]> git.wh0rd.org - tt-rss.git/blob - classes/rpc.php
git.wh0rd.org / tt-rss.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
pngcrush.sh
[tt-rss.git] / classes / rpc.php
1 <?php
2 class RPC extends Handler_Protected {
3
4 function csrf_ignore($method) {
5 $csrf_ignored = array("sanitycheck", "completelabels", "saveprofile");
6
7 return array_search($method, $csrf_ignored) !== false;
8 }
9
10 function setprofile() {
11 $_SESSION["profile"] = clean($_REQUEST["id"]);
12
13 // default value
14 if (!$_SESSION["profile"]) $_SESSION["profile"] = null;
15 }
16
17 function remprofiles() {
18 $ids = explode(",", trim(clean($_REQUEST["ids"])));
19
20 foreach ($ids as $id) {
21 if ($_SESSION["profile"] != $id) {
22 $sth = $this->pdo->prepare("DELETE FROM ttrss_settings_profiles WHERE id = ? AND
23 owner_uid = ?");
24 $sth->execute([$id, $_SESSION['uid']]);
25 }
26 }
27 }
28
29 // Silent
30 function addprofile() {
31 $title = trim(clean($_REQUEST["title"]));
32
33 if ($title) {
34 $this->pdo->beginTransaction();
35
36 $sth = $this->pdo->prepare("SELECT id FROM ttrss_settings_profiles
37 WHERE title = ? AND owner_uid = ?");
38 $sth->execute([$title, $_SESSION['uid']]);
39
40 if (!$sth->fetch()) {
41
42 $sth = $this->pdo->prepare("INSERT INTO ttrss_settings_profiles (title, owner_uid)
43 VALUES (?, ?)");
44
45 $sth->execute([$title, $_SESSION['uid']]);
46
47 $sth = $this->pdo->prepare("SELECT id FROM ttrss_settings_profiles WHERE
48 title = ? AND owner_uid = ?");
49 $sth->execute([$title, $_SESSION['uid']]);
50
51 if ($row = $sth->fetch()) {
52 $profile_id = $row['id'];
53
54 if ($profile_id) {
55 initialize_user_prefs($_SESSION["uid"], $profile_id);
56 }
57 }
58 }
59
60 $this->pdo->commit();
61 }
62 }
63
64 function saveprofile() {
65 $id = clean($_REQUEST["id"]);
66 $title = trim(clean($_REQUEST["value"]));
67
68 if ($id == 0) {
69 print __("Default profile");
70 return;
71 }
72
73 if ($title) {
74 $sth = $this->pdo->prepare("UPDATE ttrss_settings_profiles
75 SET title = ? WHERE id = ? AND
76 owner_uid = ?");
77
78 $sth->execute([$title, $id, $_SESSION['uid']]);
79 print $title;
80 }
81 }
82
83 // Silent
84 function remarchive() {
85 $ids = explode(",", clean($_REQUEST["ids"]));
86
87 $sth = $this->pdo->prepare("DELETE FROM ttrss_archived_feeds WHERE
88 (SELECT COUNT(*) FROM ttrss_user_entries
89 WHERE orig_feed_id = :id) = 0 AND
90 id = :id AND owner_uid = :uid");
91
92 foreach ($ids as $id) {
93 $sth->execute([":id" => $id, ":uid" => $_SESSION['uid']]);
94 }
95 }
96
97 function addfeed() {
98 $feed = clean($_REQUEST['feed']);
99 $cat = clean($_REQUEST['cat']);
100 $need_auth = isset($_REQUEST['need_auth']);
101 $login = $need_auth ? clean($_REQUEST['login']) : '';
102 $pass = $need_auth ? trim(clean($_REQUEST['pass'])) : '';
103
104 $rc = Feeds::subscribe_to_feed($feed, $cat, $login, $pass);
105
106 print json_encode(array("result" => $rc));
107 }
108
109 function togglepref() {
110 $key = clean($_REQUEST["key"]);
111 set_pref($key, !get_pref($key));
112 $value = get_pref($key);
113
114 print json_encode(array("param" =>$key, "value" => $value));
115 }
116
117 function setpref() {
118 // set_pref escapes input, so no need to double escape it here
119 $key = clean($_REQUEST['key']);
120 $value = $_REQUEST['value'];
121
122 set_pref($key, $value, false, $key != 'USER_STYLESHEET');
123
124 print json_encode(array("param" =>$key, "value" => $value));
125 }
126
127 function mark() {
128 $mark = clean($_REQUEST["mark"]);
129 $id = clean($_REQUEST["id"]);
130
131 $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET marked = ?,
132 last_marked = NOW()
133 WHERE ref_id = ? AND owner_uid = ?");
134
135 $sth->execute([$mark, $id, $_SESSION['uid']]);
136
137 print json_encode(array("message" => "UPDATE_COUNTERS"));
138 }
139
140 function delete() {
141 $ids = explode(",", clean($_REQUEST["ids"]));
142 $ids_qmarks = arr_qmarks($ids);
143
144 $sth = $this->pdo->prepare("DELETE FROM ttrss_user_entries
145 WHERE ref_id IN ($ids_qmarks) AND owner_uid = ?");
146 $sth->execute(array_merge($ids, [$_SESSION['uid']]));
147
148 Article::purge_orphans();
149
150 print json_encode(array("message" => "UPDATE_COUNTERS"));
151 }
152
153 function unarchive() {
154 $ids = explode(",", clean($_REQUEST["ids"]));
155
156 foreach ($ids as $id) {
157 $this->pdo->beginTransaction();
158
159 $sth = $this->pdo->prepare("SELECT feed_url,site_url,title FROM ttrss_archived_feeds
160 WHERE id = (SELECT orig_feed_id FROM ttrss_user_entries WHERE ref_id = :id
161 AND owner_uid = :uid) AND owner_uid = :uid");
162 $sth->execute([":uid" => $_SESSION['uid'], ":id" => $id]);
163
164 if ($row = $sth->fetch()) {
165 $feed_url = $row['feed_url'];
166 $site_url = $row['site_url'];
167 $title = $row['title'];
168
169 $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE feed_url = ?
170 AND owner_uid = ?");
171 $sth->execute([$feed_url, $_SESSION['uid']]);
172
173 if ($row = $sth->fetch()) {
174 $feed_id = $row["id"];
175 } else {
176 if (!$title) $title = '[Unknown]';
177
178 $sth = $this->pdo->prepare("INSERT INTO ttrss_feeds
179 (owner_uid,feed_url,site_url,title,cat_id,auth_login,auth_pass,update_method)
180 VALUES (?, ?, ?, ?, NULL, '', '', 0)");
181 $sth->execute([$_SESSION['uid'], $feed_url, $site_url, $title]);
182
183 $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE feed_url = ?
184 AND owner_uid = ?");
185 $sth->execute([$feed_url, $_SESSION['uid']]);
186
187 if ($row = $sth->fetch()) {
188 $feed_id = $row['id'];
189 }
190 }
191
192 if ($feed_id) {
193 $sth = $this->pdo->prepare("UPDATE ttrss_user_entries
194 SET feed_id = ?, orig_feed_id = NULL
195 WHERE ref_id = ? AND owner_uid = ?");
196 $sth->execute([$feed_id, $id, $_SESSION['uid']]);
197 }
198 }
199
200 $this->pdo->commit();
201 }
202
203 print json_encode(array("message" => "UPDATE_COUNTERS"));
204 }
205
206 function archive() {
207 $ids = explode(",", clean($_REQUEST["ids"]));
208
209 foreach ($ids as $id) {
210 $this->archive_article($id, $_SESSION["uid"]);
211 }
212
213 print json_encode(array("message" => "UPDATE_COUNTERS"));
214 }
215
216 private function archive_article($id, $owner_uid) {
217 $this->pdo->beginTransaction();
218
219 if (!$owner_uid) $owner_uid = $_SESSION['uid'];
220
221 $sth = $this->pdo->prepare("SELECT feed_id FROM ttrss_user_entries
222 WHERE ref_id = ? AND owner_uid = ?");
223 $sth->execute([$id, $owner_uid]);
224
225 if ($row = $sth->fetch()) {
226
227 /* prepare the archived table */
228
229 $feed_id = (int) $row['feed_id'];
230
231 if ($feed_id) {
232 $sth = $this->pdo->prepare("SELECT id FROM ttrss_archived_feeds
233 WHERE id = ? AND owner_uid = ?");
234 $sth->execute([$feed_id, $owner_uid]);
235
236 if ($row = $sth->fetch()) {
237 $new_feed_id = $row['id'];
238 } else {
239 $row = $this->pdo->query("SELECT MAX(id) AS id FROM ttrss_archived_feeds")->fetch();
240 $new_feed_id = (int)$row['id'] + 1;
241
242 $sth = $this->pdo->prepare("INSERT INTO ttrss_archived_feeds
243 (id, owner_uid, title, feed_url, site_url)
244 SELECT ?, owner_uid, title, feed_url, site_url from ttrss_feeds
245 WHERE id = ?");
246
247 $sth->execute([$new_feed_id, $feed_id]);
248 }
249
250 $sth = $this->pdo->prepare("UPDATE ttrss_user_entries
251 SET orig_feed_id = ?, feed_id = NULL
252 WHERE ref_id = ? AND owner_uid = ?");
253 $sth->execute([$new_feed_id, $id, $owner_uid]);
254 }
255 }
256
257 $this->pdo->commit();
258 }
259
260 function publ() {
261 $pub = clean($_REQUEST["pub"]);
262 $id = clean($_REQUEST["id"]);
263
264 $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET
265 published = ?, last_published = NOW()
266 WHERE ref_id = ? AND owner_uid = ?");
267
268 $sth->execute([$pub, $id, $_SESSION['uid']]);
269
270 print json_encode(array("message" => "UPDATE_COUNTERS"));
271 }
272
273 function getAllCounters() {
274 $last_article_id = (int) clean($_REQUEST["last_article_id"]);
275
276 $reply = array();
277
278 if (!empty($_REQUEST['seq'])) $reply['seq'] = (int) $_REQUEST['seq'];
279
280 if ($last_article_id != Article::getLastArticleId()) {
281 $reply['counters'] = Counters::getAllCounters();
282 }
283
284 $reply['runtime-info'] = make_runtime_info();
285
286 print json_encode($reply);
287 }
288
289 /* GET["cmode"] = 0 - mark as read, 1 - as unread, 2 - toggle */
290 function catchupSelected() {
291 $ids = explode(",", clean($_REQUEST["ids"]));
292 $cmode = sprintf("%d", clean($_REQUEST["cmode"]));
293
294 Article::catchupArticlesById($ids, $cmode);
295
296 print json_encode(array("message" => "UPDATE_COUNTERS", "ids" => $ids));
297 }
298
299 function markSelected() {
300 $ids = explode(",", clean($_REQUEST["ids"]));
301 $cmode = (int)clean($_REQUEST["cmode"]);
302
303 $this->markArticlesById($ids, $cmode);
304
305 print json_encode(array("message" => "UPDATE_COUNTERS"));
306 }
307
308 function publishSelected() {
309 $ids = explode(",", clean($_REQUEST["ids"]));
310 $cmode = (int)clean($_REQUEST["cmode"]);
311
312 $this->publishArticlesById($ids, $cmode);
313
314 print json_encode(array("message" => "UPDATE_COUNTERS"));
315 }
316
317 function sanityCheck() {
318 $_SESSION["hasAudio"] = clean($_REQUEST["hasAudio"]) === "true";
319 $_SESSION["hasSandbox"] = clean($_REQUEST["hasSandbox"]) === "true";
320 $_SESSION["hasMp3"] = clean($_REQUEST["hasMp3"]) === "true";
321 $_SESSION["clientTzOffset"] = clean($_REQUEST["clientTzOffset"]);
322
323 $reply = array();
324
325 $reply['error'] = sanity_check();
326
327 if ($reply['error']['code'] == 0) {
328 $reply['init-params'] = make_init_params();
329 $reply['runtime-info'] = make_runtime_info(true);
330 }
331
332 print json_encode($reply);
333 }
334
335 function completeLabels() {
336 $search = clean($_REQUEST["search"]);
337
338 $sth = $this->pdo->prepare("SELECT DISTINCT caption FROM
339 ttrss_labels2
340 WHERE owner_uid = ? AND
341 LOWER(caption) LIKE LOWER(?) ORDER BY caption
342 LIMIT 5");
343 $sth->execute([$_SESSION['uid'], "%$search%"]);
344
345 print "<ul>";
346 while ($line = $sth->fetch()) {
347 print "<li>" . $line["caption"] . "</li>";
348 }
349 print "</ul>";
350 }
351
352 function updateFeedBrowser() {
353 if (defined('_DISABLE_FEED_BROWSER') && _DISABLE_FEED_BROWSER) return;
354
355 $search = clean($_REQUEST["search"]);
356 $limit = clean($_REQUEST["limit"]);
357 $mode = (int) clean($_REQUEST["mode"]);
358
359 require_once "feedbrowser.php";
360
361 print json_encode(array("content" =>
362 make_feed_browser($search, $limit, $mode),
363 "mode" => $mode));
364 }
365
366 // Silent
367 function massSubscribe() {
368
369 $payload = json_decode(clean($_REQUEST["payload"]), false);
370 $mode = clean($_REQUEST["mode"]);
371
372 if (!$payload || !is_array($payload)) return;
373
374 if ($mode == 1) {
375 foreach ($payload as $feed) {
376
377 $title = $feed[0];
378 $feed_url = $feed[1];
379
380 $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE
381 feed_url = ? AND owner_uid = ?");
382 $sth->execute([$feed_url, $_SESSION['uid']]);
383
384 if (!$sth->fetch()) {
385 $sth = $this->pdo->prepare("INSERT INTO ttrss_feeds
386 (owner_uid,feed_url,title,cat_id,site_url)
387 VALUES (?, ?, ?, NULL, '')");
388
389 $sth->execute([$_SESSION['uid'], $feed_url, $title]);
390 }
391 }
392 } else if ($mode == 2) {
393 // feed archive
394 foreach ($payload as $id) {
395 $sth = $this->pdo->prepare("SELECT * FROM ttrss_archived_feeds
396 WHERE id = ? AND owner_uid = ?");
397 $sth->execute([$id, $_SESSION['uid']]);
398
399 if ($row = $sth->fetch()) {
400 $site_url = $row['site_url'];
401 $feed_url = $row['feed_url'];
402 $title = $row['title'];
403
404 $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE
405 feed_url = ? AND owner_uid = ?");
406 $sth->execute([$feed_url, $_SESSION['uid']]);
407
408 if (!$sth->fetch()) {
409 $sth = $this->pdo->prepare("INSERT INTO ttrss_feeds
410 (owner_uid,feed_url,title,cat_id,site_url)
411 VALUES (?, ?, ?, NULL, ?)");
412
413 $sth->execute([$_SESSION['uid'], $feed_url, $title, $site_url]);
414 }
415 }
416 }
417 }
418 }
419
420 function catchupFeed() {
421 $feed_id = clean($_REQUEST['feed_id']);
422 $is_cat = clean($_REQUEST['is_cat']) == "true";
423 $mode = clean($_REQUEST['mode']);
424 $search_query = clean($_REQUEST['search_query']);
425 $search_lang = clean($_REQUEST['search_lang']);
426
427 Feeds::catchup_feed($feed_id, $is_cat, false, $mode, [$search_query, $search_lang]);
428
429 print json_encode(array("message" => "UPDATE_COUNTERS"));
430 }
431
432 function setpanelmode() {
433 $wide = (int) clean($_REQUEST["wide"]);
434
435 setcookie("ttrss_widescreen", $wide,
436 time() + COOKIE_LIFETIME_LONG);
437
438 print json_encode(array("wide" => $wide));
439 }
440
441 static function updaterandomfeed_real() {
442
443 // Test if the feed need a update (update interval exceded).
444 if (DB_TYPE == "pgsql") {
445 $update_limit_qpart = "AND ((
446 ttrss_feeds.update_interval = 0
447 AND ttrss_feeds.last_updated < NOW() - CAST((ttrss_user_prefs.value || ' minutes') AS INTERVAL)
448 ) OR (
449 ttrss_feeds.update_interval > 0
450 AND ttrss_feeds.last_updated < NOW() - CAST((ttrss_feeds.update_interval || ' minutes') AS INTERVAL)
451 ) OR ttrss_feeds.last_updated IS NULL
452 OR last_updated = '1970-01-01 00:00:00')";
453 } else {
454 $update_limit_qpart = "AND ((
455 ttrss_feeds.update_interval = 0
456 AND ttrss_feeds.last_updated < DATE_SUB(NOW(), INTERVAL CONVERT(ttrss_user_prefs.value, SIGNED INTEGER) MINUTE)
457 ) OR (
458 ttrss_feeds.update_interval > 0
459 AND ttrss_feeds.last_updated < DATE_SUB(NOW(), INTERVAL ttrss_feeds.update_interval MINUTE)
460 ) OR ttrss_feeds.last_updated IS NULL
461 OR last_updated = '1970-01-01 00:00:00')";
462 }
463
464 // Test if feed is currently being updated by another process.
465 if (DB_TYPE == "pgsql") {
466 $updstart_thresh_qpart = "AND (ttrss_feeds.last_update_started IS NULL OR ttrss_feeds.last_update_started < NOW() - INTERVAL '5 minutes')";
467 } else {
468 $updstart_thresh_qpart = "AND (ttrss_feeds.last_update_started IS NULL OR ttrss_feeds.last_update_started < DATE_SUB(NOW(), INTERVAL 5 MINUTE))";
469 }
470
471 $random_qpart = sql_random_function();
472
473 $pdo = Db::pdo();
474
475 // we could be invoked from public.php with no active session
476 if ($_SESSION["uid"]) {
477 $owner_check_qpart = "AND ttrss_feeds.owner_uid = ".$pdo->quote($_SESSION["uid"]);
478 } else {
479 $owner_check_qpart = "";
480 }
481
482 // We search for feed needing update.
483 $res = $pdo->query("SELECT ttrss_feeds.feed_url,ttrss_feeds.id
484 FROM
485 ttrss_feeds, ttrss_users, ttrss_user_prefs
486 WHERE
487 ttrss_feeds.owner_uid = ttrss_users.id
488 AND ttrss_users.id = ttrss_user_prefs.owner_uid
489 AND ttrss_user_prefs.pref_name = 'DEFAULT_UPDATE_INTERVAL'
490 $owner_check_qpart
491 $update_limit_qpart
492 $updstart_thresh_qpart
493 ORDER BY $random_qpart LIMIT 30");
494
495 $num_updated = 0;
496
497 $tstart = time();
498
499 while ($line = $res->fetch()) {
500 $feed_id = $line["id"];
501
502 if (time() - $tstart < ini_get("max_execution_time") * 0.7) {
503 RSSUtils::update_rss_feed($feed_id, true);
504 ++$num_updated;
505 } else {
506 break;
507 }
508 }
509
510 // Purge orphans and cleanup tags
511 Article::purge_orphans();
512 //cleanup_tags(14, 50000);
513
514 if ($num_updated > 0) {
515 print json_encode(array("message" => "UPDATE_COUNTERS",
516 "num_updated" => $num_updated));
517 } else {
518 print json_encode(array("message" => "NOTHING_TO_UPDATE"));
519 }
520
521 }
522
523 function updaterandomfeed() {
524 RPC::updaterandomfeed_real();
525 }
526
527 private function markArticlesById($ids, $cmode) {
528
529 $ids_qmarks = arr_qmarks($ids);
530
531 if ($cmode == 0) {
532 $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET
533 marked = false, last_marked = NOW()
534 WHERE ref_id IN ($ids_qmarks) AND owner_uid = ?");
535 } else if ($cmode == 1) {
536 $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET
537 marked = true, last_marked = NOW()
538 WHERE ref_id IN ($ids_qmarks) AND owner_uid = ?");
539 } else {
540 $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET
541 marked = NOT marked,last_marked = NOW()
542 WHERE ref_id IN ($ids_qmarks) AND owner_uid = ?");
543 }
544
545 $sth->execute(array_merge($ids, [$_SESSION['uid']]));
546 }
547
548 private function publishArticlesById($ids, $cmode) {
549
550 $ids_qmarks = arr_qmarks($ids);
551
552 if ($cmode == 0) {
553 $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET
554 published = false, last_published = NOW()
555 WHERE ref_id IN ($ids_qmarks) AND owner_uid = ?");
556 } else if ($cmode == 1) {
557 $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET
558 published = true, last_published = NOW()
559 WHERE ref_id IN ($ids_qmarks) AND owner_uid = ?");
560 } else {
561 $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET
562 published = NOT published,last_published = NOW()
563 WHERE ref_id IN ($ids_qmarks) AND owner_uid = ?");
564 }
565
566 $sth->execute(array_merge($ids, [$_SESSION['uid']]));
567 }
568
569 function getlinktitlebyid() {
570 $id = clean($_REQUEST['id']);
571
572 $sth = $this->pdo->prepare("SELECT link, title FROM ttrss_entries, ttrss_user_entries
573 WHERE ref_id = ? AND ref_id = id AND owner_uid = ?");
574 $sth->execute([$id, $_SESSION['uid']]);
575
576 if ($row = $sth->fetch()) {
577 $link = $row['link'];
578 $title = $row['title'];
579
580 echo json_encode(array("link" => $link, "title" => $title));
581 } else {
582 echo json_encode(array("error" => "ARTICLE_NOT_FOUND"));
583 }
584 }
585
586 function log() {
587 $msg = clean($_REQUEST['msg']);
588 $file = basename(clean($_REQUEST['file']));
589 $line = (int) clean($_REQUEST['line']);
590 $context = clean($_REQUEST['context']);
591
592 if ($msg) {
593 Logger::get()->log_error(E_USER_WARNING,
594 $msg, 'client-js:' . $file, $line, $context);
595
596 echo json_encode(array("message" => "HOST_ERROR_LOGGED"));
597 } else {
598 echo json_encode(array("error" => "MESSAGE_NOT_FOUND"));
599 }
600
601 }
602 }
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/