/**
* This action is called before every other action in that class. It is
* the common boiler plate for every action. It is triggered by the
* underlying framework.
*/
public function firstAction()
{
if (!FreshRSS_Auth::hasAccess()) {
Minz_Error::error(403);
}
Minz_View::prependTitle(_t('admin.stats.title') . ' · ');
}
/**
* This action is called before every other action in that class. It is
* the common boiler plate for every action. It is triggered by the
* underlying framework.
*
*/
public function firstAction()
{
if (!FreshRSS_Auth::hasAccess()) {
Minz_Error::error(403);
}
$catDAO = new FreshRSS_CategoryDAO();
$catDAO->checkDefault();
}
public static function truncate()
{
file_put_contents(join_path(DATA_PATH, 'users', Minz_Session::param('currentUser', '_'), 'log.txt'), '');
if (FreshRSS_Auth::hasAccess('admin')) {
file_put_contents(join_path(DATA_PATH, 'users', '_', 'log.txt'), '');
file_put_contents(join_path(DATA_PATH, 'users', '_', 'log_api.txt'), '');
file_put_contents(join_path(DATA_PATH, 'users', '_', 'log_pshb.txt'), '');
}
}
/**
* This action is called before every other action in that class. It is
* the common boiler plate for every action. It is triggered by the
* underlying framework.
*/
public function firstAction()
{
if (!FreshRSS_Auth::hasAccess()) {
Minz_Error::error(403);
}
require_once LIB_PATH . '/lib_opml.php';
$this->catDAO = new FreshRSS_CategoryDAO();
$this->entryDAO = FreshRSS_Factory::createEntryDao();
$this->feedDAO = FreshRSS_Factory::createFeedDao();
}
private function initAuth()
{
FreshRSS_Auth::init();
if (Minz_Request::isPost() && !is_referer_from_same_domain()) {
// Basic protection against XSRF attacks
FreshRSS_Auth::removeAccess();
$http_referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
Minz_Error::error(403, array('error' => array(_t('access_denied'), ' [HTTP_REFERER=' . htmlspecialchars($http_referer) . ']')));
}
}
/**
* This action is called before every other action in that class. It is
* the common boiler plate for every action. It is triggered by the
* underlying framework.
*/
public function firstAction()
{
if (!FreshRSS_Auth::hasAccess()) {
Minz_Error::error(403);
}
$catDAO = new FreshRSS_CategoryDAO();
$catDAO->checkDefault();
$this->view->categories = $catDAO->listCategories(false);
$this->view->default_category = $catDAO->getDefault();
}
/**
* This action is called before every other action in that class. It is
* the common boiler plate for every action. It is triggered by the
* underlying framework.
*/
public function firstAction()
{
if (!FreshRSS_Auth::hasAccess()) {
Minz_Error::error(403);
}
// If ajax request, we do not print layout
$this->ajax = Minz_Request::param('ajax');
if ($this->ajax) {
$this->view->_useLayout(false);
Minz_Request::_param('ajax');
}
}
private function initAuth()
{
FreshRSS_Auth::init();
if (Minz_Request::isPost() && !is_referer_from_same_domain()) {
// Basic protection against XSRF attacks
FreshRSS_Auth::removeAccess();
$http_referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
Minz_Translate::init('en');
//TODO: Better choice of fallback language
Minz_Error::error(403, array('error' => array(_t('feedback.access.denied'), ' [HTTP_REFERER=' . htmlspecialchars($http_referer) . ']')));
}
}
public function firstAction()
{
if (!FreshRSS_Auth::hasAccess('admin')) {
Minz_Error::error(403);
}
invalidateHttpCache();
$this->view->update_to_apply = false;
$this->view->last_update_time = 'unknown';
$timestamp = @filemtime(join_path(DATA_PATH, 'last_update.txt'));
if ($timestamp !== false) {
$this->view->last_update_time = timestamptodate($timestamp);
}
}
/**
* This action is called before every other action in that class. It is
* the common boiler plate for every action. It is triggered by the
* underlying framework.
*/
public function firstAction()
{
if (!FreshRSS_Auth::hasAccess()) {
// Token is useful in the case that anonymous refresh is forbidden
// and CRON task cannot be used with php command so the user can
// set a CRON task to refresh his feeds by using token inside url
$token = FreshRSS_Context::$user_conf->token;
$token_param = Minz_Request::param('token', '');
$token_is_ok = $token != '' && $token == $token_param;
$action = Minz_Request::actionName();
$allow_anonymous_refresh = FreshRSS_Context::$system_conf->allow_anonymous_refresh;
if ($action !== 'actualize' || !($allow_anonymous_refresh || $token_is_ok)) {
Minz_Error::error(403);
}
}
}
/**
* This action handles deletion of an extension.
*
* Only administrator can remove an extension.
* This action must be reached by a POST request.
*
* Parameter is:
* -e: extension name (urlencoded)
*/
public function removeAction()
{
if (!FreshRSS_Auth::hasAccess('admin')) {
Minz_Error::error(403);
}
$url_redirect = array('c' => 'extension', 'a' => 'index');
if (Minz_Request::isPost()) {
$ext_name = urldecode(Minz_Request::param('e'));
$ext = Minz_ExtensionManager::findExtension($ext_name);
if (is_null($ext)) {
Minz_Request::bad(_t('feedback.extensions.not_found', $ext_name), $url_redirect);
}
$res = recursive_unlink($ext->getPath());
if ($res) {
Minz_Request::good(_t('feedback.extensions.removed', $ext_name), $url_redirect);
} else {
Minz_Request::bad(_t('feedback.extensions.cannot_delete', $ext_name), $url_redirect);
}
}
Minz_Request::forward($url_redirect, true);
}
/**
* This action handles the archive configuration page.
*
* It displays the archive configuration page.
* If this action is reached through a POST request, it stores all new
* configuration values then sends a notification to the user.
*
* The options available on that page are:
* - duration to retain old article (default: 3)
* - number of article to retain per feed (default: 0)
* - refresh frequency (default: -2)
*
* @todo explain why the default value is -2 but this value does not
* exist in the drop-down list
*/
public function archivingAction()
{
if (Minz_Request::isPost()) {
FreshRSS_Context::$user_conf->old_entries = Minz_Request::param('old_entries', 3);
FreshRSS_Context::$user_conf->keep_history_default = Minz_Request::param('keep_history_default', 0);
FreshRSS_Context::$user_conf->ttl_default = Minz_Request::param('ttl_default', -2);
FreshRSS_Context::$user_conf->save();
invalidateHttpCache();
Minz_Request::good(_t('feedback.conf.updated'), array('c' => 'configure', 'a' => 'archiving'));
}
Minz_View::prependTitle(_t('conf.archiving.title') . ' · ');
$entryDAO = FreshRSS_Factory::createEntryDao();
$this->view->nb_total = $entryDAO->count();
$this->view->size_user = $entryDAO->size();
if (FreshRSS_Auth::hasAccess('admin')) {
$this->view->size_total = $entryDAO->size(true);
}
}
/**
* This action removes all accesses of the current user.
*/
public function logoutAction()
{
invalidateHttpCache();
FreshRSS_Auth::removeAccess();
Minz_Request::good(_t('feedback.auth.logout.success'), array('c' => 'index', 'a' => 'index'));
}
/**
* The (not so long) list of setters for system configuration.
*/
private function _allow_anonymous(&$data, $value)
{
$data['allow_anonymous'] = $this->handleBool($value) && FreshRSS_Auth::accessNeedsAction();
}
/**
* This action displays logs of FreshRSS for the current user.
*/
public function logsAction()
{
if (!FreshRSS_Auth::hasAccess()) {
Minz_Error::error(403);
}
Minz_View::prependTitle(_t('index.log.title') . ' · ');
if (Minz_Request::isPost()) {
FreshRSS_LogDAO::truncate();
}
$logs = FreshRSS_LogDAO::lines();
//TODO: ask only the necessary lines
//gestion pagination
$page = Minz_Request::param('page', 1);
$this->view->logsPaginator = new Minz_Paginator($logs);
$this->view->logsPaginator->_nbItemsPerPage(50);
$this->view->logsPaginator->_currentPage($page);
}
/**
* This action handles the system configuration page.
*
* It displays the system configuration page.
* If this action is reach through a POST request, it stores all new
* configuration values then sends a notification to the user.
*
* The options available on the page are:
* - user limit (default: 1)
* - user category limit (default: 16384)
* - user feed limit (default: 16384)
*/
public function systemAction()
{
if (!FreshRSS_Auth::hasAccess('admin')) {
Minz_Error::error(403);
}
if (Minz_Request::isPost()) {
$limits = FreshRSS_Context::$system_conf->limits;
$limits['max_registrations'] = Minz_Request::param('max-registrations', 1);
$limits['max_feeds'] = Minz_Request::param('max-feeds', 16384);
$limits['max_categories'] = Minz_Request::param('max-categories', 16384);
FreshRSS_Context::$system_conf->limits = $limits;
FreshRSS_Context::$system_conf->title = Minz_Request::param('instance-name', 'FreshRSS');
FreshRSS_Context::$system_conf->auto_update_url = Minz_Request::param('auto-update-url', false);
FreshRSS_Context::$system_conf->save();
invalidateHttpCache();
Minz_Session::_param('notification', array('type' => 'good', 'content' => _t('feedback.conf.updated')));
}
}
/**
* Removes all accesses for the current user.
*/
public static function removeAccess()
{
Minz_Session::_param('loginOk');
self::$login_ok = false;
$conf = Minz_Configuration::get('system');
Minz_Session::_param('currentUser', $conf->default_user);
switch ($conf->auth_type) {
case 'form':
Minz_Session::_param('passwordHash');
FreshRSS_FormAuth::deleteCookie();
break;
case 'persona':
Minz_Session::_param('mail');
break;
case 'http_auth':
case 'none':
// Nothing to do...
break;
default:
// TODO: extensions
}
}
public function deleteAction()
{
if (Minz_Request::isPost() && FreshRSS_Auth::hasAccess('admin')) {
$db = FreshRSS_Context::$system_conf->db;
require_once APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php';
$username = Minz_Request::param('username');
$ok = ctype_alnum($username);
$user_data = join_path(DATA_PATH, 'users', $username);
if ($ok) {
$default_user = FreshRSS_Context::$system_conf->default_user;
$ok &= strcasecmp($username, $default_user) !== 0;
//It is forbidden to delete the default user
}
if ($ok) {
$ok &= is_dir($user_data);
}
if ($ok) {
$userDAO = new FreshRSS_UserDAO();
$ok &= $userDAO->deleteUser($username);
$ok &= recursive_unlink($user_data);
//TODO: delete Persona file
}
invalidateHttpCache();
$notif = array('type' => $ok ? 'good' : 'bad', 'content' => _t('feedback.user.deleted' . (!$ok ? '.error' : ''), $username));
Minz_Session::_param('notification', $notif);
}
Minz_Request::forward(array('c' => 'user', 'a' => 'manage'), true);
}
/**
* This action delete an existing user.
*
* Request parameter is:
* - username
*
* @todo clean up this method. Idea: create a User->clean() method.
*/
public function deleteAction()
{
$username = Minz_Request::param('username');
$redirect_url = urldecode(Minz_Request::param('r', false, true));
if (!$redirect_url) {
$redirect_url = array('c' => 'user', 'a' => 'manage');
}
$self_deletion = Minz_Session::param('currentUser', '_') === $username;
if (Minz_Request::isPost() && (FreshRSS_Auth::hasAccess('admin') || $self_deletion)) {
$db = FreshRSS_Context::$system_conf->db;
require_once APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php';
$ok = ctype_alnum($username);
$user_data = join_path(DATA_PATH, 'users', $username);
if ($ok) {
$default_user = FreshRSS_Context::$system_conf->default_user;
$ok &= strcasecmp($username, $default_user) !== 0;
//It is forbidden to delete the default user
}
if ($ok && $self_deletion) {
// We check the password if it's a self-destruction
$nonce = Minz_Session::param('nonce');
$challenge = Minz_Request::param('challenge', '');
$ok &= FreshRSS_FormAuth::checkCredentials($username, FreshRSS_Context::$user_conf->passwordHash, $nonce, $challenge);
}
if ($ok) {
$ok &= is_dir($user_data);
}
if ($ok) {
$userDAO = new FreshRSS_UserDAO();
$ok &= $userDAO->deleteUser($username);
$ok &= recursive_unlink($user_data);
//TODO: delete Persona file
}
if ($ok && $self_deletion) {
FreshRSS_Auth::removeAccess();
$redirect_url = array('c' => 'index', 'a' => 'index');
}
invalidateHttpCache();
$notif = array('type' => $ok ? 'good' : 'bad', 'content' => _t('feedback.user.deleted' . (!$ok ? '.error' : ''), $username));
Minz_Session::_param('notification', $notif);
}
Minz_Request::forward($redirect_url, true);
}
fwrite(STDOUT, 'FreshRSS skip inactive user ' . $user . "\n");
//Unbuffered
}
continue;
}
Minz_Log::notice('FreshRSS actualize ' . $user, $log_file);
if (defined('STDOUT')) {
fwrite(STDOUT, 'Actualize ' . $user . "...\n");
//Unbuffered
}
echo $user, ' ';
//Buffered
Minz_Session::_param('currentUser', $user);
new Minz_ModelPdo($user);
//TODO: FIXME: Quick-fix while waiting for a better FreshRSS() constructor/init
FreshRSS_Auth::giveAccess();
$app->init();
$app->run();
if (!invalidateHttpCache()) {
Minz_Log::notice('FreshRSS write access problem in ' . join_path(USERS_PATH, $user, 'log.txt'), $log_file);
if (defined('STDERR')) {
fwrite(STDERR, 'Write access problem in ' . join_path(USERS_PATH, $user, 'log.txt') . "\n");
}
}
}
Minz_Log::notice('FreshRSS actualize done.', $log_file);
if (defined('STDOUT')) {
fwrite(STDOUT, 'Done.' . "\n");
$end_date = date_create('now');
$duration = date_diff($end_date, $begin_date);
fwrite(STDOUT, 'Ending feed actualization at ' . $end_date->format('c') . "\n");
