diff --git a/.gitignore b/.gitignore
index 08db745..050a138 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 vendor
-composer.phar
\ No newline at end of file
+composer.phar
+db/poche.sqlite
\ No newline at end of file
diff --git a/db/poche.sqlite.in b/db/poche.sqlite.in
new file mode 100755
index 0000000..45add0d
Binary files /dev/null and b/db/poche.sqlite.in differ
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php
index 0d37e3c..12cb1b4 100644
--- a/inc/poche/Poche.class.php
+++ b/inc/poche/Poche.class.php
@@ -212,6 +212,7 @@ class Poche
 
     private function importFromInstapaper()
     {
+        # TODO gestion des articles favs
         $html = new simple_html_dom();
         $html->load_file('./instapaper-export.html');
 
@@ -229,9 +230,8 @@ class Poche
                     $this->store->archiveById($last_id);
                 }
             }
-            # Instapaper génère un fichier HTML avec deux <ol>
-            # Le premier concerne les éléments non lus
-            # Le second concerne les éléments archivés
+
+            # the second <ol> is for read links
             $read = 1;
         }
         Tools::logm('import from instapaper completed');
@@ -240,6 +240,7 @@ class Poche
 
     private function importFromPocket()
     {
+        # TODO gestion des articles favs
         $html = new simple_html_dom();
         $html->load_file('./ril_export.html');
 
@@ -257,9 +258,8 @@ class Poche
                     $this->store->archiveById($last_id);
                 }
             }
-            # Pocket génère un fichier HTML avec deux <ul>
-            # Le premier concerne les éléments non lus
-            # Le second concerne les éléments archivés
+            
+            # the second <ul> is for read links
             $read = 1;
         }
         Tools::logm('import from pocket completed');
@@ -268,17 +268,24 @@ class Poche
 
     private function importFromReadability()
     {
-        # TODO finaliser tout ça ici
-        # noms des variables + gestion des articles lus
+        # TODO gestion des articles lus / favs
         $str_data = file_get_contents("./readability");
         $data = json_decode($str_data,true);
 
         foreach ($data as $key => $value) {
             $url = '';
-            foreach ($value as $key2 => $value2) {
-                if ($key2 == 'article__url') {
-                    $url = new Url(base64_encode($value2));
+            foreach ($value as $attr => $attr_value) {
+                if ($attr == 'article__url') {
+                    $url = new Url(base64_encode($attr_value));
                 }
+                // if ($attr_value == 'favorite' && $attr_value == 'true') {
+                //     $last_id = $this->store->getLastId();
+                //     $this->store->favoriteById($last_id);
+                // }
+                // if ($attr_value == 'archive' && $attr_value == 'true') {
+                //     $last_id = $this->store->getLastId();
+                //     $this->store->archiveById($last_id);
+                // }
             }
             if ($url->isCorrect())
                 $this->action('add', $url);
diff --git a/inc/poche/Tools.class.php b/inc/poche/Tools.class.php
index 1ff4ba5..834940f 100644
--- a/inc/poche/Tools.class.php
+++ b/inc/poche/Tools.class.php
@@ -206,8 +206,8 @@ class Tools
         return sha1($string . SALT);
     }
 
-    public static function checkVar($var)
+    public static function checkVar($var, $default = '')
     {
-        return ((isset ($_REQUEST["$var"])) ? htmlentities($_REQUEST["$var"]) : '');
+        return ((isset ($_REQUEST["$var"])) ? htmlentities($_REQUEST["$var"]) : $default);
     }
 }
\ No newline at end of file
diff --git a/index.php b/index.php
index 294620d..654403c 100644
--- a/index.php
+++ b/index.php
@@ -11,16 +11,15 @@
 include dirname(__FILE__).'/inc/poche/config.inc.php';
 
 #XSRF protection with token
-// if (!empty($_POST)) {
-//     if (!Session::isToken($_POST['token'])) {
-//         die(_('Wrong token'));
-//         // TODO remettre le test
-//     }
-//     unset($_SESSION['tokens']);
-// }
+if (!empty($_POST)) {
+    if (!Session::isToken($_POST['token'])) {
+        die(_('Wrong token'));
+    }
+    unset($_SESSION['tokens']);
+}
 
 $referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
-$view = Tools::checkVar('view');
+$view = Tools::checkVar('view', 'home');
 $action = Tools::checkVar('action');
 $id = Tools::checkVar('id');
 $_SESSION['sort'] = Tools::checkVar('sort');