backend.php

   1 <?
   2         require_once "sessions.php";
   3         require_once "backend-rpc.php";
   4
   5         header("Cache-Control: no-cache, must-revalidate");
   6         header("Pragma: no-cache");
   7         header("Expires: -1");
   8
   9 /*      if ($_GET["debug"]) {
  10                 define('DEFAULT_ERROR_LEVEL', E_ALL);
  11         } else {
  12                 define('DEFAULT_ERROR_LEVEL', E_ERROR | E_WARNING | E_PARSE);
  13         }
  14
  15         error_reporting(DEFAULT_ERROR_LEVEL); */
  16
  17         $op = $_REQUEST["op"];
  18
  19         define('SCHEMA_VERSION', 8);
  20
  21         require_once "sanity_check.php";
  22         require_once "config.php";
  23
  24         require_once "db.php";
  25         require_once "db-prefs.php";
  26         require_once "functions.php";
  27         require_once "magpierss/rss_fetch.inc";
  28
  29         $err_msg = check_configuration_variables();
  30
  31         if ($err_msg) {
  32                 header("Content-Type: application/xml");
  33                 print_error_xml(9, $err_msg); die;
  34         }
  35
  36         if ((!$op || $op == "rpc" || $op == "globalUpdateFeeds") && !$_REQUEST["noxml"]) {
  37                 header("Content-Type: application/xml");
  38         }
  39
  40         if (!$_SESSION["uid"] && $op != "globalUpdateFeeds") {
  41
  42                 if ($op == "rpc") {
  43                         print_error_xml(6); die;
  44                 } else {
  45                         print "
  46                         <html><body>
  47                                 <p>Error: Not logged in.</p>
  48                                 <script type=\"text/javascript\">
  49                                         if (parent.window != 'undefined') {
  50                                                 parent.window.location = \"login.php\";
  51                                         } else {
  52                                                 window.location = \"login.php\";
  53                                         }
  54                                 </script>
  55                         </body></html>
  56                         ";
  57                 }
  58                 exit;
  59         }
  60
  61         if (!$op) {
  62                 print_error_xml(7); exit;
  63         }
  64
  65         $purge_intervals = array(
  66                 0  => "Use default",
  67                 -1 => "Never purge",
  68                 5  => "1 week old",
  69                 14 => "2 weeks old",
  70                 31 => "1 month old",
  71                 60 => "2 months old",
  72                 90 => "3 months old");
  73
  74         $update_intervals = array(
  75                 0   => "Use default",
  76                 -1  => "Disable updates",
  77                 30  => "Each 30 minutes",
  78                 60  => "Hourly",
  79                 240 => "Each 4 hours",
  80                 720 => "Each 12 hours",
  81                 1440 => "Daily",
  82                 10080 => "Weekly");
  83
  84         $access_level_names = array(
  85                 0 => "User",
  86                 10 => "Administrator");
  87
  88         $script_started = getmicrotime();
  89
  90         $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
  91
  92         if (!$link) {
  93                 if (DB_TYPE == "mysql") {
  94                         print mysql_error();
  95                 }
  96                 // PG seems to display its own errors just fine by default.
  97                 return;
  98         }
  99
 100         if (DB_TYPE == "pgsql") {
 101                 pg_query("set client_encoding = 'utf-8'");
 102         }
 103
 104         if ($_SESSION["uid"]) {
 105
 106 //              setcookie('ttrss_vf_refresh', FEEDS_FRAME_REFRESH);
 107 //              setcookie('ttrss_vf_daemon', ENABLE_UPDATE_DAEMON);
 108
 109 /*              if (get_pref($link, "ON_CATCHUP_SHOW_NEXT_FEED")) {
 110                         setcookie('ttrss_vf_catchupnext', 1);
 111                 } else {
 112                         setcookie('ttrss_vf_catchupnext', 0);
 113                 } */
 114         }
 115
 116         $fetch = $_GET["fetch"];
 117
 118 //      setcookie("ttrss_icons_url", ICONS_URL);
 119
 120         if (!sanity_check($link)) { return; }
 121
 122         function outputFeedList($link, $tags = false) {
 123
 124                 print "<html><head>
 125                         <title>Tiny Tiny RSS : Feedlist</title>
 126                         <link rel=\"stylesheet\" href=\"tt-rss.css\" type=\"text/css\">";
 127
 128                 $user_theme = $_SESSION["theme"];
 129                 if ($user_theme) {
 130                         print "<link rel=\"stylesheet\" type=\"text/css\"
 131                                 href=\"themes/$user_theme/theme.css\">";
 132                 }
 133
 134                 if (get_pref($link, 'USE_COMPACT_STYLESHEET')) {
 135                         print "<link rel=\"stylesheet\" type=\"text/css\"
 136                                 href=\"tt-rss_compact.css\"/>";
 137                 } else {
 138                         print "<link title=\"Compact Stylesheet\" rel=\"alternate stylesheet\"
 139                                         type=\"text/css\" href=\"tt-rss_compact.css\"/>";
 140                 }
 141
 142                 $script_dt_add = get_script_dt_add();
 143
 144                 print "
 145                         <script type=\"text/javascript\" src=\"prototype.js\"></script>
 146                         <script type=\"text/javascript\" src=\"functions.js?$script_dt_add\"></script>
 147                         <script type=\"text/javascript\" src=\"feedlist.js?$script_dt_add\"></script>
 148                         <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">
 149                         <!--[if gte IE 5.5000]>
 150                         <script type=\"text/javascript\" src=\"pngfix.js\"></script>
 151                         <link rel=\"stylesheet\" type=\"text/css\" href=\"tt-rss-ie.css\">
 152                         <![endif]-->
 153                         </head><body>
 154                         <script type=\"text/javascript\">
 155                                 if (document.addEventListener) {
 156                                         document.addEventListener(\"DOMContentLoaded\", init, null);
 157                                 }
 158                                 window.onload = init;
 159                         </script>";
 160
 161                 print "<ul class=\"feedList\" id=\"feedList\">\n";
 162
 163                 $owner_uid = $_SESSION["uid"];
 164
 165                 if (!$tags) {
 166
 167                         /* virtual feeds */
 168
 169                         if (get_pref($link, 'ENABLE_FEED_CATS')) {
 170                                 print "<li class=\"feedCat\">Special</li>";
 171                                 print "<li id=\"feedCatHolder\"><ul class=\"feedCatList\">";
 172                         }
 173
 174                         $result = db_query($link, "SELECT count(id) as num_starred
 175                                 FROM ttrss_entries,ttrss_user_entries
 176                                 WHERE marked = true AND
 177                                 ttrss_user_entries.ref_id = ttrss_entries.id AND
 178                                 unread = true AND owner_uid = '$owner_uid'");
 179                         $num_starred = db_fetch_result($result, 0, "num_starred");
 180
 181                         $class = "virt";
 182
 183                         if ($num_starred > 0) $class .= "Unread";
 184
 185                         printFeedEntry(-1, $class, "Starred articles", $num_starred,
 186                                 "images/mark_set.png", $link);
 187
 188                         if (get_pref($link, 'ENABLE_FEED_CATS')) {
 189                                 print "</ul>\n";
 190                         }
 191
 192                         if (GLOBAL_ENABLE_LABELS && get_pref($link, 'ENABLE_LABELS')) {
 193
 194                                 $result = db_query($link, "SELECT id,sql_exp,description FROM
 195                                         ttrss_labels WHERE owner_uid = '$owner_uid' ORDER by description");
 196
 197                                 if (db_num_rows($result) > 0) {
 198                                         if (get_pref($link, 'ENABLE_FEED_CATS')) {
 199                                                 print "<li class=\"feedCat\">Labels</li>";
 200                                                 print "<li id=\"feedCatHolder\"><ul class=\"feedCatList\">";
 201                                         } else {
 202                                                 print "<li><hr></li>";
 203                                         }
 204                                 }
 205
 206                                 while ($line = db_fetch_assoc($result)) {
 207
 208                                         error_reporting (0);
 209
 210                                         $tmp_result = db_query($link, "SELECT count(id) as count
 211                                                 FROM ttrss_entries,ttrss_user_entries
 212                                                 WHERE (" . $line["sql_exp"] . ") AND unread = true AND
 213                                                 ttrss_user_entries.ref_id = ttrss_entries.id
 214                                                 AND owner_uid = '$owner_uid'");
 215
 216                                         $count = db_fetch_result($tmp_result, 0, "count");
 217
 218                                         $class = "label";
 219
 220                                         if ($count > 0) {
 221                                                 $class .= "Unread";
 222                                         }
 223
 224                                         error_reporting (DEFAULT_ERROR_LEVEL);
 225
 226                                         printFeedEntry(-$line["id"]-11,
 227                                                 $class, $line["description"], $count, "images/label.png", $link);
 228
 229                                 }
 230
 231                                 if (db_num_rows($result) > 0) {
 232                                         if (get_pref($link, 'ENABLE_FEED_CATS')) {
 233                                                 print "</ul>";
 234                                         }
 235                                 }
 236
 237                         }
 238
 239 //                      if (!get_pref($link, 'ENABLE_FEED_CATS')) {
 240                                 print "<li><hr></li>";
 241 //                      }
 242
 243                         if (get_pref($link, 'ENABLE_FEED_CATS')) {
 244                                 if (get_pref($link, "FEEDS_SORT_BY_UNREAD")) {
 245                                         $order_by_qpart = "category,unread DESC,title";
 246                                 } else {
 247                                         $order_by_qpart = "category,title";
 248                                 }
 249                         } else {
 250                                 if (get_pref($link, "FEEDS_SORT_BY_UNREAD")) {
 251                                         $order_by_qpart = "unread DESC,title";
 252                                 } else {
 253                                         $order_by_qpart = "title";
 254                                 }
 255                         }
 256
 257                         $result = db_query($link, "SELECT ttrss_feeds.*,
 258                                 SUBSTRING(last_updated,1,19) AS last_updated_noms,
 259                                 (SELECT COUNT(id) FROM ttrss_entries,ttrss_user_entries
 260                                         WHERE feed_id = ttrss_feeds.id AND
 261                                         ttrss_user_entries.ref_id = ttrss_entries.id AND
 262                                         owner_uid = '$owner_uid') AS total,
 263                                 (SELECT COUNT(id) FROM ttrss_entries,ttrss_user_entries
 264                                         WHERE feed_id = ttrss_feeds.id AND unread = true
 265                                                 AND ttrss_user_entries.ref_id = ttrss_entries.id
 266                                                 AND owner_uid = '$owner_uid') as unread,
 267                                 cat_id,last_error,
 268                                 ttrss_feed_categories.title AS category,
 269                                 ttrss_feed_categories.collapsed
 270                                 FROM ttrss_feeds LEFT JOIN ttrss_feed_categories
 271                                         ON (ttrss_feed_categories.id = cat_id)
 272                                 WHERE
 273                                         ttrss_feeds.owner_uid = '$owner_uid' AND parent_feed IS NULL
 274                                 ORDER BY $order_by_qpart");
 275
 276                         $actid = $_GET["actid"];
 277
 278                         /* real feeds */
 279
 280                         $lnum = 0;
 281
 282                         $total_unread = 0;
 283
 284                         $category = "";
 285
 286                         $short_date = get_pref($link, 'SHORT_DATE_FORMAT');
 287
 288                         while ($line = db_fetch_assoc($result)) {
 289
 290                                 $feed = db_unescape_string($line["title"]);
 291                                 $feed_id = $line["id"];
 292
 293                                 $subop = $_GET["subop"];
 294
 295                                 $total = $line["total"];
 296                                 $unread = $line["unread"];
 297
 298                                 if (get_pref($link, 'HEADLINES_SMART_DATE')) {
 299                                         $last_updated = smart_date_time(strtotime($line["last_updated_noms"]));
 300                                 } else {
 301                                         $last_updated = date($short_date, strtotime($line["last_updated_noms"]));
 302                                 }
 303
 304                                 $rtl_content = sql_bool_to_bool($line["rtl_content"]);
 305
 306                                 if ($rtl_content) {
 307                                         $rtl_tag = "dir=\"RTL\"";
 308                                 } else {
 309                                         $rtl_tag = "";
 310                                 }
 311
 312                                 $tmp_result = db_query($link,
 313                                         "SELECT id,COUNT(unread) AS unread
 314                                         FROM ttrss_feeds LEFT JOIN ttrss_user_entries
 315                                                 ON (ttrss_feeds.id = ttrss_user_entries.feed_id)
 316                                         WHERE parent_feed = '$feed_id' AND unread = true
 317                                         GROUP BY ttrss_feeds.id");
 318
 319                                 if (db_num_rows($tmp_result) > 0) {
 320                                         while ($l = db_fetch_assoc($tmp_result)) {
 321                                                 $unread += $l["unread"];
 322                                         }
 323                                 }
 324
 325                                 $cat_id = $line["cat_id"];
 326
 327                                 $tmp_category = $line["category"];
 328
 329                                 if (!$tmp_category) {
 330                                         $tmp_category = "Uncategorized";
 331                                 }
 332
 333         //                      $class = ($lnum % 2) ? "even" : "odd";
 334
 335                                 if ($line["last_error"]) {
 336                                         $class = "error";
 337                                 } else {
 338                                         $class = "feed";
 339                                 }
 340
 341                                 if ($unread > 0) $class .= "Unread";
 342
 343                                 if ($actid == $feed_id) {
 344                                         $class .= "Selected";
 345                                 }
 346
 347                                 $total_unread += $unread;
 348
 349                                 if ($category != $tmp_category && get_pref($link, 'ENABLE_FEED_CATS')) {
 350
 351                                         if ($category) {
 352                                                 print "</ul></li>";
 353                                         }
 354
 355                                         $category = $tmp_category;
 356
 357                                         $collapsed = $line["collapsed"];
 358
 359                                         // workaround for NULL category
 360                                         if ($category == "Uncategorized") {
 361                                                 if ($_COOKIE["ttrss_vf_uclps"] == 1) {
 362                                                         $collapsed = "t";
 363                                                 }
 364                                         }
 365
 366                                         if ($collapsed == "t" || $collapsed == "1") {
 367                                                 $holder_class = "invisible";
 368                                                 $ellipsis = "...";
 369                                         } else {
 370                                                 $holder_class = "";
 371                                                 $ellipsis = "";
 372                                         }
 373
 374                                         if ($cat_id) {
 375                                                 $cat_id_qpart = "cat_id = '$cat_id'";
 376                                         } else {
 377                                                 $cat_id_qpart = "cat_id IS NULL";
 378                                         }
 379
 380                                         $tmp_result = db_query($link, "SELECT count(int_id) AS unread
 381                                                 FROM ttrss_user_entries,ttrss_feeds WHERE
 382                                                         unread = true AND
 383                                                         feed_id = ttrss_feeds.id AND $cat_id_qpart AND
 384                                                         ttrss_user_entries.owner_uid = " . $_SESSION["uid"]);
 385
 386                                         $cat_unread = db_fetch_result($tmp_result, 0, "unread");
 387
 388                                         $cat_id = sprintf("%d", $cat_id);
 389
 390                                         print "<li class=\"feedCat\" id=\"FCAT-$cat_id\">
 391                                                 <a href=\"javascript:toggleCollapseCat($cat_id)\">$tmp_category</a>
 392                                                         <a href=\"javascript:viewCategory($cat_id)\" id=\"FCAP-$cat_id\">
 393                                                         <span id=\"FCATCTR-$cat_id\"
 394                                                         class=\"$catctr_class\">($cat_unread unread)$ellipsis</span>
 395                                                         </a></li>";
 396
 397                                         // !!! NO SPACE before <ul...feedCatList - breaks firstChild DOM function
 398                                         // -> keyboard navigation, etc.
 399                                         print "<li id=\"feedCatHolder\" class=\"$holder_class\"><ul class=\"feedCatList\" id=\"FCATLIST-$cat_id\">";
 400                                 }
 401
 402                                 printFeedEntry($feed_id, $class, $feed, $unread,
 403                                         "icons/$feed_id.ico", $link, $rtl_content,
 404                                         $last_updated, $line["last_error"]);
 405
 406                                 ++$lnum;
 407                         }
 408
 409                 } else {
 410
 411                         // tags
 412
 413 /*                      $result = db_query($link, "SELECT tag_name,count(ttrss_entries.id) AS count
 414                                 FROM ttrss_tags,ttrss_entries,ttrss_user_entries WHERE
 415                                 post_int_id = ttrss_user_entries.int_id AND
 416                                 unread = true AND ref_id = ttrss_entries.id
 417                                 AND ttrss_tags.owner_uid = '$owner_uid' GROUP BY tag_name
 418                         UNION
 419                                 select tag_name,0 as count FROM ttrss_tags WHERE owner_uid = '$owner_uid'
 420                         ORDER BY tag_name"); */
 421
 422                         $result = db_query($link, "SELECT tag_name,SUM((SELECT COUNT(int_id)
 423                                 FROM ttrss_user_entries WHERE int_id = post_int_id
 424                                         AND unread = true)) AS count FROM ttrss_tags
 425                                 WHERE owner_uid = 2 GROUP BY tag_name ORDER BY tag_name");
 426
 427                         $tags = array();
 428
 429                         while ($line = db_fetch_assoc($result)) {
 430                                 $tags[$line["tag_name"]] += $line["count"];
 431                         }
 432
 433                         foreach (array_keys($tags) as $tag) {
 434
 435                                 $unread = $tags[$tag];
 436
 437                                 $class = "tag";
 438
 439                                 if ($unread > 0) {
 440                                         $class .= "Unread";
 441                                 }
 442
 443                                 printFeedEntry($tag, $class, $tag, $unread, "images/tag.png", $link);
 444
 445                         }
 446
 447                 }
 448
 449                 if (db_num_rows($result) == 0) {
 450                         if ($tags) {
 451                                 $what = "tags";
 452                         } else {
 453                                 $what = "feeds";
 454                         }
 455                         print "<li>No $what to display.</li>";
 456                 }
 457
 458                 print "</ul>";
 459
 460                 print '
 461                         <script type="text/javascript">
 462                                 /* for IE */
 463                                 function statechange() {
 464                                         if (document.readyState == "interactive") init();
 465                                 }
 466
 467                                 if (document.readyState) {
 468                                         if (document.readyState == "interactive" || document.readyState == "complete") {
 469                                                 init();
 470                                         } else {
 471                                                 document.onreadystatechange = statechange;
 472                                         }
 473                                 }
 474                         </script></body></html>';
 475         }
 476
 477
 478         if ($op == "rpc") {
 479                 handle_rpc_request($link);
 480         }
 481
 482         if ($op == "feeds") {
 483
 484                 $tags = $_GET["tags"];
 485
 486                 $subop = $_GET["subop"];
 487
 488                 if ($subop == "catchupAll") {
 489                         db_query($link, "UPDATE ttrss_user_entries SET
 490                                 last_read = NOW(),unread = false WHERE owner_uid = " . $_SESSION["uid"]);
 491                 }
 492
 493                 if ($subop == "collapse") {
 494                         $cat_id = db_escape_string($_GET["cid"]);
 495
 496                         db_query($link, "UPDATE ttrss_feed_categories SET
 497                                 collapsed = NOT collapsed WHERE id = '$cat_id' AND owner_uid = " .
 498                                 $_SESSION["uid"]);
 499                         return;
 500                 }
 501
 502                 outputFeedList($link, $tags);
 503
 504         }
 505
 506         if ($op == "view") {
 507
 508                 $id = db_escape_string($_GET["id"]);
 509                 $feed_id = db_escape_string($_GET["feed"]);
 510
 511                 $result = db_query($link, "SELECT rtl_content FROM ttrss_feeds
 512                         WHERE id = '$feed_id' AND owner_uid = " . $_SESSION["uid"]);
 513
 514                 if (db_num_rows($result) == 1) {
 515                         $rtl_content = sql_bool_to_bool(db_fetch_result($result, 0, "rtl_content"));
 516                 } else {
 517                         $rtl_content = false;
 518                 }
 519
 520                 if ($rtl_content) {
 521                         $rtl_tag = "dir=\"RTL\"";
 522                         $rtl_class = "RTL";
 523                 } else {
 524                         $rtl_tag = "";
 525                         $rtl_class = "";
 526                 }
 527
 528                 $result = db_query($link, "UPDATE ttrss_user_entries
 529                         SET unread = false,last_read = NOW()
 530                         WHERE ref_id = '$id' AND feed_id = '$feed_id' AND owner_uid = " . $_SESSION["uid"]);
 531
 532                 $result = db_query($link, "SELECT title,link,content,feed_id,comments,int_id,
 533                         SUBSTRING(updated,1,16) as updated,
 534                         (SELECT icon_url FROM ttrss_feeds WHERE id = feed_id) as icon_url,
 535                         num_comments,
 536                         author
 537                         FROM ttrss_entries,ttrss_user_entries
 538                         WHERE   id = '$id' AND ref_id = id AND owner_uid = " . $_SESSION["uid"]);
 539
 540                 print "<html><head>
 541                         <title>Tiny Tiny RSS : Article $id</title>
 542                         <link rel=\"stylesheet\" href=\"tt-rss.css\" type=\"text/css\">";
 543
 544                 $user_theme = $_SESSION["theme"];
 545                 if ($user_theme) {
 546                         print "<link rel=\"stylesheet\" type=\"text/css\"
 547                                 href=\"themes/$user_theme/theme.css\">";
 548                 }
 549
 550                 if (get_pref($link, 'USE_COMPACT_STYLESHEET')) {
 551                         print "<link rel=\"stylesheet\" type=\"text/css\"
 552                                 href=\"tt-rss_compact.css\"/>";
 553                 } else {
 554                         print "<link title=\"Compact Stylesheet\" rel=\"alternate stylesheet\"
 555                                         type=\"text/css\" href=\"tt-rss_compact.css\"/>";
 556                 }
 557
 558                 $script_dt_add = get_script_dt_add();
 559
 560                 print "
 561                         <script type=\"text/javascript\" src=\"prototype.js\"></script>
 562                         <script type=\"text/javascript\" src=\"functions.js?$script_dt_add\"></script>
 563                         <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">
 564                         </head><body $rtl_tag>";
 565
 566                 if ($result) {
 567
 568                         $line = db_fetch_assoc($result);
 569
 570                         if ($line["icon_url"]) {
 571                                 $feed_icon = "<img class=\"feedIcon\" src=\"" . $line["icon_url"] . "\">";
 572                         } else {
 573                                 $feed_icon = "&nbsp;";
 574                         }
 575
 576 /*                      if ($line["comments"] && $line["link"] != $line["comments"]) {
 577                                 $entry_comments = "(<a href=\"".$line["comments"]."\">Comments</a>)";
 578                         } else {
 579                                 $entry_comments = "";
 580                         } */
 581
 582                         $num_comments = $line["num_comments"];
 583                         $entry_comments = "";
 584
 585                         if ($num_comments > 0) {
 586                                 if ($line["comments"]) {
 587                                         $comments_url = $line["comments"];
 588                                 } else {
 589                                         $comments_url = $line["link"];
 590                                 }
 591                                 $entry_comments = "<a href=\"$comments_url\">$num_comments comments</a>";
 592                         } else {
 593                                 if ($line["comments"] && $line["link"] != $line["comments"]) {
 594                                         $entry_comments = "<a href=\"".$line["comments"]."\">comments</a>";
 595                                 }
 596                         }
 597
 598                         print "<div class=\"postReply\">";
 599
 600                         print "<div class=\"postHeader\"><table width=\"100%\">";
 601
 602                         $entry_author = $line["author"];
 603
 604                         if ($entry_author) {
 605                                 $entry_author = " - by $entry_author";
 606                         }
 607
 608                         print "<tr><td><a href=\"" . $line["link"] . "\">" . $line["title"] .
 609                                 "</a>$entry_author</td>";
 610
 611                         $parsed_updated = date(get_pref($link, 'LONG_DATE_FORMAT'),
 612                                 strtotime($line["updated"]));
 613
 614                         print "<td class=\"postDate$rtl_class\">$parsed_updated</td>";
 615
 616                         print "</tr>";
 617
 618                         $tmp_result = db_query($link, "SELECT DISTINCT tag_name FROM
 619                                 ttrss_tags WHERE post_int_id = " . $line["int_id"] . "
 620                                 ORDER BY tag_name");
 621
 622                         $tags_str = "";
 623                         $f_tags_str = "";
 624
 625                         $num_tags = 0;
 626
 627                         while ($tmp_line = db_fetch_assoc($tmp_result)) {
 628                                 $num_tags++;
 629                                 $tag = $tmp_line["tag_name"];
 630                                 $tag_str = "<a href=\"javascript:parent.viewfeed('$tag')\">$tag</a>, ";
 631
 632                                 if ($num_tags == 5) {
 633                                         $tags_str .= "<a href=\"javascript:showBlockElement('allEntryTags')\">...</a>";
 634                                 } else if ($num_tags < 5) {
 635                                         $tags_str .= $tag_str;
 636                                 }
 637                                 $f_tags_str .= $tag_str;
 638                         }
 639
 640                         $tags_str = preg_replace("/, $/", "", $tags_str);
 641                         $f_tags_str = preg_replace("/, $/", "", $f_tags_str);
 642
 643 //                      $truncated_link = truncate_string($line["link"], 60);
 644
 645                         if ($tags_str || $entry_comments) {
 646                                 print "<tr><td width='50%'>
 647                                         $entry_comments</td>
 648                                         <td align=\"right\">$tags_str</td></tr>";
 649                         }
 650
 651                         print "</table></div>";
 652
 653                         print "<div class=\"postIcon\">" . $feed_icon . "</div>";
 654                         print "<div class=\"postContent\">";
 655
 656                         if (db_num_rows($tmp_result) > 5) {
 657                                 print "<div id=\"allEntryTags\">Tags: $f_tags_str</div>";
 658                         }
 659
 660                         if (get_pref($link, 'OPEN_LINKS_IN_NEW_WINDOW')) {
 661                                 $line["content"] = preg_replace("/href=/i", "target=\"_new\" href=", $line["content"]);
 662                         }
 663
 664                         print $line["content"] . "</div>";
 665
 666                         print "</div>";
 667
 668                         print "<script type=\"text/javascript\">
 669                                 try {
 670                                         parent.update_all_counters('$feed_id');
 671                                 } catch (e) {
 672                                         exception_error('view/footer', e);
 673                                 }
 674                         </script>";
 675                 }
 676
 677                 print "</body></html>";
 678         }
 679
 680         if ($op == "viewfeed") {
 681
 682                 $feed = db_escape_string($_GET["feed"]);
 683                 $subop = db_escape_string($_GET["subop"]);
 684                 $view_mode = db_escape_string($_GET["view_mode"]);
 685                 $limit = db_escape_string($_GET["limit"]);
 686                 $cat_view = db_escape_string($_GET["cat"]);
 687                 $next_unread_feed = db_escape_string($_GET["nuf"]);
 688
 689                 if ($subop == "undefined") $subop = "";
 690
 691                 print "<html><head>
 692                         <title>Tiny Tiny RSS : Feed $feed</title>
 693                         <link rel=\"stylesheet\" href=\"tt-rss.css\" type=\"text/css\">";
 694
 695                 $user_theme = $_SESSION["theme"];
 696                 if ($user_theme) {
 697                         print "<link rel=\"stylesheet\" type=\"text/css\"
 698                                 href=\"themes/$user_theme/theme.css\">";
 699                 }
 700
 701                 if (get_pref($link, 'USE_COMPACT_STYLESHEET')) {
 702                         print "<link rel=\"stylesheet\"
 703                                         type=\"text/css\" href=\"tt-rss_compact.css\"/>";
 704
 705                 } else {
 706                         print "<link title=\"Compact Stylesheet\" rel=\"alternate stylesheet\"
 707                                         type=\"text/css\" href=\"tt-rss_compact.css\"/>";
 708                 }
 709
 710                 if ($subop == "ForceUpdate" && sprintf("%d", $feed) > 0) {
 711                         update_generic_feed($link, $feed, $cat_view);
 712                 }
 713
 714                 if ($subop == "MarkAllRead")  {
 715                         catchup_feed($link, $feed, $cat_view);
 716
 717                         if (get_pref($link, 'ON_CATCHUP_SHOW_NEXT_FEED')) {
 718                                 if ($next_unread_feed) {
 719                                         $feed = $next_unread_feed;
 720                                 }
 721                         }
 722                 }
 723
 724                 if ($feed_id > 0) {
 725                         $result = db_query($link,
 726                                 "SELECT id FROM ttrss_feeds WHERE id = '$feed' LIMIT 1");
 727
 728                         if (db_num_rows($result) == 0) {
 729                                 print "<div align='center'>
 730                                         Feed not found.</div>";
 731                                 return;
 732                         }
 733                 }
 734
 735                 if (preg_match("/^-?[0-9][0-9]*$/", $feed) != false) {
 736
 737                         $result = db_query($link, "SELECT rtl_content FROM ttrss_feeds
 738                                 WHERE id = '$feed' AND owner_uid = " . $_SESSION["uid"]);
 739
 740                         if (db_num_rows($result) == 1) {
 741                                 $rtl_content = sql_bool_to_bool(db_fetch_result($result, 0, "rtl_content"));
 742                         } else {
 743                                 $rtl_content = false;
 744                         }
 745
 746                         if ($rtl_content) {
 747                                 $rtl_tag = "dir=\"RTL\"";
 748                         } else {
 749                                 $rtl_tag = "";
 750                         }
 751                 } else {
 752                         $rtl_tag = "";
 753                         $rtl_content = false;
 754                 }
 755
 756                 $script_dt_add = get_script_dt_add();
 757
 758                 print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">
 759                         <script type=\"text/javascript\" src=\"prototype.js\"></script>
 760                         <script type=\"text/javascript\" src=\"functions.js?$script_dt_add\"></script>
 761                         <script type=\"text/javascript\" src=\"viewfeed.js?$script_dt_add\"></script>
 762                         <!--[if gte IE 5.5000]>
 763                         <script type=\"text/javascript\" src=\"pngfix.js\"></script>
 764                         <link rel=\"stylesheet\" type=\"text/css\" href=\"tt-rss-ie.css\">
 765                         <![endif]-->
 766                         </head><body $rtl_tag>
 767                         <script type=\"text/javascript\">
 768                         if (document.addEventListener) {
 769                                 document.addEventListener(\"DOMContentLoaded\", init, null);
 770                         }
 771                         window.onload = init;
 772                         </script>";
 773
 774                 /// START /////////////////////////////////////////////////////////////////////////////////
 775
 776                 $search = db_escape_string($_GET["query"]);
 777                 $search_mode = db_escape_string($_GET["search_mode"]);
 778                 $match_on = db_escape_string($_GET["match_on"]);
 779
 780                 if (!$match_on) {
 781                         $match_on = "both";
 782                 }
 783
 784                 $qfh_ret = queryFeedHeadlines($link, $feed, $limit, $view_mode, $cat_view, $search, $search_mode, $match_on);
 785
 786                 $result = $qfh_ret[0];
 787                 $feed_title = $qfh_ret[1];
 788
 789                 /// STOP //////////////////////////////////////////////////////////////////////////////////
 790
 791                 print "<div id=\"headlinesContainer\">";
 792
 793                 if (!$result) {
 794                         print "<div align='center'>
 795                                 Could not display feed (query failed). Please check label match syntax or local configuration.</div>";
 796                         return;
 797                 }
 798
 799                 function print_headline_subtoolbar($link, $feed_site_url, $feed_title,
 800                                                 $bottom = false, $rtl_content = false) {
 801
 802                         if (!$bottom) {
 803                                 $class = "headlinesSubToolbar";
 804                                 $tid = "headlineActionsTop";
 805                         } else {
 806                                 $class = "invisible";
 807                                 $tid = "headlineActionsBottom";
 808                         }
 809
 810                         print "<table class=\"$class\" id=\"$tid\"
 811                                 width=\"100%\" cellspacing=\"0\" cellpadding=\"0\"><tr>";
 812
 813                         if ($rtl_content) {
 814                                 $rtl_cpart = "RTL";
 815                         } else {
 816                                 $rtl_cpart = "";
 817                         }
 818
 819                         if (!get_pref($link, 'COMBINED_DISPLAY_MODE')) {
 820
 821                                 print "<td class=\"headlineActions$rtl_cpart\">
 822                                         Select:
 823                                                                 <a href='#' onclick=\"javascript:selectTableRowsByIdPrefix('headlinesList', 'RROW-', 'RCHK-', true, '', true)\">All</a>,
 824                                                                 <a href='#' onclick=\"javascript:selectTableRowsByIdPrefix('headlinesList', 'RROW-', 'RCHK-', true, 'Unread', true)\">Unread</a>,
 825                                                                 <a href='#' onclick=\"javascript:selectTableRowsByIdPrefix('headlinesList', 'RROW-', 'RCHK-', false)\">None</a>
 826                                                 &nbsp;&nbsp;
 827                                                 Toggle: <a href='#' onclick=\"javascript:selectionToggleUnread()\">Unread</a>,
 828                                                                 <a href='#' onclick=\"javascript:selectionToggleMarked()\">Starred</a>";
 829                                 print "</td>";
 830
 831                         } else {
 832
 833                                 print "<td class=\"headlineActions$rtl_cpart\">
 834                                         Select:
 835                                                                 <a href=\"#\" onclick=\"javascript:cdmSelectArticles('all')\">All</a>,
 836                                                                 <a href=\"#\" onclick=\"javascript:cdmSelectArticles('unread')\">Unread</a>,
 837                                                                 <a href=\"#\" onclick=\"javascript:cdmSelectArticles('none')\">None</a>
 838                                                 &nbsp;&nbsp;
 839                                                 Toggle: <a href=\"#\" onclick=\"javascript:selectionToggleUnread(true)\">Unread</a>,
 840                                                                 <a href=\"#\" onclick=\"javascript:selectionToggleMarked(true)\">Starred</a>";
 841
 842                                 print "</td>";
 843
 844                         }
 845
 846                         print "<td class=\"headlineTitle$rtl_cpart\">";
 847
 848                         if ($feed_site_url) {
 849                                 if (!$bottom) {
 850                                         $target = "target=\"_blank\"";
 851                                 }
 852                                 print "<a $target href=\"$feed_site_url\">$feed_title</a>";
 853                         } else {
 854                                 print $feed_title;
 855                         }
 856
 857                         print "</td>";
 858                         print "</tr></table>";
 859
 860                 }
 861
 862                 if (db_num_rows($result) > 0) {
 863
 864                         print_headline_subtoolbar($link, $feed_site_url, $feed_title, false,
 865                                 $rtl_content);
 866
 867                         if (!get_pref($link, 'COMBINED_DISPLAY_MODE')) {
 868                                 print "<table class=\"headlinesList\" id=\"headlinesList\"
 869                                         cellspacing=\"0\" width=\"100%\">";
 870                         }
 871
 872                         $lnum = 0;
 873
 874                         error_reporting (DEFAULT_ERROR_LEVEL);
 875
 876                         $num_unread = 0;
 877
 878                         while ($line = db_fetch_assoc($result)) {
 879
 880                                 $class = ($lnum % 2) ? "even" : "odd";
 881
 882                                 $id = $line["id"];
 883                                 $feed_id = $line["feed_id"];
 884
 885                                 if ($line["last_read"] == "" &&
 886                                                 ($line["unread"] != "t" && $line["unread"] != "1")) {
 887
 888                                         $update_pic = "<img id='FUPDPIC-$id' src=\"images/updated.png\"
 889                                                 alt=\"Updated\">";
 890                                 } else {
 891                                         $update_pic = "<img id='FUPDPIC-$id' src=\"images/blank_icon.gif\"
 892                                                 alt=\"Updated\">";
 893                                 }
 894
 895                                 if ($line["unread"] == "t" || $line["unread"] == "1") {
 896                                         $class .= "Unread";
 897                                         ++$num_unread;
 898                                         $is_unread = true;
 899                                 } else {
 900                                         $is_unread = false;
 901                                 }
 902
 903                                 if ($line["marked"] == "t" || $line["marked"] == "1") {
 904                                         $marked_pic = "<img id=\"FMARKPIC-$id\" src=\"images/mark_set.png\"
 905                                                 alt=\"Reset mark\" onclick='javascript:toggleMark($id)'>";
 906                                 } else {
 907                                         $marked_pic = "<img id=\"FMARKPIC-$id\" src=\"images/mark_unset.png\"
 908                                                 alt=\"Set mark\" onclick='javascript:toggleMark($id)'>";
 909                                 }
 910
 911                                 $content_link = "<a href=\"javascript:view($id,$feed_id);\">" .
 912                                         $line["title"] . "</a>";
 913
 914                                 if (get_pref($link, 'HEADLINES_SMART_DATE')) {
 915                                         $updated_fmt = smart_date_time(strtotime($line["updated"]));
 916                                 } else {
 917                                         $short_date = get_pref($link, 'SHORT_DATE_FORMAT');
 918                                         $updated_fmt = date($short_date, strtotime($line["updated"]));
 919                                 }
 920
 921                                 if (get_pref($link, 'SHOW_CONTENT_PREVIEW')) {
 922                                         $content_preview = truncate_string(strip_tags($line["content_preview"]),
 923                                                 100);
 924                                 }
 925
 926                                 if (!get_pref($link, 'COMBINED_DISPLAY_MODE')) {
 927
 928                                         print "<tr class='$class' id='RROW-$id'>";
 929
 930                                         print "<td class='hlUpdatePic'>$update_pic</td>";
 931
 932                                         print "<td class='hlSelectRow'>
 933                                                 <input type=\"checkbox\" onclick=\"toggleSelectRow(this)\"
 934                                                         class=\"feedCheckBox\" id=\"RCHK-$id\">
 935                                                 </td>";
 936
 937                                         print "<td class='hlMarkedPic'>$marked_pic</td>";
 938
 939                                         if ($line["feed_title"]) {
 940                                                 print "<td class='hlContent'>$content_link</td>";
 941                                                 print "<td class='hlFeed'>
 942                                                         <a href='javascript:viewfeed($feed_id)'>".
 943                                                                 $line["feed_title"]."</a>&nbsp;</td>";
 944                                         } else {
 945                                                 print "<td class='hlContent' valign='middle'>";
 946
 947                                                 print "<a href=\"javascript:view($id,$feed_id);\">" .
 948                                                         $line["title"];
 949
 950                                                 if (get_pref($link, 'SHOW_CONTENT_PREVIEW') && !$rtl_tag) {
 951                                                         if ($content_preview) {
 952                                                                 print "<span class=\"contentPreview\"> - $content_preview</span>";
 953                                                         }
 954                                                 }
 955
 956                                                 print "</a>";
 957                                                 print "</td>";
 958                                         }
 959
 960                                         print "<td class=\"hlUpdated\"><nobr>$updated_fmt&nbsp;</nobr></td>";
 961
 962                                         print "</tr>";
 963
 964                                 } else {
 965
 966                                         if ($is_unread) {
 967                                                 $add_class = "Unread";
 968                                         } else {
 969                                                 $add_class = "";
 970                                         }
 971
 972                                         print "<div class=\"cdmArticle$add_class\" id=\"RROW-$id\">";
 973
 974                                         print "<div class=\"cdmHeader\">";
 975
 976                                         print "<div style=\"float : right\">$updated_fmt,
 977                                                 <a class=\"cdmToggleLink\"
 978                                                         href=\"javascript:toggleUnread($id)\">Toggle unread</a>
 979                                         </div>";
 980
 981                                         print "<a class=\"title\"
 982                                                 onclick=\"javascript:toggleUnread($id, 0)\"
 983                                                 target=\"new\" href=\"".$line["link"]."\">".$line["title"]."</a>";
 984
 985                                         if ($line["feed_title"]) {
 986                                                 print "&nbsp;(<a href='javascript:viewfeed($feed_id)'>".$line["feed_title"]."</a>)";
 987                                         }
 988
 989                                         print "</div>";
 990
 991                                         print "<div class=\"cdmContent\">" . $line["content_preview"] . "</div><br clear=\"all\">";
 992
 993                                         print "<div style=\"float : right\">$marked_pic</div>
 994                                                 <div lass=\"cdmFooter\">
 995                                                         <input type=\"checkbox\" onclick=\"toggleSelectRowById(this,
 996                                                         'RROW-$id')\" class=\"feedCheckBox\" id=\"RCHK-$id\"></div>";
 997
 998 #                                       print "<div align=\"center\"><a class=\"cdmToggleLink\"
 999 #                                                       href=\"javascript:toggleUnread($id)\">
1000 #                                                       Toggle unread</a></div>";
1001
1002                                         print "</div>";
1003
1004                                 }
1005
1006                                 ++$lnum;
1007                         }
1008
1009                         if (!get_pref($link, 'COMBINED_DISPLAY_MODE')) {
1010                                 print "</table>";
1011                         }
1012
1013                         print_headline_subtoolbar($link,
1014                                 "javascript:catchupPage()", "Mark page as read", true, $rtl_content);
1015
1016
1017                 } else {
1018                         print "<div width='100%' align='center'>No articles found.</div>";
1019                 }
1020
1021                 print "</div>";
1022
1023                 print "
1024                         <script type=\"text/javascript\">
1025                                 try {
1026                                         document.onkeydown = hotkey_handler;
1027                                         try {
1028                                                 parent.update_all_counters(\"$feed\");
1029                                         } catch (e) {
1030                                                 // this is workaround against mysterious permission
1031                                                 // denied feature/bug of firefox (ticket #73)
1032                                                 // if call from this context failed - ignore silently
1033                                                 exception_error(\"viewfeed/footer1/counters\", e, true);
1034                                         }
1035                                 } catch (e) {
1036                                         exception_error(\"viewfeed/footer1\", e);
1037                                 }
1038
1039                                 /* for IE */
1040                                 function statechange() {
1041                                         if (document.readyState == \"interactive\") init();
1042                                 }
1043
1044                                 if (document.readyState) {
1045                                         if (document.readyState == \"interactive\" || document.readyState == \"complete\") {
1046                                                 init();
1047                                         } else {
1048                                                 document.onreadystatechange = statechange;
1049                                         }
1050                                 }
1051                         </script>";
1052
1053                 print "</body></html>";
1054         }
1055
1056         if ($op == "pref-feeds") {
1057
1058                 $subop = $_REQUEST["subop"];
1059                 $quiet = $_REQUEST["quiet"];
1060
1061                 if ($subop == "massSubscribe") {
1062                         $ids = split(",", db_escape_string($_GET["ids"]));
1063
1064                         $subscribed = array();
1065
1066                         foreach ($ids as $id) {
1067                                 $result = db_query($link, "SELECT feed_url,title FROM ttrss_feeds
1068                                         WHERE id = '$id'");
1069
1070                                 $feed_url = db_fetch_result($result, 0, "feed_url");
1071                                 $title = db_fetch_result($result, 0, "title");
1072
1073                                 $result = db_query($link, "SELECT id FROM ttrss_feeds WHERE
1074                                         feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
1075
1076                                 if (db_num_rows($result) == 0) {
1077                                         $result = db_query($link,
1078                                                 "INSERT INTO ttrss_feeds (owner_uid,feed_url,title,cat_id)
1079                                                 VALUES ('".$_SESSION["uid"]."', '$feed_url', '$title', NULL)");
1080
1081                                         array_push($subscribed, $title);
1082                                 }
1083                         }
1084
1085                         if (count($subscribed) > 0) {
1086                                 print "<div class=\"notice\">";
1087                                 print "<b>Subscribed to feeds:</b>";
1088                                 print "<ul class=\"nomarks\">";
1089                                 foreach ($subscribed as $title) {
1090                                         print "<li>$title</li>";
1091                                 }
1092                                 print "</ul>";
1093                                 print "</div>";
1094                         }
1095                 }
1096
1097                 if ($subop == "browse") {
1098
1099                         if (!ENABLE_FEED_BROWSER) {
1100                                 print "Feed browser is administratively disabled.";
1101                                 return;
1102                         }
1103
1104                         print "<div id=\"infoBoxTitle\">Other feeds: Top 25</div>";
1105
1106                         print "<div class=\"infoBoxContents\">";
1107
1108                         print "<p>Showing top 25 registered feeds, sorted by popularity:</p>";
1109
1110 #                       $result = db_query($link, "SELECT feed_url,count(id) AS subscribers
1111 #                               FROM ttrss_feeds
1112 #                               WHERE auth_login = '' AND auth_pass = '' AND private = false
1113 #                               GROUP BY feed_url ORDER BY subscribers DESC LIMIT 25");
1114
1115                         $owner_uid = $_SESSION["uid"];
1116
1117                         $result = db_query($link, "SELECT feed_url,COUNT(id) AS subscribers
1118                                 FROM ttrss_feeds WHERE (SELECT COUNT(id) = 0 FROM ttrss_feeds AS tf
1119                                         WHERE tf.feed_url = ttrss_feeds.feed_url
1120                                                 AND owner_uid = '$owner_uid') GROUP BY feed_url
1121                                                         ORDER BY subscribers DESC LIMIT 25");
1122
1123                         print "<ul class='browseFeedList' id='browseFeedList'>";
1124
1125                         $feedctr = 0;
1126
1127                         while ($line = db_fetch_assoc($result)) {
1128                                 $feed_url = $line["feed_url"];
1129                                 $subscribers = $line["subscribers"];
1130
1131                                 $det_result = db_query($link, "SELECT site_url,title,id
1132                                         FROM ttrss_feeds WHERE feed_url = '$feed_url' LIMIT 1");
1133
1134                                 $details = db_fetch_assoc($det_result);
1135
1136                                 $icon_file = ICONS_DIR . "/" . $details["id"] . ".ico";
1137
1138                                 if (file_exists($icon_file) && filesize($icon_file) > 0) {
1139                                                 $feed_icon = "<img class=\"tinyFeedIcon\"       src=\"" . ICONS_URL .
1140                                                         "/".$details["id"].".ico\">";
1141                                 } else {
1142                                         $feed_icon = "<img class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\">";
1143                                 }
1144
1145                                 $check_box = "<input onclick='toggleSelectListRow(this)' class='feedBrowseCB'
1146                                         type=\"checkbox\" id=\"FBCHK-" . $details["id"] . "\">";
1147
1148                                 $class = ($feedctr % 2) ? "even" : "odd";
1149
1150                                 print "<li class='$class' id=\"FBROW-".$details["id"]."\">$check_box".
1151                                         "$feed_icon " . db_unescape_string($details["title"]) .
1152                                         "&nbsp;<span class='subscribers'>($subscribers)</span></li>";
1153
1154                                         ++$feedctr;
1155                         }
1156
1157                         if ($feedctr == 0) {
1158                                 print "<li>No feeds found to subscribe.</li>";
1159                         }
1160
1161                         print "</ul>";
1162
1163                         print "<div align='center'>
1164                                 <input type=\"submit\" class=\"button\"
1165                                 onclick=\"feedBrowserSubscribe()\" value=\"Subscribe\">
1166                                 <input type='submit' class='button'
1167                                 onclick=\"closeInfoBox()\" value=\"Cancel\"></div>";
1168
1169                         print "</div>";
1170                         return;
1171                 }
1172
1173                 if ($subop == "editfeed") {
1174                         $feed_id = db_escape_string($_REQUEST["id"]);
1175
1176                         $result = db_query($link,
1177                                 "SELECT * FROM ttrss_feeds WHERE id = '$feed_id' AND
1178                                         owner_uid = " . $_SESSION["uid"]);
1179
1180                         $title = htmlspecialchars(db_unescape_string(db_fetch_result($result,
1181                                 0, "title")));
1182
1183                         $icon_file = ICONS_DIR . "/$feed_id.ico";
1184
1185                         if (file_exists($icon_file) && filesize($icon_file) > 0) {
1186                                         $feed_icon = "<img width=\"16\" height=\"16\"
1187                                                 src=\"" . ICONS_URL . "/$feed_id.ico\">";
1188                         } else {
1189                                 $feed_icon = "";
1190                         }
1191
1192                         print "<div id=\"infoBoxTitle\">Feed editor</div>";
1193
1194                         print "<div class=\"infoBoxContents\">";
1195
1196                         print "<form id=\"edit_feed_form\">";
1197
1198                         print "<input type=\"hidden\" name=\"id\" value=\"$feed_id\">";
1199                         print "<input type=\"hidden\" name=\"op\" value=\"pref-feeds\">";
1200                         print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">";
1201
1202                         print "<table width='100%'>";
1203
1204                         print "<tr><td>Title:</td>";
1205                         print "<td><input class=\"iedit\" onkeypress=\"return filterCR(event)\"
1206                                 name=\"title\" value=\"$title\"></td></tr>";
1207
1208                         $feed_url = db_fetch_result($result, 0, "feed_url");
1209                         $feed_url = htmlspecialchars(db_unescape_string(db_fetch_result($result,
1210                                 0, "feed_url")));
1211
1212                         print "<tr><td>Feed URL:</td>";
1213                         print "<td><input class=\"iedit\" onkeypress=\"return filterCR(event)\"
1214                                 name=\"feed_url\" value=\"$feed_url\"></td></tr>";
1215
1216                         if (get_pref($link, 'ENABLE_FEED_CATS')) {
1217
1218                                 $cat_id = db_fetch_result($result, 0, "cat_id");
1219
1220                                 print "<tr><td>Category:</td>";
1221                                 print "<td>";
1222
1223                                 print_feed_cat_select($link, "cat_id", $cat_id, "class=\"iedit\"");
1224
1225                                 print "</td>";
1226                                 print "</td></tr>";
1227
1228                         }
1229
1230                         $update_interval = db_fetch_result($result, 0, "update_interval");
1231
1232                         print "<tr><td>Update Interval:</td>";
1233
1234                         print "<td>";
1235
1236                         print_select_hash("update_interval", $update_interval, $update_intervals,
1237                                 "class=\"iedit\"");
1238
1239                         print "</td>";
1240
1241                         print "<tr><td>Link to:</td><td>";
1242
1243                         $tmp_result = db_query($link, "SELECT COUNT(id) AS count
1244                                 FROM ttrss_feeds WHERE parent_feed = '$feed_id'");
1245
1246                         $linked_count = db_fetch_result($tmp_result, 0, "count");
1247
1248                         $parent_feed = db_fetch_result($result, 0, "parent_feed");
1249
1250                         if ($linked_count > 0) {
1251                                 $disabled = "disabled";
1252                         }
1253
1254                         print "<select class=\"iedit\" $disabled name=\"parent_feed\">";
1255
1256                         print "<option value=\"0\">Not linked</option>";
1257
1258                         if (get_pref($link, 'ENABLE_FEED_CATS')) {
1259                                 if ($cat_id) {
1260                                         $cat_qpart = "AND cat_id = '$cat_id'";
1261                                 } else {
1262                                         $cat_qpart = "AND cat_id IS NULL";
1263                                 }
1264                         }
1265
1266                         $tmp_result = db_query($link, "SELECT id,title FROM ttrss_feeds
1267                                 WHERE id != '$feed_id' AND owner_uid = ".$_SESSION["uid"]."
1268                                         $cat_qpart ORDER BY title");
1269
1270                                 if (db_num_rows($tmp_result) > 0) {
1271                                         print "<option disabled>--------</option>";
1272                                 }
1273
1274                                 while ($tmp_line = db_fetch_assoc($tmp_result)) {
1275                                         if ($tmp_line["id"] == $parent_feed) {
1276                                                 $is_selected = "selected";
1277                                         } else {
1278                                                 $is_selected = "";
1279                                         }
1280                                         printf("<option $is_selected value='%d'>%s</option>",
1281                                                 $tmp_line["id"], $tmp_line["title"]);
1282                                 }
1283
1284                         print "</select>";
1285                         print "</td></tr>";
1286
1287                         $purge_interval = db_fetch_result($result, 0, "purge_interval");
1288
1289                         print "<tr><td>Article purging:</td>";
1290
1291                         print "<td>";
1292
1293                         print_select_hash("purge_interval", $purge_interval, $purge_intervals,
1294                                 "class=\"iedit\"");
1295
1296                         print "</td>";
1297
1298                         $auth_login = db_fetch_result($result, 0, "auth_login");
1299
1300                         print "<tr><td>Login:</td>";
1301                         print "<td><input class=\"iedit\" onkeypress=\"return filterCR(event)\"
1302                                 name=\"auth_login\" value=\"$auth_login\"></td></tr>";
1303
1304                         $auth_pass = db_fetch_result($result, 0, "auth_pass");
1305
1306                         print "<tr><td>Password:</td>";
1307                         print "<td><input class=\"iedit\" type=\"password\" name=\"auth_pass\"
1308                                 onkeypress=\"return filterCR(event)\"
1309                                 value=\"$auth_pass\"></td></tr>";
1310
1311                         $private = sql_bool_to_bool(db_fetch_result($result, 0, "private"));
1312
1313                         if ($private) {
1314                                 $checked = "checked";
1315                         } else {
1316                                 $checked = "";
1317                         }
1318
1319                         print "<tr><td valign='top'>Options:</td>";
1320                         print "<td><input type=\"checkbox\" name=\"private\" id=\"private\"
1321                                 $checked><label for=\"private\">Hide from feed browser</label>";
1322
1323                         $rtl_content = sql_bool_to_bool(db_fetch_result($result, 0, "rtl_content"));
1324
1325                         if ($rtl_content) {
1326                                 $checked = "checked";
1327                         } else {
1328                                 $checked = "";
1329                         }
1330
1331                         print "<br><input type=\"checkbox\" id=\"rtl_content\" name=\"rtl_content\"
1332                                 $checked><label for=\"rtl_content\">Right-to-left content</label>";
1333
1334                         print "</td></tr>";
1335
1336                         print "</table>";
1337
1338                         print "</form>";
1339
1340                         print "</div>";
1341
1342                         print "<div align='center'>
1343                                 <input type=\"submit\" class=\"button\"
1344                                 onclick=\"return feedEditSave()\" value=\"Save\">
1345                                 <input type='submit' class='button'
1346                                 onclick=\"return feedEditCancel()\" value=\"Cancel\"></div>";
1347                         return;
1348                 }
1349
1350                 if ($subop == "editSave") {
1351
1352                         $feed_title = db_escape_string(trim($_POST["title"]));
1353                         $feed_link = db_escape_string(trim($_POST["feed_url"]));
1354                         $upd_intl = db_escape_string($_POST["update_interval"]);
1355                         $purge_intl = db_escape_string($_POST["purge_interval"]);
1356                         $feed_id = db_escape_string($_POST["id"]);
1357                         $cat_id = db_escape_string($_POST["cat_id"]);
1358                         $auth_login = db_escape_string(trim($_POST["auth_login"]));
1359                         $auth_pass = db_escape_string(trim($_POST["auth_pass"]));
1360                         $parent_feed = db_escape_string($_POST["parent_feed"]);
1361                         $private = checkbox_to_sql_bool(db_escape_string($_POST["private"]));
1362                         $rtl_content = checkbox_to_sql_bool(db_escape_string($_POST["rtl_content"]));
1363
1364                         if (get_pref($link, 'ENABLE_FEED_CATS')) {
1365                                 if ($cat_id && $cat_id != 0) {
1366                                         $category_qpart = "cat_id = '$cat_id',";
1367                                 } else {
1368                                         $category_qpart = 'cat_id = NULL,';
1369                                 }
1370                         } else {
1371                                 $category_qpart = "";
1372                         }
1373
1374                         if ($parent_feed && $parent_feed != 0) {
1375                                 $parent_qpart = "parent_feed = '$parent_feed',";
1376                         } else {
1377                                 $parent_qpart = 'parent_feed = NULL,';
1378                         }
1379
1380                         $result = db_query($link, "UPDATE ttrss_feeds SET
1381                                 $category_qpart
1382                                 $parent_qpart
1383                                 title = '$feed_title', feed_url = '$feed_link',
1384                                 update_interval = '$upd_intl',
1385                                 purge_interval = '$purge_intl',
1386                                 auth_login = '$auth_login',
1387                                 auth_pass = '$auth_pass',
1388                                 private = $private,
1389                                 rtl_content = $rtl_content
1390                                 WHERE id = '$feed_id' AND owner_uid = " . $_SESSION["uid"]);
1391                 }
1392
1393                 if ($subop == "saveCat") {
1394                         $cat_title = db_escape_string(trim($_GET["title"]));
1395                         $cat_id = db_escape_string($_GET["id"]);
1396
1397                         $result = db_query($link, "UPDATE ttrss_feed_categories SET
1398                                 title = '$cat_title' WHERE id = '$cat_id' AND owner_uid = ".$_SESSION["uid"]);
1399
1400                 }
1401
1402                 if ($subop == "remove") {
1403
1404                         if (!WEB_DEMO_MODE) {
1405
1406                                 $ids = split(",", db_escape_string($_GET["ids"]));
1407
1408                                 foreach ($ids as $id) {
1409                                         db_query($link, "DELETE FROM ttrss_feeds
1410                                                 WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]);
1411
1412                                         $icons_dir = ICONS_DIR;
1413
1414                                         if (file_exists($icons_dir . "/$id.ico")) {
1415                                                 unlink($icons_dir . "/$id.ico");
1416                                         }
1417                                 }
1418                         }
1419                 }
1420
1421                 if ($subop == "add") {
1422
1423                         if (!WEB_DEMO_MODE) {
1424
1425                                 $feed_url = db_escape_string(trim($_GET["feed_url"]));
1426                                 $cat_id = db_escape_string($_GET["cat_id"]);
1427
1428                                 if (subscribe_to_feed($link, $feed_url, $cat_id)) {
1429                                         print "Added feed.";
1430                                 } else {
1431                                         print "<div class=\"warning\">
1432                                                 Feed <b>$feed_url</b> already exists in the database.
1433                                         </div>";
1434                                 }
1435                         }
1436                 }
1437
1438                 if ($subop == "addCat") {
1439
1440                         if (!WEB_DEMO_MODE) {
1441
1442                                 $feed_cat = db_escape_string(trim($_GET["cat"]));
1443
1444                                 $result = db_query($link,
1445                                         "SELECT id FROM ttrss_feed_categories
1446                                         WHERE title = '$feed_cat' AND owner_uid = ".$_SESSION["uid"]);
1447
1448                                 if (db_num_rows($result) == 0) {
1449
1450                                         $result = db_query($link,
1451                                                 "INSERT INTO ttrss_feed_categories (owner_uid,title)
1452                                                 VALUES ('".$_SESSION["uid"]."', '$feed_cat')");
1453
1454                                 } else {
1455
1456                                         print "<div class=\"warning\">
1457                                                 Category <b>$feed_cat</b> already exists in the database.
1458                                         </div>";
1459                                 }
1460
1461
1462                         }
1463                 }
1464
1465                 if ($subop == "removeCats") {
1466
1467                         if (!WEB_DEMO_MODE) {
1468
1469                                 $ids = split(",", db_escape_string($_GET["ids"]));
1470
1471                                 foreach ($ids as $id) {
1472
1473                                         db_query($link, "BEGIN");
1474
1475                                         $result = db_query($link,
1476                                                 "SELECT count(id) as num_feeds FROM ttrss_feeds
1477                                                         WHERE cat_id = '$id'");
1478
1479                                         $num_feeds = db_fetch_result($result, 0, "num_feeds");
1480
1481                                         if ($num_feeds == 0) {
1482                                                 db_query($link, "DELETE FROM ttrss_feed_categories
1483                                                         WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]);
1484                                         } else {
1485
1486                                                 print "<div class=\"warning\">
1487                                                         Unable to delete non empty feed categories.</div>";
1488
1489                                         }
1490
1491                                         db_query($link, "COMMIT");
1492                                 }
1493                         }
1494                 }
1495
1496                 if ($subop == "categorize") {
1497
1498                         if (!WEB_DEMO_MODE) {
1499
1500                                 $ids = split(",", db_escape_string($_GET["ids"]));
1501
1502                                 $cat_id = db_escape_string($_GET["cat_id"]);
1503
1504                                 if ($cat_id == 0) {
1505                                         $cat_id_qpart = 'NULL';
1506                                 } else {
1507                                         $cat_id_qpart = "'$cat_id'";
1508                                 }
1509
1510                                 db_query($link, "BEGIN");
1511
1512                                 foreach ($ids as $id) {
1513
1514                                         db_query($link, "UPDATE ttrss_feeds SET cat_id = $cat_id_qpart
1515                                                 WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]);
1516                                 }
1517
1518                                 db_query($link, "COMMIT");
1519                         }
1520
1521                 }
1522
1523                 if ($quiet) return;
1524
1525 //              print "<h3>Edit Feeds</h3>";
1526
1527                 $result = db_query($link, "SELECT id,title,feed_url,last_error
1528                         FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]);
1529
1530                 if (db_num_rows($result) > 0) {
1531
1532                         print "<div class=\"warning\">";
1533
1534 //                      print"<img class=\"closeButton\"
1535 //                              onclick=\"javascript:hideParentElement(this);\" src=\"images/close.png\">";
1536
1537                         print "<a href=\"javascript:showBlockElement('feedUpdateErrors')\">
1538                                 <b>Some feeds have update errors (click for details)</b></a>";
1539
1540                         print "<ul id=\"feedUpdateErrors\" class=\"nomarks\">";
1541
1542                         while ($line = db_fetch_assoc($result)) {
1543                                 print "<li>" . $line["title"] . " (" . $line["feed_url"] . "): " .
1544                                         $line["last_error"];
1545                         }
1546
1547                         print "</ul>";
1548                         print "</div>";
1549
1550                 }
1551
1552                 $feed_search = db_escape_string($_GET["search"]);
1553
1554                 if (array_key_exists("search", $_GET)) {
1555                         $_SESSION["prefs_feed_search"] = $feed_search;
1556                 } else {
1557                         $feed_search = $_SESSION["prefs_feed_search"];
1558                 }
1559
1560                 print "<table width='100%' class=\"prefGenericAddBox\"
1561                         cellspacing='0' cellpadding='0'><tr>
1562                         <td>
1563                                 <input id=\"fadd_link\"
1564                                         onkeyup=\"toggleSubmitNotEmpty(this, 'fadd_submit_btn')\"
1565                                         size=\"40\">
1566                                 <input type=\"submit\" class=\"button\"
1567                                         disabled=\"true\" id=\"fadd_submit_btn\"
1568                                         onclick=\"addFeed()\" value=\"Subscribe\">";
1569
1570                 if (ENABLE_FEED_BROWSER && !SINGLE_USER_MODE) {
1571                         print " <input type=\"submit\" class=\"button\"
1572                                 onclick=\"javascript:browseFeeds()\" value=\"Top 25\">";
1573                 }
1574
1575                 print "</td><td align='right'>
1576                                 <input id=\"feed_search\" size=\"20\"
1577                                         onchange=\"javascript:updateFeedList()\" value=\"$feed_search\">
1578                                 <input type=\"submit\" class=\"button\"
1579                                 onclick=\"javascript:updateFeedList()\" value=\"Search\">
1580                         </td>
1581                         </tr></table>";
1582
1583                 $feeds_sort = db_escape_string($_GET["sort"]);
1584
1585                 if (!$feeds_sort || $feeds_sort == "undefined") {
1586                         $feeds_sort = $_SESSION["pref_sort_feeds"];
1587                         if (!$feeds_sort) $feeds_sort = "title";
1588                 }
1589
1590                 $_SESSION["pref_sort_feeds"] = $feeds_sort;
1591
1592                 if ($feed_search) {
1593                         $search_qpart = "(UPPER(F1.title) LIKE UPPER('%$feed_search%') OR
1594                                 UPPER(F1.feed_url) LIKE UPPER('%$feed_search%')) AND";
1595                 } else {
1596                         $search_qpart = "";
1597                 }
1598
1599                 if (get_pref($link, 'ENABLE_FEED_CATS')) {
1600                         $order_by_qpart = "category,$feeds_sort,title";
1601                 } else {
1602                         $order_by_qpart = "$feeds_sort,title";
1603                 }
1604
1605                 $result = db_query($link, "SELECT
1606                                 F1.id,
1607                                 F1.title,
1608                                 F1.feed_url,
1609                                 substring(F1.last_updated,1,16) AS last_updated,
1610                                 F1.parent_feed,
1611                                 F1.update_interval,
1612                                 F1.purge_interval,
1613                                 F1.cat_id,
1614                                 F2.title AS parent_title,
1615                                 C1.title AS category
1616                         FROM
1617                                 ttrss_feeds AS F1
1618                                 LEFT JOIN ttrss_feeds AS F2
1619                                         ON (F1.parent_feed = F2.id)
1620                                 LEFT JOIN ttrss_feed_categories AS C1
1621                                         ON (F1.cat_id = C1.id)
1622                         WHERE
1623                                 $search_qpart F1.owner_uid = '".$_SESSION["uid"]."'
1624                         ORDER by $order_by_qpart");
1625
1626                 if (db_num_rows($result) != 0) {
1627
1628 //                      print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>";
1629
1630                         print "<p><table width=\"100%\" cellspacing=\"0\"
1631                                 class=\"prefFeedList\" id=\"prefFeedList\">";
1632                         print "<tr><td class=\"selectPrompt\" colspan=\"8\">
1633                                 Select:
1634                                         <a href=\"javascript:selectPrefRows('feed', true)\">All</a>,
1635                                         <a href=\"javascript:selectPrefRows('feed', false)\">None</a>
1636                                 </td</tr>";
1637
1638                         if (!get_pref($link, 'ENABLE_FEED_CATS')) {
1639                                 print "<tr class=\"title\">
1640                                         <td width='5%' align='center'>&nbsp;</td>";
1641
1642                                 if (get_pref($link, 'ENABLE_FEED_ICONS')) {
1643                                         print "<td width='3%'>&nbsp;</td>";
1644                                 }
1645
1646                                 print "
1647                                         <td width='40%'><a href=\"javascript:updateFeedList('title')\">Title</a></td>
1648                                         <td width='45%'><a href=\"javascript:updateFeedList('feed_url')\">Feed</a></td>
1649                                         <td width='15%' align='right'><a href=\"javascript:updateFeedList('last_updated')\">Updated</a></td>";
1650                         }
1651
1652                         $lnum = 0;
1653
1654                         $cur_cat_id = -1;
1655
1656                         while ($line = db_fetch_assoc($result)) {
1657
1658                                 $feed_id = $line["id"];
1659                                 $cat_id = $line["cat_id"];
1660
1661                                 $edit_title = htmlspecialchars(db_unescape_string($line["title"]));
1662                                 $edit_link = htmlspecialchars(db_unescape_string($line["feed_url"]));
1663                                 $edit_cat = htmlspecialchars(db_unescape_string($line["category"]));
1664
1665                                 if (!$edit_cat) $edit_cat = "Uncategorized";
1666
1667                                 $last_updated = $line["last_updated"];
1668
1669                                 if (get_pref($link, 'HEADLINES_SMART_DATE')) {
1670                                         $last_updated = smart_date_time(strtotime($last_updated));
1671                                 } else {
1672                                         $short_date = get_pref($link, 'SHORT_DATE_FORMAT');
1673                                         $last_updated = date($short_date, strtotime($last_updated));
1674                                 }
1675
1676                                 if (get_pref($link, 'ENABLE_FEED_CATS') && $cur_cat_id != $cat_id) {
1677                                         $lnum = 0;
1678
1679                                         print "<tr><td colspan=\"6\" class=\"feedEditCat\">$edit_cat</td></tr>";
1680
1681                                         print "<tr class=\"title\">
1682                                                 <td width='5%'>&nbsp;</td>";
1683
1684                                         if (get_pref($link, 'ENABLE_FEED_ICONS')) {
1685                                                 print "<td width='3%'>&nbsp;</td>";
1686                                         }
1687
1688                                         print "<td width='40%'><a href=\"javascript:updateFeedList('title')\">Title</a></td>
1689                                                 <td width='45%'><a href=\"javascript:updateFeedList('feed_url')\">Feed</a></td>
1690                                                 <td width='15%' align='right'><a href=\"javascript:updateFeedList('last_updated')\">Updated</a></td>";
1691
1692                                         $cur_cat_id = $cat_id;
1693                                 }
1694
1695                                 $class = ($lnum % 2) ? "even" : "odd";
1696                                 $this_row_id = "id=\"FEEDR-$feed_id\"";
1697
1698                                 print "<tr class=\"$class\" $this_row_id>";
1699
1700                                 $icon_file = ICONS_DIR . "/$feed_id.ico";
1701
1702                                 if (file_exists($icon_file) && filesize($icon_file) > 0) {
1703                                                 $feed_icon = "<img class=\"tinyFeedIcon\"       src=\"" . ICONS_URL . "/$feed_id.ico\">";
1704                                 } else {
1705                                         $feed_icon = "<img class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\">";
1706                                 }
1707
1708                                 print "<td class='feedSelect'><input onclick='toggleSelectPrefRow(this, \"feed\");'
1709                                 type=\"checkbox\" id=\"FRCHK-".$line["id"]."\"></td>";
1710
1711                                 if (get_pref($link, 'ENABLE_FEED_ICONS')) {
1712                                         print "<td class='feedIcon'>$feed_icon</td>";
1713                                 }
1714
1715                                 $edit_title = truncate_string($edit_title, 40);
1716                                 $edit_link = truncate_string($edit_link, 60);
1717
1718                                 $parent_title = $line["parent_title"];
1719                                 if ($parent_title) {
1720                                         $parent_title = "<span class='groupPrompt'>(linked to
1721                                                 $parent_title)</span>";
1722                                 }
1723
1724                                 print "<td><a href=\"javascript:editFeed($feed_id);\">" .
1725                                         "$edit_title $parent_title" . "</a></td>";
1726
1727                                 print "<td><a href=\"javascript:editFeed($feed_id);\">" .
1728                                         $edit_link . "</a></td>";
1729
1730                                 print "<td align='right'><a href=\"javascript:editFeed($feed_id);\">" .
1731                                         "$last_updated</a></td>";
1732
1733                                 print "</tr>";
1734
1735                                 ++$lnum;
1736                         }
1737
1738                         print "</table>";
1739
1740                         print "<p><span id=\"feedOpToolbar\">";
1741
1742                         if ($subop == "edit") {
1743                                 print "Edit feed:&nbsp;
1744                                         <input type=\"submit\" class=\"button\"
1745                                                 onclick=\"javascript:feedEditCancel()\" value=\"Cancel\">
1746                                         <input type=\"submit\" class=\"button\"
1747                                                 onclick=\"javascript:feedEditSave()\" value=\"Save\">";
1748                         } else {
1749
1750                                 print "
1751                                         Selection:&nbsp;
1752                                 <input type=\"submit\" class=\"button\" disabled=\"true\"
1753                                         onclick=\"javascript:editSelectedFeed()\" value=\"Edit\">
1754                                 <input type=\"submit\" class=\"button\" disabled=\"true\"
1755                                         onclick=\"javascript:removeSelectedFeeds()\" value=\"Unsubscribe\">";
1756
1757                                 if (get_pref($link, 'ENABLE_FEED_CATS')) {
1758
1759                                         print "&nbsp;|&nbsp;";
1760
1761                                         print_feed_cat_select($link, "sfeed_set_fcat", "", "disabled");
1762
1763                                         print " <input type=\"submit\" class=\"button\" disabled=\"true\"
1764                                         onclick=\"javascript:categorizeSelectedFeeds()\" value=\"Recategorize\">";
1765
1766                                 }
1767
1768                                 print "</span>
1769                                         &nbsp;All feeds: <input type=\"submit\"
1770                                                         class=\"button\" onclick=\"gotoExportOpml()\"
1771                                                         value=\"Export OPML\">";
1772                                 }
1773                 } else {
1774
1775                         print "<p>No feeds defined.</p>";
1776
1777                 }
1778
1779                 if (get_pref($link, 'ENABLE_FEED_CATS')) {
1780
1781                         print "<h3>Edit Categories</h3>";
1782
1783                         print "<div class=\"prefGenericAddBox\">
1784                                 <input id=\"fadd_cat\"
1785                                         onkeyup=\"toggleSubmitNotEmpty(this, 'catadd_submit_btn')\"
1786                                         size=\"40\">&nbsp;
1787                                 <input
1788                                         type=\"submit\" class=\"button\" disabled=\"true\" id=\"catadd_submit_btn\"
1789                                         onclick=\"javascript:addFeedCat()\" value=\"Create category\"></div>";
1790
1791                         $result = db_query($link, "SELECT title,id FROM ttrss_feed_categories
1792                                 WHERE owner_uid = ".$_SESSION["uid"]."
1793                                 ORDER BY title");
1794
1795                         if (db_num_rows($result) != 0) {
1796
1797                                 print "<form id=\"feed_cat_edit_form\">";
1798
1799                                 print "<p><table width=\"100%\" class=\"prefFeedCatList\"
1800                                         cellspacing=\"0\" id=\"prefFeedCatList\">";
1801
1802                                 print "<tr><td class=\"selectPrompt\" colspan=\"8\">
1803                                 Select:
1804                                         <a href=\"javascript:selectPrefRows('fcat', true)\">All</a>,
1805                                         <a href=\"javascript:selectPrefRows('fcat', false)\">None</a>
1806                                 </td</tr>";
1807
1808                                 print "<tr class=\"title\">
1809                                                         <td width=\"5%\">&nbsp;</td><td width=\"80%\">Title</td>
1810                                                 </tr>";
1811
1812                                 $lnum = 0;
1813
1814                                 while ($line = db_fetch_assoc($result)) {
1815
1816                                         $class = ($lnum % 2) ? "even" : "odd";
1817
1818                                         $cat_id = $line["id"];
1819
1820                                         $edit_cat_id = $_GET["id"];
1821
1822                                         if ($subop == "editCat" && $cat_id != $edit_cat_id) {
1823                                                         $class .= "Grayed";
1824                                                         $this_row_id = "";
1825                                         } else {
1826                                                 $this_row_id = "id=\"FCATR-$cat_id\"";
1827                                         }
1828
1829                                         print "<tr class=\"$class\" $this_row_id>";
1830
1831                                         $edit_title = htmlspecialchars(db_unescape_string($line["title"]));
1832
1833                                         if (!$edit_cat_id || $subop != "editCat") {
1834
1835                                                 print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"fcat\");'
1836                                                         type=\"checkbox\" id=\"FCCHK-".$line["id"]."\"></td>";
1837
1838                                                 print "<td><a href=\"javascript:editFeedCat($cat_id);\">" .
1839                                                         $edit_title . "</a></td>";
1840
1841                                         } else if ($cat_id != $edit_cat_id) {
1842
1843                                                 print "<td align='center'><input disabled=\"true\" type=\"checkbox\"
1844                                                         id=\"FRCHK-".$line["id"]."\"></td>";
1845
1846                                                 print "<td>$edit_title</td>";
1847
1848                                         } else {
1849
1850                                                 print "<td align='center'><input disabled=\"true\" type=\"checkbox\" checked>";
1851
1852                                                 print "<input type=\"hidden\" name=\"id\" value=\"$cat_id\">";
1853                                                 print "<input type=\"hidden\" name=\"op\" value=\"pref-feeds\">";
1854                                                 print "<input type=\"hidden\" name=\"subop\" value=\"saveCat\">";
1855
1856                                                 print "</td>";
1857
1858                                                 print "<td><input onkeypress=\"return filterCR(event)\"
1859                                                         name=\"title\" class=\"iedit\" value=\"$edit_title\"></td>";
1860
1861                                         }
1862
1863                                         print "</tr>";
1864
1865                                         ++$lnum;
1866                                 }
1867
1868                                 print "</table>";
1869
1870                                 print "</form>";
1871
1872                                 print "<p id=\"catOpToolbar\">";
1873
1874                                 if ($subop == "editCat") {
1875                                         print "Edit category:&nbsp;
1876                                                 <input type=\"submit\" class=\"button\"
1877                                                         onclick=\"javascript:feedCatEditSave()\" value=\"Save\">
1878                                                 <input type=\"submit\" class=\"button\"
1879                                                         onclick=\"javascript:feedCatEditCancel()\" value=\"Cancel\">";
1880                                         } else {
1881
1882                                         print "
1883                                                 Selection:&nbsp;
1884                                         <input type=\"submit\" class=\"button\" disabled=\"true\"
1885                                                 onclick=\"javascript:editSelectedFeedCat()\" value=\"Edit\">
1886                                         <input type=\"submit\" class=\"button\" disabled=\"true\"
1887                                                 onclick=\"javascript:removeSelectedFeedCats()\" value=\"Remove\">";
1888
1889                                 }
1890
1891                         } else {
1892                                 print "<p>No feed categories defined.</p>";
1893                         }
1894                 }
1895
1896                 print "<h3>Import OPML</h3>
1897                 <form   enctype=\"multipart/form-data\" method=\"POST\" action=\"opml.php\">
1898                         File: <input id=\"opml_file\" name=\"opml_file\" type=\"file\">&nbsp;
1899                         <input class=\"button\" name=\"op\" onclick=\"return validateOpmlImport();\"
1900                                 type=\"submit\" value=\"Import\">
1901                         </form>";
1902
1903         }
1904
1905         if ($op == "pref-filters") {
1906
1907                 $subop = $_GET["subop"];
1908                 $quiet = $_GET["quiet"];
1909
1910                 if ($subop == "edit") {
1911
1912                         $filter_id = db_escape_string($_GET["id"]);
1913
1914                         $result = db_query($link,
1915                                 "SELECT * FROM ttrss_filters WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]);
1916
1917                         $reg_exp = htmlspecialchars(db_unescape_string(db_fetch_result($result, 0, "reg_exp")));
1918                         $filter_type = db_fetch_result($result, 0, "filter_type");
1919                         $feed_id = db_fetch_result($result, 0, "feed_id");
1920                         $action_id = db_fetch_result($result, 0, "action_id");
1921
1922                         print "<div id=\"infoBoxTitle\">Filter editor</div>";
1923                         print "<div class=\"infoBoxContents\">";
1924
1925                         print "<form id=\"filter_edit_form\">";
1926
1927                         print "<input type=\"hidden\" name=\"op\" value=\"pref-filters\">";
1928                         print "<input type=\"hidden\" name=\"id\" value=\"$filter_id\">";
1929                         print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">";
1930
1931 //                      print "<div class=\"notice\"><b>Note:</b> filter will only apply to new articles.</div>";
1932
1933                         $result = db_query($link, "SELECT id,description
1934                                 FROM ttrss_filter_types ORDER BY description");
1935
1936                         $filter_types = array();
1937
1938                         while ($line = db_fetch_assoc($result)) {
1939                                 //array_push($filter_types, $line["description"]);
1940                                 $filter_types[$line["id"]] = $line["description"];
1941                         }
1942
1943                         print "<table width='100%'>";
1944
1945                         print "<tr><td>Match:</td>
1946                                 <td><input onkeypress=\"return filterCR(event)\"
1947                                          onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
1948                                         name=\"reg_exp\" class=\"iedit\" value=\"$reg_exp\">";
1949
1950                         print "</td><td>";
1951
1952                         print_select_hash("filter_type", $filter_type, $filter_types, "class=\"iedit\"");
1953
1954                         print "</td></tr>";
1955                         print "<tr><td>Feed:</td><td colspan='2'>";
1956
1957                         print_feed_select($link, "feed_id", $feed_id);
1958
1959                         print "</td></tr>";
1960
1961                         print "<tr><td>Action:</td>";
1962
1963                         print "<td colspan='2'><select name=\"action_id\">";
1964
1965                         $result = db_query($link, "SELECT id,description FROM ttrss_filter_actions
1966                                 ORDER BY name");
1967
1968                         while ($line = db_fetch_assoc($result)) {
1969                                 $is_sel = ($line["id"] == $action_id) ? "selected" : "";
1970                                 printf("<option value='%d' $is_sel>%s</option>", $line["id"], $line["description"]);
1971                         }
1972
1973                         print "</select>";
1974
1975                         print "</td></tr></table>";
1976
1977                         print "</form>";
1978
1979                         print "<div align='right'>";
1980
1981                         print "<input type=\"submit\"
1982                                 id=\"infobox_submit\"
1983                                 class=\"button\" onclick=\"filterEditSave()\"
1984                                 value=\"Save\"> ";
1985
1986                         print "<input class=\"button\"
1987                                 type=\"submit\" onclick=\"filterEditCancel()\"
1988                                 value=\"Cancel\">";
1989
1990                         print "</div>";
1991
1992                         return;
1993                 }
1994
1995
1996                 if ($subop == "editSave") {
1997
1998                         $reg_exp = db_escape_string(trim($_GET["reg_exp"]));
1999                         $filter_type = db_escape_string(trim($_GET["filter_type"]));
2000                         $filter_id = db_escape_string($_GET["id"]);
2001                         $feed_id = db_escape_string($_GET["feed_id"]);
2002                         $action_id = db_escape_string($_GET["action_id"]);
2003
2004                         if (!$feed_id) {
2005                                 $feed_id = 'NULL';
2006                         } else {
2007                                 $feed_id = sprintf("'%s'", db_escape_string($feed_id));
2008                         }
2009
2010                         $result = db_query($link, "UPDATE ttrss_filters SET
2011                                         reg_exp = '$reg_exp',
2012                                         feed_id = $feed_id,
2013                                         action_id = '$action_id',
2014                                         filter_type = '$filter_type'
2015                                 WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]);
2016                 }
2017
2018                 if ($subop == "remove") {
2019
2020                         if (!WEB_DEMO_MODE) {
2021
2022                                 $ids = split(",", db_escape_string($_GET["ids"]));
2023
2024                                 foreach ($ids as $id) {
2025                                         db_query($link, "DELETE FROM ttrss_filters WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]);
2026
2027                                 }
2028                         }
2029                 }
2030
2031                 if ($subop == "add") {
2032
2033                         if (!WEB_DEMO_MODE) {
2034
2035                                 $regexp = db_escape_string(trim($_GET["reg_exp"]));
2036                                 $filter_type = db_escape_string(trim($_GET["filter_type"]));
2037                                 $feed_id = db_escape_string($_GET["feed_id"]);
2038                                 $action_id = db_escape_string($_GET["action_id"]);
2039
2040                                 if (!$feed_id) {
2041                                         $feed_id = 'NULL';
2042                                 } else {
2043                                         $feed_id = sprintf("'%s'", db_escape_string($feed_id));
2044                                 }
2045
2046                                 $result = db_query($link,
2047                                         "INSERT INTO ttrss_filters (reg_exp,filter_type,owner_uid,feed_id,
2048                                                 action_id)
2049                                         VALUES
2050                                                 ('$regexp', '$filter_type','".$_SESSION["uid"]."',
2051                                                         $feed_id, '$action_id')");
2052                         }
2053                 }
2054
2055                 if ($quiet) return;
2056
2057 //              print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>";
2058
2059                 $result = db_query($link, "SELECT id,description
2060                         FROM ttrss_filter_types ORDER BY description");
2061
2062                 $filter_types = array();
2063
2064                 while ($line = db_fetch_assoc($result)) {
2065                         //array_push($filter_types, $line["description"]);
2066                         $filter_types[$line["id"]] = $line["description"];
2067                 }
2068
2069                 print "<input type=\"submit\"
2070                         class=\"button\"
2071                         onclick=\"javascript:displayDlg('quickAddFilter', false)\"
2072                         id=\"create_filter_btn\"
2073                         value=\"Create filter\">";
2074
2075                 $result = db_query($link, "SELECT
2076                                 ttrss_filters.id AS id,reg_exp,
2077                                 ttrss_filter_types.name AS filter_type_name,
2078                                 ttrss_filter_types.description AS filter_type_descr,
2079                                 feed_id,
2080                                 ttrss_filter_actions.description AS action_description,
2081                                 ttrss_feeds.title AS feed_title
2082                         FROM
2083                                 ttrss_filter_types,ttrss_filter_actions,ttrss_filters LEFT JOIN
2084                                         ttrss_feeds ON (ttrss_filters.feed_id = ttrss_feeds.id)
2085                         WHERE
2086                                 filter_type = ttrss_filter_types.id AND
2087                                 ttrss_filter_actions.id = action_id AND
2088                                 ttrss_filters.owner_uid = ".$_SESSION["uid"]."
2089                         ORDER by reg_exp");
2090
2091                 if (db_num_rows($result) != 0) {
2092
2093                         print "<form id=\"filter_edit_form\">";
2094
2095                         print "<p><table width=\"100%\" cellspacing=\"0\" class=\"prefFilterList\"
2096                                 id=\"prefFilterList\">";
2097
2098                         print "<tr><td class=\"selectPrompt\" colspan=\"8\">
2099                                 Select:
2100                                         <a href=\"javascript:selectPrefRows('filter', true)\">All</a>,
2101                                         <a href=\"javascript:selectPrefRows('filter', false)\">None</a>
2102                                 </td</tr>";
2103
2104                         print "<tr class=\"title\">
2105                                                 <td align='center' width=\"5%\">&nbsp;</td>
2106                                                 <td width=\"20%\">Filter expression</td>
2107                                                 <td width=\"20%\">Feed</td>
2108                                                 <td width=\"15%\">Match</td>
2109                                                 <td width=\"15%\">Action</td>";
2110
2111                         $lnum = 0;
2112
2113                         while ($line = db_fetch_assoc($result)) {
2114
2115                                 $class = ($lnum % 2) ? "even" : "odd";
2116
2117                                 $filter_id = $line["id"];
2118                                 $edit_filter_id = $_GET["id"];
2119
2120                                 if ($subop == "edit" && $filter_id != $edit_filter_id) {
2121                                         $class .= "Grayed";
2122                                         $this_row_id = "";
2123                                 } else {
2124                                         $this_row_id = "id=\"FILRR-$filter_id\"";
2125                                 }
2126
2127                                 print "<tr class=\"$class\" $this_row_id>";
2128
2129                                 $line["reg_exp"] = htmlspecialchars(db_unescape_string($line["reg_exp"]));
2130
2131                                 if (!$line["feed_title"]) $line["feed_title"] = "All feeds";
2132
2133                                 $line["feed_title"] = htmlspecialchars(db_unescape_string($line["feed_title"]));
2134
2135                                 print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"filter\");'
2136                                         type=\"checkbox\" id=\"FICHK-".$line["id"]."\"></td>";
2137
2138                                 print "<td><a href=\"javascript:editFilter($filter_id);\">" .
2139                                         $line["reg_exp"] . "</td>";
2140
2141                                 print "<td><a href=\"javascript:editFilter($filter_id);\">" .
2142                                         $line["feed_title"] . "</td>";
2143
2144                                 print "<td><a href=\"javascript:editFilter($filter_id);\">" .
2145                                         $line["filter_type_descr"] . "</td>";
2146
2147                                 print "<td><a href=\"javascript:editFilter($filter_id);\">" .
2148                                         $line["action_description"] . "</td>";
2149
2150                                 print "</tr>";
2151
2152                                 ++$lnum;
2153                         }
2154
2155                         if ($lnum == 0) {
2156                                 print "<tr><td colspan=\"4\" align=\"center\">No filters defined.</td></tr>";
2157                         }
2158
2159                         print "</table>";
2160
2161                         print "</form>";
2162
2163                         print "<p id=\"filterOpToolbar\">";
2164
2165                         print "
2166                                         Selection:
2167                                 <input type=\"submit\" class=\"button\" disabled=\"true\"
2168                                         onclick=\"javascript:editSelectedFilter()\" value=\"Edit\">
2169                                 <input type=\"submit\" class=\"button\" disabled=\"true\"
2170                                         onclick=\"javascript:removeSelectedFilters()\" value=\"Remove\">";
2171
2172                         print "</p>";
2173
2174                 } else {
2175
2176                         print "<p>No filters defined.</p>";
2177
2178                 }
2179         }
2180
2181         // We need to accept raw SQL data in label queries, so not everything is escaped
2182         // here, this is by design. If you don't like the whole idea, disable labels
2183         // altogether with GLOBAL_ENABLE_LABELS = false
2184
2185         if ($op == "pref-labels") {
2186
2187                 if (!GLOBAL_ENABLE_LABELS) {
2188                         return;
2189                 }
2190
2191                 $subop = $_GET["subop"];
2192
2193                 if ($subop == "test") {
2194
2195                         $expr = trim($_GET["expr"]);
2196                         $descr = trim($_GET["descr"]);
2197
2198                         print "<div id=\"infoBoxTitle\">Test label: $descr</div>";
2199
2200                         print "<div class='infoBoxContents'>";
2201
2202 #                       print "<h1>Label &laquo;$descr&raquo;</h1>";
2203
2204 //                      print "<p><b>Expression</b>: $expr</p>";
2205
2206                         $result = db_query($link,
2207                                 "SELECT count(id) AS num_matches
2208                                         FROM ttrss_entries,ttrss_user_entries
2209                                         WHERE ($expr) AND
2210                                                 ttrss_user_entries.ref_id = ttrss_entries.id AND
2211                                                 owner_uid = " . $_SESSION["uid"]);
2212
2213                         $num_matches = db_fetch_result($result, 0, "num_matches");;
2214
2215                         if ($num_matches > 0) {
2216
2217                                 print "<p>Query returned <b>$num_matches</b> matches, showing first 15:</p>";
2218
2219                                 $result = db_query($link,
2220                                         "SELECT title,
2221                                                 (SELECT title FROM ttrss_feeds WHERE id = feed_id) AS feed_title
2222                                         FROM ttrss_entries,ttrss_user_entries
2223                                                         WHERE ($expr) AND
2224                                                         ttrss_user_entries.ref_id = ttrss_entries.id
2225                                                         AND owner_uid = " . $_SESSION["uid"] . "
2226                                                         ORDER BY date_entered DESC LIMIT 15");
2227
2228                                 print "<ul class=\"filterTestResults\">";
2229
2230                                 $row_class = "even";
2231
2232                                 while ($line = db_fetch_assoc($result)) {
2233                                         $row_class = toggleEvenOdd($row_class);
2234
2235                                         print "<li class=\"$row_class\">".$line["title"].
2236                                                 " <span class=\"insensitive\">(".$line["feed_title"].")</span></li>";
2237                                 }
2238                                 print "</ul>";
2239
2240                         } else {
2241                                 print "<p>Query didn't return any matches.</p>";
2242                         }
2243
2244                         print "</div>";
2245
2246                         print "<div align='center'>
2247                                 <input type='submit' class='button'
2248                                 onclick=\"closeInfoBox()\" value=\"Close this window\"></div>";
2249                         return;
2250                 }
2251
2252                 if ($subop == "editSave") {
2253
2254                         $sql_exp = trim($_GET["sql_exp"]);
2255                         $descr = db_escape_string(trim($_GET["description"]));
2256                         $label_id = db_escape_string($_GET["id"]);
2257
2258                         $result = db_query($link, "UPDATE ttrss_labels SET
2259                                 sql_exp = '$sql_exp',
2260                                 description = '$descr'
2261                                 WHERE id = '$label_id'");
2262                 }
2263
2264                 if ($subop == "remove") {
2265
2266                         if (!WEB_DEMO_MODE) {
2267
2268                                 $ids = split(",", db_escape_string($_GET["ids"]));
2269
2270                                 foreach ($ids as $id) {
2271                                         db_query($link, "DELETE FROM ttrss_labels WHERE id = '$id'");
2272
2273                                 }
2274                         }
2275                 }
2276
2277                 if ($subop == "add") {
2278
2279                         if (!WEB_DEMO_MODE) {
2280
2281                                 // no escaping is done here on purpose
2282                                 $exp = trim($_GET["exp"]);
2283
2284                                 $result = db_query($link,
2285                                         "INSERT INTO ttrss_labels (sql_exp,description,owner_uid)
2286                                                 VALUES ('$exp', '$exp', '".$_SESSION["uid"]."')");
2287                         }
2288                 }
2289
2290                 print "<div class=\"prefGenericAddBox\">
2291                         <input size=\"40\"
2292                                 onkeyup=\"toggleSubmitNotEmpty(this, 'label_create_btn')\"
2293                                 id=\"ladd_expr\">&nbsp;";
2294
2295                 print"<input type=\"submit\" class=\"button\"
2296                         disabled=\"true\" id=\"label_create_btn\"
2297                         onclick=\"javascript:addLabel()\" value=\"Create label\"></div>";
2298
2299                 $result = db_query($link, "SELECT
2300                                 id,sql_exp,description
2301                         FROM
2302                                 ttrss_labels
2303                         WHERE
2304                                 owner_uid = ".$_SESSION["uid"]."
2305                         ORDER by description");
2306
2307 //              print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>";
2308
2309                 if (db_num_rows($result) != 0) {
2310
2311                         print "<form id=\"label_edit_form\">";
2312
2313                         print "<p><table width=\"100%\" cellspacing=\"0\"
2314                                 class=\"prefLabelList\" id=\"prefLabelList\">";
2315
2316                         print "<tr><td class=\"selectPrompt\" colspan=\"8\">
2317                                 Select:
2318                                         <a href=\"javascript:selectPrefRows('label', true)\">All</a>,
2319                                         <a href=\"javascript:selectPrefRows('label', false)\">None</a>
2320                                 </td</tr>";
2321
2322                         print "<tr class=\"title\">
2323                                                 <td width=\"5%\">&nbsp;</td>
2324                                                 <td width=\"40%\">SQL expression
2325                                                 <a class=\"helpLink\" href=\"javascript:displayHelpInfobox(1)\">(?)</a>
2326                                                 </td>
2327                                                 <td width=\"40%\">Caption</td></tr>";
2328
2329                         $lnum = 0;
2330
2331                         while ($line = db_fetch_assoc($result)) {
2332
2333                                 $class = ($lnum % 2) ? "even" : "odd";
2334
2335                                 $label_id = $line["id"];
2336                                 $edit_label_id = $_GET["id"];
2337
2338                                 if ($subop == "edit" && $label_id != $edit_label_id) {
2339                                         $class .= "Grayed";
2340                                         $this_row_id = "";
2341                                 } else {
2342                                         $this_row_id = "id=\"LILRR-$label_id\"";
2343                                 }
2344
2345                                 print "<tr class=\"$class\" $this_row_id>";
2346
2347                                 $line["sql_exp"] = htmlspecialchars($line["sql_exp"]);
2348                                 $line["description"] = htmlspecialchars($line["description"]);
2349
2350                                 if (!$edit_label_id || $subop != "edit") {
2351
2352                                         if (!$line["description"]) $line["description"] = "[No caption]";
2353
2354                                         print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"label\");'
2355                                         type=\"checkbox\" id=\"LICHK-".$line["id"]."\"></td>";
2356
2357                                         print "<td><a href=\"javascript:editLabel($label_id);\">" .
2358                                                 $line["sql_exp"] . "</td>";
2359
2360                                         print "<td><a href=\"javascript:editLabel($label_id);\">" .
2361                                                 $line["description"] . "</td>";
2362
2363                                 } else if ($label_id != $edit_label_id) {
2364
2365                                         if (!$line["description"]) $line["description"] = "[No description]";
2366
2367                                         print "<td align='center'><input disabled=\"true\" type=\"checkbox\"
2368                                                 id=\"LICHK-".$line["id"]."\"></td>";
2369
2370                                         print "<td>".$line["sql_exp"]."</td>";
2371                                         print "<td>".$line["description"]."</td>";
2372
2373                                 } else {
2374
2375                                         print "<td align='center'><input disabled=\"true\" type=\"checkbox\" checked>";
2376
2377                                         print "<input type=\"hidden\" name=\"id\" value=\"$label_id\">";
2378                                         print "<input type=\"hidden\" name=\"op\" value=\"pref-labels\">";
2379                                         print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">";
2380
2381                                         print "</td>";
2382
2383                                         print "<td><input onkeypress=\"return filterCR(event)\"
2384                                                 class=\"iedit\" name=\"sql_exp\" value=\"".$line["sql_exp"]."\"></td>";
2385
2386                                         print "<td><input onkeypress=\"return filterCR(event)\"
2387                                                 class=\"iedit\" name=\"description\" value=\"".$line["description"]."\"></td>";
2388                                 }
2389
2390
2391                                 print "</tr>";
2392
2393                                 ++$lnum;
2394                         }
2395
2396                         if ($lnum == 0) {
2397                                 print "<tr><td colspan=\"4\" align=\"center\">No labels defined.</td></tr>";
2398                         }
2399
2400                         print "</table>";
2401
2402                         print "</form>";
2403
2404                         print "<p id=\"labelOpToolbar\">";
2405
2406                         if ($subop == "edit") {
2407                                 print "Edit label:
2408                                         <input type=\"submit\" class=\"button\"
2409                                                 onclick=\"javascript:labelTest()\" value=\"Test\">
2410                                         <input type=\"submit\" class=\"button\"
2411                                                 onclick=\"javascript:labelEditSave()\" value=\"Save\">
2412                                         <input type=\"submit\" class=\"button\"
2413                                                 onclick=\"javascript:labelEditCancel()\" value=\"Cancel\">";
2414
2415                         } else {
2416                                 print "
2417                                         Selection:
2418                                 <input type=\"submit\" class=\"button\" disabled=\"true\"
2419                                         onclick=\"javascript:editSelectedLabel()\" value=\"Edit\">
2420                                 <input type=\"submit\" class=\"button\" disabled=\"true\"
2421                                         onclick=\"javascript:removeSelectedLabels()\" value=\"Remove\">";
2422                         }
2423                 } else {
2424                         print "<p>No labels defined.</p>";
2425                 }
2426         }
2427
2428         if ($op == "error") {
2429                 print "<div width=\"100%\" align='center'>";
2430                 $msg = $_GET["msg"];
2431                 print $msg;
2432                 print "</div>";
2433         }
2434
2435         if ($op == "help") {
2436                 if (!$_GET["noheaders"]) {
2437                         print "<html><head>
2438                                 <title>Tiny Tiny RSS : Help</title>
2439                                 <link rel=\"stylesheet\" href=\"tt-rss.css\" type=\"text/css\">
2440                                 <script type=\"text/javascript\" src=\"prototype.js\"></script>
2441                                 <script type=\"text/javascript\" src=\"functions.js?$script_dt_add\"></script>
2442                                 <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">
2443                                 </head><body>";
2444                 }
2445
2446                 $tid = sprintf("%d", $_GET["tid"]);
2447
2448                 print "<div id=\"infoBoxTitle\">Help</div>";
2449
2450                 print "<div class='infoBoxContents'>";
2451
2452                 if (file_exists("help/$tid.php")) {
2453                         include("help/$tid.php");
2454                 } else {
2455                         print "<p>Help topic not found.</p>";
2456                 }
2457
2458                 print "</div>";
2459
2460                 print "<div align='center'>
2461                         <input type='submit' class='button'
2462                         onclick=\"closeInfoBox()\" value=\"Close this window\"></div>";
2463
2464                 if (!$_GET["noheaders"]) {
2465                         print "</body></html>";
2466                 }
2467
2468         }
2469
2470         if ($op == "dlg") {
2471                 $id = $_GET["id"];
2472                 $param = $_GET["param"];
2473
2474                 if ($id == "quickAddFeed") {
2475
2476                         print "<div id=\"infoBoxTitle\">Subscribe to feed</div>";
2477                         print "<div class=\"infoBoxContents\">";
2478
2479                         print "<form id='feed_add_form'>";
2480
2481                         print "<input type=\"hidden\" name=\"op\" value=\"pref-feeds\">";
2482                         print "<input type=\"hidden\" name=\"quiet\" value=\"1\">";
2483                         print "<input type=\"hidden\" name=\"subop\" value=\"add\">";
2484
2485                         print "<table width='100%'>
2486                         <tr><td>Feed URL:</td><td>
2487                                 <input class=\"iedit\" onblur=\"javascript:enableHotkeys()\"
2488                                         onkeypress=\"return filterCR(event)\"
2489                                         onkeyup=\"toggleSubmitNotEmpty(this, 'fadd_submit_btn')\"
2490                                         onfocus=\"javascript:disableHotkeys()\" name=\"feed_url\"></td></tr>";
2491
2492                         if (get_pref($link, 'ENABLE_FEED_CATS')) {
2493                                 print "<tr><td>Category:</td><td>";
2494                                 print_feed_cat_select($link, "cat_id");
2495                                 print "</td></tr>";
2496                         }
2497
2498                         print "</table>";
2499                         print "</form>";
2500
2501                         print "<div align='right'>
2502                                 <input class=\"button\"
2503                                         id=\"fadd_submit_btn\" disabled=\"true\"
2504                                         type=\"submit\" onclick=\"javascript:qafAdd()\" value=\"Subscribe\">
2505                                 <input class=\"button\"
2506                                         type=\"submit\" onclick=\"javascript:closeInfoBox()\"
2507                                         value=\"Cancel\"></div>";
2508
2509                 }
2510
2511                 if ($id == "search") {
2512
2513                         print "<div id=\"infoBoxTitle\">Search</div>";
2514                         print "<div class=\"infoBoxContents\">";
2515
2516                         print "<form id='search_form'>";
2517
2518                         $active_feed_id = db_escape_string($_GET["param"]);
2519
2520                         print "<table width='100%'><tr><td>Search:</td><td>";
2521
2522                         print "<input name=\"query\" class=\"iedit\"
2523                                 onkeypress=\"return filterCR(event)\"
2524                                 onkeyup=\"toggleSubmitNotEmpty(this, 'search_submit_btn')\"
2525                                 value=\"\">
2526                         </td></tr>";
2527
2528                         print "<tr><td>Where:</td><td>";
2529
2530                         print "<select name=\"search_mode\">
2531                                 <option value=\"all_feeds\">All feeds</option>";
2532
2533                         $feed_title = getFeedTitle($link, $active_feed_id);
2534                         $feed_cat_title = getFeedCatTitle($link, $active_feed_id);
2535
2536                         if ($active_feed_id) {
2537                                 print "<option selected value=\"this_feed\">This feed ($feed_title)</option>";
2538                         } else {
2539                                 print "<option disabled>This feed</option>";
2540                         }
2541
2542                         if (get_pref($link, 'ENABLE_FEED_CATS') && $active_feed_id && $active_feed_id > 0) {
2543                                 print "<option value=\"this_cat\">This category ($feed_cat_title)</option>";
2544                         } else {
2545                                 print "<option disabled>This category</option>";
2546                         }
2547
2548                         print "</select></td></tr>";
2549
2550                         print "<tr><td>Match on:</td><td>";
2551
2552                         $search_fields = array(
2553                                 "title" => "Title",
2554                                 "content" => "Content",
2555                                 "both" => "Title or content");
2556
2557                         print_select_hash("match_on", 3, $search_fields);
2558
2559                         print "</td></tr></table>";
2560
2561                         print "</form>";
2562
2563                         print "<div align=\"right\">
2564                         <input type=\"submit\"
2565                                 class=\"button\" onclick=\"javascript:search()\"
2566                                 id=\"search_submit_btn\" disabled=\"true\"
2567                                 value=\"Search\">
2568                         <input class=\"button\"
2569                                 type=\"submit\" onclick=\"javascript:searchCancel()\"
2570                                 value=\"Cancel\"></div>";
2571
2572                         print "</div>";
2573
2574                 }
2575
2576                 if ($id == "quickAddFilter") {
2577
2578                         $active_feed_id = db_escape_string($_GET["param"]);
2579
2580                         print "<div id=\"infoBoxTitle\">Create filter</div>";
2581                         print "<div class=\"infoBoxContents\">";
2582
2583                         print "<form id=\"filter_add_form\">";
2584
2585                         print "<input type=\"hidden\" name=\"op\" value=\"pref-filters\">";
2586                         print "<input type=\"hidden\" name=\"quiet\" value=\"1\">";
2587                         print "<input type=\"hidden\" name=\"subop\" value=\"add\">";
2588
2589 //                      print "<div class=\"notice\"><b>Note:</b> filter will only apply to new articles.</div>";
2590
2591                         $result = db_query($link, "SELECT id,description
2592                                 FROM ttrss_filter_types ORDER BY description");
2593
2594                         $filter_types = array();
2595
2596                         while ($line = db_fetch_assoc($result)) {
2597                                 //array_push($filter_types, $line["description"]);
2598                                 $filter_types[$line["id"]] = $line["description"];
2599                         }
2600
2601                         print "<table width='100%'>";
2602
2603                         print "<tr><td>Match:</td>
2604                                 <td><input onkeypress=\"return filterCR(event)\"
2605                                          onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
2606                                         name=\"reg_exp\" class=\"iedit\">";
2607                         print "</td><td>";
2608
2609                         print_select_hash("filter_type", 1, $filter_types, "class=\"iedit\"");
2610
2611                         print "</td></tr>";
2612                         print "<tr><td>Feed:</td><td colspan='2'>";
2613
2614                         print_feed_select($link, "feed_id", $active_feed_id);
2615
2616                         print "</td></tr>";
2617
2618                         print "<tr><td>Action:</td>";
2619
2620                         print "<td colspan='2'><select name=\"action_id\">";
2621
2622                         $result = db_query($link, "SELECT id,description FROM ttrss_filter_actions
2623                                 ORDER BY name");
2624
2625                         while ($line = db_fetch_assoc($result)) {
2626                                 printf("<option value='%d'>%s</option>", $line["id"], $line["description"]);
2627                         }
2628
2629                         print "</select>";
2630
2631                         print "</td></tr></table>";
2632
2633                         print "</form>";
2634
2635                         print "<div align='right'>";
2636
2637                         print "<input type=\"submit\"
2638                                 id=\"infobox_submit\"
2639                                 class=\"button\" onclick=\"qaddFilter()\"
2640                                 disabled=\"true\" value=\"Create\"> ";
2641
2642                         print "<input class=\"button\"
2643                                 type=\"submit\" onclick=\"closeInfoBox()\"
2644                                 value=\"Cancel\">";
2645
2646                         print "</div>";
2647
2648 //                      print "</td></tr></table>";
2649
2650                 }
2651
2652                 print "</div>";
2653
2654         }
2655
2656         // update feeds of all users, may be used anonymously
2657         if ($op == "globalUpdateFeeds") {
2658
2659                 $result = db_query($link, "SELECT id FROM ttrss_users");
2660
2661                 while ($line = db_fetch_assoc($result)) {
2662                         $user_id = $line["id"];
2663 //                      print "<!-- updating feeds of uid $user_id -->";
2664                         update_all_feeds($link, false, $user_id);
2665                 }
2666
2667                 print "<rpc-reply>
2668                         <message msg=\"All feeds updated\"/>
2669                 </rpc-reply>";
2670
2671         }
2672
2673         if ($op == "pref-prefs") {
2674
2675                 $subop = $_REQUEST["subop"];
2676
2677                 if ($subop == "Save configuration") {
2678
2679                         if (WEB_DEMO_MODE) {
2680                                 header("Location: prefs.php");
2681                                 return;
2682                         }
2683
2684                         $_SESSION["prefs_op_result"] = "save-config";
2685
2686                         $_SESSION["prefs_cache"] = false;
2687
2688                         foreach (array_keys($_POST) as $pref_name) {
2689
2690                                 $pref_name = db_escape_string($pref_name);
2691                                 $value = db_escape_string($_POST[$pref_name]);
2692
2693                                 $result = db_query($link, "SELECT type_name
2694                                         FROM ttrss_prefs,ttrss_prefs_types
2695                                         WHERE pref_name = '$pref_name' AND type_id = ttrss_prefs_types.id");
2696
2697                                 if (db_num_rows($result) > 0) {
2698
2699                                         $type_name = db_fetch_result($result, 0, "type_name");
2700
2701 //                                      print "$pref_name : $type_name : $value<br>";
2702
2703                                         if ($type_name == "bool") {
2704                                                 if ($value == "1") {
2705                                                         $value = "true";
2706                                                 } else {
2707                                                         $value = "false";
2708                                                 }
2709                                         } else if ($type_name == "integer") {
2710                                                 $value = sprintf("%d", $value);
2711                                         }
2712
2713 //                                      print "$pref_name : $type_name : $value<br>";
2714
2715                                         db_query($link, "UPDATE ttrss_user_prefs SET value = '$value'
2716                                                 WHERE pref_name = '$pref_name' AND owner_uid = ".$_SESSION["uid"]);
2717
2718                                 }
2719
2720                                 header("Location: prefs.php");
2721
2722                         }
2723
2724                 } else if ($subop == "getHelp") {
2725
2726                         $pref_name = db_escape_string($_GET["pn"]);
2727
2728                         $result = db_query($link, "SELECT help_text FROM ttrss_prefs
2729                                 WHERE pref_name = '$pref_name'");
2730
2731                         if (db_num_rows($result) > 0) {
2732                                 $help_text = db_fetch_result($result, 0, "help_text");
2733                                 print $help_text;
2734                         } else {
2735                                 print "Unknown option: $pref_name";
2736                         }
2737
2738                 } else if ($subop == "Change e-mail") {
2739
2740                         if (WEB_DEMO_MODE) {
2741                                 header("Location: prefs.php");
2742                                 return;
2743                         }
2744
2745                         $email = db_escape_string($_GET["email"]);
2746                         $active_uid = $_SESSION["uid"];
2747
2748                         if ($email) {
2749                                 db_query($link, "UPDATE ttrss_users SET email = '$email'
2750                                                 WHERE id = '$active_uid'");
2751                         }
2752
2753                         header("Location: prefs.php");
2754
2755                 } else if ($subop == "Change password") {
2756
2757                         if (WEB_DEMO_MODE) {
2758                                 header("Location: prefs.php");
2759                                 return;
2760                         }
2761
2762                         $old_pw = $_POST["OLD_PASSWORD"];
2763                         $new_pw = $_POST["OLD_PASSWORD"];
2764
2765                         $old_pw_hash = 'SHA1:' . sha1($_POST["OLD_PASSWORD"]);
2766                         $new_pw_hash = 'SHA1:' . sha1($_POST["NEW_PASSWORD"]);
2767
2768                         $active_uid = $_SESSION["uid"];
2769
2770                         if ($old_pw && $new_pw) {
2771
2772                                 $login = db_escape_string($_SERVER['PHP_AUTH_USER']);
2773
2774                                 $result = db_query($link, "SELECT id FROM ttrss_users WHERE
2775                                         id = '$active_uid' AND (pwd_hash = '$old_pw' OR
2776                                                 pwd_hash = '$old_pw_hash')");
2777
2778                                 if (db_num_rows($result) == 1) {
2779                                         db_query($link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash'
2780                                                 WHERE id = '$active_uid'");
2781
2782                                         $_SESSION["pwd_change_result"] = "ok";
2783                                 } else {
2784                                         $_SESSION["pwd_change_result"] = "failed";
2785                                 }
2786                         }
2787
2788                         header("Location: prefs.php");
2789
2790                 } else if ($subop == "Reset to defaults") {
2791
2792                         if (WEB_DEMO_MODE) {
2793                                 header("Location: prefs.php");
2794                                 return;
2795                         }
2796
2797                         $_SESSION["prefs_op_result"] = "reset-to-defaults";
2798
2799                         if (DB_TYPE == "pgsql") {
2800                                 db_query($link,"UPDATE ttrss_user_prefs
2801                                         SET value = ttrss_prefs.def_value
2802                                         WHERE owner_uid = '".$_SESSION["uid"]."' AND
2803                                         ttrss_prefs.pref_name = ttrss_user_prefs.pref_name");
2804                         } else {
2805                                 db_query($link, "DELETE FROM ttrss_user_prefs
2806                                         WHERE owner_uid = ".$_SESSION["uid"]);
2807                                 initialize_user_prefs($link, $_SESSION["uid"]);
2808                         }
2809
2810                         header("Location: prefs.php");
2811
2812                 } else if ($subop == "Change theme") {
2813
2814                         $theme = db_escape_string($_POST["theme"]);
2815
2816                         if ($theme == "Default") {
2817                                 $theme_qpart = 'NULL';
2818                         } else {
2819                                 $theme_qpart = "'$theme'";
2820                         }
2821
2822                         $result = db_query($link, "SELECT id,theme_path FROM ttrss_themes
2823                                 WHERE theme_name = '$theme'");
2824
2825                         if (db_num_rows($result) == 1) {
2826                                 $theme_id = db_fetch_result($result, 0, "id");
2827                                 $theme_path = db_fetch_result($result, 0, "theme_path");
2828                         } else {
2829                                 $theme_id = "NULL";
2830                                 $theme_path = "";
2831                         }
2832
2833                         db_query($link, "UPDATE ttrss_users SET
2834                                 theme_id = $theme_id WHERE id = " . $_SESSION["uid"]);
2835
2836                         $_SESSION["theme"] = $theme_path;
2837
2838                         header("Location: prefs.php");
2839
2840                 } else {
2841
2842                         if (!SINGLE_USER_MODE) {
2843
2844                                 $result = db_query($link, "SELECT id,email FROM ttrss_users
2845                                         WHERE id = ".$_SESSION["uid"]." AND (pwd_hash = 'password' OR
2846                                                 pwd_hash = 'SHA1:".sha1("password")."')");
2847
2848                                 if (db_num_rows($result) != 0) {
2849                                         print "<div class=\"warning\">
2850                                                 Your password is at default value, please change it.
2851                                         </div>";
2852                                 }
2853
2854                                 if ($_SESSION["pwd_change_result"] == "failed") {
2855                                         print "<div class=\"warning\">
2856                                                         There was an error while changing your password.
2857                                                 </div>";
2858                                 }
2859
2860                                 if ($_SESSION["pwd_change_result"] == "ok") {
2861                                         print "<div class=\"notice\">
2862                                                         Password changed successfully.
2863                                                 </div>";
2864                                 }
2865
2866                                 $_SESSION["pwd_change_result"] = "";
2867
2868                                 if ($_SESSION["prefs_op_result"] == "reset-to-defaults") {
2869                                         print "<div class=\"notice\">
2870                                                         Your configuration was reset to defaults.
2871                                                 </div>";
2872                                 }
2873
2874                                 if ($_SESSION["prefs_op_result"] == "save-config") {
2875                                         print "<div class=\"notice\">
2876                                                         Your configuration was saved successfully.
2877                                                 </div>";
2878                                 }
2879
2880                                 $_SESSION["prefs_op_result"] = "";
2881
2882                                 print "<form action=\"backend.php\" method=\"GET\">";
2883
2884                                 print "<table width=\"100%\" class=\"prefPrefsList\">";
2885                                 print "<tr><td colspan='3'><h3>Personal data</h3></tr></td>";
2886
2887                                 $result = db_query($link, "SELECT email FROM ttrss_users
2888                                         WHERE id = ".$_SESSION["uid"]);
2889
2890                                 $email = db_fetch_result($result, 0, "email");
2891
2892                                 print "<tr><td width=\"40%\">E-mail</td>";
2893                                 print "<td><input class=\"editbox\" name=\"email\"
2894                                         value=\"$email\"></td></tr>";
2895
2896                                 print "</table>";
2897
2898                                 print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">";
2899
2900                                 print "<p><input class=\"button\" type=\"submit\"
2901                                         value=\"Change e-mail\" name=\"subop\">";
2902
2903                                 print "</form>";
2904
2905                                 print "<form action=\"backend.php\" method=\"POST\" name=\"changePassForm\">";
2906
2907                                 print "<table width=\"100%\" class=\"prefPrefsList\">";
2908                                 print "<tr><td colspan='3'><h3>Authentication</h3></tr></td>";
2909
2910                                 print "<tr><td width=\"40%\">Old password</td>";
2911                                 print "<td><input class=\"editbox\" type=\"password\"
2912                                         name=\"OLD_PASSWORD\"></td></tr>";
2913
2914                                 print "<tr><td width=\"40%\">New password</td>";
2915
2916                                 print "<td><input class=\"editbox\" type=\"password\"
2917                                         name=\"NEW_PASSWORD\"></td></tr>";
2918
2919                                 print "</table>";
2920
2921                                 print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">";
2922
2923                                 print "<p><input class=\"button\" type=\"submit\"
2924                                         onclick=\"return validateNewPassword(this.form)\"
2925                                         value=\"Change password\" name=\"subop\">";
2926
2927                                 print "</form>";
2928
2929                         }
2930
2931                         $result = db_query($link, "SELECT
2932                                 theme_id FROM ttrss_users WHERE id = " . $_SESSION["uid"]);
2933
2934                         $user_theme_id = db_fetch_result($result, 0, "theme_id");
2935
2936                         $result = db_query($link, "SELECT
2937                                 id,theme_name FROM ttrss_themes ORDER BY theme_name");
2938
2939                         if (db_num_rows($result) > 0) {
2940
2941                                 print "<form action=\"backend.php\" method=\"POST\">";
2942                                 print "<table width=\"100%\" class=\"prefPrefsList\">";
2943                                 print "<tr><td colspan='3'><h3>Themes</h3></tr></td>";
2944                                 print "<tr><td width=\"40%\">Select theme</td>";
2945                                 print "<td><select name=\"theme\">";
2946                                 print "<option>Default</option>";
2947                                 print "<option disabled>--------</option>";
2948
2949                                 while ($line = db_fetch_assoc($result)) {
2950                                         if ($line["id"] == $user_theme_id) {
2951                                                 $selected = "selected";
2952                                         } else {
2953                                                 $selected = "";
2954                                         }
2955                                         print "<option $selected>" . $line["theme_name"] . "</option>";
2956                                 }
2957                                 print "</select></td></tr>";
2958                                 print "</table>";
2959                                 print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">";
2960                                 print "<p><input class=\"button\" type=\"submit\"
2961                                         value=\"Change theme\" name=\"subop\">";
2962                                 print "</form>";
2963                         }
2964
2965                         $result = db_query($link, "SELECT
2966                                 ttrss_user_prefs.pref_name,short_desc,help_text,value,type_name,
2967                                 section_name,def_value
2968                                 FROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs
2969                                 WHERE type_id = ttrss_prefs_types.id AND
2970                                         section_id = ttrss_prefs_sections.id AND
2971                                         ttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND
2972                                         owner_uid = ".$_SESSION["uid"]."
2973                                 ORDER BY section_id,short_desc");
2974
2975                         print "<form action=\"backend.php\" method=\"POST\">";
2976
2977                         $lnum = 0;
2978
2979                         $active_section = "";
2980
2981                         while ($line = db_fetch_assoc($result)) {
2982
2983                                 if ($active_section != $line["section_name"]) {
2984
2985                                         if ($active_section != "") {
2986                                                 print "</table>";
2987                                         }
2988
2989                                         print "<p><table width=\"100%\" class=\"prefPrefsList\">";
2990
2991                                         $active_section = $line["section_name"];
2992
2993                                         print "<tr><td colspan=\"3\"><h3>$active_section</h3></td></tr>";
2994 //                                      print "<tr class=\"title\">
2995 //                                              <td width=\"25%\">Option</td><td>Value</td></tr>";
2996
2997                                         $lnum = 0;
2998                                 }
2999
3000 //                              $class = ($lnum % 2) ? "even" : "odd";
3001
3002                                 print "<tr>";
3003
3004                                 $type_name = $line["type_name"];
3005                                 $pref_name = $line["pref_name"];
3006                                 $value = $line["value"];
3007                                 $def_value = $line["def_value"];
3008                                 $help_text = $line["help_text"];
3009
3010                                 print "<td width=\"40%\" id=\"$pref_name\">" . $line["short_desc"];
3011
3012                                 if ($help_text) print "<div class=\"prefHelp\">$help_text</div>";
3013
3014                                 print "</td>";
3015
3016                                 print "<td>";
3017
3018                                 if ($type_name == "bool") {
3019 //                                      print_select($pref_name, $value, array("true", "false"));
3020
3021                                         if ($value == "true") {
3022                                                 $value = "Yes";
3023                                         } else {
3024                                                 $value = "No";
3025                                         }
3026
3027                                         print_radio($pref_name, $value, array("Yes", "No"));
3028
3029                                 } else {
3030                                         print "<input class=\"editbox\" name=\"$pref_name\" value=\"$value\">";
3031                                 }
3032
3033                                 print "</td>";
3034
3035                                 print "</tr>";
3036
3037                                 $lnum++;
3038                         }
3039
3040                         print "</table>";
3041
3042                         print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">";
3043
3044                         print "<p><input class=\"button\" type=\"submit\"
3045                                 name=\"subop\" value=\"Save configuration\">";
3046
3047                         print "&nbsp;<input class=\"button\" type=\"submit\"
3048                                 name=\"subop\" onclick=\"return validatePrefsReset()\"
3049                                 value=\"Reset to defaults\"></p>";
3050
3051                         print "</form>";
3052
3053                 }
3054
3055         }
3056
3057         if ($op == "pref-users") {
3058
3059                 $subop = $_GET["subop"];
3060
3061                 if ($subop == "edit") {
3062
3063                         $id = db_escape_string($_GET["id"]);
3064
3065                         print "<div id=\"infoBoxTitle\">User editor</div>";
3066
3067                         print "<div class=\"infoBoxContents\">";
3068
3069                         print "<form id=\"user_edit_form\">";
3070
3071                         print "<input type=\"hidden\" name=\"id\" value=\"$id\">";
3072                         print "<input type=\"hidden\" name=\"op\" value=\"pref-users\">";
3073                         print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">";
3074
3075                         $result = db_query($link, "SELECT * FROM ttrss_users WHERE id = '$id'");
3076
3077                         $login = db_fetch_result($result, 0, "login");
3078                         $access_level = db_fetch_result($result, 0, "access_level");
3079                         $email = db_fetch_result($result, 0, "email");
3080
3081                         print "<table width='100%'>";
3082                         print "<tr><td>Login:</td><td>
3083                                 <input class=\"iedit\" onkeypress=\"return filterCR(event)\"
3084                                 name=\"login\" value=\"$login\"></td></tr>";
3085
3086                         print "<tr><td>Change password:</td><td>
3087                                 <input class=\"iedit\" onkeypress=\"return filterCR(event)\"
3088                                 name=\"password\"></td></tr>";
3089
3090                         print "<tr><td>E-mail:</td><td>
3091                                 <input class=\"iedit\" name=\"email\" onkeypress=\"return filterCR(event)\"
3092                                 value=\"$email\"></td></tr>";
3093
3094                         $sel_disabled = ($id == $_SESSION["uid"]) ? "disabled" : "";
3095
3096                         print "<tr><td>Access level:</td><td>";
3097                         print_select_hash("access_level", $access_level, $access_level_names,
3098                                 $sel_disabled);
3099                         print "</td></tr>";
3100
3101                         print "</table>";
3102
3103                         print "</form>";
3104
3105                         print "<div align='right'>
3106                                 <input class=\"button\"
3107                                         type=\"submit\" onclick=\"javascript:userEditSave()\" value=\"Save\">
3108                                 <input class=\"button\"
3109                                         type=\"submit\" onclick=\"javascript:userEditCancel()\"
3110                                         value=\"Cancel\"></div>";
3111
3112                         print "</div>";
3113
3114                         return;
3115                 }
3116
3117                 if ($subop == "editSave") {
3118
3119                         if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
3120
3121                                 $login = db_escape_string(trim($_GET["login"]));
3122                                 $uid = db_escape_string($_GET["id"]);
3123                                 $access_level = sprintf("%d", $_GET["access_level"]);
3124                                 $email = db_escape_string(trim($_GET["email"]));
3125                                 $password = db_escape_string(trim($_GET["password"]));
3126
3127                                 if ($password) {
3128                                         $pwd_hash = 'SHA1:' . sha1($password);
3129                                         $pass_query_part = "pwd_hash = '$pwd_hash', ";
3130                                         print "<div class='notice'>Changed password for user <b>$login</b>.</div>";
3131                                 } else {
3132                                         $pass_query_part = "";
3133                                 }
3134
3135                                 db_query($link, "UPDATE ttrss_users SET $pass_query_part login = '$login',
3136                                         access_level = '$access_level', email = '$email' WHERE id = '$uid'");
3137
3138                         }
3139                 } else if ($subop == "remove") {
3140
3141                         if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
3142
3143                                 $ids = split(",", db_escape_string($_GET["ids"]));
3144
3145                                 foreach ($ids as $id) {
3146                                         db_query($link, "DELETE FROM ttrss_users WHERE id = '$id' AND id != " . $_SESSION["uid"]);
3147
3148                                 }
3149                         }
3150                 } else if ($subop == "add") {
3151
3152                         if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
3153
3154                                 $login = db_escape_string(trim($_GET["login"]));
3155                                 $tmp_user_pwd = make_password(8);
3156                                 $pwd_hash = 'SHA1:' . sha1($tmp_user_pwd);
3157
3158                                 $result = db_query($link, "SELECT id FROM ttrss_users WHERE
3159                                         login = '$login'");
3160
3161                                 if (db_num_rows($result) == 0) {
3162
3163                                         db_query($link, "INSERT INTO ttrss_users
3164                                                 (login,pwd_hash,access_level,last_login)
3165                                                 VALUES ('$login', '$pwd_hash', 0, NOW())");
3166
3167
3168                                         $result = db_query($link, "SELECT id FROM ttrss_users WHERE
3169                                                 login = '$login' AND pwd_hash = '$pwd_hash'");
3170
3171                                         if (db_num_rows($result) == 1) {
3172
3173                                                 $new_uid = db_fetch_result($result, 0, "id");
3174
3175                                                 print "<div class=\"notice\">Added user <b>".$_GET["login"].
3176                                                         "</b> with password <b>$tmp_user_pwd</b>.</div>";
3177
3178                                                 initialize_user($link, $new_uid);
3179
3180                                         } else {
3181
3182                                                 print "<div class=\"warning\">Could not create user <b>".
3183                                                         $_GET["login"]."</b></div>";
3184
3185                                         }
3186                                 } else {
3187                                         print "<div class=\"warning\">User <b>".
3188                                                 $_GET["login"]."</b> already exists.</div>";
3189                                 }
3190                         }
3191                 } else if ($subop == "resetPass") {
3192
3193                         if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
3194
3195                                 $uid = db_escape_string($_GET["id"]);
3196
3197                                 $result = db_query($link, "SELECT login,email
3198                                         FROM ttrss_users WHERE id = '$uid'");
3199
3200                                 $login = db_fetch_result($result, 0, "login");
3201                                 $email = db_fetch_result($result, 0, "email");
3202                                 $tmp_user_pwd = make_password(8);
3203                                 $pwd_hash = 'SHA1:' . sha1($tmp_user_pwd);
3204
3205                                 db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash'
3206                                         WHERE id = '$uid'");
3207
3208                                 print "<div class=\"notice\">Changed password of
3209                                         user <b>$login</b> to <b>$tmp_user_pwd</b>.";
3210
3211                                 if (MAIL_RESET_PASS && $email) {
3212                                         print " Notifying <b>$email</b>.";
3213
3214                                         mail("$login <$email>", "Password reset notification",
3215                                                 "Hi, $login.\n".
3216                                                 "\n".
3217                                                 "Your password for this TT-RSS installation was reset by".
3218                                                         " an administrator.\n".
3219                                                 "\n".
3220                                                 "Your new password is $tmp_user_pwd, please remember".
3221                                                         " it for later reference.\n".
3222                                                 "\n".
3223                                                 "Sincerely, TT-RSS Mail Daemon.", "From: " . MAIL_FROM);
3224                                 }
3225
3226                                 print "</div>";
3227
3228                         }
3229                 }
3230
3231                 print "<div class=\"prefGenericAddBox\">
3232                         <input id=\"uadd_box\"
3233                                 onkeyup=\"toggleSubmitNotEmpty(this, 'user_add_btn')\"
3234                                 size=\"40\">&nbsp;";
3235
3236                 print"<input type=\"submit\" class=\"button\"
3237                         id=\"user_add_btn\" disabled=\"true\"
3238                         onclick=\"javascript:addUser()\" value=\"Create user\"></div>";
3239
3240                 $result = db_query($link, "SELECT
3241                                 id,login,access_level,email,
3242                                 SUBSTRING(last_login,1,16) as last_login
3243                         FROM
3244                                 ttrss_users
3245                         ORDER by login");
3246
3247 //              print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>";
3248
3249                 print "<p><table width=\"100%\" cellspacing=\"0\"
3250                         class=\"prefUserList\" id=\"prefUserList\">";
3251
3252                 print "<tr><td class=\"selectPrompt\" colspan=\"8\">
3253                                 Select:
3254                                         <a href=\"javascript:selectPrefRows('user', true)\">All</a>,
3255                                         <a href=\"javascript:selectPrefRows('user', false)\">None</a>
3256                                 </td</tr>";
3257
3258                 print "<tr class=\"title\">
3259                                         <td align='center' width=\"5%\">&nbsp;</td>
3260                                         <td width='40%'>Login</td>
3261                                         <td width='40%'>Access Level</td>
3262                                         <td width='30%'>Last login</td></tr>";
3263
3264                 $lnum = 0;
3265
3266                 while ($line = db_fetch_assoc($result)) {
3267
3268                         $class = ($lnum % 2) ? "even" : "odd";
3269
3270                         $uid = $line["id"];
3271                         $edit_uid = $_GET["id"];
3272
3273                         if ($subop == "edit" && $uid != $edit_uid) {
3274                                 $class .= "Grayed";
3275                                 $this_row_id = "";
3276                         } else {
3277                                 $this_row_id = "id=\"UMRR-$uid\"";
3278                         }
3279
3280                         print "<tr class=\"$class\" $this_row_id>";
3281
3282                         $line["login"] = htmlspecialchars($line["login"]);
3283
3284                         $line["last_login"] = date(get_pref($link, 'SHORT_DATE_FORMAT'),
3285                                 strtotime($line["last_login"]));
3286
3287                         $access_level_names = array(0 => "User", 10 => "Administrator");
3288
3289 //                      if (!$edit_uid || $subop != "edit") {
3290
3291                                 print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"user\");'
3292                                 type=\"checkbox\" id=\"UMCHK-$uid\"></td>";
3293
3294                                 print "<td><a href=\"javascript:editUser($uid);\">" .
3295                                         $line["login"] . "</td>";
3296
3297                                 if (!$line["email"]) $line["email"] = "&nbsp;";
3298
3299                                 print "<td><a href=\"javascript:editUser($uid);\">" .
3300                                         $access_level_names[$line["access_level"]] . "</td>";
3301
3302 /*                      } else if ($uid != $edit_uid) {
3303
3304                                 if (!$line["email"]) $line["email"] = "&nbsp;";
3305
3306                                 print "<td align='center'><input disabled=\"true\" type=\"checkbox\"
3307                                         id=\"UMCHK-".$line["id"]."\"></td>";
3308
3309                                 print "<td>".$line["login"]."</td>";
3310                                 print "<td>".$line["email"]."</td>";
3311                                 print "<td>".$access_level_names[$line["access_level"]]."</td>";
3312
3313                         } else {
3314
3315                                 print "<td align='center'>
3316                                         <input disabled=\"true\" type=\"checkbox\" checked></td>";
3317
3318                                 print "<td><input id=\"iedit_ulogin\" value=\"".$line["login"].
3319                                         "\"></td>";
3320
3321                                 print "<td><input id=\"iedit_email\" value=\"".$line["email"].
3322                                         "\"></td>";
3323
3324                                 print "<td>";
3325                                 print "<select id=\"iedit_ulevel\">";
3326                                 foreach (array_keys($access_level_names) as $al) {
3327                                         if ($al == $line["access_level"]) {
3328                                                 $selected = "selected";
3329                                         } else {
3330                                                 $selected = "";
3331                                         }
3332                                         print "<option $selected id=\"$al\">" .
3333                                                 $access_level_names[$al] . "</option>";
3334                                 }
3335                                 print "</select>";
3336                                 print "</td>";
3337
3338                         } */
3339
3340                         print "<td>".$line["last_login"]."</td>";
3341
3342                         print "</tr>";
3343
3344                         ++$lnum;
3345                 }
3346
3347                 print "</table>";
3348
3349                 print "<p id='userOpToolbar'>";
3350
3351 /*              if ($subop == "edit") {
3352                         print "Edit user:
3353                                 <input type=\"submit\" class=\"button\"
3354                                         onclick=\"javascript:userEditSave()\" value=\"Save\">
3355                                 <input type=\"submit\" class=\"button\"
3356                                         onclick=\"javascript:userEditCancel()\" value=\"Cancel\">";
3357
3358                 } else { */
3359
3360                         print "
3361                                 Selection:
3362                         <input type=\"submit\" class=\"button\" disabled=\"true\"
3363                                 onclick=\"javascript:selectedUserDetails()\" value=\"User details\">
3364                         <input type=\"submit\" class=\"button\" disabled=\"true\"
3365                                 onclick=\"javascript:editSelectedUser()\" value=\"Edit\">
3366                         <input type=\"submit\" class=\"button\" disabled=\"true\"
3367                                 onclick=\"javascript:removeSelectedUsers()\" value=\"Remove\">
3368                         <input type=\"submit\" class=\"button\" disabled=\"true\"
3369                                 onclick=\"javascript:resetSelectedUserPass()\" value=\"Reset password\">";
3370
3371 //              }
3372         }
3373
3374         if ($op == "user-details") {
3375
3376                 if (WEB_DEMO_MODE || $_SESSION["access_level"] < 10) {
3377                         return;
3378                 }
3379
3380 /*              print "<html><head>
3381                         <title>Tiny Tiny RSS : User Details</title>
3382                         <link rel=\"stylesheet\" href=\"tt-rss.css\" type=\"text/css\">
3383                         <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">
3384                         </head><body>"; */
3385
3386                 $uid = sprintf("%d", $_GET["id"]);
3387
3388                 print "<div id=\"infoBoxTitle\">User details</div>";
3389
3390                 print "<div class='infoBoxContents'>";
3391
3392                 $result = db_query($link, "SELECT login,
3393                         SUBSTRING(last_login,1,16) AS last_login,
3394                         access_level,
3395                         (SELECT COUNT(int_id) FROM ttrss_user_entries
3396                                 WHERE owner_uid = id) AS stored_articles
3397                         FROM ttrss_users
3398                         WHERE id = '$uid'");
3399
3400                 if (db_num_rows($result) == 0) {
3401                         print "<h1>User not found</h1>";
3402                         return;
3403                 }
3404
3405 #               print "<h1>User Details</h1>";
3406
3407                 $login = db_fetch_result($result, 0, "login");
3408
3409 #               print "<h1>$login</h1>";
3410
3411                 print "<table width='100%'>";
3412
3413                 $last_login = date(get_pref($link, 'LONG_DATE_FORMAT'),
3414                         strtotime(db_fetch_result($result, 0, "last_login")));
3415                 $access_level = db_fetch_result($result, 0, "access_level");
3416                 $stored_articles = db_fetch_result($result, 0, "stored_articles");
3417
3418 #               print "<tr><td>Username</td><td>$login</td></tr>";
3419 #               print "<tr><td>Access level</td><td>$access_level</td></tr>";
3420                 print "<tr><td>Last logged in</td><td>$last_login</td></tr>";
3421                 print "<tr><td>Stored articles</td><td>$stored_articles</td></tr>";
3422
3423                 $result = db_query($link, "SELECT COUNT(id) as num_feeds FROM ttrss_feeds
3424                         WHERE owner_uid = '$uid'");
3425
3426                 $num_feeds = db_fetch_result($result, 0, "num_feeds");
3427
3428                 print "<tr><td>Subscribed feeds count</td><td>$num_feeds</td></tr>";
3429
3430 /*              $result = db_query($link, "SELECT
3431                         SUM(LENGTH(content)+LENGTH(title)+LENGTH(link)+LENGTH(guid)) AS db_size
3432                         FROM ttrss_user_entries,ttrss_entries
3433                                 WHERE owner_uid = '$uid' AND ref_id = id");
3434
3435                 $db_size = round(db_fetch_result($result, 0, "db_size") / 1024);
3436
3437                 print "<tr><td>Approx. used DB size</td><td>$db_size KBytes</td></tr>";  */
3438
3439                 print "</table>";
3440
3441                 print "<h1>Subscribed feeds</h1>";
3442
3443                 $result = db_query($link, "SELECT id,title,site_url FROM ttrss_feeds
3444                         WHERE owner_uid = '$uid' ORDER BY title");
3445
3446                 print "<ul class=\"userFeedList\">";
3447
3448                 $row_class = "odd";
3449
3450                 while ($line = db_fetch_assoc($result)) {
3451
3452                         $icon_file = ICONS_URL."/".$line["id"].".ico";
3453
3454                         if (file_exists($icon_file) && filesize($icon_file) > 0) {
3455                                 $feed_icon = "<img class=\"tinyFeedIcon\" src=\"$icon_file\">";
3456                         } else {
3457                                 $feed_icon = "<img class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\">";
3458                         }
3459
3460                         print "<li class=\"$row_class\">$feed_icon&nbsp;<a href=\"".$line["site_url"]."\">".$line["title"]."</a></li>";
3461
3462                         $row_class = toggleEvenOdd($row_class);
3463
3464                 }
3465
3466                 if (db_num_rows($result) < $num_feeds) {
3467                          // FIXME - add link to show ALL subscribed feeds here somewhere
3468                         print "<li><img
3469                                 class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\">&nbsp;...</li>";
3470                 }
3471
3472                 print "</ul>";
3473
3474                 print "</div>";
3475
3476                 print "<div align='center'>
3477                         <input type='submit' class='button'
3478                         onclick=\"closeInfoBox()\" value=\"Close this window\"></div>";
3479
3480 //              print "</body></html>";
3481
3482         }
3483
3484         if ($op == "pref-feed-browser") {
3485
3486                 if (!ENABLE_FEED_BROWSER) {
3487                         print "Feed browser is administratively disabled.";
3488                         return;
3489                 }
3490
3491                 $subop = $_REQUEST["subop"];
3492
3493                 if ($subop == "details") {
3494                         $id = db_escape_string($_GET["id"]);
3495
3496                         print "<div class=\"browserFeedInfo\">";
3497                         print "<b>Feed information:</b>";
3498                         print "<div class=\"detailsPart\">";
3499
3500                         $result = db_query($link, "SELECT
3501                                         feed_url,site_url,
3502                                         SUBSTRING(last_updated,1,19) AS last_updated
3503                                 FROM ttrss_feeds WHERE id = '$id'");
3504
3505                         $feed_url = db_fetch_result($result, 0, "feed_url");
3506                         $site_url = db_fetch_result($result, 0, "site_url");
3507                         $last_updated = db_fetch_result($result, 0, "last_updated");
3508
3509                         if (get_pref($link, 'HEADLINES_SMART_DATE')) {
3510                                 $last_updated = smart_date_time(strtotime($last_updated));
3511                         } else {
3512                                 $short_date = get_pref($link, 'SHORT_DATE_FORMAT');
3513                                 $last_updated = date($short_date, strtotime($last_updated));
3514                         }
3515
3516                         print "Site: <a href='$site_url'>$site_url</a> ".
3517                                 "(<a href='$feed_url'>feed</a>), ".
3518                                 "Last updated: $last_updated";
3519
3520                         print "</div>";
3521
3522                         $result = db_query($link, "SELECT
3523                                         ttrss_entries.title,
3524                                         content,
3525                                         substring(date_entered,1,19) as date_entered,
3526                                         substring(updated,1,19) as updated
3527                                 FROM ttrss_entries,ttrss_user_entries
3528                                 WHERE   ttrss_entries.id = ref_id AND feed_id = '$id'
3529                                 ORDER BY updated DESC LIMIT 5");
3530
3531                         if (db_num_rows($result) > 0) {
3532
3533                                 print "<b>Last headlines:</b><br>";
3534
3535                                 print "<div class=\"detailsPart\">";
3536                                 print "<ul class=\"compact\">";
3537                                 while ($line = db_fetch_assoc($result)) {
3538
3539                                         if (get_pref($link, 'HEADLINES_SMART_DATE')) {
3540                                                 $entry_dt = smart_date_time(strtotime($line["updated"]));
3541                                         } else {
3542                                                 $short_date = get_pref($link, 'SHORT_DATE_FORMAT');
3543                                                 $entry_dt = date($short_date, strtotime($line["updated"]));
3544                                         }
3545
3546                                         print "<li>" . $line["title"] .
3547                                                 "&nbsp;<span class=\"insensitive\">($entry_dt)</span></li>";
3548                                 }
3549                                 print "</ul></div>";
3550                         }
3551
3552                         print "</div>";
3553
3554                         return;
3555                 }
3556
3557                 print "<p>This panel shows feeds subscribed by other users of this system, just in case you are interested in some of them too.</p>";
3558
3559                 $limit = db_escape_string($_GET["limit"]);
3560
3561                 if (!$limit) $limit = 25;
3562
3563                 $owner_uid = $_SESSION["uid"];
3564
3565                 $result = db_query($link, "SELECT feed_url,COUNT(id) AS subscribers
3566                         FROM ttrss_feeds WHERE (SELECT COUNT(id) = 0 FROM ttrss_feeds AS tf
3567                                 WHERE tf.feed_url = ttrss_feeds.feed_url
3568                                         AND owner_uid = '$owner_uid') GROUP BY feed_url
3569                                                 ORDER BY subscribers DESC LIMIT $limit");
3570
3571
3572                 print "<div style=\"float : right\">
3573                         Top <select id=\"feedBrowserLimit\">";
3574
3575                 foreach (array(25, 50, 100) as $l) {
3576                         $issel = ($l == $limit) ? "selected" : "";
3577                         print "<option $issel>$l</option>";
3578                 }
3579
3580                 print "</select>
3581                         <input type=\"submit\" class=\"button\"
3582                                 onclick=\"updateBigFeedBrowser()\" value=\"Show\">
3583                 </div>";
3584
3585                 print "<p id=\"fbrOpToolbar\">Selection:
3586                         <input type='submit' class='button' onclick=\"feedBrowserSubscribe()\"
3587                         disabled=\"true\" value=\"Subscribe\">";
3588
3589                 print "<ul class='nomarks' id='browseBigFeedList'>";
3590
3591                 $feedctr = 0;
3592
3593                 while ($line = db_fetch_assoc($result)) {
3594                         $feed_url = $line["feed_url"];
3595                         $subscribers = $line["subscribers"];
3596
3597                         $det_result = db_query($link, "SELECT site_url,title,id
3598                                 FROM ttrss_feeds WHERE feed_url = '$feed_url' LIMIT 1");
3599
3600                         $details = db_fetch_assoc($det_result);
3601
3602                         $icon_file = ICONS_DIR . "/" . $details["id"] . ".ico";
3603
3604                         if (file_exists($icon_file) && filesize($icon_file) > 0) {
3605                                         $feed_icon = "<img class=\"tinyFeedIcon\"       src=\"" . ICONS_URL .
3606                                                 "/".$details["id"].".ico\">";
3607                         } else {
3608                                 $feed_icon = "<img class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\">";
3609                         }
3610
3611                         $check_box = "<input onclick='toggleSelectFBListRow(this)' class='feedBrowseCB'
3612                                 type=\"checkbox\" id=\"FBCHK-" . $details["id"] . "\">";
3613
3614                         $class = ($feedctr % 2) ? "even" : "odd";
3615
3616                         print "<li class='$class' id=\"FBROW-".$details["id"]."\">$check_box".
3617                                 "$feed_icon ";
3618
3619                         print "<a href=\"javascript:browserToggleExpand('".$details["id"]."')\">" .
3620                                 $details["title"] ."</a>&nbsp;" .
3621                                 "<span class='subscribers'>($subscribers)</span>";
3622
3623                         print "<div class=\"browserDetails\" id=\"BRDET-" . $details["id"] . "\">";
3624                         print "</div>";
3625
3626                         print "</li>";
3627
3628                                 ++$feedctr;
3629                 }
3630
3631                 if ($feedctr == 0) {
3632                         print "<li>No feeds found to subscribe.</li>";
3633                 }
3634
3635                 print "</ul>";
3636
3637                 print "</div>";
3638
3639         }
3640
3641         function check_configuration_variables() {
3642                 if (!defined('SESSION_EXPIRE_TIME')) {
3643                         return "config: SESSION_EXPIRE_TIME is undefined";
3644                 }
3645
3646                 if (SESSION_EXPIRE_TIME < 60) {
3647                         return "config: SESSION_EXPIRE_TIME is too low (less than 60)";
3648                 }
3649
3650                 if (SESSION_EXPIRE_TIME < SESSION_COOKIE_LIFETIME_REMEMBER) {
3651                         return "config: SESSION_EXPIRE_TIME should be greater or equal to" .
3652                                 "SESSION_COOKIE_LIFETIME_REMEMBER";
3653                 }
3654
3655                 if (defined('DISABLE_SESSIONS')) {
3656                         return "config: you have enabled DISABLE_SESSIONS. Please disable this option.";
3657                 }
3658
3659                 if (DATABASE_BACKED_SESSIONS && SINGLE_USER_MODE) {
3660                         return "config: DATABASE_BACKED_SESSIONS is incompatible with SINGLE_USER_MODE";
3661                 }
3662
3663                 return false;
3664         }
3665
3666         db_close($link);
3667 ?>
3668
3669 <!-- <?= sprintf("Backend execution time: %.4f seconds", getmicrotime() - $script_started) ?> -->
3670