/**
* This method initializes authentication system.
*/
public static function init()
{
self::$login_ok = Minz_Session::param('loginOk', false);
$current_user = Minz_Session::param('currentUser', '');
if ($current_user === '') {
$conf = Minz_Configuration::get('system');
$current_user = $conf->default_user;
Minz_Session::_param('currentUser', $current_user);
}
if (self::$login_ok) {
self::giveAccess();
} elseif (self::accessControl()) {
self::giveAccess();
FreshRSS_UserDAO::touch($current_user);
} else {
// Be sure all accesses are removed!
self::removeAccess();
}
}
public function deleteAction()
{
if (Minz_Request::isPost() && Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) {
require_once APP_PATH . '/sql.php';
$username = Minz_Request::param('username');
$ok = ctype_alnum($username);
if ($ok) {
$ok &= strcasecmp($username, Minz_Configuration::defaultUser()) !== 0;
//It is forbidden to delete the default user
}
if ($ok) {
$configPath = DATA_PATH . '/' . $username . '_user.php';
$ok &= file_exists($configPath);
}
if ($ok) {
$userDAO = new FreshRSS_UserDAO();
$ok &= $userDAO->deleteUser($username);
$ok &= unlink($configPath);
//TODO: delete Persona file
}
invalidateHttpCache();
$notif = array('type' => $ok ? 'good' : 'bad', 'content' => Minz_Translate::t($ok ? 'user_deleted' : 'error_occurred', $username));
Minz_Session::_param('notification', $notif);
}
Minz_Request::forward(array('c' => 'configure', 'a' => 'users'), true);
}
/**
* This action delete an existing user.
*
* Request parameter is:
* - username
*
* @todo clean up this method. Idea: create a User->clean() method.
*/
public function deleteAction()
{
$username = Minz_Request::param('username');
$redirect_url = urldecode(Minz_Request::param('r', false, true));
if (!$redirect_url) {
$redirect_url = array('c' => 'user', 'a' => 'manage');
}
$self_deletion = Minz_Session::param('currentUser', '_') === $username;
if (Minz_Request::isPost() && (FreshRSS_Auth::hasAccess('admin') || $self_deletion)) {
$db = FreshRSS_Context::$system_conf->db;
require_once APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php';
$ok = ctype_alnum($username);
$user_data = join_path(DATA_PATH, 'users', $username);
if ($ok) {
$default_user = FreshRSS_Context::$system_conf->default_user;
$ok &= strcasecmp($username, $default_user) !== 0;
//It is forbidden to delete the default user
}
if ($ok && $self_deletion) {
// We check the password if it's a self-destruction
$nonce = Minz_Session::param('nonce');
$challenge = Minz_Request::param('challenge', '');
$ok &= FreshRSS_FormAuth::checkCredentials($username, FreshRSS_Context::$user_conf->passwordHash, $nonce, $challenge);
}
if ($ok) {
$ok &= is_dir($user_data);
}
if ($ok) {
$userDAO = new FreshRSS_UserDAO();
$ok &= $userDAO->deleteUser($username);
$ok &= recursive_unlink($user_data);
//TODO: delete Persona file
}
if ($ok && $self_deletion) {
FreshRSS_Auth::removeAccess();
$redirect_url = array('c' => 'index', 'a' => 'index');
}
invalidateHttpCache();
$notif = array('type' => $ok ? 'good' : 'bad', 'content' => _t('feedback.user.deleted' . (!$ok ? '.error' : ''), $username));
Minz_Session::_param('notification', $notif);
}
Minz_Request::forward($redirect_url, true);
}
$app = new FreshRSS();
$system_conf = Minz_Configuration::get('system');
$system_conf->auth_type = 'none';
// avoid necessity to be logged in (not saved!)
// Create the list of users to actualize.
// Users are processed in a random order but always start with admin
$users = listUsers();
shuffle($users);
if ($system_conf->default_user !== '') {
array_unshift($users, $system_conf->default_user);
$users = array_unique($users);
}
$limits = $system_conf->limits;
$min_last_activity = time() - $limits['max_inactivity'];
foreach ($users as $user) {
if ($user !== $system_conf->default_user && FreshRSS_UserDAO::mtime($user) < $min_last_activity) {
Minz_Log::notice('FreshRSS skip inactive user ' . $user, $log_file);
if (defined('STDOUT')) {
fwrite(STDOUT, 'FreshRSS skip inactive user ' . $user . "\n");
//Unbuffered
}
continue;
}
Minz_Log::notice('FreshRSS actualize ' . $user, $log_file);
if (defined('STDOUT')) {
fwrite(STDOUT, 'Actualize ' . $user . "...\n");
//Unbuffered
}
echo $user, ' ';
//Buffered
Minz_Session::_param('currentUser', $user);
public function deleteAction()
{
if (Minz_Request::isPost() && FreshRSS_Auth::hasAccess('admin')) {
$db = FreshRSS_Context::$system_conf->db;
require_once APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php';
$username = Minz_Request::param('username');
$ok = ctype_alnum($username);
$user_data = join_path(DATA_PATH, 'users', $username);
if ($ok) {
$default_user = FreshRSS_Context::$system_conf->default_user;
$ok &= strcasecmp($username, $default_user) !== 0;
//It is forbidden to delete the default user
}
if ($ok) {
$ok &= is_dir($user_data);
}
if ($ok) {
$userDAO = new FreshRSS_UserDAO();
$ok &= $userDAO->deleteUser($username);
$ok &= recursive_unlink($user_data);
//TODO: delete Persona file
}
invalidateHttpCache();
$notif = array('type' => $ok ? 'good' : 'bad', 'content' => _t('feedback.user.deleted' . (!$ok ? '.error' : ''), $username));
Minz_Session::_param('notification', $notif);
}
Minz_Request::forward(array('c' => 'user', 'a' => 'manage'), true);
}
