index.php

   1 <?php
   2 /**
   3  * poche, a read it later open source system
   4  *
   5  * @category   poche
   6  * @author     Nicolas Lœuillet <support@inthepoche.com>
   7  * @copyright  2013
   8  * @license    http://www.wtfpl.net/ see COPYING file
   9  */
  10
  11 include dirname(__FILE__).'/inc/config.php';
  12
  13 $notices = array();
  14
  15 # XSRF protection with token
  16 // if (!empty($_POST)) {
  17 //     if (!Session::isToken($_POST['token'])) {
  18 //         die(_('Wrong token'));
  19 //         // TODO remettre le test
  20 //     }
  21 //     unset($_SESSION['tokens']);
  22 // }
  23
  24 $referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
  25
  26 if (isset($_GET['login'])) {
  27     # hello you
  28     if (!empty($_POST['login']) && !empty($_POST['password'])) {
  29         if (Session::login($_SESSION['login'], $_SESSION['pass'], $_POST['login'], encode_string($_POST['password'] . $_POST['login']))) {
  30             pocheTools::logm('login successful');
  31             $pocheTools[]['value'] = _('login successful');
  32
  33             if (!empty($_POST['longlastingsession'])) {
  34                 $_SESSION['longlastingsession'] = 31536000;
  35                 $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession'];
  36                 session_set_cookie_params($_SESSION['longlastingsession']);
  37             } else {
  38                 session_set_cookie_params(0);
  39             }
  40             session_regenerate_id(true);
  41             pocheTools::redirect($referer);
  42         }
  43         pocheTools::logm('login failed');
  44         $notices[]['value'] = _('Login failed !');
  45         pocheTools::redirect();
  46     } else {
  47         pocheTools::logm('login failed');
  48         pocheTools::redirect();
  49     }
  50 }
  51 elseif (isset($_GET['logout'])) {
  52     # see you soon !
  53     pocheTools::logm('logout');
  54     Session::logout();
  55     pocheTools::redirect();
  56 }
  57 elseif  (isset($_GET['config'])) {
  58     # Update password
  59     if (isset($_POST['password']) && isset($_POST['password_repeat'])) {
  60         if ($_POST['password'] == $_POST['password_repeat'] && $_POST['password'] != "") {
  61             if (!MODE_DEMO) {
  62                 pocheTools::logm('password updated');
  63                 $store->updatePassword(encode_string($_POST['password'] . $_SESSION['login']));
  64                 Session::logout();
  65                 pocheTools::redirect();
  66             }
  67             else {
  68                 pocheTools::logm('in demo mode, you can\'t do this');
  69             }
  70         }
  71     }
  72 }
  73
  74 # Aaaaaaand action !
  75 $view = (isset ($_REQUEST['view'])) ? htmlentities($_REQUEST['view']) : 'home';
  76 $full_head = (isset ($_REQUEST['full_head'])) ? htmlentities($_REQUEST['full_head']) : 'yes';
  77 $action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : '';
  78 $_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id';
  79 $id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : '';
  80 $url = (isset ($_GET['url'])) ? $_GET['url'] : '';
  81
  82 $tpl_vars = array(
  83     'referer' => $referer,
  84     'view' => $view,
  85     'poche_url' => pocheTools::getUrl(),
  86     'demo' => MODE_DEMO,
  87     'title' => _('poche, a read it later open source system'),
  88     'token' => Session::getToken(),
  89     'notices' => $notices,
  90 );
  91
  92 if (Session::isLogged()) {
  93     action_to_do($action, $url, $id);
  94     $tpl_file = get_tpl_file($view);
  95     $tpl_vars = array_merge($tpl_vars, display_view($view, $id));
  96 }
  97 else {
  98     $tpl_file = 'login.twig';
  99 }
 100
 101 echo $twig->render($tpl_file, $tpl_vars);