diff --git a/inc/config.php b/inc/config.php index 84b8699..4c1978b 100644 --- a/inc/config.php +++ b/inc/config.php @@ -17,6 +17,7 @@ require_once 'rain.tpl.class.php'; $db = new db(DB_PATH); +# Initialisation de RainTPL raintpl::$tpl_dir = './tpl/'; raintpl::$cache_dir = './cache/'; raintpl::$base_url = get_poche_url(); @@ -24,10 +25,23 @@ raintpl::configure('path_replace', false); raintpl::configure('debug', false); $tpl = new raintpl(); +# Démarrage session et initialisation du jeton de sécurité session_start(); if (!isset($_SESSION['token_poche'])) { $token = md5(uniqid(rand(), TRUE)); $_SESSION['token_poche'] = $token; $_SESSION['token_time_poche'] = time(); +} + +# Traitement des paramètres et déclenchement des actions +$action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : ''; +$_SESSION['view'] = (isset ($_GET['view'])) ? htmlentities($_GET['view']) : 'index'; +$_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id'; +$id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : ''; +$url = (isset ($_GET['url'])) ? $_GET['url'] : ''; +$token = (isset ($_REQUEST['token'])) ? $_REQUEST['token'] : ''; + +if ($action != '') { + action_to_do($action, $id, $url, $token); } \ No newline at end of file diff --git a/inc/functions.php b/inc/functions.php index 3ee238d..a743058 100755 --- a/inc/functions.php +++ b/inc/functions.php @@ -46,9 +46,9 @@ function get_external_file($url, $timeout) // create http context and add timeout and user-agent $context = stream_context_create(array('http'=>array('timeout' => $timeout, // Timeout : time until we stop waiting for the response. - 'header'=> "User-Agent: ".$useragent, // spoot Mozilla Firefox - 'follow_location' => true - ))); + 'header'=> "User-Agent: ".$useragent, // spoot Mozilla Firefox + 'follow_location' => true + ))); // only download page lesser than 4MB $data = @file_get_contents($url, false, $context, -1, 4000000); // We download at most 4 MB from source. @@ -146,6 +146,20 @@ function action_to_do($action, $id, $url, $token) } else die('CSRF problem'); break; + case 'toggle_fav' : + if (verif_token($token)) { + $sql_action = "UPDATE entries SET is_fav=~is_fav WHERE id=?"; + $params_action = array($id); + } + else die('CSRF problem'); + break; + case 'toggle_archive' : + if (verif_token($token)) { + $sql_action = "UPDATE entries SET is_read=~is_read WHERE id=?"; + $params_action = array($id); + } + else die('CSRF problem'); + break; default: break; } @@ -168,22 +182,41 @@ function action_to_do($action, $id, $url, $token) /** * Détermine quels liens afficher : home, fav ou archives */ -function display_view($view) +function display_view() { global $db; - switch ($view) + switch ($_SESSION['sort']) + { + case 'ia': + $order = 'ORDER BY id'; + break; + case 'id': + $order = 'ORDER BY id DESC'; + break; + case 'ta': + $order = 'ORDER BY lower(title)'; + break; + case 'td': + $order = 'ORDER BY lower(title) DESC'; + break; + default: + $order = 'ORDER BY id'; + break; + } + + switch ($_SESSION['view']) { case 'archive': - $sql = "SELECT * FROM entries WHERE is_read=? ORDER BY id desc"; + $sql = "SELECT * FROM entries WHERE is_read=? " . $order; $params = array(-1); break; case 'fav' : - $sql = "SELECT * FROM entries WHERE is_fav=? ORDER BY id desc"; + $sql = "SELECT * FROM entries WHERE is_fav=? " . $order; $params = array(-1); break; default: - $sql = "SELECT * FROM entries WHERE is_read=? ORDER BY id desc"; + $sql = "SELECT * FROM entries WHERE is_read=? " . $order; $params = array(0); break; } diff --git a/index.php b/index.php index d477d69..f62cf13 100755 --- a/index.php +++ b/index.php @@ -10,22 +10,17 @@ include dirname(__FILE__).'/inc/config.php'; -$action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : ''; -$view = (isset ($_GET['view'])) ? htmlentities($_GET['view']) : 'index'; -$id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : ''; -$url = (isset ($_GET['url'])) ? $_GET['url'] : ''; -$token = (isset ($_POST['token'])) ? $_POST['token'] : ''; - -if ($action != '') { - action_to_do($action, $id, $url, $token); -} - -$entries = display_view($view); +$entries = display_view(); $tpl->assign('title', 'poche, a read it later open source system'); -$tpl->assign('view', $view); +$tpl->assign('view', $_SESSION['view']); $tpl->assign('poche_url', get_poche_url()); $tpl->assign('entries', $entries); $tpl->assign('load_all_js', 1); $tpl->assign('token', $_SESSION['token_poche']); -$tpl->draw('home'); \ No newline at end of file + +$tpl->draw('head'); +$tpl->draw('home'); +$tpl->draw('entries'); +$tpl->draw('js'); +$tpl->draw('footer'); \ No newline at end of file diff --git a/js/poche.js b/js/poche.js index 0dcc0a3..f0e39b3 100644 --- a/js/poche.js +++ b/js/poche.js @@ -1,7 +1,7 @@ function toggle_favorite(element, id, token) { $(element).toggleClass('fav-off'); $.ajax ({ - url: "process.php?action=toggle_fav", + url: "index.php?action=toggle_fav", data:{id:id, token:token} }); } @@ -9,7 +9,7 @@ function toggle_favorite(element, id, token) { function toggle_archive(element, id, token, view_article) { $(element).toggleClass('archive-off'); $.ajax ({ - url: "process.php?action=toggle_archive", + url: "index.php?action=toggle_archive", data:{id:id, token:token} }); var obj = $('#entry-'+id); @@ -20,4 +20,8 @@ function toggle_archive(element, id, token, view_article) { $('#content').masonry('reloadItems'); $('#content').masonry('reload'); } +} + +function sort_links(sort, token) { + $('#content').load('process.php', { sort: sort, token: token } ); } \ No newline at end of file diff --git a/process.php b/process.php deleted file mode 100644 index 5a056ca..0000000 --- a/process.php +++ /dev/null @@ -1,40 +0,0 @@ - - * @copyright 2013 - * @license http://www.wtfpl.net/ see COPYING file - */ - -include dirname(__FILE__).'/inc/config.php'; -$db = new db(DB_PATH); - -$action = (isset ($_GET['action'])) ? htmlentities($_GET['action']) : ''; -$id = (isset ($_GET['id'])) ? htmlentities($_GET['id']) : ''; -$token = (isset ($_GET['token'])) ? $_GET['token'] : ''; - -if (verif_token($token)) { - switch ($action) - { - case 'toggle_fav' : - $sql_action = "UPDATE entries SET is_fav=~is_fav WHERE id=?"; - $params_action = array($id); - break; - case 'toggle_archive' : - $sql_action = "UPDATE entries SET is_read=~is_read WHERE id=?"; - $params_action = array($id); - break; - default: - break; - } - - # action query - if (isset($sql_action)) - { - $query = $db->getHandle()->prepare($sql_action); - $query->execute($params_action); - } -} -else die('CSRF problem'); \ No newline at end of file diff --git a/tpl/entries.html b/tpl/entries.html new file mode 100644 index 0000000..0d3e6bc --- /dev/null +++ b/tpl/entries.html @@ -0,0 +1,16 @@ + {loop="entries"} +