X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=6eefd277e808647b331e42ca4c184cb03a0a38c4;hb=2761de0184d03ad85f69589c379c94049bb43d24;hp=6f7c5fc01e697064a5bc2bfdf7130c4050788da2;hpb=c8bbe19b3fd2ba268c98561690de37fe599ff055;p=github%2Fwallabag%2Fwallabag.git diff --git a/index.php b/index.php old mode 100755 new mode 100644 index 6f7c5fc0..6eefd277 --- a/index.php +++ b/index.php @@ -3,183 +3,71 @@ * poche, a read it later open source system * * @category poche - * @author Nicolas Lœuillet + * @author Nicolas Lœuillet * @copyright 2013 * @license http://www.wtfpl.net/ see COPYING file */ include dirname(__FILE__).'/inc/config.php'; -$db = new db(DB_PATH); -$action = (isset ($_GET['action'])) ? htmlspecialchars($_GET['action']) : ''; -$view = (isset ($_GET['view'])) ? htmlspecialchars($_GET['view']) : ''; -$id = (isset ($_GET['id'])) ? htmlspecialchars($_GET['id']) : ''; +myTool::initPhp(); -switch ($action) -{ - case 'add': - $url = (isset ($_GET['url'])) ? $_GET['url'] : ''; - if ($url == '') - continue; - - $url = html_entity_decode(trim($url)); - - // We remove the annoying parameters added by FeedBurner and GoogleFeedProxy (?utm_source=...) - // from shaarli, by sebsauvage - $i=strpos($url,'&utm_source='); if ($i!==false) $url=substr($url,0,$i); - $i=strpos($url,'?utm_source='); if ($i!==false) $url=substr($url,0,$i); - $i=strpos($url,'#xtor=RSS-'); if ($i!==false) $url=substr($url,0,$i); +# XSRF protection with token +if (!empty($_POST)) { + if (!Session::isToken($_POST['token'])) { + die('Wrong token.'); + } + unset($_SESSION['tokens']); +} - $title = $url; - if (!preg_match('!^https?://!i', $url)) - $url = 'http://' . $url; +$ref = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; - $html = Encoding::toUTF8(get_external_file($url,15)); - if (isset($html) and strlen($html) > 0) - { - $r = new Readability($html, $url); - if($r->init()) - { - $title = $r->articleTitle->innerHTML; +if (isset($_GET['login'])) { + // Login + if (!empty($_POST['login']) && !empty($_POST['password'])) { + if (Session::login('poche', 'poche', $_POST['login'], $_POST['password'])) { + logm('login successful'); + if (!empty($_POST['longlastingsession'])) { + $_SESSION['longlastingsession'] = 31536000; + $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession']; + session_set_cookie_params($_SESSION['longlastingsession']); + } else { + session_set_cookie_params(0); // when browser closes } - } + session_regenerate_id(true); - try - { - # insert query - $query = $db->getHandle()->prepare('INSERT INTO entries ( url, title, content ) VALUES (?, ?, ?)'); - $query->execute(array($url, $title, $r->articleContent->innerHTML)); - } - catch (Exception $e) - { - error_log('insert query error : '.$e->getMessage()); + MyTool::redirect($ref); } - - break; - case 'delete': - $sql_action = "DELETE FROM entries WHERE id=?"; - $params_action = array($id); - break; - default: - break; -} - -try -{ - # action query - if (isset($sql_action)) - { - $query = $db->getHandle()->prepare($sql_action); - $query->execute($params_action); + logm('login failed'); + die("Login failed !"); + } else { + logm('login failed'); } } -catch (Exception $e) -{ - die('action query error : '.$e->getMessage()); +elseif (isset($_GET['logout'])) { + logm('logout'); + Session::logout(); + MyTool::redirect(); } -switch ($view) -{ - case 'archive': - $sql = "SELECT * FROM entries WHERE is_read=? ORDER BY id desc"; - $params = array(-1); - break; - case 'fav' : - $sql = "SELECT * FROM entries WHERE is_fav=? ORDER BY id desc"; - $params = array(-1); - break; - default: - $sql = "SELECT * FROM entries WHERE is_read=? ORDER BY id desc"; - $params = array(0); - $view = 'index'; - break; -} +# Traitement des paramètres et déclenchement des actions +$view = (isset ($_REQUEST['view'])) ? htmlentities($_REQUEST['view']) : 'index'; +$full_head = (isset ($_REQUEST['full_head'])) ? htmlentities($_REQUEST['full_head']) : 'yes'; +$action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : ''; +$_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id'; +$id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : ''; +$url = (isset ($_GET['url'])) ? $_GET['url'] : ''; + +$tpl->assign('isLogged', Session::isLogged()); +$tpl->assign('referer', $ref); +$tpl->assign('view', $view); +$tpl->assign('poche_url', myTool::getUrl()); +$tpl->assign('title', 'poche, a read it later open source system'); -# view query -try -{ - $query = $db->getHandle()->prepare($sql); - $query->execute($params); - $entries = $query->fetchAll(); +if (Session::isLogged()) { + action_to_do($action, $url, $id); + display_view($view, $id, $full_head); } -catch (Exception $e) -{ - die('view query error : '.$e->getMessage()); +else { + $tpl->draw('login'); } - -?> - - - - - - - - - - - poche, a read it later open source system - - - - - - - - -
-

logo pochepoche

-
-
- -
- -
- -

- -

-
- - - -
- -
- -
-
- - - - - - -