X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=dc064428d3a6a7f620bb210c24771c848a395be6;hb=68abd9c71b1d2f7bb2e9d21819584d1d15005b25;hp=27144de30ea88a6e9f14970ee2599da662d76888;hpb=b70971e06b67786bb61e863cf89b3b061b4f6467;p=github%2Fwallabag%2Fwallabag.git diff --git a/index.php b/index.php old mode 100755 new mode 100644 index 27144de3..dc064428 --- a/index.php +++ b/index.php @@ -3,174 +3,99 @@ * poche, a read it later open source system * * @category poche - * @author Nicolas Lœuillet + * @author Nicolas Lœuillet * @copyright 2013 * @license http://www.wtfpl.net/ see COPYING file */ include dirname(__FILE__).'/inc/config.php'; -$db = new db(DB_PATH); -$action = (isset ($_GET['action'])) ? htmlspecialchars($_GET['action']) : ''; -$view = (isset ($_GET['view'])) ? htmlspecialchars($_GET['view']) : ''; -$id = (isset ($_GET['id'])) ? htmlspecialchars($_GET['id']) : ''; +$notices = array(); -switch ($action) -{ - case 'add': - $url = (isset ($_GET['url'])) ? $_GET['url'] : ''; - if ($url == '') - continue; +# XSRF protection with token +// if (!empty($_POST)) { +// if (!Session::isToken($_POST['token'])) { +// die(_('Wrong token')); +// // TODO remettre le test +// } +// unset($_SESSION['tokens']); +// } - $url = html_entity_decode(trim($url)); +$referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; - // We remove the annoying parameters added by FeedBurner and GoogleFeedProxy (?utm_source=...) - // from shaarli, by sebsauvage - $i=strpos($url,'&utm_source='); if ($i!==false) $url=substr($url,0,$i); - $i=strpos($url,'?utm_source='); if ($i!==false) $url=substr($url,0,$i); - $i=strpos($url,'#xtor=RSS-'); if ($i!==false) $url=substr($url,0,$i); +if (isset($_GET['login'])) { + # hello you + if (!empty($_POST['login']) && !empty($_POST['password'])) { + if (Session::login($_SESSION['login'], $_SESSION['pass'], $_POST['login'], encode_string($_POST['password'] . $_POST['login']))) { + pocheTools::logm('login successful'); + $pocheTools[]['value'] = _('login successful'); - $title = $url; - if (!preg_match('!^https?://!i', $url)) - $url = 'http://' . $url; - - $html = Encoding::toUTF8(get_external_file($url,15)); - if (isset($html) and strlen($html) > 0) - { - $r = new Readability($html, $url); - if($r->init()) - { - $title = $r->articleTitle->innerHTML; + if (!empty($_POST['longlastingsession'])) { + $_SESSION['longlastingsession'] = 31536000; + $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession']; + session_set_cookie_params($_SESSION['longlastingsession']); + } else { + session_set_cookie_params(0); } + session_regenerate_id(true); + pocheTools::redirect($referer); } - - $query = $db->getHandle()->prepare('INSERT INTO entries ( url, title ) VALUES (?, ?)'); - $query->execute(array($url, $title)); - break; - case 'delete': - $sql_action = "DELETE FROM entries WHERE id=?"; - $params_action = array($id); - break; - default: - break; -} - -try -{ - # action query - if (isset($sql_action)) - { - $query = $db->getHandle()->prepare($sql_action); - $query->execute($params_action); + pocheTools::logm('login failed'); + $notices[]['value'] = _('Login failed !'); + pocheTools::redirect(); + } else { + pocheTools::logm('login failed'); + pocheTools::redirect(); } } -catch (Exception $e) -{ - die('query error : '.$e->getMessage()); +elseif (isset($_GET['logout'])) { + # see you soon ! + pocheTools::logm('logout'); + Session::logout(); + pocheTools::redirect(); } - -switch ($view) -{ - case 'archive': - $sql = "SELECT * FROM entries WHERE is_read=? ORDER BY id desc"; - $params = array(-1); - break; - case 'fav' : - $sql = "SELECT * FROM entries WHERE is_fav=? ORDER BY id desc"; - $params = array(-1); - break; - default: - $sql = "SELECT * FROM entries WHERE is_read=? ORDER BY id desc"; - $params = array(0); - $view = 'index'; - break; +elseif (isset($_GET['config'])) { + # Update password + if (isset($_POST['password']) && isset($_POST['password_repeat'])) { + if ($_POST['password'] == $_POST['password_repeat'] && $_POST['password'] != "") { + if (!MODE_DEMO) { + pocheTools::logm('password updated'); + $store->updatePassword(encode_string($_POST['password'] . $_SESSION['login'])); + Session::logout(); + pocheTools::redirect(); + } + else { + pocheTools::logm('in demo mode, you can\'t do this'); + } + } + } } -# view query -try -{ - $query = $db->getHandle()->prepare($sql); - $query->execute($params); - $entries = $query->fetchAll(); -} -catch (Exception $e) -{ - die('query error : '.$e->getMessage()); -} +# Aaaaaaand action ! +$view = (isset ($_REQUEST['view'])) ? htmlentities($_REQUEST['view']) : 'home'; +$full_head = (isset ($_REQUEST['full_head'])) ? htmlentities($_REQUEST['full_head']) : 'yes'; +$action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : ''; +$_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id'; +$id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : ''; +$url = (isset ($_GET['url'])) ? $_GET['url'] : ''; -?> - - - - - - - - - - - poche, a read it later open source system - - - - - - - - -
-

logo pochepoche

-
-
- -
- -
- -

- -

-
- - - -
- -
- -
-
- - - - - - - +echo $twig->render($tpl_file, $tpl_vars); \ No newline at end of file