X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=4962639b46145d5802f186b751cc1e53c99f696b;hb=afe60d614b5c3c7700db93e51a991b0180887726;hp=d56c19410d4f530bb02f069a5c1d027ed604502d;hpb=3c8d80aec5f5ba15910014bb4dcb48e948041ec9;p=github%2Fwallabag%2Fwallabag.git

diff --git a/index.php b/index.php
old mode 100755
new mode 100644
index d56c1941..4962639b
--- a/index.php
+++ b/index.php
@@ -9,158 +9,86 @@
  */
 
 include dirname(__FILE__).'/inc/config.php';
-$db = new db(DB_PATH);
 
-$action = (isset ($_GET['action'])) ? htmlspecialchars($_GET['action']) : '';
-$view   = (isset ($_GET['view'])) ? htmlspecialchars($_GET['view']) : '';
-$id     = (isset ($_GET['id'])) ? htmlspecialchars($_GET['id']) : '';
-$url    = (isset ($_GET['url'])) ? $_GET['url'] : '';
+pocheTools::initPhp();
 
-switch ($action)
-{
-    case 'add':
+# XSRF protection with token
+if (!empty($_POST)) {
+    if (!Session::isToken($_POST['token'])) {
+        die(_('Wrong token.'));
+    }
+    unset($_SESSION['tokens']);
+}
 
-        if ($url == '')
-            continue;
+$referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
 
-        $parametres_url = prepare_url($url);
+if (isset($_GET['login'])) {
+    // Login
+    if (!empty($_POST['login']) && !empty($_POST['password'])) {
+        if (Session::login($_SESSION['login'], $_SESSION['pass'], $_POST['login'], encode_string($_POST['password'] . $_POST['login']))) {
+            pocheTools::logm('login successful');
+            if (!empty($_POST['longlastingsession'])) {
+                $_SESSION['longlastingsession'] = 31536000;
+                $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession'];
+                session_set_cookie_params($_SESSION['longlastingsession']);
+            } else {
+                session_set_cookie_params(0); // when browser closes
+            }
+            session_regenerate_id(true);
 
-        try
-        {
-            # insert query
-            $query = $db->getHandle()->prepare('INSERT INTO entries ( url, title, content ) VALUES (?, ?, ?)');
-            $query->execute(array($url, $parametres_url['title'], $parametres_url['content']));
+            pocheTools::redirect($referer);
         }
-        catch (Exception $e)
-        {
-            error_log('insert query error : '.$e->getMessage());
-        }
-
-        break;
-    case 'delete':
-        $sql_action     = "DELETE FROM entries WHERE id=?";
-        $params_action  = array($id);
-        break;
-    default:
-        break;
-}
-
-try
-{
-    # action query
-    if (isset($sql_action))
-    {
-        $query = $db->getHandle()->prepare($sql_action);
-        $query->execute($params_action);
+        pocheTools::logm('login failed');
+        die(_("Login failed !"));
+    } else {
+        pocheTools::logm('login failed');
     }
 }
-catch (Exception $e)
-{
-    die('action query error : '.$e->getMessage());
+elseif (isset($_GET['logout'])) {
+    pocheTools::logm('logout');
+    Session::logout();
+    pocheTools::redirect();
 }
-
-switch ($view)
-{
-    case 'archive':
-        $sql    = "SELECT * FROM entries WHERE is_read=? ORDER BY id desc";
-        $params = array(-1);
-        break;
-    case 'fav' :
-        $sql    = "SELECT * FROM entries WHERE is_fav=? ORDER BY id desc";
-        $params = array(-1);
-        break;
-    default:
-        $sql    = "SELECT * FROM entries WHERE is_read=? ORDER BY id desc";
-        $params = array(0);
-        $view = 'index';
-        break;
+elseif  (isset($_GET['config'])) {
+    if (isset($_POST['password']) && isset($_POST['password_repeat'])) {
+        if ($_POST['password'] == $_POST['password_repeat'] && $_POST['password'] != "") {
+            pocheTools::logm('password updated');
+            if (!MODE_DEMO) {
+                $store->updatePassword(encode_string($_POST['password'] . $_SESSION['login']));
+                #your password has been updated
+            }
+            else {
+                #in demo mode, you can\'t update password
+            }
+        }
+        #else
+        #your password can\'t be empty and you have to repeat it in the second field
+    }
 }
 
-# view query
-try
-{
-    $query  = $db->getHandle()->prepare($sql);
-    $query->execute($params);
-    $entries = $query->fetchAll();
-}
-catch (Exception $e)
-{
-    die('view query error : '.$e->getMessage());
-}
+# Traitement des paramètres et déclenchement des actions
+$view               = (isset ($_REQUEST['view'])) ? htmlentities($_REQUEST['view']) : 'index';
+$full_head          = (isset ($_REQUEST['full_head'])) ? htmlentities($_REQUEST['full_head']) : 'yes';
+$action             = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : '';
+$_SESSION['sort']   = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id';
+$id                 = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : '';
+$url                = (isset ($_GET['url'])) ? $_GET['url'] : '';
 
-?>
-<!DOCTYPE html>
-<!--[if lte IE 6]> <html class="no-js ie6 ie67 ie678" lang="en"> <![endif]-->
-<!--[if lte IE 7]> <html class="no-js ie7 ie67 ie678" lang="en"> <![endif]-->
-<!--[if IE 8]> <html class="no-js ie8 ie678" lang="en"> <![endif]-->
-<!--[if gt IE 8]><!--> <html class="no-js" lang="en"> <!--<![endif]-->
-<html>
-    <head>
-        <meta name="viewport" content="width=device-width, minimum-scale=1.0, maximum-scale=1.0">
-        <meta charset="utf-8">
-        <meta http-equiv="X-UA-Compatible" content="IE=10">
-        <title>poche, a read it later open source system</title>
-        <link rel="shortcut icon" type="image/x-icon" href="img/favicon.ico" />
-        <link rel="apple-touch-icon-precomposed" sizes="144x144" href="img/apple-touch-icon-144x144-precomposed.png">
-        <link rel="apple-touch-icon-precomposed" sizes="72x72" href="img/apple-touch-icon-72x72-precomposed.png">
-        <link rel="apple-touch-icon-precomposed" href="img/apple-touch-icon-precomposed.png">
-        <link rel="stylesheet" href="css/knacss.css" media="all">
-        <link rel="stylesheet" href="css/style.css" media="all">
-    </head>
-    <body>
-        <header>
-            <h1><img src="img/logo.png" alt="logo poche" />poche</h1>
-        </header>
-        <div id="main">
-            <ul id="links">
-                <li><a href="index.php" <?php echo (($view == 'index') ? 'class="current"' : ''); ?>>home</a></li>
-                <li><a href="?view=fav" <?php echo (($view == 'fav') ? 'class="current"' : ''); ?>>favorites</a></li>
-                <li><a href="?view=archive" <?php echo (($view == 'archive') ? 'class="current"' : ''); ?>>archive</a></li>
-                <li><a style="cursor: move" title="i am a bookmarklet, use me !" href="javascript:(function(){var%20url%20=%20location.href;var%20title%20=%20document.title%20||%20url;window.open('<?php echo url()?>?action=add&url='%20+%20encodeURIComponent(url),'_self');})();">poche it !</a></li>
-            </ul>
-            <div id="content">
-                <?php
-                foreach ($entries as $entry)
-                {
-                    ?>
-                    <div id="entry-<?php echo $entry['id']; ?>" class="entrie mb2">
-                        <span class="content">
-                            <h2 class="h6-like">
-                                <a href="view.php?id=<?php echo $entry['id']; ?>"><?php echo $entry['title']; ?>
-                            </h2>
-                            <div class="tools">
-                                <a title="toggle mark as read" class="tool archive <?php echo ( ($entry['is_read'] == '0') ? 'archive-off' : '' ); ?>" onclick="toggle_archive(this, <?php echo $entry['id']; ?>)"><span></span></a>
-                                <a title="toggle favorite" class="tool fav <?php echo ( ($entry['is_fav'] == '0') ? 'fav-off' : '' ); ?>" onclick="toggle_favorite(this, <?php echo $entry['id']; ?>)"><span></span></a>
-                                <a href="?action=delete&id=<?php echo $entry['id']; ?>" title="toggle delete" onclick="return confirm('Are you sure?')" class="tool delete"><span></span></a>
-                            </div>
-                        </span>
-                    </div>
-                <?php
-                }
-                ?>
-            </div>
-        </div>
-        <footer class="mr2 mt3 smaller">
-            <p>powered by <a href="http://inthepoche.com">poche</a><br />follow us on <a href="https://twitter.com/getpoche" title="follow us on twitter">twitter</a></p>
-        </footer>
-        <script type="text/javascript" src="js/jquery-1.9.1.min.js"></script>
-        <script type="text/javascript" src="js/jquery.masonry.min.js"></script>
-        <script type="text/javascript" src="js/poche.js"></script>
-        <script type="text/javascript">
-            $( window ).load( function()
-            {
-                var columns    = 3,
-                    setColumns = function() { columns = $( window ).width() > 640 ? 3 : $( window ).width() > 320 ? 2 : 1; };
+$tpl_vars = array(
+    'isLogged' => Session::isLogged(),
+    'referer' => $referer,
+    'view' => $view,
+    'poche_url' => pocheTools::getUrl(),
+    'demo' => MODE_DEMO,
+    'title' => _('poche, a read it later open source system'),
+);
 
-                setColumns();
-                $( window ).resize( setColumns );
+if (Session::isLogged()) {
+    action_to_do($action, $url, $id);
+    display_view($view, $id, $full_head);
+}
+else {
+    $template = $twig->loadTemplate('login.twig');
+}
 
-                $( '#content' ).masonry(
-                {
-                    itemSelector: '.entrie',
-                    columnWidth:  function( containerWidth ) { return containerWidth / columns; }
-                });
-            });
-        </script>
-    </body>
-</html>
+echo $template->render($tpl_vars);
\ No newline at end of file