2 class RPC extends Handler_Protected {
4 function csrf_ignore($method) {
5 $csrf_ignored = array("sanitycheck", "completelabels", "saveprofile");
7 return array_search($method, $csrf_ignored) !== false;
10 function setprofile() {
11 $_SESSION["profile"] = clean($_REQUEST["id"]);
14 if (!$_SESSION["profile"]) $_SESSION["profile"] = null;
17 function remprofiles() {
18 $ids = explode(",", trim(clean($_REQUEST["ids"])));
20 foreach ($ids as $id) {
21 if ($_SESSION["profile"] != $id) {
22 $sth = $this->pdo->prepare("DELETE FROM ttrss_settings_profiles WHERE id = ? AND
24 $sth->execute([$id, $_SESSION['uid']]);
30 function addprofile() {
31 $title = trim(clean($_REQUEST["title"]));
34 $this->pdo->beginTransaction();
36 $sth = $this->pdo->prepare("SELECT id FROM ttrss_settings_profiles
37 WHERE title = ? AND owner_uid = ?");
38 $sth->execute([$title, $_SESSION['uid']]);
42 $sth = $this->pdo->prepare("INSERT INTO ttrss_settings_profiles (title, owner_uid)
45 $sth->execute([$title, $_SESSION['uid']]);
47 $sth = $this->pdo->prepare("SELECT id FROM ttrss_settings_profiles WHERE
48 title = ? AND owner_uid = ?");
49 $sth->execute([$title, $_SESSION['uid']]);
51 if ($row = $sth->fetch()) {
52 $profile_id = $row['id'];
55 initialize_user_prefs($_SESSION["uid"], $profile_id);
64 function saveprofile() {
65 $id = clean($_REQUEST["id"]);
66 $title = trim(clean($_REQUEST["value"]));
69 print __("Default profile");
74 $sth = $this->pdo->prepare("UPDATE ttrss_settings_profiles
75 SET title = ? WHERE id = ? AND
78 $sth->execute([$title, $id, $_SESSION['uid']]);
84 function remarchive() {
85 $ids = explode(",", clean($_REQUEST["ids"]));
87 $sth = $this->pdo->prepare("DELETE FROM ttrss_archived_feeds WHERE
88 (SELECT COUNT(*) FROM ttrss_user_entries
89 WHERE orig_feed_id = :id) = 0 AND
90 id = :id AND owner_uid = :uid");
92 foreach ($ids as $id) {
93 $sth->execute([":id" => $id, ":uid" => $_SESSION['uid']]);
98 $feed = clean($_REQUEST['feed']);
99 $cat = clean($_REQUEST['cat']);
100 $need_auth = isset($_REQUEST['need_auth']);
101 $login = $need_auth ? clean($_REQUEST['login']) : '';
102 $pass = $need_auth ? trim(clean($_REQUEST['pass'])) : '';
104 $rc = Feeds::subscribe_to_feed($feed, $cat, $login, $pass);
106 print json_encode(array("result" => $rc));
109 function togglepref() {
110 $key = clean($_REQUEST["key"]);
111 set_pref($key, !get_pref($key));
112 $value = get_pref($key);
114 print json_encode(array("param" =>$key, "value" => $value));
118 // set_pref escapes input, so no need to double escape it here
119 $key = clean($_REQUEST['key']);
120 $value = $_REQUEST['value'];
122 set_pref($key, $value, false, $key != 'USER_STYLESHEET');
124 print json_encode(array("param" =>$key, "value" => $value));
128 $mark = clean($_REQUEST["mark"]);
129 $id = clean($_REQUEST["id"]);
131 $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET marked = ?,
133 WHERE ref_id = ? AND owner_uid = ?");
135 $sth->execute([$mark, $id, $_SESSION['uid']]);
137 print json_encode(array("message" => "UPDATE_COUNTERS"));
141 $ids = explode(",", clean($_REQUEST["ids"]));
142 $ids_qmarks = arr_qmarks($ids);
144 $sth = $this->pdo->prepare("DELETE FROM ttrss_user_entries
145 WHERE ref_id IN ($ids_qmarks) AND owner_uid = ?");
146 $sth->execute(array_merge($ids, [$_SESSION['uid']]));
148 Article::purge_orphans();
150 print json_encode(array("message" => "UPDATE_COUNTERS"));
153 function unarchive() {
154 $ids = explode(",", clean($_REQUEST["ids"]));
156 foreach ($ids as $id) {
157 $this->pdo->beginTransaction();
159 $sth = $this->pdo->prepare("SELECT feed_url,site_url,title FROM ttrss_archived_feeds
160 WHERE id = (SELECT orig_feed_id FROM ttrss_user_entries WHERE ref_id = :id
161 AND owner_uid = :uid) AND owner_uid = :uid");
162 $sth->execute([":uid" => $_SESSION['uid'], ":id" => $id]);
164 if ($row = $sth->fetch()) {
165 $feed_url = $row['feed_url'];
166 $site_url = $row['site_url'];
167 $title = $row['title'];
169 $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE feed_url = ?
171 $sth->execute([$feed_url, $_SESSION['uid']]);
173 if ($row = $sth->fetch()) {
174 $feed_id = $row["id"];
176 if (!$title) $title = '[Unknown]';
178 $sth = $this->pdo->prepare("INSERT INTO ttrss_feeds
179 (owner_uid,feed_url,site_url,title,cat_id,auth_login,auth_pass,update_method)
180 VALUES (?, ?, ?, ?, NULL, '', '', 0)");
181 $sth->execute([$_SESSION['uid'], $feed_url, $site_url, $title]);
183 $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE feed_url = ?
185 $sth->execute([$feed_url, $_SESSION['uid']]);
187 if ($row = $sth->fetch()) {
188 $feed_id = $row['id'];
193 $sth = $this->pdo->prepare("UPDATE ttrss_user_entries
194 SET feed_id = ?, orig_feed_id = NULL
195 WHERE ref_id = ? AND owner_uid = ?");
196 $sth->execute([$feed_id, $id, $_SESSION['uid']]);
200 $this->pdo->commit();
203 print json_encode(array("message" => "UPDATE_COUNTERS"));
207 $ids = explode(",", clean($_REQUEST["ids"]));
209 foreach ($ids as $id) {
210 $this->archive_article($id, $_SESSION["uid"]);
213 print json_encode(array("message" => "UPDATE_COUNTERS"));
216 private function archive_article($id, $owner_uid) {
217 $this->pdo->beginTransaction();
219 if (!$owner_uid) $owner_uid = $_SESSION['uid'];
221 $sth = $this->pdo->prepare("SELECT feed_id FROM ttrss_user_entries
222 WHERE ref_id = ? AND owner_uid = ?");
223 $sth->execute([$id, $owner_uid]);
225 if ($row = $sth->fetch()) {
227 /* prepare the archived table */
229 $feed_id = (int) $row['feed_id'];
232 $sth = $this->pdo->prepare("SELECT id FROM ttrss_archived_feeds
233 WHERE id = ? AND owner_uid = ?");
234 $sth->execute([$feed_id, $owner_uid]);
236 if ($row = $sth->fetch()) {
237 $new_feed_id = $row['id'];
239 $row = $this->pdo->query("SELECT MAX(id) AS id FROM ttrss_archived_feeds")->fetch();
240 $new_feed_id = (int)$row['id'] + 1;
242 $sth = $this->pdo->prepare("INSERT INTO ttrss_archived_feeds
243 (id, owner_uid, title, feed_url, site_url)
244 SELECT ?, owner_uid, title, feed_url, site_url from ttrss_feeds
247 $sth->execute([$new_feed_id, $feed_id]);
250 $sth = $this->pdo->prepare("UPDATE ttrss_user_entries
251 SET orig_feed_id = ?, feed_id = NULL
252 WHERE ref_id = ? AND owner_uid = ?");
253 $sth->execute([$new_feed_id, $id, $owner_uid]);
257 $this->pdo->commit();
261 $pub = clean($_REQUEST["pub"]);
262 $id = clean($_REQUEST["id"]);
264 $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET
265 published = ?, last_published = NOW()
266 WHERE ref_id = ? AND owner_uid = ?");
268 $sth->execute([$pub, $id, $_SESSION['uid']]);
270 print json_encode(array("message" => "UPDATE_COUNTERS"));
273 function getAllCounters() {
274 $last_article_id = (int) clean($_REQUEST["last_article_id"]);
278 if (!empty($_REQUEST['seq'])) $reply['seq'] = (int) $_REQUEST['seq'];
280 if ($last_article_id != Article::getLastArticleId()) {
281 $reply['counters'] = Counters::getAllCounters();
284 $reply['runtime-info'] = make_runtime_info();
286 print json_encode($reply);
289 /* GET["cmode"] = 0 - mark as read, 1 - as unread, 2 - toggle */
290 function catchupSelected() {
291 $ids = explode(",", clean($_REQUEST["ids"]));
292 $cmode = sprintf("%d", clean($_REQUEST["cmode"]));
294 Article::catchupArticlesById($ids, $cmode);
296 print json_encode(array("message" => "UPDATE_COUNTERS", "ids" => $ids));
299 function markSelected() {
300 $ids = explode(",", clean($_REQUEST["ids"]));
301 $cmode = (int)clean($_REQUEST["cmode"]);
303 $this->markArticlesById($ids, $cmode);
305 print json_encode(array("message" => "UPDATE_COUNTERS"));
308 function publishSelected() {
309 $ids = explode(",", clean($_REQUEST["ids"]));
310 $cmode = (int)clean($_REQUEST["cmode"]);
312 $this->publishArticlesById($ids, $cmode);
314 print json_encode(array("message" => "UPDATE_COUNTERS"));
317 function sanityCheck() {
318 $_SESSION["hasAudio"] = clean($_REQUEST["hasAudio"]) === "true";
319 $_SESSION["hasSandbox"] = clean($_REQUEST["hasSandbox"]) === "true";
320 $_SESSION["hasMp3"] = clean($_REQUEST["hasMp3"]) === "true";
321 $_SESSION["clientTzOffset"] = clean($_REQUEST["clientTzOffset"]);
325 $reply['error'] = sanity_check();
327 if ($reply['error']['code'] == 0) {
328 $reply['init-params'] = make_init_params();
329 $reply['runtime-info'] = make_runtime_info(true);
332 print json_encode($reply);
335 function completeLabels() {
336 $search = clean($_REQUEST["search"]);
338 $sth = $this->pdo->prepare("SELECT DISTINCT caption FROM
340 WHERE owner_uid = ? AND
341 LOWER(caption) LIKE LOWER(?) ORDER BY caption
343 $sth->execute([$_SESSION['uid'], "%$search%"]);
346 while ($line = $sth->fetch()) {
347 print "<li>" . $line["caption"] . "</li>";
352 function updateFeedBrowser() {
353 if (defined('_DISABLE_FEED_BROWSER') && _DISABLE_FEED_BROWSER) return;
355 $search = clean($_REQUEST["search"]);
356 $limit = clean($_REQUEST["limit"]);
357 $mode = (int) clean($_REQUEST["mode"]);
359 require_once "feedbrowser.php";
361 print json_encode(array("content" =>
362 make_feed_browser($search, $limit, $mode),
367 function massSubscribe() {
369 $payload = json_decode(clean($_REQUEST["payload"]), false);
370 $mode = clean($_REQUEST["mode"]);
372 if (!$payload || !is_array($payload)) return;
375 foreach ($payload as $feed) {
378 $feed_url = $feed[1];
380 $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE
381 feed_url = ? AND owner_uid = ?");
382 $sth->execute([$feed_url, $_SESSION['uid']]);
384 if (!$sth->fetch()) {
385 $sth = $this->pdo->prepare("INSERT INTO ttrss_feeds
386 (owner_uid,feed_url,title,cat_id,site_url)
387 VALUES (?, ?, ?, NULL, '')");
389 $sth->execute([$_SESSION['uid'], $feed_url, $title]);
392 } else if ($mode == 2) {
394 foreach ($payload as $id) {
395 $sth = $this->pdo->prepare("SELECT * FROM ttrss_archived_feeds
396 WHERE id = ? AND owner_uid = ?");
397 $sth->execute([$id, $_SESSION['uid']]);
399 if ($row = $sth->fetch()) {
400 $site_url = $row['site_url'];
401 $feed_url = $row['feed_url'];
402 $title = $row['title'];
404 $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE
405 feed_url = ? AND owner_uid = ?");
406 $sth->execute([$feed_url, $_SESSION['uid']]);
408 if (!$sth->fetch()) {
409 $sth = $this->pdo->prepare("INSERT INTO ttrss_feeds
410 (owner_uid,feed_url,title,cat_id,site_url)
411 VALUES (?, ?, ?, NULL, ?)");
413 $sth->execute([$_SESSION['uid'], $feed_url, $title, $site_url]);
420 function catchupFeed() {
421 $feed_id = clean($_REQUEST['feed_id']);
422 $is_cat = clean($_REQUEST['is_cat']) == "true";
423 $mode = clean($_REQUEST['mode']);
424 $search_query = clean($_REQUEST['search_query']);
425 $search_lang = clean($_REQUEST['search_lang']);
427 Feeds::catchup_feed($feed_id, $is_cat, false, $mode, [$search_query, $search_lang]);
429 print json_encode(array("message" => "UPDATE_COUNTERS"));
432 function setpanelmode() {
433 $wide = (int) clean($_REQUEST["wide"]);
435 setcookie("ttrss_widescreen", $wide,
436 time() + COOKIE_LIFETIME_LONG);
438 print json_encode(array("wide" => $wide));
441 static function updaterandomfeed_real() {
443 // Test if the feed need a update (update interval exceded).
444 if (DB_TYPE == "pgsql") {
445 $update_limit_qpart = "AND ((
446 ttrss_feeds.update_interval = 0
447 AND ttrss_feeds.last_updated < NOW() - CAST((ttrss_user_prefs.value || ' minutes') AS INTERVAL)
449 ttrss_feeds.update_interval > 0
450 AND ttrss_feeds.last_updated < NOW() - CAST((ttrss_feeds.update_interval || ' minutes') AS INTERVAL)
451 ) OR ttrss_feeds.last_updated IS NULL
452 OR last_updated = '1970-01-01 00:00:00')";
454 $update_limit_qpart = "AND ((
455 ttrss_feeds.update_interval = 0
456 AND ttrss_feeds.last_updated < DATE_SUB(NOW(), INTERVAL CONVERT(ttrss_user_prefs.value, SIGNED INTEGER) MINUTE)
458 ttrss_feeds.update_interval > 0
459 AND ttrss_feeds.last_updated < DATE_SUB(NOW(), INTERVAL ttrss_feeds.update_interval MINUTE)
460 ) OR ttrss_feeds.last_updated IS NULL
461 OR last_updated = '1970-01-01 00:00:00')";
464 // Test if feed is currently being updated by another process.
465 if (DB_TYPE == "pgsql") {
466 $updstart_thresh_qpart = "AND (ttrss_feeds.last_update_started IS NULL OR ttrss_feeds.last_update_started < NOW() - INTERVAL '5 minutes')";
468 $updstart_thresh_qpart = "AND (ttrss_feeds.last_update_started IS NULL OR ttrss_feeds.last_update_started < DATE_SUB(NOW(), INTERVAL 5 MINUTE))";
471 $random_qpart = sql_random_function();
475 // we could be invoked from public.php with no active session
476 if ($_SESSION["uid"]) {
477 $owner_check_qpart = "AND ttrss_feeds.owner_uid = ".$pdo->quote($_SESSION["uid"]);
479 $owner_check_qpart = "";
482 // We search for feed needing update.
483 $res = $pdo->query("SELECT ttrss_feeds.feed_url,ttrss_feeds.id
485 ttrss_feeds, ttrss_users, ttrss_user_prefs
487 ttrss_feeds.owner_uid = ttrss_users.id
488 AND ttrss_users.id = ttrss_user_prefs.owner_uid
489 AND ttrss_user_prefs.pref_name = 'DEFAULT_UPDATE_INTERVAL'
492 $updstart_thresh_qpart
493 ORDER BY $random_qpart LIMIT 30");
499 while ($line = $res->fetch()) {
500 $feed_id = $line["id"];
502 if (time() - $tstart < ini_get("max_execution_time") * 0.7) {
503 RSSUtils::update_rss_feed($feed_id, true);
510 // Purge orphans and cleanup tags
511 Article::purge_orphans();
512 //cleanup_tags(14, 50000);
514 if ($num_updated > 0) {
515 print json_encode(array("message" => "UPDATE_COUNTERS",
516 "num_updated" => $num_updated));
518 print json_encode(array("message" => "NOTHING_TO_UPDATE"));
523 function updaterandomfeed() {
524 RPC::updaterandomfeed_real();
527 private function markArticlesById($ids, $cmode) {
529 $ids_qmarks = arr_qmarks($ids);
532 $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET
533 marked = false, last_marked = NOW()
534 WHERE ref_id IN ($ids_qmarks) AND owner_uid = ?");
535 } else if ($cmode == 1) {
536 $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET
537 marked = true, last_marked = NOW()
538 WHERE ref_id IN ($ids_qmarks) AND owner_uid = ?");
540 $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET
541 marked = NOT marked,last_marked = NOW()
542 WHERE ref_id IN ($ids_qmarks) AND owner_uid = ?");
545 $sth->execute(array_merge($ids, [$_SESSION['uid']]));
548 private function publishArticlesById($ids, $cmode) {
550 $ids_qmarks = arr_qmarks($ids);
553 $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET
554 published = false, last_published = NOW()
555 WHERE ref_id IN ($ids_qmarks) AND owner_uid = ?");
556 } else if ($cmode == 1) {
557 $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET
558 published = true, last_published = NOW()
559 WHERE ref_id IN ($ids_qmarks) AND owner_uid = ?");
561 $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET
562 published = NOT published,last_published = NOW()
563 WHERE ref_id IN ($ids_qmarks) AND owner_uid = ?");
566 $sth->execute(array_merge($ids, [$_SESSION['uid']]));
569 function getlinktitlebyid() {
570 $id = clean($_REQUEST['id']);
572 $sth = $this->pdo->prepare("SELECT link, title FROM ttrss_entries, ttrss_user_entries
573 WHERE ref_id = ? AND ref_id = id AND owner_uid = ?");
574 $sth->execute([$id, $_SESSION['uid']]);
576 if ($row = $sth->fetch()) {
577 $link = $row['link'];
578 $title = $row['title'];
580 echo json_encode(array("link" => $link, "title" => $title));
582 echo json_encode(array("error" => "ARTICLE_NOT_FOUND"));
587 $msg = clean($_REQUEST['msg']);
588 $file = basename(clean($_REQUEST['file']));
589 $line = (int) clean($_REQUEST['line']);
590 $context = clean($_REQUEST['context']);
593 Logger::get()->log_error(E_USER_WARNING,
594 $msg, 'client-js:' . $file, $line, $context);
596 echo json_encode(array("message" => "HOST_ERROR_LOGGED"));
598 echo json_encode(array("error" => "MESSAGE_NOT_FOUND"));
projects / tt-rss.git / blob