From 97acbaf190ff84b4cc5b01192f14d9ee384d6327 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@fakecake.org>
Date: Mon, 10 Sep 2012 19:01:06 +0400
Subject: [PATCH] login system fixes remove old-style session checking from
 backend.php move outside subscription endpoint to public.php, change
 subscription bookmarklet

---
 backend.php                |   8 +-
 classes/handler.php        |   1 +
 classes/handler/public.php | 252 ++++++++++++++++++++++++++++++++++---
 classes/pref/feeds.php     | 105 ----------------
 include/functions.php      |  43 +++++--
 include/login_form.php     |  34 +++--
 mobile/login_form.php      |   6 +-
 7 files changed, 299 insertions(+), 150 deletions(-)

diff --git a/backend.php b/backend.php
index 8e6ff6ced..87b0945b1 100644
--- a/backend.php
+++ b/backend.php
@@ -65,7 +65,7 @@
 
 	// TODO remove and handle within Handlers
 
-	if (!($_SESSION["uid"] && validate_session($link))) {
+	/* if (!($_SESSION["uid"] && validate_session($link))) {
 		if ($op == 'pref-feeds' && $method == 'add') {
 			header("Content-Type: text/html");
 			login_sequence($link);
@@ -75,7 +75,7 @@
 			print json_encode(array("error" => array("code" => 6)));
 		}
 		return;
-	}
+	} */
 
 	$purge_intervals = array(
 		0  => __("Use default"),
@@ -143,6 +143,10 @@
 					}
 					$handler->after();
 					return;
+				} else {
+					header("Content-Type: text/plain");
+					print json_encode(array("error" => array("code" => 6)));
+					return;
 				}
 			} else {
 				header("Content-Type: text/plain");
diff --git a/classes/handler.php b/classes/handler.php
index 9d6c99e0d..e00b36aa3 100644
--- a/classes/handler.php
+++ b/classes/handler.php
@@ -19,5 +19,6 @@ class Handler {
 	function after() {
 		return true;
 	}
+
 }
 ?>
diff --git a/classes/handler/public.php b/classes/handler/public.php
index aff04597d..c06121d02 100644
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -195,27 +195,22 @@ class Handler_Public extends Handler {
 
 	function getProfiles() {
 		$login = db_escape_string($_REQUEST["login"]);
-		$password = db_escape_string($_REQUEST["password"]);
 
-		if (authenticate_user($this->link, $login, $password)) {
-			$result = db_query($this->link, "SELECT * FROM ttrss_settings_profiles
-				WHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY title");
+		$result = db_query($this->link, "SELECT * FROM ttrss_settings_profiles,ttrss_users
+			WHERE ttrss_users.id = ttrss_settings_profiles.owner_uid AND login = '$login' ORDER BY title");
 
-			print "<select style='width: 100%' name='profile'>";
+		print "<select style='width: 100%' name='profile'>";
 
-			print "<option value='0'>" . __("Default profile") . "</option>";
+		print "<option value='0'>" . __("Default profile") . "</option>";
 
-			while ($line = db_fetch_assoc($result)) {
-				$id = $line["id"];
-				$title = $line["title"];
+		while ($line = db_fetch_assoc($result)) {
+			$id = $line["id"];
+			$title = $line["title"];
 
-				print "<option value='$id'>$title</option>";
-			}
-
-			print "</select>";
-
-			$_SESSION = array();
+			print "<option value='$id'>$title</option>";
 		}
+
+		print "</select>";
 	}
 
 	function pubsub() {
@@ -447,5 +442,232 @@ class Handler_Public extends Handler {
 		}
 	}
 
+	function login() {
+
+		print_r($_REQUEST);
+
+		$_SESSION["prefs_cache"] = array();
+
+		if (!SINGLE_USER_MODE) {
+
+			$login = db_escape_string($_POST["login"]);
+			$password = $_POST["password"];
+			$remember_me = $_POST["remember_me"];
+
+			if (authenticate_user($this->link, $login, $password)) {
+				$_POST["password"] = "";
+
+				$_SESSION["language"] = $_POST["language"];
+				$_SESSION["ref_schema_version"] = get_schema_version($this->link, true);
+				$_SESSION["bw_limit"] = !!$_POST["bw_limit"];
+
+				if ($_POST["profile"]) {
+
+					$profile = db_escape_string($_POST["profile"]);
+
+					$result = db_query($this->link, "SELECT id FROM ttrss_settings_profiles
+						WHERE id = '$profile' AND owner_uid = " . $_SESSION["uid"]);
+
+					if (db_num_rows($result) != 0) {
+						$_SESSION["profile"] = $profile;
+						$_SESSION["prefs_cache"] = array();
+					}
+				}
+			} else {
+				$_SESSION["login_error_msg"] = __("Incorrect username or password");
+			}
+
+			if ($_REQUEST['return']) {
+				header("Location: " . $_REQUEST['return']);
+			} else {
+				header("Location: " . SELF_URL_PATH);
+			}
+		}
+	}
+
+	function subscribe() {
+		if ($_SESSION["uid"]) {
+
+			$feed_url = db_escape_string(trim($_REQUEST["feed_url"]));
+
+			header('Content-Type: text/html; charset=utf-8');
+			print "<html>
+				<head>
+					<title>Tiny Tiny RSS</title>
+					<link rel=\"stylesheet\" type=\"text/css\" href=\"utility.css\">
+					<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
+				</head>
+				<body>
+				<img class=\"floatingLogo\" src=\"images/logo_wide.png\"
+			  		alt=\"Tiny Tiny RSS\"/>
+					<h1>".__("Subscribe to feed...")."</h1>";
+
+			$rc = subscribe_to_feed($this->link, $feed_url);
+
+			switch ($rc['code']) {
+			case 0:
+				print_warning(T_sprintf("Already subscribed to <b>%s</b>.", $feed_url));
+				break;
+			case 1:
+				print_notice(T_sprintf("Subscribed to <b>%s</b>.", $feed_url));
+				break;
+			case 2:
+				print_error(T_sprintf("Could not subscribe to <b>%s</b>.", $feed_url));
+				break;
+			case 3:
+				print_error(T_sprintf("No feeds found in <b>%s</b>.", $feed_url));
+				break;
+			case 4:
+				print_notice(__("Multiple feed URLs found."));
+				$feed_urls = get_feeds_from_html($feed_url);
+				break;
+			case 5:
+				print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url));
+				break;
+			}
+
+			if ($feed_urls) {
+
+				print "<form action=\"public.php\">";
+				print "<input type=\"hidden\" name=\"op\" value=\"subscribe\">";
+
+				print "<select name=\"feed_url\">";
+
+				foreach ($feed_urls as $url => $name) {
+					$url = htmlspecialchars($url);
+					$name = htmlspecialchars($name);
+
+					print "<option value=\"$url\">$name</option>";
+				}
+
+				print "<input type=\"submit\" value=\"".__("Subscribe to selected feed").
+					"\">";
+
+				print "</form>";
+			}
+
+			$tp_uri = get_self_url_prefix() . "/prefs.php";
+			$tt_uri = get_self_url_prefix();
+
+			if ($rc['code'] <= 2){
+				$result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE
+					feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
+
+				$feed_id = db_fetch_result($result, 0, "id");
+			} else {
+				$feed_id = 0;
+			}
+			print "<p>";
+
+			if ($feed_id) {
+				print "<form method=\"GET\" style='display: inline'
+					action=\"$tp_uri\">
+					<input type=\"hidden\" name=\"tab\" value=\"feedConfig\">
+					<input type=\"hidden\" name=\"method\" value=\"editFeed\">
+					<input type=\"hidden\" name=\"methodparam\" value=\"$feed_id\">
+					<input type=\"submit\" value=\"".__("Edit subscription options")."\">
+					</form>";
+			}
+
+			print "<form style='display: inline' method=\"GET\" action=\"$tt_uri\">
+				<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
+				</form></p>";
+
+			print "</body></html>";
+
+		} else {
+			render_login_form($this->link);
+		}
+	}
+
+	function subscribe2() {
+		$feed_url = db_escape_string(trim($_REQUEST["feed_url"]));
+		$cat_id = db_escape_string($_REQUEST["cat_id"]);
+		$from = db_escape_string($_REQUEST["from"]);
+
+		/* only read authentication information from POST */
+
+		$auth_login = db_escape_string(trim($_POST["auth_login"]));
+		$auth_pass = db_escape_string(trim($_POST["auth_pass"]));
+
+		$rc = subscribe_to_feed($this->link, $feed_url, $cat_id, $auth_login, $auth_pass);
+
+		switch ($rc) {
+		case 1:
+			print_notice(T_sprintf("Subscribed to <b>%s</b>.", $feed_url));
+			break;
+		case 2:
+			print_error(T_sprintf("Could not subscribe to <b>%s</b>.", $feed_url));
+			break;
+		case 3:
+			print_error(T_sprintf("No feeds found in <b>%s</b>.", $feed_url));
+			break;
+		case 0:
+			print_warning(T_sprintf("Already subscribed to <b>%s</b>.", $feed_url));
+			break;
+		case 4:
+			print_notice(__("Multiple feed URLs found."));
+
+			$feed_urls = get_feeds_from_html($feed_url);
+			break;
+		case 5:
+			print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url));
+			break;
+		}
+
+		if ($feed_urls) {
+			print "<form action=\"backend.php\">";
+			print "<input type=\"hidden\" name=\"op\" value=\"pref-feeds\">";
+			print "<input type=\"hidden\" name=\"quiet\" value=\"1\">";
+			print "<input type=\"hidden\" name=\"method\" value=\"add\">";
+
+			print "<select name=\"feed_url\">";
+
+			foreach ($feed_urls as $url => $name) {
+				$url = htmlspecialchars($url);
+				$name = htmlspecialchars($name);
+				print "<option value=\"$url\">$name</option>";
+			}
+
+			print "<input type=\"submit\" value=\"".__("Subscribe to selected feed")."\">";
+			print "</form>";
+		}
+
+		$tp_uri = get_self_url_prefix() . "/prefs.php";
+		$tt_uri = get_self_url_prefix();
+
+		if ($rc <= 2){
+			$result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE
+				feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
+
+			$feed_id = db_fetch_result($result, 0, "id");
+		} else {
+			$feed_id = 0;
+		}
+
+		print "<p>";
+
+		if ($feed_id) {
+			print "<form method=\"GET\" style='display: inline'
+				action=\"$tp_uri\">
+				<input type=\"hidden\" name=\"tab\" value=\"feedConfig\">
+				<input type=\"hidden\" name=\"method\" value=\"editFeed\">
+				<input type=\"hidden\" name=\"methodparam\" value=\"$feed_id\">
+				<input type=\"submit\" value=\"".__("Edit subscription options")."\">
+				</form>";
+		}
+
+		print "<form style='display: inline' method=\"GET\" action=\"$tt_uri\">
+			<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
+			</form></p>";
+
+		print "</body></html>";
+	}
+
+	function index() {
+		header("Content-Type: text/plain");
+		print json_encode(array("error" => array("code" => 7)));
+	}
+
 }
 ?>
diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php
index d6bb94ebe..a1177f2dd 100644
--- a/classes/pref/feeds.php
+++ b/classes/pref/feeds.php
@@ -1168,111 +1168,6 @@ class Pref_Feeds extends Handler_Protected {
 
 	}
 
-	function add() {
-		$feed_url = db_escape_string(trim($_REQUEST["feed_url"]));
-		$cat_id = db_escape_string($_REQUEST["cat_id"]);
-		$p_from = db_escape_string($_REQUEST["from"]);
-
-		/* only read authentication information from POST */
-
-		$auth_login = db_escape_string(trim($_POST["auth_login"]));
-		$auth_pass = db_escape_string(trim($_POST["auth_pass"]));
-
-		if ($p_from != 'tt-rss') {
-			header('Content-Type: text/html; charset=utf-8');
-			print "<html>
-				<head>
-					<title>Tiny Tiny RSS</title>
-					<link rel=\"stylesheet\" type=\"text/css\" href=\"utility.css\">
-					<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
-				</head>
-				<body>
-				<img class=\"floatingLogo\" src=\"images/logo_wide.png\"
-			  		alt=\"Tiny Tiny RSS\"/>
-				<h1>Subscribe to feed...</h1>";
-		}
-
-		$rc = subscribe_to_feed($this->link, $feed_url, $cat_id, $auth_login, $auth_pass);
-
-		switch ($rc) {
-		case 1:
-			print_notice(T_sprintf("Subscribed to <b>%s</b>.", $feed_url));
-			break;
-		case 2:
-			print_error(T_sprintf("Could not subscribe to <b>%s</b>.", $feed_url));
-			break;
-		case 3:
-			print_error(T_sprintf("No feeds found in <b>%s</b>.", $feed_url));
-			break;
-		case 0:
-			print_warning(T_sprintf("Already subscribed to <b>%s</b>.", $feed_url));
-			break;
-		case 4:
-			print_notice(__("Multiple feed URLs found."));
-
-			$feed_urls = get_feeds_from_html($feed_url);
-			break;
-		case 5:
-			print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url));
-			break;
-		}
-
-		if ($p_from != 'tt-rss') {
-
-			if ($feed_urls) {
-
-				print "<form action=\"backend.php\">";
-				print "<input type=\"hidden\" name=\"op\" value=\"pref-feeds\">";
-				print "<input type=\"hidden\" name=\"quiet\" value=\"1\">";
-				print "<input type=\"hidden\" name=\"method\" value=\"add\">";
-
-				print "<select name=\"feed_url\">";
-
-				foreach ($feed_urls as $url => $name) {
-					$url = htmlspecialchars($url);
-					$name = htmlspecialchars($name);
-
-					print "<option value=\"$url\">$name</option>";
-				}
-
-				print "<input type=\"submit\" value=\"".__("Subscribe to selected feed").
-					"\">";
-
-				print "</form>";
-			}
-
-			$tp_uri = get_self_url_prefix() . "/prefs.php";
-			$tt_uri = get_self_url_prefix();
-
-			if ($rc <= 2){
-				$result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE
-					feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
-
-				$feed_id = db_fetch_result($result, 0, "id");
-			} else {
-				$feed_id = 0;
-			}
-			print "<p>";
-
-			if ($feed_id) {
-				print "<form method=\"GET\" style='display: inline'
-					action=\"$tp_uri\">
-					<input type=\"hidden\" name=\"tab\" value=\"feedConfig\">
-					<input type=\"hidden\" name=\"method\" value=\"editFeed\">
-					<input type=\"hidden\" name=\"methodparam\" value=\"$feed_id\">
-					<input type=\"submit\" value=\"".__("Edit subscription options")."\">
-					</form>";
-			}
-
-			print "<form style='display: inline' method=\"GET\" action=\"$tt_uri\">
-				<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
-				</form></p>";
-
-			print "</body></html>";
-			return;
-		}
-	}
-
 	function categorize() {
 		$ids = split(",", db_escape_string($_REQUEST["ids"]));
 
diff --git a/include/functions.php b/include/functions.php
index 729cb2625..73c2f6d50 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -815,7 +815,35 @@
 		return true;
 	}
 
-	function login_sequence($link, $mobile = false) {
+	function login_sequence($link, $login_form = 0) {
+		if (SINGLE_USER_MODE) {
+			return authenticate_user($link, "admin", null);
+		} else {
+			if (!$_SESSION["uid"] || !validate_session($link)) {
+
+				if (AUTH_AUTO_LOGIN && authenticate_user($link, null, null)) {
+				    $_SESSION["ref_schema_version"] = get_schema_version($link, true);
+				} else {
+					 authenticate_user($link, null, null, true);
+				}
+
+				if (!$_SESSION["uid"]) render_login_form($link, $login_form);
+
+			} else {
+				/* bump login timestamp */
+				db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " .
+					$_SESSION["uid"]);
+
+				if ($_SESSION["language"] && SESSION_COOKIE_LIFETIME > 0) {
+					setcookie("ttrss_lang", $_SESSION["language"],
+						time() + SESSION_COOKIE_LIFETIME);
+				}
+			}
+		}
+	}
+
+
+	/* function login_sequence($link, $mobile = false) {
 		$_SESSION["prefs_cache"] = array();
 
 		if (!SINGLE_USER_MODE) {
@@ -872,7 +900,7 @@
 				    exit;
 				}
 			} else {
-				/* bump login timestamp */
+				// bump login timestamp
 				db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " .
 					$_SESSION["uid"]);
 
@@ -888,7 +916,7 @@
 		} else {
 			return authenticate_user($link, "admin", null);
 		}
-	}
+	} */
 
 	function truncate_string($str, $max_len, $suffix = '&hellip;') {
 		if (mb_strlen($str, "utf-8") > $max_len - 3) {
@@ -3148,17 +3176,16 @@
 		return true;
 	}
 
-	function render_login_form($link, $mobile = 0) {
-		switch ($mobile) {
+	function render_login_form($link, $form_id = 0) {
+		switch ($form_id) {
 		case 0:
 			require_once "login_form.php";
 			break;
 		case 1:
 			require_once "mobile/login_form.php";
 			break;
-		case 2:
-			require_once "mobile/classic/login_form.php";
 		}
+		exit;
 	}
 
 	// from http://developer.apple.com/internet/safari/faq.html
@@ -3588,7 +3615,7 @@
 		//$url_path = ($_SERVER['HTTPS'] != "on" ? 'http://' :  'https://') . $_SERVER["HTTP_HOST"] . parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH);
 
 		$url_path = get_self_url_prefix() .
-			"/backend.php?op=pref-feeds&quiet=1&method=add&feed_url=%s";
+			"/public.php?op=subscribe&feed_url=%s";
 		return $url_path;
 	} // function add_feed_url
 
diff --git a/include/login_form.php b/include/login_form.php
index abe73f847..5060f8c11 100644
--- a/include/login_form.php
+++ b/include/login_form.php
@@ -32,21 +32,22 @@ function init() {
 	}
 
 	document.forms["loginForm"].login.focus();
+
+	fetchProfiles();
 }
 
 function fetchProfiles() {
 	try {
-		var params = Form.serialize('loginForm');
-		var query = "?op=getProfiles&" + params;
+		var query = "?op=getProfiles&login=" + param_escape(document.forms["loginForm"].login.value);
 
 		if (query) {
 			new Ajax.Request("public.php",	{
 				parameters: query,
-					onComplete: function(transport) {
-						if (transport.responseText.match("select")) {
-							$('profile_box').innerHTML = transport.responseText;
-						}
-				} });
+				onComplete: function(transport) {
+					if (transport.responseText.match("select")) {
+						$('profile_box').innerHTML = transport.responseText;
+					}
+			} });
 		}
 
 	} catch (e) {
@@ -113,8 +114,12 @@ function validateLoginForm(f) {
 	});
 </script>
 
-<form action="" method="POST" id="loginForm" name="loginForm" onsubmit="return validateLoginForm(this)">
-<input type="hidden" name="login_action" value="do_login">
+<?php $return = urlencode($_SERVER["REQUEST_URI"]) ?>
+
+<form action="public.php?return=<?php echo $return ?>"
+	method="POST" id="loginForm" name="loginForm" onsubmit="return validateLoginForm(this)">
+
+<input type="hidden" name="op" value="login">
 
 <table class="loginForm2">
 <tr>
@@ -130,11 +135,10 @@ function validateLoginForm(f) {
 		<table>
 			<tr><td align="right"><?php echo __("Login:") ?></td>
 			<td align="right"><input name="login"
-				onchange="fetchProfiles()" onfocus="fetchProfiles()"
+				onchange="fetchProfiles()" onfocus="fetchProfiles()" onblur="fetchProfiles()"
 				value="<?php echo $_SESSION["fake_login"] ?>"></td></tr>
 			<tr><td align="right"><?php echo __("Password:") ?></td>
 			<td align="right"><input type="password" name="password"
-				onchange="fetchProfiles()" onfocus="fetchProfiles()"
 				value="<?php echo $_SESSION["fake_password"] ?>"></td></tr>
 			<tr><td align="right"><?php echo __("Language:") ?></td>
 			<td align="right">
@@ -151,11 +155,6 @@ function validateLoginForm(f) {
 				<option><?php echo __("Default profile") ?></option></select>
 			</td></tr>
 
-			<!-- <tr><td colspan="2">
-				<input type="checkbox" name="remember_me" id="remember_me">
-				<label for="remember_me">Remember me on this computer</label>
-			</td></tr> -->
-
 			<tr><td colspan="2" align="right" class="innerLoginCell">
 
 			<button type="submit" name='click'><?php echo __('Log in') ?></button>
@@ -164,9 +163,6 @@ function validateLoginForm(f) {
 					<?php echo __("Create new account") ?></button>
 			<?php } ?>
 
-				<input type="hidden" name="action" value="login">
-				<input type="hidden" name="rt"
-					value="<?php if ($return_to != 'none') { echo $return_to; } ?>">
 			</td></tr>
 
 			<tr><td colspan="2" align="right" class="innerLoginCell">
diff --git a/mobile/login_form.php b/mobile/login_form.php
index ad5e35cea..48f7cc5ad 100644
--- a/mobile/login_form.php
+++ b/mobile/login_form.php
@@ -28,7 +28,11 @@ function do_login() {
         <a class="button blueButton" onclick='do_login()'><?php echo __('Log in') ?></a>
     </div>
 
-	<form target="_self" title="Login" action="index.php" id="login" class="panel" method="post" name="login" selected="true">
+	<form target="_self" title="Login" id="login" class="panel" name="login" selected="true"
+		action="../public.php?return=<?php echo htmlspecialchars($_SERVER["REQUEST_URI"]) ?>"
+		method="post">
+
+	<input type="hidden" name="op" value="login">
 
 	<fieldset>