From 139769aa245fd58d032cb009303b0ea2cc4187cd Mon Sep 17 00:00:00 2001 From: nicosomb Date: Tue, 16 Apr 2013 11:52:25 +0200 Subject: stockage de la vue et du tri en session --- inc/config.php | 14 ++++++++++++++ inc/functions.php | 49 +++++++++++++++++++++++++++++++++++++++++-------- 2 files changed, 55 insertions(+), 8 deletions(-) (limited to 'inc') diff --git a/inc/config.php b/inc/config.php index 84b86998..4c1978b5 100644 --- a/inc/config.php +++ b/inc/config.php @@ -17,6 +17,7 @@ require_once 'rain.tpl.class.php'; $db = new db(DB_PATH); +# Initialisation de RainTPL raintpl::$tpl_dir = './tpl/'; raintpl::$cache_dir = './cache/'; raintpl::$base_url = get_poche_url(); @@ -24,10 +25,23 @@ raintpl::configure('path_replace', false); raintpl::configure('debug', false); $tpl = new raintpl(); +# Démarrage session et initialisation du jeton de sécurité session_start(); if (!isset($_SESSION['token_poche'])) { $token = md5(uniqid(rand(), TRUE)); $_SESSION['token_poche'] = $token; $_SESSION['token_time_poche'] = time(); +} + +# Traitement des paramètres et déclenchement des actions +$action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : ''; +$_SESSION['view'] = (isset ($_GET['view'])) ? htmlentities($_GET['view']) : 'index'; +$_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id'; +$id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : ''; +$url = (isset ($_GET['url'])) ? $_GET['url'] : ''; +$token = (isset ($_REQUEST['token'])) ? $_REQUEST['token'] : ''; + +if ($action != '') { + action_to_do($action, $id, $url, $token); } \ No newline at end of file diff --git a/inc/functions.php b/inc/functions.php index 3ee238dd..a7430585 100755 --- a/inc/functions.php +++ b/inc/functions.php @@ -46,9 +46,9 @@ function get_external_file($url, $timeout) // create http context and add timeout and user-agent $context = stream_context_create(array('http'=>array('timeout' => $timeout, // Timeout : time until we stop waiting for the response. - 'header'=> "User-Agent: ".$useragent, // spoot Mozilla Firefox - 'follow_location' => true - ))); + 'header'=> "User-Agent: ".$useragent, // spoot Mozilla Firefox + 'follow_location' => true + ))); // only download page lesser than 4MB $data = @file_get_contents($url, false, $context, -1, 4000000); // We download at most 4 MB from source. @@ -146,6 +146,20 @@ function action_to_do($action, $id, $url, $token) } else die('CSRF problem'); break; + case 'toggle_fav' : + if (verif_token($token)) { + $sql_action = "UPDATE entries SET is_fav=~is_fav WHERE id=?"; + $params_action = array($id); + } + else die('CSRF problem'); + break; + case 'toggle_archive' : + if (verif_token($token)) { + $sql_action = "UPDATE entries SET is_read=~is_read WHERE id=?"; + $params_action = array($id); + } + else die('CSRF problem'); + break; default: break; } @@ -168,22 +182,41 @@ function action_to_do($action, $id, $url, $token) /** * Détermine quels liens afficher : home, fav ou archives */ -function display_view($view) +function display_view() { global $db; - switch ($view) + switch ($_SESSION['sort']) + { + case 'ia': + $order = 'ORDER BY id'; + break; + case 'id': + $order = 'ORDER BY id DESC'; + break; + case 'ta': + $order = 'ORDER BY lower(title)'; + break; + case 'td': + $order = 'ORDER BY lower(title) DESC'; + break; + default: + $order = 'ORDER BY id'; + break; + } + + switch ($_SESSION['view']) { case 'archive': - $sql = "SELECT * FROM entries WHERE is_read=? ORDER BY id desc"; + $sql = "SELECT * FROM entries WHERE is_read=? " . $order; $params = array(-1); break; case 'fav' : - $sql = "SELECT * FROM entries WHERE is_fav=? ORDER BY id desc"; + $sql = "SELECT * FROM entries WHERE is_fav=? " . $order; $params = array(-1); break; default: - $sql = "SELECT * FROM entries WHERE is_read=? ORDER BY id desc"; + $sql = "SELECT * FROM entries WHERE is_read=? " . $order; $params = array(0); break; } -- cgit v1.2.3