aboutsummaryrefslogtreecommitdiffhomepage
path: root/inc/config.php
diff options
context:
space:
mode:
Diffstat (limited to 'inc/config.php')
-rw-r--r--inc/config.php54
1 files changed, 45 insertions, 9 deletions
diff --git a/inc/config.php b/inc/config.php
index 386fd036..403217ce 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -22,10 +22,12 @@ include 'functions.php';
22require_once 'Readability.php'; 22require_once 'Readability.php';
23require_once 'Encoding.php'; 23require_once 'Encoding.php';
24require_once 'rain.tpl.class.php'; 24require_once 'rain.tpl.class.php';
25require_once 'MyTool.class.php';
26require_once 'Session.class.php';
25 27
26$db = new db(DB_PATH); 28$db = new db(DB_PATH);
27 29
28# Initialisation de RainTPL 30# initialisation de RainTPL
29raintpl::$tpl_dir = './tpl/'; 31raintpl::$tpl_dir = './tpl/';
30raintpl::$cache_dir = './cache/'; 32raintpl::$cache_dir = './cache/';
31raintpl::$base_url = get_poche_url(); 33raintpl::$base_url = get_poche_url();
@@ -33,13 +35,43 @@ raintpl::configure('path_replace', false);
33raintpl::configure('debug', false); 35raintpl::configure('debug', false);
34$tpl = new raintpl(); 36$tpl = new raintpl();
35 37
36# Démarrage session et initialisation du jeton de sécurité 38# initialize session
37session_start(); 39Session::init();
40# XSRF protection with token
41if (!empty($_POST)) {
42 if (!Session::isToken($_POST['token'])) {
43 die('Wrong token.');
44 }
45 unset($_SESSION['tokens']);
46}
47
48$ref = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
49
50if (isset($_GET['login'])) {
51 // Login
52 if (!empty($_POST['login']) && !empty($_POST['password'])) {
53 if (Session::login('poche', 'poche', $_POST['login'], $_POST['password'])) {
54 if (!empty($_POST['longlastingsession'])) {
55 $_SESSION['longlastingsession'] = 31536000;
56 $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession'];
57 session_set_cookie_params($_SESSION['longlastingsession']);
58 } else {
59 session_set_cookie_params(0); // when browser closes
60 }
61 session_regenerate_id(true);
38 62
39if (!isset($_SESSION['token_poche'])) { 63 MyTool::redirect();
40 $token = md5(uniqid(rand(), TRUE)); 64 }
41 $_SESSION['token_poche'] = $token; 65 logm('login failed');
42 $_SESSION['token_time_poche'] = time(); 66 die("Login failed !");
67 } else {
68 logm('login successful');
69 }
70}
71elseif (isset($_GET['logout'])) {
72 logm('logout');
73 Session::logout();
74 MyTool::redirect();
43} 75}
44 76
45# Traitement des paramètres et déclenchement des actions 77# Traitement des paramètres et déclenchement des actions
@@ -48,8 +80,12 @@ $action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['ac
48$_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id'; 80$_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id';
49$id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : ''; 81$id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : '';
50$url = (isset ($_GET['url'])) ? $_GET['url'] : ''; 82$url = (isset ($_GET['url'])) ? $_GET['url'] : '';
51$token = (isset ($_REQUEST['token'])) ? $_REQUEST['token'] : ''; 83
84$tpl->assign('isLogged', Session::isLogged());
85$tpl->assign('referer', $ref);
86$tpl->assign('view', $view);
87$tpl->assign('poche_url', get_poche_url());
52 88
53if ($action != '') { 89if ($action != '') {
54 action_to_do($action, $url, $token, $id); 90 action_to_do($action, $url, $id);
55} 91}