]> git.immae.eu Git - github/wallabag/wallabag.git/blob - index.php
security check
[github/wallabag/wallabag.git] / index.php
1 <?php
2 /**
3 * wallabag, self hostable application allowing you to not miss any content anymore
4 *
5 * @category wallabag
6 * @author Nicolas LÅ“uillet <nicolas@loeuillet.org>
7 * @copyright 2013
8 * @license http://www.wtfpl.net/ see COPYING file
9 */
10
11 define ('POCHE', '1.7.0');
12 require 'check_setup.php';
13 require_once 'inc/poche/global.inc.php';
14
15 # Set error reporting level
16 if (defined('ERROR_REPORTING')) {
17 error_reporting(ERROR_REPORTING);
18 }
19
20 # Start session
21 Session::$sessionName = 'poche';
22 Session::init();
23
24 # Start Poche
25 $poche = new Poche();
26 $notInstalledMessage = $poche -> getNotInstalledMessage();
27
28 # Parse GET & REFERER vars
29 $referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
30 $view = Tools::checkVar('view', 'home');
31 $action = Tools::checkVar('action');
32 $id = Tools::checkVar('id');
33 $_SESSION['sort'] = Tools::checkVar('sort', 'id');
34 $url = new Url((isset ($_GET['url'])) ? $_GET['url'] : '');
35
36 # vars to _always_ send to templates
37 $tpl_vars = array(
38 'referer' => $referer,
39 'view' => $view,
40 'poche_url' => Tools::getPocheUrl(),
41 'title' => _('wallabag, a read it later open source system'),
42 'token' => Session::getToken(),
43 'theme' => $poche->getTheme()
44 );
45
46 if (! empty($notInstalledMessage)) {
47 if (! Poche::$canRenderTemplates || ! Poche::$configFileAvailable) {
48 # We cannot use Twig to display the error message
49 echo '<h1>Errors</h1><ol>';
50 foreach ($notInstalledMessage as $message) {
51 echo '<li>' . $message . '</li>';
52 }
53 echo '</ol>';
54 die();
55 } else {
56 # Twig is installed, put the error message in the template
57 $tpl_file = Tools::getTplFile('error');
58 $tpl_vars = array_merge($tpl_vars, array('msg' => $poche->getNotInstalledMessage()));
59 echo $poche->tpl->render($tpl_file, $tpl_vars);
60 exit;
61 }
62 }
63
64 # poche actions
65 if (isset($_GET['login'])) {
66 # hello you
67 $poche->login($referer);
68 } elseif (isset($_GET['logout'])) {
69 # see you soon !
70 $poche->logout();
71 } elseif (isset($_GET['config'])) {
72 # Update password
73 $poche->updatePassword();
74 } elseif (isset($_GET['newuser'])) {
75 $poche->createNewUser();
76 } elseif (isset($_GET['deluser'])) {
77 $poche->deleteUser();
78 } elseif (isset($_GET['epub'])) {
79 $poche->createEpub();
80 } elseif (isset($_GET['import'])) {
81 $import = $poche->import();
82 $tpl_vars = array_merge($tpl_vars, $import);
83 } elseif (isset($_GET['download'])) {
84 Tools::download_db();
85 } elseif (isset($_GET['empty-cache'])) {
86 $poche->emptyCache();
87 } elseif (isset($_GET['export'])) {
88 $poche->export();
89 } elseif (isset($_GET['updatetheme'])) {
90 $poche->updateTheme();
91 } elseif (isset($_GET['updatelanguage'])) {
92 $poche->updateLanguage();
93 } elseif (isset($_GET['uploadfile'])) {
94 $poche->uploadFile();
95 } elseif (isset($_GET['feed'])) {
96 if (isset($_GET['action']) && $_GET['action'] == 'generate') {
97 $poche->generateToken();
98 }
99 else {
100 $tag_id = (isset($_GET['tag_id']) ? intval($_GET['tag_id']) : 0);
101 $poche->generateFeeds($_GET['token'], filter_var($_GET['user_id'],FILTER_SANITIZE_NUMBER_INT), $tag_id, $_GET['type']);
102 }
103 }
104
105 elseif (isset($_GET['plainurl']) && !empty($_GET['plainurl'])) {
106 $plain_url = new Url(base64_encode($_GET['plainurl']));
107 $poche->action('add', $plain_url);
108 }
109
110 if (Session::isLogged()) {
111 $poche->action($action, $url, $id);
112 $tpl_file = Tools::getTplFile($view);
113 $tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id));
114 } elseif(isset($_SERVER['PHP_AUTH_USER'])) {
115 if($poche->store->userExists($_SERVER['PHP_AUTH_USER'])) {
116 $poche->login($referer);
117 } else {
118 $poche->messages->add('e', _('login failed: user doesn\'t exist'));
119 Tools::logm('user doesn\'t exist');
120 $tpl_file = Tools::getTplFile('login');
121 $tpl_vars['http_auth'] = 1;
122 }
123 } elseif(isset($_SERVER['REMOTE_USER'])) {
124 if($poche->store->userExists($_SERVER['REMOTE_USER'])) {
125 $poche->login($referer);
126 } else {
127 $poche->messages->add('e', _('login failed: user doesn\'t exist'));
128 Tools::logm('user doesn\'t exist');
129 $tpl_file = Tools::getTplFile('login');
130 $tpl_vars['http_auth'] = 1;
131 }
132 } else {
133 $tpl_file = Tools::getTplFile('login');
134 $tpl_vars['http_auth'] = 0;
135 Session::logout();
136 }
137
138 # because messages can be added in $poche->action(), we have to add this entry now (we can add it before)
139 $messages = $poche->messages->display('all', FALSE);
140 $tpl_vars = array_merge($tpl_vars, array('messages' => $messages));
141
142 # display poche
143 echo $poche->tpl->render($tpl_file, $tpl_vars);