Outils pour utilisateurs

Outils du site


You want to share the links you discover ? Shaarli is a minimalist delicious clone you can install on your own website. It is designed to be personal (single-user), fast and handy.


  • Minimalist design (simple is beautiful)
  • FAST
  • Dead-simple installation: Drop the files, open the page. No database required.
  • Easy to use: Single button in your browser to bookmark a page (There is also an application for Android (Thanks to Manatlan))
  • Save url, title, description (unlimited size). Classify links with tags (with autocomplete)
  • Tag renaming, merging and deletion.
  • Automatic thumbnails for various services (imgur, imageshack.us, flickr, youtube, vimeo, dailymotion…)
  • Automatic conversion of URLs to clickable links in descriptions. Support for http/ftp/file/apt/magnet protocols.
  • Save links as public or private
  • 1-clic access to your private links/notes
  • Browse links by page, filter by tag or use the full text search engine
  • Permalinks (with QR-Code) for easy reference
  • RSS and ATOM feeds (which can be filtered by tag or text search)
  • Tag cloud
  • Picture wall (which can be filtered by tag or text search)
  • “Links of the day” Newspaper-like digest, browsable by day.
  • “Daily” RSS feed: Get each day a digest of all new links.
  • PubSubHubbub protocol support
  • Easy backup (Data stored in a single file)
  • Compact storage (1315 links stored in 150 kb)
  • Mobile browsers support
  • Also works with javascript disabled
  • Can import/export Netscape bookmarks (for import/export from/to Firefox, Opera, Chrome, Delicious…)
  • Brute force protected login form
  • Protected against XSRF, session cookie hijacking.
  • Automatic removal of annoying FeedBurner/Google FeedProxy parameters in URL (?utm_source…)
  • Shaarli is a bookmarking application, but you can use it for micro-blogging (like Twitter), a pastebin, an online notepad, a snippet repository, etc.
  • You will be automatically notified by a discreet popup if a new version is available
  • Pages are easy to customize (using CSS and simple RainTPL templates)

Requires php 5.1


QR-Code on a permalink:
"Shaarli Daily" (links of the day):
Tag cloud:
Picture wall:
Adding a link:
Tools (configure,import/export,tag rename…):

Online example

My own instance: https://sebsauvage.net/links/

(Note that the admin interface is not available.)


Note: I do not have enough time to maintain this project right now. You will find a more up-to-date fork of this project at https://github.com/shaarli/Shaarli. Please use this fork for requests/bug/latest updates…


Shaarli is under the zlib/libpng OSI licence.


  • Developer & maintainer: sebsauvage
  • Shaarli visual design & logo : idleman
  • Shaarli logo typeface: "Comic Andy" used with the kind permission of Andrew Polhill.
  • Thanks to the many many people who contributed patches.


  1. Create a directory on your webserver
  2. Put the content of the zip file in this directory
  3. Access this URL in your browser
  4. Choose login, password, timezone and page title. Save. 1)

Done ! Now you can login and start sharing links.


  • On free.fr : Don't forget to create a directory 'sessions' at the root of your webspace. Then rename the file to .php5 or create a file .htaccess in the directory where Shaarli is located containing:
    php 1
    SetEnv PHP_VER 5

    Please note that free uses php 5.1 and thus you will not have autocomplete in tag editing.

  • If you have an error such as:
    Parse error: syntax error, unexpected '=', expecting '(' in /links/index.php on line 54

    is means that your host is using php4, not php5.

  • On 1and1 : If you add the link from the page (and not from the bookmarklet), Shaarli will no be able to get the title of the page. You will have to enter it manually. (Because they have disabled the ability to download a file through HTTP).
  • On hosts which forbid outgoing HTTP requests (such as free.fr), some thumbnails will not work.
  • Conclusion: Most php hosts are crap.


Adding the Shaarli button to your browser

  • Clic "Tools" in menu.
  • Drag the "Shaare link" button to your personal toolbar.

This bookmarklet button in compatible with Firefox, Opera, Chrome and Safari. Under Opera, you can't drag'n drop the button: You have to right-click on it and add a bookmark to your personal toolbar.

You are reading an interesting page you want to share ?

  • Clic the "Shaare link" button, then clic "Save". That's all ! (Title is automatically filled. You can enter optional description and tags if you want).

You can also check the "Private" box so that the link is saved but only visible to you.


  • Use Shaarli as a personal twitter: Click "Add link" in the menu then press Enter: This will create an empty entry in Shaarli which points to itself. You can add title and your bable in description. Unlike twitter, you are not limited to 140 characters, and you are not mandated to use URL shortening services.
  • Use Shaarli as a private pastebin/notepad: Click "Add link", press Enter and check "Private". You can then paste your text in the description and save. You can use the fulltext search engine to find a note, and edit it later.


Why did you create Shaarli ?

I was a StumblUpon user. Then I got fed up with they big toolbar. I switched to delicious, which was lighter, faster and more beautiful. Until Yahoo bought it. Then the export API broke all the time, delicious became slow and was ditched by Yahoo. I switched to Diigo, which is not bad, but does too much. And Diigo is sslllooooowww and their Firefox extension a bit buggy. And… oh… their Firefox addon sends to Diigo every single URL you visit (Don't believe me ? Use "Tamper Data" and open any page).

Enough is enough. Saving simple links should not be a complicated heavy thing. I ditched them all and wrote my own: Shaarli. It's simple, but it does the job and does it well. And my data is not hosted on a foreign server, but on my server.

What use Shaarli and not Delicious/Diigo ?

With Shaarli:

  • The data is yours: It's hosted on your server.
  • Never fear of having your data locked-in.
  • Never fear to have your data sold to third party.
  • Your private links are not hosted on a third party server.
  • You are not tracked by browser addons (like Diigo does)
  • You can change the look and feel of the pages if you want.
  • You can change the behaviour of the program.
  • It's magnitude faster than most bookmarking services.

Exporting from Diigo

If you export your bookmark from Diigo, make sure you use the Delicious export, not the Netscape export. (Their Netscape export is broken, and they don't seem to be interested in fixing it.)

How do I upgrade Shaarli ?

Delete all files and directories except the data directory, then unzip the new version of Shaarli.

You will not lose your links and you will not have to reconfigure it.

How do I backup my Shaarli database ?

You have two ways of backing up your database:

  • Backup the file data/datastore.php (by FTP or ssh). (Restore by putting the file back in place.)


  • Export your links (Menu "Tools" > "Export"). (Restore by using the "Import" feature.)

My session expires ! I can't stay logged in

This can be caused by several things:

  • Your php installation may not have a proper directory setup for session files. (eg. on Free.fr you need to create a "session" directory on the root of your website.) You may need to create the session directory of set it up.
  • Most hosts regularly clean the temporary and session directories. Your host may be cleaning those directories too aggressively (eg.OVH hosts), forcing an expire of the session. You may want to set the session directory in your web root. (eg. Create the sessions subdirectory and add ini_set('session.save_path', $_SERVER['DOCUMENT_ROOT'].'/../sessions');. Make sure this directory is not browsable !)
  • If you IP address changes during surfing, Shaarli will force expire your session for security reasons (to prevent session cookie hijacking). This can happen when surfing from WiFi or 3G (you may have switched WiFi/3G access point), or in some corporate/university proxies which use load balancing (and may have proxies with several external IP addresses).
  • Some browser addons may interfer with HTTP headers (ipfuck/ipflood/GreaseMonkey…). Try disabling those.
  • You may be using OperaTurbo or OperaMini, which use their own proxies which may change from time to time.
  • If you have another application on the same webserver where Shaarli is installed, these application may forcefully expire php sessions.

If you want to disable the session cookie hijacking protection, change the following line:

    if (empty($_SESSION['uid']) || $_SESSION['ip']!=allIPs() || time()>=$_SESSION['expires_on'])


    if (empty($_SESSION['uid']) || time()>=$_SESSION['expires_on'])

I have a problem

  • If you have the error "Parse error: syntax error, unexpected T_STRING, expecting '{' in /links/index.php on line xxx", you are probably running php4. Shaarli required php 5.1. Try to rename the file with extension .php5
  • If you have the error Warning: file_get_contents() [function.file-get-contents]: URL file-access is disabled in the server configuration in /…/index.php on line xxx, it means that your host has disabled the ability to fetch a file by HTTP in the php config (Typically in 1and1 hosting). Bad host. Change host. Or comment the following lines:
                    //list($status,$headers,$data) = getHTTP($url,4); // Short timeout to keep the application responsive.
                    // FIXME: Decode charset according to charset specified in either 1) HTTP response headers or 2) <head> in html 
                    //if (strpos($status,'200 OK')) $title=html_extract_title($data);

Dates are not properly formatted

Shaarli tries to sniff the language of the browser (using HTTP_ACCEPT_LANGUAGE headers) and choose a date format accordingly. But Shaarli can only use the date formats (and more generaly speaking, the locales) provided by the webserver. So even if you have a browser in French, you may end up with dates in US format (it's the case on sebsauvage.net :-( )

I forgot my password !

Delete the file data/config.php and display the page again. You will be asked for a new login/password.

What does Shaarli mean ?

Shaarli is for shaaring your link.

Why not use a real database ? Files are slow !

Do browsing this page feel slow ? Try browsing older pages, too.

It's not slow at all, is it ? And don't forget the database contains more than 16000 links, and it's on a shared host, with 32000 visitors/day for my website alone. And it's still damn fast. Why ?

The data file is only 3.7 Mb. It's read 99% of the time, and is probably already in the operation system disk cache. So generating a page involves no I/O at all most of the time.

Technical details

  • Login form is protected against brute force attacks: 4 failed logins will ban the IP address from login for 30 minutes. Banned IPs can still browse links.
  • The file data/log.txt shows all logins (successful or failed) and bans/lifted bans.
  • Application is protected against XSRF (Cross-site requests forgery): Forms which act on data (save,delete…) contain a token generated by the server. Any posted form which does not contain a valid token is rejected. Any token can only be used once. Token are attached to the session and cannot be reused in another session.
  • Sessions automatically expires after 60 minutes. Sessions are protected against highjacking: The sessionID cannot be used from a different IP address.
  • An .htaccess file protects the data file.
  • Link database is an associative array which is serialized, compressed (with deflate), base64-encoded and saved as a comment in a .php file. Thus even if the server does not support htaccess files, the data file will still not be readable by URL. The database looks like this:
    <?php /* zP1ZjxxJtiYIvvevEPJ2lDOaLrZv7o...
    ...ka7gaco/Z+TFXM2i7BlfMf8qxpaSSYfKlvqv/x8= */ ?>
  • Password is salted, hashed and stored in the data subdirectory, in a php file, and protected by htaccess. Even if the webserver does not support htaccess, the hash is not readable by URL. Even if the .php file is stolen, the password cannot deduced from the hash. The salt prevents rainbow-tables attacks.
  • Shaarli relies on HTTP_REFERER for some functions (like redirects and clicking on tags). If you have disabled or masqueraded HTTP_REFERER in your browser, some features of Shaarli may not work.
  • magic_quotes is a horrible option of php which is often activated on servers. No serious developer should rely on this horror to secure their code against SQL injections. You should disable it (and Shaarli expects this option to be disabled). Nevertheless, I have added code to cope with magic_quotes on, so you should not be bothered even on crappy hosts.
  • Small hashes are used to make a link to an entry in Shaarli. They are unique. In fact, the date of the items (eg.20110923_150523) is hashed with CRC32, then converted to base64 and some characters are replaced. They are always 6 characters longs and use only A-Z a-z 0-9 - _ and @.

In-source configuration

Some parameters can be configured by creating a .php file. Change at your own risks.

To change the configuration, create the file data/options.php, example:

$GLOBALS['config']['LINKS_PER_PAGE'] = 30;
$GLOBALS['config']['HIDE_TIMESTAMPS'] = true;
$GLOBALS['config']['ENABLE_THUMBNAILS'] = false;  

The following parameters are available (parameters (default value)):

  • DATADIR ('data') : This is the name of the subdirectory where Shaarli stores is data file. You can change it for better security.
  • CONFIG_FILE ($GLOBALS['config']['DATADIR'].'/config.php') : Name of file which is used to store login/password.
  • DATASTORE ($GLOBALS['config']['DATADIR'].'/datastore.php') : Name of file which contains the link database.
  • LINKS_PER_PAGE (20) : Default number of links per page displayed.
  • IPBANS_FILENAME ($GLOBALS['config']['DATADIR'].'/ipbans.php') : Name of file which records login attempts and IP bans.
  • BAN_AFTER (4) : An IP address will be banned after this many failed login attempts.
  • BAN_DURATION (1800) : Duration of ban (in seconds). (1800 seconds = 30 minutes)
  • OPEN_SHAARLI (false) : If you set this option to true, anyone will be able to add/modify/delete/import/exports links without having to login.
  • HIDE_TIMESTAMPS (false) : If you set this option to true, the date/time of each link will not be displayed (including in RSS Feed).
  • ENABLE_THUMBNAILS (true) : Enable/disable thumbnails.
  • CACHEDIR ('cache') : Directory where the thumbnails are stored.
  • ENABLE_LOCALCACHE (true) : If you have a limited quota on your webspace, you can set this option to false: Shaarli will not generate thumbnails which need to be cached locally (vimeo, flickr, etc.). Thumbnails will still be visible for the services which do not use the local cache (youtube.com, imgur.com, dailymotion.com, imageshack.us)
  • UPDATECHECK_FILENAME ($GLOBALS['config']['DATADIR'].'/lastupdatecheck.txt') : name of the file used to store available shaarli version.
  • UPDATECHECK_INTERVAL (86400) : Delay between new Shaarli version check. 86400 seconds = 24 hours. Note that if you do not login for a week, Shaarli will not check for new version for a week.

Directory structure

Here is the directory structure of Shaarli and the purpose of the different files:

  • index.php : Main program.
  • COPYING : Shaarli license.
  • inc/ : Includes (libraries, CSS…)
    • shaarli.css : Shaarli stylesheet.
    • jquery.min.js : jQuery javascript library.
    • jquery-ui.min.js : jQuery-UI javascript library.
    • jquery-MIT-LICENSE.txt: jQuery license.
    • jquery.lazyload.min.js: LazyLoad javascript library.
    • rain.tpl.class.php : RainTPL templating library.
  • tpl/ : RainTPL templates for Shaarli. They are used to build the pages.
  • images/ : Images and icons used in Shaarli.
  • data/ : Directory where data is stored (bookmark database, configuration, logs, banlist…)
    • config.php : Shaarli configuration (login, password, timezone, title…)
    • datastore.php : Your link database (compressed).
    • ipban.php : IP address ban system data.
    • lastupdatecheck.txt : Update check timestamp file (used to check every 24 hours if a new version of Shaarli is available).
    • log.txt : login/IPban log.
  • cache/ : Directory containing the thumbnails cache. This directory is automatically created. You can erase it anytime you want.
  • tmp/ : Temporary directory for compiled RainTPL templates. This directory is automatically created. You can erase it anytime you want.


See the history of versions in this page.


The list of ideas and bugs are listed in this page.

If you want to signal a bug or propose a feature, please do it in the discussion below.


If you have a bug report or a new feature suggestion, please add them in the GitHub issue tracker.

Alternatively, you can find older discussions about Shaarli in this page (This discussion is closed.)

Under php 5.1, you will not have the Timezone selection dropdown.
php/shaarli.txt · Dernière modification : 2022/09/03 15:50 de sebsauvage