function check_current()
{
$user = get_current();
if (!$user) {
render_login_form();
exit;
}
return $user;
}
function login_sequence()
{
if (SINGLE_USER_MODE) {
@session_start();
authenticate_user("admin", null);
startup_gettext();
load_user_plugins($_SESSION["uid"]);
} else {
if (!validate_session()) {
$_SESSION["uid"] = false;
}
if (!$_SESSION["uid"]) {
if (AUTH_AUTO_LOGIN && authenticate_user(null, null)) {
$_SESSION["ref_schema_version"] = get_schema_version(true);
} else {
authenticate_user(null, null, true);
}
if (!$_SESSION["uid"]) {
@session_destroy();
setcookie(session_name(), '', time() - 42000, '/');
render_login_form();
exit;
}
} else {
/* bump login timestamp */
db_query("UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]);
$_SESSION["last_login_update"] = time();
}
if ($_SESSION["uid"]) {
startup_gettext();
load_user_plugins($_SESSION["uid"]);
/* cleanup ccache */
db_query("DELETE FROM ttrss_counters_cache WHERE owner_uid = " . $_SESSION["uid"] . " AND\n\t\t\t\t\t\t(SELECT COUNT(id) FROM ttrss_feeds WHERE\n\t\t\t\t\t\t\tttrss_feeds.id = feed_id) = 0");
db_query("DELETE FROM ttrss_cat_counters_cache WHERE owner_uid = " . $_SESSION["uid"] . " AND\n\t\t\t\t\t\t(SELECT COUNT(id) FROM ttrss_feed_categories WHERE\n\t\t\t\t\t\t\tttrss_feed_categories.id = feed_id) = 0");
}
}
}
<?php
require_once "functions.php";
require_once "sessions.php";
require_once "sanity_check.php";
require_once "config.php";
require_once "db.php";
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
init_connection($link);
login_sequence($link);
$owner_uid = $_SESSION["uid"];
if (!SINGLE_USER_MODE && $_SESSION["access_level"] < 10) {
$_SESSION["login_error_msg"] = __("Your access level is insufficient to run this script.");
render_login_form($link);
exit;
}
?>
<html>
<head>
<title>Database Updater</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="utility.css">
</head>
<body>
<script type='text/javascript'>
function confirmOP() {
return confirm(__("Update the database?"));
}
function login_sequence($link, $login_form = 0)
{
$_SESSION["prefs_cache"] = false;
if (SINGLE_USER_MODE) {
authenticate_user($link, "admin", null);
cache_prefs($link);
load_user_plugins($link, $_SESSION["uid"]);
} else {
if (!$_SESSION["uid"] || !validate_session($link)) {
if (AUTH_AUTO_LOGIN && authenticate_user($link, null, null)) {
$_SESSION["ref_schema_version"] = get_schema_version($link, true);
} else {
authenticate_user($link, null, null, true);
}
if (!$_SESSION["uid"]) {
render_login_form($link, $login_form);
}
} else {
/* bump login timestamp */
db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]);
}
if ($_SESSION["uid"] && $_SESSION["language"] && SESSION_COOKIE_LIFETIME > 0) {
setcookie("ttrss_lang", $_SESSION["language"], time() + SESSION_COOKIE_LIFETIME);
}
if ($_SESSION["uid"]) {
cache_prefs($link);
load_user_plugins($link, $_SESSION["uid"]);
}
}
}
function login_sequence($link, $mobile = false)
{
if (!SINGLE_USER_MODE) {
$login_action = $_POST["login_action"];
# try to authenticate user if called from login form
if ($login_action == "do_login") {
$login = $_POST["login"];
$password = $_POST["password"];
$remember_me = $_POST["remember_me"];
if (authenticate_user($link, $login, $password)) {
$_POST["password"] = "";
$_SESSION["language"] = $_POST["language"];
$_SESSION["ref_schema_version"] = get_schema_version($link, true);
$_SESSION["bw_limit"] = !!$_POST["bw_limit"];
if ($_POST["profile"]) {
$profile = db_escape_string($_POST["profile"]);
$result = db_query($link, "SELECT id FROM ttrss_settings_profiles\n\t\t\t\t\t\t\tWHERE id = '{$profile}' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) != 0) {
$_SESSION["profile"] = $profile;
$_SESSION["prefs_cache"] = array();
}
}
header("Location: " . $_SERVER["REQUEST_URI"]);
exit;
return;
} else {
$_SESSION["login_error_msg"] = __("Incorrect username or password");
}
}
if (!$_SESSION["uid"] || !validate_session($link)) {
render_login_form($link, $mobile);
//header("Location: login.php");
exit;
} else {
/* bump login timestamp */
db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]);
if ($_SESSION["language"] && SESSION_COOKIE_LIFETIME > 0) {
setcookie("ttrss_lang", $_SESSION["language"], time() + SESSION_COOKIE_LIFETIME);
}
/* bump counters stamp since we're getting reloaded anyway */
$_SESSION["get_all_counters_stamp"] = time();
}
} else {
return authenticate_user($link, "admin", null);
}
}
function dbupdate()
{
startup_gettext();
if (!SINGLE_USER_MODE && $_SESSION["access_level"] < 10) {
$_SESSION["login_error_msg"] = __("Your access level is insufficient to run this script.");
render_login_form();
exit;
}
?>
<html>
<head>
<title>Database Updater</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<link rel="stylesheet" type="text/css" href="css/utility.css"/>
</head>
<style type="text/css">
span.ok { color : #009000; font-weight : bold; }
span.err { color : #ff0000; font-weight : bold; }
</style>
<body>
<script type='text/javascript'>
function confirmOP() {
return confirm("Update the database?");
}
</script>
<div class="floatingLogo"><img src="images/logo_small.png"></div>
<h1><?php
echo __("Database Updater");
?>
</h1>
<div class="content">
<?php
@($op = $_REQUEST["subop"]);
$updater = new DbUpdater(Db::get(), DB_TYPE, SCHEMA_VERSION);
if ($op == "performupdate") {
if ($updater->isUpdateRequired()) {
print "<h2>Performing updates</h2>";
print "<h3>Updating to schema version " . SCHEMA_VERSION . "</h3>";
print "<ul>";
for ($i = $updater->getSchemaVersion() + 1; $i <= SCHEMA_VERSION; $i++) {
print "<li>Performing update up to version {$i}...";
$result = $updater->performUpdateTo($i);
if (!$result) {
print "<span class='err'>FAILED!</span></li></ul>";
print_warning("One of the updates failed. Either retry the process or perform updates manually.");
print "<p><form method=\"GET\" action=\"index.php\">\n\t\t\t\t\t\t\t\t<input type=\"submit\" value=\"" . __("Return to Tiny Tiny RSS") . "\">\n\t\t\t\t\t\t\t\t</form>";
break;
} else {
print "<span class='ok'>OK!</span></li>";
}
}
print "</ul>";
print_notice("Your Tiny Tiny RSS database is now updated to the latest version.");
print "<p><form method=\"GET\" action=\"index.php\">\n\t\t\t\t\t\t<input type=\"submit\" value=\"" . __("Return to Tiny Tiny RSS") . "\">\n\t\t\t\t\t\t</form>";
} else {
print "<h2>Your database is up to date.</h2>";
print "<p><form method=\"GET\" action=\"index.php\">\n\t\t\t\t\t\t<input type=\"submit\" value=\"" . __("Return to Tiny Tiny RSS") . "\">\n\t\t\t\t\t\t</form>";
}
} else {
if ($updater->isUpdateRequired()) {
print "<h2>Database update required</h2>";
print "<h3>";
printf("Your Tiny Tiny RSS database needs update to the latest version: %d to %d.", $updater->getSchemaVersion(), SCHEMA_VERSION);
print "</h3>";
print_warning("Please backup your database before proceeding.");
print "<form method='POST'>\n\t\t\t\t\t\t\t<input type='hidden' name='subop' value='performupdate'>\n\t\t\t\t\t\t\t<input type='submit' onclick='return confirmOP()' value='" . __("Perform updates") . "'>\n\t\t\t\t\t\t</form>";
} else {
print_notice("Tiny Tiny RSS database is up to date.");
print "<p><form method=\"GET\" action=\"index.php\">\n\t\t\t\t\t\t\t<input type=\"submit\" value=\"" . __("Return to Tiny Tiny RSS") . "\">\n\t\t\t\t\t\t</form>";
}
}
?>
</div>
</body>
</html>
<?php
}
function subscribe()
{
if (SINGLE_USER_MODE) {
login_sequence($this->link);
}
if ($_SESSION["uid"]) {
$feed_url = db_escape_string(trim($_REQUEST["feed_url"]));
header('Content-Type: text/html; charset=utf-8');
print "<html>\n\t\t\t\t<head>\n\t\t\t\t\t<title>Tiny Tiny RSS</title>\n\t\t\t\t\t<link rel=\"stylesheet\" type=\"text/css\" href=\"utility.css\">\n\t\t\t\t\t<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>\n\t\t\t\t</head>\n\t\t\t\t<body>\n\t\t\t\t<img class=\"floatingLogo\" src=\"images/logo_wide.png\"\n\t\t\t \t\talt=\"Tiny Tiny RSS\"/>\n\t\t\t\t\t<h1>" . __("Subscribe to feed...") . "</h1>";
$rc = subscribe_to_feed($this->link, $feed_url);
switch ($rc['code']) {
case 0:
print_warning(T_sprintf("Already subscribed to <b>%s</b>.", $feed_url));
break;
case 1:
print_notice(T_sprintf("Subscribed to <b>%s</b>.", $feed_url));
break;
case 2:
print_error(T_sprintf("Could not subscribe to <b>%s</b>.", $feed_url));
break;
case 3:
print_error(T_sprintf("No feeds found in <b>%s</b>.", $feed_url));
break;
case 4:
print_notice(__("Multiple feed URLs found."));
$feed_urls = $rc["feeds"];
break;
case 5:
print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url));
break;
}
if ($feed_urls) {
print "<form action=\"public.php\">";
print "<input type=\"hidden\" name=\"op\" value=\"subscribe\">";
print "<select name=\"feed_url\">";
foreach ($feed_urls as $url => $name) {
$url = htmlspecialchars($url);
$name = htmlspecialchars($name);
print "<option value=\"{$url}\">{$name}</option>";
}
print "<input type=\"submit\" value=\"" . __("Subscribe to selected feed") . "\">";
print "</form>";
}
$tp_uri = get_self_url_prefix() . "/prefs.php";
$tt_uri = get_self_url_prefix();
if ($rc['code'] <= 2) {
$result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE\n\t\t\t\t\tfeed_url = '{$feed_url}' AND owner_uid = " . $_SESSION["uid"]);
$feed_id = db_fetch_result($result, 0, "id");
} else {
$feed_id = 0;
}
print "<p>";
if ($feed_id) {
print "<form method=\"GET\" style='display: inline'\n\t\t\t\t\taction=\"{$tp_uri}\">\n\t\t\t\t\t<input type=\"hidden\" name=\"tab\" value=\"feedConfig\">\n\t\t\t\t\t<input type=\"hidden\" name=\"method\" value=\"editFeed\">\n\t\t\t\t\t<input type=\"hidden\" name=\"methodparam\" value=\"{$feed_id}\">\n\t\t\t\t\t<input type=\"submit\" value=\"" . __("Edit subscription options") . "\">\n\t\t\t\t\t</form>";
}
print "<form style='display: inline' method=\"GET\" action=\"{$tt_uri}\">\n\t\t\t\t<input type=\"submit\" value=\"" . __("Return to Tiny Tiny RSS") . "\">\n\t\t\t\t</form></p>";
print "</body></html>";
} else {
render_login_form($this->link);
}
}
function login_sequence($link, $mobile = false)
{
$_SESSION["prefs_cache"] = array();
if (!SINGLE_USER_MODE) {
$login_action = $_POST["login_action"];
# try to authenticate user if called from login form
if ($login_action == "do_login") {
$login = $_POST["login"];
$password = $_POST["password"];
$remember_me = $_POST["remember_me"];
if (authenticate_user($link, $login, $password)) {
$_POST["password"] = "";
$_SESSION["language"] = $_POST["language"];
$_SESSION["ref_schema_version"] = get_schema_version($link, true);
$_SESSION["bw_limit"] = !!$_POST["bw_limit"];
header("Location: " . $_SERVER["REQUEST_URI"]);
exit;
return;
} else {
$_SESSION["login_error_msg"] = __("Incorrect username or password");
}
}
if (!$_SESSION["uid"] || !validate_session($link)) {
render_login_form($link, $mobile);
//header("Location: login.php");
exit;
} else {
/* bump login timestamp */
db_query($link, "UPDATE ttirc_users SET last_login = NOW(), \n\t\t\t \t\ttwitter_last_id = NULL WHERE id = " . $_SESSION["uid"]);
if ($_SESSION["language"] && SESSION_COOKIE_LIFETIME > 0) {
setcookie("ttirc_lang", $_SESSION["language"], time() + SESSION_COOKIE_LIFETIME);
}
/* Enable automatic connections */
db_query($link, "UPDATE ttirc_connections SET enabled = true \n\t\t\t\t\tWHERE auto_connect = true AND owner_uid = " . $_SESSION["uid"]);
initialize_user_prefs($link, $_SESSION["uid"]);
/* $tmp_result = db_query($link, "SELECT id FROM ttirc_connections
WHERE status != ".CS_DISCONNECTED." AND owner_uid = " .
$_SESSION["uid"]);
while ($conn = db_fetch_assoc($tmp_result)) {
push_message($link, $conn['id'], "---",
"Accepted connection from " . $_SERVER["REMOTE_ADDR"],
true);
} */
}
} else {
return authenticate_user($link, "admin", null);
}
}
function paint_login_panel()
{
echo '<div class="dashboardPanel" id="my_login">' . '<h1>' . _('Login') . '</h1>' . render_login_form() . (empty($GLOBALS['ESPCONFIG']['signup_realm']) ? '' : '<a href="signup.php">' . _("Don't have an account? Sign up.") . '</a>') . (empty($GLOBALS['ESPCONFIG']['support_email_address']) ? '' : "<a href='mailto:{$GLOBALS['ESPCONFIG']['support_email_address']}'>" . _('Need help? E-mail us.') . '</a>') . '</div>';
}
