/** * Enregistre un message dans un fichier de log spécifique * Message non loggué si * - environment = SILENT * - level = WARNING et environment = PRODUCTION * - level = NOTICE et environment = PRODUCTION * @param $information message d'erreur / information à enregistrer * @param $level niveau d'erreur * @param $file_name fichier de log */ public static function record($information, $level, $file_name = null) { try { $conf = Minz_Configuration::get('system'); $env = $conf->environment; } catch (Minz_ConfigurationException $e) { $env = 'production'; } if (!($env === 'silent' || $env === 'production' && $level >= Minz_Log::NOTICE)) { if ($file_name === null) { $file_name = join_path(USERS_PATH, Minz_Session::param('currentUser', '_'), 'log.txt'); } switch ($level) { case Minz_Log::ERROR: $level_label = 'error'; break; case Minz_Log::WARNING: $level_label = 'warning'; break; case Minz_Log::NOTICE: $level_label = 'notice'; break; case Minz_Log::DEBUG: $level_label = 'debug'; break; default: $level_label = 'unknown'; } $log = '[' . date('r') . ']' . ' [' . $level_label . ']' . ' --- ' . $information . "\n"; if (file_put_contents($file_name, $log, FILE_APPEND | LOCK_EX) === false) { throw new Minz_PermissionDeniedException($file_name, Minz_Exception::ERROR); } } }
/** * This action handles the display configuration page. * * It displays the display configuration page. * If this action is reached through a POST request, it stores all new * configuration values then sends a notification to the user. * * The options available on the page are: * - language (default: en) * - theme (default: Origin) * - content width (default: thin) * - display of read action in header * - display of favorite action in header * - display of date in header * - display of open action in header * - display of read action in footer * - display of favorite action in footer * - display of sharing action in footer * - display of tags in footer * - display of date in footer * - display of open action in footer * - html5 notification timeout (default: 0) * Default values are false unless specified. */ public function displayAction() { if (Minz_Request::isPost()) { FreshRSS_Context::$user_conf->language = Minz_Request::param('language', 'en'); FreshRSS_Context::$user_conf->theme = Minz_Request::param('theme', FreshRSS_Themes::$defaultTheme); FreshRSS_Context::$user_conf->content_width = Minz_Request::param('content_width', 'thin'); FreshRSS_Context::$user_conf->topline_read = Minz_Request::param('topline_read', false); FreshRSS_Context::$user_conf->topline_favorite = Minz_Request::param('topline_favorite', false); FreshRSS_Context::$user_conf->topline_date = Minz_Request::param('topline_date', false); FreshRSS_Context::$user_conf->topline_link = Minz_Request::param('topline_link', false); FreshRSS_Context::$user_conf->bottomline_read = Minz_Request::param('bottomline_read', false); FreshRSS_Context::$user_conf->bottomline_favorite = Minz_Request::param('bottomline_favorite', false); FreshRSS_Context::$user_conf->bottomline_sharing = Minz_Request::param('bottomline_sharing', false); FreshRSS_Context::$user_conf->bottomline_tags = Minz_Request::param('bottomline_tags', false); FreshRSS_Context::$user_conf->bottomline_date = Minz_Request::param('bottomline_date', false); FreshRSS_Context::$user_conf->bottomline_link = Minz_Request::param('bottomline_link', false); FreshRSS_Context::$user_conf->html5_notif_timeout = Minz_Request::param('html5_notif_timeout', 0); FreshRSS_Context::$user_conf->save(); Minz_Session::_param('language', FreshRSS_Context::$user_conf->language); Minz_Translate::reset(FreshRSS_Context::$user_conf->language); invalidateHttpCache(); Minz_Request::good(_t('feedback.conf.updated'), array('c' => 'configure', 'a' => 'display')); } $this->view->themes = FreshRSS_Themes::get(); Minz_View::prependTitle(_t('conf.display.title') . ' · '); }
/** * Créé la connexion à la base de données à l'aide des variables * HOST, BASE, USER et PASS définies dans le fichier de configuration */ public function __construct() { if (self::$useSharedBd && self::$sharedBd != null) { $this->bd = self::$sharedBd; $this->prefix = self::$sharedPrefix; return; } $db = Minz_Configuration::dataBase(); $driver_options = null; try { $type = $db['type']; if ($type == 'mysql') { $string = $type . ':host=' . $db['host'] . ';dbname=' . $db['base'] . ';charset=utf8'; $driver_options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'); } elseif ($type == 'sqlite') { $string = $type . ':/' . DATA_PATH . $db['base'] . '.sqlite'; //TODO: DEBUG UTF-8 http://www.siteduzero.com/forum/sujet/sqlite-connexion-utf-8-18797 } $this->bd = new FreshPDO($string, $db['user'], $db['password'], $driver_options); self::$sharedBd = $this->bd; $this->prefix = $db['prefix'] . Minz_Session::param('currentUser', '_') . '_'; self::$sharedPrefix = $this->prefix; } catch (Exception $e) { throw new Minz_PDOConnectionException($string, $db['user'], Minz_Exception::ERROR); } }
/** * Enregistre un message dans un fichier de log spécifique * Message non loggué si * - environment = SILENT * - level = WARNING et environment = PRODUCTION * - level = NOTICE et environment = PRODUCTION * @param $information message d'erreur / information à enregistrer * @param $level niveau d'erreur * @param $file_name fichier de log, par défaut LOG_PATH/application.log */ public static function record($information, $level, $file_name = null) { $env = Minz_Configuration::environment(); if (!($env === Minz_Configuration::SILENT || $env === Minz_Configuration::PRODUCTION && $level >= Minz_Log::NOTICE)) { if ($file_name === null) { $file_name = LOG_PATH . '/' . Minz_Session::param('currentUser', '_') . '.log'; } switch ($level) { case Minz_Log::ERROR: $level_label = 'error'; break; case Minz_Log::WARNING: $level_label = 'warning'; break; case Minz_Log::NOTICE: $level_label = 'notice'; break; case Minz_Log::DEBUG: $level_label = 'debug'; break; default: $level_label = 'unknown'; } $log = '[' . date('r') . ']' . ' [' . $level_label . ']' . ' --- ' . $information . "\n"; if (file_put_contents($file_name, $log, FILE_APPEND | LOCK_EX) === false) { throw new Minz_PermissionDeniedException($file_name, Minz_Exception::ERROR); } } }
/** * This action is the default one for the controller. * * It is called by Minz_Error::error() method. * * Parameters are passed by Minz_Session to have a proper url: * - error_code (default: 404) * - error_logs (default: array()) */ public function indexAction() { $code_int = Minz_Session::param('error_code', 404); $error_logs = Minz_Session::param('error_logs', array()); Minz_Session::_param('error_code'); Minz_Session::_param('error_logs'); switch ($code_int) { case 200: header('HTTP/1.1 200 OK'); break; case 403: header('HTTP/1.1 403 Forbidden'); $this->view->code = 'Error 403 - Forbidden'; $this->view->errorMessage = _t('feedback.access.denied'); break; case 500: header('HTTP/1.1 500 Internal Server Error'); $this->view->code = 'Error 500 - Internal Server Error'; break; case 503: header('HTTP/1.1 503 Service Unavailable'); $this->view->code = 'Error 503 - Service Unavailable'; break; case 404: default: header('HTTP/1.1 404 Not Found'); $this->view->code = 'Error 404 - Not found'; $this->view->errorMessage = _t('feedback.access.not_found'); } $error_message = trim(implode($error_logs)); if ($error_message !== '') { $this->view->errorMessage = $error_message; } Minz_View::prependTitle($this->view->code . ' · '); }
public function nonceAction() { header('Content-Type: application/json; charset=UTF-8'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s \\G\\M\\T')); header('Expires: 0'); header('Cache-Control: private, no-cache, no-store, must-revalidate'); header('Pragma: no-cache'); $user = isset($_GET['user']) ? $_GET['user'] : ''; if (ctype_alnum($user)) { try { $salt = FreshRSS_Context::$system_conf->salt; $conf = get_user_configuration($user); $s = $conf->passwordHash; if (strlen($s) >= 60) { $this->view->salt1 = substr($s, 0, 29); //CRYPT_BLOWFISH Salt: "$2a$", a two digit cost parameter, "$", and 22 characters from the alphabet "./0-9A-Za-z". $this->view->nonce = sha1($salt . uniqid(mt_rand(), true)); Minz_Session::_param('nonce', $this->view->nonce); return; //Success } } catch (Minz_Exception $me) { Minz_Log::warning('Nonce failure: ' . $me->getMessage()); } } else { Minz_Log::notice('Nonce failure due to invalid username!'); } //Failure: Return random data. $this->view->salt1 = sprintf('$2a$%02d$', FreshRSS_user_Controller::BCRYPT_COST); $alphabet = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; for ($i = 22; $i > 0; $i--) { $this->view->salt1 .= $alphabet[rand(0, 63)]; } $this->view->nonce = sha1(rand()); }
public function nonceAction() { header('Content-Type: application/json; charset=UTF-8'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s \\G\\M\\T')); header('Expires: 0'); header('Cache-Control: private, no-cache, no-store, must-revalidate'); header('Pragma: no-cache'); $user = isset($_GET['user']) ? $_GET['user'] : ''; if (ctype_alnum($user)) { try { $conf = new FreshRSS_Configuration($user); $s = $conf->passwordHash; if (strlen($s) >= 60) { $this->view->salt1 = substr($s, 0, 29); //CRYPT_BLOWFISH Salt: "$2a$", a two digit cost parameter, "$", and 22 characters from the alphabet "./0-9A-Za-z". $this->view->nonce = sha1(Minz_Configuration::salt() . uniqid(mt_rand(), true)); Minz_Session::_param('nonce', $this->view->nonce); return; //Success } } catch (Minz_Exception $me) { Minz_Log::record('Nonce failure: ' . $me->getMessage(), Minz_Log::WARNING); } } $this->view->nonce = ''; //Failure $this->view->salt1 = ''; }
public static function truncate() { file_put_contents(join_path(DATA_PATH, 'users', Minz_Session::param('currentUser', '_'), 'log.txt'), ''); if (FreshRSS_Auth::hasAccess('admin')) { file_put_contents(join_path(DATA_PATH, 'users', '_', 'log.txt'), ''); file_put_contents(join_path(DATA_PATH, 'users', '_', 'log_api.txt'), ''); file_put_contents(join_path(DATA_PATH, 'users', '_', 'log_pshb.txt'), ''); } }
/** * Inclus le fichier de langue qui va bien * l'enregistre dans $translates */ public static function init() { $l = Minz_Configuration::language(); self::$language = Minz_Session::param('language', $l); $l_path = APP_PATH . '/i18n/' . self::$language . '.php'; if (file_exists($l_path)) { self::$translates = (include $l_path); } }
/** * Permet d'effacer une session * @param $force si à false, n'efface pas le paramètre de langue */ public static function unset_session($force = false) { $language = self::param('language'); session_destroy(); self::$session = array(); if (!$force) { self::_param('language', $language); Minz_Translate::reset(); } }
public function handleConfigureAction() { $this->registerTranslates(); $current_user = Minz_Session::param('currentUser'); $filename = 'style.' . $current_user . '.css'; $filepath = join_path($this->getPath(), 'static', $filename); if (Minz_Request::isPost()) { $css_rules = Minz_Request::param('css-rules', ''); file_put_contents($filepath, $css_rules); } $this->css_rules = ''; if (file_exists($filepath)) { $this->css_rules = file_get_contents($filepath); } }
/** * Créé la connexion à la base de données à l'aide des variables * HOST, BASE, USER et PASS définies dans le fichier de configuration */ public function __construct($currentUser = null) { if (self::$useSharedBd && self::$sharedBd != null && $currentUser === null) { $this->bd = self::$sharedBd; $this->prefix = self::$sharedPrefix; $this->current_user = self::$sharedCurrentUser; return; } $conf = Minz_Configuration::get('system'); $db = $conf->db; if ($currentUser === null) { $currentUser = Minz_Session::param('currentUser', '_'); } $this->current_user = $currentUser; self::$sharedCurrentUser = $currentUser; $driver_options = isset($conf->db['pdo_options']) && is_array($conf->db['pdo_options']) ? $conf->db['pdo_options'] : array(); try { $type = $db['type']; if ($type === 'mysql') { $string = 'mysql:host=' . $db['host'] . ';dbname=' . $db['base'] . ';charset=utf8'; $driver_options[PDO::MYSQL_ATTR_INIT_COMMAND] = 'SET NAMES utf8'; $this->prefix = $db['prefix'] . $currentUser . '_'; } elseif ($type === 'pgsql') { $string = 'pgsql:host=' . $db['host'] . ';dbname=' . $db['base']; $this->prefix = $db['prefix'] . $currentUser . '_'; } elseif ($type === 'sqlite') { $string = 'sqlite:' . join_path(DATA_PATH, 'users', $currentUser, 'db.sqlite'); //$driver_options[PDO::ATTR_ERRMODE] = PDO::ERRMODE_EXCEPTION; $this->prefix = ''; } else { throw new Minz_PDOConnectionException('Invalid database type!', $db['user'], Minz_Exception::ERROR); } self::$sharedDbType = $type; self::$sharedPrefix = $this->prefix; $this->bd = new MinzPDO($string, $db['user'], $db['password'], $driver_options); if ($type === 'sqlite') { $this->bd->exec('PRAGMA foreign_keys = ON;'); } self::$sharedBd = $this->bd; } catch (Exception $e) { throw new Minz_PDOConnectionException($string, $db['user'], Minz_Exception::ERROR); } }
/** * Permet de lancer une erreur * @param $code le type de l'erreur, par défaut 404 (page not found) * @param $logs logs d'erreurs découpés de la forme * > $logs['error'] * > $logs['warning'] * > $logs['notice'] * @param $redirect indique s'il faut forcer la redirection (les logs ne seront pas transmis) */ public static function error($code = 404, $logs = array(), $redirect = true) { $logs = self::processLogs($logs); $error_filename = APP_PATH . '/Controllers/errorController.php'; if (file_exists($error_filename)) { Minz_Session::_param('error_code', $code); Minz_Session::_param('error_logs', $logs); Minz_Request::forward(array('c' => 'error'), $redirect); } else { echo '<h1>An error occured</h1>' . "\n"; if (!empty($logs)) { echo '<ul>' . "\n"; foreach ($logs as $log) { echo '<li>' . $log . '</li>' . "\n"; } echo '</ul>' . "\n"; } exit; } }
function checkToken($conf, $token) { //http://code.google.com/p/google-reader-api/wiki/ActionToken $user = Minz_Session::param('currentUser', '_'); logMe('checkToken(' . $token . ")\n"); $system_conf = Minz_Configuration::get('system'); if ($token === str_pad(sha1($system_conf->salt . $user . $conf->apiPasswordHash), 57, 'Z')) { return true; } unauthorized(); }
public function formLogoutAction() { $this->view->_useLayout(false); invalidateHttpCache(); Minz_Session::_param('currentUser'); Minz_Session::_param('mail'); Minz_Session::_param('passwordHash'); Minz_Request::forward(array('c' => 'index', 'a' => 'index'), true); }
/** * This action actualizes entries from one or several feeds. * * Parameters are: * - id (default: false): Feed ID * - url (default: false): Feed URL * - force (default: false) * If id and url are not specified, all the feeds are actualized. But if force is * false, process stops at 10 feeds to avoid time execution problem. */ public function actualizeAction($simplePiePush = null) { @set_time_limit(300); $feedDAO = FreshRSS_Factory::createFeedDao(); $entryDAO = FreshRSS_Factory::createEntryDao(); Minz_Session::_param('actualize_feeds', false); $id = Minz_Request::param('id'); $url = Minz_Request::param('url'); $force = Minz_Request::param('force'); // Create a list of feeds to actualize. // If id is set and valid, corresponding feed is added to the list but // alone in order to automatize further process. $feeds = array(); if ($id || $url) { $feed = $id ? $feedDAO->searchById($id) : $feedDAO->searchByUrl($url); if ($feed) { $feeds[] = $feed; } } else { $feeds = $feedDAO->listFeedsOrderUpdate(FreshRSS_Context::$user_conf->ttl_default); } // Calculate date of oldest entries we accept in DB. $nb_month_old = max(FreshRSS_Context::$user_conf->old_entries, 1); $date_min = time() - 3600 * 24 * 30 * $nb_month_old; // PubSubHubbub support $pubsubhubbubEnabledGeneral = FreshRSS_Context::$system_conf->pubsubhubbub_enabled; $pshbMinAge = time() - 3600 * 24; //TODO: Make a configuration. $updated_feeds = 0; $is_read = FreshRSS_Context::$user_conf->mark_when['reception'] ? 1 : 0; foreach ($feeds as $feed) { $url = $feed->url(); //For detection of HTTP 301 $pubSubHubbubEnabled = $pubsubhubbubEnabledGeneral && $feed->pubSubHubbubEnabled(); if (!$simplePiePush && !$id && $pubSubHubbubEnabled && $feed->lastUpdate() > $pshbMinAge) { //$text = 'Skip pull of feed using PubSubHubbub: ' . $url; //Minz_Log::debug($text); //file_put_contents(USERS_PATH . '/_/log_pshb.txt', date('c') . "\t" . $text . "\n", FILE_APPEND); continue; //When PubSubHubbub is used, do not pull refresh so often } if (!$feed->lock()) { Minz_Log::notice('Feed already being actualized: ' . $feed->url()); continue; } try { if ($simplePiePush) { $feed->loadEntries($simplePiePush); //Used by PubSubHubbub } else { $feed->load(false); } } catch (FreshRSS_Feed_Exception $e) { Minz_Log::warning($e->getMessage()); $feedDAO->updateLastUpdate($feed->id(), true); $feed->unlock(); continue; } $feed_history = $feed->keepHistory(); if ($feed_history == -2) { // TODO: -2 must be a constant! // -2 means we take the default value from configuration $feed_history = FreshRSS_Context::$user_conf->keep_history_default; } // We want chronological order and SimplePie uses reverse order. $entries = array_reverse($feed->entries()); if (count($entries) > 0) { $newGuids = array(); foreach ($entries as $entry) { $newGuids[] = $entry->guid(); } // For this feed, check existing GUIDs already in database. $existingHashForGuids = $entryDAO->listHashForFeedGuids($feed->id(), $newGuids); unset($newGuids); $oldGuids = array(); // Add entries in database if possible. foreach ($entries as $entry) { $entry_date = $entry->date(true); if (isset($existingHashForGuids[$entry->guid()])) { $existingHash = $existingHashForGuids[$entry->guid()]; if (strcasecmp($existingHash, $entry->hash()) === 0 || $existingHash === '00000000000000000000000000000000') { //This entry already exists and is unchanged. TODO: Remove the test with the zero'ed hash in FreshRSS v1.3 $oldGuids[] = $entry->guid(); } else { //This entry already exists but has been updated Minz_Log::debug('Entry with GUID `' . $entry->guid() . '` updated in feed ' . $feed->id() . ', old hash ' . $existingHash . ', new hash ' . $entry->hash()); //TODO: Make an updated/is_read policy by feed, in addition to the global one. $entry->_isRead(FreshRSS_Context::$user_conf->mark_updated_article_unread ? false : null); //Change is_read according to policy. if (!$entryDAO->hasTransaction()) { $entryDAO->beginTransaction(); } $entryDAO->updateEntry($entry->toArray()); } } elseif ($feed_history == 0 && $entry_date < $date_min) { // This entry should not be added considering configuration and date. $oldGuids[] = $entry->guid(); } else { if ($entry_date < $date_min) { $id = min(time(), $entry_date) . uSecString(); $entry->_isRead(true); //Old article that was not in database. Probably an error, so mark as read } else { $id = uTimeString(); $entry->_isRead($is_read); } $entry->_id($id); $entry = Minz_ExtensionManager::callHook('entry_before_insert', $entry); if ($entry === null) { // An extension has returned a null value, there is nothing to insert. continue; } if ($pubSubHubbubEnabled && !$simplePiePush) { //We use push, but have discovered an article by pull! $text = 'An article was discovered by pull although we use PubSubHubbub!: Feed ' . $url . ' GUID ' . $entry->guid(); file_put_contents(USERS_PATH . '/_/log_pshb.txt', date('c') . "\t" . $text . "\n", FILE_APPEND); Minz_Log::warning($text); $pubSubHubbubEnabled = false; $feed->pubSubHubbubError(true); } if (!$entryDAO->hasTransaction()) { $entryDAO->beginTransaction(); } $entryDAO->addEntry($entry->toArray()); } } $entryDAO->updateLastSeen($feed->id(), $oldGuids); } if ($feed_history >= 0 && rand(0, 30) === 1) { // TODO: move this function in web cron when available (see entry::purge) // Remove old entries once in 30. if (!$entryDAO->hasTransaction()) { $entryDAO->beginTransaction(); } $nb = $feedDAO->cleanOldEntries($feed->id(), $date_min, max($feed_history, count($entries) + 10)); if ($nb > 0) { Minz_Log::debug($nb . ' old entries cleaned in feed [' . $feed->url() . ']'); } } $feedDAO->updateLastUpdate($feed->id(), 0, $entryDAO->hasTransaction()); if ($entryDAO->hasTransaction()) { $entryDAO->commit(); } if ($feed->hubUrl() && $feed->selfUrl()) { //selfUrl has priority for PubSubHubbub if ($feed->selfUrl() !== $url) { //https://code.google.com/p/pubsubhubbub/wiki/MovingFeedsOrChangingHubs $selfUrl = checkUrl($feed->selfUrl()); if ($selfUrl) { Minz_Log::debug('PubSubHubbub unsubscribe ' . $feed->url()); if (!$feed->pubSubHubbubSubscribe(false)) { //Unsubscribe Minz_Log::warning('Error while PubSubHubbub unsubscribing from ' . $feed->url()); } $feed->_url($selfUrl, false); Minz_Log::notice('Feed ' . $url . ' canonical address moved to ' . $feed->url()); $feedDAO->updateFeed($feed->id(), array('url' => $feed->url())); } } } elseif ($feed->url() !== $url) { // HTTP 301 Moved Permanently Minz_Log::notice('Feed ' . $url . ' moved permanently to ' . $feed->url()); $feedDAO->updateFeed($feed->id(), array('url' => $feed->url())); } $feed->faviconPrepare(); if ($pubsubhubbubEnabledGeneral && $feed->pubSubHubbubPrepare()) { Minz_Log::notice('PubSubHubbub subscribe ' . $feed->url()); if (!$feed->pubSubHubbubSubscribe(true)) { //Subscribe Minz_Log::warning('Error while PubSubHubbub subscribing to ' . $feed->url()); } } $feed->unlock(); $updated_feeds++; unset($feed); // No more than 10 feeds unless $force is true to avoid overloading // the server. if ($updated_feeds >= 10 && !$force) { break; } } if (Minz_Request::param('ajax')) { // Most of the time, ajax request is for only one feed. But since // there are several parallel requests, we should return that there // are several updated feeds. $notif = array('type' => 'good', 'content' => _t('feedback.sub.feed.actualizeds')); Minz_Session::_param('notification', $notif); // No layout in ajax request. $this->view->_useLayout(false); } else { // Redirect to the main page with correct notification. if ($updated_feeds === 1) { $feed = reset($feeds); Minz_Request::good(_t('feedback.sub.feed.actualized', $feed->name()), array('params' => array('get' => 'f_' . $feed->id()))); } elseif ($updated_feeds > 1) { Minz_Request::good(_t('feedback.sub.feed.n_actualized', $updated_feeds), array()); } else { Minz_Request::good(_t('feedback.sub.feed.no_refresh'), array()); } } return $updated_feeds; }
/** * This action resets the authentication system. * * After reseting, form auth is set by default. */ public function resetAction() { Minz_View::prependTitle(_t('admin.auth.title_reset') . ' · '); Minz_View::appendScript(Minz_Url::display('/scripts/bcrypt.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/bcrypt.min.js'))); $this->view->no_form = false; // Enable changement of auth only if Persona! if (FreshRSS_Context::$system_conf->auth_type != 'persona') { $this->view->message = array('status' => 'bad', 'title' => _t('gen.short.damn'), 'body' => _t('feedback.auth.not_persona')); $this->view->no_form = true; return; } $conf = get_user_configuration(FreshRSS_Context::$system_conf->default_user); if (is_null($conf)) { return; } // Admin user must have set its master password. if (!$conf->passwordHash) { $this->view->message = array('status' => 'bad', 'title' => _t('gen.short.damn'), 'body' => _t('feedback.auth.no_password_set')); $this->view->no_form = true; return; } invalidateHttpCache(); if (Minz_Request::isPost()) { $nonce = Minz_Session::param('nonce'); $username = Minz_Request::param('username', ''); $challenge = Minz_Request::param('challenge', ''); $ok = FreshRSS_FormAuth::checkCredentials($username, $conf->passwordHash, $nonce, $challenge); if ($ok) { FreshRSS_Context::$system_conf->auth_type = 'form'; $ok = FreshRSS_Context::$system_conf->save(); if ($ok) { Minz_Request::good(_t('feedback.auth.form.set')); } else { Minz_Request::bad(_t('feedback.auth.form.not_set'), array('c' => 'auth', 'a' => 'reset')); } } else { Minz_Log::warning('Password mismatch for' . ' user='******', nonce=' . $nonce . ', c=' . $challenge); Minz_Request::bad(_t('feedback.auth.login.invalid'), array('c' => 'auth', 'a' => 'reset')); } } }
public function purgeAction() { @set_time_limit(300); $nb_month_old = max($this->view->conf->old_entries, 1); $date_min = time() - 3600 * 24 * 30 * $nb_month_old; $feedDAO = new FreshRSS_FeedDAO(); $feeds = $feedDAO->listFeedsOrderUpdate(); $nbTotal = 0; invalidateHttpCache(); foreach ($feeds as $feed) { $feedHistory = $feed->keepHistory(); if ($feedHistory == -2) { //default $feedHistory = $this->view->conf->keep_history_default; } if ($feedHistory >= 0) { $nb = $feedDAO->cleanOldEntries($feed->id(), $date_min, $feedHistory); if ($nb > 0) { $nbTotal += $nb; Minz_Log::record($nb . ' old entries cleaned in feed [' . $feed->url() . ']', Minz_Log::DEBUG); $feedDAO->updateLastUpdate($feed->id()); } } } invalidateHttpCache(); $notif = array('type' => 'good', 'content' => Minz_Translate::t('purge_completed', $nbTotal)); Minz_Session::_param('notification', $notif); Minz_Request::forward(array('c' => 'configure', 'a' => 'archiving'), true); }
function pubSubHubbubPrepare() { $key = ''; if (FreshRSS_Context::$system_conf->base_url && $this->hubUrl && $this->selfUrl && @is_dir(PSHB_PATH)) { $path = PSHB_PATH . '/feeds/' . base64url_encode($this->selfUrl); $hubFilename = $path . '/!hub.json'; if ($hubFile = @file_get_contents($hubFilename)) { $hubJson = json_decode($hubFile, true); if (!$hubJson || empty($hubJson['key']) || !ctype_xdigit($hubJson['key'])) { $text = 'Invalid JSON for PubSubHubbub: ' . $this->url; Minz_Log::warning($text); file_put_contents(USERS_PATH . '/_/log_pshb.txt', date('c') . "\t" . $text . "\n", FILE_APPEND); return false; } if (!empty($hubJson['lease_end']) && $hubJson['lease_end'] < time() + 3600 * 23) { //TODO: Make a better policy $text = 'PubSubHubbub lease ends at ' . date('c', empty($hubJson['lease_end']) ? time() : $hubJson['lease_end']) . ' and needs renewal: ' . $this->url; Minz_Log::warning($text); file_put_contents(USERS_PATH . '/_/log_pshb.txt', date('c') . "\t" . $text . "\n", FILE_APPEND); $key = $hubJson['key']; //To renew our lease } elseif ((!empty($hubJson['error']) || empty($hubJson['lease_end'])) && (empty($hubJson['lease_start']) || $hubJson['lease_start'] < time() - 3600 * 23)) { //Do not renew too often $key = $hubJson['key']; //To renew our lease } } else { @mkdir($path, 0777, true); $key = sha1($path . FreshRSS_Context::$system_conf->salt . uniqid(mt_rand(), true)); $hubJson = array('hub' => $this->hubUrl, 'key' => $key); file_put_contents($hubFilename, json_encode($hubJson)); @mkdir(PSHB_PATH . '/keys/'); file_put_contents(PSHB_PATH . '/keys/' . $key . '.txt', base64url_encode($this->selfUrl)); $text = 'PubSubHubbub prepared for ' . $this->url; Minz_Log::debug($text); file_put_contents(USERS_PATH . '/_/log_pshb.txt', date('c') . "\t" . $text . "\n", FILE_APPEND); } $currentUser = Minz_Session::param('currentUser'); if (ctype_alnum($currentUser) && !file_exists($path . '/' . $currentUser . '.txt')) { touch($path . '/' . $currentUser . '.txt'); } } return $key; }
/** * This action handles import action. * * It must be reached by a POST request. * * Parameter is: * - file (default: nothing!) * Available file types are: zip, json or xml. */ public function importAction() { if (!Minz_Request::isPost()) { Minz_Request::forward(array('c' => 'importExport', 'a' => 'index'), true); } $file = $_FILES['file']; $status_file = $file['error']; if ($status_file !== 0) { Minz_Log::error('File cannot be uploaded. Error code: ' . $status_file); Minz_Request::bad(_t('feedback.import_export.file_cannot_be_uploaded'), array('c' => 'importExport', 'a' => 'index')); } @set_time_limit(300); $type_file = $this->guessFileType($file['name']); $list_files = array('opml' => array(), 'json_starred' => array(), 'json_feed' => array()); // We try to list all files according to their type $list = array(); if ($type_file === 'zip' && extension_loaded('zip')) { $zip = zip_open($file['tmp_name']); if (!is_resource($zip)) { // zip_open cannot open file: something is wrong Minz_Log::error('Zip archive cannot be imported. Error code: ' . $zip); Minz_Request::bad(_t('feedback.import_export.zip_error'), array('c' => 'importExport', 'a' => 'index')); } while (($zipfile = zip_read($zip)) !== false) { if (!is_resource($zipfile)) { // zip_entry() can also return an error code! Minz_Log::error('Zip file cannot be imported. Error code: ' . $zipfile); } else { $type_zipfile = $this->guessFileType(zip_entry_name($zipfile)); if ($type_file !== 'unknown') { $list_files[$type_zipfile][] = zip_entry_read($zipfile, zip_entry_filesize($zipfile)); } } } zip_close($zip); } elseif ($type_file === 'zip') { // Zip extension is not loaded Minz_Request::bad(_t('feedback.import_export.no_zip_extension'), array('c' => 'importExport', 'a' => 'index')); } elseif ($type_file !== 'unknown') { $list_files[$type_file][] = file_get_contents($file['tmp_name']); } // Import file contents. // OPML first(so categories and feeds are imported) // Starred articles then so the "favourite" status is already set // And finally all other files. $error = false; foreach ($list_files['opml'] as $opml_file) { $error = $this->importOpml($opml_file); } foreach ($list_files['json_starred'] as $article_file) { $error = $this->importJson($article_file, true); } foreach ($list_files['json_feed'] as $article_file) { $error = $this->importJson($article_file); } // And finally, we get import status and redirect to the home page Minz_Session::_param('actualize_feeds', true); $content_notif = $error === true ? _t('feedback.import_export.feeds_imported_with_errors') : _t('feedback.import_export.feeds_imported'); Minz_Request::good($content_notif); }
function invalidateHttpCache() { Minz_Session::_param('touch', uTimeString()); return touch(LOG_PATH . '/' . Minz_Session::param('currentUser', '_') . '.log'); }
function invalidateHttpCache() { Minz_Session::_param('touch', uTimeString()); return touch(join_path(DATA_PATH, 'users', Minz_Session::param('currentUser', '_'), 'log.txt')); }
public function deleteAction() { if (Minz_Request::isPost() && Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) { require_once APP_PATH . '/sql.php'; $username = Minz_Request::param('username'); $ok = ctype_alnum($username); if ($ok) { $ok &= strcasecmp($username, Minz_Configuration::defaultUser()) !== 0; //It is forbidden to delete the default user } if ($ok) { $configPath = DATA_PATH . '/' . $username . '_user.php'; $ok &= file_exists($configPath); } if ($ok) { $userDAO = new FreshRSS_UserDAO(); $ok &= $userDAO->deleteUser($username); $ok &= unlink($configPath); //TODO: delete Persona file } invalidateHttpCache(); $notif = array('type' => $ok ? 'good' : 'bad', 'content' => Minz_Translate::t($ok ? 'user_deleted' : 'error_occurred', $username)); Minz_Session::_param('notification', $notif); } Minz_Request::forward(array('c' => 'configure', 'a' => 'users'), true); }
private function loadNotifications() { $notif = Minz_Session::param('notification'); if ($notif) { Minz_View::_param('notification', $notif); Minz_Session::_param('notification'); } }
$self = isset($links[0]) ? $links[0] : null; if ($self !== base64url_decode($canonical64)) { //header('HTTP/1.1 422 Unprocessable Entity'); logMe('Warning: Self URL [' . $self . '] does not match registered canonical URL!: ' . base64url_decode($canonical64)); //die('Self URL does not match registered canonical URL!'); $self = base64url_decode($canonical64); } Minz_Request::_param('url', $self); $nb = 0; foreach ($users as $userFilename) { $username = basename($userFilename, '.txt'); if (!file_exists(USERS_PATH . '/' . $username . '/config.php')) { break; } try { Minz_Session::_param('currentUser', $username); Minz_Configuration::register('user', join_path(USERS_PATH, $username, 'config.php'), join_path(USERS_PATH, '_', 'config.default.php')); FreshRSS_Context::init(); if ($feedController->actualizeAction($simplePie) > 0) { $nb++; } } catch (Exception $e) { logMe('Error: ' . $e->getMessage()); } } $simplePie->__destruct(); unset($simplePie); if ($nb === 0) { header('HTTP/1.1 410 Gone'); logMe('Error: Nobody is subscribed to this feed anymore after all!: ' . $self); die('Nobody is subscribed to this feed anymore after all!');
public function archivingAction() { if (Minz_Request::isPost()) { $old = Minz_Request::param('old_entries', 3); $keepHistoryDefault = Minz_Request::param('keep_history_default', 0); $this->view->conf->_old_entries($old); $this->view->conf->_keep_history_default($keepHistoryDefault); $this->view->conf->save(); invalidateHttpCache(); $notif = array('type' => 'good', 'content' => Minz_Translate::t('configuration_updated')); Minz_Session::_param('notification', $notif); Minz_Request::forward(array('c' => 'configure', 'a' => 'archiving'), true); } Minz_View::prependTitle(Minz_Translate::t('archiving_configuration') . ' · '); $entryDAO = new FreshRSS_EntryDAO(); $this->view->nb_total = $entryDAO->count(); $this->view->size_user = $entryDAO->size(); if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) { $this->view->size_total = $entryDAO->size(true); } }
public static function bad($msg, $url = array()) { Minz_Session::_param('notification', array('type' => 'bad', 'content' => $msg)); Minz_Request::forward($url, true); }
/** * This action delete an existing user. * * Request parameter is: * - username * * @todo clean up this method. Idea: create a User->clean() method. */ public function deleteAction() { $username = Minz_Request::param('username'); $redirect_url = urldecode(Minz_Request::param('r', false, true)); if (!$redirect_url) { $redirect_url = array('c' => 'user', 'a' => 'manage'); } $self_deletion = Minz_Session::param('currentUser', '_') === $username; if (Minz_Request::isPost() && (FreshRSS_Auth::hasAccess('admin') || $self_deletion)) { $db = FreshRSS_Context::$system_conf->db; require_once APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php'; $ok = ctype_alnum($username); $user_data = join_path(DATA_PATH, 'users', $username); if ($ok) { $default_user = FreshRSS_Context::$system_conf->default_user; $ok &= strcasecmp($username, $default_user) !== 0; //It is forbidden to delete the default user } if ($ok && $self_deletion) { // We check the password if it's a self-destruction $nonce = Minz_Session::param('nonce'); $challenge = Minz_Request::param('challenge', ''); $ok &= FreshRSS_FormAuth::checkCredentials($username, FreshRSS_Context::$user_conf->passwordHash, $nonce, $challenge); } if ($ok) { $ok &= is_dir($user_data); } if ($ok) { $userDAO = new FreshRSS_UserDAO(); $ok &= $userDAO->deleteUser($username); $ok &= recursive_unlink($user_data); //TODO: delete Persona file } if ($ok && $self_deletion) { FreshRSS_Auth::removeAccess(); $redirect_url = array('c' => 'index', 'a' => 'index'); } invalidateHttpCache(); $notif = array('type' => $ok ? 'good' : 'bad', 'content' => _t('feedback.user.deleted' . (!$ok ? '.error' : ''), $username)); Minz_Session::_param('notification', $notif); } Minz_Request::forward($redirect_url, true); }
# along with this program. If not, see <http://www.gnu.org/licenses/>. # # ***** END LICENSE BLOCK ***** require '../../constants.php'; require LIB_PATH . '/lib_rss.php'; //Includes class autoloader if (file_exists(DATA_PATH . '/do-install.txt')) { require APP_PATH . '/install.php'; } else { session_cache_limiter(''); Minz_Session::init('FreshRSS'); Minz_Session::_param('keepAlive', 1); //For Persona if (!file_exists(DATA_PATH . '/no-cache.txt')) { require LIB_PATH . '/http-conditional.php'; $currentUser = Minz_Session::param('currentUser', ''); $dateLastModification = $currentUser === '' ? time() : max(@filemtime(join_path(USERS_PATH, $currentUser, 'log.txt')), @filemtime(join_path(DATA_PATH, 'config.php'))); if (httpConditional($dateLastModification, 0, 0, false, PHP_COMPRESSION, true)) { exit; //No need to send anything } } try { $front_controller = new FreshRSS(); $front_controller->init(); $front_controller->run(); } catch (Exception $e) { echo '### Fatal error! ###<br />', "\n"; Minz_Log::error($e->getMessage()); echo 'See logs files.'; }
public static function truncate() { file_put_contents(LOG_PATH . '/' . Minz_Session::param('currentUser', '_') . '.log', ''); }