]>
Commit | Line | Data |
---|---|---|
1 | <?php | |
2 | class Handler_Public extends Handler { | |
3 | ||
4 | private function generate_syndicated_feed($owner_uid, $feed, $is_cat, | |
5 | $limit, $offset, $search, | |
6 | $view_mode = false, $format = 'atom', $order = false, $orig_guid = false, $start_ts = false) { | |
7 | ||
8 | require_once "lib/MiniTemplator.class.php"; | |
9 | ||
10 | $note_style = "background-color : #fff7d5; | |
11 | border-width : 1px; ". | |
12 | "padding : 5px; border-style : dashed; border-color : #e7d796;". | |
13 | "margin-bottom : 1em; color : #9a8c59;"; | |
14 | ||
15 | if (!$limit) $limit = 60; | |
16 | ||
17 | $date_sort_field = "date_entered DESC, updated DESC"; | |
18 | ||
19 | if ($feed == -2 && !$is_cat) { | |
20 | $date_sort_field = "last_published DESC"; | |
21 | } else if ($feed == -1 && !$is_cat) { | |
22 | $date_sort_field = "last_marked DESC"; | |
23 | } | |
24 | ||
25 | switch ($order) { | |
26 | case "title": | |
27 | $date_sort_field = "ttrss_entries.title, date_entered, updated"; | |
28 | break; | |
29 | case "date_reverse": | |
30 | $date_sort_field = "date_entered, updated"; | |
31 | break; | |
32 | case "feed_dates": | |
33 | $date_sort_field = "updated DESC"; | |
34 | break; | |
35 | } | |
36 | ||
37 | $params = array( | |
38 | "owner_uid" => $owner_uid, | |
39 | "feed" => $feed, | |
40 | "limit" => $limit, | |
41 | "view_mode" => $view_mode, | |
42 | "cat_view" => $is_cat, | |
43 | "search" => $search, | |
44 | "override_order" => $date_sort_field, | |
45 | "include_children" => true, | |
46 | "ignore_vfeed_group" => true, | |
47 | "offset" => $offset, | |
48 | "start_ts" => $start_ts | |
49 | ); | |
50 | ||
51 | if (!$is_cat && is_numeric($feed) && $feed < PLUGIN_FEED_BASE_INDEX && $feed > LABEL_BASE_INDEX) { | |
52 | ||
53 | $user_plugins = get_pref("_ENABLED_PLUGINS", $owner_uid); | |
54 | ||
55 | $tmppluginhost = new PluginHost(); | |
56 | $tmppluginhost->load(PLUGINS, PluginHost::KIND_ALL); | |
57 | $tmppluginhost->load($user_plugins, PluginHost::KIND_USER, $owner_uid); | |
58 | $tmppluginhost->load_data(); | |
59 | ||
60 | $handler = $tmppluginhost->get_feed_handler( | |
61 | PluginHost::feed_to_pfeed_id($feed)); | |
62 | ||
63 | if ($handler) { | |
64 | $qfh_ret = $handler->get_headlines(PluginHost::feed_to_pfeed_id($feed), | |
65 | $options); | |
66 | } | |
67 | ||
68 | } else { | |
69 | $qfh_ret = Feeds::queryFeedHeadlines($params); | |
70 | } | |
71 | ||
72 | $result = $qfh_ret[0]; | |
73 | $feed_title = htmlspecialchars($qfh_ret[1]); | |
74 | $feed_site_url = $qfh_ret[2]; | |
75 | /* $last_error = $qfh_ret[3]; */ | |
76 | ||
77 | $feed_self_url = get_self_url_prefix() . | |
78 | "/public.php?op=rss&id=$feed&key=" . | |
79 | get_feed_access_key($feed, false, $owner_uid); | |
80 | ||
81 | if (!$feed_site_url) $feed_site_url = get_self_url_prefix(); | |
82 | ||
83 | if ($format == 'atom') { | |
84 | $tpl = new MiniTemplator; | |
85 | ||
86 | $tpl->readTemplateFromFile("templates/generated_feed.txt"); | |
87 | ||
88 | $tpl->setVariable('FEED_TITLE', $feed_title, true); | |
89 | $tpl->setVariable('VERSION', VERSION, true); | |
90 | $tpl->setVariable('FEED_URL', htmlspecialchars($feed_self_url), true); | |
91 | ||
92 | $tpl->setVariable('SELF_URL', htmlspecialchars(get_self_url_prefix()), true); | |
93 | while ($line = $result->fetch()) { | |
94 | ||
95 | $line["content_preview"] = sanitize(truncate_string(strip_tags($line["content"]), 100, '...')); | |
96 | ||
97 | foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_QUERY_HEADLINES) as $p) { | |
98 | $line = $p->hook_query_headlines($line); | |
99 | } | |
100 | ||
101 | foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_ARTICLE_EXPORT_FEED) as $p) { | |
102 | $line = $p->hook_article_export_feed($line, $feed, $is_cat); | |
103 | } | |
104 | ||
105 | $tpl->setVariable('ARTICLE_ID', | |
106 | htmlspecialchars($orig_guid ? $line['link'] : | |
107 | $this->make_article_tag_uri($line['id'], $line['date_entered'])), true); | |
108 | $tpl->setVariable('ARTICLE_LINK', htmlspecialchars($line['link']), true); | |
109 | $tpl->setVariable('ARTICLE_TITLE', htmlspecialchars($line['title']), true); | |
110 | $tpl->setVariable('ARTICLE_EXCERPT', $line["content_preview"], true); | |
111 | ||
112 | $content = sanitize($line["content"], false, $owner_uid, | |
113 | $feed_site_url, false, $line["id"]); | |
114 | ||
115 | if ($line['note']) { | |
116 | $content = "<div style=\"$note_style\">Article note: " . $line['note'] . "</div>" . | |
117 | $content; | |
118 | $tpl->setVariable('ARTICLE_NOTE', htmlspecialchars($line['note']), true); | |
119 | } | |
120 | ||
121 | $tpl->setVariable('ARTICLE_CONTENT', $content, true); | |
122 | ||
123 | $tpl->setVariable('ARTICLE_UPDATED_ATOM', | |
124 | date('c', strtotime($line["updated"])), true); | |
125 | $tpl->setVariable('ARTICLE_UPDATED_RFC822', | |
126 | date(DATE_RFC822, strtotime($line["updated"])), true); | |
127 | ||
128 | $tpl->setVariable('ARTICLE_AUTHOR', htmlspecialchars($line['author']), true); | |
129 | ||
130 | $tpl->setVariable('ARTICLE_SOURCE_LINK', htmlspecialchars($line['site_url'] ? $line["site_url"] : get_self_url_prefix()), true); | |
131 | $tpl->setVariable('ARTICLE_SOURCE_TITLE', htmlspecialchars($line['feed_title'] ? $line['feed_title'] : $feed_title), true); | |
132 | ||
133 | $tags = Article::get_article_tags($line["id"], $owner_uid); | |
134 | ||
135 | foreach ($tags as $tag) { | |
136 | $tpl->setVariable('ARTICLE_CATEGORY', htmlspecialchars($tag), true); | |
137 | $tpl->addBlock('category'); | |
138 | } | |
139 | ||
140 | $enclosures = Article::get_article_enclosures($line["id"]); | |
141 | ||
142 | foreach ($enclosures as $e) { | |
143 | $type = htmlspecialchars($e['content_type']); | |
144 | $url = htmlspecialchars($e['content_url']); | |
145 | $length = $e['duration'] ? $e['duration'] : 1; | |
146 | ||
147 | $tpl->setVariable('ARTICLE_ENCLOSURE_URL', $url, true); | |
148 | $tpl->setVariable('ARTICLE_ENCLOSURE_TYPE', $type, true); | |
149 | $tpl->setVariable('ARTICLE_ENCLOSURE_LENGTH', $length, true); | |
150 | ||
151 | $tpl->addBlock('enclosure'); | |
152 | } | |
153 | ||
154 | $tpl->addBlock('entry'); | |
155 | } | |
156 | ||
157 | $tmp = ""; | |
158 | ||
159 | $tpl->addBlock('feed'); | |
160 | $tpl->generateOutputToString($tmp); | |
161 | ||
162 | if (@!clean($_REQUEST["noxml"])) { | |
163 | header("Content-Type: text/xml; charset=utf-8"); | |
164 | } else { | |
165 | header("Content-Type: text/plain; charset=utf-8"); | |
166 | } | |
167 | ||
168 | print $tmp; | |
169 | } else if ($format == 'json') { | |
170 | ||
171 | $feed = array(); | |
172 | ||
173 | $feed['title'] = $feed_title; | |
174 | $feed['version'] = VERSION; | |
175 | $feed['feed_url'] = $feed_self_url; | |
176 | ||
177 | $feed['self_url'] = get_self_url_prefix(); | |
178 | ||
179 | $feed['articles'] = array(); | |
180 | ||
181 | while ($line = $result->fetch()) { | |
182 | ||
183 | $line["content_preview"] = sanitize(truncate_string(strip_tags($line["content_preview"]), 100, '...')); | |
184 | ||
185 | foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_QUERY_HEADLINES) as $p) { | |
186 | $line = $p->hook_query_headlines($line, 100); | |
187 | } | |
188 | ||
189 | foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_ARTICLE_EXPORT_FEED) as $p) { | |
190 | $line = $p->hook_article_export_feed($line, $feed, $is_cat); | |
191 | } | |
192 | ||
193 | $article = array(); | |
194 | ||
195 | $article['id'] = $line['link']; | |
196 | $article['link'] = $line['link']; | |
197 | $article['title'] = $line['title']; | |
198 | $article['excerpt'] = $line["content_preview"]; | |
199 | $article['content'] = sanitize($line["content"], false, $owner_uid, $feed_site_url, false, $line["id"]); | |
200 | $article['updated'] = date('c', strtotime($line["updated"])); | |
201 | ||
202 | if ($line['note']) $article['note'] = $line['note']; | |
203 | if ($article['author']) $article['author'] = $line['author']; | |
204 | ||
205 | $tags = Article::get_article_tags($line["id"], $owner_uid); | |
206 | ||
207 | if (count($tags) > 0) { | |
208 | $article['tags'] = array(); | |
209 | ||
210 | foreach ($tags as $tag) { | |
211 | array_push($article['tags'], $tag); | |
212 | } | |
213 | } | |
214 | ||
215 | $enclosures = Article::get_article_enclosures($line["id"]); | |
216 | ||
217 | if (count($enclosures) > 0) { | |
218 | $article['enclosures'] = array(); | |
219 | ||
220 | foreach ($enclosures as $e) { | |
221 | $type = $e['content_type']; | |
222 | $url = $e['content_url']; | |
223 | $length = $e['duration']; | |
224 | ||
225 | array_push($article['enclosures'], array("url" => $url, "type" => $type, "length" => $length)); | |
226 | } | |
227 | } | |
228 | ||
229 | array_push($feed['articles'], $article); | |
230 | } | |
231 | ||
232 | header("Content-Type: text/json; charset=utf-8"); | |
233 | print json_encode($feed); | |
234 | ||
235 | } else { | |
236 | header("Content-Type: text/plain; charset=utf-8"); | |
237 | print json_encode(array("error" => array("message" => "Unknown format"))); | |
238 | } | |
239 | } | |
240 | ||
241 | function getUnread() { | |
242 | $login = clean($_REQUEST["login"]); | |
243 | $fresh = clean($_REQUEST["fresh"]) == "1"; | |
244 | ||
245 | $sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE login = ?"); | |
246 | $sth->execute([$login]); | |
247 | ||
248 | if ($row = $sth->fetch()) { | |
249 | $uid = $row["id"]; | |
250 | ||
251 | print Feeds::getGlobalUnread($uid); | |
252 | ||
253 | if ($fresh) { | |
254 | print ";"; | |
255 | print Feeds::getFeedArticles(-3, false, true, $uid); | |
256 | } | |
257 | ||
258 | } else { | |
259 | print "-1;User not found"; | |
260 | } | |
261 | } | |
262 | ||
263 | function getProfiles() { | |
264 | $login = clean($_REQUEST["login"]); | |
265 | ||
266 | $sth = $this->pdo->prepare("SELECT ttrss_settings_profiles.* FROM ttrss_settings_profiles,ttrss_users | |
267 | WHERE ttrss_users.id = ttrss_settings_profiles.owner_uid AND login = ? ORDER BY title"); | |
268 | $sth->execute([$login]); | |
269 | ||
270 | print "<select dojoType='dijit.form.Select' style='width : 220px; margin : 0px' name='profile'>"; | |
271 | ||
272 | print "<option value='0'>" . __("Default profile") . "</option>"; | |
273 | ||
274 | while ($line = $sth->fetch()) { | |
275 | $id = $line["id"]; | |
276 | $title = $line["title"]; | |
277 | ||
278 | print "<option value='$id'>$title</option>"; | |
279 | } | |
280 | ||
281 | print "</select>"; | |
282 | } | |
283 | ||
284 | function logout() { | |
285 | logout_user(); | |
286 | header("Location: index.php"); | |
287 | } | |
288 | ||
289 | function share() { | |
290 | $uuid = clean($_REQUEST["key"]); | |
291 | ||
292 | $sth = $this->pdo->prepare("SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE | |
293 | uuid = ?"); | |
294 | $sth->execute([$uuid]); | |
295 | ||
296 | if ($row = $sth->fetch()) { | |
297 | header("Content-Type: text/html"); | |
298 | ||
299 | $id = $row["ref_id"]; | |
300 | $owner_uid = $row["owner_uid"]; | |
301 | ||
302 | $article = Article::format_article($id, false, true, $owner_uid); | |
303 | ||
304 | print_r($article['content']); | |
305 | ||
306 | } else { | |
307 | print "Article not found."; | |
308 | } | |
309 | ||
310 | } | |
311 | ||
312 | function rss() { | |
313 | $feed = clean($_REQUEST["id"]); | |
314 | $key = clean($_REQUEST["key"]); | |
315 | $is_cat = clean($_REQUEST["is_cat"]); | |
316 | $limit = (int)clean($_REQUEST["limit"]); | |
317 | $offset = (int)clean($_REQUEST["offset"]); | |
318 | ||
319 | $search = clean($_REQUEST["q"]); | |
320 | $view_mode = clean($_REQUEST["view-mode"]); | |
321 | $order = clean($_REQUEST["order"]); | |
322 | $start_ts = clean($_REQUEST["ts"]); | |
323 | ||
324 | $format = clean($_REQUEST['format']); | |
325 | $orig_guid = clean($_REQUEST["orig_guid"]); | |
326 | ||
327 | if (!$format) $format = 'atom'; | |
328 | ||
329 | if (SINGLE_USER_MODE) { | |
330 | authenticate_user("admin", null); | |
331 | } | |
332 | ||
333 | $owner_id = false; | |
334 | ||
335 | if ($key) { | |
336 | $sth = $this->pdo->prepare("SELECT owner_uid FROM | |
337 | ttrss_access_keys WHERE access_key = ? AND feed_id = ?"); | |
338 | $sth->execute([$key, $feed]); | |
339 | ||
340 | if ($row = $sth->fetch()) | |
341 | $owner_id = $row["owner_uid"]; | |
342 | } | |
343 | ||
344 | if ($owner_id) { | |
345 | $this->generate_syndicated_feed($owner_id, $feed, $is_cat, $limit, | |
346 | $offset, $search, $view_mode, $format, $order, $orig_guid, $start_ts); | |
347 | } else { | |
348 | header('HTTP/1.1 403 Forbidden'); | |
349 | } | |
350 | } | |
351 | ||
352 | function updateTask() { | |
353 | PluginHost::getInstance()->run_hooks(PluginHost::HOOK_UPDATE_TASK, "hook_update_task", false); | |
354 | } | |
355 | ||
356 | function housekeepingTask() { | |
357 | PluginHost::getInstance()->run_hooks(PluginHost::HOOK_HOUSE_KEEPING, "hook_house_keeping", false); | |
358 | } | |
359 | ||
360 | function globalUpdateFeeds() { | |
361 | RPC::updaterandomfeed_real(); | |
362 | ||
363 | PluginHost::getInstance()->run_hooks(PluginHost::HOOK_UPDATE_TASK, "hook_update_task", false); | |
364 | } | |
365 | ||
366 | function sharepopup() { | |
367 | if (SINGLE_USER_MODE) { | |
368 | login_sequence(); | |
369 | } | |
370 | ||
371 | header('Content-Type: text/html; charset=utf-8'); | |
372 | print "<html><head><title>Tiny Tiny RSS</title> | |
373 | <link rel=\"shortcut icon\" type=\"image/png\" href=\"images/favicon.png\"> | |
374 | <link rel=\"icon\" type=\"image/png\" sizes=\"72x72\" href=\"images/favicon-72px.png\">"; | |
375 | ||
376 | echo stylesheet_tag("css/default.css"); | |
377 | echo javascript_tag("lib/prototype.js"); | |
378 | echo javascript_tag("lib/scriptaculous/scriptaculous.js?load=effects,controls"); | |
379 | print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/> | |
380 | </head><body id='sharepopup' class='ttrss_utility'>"; | |
381 | ||
382 | $action = clean($_REQUEST["action"]); | |
383 | ||
384 | if ($_SESSION["uid"]) { | |
385 | ||
386 | if ($action == 'share') { | |
387 | ||
388 | $title = strip_tags(clean($_REQUEST["title"])); | |
389 | $url = strip_tags(clean($_REQUEST["url"])); | |
390 | $content = strip_tags(clean($_REQUEST["content"])); | |
391 | $labels = strip_tags(clean($_REQUEST["labels"])); | |
392 | ||
393 | Article::create_published_article($title, $url, $content, $labels, | |
394 | $_SESSION["uid"]); | |
395 | ||
396 | print "<script type='text/javascript'>"; | |
397 | print "window.close();"; | |
398 | print "</script>"; | |
399 | ||
400 | } else { | |
401 | $title = htmlspecialchars(clean($_REQUEST["title"])); | |
402 | $url = htmlspecialchars(clean($_REQUEST["url"])); | |
403 | ||
404 | ?> | |
405 | ||
406 | <table height='100%' width='100%'><tr><td colspan='2'> | |
407 | <h1><?php echo __("Share with Tiny Tiny RSS") ?></h1> | |
408 | </td></tr> | |
409 | ||
410 | <form id='share_form' name='share_form'> | |
411 | ||
412 | <input type="hidden" name="op" value="sharepopup"> | |
413 | <input type="hidden" name="action" value="share"> | |
414 | ||
415 | <tr><td align='right'><?php echo __("Title:") ?></td> | |
416 | <td width='80%'><input name='title' value="<?php echo $title ?>"></td></tr> | |
417 | <tr><td align='right'><?php echo __("URL:") ?></td> | |
418 | <td><input name='url' value="<?php echo $url ?>"></td></tr> | |
419 | <tr><td align='right'><?php echo __("Content:") ?></td> | |
420 | <td><input name='content' value=""></td></tr> | |
421 | <tr><td align='right'><?php echo __("Labels:") ?></td> | |
422 | <td><input name='labels' id="labels_value" | |
423 | placeholder='Alpha, Beta, Gamma' value=""> | |
424 | </td></tr> | |
425 | ||
426 | <tr><td> | |
427 | <div class="autocomplete" id="labels_choices" | |
428 | style="display : block"></div></td></tr> | |
429 | ||
430 | <script type='text/javascript'>document.forms[0].title.focus();</script> | |
431 | ||
432 | <script type='text/javascript'> | |
433 | new Ajax.Autocompleter('labels_value', 'labels_choices', | |
434 | "backend.php?op=rpc&method=completeLabels", | |
435 | { tokens: ',', paramName: "search" }); | |
436 | </script> | |
437 | ||
438 | <tr><td colspan='2'> | |
439 | <div style='float : right' class='insensitive-small'> | |
440 | <?php echo __("Shared article will appear in the Published feed.") ?> | |
441 | </div> | |
442 | <button type="submit"><?php echo __('Share') ?></button> | |
443 | <button onclick="return window.close()"><?php echo __('Cancel') ?></button> | |
444 | </td> | |
445 | ||
446 | </form> | |
447 | </td></tr></table> | |
448 | </body></html> | |
449 | <?php | |
450 | ||
451 | } | |
452 | ||
453 | } else { | |
454 | ||
455 | $return = urlencode($_SERVER["REQUEST_URI"]) | |
456 | ?> | |
457 | ||
458 | <form action="public.php?return=<?php echo $return ?>" | |
459 | method="POST" id="loginForm" name="loginForm"> | |
460 | ||
461 | <input type="hidden" name="op" value="login"> | |
462 | ||
463 | <table height='100%' width='100%'><tr><td colspan='2'> | |
464 | <h1><?php echo __("Not logged in") ?></h1></td></tr> | |
465 | ||
466 | <tr><td align="right"><?php echo __("Login:") ?></td> | |
467 | <td align="right"><input name="login" | |
468 | value="<?php echo $_SESSION["fake_login"] ?>"></td></tr> | |
469 | <tr><td align="right"><?php echo __("Password:") ?></td> | |
470 | <td align="right"><input type="password" name="password" | |
471 | value="<?php echo $_SESSION["fake_password"] ?>"></td></tr> | |
472 | <tr><td colspan='2'> | |
473 | <button type="submit"> | |
474 | <?php echo __('Log in') ?></button> | |
475 | ||
476 | <button onclick="return window.close()"> | |
477 | <?php echo __('Cancel') ?></button> | |
478 | </td></tr> | |
479 | </table> | |
480 | ||
481 | </form> | |
482 | <?php | |
483 | } | |
484 | } | |
485 | ||
486 | function login() { | |
487 | if (!SINGLE_USER_MODE) { | |
488 | ||
489 | $login = clean($_POST["login"]); | |
490 | $password = clean($_POST["password"]); | |
491 | $remember_me = clean($_POST["remember_me"]); | |
492 | ||
493 | if ($remember_me) { | |
494 | session_set_cookie_params(SESSION_COOKIE_LIFETIME); | |
495 | } else { | |
496 | session_set_cookie_params(0); | |
497 | } | |
498 | ||
499 | if (authenticate_user($login, $password)) { | |
500 | $_POST["password"] = ""; | |
501 | ||
502 | if (get_schema_version() >= 120) { | |
503 | $_SESSION["language"] = get_pref("USER_LANGUAGE", $_SESSION["uid"]); | |
504 | } | |
505 | ||
506 | $_SESSION["ref_schema_version"] = get_schema_version(true); | |
507 | $_SESSION["bw_limit"] = !!clean($_POST["bw_limit"]); | |
508 | ||
509 | if (clean($_POST["profile"])) { | |
510 | ||
511 | $profile = clean($_POST["profile"]); | |
512 | ||
513 | $sth = $this->pdo->prepare("SELECT id FROM ttrss_settings_profiles | |
514 | WHERE id = ? AND owner_uid = ?"); | |
515 | $sth->execute([$profile, $_SESSION['uid']]); | |
516 | ||
517 | if ($sth->fetch()) { | |
518 | $_SESSION["profile"] = $profile; | |
519 | } | |
520 | } | |
521 | } else { | |
522 | ||
523 | // start an empty session to deliver login error message | |
524 | @session_start(); | |
525 | ||
526 | if (!isset($_SESSION["login_error_msg"])) | |
527 | $_SESSION["login_error_msg"] = __("Incorrect username or password"); | |
528 | ||
529 | user_error("Failed login attempt for $login from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING); | |
530 | } | |
531 | ||
532 | if (clean($_REQUEST['return'])) { | |
533 | header("Location: " . clean($_REQUEST['return'])); | |
534 | } else { | |
535 | header("Location: " . get_self_url_prefix()); | |
536 | } | |
537 | } | |
538 | } | |
539 | ||
540 | /* function subtest() { | |
541 | header("Content-type: text/plain; charset=utf-8"); | |
542 | ||
543 | $url = clean($_REQUEST["url"]); | |
544 | ||
545 | print "$url\n\n"; | |
546 | ||
547 | ||
548 | print_r(get_feeds_from_html($url, fetch_file_contents($url))); | |
549 | ||
550 | } */ | |
551 | ||
552 | function subscribe() { | |
553 | if (SINGLE_USER_MODE) { | |
554 | login_sequence(); | |
555 | } | |
556 | ||
557 | if ($_SESSION["uid"]) { | |
558 | ||
559 | $feed_url = trim(clean($_REQUEST["feed_url"])); | |
560 | ||
561 | header('Content-Type: text/html; charset=utf-8'); | |
562 | print "<html> | |
563 | <head> | |
564 | <title>Tiny Tiny RSS</title>"; | |
565 | print stylesheet_tag("css/default.css"); | |
566 | ||
567 | print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/> | |
568 | <link rel=\"shortcut icon\" type=\"image/png\" href=\"images/favicon.png\"> | |
569 | <link rel=\"icon\" type=\"image/png\" sizes=\"72x72\" href=\"images/favicon-72px.png\"> | |
570 | ||
571 | </head> | |
572 | <body class='claro ttrss_utility'> | |
573 | <img class=\"floatingLogo\" src=\"images/logo_small.png\" | |
574 | alt=\"Tiny Tiny RSS\"/> | |
575 | <h1>".__("Subscribe to feed...")."</h1><div class='content'>"; | |
576 | ||
577 | $rc = Feeds::subscribe_to_feed($feed_url); | |
578 | ||
579 | switch ($rc['code']) { | |
580 | case 0: | |
581 | print_warning(T_sprintf("Already subscribed to <b>%s</b>.", $feed_url)); | |
582 | break; | |
583 | case 1: | |
584 | print_notice(T_sprintf("Subscribed to <b>%s</b>.", $feed_url)); | |
585 | break; | |
586 | case 2: | |
587 | print_error(T_sprintf("Could not subscribe to <b>%s</b>.", $feed_url)); | |
588 | break; | |
589 | case 3: | |
590 | print_error(T_sprintf("No feeds found in <b>%s</b>.", $feed_url)); | |
591 | break; | |
592 | case 4: | |
593 | print_notice(__("Multiple feed URLs found.")); | |
594 | $feed_urls = $rc["feeds"]; | |
595 | break; | |
596 | case 5: | |
597 | print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url)); | |
598 | break; | |
599 | } | |
600 | ||
601 | if ($feed_urls) { | |
602 | ||
603 | print "<form action=\"public.php\">"; | |
604 | print "<input type=\"hidden\" name=\"op\" value=\"subscribe\">"; | |
605 | ||
606 | print "<select name=\"feed_url\">"; | |
607 | ||
608 | foreach ($feed_urls as $url => $name) { | |
609 | $url = htmlspecialchars($url); | |
610 | $name = htmlspecialchars($name); | |
611 | ||
612 | print "<option value=\"$url\">$name</option>"; | |
613 | } | |
614 | ||
615 | print "<input type=\"submit\" value=\"".__("Subscribe to selected feed"). | |
616 | "\">"; | |
617 | ||
618 | print "</form>"; | |
619 | } | |
620 | ||
621 | $tp_uri = get_self_url_prefix() . "/prefs.php"; | |
622 | $tt_uri = get_self_url_prefix(); | |
623 | ||
624 | if ($rc['code'] <= 2){ | |
625 | $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE | |
626 | feed_url = ? AND owner_uid = ?"); | |
627 | $sth->execute([$feed_url, $_SESSION['uid']]); | |
628 | $row = $sth->fetch(); | |
629 | ||
630 | $feed_id = $row["id"]; | |
631 | } else { | |
632 | $feed_id = 0; | |
633 | } | |
634 | print "<p>"; | |
635 | ||
636 | if ($feed_id) { | |
637 | print "<form method=\"GET\" style='display: inline' | |
638 | action=\"$tp_uri\"> | |
639 | <input type=\"hidden\" name=\"tab\" value=\"feedConfig\"> | |
640 | <input type=\"hidden\" name=\"method\" value=\"editFeed\"> | |
641 | <input type=\"hidden\" name=\"methodparam\" value=\"$feed_id\"> | |
642 | <input type=\"submit\" value=\"".__("Edit subscription options")."\"> | |
643 | </form>"; | |
644 | } | |
645 | ||
646 | print "<form style='display: inline' method=\"GET\" action=\"$tt_uri\"> | |
647 | <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> | |
648 | </form></p>"; | |
649 | ||
650 | print "</div></body></html>"; | |
651 | ||
652 | } else { | |
653 | render_login_form(); | |
654 | } | |
655 | } | |
656 | ||
657 | function index() { | |
658 | header("Content-Type: text/plain"); | |
659 | print error_json(13); | |
660 | } | |
661 | ||
662 | function forgotpass() { | |
663 | startup_gettext(); | |
664 | ||
665 | @$hash = clean($_REQUEST["hash"]); | |
666 | ||
667 | header('Content-Type: text/html; charset=utf-8'); | |
668 | print "<html><head><title>Tiny Tiny RSS</title> | |
669 | <link rel=\"shortcut icon\" type=\"image/png\" href=\"images/favicon.png\"> | |
670 | <link rel=\"icon\" type=\"image/png\" sizes=\"72x72\" href=\"images/favicon-72px.png\">"; | |
671 | ||
672 | echo stylesheet_tag("lib/dijit/themes/claro/claro.css"); | |
673 | echo stylesheet_tag("css/default.css"); | |
674 | echo javascript_tag("lib/prototype.js"); | |
675 | ||
676 | print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/> | |
677 | </head><body class='claro ttrss_utility'>"; | |
678 | ||
679 | print '<div class="floatingLogo"><img src="images/logo_small.png"></div>'; | |
680 | print "<h1>".__("Password recovery")."</h1>"; | |
681 | print "<div class='content'>"; | |
682 | ||
683 | @$method = clean($_POST['method']); | |
684 | ||
685 | if ($hash) { | |
686 | $login = clean($_REQUEST["login"]); | |
687 | ||
688 | if ($login) { | |
689 | $sth = $this->pdo->prepare("SELECT id, resetpass_token FROM ttrss_users | |
690 | WHERE login = ?"); | |
691 | $sth->execute([$login]); | |
692 | ||
693 | if ($row = $sth->fetch()) { | |
694 | $id = $row["id"]; | |
695 | $resetpass_token_full = $row["resetpass_token"]; | |
696 | list($timestamp, $resetpass_token) = explode(":", $resetpass_token_full); | |
697 | ||
698 | if ($timestamp && $resetpass_token && | |
699 | $timestamp >= time() - 15*60*60 && | |
700 | $resetpass_token == $hash) { | |
701 | ||
702 | $sth = $this->pdo->prepare("UPDATE ttrss_users SET resetpass_token = NULL | |
703 | WHERE id = ?"); | |
704 | $sth->execute([$id]); | |
705 | ||
706 | Pref_Users::resetUserPassword($id, true); | |
707 | ||
708 | print "<p>"."Completed."."</p>"; | |
709 | ||
710 | } else { | |
711 | print_error("Some of the information provided is missing or incorrect."); | |
712 | } | |
713 | } else { | |
714 | print_error("Some of the information provided is missing or incorrect."); | |
715 | } | |
716 | } else { | |
717 | print_error("Some of the information provided is missing or incorrect."); | |
718 | } | |
719 | ||
720 | print "<form method=\"GET\" action=\"index.php\"> | |
721 | <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> | |
722 | </form>"; | |
723 | ||
724 | } else if (!$method) { | |
725 | print_notice(__("You will need to provide valid account name and email. A password reset link will be sent to your email address.")); | |
726 | ||
727 | print "<form method='POST' action='public.php'>"; | |
728 | print "<input type='hidden' name='method' value='do'>"; | |
729 | print "<input type='hidden' name='op' value='forgotpass'>"; | |
730 | ||
731 | print "<fieldset>"; | |
732 | print "<label>".__("Login:")."</label>"; | |
733 | print "<input class='input input-text' type='text' name='login' value='' required>"; | |
734 | print "</fieldset>"; | |
735 | ||
736 | print "<fieldset>"; | |
737 | print "<label>".__("Email:")."</label>"; | |
738 | print "<input class='input input-text' type='email' name='email' value='' required>"; | |
739 | print "</fieldset>"; | |
740 | ||
741 | print "<fieldset>"; | |
742 | print "<label>".__("How much is two plus two:")."</label>"; | |
743 | print "<input class='input input-text' type='text' name='test' value='' required>"; | |
744 | print "</fieldset>"; | |
745 | ||
746 | print "<p/>"; | |
747 | print "<button type='submit'>".__("Reset password")."</button>"; | |
748 | ||
749 | print "</form>"; | |
750 | } else if ($method == 'do') { | |
751 | ||
752 | $login = clean($_POST["login"]); | |
753 | $email = clean($_POST["email"]); | |
754 | $test = clean($_POST["test"]); | |
755 | ||
756 | if (($test != 4 && $test != 'four') || !$email || !$login) { | |
757 | print_error(__('Some of the required form parameters are missing or incorrect.')); | |
758 | ||
759 | print "<form method=\"GET\" action=\"public.php\"> | |
760 | <input type=\"hidden\" name=\"op\" value=\"forgotpass\"> | |
761 | <input type=\"submit\" value=\"".__("Go back")."\"> | |
762 | </form>"; | |
763 | ||
764 | } else { | |
765 | ||
766 | print_notice("Password reset instructions are being sent to your email address."); | |
767 | ||
768 | $sth = $this->pdo->prepare("SELECT id FROM ttrss_users | |
769 | WHERE login = ? AND email = ?"); | |
770 | $sth->execute([$login, $email]); | |
771 | ||
772 | if ($row = $sth->fetch()) { | |
773 | $id = $row["id"]; | |
774 | ||
775 | if ($id) { | |
776 | $resetpass_token = sha1(get_random_bytes(128)); | |
777 | $resetpass_link = get_self_url_prefix() . "/public.php?op=forgotpass&hash=" . $resetpass_token . | |
778 | "&login=" . urlencode($login); | |
779 | ||
780 | require_once 'classes/ttrssmailer.php'; | |
781 | require_once "lib/MiniTemplator.class.php"; | |
782 | ||
783 | $tpl = new MiniTemplator; | |
784 | ||
785 | $tpl->readTemplateFromFile("templates/resetpass_link_template.txt"); | |
786 | ||
787 | $tpl->setVariable('LOGIN', $login); | |
788 | $tpl->setVariable('RESETPASS_LINK', $resetpass_link); | |
789 | ||
790 | $tpl->addBlock('message'); | |
791 | ||
792 | $message = ""; | |
793 | ||
794 | $tpl->generateOutputToString($message); | |
795 | ||
796 | $mail = new ttrssMailer(); | |
797 | ||
798 | $rc = $mail->quickMail($email, $login, | |
799 | __("[tt-rss] Password reset request"), | |
800 | $message, false); | |
801 | ||
802 | if (!$rc) print_error($mail->ErrorInfo); | |
803 | ||
804 | $resetpass_token_full = time() . ":" . $resetpass_token; | |
805 | ||
806 | $sth = $this->pdo->prepare("UPDATE ttrss_users | |
807 | SET resetpass_token = ? | |
808 | WHERE login = ? AND email = ?"); | |
809 | ||
810 | $sth->execute([$resetpass_token_full, $login, $email]); | |
811 | ||
812 | //Pref_Users::resetUserPassword($id, false); | |
813 | ||
814 | print "<p>"; | |
815 | ||
816 | print "<p>"."Completed."."</p>"; | |
817 | } else { | |
818 | print_error("User ID not found."); | |
819 | } | |
820 | ||
821 | print "<form method=\"GET\" action=\"index.php\"> | |
822 | <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> | |
823 | </form>"; | |
824 | ||
825 | } else { | |
826 | print_error(__("Sorry, login and email combination not found.")); | |
827 | ||
828 | print "<form method=\"GET\" action=\"public.php\"> | |
829 | <input type=\"hidden\" name=\"op\" value=\"forgotpass\"> | |
830 | <input type=\"submit\" value=\"".__("Go back")."\"> | |
831 | </form>"; | |
832 | ||
833 | } | |
834 | } | |
835 | ||
836 | } | |
837 | ||
838 | print "</div>"; | |
839 | print "</body>"; | |
840 | print "</html>"; | |
841 | ||
842 | } | |
843 | ||
844 | function dbupdate() { | |
845 | startup_gettext(); | |
846 | ||
847 | if (!SINGLE_USER_MODE && $_SESSION["access_level"] < 10) { | |
848 | $_SESSION["login_error_msg"] = __("Your access level is insufficient to run this script."); | |
849 | render_login_form(); | |
850 | exit; | |
851 | } | |
852 | ||
853 | ?><html> | |
854 | <head> | |
855 | <title>Database Updater</title> | |
856 | <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> | |
857 | <link rel="stylesheet" type="text/css" href="css/default.css"/> | |
858 | <link rel=\"shortcut icon\" type=\"image/png\" href=\"images/favicon.png\"> | |
859 | <link rel=\"icon\" type=\"image/png\" sizes=\"72x72\" href=\"images/favicon-72px.png\"> | |
860 | </head> | |
861 | <style type="text/css"> | |
862 | span.ok { color : #009000; font-weight : bold; } | |
863 | span.err { color : #ff0000; font-weight : bold; } | |
864 | </style> | |
865 | <body class="claro ttrss_utility"> | |
866 | <script type='text/javascript'> | |
867 | function confirmOP() { | |
868 | return confirm("Update the database?"); | |
869 | } | |
870 | </script> | |
871 | ||
872 | <div class="floatingLogo"><img src="images/logo_small.png"></div> | |
873 | ||
874 | <h1><?php echo __("Database Updater") ?></h1> | |
875 | ||
876 | <div class="content"> | |
877 | ||
878 | <?php | |
879 | @$op = clean($_REQUEST["subop"]); | |
880 | $updater = new DbUpdater(Db::pdo(), DB_TYPE, SCHEMA_VERSION); | |
881 | ||
882 | if ($op == "performupdate") { | |
883 | if ($updater->isUpdateRequired()) { | |
884 | ||
885 | print "<h2>Performing updates</h2>"; | |
886 | ||
887 | print "<h3>Updating to schema version " . SCHEMA_VERSION . "</h3>"; | |
888 | ||
889 | print "<ul>"; | |
890 | ||
891 | for ($i = $updater->getSchemaVersion() + 1; $i <= SCHEMA_VERSION; $i++) { | |
892 | print "<li>Performing update up to version $i..."; | |
893 | ||
894 | $result = $updater->performUpdateTo($i, true); | |
895 | ||
896 | if (!$result) { | |
897 | print "<span class='err'>FAILED!</span></li></ul>"; | |
898 | ||
899 | print_warning("One of the updates failed. Either retry the process or perform updates manually."); | |
900 | print "<p><form method=\"GET\" action=\"index.php\"> | |
901 | <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> | |
902 | </form>"; | |
903 | ||
904 | return; | |
905 | } else { | |
906 | print "<span class='ok'>OK!</span></li>"; | |
907 | } | |
908 | } | |
909 | ||
910 | print "</ul>"; | |
911 | ||
912 | print_notice("Your Tiny Tiny RSS database is now updated to the latest version."); | |
913 | ||
914 | print "<p><form method=\"GET\" action=\"index.php\"> | |
915 | <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> | |
916 | </form>"; | |
917 | ||
918 | } else { | |
919 | print "<h2>Your database is up to date.</h2>"; | |
920 | ||
921 | print "<p><form method=\"GET\" action=\"index.php\"> | |
922 | <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> | |
923 | </form>"; | |
924 | } | |
925 | } else { | |
926 | if ($updater->isUpdateRequired()) { | |
927 | ||
928 | print "<h2>Database update required</h2>"; | |
929 | ||
930 | print_notice("<h4>". | |
931 | sprintf("Your Tiny Tiny RSS database needs update to the latest version: %d to %d.", | |
932 | $updater->getSchemaVersion(), SCHEMA_VERSION). | |
933 | "</h4>"); | |
934 | ||
935 | print_warning("Please backup your database before proceeding."); | |
936 | ||
937 | print "<form method='POST'> | |
938 | <input type='hidden' name='subop' value='performupdate'> | |
939 | <input type='submit' onclick='return confirmOP()' value='".__("Perform updates")."'> | |
940 | </form>"; | |
941 | ||
942 | } else { | |
943 | ||
944 | print_notice("Tiny Tiny RSS database is up to date."); | |
945 | ||
946 | print "<p><form method=\"GET\" action=\"index.php\"> | |
947 | <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> | |
948 | </form>"; | |
949 | ||
950 | } | |
951 | } | |
952 | ?> | |
953 | ||
954 | </div> | |
955 | </body> | |
956 | </html> | |
957 | <?php | |
958 | } | |
959 | ||
960 | function cached_url() { | |
961 | @$req_filename = basename($_GET['hash']); | |
962 | ||
963 | // we don't need an extension to find the file, hash is a complete URL | |
964 | $hash = preg_replace("/\.[^\.]*$/", "", $req_filename); | |
965 | ||
966 | if ($hash) { | |
967 | ||
968 | $filename = CACHE_DIR . '/images/' . $hash; | |
969 | ||
970 | if (file_exists($filename)) { | |
971 | header("Content-Disposition: inline; filename=\"$req_filename\""); | |
972 | ||
973 | send_local_file($filename); | |
974 | ||
975 | } else { | |
976 | header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found"); | |
977 | echo "File not found."; | |
978 | } | |
979 | } | |
980 | } | |
981 | ||
982 | private function make_article_tag_uri($id, $timestamp) { | |
983 | ||
984 | $timestamp = date("Y-m-d", strtotime($timestamp)); | |
985 | ||
986 | return "tag:" . parse_url(get_self_url_prefix(), PHP_URL_HOST) . ",$timestamp:/$id"; | |
987 | } | |
988 | ||
989 | // this should be used very carefully because this endpoint is exposed to unauthenticated users | |
990 | // plugin data is not loaded because there's no user context and owner_uid/session may or may not be available | |
991 | // in general, don't do anything user-related in here and do not modify $_SESSION | |
992 | public function pluginhandler() { | |
993 | $host = new PluginHost(); | |
994 | ||
995 | $plugin = basename(clean($_REQUEST["plugin"])); | |
996 | $method = clean($_REQUEST["pmethod"]); | |
997 | ||
998 | $host->load($plugin, PluginHost::KIND_USER, 0); | |
999 | $host->load_data(); | |
1000 | ||
1001 | $pclass = $host->get_plugin($plugin); | |
1002 | ||
1003 | if ($pclass) { | |
1004 | if (method_exists($pclass, $method)) { | |
1005 | if ($pclass->is_public_method($method)) { | |
1006 | $pclass->$method(); | |
1007 | } else { | |
1008 | header("Content-Type: text/json"); | |
1009 | print error_json(6); | |
1010 | } | |
1011 | } else { | |
1012 | header("Content-Type: text/json"); | |
1013 | print error_json(13); | |
1014 | } | |
1015 | } else { | |
1016 | header("Content-Type: text/json"); | |
1017 | print error_json(14); | |
1018 | } | |
1019 | } | |
1020 | } | |
1021 | ?> |