diff options
| -rwxr-xr-x | app/Controllers/configureController.php | 2 | ||||
| -rwxr-xr-x | app/Controllers/indexController.php | 4 | ||||
| -rw-r--r-- | app/FreshRSS.php | 51 | ||||
| -rw-r--r-- | app/Models/LogDAO.php | 8 | ||||
| -rwxr-xr-x | app/actualize_script.php | 12 | ||||
| -rw-r--r-- | app/views/configure/users.phtml | 6 | ||||
| -rw-r--r-- | lib/Minz/Configuration.php | 13 | ||||
| -rw-r--r-- | lib/Minz/Log.php | 2 | ||||
| -rw-r--r-- | lib/Minz/ModelPdo.php | 3 | ||||
| -rw-r--r-- | lib/Minz/Session.php | 10 | ||||
| -rw-r--r-- | lib/lib_rss.php | 9 | ||||
| -rwxr-xr-x | p/i/index.php | 13 |
12 files changed, 73 insertions, 60 deletions
diff --git a/app/Controllers/configureController.php b/app/Controllers/configureController.php index 656e2ac89..2260e978b 100755 --- a/app/Controllers/configureController.php +++ b/app/Controllers/configureController.php @@ -322,7 +322,7 @@ class FreshRSS_configure_Controller extends Minz_ActionController { Minz_Session::_param('mail', $this->view->conf->mail_login); - if (Minz_Configuration::isAdmin()) { + if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) { $anon = Minz_Request::param('anon_access', false); $anon = ((bool)$anon) && ($anon !== 'no'); $auth_type = Minz_Request::param('auth_type', 'none'); diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php index cc851a1fa..7309169a6 100755 --- a/app/Controllers/indexController.php +++ b/app/Controllers/indexController.php @@ -218,10 +218,10 @@ class FreshRSS_index_Controller extends Minz_ActionController { Minz_View::prependTitle (Minz_Translate::t ('logs') . ' - '); if (Minz_Request::isPost ()) { - file_put_contents(LOG_PATH . '/' . Minz_Configuration::currentUser() . '.log', ''); //Truncate + FreshRSS_LogDAO::truncate(); } - $logs = FreshRSS_LogDAO::lines(Minz_Configuration::currentUser()); //TODO: ask only the necessary lines + $logs = FreshRSS_LogDAO::lines(); //TODO: ask only the necessary lines //gestion pagination $page = Minz_Request::param ('page', 1); diff --git a/app/FreshRSS.php b/app/FreshRSS.php index 10f362717..0e166cc3b 100644 --- a/app/FreshRSS.php +++ b/app/FreshRSS.php @@ -1,22 +1,24 @@ <?php class FreshRSS extends Minz_FrontController { - public function init($currentUser = null) { - Minz_Session::init('FreshRSS'); - $this->accessControl($currentUser); + public function init() { + if (!isset($_SESSION)) { + Minz_Session::init('FreshRSS'); + } + $this->accessControl(Minz_Session::param('currentUser', '')); $this->loadParamsView(); $this->loadStylesAndScripts(); $this->loadNotifications(); } private function accessControl($currentUser) { - if ($currentUser === null) { + if ($currentUser == '') { switch (Minz_Configuration::authType()) { case 'http_auth': $currentUser = httpAuthUser(); $loginOk = $currentUser != ''; break; case 'persona': - $currentUser = Minz_Configuration::defaultUser(); + $currentUser = Minz_Configuration::defaultUser(); //TODO: Make Persona compatible with multi-user $loginOk = Minz_Session::param('mail') != ''; break; case 'none': @@ -24,28 +26,49 @@ class FreshRSS extends Minz_FrontController { $loginOk = true; break; default: + $currentUser = Minz_Configuration::defaultUser(); $loginOk = false; break; } - } elseif ((PHP_SAPI === 'cli') && (Minz_Request::actionName() === 'actualize')) { //Command line - Minz_Configuration::_authType('none'); + } else { $loginOk = true; } - if (!$loginOk || !isValidUser($currentUser)) { - $currentUser = Minz_Configuration::defaultUser(); - $loginOk = false; + if (!ctype_alnum($currentUser)) { + Minz_Session::_param('currentUser', ''); + die('Invalid username [' . $currentUser . ']!'); } - Minz_Configuration::_currentUser($currentUser); - Minz_View::_param ('loginOk', $loginOk); try { $this->conf = new FreshRSS_Configuration($currentUser); } catch (Minz_Exception $e) { - // Permission denied or conf file does not exist - die($e->getMessage()); + Minz_Session::_param('currentUser', ''); + die('Invalid configuration for user [' . $currentUser . ']! ' . $e->getMessage()); //Permission denied or conf file does not exist } Minz_View::_param ('conf', $this->conf); + Minz_Session::_param('currentUser', $currentUser); + + if ($loginOk) { + switch (Minz_Configuration::authType()) { + case 'http_auth': + $loginOk = $currentUser === httpAuthUser(); + break; + case 'persona': + $loginOk = Minz_Session::param('mail') === $this->conf->mail_login; + break; + case 'none': + $loginOk = true; + break; + default: + $loginOk = false; + break; + } + if ((!$loginOk) && (PHP_SAPI === 'cli') && (Minz_Request::actionName() === 'actualize')) { //Command line + Minz_Configuration::_authType('none'); + $loginOk = true; + } + } + Minz_View::_param ('loginOk', $loginOk); } private function loadParamsView () { diff --git a/app/Models/LogDAO.php b/app/Models/LogDAO.php index 6205468bd..d1e515200 100644 --- a/app/Models/LogDAO.php +++ b/app/Models/LogDAO.php @@ -1,9 +1,9 @@ <?php class FreshRSS_LogDAO { - public static function lines($user) { + public static function lines() { $logs = array (); - $handle = @fopen(LOG_PATH . '/' . $user . '.log', 'r'); + $handle = @fopen(LOG_PATH . '/' . Minz_Session::param('currentUser', '_') . '.log', 'r'); if ($handle) { while (($line = fgets($handle)) !== false) { if (preg_match ('/^\[([^\[]+)\] \[([^\[]+)\] --- (.*)$/', $line, $matches)) { @@ -18,4 +18,8 @@ class FreshRSS_LogDAO { } return array_reverse($logs); } + + public static function truncate() { + file_put_contents(LOG_PATH . '/' . Minz_Session::param('currentUser', '_') . '.log', ''); + } } diff --git a/app/actualize_script.php b/app/actualize_script.php index e0c560ff7..efe21fab6 100755 --- a/app/actualize_script.php +++ b/app/actualize_script.php @@ -10,13 +10,17 @@ $_SERVER['HTTP_HOST'] = ''; require(LIB_PATH . '/lib_rss.php'); //Includes class autoloader -$front_controller = new FreshRSS (); +$freshRSS = new FreshRSS (); $users = listUsers(); shuffle($users); foreach ($users as $user) { - $front_controller->init($user); - $front_controller->run(); - invalidateHttpCache($user); + Minz_Session::init('FreshRSS'); + Minz_Session::_param('currentUser', $user); + $freshRSS->init(); + $freshRSS->run(); + //invalidateHttpCache(); + touch(LOG_PATH . '/' . $user . '.log'); + Minz_Session::unset_session(true); } diff --git a/app/views/configure/users.phtml b/app/views/configure/users.phtml index db57448f6..cb6579a6b 100644 --- a/app/views/configure/users.phtml +++ b/app/views/configure/users.phtml @@ -9,10 +9,10 @@ <div class="form-group"> <label class="group-name" for="current_user"><?php echo Minz_Translate::t('current_user'); ?></label> <div class="group-controls"> - <input id="current_user" type="text" disabled="disabled" value="<?php echo Minz_Configuration::currentUser(); ?>" /> + <input id="current_user" type="text" disabled="disabled" value="<?php echo Minz_Session::param('currentUser', '_'); ?>" /> <code>$_SERVER['REMOTE_USER'] = <?php echo httpAuthUser(); ?></code> <label class="checkbox" for="is_admin"> - <input type="checkbox" id="is_admin" disabled="disabled"<?php echo Minz_Configuration::isAdmin() ? ' checked="checked"' : ''; ?> /> + <input type="checkbox" id="is_admin" disabled="disabled"<?php echo Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_')) ? ' checked="checked"' : ''; ?> /> <?php echo Minz_Translate::t('is_admin'); ?> </label> </div> @@ -34,7 +34,7 @@ </div> </div> - <?php if (Minz_Configuration::isAdmin()) { ?> + <?php if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) { ?> <legend><?php echo Minz_Translate::t('users'); ?></legend> diff --git a/lib/Minz/Configuration.php b/lib/Minz/Configuration.php index e6d7ae471..1513af6d0 100644 --- a/lib/Minz/Configuration.php +++ b/lib/Minz/Configuration.php @@ -51,7 +51,6 @@ class Minz_Configuration { private static $cache_enabled = false; private static $delay_cache = 3600; private static $default_user = ''; - private static $current_user = ''; private static $allow_anonymous = false; private static $auth_type = 'none'; @@ -95,11 +94,8 @@ class Minz_Configuration { public static function defaultUser () { return self::$default_user; } - public static function currentUser () { - return self::$current_user; - } - public static function isAdmin () { - return self::$current_user === self::$default_user; + public static function isAdmin($currentUser) { + return $currentUser === self::$default_user; } public static function allowAnonymous() { return self::$allow_anonymous; @@ -127,10 +123,6 @@ class Minz_Configuration { break; } } - public static function _currentUser($user) { - self::$current_user = $user; - } - /** * Initialise les variables de configuration @@ -255,7 +247,6 @@ class Minz_Configuration { } if (isset ($general['default_user'])) { self::$default_user = $general['default_user']; - self::$current_user = self::$default_user; } if (isset ($general['allow_anonymous'])) { self::$allow_anonymous = ((bool)($general['allow_anonymous'])) && ($general['allow_anonymous'] !== 'no'); diff --git a/lib/Minz/Log.php b/lib/Minz/Log.php index 968301c81..e710aad4a 100644 --- a/lib/Minz/Log.php +++ b/lib/Minz/Log.php @@ -37,7 +37,7 @@ class Minz_Log { || ($env === Minz_Configuration::PRODUCTION && ($level >= Minz_Log::NOTICE)))) { if ($file_name === null) { - $file_name = LOG_PATH . '/' . Minz_Configuration::currentUser() . '.log'; + $file_name = LOG_PATH . '/' . Minz_Session::param('currentUser', '_') . '.log'; } switch ($level) { diff --git a/lib/Minz/ModelPdo.php b/lib/Minz/ModelPdo.php index 9655539b2..1ea68e104 100644 --- a/lib/Minz/ModelPdo.php +++ b/lib/Minz/ModelPdo.php @@ -60,8 +60,7 @@ class Minz_ModelPdo { ); self::$sharedBd = $this->bd; - $userPrefix = Minz_Configuration::currentUser (); - $this->prefix = $db['prefix'] . (empty($userPrefix) ? '' : ($userPrefix . '_')); + $this->prefix = $db['prefix'] . Minz_Session::param('currentUser', '_') . '_'; self::$sharedPrefix = $this->prefix; } catch (Exception $e) { throw new Minz_PDOConnectionException ( diff --git a/lib/Minz/Session.php b/lib/Minz/Session.php index 6e45fd226..3f6ed88a3 100644 --- a/lib/Minz/Session.php +++ b/lib/Minz/Session.php @@ -8,7 +8,7 @@ class Minz_Session { /** * $session stocke les variables de session */ - private static $session = array (); + private static $session = array (); //TODO: Try to avoid having another local copy /** * Initialise la session, avec un nom @@ -33,13 +33,7 @@ class Minz_Session { * @return la valeur de la variable de session, false si n'existe pas */ public static function param ($p, $default = false) { - if (isset (self::$session[$p])) { - $return = self::$session[$p]; - } else { - $return = $default; - } - - return $return; + return isset(self::$session[$p]) ? self::$session[$p] : $default; } diff --git a/lib/lib_rss.php b/lib/lib_rss.php index b266fa5c7..7489f2bf5 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -163,8 +163,9 @@ function uSecString() { return str_pad($t['usec'], 6, '0'); } -function invalidateHttpCache($currentUser = '') { //TODO: Make multi-user compatible - file_put_contents(DATA_PATH . '/touch.txt', uTimeString()); +function invalidateHttpCache() { + //touch(LOG_PATH . '/' . Minz_Session::param('currentUser', '_') . '.log'); + Minz_Session::_param('touch', uTimeString()); } function usernameFromPath($userPath) { @@ -175,10 +176,6 @@ function usernameFromPath($userPath) { } } -function isValidUser($user) { - return $user != '' && ctype_alnum($user) && file_exists(DATA_PATH . '/' . $user . '_user.php'); -} - function listUsers() { return array_map('usernameFromPath', glob(DATA_PATH . '/*_user.php')); } diff --git a/p/i/index.php b/p/i/index.php index 8d9343a30..3dcf659c9 100755 --- a/p/i/index.php +++ b/p/i/index.php @@ -22,22 +22,23 @@ if (file_exists ('install.php')) { require('install.php'); } else { require('../../constants.php'); + require(LIB_PATH . '/lib_rss.php'); //Includes class autoloader session_cache_limiter(''); + Minz_Session::init('FreshRSS'); + if (!file_exists(DATA_PATH . '/no-cache.txt')) { - require (LIB_PATH . '/http-conditional.php'); - $dateLastModification = max( - @filemtime(DATA_PATH . '/touch.txt'), + require(LIB_PATH . '/http-conditional.php'); + $currentUser = Minz_Session::param('currentUser', ''); + $dateLastModification = $currentUser === '' ? time() : max( + @filemtime(LOG_PATH . '/' . $currentUser . '.log'), @filemtime(DATA_PATH . '/config.php') ); - $_SERVER['QUERY_STRING'] .= '&utime=' . file_get_contents(DATA_PATH . '/touch.txt'); //For ETag if (httpConditional($dateLastModification, 0, 0, false, false, true)) { exit(); //No need to send anything } } - require(LIB_PATH . '/lib_rss.php'); //Includes class autoloader - try { $front_controller = new FreshRSS(); $front_controller->init (); |