]>
Commit | Line | Data |
---|---|---|
1a268ba7 NL |
1 | <?php |
2 | /** | |
3 | * poche, a read it later open source system | |
4 | * | |
5 | * @category poche | |
421b65eb | 6 | * @author Nicolas Lœuillet <support@inthepoche.com> |
1a268ba7 NL |
7 | * @copyright 2013 |
8 | * @license http://www.wtfpl.net/ see COPYING file | |
9 | */ | |
10 | ||
c594aedf | 11 | include dirname(__FILE__).'/inc/config.php'; |
1a268ba7 | 12 | |
4f5b44bd | 13 | $notices = array(); |
f0070a15 | 14 | |
a1953dff | 15 | # XSRF protection with token |
4f5b44bd NL |
16 | // if (!empty($_POST)) { |
17 | // if (!Session::isToken($_POST['token'])) { | |
18 | // die(_('Wrong token')); | |
19 | // // TODO remettre le test | |
20 | // } | |
21 | // unset($_SESSION['tokens']); | |
22 | // } | |
a1953dff | 23 | |
a4565e88 | 24 | $referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; |
8c72b98d | 25 | |
a1953dff | 26 | if (isset($_GET['login'])) { |
4f5b44bd | 27 | # hello you |
a1953dff | 28 | if (!empty($_POST['login']) && !empty($_POST['password'])) { |
aa8c9f2a | 29 | if (Session::login($_SESSION['login'], $_SESSION['pass'], $_POST['login'], encode_string($_POST['password'] . $_POST['login']))) { |
161395d7 | 30 | pocheTools::logm('login successful'); |
4f5b44bd | 31 | $pocheTools[]['value'] = _('login successful'); |
8cbb2a88 | 32 | |
a1953dff | 33 | if (!empty($_POST['longlastingsession'])) { |
34 | $_SESSION['longlastingsession'] = 31536000; | |
35 | $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession']; | |
36 | session_set_cookie_params($_SESSION['longlastingsession']); | |
37 | } else { | |
4f5b44bd | 38 | session_set_cookie_params(0); |
a1953dff | 39 | } |
40 | session_regenerate_id(true); | |
161395d7 | 41 | pocheTools::redirect($referer); |
a1953dff | 42 | } |
161395d7 | 43 | pocheTools::logm('login failed'); |
4f5b44bd NL |
44 | $notices[]['value'] = _('Login failed !'); |
45 | pocheTools::redirect(); | |
a1953dff | 46 | } else { |
161395d7 | 47 | pocheTools::logm('login failed'); |
4f5b44bd | 48 | pocheTools::redirect(); |
a1953dff | 49 | } |
50 | } | |
51 | elseif (isset($_GET['logout'])) { | |
4f5b44bd | 52 | # see you soon ! |
161395d7 | 53 | pocheTools::logm('logout'); |
a1953dff | 54 | Session::logout(); |
161395d7 | 55 | pocheTools::redirect(); |
a1953dff | 56 | } |
da368cc8 | 57 | elseif (isset($_GET['config'])) { |
4f5b44bd | 58 | # Update password |
da368cc8 NL |
59 | if (isset($_POST['password']) && isset($_POST['password_repeat'])) { |
60 | if ($_POST['password'] == $_POST['password_repeat'] && $_POST['password'] != "") { | |
538cdfa8 | 61 | if (!MODE_DEMO) { |
4f5b44bd | 62 | pocheTools::logm('password updated'); |
6499b26a | 63 | $store->updatePassword(encode_string($_POST['password'] . $_SESSION['login'])); |
4f5b44bd NL |
64 | Session::logout(); |
65 | pocheTools::redirect(); | |
6499b26a NL |
66 | } |
67 | else { | |
4f5b44bd | 68 | pocheTools::logm('in demo mode, you can\'t do this'); |
6499b26a | 69 | } |
da368cc8 | 70 | } |
da368cc8 | 71 | } |
da368cc8 | 72 | } |
a1953dff | 73 | |
4f5b44bd NL |
74 | # Aaaaaaand action ! |
75 | $view = (isset ($_REQUEST['view'])) ? htmlentities($_REQUEST['view']) : 'home'; | |
76 | $full_head = (isset ($_REQUEST['full_head'])) ? htmlentities($_REQUEST['full_head']) : 'yes'; | |
77 | $action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : ''; | |
78 | $_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id'; | |
79 | $id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : ''; | |
80 | $url = (isset ($_GET['url'])) ? $_GET['url'] : ''; | |
a1953dff | 81 | |
a4565e88 | 82 | $tpl_vars = array( |
a4565e88 NL |
83 | 'referer' => $referer, |
84 | 'view' => $view, | |
161395d7 | 85 | 'poche_url' => pocheTools::getUrl(), |
a4565e88 NL |
86 | 'demo' => MODE_DEMO, |
87 | 'title' => _('poche, a read it later open source system'), | |
8cbb2a88 | 88 | 'token' => Session::getToken(), |
4f5b44bd | 89 | 'notices' => $notices, |
a4565e88 | 90 | ); |
139769aa | 91 | |
e4d2565e | 92 | if (Session::isLogged()) { |
a1953dff | 93 | action_to_do($action, $url, $id); |
2b840e0c | 94 | $tpl_file = get_tpl_file($view); |
8cbb2a88 | 95 | $tpl_vars = array_merge($tpl_vars, display_view($view, $id)); |
e4d2565e | 96 | } |
97 | else { | |
8cbb2a88 | 98 | $tpl_file = 'login.twig'; |
8c72b98d | 99 | } |
a4565e88 | 100 | |
8cbb2a88 | 101 | echo $twig->render($tpl_file, $tpl_vars); |