]>
Commit | Line | Data |
---|---|---|
1 | <?php | |
2 | class Handler_Public extends Handler { | |
3 | ||
4 | private function generate_syndicated_feed($owner_uid, $feed, $is_cat, | |
5 | $limit, $offset, $search, $search_mode, | |
6 | $view_mode = false, $format = 'atom', $order = false, $orig_guid = false) { | |
7 | ||
8 | require_once "lib/MiniTemplator.class.php"; | |
9 | ||
10 | $note_style = "background-color : #fff7d5; | |
11 | border-width : 1px; ". | |
12 | "padding : 5px; border-style : dashed; border-color : #e7d796;". | |
13 | "margin-bottom : 1em; color : #9a8c59;"; | |
14 | ||
15 | if (!$limit) $limit = 60; | |
16 | ||
17 | $date_sort_field = "date_entered DESC, updated DESC"; | |
18 | ||
19 | if ($feed == -2) | |
20 | $date_sort_field = "last_published DESC"; | |
21 | else if ($feed == -1) | |
22 | $date_sort_field = "last_marked DESC"; | |
23 | ||
24 | switch ($order) { | |
25 | case "title": | |
26 | $date_sort_field = "ttrss_entries.title"; | |
27 | break; | |
28 | case "date_reverse": | |
29 | $date_sort_field = "date_entered, updated"; | |
30 | break; | |
31 | case "feed_dates": | |
32 | $date_sort_field = "updated DESC"; | |
33 | break; | |
34 | } | |
35 | ||
36 | $qfh_ret = queryFeedHeadlines($feed, | |
37 | 1, $view_mode, $is_cat, $search, $search_mode, | |
38 | $date_sort_field, $offset, $owner_uid, | |
39 | false, 0, false, true); | |
40 | ||
41 | $result = $qfh_ret[0]; | |
42 | ||
43 | if ($this->dbh->num_rows($result) != 0) { | |
44 | $ts = strtotime($this->dbh->fetch_result($result, 0, "date_entered")); | |
45 | ||
46 | if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) && | |
47 | strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) >= $ts) { | |
48 | header('HTTP/1.0 304 Not Modified'); | |
49 | return; | |
50 | } | |
51 | ||
52 | $last_modified = gmdate("D, d M Y H:i:s", $ts) . " GMT"; | |
53 | header("Last-Modified: $last_modified", true); | |
54 | } | |
55 | ||
56 | $qfh_ret = queryFeedHeadlines($feed, | |
57 | $limit, $view_mode, $is_cat, $search, $search_mode, | |
58 | $date_sort_field, $offset, $owner_uid, | |
59 | false, 0, false, true); | |
60 | ||
61 | ||
62 | $result = $qfh_ret[0]; | |
63 | $feed_title = htmlspecialchars($qfh_ret[1]); | |
64 | $feed_site_url = $qfh_ret[2]; | |
65 | $last_error = $qfh_ret[3]; | |
66 | ||
67 | $feed_self_url = get_self_url_prefix() . | |
68 | "/public.php?op=rss&id=$feed&key=" . | |
69 | get_feed_access_key($feed, false, $owner_uid); | |
70 | ||
71 | if (!$feed_site_url) $feed_site_url = get_self_url_prefix(); | |
72 | ||
73 | if ($format == 'atom') { | |
74 | $tpl = new MiniTemplator; | |
75 | ||
76 | $tpl->readTemplateFromFile("templates/generated_feed.txt"); | |
77 | ||
78 | $tpl->setVariable('FEED_TITLE', $feed_title, true); | |
79 | $tpl->setVariable('VERSION', VERSION, true); | |
80 | $tpl->setVariable('FEED_URL', htmlspecialchars($feed_self_url), true); | |
81 | ||
82 | if (PUBSUBHUBBUB_HUB && $feed == -2) { | |
83 | $tpl->setVariable('HUB_URL', htmlspecialchars(PUBSUBHUBBUB_HUB), true); | |
84 | $tpl->addBlock('feed_hub'); | |
85 | } | |
86 | ||
87 | $tpl->setVariable('SELF_URL', htmlspecialchars(get_self_url_prefix()), true); | |
88 | while ($line = $this->dbh->fetch_assoc($result)) { | |
89 | $line["content_preview"] = truncate_string(strip_tags($line["content_preview"]), 100, '...'); | |
90 | ||
91 | foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_QUERY_HEADLINES) as $p) { | |
92 | $line = $p->hook_query_headlines($line); | |
93 | } | |
94 | ||
95 | $tpl->setVariable('ARTICLE_ID', | |
96 | htmlspecialchars($orig_guid ? $line['link'] : | |
97 | get_self_url_prefix() . | |
98 | "/public.php?url=" . urlencode($line['link'])), true); | |
99 | $tpl->setVariable('ARTICLE_LINK', htmlspecialchars($line['link']), true); | |
100 | $tpl->setVariable('ARTICLE_TITLE', htmlspecialchars($line['title']), true); | |
101 | $tpl->setVariable('ARTICLE_EXCERPT', $line["content_preview"], true); | |
102 | ||
103 | $content = sanitize($line["content"], false, $owner_uid); | |
104 | ||
105 | if ($line['note']) { | |
106 | $content = "<div style=\"$note_style\">Article note: " . $line['note'] . "</div>" . | |
107 | $content; | |
108 | $tpl->setVariable('ARTICLE_NOTE', htmlspecialchars($line['note']), true); | |
109 | } | |
110 | ||
111 | $tpl->setVariable('ARTICLE_CONTENT', $content, true); | |
112 | ||
113 | $tpl->setVariable('ARTICLE_UPDATED_ATOM', | |
114 | date('c', strtotime($line["updated"])), true); | |
115 | $tpl->setVariable('ARTICLE_UPDATED_RFC822', | |
116 | date(DATE_RFC822, strtotime($line["updated"])), true); | |
117 | ||
118 | $tpl->setVariable('ARTICLE_AUTHOR', htmlspecialchars($line['author']), true); | |
119 | ||
120 | $tpl->setVariable('ARTICLE_SOURCE_LINK', htmlspecialchars($line['site_url']), true); | |
121 | $tpl->setVariable('ARTICLE_SOURCE_TITLE', htmlspecialchars($line['feed_title']), true); | |
122 | ||
123 | $tags = get_article_tags($line["id"], $owner_uid); | |
124 | ||
125 | foreach ($tags as $tag) { | |
126 | $tpl->setVariable('ARTICLE_CATEGORY', htmlspecialchars($tag), true); | |
127 | $tpl->addBlock('category'); | |
128 | } | |
129 | ||
130 | $enclosures = get_article_enclosures($line["id"]); | |
131 | ||
132 | foreach ($enclosures as $e) { | |
133 | $type = htmlspecialchars($e['content_type']); | |
134 | $url = htmlspecialchars($e['content_url']); | |
135 | $length = $e['duration']; | |
136 | ||
137 | $tpl->setVariable('ARTICLE_ENCLOSURE_URL', $url, true); | |
138 | $tpl->setVariable('ARTICLE_ENCLOSURE_TYPE', $type, true); | |
139 | $tpl->setVariable('ARTICLE_ENCLOSURE_LENGTH', $length, true); | |
140 | ||
141 | $tpl->addBlock('enclosure'); | |
142 | } | |
143 | ||
144 | $tpl->addBlock('entry'); | |
145 | } | |
146 | ||
147 | $tmp = ""; | |
148 | ||
149 | $tpl->addBlock('feed'); | |
150 | $tpl->generateOutputToString($tmp); | |
151 | ||
152 | if (@!$_REQUEST["noxml"]) { | |
153 | header("Content-Type: text/xml; charset=utf-8"); | |
154 | } else { | |
155 | header("Content-Type: text/plain; charset=utf-8"); | |
156 | } | |
157 | ||
158 | print $tmp; | |
159 | } else if ($format == 'json') { | |
160 | ||
161 | $feed = array(); | |
162 | ||
163 | $feed['title'] = $feed_title; | |
164 | $feed['version'] = VERSION; | |
165 | $feed['feed_url'] = $feed_self_url; | |
166 | ||
167 | if (PUBSUBHUBBUB_HUB && $feed == -2) { | |
168 | $feed['hub_url'] = PUBSUBHUBBUB_HUB; | |
169 | } | |
170 | ||
171 | $feed['self_url'] = get_self_url_prefix(); | |
172 | ||
173 | $feed['articles'] = array(); | |
174 | ||
175 | while ($line = $this->dbh->fetch_assoc($result)) { | |
176 | $line["content_preview"] = truncate_string(strip_tags($line["content_preview"]), 100, '...'); | |
177 | foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_QUERY_HEADLINES) as $p) { | |
178 | $line = $p->hook_query_headlines($line, 100); | |
179 | } | |
180 | $article = array(); | |
181 | ||
182 | $article['id'] = $line['link']; | |
183 | $article['link'] = $line['link']; | |
184 | $article['title'] = $line['title']; | |
185 | $article['excerpt'] = $line["content_preview"]; | |
186 | $article['content'] = sanitize($line["content"], false, $owner_uid); | |
187 | $article['updated'] = date('c', strtotime($line["updated"])); | |
188 | ||
189 | if ($line['note']) $article['note'] = $line['note']; | |
190 | if ($article['author']) $article['author'] = $line['author']; | |
191 | ||
192 | $tags = get_article_tags($line["id"], $owner_uid); | |
193 | ||
194 | if (count($tags) > 0) { | |
195 | $article['tags'] = array(); | |
196 | ||
197 | foreach ($tags as $tag) { | |
198 | array_push($article['tags'], $tag); | |
199 | } | |
200 | } | |
201 | ||
202 | $enclosures = get_article_enclosures($line["id"]); | |
203 | ||
204 | if (count($enclosures) > 0) { | |
205 | $article['enclosures'] = array(); | |
206 | ||
207 | foreach ($enclosures as $e) { | |
208 | $type = $e['content_type']; | |
209 | $url = $e['content_url']; | |
210 | $length = $e['duration']; | |
211 | ||
212 | array_push($article['enclosures'], array("url" => $url, "type" => $type, "length" => $length)); | |
213 | } | |
214 | } | |
215 | ||
216 | array_push($feed['articles'], $article); | |
217 | } | |
218 | ||
219 | header("Content-Type: text/json; charset=utf-8"); | |
220 | print json_encode($feed); | |
221 | ||
222 | } else { | |
223 | header("Content-Type: text/plain; charset=utf-8"); | |
224 | print json_encode(array("error" => array("message" => "Unknown format"))); | |
225 | } | |
226 | } | |
227 | ||
228 | function getUnread() { | |
229 | $login = $this->dbh->escape_string($_REQUEST["login"]); | |
230 | $fresh = $_REQUEST["fresh"] == "1"; | |
231 | ||
232 | $result = $this->dbh->query("SELECT id FROM ttrss_users WHERE login = '$login'"); | |
233 | ||
234 | if ($this->dbh->num_rows($result) == 1) { | |
235 | $uid = $this->dbh->fetch_result($result, 0, "id"); | |
236 | ||
237 | print getGlobalUnread($uid); | |
238 | ||
239 | if ($fresh) { | |
240 | print ";"; | |
241 | print getFeedArticles(-3, false, true, $uid); | |
242 | } | |
243 | ||
244 | } else { | |
245 | print "-1;User not found"; | |
246 | } | |
247 | ||
248 | } | |
249 | ||
250 | function getProfiles() { | |
251 | $login = $this->dbh->escape_string($_REQUEST["login"]); | |
252 | ||
253 | $result = $this->dbh->query("SELECT ttrss_settings_profiles.* FROM ttrss_settings_profiles,ttrss_users | |
254 | WHERE ttrss_users.id = ttrss_settings_profiles.owner_uid AND login = '$login' ORDER BY title"); | |
255 | ||
256 | print "<select dojoType='dijit.form.Select' style='width : 220px; margin : 0px' name='profile'>"; | |
257 | ||
258 | print "<option value='0'>" . __("Default profile") . "</option>"; | |
259 | ||
260 | while ($line = $this->dbh->fetch_assoc($result)) { | |
261 | $id = $line["id"]; | |
262 | $title = $line["title"]; | |
263 | ||
264 | print "<option value='$id'>$title</option>"; | |
265 | } | |
266 | ||
267 | print "</select>"; | |
268 | } | |
269 | ||
270 | function pubsub() { | |
271 | $mode = $this->dbh->escape_string($_REQUEST['hub_mode']); | |
272 | $feed_id = (int) $this->dbh->escape_string($_REQUEST['id']); | |
273 | $feed_url = $this->dbh->escape_string($_REQUEST['hub_topic']); | |
274 | ||
275 | if (!PUBSUBHUBBUB_ENABLED) { | |
276 | header('HTTP/1.0 404 Not Found'); | |
277 | echo "404 Not found"; | |
278 | return; | |
279 | } | |
280 | ||
281 | // TODO: implement hub_verifytoken checking | |
282 | ||
283 | $result = $this->dbh->query("SELECT feed_url FROM ttrss_feeds | |
284 | WHERE id = '$feed_id'"); | |
285 | ||
286 | if ($this->dbh->num_rows($result) != 0) { | |
287 | ||
288 | $check_feed_url = $this->dbh->fetch_result($result, 0, "feed_url"); | |
289 | ||
290 | if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) { | |
291 | if ($mode == "subscribe") { | |
292 | ||
293 | $this->dbh->query("UPDATE ttrss_feeds SET pubsub_state = 2 | |
294 | WHERE id = '$feed_id'"); | |
295 | ||
296 | print $_REQUEST['hub_challenge']; | |
297 | return; | |
298 | ||
299 | } else if ($mode == "unsubscribe") { | |
300 | ||
301 | $this->dbh->query("UPDATE ttrss_feeds SET pubsub_state = 0 | |
302 | WHERE id = '$feed_id'"); | |
303 | ||
304 | print $_REQUEST['hub_challenge']; | |
305 | return; | |
306 | ||
307 | } else if (!$mode) { | |
308 | ||
309 | // Received update ping, schedule feed update. | |
310 | //update_rss_feed($feed_id, true, true); | |
311 | ||
312 | $this->dbh->query("UPDATE ttrss_feeds SET | |
313 | last_update_started = '1970-01-01', | |
314 | last_updated = '1970-01-01' WHERE id = '$feed_id'"); | |
315 | ||
316 | } | |
317 | } else { | |
318 | header('HTTP/1.0 404 Not Found'); | |
319 | echo "404 Not found"; | |
320 | } | |
321 | } else { | |
322 | header('HTTP/1.0 404 Not Found'); | |
323 | echo "404 Not found"; | |
324 | } | |
325 | ||
326 | } | |
327 | ||
328 | function logout() { | |
329 | logout_user(); | |
330 | header("Location: index.php"); | |
331 | } | |
332 | ||
333 | function share() { | |
334 | $uuid = $this->dbh->escape_string($_REQUEST["key"]); | |
335 | ||
336 | $result = $this->dbh->query("SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE | |
337 | uuid = '$uuid'"); | |
338 | ||
339 | if ($this->dbh->num_rows($result) != 0) { | |
340 | header("Content-Type: text/html"); | |
341 | ||
342 | $id = $this->dbh->fetch_result($result, 0, "ref_id"); | |
343 | $owner_uid = $this->dbh->fetch_result($result, 0, "owner_uid"); | |
344 | ||
345 | $article = format_article($id, false, true, $owner_uid); | |
346 | ||
347 | print_r($article['content']); | |
348 | ||
349 | } else { | |
350 | print "Article not found."; | |
351 | } | |
352 | ||
353 | } | |
354 | ||
355 | function rss() { | |
356 | $feed = $this->dbh->escape_string($_REQUEST["id"]); | |
357 | $key = $this->dbh->escape_string($_REQUEST["key"]); | |
358 | $is_cat = sql_bool_to_bool($_REQUEST["is_cat"]); | |
359 | $limit = (int)$this->dbh->escape_string($_REQUEST["limit"]); | |
360 | $offset = (int)$this->dbh->escape_string($_REQUEST["offset"]); | |
361 | ||
362 | $search = $this->dbh->escape_string($_REQUEST["q"]); | |
363 | $search_mode = $this->dbh->escape_string($_REQUEST["smode"]); | |
364 | $view_mode = $this->dbh->escape_string($_REQUEST["view-mode"]); | |
365 | $order = $this->dbh->escape_string($_REQUEST["order"]); | |
366 | ||
367 | $format = $this->dbh->escape_string($_REQUEST['format']); | |
368 | $orig_guid = !sql_bool_to_bool($_REQUEST["no_orig_guid"]); | |
369 | ||
370 | if (!$format) $format = 'atom'; | |
371 | ||
372 | if (SINGLE_USER_MODE) { | |
373 | authenticate_user("admin", null); | |
374 | } | |
375 | ||
376 | $owner_id = false; | |
377 | ||
378 | if ($key) { | |
379 | $result = $this->dbh->query("SELECT owner_uid FROM | |
380 | ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'"); | |
381 | ||
382 | if ($this->dbh->num_rows($result) == 1) | |
383 | $owner_id = $this->dbh->fetch_result($result, 0, "owner_uid"); | |
384 | } | |
385 | ||
386 | if ($owner_id) { | |
387 | $this->generate_syndicated_feed($owner_id, $feed, $is_cat, $limit, | |
388 | $offset, $search, $search_mode, $view_mode, $format, $order, $orig_guid); | |
389 | } else { | |
390 | header('HTTP/1.1 403 Forbidden'); | |
391 | } | |
392 | } | |
393 | ||
394 | function updateTask() { | |
395 | PluginHost::getInstance()->run_hooks(PluginHost::HOOK_UPDATE_TASK, "hook_update_task", $op); | |
396 | } | |
397 | ||
398 | function housekeepingTask() { | |
399 | PluginHost::getInstance()->run_hooks(PluginHost::HOOK_HOUSE_KEEPING, "hook_house_keeping", $op); | |
400 | } | |
401 | ||
402 | function globalUpdateFeeds() { | |
403 | RPC::updaterandomfeed_real($this->dbh); | |
404 | ||
405 | PluginHost::getInstance()->run_hooks(PluginHost::HOOK_UPDATE_TASK, "hook_update_task", $op); | |
406 | } | |
407 | ||
408 | function sharepopup() { | |
409 | if (SINGLE_USER_MODE) { | |
410 | login_sequence(); | |
411 | } | |
412 | ||
413 | header('Content-Type: text/html; charset=utf-8'); | |
414 | print "<html><head><title>Tiny Tiny RSS</title> | |
415 | <link rel=\"shortcut icon\" type=\"image/png\" href=\"images/favicon.png\"> | |
416 | <link rel=\"icon\" type=\"image/png\" sizes=\"72x72\" href=\"images/favicon-72px.png\">"; | |
417 | ||
418 | stylesheet_tag("css/utility.css"); | |
419 | javascript_tag("lib/prototype.js"); | |
420 | javascript_tag("lib/scriptaculous/scriptaculous.js?load=effects,dragdrop,controls"); | |
421 | print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/> | |
422 | </head><body id='sharepopup'>"; | |
423 | ||
424 | $action = $_REQUEST["action"]; | |
425 | ||
426 | if ($_SESSION["uid"]) { | |
427 | ||
428 | if ($action == 'share') { | |
429 | ||
430 | $title = $this->dbh->escape_string(strip_tags($_REQUEST["title"])); | |
431 | $url = $this->dbh->escape_string(strip_tags($_REQUEST["url"])); | |
432 | $content = $this->dbh->escape_string(strip_tags($_REQUEST["content"])); | |
433 | $labels = $this->dbh->escape_string(strip_tags($_REQUEST["labels"])); | |
434 | ||
435 | Article::create_published_article($title, $url, $content, $labels, | |
436 | $_SESSION["uid"]); | |
437 | ||
438 | print "<script type='text/javascript'>"; | |
439 | print "window.close();"; | |
440 | print "</script>"; | |
441 | ||
442 | } else { | |
443 | $title = htmlspecialchars($_REQUEST["title"]); | |
444 | $url = htmlspecialchars($_REQUEST["url"]); | |
445 | ||
446 | ?> | |
447 | ||
448 | <table height='100%' width='100%'><tr><td colspan='2'> | |
449 | <h1><?php echo __("Share with Tiny Tiny RSS") ?></h1> | |
450 | </td></tr> | |
451 | ||
452 | <form id='share_form' name='share_form'> | |
453 | ||
454 | <input type="hidden" name="op" value="sharepopup"> | |
455 | <input type="hidden" name="action" value="share"> | |
456 | ||
457 | <tr><td align='right'><?php echo __("Title:") ?></td> | |
458 | <td width='80%'><input name='title' value="<?php echo $title ?>"></td></tr> | |
459 | <tr><td align='right'><?php echo __("URL:") ?></td> | |
460 | <td><input name='url' value="<?php echo $url ?>"></td></tr> | |
461 | <tr><td align='right'><?php echo __("Content:") ?></td> | |
462 | <td><input name='content' value=""></td></tr> | |
463 | <tr><td align='right'><?php echo __("Labels:") ?></td> | |
464 | <td><input name='labels' id="labels_value" | |
465 | placeholder='Alpha, Beta, Gamma' value=""> | |
466 | </td></tr> | |
467 | ||
468 | <tr><td> | |
469 | <div class="autocomplete" id="labels_choices" | |
470 | style="display : block"></div></td></tr> | |
471 | ||
472 | <script type='text/javascript'>document.forms[0].title.focus();</script> | |
473 | ||
474 | <script type='text/javascript'> | |
475 | new Ajax.Autocompleter('labels_value', 'labels_choices', | |
476 | "backend.php?op=rpc&method=completeLabels", | |
477 | { tokens: ',', paramName: "search" }); | |
478 | </script> | |
479 | ||
480 | <tr><td colspan='2'> | |
481 | <div style='float : right' class='insensitive-small'> | |
482 | <?php echo __("Shared article will appear in the Published feed.") ?> | |
483 | </div> | |
484 | <button type="submit"><?php echo __('Share') ?></button> | |
485 | <button onclick="return window.close()"><?php echo __('Cancel') ?></button> | |
486 | </div> | |
487 | ||
488 | </form> | |
489 | </td></tr></table> | |
490 | </body></html> | |
491 | <?php | |
492 | ||
493 | } | |
494 | ||
495 | } else { | |
496 | ||
497 | $return = urlencode($_SERVER["REQUEST_URI"]) | |
498 | ?> | |
499 | ||
500 | <form action="public.php?return=<?php echo $return ?>" | |
501 | method="POST" id="loginForm" name="loginForm"> | |
502 | ||
503 | <input type="hidden" name="op" value="login"> | |
504 | ||
505 | <table height='100%' width='100%'><tr><td colspan='2'> | |
506 | <h1><?php echo __("Not logged in") ?></h1></td></tr> | |
507 | ||
508 | <tr><td align="right"><?php echo __("Login:") ?></td> | |
509 | <td align="right"><input name="login" | |
510 | value="<?php echo $_SESSION["fake_login"] ?>"></td></tr> | |
511 | <tr><td align="right"><?php echo __("Password:") ?></td> | |
512 | <td align="right"><input type="password" name="password" | |
513 | value="<?php echo $_SESSION["fake_password"] ?>"></td></tr> | |
514 | <tr><td colspan='2'> | |
515 | <button type="submit"> | |
516 | <?php echo __('Log in') ?></button> | |
517 | ||
518 | <button onclick="return window.close()"> | |
519 | <?php echo __('Cancel') ?></button> | |
520 | </td></tr> | |
521 | </table> | |
522 | ||
523 | </form> | |
524 | <?php | |
525 | } | |
526 | } | |
527 | ||
528 | function login() { | |
529 | if (!SINGLE_USER_MODE) { | |
530 | ||
531 | $login = $this->dbh->escape_string($_POST["login"]); | |
532 | $password = $_POST["password"]; | |
533 | $remember_me = $_POST["remember_me"]; | |
534 | ||
535 | if ($remember_me) { | |
536 | session_set_cookie_params(SESSION_COOKIE_LIFETIME); | |
537 | } else { | |
538 | session_set_cookie_params(0); | |
539 | } | |
540 | ||
541 | @session_start(); | |
542 | ||
543 | if (authenticate_user($login, $password)) { | |
544 | $_POST["password"] = ""; | |
545 | ||
546 | if (get_schema_version() >= 120) { | |
547 | $_SESSION["language"] = get_pref("USER_LANGUAGE", $_SESSION["uid"]); | |
548 | } | |
549 | ||
550 | $_SESSION["ref_schema_version"] = get_schema_version(true); | |
551 | $_SESSION["bw_limit"] = !!$_POST["bw_limit"]; | |
552 | ||
553 | if ($_POST["profile"]) { | |
554 | ||
555 | $profile = $this->dbh->escape_string($_POST["profile"]); | |
556 | ||
557 | $result = $this->dbh->query("SELECT id FROM ttrss_settings_profiles | |
558 | WHERE id = '$profile' AND owner_uid = " . $_SESSION["uid"]); | |
559 | ||
560 | if ($this->dbh->num_rows($result) != 0) { | |
561 | $_SESSION["profile"] = $profile; | |
562 | } | |
563 | } | |
564 | } else { | |
565 | $_SESSION["login_error_msg"] = __("Incorrect username or password"); | |
566 | user_error("Failed login attempt from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING); | |
567 | } | |
568 | ||
569 | if ($_REQUEST['return']) { | |
570 | header("Location: " . $_REQUEST['return']); | |
571 | } else { | |
572 | header("Location: " . SELF_URL_PATH); | |
573 | } | |
574 | } | |
575 | } | |
576 | ||
577 | function subscribe() { | |
578 | if (SINGLE_USER_MODE) { | |
579 | login_sequence(); | |
580 | } | |
581 | ||
582 | if ($_SESSION["uid"]) { | |
583 | ||
584 | $feed_url = $this->dbh->escape_string(trim($_REQUEST["feed_url"])); | |
585 | ||
586 | header('Content-Type: text/html; charset=utf-8'); | |
587 | print "<html> | |
588 | <head> | |
589 | <title>Tiny Tiny RSS</title> | |
590 | <link rel=\"stylesheet\" type=\"text/css\" href=\"css/utility.css\"> | |
591 | <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/> | |
592 | <link rel=\"shortcut icon\" type=\"image/png\" href=\"images/favicon.png\"> | |
593 | <link rel=\"icon\" type=\"image/png\" sizes=\"72x72\" href=\"images/favicon-72px.png\"> | |
594 | ||
595 | </head> | |
596 | <body> | |
597 | <img class=\"floatingLogo\" src=\"images/logo_small.png\" | |
598 | alt=\"Tiny Tiny RSS\"/> | |
599 | <h1>".__("Subscribe to feed...")."</h1><div class='content'>"; | |
600 | ||
601 | $rc = subscribe_to_feed($feed_url); | |
602 | ||
603 | switch ($rc['code']) { | |
604 | case 0: | |
605 | print_warning(T_sprintf("Already subscribed to <b>%s</b>.", $feed_url)); | |
606 | break; | |
607 | case 1: | |
608 | print_notice(T_sprintf("Subscribed to <b>%s</b>.", $feed_url)); | |
609 | break; | |
610 | case 2: | |
611 | print_error(T_sprintf("Could not subscribe to <b>%s</b>.", $feed_url)); | |
612 | break; | |
613 | case 3: | |
614 | print_error(T_sprintf("No feeds found in <b>%s</b>.", $feed_url)); | |
615 | break; | |
616 | case 4: | |
617 | print_notice(__("Multiple feed URLs found.")); | |
618 | $feed_urls = $rc["feeds"]; | |
619 | break; | |
620 | case 5: | |
621 | print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url)); | |
622 | break; | |
623 | } | |
624 | ||
625 | if ($feed_urls) { | |
626 | ||
627 | print "<form action=\"public.php\">"; | |
628 | print "<input type=\"hidden\" name=\"op\" value=\"subscribe\">"; | |
629 | ||
630 | print "<select name=\"feed_url\">"; | |
631 | ||
632 | foreach ($feed_urls as $url => $name) { | |
633 | $url = htmlspecialchars($url); | |
634 | $name = htmlspecialchars($name); | |
635 | ||
636 | print "<option value=\"$url\">$name</option>"; | |
637 | } | |
638 | ||
639 | print "<input type=\"submit\" value=\"".__("Subscribe to selected feed"). | |
640 | "\">"; | |
641 | ||
642 | print "</form>"; | |
643 | } | |
644 | ||
645 | $tp_uri = get_self_url_prefix() . "/prefs.php"; | |
646 | $tt_uri = get_self_url_prefix(); | |
647 | ||
648 | if ($rc['code'] <= 2){ | |
649 | $result = $this->dbh->query("SELECT id FROM ttrss_feeds WHERE | |
650 | feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]); | |
651 | ||
652 | $feed_id = $this->dbh->fetch_result($result, 0, "id"); | |
653 | } else { | |
654 | $feed_id = 0; | |
655 | } | |
656 | print "<p>"; | |
657 | ||
658 | if ($feed_id) { | |
659 | print "<form method=\"GET\" style='display: inline' | |
660 | action=\"$tp_uri\"> | |
661 | <input type=\"hidden\" name=\"tab\" value=\"feedConfig\"> | |
662 | <input type=\"hidden\" name=\"method\" value=\"editFeed\"> | |
663 | <input type=\"hidden\" name=\"methodparam\" value=\"$feed_id\"> | |
664 | <input type=\"submit\" value=\"".__("Edit subscription options")."\"> | |
665 | </form>"; | |
666 | } | |
667 | ||
668 | print "<form style='display: inline' method=\"GET\" action=\"$tt_uri\"> | |
669 | <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> | |
670 | </form></p>"; | |
671 | ||
672 | print "</div></body></html>"; | |
673 | ||
674 | } else { | |
675 | render_login_form(); | |
676 | } | |
677 | } | |
678 | ||
679 | function subscribe2() { | |
680 | $feed_url = $this->dbh->escape_string(trim($_REQUEST["feed_url"])); | |
681 | $cat_id = $this->dbh->escape_string($_REQUEST["cat_id"]); | |
682 | $from = $this->dbh->escape_string($_REQUEST["from"]); | |
683 | $feed_urls = array(); | |
684 | ||
685 | /* only read authentication information from POST */ | |
686 | ||
687 | $auth_login = $this->dbh->escape_string(trim($_POST["auth_login"])); | |
688 | $auth_pass = $this->dbh->escape_string(trim($_POST["auth_pass"])); | |
689 | ||
690 | $rc = subscribe_to_feed($feed_url, $cat_id, $auth_login, $auth_pass); | |
691 | ||
692 | switch ($rc) { | |
693 | case 1: | |
694 | print_notice(T_sprintf("Subscribed to <b>%s</b>.", $feed_url)); | |
695 | break; | |
696 | case 2: | |
697 | print_error(T_sprintf("Could not subscribe to <b>%s</b>.", $feed_url)); | |
698 | break; | |
699 | case 3: | |
700 | print_error(T_sprintf("No feeds found in <b>%s</b>.", $feed_url)); | |
701 | break; | |
702 | case 0: | |
703 | print_warning(T_sprintf("Already subscribed to <b>%s</b>.", $feed_url)); | |
704 | break; | |
705 | case 4: | |
706 | print_notice(__("Multiple feed URLs found.")); | |
707 | $contents = @fetch_file_contents($url, false, $auth_login, $auth_pass); | |
708 | if (is_html($contents)) { | |
709 | $feed_urls = get_feeds_from_html($url, $contents); | |
710 | } | |
711 | break; | |
712 | case 5: | |
713 | print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url)); | |
714 | break; | |
715 | } | |
716 | ||
717 | if ($feed_urls) { | |
718 | print "<form action=\"backend.php\">"; | |
719 | print "<input type=\"hidden\" name=\"op\" value=\"pref-feeds\">"; | |
720 | print "<input type=\"hidden\" name=\"quiet\" value=\"1\">"; | |
721 | print "<input type=\"hidden\" name=\"method\" value=\"add\">"; | |
722 | ||
723 | print "<select name=\"feed_url\">"; | |
724 | ||
725 | foreach ($feed_urls as $url => $name) { | |
726 | $url = htmlspecialchars($url); | |
727 | $name = htmlspecialchars($name); | |
728 | print "<option value=\"$url\">$name</option>"; | |
729 | } | |
730 | ||
731 | print "<input type=\"submit\" value=\"".__("Subscribe to selected feed")."\">"; | |
732 | print "</form>"; | |
733 | } | |
734 | ||
735 | $tp_uri = get_self_url_prefix() . "/prefs.php"; | |
736 | $tt_uri = get_self_url_prefix(); | |
737 | ||
738 | if ($rc <= 2){ | |
739 | $result = $this->dbh->query("SELECT id FROM ttrss_feeds WHERE | |
740 | feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]); | |
741 | ||
742 | $feed_id = $this->dbh->fetch_result($result, 0, "id"); | |
743 | } else { | |
744 | $feed_id = 0; | |
745 | } | |
746 | ||
747 | print "<p>"; | |
748 | ||
749 | if ($feed_id) { | |
750 | print "<form method=\"GET\" style='display: inline' | |
751 | action=\"$tp_uri\"> | |
752 | <input type=\"hidden\" name=\"tab\" value=\"feedConfig\"> | |
753 | <input type=\"hidden\" name=\"method\" value=\"editFeed\"> | |
754 | <input type=\"hidden\" name=\"methodparam\" value=\"$feed_id\"> | |
755 | <input type=\"submit\" value=\"".__("Edit subscription options")."\"> | |
756 | </form>"; | |
757 | } | |
758 | ||
759 | print "<form style='display: inline' method=\"GET\" action=\"$tt_uri\"> | |
760 | <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> | |
761 | </form></p>"; | |
762 | ||
763 | print "</body></html>"; | |
764 | } | |
765 | ||
766 | function index() { | |
767 | header("Content-Type: text/plain"); | |
768 | print json_encode(array("error" => array("code" => 7))); | |
769 | } | |
770 | ||
771 | function forgotpass() { | |
772 | startup_gettext(); | |
773 | ||
774 | header('Content-Type: text/html; charset=utf-8'); | |
775 | print "<html><head><title>Tiny Tiny RSS</title> | |
776 | <link rel=\"shortcut icon\" type=\"image/png\" href=\"images/favicon.png\"> | |
777 | <link rel=\"icon\" type=\"image/png\" sizes=\"72x72\" href=\"images/favicon-72px.png\">"; | |
778 | ||
779 | stylesheet_tag("css/utility.css"); | |
780 | javascript_tag("lib/prototype.js"); | |
781 | ||
782 | print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/> | |
783 | </head><body id='forgotpass'>"; | |
784 | ||
785 | print '<div class="floatingLogo"><img src="images/logo_small.png"></div>'; | |
786 | print "<h1>".__("Password recovery")."</h1>"; | |
787 | print "<div class='content'>"; | |
788 | ||
789 | @$method = $_POST['method']; | |
790 | ||
791 | if (!$method) { | |
792 | print_notice(__("You will need to provide valid account name and email. New password will be sent on your email address.")); | |
793 | ||
794 | print "<form method='POST' action='public.php'>"; | |
795 | print "<input type='hidden' name='method' value='do'>"; | |
796 | print "<input type='hidden' name='op' value='forgotpass'>"; | |
797 | ||
798 | print "<fieldset>"; | |
799 | print "<label>".__("Login:")."</label>"; | |
800 | print "<input type='text' name='login' value='' required>"; | |
801 | print "</fieldset>"; | |
802 | ||
803 | print "<fieldset>"; | |
804 | print "<label>".__("Email:")."</label>"; | |
805 | print "<input type='email' name='email' value='' required>"; | |
806 | print "</fieldset>"; | |
807 | ||
808 | print "<fieldset>"; | |
809 | print "<label>".__("How much is two plus two:")."</label>"; | |
810 | print "<input type='text' name='test' value='' required>"; | |
811 | print "</fieldset>"; | |
812 | ||
813 | print "<p/>"; | |
814 | print "<button type='submit'>".__("Reset password")."</button>"; | |
815 | ||
816 | print "</form>"; | |
817 | } else if ($method == 'do') { | |
818 | ||
819 | $login = $this->dbh->escape_string($_POST["login"]); | |
820 | $email = $this->dbh->escape_string($_POST["email"]); | |
821 | $test = $this->dbh->escape_string($_POST["test"]); | |
822 | ||
823 | if (($test != 4 && $test != 'four') || !$email || !$login) { | |
824 | print_error(__('Some of the required form parameters are missing or incorrect.')); | |
825 | ||
826 | print "<form method=\"GET\" action=\"public.php\"> | |
827 | <input type=\"hidden\" name=\"op\" value=\"forgotpass\"> | |
828 | <input type=\"submit\" value=\"".__("Go back")."\"> | |
829 | </form>"; | |
830 | ||
831 | } else { | |
832 | ||
833 | $result = $this->dbh->query("SELECT id FROM ttrss_users | |
834 | WHERE login = '$login' AND email = '$email'"); | |
835 | ||
836 | if ($this->dbh->num_rows($result) != 0) { | |
837 | $id = $this->dbh->fetch_result($result, 0, "id"); | |
838 | ||
839 | Pref_Users::resetUserPassword($id, false); | |
840 | ||
841 | print "<p>"; | |
842 | ||
843 | print "<p>"."Completed."."</p>"; | |
844 | ||
845 | print "<form method=\"GET\" action=\"index.php\"> | |
846 | <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> | |
847 | </form>"; | |
848 | ||
849 | } else { | |
850 | print_error(__("Sorry, login and email combination not found.")); | |
851 | ||
852 | print "<form method=\"GET\" action=\"public.php\"> | |
853 | <input type=\"hidden\" name=\"op\" value=\"forgotpass\"> | |
854 | <input type=\"submit\" value=\"".__("Go back")."\"> | |
855 | </form>"; | |
856 | ||
857 | } | |
858 | } | |
859 | ||
860 | } | |
861 | ||
862 | print "</div>"; | |
863 | print "</body>"; | |
864 | print "</html>"; | |
865 | ||
866 | } | |
867 | ||
868 | function dbupdate() { | |
869 | startup_gettext(); | |
870 | ||
871 | if (!SINGLE_USER_MODE && $_SESSION["access_level"] < 10) { | |
872 | $_SESSION["login_error_msg"] = __("Your access level is insufficient to run this script."); | |
873 | render_login_form(); | |
874 | exit; | |
875 | } | |
876 | ||
877 | ?><html> | |
878 | <head> | |
879 | <title>Database Updater</title> | |
880 | <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> | |
881 | <link rel="stylesheet" type="text/css" href="css/utility.css"/> | |
882 | <link rel=\"shortcut icon\" type=\"image/png\" href=\"images/favicon.png\"> | |
883 | <link rel=\"icon\" type=\"image/png\" sizes=\"72x72\" href=\"images/favicon-72px.png\"> | |
884 | </head> | |
885 | <style type="text/css"> | |
886 | span.ok { color : #009000; font-weight : bold; } | |
887 | span.err { color : #ff0000; font-weight : bold; } | |
888 | </style> | |
889 | <body> | |
890 | <script type='text/javascript'> | |
891 | function confirmOP() { | |
892 | return confirm("Update the database?"); | |
893 | } | |
894 | </script> | |
895 | ||
896 | <div class="floatingLogo"><img src="images/logo_small.png"></div> | |
897 | ||
898 | <h1><?php echo __("Database Updater") ?></h1> | |
899 | ||
900 | <div class="content"> | |
901 | ||
902 | <?php | |
903 | @$op = $_REQUEST["subop"]; | |
904 | $updater = new DbUpdater(Db::get(), DB_TYPE, SCHEMA_VERSION); | |
905 | ||
906 | if ($op == "performupdate") { | |
907 | if ($updater->isUpdateRequired()) { | |
908 | ||
909 | print "<h2>Performing updates</h2>"; | |
910 | ||
911 | print "<h3>Updating to schema version " . SCHEMA_VERSION . "</h3>"; | |
912 | ||
913 | print "<ul>"; | |
914 | ||
915 | for ($i = $updater->getSchemaVersion() + 1; $i <= SCHEMA_VERSION; $i++) { | |
916 | print "<li>Performing update up to version $i..."; | |
917 | ||
918 | $result = $updater->performUpdateTo($i); | |
919 | ||
920 | if (!$result) { | |
921 | print "<span class='err'>FAILED!</span></li></ul>"; | |
922 | ||
923 | print_warning("One of the updates failed. Either retry the process or perform updates manually."); | |
924 | print "<p><form method=\"GET\" action=\"index.php\"> | |
925 | <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> | |
926 | </form>"; | |
927 | ||
928 | break; | |
929 | } else { | |
930 | print "<span class='ok'>OK!</span></li>"; | |
931 | } | |
932 | } | |
933 | ||
934 | print "</ul>"; | |
935 | ||
936 | print_notice("Your Tiny Tiny RSS database is now updated to the latest version."); | |
937 | ||
938 | print "<p><form method=\"GET\" action=\"index.php\"> | |
939 | <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> | |
940 | </form>"; | |
941 | ||
942 | } else { | |
943 | print "<h2>Your database is up to date.</h2>"; | |
944 | ||
945 | print "<p><form method=\"GET\" action=\"index.php\"> | |
946 | <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> | |
947 | </form>"; | |
948 | } | |
949 | } else { | |
950 | if ($updater->isUpdateRequired()) { | |
951 | ||
952 | print "<h2>Database update required</h2>"; | |
953 | ||
954 | print "<h3>"; | |
955 | printf("Your Tiny Tiny RSS database needs update to the latest version: %d to %d.", | |
956 | $updater->getSchemaVersion(), SCHEMA_VERSION); | |
957 | print "</h3>"; | |
958 | ||
959 | print_warning("Please backup your database before proceeding."); | |
960 | ||
961 | print "<form method='POST'> | |
962 | <input type='hidden' name='subop' value='performupdate'> | |
963 | <input type='submit' onclick='return confirmOP()' value='".__("Perform updates")."'> | |
964 | </form>"; | |
965 | ||
966 | } else { | |
967 | ||
968 | print_notice("Tiny Tiny RSS database is up to date."); | |
969 | ||
970 | print "<p><form method=\"GET\" action=\"index.php\"> | |
971 | <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> | |
972 | </form>"; | |
973 | ||
974 | } | |
975 | } | |
976 | ?> | |
977 | ||
978 | </div> | |
979 | </body> | |
980 | </html> | |
981 | <?php | |
982 | } | |
983 | ||
984 | } | |
985 | ?> |