/**
* This action handles the display configuration page.
*
* It displays the display configuration page.
* If this action is reached through a POST request, it stores all new
* configuration values then sends a notification to the user.
*
* The options available on the page are:
* - language (default: en)
* - theme (default: Origin)
* - content width (default: thin)
* - display of read action in header
* - display of favorite action in header
* - display of date in header
* - display of open action in header
* - display of read action in footer
* - display of favorite action in footer
* - display of sharing action in footer
* - display of tags in footer
* - display of date in footer
* - display of open action in footer
* - html5 notification timeout (default: 0)
* Default values are false unless specified.
*/
public function displayAction()
{
if (Minz_Request::isPost()) {
FreshRSS_Context::$user_conf->language = Minz_Request::param('language', 'en');
FreshRSS_Context::$user_conf->theme = Minz_Request::param('theme', FreshRSS_Themes::$defaultTheme);
FreshRSS_Context::$user_conf->content_width = Minz_Request::param('content_width', 'thin');
FreshRSS_Context::$user_conf->topline_read = Minz_Request::param('topline_read', false);
FreshRSS_Context::$user_conf->topline_favorite = Minz_Request::param('topline_favorite', false);
FreshRSS_Context::$user_conf->topline_date = Minz_Request::param('topline_date', false);
FreshRSS_Context::$user_conf->topline_link = Minz_Request::param('topline_link', false);
FreshRSS_Context::$user_conf->bottomline_read = Minz_Request::param('bottomline_read', false);
FreshRSS_Context::$user_conf->bottomline_favorite = Minz_Request::param('bottomline_favorite', false);
FreshRSS_Context::$user_conf->bottomline_sharing = Minz_Request::param('bottomline_sharing', false);
FreshRSS_Context::$user_conf->bottomline_tags = Minz_Request::param('bottomline_tags', false);
FreshRSS_Context::$user_conf->bottomline_date = Minz_Request::param('bottomline_date', false);
FreshRSS_Context::$user_conf->bottomline_link = Minz_Request::param('bottomline_link', false);
FreshRSS_Context::$user_conf->html5_notif_timeout = Minz_Request::param('html5_notif_timeout', 0);
FreshRSS_Context::$user_conf->save();
Minz_Session::_param('language', FreshRSS_Context::$user_conf->language);
Minz_Translate::reset(FreshRSS_Context::$user_conf->language);
invalidateHttpCache();
Minz_Request::good(_t('feedback.conf.updated'), array('c' => 'configure', 'a' => 'display'));
}
$this->view->themes = FreshRSS_Themes::get();
Minz_View::prependTitle(_t('conf.display.title') . ' · ');
}
/**
* Reset the translation object with a new language.
* @param $lang_name the new language to use
*/
public static function reset($lang_name)
{
self::$lang_name = $lang_name;
self::$lang_files = array();
self::$translates = array();
foreach (self::$path_list as $path) {
self::loadLang($path);
}
}
/**
* Inclus le fichier de langue qui va bien
* l'enregistre dans $translates
*/
public static function init()
{
$l = Minz_Configuration::language();
self::$language = Minz_Session::param('language', $l);
$l_path = APP_PATH . '/i18n/' . self::$language . '.php';
if (file_exists($l_path)) {
self::$translates = (include $l_path);
}
}
/**
* Permet d'effacer une session
* @param $force si à false, n'efface pas le paramètre de langue
*/
public static function unset_session($force = false)
{
$language = self::param('language');
session_destroy();
$_SESSION = array();
if (!$force) {
self::_param('language', $language);
Minz_Translate::reset($language);
}
}
public function createUser($username)
{
require_once APP_PATH . '/sql.php';
$db = Minz_Configuration::dataBase();
$sql = sprintf(SQL_CREATE_TABLES, $db['prefix'] . $username . '_');
$stm = $this->bd->prepare($sql, array(PDO::ATTR_EMULATE_PREPARES => true));
$values = array('catName' => Minz_Translate::t('default_category'));
if ($stm && $stm->execute($values)) {
return true;
} else {
$info = $stm->errorInfo();
Minz_Log::record('SQL error : ' . $info[2], Minz_Log::ERROR);
return false;
}
}
private function _language(&$data, $value)
{
$value = strtolower($value);
$languages = Minz_Translate::availableLanguages();
if (!in_array($value, $languages)) {
$value = 'en';
}
$data['language'] = $value;
}
public function checkDefault()
{
$def_cat = $this->searchById(1);
if ($def_cat === false) {
$cat = new FreshRSS_Category(Minz_Translate::t('default_category'));
$cat->_id(1);
$values = array('id' => $cat->id(), 'name' => $cat->name());
$this->addCategory($values);
}
}
public function archivingAction()
{
if (Minz_Request::isPost()) {
$old = Minz_Request::param('old_entries', 3);
$keepHistoryDefault = Minz_Request::param('keep_history_default', 0);
$this->view->conf->_old_entries($old);
$this->view->conf->_keep_history_default($keepHistoryDefault);
$this->view->conf->save();
invalidateHttpCache();
$notif = array('type' => 'good', 'content' => Minz_Translate::t('configuration_updated'));
Minz_Session::_param('notification', $notif);
Minz_Request::forward(array('c' => 'configure', 'a' => 'archiving'), true);
}
Minz_View::prependTitle(Minz_Translate::t('archiving_configuration') . ' · ');
$entryDAO = new FreshRSS_EntryDAO();
$this->view->nb_total = $entryDAO->count();
$this->view->size_user = $entryDAO->size();
if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) {
$this->view->size_total = $entryDAO->size(true);
}
}
private function initI18n()
{
Minz_Session::_param('language', FreshRSS_Context::$user_conf->language);
Minz_Translate::init(FreshRSS_Context::$user_conf->language);
}
/**
* This action creates a new user.
*
* Request parameters are:
* - new_user_language
* - new_user_name
* - new_user_passwordPlain
* - new_user_email
* - r (i.e. a redirection url, optional)
*
* @todo clean up this method. Idea: write a method to init a user with basic information.
* @todo handle r redirection in Minz_Request::forward directly?
*/
public function createAction()
{
if (Minz_Request::isPost() && (FreshRSS_Auth::hasAccess('admin') || !max_registrations_reached())) {
$db = FreshRSS_Context::$system_conf->db;
require_once APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php';
$new_user_language = Minz_Request::param('new_user_language', FreshRSS_Context::$user_conf->language);
$languages = Minz_Translate::availableLanguages();
if (!isset($languages[$new_user_language])) {
$new_user_language = FreshRSS_Context::$user_conf->language;
}
$new_user_name = Minz_Request::param('new_user_name');
$ok = $new_user_name != '' && ctype_alnum($new_user_name);
if ($ok) {
$default_user = FreshRSS_Context::$system_conf->default_user;
$ok &= strcasecmp($new_user_name, $default_user) !== 0;
//It is forbidden to alter the default user
$ok &= !in_array(strtoupper($new_user_name), array_map('strtoupper', listUsers()));
//Not an existing user, case-insensitive
$configPath = join_path(DATA_PATH, 'users', $new_user_name, 'config.php');
$ok &= !file_exists($configPath);
}
if ($ok) {
$passwordPlain = Minz_Request::param('new_user_passwordPlain', '', true);
$passwordHash = '';
if ($passwordPlain != '') {
Minz_Request::_param('new_user_passwordPlain');
//Discard plain-text password ASAP
$_POST['new_user_passwordPlain'] = '';
if (!function_exists('password_hash')) {
include_once LIB_PATH . '/password_compat.php';
}
$passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => self::BCRYPT_COST));
$passwordPlain = '';
$passwordHash = preg_replace('/^\\$2[xy]\\$/', '\\$2a\\$', $passwordHash);
//Compatibility with bcrypt.js
$ok &= $passwordHash != '';
}
if (empty($passwordHash)) {
$passwordHash = '';
}
$new_user_email = filter_var($_POST['new_user_email'], FILTER_VALIDATE_EMAIL);
if (empty($new_user_email)) {
$new_user_email = '';
} else {
$personaFile = join_path(DATA_PATH, 'persona', $new_user_email . '.txt');
@unlink($personaFile);
$ok &= file_put_contents($personaFile, $new_user_name) !== false;
}
}
if ($ok) {
mkdir(join_path(DATA_PATH, 'users', $new_user_name));
$config_array = array('language' => $new_user_language, 'passwordHash' => $passwordHash, 'mail_login' => $new_user_email);
$ok &= file_put_contents($configPath, "<?php\n return " . var_export($config_array, true) . ';') !== false;
}
if ($ok) {
$userDAO = new FreshRSS_UserDAO();
$ok &= $userDAO->createUser($new_user_name);
}
invalidateHttpCache();
$notif = array('type' => $ok ? 'good' : 'bad', 'content' => _t('feedback.user.created' . (!$ok ? '.error' : ''), $new_user_name));
Minz_Session::_param('notification', $notif);
}
$redirect_url = urldecode(Minz_Request::param('r', false, true));
if (!$redirect_url) {
$redirect_url = array('c' => 'user', 'a' => 'manage');
}
Minz_Request::forward($redirect_url, true);
}
function printStep0()
{
$actual = Minz_Translate::language();
$languages = Minz_Translate::availableLanguages();
?>
<?php
$s0 = checkStep0();
if ($s0['all'] == 'ok') {
?>
<p class="alert alert-success"><span class="alert-head"><?php
echo _t('gen.short.ok');
?>
</span> <?php
echo _t('install.language.defined');
?>
</p>
<?php
}
?>
<form action="index.php?step=0" method="post">
<legend><?php
echo _t('install.language.choose');
?>
</legend>
<div class="form-group">
<label class="group-name" for="language"><?php
echo _t('install.language');
?>
</label>
<div class="group-controls">
<select name="language" id="language" tabindex="1" >
<?php
foreach ($languages as $lang) {
?>
<option value="<?php
echo $lang;
?>
"<?php
echo $actual == $lang ? ' selected="selected"' : '';
?>
>
<?php
echo _t('gen.lang.' . $lang);
?>
</option>
<?php
}
?>
</select>
</div>
</div>
<div class="form-group form-actions">
<div class="group-controls">
<button type="submit" class="btn btn-important" tabindex="2" ><?php
echo _t('gen.action.submit');
?>
</button>
<button type="reset" class="btn" tabindex="3" ><?php
echo _t('gen.action.cancel');
?>
</button>
<?php
if ($s0['all'] == 'ok') {
?>
<a class="btn btn-important next-step" href="?step=1" tabindex="4" ><?php
echo _t('install.action.next_step');
?>
</a>
<?php
}
?>
</div>
</div>
</form>
<?php
}
private function loadParamsView()
{
Minz_Session::_param('language', $this->conf->language);
Minz_Translate::init();
$output = Minz_Request::param('output', '');
if ($output === '' || $output !== 'normal' && $output !== 'rss' && $output !== 'reader' && $output !== 'global') {
$output = $this->conf->view_mode;
Minz_Request::_param('output', $output);
}
}
public function purgeAction()
{
@set_time_limit(300);
$nb_month_old = max($this->view->conf->old_entries, 1);
$date_min = time() - 3600 * 24 * 30 * $nb_month_old;
$feedDAO = new FreshRSS_FeedDAO();
$feeds = $feedDAO->listFeedsOrderUpdate();
$nbTotal = 0;
invalidateHttpCache();
foreach ($feeds as $feed) {
$feedHistory = $feed->keepHistory();
if ($feedHistory == -2) {
//default
$feedHistory = $this->view->conf->keep_history_default;
}
if ($feedHistory >= 0) {
$nb = $feedDAO->cleanOldEntries($feed->id(), $date_min, $feedHistory);
if ($nb > 0) {
$nbTotal += $nb;
Minz_Log::record($nb . ' old entries cleaned in feed [' . $feed->url() . ']', Minz_Log::DEBUG);
$feedDAO->updateLastUpdate($feed->id());
}
}
}
invalidateHttpCache();
$notif = array('type' => 'good', 'content' => Minz_Translate::t('purge_completed', $nbTotal));
Minz_Session::_param('notification', $notif);
Minz_Request::forward(array('c' => 'configure', 'a' => 'archiving'), true);
}
public function formLoginAction()
{
if (Minz_Request::isPost()) {
$ok = false;
$nonce = Minz_Session::param('nonce');
$username = Minz_Request::param('username', '');
$c = Minz_Request::param('challenge', '');
if (ctype_alnum($username) && ctype_graph($c) && ctype_alnum($nonce)) {
if (!function_exists('password_verify')) {
include_once LIB_PATH . '/password_compat.php';
}
try {
$conf = new FreshRSS_Configuration($username);
$s = $conf->passwordHash;
$ok = password_verify($nonce . $s, $c);
if ($ok) {
Minz_Session::_param('currentUser', $username);
Minz_Session::_param('passwordHash', $s);
} else {
Minz_Log::record('Password mismatch for user ' . $username . ', nonce=' . $nonce . ', c=' . $c, Minz_Log::WARNING);
}
} catch (Minz_Exception $me) {
Minz_Log::record('Login failure: ' . $me->getMessage(), Minz_Log::WARNING);
}
} else {
Minz_Log::record('Invalid credential parameters: user='******' challenge=' . $c . ' nonce=' . $nonce, Minz_Log::DEBUG);
}
if (!$ok) {
$notif = array('type' => 'bad', 'content' => Minz_Translate::t('invalid_login'));
Minz_Session::_param('notification', $notif);
}
$this->view->_useLayout(false);
Minz_Request::forward(array('c' => 'index', 'a' => 'index'), true);
} elseif (!Minz_Configuration::canLogIn()) {
Minz_Error::error(403, array('error' => array(Minz_Translate::t('access_denied'))));
}
invalidateHttpCache();
}
if (!isset($hubJson['error'])) {
$hubJson['error'] = true;
//Do not assume that PubSubHubbub works until the first successul push
}
file_put_contents('./!hub.json', json_encode($hubJson));
exit(isset($_REQUEST['hub_challenge']) ? $_REQUEST['hub_challenge'] : '');
}
if ($ORIGINAL_INPUT == '') {
header('HTTP/1.1 422 Unprocessable Entity');
die('Missing XML payload!');
}
Minz_Configuration::register('system', DATA_PATH . '/config.php', DATA_PATH . '/config.default.php');
$system_conf = Minz_Configuration::get('system');
$system_conf->auth_type = 'none';
// avoid necessity to be logged in (not saved!)
Minz_Translate::init('en');
Minz_Request::_param('ajax', true);
$feedController = new FreshRSS_feed_Controller();
$simplePie = customSimplePie();
$simplePie->set_raw_data($ORIGINAL_INPUT);
$simplePie->init();
unset($ORIGINAL_INPUT);
$links = $simplePie->get_links('self');
$self = isset($links[0]) ? $links[0] : null;
if ($self !== base64url_decode($canonical64)) {
//header('HTTP/1.1 422 Unprocessable Entity');
logMe('Warning: Self URL [' . $self . '] does not match registered canonical URL!: ' . base64url_decode($canonical64));
//die('Self URL does not match registered canonical URL!');
$self = base64url_decode($canonical64);
}
Minz_Request::_param('url', $self);
/**
* Register i18n files from ext_dir/i18n/
*/
public function registerTranslates()
{
$i18n_dir = $this->path . '/i18n';
Minz_Translate::registerPath($i18n_dir);
}
public function deleteAction()
{
if (Minz_Request::isPost() && Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) {
require_once APP_PATH . '/sql.php';
$username = Minz_Request::param('username');
$ok = ctype_alnum($username);
if ($ok) {
$ok &= strcasecmp($username, Minz_Configuration::defaultUser()) !== 0;
//It is forbidden to delete the default user
}
if ($ok) {
$configPath = DATA_PATH . '/' . $username . '_user.php';
$ok &= file_exists($configPath);
}
if ($ok) {
$userDAO = new FreshRSS_UserDAO();
$ok &= $userDAO->deleteUser($username);
$ok &= unlink($configPath);
//TODO: delete Persona file
}
invalidateHttpCache();
$notif = array('type' => $ok ? 'good' : 'bad', 'content' => Minz_Translate::t($ok ? 'user_deleted' : 'error_occurred', $username));
Minz_Session::_param('notification', $notif);
}
Minz_Request::forward(array('c' => 'configure', 'a' => 'users'), true);
}
function customSimplePie()
{
$simplePie = new SimplePie();
$simplePie->set_useragent(Minz_Translate::t('freshrss') . '/' . FRESHRSS_VERSION . ' (' . PHP_OS . '; ' . FRESHRSS_WEBSITE . ') ' . SIMPLEPIE_NAME . '/' . SIMPLEPIE_VERSION);
$simplePie->set_cache_location(CACHE_PATH);
$simplePie->set_cache_duration(1500);
$simplePie->strip_htmltags(array('base', 'blink', 'body', 'doctype', 'embed', 'font', 'form', 'frame', 'frameset', 'html', 'link', 'input', 'marquee', 'meta', 'noscript', 'object', 'param', 'plaintext', 'script', 'style'));
$simplePie->strip_attributes(array_merge($simplePie->strip_attributes, array('autoplay', 'onload', 'onunload', 'onclick', 'ondblclick', 'onmousedown', 'onmouseup', 'onmouseover', 'onmousemove', 'onmouseout', 'onfocus', 'onblur', 'onkeypress', 'onkeydown', 'onkeyup', 'onselect', 'onchange', 'seamless')));
$simplePie->add_attributes(array('img' => array('lazyload' => ''), 'audio' => array('preload' => 'none'), 'iframe' => array('postpone' => '', 'sandbox' => 'allow-scripts allow-same-origin'), 'video' => array('postpone' => '', 'preload' => 'none')));
$simplePie->set_url_replacements(array('a' => 'href', 'area' => 'href', 'audio' => 'src', 'blockquote' => 'cite', 'del' => 'cite', 'form' => 'action', 'iframe' => 'src', 'img' => array('longdesc', 'src'), 'input' => 'src', 'ins' => 'cite', 'q' => 'cite', 'source' => 'src', 'track' => 'src', 'video' => array('poster', 'src')));
return $simplePie;
}
public function deleteAction()
{
if (Minz_Request::isPost()) {
$type = Minz_Request::param('type', 'feed');
$id = Minz_Request::param('id');
$feedDAO = new FreshRSS_FeedDAO();
if ($type == 'category') {
if ($feedDAO->deleteFeedByCategory($id)) {
$notif = array('type' => 'good', 'content' => Minz_Translate::t('category_emptied'));
//TODO: Delete old favicons
} else {
$notif = array('type' => 'bad', 'content' => Minz_Translate::t('error_occured'));
}
} else {
if ($feedDAO->deleteFeed($id)) {
$notif = array('type' => 'good', 'content' => Minz_Translate::t('feed_deleted'));
//TODO: Delete old favicon
} else {
$notif = array('type' => 'bad', 'content' => Minz_Translate::t('error_occured'));
}
}
Minz_Session::_param('notification', $notif);
if ($type == 'category') {
Minz_Request::forward(array('c' => 'configure', 'a' => 'categorize'), true);
} else {
Minz_Request::forward(array('c' => 'configure', 'a' => 'feed'), true);
}
}
}
