function install() { // On free.fr host, make sure the /sessions directory exists, otherwise login will not work. if (endsWith($_SERVER['HTTP_HOST'], '.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'] . '/sessions')) { mkdir($_SERVER['DOCUMENT_ROOT'] . '/sessions', 0705); } // This part makes sure sessions works correctly. // (Because on some hosts, session.save_path may not be set correctly, // or we may not have write access to it.) if (isset($_GET['test_session']) && (!isset($_SESSION) || !isset($_SESSION['session_tested']) || $_SESSION['session_tested'] != 'Working')) { // Step 2: Check if data in session is correct. echo '<pre>Sessions do not seem to work correctly on your server.<br>'; echo 'Make sure the variable session.save_path is set correctly in your php config, and that you have write access to it.<br>'; echo 'It currently points to ' . session_save_path() . '<br>'; echo 'Check that the hostname used to access Shaarli contains a dot. On some browsers, accessing your server via a hostname like \'localhost\' or any custom hostname without a dot causes cookie storage to fail. We recommend accessing your server via it\'s IP address or Fully Qualified Domain Name.<br>'; echo '<br><a href="?">Click to try again.</a></pre>'; die; } if (!isset($_SESSION['session_tested'])) { // Step 1 : Try to store data in session and reload page. $_SESSION['session_tested'] = 'Working'; // Try to set a variable in session. header('Location: ' . index_url($_SERVER) . '?test_session'); // Redirect to check stored data. } if (isset($_GET['test_session'])) { // Step 3: Sessions are OK. Remove test parameter from URL. header('Location: ' . index_url($_SERVER)); } if (!empty($_POST['setlogin']) && !empty($_POST['setpassword'])) { $tz = 'UTC'; if (!empty($_POST['continent']) && !empty($_POST['city'])) { if (isTimeZoneValid($_POST['continent'], $_POST['city'])) { $tz = $_POST['continent'] . '/' . $_POST['city']; } } $GLOBALS['timezone'] = $tz; // Everything is ok, let's create config file. $GLOBALS['login'] = $_POST['setlogin']; $GLOBALS['salt'] = sha1(uniqid('', true) . '_' . mt_rand()); // Salt renders rainbow-tables attacks useless. $GLOBALS['hash'] = sha1($_POST['setpassword'] . $GLOBALS['login'] . $GLOBALS['salt']); $GLOBALS['title'] = empty($_POST['title']) ? 'Shared links on ' . escape(index_url($_SERVER)) : $_POST['title']; $GLOBALS['config']['ENABLE_UPDATECHECK'] = !empty($_POST['updateCheck']); try { writeConfig($GLOBALS, isLoggedIn()); } catch (Exception $e) { error_log('ERROR while writing config file after installation.' . PHP_EOL . $e->getMessage()); // TODO: do not handle exceptions/errors in JS. echo '<script>alert("' . $e->getMessage() . '");document.location=\'?\';</script>'; exit; } echo '<script>alert("Shaarli is now configured. Please enter your login/password and start shaaring your links!");document.location=\'?do=login\';</script>'; exit; } // Display config form: list($timezone_form, $timezone_js) = generateTimeZoneForm(); $timezone_html = ''; if ($timezone_form != '') { $timezone_html = '<tr><td><b>Timezone:</b></td><td>' . $timezone_form . '</td></tr>'; } $PAGE = new pageBuilder(); $PAGE->assign('timezone_html', $timezone_html); $PAGE->assign('timezone_js', $timezone_js); $PAGE->renderPage('install'); exit; }
function install() { global $core; // On free.fr host, make sure the /sessions directory exists, otherwise login will not work. if (endsWith($_SERVER['SERVER_NAME'], '.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'] . '/sessions')) { mkdir($_SERVER['DOCUMENT_ROOT'] . '/sessions', 0705); } if ($core->auth->sessionExists() && !empty($_POST['setlogin'])) { $tz = 'UTC'; if (!empty($_POST['continent']) && !empty($_POST['city'])) { if (isTZvalid($_POST['continent'], $_POST['city'])) { $tz = $_POST['continent'] . '/' . $_POST['city']; } } $GLOBALS['timezone'] = $tz; // Everything is ok, let's create config file. $GLOBALS['login'] = $core->auth->userID(); $GLOBALS['salt'] = sha1(uniqid('', true) . '_' . mt_rand()); // Salt renders rainbow-tables attacks useless. $GLOBALS['hash'] = sha1($core->auth->userToken() . $GLOBALS['login'] . $GLOBALS['salt']); $GLOBALS['title'] = empty($_POST['title']) ? 'Shared links on ' . htmlspecialchars(indexUrl()) : $_POST['title']; writeConfig(); echo '<script language="JavaScript">alert("Shaarli is now configured !");document.location=\'\';</script>'; exit; } // Display config form: list($timezone_form, $timezone_js) = templateTZform(); $timezone_html = ''; if ($timezone_form != '') { $timezone_html = '<tr><td valign="top"><b>Timezone:</b></td><td>' . $timezone_form . '</td></tr>'; } $PAGE = new pageBuilder(); $PAGE->assign('login_html', $core->auth->userID()); $PAGE->assign('timezone_html', $timezone_html); $PAGE->assign('timezone_js', $timezone_js); $PAGE->renderPage('install'); exit; }
/** * Template for the list of links (<div id="linklist">) * This function fills all the necessary fields in the $PAGE for the template 'linklist.html' * * @param pageBuilder $PAGE pageBuilder instance. * @param LinkDB $LINKSDB LinkDB instance. */ function buildLinkList($PAGE, $LINKSDB) { // Used in templates $searchtags = !empty($_GET['searchtags']) ? escape($_GET['searchtags']) : ''; $searchterm = !empty($_GET['searchterm']) ? escape($_GET['searchterm']) : ''; // Smallhash filter if (!empty($_SERVER['QUERY_STRING']) && preg_match('/^[a-zA-Z0-9-_@]{6}($|&|#)/', $_SERVER['QUERY_STRING'])) { try { $linksToDisplay = $LINKSDB->filterHash($_SERVER['QUERY_STRING']); } catch (LinkNotFoundException $e) { $PAGE->render404($e->getMessage()); exit; } } else { // Filter links according search parameters. $privateonly = !empty($_SESSION['privateonly']); $linksToDisplay = $LINKSDB->filterSearch($_GET, false, $privateonly); } // ---- Handle paging. $keys = array(); foreach ($linksToDisplay as $key => $value) { $keys[] = $key; } // If there is only a single link, we change on-the-fly the title of the page. if (count($linksToDisplay) == 1) { $GLOBALS['pagetitle'] = $linksToDisplay[$keys[0]]['title'] . ' - ' . $GLOBALS['title']; } // Select articles according to paging. $pagecount = ceil(count($keys) / $_SESSION['LINKS_PER_PAGE']); $pagecount = $pagecount == 0 ? 1 : $pagecount; $page = empty($_GET['page']) ? 1 : intval($_GET['page']); $page = $page < 1 ? 1 : $page; $page = $page > $pagecount ? $pagecount : $page; // Start index. $i = ($page - 1) * $_SESSION['LINKS_PER_PAGE']; $end = $i + $_SESSION['LINKS_PER_PAGE']; $linkDisp = array(); while ($i < $end && $i < count($keys)) { $link = $linksToDisplay[$keys[$i]]; $link['description'] = format_description($link['description'], $GLOBALS['redirector']); $classLi = $i % 2 != 0 ? '' : 'publicLinkHightLight'; $link['class'] = $link['private'] == 0 ? $classLi : 'private'; $date = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $link['linkdate']); $link['timestamp'] = $date->getTimestamp(); $taglist = explode(' ', $link['tags']); uasort($taglist, 'strcasecmp'); $link['taglist'] = $taglist; $link['shorturl'] = smallHash($link['linkdate']); // Check for both signs of a note: starting with ? and 7 chars long. if ($link['url'][0] === '?' && strlen($link['url']) === 7) { $link['url'] = index_url($_SERVER) . $link['url']; } $linkDisp[$keys[$i]] = $link; $i++; } // Compute paging navigation $searchtagsUrl = empty($searchtags) ? '' : '&searchtags=' . urlencode($searchtags); $searchtermUrl = empty($searchterm) ? '' : '&searchterm=' . urlencode($searchterm); $previous_page_url = ''; if ($i != count($keys)) { $previous_page_url = '?page=' . ($page + 1) . $searchtermUrl . $searchtagsUrl; } $next_page_url = ''; if ($page > 1) { $next_page_url = '?page=' . ($page - 1) . $searchtermUrl . $searchtagsUrl; } $token = isLoggedIn() ? getToken() : ''; // Fill all template fields. $data = array('previous_page_url' => $previous_page_url, 'next_page_url' => $next_page_url, 'page_current' => $page, 'page_max' => $pagecount, 'result_count' => count($linksToDisplay), 'search_term' => $searchterm, 'search_tags' => $searchtags, 'redirector' => empty($GLOBALS['redirector']) ? '' : $GLOBALS['redirector'], 'token' => $token, 'links' => $linkDisp, 'tags' => $LINKSDB->allTags()); // FIXME! temporary fix - see #399. if (!empty($GLOBALS['pagetitle']) && count($linkDisp) == 1) { $data['pagetitle'] = $GLOBALS['pagetitle']; } $pluginManager = PluginManager::getInstance(); $pluginManager->executeHooks('render_linklist', $data, array('loggedin' => isLoggedIn())); foreach ($data as $key => $value) { $PAGE->assign($key, $value); } return; }
function install() { // On free.fr host, make sure the /sessions directory exists, otherwise login will not work. if (endsWith($_SERVER['HTTP_HOST'], '.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'] . '/sessions')) { mkdir($_SERVER['DOCUMENT_ROOT'] . '/sessions', 0705); } // This part makes sure sessions works correctly. // (Because on some hosts, session.save_path may not be set correctly, // or we may not have write access to it.) if (isset($_GET['test_session']) && (!isset($_SESSION) || !isset($_SESSION['session_tested']) || $_SESSION['session_tested'] != 'Working')) { // Step 2: Check if data in session is correct. echo '<pre>Sessions do not seem to work correctly on your server.<br>'; echo 'Make sure the variable session.save_path is set correctly in your php config, and that you have write access to it.<br>'; echo 'It currently points to ' . session_save_path() . '<br><br><a href="?">Click to try again.</a></pre>'; die; } if (!isset($_SESSION['session_tested'])) { // Step 1 : Try to store data in session and reload page. $_SESSION['session_tested'] = 'Working'; // Try to set a variable in session. header('Location: ' . indexUrl() . '?test_session'); // Redirect to check stored data. } if (isset($_GET['test_session'])) { // Step 3: Sessions are ok. Remove test parameter from URL. header('Location: ' . indexUrl()); } if (!empty($_POST['setlogin']) && !empty($_POST['setpassword'])) { $tz = 'UTC'; if (!empty($_POST['continent']) && !empty($_POST['city'])) { if (isTZvalid($_POST['continent'], $_POST['city'])) { $tz = $_POST['continent'] . '/' . $_POST['city']; } } $GLOBALS['timezone'] = $tz; // Everything is ok, let's create config file. $GLOBALS['login'] = $_POST['setlogin']; $GLOBALS['salt'] = sha1(uniqid('', true) . '_' . mt_rand()); // Salt renders rainbow-tables attacks useless. $GLOBALS['hash'] = sha1($_POST['setpassword'] . $GLOBALS['login'] . $GLOBALS['salt']); $GLOBALS['title'] = empty($_POST['title']) ? 'Shared links on ' . htmlspecialchars(indexUrl()) : $_POST['title']; writeConfig(); echo '<script language="JavaScript">alert("Shaarli is now configured. Please enter your login/password and start shaaring your links !");document.location=\'?do=login\';</script>'; exit; } // Display config form: list($timezone_form, $timezone_js) = templateTZform(); $timezone_html = ''; if ($timezone_form != '') { $timezone_html = '<tr><td valign="top"><b>Timezone:</b></td><td>' . $timezone_form . '</td></tr>'; } $PAGE = new pageBuilder(); $PAGE->assign('timezone_html', $timezone_html); $PAGE->assign('timezone_js', $timezone_js); $PAGE->renderPage('install'); exit; }