/** * This action is called before every other action in that class. It is * the common boiler plate for every action. It is triggered by the * underlying framework. */ public function firstAction() { if (!FreshRSS_Auth::hasAccess()) { Minz_Error::error(403); } Minz_View::prependTitle(_t('admin.stats.title') . ' · '); }
/** * This action is called before every other action in that class. It is * the common boiler plate for every action. It is triggered by the * underlying framework. * */ public function firstAction() { if (!FreshRSS_Auth::hasAccess()) { Minz_Error::error(403); } $catDAO = new FreshRSS_CategoryDAO(); $catDAO->checkDefault(); }
public static function truncate() { file_put_contents(join_path(DATA_PATH, 'users', Minz_Session::param('currentUser', '_'), 'log.txt'), ''); if (FreshRSS_Auth::hasAccess('admin')) { file_put_contents(join_path(DATA_PATH, 'users', '_', 'log.txt'), ''); file_put_contents(join_path(DATA_PATH, 'users', '_', 'log_api.txt'), ''); file_put_contents(join_path(DATA_PATH, 'users', '_', 'log_pshb.txt'), ''); } }
/** * This action is called before every other action in that class. It is * the common boiler plate for every action. It is triggered by the * underlying framework. */ public function firstAction() { if (!FreshRSS_Auth::hasAccess()) { Minz_Error::error(403); } require_once LIB_PATH . '/lib_opml.php'; $this->catDAO = new FreshRSS_CategoryDAO(); $this->entryDAO = FreshRSS_Factory::createEntryDao(); $this->feedDAO = FreshRSS_Factory::createFeedDao(); }
private function initAuth() { FreshRSS_Auth::init(); if (Minz_Request::isPost() && !is_referer_from_same_domain()) { // Basic protection against XSRF attacks FreshRSS_Auth::removeAccess(); $http_referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; Minz_Error::error(403, array('error' => array(_t('access_denied'), ' [HTTP_REFERER=' . htmlspecialchars($http_referer) . ']'))); } }
/** * This action is called before every other action in that class. It is * the common boiler plate for every action. It is triggered by the * underlying framework. */ public function firstAction() { if (!FreshRSS_Auth::hasAccess()) { Minz_Error::error(403); } $catDAO = new FreshRSS_CategoryDAO(); $catDAO->checkDefault(); $this->view->categories = $catDAO->listCategories(false); $this->view->default_category = $catDAO->getDefault(); }
/** * This action is called before every other action in that class. It is * the common boiler plate for every action. It is triggered by the * underlying framework. */ public function firstAction() { if (!FreshRSS_Auth::hasAccess()) { Minz_Error::error(403); } // If ajax request, we do not print layout $this->ajax = Minz_Request::param('ajax'); if ($this->ajax) { $this->view->_useLayout(false); Minz_Request::_param('ajax'); } }
private function initAuth() { FreshRSS_Auth::init(); if (Minz_Request::isPost() && !is_referer_from_same_domain()) { // Basic protection against XSRF attacks FreshRSS_Auth::removeAccess(); $http_referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; Minz_Translate::init('en'); //TODO: Better choice of fallback language Minz_Error::error(403, array('error' => array(_t('feedback.access.denied'), ' [HTTP_REFERER=' . htmlspecialchars($http_referer) . ']'))); } }
public function firstAction() { if (!FreshRSS_Auth::hasAccess('admin')) { Minz_Error::error(403); } invalidateHttpCache(); $this->view->update_to_apply = false; $this->view->last_update_time = 'unknown'; $timestamp = @filemtime(join_path(DATA_PATH, 'last_update.txt')); if ($timestamp !== false) { $this->view->last_update_time = timestamptodate($timestamp); } }
/** * This action is called before every other action in that class. It is * the common boiler plate for every action. It is triggered by the * underlying framework. */ public function firstAction() { if (!FreshRSS_Auth::hasAccess()) { // Token is useful in the case that anonymous refresh is forbidden // and CRON task cannot be used with php command so the user can // set a CRON task to refresh his feeds by using token inside url $token = FreshRSS_Context::$user_conf->token; $token_param = Minz_Request::param('token', ''); $token_is_ok = $token != '' && $token == $token_param; $action = Minz_Request::actionName(); $allow_anonymous_refresh = FreshRSS_Context::$system_conf->allow_anonymous_refresh; if ($action !== 'actualize' || !($allow_anonymous_refresh || $token_is_ok)) { Minz_Error::error(403); } } }
/** * This action handles deletion of an extension. * * Only administrator can remove an extension. * This action must be reached by a POST request. * * Parameter is: * -e: extension name (urlencoded) */ public function removeAction() { if (!FreshRSS_Auth::hasAccess('admin')) { Minz_Error::error(403); } $url_redirect = array('c' => 'extension', 'a' => 'index'); if (Minz_Request::isPost()) { $ext_name = urldecode(Minz_Request::param('e')); $ext = Minz_ExtensionManager::findExtension($ext_name); if (is_null($ext)) { Minz_Request::bad(_t('feedback.extensions.not_found', $ext_name), $url_redirect); } $res = recursive_unlink($ext->getPath()); if ($res) { Minz_Request::good(_t('feedback.extensions.removed', $ext_name), $url_redirect); } else { Minz_Request::bad(_t('feedback.extensions.cannot_delete', $ext_name), $url_redirect); } } Minz_Request::forward($url_redirect, true); }
/** * This action handles the archive configuration page. * * It displays the archive configuration page. * If this action is reached through a POST request, it stores all new * configuration values then sends a notification to the user. * * The options available on that page are: * - duration to retain old article (default: 3) * - number of article to retain per feed (default: 0) * - refresh frequency (default: -2) * * @todo explain why the default value is -2 but this value does not * exist in the drop-down list */ public function archivingAction() { if (Minz_Request::isPost()) { FreshRSS_Context::$user_conf->old_entries = Minz_Request::param('old_entries', 3); FreshRSS_Context::$user_conf->keep_history_default = Minz_Request::param('keep_history_default', 0); FreshRSS_Context::$user_conf->ttl_default = Minz_Request::param('ttl_default', -2); FreshRSS_Context::$user_conf->save(); invalidateHttpCache(); Minz_Request::good(_t('feedback.conf.updated'), array('c' => 'configure', 'a' => 'archiving')); } Minz_View::prependTitle(_t('conf.archiving.title') . ' · '); $entryDAO = FreshRSS_Factory::createEntryDao(); $this->view->nb_total = $entryDAO->count(); $this->view->size_user = $entryDAO->size(); if (FreshRSS_Auth::hasAccess('admin')) { $this->view->size_total = $entryDAO->size(true); } }
/** * This action removes all accesses of the current user. */ public function logoutAction() { invalidateHttpCache(); FreshRSS_Auth::removeAccess(); Minz_Request::good(_t('feedback.auth.logout.success'), array('c' => 'index', 'a' => 'index')); }
/** * The (not so long) list of setters for system configuration. */ private function _allow_anonymous(&$data, $value) { $data['allow_anonymous'] = $this->handleBool($value) && FreshRSS_Auth::accessNeedsAction(); }
/** * This action displays logs of FreshRSS for the current user. */ public function logsAction() { if (!FreshRSS_Auth::hasAccess()) { Minz_Error::error(403); } Minz_View::prependTitle(_t('index.log.title') . ' · '); if (Minz_Request::isPost()) { FreshRSS_LogDAO::truncate(); } $logs = FreshRSS_LogDAO::lines(); //TODO: ask only the necessary lines //gestion pagination $page = Minz_Request::param('page', 1); $this->view->logsPaginator = new Minz_Paginator($logs); $this->view->logsPaginator->_nbItemsPerPage(50); $this->view->logsPaginator->_currentPage($page); }
/** * This action handles the system configuration page. * * It displays the system configuration page. * If this action is reach through a POST request, it stores all new * configuration values then sends a notification to the user. * * The options available on the page are: * - user limit (default: 1) * - user category limit (default: 16384) * - user feed limit (default: 16384) */ public function systemAction() { if (!FreshRSS_Auth::hasAccess('admin')) { Minz_Error::error(403); } if (Minz_Request::isPost()) { $limits = FreshRSS_Context::$system_conf->limits; $limits['max_registrations'] = Minz_Request::param('max-registrations', 1); $limits['max_feeds'] = Minz_Request::param('max-feeds', 16384); $limits['max_categories'] = Minz_Request::param('max-categories', 16384); FreshRSS_Context::$system_conf->limits = $limits; FreshRSS_Context::$system_conf->title = Minz_Request::param('instance-name', 'FreshRSS'); FreshRSS_Context::$system_conf->auto_update_url = Minz_Request::param('auto-update-url', false); FreshRSS_Context::$system_conf->save(); invalidateHttpCache(); Minz_Session::_param('notification', array('type' => 'good', 'content' => _t('feedback.conf.updated'))); } }
/** * Removes all accesses for the current user. */ public static function removeAccess() { Minz_Session::_param('loginOk'); self::$login_ok = false; $conf = Minz_Configuration::get('system'); Minz_Session::_param('currentUser', $conf->default_user); switch ($conf->auth_type) { case 'form': Minz_Session::_param('passwordHash'); FreshRSS_FormAuth::deleteCookie(); break; case 'persona': Minz_Session::_param('mail'); break; case 'http_auth': case 'none': // Nothing to do... break; default: // TODO: extensions } }
public function deleteAction() { if (Minz_Request::isPost() && FreshRSS_Auth::hasAccess('admin')) { $db = FreshRSS_Context::$system_conf->db; require_once APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php'; $username = Minz_Request::param('username'); $ok = ctype_alnum($username); $user_data = join_path(DATA_PATH, 'users', $username); if ($ok) { $default_user = FreshRSS_Context::$system_conf->default_user; $ok &= strcasecmp($username, $default_user) !== 0; //It is forbidden to delete the default user } if ($ok) { $ok &= is_dir($user_data); } if ($ok) { $userDAO = new FreshRSS_UserDAO(); $ok &= $userDAO->deleteUser($username); $ok &= recursive_unlink($user_data); //TODO: delete Persona file } invalidateHttpCache(); $notif = array('type' => $ok ? 'good' : 'bad', 'content' => _t('feedback.user.deleted' . (!$ok ? '.error' : ''), $username)); Minz_Session::_param('notification', $notif); } Minz_Request::forward(array('c' => 'user', 'a' => 'manage'), true); }
/** * This action delete an existing user. * * Request parameter is: * - username * * @todo clean up this method. Idea: create a User->clean() method. */ public function deleteAction() { $username = Minz_Request::param('username'); $redirect_url = urldecode(Minz_Request::param('r', false, true)); if (!$redirect_url) { $redirect_url = array('c' => 'user', 'a' => 'manage'); } $self_deletion = Minz_Session::param('currentUser', '_') === $username; if (Minz_Request::isPost() && (FreshRSS_Auth::hasAccess('admin') || $self_deletion)) { $db = FreshRSS_Context::$system_conf->db; require_once APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php'; $ok = ctype_alnum($username); $user_data = join_path(DATA_PATH, 'users', $username); if ($ok) { $default_user = FreshRSS_Context::$system_conf->default_user; $ok &= strcasecmp($username, $default_user) !== 0; //It is forbidden to delete the default user } if ($ok && $self_deletion) { // We check the password if it's a self-destruction $nonce = Minz_Session::param('nonce'); $challenge = Minz_Request::param('challenge', ''); $ok &= FreshRSS_FormAuth::checkCredentials($username, FreshRSS_Context::$user_conf->passwordHash, $nonce, $challenge); } if ($ok) { $ok &= is_dir($user_data); } if ($ok) { $userDAO = new FreshRSS_UserDAO(); $ok &= $userDAO->deleteUser($username); $ok &= recursive_unlink($user_data); //TODO: delete Persona file } if ($ok && $self_deletion) { FreshRSS_Auth::removeAccess(); $redirect_url = array('c' => 'index', 'a' => 'index'); } invalidateHttpCache(); $notif = array('type' => $ok ? 'good' : 'bad', 'content' => _t('feedback.user.deleted' . (!$ok ? '.error' : ''), $username)); Minz_Session::_param('notification', $notif); } Minz_Request::forward($redirect_url, true); }
fwrite(STDOUT, 'FreshRSS skip inactive user ' . $user . "\n"); //Unbuffered } continue; } Minz_Log::notice('FreshRSS actualize ' . $user, $log_file); if (defined('STDOUT')) { fwrite(STDOUT, 'Actualize ' . $user . "...\n"); //Unbuffered } echo $user, ' '; //Buffered Minz_Session::_param('currentUser', $user); new Minz_ModelPdo($user); //TODO: FIXME: Quick-fix while waiting for a better FreshRSS() constructor/init FreshRSS_Auth::giveAccess(); $app->init(); $app->run(); if (!invalidateHttpCache()) { Minz_Log::notice('FreshRSS write access problem in ' . join_path(USERS_PATH, $user, 'log.txt'), $log_file); if (defined('STDERR')) { fwrite(STDERR, 'Write access problem in ' . join_path(USERS_PATH, $user, 'log.txt') . "\n"); } } } Minz_Log::notice('FreshRSS actualize done.', $log_file); if (defined('STDOUT')) { fwrite(STDOUT, 'Done.' . "\n"); $end_date = date_create('now'); $duration = date_diff($end_date, $begin_date); fwrite(STDOUT, 'Ending feed actualization at ' . $end_date->format('c') . "\n");