login system fixes

remove old-style session checking from backend.php
move outside subscription endpoint to public.php, change subscription
bookmarklet

include/functions.php

@@ -815,7 +815,35 @@
 		return true;
 	}
 
-	function login_sequence($link, $mobile = false) {
+	function login_sequence($link, $login_form = 0) {
+		if (SINGLE_USER_MODE) {
+			return authenticate_user($link, "admin", null);
+		} else {
+			if (!$_SESSION["uid"] || !validate_session($link)) {
+
+				if (AUTH_AUTO_LOGIN && authenticate_user($link, null, null)) {
+				    $_SESSION["ref_schema_version"] = get_schema_version($link, true);
+				} else {
+					 authenticate_user($link, null, null, true);
+				}
+
+				if (!$_SESSION["uid"]) render_login_form($link, $login_form);
+
+			} else {
+				/* bump login timestamp */
+				db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " .
+					$_SESSION["uid"]);
+
+				if ($_SESSION["language"] && SESSION_COOKIE_LIFETIME > 0) {
+					setcookie("ttrss_lang", $_SESSION["language"],
+						time() + SESSION_COOKIE_LIFETIME);
+				}
+			}
+		}
+	}
+
+
+	/* function login_sequence($link, $mobile = false) {
 		$_SESSION["prefs_cache"] = array();
 
 		if (!SINGLE_USER_MODE) {
@@ -872,7 +900,7 @@
 				    exit;
 				}
 			} else {
-				/* bump login timestamp */
+				// bump login timestamp
 				db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " .
 					$_SESSION["uid"]);
 
@@ -888,7 +916,7 @@
 		} else {
 			return authenticate_user($link, "admin", null);
 		}
-	}
+	} */
 
 	function truncate_string($str, $max_len, $suffix = '…') {
 		if (mb_strlen($str, "utf-8") > $max_len - 3) {
@@ -3148,17 +3176,16 @@
 		return true;
 	}
 
-	function render_login_form($link, $mobile = 0) {
-		switch ($mobile) {
+	function render_login_form($link, $form_id = 0) {
+		switch ($form_id) {
 		case 0:
 			require_once "login_form.php";
 			break;
 		case 1:
 			require_once "mobile/login_form.php";
 			break;
-		case 2:
-			require_once "mobile/classic/login_form.php";
 		}
+		exit;
 	}
 
 	// from http://developer.apple.com/internet/safari/faq.html
@@ -3588,7 +3615,7 @@
 		//$url_path = ($_SERVER['HTTPS'] != "on" ? 'http://' :  'https://') . $_SERVER["HTTP_HOST"] . parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH);
 
 		$url_path = get_self_url_prefix() .
-			"/backend.php?op=pref-feeds&quiet=1&method=add&feed_url=%s";
+			"/public.php?op=subscribe&feed_url=%s";
 		return $url_path;
 	} // function add_feed_url
 

include/login_form.php

@@ -32,21 +32,22 @@ function init() {
 	}
 
 	document.forms["loginForm"].login.focus();
+
+	fetchProfiles();
 }
 
 function fetchProfiles() {
 	try {
-		var params = Form.serialize('loginForm');
-		var query = "?op=getProfiles&" + params;
+		var query = "?op=getProfiles&login=" + param_escape(document.forms["loginForm"].login.value);
 
 		if (query) {
 			new Ajax.Request("public.php",	{
 				parameters: query,
-					onComplete: function(transport) {
-						if (transport.responseText.match("select")) {
-							$('profile_box').innerHTML = transport.responseText;
-						}
-				} });
+				onComplete: function(transport) {
+					if (transport.responseText.match("select")) {
+						$('profile_box').innerHTML = transport.responseText;
+					}
+			} });
 		}
 
 	} catch (e) {
@@ -113,8 +114,12 @@ function validateLoginForm(f) {
 	});
 </script>
 
-<form action="" method="POST" id="loginForm" name="loginForm" onsubmit="return validateLoginForm(this)">
-<input type="hidden" name="login_action" value="do_login">
+<?php $return = urlencode($_SERVER["REQUEST_URI"]) ?>
+
+<form action="public.php?return=<?php echo $return ?>"
+	method="POST" id="loginForm" name="loginForm" onsubmit="return validateLoginForm(this)">
+
+<input type="hidden" name="op" value="login">
 
 <table class="loginForm2">
 <tr>
@@ -130,11 +135,10 @@ function validateLoginForm(f) {
 		<table>
 			<tr><td align="right"><?php echo __("Login:") ?></td>
 			<td align="right"><input name="login"
-				onchange="fetchProfiles()" onfocus="fetchProfiles()"
+				onchange="fetchProfiles()" onfocus="fetchProfiles()" onblur="fetchProfiles()"
 				value="<?php echo $_SESSION["fake_login"] ?>"></td></tr>
 			<tr><td align="right"><?php echo __("Password:") ?></td>
 			<td align="right"><input type="password" name="password"
-				onchange="fetchProfiles()" onfocus="fetchProfiles()"
 				value="<?php echo $_SESSION["fake_password"] ?>"></td></tr>
 			<tr><td align="right"><?php echo __("Language:") ?></td>
 			<td align="right">
@@ -151,11 +155,6 @@ function validateLoginForm(f) {
 				<option><?php echo __("Default profile") ?></option></select>
 			</td></tr>
 
-			<!-- <tr><td colspan="2">
-				<input type="checkbox" name="remember_me" id="remember_me">
-				<label for="remember_me">Remember me on this computer</label>
-			</td></tr> -->
-
 			<tr><td colspan="2" align="right" class="innerLoginCell">
 
 			<button type="submit" name='click'><?php echo __('Log in') ?></button>
@@ -164,9 +163,6 @@ function validateLoginForm(f) {
 					<?php echo __("Create new account") ?></button>
 			<?php } ?>
 
-				<input type="hidden" name="action" value="login">
-				<input type="hidden" name="rt"
-					value="<?php if ($return_to != 'none') { echo $return_to; } ?>">
 			</td></tr>
 
 			<tr><td colspan="2" align="right" class="innerLoginCell">