mirror of
https://github.com/moparisthebest/wallabag
synced 2024-11-23 17:42:15 -05:00
#4 - ajout système de connexion (login poche mot de passe poche pour l'instant)
This commit is contained in:
parent
b693a19e1c
commit
e4d2565e05
1
CREDITS
1
CREDITS
@ -5,6 +5,7 @@ poche is based on :
|
|||||||
* logo by Brightmix http://www.iconfinder.com/icondetails/43256/128/jeans_monotone_pocket_icon
|
* logo by Brightmix http://www.iconfinder.com/icondetails/43256/128/jeans_monotone_pocket_icon
|
||||||
* icons http://icomoon.io
|
* icons http://icomoon.io
|
||||||
* PHP Simple HTML DOM Parser (for Pocket import) http://simplehtmldom.sourceforge.net/
|
* PHP Simple HTML DOM Parser (for Pocket import) http://simplehtmldom.sourceforge.net/
|
||||||
|
* Session https://github.com/tontof/kriss_feed/blob/master/src/class/Session.php
|
||||||
|
|
||||||
poche is developed by Nicolas Lœuillet under the Do What the Fuck You Want to Public License
|
poche is developed by Nicolas Lœuillet under the Do What the Fuck You Want to Public License
|
||||||
|
|
||||||
|
@ -62,16 +62,15 @@ header {
|
|||||||
color: #F1F1F1;
|
color: #F1F1F1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*#content {
|
|
||||||
width: 800px;
|
|
||||||
margin: 0 auto;
|
|
||||||
}*/
|
|
||||||
|
|
||||||
|
|
||||||
footer {
|
footer {
|
||||||
text-align: right;
|
text-align: right;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*** ***/
|
||||||
|
/*** LOGIN FORM ***/
|
||||||
|
ul#login li {
|
||||||
|
list-style-type: none;
|
||||||
|
}
|
||||||
/*** ***/
|
/*** ***/
|
||||||
/*** LINKS DISPLAY ***/
|
/*** LINKS DISPLAY ***/
|
||||||
|
|
||||||
|
@ -30,7 +30,7 @@ else {
|
|||||||
$url = $a[0]->href;
|
$url = $a[0]->href;
|
||||||
|
|
||||||
|
|
||||||
action_to_do('add', $url, $token);
|
action_to_do('add', $url);
|
||||||
if ($read == '1') {
|
if ($read == '1') {
|
||||||
$last_id = $db->getHandle()->lastInsertId();
|
$last_id = $db->getHandle()->lastInsertId();
|
||||||
$sql_update = "UPDATE entries SET is_read=~is_read WHERE id=?";
|
$sql_update = "UPDATE entries SET is_read=~is_read WHERE id=?";
|
||||||
|
256
inc/MyTool.class.php
Normal file
256
inc/MyTool.class.php
Normal file
@ -0,0 +1,256 @@
|
|||||||
|
<?php
|
||||||
|
class MyTool
|
||||||
|
{
|
||||||
|
public static function initPhp()
|
||||||
|
{
|
||||||
|
define('START_TIME', microtime(true));
|
||||||
|
|
||||||
|
if (phpversion() < 5) {
|
||||||
|
die("Argh you don't have PHP 5 !");
|
||||||
|
}
|
||||||
|
|
||||||
|
error_reporting(E_ALL);
|
||||||
|
|
||||||
|
function stripslashesDeep($value) {
|
||||||
|
return is_array($value)
|
||||||
|
? array_map('stripslashesDeep', $value)
|
||||||
|
: stripslashes($value);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (get_magic_quotes_gpc()) {
|
||||||
|
$_POST = array_map('stripslashesDeep', $_POST);
|
||||||
|
$_GET = array_map('stripslashesDeep', $_GET);
|
||||||
|
$_COOKIE = array_map('stripslashesDeep', $_COOKIE);
|
||||||
|
}
|
||||||
|
|
||||||
|
ob_start();
|
||||||
|
register_shutdown_function('ob_end_flush');
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function isUrl($url)
|
||||||
|
{
|
||||||
|
// http://neo22s.com/check-if-url-exists-and-is-online-php/
|
||||||
|
$pattern='|^http(s)?://[a-z0-9-]+(.[a-z0-9-]+)*(:[0-9]+)?(/.*)?$|i';
|
||||||
|
|
||||||
|
return preg_match($pattern, $url);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function isEmail($email)
|
||||||
|
{
|
||||||
|
$pattern = "/^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2, 4}$/i";
|
||||||
|
|
||||||
|
return (preg_match($pattern, $email));
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function formatBBCode($text)
|
||||||
|
{
|
||||||
|
$replace = array(
|
||||||
|
'/\[m\](.+?)\[\/m\]/is'
|
||||||
|
=> '/* moderate */',
|
||||||
|
'/\[b\](.+?)\[\/b\]/is'
|
||||||
|
=> '<strong>$1</strong>',
|
||||||
|
'/\[i\](.+?)\[\/i\]/is'
|
||||||
|
=> '<em>$1</em>',
|
||||||
|
'/\[s\](.+?)\[\/s\]/is'
|
||||||
|
=> '<del>$1</del>',
|
||||||
|
'/\[u\](.+?)\[\/u\]/is'
|
||||||
|
=> '<span style="text-decoration: underline;">$1</span>',
|
||||||
|
'/\[url\](.+?)\[\/url]/is'
|
||||||
|
=> '<a href="$1">$1</a>',
|
||||||
|
'/\[url=(\w+:\/\/[^\]]+)\](.+?)\[\/url]/is'
|
||||||
|
=> '<a href="$1">$2</a>',
|
||||||
|
'/\[quote\](.+?)\[\/quote\]/is'
|
||||||
|
=> '<blockquote>$1</blockquote>',
|
||||||
|
'/\[code\](.+?)\[\/code\]/is'
|
||||||
|
=> '<code>$1</code>',
|
||||||
|
'/\[([^[]+)\|([^[]+)\]/is'
|
||||||
|
=> '<a href="$2">$1</a>'
|
||||||
|
);
|
||||||
|
$text = preg_replace(
|
||||||
|
array_keys($replace),
|
||||||
|
array_values($replace),
|
||||||
|
$text
|
||||||
|
);
|
||||||
|
|
||||||
|
return $text;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function formatText($text)
|
||||||
|
{
|
||||||
|
$text = preg_replace_callback(
|
||||||
|
'/<code_html>(.*?)<\/code_html>/is',
|
||||||
|
create_function(
|
||||||
|
'$matches',
|
||||||
|
'return htmlspecialchars($matches[1]);'
|
||||||
|
),
|
||||||
|
$text
|
||||||
|
);
|
||||||
|
$text = preg_replace_callback(
|
||||||
|
'/<code_php>(.*?)<\/code_php>/is',
|
||||||
|
create_function(
|
||||||
|
'$matches',
|
||||||
|
'return highlight_string("<?php $matches[1] ?>", true);'
|
||||||
|
),
|
||||||
|
$text
|
||||||
|
);
|
||||||
|
$text = preg_replace('/<br \/>/is', '', $text);
|
||||||
|
|
||||||
|
$text = preg_replace(
|
||||||
|
'#(^|\s)([a-z]+://([^\s\w/]?[\w/])*)(\s|$)#im',
|
||||||
|
'\\1<a href="\\2">\\2</a>\\4',
|
||||||
|
$text
|
||||||
|
);
|
||||||
|
$text = preg_replace(
|
||||||
|
'#(^|\s)wp:?([a-z]{2}|):([\w]+)#im',
|
||||||
|
'\\1<a href="http://\\2.wikipedia.org/wiki/\\3">\\3</a>',
|
||||||
|
$text
|
||||||
|
);
|
||||||
|
$text = str_replace(
|
||||||
|
'http://.wikipedia.org/wiki/',
|
||||||
|
'http://www.wikipedia.org/wiki/',
|
||||||
|
$text
|
||||||
|
);
|
||||||
|
$text = str_replace('\wp:', 'wp:', $text);
|
||||||
|
$text = str_replace('\http:', 'http:', $text);
|
||||||
|
$text = MyTool::formatBBCode($text);
|
||||||
|
$text = nl2br($text);
|
||||||
|
|
||||||
|
return $text;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function getUrl()
|
||||||
|
{
|
||||||
|
$https = (!empty($_SERVER['HTTPS'])
|
||||||
|
&& (strtolower($_SERVER['HTTPS']) == 'on'))
|
||||||
|
|| (isset($_SERVER["SERVER_PORT"])
|
||||||
|
&& $_SERVER["SERVER_PORT"] == '443'); // HTTPS detection.
|
||||||
|
$serverport = (!isset($_SERVER["SERVER_PORT"])
|
||||||
|
|| $_SERVER["SERVER_PORT"] == '80'
|
||||||
|
|| ($https && $_SERVER["SERVER_PORT"] == '443')
|
||||||
|
? ''
|
||||||
|
: ':' . $_SERVER["SERVER_PORT"]);
|
||||||
|
|
||||||
|
$scriptname = str_replace('/index.php', '/', $_SERVER["SCRIPT_NAME"]);
|
||||||
|
|
||||||
|
if (!isset($_SERVER["SERVER_NAME"])) {
|
||||||
|
return $scriptname;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 'http' . ($https ? 's' : '') . '://'
|
||||||
|
. $_SERVER["SERVER_NAME"] . $serverport . $scriptname;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function rrmdir($dir)
|
||||||
|
{
|
||||||
|
if (is_dir($dir) && ($d = @opendir($dir))) {
|
||||||
|
while (($file = @readdir($d)) !== false) {
|
||||||
|
if ( $file == '.' || $file == '..' ) {
|
||||||
|
continue;
|
||||||
|
} else {
|
||||||
|
unlink($dir . '/' . $file);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function humanBytes($bytes)
|
||||||
|
{
|
||||||
|
$siPrefix = array( 'bytes', 'KB', 'MB', 'GB', 'TB', 'EB', 'ZB', 'YB' );
|
||||||
|
$base = 1024;
|
||||||
|
$class = min((int) log($bytes, $base), count($siPrefix) - 1);
|
||||||
|
$val = sprintf('%1.2f', $bytes / pow($base, $class));
|
||||||
|
|
||||||
|
return $val . ' ' . $siPrefix[$class];
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function returnBytes($val)
|
||||||
|
{
|
||||||
|
$val = trim($val);
|
||||||
|
$last = strtolower($val[strlen($val)-1]);
|
||||||
|
switch($last)
|
||||||
|
{
|
||||||
|
case 'g': $val *= 1024;
|
||||||
|
case 'm': $val *= 1024;
|
||||||
|
case 'k': $val *= 1024;
|
||||||
|
}
|
||||||
|
|
||||||
|
return $val;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function getMaxFileSize()
|
||||||
|
{
|
||||||
|
$sizePostMax = MyTool::returnBytes(ini_get('post_max_size'));
|
||||||
|
$sizeUploadMax = MyTool::returnBytes(ini_get('upload_max_filesize'));
|
||||||
|
|
||||||
|
// Return the smaller of two:
|
||||||
|
return min($sizePostMax, $sizeUploadMax);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function smallHash($text)
|
||||||
|
{
|
||||||
|
$t = rtrim(base64_encode(hash('crc32', $text, true)), '=');
|
||||||
|
// Get rid of characters which need encoding in URLs.
|
||||||
|
$t = str_replace('+', '-', $t);
|
||||||
|
$t = str_replace('/', '_', $t);
|
||||||
|
$t = str_replace('=', '@', $t);
|
||||||
|
|
||||||
|
return $t;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function renderJson($data)
|
||||||
|
{
|
||||||
|
header('Cache-Control: no-cache, must-revalidate');
|
||||||
|
header('Expires: Sat, 26 Jul 1997 05:00:00 GMT');
|
||||||
|
header('Content-type: application/json; charset=UTF-8');
|
||||||
|
|
||||||
|
echo json_encode($data);
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function grabToLocal($url, $file, $force = false)
|
||||||
|
{
|
||||||
|
if ((!file_exists($file) || $force) && in_array('curl', get_loaded_extensions())){
|
||||||
|
$ch = curl_init ($url);
|
||||||
|
curl_setopt($ch, CURLOPT_HEADER, false);
|
||||||
|
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||||
|
curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
|
||||||
|
$raw = curl_exec($ch);
|
||||||
|
if (curl_getinfo($ch, CURLINFO_HTTP_CODE) == 200) {
|
||||||
|
$fp = fopen($file, 'x');
|
||||||
|
fwrite($fp, $raw);
|
||||||
|
fclose($fp);
|
||||||
|
}
|
||||||
|
curl_close ($ch);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function redirect($rurl = '')
|
||||||
|
{
|
||||||
|
if ($rurl === '') {
|
||||||
|
// if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['SERVER_NAME'])==0)
|
||||||
|
$rurl = (empty($_SERVER['HTTP_REFERER'])?'?':$_SERVER['HTTP_REFERER']);
|
||||||
|
if (isset($_POST['returnurl'])) {
|
||||||
|
$rurl = $_POST['returnurl'];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// prevent loop
|
||||||
|
if (empty($rurl) || parse_url($rurl, PHP_URL_QUERY) === $_SERVER['QUERY_STRING']) {
|
||||||
|
$rurl = MyTool::getUrl();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (substr($rurl, 0, 1) !== '?') {
|
||||||
|
$ref = MyTool::getUrl();
|
||||||
|
if (substr($rurl, 0, strlen($ref)) !== $ref) {
|
||||||
|
$rurl = $ref;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
header('Location: '.$rurl);
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function silence_errors($num, $str)
|
||||||
|
{
|
||||||
|
// No-op
|
||||||
|
}
|
||||||
|
}
|
136
inc/Session.class.php
Normal file
136
inc/Session.class.php
Normal file
@ -0,0 +1,136 @@
|
|||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* Session management class
|
||||||
|
* http://www.developpez.net/forums/d51943/php/langage/sessions/
|
||||||
|
* http://sebsauvage.net/wiki/doku.php?id=php:session
|
||||||
|
* http://sebsauvage.net/wiki/doku.php?id=php:shaarli
|
||||||
|
*
|
||||||
|
* Features:
|
||||||
|
* - Everything is stored on server-side (we do not trust client-side data,
|
||||||
|
* such as cookie expiration)
|
||||||
|
* - IP addresses + user agent are checked on each access to prevent session
|
||||||
|
* cookie hijacking (such as Firesheep)
|
||||||
|
* - Session expires on user inactivity (Session expiration date is
|
||||||
|
* automatically updated everytime the user accesses a page.)
|
||||||
|
* - A unique secret key is generated on server-side for this session
|
||||||
|
* (and never sent over the wire) which can be used
|
||||||
|
* to sign forms (HMAC) (See $_SESSION['uid'] )
|
||||||
|
* - Token management to prevent XSRF attacks.
|
||||||
|
*
|
||||||
|
* TODO:
|
||||||
|
* - log login fail
|
||||||
|
* - prevent brute force (ban IP)
|
||||||
|
*
|
||||||
|
* HOWTOUSE:
|
||||||
|
* - Just call Session::init(); to initialize session and
|
||||||
|
* check if connected with Session::isLogged()
|
||||||
|
*/
|
||||||
|
|
||||||
|
class Session
|
||||||
|
{
|
||||||
|
// If the user does not access any page within this time,
|
||||||
|
// his/her session is considered expired (in seconds).
|
||||||
|
public static $inactivity_timeout = 3600;
|
||||||
|
private static $_instance;
|
||||||
|
|
||||||
|
// constructor
|
||||||
|
private function __construct()
|
||||||
|
{
|
||||||
|
// Use cookies to store session.
|
||||||
|
ini_set('session.use_cookies', 1);
|
||||||
|
// Force cookies for session (phpsessionID forbidden in URL)
|
||||||
|
ini_set('session.use_only_cookies', 1);
|
||||||
|
if (!session_id()){
|
||||||
|
// Prevent php to use sessionID in URL if cookies are disabled.
|
||||||
|
ini_set('session.use_trans_sid', false);
|
||||||
|
session_start('poche');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// initialize session
|
||||||
|
public static function init()
|
||||||
|
{
|
||||||
|
if (!isset(self::$_instance)) {
|
||||||
|
self::$_instance = new Session();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Returns the IP address, user agent and language of the client
|
||||||
|
// (Used to prevent session cookie hijacking.)
|
||||||
|
private static function _allInfos()
|
||||||
|
{
|
||||||
|
$infos = $_SERVER["REMOTE_ADDR"];
|
||||||
|
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
||||||
|
$infos.=$_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||||
|
}
|
||||||
|
if (isset($_SERVER['HTTP_CLIENT_IP'])) {
|
||||||
|
$infos.='_'.$_SERVER['HTTP_CLIENT_IP'];
|
||||||
|
}
|
||||||
|
$infos.='_'.$_SERVER['HTTP_USER_AGENT'];
|
||||||
|
$infos.='_'.$_SERVER['HTTP_ACCEPT_LANGUAGE'];
|
||||||
|
return sha1($infos);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check that user/password is correct and init some SESSION variables.
|
||||||
|
public static function login($login,$password,$login_test,$password_test,
|
||||||
|
$pValues = array())
|
||||||
|
{
|
||||||
|
foreach ($pValues as $key => $value) {
|
||||||
|
$_SESSION[$key] = $value;
|
||||||
|
}
|
||||||
|
if ($login==$login_test && $password==$password_test){
|
||||||
|
// generate unique random number to sign forms (HMAC)
|
||||||
|
$_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand());
|
||||||
|
$_SESSION['info']=Session::_allInfos();
|
||||||
|
$_SESSION['username']=$login;
|
||||||
|
// Set session expiration.
|
||||||
|
$_SESSION['expires_on']=time()+Session::$inactivity_timeout;
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Force logout
|
||||||
|
public static function logout()
|
||||||
|
{
|
||||||
|
unset($_SESSION['uid'],$_SESSION['info'],$_SESSION['expires_on']);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Make sure user is logged in.
|
||||||
|
public static function isLogged()
|
||||||
|
{
|
||||||
|
if (!isset ($_SESSION['uid'])
|
||||||
|
|| $_SESSION['info']!=Session::_allInfos()
|
||||||
|
|| time()>=$_SESSION['expires_on']){
|
||||||
|
Session::logout();
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
// User accessed a page : Update his/her session expiration date.
|
||||||
|
$_SESSION['expires_on']=time()+Session::$inactivity_timeout;
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Returns a token.
|
||||||
|
public static function getToken()
|
||||||
|
{
|
||||||
|
if (!isset($_SESSION['tokens'])){
|
||||||
|
$_SESSION['tokens']=array();
|
||||||
|
}
|
||||||
|
// We generate a random string and store it on the server side.
|
||||||
|
$rnd = sha1(uniqid('',true).'_'.mt_rand());
|
||||||
|
$_SESSION['tokens'][$rnd]=1;
|
||||||
|
return $rnd;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Tells if a token is ok. Using this function will destroy the token.
|
||||||
|
// return true if token is ok.
|
||||||
|
public static function isToken($token)
|
||||||
|
{
|
||||||
|
if (isset($_SESSION['tokens'][$token]))
|
||||||
|
{
|
||||||
|
unset($_SESSION['tokens'][$token]); // Token is used: destroy it.
|
||||||
|
return true; // Token is ok.
|
||||||
|
}
|
||||||
|
return false; // Wrong token, or already used.
|
||||||
|
}
|
||||||
|
}
|
@ -22,10 +22,12 @@ include 'functions.php';
|
|||||||
require_once 'Readability.php';
|
require_once 'Readability.php';
|
||||||
require_once 'Encoding.php';
|
require_once 'Encoding.php';
|
||||||
require_once 'rain.tpl.class.php';
|
require_once 'rain.tpl.class.php';
|
||||||
|
require_once 'MyTool.class.php';
|
||||||
|
require_once 'Session.class.php';
|
||||||
|
|
||||||
$db = new db(DB_PATH);
|
$db = new db(DB_PATH);
|
||||||
|
|
||||||
# Initialisation de RainTPL
|
# initialisation de RainTPL
|
||||||
raintpl::$tpl_dir = './tpl/';
|
raintpl::$tpl_dir = './tpl/';
|
||||||
raintpl::$cache_dir = './cache/';
|
raintpl::$cache_dir = './cache/';
|
||||||
raintpl::$base_url = get_poche_url();
|
raintpl::$base_url = get_poche_url();
|
||||||
@ -33,13 +35,43 @@ raintpl::configure('path_replace', false);
|
|||||||
raintpl::configure('debug', false);
|
raintpl::configure('debug', false);
|
||||||
$tpl = new raintpl();
|
$tpl = new raintpl();
|
||||||
|
|
||||||
# Démarrage session et initialisation du jeton de sécurité
|
# initialize session
|
||||||
session_start();
|
Session::init();
|
||||||
|
# XSRF protection with token
|
||||||
|
if (!empty($_POST)) {
|
||||||
|
if (!Session::isToken($_POST['token'])) {
|
||||||
|
die('Wrong token.');
|
||||||
|
}
|
||||||
|
unset($_SESSION['tokens']);
|
||||||
|
}
|
||||||
|
|
||||||
if (!isset($_SESSION['token_poche'])) {
|
$ref = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
|
||||||
$token = md5(uniqid(rand(), TRUE));
|
|
||||||
$_SESSION['token_poche'] = $token;
|
if (isset($_GET['login'])) {
|
||||||
$_SESSION['token_time_poche'] = time();
|
// Login
|
||||||
|
if (!empty($_POST['login']) && !empty($_POST['password'])) {
|
||||||
|
if (Session::login('poche', 'poche', $_POST['login'], $_POST['password'])) {
|
||||||
|
if (!empty($_POST['longlastingsession'])) {
|
||||||
|
$_SESSION['longlastingsession'] = 31536000;
|
||||||
|
$_SESSION['expires_on'] = time() + $_SESSION['longlastingsession'];
|
||||||
|
session_set_cookie_params($_SESSION['longlastingsession']);
|
||||||
|
} else {
|
||||||
|
session_set_cookie_params(0); // when browser closes
|
||||||
|
}
|
||||||
|
session_regenerate_id(true);
|
||||||
|
|
||||||
|
MyTool::redirect();
|
||||||
|
}
|
||||||
|
logm('login failed');
|
||||||
|
die("Login failed !");
|
||||||
|
} else {
|
||||||
|
logm('login successful');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif (isset($_GET['logout'])) {
|
||||||
|
logm('logout');
|
||||||
|
Session::logout();
|
||||||
|
MyTool::redirect();
|
||||||
}
|
}
|
||||||
|
|
||||||
# Traitement des paramètres et déclenchement des actions
|
# Traitement des paramètres et déclenchement des actions
|
||||||
@ -48,8 +80,12 @@ $action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['ac
|
|||||||
$_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id';
|
$_SESSION['sort'] = (isset ($_REQUEST['sort'])) ? htmlentities($_REQUEST['sort']) : 'id';
|
||||||
$id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : '';
|
$id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : '';
|
||||||
$url = (isset ($_GET['url'])) ? $_GET['url'] : '';
|
$url = (isset ($_GET['url'])) ? $_GET['url'] : '';
|
||||||
$token = (isset ($_REQUEST['token'])) ? $_REQUEST['token'] : '';
|
|
||||||
|
$tpl->assign('isLogged', Session::isLogged());
|
||||||
|
$tpl->assign('referer', $ref);
|
||||||
|
$tpl->assign('view', $view);
|
||||||
|
$tpl->assign('poche_url', get_poche_url());
|
||||||
|
|
||||||
if ($action != '') {
|
if ($action != '') {
|
||||||
action_to_do($action, $url, $token, $id);
|
action_to_do($action, $url, $id);
|
||||||
}
|
}
|
||||||
|
@ -91,7 +91,7 @@ function get_external_file($url)
|
|||||||
function prepare_url($url)
|
function prepare_url($url)
|
||||||
{
|
{
|
||||||
$parametres = array();
|
$parametres = array();
|
||||||
$url = html_entity_decode(trim($url));
|
$url = html_entity_decode(trim($url));
|
||||||
|
|
||||||
// We remove the annoying parameters added by FeedBurner and GoogleFeedProxy (?utm_source=...)
|
// We remove the annoying parameters added by FeedBurner and GoogleFeedProxy (?utm_source=...)
|
||||||
// from shaarli, by sebsauvage
|
// from shaarli, by sebsauvage
|
||||||
@ -99,7 +99,7 @@ function prepare_url($url)
|
|||||||
$i=strpos($url,'?utm_source='); if ($i!==false) $url=substr($url,0,$i);
|
$i=strpos($url,'?utm_source='); if ($i!==false) $url=substr($url,0,$i);
|
||||||
$i=strpos($url,'#xtor=RSS-'); if ($i!==false) $url=substr($url,0,$i);
|
$i=strpos($url,'#xtor=RSS-'); if ($i!==false) $url=substr($url,0,$i);
|
||||||
|
|
||||||
$title = $url;
|
$title = $url;
|
||||||
if (!preg_match('!^https?://!i', $url))
|
if (!preg_match('!^https?://!i', $url))
|
||||||
$url = 'http://' . $url;
|
$url = 'http://' . $url;
|
||||||
|
|
||||||
@ -230,7 +230,7 @@ function remove_directory($directory)
|
|||||||
* Appel d'une action (mark as fav, archive, delete)
|
* Appel d'une action (mark as fav, archive, delete)
|
||||||
*/
|
*/
|
||||||
|
|
||||||
function action_to_do($action, $url, $token, $id = 0)
|
function action_to_do($action, $url, $id = 0)
|
||||||
{
|
{
|
||||||
global $db;
|
global $db;
|
||||||
|
|
||||||
@ -248,29 +248,20 @@ function action_to_do($action, $url, $token, $id = 0)
|
|||||||
logm('add link ' . $url);
|
logm('add link ' . $url);
|
||||||
break;
|
break;
|
||||||
case 'delete':
|
case 'delete':
|
||||||
if (verif_token($token)) {
|
remove_directory(ABS_PATH . $id);
|
||||||
remove_directory(ABS_PATH . $id);
|
$sql_action = "DELETE FROM entries WHERE id=?";
|
||||||
$sql_action = "DELETE FROM entries WHERE id=?";
|
$params_action = array($id);
|
||||||
$params_action = array($id);
|
logm('delete link #' . $id);
|
||||||
logm('delete link #' . $id);
|
|
||||||
}
|
|
||||||
else logm('csrf problem while deleting entry');
|
|
||||||
break;
|
break;
|
||||||
case 'toggle_fav' :
|
case 'toggle_fav' :
|
||||||
if (verif_token($token)) {
|
$sql_action = "UPDATE entries SET is_fav=~is_fav WHERE id=?";
|
||||||
$sql_action = "UPDATE entries SET is_fav=~is_fav WHERE id=?";
|
$params_action = array($id);
|
||||||
$params_action = array($id);
|
logm('mark as favorite link #' . $id);
|
||||||
logm('mark as favorite link #' . $id);
|
|
||||||
}
|
|
||||||
else logm('csrf problem while fav entry');
|
|
||||||
break;
|
break;
|
||||||
case 'toggle_archive' :
|
case 'toggle_archive' :
|
||||||
if (verif_token($token)) {
|
$sql_action = "UPDATE entries SET is_read=~is_read WHERE id=?";
|
||||||
$sql_action = "UPDATE entries SET is_read=~is_read WHERE id=?";
|
$params_action = array($id);
|
||||||
$params_action = array($id);
|
logm('archive link #' . $id);
|
||||||
logm('archive link #' . $id);
|
|
||||||
}
|
|
||||||
else logm('csrf problem while archive entry');
|
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
@ -305,7 +296,7 @@ function action_to_do($action, $url, $token, $id = 0)
|
|||||||
/**
|
/**
|
||||||
* Détermine quels liens afficher : home, fav ou archives
|
* Détermine quels liens afficher : home, fav ou archives
|
||||||
*/
|
*/
|
||||||
function display_view($view)
|
function get_entries($view)
|
||||||
{
|
{
|
||||||
global $db;
|
global $db;
|
||||||
|
|
||||||
@ -385,36 +376,6 @@ function get_article($id)
|
|||||||
return $entry;
|
return $entry;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Vérifie si le jeton passé en $_POST correspond à celui en session
|
|
||||||
*/
|
|
||||||
function verif_token($token)
|
|
||||||
{
|
|
||||||
if(isset($_SESSION['token_poche']) && isset($_SESSION['token_time_poche']) && isset($token))
|
|
||||||
{
|
|
||||||
if($_SESSION['token_poche'] == $token)
|
|
||||||
{
|
|
||||||
$old_timestamp = time() - (15*60);
|
|
||||||
if($_SESSION['token_time_poche'] >= $old_timestamp)
|
|
||||||
{
|
|
||||||
return TRUE;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
session_destroy();
|
|
||||||
logm('session expired');
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
logm('token error : the token is different');
|
|
||||||
return FALSE;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
logm('token error : the token is not here');
|
|
||||||
return FALSE;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
function logm($message)
|
function logm($message)
|
||||||
{
|
{
|
||||||
$t = strval(date('Y/m/d_H:i:s')).' - '.$_SERVER["REMOTE_ADDR"].' - '.strval($message)."\n";
|
$t = strval(date('Y/m/d_H:i:s')).' - '.$_SERVER["REMOTE_ADDR"].' - '.strval($message)."\n";
|
||||||
|
@ -90,7 +90,7 @@ class RainTPL{
|
|||||||
*
|
*
|
||||||
* @var bool
|
* @var bool
|
||||||
*/
|
*/
|
||||||
static $php_enabled = false;
|
static $php_enabled = true;
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
16
index.php
16
index.php
@ -10,17 +10,19 @@
|
|||||||
|
|
||||||
include dirname(__FILE__).'/inc/config.php';
|
include dirname(__FILE__).'/inc/config.php';
|
||||||
|
|
||||||
$entries = display_view($view);
|
$entries = get_entries($view);
|
||||||
|
|
||||||
$tpl->assign('title', 'poche, a read it later open source system');
|
$tpl->assign('title', 'poche, a read it later open source system');
|
||||||
$tpl->assign('view', $view);
|
|
||||||
$tpl->assign('poche_url', get_poche_url());
|
|
||||||
$tpl->assign('entries', $entries);
|
$tpl->assign('entries', $entries);
|
||||||
$tpl->assign('load_all_js', 1);
|
$tpl->assign('load_all_js', 1);
|
||||||
$tpl->assign('token', $_SESSION['token_poche']);
|
|
||||||
|
|
||||||
$tpl->draw('head');
|
$tpl->draw('head');
|
||||||
$tpl->draw('home');
|
if (Session::isLogged()) {
|
||||||
$tpl->draw('entries');
|
$tpl->draw('home');
|
||||||
$tpl->draw('js');
|
$tpl->draw('entries');
|
||||||
|
$tpl->draw('js');
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$tpl->draw('login');
|
||||||
|
}
|
||||||
$tpl->draw('footer');
|
$tpl->draw('footer');
|
@ -6,9 +6,9 @@
|
|||||||
</h2>
|
</h2>
|
||||||
<div class="tools">
|
<div class="tools">
|
||||||
<ul>
|
<ul>
|
||||||
<li><a title="toggle mark as read" class="tool archive {if="$value.is_read == '0'"}archive-off{/if}" onclick="toggle_archive(this, {$value.id}, '{$token}')"><span></span></a></li>
|
<li><a title="toggle mark as read" class="tool archive {if="$value.is_read == '0'"}archive-off{/if}" onclick="toggle_archive(this, {$value.id}, '<?php echo Session::getToken(); ?>')"><span></span></a></li>
|
||||||
<li><a title="toggle favorite" class="tool fav {if="$value.is_fav == '0'"}fav-off{/if}" onclick="toggle_favorite(this, {$value.id}, '{$token}')"><span></span></a></li>
|
<li><a title="toggle favorite" class="tool fav {if="$value.is_fav == '0'"}fav-off{/if}" onclick="toggle_favorite(this, {$value.id}, '<?php echo Session::getToken(); ?>')"><span></span></a></li>
|
||||||
<li><form method="post" onsubmit="return confirm('Are you sure?')" style="display: inline;"><input type="hidden" name="token" id="token" value="{$token}" /><input type="hidden" id="action" name="action" value="delete" /><input type="hidden" id="id" name="id" value="{$value.id}" /><input type="submit" class="delete" title="toggle delete" /></form></li>
|
<li><form method="post" onsubmit="return confirm('Are you sure?')" style="display: inline;"><input type="hidden" name="token" id="token" value="<?php echo Session::getToken(); ?>" /><input type="hidden" id="action" name="action" value="delete" /><input type="hidden" id="id" name="id" value="{$value.id}" /><input type="submit" class="delete" title="toggle delete" /></form></li>
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
</span>
|
</span>
|
||||||
|
@ -16,3 +16,8 @@
|
|||||||
<link rel="stylesheet" href="./css/knacss.css" media="all">
|
<link rel="stylesheet" href="./css/knacss.css" media="all">
|
||||||
<link rel="stylesheet" href="./css/style.css" media="all">
|
<link rel="stylesheet" href="./css/style.css" media="all">
|
||||||
</head>
|
</head>
|
||||||
|
<body>
|
||||||
|
<header>
|
||||||
|
<h1><img src="./img/logo.png" alt="logo poche" />poche</h1>
|
||||||
|
</header>
|
||||||
|
<div id="main">
|
@ -1,16 +1,12 @@
|
|||||||
<body>
|
|
||||||
<header>
|
|
||||||
<h1><img src="./img/logo.png" alt="logo poche" />poche</h1>
|
|
||||||
</header>
|
|
||||||
<div id="main">
|
|
||||||
<ul id="links">
|
<ul id="links">
|
||||||
<li><a href="index.php" {if="$view == 'index'"}class="current"{/if}>home</a></li>
|
<li><a href="index.php" {if="$view == 'index'"}class="current"{/if}>home</a></li>
|
||||||
<li><a href="?view=fav" {if="$view == 'fav'"}class="current"{/if}>favorites</a></li>
|
<li><a href="?view=fav" {if="$view == 'fav'"}class="current"{/if}>favorites</a></li>
|
||||||
<li><a href="?view=archive" {if="$view == 'archive'"}class="current"{/if}>archive</a></li>
|
<li><a href="?view=archive" {if="$view == 'archive'"}class="current"{/if}>archive</a></li>
|
||||||
<li><a style="cursor: move" title="i am a bookmarklet, use me !" href="javascript:(function(){var%20url%20=%20location.href%20||%20url;window.open('{$poche_url}?action=add&url='%20+%20encodeURIComponent(url),'_self');})();">poche it !</a></li>
|
<li><a style="cursor: move" title="i am a bookmarklet, use me !" href="javascript:(function(){var%20url%20=%20location.href%20||%20url;window.open('{$poche_url}?action=add&url='%20+%20encodeURIComponent(url),'_self');})();">poche it !</a></li>
|
||||||
|
<li><a href="?logout" title="Logout">logout</a></li>
|
||||||
</ul>
|
</ul>
|
||||||
<ul id="sort">
|
<ul id="sort">
|
||||||
<li><img src="img/up.png" onclick="sort_links('{$view}', 'ia', '{$token}');" title="by date asc" /> by date <img src="img/down.png" onclick="sort_links('{$view}', 'id', '{$token}');" title="by date desc" /></li>
|
<li><img src="img/up.png" onclick="sort_links('{$view}', 'ia', '{'<?php echo Session::getToken(); ?>'}');" title="by date asc" /> by date <img src="img/down.png" onclick="sort_links('{$view}', 'id', '<?php echo Session::getToken(); ?>');" title="by date desc" /></li>
|
||||||
<li><img src="img/up.png" onclick="sort_links('{$view}', 'ta', '{$token}');" title="by title asc" /> by title <img src="img/down.png" onclick="sort_links('{$view}', 'td', '{$token}');" title="by title desc" /></li>
|
<li><img src="img/up.png" onclick="sort_links('{$view}', 'ta', '<?php echo Session::getToken(); ?>');" title="by title asc" /> by title <img src="img/down.png" onclick="sort_links('{$view}', 'td', '<?php echo Session::getToken(); ?>');" title="by title desc" /></li>
|
||||||
</ul>
|
</ul>
|
||||||
<div id="content">
|
<div id="content">
|
13
tpl/login.html
Normal file
13
tpl/login.html
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
<form method="post" action="?login" name="loginform">
|
||||||
|
<fieldset>
|
||||||
|
<h2>login to your poche</h2>
|
||||||
|
<ul id="login">
|
||||||
|
<li><label for="login">Login</label> <input type="text" id="login" name="login" placeholder="Login" tabindex="1"></li>
|
||||||
|
<li><label for="password">Password</label> <input type="password" id="password" name="password" placeholder="Password" tabindex="2"></li>
|
||||||
|
<li><label><input type="checkbox" name="longlastingsession" tabindex="3"> Stay signed in (Do not check on public computers)</label></li>
|
||||||
|
<li><button type="submit" tabindex="4">Sign in</button></li>
|
||||||
|
</ul>
|
||||||
|
</fieldset>
|
||||||
|
<input type="hidden" name="returnurl" value="<?php echo htmlspecialchars($referer);?>">
|
||||||
|
<input type="hidden" name="token" value="<?php echo Session::getToken(); ?>">
|
||||||
|
</form>
|
@ -1,4 +1,21 @@
|
|||||||
{include="head"}
|
<!DOCTYPE html>
|
||||||
|
<!--[if lte IE 6]> <html class="no-js ie6 ie67 ie678" lang="en"> <![endif]-->
|
||||||
|
<!--[if lte IE 7]> <html class="no-js ie7 ie67 ie678" lang="en"> <![endif]-->
|
||||||
|
<!--[if IE 8]> <html class="no-js ie8 ie678" lang="en"> <![endif]-->
|
||||||
|
<!--[if gt IE 8]><!--> <html class="no-js" lang="en"> <!--<![endif]-->
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<meta name="viewport" content="width=device-width, minimum-scale=1.0, maximum-scale=1.0">
|
||||||
|
<meta charset="utf-8">
|
||||||
|
<meta http-equiv="X-UA-Compatible" content="IE=10">
|
||||||
|
<title>{$title}</title>
|
||||||
|
<link rel="shortcut icon" type="image/x-icon" href="./img/favicon.ico" />
|
||||||
|
<link rel="apple-touch-icon-precomposed" sizes="144x144" href="./img/apple-touch-icon-144x144-precomposed.png">
|
||||||
|
<link rel="apple-touch-icon-precomposed" sizes="72x72" href="./img/apple-touch-icon-72x72-precomposed.png">
|
||||||
|
<link rel="apple-touch-icon-precomposed" href="./img/apple-touch-icon-precomposed.png">
|
||||||
|
<link rel="stylesheet" href="./css/knacss.css" media="all">
|
||||||
|
<link rel="stylesheet" href="./css/style.css" media="all">
|
||||||
|
</head>
|
||||||
<body class="article">
|
<body class="article">
|
||||||
<div id="article" class="w600p">
|
<div id="article" class="w600p">
|
||||||
<div class="backhome">
|
<div class="backhome">
|
||||||
@ -6,9 +23,9 @@
|
|||||||
</div>
|
</div>
|
||||||
<div class="tools">
|
<div class="tools">
|
||||||
<ul>
|
<ul>
|
||||||
<li><a title="toggle mark as read" class="tool archive {if="$is_read == '0'"}archive-off{/if}" onclick="toggle_archive(this, {$id}, '{$token}')"><span></span></a></li>
|
<li><a title="toggle mark as read" class="tool archive {if="$is_read == '0'"}archive-off{/if}" onclick="toggle_archive(this, {$id}, '<?php echo Session::getToken(); ?>')"><span></span></a></li>
|
||||||
<li><a title="toggle favorite" class="tool fav {if="$is_fav == '0'"}fav-off{/if}" onclick="toggle_favorite(this, {$id}, '{$token}')"><span></span></a></li>
|
<li><a title="toggle favorite" class="tool fav {if="$is_fav == '0'"}fav-off{/if}" onclick="toggle_favorite(this, {$id}, '<?php echo Session::getToken(); ?>')"><span></span></a></li>
|
||||||
<li><form method="post" onsubmit="return confirm('Are you sure?')" style="display: inline;" action="index.php"><input type="hidden" name="token" id="token" value="{$token}" /><input type="hidden" id="action" name="action" value="delete" /><input type="hidden" id="id" name="id" value="{$id}" /><input type="submit" class="delete" title="toggle delete" /></form></li>
|
<li><form method="post" onsubmit="return confirm('Are you sure?')" style="display: inline;" action="index.php"><input type="hidden" name="token" id="token" value="<?php echo Session::getToken(); ?>" /><input type="hidden" id="action" name="action" value="delete" /><input type="hidden" id="id" name="id" value="{$id}" /><input type="submit" class="delete" title="toggle delete" /></form></li>
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
<header class="mbm">
|
<header class="mbm">
|
||||||
@ -25,7 +42,12 @@
|
|||||||
<a href="index.php" title="back to home">←</a>
|
<a href="index.php" title="back to home">←</a>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
{include="footer"}
|
|
||||||
{include="js"}
|
{include="js"}
|
||||||
|
|
||||||
|
<footer class="mr2 mt3 smaller">
|
||||||
|
<p>powered by <a href="http://inthepoche.com">poche</a><br />follow us on <a href="https://twitter.com/getpoche" title="follow us on twitter">twitter</a></p>
|
||||||
|
</footer>
|
||||||
|
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
1
view.php
1
view.php
@ -24,7 +24,6 @@ if(!empty($id)) {
|
|||||||
$tpl->assign('is_fav', $entry[0]['is_fav']);
|
$tpl->assign('is_fav', $entry[0]['is_fav']);
|
||||||
$tpl->assign('is_read', $entry[0]['is_read']);
|
$tpl->assign('is_read', $entry[0]['is_read']);
|
||||||
$tpl->assign('load_all_js', 0);
|
$tpl->assign('load_all_js', 0);
|
||||||
$tpl->assign('token', $_SESSION['token_poche']);
|
|
||||||
$tpl->draw('view');
|
$tpl->draw('view');
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
Loading…
Reference in New Issue
Block a user