Browse Source

add Public_Handler
misc code cleanup

Andrew Dolgov 8 years ago
parent
commit
5f0a3741d0
14 changed files with 515 additions and 343 deletions
  1. 24 38
      backend.php
  2. 204 0
      classes/pref_instances.php
  3. 210 0
      classes/public_handler.php
  4. 1 1
      db-updater.php
  5. 2 2
      include/db.php
  6. 42 253
      include/functions.php
  7. 1 1
      index.php
  8. 1 1
      opml.php
  9. 1 1
      prefs.php
  10. 25 20
      public.php
  11. 1 1
      register.php
  12. 1 1
      twitter.php
  13. 0 8
      update.php
  14. 2 16
      update_daemon2.php

+ 24 - 38
backend.php

@@ -16,17 +16,21 @@
 		$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
 	}
 
-	function __autoload($class) {
-		$file = "classes/".strtolower(basename($class)).".php";
-		if (file_exists($file)) {
-			require $file;
-		}
-	}
-
 	$op = $_REQUEST["op"];
+	@$method = $_REQUEST['subop'] ? $_REQUEST['subop'] : $_REQUEST["method"];
+
+	/* Public calls compatibility shim */
+
+	$public_calls = array("globalUpdateFeeds", "rss", "getUnread", "getProfiles", "share",
+		"fbexport", "logout", "pubsub");
+
+	if (array_search($op, $public_calls) !== false) {
+		header("Location: public.php?" . $_SERVER['QUERY_STRING']);
+		return;
+	}
 
 	require_once "functions.php";
-	if ($op != "share") require_once "sessions.php";
+	require_once "sessions.php";
 	require_once "sanity_check.php";
 	require_once "config.php";
 	require_once "db.php";
@@ -40,17 +44,7 @@
 
 	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
 
-	if (!$link) {
-		if (DB_TYPE == "mysql") {
-			print mysql_error();
-		}
-		// PG seems to display its own errors just fine by default.
-		return;
-	}
-
-	init_connection($link);
-
-	$method = $_REQUEST['subop'] ? $_REQUEST['subop'] : $_REQUEST["method"];
+	if (!init_connection($link)) return;
 
 	header("Content-Type: text/plain; charset=utf-8");
 
@@ -62,15 +56,9 @@
 		authenticate_user($link, "admin", null);
 	}
 
-	$public_calls = array("globalUpdateFeeds", "rss", "getUnread", "getProfiles", "share",
-		"fbexport", "logout", "pubsub");
+	// TODO remove and handle within Handlers
 
-	if (array_search($op, $public_calls) !== false) {
-
-		handle_public_request($link, $op);
-		return;
-
-	} else if (!($_SESSION["uid"] && validate_session($link))) {
+	if (!($_SESSION["uid"] && validate_session($link))) {
 		if ($op == 'pref-feeds' && $method == 'add') {
 			header("Content-Type: text/html");
 			login_sequence($link);
@@ -136,6 +124,13 @@
 		return;
 	}
 
+	function __autoload($class) {
+		$file = "classes/".strtolower(basename($class)).".php";
+		if (file_exists($file)) {
+			require $file;
+		}
+	}
+
 	$op = str_replace("-", "_", $op);
 
 	if (class_exists($op)) {
@@ -154,17 +149,8 @@
 		}
 	}
 
-	switch($op) { // Select action according to $op value.
-		case "pref_instances":
-			require_once "modules/pref-instances.php";
-			module_pref_instances($link);
-		break; // pref-instances
-
-		default:
-			header("Content-Type: text/plain");
-			print json_encode(array("error" => array("code" => 7)));
-		break; // fallback
-	} // Select action according to $op value.
+	header("Content-Type: text/plain");
+	print json_encode(array("error" => array("code" => 7)));
 
 	// We close the connection to database.
 	db_close($link);

+ 204 - 0
classes/pref_instances.php

@@ -0,0 +1,204 @@
+<?php
+class Pref_Instances extends Protected_Handler {
+
+	function before() {
+		if (parent::before()) {
+			if ($_SESSION["access_level"] < 10) {
+				print __("Your access level is insufficient to open this tab.");
+				return false;
+			}
+			return true;
+		}
+		return false;
+	}
+
+	function remove() {
+		$ids = db_escape_string($_REQUEST['ids']);
+
+		db_query($this->link, "DELETE FROM ttrss_linked_instances WHERE
+			id IN ($ids)");
+	}
+
+	function add() {
+		$id = db_escape_string($_REQUEST["id"]);
+		$access_url = db_escape_string($_REQUEST["access_url"]);
+		$access_key = db_escape_string($_REQUEST["access_key"]);
+
+		db_query($this->link, "BEGIN");
+
+		$result = db_query($this->link, "SELECT id FROM ttrss_linked_instances
+			WHERE access_url = '$access_url'");
+
+		if (db_num_rows($result) == 0) {
+			db_query($this->link, "INSERT INTO ttrss_linked_instances
+				(access_url, access_key, last_connected, last_status_in, last_status_out)
+				VALUES
+				('$access_url', '$access_key', '1970-01-01', -1, -1)");
+
+		}
+
+		db_query($this->link, "COMMIT");
+	}
+
+	function edit() {
+		$id = db_escape_string($_REQUEST["id"]);
+
+		$result = db_query($this->link, "SELECT * FROM ttrss_linked_instances WHERE
+			id = '$id'");
+
+		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\"  name=\"id\" value=\"$id\">";
+		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\"  name=\"op\" value=\"pref-instances\">";
+		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\"  name=\"method\" value=\"editSave\">";
+
+		print "<div class=\"dlgSec\">".__("Instance")."</div>";
+
+		print "<div class=\"dlgSecCont\">";
+
+		/* URL */
+
+		$access_url = htmlspecialchars(db_fetch_result($result, 0, "access_url"));
+
+		print __("URL:") . " ";
+
+		print "<input dojoType=\"dijit.form.ValidationTextBox\" required=\"1\"
+			placeHolder=\"".__("Instance URL")."\"
+			regExp='^(http|https)://.*'
+			style=\"font-size : 16px; width: 20em\" name=\"access_url\"
+			value=\"$access_url\">";
+
+		print "<hr/>";
+
+		$access_key = htmlspecialchars(db_fetch_result($result, 0, "access_key"));
+
+		/* Access key */
+
+		print __("Access key:") . " ";
+
+		print "<input dojoType=\"dijit.form.ValidationTextBox\" required=\"1\"
+			placeHolder=\"".__("Access key")."\" regExp='\w{40}'
+			style=\"width: 20em\" name=\"access_key\" id=\"instance_edit_key\"
+			value=\"$access_key\">";
+
+		print "<p class='insensitive'>" . __("Use one access key for both linked instances.");
+
+		print "</div>";
+
+		print "<div class=\"dlgButtons\">
+			<div style='float : left'>
+				<button dojoType=\"dijit.form.Button\"
+					onclick=\"return dijit.byId('instanceEditDlg').regenKey()\">".
+					__('Generate new key')."</button>
+			</div>
+			<button dojoType=\"dijit.form.Button\"
+				onclick=\"return dijit.byId('instanceEditDlg').execute()\">".
+				__('Save')."</button>
+			<button dojoType=\"dijit.form.Button\"
+				onclick=\"return dijit.byId('instanceEditDlg').hide()\"\">".
+				__('Cancel')."</button></div>";
+
+	}
+
+	function editSave() {
+		$id = db_escape_string($_REQUEST["id"]);
+		$access_url = db_escape_string($_REQUEST["access_url"]);
+		$access_key = db_escape_string($_REQUEST["access_key"]);
+
+		db_query($this->link, "UPDATE ttrss_linked_instances SET
+			access_key = '$access_key', access_url = '$access_url',
+			last_connected = '1970-01-01'
+			WHERE id = '$id'");
+
+	}
+
+	function index() {
+
+		if (!function_exists('curl_init')) {
+			print "<div style='padding : 1em'>";
+			print_error("This functionality requires CURL functions. Please enable CURL in your PHP configuration (you might also want to disable open_basedir in php.ini) and reload this page.");
+			print "</div>";
+		}
+
+		print "<div id=\"pref-instance-wrap\" dojoType=\"dijit.layout.BorderContainer\" gutters=\"false\">";
+		print "<div id=\"pref-instance-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";
+
+		print "<div id=\"pref-instance-toolbar\" dojoType=\"dijit.Toolbar\">";
+
+		$sort = db_escape_string($_REQUEST["sort"]);
+
+		if (!$sort || $sort == "undefined") {
+			$sort = "access_url";
+		}
+
+		print "<div dojoType=\"dijit.form.DropDownButton\">".
+				"<span>" . __('Select')."</span>";
+		print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
+		print "<div onclick=\"selectTableRows('prefInstanceList', 'all')\"
+			dojoType=\"dijit.MenuItem\">".__('All')."</div>";
+		print "<div onclick=\"selectTableRows('prefInstanceList', 'none')\"
+			dojoType=\"dijit.MenuItem\">".__('None')."</div>";
+		print "</div></div>";
+
+		print "<button dojoType=\"dijit.form.Button\" onclick=\"addInstance()\">".__('Link instance')."</button>";
+		print "<button dojoType=\"dijit.form.Button\" onclick=\"editSelectedInstance()\">".__('Edit')."</button>";
+		print "<button dojoType=\"dijit.form.Button\" onclick=\"removeSelectedInstances()\">".__('Remove')."</button>";
+
+		print "</div>"; #toolbar
+
+		$result = db_query($this->link, "SELECT *,
+			(SELECT COUNT(*) FROM ttrss_linked_feeds
+				WHERE instance_id = ttrss_linked_instances.id) AS num_feeds
+			FROM ttrss_linked_instances
+			ORDER BY $sort");
+
+		print "<p class=\"insensitive\" style='margin-left : 1em;'>" . __("You can connect other instances of Tiny Tiny RSS to this one to share Popular feeds. Link to this instance of Tiny Tiny RSS by using this URL:");
+
+		print " <a href=\"#\" onclick=\"alert('".htmlspecialchars(get_self_url_prefix())."')\">(display url)</a>";
+
+		print "<p><table width='100%' id='prefInstanceList' class='prefInstanceList' cellspacing='0'>";
+
+		print "<tr class=\"title\">
+			<td align='center' width=\"5%\">&nbsp;</td>
+			<td width=''><a href=\"#\" onclick=\"updateInstanceList('access_url')\">".__('Instance URL')."</a></td>
+			<td width='20%'><a href=\"#\" onclick=\"updateInstanceList('access_key')\">".__('Access key')."</a></td>
+			<td width='10%'><a href=\"#\" onclick=\"updateUsersList('last_connected')\">".__('Last connected')."</a></td>
+			<td width='10%'><a href=\"#\" onclick=\"updateUsersList('num_feeds')\">".__('Stored feeds')."</a></td>
+			</tr>";
+
+		$lnum = 0;
+
+		while ($line = db_fetch_assoc($result)) {
+			$class = ($lnum % 2) ? "even" : "odd";
+
+			$id = $line['id'];
+			$this_row_id = "id=\"LIRR-$id\"";
+
+			$line["last_connected"] = make_local_datetime($this->link, $line["last_connected"], false);
+
+			print "<tr class=\"$class\" $this_row_id>";
+
+			print "<td align='center'><input onclick='toggleSelectRow(this);'
+				type=\"checkbox\" id=\"LICHK-$id\"></td>";
+
+			$onclick = "onclick='editInstance($id, event)' title='".__('Click to edit')."'";
+
+			$access_key = mb_substr($line['access_key'], 0, 4) . '...' .
+				mb_substr($line['access_key'], -4);
+
+			print "<td $onclick>" . htmlspecialchars($line['access_url']) . "</td>";
+			print "<td $onclick>" . htmlspecialchars($access_key) . "</td>";
+			print "<td $onclick>" . htmlspecialchars($line['last_connected']) . "</td>";
+			print "<td $onclick>" . htmlspecialchars($line['num_feeds']) . "</td>";
+
+			print "</tr>";
+
+			++$lnum;
+		}
+
+		print "</table>";
+
+		print "</div>"; #pane
+		print "</div>"; #container
+
+	}
+}
+?>

+ 210 - 0
classes/public_handler.php

@@ -0,0 +1,210 @@
+<?php
+class Public_Handler extends Handler {
+
+	function getUnread() {
+		$login = db_escape_string($_REQUEST["login"]);
+		$fresh = $_REQUEST["fresh"] == "1";
+
+		$result = db_query($this->link, "SELECT id FROM ttrss_users WHERE login = '$login'");
+
+		if (db_num_rows($result) == 1) {
+			$uid = db_fetch_result($result, 0, "id");
+
+			print getGlobalUnread($this->link, $uid);
+
+			if ($fresh) {
+				print ";";
+				print getFeedArticles($this->link, -3, false, true, $uid);
+			}
+
+		} else {
+			print "-1;User not found";
+		}
+
+	}
+
+	function getProfiles() {
+		$login = db_escape_string($_REQUEST["login"]);
+		$password = db_escape_string($_REQUEST["password"]);
+
+		if (authenticate_user($this->link, $login, $password)) {
+			$result = db_query($this->link, "SELECT * FROM ttrss_settings_profiles
+				WHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY title");
+
+			print "<select style='width: 100%' name='profile'>";
+
+			print "<option value='0'>" . __("Default profile") . "</option>";
+
+			while ($line = db_fetch_assoc($result)) {
+				$id = $line["id"];
+				$title = $line["title"];
+
+				print "<option value='$id'>$title</option>";
+			}
+
+			print "</select>";
+
+			$_SESSION = array();
+		}
+	}
+
+	function pubsub() {
+		$mode = db_escape_string($_REQUEST['hub_mode']);
+		$feed_id = (int) db_escape_string($_REQUEST['id']);
+		$feed_url = db_escape_string($_REQUEST['hub_topic']);
+
+		if (!PUBSUBHUBBUB_ENABLED) {
+			header('HTTP/1.0 404 Not Found');
+			echo "404 Not found";
+			return;
+		}
+
+		// TODO: implement hub_verifytoken checking
+
+		$result = db_query($this->link, "SELECT feed_url FROM ttrss_feeds
+			WHERE id = '$feed_id'");
+
+		if (db_num_rows($result) != 0) {
+
+			$check_feed_url = db_fetch_result($result, 0, "feed_url");
+
+			if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) {
+				if ($mode == "subscribe") {
+
+					db_query($this->link, "UPDATE ttrss_feeds SET pubsub_state = 2
+						WHERE id = '$feed_id'");
+
+					print $_REQUEST['hub_challenge'];
+					return;
+
+				} else if ($mode == "unsubscribe") {
+
+					db_query($this->link, "UPDATE ttrss_feeds SET pubsub_state = 0
+						WHERE id = '$feed_id'");
+
+					print $_REQUEST['hub_challenge'];
+					return;
+
+				} else if (!$mode) {
+
+					// Received update ping, schedule feed update.
+					//update_rss_feed($this->link, $feed_id, true, true);
+
+					db_query($this->link, "UPDATE ttrss_feeds SET
+						last_update_started = '1970-01-01',
+						last_updated = '1970-01-01' WHERE id = '$feed_id'");
+
+				}
+			} else {
+				header('HTTP/1.0 404 Not Found');
+				echo "404 Not found";
+			}
+		} else {
+			header('HTTP/1.0 404 Not Found');
+			echo "404 Not found";
+		}
+
+	}
+
+	function logout() {
+		logout_user();
+		header("Location: index.php");
+	}
+
+	function fbexport() {
+
+		$access_key = db_escape_string($_POST["key"]);
+
+		// TODO: rate limit checking using last_connected
+		$result = db_query($this->link, "SELECT id FROM ttrss_linked_instances
+			WHERE access_key = '$access_key'");
+
+		if (db_num_rows($result) == 1) {
+
+			$instance_id = db_fetch_result($result, 0, "id");
+
+			$result = db_query($this->link, "SELECT feed_url, site_url, title, subscribers
+				FROM ttrss_feedbrowser_cache ORDER BY subscribers DESC LIMIT 100");
+
+			$feeds = array();
+
+			while ($line = db_fetch_assoc($result)) {
+				array_push($feeds, $line);
+			}
+
+			db_query($this->link, "UPDATE ttrss_linked_instances SET
+				last_status_in = 1 WHERE id = '$instance_id'");
+
+			print json_encode(array("feeds" => $feeds));
+		} else {
+			print json_encode(array("error" => array("code" => 6)));
+		}
+	}
+
+	function share() {
+		$uuid = db_escape_string($_REQUEST["key"]);
+
+		$result = db_query($this->link, "SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
+			uuid = '$uuid'");
+
+		if (db_num_rows($result) != 0) {
+			header("Content-Type: text/html");
+
+			$id = db_fetch_result($result, 0, "ref_id");
+			$owner_uid = db_fetch_result($result, 0, "owner_uid");
+
+			$_SESSION["uid"] = $owner_uid;
+			$article = format_article($this->link, $id, false, true);
+			$_SESSION["uid"] = "";
+
+			print_r($article['content']);
+
+		} else {
+			print "Article not found.";
+		}
+
+	}
+
+	function rss() {
+		header("Content-Type: text/xml; charset=utf-8");
+
+		$feed = db_escape_string($_REQUEST["id"]);
+		$key = db_escape_string($_REQUEST["key"]);
+		$is_cat = $_REQUEST["is_cat"] != false;
+		$limit = (int)db_escape_string($_REQUEST["limit"]);
+
+		$search = db_escape_string($_REQUEST["q"]);
+		$match_on = db_escape_string($_REQUEST["m"]);
+		$search_mode = db_escape_string($_REQUEST["smode"]);
+		$view_mode = db_escape_string($_REQUEST["view-mode"]);
+
+		if (SINGLE_USER_MODE) {
+			authenticate_user($this->link, "admin", null);
+		}
+
+		$owner_id = false;
+
+		if ($key) {
+			$result = db_query($this->link, "SELECT owner_uid FROM
+				ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
+
+			if (db_num_rows($result) == 1)
+				$owner_id = db_fetch_result($result, 0, "owner_uid");
+		}
+
+		if ($owner_id) {
+			$_SESSION['uid'] = $owner_id;
+
+			generate_syndicated_feed($this->link, 0, $feed, $is_cat, $limit,
+				$search, $search_mode, $match_on, $view_mode);
+		} else {
+			header('HTTP/1.1 403 Forbidden');
+		}
+	}
+
+	/* function globalUpdateFeeds() {
+		// Update all feeds needing a update.
+		update_daemon_common($this->link, 0, true, true);
+	} */
+}
+?>

+ 1 - 1
db-updater.php

@@ -9,7 +9,7 @@
 
 	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
 
-	init_connection($link);
+	if (!init_connection($link)) return;
 	login_sequence($link);
 
 	$owner_uid = $_SESSION["uid"];

+ 2 - 2
include/db.php

@@ -61,7 +61,7 @@ function db_query($link, $query, $die_on_error = true) {
 		if (!$result) {
 			$query = htmlspecialchars($query); // just in case
 			if ($die_on_error) {
-				die("Query <i>$query</i> failed [$result]: " . pg_last_error($link));
+				die("Query <i>$query</i> failed [$result]: " . ($link ? pg_last_error($link) : "No connection"));
 			}
 		}
 		return $result;
@@ -70,7 +70,7 @@ function db_query($link, $query, $die_on_error = true) {
 		if (!$result) {
 			$query = htmlspecialchars($query);
 			if ($die_on_error) {
-				die("Query <i>$query</i> failed: " . mysql_error($link));
+				die("Query <i>$query</i> failed: " . ($link ? mysql_error($link) : "No connection"));
 			}
 		}
 		return $result;

+ 42 - 253
include/functions.php

@@ -5835,18 +5835,24 @@
 	}
 
 	function init_connection($link) {
-		if (DB_TYPE == "pgsql") {
-			pg_query($link, "set client_encoding = 'UTF-8'");
-			pg_set_client_encoding("UNICODE");
-			pg_query($link, "set datestyle = 'ISO, european'");
-			pg_query($link, "set TIME ZONE 0");
-		} else {
-			db_query($link, "SET time_zone = '+0:0'");
+		if ($link) {
 
-			if (defined('MYSQL_CHARSET') && MYSQL_CHARSET) {
-				db_query($link, "SET NAMES " . MYSQL_CHARSET);
-	//			db_query($link, "SET CHARACTER SET " . MYSQL_CHARSET);
+			if (DB_TYPE == "pgsql") {
+				pg_query($link, "set client_encoding = 'UTF-8'");
+				pg_set_client_encoding("UNICODE");
+				pg_query($link, "set datestyle = 'ISO, european'");
+				pg_query($link, "set TIME ZONE 0");
+			} else {
+				db_query($link, "SET time_zone = '+0:0'");
+
+				if (defined('MYSQL_CHARSET') && MYSQL_CHARSET) {
+					db_query($link, "SET NAMES " . MYSQL_CHARSET);
+				}
 			}
+			return true;
+		} else {
+			print "Unable to connect to database:" . db_last_error();
+			return false;
 		}
 	}
 
@@ -7428,242 +7434,25 @@
 		}
 	}
 
-	function handle_public_request($link, $op) {
-		switch ($op) {
-
-		case "getUnread":
-			$login = db_escape_string($_REQUEST["login"]);
-			$fresh = $_REQUEST["fresh"] == "1";
-
-			$result = db_query($link, "SELECT id FROM ttrss_users WHERE login = '$login'");
-
-			if (db_num_rows($result) == 1) {
-				$uid = db_fetch_result($result, 0, "id");
-
-				print getGlobalUnread($link, $uid);
-
-				if ($fresh) {
-					print ";";
-					print getFeedArticles($link, -3, false, true, $uid);
-				}
-
-			} else {
-				print "-1;User not found";
-			}
-
-		break; // getUnread
-
-		case "getProfiles":
-			$login = db_escape_string($_REQUEST["login"]);
-			$password = db_escape_string($_REQUEST["password"]);
-
-			if (authenticate_user($link, $login, $password)) {
-				$result = db_query($link, "SELECT * FROM ttrss_settings_profiles
-					WHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY title");
-
-				print "<select style='width: 100%' name='profile'>";
-
-				print "<option value='0'>" . __("Default profile") . "</option>";
-
-				while ($line = db_fetch_assoc($result)) {
-					$id = $line["id"];
-					$title = $line["title"];
-
-					print "<option value='$id'>$title</option>";
-				}
-
-				print "</select>";
-
-				$_SESSION = array();
-			}
-		break; // getprofiles
-
-		case "pubsub":
-			$mode = db_escape_string($_REQUEST['hub_mode']);
-			$feed_id = (int) db_escape_string($_REQUEST['id']);
-			$feed_url = db_escape_string($_REQUEST['hub_topic']);
-
-			if (!PUBSUBHUBBUB_ENABLED) {
-				header('HTTP/1.0 404 Not Found');
-				echo "404 Not found";
-				return;
-			}
-
-			// TODO: implement hub_verifytoken checking
-
-			$result = db_query($link, "SELECT feed_url FROM ttrss_feeds
-				WHERE id = '$feed_id'");
-
-			if (db_num_rows($result) != 0) {
-
-				$check_feed_url = db_fetch_result($result, 0, "feed_url");
-
-				if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) {
-					if ($mode == "subscribe") {
-
-						db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 2
-							WHERE id = '$feed_id'");
-
-						print $_REQUEST['hub_challenge'];
-						return;
-
-					} else if ($mode == "unsubscribe") {
-
-						db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 0
-							WHERE id = '$feed_id'");
-
-						print $_REQUEST['hub_challenge'];
-						return;
-
-					} else if (!$mode) {
-
-						// Received update ping, schedule feed update.
-						//update_rss_feed($link, $feed_id, true, true);
-
-						db_query($link, "UPDATE ttrss_feeds SET
-							last_update_started = '1970-01-01',
-							last_updated = '1970-01-01' WHERE id = '$feed_id'");
-
-					}
-				} else {
-					header('HTTP/1.0 404 Not Found');
-					echo "404 Not found";
-				}
-			} else {
-				header('HTTP/1.0 404 Not Found');
-				echo "404 Not found";
-			}
-
-		break; // pubsub
-
-		case "logout":
-			logout_user();
-			header("Location: index.php");
-		break; // logout
-
-		case "fbexport":
-
-			$access_key = db_escape_string($_POST["key"]);
-
-			// TODO: rate limit checking using last_connected
-			$result = db_query($link, "SELECT id FROM ttrss_linked_instances
-				WHERE access_key = '$access_key'");
-
-			if (db_num_rows($result) == 1) {
-
-				$instance_id = db_fetch_result($result, 0, "id");
-
-				$result = db_query($link, "SELECT feed_url, site_url, title, subscribers
-					FROM ttrss_feedbrowser_cache ORDER BY subscribers DESC LIMIT 100");
-
-				$feeds = array();
-
-				while ($line = db_fetch_assoc($result)) {
-					array_push($feeds, $line);
-				}
-
-				db_query($link, "UPDATE ttrss_linked_instances SET
-					last_status_in = 1 WHERE id = '$instance_id'");
-
-				print json_encode(array("feeds" => $feeds));
-			} else {
-				print json_encode(array("error" => array("code" => 6)));
-			}
-		break; // fbexport
-
-		case "share":
-			$uuid = db_escape_string($_REQUEST["key"]);
-
-			$result = db_query($link, "SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
-				uuid = '$uuid'");
-
-			if (db_num_rows($result) != 0) {
-				header("Content-Type: text/html");
-
-				$id = db_fetch_result($result, 0, "ref_id");
-				$owner_uid = db_fetch_result($result, 0, "owner_uid");
-
-				$_SESSION["uid"] = $owner_uid;
-				$article = format_article($link, $id, false, true);
-				$_SESSION["uid"] = "";
-
-				print_r($article['content']);
-
-			} else {
-				print "Article not found.";
-			}
-
-			break;
-
-		case "rss":
-			$feed = db_escape_string($_REQUEST["id"]);
-			$key = db_escape_string($_REQUEST["key"]);
-			$is_cat = $_REQUEST["is_cat"] != false;
-			$limit = (int)db_escape_string($_REQUEST["limit"]);
-
-			$search = db_escape_string($_REQUEST["q"]);
-			$match_on = db_escape_string($_REQUEST["m"]);
-			$search_mode = db_escape_string($_REQUEST["smode"]);
-			$view_mode = db_escape_string($_REQUEST["view-mode"]);
-
-			if (SINGLE_USER_MODE) {
-				authenticate_user($link, "admin", null);
-			}
-
-			$owner_id = false;
-
-			if ($key) {
-				$result = db_query($link, "SELECT owner_uid FROM
-					ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
-
-				if (db_num_rows($result) == 1)
-					$owner_id = db_fetch_result($result, 0, "owner_uid");
-			}
-
-			if ($owner_id) {
-				$_SESSION['uid'] = $owner_id;
-
-				generate_syndicated_feed($link, 0, $feed, $is_cat, $limit,
-					$search, $search_mode, $match_on, $view_mode);
-			} else {
-				header('HTTP/1.1 403 Forbidden');
-			}
-		break; // rss
-
-
-		case "globalUpdateFeeds":
-			// Update all feeds needing a update.
-			update_daemon_common($link, 0, true, true);
-		break; // globalUpdateFeeds
-
-
-		default:
-			header("Content-Type: text/plain");
-			print json_encode(array("error" => array("code" => 7)));
-		break; // fallback
-
-		}
-	}
-	
 	function make_feed_browser($link, $search, $limit, $mode = 1) {
-	
+
 		$owner_uid = $_SESSION["uid"];
 		$rv = '';
-	
+
 		if ($search) {
 			$search_qpart = "AND (UPPER(feed_url) LIKE UPPER('%$search%') OR
 						UPPER(title) LIKE UPPER('%$search%'))";
 		} else {
 			$search_qpart = "";
 		}
-	
+
 		if ($mode == 1) {
 			/* $result = db_query($link, "SELECT feed_url, subscribers FROM
 			 ttrss_feedbrowser_cache WHERE (SELECT COUNT(id) = 0 FROM ttrss_feeds AS tf
 			WHERE tf.feed_url = ttrss_feedbrowser_cache.feed_url
 			AND owner_uid = '$owner_uid') $search_qpart
 			ORDER BY subscribers DESC LIMIT $limit"); */
-	
+
 			$result = db_query($link, "SELECT feed_url, site_url, title, SUM(subscribers) AS subscribers FROM
 						(SELECT feed_url, site_url, title, subscribers FROM ttrss_feedbrowser_cache UNION ALL
 							SELECT feed_url, site_url, title, subscribers FROM ttrss_linked_feeds) AS qqq
@@ -7672,7 +7461,7 @@
 								WHERE tf.feed_url = qqq.feed_url
 									AND owner_uid = '$owner_uid') $search_qpart
 						GROUP BY feed_url, site_url, title ORDER BY subscribers DESC LIMIT $limit");
-	
+
 		} else if ($mode == 2) {
 			$result = db_query($link, "SELECT *,
 						(SELECT COUNT(*) FROM ttrss_user_entries WHERE
@@ -7686,74 +7475,74 @@
 						owner_uid = '$owner_uid' $search_qpart
 						ORDER BY id DESC LIMIT $limit");
 		}
-	
+
 		$feedctr = 0;
-	
+
 		while ($line = db_fetch_assoc($result)) {
-	
+
 			if ($mode == 1) {
-	
+
 				$feed_url = htmlspecialchars($line["feed_url"]);
 				$site_url = htmlspecialchars($line["site_url"]);
 				$subscribers = $line["subscribers"];
-	
+
 				$check_box = "<input onclick='toggleSelectListRow2(this)'
 							dojoType=\"dijit.form.CheckBox\"
 							type=\"checkbox\" \">";
-	
+
 				$class = ($feedctr % 2) ? "even" : "odd";
-	
+
 				$site_url = "<a target=\"_blank\"
 							href=\"$site_url\">
 							<span class=\"fb_feedTitle\">".
 				htmlspecialchars($line["title"])."</span></a>";
-	
+
 				$feed_url = "<a target=\"_blank\" class=\"fb_feedUrl\"
 							href=\"$feed_url\"><img src='images/feed-icon-12x12.png'
 							style='vertical-align : middle'></a>";
-	
+
 				$rv .= "<li>$check_box $feed_url $site_url".
 							"&nbsp;<span class='subscribers'>($subscribers)</span></li>";
-	
+
 			} else if ($mode == 2) {
 				$feed_url = htmlspecialchars($line["feed_url"]);
 				$site_url = htmlspecialchars($line["site_url"]);
 				$title = htmlspecialchars($line["title"]);
-	
+
 				$check_box = "<input onclick='toggleSelectListRow2(this)' dojoType=\"dijit.form.CheckBox\"
 							type=\"checkbox\">";
-	
+
 				$class = ($feedctr % 2) ? "even" : "odd";
-	
+
 				if ($line['articles_archived'] > 0) {
 					$archived = sprintf(__("%d archived articles"), $line['articles_archived']);
 					$archived = "&nbsp;<span class='subscribers'>($archived)</span>";
 				} else {
 					$archived = '';
 				}
-	
+
 				$site_url = "<a target=\"_blank\"
 							href=\"$site_url\">
 							<span class=\"fb_feedTitle\">".
 				htmlspecialchars($line["title"])."</span></a>";
-	
+
 				$feed_url = "<a target=\"_blank\" class=\"fb_feedUrl\"
 							href=\"$feed_url\"><img src='images/feed-icon-12x12.png'
 							style='vertical-align : middle'></a>";
-	
-	
+
+
 				$rv .= "<li id=\"FBROW-".$line["id"]."\">".
 							"$check_box $feed_url $site_url $archived</li>";
 			}
-	
+
 			++$feedctr;
 		}
-	
+
 		if ($feedctr == 0) {
 			$rv .= "<li style=\"text-align : center\"><p>".__('No feeds found.')."</p></li>";
 		}
-	
+
 		return $rv;
-	
 	}
+
 ?>

+ 1 - 1
index.php

@@ -16,7 +16,7 @@
 
 	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
 
-	init_connection($link);
+	if (!init_connection($link)) return;
 
 	login_sequence($link);
 

+ 1 - 1
opml.php

@@ -10,7 +10,7 @@
 
 	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
 
-	init_connection($link);
+	if (!init_connection($link)) return;
 
 	function opml_export($link, $name, $owner_uid, $hide_private_feeds=false, $include_settings=true) {
 		if (!$_REQUEST["debug"]) {

+ 1 - 1
prefs.php

@@ -10,7 +10,7 @@
 
 	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
 
-	init_connection($link);
+	if (!init_connection($link)) return;
 
 	login_sequence($link);
 

+ 25 - 20
public.php

@@ -16,10 +16,8 @@
 		$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
 	}
 
-	$op = $_REQUEST["op"];
-
 	require_once "functions.php";
-	if ($op != "share") require_once "sessions.php";
+	require_once "sessions.php";
 	require_once "sanity_check.php";
 	require_once "config.php";
 	require_once "db.php";
@@ -33,30 +31,37 @@
 
 	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
 
-	if (!$link) {
-		if (DB_TYPE == "mysql") {
-			print mysql_error();
-		}
-		// PG seems to display its own errors just fine by default.
-		return;
+	if (!init_connection($link)) return;
+
+	if (ENABLE_GZIP_OUTPUT) {
+		ob_start("ob_gzhandler");
 	}
 
-	init_connection($link);
+	function __autoload($class) {
+		$file = "classes/".strtolower(basename($class)).".php";
+		if (file_exists($file)) {
+			require $file;
+		}
+	}
 
-	$method = $_REQUEST["method"];
-	$mode = $_REQUEST["mode"];
+	$method = $_REQUEST["op"];
 
-	if ((!$op || $op == "rss" || $op == "dlg") && !$_REQUEST["noxml"]) {
-			header("Content-Type: application/xml; charset=utf-8");
-	} else {
-			header("Content-Type: text/plain; charset=utf-8");
-	}
+	$handler = new Public_Handler($link, $_REQUEST);
 
-	if (ENABLE_GZIP_OUTPUT) {
-		ob_start("ob_gzhandler");
+	if ($handler) {
+		if ($handler->before()) {
+			if ($method && method_exists($handler, $method)) {
+				$handler->$method();
+			} else if (method_exists($handler, 'index')) {
+				$handler->index();
+			}
+			$handler->after();
+			return;
+		}
 	}
 
-	handle_public_request($link, $op);
+	header("Content-Type: text/plain");
+	print json_encode(array("error" => array("code" => 7)));
 
 	// We close the connection to database.
 	db_close($link);

+ 1 - 1
register.php

@@ -18,7 +18,7 @@
 
 	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
 
-	init_connection($link);
+	if (!init_connection($link)) return;
 
 	if ($_REQUEST["format"] == "feed") {
 		header("Content-Type: text/xml");

+ 1 - 1
twitter.php

@@ -11,7 +11,7 @@
 
 	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
 
-	init_connection($link);
+	if (!init_connection($link)) return;
 	login_sequence($link);
 
 	$owner_uid = $_SESSION["uid"];

+ 0 - 8
update.php

@@ -47,14 +47,6 @@
 	// Create a database connection.
 	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
 
-	if (!$link) {
-		if (DB_TYPE == "mysql") {
-			print mysql_error();
-		}
-		// PG seems to display its own errors just fine by default.
-		return;
-	}
-
 	init_connection($link);
 
 	if ($op == "-feeds") {

+ 2 - 16
update_daemon2.php

@@ -133,13 +133,7 @@
 	// It is unnecessary to start the fork loop if database is not ok.
 	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
 
-	if (!$link) {
-		if (DB_TYPE == "mysql") {
-			print mysql_error();
-		}
-		// PG seems to display its own errors just fine by default.
-		return;
-	}
+	if (!init_connection($link)) return;
 
 	db_close($link);
 
@@ -190,15 +184,7 @@
 
 					$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
 
-					if (!$link) {
-						if (DB_TYPE == "mysql") {
-							print mysql_error();
-						}
-						// PG seems to display its own errors just fine by default.
-						return;
-					}
-
-					init_connection($link);
+					if (!init_connection($link)) return;
 
 					// We disable stamp file, since it is of no use in a multiprocess update.
 					// not really, tho for the time being -fox