1 files changed, 53 insertions, 9 deletions
diff --git a/index.php b/index.php
index 995426b4..9a81a741 100644
--- a/index.php
+++ b/index.php
@@ -10,19 +10,63 @@
 include dirname(__FILE__).'/inc/config.php';
-$entries = get_entries($view);
+# initialize session
+Session::init();
+# XSRF protection with token
+if (!empty($_POST)) {
+    if (!Session::isToken($_POST['token'])) {
+        die('Wrong token.');
+    }
+    unset($_SESSION['tokens']);
+}
+if (isset($_GET['login'])) {
+    // Login
+    if (!empty($_POST['login']) && !empty($_POST['password'])) {
+        if (Session::login('poche', 'poche', $_POST['login'], $_POST['password'])) {
+            logm('login successful');
+            if (!empty($_POST['longlastingsession'])) {
+                $_SESSION['longlastingsession'] = 31536000;
+                $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession'];
+                session_set_cookie_params($_SESSION['longlastingsession']);
+            } else {
+                session_set_cookie_params(0); // when browser closes
+            }
+            session_regenerate_id(true);
+            MyTool::redirect();
+        }
+        logm('login failed');
+        die("Login failed !");
+    } else {
+        logm('login failed');
+    }
+}
+elseif (isset($_GET['logout'])) {
+    logm('logout');
+    Session::logout();
+    MyTool::redirect();
+}
+# Traitement des paramètres et déclenchement des actions
+$view               = (isset ($_REQUEST['view'])) ? htmlentities($_REQUEST['view']) : 'index';
+$full_head          = (isset ($_REQUEST['full_head'])) ? htmlentities($_REQUEST['full_head']) : 'yes';
+$action             = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : '';
+$_SESSION['sort']   = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id';
+$id                 = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : '';
+$url                = (isset ($_GET['url'])) ? $_GET['url'] : '';
+$ref                = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
+$tpl->assign('isLogged', Session::isLogged());
+$tpl->assign('referer', $ref);
+$tpl->assign('view', $view);
+$tpl->assign('poche_url', get_poche_url());
 $tpl->assign('title', 'poche, a read it later open source system');
-$tpl->assign('entries', $entries);
-$tpl->assign('load_all_js', 1);
-$tpl->draw('head');
 if (Session::isLogged()) {
-    $tpl->draw('home');
+    action_to_do($action, $url, $id);
-    $tpl->draw('entries');
+    display_view($view, $id, $full_head);
-    $tpl->draw('js');
 }
 else {
    $tpl->draw('login');
-}
+}
+\ No newline at end of file
-$tpl->draw('footer');
-\ No newline at end of file

diff --git a/index.php b/index.php index 995426b4..9a81a741 100644 --- a/index.php +++ b/index.php
@@ -10,19 +10,63 @@
10		10
11	include dirname(__FILE__).'/inc/config.php';	11	include dirname(__FILE__).'/inc/config.php';
12		12
13	$entries = get_entries($view);	13	# initialize session
		14	Session::init();
		15	# XSRF protection with token
		16	if (!empty($_POST)) {
		17	if (!Session::isToken($_POST['token'])) {
		18	die('Wrong token.');
		19	}
		20	unset($_SESSION['tokens']);
		21	}
		22
		23	if (isset($_GET['login'])) {
		24	// Login
		25	if (!empty($_POST['login']) && !empty($_POST['password'])) {
		26	if (Session::login('poche', 'poche', $_POST['login'], $_POST['password'])) {
		27	logm('login successful');
		28	if (!empty($_POST['longlastingsession'])) {
		29	$_SESSION['longlastingsession'] = 31536000;
		30	$_SESSION['expires_on'] = time() + $_SESSION['longlastingsession'];
		31	session_set_cookie_params($_SESSION['longlastingsession']);
		32	} else {
		33	session_set_cookie_params(0); // when browser closes
		34	}
		35	session_regenerate_id(true);
14		36
		37	MyTool::redirect();
		38	}
		39	logm('login failed');
		40	die("Login failed !");
		41	} else {
		42	logm('login failed');
		43	}
		44	}
		45	elseif (isset($_GET['logout'])) {
		46	logm('logout');
		47	Session::logout();
		48	MyTool::redirect();
		49	}
		50
		51	# Traitement des paramètres et déclenchement des actions
		52	$view = (isset ($_REQUEST['view'])) ? htmlentities($_REQUEST['view']) : 'index';
		53	$full_head = (isset ($_REQUEST['full_head'])) ? htmlentities($_REQUEST['full_head']) : 'yes';
		54	$action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : '';
		55	$_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id';
		56	$id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : '';
		57	$url = (isset ($_GET['url'])) ? $_GET['url'] : '';
		58	$ref = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
		59
		60	$tpl->assign('isLogged', Session::isLogged());
		61	$tpl->assign('referer', $ref);
		62	$tpl->assign('view', $view);
		63	$tpl->assign('poche_url', get_poche_url());
15	$tpl->assign('title', 'poche, a read it later open source system');	64	$tpl->assign('title', 'poche, a read it later open source system');
16	$tpl->assign('entries', $entries);
17	$tpl->assign('load_all_js', 1);
18		65
19	$tpl->draw('head');
20	if (Session::isLogged()) {	66	if (Session::isLogged()) {
21	$tpl->draw('home');	67	action_to_do($action, $url, $id);
22	$tpl->draw('entries');	68	display_view($view, $id, $full_head);
23	$tpl->draw('js');
24	}	69	}
25	else {	70	else {
26	$tpl->draw('login');	71	$tpl->draw('login');
27	}	72	} \ No newline at end of file
28	$tpl->draw('footer'); \ No newline at end of file