/**
* RSSUser constructor:
* Handles:
* -logout
* -cookie login (with validation)
* -login
*/
function RSSUser()
{
$this->_uid = 0;
$this->_validIPs = array();
$this->_level = RSS_USER_LEVEL_NOLEVEL;
$this->_uname = '';
$this->_realName = '';
$this->_hash = null;
$this->_showPrivate = 0;
$this->_mobileSession = isset($_POST['media']) && 'mobile' == $_POST['media'];
if ('mobile' == getThemeMedia()) {
@ini_set('session.use_trans_sid', true);
session_start();
}
if (array_key_exists('logout', $_GET)) {
$this->logout();
rss_redirect('');
}
$cuname = $chash = null;
if (isset($_POST['username']) && isset($_POST['password'])) {
$_cuname = trim($_POST['username']);
if ($this->_mobileSession) {
$_chash = md5(md5($_POST['password'] . $_POST['username']));
} else {
$_chash = md5($_POST['password']);
}
if ($this->login($_cuname, $_chash)) {
$cuname = $_cuname;
$chash = $_chash;
$this->_action = RSS_USER_ACTION_LOGIN;
}
} elseif (isset($_COOKIE[RSS_USER_COOKIE])) {
list($cuname, $chash) = explode('|', $_COOKIE[RSS_USER_COOKIE]);
$this->_action = RSS_USER_ACTION_COOKIE;
} elseif (isset($_SESSION['mobile'])) {
list($cuname, $chash) = explode('|', $_SESSION['mobile']);
$this->_mobileSession = true;
$this->_action = RSS_USER_ACTION_SESSION;
}
if ($cuname && $chash) {
$sql = "select uid, uname, ulevel, realname, userips from " . getTable('users') . " where uname='" . rss_real_escape_string($cuname) . "' and password='******'#[^a-zA-Z0-9]#', '', md5($chash)) . "'";
$rs = rss_query($sql);
if (rss_num_rows($rs) == 1) {
list($uid, $uname, $level, $realName, $tmpUserIps) = rss_fetch_row($rs);
$userIPs = explode(' ', $tmpUserIps);
$subnet = preg_replace('#^([0-9]+\\.[0-9]+\\.[0-9]+)\\.[0-9]+$#', '\\1', $_SERVER['REMOTE_ADDR']);
if (array_search($subnet, $userIPs) !== FALSE || $this->_action != RSS_USER_ACTION_COOKIE) {
$this->_uid = $uid;
$this->_uname = $uname;
$this->_validIPs = $userIPs;
$this->_level = $level;
$this->_realName = $realName;
$this->_hash = $chash;
}
}
}
}
/**
* Returns an array holding the "main" theme to use,
* as well as the detected "media" (@see getThemeMedia)
*/
function getActualTheme()
{
static $ret;
if ($ret) {
return $ret;
}
// Theme
$theme = getConfig('rss.output.theme');
if (null === $theme) {
$theme = 'default';
}
if (defined('THEME_OVERRIDE')) {
$theme = THEME_OVERRIDE;
} elseif (isset($_GET['theme'])) {
$theme = sanitize($_GET['theme'], RSS_SANITIZER_WORDS);
}
// Media
$media = getThemeMedia();
if (!file_exists(GREGARIUS_HOME . RSS_THEME_DIR . "/{$theme}/{$media}/")) {
$theme = 'default';
}
$ret = array($theme, $media);
return $ret;
}
echo $title;
?>
</h2>
<?php
if (hidePrivate()) {
?>
<p>(<a href="<?php
echo getPath();
?>
?mobilelogin&media=mobile">Login</a> to mark items read)</p>
<?php
}
?>
<form method="post" action="<?php
print getPath();
?>
">
<?php
}
rss_itemlist_feeds();
if (!isMobileDevice()) {
?>
<input type='hidden' name='mobile' />
<?php
}
?>
<p id="nextitems"><input type='submit' value='Next »»' /></p>
</form>
<?php
rss_plugin_hook('rss.plugins.bodyend.media', getThemeMedia());
