private function accessControl($currentUser) { if ($currentUser == '') { switch (Minz_Configuration::authType()) { case 'form': $currentUser = Minz_Configuration::defaultUser(); Minz_Session::_param('passwordHash'); $loginOk = false; break; case 'http_auth': $currentUser = httpAuthUser(); $loginOk = $currentUser != ''; break; case 'persona': $loginOk = false; $email = filter_var(Minz_Session::param('mail'), FILTER_VALIDATE_EMAIL); if ($email != '') { //TODO: Remove redundancy with indexController $personaFile = DATA_PATH . '/persona/' . $email . '.txt'; if (($currentUser = @file_get_contents($personaFile)) !== false) { $currentUser = trim($currentUser); $loginOk = true; } } if (!$loginOk) { $currentUser = Minz_Configuration::defaultUser(); } break; case 'none': $currentUser = Minz_Configuration::defaultUser(); $loginOk = true; break; default: $currentUser = Minz_Configuration::defaultUser(); $loginOk = false; break; } } else { $loginOk = true; } if (!ctype_alnum($currentUser)) { Minz_Session::_param('currentUser', ''); die('Invalid username [' . $currentUser . ']!'); } try { $this->conf = new FreshRSS_Configuration($currentUser); Minz_View::_param('conf', $this->conf); Minz_Session::_param('currentUser', $currentUser); } catch (Minz_Exception $me) { $loginOk = false; try { $this->conf = new FreshRSS_Configuration(Minz_Configuration::defaultUser()); Minz_Session::_param('currentUser', Minz_Configuration::defaultUser()); Minz_View::_param('conf', $this->conf); $notif = array('type' => 'bad', 'content' => 'Invalid configuration for user [' . $currentUser . ']!'); Minz_Session::_param('notification', $notif); Minz_Log::record($notif['content'] . ' ' . $me->getMessage(), Minz_Log::WARNING); Minz_Session::_param('currentUser', ''); } catch (Exception $e) { die($e->getMessage()); } } if ($loginOk) { switch (Minz_Configuration::authType()) { case 'form': $loginOk = Minz_Session::param('passwordHash') === $this->conf->passwordHash; break; case 'http_auth': $loginOk = strcasecmp($currentUser, httpAuthUser()) === 0; break; case 'persona': $loginOk = strcasecmp(Minz_Session::param('mail'), $this->conf->mail_login) === 0; break; case 'none': $loginOk = true; break; default: $loginOk = false; break; } } Minz_View::_param('loginOk', $loginOk); return $loginOk; }
public function deleteAction() { if (Minz_Request::isPost() && Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) { require_once APP_PATH . '/sql.php'; $username = Minz_Request::param('username'); $ok = ctype_alnum($username); if ($ok) { $ok &= strcasecmp($username, Minz_Configuration::defaultUser()) !== 0; //It is forbidden to delete the default user } if ($ok) { $configPath = DATA_PATH . '/' . $username . '_user.php'; $ok &= file_exists($configPath); } if ($ok) { $userDAO = new FreshRSS_UserDAO(); $ok &= $userDAO->deleteUser($username); $ok &= unlink($configPath); //TODO: delete Persona file } invalidateHttpCache(); $notif = array('type' => $ok ? 'good' : 'bad', 'content' => Minz_Translate::t($ok ? 'user_deleted' : 'error_occurred', $username)); Minz_Session::_param('notification', $notif); } Minz_Request::forward(array('c' => 'configure', 'a' => 'users'), true); }
<?php require dirname(__FILE__) . '/../constants.php'; require LIB_PATH . '/lib_rss.php'; //Includes class autoloader session_cache_limiter(''); ob_implicit_flush(false); ob_start(); echo 'Results: ', "\n"; //Buffered Minz_Configuration::init(); $users = listUsers(); shuffle($users); //Process users in random order array_unshift($users, Minz_Configuration::defaultUser()); //But always start with admin $users = array_unique($users); foreach ($users as $myUser) { syslog(LOG_INFO, 'FreshRSS actualize ' . $myUser); if (defined('STDOUT')) { fwrite(STDOUT, 'Actualize ' . $myUser . "...\n"); //Unbuffered } echo $myUser, ' '; //Buffered $_GET['c'] = 'feed'; $_GET['a'] = 'actualize'; $_GET['ajax'] = 1; $_GET['force'] = true; $_SERVER['HTTP_HOST'] = ''; $freshRSS = new FreshRSS();