aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'index.php')
-rw-r--r--index.php23
1 files changed, 13 insertions, 10 deletions
diff --git a/index.php b/index.php
index 4962639b..f0a8aef4 100644
--- a/index.php
+++ b/index.php
@@ -10,12 +10,12 @@
10 10
11include dirname(__FILE__).'/inc/config.php'; 11include dirname(__FILE__).'/inc/config.php';
12 12
13pocheTools::initPhp(); 13$errors = array();
14 14
15# XSRF protection with token 15# XSRF protection with token
16if (!empty($_POST)) { 16if (!empty($_POST)) {
17 if (!Session::isToken($_POST['token'])) { 17 if (!Session::isToken($_POST['token'])) {
18 die(_('Wrong token.')); 18 die(_('Wrong token'));
19 } 19 }
20 unset($_SESSION['tokens']); 20 unset($_SESSION['tokens']);
21} 21}
@@ -23,10 +23,11 @@ if (!empty($_POST)) {
23$referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; 23$referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
24 24
25if (isset($_GET['login'])) { 25if (isset($_GET['login'])) {
26 // Login
27 if (!empty($_POST['login']) && !empty($_POST['password'])) { 26 if (!empty($_POST['login']) && !empty($_POST['password'])) {
28 if (Session::login($_SESSION['login'], $_SESSION['pass'], $_POST['login'], encode_string($_POST['password'] . $_POST['login']))) { 27 if (Session::login($_SESSION['login'], $_SESSION['pass'], $_POST['login'], encode_string($_POST['password'] . $_POST['login']))) {
29 pocheTools::logm('login successful'); 28 pocheTools::logm('login successful');
29 $errors[]['value'] = _('login successful');
30
30 if (!empty($_POST['longlastingsession'])) { 31 if (!empty($_POST['longlastingsession'])) {
31 $_SESSION['longlastingsession'] = 31536000; 32 $_SESSION['longlastingsession'] = 31536000;
32 $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession']; 33 $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession'];
@@ -35,11 +36,10 @@ if (isset($_GET['login'])) {
35 session_set_cookie_params(0); // when browser closes 36 session_set_cookie_params(0); // when browser closes
36 } 37 }
37 session_regenerate_id(true); 38 session_regenerate_id(true);
38
39 pocheTools::redirect($referer); 39 pocheTools::redirect($referer);
40 } 40 }
41 pocheTools::logm('login failed'); 41 pocheTools::logm('login failed');
42 die(_("Login failed !")); 42 $errors[]['value'] = _('Login failed !');
43 } else { 43 } else {
44 pocheTools::logm('login failed'); 44 pocheTools::logm('login failed');
45 } 45 }
@@ -67,7 +67,7 @@ elseif (isset($_GET['config'])) {
67} 67}
68 68
69# Traitement des paramètres et déclenchement des actions 69# Traitement des paramètres et déclenchement des actions
70$view = (isset ($_REQUEST['view'])) ? htmlentities($_REQUEST['view']) : 'index'; 70$view = (isset ($_REQUEST['view'])) ? htmlentities($_REQUEST['view']) : 'home';
71$full_head = (isset ($_REQUEST['full_head'])) ? htmlentities($_REQUEST['full_head']) : 'yes'; 71$full_head = (isset ($_REQUEST['full_head'])) ? htmlentities($_REQUEST['full_head']) : 'yes';
72$action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : ''; 72$action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : '';
73$_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id'; 73$_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id';
@@ -75,20 +75,23 @@ $id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id
75$url = (isset ($_GET['url'])) ? $_GET['url'] : ''; 75$url = (isset ($_GET['url'])) ? $_GET['url'] : '';
76 76
77$tpl_vars = array( 77$tpl_vars = array(
78 'isLogged' => Session::isLogged(),
79 'referer' => $referer, 78 'referer' => $referer,
80 'view' => $view, 79 'view' => $view,
81 'poche_url' => pocheTools::getUrl(), 80 'poche_url' => pocheTools::getUrl(),
82 'demo' => MODE_DEMO, 81 'demo' => MODE_DEMO,
83 'title' => _('poche, a read it later open source system'), 82 'title' => _('poche, a read it later open source system'),
83 'token' => Session::getToken(),
84 'errors' => $errors,
84); 85);
85 86
87$tpl_file = 'home.twig';
88
86if (Session::isLogged()) { 89if (Session::isLogged()) {
87 action_to_do($action, $url, $id); 90 action_to_do($action, $url, $id);
88 display_view($view, $id, $full_head); 91 $tpl_vars = array_merge($tpl_vars, display_view($view, $id));
89} 92}
90else { 93else {
91 $template = $twig->loadTemplate('login.twig'); 94 $tpl_file = 'login.twig';
92} 95}
93 96
94echo $template->render($tpl_vars); \ No newline at end of file 97echo $twig->render($tpl_file, $tpl_vars); \ No newline at end of file