public.php 27 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953
  1. <?php
  2. class Handler_Public extends Handler {
  3. private function generate_syndicated_feed($owner_uid, $feed, $is_cat,
  4. $limit, $offset, $search, $search_mode,
  5. $view_mode = false, $format = 'atom') {
  6. require_once "lib/MiniTemplator.class.php";
  7. $note_style = "background-color : #fff7d5;
  8. border-width : 1px; ".
  9. "padding : 5px; border-style : dashed; border-color : #e7d796;".
  10. "margin-bottom : 1em; color : #9a8c59;";
  11. if (!$limit) $limit = 60;
  12. $date_sort_field = "date_entered DESC, updated DESC";
  13. if ($feed == -2)
  14. $date_sort_field = "last_published DESC";
  15. else if ($feed == -1)
  16. $date_sort_field = "last_marked DESC";
  17. $qfh_ret = queryFeedHeadlines($this->link, $feed,
  18. 1, $view_mode, $is_cat, $search, $search_mode,
  19. $date_sort_field, $offset, $owner_uid,
  20. false, 0, false, true);
  21. $result = $qfh_ret[0];
  22. if (db_num_rows($result) != 0) {
  23. $ts = strtotime(db_fetch_result($result, 0, "date_entered"));
  24. if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) &&
  25. strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) >= $ts) {
  26. header('HTTP/1.0 304 Not Modified');
  27. return;
  28. }
  29. $last_modified = gmdate("D, d M Y H:i:s", $ts) . " GMT";
  30. header("Last-Modified: $last_modified", true);
  31. }
  32. $qfh_ret = queryFeedHeadlines($this->link, $feed,
  33. $limit, $view_mode, $is_cat, $search, $search_mode,
  34. $date_sort_field, $offset, $owner_uid,
  35. false, 0, false, true);
  36. $result = $qfh_ret[0];
  37. $feed_title = htmlspecialchars($qfh_ret[1]);
  38. $feed_site_url = $qfh_ret[2];
  39. $last_error = $qfh_ret[3];
  40. $feed_self_url = get_self_url_prefix() .
  41. "/public.php?op=rss&id=-2&key=" .
  42. get_feed_access_key($this->link, -2, false, $owner_uid);
  43. if (!$feed_site_url) $feed_site_url = get_self_url_prefix();
  44. if ($format == 'atom') {
  45. $tpl = new MiniTemplator;
  46. $tpl->readTemplateFromFile("templates/generated_feed.txt");
  47. $tpl->setVariable('FEED_TITLE', $feed_title, true);
  48. $tpl->setVariable('VERSION', VERSION, true);
  49. $tpl->setVariable('FEED_URL', htmlspecialchars($feed_self_url), true);
  50. if (PUBSUBHUBBUB_HUB && $feed == -2) {
  51. $tpl->setVariable('HUB_URL', htmlspecialchars(PUBSUBHUBBUB_HUB), true);
  52. $tpl->addBlock('feed_hub');
  53. }
  54. $tpl->setVariable('SELF_URL', htmlspecialchars(get_self_url_prefix()), true);
  55. while ($line = db_fetch_assoc($result)) {
  56. $tpl->setVariable('ARTICLE_ID', htmlspecialchars($line['link']), true);
  57. $tpl->setVariable('ARTICLE_LINK', htmlspecialchars($line['link']), true);
  58. $tpl->setVariable('ARTICLE_TITLE', htmlspecialchars($line['title']), true);
  59. $tpl->setVariable('ARTICLE_EXCERPT',
  60. truncate_string(strip_tags($line["content_preview"]), 100, '...'), true);
  61. $content = sanitize($this->link, $line["content_preview"], false, $owner_uid);
  62. if ($line['note']) {
  63. $content = "<div style=\"$note_style\">Article note: " . $line['note'] . "</div>" .
  64. $content;
  65. $tpl->setVariable('ARTICLE_NOTE', htmlspecialchars($line['note']), true);
  66. }
  67. $tpl->setVariable('ARTICLE_CONTENT', $content, true);
  68. $tpl->setVariable('ARTICLE_UPDATED_ATOM',
  69. date('c', strtotime($line["updated"])), true);
  70. $tpl->setVariable('ARTICLE_UPDATED_RFC822',
  71. date(DATE_RFC822, strtotime($line["updated"])), true);
  72. $tpl->setVariable('ARTICLE_AUTHOR', htmlspecialchars($line['author']), true);
  73. $tags = get_article_tags($this->link, $line["id"], $owner_uid);
  74. foreach ($tags as $tag) {
  75. $tpl->setVariable('ARTICLE_CATEGORY', htmlspecialchars($tag), true);
  76. $tpl->addBlock('category');
  77. }
  78. $enclosures = get_article_enclosures($this->link, $line["id"]);
  79. foreach ($enclosures as $e) {
  80. $type = htmlspecialchars($e['content_type']);
  81. $url = htmlspecialchars($e['content_url']);
  82. $length = $e['duration'];
  83. $tpl->setVariable('ARTICLE_ENCLOSURE_URL', $url, true);
  84. $tpl->setVariable('ARTICLE_ENCLOSURE_TYPE', $type, true);
  85. $tpl->setVariable('ARTICLE_ENCLOSURE_LENGTH', $length, true);
  86. $tpl->addBlock('enclosure');
  87. }
  88. $tpl->addBlock('entry');
  89. }
  90. $tmp = "";
  91. $tpl->addBlock('feed');
  92. $tpl->generateOutputToString($tmp);
  93. if (@!$_REQUEST["noxml"]) {
  94. header("Content-Type: text/xml; charset=utf-8");
  95. } else {
  96. header("Content-Type: text/plain; charset=utf-8");
  97. }
  98. print $tmp;
  99. } else if ($format == 'json') {
  100. $feed = array();
  101. $feed['title'] = $feed_title;
  102. $feed['version'] = VERSION;
  103. $feed['feed_url'] = $feed_self_url;
  104. if (PUBSUBHUBBUB_HUB && $feed == -2) {
  105. $feed['hub_url'] = PUBSUBHUBBUB_HUB;
  106. }
  107. $feed['self_url'] = get_self_url_prefix();
  108. $feed['articles'] = array();
  109. while ($line = db_fetch_assoc($result)) {
  110. $article = array();
  111. $article['id'] = $line['link'];
  112. $article['link'] = $line['link'];
  113. $article['title'] = $line['title'];
  114. $article['excerpt'] = truncate_string(strip_tags($line["content_preview"]), 100, '...');
  115. $article['content'] = sanitize($this->link, $line["content_preview"], false, $owner_uid);
  116. $article['updated'] = date('c', strtotime($line["updated"]));
  117. if ($line['note']) $article['note'] = $line['note'];
  118. if ($article['author']) $article['author'] = $line['author'];
  119. $tags = get_article_tags($this->link, $line["id"], $owner_uid);
  120. if (count($tags) > 0) {
  121. $article['tags'] = array();
  122. foreach ($tags as $tag) {
  123. array_push($article['tags'], $tag);
  124. }
  125. }
  126. $enclosures = get_article_enclosures($this->link, $line["id"]);
  127. if (count($enclosures) > 0) {
  128. $article['enclosures'] = array();
  129. foreach ($enclosures as $e) {
  130. $type = $e['content_type'];
  131. $url = $e['content_url'];
  132. $length = $e['duration'];
  133. array_push($article['enclosures'], array("url" => $url, "type" => $type, "length" => $length));
  134. }
  135. }
  136. array_push($feed['articles'], $article);
  137. }
  138. header("Content-Type: text/json; charset=utf-8");
  139. print json_encode($feed);
  140. } else {
  141. header("Content-Type: text/plain; charset=utf-8");
  142. print json_encode(array("error" => array("message" => "Unknown format")));
  143. }
  144. }
  145. function getUnread() {
  146. $login = db_escape_string($this->link, $_REQUEST["login"]);
  147. $fresh = $_REQUEST["fresh"] == "1";
  148. $result = db_query($this->link, "SELECT id FROM ttrss_users WHERE login = '$login'");
  149. if (db_num_rows($result) == 1) {
  150. $uid = db_fetch_result($result, 0, "id");
  151. print getGlobalUnread($this->link, $uid);
  152. if ($fresh) {
  153. print ";";
  154. print getFeedArticles($this->link, -3, false, true, $uid);
  155. }
  156. } else {
  157. print "-1;User not found";
  158. }
  159. }
  160. function getProfiles() {
  161. $login = db_escape_string($this->link, $_REQUEST["login"]);
  162. $result = db_query($this->link, "SELECT * FROM ttrss_settings_profiles,ttrss_users
  163. WHERE ttrss_users.id = ttrss_settings_profiles.owner_uid AND login = '$login' ORDER BY title");
  164. print "<select dojoType='dijit.form.Select' style='width : 220px; margin : 0px' name='profile'>";
  165. print "<option value='0'>" . __("Default profile") . "</option>";
  166. while ($line = db_fetch_assoc($result)) {
  167. $id = $line["id"];
  168. $title = $line["title"];
  169. print "<option value='$id'>$title</option>";
  170. }
  171. print "</select>";
  172. }
  173. function pubsub() {
  174. $mode = db_escape_string($this->link, $_REQUEST['hub_mode']);
  175. $feed_id = (int) db_escape_string($this->link, $_REQUEST['id']);
  176. $feed_url = db_escape_string($this->link, $_REQUEST['hub_topic']);
  177. if (!PUBSUBHUBBUB_ENABLED) {
  178. header('HTTP/1.0 404 Not Found');
  179. echo "404 Not found";
  180. return;
  181. }
  182. // TODO: implement hub_verifytoken checking
  183. $result = db_query($this->link, "SELECT feed_url FROM ttrss_feeds
  184. WHERE id = '$feed_id'");
  185. if (db_num_rows($result) != 0) {
  186. $check_feed_url = db_fetch_result($result, 0, "feed_url");
  187. if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) {
  188. if ($mode == "subscribe") {
  189. db_query($this->link, "UPDATE ttrss_feeds SET pubsub_state = 2
  190. WHERE id = '$feed_id'");
  191. print $_REQUEST['hub_challenge'];
  192. return;
  193. } else if ($mode == "unsubscribe") {
  194. db_query($this->link, "UPDATE ttrss_feeds SET pubsub_state = 0
  195. WHERE id = '$feed_id'");
  196. print $_REQUEST['hub_challenge'];
  197. return;
  198. } else if (!$mode) {
  199. // Received update ping, schedule feed update.
  200. //update_rss_feed($this->link, $feed_id, true, true);
  201. db_query($this->link, "UPDATE ttrss_feeds SET
  202. last_update_started = '1970-01-01',
  203. last_updated = '1970-01-01' WHERE id = '$feed_id'");
  204. }
  205. } else {
  206. header('HTTP/1.0 404 Not Found');
  207. echo "404 Not found";
  208. }
  209. } else {
  210. header('HTTP/1.0 404 Not Found');
  211. echo "404 Not found";
  212. }
  213. }
  214. function logout() {
  215. logout_user();
  216. header("Location: index.php");
  217. }
  218. function share() {
  219. $uuid = db_escape_string($this->link, $_REQUEST["key"]);
  220. $result = db_query($this->link, "SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
  221. uuid = '$uuid'");
  222. if (db_num_rows($result) != 0) {
  223. header("Content-Type: text/html");
  224. $id = db_fetch_result($result, 0, "ref_id");
  225. $owner_uid = db_fetch_result($result, 0, "owner_uid");
  226. $article = format_article($this->link, $id, false, true, $owner_uid);
  227. print_r($article['content']);
  228. } else {
  229. print "Article not found.";
  230. }
  231. }
  232. function rss() {
  233. $feed = db_escape_string($this->link, $_REQUEST["id"]);
  234. $key = db_escape_string($this->link, $_REQUEST["key"]);
  235. $is_cat = $_REQUEST["is_cat"] != false;
  236. $limit = (int)db_escape_string($this->link, $_REQUEST["limit"]);
  237. $offset = (int)db_escape_string($this->link, $_REQUEST["offset"]);
  238. $search = db_escape_string($this->link, $_REQUEST["q"]);
  239. $search_mode = db_escape_string($this->link, $_REQUEST["smode"]);
  240. $view_mode = db_escape_string($this->link, $_REQUEST["view-mode"]);
  241. $format = db_escape_string($this->link, $_REQUEST['format']);
  242. if (!$format) $format = 'atom';
  243. if (SINGLE_USER_MODE) {
  244. authenticate_user($this->link, "admin", null);
  245. }
  246. $owner_id = false;
  247. if ($key) {
  248. $result = db_query($this->link, "SELECT owner_uid FROM
  249. ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
  250. if (db_num_rows($result) == 1)
  251. $owner_id = db_fetch_result($result, 0, "owner_uid");
  252. }
  253. if ($owner_id) {
  254. $this->generate_syndicated_feed($owner_id, $feed, $is_cat, $limit,
  255. $offset, $search, $search_mode, $view_mode, $format);
  256. } else {
  257. header('HTTP/1.1 403 Forbidden');
  258. }
  259. }
  260. function globalUpdateFeeds() {
  261. include "rssfuncs.php";
  262. // Update all feeds needing a update.
  263. update_daemon_common($this->link, 0, true, false);
  264. // Update feedbrowser
  265. update_feedbrowser_cache($this->link);
  266. // Purge orphans and cleanup tags
  267. purge_orphans($this->link);
  268. cleanup_tags($this->link, 14, 50000);
  269. global $pluginhost;
  270. $pluginhost->run_hooks($pluginhost::HOOK_UPDATE_TASK, "hook_update_task", $op);
  271. }
  272. function sharepopup() {
  273. if (SINGLE_USER_MODE) {
  274. login_sequence($this->link);
  275. }
  276. header('Content-Type: text/html; charset=utf-8');
  277. print "<html><head><title>Tiny Tiny RSS</title>";
  278. print stylesheet_tag("utility.css");
  279. print javascript_tag("lib/prototype.js");
  280. print javascript_tag("lib/scriptaculous/scriptaculous.js?load=effects,dragdrop,controls");
  281. print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
  282. </head><body id='sharepopup'>";
  283. $action = $_REQUEST["action"];
  284. if ($_SESSION["uid"]) {
  285. if ($action == 'share') {
  286. $title = db_escape_string($this->link, strip_tags($_REQUEST["title"]));
  287. $url = db_escape_string($this->link, strip_tags($_REQUEST["url"]));
  288. $content = db_escape_string($this->link, strip_tags($_REQUEST["content"]));
  289. $labels = db_escape_string($this->link, strip_tags($_REQUEST["labels"]));
  290. Article::create_published_article($this->link, $title, $url, $content, $labels,
  291. $_SESSION["uid"]);
  292. print "<script type='text/javascript'>";
  293. print "window.close();";
  294. print "</script>";
  295. } else {
  296. $title = htmlspecialchars($_REQUEST["title"]);
  297. $url = htmlspecialchars($_REQUEST["url"]);
  298. ?>
  299. <table height='100%' width='100%'><tr><td colspan='2'>
  300. <h1><?php echo __("Share with Tiny Tiny RSS") ?></h1>
  301. </td></tr>
  302. <form id='share_form' name='share_form'>
  303. <input type="hidden" name="op" value="sharepopup">
  304. <input type="hidden" name="action" value="share">
  305. <tr><td align='right'><?php echo __("Title:") ?></td>
  306. <td width='80%'><input name='title' value="<?php echo $title ?>"></td></tr>
  307. <tr><td align='right'><?php echo __("URL:") ?></td>
  308. <td><input name='url' value="<?php echo $url ?>"></td></tr>
  309. <tr><td align='right'><?php echo __("Content:") ?></td>
  310. <td><input name='content' value=""></td></tr>
  311. <tr><td align='right'><?php echo __("Labels:") ?></td>
  312. <td><input name='labels' id="labels_value"
  313. placeholder='Alpha, Beta, Gamma' value="">
  314. </td></tr>
  315. <tr><td>
  316. <div class="autocomplete" id="labels_choices"
  317. style="display : block"></div></td></tr>
  318. <script type='text/javascript'>document.forms[0].title.focus();</script>
  319. <script type='text/javascript'>
  320. new Ajax.Autocompleter('labels_value', 'labels_choices',
  321. "backend.php?op=rpc&method=completeLabels",
  322. { tokens: ',', paramName: "search" });
  323. </script>
  324. <tr><td colspan='2'>
  325. <div style='float : right' class='insensitive-small'>
  326. <?php echo __("Shared article will appear in the Published feed.") ?>
  327. </div>
  328. <button type="submit"><?php echo __('Share') ?></button>
  329. <button onclick="return window.close()"><?php echo __('Cancel') ?></button>
  330. </div>
  331. </form>
  332. </td></tr></table>
  333. </body></html>
  334. <?php
  335. }
  336. } else {
  337. $return = urlencode($_SERVER["REQUEST_URI"])
  338. ?>
  339. <form action="public.php?return=<?php echo $return ?>"
  340. method="POST" id="loginForm" name="loginForm">
  341. <input type="hidden" name="op" value="login">
  342. <table height='100%' width='100%'><tr><td colspan='2'>
  343. <h1><?php echo __("Not logged in") ?></h1></td></tr>
  344. <tr><td align="right"><?php echo __("Login:") ?></td>
  345. <td align="right"><input name="login"
  346. value="<?php echo $_SESSION["fake_login"] ?>"></td></tr>
  347. <tr><td align="right"><?php echo __("Password:") ?></td>
  348. <td align="right"><input type="password" name="password"
  349. value="<?php echo $_SESSION["fake_password"] ?>"></td></tr>
  350. <tr><td align="right"><?php echo __("Language:") ?></td>
  351. <td align="right">
  352. <?php
  353. print_select_hash("language", $_COOKIE["ttrss_lang"], get_translations(),
  354. "style='width : 100%''");
  355. ?>
  356. </td></tr>
  357. <tr><td colspan='2'>
  358. <button type="submit">
  359. <?php echo __('Log in') ?></button>
  360. <button onclick="return window.close()">
  361. <?php echo __('Cancel') ?></button>
  362. </td></tr>
  363. </table>
  364. </form>
  365. <?php
  366. }
  367. }
  368. function login() {
  369. $_SESSION["prefs_cache"] = array();
  370. if (!SINGLE_USER_MODE) {
  371. $login = db_escape_string($this->link, $_POST["login"]);
  372. $password = $_POST["password"];
  373. $remember_me = $_POST["remember_me"];
  374. if ($remember_me) {
  375. session_set_cookie_params(SESSION_COOKIE_LIFETIME);
  376. } else {
  377. session_set_cookie_params(0);
  378. }
  379. @session_start();
  380. if (authenticate_user($this->link, $login, $password)) {
  381. $_POST["password"] = "";
  382. $_SESSION["language"] = $_POST["language"];
  383. $_SESSION["ref_schema_version"] = get_schema_version($this->link, true);
  384. $_SESSION["bw_limit"] = !!$_POST["bw_limit"];
  385. if ($_POST["profile"]) {
  386. $profile = db_escape_string($this->link, $_POST["profile"]);
  387. $result = db_query($this->link, "SELECT id FROM ttrss_settings_profiles
  388. WHERE id = '$profile' AND owner_uid = " . $_SESSION["uid"]);
  389. if (db_num_rows($result) != 0) {
  390. $_SESSION["profile"] = $profile;
  391. $_SESSION["prefs_cache"] = array();
  392. }
  393. }
  394. } else {
  395. $_SESSION["login_error_msg"] = __("Incorrect username or password");
  396. }
  397. if ($_REQUEST['return']) {
  398. header("Location: " . $_REQUEST['return']);
  399. } else {
  400. header("Location: " . SELF_URL_PATH);
  401. }
  402. }
  403. }
  404. function subscribe() {
  405. if (SINGLE_USER_MODE) {
  406. login_sequence($this->link);
  407. }
  408. if ($_SESSION["uid"]) {
  409. $feed_url = db_escape_string($this->link, trim($_REQUEST["feed_url"]));
  410. header('Content-Type: text/html; charset=utf-8');
  411. print "<html>
  412. <head>
  413. <title>Tiny Tiny RSS</title>
  414. <link rel=\"stylesheet\" type=\"text/css\" href=\"utility.css\">
  415. <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
  416. </head>
  417. <body>
  418. <img class=\"floatingLogo\" src=\"images/logo_small.png\"
  419. alt=\"Tiny Tiny RSS\"/>
  420. <h1>".__("Subscribe to feed...")."</h1><div class='content'>";
  421. $rc = subscribe_to_feed($this->link, $feed_url);
  422. switch ($rc['code']) {
  423. case 0:
  424. print_warning(T_sprintf("Already subscribed to <b>%s</b>.", $feed_url));
  425. break;
  426. case 1:
  427. print_notice(T_sprintf("Subscribed to <b>%s</b>.", $feed_url));
  428. break;
  429. case 2:
  430. print_error(T_sprintf("Could not subscribe to <b>%s</b>.", $feed_url));
  431. break;
  432. case 3:
  433. print_error(T_sprintf("No feeds found in <b>%s</b>.", $feed_url));
  434. break;
  435. case 4:
  436. print_notice(__("Multiple feed URLs found."));
  437. $feed_urls = $rc["feeds"];
  438. break;
  439. case 5:
  440. print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url));
  441. break;
  442. }
  443. if ($feed_urls) {
  444. print "<form action=\"public.php\">";
  445. print "<input type=\"hidden\" name=\"op\" value=\"subscribe\">";
  446. print "<select name=\"feed_url\">";
  447. foreach ($feed_urls as $url => $name) {
  448. $url = htmlspecialchars($url);
  449. $name = htmlspecialchars($name);
  450. print "<option value=\"$url\">$name</option>";
  451. }
  452. print "<input type=\"submit\" value=\"".__("Subscribe to selected feed").
  453. "\">";
  454. print "</form>";
  455. }
  456. $tp_uri = get_self_url_prefix() . "/prefs.php";
  457. $tt_uri = get_self_url_prefix();
  458. if ($rc['code'] <= 2){
  459. $result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE
  460. feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
  461. $feed_id = db_fetch_result($result, 0, "id");
  462. } else {
  463. $feed_id = 0;
  464. }
  465. print "<p>";
  466. if ($feed_id) {
  467. print "<form method=\"GET\" style='display: inline'
  468. action=\"$tp_uri\">
  469. <input type=\"hidden\" name=\"tab\" value=\"feedConfig\">
  470. <input type=\"hidden\" name=\"method\" value=\"editFeed\">
  471. <input type=\"hidden\" name=\"methodparam\" value=\"$feed_id\">
  472. <input type=\"submit\" value=\"".__("Edit subscription options")."\">
  473. </form>";
  474. }
  475. print "<form style='display: inline' method=\"GET\" action=\"$tt_uri\">
  476. <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
  477. </form></p>";
  478. print "</div></body></html>";
  479. } else {
  480. render_login_form($this->link);
  481. }
  482. }
  483. function subscribe2() {
  484. $feed_url = db_escape_string($this->link, trim($_REQUEST["feed_url"]));
  485. $cat_id = db_escape_string($this->link, $_REQUEST["cat_id"]);
  486. $from = db_escape_string($this->link, $_REQUEST["from"]);
  487. /* only read authentication information from POST */
  488. $auth_login = db_escape_string($this->link, trim($_POST["auth_login"]));
  489. $auth_pass = db_escape_string($this->link, trim($_POST["auth_pass"]));
  490. $rc = subscribe_to_feed($this->link, $feed_url, $cat_id, $auth_login, $auth_pass);
  491. switch ($rc) {
  492. case 1:
  493. print_notice(T_sprintf("Subscribed to <b>%s</b>.", $feed_url));
  494. break;
  495. case 2:
  496. print_error(T_sprintf("Could not subscribe to <b>%s</b>.", $feed_url));
  497. break;
  498. case 3:
  499. print_error(T_sprintf("No feeds found in <b>%s</b>.", $feed_url));
  500. break;
  501. case 0:
  502. print_warning(T_sprintf("Already subscribed to <b>%s</b>.", $feed_url));
  503. break;
  504. case 4:
  505. print_notice(__("Multiple feed URLs found."));
  506. $feed_urls = get_feeds_from_html($feed_url);
  507. break;
  508. case 5:
  509. print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url));
  510. break;
  511. }
  512. if ($feed_urls) {
  513. print "<form action=\"backend.php\">";
  514. print "<input type=\"hidden\" name=\"op\" value=\"pref-feeds\">";
  515. print "<input type=\"hidden\" name=\"quiet\" value=\"1\">";
  516. print "<input type=\"hidden\" name=\"method\" value=\"add\">";
  517. print "<select name=\"feed_url\">";
  518. foreach ($feed_urls as $url => $name) {
  519. $url = htmlspecialchars($url);
  520. $name = htmlspecialchars($name);
  521. print "<option value=\"$url\">$name</option>";
  522. }
  523. print "<input type=\"submit\" value=\"".__("Subscribe to selected feed")."\">";
  524. print "</form>";
  525. }
  526. $tp_uri = get_self_url_prefix() . "/prefs.php";
  527. $tt_uri = get_self_url_prefix();
  528. if ($rc <= 2){
  529. $result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE
  530. feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
  531. $feed_id = db_fetch_result($result, 0, "id");
  532. } else {
  533. $feed_id = 0;
  534. }
  535. print "<p>";
  536. if ($feed_id) {
  537. print "<form method=\"GET\" style='display: inline'
  538. action=\"$tp_uri\">
  539. <input type=\"hidden\" name=\"tab\" value=\"feedConfig\">
  540. <input type=\"hidden\" name=\"method\" value=\"editFeed\">
  541. <input type=\"hidden\" name=\"methodparam\" value=\"$feed_id\">
  542. <input type=\"submit\" value=\"".__("Edit subscription options")."\">
  543. </form>";
  544. }
  545. print "<form style='display: inline' method=\"GET\" action=\"$tt_uri\">
  546. <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
  547. </form></p>";
  548. print "</body></html>";
  549. }
  550. function index() {
  551. header("Content-Type: text/plain");
  552. print json_encode(array("error" => array("code" => 7)));
  553. }
  554. function forgotpass() {
  555. header('Content-Type: text/html; charset=utf-8');
  556. print "<html><head><title>Tiny Tiny RSS</title>";
  557. print stylesheet_tag("utility.css");
  558. print javascript_tag("lib/prototype.js");
  559. print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
  560. </head><body id='forgotpass'>";
  561. print '<div class="floatingLogo"><img src="images/logo_small.png"></div>';
  562. print "<h1>".__("Password recovery")."</h1>";
  563. print "<div class='content'>";
  564. @$method = $_POST['method'];
  565. if (!$method) {
  566. print_notice(__("You will need to provide valid account name and email. New password will be sent on your email address."));
  567. print "<form method='POST' action='public.php'>";
  568. print "<input type='hidden' name='method' value='do'>";
  569. print "<input type='hidden' name='op' value='forgotpass'>";
  570. print "<fieldset>";
  571. print "<label>".__("Login:")."</label>";
  572. print "<input type='text' name='login' value='' required>";
  573. print "</fieldset>";
  574. print "<fieldset>";
  575. print "<label>".__("Email:")."</label>";
  576. print "<input type='email' name='email' value='' required>";
  577. print "</fieldset>";
  578. print "<fieldset>";
  579. print "<label>".__("How much is two plus two:")."</label>";
  580. print "<input type='text' name='test' value='' required>";
  581. print "</fieldset>";
  582. print "<p/>";
  583. print "<button type='submit'>".__("Reset password")."</button>";
  584. print "</form>";
  585. } else if ($method == 'do') {
  586. $login = db_escape_string($this->link, $_POST["login"]);
  587. $email = db_escape_string($this->link, $_POST["email"]);
  588. $test = db_escape_string($this->link, $_POST["test"]);
  589. if (($test != 4 && $test != 'four') || !$email || !$login) {
  590. print_error(__('Some of the required form parameters are missing or incorrect.'));
  591. print "<form method=\"GET\" action=\"public.php\">
  592. <input type=\"hidden\" name=\"op\" value=\"forgotpass\">
  593. <input type=\"submit\" value=\"".__("Go back")."\">
  594. </form>";
  595. } else {
  596. $result = db_query($this->link, "SELECT id FROM ttrss_users
  597. WHERE login = '$login' AND email = '$email'");
  598. if (db_num_rows($result) != 0) {
  599. $id = db_fetch_result($result, 0, "id");
  600. Pref_Users::resetUserPassword($this->link, $id, false);
  601. print "<p>";
  602. print "<p>"."Completed."."</p>";
  603. print "<form method=\"GET\" action=\"index.php\">
  604. <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
  605. </form>";
  606. } else {
  607. print_error(__("Sorry, login and email combination not found."));
  608. print "<form method=\"GET\" action=\"public.php\">
  609. <input type=\"hidden\" name=\"op\" value=\"forgotpass\">
  610. <input type=\"submit\" value=\"".__("Go back")."\">
  611. </form>";
  612. }
  613. }
  614. }
  615. print "</div>";
  616. print "</body>";
  617. print "</html>";
  618. }
  619. function dbupdate() {
  620. if (!SINGLE_USER_MODE && $_SESSION["access_level"] < 10) {
  621. $_SESSION["login_error_msg"] = __("Your access level is insufficient to run this script.");
  622. render_login_form($link);
  623. exit;
  624. }
  625. ?><html>
  626. <head>
  627. <title>Database Updater</title>
  628. <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
  629. <link rel="stylesheet" type="text/css" href="utility.css"/>
  630. </head>
  631. <style type="text/css">
  632. span.ok { color : #009000; font-weight : bold; }
  633. span.err { color : #ff0000; font-weight : bold; }
  634. </style>
  635. <body>
  636. <script type='text/javascript'>
  637. function confirmOP() {
  638. return confirm("Update the database?");
  639. }
  640. </script>
  641. <div class="floatingLogo"><img src="images/logo_small.png"></div>
  642. <h1><?php echo __("Database Updater") ?></h1>
  643. <div class="content">
  644. <?php
  645. @$op = $_REQUEST["subop"];
  646. $updater = new DbUpdater($this->link, DB_TYPE, SCHEMA_VERSION);
  647. if ($op == "performupdate") {
  648. if ($updater->isUpdateRequired()) {
  649. print "<h2>Performing updates</h2>";
  650. print "<h3>Updating to schema version " . SCHEMA_VERSION . "</h3>";
  651. print "<ul>";
  652. for ($i = $updater->getSchemaVersion() + 1; $i <= SCHEMA_VERSION; $i++) {
  653. print "<li>Performing update up to version $i...";
  654. $result = $updater->performUpdateTo($i);
  655. if (!$result) {
  656. print "<span class='err'>FAILED!</span></li></ul>";
  657. print_warning("One of the updates failed. Either retry the process or perform updates manually.");
  658. print "<p><form method=\"GET\" action=\"index.php\">
  659. <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
  660. </form>";
  661. break;
  662. } else {
  663. print "<span class='ok'>OK!</span></li>";
  664. }
  665. }
  666. print "</ul>";
  667. print_notice("Your Tiny Tiny RSS database is now updated to the latest version.");
  668. print "<p><form method=\"GET\" action=\"index.php\">
  669. <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
  670. </form>";
  671. } else {
  672. print "<h2>Your database is up to date.</h2>";
  673. print "<p><form method=\"GET\" action=\"index.php\">
  674. <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
  675. </form>";
  676. }
  677. } else {
  678. if ($updater->isUpdateRequired()) {
  679. print "<h2>Database update required</h2>";
  680. print "<h3>";
  681. printf("Your Tiny Tiny RSS database needs update to the latest version: %d to %d.",
  682. $updater->getSchemaVersion(), SCHEMA_VERSION);
  683. print "</h3>";
  684. print_warning("Please backup your database before proceeding.");
  685. print "<form method='POST'>
  686. <input type='hidden' name='subop' value='performupdate'>
  687. <input type='submit' onclick='return confirmOP()' value='".__("Perform updates")."'>
  688. </form>";
  689. } else {
  690. print "<h2>" . "Tiny Tiny RSS database is up to date." . "</h2>";
  691. print "<p><form method=\"GET\" action=\"index.php\">
  692. <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
  693. </form>";
  694. }
  695. }
  696. ?>
  697. </div>
  698. </body>
  699. </html>
  700. <?php
  701. }
  702. }
  703. ?>