modules/backend-rpc.php

   1 <?php
   2         function handle_rpc_request($link) {
   3
   4                 $subop = $_REQUEST["subop"];
   5
   6                 if ($subop == "setprofile") {
   7                         $id = db_escape_string($_REQUEST["id"]);
   8
   9                         $_SESSION["profile"] = $id;
  10                         $_SESSION["prefs_cache"] = array();
  11                         return;
  12                 }
  13
  14                 if ($subop == "remprofiles") {
  15                         $ids = split(",", db_escape_string(trim($_REQUEST["ids"])));
  16
  17                         foreach ($ids as $id) {
  18                                 if ($_SESSION["profile"] != $id) {
  19                                         db_query($link, "DELETE FROM ttrss_settings_profiles WHERE id = '$id' AND
  20                                                 owner_uid = " . $_SESSION["uid"]);
  21                                 }
  22                         }
  23                         return;
  24                 }
  25
  26                 if ($subop == "addprofile") {
  27                         $title = db_escape_string(trim($_REQUEST["title"]));
  28                         if ($title) {
  29                                 db_query($link, "BEGIN");
  30
  31                                 $result = db_query($link, "SELECT id FROM ttrss_settings_profiles
  32                                         WHERE title = '$title' AND owner_uid = " . $_SESSION["uid"]);
  33
  34                                 if (db_num_rows($result) == 0) {
  35
  36                                         db_query($link, "INSERT INTO ttrss_settings_profiles (title, owner_uid)
  37                                                 VALUES ('$title', ".$_SESSION["uid"] .")");
  38
  39                                         $result = db_query($link, "SELECT id FROM ttrss_settings_profiles WHERE
  40                                                 title = '$title'");
  41
  42                                         if (db_num_rows($result) != 0) {
  43                                                 $profile_id = db_fetch_result($result, 0, "id");
  44
  45                                                 if ($profile_id) {
  46                                                         initialize_user_prefs($link, $_SESSION["uid"], $profile_id);
  47                                                 }
  48                                         }
  49                                 }
  50
  51                                 db_query($link, "COMMIT");
  52                         }
  53                         return;
  54                 }
  55
  56                 if ($subop == "saveprofile") {
  57                         $id = db_escape_string($_REQUEST["id"]);
  58                         $title = db_escape_string(trim($_REQUEST["value"]));
  59
  60                         if ($id == 0) {
  61                                 print __("Default profile");
  62                                 return;
  63                         }
  64
  65                         if ($title) {
  66                                 db_query($link, "BEGIN");
  67
  68                                 $result = db_query($link, "SELECT id FROM ttrss_settings_profiles
  69                                         WHERE title = '$title' AND owner_uid =" . $_SESSION["uid"]);
  70
  71                                 if (db_num_rows($result) == 0) {
  72                                         db_query($link, "UPDATE ttrss_settings_profiles
  73                                                 SET title = '$title' WHERE id = '$id' AND
  74                                                 owner_uid = " . $_SESSION["uid"]);
  75                                         print $title;
  76                                 } else {
  77                                         $result = db_query($link, "SELECT title FROM ttrss_settings_profiles
  78                                                 WHERE id = '$id' AND owner_uid =" . $_SESSION["uid"]);
  79                                         print db_fetch_result($result, 0, "title");
  80                                 }
  81
  82                                 db_query($link, "COMMIT");
  83                         }
  84                         return;
  85                 }
  86
  87                 if ($subop == "remarchive") {
  88                         $ids = split(",", db_escape_string($_REQUEST["ids"]));
  89
  90                         print "<rpc-reply>";
  91
  92                         foreach ($ids as $id) {
  93                                 $result = db_query($link, "DELETE FROM ttrss_archived_feeds WHERE
  94                                         (SELECT COUNT(*) FROM ttrss_user_entries
  95                                                 WHERE orig_feed_id = '$id') = 0 AND
  96                                                 id = '$id' AND owner_uid = ".$_SESSION["uid"]);
  97
  98                                 $rc = db_affected_rows($link, $result);
  99
 100                                 print "<feed id='$id' rc='$rc'/>";
 101
 102                         }
 103
 104                         print "</rpc-reply>";
 105
 106                         return;
 107                 }
 108
 109                 if ($subop == "addfeed") {
 110
 111                         $feed = db_escape_string($_REQUEST['feed']);
 112                         $cat = db_escape_string($_REQUEST['cat']);
 113                         $login = db_escape_string($_REQUEST['login']);
 114                         $pass = db_escape_string($_REQUEST['pass']);
 115
 116                         $rc = subscribe_to_feed($link, $feed, $cat, $login, $pass);
 117
 118                         print "<rpc-reply>";
 119                         print "<result code='$rc'/>";
 120                         print "</rpc-reply>";
 121
 122                         return;
 123
 124                 }
 125
 126                 if ($subop == "extractfeedurls") {
 127                         print "<rpc-reply>";
 128
 129                         $urls = get_feeds_from_html($_REQUEST['url']);
 130                         print "<urls><![CDATA[" . json_encode($urls) . "]]></urls>";
 131
 132                         print "</rpc-reply>";
 133                         return;
 134                 }
 135
 136                 if ($subop == "togglepref") {
 137                         print "<rpc-reply>";
 138
 139                         $key = db_escape_string($_REQUEST["key"]);
 140
 141                         set_pref($link, $key, !get_pref($link, $key));
 142
 143                         $value = get_pref($link, $key);
 144
 145                         print "<param-set key=\"$key\" value=\"$value\"/>";
 146
 147                         print "</rpc-reply>";
 148
 149                         return;
 150                 }
 151
 152                 if ($subop == "setpref") {
 153                         print "<rpc-reply>";
 154
 155                         $key = db_escape_string($_REQUEST["key"]);
 156                         $value = db_escape_string($_REQUEST["value"]);
 157
 158                         set_pref($link, $key, $value);
 159
 160                         print "<param-set key=\"$key\" value=\"$value\"/>";
 161
 162                         print "</rpc-reply>";
 163
 164                         return;
 165                 }
 166
 167                 if ($subop == "getAllCounters") {
 168                         print "<rpc-reply>";
 169                         print "<counters><![CDATA[";
 170
 171                         print json_encode(getAllCounters($link, $_REQUEST['omode']));
 172
 173                         print "]]></counters>";
 174                         print_runtime_info($link);
 175                         print "</rpc-reply>";
 176
 177                         return;
 178                 }
 179
 180                 if ($subop == "mark") {
 181                         $mark = $_REQUEST["mark"];
 182                         $id = db_escape_string($_REQUEST["id"]);
 183
 184                         if ($mark == "1") {
 185                                 $mark = "true";
 186                         } else {
 187                                 $mark = "false";
 188                         }
 189
 190                         // FIXME this needs collision testing
 191
 192                         $result = db_query($link, "UPDATE ttrss_user_entries SET marked = $mark
 193                                 WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
 194
 195                         print "<rpc-reply><counters><![CDATA[";
 196                         print json_encode(getAllCounters($link));
 197                         print "]]></counters></rpc-reply>";
 198
 199                         return;
 200                 }
 201
 202                 if ($subop == "delete") {
 203                         $ids = db_escape_string($_REQUEST["ids"]);
 204
 205                         $result = db_query($link, "DELETE FROM ttrss_user_entries
 206                                 WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]);
 207
 208                         print "<rpc-reply><counters><![CDATA[";
 209                         print json_encode(getAllCounters($link));
 210                         print "]]></counters></rpc-reply>";
 211
 212                         return;
 213                 }
 214
 215                 if ($subop == "unarchive") {
 216                         $ids = db_escape_string($_REQUEST["ids"]);
 217
 218                         $result = db_query($link, "UPDATE ttrss_user_entries
 219                                 SET feed_id = orig_feed_id, orig_feed_id = NULL
 220                                 WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]);
 221
 222                         print "<rpc-reply><counters><![CDATA[";
 223                         print json_encode(getAllCounters($link));
 224                         print "]]></counters></rpc-reply>";
 225
 226                         return;
 227                 }
 228
 229                 if ($subop == "archive") {
 230                         $ids = split(",", db_escape_string($_REQUEST["ids"]));
 231
 232                         foreach ($ids as $id) {
 233                                 archive_article($link, $id, $_SESSION["uid"]);
 234                         }
 235
 236                         print "<rpc-reply><counters><![CDATA[";
 237                         print json_encode(getAllCounters($link));
 238                         print "]]></counters></rpc-reply>";
 239
 240                         return;
 241                 }
 242
 243
 244                 if ($subop == "publ") {
 245                         $pub = $_REQUEST["pub"];
 246                         $id = db_escape_string($_REQUEST["id"]);
 247                         $note = trim(strip_tags(db_escape_string($_REQUEST["note"])));
 248
 249                         if ($pub == "1") {
 250                                 $pub = "true";
 251                         } else {
 252                                 $pub = "false";
 253                         }
 254
 255                         if ($note != 'undefined') {
 256                                 $note_qpart = "note = '$note',";
 257                         }
 258
 259                         // FIXME this needs collision testing
 260
 261                         $result = db_query($link, "UPDATE ttrss_user_entries SET
 262                                 $note_qpart
 263                                 published = $pub
 264                                 WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
 265
 266
 267                         print "<rpc-reply>";
 268
 269                         print "<counters><![CDATA[";
 270                         print json_encode(getAllCounters($link));
 271                         print "]]></counters>";
 272
 273                         if ($note != 'undefined') {
 274                                 $note_size = strlen($note);
 275                                 print "<note id=\"$id\" size=\"$note_size\">";
 276                                 print "<![CDATA[" . format_article_note($id, $note) . "]]>";
 277                                 print "</note>";
 278                         }
 279
 280                         print "</rpc-reply>";
 281
 282                         return;
 283                 }
 284
 285                 if ($subop == "updateFeed") {
 286                         $feed_id = db_escape_string($_REQUEST["feed"]);
 287
 288                         update_rss_feed($link, $feed_id);
 289
 290                         print "<rpc-reply>";
 291                         print "<counters><![CDATA[";
 292                         print json_encode(getFeedCounters($link, $feed_id));
 293                         print "]]></counters>";
 294                         print "</rpc-reply>";
 295
 296                         return;
 297                 }
 298
 299                 if ($subop == "updateAllFeeds") {
 300
 301                         $global_unread_caller = sprintf("%d", $_REQUEST["uctr"]);
 302                         $global_unread = getGlobalUnread($link);
 303
 304                         print "<rpc-reply>";
 305
 306                         if ($global_unread_caller != $global_unread) {
 307                                 print "<counters><![CDATA[";
 308                                 $omode = $_REQUEST["omode"];
 309                                 print json_encode(getAllCounters($link, $omode));
 310                                 print "]]></counters>";
 311                         }
 312
 313                         print_runtime_info($link);
 314
 315                         print "</rpc-reply>";
 316
 317                         return;
 318                 }
 319
 320                 /* GET["cmode"] = 0 - mark as read, 1 - as unread, 2 - toggle */
 321                 if ($subop == "catchupSelected") {
 322
 323                         $ids = split(",", db_escape_string($_REQUEST["ids"]));
 324                         $cmode = sprintf("%d", $_REQUEST["cmode"]);
 325
 326                         catchupArticlesById($link, $ids, $cmode);
 327
 328                         print "<rpc-reply>";
 329                         print "<counters><![CDATA[";
 330                         print json_encode(getAllCounters($link, $_REQUEST['omode']));
 331                         print "]]></counters>";
 332
 333                         print_runtime_info($link);
 334                         print "</rpc-reply>";
 335
 336                         return;
 337                 }
 338
 339                 if ($subop == "markSelected") {
 340
 341                         $ids = split(",", db_escape_string($_REQUEST["ids"]));
 342                         $cmode = sprintf("%d", $_REQUEST["cmode"]);
 343
 344                         markArticlesById($link, $ids, $cmode);
 345
 346                         print "<rpc-reply>";
 347                         print "<counters><![CDATA[";
 348                         print json_encode(getAllCounters($link, $_REQUEST['omode']));
 349                         print "]]></counters>";
 350                         print_runtime_info($link);
 351                         print "</rpc-reply>";
 352
 353                         return;
 354                 }
 355
 356                 if ($subop == "publishSelected") {
 357
 358                         $ids = split(",", db_escape_string($_REQUEST["ids"]));
 359                         $cmode = sprintf("%d", $_REQUEST["cmode"]);
 360
 361                         publishArticlesById($link, $ids, $cmode);
 362
 363                         print "<rpc-reply>";
 364                         print "<counters><![CDATA[";
 365                         print json_encode(getAllCounters($link, $_REQUEST['omode']));
 366                         print "]]></counters>";
 367                         print_runtime_info($link);
 368                         print "</rpc-reply>";
 369
 370                         return;
 371                 }
 372
 373                 if ($subop == "sanityCheck") {
 374                         print "<rpc-reply>";
 375                         if (sanity_check($link)) {
 376                                 print "<error error-code=\"0\"/>";
 377
 378                                 print "<init-params><![CDATA[";
 379                                 print json_encode(make_init_params($link));
 380                                 print "]]></init-params>";
 381
 382                                 print_runtime_info($link);
 383
 384                                 # assign client-passed params to session
 385                                 $_SESSION["client.userAgent"] = $_REQUEST["ua"];
 386
 387                         }
 388                         print "</rpc-reply>";
 389
 390                         return;
 391                 }
 392
 393                 if ($subop == "globalPurge") {
 394
 395                         print "<rpc-reply>";
 396                         global_purge_old_posts($link, true);
 397                         print "</rpc-reply>";
 398
 399                         return;
 400                 }
 401
 402                 if ($subop == "getArticleLink") {
 403
 404                         $id = db_escape_string($_REQUEST["id"]);
 405
 406                         $result = db_query($link, "SELECT link FROM ttrss_entries, ttrss_user_entries
 407                                 WHERE id = '$id' AND id = ref_id AND owner_uid = '".$_SESSION['uid']."'");
 408
 409                         if (db_num_rows($result) == 1) {
 410                                 $link = htmlspecialchars(strip_tags(db_fetch_result($result, 0, "link")));
 411                                 print "<rpc-reply><link>$link</link><id>$id</id></rpc-reply>";
 412                         } else {
 413                                 print "<rpc-reply><error>Article not found</error></rpc-reply>";
 414                         }
 415
 416                         return;
 417                 }
 418
 419                 if ($subop == "setArticleTags") {
 420
 421                         global $memcache;
 422
 423                         $id = db_escape_string($_REQUEST["id"]);
 424
 425                         $tags_str = db_escape_string($_REQUEST["tags_str"]);
 426                         $tags = array_unique(trim_array(split(",", $tags_str)));
 427                         $tags_str = db_escape_string(join(",", $tags));
 428
 429                         db_query($link, "BEGIN");
 430
 431                         $result = db_query($link, "SELECT int_id FROM ttrss_user_entries WHERE
 432                                 ref_id = '$id' AND owner_uid = '".$_SESSION["uid"]."' LIMIT 1");
 433
 434                         if (db_num_rows($result) == 1) {
 435
 436                                 $int_id = db_fetch_result($result, 0, "int_id");
 437
 438                                 db_query($link, "DELETE FROM ttrss_tags WHERE
 439                                         post_int_id = $int_id AND owner_uid = '".$_SESSION["uid"]."'");
 440
 441                                 foreach ($tags as $tag) {
 442                                         $tag = sanitize_tag($tag);
 443
 444                                         if (!tag_is_valid($tag)) {
 445                                                 continue;
 446                                         }
 447
 448                                         if (preg_match("/^[0-9]*$/", $tag)) {
 449                                                 continue;
 450                                         }
 451
 452 //                                      print "<!-- $id : $int_id : $tag -->";
 453
 454                                         if ($tag != '') {
 455                                                 db_query($link, "INSERT INTO ttrss_tags
 456                                                         (post_int_id, owner_uid, tag_name) VALUES ('$int_id', '".$_SESSION["uid"]."', '$tag')");
 457                                         }
 458                                 }
 459                         }
 460
 461                         db_query($link, "UPDATE ttrss_user_entries
 462                                 SET tag_cache = '$tags_str' WHERE ref_id = '$id'
 463                                 AND owner_uid = " . $_SESSION["uid"]);
 464
 465                         db_query($link, "COMMIT");
 466
 467                         if ($memcache) {
 468                                 $obj_id = md5("TAGS:".$_SESSION["uid"].":$id");
 469                                 $memcache->delete($obj_id);
 470                         }
 471
 472                         $tags_str = format_tags_string(get_article_tags($link, $id), $id);
 473
 474                         print "<rpc-reply>
 475                                 <tags-str id=\"$id\"><![CDATA[$tags_str]]></tags-str>
 476                                 </rpc-reply>";
 477
 478                         return;
 479                 }
 480
 481                 if ($subop == "regenOPMLKey") {
 482
 483                         print "<rpc-reply>";
 484
 485                         update_feed_access_key($link, 'OPML:Publish',
 486                                 false, $_SESSION["uid"]);
 487
 488                         $new_link = opml_publish_url($link);
 489                         print "<link><![CDATA[$new_link]]></link>";
 490                         print "</rpc-reply>";
 491                         return;
 492                 }
 493
 494                 if ($subop == "logout") {
 495                         logout_user();
 496                         print_error_xml(6);
 497                         return;
 498                 }
 499
 500                 if ($subop == "completeTags") {
 501
 502                         $search = db_escape_string($_REQUEST["search"]);
 503
 504                         $result = db_query($link, "SELECT DISTINCT tag_name FROM ttrss_tags
 505                                 WHERE owner_uid = '".$_SESSION["uid"]."' AND
 506                                 tag_name LIKE '$search%' ORDER BY tag_name
 507                                 LIMIT 10");
 508
 509                         print "<ul>";
 510                         while ($line = db_fetch_assoc($result)) {
 511                                 print "<li>" . $line["tag_name"] . "</li>";
 512                         }
 513                         print "</ul>";
 514
 515                         return;
 516                 }
 517
 518                 if ($subop == "purge") {
 519                         $ids = split(",", db_escape_string($_REQUEST["ids"]));
 520                         $days = sprintf("%d", $_REQUEST["days"]);
 521
 522                         print "<rpc-reply>";
 523
 524                         print "<message><![CDATA[";
 525
 526                         foreach ($ids as $id) {
 527
 528                                 $result = db_query($link, "SELECT id FROM ttrss_feeds WHERE
 529                                         id = '$id' AND owner_uid = ".$_SESSION["uid"]);
 530
 531                                 if (db_num_rows($result) == 1) {
 532                                         purge_feed($link, $id, $days, true);
 533                                 }
 534                         }
 535
 536                         print "]]></message>";
 537
 538                         print "</rpc-reply>";
 539
 540                         return;
 541                 }
 542
 543 /*              if ($subop == "setScore") {
 544                         $id = db_escape_string($_REQUEST["id"]);
 545                         $score = sprintf("%d", $_REQUEST["score"]);
 546
 547                         $result = db_query($link, "UPDATE ttrss_user_entries SET score = '$score'
 548                                 WHERE ref_id = '$id' AND owner_uid = ".$_SESSION["uid"]);
 549
 550                         print "<rpc-reply><message>Acknowledged.</message></rpc-reply>";
 551
 552                         return;
 553
 554                 } */
 555
 556                 if ($subop == "getArticles") {
 557                         $ids = split(",", db_escape_string($_REQUEST["ids"]));
 558
 559                         print "<rpc-reply>";
 560
 561                         foreach ($ids as $id) {
 562                                 if ($id) {
 563                                         outputArticleXML($link, $id, 0, false);
 564                                 }
 565                         }
 566                         print "</rpc-reply>";
 567
 568                         return;
 569                 }
 570
 571                 if ($subop == "checkDate") {
 572
 573                         $date = db_escape_string($_REQUEST["date"]);
 574                         $date_parsed = strtotime($date);
 575
 576                         print "<rpc-reply>";
 577
 578                         if ($date_parsed) {
 579                                 print "<result>1</result>";
 580                         } else {
 581                                 print "<result>0</result>";
 582                         }
 583
 584                         print "</rpc-reply>";
 585
 586                         return;
 587                 }
 588
 589                 if ($subop == "removeFromLabel") {
 590
 591                         $ids = split(",", db_escape_string($_REQUEST["ids"]));
 592                         $label_id = db_escape_string($_REQUEST["lid"]);
 593
 594                         $label = db_escape_string(label_find_caption($link, $label_id,
 595                                 $_SESSION["uid"]));
 596
 597                         print "<rpc-reply>";
 598                         print "<info-for-headlines>";
 599
 600                         if ($label) {
 601
 602                                 foreach ($ids as $id) {
 603                                         label_remove_article($link, $id, $label, $_SESSION["uid"]);
 604
 605                                         print "<entry id=\"$id\"><![CDATA[";
 606
 607                                         $labels = get_article_labels($link, $id, $_SESSION["uid"]);
 608                                         print format_article_labels($labels, $id);
 609
 610                                         print "]]></entry>";
 611
 612                                 }
 613                         }
 614
 615                         print "</info-for-headlines>";
 616
 617                         print "<counters><![CDATA[";
 618                         print json_encode(getAllCounters($link, $_REQUEST['omode']));
 619                         print "]]></counters>";
 620                         print "</rpc-reply>";
 621
 622                         return;
 623                 }
 624
 625                 if ($subop == "assignToLabel") {
 626
 627                         $ids = split(",", db_escape_string($_REQUEST["ids"]));
 628                         $label_id = db_escape_string($_REQUEST["lid"]);
 629
 630                         $label = db_escape_string(label_find_caption($link, $label_id,
 631                                 $_SESSION["uid"]));
 632
 633                         print "<rpc-reply>";
 634
 635                         print "<info-for-headlines>";
 636
 637                         if ($label) {
 638
 639                                 foreach ($ids as $id) {
 640                                         label_add_article($link, $id, $label, $_SESSION["uid"]);
 641
 642                                         print "<entry id=\"$id\"><![CDATA[";
 643
 644                                         $labels = get_article_labels($link, $id, $_SESSION["uid"]);
 645                                         print format_article_labels($labels, $id);
 646
 647                                         print "]]></entry>";
 648
 649                                 }
 650                         }
 651
 652                         print "</info-for-headlines>";
 653
 654                         print "<counters><![CDATA[";
 655                         print json_encode(getAllCounters($link, $_REQUEST['omode']));
 656                         print "]]></counters>";
 657                         print "</rpc-reply>";
 658
 659                         return;
 660                 }
 661
 662                 if ($subop == "updateFeedBrowser") {
 663
 664                         $search = db_escape_string($_REQUEST["search"]);
 665                         $limit = db_escape_string($_REQUEST["limit"]);
 666                         $mode = db_escape_string($_REQUEST["mode"]);
 667
 668                         print "<rpc-reply>";
 669                         print "<content>";
 670                         print "<![CDATA[";
 671                         $ctr = print_feed_browser($link, $search, $limit, $mode);
 672                         print "]]>";
 673                         print "</content>";
 674                         print "<num-results value=\"$ctr\"/>";
 675                         print "<mode value=\"$mode\"/>";
 676                         print "</rpc-reply>";
 677
 678                         return;
 679                 }
 680
 681
 682                 if ($subop == "massSubscribe") {
 683
 684                         $ids = split(",", db_escape_string($_REQUEST["ids"]));
 685                         $mode = $_REQUEST["mode"];
 686
 687                         $subscribed = array();
 688
 689                         foreach ($ids as $id) {
 690
 691                                 if ($mode == 1) {
 692                                         $result = db_query($link, "SELECT feed_url,title FROM ttrss_feeds
 693                                                 WHERE id = '$id'");
 694                                 } else if ($mode == 2) {
 695                                         $result = db_query($link, "SELECT * FROM ttrss_archived_feeds
 696                                                 WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]);
 697                                         $orig_id = db_escape_string(db_fetch_result($result, 0, "id"));
 698                                         $site_url = db_escape_string(db_fetch_result($result, 0, "site_url"));
 699                                 }
 700
 701                                 $feed_url = db_escape_string(db_fetch_result($result, 0, "feed_url"));
 702                                 $title = db_escape_string(db_fetch_result($result, 0, "title"));
 703
 704                                 $title_orig = db_fetch_result($result, 0, "title");
 705
 706                                 $result = db_query($link, "SELECT id FROM ttrss_feeds WHERE
 707                                                 feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
 708
 709                                 if (db_num_rows($result) == 0) {
 710                                         if ($mode == 1) {
 711                                                 $result = db_query($link,
 712                                                         "INSERT INTO ttrss_feeds (owner_uid,feed_url,title,cat_id)
 713                                                         VALUES ('".$_SESSION["uid"]."', '$feed_url', '$title', NULL)");
 714                                         } else if ($mode == 2) {
 715                                                 $result = db_query($link,
 716                                                         "INSERT INTO ttrss_feeds (id,owner_uid,feed_url,title,cat_id,site_url)
 717                                                         VALUES ('$orig_id','".$_SESSION["uid"]."', '$feed_url', '$title', NULL, '$site_url')");
 718                                         }
 719                                         array_push($subscribed, $title_orig);
 720                                 }
 721                         }
 722
 723                         $num_feeds = count($subscribed);
 724
 725                         print "<rpc-reply>";
 726                         print "<num-feeds value='$num_feeds'/>";
 727                         print "</rpc-reply>";
 728
 729                         return;
 730                 }
 731
 732                 if ($subop == "download") {
 733                         $stage = (int) $_REQUEST["stage"];
 734                         $cidt = (int)db_escape_string($_REQUEST["cidt"]);
 735                         $cidb = (int)db_escape_string($_REQUEST["cidb"]);
 736                         $sync = db_escape_string($_REQUEST["sync"]);
 737                         //$amount = (int) $_REQUEST["amount"];
 738                         //$unread_only = db_escape_string($_REQUEST["unread_only"]);
 739                         //if (!$amount) $amount = 50;
 740
 741                         /* Amount is not used by the frontend offline.js anymore, it goes by
 742                          * date_qpart below + cidb/cidt IDs */
 743
 744                         $amount = 2000;
 745                         $unread_only = true;
 746
 747                         print "<rpc-reply>";
 748
 749                         $sync = split(";", $sync);
 750
 751                         print "<sync>";
 752
 753                         if (count($sync) > 0) {
 754                                 if (strtotime($sync[0])) {
 755                                         $last_online = db_escape_string($sync[0]);
 756
 757                                         print "<sync-point><![CDATA[$last_online]]></sync-point>";
 758
 759                                         for ($i = 1; $i < count($sync); $i++) {
 760                                                 $e = split(",", $sync[$i]);
 761
 762                                                 if (count($e) == 3) {
 763
 764                                                         $id = (int) $e[0];
 765                                                         $unread = bool_to_sql_bool((bool) $e[1]);
 766                                                         $marked = (bool)$e[2];
 767
 768                                                         if ($marked) {
 769                                                                 $marked = bool_to_sql_bool($marked);
 770                                                                 $marked_qpart = "marked = $marked,";
 771                                                         }
 772
 773                                                         $query = "UPDATE ttrss_user_entries SET
 774                                                                 $marked_qpart
 775                                                                 unread = $unread,
 776                                                                 last_read = '$last_online'
 777                                                         WHERE ref_id = '$id' AND
 778                                                                 (last_read IS NULL OR last_read < '$last_online') AND
 779                                                                 owner_uid = ".$_SESSION["uid"];
 780
 781                                                         $result = db_query($link, $query);
 782
 783                                                         print "<sync-ok id=\"$id\"/>";
 784
 785                                                 }
 786                                         }
 787
 788                                         /* Maybe we need to further update local DB for this client */
 789
 790                                         $query = "SELECT ref_id,unread,marked FROM ttrss_user_entries
 791                                                 WHERE last_read >= '$last_online' AND
 792                                                                 owner_uid = ".$_SESSION["uid"] . " LIMIT 1000";
 793
 794                                         $result = db_query($link, $query);
 795
 796                                         while ($line = db_fetch_assoc($result)) {
 797                                                 $unread = (int) sql_bool_to_bool($line["unread"]);
 798                                                 $marked = (int) sql_bool_to_bool($line["marked"]);
 799
 800                                                 print "<sync-ok unread=\"$unread\" marked=\"$marked\"
 801                                                         id=\"".$line["ref_id"]."\"/>";
 802                                         }
 803
 804                                 }
 805                         }
 806
 807                         print "</sync>";
 808
 809                         if ($stage == 0) {
 810                                 print "<feeds>";
 811
 812                                 $result = db_query($link, "SELECT id, title, cat_id FROM
 813                                         ttrss_feeds WHERE owner_uid = ".$_SESSION["uid"]);
 814
 815                                 while ($line = db_fetch_assoc($result)) {
 816
 817                                         $has_icon = (int) feed_has_icon($line["id"]);
 818
 819                                         print "<feed has_icon=\"$has_icon\"
 820                                                 cat_id=\"".(int)$line["cat_id"]."\" id=\"".$line["id"]."\"><![CDATA[";
 821                                         print $line["title"];
 822                                         print "]]></feed>";
 823                                 }
 824
 825                                 print "</feeds>";
 826
 827                                 print "<feed-categories>";
 828
 829                                 $result = db_query($link, "SELECT id, title, collapsed FROM
 830                                         ttrss_feed_categories WHERE owner_uid = ".$_SESSION["uid"]);
 831
 832                                         print "<category id=\"0\" collapsed=\"".
 833                                                 (int)get_pref($link, "_COLLAPSED_UNCAT")."\"><![CDATA[";
 834                                         print __("Uncategorized");
 835                                         print "]]></category>";
 836
 837                                         print "<category id=\"-1\" collapsed=\"".
 838                                                 (int)get_pref($link, "_COLLAPSED_SPECIAL")."\"><![CDATA[";
 839                                         print __("Special");
 840                                         print "]]></category>";
 841
 842                                         print "<category id=\"-2\" collapsed=\"".
 843                                                 (int)get_pref($link, "_COLLAPSED_LABELS")."\"><![CDATA[";
 844                                         print __("Labels");
 845                                         print "]]></category>";
 846
 847                                 while ($line = db_fetch_assoc($result)) {
 848                                         print "<category
 849                                                 id=\"".$line["id"]."\"
 850                                                 collapsed=\"".(int)sql_bool_to_bool($line["collapsed"])."\"><![CDATA[";
 851                                         print $line["title"];
 852                                         print "]]></category>";
 853                                 }
 854
 855                                 print "</feed-categories>";
 856
 857                                 print "<labels>";
 858
 859                                 $result = db_query($link, "SELECT * FROM
 860                                         ttrss_labels2 WHERE owner_uid = ".$_SESSION["uid"]);
 861
 862                                 while ($line = db_fetch_assoc($result)) {
 863                                         print "<label
 864                                                 id=\"".$line["id"]."\"
 865                                                 fg_color=\"".$line["fg_color"]."\"
 866                                                 bg_color=\"".$line["bg_color"]."\"
 867                                                 ><![CDATA[";
 868                                         print $line["caption"];
 869                                         print "]]></label>";
 870                                 }
 871
 872
 873                                 print "</labels>";
 874
 875                         }
 876
 877                         if ($stage > 0) {
 878                                 print "<articles>";
 879
 880                                 $limit = 10;
 881                                 $skip = $limit*($stage-1);
 882
 883                                 print "<limit value=\"$limit\"/>";
 884
 885                                 if ($amount > 0) $amount -= $skip;
 886
 887                                 if ($amount > 0) {
 888
 889                                         $limit = min($limit, $amount);
 890
 891                                         if ($unread_only) {
 892                                                 $unread_qpart = "(unread = true OR marked = true) AND ";
 893                                         }
 894
 895                                         if ($cidt && $cidb) {
 896                                                 $cid_qpart =  "(ttrss_entries.id > $cidt OR ttrss_entries.id < $cidb) AND ";
 897                                         }
 898
 899                                         if (DB_TYPE == "pgsql") {
 900                                                 $date_qpart = "updated >= NOW() - INTERVAL '1 week' AND";
 901                                         } else {
 902                                                 $date_qpart = "updated >= DATE_SUB(NOW(), INTERVAL 1 WEEK) AND";
 903                                         }
 904
 905                                         $result = db_query($link,
 906                                                 "SELECT DISTINCT ttrss_entries.id,ttrss_entries.title,
 907                                                         guid,link,comments,
 908                                                         feed_id,content,updated,unread,marked FROM
 909                                                         ttrss_user_entries,ttrss_entries,ttrss_feeds
 910                                                 WHERE $unread_qpart $cid_qpart $date_qpart
 911                                                         ttrss_feeds.id = feed_id AND
 912                                                         ref_id = ttrss_entries.id AND
 913                                                         ttrss_user_entries.owner_uid = ".$_SESSION["uid"]."
 914                                                         ORDER BY updated DESC LIMIT $limit OFFSET $skip");
 915
 916                                         if (function_exists('json_encode')) {
 917
 918                                                 while ($line = db_fetch_assoc($result)) {
 919                                                         print "<article><![CDATA[";
 920
 921                                                         $line["marked"] = (int)sql_bool_to_bool($line["marked"]);
 922                                                         $line["unread"] = (int)sql_bool_to_bool($line["unread"]);
 923
 924                                                         $line["labels"] = get_article_labels($link, $line["id"]);
 925
 926 //                                                      too slow :(
 927 //                                                      $line["tags"] = format_tags_string(
 928 //                                                              get_article_tags($link, $line["id"]), $line["id"]);
 929
 930                                                         print json_encode($line);
 931                                                         print "]]></article>";
 932                                                 }
 933                                         }
 934
 935                                 }
 936
 937                                 print "</articles>";
 938
 939                         }
 940
 941                         print "</rpc-reply>";
 942
 943                         return;
 944                 }
 945
 946                 if ($subop == "digest-get-contents") {
 947                         $article_id = db_escape_string($_REQUEST['article_id']);
 948
 949                         $result = db_query($link, "SELECT content
 950                                 FROM ttrss_entries, ttrss_user_entries
 951                                 WHERE id = '$article_id' AND ref_id = id AND owner_uid = ".$_SESSION['uid']);
 952
 953                         print "<rpc-reply>";
 954
 955                         print "<article id=\"$article_id\"><![CDATA[";
 956
 957                         $content = sanitize_rss($link, db_fetch_result($result, 0, "content"));
 958
 959                         print $content;
 960
 961                         print "]]></article>";
 962
 963                         print "</rpc-reply>";
 964
 965                         return;
 966                 }
 967
 968                 if ($subop == "digest-update") {
 969                         $feed_id = db_escape_string($_REQUEST['feed_id']);
 970                         $offset = db_escape_string($_REQUEST['offset']);
 971                         $seq = db_escape_string($_REQUEST['seq']);
 972
 973                         if (!$feed_id) $feed_id = -4;
 974                         if (!$offset) $offset = 0;
 975                         print "<rpc-reply>";
 976
 977                         print "<seq>$seq</seq>";
 978
 979                         $headlines = api_get_headlines($link, $feed_id, 10, $offset,
 980                                 '', ($feed_id == -4), true, false, "unread", "updated DESC");
 981
 982                         //function api_get_headlines($link, $feed_id, $limit, $offset,
 983                         //              $filter, $is_cat, $show_excerpt, $show_content, $view_mode) {
 984
 985                         print "<headlines-title><![CDATA[" . getFeedTitle($link, $feed_id) .
 986                                 "]]></headlines-title>";
 987
 988                         print "<headlines><![CDATA[" . json_encode($headlines) . "]]></headlines>";
 989
 990                         print "</rpc-reply>";
 991                         return;
 992                 }
 993
 994                 if ($subop == "digest-init") {
 995                         print "<rpc-reply>";
 996
 997                         $tmp_feeds = api_get_feeds($link, false, true, false, 0);
 998                         $feeds = array();
 999
1000                         foreach ($tmp_feeds as $f) {
1001                                 if ($f['id'] > 0 || $f['id'] == -4) array_push($feeds, $f);
1002                         }
1003
1004                         print "<feeds><![CDATA[" . json_encode($feeds) . "]]></feeds>";
1005
1006                         print "</rpc-reply>";
1007                         return;
1008                 }
1009
1010                 if ($subop == "catchupFeed") {
1011
1012                         $feed_id = db_escape_string($_REQUEST['feed_id']);
1013                         $is_cat = db_escape_string($_REQUEST['is_cat']);
1014
1015                         print "<rpc-reply>";
1016
1017                         catchup_feed($link, $feed_id, $is_cat);
1018
1019                         print "</rpc-reply>";
1020
1021                         return;
1022                 }
1023
1024                 if ($subop == "sendEmail") {
1025                         $secretkey = $_REQUEST['secretkey'];
1026
1027                         print "<rpc-reply>";
1028
1029                         if (DIGEST_ENABLE && $_SESSION['email_secretkey'] &&
1030                                                 $secretkey == $_SESSION['email_secretkey']) {
1031
1032                                 $_SESSION['email_secretkey'] = '';
1033
1034                                 $destination = $_REQUEST['destination'];
1035                                 $subject = $_REQUEST['subject'];
1036                                 $content = $_REQUEST['content'];
1037
1038                                 $replyto = strip_tags($_SESSION['email_replyto']);
1039                                 $fromname = strip_tags($_SESSION['email_fromname']);
1040
1041                                 $mail = new PHPMailer();
1042
1043                                 $mail->PluginDir = "lib/phpmailer/";
1044                                 $mail->SetLanguage("en", "lib/phpmailer/language/");
1045
1046                                 $mail->CharSet = "UTF-8";
1047
1048                                 $mail->From = $replyto;
1049                                 $mail->FromName = $fromname;
1050                                 $mail->AddAddress($destination);
1051
1052                                 if (DIGEST_SMTP_HOST) {
1053                                         $mail->Host = DIGEST_SMTP_HOST;
1054                                         $mail->Mailer = "smtp";
1055                                         $mail->SMTPAuth = DIGEST_SMTP_LOGIN != '';
1056                                         $mail->Username = DIGEST_SMTP_LOGIN;
1057                                         $mail->Password = DIGEST_SMTP_PASSWORD;
1058                                 }
1059
1060                                 $mail->IsHTML(false);
1061                                 $mail->Subject = $subject;
1062                                 $mail->Body = $content;
1063
1064                                 $rc = $mail->Send();
1065
1066                                 if (!$rc) {
1067                                         print "<error><![CDATA[" . $mail->ErrorInfo . "]]></error>";
1068                                 } else {
1069                                         save_email_address($link, db_escape_string($destination));
1070                                         print "<message>OK</message>";
1071                                 }
1072
1073                         } else {
1074                                 print "<error>Not authorized.</error>";
1075                         }
1076
1077                         print "</rpc-reply>";
1078
1079                         return;
1080                 }
1081
1082                 if ($subop == "completeEmails") {
1083
1084                         $search = db_escape_string($_REQUEST["search"]);
1085
1086                         print "<ul>";
1087
1088                         foreach ($_SESSION['stored_emails'] as $email) {
1089                                 if (strpos($email, $search) !== false) {
1090                                         print "<li>$email</li>";
1091                                 }
1092                         }
1093
1094                         print "</ul>";
1095
1096                         return;
1097                 }
1098
1099                 if ($subop == "quickAddCat") {
1100                         print "<rpc-reply>";
1101
1102                         $cat = db_escape_string($_REQUEST["cat"]);
1103
1104                         add_feed_category($link, $cat);
1105
1106                         $result = db_query($link, "SELECT id FROM ttrss_feed_categories WHERE
1107                                 title = '$cat' AND owner_uid = " . $_SESSION["uid"]);
1108
1109                         if (db_num_rows($result) == 1) {
1110                                 $id = db_fetch_result($result, 0, "id");
1111                         } else {
1112                                 $id = 0;
1113                         }
1114
1115                         print_feed_cat_select($link, "cat_id", $id);
1116
1117                         print "</rpc-reply>";
1118
1119                         return;
1120                 }
1121
1122                 if ($subop == "regenFeedKey") {
1123                         $feed_id = db_escape_string($_REQUEST['id']);
1124                         $is_cat = (bool) db_escape_string($_REQUEST['is_cat']);
1125
1126                         print "<rpc-reply>";
1127
1128                         $new_key = update_feed_access_key($link, $feed_id, $is_cat);
1129
1130                         print "<link><![CDATA[$new_key]]></link>";
1131
1132                         print "</rpc-reply>";
1133
1134                         return;
1135                 }
1136
1137                 if ($subop == "clearKeys") {
1138
1139                         db_query($link, "DELETE FROM ttrss_access_keys WHERE
1140                                 owner_uid = " . $_SESSION["uid"]);
1141
1142                         print "<rpc-reply><message>OK</message></rpc-reply>";
1143
1144                         return;
1145                 }
1146
1147                 print "<rpc-reply><error>Unknown method: $subop</error></rpc-reply>";
1148         }
1149 ?>