X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=0a778d0843f2fd20c55be7f1f089f3c1cf537aa4;hb=85ebc80c7eaf88e4d57a52adb8e4c32d8cc34b64;hp=c303f8e368a2c7176ae6587de410ae87446d7927;hpb=9fee2e7266a269a8795b96b972cdc62bbcb3329b;p=github%2Fwallabag%2Fwallabag.git

diff --git a/index.php b/index.php
old mode 100755
new mode 100644
index c303f8e3..0a778d08
--- a/index.php
+++ b/index.php
@@ -10,17 +10,81 @@
 
 include dirname(__FILE__).'/inc/config.php';
 
-$entries = display_view($view);
+myTool::initPhp();
 
-$tpl->assign('title', 'poche, a read it later open source system');
+# XSRF protection with token
+if (!empty($_POST)) {
+    if (!Session::isToken($_POST['token'])) {
+        die('Wrong token.');
+    }
+    unset($_SESSION['tokens']);
+}
+
+$ref = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
+
+if (isset($_GET['login'])) {
+    // Login
+    if (!empty($_POST['login']) && !empty($_POST['password'])) {
+        if (Session::login($_SESSION['login'], $_SESSION['pass'], $_POST['login'], encode_string($_POST['password'] . $_POST['login']))) {
+            logm('login successful');
+            $msg->add('s', 'welcome in your poche!');
+            if (!empty($_POST['longlastingsession'])) {
+                $_SESSION['longlastingsession'] = 31536000;
+                $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession'];
+                session_set_cookie_params($_SESSION['longlastingsession']);
+            } else {
+                session_set_cookie_params(0); // when browser closes
+            }
+            session_regenerate_id(true);
+
+            MyTool::redirect($ref);
+        }
+        logm('login failed');
+        die("Login failed !");
+    } else {
+        logm('login failed');
+    }
+}
+elseif (isset($_GET['logout'])) {
+    logm('logout');
+    Session::logout();
+    MyTool::redirect();
+}
+elseif  (isset($_GET['config'])) {
+    if (isset($_POST['password']) && isset($_POST['password_repeat'])) {
+        if ($_POST['password'] == $_POST['password_repeat'] && $_POST['password'] != "") {
+            logm('password updated');
+            if (!DEMO) {
+                $store->updatePassword(encode_string($_POST['password'] . $_SESSION['login']));
+                $msg->add('s', 'your password has been updated');
+            }
+            else {
+                $msg->add('i', 'in demo mode, you can\'t update password');
+            }
+        }
+        else
+            $msg->add('e', 'your password can\'t be empty and you have to repeat it in the second field');
+    }
+}
+
+# Traitement des paramètres et déclenchement des actions
+$view               = (isset ($_REQUEST['view'])) ? htmlentities($_REQUEST['view']) : 'index';
+$full_head          = (isset ($_REQUEST['full_head'])) ? htmlentities($_REQUEST['full_head']) : 'yes';
+$action             = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : '';
+$_SESSION['sort']   = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id';
+$id                 = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : '';
+$url                = (isset ($_GET['url'])) ? $_GET['url'] : '';
+
+$tpl->assign('isLogged', Session::isLogged());
+$tpl->assign('referer', $ref);
 $tpl->assign('view', $view);
-$tpl->assign('poche_url', get_poche_url());
-$tpl->assign('entries', $entries);
-$tpl->assign('load_all_js', 1);
-$tpl->assign('token', $_SESSION['token_poche']);
-
-$tpl->draw('head');
-$tpl->draw('home');
-$tpl->draw('entries');
-$tpl->draw('js');
-$tpl->draw('footer');
\ No newline at end of file
+$tpl->assign('poche_url', myTool::getUrl());
+$tpl->assign('title', 'poche, a read it later open source system');
+
+if (Session::isLogged()) {
+    action_to_do($action, $url, $id);
+    display_view($view, $id, $full_head);
+}
+else {
+    $tpl->draw('login');
+}