Пример #1
0
 public function authAction()
 {
     if (Minz_Request::isPost()) {
         $ok = true;
         $passwordPlain = Minz_Request::param('passwordPlain', false);
         if ($passwordPlain != '') {
             Minz_Request::_param('passwordPlain');
             //Discard plain-text password ASAP
             $_POST['passwordPlain'] = '';
             if (!function_exists('password_hash')) {
                 include_once LIB_PATH . '/password_compat.php';
             }
             $passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => self::BCRYPT_COST));
             $passwordPlain = '';
             $passwordHash = preg_replace('/^\\$2[xy]\\$/', '\\$2a\\$', $passwordHash);
             //Compatibility with bcrypt.js
             $ok &= $passwordHash != '';
             $this->view->conf->_passwordHash($passwordHash);
         }
         Minz_Session::_param('passwordHash', $this->view->conf->passwordHash);
         if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) {
             $this->view->conf->_mail_login(Minz_Request::param('mail_login', false));
         }
         $email = $this->view->conf->mail_login;
         Minz_Session::_param('mail', $email);
         $ok &= $this->view->conf->save();
         if ($email != '') {
             $personaFile = DATA_PATH . '/persona/' . $email . '.txt';
             @unlink($personaFile);
             $ok &= file_put_contents($personaFile, Minz_Session::param('currentUser', '_')) !== false;
         }
         if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) {
             $current_token = $this->view->conf->token;
             $token = Minz_Request::param('token', $current_token);
             $this->view->conf->_token($token);
             $ok &= $this->view->conf->save();
             $anon = Minz_Request::param('anon_access', false);
             $anon = (bool) $anon && $anon !== 'no';
             $anon_refresh = Minz_Request::param('anon_refresh', false);
             $anon_refresh = (bool) $anon_refresh && $anon_refresh !== 'no';
             $auth_type = Minz_Request::param('auth_type', 'none');
             if ($anon != Minz_Configuration::allowAnonymous() || $auth_type != Minz_Configuration::authType() || $anon_refresh != Minz_Configuration::allowAnonymousRefresh()) {
                 Minz_Configuration::_authType($auth_type);
                 Minz_Configuration::_allowAnonymous($anon);
                 Minz_Configuration::_allowAnonymousRefresh($anon_refresh);
                 $ok &= Minz_Configuration::writeFile();
             }
         }
         invalidateHttpCache();
         $notif = array('type' => $ok ? 'good' : 'bad', 'content' => Minz_Translate::t($ok ? 'configuration_updated' : 'error_occurred'));
         Minz_Session::_param('notification', $notif);
     }
     Minz_Request::forward(array('c' => 'configure', 'a' => 'users'), true);
 }
Пример #2
0
 public function indexAction()
 {
     $output = Minz_Request::param('output');
     $token = $this->view->conf->token;
     // check if user is logged in
     if (!$this->view->loginOk && !Minz_Configuration::allowAnonymous()) {
         $token_param = Minz_Request::param('token', '');
         $token_is_ok = $token != '' && $token === $token_param;
         if ($output === 'rss' && !$token_is_ok) {
             Minz_Error::error(403, array('error' => array(Minz_Translate::t('access_denied'))));
             return;
         } elseif ($output !== 'rss') {
             // "hard" redirection is not required, just ask dispatcher to
             // forward to the login form without 302 redirection
             Minz_Request::forward(array('c' => 'index', 'a' => 'formLogin'));
             return;
         }
     }
     // construction of RSS url of this feed
     $params = Minz_Request::params();
     $params['output'] = 'rss';
     if (isset($params['search'])) {
         $params['search'] = urlencode($params['search']);
     }
     if (!Minz_Configuration::allowAnonymous()) {
         $params['token'] = $token;
     }
     $this->view->rss_url = array('c' => 'index', 'a' => 'index', 'params' => $params);
     if ($output === 'rss') {
         // no layout for RSS output
         $this->view->_useLayout(false);
         header('Content-Type: application/rss+xml; charset=utf-8');
     } elseif ($output === 'global') {
         Minz_View::appendScript(Minz_Url::display('/scripts/global_view.js?' . @filemtime(PUBLIC_PATH . '/scripts/global_view.js')));
     }
     $catDAO = new FreshRSS_CategoryDAO();
     $entryDAO = new FreshRSS_EntryDAO();
     $this->view->cat_aside = $catDAO->listCategories();
     $this->view->nb_favorites = $entryDAO->countUnreadReadFavorites();
     $this->view->nb_not_read = FreshRSS_CategoryDAO::CountUnreads($this->view->cat_aside, 1);
     $this->view->currentName = '';
     $this->view->get_c = '';
     $this->view->get_f = '';
     $get = Minz_Request::param('get', 'a');
     $getType = $get[0];
     $getId = substr($get, 2);
     if (!$this->checkAndProcessType($getType, $getId)) {
         Minz_Log::record('Not found [' . $getType . '][' . $getId . ']', Minz_Log::DEBUG);
         Minz_Error::error(404, array('error' => array(Minz_Translate::t('page_not_found'))));
         return;
     }
     // mise à jour des titres
     $this->view->rss_title = $this->view->currentName . ' | ' . Minz_View::title();
     if ($this->view->nb_not_read > 0) {
         Minz_View::appendTitle(' (' . formatNumber($this->view->nb_not_read) . ')');
     }
     Minz_View::prependTitle($this->view->currentName . ($this->nb_not_read_cat > 0 ? ' (' . formatNumber($this->nb_not_read_cat) . ')' : '') . ' · ');
     // On récupère les différents éléments de filtrage
     $this->view->state = $state = Minz_Request::param('state', $this->view->conf->default_view);
     $filter = Minz_Request::param('search', '');
     if (!empty($filter)) {
         $state = 'all';
         //Search always in read and unread articles
     }
     $this->view->order = $order = Minz_Request::param('order', $this->view->conf->sort_order);
     $nb = Minz_Request::param('nb', $this->view->conf->posts_per_page);
     $first = Minz_Request::param('next', '');
     if ($state === 'not_read') {
         //Any unread article in this category at all?
         switch ($getType) {
             case 'a':
                 $hasUnread = $this->view->nb_not_read > 0;
                 break;
             case 's':
                 $hasUnread = $this->view->nb_favorites['unread'] > 0;
                 break;
             case 'c':
                 $hasUnread = !isset($this->view->cat_aside[$getId]) || $this->view->cat_aside[$getId]->nbNotRead() > 0;
                 break;
             case 'f':
                 $myFeed = FreshRSS_CategoryDAO::findFeed($this->view->cat_aside, $getId);
                 $hasUnread = $myFeed === null || $myFeed->nbNotRead() > 0;
                 break;
             default:
                 $hasUnread = true;
                 break;
         }
         if (!$hasUnread) {
             $this->view->state = $state = 'all';
         }
     }
     $today = @strtotime('today');
     $this->view->today = $today;
     // on calcule la date des articles les plus anciens qu'on affiche
     $nb_month_old = $this->view->conf->old_entries;
     $date_min = $today - 3600 * 24 * 30 * $nb_month_old;
     //Do not use a fast changing value such as time() to allow SQL caching
     $keepHistoryDefault = $this->view->conf->keep_history_default;
     try {
         $entries = $entryDAO->listWhere($getType, $getId, $state, $order, $nb + 1, $first, $filter, $date_min, $keepHistoryDefault);
         // Si on a récupéré aucun article "non lus"
         // on essaye de récupérer tous les articles
         if ($state === 'not_read' && empty($entries)) {
             Minz_Log::record('Conflicting information about nbNotRead!', Minz_Log::DEBUG);
             $this->view->state = 'all';
             $entries = $entryDAO->listWhere($getType, $getId, 'all', $order, $nb, $first, $filter, $date_min, $keepHistoryDefault);
         }
         if (count($entries) <= $nb) {
             $this->view->nextId = '';
         } else {
             //We have more elements for pagination
             $lastEntry = array_pop($entries);
             $this->view->nextId = $lastEntry->id();
         }
         $this->view->entries = $entries;
     } catch (FreshRSS_EntriesGetter_Exception $e) {
         Minz_Log::record($e->getMessage(), Minz_Log::NOTICE);
         Minz_Error::error(404, array('error' => array(Minz_Translate::t('page_not_found'))));
     }
 }