removed debug flag

changed authentication call from Mr.Reader so that the reply is also uppercase, since the API-KEY comes in uppercase from clients
fixed debug output while authentication in Mr.Reader with displaying the email adress

README.md

@@ -10,6 +10,8 @@ This plugin is an open source module for TinyTinyRSS which simulates the Fever A
 * <a href="#download">Downloads</a>
 * <a href="#supported">Supported/Tested Clients</a>
 * <a href="#installation">Installation</a>
+* <a href="#debug">Debugging</a>
+* <a href="#error">Error reporting</a>
 * <a href="#license">License</a>
 * <a href="#changelog">Changelog</a>
 
@@ -40,6 +42,20 @@ Upload the ```fever``` folder in the ```plugins``` folder of your TinyTinyRSS in
 
 See [here](http://tt-rss.org/forum/viewtopic.php?f=22&t=1981) for more detailed informations.
 
+## <a name="debug">Debugging</a>
+
+In the file ```fever_api.php``` there are two flags for debugging at the beginning of the file.
+
+* ```DEBUG``` - set this to true to get a fever_debug.txt file in your root folder of the Tiny Tiny RSS installation.
+* ```DEBUG_USER``` - set this to the id (from ttrss_users) of your user you would like to always authenticate on your Tiny Tiny RSS installation. The authentication process is then skipped and the api gets always authentication.
+* ```DEBUG_FILE``` - set this to a filename that suits you for debugging this plugin if you need to.
+
+## <a name="error">Error reporting</a>
+
+When you find an error you may post it in the plugin [thread](http://tt-rss.org/forum/viewtopic.php?f=22&t=1981) or here on github.com in the ```Issues``` section.
+
+Please include your debug log which should be cleaned up. Please remove your username, password and apikey before posting it.
+
 ## <a name="license">License</a>
 
 Licensed under GNU GPL version 2 (<- I think this is okay for this plugin…)
@@ -65,3 +81,18 @@ v1.4 - 2013/6/28
 v1.4.1 - 2013/6/28
 
 * removed password from debug log file
+
+v1.4.2 - 2013/6/28
+
+* changed the ```DEBUG_USER``` evaluation a little bit for disabling authentication without DEBUG = true
+
+v1.4.3 - 2013/6/28
+
+* added ```DEBUG_FILE``` to debug configuration
+* changed authentication call from Mr.Reader so that the reply is also uppercase, since the API-KEY comes in uppercase from clients
+* fixed debug output while authentication in Mr.Reader with displaying the email adress
+
+v1.4.4 - 2013/6/28
+
+* updated the documentation
+* changed some in saving the generated API-KEY - now its generated like in the Fever API documentation

fever/fever_api.php

@@ -1,6 +1,6 @@
 <?php
 
-// v1.4.1
+// v1.4.3
 
 class FeverAPI extends Handler {
 
@@ -12,6 +12,7 @@ class FeverAPI extends Handler {
 	// debugging only functions with JSON
 	const DEBUG = false; // enable if you need some debug output in your tinytinyrss root
 	const DEBUG_USER = 0; // your user id you need to debug - look it up in your mysql database and set it to a value bigger than 0
+	const DEBUG_FILE = './debug_fever.txt'; // the file for debugging output
 
 	private $xml;
 
@@ -38,7 +39,7 @@ class FeverAPI extends Handler {
 			print json_encode($arr);
 			if (self::DEBUG) {
 				// debug output
-				file_put_contents('./debug_fever.txt','answer   : '.json_encode($arr)."\n",FILE_APPEND);
+				file_put_contents(self::DEBUG_FILE,'answer   : '.json_encode($arr)."\n",FILE_APPEND);
 			}
 		}
 	}
@@ -127,15 +128,14 @@ class FeverAPI extends Handler {
 			(isset($_REQUEST["password"]))) {
 			$email = $_REQUEST["email"];
 			$password = $_REQUEST["password"];
-			$apikey = md5($email.":".db_escape_string($password));
+			$apikey = strtoupper(md5($email.":".$password));
 			setcookie('fever_auth',$apikey,time()+60*60*24*30);
 			if (self::DEBUG) {
 				// debug output
 				$output = array();
-				$output['email'] = $username;
-				$output['password'] = '***not displayed***';
+				$output['email'] = $email;
 				$output['apikey'] = $apikey;
-				file_put_contents('./debug_fever.txt','auth POST: '.json_encode($output)."\n",FILE_APPEND);
+				file_put_contents(self::DEBUG_FILE,'auth POST: '.json_encode($output)."\n",FILE_APPEND);
 			}
 		}
 		if ((strlen($apikey)==0)&&isset($_REQUEST['fever_auth'])) { // override for Mr.Reader when doing some stuff
@@ -145,14 +145,14 @@ class FeverAPI extends Handler {
 		{
 			$result = $this->dbh->query("SELECT	owner_uid
 										 FROM ttrss_plugin_storage
-										 WHERE content = '" . db_escape_string('a:1:{s:8:"password";s:32:"') . db_escape_string(strtolower($apikey)) . db_escape_string('";}') . "'");
+										 WHERE content = '".db_escape_string('a:1:{s:8:"password";s:32:"'.strtolower($apikey).'";}') . "'");
 
 			if ($this->dbh->num_rows($result) > 0)
 			{
 				$_SESSION["uid"] = $this->dbh->fetch_result($result, 0, "owner_uid");
 			}
 
-			if (self::DEBUG&&self::DEBUG_USER>0) {
+			if (self::DEBUG_USER>0) {
 				$_SESSION["uid"] = self::DEBUG_USER; // always authenticate and set debug user
 			}
 		}
@@ -278,6 +278,7 @@ class FeverAPI extends Handler {
 	function getLinks()
 	{
 		// TODO: is there a 'hot links' alternative in ttrss?
+		// use ttrss_user_entries / score>0
 		$links = array();
 
 		return $links;
@@ -717,7 +718,7 @@ class FeverAPI extends Handler {
 		if (parent::before($method)) {
 			if (self::DEBUG) {
 				// add request to debug log
-				file_put_contents('./debug_fever.txt','parameter: '.json_encode($_REQUEST)."\n",FILE_APPEND);
+				file_put_contents(self::DEBUG_FILE,'parameter: '.json_encode($_REQUEST)."\n",FILE_APPEND);
 			}
 
 			// set the user from the db

fever/init.php

@@ -69,7 +69,7 @@ class Fever extends Plugin {
 			$result = db_query("SELECT login FROM ttrss_users WHERE id = '" . db_escape_string($_SESSION["uid"]) . "'");
 			if ($line = db_fetch_assoc($result))
 			{
-				$password = md5($line["login"] . ":" . db_escape_string($_POST["password"]));
+				$password = md5($line["login"] . ":" . $_POST["password"]);
 				$this->host->set($this, "password", $password);
 				echo __("Password saved.");
 			}