From f37664a2b87668580577f3262f8e57c1ea8ad8a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20SAUVAGE?= Date: Thu, 28 Feb 2013 10:37:43 +0100 Subject: [PATCH] Check that sessions work before installation. This is necessary because some hosts do not have a properly set session.save_path parameter in php config, or do not have write access to the directory. --- index.php | 39 ++++++++++++++++++++++++++++++++------- 1 file changed, 32 insertions(+), 7 deletions(-) diff --git a/index.php b/index.php index 0bdb6d83..d66da41e 100644 --- a/index.php +++ b/index.php @@ -37,6 +37,14 @@ $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; session_set_cookie_params($cookie['lifetime'],$cookiedir); // Set default cookie expiration and path. +// Set session parameters on server side. +define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired. +ini_set('session.use_cookies', 1); // Use cookies to store session. +ini_set('session.use_only_cookies', 1); // Force cookies for session (phpsessionID forbidden in URL) +ini_set('session.use_trans_sid', false); // Prevent php to use sessionID in URL if cookies are disabled. +session_name('shaarli'); +if (session_id() == '') session_start(); // Start session if needed (Some server auto-start sessions). + // PHP Settings ini_set('max_input_time','60'); // High execution time in case of problematic imports/exports. ini_set('memory_limit', '128M'); // Try to set max upload file size and read (May not work on some hosts). @@ -89,7 +97,6 @@ function stripslashes_deep($value) { $value = is_array($value) ? array_map('stri if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get(); if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false; - autoLocale(); // Sniff browser language and set date format accordingly. header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling. @@ -265,12 +272,6 @@ function pubsubhub() // ------------------------------------------------------------------------------------------ // Session management -define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired. -ini_set('session.use_cookies', 1); // Use cookies to store session. -ini_set('session.use_only_cookies', 1); // Force cookies for session (phpsessionID forbidden in URL) -ini_set('session.use_trans_sid', false); // Prevent php to use sessionID in URL if cookies are disabled. -session_name('shaarli'); -session_start(); // Returns the IP address of the client (Used to prevent session cookie hijacking.) function allIPs() @@ -303,6 +304,8 @@ function check_auth($login,$password) function isLoggedIn() { if ($GLOBALS['config']['OPEN_SHAARLI']) return true; + + if (!isset($GLOBALS['login'])) return false; // Shaarli is not configured yet. // If session does not exist on server side, or IP address has changed, or session has expired, logout. if (empty($_SESSION['uid']) || ($GLOBALS['disablesessionprotection']==false && $_SESSION['ip']!=allIPs()) || time()>=$_SESSION['expires_on']) @@ -1971,6 +1974,28 @@ function install() // On free.fr host, make sure the /sessions directory exists, otherwise login will not work. if (endsWith($_SERVER['SERVER_NAME'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705); + + // This part makes sure sessions works correctly. + // (Because on some hosts, session.save_path may not be set correctly, + // or we may not have write access to it.) + if (isset($_GET['test_session']) && ( !isset($_SESSION) || !isset($_SESSION['session_tested']) || $_SESSION['session_tested']!='Working')) + { // Step 2: Check if data in session is correct. + echo '
Sessions do not seem to work correctly on your server.
'; + echo 'Make sure the variable session.save_path is set correctly in your php config, and that you have write access to it.
'; + echo 'It currently points to '.session_save_path().'

Click to try again.
'; + die; + } + if (!isset($_SESSION['session_tested'])) + { // Step 1 : Try to store data in session and reload page. + $_SESSION['session_tested'] = 'Working'; // Try to set a variable in session. + header('Location: '.indexUrl().'?test_session'); // Redirect to check stored data. + } + if (isset($_GET['test_session'])) + { // Step 3: Sessions are ok. Remove test parameter from URL. + header('Location: '.indexUrl()); + } + + if (!empty($_POST['setlogin']) && !empty($_POST['setpassword'])) { $tz = 'UTC';