function shareArticle() { $param = db_escape_string($_REQUEST['param']); $result = db_query("SELECT uuid, ref_id FROM ttrss_user_entries WHERE int_id = '{$param}'\n\t\t\tAND owner_uid = " . $_SESSION['uid']); if (db_num_rows($result) == 0) { print "Article not found."; } else { $uuid = db_fetch_result($result, 0, "uuid"); $ref_id = db_fetch_result($result, 0, "ref_id"); if (!$uuid) { $uuid = db_escape_string(uniqid_short()); db_query("UPDATE ttrss_user_entries SET uuid = '{$uuid}' WHERE int_id = '{$param}'\n\t\t\t\t\tAND owner_uid = " . $_SESSION['uid']); } print "<h2>" . __("You can share this article by the following unique URL:") . "</h2>"; $url_path = get_self_url_prefix(); $url_path .= "/public.php?op=share&key={$uuid}"; print "<div class=\"tagCloudContainer\">"; print "<a id='gen_article_url' href='{$url_path}' target='_blank'>{$url_path}</a>"; print "</div>"; /* if (!label_find_id(__('Shared'), $_SESSION["uid"])) label_create(__('Shared'), $_SESSION["uid"]); label_add_article($ref_id, __('Shared'), $_SESSION['uid']); */ } print "<div align='center'>"; print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('shareArticleDlg').unshare()\">" . __('Unshare article') . "</button>"; print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('shareArticleDlg').newurl()\">" . __('Generate new URL') . "</button>"; print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('shareArticleDlg').hide()\">" . __('Close this window') . "</button>"; print "</div>"; }
private function update_feed_access_key($feed_id, $is_cat, $owner_uid = false) { if (!$owner_uid) { $owner_uid = $_SESSION["uid"]; } $sql_is_cat = bool_to_sql_bool($is_cat); $result = $this->dbh->query("SELECT access_key FROM ttrss_access_keys\n\t\t\tWHERE feed_id = '{$feed_id}'\tAND is_cat = {$sql_is_cat}\n\t\t\tAND owner_uid = " . $owner_uid); if ($this->dbh->num_rows($result) == 1) { $key = $this->dbh->escape_string(uniqid_short()); $this->dbh->query("UPDATE ttrss_access_keys SET access_key = '{$key}'\n\t\t\t\tWHERE feed_id = '{$feed_id}' AND is_cat = {$sql_is_cat}\n\t\t\t\tAND owner_uid = " . $owner_uid); return $key; } else { return get_feed_access_key($feed_id, $is_cat, $owner_uid); } }
function authenticate_user($login, $password, $check_only = false) { if (!SINGLE_USER_MODE) { $user_id = false; foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_AUTH_USER) as $plugin) { $user_id = (int) $plugin->authenticate($login, $password); if ($user_id) { $_SESSION["auth_module"] = strtolower(get_class($plugin)); break; } } if ($user_id && !$check_only) { @session_start(); $_SESSION["uid"] = $user_id; $_SESSION["version"] = VERSION_STATIC; $result = db_query("SELECT login,access_level,pwd_hash FROM ttrss_users\n\t\t\t\t\tWHERE id = '{$user_id}'"); $_SESSION["name"] = db_fetch_result($result, 0, "login"); $_SESSION["access_level"] = db_fetch_result($result, 0, "access_level"); $_SESSION["csrf_token"] = uniqid_short(); db_query("UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]); $_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"]; $_SESSION["user_agent"] = sha1($_SERVER['HTTP_USER_AGENT']); $_SESSION["pwd_hash"] = db_fetch_result($result, 0, "pwd_hash"); $_SESSION["last_version_check"] = time(); initialize_user_prefs($_SESSION["uid"]); return true; } return false; } else { $_SESSION["uid"] = 1; $_SESSION["name"] = "admin"; $_SESSION["access_level"] = 10; $_SESSION["hide_hello"] = true; $_SESSION["hide_logout"] = true; $_SESSION["auth_module"] = false; if (!$_SESSION["csrf_token"]) { $_SESSION["csrf_token"] = uniqid_short(); } $_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"]; initialize_user_prefs($_SESSION["uid"]); return true; } }
function get_feed_access_key($feed_id, $is_cat, $owner_uid = false) { if (!$owner_uid) { $owner_uid = $_SESSION["uid"]; } $sql_is_cat = bool_to_sql_bool($is_cat); $result = db_query("SELECT access_key FROM ttrss_access_keys\n\t\t\tWHERE feed_id = '{$feed_id}'\tAND is_cat = {$sql_is_cat}\n\t\t\tAND owner_uid = " . $owner_uid); if (db_num_rows($result) == 1) { return db_fetch_result($result, 0, "access_key"); } else { $key = db_escape_string(uniqid_short()); $result = db_query("INSERT INTO ttrss_access_keys\n\t\t\t\t(access_key, feed_id, is_cat, owner_uid)\n\t\t\t\tVALUES ('{$key}', '{$feed_id}', {$sql_is_cat}, '{$owner_uid}')"); return $key; } return false; }
function genHash() { $hash = uniqid_short(); print json_encode(array("hash" => $hash)); }