<?php
define('EXPECTED_CONFIG_VERSION', 25);
- define('SCHEMA_VERSION', 93);
+ define('SCHEMA_VERSION', 94);
+
+ function __autoload($class) {
+ $file = "classes/".strtolower(basename($class)).".php";
+ if (file_exists($file)) {
+ require $file;
+ }
+ }
mb_internal_encoding("UTF-8");
date_default_timezone_set('UTC');
return "";
}
- function get_login_by_ssl_certificate($link) {
-
- $cert_serial = db_escape_string(get_ssl_certificate_id());
-
- if ($cert_serial) {
- $result = db_query($link, "SELECT login FROM ttrss_user_prefs, ttrss_users
- WHERE pref_name = 'SSL_CERT_SERIAL' AND value = '$cert_serial' AND
- owner_uid = ttrss_users.id");
-
- if (db_num_rows($result) != 0) {
- return db_escape_string(db_fetch_result($result, 0, "login"));
- }
- }
-
- return "";
- }
-
- function get_remote_user($link) {
-
- if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH) {
- return db_escape_string($_SERVER["REMOTE_USER"]);
- }
-
- return db_escape_string(get_login_by_ssl_certificate($link));
- }
-
- function get_remote_fakepass($link) {
- if (get_remote_user($link))
- return "******";
- else
- return "";
- }
-
- function authenticate_user($link, $login, $password, $force_auth = false) {
+ function authenticate_user($link, $login, $password, $check_only = false) {
if (!SINGLE_USER_MODE) {
- $pwd_hash1 = encrypt_password($password);
- $pwd_hash2 = encrypt_password($password, $login);
- $login = db_escape_string($login);
-
- $remote_user = get_remote_user($link);
-
- if ($remote_user && $remote_user == $login && $login != "admin") {
-
- $login = $remote_user;
+ $user_id = false;
+ $modules = explode(",", AUTH_MODULES);
- $query = "SELECT id,login,access_level,pwd_hash
- FROM ttrss_users WHERE
- login = '$login'";
+ foreach ($modules as $module) {
+ $module_class = "auth_$module";
+ if (class_exists($module_class)) {
+ $authenticator = new $module_class($link);
- if (defined('AUTO_CREATE_USER') && AUTO_CREATE_USER
- && $_SERVER["REMOTE_USER"]) {
- $result = db_query($link, $query);
+ $user_id = (int) $authenticator->authenticate($login, $password);
- // First login ?
- if (db_num_rows($result) == 0) {
- $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
- $pwd_hash = encrypt_password($password, $salt, true);
-
- $query2 = "INSERT INTO ttrss_users
- (login,access_level,last_login,created,pwd_hash,salt)
- VALUES ('$login', 0, null, NOW(), '$pwd_hash','$salt')";
- db_query($link, $query2);
- }
- }
-
- } else if (get_schema_version($link) > 87) {
- $result = db_query($link, "SELECT salt FROM ttrss_users WHERE
- login = '$login'");
-
- if (db_num_rows($result) != 1) {
- return false;
- }
-
- $salt = db_fetch_result($result, 0, "salt");
-
- if ($salt == "") {
-
- $query = "SELECT id,login,access_level,pwd_hash
- FROM ttrss_users WHERE
- login = '$login' AND (pwd_hash = '$pwd_hash1' OR
- pwd_hash = '$pwd_hash2')";
-
- // verify and upgrade password to new salt base
-
- $result = db_query($link, $query);
-
- if (db_num_rows($result) == 1) {
- // upgrade password to MODE2
-
- $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
- $pwd_hash = encrypt_password($password, $salt, true);
-
- db_query($link, "UPDATE ttrss_users SET
- pwd_hash = '$pwd_hash', salt = '$salt' WHERE login = '$login'");
-
- $query = "SELECT id,login,access_level,pwd_hash
- FROM ttrss_users WHERE
- login = '$login' AND pwd_hash = '$pwd_hash'";
-
- } else {
- return false;
- }
+ if ($user_id) break;
} else {
-
- $pwd_hash = encrypt_password($password, $salt, true);
-
- $query = "SELECT id,login,access_level,pwd_hash
- FROM ttrss_users WHERE
- login = '$login' AND pwd_hash = '$pwd_hash'";
-
+ print T_sprintf("Fatal: authentication module %s not found.", $module);
+ die;
}
- } else {
- $query = "SELECT id,login,access_level,pwd_hash
- FROM ttrss_users WHERE
- login = '$login' AND (pwd_hash = '$pwd_hash1' OR
- pwd_hash = '$pwd_hash2')";
}
- $result = db_query($link, $query);
+ if ($user_id && !$check_only) {
+ $_SESSION["uid"] = $user_id;
+
+ $result = db_query($link, "SELECT login,access_level,pwd_hash FROM ttrss_users
+ WHERE id = '$user_id'");
- if (db_num_rows($result) == 1) {
- $_SESSION["uid"] = db_fetch_result($result, 0, "id");
$_SESSION["name"] = db_fetch_result($result, 0, "login");
$_SESSION["access_level"] = db_fetch_result($result, 0, "access_level");
$_SESSION["csrf_token"] = sha1(uniqid(rand(), true));
db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " .
$_SESSION["uid"]);
-
- // LemonLDAP can send user informations via HTTP HEADER
- if (defined('AUTO_CREATE_USER') && AUTO_CREATE_USER){
- // update user name
- $fullname = $_SERVER['HTTP_USER_NAME'] ? $_SERVER['HTTP_USER_NAME'] : $_SERVER['AUTHENTICATE_CN'];
- if ($fullname){
- $fullname = db_escape_string($fullname);
- db_query($link, "UPDATE ttrss_users SET full_name = '$fullname' WHERE id = " .
- $_SESSION["uid"]);
- }
- // update user mail
- $email = $_SERVER['HTTP_USER_MAIL'] ? $_SERVER['HTTP_USER_MAIL'] : $_SERVER['AUTHENTICATE_MAIL'];
- if ($email){
- $email = db_escape_string($email);
- db_query($link, "UPDATE ttrss_users SET email = '$email' WHERE id = " .
- $_SESSION["uid"]);
- }
- }
-
$_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"];
$_SESSION["pwd_hash"] = db_fetch_result($result, 0, "pwd_hash");
$_SESSION["name"] = "admin";
$_SESSION["access_level"] = 10;
+ $_SESSION["hide_hello"] = true;
+ $_SESSION["hide_logout"] = true;
+
if (!$_SESSION["csrf_token"]) {
$_SESSION["csrf_token"] = sha1(uniqid(rand(), true));
}
if (!$_SESSION["uid"] || !validate_session($link)) {
- if (get_remote_user($link) && AUTO_LOGIN) {
- authenticate_user($link, get_remote_user($link), null);
+ if (AUTH_AUTO_LOGIN && authenticate_user($link, null, null)) {
$_SESSION["ref_schema_version"] = get_schema_version($link, true);
} else {
+ authenticate_user($link, null, null, true);
render_login_form($link, $mobile);
- //header("Location: login.php");
exit;
}
} else {
WHERE c2.parent_cat = ttrss_feed_categories.id) AS num_children
FROM ttrss_feed_categories, ttrss_cat_counters_cache
WHERE ttrss_cat_counters_cache.feed_id = id AND
+ ttrss_cat_counters_cache.owner_uid = ttrss_feed_categories.owner_uid AND
ttrss_feed_categories.owner_uid = " . $_SESSION["uid"]);
while ($line = db_fetch_assoc($result)) {
last_error, value AS count
FROM ttrss_feeds, ttrss_counters_cache
WHERE ttrss_feeds.owner_uid = ".$_SESSION["uid"]."
+ AND ttrss_counters_cache.owner_uid = ttrss_feeds.owner_uid
AND ttrss_counters_cache.feed_id = id";
$result = db_query($link, $query);
print "</select>";
}
- function print_feed_cat_select($link, $id, $default_id = "",
- $attributes = "", $include_all_cats = true) {
+ function print_feed_cat_select($link, $id, $default_id,
+ $attributes, $include_all_cats = true, $root_id = false, $nest_level = 0) {
- print "<select id=\"$id\" name=\"$id\" default=\"$default_id\" onchange=\"catSelectOnChange(this)\" $attributes>";
+ if (!$root_id) {
+ print "<select id=\"$id\" name=\"$id\" default=\"$default_id\" onchange=\"catSelectOnChange(this)\" $attributes>";
+ }
- if ($include_all_cats) {
- print "<option value=\"0\">".__('Uncategorized')."</option>";
- }
+ if ($root_id)
+ $parent_qpart = "parent_cat = '$root_id'";
+ else
+ $parent_qpart = "parent_cat IS NULL";
- $result = db_query($link, "SELECT id,title FROM ttrss_feed_categories
- WHERE owner_uid = ".$_SESSION["uid"]." ORDER BY title");
+ $result = db_query($link, "SELECT id,title,
+ (SELECT COUNT(id) FROM ttrss_feed_categories AS c2 WHERE
+ c2.parent_cat = ttrss_feed_categories.id) AS num_children
+ FROM ttrss_feed_categories
+ WHERE owner_uid = ".$_SESSION["uid"]." AND $parent_qpart ORDER BY title");
- if (db_num_rows($result) > 0 && $include_all_cats) {
- print "<option disabled=\"1\">--------</option>";
- }
+ while ($line = db_fetch_assoc($result)) {
+ if ($line["id"] == $default_id) {
+ $is_selected = "selected=\"1\"";
+ } else {
+ $is_selected = "";
+ }
- while ($line = db_fetch_assoc($result)) {
- if ($line["id"] == $default_id) {
- $is_selected = "selected=\"1\"";
- } else {
- $is_selected = "";
+ for ($i = 0; $i < $nest_level; $i++)
+ $line["title"] = " - " . $line["title"];
+
+ if ($line["title"])
+ printf("<option $is_selected value='%d'>%s</option>",
+ $line["id"], htmlspecialchars($line["title"]));
+
+ if ($line["num_children"] > 0)
+ print_feed_cat_select($link, $id, $default_id, $attributes,
+ $include_all_cats, $line["id"], $nest_level+1);
}
- if ($line["title"])
- printf("<option $is_selected value='%d'>%s</option>",
- $line["id"], htmlspecialchars($line["title"]));
- }
+ if (!$root_id) {
+ if ($include_all_cats) {
+ if (db_num_rows($result) > 0) {
+ print "<option disabled=\"1\">--------</option>";
+ }
-# print "<option value=\"ADD_CAT\">" .__("Add category...") . "</option>";
+ if ($default_id == 0) {
+ $is_selected = "selected=\"1\"";
+ } else {
+ $is_selected = "";
+ }
- print "</select>";
- }
+ print "<option $is_selected value=\"0\">".__('Uncategorized')."</option>";
+ }
+ print "</select>";
+ }
+ }
function checkbox_to_sql_bool($val) {
return ($val == "on") ? "true" : "false";
$params["icons_url"] = ICONS_URL;
$params["cookie_lifetime"] = SESSION_COOKIE_LIFETIME;
- $params["default_include_children"] = $_SESSION["_DEFAULT_INCLUDE_CHILDREN"];
+ $params["default_include_children"] = get_pref($link, "_DEFAULT_INCLUDE_CHILDREN");
$params["default_view_mode"] = get_pref($link, "_DEFAULT_VIEW_MODE");
$params["default_view_limit"] = (int) get_pref($link, "_DEFAULT_VIEW_LIMIT");
$params["default_view_order_by"] = get_pref($link, "_DEFAULT_VIEW_ORDER_BY");
}
}
- function add_feed_category($link, $feed_cat) {
+ function get_feed_category($link, $feed_cat, $parent_cat_id = false) {
+ if ($parent_cat_id) {
+ $parent_qpart = "parent_cat = '$parent_cat_id'";
+ $parent_insert = "'$parent_cat_id'";
+ } else {
+ $parent_qpart = "parent_cat IS NULL";
+ $parent_insert = "NULL";
+ }
+
+ $result = db_query($link,
+ "SELECT id FROM ttrss_feed_categories
+ WHERE $parent_qpart AND title = '$feed_cat' AND owner_uid = ".$_SESSION["uid"]);
+
+ if (db_num_rows($result) == 0) {
+ return false;
+ } else {
+ return db_fetch_result($result, 0, "id");
+ }
+ }
+
+ function add_feed_category($link, $feed_cat, $parent_cat_id = false) {
if (!$feed_cat) return false;
db_query($link, "BEGIN");
+ if ($parent_cat_id) {
+ $parent_qpart = "parent_cat = '$parent_cat_id'";
+ $parent_insert = "'$parent_cat_id'";
+ } else {
+ $parent_qpart = "parent_cat IS NULL";
+ $parent_insert = "NULL";
+ }
+
$result = db_query($link,
"SELECT id FROM ttrss_feed_categories
- WHERE title = '$feed_cat' AND owner_uid = ".$_SESSION["uid"]);
+ WHERE $parent_qpart AND title = '$feed_cat' AND owner_uid = ".$_SESSION["uid"]);
if (db_num_rows($result) == 0) {
$result = db_query($link,
- "INSERT INTO ttrss_feed_categories (owner_uid,title)
- VALUES ('".$_SESSION["uid"]."', '$feed_cat')");
+ "INSERT INTO ttrss_feed_categories (owner_uid,title,parent_cat)
+ VALUES ('".$_SESSION["uid"]."', '$feed_cat', $parent_insert)");
db_query($link, "COMMIT");
git.wh0rd.org / tt-rss.git / blobdiff