAGE->assign('link', $link);
        $PAGE->assign('link_is_new', false);
        $PAGE->assign('token', getToken());
        // XSRF protection.
        $PAGE->assign('http_referer', isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '');
    // -------- User want to post a new link: Display link edit form.
    if (isset($_GET['post'])) {
        $url = $_GET['post'];
        // We remove the annoying parameters added by FeedBurner and GoogleFeedProxy (?utm_source=...)
        $i = strpos($url, '&utm_source=');
        if ($i !== false) {
            $url = substr($url, 0, $i);
        $i = strpos($url, '?utm_source=');
        if ($i !== false) {
            $url = substr($url, 0, $i);
        $i = strpos($url, '#xtor=RSS-');
        if ($i !== false) {
            $url = substr($url, 0, $i);
        $link_is_new = false;
        $link = $LINKSDB->getLinkFromUrl($url);
        // Check if URL is not already in database (in this case, we will edit the existing link)
        if (!$link) {
            $link_is_new = true;
            // This is a new link
            $linkdate = strval(date('Ymd_His'));
            $title = empty($_GET['title']) ? '' : $_GET['title'];
            // Get title if it was provided in URL (by the bookmarklet).
            $description = '';
            $tags = '';
            $private = 0;
            if ($url != '' && parse_url($url, PHP_URL_SCHEME) == '') {
                $url = 'http://' . $url;
            // If this is an HTTP link, we try go get the page to extact the title (otherwise we will to straight to the edit form.)
            if (empty($title) && parse_url($url, PHP_URL_SCHEME) == 'http') {
                list($status, $headers, $data) = getHTTP($url, 4);
                // Short timeout to keep the application responsive.
                // FIXME: Decode charset according to specified in either 1) HTTP response headers or 2) <head> in html
                if (strpos($status, '200 OK') !== false) {
                    $title = html_entity_decode(html_extract_title($data), ENT_QUOTES, 'UTF-8');
            if ($url == '') {
                $url = '?' . smallHash($linkdate);
            // In case of empty URL, this is just a text (with a link that point to itself)
            $link = array('linkdate' => $linkdate, 'title' => $title, 'url' => $url, 'description' => $description, 'tags' => $tags, 'private' => 0);
        $PAGE = new pageBuilder();
        $PAGE->assign('linkcount', count($LINKSDB));
        $PAGE->assign('link', $link);
        $PAGE->assign('link_is_new', $link_is_new);
        $PAGE->assign('token', getToken());
        // XSRF protection.
        $PAGE->assign('http_referer', isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '');
    // -------- Export as Netscape Bookmarks HTML file.
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=export')) {
        if (empty($_GET['what'])) {
            $PAGE = new pageBuilder();
            $PAGE->assign('linkcount', count($LINKSDB));
        $exportWhat = $_GET['what'];
        if (!array_intersect(array('all', 'public', 'private'), array($exportWhat))) {
            die('What are you trying to export ???');
        header('Content-Type: text/html; charset=utf-8');
        header('Content-disposition: attachment; filename=bookmarks_' . $exportWhat . '_' . strval(date('Ymd_His')) . '.html');
        $currentdate = date('Y/m/d H:i:s');
        echo <<<HTML
<!DOCTYPE NETSCAPE-Bookmark-file-1>
<!-- This is an automatically generated file.
     It will be read and overwritten.
     DO NOT EDIT! -->
<!-- Shaarli {$exportWhat} bookmarks export on {$currentdate} -->
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8">
        foreach ($LINKSDB as $link) {
            if ($exportWhat == 'all' || $exportWhat == 'private' && $link['private'] != 0 || $exportWhat == 'public' && $link['private'] == 0) {
                echo '<DT><A HREF="' . htmlspecialchars($link['url']) . '" ADD_DATE="' . linkdate2timestamp($link['linkdate']) . '" PRIVATE="' . $link['private'] . '"';
                if ($link['tags'] != '') {
                    echo ' TAGS="' . htmlspecialchars(str_replace(' ', ',', $link['tags'])) . '"';
                echo '>' . htmlspecialchars($link['title']) . "</A>\n";
                if ($link['description'] != '') {
                    echo '<DD>' . htmlspecialchars($link['description']) . "\n";
    // -------- User is uploading a file for import
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=upload')) {
        // If file is too big, some form field may be missing.
        if (!isset($_POST['token']) || !isset($_FILES) || isset($_FILES['filetoupload']['size']) && $_FILES['filetoupload']['size'] == 0) {
            $returnurl = empty($_SERVER['HTTP_REFERER']) ? '?' : $_SERVER['HTTP_REFERER'];
            echo '<script language="JavaScript">alert("The file you are trying to upload is probably bigger than what this webserver can accept (' . getMaxFileSize() . ' bytes). Please upload in smaller chunks.");document.location=\'' . htmlspecialchars($returnurl) . '\';</script>';
        if (!tokenOk($_POST['token'])) {
            die('Wrong token.');
    // -------- Show upload/import dialog:
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=import')) {
        $PAGE = new pageBuilder();
        $PAGE->assign('linkcount', count($LINKSDB));
        $PAGE->assign('token', getToken());
        $PAGE->assign('maxfilesize', getMaxFileSize());
    // -------- Otherwise, simply display search form and links:
    $PAGE = new pageBuilder();
    $PAGE->assign('linkcount', count($LINKSDB));
    buildLinkList($PAGE, $LINKSDB);
    // Compute list of links to display
Exemple #3
function buildLinkList($PAGE, $LINKSDB)
    // ---- Filter link database according to parameters
    $linksToDisplay = array();
    $search_type = '';
    $search_crits = '';
    if (isset($_GET['searchterm'])) {
        $linksToDisplay = $LINKSDB->filterFulltext(trim($_GET['searchterm']));
        $search_crits = escape(trim($_GET['searchterm']));
        $search_type = 'fulltext';
    } elseif (isset($_GET['searchtags'])) {
        $linksToDisplay = $LINKSDB->filterTags(trim($_GET['searchtags']));
        $search_crits = explode(' ', escape(trim($_GET['searchtags'])));
        $search_type = 'tags';
    } elseif (isset($_SERVER['QUERY_STRING']) && preg_match('/[a-zA-Z0-9-_@]{6}(&.+?)?/', $_SERVER['QUERY_STRING'])) {
        $linksToDisplay = $LINKSDB->filterSmallHash(substr(trim($_SERVER["QUERY_STRING"], '/'), 0, 6));
        if (count($linksToDisplay) == 0) {
            header($_SERVER["SERVER_PROTOCOL"] . " 404 Not Found");
            echo '<h1>404 Not found.</h1>Oh crap. The link you are trying to reach does not exist or has been deleted.';
            echo '<br>Would you mind <a href="?">clicking here</a>?';
        $search_type = 'permalink';
    } else {
        $linksToDisplay = $LINKSDB;
    // Otherwise, display without filtering.
    // Option: Show only private links
    if (!empty($_SESSION['privateonly'])) {
        $tmp = array();
        foreach ($linksToDisplay as $linkdate => $link) {
            if ($link['private'] != 0) {
                $tmp[$linkdate] = $link;
        $linksToDisplay = $tmp;
    // ---- Handle paging.
    /* Can someone explain to me why you get the following error when using array_keys() on an object which implements the interface ArrayAccess???
          "Warning: array_keys() expects parameter 1 to be array, object given in ... "
          If my class implements ArrayAccess, why won't array_keys() accept it ?  ( $keys=array_keys($linksToDisplay); )
    $keys = array();
    foreach ($linksToDisplay as $key => $value) {
        $keys[] = $key;
    // Stupid and ugly. Thanks PHP.
    // If there is only a single link, we change on-the-fly the title of the page.
    if (count($linksToDisplay) == 1) {
        $GLOBALS['pagetitle'] = $linksToDisplay[$keys[0]]['title'] . ' - ' . $GLOBALS['title'];
    // Select articles according to paging.
    $pagecount = ceil(count($keys) / $_SESSION['LINKS_PER_PAGE']);
    $pagecount = $pagecount == 0 ? 1 : $pagecount;
    $page = empty($_GET['page']) ? 1 : intval($_GET['page']);
    $page = $page < 1 ? 1 : $page;
    $page = $page > $pagecount ? $pagecount : $page;
    $i = ($page - 1) * $_SESSION['LINKS_PER_PAGE'];
    // Start index.
    $end = $i + $_SESSION['LINKS_PER_PAGE'];
    $linkDisp = array();
    // Links to display
    while ($i < $end && $i < count($keys)) {
        $link = $linksToDisplay[$keys[$i]];
        $link['description'] = nl2br(keepMultipleSpaces(text2clickable($link['description'])));
        $title = $link['title'];
        $classLi = $i % 2 != 0 ? '' : 'publicLinkHightLight';
        $link['class'] = $link['private'] == 0 ? $classLi : 'private';
        $link['timestamp'] = linkdate2timestamp($link['linkdate']);
        $taglist = explode(' ', $link['tags']);
        uasort($taglist, 'strcasecmp');
        $link['taglist'] = $taglist;
        if ($link["url"][0] === '?' && strlen($link["url"]) === 7) {
            $link["url"] = indexUrl() . $link["url"];
        $linkDisp[$keys[$i]] = $link;
    // Compute paging navigation
    $searchterm = empty($_GET['searchterm']) ? '' : '&searchterm=' . $_GET['searchterm'];
    $searchtags = empty($_GET['searchtags']) ? '' : '&searchtags=' . $_GET['searchtags'];
    $paging = '';
    $previous_page_url = '';
    if ($i != count($keys)) {
        $previous_page_url = '?page=' . ($page + 1) . $searchterm . $searchtags;
    $next_page_url = '';
    if ($page > 1) {
        $next_page_url = '?page=' . ($page - 1) . $searchterm . $searchtags;
    $token = '';
    if (isLoggedIn()) {
        $token = getToken();
    // Fill all template fields.
    $PAGE->assign('linkcount', count($LINKSDB));
    $PAGE->assign('previous_page_url', $previous_page_url);
    $PAGE->assign('next_page_url', $next_page_url);
    $PAGE->assign('page_current', $page);
    $PAGE->assign('page_max', $pagecount);
    $PAGE->assign('result_count', count($linksToDisplay));
    $PAGE->assign('search_type', $search_type);
    $PAGE->assign('search_crits', $search_crits);
    $PAGE->assign('redirector', empty($GLOBALS['redirector']) ? '' : $GLOBALS['redirector']);
    // Optional redirector URL.
    $PAGE->assign('token', $token);
    $PAGE->assign('links', $linkDisp);
    $PAGE->assign('tags', $LINKSDB->allTags());
Exemple #4
function renderPage()
    if (isset($_POST['save_edit'])) {
        linkdb::$editLink = TRUE;
    $LINKSDB = new linkdb(isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI']);
    // Read links from database (and filter private links if used it not logged in).
    // -------- Display login form.
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=login')) {
        if ($GLOBALS['config']['OPEN_SHAARLI']) {
            header('Location: ?');
        // No need to login for open Shaarli
        $token = '';
        if (ban_canLogin()) {
            $token = getToken();
        // Do not waste token generation if not useful.
        $PAGE = new pageBuilder();
        $PAGE->assign('token', $token);
        $PAGE->assign('returnurl', isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '');
    // -------- User wants to logout.
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=logout')) {
        header('Location: ?');
    // -------- Picture wall
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=picwall')) {
        // Optionnaly filter the results:
        $links = array();
        if (!empty($_GET['searchterm'])) {
            $links = $LINKSDB->filterFulltext($_GET['searchterm']);
        } elseif (!empty($_GET['searchtags'])) {
            $links = $LINKSDB->filterTags(trim($_GET['searchtags']));
        } else {
            $links = $LINKSDB;
        $body = '';
        $linksToDisplay = array();
        // Get only links which have a thumbnail.
        foreach ($links as $link) {
            $permalink = '?' . htmlspecialchars(smallhash($link['linkdate']), ENT_QUOTES);
            $thumb = lazyThumbnail($link['url'], $permalink);
            if ($thumb != '') {
                $link['thumbnail'] = $thumb;
                // Thumbnail HTML code.
                $link['permalink'] = $permalink;
                $linksToDisplay[] = $link;
                // Add to array.
        $PAGE = new pageBuilder();
        $PAGE->assign('linkcount', count($LINKSDB));
        $PAGE->assign('linksToDisplay', $linksToDisplay);
    // -------- Tag cloud
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=tagcloud')) {
        $tags = $LINKSDB->allTags();
        // We sort tags alphabetically, then choose a font size according to count.
        // First, find max value.
        $maxcount = 0;
        foreach ($tags as $key => $value) {
            $maxcount = max($maxcount, $value);
        $tagList = array();
        foreach ($tags as $key => $value) {
            $tagList[$key] = array('count' => $value, 'size' => max(40 * $value / $maxcount, 8));
        $PAGE = new pageBuilder();
        $PAGE->assign('linkcount', count($LINKSDB));
        $PAGE->assign('tags', $tagList);
    // -------- User clicks on a tag in a link: The tag is added to the list of searched tags (searchtags=...)
    if (isset($_GET['addtag'])) {
        // Get previous URL (http_referer) and add the tag to the searchtags parameters in query.
        if (empty($_SERVER['HTTP_REFERER'])) {
            header('Location: ?searchtags=' . urlencode($_GET['addtag']));
        // In case browser does not send HTTP_REFERER
        parse_str(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY), $params);
        $params['searchtags'] = empty($params['searchtags']) ? trim($_GET['addtag']) : trim($params['searchtags']) . ' ' . trim($_GET['addtag']);
        // We also remove page (keeping the same page has no sense, since the results are different)
        header('Location: ?' . http_build_query($params));
    // -------- User clicks on a tag in result count: Remove the tag from the list of searched tags (searchtags=...)
    if (isset($_GET['removetag'])) {
        // Get previous URL (http_referer) and remove the tag from the searchtags parameters in query.
        if (empty($_SERVER['HTTP_REFERER'])) {
            header('Location: ?');
        // In case browser does not send HTTP_REFERER
        parse_str(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY), $params);
        if (isset($params['searchtags'])) {
            $tags = explode(' ', $params['searchtags']);
            $tags = array_diff($tags, array($_GET['removetag']));
            // Remove value from array $tags.
            if (count($tags) == 0) {
            } else {
                $params['searchtags'] = implode(' ', $tags);
            // We also remove page (keeping the same page has no sense, since the results are different)
        header('Location: ?' . http_build_query($params));
    // -------- User wants to change the number of links per page (linksperpage=...)
    if (isset($_GET['linksperpage'])) {
        if (is_numeric($_GET['linksperpage'])) {
            $_SESSION['LINKS_PER_PAGE'] = abs(intval($_GET['linksperpage']));
        // Make sure the referer is from Shaarli itself.
        $referer = '?';
        if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST), $_SERVER['SERVER_NAME']) == 0) {
            $referer = $_SERVER['HTTP_REFERER'];
        header('Location: ' . $referer);
    // -------- User wants to see only private links (toggle)
    if (isset($_GET['privateonly'])) {
        if (empty($_SESSION['privateonly'])) {
            $_SESSION['privateonly'] = 1;
            // See only private links
        } else {
            // See all links
        // Make sure the referer is from Shaarli itself.
        $referer = '?';
        if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST), $_SERVER['SERVER_NAME']) == 0) {
            $referer = $_SERVER['HTTP_REFERER'];
        header('Location: ' . $referer);
    // -------- Handle other actions allowed for non-logged in users:
    if (!isLoggedIn()) {
        // User tries to post new link but is not loggedin:
        // Show login screen, then redirect to ?post=...
        if (isset($_GET['post'])) {
            header('Location: ?do=login&post=' . urlencode($_GET['post']) . (!empty($_GET['title']) ? '&title=' . urlencode($_GET['title']) : '') . (!empty($_GET['source']) ? '&source=' . urlencode($_GET['source']) : ''));
            // Redirect to login page, then back to post link.
        $PAGE = new pageBuilder();
        buildLinkList($PAGE, $LINKSDB);
        // Compute list of links to display
        // Never remove this one ! All operations below are reserved for logged in user.
    // -------- All other functions are reserved for the registered user:
    // -------- Display the Tools menu if requested (import/export/bookmarklet...)
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=tools')) {
        $PAGE = new pageBuilder();
        $PAGE->assign('linkcount', count($LINKSDB));
        $PAGE->assign('pageabsaddr', indexUrl());
    // -------- User wants to change his/her password.
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=changepasswd')) {
        if ($GLOBALS['config']['OPEN_SHAARLI']) {
            die('You are not supposed to change a password on an Open Shaarli.');
        if (!empty($_POST['setpassword']) && !empty($_POST['oldpassword'])) {
            if (!tokenOk($_POST['token'])) {
                die('Wrong token.');
            // Go away !
            // Make sure old password is correct.
            $oldhash = sha1($_POST['oldpassword'] . $_SESSION['username'] . $GLOBALS['salt']);
            if ($oldhash != $GLOBALS['password'][$_SESSION['username']]) {
                echo '<script language="JavaScript">alert("The old password is not correct.");document.location=\'?do=changepasswd\';</script>';
            // Save new password
            //$GLOBALS['salt'] = sha1(uniqid('',true).'_'.mt_rand()); // Salt renders rainbow-tables attacks useless.
            $GLOBALS['password'][$_SESSION['username']] = sha1($_POST['setpassword'] . $_SESSION['username'] . $GLOBALS['salt']);
            echo '<script language="JavaScript">alert("Your password has been changed.");document.location=\'?do=tools\';</script>';
        } else {
            $PAGE = new pageBuilder();
            $PAGE->assign('linkcount', count($LINKSDB));
            $PAGE->assign('token', getToken());
    // -------- User wants to manage users.
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=users')) {
        $PAGE = new pageBuilder();
        foreach ($GLOBALS['login'] as $key => $username) {
            if ($key === 0) {
                $users[$key]['sysAdmin'] = TRUE;
            } else {
                $users[$key]['sysAdmin'] = FALSE;
            $users[$key]['username'] = $username;
            $users[$key]['level'] = $GLOBALS['level'][$username];
            $users[$key]['email'] = $GLOBALS['email'][$username];
        $PAGE->assign('users', $users);
    // -------- Create / Editing user.
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=saveUser')) {
        $saveUserMessage = 'user successfully updated !';
        if (isset($_GET['deleteUser'])) {
            if (is_array($GLOBALS['login'])) {
                if (in_array($_GET['username'], $GLOBALS['login'])) {
                    $sUkey = array_search($_GET['username'], $GLOBALS['login']);
                    if ($sUkey !== 0) {
                        unset($GLOBALS['login'][$sUkey], $GLOBALS['password'][$_GET['username']], $GLOBALS['level'][$_GET['username']], $GLOBALS['email'][$_GET['username']]);
                        $GLOBALS['login'] = array_values($GLOBALS['login']);
                        echo '<script language="JavaScript">alert("' . $_GET['username'] . ' was deleted.");document.location=\'?do=users\';</script>';
        if (is_array($GLOBALS['login'])) {
            if (!in_array($_GET['username'], $GLOBALS['login'])) {
                $newUserKey = count($GLOBALS['login']);
                $newUser = array($newUserKey => $_GET['username']);
                $GLOBALS['login'] = $GLOBALS['login'] + $newUser;
                $saveUserMessage = 'user successfully created !';
            if (is_array($newUser) || isset($_GET['resetPassword'])) {
                $newPassword = smallHash(sha1(uniqid('', true) . '_' . mt_rand()));
                $GLOBALS['password'][$_GET['username']] = sha1($newPassword . $_GET['username'] . $GLOBALS['salt']);
                $saveUserMessage .= ' His new password is ' . $newPassword;
            $GLOBALS['level'][$_GET['username']] = (int) $_GET['userlevel'];
            $GLOBALS['email'][$_GET['username']] = $_GET['email'];
        echo '<script language="JavaScript">alert("' . $saveUserMessage . '");document.location=\'?do=users\';</script>';
    // -------- User wants to change configuration
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=configure')) {
        if (!empty($_POST['title'])) {
            if (!tokenOk($_POST['token'])) {
                die('Wrong token.');
            // Go away !
            $tz = 'UTC';
            if (!empty($_POST['continent']) && !empty($_POST['city'])) {
                if (isTZvalid($_POST['continent'], $_POST['city'])) {
                    $tz = $_POST['continent'] . '/' . $_POST['city'];
            $GLOBALS['timezone'] = $tz;
            $GLOBALS['title'] = $_POST['title'];
            $GLOBALS['redirector'] = $_POST['redirector'];
            $GLOBALS['disablesessionprotection'] = !empty($_POST['disablesessionprotection']);
            $GLOBALS['disablejquery'] = !empty($_POST['disablejquery']);
            $GLOBALS['privateLinkByDefault'] = !empty($_POST['privateLinkByDefault']);
            echo '<script language="JavaScript">alert("Configuration was saved.");document.location=\'?do=tools\';</script>';
        } else {
            $PAGE = new pageBuilder();
            $PAGE->assign('linkcount', count($LINKSDB));
            $PAGE->assign('token', getToken());
            $PAGE->assign('title', htmlspecialchars(empty($GLOBALS['title']) ? '' : $GLOBALS['title'], ENT_QUOTES));
            $PAGE->assign('redirector', htmlspecialchars(empty($GLOBALS['redirector']) ? '' : $GLOBALS['redirector'], ENT_QUOTES));
            list($timezone_form, $timezone_js) = templateTZform($GLOBALS['timezone']);
            $PAGE->assign('timezone_form', $timezone_form);
            // FIXME: put entire tz form generation in template ?
            $PAGE->assign('timezone_js', $timezone_js);
    // -------- User wants to rename a tag or delete it
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=changetag')) {
        if (empty($_POST['fromtag'])) {
            $PAGE = new pageBuilder();
            $PAGE->assign('linkcount', count($LINKSDB));
            $PAGE->assign('token', getToken());
        if (!tokenOk($_POST['token'])) {
            die('Wrong token.');
        // Delete a tag:
        if (!empty($_POST['deletetag']) && !empty($_POST['fromtag'])) {
            $needle = trim($_POST['fromtag']);
            $linksToAlter = $LINKSDB->filterTags($needle, true);
            // true for case-sensitive tag search.
            foreach ($linksToAlter as $key => $value) {
                $tags = explode(' ', trim($value['tags']));
                unset($tags[array_search($needle, $tags)]);
                // Remove tag.
                $value['tags'] = trim(implode(' ', $tags));
                $LINKSDB[$key] = $value;
            // save to disk
            echo '<script language="JavaScript">alert("Tag was removed from ' . count($linksToAlter) . ' links.");document.location=\'?\';</script>';
        // Rename a tag:
        if (!empty($_POST['renametag']) && !empty($_POST['fromtag']) && !empty($_POST['totag'])) {
            $needle = trim($_POST['fromtag']);
            $linksToAlter = $LINKSDB->filterTags($needle, true);
            // true for case-sensitive tag search.
            foreach ($linksToAlter as $key => $value) {
                $tags = explode(' ', trim($value['tags']));
                $tags[array_search($needle, $tags)] = trim($_POST['totag']);
                // Remplace tags value.
                $value['tags'] = trim(implode(' ', $tags));
                $LINKSDB[$key] = $value;
            // save to disk
            echo '<script language="JavaScript">alert("Tag was renamed in ' . count($linksToAlter) . ' links.");document.location=\'?searchtags=' . urlencode($_POST['totag']) . '\';</script>';
    // -------- User wants to add a link without using the bookmarklet: show form.
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=addlink')) {
        $PAGE = new pageBuilder();
        $PAGE->assign('linkcount', count($LINKSDB));
    // -------- User clicked the "Save" button when editing a link: Save link to database.
    if (isset($_POST['save_edit'])) {
        if (!tokenOk($_POST['token'])) {
            die('Wrong token.');
        // Go away !
        $tags = trim(preg_replace('/\\s\\s+/', ' ', $_POST['lf_tags']));
        // Remove multiple spaces.
        $linkdate = $_POST['lf_linkdate'];
        // If user is not an admin and try to edit other link of him and keep author when updating link
        if (isset($LINKSDB[$linkdate])) {
            if ($_SESSION['level'] < 3 && $LINKSDB[$linkdate]['author'] !== $_SESSION['username']) {
                die('You cannot edit link of other !');
            $author = $LINKSDB[$linkdate]['author'];
        } else {
            $author = $_SESSION['username'];
        $url = trim($_POST['lf_url']);
        if (!startsWith($url, 'http:') && !startsWith($url, 'https:') && !startsWith($url, 'ftp:') && !startsWith($url, 'magnet:') && !startsWith($url, '?')) {
            $url = 'http://' . $url;
        $link = array('title' => trim($_POST['lf_title']), 'url' => $url, 'description' => trim($_POST['lf_description']), 'private' => $_POST['lf_private'], 'author' => $author, 'linkdate' => $linkdate, 'tags' => str_replace(',', ' ', $tags));
        if ($link['title'] == '') {
            $link['title'] = $link['url'];
        // If title is empty, use the URL as title.
        $LINKSDB[$linkdate] = $link;
        // save to disk
        // If we are called from the bookmarklet, we must close the popup:
        if (isset($_GET['source']) && $_GET['source'] == 'bookmarklet') {
            echo '<script language="JavaScript">self.close();</script>';
        $returnurl = isset($_POST['returnurl']) ? $_POST['returnurl'] : '?';
        $returnurl .= '#' . smallHash($linkdate);
        // Scroll to the link which has been edited.
        header('Location: ' . $returnurl);
        // After saving the link, redirect to the page the user was on.
    // -------- User clicked the "Cancel" button when editing a link.
    if (isset($_POST['cancel_edit'])) {
        // If we are called from the bookmarklet, we must close the popup;
        if (isset($_GET['source']) && $_GET['source'] == 'bookmarklet') {
            echo '<script language="JavaScript">self.close();</script>';
        $returnurl = isset($_POST['returnurl']) ? $_POST['returnurl'] : '?';
        $returnurl .= '#' . smallHash($_POST['lf_linkdate']);
        // Scroll to the link which has been edited.
        header('Location: ' . $returnurl);
        // After canceling, redirect to the page the user was on.
    // -------- User clicked the "Delete" button when editing a link : Delete link from database.
    if (isset($_POST['delete_link'])) {
        if (!tokenOk($_POST['token'])) {
            die('Wrong token.');
        // We do not need to ask for confirmation:
        // - confirmation is handled by javascript
        // - we are protected from XSRF by the token.
        $linkdate = $_POST['lf_linkdate'];
        if ($_SESSION['level'] < 3 && $LINKSDB[$linkdate]['author'] !== $_SESSION['username']) {
            die('You cannot delete link of other !');
        // save to disk
        // If we are called from the bookmarklet, we must close the popup:
        if (isset($_GET['source']) && $_GET['source'] == 'bookmarklet') {
            echo '<script language="JavaScript">self.close();</script>';
        $returnurl = isset($_POST['returnurl']) ? $_POST['returnurl'] : '?';
        if ($returnurl == '?') {
            $returnurl = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '?';
        header('Location: ' . $returnurl);
        // After deleting the link, redirect to the page the user was on.
    // -------- User clicked the "EDIT" button on a link: Display link edit form.
    if (isset($_GET['edit_link'])) {
        $link = $LINKSDB[$_GET['edit_link']];
        // Read database
        if (!$link) {
            header('Location: ?');
        // Link not found in database.
        if ($_SESSION['level'] < 3 && $LINKSDB[$_GET['edit_link']]['author'] !== $_SESSION['username']) {
        // If user is not an admin and try to edit other link of him
        $PAGE = new pageBuilder();
        $PAGE->assign('linkcount', count($LINKSDB));
        $PAGE->assign('link', $link);
        $PAGE->assign('link_is_new', false);
        $PAGE->assign('token', getToken());
        // XSRF protection.
        $PAGE->assign('http_referer', isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '');
    // -------- User want to post a new link: Display link edit form.
    if (isset($_GET['post'])) {
        $url = $_GET['post'];
        // We remove the annoying parameters added by FeedBurner and GoogleFeedProxy (?utm_source=...)
        $i = strpos($url, '&utm_source=');
        if ($i !== false) {
            $url = substr($url, 0, $i);
        $i = strpos($url, '?utm_source=');
        if ($i !== false) {
            $url = substr($url, 0, $i);
        $i = strpos($url, '#xtor=RSS-');
        if ($i !== false) {
            $url = substr($url, 0, $i);
        $link_is_new = false;
        $link = $LINKSDB->getLinkFromUrl($url);
        // Check if URL is not already in database (in this case, we will edit the existing link)
        if (!$link) {
            $link_is_new = true;
            // This is a new link
            $linkdate = strval(date('Ymd_His'));
            $title = empty($_GET['title']) ? '' : $_GET['title'];
            // Get title if it was provided in URL (by the bookmarklet).
            $description = '';
            $tags = '';
            $private = 2;
            $author = $_SESSION['username'];
            if ($url != '' && parse_url($url, PHP_URL_SCHEME) == '') {
                $url = 'http://' . $url;
            // If this is an HTTP link, we try go get the page to extact the title (otherwise we will to straight to the edit form.)
            if (empty($title) && parse_url($url, PHP_URL_SCHEME) == 'http') {
                list($status, $headers, $data) = getHTTP($url, 4);
                // Short timeout to keep the application responsive.
                // FIXME: Decode charset according to specified in either 1) HTTP response headers or 2) <head> in html
                if (strpos($status, '200 OK') !== false) {
                    $title = html_entity_decode(html_extract_title($data), ENT_QUOTES, 'UTF-8');
            if ($url == '') {
                $url = '?' . smallHash($linkdate);
            // In case of empty URL, this is just a text (with a link that point to itself)
            $link = array('linkdate' => $linkdate, 'title' => $title, 'url' => $url, 'description' => $description, 'tags' => $tags, 'private' => 2, 'author' => $author);
        $PAGE = new pageBuilder();
        $PAGE->assign('linkcount', count($LINKSDB));
        $PAGE->assign('link', $link);
        $PAGE->assign('link_is_new', $link_is_new);
        $PAGE->assign('token', getToken());
        // XSRF protection.
        $PAGE->assign('http_referer', isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '');
    // -------- Export as Netscape Bookmarks HTML file.
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=export')) {
        if (empty($_GET['what'])) {
            $PAGE = new pageBuilder();
            $PAGE->assign('linkcount', count($LINKSDB));
        $exportWhat = $_GET['what'];
        if (!array_intersect(array('all', 'public', 'private'), array($exportWhat))) {
            die('What are you trying to export ???');
        header('Content-Type: text/html; charset=utf-8');
        header('Content-disposition: attachment; filename=bookmarks_' . $exportWhat . '_' . strval(date('Ymd_His')) . '.html');
        $currentdate = date('Y/m/d H:i:s');
        echo <<<HTML
<!DOCTYPE NETSCAPE-Bookmark-file-1>
<!-- This is an automatically generated file.
     It will be read and overwritten.
     DO NOT EDIT! -->
<!-- Shaarli {$exportWhat} bookmarks export on {$currentdate} -->
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8">
        foreach ($LINKSDB as $link) {
            if ($exportWhat == 'all' || $exportWhat == 'private' && $link['private'] != 0 || $exportWhat == 'public' && $link['private'] == 0) {
                echo '<DT><A HREF="' . htmlspecialchars($link['url']) . '" ADD_DATE="' . linkdate2timestamp($link['linkdate']) . '" PRIVATE="' . $link['private'] . '"';
                if ($link['tags'] != '') {
                    echo ' TAGS="' . htmlspecialchars(str_replace(' ', ',', $link['tags'])) . '"';
                echo '>' . htmlspecialchars($link['title']) . "</A>\n";
                if ($link['description'] != '') {
                    echo '<DD>' . htmlspecialchars($link['description']) . "\n";
    // -------- User is uploading a file for import
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=upload')) {
        // If file is too big, some form field may be missing.
        if (!isset($_POST['token']) || !isset($_FILES) || isset($_FILES['filetoupload']['size']) && $_FILES['filetoupload']['size'] == 0) {
            $returnurl = empty($_SERVER['HTTP_REFERER']) ? '?' : $_SERVER['HTTP_REFERER'];
            echo '<script language="JavaScript">alert("The file you are trying to upload is probably bigger than what this webserver can accept (' . getMaxFileSize() . ' bytes). Please upload in smaller chunks.");document.location=\'' . htmlspecialchars($returnurl) . '\';</script>';
        if (!tokenOk($_POST['token'])) {
            die('Wrong token.');
    // -------- Show upload/import dialog:
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=import')) {
        $PAGE = new pageBuilder();
        $PAGE->assign('linkcount', count($LINKSDB));
        $PAGE->assign('token', getToken());
        $PAGE->assign('maxfilesize', getMaxFileSize());
    // -------- Otherwise, simply display search form and links:
    $PAGE = new pageBuilder();
    $PAGE->assign('linkcount', count($LINKSDB));
    buildLinkList($PAGE, $LINKSDB);
    // Compute list of links to display