diff options
Diffstat (limited to 'inc/config.php')
-rw-r--r-- | inc/config.php | 54 |
1 files changed, 45 insertions, 9 deletions
diff --git a/inc/config.php b/inc/config.php index 386fd036..403217ce 100644 --- a/inc/config.php +++ b/inc/config.php | |||
@@ -22,10 +22,12 @@ include 'functions.php'; | |||
22 | require_once 'Readability.php'; | 22 | require_once 'Readability.php'; |
23 | require_once 'Encoding.php'; | 23 | require_once 'Encoding.php'; |
24 | require_once 'rain.tpl.class.php'; | 24 | require_once 'rain.tpl.class.php'; |
25 | require_once 'MyTool.class.php'; | ||
26 | require_once 'Session.class.php'; | ||
25 | 27 | ||
26 | $db = new db(DB_PATH); | 28 | $db = new db(DB_PATH); |
27 | 29 | ||
28 | # Initialisation de RainTPL | 30 | # initialisation de RainTPL |
29 | raintpl::$tpl_dir = './tpl/'; | 31 | raintpl::$tpl_dir = './tpl/'; |
30 | raintpl::$cache_dir = './cache/'; | 32 | raintpl::$cache_dir = './cache/'; |
31 | raintpl::$base_url = get_poche_url(); | 33 | raintpl::$base_url = get_poche_url(); |
@@ -33,13 +35,43 @@ raintpl::configure('path_replace', false); | |||
33 | raintpl::configure('debug', false); | 35 | raintpl::configure('debug', false); |
34 | $tpl = new raintpl(); | 36 | $tpl = new raintpl(); |
35 | 37 | ||
36 | # Démarrage session et initialisation du jeton de sécurité | 38 | # initialize session |
37 | session_start(); | 39 | Session::init(); |
40 | # XSRF protection with token | ||
41 | if (!empty($_POST)) { | ||
42 | if (!Session::isToken($_POST['token'])) { | ||
43 | die('Wrong token.'); | ||
44 | } | ||
45 | unset($_SESSION['tokens']); | ||
46 | } | ||
47 | |||
48 | $ref = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; | ||
49 | |||
50 | if (isset($_GET['login'])) { | ||
51 | // Login | ||
52 | if (!empty($_POST['login']) && !empty($_POST['password'])) { | ||
53 | if (Session::login('poche', 'poche', $_POST['login'], $_POST['password'])) { | ||
54 | if (!empty($_POST['longlastingsession'])) { | ||
55 | $_SESSION['longlastingsession'] = 31536000; | ||
56 | $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession']; | ||
57 | session_set_cookie_params($_SESSION['longlastingsession']); | ||
58 | } else { | ||
59 | session_set_cookie_params(0); // when browser closes | ||
60 | } | ||
61 | session_regenerate_id(true); | ||
38 | 62 | ||
39 | if (!isset($_SESSION['token_poche'])) { | 63 | MyTool::redirect(); |
40 | $token = md5(uniqid(rand(), TRUE)); | 64 | } |
41 | $_SESSION['token_poche'] = $token; | 65 | logm('login failed'); |
42 | $_SESSION['token_time_poche'] = time(); | 66 | die("Login failed !"); |
67 | } else { | ||
68 | logm('login successful'); | ||
69 | } | ||
70 | } | ||
71 | elseif (isset($_GET['logout'])) { | ||
72 | logm('logout'); | ||
73 | Session::logout(); | ||
74 | MyTool::redirect(); | ||
43 | } | 75 | } |
44 | 76 | ||
45 | # Traitement des paramètres et déclenchement des actions | 77 | # Traitement des paramètres et déclenchement des actions |
@@ -48,8 +80,12 @@ $action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['ac | |||
48 | $_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id'; | 80 | $_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id'; |
49 | $id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : ''; | 81 | $id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : ''; |
50 | $url = (isset ($_GET['url'])) ? $_GET['url'] : ''; | 82 | $url = (isset ($_GET['url'])) ? $_GET['url'] : ''; |
51 | $token = (isset ($_REQUEST['token'])) ? $_REQUEST['token'] : ''; | 83 | |
84 | $tpl->assign('isLogged', Session::isLogged()); | ||
85 | $tpl->assign('referer', $ref); | ||
86 | $tpl->assign('view', $view); | ||
87 | $tpl->assign('poche_url', get_poche_url()); | ||
52 | 88 | ||
53 | if ($action != '') { | 89 | if ($action != '') { |
54 | action_to_do($action, $url, $token, $id); | 90 | action_to_do($action, $url, $id); |
55 | } | 91 | } |