classes/article.php

   1 <?php
   2 class Article extends Handler_Protected {
   3
   4         function csrf_ignore($method) {
   5                 $csrf_ignored = array("redirect", "editarticletags");
   6
   7                 return array_search($method, $csrf_ignored) !== false;
   8         }
   9
  10         function redirect() {
  11                 $id = $this->dbh->escape_string($_REQUEST['id']);
  12
  13                 $result = $this->dbh->query("SELECT link FROM ttrss_entries, ttrss_user_entries
  14                                                 WHERE id = '$id' AND id = ref_id AND owner_uid = '".$_SESSION['uid']."'
  15                                                 LIMIT 1");
  16
  17                 if ($this->dbh->num_rows($result) == 1) {
  18                         $article_url = $this->dbh->fetch_result($result, 0, 'link');
  19                         $article_url = str_replace("\n", "", $article_url);
  20
  21                         header("Location: $article_url");
  22                         return;
  23
  24                 } else {
  25                         print_error(__("Article not found."));
  26                 }
  27         }
  28
  29         function view() {
  30                 $id = $this->dbh->escape_string($_REQUEST["id"]);
  31                 $cids = explode(",", $this->dbh->escape_string($_REQUEST["cids"]));
  32                 $mode = $this->dbh->escape_string($_REQUEST["mode"]);
  33
  34                 // in prefetch mode we only output requested cids, main article
  35                 // just gets marked as read (it already exists in client cache)
  36
  37                 $articles = array();
  38
  39                 if ($mode == "") {
  40                         array_push($articles, format_article($id, false));
  41                 } else if ($mode == "zoom") {
  42                         array_push($articles, format_article($id, true, true));
  43                 } else if ($mode == "raw") {
  44                         if ($_REQUEST['html']) {
  45                                 header("Content-Type: text/html");
  46                                 print '<link rel="stylesheet" type="text/css" href="css/tt-rss.css"/>';
  47                         }
  48
  49                         $article = format_article($id, false);
  50                         print $article['content'];
  51                         return;
  52                 }
  53
  54                 $this->catchupArticleById($id, 0);
  55
  56                 if (!$_SESSION["bw_limit"]) {
  57                         foreach ($cids as $cid) {
  58                                 if ($cid) {
  59                                         array_push($articles, format_article($cid, false, false));
  60                                 }
  61                         }
  62                 }
  63
  64                 print json_encode($articles);
  65         }
  66
  67         private function catchupArticleById($id, $cmode) {
  68
  69                 if ($cmode == 0) {
  70                         $this->dbh->query("UPDATE ttrss_user_entries SET
  71                         unread = false,last_read = NOW()
  72                         WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
  73                 } else if ($cmode == 1) {
  74                         $this->dbh->query("UPDATE ttrss_user_entries SET
  75                         unread = true
  76                         WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
  77                 } else {
  78                         $this->dbh->query("UPDATE ttrss_user_entries SET
  79                         unread = NOT unread,last_read = NOW()
  80                         WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
  81                 }
  82
  83                 $feed_id = getArticleFeed($id);
  84                 ccache_update($feed_id, $_SESSION["uid"]);
  85         }
  86
  87         static function create_published_article($title, $url, $content, $labels_str,
  88                         $owner_uid) {
  89
  90                 $guid = 'SHA1:' . sha1("ttshared:" . $url . $owner_uid); // include owner_uid to prevent global GUID clash
  91                 $content_hash = sha1($content);
  92
  93                 if ($labels_str != "") {
  94                         $labels = explode(",", $labels_str);
  95                 } else {
  96                         $labels = array();
  97                 }
  98
  99                 $rc = false;
 100
 101                 if (!$title) $title = $url;
 102                 if (!$title && !$url) return false;
 103
 104                 if (filter_var($url, FILTER_VALIDATE_URL) === FALSE) return false;
 105
 106                 db_query("BEGIN");
 107
 108                 // only check for our user data here, others might have shared this with different content etc
 109                 $result = db_query("SELECT id FROM ttrss_entries, ttrss_user_entries WHERE
 110                         guid = '$guid' AND ref_id = id AND owner_uid = '$owner_uid' LIMIT 1");
 111
 112                 if (db_num_rows($result) != 0) {
 113                         $ref_id = db_fetch_result($result, 0, "id");
 114
 115                         $result = db_query("SELECT int_id FROM ttrss_user_entries WHERE
 116                                 ref_id = '$ref_id' AND owner_uid = '$owner_uid' LIMIT 1");
 117
 118                         if (db_num_rows($result) != 0) {
 119                                 $int_id = db_fetch_result($result, 0, "int_id");
 120
 121                                 db_query("UPDATE ttrss_entries SET
 122                                         content = '$content', content_hash = '$content_hash' WHERE id = '$ref_id'");
 123
 124                                 db_query("UPDATE ttrss_user_entries SET published = true,
 125                                                 last_published = NOW() WHERE
 126                                                 int_id = '$int_id' AND owner_uid = '$owner_uid'");
 127                         } else {
 128
 129                                 db_query("INSERT INTO ttrss_user_entries
 130                                         (ref_id, uuid, feed_id, orig_feed_id, owner_uid, published, tag_cache, label_cache,
 131                                                 last_read, note, unread, last_published)
 132                                         VALUES
 133                                         ('$ref_id', '', NULL, NULL, $owner_uid, true, '', '', NOW(), '', false, NOW())");
 134                         }
 135
 136                         if (count($labels) != 0) {
 137                                 foreach ($labels as $label) {
 138                                         label_add_article($ref_id, trim($label), $owner_uid);
 139                                 }
 140                         }
 141
 142                         $rc = true;
 143
 144                 } else {
 145                         $result = db_query("INSERT INTO ttrss_entries
 146                                 (title, guid, link, updated, content, content_hash, date_entered, date_updated)
 147                                 VALUES
 148                                 ('$title', '$guid', '$url', NOW(), '$content', '$content_hash', NOW(), NOW())");
 149
 150                         $result = db_query("SELECT id FROM ttrss_entries WHERE guid = '$guid'");
 151
 152                         if (db_num_rows($result) != 0) {
 153                                 $ref_id = db_fetch_result($result, 0, "id");
 154
 155                                 db_query("INSERT INTO ttrss_user_entries
 156                                         (ref_id, uuid, feed_id, orig_feed_id, owner_uid, published, tag_cache, label_cache,
 157                                                 last_read, note, unread, last_published)
 158                                         VALUES
 159                                         ('$ref_id', '', NULL, NULL, $owner_uid, true, '', '', NOW(), '', false, NOW())");
 160
 161                                 if (count($labels) != 0) {
 162                                         foreach ($labels as $label) {
 163                                                 label_add_article($ref_id, trim($label), $owner_uid);
 164                                         }
 165                                 }
 166
 167                                 $rc = true;
 168                         }
 169                 }
 170
 171                 db_query("COMMIT");
 172
 173                 return $rc;
 174         }
 175
 176         function editArticleTags() {
 177
 178                 print __("Tags for this article (separated by commas):")."<br>";
 179
 180                 $param = $this->dbh->escape_string($_REQUEST['param']);
 181
 182                 $tags = get_article_tags($this->dbh->escape_string($param));
 183
 184                 $tags_str = join(", ", $tags);
 185
 186                 print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$param\">";
 187                 print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"article\">";
 188                 print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"setArticleTags\">";
 189
 190                 print "<table width='100%'><tr><td>";
 191
 192                 print "<textarea dojoType=\"dijit.form.SimpleTextarea\" rows='4'
 193                         style='font-size : 12px; width : 100%' id=\"tags_str\"
 194                         name='tags_str'>$tags_str</textarea>
 195                 <div class=\"autocomplete\" id=\"tags_choices\"
 196                                 style=\"display:none\"></div>";
 197
 198                 print "</td></tr></table>";
 199
 200                 print "<div class='dlgButtons'>";
 201
 202                 print "<button dojoType=\"dijit.form.Button\"
 203                         onclick=\"dijit.byId('editTagsDlg').execute()\">".__('Save')."</button> ";
 204                 print "<button dojoType=\"dijit.form.Button\"
 205                         onclick=\"dijit.byId('editTagsDlg').hide()\">".__('Cancel')."</button>";
 206                 print "</div>";
 207
 208         }
 209
 210         function setScore() {
 211                 $ids = $this->dbh->escape_string($_REQUEST['id']);
 212                 $score = (int)$this->dbh->escape_string($_REQUEST['score']);
 213
 214                 $this->dbh->query("UPDATE ttrss_user_entries SET
 215                         score = '$score' WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]);
 216
 217                 print json_encode(array("id" => $ids,
 218                         "score_pic" => get_score_pic($score)));
 219         }
 220
 221
 222         function setArticleTags() {
 223
 224                 $id = $this->dbh->escape_string($_REQUEST["id"]);
 225
 226                 $tags_str = $this->dbh->escape_string($_REQUEST["tags_str"]);
 227                 $tags = array_unique(trim_array(explode(",", $tags_str)));
 228
 229                 $this->dbh->query("BEGIN");
 230
 231                 $result = $this->dbh->query("SELECT int_id FROM ttrss_user_entries WHERE
 232                                 ref_id = '$id' AND owner_uid = '".$_SESSION["uid"]."' LIMIT 1");
 233
 234                 if ($this->dbh->num_rows($result) == 1) {
 235
 236                         $tags_to_cache = array();
 237
 238                         $int_id = $this->dbh->fetch_result($result, 0, "int_id");
 239
 240                         $this->dbh->query("DELETE FROM ttrss_tags WHERE
 241                                 post_int_id = $int_id AND owner_uid = '".$_SESSION["uid"]."'");
 242
 243                         foreach ($tags as $tag) {
 244                                 $tag = sanitize_tag($tag);
 245
 246                                 if (!tag_is_valid($tag)) {
 247                                         continue;
 248                                 }
 249
 250                                 if (preg_match("/^[0-9]*$/", $tag)) {
 251                                         continue;
 252                                 }
 253
 254                                 //                                      print "<!-- $id : $int_id : $tag -->";
 255
 256                                 if ($tag != '') {
 257                                         $this->dbh->query("INSERT INTO ttrss_tags
 258                                                                 (post_int_id, owner_uid, tag_name) VALUES ('$int_id', '".$_SESSION["uid"]."', '$tag')");
 259                                 }
 260
 261                                 array_push($tags_to_cache, $tag);
 262                         }
 263
 264                         /* update tag cache */
 265
 266                         sort($tags_to_cache);
 267                         $tags_str = join(",", $tags_to_cache);
 268
 269                         $this->dbh->query("UPDATE ttrss_user_entries
 270                                 SET tag_cache = '$tags_str' WHERE ref_id = '$id'
 271                                                 AND owner_uid = " . $_SESSION["uid"]);
 272                 }
 273
 274                 $this->dbh->query("COMMIT");
 275
 276                 $tags = get_article_tags($id);
 277                 $tags_str = format_tags_string($tags, $id);
 278                 $tags_str_full = join(", ", $tags);
 279
 280                 if (!$tags_str_full) $tags_str_full = __("no tags");
 281
 282                 print json_encode(array("id" => (int)$id,
 283                                 "content" => $tags_str, "content_full" => $tags_str_full));
 284         }
 285
 286
 287         function completeTags() {
 288                 $search = $this->dbh->escape_string($_REQUEST["search"]);
 289
 290                 $result = $this->dbh->query("SELECT DISTINCT tag_name FROM ttrss_tags
 291                                 WHERE owner_uid = '".$_SESSION["uid"]."' AND
 292                                 tag_name LIKE '$search%' ORDER BY tag_name
 293                                 LIMIT 10");
 294
 295                 print "<ul>";
 296                 while ($line = $this->dbh->fetch_assoc($result)) {
 297                         print "<li>" . $line["tag_name"] . "</li>";
 298                 }
 299                 print "</ul>";
 300         }
 301
 302         function assigntolabel() {
 303                 return $this->labelops(true);
 304         }
 305
 306         function removefromlabel() {
 307                 return $this->labelops(false);
 308         }
 309
 310         private function labelops($assign) {
 311                 $reply = array();
 312
 313                 $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
 314                 $label_id = $this->dbh->escape_string($_REQUEST["lid"]);
 315
 316                 $label = $this->dbh->escape_string(label_find_caption($label_id,
 317                 $_SESSION["uid"]));
 318
 319                 $reply["info-for-headlines"] = array();
 320
 321                 if ($label) {
 322
 323                         foreach ($ids as $id) {
 324
 325                                 if ($assign)
 326                                         label_add_article($id, $label, $_SESSION["uid"]);
 327                                 else
 328                                         label_remove_article($id, $label, $_SESSION["uid"]);
 329
 330                                 $labels = get_article_labels($id, $_SESSION["uid"]);
 331
 332                                 array_push($reply["info-for-headlines"],
 333                                 array("id" => $id, "labels" => format_article_labels($labels, $id)));
 334
 335                         }
 336                 }
 337
 338                 $reply["message"] = "UPDATE_COUNTERS";
 339
 340                 print json_encode($reply);
 341         }
 342
 343
 344
 345 }