private function accessControl($currentUser)
{
if ($currentUser == '') {
switch (Minz_Configuration::authType()) {
case 'form':
$currentUser = Minz_Configuration::defaultUser();
Minz_Session::_param('passwordHash');
$loginOk = false;
break;
case 'http_auth':
$currentUser = httpAuthUser();
$loginOk = $currentUser != '';
break;
case 'persona':
$loginOk = false;
$email = filter_var(Minz_Session::param('mail'), FILTER_VALIDATE_EMAIL);
if ($email != '') {
//TODO: Remove redundancy with indexController
$personaFile = DATA_PATH . '/persona/' . $email . '.txt';
if (($currentUser = @file_get_contents($personaFile)) !== false) {
$currentUser = trim($currentUser);
$loginOk = true;
}
}
if (!$loginOk) {
$currentUser = Minz_Configuration::defaultUser();
}
break;
case 'none':
$currentUser = Minz_Configuration::defaultUser();
$loginOk = true;
break;
default:
$currentUser = Minz_Configuration::defaultUser();
$loginOk = false;
break;
}
} else {
$loginOk = true;
}
if (!ctype_alnum($currentUser)) {
Minz_Session::_param('currentUser', '');
die('Invalid username [' . $currentUser . ']!');
}
try {
$this->conf = new FreshRSS_Configuration($currentUser);
Minz_View::_param('conf', $this->conf);
Minz_Session::_param('currentUser', $currentUser);
} catch (Minz_Exception $me) {
$loginOk = false;
try {
$this->conf = new FreshRSS_Configuration(Minz_Configuration::defaultUser());
Minz_Session::_param('currentUser', Minz_Configuration::defaultUser());
Minz_View::_param('conf', $this->conf);
$notif = array('type' => 'bad', 'content' => 'Invalid configuration for user [' . $currentUser . ']!');
Minz_Session::_param('notification', $notif);
Minz_Log::record($notif['content'] . ' ' . $me->getMessage(), Minz_Log::WARNING);
Minz_Session::_param('currentUser', '');
} catch (Exception $e) {
die($e->getMessage());
}
}
if ($loginOk) {
switch (Minz_Configuration::authType()) {
case 'form':
$loginOk = Minz_Session::param('passwordHash') === $this->conf->passwordHash;
break;
case 'http_auth':
$loginOk = strcasecmp($currentUser, httpAuthUser()) === 0;
break;
case 'persona':
$loginOk = strcasecmp(Minz_Session::param('mail'), $this->conf->mail_login) === 0;
break;
case 'none':
$loginOk = true;
break;
default:
$loginOk = false;
break;
}
}
Minz_View::_param('loginOk', $loginOk);
return $loginOk;
}
public function deleteAction()
{
if (Minz_Request::isPost() && Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) {
require_once APP_PATH . '/sql.php';
$username = Minz_Request::param('username');
$ok = ctype_alnum($username);
if ($ok) {
$ok &= strcasecmp($username, Minz_Configuration::defaultUser()) !== 0;
//It is forbidden to delete the default user
}
if ($ok) {
$configPath = DATA_PATH . '/' . $username . '_user.php';
$ok &= file_exists($configPath);
}
if ($ok) {
$userDAO = new FreshRSS_UserDAO();
$ok &= $userDAO->deleteUser($username);
$ok &= unlink($configPath);
//TODO: delete Persona file
}
invalidateHttpCache();
$notif = array('type' => $ok ? 'good' : 'bad', 'content' => Minz_Translate::t($ok ? 'user_deleted' : 'error_occurred', $username));
Minz_Session::_param('notification', $notif);
}
Minz_Request::forward(array('c' => 'configure', 'a' => 'users'), true);
}
<?php
require dirname(__FILE__) . '/../constants.php';
require LIB_PATH . '/lib_rss.php';
//Includes class autoloader
session_cache_limiter('');
ob_implicit_flush(false);
ob_start();
echo 'Results: ', "\n";
//Buffered
Minz_Configuration::init();
$users = listUsers();
shuffle($users);
//Process users in random order
array_unshift($users, Minz_Configuration::defaultUser());
//But always start with admin
$users = array_unique($users);
foreach ($users as $myUser) {
syslog(LOG_INFO, 'FreshRSS actualize ' . $myUser);
if (defined('STDOUT')) {
fwrite(STDOUT, 'Actualize ' . $myUser . "...\n");
//Unbuffered
}
echo $myUser, ' ';
//Buffered
$_GET['c'] = 'feed';
$_GET['a'] = 'actualize';
$_GET['ajax'] = 1;
$_GET['force'] = true;
$_SERVER['HTTP_HOST'] = '';
$freshRSS = new FreshRSS();
