Ejemplo n.º 1
0
 /**
  * This action is called before every other action in that class. It is
  * the common boiler plate for every action. It is triggered by the
  * underlying framework.
  */
 public function firstAction()
 {
     if (!FreshRSS_Auth::hasAccess()) {
         Minz_Error::error(403);
     }
     Minz_View::prependTitle(_t('admin.stats.title') . ' · ');
 }
Ejemplo n.º 2
0
 /**
  * This action handles the feed configuration page.
  *
  * It displays the feed configuration page.
  * If this action is reached through a POST request, it stores all new
  * configuraiton values then sends a notification to the user.
  *
  * The options available on the page are:
  *   - name
  *   - description
  *   - website URL
  *   - feed URL
  *   - category id (default: default category id)
  *   - CSS path to article on website
  *   - display in main stream (default: 0)
  *   - HTTP authentication
  *   - number of article to retain (default: -2)
  *   - refresh frequency (default: -2)
  * Default values are empty strings unless specified.
  */
 public function feedAction()
 {
     if (Minz_Request::param('ajax')) {
         $this->view->_useLayout(false);
     }
     $feedDAO = FreshRSS_Factory::createFeedDao();
     $this->view->feeds = $feedDAO->listFeeds();
     $id = Minz_Request::param('id');
     if ($id === false || !isset($this->view->feeds[$id])) {
         Minz_Error::error(404);
         return;
     }
     $this->view->feed = $this->view->feeds[$id];
     Minz_View::prependTitle(_t('sub.title.feed_management') . ' · ' . $this->view->feed->name() . ' · ');
     if (Minz_Request::isPost()) {
         $user = Minz_Request::param('http_user', '');
         $pass = Minz_Request::param('http_pass', '');
         $httpAuth = '';
         if ($user != '' || $pass != '') {
             $httpAuth = $user . ':' . $pass;
         }
         $cat = intval(Minz_Request::param('category', 0));
         $values = array('name' => Minz_Request::param('name', ''), 'description' => sanitizeHTML(Minz_Request::param('description', '', true)), 'website' => Minz_Request::param('website', ''), 'url' => Minz_Request::param('url', ''), 'category' => $cat, 'pathEntries' => Minz_Request::param('path_entries', ''), 'priority' => intval(Minz_Request::param('priority', 0)), 'httpAuth' => $httpAuth, 'keep_history' => intval(Minz_Request::param('keep_history', -2)), 'ttl' => intval(Minz_Request::param('ttl', -2)));
         invalidateHttpCache();
         $url_redirect = array('c' => 'subscription', 'params' => array('id' => $id));
         if ($feedDAO->updateFeed($id, $values) !== false) {
             $this->view->feed->_category($cat);
             $this->view->feed->faviconPrepare();
             Minz_Request::good(_t('feedback.sub.feed.updated'), $url_redirect);
         } else {
             Minz_Request::bad(_t('feedback.sub.feed.error'), $url_redirect);
         }
     }
 }
Ejemplo n.º 3
0
 /**
  * This action is called before every other action in that class. It is
  * the common boiler plate for every action. It is triggered by the
  * underlying framework.
  *
  */
 public function firstAction()
 {
     if (!FreshRSS_Auth::hasAccess()) {
         Minz_Error::error(403);
     }
     $catDAO = new FreshRSS_CategoryDAO();
     $catDAO->checkDefault();
 }
Ejemplo n.º 4
0
 private function initAuth()
 {
     FreshRSS_Auth::init();
     if (Minz_Request::isPost() && !is_referer_from_same_domain()) {
         // Basic protection against XSRF attacks
         FreshRSS_Auth::removeAccess();
         $http_referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
         Minz_Error::error(403, array('error' => array(_t('access_denied'), ' [HTTP_REFERER=' . htmlspecialchars($http_referer) . ']')));
     }
 }
Ejemplo n.º 5
0
 /**
  * This action is called before every other action in that class. It is
  * the common boiler plate for every action. It is triggered by the
  * underlying framework.
  */
 public function firstAction()
 {
     if (!FreshRSS_Auth::hasAccess()) {
         Minz_Error::error(403);
     }
     require_once LIB_PATH . '/lib_opml.php';
     $this->catDAO = new FreshRSS_CategoryDAO();
     $this->entryDAO = FreshRSS_Factory::createEntryDao();
     $this->feedDAO = FreshRSS_Factory::createFeedDao();
 }
Ejemplo n.º 6
0
 /**
  * This action is called before every other action in that class. It is
  * the common boiler plate for every action. It is triggered by the
  * underlying framework.
  */
 public function firstAction()
 {
     if (!FreshRSS_Auth::hasAccess()) {
         Minz_Error::error(403);
     }
     // If ajax request, we do not print layout
     $this->ajax = Minz_Request::param('ajax');
     if ($this->ajax) {
         $this->view->_useLayout(false);
         Minz_Request::_param('ajax');
     }
 }
Ejemplo n.º 7
0
 private function initAuth()
 {
     FreshRSS_Auth::init();
     if (Minz_Request::isPost() && !is_referer_from_same_domain()) {
         // Basic protection against XSRF attacks
         FreshRSS_Auth::removeAccess();
         $http_referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
         Minz_Translate::init('en');
         //TODO: Better choice of fallback language
         Minz_Error::error(403, array('error' => array(_t('feedback.access.denied'), ' [HTTP_REFERER=' . htmlspecialchars($http_referer) . ']')));
     }
 }
Ejemplo n.º 8
0
 public function firstAction()
 {
     if (!FreshRSS_Auth::hasAccess('admin')) {
         Minz_Error::error(403);
     }
     invalidateHttpCache();
     $this->view->update_to_apply = false;
     $this->view->last_update_time = 'unknown';
     $timestamp = @filemtime(join_path(DATA_PATH, 'last_update.txt'));
     if ($timestamp !== false) {
         $this->view->last_update_time = timestamptodate($timestamp);
     }
 }
Ejemplo n.º 9
0
 public function firstAction()
 {
     if (!$this->view->loginOk) {
         // Token is useful in the case that anonymous refresh is forbidden
         // and CRON task cannot be used with php command so the user can
         // set a CRON task to refresh his feeds by using token inside url
         $token = $this->view->conf->token;
         $token_param = Minz_Request::param('token', '');
         $token_is_ok = $token != '' && $token == $token_param;
         $action = Minz_Request::actionName();
         if (!(($token_is_ok || Minz_Configuration::allowAnonymousRefresh()) && $action === 'actualize')) {
             Minz_Error::error(403, array('error' => array(Minz_Translate::t('access_denied'))));
         }
     }
 }
Ejemplo n.º 10
0
 public function firstAction()
 {
     if (!$this->view->loginOk) {
         Minz_Error::error(403, array('error' => array(Minz_Translate::t('access_denied'))));
     }
     $this->params = array();
     $output = Minz_Request::param('output', '');
     if ($output != '' && $this->view->conf->view_mode !== $output) {
         $this->params['output'] = $output;
     }
     $this->redirect = false;
     $ajax = Minz_Request::param('ajax');
     if ($ajax) {
         $this->view->_useLayout(false);
     }
 }
Ejemplo n.º 11
0
 /**
  * Démarre l'application (lance le dispatcher et renvoie la réponse)
  */
 public function run()
 {
     try {
         $this->dispatcher->run();
     } catch (Minz_Exception $e) {
         try {
             Minz_Log::error($e->getMessage());
         } catch (Minz_PermissionDeniedException $e) {
             $this->killApp($e->getMessage());
         }
         if ($e instanceof Minz_FileNotExistException || $e instanceof Minz_ControllerNotExistException || $e instanceof Minz_ControllerNotActionControllerException || $e instanceof Minz_ActionException) {
             Minz_Error::error(404, array('error' => array($e->getMessage())), true);
         } else {
             $this->killApp();
         }
     }
 }
Ejemplo n.º 12
0
 /**
  * This action displays the user management page.
  */
 public function manageAction()
 {
     if (!FreshRSS_Auth::hasAccess('admin')) {
         Minz_Error::error(403);
     }
     Minz_View::prependTitle(_t('admin.user.title') . ' · ');
     // Get the correct current user.
     $username = Minz_Request::param('u', Minz_Session::param('currentUser'));
     if (!FreshRSS_UserDAO::exist($username)) {
         $username = Minz_Session::param('currentUser');
     }
     $this->view->current_user = $username;
     // Get information about the current user.
     $entryDAO = FreshRSS_Factory::createEntryDao($this->view->current_user);
     $this->view->nb_articles = $entryDAO->count();
     $this->view->size_user = $entryDAO->size();
 }
Ejemplo n.º 13
0
 public function feedAction()
 {
     $catDAO = new FreshRSS_CategoryDAO();
     $this->view->categories = $catDAO->listCategories(false);
     $feedDAO = new FreshRSS_FeedDAO();
     $this->view->feeds = $feedDAO->listFeeds();
     $id = Minz_Request::param('id');
     if ($id == false && !empty($this->view->feeds)) {
         $id = current($this->view->feeds)->id();
     }
     $this->view->flux = false;
     if ($id != false) {
         $this->view->flux = $this->view->feeds[$id];
         if (!$this->view->flux) {
             Minz_Error::error(404, array('error' => array(Minz_Translate::t('page_not_found'))));
         } else {
             if (Minz_Request::isPost() && $this->view->flux) {
                 $user = Minz_Request::param('http_user', '');
                 $pass = Minz_Request::param('http_pass', '');
                 $httpAuth = '';
                 if ($user != '' || $pass != '') {
                     $httpAuth = $user . ':' . $pass;
                 }
                 $cat = intval(Minz_Request::param('category', 0));
                 $values = array('name' => Minz_Request::param('name', ''), 'description' => sanitizeHTML(Minz_Request::param('description', '', true)), 'website' => Minz_Request::param('website', ''), 'url' => Minz_Request::param('url', ''), 'category' => $cat, 'pathEntries' => Minz_Request::param('path_entries', ''), 'priority' => intval(Minz_Request::param('priority', 0)), 'httpAuth' => $httpAuth, 'keep_history' => intval(Minz_Request::param('keep_history', -2)));
                 if ($feedDAO->updateFeed($id, $values)) {
                     $this->view->flux->_category($cat);
                     $this->view->flux->faviconPrepare();
                     $notif = array('type' => 'good', 'content' => Minz_Translate::t('feed_updated'));
                 } else {
                     $notif = array('type' => 'bad', 'content' => Minz_Translate::t('error_occurred_update'));
                 }
                 invalidateHttpCache();
                 Minz_Session::_param('notification', $notif);
                 Minz_Request::forward(array('c' => 'configure', 'a' => 'feed', 'params' => array('id' => $id)), true);
             }
             Minz_View::prependTitle(Minz_Translate::t('rss_feed_management') . ' — ' . $this->view->flux->name() . ' · ');
         }
     } else {
         Minz_View::prependTitle(Minz_Translate::t('rss_feed_management') . ' · ');
     }
 }
Ejemplo n.º 14
0
 /**
  * This action handles the login page.
  *
  * It forwards to the correct login page (form or Persona) or main page if
  * the user is already connected.
  */
 public function loginAction()
 {
     if (FreshRSS_Auth::hasAccess()) {
         Minz_Request::forward(array('c' => 'index', 'a' => 'index'), true);
     }
     $auth_type = FreshRSS_Context::$system_conf->auth_type;
     switch ($auth_type) {
         case 'form':
             Minz_Request::forward(array('c' => 'auth', 'a' => 'formLogin'));
             break;
         case 'persona':
             Minz_Request::forward(array('c' => 'auth', 'a' => 'personaLogin'));
             break;
         case 'http_auth':
         case 'none':
             // It should not happened!
             Minz_Error::error(404);
         default:
             // TODO load plugin instead
             Minz_Error::error(404);
     }
 }
Ejemplo n.º 15
0
 /**
  * This action changes the category of a feed.
  *
  * This page must be reached by a POST request.
  *
  * Parameters are:
  *   - f_id (default: false)
  *   - c_id (default: false)
  * If c_id is false, default category is used.
  *
  * @todo should handle order of the feed inside the category.
  */
 public function moveAction()
 {
     if (!Minz_Request::isPost()) {
         Minz_Request::forward(array('c' => 'subscription'), true);
     }
     $feed_id = Minz_Request::param('f_id');
     $cat_id = Minz_Request::param('c_id');
     if ($cat_id === false) {
         // If category was not given get the default one.
         $catDAO = new FreshRSS_CategoryDAO();
         $catDAO->checkDefault();
         $def_cat = $catDAO->getDefault();
         $cat_id = $def_cat->id();
     }
     $feedDAO = FreshRSS_Factory::createFeedDao();
     $values = array('category' => $cat_id);
     $feed = $feedDAO->searchById($feed_id);
     if ($feed && ($feed->category() == $cat_id || $feedDAO->updateFeed($feed_id, $values))) {
         // TODO: return something useful
     } else {
         Minz_Log::warning('Cannot move feed `' . $feed_id . '` ' . 'in the category `' . $cat_id . '`');
         Minz_Error::error(404);
     }
 }
Ejemplo n.º 16
0
 /**
  * This action gives possibility to a user to create an account.
  */
 public function registerAction()
 {
     if (max_registrations_reached()) {
         Minz_Error::error(403);
     }
     Minz_View::prependTitle(_t('gen.auth.registration.title') . ' · ');
 }
Ejemplo n.º 17
0
 /**
  * This action displays logs of FreshRSS for the current user.
  */
 public function logsAction()
 {
     if (!FreshRSS_Auth::hasAccess()) {
         Minz_Error::error(403);
     }
     Minz_View::prependTitle(_t('index.log.title') . ' · ');
     if (Minz_Request::isPost()) {
         FreshRSS_LogDAO::truncate();
     }
     $logs = FreshRSS_LogDAO::lines();
     //TODO: ask only the necessary lines
     //gestion pagination
     $page = Minz_Request::param('page', 1);
     $this->view->logsPaginator = new Minz_Paginator($logs);
     $this->view->logsPaginator->_nbItemsPerPage(50);
     $this->view->logsPaginator->_currentPage($page);
 }
Ejemplo n.º 18
0
 /**
  * This action handles the system configuration page.
  *
  * It displays the system configuration page.
  * If this action is reach through a POST request, it stores all new
  * configuration values then sends a notification to the user.
  *
  * The options available on the page are:
  *   - user limit (default: 1)
  *   - user category limit (default: 16384)
  *   - user feed limit (default: 16384)
  */
 public function systemAction()
 {
     if (!FreshRSS_Auth::hasAccess('admin')) {
         Minz_Error::error(403);
     }
     if (Minz_Request::isPost()) {
         $limits = FreshRSS_Context::$system_conf->limits;
         $limits['max_registrations'] = Minz_Request::param('max-registrations', 1);
         $limits['max_feeds'] = Minz_Request::param('max-feeds', 16384);
         $limits['max_categories'] = Minz_Request::param('max-categories', 16384);
         FreshRSS_Context::$system_conf->limits = $limits;
         FreshRSS_Context::$system_conf->title = Minz_Request::param('instance-name', 'FreshRSS');
         FreshRSS_Context::$system_conf->auto_update_url = Minz_Request::param('auto-update-url', false);
         FreshRSS_Context::$system_conf->save();
         invalidateHttpCache();
         Minz_Session::_param('notification', array('type' => 'good', 'content' => _t('feedback.conf.updated')));
     }
 }
Ejemplo n.º 19
0
 /**
  * This action is called before every other action in that class. It is
  * the common boiler plate for every action. It is triggered by the
  * underlying framework.
  */
 public function firstAction()
 {
     if (!FreshRSS_Auth::hasAccess()) {
         Minz_Error::error(403);
     }
 }
Ejemplo n.º 20
0
 public function formLoginAction()
 {
     if (Minz_Request::isPost()) {
         $ok = false;
         $nonce = Minz_Session::param('nonce');
         $username = Minz_Request::param('username', '');
         $c = Minz_Request::param('challenge', '');
         if (ctype_alnum($username) && ctype_graph($c) && ctype_alnum($nonce)) {
             if (!function_exists('password_verify')) {
                 include_once LIB_PATH . '/password_compat.php';
             }
             try {
                 $conf = new FreshRSS_Configuration($username);
                 $s = $conf->passwordHash;
                 $ok = password_verify($nonce . $s, $c);
                 if ($ok) {
                     Minz_Session::_param('currentUser', $username);
                     Minz_Session::_param('passwordHash', $s);
                 } else {
                     Minz_Log::record('Password mismatch for user ' . $username . ', nonce=' . $nonce . ', c=' . $c, Minz_Log::WARNING);
                 }
             } catch (Minz_Exception $me) {
                 Minz_Log::record('Login failure: ' . $me->getMessage(), Minz_Log::WARNING);
             }
         } else {
             Minz_Log::record('Invalid credential parameters: user='******' challenge=' . $c . ' nonce=' . $nonce, Minz_Log::DEBUG);
         }
         if (!$ok) {
             $notif = array('type' => 'bad', 'content' => Minz_Translate::t('invalid_login'));
             Minz_Session::_param('notification', $notif);
         }
         $this->view->_useLayout(false);
         Minz_Request::forward(array('c' => 'index', 'a' => 'index'), true);
     } elseif (!Minz_Configuration::canLogIn()) {
         Minz_Error::error(403, array('error' => array(Minz_Translate::t('access_denied'))));
     }
     invalidateHttpCache();
 }
Ejemplo n.º 21
0
 public function firstAction()
 {
     if (!$this->view->loginOk) {
         Minz_Error::error(403, array('error' => array(Minz_Translate::t('access_denied'))));
     }
 }
Ejemplo n.º 22
0
 /**
  * This action handles deletion of an extension.
  *
  * Only administrator can remove an extension.
  * This action must be reached by a POST request.
  *
  * Parameter is:
  * -e: extension name (urlencoded)
  */
 public function removeAction()
 {
     if (!FreshRSS_Auth::hasAccess('admin')) {
         Minz_Error::error(403);
     }
     $url_redirect = array('c' => 'extension', 'a' => 'index');
     if (Minz_Request::isPost()) {
         $ext_name = urldecode(Minz_Request::param('e'));
         $ext = Minz_ExtensionManager::findExtension($ext_name);
         if (is_null($ext)) {
             Minz_Request::bad(_t('feedback.extensions.not_found', $ext_name), $url_redirect);
         }
         $res = recursive_unlink($ext->getPath());
         if ($res) {
             Minz_Request::good(_t('feedback.extensions.removed', $ext_name), $url_redirect);
         } else {
             Minz_Request::bad(_t('feedback.extensions.cannot_delete', $ext_name), $url_redirect);
         }
     }
     Minz_Request::forward($url_redirect, true);
 }