experimental split of public calls into public.php (refs #389)

backend.php

@@ -59,10 +59,15 @@
 		authenticate_user($link, "admin", null);
 	}
 
-	if (!($_SESSION["uid"] && validate_session($link)) && $op != "globalUpdateFeeds" &&
-			$op != "rss" && $op != "getUnread" && $op != "getProfiles" && $op != "share" &&
-			$op != "fbexport" && $op != "logout" && $op != "pubsub") {
+	$public_calls = array("globalUpdateFeeds", "rss", "getUnread", "getProfiles", "share",
+		"fbexport", "logout", "pubsub");
 
+	if (array_search($op, $public_calls) !== false) {
+
+		handle_public_request($link, $op);
+		return;
+
+	} else if (!($_SESSION["uid"] && validate_session($link))) {
 		if ($op == 'pref-feeds' && $_REQUEST['subop'] == 'add') {
 			header("Content-Type: text/html");
 			login_sequence($link);
@@ -431,11 +436,6 @@
 			module_pref_pub_items($link);
 		break; // pref-pub-items
 
-		case "globalUpdateFeeds":
-			// Update all feeds needing a update.
-			update_daemon_common($link, 0, true, true);
-		break; // globalUpdateFeeds
-
 		case "pref-feed-browser":
 			module_pref_feed_browser($link);
 		break; // pref-feed-browser
@@ -444,63 +444,6 @@
 			module_pref_instances($link);
 		break; // pref-instances
 
-		case "rss":
-			$feed = db_escape_string($_REQUEST["id"]);
-			$key = db_escape_string($_REQUEST["key"]);
-			$is_cat = $_REQUEST["is_cat"] != false;
-			$limit = (int)db_escape_string($_REQUEST["limit"]);
-
-			$search = db_escape_string($_REQUEST["q"]);
-			$match_on = db_escape_string($_REQUEST["m"]);
-			$search_mode = db_escape_string($_REQUEST["smode"]);
-			$view_mode = db_escape_string($_REQUEST["view-mode"]);
-
-			if (SINGLE_USER_MODE) {
-				authenticate_user($link, "admin", null);
-			}
-
-			$owner_id = false;
-
-			if ($key) {
-				$result = db_query($link, "SELECT owner_uid FROM
-					ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
-
-				if (db_num_rows($result) == 1)
-					$owner_id = db_fetch_result($result, 0, "owner_uid");
-			}
-
-			if ($owner_id) {
-				$_SESSION['uid'] = $owner_id;
-
-				generate_syndicated_feed($link, 0, $feed, $is_cat, $limit,
-					$search, $search_mode, $match_on, $view_mode);
-			} else {
-				header('HTTP/1.1 403 Forbidden');
-			}
-		break; // rss
-
-		case "getUnread":
-			$login = db_escape_string($_REQUEST["login"]);
-			$fresh = $_REQUEST["fresh"] == "1";
-
-			$result = db_query($link, "SELECT id FROM ttrss_users WHERE login = '$login'");
-
-			if (db_num_rows($result) == 1) {
-				$uid = db_fetch_result($result, 0, "id");
-
-				print getGlobalUnread($link, $uid);
-
-				if ($fresh) {
-					print ";";
-					print getFeedArticles($link, -3, false, true, $uid);
-				}
-
-			} else {
-				print "-1;User not found";
-			}
-
-		break; // getUnread
-
 		case "digestTest":
 			print_r(prepare_headlines_digest($link, $_SESSION["uid"]));
 		break; // digestTest
@@ -515,149 +458,6 @@
 				"<img src='images/indicator_tiny.gif'>";
 		break; // loading
 
-		case "getProfiles":
-			$login = db_escape_string($_REQUEST["login"]);
-			$password = db_escape_string($_REQUEST["password"]);
-
-			if (authenticate_user($link, $login, $password)) {
-				$result = db_query($link, "SELECT * FROM ttrss_settings_profiles
-					WHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY title");
-
-				print "<select style='width: 100%' name='profile'>";
-
-				print "<option value='0'>" . __("Default profile") . "</option>";
-
-				while ($line = db_fetch_assoc($result)) {
-					$id = $line["id"];
-					$title = $line["title"];
-
-					print "<option value='$id'>$title</option>";
-				}
-
-				print "</select>";
-
-				$_SESSION = array();
-			}
-		break; // getprofiles
-
-		case "pubsub":
-			$mode = db_escape_string($_REQUEST['hub_mode']);
-			$feed_id = (int) db_escape_string($_REQUEST['id']);
-			$feed_url = db_escape_string($_REQUEST['hub_topic']);
-
-			if (!PUBSUBHUBBUB_ENABLED) {
-				header('HTTP/1.0 404 Not Found');
-				echo "404 Not found";
-				return;
-			}
-
-			// TODO: implement hub_verifytoken checking
-
-			$result = db_query($link, "SELECT feed_url FROM ttrss_feeds
-				WHERE id = '$feed_id'");
-
-			if (db_num_rows($result) != 0) {
-
-				$check_feed_url = db_fetch_result($result, 0, "feed_url");
-
-				if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) {
-					if ($mode == "subscribe") {
-
-						db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 2
-							WHERE id = '$feed_id'");
-
-						print $_REQUEST['hub_challenge'];
-						return;
-
-					} else if ($mode == "unsubscribe") {
-
-						db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 0
-							WHERE id = '$feed_id'");
-
-						print $_REQUEST['hub_challenge'];
-						return;
-
-					} else if (!$mode) {
-
-						// Received update ping, schedule feed update.
-						//update_rss_feed($link, $feed_id, true, true);
-
-						db_query($link, "UPDATE ttrss_feeds SET
-							last_update_started = '1970-01-01',
-							last_updated = '1970-01-01' WHERE id = '$feed_id' AND
-							owner_uid = ".$_SESSION["uid"]);
-
-					}
-				} else {
-					header('HTTP/1.0 404 Not Found');
-					echo "404 Not found";
-				}
-			} else {
-				header('HTTP/1.0 404 Not Found');
-				echo "404 Not found";
-			}
-
-		break; // pubsub
-
-		case "logout":
-			logout_user();
-			header("Location: tt-rss.php");
-		break; // logout
-
-		case "fbexport":
-
-			$access_key = db_escape_string($_POST["key"]);
-
-			// TODO: rate limit checking using last_connected
-			$result = db_query($link, "SELECT id FROM ttrss_linked_instances
-				WHERE access_key = '$access_key'");
-
-			if (db_num_rows($result) == 1) {
-
-				$instance_id = db_fetch_result($result, 0, "id");
-
-				$result = db_query($link, "SELECT feed_url, site_url, title, subscribers
-					FROM ttrss_feedbrowser_cache ORDER BY subscribers DESC LIMIT 100");
-
-				$feeds = array();
-
-				while ($line = db_fetch_assoc($result)) {
-					array_push($feeds, $line);
-				}
-
-				db_query($link, "UPDATE ttrss_linked_instances SET
-					last_status_in = 1 WHERE id = '$instance_id'");
-
-				print json_encode(array("feeds" => $feeds));
-			} else {
-				print json_encode(array("error" => array("code" => 6)));
-			}
-		break; // fbexport
-
-		case "share":
-			$uuid = db_escape_string($_REQUEST["key"]);
-
-			$result = db_query($link, "SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
-				uuid = '$uuid'");
-
-			if (db_num_rows($result) != 0) {
-				header("Content-Type: text/html");
-
-				$id = db_fetch_result($result, 0, "ref_id");
-				$owner_uid = db_fetch_result($result, 0, "owner_uid");
-
-				$_SESSION["uid"] = $owner_uid;
-				$article = format_article($link, $id, false, true);
-				$_SESSION["uid"] = "";
-
-				print_r($article['content']);
-
-			} else {
-				print "Article not found.";
-			}
-
-			break;
-
 		default:
 			header("Content-Type: text/plain");
 			print json_encode(array("error" => array("code" => 7)));

debian/tt-rss-mysql.cron.d

@@ -1,4 +1,4 @@
 # /etc/cron.d/tt-rss-mysql: crontab fragment for tt-rss-mysql
 #  This update feeds for tiny tiny RSS every 20min 
 
-12,42 *     * * *     www-data	 /usr/bin/wget --output-document=/dev/null --quiet http://localhost/tt-rss/backend.php?op=globalUpdateFeeds&daemon=1
+12,42 *     * * *     www-data	 /usr/bin/wget --output-document=/dev/null --quiet http://localhost/tt-rss/public.php?op=globalUpdateFeeds&daemon=1

debian/tt-rss-pgsql.cron.d

@@ -1,4 +1,4 @@
 # /etc/cron.d/tt-rss-pgsql: crontab fragment for tt-rss-pgsql
 #  This update feeds for tiny tiny RSS every 20min 
 
-12,42 *     * * *     www-data  /usr/bin/wget --output-document=/dev/null --quiet http://localhost/tt-rss/backend.php?op=globalUpdateFeeds&daemon=1
+12,42 *     * * *     www-data  /usr/bin/wget --output-document=/dev/null --quiet http://localhost/tt-rss/public.php?op=globalUpdateFeeds&daemon=1

functions.php

@@ -840,7 +840,7 @@
 					!ini_get("open_basedir")) {
 
 					$callback_url = get_self_url_prefix() .
-						"/backend.php?op=pubsub&id=$feed";
+						"/public.php?op=pubsub&id=$feed";
 
 					$s = new Subscriber($feed_hub_url, $callback_url);
 
@@ -1284,7 +1284,7 @@
 
 						if (PUBSUBHUBBUB_HUB && $published == 'true') {
 							$rss_link = get_self_url_prefix() .
-								"/backend.php?op=rss&id=-2&key=" .
+								"/public.php?op=rss&id=-2&key=" .
 								get_feed_access_key($link, -2, false, $owner_uid);
 
 							$p = new Publisher(PUBSUBHUBBUB_HUB);
@@ -3830,7 +3830,7 @@
 		$last_error = $qfh_ret[3];
 
 		$feed_self_url = get_self_url_prefix() .
-			"/backend.php?op=rss&id=-2&key=" .
+			"/public.php?op=rss&id=-2&key=" .
 			get_feed_access_key($link, -2, false);
 
 		if (!$feed_site_url) $feed_site_url = get_self_url_prefix();
@@ -4239,7 +4239,7 @@
 
 		if (PUBSUBHUBBUB_HUB) {
 			$rss_link = get_self_url_prefix() .
-				"/backend.php?op=rss&id=-2&key=" .
+				"/public.php?op=rss&id=-2&key=" .
 				get_feed_access_key($link, -2, false);
 
 			$p = new Publisher(PUBSUBHUBBUB_HUB);
@@ -4378,7 +4378,7 @@
 		}
 
 		$rss_link = htmlspecialchars(get_self_url_prefix() .
-			"/backend.php?op=rss&id=$feed_id$cat_q$search_q");
+			"/public.php?op=rss&id=$feed_id$cat_q$search_q");
 
 		$reply .= "<option value=\"0\" disabled=\"1\">".__('Feed:')."</option>";
 
@@ -7544,11 +7544,17 @@
 
 			_debug("Updating: " . $line['access_url'] . " ($id)");
 
-			$fetch_url = $line['access_url'] . '/backend.php?op=fbexport';
+			$fetch_url = $line['access_url'] . '/public.php?op=fbexport';
 			$post_query = 'key=' . $line['access_key'];
 
 			$feeds = fetch_file_contents($fetch_url, false, false, false, $post_query);
 
+			// try doing it the old way
+			if (!$feeds) {
+				$fetch_url = $line['access_url'] . '/backend.php?op=fbexport';
+				$feeds = fetch_file_contents($fetch_url, false, false, false, $post_query);
+			}
+
 			if ($feeds) {
 				$feeds = json_decode($feeds, true);
 
@@ -7598,6 +7604,223 @@
 				last_status_out = '$status', last_connected = NOW() WHERE id = '$id'");
 
 		}
+	}
+
+	function handle_public_request($link, $op) {
+		switch ($op) {
+
+		case "getUnread":
+			$login = db_escape_string($_REQUEST["login"]);
+			$fresh = $_REQUEST["fresh"] == "1";
+
+			$result = db_query($link, "SELECT id FROM ttrss_users WHERE login = '$login'");
+
+			if (db_num_rows($result) == 1) {
+				$uid = db_fetch_result($result, 0, "id");
+
+				print getGlobalUnread($link, $uid);
+
+				if ($fresh) {
+					print ";";
+					print getFeedArticles($link, -3, false, true, $uid);
+				}
+
+			} else {
+				print "-1;User not found";
+			}
+
+		break; // getUnread
+
+		case "getProfiles":
+			$login = db_escape_string($_REQUEST["login"]);
+			$password = db_escape_string($_REQUEST["password"]);
+
+			if (authenticate_user($link, $login, $password)) {
+				$result = db_query($link, "SELECT * FROM ttrss_settings_profiles
+					WHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY title");
+
+				print "<select style='width: 100%' name='profile'>";
+
+				print "<option value='0'>" . __("Default profile") . "</option>";
+
+				while ($line = db_fetch_assoc($result)) {
+					$id = $line["id"];
+					$title = $line["title"];
+
+					print "<option value='$id'>$title</option>";
+				}
+
+				print "</select>";
+
+				$_SESSION = array();
+			}
+		break; // getprofiles
+
+		case "pubsub":
+			$mode = db_escape_string($_REQUEST['hub_mode']);
+			$feed_id = (int) db_escape_string($_REQUEST['id']);
+			$feed_url = db_escape_string($_REQUEST['hub_topic']);
+
+			if (!PUBSUBHUBBUB_ENABLED) {
+				header('HTTP/1.0 404 Not Found');
+				echo "404 Not found";
+				return;
+			}
+
+			// TODO: implement hub_verifytoken checking
+
+			$result = db_query($link, "SELECT feed_url FROM ttrss_feeds
+				WHERE id = '$feed_id'");
+
+			if (db_num_rows($result) != 0) {
+
+				$check_feed_url = db_fetch_result($result, 0, "feed_url");
+
+				if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) {
+					if ($mode == "subscribe") {
+
+						db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 2
+							WHERE id = '$feed_id'");
+
+						print $_REQUEST['hub_challenge'];
+						return;
+
+					} else if ($mode == "unsubscribe") {
+
+						db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 0
+							WHERE id = '$feed_id'");
+
+						print $_REQUEST['hub_challenge'];
+						return;
+
+					} else if (!$mode) {
+
+						// Received update ping, schedule feed update.
+						//update_rss_feed($link, $feed_id, true, true);
+
+						db_query($link, "UPDATE ttrss_feeds SET
+							last_update_started = '1970-01-01',
+							last_updated = '1970-01-01' WHERE id = '$feed_id' AND
+							owner_uid = ".$_SESSION["uid"]);
+
+					}
+				} else {
+					header('HTTP/1.0 404 Not Found');
+					echo "404 Not found";
+				}
+			} else {
+				header('HTTP/1.0 404 Not Found');
+				echo "404 Not found";
+			}
+
+		break; // pubsub
+
+		case "logout":
+			logout_user();
+			header("Location: tt-rss.php");
+		break; // logout
+
+		case "fbexport":
+
+			$access_key = db_escape_string($_POST["key"]);
+
+			// TODO: rate limit checking using last_connected
+			$result = db_query($link, "SELECT id FROM ttrss_linked_instances
+				WHERE access_key = '$access_key'");
+
+			if (db_num_rows($result) == 1) {
+
+				$instance_id = db_fetch_result($result, 0, "id");
+
+				$result = db_query($link, "SELECT feed_url, site_url, title, subscribers
+					FROM ttrss_feedbrowser_cache ORDER BY subscribers DESC LIMIT 100");
+
+				$feeds = array();
+
+				while ($line = db_fetch_assoc($result)) {
+					array_push($feeds, $line);
+				}
+
+				db_query($link, "UPDATE ttrss_linked_instances SET
+					last_status_in = 1 WHERE id = '$instance_id'");
+
+				print json_encode(array("feeds" => $feeds));
+			} else {
+				print json_encode(array("error" => array("code" => 6)));
+			}
+		break; // fbexport
+
+		case "share":
+			$uuid = db_escape_string($_REQUEST["key"]);
+
+			$result = db_query($link, "SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
+				uuid = '$uuid'");
+
+			if (db_num_rows($result) != 0) {
+				header("Content-Type: text/html");
+
+				$id = db_fetch_result($result, 0, "ref_id");
+				$owner_uid = db_fetch_result($result, 0, "owner_uid");
+
+				$_SESSION["uid"] = $owner_uid;
+				$article = format_article($link, $id, false, true);
+				$_SESSION["uid"] = "";
 
+				print_r($article['content']);
+
+			} else {
+				print "Article not found.";
+			}
+
+			break;
+
+		case "rss":
+			$feed = db_escape_string($_REQUEST["id"]);
+			$key = db_escape_string($_REQUEST["key"]);
+			$is_cat = $_REQUEST["is_cat"] != false;
+			$limit = (int)db_escape_string($_REQUEST["limit"]);
+
+			$search = db_escape_string($_REQUEST["q"]);
+			$match_on = db_escape_string($_REQUEST["m"]);
+			$search_mode = db_escape_string($_REQUEST["smode"]);
+			$view_mode = db_escape_string($_REQUEST["view-mode"]);
+
+			if (SINGLE_USER_MODE) {
+				authenticate_user($link, "admin", null);
+			}
+
+			$owner_id = false;
+
+			if ($key) {
+				$result = db_query($link, "SELECT owner_uid FROM
+					ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
+
+				if (db_num_rows($result) == 1)
+					$owner_id = db_fetch_result($result, 0, "owner_uid");
+			}
+
+			if ($owner_id) {
+				$_SESSION['uid'] = $owner_id;
+
+				generate_syndicated_feed($link, 0, $feed, $is_cat, $limit,
+					$search, $search_mode, $match_on, $view_mode);
+			} else {
+				header('HTTP/1.1 403 Forbidden');
+			}
+		break; // rss
+
+
+		case "globalUpdateFeeds":
+			// Update all feeds needing a update.
+			update_daemon_common($link, 0, true, true);
+		break; // globalUpdateFeeds
+
+
+		default:
+			header("Content-Type: text/plain");
+			print json_encode(array("error" => array("code" => 7)));
+		break; // fallback
+
+		}
 	}
 ?>

modules/backend-rpc.php

@@ -215,7 +215,7 @@
 
 			if (PUBSUBHUBBUB_HUB) {
 				$rss_link = get_self_url_prefix() .
-					"/backend.php?op=rss&id=-2&key=" .
+					"/public.php?op=rss&id=-2&key=" .
 					get_feed_access_key($link, -2, false);
 
 				$p = new Publisher(PUBSUBHUBBUB_HUB);

modules/popup-dialog.php

@@ -1094,7 +1094,7 @@
 				print __("You can share this article by the following unique URL:");
 
 				$url_path = get_self_url_prefix();
-				$url_path .= "/backend.php?op=share&key=$uuid";
+				$url_path .= "/public.php?op=share&key=$uuid";
 
 				print "<div class=\"tagCloudContainer\">";
 				print "<a id='pub_opml_url' href='$url_path' target='_blank'>$url_path</a>";

modules/pref-feeds.php

@@ -1520,7 +1520,7 @@
 		print "<p>".__('Published articles are exported as a public RSS feed and can be subscribed by anyone who knows the URL specified below.')."</p>";
 
 		$rss_url = '-2::' . htmlspecialchars(get_self_url_prefix() .
-				"/backend.php?op=rss&id=-2&view-mode=all_articles");;
+				"/public.php?op=rss&id=-2&view-mode=all_articles");;
 
 		print "<button dojoType=\"dijit.form.Button\" onclick=\"return displayDlg('generatedFeed', '$rss_url')\">".
 			__('Display URL')."</button> ";

public.php

@@ -0,0 +1,62 @@
+<?php
+	/* remove ill effects of magic quotes */
+
+	if (get_magic_quotes_gpc()) {
+		function stripslashes_deep($value) {
+			$value = is_array($value) ?
+				array_map('stripslashes_deep', $value) : stripslashes($value);
+				return $value;
+		}
+
+		$_POST = array_map('stripslashes_deep', $_POST);
+		$_GET = array_map('stripslashes_deep', $_GET);
+		$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
+		$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
+	}
+
+	$op = $_REQUEST["op"];
+
+	require_once "functions.php";
+	if ($op != "share") require_once "sessions.php";
+	require_once "modules/backend-rpc.php";
+	require_once "sanity_check.php";
+	require_once "config.php";
+	require_once "db.php";
+	require_once "db-prefs.php";
+
+	no_cache_incantation();
+
+	startup_gettext();
+
+	$script_started = getmicrotime();
+
+	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
+
+	if (!$link) {
+		if (DB_TYPE == "mysql") {
+			print mysql_error();
+		}
+		// PG seems to display its own errors just fine by default.
+		return;
+	}
+
+	init_connection($link);
+
+	$subop = $_REQUEST["subop"];
+	$mode = $_REQUEST["mode"];
+
+	if ((!$op || $op == "rss" || $op == "dlg") && !$_REQUEST["noxml"]) {
+			header("Content-Type: application/xml; charset=utf-8");
+	} else {
+			header("Content-Type: text/plain; charset=utf-8");
+	}
+
+	if (ENABLE_GZIP_OUTPUT) {
+		ob_start("ob_gzhandler");
+	}
+
+	handle_public_request($link, $op);
+
+	// We close the connection to database.
+	db_close($link);
+?>