$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
}
- function __autoload($class) {
- $file = "classes/".strtolower(basename($class)).".php";
- if (file_exists($file)) {
- require $file;
- }
- }
-
$op = $_REQUEST["op"];
+ @$method = $_REQUEST['subop'] ? $_REQUEST['subop'] : $_REQUEST["method"];
+
+ /* Public calls compatibility shim */
+
+ $public_calls = array("globalUpdateFeeds", "rss", "getUnread", "getProfiles", "share",
+ "fbexport", "logout", "pubsub");
+
+ if (array_search($op, $public_calls) !== false) {
+ header("Location: public.php?" . $_SERVER['QUERY_STRING']);
+ return;
+ }
require_once "functions.php";
- if ($op != "share") require_once "sessions.php";
+ require_once "sessions.php";
require_once "sanity_check.php";
require_once "config.php";
require_once "db.php";
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
- if (!$link) {
- if (DB_TYPE == "mysql") {
- print mysql_error();
- }
- // PG seems to display its own errors just fine by default.
- return;
- }
-
- init_connection($link);
-
- $method = $_REQUEST['subop'] ? $_REQUEST['subop'] : $_REQUEST["method"];
+ if (!init_connection($link)) return;
header("Content-Type: text/plain; charset=utf-8");
authenticate_user($link, "admin", null);
}
- $public_calls = array("globalUpdateFeeds", "rss", "getUnread", "getProfiles", "share",
- "fbexport", "logout", "pubsub");
+ // TODO remove and handle within Handlers
- if (array_search($op, $public_calls) !== false) {
-
- handle_public_request($link, $op);
- return;
-
- } else if (!($_SESSION["uid"] && validate_session($link))) {
+ if (!($_SESSION["uid"] && validate_session($link))) {
if ($op == 'pref-feeds' && $method == 'add') {
header("Content-Type: text/html");
login_sequence($link);
return;
}
+ function __autoload($class) {
+ $file = "classes/".strtolower(basename($class)).".php";
+ if (file_exists($file)) {
+ require $file;
+ }
+ }
+
$op = str_replace("-", "_", $op);
if (class_exists($op)) {
}
}
- switch($op) { // Select action according to $op value.
- case "pref_instances":
- require_once "modules/pref-instances.php";
- module_pref_instances($link);
- break; // pref-instances
-
- default:
- header("Content-Type: text/plain");
- print json_encode(array("error" => array("code" => 7)));
- break; // fallback
- } // Select action according to $op value.
+ header("Content-Type: text/plain");
+ print json_encode(array("error" => array("code" => 7)));
// We close the connection to database.
db_close($link);
--- /dev/null
+<?php
+class Pref_Instances extends Protected_Handler {
+
+ function before() {
+ if (parent::before()) {
+ if ($_SESSION["access_level"] < 10) {
+ print __("Your access level is insufficient to open this tab.");
+ return false;
+ }
+ return true;
+ }
+ return false;
+ }
+
+ function remove() {
+ $ids = db_escape_string($_REQUEST['ids']);
+
+ db_query($this->link, "DELETE FROM ttrss_linked_instances WHERE
+ id IN ($ids)");
+ }
+
+ function add() {
+ $id = db_escape_string($_REQUEST["id"]);
+ $access_url = db_escape_string($_REQUEST["access_url"]);
+ $access_key = db_escape_string($_REQUEST["access_key"]);
+
+ db_query($this->link, "BEGIN");
+
+ $result = db_query($this->link, "SELECT id FROM ttrss_linked_instances
+ WHERE access_url = '$access_url'");
+
+ if (db_num_rows($result) == 0) {
+ db_query($this->link, "INSERT INTO ttrss_linked_instances
+ (access_url, access_key, last_connected, last_status_in, last_status_out)
+ VALUES
+ ('$access_url', '$access_key', '1970-01-01', -1, -1)");
+
+ }
+
+ db_query($this->link, "COMMIT");
+ }
+
+ function edit() {
+ $id = db_escape_string($_REQUEST["id"]);
+
+ $result = db_query($this->link, "SELECT * FROM ttrss_linked_instances WHERE
+ id = '$id'");
+
+ print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$id\">";
+ print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-instances\">";
+ print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"editSave\">";
+
+ print "<div class=\"dlgSec\">".__("Instance")."</div>";
+
+ print "<div class=\"dlgSecCont\">";
+
+ /* URL */
+
+ $access_url = htmlspecialchars(db_fetch_result($result, 0, "access_url"));
+
+ print __("URL:") . " ";
+
+ print "<input dojoType=\"dijit.form.ValidationTextBox\" required=\"1\"
+ placeHolder=\"".__("Instance URL")."\"
+ regExp='^(http|https)://.*'
+ style=\"font-size : 16px; width: 20em\" name=\"access_url\"
+ value=\"$access_url\">";
+
+ print "<hr/>";
+
+ $access_key = htmlspecialchars(db_fetch_result($result, 0, "access_key"));
+
+ /* Access key */
+
+ print __("Access key:") . " ";
+
+ print "<input dojoType=\"dijit.form.ValidationTextBox\" required=\"1\"
+ placeHolder=\"".__("Access key")."\" regExp='\w{40}'
+ style=\"width: 20em\" name=\"access_key\" id=\"instance_edit_key\"
+ value=\"$access_key\">";
+
+ print "<p class='insensitive'>" . __("Use one access key for both linked instances.");
+
+ print "</div>";
+
+ print "<div class=\"dlgButtons\">
+ <div style='float : left'>
+ <button dojoType=\"dijit.form.Button\"
+ onclick=\"return dijit.byId('instanceEditDlg').regenKey()\">".
+ __('Generate new key')."</button>
+ </div>
+ <button dojoType=\"dijit.form.Button\"
+ onclick=\"return dijit.byId('instanceEditDlg').execute()\">".
+ __('Save')."</button>
+ <button dojoType=\"dijit.form.Button\"
+ onclick=\"return dijit.byId('instanceEditDlg').hide()\"\">".
+ __('Cancel')."</button></div>";
+
+ }
+
+ function editSave() {
+ $id = db_escape_string($_REQUEST["id"]);
+ $access_url = db_escape_string($_REQUEST["access_url"]);
+ $access_key = db_escape_string($_REQUEST["access_key"]);
+
+ db_query($this->link, "UPDATE ttrss_linked_instances SET
+ access_key = '$access_key', access_url = '$access_url',
+ last_connected = '1970-01-01'
+ WHERE id = '$id'");
+
+ }
+
+ function index() {
+
+ if (!function_exists('curl_init')) {
+ print "<div style='padding : 1em'>";
+ print_error("This functionality requires CURL functions. Please enable CURL in your PHP configuration (you might also want to disable open_basedir in php.ini) and reload this page.");
+ print "</div>";
+ }
+
+ print "<div id=\"pref-instance-wrap\" dojoType=\"dijit.layout.BorderContainer\" gutters=\"false\">";
+ print "<div id=\"pref-instance-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";
+
+ print "<div id=\"pref-instance-toolbar\" dojoType=\"dijit.Toolbar\">";
+
+ $sort = db_escape_string($_REQUEST["sort"]);
+
+ if (!$sort || $sort == "undefined") {
+ $sort = "access_url";
+ }
+
+ print "<div dojoType=\"dijit.form.DropDownButton\">".
+ "<span>" . __('Select')."</span>";
+ print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
+ print "<div onclick=\"selectTableRows('prefInstanceList', 'all')\"
+ dojoType=\"dijit.MenuItem\">".__('All')."</div>";
+ print "<div onclick=\"selectTableRows('prefInstanceList', 'none')\"
+ dojoType=\"dijit.MenuItem\">".__('None')."</div>";
+ print "</div></div>";
+
+ print "<button dojoType=\"dijit.form.Button\" onclick=\"addInstance()\">".__('Link instance')."</button>";
+ print "<button dojoType=\"dijit.form.Button\" onclick=\"editSelectedInstance()\">".__('Edit')."</button>";
+ print "<button dojoType=\"dijit.form.Button\" onclick=\"removeSelectedInstances()\">".__('Remove')."</button>";
+
+ print "</div>"; #toolbar
+
+ $result = db_query($this->link, "SELECT *,
+ (SELECT COUNT(*) FROM ttrss_linked_feeds
+ WHERE instance_id = ttrss_linked_instances.id) AS num_feeds
+ FROM ttrss_linked_instances
+ ORDER BY $sort");
+
+ print "<p class=\"insensitive\" style='margin-left : 1em;'>" . __("You can connect other instances of Tiny Tiny RSS to this one to share Popular feeds. Link to this instance of Tiny Tiny RSS by using this URL:");
+
+ print " <a href=\"#\" onclick=\"alert('".htmlspecialchars(get_self_url_prefix())."')\">(display url)</a>";
+
+ print "<p><table width='100%' id='prefInstanceList' class='prefInstanceList' cellspacing='0'>";
+
+ print "<tr class=\"title\">
+ <td align='center' width=\"5%\"> </td>
+ <td width=''><a href=\"#\" onclick=\"updateInstanceList('access_url')\">".__('Instance URL')."</a></td>
+ <td width='20%'><a href=\"#\" onclick=\"updateInstanceList('access_key')\">".__('Access key')."</a></td>
+ <td width='10%'><a href=\"#\" onclick=\"updateUsersList('last_connected')\">".__('Last connected')."</a></td>
+ <td width='10%'><a href=\"#\" onclick=\"updateUsersList('num_feeds')\">".__('Stored feeds')."</a></td>
+ </tr>";
+
+ $lnum = 0;
+
+ while ($line = db_fetch_assoc($result)) {
+ $class = ($lnum % 2) ? "even" : "odd";
+
+ $id = $line['id'];
+ $this_row_id = "id=\"LIRR-$id\"";
+
+ $line["last_connected"] = make_local_datetime($this->link, $line["last_connected"], false);
+
+ print "<tr class=\"$class\" $this_row_id>";
+
+ print "<td align='center'><input onclick='toggleSelectRow(this);'
+ type=\"checkbox\" id=\"LICHK-$id\"></td>";
+
+ $onclick = "onclick='editInstance($id, event)' title='".__('Click to edit')."'";
+
+ $access_key = mb_substr($line['access_key'], 0, 4) . '...' .
+ mb_substr($line['access_key'], -4);
+
+ print "<td $onclick>" . htmlspecialchars($line['access_url']) . "</td>";
+ print "<td $onclick>" . htmlspecialchars($access_key) . "</td>";
+ print "<td $onclick>" . htmlspecialchars($line['last_connected']) . "</td>";
+ print "<td $onclick>" . htmlspecialchars($line['num_feeds']) . "</td>";
+
+ print "</tr>";
+
+ ++$lnum;
+ }
+
+ print "</table>";
+
+ print "</div>"; #pane
+ print "</div>"; #container
+
+ }
+}
+?>
--- /dev/null
+<?php
+class Public_Handler extends Handler {
+
+ function getUnread() {
+ $login = db_escape_string($_REQUEST["login"]);
+ $fresh = $_REQUEST["fresh"] == "1";
+
+ $result = db_query($this->link, "SELECT id FROM ttrss_users WHERE login = '$login'");
+
+ if (db_num_rows($result) == 1) {
+ $uid = db_fetch_result($result, 0, "id");
+
+ print getGlobalUnread($this->link, $uid);
+
+ if ($fresh) {
+ print ";";
+ print getFeedArticles($this->link, -3, false, true, $uid);
+ }
+
+ } else {
+ print "-1;User not found";
+ }
+
+ }
+
+ function getProfiles() {
+ $login = db_escape_string($_REQUEST["login"]);
+ $password = db_escape_string($_REQUEST["password"]);
+
+ if (authenticate_user($this->link, $login, $password)) {
+ $result = db_query($this->link, "SELECT * FROM ttrss_settings_profiles
+ WHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY title");
+
+ print "<select style='width: 100%' name='profile'>";
+
+ print "<option value='0'>" . __("Default profile") . "</option>";
+
+ while ($line = db_fetch_assoc($result)) {
+ $id = $line["id"];
+ $title = $line["title"];
+
+ print "<option value='$id'>$title</option>";
+ }
+
+ print "</select>";
+
+ $_SESSION = array();
+ }
+ }
+
+ function pubsub() {
+ $mode = db_escape_string($_REQUEST['hub_mode']);
+ $feed_id = (int) db_escape_string($_REQUEST['id']);
+ $feed_url = db_escape_string($_REQUEST['hub_topic']);
+
+ if (!PUBSUBHUBBUB_ENABLED) {
+ header('HTTP/1.0 404 Not Found');
+ echo "404 Not found";
+ return;
+ }
+
+ // TODO: implement hub_verifytoken checking
+
+ $result = db_query($this->link, "SELECT feed_url FROM ttrss_feeds
+ WHERE id = '$feed_id'");
+
+ if (db_num_rows($result) != 0) {
+
+ $check_feed_url = db_fetch_result($result, 0, "feed_url");
+
+ if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) {
+ if ($mode == "subscribe") {
+
+ db_query($this->link, "UPDATE ttrss_feeds SET pubsub_state = 2
+ WHERE id = '$feed_id'");
+
+ print $_REQUEST['hub_challenge'];
+ return;
+
+ } else if ($mode == "unsubscribe") {
+
+ db_query($this->link, "UPDATE ttrss_feeds SET pubsub_state = 0
+ WHERE id = '$feed_id'");
+
+ print $_REQUEST['hub_challenge'];
+ return;
+
+ } else if (!$mode) {
+
+ // Received update ping, schedule feed update.
+ //update_rss_feed($this->link, $feed_id, true, true);
+
+ db_query($this->link, "UPDATE ttrss_feeds SET
+ last_update_started = '1970-01-01',
+ last_updated = '1970-01-01' WHERE id = '$feed_id'");
+
+ }
+ } else {
+ header('HTTP/1.0 404 Not Found');
+ echo "404 Not found";
+ }
+ } else {
+ header('HTTP/1.0 404 Not Found');
+ echo "404 Not found";
+ }
+
+ }
+
+ function logout() {
+ logout_user();
+ header("Location: index.php");
+ }
+
+ function fbexport() {
+
+ $access_key = db_escape_string($_POST["key"]);
+
+ // TODO: rate limit checking using last_connected
+ $result = db_query($this->link, "SELECT id FROM ttrss_linked_instances
+ WHERE access_key = '$access_key'");
+
+ if (db_num_rows($result) == 1) {
+
+ $instance_id = db_fetch_result($result, 0, "id");
+
+ $result = db_query($this->link, "SELECT feed_url, site_url, title, subscribers
+ FROM ttrss_feedbrowser_cache ORDER BY subscribers DESC LIMIT 100");
+
+ $feeds = array();
+
+ while ($line = db_fetch_assoc($result)) {
+ array_push($feeds, $line);
+ }
+
+ db_query($this->link, "UPDATE ttrss_linked_instances SET
+ last_status_in = 1 WHERE id = '$instance_id'");
+
+ print json_encode(array("feeds" => $feeds));
+ } else {
+ print json_encode(array("error" => array("code" => 6)));
+ }
+ }
+
+ function share() {
+ $uuid = db_escape_string($_REQUEST["key"]);
+
+ $result = db_query($this->link, "SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
+ uuid = '$uuid'");
+
+ if (db_num_rows($result) != 0) {
+ header("Content-Type: text/html");
+
+ $id = db_fetch_result($result, 0, "ref_id");
+ $owner_uid = db_fetch_result($result, 0, "owner_uid");
+
+ $_SESSION["uid"] = $owner_uid;
+ $article = format_article($this->link, $id, false, true);
+ $_SESSION["uid"] = "";
+
+ print_r($article['content']);
+
+ } else {
+ print "Article not found.";
+ }
+
+ }
+
+ function rss() {
+ header("Content-Type: text/xml; charset=utf-8");
+
+ $feed = db_escape_string($_REQUEST["id"]);
+ $key = db_escape_string($_REQUEST["key"]);
+ $is_cat = $_REQUEST["is_cat"] != false;
+ $limit = (int)db_escape_string($_REQUEST["limit"]);
+
+ $search = db_escape_string($_REQUEST["q"]);
+ $match_on = db_escape_string($_REQUEST["m"]);
+ $search_mode = db_escape_string($_REQUEST["smode"]);
+ $view_mode = db_escape_string($_REQUEST["view-mode"]);
+
+ if (SINGLE_USER_MODE) {
+ authenticate_user($this->link, "admin", null);
+ }
+
+ $owner_id = false;
+
+ if ($key) {
+ $result = db_query($this->link, "SELECT owner_uid FROM
+ ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
+
+ if (db_num_rows($result) == 1)
+ $owner_id = db_fetch_result($result, 0, "owner_uid");
+ }
+
+ if ($owner_id) {
+ $_SESSION['uid'] = $owner_id;
+
+ generate_syndicated_feed($this->link, 0, $feed, $is_cat, $limit,
+ $search, $search_mode, $match_on, $view_mode);
+ } else {
+ header('HTTP/1.1 403 Forbidden');
+ }
+ }
+
+ /* function globalUpdateFeeds() {
+ // Update all feeds needing a update.
+ update_daemon_common($this->link, 0, true, true);
+ } */
+}
+?>
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
- init_connection($link);
+ if (!init_connection($link)) return;
login_sequence($link);
$owner_uid = $_SESSION["uid"];
if (!$result) {
$query = htmlspecialchars($query); // just in case
if ($die_on_error) {
- die("Query <i>$query</i> failed [$result]: " . pg_last_error($link));
+ die("Query <i>$query</i> failed [$result]: " . ($link ? pg_last_error($link) : "No connection"));
}
}
return $result;
if (!$result) {
$query = htmlspecialchars($query);
if ($die_on_error) {
- die("Query <i>$query</i> failed: " . mysql_error($link));
+ die("Query <i>$query</i> failed: " . ($link ? mysql_error($link) : "No connection"));
}
}
return $result;
}
function init_connection($link) {
- if (DB_TYPE == "pgsql") {
- pg_query($link, "set client_encoding = 'UTF-8'");
- pg_set_client_encoding("UNICODE");
- pg_query($link, "set datestyle = 'ISO, european'");
- pg_query($link, "set TIME ZONE 0");
- } else {
- db_query($link, "SET time_zone = '+0:0'");
+ if ($link) {
- if (defined('MYSQL_CHARSET') && MYSQL_CHARSET) {
- db_query($link, "SET NAMES " . MYSQL_CHARSET);
- // db_query($link, "SET CHARACTER SET " . MYSQL_CHARSET);
+ if (DB_TYPE == "pgsql") {
+ pg_query($link, "set client_encoding = 'UTF-8'");
+ pg_set_client_encoding("UNICODE");
+ pg_query($link, "set datestyle = 'ISO, european'");
+ pg_query($link, "set TIME ZONE 0");
+ } else {
+ db_query($link, "SET time_zone = '+0:0'");
+
+ if (defined('MYSQL_CHARSET') && MYSQL_CHARSET) {
+ db_query($link, "SET NAMES " . MYSQL_CHARSET);
+ }
}
+ return true;
+ } else {
+ print "Unable to connect to database:" . db_last_error();
+ return false;
}
}
}
}
- function handle_public_request($link, $op) {
- switch ($op) {
-
- case "getUnread":
- $login = db_escape_string($_REQUEST["login"]);
- $fresh = $_REQUEST["fresh"] == "1";
-
- $result = db_query($link, "SELECT id FROM ttrss_users WHERE login = '$login'");
-
- if (db_num_rows($result) == 1) {
- $uid = db_fetch_result($result, 0, "id");
-
- print getGlobalUnread($link, $uid);
-
- if ($fresh) {
- print ";";
- print getFeedArticles($link, -3, false, true, $uid);
- }
-
- } else {
- print "-1;User not found";
- }
-
- break; // getUnread
-
- case "getProfiles":
- $login = db_escape_string($_REQUEST["login"]);
- $password = db_escape_string($_REQUEST["password"]);
-
- if (authenticate_user($link, $login, $password)) {
- $result = db_query($link, "SELECT * FROM ttrss_settings_profiles
- WHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY title");
-
- print "<select style='width: 100%' name='profile'>";
-
- print "<option value='0'>" . __("Default profile") . "</option>";
-
- while ($line = db_fetch_assoc($result)) {
- $id = $line["id"];
- $title = $line["title"];
-
- print "<option value='$id'>$title</option>";
- }
-
- print "</select>";
-
- $_SESSION = array();
- }
- break; // getprofiles
-
- case "pubsub":
- $mode = db_escape_string($_REQUEST['hub_mode']);
- $feed_id = (int) db_escape_string($_REQUEST['id']);
- $feed_url = db_escape_string($_REQUEST['hub_topic']);
-
- if (!PUBSUBHUBBUB_ENABLED) {
- header('HTTP/1.0 404 Not Found');
- echo "404 Not found";
- return;
- }
-
- // TODO: implement hub_verifytoken checking
-
- $result = db_query($link, "SELECT feed_url FROM ttrss_feeds
- WHERE id = '$feed_id'");
-
- if (db_num_rows($result) != 0) {
-
- $check_feed_url = db_fetch_result($result, 0, "feed_url");
-
- if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) {
- if ($mode == "subscribe") {
-
- db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 2
- WHERE id = '$feed_id'");
-
- print $_REQUEST['hub_challenge'];
- return;
-
- } else if ($mode == "unsubscribe") {
-
- db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 0
- WHERE id = '$feed_id'");
-
- print $_REQUEST['hub_challenge'];
- return;
-
- } else if (!$mode) {
-
- // Received update ping, schedule feed update.
- //update_rss_feed($link, $feed_id, true, true);
-
- db_query($link, "UPDATE ttrss_feeds SET
- last_update_started = '1970-01-01',
- last_updated = '1970-01-01' WHERE id = '$feed_id'");
-
- }
- } else {
- header('HTTP/1.0 404 Not Found');
- echo "404 Not found";
- }
- } else {
- header('HTTP/1.0 404 Not Found');
- echo "404 Not found";
- }
-
- break; // pubsub
-
- case "logout":
- logout_user();
- header("Location: index.php");
- break; // logout
-
- case "fbexport":
-
- $access_key = db_escape_string($_POST["key"]);
-
- // TODO: rate limit checking using last_connected
- $result = db_query($link, "SELECT id FROM ttrss_linked_instances
- WHERE access_key = '$access_key'");
-
- if (db_num_rows($result) == 1) {
-
- $instance_id = db_fetch_result($result, 0, "id");
-
- $result = db_query($link, "SELECT feed_url, site_url, title, subscribers
- FROM ttrss_feedbrowser_cache ORDER BY subscribers DESC LIMIT 100");
-
- $feeds = array();
-
- while ($line = db_fetch_assoc($result)) {
- array_push($feeds, $line);
- }
-
- db_query($link, "UPDATE ttrss_linked_instances SET
- last_status_in = 1 WHERE id = '$instance_id'");
-
- print json_encode(array("feeds" => $feeds));
- } else {
- print json_encode(array("error" => array("code" => 6)));
- }
- break; // fbexport
-
- case "share":
- $uuid = db_escape_string($_REQUEST["key"]);
-
- $result = db_query($link, "SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
- uuid = '$uuid'");
-
- if (db_num_rows($result) != 0) {
- header("Content-Type: text/html");
-
- $id = db_fetch_result($result, 0, "ref_id");
- $owner_uid = db_fetch_result($result, 0, "owner_uid");
-
- $_SESSION["uid"] = $owner_uid;
- $article = format_article($link, $id, false, true);
- $_SESSION["uid"] = "";
-
- print_r($article['content']);
-
- } else {
- print "Article not found.";
- }
-
- break;
-
- case "rss":
- $feed = db_escape_string($_REQUEST["id"]);
- $key = db_escape_string($_REQUEST["key"]);
- $is_cat = $_REQUEST["is_cat"] != false;
- $limit = (int)db_escape_string($_REQUEST["limit"]);
-
- $search = db_escape_string($_REQUEST["q"]);
- $match_on = db_escape_string($_REQUEST["m"]);
- $search_mode = db_escape_string($_REQUEST["smode"]);
- $view_mode = db_escape_string($_REQUEST["view-mode"]);
-
- if (SINGLE_USER_MODE) {
- authenticate_user($link, "admin", null);
- }
-
- $owner_id = false;
-
- if ($key) {
- $result = db_query($link, "SELECT owner_uid FROM
- ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
-
- if (db_num_rows($result) == 1)
- $owner_id = db_fetch_result($result, 0, "owner_uid");
- }
-
- if ($owner_id) {
- $_SESSION['uid'] = $owner_id;
-
- generate_syndicated_feed($link, 0, $feed, $is_cat, $limit,
- $search, $search_mode, $match_on, $view_mode);
- } else {
- header('HTTP/1.1 403 Forbidden');
- }
- break; // rss
-
-
- case "globalUpdateFeeds":
- // Update all feeds needing a update.
- update_daemon_common($link, 0, true, true);
- break; // globalUpdateFeeds
-
-
- default:
- header("Content-Type: text/plain");
- print json_encode(array("error" => array("code" => 7)));
- break; // fallback
-
- }
- }
-
function make_feed_browser($link, $search, $limit, $mode = 1) {
-
+
$owner_uid = $_SESSION["uid"];
$rv = '';
-
+
if ($search) {
$search_qpart = "AND (UPPER(feed_url) LIKE UPPER('%$search%') OR
UPPER(title) LIKE UPPER('%$search%'))";
} else {
$search_qpart = "";
}
-
+
if ($mode == 1) {
/* $result = db_query($link, "SELECT feed_url, subscribers FROM
ttrss_feedbrowser_cache WHERE (SELECT COUNT(id) = 0 FROM ttrss_feeds AS tf
WHERE tf.feed_url = ttrss_feedbrowser_cache.feed_url
AND owner_uid = '$owner_uid') $search_qpart
ORDER BY subscribers DESC LIMIT $limit"); */
-
+
$result = db_query($link, "SELECT feed_url, site_url, title, SUM(subscribers) AS subscribers FROM
(SELECT feed_url, site_url, title, subscribers FROM ttrss_feedbrowser_cache UNION ALL
SELECT feed_url, site_url, title, subscribers FROM ttrss_linked_feeds) AS qqq
WHERE tf.feed_url = qqq.feed_url
AND owner_uid = '$owner_uid') $search_qpart
GROUP BY feed_url, site_url, title ORDER BY subscribers DESC LIMIT $limit");
-
+
} else if ($mode == 2) {
$result = db_query($link, "SELECT *,
(SELECT COUNT(*) FROM ttrss_user_entries WHERE
owner_uid = '$owner_uid' $search_qpart
ORDER BY id DESC LIMIT $limit");
}
-
+
$feedctr = 0;
-
+
while ($line = db_fetch_assoc($result)) {
-
+
if ($mode == 1) {
-
+
$feed_url = htmlspecialchars($line["feed_url"]);
$site_url = htmlspecialchars($line["site_url"]);
$subscribers = $line["subscribers"];
-
+
$check_box = "<input onclick='toggleSelectListRow2(this)'
dojoType=\"dijit.form.CheckBox\"
type=\"checkbox\" \">";
-
+
$class = ($feedctr % 2) ? "even" : "odd";
-
+
$site_url = "<a target=\"_blank\"
href=\"$site_url\">
<span class=\"fb_feedTitle\">".
htmlspecialchars($line["title"])."</span></a>";
-
+
$feed_url = "<a target=\"_blank\" class=\"fb_feedUrl\"
href=\"$feed_url\"><img src='images/feed-icon-12x12.png'
style='vertical-align : middle'></a>";
-
+
$rv .= "<li>$check_box $feed_url $site_url".
" <span class='subscribers'>($subscribers)</span></li>";
-
+
} else if ($mode == 2) {
$feed_url = htmlspecialchars($line["feed_url"]);
$site_url = htmlspecialchars($line["site_url"]);
$title = htmlspecialchars($line["title"]);
-
+
$check_box = "<input onclick='toggleSelectListRow2(this)' dojoType=\"dijit.form.CheckBox\"
type=\"checkbox\">";
-
+
$class = ($feedctr % 2) ? "even" : "odd";
-
+
if ($line['articles_archived'] > 0) {
$archived = sprintf(__("%d archived articles"), $line['articles_archived']);
$archived = " <span class='subscribers'>($archived)</span>";
} else {
$archived = '';
}
-
+
$site_url = "<a target=\"_blank\"
href=\"$site_url\">
<span class=\"fb_feedTitle\">".
htmlspecialchars($line["title"])."</span></a>";
-
+
$feed_url = "<a target=\"_blank\" class=\"fb_feedUrl\"
href=\"$feed_url\"><img src='images/feed-icon-12x12.png'
style='vertical-align : middle'></a>";
-
-
+
+
$rv .= "<li id=\"FBROW-".$line["id"]."\">".
"$check_box $feed_url $site_url $archived</li>";
}
-
+
++$feedctr;
}
-
+
if ($feedctr == 0) {
$rv .= "<li style=\"text-align : center\"><p>".__('No feeds found.')."</p></li>";
}
-
+
return $rv;
-
}
+
?>
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
- init_connection($link);
+ if (!init_connection($link)) return;
login_sequence($link);
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
- init_connection($link);
+ if (!init_connection($link)) return;
function opml_export($link, $name, $owner_uid, $hide_private_feeds=false, $include_settings=true) {
if (!$_REQUEST["debug"]) {
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
- init_connection($link);
+ if (!init_connection($link)) return;
login_sequence($link);
$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
}
- $op = $_REQUEST["op"];
-
require_once "functions.php";
- if ($op != "share") require_once "sessions.php";
+ require_once "sessions.php";
require_once "sanity_check.php";
require_once "config.php";
require_once "db.php";
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
- if (!$link) {
- if (DB_TYPE == "mysql") {
- print mysql_error();
- }
- // PG seems to display its own errors just fine by default.
- return;
+ if (!init_connection($link)) return;
+
+ if (ENABLE_GZIP_OUTPUT) {
+ ob_start("ob_gzhandler");
}
- init_connection($link);
+ function __autoload($class) {
+ $file = "classes/".strtolower(basename($class)).".php";
+ if (file_exists($file)) {
+ require $file;
+ }
+ }
- $method = $_REQUEST["method"];
- $mode = $_REQUEST["mode"];
+ $method = $_REQUEST["op"];
- if ((!$op || $op == "rss" || $op == "dlg") && !$_REQUEST["noxml"]) {
- header("Content-Type: application/xml; charset=utf-8");
- } else {
- header("Content-Type: text/plain; charset=utf-8");
- }
+ $handler = new Public_Handler($link, $_REQUEST);
- if (ENABLE_GZIP_OUTPUT) {
- ob_start("ob_gzhandler");
+ if ($handler) {
+ if ($handler->before()) {
+ if ($method && method_exists($handler, $method)) {
+ $handler->$method();
+ } else if (method_exists($handler, 'index')) {
+ $handler->index();
+ }
+ $handler->after();
+ return;
+ }
}
- handle_public_request($link, $op);
+ header("Content-Type: text/plain");
+ print json_encode(array("error" => array("code" => 7)));
// We close the connection to database.
db_close($link);
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
- init_connection($link);
+ if (!init_connection($link)) return;
if ($_REQUEST["format"] == "feed") {
header("Content-Type: text/xml");
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
- init_connection($link);
+ if (!init_connection($link)) return;
login_sequence($link);
$owner_uid = $_SESSION["uid"];
// Create a database connection.
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
- if (!$link) {
- if (DB_TYPE == "mysql") {
- print mysql_error();
- }
- // PG seems to display its own errors just fine by default.
- return;
- }
-
init_connection($link);
if ($op == "-feeds") {
// It is unnecessary to start the fork loop if database is not ok.
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
- if (!$link) {
- if (DB_TYPE == "mysql") {
- print mysql_error();
- }
- // PG seems to display its own errors just fine by default.
- return;
- }
+ if (!init_connection($link)) return;
db_close($link);
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
- if (!$link) {
- if (DB_TYPE == "mysql") {
- print mysql_error();
- }
- // PG seems to display its own errors just fine by default.
- return;
- }
-
- init_connection($link);
+ if (!init_connection($link)) return;
// We disable stamp file, since it is of no use in a multiprocess update.
// not really, tho for the time being -fox