X-Git-Url: https://git.wh0rd.org/?a=blobdiff_plain;f=backend.php;h=c2efc73d6f0e43a63f72dcb676334e8663590482;hb=11adc49e719c87e79d9cc04c33b76351a4992a05;hp=a632fafad7da724d721bb0895719c2648dde45e0;hpb=eedfb635ddde041201c6b5cd683c60cd6ba2ad12;p=tt-rss.git diff --git a/backend.php b/backend.php index a632fafa..6b93d1b3 100644 --- a/backend.php +++ b/backend.php @@ -1,107 +1,70 @@ -

Error: Not logged in.

- - - "; - } - exit; + + if (SINGLE_USER_MODE) { + authenticate_user($link, "admin", null); + } + + if (!($_SESSION["uid"] && validate_session($link)) && $op != "globalUpdateFeeds" && + $op != "rss" && $op != "getUnread" && $op != "getProfiles" && + $op != "fbexport" && $op != "logout" && $op != "pubsub") { + + header("Content-Type: text/plain"); + print json_encode(array("error" => array("code" => 6))); + return; } $purge_intervals = array( @@ -124,19 +87,30 @@ 1440 => __("Daily"), 10080 => __("Weekly")); + $update_intervals_nodefault = array( + -1 => __("Disable updates"), + 15 => __("Each 15 minutes"), + 30 => __("Each 30 minutes"), + 60 => __("Hourly"), + 240 => __("Each 4 hours"), + 720 => __("Each 12 hours"), + 1440 => __("Daily"), + 10080 => __("Weekly")); + $update_methods = array( 0 => __("Default"), 1 => __("Magpie"), - 2 => __("SimplePie")); + 2 => __("SimplePie"), + 3 => __("Twitter OAuth")); - if (ENABLE_SIMPLEPIE) { + if (DEFAULT_UPDATE_METHOD == "1") { $update_methods[0] .= ' (SimplePie)'; } else { $update_methods[0] .= ' (Magpie)'; } $access_level_names = array( - 0 => __("User"), + 0 => __("User"), 5 => __("Power User"), 10 => __("Administrator")); @@ -147,9 +121,14 @@ require_once "modules/pref-filters.php"; require_once "modules/pref-labels.php"; require_once "modules/pref-users.php"; - require_once "modules/pref-feed-browser.php"; + require_once "modules/pref-instances.php"; + + $error = sanity_check($link); - if (!sanity_check($link)) { return; } + if ($error['code'] != 0 && $op != "logout") { + print json_encode(array("error" => $error)); + return; + } switch($op) { // Select action according to $op value. case "rpc": @@ -158,77 +137,90 @@ break; // rpc case "feeds": - if (ENABLE_GZIP_OUTPUT) { - ob_start("ob_gzhandler"); - } - - $tags = $_GET["tags"]; - - $subop = $_GET["subop"]; + $subop = $_REQUEST["subop"]; + $root = (bool)$_REQUEST["root"]; switch($subop) { case "catchupAll": - db_query($link, "UPDATE ttrss_user_entries SET + db_query($link, "UPDATE ttrss_user_entries SET last_read = NOW(),unread = false WHERE owner_uid = " . $_SESSION["uid"]); - break; + ccache_zero_all($link, $_SESSION["uid"]); - case "collapse": - $cat_id = db_escape_string($_GET["cid"]); - - db_query($link, "UPDATE ttrss_feed_categories SET - collapsed = NOT collapsed WHERE id = '$cat_id' AND owner_uid = " . - $_SESSION["uid"]); - return; break; - case "catsortreset": - db_query($link, "UPDATE ttrss_feed_categories - SET order_id = 0 WHERE owner_uid = " . $_SESSION["uid"]); + case "collapse": + $cat_id = db_escape_string($_REQUEST["cid"]); + $mode = (int) db_escape_string($_REQUEST['mode']); + toggle_collapse_cat($link, $cat_id, $mode); return; break; + } - case "catsort": - $corder = db_escape_string($_GET["corder"]); - - $cats = split(",", $corder); + if (!$root) { + print json_encode(outputFeedList($link)); + } else { - for ($i = 0; $i < count($cats); $i++) { - $cat_id = $cats[$i]; + $feeds = outputFeedList($link, false); - if ($cat_id > 0) { - db_query($link, "UPDATE ttrss_feed_categories - SET order_id = '$i' WHERE id = '$cat_id' AND - owner_uid = " . $_SESSION["uid"]); - } - } + $root = array(); + $root['id'] = 'root'; + $root['name'] = __('Feeds'); + $root['items'] = $feeds['items']; - return; - break; + $fl = array(); + $fl['identifier'] = 'id'; + $fl['label'] = 'name'; + $fl['items'] = array($root); + print json_encode($fl); } - outputFeedList($link, $tags); break; // feeds - case "view": + case "la": + $id = db_escape_string($_REQUEST['id']); - $id = db_escape_string($_GET["id"]); - $feed_id = db_escape_string($_GET["feed"]); - $cids = split(",", db_escape_string($_GET["cids"])); - $mode = db_escape_string($_GET["mode"]); - $omode = db_escape_string($_GET["omode"]); + $result = db_query($link, "SELECT link FROM ttrss_entries, ttrss_user_entries + WHERE id = '$id' AND id = ref_id AND owner_uid = '".$_SESSION['uid']."' + LIMIT 1"); - $csync = $_GET["csync"]; + if (db_num_rows($result) == 1) { + $article_url = db_fetch_result($result, 0, 'link'); + $article_url = str_replace("\n", "", $article_url); - print ""; + header("Location: $article_url"); + return; - // in prefetch mode we only output requested cids, main article + } else { + print_error(__("Article not found.")); + } + break; + + case "view": + + $id = db_escape_string($_REQUEST["id"]); + $cids = split(",", db_escape_string($_REQUEST["cids"])); + $mode = db_escape_string($_REQUEST["mode"]); + $omode = db_escape_string($_REQUEST["omode"]); + + // in prefetch mode we only output requested cids, main article // just gets marked as read (it already exists in client cache) + $articles = array(); + if ($mode == "") { - outputArticleXML($link, $id, $feed_id); + array_push($articles, format_article($link, $id, false)); } else if ($mode == "zoom") { - outputArticleXML($link, $id, $feed_id, true, true); + array_push($articles, format_article($link, $id, false, true, true)); + } else if ($mode == "raw") { + if ($_REQUEST['html']) { + header("Content-Type: text/html"); + print ''; + } + + $article = format_article($link, $id, false); + print $article['content']; + return; } else { catchupArticleById($link, $id, 0); } @@ -236,109 +228,172 @@ if (!$_SESSION["bw_limit"]) { foreach ($cids as $cid) { if ($cid) { - outputArticleXML($link, $cid, $feed_id, false); + array_push($articles, format_article($link, $cid, false, false)); } } } + print json_encode($articles); - if (get_pref($link, "SYNC_COUNTERS") || ($mode == "prefetch" && $csync)) { - print ""; - getAllCounters($link, $omode); - print ""; - } - - print ""; break; // view case "viewfeed": - $print_exec_time = true; $timing_info = getmicrotime(); - print ""; + $reply = array(); + + if ($_REQUEST["debug"]) $timing_info = print_checkpoint("0", $timing_info); - if ($_GET["debug"]) $timing_info = print_checkpoint("0", $timing_info); + $omode = db_escape_string($_REQUEST["omode"]); - $omode = db_escape_string($_GET["omode"]); + $feed = db_escape_string($_REQUEST["feed"]); + $subop = db_escape_string($_REQUEST["subop"]); + $view_mode = db_escape_string($_REQUEST["view_mode"]); + $limit = (int) get_pref($link, "DEFAULT_ARTICLE_LIMIT"); + @$cat_view = db_escape_string($_REQUEST["cat"]); + @$next_unread_feed = db_escape_string($_REQUEST["nuf"]); + @$offset = db_escape_string($_REQUEST["skip"]); + @$vgroup_last_feed = db_escape_string($_REQUEST["vgrlf"]); + $order_by = db_escape_string($_REQUEST["order_by"]); - $feed = db_escape_string($_GET["feed"]); - $subop = db_escape_string($_GET["subop"]); - $view_mode = db_escape_string($_GET["view_mode"]); - $limit = db_escape_string($_GET["limit"]); - $cat_view = db_escape_string($_GET["cat"]); - $next_unread_feed = db_escape_string($_GET["nuf"]); - $offset = db_escape_string($_GET["skip"]); - $vgroup_last_feed = db_escape_string($_GET["vgrlf"]); - $csync = $_GET["csync"]; + /* Feed -5 is a special case: it is used to display auxiliary information + * when there's nothing to load - e.g. no stuff in fresh feed */ + + if ($feed == -5) { + print json_encode(generate_dashboard_feed($link)); + return; + } + + $result = false; + + if ($feed < -10) { + $label_feed = -11-$feed; + $result = db_query($link, "SELECT id FROM ttrss_labels2 WHERE + id = '$label_feed' AND owner_uid = " . $_SESSION['uid']); + } else if (!$cat_view && $feed > 0) { + $result = db_query($link, "SELECT id FROM ttrss_feeds WHERE + id = '$feed' AND owner_uid = " . $_SESSION['uid']); + } else if ($cat_view && $feed > 0) { + $result = db_query($link, "SELECT id FROM ttrss_feed_categories WHERE + id = '$feed' AND owner_uid = " . $_SESSION['uid']); + } + + if ($result && db_num_rows($result) == 0) { + print json_encode(generate_error_feed($link, __("Feed not found."))); + return; + } + + /* Updating a label ccache means recalculating all of the caches + * so for performance reasons we don't do that here */ + + if ($feed >= 0) { + ccache_update($link, $feed, $_SESSION["uid"], $cat_view); + } set_pref($link, "_DEFAULT_VIEW_MODE", $view_mode); set_pref($link, "_DEFAULT_VIEW_LIMIT", $limit); + set_pref($link, "_DEFAULT_VIEW_ORDER_BY", $order_by); if (!$cat_view && preg_match("/^[0-9][0-9]*$/", $feed)) { db_query($link, "UPDATE ttrss_feeds SET last_viewed = NOW() WHERE id = '$feed' AND owner_uid = ".$_SESSION["uid"]); } - print ""; - - print ""; - print ""; - - $headlines_unread = getFeedUnread($link, $returned_feed); - - print ""; - printf("", $disable_cache); - - if ($_GET["debug"]) $timing_info = print_checkpoint("10", $timing_info); - - if (is_array($topmost_article_ids) && !get_pref($link, 'COMBINED_DISPLAY_MODE') && !$_SESSION["bw_limit"]) { - print ""; - foreach ($topmost_article_ids as $id) { - outputArticleXML($link, $id, $feed, false); + switch ($order_by) { + case "date": + if (get_pref($link, 'REVERSE_HEADLINES', $owner_uid)) { + $override_order = "$date_sort_field"; + } else { + $override_order = "$date_sort_field DESC"; } - print ""; - } + break; + + case "title": + if (get_pref($link, 'REVERSE_HEADLINES', $owner_uid)) { + $override_order = "title DESC, $date_sort_field"; + } else { + $override_order = "title, $date_sort_field DESC"; + } + break; + + case "score": + if (get_pref($link, 'REVERSE_HEADLINES', $owner_uid)) { + $override_order = "score, $date_sort_field"; + } else { + $override_order = "score DESC, $date_sort_field DESC"; + } + break; + } + + if ($_REQUEST["debug"]) $timing_info = print_checkpoint("04", $timing_info); + + $ret = format_headlines_list($link, $feed, $subop, + $view_mode, $limit, $cat_view, $next_unread_feed, $offset, + $vgroup_last_feed, $override_order); + + $topmost_article_ids = $ret[0]; + $headlines_count = $ret[1]; + $returned_feed = $ret[2]; + $disable_cache = $ret[3]; + $vgroup_last_feed = $ret[4]; + + $reply['headlines']['content'] = $ret[5]; + $reply['headlines']['toolbar'] = $ret[6]; + + if ($_REQUEST["debug"]) $timing_info = print_checkpoint("05", $timing_info); + + $headlines_unread = ccache_find($link, $returned_feed, $_SESSION["uid"], + $cat_view, true); + + if ($headlines_unread == -1) { + $headlines_unread = getFeedUnread($link, $returned_feed, $cat_view); } - if ($_GET["debug"]) $timing_info = print_checkpoint("20", $timing_info); + $reply['headlines-info'] = array("count" => (int) $headlines_count, + "vgroup_last_feed" => $vgroup_last_feed, + "unread" => (int) $headlines_unread, + "disable_cache" => (bool) $disable_cache); + + if ($_REQUEST["debug"]) $timing_info = print_checkpoint("20", $timing_info); + + if (is_array($topmost_article_ids) && !get_pref($link, 'COMBINED_DISPLAY_MODE') && !$_SESSION["bw_limit"]) { + $articles = array(); - $viewfeed_ctr_interval = 300; + foreach ($topmost_article_ids as $id) { + array_push($articles, format_article($link, $id, $feed, false)); + } - if ($csync || $_SESSION["bw_limit"]) { - $viewfeed_ctr_interval = 60; + $reply['articles'] = $articles; } - if (get_pref($link, "SYNC_COUNTERS") || - time() - $_SESSION["get_all_counters_stamp"] > $viewfeed_ctr_interval) { - print ""; - getAllCounters($link, $omode, $feed); - print ""; + if ($subop) { + $reply['counters'] = getAllCounters($link, $omode, $feed); } - if ($_GET["debug"]) $timing_info = print_checkpoint("30", $timing_info); + if ($_REQUEST["debug"]) $timing_info = print_checkpoint("30", $timing_info); + + $reply['runtime-info'] = make_runtime_info($link); - print_runtime_info($link); + print json_encode($reply); - print ""; break; // viewfeed case "pref-feeds": @@ -374,278 +429,197 @@ break; // pref-pub-items case "globalUpdateFeeds": - // update feeds of all users, may be used anonymously - - print ""; - - // FIXME : old feed update way. To be removed. - //$result = db_query($link, "SELECT id FROM ttrss_users"); - - //while ($line = db_fetch_assoc($result)) { - // $user_id = $line["id"]; - // print ""; - // update_all_feeds($link, false, $user_id); - //} - - print " - - "; break; // globalUpdateFeeds - case "user-details": + case "pref-feed-browser": + module_pref_feed_browser($link); + break; // pref-feed-browser - if (WEB_DEMO_MODE || $_SESSION["access_level"] < 10) { - return; - } + case "pref-instances": + module_pref_instances($link); + break; // pref-instances - /* - print " - Tiny Tiny RSS : User Details - - - "; - */ - - $uid = sprintf("%d", $_GET["id"]); - - print "
User details
"; - - print "
"; - - $result = db_query($link, "SELECT login, - ".SUBSTRING_FOR_DATE."(last_login,1,16) AS last_login, - access_level, - (SELECT COUNT(int_id) FROM ttrss_user_entries - WHERE owner_uid = id) AS stored_articles, - ".SUBSTRING_FOR_DATE."(created,1,16) AS created - FROM ttrss_users - WHERE id = '$uid'"); - - if (db_num_rows($result) == 0) { - print "

User not found

"; - return; + case "rss": + $feed = db_escape_string($_REQUEST["id"]); + $key = db_escape_string($_REQUEST["key"]); + $is_cat = $_REQUEST["is_cat"] != false; + $limit = (int)db_escape_string($_REQUEST["limit"]); + + $search = db_escape_string($_REQUEST["q"]); + $match_on = db_escape_string($_REQUEST["m"]); + $search_mode = db_escape_string($_REQUEST["smode"]); + $view_mode = db_escape_string($_REQUEST["view-mode"]); + + if (SINGLE_USER_MODE) { + authenticate_user($link, "admin", null); } - - // print "

User Details

"; - $login = db_fetch_result($result, 0, "login"); + $owner_id = false; - // print "

$login

"; + if ($key) { + $result = db_query($link, "SELECT owner_uid FROM + ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'"); - print ""; + if (db_num_rows($result) == 1) + $owner_id = db_fetch_result($result, 0, "owner_uid"); + } - $last_login = date(get_pref($link, 'LONG_DATE_FORMAT'), - strtotime(db_fetch_result($result, 0, "last_login"))); + if ($owner_id) { + $_SESSION['uid'] = $owner_id; - $created = date(get_pref($link, 'LONG_DATE_FORMAT'), - strtotime(db_fetch_result($result, 0, "created"))); + generate_syndicated_feed($link, 0, $feed, $is_cat, $limit, + $search, $search_mode, $match_on, $view_mode); + } else { + header('HTTP/1.1 403 Forbidden'); + } + break; // rss - $access_level = db_fetch_result($result, 0, "access_level"); - $stored_articles = db_fetch_result($result, 0, "stored_articles"); + case "getUnread": + $login = db_escape_string($_REQUEST["login"]); + $fresh = $_REQUEST["fresh"] == "1"; - // print ""; - // print ""; - print ""; - print ""; - print ""; + $result = db_query($link, "SELECT id FROM ttrss_users WHERE login = '$login'"); - $result = db_query($link, "SELECT COUNT(id) as num_feeds FROM ttrss_feeds - WHERE owner_uid = '$uid'"); + if (db_num_rows($result) == 1) { + $uid = db_fetch_result($result, 0, "id"); - $num_feeds = db_fetch_result($result, 0, "num_feeds"); + print getGlobalUnread($link, $uid); - print ""; + if ($fresh) { + print ";"; + print getFeedArticles($link, -3, false, true, $uid); + } - /* - $result = db_query($link, "SELECT - SUM(LENGTH(content)+LENGTH(title)+LENGTH(link)+LENGTH(guid)) AS db_size - FROM ttrss_user_entries,ttrss_entries - WHERE owner_uid = '$uid' AND ref_id = id"); + } else { + print "-1;User not found"; + } - $db_size = round(db_fetch_result($result, 0, "db_size") / 1024); + break; // getUnread - print ""; - */ + case "digestTest": + print_r(prepare_headlines_digest($link, $_SESSION["uid"])); + break; // digestTest - print "
Username$login
Access level$access_level
".__('Registered')."$created
".__('Last logged in')."$last_login
".__('Stored articles')."$stored_articles
".__('Subscribed feeds count')."$num_feeds
Approx. used DB size$db_size KBytes
"; + case "digestSend": + send_headlines_digests($link); + break; // digestSend - print "

".__('Subscribed feeds')."

"; + case "loading": + header("Content-type: text/html"); + print __("Loading, please wait...") . " " . + ""; + break; // loading - $result = db_query($link, "SELECT id,title,site_url FROM ttrss_feeds - WHERE owner_uid = '$uid' ORDER BY title"); + case "getProfiles": + $login = db_escape_string($_REQUEST["login"]); + $password = db_escape_string($_REQUEST["password"]); - print ""; + break; // getprofiles - print "
"; + case "pubsub": + $mode = db_escape_string($_REQUEST['hub_mode']); + $feed_id = db_escape_string($_REQUEST['id']); + $feed_url = db_escape_string($_REQUEST['hub_topic']); - print "
-
"; + // TODO: implement hub_verifytoken checking - // print ""; + $result = db_query($link, "SELECT feed_url FROM ttrss_feeds + WHERE id = '$feed_id'"); - break; // user-details + $check_feed_url = db_fetch_result($result, 0, "feed_url"); - case "pref-feed-browser": - module_pref_feed_browser($link); - break; // pref-feed-browser - - case "publish": - $key = db_escape_string($_GET["key"]); - - $result = db_query($link, "SELECT login, owner_uid - FROM ttrss_user_prefs, ttrss_users WHERE - pref_name = '_PREFS_PUBLISH_KEY' AND - value = '$key' AND - ttrss_users.id = owner_uid"); - - if (db_num_rows($result) == 1) { - $owner = db_fetch_result($result, 0, "owner_uid"); - $login = db_fetch_result($result, 0, "login"); - - generate_syndicated_feed($link, $owner, -2, false); - - } else { - print "User not found"; - } - break; // publish + if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) { + if ($mode == "subscribe") { - case "rss": - $feed = db_escape_string($_GET["id"]); - $user = db_escape_string($_GET["user"]); - $pass = db_escape_string($_GET["pass"]); - $is_cat = $_GET["is_cat"] != false; + db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 2 + WHERE id = '$feed_id'"); - $search = db_escape_string($_GET["q"]); - $match_on = db_escape_string($_GET["m"]); - $search_mode = db_escape_string($_GET["smode"]); + print $_REQUEST['hub_challenge']; + return; - if (!$_SESSION["uid"] && $user && $pass) { - authenticate_user($link, $user, $pass); - } + } else if ($mode == "unsubscribe") { - if ($_SESSION["uid"] || - http_authenticate_user($link)) { + db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 0 + WHERE id = '$feed_id'"); - generate_syndicated_feed($link, 0, $feed, $is_cat, - $search, $search_mode, $match_on); - } - break; // rss + print $_REQUEST['hub_challenge']; + return; - case "labelFromSearch": - $search = db_escape_string($_GET["search"]); - $search_mode = db_escape_string($_GET["smode"]); - $match_on = db_escape_string($_GET["match"]); - $is_cat = db_escape_string($_GET["is_cat"]); - $title = db_escape_string($_GET["title"]); - $feed = sprintf("%d", $_GET["feed"]); + } else if (!$mode) { - $label_qparts = array(); + // Received update ping, schedule feed update. - $search_expr = getSearchSql($search, $match_on); + update_rss_feed($link, $feed_id, true, true); - if ($is_cat) { - if ($feed != 0) { - $search_expr .= " AND ttrss_feeds.cat_id = $feed "; - } else { - $search_expr .= " AND ttrss_feeds.cat_id IS NULL "; } } else { - if ($search_mode == "all_feeds") { - // NOOP - } else if ($search_mode == "this_cat") { + header('HTTP/1.0 404 Not Found'); + } - $tmp_result = db_query($link, "SELECT cat_id - FROM ttrss_feeds WHERE id = '$feed'"); + break; // pubsub - $cat_id = db_fetch_result($tmp_result, 0, "cat_id"); + case "logout": + logout_user(); + header("Location: tt-rss.php"); + break; // logout - if ($cat_id > 0) { - $search_expr .= " AND ttrss_feeds.cat_id = $cat_id "; - } else { - $search_expr .= " AND ttrss_feeds.cat_id IS NULL "; - } - } else { - $search_expr .= " AND ttrss_feeds.id = $feed "; - } + case "fbexport": - } + $access_key = db_escape_string($_POST["key"]); - $search_expr = db_escape_string($search_expr); + // TODO: rate limit checking using last_connected + $result = db_query($link, "SELECT id FROM ttrss_linked_instances + WHERE access_key = '$access_key'"); - print $search_expr; + if (db_num_rows($result) == 1) { - if ($title) { - $result = db_query($link, - "INSERT INTO ttrss_labels (sql_exp,description,owner_uid) - VALUES ('$search_expr', '$title', '".$_SESSION["uid"]."')"); - } - break; // labelFromSearch + $instance_id = db_fetch_result($result, 0, "id"); - case "getUnread": - $login = db_escape_string($_GET["login"]); + $result = db_query($link, "SELECT feed_url, site_url, title, subscribers + FROM ttrss_feedbrowser_cache ORDER BY subscribers DESC LIMIT 100"); - header("Content-Type: text/plain; charset=utf-8"); + $feeds = array(); - $result = db_query($link, "SELECT id FROM ttrss_users WHERE login = '$login'"); + while ($line = db_fetch_assoc($result)) { + array_push($feeds, $line); + } - if (db_num_rows($result) == 1) { - $uid = db_fetch_result($result, 0, "id"); - print getGlobalUnread($link, $uid); + db_query($link, "UPDATE ttrss_linked_instances SET + last_status_in = 1 WHERE id = '$instance_id'"); + + print json_encode(array("feeds" => $feeds)); } else { - print "-1;User not found"; + print json_encode(array("error" => array("code" => 6))); } + break; // fbexport - $print_exec_time = false; - break; // getUnread - - case "digestTest": + default: header("Content-Type: text/plain"); - print_r(prepare_headlines_digest($link, $_SESSION["uid"])); - $print_exec_time = false; - break; // digestTest - - case "digestSend": - header("Content-Type: text/plain"); - send_headlines_digests($link); - $print_exec_time = false; - break; // digestSend - + print json_encode(array("error" => array("code" => 7))); + break; // fallback } // Select action according to $op value. // We close the connection to database. db_close($link); ?> - - - -