. */ require 'lib/include.php'; require 'lib/feed.class.php'; start_session (null); $session->auth ('iflogged'); postvars ('add,save,lucid,refresh,safs,oldf,feeds,folder,folders,lang,sid'); $db = null; $feed = null; if ($session->status['afterlogged'] == 'yes') { if ($session->email == 'guest') { printXmlError (null, _('You are using a guest account. You must register in order to do this.')); exit (); } $db = new Database (); if (!empty ($add)) { checkCSRF ($sid); $folder = trim (strip_tags ($folder)); if (!empty ($folder)) { addFolder (); } else { $feed = new Feed (); $feed->url = $add; $feed->addFeed (true); } } else if (!empty ($save)) { checkCSRF ($sid); if (!$lang) { $db->query ("SELECT lastUC FROM user WHERE id='".$session->id."'"); if ($db->next_record ()) { $lastUC = $db->f ('lastUC'); if (!empty ($lastUC)) $lastUC = md5 ($lastUC); if ($lastUC != $lucid) { printXmlError (null, _('Concurrent session in another window/browser has changed the settings. Saving terminated. Please reload.')); exit (); } } } if ($refresh != '' && $safs != '' && $oldf != '') saveUSettings1 (); if (($lang)) saveUSettings2 (); if (!empty ($feeds)) saveFeeds (); if (!empty ($folders)) saveFolders (); printXmlWithHeader (''); } } else { printXmlError (null, _("Operation not permitted. Access denied")); } function saveUSettings1 () { global $db, $session, $refresh, $safs, $oldf; if (is_numeric ($refresh)) { if ($refresh < 0 || $refresh > 9999) $refresh = 0; else if ($refresh > 0 && $refresh < 15) $refresh = 15; } else $refresh = 0; checkBool ($safs); checkBool ($oldf); $db->query ("UPDATE user SET showActive='$safs', oldestFirst='$oldf', ". "refresh='$refresh' WHERE id='".$session->id."'"); } function saveUSettings2 () { global $db, $session, $lang; $lang = $db->escape (strip_tags ($lang)); if ($lang == 'null') { $db->query ("UPDATE user SET lang=NULL WHERE id='".$session->id."'"); $session->lang = ''; } else { $db->query ("UPDATE user SET lang='$lang' WHERE id='".$session->id."'"); $session->lang = $lang; } $_SESSION['session'] = $session; } function saveFeeds () { global $db, $session, $feeds; /* Get current feeds */ $currentFeeds = array (); $db->query ("SELECT feedid FROM subscription WHERE userid='".$session->id."'"); while ($db->next_record ()) { $currentFeeds[$db->f ('feedid')] = false; } /* Update feeds order */ if ($feeds != 'flushAll') { $feeds_order = split (':', $feeds); $i = 0; $size = count ($feeds_order); foreach ($feeds_order as $feedData) { $feed = split (',', $feedData); $feedid = $db->escape ($feed[0]); $desc = $db->escape (trim (strip_tags (decodeSD ($feed[1])))); $folder = $db->escape ($feed[2]); $latest = $db->escape ($feed[3]); $expand = $db->escape ($feed[4]); $active = $db->escape ($feed[5]); $currentFeeds[$feedid] = true; $pri = $size - $i++; checkBool ($active); $db->query ("UPDATE subscription SET description='$desc', folder='$folder', ". "pri='$pri', latest='$latest', expand='$expand', active='$active' ". "WHERE userid='".$session->id."' AND feedid='$feedid'"); } } /* Remove feeds */ foreach ($currentFeeds as $feedid => $v) { if (!$v) $db->query ("DELETE FROM subscription WHERE userid='". $session->id."' AND feedid='$feedid'"); } $db->query ("UPDATE user SET lastUC=UTC_TIMESTAMP() WHERE id='".$session->id."'"); } function addFolder () { global $db, $session, $folder; $db->query ("SELECT id FROM folder WHERE userid='".$session->id."' ". "AND fname='".$db->escape ($folder)."'"); if ($db->next_record ()) { printXmlError (null, _('This folder already exists.')); exit (); } $db->query ("INSERT INTO folder SET userid='".$session->id."', ". "fname='".$db->escape ($folder)."'"); if ($db->affected_rows () == 1) { $db->query ("SELECT LAST_INSERT_ID() as lastId FROM folder"); if ($db->next_record ()) { $folderid = $db->f ('lastId'); $db->query ("UPDATE user SET lastUC=UTC_TIMESTAMP() WHERE id='".$session->id."'"); printXmlWithHeader ("".$folderid."". htmlentities ($folder).""); } else { printXmlError (null, _('Unknown error.')); } } } function saveFolders () { global $db, $session, $folders; /* Get current folders */ $currentFolders = array (); $db->query ("SELECT id FROM folder WHERE userid='".$session->id."'"); while ($db->next_record ()) { $currentFolders[$db->f ('id')] = false; } /* Update folders order */ if ($folders != 'flushAll') { $folders_order = split (':', $folders); $i = 0; $size = count ($folders_order); foreach ($folders_order as $folderData) { $folder = split (',', $folderData); $id = $db->escape ($folder[0]); $fname = $db->escape (trim (strip_tags (decodeSD ($folder[1])))); if (empty ($fname)) $fname = _('Nameless'); $currentFolders[$id] = true; $pri = $size - $i++; $db->query ("UPDATE folder SET fname='$fname', pri='$pri' ". "WHERE userid='".$session->id."' AND id='$id'"); } } /* Remove folders */ foreach ($currentFolders as $folderid => $v) { if (!$v) { $db->query ("DELETE FROM folder WHERE userid='". $session->id."' AND id='$folderid'"); $db->query ("UPDATE subscription SET folder='0' WHERE userid='". $session->id."' AND folder='$folderid'"); } } $db->query ("UPDATE user SET lastUC=UTC_TIMESTAMP() WHERE id='".$session->id."'"); } ?>