parent
46da73c255
commit
5f0a3741d0
62
backend.php
62
backend.php
|
@ -16,17 +16,21 @@
|
|||
$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
|
||||
}
|
||||
|
||||
function __autoload($class) {
|
||||
$file = "classes/".strtolower(basename($class)).".php";
|
||||
if (file_exists($file)) {
|
||||
require $file;
|
||||
}
|
||||
$op = $_REQUEST["op"];
|
||||
@$method = $_REQUEST['subop'] ? $_REQUEST['subop'] : $_REQUEST["method"];
|
||||
|
||||
/* Public calls compatibility shim */
|
||||
|
||||
$public_calls = array("globalUpdateFeeds", "rss", "getUnread", "getProfiles", "share",
|
||||
"fbexport", "logout", "pubsub");
|
||||
|
||||
if (array_search($op, $public_calls) !== false) {
|
||||
header("Location: public.php?" . $_SERVER['QUERY_STRING']);
|
||||
return;
|
||||
}
|
||||
|
||||
$op = $_REQUEST["op"];
|
||||
|
||||
require_once "functions.php";
|
||||
if ($op != "share") require_once "sessions.php";
|
||||
require_once "sessions.php";
|
||||
require_once "sanity_check.php";
|
||||
require_once "config.php";
|
||||
require_once "db.php";
|
||||
|
@ -40,17 +44,7 @@
|
|||
|
||||
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
|
||||
|
||||
if (!$link) {
|
||||
if (DB_TYPE == "mysql") {
|
||||
print mysql_error();
|
||||
}
|
||||
// PG seems to display its own errors just fine by default.
|
||||
return;
|
||||
}
|
||||
|
||||
init_connection($link);
|
||||
|
||||
$method = $_REQUEST['subop'] ? $_REQUEST['subop'] : $_REQUEST["method"];
|
||||
if (!init_connection($link)) return;
|
||||
|
||||
header("Content-Type: text/plain; charset=utf-8");
|
||||
|
||||
|
@ -62,15 +56,9 @@
|
|||
authenticate_user($link, "admin", null);
|
||||
}
|
||||
|
||||
$public_calls = array("globalUpdateFeeds", "rss", "getUnread", "getProfiles", "share",
|
||||
"fbexport", "logout", "pubsub");
|
||||
// TODO remove and handle within Handlers
|
||||
|
||||
if (array_search($op, $public_calls) !== false) {
|
||||
|
||||
handle_public_request($link, $op);
|
||||
return;
|
||||
|
||||
} else if (!($_SESSION["uid"] && validate_session($link))) {
|
||||
if (!($_SESSION["uid"] && validate_session($link))) {
|
||||
if ($op == 'pref-feeds' && $method == 'add') {
|
||||
header("Content-Type: text/html");
|
||||
login_sequence($link);
|
||||
|
@ -136,6 +124,13 @@
|
|||
return;
|
||||
}
|
||||
|
||||
function __autoload($class) {
|
||||
$file = "classes/".strtolower(basename($class)).".php";
|
||||
if (file_exists($file)) {
|
||||
require $file;
|
||||
}
|
||||
}
|
||||
|
||||
$op = str_replace("-", "_", $op);
|
||||
|
||||
if (class_exists($op)) {
|
||||
|
@ -154,17 +149,8 @@
|
|||
}
|
||||
}
|
||||
|
||||
switch($op) { // Select action according to $op value.
|
||||
case "pref_instances":
|
||||
require_once "modules/pref-instances.php";
|
||||
module_pref_instances($link);
|
||||
break; // pref-instances
|
||||
|
||||
default:
|
||||
header("Content-Type: text/plain");
|
||||
print json_encode(array("error" => array("code" => 7)));
|
||||
break; // fallback
|
||||
} // Select action according to $op value.
|
||||
header("Content-Type: text/plain");
|
||||
print json_encode(array("error" => array("code" => 7)));
|
||||
|
||||
// We close the connection to database.
|
||||
db_close($link);
|
||||
|
|
|
@ -0,0 +1,204 @@
|
|||
<?php
|
||||
class Pref_Instances extends Protected_Handler {
|
||||
|
||||
function before() {
|
||||
if (parent::before()) {
|
||||
if ($_SESSION["access_level"] < 10) {
|
||||
print __("Your access level is insufficient to open this tab.");
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
function remove() {
|
||||
$ids = db_escape_string($_REQUEST['ids']);
|
||||
|
||||
db_query($this->link, "DELETE FROM ttrss_linked_instances WHERE
|
||||
id IN ($ids)");
|
||||
}
|
||||
|
||||
function add() {
|
||||
$id = db_escape_string($_REQUEST["id"]);
|
||||
$access_url = db_escape_string($_REQUEST["access_url"]);
|
||||
$access_key = db_escape_string($_REQUEST["access_key"]);
|
||||
|
||||
db_query($this->link, "BEGIN");
|
||||
|
||||
$result = db_query($this->link, "SELECT id FROM ttrss_linked_instances
|
||||
WHERE access_url = '$access_url'");
|
||||
|
||||
if (db_num_rows($result) == 0) {
|
||||
db_query($this->link, "INSERT INTO ttrss_linked_instances
|
||||
(access_url, access_key, last_connected, last_status_in, last_status_out)
|
||||
VALUES
|
||||
('$access_url', '$access_key', '1970-01-01', -1, -1)");
|
||||
|
||||
}
|
||||
|
||||
db_query($this->link, "COMMIT");
|
||||
}
|
||||
|
||||
function edit() {
|
||||
$id = db_escape_string($_REQUEST["id"]);
|
||||
|
||||
$result = db_query($this->link, "SELECT * FROM ttrss_linked_instances WHERE
|
||||
id = '$id'");
|
||||
|
||||
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$id\">";
|
||||
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-instances\">";
|
||||
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"editSave\">";
|
||||
|
||||
print "<div class=\"dlgSec\">".__("Instance")."</div>";
|
||||
|
||||
print "<div class=\"dlgSecCont\">";
|
||||
|
||||
/* URL */
|
||||
|
||||
$access_url = htmlspecialchars(db_fetch_result($result, 0, "access_url"));
|
||||
|
||||
print __("URL:") . " ";
|
||||
|
||||
print "<input dojoType=\"dijit.form.ValidationTextBox\" required=\"1\"
|
||||
placeHolder=\"".__("Instance URL")."\"
|
||||
regExp='^(http|https)://.*'
|
||||
style=\"font-size : 16px; width: 20em\" name=\"access_url\"
|
||||
value=\"$access_url\">";
|
||||
|
||||
print "<hr/>";
|
||||
|
||||
$access_key = htmlspecialchars(db_fetch_result($result, 0, "access_key"));
|
||||
|
||||
/* Access key */
|
||||
|
||||
print __("Access key:") . " ";
|
||||
|
||||
print "<input dojoType=\"dijit.form.ValidationTextBox\" required=\"1\"
|
||||
placeHolder=\"".__("Access key")."\" regExp='\w{40}'
|
||||
style=\"width: 20em\" name=\"access_key\" id=\"instance_edit_key\"
|
||||
value=\"$access_key\">";
|
||||
|
||||
print "<p class='insensitive'>" . __("Use one access key for both linked instances.");
|
||||
|
||||
print "</div>";
|
||||
|
||||
print "<div class=\"dlgButtons\">
|
||||
<div style='float : left'>
|
||||
<button dojoType=\"dijit.form.Button\"
|
||||
onclick=\"return dijit.byId('instanceEditDlg').regenKey()\">".
|
||||
__('Generate new key')."</button>
|
||||
</div>
|
||||
<button dojoType=\"dijit.form.Button\"
|
||||
onclick=\"return dijit.byId('instanceEditDlg').execute()\">".
|
||||
__('Save')."</button>
|
||||
<button dojoType=\"dijit.form.Button\"
|
||||
onclick=\"return dijit.byId('instanceEditDlg').hide()\"\">".
|
||||
__('Cancel')."</button></div>";
|
||||
|
||||
}
|
||||
|
||||
function editSave() {
|
||||
$id = db_escape_string($_REQUEST["id"]);
|
||||
$access_url = db_escape_string($_REQUEST["access_url"]);
|
||||
$access_key = db_escape_string($_REQUEST["access_key"]);
|
||||
|
||||
db_query($this->link, "UPDATE ttrss_linked_instances SET
|
||||
access_key = '$access_key', access_url = '$access_url',
|
||||
last_connected = '1970-01-01'
|
||||
WHERE id = '$id'");
|
||||
|
||||
}
|
||||
|
||||
function index() {
|
||||
|
||||
if (!function_exists('curl_init')) {
|
||||
print "<div style='padding : 1em'>";
|
||||
print_error("This functionality requires CURL functions. Please enable CURL in your PHP configuration (you might also want to disable open_basedir in php.ini) and reload this page.");
|
||||
print "</div>";
|
||||
}
|
||||
|
||||
print "<div id=\"pref-instance-wrap\" dojoType=\"dijit.layout.BorderContainer\" gutters=\"false\">";
|
||||
print "<div id=\"pref-instance-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";
|
||||
|
||||
print "<div id=\"pref-instance-toolbar\" dojoType=\"dijit.Toolbar\">";
|
||||
|
||||
$sort = db_escape_string($_REQUEST["sort"]);
|
||||
|
||||
if (!$sort || $sort == "undefined") {
|
||||
$sort = "access_url";
|
||||
}
|
||||
|
||||
print "<div dojoType=\"dijit.form.DropDownButton\">".
|
||||
"<span>" . __('Select')."</span>";
|
||||
print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
|
||||
print "<div onclick=\"selectTableRows('prefInstanceList', 'all')\"
|
||||
dojoType=\"dijit.MenuItem\">".__('All')."</div>";
|
||||
print "<div onclick=\"selectTableRows('prefInstanceList', 'none')\"
|
||||
dojoType=\"dijit.MenuItem\">".__('None')."</div>";
|
||||
print "</div></div>";
|
||||
|
||||
print "<button dojoType=\"dijit.form.Button\" onclick=\"addInstance()\">".__('Link instance')."</button>";
|
||||
print "<button dojoType=\"dijit.form.Button\" onclick=\"editSelectedInstance()\">".__('Edit')."</button>";
|
||||
print "<button dojoType=\"dijit.form.Button\" onclick=\"removeSelectedInstances()\">".__('Remove')."</button>";
|
||||
|
||||
print "</div>"; #toolbar
|
||||
|
||||
$result = db_query($this->link, "SELECT *,
|
||||
(SELECT COUNT(*) FROM ttrss_linked_feeds
|
||||
WHERE instance_id = ttrss_linked_instances.id) AS num_feeds
|
||||
FROM ttrss_linked_instances
|
||||
ORDER BY $sort");
|
||||
|
||||
print "<p class=\"insensitive\" style='margin-left : 1em;'>" . __("You can connect other instances of Tiny Tiny RSS to this one to share Popular feeds. Link to this instance of Tiny Tiny RSS by using this URL:");
|
||||
|
||||
print " <a href=\"#\" onclick=\"alert('".htmlspecialchars(get_self_url_prefix())."')\">(display url)</a>";
|
||||
|
||||
print "<p><table width='100%' id='prefInstanceList' class='prefInstanceList' cellspacing='0'>";
|
||||
|
||||
print "<tr class=\"title\">
|
||||
<td align='center' width=\"5%\"> </td>
|
||||
<td width=''><a href=\"#\" onclick=\"updateInstanceList('access_url')\">".__('Instance URL')."</a></td>
|
||||
<td width='20%'><a href=\"#\" onclick=\"updateInstanceList('access_key')\">".__('Access key')."</a></td>
|
||||
<td width='10%'><a href=\"#\" onclick=\"updateUsersList('last_connected')\">".__('Last connected')."</a></td>
|
||||
<td width='10%'><a href=\"#\" onclick=\"updateUsersList('num_feeds')\">".__('Stored feeds')."</a></td>
|
||||
</tr>";
|
||||
|
||||
$lnum = 0;
|
||||
|
||||
while ($line = db_fetch_assoc($result)) {
|
||||
$class = ($lnum % 2) ? "even" : "odd";
|
||||
|
||||
$id = $line['id'];
|
||||
$this_row_id = "id=\"LIRR-$id\"";
|
||||
|
||||
$line["last_connected"] = make_local_datetime($this->link, $line["last_connected"], false);
|
||||
|
||||
print "<tr class=\"$class\" $this_row_id>";
|
||||
|
||||
print "<td align='center'><input onclick='toggleSelectRow(this);'
|
||||
type=\"checkbox\" id=\"LICHK-$id\"></td>";
|
||||
|
||||
$onclick = "onclick='editInstance($id, event)' title='".__('Click to edit')."'";
|
||||
|
||||
$access_key = mb_substr($line['access_key'], 0, 4) . '...' .
|
||||
mb_substr($line['access_key'], -4);
|
||||
|
||||
print "<td $onclick>" . htmlspecialchars($line['access_url']) . "</td>";
|
||||
print "<td $onclick>" . htmlspecialchars($access_key) . "</td>";
|
||||
print "<td $onclick>" . htmlspecialchars($line['last_connected']) . "</td>";
|
||||
print "<td $onclick>" . htmlspecialchars($line['num_feeds']) . "</td>";
|
||||
|
||||
print "</tr>";
|
||||
|
||||
++$lnum;
|
||||
}
|
||||
|
||||
print "</table>";
|
||||
|
||||
print "</div>"; #pane
|
||||
print "</div>"; #container
|
||||
|
||||
}
|
||||
}
|
||||
?>
|
|
@ -0,0 +1,210 @@
|
|||
<?php
|
||||
class Public_Handler extends Handler {
|
||||
|
||||
function getUnread() {
|
||||
$login = db_escape_string($_REQUEST["login"]);
|
||||
$fresh = $_REQUEST["fresh"] == "1";
|
||||
|
||||
$result = db_query($this->link, "SELECT id FROM ttrss_users WHERE login = '$login'");
|
||||
|
||||
if (db_num_rows($result) == 1) {
|
||||
$uid = db_fetch_result($result, 0, "id");
|
||||
|
||||
print getGlobalUnread($this->link, $uid);
|
||||
|
||||
if ($fresh) {
|
||||
print ";";
|
||||
print getFeedArticles($this->link, -3, false, true, $uid);
|
||||
}
|
||||
|
||||
} else {
|
||||
print "-1;User not found";
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
function getProfiles() {
|
||||
$login = db_escape_string($_REQUEST["login"]);
|
||||
$password = db_escape_string($_REQUEST["password"]);
|
||||
|
||||
if (authenticate_user($this->link, $login, $password)) {
|
||||
$result = db_query($this->link, "SELECT * FROM ttrss_settings_profiles
|
||||
WHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY title");
|
||||
|
||||
print "<select style='width: 100%' name='profile'>";
|
||||
|
||||
print "<option value='0'>" . __("Default profile") . "</option>";
|
||||
|
||||
while ($line = db_fetch_assoc($result)) {
|
||||
$id = $line["id"];
|
||||
$title = $line["title"];
|
||||
|
||||
print "<option value='$id'>$title</option>";
|
||||
}
|
||||
|
||||
print "</select>";
|
||||
|
||||
$_SESSION = array();
|
||||
}
|
||||
}
|
||||
|
||||
function pubsub() {
|
||||
$mode = db_escape_string($_REQUEST['hub_mode']);
|
||||
$feed_id = (int) db_escape_string($_REQUEST['id']);
|
||||
$feed_url = db_escape_string($_REQUEST['hub_topic']);
|
||||
|
||||
if (!PUBSUBHUBBUB_ENABLED) {
|
||||
header('HTTP/1.0 404 Not Found');
|
||||
echo "404 Not found";
|
||||
return;
|
||||
}
|
||||
|
||||
// TODO: implement hub_verifytoken checking
|
||||
|
||||
$result = db_query($this->link, "SELECT feed_url FROM ttrss_feeds
|
||||
WHERE id = '$feed_id'");
|
||||
|
||||
if (db_num_rows($result) != 0) {
|
||||
|
||||
$check_feed_url = db_fetch_result($result, 0, "feed_url");
|
||||
|
||||
if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) {
|
||||
if ($mode == "subscribe") {
|
||||
|
||||
db_query($this->link, "UPDATE ttrss_feeds SET pubsub_state = 2
|
||||
WHERE id = '$feed_id'");
|
||||
|
||||
print $_REQUEST['hub_challenge'];
|
||||
return;
|
||||
|
||||
} else if ($mode == "unsubscribe") {
|
||||
|
||||
db_query($this->link, "UPDATE ttrss_feeds SET pubsub_state = 0
|
||||
WHERE id = '$feed_id'");
|
||||
|
||||
print $_REQUEST['hub_challenge'];
|
||||
return;
|
||||
|
||||
} else if (!$mode) {
|
||||
|
||||
// Received update ping, schedule feed update.
|
||||
//update_rss_feed($this->link, $feed_id, true, true);
|
||||
|
||||
db_query($this->link, "UPDATE ttrss_feeds SET
|
||||
last_update_started = '1970-01-01',
|
||||
last_updated = '1970-01-01' WHERE id = '$feed_id'");
|
||||
|
||||
}
|
||||
} else {
|
||||
header('HTTP/1.0 404 Not Found');
|
||||
echo "404 Not found";
|
||||
}
|
||||
} else {
|
||||
header('HTTP/1.0 404 Not Found');
|
||||
echo "404 Not found";
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
function logout() {
|
||||
logout_user();
|
||||
header("Location: index.php");
|
||||
}
|
||||
|
||||
function fbexport() {
|
||||
|
||||
$access_key = db_escape_string($_POST["key"]);
|
||||
|
||||
// TODO: rate limit checking using last_connected
|
||||
$result = db_query($this->link, "SELECT id FROM ttrss_linked_instances
|
||||
WHERE access_key = '$access_key'");
|
||||
|
||||
if (db_num_rows($result) == 1) {
|
||||
|
||||
$instance_id = db_fetch_result($result, 0, "id");
|
||||
|
||||
$result = db_query($this->link, "SELECT feed_url, site_url, title, subscribers
|
||||
FROM ttrss_feedbrowser_cache ORDER BY subscribers DESC LIMIT 100");
|
||||
|
||||
$feeds = array();
|
||||
|
||||
while ($line = db_fetch_assoc($result)) {
|
||||
array_push($feeds, $line);
|
||||
}
|
||||
|
||||
db_query($this->link, "UPDATE ttrss_linked_instances SET
|
||||
last_status_in = 1 WHERE id = '$instance_id'");
|
||||
|
||||
print json_encode(array("feeds" => $feeds));
|
||||
} else {
|
||||
print json_encode(array("error" => array("code" => 6)));
|
||||
}
|
||||
}
|
||||
|
||||
function share() {
|
||||
$uuid = db_escape_string($_REQUEST["key"]);
|
||||
|
||||
$result = db_query($this->link, "SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
|
||||
uuid = '$uuid'");
|
||||
|
||||
if (db_num_rows($result) != 0) {
|
||||
header("Content-Type: text/html");
|
||||
|
||||
$id = db_fetch_result($result, 0, "ref_id");
|
||||
$owner_uid = db_fetch_result($result, 0, "owner_uid");
|
||||
|
||||
$_SESSION["uid"] = $owner_uid;
|
||||
$article = format_article($this->link, $id, false, true);
|
||||
$_SESSION["uid"] = "";
|
||||
|
||||
print_r($article['content']);
|
||||
|
||||
} else {
|
||||
print "Article not found.";
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
function rss() {
|
||||
header("Content-Type: text/xml; charset=utf-8");
|
||||
|
||||
$feed = db_escape_string($_REQUEST["id"]);
|
||||
$key = db_escape_string($_REQUEST["key"]);
|
||||
$is_cat = $_REQUEST["is_cat"] != false;
|
||||
$limit = (int)db_escape_string($_REQUEST["limit"]);
|
||||
|
||||
$search = db_escape_string($_REQUEST["q"]);
|
||||
$match_on = db_escape_string($_REQUEST["m"]);
|
||||
$search_mode = db_escape_string($_REQUEST["smode"]);
|
||||
$view_mode = db_escape_string($_REQUEST["view-mode"]);
|
||||
|
||||
if (SINGLE_USER_MODE) {
|
||||
authenticate_user($this->link, "admin", null);
|
||||
}
|
||||
|
||||
$owner_id = false;
|
||||
|
||||
if ($key) {
|
||||
$result = db_query($this->link, "SELECT owner_uid FROM
|
||||
ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
|
||||
|
||||
if (db_num_rows($result) == 1)
|
||||
$owner_id = db_fetch_result($result, 0, "owner_uid");
|
||||
}
|
||||
|
||||
if ($owner_id) {
|
||||
$_SESSION['uid'] = $owner_id;
|
||||
|
||||
generate_syndicated_feed($this->link, 0, $feed, $is_cat, $limit,
|
||||
$search, $search_mode, $match_on, $view_mode);
|
||||
} else {
|
||||
header('HTTP/1.1 403 Forbidden');
|
||||
}
|
||||
}
|
||||
|
||||
/* function globalUpdateFeeds() {
|
||||
// Update all feeds needing a update.
|
||||
update_daemon_common($this->link, 0, true, true);
|
||||
} */
|
||||
}
|
||||
?>
|
|
@ -9,7 +9,7 @@
|
|||
|
||||
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
|
||||
|
||||
init_connection($link);
|
||||
if (!init_connection($link)) return;
|
||||
login_sequence($link);
|
||||
|
||||
$owner_uid = $_SESSION["uid"];
|
||||
|
|
|
@ -61,7 +61,7 @@ function db_query($link, $query, $die_on_error = true) {
|
|||
if (!$result) {
|
||||
$query = htmlspecialchars($query); // just in case
|
||||
if ($die_on_error) {
|
||||
die("Query <i>$query</i> failed [$result]: " . pg_last_error($link));
|
||||
die("Query <i>$query</i> failed [$result]: " . ($link ? pg_last_error($link) : "No connection"));
|
||||
}
|
||||
}
|
||||
return $result;
|
||||
|
@ -70,7 +70,7 @@ function db_query($link, $query, $die_on_error = true) {
|
|||
if (!$result) {
|
||||
$query = htmlspecialchars($query);
|
||||
if ($die_on_error) {
|
||||
die("Query <i>$query</i> failed: " . mysql_error($link));
|
||||
die("Query <i>$query</i> failed: " . ($link ? mysql_error($link) : "No connection"));
|
||||
}
|
||||
}
|
||||
return $result;
|
||||
|
|
|
@ -5835,18 +5835,24 @@
|
|||
}
|
||||
|
||||
function init_connection($link) {
|
||||
if (DB_TYPE == "pgsql") {
|
||||
pg_query($link, "set client_encoding = 'UTF-8'");
|
||||
pg_set_client_encoding("UNICODE");
|
||||
pg_query($link, "set datestyle = 'ISO, european'");
|
||||
pg_query($link, "set TIME ZONE 0");
|
||||
} else {
|
||||
db_query($link, "SET time_zone = '+0:0'");
|
||||
if ($link) {
|
||||
|
||||
if (defined('MYSQL_CHARSET') && MYSQL_CHARSET) {
|
||||
db_query($link, "SET NAMES " . MYSQL_CHARSET);
|
||||
// db_query($link, "SET CHARACTER SET " . MYSQL_CHARSET);
|
||||
if (DB_TYPE == "pgsql") {
|
||||
pg_query($link, "set client_encoding = 'UTF-8'");
|
||||
pg_set_client_encoding("UNICODE");
|
||||
pg_query($link, "set datestyle = 'ISO, european'");
|
||||
pg_query($link, "set TIME ZONE 0");
|
||||
} else {
|
||||
db_query($link, "SET time_zone = '+0:0'");
|
||||
|
||||
if (defined('MYSQL_CHARSET') && MYSQL_CHARSET) {
|
||||
db_query($link, "SET NAMES " . MYSQL_CHARSET);
|
||||
}
|
||||
}
|
||||
return true;
|
||||
} else {
|
||||
print "Unable to connect to database:" . db_last_error();
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -7428,242 +7434,25 @@
|
|||
}
|
||||
}
|
||||
|
||||
function handle_public_request($link, $op) {
|
||||
switch ($op) {
|
||||
|
||||
case "getUnread":
|
||||
$login = db_escape_string($_REQUEST["login"]);
|
||||
$fresh = $_REQUEST["fresh"] == "1";
|
||||
|
||||
$result = db_query($link, "SELECT id FROM ttrss_users WHERE login = '$login'");
|
||||
|
||||
if (db_num_rows($result) == 1) {
|
||||
$uid = db_fetch_result($result, 0, "id");
|
||||
|
||||
print getGlobalUnread($link, $uid);
|
||||
|
||||
if ($fresh) {
|
||||
print ";";
|
||||
print getFeedArticles($link, -3, false, true, $uid);
|
||||
}
|
||||
|
||||
} else {
|
||||
print "-1;User not found";
|
||||
}
|
||||
|
||||
break; // getUnread
|
||||
|
||||
case "getProfiles":
|
||||
$login = db_escape_string($_REQUEST["login"]);
|
||||
$password = db_escape_string($_REQUEST["password"]);
|
||||
|
||||
if (authenticate_user($link, $login, $password)) {
|
||||
$result = db_query($link, "SELECT * FROM ttrss_settings_profiles
|
||||
WHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY title");
|
||||
|
||||
print "<select style='width: 100%' name='profile'>";
|
||||
|
||||
print "<option value='0'>" . __("Default profile") . "</option>";
|
||||
|
||||
while ($line = db_fetch_assoc($result)) {
|
||||
$id = $line["id"];
|
||||
$title = $line["title"];
|
||||
|
||||
print "<option value='$id'>$title</option>";
|
||||
}
|
||||
|
||||
print "</select>";
|
||||
|
||||
$_SESSION = array();
|
||||
}
|
||||
break; // getprofiles
|
||||
|
||||
case "pubsub":
|
||||
$mode = db_escape_string($_REQUEST['hub_mode']);
|
||||
$feed_id = (int) db_escape_string($_REQUEST['id']);
|
||||
$feed_url = db_escape_string($_REQUEST['hub_topic']);
|
||||
|
||||
if (!PUBSUBHUBBUB_ENABLED) {
|
||||
header('HTTP/1.0 404 Not Found');
|
||||
echo "404 Not found";
|
||||
return;
|
||||
}
|
||||
|
||||
// TODO: implement hub_verifytoken checking
|
||||
|
||||
$result = db_query($link, "SELECT feed_url FROM ttrss_feeds
|
||||
WHERE id = '$feed_id'");
|
||||
|
||||
if (db_num_rows($result) != 0) {
|
||||
|
||||
$check_feed_url = db_fetch_result($result, 0, "feed_url");
|
||||
|
||||
if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) {
|
||||
if ($mode == "subscribe") {
|
||||
|
||||
db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 2
|
||||
WHERE id = '$feed_id'");
|
||||
|
||||
print $_REQUEST['hub_challenge'];
|
||||
return;
|
||||
|
||||
} else if ($mode == "unsubscribe") {
|
||||
|
||||
db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 0
|
||||
WHERE id = '$feed_id'");
|
||||
|
||||
print $_REQUEST['hub_challenge'];
|
||||
return;
|
||||
|
||||
} else if (!$mode) {
|
||||
|
||||
// Received update ping, schedule feed update.
|
||||
//update_rss_feed($link, $feed_id, true, true);
|
||||
|
||||
db_query($link, "UPDATE ttrss_feeds SET
|
||||
last_update_started = '1970-01-01',
|
||||
last_updated = '1970-01-01' WHERE id = '$feed_id'");
|
||||
|
||||
}
|
||||
} else {
|
||||
header('HTTP/1.0 404 Not Found');
|
||||
echo "404 Not found";
|
||||
}
|
||||
} else {
|
||||
header('HTTP/1.0 404 Not Found');
|
||||
echo "404 Not found";
|
||||
}
|
||||
|
||||
break; // pubsub
|
||||
|
||||
case "logout":
|
||||
logout_user();
|
||||
header("Location: index.php");
|
||||
break; // logout
|
||||
|
||||
case "fbexport":
|
||||
|
||||
$access_key = db_escape_string($_POST["key"]);
|
||||
|
||||
// TODO: rate limit checking using last_connected
|
||||
$result = db_query($link, "SELECT id FROM ttrss_linked_instances
|
||||
WHERE access_key = '$access_key'");
|
||||
|
||||
if (db_num_rows($result) == 1) {
|
||||
|
||||
$instance_id = db_fetch_result($result, 0, "id");
|
||||
|
||||
$result = db_query($link, "SELECT feed_url, site_url, title, subscribers
|
||||
FROM ttrss_feedbrowser_cache ORDER BY subscribers DESC LIMIT 100");
|
||||
|
||||
$feeds = array();
|
||||
|
||||
while ($line = db_fetch_assoc($result)) {
|
||||
array_push($feeds, $line);
|
||||
}
|
||||
|
||||
db_query($link, "UPDATE ttrss_linked_instances SET
|
||||
last_status_in = 1 WHERE id = '$instance_id'");
|
||||
|
||||
print json_encode(array("feeds" => $feeds));
|
||||
} else {
|
||||
print json_encode(array("error" => array("code" => 6)));
|
||||
}
|
||||
break; // fbexport
|
||||
|
||||
case "share":
|
||||
$uuid = db_escape_string($_REQUEST["key"]);
|
||||
|
||||
$result = db_query($link, "SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
|
||||
uuid = '$uuid'");
|
||||
|
||||
if (db_num_rows($result) != 0) {
|
||||
header("Content-Type: text/html");
|
||||
|
||||
$id = db_fetch_result($result, 0, "ref_id");
|
||||
$owner_uid = db_fetch_result($result, 0, "owner_uid");
|
||||
|
||||
$_SESSION["uid"] = $owner_uid;
|
||||
$article = format_article($link, $id, false, true);
|
||||
$_SESSION["uid"] = "";
|
||||
|
||||
print_r($article['content']);
|
||||
|
||||
} else {
|
||||
print "Article not found.";
|
||||
}
|
||||
|
||||
break;
|
||||
|
||||
case "rss":
|
||||
$feed = db_escape_string($_REQUEST["id"]);
|
||||
$key = db_escape_string($_REQUEST["key"]);
|
||||
$is_cat = $_REQUEST["is_cat"] != false;
|
||||
$limit = (int)db_escape_string($_REQUEST["limit"]);
|
||||
|
||||
$search = db_escape_string($_REQUEST["q"]);
|
||||
$match_on = db_escape_string($_REQUEST["m"]);
|
||||
$search_mode = db_escape_string($_REQUEST["smode"]);
|
||||
$view_mode = db_escape_string($_REQUEST["view-mode"]);
|
||||
|
||||
if (SINGLE_USER_MODE) {
|
||||
authenticate_user($link, "admin", null);
|
||||
}
|
||||
|
||||
$owner_id = false;
|
||||
|
||||
if ($key) {
|
||||
$result = db_query($link, "SELECT owner_uid FROM
|
||||
ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
|
||||
|
||||
if (db_num_rows($result) == 1)
|
||||
$owner_id = db_fetch_result($result, 0, "owner_uid");
|
||||
}
|
||||
|
||||
if ($owner_id) {
|
||||
$_SESSION['uid'] = $owner_id;
|
||||
|
||||
generate_syndicated_feed($link, 0, $feed, $is_cat, $limit,
|
||||
$search, $search_mode, $match_on, $view_mode);
|
||||
} else {
|
||||
header('HTTP/1.1 403 Forbidden');
|
||||
}
|
||||
break; // rss
|
||||
|
||||
|
||||
case "globalUpdateFeeds":
|
||||
// Update all feeds needing a update.
|
||||
update_daemon_common($link, 0, true, true);
|
||||
break; // globalUpdateFeeds
|
||||
|
||||
|
||||
default:
|
||||
header("Content-Type: text/plain");
|
||||
print json_encode(array("error" => array("code" => 7)));
|
||||
break; // fallback
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
function make_feed_browser($link, $search, $limit, $mode = 1) {
|
||||
|
||||
|
||||
$owner_uid = $_SESSION["uid"];
|
||||
$rv = '';
|
||||
|
||||
|
||||
if ($search) {
|
||||
$search_qpart = "AND (UPPER(feed_url) LIKE UPPER('%$search%') OR
|
||||
UPPER(title) LIKE UPPER('%$search%'))";
|
||||
} else {
|
||||
$search_qpart = "";
|
||||
}
|
||||
|
||||
|
||||
if ($mode == 1) {
|
||||
/* $result = db_query($link, "SELECT feed_url, subscribers FROM
|
||||
ttrss_feedbrowser_cache WHERE (SELECT COUNT(id) = 0 FROM ttrss_feeds AS tf
|
||||
WHERE tf.feed_url = ttrss_feedbrowser_cache.feed_url
|
||||
AND owner_uid = '$owner_uid') $search_qpart
|
||||
ORDER BY subscribers DESC LIMIT $limit"); */
|
||||
|
||||
|
||||
$result = db_query($link, "SELECT feed_url, site_url, title, SUM(subscribers) AS subscribers FROM
|
||||
(SELECT feed_url, site_url, title, subscribers FROM ttrss_feedbrowser_cache UNION ALL
|
||||
SELECT feed_url, site_url, title, subscribers FROM ttrss_linked_feeds) AS qqq
|
||||
|
@ -7672,7 +7461,7 @@
|
|||
WHERE tf.feed_url = qqq.feed_url
|
||||
AND owner_uid = '$owner_uid') $search_qpart
|
||||
GROUP BY feed_url, site_url, title ORDER BY subscribers DESC LIMIT $limit");
|
||||
|
||||
|
||||
} else if ($mode == 2) {
|
||||
$result = db_query($link, "SELECT *,
|
||||
(SELECT COUNT(*) FROM ttrss_user_entries WHERE
|
||||
|
@ -7686,74 +7475,74 @@
|
|||
owner_uid = '$owner_uid' $search_qpart
|
||||
ORDER BY id DESC LIMIT $limit");
|
||||
}
|
||||
|
||||
|
||||
$feedctr = 0;
|
||||
|
||||
|
||||
while ($line = db_fetch_assoc($result)) {
|
||||
|
||||
|
||||
if ($mode == 1) {
|
||||
|
||||
|
||||
$feed_url = htmlspecialchars($line["feed_url"]);
|
||||
$site_url = htmlspecialchars($line["site_url"]);
|
||||
$subscribers = $line["subscribers"];
|
||||
|
||||
|
||||
$check_box = "<input onclick='toggleSelectListRow2(this)'
|
||||
dojoType=\"dijit.form.CheckBox\"
|
||||
type=\"checkbox\" \">";
|
||||
|
||||
|
||||
$class = ($feedctr % 2) ? "even" : "odd";
|
||||
|
||||
|
||||
$site_url = "<a target=\"_blank\"
|
||||
href=\"$site_url\">
|
||||
<span class=\"fb_feedTitle\">".
|
||||
htmlspecialchars($line["title"])."</span></a>";
|
||||
|
||||
|
||||
$feed_url = "<a target=\"_blank\" class=\"fb_feedUrl\"
|
||||
href=\"$feed_url\"><img src='images/feed-icon-12x12.png'
|
||||
style='vertical-align : middle'></a>";
|
||||
|
||||
|
||||
$rv .= "<li>$check_box $feed_url $site_url".
|
||||
" <span class='subscribers'>($subscribers)</span></li>";
|
||||
|
||||
|
||||
} else if ($mode == 2) {
|
||||
$feed_url = htmlspecialchars($line["feed_url"]);
|
||||
$site_url = htmlspecialchars($line["site_url"]);
|
||||
$title = htmlspecialchars($line["title"]);
|
||||
|
||||
|
||||
$check_box = "<input onclick='toggleSelectListRow2(this)' dojoType=\"dijit.form.CheckBox\"
|
||||
type=\"checkbox\">";
|
||||
|
||||
|
||||
$class = ($feedctr % 2) ? "even" : "odd";
|
||||
|
||||
|
||||
if ($line['articles_archived'] > 0) {
|
||||
$archived = sprintf(__("%d archived articles"), $line['articles_archived']);
|
||||
$archived = " <span class='subscribers'>($archived)</span>";
|
||||
} else {
|
||||
$archived = '';
|
||||
}
|
||||
|
||||
|
||||
$site_url = "<a target=\"_blank\"
|
||||
href=\"$site_url\">
|
||||
<span class=\"fb_feedTitle\">".
|
||||
htmlspecialchars($line["title"])."</span></a>";
|
||||
|
||||
|
||||
$feed_url = "<a target=\"_blank\" class=\"fb_feedUrl\"
|
||||
href=\"$feed_url\"><img src='images/feed-icon-12x12.png'
|
||||
style='vertical-align : middle'></a>";
|
||||
|
||||
|
||||
|
||||
|
||||
$rv .= "<li id=\"FBROW-".$line["id"]."\">".
|
||||
"$check_box $feed_url $site_url $archived</li>";
|
||||
}
|
||||
|
||||
|
||||
++$feedctr;
|
||||
}
|
||||
|
||||
|
||||
if ($feedctr == 0) {
|
||||
$rv .= "<li style=\"text-align : center\"><p>".__('No feeds found.')."</p></li>";
|
||||
}
|
||||
|
||||
|
||||
return $rv;
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
|
||||
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
|
||||
|
||||
init_connection($link);
|
||||
if (!init_connection($link)) return;
|
||||
|
||||
login_sequence($link);
|
||||
|
||||
|
|
2
opml.php
2
opml.php
|
@ -10,7 +10,7 @@
|
|||
|
||||
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
|
||||
|
||||
init_connection($link);
|
||||
if (!init_connection($link)) return;
|
||||
|
||||
function opml_export($link, $name, $owner_uid, $hide_private_feeds=false, $include_settings=true) {
|
||||
if (!$_REQUEST["debug"]) {
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
|
||||
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
|
||||
|
||||
init_connection($link);
|
||||
if (!init_connection($link)) return;
|
||||
|
||||
login_sequence($link);
|
||||
|
||||
|
|
49
public.php
49
public.php
|
@ -16,10 +16,8 @@
|
|||
$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
|
||||
}
|
||||
|
||||
$op = $_REQUEST["op"];
|
||||
|
||||
require_once "functions.php";
|
||||
if ($op != "share") require_once "sessions.php";
|
||||
require_once "sessions.php";
|
||||
require_once "sanity_check.php";
|
||||
require_once "config.php";
|
||||
require_once "db.php";
|
||||
|
@ -33,30 +31,37 @@
|
|||
|
||||
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
|
||||
|
||||
if (!$link) {
|
||||
if (DB_TYPE == "mysql") {
|
||||
print mysql_error();
|
||||
}
|
||||
// PG seems to display its own errors just fine by default.
|
||||
return;
|
||||
}
|
||||
|
||||
init_connection($link);
|
||||
|
||||
$method = $_REQUEST["method"];
|
||||
$mode = $_REQUEST["mode"];
|
||||
|
||||
if ((!$op || $op == "rss" || $op == "dlg") && !$_REQUEST["noxml"]) {
|
||||
header("Content-Type: application/xml; charset=utf-8");
|
||||
} else {
|
||||
header("Content-Type: text/plain; charset=utf-8");
|
||||
}
|
||||
if (!init_connection($link)) return;
|
||||
|
||||
if (ENABLE_GZIP_OUTPUT) {
|
||||
ob_start("ob_gzhandler");
|
||||
}
|
||||
|
||||
handle_public_request($link, $op);
|
||||
function __autoload($class) {
|
||||
$file = "classes/".strtolower(basename($class)).".php";
|
||||
if (file_exists($file)) {
|
||||
require $file;
|
||||
}
|
||||
}
|
||||
|
||||
$method = $_REQUEST["op"];
|
||||
|
||||
$handler = new Public_Handler($link, $_REQUEST);
|
||||
|
||||
if ($handler) {
|
||||
if ($handler->before()) {
|
||||
if ($method && method_exists($handler, $method)) {
|
||||
$handler->$method();
|
||||
} else if (method_exists($handler, 'index')) {
|
||||
$handler->index();
|
||||
}
|
||||
$handler->after();
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
header("Content-Type: text/plain");
|
||||
print json_encode(array("error" => array("code" => 7)));
|
||||
|
||||
// We close the connection to database.
|
||||
db_close($link);
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
|
||||
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
|
||||
|
||||
init_connection($link);
|
||||
if (!init_connection($link)) return;
|
||||
|
||||
if ($_REQUEST["format"] == "feed") {
|
||||
header("Content-Type: text/xml");
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
|
||||
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
|
||||
|
||||
init_connection($link);
|
||||
if (!init_connection($link)) return;
|
||||
login_sequence($link);
|
||||
|
||||
$owner_uid = $_SESSION["uid"];
|
||||
|
|
|
@ -47,14 +47,6 @@
|
|||
// Create a database connection.
|
||||
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
|
||||
|
||||
if (!$link) {
|
||||
if (DB_TYPE == "mysql") {
|
||||
print mysql_error();
|
||||
}
|
||||
// PG seems to display its own errors just fine by default.
|
||||
return;
|
||||
}
|
||||
|
||||
init_connection($link);
|
||||
|
||||
if ($op == "-feeds") {
|
||||
|
|
|
@ -133,13 +133,7 @@
|
|||
// It is unnecessary to start the fork loop if database is not ok.
|
||||
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
|
||||
|
||||
if (!$link) {
|
||||
if (DB_TYPE == "mysql") {
|
||||
print mysql_error();
|
||||
}
|
||||
// PG seems to display its own errors just fine by default.
|
||||
return;
|
||||
}
|
||||
if (!init_connection($link)) return;
|
||||
|
||||
db_close($link);
|
||||
|
||||
|
@ -190,15 +184,7 @@
|
|||
|
||||
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
|
||||
|
||||
if (!$link) {
|
||||
if (DB_TYPE == "mysql") {
|
||||
print mysql_error();
|
||||
}
|
||||
// PG seems to display its own errors just fine by default.
|
||||
return;
|
||||
}
|
||||
|
||||
init_connection($link);
|
||||
if (!init_connection($link)) return;
|
||||
|
||||
// We disable stamp file, since it is of no use in a multiprocess update.
|
||||
// not really, tho for the time being -fox
|
||||
|
|
Loading…
Reference in New Issue