X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=dc064428d3a6a7f620bb210c24771c848a395be6;hb=07b9821e249bf7362d618a21c004a62ec79b5bb4;hp=4962639b46145d5802f186b751cc1e53c99f696b;hpb=161395d7098ec2bd86671d15d5b54f39148e2d5b;p=github%2Fwallabag%2Fwallabag.git diff --git a/index.php b/index.php index 4962639b..dc064428 100644 --- a/index.php +++ b/index.php @@ -10,85 +10,92 @@ include dirname(__FILE__).'/inc/config.php'; -pocheTools::initPhp(); +$notices = array(); # XSRF protection with token -if (!empty($_POST)) { - if (!Session::isToken($_POST['token'])) { - die(_('Wrong token.')); - } - unset($_SESSION['tokens']); -} +// if (!empty($_POST)) { +// if (!Session::isToken($_POST['token'])) { +// die(_('Wrong token')); +// // TODO remettre le test +// } +// unset($_SESSION['tokens']); +// } $referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; if (isset($_GET['login'])) { - // Login + # hello you if (!empty($_POST['login']) && !empty($_POST['password'])) { if (Session::login($_SESSION['login'], $_SESSION['pass'], $_POST['login'], encode_string($_POST['password'] . $_POST['login']))) { pocheTools::logm('login successful'); + $pocheTools[]['value'] = _('login successful'); + if (!empty($_POST['longlastingsession'])) { $_SESSION['longlastingsession'] = 31536000; $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession']; session_set_cookie_params($_SESSION['longlastingsession']); } else { - session_set_cookie_params(0); // when browser closes + session_set_cookie_params(0); } session_regenerate_id(true); - pocheTools::redirect($referer); } pocheTools::logm('login failed'); - die(_("Login failed !")); + $notices[]['value'] = _('Login failed !'); + pocheTools::redirect(); } else { pocheTools::logm('login failed'); + pocheTools::redirect(); } } elseif (isset($_GET['logout'])) { + # see you soon ! pocheTools::logm('logout'); Session::logout(); pocheTools::redirect(); } elseif (isset($_GET['config'])) { + # Update password if (isset($_POST['password']) && isset($_POST['password_repeat'])) { if ($_POST['password'] == $_POST['password_repeat'] && $_POST['password'] != "") { - pocheTools::logm('password updated'); if (!MODE_DEMO) { + pocheTools::logm('password updated'); $store->updatePassword(encode_string($_POST['password'] . $_SESSION['login'])); - #your password has been updated + Session::logout(); + pocheTools::redirect(); } else { - #in demo mode, you can\'t update password + pocheTools::logm('in demo mode, you can\'t do this'); } } - #else - #your password can\'t be empty and you have to repeat it in the second field } } -# Traitement des paramètres et déclenchement des actions -$view = (isset ($_REQUEST['view'])) ? htmlentities($_REQUEST['view']) : 'index'; -$full_head = (isset ($_REQUEST['full_head'])) ? htmlentities($_REQUEST['full_head']) : 'yes'; -$action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : ''; -$_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id'; -$id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : ''; -$url = (isset ($_GET['url'])) ? $_GET['url'] : ''; +# Aaaaaaand action ! +$view = (isset ($_REQUEST['view'])) ? htmlentities($_REQUEST['view']) : 'home'; +$full_head = (isset ($_REQUEST['full_head'])) ? htmlentities($_REQUEST['full_head']) : 'yes'; +$action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : ''; +$_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id'; +$id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : ''; +$url = (isset ($_GET['url'])) ? $_GET['url'] : ''; $tpl_vars = array( - 'isLogged' => Session::isLogged(), 'referer' => $referer, 'view' => $view, 'poche_url' => pocheTools::getUrl(), 'demo' => MODE_DEMO, 'title' => _('poche, a read it later open source system'), + 'token' => Session::getToken(), + 'notices' => $notices, ); if (Session::isLogged()) { action_to_do($action, $url, $id); - display_view($view, $id, $full_head); + $tpl_file = get_tpl_file($view); + $tpl_vars = array_merge($tpl_vars, display_view($view, $id)); } else { - $template = $twig->loadTemplate('login.twig'); + $tpl_file = 'login.twig'; } -echo $template->render($tpl_vars); \ No newline at end of file +echo $twig->render($tpl_file, $tpl_vars); \ No newline at end of file