[tt-rss.git] / classes / handler / public.php

<?php
class Handler_Public extends Handler {

	private function generate_syndicated_feed($owner_uid, $feed, $is_cat,
		$limit, $search, $search_mode, $match_on, $view_mode = false, $format = 'atom') {

		require_once "lib/MiniTemplator.class.php";

		$note_style = 	"background-color : #fff7d5;
			border-width : 1px; ".
			"padding : 5px; border-style : dashed; border-color : #e7d796;".
			"margin-bottom : 1em; color : #9a8c59;";

		if (!$limit) $limit = 100;

		if (get_pref($this->link, "SORT_HEADLINES_BY_FEED_DATE", $owner_uid)) {
			$date_sort_field = "updated";
		} else {
			$date_sort_field = "date_entered";
		}

		$qfh_ret = queryFeedHeadlines($this->link, $feed,
			$limit, $view_mode, $is_cat, $search, $search_mode,
			$match_on, "$date_sort_field DESC", 0, $owner_uid);

		$result = $qfh_ret[0];
		$feed_title = htmlspecialchars($qfh_ret[1]);
		$feed_site_url = $qfh_ret[2];
		$last_error = $qfh_ret[3];

		$feed_self_url = get_self_url_prefix() .
			"/public.php?op=rss&id=-2&key=" .
			get_feed_access_key($this->link, -2, false, $owner_uid);

		if (!$feed_site_url) $feed_site_url = get_self_url_prefix();

		if ($format == 'atom') {
			$tpl = new MiniTemplator;

			$tpl->readTemplateFromFile("templates/generated_feed.txt");

			$tpl->setVariable('FEED_TITLE', $feed_title, true);
			$tpl->setVariable('VERSION', VERSION, true);
			$tpl->setVariable('FEED_URL', htmlspecialchars($feed_self_url), true);

			if (PUBSUBHUBBUB_HUB && $feed == -2) {
				$tpl->setVariable('HUB_URL', htmlspecialchars(PUBSUBHUBBUB_HUB), true);
				$tpl->addBlock('feed_hub');
			}

			$tpl->setVariable('SELF_URL', htmlspecialchars(get_self_url_prefix()), true);

	 		while ($line = db_fetch_assoc($result)) {
				$tpl->setVariable('ARTICLE_ID', htmlspecialchars($line['link']), true);
				$tpl->setVariable('ARTICLE_LINK', htmlspecialchars($line['link']), true);
				$tpl->setVariable('ARTICLE_TITLE', htmlspecialchars($line['title']), true);
				$tpl->setVariable('ARTICLE_EXCERPT',
					truncate_string(strip_tags($line["content_preview"]), 100, '...'), true);

				$content = sanitize($this->link, $line["content_preview"], false, $owner_uid);

				if ($line['note']) {
					$content = "<div style=\"$note_style\">Article note: " . $line['note'] . "</div>" .
						$content;
				}

				$tpl->setVariable('ARTICLE_CONTENT', $content, true);

				$tpl->setVariable('ARTICLE_UPDATED_ATOM',
					date('c', strtotime($line["updated"])), true);
				$tpl->setVariable('ARTICLE_UPDATED_RFC822',
					date(DATE_RFC822, strtotime($line["updated"])), true);

				$tpl->setVariable('ARTICLE_AUTHOR', htmlspecialchars($line['author']), true);

				$tags = get_article_tags($this->link, $line["id"], $owner_uid);

				foreach ($tags as $tag) {
					$tpl->setVariable('ARTICLE_CATEGORY', htmlspecialchars($tag), true);
					$tpl->addBlock('category');
				}

				$enclosures = get_article_enclosures($this->link, $line["id"]);

				foreach ($enclosures as $e) {
					$type = htmlspecialchars($e['content_type']);
					$url = htmlspecialchars($e['content_url']);
					$length = $e['duration'];

					$tpl->setVariable('ARTICLE_ENCLOSURE_URL', $url, true);
					$tpl->setVariable('ARTICLE_ENCLOSURE_TYPE', $type, true);
					$tpl->setVariable('ARTICLE_ENCLOSURE_LENGTH', $length, true);

					$tpl->addBlock('enclosure');
				}

				$tpl->addBlock('entry');
			}

			$tmp = "";

			$tpl->addBlock('feed');
			$tpl->generateOutputToString($tmp);

			header("Content-Type: text/xml; charset=utf-8");

			print $tmp;
		} else if ($format == 'json') {

			$feed = array();

			$feed['title'] = $feed_title;
			$feed['version'] = VERSION;
			$feed['feed_url'] = $feed_self_url;

			if (PUBSUBHUBBUB_HUB && $feed == -2) {
				$feed['hub_url'] = PUBSUBHUBBUB_HUB;
			}

			$feed['self_url'] = get_self_url_prefix();

			$feed['articles'] = array();

			while ($line = db_fetch_assoc($result)) {
				$article = array();

				$article['id'] = $line['link'];
				$article['link']	= $line['link'];
				$article['title'] = $line['title'];
				$article['excerpt'] = truncate_string(strip_tags($line["content_preview"]), 100, '...');
				$article['content'] = sanitize($this->link, $line["content_preview"], false, $owner_uid);
				$article['updated'] = date('c', strtotime($line["updated"]));

				if ($line['note']) $article['note'] = $line['note'];
				if ($article['author']) $article['author'] = $line['author'];

				$tags = get_article_tags($this->link, $line["id"], $owner_uid);

				if (count($tags) > 0) {
					$article['tags'] = array();

					foreach ($tags as $tag) {
						array_push($article['tags'], $tag);
					}
				}

				$enclosures = get_article_enclosures($this->link, $line["id"]);

				if (count($enclosures) > 0) {
					$article['enclosures'] = array();

					foreach ($enclosures as $e) {
						$type = $e['content_type'];
						$url = $e['content_url'];
						$length = $e['duration'];

						array_push($article['enclosures'], array("url" => $url, "type" => $type, "length" => $length));
					}
				}

				array_push($feed['articles'], $article);
			}

			header("Content-Type: text/plain; charset=utf-8");

			print json_encode($feed);

		} else {
			header("Content-Type: text/plain; charset=utf-8");
			print json_encode(array("error" => array("message" => "Unknown format")));
		}
	}

	function getUnread() {
		$login = db_escape_string($_REQUEST["login"]);
		$fresh = $_REQUEST["fresh"] == "1";

		$result = db_query($this->link, "SELECT id FROM ttrss_users WHERE login = '$login'");

		if (db_num_rows($result) == 1) {
			$uid = db_fetch_result($result, 0, "id");

			print getGlobalUnread($this->link, $uid);

			if ($fresh) {
				print ";";
				print getFeedArticles($this->link, -3, false, true, $uid);
			}

		} else {
			print "-1;User not found";
		}

	}

	function getProfiles() {
		$login = db_escape_string($_REQUEST["login"]);

		$result = db_query($this->link, "SELECT * FROM ttrss_settings_profiles,ttrss_users
			WHERE ttrss_users.id = ttrss_settings_profiles.owner_uid AND login = '$login' ORDER BY title");

		print "<select style='width: 100%' name='profile'>";

		print "<option value='0'>" . __("Default profile") . "</option>";

		while ($line = db_fetch_assoc($result)) {
			$id = $line["id"];
			$title = $line["title"];

			print "<option value='$id'>$title</option>";
		}

		print "</select>";
	}

	function pubsub() {
		$mode = db_escape_string($_REQUEST['hub_mode']);
		$feed_id = (int) db_escape_string($_REQUEST['id']);
		$feed_url = db_escape_string($_REQUEST['hub_topic']);

		if (!PUBSUBHUBBUB_ENABLED) {
			header('HTTP/1.0 404 Not Found');
			echo "404 Not found";
			return;
		}

		// TODO: implement hub_verifytoken checking

		$result = db_query($this->link, "SELECT feed_url FROM ttrss_feeds
			WHERE id = '$feed_id'");

		if (db_num_rows($result) != 0) {

			$check_feed_url = db_fetch_result($result, 0, "feed_url");

			if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) {
				if ($mode == "subscribe") {

					db_query($this->link, "UPDATE ttrss_feeds SET pubsub_state = 2
						WHERE id = '$feed_id'");

					print $_REQUEST['hub_challenge'];
					return;

				} else if ($mode == "unsubscribe") {

					db_query($this->link, "UPDATE ttrss_feeds SET pubsub_state = 0
						WHERE id = '$feed_id'");

					print $_REQUEST['hub_challenge'];
					return;

				} else if (!$mode) {

					// Received update ping, schedule feed update.
					//update_rss_feed($this->link, $feed_id, true, true);

					db_query($this->link, "UPDATE ttrss_feeds SET
						last_update_started = '1970-01-01',
						last_updated = '1970-01-01' WHERE id = '$feed_id'");

				}
			} else {
				header('HTTP/1.0 404 Not Found');
				echo "404 Not found";
			}
		} else {
			header('HTTP/1.0 404 Not Found');
			echo "404 Not found";
		}

	}

	function logout() {
		logout_user();
		header("Location: index.php");
	}

	function fbexport() {

		$access_key = db_escape_string($_POST["key"]);

		// TODO: rate limit checking using last_connected
		$result = db_query($this->link, "SELECT id FROM ttrss_linked_instances
			WHERE access_key = '$access_key'");

		if (db_num_rows($result) == 1) {

			$instance_id = db_fetch_result($result, 0, "id");

			$result = db_query($this->link, "SELECT feed_url, site_url, title, subscribers
				FROM ttrss_feedbrowser_cache ORDER BY subscribers DESC LIMIT 100");

			$feeds = array();

			while ($line = db_fetch_assoc($result)) {
				array_push($feeds, $line);
			}

			db_query($this->link, "UPDATE ttrss_linked_instances SET
				last_status_in = 1 WHERE id = '$instance_id'");

			print json_encode(array("feeds" => $feeds));
		} else {
			print json_encode(array("error" => array("code" => 6)));
		}
	}

	function share() {
		$uuid = db_escape_string($_REQUEST["key"]);

		$result = db_query($this->link, "SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
			uuid = '$uuid'");

		if (db_num_rows($result) != 0) {
			header("Content-Type: text/html");

			$id = db_fetch_result($result, 0, "ref_id");
			$owner_uid = db_fetch_result($result, 0, "owner_uid");

			$article = format_article($this->link, $id, false, true, $owner_uid);

			print_r($article['content']);

		} else {
			print "Article not found.";
		}

	}

	function rss() {
		$feed = db_escape_string($_REQUEST["id"]);
		$key = db_escape_string($_REQUEST["key"]);
		$is_cat = $_REQUEST["is_cat"] != false;
		$limit = (int)db_escape_string($_REQUEST["limit"]);

		$search = db_escape_string($_REQUEST["q"]);
		$match_on = db_escape_string($_REQUEST["m"]);
		$search_mode = db_escape_string($_REQUEST["smode"]);
		$view_mode = db_escape_string($_REQUEST["view-mode"]);

		$format = db_escape_string($_REQUEST['format']);

		if (!$format) $format = 'atom';

		if (SINGLE_USER_MODE) {
			authenticate_user($this->link, "admin", null);
		}

		$owner_id = false;

		if ($key) {
			$result = db_query($this->link, "SELECT owner_uid FROM
				ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");

			if (db_num_rows($result) == 1)
				$owner_id = db_fetch_result($result, 0, "owner_uid");
		}

		if ($owner_id) {
			$this->generate_syndicated_feed($owner_id, $feed, $is_cat, $limit,
				$search, $search_mode, $match_on, $view_mode, $format);
		} else {
			header('HTTP/1.1 403 Forbidden');
		}
	}

	function globalUpdateFeeds() {
		include "rssfuncs.php";
		// Update all feeds needing a update.
		update_daemon_common($this->link, 0, true, false);
	}

	function sharepopup() {
		header('Content-Type: text/html; charset=utf-8');
		print "<html>
				<head>
					<title>Tiny Tiny RSS</title>
					<link rel=\"stylesheet\" type=\"text/css\" href=\"utility.css\">
					<script type=\"text/javascript\" src=\"lib/prototype.js\"></script>
					<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
				</head>
				<body id='sharepopup'>";

		$action = $_REQUEST["action"];

		if ($_SESSION["uid"]) {

			if (!$action) {

				print "<table height='100%' width='100%'><tr><td colspan='2'>";
				print "<h1>".__("Share with Tiny Tiny RSS")."</h1>";
				print "</td></tr>";

				print "<form id='share_form' name='share_form'>";

				print "<input type=\"hidden\" name=\"op\" value=\"sharepopup\">";
				print "<input type=\"hidden\" name=\"action\" value=\"share\">";

				$title = htmlspecialchars($_REQUEST["title"]);
				$url = htmlspecialchars($_REQUEST["url"]);

				print "<tr><td>".__("Title:")."</td><td width='80%'><input name='title' value=\"$title\"></td></tr>";
				print "<tr><td>".__("URL:")."</td><td><input name='url' value=\"$url\"></td></tr>";
				print "<tr><td>".__("Content:")."</td><td><input name='content' value=\"\"></td></tr>";

				print "<script type='text/javascript'>";
				print "document.forms[0].title.focus();";
				print "</script>";

				print "<tr><td colspan='2'>
					<div style='float : right' class='insensitive-small'>".
					__("Shared article will appear in the Published feed.").
					"</div><button type=\"submit\">".
						__('Share')."</button>
					<button onclick=\"return window.close()\">".
						__('Cancel')."</button>
					</div>";

				print "</form>";
				print "</td></tr></table>";

				print "</body></html>";

			} else {

				$title = db_escape_string(strip_tags($_REQUEST["title"]));
				$url = db_escape_string(strip_tags($_REQUEST["url"]));
				$content = db_escape_string(strip_tags($_REQUEST["content"]));

				create_published_article($this->link, $title, $url, $content, $_SESSION["uid"]);

				print "<script type='text/javascript'>";
				print "window.close();";
				print "</script>";
			}

		} else {

			print "<table><tr><td>" . __("Not logged in.") . "</td></tr></table>";

		}
	}

	function login() {

		print_r($_REQUEST);

		$_SESSION["prefs_cache"] = array();

		if (!SINGLE_USER_MODE) {

			$login = db_escape_string($_POST["login"]);
			$password = $_POST["password"];
			$remember_me = $_POST["remember_me"];

			if (authenticate_user($this->link, $login, $password)) {
				$_POST["password"] = "";

				$_SESSION["language"] = $_POST["language"];
				$_SESSION["ref_schema_version"] = get_schema_version($this->link, true);
				$_SESSION["bw_limit"] = !!$_POST["bw_limit"];

				if ($_POST["profile"]) {

					$profile = db_escape_string($_POST["profile"]);

					$result = db_query($this->link, "SELECT id FROM ttrss_settings_profiles
						WHERE id = '$profile' AND owner_uid = " . $_SESSION["uid"]);

					if (db_num_rows($result) != 0) {
						$_SESSION["profile"] = $profile;
						$_SESSION["prefs_cache"] = array();
					}
				}
			} else {
				$_SESSION["login_error_msg"] = __("Incorrect username or password");
			}

			if ($_REQUEST['return']) {
				header("Location: " . $_REQUEST['return']);
			} else {
				header("Location: " . SELF_URL_PATH);
			}
		}
	}

	function subscribe() {
		if ($_SESSION["uid"]) {

			$feed_url = db_escape_string(trim($_REQUEST["feed_url"]));

			header('Content-Type: text/html; charset=utf-8');
			print "<html>
				<head>
					<title>Tiny Tiny RSS</title>
					<link rel=\"stylesheet\" type=\"text/css\" href=\"utility.css\">
					<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
				</head>
				<body>
				<img class=\"floatingLogo\" src=\"images/logo_wide.png\"
			  		alt=\"Tiny Tiny RSS\"/>
					<h1>".__("Subscribe to feed...")."</h1>";

			$rc = subscribe_to_feed($this->link, $feed_url);

			switch ($rc['code']) {
			case 0:
				print_warning(T_sprintf("Already subscribed to <b>%s</b>.", $feed_url));
				break;
			case 1:
				print_notice(T_sprintf("Subscribed to <b>%s</b>.", $feed_url));
				break;
			case 2:
				print_error(T_sprintf("Could not subscribe to <b>%s</b>.", $feed_url));
				break;
			case 3:
				print_error(T_sprintf("No feeds found in <b>%s</b>.", $feed_url));
				break;
			case 4:
				print_notice(__("Multiple feed URLs found."));
				$feed_urls = get_feeds_from_html($feed_url);
				break;
			case 5:
				print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url));
				break;
			}

			if ($feed_urls) {

				print "<form action=\"public.php\">";
				print "<input type=\"hidden\" name=\"op\" value=\"subscribe\">";

				print "<select name=\"feed_url\">";

				foreach ($feed_urls as $url => $name) {
					$url = htmlspecialchars($url);
					$name = htmlspecialchars($name);

					print "<option value=\"$url\">$name</option>";
				}

				print "<input type=\"submit\" value=\"".__("Subscribe to selected feed").
					"\">";

				print "</form>";
			}

			$tp_uri = get_self_url_prefix() . "/prefs.php";
			$tt_uri = get_self_url_prefix();

			if ($rc['code'] <= 2){
				$result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE
					feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);

				$feed_id = db_fetch_result($result, 0, "id");
			} else {
				$feed_id = 0;
			}
			print "<p>";

			if ($feed_id) {
				print "<form method=\"GET\" style='display: inline'
					action=\"$tp_uri\">
					<input type=\"hidden\" name=\"tab\" value=\"feedConfig\">
					<input type=\"hidden\" name=\"method\" value=\"editFeed\">
					<input type=\"hidden\" name=\"methodparam\" value=\"$feed_id\">
					<input type=\"submit\" value=\"".__("Edit subscription options")."\">
					</form>";
			}

			print "<form style='display: inline' method=\"GET\" action=\"$tt_uri\">
				<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
				</form></p>";

			print "</body></html>";

		} else {
			render_login_form($this->link);
		}
	}

	function subscribe2() {
		$feed_url = db_escape_string(trim($_REQUEST["feed_url"]));
		$cat_id = db_escape_string($_REQUEST["cat_id"]);
		$from = db_escape_string($_REQUEST["from"]);

		/* only read authentication information from POST */

		$auth_login = db_escape_string(trim($_POST["auth_login"]));
		$auth_pass = db_escape_string(trim($_POST["auth_pass"]));

		$rc = subscribe_to_feed($this->link, $feed_url, $cat_id, $auth_login, $auth_pass);

		switch ($rc) {
		case 1:
			print_notice(T_sprintf("Subscribed to <b>%s</b>.", $feed_url));
			break;
		case 2:
			print_error(T_sprintf("Could not subscribe to <b>%s</b>.", $feed_url));
			break;
		case 3:
			print_error(T_sprintf("No feeds found in <b>%s</b>.", $feed_url));
			break;
		case 0:
			print_warning(T_sprintf("Already subscribed to <b>%s</b>.", $feed_url));
			break;
		case 4:
			print_notice(__("Multiple feed URLs found."));

			$feed_urls = get_feeds_from_html($feed_url);
			break;
		case 5:
			print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url));
			break;
		}

		if ($feed_urls) {
			print "<form action=\"backend.php\">";
			print "<input type=\"hidden\" name=\"op\" value=\"pref-feeds\">";
			print "<input type=\"hidden\" name=\"quiet\" value=\"1\">";
			print "<input type=\"hidden\" name=\"method\" value=\"add\">";

			print "<select name=\"feed_url\">";

			foreach ($feed_urls as $url => $name) {
				$url = htmlspecialchars($url);
				$name = htmlspecialchars($name);
				print "<option value=\"$url\">$name</option>";
			}

			print "<input type=\"submit\" value=\"".__("Subscribe to selected feed")."\">";
			print "</form>";
		}

		$tp_uri = get_self_url_prefix() . "/prefs.php";
		$tt_uri = get_self_url_prefix();

		if ($rc <= 2){
			$result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE
				feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);

			$feed_id = db_fetch_result($result, 0, "id");
		} else {
			$feed_id = 0;
		}

		print "<p>";

		if ($feed_id) {
			print "<form method=\"GET\" style='display: inline'
				action=\"$tp_uri\">
				<input type=\"hidden\" name=\"tab\" value=\"feedConfig\">
				<input type=\"hidden\" name=\"method\" value=\"editFeed\">
				<input type=\"hidden\" name=\"methodparam\" value=\"$feed_id\">
				<input type=\"submit\" value=\"".__("Edit subscription options")."\">
				</form>";
		}

		print "<form style='display: inline' method=\"GET\" action=\"$tt_uri\">
			<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
			</form></p>";

		print "</body></html>";
	}

	function index() {
		header("Content-Type: text/plain");
		print json_encode(array("error" => array("code" => 7)));
	}

}
?>
Commit	Line	Data
5f0a3741	1	<?php
369dbc19	2	class Handler_Public extends Handler {
5f0a3741	3
79178062	4	private function generate_syndicated_feed($owner_uid, $feed, $is_cat,
2ebf38a9	5	$limit, $search, $search_mode, $match_on, $view_mode = false, $format = 'atom') {
79178062 AD	6
	7	require_once "lib/MiniTemplator.class.php";
	8
	9	$note_style = "background-color : #fff7d5;
	10	border-width : 1px; ".
	11	"padding : 5px; border-style : dashed; border-color : #e7d796;".
	12	"margin-bottom : 1em; color : #9a8c59;";
	13
c3d2cda8	14	if (!$limit) $limit = 100;
79178062 AD	15
	16	if (get_pref($this->link, "SORT_HEADLINES_BY_FEED_DATE", $owner_uid)) {
	17	$date_sort_field = "updated";
	18	} else {
	19	$date_sort_field = "date_entered";
	20	}
	21
	22	$qfh_ret = queryFeedHeadlines($this->link, $feed,
	23	$limit, $view_mode, $is_cat, $search, $search_mode,
	24	$match_on, "$date_sort_field DESC", 0, $owner_uid);
	25
	26	$result = $qfh_ret[0];
	27	$feed_title = htmlspecialchars($qfh_ret[1]);
	28	$feed_site_url = $qfh_ret[2];
	29	$last_error = $qfh_ret[3];
	30
	31	$feed_self_url = get_self_url_prefix() .
	32	"/public.php?op=rss&id=-2&key=" .
2fb947eb	33	get_feed_access_key($this->link, -2, false, $owner_uid);
79178062 AD	34
	35	if (!$feed_site_url) $feed_site_url = get_self_url_prefix();
	36
2ebf38a9 AD	37	if ($format == 'atom') {
2ebf38a9 AD	38	$tpl = new MiniTemplator;
79178062	39
2ebf38a9	40	$tpl->readTemplateFromFile("templates/generated_feed.txt");
79178062	41
2ebf38a9 AD	42	$tpl->setVariable('FEED_TITLE', $feed_title, true);
	43	$tpl->setVariable('VERSION', VERSION, true);
	44	$tpl->setVariable('FEED_URL', htmlspecialchars($feed_self_url), true);
79178062	45
2ebf38a9 AD	46	if (PUBSUBHUBBUB_HUB && $feed == -2) {
	47	$tpl->setVariable('HUB_URL', htmlspecialchars(PUBSUBHUBBUB_HUB), true);
	48	$tpl->addBlock('feed_hub');
	49	}
79178062	50
2ebf38a9	51	$tpl->setVariable('SELF_URL', htmlspecialchars(get_self_url_prefix()), true);
79178062	52
2ebf38a9 AD	53	while ($line = db_fetch_assoc($result)) {
	54	$tpl->setVariable('ARTICLE_ID', htmlspecialchars($line['link']), true);
	55	$tpl->setVariable('ARTICLE_LINK', htmlspecialchars($line['link']), true);
	56	$tpl->setVariable('ARTICLE_TITLE', htmlspecialchars($line['title']), true);
	57	$tpl->setVariable('ARTICLE_EXCERPT',
	58	truncate_string(strip_tags($line["content_preview"]), 100, '...'), true);
79178062	59
2ebf38a9	60	$content = sanitize($this->link, $line["content_preview"], false, $owner_uid);
79178062	61
2ebf38a9 AD	62	if ($line['note']) {
	63	$content = "<div style=\"$note_style\">Article note: " . $line['note'] . "</div>" .
	64	$content;
	65	}
	66
	67	$tpl->setVariable('ARTICLE_CONTENT', $content, true);
	68
	69	$tpl->setVariable('ARTICLE_UPDATED_ATOM',
	70	date('c', strtotime($line["updated"])), true);
	71	$tpl->setVariable('ARTICLE_UPDATED_RFC822',
	72	date(DATE_RFC822, strtotime($line["updated"])), true);
	73
	74	$tpl->setVariable('ARTICLE_AUTHOR', htmlspecialchars($line['author']), true);
	75
	76	$tags = get_article_tags($this->link, $line["id"], $owner_uid);
	77
	78	foreach ($tags as $tag) {
	79	$tpl->setVariable('ARTICLE_CATEGORY', htmlspecialchars($tag), true);
	80	$tpl->addBlock('category');
	81	}
79178062	82
2ebf38a9	83	$enclosures = get_article_enclosures($this->link, $line["id"]);
79178062	84
2ebf38a9 AD	85	foreach ($enclosures as $e) {
	86	$type = htmlspecialchars($e['content_type']);
	87	$url = htmlspecialchars($e['content_url']);
	88	$length = $e['duration'];
9c97041d	89
2ebf38a9 AD	90	$tpl->setVariable('ARTICLE_ENCLOSURE_URL', $url, true);
	91	$tpl->setVariable('ARTICLE_ENCLOSURE_TYPE', $type, true);
	92	$tpl->setVariable('ARTICLE_ENCLOSURE_LENGTH', $length, true);
79178062	93
2ebf38a9 AD	94	$tpl->addBlock('enclosure');
2ebf38a9 AD	95	}
79178062	96
2ebf38a9	97	$tpl->addBlock('entry');
79178062 AD	98	}
79178062 AD	99
2ebf38a9 AD	100	$tmp = "";
	101
	102	$tpl->addBlock('feed');
	103	$tpl->generateOutputToString($tmp);
	104
	105	header("Content-Type: text/xml; charset=utf-8");
	106
	107	print $tmp;
	108	} else if ($format == 'json') {
79178062	109
2ebf38a9	110	$feed = array();
79178062	111
2ebf38a9 AD	112	$feed['title'] = $feed_title;
	113	$feed['version'] = VERSION;
	114	$feed['feed_url'] = $feed_self_url;
79178062	115
2ebf38a9 AD	116	if (PUBSUBHUBBUB_HUB && $feed == -2) {
2ebf38a9 AD	117	$feed['hub_url'] = PUBSUBHUBBUB_HUB;
79178062 AD	118	}
79178062 AD	119
2ebf38a9 AD	120	$feed['self_url'] = get_self_url_prefix();
	121
	122	$feed['articles'] = array();
	123
	124	while ($line = db_fetch_assoc($result)) {
	125	$article = array();
79178062	126
2ebf38a9 AD	127	$article['id'] = $line['link'];
	128	$article['link'] = $line['link'];
	129	$article['title'] = $line['title'];
	130	$article['excerpt'] = truncate_string(strip_tags($line["content_preview"]), 100, '...');
	131	$article['content'] = sanitize($this->link, $line["content_preview"], false, $owner_uid);
	132	$article['updated'] = date('c', strtotime($line["updated"]));
79178062	133
2ebf38a9 AD	134	if ($line['note']) $article['note'] = $line['note'];
2ebf38a9 AD	135	if ($article['author']) $article['author'] = $line['author'];
79178062	136
2ebf38a9 AD	137	$tags = get_article_tags($this->link, $line["id"], $owner_uid);
	138
	139	if (count($tags) > 0) {
	140	$article['tags'] = array();
	141
	142	foreach ($tags as $tag) {
	143	array_push($article['tags'], $tag);
	144	}
	145	}
	146
	147	$enclosures = get_article_enclosures($this->link, $line["id"]);
	148
	149	if (count($enclosures) > 0) {
	150	$article['enclosures'] = array();
	151
	152	foreach ($enclosures as $e) {
	153	$type = $e['content_type'];
	154	$url = $e['content_url'];
	155	$length = $e['duration'];
	156
	157	array_push($article['enclosures'], array("url" => $url, "type" => $type, "length" => $length));
	158	}
	159	}
	160
	161	array_push($feed['articles'], $article);
	162	}
	163
	164	header("Content-Type: text/plain; charset=utf-8");
	165
	166	print json_encode($feed);
	167
	168	} else {
	169	header("Content-Type: text/plain; charset=utf-8");
	170	print json_encode(array("error" => array("message" => "Unknown format")));
	171	}
79178062 AD	172	}
79178062 AD	173
5f0a3741 AD	174	function getUnread() {
	175	$login = db_escape_string($_REQUEST["login"]);
	176	$fresh = $_REQUEST["fresh"] == "1";
	177
	178	$result = db_query($this->link, "SELECT id FROM ttrss_users WHERE login = '$login'");
	179
	180	if (db_num_rows($result) == 1) {
	181	$uid = db_fetch_result($result, 0, "id");
	182
	183	print getGlobalUnread($this->link, $uid);
	184
	185	if ($fresh) {
	186	print ";";
	187	print getFeedArticles($this->link, -3, false, true, $uid);
	188	}
	189
	190	} else {
	191	print "-1;User not found";
	192	}
	193
	194	}
	195
	196	function getProfiles() {
	197	$login = db_escape_string($_REQUEST["login"]);
5f0a3741	198
97acbaf1 AD	199	$result = db_query($this->link, "SELECT * FROM ttrss_settings_profiles,ttrss_users
97acbaf1 AD	200	WHERE ttrss_users.id = ttrss_settings_profiles.owner_uid AND login = '$login' ORDER BY title");
5f0a3741	201
97acbaf1	202	print "<select style='width: 100%' name='profile'>";
5f0a3741	203
97acbaf1	204	print "<option value='0'>" . __("Default profile") . "</option>";
5f0a3741	205
97acbaf1 AD	206	while ($line = db_fetch_assoc($result)) {
	207	$id = $line["id"];
	208	$title = $line["title"];
5f0a3741	209
97acbaf1	210	print "<option value='$id'>$title</option>";
5f0a3741	211	}
97acbaf1 AD	212
97acbaf1 AD	213	print "</select>";
5f0a3741 AD	214	}
	215
	216	function pubsub() {
	217	$mode = db_escape_string($_REQUEST['hub_mode']);
	218	$feed_id = (int) db_escape_string($_REQUEST['id']);
	219	$feed_url = db_escape_string($_REQUEST['hub_topic']);
	220
	221	if (!PUBSUBHUBBUB_ENABLED) {
	222	header('HTTP/1.0 404 Not Found');
	223	echo "404 Not found";
	224	return;
	225	}
	226
	227	// TODO: implement hub_verifytoken checking
	228
	229	$result = db_query($this->link, "SELECT feed_url FROM ttrss_feeds
	230	WHERE id = '$feed_id'");
	231
	232	if (db_num_rows($result) != 0) {
	233
	234	$check_feed_url = db_fetch_result($result, 0, "feed_url");
	235
	236	if ($check_feed_url && ($check_feed_url == $feed_url \|\| !$feed_url)) {
	237	if ($mode == "subscribe") {
	238
	239	db_query($this->link, "UPDATE ttrss_feeds SET pubsub_state = 2
	240	WHERE id = '$feed_id'");
	241
	242	print $_REQUEST['hub_challenge'];
	243	return;
	244
	245	} else if ($mode == "unsubscribe") {
	246
	247	db_query($this->link, "UPDATE ttrss_feeds SET pubsub_state = 0
	248	WHERE id = '$feed_id'");
	249
	250	print $_REQUEST['hub_challenge'];
	251	return;
	252
	253	} else if (!$mode) {
	254
	255	// Received update ping, schedule feed update.
	256	//update_rss_feed($this->link, $feed_id, true, true);
	257
	258	db_query($this->link, "UPDATE ttrss_feeds SET
	259	last_update_started = '1970-01-01',
	260	last_updated = '1970-01-01' WHERE id = '$feed_id'");
	261
	262	}
	263	} else {
	264	header('HTTP/1.0 404 Not Found');
	265	echo "404 Not found";
	266	}
	267	} else {
	268	header('HTTP/1.0 404 Not Found');
	269	echo "404 Not found";
	270	}
	271
	272	}
	273
	274	function logout() {
	275	logout_user();
	276	header("Location: index.php");
	277	}
278
279	function fbexport() {
280
281	$access_key = db_escape_string($_POST["key"]);
282
283	// TODO: rate limit checking using last_connected
284	$result = db_query($this->link, "SELECT id FROM ttrss_linked_instances
285	WHERE access_key = '$access_key'");
286
287	if (db_num_rows($result) == 1) {
288
289	$instance_id = db_fetch_result($result, 0, "id");
290
291	$result = db_query($this->link, "SELECT feed_url, site_url, title, subscribers
292	FROM ttrss_feedbrowser_cache ORDER BY subscribers DESC LIMIT 100");
293
294	$feeds = array();
295
296	while ($line = db_fetch_assoc($result)) {
297	array_push($feeds, $line);
298	}
299
300	db_query($this->link, "UPDATE ttrss_linked_instances SET
301	last_status_in = 1 WHERE id = '$instance_id'");
302
303	print json_encode(array("feeds" => $feeds));
304	} else {
305	print json_encode(array("error" => array("code" => 6)));
306	}
307	}
308
309	function share() {
310	$uuid = db_escape_string($_REQUEST["key"]);
311
312	$result = db_query($this->link, "SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
313	uuid = '$uuid'");
314
315	if (db_num_rows($result) != 0) {
316	header("Content-Type: text/html");
317
318	$id = db_fetch_result($result, 0, "ref_id");
319	$owner_uid = db_fetch_result($result, 0, "owner_uid");
320
64436e10	321	$article = format_article($this->link, $id, false, true, $owner_uid);
5f0a3741 AD	322
	323	print_r($article['content']);
	324
	325	} else {
	326	print "Article not found.";
	327	}
	328
	329	}
	330
	331	function rss() {
5f0a3741 AD	332	$feed = db_escape_string($_REQUEST["id"]);
	333	$key = db_escape_string($_REQUEST["key"]);
	334	$is_cat = $_REQUEST["is_cat"] != false;
	335	$limit = (int)db_escape_string($_REQUEST["limit"]);
	336
	337	$search = db_escape_string($_REQUEST["q"]);
	338	$match_on = db_escape_string($_REQUEST["m"]);
	339	$search_mode = db_escape_string($_REQUEST["smode"]);
	340	$view_mode = db_escape_string($_REQUEST["view-mode"]);
	341
2ebf38a9 AD	342	$format = db_escape_string($_REQUEST['format']);
	343
	344	if (!$format) $format = 'atom';
	345
5f0a3741 AD	346	if (SINGLE_USER_MODE) {
	347	authenticate_user($this->link, "admin", null);
	348	}
	349
	350	$owner_id = false;
	351
	352	if ($key) {
	353	$result = db_query($this->link, "SELECT owner_uid FROM
	354	ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
	355
	356	if (db_num_rows($result) == 1)
	357	$owner_id = db_fetch_result($result, 0, "owner_uid");
	358	}
	359
	360	if ($owner_id) {
2fb947eb	361	$this->generate_syndicated_feed($owner_id, $feed, $is_cat, $limit,
2ebf38a9	362	$search, $search_mode, $match_on, $view_mode, $format);
5f0a3741 AD	363	} else {
	364	header('HTTP/1.1 403 Forbidden');
	365	}
	366	}
	367
07391e36 AD	368	function globalUpdateFeeds() {
07391e36 AD	369	include "rssfuncs.php";
5f0a3741	370	// Update all feeds needing a update.
036cd3a4	371	update_daemon_common($this->link, 0, true, false);
07391e36	372	}
8361e724 AD	373
	374	function sharepopup() {
	375	header('Content-Type: text/html; charset=utf-8');
	376	print "<html>
	377	<head>
	378	<title>Tiny Tiny RSS</title>
	379	<link rel=\"stylesheet\" type=\"text/css\" href=\"utility.css\">
	380	<script type=\"text/javascript\" src=\"lib/prototype.js\"></script>
	381	<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
	382	</head>
	383	<body id='sharepopup'>";
	384
	385	$action = $_REQUEST["action"];
	386
	387	if ($_SESSION["uid"]) {
	388
	389	if (!$action) {
	390
	391	print "<table height='100%' width='100%'><tr><td colspan='2'>";
50b8b503	392	print "<h1>".__("Share with Tiny Tiny RSS")."</h1>";
8361e724 AD	393	print "</td></tr>";
	394
	395	print "<form id='share_form' name='share_form'>";
	396
	397	print "<input type=\"hidden\" name=\"op\" value=\"sharepopup\">";
	398	print "<input type=\"hidden\" name=\"action\" value=\"share\">";
	399
	400	$title = htmlspecialchars($_REQUEST["title"]);
	401	$url = htmlspecialchars($_REQUEST["url"]);
	402
	403	print "<tr><td>".__("Title:")."</td><td width='80%'><input name='title' value=\"$title\"></td></tr>";
	404	print "<tr><td>".__("URL:")."</td><td><input name='url' value=\"$url\"></td></tr>";
	405	print "<tr><td>".__("Content:")."</td><td><input name='content' value=\"\"></td></tr>";
	406
	407	print "<script type='text/javascript'>";
	408	print "document.forms[0].title.focus();";
	409	print "</script>";
	410
	411	print "<tr><td colspan='2'>
50b8b503 AD	412	<div style='float : right' class='insensitive-small'>".
	413	__("Shared article will appear in the Published feed.").
	414	"</div><button type=\"submit\">".
	415	__('Share')."</button>
8361e724 AD	416	<button onclick=\"return window.close()\">".
	417	__('Cancel')."</button>
	418	</div>";
	419
	420	print "</form>";
	421	print "</td></tr></table>";
	422
	423	print "</body></html>";
	424
	425	} else {
	426
	427	$title = db_escape_string(strip_tags($_REQUEST["title"]));
	428	$url = db_escape_string(strip_tags($_REQUEST["url"]));
	429	$content = db_escape_string(strip_tags($_REQUEST["content"]));
	430
	431	create_published_article($this->link, $title, $url, $content, $_SESSION["uid"]);
	432
	433	print "<script type='text/javascript'>";
	434	print "window.close();";
	435	print "</script>";
	436	}
	437
	438	} else {
	439
	440	print "<table><tr><td>" . __("Not logged in.") . "</td></tr></table>";
	441
	442	}
	443	}
	444
97acbaf1 AD	445	function login() {
	446
	447	print_r($_REQUEST);
	448
	449	$_SESSION["prefs_cache"] = array();
	450
	451	if (!SINGLE_USER_MODE) {
	452
	453	$login = db_escape_string($_POST["login"]);
	454	$password = $_POST["password"];
	455	$remember_me = $_POST["remember_me"];
	456
	457	if (authenticate_user($this->link, $login, $password)) {
	458	$_POST["password"] = "";
	459
	460	$_SESSION["language"] = $_POST["language"];
	461	$_SESSION["ref_schema_version"] = get_schema_version($this->link, true);
	462	$_SESSION["bw_limit"] = !!$_POST["bw_limit"];
	463
	464	if ($_POST["profile"]) {
	465
	466	$profile = db_escape_string($_POST["profile"]);
	467
	468	$result = db_query($this->link, "SELECT id FROM ttrss_settings_profiles
	469	WHERE id = '$profile' AND owner_uid = " . $_SESSION["uid"]);
	470
	471	if (db_num_rows($result) != 0) {
	472	$_SESSION["profile"] = $profile;
	473	$_SESSION["prefs_cache"] = array();
	474	}
	475	}
	476	} else {
	477	$_SESSION["login_error_msg"] = __("Incorrect username or password");
	478	}
	479
	480	if ($_REQUEST['return']) {
	481	header("Location: " . $_REQUEST['return']);
	482	} else {
	483	header("Location: " . SELF_URL_PATH);
	484	}
	485	}
	486	}
	487
	488	function subscribe() {
	489	if ($_SESSION["uid"]) {
	490
	491	$feed_url = db_escape_string(trim($_REQUEST["feed_url"]));
	492
	493	header('Content-Type: text/html; charset=utf-8');
	494	print "<html>
	495	<head>
	496	<title>Tiny Tiny RSS</title>
	497	<link rel=\"stylesheet\" type=\"text/css\" href=\"utility.css\">
	498	<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
	499	</head>
	500	<body>
	501	<img class=\"floatingLogo\" src=\"images/logo_wide.png\"
	502	alt=\"Tiny Tiny RSS\"/>
	503	<h1>".__("Subscribe to feed...")."</h1>";
	504
	505	$rc = subscribe_to_feed($this->link, $feed_url);
	506
	507	switch ($rc['code']) {
	508	case 0:
509	print_warning(T_sprintf("Already subscribed to <b>%s</b>.", $feed_url));
510	break;
511	case 1:
512	print_notice(T_sprintf("Subscribed to <b>%s</b>.", $feed_url));
513	break;
514	case 2:
515	print_error(T_sprintf("Could not subscribe to <b>%s</b>.", $feed_url));
516	break;
517	case 3:
518	print_error(T_sprintf("No feeds found in <b>%s</b>.", $feed_url));
519	break;
520	case 4:
521	print_notice(__("Multiple feed URLs found."));
522	$feed_urls = get_feeds_from_html($feed_url);
523	break;
524	case 5:
525	print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url));
526	break;
527	}
528
529	if ($feed_urls) {
530
531	print "<form action=\"public.php\">";
532	print "<input type=\"hidden\" name=\"op\" value=\"subscribe\">";
533
534	print "<select name=\"feed_url\">";
535
536	foreach ($feed_urls as $url => $name) {
537	$url = htmlspecialchars($url);
538	$name = htmlspecialchars($name);
539
540	print "<option value=\"$url\">$name</option>";
541	}
542
543	print "<input type=\"submit\" value=\"".__("Subscribe to selected feed").
544	"\">";
545
546	print "</form>";
547	}
548
549	$tp_uri = get_self_url_prefix() . "/prefs.php";
550	$tt_uri = get_self_url_prefix();
551
552	if ($rc['code'] <= 2){
553	$result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE
554	feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
555
556	$feed_id = db_fetch_result($result, 0, "id");
557	} else {
558	$feed_id = 0;
559	}
560	print "<p>";
561
562	if ($feed_id) {
563	print "<form method=\"GET\" style='display: inline'
564	action=\"$tp_uri\">
565	<input type=\"hidden\" name=\"tab\" value=\"feedConfig\">
566	<input type=\"hidden\" name=\"method\" value=\"editFeed\">
567	<input type=\"hidden\" name=\"methodparam\" value=\"$feed_id\">
568	<input type=\"submit\" value=\"".__("Edit subscription options")."\">
569	</form>";
570	}
571
572	print "<form style='display: inline' method=\"GET\" action=\"$tt_uri\">
573	<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
574	</form></p>";
575
576	print "</body></html>";
577
578	} else {
579	render_login_form($this->link);
580	}
581	}
582
583	function subscribe2() {
584	$feed_url = db_escape_string(trim($_REQUEST["feed_url"]));
585	$cat_id = db_escape_string($_REQUEST["cat_id"]);
586	$from = db_escape_string($_REQUEST["from"]);
587
588	/* only read authentication information from POST */
589
590	$auth_login = db_escape_string(trim($_POST["auth_login"]));
591	$auth_pass = db_escape_string(trim($_POST["auth_pass"]));
592
593	$rc = subscribe_to_feed($this->link, $feed_url, $cat_id, $auth_login, $auth_pass);
594
595	switch ($rc) {
596	case 1:
597	print_notice(T_sprintf("Subscribed to <b>%s</b>.", $feed_url));
598	break;
599	case 2:
600	print_error(T_sprintf("Could not subscribe to <b>%s</b>.", $feed_url));
601	break;
602	case 3:
603	print_error(T_sprintf("No feeds found in <b>%s</b>.", $feed_url));
604	break;
605	case 0:
606	print_warning(T_sprintf("Already subscribed to <b>%s</b>.", $feed_url));
607	break;
608	case 4:
609	print_notice(__("Multiple feed URLs found."));
610
611	$feed_urls = get_feeds_from_html($feed_url);
612	break;
613	case 5:
614	print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url));
615	break;
616	}
617
618	if ($feed_urls) {
619	print "<form action=\"backend.php\">";
620	print "<input type=\"hidden\" name=\"op\" value=\"pref-feeds\">";
621	print "<input type=\"hidden\" name=\"quiet\" value=\"1\">";
622	print "<input type=\"hidden\" name=\"method\" value=\"add\">";
623
624	print "<select name=\"feed_url\">";
625
626	foreach ($feed_urls as $url => $name) {
627	$url = htmlspecialchars($url);
628	$name = htmlspecialchars($name);
629	print "<option value=\"$url\">$name</option>";
630	}
631
632	print "<input type=\"submit\" value=\"".__("Subscribe to selected feed")."\">";
633	print "</form>";
634	}
635
636	$tp_uri = get_self_url_prefix() . "/prefs.php";
637	$tt_uri = get_self_url_prefix();
638
639	if ($rc <= 2){
640	$result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE
641	feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
642
643	$feed_id = db_fetch_result($result, 0, "id");
644	} else {
645	$feed_id = 0;
646	}
647
648	print "<p>";
649
650	if ($feed_id) {
651	print "<form method=\"GET\" style='display: inline'
652	action=\"$tp_uri\">
653	<input type=\"hidden\" name=\"tab\" value=\"feedConfig\">
654	<input type=\"hidden\" name=\"method\" value=\"editFeed\">
655	<input type=\"hidden\" name=\"methodparam\" value=\"$feed_id\">
656	<input type=\"submit\" value=\"".__("Edit subscription options")."\">
657	</form>";
658	}
659
660	print "<form style='display: inline' method=\"GET\" action=\"$tt_uri\">
661	<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
662	</form></p>";
663
664	print "</body></html>";
665	}
666
667	function index() {
668	header("Content-Type: text/plain");
669	print json_encode(array("error" => array("code" => 7)));
670	}
671
5f0a3741 AD	672	}
5f0a3741 AD	673	?>