index.php

   1 <?php
   2 /**
   3  * poche, a read it later open source system
   4  *
   5  * @category   poche
   6  * @author     Nicolas Lœuillet <support@inthepoche.com>
   7  * @copyright  2013
   8  * @license    http://www.wtfpl.net/ see COPYING file
   9  */
  10
  11 include dirname(__FILE__).'/inc/config.php';
  12
  13 # initialize session
  14 Session::init();
  15 # XSRF protection with token
  16 if (!empty($_POST)) {
  17     if (!Session::isToken($_POST['token'])) {
  18         die('Wrong token.');
  19     }
  20     unset($_SESSION['tokens']);
  21 }
  22
  23 if (isset($_GET['login'])) {
  24     // Login
  25     if (!empty($_POST['login']) && !empty($_POST['password'])) {
  26         if (Session::login('poche', 'poche', $_POST['login'], $_POST['password'])) {
  27             logm('login successful');
  28             if (!empty($_POST['longlastingsession'])) {
  29                 $_SESSION['longlastingsession'] = 31536000;
  30                 $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession'];
  31                 session_set_cookie_params($_SESSION['longlastingsession']);
  32             } else {
  33                 session_set_cookie_params(0); // when browser closes
  34             }
  35             session_regenerate_id(true);
  36
  37             MyTool::redirect();
  38         }
  39         logm('login failed');
  40         die("Login failed !");
  41     } else {
  42         logm('login failed');
  43     }
  44 }
  45 elseif (isset($_GET['logout'])) {
  46     logm('logout');
  47     Session::logout();
  48     MyTool::redirect();
  49 }
  50
  51 # Traitement des paramètres et déclenchement des actions
  52 $view               = (isset ($_REQUEST['view'])) ? htmlentities($_REQUEST['view']) : 'index';
  53 $full_head          = (isset ($_REQUEST['full_head'])) ? htmlentities($_REQUEST['full_head']) : 'yes';
  54 $action             = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : '';
  55 $_SESSION['sort']   = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id';
  56 $id                 = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : '';
  57 $url                = (isset ($_GET['url'])) ? $_GET['url'] : '';
  58 $ref                = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
  59
  60 $tpl->assign('isLogged', Session::isLogged());
  61 $tpl->assign('referer', $ref);
  62 $tpl->assign('view', $view);
  63 $tpl->assign('poche_url', get_poche_url());
  64 $tpl->assign('title', 'poche, a read it later open source system');
  65
  66 if (Session::isLogged()) {
  67     action_to_do($action, $url, $id);
  68     display_view($view, $id, $full_head);
  69 }
  70 else {
  71     $tpl->draw('login');
  72 }