/**
* Permet de lancer une erreur
* @param $code le type de l'erreur, par défaut 404 (page not found)
* @param $logs logs d'erreurs découpés de la forme
* > $logs['error']
* > $logs['warning']
* > $logs['notice']
* @param $redirect indique s'il faut forcer la redirection (les logs ne seront pas transmis)
*/
public static function error($code = 404, $logs = array(), $redirect = false)
{
$logs = self::processLogs($logs);
$error_filename = APP_PATH . '/Controllers/errorController.php';
if (file_exists($error_filename)) {
$params = array('code' => $code, 'logs' => $logs);
Minz_Response::setHeader($code);
if ($redirect) {
Minz_Request::forward(array('c' => 'error'), true);
} else {
Minz_Request::forward(array('c' => 'error', 'params' => $params), false);
}
} else {
$text = '<h1>An error occured</h1>' . "\n";
if (!empty($logs)) {
$text .= '<ul>' . "\n";
foreach ($logs as $log) {
$text .= '<li>' . $log . '</li>' . "\n";
}
$text .= '</ul>' . "\n";
}
Minz_Response::setHeader($code);
Minz_Response::setBody($text);
Minz_Response::send();
exit;
}
}
private function initAuth()
{
FreshRSS_Auth::init();
if (Minz_Request::isPost() && !is_referer_from_same_domain()) {
// Basic protection against XSRF attacks
FreshRSS_Auth::removeAccess();
$http_referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
Minz_Error::error(403, array('error' => array(_t('access_denied'), ' [HTTP_REFERER=' . htmlspecialchars($http_referer) . ']')));
}
}
/**
* Retourne un tableau représentant l'url passée par la barre d'adresses
* @return tableau représentant l'url
*/
private function buildUrl()
{
$url = array();
$url['c'] = Minz_Request::fetchGET('c', Minz_Request::defaultControllerName());
$url['a'] = Minz_Request::fetchGET('a', Minz_Request::defaultActionName());
$url['params'] = Minz_Request::fetchGET();
// post-traitement
unset($url['params']['c']);
unset($url['params']['a']);
return $url;
}
private function initAuth()
{
FreshRSS_Auth::init();
if (Minz_Request::isPost() && !is_referer_from_same_domain()) {
// Basic protection against XSRF attacks
FreshRSS_Auth::removeAccess();
$http_referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
Minz_Translate::init('en');
//TODO: Better choice of fallback language
Minz_Error::error(403, array('error' => array(_t('feedback.access.denied'), ' [HTTP_REFERER=' . htmlspecialchars($http_referer) . ']')));
}
}
public function handleConfigureAction()
{
$this->registerTranslates();
$current_user = Minz_Session::param('currentUser');
$filename = 'style.' . $current_user . '.css';
$filepath = join_path($this->getPath(), 'static', $filename);
if (Minz_Request::isPost()) {
$css_rules = Minz_Request::param('css-rules', '');
file_put_contents($filepath, $css_rules);
}
$this->css_rules = '';
if (file_exists($filepath)) {
$this->css_rules = file_get_contents($filepath);
}
}
/**
* Lance le controller indiqué dans Request
* Remplit le body de Response à partir de la Vue
* @exception Minz_Exception
*/
public function run($ob = true)
{
$cache = new Minz_Cache();
// Le ob_start est dupliqué : sans ça il y a un bug sous Firefox
// ici on l'appelle avec 'ob_gzhandler', après sans.
// Vraisemblablement la compression fonctionne mais c'est sale
// J'ignore les effets de bord :(
if ($ob) {
ob_start('ob_gzhandler');
}
if (Minz_Cache::isEnabled() && !$cache->expired()) {
if ($ob) {
ob_start();
}
$cache->render();
if ($ob) {
$text = ob_get_clean();
}
} else {
$text = '';
//TODO: Clean this code
while (Minz_Request::$reseted) {
Minz_Request::$reseted = false;
try {
$this->createController('FreshRSS_' . Minz_Request::controllerName() . '_Controller');
$this->controller->init();
$this->controller->firstAction();
$this->launchAction(Minz_Request::actionName() . 'Action');
$this->controller->lastAction();
if (!Minz_Request::$reseted) {
if ($ob) {
ob_start();
}
$this->controller->view()->build();
if ($ob) {
$text = ob_get_clean();
}
}
} catch (Minz_Exception $e) {
throw $e;
}
}
if (Minz_Cache::isEnabled()) {
$cache->cache($text);
}
}
Minz_Response::setBody($text);
}
/**
* Vérifie que les éléments du tableau représentant une url soit ok
* @param l'url sous forme de tableau (sinon renverra directement $url)
* @return l'url vérifié
*/
public static function checkUrl($url)
{
$url_checked = $url;
if (is_array($url)) {
if (!isset($url['c'])) {
$url_checked['c'] = Minz_Request::defaultControllerName();
}
if (!isset($url['a'])) {
$url_checked['a'] = Minz_Request::defaultActionName();
}
if (!isset($url['params'])) {
$url_checked['params'] = array();
}
}
return $url_checked;
}
/**
* Constructeur
* Initialise le router et le dispatcher
*/
public function __construct()
{
if (LOG_PATH === false) {
$this->killApp('Path not found: LOG_PATH');
}
try {
Minz_Configuration::init();
Minz_Request::init();
$this->router = new Minz_Router();
$this->router->init();
} catch (Minz_RouteNotFoundException $e) {
Minz_Log::record($e->getMessage(), Minz_Log::ERROR);
Minz_Error::error(404, array('error' => array($e->getMessage())));
} catch (Minz_Exception $e) {
Minz_Log::record($e->getMessage(), Minz_Log::ERROR);
$this->killApp($e->getMessage());
}
$this->dispatcher = Minz_Dispatcher::getInstance($this->router);
}
/**
* Permet de lancer une erreur
* @param $code le type de l'erreur, par défaut 404 (page not found)
* @param $logs logs d'erreurs découpés de la forme
* > $logs['error']
* > $logs['warning']
* > $logs['notice']
* @param $redirect indique s'il faut forcer la redirection (les logs ne seront pas transmis)
*/
public static function error($code = 404, $logs = array(), $redirect = true)
{
$logs = self::processLogs($logs);
$error_filename = APP_PATH . '/Controllers/errorController.php';
if (file_exists($error_filename)) {
Minz_Session::_param('error_code', $code);
Minz_Session::_param('error_logs', $logs);
Minz_Request::forward(array('c' => 'error'), $redirect);
} else {
echo '<h1>An error occured</h1>' . "\n";
if (!empty($logs)) {
echo '<ul>' . "\n";
foreach ($logs as $log) {
echo '<li>' . $log . '</li>' . "\n";
}
echo '</ul>' . "\n";
}
exit;
}
}
/**
* Lance le controller indiqué dans Request
* Remplit le body de Response à partir de la Vue
* @exception Minz_Exception
*/
public function run()
{
do {
self::$needsReset = false;
try {
$this->createController(Minz_Request::controllerName());
$this->controller->init();
$this->controller->firstAction();
if (!self::$needsReset) {
$this->launchAction(Minz_Request::actionName() . 'Action');
}
$this->controller->lastAction();
if (!self::$needsReset) {
$this->controller->view()->build();
}
} catch (Minz_Exception $e) {
throw $e;
}
} while (self::$needsReset);
}
public function indexAction()
{
switch (Minz_Request::param('code')) {
case 403:
$this->view->code = 'Error 403 - Forbidden';
break;
case 404:
$this->view->code = 'Error 404 - Not found';
break;
case 500:
$this->view->code = 'Error 500 - Internal Server Error';
break;
case 503:
$this->view->code = 'Error 503 - Service Unavailable';
break;
default:
$this->view->code = 'Error 404 - Not found';
}
$this->view->logs = Minz_Request::param('logs');
Minz_View::prependTitle($this->view->code . ' · ');
}
/**
* Retourne un tableau représentant l'url passée par la barre d'adresses
* Se base sur la table de routage
* @return tableau représentant l'url
* @exception RouteNotFoundException si l'uri n'est pas présente dans
* > la table de routage
*/
public function buildWithRewriting()
{
$url = array();
$uri = Minz_Request::getURI();
$find = false;
foreach ($this->routes as $route) {
$regex = '*^' . $route['route'] . '$*';
if (preg_match($regex, $uri, $matches)) {
$url['c'] = $route['controller'];
$url['a'] = $route['action'];
$url['params'] = $this->getParams($route['params'], $matches);
$find = true;
break;
}
}
if (!$find && $uri != '/') {
throw new Minz_RouteNotFoundException($uri, Minz_Exception::ERROR);
}
// post-traitement
$url = Minz_Url::checkUrl($url);
return $url;
}
/**
* This action handles the creation of a user query.
*
* It gets the GET parameters and stores them in the configuration query
* storage. Before it is saved, the unwanted parameters are unset to keep
* lean data.
*/
public function addQueryAction()
{
$whitelist = array('get', 'order', 'name', 'search', 'state');
$queries = FreshRSS_Context::$user_conf->queries;
$query = Minz_Request::params();
$query['name'] = _t('conf.query.number', count($queries) + 1);
foreach ($query as $key => $value) {
if (!in_array($key, $whitelist)) {
unset($query[$key]);
}
}
$queries[] = $query;
FreshRSS_Context::$user_conf->queries = $queries;
FreshRSS_Context::$user_conf->save();
Minz_Request::good(_t('feedback.conf.query_created', $query['name']), array('c' => 'configure', 'a' => 'queries'));
}
Minz_Translate::init('en');
Minz_Request::_param('ajax', true);
$feedController = new FreshRSS_feed_Controller();
$simplePie = customSimplePie();
$simplePie->set_raw_data($ORIGINAL_INPUT);
$simplePie->init();
unset($ORIGINAL_INPUT);
$links = $simplePie->get_links('self');
$self = isset($links[0]) ? $links[0] : null;
if ($self !== base64url_decode($canonical64)) {
//header('HTTP/1.1 422 Unprocessable Entity');
logMe('Warning: Self URL [' . $self . '] does not match registered canonical URL!: ' . base64url_decode($canonical64));
//die('Self URL does not match registered canonical URL!');
$self = base64url_decode($canonical64);
}
Minz_Request::_param('url', $self);
$nb = 0;
foreach ($users as $userFilename) {
$username = basename($userFilename, '.txt');
if (!file_exists(USERS_PATH . '/' . $username . '/config.php')) {
break;
}
try {
Minz_Session::_param('currentUser', $username);
Minz_Configuration::register('user', join_path(USERS_PATH, $username, 'config.php'), join_path(USERS_PATH, '_', 'config.default.php'));
FreshRSS_Context::init();
if ($feedController->actualizeAction($simplePie) > 0) {
$nb++;
}
} catch (Exception $e) {
logMe('Error: ' . $e->getMessage());
public static function bad($msg, $url = array())
{
Minz_Session::_param('notification', array('type' => 'bad', 'content' => $msg));
Minz_Request::forward($url, true);
}
private function loadStylesAndScripts($loginOk)
{
$theme = FreshRSS_Themes::load($this->conf->theme);
if ($theme) {
foreach ($theme['files'] as $file) {
Minz_View::appendStyle(Minz_Url::display('/themes/' . $theme['id'] . '/' . $file . '?' . @filemtime(PUBLIC_PATH . '/themes/' . $theme['id'] . '/' . $file)));
}
}
switch (Minz_Configuration::authType()) {
case 'form':
if (!$loginOk) {
Minz_View::appendScript(Minz_Url::display('/scripts/bcrypt.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/bcrypt.min.js')));
}
break;
case 'persona':
Minz_View::appendScript('https://login.persona.org/include.js');
break;
}
$includeLazyLoad = $this->conf->lazyload && ($this->conf->display_posts || Minz_Request::param('output') === 'reader');
Minz_View::appendScript(Minz_Url::display('/scripts/jquery.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/jquery.min.js')), false, !$includeLazyLoad, !$includeLazyLoad);
if ($includeLazyLoad) {
Minz_View::appendScript(Minz_Url::display('/scripts/jquery.lazyload.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/jquery.lazyload.min.js')));
}
Minz_View::appendScript(Minz_Url::display('/scripts/shortcut.js?' . @filemtime(PUBLIC_PATH . '/scripts/shortcut.js')));
Minz_View::appendScript(Minz_Url::display('/scripts/main.js?' . @filemtime(PUBLIC_PATH . '/scripts/main.js')));
}
public function purgeAction()
{
@set_time_limit(300);
$nb_month_old = max($this->view->conf->old_entries, 1);
$date_min = time() - 3600 * 24 * 30 * $nb_month_old;
$feedDAO = new FreshRSS_FeedDAO();
$feeds = $feedDAO->listFeedsOrderUpdate();
$nbTotal = 0;
invalidateHttpCache();
foreach ($feeds as $feed) {
$feedHistory = $feed->keepHistory();
if ($feedHistory == -2) {
//default
$feedHistory = $this->view->conf->keep_history_default;
}
if ($feedHistory >= 0) {
$nb = $feedDAO->cleanOldEntries($feed->id(), $date_min, $feedHistory);
if ($nb > 0) {
$nbTotal += $nb;
Minz_Log::record($nb . ' old entries cleaned in feed [' . $feed->url() . ']', Minz_Log::DEBUG);
$feedDAO->updateLastUpdate($feed->id());
}
}
}
invalidateHttpCache();
$notif = array('type' => 'good', 'content' => Minz_Translate::t('purge_completed', $nbTotal));
Minz_Session::_param('notification', $notif);
Minz_Request::forward(array('c' => 'configure', 'a' => 'archiving'), true);
}
/**
* This action handles export action.
*
* This action must be reached by a POST request.
*
* Parameters are:
* - export_opml (default: false)
* - export_starred (default: false)
* - export_feeds (default: array()) a list of feed ids
*/
public function exportAction()
{
if (!Minz_Request::isPost()) {
Minz_Request::forward(array('c' => 'importExport', 'a' => 'index'), true);
}
$this->view->_useLayout(false);
$export_opml = Minz_Request::param('export_opml', false);
$export_starred = Minz_Request::param('export_starred', false);
$export_feeds = Minz_Request::param('export_feeds', array());
$export_files = array();
if ($export_opml) {
$export_files['feeds.opml'] = $this->generateOpml();
}
if ($export_starred) {
$export_files['starred.json'] = $this->generateEntries('starred');
}
foreach ($export_feeds as $feed_id) {
$feed = $this->feedDAO->searchById($feed_id);
if ($feed) {
$filename = 'feed_' . $feed->category() . '_' . $feed->id() . '.json';
$export_files[$filename] = $this->generateEntries('feed', $feed);
}
}
$nb_files = count($export_files);
if ($nb_files > 1) {
// If there are more than 1 file to export, we need a zip archive.
try {
$this->exportZip($export_files);
} catch (Exception $e) {
# Oops, there is no Zip extension!
Minz_Request::bad(_t('feedback.import_export.export_no_zip_extension'), array('c' => 'importExport', 'a' => 'index'));
}
} elseif ($nb_files === 1) {
// Only one file? Guess its type and export it.
$filename = key($export_files);
$type = $this->guessFileType($filename);
$this->exportFile('freshrss_' . $filename, $export_files[$filename], $type);
} else {
// Nothing to do...
Minz_Request::forward(array('c' => 'importExport', 'a' => 'index'), true);
}
}
/**
* This action deletes a feed.
*
* This page must be reached by a POST request.
* If there are related queries, they are deleted too.
*
* Parameters are:
* - id (default: false)
* - r (default: false)
* r permits to redirect to a given page at the end of this action.
*
* @todo handle "r" redirection in Minz_Request::forward()?
*/
public function deleteAction()
{
$redirect_url = Minz_Request::param('r', false, true);
if (!$redirect_url) {
$redirect_url = array('c' => 'subscription', 'a' => 'index');
}
if (!Minz_Request::isPost()) {
Minz_Request::forward($redirect_url, true);
}
$id = Minz_Request::param('id');
$feedDAO = FreshRSS_Factory::createFeedDao();
if ($feedDAO->deleteFeed($id)) {
// TODO: Delete old favicon
// Remove related queries
FreshRSS_Context::$user_conf->queries = remove_query_by_get('f_' . $id, FreshRSS_Context::$user_conf->queries);
FreshRSS_Context::$user_conf->save();
Minz_Request::good(_t('feedback.sub.feed.deleted'), $redirect_url);
} else {
Minz_Request::bad(_t('feedback.sub.feed.error'), $redirect_url);
}
}
/**
* This action handles the feed configuration page.
*
* It displays the feed configuration page.
* If this action is reached through a POST request, it stores all new
* configuraiton values then sends a notification to the user.
*
* The options available on the page are:
* - name
* - description
* - website URL
* - feed URL
* - category id (default: default category id)
* - CSS path to article on website
* - display in main stream (default: 0)
* - HTTP authentication
* - number of article to retain (default: -2)
* - refresh frequency (default: -2)
* Default values are empty strings unless specified.
*/
public function feedAction()
{
if (Minz_Request::param('ajax')) {
$this->view->_useLayout(false);
}
$feedDAO = FreshRSS_Factory::createFeedDao();
$this->view->feeds = $feedDAO->listFeeds();
$id = Minz_Request::param('id');
if ($id === false || !isset($this->view->feeds[$id])) {
Minz_Error::error(404);
return;
}
$this->view->feed = $this->view->feeds[$id];
Minz_View::prependTitle(_t('sub.title.feed_management') . ' · ' . $this->view->feed->name() . ' · ');
if (Minz_Request::isPost()) {
$user = Minz_Request::param('http_user', '');
$pass = Minz_Request::param('http_pass', '');
$httpAuth = '';
if ($user != '' || $pass != '') {
$httpAuth = $user . ':' . $pass;
}
$cat = intval(Minz_Request::param('category', 0));
$values = array('name' => Minz_Request::param('name', ''), 'description' => sanitizeHTML(Minz_Request::param('description', '', true)), 'website' => Minz_Request::param('website', ''), 'url' => Minz_Request::param('url', ''), 'category' => $cat, 'pathEntries' => Minz_Request::param('path_entries', ''), 'priority' => intval(Minz_Request::param('priority', 0)), 'httpAuth' => $httpAuth, 'keep_history' => intval(Minz_Request::param('keep_history', -2)), 'ttl' => intval(Minz_Request::param('ttl', -2)));
invalidateHttpCache();
$url_redirect = array('c' => 'subscription', 'params' => array('id' => $id));
if ($feedDAO->updateFeed($id, $values) !== false) {
$this->view->feed->_category($cat);
$this->view->feed->faviconPrepare();
Minz_Request::good(_t('feedback.sub.feed.updated'), $url_redirect);
} else {
Minz_Request::bad(_t('feedback.sub.feed.error'), $url_redirect);
}
}
}
/**
* This action displays logs of FreshRSS for the current user.
*/
public function logsAction()
{
if (!FreshRSS_Auth::hasAccess()) {
Minz_Error::error(403);
}
Minz_View::prependTitle(_t('index.log.title') . ' · ');
if (Minz_Request::isPost()) {
FreshRSS_LogDAO::truncate();
}
$logs = FreshRSS_LogDAO::lines();
//TODO: ask only the necessary lines
//gestion pagination
$page = Minz_Request::param('page', 1);
$this->view->logsPaginator = new Minz_Paginator($logs);
$this->view->logsPaginator->_nbItemsPerPage(50);
$this->view->logsPaginator->_currentPage($page);
}
public function applyAction()
{
if (!file_exists(UPDATE_FILENAME) || !is_writable(FRESHRSS_PATH)) {
Minz_Request::forward(array('c' => 'update'), true);
}
require UPDATE_FILENAME;
if (Minz_Request::param('post_conf', false)) {
$res = do_post_update();
Minz_ExtensionManager::callHook('post_update');
if ($res === true) {
@unlink(UPDATE_FILENAME);
@file_put_contents(join_path(DATA_PATH, 'last_update.txt'), '');
Minz_Request::good(_t('feedback.update.finished'));
} else {
Minz_Request::bad(_t('feedback.update.error', $res), array('c' => 'update', 'a' => 'index'));
}
}
if (Minz_Request::isPost()) {
save_info_update();
}
if (!need_info_update()) {
$res = apply_update();
if ($res === true) {
Minz_Request::forward(array('c' => 'update', 'a' => 'apply', 'params' => array('post_conf' => true)), true);
} else {
Minz_Request::bad(_t('feedback.update.error', $res), array('c' => 'update', 'a' => 'index'));
}
}
}
/**
* This action handles the article repartition statistic page.
*
* It displays the number of article and the average of article for the
* following periods:
* - hour of the day
* - day of the week
* - month
*
* @todo verify that the metrics used here make some sense. Especially
* for the average.
*/
public function repartitionAction()
{
$statsDAO = FreshRSS_Factory::createStatsDAO();
$categoryDAO = new FreshRSS_CategoryDAO();
$feedDAO = FreshRSS_Factory::createFeedDao();
Minz_View::appendScript(Minz_Url::display('/scripts/flotr2.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/flotr2.min.js')));
$id = Minz_Request::param('id', null);
$this->view->categories = $categoryDAO->listCategories();
$this->view->feed = $feedDAO->searchById($id);
$this->view->days = $statsDAO->getDays();
$this->view->months = $statsDAO->getMonths();
$this->view->repartition = $statsDAO->calculateEntryRepartitionPerFeed($id);
$this->view->repartitionHour = $statsDAO->calculateEntryRepartitionPerFeedPerHour($id);
$this->view->averageHour = $statsDAO->calculateEntryAveragePerFeedPerHour($id);
$this->view->repartitionDayOfWeek = $statsDAO->calculateEntryRepartitionPerFeedPerDayOfWeek($id);
$this->view->averageDayOfWeek = $statsDAO->calculateEntryAveragePerFeedPerDayOfWeek($id);
$this->view->repartitionMonth = $statsDAO->calculateEntryRepartitionPerFeedPerMonth($id);
$this->view->averageMonth = $statsDAO->calculateEntryAveragePerFeedPerMonth($id);
}
public function archivingAction()
{
if (Minz_Request::isPost()) {
$old = Minz_Request::param('old_entries', 3);
$keepHistoryDefault = Minz_Request::param('keep_history_default', 0);
$this->view->conf->_old_entries($old);
$this->view->conf->_keep_history_default($keepHistoryDefault);
$this->view->conf->save();
invalidateHttpCache();
$notif = array('type' => 'good', 'content' => Minz_Translate::t('configuration_updated'));
Minz_Session::_param('notification', $notif);
Minz_Request::forward(array('c' => 'configure', 'a' => 'archiving'), true);
}
Minz_View::prependTitle(Minz_Translate::t('archiving_configuration') . ' · ');
$entryDAO = new FreshRSS_EntryDAO();
$this->view->nb_total = $entryDAO->count();
$this->view->size_user = $entryDAO->size();
if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) {
$this->view->size_total = $entryDAO->size(true);
}
}
function saveStep3()
{
if (!empty($_POST)) {
if ($_SESSION['bd_type'] === 'sqlite') {
$_SESSION['bd_base'] = $_SESSION['default_user'];
$_SESSION['bd_host'] = '';
$_SESSION['bd_user'] = '';
$_SESSION['bd_password'] = '';
$_SESSION['bd_prefix'] = '';
$_SESSION['bd_prefix_user'] = '';
//No prefix for SQLite
} else {
if (empty($_POST['type']) || empty($_POST['host']) || empty($_POST['user']) || empty($_POST['base'])) {
$_SESSION['bd_error'] = 'Missing parameters!';
}
$_SESSION['bd_base'] = substr($_POST['base'], 0, 64);
$_SESSION['bd_host'] = $_POST['host'];
$_SESSION['bd_user'] = $_POST['user'];
$_SESSION['bd_password'] = $_POST['pass'];
$_SESSION['bd_prefix'] = substr($_POST['prefix'], 0, 16);
$_SESSION['bd_prefix_user'] = $_SESSION['bd_prefix'] . (empty($_SESSION['default_user']) ? '' : $_SESSION['default_user'] . '_');
}
// We use dirname to remove the /i part
$base_url = dirname(Minz_Request::guessBaseUrl());
$config_array = array('salt' => $_SESSION['salt'], 'base_url' => $base_url, 'title' => $_SESSION['title'], 'default_user' => $_SESSION['default_user'], 'auth_type' => $_SESSION['auth_type'], 'db' => array('type' => $_SESSION['bd_type'], 'host' => $_SESSION['bd_host'], 'user' => $_SESSION['bd_user'], 'password' => $_SESSION['bd_password'], 'base' => $_SESSION['bd_base'], 'prefix' => $_SESSION['bd_prefix'], 'pdo_options' => array()), 'pubsubhubbub_enabled' => server_is_public($base_url));
@unlink(join_path(DATA_PATH, 'config.php'));
//To avoid access-rights problems
file_put_contents(join_path(DATA_PATH, 'config.php'), "<?php\n return " . var_export($config_array, true) . ';');
$res = checkBD();
if ($res) {
$_SESSION['bd_error'] = '';
header('Location: index.php?step=4');
} elseif (empty($_SESSION['bd_error'])) {
$_SESSION['bd_error'] = 'Unknown error!';
}
}
invalidateHttpCache();
}
/**
* Constructeur
* Détermine si on utilise un layout ou non
*/
public function __construct()
{
$this->view_filename = APP_PATH . self::VIEWS_PATH_NAME . '/' . Minz_Request::controllerName() . '/' . Minz_Request::actionName() . '.phtml';
self::$title = Minz_Configuration::title();
}
/**
* This action deletes all the feeds relative to a given category.
* Feed-related queries are deleted.
*
* Request parameter is:
* - id (of a category)
*/
public function emptyAction()
{
$feedDAO = FreshRSS_Factory::createFeedDao();
$url_redirect = array('c' => 'subscription', 'a' => 'index');
if (Minz_Request::isPost()) {
invalidateHttpCache();
$id = Minz_Request::param('id');
if (!$id) {
Minz_Request::bad(_t('feedback.sub.category.no_id'), $url_redirect);
}
// List feeds to remove then related user queries.
$feeds = $feedDAO->listByCategory($id);
if ($feedDAO->deleteFeedByCategory($id)) {
// TODO: Delete old favicons
// Remove related queries
foreach ($feeds as $feed) {
FreshRSS_Context::$user_conf->queries = remove_query_by_get('f_' . $feed->id(), FreshRSS_Context::$user_conf->queries);
}
FreshRSS_Context::$user_conf->save();
Minz_Request::good(_t('feedback.sub.category.emptied'), $url_redirect);
} else {
Minz_Request::bad(_t('feedback.sub.category.error'), $url_redirect);
}
}
Minz_Request::forward($url_redirect, true);
}
/**
* This action resets the authentication system.
*
* After reseting, form auth is set by default.
*/
public function resetAction()
{
Minz_View::prependTitle(_t('admin.auth.title_reset') . ' · ');
Minz_View::appendScript(Minz_Url::display('/scripts/bcrypt.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/bcrypt.min.js')));
$this->view->no_form = false;
// Enable changement of auth only if Persona!
if (FreshRSS_Context::$system_conf->auth_type != 'persona') {
$this->view->message = array('status' => 'bad', 'title' => _t('gen.short.damn'), 'body' => _t('feedback.auth.not_persona'));
$this->view->no_form = true;
return;
}
$conf = get_user_configuration(FreshRSS_Context::$system_conf->default_user);
if (is_null($conf)) {
return;
}
// Admin user must have set its master password.
if (!$conf->passwordHash) {
$this->view->message = array('status' => 'bad', 'title' => _t('gen.short.damn'), 'body' => _t('feedback.auth.no_password_set'));
$this->view->no_form = true;
return;
}
invalidateHttpCache();
if (Minz_Request::isPost()) {
$nonce = Minz_Session::param('nonce');
$username = Minz_Request::param('username', '');
$challenge = Minz_Request::param('challenge', '');
$ok = FreshRSS_FormAuth::checkCredentials($username, $conf->passwordHash, $nonce, $challenge);
if ($ok) {
FreshRSS_Context::$system_conf->auth_type = 'form';
$ok = FreshRSS_Context::$system_conf->save();
if ($ok) {
Minz_Request::good(_t('feedback.auth.form.set'));
} else {
Minz_Request::bad(_t('feedback.auth.form.not_set'), array('c' => 'auth', 'a' => 'reset'));
}
} else {
Minz_Log::warning('Password mismatch for' . ' user='******', nonce=' . $nonce . ', c=' . $challenge);
Minz_Request::bad(_t('feedback.auth.login.invalid'), array('c' => 'auth', 'a' => 'reset'));
}
}
}
public function deleteAction()
{
if (Minz_Request::isPost() && Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) {
require_once APP_PATH . '/sql.php';
$username = Minz_Request::param('username');
$ok = ctype_alnum($username);
if ($ok) {
$ok &= strcasecmp($username, Minz_Configuration::defaultUser()) !== 0;
//It is forbidden to delete the default user
}
if ($ok) {
$configPath = DATA_PATH . '/' . $username . '_user.php';
$ok &= file_exists($configPath);
}
if ($ok) {
$userDAO = new FreshRSS_UserDAO();
$ok &= $userDAO->deleteUser($username);
$ok &= unlink($configPath);
//TODO: delete Persona file
}
invalidateHttpCache();
$notif = array('type' => $ok ? 'good' : 'bad', 'content' => Minz_Translate::t($ok ? 'user_deleted' : 'error_occurred', $username));
Minz_Session::_param('notification', $notif);
}
Minz_Request::forward(array('c' => 'configure', 'a' => 'users'), true);
}
/**
* This action delete an existing user.
*
* Request parameter is:
* - username
*
* @todo clean up this method. Idea: create a User->clean() method.
*/
public function deleteAction()
{
$username = Minz_Request::param('username');
$redirect_url = urldecode(Minz_Request::param('r', false, true));
if (!$redirect_url) {
$redirect_url = array('c' => 'user', 'a' => 'manage');
}
$self_deletion = Minz_Session::param('currentUser', '_') === $username;
if (Minz_Request::isPost() && (FreshRSS_Auth::hasAccess('admin') || $self_deletion)) {
$db = FreshRSS_Context::$system_conf->db;
require_once APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php';
$ok = ctype_alnum($username);
$user_data = join_path(DATA_PATH, 'users', $username);
if ($ok) {
$default_user = FreshRSS_Context::$system_conf->default_user;
$ok &= strcasecmp($username, $default_user) !== 0;
//It is forbidden to delete the default user
}
if ($ok && $self_deletion) {
// We check the password if it's a self-destruction
$nonce = Minz_Session::param('nonce');
$challenge = Minz_Request::param('challenge', '');
$ok &= FreshRSS_FormAuth::checkCredentials($username, FreshRSS_Context::$user_conf->passwordHash, $nonce, $challenge);
}
if ($ok) {
$ok &= is_dir($user_data);
}
if ($ok) {
$userDAO = new FreshRSS_UserDAO();
$ok &= $userDAO->deleteUser($username);
$ok &= recursive_unlink($user_data);
//TODO: delete Persona file
}
if ($ok && $self_deletion) {
FreshRSS_Auth::removeAccess();
$redirect_url = array('c' => 'index', 'a' => 'index');
}
invalidateHttpCache();
$notif = array('type' => $ok ? 'good' : 'bad', 'content' => _t('feedback.user.deleted' . (!$ok ? '.error' : ''), $username));
Minz_Session::_param('notification', $notif);
}
Minz_Request::forward($redirect_url, true);
}
