diff options
Diffstat (limited to 'classes')
-rw-r--r-- | classes/pref_instances.php | 204 | ||||
-rw-r--r-- | classes/public_handler.php | 210 |
2 files changed, 414 insertions, 0 deletions
diff --git a/classes/pref_instances.php b/classes/pref_instances.php new file mode 100644 index 000000000..893d2b6bf --- /dev/null +++ b/classes/pref_instances.php @@ -0,0 +1,204 @@ +<?php +class Pref_Instances extends Protected_Handler { + + function before() { + if (parent::before()) { + if ($_SESSION["access_level"] < 10) { + print __("Your access level is insufficient to open this tab."); + return false; + } + return true; + } + return false; + } + + function remove() { + $ids = db_escape_string($_REQUEST['ids']); + + db_query($this->link, "DELETE FROM ttrss_linked_instances WHERE + id IN ($ids)"); + } + + function add() { + $id = db_escape_string($_REQUEST["id"]); + $access_url = db_escape_string($_REQUEST["access_url"]); + $access_key = db_escape_string($_REQUEST["access_key"]); + + db_query($this->link, "BEGIN"); + + $result = db_query($this->link, "SELECT id FROM ttrss_linked_instances + WHERE access_url = '$access_url'"); + + if (db_num_rows($result) == 0) { + db_query($this->link, "INSERT INTO ttrss_linked_instances + (access_url, access_key, last_connected, last_status_in, last_status_out) + VALUES + ('$access_url', '$access_key', '1970-01-01', -1, -1)"); + + } + + db_query($this->link, "COMMIT"); + } + + function edit() { + $id = db_escape_string($_REQUEST["id"]); + + $result = db_query($this->link, "SELECT * FROM ttrss_linked_instances WHERE + id = '$id'"); + + print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$id\">"; + print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-instances\">"; + print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"editSave\">"; + + print "<div class=\"dlgSec\">".__("Instance")."</div>"; + + print "<div class=\"dlgSecCont\">"; + + /* URL */ + + $access_url = htmlspecialchars(db_fetch_result($result, 0, "access_url")); + + print __("URL:") . " "; + + print "<input dojoType=\"dijit.form.ValidationTextBox\" required=\"1\" + placeHolder=\"".__("Instance URL")."\" + regExp='^(http|https)://.*' + style=\"font-size : 16px; width: 20em\" name=\"access_url\" + value=\"$access_url\">"; + + print "<hr/>"; + + $access_key = htmlspecialchars(db_fetch_result($result, 0, "access_key")); + + /* Access key */ + + print __("Access key:") . " "; + + print "<input dojoType=\"dijit.form.ValidationTextBox\" required=\"1\" + placeHolder=\"".__("Access key")."\" regExp='\w{40}' + style=\"width: 20em\" name=\"access_key\" id=\"instance_edit_key\" + value=\"$access_key\">"; + + print "<p class='insensitive'>" . __("Use one access key for both linked instances."); + + print "</div>"; + + print "<div class=\"dlgButtons\"> + <div style='float : left'> + <button dojoType=\"dijit.form.Button\" + onclick=\"return dijit.byId('instanceEditDlg').regenKey()\">". + __('Generate new key')."</button> + </div> + <button dojoType=\"dijit.form.Button\" + onclick=\"return dijit.byId('instanceEditDlg').execute()\">". + __('Save')."</button> + <button dojoType=\"dijit.form.Button\" + onclick=\"return dijit.byId('instanceEditDlg').hide()\"\">". + __('Cancel')."</button></div>"; + + } + + function editSave() { + $id = db_escape_string($_REQUEST["id"]); + $access_url = db_escape_string($_REQUEST["access_url"]); + $access_key = db_escape_string($_REQUEST["access_key"]); + + db_query($this->link, "UPDATE ttrss_linked_instances SET + access_key = '$access_key', access_url = '$access_url', + last_connected = '1970-01-01' + WHERE id = '$id'"); + + } + + function index() { + + if (!function_exists('curl_init')) { + print "<div style='padding : 1em'>"; + print_error("This functionality requires CURL functions. Please enable CURL in your PHP configuration (you might also want to disable open_basedir in php.ini) and reload this page."); + print "</div>"; + } + + print "<div id=\"pref-instance-wrap\" dojoType=\"dijit.layout.BorderContainer\" gutters=\"false\">"; + print "<div id=\"pref-instance-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">"; + + print "<div id=\"pref-instance-toolbar\" dojoType=\"dijit.Toolbar\">"; + + $sort = db_escape_string($_REQUEST["sort"]); + + if (!$sort || $sort == "undefined") { + $sort = "access_url"; + } + + print "<div dojoType=\"dijit.form.DropDownButton\">". + "<span>" . __('Select')."</span>"; + print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">"; + print "<div onclick=\"selectTableRows('prefInstanceList', 'all')\" + dojoType=\"dijit.MenuItem\">".__('All')."</div>"; + print "<div onclick=\"selectTableRows('prefInstanceList', 'none')\" + dojoType=\"dijit.MenuItem\">".__('None')."</div>"; + print "</div></div>"; + + print "<button dojoType=\"dijit.form.Button\" onclick=\"addInstance()\">".__('Link instance')."</button>"; + print "<button dojoType=\"dijit.form.Button\" onclick=\"editSelectedInstance()\">".__('Edit')."</button>"; + print "<button dojoType=\"dijit.form.Button\" onclick=\"removeSelectedInstances()\">".__('Remove')."</button>"; + + print "</div>"; #toolbar + + $result = db_query($this->link, "SELECT *, + (SELECT COUNT(*) FROM ttrss_linked_feeds + WHERE instance_id = ttrss_linked_instances.id) AS num_feeds + FROM ttrss_linked_instances + ORDER BY $sort"); + + print "<p class=\"insensitive\" style='margin-left : 1em;'>" . __("You can connect other instances of Tiny Tiny RSS to this one to share Popular feeds. Link to this instance of Tiny Tiny RSS by using this URL:"); + + print " <a href=\"#\" onclick=\"alert('".htmlspecialchars(get_self_url_prefix())."')\">(display url)</a>"; + + print "<p><table width='100%' id='prefInstanceList' class='prefInstanceList' cellspacing='0'>"; + + print "<tr class=\"title\"> + <td align='center' width=\"5%\"> </td> + <td width=''><a href=\"#\" onclick=\"updateInstanceList('access_url')\">".__('Instance URL')."</a></td> + <td width='20%'><a href=\"#\" onclick=\"updateInstanceList('access_key')\">".__('Access key')."</a></td> + <td width='10%'><a href=\"#\" onclick=\"updateUsersList('last_connected')\">".__('Last connected')."</a></td> + <td width='10%'><a href=\"#\" onclick=\"updateUsersList('num_feeds')\">".__('Stored feeds')."</a></td> + </tr>"; + + $lnum = 0; + + while ($line = db_fetch_assoc($result)) { + $class = ($lnum % 2) ? "even" : "odd"; + + $id = $line['id']; + $this_row_id = "id=\"LIRR-$id\""; + + $line["last_connected"] = make_local_datetime($this->link, $line["last_connected"], false); + + print "<tr class=\"$class\" $this_row_id>"; + + print "<td align='center'><input onclick='toggleSelectRow(this);' + type=\"checkbox\" id=\"LICHK-$id\"></td>"; + + $onclick = "onclick='editInstance($id, event)' title='".__('Click to edit')."'"; + + $access_key = mb_substr($line['access_key'], 0, 4) . '...' . + mb_substr($line['access_key'], -4); + + print "<td $onclick>" . htmlspecialchars($line['access_url']) . "</td>"; + print "<td $onclick>" . htmlspecialchars($access_key) . "</td>"; + print "<td $onclick>" . htmlspecialchars($line['last_connected']) . "</td>"; + print "<td $onclick>" . htmlspecialchars($line['num_feeds']) . "</td>"; + + print "</tr>"; + + ++$lnum; + } + + print "</table>"; + + print "</div>"; #pane + print "</div>"; #container + + } +} +?> diff --git a/classes/public_handler.php b/classes/public_handler.php new file mode 100644 index 000000000..460613e36 --- /dev/null +++ b/classes/public_handler.php @@ -0,0 +1,210 @@ +<?php +class Public_Handler extends Handler { + + function getUnread() { + $login = db_escape_string($_REQUEST["login"]); + $fresh = $_REQUEST["fresh"] == "1"; + + $result = db_query($this->link, "SELECT id FROM ttrss_users WHERE login = '$login'"); + + if (db_num_rows($result) == 1) { + $uid = db_fetch_result($result, 0, "id"); + + print getGlobalUnread($this->link, $uid); + + if ($fresh) { + print ";"; + print getFeedArticles($this->link, -3, false, true, $uid); + } + + } else { + print "-1;User not found"; + } + + } + + function getProfiles() { + $login = db_escape_string($_REQUEST["login"]); + $password = db_escape_string($_REQUEST["password"]); + + if (authenticate_user($this->link, $login, $password)) { + $result = db_query($this->link, "SELECT * FROM ttrss_settings_profiles + WHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY title"); + + print "<select style='width: 100%' name='profile'>"; + + print "<option value='0'>" . __("Default profile") . "</option>"; + + while ($line = db_fetch_assoc($result)) { + $id = $line["id"]; + $title = $line["title"]; + + print "<option value='$id'>$title</option>"; + } + + print "</select>"; + + $_SESSION = array(); + } + } + + function pubsub() { + $mode = db_escape_string($_REQUEST['hub_mode']); + $feed_id = (int) db_escape_string($_REQUEST['id']); + $feed_url = db_escape_string($_REQUEST['hub_topic']); + + if (!PUBSUBHUBBUB_ENABLED) { + header('HTTP/1.0 404 Not Found'); + echo "404 Not found"; + return; + } + + // TODO: implement hub_verifytoken checking + + $result = db_query($this->link, "SELECT feed_url FROM ttrss_feeds + WHERE id = '$feed_id'"); + + if (db_num_rows($result) != 0) { + + $check_feed_url = db_fetch_result($result, 0, "feed_url"); + + if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) { + if ($mode == "subscribe") { + + db_query($this->link, "UPDATE ttrss_feeds SET pubsub_state = 2 + WHERE id = '$feed_id'"); + + print $_REQUEST['hub_challenge']; + return; + + } else if ($mode == "unsubscribe") { + + db_query($this->link, "UPDATE ttrss_feeds SET pubsub_state = 0 + WHERE id = '$feed_id'"); + + print $_REQUEST['hub_challenge']; + return; + + } else if (!$mode) { + + // Received update ping, schedule feed update. + //update_rss_feed($this->link, $feed_id, true, true); + + db_query($this->link, "UPDATE ttrss_feeds SET + last_update_started = '1970-01-01', + last_updated = '1970-01-01' WHERE id = '$feed_id'"); + + } + } else { + header('HTTP/1.0 404 Not Found'); + echo "404 Not found"; + } + } else { + header('HTTP/1.0 404 Not Found'); + echo "404 Not found"; + } + + } + + function logout() { + logout_user(); + header("Location: index.php"); + } + + function fbexport() { + + $access_key = db_escape_string($_POST["key"]); + + // TODO: rate limit checking using last_connected + $result = db_query($this->link, "SELECT id FROM ttrss_linked_instances + WHERE access_key = '$access_key'"); + + if (db_num_rows($result) == 1) { + + $instance_id = db_fetch_result($result, 0, "id"); + + $result = db_query($this->link, "SELECT feed_url, site_url, title, subscribers + FROM ttrss_feedbrowser_cache ORDER BY subscribers DESC LIMIT 100"); + + $feeds = array(); + + while ($line = db_fetch_assoc($result)) { + array_push($feeds, $line); + } + + db_query($this->link, "UPDATE ttrss_linked_instances SET + last_status_in = 1 WHERE id = '$instance_id'"); + + print json_encode(array("feeds" => $feeds)); + } else { + print json_encode(array("error" => array("code" => 6))); + } + } + + function share() { + $uuid = db_escape_string($_REQUEST["key"]); + + $result = db_query($this->link, "SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE + uuid = '$uuid'"); + + if (db_num_rows($result) != 0) { + header("Content-Type: text/html"); + + $id = db_fetch_result($result, 0, "ref_id"); + $owner_uid = db_fetch_result($result, 0, "owner_uid"); + + $_SESSION["uid"] = $owner_uid; + $article = format_article($this->link, $id, false, true); + $_SESSION["uid"] = ""; + + print_r($article['content']); + + } else { + print "Article not found."; + } + + } + + function rss() { + header("Content-Type: text/xml; charset=utf-8"); + + $feed = db_escape_string($_REQUEST["id"]); + $key = db_escape_string($_REQUEST["key"]); + $is_cat = $_REQUEST["is_cat"] != false; + $limit = (int)db_escape_string($_REQUEST["limit"]); + + $search = db_escape_string($_REQUEST["q"]); + $match_on = db_escape_string($_REQUEST["m"]); + $search_mode = db_escape_string($_REQUEST["smode"]); + $view_mode = db_escape_string($_REQUEST["view-mode"]); + + if (SINGLE_USER_MODE) { + authenticate_user($this->link, "admin", null); + } + + $owner_id = false; + + if ($key) { + $result = db_query($this->link, "SELECT owner_uid FROM + ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'"); + + if (db_num_rows($result) == 1) + $owner_id = db_fetch_result($result, 0, "owner_uid"); + } + + if ($owner_id) { + $_SESSION['uid'] = $owner_id; + + generate_syndicated_feed($this->link, 0, $feed, $is_cat, $limit, + $search, $search_mode, $match_on, $view_mode); + } else { + header('HTTP/1.1 403 Forbidden'); + } + } + + /* function globalUpdateFeeds() { + // Update all feeds needing a update. + update_daemon_common($this->link, 0, true, true); + } */ +} +?> |