diff options
| -rw-r--r-- | inc/config.php | 4 | ||||
| -rw-r--r-- | inc/poche/pocheCore.php | 34 | ||||
| -rw-r--r-- | inc/poche/pocheTool.class.php | 126 | ||||
| -rw-r--r-- | inc/poche/pocheTools.class.php | 4 | ||||
| -rw-r--r-- | index.php | 18 |
5 files changed, 156 insertions, 30 deletions
diff --git a/inc/config.php b/inc/config.php index 58abb535..c4898cc9 100644 --- a/inc/config.php +++ b/inc/config.php | |||
| @@ -58,7 +58,7 @@ $store = new $storage_type(); | |||
| 58 | # installation | 58 | # installation |
| 59 | if(!$store->isInstalled()) | 59 | if(!$store->isInstalled()) |
| 60 | { | 60 | { |
| 61 | pocheTool::logm('poche still not installed'); | 61 | pocheTools::logm('poche still not installed'); |
| 62 | echo $twig->render('install.twig', array( | 62 | echo $twig->render('install.twig', array( |
| 63 | 'token' => Session::getToken(), | 63 | 'token' => Session::getToken(), |
| 64 | )); | 64 | )); |
| @@ -68,7 +68,7 @@ if(!$store->isInstalled()) | |||
| 68 | # let's rock, install poche baby ! | 68 | # let's rock, install poche baby ! |
| 69 | $store->install($_POST['login'], encode_string($_POST['password'] . $_POST['login'])); | 69 | $store->install($_POST['login'], encode_string($_POST['password'] . $_POST['login'])); |
| 70 | Session::logout(); | 70 | Session::logout(); |
| 71 | pocheTool::redirect(); | 71 | pocheTools::redirect(); |
| 72 | } | 72 | } |
| 73 | } | 73 | } |
| 74 | exit(); | 74 | exit(); |
diff --git a/inc/poche/pocheCore.php b/inc/poche/pocheCore.php index 34c15d84..e68696af 100644 --- a/inc/poche/pocheCore.php +++ b/inc/poche/pocheCore.php | |||
| @@ -93,8 +93,8 @@ function get_external_file($url) | |||
| 93 | function fetch_url_content($url) | 93 | function fetch_url_content($url) |
| 94 | { | 94 | { |
| 95 | $url = base64_decode($url); | 95 | $url = base64_decode($url); |
| 96 | if (pocheTool::isUrl($url)) { | 96 | if (pocheTools::isUrl($url)) { |
| 97 | $url = pocheTool::cleanURL($url); | 97 | $url = pocheTools::cleanURL($url); |
| 98 | $html = Encoding::toUTF8(get_external_file($url)); | 98 | $html = Encoding::toUTF8(get_external_file($url)); |
| 99 | 99 | ||
| 100 | # if get_external_file if not able to retrieve HTTPS content, try the same URL with HTTP protocol | 100 | # if get_external_file if not able to retrieve HTTPS content, try the same URL with HTTP protocol |
| @@ -128,7 +128,7 @@ function fetch_url_content($url) | |||
| 128 | } | 128 | } |
| 129 | else { | 129 | else { |
| 130 | #$msg->add('e', _('error during url preparation : the link is not valid')); | 130 | #$msg->add('e', _('error during url preparation : the link is not valid')); |
| 131 | pocheTool::logm($url . ' is not a valid url'); | 131 | pocheTools::logm($url . ' is not a valid url'); |
| 132 | } | 132 | } |
| 133 | 133 | ||
| 134 | return FALSE; | 134 | return FALSE; |
| @@ -141,16 +141,16 @@ function display_view($view, $id = 0, $full_head = 'yes') | |||
| 141 | switch ($view) | 141 | switch ($view) |
| 142 | { | 142 | { |
| 143 | case 'install': | 143 | case 'install': |
| 144 | pocheTool::logm('install mode'); | 144 | pocheTools::logm('install mode'); |
| 145 | break; | 145 | break; |
| 146 | case 'import'; | 146 | case 'import'; |
| 147 | pocheTool::logm('import mode'); | 147 | pocheTools::logm('import mode'); |
| 148 | break; | 148 | break; |
| 149 | case 'export': | 149 | case 'export': |
| 150 | $entries = $store->retrieveAll(); | 150 | $entries = $store->retrieveAll(); |
| 151 | $tpl->assign('export', pocheTool::renderJson($entries)); | 151 | $tpl->assign('export', pocheTools::renderJson($entries)); |
| 152 | $tpl->draw('export'); | 152 | $tpl->draw('export'); |
| 153 | pocheTool::logm('export view'); | 153 | pocheTools::logm('export view'); |
| 154 | break; | 154 | break; |
| 155 | case 'config': | 155 | case 'config': |
| 156 | $tpl->assign('load_all_js', 0); | 156 | $tpl->assign('load_all_js', 0); |
| @@ -159,12 +159,12 @@ function display_view($view, $id = 0, $full_head = 'yes') | |||
| 159 | $tpl->draw('config'); | 159 | $tpl->draw('config'); |
| 160 | $tpl->draw('js'); | 160 | $tpl->draw('js'); |
| 161 | $tpl->draw('footer'); | 161 | $tpl->draw('footer'); |
| 162 | pocheTool::logm('config view'); | 162 | pocheTools::logm('config view'); |
| 163 | break; | 163 | break; |
| 164 | case 'view': | 164 | case 'view': |
| 165 | $entry = $store->retrieveOneById($id); | 165 | $entry = $store->retrieveOneById($id); |
| 166 | if ($entry != NULL) { | 166 | if ($entry != NULL) { |
| 167 | pocheTool::logm('view link #' . $id); | 167 | pocheTools::logm('view link #' . $id); |
| 168 | $tpl->assign('id', $entry['id']); | 168 | $tpl->assign('id', $entry['id']); |
| 169 | $tpl->assign('url', $entry['url']); | 169 | $tpl->assign('url', $entry['url']); |
| 170 | $tpl->assign('title', $entry['title']); | 170 | $tpl->assign('title', $entry['title']); |
| @@ -181,7 +181,7 @@ function display_view($view, $id = 0, $full_head = 'yes') | |||
| 181 | $tpl->draw('view'); | 181 | $tpl->draw('view'); |
| 182 | } | 182 | } |
| 183 | else { | 183 | else { |
| 184 | pocheTool::logm('error in view call : entry is NULL'); | 184 | pocheTools::logm('error in view call : entry is NULL'); |
| 185 | } | 185 | } |
| 186 | break; | 186 | break; |
| 187 | default: # home view | 187 | default: # home view |
| @@ -215,7 +215,7 @@ function action_to_do($action, $url, $id = 0) | |||
| 215 | case 'add': | 215 | case 'add': |
| 216 | if($parametres_url = fetch_url_content($url)) { | 216 | if($parametres_url = fetch_url_content($url)) { |
| 217 | if ($store->add($url, $parametres_url['title'], $parametres_url['content'])) { | 217 | if ($store->add($url, $parametres_url['title'], $parametres_url['content'])) { |
| 218 | pocheTool::logm('add link ' . $url); | 218 | pocheTools::logm('add link ' . $url); |
| 219 | $last_id = $store->getLastId(); | 219 | $last_id = $store->getLastId(); |
| 220 | if (DOWNLOAD_PICTURES) { | 220 | if (DOWNLOAD_PICTURES) { |
| 221 | $content = filtre_picture($parametres_url['content'], $url, $last_id); | 221 | $content = filtre_picture($parametres_url['content'], $url, $last_id); |
| @@ -224,12 +224,12 @@ function action_to_do($action, $url, $id = 0) | |||
| 224 | } | 224 | } |
| 225 | else { | 225 | else { |
| 226 | #$msg->add('e', _('error during insertion : the link wasn\'t added')); | 226 | #$msg->add('e', _('error during insertion : the link wasn\'t added')); |
| 227 | pocheTool::logm('error during insertion : the link wasn\'t added'); | 227 | pocheTools::logm('error during insertion : the link wasn\'t added'); |
| 228 | } | 228 | } |
| 229 | } | 229 | } |
| 230 | else { | 230 | else { |
| 231 | #$msg->add('e', _('error during url preparation : the link wasn\'t added')); | 231 | #$msg->add('e', _('error during url preparation : the link wasn\'t added')); |
| 232 | pocheTool::logm('error during content fetch'); | 232 | pocheTools::logm('error during content fetch'); |
| 233 | } | 233 | } |
| 234 | break; | 234 | break; |
| 235 | case 'delete': | 235 | case 'delete': |
| @@ -238,20 +238,20 @@ function action_to_do($action, $url, $id = 0) | |||
| 238 | remove_directory(ABS_PATH . $id); | 238 | remove_directory(ABS_PATH . $id); |
| 239 | } | 239 | } |
| 240 | #$msg->add('s', _('the link has been deleted successfully')); | 240 | #$msg->add('s', _('the link has been deleted successfully')); |
| 241 | pocheTool::logm('delete link #' . $id); | 241 | pocheTools::logm('delete link #' . $id); |
| 242 | } | 242 | } |
| 243 | else { | 243 | else { |
| 244 | #$msg->add('e', _('the link wasn\'t deleted')); | 244 | #$msg->add('e', _('the link wasn\'t deleted')); |
| 245 | pocheTool::logm('error : can\'t delete link #' . $id); | 245 | pocheTools::logm('error : can\'t delete link #' . $id); |
| 246 | } | 246 | } |
| 247 | break; | 247 | break; |
| 248 | case 'toggle_fav' : | 248 | case 'toggle_fav' : |
| 249 | $store->favoriteById($id); | 249 | $store->favoriteById($id); |
| 250 | pocheTool::logm('mark as favorite link #' . $id); | 250 | pocheTools::logm('mark as favorite link #' . $id); |
| 251 | break; | 251 | break; |
| 252 | case 'toggle_archive' : | 252 | case 'toggle_archive' : |
| 253 | $store->archiveById($id); | 253 | $store->archiveById($id); |
| 254 | pocheTool::logm('archive link #' . $id); | 254 | pocheTools::logm('archive link #' . $id); |
| 255 | break; | 255 | break; |
| 256 | default: | 256 | default: |
| 257 | break; | 257 | break; |
diff --git a/inc/poche/pocheTool.class.php b/inc/poche/pocheTool.class.php new file mode 100644 index 00000000..8907c18e --- /dev/null +++ b/inc/poche/pocheTool.class.php | |||
| @@ -0,0 +1,126 @@ | |||
| 1 | <?php | ||
| 2 | /** | ||
| 3 | * poche, a read it later open source system | ||
| 4 | * | ||
| 5 | * @category poche | ||
| 6 | * @author Nicolas LÅ“uillet <support@inthepoche.com> | ||
| 7 | * @copyright 2013 | ||
| 8 | * @license http://www.wtfpl.net/ see COPYING file | ||
| 9 | */ | ||
| 10 | |||
| 11 | class pocheTools | ||
| 12 | { | ||
| 13 | public static function initPhp() | ||
| 14 | { | ||
| 15 | define('START_TIME', microtime(true)); | ||
| 16 | |||
| 17 | if (phpversion() < 5) { | ||
| 18 | die(_('Oops, it seems you don\'t have PHP 5.')); | ||
| 19 | } | ||
| 20 | |||
| 21 | error_reporting(E_ALL); | ||
| 22 | |||
| 23 | function stripslashesDeep($value) { | ||
| 24 | return is_array($value) | ||
| 25 | ? array_map('stripslashesDeep', $value) | ||
| 26 | : stripslashes($value); | ||
| 27 | } | ||
| 28 | |||
| 29 | if (get_magic_quotes_gpc()) { | ||
| 30 | $_POST = array_map('stripslashesDeep', $_POST); | ||
| 31 | $_GET = array_map('stripslashesDeep', $_GET); | ||
| 32 | $_COOKIE = array_map('stripslashesDeep', $_COOKIE); | ||
| 33 | } | ||
| 34 | |||
| 35 | ob_start(); | ||
| 36 | register_shutdown_function('ob_end_flush'); | ||
| 37 | } | ||
| 38 | |||
| 39 | public static function isUrl($url) | ||
| 40 | { | ||
| 41 | $pattern = '|^http(s)?://[a-z0-9-]+(.[a-z0-9-]+)*(:[0-9]+)?(/.*)?$|i'; | ||
| 42 | |||
| 43 | return preg_match($pattern, $url); | ||
| 44 | } | ||
| 45 | |||
| 46 | public static function getUrl() | ||
| 47 | { | ||
| 48 | $https = (!empty($_SERVER['HTTPS']) | ||
| 49 | && (strtolower($_SERVER['HTTPS']) == 'on')) | ||
| 50 | || (isset($_SERVER["SERVER_PORT"]) | ||
| 51 | && $_SERVER["SERVER_PORT"] == '443'); // HTTPS detection. | ||
| 52 | $serverport = (!isset($_SERVER["SERVER_PORT"]) | ||
| 53 | || $_SERVER["SERVER_PORT"] == '80' | ||
| 54 | || ($https && $_SERVER["SERVER_PORT"] == '443') | ||
| 55 | ? '' : ':' . $_SERVER["SERVER_PORT"]); | ||
| 56 | |||
| 57 | $scriptname = str_replace('/index.php', '/', $_SERVER["SCRIPT_NAME"]); | ||
| 58 | |||
| 59 | if (!isset($_SERVER["SERVER_NAME"])) { | ||
| 60 | return $scriptname; | ||
| 61 | } | ||
| 62 | |||
| 63 | return 'http' . ($https ? 's' : '') . '://' | ||
| 64 | . $_SERVER["SERVER_NAME"] . $serverport . $scriptname; | ||
| 65 | } | ||
| 66 | |||
| 67 | public static function redirect($url = '') | ||
| 68 | { | ||
| 69 | if ($url === '') { | ||
| 70 | $url = (empty($_SERVER['HTTP_REFERER'])?'?':$_SERVER['HTTP_REFERER']); | ||
| 71 | if (isset($_POST['returnurl'])) { | ||
| 72 | $url = $_POST['returnurl']; | ||
| 73 | } | ||
| 74 | } | ||
| 75 | |||
| 76 | # prevent loop | ||
| 77 | if (empty($url) || parse_url($url, PHP_URL_QUERY) === $_SERVER['QUERY_STRING']) { | ||
| 78 | $url = pocheTool::getUrl(); | ||
| 79 | } | ||
| 80 | |||
| 81 | if (substr($url, 0, 1) !== '?') { | ||
| 82 | $ref = pocheTool::getUrl(); | ||
| 83 | if (substr($url, 0, strlen($ref)) !== $ref) { | ||
| 84 | $url = $ref; | ||
| 85 | } | ||
| 86 | } | ||
| 87 | header('Location: '.$url); | ||
| 88 | exit(); | ||
| 89 | } | ||
| 90 | |||
| 91 | public static function cleanURL($url) | ||
| 92 | { | ||
| 93 | |||
| 94 | $url = html_entity_decode(trim($url)); | ||
| 95 | |||
| 96 | $stuff = strpos($url,'&utm_source='); | ||
| 97 | if ($stuff !== FALSE) | ||
| 98 | $url = substr($url, 0, $stuff); | ||
| 99 | $stuff = strpos($url,'?utm_source='); | ||
| 100 | if ($stuff !== FALSE) | ||
| 101 | $url = substr($url, 0, $stuff); | ||
| 102 | $stuff = strpos($url,'#xtor=RSS-'); | ||
| 103 | if ($stuff !== FALSE) | ||
| 104 | $url = substr($url, 0, $stuff); | ||
| 105 | |||
| 106 | return $url; | ||
| 107 | } | ||
| 108 | |||
| 109 | public static function renderJson($data) | ||
| 110 | { | ||
| 111 | header('Cache-Control: no-cache, must-revalidate'); | ||
| 112 | header('Expires: Sat, 26 Jul 1997 05:00:00 GMT'); | ||
| 113 | header('Content-type: application/json; charset=UTF-8'); | ||
| 114 | |||
| 115 | echo json_encode($data); | ||
| 116 | exit(); | ||
| 117 | } | ||
| 118 | |||
| 119 | public static function logm($message) | ||
| 120 | { | ||
| 121 | if (DEBUG_POCHE) { | ||
| 122 | $t = strval(date('Y/m/d_H:i:s')) . ' - ' . $_SERVER["REMOTE_ADDR"] . ' - ' . strval($message) . "\n"; | ||
| 123 | file_put_contents('./log.txt', $t, FILE_APPEND); | ||
| 124 | } | ||
| 125 | } | ||
| 126 | } \ No newline at end of file | ||
diff --git a/inc/poche/pocheTools.class.php b/inc/poche/pocheTools.class.php index 8907c18e..08c9dc8f 100644 --- a/inc/poche/pocheTools.class.php +++ b/inc/poche/pocheTools.class.php | |||
| @@ -75,11 +75,11 @@ class pocheTools | |||
| 75 | 75 | ||
| 76 | # prevent loop | 76 | # prevent loop |
| 77 | if (empty($url) || parse_url($url, PHP_URL_QUERY) === $_SERVER['QUERY_STRING']) { | 77 | if (empty($url) || parse_url($url, PHP_URL_QUERY) === $_SERVER['QUERY_STRING']) { |
| 78 | $url = pocheTool::getUrl(); | 78 | $url = pocheTools::getUrl(); |
| 79 | } | 79 | } |
| 80 | 80 | ||
| 81 | if (substr($url, 0, 1) !== '?') { | 81 | if (substr($url, 0, 1) !== '?') { |
| 82 | $ref = pocheTool::getUrl(); | 82 | $ref = pocheTools::getUrl(); |
| 83 | if (substr($url, 0, strlen($ref)) !== $ref) { | 83 | if (substr($url, 0, strlen($ref)) !== $ref) { |
| 84 | $url = $ref; | 84 | $url = $ref; |
| 85 | } | 85 | } |
| @@ -10,7 +10,7 @@ | |||
| 10 | 10 | ||
| 11 | include dirname(__FILE__).'/inc/config.php'; | 11 | include dirname(__FILE__).'/inc/config.php'; |
| 12 | 12 | ||
| 13 | pocheTool::initPhp(); | 13 | pocheTools::initPhp(); |
| 14 | 14 | ||
| 15 | # XSRF protection with token | 15 | # XSRF protection with token |
| 16 | if (!empty($_POST)) { | 16 | if (!empty($_POST)) { |
| @@ -26,7 +26,7 @@ if (isset($_GET['login'])) { | |||
| 26 | // Login | 26 | // Login |
| 27 | if (!empty($_POST['login']) && !empty($_POST['password'])) { | 27 | if (!empty($_POST['login']) && !empty($_POST['password'])) { |
| 28 | if (Session::login($_SESSION['login'], $_SESSION['pass'], $_POST['login'], encode_string($_POST['password'] . $_POST['login']))) { | 28 | if (Session::login($_SESSION['login'], $_SESSION['pass'], $_POST['login'], encode_string($_POST['password'] . $_POST['login']))) { |
| 29 | pocheTool::logm('login successful'); | 29 | pocheTools::logm('login successful'); |
| 30 | if (!empty($_POST['longlastingsession'])) { | 30 | if (!empty($_POST['longlastingsession'])) { |
| 31 | $_SESSION['longlastingsession'] = 31536000; | 31 | $_SESSION['longlastingsession'] = 31536000; |
| 32 | $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession']; | 32 | $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession']; |
| @@ -36,23 +36,23 @@ if (isset($_GET['login'])) { | |||
| 36 | } | 36 | } |
| 37 | session_regenerate_id(true); | 37 | session_regenerate_id(true); |
| 38 | 38 | ||
| 39 | pocheTool::redirect($referer); | 39 | pocheTools::redirect($referer); |
| 40 | } | 40 | } |
| 41 | pocheTool::logm('login failed'); | 41 | pocheTools::logm('login failed'); |
| 42 | die(_("Login failed !")); | 42 | die(_("Login failed !")); |
| 43 | } else { | 43 | } else { |
| 44 | pocheTool::logm('login failed'); | 44 | pocheTools::logm('login failed'); |
| 45 | } | 45 | } |
| 46 | } | 46 | } |
| 47 | elseif (isset($_GET['logout'])) { | 47 | elseif (isset($_GET['logout'])) { |
| 48 | pocheTool::logm('logout'); | 48 | pocheTools::logm('logout'); |
| 49 | Session::logout(); | 49 | Session::logout(); |
| 50 | pocheTool::redirect(); | 50 | pocheTools::redirect(); |
| 51 | } | 51 | } |
| 52 | elseif (isset($_GET['config'])) { | 52 | elseif (isset($_GET['config'])) { |
| 53 | if (isset($_POST['password']) && isset($_POST['password_repeat'])) { | 53 | if (isset($_POST['password']) && isset($_POST['password_repeat'])) { |
| 54 | if ($_POST['password'] == $_POST['password_repeat'] && $_POST['password'] != "") { | 54 | if ($_POST['password'] == $_POST['password_repeat'] && $_POST['password'] != "") { |
| 55 | pocheTool::logm('password updated'); | 55 | pocheTools::logm('password updated'); |
| 56 | if (!MODE_DEMO) { | 56 | if (!MODE_DEMO) { |
| 57 | $store->updatePassword(encode_string($_POST['password'] . $_SESSION['login'])); | 57 | $store->updatePassword(encode_string($_POST['password'] . $_SESSION['login'])); |
| 58 | #your password has been updated | 58 | #your password has been updated |
| @@ -78,7 +78,7 @@ $tpl_vars = array( | |||
| 78 | 'isLogged' => Session::isLogged(), | 78 | 'isLogged' => Session::isLogged(), |
| 79 | 'referer' => $referer, | 79 | 'referer' => $referer, |
| 80 | 'view' => $view, | 80 | 'view' => $view, |
| 81 | 'poche_url' => pocheTool::getUrl(), | 81 | 'poche_url' => pocheTools::getUrl(), |
| 82 | 'demo' => MODE_DEMO, | 82 | 'demo' => MODE_DEMO, |
| 83 | 'title' => _('poche, a read it later open source system'), | 83 | 'title' => _('poche, a read it later open source system'), |
| 84 | ); | 84 | ); |