diff options
Diffstat (limited to 'inc')
| -rw-r--r-- | inc/Session.class.php | 2 | ||||
| -rw-r--r-- | inc/config.php | 57 | ||||
| -rw-r--r-- | inc/functions.php | 47 |
3 files changed, 48 insertions, 58 deletions
diff --git a/inc/Session.class.php b/inc/Session.class.php index 06fa6a8e..ee12b3d1 100644 --- a/inc/Session.class.php +++ b/inc/Session.class.php | |||
| @@ -93,7 +93,7 @@ class Session | |||
| 93 | // Force logout | 93 | // Force logout |
| 94 | public static function logout() | 94 | public static function logout() |
| 95 | { | 95 | { |
| 96 | unset($_SESSION['uid'],$_SESSION['info'],$_SESSION['expires_on']); | 96 | unset($_SESSION['uid'],$_SESSION['info'],$_SESSION['expires_on'],$_SESSION['tokens']); |
| 97 | } | 97 | } |
| 98 | 98 | ||
| 99 | // Make sure user is logged in. | 99 | // Make sure user is logged in. |
diff --git a/inc/config.php b/inc/config.php index 403217ce..063952a5 100644 --- a/inc/config.php +++ b/inc/config.php | |||
| @@ -33,59 +33,4 @@ raintpl::$cache_dir = './cache/'; | |||
| 33 | raintpl::$base_url = get_poche_url(); | 33 | raintpl::$base_url = get_poche_url(); |
| 34 | raintpl::configure('path_replace', false); | 34 | raintpl::configure('path_replace', false); |
| 35 | raintpl::configure('debug', false); | 35 | raintpl::configure('debug', false); |
| 36 | $tpl = new raintpl(); | 36 | $tpl = new raintpl(); \ No newline at end of file |
| 37 | |||
| 38 | # initialize session | ||
| 39 | Session::init(); | ||
| 40 | # XSRF protection with token | ||
| 41 | if (!empty($_POST)) { | ||
| 42 | if (!Session::isToken($_POST['token'])) { | ||
| 43 | die('Wrong token.'); | ||
| 44 | } | ||
| 45 | unset($_SESSION['tokens']); | ||
| 46 | } | ||
| 47 | |||
| 48 | $ref = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; | ||
| 49 | |||
| 50 | if (isset($_GET['login'])) { | ||
| 51 | // Login | ||
| 52 | if (!empty($_POST['login']) && !empty($_POST['password'])) { | ||
| 53 | if (Session::login('poche', 'poche', $_POST['login'], $_POST['password'])) { | ||
| 54 | if (!empty($_POST['longlastingsession'])) { | ||
| 55 | $_SESSION['longlastingsession'] = 31536000; | ||
| 56 | $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession']; | ||
| 57 | session_set_cookie_params($_SESSION['longlastingsession']); | ||
| 58 | } else { | ||
| 59 | session_set_cookie_params(0); // when browser closes | ||
| 60 | } | ||
| 61 | session_regenerate_id(true); | ||
| 62 | |||
| 63 | MyTool::redirect(); | ||
| 64 | } | ||
| 65 | logm('login failed'); | ||
| 66 | die("Login failed !"); | ||
| 67 | } else { | ||
| 68 | logm('login successful'); | ||
| 69 | } | ||
| 70 | } | ||
| 71 | elseif (isset($_GET['logout'])) { | ||
| 72 | logm('logout'); | ||
| 73 | Session::logout(); | ||
| 74 | MyTool::redirect(); | ||
| 75 | } | ||
| 76 | |||
| 77 | # Traitement des paramètres et déclenchement des actions | ||
| 78 | $view = (isset ($_REQUEST['view'])) ? htmlentities($_REQUEST['view']) : 'index'; | ||
| 79 | $action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : ''; | ||
| 80 | $_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id'; | ||
| 81 | $id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : ''; | ||
| 82 | $url = (isset ($_GET['url'])) ? $_GET['url'] : ''; | ||
| 83 | |||
| 84 | $tpl->assign('isLogged', Session::isLogged()); | ||
| 85 | $tpl->assign('referer', $ref); | ||
| 86 | $tpl->assign('view', $view); | ||
| 87 | $tpl->assign('poche_url', get_poche_url()); | ||
| 88 | |||
| 89 | if ($action != '') { | ||
| 90 | action_to_do($action, $url, $id); | ||
| 91 | } | ||
diff --git a/inc/functions.php b/inc/functions.php index 13acd36f..ef1fc0e2 100644 --- a/inc/functions.php +++ b/inc/functions.php | |||
| @@ -226,10 +226,55 @@ function remove_directory($directory) | |||
| 226 | } | 226 | } |
| 227 | } | 227 | } |
| 228 | 228 | ||
| 229 | function display_view($view, $id = 0, $full_head = 'yes') | ||
| 230 | { | ||
| 231 | global $tpl; | ||
| 232 | |||
| 233 | switch ($view) | ||
| 234 | { | ||
| 235 | case 'view': | ||
| 236 | $entry = get_article($id); | ||
| 237 | |||
| 238 | if ($entry != NULL) { | ||
| 239 | $tpl->assign('id', $entry[0]['id']); | ||
| 240 | $tpl->assign('url', $entry[0]['url']); | ||
| 241 | $tpl->assign('title', $entry[0]['title']); | ||
| 242 | $tpl->assign('content', $entry[0]['content']); | ||
| 243 | $tpl->assign('is_fav', $entry[0]['is_fav']); | ||
| 244 | $tpl->assign('is_read', $entry[0]['is_read']); | ||
| 245 | $tpl->assign('load_all_js', 0); | ||
| 246 | $tpl->draw('view'); | ||
| 247 | } | ||
| 248 | else { | ||
| 249 | logm('error in view call : entry is NULL'); | ||
| 250 | } | ||
| 251 | |||
| 252 | logm('view link #' . $id); | ||
| 253 | break; | ||
| 254 | default: # home view | ||
| 255 | $entries = get_entries($view); | ||
| 256 | |||
| 257 | $tpl->assign('entries', $entries); | ||
| 258 | |||
| 259 | if ($full_head == 'yes') { | ||
| 260 | $tpl->assign('load_all_js', 1); | ||
| 261 | $tpl->draw('head'); | ||
| 262 | $tpl->draw('home'); | ||
| 263 | } | ||
| 264 | |||
| 265 | $tpl->draw('entries'); | ||
| 266 | |||
| 267 | if ($full_head == 'yes') { | ||
| 268 | $tpl->draw('js'); | ||
| 269 | $tpl->draw('footer'); | ||
| 270 | } | ||
| 271 | break; | ||
| 272 | } | ||
| 273 | } | ||
| 274 | |||
| 229 | /** | 275 | /** |
| 230 | * Appel d'une action (mark as fav, archive, delete) | 276 | * Appel d'une action (mark as fav, archive, delete) |
| 231 | */ | 277 | */ |
| 232 | |||
| 233 | function action_to_do($action, $url, $id = 0) | 278 | function action_to_do($action, $url, $id = 0) |
| 234 | { | 279 | { |
| 235 | global $db; | 280 | global $db; |