]> git.wh0rd.org - tt-rss.git/blame - modules/backend-rpc.php
git.wh0rd.org / tt-rss.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
get_article_filters: silence preg_match() warnings on incorrect user input
[tt-rss.git] / modules / backend-rpc.php
CommitLineData
1d3a17c7 1<?php
01b3e191
AD		 2 function handle_rpc_request($link) {
3
b4e75b2a 4 $subop = $_REQUEST["subop"];
01b3e191 5
d9084cf2
AD		 6 if ($subop == "setprofile") {
7 $id = db_escape_string($_REQUEST["id"]);
8
9 $_SESSION["profile"] = $id;
10 $_SESSION["prefs_cache"] = array();
11 return;
12 }
13
14 if ($subop == "remprofiles") {
15 $ids = split(",", db_escape_string(trim($_REQUEST["ids"])));
16
17 foreach ($ids as $id) {
18 if ($_SESSION["profile"] != $id) {
19 db_query($link, "DELETE FROM ttrss_settings_profiles WHERE id = '$id' AND
20 owner_uid = " . $_SESSION["uid"]);
21 }
22 }
23 return;
24 }
25
26 if ($subop == "addprofile") {
27 $title = db_escape_string(trim($_REQUEST["title"]));
28 if ($title) {
29 db_query($link, "BEGIN");
30
31 $result = db_query($link, "SELECT id FROM ttrss_settings_profiles
32 WHERE title = '$title' AND owner_uid = " . $_SESSION["uid"]);
33
34 if (db_num_rows($result) == 0) {
35
36 db_query($link, "INSERT INTO ttrss_settings_profiles (title, owner_uid)
37 VALUES ('$title', ".$_SESSION["uid"] .")");
38
39 $result = db_query($link, "SELECT id FROM ttrss_settings_profiles WHERE
40 title = '$title'");
41
42 if (db_num_rows($result) != 0) {
43 $profile_id = db_fetch_result($result, 0, "id");
44
45 if ($profile_id) {
46 initialize_user_prefs($link, $_SESSION["uid"], $profile_id);
47 }
48 }
49 }
50
51 db_query($link, "COMMIT");
52 }
53 return;
54 }
55
56 if ($subop == "saveprofile") {
57 $id = db_escape_string($_REQUEST["id"]);
58 $title = db_escape_string(trim($_REQUEST["value"]));
59
60 if ($id == 0) {
61 print __("Default profile");
62 return;
63 }
64
65 if ($title) {
66 db_query($link, "BEGIN");
67
68 $result = db_query($link, "SELECT id FROM ttrss_settings_profiles
69 WHERE title = '$title' AND owner_uid =" . $_SESSION["uid"]);
70
71 if (db_num_rows($result) == 0) {
72 db_query($link, "UPDATE ttrss_settings_profiles
73 SET title = '$title' WHERE id = '$id' AND
74 owner_uid = " . $_SESSION["uid"]);
75 print $title;
76 } else {
77 $result = db_query($link, "SELECT title FROM ttrss_settings_profiles
78 WHERE id = '$id' AND owner_uid =" . $_SESSION["uid"]);
79 print db_fetch_result($result, 0, "title");
80 }
81
82 db_query($link, "COMMIT");
83 }
84 return;
85 }
86
ef88b1cc
AD		 87 if ($subop == "remarchive") {
88 $ids = split(",", db_escape_string($_REQUEST["ids"]));
89
90 print "<rpc-reply>";
91
92 foreach ($ids as $id) {
93 $result = db_query($link, "DELETE FROM ttrss_archived_feeds WHERE
94 (SELECT COUNT(*) FROM ttrss_user_entries
95 WHERE orig_feed_id = '$id') = 0 AND
96 id = '$id' AND owner_uid = ".$_SESSION["uid"]);
97
98 $rc = db_affected_rows($link, $result);
99
100 print "<feed id='$id' rc='$rc'/>";
101
102 }
103
104 print "</rpc-reply>";
105
106 return;
107 }
108
a5819bb3
AD		 109 if ($subop == "addfeed") {
110
111 $feed = db_escape_string($_REQUEST['feed']);
112 $cat = db_escape_string($_REQUEST['cat']);
113 $login = db_escape_string($_REQUEST['login']);
114 $pass = db_escape_string($_REQUEST['pass']);
115
116 $rc = subscribe_to_feed($link, $feed, $cat, $login, $pass);
117
118 print "<rpc-reply>";
119 print "<result code='$rc'/>";
120 print "</rpc-reply>";
121
122 return;
123
124 }
125
f0266f51
CW		 126 if ($subop == "extractfeedurls") {
127 print "<rpc-reply>";
128
129 $urls = get_feeds_from_html($_REQUEST['url']);
130 print "<urls><![CDATA[" . json_encode($urls) . "]]></urls>";
131
132 print "</rpc-reply>";
133 return;
134 }
135
8a3e0b1a
AD		 136 if ($subop == "togglepref") {
137 print "<rpc-reply>";
138
139 $key = db_escape_string($_REQUEST["key"]);
140
141 set_pref($link, $key, !get_pref($link, $key));
142
143 $value = get_pref($link, $key);
01b3e191 144
8a3e0b1a
AD		 145 print "<param-set key=\"$key\" value=\"$value\"/>";
146
147 print "</rpc-reply>";
148
149 return;
150 }
151
152 if ($subop == "setpref") {
01b3e191
AD		 153 print "<rpc-reply>";
154
b4e75b2a
AD		 155 $key = db_escape_string($_REQUEST["key"]);
156 $value = db_escape_string($_REQUEST["value"]);
01b3e191
AD		 157
158 set_pref($link, $key, $value);
159
160 print "<param-set key=\"$key\" value=\"$value\"/>";
161
162 print "</rpc-reply>";
163
85bd574b 164 return;
01b3e191
AD		 165 }
166
01b3e191 167 if ($subop == "mark") {
b4e75b2a
AD		 168 $mark = $_REQUEST["mark"];
169 $id = db_escape_string($_REQUEST["id"]);
01b3e191
AD		 170
171 if ($mark == "1") {
172 $mark = "true";
173 } else {
174 $mark = "false";
175 }
176
177 // FIXME this needs collision testing
178
179 $result = db_query($link, "UPDATE ttrss_user_entries SET marked = $mark
180 WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
49aa6de9 181
f8fb4498
AD		 182 print "<rpc-reply>";
183 print "<message>UPDATE_COUNTERS</message>";
184 print "</rpc-reply>";
49aa6de9 185
85bd574b 186 return;
01b3e191
AD		 187 }
188
e04c18a2 189 if ($subop == "delete") {
b4e75b2a 190 $ids = db_escape_string($_REQUEST["ids"]);
e04c18a2
AD		 191
192 $result = db_query($link, "DELETE FROM ttrss_user_entries
193 WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]);
194
f8fb4498
AD		 195 print "<rpc-reply>";
196 print "<message>UPDATE_COUNTERS</message>";
197 print "</rpc-reply>";
e04c18a2
AD		 198
199 return;
200 }
201
202 if ($subop == "unarchive") {
b4e75b2a 203 $ids = db_escape_string($_REQUEST["ids"]);
e04c18a2
AD		 204
205 $result = db_query($link, "UPDATE ttrss_user_entries
ef83538d 206 SET feed_id = orig_feed_id, orig_feed_id = NULL
e04c18a2
AD		 207 WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]);
208
f8fb4498
AD		 209 print "<rpc-reply>";
210 print "<message>UPDATE_COUNTERS</message>";
211 print "</rpc-reply>";
e04c18a2
AD		 212
213 return;
214 }
215
216 if ($subop == "archive") {
b4e75b2a 217 $ids = split(",", db_escape_string($_REQUEST["ids"]));
e04c18a2 218
16fdac16
AD		 219 foreach ($ids as $id) {
220 archive_article($link, $id, $_SESSION["uid"]);
221 }
e04c18a2 222
f8fb4498
AD		 223 print "<rpc-reply>";
224 print "<message>UPDATE_COUNTERS</message>";
225 print "</rpc-reply>";
e04c18a2
AD		 226
227 return;
228 }
229
230
e4f4b46f 231 if ($subop == "publ") {
c7e51de1
AD		 232 $pub = $_REQUEST["pub"];
233 $id = db_escape_string($_REQUEST["id"]);
234 $note = trim(strip_tags(db_escape_string($_REQUEST["note"])));
e4f4b46f
AD		 235
236 if ($pub == "1") {
0a8011eb 237 $pub = "true";
e4f4b46f
AD		 238 } else {
239 $pub = "false";
240 }
241
c7e51de1
AD		 242 if ($note != 'undefined') {
243 $note_qpart = "note = '$note',";
244 }
245
e4f4b46f
AD		 246 // FIXME this needs collision testing
247
c7e51de1
AD		 248 $result = db_query($link, "UPDATE ttrss_user_entries SET
249 $note_qpart
250 published = $pub
e4f4b46f 251 WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
49aa6de9 252
c7e51de1
AD		 253
254 print "<rpc-reply>";
255
c7e51de1
AD		 256 if ($note != 'undefined') {
257 $note_size = strlen($note);
258 print "<note id=\"$id\" size=\"$note_size\">";
259 print "<![CDATA[" . format_article_note($id, $note) . "]]>";
260 print "</note>";
261 }
262
f8fb4498
AD		 263 print "<message>UPDATE_COUNTERS</message>";
264
c7e51de1 265 print "</rpc-reply>";
49aa6de9 266
85bd574b 267 return;
e4f4b46f
AD		 268 }
269
01b3e191 270 if ($subop == "updateFeed") {
b4e75b2a 271 $feed_id = db_escape_string($_REQUEST["feed"]);
01b3e191 272
c633e370 273 update_rss_feed($link, $feed_id);
01b3e191 274
f8fb4498
AD		 275 print "<rpc-reply>";
276 print "<message>UPDATE_COUNTERS</message>";
01b3e191 277 print "</rpc-reply>";
f8fb4498 278
01b3e191
AD		 279 return;
280 }
281
773adf8b 282 if ($subop == "updateAllFeeds" || $subop == "getAllCounters") {
f8fb4498
AD		 283
284 $last_article_id = (int) $_REQUEST["last_article_id"];
01b3e191
AD		 285
286 print "<rpc-reply>";
287
f8fb4498 288 if ($last_article_id != getLastArticleId($link)) {
a8f447f3 289 print "<counters><![CDATA[";
6a7817c1 290 $omode = $_REQUEST["omode"];
f8fb4498
AD		 291
292 if ($omode != "T")
293 print json_encode(getAllCounters($link, $omode));
294 else
295 print json_encode(getGlobalCounters($link));
296
a8f447f3 297 print "]]></counters>";
a06d0e5a
AD		 298 }
299
f54f515f
AD		 300 print_runtime_info($link);
301
01b3e191
AD		 302 print "</rpc-reply>";
303
85bd574b 304 return;
01b3e191 305 }
472782e8 306
01b3e191
AD		 307 /* GET["cmode"] = 0 - mark as read, 1 - as unread, 2 - toggle */
308 if ($subop == "catchupSelected") {
309
2855ee88
AD		 310 $ids = split(",", db_escape_string($_REQUEST["ids"]));
311 $cmode = sprintf("%d", $_REQUEST["cmode"]);
01b3e191 312
472782e8 313 catchupArticlesById($link, $ids, $cmode);
01b3e191 314
01b3e191 315 print "<rpc-reply>";
f8fb4498 316 print "<message>UPDATE_COUNTERS</message>";
01b3e191 317 print "</rpc-reply>";
85bd574b
AD		 318
319 return;
01b3e191
AD		 320 }
321
322 if ($subop == "markSelected") {
323
b4e75b2a
AD		 324 $ids = split(",", db_escape_string($_REQUEST["ids"]));
325 $cmode = sprintf("%d", $_REQUEST["cmode"]);
01b3e191 326
18eddb2c
AD		 327 markArticlesById($link, $ids, $cmode);
328
01b3e191 329 print "<rpc-reply>";
f8fb4498 330 print "<message>UPDATE_COUNTERS</message>";
01b3e191 331 print "</rpc-reply>";
85bd574b
AD		 332
333 return;
01b3e191
AD		 334 }
335
e4f4b46f
AD		 336 if ($subop == "publishSelected") {
337
b4e75b2a
AD		 338 $ids = split(",", db_escape_string($_REQUEST["ids"]));
339 $cmode = sprintf("%d", $_REQUEST["cmode"]);
e4f4b46f
AD		 340
341 publishArticlesById($link, $ids, $cmode);
342
343 print "<rpc-reply>";
f8fb4498 344 print "<message>UPDATE_COUNTERS</message>";
e4f4b46f 345 print "</rpc-reply>";
85bd574b
AD		 346
347 return;
e4f4b46f
AD		 348 }
349
01b3e191 350 if ($subop == "sanityCheck") {
3ac2b520 351 print "<rpc-reply>";
01b3e191
AD		 352 if (sanity_check($link)) {
353 print "<error error-code=\"0\"/>";
d8221301
AD		 354
355 print "<init-params><![CDATA[";
356 print json_encode(make_init_params($link));
357 print "]]></init-params>";
358
f54f515f 359 print_runtime_info($link);
4220d6b0
AD		 360
361 # assign client-passed params to session
b4e75b2a 362 $_SESSION["client.userAgent"] = $_REQUEST["ua"];
4220d6b0 363
01b3e191 364 }
3ac2b520 365 print "</rpc-reply>";
85bd574b
AD		 366
367 return;
3ac2b520 368 }
01b3e191
AD		 369
370 if ($subop == "globalPurge") {
371
372 print "<rpc-reply>";
373 global_purge_old_posts($link, true);
374 print "</rpc-reply>";
375
85bd574b 376 return;
01b3e191 377 }
3ac2b520 378
298f3f78
AD		 379 if ($subop == "getArticleLink") {
380
b4e75b2a 381 $id = db_escape_string($_REQUEST["id"]);
298f3f78
AD		 382
383 $result = db_query($link, "SELECT link FROM ttrss_entries, ttrss_user_entries
384 WHERE id = '$id' AND id = ref_id AND owner_uid = '".$_SESSION['uid']."'");
385
386 if (db_num_rows($result) == 1) {
06925d9e 387 $link = htmlspecialchars(strip_tags(db_fetch_result($result, 0, "link")));
e2ccbfab 388 print "<rpc-reply><link>$link</link><id>$id</id></rpc-reply>";
298f3f78
AD		 389 } else {
390 print "<rpc-reply><error>Article not found</error></rpc-reply>";
391 }
85bd574b
AD		 392
393 return;
298f3f78
AD		 394 }
395
0b126ac2 396 if ($subop == "setArticleTags") {
14b6c54b 397
bd3f2ade
AD		 398 global $memcache;
399
b4e75b2a 400 $id = db_escape_string($_REQUEST["id"]);
14b6c54b 401
b4e75b2a 402 $tags_str = db_escape_string($_REQUEST["tags_str"]);
d62a3b63 403 $tags = array_unique(trim_array(split(",", $tags_str)));
0b126ac2
AD		 404
405 db_query($link, "BEGIN");
406
407 $result = db_query($link, "SELECT int_id FROM ttrss_user_entries WHERE
408 ref_id = '$id' AND owner_uid = '".$_SESSION["uid"]."' LIMIT 1");
409
410 if (db_num_rows($result) == 1) {
411
779560b7
AD		 412 $tags_to_cache = array();
413
0b126ac2
AD		 414 $int_id = db_fetch_result($result, 0, "int_id");
415
416 db_query($link, "DELETE FROM ttrss_tags WHERE
417 post_int_id = $int_id AND owner_uid = '".$_SESSION["uid"]."'");
418
419 foreach ($tags as $tag) {
14b6c54b 420 $tag = sanitize_tag($tag);
0b126ac2 421
ef063748
AD		 422 if (!tag_is_valid($tag)) {
423 continue;
424 }
425
0b126ac2
AD		 426 if (preg_match("/^[0-9]*$/", $tag)) {
427 continue;
428 }
14b6c54b 429
307d187c 430// print "<!-- $id : $int_id : $tag -->";
0b126ac2
AD		 431
432 if ($tag != '') {
433 db_query($link, "INSERT INTO ttrss_tags
434 (post_int_id, owner_uid, tag_name) VALUES ('$int_id', '".$_SESSION["uid"]."', '$tag')");
435 }
779560b7
AD		 436
437 array_push($tags_to_cache, $tag);
0b126ac2 438 }
0b126ac2 439
779560b7
AD		 440 /* update tag cache */
441
442 $tags_str = join(",", $tags_to_cache);
443
444 db_query($link, "UPDATE ttrss_user_entries
445 SET tag_cache = '$tags_str' WHERE ref_id = '$id'
446 AND owner_uid = " . $_SESSION["uid"]);
447 }
490c366d 448
0b126ac2
AD		 449 db_query($link, "COMMIT");
450
bd3f2ade
AD		 451 if ($memcache) {
452 $obj_id = md5("TAGS:".$_SESSION["uid"].":$id");
453 $memcache->delete($obj_id);
454 }
455
307d187c
AD		 456 $tags_str = format_tags_string(get_article_tags($link, $id), $id);
457
0b126ac2 458 print "<rpc-reply>
307d187c 459 <tags-str id=\"$id\"><![CDATA[$tags_str]]></tags-str>
0b126ac2
AD		 460 </rpc-reply>";
461
85bd574b 462 return;
0b126ac2 463 }
01a87dff 464
ef7b7bbd
MK		 465 if ($subop == "regenOPMLKey") {
466
467 print "<rpc-reply>";
2e7f046f
AD		 468
469 update_feed_access_key($link, 'OPML:Publish',
470 false, $_SESSION["uid"]);
471
ef7b7bbd
MK		 472 $new_link = opml_publish_url($link);
473 print "<link><![CDATA[$new_link]]></link>";
474 print "</rpc-reply>";
475 return;
476 }
477
01a87dff
AD		 478 if ($subop == "logout") {
479 logout_user();
480 print_error_xml(6);
85bd574b 481 return;
01a87dff
AD		 482 }
483
05fcdf52
AD		 484 if ($subop == "completeTags") {
485
486 $search = db_escape_string($_REQUEST["search"]);
487
488 $result = db_query($link, "SELECT DISTINCT tag_name FROM ttrss_tags
489 WHERE owner_uid = '".$_SESSION["uid"]."' AND
490 tag_name LIKE '$search%' ORDER BY tag_name
491 LIMIT 10");
492
493 print "<ul>";
494 while ($line = db_fetch_assoc($result)) {
495 print "<li>" . $line["tag_name"] . "</li>";
496 }
497 print "</ul>";
498
85bd574b 499 return;
05fcdf52
AD		 500 }
501
81cd6cac 502 if ($subop == "purge") {
b4e75b2a
AD		 503 $ids = split(",", db_escape_string($_REQUEST["ids"]));
504 $days = sprintf("%d", $_REQUEST["days"]);
81cd6cac
AD		 505
506 print "<rpc-reply>";
507
508 print "<message><![CDATA[";
509
510 foreach ($ids as $id) {
511
512 $result = db_query($link, "SELECT id FROM ttrss_feeds WHERE
513 id = '$id' AND owner_uid = ".$_SESSION["uid"]);
514
515 if (db_num_rows($result) == 1) {
516 purge_feed($link, $id, $days, true);
517 }
518 }
519
520 print "]]></message>";
521
522 print "</rpc-reply>";
523
524 return;
525 }
526
9bf3f101 527/* if ($subop == "setScore") {
546499a9
AD		 528 $id = db_escape_string($_REQUEST["id"]);
529 $score = sprintf("%d", $_REQUEST["score"]);
530
531 $result = db_query($link, "UPDATE ttrss_user_entries SET score = '$score'
532 WHERE ref_id = '$id' AND owner_uid = ".$_SESSION["uid"]);
533
534 print "<rpc-reply><message>Acknowledged.</message></rpc-reply>";
535
536 return;
537
9bf3f101 538 } */
546499a9 539
aa0fa9df
AD		 540 if ($subop == "getArticles") {
541 $ids = split(",", db_escape_string($_REQUEST["ids"]));
542
543 print "<rpc-reply>";
544
545 foreach ($ids as $id) {
546 if ($id) {
547 outputArticleXML($link, $id, 0, false);
548 }
549 }
550 print "</rpc-reply>";
551
552 return;
553 }
554
d0da85c2
AD		 555 if ($subop == "checkDate") {
556
557 $date = db_escape_string($_REQUEST["date"]);
558 $date_parsed = strtotime($date);
559
560 print "<rpc-reply>";
561
562 if ($date_parsed) {
563 print "<result>1</result>";
564 } else {
565 print "<result>0</result>";
566 }
567
568 print "</rpc-reply>";
569
570 return;
571 }
572
933ba4ee
AD		 573 if ($subop == "removeFromLabel") {
574
905ff52a 575 $ids = explode(",", db_escape_string($_REQUEST["ids"]));
933ba4ee
AD		 576 $label_id = db_escape_string($_REQUEST["lid"]);
577
7a13338b
AD		 578 $label = db_escape_string(label_find_caption($link, $label_id,
579 $_SESSION["uid"]));
933ba4ee 580
1c9c6025
AD		 581 print "<rpc-reply>";
582 print "<info-for-headlines>";
583
933ba4ee
AD		 584 if ($label) {
585
586 foreach ($ids as $id) {
587 label_remove_article($link, $id, $label, $_SESSION["uid"]);
1c9c6025
AD		 588
589 print "<entry id=\"$id\"><![CDATA[";
590
591 $labels = get_article_labels($link, $id, $_SESSION["uid"]);
2eb9c95c 592 print format_article_labels($labels, $id);
1c9c6025
AD		 593
594 print "]]></entry>";
595
933ba4ee
AD		 596 }
597 }
598
1c9c6025
AD		 599 print "</info-for-headlines>";
600
f8fb4498
AD		 601 print "<rpc-reply>";
602 print "<message>UPDATE_COUNTERS</message>";
1c9c6025 603 print "</rpc-reply>";
933ba4ee
AD		 604
605 return;
606 }
607
b8a637f3
AD		 608 if ($subop == "assignToLabel") {
609
610 $ids = split(",", db_escape_string($_REQUEST["ids"]));
611 $label_id = db_escape_string($_REQUEST["lid"]);
612
7a13338b
AD		 613 $label = db_escape_string(label_find_caption($link, $label_id,
614 $_SESSION["uid"]));
b8a637f3 615
f9247195
AD		 616 print "<rpc-reply>";
617
618 print "<info-for-headlines>";
619
b8a637f3
AD		 620 if ($label) {
621
622 foreach ($ids as $id) {
623 label_add_article($link, $id, $label, $_SESSION["uid"]);
f9247195
AD		 624
625 print "<entry id=\"$id\"><![CDATA[";
626
627 $labels = get_article_labels($link, $id, $_SESSION["uid"]);
2eb9c95c 628 print format_article_labels($labels, $id);
f9247195
AD		 629
630 print "]]></entry>";
631
b8a637f3
AD		 632 }
633 }
634
f9247195
AD		 635 print "</info-for-headlines>";
636
f8fb4498
AD		 637 print "<rpc-reply>";
638 print "<message>UPDATE_COUNTERS</message>";
f9247195 639 print "</rpc-reply>";
b8a637f3
AD		 640
641 return;
642 }
643
ef88b1cc 644 if ($subop == "updateFeedBrowser") {
c2913898
AD		 645
646 $search = db_escape_string($_REQUEST["search"]);
647 $limit = db_escape_string($_REQUEST["limit"]);
082ae95b 648 $mode = db_escape_string($_REQUEST["mode"]);
c2913898
AD		 649
650 print "<rpc-reply>";
651 print "<content>";
652 print "<![CDATA[";
082ae95b 653 $ctr = print_feed_browser($link, $search, $limit, $mode);
c2913898
AD		 654 print "]]>";
655 print "</content>";
656 print "<num-results value=\"$ctr\"/>";
ef88b1cc 657 print "<mode value=\"$mode\"/>";
c2913898
AD		 658 print "</rpc-reply>";
659
660 return;
661 }
662
ef88b1cc
AD		 663
664 if ($subop == "massSubscribe") {
665
666 $ids = split(",", db_escape_string($_REQUEST["ids"]));
667 $mode = $_REQUEST["mode"];
668
669 $subscribed = array();
670
671 foreach ($ids as $id) {
672
673 if ($mode == 1) {
674 $result = db_query($link, "SELECT feed_url,title FROM ttrss_feeds
675 WHERE id = '$id'");
676 } else if ($mode == 2) {
677 $result = db_query($link, "SELECT * FROM ttrss_archived_feeds
678 WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]);
679 $orig_id = db_escape_string(db_fetch_result($result, 0, "id"));
680 $site_url = db_escape_string(db_fetch_result($result, 0, "site_url"));
681 }
682
683 $feed_url = db_escape_string(db_fetch_result($result, 0, "feed_url"));
684 $title = db_escape_string(db_fetch_result($result, 0, "title"));
685
686 $title_orig = db_fetch_result($result, 0, "title");
687
688 $result = db_query($link, "SELECT id FROM ttrss_feeds WHERE
689 feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
690
691 if (db_num_rows($result) == 0) {
692 if ($mode == 1) {
693 $result = db_query($link,
694 "INSERT INTO ttrss_feeds (owner_uid,feed_url,title,cat_id)
695 VALUES ('".$_SESSION["uid"]."', '$feed_url', '$title', NULL)");
696 } else if ($mode == 2) {
697 $result = db_query($link,
698 "INSERT INTO ttrss_feeds (id,owner_uid,feed_url,title,cat_id,site_url)
699 VALUES ('$orig_id','".$_SESSION["uid"]."', '$feed_url', '$title', NULL, '$site_url')");
700 }
701 array_push($subscribed, $title_orig);
702 }
703 }
704
705 $num_feeds = count($subscribed);
706
707 print "<rpc-reply>";
708 print "<num-feeds value='$num_feeds'/>";
709 print "</rpc-reply>";
710
711 return;
712 }
713
87b16a0a
AD		 714 if ($subop == "download") {
715 $stage = (int) $_REQUEST["stage"];
04870193
AD		 716 $cidt = (int)db_escape_string($_REQUEST["cidt"]);
717 $cidb = (int)db_escape_string($_REQUEST["cidb"]);
badac687 718 $sync = db_escape_string($_REQUEST["sync"]);
51f6f917
AD		 719 //$amount = (int) $_REQUEST["amount"];
720 //$unread_only = db_escape_string($_REQUEST["unread_only"]);
721 //if (!$amount) $amount = 50;
6a1cd591 722
d9447516
AD		 723 /* Amount is not used by the frontend offline.js anymore, it goes by
724 * date_qpart below + cidb/cidt IDs */
725
04870193 726 $amount = 2000;
51f6f917 727 $unread_only = true;
87b16a0a
AD		 728
729 print "<rpc-reply>";
730
badac687
AD		 731 $sync = split(";", $sync);
732
733 print "<sync>";
734
735 if (count($sync) > 0) {
736 if (strtotime($sync[0])) {
737 $last_online = db_escape_string($sync[0]);
738
739 print "<sync-point><![CDATA[$last_online]]></sync-point>";
740
741 for ($i = 1; $i < count($sync); $i++) {
742 $e = split(",", $sync[$i]);
743
744 if (count($e) == 3) {
745
746 $id = (int) $e[0];
747 $unread = bool_to_sql_bool((bool) $e[1]);
5b8444d3
AD		 748 $marked = (bool)$e[2];
749
750 if ($marked) {
751 $marked = bool_to_sql_bool($marked);
752 $marked_qpart = "marked = $marked,";
753 }
badac687 754
badac687 755 $query = "UPDATE ttrss_user_entries SET
5b8444d3 756 $marked_qpart
badac687
AD		 757 unread = $unread,
758 last_read = '$last_online'
759 WHERE ref_id = '$id' AND
760 (last_read IS NULL OR last_read < '$last_online') AND
761 owner_uid = ".$_SESSION["uid"];
762
763 $result = db_query($link, $query);
764
492a4a6a 765 print "<sync-ok id=\"$id\"/>";
badac687
AD		 766
767 }
768 }
7f4f9f4e
AD		 769
770 /* Maybe we need to further update local DB for this client */
771
492a4a6a 772 $query = "SELECT ref_id,unread,marked FROM ttrss_user_entries
7f4f9f4e 773 WHERE last_read >= '$last_online' AND
e6c611c5 774 owner_uid = ".$_SESSION["uid"] . " LIMIT 1000";
7f4f9f4e
AD		 775
776 $result = db_query($link, $query);
777
778 while ($line = db_fetch_assoc($result)) {
492a4a6a
AD		 779 $unread = (int) sql_bool_to_bool($line["unread"]);
780 $marked = (int) sql_bool_to_bool($line["marked"]);
781
782 print "<sync-ok unread=\"$unread\" marked=\"$marked\"
783 id=\"".$line["ref_id"]."\"/>";
7f4f9f4e
AD		 784 }
785
badac687
AD		 786 }
787 }
788
789 print "</sync>";
790
87b16a0a
AD		 791 if ($stage == 0) {
792 print "<feeds>";
793
d8781c91 794 $result = db_query($link, "SELECT id, title, cat_id FROM
117335bf 795 ttrss_feeds WHERE owner_uid = ".$_SESSION["uid"]);
87b16a0a
AD		 796
797 while ($line = db_fetch_assoc($result)) {
36f78797
AD		 798
799 $has_icon = (int) feed_has_icon($line["id"]);
800
d8781c91
AD		 801 print "<feed has_icon=\"$has_icon\"
802 cat_id=\"".(int)$line["cat_id"]."\" id=\"".$line["id"]."\"><![CDATA[";
87b16a0a
AD		 803 print $line["title"];
804 print "]]></feed>";
805 }
806
807 print "</feeds>";
808
d8781c91
AD		 809 print "<feed-categories>";
810
75aa83ec 811 $result = db_query($link, "SELECT id, title, collapsed FROM
d8781c91
AD		 812 ttrss_feed_categories WHERE owner_uid = ".$_SESSION["uid"]);
813
75aa83ec 814 print "<category id=\"0\" collapsed=\"".
57937c42 815 (int)get_pref($link, "_COLLAPSED_UNCAT")."\"><![CDATA[";
d8781c91
AD		 816 print __("Uncategorized");
817 print "]]></category>";
818
d6416405 819 print "<category id=\"-1\" collapsed=\"".
57937c42 820 (int)get_pref($link, "_COLLAPSED_SPECIAL")."\"><![CDATA[";
d6416405
AD		 821 print __("Special");
822 print "]]></category>";
823
c2726c96 824 print "<category id=\"-2\" collapsed=\"".
57937c42 825 (int)get_pref($link, "_COLLAPSED_LABELS")."\"><![CDATA[";
c2726c96
AD		 826 print __("Labels");
827 print "]]></category>";
828
d8781c91 829 while ($line = db_fetch_assoc($result)) {
75aa83ec
AD		 830 print "<category
831 id=\"".$line["id"]."\"
832 collapsed=\"".(int)sql_bool_to_bool($line["collapsed"])."\"><![CDATA[";
d8781c91
AD		 833 print $line["title"];
834 print "]]></category>";
835 }
836
837 print "</feed-categories>";
838
ed22888b
AD		 839 print "<labels>";
840
841 $result = db_query($link, "SELECT * FROM
842 ttrss_labels2 WHERE owner_uid = ".$_SESSION["uid"]);
843
844 while ($line = db_fetch_assoc($result)) {
845 print "<label
846 id=\"".$line["id"]."\"
847 fg_color=\"".$line["fg_color"]."\"
848 bg_color=\"".$line["bg_color"]."\"
849 ><![CDATA[";
850 print $line["caption"];
851 print "]]></label>";
852 }
853
854
855 print "</labels>";
d8781c91 856
87b16a0a
AD		 857 }
858
6a1cd591 859 if ($stage > 0) {
6a1cd591
AD		 860 print "<articles>";
861
d9447516 862 $limit = 10;
6a1cd591
AD		 863 $skip = $limit*($stage-1);
864
3e52ab08
AD		 865 print "<limit value=\"$limit\"/>";
866
6a1cd591
AD		 867 if ($amount > 0) $amount -= $skip;
868
869 if ($amount > 0) {
870
871 $limit = min($limit, $amount);
872
873 if ($unread_only) {
a400a562 874 $unread_qpart = "(unread = true OR marked = true) AND ";
6a1cd591
AD		 875 }
876
67eb2531 877 if ($cidt && $cidb) {
04870193 878 $cid_qpart = "(ttrss_entries.id > $cidt OR ttrss_entries.id < $cidb) AND ";
95f0c2c5
AD		 879 }
880
67eb2531 881 if (DB_TYPE == "pgsql") {
d9447516 882 $date_qpart = "updated >= NOW() - INTERVAL '1 week' AND";
67eb2531 883 } else {
d9447516 884 $date_qpart = "updated >= DATE_SUB(NOW(), INTERVAL 1 WEEK) AND";
67eb2531
AD		 885 }
886
6a1cd591 887 $result = db_query($link,
c1a0541a
AD		 888 "SELECT DISTINCT ttrss_entries.id,ttrss_entries.title,
889 guid,link,comments,
890 feed_id,content,updated,unread,marked FROM
891 ttrss_user_entries,ttrss_entries,ttrss_feeds
892 WHERE $unread_qpart $cid_qpart $date_qpart
c1a0541a
AD		 893 ttrss_feeds.id = feed_id AND
894 ref_id = ttrss_entries.id AND
895 ttrss_user_entries.owner_uid = ".$_SESSION["uid"]."
6a1cd591 896 ORDER BY updated DESC LIMIT $limit OFFSET $skip");
fe8f2f0c 897
3034277a 898 if (function_exists('json_encode')) {
6a2034f9 899
3034277a
AD		 900 while ($line = db_fetch_assoc($result)) {
901 print "<article><![CDATA[";
902
903 $line["marked"] = (int)sql_bool_to_bool($line["marked"]);
904 $line["unread"] = (int)sql_bool_to_bool($line["unread"]);
3ab18266 905
c2726c96
AD		 906 $line["labels"] = get_article_labels($link, $line["id"]);
907
3ab18266
AD		 908// too slow :(
909// $line["tags"] = format_tags_string(
910// get_article_tags($link, $line["id"]), $line["id"]);
3034277a
AD		 911
912 print json_encode($line);
913 print "]]></article>";
914 }
6a1cd591
AD		 915 }
916
917 }
918
919 print "</articles>";
920
921 }
922
87b16a0a
AD		 923 print "</rpc-reply>";
924
925 return;
926 }
927
d8ea9902
AD		 928 if ($subop == "digest-get-contents") {
929 $article_id = db_escape_string($_REQUEST['article_id']);
930
931 $result = db_query($link, "SELECT content
932 FROM ttrss_entries, ttrss_user_entries
933 WHERE id = '$article_id' AND ref_id = id AND owner_uid = ".$_SESSION['uid']);
934
935 print "<rpc-reply>";
936
937 print "<article id=\"$article_id\"><![CDATA[";
938
939 $content = sanitize_rss($link, db_fetch_result($result, 0, "content"));
940
941 print $content;
942
943 print "]]></article>";
944
945 print "</rpc-reply>";
946
947 return;
948 }
949
1ca8997b 950 if ($subop == "digest-update") {
b41c2549 951 $feed_id = db_escape_string($_REQUEST['feed_id']);
1ca8997b 952 $offset = db_escape_string($_REQUEST['offset']);
e4c530dc 953 $seq = db_escape_string($_REQUEST['seq']);
1ca8997b 954
b41c2549 955 if (!$feed_id) $feed_id = -4;
1ca8997b 956 if (!$offset) $offset = 0;
1ca8997b
AD		 957 print "<rpc-reply>";
958
e4c530dc
AD		 959 print "<seq>$seq</seq>";
960
1ca8997b 961 $headlines = api_get_headlines($link, $feed_id, 10, $offset,
d8ea9902 962 '', ($feed_id == -4), true, false, "unread", "updated DESC");
1ca8997b
AD		 963
964 //function api_get_headlines($link, $feed_id, $limit, $offset,
965 // $filter, $is_cat, $show_excerpt, $show_content, $view_mode) {
966
78ac6caf
AD		 967 print "<headlines-title><![CDATA[" . getFeedTitle($link, $feed_id) .
968 "]]></headlines-title>";
969
1ca8997b
AD		 970 print "<headlines><![CDATA[" . json_encode($headlines) . "]]></headlines>";
971
972 print "</rpc-reply>";
973 return;
974 }
975
976 if ($subop == "digest-init") {
911d4c08
AD		 977 print "<rpc-reply>";
978
979 $tmp_feeds = api_get_feeds($link, false, true, false, 0);
980 $feeds = array();
981
982 foreach ($tmp_feeds as $f) {
b41c2549 983 if ($f['id'] > 0 || $f['id'] == -4) array_push($feeds, $f);
911d4c08
AD		 984 }
985
911d4c08
AD		 986 print "<feeds><![CDATA[" . json_encode($feeds) . "]]></feeds>";
987
911d4c08
AD		 988 print "</rpc-reply>";
989 return;
990 }
991
c1b5cd23
AD		 992 if ($subop == "catchupFeed") {
993
994 $feed_id = db_escape_string($_REQUEST['feed_id']);
995 $is_cat = db_escape_string($_REQUEST['is_cat']);
996
997 print "<rpc-reply>";
998
999 catchup_feed($link, $feed_id, $is_cat);
1000
1001 print "</rpc-reply>";
1002
1003 return;
1004 }
1005
31a53903
AD		 1006 if ($subop == "sendEmail") {
1007 $secretkey = $_REQUEST['secretkey'];
1008
1009 print "<rpc-reply>";
1010
1011 if (DIGEST_ENABLE && $_SESSION['email_secretkey'] &&
1012 $secretkey == $_SESSION['email_secretkey']) {
1013
1014 $_SESSION['email_secretkey'] = '';
1015
1016 $destination = $_REQUEST['destination'];
1017 $subject = $_REQUEST['subject'];
1018 $content = $_REQUEST['content'];
1019
1020 $replyto = strip_tags($_SESSION['email_replyto']);
1021 $fromname = strip_tags($_SESSION['email_fromname']);
1022
1023 $mail = new PHPMailer();
1024
1025 $mail->PluginDir = "lib/phpmailer/";
1026 $mail->SetLanguage("en", "lib/phpmailer/language/");
1027
1028 $mail->CharSet = "UTF-8";
1029
1030 $mail->From = $replyto;
1031 $mail->FromName = $fromname;
1032 $mail->AddAddress($destination);
1033
1034 if (DIGEST_SMTP_HOST) {
1035 $mail->Host = DIGEST_SMTP_HOST;
1036 $mail->Mailer = "smtp";
1037 $mail->SMTPAuth = DIGEST_SMTP_LOGIN != '';
1038 $mail->Username = DIGEST_SMTP_LOGIN;
1039 $mail->Password = DIGEST_SMTP_PASSWORD;
1040 }
1041
1042 $mail->IsHTML(false);
1043 $mail->Subject = $subject;
1044 $mail->Body = $content;
1045
1046 $rc = $mail->Send();
1047
1048 if (!$rc) {
1049 print "<error><![CDATA[" . $mail->ErrorInfo . "]]></error>";
1050 } else {
1051 save_email_address($link, db_escape_string($destination));
f8fb4498 1052 print "<message>UPDATE_COUNTERS</message>";
31a53903
AD		 1053 }
1054
1055 } else {
1056 print "<error>Not authorized.</error>";
1057 }
1058
1059 print "</rpc-reply>";
1060
1061 return;
1062 }
1063
1064 if ($subop == "completeEmails") {
1065
1066 $search = db_escape_string($_REQUEST["search"]);
1067
1068 print "<ul>";
1069
1070 foreach ($_SESSION['stored_emails'] as $email) {
1071 if (strpos($email, $search) !== false) {
1072 print "<li>$email</li>";
1073 }
1074 }
1075
1076 print "</ul>";
1077
1078 return;
1079 }
1080
5c7c7da9
AD		 1081 if ($subop == "quickAddCat") {
1082 print "<rpc-reply>";
1083
1084 $cat = db_escape_string($_REQUEST["cat"]);
1085
1086 add_feed_category($link, $cat);
1087
1088 $result = db_query($link, "SELECT id FROM ttrss_feed_categories WHERE
1089 title = '$cat' AND owner_uid = " . $_SESSION["uid"]);
1090
1091 if (db_num_rows($result) == 1) {
1092 $id = db_fetch_result($result, 0, "id");
1093 } else {
1094 $id = 0;
1095 }
1096
5c7c7da9 1097 print_feed_cat_select($link, "cat_id", $id);
5c7c7da9
AD		 1098
1099 print "</rpc-reply>";
1100
1101 return;
1102 }
1103
8801fb01
AD		 1104 if ($subop == "regenFeedKey") {
1105 $feed_id = db_escape_string($_REQUEST['id']);
1106 $is_cat = (bool) db_escape_string($_REQUEST['is_cat']);
1107
1108 print "<rpc-reply>";
1109
1110 $new_key = update_feed_access_key($link, $feed_id, $is_cat);
1111
1112 print "<link><![CDATA[$new_key]]></link>";
1113
1114 print "</rpc-reply>";
1115
1116 return;
1117 }
1118
8d86f15f
AD		 1119 if ($subop == "clearKeys") {
1120
1121 db_query($link, "DELETE FROM ttrss_access_keys WHERE
1122 owner_uid = " . $_SESSION["uid"]);
1123
f8fb4498
AD		 1124 print "<rpc-reply>";
1125 print "<message>UPDATE_COUNTERS</message>";
1126 print "</rpc-reply>";
8d86f15f
AD		 1127
1128 return;
1129 }
1130
85bd574b 1131 print "<rpc-reply><error>Unknown method: $subop</error></rpc-reply>";
01b3e191
AD		 1132 }
1133?>
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/