function check_current() { $user = get_current(); if (!$user) { render_login_form(); exit; } return $user; }
function login_sequence() { if (SINGLE_USER_MODE) { @session_start(); authenticate_user("admin", null); startup_gettext(); load_user_plugins($_SESSION["uid"]); } else { if (!validate_session()) { $_SESSION["uid"] = false; } if (!$_SESSION["uid"]) { if (AUTH_AUTO_LOGIN && authenticate_user(null, null)) { $_SESSION["ref_schema_version"] = get_schema_version(true); } else { authenticate_user(null, null, true); } if (!$_SESSION["uid"]) { @session_destroy(); setcookie(session_name(), '', time() - 42000, '/'); render_login_form(); exit; } } else { /* bump login timestamp */ db_query("UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]); $_SESSION["last_login_update"] = time(); } if ($_SESSION["uid"]) { startup_gettext(); load_user_plugins($_SESSION["uid"]); /* cleanup ccache */ db_query("DELETE FROM ttrss_counters_cache WHERE owner_uid = " . $_SESSION["uid"] . " AND\n\t\t\t\t\t\t(SELECT COUNT(id) FROM ttrss_feeds WHERE\n\t\t\t\t\t\t\tttrss_feeds.id = feed_id) = 0"); db_query("DELETE FROM ttrss_cat_counters_cache WHERE owner_uid = " . $_SESSION["uid"] . " AND\n\t\t\t\t\t\t(SELECT COUNT(id) FROM ttrss_feed_categories WHERE\n\t\t\t\t\t\t\tttrss_feed_categories.id = feed_id) = 0"); } } }
<?php require_once "functions.php"; require_once "sessions.php"; require_once "sanity_check.php"; require_once "config.php"; require_once "db.php"; $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); init_connection($link); login_sequence($link); $owner_uid = $_SESSION["uid"]; if (!SINGLE_USER_MODE && $_SESSION["access_level"] < 10) { $_SESSION["login_error_msg"] = __("Your access level is insufficient to run this script."); render_login_form($link); exit; } ?> <html> <head> <title>Database Updater</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <link rel="stylesheet" type="text/css" href="utility.css"> </head> <body> <script type='text/javascript'> function confirmOP() { return confirm(__("Update the database?")); }
function login_sequence($link, $login_form = 0) { $_SESSION["prefs_cache"] = false; if (SINGLE_USER_MODE) { authenticate_user($link, "admin", null); cache_prefs($link); load_user_plugins($link, $_SESSION["uid"]); } else { if (!$_SESSION["uid"] || !validate_session($link)) { if (AUTH_AUTO_LOGIN && authenticate_user($link, null, null)) { $_SESSION["ref_schema_version"] = get_schema_version($link, true); } else { authenticate_user($link, null, null, true); } if (!$_SESSION["uid"]) { render_login_form($link, $login_form); } } else { /* bump login timestamp */ db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]); } if ($_SESSION["uid"] && $_SESSION["language"] && SESSION_COOKIE_LIFETIME > 0) { setcookie("ttrss_lang", $_SESSION["language"], time() + SESSION_COOKIE_LIFETIME); } if ($_SESSION["uid"]) { cache_prefs($link); load_user_plugins($link, $_SESSION["uid"]); } } }
function login_sequence($link, $mobile = false) { if (!SINGLE_USER_MODE) { $login_action = $_POST["login_action"]; # try to authenticate user if called from login form if ($login_action == "do_login") { $login = $_POST["login"]; $password = $_POST["password"]; $remember_me = $_POST["remember_me"]; if (authenticate_user($link, $login, $password)) { $_POST["password"] = ""; $_SESSION["language"] = $_POST["language"]; $_SESSION["ref_schema_version"] = get_schema_version($link, true); $_SESSION["bw_limit"] = !!$_POST["bw_limit"]; if ($_POST["profile"]) { $profile = db_escape_string($_POST["profile"]); $result = db_query($link, "SELECT id FROM ttrss_settings_profiles\n\t\t\t\t\t\t\tWHERE id = '{$profile}' AND owner_uid = " . $_SESSION["uid"]); if (db_num_rows($result) != 0) { $_SESSION["profile"] = $profile; $_SESSION["prefs_cache"] = array(); } } header("Location: " . $_SERVER["REQUEST_URI"]); exit; return; } else { $_SESSION["login_error_msg"] = __("Incorrect username or password"); } } if (!$_SESSION["uid"] || !validate_session($link)) { render_login_form($link, $mobile); //header("Location: login.php"); exit; } else { /* bump login timestamp */ db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]); if ($_SESSION["language"] && SESSION_COOKIE_LIFETIME > 0) { setcookie("ttrss_lang", $_SESSION["language"], time() + SESSION_COOKIE_LIFETIME); } /* bump counters stamp since we're getting reloaded anyway */ $_SESSION["get_all_counters_stamp"] = time(); } } else { return authenticate_user($link, "admin", null); } }
function dbupdate() { startup_gettext(); if (!SINGLE_USER_MODE && $_SESSION["access_level"] < 10) { $_SESSION["login_error_msg"] = __("Your access level is insufficient to run this script."); render_login_form(); exit; } ?> <html> <head> <title>Database Updater</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <link rel="stylesheet" type="text/css" href="css/utility.css"/> </head> <style type="text/css"> span.ok { color : #009000; font-weight : bold; } span.err { color : #ff0000; font-weight : bold; } </style> <body> <script type='text/javascript'> function confirmOP() { return confirm("Update the database?"); } </script> <div class="floatingLogo"><img src="images/logo_small.png"></div> <h1><?php echo __("Database Updater"); ?> </h1> <div class="content"> <?php @($op = $_REQUEST["subop"]); $updater = new DbUpdater(Db::get(), DB_TYPE, SCHEMA_VERSION); if ($op == "performupdate") { if ($updater->isUpdateRequired()) { print "<h2>Performing updates</h2>"; print "<h3>Updating to schema version " . SCHEMA_VERSION . "</h3>"; print "<ul>"; for ($i = $updater->getSchemaVersion() + 1; $i <= SCHEMA_VERSION; $i++) { print "<li>Performing update up to version {$i}..."; $result = $updater->performUpdateTo($i); if (!$result) { print "<span class='err'>FAILED!</span></li></ul>"; print_warning("One of the updates failed. Either retry the process or perform updates manually."); print "<p><form method=\"GET\" action=\"index.php\">\n\t\t\t\t\t\t\t\t<input type=\"submit\" value=\"" . __("Return to Tiny Tiny RSS") . "\">\n\t\t\t\t\t\t\t\t</form>"; break; } else { print "<span class='ok'>OK!</span></li>"; } } print "</ul>"; print_notice("Your Tiny Tiny RSS database is now updated to the latest version."); print "<p><form method=\"GET\" action=\"index.php\">\n\t\t\t\t\t\t<input type=\"submit\" value=\"" . __("Return to Tiny Tiny RSS") . "\">\n\t\t\t\t\t\t</form>"; } else { print "<h2>Your database is up to date.</h2>"; print "<p><form method=\"GET\" action=\"index.php\">\n\t\t\t\t\t\t<input type=\"submit\" value=\"" . __("Return to Tiny Tiny RSS") . "\">\n\t\t\t\t\t\t</form>"; } } else { if ($updater->isUpdateRequired()) { print "<h2>Database update required</h2>"; print "<h3>"; printf("Your Tiny Tiny RSS database needs update to the latest version: %d to %d.", $updater->getSchemaVersion(), SCHEMA_VERSION); print "</h3>"; print_warning("Please backup your database before proceeding."); print "<form method='POST'>\n\t\t\t\t\t\t\t<input type='hidden' name='subop' value='performupdate'>\n\t\t\t\t\t\t\t<input type='submit' onclick='return confirmOP()' value='" . __("Perform updates") . "'>\n\t\t\t\t\t\t</form>"; } else { print_notice("Tiny Tiny RSS database is up to date."); print "<p><form method=\"GET\" action=\"index.php\">\n\t\t\t\t\t\t\t<input type=\"submit\" value=\"" . __("Return to Tiny Tiny RSS") . "\">\n\t\t\t\t\t\t</form>"; } } ?> </div> </body> </html> <?php }
function subscribe() { if (SINGLE_USER_MODE) { login_sequence($this->link); } if ($_SESSION["uid"]) { $feed_url = db_escape_string(trim($_REQUEST["feed_url"])); header('Content-Type: text/html; charset=utf-8'); print "<html>\n\t\t\t\t<head>\n\t\t\t\t\t<title>Tiny Tiny RSS</title>\n\t\t\t\t\t<link rel=\"stylesheet\" type=\"text/css\" href=\"utility.css\">\n\t\t\t\t\t<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>\n\t\t\t\t</head>\n\t\t\t\t<body>\n\t\t\t\t<img class=\"floatingLogo\" src=\"images/logo_wide.png\"\n\t\t\t \t\talt=\"Tiny Tiny RSS\"/>\n\t\t\t\t\t<h1>" . __("Subscribe to feed...") . "</h1>"; $rc = subscribe_to_feed($this->link, $feed_url); switch ($rc['code']) { case 0: print_warning(T_sprintf("Already subscribed to <b>%s</b>.", $feed_url)); break; case 1: print_notice(T_sprintf("Subscribed to <b>%s</b>.", $feed_url)); break; case 2: print_error(T_sprintf("Could not subscribe to <b>%s</b>.", $feed_url)); break; case 3: print_error(T_sprintf("No feeds found in <b>%s</b>.", $feed_url)); break; case 4: print_notice(__("Multiple feed URLs found.")); $feed_urls = $rc["feeds"]; break; case 5: print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url)); break; } if ($feed_urls) { print "<form action=\"public.php\">"; print "<input type=\"hidden\" name=\"op\" value=\"subscribe\">"; print "<select name=\"feed_url\">"; foreach ($feed_urls as $url => $name) { $url = htmlspecialchars($url); $name = htmlspecialchars($name); print "<option value=\"{$url}\">{$name}</option>"; } print "<input type=\"submit\" value=\"" . __("Subscribe to selected feed") . "\">"; print "</form>"; } $tp_uri = get_self_url_prefix() . "/prefs.php"; $tt_uri = get_self_url_prefix(); if ($rc['code'] <= 2) { $result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE\n\t\t\t\t\tfeed_url = '{$feed_url}' AND owner_uid = " . $_SESSION["uid"]); $feed_id = db_fetch_result($result, 0, "id"); } else { $feed_id = 0; } print "<p>"; if ($feed_id) { print "<form method=\"GET\" style='display: inline'\n\t\t\t\t\taction=\"{$tp_uri}\">\n\t\t\t\t\t<input type=\"hidden\" name=\"tab\" value=\"feedConfig\">\n\t\t\t\t\t<input type=\"hidden\" name=\"method\" value=\"editFeed\">\n\t\t\t\t\t<input type=\"hidden\" name=\"methodparam\" value=\"{$feed_id}\">\n\t\t\t\t\t<input type=\"submit\" value=\"" . __("Edit subscription options") . "\">\n\t\t\t\t\t</form>"; } print "<form style='display: inline' method=\"GET\" action=\"{$tt_uri}\">\n\t\t\t\t<input type=\"submit\" value=\"" . __("Return to Tiny Tiny RSS") . "\">\n\t\t\t\t</form></p>"; print "</body></html>"; } else { render_login_form($this->link); } }
function login_sequence($link, $mobile = false) { $_SESSION["prefs_cache"] = array(); if (!SINGLE_USER_MODE) { $login_action = $_POST["login_action"]; # try to authenticate user if called from login form if ($login_action == "do_login") { $login = $_POST["login"]; $password = $_POST["password"]; $remember_me = $_POST["remember_me"]; if (authenticate_user($link, $login, $password)) { $_POST["password"] = ""; $_SESSION["language"] = $_POST["language"]; $_SESSION["ref_schema_version"] = get_schema_version($link, true); $_SESSION["bw_limit"] = !!$_POST["bw_limit"]; header("Location: " . $_SERVER["REQUEST_URI"]); exit; return; } else { $_SESSION["login_error_msg"] = __("Incorrect username or password"); } } if (!$_SESSION["uid"] || !validate_session($link)) { render_login_form($link, $mobile); //header("Location: login.php"); exit; } else { /* bump login timestamp */ db_query($link, "UPDATE ttirc_users SET last_login = NOW(), \n\t\t\t \t\ttwitter_last_id = NULL WHERE id = " . $_SESSION["uid"]); if ($_SESSION["language"] && SESSION_COOKIE_LIFETIME > 0) { setcookie("ttirc_lang", $_SESSION["language"], time() + SESSION_COOKIE_LIFETIME); } /* Enable automatic connections */ db_query($link, "UPDATE ttirc_connections SET enabled = true \n\t\t\t\t\tWHERE auto_connect = true AND owner_uid = " . $_SESSION["uid"]); initialize_user_prefs($link, $_SESSION["uid"]); /* $tmp_result = db_query($link, "SELECT id FROM ttirc_connections WHERE status != ".CS_DISCONNECTED." AND owner_uid = " . $_SESSION["uid"]); while ($conn = db_fetch_assoc($tmp_result)) { push_message($link, $conn['id'], "---", "Accepted connection from " . $_SERVER["REMOTE_ADDR"], true); } */ } } else { return authenticate_user($link, "admin", null); } }
function paint_login_panel() { echo '<div class="dashboardPanel" id="my_login">' . '<h1>' . _('Login') . '</h1>' . render_login_form() . (empty($GLOBALS['ESPCONFIG']['signup_realm']) ? '' : '<a href="signup.php">' . _("Don't have an account? Sign up.") . '</a>') . (empty($GLOBALS['ESPCONFIG']['support_email_address']) ? '' : "<a href='mailto:{$GLOBALS['ESPCONFIG']['support_email_address']}'>" . _('Need help? E-mail us.') . '</a>') . '</div>'; }