diff options
author | Nicolas Lœuillet <nicolas.loeuillet@gmail.com> | 2013-08-08 09:36:10 -0700 |
---|---|---|
committer | Nicolas Lœuillet <nicolas.loeuillet@gmail.com> | 2013-08-08 09:36:10 -0700 |
commit | 9a8b4ff4edf84d7df60de1b6fd1e493b59f88273 (patch) | |
tree | 3c8ab8086fd8a2750270f8aeaee1f1ce016167cb /index.php | |
parent | 85ebc80c7eaf88e4d57a52adb8e4c32d8cc34b64 (diff) | |
parent | 572e758bf2e76308a3fa3eda9a8d9e9be8b53ecc (diff) | |
download | wallabag-9a8b4ff4edf84d7df60de1b6fd1e493b59f88273.tar.gz wallabag-9a8b4ff4edf84d7df60de1b6fd1e493b59f88273.tar.zst wallabag-9a8b4ff4edf84d7df60de1b6fd1e493b59f88273.zip |
Merge pull request #109 from inthepoche/dev
merge dev into master
Diffstat (limited to 'index.php')
-rw-r--r-- | index.php | 108 |
1 files changed, 41 insertions, 67 deletions
@@ -8,83 +8,57 @@ | |||
8 | * @license http://www.wtfpl.net/ see COPYING file | 8 | * @license http://www.wtfpl.net/ see COPYING file |
9 | */ | 9 | */ |
10 | 10 | ||
11 | include dirname(__FILE__).'/inc/config.php'; | 11 | include dirname(__FILE__).'/inc/poche/config.inc.php'; |
12 | 12 | ||
13 | myTool::initPhp(); | 13 | # Parse GET & REFERER vars |
14 | 14 | $referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; | |
15 | # XSRF protection with token | 15 | $view = Tools::checkVar('view', 'home'); |
16 | if (!empty($_POST)) { | 16 | $action = Tools::checkVar('action'); |
17 | if (!Session::isToken($_POST['token'])) { | 17 | $id = Tools::checkVar('id'); |
18 | die('Wrong token.'); | 18 | $_SESSION['sort'] = Tools::checkVar('sort', 'id'); |
19 | } | 19 | $url = new Url((isset ($_GET['url'])) ? $_GET['url'] : ''); |
20 | unset($_SESSION['tokens']); | ||
21 | } | ||
22 | |||
23 | $ref = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; | ||
24 | 20 | ||
21 | # poche actions | ||
25 | if (isset($_GET['login'])) { | 22 | if (isset($_GET['login'])) { |
26 | // Login | 23 | # hello you |
27 | if (!empty($_POST['login']) && !empty($_POST['password'])) { | 24 | $poche->login($referer); |
28 | if (Session::login($_SESSION['login'], $_SESSION['pass'], $_POST['login'], encode_string($_POST['password'] . $_POST['login']))) { | ||
29 | logm('login successful'); | ||
30 | $msg->add('s', 'welcome in your poche!'); | ||
31 | if (!empty($_POST['longlastingsession'])) { | ||
32 | $_SESSION['longlastingsession'] = 31536000; | ||
33 | $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession']; | ||
34 | session_set_cookie_params($_SESSION['longlastingsession']); | ||
35 | } else { | ||
36 | session_set_cookie_params(0); // when browser closes | ||
37 | } | ||
38 | session_regenerate_id(true); | ||
39 | |||
40 | MyTool::redirect($ref); | ||
41 | } | ||
42 | logm('login failed'); | ||
43 | die("Login failed !"); | ||
44 | } else { | ||
45 | logm('login failed'); | ||
46 | } | ||
47 | } | 25 | } |
48 | elseif (isset($_GET['logout'])) { | 26 | elseif (isset($_GET['logout'])) { |
49 | logm('logout'); | 27 | # see you soon ! |
50 | Session::logout(); | 28 | $poche->logout(); |
51 | MyTool::redirect(); | ||
52 | } | 29 | } |
53 | elseif (isset($_GET['config'])) { | 30 | elseif (isset($_GET['config'])) { |
54 | if (isset($_POST['password']) && isset($_POST['password_repeat'])) { | 31 | # Update password |
55 | if ($_POST['password'] == $_POST['password_repeat'] && $_POST['password'] != "") { | 32 | $poche->updatePassword(); |
56 | logm('password updated'); | 33 | } |
57 | if (!DEMO) { | 34 | elseif (isset($_GET['import'])) { |
58 | $store->updatePassword(encode_string($_POST['password'] . $_SESSION['login'])); | 35 | $import = $poche->import($_GET['from']); |
59 | $msg->add('s', 'your password has been updated'); | 36 | } |
60 | } | 37 | elseif (isset($_GET['export'])) { |
61 | else { | 38 | $poche->export(); |
62 | $msg->add('i', 'in demo mode, you can\'t update password'); | ||
63 | } | ||
64 | } | ||
65 | else | ||
66 | $msg->add('e', 'your password can\'t be empty and you have to repeat it in the second field'); | ||
67 | } | ||
68 | } | 39 | } |
69 | 40 | ||
70 | # Traitement des paramètres et déclenchement des actions | 41 | # vars to send to templates |
71 | $view = (isset ($_REQUEST['view'])) ? htmlentities($_REQUEST['view']) : 'index'; | 42 | $tpl_vars = array( |
72 | $full_head = (isset ($_REQUEST['full_head'])) ? htmlentities($_REQUEST['full_head']) : 'yes'; | 43 | 'referer' => $referer, |
73 | $action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : ''; | 44 | 'view' => $view, |
74 | $_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id'; | 45 | 'poche_url' => Tools::getPocheUrl(), |
75 | $id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : ''; | 46 | 'title' => _('poche, a read it later open source system'), |
76 | $url = (isset ($_GET['url'])) ? $_GET['url'] : ''; | 47 | 'token' => Session::getToken(), |
77 | 48 | ); | |
78 | $tpl->assign('isLogged', Session::isLogged()); | ||
79 | $tpl->assign('referer', $ref); | ||
80 | $tpl->assign('view', $view); | ||
81 | $tpl->assign('poche_url', myTool::getUrl()); | ||
82 | $tpl->assign('title', 'poche, a read it later open source system'); | ||
83 | 49 | ||
84 | if (Session::isLogged()) { | 50 | if (Session::isLogged()) { |
85 | action_to_do($action, $url, $id); | 51 | $poche->action($action, $url, $id); |
86 | display_view($view, $id, $full_head); | 52 | $tpl_file = Tools::getTplFile($view); |
53 | $tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id)); | ||
87 | } | 54 | } |
88 | else { | 55 | else { |
89 | $tpl->draw('login'); | 56 | $tpl_file = 'login.twig'; |
90 | } | 57 | } |
58 | |||
59 | # because messages can be added in $poche->action(), we have to add this entry now (we can add it before) | ||
60 | $messages = $poche->messages->display('all', FALSE); | ||
61 | $tpl_vars = array_merge($tpl_vars, array('messages' => $messages)); | ||
62 | |||
63 | # display poche | ||
64 | echo $poche->tpl->render($tpl_file, $tpl_vars); \ No newline at end of file | ||