public function authAction()
{
if (Minz_Request::isPost()) {
$ok = true;
$passwordPlain = Minz_Request::param('passwordPlain', false);
if ($passwordPlain != '') {
Minz_Request::_param('passwordPlain');
//Discard plain-text password ASAP
$_POST['passwordPlain'] = '';
if (!function_exists('password_hash')) {
include_once LIB_PATH . '/password_compat.php';
}
$passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => self::BCRYPT_COST));
$passwordPlain = '';
$passwordHash = preg_replace('/^\\$2[xy]\\$/', '\\$2a\\$', $passwordHash);
//Compatibility with bcrypt.js
$ok &= $passwordHash != '';
$this->view->conf->_passwordHash($passwordHash);
}
Minz_Session::_param('passwordHash', $this->view->conf->passwordHash);
if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) {
$this->view->conf->_mail_login(Minz_Request::param('mail_login', false));
}
$email = $this->view->conf->mail_login;
Minz_Session::_param('mail', $email);
$ok &= $this->view->conf->save();
if ($email != '') {
$personaFile = DATA_PATH . '/persona/' . $email . '.txt';
@unlink($personaFile);
$ok &= file_put_contents($personaFile, Minz_Session::param('currentUser', '_')) !== false;
}
if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) {
$current_token = $this->view->conf->token;
$token = Minz_Request::param('token', $current_token);
$this->view->conf->_token($token);
$ok &= $this->view->conf->save();
$anon = Minz_Request::param('anon_access', false);
$anon = (bool) $anon && $anon !== 'no';
$anon_refresh = Minz_Request::param('anon_refresh', false);
$anon_refresh = (bool) $anon_refresh && $anon_refresh !== 'no';
$auth_type = Minz_Request::param('auth_type', 'none');
if ($anon != Minz_Configuration::allowAnonymous() || $auth_type != Minz_Configuration::authType() || $anon_refresh != Minz_Configuration::allowAnonymousRefresh()) {
Minz_Configuration::_authType($auth_type);
Minz_Configuration::_allowAnonymous($anon);
Minz_Configuration::_allowAnonymousRefresh($anon_refresh);
$ok &= Minz_Configuration::writeFile();
}
}
invalidateHttpCache();
$notif = array('type' => $ok ? 'good' : 'bad', 'content' => Minz_Translate::t($ok ? 'configuration_updated' : 'error_occurred'));
Minz_Session::_param('notification', $notif);
}
Minz_Request::forward(array('c' => 'configure', 'a' => 'users'), true);
}
public function indexAction()
{
$output = Minz_Request::param('output');
$token = $this->view->conf->token;
// check if user is logged in
if (!$this->view->loginOk && !Minz_Configuration::allowAnonymous()) {
$token_param = Minz_Request::param('token', '');
$token_is_ok = $token != '' && $token === $token_param;
if ($output === 'rss' && !$token_is_ok) {
Minz_Error::error(403, array('error' => array(Minz_Translate::t('access_denied'))));
return;
} elseif ($output !== 'rss') {
// "hard" redirection is not required, just ask dispatcher to
// forward to the login form without 302 redirection
Minz_Request::forward(array('c' => 'index', 'a' => 'formLogin'));
return;
}
}
// construction of RSS url of this feed
$params = Minz_Request::params();
$params['output'] = 'rss';
if (isset($params['search'])) {
$params['search'] = urlencode($params['search']);
}
if (!Minz_Configuration::allowAnonymous()) {
$params['token'] = $token;
}
$this->view->rss_url = array('c' => 'index', 'a' => 'index', 'params' => $params);
if ($output === 'rss') {
// no layout for RSS output
$this->view->_useLayout(false);
header('Content-Type: application/rss+xml; charset=utf-8');
} elseif ($output === 'global') {
Minz_View::appendScript(Minz_Url::display('/scripts/global_view.js?' . @filemtime(PUBLIC_PATH . '/scripts/global_view.js')));
}
$catDAO = new FreshRSS_CategoryDAO();
$entryDAO = new FreshRSS_EntryDAO();
$this->view->cat_aside = $catDAO->listCategories();
$this->view->nb_favorites = $entryDAO->countUnreadReadFavorites();
$this->view->nb_not_read = FreshRSS_CategoryDAO::CountUnreads($this->view->cat_aside, 1);
$this->view->currentName = '';
$this->view->get_c = '';
$this->view->get_f = '';
$get = Minz_Request::param('get', 'a');
$getType = $get[0];
$getId = substr($get, 2);
if (!$this->checkAndProcessType($getType, $getId)) {
Minz_Log::record('Not found [' . $getType . '][' . $getId . ']', Minz_Log::DEBUG);
Minz_Error::error(404, array('error' => array(Minz_Translate::t('page_not_found'))));
return;
}
// mise à jour des titres
$this->view->rss_title = $this->view->currentName . ' | ' . Minz_View::title();
if ($this->view->nb_not_read > 0) {
Minz_View::appendTitle(' (' . formatNumber($this->view->nb_not_read) . ')');
}
Minz_View::prependTitle($this->view->currentName . ($this->nb_not_read_cat > 0 ? ' (' . formatNumber($this->nb_not_read_cat) . ')' : '') . ' · ');
// On récupère les différents éléments de filtrage
$this->view->state = $state = Minz_Request::param('state', $this->view->conf->default_view);
$filter = Minz_Request::param('search', '');
if (!empty($filter)) {
$state = 'all';
//Search always in read and unread articles
}
$this->view->order = $order = Minz_Request::param('order', $this->view->conf->sort_order);
$nb = Minz_Request::param('nb', $this->view->conf->posts_per_page);
$first = Minz_Request::param('next', '');
if ($state === 'not_read') {
//Any unread article in this category at all?
switch ($getType) {
case 'a':
$hasUnread = $this->view->nb_not_read > 0;
break;
case 's':
$hasUnread = $this->view->nb_favorites['unread'] > 0;
break;
case 'c':
$hasUnread = !isset($this->view->cat_aside[$getId]) || $this->view->cat_aside[$getId]->nbNotRead() > 0;
break;
case 'f':
$myFeed = FreshRSS_CategoryDAO::findFeed($this->view->cat_aside, $getId);
$hasUnread = $myFeed === null || $myFeed->nbNotRead() > 0;
break;
default:
$hasUnread = true;
break;
}
if (!$hasUnread) {
$this->view->state = $state = 'all';
}
}
$today = @strtotime('today');
$this->view->today = $today;
// on calcule la date des articles les plus anciens qu'on affiche
$nb_month_old = $this->view->conf->old_entries;
$date_min = $today - 3600 * 24 * 30 * $nb_month_old;
//Do not use a fast changing value such as time() to allow SQL caching
$keepHistoryDefault = $this->view->conf->keep_history_default;
try {
$entries = $entryDAO->listWhere($getType, $getId, $state, $order, $nb + 1, $first, $filter, $date_min, $keepHistoryDefault);
// Si on a récupéré aucun article "non lus"
// on essaye de récupérer tous les articles
if ($state === 'not_read' && empty($entries)) {
Minz_Log::record('Conflicting information about nbNotRead!', Minz_Log::DEBUG);
$this->view->state = 'all';
$entries = $entryDAO->listWhere($getType, $getId, 'all', $order, $nb, $first, $filter, $date_min, $keepHistoryDefault);
}
if (count($entries) <= $nb) {
$this->view->nextId = '';
} else {
//We have more elements for pagination
$lastEntry = array_pop($entries);
$this->view->nextId = $lastEntry->id();
}
$this->view->entries = $entries;
} catch (FreshRSS_EntriesGetter_Exception $e) {
Minz_Log::record($e->getMessage(), Minz_Log::NOTICE);
Minz_Error::error(404, array('error' => array(Minz_Translate::t('page_not_found'))));
}
}
