fix owner_uid checking in OPML export (path2)

[tt-rss.git] / backend.php

<?
	session_start();

	if ($_GET["debug"]) {
		define('DEFAULT_ERROR_LEVEL', E_ALL);
	} else {
		define('DEFAULT_ERROR_LEVEL', E_ERROR | E_WARNING | E_PARSE);
	}

	error_reporting(DEFAULT_ERROR_LEVEL);

	$op = $_REQUEST["op"];

	if ((!$op || $op == "rpc" || $op == "globalUpdateFeeds") && !$_REQUEST["noxml"]) {
		header("Content-Type: application/xml");
	}

	if (!$_SESSION["uid"] && $op != "globalUpdateFeeds") {

		if ($op == "rpc") {
			print "<error error-code=\"6\"/>";
		}
		exit;
	}

	if (!$op) {
		print "<error error-code=\"7\"/>";
		exit;
	}

	define('SCHEMA_VERSION', 2);

	require_once "sanity_check.php";
	require_once "config.php";
	require_once "db.php";
	require_once "db-prefs.php";
	require_once "functions.php";
	require_once "magpierss/rss_fetch.inc";

	$script_started = getmicrotime();

	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);	

	if (!$link) {
		if (DB_TYPE == "mysql") {
			print mysql_error();
		}
		// PG seems to display its own errors just fine by default.		
		return;
	}

	if (DB_TYPE == "pgsql") {
		pg_query("set client_encoding = 'utf-8'");
	}

	$fetch = $_GET["fetch"];

	/* FIXME this needs reworking */

	function getGlobalCounters($link) {
		$result = db_query($link, "SELECT count(id) as c_id FROM ttrss_entries,ttrss_user_entries
			WHERE unread = true AND 
			ttrss_user_entries.ref_id = ttrss_entries.id AND 
			owner_uid = " . $_SESSION["uid"]);
		$c_id = db_fetch_result($result, 0, "c_id");
		print "<counter id='global-unread' counter='$c_id'/>";
	}

	function getTagCounters($link) {
	
		$result = db_query($link, "SELECT tag_name,count(ttrss_entries.id) AS count
			FROM ttrss_tags,ttrss_entries,ttrss_user_entries WHERE
			ttrss_user_entries.ref_id = ttrss_entries.id AND 
			ttrss_tags.owner_uid = ".$_SESSION["uid"]." AND
			post_int_id = ttrss_user_entries.int_id AND unread = true GROUP BY tag_name 
		UNION
			select tag_name,0 as count FROM ttrss_tags
			WHERE ttrss_tags.owner_uid = ".$_SESSION["uid"]);

		$tags = array();

		while ($line = db_fetch_assoc($result)) {
			$tags[$line["tag_name"]] += $line["count"];
		}

		foreach (array_keys($tags) as $tag) {
			$unread = $tags[$tag];			

			$tag = htmlspecialchars($tag);
			print "<tag id=\"$tag\" counter=\"$unread\"/>";
		} 
	}

	function getLabelCounters($link) {

		$result = db_query($link, "SELECT count(id) as count FROM ttrss_entries,ttrss_user_entries
			WHERE marked = true AND ttrss_user_entries.ref_id = ttrss_entries.id AND 
			unread = true AND owner_uid = ".$_SESSION["uid"]);

		$count = db_fetch_result($result, 0, "count");

		print "<label id=\"-1\" counter=\"$count\"/>";

		$result = db_query($link, "SELECT owner_uid,id,sql_exp,description FROM
			ttrss_labels WHERE owner_uid = ".$_SESSION["uid"]." ORDER by description");
	
		while ($line = db_fetch_assoc($result)) {

			$id = -$line["id"] - 11;

			error_reporting (0);

			$tmp_result = db_query($link, "SELECT count(id) as count FROM ttrss_user_entries,ttrss_entries
				WHERE (" . $line["sql_exp"] . ") AND unread = true AND 
				ttrss_user_entries.ref_id = ttrss_entries.id AND 
				owner_uid = ".$_SESSION["uid"]);

			$count = db_fetch_result($tmp_result, 0, "count");

			print "<label id=\"$id\" counter=\"$count\"/>";

			error_reporting (DEFAULT_ERROR_LEVEL);
	
		}
	}

	function getFeedCounter($link, $id) {
	
		$result = db_query($link, "SELECT 
				count(id) as count FROM ttrss_entries,ttrss_user_entries
			WHERE feed_id = '$id' AND unread = true
			AND ttrss_user_entries.ref_id = ttrss_entries.id");
	
			$count = db_fetch_result($result, 0, "count");
			
			print "<feed id=\"$id\" counter=\"$count\"/>";		
	}

	function getFeedCounters($link) {
	
		$result = db_query($link, "SELECT id,
			(SELECT count(id) 
				FROM ttrss_entries,ttrss_user_entries 
				WHERE feed_id = ttrss_feeds.id AND ttrss_user_entries.ref_id = ttrss_entries.id
				AND unread = true AND owner_uid = ".$_SESSION["uid"].") as count
			FROM ttrss_feeds WHERE owner_uid = ".$_SESSION["uid"]);
	
		while ($line = db_fetch_assoc($result)) {
		
			$id = $line["id"];
			$count = $line["count"];

			print "<feed id=\"$id\" counter=\"$count\"/>";
		}
	}

	function outputFeedList($link, $tags = false) {

		print "<html><head>
			<title>Tiny Tiny RSS : Feedlist</title>
			<link rel=\"stylesheet\" href=\"tt-rss.css\" type=\"text/css\">";

		if (get_pref($link, 'USE_COMPACT_STYLESHEET')) {
			print "<link rel=\"stylesheet\" type=\"text/css\" 
				href=\"tt-rss_compact.css\"/>";
		} else {
			print "<link title=\"Compact Stylesheet\" rel=\"alternate stylesheet\" 
					type=\"text/css\" href=\"tt-rss_compact.css\"/>";
		}

		print "<script type=\"text/javascript\" src=\"functions.js\"></script>
			<script type=\"text/javascript\" src=\"feedlist.js\"></script>
			<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">
			</head><body onload=\"init()\">";

		print "<ul class=\"feedList\" id=\"feedList\">";

		$owner_uid = $_SESSION["uid"];

		if (!$tags) {

			/* virtual feeds */

			if (get_pref($link, 'ENABLE_FEED_CATS')) {
				print "<li class=\"feedCat\">Special</li>";
				print "<li id=\"feedCatHolder\"><ul class=\"feedCatList\">";
			}

			$result = db_query($link, "SELECT count(id) as num_starred 
				FROM ttrss_entries,ttrss_user_entries 
				WHERE marked = true AND 
				ttrss_user_entries.ref_id = ttrss_entries.id AND
				unread = true AND owner_uid = '$owner_uid'");
			$num_starred = db_fetch_result($result, 0, "num_starred");

			$class = "virt";

			if ($num_starred > 0) $class .= "Unread";

			printFeedEntry(-1, $class, "Starred articles", $num_starred, 
				"images/mark_set.png", $link);

			if (get_pref($link, 'ENABLE_FEED_CATS')) {
				print "</li></ul>";
			}

			if (get_pref($link, 'ENABLE_LABELS')) {
	
				$result = db_query($link, "SELECT id,sql_exp,description FROM
					ttrss_labels WHERE owner_uid = '$owner_uid' ORDER by description");
		
				if (db_num_rows($result) > 0) {
					if (get_pref($link, 'ENABLE_FEED_CATS')) {
						print "<li class=\"feedCat\">Labels</li>";
						print "<li id=\"feedCatHolder\"><ul class=\"feedCatList\">";
					} else {
						print "<li><hr></li>";
					}
				}
		
				while ($line = db_fetch_assoc($result)) {
	
					error_reporting (0);
		
					$tmp_result = db_query($link, "SELECT count(id) as count FROM ttrss_entries,ttrss_user_entries
						WHERE (" . $line["sql_exp"] . ") AND unread = true AND
						ttrss_user_entries.ref_id = ttrss_entries.id
						AND owner_uid = '$owner_uid'");
	
					$count = db_fetch_result($tmp_result, 0, "count");
	
					$class = "label";
	
					if ($count > 0) {
						$class .= "Unread";
					}
					
					error_reporting (DEFAULT_ERROR_LEVEL);
	
					printFeedEntry(-$line["id"]-11, 
						$class, $line["description"], $count, "images/label.png", $link);
		
				}

				if (db_num_rows($result) > 0) {
					if (get_pref($link, 'ENABLE_FEED_CATS')) {
						print "</li></ul>";
					}
				}

			}

//			if (!get_pref($link, 'ENABLE_FEED_CATS')) {
				print "<li><hr></li>";
//			}

			if (get_pref($link, 'ENABLE_FEED_CATS')) {
				$order_by_qpart = "category,title";
			} else {
				$order_by_qpart = "title";
			}

			$result = db_query($link, "SELECT *,
				(SELECT count(id) FROM ttrss_entries,ttrss_user_entries
					WHERE feed_id = ttrss_feeds.id AND 
					ttrss_user_entries.ref_id = ttrss_entries.id AND
					owner_uid = '$owner_uid') AS total,
				(SELECT count(id) FROM ttrss_entries,ttrss_user_entries
					WHERE feed_id = ttrss_feeds.id AND unread = true
						AND ttrss_user_entries.ref_id = ttrss_entries.id
						AND owner_uid = '$owner_uid') as unread,
				(SELECT title FROM ttrss_feed_categories 
					WHERE id = cat_id) AS category
				FROM ttrss_feeds WHERE owner_uid = '$owner_uid' ORDER BY $order_by_qpart");			
	
			$actid = $_GET["actid"];
	
			/* real feeds */
	
			$lnum = 0;
	
			$total_unread = 0;

			$category = "";
	
			while ($line = db_fetch_assoc($result)) {
			
				$feed = $line["title"];
				$feed_id = $line["id"];	  
	
				$subop = $_GET["subop"];
				
				$total = $line["total"];
				$unread = $line["unread"];

				$tmp_category = $line["category"];

				if (!$tmp_category) {
					$tmp_category = "Uncategorized";
				}
				
	//			$class = ($lnum % 2) ? "even" : "odd";
	
				$class = "feed";
	
				if ($unread > 0) $class .= "Unread";
	
				if ($actid == $feed_id) {
					$class .= "Selected";
				}
	
				$total_unread += $unread;

				if ($category != $tmp_category && get_pref($link, 'ENABLE_FEED_CATS')) {
				
					if ($category) {
						print "</li></ul></li>";
					}
				
					$category = $tmp_category;
					
					print "<li class=\"feedCat\">$category</li>";
					print "<li id=\"feedCatHolder\"><ul class=\"feedCatList\">";
				}
	
				printFeedEntry($feed_id, $class, $feed, $unread, 
					"icons/$feed_id.ico", $link);
	
				++$lnum;
			}

		} else {

			// tags

			$result = db_query($link, "SELECT tag_name,count(ttrss_entries.id) AS count
				FROM ttrss_tags,ttrss_entries,ttrss_user_entries WHERE
				post_int_id = ttrss_user_entries.int_id AND 
				unread = true AND ref_id = ttrss_entries.id
				AND ttrss_tags.owner_uid = '$owner_uid' GROUP BY tag_name	
			UNION
				select tag_name,0 as count FROM ttrss_tags WHERE owner_uid = '$owner_uid'
			ORDER BY tag_name");
	
			$tags = array();
	
			while ($line = db_fetch_assoc($result)) {
				$tags[$line["tag_name"]] += $line["count"];
			}
	
			foreach (array_keys($tags) as $tag) {
	
				$unread = $tags[$tag];
	
				$class = "odd";
	
				if ($unread > 0) {
					$class .= "Unread";
				}
	
				printFeedEntry($tag, $class, $tag, $unread, "images/tag.png", $link);
	
			} 

		}

		if (db_num_rows($result) == 0) {
			if ($tags) {
				$what = "tags";
			} else {
				$what = "feeds";
			}
			print "<li>No $what to display.</li>";
		}

		print "</ul>";

		print "<div class=\"invisible\" id=\"FEEDTU\">$total_unread</div>";

	}


	if ($op == "rpc") {

		$subop = $_GET["subop"];

		if ($subop == "getLabelCounters") {
			$aid = $_GET["aid"];		
			print "<rpc-reply>";
			getLabelCounters($link);
			if ($aid) {
				getFeedCounter($link, $aid);
			}
			print "</rpc-reply>";
		}

		if ($subop == "getFeedCounters") {
			print "<rpc-reply>";
			getFeedCounters($link);
			print "</rpc-reply>";
		}

		if ($subop == "getAllCounters") {
			print "<rpc-reply>";
			getLabelCounters($link);
			getFeedCounters($link);
			getTagCounters($link);
			getGlobalCounters($link);
			print "</rpc-reply>";
		}

		if ($subop == "mark") {
			$mark = $_GET["mark"];
			$id = db_escape_string($_GET["id"]);

			if ($mark == "1") {
				$mark = "true";
			} else {
				$mark = "false";
			}

			// FIXME this needs collision testing

			$result = db_query($link, "UPDATE ttrss_user_entries SET marked = $mark
				WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
		}

		if ($subop == "updateFeed") {
			$feed_id = db_escape_string($_GET["feed"]);

			$result = db_query($link, 
				"SELECT feed_url FROM ttrss_feeds WHERE id = '$feed_id'
					AND owner_uid = " . $_SESSION["uid"]);

			if (db_num_rows($result) > 0) {			
				$feed_url = db_fetch_result($result, 0, "feed_url");
				update_rss_feed($link, $feed_url, $feed_id);
			}

			print "<rpc-reply>";
			getFeedCounter($link, $feed_id);
			print "</rpc-reply>";
			
			return;
		}

		if ($subop == "forceUpdateAllFeeds" || $subop == "updateAllFeeds") {
		
			update_all_feeds($link, $subop == "forceUpdateAllFeeds");			

			$omode = $_GET["omode"];

			if (!$omode) $omode = "tfl";

			print "<rpc-reply>";
			if (strchr($omode, "l")) getLabelCounters($link);
			if (strchr($omode, "f")) getFeedCounters($link);
			if (strchr($omode, "t")) getTagCounters($link);
			getGlobalCounters($link);
			print "</rpc-reply>";
		}
		
		if ($subop == "catchupSelected") {

			$ids = split(",", $_GET["ids"]);

			foreach ($ids as $id) {

				db_query($link, "UPDATE ttrss_user_entries SET unread=false,last_read = NOW()
					WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]);

			}

			print "Marked active page as read.";
		}

		if ($subop == "sanityCheck") {

			$error_code = 0;

			$result = db_query($link, "SELECT schema_version FROM ttrss_version");

			$schema_version = db_fetch_result($result, 0, "schema_version");

			if ($schema_version != SCHEMA_VERSION) {
				$error_code = 5;
			}

			print "<error error-code='$error_code'/>";
		}

		if ($subop == "globalPurge") {

			print "<rpc-reply>";
			global_purge_old_posts($link, true);
			print "</rpc-reply>";

		}

	}
	
	if ($op == "feeds") {

		$tags = $_GET["tags"];

		$subop = $_GET["subop"];

		if ($subop == "catchupAll") {
			db_query($link, "UPDATE ttrss_user_entries SET 
				last_read = NOW(),unread = false WHERE owner_uid = " . $_SESSION["uid"]);
		}

		outputFeedList($link, $tags);

	}

	if ($op == "view") {

		$id = $_GET["id"];
		$feed_id = $_GET["feed"];

		$result = db_query($link, "UPDATE ttrss_user_entries 
			SET unread = false,last_read = NOW() 
			WHERE ref_id = '$id' AND feed_id = '$feed_id' AND owner_uid = " . $_SESSION["uid"]);

		$addheader = $_GET["addheader"];

		$result = db_query($link, "SELECT title,link,content,feed_id,comments,int_id,
			(SELECT icon_url FROM ttrss_feeds WHERE id = feed_id) as icon_url
			FROM ttrss_entries,ttrss_user_entries
			WHERE	id = '$id' AND ref_id = id");

		if ($addheader) {
			print "<html><head>
				<title>Tiny Tiny RSS : Article $id</title>
				<link rel=\"stylesheet\" href=\"tt-rss.css\" type=\"text/css\">
				<script type=\"text/javascript\" src=\"functions.js\"></script>
				<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">
				</head><body>";
		}

		if ($result) {

			$line = db_fetch_assoc($result);

			if ($line["icon_url"]) {
				$feed_icon = "<img class=\"feedIcon\" src=\"" . $line["icon_url"] . "\">";
			} else {
				$feed_icon = "&nbsp;";
			}

			if ($line["comments"] && $line["link"] != $line["comments"]) {
				$entry_comments = "(<a href=\"".$line["comments"]."\">Comments</a>)";
			} else {
				$entry_comments = "";
			}

			print "<div class=\"postReply\">";

			print "<div class=\"postHeader\"><table width=\"100%\">";

			print "<tr><td colspan='2'>" . $line["title"] . "</td></tr>";

			$tmp_result = db_query($link, "SELECT DISTINCT tag_name FROM
				ttrss_tags WHERE post_int_id = " . $line["int_id"] . "
				ORDER BY tag_name");
	
			$tags_str = "";

			while ($tmp_line = db_fetch_assoc($tmp_result)) {
				$tag = $tmp_line["tag_name"];
				$tags_str .= "<a href=\"javascript:parent.viewfeed('$tag')\">$tag</a>, "; 
			}		

			$tags_str = preg_replace("/, $/", "", $tags_str);			

			print "<tr><td width='50%'>
				<a href=\"" . $line["link"] . "\">".$line["link"]."</a>
				$entry_comments</td>
				<td align=\"right\">$tags_str</td></tr>";

/*			if ($tags_str) {
				print "<tr><td><b>Tags:</b></td>
					<td width='100%'>$tags_str</td></tr>";
			} */

			print "</table></div>";

			print "<div class=\"postIcon\">" . $feed_icon . "</div>";
			print "<div class=\"postContent\">" . $line["content"] . "</div>";
			
			print "</div>";

			print "<script type=\"text/javascript\">
				update_label_counters('$feed_id');
			</script>";
		}

		if ($addheader) {
			print "</body></html>";
		}
	}

	if ($op == "viewfeed") {

		$feed = $_GET["feed"];
		$skip = $_GET["skip"];
		$subop = $_GET["subop"];
		$view_mode = $_GET["view"];
		$addheader = $_GET["addheader"];
		$limit = $_GET["limit"];

		if (!$feed) {
			return;
		}

		if (!$skip) $skip = 0;

		if ($subop == "undefined") $subop = "";

		if ($addheader) {
			print "<html><head>
				<title>Tiny Tiny RSS : Feed $feed</title>
				<link rel=\"stylesheet\" href=\"tt-rss.css\" type=\"text/css\">";

			if (get_pref($link, 'USE_COMPACT_STYLESHEET')) {
				print "<link rel=\"stylesheet\" 
						type=\"text/css\" href=\"tt-rss_compact.css\"/>";

			} else {
				print "<link title=\"Compact Stylesheet\" rel=\"alternate stylesheet\" 
						type=\"text/css\" href=\"tt-rss_compact.css\"/>";
			}
			print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">	
				<script type=\"text/javascript\" src=\"functions.js\"></script>
				<script type=\"text/javascript\" src=\"viewfeed.js\"></script>
				</head><body onload='init()'>";
		}

		if ($subop == "ForceUpdate" && sprintf("%d", $feed) > 0) {

			$tmp_result = db_query($link, "SELECT feed_url FROM ttrss_feeds
				WHERE id = '$feed'");

			$feed_url = db_fetch_result($tmp_result, 0, "feed_url");

			update_rss_feed($link, $feed_url, $feed);

		}

		if ($subop == "MarkAllRead")  {

			if (sprintf("%d", $feed) != 0) {
			
				if ($feed > 0) {
					db_query($link, "UPDATE ttrss_user_entries 
						SET unread = false,last_read = NOW() 
						WHERE feed_id = '$feed' AND owner_uid = " . $_SESSION["uid"]);
						
				} else if ($feed < 0 && $feed > -10) { // special, like starred

					if ($feed == -1) {
						db_query($link, "UPDATE ttrss_user_entries 
							SET unread = false,last_read = NOW()
							WHERE marked = true AND owner_uid = ".$_SESSION["uid"]);
					}
			
				} else if ($feed < -10) { // label

					// TODO make this more efficient

					$label_id = -$feed - 11;

					$tmp_result = db_query($link, "SELECT sql_exp FROM ttrss_labels
						WHERE id = '$label_id'");					

					if ($tmp_result) {
						$sql_exp = db_fetch_result($tmp_result, 0, "sql_exp");

						db_query($link, "BEGIN");

						$tmp2_result = db_query($link,
							"SELECT 
								int_id 
							FROM 
								ttrss_user_entries,ttrss_entries 
							WHERE
								ref_id = id AND 
								$sql_exp AND
								owner_uid = " . $_SESSION["uid"]);

						while ($tmp_line = db_fetch_assoc($tmp2_result)) {
							db_query($link, "UPDATE 
								ttrss_user_entries 
							SET 
								unread = false, last_read = NOW()
							WHERE
								int_id = " . $tmp_line["int_id"]);
						}
								
						db_query($link, "COMMIT");

/*						db_query($link, "UPDATE ttrss_user_entries,ttrss_entries 
							SET unread = false,last_read = NOW()
							WHERE $sql_exp
							AND ref_id = id
							AND owner_uid = ".$_SESSION["uid"]); */
					}
				}
			} else { // tag
				db_query($link, "BEGIN");

				$tag_name = db_escape_string($feed);

				$result = db_query($link, "SELECT post_int_id FROM ttrss_tags
					WHERE tag_name = '$tag_name' AND owner_uid = " . $_SESSION["uid"]);

				while ($line = db_fetch_assoc($result)) {
					db_query($link, "UPDATE ttrss_user_entries SET
						unread = false, last_read = NOW() 
						WHERE int_id = " . $line["post_int_id"]);
				}
				db_query($link, "COMMIT");
			}

		}

		print "<table class=\"headlinesList\" id=\"headlinesList\" width=\"100%\">";

		$search = $_GET["search"];

		$search_mode = $_GET["smode"];

		if ($search) {
			$search_query_part = "(upper(title) LIKE upper('%$search%') 
				OR content LIKE '%$search%') AND";
		} else {
			$search_query_part = "";
		}

		$view_query_part = "";

		if ($view_mode == "Starred") {
			$view_query_part = " marked = true AND ";
		}

		if ($view_mode == "Unread") {
			$view_query_part = " unread = true AND ";
		}

		if ($view_mode == "Unread or Starred") {
			$view_query_part = " (unread = true OR marked = true) AND ";
		}

		if ($view_mode == "Unread or Updated") {
			$view_query_part = " (unread = true OR last_read is NULL) AND ";
		}

/*		$result = db_query($link, "SELECT count(id) AS total_entries 
			FROM ttrss_entries WHERE 
			$search_query_part
			feed_id = '$feed'");

		$total_entries = db_fetch_result($result, 0, "total_entries"); */

/*		$result = db_query("SELECT count(id) AS unread_entries 
			FROM ttrss_entries WHERE 
			$search_query_part
			unread = true AND
			feed_id = '$feed'");

		$unread_entries = db_fetch_result($result, 0, "unread_entries"); */

		if ($limit && $limit != "All") {
			$limit_query_part = "LIMIT " . $limit;
		} 

		$vfeed_query_part = "";

		// override query strategy and enable feed display when searching globally
		if ($search && $search_mode == "All feeds") {
			$query_strategy_part = "id > 0";
			$vfeed_query_part = "(SELECT title FROM ttrss_feeds WHERE
				id = feed_id) as feed_title,";
		} else if (sprintf("%d", $feed) == 0) {
			$query_strategy_part = "ttrss_entries.id > 0";
			$vfeed_query_part = "(SELECT title FROM ttrss_feeds WHERE
				id = feed_id) as feed_title,";
		} else if ($feed >= 0) {
			$query_strategy_part = "feed_id = '$feed'";
		} else if ($feed == -1) { // starred virtual feed
			$query_strategy_part = "marked = true";
			$vfeed_query_part = "(SELECT title FROM ttrss_feeds WHERE
				id = feed_id) as feed_title,";
		} else if ($feed <= -10) { // labels
			$label_id = -$feed - 11;

			$tmp_result = db_query($link, "SELECT sql_exp FROM ttrss_labels
				WHERE id = '$label_id'");
		
			$query_strategy_part = db_fetch_result($tmp_result, 0, "sql_exp");
	
			$vfeed_query_part = "(SELECT title FROM ttrss_feeds WHERE
				id = feed_id) as feed_title,";
		} else {
			$query_strategy_part = "id > 0"; // dumb
		}


		$order_by = "updated DESC";

//		if ($feed < -10) {
//			$order_by = "feed_id,updated DESC";
//		}

		if ($feed < -10) error_reporting (0);

		if (sprintf("%d", $feed) != 0) {

			if ($feed > 0) {			
				$feed_kind = "Feeds";
			} else {
				$feed_kind = "Labels";
			}

			$result = db_query($link, "SELECT 
					id,title,updated,unread,feed_id,marked,link,last_read,
					SUBSTRING(last_read,1,19) as last_read_noms,
					$vfeed_query_part
					SUBSTRING(updated,1,19) as updated_noms
				FROM
					ttrss_entries,ttrss_user_entries
				WHERE
				ttrss_user_entries.ref_id = ttrss_entries.id AND
				owner_uid = '".$_SESSION["uid"]."' AND
				$search_query_part
				$view_query_part
				$query_strategy_part ORDER BY $order_by
				$limit_query_part");

		} else {
			// browsing by tag

			$feed_kind = "Tags";

			$result = db_query($link, "SELECT
				ttrss_entries.id as id,title,updated,unread,feed_id,
				marked,link,last_read,
				SUBSTRING(last_read,1,19) as last_read_noms,
				$vfeed_query_part
				SUBSTRING(updated,1,19) as updated_noms
				FROM
					ttrss_entries,ttrss_user_entries,ttrss_tags
				WHERE
					ref_id = ttrss_entries.id AND
					ttrss_user_entries.owner_uid = '".$_SESSION["uid"]."' AND
					post_int_id = int_id AND tag_name = '$feed' AND
					$view_query_part
					$search_query_part
					$query_strategy_part ORDER BY $order_by
				$limit_query_part");	
		}

		if (!$result) {
			print "<tr><td colspan='4' align='center'>
				Could not display feed (query failed). Please check match syntax or local configuration.</td></tr>";
			return;
		}

		$lnum = 0;

		error_reporting (DEFAULT_ERROR_LEVEL);

		$num_unread = 0;

		while ($line = db_fetch_assoc($result)) {

			$class = ($lnum % 2) ? "even" : "odd";

			$id = $line["id"];
			$feed_id = $line["feed_id"];

//			printf("L %d (%s) &gt; U %d (%s) = %d<br>", 
//				strtotime($line["last_read_noms"]), $line["last_read_noms"],
//				strtotime($line["updated"]), $line["updated"],
//				strtotime($line["last_read"]) >= strtotime($line["updated"]));

/*			if ($line["last_read"] != "" && $line["updated"] != "" &&
				strtotime($line["last_read_noms"]) < strtotime($line["updated_noms"])) {

				$update_pic = "<img id='FUPDPIC-$id' src=\"images/updated.png\" 
					alt=\"Updated\">";

			} else {

				$update_pic = "<img id='FUPDPIC-$id' src=\"images/blank_icon.gif\" 
					alt=\"Updated\">";

			} */

			if ($line["last_read"] == "" && 
					($line["unread"] != "t" && $line["unread"] != "1")) {

				$update_pic = "<img id='FUPDPIC-$id' src=\"images/updated.png\" 
					alt=\"Updated\">";
			} else {
				$update_pic = "<img id='FUPDPIC-$id' src=\"images/blank_icon.gif\" 
					alt=\"Updated\">";
			}

			if ($line["unread"] == "t" || $line["unread"] == "1") {
				$class .= "Unread";
				++$num_unread;
			}

			if ($line["marked"] == "t" || $line["marked"] == "1") {
				$marked_pic = "<img id=\"FMARKPIC-$id\" src=\"images/mark_set.png\" 
					alt=\"Reset mark\" onclick='javascript:toggleMark($id, false)'>";
			} else {
				$marked_pic = "<img id=\"FMARKPIC-$id\" src=\"images/mark_unset.png\" 
					alt=\"Set mark\" onclick='javascript:toggleMark($id, true)'>";
			}

			$content_link = "<a id=\"FTITLE-$id\" href=\"javascript:view($id,$feed_id);\">" .
				$line["title"] . "</a>";
				
			print "<tr class='$class' id='RROW-$id'>";
			// onclick=\"javascript:view($id,$feed_id)\">

			print "<td valign='center' align='center'>$update_pic</td>";
			print "<td valign='center' align='center'>$marked_pic</td>";

			print "<td width='25%'>
				<a href=\"javascript:view($id,$feed_id);\">".$line["updated"]."</a></td>";

			if ($line["feed_title"]) {			
				print "<td width='50%'>$content_link</td>";
				print "<td width='20%'>
					<a href='javascript:viewfeed($feed_id)'>".$line["feed_title"]."</a></td>";
			} else {
				print "<td width='70%'>$content_link</td>";
			}

			print "</tr>";

			++$lnum;
		}

		if ($lnum == 0) {
			print "<tr><td align='center'>No articles found.</td></tr>";
		}
		
		print "</table>";
		
		print "<script type=\"text/javascript\">
			document.onkeydown = hotkey_handler;
			update_label_counters('$feed');
		</script>";

		if ($addheader) {
			print "</body></html>";
		}

	}

	if ($op == "pref-rpc") {

		$subop = $_GET["subop"];

		if ($subop == "unread") {
			$ids = split(",", $_GET["ids"]);
			foreach ($ids as $id) {
				db_query($link, "UPDATE ttrss_user_entries SET unread = true 
					WHERE feed_id = '$id' AND owner_uid = ".$_SESSION["uid"]);
			}

			print "Marked selected feeds as unread.";
		}

		if ($subop == "read") {
			$ids = split(",", $_GET["ids"]);
			foreach ($ids as $id) {
				db_query($link, "UPDATE ttrss_user_entries 
					SET unread = false,last_read = NOW() WHERE 
						feed_id = '$id' AND owner_uid = ".$_SESSION["uid"]);
			}

			print "Marked selected feeds as read.";

		}

	}

	if ($op == "pref-feeds") {
	
		$subop = $_GET["subop"];

		if ($subop == "editSave") {
			$feed_title = db_escape_string($_GET["t"]);
			$feed_link = db_escape_string($_GET["l"]);
			$upd_intl = db_escape_string($_GET["ui"]);
			$purge_intl = db_escape_string($_GET["pi"]);
			$feed_id = db_escape_string($_GET["id"]);
			$cat_id = db_escape_string($_GET["catid"]);

			if (strtoupper($upd_intl) == "DEFAULT")
				$upd_intl = 0;

			if (strtoupper($purge_intl) == "DEFAULT")
				$purge_intl = 0;

			if (strtoupper($purge_intl) == "DISABLED")
				$purge_intl = -1;

			if ($cat_id != 0) {
				$category_qpart = "cat_id = '$cat_id'";
			} else {
				$category_qpart = 'cat_id = NULL';
			}

			$result = db_query($link, "UPDATE ttrss_feeds SET 
				$category_qpart,
				title = '$feed_title', feed_url = '$feed_link',
				update_interval = '$upd_intl',
				purge_interval = '$purge_intl'
				WHERE id = '$feed_id' AND owner_uid = " . $_SESSION["uid"]);			

		}

		if ($subop == "remove") {

			if (!WEB_DEMO_MODE) {

				$ids = split(",", $_GET["ids"]);

				foreach ($ids as $id) {
					db_query($link, "DELETE FROM ttrss_feeds 
						WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]);

					$icons_dir = ICONS_DIR;
					
					if (file_exists($icons_dir . "/$id.ico")) {
						unlink($icons_dir . "/$id.ico");
					}
				}
			}
		}

		if ($subop == "add") {
		
			if (!WEB_DEMO_MODE) {

				$feed_link = db_escape_string(trim($_GET["link"]));

				$result = db_query($link,
					"SELECT id FROM ttrss_feeds 
					WHERE feed_url = '$feed_link' AND owner_uid = ".$_SESSION["uid"]);

				if (db_num_rows($result) == 0) {
					
					$result = db_query($link,
						"INSERT INTO ttrss_feeds (owner_uid,feed_url,title) 
						VALUES ('".$_SESSION["uid"]."', '$feed_link', '')");

					$result = db_query($link,
					"SELECT id FROM ttrss_feeds WHERE feed_url = '$feed_link' 
						AND owner_uid = " . $_SESSION["uid"]);

					$feed_id = db_fetch_result($result, 0, "id");

					if ($feed_id) {
						update_rss_feed($link, $feed_link, $feed_id);
					}
				} else {

					print "<div class=\"warning\">
						Feed <b>$feed_link</b> already exists in the database.
					</div>";
				}
			}
		}

		if ($subop == "addCat") {

			if (!WEB_DEMO_MODE) {

				$feed_cat = db_escape_string(trim($_GET["cat"]));

				$result = db_query($link,
					"SELECT id FROM ttrss_feed_categories
					WHERE title = '$feed_cat' AND owner_uid = ".$_SESSION["uid"]);

				if (db_num_rows($result) == 0) {
					
					$result = db_query($link,
						"INSERT INTO ttrss_feed_categories (owner_uid,title) 
						VALUES ('".$_SESSION["uid"]."', '$feed_cat')");

				} else {

					print "<div class=\"warning\">
						Category <b>$feed_cat</b> already exists in the database.
					</div>";
				}


			}
		}

		if ($subop == "removeCats") {

			if (!WEB_DEMO_MODE) {

				$ids = split(",", $_GET["ids"]);

				foreach ($ids as $id) {

					db_query($link, "BEGIN");

					$result = db_query($link, 
						"SELECT count(id) as num_feeds FROM ttrss_feeds 
							WHERE cat_id = '$id'");

					$num_feeds = db_fetch_result($result, 0, "num_feeds");

					if ($num_feeds == 0) {
						db_query($link, "DELETE FROM ttrss_feed_categories
							WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]);
					} else {

						print "<div class=\"warning\">
							Unable to delete non empty feed categories.</div>";
							
					}

					db_query($link, "COMMIT");
				}
			}
		}

//		print "<h3>Edit Feeds</h3>";

		$result = db_query($link, "SELECT id,title,feed_url,last_error 
			FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]);

		if (db_num_rows($result) > 0) {
		
			print "<div class=\"warning\">";
		
			print "<b>Feeds with update errors:</b>";

			print "<ul class=\"nomarks\">";
						
			while ($line = db_fetch_assoc($result)) {
				print "<li>" . $line["title"] . " (" . $line["feed_url"] . "): " . 
					$line["last_error"];
			}

			print "</ul>";
			print "</div>";

		}

		print "<p><div class=\"prefGenericAddBox\">
			<input id=\"fadd_link\" size=\"40\">&nbsp;<input 
				type=\"submit\" class=\"button\" 
				onclick=\"javascript:addFeed()\" value=\"Add feed\"></div>";

		$feeds_sort = db_escape_string($_GET["sort"]);

		if (!$feeds_sort || $feeds_sort == "undefined") {
			$feeds_sort = $_SESSION["pref_sort_feeds"];			
			if (!$feeds_sort) $feeds_sort = "title";
		}

		$_SESSION["pref_sort_feeds"] = $feeds_sort;

		$result = db_query($link, "SELECT 
				id,title,feed_url,substring(last_updated,1,16) as last_updated,
				update_interval,purge_interval,
				(SELECT title FROM ttrss_feed_categories 
					WHERE id = cat_id) AS category
			FROM 
				ttrss_feeds WHERE owner_uid = '".$_SESSION["uid"]."' 
			ORDER by $feeds_sort,title");

		if (db_num_rows($result) != 0) {

			print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>";
	
			print "<p><table width=\"100%\" class=\"prefFeedList\" id=\"prefFeedList\">";
			print "<tr class=\"title\">
						<td width=\"3%\">&nbsp;</td>
						<td width=\"3%\">Select</td>
						<td width=\"20%\">
							<a href=\"javascript:updateFeedList('title')\">Title</a></td>
						<td width=\"20%\">
							<a href=\"javascript:updateFeedList('feed_url')\">Link</a>
						</td>";
	
			if (get_pref($link, 'ENABLE_FEED_CATS')) {
				print "<td width=\"10%\">
					<a href=\"javascript:updateFeedList('category')\">Category</a></td>";
			}
			
			print "
				<td width=\"10%\">
					<a href=\"javascript:updateFeedList('update_interval')\">Update Interval</a>
				</td>
				<td width=\"10%\">
					<a href=\"javascript:updateFeedList('purge_interval')\">Purge Days</a>
				</td>
			</tr>";
			
			$lnum = 0;
			
			while ($line = db_fetch_assoc($result)) {
	
				$class = ($lnum % 2) ? "even" : "odd";
	
				$feed_id = $line["id"];
	
				$edit_feed_id = $_GET["id"];
	
				if ($subop == "edit" && $feed_id != $edit_feed_id) {
					$class .= "Grayed";
				}
	
				print "<tr class=\"$class\" id=\"FEEDR-$feed_id\">";
	
				$icon_file = ICONS_DIR . "/$feed_id.ico";
	
				if (file_exists($icon_file) && filesize($icon_file) > 0) {
						$feed_icon = "<img width=\"16\" height=\"16\"
							src=\"" . ICONS_URL . "/$feed_id.ico\">";
				} else {
					$feed_icon = "&nbsp;";
				}
				print "<td align='center'>$feed_icon</td>";		
	
				$edit_title = htmlspecialchars(db_unescape_string($line["title"]));
				$edit_link = htmlspecialchars(db_unescape_string($line["feed_url"]));
				$edit_cat = htmlspecialchars(db_unescape_string($line["category"]));
	
				if (!$edit_cat) $edit_cat = "Uncategorized";
	
				if (!$edit_feed_id || $subop != "edit") {
	
					print "<td><input onclick='toggleSelectRow(this);' 
					type=\"checkbox\" id=\"FRCHK-".$line["id"]."\"></td>";

					$edit_title = truncate_string($edit_title, 40);
					$edit_link = truncate_string($edit_link, 60);
	
					print "<td><a href=\"javascript:editFeed($feed_id);\">" . 
						$edit_title . "</a></td>";		
						
					print "<td><a href=\"javascript:editFeed($feed_id);\">" . 
						$edit_link . "</a></td>";		
	
					if (get_pref($link, 'ENABLE_FEED_CATS')) {
						print "<td><a href=\"javascript:editFeed($feed_id);\">" . 
							$edit_cat . "</a></td>";		
					}
	
					if ($line["update_interval"] == "0")
						$line["update_interval"] = "Default";
	
					print "<td><a href=\"javascript:editFeed($feed_id);\">" . 
						$line["update_interval"] . "</a></td>";
	
					if ($line["purge_interval"] == "0")
						$line["purge_interval"] = "Default";
	
					if ($line["purge_interval"] < 0)
						$line["purge_interval"] = "Disabled";
	
					print "<td><a href=\"javascript:editFeed($feed_id);\">" . 
						$line["purge_interval"] . "</a></td>";
	
				} else if ($feed_id != $edit_feed_id) {
	
					print "<td><input disabled=\"true\" type=\"checkbox\" 
						id=\"FRCHK-".$line["id"]."\"></td>";

					$edit_title = truncate_string($edit_title, 40);
					$edit_link = truncate_string($edit_link, 60);

					print "<td>$edit_title</td>";		
					print "<td>$edit_link</td>";		
	
					if (get_pref($link, 'ENABLE_FEED_CATS')) {
						print "<td>$edit_cat</td>";		
					}
	
					if ($line["update_interval"] == "0")
						$line["update_interval"] = "Default";
	
					print "<td>" . $line["update_interval"] . "</td>";
	
					if ($line["purge_interval"] == "0")
						$line["purge_interval"] = "Default";
	
					if ($line["purge_interval"] < 0)
						$line["purge_interval"] = "Disabled";
	
					print "<td>" . $line["purge_interval"] . "</td>";
	
				} else {
	
					print "<td><input disabled=\"true\" type=\"checkbox\" checked></td>";
	
					print "<td><input id=\"iedit_title\" value=\"$edit_title\"></td>";
					print "<td><input id=\"iedit_link\" value=\"$edit_link\"></td>";
	
					if (get_pref($link, 'ENABLE_FEED_CATS')) {
	
						print "<td>";
						print "<select id=\"iedit_fcat\">";
						print "<option id=\"0\">Uncategorized</option>";
		
						$tmp_result = db_query($link, "SELECT id,title FROM ttrss_feed_categories
							WHERE owner_uid = ".$_SESSION["uid"]." ORDER BY title");
		
						if (db_num_rows($tmp_result) > 0) {
							print "<option disabled>--------</option>";
						}

						while ($tmp_line = db_fetch_assoc($tmp_result)) {
							if ($tmp_line["id"] == $line["cat_id"]) {
								$is_selected = "selected";
							} else {
								$is_selected = "";
							}
							printf("<option $is_selected id='%d'>%s</option>", 
								$tmp_line["id"], $tmp_line["title"]);
						}
		
						print "</select></td>";
						print "</td>";
	
					}
					
					print "<td><input id=\"iedit_updintl\" 
						value=\"".$line["update_interval"]."\"></td>";
					print "<td><input id=\"iedit_purgintl\" 
						value=\"".$line["purge_interval"]."\"></td>";
						
				}
	
/*				if (!$line["last_updated"]) $line["last_updated"] = "Never";
	
				print "<td>" . $line["last_updated"] . "</td>"; */
				
				print "</tr>";
	
				++$lnum;
			}
	
			print "</table>";

			print "<p>";
	
			if ($subop == "edit") {
				print "Edit feed:&nbsp;
					<input type=\"submit\" class=\"button\" 
						onclick=\"javascript:feedEditCancel()\" value=\"Cancel\">
					<input type=\"submit\" class=\"button\" 
						onclick=\"javascript:feedEditSave()\" value=\"Save\">";
			} else {
	
				print "
					Selection:&nbsp;
				<input type=\"submit\" class=\"button\" 
					onclick=\"javascript:selectedFeedDetails()\" value=\"Details\">
				<input type=\"submit\" class=\"button\" 
					onclick=\"javascript:editSelectedFeed()\" value=\"Edit\">
				<input type=\"submit\" class=\"button\" 
					onclick=\"javascript:removeSelectedFeeds()\" value=\"Remove\">";
					
				if (get_pref($link, 'ENABLE_PREFS_CATCHUP_UNCATCHUP')) {
					print "
					<input type=\"submit\" class=\"button\" 
						onclick=\"javascript:readSelectedFeeds()\" value=\"Mark as read\">
					<input type=\"submit\" class=\"button\" 
						onclick=\"javascript:unreadSelectedFeeds()\" 
						value=\"Mark as unread\">&nbsp;";
				}
				
				print "
					All feeds: <input type=\"submit\" 
							class=\"button\" onclick=\"gotoExportOpml()\" 
							value=\"Export OPML\">";			
				}
		} else {

			print "<p>No feeds defined.</p>";

		}

		if (get_pref($link, 'ENABLE_FEED_CATS')) {

			print "<h3>Edit Categories</h3>";

	//		print "<h3>Categories</h3>";

			print "<div class=\"prefGenericAddBox\">
				<input id=\"fadd_cat\" size=\"40\">&nbsp;<input 
					type=\"submit\" class=\"button\" 
					onclick=\"javascript:addFeedCat()\" value=\"Add category\"></div>";
	
			$result = db_query($link, "SELECT title,id FROM ttrss_feed_categories
				WHERE owner_uid = ".$_SESSION["uid"]."
				ORDER BY title");

			if (db_num_rows($result) != 0) {
	
				print "<p><table width=\"100%\" class=\"prefFeedCatList\" id=\"prefFeedCatList\">";
				print "<tr class=\"title\">
							<td width=\"10%\">Select</td><td width=\"80%\">Title</td>
						</tr>";
						
				$lnum = 0;
				
				while ($line = db_fetch_assoc($result)) {
		
					$class = ($lnum % 2) ? "even" : "odd";
		
					$cat_id = $line["id"];
		
					$edit_cat_id = $_GET["id"];
		
					if ($subop == "editCat" && $cat_id != $edit_cat_id) {
						$class .= "Grayed";
					}
		
					print "<tr class=\"$class\" id=\"FCATR-$cat_id\">";
		
					$edit_title = htmlspecialchars(db_unescape_string($line["title"]));
		
					if (!$edit_cat_id || $subop != "editCat") {
		
						print "<td><input onclick='toggleSelectRow(this);' 
						type=\"checkbox\" id=\"FCCHK-".$line["id"]."\"></td>";
		
						print "<td><a href=\"javascript:editFeedCat($cat_id);\">" . 
							$edit_title . "</a></td>";		
		
					} else if ($cat_id != $edit_cat_id) {
		
						print "<td><input disabled=\"true\" type=\"checkbox\" 
							id=\"FRCHK-".$line["id"]."\"></td>";
		
						print "<td>$edit_title</td>";		
		
					} else {
		
						print "<td><input disabled=\"true\" type=\"checkbox\" checked></td>";
		
						print "<td><input id=\"iedit_title\" value=\"$edit_title\"></td>";
						
					}
					
					print "</tr>";
		
					++$lnum;
				}
	
				print "</table>";
	
				print "<p>";
	
				if ($subop == "editCat") {
					print "Edit category:&nbsp;
						<input type=\"submit\" class=\"button\" 
							onclick=\"javascript:feedCatEditCancel()\" value=\"Cancel\">
						<input type=\"submit\" class=\"button\" 
							onclick=\"javascript:feedCatEditSave()\" value=\"Save\">";
					} else {
		
					print "
						Selection:&nbsp;
					<input type=\"submit\" class=\"button\" 
						onclick=\"javascript:editSelectedFeedCat()\" value=\"Edit\">
					<input type=\"submit\" class=\"button\" 
						onclick=\"javascript:removeSelectedFeedCats()\" value=\"Remove\">";
	
				}
	
			} else {
				print "<p>No feed categories defined.</p>";
 			}
		}

		print "<h3>Import OPML</h3>
		<form	enctype=\"multipart/form-data\" method=\"POST\" action=\"opml.php\">
			File: <input id=\"opml_file\" name=\"opml_file\" type=\"file\">&nbsp;
			<input class=\"button\" name=\"op\" onclick=\"return validateOpmlImport();\"
				type=\"submit\" value=\"Import\">
			</form>";

	}

	if ($op == "pref-filters") {

		$subop = $_GET["subop"];

		if ($subop == "editSave") {

			$regexp = db_escape_string($_GET["r"]);
			$descr = db_escape_string($_GET["d"]);
			$match = db_escape_string($_GET["m"]);
			$filter_id = db_escape_string($_GET["id"]);
			$feed_id = db_escape_string($_GET["fid"]);

			if (!$feed_id) {
				$feed_id = 'NULL';
			} else {
				$feed_id = sprintf("'%s'", db_escape_string($feed_id));
			}
			
			$result = db_query($link, "UPDATE ttrss_filters SET 
				reg_exp = '$regexp', 
				description = '$descr',
				feed_id = $feed_id,
				filter_type = (SELECT id FROM ttrss_filter_types WHERE
					description = '$match')
				WHERE id = '$filter_id'");
		}

		if ($subop == "remove") {

			if (!WEB_DEMO_MODE) {

				$ids = split(",", $_GET["ids"]);

				foreach ($ids as $id) {
					db_query($link, "DELETE FROM ttrss_filters WHERE id = '$id'");
					
				}
			}
		}

		if ($subop == "add") {
		
			if (!WEB_DEMO_MODE) {

				$regexp = db_escape_string(trim($_GET["regexp"]));
				$match = db_escape_string(trim($_GET["match"]));
				$feed_id = db_escape_string($_GET["fid"]);

				if (!$feed_id) {
					$feed_id = 'NULL';
				} else {
					$feed_id = sprintf("'%s'", db_escape_string($feed_id));
				}

				$result = db_query($link,
					"INSERT INTO ttrss_filters (reg_exp,filter_type,owner_uid,feed_id) VALUES 
						('$regexp', (SELECT id FROM ttrss_filter_types WHERE
							description = '$match'),'".$_SESSION["uid"]."', $feed_id)");
			} 
		}

		$result = db_query($link, "SELECT description 
			FROM ttrss_filter_types ORDER BY description");

		$filter_types = array();

		while ($line = db_fetch_assoc($result)) {
			array_push($filter_types, $line["description"]);
		}

		print "<div class=\"prefGenericAddBox\">
		<input id=\"fadd_regexp\" size=\"40\">&nbsp;";
		
		print_select("fadd_match", "Title", $filter_types);	

		print "&nbsp;<select id=\"fadd_feed\">";

		print "<option selected id=\"0\">All feeds</option>";

		$result = db_query($link, "SELECT id,title FROM ttrss_feeds
			WHERE owner_uid = ".$_SESSION["uid"]." ORDER BY title");

		if (db_num_rows($result) > 0) {
			print "<option disabled>--------</option>";
		}

		while ($line = db_fetch_assoc($result)) {
			printf("<option id='%d'>%s</option>", $line["id"], $line["title"]);
		}

		print "</select>&nbsp;";
	
		print "<input type=\"submit\" 
			class=\"button\" onclick=\"javascript:addFilter()\" 
			value=\"Add filter\">";

		$result = db_query($link, "SELECT 
				ttrss_filters.id AS id,reg_exp,
				ttrss_filters.description AS description,
				ttrss_filter_types.name AS filter_type_name,
				ttrss_filter_types.description AS filter_type_descr,
				feed_id,
				(SELECT title FROM ttrss_feeds WHERE id = feed_id) AS feed_title
			FROM 
				ttrss_filters,ttrss_filter_types
			WHERE
				filter_type = ttrss_filter_types.id AND
				ttrss_filters.owner_uid = ".$_SESSION["uid"]."
			ORDER by reg_exp");

		if (db_num_rows($result) != 0) {

			print "<p><table width=\"100%\" class=\"prefFilterList\" id=\"prefFilterList\">";
	
			print "<tr class=\"title\">
						<td width=\"5%\">Select</td><td width=\"30%\">Filter expression</td>
						<td width=\"30%\">Feed</td><td width=\"10%\">Match</td>
						<td width=\"30%\">Description</td></tr>";
		
			$lnum = 0;
			
			while ($line = db_fetch_assoc($result)) {
	
				$class = ($lnum % 2) ? "even" : "odd";
	
				$filter_id = $line["id"];
				$edit_filter_id = $_GET["id"];
	
				if ($subop == "edit" && $filter_id != $edit_filter_id) {
					$class .= "Grayed";
				}
	
				print "<tr class=\"$class\" id=\"FILRR-$filter_id\">";
	
				$line["regexp"] = htmlspecialchars($line["reg_exp"]);
				$line["description"] = htmlspecialchars($line["description"]);
	
				if (!$line["feed_title"]) $line["feed_title"] = "All feeds";
	
				if (!$edit_filter_id || $subop != "edit") {
	
					if (!$line["description"]) $line["description"] = "[No description]";
	
					print "<td><input onclick='toggleSelectRow(this);' 
					type=\"checkbox\" id=\"FICHK-".$line["id"]."\"></td>";
	
					print "<td><a href=\"javascript:editFilter($filter_id);\">" . 
						$line["reg_exp"] . "</td>";		
	
					print "<td><a href=\"javascript:editFilter($filter_id);\">" . 
						$line["feed_title"] . "</td>";			
	
					print "<td><a href=\"javascript:editFilter($filter_id);\">" . 
						$line["filter_type_descr"] . "</td>";		
						
					print "<td><a href=\"javascript:editFilter($filter_id);\">" . 
						$line["description"] . "</td>";			
	
				} else if ($filter_id != $edit_filter_id) {
	
					if (!$line["description"]) $line["description"] = "[No description]";
	
					print "<td><input disabled=\"true\" type=\"checkbox\" 
						id=\"FICHK-".$line["id"]."\"></td>";
	
					print "<td>".$line["reg_exp"]."</td>";		
					print "<td>".$line["feed_title"]."</td>";
					print "<td>".$line["filter_type_descr"]."</td>";
					print "<td>".$line["description"]."</td>";		
	
				} else {
	
					print "<td><input disabled=\"true\" type=\"checkbox\" checked></td>";
	
					print "<td><input id=\"iedit_regexp\" value=\"".$line["reg_exp"].
						"\"></td>";
	
					print "<td>";
	
					print "<select id=\"iedit_feed\">";
	
					print "<option id=\"0\">All feeds</option>";
	
					if (db_num_rows($result) > 0) {
						print "<option disabled>--------</option>";
					}
	
					$tmp_result = db_query($link, "SELECT id,title FROM ttrss_feeds
						WHERE owner_uid = ".$_SESSION["uid"]." ORDER BY title");
	
					while ($tmp_line = db_fetch_assoc($tmp_result)) {
						if ($tmp_line["id"] == $line["feed_id"]) {
							$is_selected = "selected";
						} else {
							$is_selected = "";
						}
						printf("<option $is_selected id='%d'>%s</option>", 
							$tmp_line["id"], $tmp_line["title"]);
					}
	
					print "</select></td>";
	
					print "<td>";
					print_select("iedit_match", $line["filter_type_descr"], $filter_types);
					print "</td>";
	
					print "<td><input id=\"iedit_descr\" value=\"".$line["description"].
						"\"></td>";
	
					print "</td>";
				}
				
				print "</tr>";
	
				++$lnum;
			}
	
			if ($lnum == 0) {
				print "<tr><td colspan=\"4\" align=\"center\">No filters defined.</td></tr>";
			}
	
			print "</table>";
	
			print "<p>";
	
			if ($subop == "edit") {
				print "Edit feed:
					<input type=\"submit\" class=\"button\" 
						onclick=\"javascript:filterEditCancel()\" value=\"Cancel\">
					<input type=\"submit\" class=\"button\" 
						onclick=\"javascript:filterEditSave()\" value=\"Save\">";
						
			} else {
	
				print "
					Selection:
				<input type=\"submit\" class=\"button\" 
					onclick=\"javascript:editSelectedFilter()\" value=\"Edit\">
				<input type=\"submit\" class=\"button\" 
					onclick=\"javascript:removeSelectedFilters()\" value=\"Remove\">";
			}

		} else {

			print "<p>No filters defined.</p>";

		}
	}

	if ($op == "pref-labels") {

		$subop = $_GET["subop"];

		if ($subop == "test") {

			$expr = $_GET["expr"];
			$descr = $_GET["descr"];

			print "<div class='infoBoxContents'>";
		
			print "<h1>Label &laquo;$descr&raquo;</h1>";

//			print "<p><b>Expression</b>: $expr</p>";

			$result = db_query($link, 
				"SELECT count(id) AS num_matches
					FROM ttrss_entries,ttrss_user_entries
					WHERE ($expr) AND 
						ttrss_user_entries.ref_id = ttrss_entries.id AND
						owner_uid = " . $_SESSION["uid"]);

			$num_matches = db_fetch_result($result, 0, "num_matches");;
			
			if ($num_matches > 0) { 

				print "<p>Query returned <b>$num_matches</b> matches, first 5:</p>";

				$result = db_query($link, 
					"SELECT title, 
						(SELECT title FROM ttrss_feeds WHERE id = feed_id) AS feed_title
					FROM ttrss_entries,ttrss_user_entries
							WHERE ($expr) AND 
							ttrss_user_entries.ref_id = ttrss_entries.id
							AND owner_uid = " . $_SESSION["uid"] . " 
							ORDER BY date_entered DESC LIMIT 5");

				print "<ul class=\"nomarks\">";
				while ($line = db_fetch_assoc($result)) {
					print "<li>".$line["title"].
						" <span class=\"insensitive\">(".$line["feed_title"].")</span></li>";
				}
				print "</ul>";

			} else {
				print "<p>Query didn't return any matches.</p>";
			}

			print "</div>";

			print "<div align='center'>
				<input type='submit' class='button'			
				onclick=\"closeInfoBox()\" value=\"Close this window\"></div>";
			return;
		}

		if ($subop == "editSave") {

			$sql_exp = $_GET["s"];
			$descr = $_GET["d"];
			$label_id = db_escape_string($_GET["id"]);
			
//			print "$sql_exp : $descr : $label_id";
			
			$result = db_query($link, "UPDATE ttrss_labels SET 
				sql_exp = '$sql_exp', 
				description = '$descr'
				WHERE id = '$label_id'");
		}

		if ($subop == "remove") {

			if (!WEB_DEMO_MODE) {

				$ids = split(",", $_GET["ids"]);

				foreach ($ids as $id) {
					db_query($link, "DELETE FROM ttrss_labels WHERE id = '$id'");
					
				}
			}
		}

		if ($subop == "add") {
		
			if (!WEB_DEMO_MODE) {

				// no escaping is done here on purpose
				$exp = trim($_GET["exp"]);
					
				$result = db_query($link,
					"INSERT INTO ttrss_labels (sql_exp,description,owner_uid) 
						VALUES ('$exp', '$exp', '".$_SESSION["uid"]."')");
			} 
		}

		print "<div class=\"prefGenericAddBox\">
			<input size=\"40\" id=\"ladd_expr\">&nbsp;";
			
		print"<input type=\"submit\" class=\"button\" 
			onclick=\"javascript:addLabel()\" value=\"Add label\"></div>";

		$result = db_query($link, "SELECT 
				id,sql_exp,description
			FROM 
				ttrss_labels 
			WHERE 
				owner_uid = ".$_SESSION["uid"]."
			ORDER by description");

		print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>";

		if (db_num_rows($result) != 0) {

			print "<p><table width=\"100%\" class=\"prefLabelList\" id=\"prefLabelList\">";
	
			print "<tr class=\"title\">
						<td width=\"5%\">Select</td><td width=\"40%\">SQL expression
						<a class=\"helpLink\" href=\"javascript:popupHelp(1)\">(?)</a>
						</td>
						<td width=\"40%\">Caption</td></tr>";
			
			$lnum = 0;
			
			while ($line = db_fetch_assoc($result)) {
	
				$class = ($lnum % 2) ? "even" : "odd";
	
				$label_id = $line["id"];
				$edit_label_id = $_GET["id"];
	
				if ($subop == "edit" && $label_id != $edit_label_id) {
					$class .= "Grayed";
				}
	
				print "<tr class=\"$class\" id=\"LILRR-$label_id\">";
	
				$line["sql_exp"] = htmlspecialchars($line["sql_exp"]);
				$line["description"] = htmlspecialchars($line["description"]);
	
				if (!$edit_label_id || $subop != "edit") {
	
					if (!$line["description"]) $line["description"] = "[No caption]";
	
					print "<td><input onclick='toggleSelectRow(this);' 
					type=\"checkbox\" id=\"LICHK-".$line["id"]."\"></td>";
	
					print "<td><a href=\"javascript:editLabel($label_id);\">" . 
						$line["sql_exp"] . "</td>";		
						
					print "<td><a href=\"javascript:editLabel($label_id);\">" . 
						$line["description"] . "</td>";			
	
				} else if ($label_id != $edit_label_id) {
	
					if (!$line["description"]) $line["description"] = "[No description]";
	
					print "<td><input disabled=\"true\" type=\"checkbox\" 
						id=\"LICHK-".$line["id"]."\"></td>";
	
					print "<td>".$line["sql_exp"]."</td>";		
					print "<td>".$line["description"]."</td>";		
	
				} else {
	
					print "<td><input disabled=\"true\" type=\"checkbox\" checked></td>";
	
					print "<td><input id=\"iedit_expr\" value=\"".$line["sql_exp"].
						"\"></td>";
	
					print "<td><input id=\"iedit_descr\" value=\"".$line["description"].
						"\"></td>";
							
				}
					
				
				print "</tr>";
	
				++$lnum;
			}
	
			if ($lnum == 0) {
				print "<tr><td colspan=\"4\" align=\"center\">No labels defined.</td></tr>";
			}
	
			print "</table>";
	
			print "<p>";
	
			if ($subop == "edit") {
				print "Edit label:
					<input type=\"submit\" class=\"button\" 
						onclick=\"javascript:labelTest()\" value=\"Test\">
					<input type=\"submit\" class=\"button\" 
						onclick=\"javascript:labelEditCancel()\" value=\"Cancel\">
					<input type=\"submit\" class=\"button\" 
						onclick=\"javascript:labelEditSave()\" value=\"Save\">";
						
			} else {
	
				print "
					Selection:
				<input type=\"submit\" class=\"button\" 
					onclick=\"javascript:editSelectedLabel()\" value=\"Edit\">
				<input type=\"submit\" class=\"button\" 
					onclick=\"javascript:removeSelectedLabels()\" value=\"Remove\">";
			}
		} else {
			print "<p>No labels defined.</p>";
		}
	}

	if ($op == "error") {
		print "<div width=\"100%\" align='center'>";
		$msg = $_GET["msg"];
		print $msg;
		print "</div>";
	}

	if ($op == "help") {
		print "<html><head>
			<title>Tiny Tiny RSS : Help</title>
			<link rel=\"stylesheet\" href=\"tt-rss.css\" type=\"text/css\">
			<script type=\"text/javascript\" src=\"functions.js\"></script>
			<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">
			</head><body>";

		$tid = sprintf("%d", $_GET["tid"]);

		/* FIXME this badly needs real implementation */

		print "<div class='helpResponse'>";

		?>

		<h1>Help for SQL expressions</h1>

		<h2>Description</h2>

		<p>The &laquo;SQL expression&raquo; is added to WHERE clause of
			view feed query. You can match on ttrss_entries table fields
			and even use subselect to query additional information. This 
			functionality is considered to be advanced and requires basic
			understanding of SQL.</p>
			
		<h2>Examples</h2>

		<pre>unread = true</pre>

		Matches all unread articles

		<pre>title like '%Linux%'</pre>

		Matches all articles which mention Linux in the title. You get the idea.

		<p>See the database schema included in the distribution package for gruesome
		details.</p>

		<?

		print "<div align='center'>
			<a class=\"helpLink\"
			href=\"javascript:window.close()\">(Close this window)</a></div>";

		print "</div>";

		print "</body></html>";

	}

	if ($op == "dlg") {
		$id = $_GET["id"];
		$param = $_GET["param"];

		if ($id == "quickAddFeed") {
			print "Feed URL: <input 
			onblur=\"javascript:enableHotkeys()\" onfocus=\"javascript:disableHotkeys()\"
			id=\"qafInput\">
			<input class=\"button\"
				type=\"submit\" onclick=\"javascript:qafAdd()\" value=\"Add feed\">
			<input class=\"button\"
				type=\"submit\" onclick=\"javascript:closeDlg()\" 
				value=\"Cancel\">";
		}

		if ($id == "quickDelFeed") {

			$param = db_escape_string($param);

			$result = db_query($link, "SELECT title FROM ttrss_feeds WHERE id = '$param'");

			if ($result) {

				$f_title = db_fetch_result($result, 0, "title");
		
				print "Remove current feed ($f_title)?&nbsp;
				<input class=\"button\"
					type=\"submit\" onclick=\"javascript:qfdDelete($param)\" value=\"Remove\">
				<input class=\"button\"
					type=\"submit\" onclick=\"javascript:closeDlg()\" 
					value=\"Cancel\">";
			} else {
				print "Error: Feed $param not found.&nbsp;
				<input class=\"button\"
					type=\"submit\" onclick=\"javascript:closeDlg()\" 
					value=\"Cancel\">";		
			}
		}

		if ($id == "search") {

			print "<input id=\"searchbox\" class=\"extSearch\"			
			onblur=\"javascript:enableHotkeys()\" onfocus=\"javascript:disableHotkeys()\"
			onchange=\"javascript:search()\">
			<select id=\"searchmodebox\">
				<option selected>All feeds</option>
				<option>This feed</option>
			</select>		
			<input type=\"submit\" 
				class=\"button\" onclick=\"javascript:search()\" value=\"Search\">
			<input class=\"button\"
				type=\"submit\" onclick=\"javascript:closeDlg()\" 
				value=\"Close\">";

		}

	}

	// update feeds of all users, may be used anonymously
	if ($op == "globalUpdateFeeds") {

		$result = db_query($link, "SELECT id FROM ttrss_users");

		while ($line = db_fetch_assoc($result)) {
			$user_id = $line["id"];
//			print "<!-- updating feeds of uid $user_id -->";
			update_all_feeds($link, false, $user_id);
		}

		print "<rpc-reply>
			<message msg=\"All feeds updated\"/>
		</rpc-reply>";

	}

	if ($op == "pref-prefs") {

		$subop = $_REQUEST["subop"];

		if ($subop == "Save configuration") {

			if (WEB_DEMO_MODE) {
				header("Location: prefs.php");
				return;
			}

			$_SESSION["prefs_op_result"] = "save-config";

			foreach (array_keys($_POST) as $pref_name) {
			
				$pref_name = db_escape_string($pref_name);
				$value = db_escape_string($_POST[$pref_name]);

				$result = db_query($link, "SELECT type_name 
					FROM ttrss_prefs,ttrss_prefs_types 
					WHERE pref_name = '$pref_name' AND type_id = ttrss_prefs_types.id");

				if (db_num_rows($result) > 0) {

					$type_name = db_fetch_result($result, 0, "type_name");

//					print "$pref_name : $type_name : $value<br>";

					if ($type_name == "bool") {
						if ($value == "1") {
							$value = "true";
						} else {
							$value = "false";
						}
					} else if ($type_name == "integer") {
						$value = sprintf("%d", $value);
					}

//					print "$pref_name : $type_name : $value<br>";

					db_query($link, "UPDATE ttrss_user_prefs SET value = '$value' 
						WHERE pref_name = '$pref_name' AND owner_uid = ".$_SESSION["uid"]);

				}

				header("Location: prefs.php");

			}

		} else if ($subop == "getHelp") {

			$pref_name = db_escape_string($_GET["pn"]);

			$result = db_query($link, "SELECT help_text FROM ttrss_prefs
				WHERE pref_name = '$pref_name'");

			if (db_num_rows($result) > 0) {
				$help_text = db_fetch_result($result, 0, "help_text");
				print $help_text;
			} else {
				print "Unknown option: $pref_name";
			}

		} else if ($subop == "Change password") {

			if (WEB_DEMO_MODE) {
				header("Location: prefs.php");
				return;
			}

			$old_pw = $_POST["OLD_PASSWORD"];
			$new_pw = $_POST["OLD_PASSWORD"];

			$old_pw_hash = 'SHA1:' . sha1($_POST["OLD_PASSWORD"]);
			$new_pw_hash = 'SHA1:' . sha1($_POST["NEW_PASSWORD"]);

			$active_uid = $_SESSION["uid"];

			if ($old_pw && $new_pw) {

				$login = db_escape_string($_SERVER['PHP_AUTH_USER']);

				$result = db_query($link, "SELECT id FROM ttrss_users WHERE 
					id = '$active_uid' AND (pwd_hash = '$old_pw' OR 
						pwd_hash = '$old_pw_hash')");

				if (db_num_rows($result) == 1) {
					db_query($link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash' 
						WHERE id = '$active_uid'");				

					$_SESSION["pwd_change_result"] = "ok";
				} else {
					$_SESSION["pwd_change_result"] = "failed";					
				}
			}

			header("Location: prefs.php");

		} else if ($subop == "Reset to defaults") {

			if (WEB_DEMO_MODE) {
				header("Location: prefs.php");
				return;
			}

			$_SESSION["prefs_op_result"] = "reset-to-defaults";

			if (DB_TYPE == "pgsql") {
				db_query($link,"UPDATE ttrss_user_prefs 
					SET value = ttrss_prefs.def_value 
					WHERE owner_uid = '".$_SESSION["uid"]."' AND
					ttrss_prefs.pref_name = ttrss_user_prefs.pref_name");
			} else {
				db_query($link, "DELETE FROM ttrss_user_prefs 
					WHERE owner_uid = ".$_SESSION["uid"]);
				initialize_user_prefs($link, $_SESSION["uid"]);
			}

			header("Location: prefs.php");

		} else {

			if (!SINGLE_USER_MODE) {

				$result = db_query($link, "SELECT id FROM ttrss_users
					WHERE id = ".$_SESSION["uid"]." AND (pwd_hash = 'password' OR
						pwd_hash = 'SHA1:".sha1("password")."')");

				if (db_num_rows($result) != 0) {
					print "<div class=\"warning\"> 
						Your password is at default value, please change it.
					</div>";
				}

				if ($_SESSION["pwd_change_result"] == "failed") {
					print "<div class=\"warning\"> 
							There was an error while changing your password.
						</div>";
				}

				if ($_SESSION["pwd_change_result"] == "ok") {
					print "<div class=\"notice\"> 
							Password changed successfully.
						</div>";
				}

				$_SESSION["pwd_change_result"] = "";

				if ($_SESSION["prefs_op_result"] == "reset-to-defaults") {
					print "<div class=\"notice\"> 
							Your configuration was reset to defaults.
						</div>";
				}

				if ($_SESSION["prefs_op_result"] == "save-config") {
					print "<div class=\"notice\"> 
							Your configuration was saved successfully.
						</div>";
				}

				$_SESSION["prefs_op_result"] = "";

				print "<form action=\"backend.php\" method=\"POST\">";
	
				print "<table width=\"100%\" class=\"prefPrefsList\">";
	 			print "<tr><td colspan='3'><h3>Authentication</h3></tr></td>";
	
				print "<tr><td width=\"40%\">Old password</td>";
				print "<td><input class=\"editbox\" type=\"password\"
					name=\"OLD_PASSWORD\"></td></tr>";
	
				print "<tr><td width=\"40%\">New password</td>";
				
				print "<td><input class=\"editbox\" type=\"password\"
					name=\"NEW_PASSWORD\"></td></tr>";
	
				print "</table>";
	
				print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">";
	
				print "<p><input class=\"button\" type=\"submit\" 
					value=\"Change password\" name=\"subop\">";
	
				print "</form>";

			}

			$result = db_query($link, "SELECT 
				ttrss_user_prefs.pref_name,short_desc,help_text,value,type_name,
				section_name,def_value
				FROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs
				WHERE type_id = ttrss_prefs_types.id AND 
					section_id = ttrss_prefs_sections.id AND
					ttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND
					owner_uid = ".$_SESSION["uid"]."
				ORDER BY section_id,short_desc");

			print "<form action=\"backend.php\" method=\"POST\">";

			$lnum = 0;

			$active_section = "";
	
			while ($line = db_fetch_assoc($result)) {

				if ($active_section != $line["section_name"]) {

					if ($active_section != "") {
						print "</table>";
					}

					print "<p><table width=\"100%\" class=\"prefPrefsList\">";
				
					$active_section = $line["section_name"];				
					
					print "<tr><td colspan=\"3\"><h3>$active_section</h3></td></tr>";
//					print "<tr class=\"title\">
//						<td width=\"25%\">Option</td><td>Value</td></tr>";

					$lnum = 0;
				}

//				$class = ($lnum % 2) ? "even" : "odd";

				print "<tr>";

				$type_name = $line["type_name"];
				$pref_name = $line["pref_name"];
				$value = $line["value"];
				$def_value = $line["def_value"];
				$help_text = $line["help_text"];

				print "<td width=\"40%\" id=\"$pref_name\">" . $line["short_desc"];

				if ($help_text) print "<div class=\"prefHelp\">$help_text</div>";
				
				print "</td>";

				print "<td>";

				if ($type_name == "bool") {
//					print_select($pref_name, $value, array("true", "false"));

					if ($value == "true") {
						$value = "Yes";
					} else {
						$value = "No";
					}

					print_radio($pref_name, $value, array("Yes", "No"));
			
				} else {
					print "<input class=\"editbox\" name=\"$pref_name\" value=\"$value\">";
				}

				print "</td>";

				print "</tr>";

				$lnum++;
			}

			print "</table>";

			print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">";

			print "<p><input class=\"button\" type=\"submit\" 
				name=\"subop\" value=\"Save configuration\">";
				
			print "&nbsp;<input class=\"button\" type=\"submit\" 
				name=\"subop\" value=\"Reset to defaults\"></p>";

			print "</form>";

		}

	}

	if ($op == "pref-users") {

		$subop = $_GET["subop"];

		if ($subop == "editSave") {
	
			if (!WEB_DEMO_MODE) {

				$login = db_escape_string($_GET["l"]);
				$uid = db_escape_string($_GET["id"]);
				$access_level = sprintf("%d", $_GET["al"]);

				db_query($link, "UPDATE ttrss_users SET login = '$login', access_level = '$access_level' WHERE id = '$uid'");

			}
		} else if ($subop == "remove") {

			if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {

				$ids = split(",", $_GET["ids"]);

				foreach ($ids as $id) {
					db_query($link, "DELETE FROM ttrss_users WHERE id = '$id' AND id != " . $_SESSION["uid"]);
					
				}
			}
		} else if ($subop == "add") {
		
			if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {

				$login = db_escape_string(trim($_GET["login"]));
				$tmp_user_pwd = make_password(8);
				$pwd_hash = 'SHA1:' . sha1($tmp_user_pwd);

				db_query($link, "INSERT INTO ttrss_users (login,pwd_hash,access_level)
					VALUES ('$login', '$pwd_hash', 0)");


				$result = db_query($link, "SELECT id FROM ttrss_users WHERE 
					login = '$login' AND pwd_hash = '$pwd_hash'");

				if (db_num_rows($result) == 1) {

					$new_uid = db_fetch_result($result, 0, "id");

					print "<div class=\"notice\">Added user <b>".$_GET["login"].
						"</b> with password <b>$tmp_user_pwd</b>.</div>";

					initialize_user($link, $new_uid);

				} else {
				
					print "<div class=\"warning\">Error while adding user <b>".
					$_GET["login"].".</b></div>";

				}
			} 
		} else if ($subop == "resetPass") {

			if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {

				$uid = db_escape_string($_GET["id"]);

				$result = db_query($link, "SELECT login FROM ttrss_users WHERE id = '$uid'");

				$login = db_fetch_result($result, 0, "login");
				$tmp_user_pwd = make_password(8);
				$pwd_hash = 'SHA1:' . sha1($tmp_user_pwd);

				db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash'
					WHERE id = '$uid'");

				print "<div class=\"notice\">Changed password of 
					user <b>$login</b> to <b>$tmp_user_pwd</b>.</div>";				

			}
		}

		print "<div class=\"prefGenericAddBox\">
			<input id=\"uadd_box\" size=\"40\">&nbsp;";
			
		print"<input type=\"submit\" class=\"button\" 
			onclick=\"javascript:addUser()\" value=\"Add user\"></div>";

		$result = db_query($link, "SELECT 
				id,login,access_level,
				SUBSTRING(last_login,1,16) as last_login
			FROM 
				ttrss_users
			ORDER by login");

		print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>";

		print "<p><table width=\"100%\" class=\"prefUserList\" id=\"prefUserList\">";

		print "<tr class=\"title\">
					<td width=\"5%\">Select</td>
					<td width='30%'>Username</td>
					<td width='30%'>Access Level</td>
					<td width='30%'>Last login</td></tr>";
		
		$lnum = 0;
		
		while ($line = db_fetch_assoc($result)) {

			$class = ($lnum % 2) ? "even" : "odd";

			$uid = $line["id"];
			$edit_uid = $_GET["id"];

			if ($uid == $_SESSION["uid"] || ($subop == "edit" && $uid != $edit_uid)) {
				$class .= "Grayed";
			}
		
			print "<tr class=\"$class\" id=\"UMRR-$uid\">";

			$line["login"] = htmlspecialchars($line["login"]);

			if ($uid == $_SESSION["uid"]) {

				print "<td><input disabled=\"true\" type=\"checkbox\" 
					id=\"UMCHK-".$line["id"]."\"></td>";

				print "<td>".$line["login"]."</td>";		
				print "<td>".$line["access_level"]."</td>";		

			} else if (!$edit_uid || $subop != "edit") {

				print "<td><input onclick='toggleSelectRow(this);' 
				type=\"checkbox\" id=\"UMCHK-$uid\"></td>";

				print "<td><a href=\"javascript:editUser($uid);\">" . 
					$line["login"] . "</td>";		
					
				print "<td><a href=\"javascript:editUser($uid);\">" . 
					$line["access_level"] . "</td>";			

			} else if ($uid != $edit_uid) {

				print "<td><input disabled=\"true\" type=\"checkbox\" 
					id=\"UMCHK-".$line["id"]."\"></td>";

				print "<td>".$line["login"]."</td>";		
				print "<td>".$line["access_level"]."</td>";		

			} else {

				print "<td><input disabled=\"true\" type=\"checkbox\" checked></td>";

				print "<td><input id=\"iedit_ulogin\" value=\"".$line["login"].
					"\"></td>";

				print "<td><input id=\"iedit_ulevel\" value=\"".$line["access_level"].
					"\"></td>";
						
			}
				
			print "<td>".$line["last_login"]."</td>";		
		
			print "</tr>";

			++$lnum;
		}

		print "</table>";

		print "<p>";

		if ($subop == "edit") {
			print "Edit label:
				<input type=\"submit\" class=\"button\" 
					onclick=\"javascript:userEditCancel()\" value=\"Cancel\">
				<input type=\"submit\" class=\"button\" 
					onclick=\"javascript:userEditSave()\" value=\"Save\">";
					
		} else {

			print "
				Selection:
			<input type=\"submit\" class=\"button\" 
				onclick=\"javascript:selectedUserDetails()\" value=\"User details\">
			<input type=\"submit\" class=\"button\" 
				onclick=\"javascript:editSelectedUser()\" value=\"Edit\">
			<input type=\"submit\" class=\"button\" 
				onclick=\"javascript:removeSelectedUsers()\" value=\"Remove\">
			<input type=\"submit\" class=\"button\" 
				onclick=\"javascript:resetSelectedUserPass()\" value=\"Reset password\">";

		}
	}

	if ($op == "user-details") {

		if (WEB_DEMO_MODE || $_SESSION["access_level"] < 10) {
			return;
		}
			  
/*		print "<html><head>
			<title>Tiny Tiny RSS : User Details</title>
			<link rel=\"stylesheet\" href=\"tt-rss.css\" type=\"text/css\">
			<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">
			</head><body>"; */

		$uid = sprintf("%d", $_GET["id"]);

		print "<div class='infoBoxContents'>";

		$result = db_query($link, "SELECT login,
			SUBSTRING(last_login,1,16) AS last_login,
			access_level,
			(SELECT COUNT(int_id) FROM ttrss_user_entries 
				WHERE owner_uid = id) AS stored_articles
			FROM ttrss_users 
			WHERE id = '$uid'");
			
		if (db_num_rows($result) == 0) {
			print "<h1>User not found</h1>";
			return;
		}
		
		print "<h1>User Details</h1>";

		print "<table width='100%'>";

		$login = db_fetch_result($result, 0, "login");
		$last_login = db_fetch_result($result, 0, "last_login");
		$access_level = db_fetch_result($result, 0, "access_level");
		$stored_articles = db_fetch_result($result, 0, "stored_articles");

		print "<tr><td>Username</td><td>$login</td></tr>";
		print "<tr><td>Access level</td><td>$access_level</td></tr>";
		print "<tr><td>Last logged in</td><td>$last_login</td></tr>";
		print "<tr><td>Stored articles</td><td>$stored_articles</td></tr>";

		$result = db_query($link, "SELECT COUNT(id) as num_feeds FROM ttrss_feeds
			WHERE owner_uid = '$uid'");

		$num_feeds = db_fetch_result($result, 0, "num_feeds");

		print "<tr><td>Subscribed feeds count</td><td>$num_feeds</td></tr>";

/*		$result = db_query($link, "SELECT 
			SUM(LENGTH(content)+LENGTH(title)+LENGTH(link)+LENGTH(guid)) AS db_size 
			FROM ttrss_user_entries,ttrss_entries 
				WHERE owner_uid = '$uid' AND ref_id = id");

		$db_size = round(db_fetch_result($result, 0, "db_size") / 1024);

		print "<tr><td>Approx. used DB size</td><td>$db_size KBytes</td></tr>";  */

		print "</table>";

		print "<h1>Subscribed feeds</h1>";

		$result = db_query($link, "SELECT id,title,feed_url FROM ttrss_feeds
			WHERE owner_uid = '$uid' ORDER BY title");

		print "<ul class=\"nomarks\">";

		while ($line = db_fetch_assoc($result)) {

			$icon_file = ICONS_URL."/".$line["id"].".ico";

			if (file_exists($icon_file) && filesize($icon_file) > 0) {
				$feed_icon = "<img class=\"tinyFeedIcon\" src=\"$icon_file\">";
			} else {
				$feed_icon = "<img class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\">";
			}

			print "<li>$feed_icon&nbsp;<a href=\"".$line["feed_url"]."\">".$line["title"]."</a></li>";
		}

		print "</ul>";

		print "</div>";

		print "<div align='center'>
			<input type='submit' class='button'			
			onclick=\"closeInfoBox()\" value=\"Close this window\"></div>";

//		print "</body></html>"; 

	}

	if ($op == "feed-details") {

		$feed_id = $_GET["id"];

		$result = db_query($link, 
			"SELECT 
				title,feed_url,last_updated,icon_url,site_url,
				(SELECT COUNT(int_id) FROM ttrss_user_entries 
					WHERE feed_id = id) AS total,
				(SELECT COUNT(int_id) FROM ttrss_user_entries 
					WHERE feed_id = id AND unread = true) AS unread,
				(SELECT COUNT(int_id) FROM ttrss_user_entries 
					WHERE feed_id = id AND marked = true) AS marked
			FROM ttrss_feeds
			WHERE id = '$feed_id' AND owner_uid = ".$_SESSION["uid"]);

		if (db_num_rows($result) == 0) return;

		$title = db_fetch_result($result, 0, "title");
		$last_updated = db_fetch_result($result, 0, "last_updated");
		$feed_url = db_fetch_result($result, 0, "feed_url");
		$icon_url = db_fetch_result($result, 0, "icon_url");
		$total = db_fetch_result($result, 0, "total");
		$unread = db_fetch_result($result, 0, "unread");
		$marked = db_fetch_result($result, 0, "marked");
		$site_url = db_fetch_result($result, 0, "site_url");

		$result = db_query($link, "SELECT COUNT(id) AS subscribed
					FROM ttrss_feeds WHERE feed_url = '$feed_url'");

		$subscribed = db_fetch_result($result, 0, "subscribed");

		print "<div class=\"infoBoxContents\">";

		$icon_file = ICONS_DIR . "/$feed_id.ico";

		if (file_exists($icon_file) && filesize($icon_file) > 0) {
				$feed_icon = "<img width=\"16\" height=\"16\"
					src=\"" . ICONS_URL . "/$feed_id.ico\">";
		} else {
			$feed_icon = "";
		}

		print "<h1>$feed_icon $title</h1>";

		print "<table width='100%'>";

		if ($site_url) {
			print "<tr><td width='30%'>Link</td>
				<td><a href=\"$site_url\">$site_url</a>
				<a href=\"$feed_url\">(feed)</a></td>
				</td></tr>";
		} else {
			print "<tr><td width='30%'>Feed URL</td>
				<td><a href=\"$feed_url\">$feed_url</a></td></tr>";
		}
		print "<tr><td>Last updated</td><td>$last_updated</td></tr>";
		print "<tr><td>Total articles</td><td>$total</td></tr>";
		print "<tr><td>Unread articles</td><td>$unread</td></tr>";
		print "<tr><td>Starred articles</td><td>$marked</td></tr>";
		print "<tr><td>Subscribed users</td><td>$subscribed</td></tr>";

		print "</table>";

		$result = db_query($link, "SELECT title,
			SUBSTRING(updated,1,16) AS updated,unread
			FROM ttrss_entries,ttrss_user_entries
			WHERE ref_id = id AND feed_id = '$feed_id' 
			ORDER BY date_entered DESC LIMIT 5");

		if (db_num_rows($result) > 0) {

			print "<h1>Latest headlines</h1>";

			print "<ul class=\"nomarks\">";
	
			while ($line = db_fetch_assoc($result)) {
				if ($line["unread"] == "t" || $line["unread"] == "1") {
					$line["title"] = "<b>" . $line["title"] . "</b>";
				}				
				print "<li>" . $line["title"].
				"&nbsp;<span class=\"insensitive\">(" .$line["updated"].")</span></li>";
			}
	
			print "</ul>";
	
			print "</div>";
	
			print "<div align='center'>
				<input type='submit' class='button'			
				onclick=\"closeInfoBox()\" value=\"Close this window\"></div>";
		}
	}

	db_close($link);
?>

<!-- <?= sprintf("Backend execution time: %.4f seconds", getmicrotime() - $script_started) ?> -->