aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'index.php')
-rw-r--r--index.php52
1 files changed, 28 insertions, 24 deletions
diff --git a/index.php b/index.php
index 81bd0174..dc064428 100644
--- a/index.php
+++ b/index.php
@@ -10,70 +10,74 @@
10 10
11include dirname(__FILE__).'/inc/config.php'; 11include dirname(__FILE__).'/inc/config.php';
12 12
13$errors = array(); 13$notices = array();
14 14
15# XSRF protection with token 15# XSRF protection with token
16if (!empty($_POST)) { 16// if (!empty($_POST)) {
17 if (!Session::isToken($_POST['token'])) { 17// if (!Session::isToken($_POST['token'])) {
18 #die(_('Wrong token')); 18// die(_('Wrong token'));
19 // TODO CORRIGER ICI !!! 19// // TODO remettre le test
20 } 20// }
21 unset($_SESSION['tokens']); 21// unset($_SESSION['tokens']);
22} 22// }
23 23
24$referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; 24$referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
25 25
26if (isset($_GET['login'])) { 26if (isset($_GET['login'])) {
27 # hello you
27 if (!empty($_POST['login']) && !empty($_POST['password'])) { 28 if (!empty($_POST['login']) && !empty($_POST['password'])) {
28 if (Session::login($_SESSION['login'], $_SESSION['pass'], $_POST['login'], encode_string($_POST['password'] . $_POST['login']))) { 29 if (Session::login($_SESSION['login'], $_SESSION['pass'], $_POST['login'], encode_string($_POST['password'] . $_POST['login']))) {
29 pocheTools::logm('login successful'); 30 pocheTools::logm('login successful');
30 $errors[]['value'] = _('login successful'); 31 $pocheTools[]['value'] = _('login successful');
31 32
32 if (!empty($_POST['longlastingsession'])) { 33 if (!empty($_POST['longlastingsession'])) {
33 $_SESSION['longlastingsession'] = 31536000; 34 $_SESSION['longlastingsession'] = 31536000;
34 $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession']; 35 $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession'];
35 session_set_cookie_params($_SESSION['longlastingsession']); 36 session_set_cookie_params($_SESSION['longlastingsession']);
36 } else { 37 } else {
37 session_set_cookie_params(0); // when browser closes 38 session_set_cookie_params(0);
38 } 39 }
39 session_regenerate_id(true); 40 session_regenerate_id(true);
40 pocheTools::redirect($referer); 41 pocheTools::redirect($referer);
41 } 42 }
42 pocheTools::logm('login failed'); 43 pocheTools::logm('login failed');
43 $errors[]['value'] = _('Login failed !'); 44 $notices[]['value'] = _('Login failed !');
45 pocheTools::redirect();
44 } else { 46 } else {
45 pocheTools::logm('login failed'); 47 pocheTools::logm('login failed');
48 pocheTools::redirect();
46 } 49 }
47} 50}
48elseif (isset($_GET['logout'])) { 51elseif (isset($_GET['logout'])) {
52 # see you soon !
49 pocheTools::logm('logout'); 53 pocheTools::logm('logout');
50 Session::logout(); 54 Session::logout();
51 pocheTools::redirect(); 55 pocheTools::redirect();
52} 56}
53elseif (isset($_GET['config'])) { 57elseif (isset($_GET['config'])) {
58 # Update password
54 if (isset($_POST['password']) && isset($_POST['password_repeat'])) { 59 if (isset($_POST['password']) && isset($_POST['password_repeat'])) {
55 if ($_POST['password'] == $_POST['password_repeat'] && $_POST['password'] != "") { 60 if ($_POST['password'] == $_POST['password_repeat'] && $_POST['password'] != "") {
56 pocheTools::logm('password updated');
57 if (!MODE_DEMO) { 61 if (!MODE_DEMO) {
62 pocheTools::logm('password updated');
58 $store->updatePassword(encode_string($_POST['password'] . $_SESSION['login'])); 63 $store->updatePassword(encode_string($_POST['password'] . $_SESSION['login']));
59 #your password has been updated 64 Session::logout();
65 pocheTools::redirect();
60 } 66 }
61 else { 67 else {
62 #in demo mode, you can\'t update password 68 pocheTools::logm('in demo mode, you can\'t do this');
63 } 69 }
64 } 70 }
65 #else
66 #your password can\'t be empty and you have to repeat it in the second field
67 } 71 }
68} 72}
69 73
70# Traitement des paramètres et déclenchement des actions 74# Aaaaaaand action !
71$view = (isset ($_REQUEST['view'])) ? htmlentities($_REQUEST['view']) : 'home'; 75$view = (isset ($_REQUEST['view'])) ? htmlentities($_REQUEST['view']) : 'home';
72$full_head = (isset ($_REQUEST['full_head'])) ? htmlentities($_REQUEST['full_head']) : 'yes'; 76$full_head = (isset ($_REQUEST['full_head'])) ? htmlentities($_REQUEST['full_head']) : 'yes';
73$action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : ''; 77$action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : '';
74$_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id'; 78$_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id';
75$id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : ''; 79$id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : '';
76$url = (isset ($_GET['url'])) ? $_GET['url'] : ''; 80$url = (isset ($_GET['url'])) ? $_GET['url'] : '';
77 81
78$tpl_vars = array( 82$tpl_vars = array(
79 'referer' => $referer, 83 'referer' => $referer,
@@ -82,7 +86,7 @@ $tpl_vars = array(
82 'demo' => MODE_DEMO, 86 'demo' => MODE_DEMO,
83 'title' => _('poche, a read it later open source system'), 87 'title' => _('poche, a read it later open source system'),
84 'token' => Session::getToken(), 88 'token' => Session::getToken(),
85 'errors' => $errors, 89 'notices' => $notices,
86); 90);
87 91
88if (Session::isLogged()) { 92if (Session::isLogged()) {