public function lastAction()
{
$ajax = Minz_Request::param('ajax');
if (!$ajax && $this->redirect) {
Minz_Request::forward(array('c' => 'index', 'a' => 'index', 'params' => $this->params), true);
} else {
Minz_Request::_param('ajax');
}
}
/**
* This action is called before every other action in that class. It is
* the common boiler plate for every action. It is triggered by the
* underlying framework.
*/
public function firstAction()
{
if (!FreshRSS_Auth::hasAccess()) {
Minz_Error::error(403);
}
// If ajax request, we do not print layout
$this->ajax = Minz_Request::param('ajax');
if ($this->ajax) {
$this->view->_useLayout(false);
Minz_Request::_param('ajax');
}
}
Minz_Translate::init('en');
Minz_Request::_param('ajax', true);
$feedController = new FreshRSS_feed_Controller();
$simplePie = customSimplePie();
$simplePie->set_raw_data($ORIGINAL_INPUT);
$simplePie->init();
unset($ORIGINAL_INPUT);
$links = $simplePie->get_links('self');
$self = isset($links[0]) ? $links[0] : null;
if ($self !== base64url_decode($canonical64)) {
//header('HTTP/1.1 422 Unprocessable Entity');
logMe('Warning: Self URL [' . $self . '] does not match registered canonical URL!: ' . base64url_decode($canonical64));
//die('Self URL does not match registered canonical URL!');
$self = base64url_decode($canonical64);
}
Minz_Request::_param('url', $self);
$nb = 0;
foreach ($users as $userFilename) {
$username = basename($userFilename, '.txt');
if (!file_exists(USERS_PATH . '/' . $username . '/config.php')) {
break;
}
try {
Minz_Session::_param('currentUser', $username);
Minz_Configuration::register('user', join_path(USERS_PATH, $username, 'config.php'), join_path(USERS_PATH, '_', 'config.default.php'));
FreshRSS_Context::init();
if ($feedController->actualizeAction($simplePie) > 0) {
$nb++;
}
} catch (Exception $e) {
logMe('Error: ' . $e->getMessage());
/**
* This action handles form login page.
*
* If this action is reached through a POST request, username and password
* are compared to login the current user.
*
* Parameters are:
* - nonce (default: false)
* - username (default: '')
* - challenge (default: '')
* - keep_logged_in (default: false)
*
* @todo move unsafe autologin in an extension.
*/
public function formLoginAction()
{
invalidateHttpCache();
$file_mtime = @filemtime(PUBLIC_PATH . '/scripts/bcrypt.min.js');
Minz_View::appendScript(Minz_Url::display('/scripts/bcrypt.min.js?' . $file_mtime));
if (Minz_Request::isPost()) {
$nonce = Minz_Session::param('nonce');
$username = Minz_Request::param('username', '');
$challenge = Minz_Request::param('challenge', '');
$conf = get_user_configuration($username);
if (is_null($conf)) {
Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false);
return;
}
$ok = FreshRSS_FormAuth::checkCredentials($username, $conf->passwordHash, $nonce, $challenge);
if ($ok) {
// Set session parameter to give access to the user.
Minz_Session::_param('currentUser', $username);
Minz_Session::_param('passwordHash', $conf->passwordHash);
FreshRSS_Auth::giveAccess();
// Set cookie parameter if nedded.
if (Minz_Request::param('keep_logged_in')) {
FreshRSS_FormAuth::makeCookie($username, $conf->passwordHash);
} else {
FreshRSS_FormAuth::deleteCookie();
}
// All is good, go back to the index.
Minz_Request::good(_t('feedback.auth.login.success'), array('c' => 'index', 'a' => 'index'));
} else {
Minz_Log::warning('Password mismatch for' . ' user='******', nonce=' . $nonce . ', c=' . $challenge);
Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false);
}
} elseif (FreshRSS_Context::$system_conf->unsafe_autologin_enabled) {
$username = Minz_Request::param('u', '');
$password = Minz_Request::param('p', '');
Minz_Request::_param('p');
if (!$username) {
return;
}
$conf = get_user_configuration($username);
if (is_null($conf)) {
return;
}
if (!function_exists('password_verify')) {
include_once LIB_PATH . '/password_compat.php';
}
$s = $conf->passwordHash;
$ok = password_verify($password, $s);
unset($password);
if ($ok) {
Minz_Session::_param('currentUser', $username);
Minz_Session::_param('passwordHash', $s);
FreshRSS_Auth::giveAccess();
Minz_Request::good(_t('feedback.auth.login.success'), array('c' => 'index', 'a' => 'index'));
} else {
Minz_Log::warning('Unsafe password mismatch for user ' . $username);
Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false);
}
}
}
public function importExportAction()
{
require_once LIB_PATH . '/lib_opml.php';
$catDAO = new FreshRSS_CategoryDAO();
$this->view->categories = $catDAO->listCategories();
$this->view->req = Minz_Request::param('q');
if ($this->view->req == 'export') {
Minz_View::_title('freshrss_feeds.opml');
$this->view->_useLayout(false);
header('Content-Type: application/xml; charset=utf-8');
header('Content-disposition: attachment; filename=freshrss_feeds.opml');
$feedDAO = new FreshRSS_FeedDAO();
$catDAO = new FreshRSS_CategoryDAO();
$list = array();
foreach ($catDAO->listCategories() as $key => $cat) {
$list[$key]['name'] = $cat->name();
$list[$key]['feeds'] = $feedDAO->listByCategory($cat->id());
}
$this->view->categories = $list;
} elseif ($this->view->req == 'import' && Minz_Request::isPost()) {
if ($_FILES['file']['error'] == 0) {
invalidateHttpCache();
// on parse le fichier OPML pour récupérer les catégories et les flux associés
try {
list($categories, $feeds) = opml_import(file_get_contents($_FILES['file']['tmp_name']));
// On redirige vers le controller feed qui va se charger d'insérer les flux en BDD
// les flux sont mis au préalable dans des variables de Request
Minz_Request::_param('q', 'null');
Minz_Request::_param('categories', $categories);
Minz_Request::_param('feeds', $feeds);
Minz_Request::forward(array('c' => 'feed', 'a' => 'massiveImport'));
} catch (FreshRSS_Opml_Exception $e) {
Minz_Log::record($e->getMessage(), Minz_Log::WARNING);
$notif = array('type' => 'bad', 'content' => Minz_Translate::t('bad_opml_file'));
Minz_Session::_param('notification', $notif);
Minz_Request::forward(array('c' => 'configure', 'a' => 'importExport'), true);
}
}
}
$feedDAO = new FreshRSS_FeedDAO();
$this->view->feeds = $feedDAO->listFeeds();
// au niveau de la vue, permet de ne pas voir un flux sélectionné dans la liste
$this->view->flux = false;
Minz_View::prependTitle(Minz_Translate::t('import_export_opml') . ' · ');
}
public function createAction()
{
if (Minz_Request::isPost() && Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) {
require_once APP_PATH . '/sql.php';
$new_user_language = Minz_Request::param('new_user_language', $this->view->conf->language);
if (!in_array($new_user_language, $this->view->conf->availableLanguages())) {
$new_user_language = $this->view->conf->language;
}
$new_user_name = Minz_Request::param('new_user_name');
$ok = $new_user_name != '' && ctype_alnum($new_user_name);
if ($ok) {
$ok &= strcasecmp($new_user_name, Minz_Configuration::defaultUser()) !== 0;
//It is forbidden to alter the default user
$ok &= !in_array(strtoupper($new_user_name), array_map('strtoupper', listUsers()));
//Not an existing user, case-insensitive
$configPath = DATA_PATH . '/' . $new_user_name . '_user.php';
$ok &= !file_exists($configPath);
}
if ($ok) {
$passwordPlain = Minz_Request::param('new_user_passwordPlain', false);
$passwordHash = '';
if ($passwordPlain != '') {
Minz_Request::_param('new_user_passwordPlain');
//Discard plain-text password ASAP
$_POST['new_user_passwordPlain'] = '';
if (!function_exists('password_hash')) {
include_once LIB_PATH . '/password_compat.php';
}
$passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => self::BCRYPT_COST));
$passwordPlain = '';
$passwordHash = preg_replace('/^\\$2[xy]\\$/', '\\$2a\\$', $passwordHash);
//Compatibility with bcrypt.js
$ok &= $passwordHash != '';
}
if (empty($passwordHash)) {
$passwordHash = '';
}
$new_user_email = filter_var($_POST['new_user_email'], FILTER_VALIDATE_EMAIL);
if (empty($new_user_email)) {
$new_user_email = '';
} else {
$personaFile = DATA_PATH . '/persona/' . $new_user_email . '.txt';
@unlink($personaFile);
$ok &= file_put_contents($personaFile, $new_user_name) !== false;
}
}
if ($ok) {
$config_array = array('language' => $new_user_language, 'passwordHash' => $passwordHash, 'mail_login' => $new_user_email);
$ok &= file_put_contents($configPath, "<?php\n return " . var_export($config_array, true) . ';') !== false;
}
if ($ok) {
$userDAO = new FreshRSS_UserDAO();
$ok &= $userDAO->createUser($new_user_name);
}
invalidateHttpCache();
$notif = array('type' => $ok ? 'good' : 'bad', 'content' => Minz_Translate::t($ok ? 'user_created' : 'error_occurred', $new_user_name));
Minz_Session::_param('notification', $notif);
}
Minz_Request::forward(array('c' => 'configure', 'a' => 'users'), true);
}
/**
* This action creates a new user.
*
* Request parameters are:
* - new_user_language
* - new_user_name
* - new_user_passwordPlain
* - new_user_email
* - r (i.e. a redirection url, optional)
*
* @todo clean up this method. Idea: write a method to init a user with basic information.
* @todo handle r redirection in Minz_Request::forward directly?
*/
public function createAction()
{
if (Minz_Request::isPost() && (FreshRSS_Auth::hasAccess('admin') || !max_registrations_reached())) {
$db = FreshRSS_Context::$system_conf->db;
require_once APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php';
$new_user_language = Minz_Request::param('new_user_language', FreshRSS_Context::$user_conf->language);
$languages = Minz_Translate::availableLanguages();
if (!isset($languages[$new_user_language])) {
$new_user_language = FreshRSS_Context::$user_conf->language;
}
$new_user_name = Minz_Request::param('new_user_name');
$ok = $new_user_name != '' && ctype_alnum($new_user_name);
if ($ok) {
$default_user = FreshRSS_Context::$system_conf->default_user;
$ok &= strcasecmp($new_user_name, $default_user) !== 0;
//It is forbidden to alter the default user
$ok &= !in_array(strtoupper($new_user_name), array_map('strtoupper', listUsers()));
//Not an existing user, case-insensitive
$configPath = join_path(DATA_PATH, 'users', $new_user_name, 'config.php');
$ok &= !file_exists($configPath);
}
if ($ok) {
$passwordPlain = Minz_Request::param('new_user_passwordPlain', '', true);
$passwordHash = '';
if ($passwordPlain != '') {
Minz_Request::_param('new_user_passwordPlain');
//Discard plain-text password ASAP
$_POST['new_user_passwordPlain'] = '';
if (!function_exists('password_hash')) {
include_once LIB_PATH . '/password_compat.php';
}
$passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => self::BCRYPT_COST));
$passwordPlain = '';
$passwordHash = preg_replace('/^\\$2[xy]\\$/', '\\$2a\\$', $passwordHash);
//Compatibility with bcrypt.js
$ok &= $passwordHash != '';
}
if (empty($passwordHash)) {
$passwordHash = '';
}
$new_user_email = filter_var($_POST['new_user_email'], FILTER_VALIDATE_EMAIL);
if (empty($new_user_email)) {
$new_user_email = '';
} else {
$personaFile = join_path(DATA_PATH, 'persona', $new_user_email . '.txt');
@unlink($personaFile);
$ok &= file_put_contents($personaFile, $new_user_name) !== false;
}
}
if ($ok) {
mkdir(join_path(DATA_PATH, 'users', $new_user_name));
$config_array = array('language' => $new_user_language, 'passwordHash' => $passwordHash, 'mail_login' => $new_user_email);
$ok &= file_put_contents($configPath, "<?php\n return " . var_export($config_array, true) . ';') !== false;
}
if ($ok) {
$userDAO = new FreshRSS_UserDAO();
$ok &= $userDAO->createUser($new_user_name);
}
invalidateHttpCache();
$notif = array('type' => $ok ? 'good' : 'bad', 'content' => _t('feedback.user.created' . (!$ok ? '.error' : ''), $new_user_name));
Minz_Session::_param('notification', $notif);
}
$redirect_url = urldecode(Minz_Request::param('r', false, true));
if (!$redirect_url) {
$redirect_url = array('c' => 'user', 'a' => 'manage');
}
Minz_Request::forward($redirect_url, true);
}
private function loadParamsView()
{
Minz_Session::_param('language', $this->conf->language);
Minz_Translate::init();
$output = Minz_Request::param('output', '');
if ($output === '' || $output !== 'normal' && $output !== 'rss' && $output !== 'reader' && $output !== 'global') {
$output = $this->conf->view_mode;
Minz_Request::_param('output', $output);
}
}