public function authAction() { if (Minz_Request::isPost()) { $ok = true; $passwordPlain = Minz_Request::param('passwordPlain', false); if ($passwordPlain != '') { Minz_Request::_param('passwordPlain'); //Discard plain-text password ASAP $_POST['passwordPlain'] = ''; if (!function_exists('password_hash')) { include_once LIB_PATH . '/password_compat.php'; } $passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => self::BCRYPT_COST)); $passwordPlain = ''; $passwordHash = preg_replace('/^\\$2[xy]\\$/', '\\$2a\\$', $passwordHash); //Compatibility with bcrypt.js $ok &= $passwordHash != ''; $this->view->conf->_passwordHash($passwordHash); } Minz_Session::_param('passwordHash', $this->view->conf->passwordHash); if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) { $this->view->conf->_mail_login(Minz_Request::param('mail_login', false)); } $email = $this->view->conf->mail_login; Minz_Session::_param('mail', $email); $ok &= $this->view->conf->save(); if ($email != '') { $personaFile = DATA_PATH . '/persona/' . $email . '.txt'; @unlink($personaFile); $ok &= file_put_contents($personaFile, Minz_Session::param('currentUser', '_')) !== false; } if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) { $current_token = $this->view->conf->token; $token = Minz_Request::param('token', $current_token); $this->view->conf->_token($token); $ok &= $this->view->conf->save(); $anon = Minz_Request::param('anon_access', false); $anon = (bool) $anon && $anon !== 'no'; $anon_refresh = Minz_Request::param('anon_refresh', false); $anon_refresh = (bool) $anon_refresh && $anon_refresh !== 'no'; $auth_type = Minz_Request::param('auth_type', 'none'); if ($anon != Minz_Configuration::allowAnonymous() || $auth_type != Minz_Configuration::authType() || $anon_refresh != Minz_Configuration::allowAnonymousRefresh()) { Minz_Configuration::_authType($auth_type); Minz_Configuration::_allowAnonymous($anon); Minz_Configuration::_allowAnonymousRefresh($anon_refresh); $ok &= Minz_Configuration::writeFile(); } } invalidateHttpCache(); $notif = array('type' => $ok ? 'good' : 'bad', 'content' => Minz_Translate::t($ok ? 'configuration_updated' : 'error_occurred')); Minz_Session::_param('notification', $notif); } Minz_Request::forward(array('c' => 'configure', 'a' => 'users'), true); }
public function indexAction() { $output = Minz_Request::param('output'); $token = $this->view->conf->token; // check if user is logged in if (!$this->view->loginOk && !Minz_Configuration::allowAnonymous()) { $token_param = Minz_Request::param('token', ''); $token_is_ok = $token != '' && $token === $token_param; if ($output === 'rss' && !$token_is_ok) { Minz_Error::error(403, array('error' => array(Minz_Translate::t('access_denied')))); return; } elseif ($output !== 'rss') { // "hard" redirection is not required, just ask dispatcher to // forward to the login form without 302 redirection Minz_Request::forward(array('c' => 'index', 'a' => 'formLogin')); return; } } // construction of RSS url of this feed $params = Minz_Request::params(); $params['output'] = 'rss'; if (isset($params['search'])) { $params['search'] = urlencode($params['search']); } if (!Minz_Configuration::allowAnonymous()) { $params['token'] = $token; } $this->view->rss_url = array('c' => 'index', 'a' => 'index', 'params' => $params); if ($output === 'rss') { // no layout for RSS output $this->view->_useLayout(false); header('Content-Type: application/rss+xml; charset=utf-8'); } elseif ($output === 'global') { Minz_View::appendScript(Minz_Url::display('/scripts/global_view.js?' . @filemtime(PUBLIC_PATH . '/scripts/global_view.js'))); } $catDAO = new FreshRSS_CategoryDAO(); $entryDAO = new FreshRSS_EntryDAO(); $this->view->cat_aside = $catDAO->listCategories(); $this->view->nb_favorites = $entryDAO->countUnreadReadFavorites(); $this->view->nb_not_read = FreshRSS_CategoryDAO::CountUnreads($this->view->cat_aside, 1); $this->view->currentName = ''; $this->view->get_c = ''; $this->view->get_f = ''; $get = Minz_Request::param('get', 'a'); $getType = $get[0]; $getId = substr($get, 2); if (!$this->checkAndProcessType($getType, $getId)) { Minz_Log::record('Not found [' . $getType . '][' . $getId . ']', Minz_Log::DEBUG); Minz_Error::error(404, array('error' => array(Minz_Translate::t('page_not_found')))); return; } // mise à jour des titres $this->view->rss_title = $this->view->currentName . ' | ' . Minz_View::title(); if ($this->view->nb_not_read > 0) { Minz_View::appendTitle(' (' . formatNumber($this->view->nb_not_read) . ')'); } Minz_View::prependTitle($this->view->currentName . ($this->nb_not_read_cat > 0 ? ' (' . formatNumber($this->nb_not_read_cat) . ')' : '') . ' · '); // On récupère les différents éléments de filtrage $this->view->state = $state = Minz_Request::param('state', $this->view->conf->default_view); $filter = Minz_Request::param('search', ''); if (!empty($filter)) { $state = 'all'; //Search always in read and unread articles } $this->view->order = $order = Minz_Request::param('order', $this->view->conf->sort_order); $nb = Minz_Request::param('nb', $this->view->conf->posts_per_page); $first = Minz_Request::param('next', ''); if ($state === 'not_read') { //Any unread article in this category at all? switch ($getType) { case 'a': $hasUnread = $this->view->nb_not_read > 0; break; case 's': $hasUnread = $this->view->nb_favorites['unread'] > 0; break; case 'c': $hasUnread = !isset($this->view->cat_aside[$getId]) || $this->view->cat_aside[$getId]->nbNotRead() > 0; break; case 'f': $myFeed = FreshRSS_CategoryDAO::findFeed($this->view->cat_aside, $getId); $hasUnread = $myFeed === null || $myFeed->nbNotRead() > 0; break; default: $hasUnread = true; break; } if (!$hasUnread) { $this->view->state = $state = 'all'; } } $today = @strtotime('today'); $this->view->today = $today; // on calcule la date des articles les plus anciens qu'on affiche $nb_month_old = $this->view->conf->old_entries; $date_min = $today - 3600 * 24 * 30 * $nb_month_old; //Do not use a fast changing value such as time() to allow SQL caching $keepHistoryDefault = $this->view->conf->keep_history_default; try { $entries = $entryDAO->listWhere($getType, $getId, $state, $order, $nb + 1, $first, $filter, $date_min, $keepHistoryDefault); // Si on a récupéré aucun article "non lus" // on essaye de récupérer tous les articles if ($state === 'not_read' && empty($entries)) { Minz_Log::record('Conflicting information about nbNotRead!', Minz_Log::DEBUG); $this->view->state = 'all'; $entries = $entryDAO->listWhere($getType, $getId, 'all', $order, $nb, $first, $filter, $date_min, $keepHistoryDefault); } if (count($entries) <= $nb) { $this->view->nextId = ''; } else { //We have more elements for pagination $lastEntry = array_pop($entries); $this->view->nextId = $lastEntry->id(); } $this->view->entries = $entries; } catch (FreshRSS_EntriesGetter_Exception $e) { Minz_Log::record($e->getMessage(), Minz_Log::NOTICE); Minz_Error::error(404, array('error' => array(Minz_Translate::t('page_not_found')))); } }