Merge branch 'master' into via
This commit is contained in:
commit
289ce8f457
1 changed files with 21 additions and 5 deletions
26
index.php
26
index.php
|
@ -37,6 +37,8 @@
|
||||||
define('shaarli_version','0.0.41 beta');
|
define('shaarli_version','0.0.41 beta');
|
||||||
define('PHPPREFIX','<?php /* '); // Prefix to encapsulate data in php code.
|
define('PHPPREFIX','<?php /* '); // Prefix to encapsulate data in php code.
|
||||||
define('PHPSUFFIX',' */ ?>'); // Suffix to encapsulate data in php code.
|
define('PHPSUFFIX',' */ ?>'); // Suffix to encapsulate data in php code.
|
||||||
|
// http://server.com/x/shaarli --> /shaarli/
|
||||||
|
define('WEB_PATH', substr($_SERVER["REQUEST_URI"], 0, 1+strrpos($_SERVER["REQUEST_URI"], '/', 0)));
|
||||||
|
|
||||||
// Force cookie path (but do not change lifetime)
|
// Force cookie path (but do not change lifetime)
|
||||||
$cookie=session_get_cookie_params();
|
$cookie=session_get_cookie_params();
|
||||||
|
@ -110,6 +112,8 @@ function stripslashes_deep($value) { $value = is_array($value) ? array_map('stri
|
||||||
|
|
||||||
require $GLOBALS['config']['CONFIG_FILE']; // Read login/password hash into $GLOBALS.
|
require $GLOBALS['config']['CONFIG_FILE']; // Read login/password hash into $GLOBALS.
|
||||||
|
|
||||||
|
// a token depending of deployment salt, user password, and the current ip
|
||||||
|
define('STAY_SIGNED_IN_TOKEN', sha1($GLOBALS['hash'].$_SERVER["REMOTE_ADDR"].$GLOBALS['salt']));
|
||||||
|
|
||||||
autoLocale(); // Sniff browser language and set date format accordingly.
|
autoLocale(); // Sniff browser language and set date format accordingly.
|
||||||
header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling.
|
header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling.
|
||||||
|
@ -294,16 +298,20 @@ function allIPs()
|
||||||
return $ip;
|
return $ip;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function fillSessionInfo() {
|
||||||
|
$_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand()); // generate unique random number (different than phpsessionid)
|
||||||
|
$_SESSION['ip']=allIPs(); // We store IP address(es) of the client to make sure session is not hijacked.
|
||||||
|
$_SESSION['username']=$GLOBALS['login'];
|
||||||
|
$_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Set session expiration.
|
||||||
|
}
|
||||||
|
|
||||||
// Check that user/password is correct.
|
// Check that user/password is correct.
|
||||||
function check_auth($login,$password)
|
function check_auth($login,$password)
|
||||||
{
|
{
|
||||||
$hash = sha1($password.$login.$GLOBALS['salt']);
|
$hash = sha1($password.$login.$GLOBALS['salt']);
|
||||||
if ($login==$GLOBALS['login'] && $hash==$GLOBALS['hash'])
|
if ($login==$GLOBALS['login'] && $hash==$GLOBALS['hash'])
|
||||||
{ // Login/password is correct.
|
{ // Login/password is correct.
|
||||||
$_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand()); // generate unique random number (different than phpsessionid)
|
fillSessionInfo();
|
||||||
$_SESSION['ip']=allIPs(); // We store IP address(es) of the client to make sure session is not hijacked.
|
|
||||||
$_SESSION['username']=$login;
|
|
||||||
$_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Set session expiration.
|
|
||||||
logm('Login successful');
|
logm('Login successful');
|
||||||
return True;
|
return True;
|
||||||
}
|
}
|
||||||
|
@ -318,6 +326,11 @@ function isLoggedIn()
|
||||||
|
|
||||||
if (!isset($GLOBALS['login'])) return false; // Shaarli is not configured yet.
|
if (!isset($GLOBALS['login'])) return false; // Shaarli is not configured yet.
|
||||||
|
|
||||||
|
if (@$_COOKIE['shaarli_staySignedIn']===STAY_SIGNED_IN_TOKEN)
|
||||||
|
{
|
||||||
|
fillSessionInfo();
|
||||||
|
return true;
|
||||||
|
}
|
||||||
// If session does not exist on server side, or IP address has changed, or session has expired, logout.
|
// If session does not exist on server side, or IP address has changed, or session has expired, logout.
|
||||||
if (empty($_SESSION['uid']) || ($GLOBALS['disablesessionprotection']==false && $_SESSION['ip']!=allIPs()) || time()>=$_SESSION['expires_on'])
|
if (empty($_SESSION['uid']) || ($GLOBALS['disablesessionprotection']==false && $_SESSION['ip']!=allIPs()) || time()>=$_SESSION['expires_on'])
|
||||||
{
|
{
|
||||||
|
@ -331,7 +344,9 @@ function isLoggedIn()
|
||||||
}
|
}
|
||||||
|
|
||||||
// Force logout.
|
// Force logout.
|
||||||
function logout() { if (isset($_SESSION)) { unset($_SESSION['uid']); unset($_SESSION['ip']); unset($_SESSION['username']); unset($_SESSION['privateonly']); } }
|
function logout() { if (isset($_SESSION)) { unset($_SESSION['uid']); unset($_SESSION['ip']); unset($_SESSION['username']); unset($_SESSION['privateonly']); }
|
||||||
|
setcookie('shaarli_staySignedIn', FALSE, 0, WEB_PATH);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
// ------------------------------------------------------------------------------------------
|
// ------------------------------------------------------------------------------------------
|
||||||
|
@ -393,6 +408,7 @@ function ban_canLogin()
|
||||||
// If user wants to keep the session cookie even after the browser closes:
|
// If user wants to keep the session cookie even after the browser closes:
|
||||||
if (!empty($_POST['longlastingsession']))
|
if (!empty($_POST['longlastingsession']))
|
||||||
{
|
{
|
||||||
|
setcookie('shaarli_staySignedIn', STAY_SIGNED_IN_TOKEN, time()+31536000, WEB_PATH);
|
||||||
$_SESSION['longlastingsession']=31536000; // (31536000 seconds = 1 year)
|
$_SESSION['longlastingsession']=31536000; // (31536000 seconds = 1 year)
|
||||||
$_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // Set session expiration on server-side.
|
$_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // Set session expiration on server-side.
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue