X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=4962639b46145d5802f186b751cc1e53c99f696b;hb=c67e13e04baab64bcc63fd0dca46125513250c44;hp=887326d1c6e6f843b8c34303f2a712efef31edf5;hpb=7eca3552c8f14a57b59bdb4be4ea8994616467d7;p=github%2Fwallabag%2Fwallabag.git diff --git a/index.php b/index.php old mode 100755 new mode 100644 index 887326d1..4962639b --- a/index.php +++ b/index.php @@ -3,159 +3,92 @@ * poche, a read it later open source system * * @category poche - * @author Nicolas Lœuillet + * @author Nicolas Lœuillet * @copyright 2013 * @license http://www.wtfpl.net/ see COPYING file */ -require_once dirname(__FILE__).'/inc/Readability.php'; -require_once dirname(__FILE__).'/inc/Encoding.php'; -include dirname(__FILE__).'/inc/functions.php'; +include dirname(__FILE__).'/inc/config.php'; -try -{ - $db_handle = new PDO('sqlite:db/poche.sqlite'); - $db_handle->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); -} -catch (Exception $e) -{ - die('database error : '.$e->getMessage()); -} - -$action = (isset ($_GET['action'])) ? htmlspecialchars($_GET['action']) : ''; -$view = (isset ($_GET['view'])) ? htmlspecialchars($_GET['view']) : ''; -$id = (isset ($_GET['id'])) ? htmlspecialchars($_GET['id']) : ''; +pocheTools::initPhp(); -switch ($action) -{ - case 'add': - $url = (isset ($_GET['url'])) ? $_GET['url'] : ''; - if ($url == '') - continue; +# XSRF protection with token +if (!empty($_POST)) { + if (!Session::isToken($_POST['token'])) { + die(_('Wrong token.')); + } + unset($_SESSION['tokens']); +} - $url = html_entity_decode(trim($url)); - $title = $url; - if (!preg_match('!^https?://!i', $url)) - $url = 'http://' . $url; +$referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; - $html = Encoding::toUTF8(get_external_file($url,15)); - if (isset($html) and strlen($html) > 0) - { - $r = new Readability($html, $url); - if($r->init()) - { - $title = $r->articleTitle->innerHTML; +if (isset($_GET['login'])) { + // Login + if (!empty($_POST['login']) && !empty($_POST['password'])) { + if (Session::login($_SESSION['login'], $_SESSION['pass'], $_POST['login'], encode_string($_POST['password'] . $_POST['login']))) { + pocheTools::logm('login successful'); + if (!empty($_POST['longlastingsession'])) { + $_SESSION['longlastingsession'] = 31536000; + $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession']; + session_set_cookie_params($_SESSION['longlastingsession']); + } else { + session_set_cookie_params(0); // when browser closes } - } - - $query = $db_handle->prepare('INSERT INTO entries ( url, title ) VALUES (?, ?)'); - $query->execute(array($url, $title)); - break; - case 'toggle_fav' : - $sql_action = "UPDATE entries SET is_fav=~is_fav WHERE id=?"; - $params_action = array($id); - break; - case 'toggle_archive' : - $sql_action = "UPDATE entries SET is_read=~is_read WHERE id=?"; - $params_action = array($id); - break; - case 'delete': - $sql_action = "DELETE FROM entries WHERE id=?"; - $params_action = array($id); - break; - default: - break; -} + session_regenerate_id(true); -try -{ - # action query - if (isset($sql_action)) - { - $query = $db_handle->prepare($sql_action); - $query->execute($params_action); + pocheTools::redirect($referer); + } + pocheTools::logm('login failed'); + die(_("Login failed !")); + } else { + pocheTools::logm('login failed'); } } -catch (Exception $e) -{ - die('query error : '.$e->getMessage()); +elseif (isset($_GET['logout'])) { + pocheTools::logm('logout'); + Session::logout(); + pocheTools::redirect(); } - -switch ($view) -{ - case 'archive': - $sql = "SELECT * FROM entries WHERE is_read=?"; - $params = array(-1); - break; - case 'fav' : - $sql = "SELECT * FROM entries WHERE is_fav=?"; - $params = array(-1); - break; - default: - $sql = "SELECT * FROM entries WHERE is_read=?"; - $params = array(0); - break; +elseif (isset($_GET['config'])) { + if (isset($_POST['password']) && isset($_POST['password_repeat'])) { + if ($_POST['password'] == $_POST['password_repeat'] && $_POST['password'] != "") { + pocheTools::logm('password updated'); + if (!MODE_DEMO) { + $store->updatePassword(encode_string($_POST['password'] . $_SESSION['login'])); + #your password has been updated + } + else { + #in demo mode, you can\'t update password + } + } + #else + #your password can\'t be empty and you have to repeat it in the second field + } } -# view query -try -{ - $query = $db_handle->prepare($sql); - $query->execute($params); - $entries = $query->fetchAll(); +# Traitement des paramètres et déclenchement des actions +$view = (isset ($_REQUEST['view'])) ? htmlentities($_REQUEST['view']) : 'index'; +$full_head = (isset ($_REQUEST['full_head'])) ? htmlentities($_REQUEST['full_head']) : 'yes'; +$action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : ''; +$_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id'; +$id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : ''; +$url = (isset ($_GET['url'])) ? $_GET['url'] : ''; + +$tpl_vars = array( + 'isLogged' => Session::isLogged(), + 'referer' => $referer, + 'view' => $view, + 'poche_url' => pocheTools::getUrl(), + 'demo' => MODE_DEMO, + 'title' => _('poche, a read it later open source system'), +); + +if (Session::isLogged()) { + action_to_do($action, $url, $id); + display_view($view, $id, $full_head); } -catch (Exception $e) -{ - die('query error : '.$e->getMessage()); +else { + $template = $twig->loadTemplate('login.twig'); } -?> - - - - - - - - - - - poche, a read it later open source system - - - - -
-

logo pochepoche

-
-
- -
- '; - } - echo ''; - - $i++; - if ($i == 3) { - echo ''; - $i = 0; - } - } - ?> -
-
- - - \ No newline at end of file +echo $template->render($tpl_vars); \ No newline at end of file