1 files changed, 45 insertions, 9 deletions
diff --git a/inc/config.php b/inc/config.php
index 386fd036..403217ce 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -22,10 +22,12 @@ include 'functions.php';
 require_once 'Readability.php';
 require_once 'Encoding.php';
 require_once 'rain.tpl.class.php';
+require_once 'MyTool.class.php';
+require_once 'Session.class.php';
 $db = new db(DB_PATH);
-# Initialisation de RainTPL
+# initialisation de RainTPL
 raintpl::$tpl_dir   = './tpl/';
 raintpl::$cache_dir = './cache/';
 raintpl::$base_url  = get_poche_url();
@@ -33,13 +35,43 @@ raintpl::configure('path_replace', false);
 raintpl::configure('debug', false);
 $tpl = new raintpl();
-# Démarrage session et initialisation du jeton de sécurité
+# initialize session
-session_start();
+Session::init();
+# XSRF protection with token
+if (!empty($_POST)) {
+    if (!Session::isToken($_POST['token'])) {
+        die('Wrong token.');
+    }
+    unset($_SESSION['tokens']);
+}
+$ref = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
+if (isset($_GET['login'])) {
+    // Login
+    if (!empty($_POST['login']) && !empty($_POST['password'])) {
+        if (Session::login('poche', 'poche', $_POST['login'], $_POST['password'])) {
+            if (!empty($_POST['longlastingsession'])) {
+                $_SESSION['longlastingsession'] = 31536000;
+                $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession'];
+                session_set_cookie_params($_SESSION['longlastingsession']);
+            } else {
+                session_set_cookie_params(0); // when browser closes
+            }
+            session_regenerate_id(true);
-if (!isset($_SESSION['token_poche'])) {
+            MyTool::redirect();
-    $token = md5(uniqid(rand(), TRUE));
+        }
-    $_SESSION['token_poche'] = $token;
+        logm('login failed');
-    $_SESSION['token_time_poche'] = time();
+        die("Login failed !");
+    } else {
+        logm('login successful');
+    }
+}
+elseif (isset($_GET['logout'])) {
+    logm('logout');
+    Session::logout();
+    MyTool::redirect();
 }
 # Traitement des paramètres et déclenchement des actions
@@ -48,8 +80,12 @@ $action             = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['ac
 $_SESSION['sort']   = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id';
 $id                 = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : '';
 $url                = (isset ($_GET['url'])) ? $_GET['url'] : '';
-$token              = (isset ($_REQUEST['token'])) ? $_REQUEST['token'] : '';
+$tpl->assign('isLogged', Session::isLogged());
+$tpl->assign('referer', $ref);
+$tpl->assign('view', $view);
+$tpl->assign('poche_url', get_poche_url());
 if ($action != '') {
-    action_to_do($action, $url, $token, $id);
+    action_to_do($action, $url, $id);
 }

diff --git a/inc/config.php b/inc/config.php index 386fd036..403217ce 100644 --- a/inc/config.php +++ b/inc/config.php
@@ -22,10 +22,12 @@ include 'functions.php';
22	require_once 'Readability.php';	22	require_once 'Readability.php';
23	require_once 'Encoding.php';	23	require_once 'Encoding.php';
24	require_once 'rain.tpl.class.php';	24	require_once 'rain.tpl.class.php';
		25	require_once 'MyTool.class.php';
		26	require_once 'Session.class.php';
25		27
26	$db = new db(DB_PATH);	28	$db = new db(DB_PATH);
27		29
28	# Initialisation de RainTPL	30	# initialisation de RainTPL
29	raintpl::$tpl_dir = './tpl/';	31	raintpl::$tpl_dir = './tpl/';
30	raintpl::$cache_dir = './cache/';	32	raintpl::$cache_dir = './cache/';
31	raintpl::$base_url = get_poche_url();	33	raintpl::$base_url = get_poche_url();
@@ -33,13 +35,43 @@ raintpl::configure('path_replace', false);
33	raintpl::configure('debug', false);	35	raintpl::configure('debug', false);
34	$tpl = new raintpl();	36	$tpl = new raintpl();
35		37
36	# Démarrage session et initialisation du jeton de sécurité	38	# initialize session
37	session_start();	39	Session::init();
		40	# XSRF protection with token
		41	if (!empty($_POST)) {
		42	if (!Session::isToken($_POST['token'])) {
		43	die('Wrong token.');
		44	}
		45	unset($_SESSION['tokens']);
		46	}
		47
		48	$ref = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
		49
		50	if (isset($_GET['login'])) {
		51	// Login
		52	if (!empty($_POST['login']) && !empty($_POST['password'])) {
		53	if (Session::login('poche', 'poche', $_POST['login'], $_POST['password'])) {
		54	if (!empty($_POST['longlastingsession'])) {
		55	$_SESSION['longlastingsession'] = 31536000;
		56	$_SESSION['expires_on'] = time() + $_SESSION['longlastingsession'];
		57	session_set_cookie_params($_SESSION['longlastingsession']);
		58	} else {
		59	session_set_cookie_params(0); // when browser closes
		60	}
		61	session_regenerate_id(true);
38		62
39	if (!isset($_SESSION['token_poche'])) {	63	MyTool::redirect();
40	$token = md5(uniqid(rand(), TRUE));	64	}
41	$_SESSION['token_poche'] = $token;	65	logm('login failed');
42	$_SESSION['token_time_poche'] = time();	66	die("Login failed !");
		67	} else {
		68	logm('login successful');
		69	}
		70	}
		71	elseif (isset($_GET['logout'])) {
		72	logm('logout');
		73	Session::logout();
		74	MyTool::redirect();
43	}	75	}
44		76
45	# Traitement des paramètres et déclenchement des actions	77	# Traitement des paramètres et déclenchement des actions
@@ -48,8 +80,12 @@ $action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['ac
48	$_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id';	80	$_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id';
49	$id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : '';	81	$id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : '';
50	$url = (isset ($_GET['url'])) ? $_GET['url'] : '';	82	$url = (isset ($_GET['url'])) ? $_GET['url'] : '';
51	$token = (isset ($_REQUEST['token'])) ? $_REQUEST['token'] : '';	83
		84	$tpl->assign('isLogged', Session::isLogged());
		85	$tpl->assign('referer', $ref);
		86	$tpl->assign('view', $view);
		87	$tpl->assign('poche_url', get_poche_url());
52		88
53	if ($action != '') {	89	if ($action != '') {
54	action_to_do($action, $url, $token, $id);	90	action_to_do($action, $url, $id);
55	}	91	}