]>
Commit | Line | Data |
---|---|---|
5f0a3741 | 1 | <?php |
369dbc19 | 2 | class Handler_Public extends Handler { |
5f0a3741 | 3 | |
79178062 | 4 | private function generate_syndicated_feed($owner_uid, $feed, $is_cat, |
9090b874 | 5 | $limit, $offset, $search, |
d1e631f3 | 6 | $view_mode = false, $format = 'atom', $order = false, $orig_guid = false, $start_ts = false) { |
79178062 AD |
7 | |
8 | require_once "lib/MiniTemplator.class.php"; | |
9 | ||
10 | $note_style = "background-color : #fff7d5; | |
11 | border-width : 1px; ". | |
12 | "padding : 5px; border-style : dashed; border-color : #e7d796;". | |
13 | "margin-bottom : 1em; color : #9a8c59;"; | |
14 | ||
2faef834 | 15 | if (!$limit) $limit = 60; |
79178062 | 16 | |
8aa01d79 | 17 | $date_sort_field = "date_entered DESC, updated DESC"; |
79178062 | 18 | |
84c53d0e | 19 | if ($feed == -2 && !$is_cat) { |
7ef7dd31 | 20 | $date_sort_field = "last_published DESC"; |
84c53d0e | 21 | } else if ($feed == -1 && !$is_cat) { |
7ef7dd31 | 22 | $date_sort_field = "last_marked DESC"; |
84c53d0e | 23 | } |
008ebad9 | 24 | |
25051fb8 AD |
25 | switch ($order) { |
26 | case "title": | |
81d96c0d | 27 | $date_sort_field = "ttrss_entries.title, date_entered, updated"; |
25051fb8 AD |
28 | break; |
29 | case "date_reverse": | |
30 | $date_sort_field = "date_entered, updated"; | |
31 | break; | |
32 | case "feed_dates": | |
33 | $date_sort_field = "updated DESC"; | |
34 | break; | |
35 | } | |
f5a0fb8b AD |
36 | $params = array( |
37 | "owner_uid" => $owner_uid, | |
38 | "feed" => $feed, | |
39 | "limit" => $limit, | |
40 | "view_mode" => $view_mode, | |
41 | "cat_view" => $is_cat, | |
42 | "search" => $search, | |
43 | "override_order" => $date_sort_field, | |
44 | "include_children" => true, | |
45 | "ignore_vfeed_group" => true, | |
46 | "offset" => $offset, | |
47 | "start_ts" => $start_ts | |
48 | ); | |
49 | ||
aeb1abed | 50 | $qfh_ret = Feeds::queryFeedHeadlines($params); |
2e35a707 | 51 | |
79178062 AD |
52 | $result = $qfh_ret[0]; |
53 | $feed_title = htmlspecialchars($qfh_ret[1]); | |
54 | $feed_site_url = $qfh_ret[2]; | |
4a80c57c | 55 | /* $last_error = $qfh_ret[3]; */ |
79178062 AD |
56 | |
57 | $feed_self_url = get_self_url_prefix() . | |
39119f02 JT |
58 | "/public.php?op=rss&id=$feed&key=" . |
59 | get_feed_access_key($feed, false, $owner_uid); | |
79178062 AD |
60 | |
61 | if (!$feed_site_url) $feed_site_url = get_self_url_prefix(); | |
62 | ||
2ebf38a9 AD |
63 | if ($format == 'atom') { |
64 | $tpl = new MiniTemplator; | |
79178062 | 65 | |
2ebf38a9 | 66 | $tpl->readTemplateFromFile("templates/generated_feed.txt"); |
79178062 | 67 | |
2ebf38a9 AD |
68 | $tpl->setVariable('FEED_TITLE', $feed_title, true); |
69 | $tpl->setVariable('VERSION', VERSION, true); | |
70 | $tpl->setVariable('FEED_URL', htmlspecialchars($feed_self_url), true); | |
79178062 | 71 | |
2ebf38a9 | 72 | $tpl->setVariable('SELF_URL', htmlspecialchars(get_self_url_prefix()), true); |
dc393a58 | 73 | while ($line = $result->fetch()) { |
399678a1 | 74 | |
2f1a29d9 | 75 | $line["content_preview"] = sanitize(truncate_string(strip_tags($line["content"]), 100, '...')); |
bc262b67 | 76 | |
891e36f5 | 77 | foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_QUERY_HEADLINES) as $p) { |
78 | $line = $p->hook_query_headlines($line); | |
79 | } | |
2e35a707 | 80 | |
399678a1 | 81 | foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_ARTICLE_EXPORT_FEED) as $p) { |
92322838 | 82 | $line = $p->hook_article_export_feed($line, $feed, $is_cat); |
399678a1 AD |
83 | } |
84 | ||
fcf6bfba AD |
85 | $tpl->setVariable('ARTICLE_ID', |
86 | htmlspecialchars($orig_guid ? $line['link'] : | |
f75e7c64 | 87 | $this->make_article_tag_uri($line['id'], $line['date_entered'])), true); |
2ebf38a9 AD |
88 | $tpl->setVariable('ARTICLE_LINK', htmlspecialchars($line['link']), true); |
89 | $tpl->setVariable('ARTICLE_TITLE', htmlspecialchars($line['title']), true); | |
67631438 | 90 | $tpl->setVariable('ARTICLE_EXCERPT', $line["content_preview"], true); |
79178062 | 91 | |
4b19d4ac | 92 | $content = sanitize($line["content"], false, $owner_uid, |
3261dbfa | 93 | $feed_site_url, false, $line["id"]); |
79178062 | 94 | |
2ebf38a9 AD |
95 | if ($line['note']) { |
96 | $content = "<div style=\"$note_style\">Article note: " . $line['note'] . "</div>" . | |
97 | $content; | |
e9c6e27d | 98 | $tpl->setVariable('ARTICLE_NOTE', htmlspecialchars($line['note']), true); |
99 | } | |
2ebf38a9 AD |
100 | |
101 | $tpl->setVariable('ARTICLE_CONTENT', $content, true); | |
102 | ||
103 | $tpl->setVariable('ARTICLE_UPDATED_ATOM', | |
104 | date('c', strtotime($line["updated"])), true); | |
105 | $tpl->setVariable('ARTICLE_UPDATED_RFC822', | |
106 | date(DATE_RFC822, strtotime($line["updated"])), true); | |
107 | ||
108 | $tpl->setVariable('ARTICLE_AUTHOR', htmlspecialchars($line['author']), true); | |
109 | ||
4b7391de | 110 | $tpl->setVariable('ARTICLE_SOURCE_LINK', htmlspecialchars($line['site_url'] ? $line["site_url"] : get_self_url_prefix()), true); |
0ee126ee | 111 | $tpl->setVariable('ARTICLE_SOURCE_TITLE', htmlspecialchars($line['feed_title'] ? $line['feed_title'] : $feed_title), true); |
2ebf38a9 | 112 | |
7e5f8d9f | 113 | $tags = Article::get_article_tags($line["id"], $owner_uid); |
2ebf38a9 AD |
114 | |
115 | foreach ($tags as $tag) { | |
116 | $tpl->setVariable('ARTICLE_CATEGORY', htmlspecialchars($tag), true); | |
117 | $tpl->addBlock('category'); | |
118 | } | |
79178062 | 119 | |
7e5f8d9f | 120 | $enclosures = Article::get_article_enclosures($line["id"]); |
79178062 | 121 | |
2ebf38a9 AD |
122 | foreach ($enclosures as $e) { |
123 | $type = htmlspecialchars($e['content_type']); | |
124 | $url = htmlspecialchars($e['content_url']); | |
4b7391de | 125 | $length = $e['duration'] ? $e['duration'] : 1; |
9c97041d | 126 | |
2ebf38a9 AD |
127 | $tpl->setVariable('ARTICLE_ENCLOSURE_URL', $url, true); |
128 | $tpl->setVariable('ARTICLE_ENCLOSURE_TYPE', $type, true); | |
129 | $tpl->setVariable('ARTICLE_ENCLOSURE_LENGTH', $length, true); | |
79178062 | 130 | |
2ebf38a9 AD |
131 | $tpl->addBlock('enclosure'); |
132 | } | |
79178062 | 133 | |
2ebf38a9 | 134 | $tpl->addBlock('entry'); |
79178062 AD |
135 | } |
136 | ||
2ebf38a9 AD |
137 | $tmp = ""; |
138 | ||
139 | $tpl->addBlock('feed'); | |
140 | $tpl->generateOutputToString($tmp); | |
141 | ||
e6532439 | 142 | if (@!clean($_REQUEST["noxml"])) { |
10bdeb4b AD |
143 | header("Content-Type: text/xml; charset=utf-8"); |
144 | } else { | |
145 | header("Content-Type: text/plain; charset=utf-8"); | |
146 | } | |
2ebf38a9 AD |
147 | |
148 | print $tmp; | |
149 | } else if ($format == 'json') { | |
79178062 | 150 | |
2ebf38a9 | 151 | $feed = array(); |
79178062 | 152 | |
2ebf38a9 AD |
153 | $feed['title'] = $feed_title; |
154 | $feed['version'] = VERSION; | |
155 | $feed['feed_url'] = $feed_self_url; | |
79178062 | 156 | |
2ebf38a9 AD |
157 | $feed['self_url'] = get_self_url_prefix(); |
158 | ||
159 | $feed['articles'] = array(); | |
160 | ||
dc393a58 | 161 | while ($line = $result->fetch()) { |
399678a1 | 162 | |
2f1a29d9 | 163 | $line["content_preview"] = sanitize(truncate_string(strip_tags($line["content_preview"]), 100, '...')); |
399678a1 | 164 | |
891e36f5 | 165 | foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_QUERY_HEADLINES) as $p) { |
166 | $line = $p->hook_query_headlines($line, 100); | |
167 | } | |
399678a1 AD |
168 | |
169 | foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_ARTICLE_EXPORT_FEED) as $p) { | |
92322838 | 170 | $line = $p->hook_article_export_feed($line, $feed, $is_cat); |
399678a1 AD |
171 | } |
172 | ||
2ebf38a9 | 173 | $article = array(); |
79178062 | 174 | |
2ebf38a9 AD |
175 | $article['id'] = $line['link']; |
176 | $article['link'] = $line['link']; | |
177 | $article['title'] = $line['title']; | |
67631438 | 178 | $article['excerpt'] = $line["content_preview"]; |
3261dbfa | 179 | $article['content'] = sanitize($line["content"], false, $owner_uid, $feed_site_url, false, $line["id"]); |
2ebf38a9 | 180 | $article['updated'] = date('c', strtotime($line["updated"])); |
79178062 | 181 | |
2ebf38a9 AD |
182 | if ($line['note']) $article['note'] = $line['note']; |
183 | if ($article['author']) $article['author'] = $line['author']; | |
79178062 | 184 | |
2ed0d6c4 | 185 | $tags = Article::get_article_tags($line["id"], $owner_uid); |
2ebf38a9 AD |
186 | |
187 | if (count($tags) > 0) { | |
188 | $article['tags'] = array(); | |
189 | ||
190 | foreach ($tags as $tag) { | |
191 | array_push($article['tags'], $tag); | |
192 | } | |
193 | } | |
194 | ||
7e5f8d9f | 195 | $enclosures = Article::get_article_enclosures($line["id"]); |
2ebf38a9 AD |
196 | |
197 | if (count($enclosures) > 0) { | |
198 | $article['enclosures'] = array(); | |
199 | ||
200 | foreach ($enclosures as $e) { | |
201 | $type = $e['content_type']; | |
202 | $url = $e['content_url']; | |
203 | $length = $e['duration']; | |
204 | ||
205 | array_push($article['enclosures'], array("url" => $url, "type" => $type, "length" => $length)); | |
206 | } | |
207 | } | |
208 | ||
209 | array_push($feed['articles'], $article); | |
210 | } | |
211 | ||
10bdeb4b | 212 | header("Content-Type: text/json; charset=utf-8"); |
2ebf38a9 AD |
213 | print json_encode($feed); |
214 | ||
215 | } else { | |
216 | header("Content-Type: text/plain; charset=utf-8"); | |
217 | print json_encode(array("error" => array("message" => "Unknown format"))); | |
218 | } | |
79178062 AD |
219 | } |
220 | ||
5f0a3741 | 221 | function getUnread() { |
e6532439 AD |
222 | $login = clean($_REQUEST["login"]); |
223 | $fresh = clean($_REQUEST["fresh"]) == "1"; | |
5f0a3741 | 224 | |
1271407e AD |
225 | $sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE login = ?"); |
226 | $sth->execute([$login]); | |
5f0a3741 | 227 | |
1271407e AD |
228 | if ($row = $sth->fetch()) { |
229 | $uid = $row["id"]; | |
5f0a3741 | 230 | |
a230bf88 | 231 | print Feeds::getGlobalUnread($uid); |
5f0a3741 AD |
232 | |
233 | if ($fresh) { | |
234 | print ";"; | |
86a8351c | 235 | print Feeds::getFeedArticles(-3, false, true, $uid); |
5f0a3741 AD |
236 | } |
237 | ||
238 | } else { | |
239 | print "-1;User not found"; | |
240 | } | |
5f0a3741 AD |
241 | } |
242 | ||
243 | function getProfiles() { | |
e6532439 | 244 | $login = clean($_REQUEST["login"]); |
5f0a3741 | 245 | |
1271407e AD |
246 | $sth = $this->pdo->prepare("SELECT ttrss_settings_profiles.* FROM ttrss_settings_profiles,ttrss_users |
247 | WHERE ttrss_users.id = ttrss_settings_profiles.owner_uid AND login = ? ORDER BY title"); | |
248 | $sth->execute([$login]); | |
5f0a3741 | 249 | |
eeee2ccf | 250 | print "<select dojoType='dijit.form.Select' style='width : 220px; margin : 0px' name='profile'>"; |
5f0a3741 | 251 | |
97acbaf1 | 252 | print "<option value='0'>" . __("Default profile") . "</option>"; |
5f0a3741 | 253 | |
1271407e | 254 | while ($line = $sth->fetch()) { |
97acbaf1 AD |
255 | $id = $line["id"]; |
256 | $title = $line["title"]; | |
5f0a3741 | 257 | |
97acbaf1 | 258 | print "<option value='$id'>$title</option>"; |
5f0a3741 | 259 | } |
97acbaf1 AD |
260 | |
261 | print "</select>"; | |
5f0a3741 AD |
262 | } |
263 | ||
5f0a3741 AD |
264 | function logout() { |
265 | logout_user(); | |
266 | header("Location: index.php"); | |
267 | } | |
268 | ||
5f0a3741 | 269 | function share() { |
e6532439 | 270 | $uuid = clean($_REQUEST["key"]); |
5f0a3741 | 271 | |
1271407e AD |
272 | $sth = $this->pdo->prepare("SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE |
273 | uuid = ?"); | |
274 | $sth->execute([$uuid]); | |
5f0a3741 | 275 | |
1271407e | 276 | if ($row = $sth->fetch()) { |
5f0a3741 AD |
277 | header("Content-Type: text/html"); |
278 | ||
1271407e AD |
279 | $id = $row["ref_id"]; |
280 | $owner_uid = $row["owner_uid"]; | |
5f0a3741 | 281 | |
7e5f8d9f | 282 | $article = Article::format_article($id, false, true, $owner_uid); |
5f0a3741 AD |
283 | |
284 | print_r($article['content']); | |
285 | ||
286 | } else { | |
287 | print "Article not found."; | |
288 | } | |
289 | ||
290 | } | |
291 | ||
292 | function rss() { | |
e6532439 AD |
293 | $feed = clean($_REQUEST["id"]); |
294 | $key = clean($_REQUEST["key"]); | |
295 | $is_cat = clean($_REQUEST["is_cat"]); | |
296 | $limit = (int)clean($_REQUEST["limit"]); | |
297 | $offset = (int)clean($_REQUEST["offset"]); | |
5f0a3741 | 298 | |
e6532439 AD |
299 | $search = clean($_REQUEST["q"]); |
300 | $view_mode = clean($_REQUEST["view-mode"]); | |
301 | $order = clean($_REQUEST["order"]); | |
302 | $start_ts = clean($_REQUEST["ts"]); | |
5f0a3741 | 303 | |
e6532439 AD |
304 | $format = clean($_REQUEST['format']); |
305 | $orig_guid = clean($_REQUEST["orig_guid"]); | |
2ebf38a9 AD |
306 | |
307 | if (!$format) $format = 'atom'; | |
308 | ||
5f0a3741 | 309 | if (SINGLE_USER_MODE) { |
a42c55f0 | 310 | authenticate_user("admin", null); |
5f0a3741 AD |
311 | } |
312 | ||
313 | $owner_id = false; | |
314 | ||
315 | if ($key) { | |
1271407e AD |
316 | $sth = $this->pdo->prepare("SELECT owner_uid FROM |
317 | ttrss_access_keys WHERE access_key = ? AND feed_id = ?"); | |
318 | $sth->execute([$key, $feed]); | |
5f0a3741 | 319 | |
1271407e AD |
320 | if ($row = $sth->fetch()) |
321 | $owner_id = $row["owner_uid"]; | |
5f0a3741 AD |
322 | } |
323 | ||
324 | if ($owner_id) { | |
2fb947eb | 325 | $this->generate_syndicated_feed($owner_id, $feed, $is_cat, $limit, |
9090b874 | 326 | $offset, $search, $view_mode, $format, $order, $orig_guid, $start_ts); |
5f0a3741 AD |
327 | } else { |
328 | header('HTTP/1.1 403 Forbidden'); | |
329 | } | |
330 | } | |
331 | ||
910592b4 | 332 | function updateTask() { |
4a80c57c | 333 | PluginHost::getInstance()->run_hooks(PluginHost::HOOK_UPDATE_TASK, "hook_update_task", false); |
910592b4 AD |
334 | } |
335 | ||
4e5ddeaf | 336 | function housekeepingTask() { |
4a80c57c | 337 | PluginHost::getInstance()->run_hooks(PluginHost::HOOK_HOUSE_KEEPING, "hook_house_keeping", false); |
4e5ddeaf AD |
338 | } |
339 | ||
07391e36 | 340 | function globalUpdateFeeds() { |
df5d2a06 | 341 | RPC::updaterandomfeed_real(); |
cda55d67 | 342 | |
4a80c57c | 343 | PluginHost::getInstance()->run_hooks(PluginHost::HOOK_UPDATE_TASK, "hook_update_task", false); |
07391e36 | 344 | } |
8361e724 AD |
345 | |
346 | function sharepopup() { | |
61a748f8 | 347 | if (SINGLE_USER_MODE) { |
6322ac79 | 348 | login_sequence(); |
61a748f8 AD |
349 | } |
350 | ||
8361e724 | 351 | header('Content-Type: text/html; charset=utf-8'); |
d0ee0f52 AD |
352 | print "<html><head><title>Tiny Tiny RSS</title> |
353 | <link rel=\"shortcut icon\" type=\"image/png\" href=\"images/favicon.png\"> | |
354 | <link rel=\"icon\" type=\"image/png\" sizes=\"72x72\" href=\"images/favicon-72px.png\">"; | |
9a2aed91 | 355 | |
9dd336a2 | 356 | echo stylesheet_tag("css/default.css"); |
cdbcb277 | 357 | echo javascript_tag("lib/prototype.js"); |
6214a076 | 358 | echo javascript_tag("lib/scriptaculous/scriptaculous.js?load=effects,controls"); |
9a2aed91 | 359 | print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/> |
09bc54c6 | 360 | </head><body id='sharepopup' class='ttrss_utility'>"; |
8361e724 | 361 | |
e6532439 | 362 | $action = clean($_REQUEST["action"]); |
8361e724 AD |
363 | |
364 | if ($_SESSION["uid"]) { | |
365 | ||
d493aba2 | 366 | if ($action == 'share') { |
8361e724 | 367 | |
e6532439 AD |
368 | $title = strip_tags(clean($_REQUEST["title"])); |
369 | $url = strip_tags(clean($_REQUEST["url"])); | |
370 | $content = strip_tags(clean($_REQUEST["content"])); | |
371 | $labels = strip_tags(clean($_REQUEST["labels"])); | |
8361e724 | 372 | |
a42c55f0 | 373 | Article::create_published_article($title, $url, $content, $labels, |
1b4d1a6b | 374 | $_SESSION["uid"]); |
8361e724 | 375 | |
d493aba2 AD |
376 | print "<script type='text/javascript'>"; |
377 | print "window.close();"; | |
378 | print "</script>"; | |
8361e724 | 379 | |
d493aba2 | 380 | } else { |
e6532439 AD |
381 | $title = htmlspecialchars(clean($_REQUEST["title"])); |
382 | $url = htmlspecialchars(clean($_REQUEST["url"])); | |
8361e724 | 383 | |
d493aba2 | 384 | ?> |
8361e724 | 385 | |
d493aba2 AD |
386 | <table height='100%' width='100%'><tr><td colspan='2'> |
387 | <h1><?php echo __("Share with Tiny Tiny RSS") ?></h1> | |
388 | </td></tr> | |
8361e724 | 389 | |
d493aba2 | 390 | <form id='share_form' name='share_form'> |
8361e724 | 391 | |
d493aba2 AD |
392 | <input type="hidden" name="op" value="sharepopup"> |
393 | <input type="hidden" name="action" value="share"> | |
8361e724 | 394 | |
22439dad | 395 | <tr><td align='right'><?php echo __("Title:") ?></td> |
d493aba2 | 396 | <td width='80%'><input name='title' value="<?php echo $title ?>"></td></tr> |
22439dad | 397 | <tr><td align='right'><?php echo __("URL:") ?></td> |
d493aba2 | 398 | <td><input name='url' value="<?php echo $url ?>"></td></tr> |
22439dad | 399 | <tr><td align='right'><?php echo __("Content:") ?></td> |
d493aba2 | 400 | <td><input name='content' value=""></td></tr> |
1b4d1a6b AD |
401 | <tr><td align='right'><?php echo __("Labels:") ?></td> |
402 | <td><input name='labels' id="labels_value" | |
403 | placeholder='Alpha, Beta, Gamma' value=""> | |
404 | </td></tr> | |
405 | ||
406 | <tr><td> | |
407 | <div class="autocomplete" id="labels_choices" | |
408 | style="display : block"></div></td></tr> | |
8361e724 | 409 | |
d493aba2 | 410 | <script type='text/javascript'>document.forms[0].title.focus();</script> |
8361e724 | 411 | |
1b4d1a6b AD |
412 | <script type='text/javascript'> |
413 | new Ajax.Autocompleter('labels_value', 'labels_choices', | |
414 | "backend.php?op=rpc&method=completeLabels", | |
415 | { tokens: ',', paramName: "search" }); | |
416 | </script> | |
417 | ||
d493aba2 AD |
418 | <tr><td colspan='2'> |
419 | <div style='float : right' class='insensitive-small'> | |
420 | <?php echo __("Shared article will appear in the Published feed.") ?> | |
421 | </div> | |
422 | <button type="submit"><?php echo __('Share') ?></button> | |
423 | <button onclick="return window.close()"><?php echo __('Cancel') ?></button> | |
f5a0fb8b | 424 | </td> |
8361e724 | 425 | |
d493aba2 AD |
426 | </form> |
427 | </td></tr></table> | |
428 | </body></html> | |
429 | <?php | |
8361e724 | 430 | |
8361e724 AD |
431 | } |
432 | ||
433 | } else { | |
434 | ||
d493aba2 AD |
435 | $return = urlencode($_SERVER["REQUEST_URI"]) |
436 | ?> | |
437 | ||
438 | <form action="public.php?return=<?php echo $return ?>" | |
22439dad | 439 | method="POST" id="loginForm" name="loginForm"> |
d493aba2 AD |
440 | |
441 | <input type="hidden" name="op" value="login"> | |
442 | ||
443 | <table height='100%' width='100%'><tr><td colspan='2'> | |
22439dad | 444 | <h1><?php echo __("Not logged in") ?></h1></td></tr> |
d493aba2 AD |
445 | |
446 | <tr><td align="right"><?php echo __("Login:") ?></td> | |
447 | <td align="right"><input name="login" | |
448 | value="<?php echo $_SESSION["fake_login"] ?>"></td></tr> | |
449 | <tr><td align="right"><?php echo __("Password:") ?></td> | |
450 | <td align="right"><input type="password" name="password" | |
451 | value="<?php echo $_SESSION["fake_password"] ?>"></td></tr> | |
d493aba2 AD |
452 | <tr><td colspan='2'> |
453 | <button type="submit"> | |
454 | <?php echo __('Log in') ?></button> | |
455 | ||
456 | <button onclick="return window.close()"> | |
457 | <?php echo __('Cancel') ?></button> | |
458 | </td></tr> | |
459 | </table> | |
460 | ||
461 | </form> | |
462 | <?php | |
8361e724 AD |
463 | } |
464 | } | |
465 | ||
97acbaf1 | 466 | function login() { |
97acbaf1 | 467 | if (!SINGLE_USER_MODE) { |
f8fc1ac5 AD |
468 | /* if a session is started here there's a stale login cookie we need to clean */ |
469 | ||
470 | if (session_status() != PHP_SESSION_NONE) { | |
471 | $_SESSION["login_error_msg"] = __("Stale session cookie found, try logging in again"); | |
472 | ||
473 | header("Location: " . get_self_url_prefix()); | |
474 | exit; | |
475 | } | |
97acbaf1 | 476 | |
e6532439 AD |
477 | $login = clean($_POST["login"]); |
478 | $password = clean($_POST["password"]); | |
479 | $remember_me = clean($_POST["remember_me"]); | |
97acbaf1 | 480 | |
f231f438 AD |
481 | if ($remember_me) { |
482 | session_set_cookie_params(SESSION_COOKIE_LIFETIME); | |
483 | } else { | |
484 | session_set_cookie_params(0); | |
485 | } | |
486 | ||
a42c55f0 | 487 | if (authenticate_user($login, $password)) { |
97acbaf1 AD |
488 | $_POST["password"] = ""; |
489 | ||
b18d109f AD |
490 | if (get_schema_version() >= 120) { |
491 | $_SESSION["language"] = get_pref("USER_LANGUAGE", $_SESSION["uid"]); | |
492 | } | |
493 | ||
a42c55f0 | 494 | $_SESSION["ref_schema_version"] = get_schema_version(true); |
e6532439 | 495 | $_SESSION["bw_limit"] = !!clean($_POST["bw_limit"]); |
97acbaf1 | 496 | |
e6532439 | 497 | if (clean($_POST["profile"])) { |
97acbaf1 | 498 | |
e6532439 | 499 | $profile = clean($_POST["profile"]); |
97acbaf1 | 500 | |
1271407e AD |
501 | $sth = $this->pdo->prepare("SELECT id FROM ttrss_settings_profiles |
502 | WHERE id = ? AND owner_uid = ?"); | |
503 | $sth->execute([$profile, $_SESSION['uid']]); | |
97acbaf1 | 504 | |
1271407e | 505 | if ($sth->fetch()) { |
97acbaf1 | 506 | $_SESSION["profile"] = $profile; |
97acbaf1 AD |
507 | } |
508 | } | |
509 | } else { | |
65e98f40 AD |
510 | |
511 | // start an empty session to deliver login error message | |
512 | @session_start(); | |
513 | ||
f730d7bb AD |
514 | if (!isset($_SESSION["login_error_msg"])) |
515 | $_SESSION["login_error_msg"] = __("Incorrect username or password"); | |
516 | ||
fd94d631 | 517 | user_error("Failed login attempt for $login from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING); |
97acbaf1 AD |
518 | } |
519 | ||
e6532439 AD |
520 | if (clean($_REQUEST['return'])) { |
521 | header("Location: " . clean($_REQUEST['return'])); | |
97acbaf1 | 522 | } else { |
b2d42e96 | 523 | header("Location: " . get_self_url_prefix()); |
97acbaf1 AD |
524 | } |
525 | } | |
526 | } | |
527 | ||
f7439d69 | 528 | /* function subtest() { |
97b7d5c0 AD |
529 | header("Content-type: text/plain; charset=utf-8"); |
530 | ||
e6532439 | 531 | $url = clean($_REQUEST["url"]); |
97b7d5c0 AD |
532 | |
533 | print "$url\n\n"; | |
534 | ||
535 | ||
536 | print_r(get_feeds_from_html($url, fetch_file_contents($url))); | |
537 | ||
f7439d69 | 538 | } */ |
97b7d5c0 | 539 | |
97acbaf1 | 540 | function subscribe() { |
61a748f8 | 541 | if (SINGLE_USER_MODE) { |
6322ac79 | 542 | login_sequence(); |
61a748f8 AD |
543 | } |
544 | ||
97acbaf1 AD |
545 | if ($_SESSION["uid"]) { |
546 | ||
e6532439 | 547 | $feed_url = trim(clean($_REQUEST["feed_url"])); |
97acbaf1 AD |
548 | |
549 | header('Content-Type: text/html; charset=utf-8'); | |
550 | print "<html> | |
551 | <head> | |
5e68e246 | 552 | <title>Tiny Tiny RSS</title>"; |
5e68e246 AD |
553 | print stylesheet_tag("css/default.css"); |
554 | ||
555 | print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/> | |
556 | <link rel=\"shortcut icon\" type=\"image/png\" href=\"images/favicon.png\"> | |
557 | <link rel=\"icon\" type=\"image/png\" sizes=\"72x72\" href=\"images/favicon-72px.png\"> | |
d0ee0f52 | 558 | |
97acbaf1 | 559 | </head> |
b51d44a5 | 560 | <body class='claro ttrss_utility'> |
884d1650 | 561 | <img class=\"floatingLogo\" src=\"images/logo_small.png\" |
97acbaf1 | 562 | alt=\"Tiny Tiny RSS\"/> |
884d1650 | 563 | <h1>".__("Subscribe to feed...")."</h1><div class='content'>"; |
97acbaf1 | 564 | |
86a8351c | 565 | $rc = Feeds::subscribe_to_feed($feed_url); |
97acbaf1 AD |
566 | |
567 | switch ($rc['code']) { | |
568 | case 0: | |
569 | print_warning(T_sprintf("Already subscribed to <b>%s</b>.", $feed_url)); | |
570 | break; | |
571 | case 1: | |
572 | print_notice(T_sprintf("Subscribed to <b>%s</b>.", $feed_url)); | |
573 | break; | |
574 | case 2: | |
575 | print_error(T_sprintf("Could not subscribe to <b>%s</b>.", $feed_url)); | |
576 | break; | |
577 | case 3: | |
578 | print_error(T_sprintf("No feeds found in <b>%s</b>.", $feed_url)); | |
579 | break; | |
580 | case 4: | |
581 | print_notice(__("Multiple feed URLs found.")); | |
759e5132 | 582 | $feed_urls = $rc["feeds"]; |
97acbaf1 AD |
583 | break; |
584 | case 5: | |
585 | print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url)); | |
586 | break; | |
587 | } | |
588 | ||
589 | if ($feed_urls) { | |
590 | ||
591 | print "<form action=\"public.php\">"; | |
592 | print "<input type=\"hidden\" name=\"op\" value=\"subscribe\">"; | |
593 | ||
594 | print "<select name=\"feed_url\">"; | |
595 | ||
596 | foreach ($feed_urls as $url => $name) { | |
597 | $url = htmlspecialchars($url); | |
598 | $name = htmlspecialchars($name); | |
599 | ||
600 | print "<option value=\"$url\">$name</option>"; | |
601 | } | |
602 | ||
603 | print "<input type=\"submit\" value=\"".__("Subscribe to selected feed"). | |
604 | "\">"; | |
605 | ||
606 | print "</form>"; | |
607 | } | |
608 | ||
609 | $tp_uri = get_self_url_prefix() . "/prefs.php"; | |
610 | $tt_uri = get_self_url_prefix(); | |
611 | ||
612 | if ($rc['code'] <= 2){ | |
1271407e AD |
613 | $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE |
614 | feed_url = ? AND owner_uid = ?"); | |
615 | $sth->execute([$feed_url, $_SESSION['uid']]); | |
616 | $row = $sth->fetch(); | |
97acbaf1 | 617 | |
1271407e | 618 | $feed_id = $row["id"]; |
97acbaf1 AD |
619 | } else { |
620 | $feed_id = 0; | |
621 | } | |
622 | print "<p>"; | |
623 | ||
624 | if ($feed_id) { | |
625 | print "<form method=\"GET\" style='display: inline' | |
626 | action=\"$tp_uri\"> | |
627 | <input type=\"hidden\" name=\"tab\" value=\"feedConfig\"> | |
628 | <input type=\"hidden\" name=\"method\" value=\"editFeed\"> | |
629 | <input type=\"hidden\" name=\"methodparam\" value=\"$feed_id\"> | |
630 | <input type=\"submit\" value=\"".__("Edit subscription options")."\"> | |
631 | </form>"; | |
632 | } | |
633 | ||
634 | print "<form style='display: inline' method=\"GET\" action=\"$tt_uri\"> | |
635 | <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> | |
636 | </form></p>"; | |
637 | ||
884d1650 | 638 | print "</div></body></html>"; |
97acbaf1 AD |
639 | |
640 | } else { | |
6322ac79 | 641 | render_login_form(); |
97acbaf1 AD |
642 | } |
643 | } | |
644 | ||
97acbaf1 AD |
645 | function index() { |
646 | header("Content-Type: text/plain"); | |
27f7b593 | 647 | print error_json(13); |
97acbaf1 AD |
648 | } |
649 | ||
f43e9e97 | 650 | function forgotpass() { |
67e0cf9a AD |
651 | startup_gettext(); |
652 | ||
e6532439 | 653 | @$hash = clean($_REQUEST["hash"]); |
5303f9a7 | 654 | |
f43e9e97 | 655 | header('Content-Type: text/html; charset=utf-8'); |
d0ee0f52 AD |
656 | print "<html><head><title>Tiny Tiny RSS</title> |
657 | <link rel=\"shortcut icon\" type=\"image/png\" href=\"images/favicon.png\"> | |
658 | <link rel=\"icon\" type=\"image/png\" sizes=\"72x72\" href=\"images/favicon-72px.png\">"; | |
e216d302 | 659 | |
09bc54c6 AD |
660 | echo stylesheet_tag("lib/dijit/themes/claro/claro.css"); |
661 | echo stylesheet_tag("css/default.css"); | |
cdbcb277 | 662 | echo javascript_tag("lib/prototype.js"); |
e216d302 AD |
663 | |
664 | print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/> | |
09bc54c6 | 665 | </head><body class='claro ttrss_utility'>"; |
f43e9e97 | 666 | |
884d1650 | 667 | print '<div class="floatingLogo"><img src="images/logo_small.png"></div>'; |
483f15d5 | 668 | print "<h1>".__("Password recovery")."</h1>"; |
884d1650 | 669 | print "<div class='content'>"; |
f43e9e97 | 670 | |
e6532439 | 671 | @$method = clean($_POST['method']); |
f43e9e97 | 672 | |
5303f9a7 | 673 | if ($hash) { |
e6532439 | 674 | $login = clean($_REQUEST["login"]); |
5303f9a7 AD |
675 | |
676 | if ($login) { | |
1271407e AD |
677 | $sth = $this->pdo->prepare("SELECT id, resetpass_token FROM ttrss_users |
678 | WHERE login = ?"); | |
679 | $sth->execute([$login]); | |
5303f9a7 | 680 | |
1271407e AD |
681 | if ($row = $sth->fetch()) { |
682 | $id = $row["id"]; | |
683 | $resetpass_token_full = $row["resetpass_token"]; | |
5303f9a7 AD |
684 | list($timestamp, $resetpass_token) = explode(":", $resetpass_token_full); |
685 | ||
686 | if ($timestamp && $resetpass_token && | |
687 | $timestamp >= time() - 15*60*60 && | |
688 | $resetpass_token == $hash) { | |
689 | ||
1271407e AD |
690 | $sth = $this->pdo->prepare("UPDATE ttrss_users SET resetpass_token = NULL |
691 | WHERE id = ?"); | |
692 | $sth->execute([$id]); | |
5303f9a7 AD |
693 | |
694 | Pref_Users::resetUserPassword($id, true); | |
695 | ||
696 | print "<p>"."Completed."."</p>"; | |
697 | ||
698 | } else { | |
699 | print_error("Some of the information provided is missing or incorrect."); | |
700 | } | |
701 | } else { | |
702 | print_error("Some of the information provided is missing or incorrect."); | |
703 | } | |
704 | } else { | |
705 | print_error("Some of the information provided is missing or incorrect."); | |
706 | } | |
707 | ||
708 | print "<form method=\"GET\" action=\"index.php\"> | |
709 | <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> | |
710 | </form>"; | |
711 | ||
712 | } else if (!$method) { | |
713 | print_notice(__("You will need to provide valid account name and email. A password reset link will be sent to your email address.")); | |
483f15d5 | 714 | |
f43e9e97 | 715 | print "<form method='POST' action='public.php'>"; |
f43e9e97 AD |
716 | print "<input type='hidden' name='method' value='do'>"; |
717 | print "<input type='hidden' name='op' value='forgotpass'>"; | |
718 | ||
719 | print "<fieldset>"; | |
720 | print "<label>".__("Login:")."</label>"; | |
09bc54c6 | 721 | print "<input class='input input-text' type='text' name='login' value='' required>"; |
f43e9e97 AD |
722 | print "</fieldset>"; |
723 | ||
724 | print "<fieldset>"; | |
725 | print "<label>".__("Email:")."</label>"; | |
09bc54c6 | 726 | print "<input class='input input-text' type='email' name='email' value='' required>"; |
f43e9e97 AD |
727 | print "</fieldset>"; |
728 | ||
729 | print "<fieldset>"; | |
730 | print "<label>".__("How much is two plus two:")."</label>"; | |
09bc54c6 | 731 | print "<input class='input input-text' type='text' name='test' value='' required>"; |
f43e9e97 AD |
732 | print "</fieldset>"; |
733 | ||
734 | print "<p/>"; | |
735 | print "<button type='submit'>".__("Reset password")."</button>"; | |
736 | ||
737 | print "</form>"; | |
738 | } else if ($method == 'do') { | |
739 | ||
e6532439 AD |
740 | $login = clean($_POST["login"]); |
741 | $email = clean($_POST["email"]); | |
742 | $test = clean($_POST["test"]); | |
f43e9e97 AD |
743 | |
744 | if (($test != 4 && $test != 'four') || !$email || !$login) { | |
745 | print_error(__('Some of the required form parameters are missing or incorrect.')); | |
746 | ||
483f15d5 AD |
747 | print "<form method=\"GET\" action=\"public.php\"> |
748 | <input type=\"hidden\" name=\"op\" value=\"forgotpass\"> | |
749 | <input type=\"submit\" value=\"".__("Go back")."\"> | |
750 | </form>"; | |
f43e9e97 | 751 | |
e216d302 | 752 | } else { |
f43e9e97 | 753 | |
5303f9a7 AD |
754 | print_notice("Password reset instructions are being sent to your email address."); |
755 | ||
1271407e AD |
756 | $sth = $this->pdo->prepare("SELECT id FROM ttrss_users |
757 | WHERE login = ? AND email = ?"); | |
758 | $sth->execute([$login, $email]); | |
f43e9e97 | 759 | |
1271407e AD |
760 | if ($row = $sth->fetch()) { |
761 | $id = $row["id"]; | |
f43e9e97 | 762 | |
5303f9a7 AD |
763 | if ($id) { |
764 | $resetpass_token = sha1(get_random_bytes(128)); | |
765 | $resetpass_link = get_self_url_prefix() . "/public.php?op=forgotpass&hash=" . $resetpass_token . | |
766 | "&login=" . urlencode($login); | |
767 | ||
768 | require_once 'classes/ttrssmailer.php'; | |
769 | require_once "lib/MiniTemplator.class.php"; | |
770 | ||
771 | $tpl = new MiniTemplator; | |
772 | ||
773 | $tpl->readTemplateFromFile("templates/resetpass_link_template.txt"); | |
774 | ||
775 | $tpl->setVariable('LOGIN', $login); | |
776 | $tpl->setVariable('RESETPASS_LINK', $resetpass_link); | |
777 | ||
778 | $tpl->addBlock('message'); | |
779 | ||
780 | $message = ""; | |
f43e9e97 | 781 | |
5303f9a7 | 782 | $tpl->generateOutputToString($message); |
483f15d5 | 783 | |
5303f9a7 AD |
784 | $mail = new ttrssMailer(); |
785 | ||
786 | $rc = $mail->quickMail($email, $login, | |
787 | __("[tt-rss] Password reset request"), | |
788 | $message, false); | |
789 | ||
790 | if (!$rc) print_error($mail->ErrorInfo); | |
791 | ||
1271407e AD |
792 | $resetpass_token_full = time() . ":" . $resetpass_token; |
793 | ||
794 | $sth = $this->pdo->prepare("UPDATE ttrss_users | |
795 | SET resetpass_token = ? | |
796 | WHERE login = ? AND email = ?"); | |
5303f9a7 | 797 | |
1271407e | 798 | $sth->execute([$resetpass_token_full, $login, $email]); |
5303f9a7 AD |
799 | |
800 | //Pref_Users::resetUserPassword($id, false); | |
801 | ||
802 | print "<p>"; | |
803 | ||
804 | print "<p>"."Completed."."</p>"; | |
805 | } else { | |
806 | print_error("User ID not found."); | |
807 | } | |
483f15d5 AD |
808 | |
809 | print "<form method=\"GET\" action=\"index.php\"> | |
810 | <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> | |
811 | </form>"; | |
f43e9e97 AD |
812 | |
813 | } else { | |
814 | print_error(__("Sorry, login and email combination not found.")); | |
483f15d5 AD |
815 | |
816 | print "<form method=\"GET\" action=\"public.php\"> | |
817 | <input type=\"hidden\" name=\"op\" value=\"forgotpass\"> | |
818 | <input type=\"submit\" value=\"".__("Go back")."\"> | |
819 | </form>"; | |
820 | ||
f43e9e97 | 821 | } |
f43e9e97 AD |
822 | } |
823 | ||
824 | } | |
825 | ||
884d1650 | 826 | print "</div>"; |
f43e9e97 AD |
827 | print "</body>"; |
828 | print "</html>"; | |
829 | ||
b4c47f7e AD |
830 | } |
831 | ||
832 | function dbupdate() { | |
67e0cf9a AD |
833 | startup_gettext(); |
834 | ||
f240d26e AD |
835 | if (!SINGLE_USER_MODE && $_SESSION["access_level"] < 10) { |
836 | $_SESSION["login_error_msg"] = __("Your access level is insufficient to run this script."); | |
6322ac79 | 837 | render_login_form(); |
f240d26e AD |
838 | exit; |
839 | } | |
840 | ||
841 | ?><html> | |
842 | <head> | |
843 | <title>Database Updater</title> | |
844 | <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> | |
09bc54c6 | 845 | <link rel="stylesheet" type="text/css" href="css/default.css"/> |
d0ee0f52 AD |
846 | <link rel=\"shortcut icon\" type=\"image/png\" href=\"images/favicon.png\"> |
847 | <link rel=\"icon\" type=\"image/png\" sizes=\"72x72\" href=\"images/favicon-72px.png\"> | |
f240d26e AD |
848 | </head> |
849 | <style type="text/css"> | |
850 | span.ok { color : #009000; font-weight : bold; } | |
851 | span.err { color : #ff0000; font-weight : bold; } | |
852 | </style> | |
09bc54c6 | 853 | <body class="claro ttrss_utility"> |
f240d26e AD |
854 | <script type='text/javascript'> |
855 | function confirmOP() { | |
856 | return confirm("Update the database?"); | |
857 | } | |
858 | </script> | |
859 | ||
860 | <div class="floatingLogo"><img src="images/logo_small.png"></div> | |
861 | ||
862 | <h1><?php echo __("Database Updater") ?></h1> | |
863 | ||
864 | <div class="content"> | |
865 | ||
866 | <?php | |
e6532439 | 867 | @$op = clean($_REQUEST["subop"]); |
1d92297a | 868 | $updater = new DbUpdater(Db::pdo(), DB_TYPE, SCHEMA_VERSION); |
f240d26e AD |
869 | |
870 | if ($op == "performupdate") { | |
871 | if ($updater->isUpdateRequired()) { | |
872 | ||
873 | print "<h2>Performing updates</h2>"; | |
874 | ||
875 | print "<h3>Updating to schema version " . SCHEMA_VERSION . "</h3>"; | |
876 | ||
877 | print "<ul>"; | |
878 | ||
879 | for ($i = $updater->getSchemaVersion() + 1; $i <= SCHEMA_VERSION; $i++) { | |
880 | print "<li>Performing update up to version $i..."; | |
881 | ||
977cea14 | 882 | $result = $updater->performUpdateTo($i, true); |
f240d26e AD |
883 | |
884 | if (!$result) { | |
885 | print "<span class='err'>FAILED!</span></li></ul>"; | |
886 | ||
887 | print_warning("One of the updates failed. Either retry the process or perform updates manually."); | |
888 | print "<p><form method=\"GET\" action=\"index.php\"> | |
889 | <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> | |
890 | </form>"; | |
891 | ||
977cea14 | 892 | return; |
f240d26e AD |
893 | } else { |
894 | print "<span class='ok'>OK!</span></li>"; | |
895 | } | |
896 | } | |
897 | ||
898 | print "</ul>"; | |
b4c47f7e | 899 | |
f240d26e | 900 | print_notice("Your Tiny Tiny RSS database is now updated to the latest version."); |
b4c47f7e | 901 | |
f240d26e AD |
902 | print "<p><form method=\"GET\" action=\"index.php\"> |
903 | <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> | |
904 | </form>"; | |
905 | ||
906 | } else { | |
907 | print "<h2>Your database is up to date.</h2>"; | |
908 | ||
909 | print "<p><form method=\"GET\" action=\"index.php\"> | |
910 | <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> | |
911 | </form>"; | |
912 | } | |
913 | } else { | |
914 | if ($updater->isUpdateRequired()) { | |
915 | ||
916 | print "<h2>Database update required</h2>"; | |
b4c47f7e | 917 | |
b8774453 AD |
918 | print_notice("<h4>". |
919 | sprintf("Your Tiny Tiny RSS database needs update to the latest version: %d to %d.", | |
920 | $updater->getSchemaVersion(), SCHEMA_VERSION). | |
921 | "</h4>"); | |
b4c47f7e | 922 | |
f240d26e | 923 | print_warning("Please backup your database before proceeding."); |
b4c47f7e | 924 | |
f240d26e AD |
925 | print "<form method='POST'> |
926 | <input type='hidden' name='subop' value='performupdate'> | |
927 | <input type='submit' onclick='return confirmOP()' value='".__("Perform updates")."'> | |
928 | </form>"; | |
929 | ||
930 | } else { | |
931 | ||
3c200461 | 932 | print_notice("Tiny Tiny RSS database is up to date."); |
f240d26e AD |
933 | |
934 | print "<p><form method=\"GET\" action=\"index.php\"> | |
935 | <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> | |
936 | </form>"; | |
937 | ||
938 | } | |
939 | } | |
940 | ?> | |
b4c47f7e | 941 | |
f240d26e AD |
942 | </div> |
943 | </body> | |
944 | </html> | |
945 | <?php | |
f43e9e97 AD |
946 | } |
947 | ||
41bead9b | 948 | function cached_url() { |
88adf3da | 949 | @$req_filename = basename($_GET['hash']); |
0c6f7b31 | 950 | |
41bead9b | 951 | // we don't need an extension to find the file, hash is a complete URL |
88adf3da | 952 | $hash = preg_replace("/\.[^\.]*$/", "", $req_filename); |
41bead9b | 953 | |
0c6f7b31 AD |
954 | if ($hash) { |
955 | ||
0442cbb6 | 956 | $filename = CACHE_DIR . '/images/' . $hash; |
0c6f7b31 AD |
957 | |
958 | if (file_exists($filename)) { | |
88adf3da | 959 | header("Content-Disposition: inline; filename=\"$req_filename\""); |
8b73bd28 AD |
960 | |
961 | send_local_file($filename); | |
962 | ||
0c6f7b31 AD |
963 | } else { |
964 | header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found"); | |
965 | echo "File not found."; | |
966 | } | |
967 | } | |
968 | } | |
969 | ||
f75e7c64 | 970 | private function make_article_tag_uri($id, $timestamp) { |
4b7391de AD |
971 | |
972 | $timestamp = date("Y-m-d", strtotime($timestamp)); | |
973 | ||
974 | return "tag:" . parse_url(get_self_url_prefix(), PHP_URL_HOST) . ",$timestamp:/$id"; | |
975 | } | |
4daaf234 AD |
976 | |
977 | // this should be used very carefully because this endpoint is exposed to unauthenticated users | |
978 | // plugin data is not loaded because there's no user context and owner_uid/session may or may not be available | |
979 | // in general, don't do anything user-related in here and do not modify $_SESSION | |
980 | public function pluginhandler() { | |
981 | $host = new PluginHost(); | |
982 | ||
e6532439 AD |
983 | $plugin = basename(clean($_REQUEST["plugin"])); |
984 | $method = clean($_REQUEST["pmethod"]); | |
4daaf234 AD |
985 | |
986 | $host->load($plugin, PluginHost::KIND_USER, 0); | |
987 | $host->load_data(); | |
988 | ||
989 | $pclass = $host->get_plugin($plugin); | |
990 | ||
991 | if ($pclass) { | |
992 | if (method_exists($pclass, $method)) { | |
993 | if ($pclass->is_public_method($method)) { | |
994 | $pclass->$method(); | |
995 | } else { | |
996 | header("Content-Type: text/json"); | |
997 | print error_json(6); | |
998 | } | |
999 | } else { | |
1000 | header("Content-Type: text/json"); | |
1001 | print error_json(13); | |
1002 | } | |
1003 | } else { | |
1004 | header("Content-Type: text/json"); | |
1005 | print error_json(14); | |
1006 | } | |
1007 | } | |
5f0a3741 | 1008 | } |
2352c320 | 1009 | ?> |