// TODO remove and handle within Handlers
- if (!($_SESSION["uid"] && validate_session($link))) {
+ /* if (!($_SESSION["uid"] && validate_session($link))) {
if ($op == 'pref-feeds' && $method == 'add') {
header("Content-Type: text/html");
login_sequence($link);
print json_encode(array("error" => array("code" => 6)));
}
return;
- }
+ } */
$purge_intervals = array(
0 => __("Use default"),
}
$handler->after();
return;
+ } else {
+ header("Content-Type: text/plain");
+ print json_encode(array("error" => array("code" => 6)));
+ return;
}
} else {
header("Content-Type: text/plain");
function after() {
return true;
}
+
}
?>
function getProfiles() {
$login = db_escape_string($_REQUEST["login"]);
- $password = db_escape_string($_REQUEST["password"]);
- if (authenticate_user($this->link, $login, $password)) {
- $result = db_query($this->link, "SELECT * FROM ttrss_settings_profiles
- WHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY title");
+ $result = db_query($this->link, "SELECT * FROM ttrss_settings_profiles,ttrss_users
+ WHERE ttrss_users.id = ttrss_settings_profiles.owner_uid AND login = '$login' ORDER BY title");
- print "<select style='width: 100%' name='profile'>";
+ print "<select style='width: 100%' name='profile'>";
- print "<option value='0'>" . __("Default profile") . "</option>";
+ print "<option value='0'>" . __("Default profile") . "</option>";
- while ($line = db_fetch_assoc($result)) {
- $id = $line["id"];
- $title = $line["title"];
-
- print "<option value='$id'>$title</option>";
- }
+ while ($line = db_fetch_assoc($result)) {
+ $id = $line["id"];
+ $title = $line["title"];
- print "</select>";
-
- $_SESSION = array();
+ print "<option value='$id'>$title</option>";
}
+
+ print "</select>";
}
function pubsub() {
}
}
+ function login() {
+
+ print_r($_REQUEST);
+
+ $_SESSION["prefs_cache"] = array();
+
+ if (!SINGLE_USER_MODE) {
+
+ $login = db_escape_string($_POST["login"]);
+ $password = $_POST["password"];
+ $remember_me = $_POST["remember_me"];
+
+ if (authenticate_user($this->link, $login, $password)) {
+ $_POST["password"] = "";
+
+ $_SESSION["language"] = $_POST["language"];
+ $_SESSION["ref_schema_version"] = get_schema_version($this->link, true);
+ $_SESSION["bw_limit"] = !!$_POST["bw_limit"];
+
+ if ($_POST["profile"]) {
+
+ $profile = db_escape_string($_POST["profile"]);
+
+ $result = db_query($this->link, "SELECT id FROM ttrss_settings_profiles
+ WHERE id = '$profile' AND owner_uid = " . $_SESSION["uid"]);
+
+ if (db_num_rows($result) != 0) {
+ $_SESSION["profile"] = $profile;
+ $_SESSION["prefs_cache"] = array();
+ }
+ }
+ } else {
+ $_SESSION["login_error_msg"] = __("Incorrect username or password");
+ }
+
+ if ($_REQUEST['return']) {
+ header("Location: " . $_REQUEST['return']);
+ } else {
+ header("Location: " . SELF_URL_PATH);
+ }
+ }
+ }
+
+ function subscribe() {
+ if ($_SESSION["uid"]) {
+
+ $feed_url = db_escape_string(trim($_REQUEST["feed_url"]));
+
+ header('Content-Type: text/html; charset=utf-8');
+ print "<html>
+ <head>
+ <title>Tiny Tiny RSS</title>
+ <link rel=\"stylesheet\" type=\"text/css\" href=\"utility.css\">
+ <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
+ </head>
+ <body>
+ <img class=\"floatingLogo\" src=\"images/logo_wide.png\"
+ alt=\"Tiny Tiny RSS\"/>
+ <h1>".__("Subscribe to feed...")."</h1>";
+
+ $rc = subscribe_to_feed($this->link, $feed_url);
+
+ switch ($rc['code']) {
+ case 0:
+ print_warning(T_sprintf("Already subscribed to <b>%s</b>.", $feed_url));
+ break;
+ case 1:
+ print_notice(T_sprintf("Subscribed to <b>%s</b>.", $feed_url));
+ break;
+ case 2:
+ print_error(T_sprintf("Could not subscribe to <b>%s</b>.", $feed_url));
+ break;
+ case 3:
+ print_error(T_sprintf("No feeds found in <b>%s</b>.", $feed_url));
+ break;
+ case 4:
+ print_notice(__("Multiple feed URLs found."));
+ $feed_urls = get_feeds_from_html($feed_url);
+ break;
+ case 5:
+ print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url));
+ break;
+ }
+
+ if ($feed_urls) {
+
+ print "<form action=\"public.php\">";
+ print "<input type=\"hidden\" name=\"op\" value=\"subscribe\">";
+
+ print "<select name=\"feed_url\">";
+
+ foreach ($feed_urls as $url => $name) {
+ $url = htmlspecialchars($url);
+ $name = htmlspecialchars($name);
+
+ print "<option value=\"$url\">$name</option>";
+ }
+
+ print "<input type=\"submit\" value=\"".__("Subscribe to selected feed").
+ "\">";
+
+ print "</form>";
+ }
+
+ $tp_uri = get_self_url_prefix() . "/prefs.php";
+ $tt_uri = get_self_url_prefix();
+
+ if ($rc['code'] <= 2){
+ $result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE
+ feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
+
+ $feed_id = db_fetch_result($result, 0, "id");
+ } else {
+ $feed_id = 0;
+ }
+ print "<p>";
+
+ if ($feed_id) {
+ print "<form method=\"GET\" style='display: inline'
+ action=\"$tp_uri\">
+ <input type=\"hidden\" name=\"tab\" value=\"feedConfig\">
+ <input type=\"hidden\" name=\"method\" value=\"editFeed\">
+ <input type=\"hidden\" name=\"methodparam\" value=\"$feed_id\">
+ <input type=\"submit\" value=\"".__("Edit subscription options")."\">
+ </form>";
+ }
+
+ print "<form style='display: inline' method=\"GET\" action=\"$tt_uri\">
+ <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
+ </form></p>";
+
+ print "</body></html>";
+
+ } else {
+ render_login_form($this->link);
+ }
+ }
+
+ function subscribe2() {
+ $feed_url = db_escape_string(trim($_REQUEST["feed_url"]));
+ $cat_id = db_escape_string($_REQUEST["cat_id"]);
+ $from = db_escape_string($_REQUEST["from"]);
+
+ /* only read authentication information from POST */
+
+ $auth_login = db_escape_string(trim($_POST["auth_login"]));
+ $auth_pass = db_escape_string(trim($_POST["auth_pass"]));
+
+ $rc = subscribe_to_feed($this->link, $feed_url, $cat_id, $auth_login, $auth_pass);
+
+ switch ($rc) {
+ case 1:
+ print_notice(T_sprintf("Subscribed to <b>%s</b>.", $feed_url));
+ break;
+ case 2:
+ print_error(T_sprintf("Could not subscribe to <b>%s</b>.", $feed_url));
+ break;
+ case 3:
+ print_error(T_sprintf("No feeds found in <b>%s</b>.", $feed_url));
+ break;
+ case 0:
+ print_warning(T_sprintf("Already subscribed to <b>%s</b>.", $feed_url));
+ break;
+ case 4:
+ print_notice(__("Multiple feed URLs found."));
+
+ $feed_urls = get_feeds_from_html($feed_url);
+ break;
+ case 5:
+ print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url));
+ break;
+ }
+
+ if ($feed_urls) {
+ print "<form action=\"backend.php\">";
+ print "<input type=\"hidden\" name=\"op\" value=\"pref-feeds\">";
+ print "<input type=\"hidden\" name=\"quiet\" value=\"1\">";
+ print "<input type=\"hidden\" name=\"method\" value=\"add\">";
+
+ print "<select name=\"feed_url\">";
+
+ foreach ($feed_urls as $url => $name) {
+ $url = htmlspecialchars($url);
+ $name = htmlspecialchars($name);
+ print "<option value=\"$url\">$name</option>";
+ }
+
+ print "<input type=\"submit\" value=\"".__("Subscribe to selected feed")."\">";
+ print "</form>";
+ }
+
+ $tp_uri = get_self_url_prefix() . "/prefs.php";
+ $tt_uri = get_self_url_prefix();
+
+ if ($rc <= 2){
+ $result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE
+ feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
+
+ $feed_id = db_fetch_result($result, 0, "id");
+ } else {
+ $feed_id = 0;
+ }
+
+ print "<p>";
+
+ if ($feed_id) {
+ print "<form method=\"GET\" style='display: inline'
+ action=\"$tp_uri\">
+ <input type=\"hidden\" name=\"tab\" value=\"feedConfig\">
+ <input type=\"hidden\" name=\"method\" value=\"editFeed\">
+ <input type=\"hidden\" name=\"methodparam\" value=\"$feed_id\">
+ <input type=\"submit\" value=\"".__("Edit subscription options")."\">
+ </form>";
+ }
+
+ print "<form style='display: inline' method=\"GET\" action=\"$tt_uri\">
+ <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
+ </form></p>";
+
+ print "</body></html>";
+ }
+
+ function index() {
+ header("Content-Type: text/plain");
+ print json_encode(array("error" => array("code" => 7)));
+ }
+
}
?>
}
- function add() {
- $feed_url = db_escape_string(trim($_REQUEST["feed_url"]));
- $cat_id = db_escape_string($_REQUEST["cat_id"]);
- $p_from = db_escape_string($_REQUEST["from"]);
-
- /* only read authentication information from POST */
-
- $auth_login = db_escape_string(trim($_POST["auth_login"]));
- $auth_pass = db_escape_string(trim($_POST["auth_pass"]));
-
- if ($p_from != 'tt-rss') {
- header('Content-Type: text/html; charset=utf-8');
- print "<html>
- <head>
- <title>Tiny Tiny RSS</title>
- <link rel=\"stylesheet\" type=\"text/css\" href=\"utility.css\">
- <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
- </head>
- <body>
- <img class=\"floatingLogo\" src=\"images/logo_wide.png\"
- alt=\"Tiny Tiny RSS\"/>
- <h1>Subscribe to feed...</h1>";
- }
-
- $rc = subscribe_to_feed($this->link, $feed_url, $cat_id, $auth_login, $auth_pass);
-
- switch ($rc) {
- case 1:
- print_notice(T_sprintf("Subscribed to <b>%s</b>.", $feed_url));
- break;
- case 2:
- print_error(T_sprintf("Could not subscribe to <b>%s</b>.", $feed_url));
- break;
- case 3:
- print_error(T_sprintf("No feeds found in <b>%s</b>.", $feed_url));
- break;
- case 0:
- print_warning(T_sprintf("Already subscribed to <b>%s</b>.", $feed_url));
- break;
- case 4:
- print_notice(__("Multiple feed URLs found."));
-
- $feed_urls = get_feeds_from_html($feed_url);
- break;
- case 5:
- print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url));
- break;
- }
-
- if ($p_from != 'tt-rss') {
-
- if ($feed_urls) {
-
- print "<form action=\"backend.php\">";
- print "<input type=\"hidden\" name=\"op\" value=\"pref-feeds\">";
- print "<input type=\"hidden\" name=\"quiet\" value=\"1\">";
- print "<input type=\"hidden\" name=\"method\" value=\"add\">";
-
- print "<select name=\"feed_url\">";
-
- foreach ($feed_urls as $url => $name) {
- $url = htmlspecialchars($url);
- $name = htmlspecialchars($name);
-
- print "<option value=\"$url\">$name</option>";
- }
-
- print "<input type=\"submit\" value=\"".__("Subscribe to selected feed").
- "\">";
-
- print "</form>";
- }
-
- $tp_uri = get_self_url_prefix() . "/prefs.php";
- $tt_uri = get_self_url_prefix();
-
- if ($rc <= 2){
- $result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE
- feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
-
- $feed_id = db_fetch_result($result, 0, "id");
- } else {
- $feed_id = 0;
- }
- print "<p>";
-
- if ($feed_id) {
- print "<form method=\"GET\" style='display: inline'
- action=\"$tp_uri\">
- <input type=\"hidden\" name=\"tab\" value=\"feedConfig\">
- <input type=\"hidden\" name=\"method\" value=\"editFeed\">
- <input type=\"hidden\" name=\"methodparam\" value=\"$feed_id\">
- <input type=\"submit\" value=\"".__("Edit subscription options")."\">
- </form>";
- }
-
- print "<form style='display: inline' method=\"GET\" action=\"$tt_uri\">
- <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
- </form></p>";
-
- print "</body></html>";
- return;
- }
- }
-
function categorize() {
$ids = split(",", db_escape_string($_REQUEST["ids"]));
return true;
}
- function login_sequence($link, $mobile = false) {
+ function login_sequence($link, $login_form = 0) {
+ if (SINGLE_USER_MODE) {
+ return authenticate_user($link, "admin", null);
+ } else {
+ if (!$_SESSION["uid"] || !validate_session($link)) {
+
+ if (AUTH_AUTO_LOGIN && authenticate_user($link, null, null)) {
+ $_SESSION["ref_schema_version"] = get_schema_version($link, true);
+ } else {
+ authenticate_user($link, null, null, true);
+ }
+
+ if (!$_SESSION["uid"]) render_login_form($link, $login_form);
+
+ } else {
+ /* bump login timestamp */
+ db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " .
+ $_SESSION["uid"]);
+
+ if ($_SESSION["language"] && SESSION_COOKIE_LIFETIME > 0) {
+ setcookie("ttrss_lang", $_SESSION["language"],
+ time() + SESSION_COOKIE_LIFETIME);
+ }
+ }
+ }
+ }
+
+
+ /* function login_sequence($link, $mobile = false) {
$_SESSION["prefs_cache"] = array();
if (!SINGLE_USER_MODE) {
exit;
}
} else {
- /* bump login timestamp */
+ // bump login timestamp
db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " .
$_SESSION["uid"]);
} else {
return authenticate_user($link, "admin", null);
}
- }
+ } */
function truncate_string($str, $max_len, $suffix = '…') {
if (mb_strlen($str, "utf-8") > $max_len - 3) {
return true;
}
- function render_login_form($link, $mobile = 0) {
- switch ($mobile) {
+ function render_login_form($link, $form_id = 0) {
+ switch ($form_id) {
case 0:
require_once "login_form.php";
break;
case 1:
require_once "mobile/login_form.php";
break;
- case 2:
- require_once "mobile/classic/login_form.php";
}
+ exit;
}
// from http://developer.apple.com/internet/safari/faq.html
//$url_path = ($_SERVER['HTTPS'] != "on" ? 'http://' : 'https://') . $_SERVER["HTTP_HOST"] . parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH);
$url_path = get_self_url_prefix() .
- "/backend.php?op=pref-feeds&quiet=1&method=add&feed_url=%s";
+ "/public.php?op=subscribe&feed_url=%s";
return $url_path;
} // function add_feed_url
}
document.forms["loginForm"].login.focus();
+
+ fetchProfiles();
}
function fetchProfiles() {
try {
- var params = Form.serialize('loginForm');
- var query = "?op=getProfiles&" + params;
+ var query = "?op=getProfiles&login=" + param_escape(document.forms["loginForm"].login.value);
if (query) {
new Ajax.Request("public.php", {
parameters: query,
- onComplete: function(transport) {
- if (transport.responseText.match("select")) {
- $('profile_box').innerHTML = transport.responseText;
- }
- } });
+ onComplete: function(transport) {
+ if (transport.responseText.match("select")) {
+ $('profile_box').innerHTML = transport.responseText;
+ }
+ } });
}
} catch (e) {
});
</script>
-<form action="" method="POST" id="loginForm" name="loginForm" onsubmit="return validateLoginForm(this)">
-<input type="hidden" name="login_action" value="do_login">
+<?php $return = urlencode($_SERVER["REQUEST_URI"]) ?>
+
+<form action="public.php?return=<?php echo $return ?>"
+ method="POST" id="loginForm" name="loginForm" onsubmit="return validateLoginForm(this)">
+
+<input type="hidden" name="op" value="login">
<table class="loginForm2">
<tr>
<table>
<tr><td align="right"><?php echo __("Login:") ?></td>
<td align="right"><input name="login"
- onchange="fetchProfiles()" onfocus="fetchProfiles()"
+ onchange="fetchProfiles()" onfocus="fetchProfiles()" onblur="fetchProfiles()"
value="<?php echo $_SESSION["fake_login"] ?>"></td></tr>
<tr><td align="right"><?php echo __("Password:") ?></td>
<td align="right"><input type="password" name="password"
- onchange="fetchProfiles()" onfocus="fetchProfiles()"
value="<?php echo $_SESSION["fake_password"] ?>"></td></tr>
<tr><td align="right"><?php echo __("Language:") ?></td>
<td align="right">
<option><?php echo __("Default profile") ?></option></select>
</td></tr>
- <!-- <tr><td colspan="2">
- <input type="checkbox" name="remember_me" id="remember_me">
- <label for="remember_me">Remember me on this computer</label>
- </td></tr> -->
-
<tr><td colspan="2" align="right" class="innerLoginCell">
<button type="submit" name='click'><?php echo __('Log in') ?></button>
<?php echo __("Create new account") ?></button>
<?php } ?>
- <input type="hidden" name="action" value="login">
- <input type="hidden" name="rt"
- value="<?php if ($return_to != 'none') { echo $return_to; } ?>">
</td></tr>
<tr><td colspan="2" align="right" class="innerLoginCell">
<a class="button blueButton" onclick='do_login()'><?php echo __('Log in') ?></a>
</div>
- <form target="_self" title="Login" action="index.php" id="login" class="panel" method="post" name="login" selected="true">
+ <form target="_self" title="Login" id="login" class="panel" name="login" selected="true"
+ action="../public.php?return=<?php echo htmlspecialchars($_SERVER["REQUEST_URI"]) ?>"
+ method="post">
+
+ <input type="hidden" name="op" value="login">
<fieldset>