Пример #1
function install()
    // On free.fr host, make sure the /sessions directory exists, otherwise login will not work.
    if (endsWith($_SERVER['HTTP_HOST'], '.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'] . '/sessions')) {
        mkdir($_SERVER['DOCUMENT_ROOT'] . '/sessions', 0705);
    // This part makes sure sessions works correctly.
    // (Because on some hosts, session.save_path may not be set correctly,
    // or we may not have write access to it.)
    if (isset($_GET['test_session']) && (!isset($_SESSION) || !isset($_SESSION['session_tested']) || $_SESSION['session_tested'] != 'Working')) {
        // Step 2: Check if data in session is correct.
        echo '<pre>Sessions do not seem to work correctly on your server.<br>';
        echo 'Make sure the variable session.save_path is set correctly in your php config, and that you have write access to it.<br>';
        echo 'It currently points to ' . session_save_path() . '<br>';
        echo 'Check that the hostname used to access Shaarli contains a dot. On some browsers, accessing your server via a hostname like \'localhost\' or any custom hostname without a dot causes cookie storage to fail. We recommend accessing your server via it\'s IP address or Fully Qualified Domain Name.<br>';
        echo '<br><a href="?">Click to try again.</a></pre>';
    if (!isset($_SESSION['session_tested'])) {
        // Step 1 : Try to store data in session and reload page.
        $_SESSION['session_tested'] = 'Working';
        // Try to set a variable in session.
        header('Location: ' . index_url($_SERVER) . '?test_session');
        // Redirect to check stored data.
    if (isset($_GET['test_session'])) {
        // Step 3: Sessions are OK. Remove test parameter from URL.
        header('Location: ' . index_url($_SERVER));
    if (!empty($_POST['setlogin']) && !empty($_POST['setpassword'])) {
        $tz = 'UTC';
        if (!empty($_POST['continent']) && !empty($_POST['city'])) {
            if (isTimeZoneValid($_POST['continent'], $_POST['city'])) {
                $tz = $_POST['continent'] . '/' . $_POST['city'];
        $GLOBALS['timezone'] = $tz;
        // Everything is ok, let's create config file.
        $GLOBALS['login'] = $_POST['setlogin'];
        $GLOBALS['salt'] = sha1(uniqid('', true) . '_' . mt_rand());
        // Salt renders rainbow-tables attacks useless.
        $GLOBALS['hash'] = sha1($_POST['setpassword'] . $GLOBALS['login'] . $GLOBALS['salt']);
        $GLOBALS['title'] = empty($_POST['title']) ? 'Shared links on ' . escape(index_url($_SERVER)) : $_POST['title'];
        $GLOBALS['config']['ENABLE_UPDATECHECK'] = !empty($_POST['updateCheck']);
        try {
            writeConfig($GLOBALS, isLoggedIn());
        } catch (Exception $e) {
            error_log('ERROR while writing config file after installation.' . PHP_EOL . $e->getMessage());
            // TODO: do not handle exceptions/errors in JS.
            echo '<script>alert("' . $e->getMessage() . '");document.location=\'?\';</script>';
        echo '<script>alert("Shaarli is now configured. Please enter your login/password and start shaaring your links!");document.location=\'?do=login\';</script>';
    // Display config form:
    list($timezone_form, $timezone_js) = generateTimeZoneForm();
    $timezone_html = '';
    if ($timezone_form != '') {
        $timezone_html = '<tr><td><b>Timezone:</b></td><td>' . $timezone_form . '</td></tr>';
    $PAGE = new pageBuilder();
    $PAGE->assign('timezone_html', $timezone_html);
    $PAGE->assign('timezone_js', $timezone_js);
Пример #2
function install()
    global $core;
    // On free.fr host, make sure the /sessions directory exists, otherwise login will not work.
    if (endsWith($_SERVER['SERVER_NAME'], '.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'] . '/sessions')) {
        mkdir($_SERVER['DOCUMENT_ROOT'] . '/sessions', 0705);
    if ($core->auth->sessionExists() && !empty($_POST['setlogin'])) {
        $tz = 'UTC';
        if (!empty($_POST['continent']) && !empty($_POST['city'])) {
            if (isTZvalid($_POST['continent'], $_POST['city'])) {
                $tz = $_POST['continent'] . '/' . $_POST['city'];
        $GLOBALS['timezone'] = $tz;
        // Everything is ok, let's create config file.
        $GLOBALS['login'] = $core->auth->userID();
        $GLOBALS['salt'] = sha1(uniqid('', true) . '_' . mt_rand());
        // Salt renders rainbow-tables attacks useless.
        $GLOBALS['hash'] = sha1($core->auth->userToken() . $GLOBALS['login'] . $GLOBALS['salt']);
        $GLOBALS['title'] = empty($_POST['title']) ? 'Shared links on ' . htmlspecialchars(indexUrl()) : $_POST['title'];
        echo '<script language="JavaScript">alert("Shaarli is now configured !");document.location=\'\';</script>';
    // Display config form:
    list($timezone_form, $timezone_js) = templateTZform();
    $timezone_html = '';
    if ($timezone_form != '') {
        $timezone_html = '<tr><td valign="top"><b>Timezone:</b></td><td>' . $timezone_form . '</td></tr>';
    $PAGE = new pageBuilder();
    $PAGE->assign('login_html', $core->auth->userID());
    $PAGE->assign('timezone_html', $timezone_html);
    $PAGE->assign('timezone_js', $timezone_js);
Пример #3
 * Template for the list of links (<div id="linklist">)
 * This function fills all the necessary fields in the $PAGE for the template 'linklist.html'
 * @param pageBuilder $PAGE    pageBuilder instance.
 * @param LinkDB      $LINKSDB LinkDB instance.
function buildLinkList($PAGE, $LINKSDB)
    // Used in templates
    $searchtags = !empty($_GET['searchtags']) ? escape($_GET['searchtags']) : '';
    $searchterm = !empty($_GET['searchterm']) ? escape($_GET['searchterm']) : '';
    // Smallhash filter
    if (!empty($_SERVER['QUERY_STRING']) && preg_match('/^[a-zA-Z0-9-_@]{6}($|&|#)/', $_SERVER['QUERY_STRING'])) {
        try {
            $linksToDisplay = $LINKSDB->filterHash($_SERVER['QUERY_STRING']);
        } catch (LinkNotFoundException $e) {
    } else {
        // Filter links according search parameters.
        $privateonly = !empty($_SESSION['privateonly']);
        $linksToDisplay = $LINKSDB->filterSearch($_GET, false, $privateonly);
    // ---- Handle paging.
    $keys = array();
    foreach ($linksToDisplay as $key => $value) {
        $keys[] = $key;
    // If there is only a single link, we change on-the-fly the title of the page.
    if (count($linksToDisplay) == 1) {
        $GLOBALS['pagetitle'] = $linksToDisplay[$keys[0]]['title'] . ' - ' . $GLOBALS['title'];
    // Select articles according to paging.
    $pagecount = ceil(count($keys) / $_SESSION['LINKS_PER_PAGE']);
    $pagecount = $pagecount == 0 ? 1 : $pagecount;
    $page = empty($_GET['page']) ? 1 : intval($_GET['page']);
    $page = $page < 1 ? 1 : $page;
    $page = $page > $pagecount ? $pagecount : $page;
    // Start index.
    $i = ($page - 1) * $_SESSION['LINKS_PER_PAGE'];
    $end = $i + $_SESSION['LINKS_PER_PAGE'];
    $linkDisp = array();
    while ($i < $end && $i < count($keys)) {
        $link = $linksToDisplay[$keys[$i]];
        $link['description'] = format_description($link['description'], $GLOBALS['redirector']);
        $classLi = $i % 2 != 0 ? '' : 'publicLinkHightLight';
        $link['class'] = $link['private'] == 0 ? $classLi : 'private';
        $date = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $link['linkdate']);
        $link['timestamp'] = $date->getTimestamp();
        $taglist = explode(' ', $link['tags']);
        uasort($taglist, 'strcasecmp');
        $link['taglist'] = $taglist;
        $link['shorturl'] = smallHash($link['linkdate']);
        // Check for both signs of a note: starting with ? and 7 chars long.
        if ($link['url'][0] === '?' && strlen($link['url']) === 7) {
            $link['url'] = index_url($_SERVER) . $link['url'];
        $linkDisp[$keys[$i]] = $link;
    // Compute paging navigation
    $searchtagsUrl = empty($searchtags) ? '' : '&searchtags=' . urlencode($searchtags);
    $searchtermUrl = empty($searchterm) ? '' : '&searchterm=' . urlencode($searchterm);
    $previous_page_url = '';
    if ($i != count($keys)) {
        $previous_page_url = '?page=' . ($page + 1) . $searchtermUrl . $searchtagsUrl;
    $next_page_url = '';
    if ($page > 1) {
        $next_page_url = '?page=' . ($page - 1) . $searchtermUrl . $searchtagsUrl;
    $token = isLoggedIn() ? getToken() : '';
    // Fill all template fields.
    $data = array('previous_page_url' => $previous_page_url, 'next_page_url' => $next_page_url, 'page_current' => $page, 'page_max' => $pagecount, 'result_count' => count($linksToDisplay), 'search_term' => $searchterm, 'search_tags' => $searchtags, 'redirector' => empty($GLOBALS['redirector']) ? '' : $GLOBALS['redirector'], 'token' => $token, 'links' => $linkDisp, 'tags' => $LINKSDB->allTags());
    // FIXME! temporary fix - see #399.
    if (!empty($GLOBALS['pagetitle']) && count($linkDisp) == 1) {
        $data['pagetitle'] = $GLOBALS['pagetitle'];
    $pluginManager = PluginManager::getInstance();
    $pluginManager->executeHooks('render_linklist', $data, array('loggedin' => isLoggedIn()));
    foreach ($data as $key => $value) {
        $PAGE->assign($key, $value);
Пример #4
function install()
    // On free.fr host, make sure the /sessions directory exists, otherwise login will not work.
    if (endsWith($_SERVER['HTTP_HOST'], '.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'] . '/sessions')) {
        mkdir($_SERVER['DOCUMENT_ROOT'] . '/sessions', 0705);
    // This part makes sure sessions works correctly.
    // (Because on some hosts, session.save_path may not be set correctly,
    // or we may not have write access to it.)
    if (isset($_GET['test_session']) && (!isset($_SESSION) || !isset($_SESSION['session_tested']) || $_SESSION['session_tested'] != 'Working')) {
        // Step 2: Check if data in session is correct.
        echo '<pre>Sessions do not seem to work correctly on your server.<br>';
        echo 'Make sure the variable session.save_path is set correctly in your php config, and that you have write access to it.<br>';
        echo 'It currently points to ' . session_save_path() . '<br><br><a href="?">Click to try again.</a></pre>';
    if (!isset($_SESSION['session_tested'])) {
        // Step 1 : Try to store data in session and reload page.
        $_SESSION['session_tested'] = 'Working';
        // Try to set a variable in session.
        header('Location: ' . indexUrl() . '?test_session');
        // Redirect to check stored data.
    if (isset($_GET['test_session'])) {
        // Step 3: Sessions are ok. Remove test parameter from URL.
        header('Location: ' . indexUrl());
    if (!empty($_POST['setlogin']) && !empty($_POST['setpassword'])) {
        $tz = 'UTC';
        if (!empty($_POST['continent']) && !empty($_POST['city'])) {
            if (isTZvalid($_POST['continent'], $_POST['city'])) {
                $tz = $_POST['continent'] . '/' . $_POST['city'];
        $GLOBALS['timezone'] = $tz;
        // Everything is ok, let's create config file.
        $GLOBALS['login'] = $_POST['setlogin'];
        $GLOBALS['salt'] = sha1(uniqid('', true) . '_' . mt_rand());
        // Salt renders rainbow-tables attacks useless.
        $GLOBALS['hash'] = sha1($_POST['setpassword'] . $GLOBALS['login'] . $GLOBALS['salt']);
        $GLOBALS['title'] = empty($_POST['title']) ? 'Shared links on ' . htmlspecialchars(indexUrl()) : $_POST['title'];
        echo '<script language="JavaScript">alert("Shaarli is now configured. Please enter your login/password and start shaaring your links !");document.location=\'?do=login\';</script>';
    // Display config form:
    list($timezone_form, $timezone_js) = templateTZform();
    $timezone_html = '';
    if ($timezone_form != '') {
        $timezone_html = '<tr><td valign="top"><b>Timezone:</b></td><td>' . $timezone_form . '</td></tr>';
    $PAGE = new pageBuilder();
    $PAGE->assign('timezone_html', $timezone_html);
    $PAGE->assign('timezone_js', $timezone_js);