aboutsummaryrefslogtreecommitdiffhomepage
path: root/inc
diff options
context:
space:
mode:
Diffstat (limited to 'inc')
-rw-r--r--inc/config.php14
-rwxr-xr-xinc/functions.php49
2 files changed, 55 insertions, 8 deletions
diff --git a/inc/config.php b/inc/config.php
index 84b86998..4c1978b5 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -17,6 +17,7 @@ require_once 'rain.tpl.class.php';
17 17
18$db = new db(DB_PATH); 18$db = new db(DB_PATH);
19 19
20# Initialisation de RainTPL
20raintpl::$tpl_dir = './tpl/'; 21raintpl::$tpl_dir = './tpl/';
21raintpl::$cache_dir = './cache/'; 22raintpl::$cache_dir = './cache/';
22raintpl::$base_url = get_poche_url(); 23raintpl::$base_url = get_poche_url();
@@ -24,10 +25,23 @@ raintpl::configure('path_replace', false);
24raintpl::configure('debug', false); 25raintpl::configure('debug', false);
25$tpl = new raintpl(); 26$tpl = new raintpl();
26 27
28# Démarrage session et initialisation du jeton de sécurité
27session_start(); 29session_start();
28 30
29if (!isset($_SESSION['token_poche'])) { 31if (!isset($_SESSION['token_poche'])) {
30 $token = md5(uniqid(rand(), TRUE)); 32 $token = md5(uniqid(rand(), TRUE));
31 $_SESSION['token_poche'] = $token; 33 $_SESSION['token_poche'] = $token;
32 $_SESSION['token_time_poche'] = time(); 34 $_SESSION['token_time_poche'] = time();
35}
36
37# Traitement des paramètres et déclenchement des actions
38$action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : '';
39$_SESSION['view'] = (isset ($_GET['view'])) ? htmlentities($_GET['view']) : 'index';
40$_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id';
41$id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : '';
42$url = (isset ($_GET['url'])) ? $_GET['url'] : '';
43$token = (isset ($_REQUEST['token'])) ? $_REQUEST['token'] : '';
44
45if ($action != '') {
46 action_to_do($action, $id, $url, $token);
33} \ No newline at end of file 47} \ No newline at end of file
diff --git a/inc/functions.php b/inc/functions.php
index 3ee238dd..a7430585 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -46,9 +46,9 @@ function get_external_file($url, $timeout)
46 46
47 // create http context and add timeout and user-agent 47 // create http context and add timeout and user-agent
48 $context = stream_context_create(array('http'=>array('timeout' => $timeout, // Timeout : time until we stop waiting for the response. 48 $context = stream_context_create(array('http'=>array('timeout' => $timeout, // Timeout : time until we stop waiting for the response.
49 'header'=> "User-Agent: ".$useragent, // spoot Mozilla Firefox 49 'header'=> "User-Agent: ".$useragent, // spoot Mozilla Firefox
50 'follow_location' => true 50 'follow_location' => true
51 ))); 51 )));
52 52
53 // only download page lesser than 4MB 53 // only download page lesser than 4MB
54 $data = @file_get_contents($url, false, $context, -1, 4000000); // We download at most 4 MB from source. 54 $data = @file_get_contents($url, false, $context, -1, 4000000); // We download at most 4 MB from source.
@@ -146,6 +146,20 @@ function action_to_do($action, $id, $url, $token)
146 } 146 }
147 else die('CSRF problem'); 147 else die('CSRF problem');
148 break; 148 break;
149 case 'toggle_fav' :
150 if (verif_token($token)) {
151 $sql_action = "UPDATE entries SET is_fav=~is_fav WHERE id=?";
152 $params_action = array($id);
153 }
154 else die('CSRF problem');
155 break;
156 case 'toggle_archive' :
157 if (verif_token($token)) {
158 $sql_action = "UPDATE entries SET is_read=~is_read WHERE id=?";
159 $params_action = array($id);
160 }
161 else die('CSRF problem');
162 break;
149 default: 163 default:
150 break; 164 break;
151 } 165 }
@@ -168,22 +182,41 @@ function action_to_do($action, $id, $url, $token)
168/** 182/**
169 * Détermine quels liens afficher : home, fav ou archives 183 * Détermine quels liens afficher : home, fav ou archives
170 */ 184 */
171function display_view($view) 185function display_view()
172{ 186{
173 global $db; 187 global $db;
174 188
175 switch ($view) 189 switch ($_SESSION['sort'])
190 {
191 case 'ia':
192 $order = 'ORDER BY id';
193 break;
194 case 'id':
195 $order = 'ORDER BY id DESC';
196 break;
197 case 'ta':
198 $order = 'ORDER BY lower(title)';
199 break;
200 case 'td':
201 $order = 'ORDER BY lower(title) DESC';
202 break;
203 default:
204 $order = 'ORDER BY id';
205 break;
206 }
207
208 switch ($_SESSION['view'])
176 { 209 {
177 case 'archive': 210 case 'archive':
178 $sql = "SELECT * FROM entries WHERE is_read=? ORDER BY id desc"; 211 $sql = "SELECT * FROM entries WHERE is_read=? " . $order;
179 $params = array(-1); 212 $params = array(-1);
180 break; 213 break;
181 case 'fav' : 214 case 'fav' :
182 $sql = "SELECT * FROM entries WHERE is_fav=? ORDER BY id desc"; 215 $sql = "SELECT * FROM entries WHERE is_fav=? " . $order;
183 $params = array(-1); 216 $params = array(-1);
184 break; 217 break;
185 default: 218 default:
186 $sql = "SELECT * FROM entries WHERE is_read=? ORDER BY id desc"; 219 $sql = "SELECT * FROM entries WHERE is_read=? " . $order;
187 $params = array(0); 220 $params = array(0);
188 break; 221 break;
189 } 222 }