index.php

   1 <?php
   2 /**
   3  * poche, a read it later open source system
   4  *
   5  * @category   poche
   6  * @author     Nicolas Lœuillet <support@inthepoche.com>
   7  * @copyright  2013
   8  * @license    http://www.wtfpl.net/ see COPYING file
   9  */
  10
  11 include dirname(__FILE__).'/inc/config.php';
  12
  13 $errors = array();
  14
  15 # XSRF protection with token
  16 if (!empty($_POST)) {
  17     if (!Session::isToken($_POST['token'])) {
  18         die(_('Wrong token'));
  19     }
  20     unset($_SESSION['tokens']);
  21 }
  22
  23 $referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
  24
  25 if (isset($_GET['login'])) {
  26     if (!empty($_POST['login']) && !empty($_POST['password'])) {
  27         if (Session::login($_SESSION['login'], $_SESSION['pass'], $_POST['login'], encode_string($_POST['password'] . $_POST['login']))) {
  28             pocheTools::logm('login successful');
  29             $errors[]['value'] = _('login successful');
  30
  31             if (!empty($_POST['longlastingsession'])) {
  32                 $_SESSION['longlastingsession'] = 31536000;
  33                 $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession'];
  34                 session_set_cookie_params($_SESSION['longlastingsession']);
  35             } else {
  36                 session_set_cookie_params(0); // when browser closes
  37             }
  38             session_regenerate_id(true);
  39             pocheTools::redirect($referer);
  40         }
  41         pocheTools::logm('login failed');
  42         $errors[]['value'] = _('Login failed !');
  43     } else {
  44         pocheTools::logm('login failed');
  45     }
  46 }
  47 elseif (isset($_GET['logout'])) {
  48     pocheTools::logm('logout');
  49     Session::logout();
  50     pocheTools::redirect();
  51 }
  52 elseif  (isset($_GET['config'])) {
  53     if (isset($_POST['password']) && isset($_POST['password_repeat'])) {
  54         if ($_POST['password'] == $_POST['password_repeat'] && $_POST['password'] != "") {
  55             pocheTools::logm('password updated');
  56             if (!MODE_DEMO) {
  57                 $store->updatePassword(encode_string($_POST['password'] . $_SESSION['login']));
  58                 #your password has been updated
  59             }
  60             else {
  61                 #in demo mode, you can\'t update password
  62             }
  63         }
  64         #else
  65         #your password can\'t be empty and you have to repeat it in the second field
  66     }
  67 }
  68
  69 # Traitement des paramètres et déclenchement des actions
  70 $view               = (isset ($_REQUEST['view'])) ? htmlentities($_REQUEST['view']) : 'home';
  71 $full_head          = (isset ($_REQUEST['full_head'])) ? htmlentities($_REQUEST['full_head']) : 'yes';
  72 $action             = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : '';
  73 $_SESSION['sort']   = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id';
  74 $id                 = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : '';
  75 $url                = (isset ($_GET['url'])) ? $_GET['url'] : '';
  76
  77 $tpl_vars = array(
  78     'referer' => $referer,
  79     'view' => $view,
  80     'poche_url' => pocheTools::getUrl(),
  81     'demo' => MODE_DEMO,
  82     'title' => _('poche, a read it later open source system'),
  83     'token' => Session::getToken(),
  84     'errors' => $errors,
  85 );
  86
  87 $tpl_file = 'home.twig';
  88
  89 if (Session::isLogged()) {
  90     action_to_do($action, $url, $id);
  91     $tpl_vars = array_merge($tpl_vars, display_view($view, $id));
  92 }
  93 else {
  94     $tpl_file = 'login.twig';
  95 }
  96
  97 echo $twig->render($tpl_file, $tpl_vars);