";
@$method = clean($_POST['method']);
if ($hash) {
$login = clean($_REQUEST["login"]);
if ($login) {
$sth = $this->pdo->prepare("SELECT id, resetpass_token FROM ttrss_users
WHERE LOWER(login) = LOWER(?)");
$sth->execute([$login]);
if ($row = $sth->fetch()) {
$id = $row["id"];
$resetpass_token_full = $row["resetpass_token"];
list($timestamp, $resetpass_token) = explode(":", $resetpass_token_full);
if ($timestamp && $resetpass_token &&
$timestamp >= time() - 15*60*60 &&
$resetpass_token === $hash) {
$sth = $this->pdo->prepare("UPDATE ttrss_users SET resetpass_token = NULL
WHERE id = ?");
$sth->execute([$id]);
Pref_Users::resetUserPassword($id, true);
print "
"."Completed."."
";
} else {
print_error("Some of the information provided is missing or incorrect.");
}
} else {
print_error("Some of the information provided is missing or incorrect.");
}
} else {
print_error("Some of the information provided is missing or incorrect.");
}
print "".__("Return to Tiny Tiny RSS")."";
} else if (!$method) {
print_notice(__("You will need to provide valid account name and email. Password reset link will be sent to your email address."));
print "";
} else if ($method == 'do') {
$login = clean($_POST["login"]);
$email = clean($_POST["email"]);
$test = clean($_POST["test"]);
if ($test != ($_SESSION["pwdreset:testvalue1"] + $_SESSION["pwdreset:testvalue2"]) || !$email || !$login) {
print_error(__('Some of the required form parameters are missing or incorrect.'));
print "";
} else {
// prevent submitting this form multiple times
$_SESSION["pwdreset:testvalue1"] = rand(1, 1000);
$_SESSION["pwdreset:testvalue2"] = rand(1, 1000);
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users
WHERE LOWER(login) = LOWER(?) AND email = ?");
$sth->execute([$login, $email]);
if ($row = $sth->fetch()) {
print_notice("Password reset instructions are being sent to your email address.");
$id = $row["id"];
if ($id) {
$resetpass_token = sha1(get_random_bytes(128));
$resetpass_link = get_self_url_prefix() . "/public.php?op=forgotpass&hash=" . $resetpass_token .
"&login=" . urlencode($login);
$tpl = new Templator();
$tpl->readTemplateFromFile("resetpass_link_template.txt");
$tpl->setVariable('LOGIN', $login);
$tpl->setVariable('RESETPASS_LINK', $resetpass_link);
$tpl->setVariable('TTRSS_HOST', SELF_URL_PATH);
$tpl->addBlock('message');
$message = "";
$tpl->generateOutputToString($message);
$mailer = new Mailer();
$rc = $mailer->mail(["to_name" => $login,
"to_address" => $email,
"subject" => __("[tt-rss] Password reset request"),
"message" => $message]);
if (!$rc) print_error($mailer->error());
$resetpass_token_full = time() . ":" . $resetpass_token;
$sth = $this->pdo->prepare("UPDATE ttrss_users
SET resetpass_token = ?
WHERE LOWER(login) = LOWER(?) AND email = ?");
$sth->execute([$resetpass_token_full, $login, $email]);
} else {
print_error("User ID not found.");
}
print "".__("Return to Tiny Tiny RSS")."";
} else {
print_error(__("Sorry, login and email combination not found."));
print "";
}
}
}
print "
";
print "
";
print "";
print "";
}
function dbupdate() {
startup_gettext();
if (!SINGLE_USER_MODE && $_SESSION["access_level"] < 10) {
$_SESSION["login_error_msg"] = __("Your access level is insufficient to run this script.");
$this->render_login_form();
exit;
}
?>
Database Updater
isUpdateRequired()) {
print "
" . T_sprintf("Performing updates to version %d", SCHEMA_VERSION) . "
";
print_error("One of the updates failed. Either retry the process or perform updates manually.");
print "";
return;
} else {
print "
" . __("Completed.") . "
";
print "";
}
}
print_notice("Your Tiny Tiny RSS database is now updated to the latest version.");
print "".__("Return to Tiny Tiny RSS")."";
} else {
print_notice("Tiny Tiny RSS database is up to date.");
print "".__("Return to Tiny Tiny RSS")."";
}
} else {
if ($updater->isUpdateRequired()) {
print "
".T_sprintf("Tiny Tiny RSS database needs update to the latest version (%d to %d).",
$updater->getSchemaVersion(), SCHEMA_VERSION)."
";
if (DB_TYPE == "mysql") {
print_error("READ THIS: Due to MySQL limitations, your database is not completely protected while updating. ".
"Errors may put it in an inconsistent state requiring manual rollback. BACKUP YOUR DATABASE BEFORE CONTINUING.");
} else {
print_warning("Please backup your database before proceeding.");
}
print "";
} else {
print_notice("Tiny Tiny RSS database is up to date.");
print "".__("Return to Tiny Tiny RSS")."";
}
}
?>
exists($filename)) {
$cache->send($filename);
} else {
header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");
echo "File not found.";
}
}
private function make_article_tag_uri($id, $timestamp) {
$timestamp = date("Y-m-d", strtotime($timestamp));
return "tag:" . parse_url(get_self_url_prefix(), PHP_URL_HOST) . ",$timestamp:/$id";
}
// this should be used very carefully because this endpoint is exposed to unauthenticated users
// plugin data is not loaded because there's no user context and owner_uid/session may or may not be available
// in general, don't do anything user-related in here and do not modify $_SESSION
public function pluginhandler() {
$host = new PluginHost();
$plugin_name = basename(clean($_REQUEST["plugin"]));
$method = clean($_REQUEST["pmethod"]);
$host->load($plugin_name, PluginHost::KIND_USER, 0);
//$host->load_data();
$plugin = $host->get_plugin($plugin_name);
if ($plugin) {
if (method_exists($plugin, $method)) {
if ($plugin->is_public_method($method)) {
$plugin->$method();
} else {
user_error("PluginHandler[PUBLIC]: Requested private method '$method' of plugin '$plugin_name'.", E_USER_WARNING);
header("Content-Type: text/json");
print error_json(6);
}
} else {
user_error("PluginHandler[PUBLIC]: Requested unknown method '$method' of plugin '$plugin_name'.", E_USER_WARNING);
header("Content-Type: text/json");
print error_json(13);
}
} else {
user_error("PluginHandler[PUBLIC]: Requested method '$method' of unknown plugin '$plugin_name'.", E_USER_WARNING);
header("Content-Type: text/json");
print error_json(14);
}
}
static function render_login_form() {
header('Cache-Control: public');
require_once "login_form.php";
exit;
}
}
?>