Merge pull request #86 from pikzen/fix-cookies
Prevent shaarli from sending thousands of cookies.
This commit is contained in:
commit
4891e2f77a
1 changed files with 57 additions and 22 deletions
79
index.php
79
index.php
|
@ -113,6 +113,53 @@ function stripslashes_deep($value) { $value = is_array($value) ? array_map('stri
|
||||||
autoLocale(); // Sniff browser language and set date format accordingly.
|
autoLocale(); // Sniff browser language and set date format accordingly.
|
||||||
header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling.
|
header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling.
|
||||||
|
|
||||||
|
//==================================================================================================
|
||||||
|
// Checking session state (i.e. is the user still logged in)
|
||||||
|
//==================================================================================================
|
||||||
|
|
||||||
|
function setup_login_state() {
|
||||||
|
$userIsLoggedIn = false; // By default, we do not consider the user as logged in;
|
||||||
|
$loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met.
|
||||||
|
if ($GLOBALS['config']['OPEN_SHAARLI']) {
|
||||||
|
$userIsLoggedIn = true;
|
||||||
|
}
|
||||||
|
if (!isset($GLOBALS['login'])) {
|
||||||
|
$userIsLoggedIn = false; // Shaarli is not configured yet.
|
||||||
|
$loginFailure = true;
|
||||||
|
}
|
||||||
|
if (isset($_COOKIE['shaarli_staySignedIn']) &&
|
||||||
|
$_COOKIE['shaarli_staySignedIn']===STAY_SIGNED_IN_TOKEN &&
|
||||||
|
!$loginFailure)
|
||||||
|
{
|
||||||
|
fillSessionInfo();
|
||||||
|
$userIsLoggedIn = true;
|
||||||
|
}
|
||||||
|
// If session does not exist on server side, or IP address has changed, or session has expired, logout.
|
||||||
|
if (empty($_SESSION['uid']) ||
|
||||||
|
($GLOBALS['disablesessionprotection']==false && $_SESSION['ip']!=allIPs()) ||
|
||||||
|
time() >= $_SESSION['expires_on'])
|
||||||
|
{
|
||||||
|
logout();
|
||||||
|
$userIsLoggedIn = false;
|
||||||
|
$loginFailure = true;
|
||||||
|
}
|
||||||
|
if (!empty($_SESSION['longlastingsession'])) {
|
||||||
|
$_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // In case of "Stay signed in" checked.
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Standard session expiration date.
|
||||||
|
}
|
||||||
|
if (!$loginFailure) {
|
||||||
|
$userIsLoggedIn = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return $userIsLoggedIn;
|
||||||
|
}
|
||||||
|
//==================================================================================================
|
||||||
|
$userIsLoggedIn = setup_login_state();
|
||||||
|
//==================================================================================================
|
||||||
|
//==================================================================================================
|
||||||
|
|
||||||
// Check PHP version
|
// Check PHP version
|
||||||
function checkphpversion()
|
function checkphpversion()
|
||||||
{
|
{
|
||||||
|
@ -316,30 +363,19 @@ function check_auth($login,$password)
|
||||||
// Returns true if the user is logged in.
|
// Returns true if the user is logged in.
|
||||||
function isLoggedIn()
|
function isLoggedIn()
|
||||||
{
|
{
|
||||||
if ($GLOBALS['config']['OPEN_SHAARLI']) return true;
|
global $userIsLoggedIn;
|
||||||
|
return $userIsLoggedIn;
|
||||||
if (!isset($GLOBALS['login'])) return false; // Shaarli is not configured yet.
|
|
||||||
|
|
||||||
if (@$_COOKIE['shaarli_staySignedIn']===STAY_SIGNED_IN_TOKEN)
|
|
||||||
{
|
|
||||||
fillSessionInfo();
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
// If session does not exist on server side, or IP address has changed, or session has expired, logout.
|
|
||||||
if (empty($_SESSION['uid']) || ($GLOBALS['disablesessionprotection']==false && $_SESSION['ip']!=allIPs()) || time()>=$_SESSION['expires_on'])
|
|
||||||
{
|
|
||||||
logout();
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
if (!empty($_SESSION['longlastingsession'])) $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // In case of "Stay signed in" checked.
|
|
||||||
else $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Standard session expiration date.
|
|
||||||
|
|
||||||
return true;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Force logout.
|
// Force logout.
|
||||||
function logout() { if (isset($_SESSION)) { unset($_SESSION['uid']); unset($_SESSION['ip']); unset($_SESSION['username']); unset($_SESSION['privateonly']); }
|
function logout() {
|
||||||
setcookie('shaarli_staySignedIn', FALSE, 0, WEB_PATH);
|
if (isset($_SESSION)) {
|
||||||
|
unset($_SESSION['uid']);
|
||||||
|
unset($_SESSION['ip']);
|
||||||
|
unset($_SESSION['username']);
|
||||||
|
unset($_SESSION['privateonly']);
|
||||||
|
}
|
||||||
|
setcookie('shaarli_staySignedIn', FALSE, 0, WEB_PATH);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -2074,7 +2110,6 @@ function thumbnail($url,$href=false)
|
||||||
return $html;
|
return $html;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// Returns the HTML code to display a thumbnail for a link
|
// Returns the HTML code to display a thumbnail for a link
|
||||||
// for the picture wall (using lazy image loading)
|
// for the picture wall (using lazy image loading)
|
||||||
// Understands various services (youtube.com...)
|
// Understands various services (youtube.com...)
|
||||||
|
|
Loading…
Reference in a new issue