X-Git-Url: https://git.wh0rd.org/?a=blobdiff_plain;f=backend.php;h=b2eba083eefb88231300a1349eee150609adbc03;hb=e2b8c9273e09091c235959c25d8e4d8122aa6ca8;hp=210de06f9e9fe44123381475316305135d73a481;hpb=34c30ac126cb1b00b36065b4dae705774c4e52b3;p=tt-rss.git diff --git a/backend.php b/backend.php index 210de06f..b2eba083 100644 --- a/backend.php +++ b/backend.php @@ -1,101 +1,72 @@ -

Error: Not logged in.

- - - "; + if ($_SESSION["uid"]) { + if (!validate_session()) { + header("Content-Type: text/json"); + print error_json(6); + return; } - exit; + load_user_plugins( $_SESSION["uid"]); } $purge_intervals = array( @@ -110,448 +81,67 @@ $update_intervals = array( 0 => __("Default interval"), -1 => __("Disable updates"), - 15 => __("Each 15 minutes"), - 30 => __("Each 30 minutes"), + 15 => __("15 minutes"), + 30 => __("30 minutes"), 60 => __("Hourly"), - 240 => __("Each 4 hours"), - 720 => __("Each 12 hours"), + 240 => __("4 hours"), + 720 => __("12 hours"), 1440 => __("Daily"), 10080 => __("Weekly")); - $update_methods = array( - 0 => __("Default"), - 1 => __("Magpie"), - 2 => __("SimplePie")); - - if (ENABLE_SIMPLEPIE) { - $update_methods[0] .= ' (SimplePie)'; - } else { - $update_methods[0] .= ' (Magpie)'; - } + $update_intervals_nodefault = array( + -1 => __("Disable updates"), + 15 => __("15 minutes"), + 30 => __("30 minutes"), + 60 => __("Hourly"), + 240 => __("4 hours"), + 720 => __("12 hours"), + 1440 => __("Daily"), + 10080 => __("Weekly")); $access_level_names = array( - 0 => __("User"), + 0 => __("User"), 5 => __("Power User"), 10 => __("Administrator")); - require_once "modules/pref-prefs.php"; - require_once "modules/popup-dialog.php"; - require_once "modules/help.php"; - require_once "modules/pref-feeds.php"; - require_once "modules/pref-filters.php"; - require_once "modules/pref-labels.php"; - require_once "modules/pref-users.php"; - require_once "modules/pref-feed-browser.php"; - - if (!sanity_check($link)) { return; } - - switch($op) { // Select action according to $op value. - case "rpc": - // Handle remote procedure calls. - handle_rpc_request($link); - break; // rpc - - case "feeds": - if (ENABLE_GZIP_OUTPUT) { - ob_start("ob_gzhandler"); - } - - $tags = $_GET["tags"]; - - $subop = $_GET["subop"]; - - switch($subop) { - case "catchupAll": - db_query($link, "UPDATE ttrss_user_entries SET - last_read = NOW(),unread = false WHERE owner_uid = " . $_SESSION["uid"]); - ccache_zero_all($link, $_SESSION["uid"]); - - break; + $op = str_replace("-", "_", $op); - case "collapse": - $cat_id = db_escape_string($_GET["cid"]); + $override = PluginHost::getInstance()->lookup_handler($op, $method); - db_query($link, "UPDATE ttrss_feed_categories SET - collapsed = NOT collapsed WHERE id = '$cat_id' AND owner_uid = " . - $_SESSION["uid"]); - return; - break; - - case "catsortreset": - db_query($link, "UPDATE ttrss_feed_categories - SET order_id = 0 WHERE owner_uid = " . $_SESSION["uid"]); - return; - break; + if (class_exists($op) || $override) { - case "catsort": - $corder = db_escape_string($_GET["corder"]); - - $cats = split(",", $corder); - - for ($i = 0; $i < count($cats); $i++) { - $cat_id = $cats[$i]; + if ($override) { + $handler = $override; + } else { + $handler = new $op($_REQUEST); + } - if ($cat_id > 0) { - db_query($link, "UPDATE ttrss_feed_categories - SET order_id = '$i' WHERE id = '$cat_id' AND - owner_uid = " . $_SESSION["uid"]); + if ($handler && implements_interface($handler, 'IHandler')) { + if (validate_csrf($csrf_token) || $handler->csrf_ignore($method)) { + if ($handler->before($method)) { + if ($method && method_exists($handler, $method)) { + $handler->$method(); + } else { + if (method_exists($handler, "catchall")) { + $handler->catchall($method); } } - + $handler->after(); return; - break; - - } - - outputFeedList($link, $tags); - break; // feeds - - case "view": - - $id = db_escape_string($_GET["id"]); - $feed_id = db_escape_string($_GET["feed"]); - $cids = split(",", db_escape_string($_GET["cids"])); - $mode = db_escape_string($_GET["mode"]); - $omode = db_escape_string($_GET["omode"]); - - $csync = $_GET["csync"]; - - print ""; - - // in prefetch mode we only output requested cids, main article - // just gets marked as read (it already exists in client cache) - - if ($mode == "") { - outputArticleXML($link, $id, $feed_id); - } else if ($mode == "zoom") { - outputArticleXML($link, $id, $feed_id, true, true); - } else { - catchupArticleById($link, $id, 0); - ccache_update($link, $feed_id, $_SESSION["uid"]); - } - - if (!$_SESSION["bw_limit"]) { - foreach ($cids as $cid) { - if ($cid) { - outputArticleXML($link, $cid, $feed_id, false); - } - } - } - - -// if (get_pref($link, "SYNC_COUNTERS") || ($mode == "prefetch" && $csync)) { - print ""; - getAllCounters($link, $omode); - print ""; -// } - - print ""; - break; // view - - case "viewfeed": - - $print_exec_time = true; - $timing_info = getmicrotime(); - - print ""; - - if ($_GET["debug"]) $timing_info = print_checkpoint("0", $timing_info); - - $omode = db_escape_string($_GET["omode"]); - - $feed = db_escape_string($_GET["feed"]); - $subop = db_escape_string($_GET["subop"]); - $view_mode = db_escape_string($_GET["view_mode"]); - $limit = db_escape_string($_GET["limit"]); - $cat_view = db_escape_string($_GET["cat"]); - $next_unread_feed = db_escape_string($_GET["nuf"]); - $offset = db_escape_string($_GET["skip"]); - $vgroup_last_feed = db_escape_string($_GET["vgrlf"]); - $csync = $_GET["csync"]; - $order_by = db_escape_string($_GET["order_by"]); - - /* Updating a label ccache means recalculating all of the caches - * so for performance reasons we don't do that here */ - - if (time() - $_SESSION["viewfeed:ccache_update_stamp"] > 120) { - if ($feed >= 0) { - ccache_update($link, $feed, $_SESSION["uid"], $cat_view); - } - $_SESSION["viewfeed:ccache_update_stamp"] = time(); - } - - set_pref($link, "_DEFAULT_VIEW_MODE", $view_mode); - set_pref($link, "_DEFAULT_VIEW_LIMIT", $limit); - set_pref($link, "_DEFAULT_VIEW_ORDER_BY", $order_by); - - if (!$cat_view && preg_match("/^[0-9][0-9]*$/", $feed)) { - db_query($link, "UPDATE ttrss_feeds SET last_viewed = NOW() - WHERE id = '$feed' AND owner_uid = ".$_SESSION["uid"]); - } - - print ""; - - print ""; - print ""; - - $headlines_unread = ccache_find($link, $returned_feed, $_SESSION["uid"], - $cat_view, true); - - if ($headlines_unread == -1) { - $headlines_unread = getFeedUnread($link, $returned_feed, $cat_view); - - } - - print ""; - printf("", $disable_cache); - - if ($_GET["debug"]) $timing_info = print_checkpoint("10", $timing_info); - - if (is_array($topmost_article_ids) && !get_pref($link, 'COMBINED_DISPLAY_MODE') && !$_SESSION["bw_limit"]) { - print ""; - foreach ($topmost_article_ids as $id) { - outputArticleXML($link, $id, $feed, false); - } - print ""; - } - - if ($_GET["debug"]) $timing_info = print_checkpoint("20", $timing_info); - - -// if (get_pref($link, "SYNC_COUNTERS") || -// time() - $_SESSION["get_all_counters_stamp"] > $viewfeed_ctr_interval) { -// print ""; -// getAllCounters($link, $omode, $feed); -// print ""; -// } - - if (get_pref($link, 'COMBINED_DISPLAY_MODE') || $subop || - time() - $_SESSION["viewfeed:counters_stamp"] > 30) { - if (!$offset) { - print ""; - getAllCounters($link, $omode, $feed); - print ""; - $_SESSION["viewfeed:counters_stamp"] = time(); - } - } - - if ($_GET["debug"]) $timing_info = print_checkpoint("30", $timing_info); - - print_runtime_info($link); - - print ""; - break; // viewfeed - - case "pref-feeds": - module_pref_feeds($link); - break; // pref-feeds - - case "pref-filters": - module_pref_filters($link); - break; // pref-filters - - case "pref-labels": - module_pref_labels($link); - break; // pref-labels - - case "pref-prefs": - module_pref_prefs($link); - break; // pref-prefs - - case "pref-users": - module_pref_users($link); - break; // prefs-users - - case "help": - module_help($link); - break; // help - - case "dlg": - module_popup_dialog($link); - break; // dlg - - case "pref-pub-items": - module_pref_pub_items($link); - break; // pref-pub-items - - case "globalUpdateFeeds": - // update feeds of all users, may be used anonymously - - print ""; - - print " - - "; - break; // globalUpdateFeeds - - case "pref-feed-browser": - module_pref_feed_browser($link); - break; // pref-feed-browser - - case "publish": - $key = db_escape_string($_GET["key"]); - $limit = (int)db_escape_string($_GET["limit"]); - - $result = db_query($link, "SELECT login, owner_uid - FROM ttrss_user_prefs, ttrss_users WHERE - pref_name = '_PREFS_PUBLISH_KEY' AND - value = '$key' AND - ttrss_users.id = owner_uid"); - - if (db_num_rows($result) == 1) { - $owner = db_fetch_result($result, 0, "owner_uid"); - $login = db_fetch_result($result, 0, "login"); - - generate_syndicated_feed($link, $owner, -2, false, $limit); - - } else { - print "User not found"; - } - break; // publish - - case "rss": - $feed = db_escape_string($_GET["id"]); - $user = db_escape_string($_GET["user"]); - $pass = db_escape_string($_GET["pass"]); - $is_cat = $_GET["is_cat"] != false; - $limit = (int)db_escape_string($_GET["limit"]); - - $search = db_escape_string($_GET["q"]); - $match_on = db_escape_string($_GET["m"]); - $search_mode = db_escape_string($_GET["smode"]); - - if (!$_SESSION["uid"] && $user && $pass) { - authenticate_user($link, $user, $pass); - } - - if ($_SESSION["uid"] || - http_authenticate_user($link)) { - - generate_syndicated_feed($link, 0, $feed, $is_cat, $limit, - $search, $search_mode, $match_on); - } - break; // rss - - case "labelFromSearch": - $search = db_escape_string($_GET["search"]); - $search_mode = db_escape_string($_GET["smode"]); - $match_on = db_escape_string($_GET["match"]); - $is_cat = db_escape_string($_GET["is_cat"]); - $title = db_escape_string($_GET["title"]); - $feed = sprintf("%d", $_GET["feed"]); - - $label_qparts = array(); - - $search_expr = getSearchSql($search, $match_on); - - if ($is_cat) { - if ($feed != 0) { - $search_expr .= " AND ttrss_feeds.cat_id = $feed "; } else { - $search_expr .= " AND ttrss_feeds.cat_id IS NULL "; - } - } else { - if ($search_mode == "all_feeds") { - // NOOP - } else if ($search_mode == "this_cat") { - - $tmp_result = db_query($link, "SELECT cat_id - FROM ttrss_feeds WHERE id = '$feed'"); - - $cat_id = db_fetch_result($tmp_result, 0, "cat_id"); - - if ($cat_id > 0) { - $search_expr .= " AND ttrss_feeds.cat_id = $cat_id "; - } else { - $search_expr .= " AND ttrss_feeds.cat_id IS NULL "; - } - } else { - $search_expr .= " AND ttrss_feeds.id = $feed "; + header("Content-Type: text/json"); + print error_json(6); + return; } - - } - - $search_expr = db_escape_string($search_expr); - - print $search_expr; - - if ($title) { - $result = db_query($link, - "INSERT INTO ttrss_labels (sql_exp,description,owner_uid) - VALUES ('$search_expr', '$title', '".$_SESSION["uid"]."')"); - } - break; // labelFromSearch - - case "getUnread": - $login = db_escape_string($_GET["login"]); - - header("Content-Type: text/plain; charset=utf-8"); - - $result = db_query($link, "SELECT id FROM ttrss_users WHERE login = '$login'"); - - if (db_num_rows($result) == 1) { - $uid = db_fetch_result($result, 0, "id"); - print getGlobalUnread($link, $uid); } else { - print "-1;User not found"; + header("Content-Type: text/json"); + print error_json(6); + return; } + } + } - $print_exec_time = false; - break; // getUnread - - case "digestTest": - header("Content-Type: text/plain"); - print_r(prepare_headlines_digest($link, $_SESSION["uid"])); - $print_exec_time = false; - break; // digestTest - - case "digestSend": - header("Content-Type: text/plain"); - send_headlines_digests($link); - $print_exec_time = false; - break; // digestSend - - } // Select action according to $op value. + header("Content-Type: text/json"); + print error_json(13); - // We close the connection to database. - db_close($link); ?> - - - -