X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=40779698c4c25a63d04c4afe45515a31d1b9f6cd;hb=eb1af592194e225bf887e4893e697f0ab8dd9a26;hp=27ef5755b26621cfe6129e9780d88f59e8bf3676;hpb=6c732e1cc64ec9747ca89bd705a9009fe1035a09;p=github%2Fwallabag%2Fwallabag.git diff --git a/index.php b/index.php old mode 100755 new mode 100644 index 27ef5755..40779698 --- a/index.php +++ b/index.php @@ -3,170 +3,100 @@ * poche, a read it later open source system * * @category poche - * @author Nicolas Lœuillet + * @author Nicolas Lœuillet * @copyright 2013 * @license http://www.wtfpl.net/ see COPYING file */ -require_once dirname(__FILE__).'/inc/Readability.php'; -require_once dirname(__FILE__).'/inc/Encoding.php'; -include dirname(__FILE__).'/inc/functions.php'; +include dirname(__FILE__).'/inc/poche/config.inc.php'; -try -{ - $db_handle = new PDO('sqlite:db/poche.sqlite'); - $db_handle->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); -} -catch (Exception $e) -{ - die('database error : '.$e->getMessage()); -} - -$action = (isset ($_GET['action'])) ? htmlspecialchars($_GET['action']) : ''; -$view = (isset ($_GET['view'])) ? htmlspecialchars($_GET['view']) : ''; -$id = (isset ($_GET['id'])) ? htmlspecialchars($_GET['id']) : ''; - -switch ($action) -{ - case 'add': - $url = (isset ($_GET['url'])) ? $_GET['url'] : ''; - if ($url == '') - continue; +$notices = array(); - $url = html_entity_decode(trim($url)); +# XSRF protection with token +// if (!empty($_POST)) { +// if (!Session::isToken($_POST['token'])) { +// die(_('Wrong token')); +// // TODO remettre le test +// } +// unset($_SESSION['tokens']); +// } - // We remove the annoying parameters added by FeedBurner and GoogleFeedProxy (?utm_source=...) - // from shaarli, by sebsauvage - $i=strpos($url,'&utm_source='); if ($i!==false) $url=substr($url,0,$i); - $i=strpos($url,'?utm_source='); if ($i!==false) $url=substr($url,0,$i); - $i=strpos($url,'#xtor=RSS-'); if ($i!==false) $url=substr($url,0,$i); +$referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; - $title = $url; - if (!preg_match('!^https?://!i', $url)) - $url = 'http://' . $url; +if (isset($_GET['login'])) { + # hello you + if (!empty($_POST['login']) && !empty($_POST['password'])) { + if (Session::login($_SESSION['login'], $_SESSION['pass'], $_POST['login'], Tools::encodeString($_POST['password'] . $_POST['login']))) { + Tools::logm('login successful'); + $notices['value'] = _('login successful'); - $html = Encoding::toUTF8(get_external_file($url,15)); - if (isset($html) and strlen($html) > 0) - { - $r = new Readability($html, $url); - if($r->init()) - { - $title = $r->articleTitle->innerHTML; + if (!empty($_POST['longlastingsession'])) { + $_SESSION['longlastingsession'] = 31536000; + $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession']; + session_set_cookie_params($_SESSION['longlastingsession']); + } else { + session_set_cookie_params(0); } + session_regenerate_id(true); + Tools::redirect($referer); } - - $query = $db_handle->prepare('INSERT INTO entries ( url, title ) VALUES (?, ?)'); - $query->execute(array($url, $title)); - break; - case 'toggle_fav' : - $sql_action = "UPDATE entries SET is_fav=~is_fav WHERE id=?"; - $params_action = array($id); - break; - case 'toggle_archive' : - $sql_action = "UPDATE entries SET is_read=~is_read WHERE id=?"; - $params_action = array($id); - break; - case 'delete': - $sql_action = "DELETE FROM entries WHERE id=?"; - $params_action = array($id); - break; - default: - break; -} - -try -{ - # action query - if (isset($sql_action)) - { - $query = $db_handle->prepare($sql_action); - $query->execute($params_action); + Tools::logm('login failed'); + $notices['value'] = _('Login failed !'); + Tools::redirect(); + } else { + Tools::logm('login failed'); + Tools::redirect(); } } -catch (Exception $e) -{ - die('query error : '.$e->getMessage()); +elseif (isset($_GET['logout'])) { + # see you soon ! + Tools::logm('logout'); + Session::logout(); + Tools::redirect(); } - -switch ($view) -{ - case 'archive': - $sql = "SELECT * FROM entries WHERE is_read=? ORDER BY id desc"; - $params = array(-1); - break; - case 'fav' : - $sql = "SELECT * FROM entries WHERE is_fav=? ORDER BY id desc"; - $params = array(-1); - break; - default: - $sql = "SELECT * FROM entries WHERE is_read=? ORDER BY id desc"; - $params = array(0); - break; +elseif (isset($_GET['config'])) { + # Update password + if (isset($_POST['password']) && isset($_POST['password_repeat'])) { + if ($_POST['password'] == $_POST['password_repeat'] && $_POST['password'] != "") { + if (!MODE_DEMO) { + Tools::logm('password updated'); + $poche->store->updatePassword(Tools::encodeString($_POST['password'] . $_SESSION['login'])); + Session::logout(); + Tools::redirect(); + } + else { + Tools::logm('in demo mode, you can\'t do this'); + } + } + } } -# view query -try -{ - $query = $db_handle->prepare($sql); - $query->execute($params); - $entries = $query->fetchAll(); +# Aaaaaaand action ! +$view = (isset ($_REQUEST['view'])) ? htmlentities($_REQUEST['view']) : 'home'; +$full_head = (isset ($_REQUEST['full_head'])) ? htmlentities($_REQUEST['full_head']) : 'yes'; +$action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : ''; +$_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id'; +$id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : ''; + +$url = new Url((isset ($_GET['url'])) ? $_GET['url'] : ''); + +$tpl_vars = array( + 'referer' => $referer, + 'view' => $view, + 'poche_url' => Tools::getPocheUrl(), + 'demo' => MODE_DEMO, + 'title' => _('poche, a read it later open source system'), + 'token' => Session::getToken(), + 'notices' => $notices, +); + +if (Session::isLogged()) { + $poche->action($action, $url, $id); + $tpl_file = Tools::getTplFile($view); + $tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id)); } -catch (Exception $e) -{ - die('query error : '.$e->getMessage()); +else { + $tpl_file = 'login.twig'; } -?> - - - - - - - - - - - poche, a read it later open source system - - - - - - - - -
-

logo pochepoche

-
-
- -
- '; - } - echo ''; - - $i++; - if ($i == 3) { - echo ''; - $i = 0; - } - } - ?> -
-
- - - \ No newline at end of file +echo $poche->tpl->render($tpl_file, $tpl_vars); \ No newline at end of file