]>
Commit | Line | Data |
---|---|---|
1a268ba7 NL |
1 | <?php |
2 | /** | |
3 | * poche, a read it later open source system | |
4 | * | |
5 | * @category poche | |
421b65eb | 6 | * @author Nicolas Lœuillet <support@inthepoche.com> |
1a268ba7 NL |
7 | * @copyright 2013 |
8 | * @license http://www.wtfpl.net/ see COPYING file | |
9 | */ | |
10 | ||
c594aedf | 11 | include dirname(__FILE__).'/inc/config.php'; |
1a268ba7 | 12 | |
6f87a197 | 13 | myTool::initPhp(); |
f0070a15 | 14 | |
a1953dff | 15 | # XSRF protection with token |
16 | if (!empty($_POST)) { | |
17 | if (!Session::isToken($_POST['token'])) { | |
18 | die('Wrong token.'); | |
19 | } | |
20 | unset($_SESSION['tokens']); | |
21 | } | |
22 | ||
8c72b98d | 23 | $ref = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; |
24 | ||
a1953dff | 25 | if (isset($_GET['login'])) { |
26 | // Login | |
27 | if (!empty($_POST['login']) && !empty($_POST['password'])) { | |
aa8c9f2a NL |
28 | // echo $_SESSION['login']."<br>"; |
29 | // echo $_SESSION['pass']."<br>"; | |
30 | // echo $_POST['login']."<br>"; | |
31 | // echo encode_string($_POST['password'] . $_POST['login']); | |
32 | // die; | |
33 | if (Session::login($_SESSION['login'], $_SESSION['pass'], $_POST['login'], encode_string($_POST['password'] . $_POST['login']))) { | |
a1953dff | 34 | logm('login successful'); |
aa8c9f2a | 35 | $msg->add('s', 'welcome in your poche!'); |
a1953dff | 36 | if (!empty($_POST['longlastingsession'])) { |
37 | $_SESSION['longlastingsession'] = 31536000; | |
38 | $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession']; | |
39 | session_set_cookie_params($_SESSION['longlastingsession']); | |
40 | } else { | |
41 | session_set_cookie_params(0); // when browser closes | |
42 | } | |
43 | session_regenerate_id(true); | |
5917f419 | 44 | |
8c72b98d | 45 | MyTool::redirect($ref); |
a1953dff | 46 | } |
47 | logm('login failed'); | |
48 | die("Login failed !"); | |
49 | } else { | |
50 | logm('login failed'); | |
51 | } | |
52 | } | |
53 | elseif (isset($_GET['logout'])) { | |
54 | logm('logout'); | |
55 | Session::logout(); | |
56 | MyTool::redirect(); | |
57 | } | |
58 | ||
59 | # Traitement des paramètres et déclenchement des actions | |
60 | $view = (isset ($_REQUEST['view'])) ? htmlentities($_REQUEST['view']) : 'index'; | |
61 | $full_head = (isset ($_REQUEST['full_head'])) ? htmlentities($_REQUEST['full_head']) : 'yes'; | |
62 | $action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : ''; | |
63 | $_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id'; | |
64 | $id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : ''; | |
65 | $url = (isset ($_GET['url'])) ? $_GET['url'] : ''; | |
a1953dff | 66 | |
67 | $tpl->assign('isLogged', Session::isLogged()); | |
68 | $tpl->assign('referer', $ref); | |
69 | $tpl->assign('view', $view); | |
6f87a197 | 70 | $tpl->assign('poche_url', myTool::getUrl()); |
8046748b | 71 | $tpl->assign('title', 'poche, a read it later open source system'); |
139769aa | 72 | |
e4d2565e | 73 | if (Session::isLogged()) { |
a1953dff | 74 | action_to_do($action, $url, $id); |
75 | display_view($view, $id, $full_head); | |
e4d2565e | 76 | } |
77 | else { | |
78 | $tpl->draw('login'); | |
8c72b98d | 79 | } |