aboutsummaryrefslogtreecommitdiffhomepage
path: root/inc/functions.php
diff options
context:
space:
mode:
Diffstat (limited to 'inc/functions.php')
-rw-r--r--inc/functions.php67
1 files changed, 14 insertions, 53 deletions
diff --git a/inc/functions.php b/inc/functions.php
index 936ec6ea..13acd36f 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -91,7 +91,7 @@ function get_external_file($url)
91function prepare_url($url) 91function prepare_url($url)
92{ 92{
93 $parametres = array(); 93 $parametres = array();
94 $url = html_entity_decode(trim($url)); 94 $url = html_entity_decode(trim($url));
95 95
96 // We remove the annoying parameters added by FeedBurner and GoogleFeedProxy (?utm_source=...) 96 // We remove the annoying parameters added by FeedBurner and GoogleFeedProxy (?utm_source=...)
97 // from shaarli, by sebsauvage 97 // from shaarli, by sebsauvage
@@ -99,7 +99,7 @@ function prepare_url($url)
99 $i=strpos($url,'?utm_source='); if ($i!==false) $url=substr($url,0,$i); 99 $i=strpos($url,'?utm_source='); if ($i!==false) $url=substr($url,0,$i);
100 $i=strpos($url,'#xtor=RSS-'); if ($i!==false) $url=substr($url,0,$i); 100 $i=strpos($url,'#xtor=RSS-'); if ($i!==false) $url=substr($url,0,$i);
101 101
102 $title = $url; 102 $title = $url;
103 if (!preg_match('!^https?://!i', $url)) 103 if (!preg_match('!^https?://!i', $url))
104 $url = 'http://' . $url; 104 $url = 'http://' . $url;
105 105
@@ -230,7 +230,7 @@ function remove_directory($directory)
230 * Appel d'une action (mark as fav, archive, delete) 230 * Appel d'une action (mark as fav, archive, delete)
231 */ 231 */
232 232
233function action_to_do($action, $url, $token, $id = 0) 233function action_to_do($action, $url, $id = 0)
234{ 234{
235 global $db; 235 global $db;
236 236
@@ -248,29 +248,20 @@ function action_to_do($action, $url, $token, $id = 0)
248 logm('add link ' . $url); 248 logm('add link ' . $url);
249 break; 249 break;
250 case 'delete': 250 case 'delete':
251 if (verif_token($token)) { 251 remove_directory(ABS_PATH . $id);
252 remove_directory(ABS_PATH . $id); 252 $sql_action = "DELETE FROM entries WHERE id=?";
253 $sql_action = "DELETE FROM entries WHERE id=?"; 253 $params_action = array($id);
254 $params_action = array($id); 254 logm('delete link #' . $id);
255 logm('delete link #' . $id);
256 }
257 else logm('csrf problem while deleting entry');
258 break; 255 break;
259 case 'toggle_fav' : 256 case 'toggle_fav' :
260 if (verif_token($token)) { 257 $sql_action = "UPDATE entries SET is_fav=~is_fav WHERE id=?";
261 $sql_action = "UPDATE entries SET is_fav=~is_fav WHERE id=?"; 258 $params_action = array($id);
262 $params_action = array($id); 259 logm('mark as favorite link #' . $id);
263 logm('mark as favorite link #' . $id);
264 }
265 else logm('csrf problem while fav entry');
266 break; 260 break;
267 case 'toggle_archive' : 261 case 'toggle_archive' :
268 if (verif_token($token)) { 262 $sql_action = "UPDATE entries SET is_read=~is_read WHERE id=?";
269 $sql_action = "UPDATE entries SET is_read=~is_read WHERE id=?"; 263 $params_action = array($id);
270 $params_action = array($id); 264 logm('archive link #' . $id);
271 logm('archive link #' . $id);
272 }
273 else logm('csrf problem while archive entry');
274 break; 265 break;
275 default: 266 default:
276 break; 267 break;
@@ -305,7 +296,7 @@ function action_to_do($action, $url, $token, $id = 0)
305/** 296/**
306 * Détermine quels liens afficher : home, fav ou archives 297 * Détermine quels liens afficher : home, fav ou archives
307 */ 298 */
308function display_view($view) 299function get_entries($view)
309{ 300{
310 global $db; 301 global $db;
311 302
@@ -385,36 +376,6 @@ function get_article($id)
385 return $entry; 376 return $entry;
386} 377}
387 378
388/**
389 * Vérifie si le jeton passé en $_POST correspond à celui en session
390 */
391function verif_token($token)
392{
393 if(isset($_SESSION['token_poche']) && isset($_SESSION['token_time_poche']) && isset($token))
394 {
395 if($_SESSION['token_poche'] == $token)
396 {
397 $old_timestamp = time() - (15*60);
398 if($_SESSION['token_time_poche'] >= $old_timestamp)
399 {
400 return TRUE;
401 }
402 else {
403 session_destroy();
404 logm('session expired');
405 }
406 }
407 else {
408 logm('token error : the token is different');
409 return FALSE;
410 }
411 }
412 else {
413 logm('token error : the token is not here');
414 return FALSE;
415 }
416}
417
418function logm($message) 379function logm($message)
419{ 380{
420 $t = strval(date('Y/m/d_H:i:s')).' - '.$_SERVER["REMOTE_ADDR"].' - '.strval($message)."\n"; 381 $t = strval(date('Y/m/d_H:i:s')).' - '.$_SERVER["REMOTE_ADDR"].' - '.strval($message)."\n";