backend.php 2.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132
  1. <?php
  2. set_include_path(dirname(__FILE__) ."/include" . PATH_SEPARATOR .
  3. get_include_path());
  4. $op = $_REQUEST["op"];
  5. @$method = $_REQUEST['subop'] ? $_REQUEST['subop'] : $_REQUEST["method"];
  6. if (!$method)
  7. $method = 'index';
  8. else
  9. $method = strtolower($method);
  10. /* Public calls compatibility shim */
  11. $public_calls = array("globalUpdateFeeds", "rss", "getUnread", "getProfiles", "share",
  12. "fbexport", "logout", "pubsub");
  13. if (array_search($op, $public_calls) !== false) {
  14. header("Location: public.php?" . $_SERVER['QUERY_STRING']);
  15. return;
  16. }
  17. @$csrf_token = $_REQUEST['csrf_token'];
  18. require_once "autoload.php";
  19. require_once "sessions.php";
  20. require_once "functions.php";
  21. require_once "config.php";
  22. require_once "db.php";
  23. require_once "db-prefs.php";
  24. startup_gettext();
  25. $script_started = microtime(true);
  26. if (!init_plugins()) return;
  27. header("Content-Type: text/json; charset=utf-8");
  28. if (ENABLE_GZIP_OUTPUT && function_exists("ob_gzhandler")) {
  29. ob_start("ob_gzhandler");
  30. }
  31. if (SINGLE_USER_MODE) {
  32. authenticate_user( "admin", null);
  33. }
  34. if ($_SESSION["uid"]) {
  35. if (!validate_session()) {
  36. header("Content-Type: text/json");
  37. print error_json(6);
  38. return;
  39. }
  40. load_user_plugins( $_SESSION["uid"]);
  41. }
  42. $purge_intervals = array(
  43. 0 => __("Use default"),
  44. -1 => __("Never purge"),
  45. 5 => __("1 week old"),
  46. 14 => __("2 weeks old"),
  47. 31 => __("1 month old"),
  48. 60 => __("2 months old"),
  49. 90 => __("3 months old"));
  50. $update_intervals = array(
  51. 0 => __("Default interval"),
  52. -1 => __("Disable updates"),
  53. 15 => __("15 minutes"),
  54. 30 => __("30 minutes"),
  55. 60 => __("Hourly"),
  56. 240 => __("4 hours"),
  57. 720 => __("12 hours"),
  58. 1440 => __("Daily"),
  59. 10080 => __("Weekly"));
  60. $update_intervals_nodefault = array(
  61. -1 => __("Disable updates"),
  62. 15 => __("15 minutes"),
  63. 30 => __("30 minutes"),
  64. 60 => __("Hourly"),
  65. 240 => __("4 hours"),
  66. 720 => __("12 hours"),
  67. 1440 => __("Daily"),
  68. 10080 => __("Weekly"));
  69. $access_level_names = array(
  70. 0 => __("User"),
  71. 5 => __("Power User"),
  72. 10 => __("Administrator"));
  73. $op = str_replace("-", "_", $op);
  74. $override = PluginHost::getInstance()->lookup_handler($op, $method);
  75. if (class_exists($op) || $override) {
  76. if ($override) {
  77. $handler = $override;
  78. } else {
  79. $handler = new $op($_REQUEST);
  80. }
  81. if ($handler && implements_interface($handler, 'IHandler')) {
  82. if (validate_csrf($csrf_token) || $handler->csrf_ignore($method)) {
  83. if ($handler->before($method)) {
  84. if ($method && method_exists($handler, $method)) {
  85. $handler->$method();
  86. } else {
  87. if (method_exists($handler, "catchall")) {
  88. $handler->catchall($method);
  89. }
  90. }
  91. $handler->after();
  92. return;
  93. } else {
  94. header("Content-Type: text/json");
  95. print error_json(6);
  96. return;
  97. }
  98. } else {
  99. header("Content-Type: text/json");
  100. print error_json(6);
  101. return;
  102. }
  103. }
  104. }
  105. header("Content-Type: text/json");
  106. print error_json(13);
  107. ?>