[github/wallabag/wallabag.git] / inc / functions.php

<?php

/**
 * Permet de générer l'URL de poche pour le bookmarklet
 */
function get_poche_url()
{
    $protocol = "http";
    if(isset($_SERVER['HTTPS'])) {
        if($_SERVER['HTTPS'] != "off" && $_SERVER['HTTPS'] != "") {
            $protocol = "https";
        }
    }

    return $protocol . "://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
}

// function define to retrieve url content
function get_external_file($url)
{
    $timeout = 15;
    // spoofing FireFox 18.0
    $useragent="Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0";

    if  (in_array  ('curl', get_loaded_extensions())) {
        // Fetch feed from URL
        $curl = curl_init();
        curl_setopt($curl, CURLOPT_URL, $url);
        curl_setopt($curl, CURLOPT_TIMEOUT, $timeout);
        curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($curl, CURLOPT_HEADER, false);

        // FeedBurner requires a proper USER-AGENT...
        curl_setopt($curl, CURL_HTTP_VERSION_1_1, true);
        curl_setopt($curl, CURLOPT_ENCODING, "gzip, deflate");
        curl_setopt($curl, CURLOPT_USERAGENT, $useragent);

        $data = curl_exec($curl);

        $httpcode = curl_getinfo($curl, CURLINFO_HTTP_CODE);

        $httpcodeOK = isset($httpcode) and ($httpcode == 200 or $httpcode == 301);

        curl_close($curl);
    } else {

        // create http context and add timeout and user-agent
        $context = stream_context_create(array('http'=>array('timeout' => $timeout,'header'=> "User-Agent: ".$useragent,/*spoot Mozilla Firefox*/'follow_location' => true)));

        // only download page lesser than 4MB
        $data = @file_get_contents($url, false, $context, -1, 4000000); // We download at most 4 MB from source.

        if(isset($http_response_header) and isset($http_response_header[0])) {
            $httpcodeOK = isset($http_response_header) and isset($http_response_header[0]) and ((strpos($http_response_header[0], '200 OK') !== FALSE) or (strpos($http_response_header[0], '301 Moved Permanently') !== FALSE));
        }
    }

    // if response is not empty and response is OK
    if (isset($data) and isset($httpcodeOK) and $httpcodeOK ) {

        // take charset of page and get it
        preg_match('#<meta .*charset=.*>#Usi', $data, $meta);

        // if meta tag is found
        if (!empty($meta[0])) {
            // retrieve encoding in $enc
            preg_match('#charset="?(.*)"#si', $meta[0], $enc);

            // if charset is found set it otherwise, set it to utf-8
            $html_charset = (!empty($enc[1])) ? strtolower($enc[1]) : 'utf-8';

        } else {
            $html_charset = 'utf-8';
            $enc[1] = '';
        }

        // replace charset of url to charset of page
        $data = str_replace('charset='.$enc[1], 'charset='.$html_charset, $data);

        return $data;
    }
    else {
        return FALSE;
    }
}

/**
 * Préparation de l'URL avec récupération du contenu avant insertion en base
 */
function prepare_url($url)
{
    $parametres = array();
    $url    = html_entity_decode(trim($url));

    // We remove the annoying parameters added by FeedBurner and GoogleFeedProxy (?utm_source=...)
    // from shaarli, by sebsauvage
    $i=strpos($url,'&utm_source='); if ($i!==false) $url=substr($url,0,$i);
    $i=strpos($url,'?utm_source='); if ($i!==false) $url=substr($url,0,$i);
    $i=strpos($url,'#xtor=RSS-'); if ($i!==false) $url=substr($url,0,$i);

    $title  = $url;
    if (!preg_match('!^https?://!i', $url))
        $url = 'http://' . $url;

    $html = Encoding::toUTF8(get_external_file($url,15));
    if (isset($html) and strlen($html) > 0)
    {
        $r = new Readability($html, $url);
        $r->convertLinksToFootnotes = CONVERT_LINKS_FOOTNOTES;
        if($r->init())
        {
            $content = $r->articleContent->innerHTML;
            $parametres['title'] = $r->articleTitle->innerHTML;
            $parametres['content'] = $content;
            return $parametres;
        }
    }

    logm('error during url preparation');
    return FALSE;
}

/**
 * On modifie les URLS des images dans le corps de l'article
 */
function filtre_picture($content, $url, $id)
{
    $matches = array();
    preg_match_all('#<\s*(img)[^>]+src="([^"]*)"[^>]*>#Si', $content, $matches, PREG_SET_ORDER);
    foreach($matches as $i => $link)
    {
        $link[1] = trim($link[1]);
        if (!preg_match('#^(([a-z]+://)|(\#))#', $link[1]) )
        {
            $absolute_path = get_absolute_link($link[2],$url);
            $filename = basename(parse_url($absolute_path, PHP_URL_PATH));
            $directory = create_assets_directory($id);
            $fullpath = $directory . '/' . $filename;
            download_pictures($absolute_path, $fullpath);
            $content = str_replace($matches[$i][2], $fullpath, $content);
        }

    }

    return $content;
}

/**
 * Retourne le lien absolu
 */
function get_absolute_link($relative_link, $url)
{
    /* return if already absolute URL */
    if (parse_url($relative_link, PHP_URL_SCHEME) != '') return $relative_link;

    /* queries and anchors */
    if ($relative_link[0]=='#' || $relative_link[0]=='?') return $url . $relative_link;

    /* parse base URL and convert to local variables:
       $scheme, $host, $path */
    extract(parse_url($url));

    /* remove non-directory element from path */
    $path = preg_replace('#/[^/]*$#', '', $path);

    /* destroy path if relative url points to root */
    if ($relative_link[0] == '/') $path = '';

    /* dirty absolute URL */
    $abs = $host . $path . '/' . $relative_link;

    /* replace '//' or '/./' or '/foo/../' with '/' */
    $re = array('#(/\.?/)#', '#/(?!\.\.)[^/]+/\.\./#');
    for($n=1; $n>0; $abs=preg_replace($re, '/', $abs, -1, $n)) {}

    /* absolute URL is ready! */
    return $scheme.'://'.$abs;
}

/**
 * Téléchargement des images
 */

function download_pictures($absolute_path, $fullpath)
{
    $rawdata = get_external_file($absolute_path);

    if(file_exists($fullpath)) {
        unlink($fullpath);
    }
    $fp = fopen($fullpath, 'x');
    fwrite($fp, $rawdata);
    fclose($fp);
}

/**
 * Crée un répertoire de médias pour l'article
 */
function create_assets_directory($id)
{
    $assets_path = ABS_PATH;
    if(!is_dir($assets_path)) {
        mkdir($assets_path, 0705);
    }

    $article_directory = $assets_path . $id;
    if(!is_dir($article_directory)) {
        mkdir($article_directory, 0705);
    }

    return $article_directory;
}

/**
 * Suppression du répertoire d'images
 */
function remove_directory($directory)
{
    if(is_dir($directory)) {
        $files = array_diff(scandir($directory), array('.','..'));
        foreach ($files as $file) {
            (is_dir("$directory/$file")) ? remove_directory("$directory/$file") : unlink("$directory/$file");
        }
        return rmdir($directory);
    }
}

/**
 * Appel d'une action (mark as fav, archive, delete)
 */

function action_to_do($action, $url, $token, $id = 0)
{
    global $db;

    switch ($action)
    {
        case 'add':
            if ($url == '')
                continue;

            if($parametres_url = prepare_url($url)) {
                $sql_action     = 'INSERT INTO entries ( url, title, content ) VALUES (?, ?, ?)';
                $params_action  = array($url, $parametres_url['title'], $parametres_url['content']);
            }

            logm('add link ' . $url);
            break;
        case 'delete':
            if (verif_token($token)) {
                remove_directory(ABS_PATH . $id);
                $sql_action     = "DELETE FROM entries WHERE id=?";
                $params_action  = array($id);
                logm('delete link #' . $id);
            }
            else logm('csrf problem while deleting entry');
            break;
        case 'toggle_fav' :
            if (verif_token($token)) {
                $sql_action     = "UPDATE entries SET is_fav=~is_fav WHERE id=?";
                $params_action  = array($id);
                logm('mark as favorite link #' . $id);
            }
            else logm('csrf problem while fav entry');
            break;
        case 'toggle_archive' :
            if (verif_token($token)) {
                $sql_action     = "UPDATE entries SET is_read=~is_read WHERE id=?";
                $params_action  = array($id);
                logm('archive link #' . $id);
            }
            else logm('csrf problem while archive entry');
            break;
        default:
            break;
    }

    try
    {
        # action query
        if (isset($sql_action))
        {
            $query = $db->getHandle()->prepare($sql_action);
            $query->execute($params_action);
            # if we add a link, we have to download pictures
            if ($action == 'add') {
                $last_id = $db->getHandle()->lastInsertId();
                if (DOWNLOAD_PICTURES) {
                    $content        = filtre_picture($parametres_url['content'], $url, $last_id);
                    $sql_update     = "UPDATE entries SET content=? WHERE id=?";
                    $params_update  = array($content, $last_id);
                    $query_update   = $db->getHandle()->prepare($sql_update);
                    $query_update->execute($params_update);
                }
            }
        }
    }
    catch (Exception $e)
    {
        logm('action query error : '.$e->getMessage());
    }
}

/**
 * Détermine quels liens afficher : home, fav ou archives
 */
function display_view($view)
{
    global $db;

    switch ($_SESSION['sort'])
    {
        case 'ia':
            $order = 'ORDER BY id';
            break;
        case 'id':
            $order = 'ORDER BY id DESC';
            break;
        case 'ta':
            $order = 'ORDER BY lower(title)';
            break;
        case 'td':
            $order = 'ORDER BY lower(title) DESC';
            break;
        default:
            $order = 'ORDER BY id';
            break;
    }

    switch ($view)
    {
        case 'archive':
            $sql    = "SELECT * FROM entries WHERE is_read=? " . $order;
            $params = array(-1);
            break;
        case 'fav' :
            $sql    = "SELECT * FROM entries WHERE is_fav=? " . $order;
            $params = array(-1);
            break;
        default:
            $sql    = "SELECT * FROM entries WHERE is_read=? " . $order;
            $params = array(0);
            break;
    }

    # view query
    try
    {
        $query  = $db->getHandle()->prepare($sql);
        $query->execute($params);
        $entries = $query->fetchAll();
    }
    catch (Exception $e)
    {
        logm('view query error : '.$e->getMessage());
    }

    return $entries;
}

/**
 * Récupère un article en fonction d'un ID
 */
function get_article($id)
{
    global $db;

    $entry  = NULL;
    $sql    = "SELECT * FROM entries WHERE id=?";
    $params = array(intval($id));

    # view article query
    try
    {
        $query  = $db->getHandle()->prepare($sql);
        $query->execute($params);
        $entry = $query->fetchAll();
    }
    catch (Exception $e)
    {
        logm('get article query error : '.$e->getMessage());
    }

    return $entry;
}

/**
 * Vérifie si le jeton passé en $_POST correspond à celui en session
 */
function verif_token($token)
{
    if(isset($_SESSION['token_poche']) && isset($_SESSION['token_time_poche']) && isset($token))
    {
        if($_SESSION['token_poche'] == $token)
        {
            $old_timestamp = time() - (15*60);
            if($_SESSION['token_time_poche'] >= $old_timestamp)
            {
                return TRUE;
            }
            else {
                session_destroy();
                logm('session expired');
            }
        }
        else {
            logm('token error : the token is different');
            return FALSE;
        }
    }
    else {
        logm('token error : the token is not here');
        return FALSE;
    }
}

function logm($message)
{
    $t = strval(date('Y/m/d_H:i:s')).' - '.$_SERVER["REMOTE_ADDR"].' - '.strval($message)."\n";
    file_put_contents('./log.txt',$t,FILE_APPEND);
}
Commit	Line	Data
24619534	1	<?php
24619534	2
c8bbe19b	3	/**
	4	* Permet de générer l'URL de poche pour le bookmarklet
	5	*/
8046748b	6	function get_poche_url()
c8bbe19b	7	{
	8	$protocol = "http";
	9	if(isset($_SERVER['HTTPS'])) {
f0fc5011	10	if($_SERVER['HTTPS'] != "off" && $_SERVER['HTTPS'] != "") {
c8bbe19b	11	$protocol = "https";
	12	}
	13	}
24619534	14
c8bbe19b	15	return $protocol . "://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
24619534	16	}
24619534	17
24619534	18	// function define to retrieve url content
1c182b6c	19	function get_external_file($url)
c8bbe19b	20	{
1c182b6c	21	$timeout = 15;
24619534	22	// spoofing FireFox 18.0
	23	$useragent="Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0";
	24
	25	if (in_array ('curl', get_loaded_extensions())) {
	26	// Fetch feed from URL
	27	$curl = curl_init();
	28	curl_setopt($curl, CURLOPT_URL, $url);
	29	curl_setopt($curl, CURLOPT_TIMEOUT, $timeout);
	30	curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
	31	curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
	32	curl_setopt($curl, CURLOPT_HEADER, false);
	33
	34	// FeedBurner requires a proper USER-AGENT...
	35	curl_setopt($curl, CURL_HTTP_VERSION_1_1, true);
	36	curl_setopt($curl, CURLOPT_ENCODING, "gzip, deflate");
	37	curl_setopt($curl, CURLOPT_USERAGENT, $useragent);
	38
	39	$data = curl_exec($curl);
	40
	41	$httpcode = curl_getinfo($curl, CURLINFO_HTTP_CODE);
	42
	43	$httpcodeOK = isset($httpcode) and ($httpcode == 200 or $httpcode == 301);
	44
	45	curl_close($curl);
	46	} else {
	47
	48	// create http context and add timeout and user-agent
1c182b6c	49	$context = stream_context_create(array('http'=>array('timeout' => $timeout,'header'=> "User-Agent: ".$useragent,/spoot Mozilla Firefox/'follow_location' => true)));
24619534	50
	51	// only download page lesser than 4MB
	52	$data = @file_get_contents($url, false, $context, -1, 4000000); // We download at most 4 MB from source.
24619534	53
	54	if(isset($http_response_header) and isset($http_response_header[0])) {
	55	$httpcodeOK = isset($http_response_header) and isset($http_response_header[0]) and ((strpos($http_response_header[0], '200 OK') !== FALSE) or (strpos($http_response_header[0], '301 Moved Permanently') !== FALSE));
	56	}
	57	}
	58
	59	// if response is not empty and response is OK
	60	if (isset($data) and isset($httpcodeOK) and $httpcodeOK ) {
	61
	62	// take charset of page and get it
	63	preg_match('#<meta .charset=.>#Usi', $data, $meta);
	64
	65	// if meta tag is found
	66	if (!empty($meta[0])) {
	67	// retrieve encoding in $enc
	68	preg_match('#charset="?(.*)"#si', $meta[0], $enc);
	69
	70	// if charset is found set it otherwise, set it to utf-8
	71	$html_charset = (!empty($enc[1])) ? strtolower($enc[1]) : 'utf-8';
	72
	73	} else {
	74	$html_charset = 'utf-8';
	75	$enc[1] = '';
	76	}
	77
	78	// replace charset of url to charset of page
	79	$data = str_replace('charset='.$enc[1], 'charset='.$html_charset, $data);
	80
	81	return $data;
	82	}
	83	else {
	84	return FALSE;
	85	}
3c8d80ae	86	}
3c8d80ae	87
8046748b	88	/**
	89	* Préparation de l'URL avec récupération du contenu avant insertion en base
	90	*/
d06f30ef	91	function prepare_url($url)
3c8d80ae	92	{
	93	$parametres = array();
	94	$url = html_entity_decode(trim($url));
	95
	96	// We remove the annoying parameters added by FeedBurner and GoogleFeedProxy (?utm_source=...)
	97	// from shaarli, by sebsauvage
	98	$i=strpos($url,'&utm_source='); if ($i!==false) $url=substr($url,0,$i);
	99	$i=strpos($url,'?utm_source='); if ($i!==false) $url=substr($url,0,$i);
	100	$i=strpos($url,'#xtor=RSS-'); if ($i!==false) $url=substr($url,0,$i);
	101
	102	$title = $url;
	103	if (!preg_match('!^https?://!i', $url))
	104	$url = 'http://' . $url;
	105
	106	$html = Encoding::toUTF8(get_external_file($url,15));
	107	if (isset($html) and strlen($html) > 0)
	108	{
	109	$r = new Readability($html, $url);
d06f30ef	110	$r->convertLinksToFootnotes = CONVERT_LINKS_FOOTNOTES;
3c8d80ae	111	if($r->init())
3c8d80ae	112	{
1c182b6c	113	$content = $r->articleContent->innerHTML;
1c182b6c	114	$parametres['title'] = $r->articleTitle->innerHTML;
64458521	115	$parametres['content'] = $content;
1c182b6c	116	return $parametres;
3c8d80ae	117	}
	118	}
	119
1c182b6c	120	logm('error during url preparation');
	121	return FALSE;
	122	}
	123
	124	/**
	125	* On modifie les URLS des images dans le corps de l'article
	126	*/
	127	function filtre_picture($content, $url, $id)
	128	{
	129	$matches = array();
	130	preg_match_all('#<\s(img)[^>]+src="([^"])"[^>]*>#Si', $content, $matches, PREG_SET_ORDER);
	131	foreach($matches as $i => $link)
	132	{
	133	$link[1] = trim($link[1]);
	134	if (!preg_match('#^(([a-z]+://)\|(\#))#', $link[1]) )
	135	{
	136	$absolute_path = get_absolute_link($link[2],$url);
	137	$filename = basename(parse_url($absolute_path, PHP_URL_PATH));
	138	$directory = create_assets_directory($id);
	139	$fullpath = $directory . '/' . $filename;
	140	download_pictures($absolute_path, $fullpath);
	141	$content = str_replace($matches[$i][2], $fullpath, $content);
	142	}
	143
	144	}
	145
	146	return $content;
	147	}
	148
	149	/**
	150	* Retourne le lien absolu
	151	*/
	152	function get_absolute_link($relative_link, $url)
	153	{
	154	/* return if already absolute URL */
	155	if (parse_url($relative_link, PHP_URL_SCHEME) != '') return $relative_link;
	156
	157	/* queries and anchors */
	158	if ($relative_link[0]=='#' \|\| $relative_link[0]=='?') return $url . $relative_link;
	159
	160	/* parse base URL and convert to local variables:
	161	$scheme, $host, $path */
	162	extract(parse_url($url));
	163
	164	/* remove non-directory element from path */
	165	$path = preg_replace('#/[^/]*$#', '', $path);
	166
	167	/* destroy path if relative url points to root */
	168	if ($relative_link[0] == '/') $path = '';
	169
	170	/* dirty absolute URL */
	171	$abs = $host . $path . '/' . $relative_link;
	172
	173	/* replace '//' or '/./' or '/foo/../' with '/' */
	174	$re = array('#(/\.?/)#', '#/(?!\.\.)[^/]+/\.\./#');
	175	for($n=1; $n>0; $abs=preg_replace($re, '/', $abs, -1, $n)) {}
	176
	177	/* absolute URL is ready! */
	178	return $scheme.'://'.$abs;
	179	}
	180
	181	/**
	182	* Téléchargement des images
	183	*/
184
185	function download_pictures($absolute_path, $fullpath)
186	{
187	$rawdata = get_external_file($absolute_path);
3c8d80ae	188
1c182b6c	189	if(file_exists($fullpath)) {
	190	unlink($fullpath);
	191	}
	192	$fp = fopen($fullpath, 'x');
	193	fwrite($fp, $rawdata);
	194	fclose($fp);
	195	}
	196
	197	/**
	198	* Crée un répertoire de médias pour l'article
	199	*/
	200	function create_assets_directory($id)
	201	{
	202	$assets_path = ABS_PATH;
	203	if(!is_dir($assets_path)) {
	204	mkdir($assets_path, 0705);
	205	}
	206
	207	$article_directory = $assets_path . $id;
	208	if(!is_dir($article_directory)) {
	209	mkdir($article_directory, 0705);
	210	}
	211
	212	return $article_directory;
	213	}
	214
	215	/**
	216	* Suppression du répertoire d'images
	217	*/
	218	function remove_directory($directory)
	219	{
	220	if(is_dir($directory)) {
	221	$files = array_diff(scandir($directory), array('.','..'));
	222	foreach ($files as $file) {
07a19252	223	(is_dir("$directory/$file")) ? remove_directory("$directory/$file") : unlink("$directory/$file");
1c182b6c	224	}
	225	return rmdir($directory);
	226	}
263d6c67	227	}
	228
	229	/**
	230	* Appel d'une action (mark as fav, archive, delete)
	231	*/
1c182b6c	232
d06f30ef	233	function action_to_do($action, $url, $token, $id = 0)
263d6c67	234	{
	235	global $db;
	236
	237	switch ($action)
	238	{
	239	case 'add':
	240	if ($url == '')
	241	continue;
	242
d06f30ef	243	if($parametres_url = prepare_url($url)) {
	244	$sql_action = 'INSERT INTO entries ( url, title, content ) VALUES (?, ?, ?)';
	245	$params_action = array($url, $parametres_url['title'], $parametres_url['content']);
1c182b6c	246	}
1c182b6c	247
a81cd067	248	logm('add link ' . $url);
263d6c67	249	break;
263d6c67	250	case 'delete':
cf3180f6	251	if (verif_token($token)) {
1c182b6c	252	remove_directory(ABS_PATH . $id);
cf3180f6	253	$sql_action = "DELETE FROM entries WHERE id=?";
cf3180f6	254	$params_action = array($id);
a81cd067	255	logm('delete link #' . $id);
cf3180f6	256	}
713b2d69	257	else logm('csrf problem while deleting entry');
263d6c67	258	break;
139769aa	259	case 'toggle_fav' :
	260	if (verif_token($token)) {
	261	$sql_action = "UPDATE entries SET is_fav=~is_fav WHERE id=?";
	262	$params_action = array($id);
a81cd067	263	logm('mark as favorite link #' . $id);
139769aa	264	}
713b2d69	265	else logm('csrf problem while fav entry');
139769aa	266	break;
	267	case 'toggle_archive' :
	268	if (verif_token($token)) {
	269	$sql_action = "UPDATE entries SET is_read=~is_read WHERE id=?";
	270	$params_action = array($id);
a81cd067	271	logm('archive link #' . $id);
139769aa	272	}
713b2d69	273	else logm('csrf problem while archive entry');
139769aa	274	break;
263d6c67	275	default:
	276	break;
	277	}
	278
	279	try
	280	{
	281	# action query
	282	if (isset($sql_action))
	283	{
	284	$query = $db->getHandle()->prepare($sql_action);
	285	$query->execute($params_action);
d06f30ef	286	# if we add a link, we have to download pictures
	287	if ($action == 'add') {
	288	$last_id = $db->getHandle()->lastInsertId();
	289	if (DOWNLOAD_PICTURES) {
	290	$content = filtre_picture($parametres_url['content'], $url, $last_id);
	291	$sql_update = "UPDATE entries SET content=? WHERE id=?";
	292	$params_update = array($content, $last_id);
	293	$query_update = $db->getHandle()->prepare($sql_update);
	294	$query_update->execute($params_update);
	295	}
	296	}
263d6c67	297	}
	298	}
	299	catch (Exception $e)
	300	{
713b2d69	301	logm('action query error : '.$e->getMessage());
263d6c67	302	}
	303	}
	304
	305	/**
	306	* Détermine quels liens afficher : home, fav ou archives
	307	*/
9fee2e72	308	function display_view($view)
263d6c67	309	{
	310	global $db;
	311
139769aa	312	switch ($_SESSION['sort'])
	313	{
	314	case 'ia':
	315	$order = 'ORDER BY id';
	316	break;
	317	case 'id':
	318	$order = 'ORDER BY id DESC';
	319	break;
	320	case 'ta':
	321	$order = 'ORDER BY lower(title)';
	322	break;
	323	case 'td':
	324	$order = 'ORDER BY lower(title) DESC';
	325	break;
	326	default:
	327	$order = 'ORDER BY id';
	328	break;
	329	}
	330
9fee2e72	331	switch ($view)
263d6c67	332	{
263d6c67	333	case 'archive':
139769aa	334	$sql = "SELECT * FROM entries WHERE is_read=? " . $order;
263d6c67	335	$params = array(-1);
	336	break;
	337	case 'fav' :
139769aa	338	$sql = "SELECT * FROM entries WHERE is_fav=? " . $order;
263d6c67	339	$params = array(-1);
	340	break;
	341	default:
139769aa	342	$sql = "SELECT * FROM entries WHERE is_read=? " . $order;
263d6c67	343	$params = array(0);
	344	break;
	345	}
	346
	347	# view query
	348	try
	349	{
	350	$query = $db->getHandle()->prepare($sql);
	351	$query->execute($params);
	352	$entries = $query->fetchAll();
	353	}
	354	catch (Exception $e)
	355	{
713b2d69	356	logm('view query error : '.$e->getMessage());
263d6c67	357	}
	358
	359	return $entries;
	360	}
	361
	362	/**
	363	* Récupère un article en fonction d'un ID
	364	*/
	365	function get_article($id)
	366	{
	367	global $db;
	368
	369	$entry = NULL;
	370	$sql = "SELECT * FROM entries WHERE id=?";
	371	$params = array(intval($id));
	372
	373	# view article query
	374	try
	375	{
	376	$query = $db->getHandle()->prepare($sql);
	377	$query->execute($params);
	378	$entry = $query->fetchAll();
	379	}
	380	catch (Exception $e)
	381	{
713b2d69	382	logm('get article query error : '.$e->getMessage());
263d6c67	383	}
	384
	385	return $entry;
cf3180f6	386	}
	387
	388	/**
	389	* Vérifie si le jeton passé en $_POST correspond à celui en session
	390	*/
	391	function verif_token($token)
	392	{
	393	if(isset($_SESSION['token_poche']) && isset($_SESSION['token_time_poche']) && isset($token))
	394	{
	395	if($_SESSION['token_poche'] == $token)
	396	{
	397	$old_timestamp = time() - (15*60);
	398	if($_SESSION['token_time_poche'] >= $old_timestamp)
	399	{
	400	return TRUE;
	401	}
643e3037	402	else {
643e3037	403	session_destroy();
713b2d69	404	logm('session expired');
643e3037	405	}
cf3180f6	406	}
713b2d69	407	else {
	408	logm('token error : the token is different');
	409	return FALSE;
	410	}
	411	}
	412	else {
	413	logm('token error : the token is not here');
	414	return FALSE;
cf3180f6	415	}
713b2d69	416	}
	417
	418	function logm($message)
	419	{
	420	$t = strval(date('Y/m/d_H:i:s')).' - '.$_SERVER["REMOTE_ADDR"].' - '.strval($message)."\n";
a81cd067	421	file_put_contents('./log.txt',$t,FILE_APPEND);
c8bbe19b	422	}