public.php 29 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024
  1. <?php
  2. class Handler_Public extends Handler {
  3. private function generate_syndicated_feed($owner_uid, $feed, $is_cat,
  4. $limit, $offset, $search,
  5. $view_mode = false, $format = 'atom', $order = false, $orig_guid = false, $start_ts = false) {
  6. require_once "lib/MiniTemplator.class.php";
  7. $note_style = "background-color : #fff7d5;
  8. border-width : 1px; ".
  9. "padding : 5px; border-style : dashed; border-color : #e7d796;".
  10. "margin-bottom : 1em; color : #9a8c59;";
  11. if (!$limit) $limit = 60;
  12. $date_sort_field = "date_entered DESC, updated DESC";
  13. if ($feed == -2 && !$is_cat) {
  14. $date_sort_field = "last_published DESC";
  15. } else if ($feed == -1 && !$is_cat) {
  16. $date_sort_field = "last_marked DESC";
  17. }
  18. switch ($order) {
  19. case "title":
  20. $date_sort_field = "ttrss_entries.title, date_entered, updated";
  21. break;
  22. case "date_reverse":
  23. $date_sort_field = "date_entered, updated";
  24. break;
  25. case "feed_dates":
  26. $date_sort_field = "updated DESC";
  27. break;
  28. }
  29. $params = array(
  30. "owner_uid" => $owner_uid,
  31. "feed" => $feed,
  32. "limit" => $limit,
  33. "view_mode" => $view_mode,
  34. "cat_view" => $is_cat,
  35. "search" => $search,
  36. "override_order" => $date_sort_field,
  37. "include_children" => true,
  38. "ignore_vfeed_group" => true,
  39. "offset" => $offset,
  40. "start_ts" => $start_ts
  41. );
  42. if (!$is_cat && is_numeric($feed) && $feed < PLUGIN_FEED_BASE_INDEX && $feed > LABEL_BASE_INDEX) {
  43. $user_plugins = get_pref("_ENABLED_PLUGINS", $owner_uid);
  44. $tmppluginhost = new PluginHost();
  45. $tmppluginhost->load(PLUGINS, PluginHost::KIND_ALL);
  46. $tmppluginhost->load($user_plugins, PluginHost::KIND_USER, $owner_uid);
  47. $tmppluginhost->load_data();
  48. $handler = $tmppluginhost->get_feed_handler(
  49. PluginHost::feed_to_pfeed_id($feed));
  50. if ($handler) {
  51. $qfh_ret = $handler->get_headlines(PluginHost::feed_to_pfeed_id($feed),
  52. $options);
  53. }
  54. } else {
  55. $qfh_ret = Feeds::queryFeedHeadlines($params);
  56. }
  57. $result = $qfh_ret[0];
  58. $feed_title = htmlspecialchars($qfh_ret[1]);
  59. $feed_site_url = $qfh_ret[2];
  60. /* $last_error = $qfh_ret[3]; */
  61. $feed_self_url = get_self_url_prefix() .
  62. "/public.php?op=rss&id=$feed&key=" .
  63. get_feed_access_key($feed, false, $owner_uid);
  64. if (!$feed_site_url) $feed_site_url = get_self_url_prefix();
  65. if ($format == 'atom') {
  66. $tpl = new MiniTemplator;
  67. $tpl->readTemplateFromFile("templates/generated_feed.txt");
  68. $tpl->setVariable('FEED_TITLE', $feed_title, true);
  69. $tpl->setVariable('VERSION', VERSION, true);
  70. $tpl->setVariable('FEED_URL', htmlspecialchars($feed_self_url), true);
  71. $tpl->setVariable('SELF_URL', htmlspecialchars(get_self_url_prefix()), true);
  72. while ($line = $result->fetch()) {
  73. $line["content_preview"] = sanitize(truncate_string(strip_tags($line["content"]), 100, '...'));
  74. foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_QUERY_HEADLINES) as $p) {
  75. $line = $p->hook_query_headlines($line);
  76. }
  77. foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_ARTICLE_EXPORT_FEED) as $p) {
  78. $line = $p->hook_article_export_feed($line, $feed, $is_cat);
  79. }
  80. $tpl->setVariable('ARTICLE_ID',
  81. htmlspecialchars($orig_guid ? $line['link'] :
  82. $this->make_article_tag_uri($line['id'], $line['date_entered'])), true);
  83. $tpl->setVariable('ARTICLE_LINK', htmlspecialchars($line['link']), true);
  84. $tpl->setVariable('ARTICLE_TITLE', htmlspecialchars($line['title']), true);
  85. $tpl->setVariable('ARTICLE_EXCERPT', $line["content_preview"], true);
  86. $content = sanitize($line["content"], false, $owner_uid,
  87. $feed_site_url, false, $line["id"]);
  88. if ($line['note']) {
  89. $content = "<div style=\"$note_style\">Article note: " . $line['note'] . "</div>" .
  90. $content;
  91. $tpl->setVariable('ARTICLE_NOTE', htmlspecialchars($line['note']), true);
  92. }
  93. $tpl->setVariable('ARTICLE_CONTENT', $content, true);
  94. $tpl->setVariable('ARTICLE_UPDATED_ATOM',
  95. date('c', strtotime($line["updated"])), true);
  96. $tpl->setVariable('ARTICLE_UPDATED_RFC822',
  97. date(DATE_RFC822, strtotime($line["updated"])), true);
  98. $tpl->setVariable('ARTICLE_AUTHOR', htmlspecialchars($line['author']), true);
  99. $tpl->setVariable('ARTICLE_SOURCE_LINK', htmlspecialchars($line['site_url'] ? $line["site_url"] : get_self_url_prefix()), true);
  100. $tpl->setVariable('ARTICLE_SOURCE_TITLE', htmlspecialchars($line['feed_title'] ? $line['feed_title'] : $feed_title), true);
  101. $tags = Article::get_article_tags($line["id"], $owner_uid);
  102. foreach ($tags as $tag) {
  103. $tpl->setVariable('ARTICLE_CATEGORY', htmlspecialchars($tag), true);
  104. $tpl->addBlock('category');
  105. }
  106. $enclosures = Article::get_article_enclosures($line["id"]);
  107. foreach ($enclosures as $e) {
  108. $type = htmlspecialchars($e['content_type']);
  109. $url = htmlspecialchars($e['content_url']);
  110. $length = $e['duration'] ? $e['duration'] : 1;
  111. $tpl->setVariable('ARTICLE_ENCLOSURE_URL', $url, true);
  112. $tpl->setVariable('ARTICLE_ENCLOSURE_TYPE', $type, true);
  113. $tpl->setVariable('ARTICLE_ENCLOSURE_LENGTH', $length, true);
  114. $tpl->addBlock('enclosure');
  115. }
  116. $tpl->addBlock('entry');
  117. }
  118. $tmp = "";
  119. $tpl->addBlock('feed');
  120. $tpl->generateOutputToString($tmp);
  121. if (@!clean($_REQUEST["noxml"])) {
  122. header("Content-Type: text/xml; charset=utf-8");
  123. } else {
  124. header("Content-Type: text/plain; charset=utf-8");
  125. }
  126. print $tmp;
  127. } else if ($format == 'json') {
  128. $feed = array();
  129. $feed['title'] = $feed_title;
  130. $feed['version'] = VERSION;
  131. $feed['feed_url'] = $feed_self_url;
  132. $feed['self_url'] = get_self_url_prefix();
  133. $feed['articles'] = array();
  134. while ($line = $result->fetch()) {
  135. $line["content_preview"] = sanitize(truncate_string(strip_tags($line["content_preview"]), 100, '...'));
  136. foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_QUERY_HEADLINES) as $p) {
  137. $line = $p->hook_query_headlines($line, 100);
  138. }
  139. foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_ARTICLE_EXPORT_FEED) as $p) {
  140. $line = $p->hook_article_export_feed($line, $feed, $is_cat);
  141. }
  142. $article = array();
  143. $article['id'] = $line['link'];
  144. $article['link'] = $line['link'];
  145. $article['title'] = $line['title'];
  146. $article['excerpt'] = $line["content_preview"];
  147. $article['content'] = sanitize($line["content"], false, $owner_uid, $feed_site_url, false, $line["id"]);
  148. $article['updated'] = date('c', strtotime($line["updated"]));
  149. if ($line['note']) $article['note'] = $line['note'];
  150. if ($article['author']) $article['author'] = $line['author'];
  151. $tags = Article::get_article_tags($line["id"], $owner_uid);
  152. if (count($tags) > 0) {
  153. $article['tags'] = array();
  154. foreach ($tags as $tag) {
  155. array_push($article['tags'], $tag);
  156. }
  157. }
  158. $enclosures = Article::get_article_enclosures($line["id"]);
  159. if (count($enclosures) > 0) {
  160. $article['enclosures'] = array();
  161. foreach ($enclosures as $e) {
  162. $type = $e['content_type'];
  163. $url = $e['content_url'];
  164. $length = $e['duration'];
  165. array_push($article['enclosures'], array("url" => $url, "type" => $type, "length" => $length));
  166. }
  167. }
  168. array_push($feed['articles'], $article);
  169. }
  170. header("Content-Type: text/json; charset=utf-8");
  171. print json_encode($feed);
  172. } else {
  173. header("Content-Type: text/plain; charset=utf-8");
  174. print json_encode(array("error" => array("message" => "Unknown format")));
  175. }
  176. }
  177. function getUnread() {
  178. $login = clean($_REQUEST["login"]);
  179. $fresh = clean($_REQUEST["fresh"]) == "1";
  180. $sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE login = ?");
  181. $sth->execute([$login]);
  182. if ($row = $sth->fetch()) {
  183. $uid = $row["id"];
  184. print Feeds::getGlobalUnread($uid);
  185. if ($fresh) {
  186. print ";";
  187. print Feeds::getFeedArticles(-3, false, true, $uid);
  188. }
  189. } else {
  190. print "-1;User not found";
  191. }
  192. }
  193. function getProfiles() {
  194. $login = clean($_REQUEST["login"]);
  195. $rv = [];
  196. if ($login) {
  197. $sth = $this->pdo->prepare("SELECT ttrss_settings_profiles.* FROM ttrss_settings_profiles,ttrss_users
  198. WHERE ttrss_users.id = ttrss_settings_profiles.owner_uid AND login = ? ORDER BY title");
  199. $sth->execute([$login]);
  200. $rv = [ [ "value" => 0, "label" => __("Default profile") ] ];
  201. while ($line = $sth->fetch()) {
  202. $id = $line["id"];
  203. $title = $line["title"];
  204. array_push($rv, [ "label" => $title, "value" => $id ]);
  205. }
  206. }
  207. print json_encode($rv);
  208. }
  209. function logout() {
  210. logout_user();
  211. header("Location: index.php");
  212. }
  213. function share() {
  214. $uuid = clean($_REQUEST["key"]);
  215. $sth = $this->pdo->prepare("SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
  216. uuid = ?");
  217. $sth->execute([$uuid]);
  218. if ($row = $sth->fetch()) {
  219. header("Content-Type: text/html");
  220. $id = $row["ref_id"];
  221. $owner_uid = $row["owner_uid"];
  222. $article = Article::format_article($id, false, true, $owner_uid);
  223. print_r($article['content']);
  224. } else {
  225. print "Article not found.";
  226. }
  227. }
  228. function rss() {
  229. $feed = clean($_REQUEST["id"]);
  230. $key = clean($_REQUEST["key"]);
  231. $is_cat = clean($_REQUEST["is_cat"]);
  232. $limit = (int)clean($_REQUEST["limit"]);
  233. $offset = (int)clean($_REQUEST["offset"]);
  234. $search = clean($_REQUEST["q"]);
  235. $view_mode = clean($_REQUEST["view-mode"]);
  236. $order = clean($_REQUEST["order"]);
  237. $start_ts = clean($_REQUEST["ts"]);
  238. $format = clean($_REQUEST['format']);
  239. $orig_guid = clean($_REQUEST["orig_guid"]);
  240. if (!$format) $format = 'atom';
  241. if (SINGLE_USER_MODE) {
  242. authenticate_user("admin", null);
  243. }
  244. $owner_id = false;
  245. if ($key) {
  246. $sth = $this->pdo->prepare("SELECT owner_uid FROM
  247. ttrss_access_keys WHERE access_key = ? AND feed_id = ?");
  248. $sth->execute([$key, $feed]);
  249. if ($row = $sth->fetch())
  250. $owner_id = $row["owner_uid"];
  251. }
  252. if ($owner_id) {
  253. $this->generate_syndicated_feed($owner_id, $feed, $is_cat, $limit,
  254. $offset, $search, $view_mode, $format, $order, $orig_guid, $start_ts);
  255. } else {
  256. header('HTTP/1.1 403 Forbidden');
  257. }
  258. }
  259. function updateTask() {
  260. PluginHost::getInstance()->run_hooks(PluginHost::HOOK_UPDATE_TASK, "hook_update_task", false);
  261. }
  262. function housekeepingTask() {
  263. PluginHost::getInstance()->run_hooks(PluginHost::HOOK_HOUSE_KEEPING, "hook_house_keeping", false);
  264. }
  265. function globalUpdateFeeds() {
  266. RPC::updaterandomfeed_real();
  267. PluginHost::getInstance()->run_hooks(PluginHost::HOOK_UPDATE_TASK, "hook_update_task", false);
  268. }
  269. function sharepopup() {
  270. if (SINGLE_USER_MODE) {
  271. login_sequence();
  272. }
  273. header('Content-Type: text/html; charset=utf-8');
  274. print "<html><head><title>Tiny Tiny RSS</title>
  275. <link rel=\"shortcut icon\" type=\"image/png\" href=\"images/favicon.png\">
  276. <link rel=\"icon\" type=\"image/png\" sizes=\"72x72\" href=\"images/favicon-72px.png\">";
  277. echo stylesheet_tag("css/default.css");
  278. echo javascript_tag("lib/prototype.js");
  279. echo javascript_tag("lib/scriptaculous/scriptaculous.js?load=effects,controls");
  280. print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
  281. </head><body id='sharepopup' class='ttrss_utility'>";
  282. $action = clean($_REQUEST["action"]);
  283. if ($_SESSION["uid"]) {
  284. if ($action == 'share') {
  285. $title = strip_tags(clean($_REQUEST["title"]));
  286. $url = strip_tags(clean($_REQUEST["url"]));
  287. $content = strip_tags(clean($_REQUEST["content"]));
  288. $labels = strip_tags(clean($_REQUEST["labels"]));
  289. Article::create_published_article($title, $url, $content, $labels,
  290. $_SESSION["uid"]);
  291. print "<script type='text/javascript'>";
  292. print "window.close();";
  293. print "</script>";
  294. } else {
  295. $title = htmlspecialchars(clean($_REQUEST["title"]));
  296. $url = htmlspecialchars(clean($_REQUEST["url"]));
  297. ?>
  298. <table height='100%' width='100%'><tr><td colspan='2'>
  299. <h1><?php echo __("Share with Tiny Tiny RSS") ?></h1>
  300. </td></tr>
  301. <form id='share_form' name='share_form'>
  302. <input type="hidden" name="op" value="sharepopup">
  303. <input type="hidden" name="action" value="share">
  304. <tr><td align='right'><?php echo __("Title:") ?></td>
  305. <td width='80%'><input name='title' value="<?php echo $title ?>"></td></tr>
  306. <tr><td align='right'><?php echo __("URL:") ?></td>
  307. <td><input name='url' value="<?php echo $url ?>"></td></tr>
  308. <tr><td align='right'><?php echo __("Content:") ?></td>
  309. <td><input name='content' value=""></td></tr>
  310. <tr><td align='right'><?php echo __("Labels:") ?></td>
  311. <td><input name='labels' id="labels_value"
  312. placeholder='Alpha, Beta, Gamma' value="">
  313. </td></tr>
  314. <tr><td>
  315. <div class="autocomplete" id="labels_choices"
  316. style="display : block"></div></td></tr>
  317. <script type='text/javascript'>document.forms[0].title.focus();</script>
  318. <script type='text/javascript'>
  319. new Ajax.Autocompleter('labels_value', 'labels_choices',
  320. "backend.php?op=rpc&method=completeLabels",
  321. { tokens: ',', paramName: "search" });
  322. </script>
  323. <tr><td colspan='2'>
  324. <div style='float : right' class='insensitive-small'>
  325. <?php echo __("Shared article will appear in the Published feed.") ?>
  326. </div>
  327. <button type="submit"><?php echo __('Share') ?></button>
  328. <button onclick="return window.close()"><?php echo __('Cancel') ?></button>
  329. </td>
  330. </form>
  331. </td></tr></table>
  332. </body></html>
  333. <?php
  334. }
  335. } else {
  336. $return = urlencode($_SERVER["REQUEST_URI"])
  337. ?>
  338. <form action="public.php?return=<?php echo $return ?>"
  339. method="POST" id="loginForm" name="loginForm">
  340. <input type="hidden" name="op" value="login">
  341. <table height='100%' width='100%'><tr><td colspan='2'>
  342. <h1><?php echo __("Not logged in") ?></h1></td></tr>
  343. <tr><td align="right"><?php echo __("Login:") ?></td>
  344. <td align="right"><input name="login"
  345. value="<?php echo $_SESSION["fake_login"] ?>"></td></tr>
  346. <tr><td align="right"><?php echo __("Password:") ?></td>
  347. <td align="right"><input type="password" name="password"
  348. value="<?php echo $_SESSION["fake_password"] ?>"></td></tr>
  349. <tr><td colspan='2'>
  350. <button type="submit">
  351. <?php echo __('Log in') ?></button>
  352. <button onclick="return window.close()">
  353. <?php echo __('Cancel') ?></button>
  354. </td></tr>
  355. </table>
  356. </form>
  357. <?php
  358. }
  359. }
  360. function login() {
  361. if (!SINGLE_USER_MODE) {
  362. $login = clean($_POST["login"]);
  363. $password = clean($_POST["password"]);
  364. $remember_me = clean($_POST["remember_me"]);
  365. if ($remember_me) {
  366. session_set_cookie_params(SESSION_COOKIE_LIFETIME);
  367. } else {
  368. session_set_cookie_params(0);
  369. }
  370. if (authenticate_user($login, $password)) {
  371. $_POST["password"] = "";
  372. if (get_schema_version() >= 120) {
  373. $_SESSION["language"] = get_pref("USER_LANGUAGE", $_SESSION["uid"]);
  374. }
  375. $_SESSION["ref_schema_version"] = get_schema_version(true);
  376. $_SESSION["bw_limit"] = !!clean($_POST["bw_limit"]);
  377. if (clean($_POST["profile"])) {
  378. $profile = (int) clean($_POST["profile"]);
  379. $sth = $this->pdo->prepare("SELECT id FROM ttrss_settings_profiles
  380. WHERE id = ? AND owner_uid = ?");
  381. $sth->execute([$profile, $_SESSION['uid']]);
  382. if ($sth->fetch()) {
  383. $_SESSION["profile"] = $profile;
  384. } else {
  385. $_SESSION["profile"] = null;
  386. }
  387. }
  388. } else {
  389. // start an empty session to deliver login error message
  390. @session_start();
  391. if (!isset($_SESSION["login_error_msg"]))
  392. $_SESSION["login_error_msg"] = __("Incorrect username or password");
  393. user_error("Failed login attempt for $login from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING);
  394. }
  395. if (clean($_REQUEST['return'])) {
  396. header("Location: " . clean($_REQUEST['return']));
  397. } else {
  398. header("Location: " . get_self_url_prefix());
  399. }
  400. }
  401. }
  402. /* function subtest() {
  403. header("Content-type: text/plain; charset=utf-8");
  404. $url = clean($_REQUEST["url"]);
  405. print "$url\n\n";
  406. print_r(get_feeds_from_html($url, fetch_file_contents($url)));
  407. } */
  408. function subscribe() {
  409. if (SINGLE_USER_MODE) {
  410. login_sequence();
  411. }
  412. if ($_SESSION["uid"]) {
  413. $feed_url = trim(clean($_REQUEST["feed_url"]));
  414. header('Content-Type: text/html; charset=utf-8');
  415. print "<html>
  416. <head>
  417. <title>Tiny Tiny RSS</title>";
  418. print stylesheet_tag("css/default.css");
  419. print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
  420. <link rel=\"shortcut icon\" type=\"image/png\" href=\"images/favicon.png\">
  421. <link rel=\"icon\" type=\"image/png\" sizes=\"72x72\" href=\"images/favicon-72px.png\">
  422. </head>
  423. <body class='claro ttrss_utility'>
  424. <img class=\"floatingLogo\" src=\"images/logo_small.png\"
  425. alt=\"Tiny Tiny RSS\"/>
  426. <h1>".__("Subscribe to feed...")."</h1><div class='content'>";
  427. $rc = Feeds::subscribe_to_feed($feed_url);
  428. switch ($rc['code']) {
  429. case 0:
  430. print_warning(T_sprintf("Already subscribed to <b>%s</b>.", $feed_url));
  431. break;
  432. case 1:
  433. print_notice(T_sprintf("Subscribed to <b>%s</b>.", $feed_url));
  434. break;
  435. case 2:
  436. print_error(T_sprintf("Could not subscribe to <b>%s</b>.", $feed_url));
  437. break;
  438. case 3:
  439. print_error(T_sprintf("No feeds found in <b>%s</b>.", $feed_url));
  440. break;
  441. case 4:
  442. print_notice(__("Multiple feed URLs found."));
  443. $feed_urls = $rc["feeds"];
  444. break;
  445. case 5:
  446. print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url));
  447. break;
  448. }
  449. if ($feed_urls) {
  450. print "<form action=\"public.php\">";
  451. print "<input type=\"hidden\" name=\"op\" value=\"subscribe\">";
  452. print "<select name=\"feed_url\">";
  453. foreach ($feed_urls as $url => $name) {
  454. $url = htmlspecialchars($url);
  455. $name = htmlspecialchars($name);
  456. print "<option value=\"$url\">$name</option>";
  457. }
  458. print "<input type=\"submit\" value=\"".__("Subscribe to selected feed").
  459. "\">";
  460. print "</form>";
  461. }
  462. $tp_uri = get_self_url_prefix() . "/prefs.php";
  463. $tt_uri = get_self_url_prefix();
  464. if ($rc['code'] <= 2){
  465. $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE
  466. feed_url = ? AND owner_uid = ?");
  467. $sth->execute([$feed_url, $_SESSION['uid']]);
  468. $row = $sth->fetch();
  469. $feed_id = $row["id"];
  470. } else {
  471. $feed_id = 0;
  472. }
  473. print "<p>";
  474. if ($feed_id) {
  475. print "<form method=\"GET\" style='display: inline'
  476. action=\"$tp_uri\">
  477. <input type=\"hidden\" name=\"tab\" value=\"feedConfig\">
  478. <input type=\"hidden\" name=\"method\" value=\"editFeed\">
  479. <input type=\"hidden\" name=\"methodparam\" value=\"$feed_id\">
  480. <input type=\"submit\" value=\"".__("Edit subscription options")."\">
  481. </form>";
  482. }
  483. print "<form style='display: inline' method=\"GET\" action=\"$tt_uri\">
  484. <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
  485. </form></p>";
  486. print "</div></body></html>";
  487. } else {
  488. render_login_form();
  489. }
  490. }
  491. function index() {
  492. header("Content-Type: text/plain");
  493. print error_json(13);
  494. }
  495. function forgotpass() {
  496. startup_gettext();
  497. @$hash = clean($_REQUEST["hash"]);
  498. header('Content-Type: text/html; charset=utf-8');
  499. print "<html><head><title>Tiny Tiny RSS</title>
  500. <link rel=\"shortcut icon\" type=\"image/png\" href=\"images/favicon.png\">
  501. <link rel=\"icon\" type=\"image/png\" sizes=\"72x72\" href=\"images/favicon-72px.png\">";
  502. echo stylesheet_tag("lib/dijit/themes/claro/claro.css");
  503. echo stylesheet_tag("css/default.css");
  504. echo javascript_tag("lib/prototype.js");
  505. print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
  506. </head><body class='claro ttrss_utility'>";
  507. print '<div class="floatingLogo"><img src="images/logo_small.png"></div>';
  508. print "<h1>".__("Password recovery")."</h1>";
  509. print "<div class='content'>";
  510. @$method = clean($_POST['method']);
  511. if ($hash) {
  512. $login = clean($_REQUEST["login"]);
  513. if ($login) {
  514. $sth = $this->pdo->prepare("SELECT id, resetpass_token FROM ttrss_users
  515. WHERE login = ?");
  516. $sth->execute([$login]);
  517. if ($row = $sth->fetch()) {
  518. $id = $row["id"];
  519. $resetpass_token_full = $row["resetpass_token"];
  520. list($timestamp, $resetpass_token) = explode(":", $resetpass_token_full);
  521. if ($timestamp && $resetpass_token &&
  522. $timestamp >= time() - 15*60*60 &&
  523. $resetpass_token == $hash) {
  524. $sth = $this->pdo->prepare("UPDATE ttrss_users SET resetpass_token = NULL
  525. WHERE id = ?");
  526. $sth->execute([$id]);
  527. Pref_Users::resetUserPassword($id, true);
  528. print "<p>"."Completed."."</p>";
  529. } else {
  530. print_error("Some of the information provided is missing or incorrect.");
  531. }
  532. } else {
  533. print_error("Some of the information provided is missing or incorrect.");
  534. }
  535. } else {
  536. print_error("Some of the information provided is missing or incorrect.");
  537. }
  538. print "<form method=\"GET\" action=\"index.php\">
  539. <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
  540. </form>";
  541. } else if (!$method) {
  542. print_notice(__("You will need to provide valid account name and email. A password reset link will be sent to your email address."));
  543. print "<form method='POST' action='public.php'>";
  544. print "<input type='hidden' name='method' value='do'>";
  545. print "<input type='hidden' name='op' value='forgotpass'>";
  546. print "<fieldset>";
  547. print "<label>".__("Login:")."</label>";
  548. print "<input class='input input-text' type='text' name='login' value='' required>";
  549. print "</fieldset>";
  550. print "<fieldset>";
  551. print "<label>".__("Email:")."</label>";
  552. print "<input class='input input-text' type='email' name='email' value='' required>";
  553. print "</fieldset>";
  554. print "<fieldset>";
  555. print "<label>".__("How much is two plus two:")."</label>";
  556. print "<input class='input input-text' type='text' name='test' value='' required>";
  557. print "</fieldset>";
  558. print "<p/>";
  559. print "<button type='submit'>".__("Reset password")."</button>";
  560. print "</form>";
  561. } else if ($method == 'do') {
  562. $login = clean($_POST["login"]);
  563. $email = clean($_POST["email"]);
  564. $test = clean($_POST["test"]);
  565. if (($test != 4 && $test != 'four') || !$email || !$login) {
  566. print_error(__('Some of the required form parameters are missing or incorrect.'));
  567. print "<form method=\"GET\" action=\"public.php\">
  568. <input type=\"hidden\" name=\"op\" value=\"forgotpass\">
  569. <input type=\"submit\" value=\"".__("Go back")."\">
  570. </form>";
  571. } else {
  572. print_notice("Password reset instructions are being sent to your email address.");
  573. $sth = $this->pdo->prepare("SELECT id FROM ttrss_users
  574. WHERE login = ? AND email = ?");
  575. $sth->execute([$login, $email]);
  576. if ($row = $sth->fetch()) {
  577. $id = $row["id"];
  578. if ($id) {
  579. $resetpass_token = sha1(get_random_bytes(128));
  580. $resetpass_link = get_self_url_prefix() . "/public.php?op=forgotpass&hash=" . $resetpass_token .
  581. "&login=" . urlencode($login);
  582. require_once "lib/MiniTemplator.class.php";
  583. $tpl = new MiniTemplator;
  584. $tpl->readTemplateFromFile("templates/resetpass_link_template.txt");
  585. $tpl->setVariable('LOGIN', $login);
  586. $tpl->setVariable('RESETPASS_LINK', $resetpass_link);
  587. $tpl->addBlock('message');
  588. $message = "";
  589. $tpl->generateOutputToString($message);
  590. $mailer = new Mailer();
  591. $rc = $mailer->mail(["to_name" => $login,
  592. "to_address" => $email,
  593. "subject" => __("[tt-rss] Password reset request"),
  594. "message" => $message]);
  595. if (!$rc) print_error($mailer->error());
  596. $resetpass_token_full = time() . ":" . $resetpass_token;
  597. $sth = $this->pdo->prepare("UPDATE ttrss_users
  598. SET resetpass_token = ?
  599. WHERE login = ? AND email = ?");
  600. $sth->execute([$resetpass_token_full, $login, $email]);
  601. //Pref_Users::resetUserPassword($id, false);
  602. print "<p>";
  603. print "<p>"."Completed."."</p>";
  604. } else {
  605. print_error("User ID not found.");
  606. }
  607. print "<form method=\"GET\" action=\"index.php\">
  608. <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
  609. </form>";
  610. } else {
  611. print_error(__("Sorry, login and email combination not found."));
  612. print "<form method=\"GET\" action=\"public.php\">
  613. <input type=\"hidden\" name=\"op\" value=\"forgotpass\">
  614. <input type=\"submit\" value=\"".__("Go back")."\">
  615. </form>";
  616. }
  617. }
  618. }
  619. print "</div>";
  620. print "</body>";
  621. print "</html>";
  622. }
  623. function dbupdate() {
  624. startup_gettext();
  625. if (!SINGLE_USER_MODE && $_SESSION["access_level"] < 10) {
  626. $_SESSION["login_error_msg"] = __("Your access level is insufficient to run this script.");
  627. render_login_form();
  628. exit;
  629. }
  630. ?><html>
  631. <head>
  632. <title>Database Updater</title>
  633. <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
  634. <link rel="stylesheet" type="text/css" href="css/default.css"/>
  635. <link rel=\"shortcut icon\" type=\"image/png\" href=\"images/favicon.png\">
  636. <link rel=\"icon\" type=\"image/png\" sizes=\"72x72\" href=\"images/favicon-72px.png\">
  637. </head>
  638. <style type="text/css">
  639. span.ok { color : #009000; font-weight : bold; }
  640. span.err { color : #ff0000; font-weight : bold; }
  641. </style>
  642. <body class="claro ttrss_utility">
  643. <script type='text/javascript'>
  644. function confirmOP() {
  645. return confirm("Update the database?");
  646. }
  647. </script>
  648. <div class="floatingLogo"><img src="images/logo_small.png"></div>
  649. <h1><?php echo __("Database Updater") ?></h1>
  650. <div class="content">
  651. <?php
  652. @$op = clean($_REQUEST["subop"]);
  653. $updater = new DbUpdater(Db::pdo(), DB_TYPE, SCHEMA_VERSION);
  654. if ($op == "performupdate") {
  655. if ($updater->isUpdateRequired()) {
  656. print "<h2>Performing updates</h2>";
  657. print "<h3>Updating to schema version " . SCHEMA_VERSION . "</h3>";
  658. print "<ul>";
  659. for ($i = $updater->getSchemaVersion() + 1; $i <= SCHEMA_VERSION; $i++) {
  660. print "<li>Performing update up to version $i...";
  661. $result = $updater->performUpdateTo($i, true);
  662. if (!$result) {
  663. print "<span class='err'>FAILED!</span></li></ul>";
  664. print_warning("One of the updates failed. Either retry the process or perform updates manually.");
  665. print "<p><form method=\"GET\" action=\"index.php\">
  666. <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
  667. </form>";
  668. return;
  669. } else {
  670. print "<span class='ok'>OK!</span></li>";
  671. }
  672. }
  673. print "</ul>";
  674. print_notice("Your Tiny Tiny RSS database is now updated to the latest version.");
  675. print "<p><form method=\"GET\" action=\"index.php\">
  676. <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
  677. </form>";
  678. } else {
  679. print "<h2>Your database is up to date.</h2>";
  680. print "<p><form method=\"GET\" action=\"index.php\">
  681. <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
  682. </form>";
  683. }
  684. } else {
  685. if ($updater->isUpdateRequired()) {
  686. print "<h2>Database update required</h2>";
  687. print_notice("<h4>".
  688. sprintf("Your Tiny Tiny RSS database needs update to the latest version: %d to %d.",
  689. $updater->getSchemaVersion(), SCHEMA_VERSION).
  690. "</h4>");
  691. print_warning("Please backup your database before proceeding.");
  692. print "<form method='POST'>
  693. <input type='hidden' name='subop' value='performupdate'>
  694. <input type='submit' onclick='return confirmOP()' value='".__("Perform updates")."'>
  695. </form>";
  696. } else {
  697. print_notice("Tiny Tiny RSS database is up to date.");
  698. print "<p><form method=\"GET\" action=\"index.php\">
  699. <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
  700. </form>";
  701. }
  702. }
  703. ?>
  704. </div>
  705. </body>
  706. </html>
  707. <?php
  708. }
  709. function cached_url() {
  710. @$req_filename = basename($_GET['hash']);
  711. // we don't need an extension to find the file, hash is a complete URL
  712. $hash = preg_replace("/\.[^\.]*$/", "", $req_filename);
  713. if ($hash) {
  714. $filename = CACHE_DIR . '/images/' . $hash;
  715. if (file_exists($filename)) {
  716. header("Content-Disposition: inline; filename=\"$req_filename\"");
  717. send_local_file($filename);
  718. } else {
  719. header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");
  720. echo "File not found.";
  721. }
  722. }
  723. }
  724. private function make_article_tag_uri($id, $timestamp) {
  725. $timestamp = date("Y-m-d", strtotime($timestamp));
  726. return "tag:" . parse_url(get_self_url_prefix(), PHP_URL_HOST) . ",$timestamp:/$id";
  727. }
  728. // this should be used very carefully because this endpoint is exposed to unauthenticated users
  729. // plugin data is not loaded because there's no user context and owner_uid/session may or may not be available
  730. // in general, don't do anything user-related in here and do not modify $_SESSION
  731. public function pluginhandler() {
  732. $host = new PluginHost();
  733. $plugin = basename(clean($_REQUEST["plugin"]));
  734. $method = clean($_REQUEST["pmethod"]);
  735. $host->load($plugin, PluginHost::KIND_USER, 0);
  736. $host->load_data();
  737. $pclass = $host->get_plugin($plugin);
  738. if ($pclass) {
  739. if (method_exists($pclass, $method)) {
  740. if ($pclass->is_public_method($method)) {
  741. $pclass->$method();
  742. } else {
  743. header("Content-Type: text/json");
  744. print error_json(6);
  745. }
  746. } else {
  747. header("Content-Type: text/json");
  748. print error_json(13);
  749. }
  750. } else {
  751. header("Content-Type: text/json");
  752. print error_json(14);
  753. }
  754. }
  755. }
  756. ?>