index.php

   1 <?php
   2 /**
   3  * poche, a read it later open source system
   4  *
   5  * @category   poche
   6  * @author     Nicolas Lœuillet <support@inthepoche.com>
   7  * @copyright  2013
   8  * @license    http://www.wtfpl.net/ see COPYING file
   9  */
  10
  11 include dirname(__FILE__).'/inc/config.php';
  12
  13 myTool::initPhp();
  14
  15 # XSRF protection with token
  16 if (!empty($_POST)) {
  17     if (!Session::isToken($_POST['token'])) {
  18         die('Wrong token.');
  19     }
  20     unset($_SESSION['tokens']);
  21 }
  22
  23 $ref = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
  24
  25 if (isset($_GET['login'])) {
  26     // Login
  27     if (!empty($_POST['login']) && !empty($_POST['password'])) {
  28         if (Session::login($_SESSION['login'], $_SESSION['pass'], $_POST['login'], encode_string($_POST['password'] . $_POST['login']))) {
  29             logm('login successful');
  30             $msg->add('s', 'welcome in your poche!');
  31             if (!empty($_POST['longlastingsession'])) {
  32                 $_SESSION['longlastingsession'] = 31536000;
  33                 $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession'];
  34                 session_set_cookie_params($_SESSION['longlastingsession']);
  35             } else {
  36                 session_set_cookie_params(0); // when browser closes
  37             }
  38             session_regenerate_id(true);
  39
  40             MyTool::redirect($ref);
  41         }
  42         logm('login failed');
  43         die("Login failed !");
  44     } else {
  45         logm('login failed');
  46     }
  47 }
  48 elseif (isset($_GET['logout'])) {
  49     logm('logout');
  50     Session::logout();
  51     MyTool::redirect();
  52 }
  53 elseif  (isset($_GET['config'])) {
  54     if (isset($_POST['password']) && isset($_POST['password_repeat'])) {
  55         if ($_POST['password'] == $_POST['password_repeat'] && $_POST['password'] != "") {
  56             logm('password updated');
  57             if (!MODE_DEMO) {
  58                 $store->updatePassword(encode_string($_POST['password'] . $_SESSION['login']));
  59                 $msg->add('s', 'your password has been updated');
  60             }
  61             else {
  62                 $msg->add('i', 'in demo mode, you can\'t update password');
  63             }
  64         }
  65         else
  66             $msg->add('e', 'your password can\'t be empty and you have to repeat it in the second field');
  67     }
  68 }
  69
  70 # Traitement des paramètres et déclenchement des actions
  71 $view               = (isset ($_REQUEST['view'])) ? htmlentities($_REQUEST['view']) : 'index';
  72 $full_head          = (isset ($_REQUEST['full_head'])) ? htmlentities($_REQUEST['full_head']) : 'yes';
  73 $action             = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : '';
  74 $_SESSION['sort']   = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id';
  75 $id                 = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : '';
  76 $url                = (isset ($_GET['url'])) ? $_GET['url'] : '';
  77
  78 $tpl->assign('isLogged', Session::isLogged());
  79 $tpl->assign('referer', $ref);
  80 $tpl->assign('view', $view);
  81 $tpl->assign('poche_url', myTool::getUrl());
  82 $tpl->assign('demo', MODE_DEMO);
  83 $tpl->assign('title', 'poche, a read it later open source system');
  84
  85 if (Session::isLogged()) {
  86     action_to_do($action, $url, $id);
  87     display_view($view, $id, $full_head);
  88 }
  89 else {
  90
  91     $tpl->draw('login');
  92 }