* logo by Brightmix http://www.iconfinder.com/icondetails/43256/128/jeans_monotone_pocket_icon
* icons http://icomoon.io
* PHP Simple HTML DOM Parser (for Pocket import) http://simplehtmldom.sourceforge.net/
+* Session https://github.com/tontof/kriss_feed/blob/master/src/class/Session.php
poche is developed by Nicolas Lœuillet under the Do What the Fuck You Want to Public License
color: #F1F1F1;
}
-/*#content {
- width: 800px;
- margin: 0 auto;
-}*/
-
-
footer {
text-align: right;
}
+/*** ***/
+/*** LOGIN FORM ***/
+ul#login li {
+ list-style-type: none;
+}
/*** ***/
/*** LINKS DISPLAY ***/
$url = $a[0]->href;
- action_to_do('add', $url, $token);
+ action_to_do('add', $url);
if ($read == '1') {
$last_id = $db->getHandle()->lastInsertId();
$sql_update = "UPDATE entries SET is_read=~is_read WHERE id=?";
--- /dev/null
+<?php
+class MyTool
+{
+ public static function initPhp()
+ {
+ define('START_TIME', microtime(true));
+
+ if (phpversion() < 5) {
+ die("Argh you don't have PHP 5 !");
+ }
+
+ error_reporting(E_ALL);
+
+ function stripslashesDeep($value) {
+ return is_array($value)
+ ? array_map('stripslashesDeep', $value)
+ : stripslashes($value);
+ }
+
+ if (get_magic_quotes_gpc()) {
+ $_POST = array_map('stripslashesDeep', $_POST);
+ $_GET = array_map('stripslashesDeep', $_GET);
+ $_COOKIE = array_map('stripslashesDeep', $_COOKIE);
+ }
+
+ ob_start();
+ register_shutdown_function('ob_end_flush');
+ }
+
+ public static function isUrl($url)
+ {
+ // http://neo22s.com/check-if-url-exists-and-is-online-php/
+ $pattern='|^http(s)?://[a-z0-9-]+(.[a-z0-9-]+)*(:[0-9]+)?(/.*)?$|i';
+
+ return preg_match($pattern, $url);
+ }
+
+ public static function isEmail($email)
+ {
+ $pattern = "/^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2, 4}$/i";
+
+ return (preg_match($pattern, $email));
+ }
+
+ public static function formatBBCode($text)
+ {
+ $replace = array(
+ '/\[m\](.+?)\[\/m\]/is'
+ => '/* moderate */',
+ '/\[b\](.+?)\[\/b\]/is'
+ => '<strong>$1</strong>',
+ '/\[i\](.+?)\[\/i\]/is'
+ => '<em>$1</em>',
+ '/\[s\](.+?)\[\/s\]/is'
+ => '<del>$1</del>',
+ '/\[u\](.+?)\[\/u\]/is'
+ => '<span style="text-decoration: underline;">$1</span>',
+ '/\[url\](.+?)\[\/url]/is'
+ => '<a href="$1">$1</a>',
+ '/\[url=(\w+:\/\/[^\]]+)\](.+?)\[\/url]/is'
+ => '<a href="$1">$2</a>',
+ '/\[quote\](.+?)\[\/quote\]/is'
+ => '<blockquote>$1</blockquote>',
+ '/\[code\](.+?)\[\/code\]/is'
+ => '<code>$1</code>',
+ '/\[([^[]+)\|([^[]+)\]/is'
+ => '<a href="$2">$1</a>'
+ );
+ $text = preg_replace(
+ array_keys($replace),
+ array_values($replace),
+ $text
+ );
+
+ return $text;
+ }
+
+ public static function formatText($text)
+ {
+ $text = preg_replace_callback(
+ '/<code_html>(.*?)<\/code_html>/is',
+ create_function(
+ '$matches',
+ 'return htmlspecialchars($matches[1]);'
+ ),
+ $text
+ );
+ $text = preg_replace_callback(
+ '/<code_php>(.*?)<\/code_php>/is',
+ create_function(
+ '$matches',
+ 'return highlight_string("<?php $matches[1] ?>", true);'
+ ),
+ $text
+ );
+ $text = preg_replace('/<br \/>/is', '', $text);
+
+ $text = preg_replace(
+ '#(^|\s)([a-z]+://([^\s\w/]?[\w/])*)(\s|$)#im',
+ '\\1<a href="\\2">\\2</a>\\4',
+ $text
+ );
+ $text = preg_replace(
+ '#(^|\s)wp:?([a-z]{2}|):([\w]+)#im',
+ '\\1<a href="http://\\2.wikipedia.org/wiki/\\3">\\3</a>',
+ $text
+ );
+ $text = str_replace(
+ 'http://.wikipedia.org/wiki/',
+ 'http://www.wikipedia.org/wiki/',
+ $text
+ );
+ $text = str_replace('\wp:', 'wp:', $text);
+ $text = str_replace('\http:', 'http:', $text);
+ $text = MyTool::formatBBCode($text);
+ $text = nl2br($text);
+
+ return $text;
+ }
+
+ public static function getUrl()
+ {
+ $https = (!empty($_SERVER['HTTPS'])
+ && (strtolower($_SERVER['HTTPS']) == 'on'))
+ || (isset($_SERVER["SERVER_PORT"])
+ && $_SERVER["SERVER_PORT"] == '443'); // HTTPS detection.
+ $serverport = (!isset($_SERVER["SERVER_PORT"])
+ || $_SERVER["SERVER_PORT"] == '80'
+ || ($https && $_SERVER["SERVER_PORT"] == '443')
+ ? ''
+ : ':' . $_SERVER["SERVER_PORT"]);
+
+ $scriptname = str_replace('/index.php', '/', $_SERVER["SCRIPT_NAME"]);
+
+ if (!isset($_SERVER["SERVER_NAME"])) {
+ return $scriptname;
+ }
+
+ return 'http' . ($https ? 's' : '') . '://'
+ . $_SERVER["SERVER_NAME"] . $serverport . $scriptname;
+ }
+
+ public static function rrmdir($dir)
+ {
+ if (is_dir($dir) && ($d = @opendir($dir))) {
+ while (($file = @readdir($d)) !== false) {
+ if ( $file == '.' || $file == '..' ) {
+ continue;
+ } else {
+ unlink($dir . '/' . $file);
+ }
+ }
+ }
+ }
+
+ public static function humanBytes($bytes)
+ {
+ $siPrefix = array( 'bytes', 'KB', 'MB', 'GB', 'TB', 'EB', 'ZB', 'YB' );
+ $base = 1024;
+ $class = min((int) log($bytes, $base), count($siPrefix) - 1);
+ $val = sprintf('%1.2f', $bytes / pow($base, $class));
+
+ return $val . ' ' . $siPrefix[$class];
+ }
+
+ public static function returnBytes($val)
+ {
+ $val = trim($val);
+ $last = strtolower($val[strlen($val)-1]);
+ switch($last)
+ {
+ case 'g': $val *= 1024;
+ case 'm': $val *= 1024;
+ case 'k': $val *= 1024;
+ }
+
+ return $val;
+ }
+
+ public static function getMaxFileSize()
+ {
+ $sizePostMax = MyTool::returnBytes(ini_get('post_max_size'));
+ $sizeUploadMax = MyTool::returnBytes(ini_get('upload_max_filesize'));
+
+ // Return the smaller of two:
+ return min($sizePostMax, $sizeUploadMax);
+ }
+
+ public static function smallHash($text)
+ {
+ $t = rtrim(base64_encode(hash('crc32', $text, true)), '=');
+ // Get rid of characters which need encoding in URLs.
+ $t = str_replace('+', '-', $t);
+ $t = str_replace('/', '_', $t);
+ $t = str_replace('=', '@', $t);
+
+ return $t;
+ }
+
+ public static function renderJson($data)
+ {
+ header('Cache-Control: no-cache, must-revalidate');
+ header('Expires: Sat, 26 Jul 1997 05:00:00 GMT');
+ header('Content-type: application/json; charset=UTF-8');
+
+ echo json_encode($data);
+ exit();
+ }
+
+ public static function grabToLocal($url, $file, $force = false)
+ {
+ if ((!file_exists($file) || $force) && in_array('curl', get_loaded_extensions())){
+ $ch = curl_init ($url);
+ curl_setopt($ch, CURLOPT_HEADER, false);
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+ curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
+ $raw = curl_exec($ch);
+ if (curl_getinfo($ch, CURLINFO_HTTP_CODE) == 200) {
+ $fp = fopen($file, 'x');
+ fwrite($fp, $raw);
+ fclose($fp);
+ }
+ curl_close ($ch);
+ }
+ }
+
+ public static function redirect($rurl = '')
+ {
+ if ($rurl === '') {
+ // if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['SERVER_NAME'])==0)
+ $rurl = (empty($_SERVER['HTTP_REFERER'])?'?':$_SERVER['HTTP_REFERER']);
+ if (isset($_POST['returnurl'])) {
+ $rurl = $_POST['returnurl'];
+ }
+ }
+
+ // prevent loop
+ if (empty($rurl) || parse_url($rurl, PHP_URL_QUERY) === $_SERVER['QUERY_STRING']) {
+ $rurl = MyTool::getUrl();
+ }
+
+ if (substr($rurl, 0, 1) !== '?') {
+ $ref = MyTool::getUrl();
+ if (substr($rurl, 0, strlen($ref)) !== $ref) {
+ $rurl = $ref;
+ }
+ }
+ header('Location: '.$rurl);
+ exit();
+ }
+
+ public static function silence_errors($num, $str)
+ {
+// No-op
+ }
+}
\ No newline at end of file
--- /dev/null
+<?php
+/**
+ * Session management class
+ * http://www.developpez.net/forums/d51943/php/langage/sessions/
+ * http://sebsauvage.net/wiki/doku.php?id=php:session
+ * http://sebsauvage.net/wiki/doku.php?id=php:shaarli
+ *
+ * Features:
+ * - Everything is stored on server-side (we do not trust client-side data,
+ * such as cookie expiration)
+ * - IP addresses + user agent are checked on each access to prevent session
+ * cookie hijacking (such as Firesheep)
+ * - Session expires on user inactivity (Session expiration date is
+ * automatically updated everytime the user accesses a page.)
+ * - A unique secret key is generated on server-side for this session
+ * (and never sent over the wire) which can be used
+ * to sign forms (HMAC) (See $_SESSION['uid'] )
+ * - Token management to prevent XSRF attacks.
+ *
+ * TODO:
+ * - log login fail
+ * - prevent brute force (ban IP)
+ *
+ * HOWTOUSE:
+ * - Just call Session::init(); to initialize session and
+ * check if connected with Session::isLogged()
+ */
+
+class Session
+{
+ // If the user does not access any page within this time,
+ // his/her session is considered expired (in seconds).
+ public static $inactivity_timeout = 3600;
+ private static $_instance;
+
+ // constructor
+ private function __construct()
+ {
+ // Use cookies to store session.
+ ini_set('session.use_cookies', 1);
+ // Force cookies for session (phpsessionID forbidden in URL)
+ ini_set('session.use_only_cookies', 1);
+ if (!session_id()){
+ // Prevent php to use sessionID in URL if cookies are disabled.
+ ini_set('session.use_trans_sid', false);
+ session_start('poche');
+ }
+ }
+
+ // initialize session
+ public static function init()
+ {
+ if (!isset(self::$_instance)) {
+ self::$_instance = new Session();
+ }
+ }
+
+ // Returns the IP address, user agent and language of the client
+ // (Used to prevent session cookie hijacking.)
+ private static function _allInfos()
+ {
+ $infos = $_SERVER["REMOTE_ADDR"];
+ if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+ $infos.=$_SERVER['HTTP_X_FORWARDED_FOR'];
+ }
+ if (isset($_SERVER['HTTP_CLIENT_IP'])) {
+ $infos.='_'.$_SERVER['HTTP_CLIENT_IP'];
+ }
+ $infos.='_'.$_SERVER['HTTP_USER_AGENT'];
+ $infos.='_'.$_SERVER['HTTP_ACCEPT_LANGUAGE'];
+ return sha1($infos);
+ }
+
+ // Check that user/password is correct and init some SESSION variables.
+ public static function login($login,$password,$login_test,$password_test,
+ $pValues = array())
+ {
+ foreach ($pValues as $key => $value) {
+ $_SESSION[$key] = $value;
+ }
+ if ($login==$login_test && $password==$password_test){
+ // generate unique random number to sign forms (HMAC)
+ $_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand());
+ $_SESSION['info']=Session::_allInfos();
+ $_SESSION['username']=$login;
+ // Set session expiration.
+ $_SESSION['expires_on']=time()+Session::$inactivity_timeout;
+ return true;
+ }
+ return false;
+ }
+
+ // Force logout
+ public static function logout()
+ {
+ unset($_SESSION['uid'],$_SESSION['info'],$_SESSION['expires_on']);
+ }
+
+ // Make sure user is logged in.
+ public static function isLogged()
+ {
+ if (!isset ($_SESSION['uid'])
+ || $_SESSION['info']!=Session::_allInfos()
+ || time()>=$_SESSION['expires_on']){
+ Session::logout();
+ return false;
+ }
+ // User accessed a page : Update his/her session expiration date.
+ $_SESSION['expires_on']=time()+Session::$inactivity_timeout;
+ return true;
+ }
+
+ // Returns a token.
+ public static function getToken()
+ {
+ if (!isset($_SESSION['tokens'])){
+ $_SESSION['tokens']=array();
+ }
+ // We generate a random string and store it on the server side.
+ $rnd = sha1(uniqid('',true).'_'.mt_rand());
+ $_SESSION['tokens'][$rnd]=1;
+ return $rnd;
+ }
+
+ // Tells if a token is ok. Using this function will destroy the token.
+ // return true if token is ok.
+ public static function isToken($token)
+ {
+ if (isset($_SESSION['tokens'][$token]))
+ {
+ unset($_SESSION['tokens'][$token]); // Token is used: destroy it.
+ return true; // Token is ok.
+ }
+ return false; // Wrong token, or already used.
+ }
+}
\ No newline at end of file
require_once 'Readability.php';
require_once 'Encoding.php';
require_once 'rain.tpl.class.php';
+require_once 'MyTool.class.php';
+require_once 'Session.class.php';
$db = new db(DB_PATH);
-# Initialisation de RainTPL
+# initialisation de RainTPL
raintpl::$tpl_dir = './tpl/';
raintpl::$cache_dir = './cache/';
raintpl::$base_url = get_poche_url();
raintpl::configure('debug', false);
$tpl = new raintpl();
-# Démarrage session et initialisation du jeton de sécurité
-session_start();
+# initialize session
+Session::init();
+# XSRF protection with token
+if (!empty($_POST)) {
+ if (!Session::isToken($_POST['token'])) {
+ die('Wrong token.');
+ }
+ unset($_SESSION['tokens']);
+}
+
+$ref = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
+
+if (isset($_GET['login'])) {
+ // Login
+ if (!empty($_POST['login']) && !empty($_POST['password'])) {
+ if (Session::login('poche', 'poche', $_POST['login'], $_POST['password'])) {
+ if (!empty($_POST['longlastingsession'])) {
+ $_SESSION['longlastingsession'] = 31536000;
+ $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession'];
+ session_set_cookie_params($_SESSION['longlastingsession']);
+ } else {
+ session_set_cookie_params(0); // when browser closes
+ }
+ session_regenerate_id(true);
-if (!isset($_SESSION['token_poche'])) {
- $token = md5(uniqid(rand(), TRUE));
- $_SESSION['token_poche'] = $token;
- $_SESSION['token_time_poche'] = time();
+ MyTool::redirect();
+ }
+ logm('login failed');
+ die("Login failed !");
+ } else {
+ logm('login successful');
+ }
+}
+elseif (isset($_GET['logout'])) {
+ logm('logout');
+ Session::logout();
+ MyTool::redirect();
}
# Traitement des paramètres et déclenchement des actions
$_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id';
$id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : '';
$url = (isset ($_GET['url'])) ? $_GET['url'] : '';
-$token = (isset ($_REQUEST['token'])) ? $_REQUEST['token'] : '';
+
+$tpl->assign('isLogged', Session::isLogged());
+$tpl->assign('referer', $ref);
+$tpl->assign('view', $view);
+$tpl->assign('poche_url', get_poche_url());
if ($action != '') {
- action_to_do($action, $url, $token, $id);
+ action_to_do($action, $url, $id);
}
function prepare_url($url)
{
$parametres = array();
- $url = html_entity_decode(trim($url));
+ $url = html_entity_decode(trim($url));
// We remove the annoying parameters added by FeedBurner and GoogleFeedProxy (?utm_source=...)
// from shaarli, by sebsauvage
$i=strpos($url,'?utm_source='); if ($i!==false) $url=substr($url,0,$i);
$i=strpos($url,'#xtor=RSS-'); if ($i!==false) $url=substr($url,0,$i);
- $title = $url;
+ $title = $url;
if (!preg_match('!^https?://!i', $url))
$url = 'http://' . $url;
* Appel d'une action (mark as fav, archive, delete)
*/
-function action_to_do($action, $url, $token, $id = 0)
+function action_to_do($action, $url, $id = 0)
{
global $db;
logm('add link ' . $url);
break;
case 'delete':
- if (verif_token($token)) {
- remove_directory(ABS_PATH . $id);
- $sql_action = "DELETE FROM entries WHERE id=?";
- $params_action = array($id);
- logm('delete link #' . $id);
- }
- else logm('csrf problem while deleting entry');
+ remove_directory(ABS_PATH . $id);
+ $sql_action = "DELETE FROM entries WHERE id=?";
+ $params_action = array($id);
+ logm('delete link #' . $id);
break;
case 'toggle_fav' :
- if (verif_token($token)) {
- $sql_action = "UPDATE entries SET is_fav=~is_fav WHERE id=?";
- $params_action = array($id);
- logm('mark as favorite link #' . $id);
- }
- else logm('csrf problem while fav entry');
+ $sql_action = "UPDATE entries SET is_fav=~is_fav WHERE id=?";
+ $params_action = array($id);
+ logm('mark as favorite link #' . $id);
break;
case 'toggle_archive' :
- if (verif_token($token)) {
- $sql_action = "UPDATE entries SET is_read=~is_read WHERE id=?";
- $params_action = array($id);
- logm('archive link #' . $id);
- }
- else logm('csrf problem while archive entry');
+ $sql_action = "UPDATE entries SET is_read=~is_read WHERE id=?";
+ $params_action = array($id);
+ logm('archive link #' . $id);
break;
default:
break;
/**
* Détermine quels liens afficher : home, fav ou archives
*/
-function display_view($view)
+function get_entries($view)
{
global $db;
return $entry;
}
-/**
- * Vérifie si le jeton passé en $_POST correspond à celui en session
- */
-function verif_token($token)
-{
- if(isset($_SESSION['token_poche']) && isset($_SESSION['token_time_poche']) && isset($token))
- {
- if($_SESSION['token_poche'] == $token)
- {
- $old_timestamp = time() - (15*60);
- if($_SESSION['token_time_poche'] >= $old_timestamp)
- {
- return TRUE;
- }
- else {
- session_destroy();
- logm('session expired');
- }
- }
- else {
- logm('token error : the token is different');
- return FALSE;
- }
- }
- else {
- logm('token error : the token is not here');
- return FALSE;
- }
-}
-
function logm($message)
{
$t = strval(date('Y/m/d_H:i:s')).' - '.$_SERVER["REMOTE_ADDR"].' - '.strval($message)."\n";
*
*/
static $check_template_update = true;
-
+
/**
- * PHP tags <? ?>
+ * PHP tags <? ?>
* True: php tags are enabled into the template
* False: php tags are disabled into the template and rendered as html
*
* @var bool
*/
- static $php_enabled = false;
+ static $php_enabled = true;
+
-
/**
* Debug mode flag.
* True: debug mode is used, syntax errors are displayed directly in template. Execution of script is not terminated.
*/
protected function xml_reSubstitution($capture) {
return "<?php echo '<?xml ".stripslashes($capture[1])." ?>'; ?>";
- }
+ }
/**
* Compile and write the compiled template file
$template_code = str_replace( array("<?","?>"), array("<?","?>"), $template_code );
//xml re-substitution
- $template_code = preg_replace_callback ( "/##XML(.*?)XML##/s", array($this, 'xml_reSubstitution'), $template_code );
+ $template_code = preg_replace_callback ( "/##XML(.*?)XML##/s", array($this, 'xml_reSubstitution'), $template_code );
//compile template
$template_compiled = "<?php if(!class_exists('raintpl')){exit;}?>" . $this->compileTemplate( $template_code, $tpl_basedir );
-
+
// fix the php-eating-newline-after-closing-tag-problem
$template_compiled = str_replace( "?>\n", "?>\n\n", $template_compiled );
// if the cache is active
if( isset($code[ 2 ]) ){
-
+
//dynamic include
$compiled_code .= '<?php $tpl = new '.get_class($this).';' .
'if( $cache = $tpl->cache( $template = basename("'.$include_var.'") ) )' .
'} ?>';
}
else{
-
+
//dynamic include
$compiled_code .= '<?php $tpl = new '.get_class($this).';' .
'$tpl_dir_temp = self::$tpl_dir;' .
( !$loop_level ? null : '$tpl->assign( "key", $key'.$loop_level.' ); $tpl->assign( "value", $value'.$loop_level.' );' ).
'$tpl->draw( dirname("'.$include_var.'") . ( substr("'.$include_var.'",-1,1) != "/" ? "/" : "" ) . basename("'.$include_var.'") );'.
'?>';
-
-
+
+
}
}
else
// parse the function
$parsed_function = $function . $this->var_replace( $code[ 2 ], $tag_left_delimiter = null, $tag_right_delimiter = null, $php_left_delimiter = null, $php_right_delimiter = null, $loop_level );
-
+
//if code
$compiled_code .= "<?php echo $parsed_function; ?>";
}
}
return $compiled_code;
}
-
-
+
+
/**
* Reduce a path, eg. www/library/../filepath//file => www/filepath/file
* @param type $path
if( self::$path_replace ){
$tpl_dir = self::$base_url . self::$tpl_dir . $tpl_basedir;
-
+
// reduce the path
$path = $this->reduce_path($tpl_dir);
$this->function_check( $tag );
$extra_var = $this->var_replace( $extra_var, null, null, null, null, $loop_level );
-
+
// check if there's an operator = in the variable tags, if there's this is an initialization so it will not output any value
$is_init_variable = preg_match( "/^(\s*?)\=[^=](.*?)$/", $extra_var );
//if there's a function
if( $function_var ){
-
+
// check if there's a function or a static method and separate, function by parameters
$function_var = str_replace("::", "@double_dot@", $function_var );
// check if there's an operator = in the variable tags, if there's this is an initialization so it will not output any value
$is_init_variable = preg_match( "/^[a-z_A-Z\.\[\](\-\>)]*=[^=]*$/", $extra_var );
-
+
//function associate to variable
$function_var = ( $extra_var and $extra_var[0] == '|') ? substr( $extra_var, 1 ) : null;
//transform .$variable in ["$variable"] and .variable in ["variable"]
$variable_path = preg_replace('/\.(\${0,1}\w+)/', '["\\1"]', $variable_path );
-
+
// if is an assignment also assign the variable to $this->var['value']
if( $is_init_variable )
$extra_var = "=\$this->var['{$var_name}']{$variable_path}" . $extra_var;
-
+
//if there's a function
if( $function_var ){
-
+
// check if there's a function or a static method and separate, function by parameters
$function_var = str_replace("::", "@double_dot@", $function_var );
$php_var = '$' . $var_name . $variable_path;
}else
$php_var = '$' . $var_name . $variable_path;
-
+
// compile the variable for php
if( isset( $function ) )
$php_var = $php_left_delimiter . ( !$is_init_variable && $echo ? 'echo ' : null ) . ( $params ? "( $function( $php_var, $params ) )" : "$function( $php_var )" ) . $php_right_delimiter;
else
$php_var = $php_left_delimiter . ( !$is_init_variable && $echo ? 'echo ' : null ) . $php_var . $extra_var . $php_right_delimiter;
-
+
$html = str_replace( $tag, $php_var, $html );
include dirname(__FILE__).'/inc/config.php';
-$entries = display_view($view);
+$entries = get_entries($view);
$tpl->assign('title', 'poche, a read it later open source system');
-$tpl->assign('view', $view);
-$tpl->assign('poche_url', get_poche_url());
$tpl->assign('entries', $entries);
$tpl->assign('load_all_js', 1);
-$tpl->assign('token', $_SESSION['token_poche']);
$tpl->draw('head');
-$tpl->draw('home');
-$tpl->draw('entries');
-$tpl->draw('js');
-$tpl->draw('footer');
+if (Session::isLogged()) {
+ $tpl->draw('home');
+ $tpl->draw('entries');
+ $tpl->draw('js');
+}
+else {
+ $tpl->draw('login');
+}
+$tpl->draw('footer');
\ No newline at end of file
</h2>
<div class="tools">
<ul>
- <li><a title="toggle mark as read" class="tool archive {if="$value.is_read == '0'"}archive-off{/if}" onclick="toggle_archive(this, {$value.id}, '{$token}')"><span></span></a></li>
- <li><a title="toggle favorite" class="tool fav {if="$value.is_fav == '0'"}fav-off{/if}" onclick="toggle_favorite(this, {$value.id}, '{$token}')"><span></span></a></li>
- <li><form method="post" onsubmit="return confirm('Are you sure?')" style="display: inline;"><input type="hidden" name="token" id="token" value="{$token}" /><input type="hidden" id="action" name="action" value="delete" /><input type="hidden" id="id" name="id" value="{$value.id}" /><input type="submit" class="delete" title="toggle delete" /></form></li>
+ <li><a title="toggle mark as read" class="tool archive {if="$value.is_read == '0'"}archive-off{/if}" onclick="toggle_archive(this, {$value.id}, '<?php echo Session::getToken(); ?>')"><span></span></a></li>
+ <li><a title="toggle favorite" class="tool fav {if="$value.is_fav == '0'"}fav-off{/if}" onclick="toggle_favorite(this, {$value.id}, '<?php echo Session::getToken(); ?>')"><span></span></a></li>
+ <li><form method="post" onsubmit="return confirm('Are you sure?')" style="display: inline;"><input type="hidden" name="token" id="token" value="<?php echo Session::getToken(); ?>" /><input type="hidden" id="action" name="action" value="delete" /><input type="hidden" id="id" name="id" value="{$value.id}" /><input type="submit" class="delete" title="toggle delete" /></form></li>
</ul>
</div>
</span>
<link rel="apple-touch-icon-precomposed" href="./img/apple-touch-icon-precomposed.png">
<link rel="stylesheet" href="./css/knacss.css" media="all">
<link rel="stylesheet" href="./css/style.css" media="all">
- </head>
\ No newline at end of file
+ </head>
+ <body>
+ <header>
+ <h1><img src="./img/logo.png" alt="logo poche" />poche</h1>
+ </header>
+ <div id="main">
\ No newline at end of file
- <body>
- <header>
- <h1><img src="./img/logo.png" alt="logo poche" />poche</h1>
- </header>
- <div id="main">
<ul id="links">
<li><a href="index.php" {if="$view == 'index'"}class="current"{/if}>home</a></li>
<li><a href="?view=fav" {if="$view == 'fav'"}class="current"{/if}>favorites</a></li>
<li><a href="?view=archive" {if="$view == 'archive'"}class="current"{/if}>archive</a></li>
<li><a style="cursor: move" title="i am a bookmarklet, use me !" href="javascript:(function(){var%20url%20=%20location.href%20||%20url;window.open('{$poche_url}?action=add&url='%20+%20encodeURIComponent(url),'_self');})();">poche it !</a></li>
+ <li><a href="?logout" title="Logout">logout</a></li>
</ul>
<ul id="sort">
- <li><img src="img/up.png" onclick="sort_links('{$view}', 'ia', '{$token}');" title="by date asc" /> by date <img src="img/down.png" onclick="sort_links('{$view}', 'id', '{$token}');" title="by date desc" /></li>
- <li><img src="img/up.png" onclick="sort_links('{$view}', 'ta', '{$token}');" title="by title asc" /> by title <img src="img/down.png" onclick="sort_links('{$view}', 'td', '{$token}');" title="by title desc" /></li>
+ <li><img src="img/up.png" onclick="sort_links('{$view}', 'ia', '{'<?php echo Session::getToken(); ?>'}');" title="by date asc" /> by date <img src="img/down.png" onclick="sort_links('{$view}', 'id', '<?php echo Session::getToken(); ?>');" title="by date desc" /></li>
+ <li><img src="img/up.png" onclick="sort_links('{$view}', 'ta', '<?php echo Session::getToken(); ?>');" title="by title asc" /> by title <img src="img/down.png" onclick="sort_links('{$view}', 'td', '<?php echo Session::getToken(); ?>');" title="by title desc" /></li>
</ul>
<div id="content">
\ No newline at end of file
--- /dev/null
+ <form method="post" action="?login" name="loginform">
+ <fieldset>
+ <h2>login to your poche</h2>
+ <ul id="login">
+ <li><label for="login">Login</label> <input type="text" id="login" name="login" placeholder="Login" tabindex="1"></li>
+ <li><label for="password">Password</label> <input type="password" id="password" name="password" placeholder="Password" tabindex="2"></li>
+ <li><label><input type="checkbox" name="longlastingsession" tabindex="3"> Stay signed in (Do not check on public computers)</label></li>
+ <li><button type="submit" tabindex="4">Sign in</button></li>
+ </ul>
+ </fieldset>
+ <input type="hidden" name="returnurl" value="<?php echo htmlspecialchars($referer);?>">
+ <input type="hidden" name="token" value="<?php echo Session::getToken(); ?>">
+ </form>
\ No newline at end of file
-{include="head"}
+<!DOCTYPE html>
+<!--[if lte IE 6]> <html class="no-js ie6 ie67 ie678" lang="en"> <![endif]-->
+<!--[if lte IE 7]> <html class="no-js ie7 ie67 ie678" lang="en"> <![endif]-->
+<!--[if IE 8]> <html class="no-js ie8 ie678" lang="en"> <![endif]-->
+<!--[if gt IE 8]><!--> <html class="no-js" lang="en"> <!--<![endif]-->
+<html>
+ <head>
+ <meta name="viewport" content="width=device-width, minimum-scale=1.0, maximum-scale=1.0">
+ <meta charset="utf-8">
+ <meta http-equiv="X-UA-Compatible" content="IE=10">
+ <title>{$title}</title>
+ <link rel="shortcut icon" type="image/x-icon" href="./img/favicon.ico" />
+ <link rel="apple-touch-icon-precomposed" sizes="144x144" href="./img/apple-touch-icon-144x144-precomposed.png">
+ <link rel="apple-touch-icon-precomposed" sizes="72x72" href="./img/apple-touch-icon-72x72-precomposed.png">
+ <link rel="apple-touch-icon-precomposed" href="./img/apple-touch-icon-precomposed.png">
+ <link rel="stylesheet" href="./css/knacss.css" media="all">
+ <link rel="stylesheet" href="./css/style.css" media="all">
+ </head>
<body class="article">
<div id="article" class="w600p">
<div class="backhome">
</div>
<div class="tools">
<ul>
- <li><a title="toggle mark as read" class="tool archive {if="$is_read == '0'"}archive-off{/if}" onclick="toggle_archive(this, {$id}, '{$token}')"><span></span></a></li>
- <li><a title="toggle favorite" class="tool fav {if="$is_fav == '0'"}fav-off{/if}" onclick="toggle_favorite(this, {$id}, '{$token}')"><span></span></a></li>
- <li><form method="post" onsubmit="return confirm('Are you sure?')" style="display: inline;" action="index.php"><input type="hidden" name="token" id="token" value="{$token}" /><input type="hidden" id="action" name="action" value="delete" /><input type="hidden" id="id" name="id" value="{$id}" /><input type="submit" class="delete" title="toggle delete" /></form></li>
+ <li><a title="toggle mark as read" class="tool archive {if="$is_read == '0'"}archive-off{/if}" onclick="toggle_archive(this, {$id}, '<?php echo Session::getToken(); ?>')"><span></span></a></li>
+ <li><a title="toggle favorite" class="tool fav {if="$is_fav == '0'"}fav-off{/if}" onclick="toggle_favorite(this, {$id}, '<?php echo Session::getToken(); ?>')"><span></span></a></li>
+ <li><form method="post" onsubmit="return confirm('Are you sure?')" style="display: inline;" action="index.php"><input type="hidden" name="token" id="token" value="<?php echo Session::getToken(); ?>" /><input type="hidden" id="action" name="action" value="delete" /><input type="hidden" id="id" name="id" value="{$id}" /><input type="submit" class="delete" title="toggle delete" /></form></li>
</ul>
</div>
<header class="mbm">
<a href="index.php" title="back to home">←</a>
</div>
</div>
- {include="footer"}
+
{include="js"}
+
+ <footer class="mr2 mt3 smaller">
+ <p>powered by <a href="http://inthepoche.com">poche</a><br />follow us on <a href="https://twitter.com/getpoche" title="follow us on twitter">twitter</a></p>
+ </footer>
+
</body>
-</html>
+</html>
\ No newline at end of file
$tpl->assign('is_fav', $entry[0]['is_fav']);
$tpl->assign('is_read', $entry[0]['is_read']);
$tpl->assign('load_all_js', 0);
- $tpl->assign('token', $_SESSION['token_poche']);
$tpl->draw('view');
}
else {