index.php

   1 <?php
   2 /**
   3  * poche, a read it later open source system
   4  *
   5  * @category   poche
   6  * @author     Nicolas Lœuillet <support@inthepoche.com>
   7  * @copyright  2013
   8  * @license    http://www.wtfpl.net/ see COPYING file
   9  */
  10
  11 include dirname(__FILE__).'/inc/config.php';
  12
  13 pocheTools::initPhp();
  14
  15 # XSRF protection with token
  16 if (!empty($_POST)) {
  17     if (!Session::isToken($_POST['token'])) {
  18         die(_('Wrong token.'));
  19     }
  20     unset($_SESSION['tokens']);
  21 }
  22
  23 $referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
  24
  25 if (isset($_GET['login'])) {
  26     // Login
  27     if (!empty($_POST['login']) && !empty($_POST['password'])) {
  28         if (Session::login($_SESSION['login'], $_SESSION['pass'], $_POST['login'], encode_string($_POST['password'] . $_POST['login']))) {
  29             pocheTools::logm('login successful');
  30             if (!empty($_POST['longlastingsession'])) {
  31                 $_SESSION['longlastingsession'] = 31536000;
  32                 $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession'];
  33                 session_set_cookie_params($_SESSION['longlastingsession']);
  34             } else {
  35                 session_set_cookie_params(0); // when browser closes
  36             }
  37             session_regenerate_id(true);
  38
  39             pocheTools::redirect($referer);
  40         }
  41         pocheTools::logm('login failed');
  42         die(_("Login failed !"));
  43     } else {
  44         pocheTools::logm('login failed');
  45     }
  46 }
  47 elseif (isset($_GET['logout'])) {
  48     pocheTools::logm('logout');
  49     Session::logout();
  50     pocheTools::redirect();
  51 }
  52 elseif  (isset($_GET['config'])) {
  53     if (isset($_POST['password']) && isset($_POST['password_repeat'])) {
  54         if ($_POST['password'] == $_POST['password_repeat'] && $_POST['password'] != "") {
  55             pocheTools::logm('password updated');
  56             if (!MODE_DEMO) {
  57                 $store->updatePassword(encode_string($_POST['password'] . $_SESSION['login']));
  58                 #your password has been updated
  59             }
  60             else {
  61                 #in demo mode, you can\'t update password
  62             }
  63         }
  64         #else
  65         #your password can\'t be empty and you have to repeat it in the second field
  66     }
  67 }
  68
  69 # Traitement des paramètres et déclenchement des actions
  70 $view               = (isset ($_REQUEST['view'])) ? htmlentities($_REQUEST['view']) : 'index';
  71 $full_head          = (isset ($_REQUEST['full_head'])) ? htmlentities($_REQUEST['full_head']) : 'yes';
  72 $action             = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : '';
  73 $_SESSION['sort']   = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id';
  74 $id                 = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : '';
  75 $url                = (isset ($_GET['url'])) ? $_GET['url'] : '';
  76
  77 $tpl_vars = array(
  78     'isLogged' => Session::isLogged(),
  79     'referer' => $referer,
  80     'view' => $view,
  81     'poche_url' => pocheTools::getUrl(),
  82     'demo' => MODE_DEMO,
  83     'title' => _('poche, a read it later open source system'),
  84 );
  85
  86 if (Session::isLogged()) {
  87     action_to_do($action, $url, $id);
  88     display_view($view, $id, $full_head);
  89 }
  90 else {
  91     $template = $twig->loadTemplate('login.twig');
  92 }
  93
  94 echo $template->render($tpl_vars);