".$line["title"]."

" . $line["title"] . "

"; /* header */ $rv .= ""; # header /* content */ $lang = $line['lang'] ? $line['lang'] : "en"; $rv .= "

"; /* content body */ $rv .= $line["content"]; $rv .= Article::format_article_enclosures($id, $line["always_display_enclosures"], $line["content"], $line["hide_images"]); $rv .= "

"; # content $rv .= "

<?php echo __("Share with Tiny Tiny RSS") ?>

"; print "window.close();"; print ""; } else { $title = htmlspecialchars(clean($_REQUEST["title"])); $url = htmlspecialchars(clean($_REQUEST["url"])); ?> "; } function login() { if (!SINGLE_USER_MODE) { $login = clean($_POST["login"]); $password = clean($_POST["password"]); $remember_me = clean($_POST["remember_me"] ?? false); $safe_mode = checkbox_to_sql_bool(clean($_POST["safe_mode"] ?? false)); if ($remember_me) { @session_set_cookie_params(SESSION_COOKIE_LIFETIME); } else { @session_set_cookie_params(0); } if (UserHelper::authenticate($login, $password)) { $_POST["password"] = ""; if (get_schema_version() >= 120) { $_SESSION["language"] = get_pref("USER_LANGUAGE", $_SESSION["uid"]); } $_SESSION["ref_schema_version"] = get_schema_version(true); $_SESSION["bw_limit"] = !!clean($_POST["bw_limit"] ?? false); $_SESSION["safe_mode"] = $safe_mode; if (!empty($_POST["profile"])) { $profile = (int) clean($_POST["profile"]); $sth = $this->pdo->prepare("SELECT id FROM ttrss_settings_profiles WHERE id = ? AND owner_uid = ?"); $sth->execute([$profile, $_SESSION['uid']]); if ($sth->fetch()) { $_SESSION["profile"] = $profile; } else { $_SESSION["profile"] = null; } } } else { // start an empty session to deliver login error message @session_start(); if (!isset($_SESSION["login_error_msg"])) $_SESSION["login_error_msg"] = __("Incorrect username or password"); user_error("Failed login attempt for $login from " . UserHelper::get_user_ip(), E_USER_WARNING); } $return = clean($_REQUEST['return']); if ($_REQUEST['return'] && mb_strpos($return, SELF_URL_PATH) === 0) { header("Location: " . clean($_REQUEST['return'])); } else { header("Location: " . get_self_url_prefix()); } } } function subscribe() { if (SINGLE_USER_MODE) { UserHelper::login_sequence(); } if (!empty($_SESSION["uid"])) { $feed_url = clean($_REQUEST["feed_url"] ?? ""); $csrf_token = clean($_POST["csrf_token"] ?? ""); header('Content-Type: text/html; charset=utf-8'); ?> Tiny Tiny RSS

%s.", $feed_url)); break; case 1: print_notice(T_sprintf("Subscribed to %s.", $feed_url)); break; case 2: print_error(T_sprintf("Could not subscribe to %s.", $feed_url)); break; case 3: print_error(T_sprintf("No feeds found in %s.", $feed_url)); break; case 4: $feed_urls = $rc["feeds"]; break; case 5: print_error(T_sprintf("Could not subscribe to %s.
Can't download the Feed URL.", $feed_url)); break; } if ($feed_urls) { print ""; } $tp_uri = get_self_url_prefix() . "/prefs.php"; if ($rc['code'] <= 2){ $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE feed_url = ? AND owner_uid = ?"); $sth->execute([$feed_url, $_SESSION['uid']]); $row = $sth->fetch(); $feed_id = $row["id"]; } else { $feed_id = 0; } if ($feed_id) { print ""; } } print "

"; } else { $this->render_login_form(); } } function index() { header("Content-Type: text/plain"); print error_json(13); } function forgotpass() { startup_gettext(); session_start(); @$hash = clean($_REQUEST["hash"]); header('Content-Type: text/html; charset=utf-8'); ?> Tiny Tiny RSS

".__("Password recovery").""; print "

"; @$method = clean($_POST['method']); if ($hash) { $login = clean($_REQUEST["login"]); if ($login) { $sth = $this->pdo->prepare("SELECT id, resetpass_token FROM ttrss_users WHERE login = ?"); $sth->execute([$login]); if ($row = $sth->fetch()) { $id = $row["id"]; $resetpass_token_full = $row["resetpass_token"]; list($timestamp, $resetpass_token) = explode(":", $resetpass_token_full); if ($timestamp && $resetpass_token && $timestamp >= time() - 15*60*60 && $resetpass_token === $hash) { $sth = $this->pdo->prepare("UPDATE ttrss_users SET resetpass_token = NULL WHERE id = ?"); $sth->execute([$id]); Pref_Users::resetUserPassword($id, true); print "

"."Completed."."

"; } else { print_error("Some of the information provided is missing or incorrect."); } } else { print_error("Some of the information provided is missing or incorrect."); } } else { print_error("Some of the information provided is missing or incorrect."); } print "".__("Return to Tiny Tiny RSS").""; } else if (!$method) { print_notice(__("You will need to provide valid account name and email. Password reset link will be sent to your email address.")); print ""; } else if ($method == 'do') { $login = clean($_POST["login"]); $email = clean($_POST["email"]); $test = clean($_POST["test"]); if ($test != ($_SESSION["pwdreset:testvalue1"] + $_SESSION["pwdreset:testvalue2"]) || !$email || !$login) { print_error(__('Some of the required form parameters are missing or incorrect.')); print ""; } else { // prevent submitting this form multiple times $_SESSION["pwdreset:testvalue1"] = rand(1, 1000); $_SESSION["pwdreset:testvalue2"] = rand(1, 1000); $sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE login = ? AND email = ?"); $sth->execute([$login, $email]); if ($row = $sth->fetch()) { print_notice("Password reset instructions are being sent to your email address."); $id = $row["id"]; if ($id) { $resetpass_token = sha1(get_random_bytes(128)); $resetpass_link = get_self_url_prefix() . "/public.php?op=forgotpass&hash=" . $resetpass_token . "&login=" . urlencode($login); $tpl = new Templator(); $tpl->readTemplateFromFile("resetpass_link_template.txt"); $tpl->setVariable('LOGIN', $login); $tpl->setVariable('RESETPASS_LINK', $resetpass_link); $tpl->setVariable('TTRSS_HOST', SELF_URL_PATH); $tpl->addBlock('message'); $message = ""; $tpl->generateOutputToString($message); $mailer = new Mailer(); $rc = $mailer->mail(["to_name" => $login, "to_address" => $email, "subject" => __("[tt-rss] Password reset request"), "message" => $message]); if (!$rc) print_error($mailer->error()); $resetpass_token_full = time() . ":" . $resetpass_token; $sth = $this->pdo->prepare("UPDATE ttrss_users SET resetpass_token = ? WHERE login = ? AND email = ?"); $sth->execute([$resetpass_token_full, $login, $email]); } else { print_error("User ID not found."); } print "".__("Return to Tiny Tiny RSS").""; } else { print_error(__("Sorry, login and email combination not found.")); print ""; } } } print "

"; print "

"; print ""; print ""; } function dbupdate() { startup_gettext(); if (!SINGLE_USER_MODE && $_SESSION["access_level"] < 10) { $_SESSION["login_error_msg"] = __("Your access level is insufficient to run this script."); $this->render_login_form(); exit; } ?> Database Updater

isUpdateRequired()) { print "

" . T_sprintf("Performing updates to version %d", SCHEMA_VERSION) . "

"; for ($i = $updater->getSchemaVersion() + 1; $i <= SCHEMA_VERSION; $i++) { print "

" . T_sprintf("Updating to version %d", $i) . "
"; $result = $updater->performUpdateTo($i, true); print "

"; print_error("One of the updates failed. Either retry the process or perform updates manually."); print ""; return; } else { print "

" . __("Completed.") . "

"; print ""; } } print_notice("Your Tiny Tiny RSS database is now updated to the latest version."); print "".__("Return to Tiny Tiny RSS").""; } else { print_notice("Tiny Tiny RSS database is up to date."); print "".__("Return to Tiny Tiny RSS").""; } } else { if ($updater->isUpdateRequired()) { print "

".T_sprintf("Tiny Tiny RSS database needs update to the latest version (%d to %d).", $updater->getSchemaVersion(), SCHEMA_VERSION)."

"; if (DB_TYPE == "mysql") { print_error("READ THIS: Due to MySQL limitations, your database is not completely protected while updating. ". "Errors may put it in an inconsistent state requiring manual rollback. BACKUP YOUR DATABASE BEFORE CONTINUING."); } else { print_warning("Please backup your database before proceeding."); } print ""; } else { print_notice("Tiny Tiny RSS database is up to date."); print "".__("Return to Tiny Tiny RSS").""; } } ?>

exists($filename)) { $cache->send($filename); } else { header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found"); echo "File not found."; } } private function make_article_tag_uri($id, $timestamp) { $timestamp = date("Y-m-d", strtotime($timestamp)); return "tag:" . parse_url(get_self_url_prefix(), PHP_URL_HOST) . ",$timestamp:/$id"; } // this should be used very carefully because this endpoint is exposed to unauthenticated users // plugin data is not loaded because there's no user context and owner_uid/session may or may not be available // in general, don't do anything user-related in here and do not modify $_SESSION public function pluginhandler() { $host = new PluginHost(); $plugin_name = basename(clean($_REQUEST["plugin"])); $method = clean($_REQUEST["pmethod"]); $host->load($plugin_name, PluginHost::KIND_USER, 0); //$host->load_data(); $plugin = $host->get_plugin($plugin_name); if ($plugin) { if (method_exists($plugin, $method)) { if ($plugin->is_public_method($method)) { $plugin->$method(); } else { user_error("PluginHandler[PUBLIC]: Requested private method '$method' of plugin '$plugin_name'.", E_USER_WARNING); header("Content-Type: text/json"); print error_json(6); } } else { user_error("PluginHandler[PUBLIC]: Requested unknown method '$method' of plugin '$plugin_name'.", E_USER_WARNING); header("Content-Type: text/json"); print error_json(13); } } else { user_error("PluginHandler[PUBLIC]: Requested method '$method' of unknown plugin '$plugin_name'.", E_USER_WARNING); header("Content-Type: text/json"); print error_json(14); } } static function render_login_form() { header('Cache-Control: public'); require_once "login_form.php"; exit; } } ?>