ttrss/backend.php

<?php
	set_include_path(get_include_path() . PATH_SEPARATOR . 
		dirname(__FILE__) . "/include");

	/* remove ill effects of magic quotes */

	if (get_magic_quotes_gpc()) {
		function stripslashes_deep($value) {
			$value = is_array($value) ?
				array_map('stripslashes_deep', $value) : stripslashes($value);
				return $value;
		}

		$_POST = array_map('stripslashes_deep', $_POST);
		$_GET = array_map('stripslashes_deep', $_GET);
		$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
		$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
	}

	$op = $_REQUEST["op"];
	@$method = $_REQUEST['subop'] ? $_REQUEST['subop'] : $_REQUEST["method"];

	/* Public calls compatibility shim */

	$public_calls = array("globalUpdateFeeds", "rss", "getUnread", "getProfiles", "share",
		"fbexport", "logout", "pubsub");

	if (array_search($op, $public_calls) !== false) {
		header("Location: public.php?" . $_SERVER['QUERY_STRING']);
		return;
	}

	require_once "functions.php";
	require_once "sessions.php";
	require_once "sanity_check.php";
	require_once "config.php";
	require_once "db.php";
	require_once "db-prefs.php";

	no_cache_incantation();

	startup_gettext();

	$script_started = getmicrotime();

	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);

	if (!init_connection($link)) return;

	header("Content-Type: text/plain; charset=utf-8");

	if (ENABLE_GZIP_OUTPUT) {
		ob_start("ob_gzhandler");
	}

	if (SINGLE_USER_MODE) {
		authenticate_user($link, "admin", null);
	}

	// TODO remove and handle within Handlers

	if (!($_SESSION["uid"] && validate_session($link))) {
		if ($op == 'pref-feeds' && $method == 'add') {
			header("Content-Type: text/html");
			login_sequence($link);
			render_login_form($link);
		} else {
			header("Content-Type: text/plain");
			print json_encode(array("error" => array("code" => 6)));
		}
		return;
	}

	$purge_intervals = array(
		0  => __("Use default"),
		-1 => __("Never purge"),
		5  => __("1 week old"),
		14 => __("2 weeks old"),
		31 => __("1 month old"),
		60 => __("2 months old"),
		90 => __("3 months old"));

	$update_intervals = array(
		0   => __("Default interval"),
		-1  => __("Disable updates"),
		15  => __("Each 15 minutes"),
		30  => __("Each 30 minutes"),
		60  => __("Hourly"),
		240 => __("Each 4 hours"),
		720 => __("Each 12 hours"),
		1440 => __("Daily"),
		10080 => __("Weekly"));

	$update_intervals_nodefault = array(
		-1  => __("Disable updates"),
		15  => __("Each 15 minutes"),
		30  => __("Each 30 minutes"),
		60  => __("Hourly"),
		240 => __("Each 4 hours"),
		720 => __("Each 12 hours"),
		1440 => __("Daily"),
		10080 => __("Weekly"));

	$update_methods = array(
		0   => __("Default"),
		1   => __("Magpie"),
		2   => __("SimplePie"),
		3   => __("Twitter OAuth"));

	if (DEFAULT_UPDATE_METHOD == "1") {
		$update_methods[0] .= ' (SimplePie)';
	} else {
		$update_methods[0] .= ' (Magpie)';
	}

	$access_level_names = array(
		0 => __("User"),
		5 => __("Power User"),
		10 => __("Administrator"));

	$error = sanity_check($link);

	if ($error['code'] != 0 && $op != "logout") {
		print json_encode(array("error" => $error));
		return;
	}

	function __autoload($class) {
		$file = "classes/".strtolower(basename($class)).".php";
		if (file_exists($file)) {
			require $file;
		}
	}

	$op = str_replace("-", "_", $op);

	if (class_exists($op)) {
		$handler = new $op($link, $_REQUEST);

		if ($handler) {
			if ($handler->before($method)) {
				if ($method && method_exists($handler, $method)) {
					$handler->$method();
				} else if (method_exists($handler, 'index')) {
					$handler->index();
				}
				$handler->after();
				return;
			}
		}
	}

	header("Content-Type: text/plain");
	print json_encode(array("error" => array("code" => 7)));

	// We close the connection to database.
	db_close($link);
?>
change short php tags to long ones 2006-08-19 09:04:45 +02:00			`<?php`
include path fix for lighttpd 2011-12-15 15:19:10 +01:00			`set_include_path(get_include_path() . PATH_SEPARATOR .`
			`dirname(__FILE__) . "/include");`
overall directory tree cleanup 2011-12-11 20:59:25 +01:00
disable magic quotes if needed 2007-05-19 15:47:37 +02:00			`/* remove ill effects of magic quotes */`

make sure magic quote workaround actually works 2010-09-07 11:22:10 +02:00			`if (get_magic_quotes_gpc()) {`
use better magic quotes removal fix 2010-09-04 09:59:33 +02:00			`function stripslashes_deep($value) {`
backend/view: use JSON instead of XML; backend: output session invalid error using JSON 2011-03-18 10:46:22 +01:00			`$value = is_array($value) ?`
use better magic quotes removal fix 2010-09-04 09:59:33 +02:00			`array_map('stripslashes_deep', $value) : stripslashes($value);`
			`return $value;`
			`}`

			`$_POST = array_map('stripslashes_deep', $_POST);`
			`$_GET = array_map('stripslashes_deep', $_GET);`
			`$_COOKIE = array_map('stripslashes_deep', $_COOKIE);`
			`$_REQUEST = array_map('stripslashes_deep', $_REQUEST);`
disable magic quotes if needed 2007-05-19 15:47:37 +02:00			`}`

fix sharing for not logged in users 2011-10-04 12:03:16 +02:00			`$op = $_REQUEST["op"];`
add Public_Handler misc code cleanup 2011-12-13 11:49:11 +01:00			`@$method = $_REQUEST['subop'] ? $_REQUEST['subop'] : $_REQUEST["method"];`

			`/* Public calls compatibility shim */`

			`$public_calls = array("globalUpdateFeeds", "rss", "getUnread", "getProfiles", "share",`
			`"fbexport", "logout", "pubsub");`

			`if (array_search($op, $public_calls) !== false) {`
			`header("Location: public.php?" . $_SERVER['QUERY_STRING']);`
			`return;`
			`}`
fix sharing for not logged in users 2011-10-04 12:03:16 +02:00
remove error_reporting() hacks; set default error reporting level in functions.php 2010-11-10 11:14:44 +01:00			`require_once "functions.php";`
add Public_Handler misc code cleanup 2011-12-13 11:49:11 +01:00			`require_once "sessions.php";`
provide startup config.php value checking, report at D001 2006-03-27 18:08:51 +02:00			`require_once "sanity_check.php";`
			`require_once "config.php";`
better fatal error handling by frontend (remove error.php) 2006-03-31 07:18:55 +02:00			`require_once "db.php";`
			`require_once "db-prefs.php";`
provide startup config.php value checking, report at D001 2006-03-27 18:08:51 +02:00
no-cache fixes for safari 2007-03-02 12:34:34 +01:00			`no_cache_incantation();`
do not reference gettext modules if ENABLE_TRANSLATIONS is disabled 2007-05-19 06:46:29 +02:00
config: remove ENABLE_TRANSLATIONS 2011-03-18 17:25:06 +01:00			`startup_gettext();`
no-cache fixes for safari 2007-03-02 12:34:34 +01:00
login system tweaks 2007-03-02 11:48:46 +01:00			`$script_started = getmicrotime();`

backend/view: use JSON instead of XML; backend: output session invalid error using JSON 2011-03-18 10:46:22 +01:00			`$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);`
login system tweaks 2007-03-02 11:48:46 +01:00
add Public_Handler misc code cleanup 2011-12-13 11:49:11 +01:00			`if (!init_connection($link)) return;`
implement tiny-OOP routing 2011-12-12 21:20:53 +01:00
			`header("Content-Type: text/plain; charset=utf-8");`
automatically logout user when session expires 2005-11-19 15:46:23 +01:00
backend/viewfeed: use JSON 2011-03-18 10:55:45 +01:00			`if (ENABLE_GZIP_OUTPUT) {`
			`ob_start("ob_gzhandler");`
			`}`

backend: force login on init when in single user mode 2009-10-27 13:27:09 +01:00			`if (SINGLE_USER_MODE) {`
			`authenticate_user($link, "admin", null);`
			`}`

add Public_Handler misc code cleanup 2011-12-13 11:49:11 +01:00			`// TODO remove and handle within Handlers`
backend/view: use JSON instead of XML; backend: output session invalid error using JSON 2011-03-18 10:46:22 +01:00
add Public_Handler misc code cleanup 2011-12-13 11:49:11 +01:00			`if (!($_SESSION["uid"] && validate_session($link))) {`
add pref_prefs class 2011-12-13 07:00:42 +01:00			`if ($op == 'pref-feeds' && $method == 'add') {`
allow redirect to login page when calling external feed subscription url (using bookmarklet, for example) (refs #344) 2011-06-14 12:19:47 +02:00			`header("Content-Type: text/html");`
			`login_sequence($link);`
			`render_login_form($link);`
			`} else {`
			`header("Content-Type: text/plain");`
			`print json_encode(array("error" => array("code" => 6)));`
			`}`
backend/view: use JSON instead of XML; backend: output session invalid error using JSON 2011-03-18 10:46:22 +01:00			`return;`
automatically logout user when session expires 2005-11-19 15:46:23 +01:00			`}`
http user auth, password changer in preferences 2005-11-18 07:04:32 +01:00
simplify update/purge interval selection 2006-03-20 15:30:51 +01:00			`$purge_intervals = array(`
change _() to __() (use php-gettext) 2007-03-05 09:45:38 +01:00			`0 => __("Use default"),`
			`-1 => __("Never purge"),`
			`5 => __("1 week old"),`
			`14 => __("2 weeks old"),`
			`31 => __("1 month old"),`
			`60 => __("2 months old"),`
			`90 => __("3 months old"));`
simplify update/purge interval selection 2006-03-20 15:30:51 +01:00
			`$update_intervals = array(`
rework feed dialog layouts 2008-08-06 09:51:28 +02:00			`0 => __("Default interval"),`
change _() to __() (use php-gettext) 2007-03-05 09:45:38 +01:00			`-1 => __("Disable updates"),`
add 15 minute feed update interval 2007-06-01 02:55:53 +02:00			`15 => __("Each 15 minutes"),`
change _() to __() (use php-gettext) 2007-03-05 09:45:38 +01:00			`30 => __("Each 30 minutes"),`
pref-prefs: show default update interval as a dropdown 2010-01-20 11:20:20 +01:00			`60 => __("Hourly"),`
			`240 => __("Each 4 hours"),`
			`720 => __("Each 12 hours"),`
			`1440 => __("Daily"),`
			`10080 => __("Weekly"));`

			`$update_intervals_nodefault = array(`
			`-1 => __("Disable updates"),`
			`15 => __("Each 15 minutes"),`
			`30 => __("Each 30 minutes"),`
change _() to __() (use php-gettext) 2007-03-05 09:45:38 +01:00			`60 => __("Hourly"),`
			`240 => __("Each 4 hours"),`
			`720 => __("Each 12 hours"),`
			`1440 => __("Daily"),`
			`10080 => __("Weekly"));`
simplify update/purge interval selection 2006-03-20 15:30:51 +01:00
allow per-feed update method selection 2008-01-25 18:46:01 +01:00			`$update_methods = array(`
rework feed dialog layouts 2008-08-06 09:51:28 +02:00			`0 => __("Default"),`
add update method names array 2008-01-25 17:42:09 +01:00			`1 => __("Magpie"),`
backend/view: use JSON instead of XML; backend: output session invalid error using JSON 2011-03-18 10:46:22 +01:00			`2 => __("SimplePie"),`
add separate update method for Twitter, select it as default when subscribing to twitter.com feeds 2010-11-22 15:03:31 +01:00			`3 => __("Twitter OAuth"));`
allow per-feed update method selection 2008-01-25 18:46:01 +01:00
config: replace confusing option ENABLE_SIMPLEPIE with DEFAULT_UPDATE_METHOD; bump config version 2010-06-30 10:57:11 +02:00			`if (DEFAULT_UPDATE_METHOD == "1") {`
allow per-feed update method selection 2008-01-25 18:46:01 +01:00			`$update_methods[0] .= ' (SimplePie)';`
			`} else {`
			`$update_methods[0] .= ' (Magpie)';`
			`}`

user editor improved, some form parameter validation reimplemented for prototyped-forms 2006-05-20 16:26:00 +02:00			`$access_level_names = array(`
backend/view: use JSON instead of XML; backend: output session invalid error using JSON 2011-03-18 10:46:22 +01:00			`0 => __("User"),`
add new access level 5, show user's level in prefs 2008-04-04 05:46:51 +02:00			`5 => __("Power User"),`
change _() to __() (use php-gettext) 2007-03-05 09:45:38 +01:00			`10 => __("Administrator"));`
user editor improved, some form parameter validation reimplemented for prototyped-forms 2006-05-20 16:26:00 +02:00
rework initial sanitycheck to use JSON 2011-03-18 15:39:23 +01:00			`$error = sanity_check($link);`

fix redirects after schema upgrade; fix logout requiring valid schema 2011-04-20 09:46:16 +02:00			`if ($error['code'] != 0 && $op != "logout") {`
rework initial sanitycheck to use JSON 2011-03-18 15:39:23 +01:00			`print json_encode(array("error" => $error));`
			`return;`
			`}`
mark feeds with update errors in feedlist (closes #8) 2005-12-16 18:35:04 +01:00
add Public_Handler misc code cleanup 2011-12-13 11:49:11 +01:00			`function __autoload($class) {`
			`$file = "classes/".strtolower(basename($class)).".php";`
			`if (file_exists($file)) {`
			`require $file;`
			`}`
			`}`

add pref_feeds class 2011-12-13 06:29:22 +01:00			`$op = str_replace("-", "_", $op);`

add tiny-OOP style backend RPC 2011-12-12 20:32:29 +01:00			`if (class_exists($op)) {`
			`$handler = new $op($link, $_REQUEST);`
move update daemon code to common function, reorganize backend.php (patch from landure) 2008-01-26 06:33:59 +01:00
add tiny-OOP style backend RPC 2011-12-12 20:32:29 +01:00			`if ($handler) {`
move API to classes/ 2011-12-13 12:40:42 +01:00			`if ($handler->before($method)) {`
implement tiny-OOP routing 2011-12-12 21:20:53 +01:00			`if ($method && method_exists($handler, $method)) {`
			`$handler->$method();`
			`} else if (method_exists($handler, 'index')) {`
			`$handler->index();`
add tiny-OOP style backend RPC 2011-12-12 20:32:29 +01:00			`}`
implement tiny-OOP routing 2011-12-12 21:20:53 +01:00			`$handler->after();`
			`return;`
add tiny-OOP style backend RPC 2011-12-12 20:32:29 +01:00			`}`
			`}`
			`}`

add Public_Handler misc code cleanup 2011-12-13 11:49:11 +01:00			`header("Content-Type: text/plain");`
			`print json_encode(array("error" => array("code" => 7)));`
add tweet button to digest, misc digest fixes; rework article tweeting to use ajax loading of needed info 2010-11-25 10:58:29 +01:00
move update daemon code to common function, reorganize backend.php (patch from landure) 2008-01-26 06:33:59 +01:00			`// We close the connection to database.`
updated mysql schema 2005-09-07 14:42:49 +02:00			`db_close($link);`
initial mockup 2005-08-21 12:13:10 +02:00			`?>`