]>
Commit | Line | Data |
---|---|---|
e46efced | 1 | <?php |
2 | /** | |
3 | * poche, a read it later open source system | |
4 | * | |
5 | * @category poche | |
6 | * @author Nicolas Lœuillet <nicolas@loeuillet.org> | |
7 | * @copyright 2013 | |
8 | * @license http://www.wtfpl.net/ see COPYING file | |
9 | */ | |
10 | ||
11 | include dirname(__FILE__).'/inc/config.php'; | |
12 | $db = new db(DB_PATH); | |
13 | ||
cf3180f6 | 14 | $action = (isset ($_GET['action'])) ? htmlentities($_GET['action']) : ''; |
15 | $id = (isset ($_GET['id'])) ? htmlentities($_GET['id']) : ''; | |
16 | $token = (isset ($_GET['token'])) ? $_GET['token'] : ''; | |
e46efced | 17 | |
cf3180f6 | 18 | if (verif_token($token)) { |
19 | switch ($action) | |
20 | { | |
21 | case 'toggle_fav' : | |
22 | $sql_action = "UPDATE entries SET is_fav=~is_fav WHERE id=?"; | |
23 | $params_action = array($id); | |
24 | break; | |
25 | case 'toggle_archive' : | |
26 | $sql_action = "UPDATE entries SET is_read=~is_read WHERE id=?"; | |
27 | $params_action = array($id); | |
28 | break; | |
29 | default: | |
30 | break; | |
31 | } | |
e46efced | 32 | |
cf3180f6 | 33 | # action query |
34 | if (isset($sql_action)) | |
35 | { | |
36 | $query = $db->getHandle()->prepare($sql_action); | |
37 | $query->execute($params_action); | |
38 | } | |
e46efced | 39 | } |
cf3180f6 | 40 | else die('CSRF problem'); |