* poche, a read it later open source system
*
* @category poche
- * @author Nicolas Lœuillet <nicolas@loeuillet.org>
+ * @author Nicolas Lœuillet <support@inthepoche.com>
* @copyright 2013
* @license http://www.wtfpl.net/ see COPYING file
*/
-require_once dirname(__FILE__).'/inc/Readability.php';
-require_once dirname(__FILE__).'/inc/Encoding.php';
-include dirname(__FILE__).'/inc/functions.php';
+include dirname(__FILE__).'/inc/config.php';
-try
-{
- $db_handle = new PDO('sqlite:db/poche.sqlite');
- $db_handle->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
-}
-catch (Exception $e)
-{
- die('database error : '.$e->getMessage());
+# initialize session
+Session::init();
+# XSRF protection with token
+if (!empty($_POST)) {
+ if (!Session::isToken($_POST['token'])) {
+ die('Wrong token.');
+ }
+ unset($_SESSION['tokens']);
}
-$action = (isset ($_GET['action'])) ? htmlspecialchars($_GET['action']) : '';
-$view = (isset ($_GET['view'])) ? htmlspecialchars($_GET['view']) : '';
-$id = (isset ($_GET['id'])) ? htmlspecialchars($_GET['id']) : '';
-
-switch ($action)
-{
- case 'add':
- $url = (isset ($_GET['url'])) ? $_GET['url'] : '';
- if ($url == '')
- continue;
-
- $url = html_entity_decode(trim($url));
- $title = $url;
- if (!preg_match('!^https?://!i', $url))
- $url = 'http://' . $url;
-
- $html = Encoding::toUTF8(get_external_file($url,15));
- if (isset($html) and strlen($html) > 0)
- {
- $r = new Readability($html, $url);
- if($r->init())
- {
- $title = $r->articleTitle->innerHTML;
+if (isset($_GET['login'])) {
+ // Login
+ if (!empty($_POST['login']) && !empty($_POST['password'])) {
+ if (Session::login('poche', 'poche', $_POST['login'], $_POST['password'])) {
+ logm('login successful');
+ if (!empty($_POST['longlastingsession'])) {
+ $_SESSION['longlastingsession'] = 31536000;
+ $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession'];
+ session_set_cookie_params($_SESSION['longlastingsession']);
+ } else {
+ session_set_cookie_params(0); // when browser closes
}
- }
-
- $query = $db_handle->prepare('INSERT INTO entries ( url, title ) VALUES (?, ?)');
- $query->execute(array($url, $title));
- break;
- case 'toggle_fav' :
- $sql_action = "UPDATE entries SET is_fav=~is_fav WHERE id=?";
- $params_action = array($id);
- break;
- case 'toggle_archive' :
- $sql_action = "UPDATE entries SET is_read=~is_read WHERE id=?";
- $params_action = array($id);
- break;
- case 'delete':
- $sql_action = "DELETE FROM entries WHERE id=?";
- $params_action = array($id);
- break;
- default:
- break;
-}
+ session_regenerate_id(true);
-try
-{
- # action query
- if (isset($sql_action))
- {
- $query = $db_handle->prepare($sql_action);
- $query->execute($params_action);
+ MyTool::redirect();
+ }
+ logm('login failed');
+ die("Login failed !");
+ } else {
+ logm('login failed');
}
}
-catch (Exception $e)
-{
- die('query error : '.$e->getMessage());
+elseif (isset($_GET['logout'])) {
+ logm('logout');
+ Session::logout();
+ MyTool::redirect();
}
-switch ($view)
-{
- case 'archive':
- $sql = "SELECT * FROM entries WHERE is_read=? ORDER BY id desc";
- $params = array(-1);
- break;
- case 'fav' :
- $sql = "SELECT * FROM entries WHERE is_fav=? ORDER BY id desc";
- $params = array(-1);
- break;
- default:
- $sql = "SELECT * FROM entries WHERE is_read=? ORDER BY id desc";
- $params = array(0);
- break;
-}
+# Traitement des paramètres et déclenchement des actions
+$view = (isset ($_REQUEST['view'])) ? htmlentities($_REQUEST['view']) : 'index';
+$full_head = (isset ($_REQUEST['full_head'])) ? htmlentities($_REQUEST['full_head']) : 'yes';
+$action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : '';
+$_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id';
+$id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : '';
+$url = (isset ($_GET['url'])) ? $_GET['url'] : '';
+$ref = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
-# view query
-try
-{
- $query = $db_handle->prepare($sql);
- $query->execute($params);
- $entries = $query->fetchAll();
-}
-catch (Exception $e)
-{
- die('query error : '.$e->getMessage());
-}
-
-?>
-<!DOCTYPE html>
-<!--[if lte IE 6]> <html class="no-js ie6 ie67 ie678" lang="en"> <![endif]-->
-<!--[if lte IE 7]> <html class="no-js ie7 ie67 ie678" lang="en"> <![endif]-->
-<!--[if IE 8]> <html class="no-js ie8 ie678" lang="en"> <![endif]-->
-<!--[if gt IE 8]><!--> <html class="no-js" lang="en"> <!--<![endif]-->
-<html>
- <head>
- <meta name="viewport" content="width=device-width, minimum-scale=1.0, maximum-scale=1.0">
- <meta charset="utf-8">
- <meta http-equiv="X-UA-Compatible" content="IE=10">
- <title>poche, a read it later open source system</title>
- <link rel="shortcut icon" type="image/x-icon" href="favicon.ico" />
- <link rel="apple-touch-icon-precomposed" sizes="144x144" href="img/apple-touch-icon-144x144-precomposed.png">
- <link rel="apple-touch-icon-precomposed" sizes="72x72" href="img/apple-touch-icon-72x72-precomposed.png">
- <link rel="apple-touch-icon-precomposed" href="img/apple-touch-icon-precomposed.png">
- <link rel="stylesheet" href="css/knacss.css" media="all">
- <link rel="stylesheet" href="css/style.css" media="all">
- </head>
- <body>
- <header>
- <h1><img src="img/logo.png" alt="logo poche" />poche</h1>
- </header>
- <div id="main" class="w960p">
- <ul id="links">
- <li><a href="index.php">home</a></li>
- <li><a href="?view=fav">favorites</a></li>
- <li><a href="?view=archive">archive</a></li>
- <li><a style="cursor: move" title="i am a bookmarklet, use me !" href="javascript:(function(){var%20url%20=%20location.href;var%20title%20=%20document.title%20||%20url;window.open('<?php echo url()?>?action=add&url='%20+%20encodeURIComponent(url),'_self');})();">poche it !</a></li>
- </ul>
- <div id="entries">
- <?php
- $i = 0;
- foreach ($entries as $entry)
- {
- if ($i == 0) {
- echo '<section class="line grid3">';
- }
- echo '<aside class="mod entrie mb2"><h2 class="h6-like"><a href="readityourself.php?url='.urlencode($entry['url']).'">' . $entry['title'] . '</h2><div class="tools"><a href="?action=toggle_archive&id='.$entry['id'].'" title="toggle mark as read" class="tool">✓</a> <a href="?action=toggle_fav&id='.$entry['id'].'" title="toggle favorite" class="tool">'.(($entry['is_fav'] == 0) ? '☆' : '★' ).'</a> <a href="?action=delete&id='.$entry['id'].'" title="toggle delete" class="tool">⨯</a></div></aside>';
+$tpl->assign('isLogged', Session::isLogged());
+$tpl->assign('referer', $ref);
+$tpl->assign('view', $view);
+$tpl->assign('poche_url', get_poche_url());
+$tpl->assign('title', 'poche, a read it later open source system');
- $i++;
- if ($i == 3) {
- echo '</section>';
- $i = 0;
- }
- }
- ?>
- </div>
- </div>
- <footer class="mr2 mt3">
- <p class="smaller"><a href="http://github.com/nicosomb/poche">poche</a> is a read it later open source system, based on <a href="http://www.memiks.fr/readityourself/">ReadItYourself</a>. <a href="https://twitter.com/getpoche" title="follow us on twitter">@getpoche</a>. Logo by <a href="http://www.iconfinder.com/icondetails/43256/128/jeans_monotone_pocket_icon">Brightmix</a>. poche is developed by <a href="http://nicolas.loeuillet.org">Nicolas Lœuillet</a> under the <a href="http://www.wtfpl.net/">WTFPL</a>.</p>
- </footer>
- </body>
-</html>
\ No newline at end of file
+if (Session::isLogged()) {
+ action_to_do($action, $url, $id);
+ display_view($view, $id, $full_head);
+}
+else {
+ $tpl->draw('login');
+}
\ No newline at end of file
projects / github / wallabag / wallabag.git / blobdiff