changed version number and added change log

Conflicts:
	fever/fever_api.php

README.md

@@ -1,5 +1,7 @@
 # TinyTinyRSS Fever API plugin
 
+See also [Fever API](fever-api.md)
+
 ## Description
 
 This plugin is an open source module for TinyTinyRSS which simulates the Fever API for reading the RSS Feeds with your Fever clients.
@@ -11,6 +13,7 @@ This plugin is an open source module for TinyTinyRSS which simulates the Fever A
 * <a href="#supported">Supported/Tested Clients</a>
 * <a href="#installation">Installation</a>
 * <a href="#debug">Debugging</a>
+* <a href="#error">Error reporting</a>
 * <a href="#license">License</a>
 * <a href="#changelog">Changelog</a>
 
@@ -26,17 +29,22 @@ Following Features are implemented:
 
 ## <a name="downloads">Downloads</a>
 
-Please click the ```ZIP``` Button to download current version. ;)
+Please click the [```Download ZIP```](https://github.com/dasmurphy/tinytinyrss-fever-plugin/archive/master.zip) button to download current version. ;)
 
 ## <a name="supported">Supported/Tested Clients</a>
 
 These clients should be working fine with this API emulation.
 
-* Reeder - iPhone
-* Mr.Reader - iPad
+* [Reeder](http://reederapp.com) - iPhone
+* [Mr.Reader](http://www.curioustimes.de/mrreader/index.html) - iPad
+* [ReadKit](http://readkitapp.com) - OS X
+* [Meltdown](https://github.com/phubbard/Meltdown) - Android
+  * displays feeds as 'orphan' items, but runs fine
 
 ## <a name="installation">Installation</a>
 
+**IMPORTENT** Enable external API access in your TinyTinyRSS installation! Otherwise this will not work!
+
 Upload the ```fever``` folder in the ```plugins``` folder of your TinyTinyRSS installation. Enable the plugin in the preferences and set your password for the Fever API.
 
 See [here](http://tt-rss.org/forum/viewtopic.php?f=22&t=1981) for more detailed informations.
@@ -47,6 +55,15 @@ In the file ```fever_api.php``` there are two flags for debugging at the beginni
 
 * ```DEBUG``` - set this to true to get a fever_debug.txt file in your root folder of the Tiny Tiny RSS installation.
 * ```DEBUG_USER``` - set this to the id (from ttrss_users) of your user you would like to always authenticate on your Tiny Tiny RSS installation. The authentication process is then skipped and the api gets always authentication.
+* ```DEBUG_FILE``` - set this to a filename that suits you for debugging this plugin if you need to.
+
+## <a name="error">Error reporting</a>
+
+If you got problems with authentication after updating the plugin, try to reenter the password in TinyTinyRSS Fever plugin and save it again.
+
+When you find an error you may post it in the plugin [thread](http://tt-rss.org/forum/viewtopic.php?f=22&t=1981) or here on github.com in the [Issues](https://github.com/dasmurphy/tinytinyrss-fever-plugin/issues/) section.
+
+Please include your debug log which should be cleaned up. Please remove your username, password and apikey before posting it.
 
 ## <a name="license">License</a>
 
@@ -76,4 +93,24 @@ v1.4.1 - 2013/6/28
 
 v1.4.2 - 2013/6/28
 
-* changed the DEBUG_USER evaluation a little bit for disabling authentication without DEBUG = true
+* changed the ```DEBUG_USER``` evaluation a little bit for disabling authentication without DEBUG = true
+
+v1.4.3 - 2013/6/28
+
+* added ```DEBUG_FILE``` to debug configuration
+* changed authentication call from Mr.Reader so that the reply is also uppercase, since the API-KEY comes in uppercase from clients
+* fixed debug output while authentication in Mr.Reader with displaying the email adress
+
+v1.4.4 - 2013/6/28
+
+* updated the documentation
+* changed some in saving the generated API-KEY - now its generated like in the Fever API documentation
+
+v1.4.5 - 2013/6/29
+
+* fixed the cannot mark/star bug in Mr.Reader
+
+v1.4.6 - 2014/1/15
+
+* merged bigger pull request to get more Fever API RSS Readers to work
+

fever-api.md

@@ -0,0 +1,247 @@
+# API Public Beta 
+
+## Information
+
+Currently it is a copy of [http://www.feedafever.com/api](http://www.feedafever.com/api), but as a Markdown File.
+
+At the end of this document there is some undocumented stuff from the API.
+
+## Description
+
+Fever 1.14 introduces the new Fever API. This API is in public beta and currently supports basic syncing and consuming of content. A subsequent update will allow for adding, editing and deleting feeds and groups. The API’s primary focus is maintaining a local cache of the data in a remote Fever installation.
+
+I am [soliciting feedback](http://www.feedafever.com/contact) from interested developers and as such the beta API may expand to reflect that feedback. The current API is incomplete but stable. Existing features may be expanded on but will not be removed or modified. New features may be added.
+
+I’ve created a simple [HTML widget](http://www.feedafever.com/gateway/public/api-widget.html.zip) that allows you to query the Fever API and view the response.
+
+# Authentication 
+
+Without further ado, the Fever API endpoint URL looks like:
+
+`http://yourdomain.com/fever/?api`
+
+All requests must be authenticated with a `POST`ed `api_key`. The value of `api_key` should be the md5 checksum of the Fever accounts email address and password concatenated with a colon. An example of a valid value for `api_key` using PHP’s native `md5()` function:
+
+```php
+$email  = 'you@yourdomain.com';
+$pass   = 'b3stp4s4wd3v4';
+$api_key = md5($email.':'.$pass);
+```
+
+A user may specify that `https` be used to connect to their Fever installation for additional security but you should not assume that all Fever installations support `https`.
+
+The default response is a JSON object containing two members:
+
+* `api_version` contains the version of the API responding (positive integer)
+* `auth` whether the request was successfully authenticated (boolean integer)
+
+The API can also return XML by passing `xml` as the optional value of the `api` argument like so:
+
+`http://yourdomain.com/fever/?api=xml`
+
+The top level XML element is named `response`.
+
+The response to each successfully authenticated request will have `auth` set to `1` and include at least one additional member:
+
+* `last_refreshed_on_time` contains the time of the most recently refreshed (not *updated*) feed (Unix timestamp/integer)
+
+When reading from the Fever API you add arguments to the query string of the API endpoint URL. If you attempt to `POST` these arguments (and their optional values) Fever will not recognize the request.
+
+## Groups 
+
+`http://yourdomain.com/fever/?api&groups`
+
+A request with the groups argument will return two additional members:
+
+* `groups` contains an array of `group` objects
+* `feeds_groups` contains an array of `feeds_group` objects
+
+A `group` object has the following members:
+
+* `id` (positive integer)
+* `title` (utf-8 string)
+
+The `feeds_group` object is documented under “Feeds/Groups Relationships.”
+
+The “Kindling” super group is not included in this response and is composed of all feeds with an `is_spark` equal to `0`. The “Sparks” super group is not included in this response and is composed of all feeds with an `is_spark` equal to `1`.
+
+## Feeds 
+
+`http://yourdomain.com/fever/?api&feeds`
+
+A request with the `feeds` argument will return two additional members:
+
+* `feeds` contains an array of `group` objects
+* `feeds_groups` contains an array of `feeds_group` objects
+
+A `feed` object has the following members:
+
+* `id` (positive integer)
+* `favicon_id` (positive integer)
+* `title` (utf-8 string)
+* `url` (utf-8 string)
+* `site_url` (utf-8 string)
+* `is_spark` (boolean integer)
+* `last_updated_on_time` (Unix timestamp/integer)
+
+The `feeds_group` object is documented under “Feeds/Groups Relationships.”
+
+The “All Items” super feed is not included in this response and is composed of all items from all feeds that belong to a given group. For the “Kindling” super group and all user created groups the items should be limited to feeds with an `is_spark` equal to `0`. For the “Sparks” super group the items should be limited to feeds with an `is_spark` equal to `1`.
+
+## Feeds/Groups Relationships 
+
+A request with either the `groups` or `feeds` arguments will return an additional member:
+
+A `feeds_group` object has the following members:
+
+* `group_id` (positive integer)
+* `feed_ids` (string/comma-separated list of positive integers)
+
+## Favicons 
+
+`http://yourdomain.com/fever/?api&favicons`
+
+A request with the `favicons` argument will return one additional member:
+
+* `favicons` contains an array of `favicon` objects
+
+A `favicon` object has the following members:
+
+* `id` (positive integer)
+* `data` (base64 encoded image data; prefixed by image type)
+
+An example `data` value:
+
+`image/gif;base64,R0lGODlhAQABAIAAAObm5gAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==`
+
+The `data` member of a `favicon` object can be used with the `data:` protocol to embed an image in CSS or HTML. A PHP/HTML example:
+
+`echo '<img src="data:'.$favicon['data'].'">';`
+
+## Items 
+
+`http://yourdomain.com/fever/?api&items`
+
+A request with the `items` argument will return two additional members:
+
+* `items` contains an array of item objects
+* `total_items` contains the total number of items stored in the database (added in API version 2)
+
+An `item` object has the following members:
+
+* `id` (positive integer)
+* `feed_id` (positive integer)
+* `title` (utf-8 string)
+* `author` (utf-8 string)
+* `html` (utf-8 string)
+* `url` (utf-8 string)
+* `is_saved` (boolean integer)
+* `is_read` (boolean integer)
+* `created_on_time` (Unix timestamp/integer)
+
+Most servers won’t have enough memory allocated to PHP to dump all items at once. Three optional arguments control determine the items included in the response.
+
+Use the `since_id` argument with the highest id of locally cached items to request 50 additional items. Repeat until the items array in the response is empty.
+
+Use the `max_id` argument with the lowest id of locally cached items (or `0` initially) to request 50 previous items. Repeat until the items array in the response is empty. (added in API version 2)
+
+Use the `with_ids` argument with a comma-separated list of item ids to request (a maximum of 50) specific items. (added in API version 2)
+
+## Hot Links 
+
+`http://yourdomain.com/fever/?api&links`
+
+A request with the `links` argument will return one additional member:
+
+* `links` contains an array of `link` objects
+
+A `link` object has the following members:
+
+* `id` (positive integer)
+* `feed_id` (positive integer) only use when is_item equals 1
+* `item_id` (positive integer) only use when is_item equals 1
+* `temperature` (positive float)
+* `is_item` (boolean integer)
+* `is_local` (boolean integer) used to determine if the source feed and favicon should be displayed
+* `is_saved` (boolean integer) only use when is_item equals 1
+* `title` (utf-8 string)
+* `url` (utf-8 string)
+* `item_ids` (string/comma-separated list of positive integers)
+
+When requesting hot links you can control the range and offset by specifying a length of days for each as well as a page to fetch additional hot links. A request with just the `links` argument is equivalent to:
+
+`http://yourdomain.com/fever/?api&links&offset=0&range=7&page=1`
+
+Or the first page (`page=1`) of Hot links for the past week (`range=7`) starting now (`offset=0`).
+
+# Link Caveats 
+
+Fever calculates Hot link temperatures in real-time. The API assumes you have an up-to-date local cache of items, feeds and favicons with which to construct a meaningful Hot view. Because they are ephemeral Hot links should not be cached in the same relational manner as items, feeds, groups and favicons.
+
+Because Fever saves items and not individual links you can only "save" a Hot link when `is_item` equals `1`.
+
+The `unread_item_ids` and `saved_item_ids` arguments can be used to keep your local cache synced with the remote Fever installation.
+
+`http://yourdomain.com/fever/?api&unread_item_ids`
+
+A request with the `unread_item_ids` argument will return one additional member:
+
+* `unread_item_ids` (string/comma-separated list of positive integers)
+
+`http://yourdomain.com/fever/?api&saved_item_ids`
+
+A request with the `saved_item_ids` argument will return one additional member:
+
+* saved_item_ids (string/comma-separated list of positive integers)
+
+One of these members will be returned as appropriate when marking an item as read, unread, saved, or unsaved and when marking a feed or group as read.
+
+Because groups and feeds will be limited in number compared to items, they should be synced by comparing an array of locally cached feed or group ids to an array of feed or group ids returned by their respective API request.
+
+# Write 
+
+The public beta of the API does not provide a way to add, edit or delete feeds or groups but you can mark items, feeds and groups as read and save or unsave items. You can also unread recently read items. When writing to the Fever API you add arguments to the POST data you submit to the API endpoint URL.
+
+Adding `unread_recently_read=1` to your POST data will mark recently read items as unread.
+
+You can update an individual item by adding the following three arguments to your POST data:
+
+* `mark=item`
+* `as=?` where `?` is replaced with `read`, `saved` or `unsaved`
+* `id=?` where `?` is replaced with the `id` of the item to modify
+
+Marking a feed or group as read is similar but requires one additional argument to prevent marking new, unreceived items as read:
+
+* `mark=?` where `?` is replaced with `feed` or `group`
+* `as=read`
+* `id=?` where `?` is replaced with the id of the feed or group to modify
+* `before=?` where `?` is replaced with the Unix timestamp of the the local client’s most recent `items` API request
+
+You can mark the “Kindling” super group (and the “Sparks” super group) as read by adding the following four arguments to your POST data:
+
+* `mark=group`
+* `as=read`
+* `id=0`
+* `before=?` where `?` is replaced with the Unix timestamp of the the local client’s last `items` API request
+
+Similarly you can mark just the “Sparks” super group as read by adding the following four arguments to your POST data:
+
+* `mark=group`
+* `as=read`
+* `id=-1`
+* `before=?` where `?` is replaced with the Unix timestamp of the the local client’s last `items` API request
+
+# inoffical/undocumented API
+
+This is the extension which represents some things which will be used from Mr.Reader App in iPad and are not documented as normal API, but allows it because the Fever API point is the same as the webpage requests.
+
+## login
+
+`http://yourdomain.com/fever/?action=login&username=[username]&password=[password]`
+
+A request with the `action=login` argument will return a cookie `fever_auth`. This must be equal to the API key. This is a call which is created normally from the login dialog of the Fever webpage.
+
+* `username` - the username for your login
+* `password` - the password you set for the api
+
+As return a cookie named `fever_auth` will be set with the API key.

fever/fever_api.php

@@ -1,6 +1,6 @@
 <?php
 
-// v1.4.2
+// v1.4.6
 
 class FeverAPI extends Handler {
 
@@ -12,6 +12,10 @@ class FeverAPI extends Handler {
 	// debugging only functions with JSON
 	const DEBUG = false; // enable if you need some debug output in your tinytinyrss root
 	const DEBUG_USER = 0; // your user id you need to debug - look it up in your mysql database and set it to a value bigger than 0
+	const DEBUG_FILE = './debug_fever.txt'; // the file for debugging output
+	const ADD_ATTACHED_FILES = 1; //add link in bottom for attached files
+
+	private $IS_PRESS = 0;
 
 	private $xml;
 
@@ -38,7 +42,7 @@ class FeverAPI extends Handler {
 			print json_encode($arr);
 			if (self::DEBUG) {
 				// debug output
-				file_put_contents('./debug_fever.txt','answer   : '.json_encode($arr)."\n",FILE_APPEND);
+				file_put_contents(self::DEBUG_FILE,'answer   : '.json_encode($arr)."\n",FILE_APPEND);
 			}
 		}
 	}
@@ -127,25 +131,24 @@ class FeverAPI extends Handler {
 			(isset($_REQUEST["password"]))) {
 			$email = $_REQUEST["email"];
 			$password = $_REQUEST["password"];
-			$apikey = md5($email.":".db_escape_string($password));
+			$apikey = strtoupper(md5($email.":".$password));
 			setcookie('fever_auth',$apikey,time()+60*60*24*30);
 			if (self::DEBUG) {
 				// debug output
 				$output = array();
-				$output['email'] = $username;
-				$output['password'] = '***not displayed***';
+				$output['email'] = $email;
 				$output['apikey'] = $apikey;
-				file_put_contents('./debug_fever.txt','auth POST: '.json_encode($output)."\n",FILE_APPEND);
+				file_put_contents(self::DEBUG_FILE,'auth POST: '.json_encode($output)."\n",FILE_APPEND);
 			}
 		}
-		if ((strlen($apikey)==0)&&isset($_REQUEST['fever_auth'])) { // override for Mr.Reader when doing some stuff
-			$apikey = $_REQUEST['fever_auth'];
+		if ((strlen($apikey)==0)&&isset($_COOKIE['fever_auth'])) { // override for Mr.Reader when doing some stuff
+			$apikey = $_COOKIE['fever_auth'];
 		}
 		if (strlen($apikey)>0)
 		{
 			$result = $this->dbh->query("SELECT	owner_uid
 										 FROM ttrss_plugin_storage
-										 WHERE content = '" . db_escape_string('a:1:{s:8:"password";s:32:"') . db_escape_string(strtolower($apikey)) . db_escape_string('";}') . "'");
+										 WHERE content = '".db_escape_string('a:1:{s:8:"password";s:32:"'.strtolower($apikey).'";}') . "'");
 
 			if ($this->dbh->num_rows($result) > 0)
 			{
@@ -278,11 +281,96 @@ class FeverAPI extends Handler {
 	function getLinks()
 	{
 		// TODO: is there a 'hot links' alternative in ttrss?
+		// use ttrss_user_entries / score>0
 		$links = array();
 
 		return $links;
 	}
 
+	function my_sanitize($str, $site_url = false) {
+		$res = trim($str); if (!$res) return '';
+
+		if (strpos($res, "href=") === false)
+			$res = rewrite_urls($res);
+
+		$charset_hack = '<head>
+			<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
+		</head>';
+
+		$res = trim($res); if (!$res) return '';
+
+		libxml_use_internal_errors(true);
+
+		$doc = new DOMDocument();
+		$doc->loadHTML($charset_hack . $res);
+		$xpath = new DOMXPath($doc);
+
+		$entries = $xpath->query('(//a[@href]|//img[@src])');
+
+		foreach ($entries as $entry) {
+
+			if ($site_url) {
+
+				if ($entry->hasAttribute('href'))
+					$entry->setAttribute('href',
+						rewrite_relative_url($site_url, $entry->getAttribute('href')));
+
+				if ($entry->hasAttribute('src')) {
+					$src = rewrite_relative_url($site_url, $entry->getAttribute('src'));
+					$entry->setAttribute('src', $src);
+				}
+			}
+
+			if (strtolower($entry->nodeName) == "a") {
+				$entry->setAttribute("target", "_blank");
+			}
+		}
+
+		$entries = $xpath->query('//iframe');
+		foreach ($entries as $entry) {
+			$entry->setAttribute('sandbox', 'allow-scripts');
+		}
+
+		$disallowed_attributes = array('id', 'style', 'class');
+
+		$entries = $xpath->query('//*');
+		foreach ($entries as $entry) {
+			if ($entry->hasAttributes()) {
+				$attrs_to_remove = array();
+				foreach ($entry->attributes as $attr) {
+					if (strpos($attr->nodeName, 'on') === 0) { //remove onclick and other on* attributes
+						array_push($attrs_to_remove, $attr);
+					}
+
+					if (in_array($attr->nodeName, $disallowed_attributes)) {
+						array_push($attrs_to_remove, $attr);
+					}
+				}
+				foreach ($attrs_to_remove as $attr) {
+					$entry->removeAttributeNode($attr);
+				}
+			}
+		}
+
+		$doc->removeChild($doc->firstChild); //remove doctype
+		$res = $doc->saveHTML();
+		return $res;
+	}
+
+	function formatBytes($bytes, $precision = 2) {
+		$units = array('B', 'KB', 'MB', 'GB', 'TB');
+
+		$bytes = max($bytes, 0);
+		$pow = floor(($bytes ? log($bytes) : 0) / log(1024));
+		$pow = min($pow, count($units) - 1);
+
+		// Uncomment one of the following alternatives
+		$bytes /= pow(1024, $pow);
+		// $bytes /= (1 << (10 * $pow));
+
+		return round($bytes, $precision) . ' ' . $units[$pow];
+	}
+
 	function getItems()
 	{
 		// items from specific groups, feeds
@@ -315,9 +403,9 @@ class FeverAPI extends Handler {
 				else
 					$groups_query = trim($groups_query, ",") . ")";
 
-				$feeds_in_group_result = $this->dbh->query("SELECT id
-															FROM ttrss_feeds
-															WHERE owner_uid = '" . db_escape_string($_SESSION["uid"]) . "' " . $groups_query);
+				$feeds_in_group_result = $this->dbh->query("SELECT id".
+															"FROM ttrss_feeds".
+															"WHERE owner_uid = '" . db_escape_string($_SESSION["uid"]) . "' " . $groups_query);
 
 				$group_feed_ids = array();
 				while ($line = $this->dbh->fetch_assoc($feeds_in_group_result))
@@ -398,8 +486,11 @@ class FeverAPI extends Handler {
 				if ($since_id)
 				{
 					if (!empty($where)) $where .= " AND ";
-					//$where .= "id > " . db_escape_string($since_id) . " ";
-					$where .= "id > " . db_escape_string($since_id*1000) . " "; // NASTY hack for Mr. Reader 2.0 on iOS and TinyTiny RSS Fever
+					if ($this->IS_PRESS) {
+						$where .= "id > " . db_escape_string($since_id) . " ";
+					} else {
+						$where .= "id > " . db_escape_string($since_id*1000) . " ";  // NASTY hack for Mr. Reader 2.0 on iOS and TinyTiny RSS Fever
+					}
 				}
 				else if (empty($where))
 				{
@@ -419,11 +510,32 @@ class FeverAPI extends Handler {
 
 		while ($line = $this->dbh->fetch_assoc($result))
 		{
+			$line_content = $this->my_sanitize($line["content"], $line["link"]);
+			if (ADD_ATTACHED_FILES){
+				$enclosures = get_article_enclosures($line["id"]);
+				if (count($enclosures) > 0) {
+					$line_content .= '<ul type="lower-greek">';
+					foreach ($enclosures as $enclosure) {
+						if (!empty($enclosure['content_url'])) {
+							$enc_type = '';
+							if (!empty($enclosure['content_type'])) {
+								$enc_type = ', '.$enclosure['content_type'];
+							}
+							$enc_size = '';
+							if (!empty($enclosure['duration'])) {
+								$enc_size = ' , '.$this->formatBytes($enclosure['duration']);
+							}
+							$line_content .= '<li><a href="'.$enclosure['content_url'].'" target="_blank">'.basename($enclosure['content_url']).$enc_type.$enc_size.'</a>'.'</li>';
+						}
+					}
+					$line_content .= '</ul>';
+				}
+			}
 			array_push($items, array("id" => intval($line["id"]),
 									 "feed_id" => intval($line["feed_id"]),
 									 "title" => $line["title"],
 									 "author" => $line["author"],
-									 "html" => $line["content"],
+									 "html" => $line_content,
 									 "url" => $line["link"],
 									 "is_saved" => (sql_bool_to_bool($line["marked"]) ? 1 : 0),
 									 "is_read" => ( (!sql_bool_to_bool($line["unread"])) ? 1 : 0),
@@ -488,14 +600,13 @@ class FeverAPI extends Handler {
 	function getUnreadItemIds()
 	{
 		$unreadItemIdsCSV = "";
-		$result = $this->dbh->query("SELECT	ref_id, unread
+		$result = $this->dbh->query("SELECT	ref_id
 							 FROM ttrss_user_entries
-							 WHERE owner_uid = '" . db_escape_string($_SESSION["uid"]) . "'"); // ORDER BY red_id DESC
+							 WHERE owner_uid = '" . db_escape_string($_SESSION["uid"]) . "' AND unread"); // ORDER BY red_id DESC
 
 		while ($line = $this->dbh->fetch_assoc($result))
 		{
-			if (sql_bool_to_bool($line["unread"]))
-				$unreadItemIdsCSV .= $line["ref_id"] . ",";
+			$unreadItemIdsCSV .= $line["ref_id"] . ",";
 		}
 		$unreadItemIdsCSV = trim($unreadItemIdsCSV, ",");
 
@@ -505,14 +616,13 @@ class FeverAPI extends Handler {
 	function getSavedItemIds()
 	{
 		$savedItemIdsCSV = "";
-		$result = $this->dbh->query("SELECT	ref_id, marked
+		$result = $this->dbh->query("SELECT	ref_id
 							 FROM ttrss_user_entries
-							 WHERE owner_uid = '" . db_escape_string($_SESSION["uid"]) . "'");
+							 WHERE owner_uid = '" . db_escape_string($_SESSION["uid"]) . "' AND marked");
 
 		while ($line = $this->dbh->fetch_assoc($result))
 		{
-			if (sql_bool_to_bool($line["marked"]))
-				$savedItemIdsCSV .= $line["ref_id"] . ",";
+			$savedItemIdsCSV .= $line["ref_id"] . ",";
 		}
 		$savedItemIdsCSV = trim($savedItemIdsCSV, ",");
 
@@ -683,6 +793,9 @@ class FeverAPI extends Handler {
 			if (is_numeric($_REQUEST["id"]))
 			{
 				$before	= (isset($_REQUEST["before"])) ? $_REQUEST["before"] : null;
+				if ($before > pow(10,10) ) {
+					$before = round($before / 1000);
+				}
 				$method_name = "set" . ucfirst($_REQUEST["mark"]) . "As" . ucfirst($_REQUEST["as"]);
 
 				if (method_exists($this, $method_name))
@@ -714,10 +827,18 @@ class FeverAPI extends Handler {
 
 	// validate the api_key, user preferences
 	function before($method) {
+		if ( strpos($_SERVER['HTTP_USER_AGENT'],"Dalvik") !== false ||
+		      strpos($_SERVER['HTTP_USER_AGENT'],"ReadKit") !== false ||
+		      strpos($_SERVER['HTTP_USER_AGENT'],"Mr. Reader")  !== false
+		    ) { //Check for Press client in Android, ReadKit in Mac, Mr. Reader
+			$this->IS_PRESS = 1;
+		} else {
+			$this->IS_PRESS = 0;
+		}
 		if (parent::before($method)) {
 			if (self::DEBUG) {
 				// add request to debug log
-				file_put_contents('./debug_fever.txt','parameter: '.json_encode($_REQUEST)."\n",FILE_APPEND);
+				file_put_contents(self::DEBUG_FILE,'parameter: '.json_encode($_REQUEST)."\n",FILE_APPEND);
 			}
 
 			// set the user from the db
@@ -729,7 +850,7 @@ class FeverAPI extends Handler {
 			if ($this->xml)
 				header("Content-Type: text/xml");
 			else
-				header("Content-Type: text/json");
+				header("Content-Type: application/json");
 
 			// check we have a valid user
 			if (!$_SESSION["uid"]) {

fever/index.php

@@ -6,17 +6,24 @@
 		exit;
 	}
 
-
 	error_reporting(E_ERROR | E_PARSE);
 
-	require_once "../../config.php";
+	$tt_root = dirname(dirname(dirname($_SERVER['SCRIPT_FILENAME'])));
+	$tt_root2 = $tt_root;
+	if (file_exists($tt_root."/config.php")) {
+		require_once $tt_root."/config.php";
+	} else { //if (file_exists("../../config.php")) {
+		$tt_root = "../..";
+		$tt_root2 = dirname(dirname(dirname(__FILE__)));
+		require_once $tt_root."/config.php";
+	}
 
 	set_include_path(dirname(__FILE__) . PATH_SEPARATOR .
-		dirname(dirname(dirname(__FILE__))) . PATH_SEPARATOR .
-		dirname(dirname(dirname(__FILE__))) . "/include" . PATH_SEPARATOR .
+		$tt_root2 . PATH_SEPARATOR .
+		$tt_root2 . "/include" . PATH_SEPARATOR .
   		get_include_path());
 
-	chdir("../..");
+	chdir($tt_root);
 
 	define('NO_SESSION_AUTOSTART', true);
 

fever/init.php

@@ -4,7 +4,7 @@ class Fever extends Plugin {
 	private $host;
 
 	function about() {
-		return array(1.2,
+		return array(1.45,
 			"Emulates the Fever API for Tiny Tiny RSS",
 			"digitaldj & murphy");
 	}
@@ -54,7 +54,7 @@ class Fever extends Plugin {
 		print "<button dojoType=\"dijit.form.Button\" type=\"submit\">" . __("Set Password") . "</button>";
 		print "</form>";
 
-		print "<p>" . __("To login with the Fever API, set your server details in your favourite RSS application to: ") . ($_SERVER["HTTPS"] == "on" ? "https://" : "http://") . dirname($_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"]) . "/plugins/fever/" . "</p>";
+		print "<p>" . __("To login with the Fever API, set your server details in your favourite RSS application to: ") . get_self_url_prefix() . "/plugins/fever/" . "</p>";
 		print "<p>" . __("Additional details can be found at ") . "<a href=\"http://www.feedafever.com/api\" target=\"_blank\">http://www.feedafever.com/api</a></p>";
 
 		print "<p>" . __("Note: Due to the limitations of the API and some RSS clients (for example, Reeder on iOS), some features are unavailable: \"Special\" Feeds (Published / Tags / Labels / Fresh / Recent), Nested Categories (hierarchy is flattened)") . "</p>";
@@ -69,7 +69,7 @@ class Fever extends Plugin {
 			$result = db_query("SELECT login FROM ttrss_users WHERE id = '" . db_escape_string($_SESSION["uid"]) . "'");
 			if ($line = db_fetch_assoc($result))
 			{
-				$password = md5($line["login"] . ":" . db_escape_string($_POST["password"]));
+				$password = md5($line["login"] . ":" . $_POST["password"]);
 				$this->host->set($this, "password", $password);
 				echo __("Password saved.");
 			}