diff options
| -rw-r--r-- | backend.php | 8 | ||||
| -rw-r--r-- | classes/handler.php | 1 | ||||
| -rw-r--r-- | classes/handler/public.php | 252 | ||||
| -rw-r--r-- | classes/pref/feeds.php | 105 | ||||
| -rw-r--r-- | include/functions.php | 43 | ||||
| -rw-r--r-- | include/login_form.php | 34 | ||||
| -rw-r--r-- | mobile/login_form.php | 6 |
7 files changed, 299 insertions, 150 deletions
diff --git a/backend.php b/backend.php index 8e6ff6ced..87b0945b1 100644 --- a/backend.php +++ b/backend.php @@ -65,7 +65,7 @@ // TODO remove and handle within Handlers - if (!($_SESSION["uid"] && validate_session($link))) { + /* if (!($_SESSION["uid"] && validate_session($link))) { if ($op == 'pref-feeds' && $method == 'add') { header("Content-Type: text/html"); login_sequence($link); @@ -75,7 +75,7 @@ print json_encode(array("error" => array("code" => 6))); } return; - } + } */ $purge_intervals = array( 0 => __("Use default"), @@ -143,6 +143,10 @@ } $handler->after(); return; + } else { + header("Content-Type: text/plain"); + print json_encode(array("error" => array("code" => 6))); + return; } } else { header("Content-Type: text/plain"); diff --git a/classes/handler.php b/classes/handler.php index 9d6c99e0d..e00b36aa3 100644 --- a/classes/handler.php +++ b/classes/handler.php @@ -19,5 +19,6 @@ class Handler { function after() { return true; } + } ?> diff --git a/classes/handler/public.php b/classes/handler/public.php index aff04597d..c06121d02 100644 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -195,27 +195,22 @@ class Handler_Public extends Handler { function getProfiles() { $login = db_escape_string($_REQUEST["login"]); - $password = db_escape_string($_REQUEST["password"]); - if (authenticate_user($this->link, $login, $password)) { - $result = db_query($this->link, "SELECT * FROM ttrss_settings_profiles - WHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY title"); + $result = db_query($this->link, "SELECT * FROM ttrss_settings_profiles,ttrss_users + WHERE ttrss_users.id = ttrss_settings_profiles.owner_uid AND login = '$login' ORDER BY title"); - print "<select style='width: 100%' name='profile'>"; + print "<select style='width: 100%' name='profile'>"; - print "<option value='0'>" . __("Default profile") . "</option>"; + print "<option value='0'>" . __("Default profile") . "</option>"; - while ($line = db_fetch_assoc($result)) { - $id = $line["id"]; - $title = $line["title"]; - - print "<option value='$id'>$title</option>"; - } + while ($line = db_fetch_assoc($result)) { + $id = $line["id"]; + $title = $line["title"]; - print "</select>"; - - $_SESSION = array(); + print "<option value='$id'>$title</option>"; } + + print "</select>"; } function pubsub() { @@ -447,5 +442,232 @@ class Handler_Public extends Handler { } } + function login() { + + print_r($_REQUEST); + + $_SESSION["prefs_cache"] = array(); + + if (!SINGLE_USER_MODE) { + + $login = db_escape_string($_POST["login"]); + $password = $_POST["password"]; + $remember_me = $_POST["remember_me"]; + + if (authenticate_user($this->link, $login, $password)) { + $_POST["password"] = ""; + + $_SESSION["language"] = $_POST["language"]; + $_SESSION["ref_schema_version"] = get_schema_version($this->link, true); + $_SESSION["bw_limit"] = !!$_POST["bw_limit"]; + + if ($_POST["profile"]) { + + $profile = db_escape_string($_POST["profile"]); + + $result = db_query($this->link, "SELECT id FROM ttrss_settings_profiles + WHERE id = '$profile' AND owner_uid = " . $_SESSION["uid"]); + + if (db_num_rows($result) != 0) { + $_SESSION["profile"] = $profile; + $_SESSION["prefs_cache"] = array(); + } + } + } else { + $_SESSION["login_error_msg"] = __("Incorrect username or password"); + } + + if ($_REQUEST['return']) { + header("Location: " . $_REQUEST['return']); + } else { + header("Location: " . SELF_URL_PATH); + } + } + } + + function subscribe() { + if ($_SESSION["uid"]) { + + $feed_url = db_escape_string(trim($_REQUEST["feed_url"])); + + header('Content-Type: text/html; charset=utf-8'); + print "<html> + <head> + <title>Tiny Tiny RSS</title> + <link rel=\"stylesheet\" type=\"text/css\" href=\"utility.css\"> + <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/> + </head> + <body> + <img class=\"floatingLogo\" src=\"images/logo_wide.png\" + alt=\"Tiny Tiny RSS\"/> + <h1>".__("Subscribe to feed...")."</h1>"; + + $rc = subscribe_to_feed($this->link, $feed_url); + + switch ($rc['code']) { + case 0: + print_warning(T_sprintf("Already subscribed to <b>%s</b>.", $feed_url)); + break; + case 1: + print_notice(T_sprintf("Subscribed to <b>%s</b>.", $feed_url)); + break; + case 2: + print_error(T_sprintf("Could not subscribe to <b>%s</b>.", $feed_url)); + break; + case 3: + print_error(T_sprintf("No feeds found in <b>%s</b>.", $feed_url)); + break; + case 4: + print_notice(__("Multiple feed URLs found.")); + $feed_urls = get_feeds_from_html($feed_url); + break; + case 5: + print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url)); + break; + } + + if ($feed_urls) { + + print "<form action=\"public.php\">"; + print "<input type=\"hidden\" name=\"op\" value=\"subscribe\">"; + + print "<select name=\"feed_url\">"; + + foreach ($feed_urls as $url => $name) { + $url = htmlspecialchars($url); + $name = htmlspecialchars($name); + + print "<option value=\"$url\">$name</option>"; + } + + print "<input type=\"submit\" value=\"".__("Subscribe to selected feed"). + "\">"; + + print "</form>"; + } + + $tp_uri = get_self_url_prefix() . "/prefs.php"; + $tt_uri = get_self_url_prefix(); + + if ($rc['code'] <= 2){ + $result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE + feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]); + + $feed_id = db_fetch_result($result, 0, "id"); + } else { + $feed_id = 0; + } + print "<p>"; + + if ($feed_id) { + print "<form method=\"GET\" style='display: inline' + action=\"$tp_uri\"> + <input type=\"hidden\" name=\"tab\" value=\"feedConfig\"> + <input type=\"hidden\" name=\"method\" value=\"editFeed\"> + <input type=\"hidden\" name=\"methodparam\" value=\"$feed_id\"> + <input type=\"submit\" value=\"".__("Edit subscription options")."\"> + </form>"; + } + + print "<form style='display: inline' method=\"GET\" action=\"$tt_uri\"> + <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> + </form></p>"; + + print "</body></html>"; + + } else { + render_login_form($this->link); + } + } + + function subscribe2() { + $feed_url = db_escape_string(trim($_REQUEST["feed_url"])); + $cat_id = db_escape_string($_REQUEST["cat_id"]); + $from = db_escape_string($_REQUEST["from"]); + + /* only read authentication information from POST */ + + $auth_login = db_escape_string(trim($_POST["auth_login"])); + $auth_pass = db_escape_string(trim($_POST["auth_pass"])); + + $rc = subscribe_to_feed($this->link, $feed_url, $cat_id, $auth_login, $auth_pass); + + switch ($rc) { + case 1: + print_notice(T_sprintf("Subscribed to <b>%s</b>.", $feed_url)); + break; + case 2: + print_error(T_sprintf("Could not subscribe to <b>%s</b>.", $feed_url)); + break; + case 3: + print_error(T_sprintf("No feeds found in <b>%s</b>.", $feed_url)); + break; + case 0: + print_warning(T_sprintf("Already subscribed to <b>%s</b>.", $feed_url)); + break; + case 4: + print_notice(__("Multiple feed URLs found.")); + + $feed_urls = get_feeds_from_html($feed_url); + break; + case 5: + print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url)); + break; + } + + if ($feed_urls) { + print "<form action=\"backend.php\">"; + print "<input type=\"hidden\" name=\"op\" value=\"pref-feeds\">"; + print "<input type=\"hidden\" name=\"quiet\" value=\"1\">"; + print "<input type=\"hidden\" name=\"method\" value=\"add\">"; + + print "<select name=\"feed_url\">"; + + foreach ($feed_urls as $url => $name) { + $url = htmlspecialchars($url); + $name = htmlspecialchars($name); + print "<option value=\"$url\">$name</option>"; + } + + print "<input type=\"submit\" value=\"".__("Subscribe to selected feed")."\">"; + print "</form>"; + } + + $tp_uri = get_self_url_prefix() . "/prefs.php"; + $tt_uri = get_self_url_prefix(); + + if ($rc <= 2){ + $result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE + feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]); + + $feed_id = db_fetch_result($result, 0, "id"); + } else { + $feed_id = 0; + } + + print "<p>"; + + if ($feed_id) { + print "<form method=\"GET\" style='display: inline' + action=\"$tp_uri\"> + <input type=\"hidden\" name=\"tab\" value=\"feedConfig\"> + <input type=\"hidden\" name=\"method\" value=\"editFeed\"> + <input type=\"hidden\" name=\"methodparam\" value=\"$feed_id\"> + <input type=\"submit\" value=\"".__("Edit subscription options")."\"> + </form>"; + } + + print "<form style='display: inline' method=\"GET\" action=\"$tt_uri\"> + <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> + </form></p>"; + + print "</body></html>"; + } + + function index() { + header("Content-Type: text/plain"); + print json_encode(array("error" => array("code" => 7))); + } + } ?> diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php index d6bb94ebe..a1177f2dd 100644 --- a/classes/pref/feeds.php +++ b/classes/pref/feeds.php @@ -1168,111 +1168,6 @@ class Pref_Feeds extends Handler_Protected { } - function add() { - $feed_url = db_escape_string(trim($_REQUEST["feed_url"])); - $cat_id = db_escape_string($_REQUEST["cat_id"]); - $p_from = db_escape_string($_REQUEST["from"]); - - /* only read authentication information from POST */ - - $auth_login = db_escape_string(trim($_POST["auth_login"])); - $auth_pass = db_escape_string(trim($_POST["auth_pass"])); - - if ($p_from != 'tt-rss') { - header('Content-Type: text/html; charset=utf-8'); - print "<html> - <head> - <title>Tiny Tiny RSS</title> - <link rel=\"stylesheet\" type=\"text/css\" href=\"utility.css\"> - <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/> - </head> - <body> - <img class=\"floatingLogo\" src=\"images/logo_wide.png\" - alt=\"Tiny Tiny RSS\"/> - <h1>Subscribe to feed...</h1>"; - } - - $rc = subscribe_to_feed($this->link, $feed_url, $cat_id, $auth_login, $auth_pass); - - switch ($rc) { - case 1: - print_notice(T_sprintf("Subscribed to <b>%s</b>.", $feed_url)); - break; - case 2: - print_error(T_sprintf("Could not subscribe to <b>%s</b>.", $feed_url)); - break; - case 3: - print_error(T_sprintf("No feeds found in <b>%s</b>.", $feed_url)); - break; - case 0: - print_warning(T_sprintf("Already subscribed to <b>%s</b>.", $feed_url)); - break; - case 4: - print_notice(__("Multiple feed URLs found.")); - - $feed_urls = get_feeds_from_html($feed_url); - break; - case 5: - print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url)); - break; - } - - if ($p_from != 'tt-rss') { - - if ($feed_urls) { - - print "<form action=\"backend.php\">"; - print "<input type=\"hidden\" name=\"op\" value=\"pref-feeds\">"; - print "<input type=\"hidden\" name=\"quiet\" value=\"1\">"; - print "<input type=\"hidden\" name=\"method\" value=\"add\">"; - - print "<select name=\"feed_url\">"; - - foreach ($feed_urls as $url => $name) { - $url = htmlspecialchars($url); - $name = htmlspecialchars($name); - - print "<option value=\"$url\">$name</option>"; - } - - print "<input type=\"submit\" value=\"".__("Subscribe to selected feed"). - "\">"; - - print "</form>"; - } - - $tp_uri = get_self_url_prefix() . "/prefs.php"; - $tt_uri = get_self_url_prefix(); - - if ($rc <= 2){ - $result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE - feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]); - - $feed_id = db_fetch_result($result, 0, "id"); - } else { - $feed_id = 0; - } - print "<p>"; - - if ($feed_id) { - print "<form method=\"GET\" style='display: inline' - action=\"$tp_uri\"> - <input type=\"hidden\" name=\"tab\" value=\"feedConfig\"> - <input type=\"hidden\" name=\"method\" value=\"editFeed\"> - <input type=\"hidden\" name=\"methodparam\" value=\"$feed_id\"> - <input type=\"submit\" value=\"".__("Edit subscription options")."\"> - </form>"; - } - - print "<form style='display: inline' method=\"GET\" action=\"$tt_uri\"> - <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> - </form></p>"; - - print "</body></html>"; - return; - } - } - function categorize() { $ids = split(",", db_escape_string($_REQUEST["ids"])); diff --git a/include/functions.php b/include/functions.php index 729cb2625..73c2f6d50 100644 --- a/include/functions.php +++ b/include/functions.php @@ -815,7 +815,35 @@ return true; } - function login_sequence($link, $mobile = false) { + function login_sequence($link, $login_form = 0) { + if (SINGLE_USER_MODE) { + return authenticate_user($link, "admin", null); + } else { + if (!$_SESSION["uid"] || !validate_session($link)) { + + if (AUTH_AUTO_LOGIN && authenticate_user($link, null, null)) { + $_SESSION["ref_schema_version"] = get_schema_version($link, true); + } else { + authenticate_user($link, null, null, true); + } + + if (!$_SESSION["uid"]) render_login_form($link, $login_form); + + } else { + /* bump login timestamp */ + db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . + $_SESSION["uid"]); + + if ($_SESSION["language"] && SESSION_COOKIE_LIFETIME > 0) { + setcookie("ttrss_lang", $_SESSION["language"], + time() + SESSION_COOKIE_LIFETIME); + } + } + } + } + + + /* function login_sequence($link, $mobile = false) { $_SESSION["prefs_cache"] = array(); if (!SINGLE_USER_MODE) { @@ -872,7 +900,7 @@ exit; } } else { - /* bump login timestamp */ + // bump login timestamp db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]); @@ -888,7 +916,7 @@ } else { return authenticate_user($link, "admin", null); } - } + } */ function truncate_string($str, $max_len, $suffix = '…') { if (mb_strlen($str, "utf-8") > $max_len - 3) { @@ -3148,17 +3176,16 @@ return true; } - function render_login_form($link, $mobile = 0) { - switch ($mobile) { + function render_login_form($link, $form_id = 0) { + switch ($form_id) { case 0: require_once "login_form.php"; break; case 1: require_once "mobile/login_form.php"; break; - case 2: - require_once "mobile/classic/login_form.php"; } + exit; } // from http://developer.apple.com/internet/safari/faq.html @@ -3588,7 +3615,7 @@ //$url_path = ($_SERVER['HTTPS'] != "on" ? 'http://' : 'https://') . $_SERVER["HTTP_HOST"] . parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH); $url_path = get_self_url_prefix() . - "/backend.php?op=pref-feeds&quiet=1&method=add&feed_url=%s"; + "/public.php?op=subscribe&feed_url=%s"; return $url_path; } // function add_feed_url diff --git a/include/login_form.php b/include/login_form.php index abe73f847..5060f8c11 100644 --- a/include/login_form.php +++ b/include/login_form.php @@ -32,21 +32,22 @@ function init() { } document.forms["loginForm"].login.focus(); + + fetchProfiles(); } function fetchProfiles() { try { - var params = Form.serialize('loginForm'); - var query = "?op=getProfiles&" + params; + var query = "?op=getProfiles&login=" + param_escape(document.forms["loginForm"].login.value); if (query) { new Ajax.Request("public.php", { parameters: query, - onComplete: function(transport) { - if (transport.responseText.match("select")) { - $('profile_box').innerHTML = transport.responseText; - } - } }); + onComplete: function(transport) { + if (transport.responseText.match("select")) { + $('profile_box').innerHTML = transport.responseText; + } + } }); } } catch (e) { @@ -113,8 +114,12 @@ function validateLoginForm(f) { }); </script> -<form action="" method="POST" id="loginForm" name="loginForm" onsubmit="return validateLoginForm(this)"> -<input type="hidden" name="login_action" value="do_login"> +<?php $return = urlencode($_SERVER["REQUEST_URI"]) ?> + +<form action="public.php?return=<?php echo $return ?>" + method="POST" id="loginForm" name="loginForm" onsubmit="return validateLoginForm(this)"> + +<input type="hidden" name="op" value="login"> <table class="loginForm2"> <tr> @@ -130,11 +135,10 @@ function validateLoginForm(f) { <table> <tr><td align="right"><?php echo __("Login:") ?></td> <td align="right"><input name="login" - onchange="fetchProfiles()" onfocus="fetchProfiles()" + onchange="fetchProfiles()" onfocus="fetchProfiles()" onblur="fetchProfiles()" value="<?php echo $_SESSION["fake_login"] ?>"></td></tr> <tr><td align="right"><?php echo __("Password:") ?></td> <td align="right"><input type="password" name="password" - onchange="fetchProfiles()" onfocus="fetchProfiles()" value="<?php echo $_SESSION["fake_password"] ?>"></td></tr> <tr><td align="right"><?php echo __("Language:") ?></td> <td align="right"> @@ -151,11 +155,6 @@ function validateLoginForm(f) { <option><?php echo __("Default profile") ?></option></select> </td></tr> - <!-- <tr><td colspan="2"> - <input type="checkbox" name="remember_me" id="remember_me"> - <label for="remember_me">Remember me on this computer</label> - </td></tr> --> - <tr><td colspan="2" align="right" class="innerLoginCell"> <button type="submit" name='click'><?php echo __('Log in') ?></button> @@ -164,9 +163,6 @@ function validateLoginForm(f) { <?php echo __("Create new account") ?></button> <?php } ?> - <input type="hidden" name="action" value="login"> - <input type="hidden" name="rt" - value="<?php if ($return_to != 'none') { echo $return_to; } ?>"> </td></tr> <tr><td colspan="2" align="right" class="innerLoginCell"> diff --git a/mobile/login_form.php b/mobile/login_form.php index ad5e35cea..48f7cc5ad 100644 --- a/mobile/login_form.php +++ b/mobile/login_form.php @@ -28,7 +28,11 @@ function do_login() { <a class="button blueButton" onclick='do_login()'><?php echo __('Log in') ?></a> </div> - <form target="_self" title="Login" action="index.php" id="login" class="panel" method="post" name="login" selected="true"> + <form target="_self" title="Login" id="login" class="panel" name="login" selected="true" + action="../public.php?return=<?php echo htmlspecialchars($_SERVER["REQUEST_URI"]) ?>" + method="post"> + + <input type="hidden" name="op" value="login"> <fieldset> |