function authenticate($login, $password) { $try_login = db_escape_string($_SERVER["REMOTE_USER"]); if (!$try_login) { $try_login = $this->get_login_by_ssl_certificate(); } # if (!$try_login) $try_login = "******"; if ($try_login) { $user_id = $this->auto_create_user($try_login); if ($user_id) { $_SESSION["fake_login"] = $try_login; $_SESSION["fake_password"] = "******"; $_SESSION["hide_hello"] = true; $_SESSION["hide_logout"] = true; // LemonLDAP can send user informations via HTTP HEADER if (defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE) { // update user name $fullname = $_SERVER['HTTP_USER_NAME'] ? $_SERVER['HTTP_USER_NAME'] : $_SERVER['AUTHENTICATE_CN']; if ($fullname) { $fullname = db_escape_string($fullname); db_query($this->link, "UPDATE ttrss_users SET full_name = '{$fullname}' WHERE id = " . $user_id); } // update user mail $email = $_SERVER['HTTP_USER_MAIL'] ? $_SERVER['HTTP_USER_MAIL'] : $_SERVER['AUTHENTICATE_MAIL']; if ($email) { $email = db_escape_string($email); db_query($this->link, "UPDATE ttrss_users SET email = '{$email}' WHERE id = " . $user_id); } } return $user_id; } } return false; }
public function totalSiteFileNumber($siteId) { $q = "SELECT count(*) AS count FROM file WHERE site_id='" . db_escape_string($siteId) . "'\t"; $db = Database::connection(); $r = $db->query($q)->nextRow(); return $r['count']; }
function shareArticle() { $param = db_escape_string($_REQUEST['param']); $result = db_query($this->link, "SELECT uuid, ref_id FROM ttrss_user_entries WHERE int_id = '{$param}'\n\t\t\tAND owner_uid = " . $_SESSION['uid']); if (db_num_rows($result) == 0) { print "Article not found."; } else { $uuid = db_fetch_result($result, 0, "uuid"); $ref_id = db_fetch_result($result, 0, "ref_id"); if (!$uuid) { $uuid = db_escape_string(sha1(uniqid(rand(), true))); db_query($this->link, "UPDATE ttrss_user_entries SET uuid = '{$uuid}' WHERE int_id = '{$param}'\n\t\t\t\t\tAND owner_uid = " . $_SESSION['uid']); } print __("You can share this article by the following unique URL:"); $url_path = get_self_url_prefix(); $url_path .= "/public.php?op=share&key={$uuid}"; print "<div class=\"tagCloudContainer\">"; print "<a id='pub_opml_url' href='{$url_path}' target='_blank'>{$url_path}</a>"; print "</div>"; /* if (!label_find_id($this->link, __('Shared'), $_SESSION["uid"])) label_create($this->link, __('Shared'), $_SESSION["uid"]); label_add_article($this->link, $ref_id, __('Shared'), $_SESSION['uid']); */ } print "<div align='center'>"; print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('shareArticleDlg').hide()\">" . __('Close this window') . "</button>"; print "</div>"; }
function session_require($req) { global $Language; /* Codendi admins always return true */ if (user_is_super_user()) { return true; } if (isset($req['group']) && $req['group']) { $query = "SELECT user_id FROM user_group WHERE user_id=" . user_getid() . " AND group_id=" . db_ei($req['group']); if (isset($req['admin_flags']) && $req['admin_flags']) { $query .= " AND admin_flags = '" . db_escape_string($req['admin_flags']) . "'"; } if (db_numrows(db_query($query)) < 1 || !$req['group']) { exit_error($Language->getText('include_session', 'insufficient_g_access'), $Language->getText('include_session', 'no_perm_to_view')); } } elseif (isset($req['user']) && $req['user']) { if (user_getid() != $req['user']) { exit_error($Language->getText('include_session', 'insufficient_u_access'), $Language->getText('include_session', 'no_perm_to_view')); } } elseif (isset($req['isloggedin']) && $req['isloggedin']) { if (!user_isloggedin()) { exit_error($Language->getText('include_session', 'required_login'), $Language->getText('include_session', 'login')); } } else { exit_error($Language->getText('include_session', 'insufficient_access'), $Language->getText('include_session', 'no_access')); } }
function getInfo() { //retrieve Data from the DB $id = db_escape_string($_REQUEST['id']); $result = db_query("SELECT title, link\n\t\t\t\tFROM ttrss_entries, ttrss_user_entries\n\t\t\t\tWHERE id = '{$id}' AND ref_id = id AND owner_uid = " . $_SESSION['uid']); if (db_num_rows($result) != 0) { $title = truncate_string(strip_tags(db_fetch_result($result, 0, 'title')), 100, '...'); $article_link = db_fetch_result($result, 0, 'link'); } $consumer_key = $this->host->get($this, "pocket_consumer_key"); $pocket_access_token = $this->host->get($this, "pocket_access_token"); //Call Pocket API if (function_exists('curl_init')) { $postfields = array('consumer_key' => $consumer_key, 'access_token' => $pocket_access_token, 'url' => $article_link, 'title' => $title); $cURL = curl_init(); curl_setopt($cURL, CURLOPT_URL, 'https://getpocket.com/v3/add'); curl_setopt($cURL, CURLOPT_HEADER, 1); curl_setopt($cURL, CURLOPT_HTTPHEADER, array('Content-type: application/x-www-form-urlencoded;charset=UTF-8')); curl_setopt($cURL, CURLOPT_RETURNTRANSFER, true); curl_setopt($cURL, CURLOPT_TIMEOUT, 5); curl_setopt($cURL, CURLOPT_POST, 4); curl_setopt($cURL, CURLOPT_POSTFIELDS, http_build_query($postfields)); $apicall = curl_exec($cURL); curl_close($cURL); //Store error code in $status $status = preg_match('/^X-Error: .*$/m', $apicall, $matches) ? $matches[0] : 1; } else { $status = 'For the plugin to work you need to <strong>enable PHP extension CURL</strong>!'; } //Return information on article and status print json_encode(array("title" => $title, "link" => $article_link, "id" => $id, "status" => $status)); }
function checkInput($q, $v, $t) { if (is_array($v) == false) { $v = array($v); } if (is_array($t) == false) { $t = array($t); } if (count($v) != count($t)) { $e = new mb_exception("array params and array types have a different count in " . $_SERVER['SCRIPT_FILENAME'] . ": Sql: " . $q); } if (PREPAREDSTATEMENTS == true && SYS_DBTYPE == "pgsql") { $this->v = $v; } else { for ($i = 0; $i < count($v); $i++) { if ($t[$i] == 's') { $v[$i] = db_escape_string($v[$i]); } else { if ($t[$i] == 'i') { if (preg_match("/w/", $v[$i])) { $e = new mb_exception($_SERVER['SCRIPT_FILENAME'] . ": Unable to parse integer in: " . $q . " with: param " . $i . "," . $v[i]); die("wrong data type in sql:" . $q); } } else { if ($t[$i] == 'd') { } } } } $this->v = $v; } }
function getUrl() { $id = db_escape_string($_REQUEST['id']); //get feed url $result1 = db_query("SELECT link\n\t\t\tFROM ttrss_entries, ttrss_user_entries\n\t\t\tWHERE id = '{$id}' AND ref_id = id AND owner_uid = " . $_SESSION['uid']); $url = ""; if (db_num_rows($result1) != 0) { $url = db_fetch_result($result1, 0, "link"); } //search for feed mobilizer $result2 = db_query("SELECT url\n\t\t\tFROM ttrss_user_entries ue, plugin_mobilize_feeds pf, plugin_mobilize_mobilizers pm\n\t\t\tWHERE ue.ref_id = '{$id}' and ue.owner_uid = " . $_SESSION['uid'] . " \n\t\t\tand ue.feed_id = pf.id \n\t\t\tand pf.owner_uid = ue.owner_uid\n\t\t\tand pf.mobilizer_id = pm.id"); //no mobilizer set for this feed, select default if (!db_num_rows($result2)) { $result2 = db_query("SELECT url\tFROM plugin_mobilize_mobilizers WHERE id = '0'"); } $mobilizer_url = $url; if (db_num_rows($result2) != 0) { $mobilizer_url = db_fetch_result($result2, 0, "url"); if ($mobilizer_url != "") { # we got an configured url for the feed, lets do search and replace $mobilizer_url = str_replace("%s", $url, $mobilizer_url); } else { $mobilizer_url = $url; } } print json_encode(array("url" => $mobilizer_url, "id" => $id)); }
function setNote() { $id = db_escape_string($_REQUEST["id"]); $note = trim(strip_tags(db_escape_string($_REQUEST["note"]))); db_query("UPDATE ttrss_user_entries SET note = '{$note}'\n\t\t\tWHERE ref_id = '{$id}' AND owner_uid = " . $_SESSION["uid"]); $formatted_note = format_article_note($id, $note); print json_encode(array("note" => $formatted_note, "raw_length" => mb_strlen($note))); }
function save() { $tags = explode(",", db_escape_string($_POST["tags"])); $tags = array_map("trim", $tags); $tags = array_map("mb_strtolower", $tags); $tags = join(", ", $tags); $this->host->set($this, "tags", $tags); echo __("Configuration saved."); }
function changeemail() { $email = db_escape_string($_POST["email"]); $full_name = db_escape_string($_POST["full_name"]); $active_uid = $_SESSION["uid"]; db_query($this->link, "UPDATE ttrss_users SET email = '{$email}',\n\t\t\tfull_name = '{$full_name}' WHERE id = '{$active_uid}'"); print __("Your personal data has been saved."); return; }
function smarty_function_get_nodes_by_parent($params, &$smarty) { global $node; $sql_time = ""; $sql_type = ""; $parent = $params['parent']; $permissions = permissions::checkPerms($parent); if (!$permissions['r']) { $error = $error_messages['READ_PERMISSION_ERROR']; return false; } $parent_vectot = $parent['node_vector']; if ($params['listing_amount'] == 'all') { $listing_amount = DEF_MAX_LISTING_AMMOUNT; } else { $listing_amount = $params['listing_amount']; } if (empty($params['offset'])) { $offset = 0; } else { $offset = $params['offset']; } if (isset($params['orderby'])) { $orderby = db_escape_string($params['orderby']); } global $db, $node; $node_id = $node['node_id']; $user_id = $_SESSION['user_id']; if (isset($params['time'])) { $sql_time = " nodes.node_created > '" . db_escape_string($params['time']) . "' and "; } $q = "select parent.node_name as parent_name,users.*,nodes.*,node_access.node_user_subchild_count from nodes left join nodes as parent on parent.node_id=nodes.node_parent left join node_access on node_access.node_id=nodes.node_id and node_access.user_id='{$user_id}' left join users on users.user_id=nodes.node_creator where "; $q .= " {$sql_time} nodes.node_parent='{$parent}' and nodes.node_system_access!='private'"; if (isset($_POST['template_event']) && $_POST['template_event'] == 'filter_by') { if (isset($_POST['search_type']) && $_POST['search_type'] == 'content') { $sql_type .= " and node_content like '%" . db_escape_string($_POST['node_content']) . "%' "; } else { $q2 = "select user_id from users where login='******'node_content']) . "'"; $userset = $db->query($q2); $userset->next(); $id = $userset->getString('user_id'); $sql_type = " and nodes.node_creator='{$id}'"; } $q .= $sql_type; } if (isset($orderby)) { $q .= " order by {$orderby} "; } else { $q .= " order by nodes.node_id desc "; } $q .= " LIMIT {$offset},{$listing_amount} "; $set = $db->query($q); while ($set->next()) { $pole[] = $set->getRecord(); } $smarty->assign('get_nodes_by_parent', $pole); }
function getUrl() { $id = db_escape_string($_REQUEST['id']); $result = db_query("SELECT link\n\t\t\t\tFROM ttrss_entries, ttrss_user_entries\n\t\t\t\tWHERE id = '{$id}' AND ref_id = id AND owner_uid = " . $_SESSION['uid']); $url = ""; if (db_num_rows($result) != 0) { $url = db_fetch_result($result, 0, "link"); } print json_encode(array("url" => $url, "id" => $id)); }
function getInfo() { $id = db_escape_string($_REQUEST['id']); $result = db_query($this->link, "SELECT title, link\n\t\t\t\tFROM ttrss_entries, ttrss_user_entries\n\t\t\t\tWHERE id = '{$id}' AND ref_id = id AND owner_uid = " . $_SESSION['uid']); if (db_num_rows($result) != 0) { $title = truncate_string(strip_tags(db_fetch_result($result, 0, 'title')), 100, '...'); $article_link = db_fetch_result($result, 0, 'link'); } print json_encode(array("title" => $title, "link" => $article_link, "id" => $id)); }
function find_user_by_login($login) { $login = db_escape_string($login); $result = db_query($this->link, "SELECT id FROM ttrss_users WHERE\n\t\t\tlogin = '******'"); if (db_num_rows($result) > 0) { return db_fetch_result($result, 0, "id"); } else { return false; } }
function udvaelg($tmp, $key, $art) { include "../includes/std_func.php"; $tmp = strtolower($tmp); if ($art) { #20150105-1 if ($art != 'BELOB') { $tmp = str_replace(",", ":", $tmp); } #20150601 $tmp = str_replace(";", ":", $tmp); if ($art == 'BELOB' && !strpos($tmp, ':')) { #20151019 $tmp = usdecimal($tmp); $tmp1 = $tmp - 0.005; $tmp2 = $tmp + 0.004; $tmp = number_format($tmp1, 3, ',', '') . ":" . number_format($tmp2, 3, ',', ''); } } list($tmp1, $tmp2) = explode(":", $tmp); if (strstr($tmp, ':') && $art != 'TID') { if ($art == "DATO") { $tmp1 = usdate($tmp1); $tmp2 = usdate($tmp2); } elseif ($art == "BELOB") { $tmp1 = usdecimal($tmp1); $tmp2 = usdecimal($tmp2); } elseif ($art == "NR") { $tmp1 = afrund($tmp1 * 1, 2); #21050105-2 $tmp2 = afrund($tmp2 * 1, 2); } $udvaelg = "and {$key} >= '{$tmp1}' and {$key} <= '{$tmp2}'"; } else { if ($art == "TID") { if (!strstr($tmp, ':')) { $tmp = $tmp * 1; $tmp = str_replace(".", ":", $tmp); if (!strstr($tmp, ':')) { $tmp = $tmp . ":"; } } } elseif ($art == "DATO") { $tmp = usdate($tmp); } if (!$art) { $tmp = str_replace("*", "%", $tmp); $tmp = db_escape_string($tmp); $udvaelg = " and lower({$key}) like '{$tmp}'"; } else { $udvaelg = " and {$key} = '{$tmp}'"; } } return $udvaelg; }
function getShaarli() { $id = db_escape_string($_REQUEST['id']); $result = $this->dbh->query("SELECT title, link\n FROM ttrss_entries, ttrss_user_entries\n WHERE id = '{$id}' AND ref_id = id AND owner_uid = " . $_SESSION['uid']); if (db_num_rows($result) != 0) { $title = truncate_string(strip_tags(db_fetch_result($result, 0, 'title')), 100, '...'); $article_link = db_fetch_result($result, 0, 'link'); } $shaarli_url = $this->host->get($this, "shaarli"); print json_encode(array("title" => $title, "link" => $article_link, "id" => $id, "shaarli_url" => $shaarli_url)); }
function save() { if (isset($_POST["password"]) && isset($_SESSION["uid"])) { $result = db_query("SELECT login FROM ttrss_users WHERE id = '" . db_escape_string($_SESSION["uid"]) . "'"); if ($line = db_fetch_assoc($result)) { $password = md5($line["login"] . ":" . $_POST["password"]); $this->host->set($this, "password", $password); echo __("Password saved."); } } }
function label_update_cache($link, $owner_uid, $id, $labels = false, $force = false) { if ($force) { label_clear_cache($link, $id); } if (!$labels) { $labels = get_article_labels($link, $id); } $labels = db_escape_string(json_encode($labels)); db_query($link, "UPDATE ttrss_user_entries SET\n\t\t\tlabel_cache = '{$labels}' WHERE ref_id = '{$id}' AND owner_uid = '{$owner_uid}'"); }
public function calculateNumberPosts() { $q = "SELECT sum(number_posts) as posts FROM forum_thread WHERE category_id='" . db_escape_string($this->getCategoryId()) . "'"; $db = Database::connection(); $r = $db->query($q); $row = $r->nextRow(); $n = $row['posts']; if ($n === null) { $n = 0; } $this->setNumberPosts($n); }
public function clearPageFlagsEvent($runData) { $site = $runData->getTemp("site"); $pl = $runData->getParameterList(); $path = $pl->getParameterValue("path"); if ($path == null || $path == '') { throw new ProcessException(_("Error processing the request. No page specified"), "no_path"); } $q = "UPDATE page_abuse_flag SET site_valid=FALSE WHERE " . "site_id='" . $site->getSiteId() . "' " . "AND path='" . db_escape_string($path) . "' " . "AND site_valid=TRUE"; $db = Database::connection(); $db->query($q); }
function index() { if (!function_exists('curl_init')) { print "<div style='padding : 1em'>"; print_error("This functionality requires CURL functions. Please enable CURL in your PHP configuration (you might also want to disable open_basedir in php.ini) and reload this page."); print "</div>"; } print "<div id=\"pref-instance-wrap\" dojoType=\"dijit.layout.BorderContainer\" gutters=\"false\">"; print "<div id=\"pref-instance-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">"; print "<div id=\"pref-instance-toolbar\" dojoType=\"dijit.Toolbar\">"; $sort = db_escape_string($_REQUEST["sort"]); if (!$sort || $sort == "undefined") { $sort = "access_url"; } print "<div dojoType=\"dijit.form.DropDownButton\">" . "<span>" . __('Select') . "</span>"; print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">"; print "<div onclick=\"selectTableRows('prefInstanceList', 'all')\"\n\t\t\tdojoType=\"dijit.MenuItem\">" . __('All') . "</div>"; print "<div onclick=\"selectTableRows('prefInstanceList', 'none')\"\n\t\t\tdojoType=\"dijit.MenuItem\">" . __('None') . "</div>"; print "</div></div>"; print "<button dojoType=\"dijit.form.Button\" onclick=\"addInstance()\">" . __('Link instance') . "</button>"; print "<button dojoType=\"dijit.form.Button\" onclick=\"editSelectedInstance()\">" . __('Edit') . "</button>"; print "<button dojoType=\"dijit.form.Button\" onclick=\"removeSelectedInstances()\">" . __('Remove') . "</button>"; print "</div>"; #toolbar $result = db_query($this->link, "SELECT *,\n\t\t\t(SELECT COUNT(*) FROM ttrss_linked_feeds\n\t\t\t\tWHERE instance_id = ttrss_linked_instances.id) AS num_feeds\n\t\t\tFROM ttrss_linked_instances\n\t\t\tORDER BY {$sort}"); print "<p class=\"insensitive\" style='margin-left : 1em;'>" . __("You can connect other instances of Tiny Tiny RSS to this one to share Popular feeds. Link to this instance of Tiny Tiny RSS by using this URL:"); print " <a href=\"#\" onclick=\"alert('" . htmlspecialchars(get_self_url_prefix()) . "')\">(display url)</a>"; print "<p><table width='100%' id='prefInstanceList' class='prefInstanceList' cellspacing='0'>"; print "<tr class=\"title\">\n\t\t\t<td align='center' width=\"5%\"> </td>\n\t\t\t<td width=''><a href=\"#\" onclick=\"updateInstanceList('access_url')\">" . __('Instance URL') . "</a></td>\n\t\t\t<td width='20%'><a href=\"#\" onclick=\"updateInstanceList('access_key')\">" . __('Access key') . "</a></td>\n\t\t\t<td width='10%'><a href=\"#\" onclick=\"updateUsersList('last_connected')\">" . __('Last connected') . "</a></td>\n\t\t\t<td width='10%'><a href=\"#\" onclick=\"updateUsersList('last_status_out')\">" . __('Status') . "</a></td>\n\t\t\t<td width='10%'><a href=\"#\" onclick=\"updateUsersList('num_feeds')\">" . __('Stored feeds') . "</a></td>\n\t\t\t</tr>"; $lnum = 0; while ($line = db_fetch_assoc($result)) { $class = $lnum % 2 ? "even" : "odd"; $id = $line['id']; $this_row_id = "id=\"LIRR-{$id}\""; $line["last_connected"] = make_local_datetime($this->link, $line["last_connected"], false); print "<tr class=\"{$class}\" {$this_row_id}>"; print "<td align='center'><input onclick='toggleSelectRow(this);'\n\t\t\t\ttype=\"checkbox\" id=\"LICHK-{$id}\"></td>"; $onclick = "onclick='editInstance({$id}, event)' title='" . __('Click to edit') . "'"; $access_key = mb_substr($line['access_key'], 0, 4) . '...' . mb_substr($line['access_key'], -4); print "<td {$onclick}>" . htmlspecialchars($line['access_url']) . "</td>"; print "<td {$onclick}>" . htmlspecialchars($access_key) . "</td>"; print "<td {$onclick}>" . htmlspecialchars($line['last_connected']) . "</td>"; print "<td {$onclick}>" . $this->status_codes[$line['last_status_out']] . "</td>"; print "<td {$onclick}>" . htmlspecialchars($line['num_feeds']) . "</td>"; print "</tr>"; ++$lnum; } print "</table>"; print "</div>"; #pane print "</div>"; #container }
public function toSql() { $insert .= "INSERT INTO gui_element_vars(fkey_gui_id, fkey_e_id, var_name, var_value, context, var_type"; $insert .= ") VALUES ("; $insert .= "'" . $this->applicationId . "',"; $insert .= "'" . $this->elementId . "',"; $insert .= "'" . $this->name . "',"; $insert .= "'" . db_escape_string($this->value) . "',"; $insert .= "'" . db_escape_string($this->context) . "',"; $insert .= "'" . $this->type . "'"; $insert .= ");\n"; return $insert; }
function smarty_function_get_id_by_name($params, &$smarty) { $name = db_escape_string($params['name']); global $db; $q = "select user_id from users where login='******'"; $set = $db->query($q); if ($set && $set->getNumRows() > 0) { $set->next(); $id = $set->getString('user_id'); } else { $id = '1'; } $smarty->assign('get_id_by_name', $id); }
public function build($runData) { $page = $runData->getTemp("page"); if (!$page) { return; } $pageId = $page->getPageId(); // create a very custom query ;-) $c = new Criteria(); $q = "SELECT page_id, title, unix_name FROM page_link, page " . "WHERE page_link.to_page_id='" . db_escape_string($pageId) . "' " . "AND page_link.from_page_id=page.page_id ORDER BY COALESCE(title, unix_name)"; $c->setExplicitQuery($q); $pages = DB_PagePeer::instance()->select($c); $runData->contextAdd("pages", $pages); }
private function buildCriteria($criteria) { $filters = array(); if ($criteria['domainid']) { $filters[] = "t.id = " . db_escape_string($criteria['domainid']) . ""; } if ($criteria['domainname']) { $filters[] = "t.domain LIKE '%" . db_escape_string($criteria['domainname']) . "%'"; } $filters[] = "t.domain LIKE '%.id'"; $filters[] = "t.status <> 'Expired'"; $filters[] = "t.status <> 'Cancelled'"; $filters[] = "t.status <> 'Fraud'"; return $filters; }
function ttrss_write($id, $data) { if (!$data) { return false; } global $session_connection, $session_read, $session_expire; $expire = time() + $session_expire; $data = db_escape_string(base64_encode($data), $session_connection); if ($session_read) { $query = "UPDATE ttrss_sessions SET data='{$data}',\n\t\t\t\t\texpire='{$expire}' WHERE id='{$id}'"; } else { $query = "INSERT INTO ttrss_sessions (id, data, expire)\n\t\t\t\t\tVALUES ('{$id}', '{$data}', '{$expire}')"; } db_query($session_connection, $query); return true; }
function save($title, $basedon, $data, $html = false) { global $settings; if ($title == 'Untitled') { $hash = md5($data); } else { $hash = md5($title . $data); } $result = db_query('SELECT id FROM sequences WHERE hash="' . $hash . '"'); if (mysqli_num_rows($result) == 1) { $id = db_result($result, 0); return '<a href="' . $settings['domain'] . '/' . $id . '" target="_blank">' . $settings['domain'] . '/' . $id . '</a> <a class="toolbar_button" href="/app/midi.php?id=' . $id . '">Export MIDI file</a>'; } else { db_query('INSERT INTO sequences(owner, date, title, basedon, data, datalength, hash) VALUES("' . $settings['uid'] . '", "' . time() . '", "' . db_escape_string($title) . '", "' . intval($basedon) . '", "' . db_escape_string($data) . '", "' . strlen($data) . '", "' . $hash . '")'); return '<a href="' . $settings['domain'] . '/' . db_insert_id() . '" target="_blank">' . $settings['domain'] . '/' . db_insert_id() . '</a> <a class="toolbar_button" href="/app/midi.php?id=' . db_insert_id() . '">Export MIDI file</a>'; } }
function import_article($link, $data) { print "<p>Article: <b>" . $data["title"] . "</b> (" . $data["feed_title"] . ")<br>"; $owner_uid = $_SESSION["uid"]; db_query($link, "BEGIN"); $result = db_query($link, "SELECT id FROM ttrss_feeds WHERE feed_url = '" . db_escape_string($data["feed_url"]) . "' AND owner_uid = '{$owner_uid}'"); if (db_num_rows($result) == 0) { return false; } $feed_id = db_fetch_result($result, 0, "id"); $result = db_query($link, "SELECT id FROM ttrss_entries WHERE\n\t\t\tguid = '" . $data["guid"] . "'"); if (db_num_rows($result) == 0) { print "Adding base entry...<br>"; $entry_title = db_escape_string($data["title"]); $entry_guid = db_escape_string($data["guid"]); $entry_link = db_escape_string($data["link"]); $updated = db_escape_string($data["updated"]); $date_entered = db_escape_string($data["date_entered"]); $entry_content = db_escape_string($data["content"]); $content_hash = "SHA1:" . sha1(strip_tags($entry_content)); $entry_comments = db_escape_string($data["comments"]); $result = db_query($link, "INSERT INTO ttrss_entries \n\t\t\t\t\t(title,\n\t\t\t\t\tguid,\n\t\t\t\t\tlink,\n\t\t\t\t\tupdated,\n\t\t\t\t\tcontent,\n\t\t\t\t\tcontent_hash,\n\t\t\t\t\tno_orig_date,\n\t\t\t\t\tdate_entered,\n\t\t\t\t\tcomments)\n\t\t\t\tVALUES\n\t\t\t\t\t('{$entry_title}', \n\t\t\t\t\t'{$entry_guid}', \n\t\t\t\t\t'{$entry_link}',\n\t\t\t\t\t'{$updated}', \n\t\t\t\t\t'{$entry_content}', \n\t\t\t\t\t'{$content_hash}',\n\t\t\t\t\tfalse, \n\t\t\t\t\t'{$date_entered}', \n\t\t\t\t\t'{$entry_comments}')"); } $result = db_query($link, "SELECT id FROM ttrss_entries WHERE\n\t\t\tguid = '" . $data["guid"] . "'"); if (db_num_rows($result) == 0) { return false; } $entry_id = db_fetch_result($result, 0, "id"); print "Found base ID: {$entry_id}<br>"; $result = db_query($link, "SELECT int_id FROM ttrss_user_entries WHERE\n\t\t\tref_id = '{$entry_id}' AND owner_uid = '{$owner_uid}'"); if (db_num_rows($result) == 0) { print "User table entry not found, creating...<br>"; $unread = sql_bool_to_string(db_escape_string($data["unread"])); $marked = sql_bool_to_string(db_escape_string($data["marked"])); $last_read = db_escape_string($data["last_read"]); if (!$last_read) { $last_read_qpart = 'NULL'; } else { $last_read_qpart = "'{$last_read}'"; } $result = db_query($link, "INSERT INTO ttrss_user_entries \n\t\t\t\t\t(ref_id, owner_uid, feed_id, unread, marked, last_read) \n\t\t\t\tVALUES ('{$entry_id}', '{$owner_uid}', '{$feed_id}', {$unread}, {$marked},\n\t\t\t\t\t{$last_read_qpart})"); } else { print "User table entry already exists, nothing to do.<br>"; } db_query($link, "COMMIT"); }
/** * Our own API. */ function getCompactHeadlines() { $feed_id = db_escape_string($_REQUEST["feed_id"]); if ($feed_id != "") { $limit = (int) db_escape_string($_REQUEST["limit"]); $offset = (int) db_escape_string($_REQUEST["skip"]); /* all_articles, unread, adaptive, marked, updated */ $view_mode = db_escape_string($_REQUEST["view_mode"]); $since_id = (int) db_escape_string($_REQUEST["since_id"]); /* */ $headlines = $this->buildHeadlinesArray($feed_id, $limit, $offset, $view_mode, $since_id); return array(API::STATUS_OK, $headlines); } else { return array(API::STATUS_ERR, array("error" => 'INCORRECT_USAGE')); } // end-if: $feed_if != "" }
function getQr() { $id = db_escape_string($_REQUEST['id']); $article_link = ''; $result = db_query("SELECT title, link\n\t\t\t\tFROM ttrss_entries, ttrss_user_entries\n\t\t\t\tWHERE id = '{$id}' AND ref_id = id AND owner_uid = " . $_SESSION['uid']); if (db_num_rows($result) != 0) { $article_link = db_fetch_result($result, 0, 'link'); } $pngPath = dirname(__FILE__) . '/cache/' . $id . '.png'; if (!file_exists($pngPath)) { require_once dirname(__FILE__) . '/phpqrcode/qrlib.php'; QRcode::png($article_link, $pngPath); } echo '<div><img src="plugins/qrcodegen/cache/' . $id . '.png" style="display: block; margin: 0 auto;"></div>'; echo "<div style='text-align : center'>"; print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('qrCodeArticleDlg').hide()\">" . __('Close this dialog') . "</button>"; print "</div>"; }