modules/backend-rpc.php

   1 <?php
   2         function handle_rpc_request($link) {
   3
   4                 $subop = $_REQUEST["subop"];
   5
   6                 if ($subop == "setprofile") {
   7                         $id = db_escape_string($_REQUEST["id"]);
   8
   9                         $_SESSION["profile"] = $id;
  10                         $_SESSION["prefs_cache"] = array();
  11                         return;
  12                 }
  13
  14                 if ($subop == "remprofiles") {
  15                         $ids = split(",", db_escape_string(trim($_REQUEST["ids"])));
  16
  17                         foreach ($ids as $id) {
  18                                 if ($_SESSION["profile"] != $id) {
  19                                         db_query($link, "DELETE FROM ttrss_settings_profiles WHERE id = '$id' AND
  20                                                 owner_uid = " . $_SESSION["uid"]);
  21                                 }
  22                         }
  23                         return;
  24                 }
  25
  26                 if ($subop == "addprofile") {
  27                         $title = db_escape_string(trim($_REQUEST["title"]));
  28                         if ($title) {
  29                                 db_query($link, "BEGIN");
  30
  31                                 $result = db_query($link, "SELECT id FROM ttrss_settings_profiles
  32                                         WHERE title = '$title' AND owner_uid = " . $_SESSION["uid"]);
  33
  34                                 if (db_num_rows($result) == 0) {
  35
  36                                         db_query($link, "INSERT INTO ttrss_settings_profiles (title, owner_uid)
  37                                                 VALUES ('$title', ".$_SESSION["uid"] .")");
  38
  39                                         $result = db_query($link, "SELECT id FROM ttrss_settings_profiles WHERE
  40                                                 title = '$title'");
  41
  42                                         if (db_num_rows($result) != 0) {
  43                                                 $profile_id = db_fetch_result($result, 0, "id");
  44
  45                                                 if ($profile_id) {
  46                                                         initialize_user_prefs($link, $_SESSION["uid"], $profile_id);
  47                                                 }
  48                                         }
  49                                 }
  50
  51                                 db_query($link, "COMMIT");
  52                         }
  53                         return;
  54                 }
  55
  56                 if ($subop == "saveprofile") {
  57                         $id = db_escape_string($_REQUEST["id"]);
  58                         $title = db_escape_string(trim($_REQUEST["value"]));
  59
  60                         if ($id == 0) {
  61                                 print __("Default profile");
  62                                 return;
  63                         }
  64
  65                         if ($title) {
  66                                 db_query($link, "BEGIN");
  67
  68                                 $result = db_query($link, "SELECT id FROM ttrss_settings_profiles
  69                                         WHERE title = '$title' AND owner_uid =" . $_SESSION["uid"]);
  70
  71                                 if (db_num_rows($result) == 0) {
  72                                         db_query($link, "UPDATE ttrss_settings_profiles
  73                                                 SET title = '$title' WHERE id = '$id' AND
  74                                                 owner_uid = " . $_SESSION["uid"]);
  75                                         print $title;
  76                                 } else {
  77                                         $result = db_query($link, "SELECT title FROM ttrss_settings_profiles
  78                                                 WHERE id = '$id' AND owner_uid =" . $_SESSION["uid"]);
  79                                         print db_fetch_result($result, 0, "title");
  80                                 }
  81
  82                                 db_query($link, "COMMIT");
  83                         }
  84                         return;
  85                 }
  86
  87                 if ($subop == "remarchive") {
  88                         $ids = split(",", db_escape_string($_REQUEST["ids"]));
  89
  90                         print "<rpc-reply>";
  91
  92                         foreach ($ids as $id) {
  93                                 $result = db_query($link, "DELETE FROM ttrss_archived_feeds WHERE
  94                                         (SELECT COUNT(*) FROM ttrss_user_entries
  95                                                 WHERE orig_feed_id = '$id') = 0 AND
  96                                                 id = '$id' AND owner_uid = ".$_SESSION["uid"]);
  97
  98                                 $rc = db_affected_rows($link, $result);
  99
 100                                 print "<feed id='$id' rc='$rc'/>";
 101
 102                         }
 103
 104                         print "</rpc-reply>";
 105
 106                         return;
 107                 }
 108
 109                 if ($subop == "addfeed") {
 110
 111                         $feed = db_escape_string($_REQUEST['feed']);
 112                         $cat = db_escape_string($_REQUEST['cat']);
 113                         $login = db_escape_string($_REQUEST['login']);
 114                         $pass = db_escape_string($_REQUEST['pass']);
 115
 116                         $rc = subscribe_to_feed($link, $feed, $cat, $login, $pass);
 117
 118                         print "<rpc-reply>";
 119                         print "<result code='$rc'/>";
 120                         print "</rpc-reply>";
 121
 122                         return;
 123
 124                 }
 125
 126                 if ($subop == "togglepref") {
 127                         print "<rpc-reply>";
 128
 129                         $key = db_escape_string($_REQUEST["key"]);
 130
 131                         set_pref($link, $key, !get_pref($link, $key));
 132
 133                         $value = get_pref($link, $key);
 134
 135                         print "<param-set key=\"$key\" value=\"$value\"/>";
 136
 137                         print "</rpc-reply>";
 138
 139                         return;
 140                 }
 141
 142                 if ($subop == "setpref") {
 143                         print "<rpc-reply>";
 144
 145                         $key = db_escape_string($_REQUEST["key"]);
 146                         $value = db_escape_string($_REQUEST["value"]);
 147
 148                         set_pref($link, $key, $value);
 149
 150                         print "<param-set key=\"$key\" value=\"$value\"/>";
 151
 152                         print "</rpc-reply>";
 153
 154                         return;
 155                 }
 156
 157                 if ($subop == "getAllCounters") {
 158                         print "<rpc-reply>";
 159                         print "<counters><![CDATA[";
 160
 161                         print json_encode(getAllCounters($link, $_REQUEST['omode']));
 162
 163                         print "]]></counters>";
 164                         print_runtime_info($link);
 165                         print "</rpc-reply>";
 166
 167                         return;
 168                 }
 169
 170                 if ($subop == "mark") {
 171                         $mark = $_REQUEST["mark"];
 172                         $id = db_escape_string($_REQUEST["id"]);
 173
 174                         if ($mark == "1") {
 175                                 $mark = "true";
 176                         } else {
 177                                 $mark = "false";
 178                         }
 179
 180                         // FIXME this needs collision testing
 181
 182                         $result = db_query($link, "UPDATE ttrss_user_entries SET marked = $mark
 183                                 WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
 184
 185                         print "<rpc-reply><counters><![CDATA[";
 186                         print json_encode(getAllCounters($link));
 187                         print "]]></counters></rpc-reply>";
 188
 189                         return;
 190                 }
 191
 192                 if ($subop == "delete") {
 193                         $ids = db_escape_string($_REQUEST["ids"]);
 194
 195                         $result = db_query($link, "DELETE FROM ttrss_user_entries
 196                                 WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]);
 197
 198                         print "<rpc-reply><counters><![CDATA[";
 199                         print json_encode(getAllCounters($link));
 200                         print "]]></counters></rpc-reply>";
 201
 202                         return;
 203                 }
 204
 205                 if ($subop == "unarchive") {
 206                         $ids = db_escape_string($_REQUEST["ids"]);
 207
 208                         $result = db_query($link, "UPDATE ttrss_user_entries
 209                                 SET feed_id = orig_feed_id, orig_feed_id = NULL
 210                                 WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]);
 211
 212                         print "<rpc-reply><counters><![CDATA[";
 213                         print json_encode(getAllCounters($link));
 214                         print "]]></counters></rpc-reply>";
 215
 216                         return;
 217                 }
 218
 219                 if ($subop == "archive") {
 220                         $ids = split(",", db_escape_string($_REQUEST["ids"]));
 221
 222                         foreach ($ids as $id) {
 223                                 archive_article($link, $id, $_SESSION["uid"]);
 224                         }
 225
 226                         print "<rpc-reply><counters><![CDATA[";
 227                         print json_encode(getAllCounters($link));
 228                         print "]]></counters></rpc-reply>";
 229
 230                         return;
 231                 }
 232
 233
 234                 if ($subop == "publ") {
 235                         $pub = $_REQUEST["pub"];
 236                         $id = db_escape_string($_REQUEST["id"]);
 237                         $note = trim(strip_tags(db_escape_string($_REQUEST["note"])));
 238
 239                         if ($pub == "1") {
 240                                 $pub = "true";
 241                         } else {
 242                                 $pub = "false";
 243                         }
 244
 245                         if ($note != 'undefined') {
 246                                 $note_qpart = "note = '$note',";
 247                         }
 248
 249                         // FIXME this needs collision testing
 250
 251                         $result = db_query($link, "UPDATE ttrss_user_entries SET
 252                                 $note_qpart
 253                                 published = $pub
 254                                 WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
 255
 256
 257                         print "<rpc-reply>";
 258
 259                         print "<counters><![CDATA[";
 260                         print json_encode(getAllCounters($link));
 261                         print "]]></counters>";
 262
 263                         if ($note != 'undefined') {
 264                                 $note_size = strlen($note);
 265                                 print "<note id=\"$id\" size=\"$note_size\">";
 266                                 print "<![CDATA[" . format_article_note($id, $note) . "]]>";
 267                                 print "</note>";
 268                         }
 269
 270                         print "</rpc-reply>";
 271
 272                         return;
 273                 }
 274
 275                 if ($subop == "updateFeed") {
 276                         $feed_id = db_escape_string($_REQUEST["feed"]);
 277
 278                         update_rss_feed($link, $feed_id);
 279
 280                         print "<rpc-reply>";
 281                         print "<counters><![CDATA[";
 282                         print json_encode(getFeedCounters($link, $feed_id));
 283                         print "]]></counters>";
 284                         print "</rpc-reply>";
 285
 286                         return;
 287                 }
 288
 289                 if ($subop == "forceUpdateAllFeeds" || $subop == "updateAllFeeds") {
 290
 291                         $global_unread_caller = sprintf("%d", $_REQUEST["uctr"]);
 292                         $global_unread = getGlobalUnread($link);
 293
 294                         print "<rpc-reply>";
 295
 296                         if ($global_unread_caller != $global_unread) {
 297                                 print "<counters><![CDATA[";
 298                                 $omode = $_REQUEST["omode"];
 299                                 print json_encode(getAllCounters($link, $omode));
 300                                 print "]]></counters>";
 301                         }
 302
 303                         print_runtime_info($link);
 304
 305                         print "</rpc-reply>";
 306
 307                         return;
 308                 }
 309
 310                 /* GET["cmode"] = 0 - mark as read, 1 - as unread, 2 - toggle */
 311                 if ($subop == "catchupSelected") {
 312
 313                         $ids = split(",", db_escape_string($_REQUEST["ids"]));
 314                         $cmode = sprintf("%d", $_REQUEST["cmode"]);
 315
 316                         catchupArticlesById($link, $ids, $cmode);
 317
 318                         print "<rpc-reply>";
 319                         print "<counters><![CDATA[";
 320                         print json_encode(getAllCounters($link, $_REQUEST['omode']));
 321                         print "]]></counters>";
 322
 323                         print_runtime_info($link);
 324                         print "</rpc-reply>";
 325
 326                         return;
 327                 }
 328
 329                 if ($subop == "markSelected") {
 330
 331                         $ids = split(",", db_escape_string($_REQUEST["ids"]));
 332                         $cmode = sprintf("%d", $_REQUEST["cmode"]);
 333
 334                         markArticlesById($link, $ids, $cmode);
 335
 336                         print "<rpc-reply>";
 337                         print "<counters><![CDATA[";
 338                         print json_encode(getAllCounters($link, $_REQUEST['omode']));
 339                         print "]]></counters>";
 340                         print_runtime_info($link);
 341                         print "</rpc-reply>";
 342
 343                         return;
 344                 }
 345
 346                 if ($subop == "publishSelected") {
 347
 348                         $ids = split(",", db_escape_string($_REQUEST["ids"]));
 349                         $cmode = sprintf("%d", $_REQUEST["cmode"]);
 350
 351                         publishArticlesById($link, $ids, $cmode);
 352
 353                         print "<rpc-reply>";
 354                         print "<counters><![CDATA[";
 355                         print json_encode(getAllCounters($link, $_REQUEST['omode']));
 356                         print "]]></counters>";
 357                         print_runtime_info($link);
 358                         print "</rpc-reply>";
 359
 360                         return;
 361                 }
 362
 363                 if ($subop == "sanityCheck") {
 364                         print "<rpc-reply>";
 365                         if (sanity_check($link)) {
 366                                 print "<error error-code=\"0\"/>";
 367
 368                                 print "<init-params><![CDATA[";
 369                                 print json_encode(make_init_params($link));
 370                                 print "]]></init-params>";
 371
 372                                 print_runtime_info($link);
 373
 374                                 # assign client-passed params to session
 375                                 $_SESSION["client.userAgent"] = $_REQUEST["ua"];
 376
 377                         }
 378                         print "</rpc-reply>";
 379
 380                         return;
 381                 }
 382
 383                 if ($subop == "globalPurge") {
 384
 385                         print "<rpc-reply>";
 386                         global_purge_old_posts($link, true);
 387                         print "</rpc-reply>";
 388
 389                         return;
 390                 }
 391
 392                 if ($subop == "getArticleLink") {
 393
 394                         $id = db_escape_string($_REQUEST["id"]);
 395
 396                         $result = db_query($link, "SELECT link FROM ttrss_entries, ttrss_user_entries
 397                                 WHERE id = '$id' AND id = ref_id AND owner_uid = '".$_SESSION['uid']."'");
 398
 399                         if (db_num_rows($result) == 1) {
 400                                 $link = htmlspecialchars(strip_tags(db_fetch_result($result, 0, "link")));
 401                                 print "<rpc-reply><link>$link</link><id>$id</id></rpc-reply>";
 402                         } else {
 403                                 print "<rpc-reply><error>Article not found</error></rpc-reply>";
 404                         }
 405
 406                         return;
 407                 }
 408
 409                 if ($subop == "setArticleTags") {
 410
 411                         global $memcache;
 412
 413                         $id = db_escape_string($_REQUEST["id"]);
 414
 415                         $tags_str = db_escape_string($_REQUEST["tags_str"]);
 416
 417                         $tags = array_unique(trim_array(split(",", $tags_str)));
 418
 419                         db_query($link, "BEGIN");
 420
 421                         $result = db_query($link, "SELECT int_id FROM ttrss_user_entries WHERE
 422                                 ref_id = '$id' AND owner_uid = '".$_SESSION["uid"]."' LIMIT 1");
 423
 424                         if (db_num_rows($result) == 1) {
 425
 426                                 $int_id = db_fetch_result($result, 0, "int_id");
 427
 428                                 db_query($link, "DELETE FROM ttrss_tags WHERE
 429                                         post_int_id = $int_id AND owner_uid = '".$_SESSION["uid"]."'");
 430
 431                                 foreach ($tags as $tag) {
 432                                         $tag = sanitize_tag($tag);
 433
 434                                         if (!tag_is_valid($tag)) {
 435                                                 continue;
 436                                         }
 437
 438                                         if (preg_match("/^[0-9]*$/", $tag)) {
 439                                                 continue;
 440                                         }
 441
 442 //                                      print "<!-- $id : $int_id : $tag -->";
 443
 444                                         if ($tag != '') {
 445                                                 db_query($link, "INSERT INTO ttrss_tags
 446                                                         (post_int_id, owner_uid, tag_name) VALUES ('$int_id', '".$_SESSION["uid"]."', '$tag')");
 447                                         }
 448                                 }
 449                         }
 450
 451                         db_query($link, "COMMIT");
 452
 453                         if ($memcache) {
 454                                 $obj_id = md5("TAGS:".$_SESSION["uid"].":$id");
 455                                 $memcache->delete($obj_id);
 456                         }
 457
 458                         $tags_str = format_tags_string(get_article_tags($link, $id), $id);
 459
 460                         print "<rpc-reply>
 461                                 <tags-str id=\"$id\"><![CDATA[$tags_str]]></tags-str>
 462                                 </rpc-reply>";
 463
 464                         return;
 465                 }
 466
 467                 if ($subop == "regenPubKey") {
 468
 469                         print "<rpc-reply>";
 470
 471                         set_pref($link, "_PREFS_PUBLISH_KEY", generate_publish_key(), $_SESSION["uid"]);
 472
 473                         $new_link = article_publish_url($link);
 474
 475                         print "<link><![CDATA[$new_link]]></link>";
 476
 477                         print "</rpc-reply>";
 478
 479                         return;
 480                 }
 481
 482                 if ($subop == "regenOPMLKey") {
 483
 484                         print "<rpc-reply>";
 485                         set_pref($link, " _PREFS_OPML_PUBLISH_KEY", generate_publish_key(), $_SESSION["uid"]);
 486                         $new_link = opml_publish_url($link);
 487                         print "<link><![CDATA[$new_link]]></link>";
 488                         print "</rpc-reply>";
 489                         return;
 490                 }
 491
 492                 if ($subop == "logout") {
 493                         logout_user();
 494                         print_error_xml(6);
 495                         return;
 496                 }
 497
 498                 if ($subop == "completeTags") {
 499
 500                         $search = db_escape_string($_REQUEST["search"]);
 501
 502                         $result = db_query($link, "SELECT DISTINCT tag_name FROM ttrss_tags
 503                                 WHERE owner_uid = '".$_SESSION["uid"]."' AND
 504                                 tag_name LIKE '$search%' ORDER BY tag_name
 505                                 LIMIT 10");
 506
 507                         print "<ul>";
 508                         while ($line = db_fetch_assoc($result)) {
 509                                 print "<li>" . $line["tag_name"] . "</li>";
 510                         }
 511                         print "</ul>";
 512
 513                         return;
 514                 }
 515
 516                 if ($subop == "purge") {
 517                         $ids = split(",", db_escape_string($_REQUEST["ids"]));
 518                         $days = sprintf("%d", $_REQUEST["days"]);
 519
 520                         print "<rpc-reply>";
 521
 522                         print "<message><![CDATA[";
 523
 524                         foreach ($ids as $id) {
 525
 526                                 $result = db_query($link, "SELECT id FROM ttrss_feeds WHERE
 527                                         id = '$id' AND owner_uid = ".$_SESSION["uid"]);
 528
 529                                 if (db_num_rows($result) == 1) {
 530                                         purge_feed($link, $id, $days, true);
 531                                 }
 532                         }
 533
 534                         print "]]></message>";
 535
 536                         print "</rpc-reply>";
 537
 538                         return;
 539                 }
 540
 541 /*              if ($subop == "setScore") {
 542                         $id = db_escape_string($_REQUEST["id"]);
 543                         $score = sprintf("%d", $_REQUEST["score"]);
 544
 545                         $result = db_query($link, "UPDATE ttrss_user_entries SET score = '$score'
 546                                 WHERE ref_id = '$id' AND owner_uid = ".$_SESSION["uid"]);
 547
 548                         print "<rpc-reply><message>Acknowledged.</message></rpc-reply>";
 549
 550                         return;
 551
 552                 } */
 553
 554                 if ($subop == "getArticles") {
 555                         $ids = split(",", db_escape_string($_REQUEST["ids"]));
 556
 557                         print "<rpc-reply>";
 558
 559                         foreach ($ids as $id) {
 560                                 if ($id) {
 561                                         outputArticleXML($link, $id, 0, false);
 562                                 }
 563                         }
 564                         print "</rpc-reply>";
 565
 566                         return;
 567                 }
 568
 569                 if ($subop == "checkDate") {
 570
 571                         $date = db_escape_string($_REQUEST["date"]);
 572                         $date_parsed = strtotime($date);
 573
 574                         print "<rpc-reply>";
 575
 576                         if ($date_parsed) {
 577                                 print "<result>1</result>";
 578                         } else {
 579                                 print "<result>0</result>";
 580                         }
 581
 582                         print "</rpc-reply>";
 583
 584                         return;
 585                 }
 586
 587                 if ($subop == "removeFromLabel") {
 588
 589                         $ids = split(",", db_escape_string($_REQUEST["ids"]));
 590                         $label_id = db_escape_string($_REQUEST["lid"]);
 591
 592                         $label = db_escape_string(label_find_caption($link, $label_id,
 593                                 $_SESSION["uid"]));
 594
 595                         print "<rpc-reply>";
 596                         print "<info-for-headlines>";
 597
 598                         if ($label) {
 599
 600                                 foreach ($ids as $id) {
 601                                         label_remove_article($link, $id, $label, $_SESSION["uid"]);
 602
 603                                         print "<entry id=\"$id\"><![CDATA[";
 604
 605                                         $labels = get_article_labels($link, $id, $_SESSION["uid"]);
 606                                         print format_article_labels($labels, $id);
 607
 608                                         print "]]></entry>";
 609
 610                                 }
 611                         }
 612
 613                         print "</info-for-headlines>";
 614
 615                         print "<counters><![CDATA[";
 616                         print json_encode(getAllCounters($link, $_REQUEST['omode']));
 617                         print "]]></counters>";
 618                         print "</rpc-reply>";
 619
 620                         return;
 621                 }
 622
 623                 if ($subop == "assignToLabel") {
 624
 625                         $ids = split(",", db_escape_string($_REQUEST["ids"]));
 626                         $label_id = db_escape_string($_REQUEST["lid"]);
 627
 628                         $label = db_escape_string(label_find_caption($link, $label_id,
 629                                 $_SESSION["uid"]));
 630
 631                         print "<rpc-reply>";
 632
 633                         print "<info-for-headlines>";
 634
 635                         if ($label) {
 636
 637                                 foreach ($ids as $id) {
 638                                         label_add_article($link, $id, $label, $_SESSION["uid"]);
 639
 640                                         print "<entry id=\"$id\"><![CDATA[";
 641
 642                                         $labels = get_article_labels($link, $id, $_SESSION["uid"]);
 643                                         print format_article_labels($labels, $id);
 644
 645                                         print "]]></entry>";
 646
 647                                 }
 648                         }
 649
 650                         print "</info-for-headlines>";
 651
 652                         print "<counters><![CDATA[";
 653                         print json_encode(getAllCounters($link, $_REQUEST['omode']));
 654                         print "]]></counters>";
 655                         print "</rpc-reply>";
 656
 657                         return;
 658                 }
 659
 660                 if ($subop == "updateFeedBrowser") {
 661
 662                         $search = db_escape_string($_REQUEST["search"]);
 663                         $limit = db_escape_string($_REQUEST["limit"]);
 664                         $mode = db_escape_string($_REQUEST["mode"]);
 665
 666                         print "<rpc-reply>";
 667                         print "<content>";
 668                         print "<![CDATA[";
 669                         $ctr = print_feed_browser($link, $search, $limit, $mode);
 670                         print "]]>";
 671                         print "</content>";
 672                         print "<num-results value=\"$ctr\"/>";
 673                         print "<mode value=\"$mode\"/>";
 674                         print "</rpc-reply>";
 675
 676                         return;
 677                 }
 678
 679
 680                 if ($subop == "massSubscribe") {
 681
 682                         $ids = split(",", db_escape_string($_REQUEST["ids"]));
 683                         $mode = $_REQUEST["mode"];
 684
 685                         $subscribed = array();
 686
 687                         foreach ($ids as $id) {
 688
 689                                 if ($mode == 1) {
 690                                         $result = db_query($link, "SELECT feed_url,title FROM ttrss_feeds
 691                                                 WHERE id = '$id'");
 692                                 } else if ($mode == 2) {
 693                                         $result = db_query($link, "SELECT * FROM ttrss_archived_feeds
 694                                                 WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]);
 695                                         $orig_id = db_escape_string(db_fetch_result($result, 0, "id"));
 696                                         $site_url = db_escape_string(db_fetch_result($result, 0, "site_url"));
 697                                 }
 698
 699                                 $feed_url = db_escape_string(db_fetch_result($result, 0, "feed_url"));
 700                                 $title = db_escape_string(db_fetch_result($result, 0, "title"));
 701
 702                                 $title_orig = db_fetch_result($result, 0, "title");
 703
 704                                 $result = db_query($link, "SELECT id FROM ttrss_feeds WHERE
 705                                                 feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
 706
 707                                 if (db_num_rows($result) == 0) {
 708                                         if ($mode == 1) {
 709                                                 $result = db_query($link,
 710                                                         "INSERT INTO ttrss_feeds (owner_uid,feed_url,title,cat_id)
 711                                                         VALUES ('".$_SESSION["uid"]."', '$feed_url', '$title', NULL)");
 712                                         } else if ($mode == 2) {
 713                                                 $result = db_query($link,
 714                                                         "INSERT INTO ttrss_feeds (id,owner_uid,feed_url,title,cat_id,site_url)
 715                                                         VALUES ('$orig_id','".$_SESSION["uid"]."', '$feed_url', '$title', NULL, '$site_url')");
 716                                         }
 717                                         array_push($subscribed, $title_orig);
 718                                 }
 719                         }
 720
 721                         $num_feeds = count($subscribed);
 722
 723                         print "<rpc-reply>";
 724                         print "<num-feeds value='$num_feeds'/>";
 725                         print "</rpc-reply>";
 726
 727                         return;
 728                 }
 729
 730                 if ($subop == "download") {
 731                         $stage = (int) $_REQUEST["stage"];
 732                         $cidt = (int)db_escape_string($_REQUEST["cidt"]);
 733                         $cidb = (int)db_escape_string($_REQUEST["cidb"]);
 734                         $sync = db_escape_string($_REQUEST["sync"]);
 735                         //$amount = (int) $_REQUEST["amount"];
 736                         //$unread_only = db_escape_string($_REQUEST["unread_only"]);
 737                         //if (!$amount) $amount = 50;
 738
 739                         /* Amount is not used by the frontend offline.js anymore, it goes by
 740                          * date_qpart below + cidb/cidt IDs */
 741
 742                         $amount = 2000;
 743                         $unread_only = true;
 744
 745                         print "<rpc-reply>";
 746
 747                         $sync = split(";", $sync);
 748
 749                         print "<sync>";
 750
 751                         if (count($sync) > 0) {
 752                                 if (strtotime($sync[0])) {
 753                                         $last_online = db_escape_string($sync[0]);
 754
 755                                         print "<sync-point><![CDATA[$last_online]]></sync-point>";
 756
 757                                         for ($i = 1; $i < count($sync); $i++) {
 758                                                 $e = split(",", $sync[$i]);
 759
 760                                                 if (count($e) == 3) {
 761
 762                                                         $id = (int) $e[0];
 763                                                         $unread = bool_to_sql_bool((bool) $e[1]);
 764                                                         $marked = (bool)$e[2];
 765
 766                                                         if ($marked) {
 767                                                                 $marked = bool_to_sql_bool($marked);
 768                                                                 $marked_qpart = "marked = $marked,";
 769                                                         }
 770
 771                                                         $query = "UPDATE ttrss_user_entries SET
 772                                                                 $marked_qpart
 773                                                                 unread = $unread,
 774                                                                 last_read = '$last_online'
 775                                                         WHERE ref_id = '$id' AND
 776                                                                 (last_read IS NULL OR last_read < '$last_online') AND
 777                                                                 owner_uid = ".$_SESSION["uid"];
 778
 779                                                         $result = db_query($link, $query);
 780
 781                                                         print "<sync-ok id=\"$id\"/>";
 782
 783                                                 }
 784                                         }
 785
 786                                         /* Maybe we need to further update local DB for this client */
 787
 788                                         $query = "SELECT ref_id,unread,marked FROM ttrss_user_entries
 789                                                 WHERE last_read >= '$last_online' AND
 790                                                                 owner_uid = ".$_SESSION["uid"] . " LIMIT 1000";
 791
 792                                         $result = db_query($link, $query);
 793
 794                                         while ($line = db_fetch_assoc($result)) {
 795                                                 $unread = (int) sql_bool_to_bool($line["unread"]);
 796                                                 $marked = (int) sql_bool_to_bool($line["marked"]);
 797
 798                                                 print "<sync-ok unread=\"$unread\" marked=\"$marked\"
 799                                                         id=\"".$line["ref_id"]."\"/>";
 800                                         }
 801
 802                                 }
 803                         }
 804
 805                         print "</sync>";
 806
 807                         if ($stage == 0) {
 808                                 print "<feeds>";
 809
 810                                 $result = db_query($link, "SELECT id, title, cat_id FROM
 811                                         ttrss_feeds WHERE owner_uid = ".$_SESSION["uid"]);
 812
 813                                 while ($line = db_fetch_assoc($result)) {
 814
 815                                         $has_icon = (int) feed_has_icon($line["id"]);
 816
 817                                         print "<feed has_icon=\"$has_icon\"
 818                                                 cat_id=\"".(int)$line["cat_id"]."\" id=\"".$line["id"]."\"><![CDATA[";
 819                                         print $line["title"];
 820                                         print "]]></feed>";
 821                                 }
 822
 823                                 print "</feeds>";
 824
 825                                 print "<feed-categories>";
 826
 827                                 $result = db_query($link, "SELECT id, title, collapsed FROM
 828                                         ttrss_feed_categories WHERE owner_uid = ".$_SESSION["uid"]);
 829
 830                                         print "<category id=\"0\" collapsed=\"".
 831                                                 (int)get_pref($link, "_COLLAPSED_UNCAT")."\"><![CDATA[";
 832                                         print __("Uncategorized");
 833                                         print "]]></category>";
 834
 835                                         print "<category id=\"-1\" collapsed=\"".
 836                                                 (int)get_pref($link, "_COLLAPSED_SPECIAL")."\"><![CDATA[";
 837                                         print __("Special");
 838                                         print "]]></category>";
 839
 840                                         print "<category id=\"-2\" collapsed=\"".
 841                                                 (int)get_pref($link, "_COLLAPSED_LABELS")."\"><![CDATA[";
 842                                         print __("Labels");
 843                                         print "]]></category>";
 844
 845                                 while ($line = db_fetch_assoc($result)) {
 846                                         print "<category
 847                                                 id=\"".$line["id"]."\"
 848                                                 collapsed=\"".(int)sql_bool_to_bool($line["collapsed"])."\"><![CDATA[";
 849                                         print $line["title"];
 850                                         print "]]></category>";
 851                                 }
 852
 853                                 print "</feed-categories>";
 854
 855                                 print "<labels>";
 856
 857                                 $result = db_query($link, "SELECT * FROM
 858                                         ttrss_labels2 WHERE owner_uid = ".$_SESSION["uid"]);
 859
 860                                 while ($line = db_fetch_assoc($result)) {
 861                                         print "<label
 862                                                 id=\"".$line["id"]."\"
 863                                                 fg_color=\"".$line["fg_color"]."\"
 864                                                 bg_color=\"".$line["bg_color"]."\"
 865                                                 ><![CDATA[";
 866                                         print $line["caption"];
 867                                         print "]]></label>";
 868                                 }
 869
 870
 871                                 print "</labels>";
 872
 873                         }
 874
 875                         if ($stage > 0) {
 876                                 print "<articles>";
 877
 878                                 $limit = 10;
 879                                 $skip = $limit*($stage-1);
 880
 881                                 print "<limit value=\"$limit\"/>";
 882
 883                                 if ($amount > 0) $amount -= $skip;
 884
 885                                 if ($amount > 0) {
 886
 887                                         $limit = min($limit, $amount);
 888
 889                                         if ($unread_only) {
 890                                                 $unread_qpart = "(unread = true OR marked = true) AND ";
 891                                         }
 892
 893                                         if ($cidt && $cidb) {
 894                                                 $cid_qpart =  "(ttrss_entries.id > $cidt OR ttrss_entries.id < $cidb) AND ";
 895                                         }
 896
 897                                         if (DB_TYPE == "pgsql") {
 898                                                 $date_qpart = "updated >= NOW() - INTERVAL '1 week' AND";
 899                                         } else {
 900                                                 $date_qpart = "updated >= DATE_SUB(NOW(), INTERVAL 1 WEEK) AND";
 901                                         }
 902
 903                                         $result = db_query($link,
 904                                                 "SELECT DISTINCT ttrss_entries.id,ttrss_entries.title,
 905                                                         guid,link,comments,
 906                                                         feed_id,content,updated,unread,marked FROM
 907                                                         ttrss_user_entries,ttrss_entries,ttrss_feeds
 908                                                 WHERE $unread_qpart $cid_qpart $date_qpart
 909                                                         ttrss_feeds.id = feed_id AND
 910                                                         ref_id = ttrss_entries.id AND
 911                                                         ttrss_user_entries.owner_uid = ".$_SESSION["uid"]."
 912                                                         ORDER BY updated DESC LIMIT $limit OFFSET $skip");
 913
 914                                         if (function_exists('json_encode')) {
 915
 916                                                 while ($line = db_fetch_assoc($result)) {
 917                                                         print "<article><![CDATA[";
 918
 919                                                         $line["marked"] = (int)sql_bool_to_bool($line["marked"]);
 920                                                         $line["unread"] = (int)sql_bool_to_bool($line["unread"]);
 921
 922                                                         $line["labels"] = get_article_labels($link, $line["id"]);
 923
 924 //                                                      too slow :(
 925 //                                                      $line["tags"] = format_tags_string(
 926 //                                                              get_article_tags($link, $line["id"]), $line["id"]);
 927
 928                                                         print json_encode($line);
 929                                                         print "]]></article>";
 930                                                 }
 931                                         }
 932
 933                                 }
 934
 935                                 print "</articles>";
 936
 937                         }
 938
 939                         print "</rpc-reply>";
 940
 941                         return;
 942                 }
 943
 944                 if ($subop == "digest-get-contents") {
 945                         $article_id = db_escape_string($_REQUEST['article_id']);
 946
 947                         $result = db_query($link, "SELECT content
 948                                 FROM ttrss_entries, ttrss_user_entries
 949                                 WHERE id = '$article_id' AND ref_id = id AND owner_uid = ".$_SESSION['uid']);
 950
 951                         print "<rpc-reply>";
 952
 953                         print "<article id=\"$article_id\"><![CDATA[";
 954
 955                         $content = sanitize_rss($link, db_fetch_result($result, 0, "content"));
 956
 957                         print $content;
 958
 959                         print "]]></article>";
 960
 961                         print "</rpc-reply>";
 962
 963                         return;
 964                 }
 965
 966                 if ($subop == "digest-update") {
 967                         $feed_id = db_escape_string($_REQUEST['feed_id']);
 968                         $offset = db_escape_string($_REQUEST['offset']);
 969                         $seq = db_escape_string($_REQUEST['seq']);
 970
 971                         if (!$feed_id) $feed_id = -4;
 972                         if (!$offset) $offset = 0;
 973                         print "<rpc-reply>";
 974
 975                         print "<seq>$seq</seq>";
 976
 977                         $headlines = api_get_headlines($link, $feed_id, 10, $offset,
 978                                 '', ($feed_id == -4), true, false, "unread", "updated DESC");
 979
 980                         //function api_get_headlines($link, $feed_id, $limit, $offset,
 981                         //              $filter, $is_cat, $show_excerpt, $show_content, $view_mode) {
 982
 983                         print "<headlines-title><![CDATA[" . getFeedTitle($link, $feed_id) .
 984                                 "]]></headlines-title>";
 985
 986                         print "<headlines><![CDATA[" . json_encode($headlines) . "]]></headlines>";
 987
 988                         print "</rpc-reply>";
 989                         return;
 990                 }
 991
 992                 if ($subop == "digest-init") {
 993                         print "<rpc-reply>";
 994
 995                         $tmp_feeds = api_get_feeds($link, false, true, false, 0);
 996                         $feeds = array();
 997
 998                         foreach ($tmp_feeds as $f) {
 999                                 if ($f['id'] > 0 || $f['id'] == -4) array_push($feeds, $f);
1000                         }
1001
1002                         print "<feeds><![CDATA[" . json_encode($feeds) . "]]></feeds>";
1003
1004                         print "</rpc-reply>";
1005                         return;
1006                 }
1007
1008                 if ($subop == "catchupFeed") {
1009
1010                         $feed_id = db_escape_string($_REQUEST['feed_id']);
1011                         $is_cat = db_escape_string($_REQUEST['is_cat']);
1012
1013                         print "<rpc-reply>";
1014
1015                         catchup_feed($link, $feed_id, $is_cat);
1016
1017                         print "</rpc-reply>";
1018
1019                         return;
1020                 }
1021
1022                 if ($subop == "sendEmail") {
1023                         $secretkey = $_REQUEST['secretkey'];
1024
1025                         print "<rpc-reply>";
1026
1027                         if (DIGEST_ENABLE && $_SESSION['email_secretkey'] &&
1028                                                 $secretkey == $_SESSION['email_secretkey']) {
1029
1030                                 $_SESSION['email_secretkey'] = '';
1031
1032                                 $destination = $_REQUEST['destination'];
1033                                 $subject = $_REQUEST['subject'];
1034                                 $content = $_REQUEST['content'];
1035
1036                                 $replyto = strip_tags($_SESSION['email_replyto']);
1037                                 $fromname = strip_tags($_SESSION['email_fromname']);
1038
1039                                 $mail = new PHPMailer();
1040
1041                                 $mail->PluginDir = "lib/phpmailer/";
1042                                 $mail->SetLanguage("en", "lib/phpmailer/language/");
1043
1044                                 $mail->CharSet = "UTF-8";
1045
1046                                 $mail->From = $replyto;
1047                                 $mail->FromName = $fromname;
1048                                 $mail->AddAddress($destination);
1049
1050                                 if (DIGEST_SMTP_HOST) {
1051                                         $mail->Host = DIGEST_SMTP_HOST;
1052                                         $mail->Mailer = "smtp";
1053                                         $mail->SMTPAuth = DIGEST_SMTP_LOGIN != '';
1054                                         $mail->Username = DIGEST_SMTP_LOGIN;
1055                                         $mail->Password = DIGEST_SMTP_PASSWORD;
1056                                 }
1057
1058                                 $mail->IsHTML(false);
1059                                 $mail->Subject = $subject;
1060                                 $mail->Body = $content;
1061
1062                                 $rc = $mail->Send();
1063
1064                                 if (!$rc) {
1065                                         print "<error><![CDATA[" . $mail->ErrorInfo . "]]></error>";
1066                                 } else {
1067                                         save_email_address($link, db_escape_string($destination));
1068                                         print "<message>OK</message>";
1069                                 }
1070
1071                         } else {
1072                                 print "<error>Not authorized.</error>";
1073                         }
1074
1075                         print "</rpc-reply>";
1076
1077                         return;
1078                 }
1079
1080                 if ($subop == "completeEmails") {
1081
1082                         $search = db_escape_string($_REQUEST["search"]);
1083
1084                         print "<ul>";
1085
1086                         foreach ($_SESSION['stored_emails'] as $email) {
1087                                 if (strpos($email, $search) !== false) {
1088                                         print "<li>$email</li>";
1089                                 }
1090                         }
1091
1092                         print "</ul>";
1093
1094                         return;
1095                 }
1096
1097                 print "<rpc-reply><error>Unknown method: $subop</error></rpc-reply>";
1098         }
1099 ?>