8 files changed, 124 insertions, 10 deletions
diff --git a/inc/Session.class.php b/inc/Session.class.php
index ee12b3d1..eff924cc 100644
--- a/inc/Session.class.php
+++ b/inc/Session.class.php
@@ -93,7 +93,7 @@ class Session
    // Force logout
    public static function logout()
    {
-        unset($_SESSION['uid'],$_SESSION['info'],$_SESSION['expires_on'],$_SESSION['tokens']);
+        unset($_SESSION['uid'],$_SESSION['info'],$_SESSION['expires_on'],$_SESSION['tokens'], $_SESSION['login'], $_SESSION['pass']);
    }
    // Make sure user is logged in.
diff --git a/inc/config.php b/inc/config.php
index 737f5215..2de725f4 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -18,6 +18,7 @@ define ('ABS_PATH', 'assets/');
 define ('CONVERT_LINKS_FOOTNOTES', TRUE);
 define ('REVERT_FORCED_PARAGRAPH_ELEMENTS',FALSE);
 define ('DOWNLOAD_PICTURES', TRUE);
+define ('SALT', '464v54gLLw928uz4zUBqkRJeiPY68zCX');
 $storage_type = 'sqlite'; # sqlite or file
 include 'functions.php';
@@ -33,9 +34,7 @@ require_once 'class.messages.php';
 Session::init();
-$store  = new $storage_type();
+$store     = new $storage_type();
-$msg    = new Messages();
 # initialisation de RainTPL
 raintpl::$tpl_dir   = './tpl/';
 raintpl::$cache_dir = './cache/';
@@ -43,4 +42,24 @@ raintpl::$base_url  = get_poche_url();
 raintpl::configure('path_replace', false);
 raintpl::configure('debug', false);
 $tpl = new raintpl();
+if(!$store->isInstalled())
+{
+    logm('poche still not installed');
+    $tpl->draw('install');
+    if (isset($_GET['install'])) {
+        if (($_POST['password'] == $_POST['password_repeat']) 
+            && $_POST['password'] != "" && $_POST['login'] != "") {
+            $store->install($_POST['login'], encode_string($_POST['password'] . $_POST['login']));
+            Session::logout();
+            MyTool::redirect();
+        }
+    }
+    exit();
+}
+$_SESSION['login'] = (isset ($_SESSION['login'])) ? $_SESSION['login'] : $store->getLogin();
+$_SESSION['pass']  = (isset ($_SESSION['pass'])) ? $_SESSION['pass'] : $store->getPassword();
+$msg = new Messages();
 $tpl->assign('msg', $msg);
 \ No newline at end of file
diff --git a/inc/functions.php b/inc/functions.php
index c2a149c6..73e591c5 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -23,6 +23,11 @@ function get_poche_url()
    return $protocol . "://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
 }
+function encode_string($string) 
+{
+    return sha1($string . SALT);
+}
 // function define to retrieve url content
 function get_external_file($url)
 {
@@ -375,12 +380,10 @@ function action_to_do($action, $url, $id = 0)
            break;
        case 'toggle_fav' :
            $store->favoriteById($id);
-            $msg->add('s', 'the favorite toggle has been done successfully');
            logm('mark as favorite link #' . $id);
            break;
        case 'toggle_archive' :
            $store->archiveById($id);
-            $msg->add('s', 'the archive toggle has been done successfully');
            logm('archive link #' . $id);
            break;
        default:
diff --git a/inc/store/sqlite.class.php b/inc/store/sqlite.class.php
index cda412e6..4bfbb29e 100644
--- a/inc/store/sqlite.class.php
+++ b/inc/store/sqlite.class.php
@@ -17,7 +17,6 @@ class Sqlite extends Store {
        parent::__construct();
        $this->handle = new PDO(self::$db_path);
-        $this->handle->exec('CREATE TABLE IF NOT EXISTS "entries" ("id" INTEGER PRIMARY KEY  AUTOINCREMENT  NOT NULL  UNIQUE , "title" VARCHAR, "url" VARCHAR UNIQUE , "is_read" INTEGER DEFAULT 0, "is_fav" INTEGER DEFAULT 0, "content" BLOB)');
        $this->handle->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    }
@@ -25,6 +24,56 @@ class Sqlite extends Store {
        return $this->handle;
    }
+    public function isInstalled() {
+        $sql        = "SELECT name FROM sqlite_sequence WHERE name=?";
+        $query      = $this->executeQuery($sql, array('config'));
+        $hasConfig  = $query->fetchAll();
+        if (count($hasConfig) == 0) 
+            return FALSE;
+        if (!$this->getLogin() || !$this->getPassword()) 
+            return FALSE;
+        return TRUE;
+    }
+    public function install($login, $password) {
+        $this->getHandle()->exec('CREATE TABLE IF NOT EXISTS "config" ("id" INTEGER PRIMARY KEY  AUTOINCREMENT  NOT NULL  UNIQUE , "name" VARCHAR UNIQUE, "value" BLOB)');
+        $this->handle->exec('CREATE TABLE IF NOT EXISTS "entries" ("id" INTEGER PRIMARY KEY  AUTOINCREMENT  NOT NULL  UNIQUE , "title" VARCHAR, "url" VARCHAR UNIQUE , "is_read" INTEGER DEFAULT 0, "is_fav" INTEGER DEFAULT 0, "content" BLOB)');
+        if (!$this->getLogin()) {
+            $sql_login     = 'INSERT INTO config ( name, value ) VALUES (?, ?)';
+            $params_login  = array('login', $login);
+            $query         = $this->executeQuery($sql_login, $params_login);
+        }
+        if (!$this->getPassword()) {
+            $sql_pass     = 'INSERT INTO config ( name, value ) VALUES (?, ?)';
+            $params_pass  = array('password', $password);
+            $query        = $this->executeQuery($sql_pass, $params_pass);
+        }
+        return TRUE;
+    }
+    public function getLogin() {
+        $sql    = "SELECT value FROM config WHERE name=?";
+        $query  = $this->executeQuery($sql, array('login'));
+        $login  = $query->fetchAll();
+        return isset($login[0]['value']) ? $login[0]['value'] : FALSE;
+    }
+    public function getPassword() {
+        $sql    = "SELECT value FROM config WHERE name=?";
+        $query  = $this->executeQuery($sql, array('password'));
+        $pass   = $query->fetchAll();
+        return isset($pass[0]['value']) ? $pass[0]['value'] : FALSE; 
+    }
    private function executeQuery($sql, $params) {
        try
        {
diff --git a/inc/store/store.class.php b/inc/store/store.class.php
index 360ff7c2..dd7d4cfe 100644
--- a/inc/store/store.class.php
+++ b/inc/store/store.class.php
@@ -13,6 +13,14 @@ class Store {
    }
+    public function getLogin() {
+    }
+    public function getPassword() {
+        
+    }
    public function add() {
    }
diff --git a/index.php b/index.php
index 829d5513..1522a2ec 100644
--- a/index.php
+++ b/index.php
@@ -25,9 +25,14 @@ $ref = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
 if (isset($_GET['login'])) {
    // Login
    if (!empty($_POST['login']) && !empty($_POST['password'])) {
-        if (Session::login('poche', 'poche', $_POST['login'], $_POST['password'])) {
+// echo $_SESSION['login']."<br>";
+// echo $_SESSION['pass']."<br>";
+// echo $_POST['login']."<br>";
+// echo encode_string($_POST['password'] . $_POST['login']);
+//         die;
+        if (Session::login($_SESSION['login'], $_SESSION['pass'], $_POST['login'], encode_string($_POST['password'] . $_POST['login']))) {
            logm('login successful');
-            $msg->add('s', 'welcome in your pocket!');
+            $msg->add('s', 'welcome in your poche!');
            if (!empty($_POST['longlastingsession'])) {
                $_SESSION['longlastingsession'] = 31536000;
                $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession'];
diff --git a/tpl/install.html b/tpl/install.html
new file mode 100644
index 00000000..d11a7810
--- /dev/null
+++ b/tpl/install.html
@@ -0,0 +1,30 @@
+{include="head"}
+    <body class="light-style">
+        <header>
+            <h1><a href="index.php"><img src="./img/logo.png" alt="logo poche" /></a>poche</h1>
+        </header>
+        <div id="main">
+            <form method="post" action="?install" name="loginform">
+                <fieldset class="w500p center">
+                    <h2 class="mbs txtcenter">install your poche</h2>
+                    <div class="row">
+                        <label class="col w150p" for="login">Login</label>
+                        <input class="col" type="text" id="login" name="login" placeholder="Login" tabindex="1" autofocus />
+                    </div>
+                    <div class="row">
+                        <label class="col w150p" for="password">Password</label>
+                        <input class="col" type="password" id="password" name="password" placeholder="Password" tabindex="2">
+                    </div>
+                    <div class="row">
+                        <label class="col w150p" for="password_repeat">Repeat your password</label>
+                        <input class="col" type="password" id="password_repeat" name="password_repeat" placeholder="Password" tabindex="3">
+                    </div>
+                    <div class="row mts txtcenter">
+                        <button class="bouton" type="submit" tabindex="4">Install</button>
+                    </div>
+                </fieldset>
+                <input type="hidden" name="returnurl" value="<?php echo htmlspecialchars($referer);?>">
+                <input type="hidden" name="token" value="<?php echo Session::getToken(); ?>">
+            </form>
+{include="footer"}
diff --git a/tpl/login.html b/tpl/login.html
index ebe4b5e5..69c17a55 100644
--- a/tpl/login.html
+++ b/tpl/login.html
@@ -12,7 +12,7 @@
                                                <input class="col" type="text" id="login" name="login" placeholder="Login" tabindex="1" autofocus />
                                        </div>
                                        <div class="row">
-                                                <label class="col w150p" for="password" >Password</label>
+                                                <label class="col w150p" for="password">Password</label>
                                                <input class="col" type="password" id="password" name="password" placeholder="Password" tabindex="2">
                                        </div>
                                        <div class="row">

diff --git a/inc/Session.class.php b/inc/Session.class.php index ee12b3d1..eff924cc 100644 --- a/inc/Session.class.php +++ b/inc/Session.class.php
@@ -93,7 +93,7 @@ class Session
93	// Force logout	93	// Force logout
94	public static function logout()	94	public static function logout()
95	{	95	{
96	unset($_SESSION['uid'],$_SESSION['info'],$_SESSION['expires_on'],$_SESSION['tokens']);	96	unset($_SESSION['uid'],$_SESSION['info'],$_SESSION['expires_on'],$_SESSION['tokens'], $_SESSION['login'], $_SESSION['pass']);
97	}	97	}
98		98
99	// Make sure user is logged in.	99	// Make sure user is logged in.


diff --git a/inc/config.php b/inc/config.php index 737f5215..2de725f4 100644 --- a/inc/config.php +++ b/inc/config.php
@@ -18,6 +18,7 @@ define ('ABS_PATH', 'assets/');
18	define ('CONVERT_LINKS_FOOTNOTES', TRUE);	18	define ('CONVERT_LINKS_FOOTNOTES', TRUE);
19	define ('REVERT_FORCED_PARAGRAPH_ELEMENTS',FALSE);	19	define ('REVERT_FORCED_PARAGRAPH_ELEMENTS',FALSE);
20	define ('DOWNLOAD_PICTURES', TRUE);	20	define ('DOWNLOAD_PICTURES', TRUE);
		21	define ('SALT', '464v54gLLw928uz4zUBqkRJeiPY68zCX');
21	$storage_type = 'sqlite'; # sqlite or file	22	$storage_type = 'sqlite'; # sqlite or file
22		23
23	include 'functions.php';	24	include 'functions.php';
@@ -33,9 +34,7 @@ require_once 'class.messages.php';
33		34
34	Session::init();	35	Session::init();
35		36
36	$store = new $storage_type();	37	$store = new $storage_type();
37	$msg = new Messages();
38
39	# initialisation de RainTPL	38	# initialisation de RainTPL
40	raintpl::$tpl_dir = './tpl/';	39	raintpl::$tpl_dir = './tpl/';
41	raintpl::$cache_dir = './cache/';	40	raintpl::$cache_dir = './cache/';
@@ -43,4 +42,24 @@ raintpl::$base_url = get_poche_url();
43	raintpl::configure('path_replace', false);	42	raintpl::configure('path_replace', false);
44	raintpl::configure('debug', false);	43	raintpl::configure('debug', false);
45	$tpl = new raintpl();	44	$tpl = new raintpl();
		45
		46	if(!$store->isInstalled())
		47	{
		48	logm('poche still not installed');
		49	$tpl->draw('install');
		50	if (isset($_GET['install'])) {
		51	if (($_POST['password'] == $_POST['password_repeat'])
		52	&& $_POST['password'] != "" && $_POST['login'] != "") {
		53	$store->install($_POST['login'], encode_string($_POST['password'] . $_POST['login']));
		54	Session::logout();
		55	MyTool::redirect();
		56	}
		57	}
		58	exit();
		59	}
		60
		61	$_SESSION['login'] = (isset ($_SESSION['login'])) ? $_SESSION['login'] : $store->getLogin();
		62	$_SESSION['pass'] = (isset ($_SESSION['pass'])) ? $_SESSION['pass'] : $store->getPassword();
		63
		64	$msg = new Messages();
46	$tpl->assign('msg', $msg); \ No newline at end of file	65	$tpl->assign('msg', $msg); \ No newline at end of file


diff --git a/inc/functions.php b/inc/functions.php index c2a149c6..73e591c5 100644 --- a/inc/functions.php +++ b/inc/functions.php
@@ -23,6 +23,11 @@ function get_poche_url()
23	return $protocol . "://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];	23	return $protocol . "://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
24	}	24	}
25		25
		26	function encode_string($string)
		27	{
		28	return sha1($string . SALT);
		29	}
		30
26	// function define to retrieve url content	31	// function define to retrieve url content
27	function get_external_file($url)	32	function get_external_file($url)
28	{	33	{
@@ -375,12 +380,10 @@ function action_to_do($action, $url, $id = 0)
375	break;	380	break;
376	case 'toggle_fav' :	381	case 'toggle_fav' :
377	$store->favoriteById($id);	382	$store->favoriteById($id);
378	$msg->add('s', 'the favorite toggle has been done successfully');
379	logm('mark as favorite link #' . $id);	383	logm('mark as favorite link #' . $id);
380	break;	384	break;
381	case 'toggle_archive' :	385	case 'toggle_archive' :
382	$store->archiveById($id);	386	$store->archiveById($id);
383	$msg->add('s', 'the archive toggle has been done successfully');
384	logm('archive link #' . $id);	387	logm('archive link #' . $id);
385	break;	388	break;
386	default:	389	default:


diff --git a/inc/store/sqlite.class.php b/inc/store/sqlite.class.php index cda412e6..4bfbb29e 100644 --- a/inc/store/sqlite.class.php +++ b/inc/store/sqlite.class.php
@@ -17,7 +17,6 @@ class Sqlite extends Store {
17	parent::__construct();	17	parent::__construct();
18		18
19	$this->handle = new PDO(self::$db_path);	19	$this->handle = new PDO(self::$db_path);
20	$this->handle->exec('CREATE TABLE IF NOT EXISTS "entries" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL UNIQUE , "title" VARCHAR, "url" VARCHAR UNIQUE , "is_read" INTEGER DEFAULT 0, "is_fav" INTEGER DEFAULT 0, "content" BLOB)');
21	$this->handle->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);	20	$this->handle->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
22	}	21	}
23		22
@@ -25,6 +24,56 @@ class Sqlite extends Store {
25	return $this->handle;	24	return $this->handle;
26	}	25	}
27		26
		27	public function isInstalled() {
		28	$sql = "SELECT name FROM sqlite_sequence WHERE name=?";
		29	$query = $this->executeQuery($sql, array('config'));
		30	$hasConfig = $query->fetchAll();
		31
		32	if (count($hasConfig) == 0)
		33	return FALSE;
		34
		35	if (!$this->getLogin() \|\| !$this->getPassword())
		36	return FALSE;
		37
		38	return TRUE;
		39	}
		40
		41	public function install($login, $password) {
		42	$this->getHandle()->exec('CREATE TABLE IF NOT EXISTS "config" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL UNIQUE , "name" VARCHAR UNIQUE, "value" BLOB)');
		43
		44	$this->handle->exec('CREATE TABLE IF NOT EXISTS "entries" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL UNIQUE , "title" VARCHAR, "url" VARCHAR UNIQUE , "is_read" INTEGER DEFAULT 0, "is_fav" INTEGER DEFAULT 0, "content" BLOB)');
		45
		46	if (!$this->getLogin()) {
		47	$sql_login = 'INSERT INTO config ( name, value ) VALUES (?, ?)';
		48	$params_login = array('login', $login);
		49	$query = $this->executeQuery($sql_login, $params_login);
		50	}
		51
		52	if (!$this->getPassword()) {
		53	$sql_pass = 'INSERT INTO config ( name, value ) VALUES (?, ?)';
		54	$params_pass = array('password', $password);
		55	$query = $this->executeQuery($sql_pass, $params_pass);
		56	}
		57
		58	return TRUE;
		59	}
		60
		61	public function getLogin() {
		62	$sql = "SELECT value FROM config WHERE name=?";
		63	$query = $this->executeQuery($sql, array('login'));
		64	$login = $query->fetchAll();
		65
		66	return isset($login[0]['value']) ? $login[0]['value'] : FALSE;
		67	}
		68
		69	public function getPassword() {
		70	$sql = "SELECT value FROM config WHERE name=?";
		71	$query = $this->executeQuery($sql, array('password'));
		72	$pass = $query->fetchAll();
		73
		74	return isset($pass[0]['value']) ? $pass[0]['value'] : FALSE;
		75	}
		76
28	private function executeQuery($sql, $params) {	77	private function executeQuery($sql, $params) {
29	try	78	try
30	{	79	{


diff --git a/inc/store/store.class.php b/inc/store/store.class.php index 360ff7c2..dd7d4cfe 100644 --- a/inc/store/store.class.php +++ b/inc/store/store.class.php
@@ -13,6 +13,14 @@ class Store {
13		13
14	}	14	}
15		15
		16	public function getLogin() {
		17
		18	}
		19
		20	public function getPassword() {
		21
		22	}
		23
16	public function add() {	24	public function add() {
17		25
18	}	26	}


diff --git a/index.php b/index.php index 829d5513..1522a2ec 100644 --- a/index.php +++ b/index.php
@@ -25,9 +25,14 @@ $ref = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
25	if (isset($_GET['login'])) {	25	if (isset($_GET['login'])) {
26	// Login	26	// Login
27	if (!empty($_POST['login']) && !empty($_POST['password'])) {	27	if (!empty($_POST['login']) && !empty($_POST['password'])) {
28	if (Session::login('poche', 'poche', $_POST['login'], $_POST['password'])) {	28	// echo $_SESSION['login']."<br>";
		29	// echo $_SESSION['pass']."<br>";
		30	// echo $_POST['login']."<br>";
		31	// echo encode_string($_POST['password'] . $_POST['login']);
		32	// die;
		33	if (Session::login($_SESSION['login'], $_SESSION['pass'], $_POST['login'], encode_string($_POST['password'] . $_POST['login']))) {
29	logm('login successful');	34	logm('login successful');
30	$msg->add('s', 'welcome in your pocket!');	35	$msg->add('s', 'welcome in your poche!');
31	if (!empty($_POST['longlastingsession'])) {	36	if (!empty($_POST['longlastingsession'])) {
32	$_SESSION['longlastingsession'] = 31536000;	37	$_SESSION['longlastingsession'] = 31536000;
33	$_SESSION['expires_on'] = time() + $_SESSION['longlastingsession'];	38	$_SESSION['expires_on'] = time() + $_SESSION['longlastingsession'];


diff --git a/tpl/install.html b/tpl/install.html new file mode 100644 index 00000000..d11a7810 --- /dev/null +++ b/tpl/install.html
@@ -0,0 +1,30 @@
		1	{include="head"}
		2	<body class="light-style">
		3	<header>
		4	<h1><a href="index.php"><img src="./img/logo.png" alt="logo poche" /></a>poche</h1>
		5	</header>
		6	<div id="main">
		7	<form method="post" action="?install" name="loginform">
		8	<fieldset class="w500p center">
		9	<h2 class="mbs txtcenter">install your poche</h2>
		10	<div class="row">
		11	<label class="col w150p" for="login">Login</label>
		12	<input class="col" type="text" id="login" name="login" placeholder="Login" tabindex="1" autofocus />
		13	</div>
		14	<div class="row">
		15	<label class="col w150p" for="password">Password</label>
		16	<input class="col" type="password" id="password" name="password" placeholder="Password" tabindex="2">
		17	</div>
		18	<div class="row">
		19	<label class="col w150p" for="password_repeat">Repeat your password</label>
		20	<input class="col" type="password" id="password_repeat" name="password_repeat" placeholder="Password" tabindex="3">
		21	</div>
		22	<div class="row mts txtcenter">
		23	<button class="bouton" type="submit" tabindex="4">Install</button>
		24	</div>
		25	</fieldset>
		26	<input type="hidden" name="returnurl" value="<?php echo htmlspecialchars($referer);?>">
		27	<input type="hidden" name="token" value="<?php echo Session::getToken(); ?>">
		28	</form>
		29
		30	{include="footer"}


diff --git a/tpl/login.html b/tpl/login.html index ebe4b5e5..69c17a55 100644 --- a/tpl/login.html +++ b/tpl/login.html
@@ -12,7 +12,7 @@
12	<input class="col" type="text" id="login" name="login" placeholder="Login" tabindex="1" autofocus />	12	<input class="col" type="text" id="login" name="login" placeholder="Login" tabindex="1" autofocus />
13	</div>	13	</div>
14	<div class="row">	14	<div class="row">
15	<label class="col w150p" for="password" >Password</label>	15	<label class="col w150p" for="password">Password</label>
16	<input class="col" type="password" id="password" name="password" placeholder="Password" tabindex="2">	16	<input class="col" type="password" id="password" name="password" placeholder="Password" tabindex="2">
17	</div>	17	</div>
18	<div class="row">	18	<div class="row">