]>
Commit | Line | Data |
---|---|---|
5f0a3741 | 1 | <?php |
369dbc19 | 2 | class Handler_Public extends Handler { |
5f0a3741 | 3 | |
79178062 | 4 | private function generate_syndicated_feed($owner_uid, $feed, $is_cat, |
ca5d9be4 | 5 | $limit, $offset, $search, $search_mode, |
ce565216 | 6 | $view_mode = false, $format = 'atom') { |
79178062 AD |
7 | |
8 | require_once "lib/MiniTemplator.class.php"; | |
9 | ||
10 | $note_style = "background-color : #fff7d5; | |
11 | border-width : 1px; ". | |
12 | "padding : 5px; border-style : dashed; border-color : #e7d796;". | |
13 | "margin-bottom : 1em; color : #9a8c59;"; | |
14 | ||
c3d2cda8 | 15 | if (!$limit) $limit = 100; |
79178062 | 16 | |
8aa01d79 | 17 | $date_sort_field = "date_entered DESC, updated DESC"; |
79178062 | 18 | |
008ebad9 | 19 | if ($feed == -2) |
7ef7dd31 | 20 | $date_sort_field = "last_published DESC"; |
feb9b2df | 21 | else if ($feed == -1) |
7ef7dd31 | 22 | $date_sort_field = "last_marked DESC"; |
008ebad9 | 23 | |
79178062 AD |
24 | $qfh_ret = queryFeedHeadlines($this->link, $feed, |
25 | $limit, $view_mode, $is_cat, $search, $search_mode, | |
8aa01d79 | 26 | $date_sort_field, $offset, $owner_uid, |
6b3f228f | 27 | false, 0, false, true); |
79178062 AD |
28 | |
29 | $result = $qfh_ret[0]; | |
30 | $feed_title = htmlspecialchars($qfh_ret[1]); | |
31 | $feed_site_url = $qfh_ret[2]; | |
32 | $last_error = $qfh_ret[3]; | |
33 | ||
34 | $feed_self_url = get_self_url_prefix() . | |
35 | "/public.php?op=rss&id=-2&key=" . | |
2fb947eb | 36 | get_feed_access_key($this->link, -2, false, $owner_uid); |
79178062 AD |
37 | |
38 | if (!$feed_site_url) $feed_site_url = get_self_url_prefix(); | |
39 | ||
2ebf38a9 AD |
40 | if ($format == 'atom') { |
41 | $tpl = new MiniTemplator; | |
79178062 | 42 | |
2ebf38a9 | 43 | $tpl->readTemplateFromFile("templates/generated_feed.txt"); |
79178062 | 44 | |
2ebf38a9 AD |
45 | $tpl->setVariable('FEED_TITLE', $feed_title, true); |
46 | $tpl->setVariable('VERSION', VERSION, true); | |
47 | $tpl->setVariable('FEED_URL', htmlspecialchars($feed_self_url), true); | |
79178062 | 48 | |
2ebf38a9 AD |
49 | if (PUBSUBHUBBUB_HUB && $feed == -2) { |
50 | $tpl->setVariable('HUB_URL', htmlspecialchars(PUBSUBHUBBUB_HUB), true); | |
51 | $tpl->addBlock('feed_hub'); | |
52 | } | |
79178062 | 53 | |
2ebf38a9 | 54 | $tpl->setVariable('SELF_URL', htmlspecialchars(get_self_url_prefix()), true); |
79178062 | 55 | |
2ebf38a9 AD |
56 | while ($line = db_fetch_assoc($result)) { |
57 | $tpl->setVariable('ARTICLE_ID', htmlspecialchars($line['link']), true); | |
58 | $tpl->setVariable('ARTICLE_LINK', htmlspecialchars($line['link']), true); | |
59 | $tpl->setVariable('ARTICLE_TITLE', htmlspecialchars($line['title']), true); | |
60 | $tpl->setVariable('ARTICLE_EXCERPT', | |
61 | truncate_string(strip_tags($line["content_preview"]), 100, '...'), true); | |
79178062 | 62 | |
b3682750 | 63 | $content = sanitize($this->link, $line["content_preview"], false, $owner_uid); |
79178062 | 64 | |
2ebf38a9 AD |
65 | if ($line['note']) { |
66 | $content = "<div style=\"$note_style\">Article note: " . $line['note'] . "</div>" . | |
67 | $content; | |
10bdeb4b | 68 | } |
2ebf38a9 AD |
69 | |
70 | $tpl->setVariable('ARTICLE_CONTENT', $content, true); | |
71 | ||
72 | $tpl->setVariable('ARTICLE_UPDATED_ATOM', | |
73 | date('c', strtotime($line["updated"])), true); | |
74 | $tpl->setVariable('ARTICLE_UPDATED_RFC822', | |
75 | date(DATE_RFC822, strtotime($line["updated"])), true); | |
76 | ||
77 | $tpl->setVariable('ARTICLE_AUTHOR', htmlspecialchars($line['author']), true); | |
78 | ||
79 | $tags = get_article_tags($this->link, $line["id"], $owner_uid); | |
80 | ||
81 | foreach ($tags as $tag) { | |
82 | $tpl->setVariable('ARTICLE_CATEGORY', htmlspecialchars($tag), true); | |
83 | $tpl->addBlock('category'); | |
84 | } | |
79178062 | 85 | |
2ebf38a9 | 86 | $enclosures = get_article_enclosures($this->link, $line["id"]); |
79178062 | 87 | |
2ebf38a9 AD |
88 | foreach ($enclosures as $e) { |
89 | $type = htmlspecialchars($e['content_type']); | |
90 | $url = htmlspecialchars($e['content_url']); | |
91 | $length = $e['duration']; | |
9c97041d | 92 | |
2ebf38a9 AD |
93 | $tpl->setVariable('ARTICLE_ENCLOSURE_URL', $url, true); |
94 | $tpl->setVariable('ARTICLE_ENCLOSURE_TYPE', $type, true); | |
95 | $tpl->setVariable('ARTICLE_ENCLOSURE_LENGTH', $length, true); | |
79178062 | 96 | |
2ebf38a9 AD |
97 | $tpl->addBlock('enclosure'); |
98 | } | |
79178062 | 99 | |
2ebf38a9 | 100 | $tpl->addBlock('entry'); |
79178062 AD |
101 | } |
102 | ||
2ebf38a9 AD |
103 | $tmp = ""; |
104 | ||
105 | $tpl->addBlock('feed'); | |
106 | $tpl->generateOutputToString($tmp); | |
107 | ||
10bdeb4b AD |
108 | if (@!$_REQUEST["noxml"]) { |
109 | header("Content-Type: text/xml; charset=utf-8"); | |
110 | } else { | |
111 | header("Content-Type: text/plain; charset=utf-8"); | |
112 | } | |
2ebf38a9 AD |
113 | |
114 | print $tmp; | |
115 | } else if ($format == 'json') { | |
79178062 | 116 | |
2ebf38a9 | 117 | $feed = array(); |
79178062 | 118 | |
2ebf38a9 AD |
119 | $feed['title'] = $feed_title; |
120 | $feed['version'] = VERSION; | |
121 | $feed['feed_url'] = $feed_self_url; | |
79178062 | 122 | |
2ebf38a9 AD |
123 | if (PUBSUBHUBBUB_HUB && $feed == -2) { |
124 | $feed['hub_url'] = PUBSUBHUBBUB_HUB; | |
79178062 AD |
125 | } |
126 | ||
2ebf38a9 AD |
127 | $feed['self_url'] = get_self_url_prefix(); |
128 | ||
129 | $feed['articles'] = array(); | |
130 | ||
131 | while ($line = db_fetch_assoc($result)) { | |
132 | $article = array(); | |
79178062 | 133 | |
2ebf38a9 AD |
134 | $article['id'] = $line['link']; |
135 | $article['link'] = $line['link']; | |
136 | $article['title'] = $line['title']; | |
137 | $article['excerpt'] = truncate_string(strip_tags($line["content_preview"]), 100, '...'); | |
b3682750 | 138 | $article['content'] = sanitize($this->link, $line["content_preview"], false, $owner_uid); |
2ebf38a9 | 139 | $article['updated'] = date('c', strtotime($line["updated"])); |
79178062 | 140 | |
2ebf38a9 AD |
141 | if ($line['note']) $article['note'] = $line['note']; |
142 | if ($article['author']) $article['author'] = $line['author']; | |
79178062 | 143 | |
2ebf38a9 AD |
144 | $tags = get_article_tags($this->link, $line["id"], $owner_uid); |
145 | ||
146 | if (count($tags) > 0) { | |
147 | $article['tags'] = array(); | |
148 | ||
149 | foreach ($tags as $tag) { | |
150 | array_push($article['tags'], $tag); | |
151 | } | |
152 | } | |
153 | ||
154 | $enclosures = get_article_enclosures($this->link, $line["id"]); | |
155 | ||
156 | if (count($enclosures) > 0) { | |
157 | $article['enclosures'] = array(); | |
158 | ||
159 | foreach ($enclosures as $e) { | |
160 | $type = $e['content_type']; | |
161 | $url = $e['content_url']; | |
162 | $length = $e['duration']; | |
163 | ||
164 | array_push($article['enclosures'], array("url" => $url, "type" => $type, "length" => $length)); | |
165 | } | |
166 | } | |
167 | ||
168 | array_push($feed['articles'], $article); | |
169 | } | |
170 | ||
10bdeb4b | 171 | header("Content-Type: text/json; charset=utf-8"); |
2ebf38a9 AD |
172 | print json_encode($feed); |
173 | ||
174 | } else { | |
175 | header("Content-Type: text/plain; charset=utf-8"); | |
176 | print json_encode(array("error" => array("message" => "Unknown format"))); | |
177 | } | |
79178062 AD |
178 | } |
179 | ||
5f0a3741 | 180 | function getUnread() { |
3972bf59 | 181 | $login = db_escape_string($this->link, $_REQUEST["login"]); |
5f0a3741 AD |
182 | $fresh = $_REQUEST["fresh"] == "1"; |
183 | ||
184 | $result = db_query($this->link, "SELECT id FROM ttrss_users WHERE login = '$login'"); | |
185 | ||
186 | if (db_num_rows($result) == 1) { | |
187 | $uid = db_fetch_result($result, 0, "id"); | |
188 | ||
189 | print getGlobalUnread($this->link, $uid); | |
190 | ||
191 | if ($fresh) { | |
192 | print ";"; | |
193 | print getFeedArticles($this->link, -3, false, true, $uid); | |
194 | } | |
195 | ||
196 | } else { | |
197 | print "-1;User not found"; | |
198 | } | |
199 | ||
200 | } | |
201 | ||
202 | function getProfiles() { | |
3972bf59 | 203 | $login = db_escape_string($this->link, $_REQUEST["login"]); |
5f0a3741 | 204 | |
97acbaf1 AD |
205 | $result = db_query($this->link, "SELECT * FROM ttrss_settings_profiles,ttrss_users |
206 | WHERE ttrss_users.id = ttrss_settings_profiles.owner_uid AND login = '$login' ORDER BY title"); | |
5f0a3741 | 207 | |
eeee2ccf | 208 | print "<select dojoType='dijit.form.Select' style='width : 220px; margin : 0px' name='profile'>"; |
5f0a3741 | 209 | |
97acbaf1 | 210 | print "<option value='0'>" . __("Default profile") . "</option>"; |
5f0a3741 | 211 | |
97acbaf1 AD |
212 | while ($line = db_fetch_assoc($result)) { |
213 | $id = $line["id"]; | |
214 | $title = $line["title"]; | |
5f0a3741 | 215 | |
97acbaf1 | 216 | print "<option value='$id'>$title</option>"; |
5f0a3741 | 217 | } |
97acbaf1 AD |
218 | |
219 | print "</select>"; | |
5f0a3741 AD |
220 | } |
221 | ||
222 | function pubsub() { | |
3972bf59 AD |
223 | $mode = db_escape_string($this->link, $_REQUEST['hub_mode']); |
224 | $feed_id = (int) db_escape_string($this->link, $_REQUEST['id']); | |
225 | $feed_url = db_escape_string($this->link, $_REQUEST['hub_topic']); | |
5f0a3741 AD |
226 | |
227 | if (!PUBSUBHUBBUB_ENABLED) { | |
228 | header('HTTP/1.0 404 Not Found'); | |
229 | echo "404 Not found"; | |
230 | return; | |
231 | } | |
232 | ||
233 | // TODO: implement hub_verifytoken checking | |
234 | ||
235 | $result = db_query($this->link, "SELECT feed_url FROM ttrss_feeds | |
236 | WHERE id = '$feed_id'"); | |
237 | ||
238 | if (db_num_rows($result) != 0) { | |
239 | ||
240 | $check_feed_url = db_fetch_result($result, 0, "feed_url"); | |
241 | ||
242 | if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) { | |
243 | if ($mode == "subscribe") { | |
244 | ||
245 | db_query($this->link, "UPDATE ttrss_feeds SET pubsub_state = 2 | |
246 | WHERE id = '$feed_id'"); | |
247 | ||
248 | print $_REQUEST['hub_challenge']; | |
249 | return; | |
250 | ||
251 | } else if ($mode == "unsubscribe") { | |
252 | ||
253 | db_query($this->link, "UPDATE ttrss_feeds SET pubsub_state = 0 | |
254 | WHERE id = '$feed_id'"); | |
255 | ||
256 | print $_REQUEST['hub_challenge']; | |
257 | return; | |
258 | ||
259 | } else if (!$mode) { | |
260 | ||
261 | // Received update ping, schedule feed update. | |
262 | //update_rss_feed($this->link, $feed_id, true, true); | |
263 | ||
264 | db_query($this->link, "UPDATE ttrss_feeds SET | |
265 | last_update_started = '1970-01-01', | |
266 | last_updated = '1970-01-01' WHERE id = '$feed_id'"); | |
267 | ||
268 | } | |
269 | } else { | |
270 | header('HTTP/1.0 404 Not Found'); | |
271 | echo "404 Not found"; | |
272 | } | |
273 | } else { | |
274 | header('HTTP/1.0 404 Not Found'); | |
275 | echo "404 Not found"; | |
276 | } | |
277 | ||
278 | } | |
279 | ||
280 | function logout() { | |
281 | logout_user(); | |
282 | header("Location: index.php"); | |
283 | } | |
284 | ||
5f0a3741 | 285 | function share() { |
3972bf59 | 286 | $uuid = db_escape_string($this->link, $_REQUEST["key"]); |
5f0a3741 AD |
287 | |
288 | $result = db_query($this->link, "SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE | |
289 | uuid = '$uuid'"); | |
290 | ||
291 | if (db_num_rows($result) != 0) { | |
292 | header("Content-Type: text/html"); | |
293 | ||
294 | $id = db_fetch_result($result, 0, "ref_id"); | |
295 | $owner_uid = db_fetch_result($result, 0, "owner_uid"); | |
296 | ||
64436e10 | 297 | $article = format_article($this->link, $id, false, true, $owner_uid); |
5f0a3741 AD |
298 | |
299 | print_r($article['content']); | |
300 | ||
301 | } else { | |
302 | print "Article not found."; | |
303 | } | |
304 | ||
305 | } | |
306 | ||
307 | function rss() { | |
3972bf59 AD |
308 | $feed = db_escape_string($this->link, $_REQUEST["id"]); |
309 | $key = db_escape_string($this->link, $_REQUEST["key"]); | |
5f0a3741 | 310 | $is_cat = $_REQUEST["is_cat"] != false; |
3972bf59 AD |
311 | $limit = (int)db_escape_string($this->link, $_REQUEST["limit"]); |
312 | $offset = (int)db_escape_string($this->link, $_REQUEST["offset"]); | |
5f0a3741 | 313 | |
3972bf59 AD |
314 | $search = db_escape_string($this->link, $_REQUEST["q"]); |
315 | $search_mode = db_escape_string($this->link, $_REQUEST["smode"]); | |
316 | $view_mode = db_escape_string($this->link, $_REQUEST["view-mode"]); | |
5f0a3741 | 317 | |
3972bf59 | 318 | $format = db_escape_string($this->link, $_REQUEST['format']); |
2ebf38a9 AD |
319 | |
320 | if (!$format) $format = 'atom'; | |
321 | ||
5f0a3741 AD |
322 | if (SINGLE_USER_MODE) { |
323 | authenticate_user($this->link, "admin", null); | |
324 | } | |
325 | ||
326 | $owner_id = false; | |
327 | ||
328 | if ($key) { | |
329 | $result = db_query($this->link, "SELECT owner_uid FROM | |
330 | ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'"); | |
331 | ||
332 | if (db_num_rows($result) == 1) | |
333 | $owner_id = db_fetch_result($result, 0, "owner_uid"); | |
334 | } | |
335 | ||
336 | if ($owner_id) { | |
2fb947eb | 337 | $this->generate_syndicated_feed($owner_id, $feed, $is_cat, $limit, |
ca5d9be4 | 338 | $offset, $search, $search_mode, $view_mode, $format); |
5f0a3741 AD |
339 | } else { |
340 | header('HTTP/1.1 403 Forbidden'); | |
341 | } | |
342 | } | |
343 | ||
07391e36 AD |
344 | function globalUpdateFeeds() { |
345 | include "rssfuncs.php"; | |
5f0a3741 | 346 | // Update all feeds needing a update. |
036cd3a4 | 347 | update_daemon_common($this->link, 0, true, false); |
cda55d67 AD |
348 | |
349 | // Update feedbrowser | |
350 | update_feedbrowser_cache($this->link); | |
351 | ||
352 | // Purge orphans and cleanup tags | |
353 | purge_orphans($this->link); | |
354 | ||
355 | cleanup_tags($this->link, 14, 50000); | |
356 | ||
357 | global $pluginhost; | |
358 | $pluginhost->run_hooks($pluginhost::HOOK_UPDATE_TASK, "hook_update_task", $op); | |
359 | ||
07391e36 | 360 | } |
8361e724 AD |
361 | |
362 | function sharepopup() { | |
61a748f8 AD |
363 | if (SINGLE_USER_MODE) { |
364 | login_sequence($this->link); | |
365 | } | |
366 | ||
8361e724 | 367 | header('Content-Type: text/html; charset=utf-8'); |
9a2aed91 AD |
368 | print "<html><head><title>Tiny Tiny RSS</title>"; |
369 | ||
370 | print stylesheet_tag("utility.css"); | |
371 | print javascript_tag("lib/prototype.js"); | |
372 | print javascript_tag("lib/scriptaculous/scriptaculous.js?load=effects,dragdrop,controls"); | |
373 | print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/> | |
374 | </head><body id='sharepopup'>"; | |
8361e724 AD |
375 | |
376 | $action = $_REQUEST["action"]; | |
377 | ||
378 | if ($_SESSION["uid"]) { | |
379 | ||
d493aba2 | 380 | if ($action == 'share') { |
8361e724 | 381 | |
3972bf59 AD |
382 | $title = db_escape_string($this->link, strip_tags($_REQUEST["title"])); |
383 | $url = db_escape_string($this->link, strip_tags($_REQUEST["url"])); | |
384 | $content = db_escape_string($this->link, strip_tags($_REQUEST["content"])); | |
385 | $labels = db_escape_string($this->link, strip_tags($_REQUEST["labels"])); | |
8361e724 | 386 | |
50832719 | 387 | Article::create_published_article($this->link, $title, $url, $content, $labels, |
1b4d1a6b | 388 | $_SESSION["uid"]); |
8361e724 | 389 | |
d493aba2 AD |
390 | print "<script type='text/javascript'>"; |
391 | print "window.close();"; | |
392 | print "</script>"; | |
8361e724 | 393 | |
d493aba2 | 394 | } else { |
8361e724 AD |
395 | $title = htmlspecialchars($_REQUEST["title"]); |
396 | $url = htmlspecialchars($_REQUEST["url"]); | |
397 | ||
d493aba2 | 398 | ?> |
8361e724 | 399 | |
d493aba2 AD |
400 | <table height='100%' width='100%'><tr><td colspan='2'> |
401 | <h1><?php echo __("Share with Tiny Tiny RSS") ?></h1> | |
402 | </td></tr> | |
8361e724 | 403 | |
d493aba2 | 404 | <form id='share_form' name='share_form'> |
8361e724 | 405 | |
d493aba2 AD |
406 | <input type="hidden" name="op" value="sharepopup"> |
407 | <input type="hidden" name="action" value="share"> | |
8361e724 | 408 | |
22439dad | 409 | <tr><td align='right'><?php echo __("Title:") ?></td> |
d493aba2 | 410 | <td width='80%'><input name='title' value="<?php echo $title ?>"></td></tr> |
22439dad | 411 | <tr><td align='right'><?php echo __("URL:") ?></td> |
d493aba2 | 412 | <td><input name='url' value="<?php echo $url ?>"></td></tr> |
22439dad | 413 | <tr><td align='right'><?php echo __("Content:") ?></td> |
d493aba2 | 414 | <td><input name='content' value=""></td></tr> |
1b4d1a6b AD |
415 | <tr><td align='right'><?php echo __("Labels:") ?></td> |
416 | <td><input name='labels' id="labels_value" | |
417 | placeholder='Alpha, Beta, Gamma' value=""> | |
418 | </td></tr> | |
419 | ||
420 | <tr><td> | |
421 | <div class="autocomplete" id="labels_choices" | |
422 | style="display : block"></div></td></tr> | |
8361e724 | 423 | |
d493aba2 | 424 | <script type='text/javascript'>document.forms[0].title.focus();</script> |
8361e724 | 425 | |
1b4d1a6b AD |
426 | <script type='text/javascript'> |
427 | new Ajax.Autocompleter('labels_value', 'labels_choices', | |
428 | "backend.php?op=rpc&method=completeLabels", | |
429 | { tokens: ',', paramName: "search" }); | |
430 | </script> | |
431 | ||
d493aba2 AD |
432 | <tr><td colspan='2'> |
433 | <div style='float : right' class='insensitive-small'> | |
434 | <?php echo __("Shared article will appear in the Published feed.") ?> | |
435 | </div> | |
436 | <button type="submit"><?php echo __('Share') ?></button> | |
437 | <button onclick="return window.close()"><?php echo __('Cancel') ?></button> | |
438 | </div> | |
8361e724 | 439 | |
d493aba2 AD |
440 | </form> |
441 | </td></tr></table> | |
442 | </body></html> | |
443 | <?php | |
8361e724 | 444 | |
8361e724 AD |
445 | } |
446 | ||
447 | } else { | |
448 | ||
d493aba2 AD |
449 | $return = urlencode($_SERVER["REQUEST_URI"]) |
450 | ?> | |
451 | ||
452 | <form action="public.php?return=<?php echo $return ?>" | |
22439dad | 453 | method="POST" id="loginForm" name="loginForm"> |
d493aba2 AD |
454 | |
455 | <input type="hidden" name="op" value="login"> | |
456 | ||
457 | <table height='100%' width='100%'><tr><td colspan='2'> | |
22439dad | 458 | <h1><?php echo __("Not logged in") ?></h1></td></tr> |
d493aba2 AD |
459 | |
460 | <tr><td align="right"><?php echo __("Login:") ?></td> | |
461 | <td align="right"><input name="login" | |
462 | value="<?php echo $_SESSION["fake_login"] ?>"></td></tr> | |
463 | <tr><td align="right"><?php echo __("Password:") ?></td> | |
464 | <td align="right"><input type="password" name="password" | |
465 | value="<?php echo $_SESSION["fake_password"] ?>"></td></tr> | |
466 | <tr><td align="right"><?php echo __("Language:") ?></td> | |
467 | <td align="right"> | |
468 | <?php | |
469 | print_select_hash("language", $_COOKIE["ttrss_lang"], get_translations(), | |
470 | "style='width : 100%''"); | |
471 | ||
472 | ?> | |
473 | </td></tr> | |
474 | <tr><td colspan='2'> | |
475 | <button type="submit"> | |
476 | <?php echo __('Log in') ?></button> | |
477 | ||
478 | <button onclick="return window.close()"> | |
479 | <?php echo __('Cancel') ?></button> | |
480 | </td></tr> | |
481 | </table> | |
482 | ||
483 | </form> | |
484 | <?php | |
8361e724 AD |
485 | } |
486 | } | |
487 | ||
97acbaf1 | 488 | function login() { |
97acbaf1 AD |
489 | $_SESSION["prefs_cache"] = array(); |
490 | ||
491 | if (!SINGLE_USER_MODE) { | |
492 | ||
3972bf59 | 493 | $login = db_escape_string($this->link, $_POST["login"]); |
97acbaf1 AD |
494 | $password = $_POST["password"]; |
495 | $remember_me = $_POST["remember_me"]; | |
496 | ||
f231f438 AD |
497 | if ($remember_me) { |
498 | session_set_cookie_params(SESSION_COOKIE_LIFETIME); | |
499 | } else { | |
500 | session_set_cookie_params(0); | |
501 | } | |
502 | ||
60ed4c9a AD |
503 | @session_start(); |
504 | ||
97acbaf1 AD |
505 | if (authenticate_user($this->link, $login, $password)) { |
506 | $_POST["password"] = ""; | |
507 | ||
508 | $_SESSION["language"] = $_POST["language"]; | |
509 | $_SESSION["ref_schema_version"] = get_schema_version($this->link, true); | |
510 | $_SESSION["bw_limit"] = !!$_POST["bw_limit"]; | |
511 | ||
512 | if ($_POST["profile"]) { | |
513 | ||
3972bf59 | 514 | $profile = db_escape_string($this->link, $_POST["profile"]); |
97acbaf1 AD |
515 | |
516 | $result = db_query($this->link, "SELECT id FROM ttrss_settings_profiles | |
517 | WHERE id = '$profile' AND owner_uid = " . $_SESSION["uid"]); | |
518 | ||
519 | if (db_num_rows($result) != 0) { | |
520 | $_SESSION["profile"] = $profile; | |
521 | $_SESSION["prefs_cache"] = array(); | |
522 | } | |
523 | } | |
524 | } else { | |
525 | $_SESSION["login_error_msg"] = __("Incorrect username or password"); | |
526 | } | |
527 | ||
528 | if ($_REQUEST['return']) { | |
529 | header("Location: " . $_REQUEST['return']); | |
530 | } else { | |
531 | header("Location: " . SELF_URL_PATH); | |
532 | } | |
533 | } | |
534 | } | |
535 | ||
536 | function subscribe() { | |
61a748f8 AD |
537 | if (SINGLE_USER_MODE) { |
538 | login_sequence($this->link); | |
539 | } | |
540 | ||
97acbaf1 AD |
541 | if ($_SESSION["uid"]) { |
542 | ||
3972bf59 | 543 | $feed_url = db_escape_string($this->link, trim($_REQUEST["feed_url"])); |
97acbaf1 AD |
544 | |
545 | header('Content-Type: text/html; charset=utf-8'); | |
546 | print "<html> | |
547 | <head> | |
548 | <title>Tiny Tiny RSS</title> | |
549 | <link rel=\"stylesheet\" type=\"text/css\" href=\"utility.css\"> | |
550 | <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/> | |
551 | </head> | |
552 | <body> | |
884d1650 | 553 | <img class=\"floatingLogo\" src=\"images/logo_small.png\" |
97acbaf1 | 554 | alt=\"Tiny Tiny RSS\"/> |
884d1650 | 555 | <h1>".__("Subscribe to feed...")."</h1><div class='content'>"; |
97acbaf1 AD |
556 | |
557 | $rc = subscribe_to_feed($this->link, $feed_url); | |
558 | ||
559 | switch ($rc['code']) { | |
560 | case 0: | |
561 | print_warning(T_sprintf("Already subscribed to <b>%s</b>.", $feed_url)); | |
562 | break; | |
563 | case 1: | |
564 | print_notice(T_sprintf("Subscribed to <b>%s</b>.", $feed_url)); | |
565 | break; | |
566 | case 2: | |
567 | print_error(T_sprintf("Could not subscribe to <b>%s</b>.", $feed_url)); | |
568 | break; | |
569 | case 3: | |
570 | print_error(T_sprintf("No feeds found in <b>%s</b>.", $feed_url)); | |
571 | break; | |
572 | case 4: | |
573 | print_notice(__("Multiple feed URLs found.")); | |
759e5132 | 574 | $feed_urls = $rc["feeds"]; |
97acbaf1 AD |
575 | break; |
576 | case 5: | |
577 | print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url)); | |
578 | break; | |
579 | } | |
580 | ||
581 | if ($feed_urls) { | |
582 | ||
583 | print "<form action=\"public.php\">"; | |
584 | print "<input type=\"hidden\" name=\"op\" value=\"subscribe\">"; | |
585 | ||
586 | print "<select name=\"feed_url\">"; | |
587 | ||
588 | foreach ($feed_urls as $url => $name) { | |
589 | $url = htmlspecialchars($url); | |
590 | $name = htmlspecialchars($name); | |
591 | ||
592 | print "<option value=\"$url\">$name</option>"; | |
593 | } | |
594 | ||
595 | print "<input type=\"submit\" value=\"".__("Subscribe to selected feed"). | |
596 | "\">"; | |
597 | ||
598 | print "</form>"; | |
599 | } | |
600 | ||
601 | $tp_uri = get_self_url_prefix() . "/prefs.php"; | |
602 | $tt_uri = get_self_url_prefix(); | |
603 | ||
604 | if ($rc['code'] <= 2){ | |
605 | $result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE | |
606 | feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]); | |
607 | ||
608 | $feed_id = db_fetch_result($result, 0, "id"); | |
609 | } else { | |
610 | $feed_id = 0; | |
611 | } | |
612 | print "<p>"; | |
613 | ||
614 | if ($feed_id) { | |
615 | print "<form method=\"GET\" style='display: inline' | |
616 | action=\"$tp_uri\"> | |
617 | <input type=\"hidden\" name=\"tab\" value=\"feedConfig\"> | |
618 | <input type=\"hidden\" name=\"method\" value=\"editFeed\"> | |
619 | <input type=\"hidden\" name=\"methodparam\" value=\"$feed_id\"> | |
620 | <input type=\"submit\" value=\"".__("Edit subscription options")."\"> | |
621 | </form>"; | |
622 | } | |
623 | ||
624 | print "<form style='display: inline' method=\"GET\" action=\"$tt_uri\"> | |
625 | <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> | |
626 | </form></p>"; | |
627 | ||
884d1650 | 628 | print "</div></body></html>"; |
97acbaf1 AD |
629 | |
630 | } else { | |
631 | render_login_form($this->link); | |
632 | } | |
633 | } | |
634 | ||
635 | function subscribe2() { | |
3972bf59 AD |
636 | $feed_url = db_escape_string($this->link, trim($_REQUEST["feed_url"])); |
637 | $cat_id = db_escape_string($this->link, $_REQUEST["cat_id"]); | |
638 | $from = db_escape_string($this->link, $_REQUEST["from"]); | |
97acbaf1 AD |
639 | |
640 | /* only read authentication information from POST */ | |
641 | ||
3972bf59 AD |
642 | $auth_login = db_escape_string($this->link, trim($_POST["auth_login"])); |
643 | $auth_pass = db_escape_string($this->link, trim($_POST["auth_pass"])); | |
97acbaf1 AD |
644 | |
645 | $rc = subscribe_to_feed($this->link, $feed_url, $cat_id, $auth_login, $auth_pass); | |
646 | ||
647 | switch ($rc) { | |
648 | case 1: | |
649 | print_notice(T_sprintf("Subscribed to <b>%s</b>.", $feed_url)); | |
650 | break; | |
651 | case 2: | |
652 | print_error(T_sprintf("Could not subscribe to <b>%s</b>.", $feed_url)); | |
653 | break; | |
654 | case 3: | |
655 | print_error(T_sprintf("No feeds found in <b>%s</b>.", $feed_url)); | |
656 | break; | |
657 | case 0: | |
658 | print_warning(T_sprintf("Already subscribed to <b>%s</b>.", $feed_url)); | |
659 | break; | |
660 | case 4: | |
661 | print_notice(__("Multiple feed URLs found.")); | |
662 | ||
663 | $feed_urls = get_feeds_from_html($feed_url); | |
664 | break; | |
665 | case 5: | |
666 | print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url)); | |
667 | break; | |
668 | } | |
669 | ||
670 | if ($feed_urls) { | |
671 | print "<form action=\"backend.php\">"; | |
672 | print "<input type=\"hidden\" name=\"op\" value=\"pref-feeds\">"; | |
673 | print "<input type=\"hidden\" name=\"quiet\" value=\"1\">"; | |
674 | print "<input type=\"hidden\" name=\"method\" value=\"add\">"; | |
675 | ||
676 | print "<select name=\"feed_url\">"; | |
677 | ||
678 | foreach ($feed_urls as $url => $name) { | |
679 | $url = htmlspecialchars($url); | |
680 | $name = htmlspecialchars($name); | |
681 | print "<option value=\"$url\">$name</option>"; | |
682 | } | |
683 | ||
684 | print "<input type=\"submit\" value=\"".__("Subscribe to selected feed")."\">"; | |
685 | print "</form>"; | |
686 | } | |
687 | ||
688 | $tp_uri = get_self_url_prefix() . "/prefs.php"; | |
689 | $tt_uri = get_self_url_prefix(); | |
690 | ||
691 | if ($rc <= 2){ | |
692 | $result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE | |
693 | feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]); | |
694 | ||
695 | $feed_id = db_fetch_result($result, 0, "id"); | |
696 | } else { | |
697 | $feed_id = 0; | |
698 | } | |
699 | ||
700 | print "<p>"; | |
701 | ||
702 | if ($feed_id) { | |
703 | print "<form method=\"GET\" style='display: inline' | |
704 | action=\"$tp_uri\"> | |
705 | <input type=\"hidden\" name=\"tab\" value=\"feedConfig\"> | |
706 | <input type=\"hidden\" name=\"method\" value=\"editFeed\"> | |
707 | <input type=\"hidden\" name=\"methodparam\" value=\"$feed_id\"> | |
708 | <input type=\"submit\" value=\"".__("Edit subscription options")."\"> | |
709 | </form>"; | |
710 | } | |
711 | ||
712 | print "<form style='display: inline' method=\"GET\" action=\"$tt_uri\"> | |
713 | <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> | |
714 | </form></p>"; | |
715 | ||
716 | print "</body></html>"; | |
717 | } | |
718 | ||
719 | function index() { | |
720 | header("Content-Type: text/plain"); | |
721 | print json_encode(array("error" => array("code" => 7))); | |
722 | } | |
723 | ||
f43e9e97 AD |
724 | function forgotpass() { |
725 | header('Content-Type: text/html; charset=utf-8'); | |
e216d302 AD |
726 | print "<html><head><title>Tiny Tiny RSS</title>"; |
727 | ||
728 | print stylesheet_tag("utility.css"); | |
729 | print javascript_tag("lib/prototype.js"); | |
730 | ||
731 | print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/> | |
732 | </head><body id='forgotpass'>"; | |
f43e9e97 | 733 | |
884d1650 | 734 | print '<div class="floatingLogo"><img src="images/logo_small.png"></div>'; |
483f15d5 | 735 | print "<h1>".__("Password recovery")."</h1>"; |
884d1650 | 736 | print "<div class='content'>"; |
f43e9e97 AD |
737 | |
738 | @$method = $_POST['method']; | |
739 | ||
740 | if (!$method) { | |
483f15d5 AD |
741 | print_notice(__("You will need to provide valid account name and email. New password will be sent on your email address.")); |
742 | ||
f43e9e97 | 743 | print "<form method='POST' action='public.php'>"; |
f43e9e97 AD |
744 | print "<input type='hidden' name='method' value='do'>"; |
745 | print "<input type='hidden' name='op' value='forgotpass'>"; | |
746 | ||
747 | print "<fieldset>"; | |
748 | print "<label>".__("Login:")."</label>"; | |
749 | print "<input type='text' name='login' value='' required>"; | |
750 | print "</fieldset>"; | |
751 | ||
752 | print "<fieldset>"; | |
753 | print "<label>".__("Email:")."</label>"; | |
754 | print "<input type='email' name='email' value='' required>"; | |
755 | print "</fieldset>"; | |
756 | ||
757 | print "<fieldset>"; | |
758 | print "<label>".__("How much is two plus two:")."</label>"; | |
759 | print "<input type='text' name='test' value='' required>"; | |
760 | print "</fieldset>"; | |
761 | ||
762 | print "<p/>"; | |
763 | print "<button type='submit'>".__("Reset password")."</button>"; | |
764 | ||
765 | print "</form>"; | |
766 | } else if ($method == 'do') { | |
767 | ||
f43e9e97 AD |
768 | $login = db_escape_string($this->link, $_POST["login"]); |
769 | $email = db_escape_string($this->link, $_POST["email"]); | |
770 | $test = db_escape_string($this->link, $_POST["test"]); | |
771 | ||
772 | if (($test != 4 && $test != 'four') || !$email || !$login) { | |
773 | print_error(__('Some of the required form parameters are missing or incorrect.')); | |
774 | ||
483f15d5 AD |
775 | print "<form method=\"GET\" action=\"public.php\"> |
776 | <input type=\"hidden\" name=\"op\" value=\"forgotpass\"> | |
777 | <input type=\"submit\" value=\"".__("Go back")."\"> | |
778 | </form>"; | |
f43e9e97 | 779 | |
e216d302 | 780 | } else { |
f43e9e97 AD |
781 | |
782 | $result = db_query($this->link, "SELECT id FROM ttrss_users | |
783 | WHERE login = '$login' AND email = '$email'"); | |
784 | ||
785 | if (db_num_rows($result) != 0) { | |
786 | $id = db_fetch_result($result, 0, "id"); | |
787 | ||
788 | Pref_Users::resetUserPassword($this->link, $id, false); | |
789 | ||
483f15d5 AD |
790 | print "<p>"; |
791 | ||
e216d302 | 792 | print "<p>"."Completed."."</p>"; |
483f15d5 AD |
793 | |
794 | print "<form method=\"GET\" action=\"index.php\"> | |
795 | <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> | |
796 | </form>"; | |
f43e9e97 AD |
797 | |
798 | } else { | |
799 | print_error(__("Sorry, login and email combination not found.")); | |
483f15d5 AD |
800 | |
801 | print "<form method=\"GET\" action=\"public.php\"> | |
802 | <input type=\"hidden\" name=\"op\" value=\"forgotpass\"> | |
803 | <input type=\"submit\" value=\"".__("Go back")."\"> | |
804 | </form>"; | |
805 | ||
f43e9e97 | 806 | } |
f43e9e97 AD |
807 | } |
808 | ||
809 | } | |
810 | ||
884d1650 | 811 | print "</div>"; |
f43e9e97 AD |
812 | print "</body>"; |
813 | print "</html>"; | |
814 | ||
815 | } | |
816 | ||
5f0a3741 AD |
817 | } |
818 | ?> |