/**
* This action is called before every other action in that class. It is
* the common boiler plate for every action. It is triggered by the
* underlying framework.
*/
public function firstAction()
{
if (!FreshRSS_Auth::hasAccess()) {
Minz_Error::error(403);
}
Minz_View::prependTitle(_t('admin.stats.title') . ' · ');
}
/**
* This action handles the feed configuration page.
*
* It displays the feed configuration page.
* If this action is reached through a POST request, it stores all new
* configuraiton values then sends a notification to the user.
*
* The options available on the page are:
* - name
* - description
* - website URL
* - feed URL
* - category id (default: default category id)
* - CSS path to article on website
* - display in main stream (default: 0)
* - HTTP authentication
* - number of article to retain (default: -2)
* - refresh frequency (default: -2)
* Default values are empty strings unless specified.
*/
public function feedAction()
{
if (Minz_Request::param('ajax')) {
$this->view->_useLayout(false);
}
$feedDAO = FreshRSS_Factory::createFeedDao();
$this->view->feeds = $feedDAO->listFeeds();
$id = Minz_Request::param('id');
if ($id === false || !isset($this->view->feeds[$id])) {
Minz_Error::error(404);
return;
}
$this->view->feed = $this->view->feeds[$id];
Minz_View::prependTitle(_t('sub.title.feed_management') . ' · ' . $this->view->feed->name() . ' · ');
if (Minz_Request::isPost()) {
$user = Minz_Request::param('http_user', '');
$pass = Minz_Request::param('http_pass', '');
$httpAuth = '';
if ($user != '' || $pass != '') {
$httpAuth = $user . ':' . $pass;
}
$cat = intval(Minz_Request::param('category', 0));
$values = array('name' => Minz_Request::param('name', ''), 'description' => sanitizeHTML(Minz_Request::param('description', '', true)), 'website' => Minz_Request::param('website', ''), 'url' => Minz_Request::param('url', ''), 'category' => $cat, 'pathEntries' => Minz_Request::param('path_entries', ''), 'priority' => intval(Minz_Request::param('priority', 0)), 'httpAuth' => $httpAuth, 'keep_history' => intval(Minz_Request::param('keep_history', -2)), 'ttl' => intval(Minz_Request::param('ttl', -2)));
invalidateHttpCache();
$url_redirect = array('c' => 'subscription', 'params' => array('id' => $id));
if ($feedDAO->updateFeed($id, $values) !== false) {
$this->view->feed->_category($cat);
$this->view->feed->faviconPrepare();
Minz_Request::good(_t('feedback.sub.feed.updated'), $url_redirect);
} else {
Minz_Request::bad(_t('feedback.sub.feed.error'), $url_redirect);
}
}
}
/**
* This action is called before every other action in that class. It is
* the common boiler plate for every action. It is triggered by the
* underlying framework.
*
*/
public function firstAction()
{
if (!FreshRSS_Auth::hasAccess()) {
Minz_Error::error(403);
}
$catDAO = new FreshRSS_CategoryDAO();
$catDAO->checkDefault();
}
private function initAuth()
{
FreshRSS_Auth::init();
if (Minz_Request::isPost() && !is_referer_from_same_domain()) {
// Basic protection against XSRF attacks
FreshRSS_Auth::removeAccess();
$http_referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
Minz_Error::error(403, array('error' => array(_t('access_denied'), ' [HTTP_REFERER=' . htmlspecialchars($http_referer) . ']')));
}
}
/**
* This action is called before every other action in that class. It is
* the common boiler plate for every action. It is triggered by the
* underlying framework.
*/
public function firstAction()
{
if (!FreshRSS_Auth::hasAccess()) {
Minz_Error::error(403);
}
require_once LIB_PATH . '/lib_opml.php';
$this->catDAO = new FreshRSS_CategoryDAO();
$this->entryDAO = FreshRSS_Factory::createEntryDao();
$this->feedDAO = FreshRSS_Factory::createFeedDao();
}
/**
* This action is called before every other action in that class. It is
* the common boiler plate for every action. It is triggered by the
* underlying framework.
*/
public function firstAction()
{
if (!FreshRSS_Auth::hasAccess()) {
Minz_Error::error(403);
}
// If ajax request, we do not print layout
$this->ajax = Minz_Request::param('ajax');
if ($this->ajax) {
$this->view->_useLayout(false);
Minz_Request::_param('ajax');
}
}
private function initAuth()
{
FreshRSS_Auth::init();
if (Minz_Request::isPost() && !is_referer_from_same_domain()) {
// Basic protection against XSRF attacks
FreshRSS_Auth::removeAccess();
$http_referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
Minz_Translate::init('en');
//TODO: Better choice of fallback language
Minz_Error::error(403, array('error' => array(_t('feedback.access.denied'), ' [HTTP_REFERER=' . htmlspecialchars($http_referer) . ']')));
}
}
public function firstAction()
{
if (!FreshRSS_Auth::hasAccess('admin')) {
Minz_Error::error(403);
}
invalidateHttpCache();
$this->view->update_to_apply = false;
$this->view->last_update_time = 'unknown';
$timestamp = @filemtime(join_path(DATA_PATH, 'last_update.txt'));
if ($timestamp !== false) {
$this->view->last_update_time = timestamptodate($timestamp);
}
}
public function firstAction()
{
if (!$this->view->loginOk) {
// Token is useful in the case that anonymous refresh is forbidden
// and CRON task cannot be used with php command so the user can
// set a CRON task to refresh his feeds by using token inside url
$token = $this->view->conf->token;
$token_param = Minz_Request::param('token', '');
$token_is_ok = $token != '' && $token == $token_param;
$action = Minz_Request::actionName();
if (!(($token_is_ok || Minz_Configuration::allowAnonymousRefresh()) && $action === 'actualize')) {
Minz_Error::error(403, array('error' => array(Minz_Translate::t('access_denied'))));
}
}
}
public function firstAction()
{
if (!$this->view->loginOk) {
Minz_Error::error(403, array('error' => array(Minz_Translate::t('access_denied'))));
}
$this->params = array();
$output = Minz_Request::param('output', '');
if ($output != '' && $this->view->conf->view_mode !== $output) {
$this->params['output'] = $output;
}
$this->redirect = false;
$ajax = Minz_Request::param('ajax');
if ($ajax) {
$this->view->_useLayout(false);
}
}
/**
* Démarre l'application (lance le dispatcher et renvoie la réponse)
*/
public function run()
{
try {
$this->dispatcher->run();
} catch (Minz_Exception $e) {
try {
Minz_Log::error($e->getMessage());
} catch (Minz_PermissionDeniedException $e) {
$this->killApp($e->getMessage());
}
if ($e instanceof Minz_FileNotExistException || $e instanceof Minz_ControllerNotExistException || $e instanceof Minz_ControllerNotActionControllerException || $e instanceof Minz_ActionException) {
Minz_Error::error(404, array('error' => array($e->getMessage())), true);
} else {
$this->killApp();
}
}
}
/**
* This action displays the user management page.
*/
public function manageAction()
{
if (!FreshRSS_Auth::hasAccess('admin')) {
Minz_Error::error(403);
}
Minz_View::prependTitle(_t('admin.user.title') . ' · ');
// Get the correct current user.
$username = Minz_Request::param('u', Minz_Session::param('currentUser'));
if (!FreshRSS_UserDAO::exist($username)) {
$username = Minz_Session::param('currentUser');
}
$this->view->current_user = $username;
// Get information about the current user.
$entryDAO = FreshRSS_Factory::createEntryDao($this->view->current_user);
$this->view->nb_articles = $entryDAO->count();
$this->view->size_user = $entryDAO->size();
}
public function feedAction()
{
$catDAO = new FreshRSS_CategoryDAO();
$this->view->categories = $catDAO->listCategories(false);
$feedDAO = new FreshRSS_FeedDAO();
$this->view->feeds = $feedDAO->listFeeds();
$id = Minz_Request::param('id');
if ($id == false && !empty($this->view->feeds)) {
$id = current($this->view->feeds)->id();
}
$this->view->flux = false;
if ($id != false) {
$this->view->flux = $this->view->feeds[$id];
if (!$this->view->flux) {
Minz_Error::error(404, array('error' => array(Minz_Translate::t('page_not_found'))));
} else {
if (Minz_Request::isPost() && $this->view->flux) {
$user = Minz_Request::param('http_user', '');
$pass = Minz_Request::param('http_pass', '');
$httpAuth = '';
if ($user != '' || $pass != '') {
$httpAuth = $user . ':' . $pass;
}
$cat = intval(Minz_Request::param('category', 0));
$values = array('name' => Minz_Request::param('name', ''), 'description' => sanitizeHTML(Minz_Request::param('description', '', true)), 'website' => Minz_Request::param('website', ''), 'url' => Minz_Request::param('url', ''), 'category' => $cat, 'pathEntries' => Minz_Request::param('path_entries', ''), 'priority' => intval(Minz_Request::param('priority', 0)), 'httpAuth' => $httpAuth, 'keep_history' => intval(Minz_Request::param('keep_history', -2)));
if ($feedDAO->updateFeed($id, $values)) {
$this->view->flux->_category($cat);
$this->view->flux->faviconPrepare();
$notif = array('type' => 'good', 'content' => Minz_Translate::t('feed_updated'));
} else {
$notif = array('type' => 'bad', 'content' => Minz_Translate::t('error_occurred_update'));
}
invalidateHttpCache();
Minz_Session::_param('notification', $notif);
Minz_Request::forward(array('c' => 'configure', 'a' => 'feed', 'params' => array('id' => $id)), true);
}
Minz_View::prependTitle(Minz_Translate::t('rss_feed_management') . ' — ' . $this->view->flux->name() . ' · ');
}
} else {
Minz_View::prependTitle(Minz_Translate::t('rss_feed_management') . ' · ');
}
}
/**
* This action handles the login page.
*
* It forwards to the correct login page (form or Persona) or main page if
* the user is already connected.
*/
public function loginAction()
{
if (FreshRSS_Auth::hasAccess()) {
Minz_Request::forward(array('c' => 'index', 'a' => 'index'), true);
}
$auth_type = FreshRSS_Context::$system_conf->auth_type;
switch ($auth_type) {
case 'form':
Minz_Request::forward(array('c' => 'auth', 'a' => 'formLogin'));
break;
case 'persona':
Minz_Request::forward(array('c' => 'auth', 'a' => 'personaLogin'));
break;
case 'http_auth':
case 'none':
// It should not happened!
Minz_Error::error(404);
default:
// TODO load plugin instead
Minz_Error::error(404);
}
}
/**
* This action changes the category of a feed.
*
* This page must be reached by a POST request.
*
* Parameters are:
* - f_id (default: false)
* - c_id (default: false)
* If c_id is false, default category is used.
*
* @todo should handle order of the feed inside the category.
*/
public function moveAction()
{
if (!Minz_Request::isPost()) {
Minz_Request::forward(array('c' => 'subscription'), true);
}
$feed_id = Minz_Request::param('f_id');
$cat_id = Minz_Request::param('c_id');
if ($cat_id === false) {
// If category was not given get the default one.
$catDAO = new FreshRSS_CategoryDAO();
$catDAO->checkDefault();
$def_cat = $catDAO->getDefault();
$cat_id = $def_cat->id();
}
$feedDAO = FreshRSS_Factory::createFeedDao();
$values = array('category' => $cat_id);
$feed = $feedDAO->searchById($feed_id);
if ($feed && ($feed->category() == $cat_id || $feedDAO->updateFeed($feed_id, $values))) {
// TODO: return something useful
} else {
Minz_Log::warning('Cannot move feed `' . $feed_id . '` ' . 'in the category `' . $cat_id . '`');
Minz_Error::error(404);
}
}
/**
* This action gives possibility to a user to create an account.
*/
public function registerAction()
{
if (max_registrations_reached()) {
Minz_Error::error(403);
}
Minz_View::prependTitle(_t('gen.auth.registration.title') . ' · ');
}
/**
* This action displays logs of FreshRSS for the current user.
*/
public function logsAction()
{
if (!FreshRSS_Auth::hasAccess()) {
Minz_Error::error(403);
}
Minz_View::prependTitle(_t('index.log.title') . ' · ');
if (Minz_Request::isPost()) {
FreshRSS_LogDAO::truncate();
}
$logs = FreshRSS_LogDAO::lines();
//TODO: ask only the necessary lines
//gestion pagination
$page = Minz_Request::param('page', 1);
$this->view->logsPaginator = new Minz_Paginator($logs);
$this->view->logsPaginator->_nbItemsPerPage(50);
$this->view->logsPaginator->_currentPage($page);
}
/**
* This action handles the system configuration page.
*
* It displays the system configuration page.
* If this action is reach through a POST request, it stores all new
* configuration values then sends a notification to the user.
*
* The options available on the page are:
* - user limit (default: 1)
* - user category limit (default: 16384)
* - user feed limit (default: 16384)
*/
public function systemAction()
{
if (!FreshRSS_Auth::hasAccess('admin')) {
Minz_Error::error(403);
}
if (Minz_Request::isPost()) {
$limits = FreshRSS_Context::$system_conf->limits;
$limits['max_registrations'] = Minz_Request::param('max-registrations', 1);
$limits['max_feeds'] = Minz_Request::param('max-feeds', 16384);
$limits['max_categories'] = Minz_Request::param('max-categories', 16384);
FreshRSS_Context::$system_conf->limits = $limits;
FreshRSS_Context::$system_conf->title = Minz_Request::param('instance-name', 'FreshRSS');
FreshRSS_Context::$system_conf->auto_update_url = Minz_Request::param('auto-update-url', false);
FreshRSS_Context::$system_conf->save();
invalidateHttpCache();
Minz_Session::_param('notification', array('type' => 'good', 'content' => _t('feedback.conf.updated')));
}
}
/**
* This action is called before every other action in that class. It is
* the common boiler plate for every action. It is triggered by the
* underlying framework.
*/
public function firstAction()
{
if (!FreshRSS_Auth::hasAccess()) {
Minz_Error::error(403);
}
}
public function formLoginAction()
{
if (Minz_Request::isPost()) {
$ok = false;
$nonce = Minz_Session::param('nonce');
$username = Minz_Request::param('username', '');
$c = Minz_Request::param('challenge', '');
if (ctype_alnum($username) && ctype_graph($c) && ctype_alnum($nonce)) {
if (!function_exists('password_verify')) {
include_once LIB_PATH . '/password_compat.php';
}
try {
$conf = new FreshRSS_Configuration($username);
$s = $conf->passwordHash;
$ok = password_verify($nonce . $s, $c);
if ($ok) {
Minz_Session::_param('currentUser', $username);
Minz_Session::_param('passwordHash', $s);
} else {
Minz_Log::record('Password mismatch for user ' . $username . ', nonce=' . $nonce . ', c=' . $c, Minz_Log::WARNING);
}
} catch (Minz_Exception $me) {
Minz_Log::record('Login failure: ' . $me->getMessage(), Minz_Log::WARNING);
}
} else {
Minz_Log::record('Invalid credential parameters: user='******' challenge=' . $c . ' nonce=' . $nonce, Minz_Log::DEBUG);
}
if (!$ok) {
$notif = array('type' => 'bad', 'content' => Minz_Translate::t('invalid_login'));
Minz_Session::_param('notification', $notif);
}
$this->view->_useLayout(false);
Minz_Request::forward(array('c' => 'index', 'a' => 'index'), true);
} elseif (!Minz_Configuration::canLogIn()) {
Minz_Error::error(403, array('error' => array(Minz_Translate::t('access_denied'))));
}
invalidateHttpCache();
}
public function firstAction()
{
if (!$this->view->loginOk) {
Minz_Error::error(403, array('error' => array(Minz_Translate::t('access_denied'))));
}
}
/**
* This action handles deletion of an extension.
*
* Only administrator can remove an extension.
* This action must be reached by a POST request.
*
* Parameter is:
* -e: extension name (urlencoded)
*/
public function removeAction()
{
if (!FreshRSS_Auth::hasAccess('admin')) {
Minz_Error::error(403);
}
$url_redirect = array('c' => 'extension', 'a' => 'index');
if (Minz_Request::isPost()) {
$ext_name = urldecode(Minz_Request::param('e'));
$ext = Minz_ExtensionManager::findExtension($ext_name);
if (is_null($ext)) {
Minz_Request::bad(_t('feedback.extensions.not_found', $ext_name), $url_redirect);
}
$res = recursive_unlink($ext->getPath());
if ($res) {
Minz_Request::good(_t('feedback.extensions.removed', $ext_name), $url_redirect);
} else {
Minz_Request::bad(_t('feedback.extensions.cannot_delete', $ext_name), $url_redirect);
}
}
Minz_Request::forward($url_redirect, true);
}