Merge pull request 'Switch Handler_Public to ORM' (#22) from wn/tt-rss:orm-handler-public into master

Reviewed-on: https://git.tt-rss.org/fox/tt-rss/pulls/22
master
fox 4 years ago
commit ce9955c6ff

@ -266,19 +266,20 @@ class Handler_Public extends Handler {
$rv = []; $rv = [];
if ($login) { if ($login) {
$sth = $this->pdo->prepare("SELECT ttrss_settings_profiles.* FROM ttrss_settings_profiles,ttrss_users $profiles = ORM::for_table('ttrss_settings_profiles')
WHERE ttrss_users.id = ttrss_settings_profiles.owner_uid AND LOWER(login) = LOWER(?) ORDER BY title"); ->table_alias('p')
$sth->execute([$login]); ->select_many('title' , 'p.id')
->join('ttrss_users', ['owner_uid', '=', 'u.id'], 'u')
->where_raw('LOWER(login) = LOWER(?)', [$login])
->order_by_asc('title')
->find_many();
$rv = [ [ "value" => 0, "label" => __("Default profile") ] ]; $rv = [ [ "value" => 0, "label" => __("Default profile") ] ];
while ($line = $sth->fetch()) { foreach ($profiles as $profile) {
$id = $line["id"]; array_push($rv, [ "label" => $profile->title, "value" => $profile->id ]);
$title = $line["title"];
array_push($rv, [ "label" => $title, "value" => $id ]);
} }
} }
print json_encode($rv); print json_encode($rv);
} }
@ -312,23 +313,20 @@ class Handler_Public extends Handler {
UserHelper::authenticate("admin", null); UserHelper::authenticate("admin", null);
} }
$owner_id = false;
if ($key) { if ($key) {
$sth = $this->pdo->prepare("SELECT owner_uid FROM $access_key = ORM::for_table('ttrss_access_keys')
ttrss_access_keys WHERE access_key = ? AND feed_id = ?"); ->select('owner_uid')
$sth->execute([$key, $feed]); ->where(['access_key' => $key, 'feed_id' => $feed])
->find_one();
if ($row = $sth->fetch())
$owner_id = $row["owner_uid"]; if ($access_key) {
$this->generate_syndicated_feed($access_key->owner_uid, $feed, $is_cat, $limit,
$offset, $search, $view_mode, $format, $order, $orig_guid, $start_ts);
return;
}
} }
if ($owner_id) { header('HTTP/1.1 403 Forbidden');
$this->generate_syndicated_feed($owner_id, $feed, $is_cat, $limit,
$offset, $search, $view_mode, $format, $order, $orig_guid, $start_ts);
} else {
header('HTTP/1.1 403 Forbidden');
}
} }
function updateTask() { function updateTask() {
@ -373,18 +371,13 @@ class Handler_Public extends Handler {
$_SESSION["safe_mode"] = $safe_mode; $_SESSION["safe_mode"] = $safe_mode;
if (!empty($_POST["profile"])) { if (!empty($_POST["profile"])) {
$profile = (int) clean($_POST["profile"]); $profile = (int) clean($_POST["profile"]);
$sth = $this->pdo->prepare("SELECT id FROM ttrss_settings_profiles $profile_obj = ORM::for_table('ttrss_settings_profiles')
WHERE id = ? AND owner_uid = ?"); ->where(['id' => $profile, 'owner_uid' => $_SESSION['uid']])
$sth->execute([$profile, $_SESSION['uid']]); ->find_one();
if ($sth->fetch()) { $_SESSION["profile"] = $profile_obj ? $profile : null;
$_SESSION["profile"] = $profile;
} else {
$_SESSION["profile"] = null;
}
} }
} else { } else {
@ -415,7 +408,7 @@ class Handler_Public extends Handler {
startup_gettext(); startup_gettext();
session_start(); session_start();
@$hash = clean($_REQUEST["hash"]); $hash = clean($_REQUEST["hash"] ?? '');
header('Content-Type: text/html; charset=utf-8'); header('Content-Type: text/html; charset=utf-8');
?> ?>
@ -448,30 +441,27 @@ class Handler_Public extends Handler {
print "<h1>".__("Password recovery")."</h1>"; print "<h1>".__("Password recovery")."</h1>";
print "<div class='content'>"; print "<div class='content'>";
@$method = clean($_POST['method']); $method = clean($_POST['method'] ?? '');
if ($hash) { if ($hash) {
$login = clean($_REQUEST["login"]); $login = clean($_REQUEST["login"]);
if ($login) { if ($login) {
$sth = $this->pdo->prepare("SELECT id, resetpass_token FROM ttrss_users $user = ORM::for_table('ttrss_users')
WHERE LOWER(login) = LOWER(?)"); ->select('id', 'resetpass_token')
$sth->execute([$login]); ->where_raw('LOWER(login) = LOWER(?)', [$login])
->find_one();
if ($row = $sth->fetch()) { if ($user) {
$id = $row["id"]; list($timestamp, $resetpass_token) = explode(":", $user->resetpass_token);
$resetpass_token_full = $row["resetpass_token"];
list($timestamp, $resetpass_token) = explode(":", $resetpass_token_full);
if ($timestamp && $resetpass_token && if ($timestamp && $resetpass_token &&
$timestamp >= time() - 15*60*60 && $timestamp >= time() - 15*60*60 &&
$resetpass_token === $hash) { $resetpass_token === $hash) {
$user->resetpass_token = null;
$user->save();
$sth = $this->pdo->prepare("UPDATE ttrss_users SET resetpass_token = NULL UserHelper::reset_password($user->id, true);
WHERE id = ?");
$sth->execute([$id]);
UserHelper::reset_password($id, true);
print "<p>"."Completed."."</p>"; print "<p>"."Completed."."</p>";
@ -520,7 +510,6 @@ class Handler_Public extends Handler {
</form>"; </form>";
} else if ($method == 'do') { } else if ($method == 'do') {
$login = clean($_POST["login"]); $login = clean($_POST["login"]);
$email = clean($_POST["email"]); $email = clean($_POST["email"]);
$test = clean($_POST["test"]); $test = clean($_POST["test"]);
@ -532,64 +521,51 @@ class Handler_Public extends Handler {
<input type='hidden' name='op' value='forgotpass'> <input type='hidden' name='op' value='forgotpass'>
<button dojoType='dijit.form.Button' type='submit' class='alt-primary'>".__("Go back")."</button> <button dojoType='dijit.form.Button' type='submit' class='alt-primary'>".__("Go back")."</button>
</form>"; </form>";
} else { } else {
// prevent submitting this form multiple times // prevent submitting this form multiple times
$_SESSION["pwdreset:testvalue1"] = rand(1, 1000); $_SESSION["pwdreset:testvalue1"] = rand(1, 1000);
$_SESSION["pwdreset:testvalue2"] = rand(1, 1000); $_SESSION["pwdreset:testvalue2"] = rand(1, 1000);
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users $user = ORM::for_table('ttrss_users')
WHERE LOWER(login) = LOWER(?) AND email = ?"); ->select('id')
$sth->execute([$login, $email]); ->where_raw('LOWER(login) = LOWER(?)', [$login])
->where('email', $email)
->find_one();
if ($row = $sth->fetch()) { if ($user) {
print_notice("Password reset instructions are being sent to your email address."); print_notice("Password reset instructions are being sent to your email address.");
$id = $row["id"]; $resetpass_token = sha1(get_random_bytes(128));
$resetpass_link = get_self_url_prefix() . "/public.php?op=forgotpass&hash=" . $resetpass_token .
if ($id) { "&login=" . urlencode($login);
$resetpass_token = sha1(get_random_bytes(128));
$resetpass_link = get_self_url_prefix() . "/public.php?op=forgotpass&hash=" . $resetpass_token .
"&login=" . urlencode($login);
$tpl = new Templator();
$tpl->readTemplateFromFile("resetpass_link_template.txt"); $tpl = new Templator();
$tpl->setVariable('LOGIN', $login); $tpl->readTemplateFromFile("resetpass_link_template.txt");
$tpl->setVariable('RESETPASS_LINK', $resetpass_link);
$tpl->setVariable('TTRSS_HOST', Config::get(Config::SELF_URL_PATH));
$tpl->addBlock('message'); $tpl->setVariable('LOGIN', $login);
$tpl->setVariable('RESETPASS_LINK', $resetpass_link);
$tpl->setVariable('TTRSS_HOST', Config::get(Config::SELF_URL_PATH));
$message = ""; $tpl->addBlock('message');
$tpl->generateOutputToString($message); $message = "";
$mailer = new Mailer(); $tpl->generateOutputToString($message);
$rc = $mailer->mail(["to_name" => $login, $mailer = new Mailer();
"to_address" => $email,
"subject" => __("[tt-rss] Password reset request"),
"message" => $message]);
if (!$rc) print_error($mailer->error()); $rc = $mailer->mail(["to_name" => $login,
"to_address" => $email,
"subject" => __("[tt-rss] Password reset request"),
"message" => $message]);
$resetpass_token_full = time() . ":" . $resetpass_token; if (!$rc) print_error($mailer->error());
$sth = $this->pdo->prepare("UPDATE ttrss_users $user->resetpass_token = time() . ":" . $resetpass_token;
SET resetpass_token = ? $user->save();
WHERE LOWER(login) = LOWER(?) AND email = ?");
$sth->execute([$resetpass_token_full, $login, $email]);
} else {
print_error("User ID not found.");
}
print "<a href='index.php'>".__("Return to Tiny Tiny RSS")."</a>"; print "<a href='index.php'>".__("Return to Tiny Tiny RSS")."</a>";
} else { } else {
print_error(__("Sorry, login and email combination not found.")); print_error(__("Sorry, login and email combination not found."));
@ -597,17 +573,14 @@ class Handler_Public extends Handler {
<input type='hidden' name='op' value='forgotpass'> <input type='hidden' name='op' value='forgotpass'>
<button dojoType='dijit.form.Button' type='submit'>".__("Go back")."</button> <button dojoType='dijit.form.Button' type='submit'>".__("Go back")."</button>
</form>"; </form>";
} }
} }
} }
print "</div>"; print "</div>";
print "</div>"; print "</div>";
print "</body>"; print "</body>";
print "</html>"; print "</html>";
} }
function dbupdate() { function dbupdate() {

Loading…
Cancel
Save