From: Andrew Dolgov
Date: Mon, 10 Sep 2012 15:01:06 +0000 (+0400)
Subject: login system fixes
X-Git-Tag: 1.6.0~57
X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=97acbaf190ff84b4cc5b01192f14d9ee384d6327;p=tt-rss.git
login system fixes
remove old-style session checking from backend.php
move outside subscription endpoint to public.php, change subscription
bookmarklet
---
diff --git a/backend.php b/backend.php
index 8e6ff6ce..87b0945b 100644
--- a/backend.php
+++ b/backend.php
@@ -65,7 +65,7 @@
// TODO remove and handle within Handlers
- if (!($_SESSION["uid"] && validate_session($link))) {
+ /* if (!($_SESSION["uid"] && validate_session($link))) {
if ($op == 'pref-feeds' && $method == 'add') {
header("Content-Type: text/html");
login_sequence($link);
@@ -75,7 +75,7 @@
print json_encode(array("error" => array("code" => 6)));
}
return;
- }
+ } */
$purge_intervals = array(
0 => __("Use default"),
@@ -143,6 +143,10 @@
}
$handler->after();
return;
+ } else {
+ header("Content-Type: text/plain");
+ print json_encode(array("error" => array("code" => 6)));
+ return;
}
} else {
header("Content-Type: text/plain");
diff --git a/classes/handler.php b/classes/handler.php
index 9d6c99e0..e00b36aa 100644
--- a/classes/handler.php
+++ b/classes/handler.php
@@ -19,5 +19,6 @@ class Handler {
function after() {
return true;
}
+
}
?>
diff --git a/classes/handler/public.php b/classes/handler/public.php
index aff04597..c06121d0 100644
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -195,27 +195,22 @@ class Handler_Public extends Handler {
function getProfiles() {
$login = db_escape_string($_REQUEST["login"]);
- $password = db_escape_string($_REQUEST["password"]);
- if (authenticate_user($this->link, $login, $password)) {
- $result = db_query($this->link, "SELECT * FROM ttrss_settings_profiles
- WHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY title");
+ $result = db_query($this->link, "SELECT * FROM ttrss_settings_profiles,ttrss_users
+ WHERE ttrss_users.id = ttrss_settings_profiles.owner_uid AND login = '$login' ORDER BY title");
- print "";
}
function pubsub() {
@@ -447,5 +442,232 @@ class Handler_Public extends Handler {
}
}
+ function login() {
+
+ print_r($_REQUEST);
+
+ $_SESSION["prefs_cache"] = array();
+
+ if (!SINGLE_USER_MODE) {
+
+ $login = db_escape_string($_POST["login"]);
+ $password = $_POST["password"];
+ $remember_me = $_POST["remember_me"];
+
+ if (authenticate_user($this->link, $login, $password)) {
+ $_POST["password"] = "";
+
+ $_SESSION["language"] = $_POST["language"];
+ $_SESSION["ref_schema_version"] = get_schema_version($this->link, true);
+ $_SESSION["bw_limit"] = !!$_POST["bw_limit"];
+
+ if ($_POST["profile"]) {
+
+ $profile = db_escape_string($_POST["profile"]);
+
+ $result = db_query($this->link, "SELECT id FROM ttrss_settings_profiles
+ WHERE id = '$profile' AND owner_uid = " . $_SESSION["uid"]);
+
+ if (db_num_rows($result) != 0) {
+ $_SESSION["profile"] = $profile;
+ $_SESSION["prefs_cache"] = array();
+ }
+ }
+ } else {
+ $_SESSION["login_error_msg"] = __("Incorrect username or password");
+ }
+
+ if ($_REQUEST['return']) {
+ header("Location: " . $_REQUEST['return']);
+ } else {
+ header("Location: " . SELF_URL_PATH);
+ }
+ }
+ }
+
+ function subscribe() {
+ if ($_SESSION["uid"]) {
+
+ $feed_url = db_escape_string(trim($_REQUEST["feed_url"]));
+
+ header('Content-Type: text/html; charset=utf-8');
+ print "
+
+ Tiny Tiny RSS
+
+
+
+
+
+ ".__("Subscribe to feed...")."
";
+
+ $rc = subscribe_to_feed($this->link, $feed_url);
+
+ switch ($rc['code']) {
+ case 0:
+ print_warning(T_sprintf("Already subscribed to %s.", $feed_url));
+ break;
+ case 1:
+ print_notice(T_sprintf("Subscribed to %s.", $feed_url));
+ break;
+ case 2:
+ print_error(T_sprintf("Could not subscribe to %s.", $feed_url));
+ break;
+ case 3:
+ print_error(T_sprintf("No feeds found in %s.", $feed_url));
+ break;
+ case 4:
+ print_notice(__("Multiple feed URLs found."));
+ $feed_urls = get_feeds_from_html($feed_url);
+ break;
+ case 5:
+ print_error(T_sprintf("Could not subscribe to %s.
Can't download the Feed URL.", $feed_url));
+ break;
+ }
+
+ if ($feed_urls) {
+
+ print "";
+ }
+
+ $tp_uri = get_self_url_prefix() . "/prefs.php";
+ $tt_uri = get_self_url_prefix();
+
+ if ($rc['code'] <= 2){
+ $result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE
+ feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
+
+ $feed_id = db_fetch_result($result, 0, "id");
+ } else {
+ $feed_id = 0;
+ }
+ print "";
+
+ if ($feed_id) {
+ print "
";
+ }
+
+ print "
";
+
+ print "";
+
+ } else {
+ render_login_form($this->link);
+ }
+ }
+
+ function subscribe2() {
+ $feed_url = db_escape_string(trim($_REQUEST["feed_url"]));
+ $cat_id = db_escape_string($_REQUEST["cat_id"]);
+ $from = db_escape_string($_REQUEST["from"]);
+
+ /* only read authentication information from POST */
+
+ $auth_login = db_escape_string(trim($_POST["auth_login"]));
+ $auth_pass = db_escape_string(trim($_POST["auth_pass"]));
+
+ $rc = subscribe_to_feed($this->link, $feed_url, $cat_id, $auth_login, $auth_pass);
+
+ switch ($rc) {
+ case 1:
+ print_notice(T_sprintf("Subscribed to %s.", $feed_url));
+ break;
+ case 2:
+ print_error(T_sprintf("Could not subscribe to %s.", $feed_url));
+ break;
+ case 3:
+ print_error(T_sprintf("No feeds found in %s.", $feed_url));
+ break;
+ case 0:
+ print_warning(T_sprintf("Already subscribed to %s.", $feed_url));
+ break;
+ case 4:
+ print_notice(__("Multiple feed URLs found."));
+
+ $feed_urls = get_feeds_from_html($feed_url);
+ break;
+ case 5:
+ print_error(T_sprintf("Could not subscribe to %s.
Can't download the Feed URL.", $feed_url));
+ break;
+ }
+
+ if ($feed_urls) {
+ print "";
+ }
+
+ $tp_uri = get_self_url_prefix() . "/prefs.php";
+ $tt_uri = get_self_url_prefix();
+
+ if ($rc <= 2){
+ $result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE
+ feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
+
+ $feed_id = db_fetch_result($result, 0, "id");
+ } else {
+ $feed_id = 0;
+ }
+
+ print "";
+
+ if ($feed_id) {
+ print "
";
+ }
+
+ print "";
+
+ print "