function authenticate($login, $password)
{
$try_login = db_escape_string($_SERVER["REMOTE_USER"]);
if (!$try_login) {
$try_login = $this->get_login_by_ssl_certificate();
}
# if (!$try_login) $try_login = "******";
if ($try_login) {
$user_id = $this->auto_create_user($try_login);
if ($user_id) {
$_SESSION["fake_login"] = $try_login;
$_SESSION["fake_password"] = "******";
$_SESSION["hide_hello"] = true;
$_SESSION["hide_logout"] = true;
// LemonLDAP can send user informations via HTTP HEADER
if (defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE) {
// update user name
$fullname = $_SERVER['HTTP_USER_NAME'] ? $_SERVER['HTTP_USER_NAME'] : $_SERVER['AUTHENTICATE_CN'];
if ($fullname) {
$fullname = db_escape_string($fullname);
db_query($this->link, "UPDATE ttrss_users SET full_name = '{$fullname}' WHERE id = " . $user_id);
}
// update user mail
$email = $_SERVER['HTTP_USER_MAIL'] ? $_SERVER['HTTP_USER_MAIL'] : $_SERVER['AUTHENTICATE_MAIL'];
if ($email) {
$email = db_escape_string($email);
db_query($this->link, "UPDATE ttrss_users SET email = '{$email}' WHERE id = " . $user_id);
}
}
return $user_id;
}
}
return false;
}
public function totalSiteFileNumber($siteId)
{
$q = "SELECT count(*) AS count FROM file WHERE site_id='" . db_escape_string($siteId) . "'\t";
$db = Database::connection();
$r = $db->query($q)->nextRow();
return $r['count'];
}
function shareArticle()
{
$param = db_escape_string($_REQUEST['param']);
$result = db_query($this->link, "SELECT uuid, ref_id FROM ttrss_user_entries WHERE int_id = '{$param}'\n\t\t\tAND owner_uid = " . $_SESSION['uid']);
if (db_num_rows($result) == 0) {
print "Article not found.";
} else {
$uuid = db_fetch_result($result, 0, "uuid");
$ref_id = db_fetch_result($result, 0, "ref_id");
if (!$uuid) {
$uuid = db_escape_string(sha1(uniqid(rand(), true)));
db_query($this->link, "UPDATE ttrss_user_entries SET uuid = '{$uuid}' WHERE int_id = '{$param}'\n\t\t\t\t\tAND owner_uid = " . $_SESSION['uid']);
}
print __("You can share this article by the following unique URL:");
$url_path = get_self_url_prefix();
$url_path .= "/public.php?op=share&key={$uuid}";
print "<div class=\"tagCloudContainer\">";
print "<a id='pub_opml_url' href='{$url_path}' target='_blank'>{$url_path}</a>";
print "</div>";
/* if (!label_find_id($this->link, __('Shared'), $_SESSION["uid"]))
label_create($this->link, __('Shared'), $_SESSION["uid"]);
label_add_article($this->link, $ref_id, __('Shared'), $_SESSION['uid']); */
}
print "<div align='center'>";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('shareArticleDlg').hide()\">" . __('Close this window') . "</button>";
print "</div>";
}
function session_require($req)
{
global $Language;
/*
Codendi admins always return true
*/
if (user_is_super_user()) {
return true;
}
if (isset($req['group']) && $req['group']) {
$query = "SELECT user_id FROM user_group WHERE user_id=" . user_getid() . " AND group_id=" . db_ei($req['group']);
if (isset($req['admin_flags']) && $req['admin_flags']) {
$query .= " AND admin_flags = '" . db_escape_string($req['admin_flags']) . "'";
}
if (db_numrows(db_query($query)) < 1 || !$req['group']) {
exit_error($Language->getText('include_session', 'insufficient_g_access'), $Language->getText('include_session', 'no_perm_to_view'));
}
} elseif (isset($req['user']) && $req['user']) {
if (user_getid() != $req['user']) {
exit_error($Language->getText('include_session', 'insufficient_u_access'), $Language->getText('include_session', 'no_perm_to_view'));
}
} elseif (isset($req['isloggedin']) && $req['isloggedin']) {
if (!user_isloggedin()) {
exit_error($Language->getText('include_session', 'required_login'), $Language->getText('include_session', 'login'));
}
} else {
exit_error($Language->getText('include_session', 'insufficient_access'), $Language->getText('include_session', 'no_access'));
}
}
function getInfo()
{
//retrieve Data from the DB
$id = db_escape_string($_REQUEST['id']);
$result = db_query("SELECT title, link\n\t\t\t\tFROM ttrss_entries, ttrss_user_entries\n\t\t\t\tWHERE id = '{$id}' AND ref_id = id AND owner_uid = " . $_SESSION['uid']);
if (db_num_rows($result) != 0) {
$title = truncate_string(strip_tags(db_fetch_result($result, 0, 'title')), 100, '...');
$article_link = db_fetch_result($result, 0, 'link');
}
$consumer_key = $this->host->get($this, "pocket_consumer_key");
$pocket_access_token = $this->host->get($this, "pocket_access_token");
//Call Pocket API
if (function_exists('curl_init')) {
$postfields = array('consumer_key' => $consumer_key, 'access_token' => $pocket_access_token, 'url' => $article_link, 'title' => $title);
$cURL = curl_init();
curl_setopt($cURL, CURLOPT_URL, 'https://getpocket.com/v3/add');
curl_setopt($cURL, CURLOPT_HEADER, 1);
curl_setopt($cURL, CURLOPT_HTTPHEADER, array('Content-type: application/x-www-form-urlencoded;charset=UTF-8'));
curl_setopt($cURL, CURLOPT_RETURNTRANSFER, true);
curl_setopt($cURL, CURLOPT_TIMEOUT, 5);
curl_setopt($cURL, CURLOPT_POST, 4);
curl_setopt($cURL, CURLOPT_POSTFIELDS, http_build_query($postfields));
$apicall = curl_exec($cURL);
curl_close($cURL);
//Store error code in $status
$status = preg_match('/^X-Error: .*$/m', $apicall, $matches) ? $matches[0] : 1;
} else {
$status = 'For the plugin to work you need to <strong>enable PHP extension CURL</strong>!';
}
//Return information on article and status
print json_encode(array("title" => $title, "link" => $article_link, "id" => $id, "status" => $status));
}
function checkInput($q, $v, $t)
{
if (is_array($v) == false) {
$v = array($v);
}
if (is_array($t) == false) {
$t = array($t);
}
if (count($v) != count($t)) {
$e = new mb_exception("array params and array types have a different count in " . $_SERVER['SCRIPT_FILENAME'] . ": Sql: " . $q);
}
if (PREPAREDSTATEMENTS == true && SYS_DBTYPE == "pgsql") {
$this->v = $v;
} else {
for ($i = 0; $i < count($v); $i++) {
if ($t[$i] == 's') {
$v[$i] = db_escape_string($v[$i]);
} else {
if ($t[$i] == 'i') {
if (preg_match("/w/", $v[$i])) {
$e = new mb_exception($_SERVER['SCRIPT_FILENAME'] . ": Unable to parse integer in: " . $q . " with: param " . $i . "," . $v[i]);
die("wrong data type in sql:" . $q);
}
} else {
if ($t[$i] == 'd') {
}
}
}
}
$this->v = $v;
}
}
function getUrl()
{
$id = db_escape_string($_REQUEST['id']);
//get feed url
$result1 = db_query("SELECT link\n\t\t\tFROM ttrss_entries, ttrss_user_entries\n\t\t\tWHERE id = '{$id}' AND ref_id = id AND owner_uid = " . $_SESSION['uid']);
$url = "";
if (db_num_rows($result1) != 0) {
$url = db_fetch_result($result1, 0, "link");
}
//search for feed mobilizer
$result2 = db_query("SELECT url\n\t\t\tFROM ttrss_user_entries ue, plugin_mobilize_feeds pf, plugin_mobilize_mobilizers pm\n\t\t\tWHERE ue.ref_id = '{$id}' and ue.owner_uid = " . $_SESSION['uid'] . " \n\t\t\tand ue.feed_id = pf.id \n\t\t\tand pf.owner_uid = ue.owner_uid\n\t\t\tand pf.mobilizer_id = pm.id");
//no mobilizer set for this feed, select default
if (!db_num_rows($result2)) {
$result2 = db_query("SELECT url\tFROM plugin_mobilize_mobilizers WHERE id = '0'");
}
$mobilizer_url = $url;
if (db_num_rows($result2) != 0) {
$mobilizer_url = db_fetch_result($result2, 0, "url");
if ($mobilizer_url != "") {
# we got an configured url for the feed, lets do search and replace
$mobilizer_url = str_replace("%s", $url, $mobilizer_url);
} else {
$mobilizer_url = $url;
}
}
print json_encode(array("url" => $mobilizer_url, "id" => $id));
}
function setNote()
{
$id = db_escape_string($_REQUEST["id"]);
$note = trim(strip_tags(db_escape_string($_REQUEST["note"])));
db_query("UPDATE ttrss_user_entries SET note = '{$note}'\n\t\t\tWHERE ref_id = '{$id}' AND owner_uid = " . $_SESSION["uid"]);
$formatted_note = format_article_note($id, $note);
print json_encode(array("note" => $formatted_note, "raw_length" => mb_strlen($note)));
}
function save()
{
$tags = explode(",", db_escape_string($_POST["tags"]));
$tags = array_map("trim", $tags);
$tags = array_map("mb_strtolower", $tags);
$tags = join(", ", $tags);
$this->host->set($this, "tags", $tags);
echo __("Configuration saved.");
}
function changeemail()
{
$email = db_escape_string($_POST["email"]);
$full_name = db_escape_string($_POST["full_name"]);
$active_uid = $_SESSION["uid"];
db_query($this->link, "UPDATE ttrss_users SET email = '{$email}',\n\t\t\tfull_name = '{$full_name}' WHERE id = '{$active_uid}'");
print __("Your personal data has been saved.");
return;
}
function smarty_function_get_nodes_by_parent($params, &$smarty)
{
global $node;
$sql_time = "";
$sql_type = "";
$parent = $params['parent'];
$permissions = permissions::checkPerms($parent);
if (!$permissions['r']) {
$error = $error_messages['READ_PERMISSION_ERROR'];
return false;
}
$parent_vectot = $parent['node_vector'];
if ($params['listing_amount'] == 'all') {
$listing_amount = DEF_MAX_LISTING_AMMOUNT;
} else {
$listing_amount = $params['listing_amount'];
}
if (empty($params['offset'])) {
$offset = 0;
} else {
$offset = $params['offset'];
}
if (isset($params['orderby'])) {
$orderby = db_escape_string($params['orderby']);
}
global $db, $node;
$node_id = $node['node_id'];
$user_id = $_SESSION['user_id'];
if (isset($params['time'])) {
$sql_time = " nodes.node_created > '" . db_escape_string($params['time']) . "' and ";
}
$q = "select parent.node_name as parent_name,users.*,nodes.*,node_access.node_user_subchild_count from nodes left join nodes as parent on parent.node_id=nodes.node_parent left join node_access on node_access.node_id=nodes.node_id and node_access.user_id='{$user_id}' left join users on users.user_id=nodes.node_creator where ";
$q .= " {$sql_time} nodes.node_parent='{$parent}' and nodes.node_system_access!='private'";
if (isset($_POST['template_event']) && $_POST['template_event'] == 'filter_by') {
if (isset($_POST['search_type']) && $_POST['search_type'] == 'content') {
$sql_type .= " and node_content like '%" . db_escape_string($_POST['node_content']) . "%' ";
} else {
$q2 = "select user_id from users where login='******'node_content']) . "'";
$userset = $db->query($q2);
$userset->next();
$id = $userset->getString('user_id');
$sql_type = " and nodes.node_creator='{$id}'";
}
$q .= $sql_type;
}
if (isset($orderby)) {
$q .= " order by {$orderby} ";
} else {
$q .= " order by nodes.node_id desc ";
}
$q .= " LIMIT {$offset},{$listing_amount} ";
$set = $db->query($q);
while ($set->next()) {
$pole[] = $set->getRecord();
}
$smarty->assign('get_nodes_by_parent', $pole);
}
function getUrl()
{
$id = db_escape_string($_REQUEST['id']);
$result = db_query("SELECT link\n\t\t\t\tFROM ttrss_entries, ttrss_user_entries\n\t\t\t\tWHERE id = '{$id}' AND ref_id = id AND owner_uid = " . $_SESSION['uid']);
$url = "";
if (db_num_rows($result) != 0) {
$url = db_fetch_result($result, 0, "link");
}
print json_encode(array("url" => $url, "id" => $id));
}
function getInfo()
{
$id = db_escape_string($_REQUEST['id']);
$result = db_query($this->link, "SELECT title, link\n\t\t\t\tFROM ttrss_entries, ttrss_user_entries\n\t\t\t\tWHERE id = '{$id}' AND ref_id = id AND owner_uid = " . $_SESSION['uid']);
if (db_num_rows($result) != 0) {
$title = truncate_string(strip_tags(db_fetch_result($result, 0, 'title')), 100, '...');
$article_link = db_fetch_result($result, 0, 'link');
}
print json_encode(array("title" => $title, "link" => $article_link, "id" => $id));
}
function find_user_by_login($login)
{
$login = db_escape_string($login);
$result = db_query($this->link, "SELECT id FROM ttrss_users WHERE\n\t\t\tlogin = '******'");
if (db_num_rows($result) > 0) {
return db_fetch_result($result, 0, "id");
} else {
return false;
}
}
function udvaelg($tmp, $key, $art)
{
include "../includes/std_func.php";
$tmp = strtolower($tmp);
if ($art) {
#20150105-1
if ($art != 'BELOB') {
$tmp = str_replace(",", ":", $tmp);
}
#20150601
$tmp = str_replace(";", ":", $tmp);
if ($art == 'BELOB' && !strpos($tmp, ':')) {
#20151019
$tmp = usdecimal($tmp);
$tmp1 = $tmp - 0.005;
$tmp2 = $tmp + 0.004;
$tmp = number_format($tmp1, 3, ',', '') . ":" . number_format($tmp2, 3, ',', '');
}
}
list($tmp1, $tmp2) = explode(":", $tmp);
if (strstr($tmp, ':') && $art != 'TID') {
if ($art == "DATO") {
$tmp1 = usdate($tmp1);
$tmp2 = usdate($tmp2);
} elseif ($art == "BELOB") {
$tmp1 = usdecimal($tmp1);
$tmp2 = usdecimal($tmp2);
} elseif ($art == "NR") {
$tmp1 = afrund($tmp1 * 1, 2);
#21050105-2
$tmp2 = afrund($tmp2 * 1, 2);
}
$udvaelg = "and {$key} >= '{$tmp1}' and {$key} <= '{$tmp2}'";
} else {
if ($art == "TID") {
if (!strstr($tmp, ':')) {
$tmp = $tmp * 1;
$tmp = str_replace(".", ":", $tmp);
if (!strstr($tmp, ':')) {
$tmp = $tmp . ":";
}
}
} elseif ($art == "DATO") {
$tmp = usdate($tmp);
}
if (!$art) {
$tmp = str_replace("*", "%", $tmp);
$tmp = db_escape_string($tmp);
$udvaelg = " and lower({$key}) like '{$tmp}'";
} else {
$udvaelg = " and {$key} = '{$tmp}'";
}
}
return $udvaelg;
}
function getShaarli()
{
$id = db_escape_string($_REQUEST['id']);
$result = $this->dbh->query("SELECT title, link\n FROM ttrss_entries, ttrss_user_entries\n WHERE id = '{$id}' AND ref_id = id AND owner_uid = " . $_SESSION['uid']);
if (db_num_rows($result) != 0) {
$title = truncate_string(strip_tags(db_fetch_result($result, 0, 'title')), 100, '...');
$article_link = db_fetch_result($result, 0, 'link');
}
$shaarli_url = $this->host->get($this, "shaarli");
print json_encode(array("title" => $title, "link" => $article_link, "id" => $id, "shaarli_url" => $shaarli_url));
}
function save()
{
if (isset($_POST["password"]) && isset($_SESSION["uid"])) {
$result = db_query("SELECT login FROM ttrss_users WHERE id = '" . db_escape_string($_SESSION["uid"]) . "'");
if ($line = db_fetch_assoc($result)) {
$password = md5($line["login"] . ":" . $_POST["password"]);
$this->host->set($this, "password", $password);
echo __("Password saved.");
}
}
}
function label_update_cache($link, $owner_uid, $id, $labels = false, $force = false)
{
if ($force) {
label_clear_cache($link, $id);
}
if (!$labels) {
$labels = get_article_labels($link, $id);
}
$labels = db_escape_string(json_encode($labels));
db_query($link, "UPDATE ttrss_user_entries SET\n\t\t\tlabel_cache = '{$labels}' WHERE ref_id = '{$id}' AND owner_uid = '{$owner_uid}'");
}
public function calculateNumberPosts()
{
$q = "SELECT sum(number_posts) as posts FROM forum_thread WHERE category_id='" . db_escape_string($this->getCategoryId()) . "'";
$db = Database::connection();
$r = $db->query($q);
$row = $r->nextRow();
$n = $row['posts'];
if ($n === null) {
$n = 0;
}
$this->setNumberPosts($n);
}
public function clearPageFlagsEvent($runData)
{
$site = $runData->getTemp("site");
$pl = $runData->getParameterList();
$path = $pl->getParameterValue("path");
if ($path == null || $path == '') {
throw new ProcessException(_("Error processing the request. No page specified"), "no_path");
}
$q = "UPDATE page_abuse_flag SET site_valid=FALSE WHERE " . "site_id='" . $site->getSiteId() . "' " . "AND path='" . db_escape_string($path) . "' " . "AND site_valid=TRUE";
$db = Database::connection();
$db->query($q);
}
function index()
{
if (!function_exists('curl_init')) {
print "<div style='padding : 1em'>";
print_error("This functionality requires CURL functions. Please enable CURL in your PHP configuration (you might also want to disable open_basedir in php.ini) and reload this page.");
print "</div>";
}
print "<div id=\"pref-instance-wrap\" dojoType=\"dijit.layout.BorderContainer\" gutters=\"false\">";
print "<div id=\"pref-instance-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";
print "<div id=\"pref-instance-toolbar\" dojoType=\"dijit.Toolbar\">";
$sort = db_escape_string($_REQUEST["sort"]);
if (!$sort || $sort == "undefined") {
$sort = "access_url";
}
print "<div dojoType=\"dijit.form.DropDownButton\">" . "<span>" . __('Select') . "</span>";
print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
print "<div onclick=\"selectTableRows('prefInstanceList', 'all')\"\n\t\t\tdojoType=\"dijit.MenuItem\">" . __('All') . "</div>";
print "<div onclick=\"selectTableRows('prefInstanceList', 'none')\"\n\t\t\tdojoType=\"dijit.MenuItem\">" . __('None') . "</div>";
print "</div></div>";
print "<button dojoType=\"dijit.form.Button\" onclick=\"addInstance()\">" . __('Link instance') . "</button>";
print "<button dojoType=\"dijit.form.Button\" onclick=\"editSelectedInstance()\">" . __('Edit') . "</button>";
print "<button dojoType=\"dijit.form.Button\" onclick=\"removeSelectedInstances()\">" . __('Remove') . "</button>";
print "</div>";
#toolbar
$result = db_query($this->link, "SELECT *,\n\t\t\t(SELECT COUNT(*) FROM ttrss_linked_feeds\n\t\t\t\tWHERE instance_id = ttrss_linked_instances.id) AS num_feeds\n\t\t\tFROM ttrss_linked_instances\n\t\t\tORDER BY {$sort}");
print "<p class=\"insensitive\" style='margin-left : 1em;'>" . __("You can connect other instances of Tiny Tiny RSS to this one to share Popular feeds. Link to this instance of Tiny Tiny RSS by using this URL:");
print " <a href=\"#\" onclick=\"alert('" . htmlspecialchars(get_self_url_prefix()) . "')\">(display url)</a>";
print "<p><table width='100%' id='prefInstanceList' class='prefInstanceList' cellspacing='0'>";
print "<tr class=\"title\">\n\t\t\t<td align='center' width=\"5%\"> </td>\n\t\t\t<td width=''><a href=\"#\" onclick=\"updateInstanceList('access_url')\">" . __('Instance URL') . "</a></td>\n\t\t\t<td width='20%'><a href=\"#\" onclick=\"updateInstanceList('access_key')\">" . __('Access key') . "</a></td>\n\t\t\t<td width='10%'><a href=\"#\" onclick=\"updateUsersList('last_connected')\">" . __('Last connected') . "</a></td>\n\t\t\t<td width='10%'><a href=\"#\" onclick=\"updateUsersList('last_status_out')\">" . __('Status') . "</a></td>\n\t\t\t<td width='10%'><a href=\"#\" onclick=\"updateUsersList('num_feeds')\">" . __('Stored feeds') . "</a></td>\n\t\t\t</tr>";
$lnum = 0;
while ($line = db_fetch_assoc($result)) {
$class = $lnum % 2 ? "even" : "odd";
$id = $line['id'];
$this_row_id = "id=\"LIRR-{$id}\"";
$line["last_connected"] = make_local_datetime($this->link, $line["last_connected"], false);
print "<tr class=\"{$class}\" {$this_row_id}>";
print "<td align='center'><input onclick='toggleSelectRow(this);'\n\t\t\t\ttype=\"checkbox\" id=\"LICHK-{$id}\"></td>";
$onclick = "onclick='editInstance({$id}, event)' title='" . __('Click to edit') . "'";
$access_key = mb_substr($line['access_key'], 0, 4) . '...' . mb_substr($line['access_key'], -4);
print "<td {$onclick}>" . htmlspecialchars($line['access_url']) . "</td>";
print "<td {$onclick}>" . htmlspecialchars($access_key) . "</td>";
print "<td {$onclick}>" . htmlspecialchars($line['last_connected']) . "</td>";
print "<td {$onclick}>" . $this->status_codes[$line['last_status_out']] . "</td>";
print "<td {$onclick}>" . htmlspecialchars($line['num_feeds']) . "</td>";
print "</tr>";
++$lnum;
}
print "</table>";
print "</div>";
#pane
print "</div>";
#container
}
public function toSql()
{
$insert .= "INSERT INTO gui_element_vars(fkey_gui_id, fkey_e_id, var_name, var_value, context, var_type";
$insert .= ") VALUES (";
$insert .= "'" . $this->applicationId . "',";
$insert .= "'" . $this->elementId . "',";
$insert .= "'" . $this->name . "',";
$insert .= "'" . db_escape_string($this->value) . "',";
$insert .= "'" . db_escape_string($this->context) . "',";
$insert .= "'" . $this->type . "'";
$insert .= ");\n";
return $insert;
}
function smarty_function_get_id_by_name($params, &$smarty)
{
$name = db_escape_string($params['name']);
global $db;
$q = "select user_id from users where login='******'";
$set = $db->query($q);
if ($set && $set->getNumRows() > 0) {
$set->next();
$id = $set->getString('user_id');
} else {
$id = '1';
}
$smarty->assign('get_id_by_name', $id);
}
public function build($runData)
{
$page = $runData->getTemp("page");
if (!$page) {
return;
}
$pageId = $page->getPageId();
// create a very custom query ;-)
$c = new Criteria();
$q = "SELECT page_id, title, unix_name FROM page_link, page " . "WHERE page_link.to_page_id='" . db_escape_string($pageId) . "' " . "AND page_link.from_page_id=page.page_id ORDER BY COALESCE(title, unix_name)";
$c->setExplicitQuery($q);
$pages = DB_PagePeer::instance()->select($c);
$runData->contextAdd("pages", $pages);
}
private function buildCriteria($criteria)
{
$filters = array();
if ($criteria['domainid']) {
$filters[] = "t.id = " . db_escape_string($criteria['domainid']) . "";
}
if ($criteria['domainname']) {
$filters[] = "t.domain LIKE '%" . db_escape_string($criteria['domainname']) . "%'";
}
$filters[] = "t.domain LIKE '%.id'";
$filters[] = "t.status <> 'Expired'";
$filters[] = "t.status <> 'Cancelled'";
$filters[] = "t.status <> 'Fraud'";
return $filters;
}
function ttrss_write($id, $data)
{
if (!$data) {
return false;
}
global $session_connection, $session_read, $session_expire;
$expire = time() + $session_expire;
$data = db_escape_string(base64_encode($data), $session_connection);
if ($session_read) {
$query = "UPDATE ttrss_sessions SET data='{$data}',\n\t\t\t\t\texpire='{$expire}' WHERE id='{$id}'";
} else {
$query = "INSERT INTO ttrss_sessions (id, data, expire)\n\t\t\t\t\tVALUES ('{$id}', '{$data}', '{$expire}')";
}
db_query($session_connection, $query);
return true;
}
function save($title, $basedon, $data, $html = false)
{
global $settings;
if ($title == 'Untitled') {
$hash = md5($data);
} else {
$hash = md5($title . $data);
}
$result = db_query('SELECT id FROM sequences WHERE hash="' . $hash . '"');
if (mysqli_num_rows($result) == 1) {
$id = db_result($result, 0);
return '<a href="' . $settings['domain'] . '/' . $id . '" target="_blank">' . $settings['domain'] . '/' . $id . '</a> <a class="toolbar_button" href="/app/midi.php?id=' . $id . '">Export MIDI file</a>';
} else {
db_query('INSERT INTO sequences(owner, date, title, basedon, data, datalength, hash) VALUES("' . $settings['uid'] . '", "' . time() . '", "' . db_escape_string($title) . '", "' . intval($basedon) . '", "' . db_escape_string($data) . '", "' . strlen($data) . '", "' . $hash . '")');
return '<a href="' . $settings['domain'] . '/' . db_insert_id() . '" target="_blank">' . $settings['domain'] . '/' . db_insert_id() . '</a> <a class="toolbar_button" href="/app/midi.php?id=' . db_insert_id() . '">Export MIDI file</a>';
}
}
function import_article($link, $data)
{
print "<p>Article: <b>" . $data["title"] . "</b> (" . $data["feed_title"] . ")<br>";
$owner_uid = $_SESSION["uid"];
db_query($link, "BEGIN");
$result = db_query($link, "SELECT id FROM ttrss_feeds WHERE feed_url = '" . db_escape_string($data["feed_url"]) . "' AND owner_uid = '{$owner_uid}'");
if (db_num_rows($result) == 0) {
return false;
}
$feed_id = db_fetch_result($result, 0, "id");
$result = db_query($link, "SELECT id FROM ttrss_entries WHERE\n\t\t\tguid = '" . $data["guid"] . "'");
if (db_num_rows($result) == 0) {
print "Adding base entry...<br>";
$entry_title = db_escape_string($data["title"]);
$entry_guid = db_escape_string($data["guid"]);
$entry_link = db_escape_string($data["link"]);
$updated = db_escape_string($data["updated"]);
$date_entered = db_escape_string($data["date_entered"]);
$entry_content = db_escape_string($data["content"]);
$content_hash = "SHA1:" . sha1(strip_tags($entry_content));
$entry_comments = db_escape_string($data["comments"]);
$result = db_query($link, "INSERT INTO ttrss_entries \n\t\t\t\t\t(title,\n\t\t\t\t\tguid,\n\t\t\t\t\tlink,\n\t\t\t\t\tupdated,\n\t\t\t\t\tcontent,\n\t\t\t\t\tcontent_hash,\n\t\t\t\t\tno_orig_date,\n\t\t\t\t\tdate_entered,\n\t\t\t\t\tcomments)\n\t\t\t\tVALUES\n\t\t\t\t\t('{$entry_title}', \n\t\t\t\t\t'{$entry_guid}', \n\t\t\t\t\t'{$entry_link}',\n\t\t\t\t\t'{$updated}', \n\t\t\t\t\t'{$entry_content}', \n\t\t\t\t\t'{$content_hash}',\n\t\t\t\t\tfalse, \n\t\t\t\t\t'{$date_entered}', \n\t\t\t\t\t'{$entry_comments}')");
}
$result = db_query($link, "SELECT id FROM ttrss_entries WHERE\n\t\t\tguid = '" . $data["guid"] . "'");
if (db_num_rows($result) == 0) {
return false;
}
$entry_id = db_fetch_result($result, 0, "id");
print "Found base ID: {$entry_id}<br>";
$result = db_query($link, "SELECT int_id FROM ttrss_user_entries WHERE\n\t\t\tref_id = '{$entry_id}' AND owner_uid = '{$owner_uid}'");
if (db_num_rows($result) == 0) {
print "User table entry not found, creating...<br>";
$unread = sql_bool_to_string(db_escape_string($data["unread"]));
$marked = sql_bool_to_string(db_escape_string($data["marked"]));
$last_read = db_escape_string($data["last_read"]);
if (!$last_read) {
$last_read_qpart = 'NULL';
} else {
$last_read_qpart = "'{$last_read}'";
}
$result = db_query($link, "INSERT INTO ttrss_user_entries \n\t\t\t\t\t(ref_id, owner_uid, feed_id, unread, marked, last_read) \n\t\t\t\tVALUES ('{$entry_id}', '{$owner_uid}', '{$feed_id}', {$unread}, {$marked},\n\t\t\t\t\t{$last_read_qpart})");
} else {
print "User table entry already exists, nothing to do.<br>";
}
db_query($link, "COMMIT");
}
/**
* Our own API.
*/
function getCompactHeadlines()
{
$feed_id = db_escape_string($_REQUEST["feed_id"]);
if ($feed_id != "") {
$limit = (int) db_escape_string($_REQUEST["limit"]);
$offset = (int) db_escape_string($_REQUEST["skip"]);
/* all_articles, unread, adaptive, marked, updated */
$view_mode = db_escape_string($_REQUEST["view_mode"]);
$since_id = (int) db_escape_string($_REQUEST["since_id"]);
/* */
$headlines = $this->buildHeadlinesArray($feed_id, $limit, $offset, $view_mode, $since_id);
return array(API::STATUS_OK, $headlines);
} else {
return array(API::STATUS_ERR, array("error" => 'INCORRECT_USAGE'));
}
// end-if: $feed_if != ""
}
function getQr()
{
$id = db_escape_string($_REQUEST['id']);
$article_link = '';
$result = db_query("SELECT title, link\n\t\t\t\tFROM ttrss_entries, ttrss_user_entries\n\t\t\t\tWHERE id = '{$id}' AND ref_id = id AND owner_uid = " . $_SESSION['uid']);
if (db_num_rows($result) != 0) {
$article_link = db_fetch_result($result, 0, 'link');
}
$pngPath = dirname(__FILE__) . '/cache/' . $id . '.png';
if (!file_exists($pngPath)) {
require_once dirname(__FILE__) . '/phpqrcode/qrlib.php';
QRcode::png($article_link, $pngPath);
}
echo '<div><img src="plugins/qrcodegen/cache/' . $id . '.png" style="display: block; margin: 0 auto;"></div>';
echo "<div style='text-align : center'>";
print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('qrCodeArticleDlg').hide()\">" . __('Close this dialog') . "</button>";
print "</div>";
}
