aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'index.php')
-rw-r--r--index.php108
1 files changed, 41 insertions, 67 deletions
diff --git a/index.php b/index.php
index 0a778d08..a60e4e94 100644
--- a/index.php
+++ b/index.php
@@ -8,83 +8,57 @@
8 * @license http://www.wtfpl.net/ see COPYING file 8 * @license http://www.wtfpl.net/ see COPYING file
9 */ 9 */
10 10
11include dirname(__FILE__).'/inc/config.php'; 11include dirname(__FILE__).'/inc/poche/config.inc.php';
12 12
13myTool::initPhp(); 13# Parse GET & REFERER vars
14 14$referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
15# XSRF protection with token 15$view = Tools::checkVar('view', 'home');
16if (!empty($_POST)) { 16$action = Tools::checkVar('action');
17 if (!Session::isToken($_POST['token'])) { 17$id = Tools::checkVar('id');
18 die('Wrong token.'); 18$_SESSION['sort'] = Tools::checkVar('sort', 'id');
19 } 19$url = new Url((isset ($_GET['url'])) ? $_GET['url'] : '');
20 unset($_SESSION['tokens']);
21}
22
23$ref = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
24 20
21# poche actions
25if (isset($_GET['login'])) { 22if (isset($_GET['login'])) {
26 // Login 23 # hello you
27 if (!empty($_POST['login']) && !empty($_POST['password'])) { 24 $poche->login($referer);
28 if (Session::login($_SESSION['login'], $_SESSION['pass'], $_POST['login'], encode_string($_POST['password'] . $_POST['login']))) {
29 logm('login successful');
30 $msg->add('s', 'welcome in your poche!');
31 if (!empty($_POST['longlastingsession'])) {
32 $_SESSION['longlastingsession'] = 31536000;
33 $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession'];
34 session_set_cookie_params($_SESSION['longlastingsession']);
35 } else {
36 session_set_cookie_params(0); // when browser closes
37 }
38 session_regenerate_id(true);
39
40 MyTool::redirect($ref);
41 }
42 logm('login failed');
43 die("Login failed !");
44 } else {
45 logm('login failed');
46 }
47} 25}
48elseif (isset($_GET['logout'])) { 26elseif (isset($_GET['logout'])) {
49 logm('logout'); 27 # see you soon !
50 Session::logout(); 28 $poche->logout();
51 MyTool::redirect();
52} 29}
53elseif (isset($_GET['config'])) { 30elseif (isset($_GET['config'])) {
54 if (isset($_POST['password']) && isset($_POST['password_repeat'])) { 31 # Update password
55 if ($_POST['password'] == $_POST['password_repeat'] && $_POST['password'] != "") { 32 $poche->updatePassword();
56 logm('password updated'); 33}
57 if (!DEMO) { 34elseif (isset($_GET['import'])) {
58 $store->updatePassword(encode_string($_POST['password'] . $_SESSION['login'])); 35 $import = $poche->import($_GET['from']);
59 $msg->add('s', 'your password has been updated'); 36}
60 } 37elseif (isset($_GET['export'])) {
61 else { 38 $poche->export();
62 $msg->add('i', 'in demo mode, you can\'t update password');
63 }
64 }
65 else
66 $msg->add('e', 'your password can\'t be empty and you have to repeat it in the second field');
67 }
68} 39}
69 40
70# Traitement des paramètres et déclenchement des actions 41# vars to send to templates
71$view = (isset ($_REQUEST['view'])) ? htmlentities($_REQUEST['view']) : 'index'; 42$tpl_vars = array(
72$full_head = (isset ($_REQUEST['full_head'])) ? htmlentities($_REQUEST['full_head']) : 'yes'; 43 'referer' => $referer,
73$action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : ''; 44 'view' => $view,
74$_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id'; 45 'poche_url' => Tools::getPocheUrl(),
75$id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : ''; 46 'title' => _('poche, a read it later open source system'),
76$url = (isset ($_GET['url'])) ? $_GET['url'] : ''; 47 'token' => Session::getToken(),
77 48);
78$tpl->assign('isLogged', Session::isLogged());
79$tpl->assign('referer', $ref);
80$tpl->assign('view', $view);
81$tpl->assign('poche_url', myTool::getUrl());
82$tpl->assign('title', 'poche, a read it later open source system');
83 49
84if (Session::isLogged()) { 50if (Session::isLogged()) {
85 action_to_do($action, $url, $id); 51 $poche->action($action, $url, $id);
86 display_view($view, $id, $full_head); 52 $tpl_file = Tools::getTplFile($view);
53 $tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id));
87} 54}
88else { 55else {
89 $tpl->draw('login'); 56 $tpl_file = 'login.twig';
90} 57}
58
59# because messages can be added in $poche->action(), we have to add this entry now (we can add it before)
60$messages = $poche->messages->display('all', FALSE);
61$tpl_vars = array_merge($tpl_vars, array('messages' => $messages));
62
63# display poche
64echo $poche->tpl->render($tpl_file, $tpl_vars); \ No newline at end of file