6 files changed, 33 insertions, 195 deletions

diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php
index f58b008de..9decba431 100644
--- a/app/Controllers/authController.php
+++ b/app/Controllers/authController.php
@@ -70,7 +70,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
 	/**
 	 * This action handles the login page.
 	 *
-	 * It forwards to the correct login page (form or Persona) or main page if
+	 * It forwards to the correct login page (form) or main page if
 	 * the user is already connected.
 	 */
 	public function loginAction() {
@@ -83,9 +83,6 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
 		case 'form':
 			Minz_Request::forward(array('c' => 'auth', 'a' => 'formLogin'));
 			break;
-		case 'persona':
-			Minz_Request::forward(array('c' => 'auth', 'a' => 'personaLogin'));
-			break;
 		case 'http_auth':
 		case 'none':
 			// It should not happened!
@@ -189,81 +186,6 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
 	}
 
 	/**
-	 * This action handles Persona login page.
-	 *
-	 * If this action is reached through a POST request, assertion from Persona
-	 * is verificated and user connected if all is ok.
-	 *
-	 * Parameter is:
-	 *   - assertion (default: false)
-	 *
-	 * @todo: Persona system should be moved to a plugin
-	 */
-	public function personaLoginAction() {
-		$this->view->res = false;
-
-		if (Minz_Request::isPost()) {
-			$this->view->_useLayout(false);
-
-			$assert = Minz_Request::param('assertion');
-			$url = 'https://verifier.login.persona.org/verify';
-			$params = 'assertion=' . $assert . '&audience=' .
-			          urlencode(Minz_Url::display(null, 'php', true));
-			$ch = curl_init();
-			$options = array(
-				CURLOPT_URL => $url,
-				CURLOPT_RETURNTRANSFER => TRUE,
-				CURLOPT_POST => 2,
-				CURLOPT_POSTFIELDS => $params
-			);
-			curl_setopt_array($ch, $options);
-			$result = curl_exec($ch);
-			curl_close($ch);
-
-			$res = json_decode($result, true);
-
-			$login_ok = false;
-			$reason = '';
-			if ($res['status'] === 'okay') {
-				$email = filter_var($res['email'], FILTER_VALIDATE_EMAIL);
-				if ($email != '') {
-					$persona_file = DATA_PATH . '/persona/' . $email . '.txt';
-					if (($current_user = @file_get_contents($persona_file)) !== false) {
-						$current_user = trim($current_user);
-						$conf = get_user_configuration($current_user);
-						if (!is_null($conf)) {
-							$login_ok = strcasecmp($email, $conf->mail_login) === 0;
-						} else {
-							$reason = 'Invalid configuration for user ' .
-							          '[' . $current_user . ']';
-						}
-					}
-				} else {
-					$reason = 'Invalid email format [' . $res['email'] . ']';
-				}
-			} else {
-				$reason = $res['reason'];
-			}
-
-			if ($login_ok) {
-				Minz_Session::_param('currentUser', $current_user);
-				Minz_Session::_param('mail', $email);
-				FreshRSS_Auth::giveAccess();
-				invalidateHttpCache();
-			} else {
-				Minz_Log::warning($reason);
-
-				$res = array();
-				$res['status'] = 'failure';
-				$res['reason'] = _t('feedback.auth.login.invalid');
-			}
-
-			header('Content-Type: application/json; charset=UTF-8');
-			$this->view->res = $res;
-		}
-	}
-
-	/**
 	 * This action removes all accesses of the current user.
 	 */
 	public function logoutAction() {
@@ -274,78 +196,6 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
 	}
 
 	/**
-	 * This action resets the authentication system.
-	 *
-	 * After reseting, form auth is set by default.
-	 */
-	public function resetAction() {
-		Minz_View::prependTitle(_t('admin.auth.title_reset') . ' · ');
-
-		Minz_View::appendScript(Minz_Url::display(
-			'/scripts/bcrypt.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/bcrypt.min.js')
-		));
-
-		$this->view->no_form = false;
-		// Enable changement of auth only if Persona!
-		if (FreshRSS_Context::$system_conf->auth_type != 'persona') {
-			$this->view->message = array(
-				'status' => 'bad',
-				'title' => _t('gen.short.damn'),
-				'body' => _t('feedback.auth.not_persona')
-			);
-			$this->view->no_form = true;
-			return;
-		}
-
-		$conf = get_user_configuration(FreshRSS_Context::$system_conf->default_user);
-		if (is_null($conf)) {
-			return;
-		}
-
-		// Admin user must have set its master password.
-		if (!$conf->passwordHash) {
-			$this->view->message = array(
-				'status' => 'bad',
-				'title' => _t('gen.short.damn'),
-				'body' => _t('feedback.auth.no_password_set')
-			);
-			$this->view->no_form = true;
-			return;
-		}
-
-		invalidateHttpCache();
-
-		if (Minz_Request::isPost()) {
-			$nonce = Minz_Session::param('nonce');
-			$username = Minz_Request::param('username', '');
-			$challenge = Minz_Request::param('challenge', '');
-
-			$ok = FreshRSS_FormAuth::checkCredentials(
-				$username, $conf->passwordHash, $nonce, $challenge
-			);
-
-			if ($ok) {
-				FreshRSS_Context::$system_conf->auth_type = 'form';
-				$ok = FreshRSS_Context::$system_conf->save();
-
-				if ($ok) {
-					Minz_Request::good(_t('feedback.auth.form.set'));
-				} else {
-					Minz_Request::bad(_t('feedback.auth.form.not_set'),
-				                      array('c' => 'auth', 'a' => 'reset'));
-				}
-			} else {
-				Minz_Log::warning('Password mismatch for' .
-				                  ' user=' . $username .
-				                  ', nonce=' . $nonce .
-				                  ', c=' . $challenge);
-				Minz_Request::bad(_t('feedback.auth.login.invalid'),
-				                  array('c' => 'auth', 'a' => 'reset'));
-			}
-		}
-	}
-
-	/**
 	 * This action gives possibility to a user to create an account.
 	 */
 	public function registerAction() {
diff --git a/app/Controllers/configureController.php b/app/Controllers/configureController.php
index d0f0bd68b..147a2fe06 100755
--- a/app/Controllers/configureController.php
+++ b/app/Controllers/configureController.php
@@ -139,7 +139,7 @@ class FreshRSS_configure_Controller extends Minz_ActionController {
 	 */
 	public function sharingAction() {
 		if (Minz_Request::isPost()) {
-			$params = Minz_Request::params();
+			$params = Minz_Request::fetchGET();
 			FreshRSS_Context::$user_conf->sharing = $params['share'];
 			FreshRSS_Context::$user_conf->save();
 			invalidateHttpCache();
@@ -282,7 +282,7 @@ class FreshRSS_configure_Controller extends Minz_ActionController {
 		foreach (FreshRSS_Context::$user_conf->queries as $key => $query) {
 			$queries[$key] = new FreshRSS_UserQuery($query, $feed_dao, $category_dao);
 		}
-		$params = Minz_Request::params();
+		$params = Minz_Request::fetchGET();
 		$params['url'] = Minz_Url::display(array('params' => $params));
 		$params['name'] = _t('conf.query.number', count($queries) + 1);
 		$queries[] = new FreshRSS_UserQuery($params, $feed_dao, $category_dao);
diff --git a/app/Controllers/entryController.php b/app/Controllers/entryController.php
index bff1073ef..c40588105 100755
--- a/app/Controllers/entryController.php
+++ b/app/Controllers/entryController.php
@@ -40,6 +40,17 @@ class FreshRSS_entry_Controller extends Minz_ActionController {
 		$get = Minz_Request::param('get');
 		$next_get = Minz_Request::param('nextGet', $get);
 		$id_max = Minz_Request::param('idMax', 0);
+		FreshRSS_Context::$search = new FreshRSS_Search(Minz_Request::param('search', ''));
+
+		FreshRSS_Context::$state = Minz_Request::param('state', 0);
+		if (FreshRSS_Context::isStateEnabled(FreshRSS_Entry::STATE_FAVORITE)) {
+			FreshRSS_Context::$state = FreshRSS_Entry::STATE_FAVORITE;
+		} elseif (FreshRSS_Context::isStateEnabled(FreshRSS_Entry::STATE_NOT_FAVORITE)) {
+			FreshRSS_Context::$state = FreshRSS_Entry::STATE_NOT_FAVORITE;
+		} else {
+			FreshRSS_Context::$state = 0;
+		}
+
 		$params = array();
 
 		$entryDAO = FreshRSS_Factory::createEntryDao();
@@ -58,16 +69,16 @@ class FreshRSS_entry_Controller extends Minz_ActionController {
 				$get = substr($get, 2);
 				switch($type_get) {
 				case 'c':
-					$entryDAO->markReadCat($get, $id_max);
+					$entryDAO->markReadCat($get, $id_max, FreshRSS_Context::$search, FreshRSS_Context::$state);
 					break;
 				case 'f':
-					$entryDAO->markReadFeed($get, $id_max);
+					$entryDAO->markReadFeed($get, $id_max, FreshRSS_Context::$search, FreshRSS_Context::$state);
 					break;
 				case 's':
-					$entryDAO->markReadEntries($id_max, true);
+					$entryDAO->markReadEntries($id_max, true, 0, FreshRSS_Context::$search);
 					break;
 				case 'a':
-					$entryDAO->markReadEntries($id_max);
+					$entryDAO->markReadEntries($id_max, false, 0, FreshRSS_Context::$search, FreshRSS_Context::$state);
 					break;
 				}
 
diff --git a/app/Controllers/feedController.php b/app/Controllers/feedController.php
index 6a8aa01cf..ffda1450d 100755
--- a/app/Controllers/feedController.php
+++ b/app/Controllers/feedController.php
@@ -200,7 +200,9 @@ class FreshRSS_feed_Controller extends Minz_ActionController {
 				$entryDAO->addEntry($values);
 			}
 			$feedDAO->updateLastUpdate($feed->id());
-			$feedDAO->commit();
+			if ($feedDAO->inTransaction()) {
+				$feedDAO->commit();
+			}
 
 			// Entries are in DB, we redirect to feed configuration page.
 			$url_redirect['params']['id'] = $feed->id();
@@ -364,7 +366,7 @@ class FreshRSS_feed_Controller extends Minz_ActionController {
 								//', old hash ' . $existingHash . ', new hash ' . $entry->hash());
 							//TODO: Make an updated/is_read policy by feed, in addition to the global one.
 							$entry->_isRead(FreshRSS_Context::$user_conf->mark_updated_article_unread ? false : null);	//Change is_read according to policy.
-							if (!$entryDAO->hasTransaction()) {
+							if (!$entryDAO->inTransaction()) {
 								$entryDAO->beginTransaction();
 							}
 							$entryDAO->updateEntry($entry->toArray());
@@ -396,7 +398,7 @@ class FreshRSS_feed_Controller extends Minz_ActionController {
 							$feed->pubSubHubbubError(true);
 						}
 
-						if (!$entryDAO->hasTransaction()) {
+						if (!$entryDAO->inTransaction()) {
 							$entryDAO->beginTransaction();
 						}
 						$entryDAO->addEntry($entry->toArray());
@@ -408,7 +410,7 @@ class FreshRSS_feed_Controller extends Minz_ActionController {
 			if ($feed_history >= 0 && rand(0, 30) === 1) {
 				// TODO: move this function in web cron when available (see entry::purge)
 				// Remove old entries once in 30.
-				if (!$entryDAO->hasTransaction()) {
+				if (!$entryDAO->inTransaction()) {
 					$entryDAO->beginTransaction();
 				}
 
@@ -421,8 +423,8 @@ class FreshRSS_feed_Controller extends Minz_ActionController {
 				}
 			}
 
-			$feedDAO->updateLastUpdate($feed->id(), 0, $entryDAO->hasTransaction());
-			if ($entryDAO->hasTransaction()) {
+			$feedDAO->updateLastUpdate($feed->id(), 0, $entryDAO->inTransaction());
+			if ($entryDAO->inTransaction()) {
 				$entryDAO->commit();
 			}
 
diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php
index 7e626720e..2332d225d 100755
--- a/app/Controllers/indexController.php
+++ b/app/Controllers/indexController.php
@@ -32,9 +32,9 @@ class FreshRSS_index_Controller extends Minz_ActionController {
 			Minz_Error::error(404);
 		}
 
-		$this->view->callbackBeforeContent = function() {
+		$this->view->callbackBeforeContent = function($view) {
 			try {
-				$entries = $this->listEntriesByContext();
+				$entries = FreshRSS_index_Controller::listEntriesByContext();
 
 				$nb_entries = count($entries);
 				if ($nb_entries > FreshRSS_Context::$number) {
@@ -55,15 +55,15 @@ class FreshRSS_index_Controller extends Minz_ActionController {
 					}
 				}
 
-				$this->view->entries = $entries;
+				$view->entries = $entries;
 			} catch (FreshRSS_EntriesGetter_Exception $e) {
 				Minz_Log::notice($e->getMessage());
 				Minz_Error::error(404);
 			}
 
-			$this->view->categories = FreshRSS_Context::$categories;
+			$view->categories = FreshRSS_Context::$categories;
 
-			$this->view->rss_title = FreshRSS_Context::$name . ' | ' . Minz_View::title();
+			$view->rss_title = FreshRSS_Context::$name . ' | ' . Minz_View::title();
 			$title = FreshRSS_Context::$name;
 			if (FreshRSS_Context::$get_unread > 0) {
 				$title = '(' . FreshRSS_Context::$get_unread . ') ' . $title;
@@ -132,7 +132,7 @@ class FreshRSS_index_Controller extends Minz_ActionController {
 		}
 
 		try {
-			$this->view->entries = $this->listEntriesByContext();
+			$this->view->entries = FreshRSS_index_Controller::listEntriesByContext();
 		} catch (FreshRSS_EntriesGetter_Exception $e) {
 			Minz_Log::notice($e->getMessage());
 			Minz_Error::error(404);
@@ -189,7 +189,7 @@ class FreshRSS_index_Controller extends Minz_ActionController {
 	/**
 	 * This method returns a list of entries based on the Context object.
 	 */
-	private function listEntriesByContext() {
+	public static function listEntriesByContext() {
 		$entryDAO = FreshRSS_Factory::createEntryDao();
 
 		$get = FreshRSS_Context::currentGet(true);
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 1c7d621f1..0521bc008 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -64,21 +64,8 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 				FreshRSS_Context::$user_conf->apiPasswordHash = $passwordHash;
 			}
 
-			// TODO: why do we need of hasAccess here?
-			if (FreshRSS_Auth::hasAccess('admin')) {
-				FreshRSS_Context::$user_conf->mail_login = Minz_Request::param('mail_login', '', true);
-			}
-			$email = FreshRSS_Context::$user_conf->mail_login;
-			Minz_Session::_param('mail', $email);
-
 			$ok &= FreshRSS_Context::$user_conf->save();
 
-			if ($email != '') {
-				$personaFile = DATA_PATH . '/persona/' . $email . '.txt';
-				@unlink($personaFile);
-				$ok &= (file_put_contents($personaFile, Minz_Session::param('currentUser', '_')) !== false);
-			}
-
 			if ($ok) {
 				Minz_Request::good(_t('feedback.profile.updated'),
 				                   array('c' => 'user', 'a' => 'profile'));
@@ -119,7 +106,6 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 	 *   - new_user_language
 	 *   - new_user_name
 	 *   - new_user_passwordPlain
-	 *   - new_user_email
 	 *   - r (i.e. a redirection url, optional)
 	 *
 	 * @todo clean up this method. Idea: write a method to init a user with basic information.
@@ -168,22 +154,12 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 				if (empty($passwordHash)) {
 					$passwordHash = '';
 				}
-
-				$new_user_email = filter_var($_POST['new_user_email'], FILTER_VALIDATE_EMAIL);
-				if (empty($new_user_email)) {
-					$new_user_email = '';
-				} else {
-					$personaFile = join_path(DATA_PATH, 'persona', $new_user_email . '.txt');
-					@unlink($personaFile);
-					$ok &= (file_put_contents($personaFile, $new_user_name) !== false);
-				}
 			}
 			if ($ok) {
 				mkdir(join_path(DATA_PATH, 'users', $new_user_name));
 				$config_array = array(
 					'language' => $new_user_language,
 					'passwordHash' => $passwordHash,
-					'mail_login' => $new_user_email,
 				);
 				$ok &= (file_put_contents($configPath, "<?php\n return " . var_export($config_array, true) . ';') !== false);
 			}
@@ -255,7 +231,6 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 				$userDAO = new FreshRSS_UserDAO();
 				$ok &= $userDAO->deleteUser($username);
 				$ok &= recursive_unlink($user_data);
-				//TODO: delete Persona file
 			}
 			if ($ok && $self_deletion) {
 				FreshRSS_Auth::removeAccess();