diff options
Diffstat (limited to 'includes/pages/user_atom.php')
-rw-r--r-- | includes/pages/user_atom.php | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/includes/pages/user_atom.php b/includes/pages/user_atom.php index fd28510f..c9420c91 100644 --- a/includes/pages/user_atom.php +++ b/includes/pages/user_atom.php @@ -9,16 +9,19 @@ function user_atom() { else die("Missing key."); - $user = sql_select("SELECT * FROM `User` WHERE `ical_key`='" . sql_escape($key) . "' LIMIT 1"); - if (count($user) == 0) + $user = User_by_api_key($key); + if($user === false) + die("Unable to find user."); + if($user == null) die("Key invalid."); + if(!in_array('atom', privileges_for_user($user['UID']))) + die("No privilege for atom."); - $user = $user[0]; $news = sql_select("SELECT * FROM `News` " . (empty($_REQUEST['meetings'])? '' : 'WHERE `Treffen` = 1 ') . "ORDER BY `ID` DESC LIMIT " . sql_escape($DISPLAY_NEWS)); header('Content-Type: application/atom+xml; charset=utf-8'); $html = '<?xml version="1.0" encoding="utf-8"?> -<feed xmlns="http://www.w3.org/2005/Atom"> + <feed xmlns="http://www.w3.org/2005/Atom"> <title>Engelsystem</title> <id>' . $_SERVER['HTTP_HOST'] . htmlspecialchars(preg_replace('#[&?]key=[a-f0-9]{32}#', '', $_SERVER['REQUEST_URI'])) . '</id> <updated>' . date('Y-m-d\TH:i:sP', $news[0]['Datum']) . "</updated>\n"; @@ -29,11 +32,11 @@ function user_atom() { <id>" . preg_replace('#^https?://#', '', page_link_to_absolute("news")) . "-${news_entry['ID']}</id> <updated>" . date('Y-m-d\TH:i:sP', $news_entry['Datum']) . "</updated> <summary type=\"html\">" . htmlspecialchars($news_entry['Text']) . "</summary> - </entry>\n"; - } - $html .= "</feed>"; - header("Content-Length: " . strlen($html)); - echo $html; - die(); + </entry>\n"; +} +$html .= "</feed>"; +header("Content-Length: " . strlen($html)); +echo $html; +die(); } ?> |