Outils pour utilisateurs

Outils du site


php:shaarli

Ceci est une ancienne révision du document !


You want to share the links you discover ? Shaarli is a minimalist delicious clone you can install on your own website. It is designed to be personal (single-user), fast and handy.

Features

  • Minimalist design (simple is beautiful)
  • FAST
  • Easy to use: Single button in your browser to bookmark a page
  • Save url, title, description (unlimited size)
  • Classify links with tags (with autocomplete)
  • Bookmarks can be public or private
  • Browse links by page
  • Filter by tags
  • Full text search
  • Tag cloud
  • Picture wall (which can be filtered by tag or text search)
  • Permalinks
  • Automatic thumbnails for various services (imgur, imageshack.us, flickr, youtube, vimeo, dailymotion…)
  • RSS and ATOM feeds (which can be filtered by tag or text search)
  • PubSubHubbub protocol support
  • No-brainer installation: Drop the files, use it.
  • No database required (data stored in a single file ; easy to backup)
  • Compact storage (1315 links stored in 150 kb)
  • Can import/export Netscape bookmarks (for import/export from/to Firefox, Opera, Chrome, Delicious…)
  • Automatic ban of IP address if too many failed logins
  • Protected against XSRF, session cookie hijacking… and of course SQL injection (since there's no SQL database)
  • FeedBurner/Google FeedProxy annoying parameters in URL (?utm_source…) are removed automatically
  • Shaarli is a bookmarking application, but you can use it for micro-blogging (like Twitter), a pastebin, an online notepad, etc.
  • You will be automatically notified by a discreet popup if a new version is available
  • Pages are customisable (using simple RainTPL templates)

Requires php 5.1

(Note that autocomplete will only work if you have php 5.2 and above.)

Screenshots

(Not the latest version)

Browsing:
Adding a link:
Tools:
Tag cloud:
Picture wall:

Online example

http://sebsauvage.net/links/

Note that the admin interface is not available.

Download

You can download Shaarli here: shaarli_0.0.32beta.zip

( Static URL, points always to the latest version : http://sebsauvage.net/files/shaarli.zip )

Licence

Shaarli is under the zlib/libpng OSI licence.

Installation

  1. Create a directory on your webserver
  2. Put the content of the zip file in this directory
  3. Access this URL in your browser
  4. Choose login, password, timezone and page title. Save. 1)

Done ! Now you can login and start sharing links.

Notes

  • On free.fr : Don't forget to create a directory 'sessions' at the root of your webspace. Then rename the file to .php5 or create a file .htaccess in the directory where Shaarli is located containing:
    php 1
    SetEnv PHP_VER 5

    Please note that free uses php 5.1 and thus you will not have autocomplete in tag editing.

  • On 1and1 : If you add the link from the page (and not from the bookmarklet), Shaarli will no be able to get the title of the page. You will have to enter it manually. (Because they have disabled the ability to download a file through HTTP).
  • Conclusion: Most php hosts are crap.

Usage

Adding the Shaarli button to your browser

  • Clic “Tools” in menu.
  • Drag the “Shaare link” button to your personal toolbar.

This bookmarklet button in compatible with Firefox, Opera, Chrome and Safari.

You are reading an interesting page you want to share ?

  • Clic the “Shaare link” button, then clic “Save”. That's all ! (Title is automatically filled. You can enter optional description and tags if you want).

You can also check the “Private” box so that the link is saved but only visible to you.

Tips

  • Use Shaarli as a personal twitter: Click “Add link” in the menu then press Enter: This will create an empty entry in Shaarli which points to itself. You can add title and your bable in description. Unlike twitter, you are not limited to 140 characters, and you are not mandated to use URL shortening services.

FAQ

Why did you create Shaarli ?

I was a StumblUpon user. Then I got fed up with they big toolbar. I switched to delicious, which was lighter, faster and more beautiful. Until Yahoo bought it. Then the export API broke all the time, delicious became slow and was ditched by Yahoo. I switched to Diigo, which is not bad, but does too much. And Diigo is sslllooooowww and their Firefox extension a bit buggy. And… oh… their Firefox addon sends to Diigo every single URL you visit (Don't believe me ? Use “Tamper Data” and open any page).

Enough is enough. Saving simple links should not be a complicated heavy thing. I ditched them all and wrote my own: Shaarli. It's simple, but it does the job and does it well. And my data is not hosted on a foreign server, but on my server.

What use Shaarli and not Delicious/Diigo ?

With Shaarli:

  • The data is yours: It's hosted on your server.
  • Never fear of having your data locked-in.
  • Never fear to have your data sold to third party.
  • Your private links are not hosted on a third party server.
  • You are not tracked by browser addons (like Diigo does)
  • You can change the look and feel of the pages if you want.
  • You can change the behaviour of the program.
  • It's magnitude faster than most bookmarking services.

Exporting from Diigo

If you export your bookmark from Diigo, make sure you use the Delicious export, not the Netscape export. (Their Netscape export is broken, and they don't seem to be interested in fixing it.)

How do I upgrade Shaarli ?

Grab the zip and unzip-it over the old files. You will not lose your links and you will not have to reconfigure it.

How do I backup my Shaarli database ?

You have two ways of backing up your database:

  • Backup the file data/datastore.php (by FTP or ssh). (Restore by putting the file back in place.)

or

  • Export your links (Menu “Tools” > “Export”). (Restore by using the “Import” feature.)

I have a problem

  • If you can't login or your session expires all the time, make sure you do not have browser addons which may interfer (ipfuck/ipflood/GreaseMonkey/changing proxies/others). Shaarli protects the theft of the session cookie, and if it is used from another IP address, Shaarli will immediately destroy the session and log you out (for security). This also happens if you use Opera with “Turbo” enabled.
  • Note that if you have other web applications on the same server, they may choose to force expire or destroy the session.
  • If you have the error “Parse error: syntax error, unexpected T_STRING, expecting '{' in /links/index.php on line xxx”, you are probably running php4. Shaarli required php 5.1. Try to rename the file with extension .php5
  • If you have the error Warning: file_get_contents() [function.file-get-contents]: URL file-access is disabled in the server configuration in /…/index.php on line xxx, it means that your host has disabled the ability to fetch a file by HTTP in the php config (Typically in 1and1 hosting). Bad host. Change host. Or comment the following lines:
                    //list($status,$headers,$data) = getHTTP($url,4); // Short timeout to keep the application responsive.
                    // FIXME: Decode charset according to charset specified in either 1) HTTP response headers or 2) <head> in html 
                    //if (strpos($status,'200 OK')) $title=html_extract_title($data);

Dates are not properly formatted

Shaarli tries to sniff the language of the browser (using HTTP_ACCEPT_LANGUAGE headers) and choose a date format accordingly. But Shaarli can only use the date formats (and more generaly speaking, the locales) provided by the webserver. So even if you have a browser in French, you may end up with dates in US format (it's the case on sebsauvage.net :-( )

I forgot my password !

Delete the file data/config.php and display the page again. You will be asked for a new login/password.

What does Shaarli mean ?

Shaarli is for shaaring your link.

Why not use a real database ? Files are slow !

Slow, really ? On my shared host with 7300 links, Shaarli renders the page in 0.11 seconds. And I have 11000 visitors/day.

The file is 1,14 Mb. It's read 99% of the time, and is probably already in the operation system disk cache. So generating a page involves no I/O at all most of the time.

Technical details

  • Login form is protected against brute force attacks: 4 failed logins will ban the IP address from login for 30 minutes. Banned IPs can still browse links.
  • The file data/log.txt shows all logins (successful or failed) and bans/lifted bans.
  • Application is protected against XSRF (Cross-site requests forgery): Forms which act on data (save,delete…) contain a token generated by the server. Any posted form which does not contain a valid token is rejected. Any token can only be used once. Token are attached to the session and cannot be reused in another session.
  • Sessions automatically expires after 60 minutes. Sessions are protected against highjacking: The sessionID cannot be used from a different IP address.
  • An .htaccess file protects the data file.
  • Link database is an associative array which is serialized, compressed (with deflate), base64-encoded and saved as a comment in a .php file. Thus even if the server does not support htaccess files, the data file will still not be readable by URL. The database looks like this:
    <?php /* zP1ZjxxJtiYIvvevEPJ2lDOaLrZv7o...
    ...ka7gaco/Z+TFXM2i7BlfMf8qxpaSSYfKlvqv/x8= */ ?>
  • Password is salted, hashed and stored in the data subdirectory, in a php file, and protected by htaccess. Even if the webserver does not support htaccess, the hash is not readable by URL. Even if the .php file is stolen, the password cannot deduced from the hash. The salt prevents rainbow-tables attacks.
  • Shaarli relies on HTTP_REFERER for some functions (like redirects and clicking on tags). If you have disabled or masqueraded HTTP_REFERER in your browser, some features of Shaarli may not work.
  • magic_quotes is a horrible option of php which is often activated on servers. No serious developer should rely on this horror to secure their code against SQL injections. You should disable it (and Shaarli expects this option to be disabled). Nevertheless, I have added code to cope with magic_quotes on, so you should not be bothered even on crappy hosts.
  • Small hashes are used to make a link to an entry in Shaarli. They are unique. In fact, the date of the items (eg.20110923_150523) is hashed with CRC32, then converted to base64 and some characters are replaced. They are always 6 characters longs and use only A-Z a-z 0-9 - _ and @.

In-source configuration

Some parameters can be configured by creating a .php file. Change at your own risks.

To change the configuration, create the file data/options.php, example:

options.php
<?php
$GLOBALS['config']['LINKS_PER_PAGE'] = 30;
$GLOBALS['config']['HIDE_TIMESTAMPS'] = true;
$GLOBALS['config']['ENABLE_THUMBNAILS'] = false;  
?>

The following parameters are available (parameters (default value)):

  • DATADIR ('data') : This is the name of the subdirectory where Shaarli stores is data file. You can change it for better security.
  • CONFIG_FILE ($GLOBALS['config']['DATADIR'].'/config.php') : Name of file which is used to store login/password.
  • DATASTORE ($GLOBALS['config']['DATADIR'].'/datastore.php') : Name of file which contains the link database.
  • LINKS_PER_PAGE (20) : Default number of links per page displayed.
  • IPBANS_FILENAME ($GLOBALS['config']['DATADIR'].'/ipbans.php') : Name of file which records login attempts and IP bans.
  • BAN_AFTER (4) : An IP address will be banned after this many failed login attempts.
  • BAN_DURATION (1800) : Duration of ban (in seconds). (1800 seconds = 30 minutes)
  • OPEN_SHAARLI (false) : If you set this option to true, anyone will be able to add/modify/delete/import/exports links without having to login.
  • HIDE_TIMESTAMPS (false) : If you set this option to true, the date/time of each link will not be displayed (including in RSS Feed).
  • ENABLE_THUMBNAILS (true) : Enable/disable thumbnails.
  • CACHEDIR ('cache') : Directory where the thumbnails are stored.
  • ENABLE_LOCALCACHE (true) : If you have a limited quota on your webspace, you can set this option to false: Shaarli will not generate thumbnails which need to be cached locally (vimeo, flickr, etc.). Thumbnails will still be visible for the services which do not use the local cache (youtube.com, imgur.com, dailymotion.com, imageshack.us)
  • UPDATECHECK_FILENAME ($GLOBALS['config']['DATADIR'].'/lastupdatecheck.txt') : name of the file used to store available shaarli version.
  • UPDATECHECK_INTERVAL (86400) : Delay between new Shaarli version check. 86400 seconds = 24 hours. Note that if you do not login for a week, Shaarli will not check for new version for a week.

Directory structure

Here is the directory structure of Shaarli and the purpose of the different files:

  • index.php : Main program
  • inc/ : Includes (libraries, CSS…)
    • shaarli.css : Shaarli stylesheet.
    • jquery.min.js : jQuery javascript library.
    • jquery-ui.custom.min.js : jQuery-UI javascript library.
    • rain.tpl.class.php : RainTPL templating library.
  • tpl/ : RainTPL templates for Shaarli. They are used to build the pages.
  • images/ : Images and icons used in Shaarli.
  • data/ : Directory where data is stored (bookmark database, configuration, logs, banlist…)
    • config.php : Shaarli configuration (login, password, timezone, title…)
    • datastore.php : Your link database (compressed).
    • ipband.php : IP address ban system data.
    • lastupdatecheck.txt : Update check timestamp file (used to check every 24 hours if a new version of Shaarli is available).
    • log.txt : login/IPban log.
  • cache/ : Directory containing the thumbnails cache. This directory is automatically created. You can erase it anytime you want.
  • tmp/ : Temporary directory for compiled RainTPL templates. This directory is automatically created. You can erase it anytime you want.

History

See the history of version in this page.

Ideas/Fixme

  • When importing Netscape bookmarks, also import TAGS and PRIVATE attributes (as exported by delicious). done
  • Trap and mask HTTP errors. done (0.0.9 beta)
  • Test import with various Netscape HTML exports (Firefox, Chrome, Opera, Safari, Delicious, Diigo, others…)
  • Test application with other browsers (tested under Firefox 6) done (Tested with Firefox 6, Opera, Chrome, Safari and IE. Bookmarklet works in all browsers, except IE.)
  • Create mobile stylesheet
  • Create print stylesheet/options done (0.0.25 beta)
  • Use ajax for dynamic combo in tags editing. done (0.0.12 beta)
  • Encrypt private links (this will protect private links even if the data file is stolen). Client-side javascript encryption (with sjcl) or server-side ?
  • Go multi-user (one data file per user ; when not logged in, you see all public links of all users).
  • Allow to change password (currently, you have to delete the file data/config.php) done (0.0.17 beta)
  • Better paging (show page numbers)
  • Remove annoying utm_source parameters added by FeedBurnder done
  • Add a tag cloud ? done (0.0.17 beta)
  • Other export/import options ? (CSV, RDF, single HTML file… ?)
  • Add option to export only public links. done (0.0.13 beta)
  • Add option to see only private/public links when logged on.
  • Push updates to client ? (auto-updating html page)
  • Implement config screens (title, number of links per page…) done (0.0.18 beta, but not for number of links per page)
  • Automatic backups (every week ?) (how ? Copy file under a name with date ? email ?)
  • Add error message when login/password is wrong. done
  • Add error message if user is requesting a page which does not exist.
  • Allow to show 20, 50 or 100 links per page. done
  • If already filtered by one or more tags, clicking another tag should add the tag to the filter, not replace it. done
  • At “x results for tags x y z”: clicking on a tags should remove it. done
  • Check version of php. done (0.0.9 beta)
  • Prepare source for translation.
  • Sniff browser locale/language ($_SERVER['HTTP_ACCEPT_LANGUAGE']):
    • automatically choose corresponding translation if available.
    • automatically format date. done (Note: some servers do not have locales like “fr_FR” installed… this includes mine :-/ )
  • Option to rename/delete a tag. done (0.0.17 beta)
  • Add an option to allow “open” Shaarli (anyone can post, edit and delete links without login). done (0.0.12 beta)
  • Fix some encoding problems in Title passed by the bookmarklet (decode HTML entities ?) done (0.0.10 beta)
  • Allow the RSS Feed to be filtered (searchtags=… and searchterm=…) so that users can receive only the items they are interested in. done (0.0.13 beta)
  • Allow to filter by text search and tags (currently: you can search by text or tags).
  • When importing a file, option to import all new links as private. done (0.0.13 beta)
  • Make it work on php 5.1 (for free.fr users) ; Add the htaccess trick in wiki. done (0.0.9 beta)
  • Show new links since last visit ? (maybe using a cookie which records the linkdate of the latest news ?)
  • Get rid of error message if the client has disabled HTTP_REFERER in his browser. done (0.0.9 beta)
  • get rid of the quotes problem on some websites. done (0.0.10 beta)
  • When intalling, make sure the config file was properly created. Display an error message if not. done (0.0.12 beta)
  • externalize CSS file (easier customization, smaller webpage size) done (0.0.15 beta)
  • On free.fr: automatically create the /sessions directory at webspace root (otherwise sessions will not work). done (0.0.15 beta)
  • After session_start(), make sure session really works (otherwise people will not be able to login after installation, which is confusing). postponed (not reliable on all servers)
  • Allow mass operations (on a group of bookmarks) (eg. add/remove a tag, delete, change private flag…)
  • Remove in URL #xtor=RSS-… (added by some feed proxies) done (0.0.15 beta)
  • In import, option to overwrite existing links. done (0.0.15 beta)
  • Check and display updates availability (check only once per day, and display notification only when user is logged in). done (0.0.16 beta)
  • Use version_compare() instead of regexp to compare php versions. done (0.0.16 beta)
  • Add hamming distance/Soundex in fulltext search.
  • Add Atom feed. done (0.0.19 beta)
  • Allow title customization. done (0.0.18 beta)
  • Remove multiple spaces in tags. done (0.0.18 beta)
  • New lines in description should also be present in RSS feed. done (0.0.18 beta)
  • For image links, show a thumbnail. done (0.0.20 beta)
  • Images and video embedding: Show a collapsed space the user can open to see the links video or image.
  • Add website icons ?
  • Provide RSS feed as application/rss+xml instead of application/xhtml+xml. ATOM should also be served as application/atom+xml. done (0.0.20 beta)
  • Allow the visitors to disable thumbnails.
  • Bug: Using the bookmarklet, you lose the title if you have to login. done (0.0.22 beta)
  • Allow long-lasting sessions. done (0.0.22 beta)
  • When editing tags, automatically convert comma (,) to space. done (0.0.23 beta)
  • When editing tags, autocomplete should not suggest tags which are already present. done (0.0.23 beta)
  • Integrate the patch from Emilien to allow to clic on the sentence “Stay signed” to tick the checkbox. done (0.0.23 beta)
  • Detect URLs in descriptions and automatically display as clickable link. done (0.0.24 beta)
  • As per request, add the ability to enter an entry without an URL (Just leave the URL blank) (Basically, transforms Shaarli in a kind a personal Twitter). If an entry is posted without an URL, it should point to itself. done (0.0.24 beta)
  • On each entry, add an URL to the entry itself (so that individual entries in a Shaarli can have an URL). done (0.0.24 beta)
  • For imgur thumbnails: Add the thumbnail if the link point to the gallery. done (0.0.24 beta)
  • If the link points to a .jpg/jpeg/png/gif, call genthumbnail which will try to download the image on server side and make a thumbnail (and cache it). done (0.0.24 beta)
  • Add option to disable thumbnails which require a copy in local cache (for those who have a limited web space). done (0.0.25 beta)
  • Allow the use of redirection services ( such as http://anonym.to/ ) to mask the HTTP_REFERER. done (0.0.25 beta)
  • In descriptions, when converting URLs to clickable links, remove the protocol (http:…) canceled.
  • In “Open Shaarli” mode, add an option to block edit/delete (except for admin).
  • When showing a shortlink, the title of the page should be the title of the link. done (0.0.25 beta)
  • Support line feeds in titles (thanks to dixy) done (0.0.25 beta)
  • Limit the height of images (using CSS ?) (thanks to Accent Grave) done (0.0.25 beta)
  • Try to move “In-source configuration” items outside of the source done (0.0.25 beta)
  • In YouTube thumbnails, use the default.jpg instead of 2.jpg. done (0.0.25 beta)
  • Picture wall: Show a wall of all links which have thumbnails (separate for images/videos ?) done (0.0.27 beta)
  • Make shortlink more visible by showing a small “Permalink” next to entry date. done (0.0.26 beta)
  • Remove space added after link when converting text to clickable links in description. done (0.0.26 beta)
  • Correct Viemo thumbnails: thumbnails should only be fetched if url is vimeo.com/number done (0.0.28 beta)
  • Add paging to picwall ?
  • Filter links by date (between two dates ?)
  • Add thumbnails for Steam links. posteponed.
  • Add YouTube thumbnails for youtu.be done (0.0.28 beta)
  • Add support for url rewriting htaccess rules for nicer link (eg. /tag/minecraft or /search/portal)
  • Correct imgur.com/a links (thumbnails should not be displayed for albums). done (0.0.28 beta)
  • URL should be clickable in RSS/ATOM feeds (as they are in web page). done (0.0.28 beta)
  • Add Pubsubhubbub support (cf. http://aldarone.fr/les-flux-rss-shaarli-et-pubsubhubbub/ ) done (0.0.28 beta), but untested.
  • Add automatic description by reading meta headers (patch by Yohann Nizon)
  • In picture wall, clicking on an image should redirect to Shaarli permalink, not the link itself (so that users can see the description). done (0.0.28 beta)
  • Investigate import problem with Delicious exports (maybe caused by the new version of delicious). done. No bug. Delicious exports lots of links in double. Shaarli automaticaly removes doubles. See: http://sebsauvage.net/files/20111118compare.png
  • Test import with sub-folders. It works. All links are imported, even if they are in subfolders.
  • Investigate title extraction problems (maitre eolas, url added through the “Add link” menu). done (0.0.28 beta)
  • Bug to correct: The fulltext search engine does not find the first word of descriptions. done (0.0.28 beta)
  • Add a “delete” button on each link in the main list (with javascript confirmation). done (0.0.30 beta)
  • Correct the bug when re-importing Shaarli exports (the HTML comment is inserted in the description of the first link in the database). cannot be reproduced.
  • In popup mode, the full menu should not be displayed. done (0.0.31 beta)
  • The logo should be clickable and redirect to first page. done (0.0.31 beta)
  • Integrate latest idleman patchs. done, patch partially included (0.0.31 beta)
  • Integrate latest E.Klein patchs (ted.com, better error handling in thumbnails). done (0.0.31 beta)
  • Integrate Jerrywham CSS patch done (0.0.32 beta)
  • Respect multiple consecutive spaces in description (this would allow Shaarli to be used as a pastebin). done (0.0.32 beta)
  • Support Firefox json export (because Firefox HTML export does not export tags (!)).
  • In login screen, change taborder so that the checkbox has focus after the password field. done (0.0.32 beta)
  • Improve permalink URL handling to handle parameters added by Feedproxy (eg. this link). done (0.0.32 beta)
  • When editing a link, add a button “Save as new” which would change the date of the link, effectively posting it as a new link (This can be helpful when you want to push an update on an existing link).
  • In config, add an option to make the Shaarli private: The Shaarli will not show any link, except if you are logged in.
  • Add a cache for RSS/ATOM links (This would reduce the load on the server, and this would allow for some “forgivness” if you make a mistake in the link you just added.)
  • Think about adding auto-twitt of links (see this)
  • Make Shaarli HTML/CSS code W3C compliant (apply idleman patch)
  • Add an icon to display the QRCode of the URL (Should the QRCode point to the permalink or the final link ?)
  • Allow configuration of QRCode generation URL in config screens.
  • Correct ATOM feed so that it validates again m(
  • Improve upgrade documentation (you should just keep /data and delete everything else)
1)
Under php 5.1, you will not have the Timezone selection dropdown.
php/shaarli.1326183877.txt.gz · Dernière modification: 2014/07/12 11:26 (modification externe)