projects / github / wallabag / wallabag.git / blame
| Commit | Line | Data |
|---|---|---|
| 1a268ba7 NL |
1 | <?php |
| 2 | /** | |
| 3 | * poche, a read it later open source system | |
| 4 | * | |
| 5 | * @category poche | |
| 421b65eb | 6 | * @author Nicolas Lœuillet <support@inthepoche.com> |
| 1a268ba7 NL |
7 | * @copyright 2013 |
| 8 | * @license http://www.wtfpl.net/ see COPYING file | |
| 9 | */ | |
| 10 | ||
| c594aedf | 11 | include dirname(__FILE__).'/inc/config.php'; |
| 1a268ba7 | 12 | |
| 6f87a197 | 13 | myTool::initPhp(); |
| f0070a15 | 14 | |
| a1953dff | 15 | # XSRF protection with token |
| 16 | if (!empty($_POST)) { | |
| 17 | if (!Session::isToken($_POST['token'])) { | |
| 18 | die('Wrong token.'); | |
| 19 | } | |
| 20 | unset($_SESSION['tokens']); | |
| 21 | } | |
| 22 | ||
| 8c72b98d | 23 | $ref = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; |
| 24 | ||
| a1953dff | 25 | if (isset($_GET['login'])) { |
| 26 | // Login | |
| 27 | if (!empty($_POST['login']) && !empty($_POST['password'])) { | |
| aa8c9f2a | 28 | if (Session::login($_SESSION['login'], $_SESSION['pass'], $_POST['login'], encode_string($_POST['password'] . $_POST['login']))) { |
| a1953dff | 29 | logm('login successful'); |
| aa8c9f2a | 30 | $msg->add('s', 'welcome in your poche!'); |
| a1953dff | 31 | if (!empty($_POST['longlastingsession'])) { |
| 32 | $_SESSION['longlastingsession'] = 31536000; | |
| 33 | $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession']; | |
| 34 | session_set_cookie_params($_SESSION['longlastingsession']); | |
| 35 | } else { | |
| 36 | session_set_cookie_params(0); // when browser closes | |
| 37 | } | |
| 38 | session_regenerate_id(true); | |
| 5917f419 | 39 | |
| 8c72b98d | 40 | MyTool::redirect($ref); |
| a1953dff | 41 | } |
| 42 | logm('login failed'); | |
| 43 | die("Login failed !"); | |
| 44 | } else { | |
| 45 | logm('login failed'); | |
| 46 | } | |
| 47 | } | |
| 48 | elseif (isset($_GET['logout'])) { | |
| 49 | logm('logout'); | |
| 50 | Session::logout(); | |
| 51 | MyTool::redirect(); | |
| 52 | } | |
| da368cc8 NL |
53 | elseif (isset($_GET['config'])) { |
| 54 | if (isset($_POST['password']) && isset($_POST['password_repeat'])) { | |
| 55 | if ($_POST['password'] == $_POST['password_repeat'] && $_POST['password'] != "") { | |
| 56 | logm('password updated'); | |
| 6499b26a NL |
57 | if (!DEMO) { |
| 58 | $store->updatePassword(encode_string($_POST['password'] . $_SESSION['login'])); | |
| 59 | $msg->add('s', 'your password has been updated'); | |
| 60 | } | |
| 61 | else { | |
| 62 | $msg->add('i', 'in demo mode, you can\'t update password'); | |
| 63 | } | |
| da368cc8 NL |
64 | } |
| 65 | else | |
| 66 | $msg->add('e', 'your password can\'t be empty and you have to repeat it in the second field'); | |
| 67 | } | |
| da368cc8 | 68 | } |
| a1953dff | 69 | |
| 70 | # Traitement des paramètres et déclenchement des actions | |
| 71 | $view = (isset ($_REQUEST['view'])) ? htmlentities($_REQUEST['view']) : 'index'; | |
| 72 | $full_head = (isset ($_REQUEST['full_head'])) ? htmlentities($_REQUEST['full_head']) : 'yes'; | |
| 73 | $action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : ''; | |
| 74 | $_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id'; | |
| 75 | $id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : ''; | |
| 76 | $url = (isset ($_GET['url'])) ? $_GET['url'] : ''; | |
| a1953dff | 77 | |
| 78 | $tpl->assign('isLogged', Session::isLogged()); | |
| 79 | $tpl->assign('referer', $ref); | |
| 80 | $tpl->assign('view', $view); | |
| 6f87a197 | 81 | $tpl->assign('poche_url', myTool::getUrl()); |
| 8046748b | 82 | $tpl->assign('title', 'poche, a read it later open source system'); |
| 139769aa | 83 | |
| e4d2565e | 84 | if (Session::isLogged()) { |
| a1953dff | 85 | action_to_do($action, $url, $id); |
| 86 | display_view($view, $id, $full_head); | |
| e4d2565e | 87 | } |
| 88 | else { | |
| 89 | $tpl->draw('login'); | |
| 8c72b98d | 90 | } |