<?
- define(SCHEMA_VERSION, 2);
+ session_start();
- $op = $_REQUEST["op"];
+ if (!$_SESSION["uid"]) { exit; }
- if ($op == "rpc" || $op == "updateAllFeeds") {
- header("Content-Type: application/xml");
- }
+ define(SCHEMA_VERSION, 2);
require_once "config.php";
require_once "db.php";
require_once "functions.php";
require_once "magpierss/rss_fetch.inc";
+// $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
+// $_SESSION["name"] = PLACEHOLDER_NAME;
+
+ $op = $_REQUEST["op"];
+
+ if ($op == "rpc" || $op == "updateAllFeeds") {
+ header("Content-Type: application/xml");
+ }
+
$script_started = getmicrotime();
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
function getGlobalCounters($link) {
$result = db_query($link, "SELECT count(id) as c_id FROM ttrss_entries
- WHERE unread = true");
+ WHERE unread = true AND owner_uid = " . $_SESSION["uid"]);
$c_id = db_fetch_result($result, 0, "c_id");
print "<counter id='global-unread' counter='$c_id'/>";
}
function getTagCounters($link) {
$result = db_query($link, "SELECT tag_name,count(ttrss_entries.id) AS count
FROM ttrss_tags,ttrss_entries WHERE
+ ttrss_tags.owner_uid = ".$_SESSION["uid"]." AND
post_id = ttrss_entries.id AND unread = true GROUP BY tag_name
UNION
- select tag_name,0 as count FROM ttrss_tags");
+ select tag_name,0 as count FROM ttrss_tags
+ WHERE ttrss_tags.owner_uid = ".$_SESSION["uid"]);
$tags = array();
function getLabelCounters($link) {
$result = db_query($link, "SELECT count(id) as count FROM ttrss_entries
- WHERE marked = true AND unread = true");
+ WHERE marked = true AND unread = true AND owner_uid = ".$_SESSION["uid"]);
$count = db_fetch_result($result, 0, "count");
print "<label id=\"-1\" counter=\"$count\"/>";
- $result = db_query($link, "SELECT id,sql_exp,description FROM
- ttrss_labels ORDER by description");
+ $result = db_query($link, "SELECT owner_uid,id,sql_exp,description FROM
+ ttrss_labels WHERE owner_uid = ".$_SESSION["uid"]." ORDER by description");
while ($line = db_fetch_assoc($result)) {
$result = db_query($link, "SELECT
count(id) as count FROM ttrss_entries
- WHERE feed_id = '$id' AND unread = true");
+ WHERE feed_id = '$id' AND unread = true");
$count = db_fetch_result($result, 0, "count");
$result = db_query($link, "SELECT id,
(SELECT count(id) FROM ttrss_entries WHERE feed_id = ttrss_feeds.id
AND unread = true) as count
- FROM ttrss_feeds");
+ FROM ttrss_feeds WHERE owner_uid = ".$_SESSION["uid"]);
while ($line = db_fetch_assoc($result)) {
print "<ul class=\"feedList\" id=\"feedList\">";
+ $owner_uid = $_SESSION["uid"];
+
if (!$tags) {
/* virtual feeds */
$result = db_query($link, "SELECT count(id) as num_starred
- FROM ttrss_entries WHERE marked = true AND unread = true");
+ FROM ttrss_entries WHERE marked = true AND unread = true AND owner_uid = '$owner_uid'");
$num_starred = db_fetch_result($result, 0, "num_starred");
$class = "virt";
if (get_pref($link, 'ENABLE_LABELS')) {
$result = db_query($link, "SELECT id,sql_exp,description FROM
- ttrss_labels ORDER by description");
+ ttrss_labels WHERE owner_uid = '$owner_uid' ORDER by description");
if (db_num_rows($result) > 0) {
print "<li><hr></li>";
WHERE feed_id = ttrss_feeds.id) AS total,
(SELECT count(id) FROM ttrss_entries
WHERE feed_id = ttrss_feeds.id AND unread = true) as unread
- FROM ttrss_feeds ORDER BY title");
+ FROM ttrss_feeds WHERE owner_uid = '$owner_uid' ORDER BY title");
$actid = $_GET["actid"];
$result = db_query($link, "SELECT tag_name,count(ttrss_entries.id) AS count
FROM ttrss_tags,ttrss_entries WHERE
- post_id = ttrss_entries.id AND unread = true GROUP BY tag_name
+ post_id = ttrss_entries.id AND unread = true
+ AND ttrss_tags.owner_uid = '$owner_uid' GROUP BY tag_name
UNION
- select tag_name,0 as count FROM ttrss_tags");
+ select tag_name,0 as count FROM ttrss_tags WHERE owner_uid = '$owner_uid'");
$tags = array();
}
if (db_num_rows($result) == 0) {
- print "<li>No tags to display.</li>";
+ print "<li>No tags/feeds to display.</li>";
}
print "</ul>";
$feed_link = db_escape_string($_GET["link"]);
$result = db_query($link,
- "INSERT INTO ttrss_feeds (feed_url,title) VALUES ('$feed_link', '')");
+ "INSERT INTO ttrss_feeds (owner_uid,feed_url,title) VALUES ('".$_SESSION["uid"]."', '$feed_link', '')");
$result = db_query($link,
"SELECT id FROM ttrss_feeds WHERE feed_url = '$feed_link'");
id,title,feed_url,substring(last_updated,1,16) as last_updated,
update_interval,purge_interval
FROM
- ttrss_feeds ORDER by title");
+ ttrss_feeds WHERE owner_uid = '".$_SESSION["uid"]."' ORDER by title");
print "<p><table width=\"100%\" class=\"prefFeedList\" id=\"prefFeedList\">";
print "<tr class=\"title\">
$match = db_escape_string($_GET["match"]);
$result = db_query($link,
- "INSERT INTO ttrss_filters (reg_exp,filter_type) VALUES
+ "INSERT INTO ttrss_filters (reg_exp,filter_type,owner_uid) VALUES
('$regexp', (SELECT id FROM ttrss_filter_types WHERE
- description = '$match'))");
+ description = '$match'),'".$_SESSION["uid"]."')");
}
}
(SELECT description FROM ttrss_filter_types
WHERE id = filter_type) as filter_type_descr
FROM
- ttrss_filters ORDER by reg_exp");
+ ttrss_filters
+ WHERE
+ owner_uid = ".$_SESSION["uid"]."
+ ORDER by reg_exp");
print "<p><table width=\"100%\" class=\"prefFilterList\" id=\"prefFilterList\">";
$exp = $_GET["exp"];
$result = db_query($link,
- "INSERT INTO ttrss_labels (sql_exp,description)
- VALUES ('$exp', '$exp')");
+ "INSERT INTO ttrss_labels (sql_exp,description,owner_uid)
+ VALUES ('$exp', '$exp', '".$_SESSION["uid"]."')");
}
}
$result = db_query($link, "SELECT
id,sql_exp,description
FROM
- ttrss_labels ORDER by description");
+ ttrss_labels
+ WHERE
+ owner_uid = ".$_SESSION["uid"]."
+ ORDER by description");
print "<p><table width=\"100%\" class=\"prefLabelList\" id=\"prefLabelList\">";
if ($op == "pref-prefs") {
- $subop = $_POST["subop"];
+ $subop = $_REQUEST["subop"];
if ($subop == "Save configuration") {
+ if (WEB_DEMO_MODE) return;
+
foreach (array_keys($_POST) as $pref_name) {
$pref_name = db_escape_string($pref_name);
$type_name = db_fetch_result($result, 0, "type_name");
+// print "$pref_name : $type_name : $value<br>";
+
if ($type_name == "bool") {
- if ($value == 1) {
+ if ($value == "1") {
$value = "true";
} else {
$value = "false";
// print "$pref_name : $type_name : $value<br>";
- db_query($link, "UPDATE ttrss_prefs SET value = '$value'
- WHERE pref_name = '$pref_name'");
+ db_query($link, "UPDATE ttrss_user_prefs SET value = '$value'
+ WHERE pref_name = '$pref_name' AND owner_uid = ".$_SESSION["uid"]);
}
}
+ } else if ($subop == "getHelp") {
+
+ $pref_name = db_escape_string($_GET["pn"]);
+
+ $result = db_query($link, "SELECT help_text FROM ttrss_prefs
+ WHERE pref_name = '$pref_name'");
+
+ if (db_num_rows($result) > 0) {
+ $help_text = db_fetch_result($result, 0, "help_text");
+ print $help_text;
+ } else {
+ print "Unknown option: $pref_name";
+ }
+
+ } else if ($subop == "Change password") {
+
+ if (WEB_DEMO_MODE) return;
+
+ $old_pw = $_POST["OLD_PASSWORD"];
+ $new_pw = $_POST["OLD_PASSWORD"];
+
+ $old_pw_hash = 'SHA1:' . sha1($_POST["OLD_PASSWORD"]);
+ $new_pw_hash = 'SHA1:' . sha1($_POST["NEW_PASSWORD"]);
+
+ $active_uid = $_SESSION["uid"];
+
+ if ($old_pw && $new_pw) {
+
+ $login = db_escape_string($_SERVER['PHP_AUTH_USER']);
+
+ $result = db_query($link, "SELECT id FROM ttrss_users WHERE
+ id = '$active_uid' AND (pwd_hash = '$old_pw' OR
+ pwd_hash = '$old_pw_hash')");
+
+ if (db_num_rows($result) == 1) {
+ db_query($link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash'
+ WHERE id = '$active_uid'");
+ }
+ }
+
+ header("Location: prefs.php");
+
} else if ($subop == "Reset to defaults") {
+ if (WEB_DEMO_MODE) return;
+
+ db_query($link,"UPDATE ttrss_user_prefs
+ SET value = ttrss_prefs.def_value
+ WHERE owner_uid = '".$_SESSION["uid"]."' AND
+ ttrss_prefs.pref_name = ttrss_user_prefs.pref_name");
+
header("Location: prefs.php");
} else {
+ print "<form action=\"backend.php\" method=\"POST\">";
+
+ print "<table width=\"100%\" class=\"prefPrefsList\">";
+ print "<tr><td colspan='3'><h3>Authentication</h3></tr></td>";
+
+ print "<tr><td width=\"40%\">Old password</td>";
+ print "<td><input class=\"editbox\" type=\"password\"
+ name=\"OLD_PASSWORD\"></td></tr>";
+
+ print "<tr><td width=\"40%\">New password</td>";
+
+ print "<td><input class=\"editbox\" type=\"password\"
+ name=\"NEW_PASSWORD\"></td></tr>";
+
+ print "</table>";
+
+ print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">";
+
+ print "<p><input class=\"button\" type=\"submit\"
+ value=\"Change password\" name=\"subop\">";
+
+ print "</form>";
+
$result = db_query($link, "SELECT
- pref_name,short_desc,help_text,value,type_name,
+ ttrss_user_prefs.pref_name,short_desc,help_text,value,type_name,
section_name,def_value
- FROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections
+ FROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs
WHERE type_id = ttrss_prefs_types.id AND
- section_id = ttrss_prefs_sections.id
- ORDER BY section_name,short_desc");
+ section_id = ttrss_prefs_sections.id AND
+ ttrss_user_prefs.pref_name = ttrss_prefs.pref_name
+ ORDER BY section_id,short_desc");
print "<form action=\"backend.php\" method=\"POST\">";
- print "<table width=\"100%\" class=\"prefPrefsList\">";
-
$lnum = 0;
$active_section = "";
while ($line = db_fetch_assoc($result)) {
if ($active_section != $line["section_name"]) {
- $active_section = $line["section_name"];
+
+ if ($active_section != "") {
+ print "</table>";
+ }
+
+ print "<p><table width=\"100%\" class=\"prefPrefsList\">";
+
+ $active_section = $line["section_name"];
+
print "<tr><td colspan=\"3\"><h3>$active_section</h3></td></tr>";
- print "<tr class=\"title\">
- <td width=\"25%\">Option</td><td>Value</td></tr>";
- }
+// print "<tr class=\"title\">
+// <td width=\"25%\">Option</td><td>Value</td></tr>";
- $class = ($lnum % 2) ? "even" : "odd";
+ $lnum = 0;
+ }
- print "<tr class=\"$class\">";
+// $class = ($lnum % 2) ? "even" : "odd";
- print "<td width=\"40%\">" . $line["short_desc"] . "</td>";
+ print "<tr>";
$type_name = $line["type_name"];
$pref_name = $line["pref_name"];
$value = $line["value"];
$def_value = $line["def_value"];
+ $help_text = $line["help_text"];
+
+ print "<td width=\"40%\" id=\"$pref_name\">" . $line["short_desc"];
+
+ if ($help_text) print "<div class=\"prefHelp\">$help_text</div>";
+
+ print "</td>";
print "<td>";