X-Git-Url: https://git.wh0rd.org/?a=blobdiff_plain;f=classes%2Fhandler%2Fpublic.php;h=79ed9d0aed74331cfd583b6d8a57cc9ecbfa7068;hb=1ffe3391f902c4baa984982f19e61a0e45de21ff;hp=998e078dd27df24192c7c652dea297f92bca73be;hpb=2d6847495f204c6b50d378843ccff899d0fbe46c;p=tt-rss.git diff --git a/classes/handler/public.php b/classes/handler/public.php index 998e078d..79ed9d0a 100644 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -2,7 +2,8 @@ class Handler_Public extends Handler { private function generate_syndicated_feed($owner_uid, $feed, $is_cat, - $limit, $search, $search_mode, $match_on, $view_mode = false, $format = 'atom') { + $limit, $offset, $search, $search_mode, + $view_mode = false, $format = 'atom') { require_once "lib/MiniTemplator.class.php"; @@ -11,17 +12,40 @@ class Handler_Public extends Handler { "padding : 5px; border-style : dashed; border-color : #e7d796;". "margin-bottom : 1em; color : #9a8c59;"; - if (!$limit) $limit = 100; + if (!$limit) $limit = 60; - if (get_pref($this->link, "SORT_HEADLINES_BY_FEED_DATE", $owner_uid)) { - $date_sort_field = "updated"; - } else { - $date_sort_field = "date_entered"; + $date_sort_field = "date_entered DESC, updated DESC"; + + if ($feed == -2) + $date_sort_field = "last_published DESC"; + else if ($feed == -1) + $date_sort_field = "last_marked DESC"; + + $qfh_ret = queryFeedHeadlines($feed, + 1, $view_mode, $is_cat, $search, $search_mode, + $date_sort_field, $offset, $owner_uid, + false, 0, false, true); + + $result = $qfh_ret[0]; + + if ($this->dbh->num_rows($result) != 0) { + $ts = strtotime($this->dbh->fetch_result($result, 0, "date_entered")); + + if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) && + strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) >= $ts) { + header('HTTP/1.0 304 Not Modified'); + return; + } + + $last_modified = gmdate("D, d M Y H:i:s", $ts) . " GMT"; + header("Last-Modified: $last_modified", true); } - $qfh_ret = queryFeedHeadlines($this->link, $feed, + $qfh_ret = queryFeedHeadlines($feed, $limit, $view_mode, $is_cat, $search, $search_mode, - $match_on, "$date_sort_field DESC", 0, $owner_uid); + $date_sort_field, $offset, $owner_uid, + false, 0, false, true); + $result = $qfh_ret[0]; $feed_title = htmlspecialchars($qfh_ret[1]); @@ -30,7 +54,7 @@ class Handler_Public extends Handler { $feed_self_url = get_self_url_prefix() . "/public.php?op=rss&id=-2&key=" . - get_feed_access_key($this->link, -2, false, $owner_uid); + get_feed_access_key(-2, false, $owner_uid); if (!$feed_site_url) $feed_site_url = get_self_url_prefix(); @@ -50,18 +74,20 @@ class Handler_Public extends Handler { $tpl->setVariable('SELF_URL', htmlspecialchars(get_self_url_prefix()), true); - while ($line = db_fetch_assoc($result)) { + while ($line = $this->dbh->fetch_assoc($result)) { + $tpl->setVariable('ARTICLE_ID', htmlspecialchars($line['link']), true); $tpl->setVariable('ARTICLE_LINK', htmlspecialchars($line['link']), true); $tpl->setVariable('ARTICLE_TITLE', htmlspecialchars($line['title']), true); $tpl->setVariable('ARTICLE_EXCERPT', truncate_string(strip_tags($line["content_preview"]), 100, '...'), true); - $content = sanitize($this->link, $line["content_preview"], false, $owner_uid); + $content = sanitize($line["content_preview"], false, $owner_uid); if ($line['note']) { $content = "
Article note: " . $line['note'] . "
" . $content; + $tpl->setVariable('ARTICLE_NOTE', htmlspecialchars($line['note']), true); } $tpl->setVariable('ARTICLE_CONTENT', $content, true); @@ -73,14 +99,14 @@ class Handler_Public extends Handler { $tpl->setVariable('ARTICLE_AUTHOR', htmlspecialchars($line['author']), true); - $tags = get_article_tags($this->link, $line["id"], $owner_uid); + $tags = get_article_tags($line["id"], $owner_uid); foreach ($tags as $tag) { $tpl->setVariable('ARTICLE_CATEGORY', htmlspecialchars($tag), true); $tpl->addBlock('category'); } - $enclosures = get_article_enclosures($this->link, $line["id"]); + $enclosures = get_article_enclosures($line["id"]); foreach ($enclosures as $e) { $type = htmlspecialchars($e['content_type']); @@ -102,7 +128,11 @@ class Handler_Public extends Handler { $tpl->addBlock('feed'); $tpl->generateOutputToString($tmp); - header("Content-Type: text/xml; charset=utf-8"); + if (@!$_REQUEST["noxml"]) { + header("Content-Type: text/xml; charset=utf-8"); + } else { + header("Content-Type: text/plain; charset=utf-8"); + } print $tmp; } else if ($format == 'json') { @@ -121,20 +151,20 @@ class Handler_Public extends Handler { $feed['articles'] = array(); - while ($line = db_fetch_assoc($result)) { + while ($line = $this->dbh->fetch_assoc($result)) { $article = array(); $article['id'] = $line['link']; $article['link'] = $line['link']; $article['title'] = $line['title']; $article['excerpt'] = truncate_string(strip_tags($line["content_preview"]), 100, '...'); - $article['content'] = sanitize($this->link, $line["content_preview"], false, $owner_uid); + $article['content'] = sanitize($line["content_preview"], false, $owner_uid); $article['updated'] = date('c', strtotime($line["updated"])); if ($line['note']) $article['note'] = $line['note']; if ($article['author']) $article['author'] = $line['author']; - $tags = get_article_tags($this->link, $line["id"], $owner_uid); + $tags = get_article_tags($line["id"], $owner_uid); if (count($tags) > 0) { $article['tags'] = array(); @@ -144,7 +174,7 @@ class Handler_Public extends Handler { } } - $enclosures = get_article_enclosures($this->link, $line["id"]); + $enclosures = get_article_enclosures($line["id"]); if (count($enclosures) > 0) { $article['enclosures'] = array(); @@ -161,8 +191,7 @@ class Handler_Public extends Handler { array_push($feed['articles'], $article); } - header("Content-Type: text/plain; charset=utf-8"); - + header("Content-Type: text/json; charset=utf-8"); print json_encode($feed); } else { @@ -172,19 +201,19 @@ class Handler_Public extends Handler { } function getUnread() { - $login = db_escape_string($_REQUEST["login"]); + $login = $this->dbh->escape_string($_REQUEST["login"]); $fresh = $_REQUEST["fresh"] == "1"; - $result = db_query($this->link, "SELECT id FROM ttrss_users WHERE login = '$login'"); + $result = $this->dbh->query("SELECT id FROM ttrss_users WHERE login = '$login'"); - if (db_num_rows($result) == 1) { - $uid = db_fetch_result($result, 0, "id"); + if ($this->dbh->num_rows($result) == 1) { + $uid = $this->dbh->fetch_result($result, 0, "id"); - print getGlobalUnread($this->link, $uid); + print getGlobalUnread($uid); if ($fresh) { print ";"; - print getFeedArticles($this->link, -3, false, true, $uid); + print getFeedArticles(-3, false, true, $uid); } } else { @@ -194,16 +223,16 @@ class Handler_Public extends Handler { } function getProfiles() { - $login = db_escape_string($_REQUEST["login"]); + $login = $this->dbh->escape_string($_REQUEST["login"]); - $result = db_query($this->link, "SELECT * FROM ttrss_settings_profiles,ttrss_users + $result = $this->dbh->query("SELECT * FROM ttrss_settings_profiles,ttrss_users WHERE ttrss_users.id = ttrss_settings_profiles.owner_uid AND login = '$login' ORDER BY title"); - print ""; print ""; - while ($line = db_fetch_assoc($result)) { + while ($line = $this->dbh->fetch_assoc($result)) { $id = $line["id"]; $title = $line["title"]; @@ -214,9 +243,9 @@ class Handler_Public extends Handler { } function pubsub() { - $mode = db_escape_string($_REQUEST['hub_mode']); - $feed_id = (int) db_escape_string($_REQUEST['id']); - $feed_url = db_escape_string($_REQUEST['hub_topic']); + $mode = $this->dbh->escape_string($_REQUEST['hub_mode']); + $feed_id = (int) $this->dbh->escape_string($_REQUEST['id']); + $feed_url = $this->dbh->escape_string($_REQUEST['hub_topic']); if (!PUBSUBHUBBUB_ENABLED) { header('HTTP/1.0 404 Not Found'); @@ -226,17 +255,17 @@ class Handler_Public extends Handler { // TODO: implement hub_verifytoken checking - $result = db_query($this->link, "SELECT feed_url FROM ttrss_feeds + $result = $this->dbh->query("SELECT feed_url FROM ttrss_feeds WHERE id = '$feed_id'"); - if (db_num_rows($result) != 0) { + if ($this->dbh->num_rows($result) != 0) { - $check_feed_url = db_fetch_result($result, 0, "feed_url"); + $check_feed_url = $this->dbh->fetch_result($result, 0, "feed_url"); if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) { if ($mode == "subscribe") { - db_query($this->link, "UPDATE ttrss_feeds SET pubsub_state = 2 + $this->dbh->query("UPDATE ttrss_feeds SET pubsub_state = 2 WHERE id = '$feed_id'"); print $_REQUEST['hub_challenge']; @@ -244,7 +273,7 @@ class Handler_Public extends Handler { } else if ($mode == "unsubscribe") { - db_query($this->link, "UPDATE ttrss_feeds SET pubsub_state = 0 + $this->dbh->query("UPDATE ttrss_feeds SET pubsub_state = 0 WHERE id = '$feed_id'"); print $_REQUEST['hub_challenge']; @@ -253,9 +282,9 @@ class Handler_Public extends Handler { } else if (!$mode) { // Received update ping, schedule feed update. - //update_rss_feed($this->link, $feed_id, true, true); + //update_rss_feed($feed_id, true, true); - db_query($this->link, "UPDATE ttrss_feeds SET + $this->dbh->query("UPDATE ttrss_feeds SET last_update_started = '1970-01-01', last_updated = '1970-01-01' WHERE id = '$feed_id'"); @@ -276,49 +305,19 @@ class Handler_Public extends Handler { header("Location: index.php"); } - function fbexport() { - - $access_key = db_escape_string($_POST["key"]); - - // TODO: rate limit checking using last_connected - $result = db_query($this->link, "SELECT id FROM ttrss_linked_instances - WHERE access_key = '$access_key'"); - - if (db_num_rows($result) == 1) { - - $instance_id = db_fetch_result($result, 0, "id"); - - $result = db_query($this->link, "SELECT feed_url, site_url, title, subscribers - FROM ttrss_feedbrowser_cache ORDER BY subscribers DESC LIMIT 100"); - - $feeds = array(); - - while ($line = db_fetch_assoc($result)) { - array_push($feeds, $line); - } - - db_query($this->link, "UPDATE ttrss_linked_instances SET - last_status_in = 1 WHERE id = '$instance_id'"); - - print json_encode(array("feeds" => $feeds)); - } else { - print json_encode(array("error" => array("code" => 6))); - } - } - function share() { - $uuid = db_escape_string($_REQUEST["key"]); + $uuid = $this->dbh->escape_string($_REQUEST["key"]); - $result = db_query($this->link, "SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE + $result = $this->dbh->query("SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE uuid = '$uuid'"); - if (db_num_rows($result) != 0) { + if ($this->dbh->num_rows($result) != 0) { header("Content-Type: text/html"); - $id = db_fetch_result($result, 0, "ref_id"); - $owner_uid = db_fetch_result($result, 0, "owner_uid"); + $id = $this->dbh->fetch_result($result, 0, "ref_id"); + $owner_uid = $this->dbh->fetch_result($result, 0, "owner_uid"); - $article = format_article($this->link, $id, false, true, $owner_uid); + $article = format_article($id, false, true, $owner_uid); print_r($article['content']); @@ -329,37 +328,37 @@ class Handler_Public extends Handler { } function rss() { - $feed = db_escape_string($_REQUEST["id"]); - $key = db_escape_string($_REQUEST["key"]); + $feed = $this->dbh->escape_string($_REQUEST["id"]); + $key = $this->dbh->escape_string($_REQUEST["key"]); $is_cat = $_REQUEST["is_cat"] != false; - $limit = (int)db_escape_string($_REQUEST["limit"]); + $limit = (int)$this->dbh->escape_string($_REQUEST["limit"]); + $offset = (int)$this->dbh->escape_string($_REQUEST["offset"]); - $search = db_escape_string($_REQUEST["q"]); - $match_on = db_escape_string($_REQUEST["m"]); - $search_mode = db_escape_string($_REQUEST["smode"]); - $view_mode = db_escape_string($_REQUEST["view-mode"]); + $search = $this->dbh->escape_string($_REQUEST["q"]); + $search_mode = $this->dbh->escape_string($_REQUEST["smode"]); + $view_mode = $this->dbh->escape_string($_REQUEST["view-mode"]); - $format = db_escape_string($_REQUEST['format']); + $format = $this->dbh->escape_string($_REQUEST['format']); if (!$format) $format = 'atom'; if (SINGLE_USER_MODE) { - authenticate_user($this->link, "admin", null); + authenticate_user("admin", null); } $owner_id = false; if ($key) { - $result = db_query($this->link, "SELECT owner_uid FROM + $result = $this->dbh->query("SELECT owner_uid FROM ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'"); - if (db_num_rows($result) == 1) - $owner_id = db_fetch_result($result, 0, "owner_uid"); + if ($this->dbh->num_rows($result) == 1) + $owner_id = $this->dbh->fetch_result($result, 0, "owner_uid"); } if ($owner_id) { $this->generate_syndicated_feed($owner_id, $feed, $is_cat, $limit, - $search, $search_mode, $match_on, $view_mode, $format); + $offset, $search, $search_mode, $view_mode, $format); } else { header('HTTP/1.1 403 Forbidden'); } @@ -368,19 +367,33 @@ class Handler_Public extends Handler { function globalUpdateFeeds() { include "rssfuncs.php"; // Update all feeds needing a update. - update_daemon_common($this->link, 0, true, false); + update_daemon_common(0, true, false); + + // Update feedbrowser + update_feedbrowser_cache(); + + // Purge orphans and cleanup tags + purge_orphans(); + + cleanup_tags(14, 50000); + + PluginHost::getInstance()->run_hooks(PluginHost::HOOK_UPDATE_TASK, "hook_update_task", $op); + } function sharepopup() { + if (SINGLE_USER_MODE) { + login_sequence(); + } + header('Content-Type: text/html; charset=utf-8'); - print " - - Tiny Tiny RSS - - - - - "; + print "Tiny Tiny RSS"; + + print stylesheet_tag("utility.css"); + print javascript_tag("lib/prototype.js"); + print javascript_tag("lib/scriptaculous/scriptaculous.js?load=effects,dragdrop,controls"); + print " + "; $action = $_REQUEST["action"]; @@ -388,11 +401,13 @@ class Handler_Public extends Handler { if ($action == 'share') { - $title = db_escape_string(strip_tags($_REQUEST["title"])); - $url = db_escape_string(strip_tags($_REQUEST["url"])); - $content = db_escape_string(strip_tags($_REQUEST["content"])); + $title = $this->dbh->escape_string(strip_tags($_REQUEST["title"])); + $url = $this->dbh->escape_string(strip_tags($_REQUEST["url"])); + $content = $this->dbh->escape_string(strip_tags($_REQUEST["content"])); + $labels = $this->dbh->escape_string(strip_tags($_REQUEST["labels"])); - create_published_article($this->link, $title, $url, $content, $_SESSION["uid"]); + Article::create_published_article($title, $url, $content, $labels, + $_SESSION["uid"]); print " + +
@@ -443,12 +472,12 @@ class Handler_Public extends Handler { ?>
+ method="POST" id="loginForm" name="loginForm"> +

-

dbh->escape_string($_POST["login"]); $password = $_POST["password"]; $remember_me = $_POST["remember_me"]; - if (authenticate_user($this->link, $login, $password)) { + if ($remember_me) { + session_set_cookie_params(SESSION_COOKIE_LIFETIME); + } else { + session_set_cookie_params(0); + } + + @session_start(); + + if (authenticate_user($login, $password)) { $_POST["password"] = ""; $_SESSION["language"] = $_POST["language"]; - $_SESSION["ref_schema_version"] = get_schema_version($this->link, true); + $_SESSION["ref_schema_version"] = get_schema_version(true); $_SESSION["bw_limit"] = !!$_POST["bw_limit"]; if ($_POST["profile"]) { - $profile = db_escape_string($_POST["profile"]); + $profile = $this->dbh->escape_string($_POST["profile"]); - $result = db_query($this->link, "SELECT id FROM ttrss_settings_profiles + $result = $this->dbh->query("SELECT id FROM ttrss_settings_profiles WHERE id = '$profile' AND owner_uid = " . $_SESSION["uid"]); - if (db_num_rows($result) != 0) { + if ($this->dbh->num_rows($result) != 0) { $_SESSION["profile"] = $profile; - $_SESSION["prefs_cache"] = array(); } } } else { @@ -520,9 +553,13 @@ class Handler_Public extends Handler { } function subscribe() { + if (SINGLE_USER_MODE) { + login_sequence(); + } + if ($_SESSION["uid"]) { - $feed_url = db_escape_string(trim($_REQUEST["feed_url"])); + $feed_url = $this->dbh->escape_string(trim($_REQUEST["feed_url"])); header('Content-Type: text/html; charset=utf-8'); print " @@ -532,11 +569,11 @@ class Handler_Public extends Handler { - \"Tiny -

".__("Subscribe to feed...")."

"; +

".__("Subscribe to feed...")."

"; - $rc = subscribe_to_feed($this->link, $feed_url); + $rc = subscribe_to_feed($feed_url); switch ($rc['code']) { case 0: @@ -553,7 +590,7 @@ class Handler_Public extends Handler { break; case 4: print_notice(__("Multiple feed URLs found.")); - $feed_urls = get_feeds_from_html($feed_url); + $feed_urls = $rc["feeds"]; break; case 5: print_error(T_sprintf("Could not subscribe to %s.
Can't download the Feed URL.", $feed_url)); @@ -584,10 +621,10 @@ class Handler_Public extends Handler { $tt_uri = get_self_url_prefix(); if ($rc['code'] <= 2){ - $result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE + $result = $this->dbh->query("SELECT id FROM ttrss_feeds WHERE feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]); - $feed_id = db_fetch_result($result, 0, "id"); + $feed_id = $this->dbh->fetch_result($result, 0, "id"); } else { $feed_id = 0; } @@ -607,24 +644,24 @@ class Handler_Public extends Handler {

"; - print ""; + print "
"; } else { - render_login_form($this->link); + render_login_form(); } } function subscribe2() { - $feed_url = db_escape_string(trim($_REQUEST["feed_url"])); - $cat_id = db_escape_string($_REQUEST["cat_id"]); - $from = db_escape_string($_REQUEST["from"]); + $feed_url = $this->dbh->escape_string(trim($_REQUEST["feed_url"])); + $cat_id = $this->dbh->escape_string($_REQUEST["cat_id"]); + $from = $this->dbh->escape_string($_REQUEST["from"]); /* only read authentication information from POST */ - $auth_login = db_escape_string(trim($_POST["auth_login"])); - $auth_pass = db_escape_string(trim($_POST["auth_pass"])); + $auth_login = $this->dbh->escape_string(trim($_POST["auth_login"])); + $auth_pass = $this->dbh->escape_string(trim($_POST["auth_pass"])); - $rc = subscribe_to_feed($this->link, $feed_url, $cat_id, $auth_login, $auth_pass); + $rc = subscribe_to_feed($feed_url, $cat_id, $auth_login, $auth_pass); switch ($rc) { case 1: @@ -671,10 +708,10 @@ class Handler_Public extends Handler { $tt_uri = get_self_url_prefix(); if ($rc <= 2){ - $result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE + $result = $this->dbh->query("SELECT id FROM ttrss_feeds WHERE feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]); - $feed_id = db_fetch_result($result, 0, "id"); + $feed_id = $this->dbh->fetch_result($result, 0, "id"); } else { $feed_id = 0; } @@ -703,5 +740,210 @@ class Handler_Public extends Handler { print json_encode(array("error" => array("code" => 7))); } + function forgotpass() { + header('Content-Type: text/html; charset=utf-8'); + print "Tiny Tiny RSS"; + + print stylesheet_tag("utility.css"); + print javascript_tag("lib/prototype.js"); + + print " + "; + + print ''; + print "

".__("Password recovery")."

"; + print "
"; + + @$method = $_POST['method']; + + if (!$method) { + print_notice(__("You will need to provide valid account name and email. New password will be sent on your email address.")); + + print "
"; + print ""; + print ""; + + print "
"; + print ""; + print ""; + print "
"; + + print "
"; + print ""; + print ""; + print "
"; + + print "
"; + print ""; + print ""; + print "
"; + + print "

"; + print ""; + + print "

"; + } else if ($method == 'do') { + + $login = $this->dbh->escape_string($_POST["login"]); + $email = $this->dbh->escape_string($_POST["email"]); + $test = $this->dbh->escape_string($_POST["test"]); + + if (($test != 4 && $test != 'four') || !$email || !$login) { + print_error(__('Some of the required form parameters are missing or incorrect.')); + + print "
+ + +
"; + + } else { + + $result = $this->dbh->query("SELECT id FROM ttrss_users + WHERE login = '$login' AND email = '$email'"); + + if ($this->dbh->num_rows($result) != 0) { + $id = $this->dbh->fetch_result($result, 0, "id"); + + Pref_Users::resetUserPassword($id, false); + + print "

"; + + print "

"."Completed."."

"; + + print "
+ +
"; + + } else { + print_error(__("Sorry, login and email combination not found.")); + + print "
+ + +
"; + + } + } + + } + + print "
"; + print ""; + print ""; + + } + + function dbupdate() { + if (!SINGLE_USER_MODE && $_SESSION["access_level"] < 10) { + $_SESSION["login_error_msg"] = __("Your access level is insufficient to run this script."); + render_login_form(); + exit; + } + + ?> + + Database Updater + + + + + + + + + +

+ +
+ + isUpdateRequired()) { + + print "

Performing updates

"; + + print "

Updating to schema version " . SCHEMA_VERSION . "

"; + + print "
    "; + + for ($i = $updater->getSchemaVersion() + 1; $i <= SCHEMA_VERSION; $i++) { + print "
  • Performing update up to version $i..."; + + $result = $updater->performUpdateTo($i); + + if (!$result) { + print "FAILED!
"; + + print_warning("One of the updates failed. Either retry the process or perform updates manually."); + print "

+ +
"; + + break; + } else { + print "OK!"; + } + } + + print ""; + + print_notice("Your Tiny Tiny RSS database is now updated to the latest version."); + + print "

+ +
"; + + } else { + print "

Your database is up to date.

"; + + print "

+ +
"; + } + } else { + if ($updater->isUpdateRequired()) { + + print "

Database update required

"; + + print "

"; + printf("Your Tiny Tiny RSS database needs update to the latest version: %d to %d.", + $updater->getSchemaVersion(), SCHEMA_VERSION); + print "

"; + + print_warning("Please backup your database before proceeding."); + + print "
+ + +
"; + + } else { + + print "

" . "Tiny Tiny RSS database is up to date." . "

"; + + print "

+ +
"; + + } + } + ?> + +
+ + +