X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=6eefd277e808647b331e42ca4c184cb03a0a38c4;hb=refs%2Ftags%2F0.2;hp=1e402896f32a75fe02de8fc04d4a11cb8e1bff6b;hpb=8784f0956b5c1d4465498ebb4c67ce9ed300299c;p=github%2Fwallabag%2Fwallabag.git diff --git a/index.php b/index.php old mode 100755 new mode 100644 index 1e402896..6eefd277 --- a/index.php +++ b/index.php @@ -3,174 +3,71 @@ * poche, a read it later open source system * * @category poche - * @author Nicolas Lœuillet + * @author Nicolas Lœuillet * @copyright 2013 * @license http://www.wtfpl.net/ see COPYING file */ -require_once dirname(__FILE__).'/inc/Readability.php'; -require_once dirname(__FILE__).'/inc/Encoding.php'; -include dirname(__FILE__).'/inc/functions.php'; +include dirname(__FILE__).'/inc/config.php'; -try -{ - $db_handle = new PDO('sqlite:db/poche.sqlite'); - $db_handle->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); -} -catch (Exception $e) -{ - die('database error : '.$e->getMessage()); -} - -$action = (isset ($_GET['action'])) ? htmlspecialchars($_GET['action']) : ''; -$view = (isset ($_GET['view'])) ? htmlspecialchars($_GET['view']) : ''; -$id = (isset ($_GET['id'])) ? htmlspecialchars($_GET['id']) : ''; - -switch ($action) -{ - case 'add': - $url = (isset ($_GET['url'])) ? $_GET['url'] : ''; - if ($url == '') - continue; +myTool::initPhp(); - $url = html_entity_decode(trim($url)); - - // We remove the annoying parameters added by FeedBurner and GoogleFeedProxy (?utm_source=...) - // from shaarli, by sebsauvage - $i=strpos($url,'&utm_source='); if ($i!==false) $url=substr($url,0,$i); - $i=strpos($url,'?utm_source='); if ($i!==false) $url=substr($url,0,$i); - $i=strpos($url,'#xtor=RSS-'); if ($i!==false) $url=substr($url,0,$i); +# XSRF protection with token +if (!empty($_POST)) { + if (!Session::isToken($_POST['token'])) { + die('Wrong token.'); + } + unset($_SESSION['tokens']); +} - $title = $url; - if (!preg_match('!^https?://!i', $url)) - $url = 'http://' . $url; +$ref = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; - $html = Encoding::toUTF8(get_external_file($url,15)); - if (isset($html) and strlen($html) > 0) - { - $r = new Readability($html, $url); - if($r->init()) - { - $title = $r->articleTitle->innerHTML; +if (isset($_GET['login'])) { + // Login + if (!empty($_POST['login']) && !empty($_POST['password'])) { + if (Session::login('poche', 'poche', $_POST['login'], $_POST['password'])) { + logm('login successful'); + if (!empty($_POST['longlastingsession'])) { + $_SESSION['longlastingsession'] = 31536000; + $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession']; + session_set_cookie_params($_SESSION['longlastingsession']); + } else { + session_set_cookie_params(0); // when browser closes } - } + session_regenerate_id(true); - $query = $db_handle->prepare('INSERT INTO entries ( url, title ) VALUES (?, ?)'); - $query->execute(array($url, $title)); - break; - case 'toggle_fav' : - $sql_action = "UPDATE entries SET is_fav=~is_fav WHERE id=?"; - $params_action = array($id); - break; - case 'toggle_archive' : - $sql_action = "UPDATE entries SET is_read=~is_read WHERE id=?"; - $params_action = array($id); - break; - case 'delete': - $sql_action = "DELETE FROM entries WHERE id=?"; - $params_action = array($id); - break; - default: - break; -} - -try -{ - # action query - if (isset($sql_action)) - { - $query = $db_handle->prepare($sql_action); - $query->execute($params_action); + MyTool::redirect($ref); + } + logm('login failed'); + die("Login failed !"); + } else { + logm('login failed'); } } -catch (Exception $e) -{ - die('query error : '.$e->getMessage()); +elseif (isset($_GET['logout'])) { + logm('logout'); + Session::logout(); + MyTool::redirect(); } -switch ($view) -{ - case 'archive': - $sql = "SELECT * FROM entries WHERE is_read=? ORDER BY id desc"; - $params = array(-1); - break; - case 'fav' : - $sql = "SELECT * FROM entries WHERE is_fav=? ORDER BY id desc"; - $params = array(-1); - break; - default: - $sql = "SELECT * FROM entries WHERE is_read=? ORDER BY id desc"; - $params = array(0); - $view = 'index'; - break; -} +# Traitement des paramètres et déclenchement des actions +$view = (isset ($_REQUEST['view'])) ? htmlentities($_REQUEST['view']) : 'index'; +$full_head = (isset ($_REQUEST['full_head'])) ? htmlentities($_REQUEST['full_head']) : 'yes'; +$action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : ''; +$_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id'; +$id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : ''; +$url = (isset ($_GET['url'])) ? $_GET['url'] : ''; -# view query -try -{ - $query = $db_handle->prepare($sql); - $query->execute($params); - $entries = $query->fetchAll(); +$tpl->assign('isLogged', Session::isLogged()); +$tpl->assign('referer', $ref); +$tpl->assign('view', $view); +$tpl->assign('poche_url', myTool::getUrl()); +$tpl->assign('title', 'poche, a read it later open source system'); + +if (Session::isLogged()) { + action_to_do($action, $url, $id); + display_view($view, $id, $full_head); } -catch (Exception $e) -{ - die('query error : '.$e->getMessage()); +else { + $tpl->draw('login'); } - -?> - - - - - - - - - - - poche, a read it later open source system - - - - - - - - -
-

logo pochepoche

-
-
- -
- '; - } - echo ''; - - $i++; - if ($i == 3) { - echo ''; - $i = 0; - } - } - ?> -
-
- - -