define('EXPECTED_CONFIG_VERSION', 25);
define('SCHEMA_VERSION', 94);
+ $fetch_last_error = false;
+
+ function __autoload($class) {
+ $class_file = str_replace("_", "/", strtolower(basename($class)));
+
+ $file = dirname(__FILE__)."/../classes/$class_file.php";
+
+ if (file_exists($file)) {
+ require $file;
+ }
+ }
+
mb_internal_encoding("UTF-8");
date_default_timezone_set('UTC');
if (defined('E_DEPRECATED')) {
$login = urlencode($login);
$pass = urlencode($pass);
+ global $fetch_last_error;
+
if (function_exists('curl_init') && !ini_get("open_basedir")) {
$ch = curl_init($url);
$contents = @curl_exec($ch);
if ($contents === false) {
+ $fetch_last_error = curl_error($ch);
curl_close($ch);
return false;
}
}
}
- return @file_get_contents($url);
+ $data = @file_get_contents($url);
+
+ if (!$data && function_exists('error_get_last')) {
+ $error = error_get_last();
+ $fetch_last_error = $error["message"];
+ }
+ return $data;
}
}
return "";
}
- function get_login_by_ssl_certificate($link) {
-
- $cert_serial = db_escape_string(get_ssl_certificate_id());
-
- if ($cert_serial) {
- $result = db_query($link, "SELECT login FROM ttrss_user_prefs, ttrss_users
- WHERE pref_name = 'SSL_CERT_SERIAL' AND value = '$cert_serial' AND
- owner_uid = ttrss_users.id");
-
- if (db_num_rows($result) != 0) {
- return db_escape_string(db_fetch_result($result, 0, "login"));
- }
- }
-
- return "";
- }
-
- function get_remote_user($link) {
-
- if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH) {
- return db_escape_string($_SERVER["REMOTE_USER"]);
- }
-
- return db_escape_string(get_login_by_ssl_certificate($link));
- }
-
- function get_remote_fakepass($link) {
- if (get_remote_user($link))
- return "******";
- else
- return "";
- }
-
- function authenticate_user($link, $login, $password, $force_auth = false) {
+ function authenticate_user($link, $login, $password, $check_only = false) {
if (!SINGLE_USER_MODE) {
- $pwd_hash1 = encrypt_password($password);
- $pwd_hash2 = encrypt_password($password, $login);
- $login = db_escape_string($login);
-
- $remote_user = get_remote_user($link);
-
- if ($remote_user && $remote_user == $login && $login != "admin") {
-
- $login = $remote_user;
+ $user_id = false;
+ $modules = explode(",", AUTH_MODULES);
- $query = "SELECT id,login,access_level,pwd_hash
- FROM ttrss_users WHERE
- login = '$login'";
+ foreach ($modules as $module) {
+ $module_class = "auth_$module";
+ if (class_exists($module_class)) {
+ $authenticator = new $module_class($link);
- if (defined('AUTO_CREATE_USER') && AUTO_CREATE_USER
- && $_SERVER["REMOTE_USER"]) {
- $result = db_query($link, $query);
+ $user_id = (int) $authenticator->authenticate($login, $password);
- // First login ?
- if (db_num_rows($result) == 0) {
- $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
- $pwd_hash = encrypt_password($password, $salt, true);
-
- $query2 = "INSERT INTO ttrss_users
- (login,access_level,last_login,created,pwd_hash,salt)
- VALUES ('$login', 0, null, NOW(), '$pwd_hash','$salt')";
- db_query($link, $query2);
- }
- }
-
- } else if (get_schema_version($link) > 87) {
- $result = db_query($link, "SELECT salt FROM ttrss_users WHERE
- login = '$login'");
-
- if (db_num_rows($result) != 1) {
- return false;
- }
-
- $salt = db_fetch_result($result, 0, "salt");
-
- if ($salt == "") {
-
- $query = "SELECT id,login,access_level,pwd_hash
- FROM ttrss_users WHERE
- login = '$login' AND (pwd_hash = '$pwd_hash1' OR
- pwd_hash = '$pwd_hash2')";
-
- // verify and upgrade password to new salt base
-
- $result = db_query($link, $query);
-
- if (db_num_rows($result) == 1) {
- // upgrade password to MODE2
-
- $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
- $pwd_hash = encrypt_password($password, $salt, true);
-
- db_query($link, "UPDATE ttrss_users SET
- pwd_hash = '$pwd_hash', salt = '$salt' WHERE login = '$login'");
-
- $query = "SELECT id,login,access_level,pwd_hash
- FROM ttrss_users WHERE
- login = '$login' AND pwd_hash = '$pwd_hash'";
-
- } else {
- return false;
+ if ($user_id) {
+ $_SESSION["auth_module"] = $module;
+ break;
}
} else {
-
- $pwd_hash = encrypt_password($password, $salt, true);
-
- $query = "SELECT id,login,access_level,pwd_hash
- FROM ttrss_users WHERE
- login = '$login' AND pwd_hash = '$pwd_hash'";
-
+ print T_sprintf("Fatal: authentication module %s not found.", $module);
+ die;
}
- } else {
- $query = "SELECT id,login,access_level,pwd_hash
- FROM ttrss_users WHERE
- login = '$login' AND (pwd_hash = '$pwd_hash1' OR
- pwd_hash = '$pwd_hash2')";
}
- $result = db_query($link, $query);
+ if ($user_id && !$check_only) {
+ $_SESSION["uid"] = $user_id;
+
+ $result = db_query($link, "SELECT login,access_level,pwd_hash FROM ttrss_users
+ WHERE id = '$user_id'");
- if (db_num_rows($result) == 1) {
- $_SESSION["uid"] = db_fetch_result($result, 0, "id");
$_SESSION["name"] = db_fetch_result($result, 0, "login");
$_SESSION["access_level"] = db_fetch_result($result, 0, "access_level");
$_SESSION["csrf_token"] = sha1(uniqid(rand(), true));
db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " .
$_SESSION["uid"]);
-
- // LemonLDAP can send user informations via HTTP HEADER
- if (defined('AUTO_CREATE_USER') && AUTO_CREATE_USER){
- // update user name
- $fullname = $_SERVER['HTTP_USER_NAME'] ? $_SERVER['HTTP_USER_NAME'] : $_SERVER['AUTHENTICATE_CN'];
- if ($fullname){
- $fullname = db_escape_string($fullname);
- db_query($link, "UPDATE ttrss_users SET full_name = '$fullname' WHERE id = " .
- $_SESSION["uid"]);
- }
- // update user mail
- $email = $_SERVER['HTTP_USER_MAIL'] ? $_SERVER['HTTP_USER_MAIL'] : $_SERVER['AUTHENTICATE_MAIL'];
- if ($email){
- $email = db_escape_string($email);
- db_query($link, "UPDATE ttrss_users SET email = '$email' WHERE id = " .
- $_SESSION["uid"]);
- }
- }
-
$_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"];
$_SESSION["pwd_hash"] = db_fetch_result($result, 0, "pwd_hash");
$_SESSION["name"] = "admin";
$_SESSION["access_level"] = 10;
+ $_SESSION["hide_hello"] = true;
+ $_SESSION["hide_logout"] = true;
+
+ $_SESSION["auth_module"] = false;
+
if (!$_SESSION["csrf_token"]) {
$_SESSION["csrf_token"] = sha1(uniqid(rand(), true));
}
if (!$_SESSION["uid"] || !validate_session($link)) {
- if (get_remote_user($link) && AUTO_LOGIN) {
- authenticate_user($link, get_remote_user($link), null);
+ if (AUTH_AUTO_LOGIN && authenticate_user($link, null, null)) {
$_SESSION["ref_schema_version"] = get_schema_version($link, true);
} else {
+ authenticate_user($link, null, null, true);
render_login_form($link, $mobile);
- //header("Location: login.php");
exit;
}
} else {
}
/**
- * @return integer Status code:
+ * @return array (code => Status code, message => error message if available)
+ *
* 0 - OK, Feed already exists
* 1 - OK, Feed added
* 2 - Invalid URL
function subscribe_to_feed($link, $url, $cat_id = 0,
$auth_login = '', $auth_pass = '', $need_auth = false) {
+ global $fetch_last_error;
+
require_once "include/rssfuncs.php";
$url = fix_url($url);
- if (!$url || !validate_feed_url($url)) return 2;
+ if (!$url || !validate_feed_url($url)) return array("code" => 2);
$update_method = 0;
$has_oauth = db_fetch_result($result, 0, 'twitter_oauth');
if (!$need_auth || !$has_oauth || strpos($url, '://api.twitter.com') === false) {
- if (!fetch_file_contents($url, false, $auth_login, $auth_pass)) return 5;
+ if (!fetch_file_contents($url, false, $auth_login, $auth_pass))
+ return array("code" => 5, "message" => $fetch_last_error);
if (url_is_html($url, $auth_login, $auth_pass)) {
$feedUrls = get_feeds_from_html($url, $auth_login, $auth_pass);
if (count($feedUrls) == 0) {
- return 3;
+ return array("code" => 3);
} else if (count($feedUrls) > 1) {
- return 4;
+ return array("code" => 4);
}
//use feed url as new URL
$url = key($feedUrls);
} else {
if (!fetch_twitter_rss($link, $url, $_SESSION['uid']))
- return 5;
+ return array("code" => 5);
$update_method = 3;
}
update_rss_feed($link, $feed_id, true);
}
- return 1;
+ return array("code" => 1);
} else {
- return 0;
+ return array("code" => 0);
}
}
if (db_num_rows($result) > 0) {
print "<option disabled=\"1\">--------</option>";
}
- print "<option value=\"0\">".__('Uncategorized')."</option>";
+
+ if ($default_id == 0) {
+ $is_selected = "selected=\"1\"";
+ } else {
+ $is_selected = "";
+ }
+
+ print "<option $is_selected value=\"0\">".__('Uncategorized')."</option>";
}
print "</select>";
}
$data['new_version_available'] = (int) ($new_version_details != false);
$_SESSION["last_version_check"] = time();
+ $_SESSION["version_data"] = $new_version_details;
}
return $data;
}
function format_article($link, $id, $mark_as_read = true, $zoom_mode = false, $owner_uid = false) {
-
if (!$owner_uid) $owner_uid = $_SESSION["uid"];
$rv = array();
$button_plugins = explode(",", ARTICLE_BUTTON_PLUGINS);
foreach ($button_plugins as $p) {
- $pclass = trim("${p}_button");
+ $pclass = trim("button_${p}");
if (class_exists($pclass)) {
$plugin = new $pclass($link);
return null;
}
+
+ function tmpdirname($path, $prefix) {
+ // Use PHP's tmpfile function to create a temporary
+ // directory name. Delete the file and keep the name.
+ $tempname = tempnam($path,$prefix);
+ if (!$tempname)
+ return false;
+
+ if (!unlink($tempname))
+ return false;
+
+ return $tempname;
+ }
+
?>