]>
Commit | Line | Data |
---|---|---|
1 | <?php | |
2 | /** | |
3 | * poche, a read it later open source system | |
4 | * | |
5 | * @category poche | |
6 | * @author Nicolas Lœuillet <support@inthepoche.com> | |
7 | * @copyright 2013 | |
8 | * @license http://www.wtfpl.net/ see COPYING file | |
9 | */ | |
10 | ||
11 | include dirname(__FILE__).'/inc/config.php'; | |
12 | ||
13 | pocheTools::initPhp(); | |
14 | ||
15 | # XSRF protection with token | |
16 | if (!empty($_POST)) { | |
17 | if (!Session::isToken($_POST['token'])) { | |
18 | die(_('Wrong token.')); | |
19 | } | |
20 | unset($_SESSION['tokens']); | |
21 | } | |
22 | ||
23 | $referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; | |
24 | ||
25 | if (isset($_GET['login'])) { | |
26 | // Login | |
27 | if (!empty($_POST['login']) && !empty($_POST['password'])) { | |
28 | if (Session::login($_SESSION['login'], $_SESSION['pass'], $_POST['login'], encode_string($_POST['password'] . $_POST['login']))) { | |
29 | pocheTools::logm('login successful'); | |
30 | if (!empty($_POST['longlastingsession'])) { | |
31 | $_SESSION['longlastingsession'] = 31536000; | |
32 | $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession']; | |
33 | session_set_cookie_params($_SESSION['longlastingsession']); | |
34 | } else { | |
35 | session_set_cookie_params(0); // when browser closes | |
36 | } | |
37 | session_regenerate_id(true); | |
38 | ||
39 | pocheTools::redirect($referer); | |
40 | } | |
41 | pocheTools::logm('login failed'); | |
42 | die(_("Login failed !")); | |
43 | } else { | |
44 | pocheTools::logm('login failed'); | |
45 | } | |
46 | } | |
47 | elseif (isset($_GET['logout'])) { | |
48 | pocheTools::logm('logout'); | |
49 | Session::logout(); | |
50 | pocheTools::redirect(); | |
51 | } | |
52 | elseif (isset($_GET['config'])) { | |
53 | if (isset($_POST['password']) && isset($_POST['password_repeat'])) { | |
54 | if ($_POST['password'] == $_POST['password_repeat'] && $_POST['password'] != "") { | |
55 | pocheTools::logm('password updated'); | |
56 | if (!MODE_DEMO) { | |
57 | $store->updatePassword(encode_string($_POST['password'] . $_SESSION['login'])); | |
58 | #your password has been updated | |
59 | } | |
60 | else { | |
61 | #in demo mode, you can\'t update password | |
62 | } | |
63 | } | |
64 | #else | |
65 | #your password can\'t be empty and you have to repeat it in the second field | |
66 | } | |
67 | } | |
68 | ||
69 | # Traitement des paramètres et déclenchement des actions | |
70 | $view = (isset ($_REQUEST['view'])) ? htmlentities($_REQUEST['view']) : 'index'; | |
71 | $full_head = (isset ($_REQUEST['full_head'])) ? htmlentities($_REQUEST['full_head']) : 'yes'; | |
72 | $action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : ''; | |
73 | $_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id'; | |
74 | $id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : ''; | |
75 | $url = (isset ($_GET['url'])) ? $_GET['url'] : ''; | |
76 | ||
77 | $tpl_vars = array( | |
78 | 'isLogged' => Session::isLogged(), | |
79 | 'referer' => $referer, | |
80 | 'view' => $view, | |
81 | 'poche_url' => pocheTools::getUrl(), | |
82 | 'demo' => MODE_DEMO, | |
83 | 'title' => _('poche, a read it later open source system'), | |
84 | ); | |
85 | ||
86 | if (Session::isLogged()) { | |
87 | action_to_do($action, $url, $id); | |
88 | display_view($view, $id, $full_head); | |
89 | } | |
90 | else { | |
91 | $template = $twig->loadTemplate('login.twig'); | |
92 | } | |
93 | ||
94 | echo $template->render($tpl_vars); |