public.php 30 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036
  1. <?php
  2. class Handler_Public extends Handler {
  3. private function generate_syndicated_feed($owner_uid, $feed, $is_cat,
  4. $limit, $offset, $search,
  5. $view_mode = false, $format = 'atom', $order = false, $orig_guid = false, $start_ts = false) {
  6. require_once "lib/MiniTemplator.class.php";
  7. $note_style = "background-color : #fff7d5;
  8. border-width : 1px; ".
  9. "padding : 5px; border-style : dashed; border-color : #e7d796;".
  10. "margin-bottom : 1em; color : #9a8c59;";
  11. if (!$limit) $limit = 60;
  12. $date_sort_field = "date_entered DESC, updated DESC";
  13. $date_check_field = "date_entered";
  14. if ($feed == -2 && !$is_cat) {
  15. $date_sort_field = "last_published DESC";
  16. $date_check_field = "last_published";
  17. } else if ($feed == -1 && !$is_cat) {
  18. $date_sort_field = "last_marked DESC";
  19. $date_check_field = "last_marked";
  20. }
  21. switch ($order) {
  22. case "title":
  23. $date_sort_field = "ttrss_entries.title";
  24. break;
  25. case "date_reverse":
  26. $date_sort_field = "date_entered, updated";
  27. break;
  28. case "feed_dates":
  29. $date_sort_field = "updated DESC";
  30. break;
  31. }
  32. $params = array(
  33. "owner_uid" => $owner_uid,
  34. "feed" => $feed,
  35. "limit" => 1,
  36. "view_mode" => $view_mode,
  37. "cat_view" => $is_cat,
  38. "search" => $search,
  39. "override_order" => $date_sort_field,
  40. "include_children" => true,
  41. "ignore_vfeed_group" => true,
  42. "offset" => $offset,
  43. "start_ts" => $start_ts
  44. );
  45. $qfh_ret = Feeds::queryFeedHeadlines($params);
  46. $result = $qfh_ret[0];
  47. if ($this->dbh->num_rows($result) != 0) {
  48. $ts = strtotime($this->dbh->fetch_result($result, 0, $date_check_field));
  49. if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) &&
  50. strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) >= $ts) {
  51. header('HTTP/1.0 304 Not Modified');
  52. return;
  53. }
  54. $last_modified = gmdate("D, d M Y H:i:s", $ts) . " GMT";
  55. header("Last-Modified: $last_modified", true);
  56. }
  57. $params = array(
  58. "owner_uid" => $owner_uid,
  59. "feed" => $feed,
  60. "limit" => $limit,
  61. "view_mode" => $view_mode,
  62. "cat_view" => $is_cat,
  63. "search" => $search,
  64. "override_order" => $date_sort_field,
  65. "include_children" => true,
  66. "ignore_vfeed_group" => true,
  67. "offset" => $offset,
  68. "start_ts" => $start_ts
  69. );
  70. $qfh_ret = Feeds::queryFeedHeadlines($params);
  71. $result = $qfh_ret[0];
  72. $feed_title = htmlspecialchars($qfh_ret[1]);
  73. $feed_site_url = $qfh_ret[2];
  74. /* $last_error = $qfh_ret[3]; */
  75. $feed_self_url = get_self_url_prefix() .
  76. "/public.php?op=rss&id=$feed&key=" .
  77. get_feed_access_key($feed, false, $owner_uid);
  78. if (!$feed_site_url) $feed_site_url = get_self_url_prefix();
  79. if ($format == 'atom') {
  80. $tpl = new MiniTemplator;
  81. $tpl->readTemplateFromFile("templates/generated_feed.txt");
  82. $tpl->setVariable('FEED_TITLE', $feed_title, true);
  83. $tpl->setVariable('VERSION', VERSION, true);
  84. $tpl->setVariable('FEED_URL', htmlspecialchars($feed_self_url), true);
  85. $tpl->setVariable('SELF_URL', htmlspecialchars(get_self_url_prefix()), true);
  86. while ($line = $this->dbh->fetch_assoc($result)) {
  87. $line["content_preview"] = sanitize(truncate_string(strip_tags($line["content"]), 100, '...'));
  88. foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_QUERY_HEADLINES) as $p) {
  89. $line = $p->hook_query_headlines($line);
  90. }
  91. foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_ARTICLE_EXPORT_FEED) as $p) {
  92. $line = $p->hook_article_export_feed($line, $feed, $is_cat);
  93. }
  94. $tpl->setVariable('ARTICLE_ID',
  95. htmlspecialchars($orig_guid ? $line['link'] :
  96. $this->make_article_tag_uri($line['id'], $line['date_entered'])), true);
  97. $tpl->setVariable('ARTICLE_LINK', htmlspecialchars($line['link']), true);
  98. $tpl->setVariable('ARTICLE_TITLE', htmlspecialchars($line['title']), true);
  99. $tpl->setVariable('ARTICLE_EXCERPT', $line["content_preview"], true);
  100. $content = sanitize($line["content"], false, $owner_uid,
  101. $feed_site_url, false, $line["id"]);
  102. if ($line['note']) {
  103. $content = "<div style=\"$note_style\">Article note: " . $line['note'] . "</div>" .
  104. $content;
  105. $tpl->setVariable('ARTICLE_NOTE', htmlspecialchars($line['note']), true);
  106. }
  107. $tpl->setVariable('ARTICLE_CONTENT', $content, true);
  108. $tpl->setVariable('ARTICLE_UPDATED_ATOM',
  109. date('c', strtotime($line["updated"])), true);
  110. $tpl->setVariable('ARTICLE_UPDATED_RFC822',
  111. date(DATE_RFC822, strtotime($line["updated"])), true);
  112. $tpl->setVariable('ARTICLE_AUTHOR', htmlspecialchars($line['author']), true);
  113. $tpl->setVariable('ARTICLE_SOURCE_LINK', htmlspecialchars($line['site_url'] ? $line["site_url"] : get_self_url_prefix()), true);
  114. $tpl->setVariable('ARTICLE_SOURCE_TITLE', htmlspecialchars($line['feed_title'] ? $line['feed_title'] : $feed_title), true);
  115. $tags = Article::get_article_tags($line["id"], $owner_uid);
  116. foreach ($tags as $tag) {
  117. $tpl->setVariable('ARTICLE_CATEGORY', htmlspecialchars($tag), true);
  118. $tpl->addBlock('category');
  119. }
  120. $enclosures = Article::get_article_enclosures($line["id"]);
  121. foreach ($enclosures as $e) {
  122. $type = htmlspecialchars($e['content_type']);
  123. $url = htmlspecialchars($e['content_url']);
  124. $length = $e['duration'] ? $e['duration'] : 1;
  125. $tpl->setVariable('ARTICLE_ENCLOSURE_URL', $url, true);
  126. $tpl->setVariable('ARTICLE_ENCLOSURE_TYPE', $type, true);
  127. $tpl->setVariable('ARTICLE_ENCLOSURE_LENGTH', $length, true);
  128. $tpl->addBlock('enclosure');
  129. }
  130. $tpl->addBlock('entry');
  131. }
  132. $tmp = "";
  133. $tpl->addBlock('feed');
  134. $tpl->generateOutputToString($tmp);
  135. if (@!$_REQUEST["noxml"]) {
  136. header("Content-Type: text/xml; charset=utf-8");
  137. } else {
  138. header("Content-Type: text/plain; charset=utf-8");
  139. }
  140. print $tmp;
  141. } else if ($format == 'json') {
  142. $feed = array();
  143. $feed['title'] = $feed_title;
  144. $feed['version'] = VERSION;
  145. $feed['feed_url'] = $feed_self_url;
  146. $feed['self_url'] = get_self_url_prefix();
  147. $feed['articles'] = array();
  148. while ($line = $this->dbh->fetch_assoc($result)) {
  149. $line["content_preview"] = sanitize(truncate_string(strip_tags($line["content_preview"]), 100, '...'));
  150. foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_QUERY_HEADLINES) as $p) {
  151. $line = $p->hook_query_headlines($line, 100);
  152. }
  153. foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_ARTICLE_EXPORT_FEED) as $p) {
  154. $line = $p->hook_article_export_feed($line, $feed, $is_cat);
  155. }
  156. $article = array();
  157. $article['id'] = $line['link'];
  158. $article['link'] = $line['link'];
  159. $article['title'] = $line['title'];
  160. $article['excerpt'] = $line["content_preview"];
  161. $article['content'] = sanitize($line["content"], false, $owner_uid, $feed_site_url, false, $line["id"]);
  162. $article['updated'] = date('c', strtotime($line["updated"]));
  163. if ($line['note']) $article['note'] = $line['note'];
  164. if ($article['author']) $article['author'] = $line['author'];
  165. $tags = Article::get_article_tags($line["id"], $owner_uid);
  166. if (count($tags) > 0) {
  167. $article['tags'] = array();
  168. foreach ($tags as $tag) {
  169. array_push($article['tags'], $tag);
  170. }
  171. }
  172. $enclosures = Article::get_article_enclosures($line["id"]);
  173. if (count($enclosures) > 0) {
  174. $article['enclosures'] = array();
  175. foreach ($enclosures as $e) {
  176. $type = $e['content_type'];
  177. $url = $e['content_url'];
  178. $length = $e['duration'];
  179. array_push($article['enclosures'], array("url" => $url, "type" => $type, "length" => $length));
  180. }
  181. }
  182. array_push($feed['articles'], $article);
  183. }
  184. header("Content-Type: text/json; charset=utf-8");
  185. print json_encode($feed);
  186. } else {
  187. header("Content-Type: text/plain; charset=utf-8");
  188. print json_encode(array("error" => array("message" => "Unknown format")));
  189. }
  190. }
  191. function getUnread() {
  192. $login = $this->dbh->escape_string($_REQUEST["login"]);
  193. $fresh = $_REQUEST["fresh"] == "1";
  194. $result = $this->dbh->query("SELECT id FROM ttrss_users WHERE login = '$login'");
  195. if ($this->dbh->num_rows($result) == 1) {
  196. $uid = $this->dbh->fetch_result($result, 0, "id");
  197. print Feeds::getGlobalUnread($uid);
  198. if ($fresh) {
  199. print ";";
  200. print Feeds::getFeedArticles(-3, false, true, $uid);
  201. }
  202. } else {
  203. print "-1;User not found";
  204. }
  205. }
  206. function getProfiles() {
  207. $login = $this->dbh->escape_string($_REQUEST["login"]);
  208. $result = $this->dbh->query("SELECT ttrss_settings_profiles.* FROM ttrss_settings_profiles,ttrss_users
  209. WHERE ttrss_users.id = ttrss_settings_profiles.owner_uid AND login = '$login' ORDER BY title");
  210. print "<select dojoType='dijit.form.Select' style='width : 220px; margin : 0px' name='profile'>";
  211. print "<option value='0'>" . __("Default profile") . "</option>";
  212. while ($line = $this->dbh->fetch_assoc($result)) {
  213. $id = $line["id"];
  214. $title = $line["title"];
  215. print "<option value='$id'>$title</option>";
  216. }
  217. print "</select>";
  218. }
  219. function logout() {
  220. logout_user();
  221. header("Location: index.php");
  222. }
  223. function share() {
  224. $uuid = $this->dbh->escape_string($_REQUEST["key"]);
  225. $result = $this->dbh->query("SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
  226. uuid = '$uuid'");
  227. if ($this->dbh->num_rows($result) != 0) {
  228. header("Content-Type: text/html");
  229. $id = $this->dbh->fetch_result($result, 0, "ref_id");
  230. $owner_uid = $this->dbh->fetch_result($result, 0, "owner_uid");
  231. $article = Article::format_article($id, false, true, $owner_uid);
  232. print_r($article['content']);
  233. } else {
  234. print "Article not found.";
  235. }
  236. }
  237. function rss() {
  238. $feed = $this->dbh->escape_string($_REQUEST["id"]);
  239. $key = $this->dbh->escape_string($_REQUEST["key"]);
  240. $is_cat = sql_bool_to_bool($_REQUEST["is_cat"]);
  241. $limit = (int)$this->dbh->escape_string($_REQUEST["limit"]);
  242. $offset = (int)$this->dbh->escape_string($_REQUEST["offset"]);
  243. $search = $this->dbh->escape_string($_REQUEST["q"]);
  244. $view_mode = $this->dbh->escape_string($_REQUEST["view-mode"]);
  245. $order = $this->dbh->escape_string($_REQUEST["order"]);
  246. $start_ts = $this->dbh->escape_string($_REQUEST["ts"]);
  247. $format = $this->dbh->escape_string($_REQUEST['format']);
  248. $orig_guid = sql_bool_to_bool($_REQUEST["orig_guid"]);
  249. if (!$format) $format = 'atom';
  250. if (SINGLE_USER_MODE) {
  251. authenticate_user("admin", null);
  252. }
  253. $owner_id = false;
  254. if ($key) {
  255. $result = $this->dbh->query("SELECT owner_uid FROM
  256. ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
  257. if ($this->dbh->num_rows($result) == 1)
  258. $owner_id = $this->dbh->fetch_result($result, 0, "owner_uid");
  259. }
  260. if ($owner_id) {
  261. $this->generate_syndicated_feed($owner_id, $feed, $is_cat, $limit,
  262. $offset, $search, $view_mode, $format, $order, $orig_guid, $start_ts);
  263. } else {
  264. header('HTTP/1.1 403 Forbidden');
  265. }
  266. }
  267. function updateTask() {
  268. PluginHost::getInstance()->run_hooks(PluginHost::HOOK_UPDATE_TASK, "hook_update_task", false);
  269. }
  270. function housekeepingTask() {
  271. PluginHost::getInstance()->run_hooks(PluginHost::HOOK_HOUSE_KEEPING, "hook_house_keeping", false);
  272. }
  273. function globalUpdateFeeds() {
  274. RPC::updaterandomfeed_real($this->dbh);
  275. PluginHost::getInstance()->run_hooks(PluginHost::HOOK_UPDATE_TASK, "hook_update_task", false);
  276. }
  277. function sharepopup() {
  278. if (SINGLE_USER_MODE) {
  279. login_sequence();
  280. }
  281. header('Content-Type: text/html; charset=utf-8');
  282. print "<html><head><title>Tiny Tiny RSS</title>
  283. <link rel=\"shortcut icon\" type=\"image/png\" href=\"images/favicon.png\">
  284. <link rel=\"icon\" type=\"image/png\" sizes=\"72x72\" href=\"images/favicon-72px.png\">";
  285. echo stylesheet_tag("css/utility.css");
  286. echo stylesheet_tag("css/dijit.css");
  287. echo javascript_tag("lib/prototype.js");
  288. echo javascript_tag("lib/scriptaculous/scriptaculous.js?load=effects,controls");
  289. print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
  290. </head><body id='sharepopup'>";
  291. $action = $_REQUEST["action"];
  292. if ($_SESSION["uid"]) {
  293. if ($action == 'share') {
  294. $title = $this->dbh->escape_string(strip_tags($_REQUEST["title"]));
  295. $url = $this->dbh->escape_string(strip_tags($_REQUEST["url"]));
  296. $content = $this->dbh->escape_string(strip_tags($_REQUEST["content"]));
  297. $labels = $this->dbh->escape_string(strip_tags($_REQUEST["labels"]));
  298. Article::create_published_article($title, $url, $content, $labels,
  299. $_SESSION["uid"]);
  300. print "<script type='text/javascript'>";
  301. print "window.close();";
  302. print "</script>";
  303. } else {
  304. $title = htmlspecialchars($_REQUEST["title"]);
  305. $url = htmlspecialchars($_REQUEST["url"]);
  306. ?>
  307. <table height='100%' width='100%'><tr><td colspan='2'>
  308. <h1><?php echo __("Share with Tiny Tiny RSS") ?></h1>
  309. </td></tr>
  310. <form id='share_form' name='share_form'>
  311. <input type="hidden" name="op" value="sharepopup">
  312. <input type="hidden" name="action" value="share">
  313. <tr><td align='right'><?php echo __("Title:") ?></td>
  314. <td width='80%'><input name='title' value="<?php echo $title ?>"></td></tr>
  315. <tr><td align='right'><?php echo __("URL:") ?></td>
  316. <td><input name='url' value="<?php echo $url ?>"></td></tr>
  317. <tr><td align='right'><?php echo __("Content:") ?></td>
  318. <td><input name='content' value=""></td></tr>
  319. <tr><td align='right'><?php echo __("Labels:") ?></td>
  320. <td><input name='labels' id="labels_value"
  321. placeholder='Alpha, Beta, Gamma' value="">
  322. </td></tr>
  323. <tr><td>
  324. <div class="autocomplete" id="labels_choices"
  325. style="display : block"></div></td></tr>
  326. <script type='text/javascript'>document.forms[0].title.focus();</script>
  327. <script type='text/javascript'>
  328. new Ajax.Autocompleter('labels_value', 'labels_choices',
  329. "backend.php?op=rpc&method=completeLabels",
  330. { tokens: ',', paramName: "search" });
  331. </script>
  332. <tr><td colspan='2'>
  333. <div style='float : right' class='insensitive-small'>
  334. <?php echo __("Shared article will appear in the Published feed.") ?>
  335. </div>
  336. <button type="submit"><?php echo __('Share') ?></button>
  337. <button onclick="return window.close()"><?php echo __('Cancel') ?></button>
  338. </td>
  339. </form>
  340. </td></tr></table>
  341. </body></html>
  342. <?php
  343. }
  344. } else {
  345. $return = urlencode($_SERVER["REQUEST_URI"])
  346. ?>
  347. <form action="public.php?return=<?php echo $return ?>"
  348. method="POST" id="loginForm" name="loginForm">
  349. <input type="hidden" name="op" value="login">
  350. <table height='100%' width='100%'><tr><td colspan='2'>
  351. <h1><?php echo __("Not logged in") ?></h1></td></tr>
  352. <tr><td align="right"><?php echo __("Login:") ?></td>
  353. <td align="right"><input name="login"
  354. value="<?php echo $_SESSION["fake_login"] ?>"></td></tr>
  355. <tr><td align="right"><?php echo __("Password:") ?></td>
  356. <td align="right"><input type="password" name="password"
  357. value="<?php echo $_SESSION["fake_password"] ?>"></td></tr>
  358. <tr><td colspan='2'>
  359. <button type="submit">
  360. <?php echo __('Log in') ?></button>
  361. <button onclick="return window.close()">
  362. <?php echo __('Cancel') ?></button>
  363. </td></tr>
  364. </table>
  365. </form>
  366. <?php
  367. }
  368. }
  369. function login() {
  370. if (!SINGLE_USER_MODE) {
  371. $login = $this->dbh->escape_string($_POST["login"]);
  372. $password = $_POST["password"];
  373. $remember_me = $_POST["remember_me"];
  374. if ($remember_me) {
  375. session_set_cookie_params(SESSION_COOKIE_LIFETIME);
  376. } else {
  377. session_set_cookie_params(0);
  378. }
  379. @session_start();
  380. if (authenticate_user($login, $password)) {
  381. $_POST["password"] = "";
  382. if (get_schema_version() >= 120) {
  383. $_SESSION["language"] = get_pref("USER_LANGUAGE", $_SESSION["uid"]);
  384. }
  385. $_SESSION["ref_schema_version"] = get_schema_version(true);
  386. $_SESSION["bw_limit"] = !!$_POST["bw_limit"];
  387. if ($_POST["profile"]) {
  388. $profile = $this->dbh->escape_string($_POST["profile"]);
  389. $result = $this->dbh->query("SELECT id FROM ttrss_settings_profiles
  390. WHERE id = '$profile' AND owner_uid = " . $_SESSION["uid"]);
  391. if ($this->dbh->num_rows($result) != 0) {
  392. $_SESSION["profile"] = $profile;
  393. }
  394. }
  395. } else {
  396. $_SESSION["login_error_msg"] = __("Incorrect username or password");
  397. user_error("Failed login attempt for $login from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING);
  398. }
  399. if ($_REQUEST['return']) {
  400. header("Location: " . $_REQUEST['return']);
  401. } else {
  402. header("Location: " . SELF_URL_PATH);
  403. }
  404. }
  405. }
  406. /* function subtest() {
  407. header("Content-type: text/plain; charset=utf-8");
  408. $url = $_REQUEST["url"];
  409. print "$url\n\n";
  410. print_r(get_feeds_from_html($url, fetch_file_contents($url)));
  411. } */
  412. function subscribe() {
  413. if (SINGLE_USER_MODE) {
  414. login_sequence();
  415. }
  416. if ($_SESSION["uid"]) {
  417. $feed_url = $this->dbh->escape_string(trim($_REQUEST["feed_url"]));
  418. header('Content-Type: text/html; charset=utf-8');
  419. print "<html>
  420. <head>
  421. <title>Tiny Tiny RSS</title>
  422. <link rel=\"stylesheet\" type=\"text/css\" href=\"css/utility.css\">
  423. <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
  424. <link rel=\"shortcut icon\" type=\"image/png\" href=\"images/favicon.png\">
  425. <link rel=\"icon\" type=\"image/png\" sizes=\"72x72\" href=\"images/favicon-72px.png\">
  426. </head>
  427. <body>
  428. <img class=\"floatingLogo\" src=\"images/logo_small.png\"
  429. alt=\"Tiny Tiny RSS\"/>
  430. <h1>".__("Subscribe to feed...")."</h1><div class='content'>";
  431. $rc = Feeds::subscribe_to_feed($feed_url);
  432. switch ($rc['code']) {
  433. case 0:
  434. print_warning(T_sprintf("Already subscribed to <b>%s</b>.", $feed_url));
  435. break;
  436. case 1:
  437. print_notice(T_sprintf("Subscribed to <b>%s</b>.", $feed_url));
  438. break;
  439. case 2:
  440. print_error(T_sprintf("Could not subscribe to <b>%s</b>.", $feed_url));
  441. break;
  442. case 3:
  443. print_error(T_sprintf("No feeds found in <b>%s</b>.", $feed_url));
  444. break;
  445. case 4:
  446. print_notice(__("Multiple feed URLs found."));
  447. $feed_urls = $rc["feeds"];
  448. break;
  449. case 5:
  450. print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url));
  451. break;
  452. }
  453. if ($feed_urls) {
  454. print "<form action=\"public.php\">";
  455. print "<input type=\"hidden\" name=\"op\" value=\"subscribe\">";
  456. print "<select name=\"feed_url\">";
  457. foreach ($feed_urls as $url => $name) {
  458. $url = htmlspecialchars($url);
  459. $name = htmlspecialchars($name);
  460. print "<option value=\"$url\">$name</option>";
  461. }
  462. print "<input type=\"submit\" value=\"".__("Subscribe to selected feed").
  463. "\">";
  464. print "</form>";
  465. }
  466. $tp_uri = get_self_url_prefix() . "/prefs.php";
  467. $tt_uri = get_self_url_prefix();
  468. if ($rc['code'] <= 2){
  469. $result = $this->dbh->query("SELECT id FROM ttrss_feeds WHERE
  470. feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
  471. $feed_id = $this->dbh->fetch_result($result, 0, "id");
  472. } else {
  473. $feed_id = 0;
  474. }
  475. print "<p>";
  476. if ($feed_id) {
  477. print "<form method=\"GET\" style='display: inline'
  478. action=\"$tp_uri\">
  479. <input type=\"hidden\" name=\"tab\" value=\"feedConfig\">
  480. <input type=\"hidden\" name=\"method\" value=\"editFeed\">
  481. <input type=\"hidden\" name=\"methodparam\" value=\"$feed_id\">
  482. <input type=\"submit\" value=\"".__("Edit subscription options")."\">
  483. </form>";
  484. }
  485. print "<form style='display: inline' method=\"GET\" action=\"$tt_uri\">
  486. <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
  487. </form></p>";
  488. print "</div></body></html>";
  489. } else {
  490. render_login_form();
  491. }
  492. }
  493. function index() {
  494. header("Content-Type: text/plain");
  495. print error_json(13);
  496. }
  497. function forgotpass() {
  498. startup_gettext();
  499. @$hash = $_REQUEST["hash"];
  500. header('Content-Type: text/html; charset=utf-8');
  501. print "<html><head><title>Tiny Tiny RSS</title>
  502. <link rel=\"shortcut icon\" type=\"image/png\" href=\"images/favicon.png\">
  503. <link rel=\"icon\" type=\"image/png\" sizes=\"72x72\" href=\"images/favicon-72px.png\">";
  504. echo stylesheet_tag("css/utility.css");
  505. echo javascript_tag("lib/prototype.js");
  506. print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
  507. </head><body id='forgotpass'>";
  508. print '<div class="floatingLogo"><img src="images/logo_small.png"></div>';
  509. print "<h1>".__("Password recovery")."</h1>";
  510. print "<div class='content'>";
  511. @$method = $_POST['method'];
  512. if ($hash) {
  513. $login = $_REQUEST["login"];
  514. if ($login) {
  515. $result = $this->dbh->query("SELECT id, resetpass_token FROM ttrss_users
  516. WHERE login = '$login'");
  517. if ($this->dbh->num_rows($result) != 0) {
  518. $id = $this->dbh->fetch_result($result, 0, "id");
  519. $resetpass_token_full = $this->dbh->fetch_result($result, 0, "resetpass_token");
  520. list($timestamp, $resetpass_token) = explode(":", $resetpass_token_full);
  521. if ($timestamp && $resetpass_token &&
  522. $timestamp >= time() - 15*60*60 &&
  523. $resetpass_token == $hash) {
  524. $result = $this->dbh->query("UPDATE ttrss_users SET resetpass_token = NULL
  525. WHERE id = $id");
  526. Pref_Users::resetUserPassword($id, true);
  527. print "<p>"."Completed."."</p>";
  528. } else {
  529. print_error("Some of the information provided is missing or incorrect.");
  530. }
  531. } else {
  532. print_error("Some of the information provided is missing or incorrect.");
  533. }
  534. } else {
  535. print_error("Some of the information provided is missing or incorrect.");
  536. }
  537. print "<form method=\"GET\" action=\"index.php\">
  538. <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
  539. </form>";
  540. } else if (!$method) {
  541. print_notice(__("You will need to provide valid account name and email. A password reset link will be sent to your email address."));
  542. print "<form method='POST' action='public.php'>";
  543. print "<input type='hidden' name='method' value='do'>";
  544. print "<input type='hidden' name='op' value='forgotpass'>";
  545. print "<fieldset>";
  546. print "<label>".__("Login:")."</label>";
  547. print "<input type='text' name='login' value='' required>";
  548. print "</fieldset>";
  549. print "<fieldset>";
  550. print "<label>".__("Email:")."</label>";
  551. print "<input type='email' name='email' value='' required>";
  552. print "</fieldset>";
  553. print "<fieldset>";
  554. print "<label>".__("How much is two plus two:")."</label>";
  555. print "<input type='text' name='test' value='' required>";
  556. print "</fieldset>";
  557. print "<p/>";
  558. print "<button type='submit'>".__("Reset password")."</button>";
  559. print "</form>";
  560. } else if ($method == 'do') {
  561. $login = $this->dbh->escape_string($_POST["login"]);
  562. $email = $this->dbh->escape_string($_POST["email"]);
  563. $test = $this->dbh->escape_string($_POST["test"]);
  564. if (($test != 4 && $test != 'four') || !$email || !$login) {
  565. print_error(__('Some of the required form parameters are missing or incorrect.'));
  566. print "<form method=\"GET\" action=\"public.php\">
  567. <input type=\"hidden\" name=\"op\" value=\"forgotpass\">
  568. <input type=\"submit\" value=\"".__("Go back")."\">
  569. </form>";
  570. } else {
  571. print_notice("Password reset instructions are being sent to your email address.");
  572. $result = $this->dbh->query("SELECT id FROM ttrss_users
  573. WHERE login = '$login' AND email = '$email'");
  574. if ($this->dbh->num_rows($result) != 0) {
  575. $id = $this->dbh->fetch_result($result, 0, "id");
  576. if ($id) {
  577. $resetpass_token = sha1(get_random_bytes(128));
  578. $resetpass_link = get_self_url_prefix() . "/public.php?op=forgotpass&hash=" . $resetpass_token .
  579. "&login=" . urlencode($login);
  580. require_once 'classes/ttrssmailer.php';
  581. require_once "lib/MiniTemplator.class.php";
  582. $tpl = new MiniTemplator;
  583. $tpl->readTemplateFromFile("templates/resetpass_link_template.txt");
  584. $tpl->setVariable('LOGIN', $login);
  585. $tpl->setVariable('RESETPASS_LINK', $resetpass_link);
  586. $tpl->addBlock('message');
  587. $message = "";
  588. $tpl->generateOutputToString($message);
  589. $mail = new ttrssMailer();
  590. $rc = $mail->quickMail($email, $login,
  591. __("[tt-rss] Password reset request"),
  592. $message, false);
  593. if (!$rc) print_error($mail->ErrorInfo);
  594. $resetpass_token_full = $this->dbh->escape_string(time() . ":" . $resetpass_token);
  595. $result = $this->dbh->query("UPDATE ttrss_users
  596. SET resetpass_token = '$resetpass_token_full'
  597. WHERE login = '$login' AND email = '$email'");
  598. //Pref_Users::resetUserPassword($id, false);
  599. print "<p>";
  600. print "<p>"."Completed."."</p>";
  601. } else {
  602. print_error("User ID not found.");
  603. }
  604. print "<form method=\"GET\" action=\"index.php\">
  605. <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
  606. </form>";
  607. } else {
  608. print_error(__("Sorry, login and email combination not found."));
  609. print "<form method=\"GET\" action=\"public.php\">
  610. <input type=\"hidden\" name=\"op\" value=\"forgotpass\">
  611. <input type=\"submit\" value=\"".__("Go back")."\">
  612. </form>";
  613. }
  614. }
  615. }
  616. print "</div>";
  617. print "</body>";
  618. print "</html>";
  619. }
  620. function dbupdate() {
  621. startup_gettext();
  622. if (!SINGLE_USER_MODE && $_SESSION["access_level"] < 10) {
  623. $_SESSION["login_error_msg"] = __("Your access level is insufficient to run this script.");
  624. render_login_form();
  625. exit;
  626. }
  627. ?><html>
  628. <head>
  629. <title>Database Updater</title>
  630. <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
  631. <link rel="stylesheet" type="text/css" href="css/utility.css"/>
  632. <link rel=\"shortcut icon\" type=\"image/png\" href=\"images/favicon.png\">
  633. <link rel=\"icon\" type=\"image/png\" sizes=\"72x72\" href=\"images/favicon-72px.png\">
  634. </head>
  635. <style type="text/css">
  636. span.ok { color : #009000; font-weight : bold; }
  637. span.err { color : #ff0000; font-weight : bold; }
  638. </style>
  639. <body>
  640. <script type='text/javascript'>
  641. function confirmOP() {
  642. return confirm("Update the database?");
  643. }
  644. </script>
  645. <div class="floatingLogo"><img src="images/logo_small.png"></div>
  646. <h1><?php echo __("Database Updater") ?></h1>
  647. <div class="content">
  648. <?php
  649. @$op = $_REQUEST["subop"];
  650. $updater = new DbUpdater(Db::get(), DB_TYPE, SCHEMA_VERSION);
  651. if ($op == "performupdate") {
  652. if ($updater->isUpdateRequired()) {
  653. print "<h2>Performing updates</h2>";
  654. print "<h3>Updating to schema version " . SCHEMA_VERSION . "</h3>";
  655. print "<ul>";
  656. for ($i = $updater->getSchemaVersion() + 1; $i <= SCHEMA_VERSION; $i++) {
  657. print "<li>Performing update up to version $i...";
  658. $result = $updater->performUpdateTo($i, true);
  659. if (!$result) {
  660. print "<span class='err'>FAILED!</span></li></ul>";
  661. print_warning("One of the updates failed. Either retry the process or perform updates manually.");
  662. print "<p><form method=\"GET\" action=\"index.php\">
  663. <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
  664. </form>";
  665. return;
  666. } else {
  667. print "<span class='ok'>OK!</span></li>";
  668. }
  669. }
  670. print "</ul>";
  671. print_notice("Your Tiny Tiny RSS database is now updated to the latest version.");
  672. print "<p><form method=\"GET\" action=\"index.php\">
  673. <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
  674. </form>";
  675. } else {
  676. print "<h2>Your database is up to date.</h2>";
  677. print "<p><form method=\"GET\" action=\"index.php\">
  678. <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
  679. </form>";
  680. }
  681. } else {
  682. if ($updater->isUpdateRequired()) {
  683. print "<h2>Database update required</h2>";
  684. print_notice("<h4>".
  685. sprintf("Your Tiny Tiny RSS database needs update to the latest version: %d to %d.",
  686. $updater->getSchemaVersion(), SCHEMA_VERSION).
  687. "</h4>");
  688. print_warning("Please backup your database before proceeding.");
  689. print "<form method='POST'>
  690. <input type='hidden' name='subop' value='performupdate'>
  691. <input type='submit' onclick='return confirmOP()' value='".__("Perform updates")."'>
  692. </form>";
  693. } else {
  694. print_notice("Tiny Tiny RSS database is up to date.");
  695. print "<p><form method=\"GET\" action=\"index.php\">
  696. <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
  697. </form>";
  698. }
  699. }
  700. ?>
  701. </div>
  702. </body>
  703. </html>
  704. <?php
  705. }
  706. function cached_url() {
  707. @$hash = basename($_GET['hash']);
  708. // we don't need an extension to find the file, hash is a complete URL
  709. $hash = preg_replace("/\.[^\.]*$/", "", $hash);
  710. if ($hash) {
  711. $filename = CACHE_DIR . '/images/' . $hash;
  712. if (file_exists($filename)) {
  713. header("Content-Disposition: inline; filename=\"$hash\"");
  714. $mimetype = mime_content_type($filename);
  715. /* See if we can use X-Sendfile */
  716. $xsendfile = false;
  717. if (function_exists('apache_get_modules') &&
  718. array_search('mod_xsendfile', apache_get_modules()))
  719. $xsendfile = true;
  720. if ($xsendfile) {
  721. header("X-Sendfile: $filename");
  722. header("Content-type: $mimetype");
  723. header('Content-Disposition: inline; filename="' . basename($filename) . '"');
  724. } else {
  725. header("Content-type: $mimetype");
  726. $stamp = gmdate("D, d M Y H:i:s", filemtime($filename)). " GMT";
  727. header("Last-Modified: $stamp", true);
  728. readfile($filename);
  729. }
  730. } else {
  731. header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");
  732. echo "File not found.";
  733. }
  734. }
  735. }
  736. private function make_article_tag_uri($id, $timestamp) {
  737. $timestamp = date("Y-m-d", strtotime($timestamp));
  738. return "tag:" . parse_url(get_self_url_prefix(), PHP_URL_HOST) . ",$timestamp:/$id";
  739. }
  740. // this should be used very carefully because this endpoint is exposed to unauthenticated users
  741. // plugin data is not loaded because there's no user context and owner_uid/session may or may not be available
  742. // in general, don't do anything user-related in here and do not modify $_SESSION
  743. public function pluginhandler() {
  744. $host = new PluginHost();
  745. $plugin = basename($_REQUEST["plugin"]);
  746. $method = $_REQUEST["pmethod"];
  747. $host->load($plugin, PluginHost::KIND_USER, 0);
  748. $host->load_data();
  749. $pclass = $host->get_plugin($plugin);
  750. if ($pclass) {
  751. if (method_exists($pclass, $method)) {
  752. if ($pclass->is_public_method($method)) {
  753. $pclass->$method();
  754. } else {
  755. header("Content-Type: text/json");
  756. print error_json(6);
  757. }
  758. } else {
  759. header("Content-Type: text/json");
  760. print error_json(13);
  761. }
  762. } else {
  763. header("Content-Type: text/json");
  764. print error_json(14);
  765. }
  766. }
  767. }
  768. ?>