From ac8bd3d2512dd1bfca43d71ea10202ba9e6a82a6 Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Tue, 21 Jul 2015 15:31:23 +0200
Subject: Add a max_registrations limit

- Allow user to create accounts (not implemented)
- Admin only can set this limit

See https://github.com/FreshRSS/FreshRSS/issues/679
---
 app/Controllers/userController.php | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

(limited to 'app/Controllers/userController.php')

diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index ed01b83c5..1c7745753 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -211,4 +211,28 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 
 		Minz_Request::forward(array('c' => 'user', 'a' => 'manage'), true);
 	}
+
+	/**
+	 * This action updates the max number of registrations.
+	 *
+	 * Request parameter is:
+	 *   - max-registrations (int >= 0)
+	 */
+	public function setRegistrationAction() {
+		if (Minz_Request::isPost() && FreshRSS_Auth::hasAccess('admin')) {
+			$limits = FreshRSS_Context::$system_conf->limits;
+			$limits['max_registrations'] = Minz_Request::param('max-registrations', 1);
+			FreshRSS_Context::$system_conf->limits = $limits;
+			FreshRSS_Context::$system_conf->save();
+
+			invalidateHttpCache();
+
+			Minz_Session::_param('notification', array(
+				'type' => 'good',
+				'content' => _t('feedback.user.set_registration')
+			));
+		}
+
+		Minz_Request::forward(array('c' => 'user', 'a' => 'manage'), true);
+	}
 }
-- 
cgit v1.2.3


From 9fca5c70f33291cacc04e7bdfa01a12c6df3f97c Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Wed, 22 Jul 2015 12:20:00 +0200
Subject: Add some comments

---
 app/Controllers/userController.php | 19 +++++++++++++++++++
 app/views/auth/register.phtml      |  7 +++++++
 2 files changed, 26 insertions(+)

(limited to 'app/Controllers/userController.php')

diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 1c7745753..c198d1328 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -103,6 +103,17 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		$this->view->size_user = $entryDAO->size();
 	}
 
+	/**
+	 * This action creates a new user.
+	 *
+	 * Request parameters are:
+	 *   - new_user_language
+	 *   - new_user_name
+	 *   - new_user_passwordPlain
+	 *   - new_user_email
+	 *
+	 * @todo clean up this method. Idea: write a method to init a user with basic information.
+	 */
 	public function createAction() {
 		if (Minz_Request::isPost() && FreshRSS_Auth::hasAccess('admin')) {
 			$db = FreshRSS_Context::$system_conf->db;
@@ -178,6 +189,14 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		Minz_Request::forward(array('c' => 'user', 'a' => 'manage'), true);
 	}
 
+	/**
+	 * This action delete an existing user.
+	 *
+	 * Request parameter is:
+	 *   - username
+	 *
+	 * @todo clean up this method. Idea: create a User->clean() method.
+	 */
 	public function deleteAction() {
 		if (Minz_Request::isPost() && FreshRSS_Auth::hasAccess('admin')) {
 			$db = FreshRSS_Context::$system_conf->db;
diff --git a/app/views/auth/register.phtml b/app/views/auth/register.phtml
index f67ecc4d9..31ab89d26 100644
--- a/app/views/auth/register.phtml
+++ b/app/views/auth/register.phtml
@@ -1,3 +1,10 @@
+<?php
+    /* TODO list
+     *   - Show help for username and password formats
+     *   - Don't show this page if there is no more free account slots
+     *   - Fix i18n
+    */
+?>
 <div class="prompt">
     <h1><?php echo _t('gen.auth.register'); ?></h1>
 
-- 
cgit v1.2.3


From 02c3546440f961018adc1e2c8e97c16f2aca18fc Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Wed, 22 Jul 2015 13:52:03 +0200
Subject: Registration action is handled and create a user

See https://github.com/FreshRSS/FreshRSS/issues/679
---
 app/Controllers/userController.php | 20 +++++++++++++++++---
 app/views/auth/register.phtml      |  7 +++++++
 lib/lib_rss.php                    | 16 ++++++++++++++++
 3 files changed, 40 insertions(+), 3 deletions(-)

(limited to 'app/Controllers/userController.php')

diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index c198d1328..46f4f434d 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -12,9 +12,14 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 	 * This action is called before every other action in that class. It is
 	 * the common boiler plate for every action. It is triggered by the
 	 * underlying framework.
+	 *
+	 * @todo clean up the access condition.
 	 */
 	public function firstAction() {
-		if (!FreshRSS_Auth::hasAccess()) {
+		if (!FreshRSS_Auth::hasAccess() && !(
+				Minz_Request::actionName() === 'create' &&
+				!max_registrations_reached()
+		)) {
 			Minz_Error::error(403);
 		}
 	}
@@ -111,11 +116,16 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 	 *   - new_user_name
 	 *   - new_user_passwordPlain
 	 *   - new_user_email
+	 *   - r (i.e. a redirection url, optional)
 	 *
 	 * @todo clean up this method. Idea: write a method to init a user with basic information.
+	 * @todo handle r redirection in Minz_Request::forward directly?
 	 */
 	public function createAction() {
-		if (Minz_Request::isPost() && FreshRSS_Auth::hasAccess('admin')) {
+		if (Minz_Request::isPost() && (
+				FreshRSS_Auth::hasAccess('admin') ||
+				!max_registrations_reached()
+		)) {
 			$db = FreshRSS_Context::$system_conf->db;
 			require_once(APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php');
 
@@ -186,7 +196,11 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 			Minz_Session::_param('notification', $notif);
 		}
 
-		Minz_Request::forward(array('c' => 'user', 'a' => 'manage'), true);
+		$redirect_url = urldecode(Minz_Request::param('r', false, true));
+		if (!$redirect_url) {
+			$redirect_url = array('c' => 'user', 'a' => 'manage');
+		}
+		Minz_Request::forward($redirect_url, true);
 	}
 
 	/**
diff --git a/app/views/auth/register.phtml b/app/views/auth/register.phtml
index 31ab89d26..96c91f411 100644
--- a/app/views/auth/register.phtml
+++ b/app/views/auth/register.phtml
@@ -29,6 +29,13 @@
         </div>
 
         <div>
+            <?php
+                $redirect_url = urlencode(Minz_Url::display(
+                    array('c' => 'index', 'a' => 'index'),
+                    'php', true
+                ));
+            ?>
+            <input type="hidden" name="r" value="<?php echo $redirect_url; ?>" />
             <button type="submit" class="btn btn-important"><?php echo _t('gen.action.create'); ?></button>
             <a class="btn" href="<?php echo _url('index', 'index'); ?>"><?php echo _t('gen.action.cancel'); ?></a>
         </div>
diff --git a/lib/lib_rss.php b/lib/lib_rss.php
index 0118e0f46..c99e2c7e8 100644
--- a/lib/lib_rss.php
+++ b/lib/lib_rss.php
@@ -266,6 +266,22 @@ function listUsers() {
 }
 
 
+/**
+ * Return if the maximum number of registrations has been reached.
+ *
+ * Note a max_regstrations of 0 means there is no limit.
+ *
+ * @return true if number of users >= max registrations, false else.
+ */
+function max_registrations_reached() {
+	$system_conf = Minz_Configuration::get('system');
+	$limit_registrations = $system_conf->limits['max_registrations'];
+	$number_accounts = count(listUsers());
+
+	return $limit_registrations > 0 && $number_accounts >= $limit_registrations;
+}
+
+
 /**
  * Register and return the configuration for a given user.
  *
-- 
cgit v1.2.3


From 3a929138b000a45f57b3a6c62d5cfa72b842538c Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Wed, 22 Jul 2015 14:22:26 +0200
Subject: Give possibility to delete its own account

See https://github.com/FreshRSS/FreshRSS/issues/679
---
 app/Controllers/userController.php | 17 ++++++++++++++---
 app/views/user/profile.phtml       | 22 ++++++++++++++++++++++
 2 files changed, 36 insertions(+), 3 deletions(-)

(limited to 'app/Controllers/userController.php')

diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 46f4f434d..cebfcd5ec 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -212,11 +212,15 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 	 * @todo clean up this method. Idea: create a User->clean() method.
 	 */
 	public function deleteAction() {
-		if (Minz_Request::isPost() && FreshRSS_Auth::hasAccess('admin')) {
+		$username = Minz_Request::param('username');
+
+		if (Minz_Request::isPost() && (
+				FreshRSS_Auth::hasAccess('admin') ||
+				Minz_Session::param('currentUser', '_') === $username
+		)) {
 			$db = FreshRSS_Context::$system_conf->db;
 			require_once(APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php');
 
-			$username = Minz_Request::param('username');
 			$ok = ctype_alnum($username);
 			$user_data = join_path(DATA_PATH, 'users', $username);
 
@@ -234,6 +238,9 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 				//TODO: delete Persona file
 			}
 			invalidateHttpCache();
+			if (Minz_Session::param('currentUser', '_') === $username) {
+				FreshRSS_Auth::removeAccess();
+			}
 
 			$notif = array(
 				'type' => $ok ? 'good' : 'bad',
@@ -242,7 +249,11 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 			Minz_Session::_param('notification', $notif);
 		}
 
-		Minz_Request::forward(array('c' => 'user', 'a' => 'manage'), true);
+		$redirect_url = urldecode(Minz_Request::param('r', false, true));
+		if (!$redirect_url) {
+			$redirect_url = array('c' => 'user', 'a' => 'manage');
+		}
+		Minz_Request::forward($redirect_url, true);
 	}
 
 	/**
diff --git a/app/views/user/profile.phtml b/app/views/user/profile.phtml
index c44202edd..11097e546 100644
--- a/app/views/user/profile.phtml
+++ b/app/views/user/profile.phtml
@@ -57,4 +57,26 @@
 			</div>
 		</div>
 	</form>
+
+	<?php if (!FreshRSS_Auth::hasAccess('admin')) { ?>
+	<form method="post" action="<?php echo _url('user', 'delete'); ?>">
+		<legend><?php echo _t('conf.profile.delete'); ?></legend>
+
+		<p class="alert alert-warn"><span class="alert-head"><?php echo _t('gen.short.attention'); ?></span> <?php echo _t('conf.profile.delete.warn'); ?></p>
+
+		<div class="form-group form-actions">
+			<div class="group-controls">
+				<?php
+					$redirect_url = urlencode(Minz_Url::display(
+						array('c' => 'index', 'a' => 'index'),
+						'php', true
+					));
+				?>
+				<input type="hidden" name="r" value="<?php echo $redirect_url; ?>" />
+				<input type="hidden" name="username" value="<?php echo Minz_Session::param('currentUser', '_'); ?>" />
+				<button type="submit" class="btn btn-attention confirm"><?php echo _t('gen.action.remove'); ?></button>
+			</div>
+		</div>
+	</form>
+	<?php } ?>
 </div>
-- 
cgit v1.2.3


From 8751c344f384e19dd2fd2f0b5607ecc2aac58541 Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Wed, 22 Jul 2015 22:58:00 +0200
Subject: Ask password to user before deleting its account

See https://github.com/FreshRSS/FreshRSS/issues/679
---
 app/Controllers/userController.php | 37 +++++++++++++++++++++++++++----------
 app/views/user/profile.phtml       | 21 +++++++++++++++------
 2 files changed, 42 insertions(+), 16 deletions(-)

(limited to 'app/Controllers/userController.php')

diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index cebfcd5ec..428cd145d 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -30,13 +30,17 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 	public function profileAction() {
 		Minz_View::prependTitle(_t('conf.profile.title') . ' · ');
 
+		Minz_View::appendScript(Minz_Url::display(
+			'/scripts/bcrypt.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/bcrypt.min.js')
+		));
+
 		if (Minz_Request::isPost()) {
 			$ok = true;
 
-			$passwordPlain = Minz_Request::param('passwordPlain', '', true);
+			$passwordPlain = Minz_Request::param('newPasswordPlain', '', true);
 			if ($passwordPlain != '') {
-				Minz_Request::_param('passwordPlain');	//Discard plain-text password ASAP
-				$_POST['passwordPlain'] = '';
+				Minz_Request::_param('newPasswordPlain');	//Discard plain-text password ASAP
+				$_POST['newPasswordPlain'] = '';
 				if (!function_exists('password_hash')) {
 					include_once(LIB_PATH . '/password_compat.php');
 				}
@@ -213,10 +217,16 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 	 */
 	public function deleteAction() {
 		$username = Minz_Request::param('username');
+		$redirect_url = urldecode(Minz_Request::param('r', false, true));
+		if (!$redirect_url) {
+			$redirect_url = array('c' => 'user', 'a' => 'manage');
+		}
+
+		$self_deletion = Minz_Session::param('currentUser', '_') === $username;
 
 		if (Minz_Request::isPost() && (
 				FreshRSS_Auth::hasAccess('admin') ||
-				Minz_Session::param('currentUser', '_') === $username
+				$self_deletion
 		)) {
 			$db = FreshRSS_Context::$system_conf->db;
 			require_once(APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php');
@@ -228,6 +238,16 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 				$default_user = FreshRSS_Context::$system_conf->default_user;
 				$ok &= (strcasecmp($username, $default_user) !== 0);	//It is forbidden to delete the default user
 			}
+			if ($ok && $self_deletion) {
+				// We check the password if it's a self-destruction
+				$nonce = Minz_Session::param('nonce');
+				$challenge = Minz_Request::param('challenge', '');
+
+				$ok &= FreshRSS_FormAuth::checkCredentials(
+					$username, FreshRSS_Context::$user_conf->passwordHash,
+					$nonce, $challenge
+				);
+			}
 			if ($ok) {
 				$ok &= is_dir($user_data);
 			}
@@ -237,10 +257,11 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 				$ok &= recursive_unlink($user_data);
 				//TODO: delete Persona file
 			}
-			invalidateHttpCache();
-			if (Minz_Session::param('currentUser', '_') === $username) {
+			if ($ok && $self_deletion) {
 				FreshRSS_Auth::removeAccess();
+				$redirect_url = array('c' => 'index', 'a' => 'index');
 			}
+			invalidateHttpCache();
 
 			$notif = array(
 				'type' => $ok ? 'good' : 'bad',
@@ -249,10 +270,6 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 			Minz_Session::_param('notification', $notif);
 		}
 
-		$redirect_url = urldecode(Minz_Request::param('r', false, true));
-		if (!$redirect_url) {
-			$redirect_url = array('c' => 'user', 'a' => 'manage');
-		}
 		Minz_Request::forward($redirect_url, true);
 	}
 
diff --git a/app/views/user/profile.phtml b/app/views/user/profile.phtml
index 11097e546..7ae2c7ede 100644
--- a/app/views/user/profile.phtml
+++ b/app/views/user/profile.phtml
@@ -18,11 +18,11 @@
 		</div>
 
 		<div class="form-group">
-			<label class="group-name" for="passwordPlain"><?php echo _t('conf.profile.password_form'); ?></label>
+			<label class="group-name" for="newPasswordPlain"><?php echo _t('conf.profile.password_form'); ?></label>
 			<div class="group-controls">
 				<div class="stick">
-					<input type="password" id="passwordPlain" name="passwordPlain" autocomplete="off" pattern=".{7,}" <?php echo cryptAvailable() ? '' : 'disabled="disabled" '; ?>/>
-					<a class="btn toggle-password" data-toggle="passwordPlain"><?php echo _i('key'); ?></a>
+					<input type="password" id="newPasswordPlain" name="newPasswordPlain" autocomplete="off" pattern=".{7,}" <?php echo cryptAvailable() ? '' : 'disabled="disabled" '; ?>/>
+					<a class="btn toggle-password" data-toggle="newPasswordPlain"><?php echo _i('key'); ?></a>
 				</div>
 				<?php echo _i('help'); ?> <?php echo _t('conf.profile.password_format'); ?>
 				<noscript><b><?php echo _t('gen.js.should_be_activated'); ?></b></noscript>
@@ -59,21 +59,30 @@
 	</form>
 
 	<?php if (!FreshRSS_Auth::hasAccess('admin')) { ?>
-	<form method="post" action="<?php echo _url('user', 'delete'); ?>">
+	<form id="crypto-form" method="post" action="<?php echo _url('user', 'delete'); ?>">
 		<legend><?php echo _t('conf.profile.delete'); ?></legend>
 
 		<p class="alert alert-warn"><span class="alert-head"><?php echo _t('gen.short.attention'); ?></span> <?php echo _t('conf.profile.delete.warn'); ?></p>
 
+		<div class="form-group">
+			<label class="group-name" for="passwordPlain"><?php echo _t('gen.auth.password'); ?></label>
+			<div class="group-controls">
+					<input type="password" id="passwordPlain" required="required" />
+					<input type="hidden" id="challenge" name="challenge" /><br />
+					<noscript><strong><?php echo _t('gen.js.should_be_activated'); ?></strong></noscript>
+			</div>
+		</div>
+
 		<div class="form-group form-actions">
 			<div class="group-controls">
 				<?php
 					$redirect_url = urlencode(Minz_Url::display(
-						array('c' => 'index', 'a' => 'index'),
+						array('c' => 'user', 'a' => 'profile'),
 						'php', true
 					));
 				?>
 				<input type="hidden" name="r" value="<?php echo $redirect_url; ?>" />
-				<input type="hidden" name="username" value="<?php echo Minz_Session::param('currentUser', '_'); ?>" />
+				<input type="hidden" name="username" id="username" value="<?php echo Minz_Session::param('currentUser', '_'); ?>" />
 				<button type="submit" class="btn btn-attention confirm"><?php echo _t('gen.action.remove'); ?></button>
 			</div>
 		</div>
-- 
cgit v1.2.3


From 269c6b88c4486a0ae1a92df65578ee6ab6f0bbca Mon Sep 17 00:00:00 2001
From: Alexis Degrugillier <github@ainw.org>
Date: Sat, 22 Aug 2015 09:33:58 -0400
Subject: Add a system configuration page

It allows to modify system configuration from the interface. At the moment, only limits are modifiable. The user limit was removed from the user page and added here along with categories and feeds limits.
---
 app/Controllers/configureController.php | 33 +++++++++++++++++++++++
 app/Controllers/userController.php      | 24 -----------------
 app/i18n/cz/admin.php                   | 14 ++++++----
 app/i18n/cz/feedback.php                |  1 -
 app/i18n/cz/gen.php                     |  1 +
 app/i18n/de/admin.php                   | 14 ++++++----
 app/i18n/de/feedback.php                |  1 -
 app/i18n/de/gen.php                     |  1 +
 app/i18n/en/admin.php                   | 14 ++++++----
 app/i18n/en/feedback.php                |  1 -
 app/i18n/en/gen.php                     |  1 +
 app/i18n/fr/admin.php                   | 14 ++++++----
 app/i18n/fr/feedback.php                |  1 -
 app/i18n/fr/gen.php                     |  1 +
 app/layout/aside_configure.phtml        |  3 +++
 app/layout/header.phtml                 |  1 +
 app/views/configure/system.phtml        | 47 +++++++++++++++++++++++++++++++++
 app/views/user/manage.phtml             | 28 --------------------
 18 files changed, 124 insertions(+), 76 deletions(-)
 create mode 100644 app/views/configure/system.phtml

(limited to 'app/Controllers/userController.php')

diff --git a/app/Controllers/configureController.php b/app/Controllers/configureController.php
index 248a3edcc..7a4d0ecd7 100755
--- a/app/Controllers/configureController.php
+++ b/app/Controllers/configureController.php
@@ -293,4 +293,37 @@ class FreshRSS_configure_Controller extends Minz_ActionController {
 		Minz_Request::good(_t('feedback.conf.query_created', $query['name']),
 		                   array('c' => 'configure', 'a' => 'queries'));
 	}
+
+	/**
+	 * This action handles the system configuration page.
+	 *
+	 * It displays the system configuration page.
+	 * If this action is reach through a POST request, it stores all new
+	 * configuration values then sends a notification to the user.
+	 *
+	 * The options available on the page are:
+	 *   - user limit (default: 1)
+	 *   - user category limit (default: 16384)
+	 *   - user feed limit (default: 16384)
+	 */
+	public function systemAction() {
+		if (!FreshRSS_Auth::hasAccess('admin')) {
+			Minz_Error::error(403);
+		}
+		if (Minz_Request::isPost()) {
+			$limits = FreshRSS_Context::$system_conf->limits;
+			$limits['max_registrations'] = Minz_Request::param('max-registrations', 1);
+			$limits['max_feeds'] = Minz_Request::param('max-feeds', 16384);
+			$limits['max_categories'] = Minz_Request::param('max-categories', 16384);
+			FreshRSS_Context::$system_conf->limits = $limits;
+			FreshRSS_Context::$system_conf->save();
+
+			invalidateHttpCache();
+
+			Minz_Session::_param('notification', array(
+				'type' => 'good',
+				'content' => _t('feedback.conf.updated')
+			));
+		}
+	}
 }
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 428cd145d..1c7d621f1 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -272,28 +272,4 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 
 		Minz_Request::forward($redirect_url, true);
 	}
-
-	/**
-	 * This action updates the max number of registrations.
-	 *
-	 * Request parameter is:
-	 *   - max-registrations (int >= 0)
-	 */
-	public function setRegistrationAction() {
-		if (Minz_Request::isPost() && FreshRSS_Auth::hasAccess('admin')) {
-			$limits = FreshRSS_Context::$system_conf->limits;
-			$limits['max_registrations'] = Minz_Request::param('max-registrations', 1);
-			FreshRSS_Context::$system_conf->limits = $limits;
-			FreshRSS_Context::$system_conf->save();
-
-			invalidateHttpCache();
-
-			Minz_Session::_param('notification', array(
-				'type' => 'good',
-				'content' => _t('feedback.user.set_registration')
-			));
-		}
-
-		Minz_Request::forward(array('c' => 'user', 'a' => 'manage'), true);
-	}
 }
diff --git a/app/i18n/cz/admin.php b/app/i18n/cz/admin.php
index 4ca56cc37..92c300709 100644
--- a/app/i18n/cz/admin.php
+++ b/app/i18n/cz/admin.php
@@ -146,6 +146,15 @@ return array(
 		'title' => 'Statistika',
 		'top_feed' => 'Top ten kanálů',
 	),
+	'system' => array(
+		'_' => 'System configuration',
+		'max-categories' => 'Categories per user limit',
+		'max-feeds' => 'Feeds per user limit',
+		'registration' => array(
+			'help' => '0 znamená žádná omezení účtu',
+			'number' => 'Maximální počet účtů',
+		),
+	),
 	'update' => array(
 		'_' => 'Aktualizace systému',
 		'apply' => 'Použít',
@@ -164,11 +173,6 @@ return array(
 		'numbers' => 'Zatím je vytvořeno %d účtů',
 		'password_form' => 'Heslo<br /><small>(pro přihlášení webovým formulářem)</small>',
 		'password_format' => 'Alespoň 7 znaků',
-		'registration' => array(
-			'allow' => 'Povolit vytváření účtů',
-			'help' => '0 znamená žádná omezení účtu',
-			'number' => 'Maximální počet účtů',
-		),
 		'title' => 'Správa uživatelů',
 		'user_list' => 'Seznam uživatelů',
 		'username' => 'Přihlašovací jméno',
diff --git a/app/i18n/cz/feedback.php b/app/i18n/cz/feedback.php
index 5ba64b938..b75a4a15a 100644
--- a/app/i18n/cz/feedback.php
+++ b/app/i18n/cz/feedback.php
@@ -102,7 +102,6 @@ return array(
 			'_' => 'Uživatel %s byl smazán',
 			'error' => 'Uživatele %s nelze smazat',
 		),
-		'set_registration' => 'Maximální počet účtů byl změněn',
 	),
 	'profile' => array(
 		'error' => 'Váš profil nelze změnit',
diff --git a/app/i18n/cz/gen.php b/app/i18n/cz/gen.php
index 138def772..436e4f0c2 100644
--- a/app/i18n/cz/gen.php
+++ b/app/i18n/cz/gen.php
@@ -137,6 +137,7 @@ return array(
 		'sharing' => 'Sdílení',
 		'shortcuts' => 'Zkratky',
 		'stats' => 'Statistika',
+		'system' => 'System configuration',
 		'update' => 'Aktualizace',
 		'user_management' => 'Správa uživatelů',
 		'user_profile' => 'Profil',
diff --git a/app/i18n/de/admin.php b/app/i18n/de/admin.php
index 68dcc2ebf..365f065af 100644
--- a/app/i18n/de/admin.php
+++ b/app/i18n/de/admin.php
@@ -146,6 +146,15 @@ return array(
 		'title' => 'Statistiken',
 		'top_feed' => 'Top 10-Feeds',
 	),
+	'system' => array(
+		'_' => 'System configuration',
+		'max-categories' => 'Categories per user limit',
+		'max-feeds' => 'Feeds per user limit',
+		'registration' => array(
+			'help' => '0 meint, dass es kein Account Limit gibt',
+			'number' => 'Maximale Anzahl von Accounts',
+		),
+	),
 	'update' => array(
 		'_' => 'System aktualisieren',
 		'apply' => 'Anwenden',
@@ -164,11 +173,6 @@ return array(
 		'numbers' => 'Es wurden bis jetzt %d Accounts erstellt',
 		'password_form' => 'Passwort<br /><small>(für die Anmeldemethode per Webformular)</small>',
 		'password_format' => 'mindestens 7 Zeichen',
-		'registration' => array(
-			'allow' => 'Erlaube die Accounterstellung',
-			'help' => '0 meint, dass es kein Account Limit gibt',
-			'number' => 'Maximale Anzahl von Accounts',
-		),
 		'title' => 'Benutzer verwalten',
 		'user_list' => 'Liste der Benutzer',
 		'username' => 'Nutzername',
diff --git a/app/i18n/de/feedback.php b/app/i18n/de/feedback.php
index e92dacfe9..4c15aadc3 100644
--- a/app/i18n/de/feedback.php
+++ b/app/i18n/de/feedback.php
@@ -102,7 +102,6 @@ return array(
 			'_' => 'Der Benutzer %s ist gelöscht worden',
 			'error' => 'Der Benutzer %s kann nicht gelöscht werden',
 		),
-		'set_registration' => 'Die maximale Anzahl von Accounts wurde aktualisiert.',
 	),
 	'profile' => array(
 		'error' => 'Ihr Profil kann nicht geändert werden',
diff --git a/app/i18n/de/gen.php b/app/i18n/de/gen.php
index de2d846c5..f3450abc0 100644
--- a/app/i18n/de/gen.php
+++ b/app/i18n/de/gen.php
@@ -137,6 +137,7 @@ return array(
 		'sharing' => 'Teilen',
 		'shortcuts' => 'Tastaturkürzel',
 		'stats' => 'Statistiken',
+		'system' => 'System configuration',
 		'update' => 'Aktualisieren',
 		'user_management' => 'Benutzer verwalten',
 		'user_profile' => 'Profil',
diff --git a/app/i18n/en/admin.php b/app/i18n/en/admin.php
index aeea61631..ad9038203 100644
--- a/app/i18n/en/admin.php
+++ b/app/i18n/en/admin.php
@@ -146,6 +146,15 @@ return array(
 		'title' => 'Statistics',
 		'top_feed' => 'Top ten feeds',
 	),
+	'system' => array(
+		'_' => 'System configuration',
+		'max-categories' => 'Categories per user limit',
+		'max-feeds' => 'Feeds per user limit',
+		'registration' => array(
+			'help' => '0 means that there is no account limit',
+			'number' => 'Max number of accounts',
+		),
+	),
 	'update' => array(
 		'_' => 'Update system',
 		'apply' => 'Apply',
@@ -164,11 +173,6 @@ return array(
 		'numbers' => 'There are %d accounts created yet',
 		'password_form' => 'Password<br /><small>(for the Web-form login method)</small>',
 		'password_format' => 'At least 7 characters',
-		'registration' => array(
-			'allow' => 'Allow account creation',
-			'help' => '0 means that there is no account limit',
-			'number' => 'Max number of accounts',
-		),
 		'title' => 'Manage users',
 		'user_list' => 'List of users',
 		'username' => 'Username',
diff --git a/app/i18n/en/feedback.php b/app/i18n/en/feedback.php
index c9f73dc1d..c9189c0d0 100644
--- a/app/i18n/en/feedback.php
+++ b/app/i18n/en/feedback.php
@@ -102,7 +102,6 @@ return array(
 			'_' => 'User %s has been deleted',
 			'error' => 'User %s cannot be deleted',
 		),
-		'set_registration' => 'The maximum amount of accounts has been updated.',
 	),
 	'profile' => array(
 		'error' => 'Your profile cannot be modified',
diff --git a/app/i18n/en/gen.php b/app/i18n/en/gen.php
index 1feb8d6ac..9aef45768 100644
--- a/app/i18n/en/gen.php
+++ b/app/i18n/en/gen.php
@@ -137,6 +137,7 @@ return array(
 		'sharing' => 'Sharing',
 		'shortcuts' => 'Shortcuts',
 		'stats' => 'Statistics',
+		'system' => 'System configuration',
 		'update' => 'Update',
 		'user_management' => 'Manage users',
 		'user_profile' => 'Profile',
diff --git a/app/i18n/fr/admin.php b/app/i18n/fr/admin.php
index 01e0cb3c7..44e013c2f 100644
--- a/app/i18n/fr/admin.php
+++ b/app/i18n/fr/admin.php
@@ -146,6 +146,15 @@ return array(
 		'title' => 'Statistiques',
 		'top_feed' => 'Les dix plus gros flux',
 	),
+	'system' => array(
+		'_' => 'Configuration du système',
+		'max-categories' => 'Limite de catégories par utilisateur',
+		'max-feeds' => 'Limite de flux par utilisateur',
+		'registration' => array(
+			'help' => 'Un chiffre de 0 signifie que l’on peut créer un nombre infini de comptes',
+			'number' => 'Nombre max de comptes',
+		),
+	),
 	'update' => array(
 		'_' => 'Système de mise à jour',
 		'apply' => 'Appliquer la mise à jour',
@@ -164,11 +173,6 @@ return array(
 		'numbers' => '%d comptes ont déjà été créés',
 		'password_form' => 'Mot de passe<br /><small>(pour connexion par formulaire)</small>',
 		'password_format' => '7 caractères minimum',
-		'registration' => array(
-			'allow' => 'Autoriser la création de comptes',
-			'help' => 'Un chiffre de 0 signifie que l’on peut créer un nombre infini de comptes',
-			'number' => 'Nombre max de comptes',
-		),
 		'title' => 'Gestion des utilisateurs',
 		'user_list' => 'Liste des utilisateurs',
 		'username' => 'Nom d’utilisateur',
diff --git a/app/i18n/fr/feedback.php b/app/i18n/fr/feedback.php
index 99c193d28..e2364a251 100644
--- a/app/i18n/fr/feedback.php
+++ b/app/i18n/fr/feedback.php
@@ -102,7 +102,6 @@ return array(
 			'_' => 'L’utilisateur %s a été supprimé.',
 			'error' => 'L’utilisateur %s ne peut pas être supprimé.',
 		),
-		'set_registration' => 'Le nombre maximal de comptes a été mis à jour.',
 	),
 	'profile' => array(
 		'error' => 'Votre profil n’a pas pu être mis à jour',
diff --git a/app/i18n/fr/gen.php b/app/i18n/fr/gen.php
index 67d278be4..9df5b6f05 100644
--- a/app/i18n/fr/gen.php
+++ b/app/i18n/fr/gen.php
@@ -137,6 +137,7 @@ return array(
 		'sharing' => 'Partage',
 		'shortcuts' => 'Raccourcis',
 		'stats' => 'Statistiques',
+		'system' => 'Configuration du système',
 		'update' => 'Mise à jour',
 		'user_management' => 'Gestion des utilisateurs',
 		'user_profile' => 'Profil',
diff --git a/app/layout/aside_configure.phtml b/app/layout/aside_configure.phtml
index 7567a8206..d956ec21f 100644
--- a/app/layout/aside_configure.phtml
+++ b/app/layout/aside_configure.phtml
@@ -27,6 +27,9 @@
 	</li>
 	<?php if (FreshRSS_Auth::hasAccess('admin')) { ?>
 	<li class="nav-header"><?php echo _t('gen.menu.admin'); ?></li>
+	<li class="item<?php echo Minz_Request::actionName() === 'system' ? ' active' : ''; ?>">
+		<a href="<?php echo _url('configure', 'system')?>"><?php echo _t('gen.menu.system'); ?></a>
+	</li>
 	<li class="item<?php echo Minz_Request::controllerName() === 'user' &&
 	                          Minz_Request::actionName() === 'manage' ? ' active' : ''; ?>">
 		<a href="<?php echo _url('user', 'manage'); ?>"><?php echo _t('gen.menu.user_management'); ?></a>
diff --git a/app/layout/header.phtml b/app/layout/header.phtml
index 41a63a565..238c664b0 100644
--- a/app/layout/header.phtml
+++ b/app/layout/header.phtml
@@ -67,6 +67,7 @@ if (FreshRSS_Auth::accessNeedsAction()) {
 				<?php if (FreshRSS_Auth::hasAccess('admin')) { ?>
 				<li class="separator"></li>
 				<li class="dropdown-header"><?php echo _t('gen.menu.admin'); ?></li>
+				<li class="item"><a href="<?php echo _url('configure', 'system'); ?>"><?php echo _t('gen.menu.system'); ?></a></li>
 				<li class="item"><a href="<?php echo _url('user', 'manage'); ?>"><?php echo _t('gen.menu.user_management'); ?></a></li>
 				<li class="item"><a href="<?php echo _url('auth', 'index'); ?>"><?php echo _t('gen.menu.authentication'); ?></a></li>
 				<li class="item"><a href="<?php echo _url('update', 'checkInstall'); ?>"><?php echo _t('gen.menu.check_install'); ?></a></li>
diff --git a/app/views/configure/system.phtml b/app/views/configure/system.phtml
new file mode 100644
index 000000000..cbedc511b
--- /dev/null
+++ b/app/views/configure/system.phtml
@@ -0,0 +1,47 @@
+<?php $this->partial('aside_configure'); ?>
+
+<div class="post">
+	<a href="<?php echo _url('index', 'index'); ?>"><?php echo _t('gen.action.back_to_rss_feeds'); ?></a>
+
+	<form method="post" action="<?php echo _url('configure', 'system'); ?>">
+		<legend><?php echo _t('admin.system'); ?></legend>
+
+		<div class="form-group">
+			<label class="group-name" for="max-registrations"><?php echo _t('admin.system.registration.number'); ?></label>
+			<div class="group-controls">
+				<input type="number" id="max-registrations" name="max-registrations" value="<?php echo FreshRSS_Context::$system_conf->limits['max_registrations']; ?>" min="0" data-leave-validation="<?php echo FreshRSS_Context::$system_conf->limits['max_registrations']; ?>"/>
+				<?php echo _i('help'); ?> <?php echo _t('admin.system.registration.help'); ?>
+			</div>
+		</div>
+
+		<div class="form-group">
+			<div class="group-controls">
+				<?php
+					$number = count(listUsers());
+					echo _t($number > 1 ? 'admin.user.numbers' : 'admin.user.number', $number);
+				?>
+			</div>
+		</div>
+
+		<div class="form-group">
+			<label class="group-name" for="max-feeds"><?php echo _t('admin.system.max-feeds'); ?></label>
+			<div class="group-controls">
+			    <input type="number" id="max-feeds" name="max-feeds" value="<?php echo FreshRSS_Context::$system_conf->limits['max_feeds']; ?>" min="1" data-leave-validation="<?php echo FreshRSS_Context::$system_conf->limits['max_feeds']; ?>"/>
+			</div>
+		</div>
+
+		<div class="form-group">
+			<label class="group-name" for="max-categories"><?php echo _t('admin.system.max-categories'); ?></label>
+			<div class="group-controls">
+			    <input type="number" id="max-categories" name="max-categories" value="<?php echo FreshRSS_Context::$system_conf->limits['max_categories']; ?>" min="1" data-leave-validation="<?php echo FreshRSS_Context::$system_conf->limits['max_categories']; ?>"/>
+			</div>
+		</div>
+
+		<div class="form-group form-actions">
+			<div class="group-controls">
+				<button type="submit" class="btn btn-important"><?php echo _t('gen.action.submit'); ?></button>
+				<button type="reset" class="btn"><?php echo _t('gen.action.cancel'); ?></button>
+			</div>
+		</div>
+	</form>
+</div>
\ No newline at end of file
diff --git a/app/views/user/manage.phtml b/app/views/user/manage.phtml
index 3d3bc3ddf..fe1b6618b 100644
--- a/app/views/user/manage.phtml
+++ b/app/views/user/manage.phtml
@@ -3,34 +3,6 @@
 <div class="post">
 	<a href="<?php echo _url('index', 'index'); ?>"><?php echo _t('gen.action.back_to_rss_feeds'); ?></a>
 
-	<form method="post" action="<?php echo _url('user', 'setRegistration'); ?>">
-		<legend><?php echo _t('admin.user.registration.allow'); ?></legend>
-
-		<div class="form-group">
-			<label class="group-name" for="max-registrations"><?php echo _t('admin.user.registration.number'); ?></label>
-			<div class="group-controls">
-				<input type="number" id="max-registrations" name="max-registrations" value="<?php echo FreshRSS_Context::$system_conf->limits['max_registrations']; ?>" min="0" data-leave-validation="<?php echo FreshRSS_Context::$system_conf->limits['max_registrations']; ?>"/>
-				<?php echo _i('help'); ?> <?php echo _t('admin.user.registration.help'); ?>
-			</div>
-		</div>
-
-		<div class="form-group">
-			<div class="group-controls">
-				<?php
-					$number = count(listUsers());
-					echo _t($number > 1 ? 'admin.user.numbers' : 'admin.user.number', $number);
-				?>
-			</div>
-		</div>
-
-		<div class="form-group form-actions">
-			<div class="group-controls">
-				<button type="submit" class="btn btn-important"><?php echo _t('gen.action.submit'); ?></button>
-				<button type="reset" class="btn"><?php echo _t('gen.action.cancel'); ?></button>
-			</div>
-		</div>
-	</form>
-
 	<form method="post" action="<?php echo _url('user', 'create'); ?>">
 		<legend><?php echo _t('admin.user.create'); ?></legend>
 
-- 
cgit v1.2.3


From c1548e732d7472c40473b3d99858059333a05eae Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sun, 31 Jul 2016 14:58:19 +0200
Subject: Remove Mozilla Persona login

https://github.com/FreshRSS/FreshRSS/issues/1052
---
 README.fr.md                            |   3 +-
 README.md                               |   3 +-
 app/Controllers/authController.php      | 152 +-------------------------------
 app/Controllers/userController.php      |  25 ------
 app/FreshRSS.php                        |   8 --
 app/Models/Auth.php                     |  18 +---
 app/Models/ConfigurationSetter.php      |   7 +-
 app/i18n/cz/admin.php                   |   6 --
 app/i18n/cz/conf.php                    |   1 -
 app/i18n/cz/feedback.php                |   1 -
 app/i18n/cz/gen.php                     |   3 -
 app/i18n/cz/install.php                 |   6 --
 app/i18n/de/admin.php                   |   6 --
 app/i18n/de/conf.php                    |   1 -
 app/i18n/de/feedback.php                |   1 -
 app/i18n/de/gen.php                     |   3 -
 app/i18n/de/install.php                 |   6 --
 app/i18n/en/admin.php                   |   6 --
 app/i18n/en/conf.php                    |   1 -
 app/i18n/en/feedback.php                |   1 -
 app/i18n/en/gen.php                     |   3 -
 app/i18n/en/install.php                 |   6 --
 app/i18n/fr/admin.php                   |   6 --
 app/i18n/fr/conf.php                    |   1 -
 app/i18n/fr/feedback.php                |   1 -
 app/i18n/fr/gen.php                     |   3 -
 app/i18n/fr/install.php                 |   6 --
 app/i18n/it/admin.php                   |   6 --
 app/i18n/it/conf.php                    |   1 -
 app/i18n/it/feedback.php                |   1 -
 app/i18n/it/gen.php                     |   3 -
 app/i18n/it/install.php                 |   6 --
 app/i18n/nl/admin.php                   |   6 --
 app/i18n/nl/conf.php                    |   1 -
 app/i18n/nl/feedback.php                |   1 -
 app/i18n/nl/gen.php                     |   3 -
 app/i18n/nl/install.php                 |   6 --
 app/i18n/ru/admin.php                   |   6 --
 app/i18n/ru/conf.php                    |   1 -
 app/i18n/ru/feedback.php                |   1 -
 app/i18n/ru/gen.php                     |   3 -
 app/i18n/ru/install.php                 |   6 --
 app/i18n/tr/admin.php                   |   6 --
 app/i18n/tr/conf.php                    |   1 -
 app/i18n/tr/feedback.php                |   1 -
 app/i18n/tr/gen.php                     |   3 -
 app/i18n/tr/install.php                 |   6 --
 app/install.php                         |  45 +---------
 app/views/auth/index.phtml              |   3 +-
 app/views/auth/personaLogin.phtml       |  28 ------
 app/views/auth/register.phtml           |   5 --
 app/views/auth/reset.phtml              |  33 -------
 app/views/helpers/javascript_vars.phtml |   2 -
 app/views/user/manage.phtml             |   8 --
 app/views/user/profile.phtml            |   9 --
 data/config.default.php                 |   1 -
 data/users/_/config.default.php         |   1 -
 lib/lib_rss.php                         |   1 -
 p/scripts/install.js                    |   8 +-
 p/scripts/persona.js                    |  76 ----------------
 60 files changed, 11 insertions(+), 561 deletions(-)
 delete mode 100644 app/views/auth/personaLogin.phtml
 delete mode 100644 app/views/auth/reset.phtml
 delete mode 100644 p/scripts/persona.js

(limited to 'app/Controllers/userController.php')

diff --git a/README.fr.md b/README.fr.md
index fd01a507b..067d6d1a1 100644
--- a/README.fr.md
+++ b/README.fr.md
@@ -89,7 +89,6 @@ sudo chmod -R g+w ./data/
 # Contrôle d’accès
 Il est requis pour le mode multi-utilisateur, et recommandé dans tous les cas, de limiter l’accès à votre FreshRSS. Au choix :
 * En utilisant l’identification par formulaire (requiert JavaScript, et PHP 5.3.7+ recommandé – fonctionne avec certaines versions de PHP 5.3.3+)
-* En utilisant l’identification par [Mozilla Persona](https://login.persona.org/about) incluse dans FreshRSS
 * En utilisant un contrôle d’accès HTTP défini par votre serveur Web
 	* Voir par exemple la [documentation d’Apache sur l’authentification](http://httpd.apache.org/docs/trunk/howto/auth.html)
 		* Créer dans ce cas un fichier `./p/i/.htaccess` avec un fichier `.htpasswd` correspondant.
@@ -111,7 +110,7 @@ Par exemple, pour exécuter le script toutes les heures :
 * En cas de problème, les logs peuvent être utile à lire, soit depuis l’interface de FreshRSS, soit manuellement depuis `./data/log/*.log`.
 
 # Sauvegarde
-* Il faut conserver vos fichiers `./data/config.php` ainsi que `./data/*_user.php` et éventuellement `./data/persona/`
+* Il faut conserver vos fichiers `./data/config.php` ainsi que `./data/*_user.php`
 * Vous pouvez exporter votre liste de flux depuis FreshRSS au format OPML
 * Pour sauvegarder les articles eux-mêmes, vous pouvez utiliser [phpMyAdmin](http://www.phpmyadmin.net) ou les outils de MySQL :
 
diff --git a/README.md b/README.md
index a0d22a75c..76975adbd 100644
--- a/README.md
+++ b/README.md
@@ -89,7 +89,6 @@ sudo chmod -R g+w ./data/
 # Access control
 It is needed for the multi-user mode to limit access to FreshRSS. You can:
 * use form authentication (need JavaScript and PHP 5.3.7+, works with some PHP 5.3.3+)
-* use [Mozilla Persona](https://login.persona.org/about) authentication included in FreshRSS
 * use HTTP authentication supported by your web server
 	* See [Apache documentation](http://httpd.apache.org/docs/trunk/howto/auth.html)
 		* In that case, create a `./p/i/.htaccess` file with a matching `.htpasswd` file.
@@ -111,7 +110,7 @@ For example, if you want to run the script every hour:
 * If you encounter any problem, logs are accessible from the interface or manually in `./data/log/*.log` files.
 
 # Backup
-* You need to keep `./data/config.php`, `./data/*_user.php` and `./data/persona/` files
+* You need to keep `./data/config.php`, and `./data/*_user.php` files
 * You can export your feed list in OPML format from FreshRSS
 * To save articles, you can use [phpMyAdmin](http://www.phpmyadmin.net) or MySQL tools:
 
diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php
index f58b008de..9decba431 100644
--- a/app/Controllers/authController.php
+++ b/app/Controllers/authController.php
@@ -70,7 +70,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
 	/**
 	 * This action handles the login page.
 	 *
-	 * It forwards to the correct login page (form or Persona) or main page if
+	 * It forwards to the correct login page (form) or main page if
 	 * the user is already connected.
 	 */
 	public function loginAction() {
@@ -83,9 +83,6 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
 		case 'form':
 			Minz_Request::forward(array('c' => 'auth', 'a' => 'formLogin'));
 			break;
-		case 'persona':
-			Minz_Request::forward(array('c' => 'auth', 'a' => 'personaLogin'));
-			break;
 		case 'http_auth':
 		case 'none':
 			// It should not happened!
@@ -188,81 +185,6 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
 		}
 	}
 
-	/**
-	 * This action handles Persona login page.
-	 *
-	 * If this action is reached through a POST request, assertion from Persona
-	 * is verificated and user connected if all is ok.
-	 *
-	 * Parameter is:
-	 *   - assertion (default: false)
-	 *
-	 * @todo: Persona system should be moved to a plugin
-	 */
-	public function personaLoginAction() {
-		$this->view->res = false;
-
-		if (Minz_Request::isPost()) {
-			$this->view->_useLayout(false);
-
-			$assert = Minz_Request::param('assertion');
-			$url = 'https://verifier.login.persona.org/verify';
-			$params = 'assertion=' . $assert . '&audience=' .
-			          urlencode(Minz_Url::display(null, 'php', true));
-			$ch = curl_init();
-			$options = array(
-				CURLOPT_URL => $url,
-				CURLOPT_RETURNTRANSFER => TRUE,
-				CURLOPT_POST => 2,
-				CURLOPT_POSTFIELDS => $params
-			);
-			curl_setopt_array($ch, $options);
-			$result = curl_exec($ch);
-			curl_close($ch);
-
-			$res = json_decode($result, true);
-
-			$login_ok = false;
-			$reason = '';
-			if ($res['status'] === 'okay') {
-				$email = filter_var($res['email'], FILTER_VALIDATE_EMAIL);
-				if ($email != '') {
-					$persona_file = DATA_PATH . '/persona/' . $email . '.txt';
-					if (($current_user = @file_get_contents($persona_file)) !== false) {
-						$current_user = trim($current_user);
-						$conf = get_user_configuration($current_user);
-						if (!is_null($conf)) {
-							$login_ok = strcasecmp($email, $conf->mail_login) === 0;
-						} else {
-							$reason = 'Invalid configuration for user ' .
-							          '[' . $current_user . ']';
-						}
-					}
-				} else {
-					$reason = 'Invalid email format [' . $res['email'] . ']';
-				}
-			} else {
-				$reason = $res['reason'];
-			}
-
-			if ($login_ok) {
-				Minz_Session::_param('currentUser', $current_user);
-				Minz_Session::_param('mail', $email);
-				FreshRSS_Auth::giveAccess();
-				invalidateHttpCache();
-			} else {
-				Minz_Log::warning($reason);
-
-				$res = array();
-				$res['status'] = 'failure';
-				$res['reason'] = _t('feedback.auth.login.invalid');
-			}
-
-			header('Content-Type: application/json; charset=UTF-8');
-			$this->view->res = $res;
-		}
-	}
-
 	/**
 	 * This action removes all accesses of the current user.
 	 */
@@ -273,78 +195,6 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
 		                   array('c' => 'index', 'a' => 'index'));
 	}
 
-	/**
-	 * This action resets the authentication system.
-	 *
-	 * After reseting, form auth is set by default.
-	 */
-	public function resetAction() {
-		Minz_View::prependTitle(_t('admin.auth.title_reset') . ' · ');
-
-		Minz_View::appendScript(Minz_Url::display(
-			'/scripts/bcrypt.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/bcrypt.min.js')
-		));
-
-		$this->view->no_form = false;
-		// Enable changement of auth only if Persona!
-		if (FreshRSS_Context::$system_conf->auth_type != 'persona') {
-			$this->view->message = array(
-				'status' => 'bad',
-				'title' => _t('gen.short.damn'),
-				'body' => _t('feedback.auth.not_persona')
-			);
-			$this->view->no_form = true;
-			return;
-		}
-
-		$conf = get_user_configuration(FreshRSS_Context::$system_conf->default_user);
-		if (is_null($conf)) {
-			return;
-		}
-
-		// Admin user must have set its master password.
-		if (!$conf->passwordHash) {
-			$this->view->message = array(
-				'status' => 'bad',
-				'title' => _t('gen.short.damn'),
-				'body' => _t('feedback.auth.no_password_set')
-			);
-			$this->view->no_form = true;
-			return;
-		}
-
-		invalidateHttpCache();
-
-		if (Minz_Request::isPost()) {
-			$nonce = Minz_Session::param('nonce');
-			$username = Minz_Request::param('username', '');
-			$challenge = Minz_Request::param('challenge', '');
-
-			$ok = FreshRSS_FormAuth::checkCredentials(
-				$username, $conf->passwordHash, $nonce, $challenge
-			);
-
-			if ($ok) {
-				FreshRSS_Context::$system_conf->auth_type = 'form';
-				$ok = FreshRSS_Context::$system_conf->save();
-
-				if ($ok) {
-					Minz_Request::good(_t('feedback.auth.form.set'));
-				} else {
-					Minz_Request::bad(_t('feedback.auth.form.not_set'),
-				                      array('c' => 'auth', 'a' => 'reset'));
-				}
-			} else {
-				Minz_Log::warning('Password mismatch for' .
-				                  ' user=' . $username .
-				                  ', nonce=' . $nonce .
-				                  ', c=' . $challenge);
-				Minz_Request::bad(_t('feedback.auth.login.invalid'),
-				                  array('c' => 'auth', 'a' => 'reset'));
-			}
-		}
-	}
-
 	/**
 	 * This action gives possibility to a user to create an account.
 	 */
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 1c7d621f1..0521bc008 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -64,21 +64,8 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 				FreshRSS_Context::$user_conf->apiPasswordHash = $passwordHash;
 			}
 
-			// TODO: why do we need of hasAccess here?
-			if (FreshRSS_Auth::hasAccess('admin')) {
-				FreshRSS_Context::$user_conf->mail_login = Minz_Request::param('mail_login', '', true);
-			}
-			$email = FreshRSS_Context::$user_conf->mail_login;
-			Minz_Session::_param('mail', $email);
-
 			$ok &= FreshRSS_Context::$user_conf->save();
 
-			if ($email != '') {
-				$personaFile = DATA_PATH . '/persona/' . $email . '.txt';
-				@unlink($personaFile);
-				$ok &= (file_put_contents($personaFile, Minz_Session::param('currentUser', '_')) !== false);
-			}
-
 			if ($ok) {
 				Minz_Request::good(_t('feedback.profile.updated'),
 				                   array('c' => 'user', 'a' => 'profile'));
@@ -119,7 +106,6 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 	 *   - new_user_language
 	 *   - new_user_name
 	 *   - new_user_passwordPlain
-	 *   - new_user_email
 	 *   - r (i.e. a redirection url, optional)
 	 *
 	 * @todo clean up this method. Idea: write a method to init a user with basic information.
@@ -168,22 +154,12 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 				if (empty($passwordHash)) {
 					$passwordHash = '';
 				}
-
-				$new_user_email = filter_var($_POST['new_user_email'], FILTER_VALIDATE_EMAIL);
-				if (empty($new_user_email)) {
-					$new_user_email = '';
-				} else {
-					$personaFile = join_path(DATA_PATH, 'persona', $new_user_email . '.txt');
-					@unlink($personaFile);
-					$ok &= (file_put_contents($personaFile, $new_user_name) !== false);
-				}
 			}
 			if ($ok) {
 				mkdir(join_path(DATA_PATH, 'users', $new_user_name));
 				$config_array = array(
 					'language' => $new_user_language,
 					'passwordHash' => $passwordHash,
-					'mail_login' => $new_user_email,
 				);
 				$ok &= (file_put_contents($configPath, "<?php\n return " . var_export($config_array, true) . ';') !== false);
 			}
@@ -255,7 +231,6 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 				$userDAO = new FreshRSS_UserDAO();
 				$ok &= $userDAO->deleteUser($username);
 				$ok &= recursive_unlink($user_data);
-				//TODO: delete Persona file
 			}
 			if ($ok && $self_deletion) {
 				FreshRSS_Auth::removeAccess();
diff --git a/app/FreshRSS.php b/app/FreshRSS.php
index 4933892bc..20640266e 100644
--- a/app/FreshRSS.php
+++ b/app/FreshRSS.php
@@ -98,14 +98,6 @@ class FreshRSS extends Minz_FrontController {
 		Minz_View::appendScript(Minz_Url::display('/scripts/jquery.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/jquery.min.js')));
 		Minz_View::appendScript(Minz_Url::display('/scripts/shortcut.js?' . @filemtime(PUBLIC_PATH . '/scripts/shortcut.js')));
 		Minz_View::appendScript(Minz_Url::display('/scripts/main.js?' . @filemtime(PUBLIC_PATH . '/scripts/main.js')));
-
-		if (FreshRSS_Context::$system_conf->auth_type === 'persona') {
-			// TODO move it in a plugin
-			// Needed for login AND logout with Persona.
-			Minz_View::appendScript('https://login.persona.org/include.js');
-			$file_mtime = @filemtime(PUBLIC_PATH . '/scripts/persona.js');
-			Minz_View::appendScript(Minz_Url::display('/scripts/persona.js?' . $file_mtime));
-		}
 	}
 
 	private static function loadNotifications() {
diff --git a/app/Models/Auth.php b/app/Models/Auth.php
index 4e7a71947..d689f7cdb 100644
--- a/app/Models/Auth.php
+++ b/app/Models/Auth.php
@@ -60,16 +60,6 @@ class FreshRSS_Auth {
 				Minz_Session::_param('currentUser', $current_user);
 			}
 			return $login_ok;
-		case 'persona':
-			$email = filter_var(Minz_Session::param('mail'), FILTER_VALIDATE_EMAIL);
-			$persona_file = DATA_PATH . '/persona/' . $email . '.txt';
-			if (($current_user = @file_get_contents($persona_file)) !== false) {
-				$current_user = trim($current_user);
-				Minz_Session::_param('currentUser', $current_user);
-				Minz_Session::_param('mail', $email);
-				return true;
-			}
-			return false;
 		case 'none':
 			return true;
 		default:
@@ -93,9 +83,6 @@ class FreshRSS_Auth {
 		case 'http_auth':
 			self::$login_ok = strcasecmp($current_user, httpAuthUser()) === 0;
 			break;
-		case 'persona':
-			self::$login_ok = strcasecmp(Minz_Session::param('mail'), $user_conf->mail_login) === 0;
-			break;
 		case 'none':
 			self::$login_ok = true;
 			break;
@@ -143,9 +130,6 @@ class FreshRSS_Auth {
 			Minz_Session::_param('passwordHash');
 			FreshRSS_FormAuth::deleteCookie();
 			break;
-		case 'persona':
-			Minz_Session::_param('mail');
-			break;
 		case 'http_auth':
 		case 'none':
 			// Nothing to do...
@@ -170,7 +154,7 @@ class FreshRSS_Auth {
 	public static function accessNeedsAction() {
 		$conf = Minz_Configuration::get('system');
 		$auth_type = $conf->auth_type;
-		return $auth_type === 'form' || $auth_type === 'persona';
+		return $auth_type === 'form';
 	}
 }
 
diff --git a/app/Models/ConfigurationSetter.php b/app/Models/ConfigurationSetter.php
index 250c14c39..e472b1e7f 100644
--- a/app/Models/ConfigurationSetter.php
+++ b/app/Models/ConfigurationSetter.php
@@ -95,11 +95,6 @@ class FreshRSS_ConfigurationSetter {
 		$data['language'] = $value;
 	}
 
-	private function _mail_login(&$data, $value) {
-		$value = filter_var($value, FILTER_VALIDATE_EMAIL);
-		$data['mail_login'] = $value ? $value : '';
-	}
-
 	private function _old_entries(&$data, $value) {
 		$value = intval($value);
 		$data['old_entries'] = $value > 0 ? $value : 3;
@@ -278,7 +273,7 @@ class FreshRSS_ConfigurationSetter {
 
 	private function _auth_type(&$data, $value) {
 		$value = strtolower($value);
-		if (!in_array($value, array('form', 'http_auth', 'persona', 'none'))) {
+		if (!in_array($value, array('form', 'http_auth', 'none'))) {
 			$value = 'none';
 		}
 		$data['auth_type'] = $value;
diff --git a/app/i18n/cz/admin.php b/app/i18n/cz/admin.php
index 342ac7ccd..881c02fc6 100644
--- a/app/i18n/cz/admin.php
+++ b/app/i18n/cz/admin.php
@@ -8,7 +8,6 @@ return array(
 		'form' => 'Webový formulář (tradiční, vyžaduje JavaScript)',
 		'http' => 'HTTP (pro pokročilé uživatele s HTTPS)',
 		'none' => 'Žádný (nebezpečné)',
-		'persona' => 'Mozilla Persona (moderní, vyžaduje JavaScript)',
 		'title' => 'Přihlášení',
 		'title_reset' => 'Reset přihlášení',
 		'token' => 'Authentizační token',
@@ -75,10 +74,6 @@ return array(
 			'nok' => 'Nemáte PDO nebo některý z podporovaných ovladačů (pdo_mysql, pdo_sqlite).',
 			'ok' => 'Máte PDO a alespoň jeden z podporovaných ovladačů (pdo_mysql, pdo_sqlite).',
 		),
-		'persona' => array(
-			'nok' => 'Zkontrolujte oprávnění adresáře <em>./data/persona</em>. HTTP server musí mít do tohoto adresáře práva zápisu',
-			'ok' => 'Oprávnění adresáře Mozilla Persona jsou v pořádku.',
-		),
 		'php' => array(
 			'_' => 'PHP instalace',
 			'nok' => 'Vaše verze PHP je %s, ale FreshRSS vyžaduje alespoň verzi %s.',
@@ -169,7 +164,6 @@ return array(
 	'user' => array(
 		'articles_and_size' => '%s článků (%s)',
 		'create' => 'Vytvořit nového uživatele',
-		'email_persona' => 'Email pro přihlášení<br /><small>(pro <a href="https://persona.org/" rel="external">Mozilla Persona</a>)</small>',
 		'language' => 'Jazyk',
 		'number' => 'Zatím je vytvořen %d účet',
 		'numbers' => 'Zatím je vytvořeno %d účtů',
diff --git a/app/i18n/cz/conf.php b/app/i18n/cz/conf.php
index 823ab1ea3..ec25f988c 100644
--- a/app/i18n/cz/conf.php
+++ b/app/i18n/cz/conf.php
@@ -76,7 +76,6 @@ return array(
 			'_' => 'Smazání účtu',
 			'warn' => 'Váš účet bude smazán spolu se všemi souvisejícími daty',
 		),
-		'email_persona' => 'Email pro přihlášení<br /><small>(pro <a href="https://persona.org/" rel="external">Mozilla Persona</a>)</small>',
 		'password_api' => 'Password API<br /><small>(tzn. pro mobilní aplikace)</small>',
 		'password_form' => 'Heslo<br /><small>(pro přihlášení webovým formulářem)</small>',
 		'password_format' => 'Alespoň 7 znaků',
diff --git a/app/i18n/cz/feedback.php b/app/i18n/cz/feedback.php
index b75a4a15a..81302afca 100644
--- a/app/i18n/cz/feedback.php
+++ b/app/i18n/cz/feedback.php
@@ -21,7 +21,6 @@ return array(
 			'success' => 'Jste odhlášen',
 		),
 		'no_password_set' => 'Heslo administrátora nebylo nastaveno. Tato funkce není k dispozici.',
-		'not_persona' => 'Resetovat lze pouze systém Persona.',
 	),
 	'conf' => array(
 		'error' => 'Během ukládání nastavení došlo k chybě',
diff --git a/app/i18n/cz/gen.php b/app/i18n/cz/gen.php
index 5e15ae6f9..e73325c55 100644
--- a/app/i18n/cz/gen.php
+++ b/app/i18n/cz/gen.php
@@ -24,8 +24,6 @@ return array(
 		'email' => 'Email',
 		'keep_logged_in' => 'Zapamatovat přihlášení <small>(1 měsíc)</small>',
 		'login' => 'Login',
-		'login_persona' => 'Přihlášení pomocí Persona',
-		'login_persona_problem' => 'Problém s připojením k Persona?',
 		'logout' => 'Odhlášení',
 		'password' =>  array(
 			'_' => 'Heslo',
@@ -42,7 +40,6 @@ return array(
 			'admin' => 'Název administrátorského účtu',
 			'format' => '<small>maximálně 16 alfanumerických znaků</small>',
 		),
-		'will_reset' => 'Přihlašovací systém bude vyresetován: místo sytému Persona bude použito přihlášení formulářem.',
 	),
 	'date' => array(
 		'Apr' => '\\D\\u\\b\\e\\n',
diff --git a/app/i18n/cz/install.php b/app/i18n/cz/install.php
index bc3e01992..6b94c0d4b 100644
--- a/app/i18n/cz/install.php
+++ b/app/i18n/cz/install.php
@@ -9,13 +9,11 @@ return array(
 		'reinstall' => 'Reinstalovat FreshRSS',
 	),
 	'auth' => array(
-		'email_persona' => 'Email pro přihlášení<br /><small>(pro <a href="https://persona.org/" rel="external">Mozilla Persona</a>)</small>',
 		'form' => 'Webový formulář (tradiční, vyžaduje JavaScript)',
 		'http' => 'HTTP (pro pokročilé uživatele s HTTPS)',
 		'none' => 'Žádný (nebezpečné)',
 		'password_form' => 'Heslo<br /><small>(pro přihlášení webovým formulářem)</small>',
 		'password_format' => 'Alespoň 7 znaků',
-		'persona' => 'Mozilla Persona (moderní, vyžaduje JavaScript)',
 		'type' => 'Způsob přihlášení',
 	),
 	'bdd' => array(
@@ -78,10 +76,6 @@ return array(
 			'nok' => 'Nemáte PDO nebo některý z podporovaných ovladačů (pdo_mysql, pdo_sqlite).',
 			'ok' => 'Máte PDO a alespoň jeden z podporovaných ovladačů (pdo_mysql, pdo_sqlite).',
 		),
-		'persona' => array(
-			'nok' => 'Zkontrolujte oprávnění adresáře <em>./data/persona</em>. HTTP server musí mít do tohoto adresáře práva zápisu',
-			'ok' => 'Oprávnění adresáře Mozilla Persona jsou v pořádku.',
-		),
 		'php' => array(
 			'nok' => 'Vaše verze PHP je %s, ale FreshRSS vyžaduje alespoň verzi %s.',
 			'ok' => 'Vaše verze PHP je %s a je kompatibilní s FreshRSS.',
diff --git a/app/i18n/de/admin.php b/app/i18n/de/admin.php
index 6e6cc0956..7b75fe5f4 100644
--- a/app/i18n/de/admin.php
+++ b/app/i18n/de/admin.php
@@ -8,7 +8,6 @@ return array(
 		'form' => 'Webformular (traditionell, benötigt JavaScript)',
 		'http' => 'HTTP (HTTPS für erfahrene Benutzer)',
 		'none' => 'Keine (gefährlich)',
-		'persona' => 'Mozilla Persona (modern, benötigt JavaScript)',
 		'title' => 'Authentifizierung',
 		'title_reset' => 'Zurücksetzen der Authentifizierung',
 		'token' => 'Authentifizierungs-Token',
@@ -75,10 +74,6 @@ return array(
 			'nok' => 'Ihnen fehlt PDO oder einer der unterstützten Treiber (pdo_mysql, pdo_sqlite).',
 			'ok' => 'Sie haben PDO und mindestens einen der unterstützten Treiber (pdo_mysql, pdo_sqlite).',
 		),
-		'persona' => array(
-			'nok' => 'Überprüfen Sie die Berechtigungen des Verzeichnisses <em>./data/persona</em>. Der HTTP-Server muss Schreibrechte besitzen.',
-			'ok' => 'Die Berechtigungen des Verzeichnisses <em>./data/persona</em> sind in Ordnung.',
-		),
 		'php' => array(
 			'_' => 'PHP-Installation',
 			'nok' => 'Ihre PHP-Version ist %s aber FreshRSS benötigt mindestens Version %s.',
@@ -169,7 +164,6 @@ return array(
 	'user' => array(
 		'articles_and_size' => '%s Artikel (%s)',
 		'create' => 'Neuen Benutzer erstellen',
-		'email_persona' => 'Anmelde-E-Mail-Adresse<br /><small>(für <a href="https://persona.org/" rel="external">Mozilla Persona</a>)</small>',
 		'language' => 'Sprache',
 		'number' => 'Es wurde bis jetzt %d Account erstellt',
 		'numbers' => 'Es wurden bis jetzt %d Accounts erstellt',
diff --git a/app/i18n/de/conf.php b/app/i18n/de/conf.php
index c1a762f12..7c57d5655 100644
--- a/app/i18n/de/conf.php
+++ b/app/i18n/de/conf.php
@@ -76,7 +76,6 @@ return array(
 			'_' => 'Accountlöschung',
 			'warn' => 'Dein Account und alle damit bezogenen Daten werden gelöscht.',
 		),
-		'email_persona' => 'Anmelde-E-Mail-Adresse<br /><small>(für <a href="https://persona.org/" rel="external">Mozilla Persona</a>)</small>',
 		'password_api' => 'Passwort-API<br /><small>(z. B. für mobile Anwendungen)</small>',
 		'password_form' => 'Passwort<br /><small>(für die Anmeldemethode per Webformular)</small>',
 		'password_format' => 'mindestens 7 Zeichen',
diff --git a/app/i18n/de/feedback.php b/app/i18n/de/feedback.php
index 4c15aadc3..f93992982 100644
--- a/app/i18n/de/feedback.php
+++ b/app/i18n/de/feedback.php
@@ -21,7 +21,6 @@ return array(
 			'success' => 'Sie sind abgemeldet',
 		),
 		'no_password_set' => 'Administrator-Passwort ist nicht gesetzt worden. Dieses Feature ist nicht verfügbar.',
-		'not_persona' => 'Nur das Persona-System kann zurückgesetzt werden.',
 	),
 	'conf' => array(
 		'error' => 'Während der Speicherung der Konfiguration trat ein Fehler auf',
diff --git a/app/i18n/de/gen.php b/app/i18n/de/gen.php
index 4b85c722a..c6e7f1ef3 100644
--- a/app/i18n/de/gen.php
+++ b/app/i18n/de/gen.php
@@ -24,8 +24,6 @@ return array(
 		'email' => 'E-Mail-Adresse',
 		'keep_logged_in' => 'Eingeloggt bleiben <small>(1 Monat)</small>',
 		'login' => 'Anmelden',
-		'login_persona' => 'Anmelden mit Persona',
-		'login_persona_problem' => 'Verbindungsproblem mit Persona?',
 		'logout' => 'Abmelden',
 		'password' => array(
 			'_' => 'Passwort',
@@ -42,7 +40,6 @@ return array(
 			'admin' => 'Administrator-Nutzername',
 			'format' => '<small>maximal 16 alphanumerische Zeichen</small>',
 		),
-		'will_reset' => 'Authentifikationssystem wird zurückgesetzt: ein Formular wird anstelle von Persona benutzt.',
 	),
 	'date' => array(
 		'Apr' => '\\A\\p\\r\\i\\l',
diff --git a/app/i18n/de/install.php b/app/i18n/de/install.php
index d16496818..a77822e7b 100644
--- a/app/i18n/de/install.php
+++ b/app/i18n/de/install.php
@@ -9,13 +9,11 @@ return array(
 		'reinstall' => 'Neuinstallation von FreshRSS',
 	),
 	'auth' => array(
-		'email_persona' => 'Anmelde-E-Mail-Adresse<br /><small>(für <a href="https://persona.org/" rel="external">Mozilla Persona</a>)</small>',
 		'form' => 'Webformular (traditionell, benötigt JavaScript)',
 		'http' => 'HTTP (HTTPS für erfahrene Benutzer)',
 		'none' => 'Keine (gefährlich)',
 		'password_form' => 'Passwort<br /><small>(für die Anmeldemethode per Webformular)</small>',
 		'password_format' => 'mindestens 7 Zeichen',
-		'persona' => 'Mozilla Persona (modern, benötigt JavaScript)',
 		'type' => 'Authentifizierungsmethode',
 	),
 	'bdd' => array(
@@ -78,10 +76,6 @@ return array(
 			'nok' => 'Ihnen fehlt PDO oder einer der unterstützten Treiber (pdo_mysql, pdo_sqlite).',
 			'ok' => 'Sie haben PDO und mindestens einen der unterstützten Treiber (pdo_mysql, pdo_sqlite).',
 		),
-		'persona' => array(
-			'nok' => 'Überprüfen Sie die Berechtigungen des Verzeichnisses <em>./data/persona</em>. Der HTTP-Server muss Schreibrechte besitzen.',
-			'ok' => 'Die Berechtigungen des Verzeichnisses <em>./data/persona</em> sind in Ordnung.',
-		),
 		'php' => array(
 			'nok' => 'Ihre PHP-Version ist %s aber FreshRSS benötigt mindestens Version %s.',
 			'ok' => 'Ihre PHP-Version ist %s, welche kompatibel mit FreshRSS ist.',
diff --git a/app/i18n/en/admin.php b/app/i18n/en/admin.php
index a58771edf..a88552087 100644
--- a/app/i18n/en/admin.php
+++ b/app/i18n/en/admin.php
@@ -8,7 +8,6 @@ return array(
 		'form' => 'Web form (traditional, requires JavaScript)',
 		'http' => 'HTTP (for advanced users with HTTPS)',
 		'none' => 'None (dangerous)',
-		'persona' => 'Mozilla Persona (modern, requires JavaScript)',
 		'title' => 'Authentication',
 		'title_reset' => 'Authentication reset',
 		'token' => 'Authentication token',
@@ -75,10 +74,6 @@ return array(
 			'nok' => 'You lack PDO or one of the supported drivers (pdo_mysql, pdo_sqlite).',
 			'ok' => 'You have PDO and at least one of the supported drivers (pdo_mysql, pdo_sqlite).',
 		),
-		'persona' => array(
-			'nok' => 'Check permissions on <em>./data/persona</em> directory. HTTP server must have rights to write into',
-			'ok' => 'Permissions on Mozilla Persona directory are good.',
-		),
 		'php' => array(
 			'_' => 'PHP installation',
 			'nok' => 'Your PHP version is %s but FreshRSS requires at least version %s.',
@@ -169,7 +164,6 @@ return array(
 	'user' => array(
 		'articles_and_size' => '%s articles (%s)',
 		'create' => 'Create new user',
-		'email_persona' => 'Login mail address<br /><small>(for <a href="https://persona.org/" rel="external">Mozilla Persona</a>)</small>',
 		'language' => 'Language',
 		'number' => 'There is %d account created yet',
 		'numbers' => 'There are %d accounts created yet',
diff --git a/app/i18n/en/conf.php b/app/i18n/en/conf.php
index 38e9197e9..b5ab73510 100644
--- a/app/i18n/en/conf.php
+++ b/app/i18n/en/conf.php
@@ -76,7 +76,6 @@ return array(
 			'_' => 'Account deletion',
 			'warn' => 'Your account and all the related data will be deleted.',
 		),
-		'email_persona' => 'Login email address<br /><small>(for <a href="https://persona.org/" rel="external">Mozilla Persona</a>)</small>',
 		'password_api' => 'API password<br /><small>(e.g., for mobile apps)</small>',
 		'password_form' => 'Password<br /><small>(for the Web-form login method)</small>',
 		'password_format' => 'At least 7 characters',
diff --git a/app/i18n/en/feedback.php b/app/i18n/en/feedback.php
index c9189c0d0..7ce2ae9cf 100644
--- a/app/i18n/en/feedback.php
+++ b/app/i18n/en/feedback.php
@@ -21,7 +21,6 @@ return array(
 			'success' => 'You are disconnected',
 		),
 		'no_password_set' => 'Administrator password hasn’t been set. This feature isn’t available.',
-		'not_persona' => 'Only Persona system can be reset.',
 	),
 	'conf' => array(
 		'error' => 'An error occurred during configuration saving',
diff --git a/app/i18n/en/gen.php b/app/i18n/en/gen.php
index ba4e2f86c..17b47ba2f 100644
--- a/app/i18n/en/gen.php
+++ b/app/i18n/en/gen.php
@@ -24,8 +24,6 @@ return array(
 		'email' => 'Email address',
 		'keep_logged_in' => 'Keep me logged in <small>(1 month)</small>',
 		'login' => 'Login',
-		'login_persona' => 'Login with Persona',
-		'login_persona_problem' => 'Connection problem with Persona?',
 		'logout' => 'Logout',
 		'password' => array(
 			'_' => 'Password',
@@ -42,7 +40,6 @@ return array(
 			'admin' => 'Administrator username',
 			'format' => '<small>maximum 16 alphanumeric characters</small>',
 		),
-		'will_reset' => 'Authentication system will be reset: a form will be used instead of Persona.',
 	),
 	'date' => array(
 		'Apr' => '\\A\\p\\r\\i\\l',
diff --git a/app/i18n/en/install.php b/app/i18n/en/install.php
index 4b5bbc62e..d1c5f37c8 100644
--- a/app/i18n/en/install.php
+++ b/app/i18n/en/install.php
@@ -9,13 +9,11 @@ return array(
 		'reinstall' => 'Reinstall FreshRSS',
 	),
 	'auth' => array(
-		'email_persona' => 'Login email address<br /><small>(for <a href="https://persona.org/" rel="external">Mozilla Persona</a>)</small>',
 		'form' => 'Web form (traditional, requires JavaScript)',
 		'http' => 'HTTP (for advanced users with HTTPS)',
 		'none' => 'None (dangerous)',
 		'password_form' => 'Password<br /><small>(for the Web-form login method)</small>',
 		'password_format' => 'At least 7 characters',
-		'persona' => 'Mozilla Persona (modern, requires JavaScript)',
 		'type' => 'Authentication method',
 	),
 	'bdd' => array(
@@ -78,10 +76,6 @@ return array(
 			'nok' => 'You lack PDO or one of the supported drivers (pdo_mysql, pdo_sqlite).',
 			'ok' => 'You have PDO and at least one of the supported drivers (pdo_mysql, pdo_sqlite).',
 		),
-		'persona' => array(
-			'nok' => 'Check permissions on <em>./data/persona</em> directory. HTTP server must have rights to write into',
-			'ok' => 'Permissions on Mozilla Persona directory are good.',
-		),
 		'php' => array(
 			'nok' => 'Your PHP version is %s but FreshRSS requires at least version %s.',
 			'ok' => 'Your PHP version is %s, which is compatible with FreshRSS.',
diff --git a/app/i18n/fr/admin.php b/app/i18n/fr/admin.php
index f4f267306..c359e9d24 100644
--- a/app/i18n/fr/admin.php
+++ b/app/i18n/fr/admin.php
@@ -8,7 +8,6 @@ return array(
 		'form' => 'Formulaire (traditionnel, requiert JavaScript)',
 		'http' => 'HTTP (pour utilisateurs avancés avec HTTPS)',
 		'none' => 'Aucune (dangereux)',
-		'persona' => 'Mozilla Persona (moderne, requiert JavaScript)',
 		'title' => 'Authentification',
 		'title_reset' => 'Réinitialisation de l’authentification',
 		'token' => 'Jeton d’identification',
@@ -75,10 +74,6 @@ return array(
 			'nok' => 'Vous ne disposez pas de PDO ou d’un des drivers supportés (pdo_mysql, pdo_sqlite).',
 			'ok' => 'Vous disposez de PDO et d’au moins un des drivers supportés (pdo_mysql, pdo_sqlite).',
 		),
-		'persona' => array(
-			'nok' => 'Veuillez vérifier les droits sur le répertoire <em>./data/persona</em>. Le serveur HTTP doit être capable d’écrire dedans',
-			'ok' => 'Les droits sur le répertoire de Mozilla Persona sont bons.',
-		),
 		'php' => array(
 			'_' => 'Installation de PHP',
 			'nok' => 'Votre version de PHP est la %s mais FreshRSS requiert au moins la version %s.',
@@ -169,7 +164,6 @@ return array(
 	'user' => array(
 		'articles_and_size' => '%s articles (%s)',
 		'create' => 'Créer un nouvel utilisateur',
-		'email_persona' => 'Adresse courriel de connexion<br /><small>(pour <a href="https://persona.org/" rel="external">Mozilla Persona</a>)</small>',
 		'language' => 'Langue',
 		'number' => '%d compte a déjà été créé',
 		'numbers' => '%d comptes ont déjà été créés',
diff --git a/app/i18n/fr/conf.php b/app/i18n/fr/conf.php
index 6193b7a01..7a6d12e17 100644
--- a/app/i18n/fr/conf.php
+++ b/app/i18n/fr/conf.php
@@ -76,7 +76,6 @@ return array(
 			'_' => 'Suppression du compte',
 			'warn' => 'Le compte et toutes les données associées vont être supprimées.',
 		),
-		'email_persona' => 'Adresse courriel de connexion<br /><small>(pour <a href="https://persona.org/" rel="external">Mozilla Persona</a>)</small>',
 		'password_api' => 'Mot de passe API<br /><small>(ex. : pour applis mobiles)</small>',
 		'password_form' => 'Mot de passe<br /><small>(pour connexion par formulaire)</small>',
 		'password_format' => '7 caractères minimum',
diff --git a/app/i18n/fr/feedback.php b/app/i18n/fr/feedback.php
index e2364a251..15f3ab859 100644
--- a/app/i18n/fr/feedback.php
+++ b/app/i18n/fr/feedback.php
@@ -21,7 +21,6 @@ return array(
 			'success' => 'Vous avez été déconnecté',
 		),
 		'no_password_set' => 'Aucun mot de passe administrateur n’a été précisé. Cette fonctionnalité n’est pas disponible.',
-		'not_persona' => 'Seul le système d’authentification Persona peut être réinitialisé.',
 	),
 	'conf' => array(
 		'error' => 'Une erreur est survenue durant la sauvegarde de la configuration',
diff --git a/app/i18n/fr/gen.php b/app/i18n/fr/gen.php
index 031098aa2..d61a716a7 100644
--- a/app/i18n/fr/gen.php
+++ b/app/i18n/fr/gen.php
@@ -24,8 +24,6 @@ return array(
 		'email' => 'Adresse courriel',
 		'keep_logged_in' => 'Rester connecté <small>(1 mois)</small>',
 		'login' => 'Connexion',
-		'login_persona' => 'Connexion avec Persona',
-		'login_persona_problem' => 'Problème de connexion à Persona ?',
 		'logout' => 'Déconnexion',
 		'password' => array(
 			'_' => 'Mot de passe',
@@ -42,7 +40,6 @@ return array(
 			'admin' => 'Nom d’utilisateur administrateur',
 			'format' => '<small>16 caractères alphanumériques maximum</small>',
 		),
-		'will_reset' => 'Le système d’authentification va être réinitialisé : un formulaire sera utilisé à la place de Persona.',
 	),
 	'date' => array(
 		'Apr' => '\\a\\v\\r\\i\\l',
diff --git a/app/i18n/fr/install.php b/app/i18n/fr/install.php
index 91dfbbb09..946a210ee 100644
--- a/app/i18n/fr/install.php
+++ b/app/i18n/fr/install.php
@@ -9,13 +9,11 @@ return array(
 		'reinstall' => 'Réinstaller FreshRSS',
 	),
 	'auth' => array(
-		'email_persona' => 'Adresse courriel de connexion<br /><small>(pour <a href="https://persona.org/" rel="external">Mozilla Persona</a>)</small>',
 		'form' => 'Formulaire (traditionnel, requiert JavaScript)',
 		'http' => 'HTTP (pour utilisateurs avancés avec HTTPS)',
 		'none' => 'Aucune (dangereux)',
 		'password_form' => 'Mot de passe<br /><small>(pour connexion par formulaire)</small>',
 		'password_format' => '7 caractères minimum',
-		'persona' => 'Mozilla Persona (moderne, requiert JavaScript)',
 		'type' => 'Méthode d’authentification',
 	),
 	'bdd' => array(
@@ -78,10 +76,6 @@ return array(
 			'nok' => 'Vous ne disposez pas de PDO ou d’un des drivers supportés (pdo_mysql, pdo_sqlite).',
 			'ok' => 'Vous disposez de PDO et d’au moins un des drivers supportés (pdo_mysql, pdo_sqlite).',
 		),
-		'persona' => array(
-			'nok' => 'Veuillez vérifier les droits sur le répertoire <em>./data/persona</em>. Le serveur HTTP doit être capable d’écrire dedans',
-			'ok' => 'Les droits sur le répertoire de Mozilla Persona sont bons.',
-		),
 		'php' => array(
 			'nok' => 'Votre version de PHP est la %s mais FreshRSS requiert au moins la version %s.',
 			'ok' => 'Votre version de PHP est la %s, qui est compatible avec FreshRSS.',
diff --git a/app/i18n/it/admin.php b/app/i18n/it/admin.php
index 94b2d6762..4eea158f6 100644
--- a/app/i18n/it/admin.php
+++ b/app/i18n/it/admin.php
@@ -8,7 +8,6 @@ return array(
 		'form' => 'Web form (tradizionale, richiede JavaScript)',
 		'http' => 'HTTP (per gli utenti avanzati con HTTPS)',
 		'none' => 'Nessuno (pericoloso)',
-		'persona' => 'Mozilla Persona (moderno, richiede JavaScript)',
 		'title' => 'Autenticazione',
 		'title_reset' => 'Reset autenticazione',
 		'token' => 'Token di autenticazione',
@@ -75,10 +74,6 @@ return array(
 			'nok' => 'Manca PDO o uno degli altri driver supportati (pdo_mysql, pdo_sqlite).',
 			'ok' => 'PDO e altri driver supportati (pdo_mysql, pdo_sqlite).',
 		),
-		'persona' => array(
-			'nok' => 'Verifica i permessi sulla cartella <em>./data/persona</em>. Il server HTTP deve avere i permessi per scriverci dentro',
-			'ok' => 'I permessi sulla cartella Mozilla Persona sono corretti.',
-		),
 		'php' => array(
 			'_' => 'Installazione PHP',
 			'nok' => 'Versione PHP %s FreshRSS richiede almeno la versione %s.',
@@ -169,7 +164,6 @@ return array(
 	'user' => array(
 		'articles_and_size' => '%s articoli (%s)',
 		'create' => 'Crea nuovo utente',
-		'email_persona' => 'Indirizzo mail<br /><small>(Login <a href="https://persona.org/" rel="external">Mozilla Persona</a>)</small>',
 		'language' => 'Lingua',
 		'number' => ' %d profilo utente creato',
 		'numbers' => 'Sono presenti %d profili utente',
diff --git a/app/i18n/it/conf.php b/app/i18n/it/conf.php
index b757b3210..19b62c9a7 100644
--- a/app/i18n/it/conf.php
+++ b/app/i18n/it/conf.php
@@ -76,7 +76,6 @@ return array(
 			'_' => 'Cancellazione account',
 			'warn' => 'Il tuo account e tutti i dati associati saranno cancellati.',
 		),
-		'email_persona' => 'Indirizzo email<br /><small>(Login <a href="https://persona.org/" rel="external">Mozilla Persona</a>)</small>',
 		'password_api' => 'Password API<br /><small>(e.g., per applicazioni mobili)</small>',
 		'password_form' => 'Password<br /><small>(per il login classico)</small>',
 		'password_format' => 'Almeno 7 caratteri',
diff --git a/app/i18n/it/feedback.php b/app/i18n/it/feedback.php
index caf1cd2b4..f217586b0 100644
--- a/app/i18n/it/feedback.php
+++ b/app/i18n/it/feedback.php
@@ -21,7 +21,6 @@ return array(
 			'success' => 'Disconnessione effettuata',
 		),
 		'no_password_set' => 'Password di amministrazione non impostata. Opzione non disponibile.',
-		'not_persona' => 'Solo il sistema Mozilla Persona può essere resettato.',
 	),
 	'conf' => array(
 		'error' => 'Si è verificato un errore durante il salvataggio della configurazione',
diff --git a/app/i18n/it/gen.php b/app/i18n/it/gen.php
index d24377593..c02ddd13a 100644
--- a/app/i18n/it/gen.php
+++ b/app/i18n/it/gen.php
@@ -24,8 +24,6 @@ return array(
 		'email' => 'Indirizzo email',
 		'keep_logged_in' => 'Ricorda i dati <small>(1 mese)</small>',
 		'login' => 'Accedi',
-		'login_persona' => 'Accedi con Mozilla Persona',
-		'login_persona_problem' => 'Problemi di connessione con Mozilla Persona?',
 		'logout' => 'Esci',
 		'password' => array(
 			'_' => 'Password',
@@ -42,7 +40,6 @@ return array(
 			'admin' => 'Username amministratore',
 			'format' => '<small>massimo 16 caratteri alfanumerici</small>',
 		),
-		'will_reset' => 'Il sistema di autenticazione verrà resettato: un form verrà usato per Mozilla Persona.',
 	),
 	'date' => array(
 		'Apr' => '\\A\\p\\r\\i\\l\\e',
diff --git a/app/i18n/it/install.php b/app/i18n/it/install.php
index 8f5300bd5..a60dd4523 100644
--- a/app/i18n/it/install.php
+++ b/app/i18n/it/install.php
@@ -9,13 +9,11 @@ return array(
 		'reinstall' => 'Reinstalla FreshRSS',
 	),
 	'auth' => array(
-		'email_persona' => 'Indirizzo mail<br /><small>(per <a href="https://persona.org/" rel="external">Mozilla Persona</a>)</small>',
 		'form' => 'Web form (tradizionale, richiede JavaScript)',
 		'http' => 'HTTP (per gli utenti avanzati con HTTPS)',
 		'none' => 'Nessuno (pericoloso)',
 		'password_form' => 'Password<br /><small>(per il login tramite Web-form tradizionale)</small>',
 		'password_format' => 'Almeno 7 caratteri',
-		'persona' => 'Mozilla Persona (moderno, richiede JavaScript)',
 		'type' => 'Metodo di autenticazione',
 	),
 	'bdd' => array(
@@ -78,10 +76,6 @@ return array(
 			'nok' => 'Manca PDO o uno degli altri driver supportati (pdo_mysql, pdo_sqlite).',
 			'ok' => 'PDO e altri driver supportati (pdo_mysql, pdo_sqlite).',
 		),
-		'persona' => array(
-			'nok' => 'Verifica i permessi sulla cartella <em>./data/persona</em>. Il server HTTP deve avere i permessi per scriverci dentro',
-			'ok' => 'I permessi sulla cartella Mozilla Persona sono corretti.',
-		),
 		'php' => array(
 			'_' => 'Installazione PHP',
 			'nok' => 'Versione di PHP %s FreshRSS richiede almeno la versione %s.',
diff --git a/app/i18n/nl/admin.php b/app/i18n/nl/admin.php
index bd7d63b6a..9f05d69b1 100644
--- a/app/i18n/nl/admin.php
+++ b/app/i18n/nl/admin.php
@@ -8,7 +8,6 @@ return array(
 		'form' => 'Web formulier (traditioneel, benodigd JavaScript)',
 		'http' => 'HTTP (voor geavanceerde gebruikers met HTTPS)',
 		'none' => 'Geen (gevaarlijk)',
-		'persona' => 'Mozilla Persona (modern, benodigd JavaScript)',
 		'title' => 'Authenticatie',
 		'title_reset' => 'Authenticatie terugzetten',
 		'token' => 'Authenticatie teken',
@@ -75,10 +74,6 @@ return array(
 			'nok' => 'U mist PDO of een van de ondersteunde drivers (pdo_mysql, pdo_sqlite).',
 			'ok' => 'U hebt PDO en ten minste één van de ondersteunde drivers (pdo_mysql, pdo_sqlite).',
 		),
-		'persona' => array(
-			'nok' => 'Controleer de permissies op de <em>./data/persona</em> map. HTTP server moet rechten hebben om hierin te schrijven',
-			'ok' => 'Permissies op de Mozilla Persona map zijn goed.',
-		),
 		'php' => array(
 			'_' => 'PHP installatie',
 			'nok' => 'Uw PHP versie is %s maar FreshRSS benodigd tenminste versie %s.',
@@ -169,7 +164,6 @@ return array(
 	'user' => array(
 		'articles_and_size' => '%s artikelen (%s)',
 		'create' => 'Creëer  nieuwe gebruiker',
-		'email_persona' => 'Log in mail adres<br /><small>(voor <a href="https://persona.org/" rel="external">Mozilla Persona</a>)</small>',
 		'language' => 'Taal',
 		'number' => 'Er is %d accounts gemaakt',
 		'numbers' => 'Er zijn %d accounts gemaakt',
diff --git a/app/i18n/nl/conf.php b/app/i18n/nl/conf.php
index 9b0aff793..573dabf45 100644
--- a/app/i18n/nl/conf.php
+++ b/app/i18n/nl/conf.php
@@ -76,7 +76,6 @@ return array(
 			'_' => 'Account verwijderen',
 			'warn' => 'Uw account en alle gerelateerde gegvens worden verwijderd.',
 		),
-		'email_persona' => 'Log in mail adres<br /><small>(voor <a href="https://persona.org/" rel="external">Mozilla Persona</a>)</small>',
 		'password_api' => 'Wachtwoord API<br /><small>(e.g., voor mobiele apps)</small>',
 		'password_form' => 'Wachtwoord<br /><small>(voor de Web-formulier log in methode)</small>',
 		'password_format' => 'Ten minste 7 tekens',
diff --git a/app/i18n/nl/feedback.php b/app/i18n/nl/feedback.php
index 54d84f7d6..b703c43cf 100644
--- a/app/i18n/nl/feedback.php
+++ b/app/i18n/nl/feedback.php
@@ -21,7 +21,6 @@ return array(
 			'success' => 'U bent uitgelogd',
 		),
 		'no_password_set' => 'Administrateur wachtwoord is niet ingesteld. Deze mogelijkheid is niet beschikbaar.',
-		'not_persona' => 'Alleen Persona systeem kan worden gereset.',
 	),
 	'conf' => array(
 		'error' => 'Er is een fout opgetreden tijdens het opslaan van de configuratie',
diff --git a/app/i18n/nl/gen.php b/app/i18n/nl/gen.php
index 24cba574e..7e03229c9 100644
--- a/app/i18n/nl/gen.php
+++ b/app/i18n/nl/gen.php
@@ -24,8 +24,6 @@ return array(
 		'email' => 'Email adres',
 		'keep_logged_in' => 'Ingelogd blijven voor <small>(1 maand)</small>',
 		'login' => 'Log in',
-		'login_persona' => 'Login met Persona',
-		'login_persona_problem' => 'Connectiviteits problemen met Persona',
 		'logout' => 'Log uit',
 		'password' => array(
 			'_' => 'Wachtwoord',
@@ -42,7 +40,6 @@ return array(
 			'admin' => 'Administrator gebruikersnaam',
 			'format' => '<small>maximaal 16 alphanumerieke tekens</small>',
 		),
-		'will_reset' => 'Het authenticatie system zal worden gereset: een formulier zal worden gebruikt in plaats van Persona.',
 	),
 	'date' => array(
 		'Apr' => '\\A\\p\\r\\i\\l',
diff --git a/app/i18n/nl/install.php b/app/i18n/nl/install.php
index d16dda4ca..77783cd48 100644
--- a/app/i18n/nl/install.php
+++ b/app/i18n/nl/install.php
@@ -9,13 +9,11 @@ return array(
 		'reinstall' => 'Installeer FreshRSS opnieuw',
 	),
 	'auth' => array(
-		'email_persona' => 'Log in mail adres<br /><small>(voor <a href="https://persona.org/" rel="external">Mozilla Persona</a>)</small>',
 		'form' => 'Web formulier (traditioneel, benodigd JavaScript)',
 		'http' => 'HTTP (voor geavanceerde gebruikers met HTTPS)',
 		'none' => 'Geen (gevaarlijk)',
 		'password_form' => 'Wachtwoord<br /><small>(voor de Web-formulier log in methode)</small>',
 		'password_format' => 'Tenminste 7 tekens',
-		'persona' => 'Mozilla Persona (modern, benodigd JavaScript)',
 		'type' => 'Authenticatie methode',
 	),
 	'bdd' => array(
@@ -78,10 +76,6 @@ return array(
 			'nok' => 'U mist PDO of één van de ondersteunde (pdo_mysql, pdo_sqlite).',
 			'ok' => 'U hebt PDO en ten minste één van de ondersteunde drivers (pdo_mysql, pdo_sqlite).',
 		),
-		'persona' => array(
-			'nok' => 'Controleer permissies van de <em>./data/persona</em> map. HTTP server moet rechten hebben om er in te kunnen schrijven',
-			'ok' => 'Permissies van de Mozilla Persona map zijn goed.',
-		),
 		'php' => array(
 			'nok' => 'Uw PHP versie is %s maar FreshRSS benodigd tenminste versie %s.',
 			'ok' => 'Uw PHP versie is %s, welke compatibel is met FreshRSS.',
diff --git a/app/i18n/ru/admin.php b/app/i18n/ru/admin.php
index dfea5b3cb..caea627f3 100644
--- a/app/i18n/ru/admin.php
+++ b/app/i18n/ru/admin.php
@@ -8,7 +8,6 @@ return array(
 		'form' => 'На основе веб-формы (традиционный, необходим JavaScript)',
 		'http' => 'HTTP (для продвинутых пользователей - по HTTPS)',
 		'none' => 'Без аутентификации (небезопасный)',
-		'persona' => 'Mozilla Persona (новый, необходим JavaScript)',
 		'title' => 'Аутентификации',
 		'title_reset' => 'Сброс аутентицикации',
 		'token' => 'Токен аутентификации',
@@ -75,10 +74,6 @@ return array(
 			'nok' => 'У вас не установлен PDO или один из необходимых драйверов (pdo_mysql, pdo_sqlite).',
 			'ok' => 'У вас установлен PDO и как минимум один из поддерживаемых драйверов (pdo_mysql, pdo_sqlite).',
 		),
-		'persona' => array(
-			'nok' => 'Проверьте права доступа к папке <em>./data/persona</em> . Сервер HTTP должен иметь права на запись в эту папку.',
-			'ok' => 'Права на папку Mozilla Persona в порядке.',
-		),
 		'php' => array(
 			'_' => 'PHP installation',
 			'nok' => 'У вас установлен PHP версии %s, но FreshRSS необходима версия не ниже %s.',
@@ -169,7 +164,6 @@ return array(
 	'user' => array(
 		'articles_and_size' => '%s статей (%s)',
 		'create' => 'Создать нового пользователя',
-		'email_persona' => 'Адрес электронной почты для входа<br /><small>(for <a href="https://persona.org/" rel="external">Mozilla Persona</a>)</small>',
 		'language' => 'Язык',
 		'number' => 'На данный момент создан %d аккаунт',
 		'numbers' => 'На данный момент аккаунтов создано:  %d',
diff --git a/app/i18n/ru/conf.php b/app/i18n/ru/conf.php
index e502e9a43..557fbe369 100644
--- a/app/i18n/ru/conf.php
+++ b/app/i18n/ru/conf.php
@@ -76,7 +76,6 @@ return array(
 			'_' => 'Account deletion',
 			'warn' => 'Your account and all the related data will be deleted.',
 		),
-		'email_persona' => 'Login email address<br /><small>(for <a href="https://persona.org/" rel="external">Mozilla Persona</a>)</small>',
 		'password_api' => 'Password API<br /><small>(e.g., for mobile apps)</small>',
 		'password_form' => 'Password<br /><small>(for the Web-form login method)</small>',
 		'password_format' => 'At least 7 characters',
diff --git a/app/i18n/ru/feedback.php b/app/i18n/ru/feedback.php
index c9189c0d0..7ce2ae9cf 100644
--- a/app/i18n/ru/feedback.php
+++ b/app/i18n/ru/feedback.php
@@ -21,7 +21,6 @@ return array(
 			'success' => 'You are disconnected',
 		),
 		'no_password_set' => 'Administrator password hasn’t been set. This feature isn’t available.',
-		'not_persona' => 'Only Persona system can be reset.',
 	),
 	'conf' => array(
 		'error' => 'An error occurred during configuration saving',
diff --git a/app/i18n/ru/gen.php b/app/i18n/ru/gen.php
index b8e8511d9..eecd72749 100644
--- a/app/i18n/ru/gen.php
+++ b/app/i18n/ru/gen.php
@@ -24,8 +24,6 @@ return array(
 		'email' => 'Email address',
 		'keep_logged_in' => 'Keep me logged in <small>(1 month)</small>',
 		'login' => 'Login',
-		'login_persona' => 'Login with Persona',
-		'login_persona_problem' => 'Connection problem with Persona?',
 		'logout' => 'Logout',
 		'password' => array(
 			'_' => 'Password',
@@ -42,7 +40,6 @@ return array(
 			'admin' => 'Administrator username',
 			'format' => '<small>maximum 16 alphanumeric characters</small>',
 		),
-		'will_reset' => 'Authentication system will be reset: a form will be used instead of Persona.',
 	),
 	'date' => array(
 		'Apr' => '\\A\\p\\r\\i\\l',
diff --git a/app/i18n/ru/install.php b/app/i18n/ru/install.php
index c838b2eba..a52e2959b 100644
--- a/app/i18n/ru/install.php
+++ b/app/i18n/ru/install.php
@@ -9,13 +9,11 @@ return array(
 		'reinstall' => 'Переустановить FreshRSS',
 	),
 	'auth' => array(
-		'email_persona' => 'Почта (логин) для <br /><small>(for <a href="https://persona.org/" rel="external">Mozilla Persona</a>)</small>',
 		'form' => 'Вэб-форма (традиционный, необходим JavaScript)',
 		'http' => 'HTTP (для продвинутых пользователей с HTTPS)',
 		'none' => 'Никакого (опасно)',
 		'password_form' => 'Пароль<br /><small>(для метода аутентификации на Вэб-формах)</small>',
 		'password_format' => 'Как минимум 7 букв',
-		'persona' => 'Mozilla Persona (современный, необходим JavaScript)',
 		'type' => 'Метод аутентификации',
 	),
 	'bdd' => array(
@@ -74,10 +72,6 @@ return array(
 			'nok' => 'У вас не установлен PDO или один из необходимых драйверов (pdo_mysql, pdo_sqlite).',
 			'ok' => 'У вас установлен PDO и как минимум один из поддерживаемых драйверов (pdo_mysql, pdo_sqlite).',
 		),
-		'persona' => array(
-			'nok' => 'Проверьте права доступа к папке <em>./data/persona</em> . Сервер HTTP должен иметь права на запись в эту папку.',
-			'ok' => 'Права на папку Mozilla Persona в порядке.',
-		),
 		'php' => array(
 			'nok' => 'У вас установлен PHP версии %s, но FreshRSS необходима версия не ниже %s.',
 			'ok' => 'У вас установлен PHP версии %s, который совместим с FreshRSS.',
diff --git a/app/i18n/tr/admin.php b/app/i18n/tr/admin.php
index 3a6f8118e..43f8e23c5 100644
--- a/app/i18n/tr/admin.php
+++ b/app/i18n/tr/admin.php
@@ -8,7 +8,6 @@ return array(
 		'form' => 'Web formu (geleneksel, JavaScript gerektirir)',
 		'http' => 'HTTP (ileri kullanıcılar için, HTTPS)',
 		'none' => 'Hiçbiri (tehlikeli)',
-		'persona' => 'Mozilla Persona (modern, JavaScript gerektirir)',
 		'title' => 'Kimlik doğrulama',
 		'title_reset' => 'Kimlik doğrulama sıfırla',
 		'token' => 'Kimlik doğrulama işareti',
@@ -75,10 +74,6 @@ return array(
 			'nok' => 'PDO veya PDO destekli bir sürücü eksik (pdo_mysql, pdo_sqlite).',
 			'ok' => 'PDO sorunsuz (pdo_mysql, pdo_sqlite).',
 		),
-		'persona' => array(
-			'nok' => '<em>./data/persona</em> klasör yetkisini kontrol edin. HTTP yazma yetkisi olmalı',
-			'ok' => 'Mozilla Persona klasörü yetkileri sorunsuz.',
-		),
 		'php' => array(
 			'_' => 'PHP kurulumu',
 			'nok' => 'PHP versiyonunuz %s fakat FreshRSS için gerekli olan en düşük sürüm %s.',
@@ -169,7 +164,6 @@ return array(
 	'user' => array(
 		'articles_and_size' => '%s makale (%s)',
 		'create' => 'Yeni kullanıcı oluştur',
-		'email_persona' => 'Giriş email adresi<br /><small>(<a href="https://persona.org/" rel="external">Mozilla Persona</a> için)</small>',
 		'language' => 'Dil',
 		'number' => 'Oluşturulmuş %d hesap var',
 		'numbers' => 'Oluşturulmuş %d hesap var',
diff --git a/app/i18n/tr/conf.php b/app/i18n/tr/conf.php
index d9e275b21..2fdc248e4 100644
--- a/app/i18n/tr/conf.php
+++ b/app/i18n/tr/conf.php
@@ -76,7 +76,6 @@ return array(
 			'_' => 'Hesap silme',
 			'warn' => 'Hesabınız ve tüm verileriniz silinecek.',
 		),
-		'email_persona' => 'Giriş email adresi<br /><small>(<a href="https://persona.org/" rel="external">Mozilla Persona</a> için)</small>',
 		'password_api' => 'API Şifresi<br /><small>(ör. mobil uygulamalar için)</small>',
 		'password_form' => 'Şifre<br /><small>(Tarayıcı girişi için)</small>',
 		'password_format' => 'En az 7 karakter',
diff --git a/app/i18n/tr/feedback.php b/app/i18n/tr/feedback.php
index 0572c6da1..a53316206 100644
--- a/app/i18n/tr/feedback.php
+++ b/app/i18n/tr/feedback.php
@@ -21,7 +21,6 @@ return array(
 			'success' => 'Bağlantı koptu',
 		),
 		'no_password_set' => 'Yönetici şifresi ayarlanmadı. Bu özellik kullanıma uygun değil.',
-		'not_persona' => 'Sadece Persona sistem sıfırlanabilir.',
 	),
 	'conf' => array(
 		'error' => 'Yapılandırma ayarları kaydedilirken hata oluştu',
diff --git a/app/i18n/tr/gen.php b/app/i18n/tr/gen.php
index 492e2cb9b..865dbd4e2 100644
--- a/app/i18n/tr/gen.php
+++ b/app/i18n/tr/gen.php
@@ -24,8 +24,6 @@ return array(
 		'email' => 'Email adresleri',
 		'keep_logged_in' => '<small>(1 ay)</small> oturumu açık tut',
 		'login' => 'Giriş',
-		'login_persona' => 'Persona ile giriş yap',
-		'login_persona_problem' => 'Persona ile bağlantı sorununuz mu var ?',
 		'logout' => 'Çıkış',
 		'password' => array(
 			'_' => 'Şifre',
@@ -42,7 +40,6 @@ return array(
 			'admin' => 'Yönetici kullanıcı adı',
 			'format' => '<small>en fazla 16 alfanümerik karakter</small>',
 		),
-		'will_reset' => 'Kimlik doğrulama sistemi sıfırlanacak: Persone yerine bir form kullanılacak.',
 	),
 	'date' => array(
 		'Apr' => '\\N\\i\\s\\a\\n',
diff --git a/app/i18n/tr/install.php b/app/i18n/tr/install.php
index 85134845b..951a7c5fd 100644
--- a/app/i18n/tr/install.php
+++ b/app/i18n/tr/install.php
@@ -9,13 +9,11 @@ return array(
 		'reinstall' => 'FreshRSS i yeniden yükle',
 	),
 	'auth' => array(
-		'email_persona' => 'Giriş email adresi<br /><small>(<a href="https://persona.org/" rel="external">Mozilla Persona</a> için)</small>',
 		'form' => 'Web formu (geleneksel, JavaScript gerektirir)',
 		'http' => 'HTTP (ileri kullanıcılar için, HTTPS)',
 		'none' => 'Hiçbiri (tehlikeli)',
 		'password_form' => 'Şifre<br /><small>(Tarayıcı girişi için)</small>',
 		'password_format' => 'En az 7 karakter',
-		'persona' => 'Mozilla Persona (modern, JavaScript gerektirir)',
 		'type' => 'Kimlik doğrulama yöntemi',
 	),
 	'bdd' => array(
@@ -78,10 +76,6 @@ return array(
 			'nok' => 'PDO veya PDO destekli bir sürücü eksik (pdo_mysql, pdo_sqlite).',
 			'ok' => 'PDO sorunsuz (pdo_mysql, pdo_sqlite).',
 		),
-		'persona' => array(
-			'nok' => '<em>./data/persona</em> klasör yetkisini kontrol edin. HTTP yazma yetkisi olmalı',
-			'ok' => 'Mozilla Persona klasörü yetkileri sorunsuz.',
-		),
 		'php' => array(
 			'nok' => 'PHP versiyonunuz %s fakat FreshRSS için gerekli olan en düşük sürüm %s.',
 			'ok' => 'PHP versiyonunuz %s, FreshRSS ile tam uyumlu.',
diff --git a/app/install.php b/app/install.php
index 062f66814..e73bc9972 100644
--- a/app/install.php
+++ b/app/install.php
@@ -103,7 +103,6 @@ function saveStep1() {
 		$_SESSION['title'] = $system_conf->title;
 		$_SESSION['auth_type'] = $system_conf->auth_type;
 		$_SESSION['old_entries'] = $user_conf->old_entries;
-		$_SESSION['mail_login'] = $user_conf->mail_login;
 		$_SESSION['default_user'] = $current_user;
 		$_SESSION['passwordHash'] = $user_conf->passwordHash;
 
@@ -128,7 +127,6 @@ function saveStep2() {
 		$_SESSION['old_entries'] = param('old_entries', $user_default_config->old_entries);
 		$_SESSION['auth_type'] = param('auth_type', 'form');
 		$_SESSION['default_user'] = substr(preg_replace('/[^a-zA-Z0-9]/', '', param('default_user', '')), 0, 16);
-		$_SESSION['mail_login'] = filter_var(param('mail_login', ''), FILTER_VALIDATE_EMAIL);
 
 		$password_plain = param('passwordPlain', false);
 		if ($password_plain !== false && cryptAvailable()) {
@@ -146,8 +144,7 @@ function saveStep2() {
 			return false;
 		}
 
-		if (($_SESSION['auth_type'] === 'form' && empty($_SESSION['passwordHash'])) ||
-				($_SESSION['auth_type'] === 'persona' && empty($_SESSION['mail_login']))) {
+		if ($_SESSION['auth_type'] === 'form' && empty($_SESSION['passwordHash'])) {
 			return false;
 		}
 
@@ -157,15 +154,11 @@ function saveStep2() {
 		}
 
 		$token = '';
-		if ($_SESSION['mail_login']) {
-			$token = sha1($_SESSION['salt'] . $_SESSION['mail_login']);
-		}
 
 		$config_array = array(
 			'language' => $_SESSION['language'],
 			'theme' => $user_default_config->theme,
 			'old_entries' => $_SESSION['old_entries'],
-			'mail_login' => $_SESSION['mail_login'],
 			'passwordHash' => $_SESSION['passwordHash'],
 			'token' => $token,
 		);
@@ -179,12 +172,6 @@ function saveStep2() {
 		mkdir($user_dir);
 		file_put_contents($user_config_path, "<?php\n return " . var_export($config_array, true) . ';');
 
-		if ($_SESSION['mail_login'] != '') {
-			$personaFile = join_path(DATA_PATH, 'persona', $_SESSION['mail_login'] . '.txt');
-			@unlink($personaFile);
-			file_put_contents($personaFile, $_SESSION['default_user']);
-		}
-
 		header('Location: index.php?step=3');
 	}
 }
@@ -324,7 +311,6 @@ function checkStep1() {
 	$cache = CACHE_PATH && is_writable(CACHE_PATH);
 	$users = USERS_PATH && is_writable(USERS_PATH);
 	$favicons = is_writable(join_path(DATA_PATH, 'favicons'));
-	$persona = is_writable(join_path(DATA_PATH, 'persona'));
 	$http_referer = is_referer_from_same_domain();
 
 	return array(
@@ -343,10 +329,9 @@ function checkStep1() {
 		'cache' => $cache ? 'ok' : 'ko',
 		'users' => $users ? 'ok' : 'ko',
 		'favicons' => $favicons ? 'ok' : 'ko',
-		'persona' => $persona ? 'ok' : 'ko',
 		'http_referer' => $http_referer ? 'ok' : 'ko',
 		'all' => $php && $minz && $curl && $pdo && $pcre && $ctype && $dom && $xml &&
-		         $data && $cache && $users && $favicons && $persona && $http_referer ?
+		         $data && $cache && $users && $favicons && $http_referer ?
 		         'ok' : 'ko'
 	);
 }
@@ -380,7 +365,6 @@ function freshrss_already_installed() {
 
 function checkStep2() {
 	$conf = !empty($_SESSION['old_entries']) &&
-	        isset($_SESSION['mail_login']) &&
 	        !empty($_SESSION['default_user']);
 
 	$form = (
@@ -388,11 +372,6 @@ function checkStep2() {
 		($_SESSION['auth_type'] != 'form' || !empty($_SESSION['passwordHash']))
 	);
 
-	$persona = (
-		isset($_SESSION['auth_type']) &&
-		($_SESSION['auth_type'] != 'persona' || !empty($_SESSION['mail_login']))
-	);
-
 	$defaultUser = empty($_POST['default_user']) ? null : $_POST['default_user'];
 	if ($defaultUser === null) {
 		$defaultUser = empty($_SESSION['default_user']) ? '' : $_SESSION['default_user'];
@@ -402,9 +381,8 @@ function checkStep2() {
 	return array(
 		'conf' => $conf ? 'ok' : 'ko',
 		'form' => $form ? 'ok' : 'ko',
-		'persona' => $persona ? 'ok' : 'ko',
 		'data' => $data ? 'ok' : 'ko',
-		'all' => $conf && $form && $persona && $data ? 'ok' : 'ko'
+		'all' => $conf && $form && $data ? 'ok' : 'ko'
 	);
 }
 
@@ -612,12 +590,6 @@ function printStep1() {
 	<p class="alert alert-error"><span class="alert-head"><?php echo _t('gen.short.damn'); ?></span> <?php echo _t('install.check.favicons.nok', DATA_PATH . '/favicons'); ?></p>
 	<?php } ?>
 
-	<?php if ($res['persona'] == 'ok') { ?>
-	<p class="alert alert-success"><span class="alert-head"><?php echo _t('gen.short.ok'); ?></span> <?php echo _t('install.check.persona.ok'); ?></p>
-	<?php } else { ?>
-	<p class="alert alert-error"><span class="alert-head"><?php echo _t('gen.short.damn'); ?></span> <?php echo _t('install.check.persona.nok', DATA_PATH . '/persona'); ?></p>
-	<?php } ?>
-
 	<?php if ($res['http_referer'] == 'ok') { ?>
 	<p class="alert alert-success"><span class="alert-head"><?php echo _t('gen.short.ok'); ?></span> <?php echo _t('install.check.http_referer.ok'); ?></p>
 	<?php } else { ?>
@@ -673,12 +645,11 @@ function printStep2() {
 				<select id="auth_type" name="auth_type" required="required" tabindex="4">
 					<?php
 						function no_auth($auth_type) {
-							return !in_array($auth_type, array('form', 'persona', 'http_auth', 'none'));
+							return !in_array($auth_type, array('form', 'http_auth', 'none'));
 						}
 						$auth_type = isset($_SESSION['auth_type']) ? $_SESSION['auth_type'] : '';
 					?>
 					<option value="form"<?php echo $auth_type === 'form' || (no_auth($auth_type) && cryptAvailable()) ? ' selected="selected"' : '', cryptAvailable() ? '' : ' disabled="disabled"'; ?>><?php echo _t('install.auth.form'); ?></option>
-					<option value="persona"<?php echo $auth_type === 'persona' ? ' selected="selected"' : ''; ?>><?php echo _t('install.auth.persona'); ?></option>
 					<option value="http_auth"<?php echo $auth_type === 'http_auth' ? ' selected="selected"' : '', httpAuthUser() == '' ? ' disabled="disabled"' : ''; ?>><?php echo _t('install.auth.http'); ?>(REMOTE_USER = '<?php echo httpAuthUser(); ?>')</option>
 					<option value="none"<?php echo $auth_type === 'none' || (no_auth($auth_type) && !cryptAvailable()) ? ' selected="selected"' : ''; ?>><?php echo _t('install.auth.none'); ?></option>
 				</select>
@@ -697,14 +668,6 @@ function printStep2() {
 			</div>
 		</div>
 
-		<div class="form-group">
-			<label class="group-name" for="mail_login"><?php echo _t('install.auth.email_persona'); ?></label>
-			<div class="group-controls">
-				<input type="email" id="mail_login" name="mail_login" value="<?php echo isset($_SESSION['mail_login']) ? $_SESSION['mail_login'] : ''; ?>" placeholder="alice@example.net" <?php echo $auth_type === 'persona' ? ' required="required"' : ''; ?> tabindex="6"/>
-				<noscript><b><?php echo _t('gen.js.should_be_activated'); ?></b></noscript>
-			</div>
-		</div>
-
 		<div class="form-group form-actions">
 			<div class="group-controls">
 				<button type="submit" class="btn btn-important" tabindex="7" ><?php echo _t('gen.action.submit'); ?></button>
diff --git a/app/views/auth/index.phtml b/app/views/auth/index.phtml
index 8e4df8c2c..8f81ac856 100644
--- a/app/views/auth/index.phtml
+++ b/app/views/auth/index.phtml
@@ -10,11 +10,10 @@
 			<label class="group-name" for="auth_type"><?php echo _t('admin.auth.type'); ?></label>
 			<div class="group-controls">
 				<select id="auth_type" name="auth_type" required="required" data-leave-validation="<?php echo FreshRSS_Context::$system_conf->auth_type; ?>">
-					<?php if (!in_array(FreshRSS_Context::$system_conf->auth_type, array('form', 'persona', 'http_auth', 'none'))) { ?>
+					<?php if (!in_array(FreshRSS_Context::$system_conf->auth_type, array('form', 'http_auth', 'none'))) { ?>
 						<option selected="selected"></option>
 					<?php } ?>
 					<option value="form"<?php echo FreshRSS_Context::$system_conf->auth_type === 'form' ? ' selected="selected"' : '', cryptAvailable() ? '' : ' disabled="disabled"'; ?>><?php echo _t('admin.auth.form'); ?></option>
-					<option value="persona"<?php echo FreshRSS_Context::$system_conf->auth_type === 'persona' ? ' selected="selected"' : '', FreshRSS_Context::$user_conf->mail_login == '' ? ' disabled="disabled"' : ''; ?>><?php echo _t('admin.auth.persona'); ?></option>
 					<option value="http_auth"<?php echo FreshRSS_Context::$system_conf->auth_type === 'http_auth' ? ' selected="selected"' : '', httpAuthUser() == '' ? ' disabled="disabled"' : ''; ?>><?php echo _t('admin.auth.http'); ?> (REMOTE_USER = '<?php echo httpAuthUser(); ?>')</option>
 					<option value="none"<?php echo FreshRSS_Context::$system_conf->auth_type === 'none' ? ' selected="selected"' : ''; ?>><?php echo _t('admin.auth.none'); ?></option>
 				</select>
diff --git a/app/views/auth/personaLogin.phtml b/app/views/auth/personaLogin.phtml
deleted file mode 100644
index c6d738bf6..000000000
--- a/app/views/auth/personaLogin.phtml
+++ /dev/null
@@ -1,28 +0,0 @@
-<?php if ($this->res === false) { ?>
-<div class="prompt">
-	<h1><?php echo _t('gen.auth.login'); ?></h1>
-
-	<?php if (!max_registrations_reached()) { ?>
-		<a href="<?php echo _url('auth', 'register'); ?>"><?php echo _t('gen.auth.registration.ask'); ?></a>
-	<?php } ?>
-
-	<p>
-		<a class="signin btn btn-important" href="<?php echo _url('auth', 'login'); ?>">
-			<?php echo _i('login'); ?> <?php echo _t('gen.auth.login_persona'); ?>
-		</a>
-
-		<br /><br />
-
-		<?php echo _i('help'); ?>
-		<small>
-			<a href="<?php echo _url('auth', 'reset'); ?>"><?php echo _t('gen.auth.login_persona_problem'); ?></a>
-		</small>
-	</p>
-
-	<p><a href="<?php echo _url('index', 'about'); ?>"><?php echo _t('gen.freshrss.about'); ?></a></p>
-</div>
-<?php
-} else {
-	echo json_encode($this->res);
-}
-?>
diff --git a/app/views/auth/register.phtml b/app/views/auth/register.phtml
index 306679601..0c261319a 100644
--- a/app/views/auth/register.phtml
+++ b/app/views/auth/register.phtml
@@ -16,11 +16,6 @@
             <noscript><b><?php echo _t('gen.js.should_be_activated'); ?></b></noscript>
         </div>
 
-        <div>
-            <label class="group-name" for="new_user_email"><?php echo _t('gen.auth.email'); ?></label>
-            <input type="email" id="new_user_email" name="new_user_email" class="extend" required="required" autocomplete="off" />
-        </div>
-
         <div>
             <?php
                 $redirect_url = urlencode(Minz_Url::display(
diff --git a/app/views/auth/reset.phtml b/app/views/auth/reset.phtml
deleted file mode 100644
index 9c820c7c8..000000000
--- a/app/views/auth/reset.phtml
+++ /dev/null
@@ -1,33 +0,0 @@
-<div class="prompt">
-	<h1><?php echo _t('gen.auth.reset'); ?></h1>
-
-	<?php if (!empty($this->message)) { ?>
-	<p class="alert <?php echo $this->message['status'] === 'bad' ? 'alert-error' : 'alert-warn'; ?>">
-		<span class="alert-head"><?php echo $this->message['title']; ?></span><br />
-		<?php echo $this->message['body']; ?>
-	</p>
-	<?php } ?>
-
-	<?php if (!$this->no_form) { ?>
-	<form id="crypto-form" method="post" action="<?php echo _url('auth', 'reset'); ?>">
-		<p class="alert alert-warn">
-			<span class="alert-head"><?php echo _t('gen.short.attention'); ?></span><br />
-			<?php echo _t('gen.auth.will_reset'); ?>
-		</p>
-
-		<div>
-			<label for="username"><?php echo _t('gen.auth.username.admin'); ?></label>
-			<input type="text" id="username" name="username" size="16" required="required" maxlength="16" pattern="[0-9a-zA-Z]{1,16}" autofocus="autofocus" />
-		</div>
-		<div>
-			<label for="passwordPlain"><?php echo _t('gen.auth.password'); ?></label>
-				<input type="password" id="passwordPlain" required="required" />
-				<input type="hidden" id="challenge" name="challenge" /><br />
-				<noscript><strong><?php echo _t('gen.js.should_be_activated'); ?></strong></noscript>
-		</div>
-		<div>
-			<button id="loginButton" type="submit" class="btn btn-important"><?php echo _t('gen.action.submit'); ?></button>
-		</div>
-	</form>
-	<?php } ?>
-</div>
diff --git a/app/views/helpers/javascript_vars.phtml b/app/views/helpers/javascript_vars.phtml
index 6178cacf2..1aa43a207 100644
--- a/app/views/helpers/javascript_vars.phtml
+++ b/app/views/helpers/javascript_vars.phtml
@@ -1,6 +1,5 @@
 <?php
 $mark = FreshRSS_Context::$user_conf->mark_when;
-$mail = Minz_Session::param('mail', false);
 $s = FreshRSS_Context::$user_conf->shortcuts;
 echo htmlspecialchars(json_encode(array(
 	'context' => array(
@@ -16,7 +15,6 @@ echo htmlspecialchars(json_encode(array(
 		'sticky_post' => !!FreshRSS_Context::isStickyPostEnabled(),
 		'html5_notif_timeout' => FreshRSS_Context::$user_conf->html5_notif_timeout,
 		'auth_type' => FreshRSS_Context::$system_conf->auth_type,
-		'current_user_mail' => $mail ? ('"' . $mail . '"') : null,
 		'current_view' => Minz_Request::actionName(),
 	),
 	'shortcuts' => array(
diff --git a/app/views/user/manage.phtml b/app/views/user/manage.phtml
index fe1b6618b..e48841d9b 100644
--- a/app/views/user/manage.phtml
+++ b/app/views/user/manage.phtml
@@ -37,14 +37,6 @@
 			</div>
 		</div>
 
-		<div class="form-group">
-			<label class="group-name" for="new_user_email"><?php echo _t('admin.user.email_persona'); ?></label>
-			<?php $mail = FreshRSS_Context::$user_conf->mail_login; ?>
-			<div class="group-controls">
-				<input type="email" id="new_user_email" name="new_user_email" class="extend" autocomplete="off" placeholder="alice@example.net" />
-			</div>
-		</div>
-
 		<div class="form-group form-actions">
 			<div class="group-controls">
 				<button type="submit" class="btn btn-important"><?php echo _t('gen.action.create'); ?></button>
diff --git a/app/views/user/profile.phtml b/app/views/user/profile.phtml
index 7ae2c7ede..e96b5aa32 100644
--- a/app/views/user/profile.phtml
+++ b/app/views/user/profile.phtml
@@ -41,15 +41,6 @@
 		</div>
 		<?php } ?>
 
-		<div class="form-group">
-			<label class="group-name" for="mail_login"><?php echo _t('conf.profile.email_persona'); ?></label>
-			<?php $mail = FreshRSS_Context::$user_conf->mail_login; ?>
-			<div class="group-controls">
-				<input type="email" id="mail_login" name="mail_login" class="extend" autocomplete="off" value="<?php echo $mail; ?>" <?php echo FreshRSS_Auth::hasAccess('admin') ? '' : 'disabled="disabled"'; ?> placeholder="alice@example.net" />
-				<noscript><b><?php echo _t('gen.js.should_be_activated'); ?></b></noscript>
-			</div>
-		</div>
-
 		<div class="form-group form-actions">
 			<div class="group-controls">
 				<button type="submit" class="btn btn-important"><?php echo _t('gen.action.submit'); ?></button>
diff --git a/data/config.default.php b/data/config.default.php
index cae15330f..be3fa8ae2 100644
--- a/data/config.default.php
+++ b/data/config.default.php
@@ -40,7 +40,6 @@ return array(
 	# Login method:
 	#	`none` is without password and shows only the default user;
 	#	`form` is a conventional Web login form;
-	#	`persona` is the email-based login by Mozilla;
 	#	`http_auth` is an access controled by the HTTP Web server (e.g. `/FreshRSS/p/i/.htaccess` for Apache)
 	#		if you use `http_auth`, remember to protect only `/FreshRSS/p/i/`,
 	#		and in particular not protect `/FreshRSS/p/api/` if you would like to use the API (different login system).
diff --git a/data/users/_/config.default.php b/data/users/_/config.default.php
index 8f8ff528c..4a3403453 100644
--- a/data/users/_/config.default.php
+++ b/data/users/_/config.default.php
@@ -5,7 +5,6 @@ return array (
 	'old_entries' => 3,
 	'keep_history_default' => 0,
 	'ttl_default' => 3600,
-	'mail_login' => '',
 	'token' => '',
 	'passwordHash' => '',
 	'apiPasswordHash' => '',
diff --git a/lib/lib_rss.php b/lib/lib_rss.php
index f89baf9b1..8196f7847 100644
--- a/lib/lib_rss.php
+++ b/lib/lib_rss.php
@@ -440,7 +440,6 @@ function check_install_files() {
 		'cache' => CACHE_PATH && is_writable(CACHE_PATH),
 		'users' => USERS_PATH && is_writable(USERS_PATH),
 		'favicons' => is_writable(DATA_PATH . '/favicons'),
-		'persona' => is_writable(DATA_PATH . '/persona'),
 		'tokens' => is_writable(DATA_PATH . '/tokens'),
 	);
 }
diff --git a/p/scripts/install.js b/p/scripts/install.js
index 9a49e6031..57fc2450a 100644
--- a/p/scripts/install.js
+++ b/p/scripts/install.js
@@ -24,18 +24,12 @@ function auth_type_change() {
 	var auth_type = document.getElementById('auth_type');
 	if (auth_type) {
 		var auth_value = auth_type.value,
-			password_input = document.getElementById('passwordPlain'),
-			mail_input = document.getElementById('mail_login');
+			password_input = document.getElementById('passwordPlain');
 
 		if (auth_value === 'form') {
 			password_input.required = true;
-			mail_input.required = false;
-		} else if (auth_value === 'persona') {
-			password_input.required = false;
-			mail_input.required = true;
 		} else {
 			password_input.required = false;
-			mail_input.required = false;
 		}
 	}
 }
diff --git a/p/scripts/persona.js b/p/scripts/persona.js
deleted file mode 100644
index 63ab43795..000000000
--- a/p/scripts/persona.js
+++ /dev/null
@@ -1,76 +0,0 @@
-"use strict";
-
-function init_persona() {
-	if (!(navigator.id && window.$ && window.url)) {
-		if (window.console) {
-			console.log('FreshRSS (Persona) waiting for JS…');
-		}
-		window.setTimeout(init_persona, 100);
-		return;
-	}
-
-	$('a.signin').click(function() {
-		navigator.id.request();
-		return false;
-	});
-
-	$('a.signout').click(function() {
-		navigator.id.logout();
-		return false;
-	});
-
-	navigator.id.watch({
-		loggedInUser: context['current_user_mail'],
-
-		onlogin: function(assertion) {
-			// A user has logged in! Here you need to:
-			// 1. Send the assertion to your backend for verification and to create a session.
-			// 2. Update your UI.
-			$.ajax ({
-				type: 'POST',
-				url: url['login'],
-				data: {assertion: assertion},
-				success: function(res, status, xhr) {
-					if (res.status === 'failure') {
-						openNotification(res.reason, 'bad');
-					} else if (res.status === 'okay') {
-						location.href = url['index'];
-					}
-				},
-				error: function(res, status, xhr) {
-					// alert(res);
-				}
-			});
-		},
-		onlogout: function() {
-			// A user has logged out! Here you need to:
-			// Tear down the user's session by redirecting the user or making a call to your backend.
-			// Also, make sure loggedInUser will get set to null on the next page load.
-			// (That's a literal JavaScript null. Not false, 0, or undefined. null.)
-			$.ajax ({
-				type: 'POST',
-				url: url['logout'],
-				success: function(res, status, xhr) {
-					location.href = url['index'];
-				},
-				error: function(res, status, xhr) {
-					// alert(res);
-				}
-			});
-		}
-	});
-}
-
-if (document.readyState && document.readyState !== 'loading') {
-	if (window.console) {
-		console.log('FreshRSS (Persona) immediate init…');
-	}
-	init_persona();
-} else if (document.addEventListener) {
-	document.addEventListener('DOMContentLoaded', function () {
-		if (window.console) {
-			console.log('FreshRSS (Persona) waiting for DOMContentLoaded…');
-		}
-		init_persona();
-	}, false);
-}
-- 
cgit v1.2.3


From f81c441920d2de087099c85f0119e823d15225c4 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Tue, 4 Oct 2016 21:06:37 +0200
Subject: Fix bug language option for new user

https://github.com/FreshRSS/FreshRSS/issues/1273
---
 app/Controllers/userController.php |  4 ++--
 app/Models/UserDAO.php             | 41 +++++++++++++++++++++++---------------
 app/views/user/manage.phtml        |  4 ++--
 3 files changed, 29 insertions(+), 20 deletions(-)

(limited to 'app/Controllers/userController.php')

diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 0521bc008..c259ffde9 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -121,7 +121,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 
 			$new_user_language = Minz_Request::param('new_user_language', FreshRSS_Context::$user_conf->language);
 			$languages = Minz_Translate::availableLanguages();
-			if (!isset($languages[$new_user_language])) {
+			if (!in_array($new_user_language, $languages)) {
 				$new_user_language = FreshRSS_Context::$user_conf->language;
 			}
 
@@ -165,7 +165,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 			}
 			if ($ok) {
 				$userDAO = new FreshRSS_UserDAO();
-				$ok &= $userDAO->createUser($new_user_name);
+				$ok &= $userDAO->createUser($new_user_name, $new_user_language);
 			}
 			invalidateHttpCache();
 
diff --git a/app/Models/UserDAO.php b/app/Models/UserDAO.php
index e35be848c..597182693 100644
--- a/app/Models/UserDAO.php
+++ b/app/Models/UserDAO.php
@@ -1,35 +1,44 @@
 <?php
 
 class FreshRSS_UserDAO extends Minz_ModelPdo {
-	public function createUser($username) {
+	public function createUser($username, $new_user_language) {
 		$db = FreshRSS_Context::$system_conf->db;
 		require_once(APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php');
 
 		$userPDO = new Minz_ModelPdo($username);
 
-		$ok = false;
-		$bd_prefix_user = $db['prefix'] . $username . '_';
-		if (defined('SQL_CREATE_TABLES')) {	//E.g. MySQL
-			$sql = sprintf(SQL_CREATE_TABLES, $bd_prefix_user, _t('gen.short.default_category'));
-			$stm = $userPDO->bd->prepare($sql);
-			$ok = $stm && $stm->execute();
-		} else {	//E.g. SQLite
-			global $SQL_CREATE_TABLES;
-			if (is_array($SQL_CREATE_TABLES)) {
-				$ok = true;
-				foreach ($SQL_CREATE_TABLES as $instruction) {
-					$sql = sprintf($instruction, $bd_prefix_user, _t('gen.short.default_category'));
-					$stm = $userPDO->bd->prepare($sql);
-					$ok &= ($stm && $stm->execute());
+		$currentLanguage = Minz_Translate::language();
+
+		try {
+			Minz_Translate::reset($new_user_language);
+			$ok = false;
+			$bd_prefix_user = $db['prefix'] . $username . '_';
+			if (defined('SQL_CREATE_TABLES')) {	//E.g. MySQL
+				$sql = sprintf(SQL_CREATE_TABLES, $bd_prefix_user, _t('gen.short.default_category'));
+				$stm = $userPDO->bd->prepare($sql);
+				$ok = $stm && $stm->execute();
+			} else {	//E.g. SQLite
+				global $SQL_CREATE_TABLES;
+				if (is_array($SQL_CREATE_TABLES)) {
+					$ok = true;
+					foreach ($SQL_CREATE_TABLES as $instruction) {
+						$sql = sprintf($instruction, $bd_prefix_user, _t('gen.short.default_category'));
+						$stm = $userPDO->bd->prepare($sql);
+						$ok &= ($stm && $stm->execute());
+					}
 				}
 			}
+		} catch (Exception $e) {
+			Minz_Log::error('Error while creating user: ' . $e->getMessage());
 		}
 
+		Minz_Translate::reset($currentLanguage);
+
 		if ($ok) {
 			return true;
 		} else {
 			$info = empty($stm) ? array(2 => 'syntax error') : $stm->errorInfo();
-			Minz_Log::error('SQL error : ' . $info[2]);
+			Minz_Log::error('SQL error: ' . $info[2]);
 			return false;
 		}
 	}
diff --git a/app/views/user/manage.phtml b/app/views/user/manage.phtml
index aab3aa4c4..a32247d14 100644
--- a/app/views/user/manage.phtml
+++ b/app/views/user/manage.phtml
@@ -3,7 +3,7 @@
 <div class="post">
 	<a href="<?php echo _url('index', 'index'); ?>"><?php echo _t('gen.action.back_to_rss_feeds'); ?></a>
 
-	<form method="post" action="<?php echo _url('user', 'create'); ?>">
+	<form method="post" action="<?php echo _url('user', 'create'); ?>" autocomplete="off">
 		<input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
 		<legend><?php echo _t('admin.user.create'); ?></legend>
 
@@ -30,7 +30,7 @@
 			<label class="group-name" for="new_user_passwordPlain"><?php echo _t('admin.user.password_form'); ?></label>
 			<div class="group-controls">
 				<div class="stick">
-					<input type="password" id="new_user_passwordPlain" name="new_user_passwordPlain" autocomplete="off" pattern=".{7,}" />
+					<input type="password" id="new_user_passwordPlain" name="new_user_passwordPlain" autocomplete="new-password" pattern=".{7,}" />
 					<a class="btn toggle-password" data-toggle="new_user_passwordPlain"><?php echo _i('key'); ?></a>
 				</div>
 				<?php echo _i('help'); ?> <?php echo _t('admin.user.password_format'); ?>
-- 
cgit v1.2.3


From e1f214e9e2e09a83a9920e33fbf617dfe48fbb7e Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sat, 22 Oct 2016 12:58:06 +0200
Subject: CLI list-users and create-user

https://github.com/FreshRSS/FreshRSS/issues/1095
https://github.com/FreshRSS/FreshRSS/issues/1090
---
 app/Controllers/userController.php | 125 +++++++++++++++++++------------------
 app/Models/Context.php             |   2 +-
 app/Models/Feed.php                |   2 +-
 app/actualize_script.php           |   4 +-
 cli/.htaccess                      |   3 +
 cli/_cli.php                       |  39 ++++++++++++
 cli/create-user.php                |  41 ++++++++++++
 cli/index.html                     |  13 ++++
 cli/list-users.php                 |  14 +++++
 lib/lib_rss.php                    |   9 ++-
 10 files changed, 184 insertions(+), 68 deletions(-)
 create mode 100644 cli/.htaccess
 create mode 100644 cli/_cli.php
 create mode 100644 cli/create-user.php
 create mode 100644 cli/index.html
 create mode 100644 cli/list-users.php

(limited to 'app/Controllers/userController.php')

diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index c259ffde9..f880b951d 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -24,6 +24,16 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		}
 	}
 
+	private static function hashPassword($passwordPlain) {
+		if (!function_exists('password_hash')) {
+			include_once(LIB_PATH . '/password_compat.php');
+		}
+		$passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => self::BCRYPT_COST));
+		$passwordPlain = '';
+		$passwordHash = preg_replace('/^\$2[xy]\$/', '\$2a\$', $passwordHash);	//Compatibility with bcrypt.js
+		return $passwordHash == '' ? '' : $passwordHash;
+	}
+
 	/**
 	 * This action displays the user profile page.
 	 */
@@ -41,12 +51,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 			if ($passwordPlain != '') {
 				Minz_Request::_param('newPasswordPlain');	//Discard plain-text password ASAP
 				$_POST['newPasswordPlain'] = '';
-				if (!function_exists('password_hash')) {
-					include_once(LIB_PATH . '/password_compat.php');
-				}
-				$passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => self::BCRYPT_COST));
-				$passwordPlain = '';
-				$passwordHash = preg_replace('/^\$2[xy]\$/', '\$2a\$', $passwordHash);	//Compatibility with bcrypt.js
+				$passwordHash = self::hashPassword($passwordPlain);
 				$ok &= ($passwordHash != '');
 				FreshRSS_Context::$user_conf->passwordHash = $passwordHash;
 			}
@@ -54,12 +59,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 
 			$passwordPlain = Minz_Request::param('apiPasswordPlain', '', true);
 			if ($passwordPlain != '') {
-				if (!function_exists('password_hash')) {
-					include_once(LIB_PATH . '/password_compat.php');
-				}
-				$passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => self::BCRYPT_COST));
-				$passwordPlain = '';
-				$passwordHash = preg_replace('/^\$2[xy]\$/', '\$2a\$', $passwordHash);	//Compatibility with bcrypt.js
+				$passwordHash = self::hashPassword($passwordPlain);
 				$ok &= ($passwordHash != '');
 				FreshRSS_Context::$user_conf->apiPasswordHash = $passwordHash;
 			}
@@ -99,6 +99,53 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		$this->view->size_user = $entryDAO->size();
 	}
 
+	public static function createUser($new_user_name, $passwordPlain, $apiPasswordPlain, $userConfig = array()) {
+		if (!is_array($userConfig)) {
+			$userConfig = array();
+		}
+
+		$ok = ($new_user_name != '') && ctype_alnum($new_user_name);
+
+		if ($ok) {
+			$languages = Minz_Translate::availableLanguages();
+			if (empty($userConfig['language']) || !in_array($userConfig['language'], $languages)) {
+				$userConfig['language'] = 'en';
+			}
+
+			$default_user = FreshRSS_Context::$system_conf->default_user;
+			$ok &= (strcasecmp($new_user_name, $default_user) !== 0);	//It is forbidden to alter the default user
+
+			$ok &= !in_array(strtoupper($new_user_name), array_map('strtoupper', listUsers()));	//Not an existing user, case-insensitive
+
+			$configPath = join_path(DATA_PATH, 'users', $new_user_name, 'config.php');
+			$ok &= !file_exists($configPath);
+		}
+		if ($ok) {
+			$passwordHash = '';
+			if ($passwordPlain != '') {
+				$passwordHash = self::hashPassword($passwordPlain);
+				$ok &= ($passwordHash != '');
+			}
+
+			$apiPasswordHash = '';
+			if ($apiPasswordPlain != '') {
+				$apiPasswordHash = self::hashPassword($apiPasswordPlain);
+				$ok &= ($apiPasswordHash != '');
+			}
+		}
+		if ($ok) {
+			mkdir(join_path(DATA_PATH, 'users', $new_user_name));
+			$userConfig['passwordHash'] = $passwordHash;
+			$userConfig['apiPasswordHash'] = $apiPasswordHash;
+			$ok &= (file_put_contents($configPath, "<?php\n return " . var_export($userConfig, true) . ';') !== false);
+		}
+		if ($ok) {
+			$userDAO = new FreshRSS_UserDAO();
+			$ok &= $userDAO->createUser($new_user_name, $userConfig['language']);
+		}
+		return $ok;
+	}
+
 	/**
 	 * This action creates a new user.
 	 *
@@ -116,57 +163,13 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 				FreshRSS_Auth::hasAccess('admin') ||
 				!max_registrations_reached()
 		)) {
-			$db = FreshRSS_Context::$system_conf->db;
-			require_once(APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php');
-
-			$new_user_language = Minz_Request::param('new_user_language', FreshRSS_Context::$user_conf->language);
-			$languages = Minz_Translate::availableLanguages();
-			if (!in_array($new_user_language, $languages)) {
-				$new_user_language = FreshRSS_Context::$user_conf->language;
-			}
-
 			$new_user_name = Minz_Request::param('new_user_name');
-			$ok = ($new_user_name != '') && ctype_alnum($new_user_name);
-
-			if ($ok) {
-				$default_user = FreshRSS_Context::$system_conf->default_user;
-				$ok &= (strcasecmp($new_user_name, $default_user) !== 0);	//It is forbidden to alter the default user
-
-				$ok &= !in_array(strtoupper($new_user_name), array_map('strtoupper', listUsers()));	//Not an existing user, case-insensitive
+			$passwordPlain = Minz_Request::param('new_user_passwordPlain', '', true);
+			$new_user_language = Minz_Request::param('new_user_language', FreshRSS_Context::$user_conf->language);
 
-				$configPath = join_path(DATA_PATH, 'users', $new_user_name, 'config.php');
-				$ok &= !file_exists($configPath);
-			}
-			if ($ok) {
-				$passwordPlain = Minz_Request::param('new_user_passwordPlain', '', true);
-				$passwordHash = '';
-				if ($passwordPlain != '') {
-					Minz_Request::_param('new_user_passwordPlain');	//Discard plain-text password ASAP
-					$_POST['new_user_passwordPlain'] = '';
-					if (!function_exists('password_hash')) {
-						include_once(LIB_PATH . '/password_compat.php');
-					}
-					$passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => self::BCRYPT_COST));
-					$passwordPlain = '';
-					$passwordHash = preg_replace('/^\$2[xy]\$/', '\$2a\$', $passwordHash);	//Compatibility with bcrypt.js
-					$ok &= ($passwordHash != '');
-				}
-				if (empty($passwordHash)) {
-					$passwordHash = '';
-				}
-			}
-			if ($ok) {
-				mkdir(join_path(DATA_PATH, 'users', $new_user_name));
-				$config_array = array(
-					'language' => $new_user_language,
-					'passwordHash' => $passwordHash,
-				);
-				$ok &= (file_put_contents($configPath, "<?php\n return " . var_export($config_array, true) . ';') !== false);
-			}
-			if ($ok) {
-				$userDAO = new FreshRSS_UserDAO();
-				$ok &= $userDAO->createUser($new_user_name, $new_user_language);
-			}
+			$ok = self::createUser($new_user_name, $passwordPlain, '', array('language' => $new_user_language));
+			Minz_Request::_param('new_user_passwordPlain');	//Discard plain-text password ASAP
+			$_POST['new_user_passwordPlain'] = '';
 			invalidateHttpCache();
 
 			$notif = array(
diff --git a/app/Models/Context.php b/app/Models/Context.php
index fe4fa6281..fd0e79fc1 100644
--- a/app/Models/Context.php
+++ b/app/Models/Context.php
@@ -37,7 +37,7 @@ class FreshRSS_Context {
 	public static $id_max = '';
 	public static $sinceHours = 0;
 
-	public static $isCron = false;
+	public static $isCli = false;
 
 	/**
 	 * Initialize the context.
diff --git a/app/Models/Feed.php b/app/Models/Feed.php
index 55c2db4d6..97cb1c47e 100644
--- a/app/Models/Feed.php
+++ b/app/Models/Feed.php
@@ -141,7 +141,7 @@ class FreshRSS_Feed extends Minz_Model {
 		if (!file_exists($txt)) {
 			file_put_contents($txt, $url);
 		}
-		if (FreshRSS_Context::$isCron) {
+		if (FreshRSS_Context::$isCli) {
 			$ico = $favicons_dir . $this->hash() . '.ico';
 			$ico_mtime = @filemtime($ico);
 			$txt_mtime = @filemtime($txt);
diff --git a/app/actualize_script.php b/app/actualize_script.php
index 78712d721..deaa1bf7c 100755
--- a/app/actualize_script.php
+++ b/app/actualize_script.php
@@ -28,13 +28,13 @@ $app = new FreshRSS();
 
 $system_conf = Minz_Configuration::get('system');
 $system_conf->auth_type = 'none';  // avoid necessity to be logged in (not saved!)
-FreshRSS_Context::$isCron = true;
+FreshRSS_Context::$isCli = true;
 
 // Create the list of users to actualize.
 // Users are processed in a random order but always start with admin
 $users = listUsers();
 shuffle($users);
-if ($system_conf->default_user !== ''){
+if ($system_conf->default_user !== '') {
 	array_unshift($users, $system_conf->default_user);
 	$users = array_unique($users);
 }
diff --git a/cli/.htaccess b/cli/.htaccess
new file mode 100644
index 000000000..9e768397d
--- /dev/null
+++ b/cli/.htaccess
@@ -0,0 +1,3 @@
+Order	Allow,Deny
+Deny	from all
+Satisfy	all
diff --git a/cli/_cli.php b/cli/_cli.php
new file mode 100644
index 000000000..cb6d8ec32
--- /dev/null
+++ b/cli/_cli.php
@@ -0,0 +1,39 @@
+<?php
+if (php_sapi_name() !== 'cli') {
+	die('FreshRSS error: This PHP script may only be invoked from command line!');
+}
+
+require(dirname(__FILE__) . '/../constants.php');
+require(LIB_PATH . '/lib_rss.php');
+
+Minz_Configuration::register('system',
+	DATA_PATH . '/config.php',
+	DATA_PATH . '/config.default.php');
+FreshRSS_Context::$system_conf = Minz_Configuration::get('system');
+Minz_Translate::init();
+
+FreshRSS_Context::$isCli = true;
+
+function fail($message) {
+	fwrite(STDERR, $message . "\n");
+	die(1);
+}
+
+function cliInitUser($username) {
+	if (!ctype_alnum($username)) {
+		fail('FreshRSS error: invalid username: ' . $username . "\n");
+	}
+
+	$usernames = listUsers();
+	if (!in_array($username, $usernames)) {
+		fail('FreshRSS error: user not found: ' . $username . "\n");
+	}
+
+	FreshRSS_Context::$user_conf = get_user_configuration($username);
+	if (FreshRSS_Context::$user_conf == null) {
+		fail('FreshRSS error: invalid configuration for user: ' . $username . "\n");
+	}
+	new Minz_ModelPdo($username);
+
+	return $username;
+}
diff --git a/cli/create-user.php b/cli/create-user.php
new file mode 100644
index 000000000..08c057af8
--- /dev/null
+++ b/cli/create-user.php
@@ -0,0 +1,41 @@
+#!/usr/bin/php
+<?php
+require('_cli.php');
+
+$options = getopt('', array(
+		'user:',
+		'password::',
+		'api-password::',
+		'language::',
+		'email::',
+		'token::',
+	));
+
+if (empty($options['user'])) {
+	fail('Usage: ' . basename(__FILE__) . " --user=username --password='password' --api-password='api_password'" .
+		" --language=en --email=user@example.net --token='longRandomString'");
+}
+$new_user_name = $options['user'];
+if (!ctype_alnum($new_user_name)) {
+	fail('FreshRSS error: invalid username “' . $new_user_name . '”');
+}
+
+$usernames = listUsers();
+if (preg_grep("/^$new_user_name$/i", $usernames)) {
+	fail('FreshRSS error: username already taken “' . $new_user_name . '”');
+}
+
+echo 'FreshRSS creating user “', $new_user_name, "”…\n";
+
+$ok = FreshRSS_user_Controller::createUser($new_user_name,
+	empty($options['password']) ? '' : $options['password'],
+	empty($options['api-password']) ? '' : $options['api-password'],
+	array(
+		'language' => empty($options['language']) ? '' : $options['language'],
+		'token' => empty($options['token']) ? '' : $options['token'],
+	));
+
+invalidateHttpCache(FreshRSS_Context::$system_conf->default_user);
+
+echo 'Result: ', ($ok ? 'success' : 'fail'), ".\n";
+exit($ok ? 0 : 1);
diff --git a/cli/index.html b/cli/index.html
new file mode 100644
index 000000000..85faaa37e
--- /dev/null
+++ b/cli/index.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-GB" lang="en-GB">
+<head>
+<meta charset="UTF-8" />
+<meta http-equiv="Refresh" content="0; url=/" />
+<title>Redirection</title>
+<meta name="robots" content="noindex" />
+</head>
+
+<body>
+<p><a href="/">Redirection</a></p>
+</body>
+</html>
diff --git a/cli/list-users.php b/cli/list-users.php
new file mode 100644
index 000000000..cc1cf5269
--- /dev/null
+++ b/cli/list-users.php
@@ -0,0 +1,14 @@
+#!/usr/bin/php
+<?php
+require('_cli.php');
+
+$users = listUsers();
+sort($users);
+if ($system_conf->default_user !== '') {
+	array_unshift($users, $system_conf->default_user);
+	$users = array_unique($users);
+}
+
+foreach ($users as $user) {
+	echo $user, "\n";
+}
diff --git a/lib/lib_rss.php b/lib/lib_rss.php
index 75046fd54..143b55bee 100644
--- a/lib/lib_rss.php
+++ b/lib/lib_rss.php
@@ -282,9 +282,12 @@ function uSecString() {
 	return str_pad($t['usec'], 6, '0');
 }
 
-function invalidateHttpCache() {
-	Minz_Session::_param('touch', uTimeString());
-	return touch(join_path(DATA_PATH, 'users', Minz_Session::param('currentUser', '_'), 'log.txt'));
+function invalidateHttpCache($username = '') {
+	if (($username == '') || (!ctype_alnum($username))) {
+		Minz_Session::_param('touch', uTimeString());
+		$username = Minz_Session::param('currentUser', '_');
+	}
+	return touch(join_path(DATA_PATH, 'users', $username, 'log.txt'));
 }
 
 function listUsers() {
-- 
cgit v1.2.3


From 5b1b43ab57da6a7bc1599c224d47455b2e56d53d Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sat, 22 Oct 2016 20:32:16 +0200
Subject: CLI delete user https://github.com/FreshRSS/FreshRSS/issues/1095

---
 app/Controllers/userController.php | 39 ++++++++++++++++++++++----------------
 cli/delete-user.php                | 33 ++++++++++++++++++++++++++++++++
 2 files changed, 56 insertions(+), 16 deletions(-)
 create mode 100755 cli/delete-user.php

(limited to 'app/Controllers/userController.php')

diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index f880b951d..2f04c7a1d 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -186,6 +186,27 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		Minz_Request::forward($redirect_url, true);
 	}
 
+	public static function deleteUser($username) {
+		$db = FreshRSS_Context::$system_conf->db;
+		require_once(APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php');
+
+		$ok = ctype_alnum($username);
+		if ($ok) {
+			$default_user = FreshRSS_Context::$system_conf->default_user;
+			$ok &= (strcasecmp($username, $default_user) !== 0);	//It is forbidden to delete the default user
+		}
+		$user_data = join_path(DATA_PATH, 'users', $username);
+		if ($ok) {
+			$ok &= is_dir($user_data);
+		}
+		if ($ok) {
+			$userDAO = new FreshRSS_UserDAO();
+			$ok &= $userDAO->deleteUser($username);
+			$ok &= recursive_unlink($user_data);
+		}
+		return $ok;
+	}
+
 	/**
 	 * This action delete an existing user.
 	 *
@@ -207,16 +228,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 				FreshRSS_Auth::hasAccess('admin') ||
 				$self_deletion
 		)) {
-			$db = FreshRSS_Context::$system_conf->db;
-			require_once(APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php');
-
-			$ok = ctype_alnum($username);
-			$user_data = join_path(DATA_PATH, 'users', $username);
-
-			if ($ok) {
-				$default_user = FreshRSS_Context::$system_conf->default_user;
-				$ok &= (strcasecmp($username, $default_user) !== 0);	//It is forbidden to delete the default user
-			}
+			$ok = true;
 			if ($ok && $self_deletion) {
 				// We check the password if it's a self-destruction
 				$nonce = Minz_Session::param('nonce');
@@ -228,12 +240,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 				);
 			}
 			if ($ok) {
-				$ok &= is_dir($user_data);
-			}
-			if ($ok) {
-				$userDAO = new FreshRSS_UserDAO();
-				$ok &= $userDAO->deleteUser($username);
-				$ok &= recursive_unlink($user_data);
+				$ok &= self::deleteUser($username);
 			}
 			if ($ok && $self_deletion) {
 				FreshRSS_Auth::removeAccess();
diff --git a/cli/delete-user.php b/cli/delete-user.php
new file mode 100755
index 000000000..46332fe34
--- /dev/null
+++ b/cli/delete-user.php
@@ -0,0 +1,33 @@
+#!/usr/bin/php
+<?php
+require('_cli.php');
+
+$options = getopt('', array(
+		'user:',
+	));
+
+if (empty($options['user'])) {
+	fail('Usage: ' . basename(__FILE__) . " --user=username");
+}
+$username = $options['user'];
+if (!ctype_alnum($username)) {
+	fail('FreshRSS error: invalid username “' . $username . '”');
+}
+
+$usernames = listUsers();
+if (!preg_grep("/^$username$/i", $usernames)) {
+	fail('FreshRSS error: username not found “' . $username . '”');
+}
+
+if (strcasecmp($username, FreshRSS_Context::$system_conf->default_user) === 0) {
+	fail('FreshRSS error: default user must not be deleted: “' . $username . '”');
+}
+
+echo 'FreshRSS deleting user “', $username, "”…\n";
+
+$ok = FreshRSS_user_Controller::deleteUser($username);
+
+invalidateHttpCache(FreshRSS_Context::$system_conf->default_user);
+
+echo 'Result: ', ($ok ? 'success' : 'fail'), ".\n";
+exit($ok ? 0 : 1);
-- 
cgit v1.2.3


From ab4ece6780cf841f6ce4e89f7b81a1ff1661f615 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Mon, 24 Oct 2016 01:41:09 +0200
Subject: CLI do-install

https://github.com/FreshRSS/FreshRSS/issues/1095
https://github.com/FreshRSS/FreshRSS/issues/1090
---
 app/Controllers/userController.php |   5 +-
 app/install.php                    | 161 +++++++------------------------------
 cli/_cli.php                       |   7 +-
 cli/create-user.php                |  10 ++-
 cli/do-install.php                 | 102 +++++++++++++++++++++++
 lib/lib_install.php                | 115 ++++++++++++++++++++++++++
 6 files changed, 260 insertions(+), 140 deletions(-)
 create mode 100644 cli/do-install.php
 create mode 100644 lib/lib_install.php

(limited to 'app/Controllers/userController.php')

diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 2f04c7a1d..9dee16e8c 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -24,7 +24,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		}
 	}
 
-	private static function hashPassword($passwordPlain) {
+	public static function hashPassword($passwordPlain) {
 		if (!function_exists('password_hash')) {
 			include_once(LIB_PATH . '/password_compat.php');
 		}
@@ -112,9 +112,6 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 				$userConfig['language'] = 'en';
 			}
 
-			$default_user = FreshRSS_Context::$system_conf->default_user;
-			$ok &= (strcasecmp($new_user_name, $default_user) !== 0);	//It is forbidden to alter the default user
-
 			$ok &= !in_array(strtoupper($new_user_name), array_map('strtoupper', listUsers()));	//Not an existing user, case-insensitive
 
 			$configPath = join_path(DATA_PATH, 'users', $new_user_name, 'config.php');
diff --git a/app/install.php b/app/install.php
index 1972379e5..6956761c7 100644
--- a/app/install.php
+++ b/app/install.php
@@ -4,15 +4,12 @@ if (function_exists('opcache_reset')) {
 }
 header("Content-Security-Policy: default-src 'self'");
 
-define('BCRYPT_COST', 9);
+require(LIB_PATH . '/lib_install.php');
 
 session_name('FreshRSS');
 session_set_cookie_params(0, dirname(empty($_SERVER['REQUEST_URI']) ? '/' : dirname($_SERVER['REQUEST_URI'])), null, false, true);
 session_start();
 
-Minz_Configuration::register('default_system', join_path(DATA_PATH, 'config.default.php'));
-Minz_Configuration::register('default_user', join_path(USERS_PATH, '_', 'config.default.php'));
-
 if (isset($_GET['step'])) {
 	define('STEP',(int)$_GET['step']);
 } else {
@@ -26,13 +23,13 @@ if (STEP === 3 && isset($_POST['type'])) {
 if (isset($_SESSION['bd_type'])) {
 	switch ($_SESSION['bd_type']) {
 	case 'mysql':
-		include(APP_PATH . '/SQL/install.sql.mysql.php');
+		include_once(APP_PATH . '/SQL/install.sql.mysql.php');
 		break;
 	case 'sqlite':
-		include(APP_PATH . '/SQL/install.sql.sqlite.php');
+		include_once(APP_PATH . '/SQL/install.sql.sqlite.php');
 		break;
 	case 'pgsql':
-		include(APP_PATH . '/SQL/install.sql.pgsql.php');
+		include_once(APP_PATH . '/SQL/install.sql.pgsql.php');
 		break;
 	}
 }
@@ -131,12 +128,7 @@ function saveStep2() {
 
 		$password_plain = param('passwordPlain', false);
 		if ($password_plain !== false && cryptAvailable()) {
-			if (!function_exists('password_hash')) {
-				include_once(LIB_PATH . '/password_compat.php');
-			}
-			$passwordHash = password_hash($password_plain, PASSWORD_BCRYPT, array('cost' => BCRYPT_COST));
-			$passwordHash = preg_replace('/^\$2[xy]\$/', '\$2a\$', $passwordHash);	//Compatibility with bcrypt.js
-			$_SESSION['passwordHash'] = $passwordHash;
+			$_SESSION['passwordHash'] = FreshRSS_user_Controller::hashPassword($password_plain);
 		}
 
 		if (empty($_SESSION['old_entries']) ||
@@ -149,7 +141,7 @@ function saveStep2() {
 			return false;
 		}
 
-		$_SESSION['salt'] = sha1(uniqid(mt_rand(), true).implode('', stat(__FILE__)));
+		$_SESSION['salt'] = generateSalt();
 		if ((!ctype_digit($_SESSION['old_entries'])) ||($_SESSION['old_entries'] < 1)) {
 			$_SESSION['old_entries'] = $user_default_config->old_entries;
 		}
@@ -171,7 +163,7 @@ function saveStep2() {
 
 		recursive_unlink($user_dir);
 		mkdir($user_dir);
-		file_put_contents($user_config_path, "<?php\n return " . var_export($config_array, true) . ';');
+		file_put_contents($user_config_path, "<?php\n return " . var_export($config_array, true) . ";\n");
 
 		header('Location: index.php?step=3');
 	}
@@ -225,35 +217,29 @@ function saveStep3() {
 		);
 
 		@unlink(join_path(DATA_PATH, 'config.php'));	//To avoid access-rights problems
-		file_put_contents(join_path(DATA_PATH, 'config.php'), "<?php\n return " . var_export($config_array, true) . ';');
+		file_put_contents(join_path(DATA_PATH, 'config.php'), "<?php\n return " . var_export($config_array, true) . ";\n");
 
-		$res = checkBD();
+		$config_array['db']['default_user'] = $config_array['default_user'];
+		$ok = checkDb($config_array['db']) && checkDbUser($config_array['db']);
+		if (!$ok) {
+			@unlink(join_path(DATA_PATH, 'config.php'));
+		}
 
-		if ($res) {
+		if ($ok) {
 			$_SESSION['bd_error'] = '';
 			header('Location: index.php?step=4');
-		} elseif (empty($_SESSION['bd_error'])) {
-			$_SESSION['bd_error'] = 'Unknown error!';
+		} else {
+			$_SESSION['bd_error'] = empty(config_array['db']['bd_error']) ? 'Unknown error!' : config_array['db']['bd_error'];
 		}
 	}
 	invalidateHttpCache();
 }
 
-function deleteInstall() {
-	$res = unlink(join_path(DATA_PATH, 'do-install.txt'));
-
-	if (!$res) {
-		return false;
-	}
-
-	header('Location: index.php');
-}
-
 
 /*** VÉRIFICATIONS ***/
 function checkStep() {
 	$s0 = checkStep0();
-	$s1 = checkStep1();
+	$s1 = checkRequirements();
 	$s2 = checkStep2();
 	$s3 = checkStep3();
 	if (STEP > 0 && $s0['all'] != 'ok') {
@@ -279,49 +265,6 @@ function checkStep0() {
 	);
 }
 
-function checkStep1() {
-	$php = version_compare(PHP_VERSION, '5.3.3') >= 0;
-	$minz = file_exists(join_path(LIB_PATH, 'Minz'));
-	$curl = extension_loaded('curl');
-	$pdo_mysql = extension_loaded('pdo_mysql');
-	$pdo_sqlite = extension_loaded('pdo_sqlite');
-	$pdo_pgsql = extension_loaded('pdo_pgsql');
-	$pdo = $pdo_mysql || $pdo_sqlite || $pdo_pgsql;
-	$pcre = extension_loaded('pcre');
-	$ctype = extension_loaded('ctype');
-	$dom = class_exists('DOMDocument');
-	$xml = function_exists('xml_parser_create');
-	$json = function_exists('json_encode');
-	$data = DATA_PATH && is_writable(DATA_PATH);
-	$cache = CACHE_PATH && is_writable(CACHE_PATH);
-	$users = USERS_PATH && is_writable(USERS_PATH);
-	$favicons = is_writable(join_path(DATA_PATH, 'favicons'));
-	$http_referer = is_referer_from_same_domain();
-
-	return array(
-		'php' => $php ? 'ok' : 'ko',
-		'minz' => $minz ? 'ok' : 'ko',
-		'curl' => $curl ? 'ok' : 'ko',
-		'pdo-mysql' => $pdo_mysql ? 'ok' : 'ko',
-		'pdo-sqlite' => $pdo_sqlite ? 'ok' : 'ko',
-		'pdo-pgsql' => $pdo_pgsql ? 'ok' : 'ko',
-		'pdo' => $pdo ? 'ok' : 'ko',
-		'pcre' => $pcre ? 'ok' : 'ko',
-		'ctype' => $ctype ? 'ok' : 'ko',
-		'dom' => $dom ? 'ok' : 'ko',
-		'xml' => $xml ? 'ok' : 'ko',
-		'json' => $json ? 'ok' : 'ko',
-		'data' => $data ? 'ok' : 'ko',
-		'cache' => $cache ? 'ok' : 'ko',
-		'users' => $users ? 'ok' : 'ko',
-		'favicons' => $favicons ? 'ok' : 'ko',
-		'http_referer' => $http_referer ? 'ok' : 'ko',
-		'all' => $php && $minz && $curl && $pdo && $pcre && $ctype && $dom && $xml &&
-		         $data && $cache && $users && $favicons && $http_referer ?
-		         'ok' : 'ko'
-	);
-}
-
 function freshrss_already_installed() {
 	$conf_path = join_path(DATA_PATH, 'config.php');
 	if (!file_exists($conf_path)) {
@@ -392,60 +335,15 @@ function checkStep3() {
 	);
 }
 
-function checkBD() {
+function checkDbUser(&$dbOptions) {
 	$ok = false;
-
+	$str = $dbOptions['bd_dsn'];
+	$driver_options = $dbOptions['bd_options'];
 	try {
-		$str = '';
-		$driver_options = null;
-		switch ($_SESSION['bd_type']) {
-		case 'mysql':
-			$driver_options = array(
-				PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8mb4'
-			);
-
-			try {	// on ouvre une connexion juste pour créer la base si elle n'existe pas
-				$str = 'mysql:host=' . $_SESSION['bd_host'] . ';';
-				$c = new PDO($str, $_SESSION['bd_user'], $_SESSION['bd_password'], $driver_options);
-				$sql = sprintf(SQL_CREATE_DB, $_SESSION['bd_base']);
-				$res = $c->query($sql);
-			} catch (PDOException $e) {
-			}
-
-			// on écrase la précédente connexion en sélectionnant la nouvelle BDD
-			$str = 'mysql:host=' . $_SESSION['bd_host'] . ';dbname=' . $_SESSION['bd_base'];
-			break;
-		case 'sqlite':
-			$str = 'sqlite:' . join_path(USERS_PATH, $_SESSION['default_user'], 'db.sqlite');
-			$driver_options = array(
-				PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
-			);
-			break;
-		case 'pgsql':
-			$driver_options = array(
-				PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
-			);
-
-			try {	// on ouvre une connexion juste pour créer la base si elle n'existe pas
-				$str = 'pgsql:host=' . $_SESSION['bd_host'] . ';dbname=postgres';
-				$c = new PDO($str, $_SESSION['bd_user'], $_SESSION['bd_password'], $driver_options);
-				$sql = sprintf(SQL_CREATE_DB, $_SESSION['bd_base']);
-				$res = $c->query($sql);
-			} catch (PDOException $e) {
-				syslog(LOG_DEBUG, 'pgsql ' . $e->getMessage());
-			}
-
-			// on écrase la précédente connexion en sélectionnant la nouvelle BDD
-			$str = 'pgsql:host=' . $_SESSION['bd_host'] . ';dbname=' . $_SESSION['bd_base'];
-			break;
-		default:
-			return false;
-		}
-
-		$c = new PDO($str, $_SESSION['bd_user'], $_SESSION['bd_password'], $driver_options);
+		$c = new PDO($str, $dbOptions['bd_user'], $dbOptions['bd_password'], $driver_options);
 
 		if (defined('SQL_CREATE_TABLES')) {
-			$sql = sprintf(SQL_CREATE_TABLES, $_SESSION['bd_prefix_user'], _t('gen.short.default_category'));
+			$sql = sprintf(SQL_CREATE_TABLES, $dbOptions['bd_prefix_user'], _t('gen.short.default_category'));
 			$stm = $c->prepare($sql);
 			$ok = $stm->execute();
 		} else {
@@ -453,7 +351,7 @@ function checkBD() {
 			if (is_array($SQL_CREATE_TABLES)) {
 				$ok = true;
 				foreach ($SQL_CREATE_TABLES as $instruction) {
-					$sql = sprintf($instruction, $_SESSION['bd_prefix_user'], _t('gen.short.default_category'));
+					$sql = sprintf($instruction, $dbOptions['bd_prefix_user'], _t('gen.short.default_category'));
 					$stm = $c->prepare($sql);
 					$ok &= $stm->execute();
 				}
@@ -461,13 +359,8 @@ function checkBD() {
 		}
 	} catch (PDOException $e) {
 		$ok = false;
-		$_SESSION['bd_error'] = $e->getMessage();
+		$dbOptions['bd_error'] = $e->getMessage();
 	}
-
-	if (!$ok) {
-		@unlink(join_path(DATA_PATH, 'config.php'));
-	}
-
 	return $ok;
 }
 
@@ -510,7 +403,7 @@ function printStep0() {
 
 // @todo refactor this view with the check_install action
 function printStep1() {
-	$res = checkStep1();
+	$res = checkRequirements();
 ?>
 	<noscript><p class="alert alert-warn"><span class="alert-head"><?php echo _t('gen.short.attention'); ?></span> <?php echo _t('install.javascript_is_better'); ?></p></noscript>
 
@@ -805,7 +698,9 @@ case 3:
 case 4:
 	break;
 case 5:
-	deleteInstall();
+	if (deleteInstall()) {
+		header('Location: index.php');
+	}
 	break;
 }
 ?>
diff --git a/cli/_cli.php b/cli/_cli.php
index 66506f07a..7d1a7c6b2 100644
--- a/cli/_cli.php
+++ b/cli/_cli.php
@@ -38,7 +38,12 @@ function cliInitUser($username) {
 	return $username;
 }
 
-function done($ok) {
+function accessRights() {
+	echo '• Remember to re-apply the appropriate access rights, such as:' , "\n",
+		"\t", 'sudo chown -R :www-data . && sudo chmod -R g+r . && sudo chmod -R g+w ./data/', "\n";
+}
+
+function done($ok = true) {
 	fwrite(STDERR, 'Result: ' . ($ok ? 'success' : 'fail') . "\n");
 	exit($ok ? 0 : 1);
 }
diff --git a/cli/create-user.php b/cli/create-user.php
index 243e65a35..5e93d4605 100755
--- a/cli/create-user.php
+++ b/cli/create-user.php
@@ -12,8 +12,8 @@ $options = getopt('', array(
 	));
 
 if (empty($options['user'])) {
-	fail('Usage: ' . basename(__FILE__) . " --user username --password 'password' --api-password 'api_password'" .
-		" --language en --email user@example.net --token 'longRandomString'");
+	fail('Usage: ' . basename(__FILE__) . " --user username ( --password 'password' --api-password 'api_password'" .
+		" --language en --email user@example.net --token 'longRandomString' )");
 }
 $username = $options['user'];
 if (!ctype_alnum($username)) {
@@ -35,6 +35,12 @@ $ok = FreshRSS_user_Controller::createUser($username,
 		'token' => empty($options['token']) ? '' : $options['token'],
 	));
 
+if (!$ok) {
+	fail('FreshRSS could not create user!');
+}
+
 invalidateHttpCache(FreshRSS_Context::$system_conf->default_user);
 
+accessRights();
+
 done($ok);
diff --git a/cli/do-install.php b/cli/do-install.php
new file mode 100644
index 000000000..5eeedc626
--- /dev/null
+++ b/cli/do-install.php
@@ -0,0 +1,102 @@
+#!/usr/bin/php
+<?php
+require('_cli.php');
+require(LIB_PATH . '/lib_install.php');
+
+$params = array(
+		'environment:',
+		'base_url:',
+		'language:',
+		'title:',
+		'default_user:',
+		'allow_anonymous',
+		'allow_anonymous_refresh',
+		'auth_type:',
+		'api_enabled',
+		'allow_robots',
+	);
+
+$dBparams = array(
+		'db-type:',
+		'db-host:',
+		'db-user:',
+		'db-password:',
+		'db-base:',
+		'db-prefix:',
+	);
+
+$options = getopt('', array_merge($params, $dBparams));
+
+if (empty($options['default_user']) || empty($options['auth_type'])) {
+	fail('Usage: ' . basename(__FILE__) . " --default_user admin --auth_type form" .
+		" ( --environment production --base_url https://rss.example.net/" .
+		" --language en --title FreshRSS --allow_anonymous --api_enabled" .
+		" --db-type mysql --db-host localhost:3306 --db-user freshrss --db-password dbPassword123" .
+		" --db-base freshrss --db-prefix freshrss )");
+}
+
+fwrite(STDERR, 'FreshRSS install…' . "\n");
+
+$requirements = checkRequirements();
+if ($requirements['all'] !== 'ok') {
+	$message = 'FreshRSS install failed requirements:' . "\n";
+	foreach ($requirements as $requirement => $check) {
+		if ($check !== 'ok' && $requirement !== 'all') {
+			$message .= '• ' . $requirement . "\n";
+		}
+	}
+	fail($message);
+}
+
+if (!ctype_alnum($options['default_user'])) {
+	fail('FreshRSS invalid default username (must be ASCII alphanumeric): ' . $options['default_user']);
+}
+
+if (!in_array($options['auth_type'], array('form', 'http_auth', 'none'))) {
+	fail('FreshRSS invalid authentication method (auth_type must be one of { form, http_auth, none }: ' . $options['auth_type']);
+}
+
+$config = array(
+		'salt' => generateSalt(),
+		'db' => FreshRSS_Context::$system_conf->db,
+	);
+
+foreach ($params as $param) {
+	$param = rtrim($param, ':');
+	if (isset($options[$param])) {
+		$config[$param] = $options[$param] === false ? true : $options[$param];
+	}
+}
+
+if ((!empty($config['base_url'])) && server_is_public($config['base_url'])) {
+	$config['pubsubhubbub_enabled'] = true;
+}
+
+foreach ($dBparams as $dBparam) {
+	$dBparam = rtrim($dBparam, ':');
+	if (!empty($options[$dBparam])) {
+		$param = substr($dBparam, strlen('db-'));
+		$config['db'][$param] = $options[$dBparam];
+	}
+}
+
+if (file_put_contents(join_path(DATA_PATH, 'config.php'), "<?php\n return " . var_export($config, true) . ";\n") === false) {
+	fail('FreshRSS could not write configuration file!: ' . join_path(DATA_PATH, 'config.php'));
+}
+
+$config['db']['default_user'] = $config['default_user'];
+if (!checkDb($config['db'])) {
+	@unlink(join_path(DATA_PATH, 'config.php'));
+	fail('FreshRSS database error: ' . (empty($config['db']['bd_error']) ? 'Unknown error' : $config['db']['bd_error']));
+}
+
+echo '• Remember to create the default user: ', $config['default_user'] , "\n",
+	"\t", './cli/create-user.php --user ', $config['default_user'] , " --password 'password' --more-options\n";
+
+accessRights();
+
+if (!deleteInstall()) {
+	fail('FreshRSS access right problem while deleting install file!');
+}
+
+done();
diff --git a/lib/lib_install.php b/lib/lib_install.php
new file mode 100644
index 000000000..0e7b7f036
--- /dev/null
+++ b/lib/lib_install.php
@@ -0,0 +1,115 @@
+<?php
+
+define('BCRYPT_COST', 9);
+
+Minz_Configuration::register('default_system', join_path(DATA_PATH, 'config.default.php'));
+Minz_Configuration::register('default_user', join_path(USERS_PATH, '_', 'config.default.php'));
+
+function checkRequirements() {
+	$php = version_compare(PHP_VERSION, '5.3.3') >= 0;
+	$minz = file_exists(join_path(LIB_PATH, 'Minz'));
+	$curl = extension_loaded('curl');
+	$pdo_mysql = extension_loaded('pdo_mysql');
+	$pdo_sqlite = extension_loaded('pdo_sqlite');
+	$pdo_pgsql = extension_loaded('pdo_pgsql');
+	$pdo = $pdo_mysql || $pdo_sqlite || $pdo_pgsql;
+	$pcre = extension_loaded('pcre');
+	$ctype = extension_loaded('ctype');
+	$dom = class_exists('DOMDocument');
+	$xml = function_exists('xml_parser_create');
+	$json = function_exists('json_encode');
+	$data = DATA_PATH && is_writable(DATA_PATH);
+	$cache = CACHE_PATH && is_writable(CACHE_PATH);
+	$users = USERS_PATH && is_writable(USERS_PATH);
+	$favicons = is_writable(join_path(DATA_PATH, 'favicons'));
+	$http_referer = is_referer_from_same_domain();
+
+	return array(
+		'php' => $php ? 'ok' : 'ko',
+		'minz' => $minz ? 'ok' : 'ko',
+		'curl' => $curl ? 'ok' : 'ko',
+		'pdo-mysql' => $pdo_mysql ? 'ok' : 'ko',
+		'pdo-sqlite' => $pdo_sqlite ? 'ok' : 'ko',
+		'pdo-pgsql' => $pdo_pgsql ? 'ok' : 'ko',
+		'pdo' => $pdo ? 'ok' : 'ko',
+		'pcre' => $pcre ? 'ok' : 'ko',
+		'ctype' => $ctype ? 'ok' : 'ko',
+		'dom' => $dom ? 'ok' : 'ko',
+		'xml' => $xml ? 'ok' : 'ko',
+		'json' => $json ? 'ok' : 'ko',
+		'data' => $data ? 'ok' : 'ko',
+		'cache' => $cache ? 'ok' : 'ko',
+		'users' => $users ? 'ok' : 'ko',
+		'favicons' => $favicons ? 'ok' : 'ko',
+		'http_referer' => $http_referer ? 'ok' : 'ko',
+		'all' => $php && $minz && $curl && $pdo && $pcre && $ctype && $dom && $xml &&
+		         $data && $cache && $users && $favicons && $http_referer ?
+		         'ok' : 'ko'
+	);
+}
+
+function generateSalt() {
+	return sha1(uniqid(mt_rand(), true).implode('', stat(__FILE__)));
+}
+
+function checkDb(&$dbOptions) {
+	$dsn = '';
+	try {
+		$driver_options = null;
+		switch ($dbOptions['type']) {
+		case 'mysql':
+			include_once(APP_PATH . '/SQL/install.sql.mysql.php');
+			$driver_options = array(
+				PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8mb4'
+			);
+			try {	// on ouvre une connexion juste pour créer la base si elle n'existe pas
+				$dsn = 'mysql:host=' . $dbOptions['host'] . ';';
+				$c = new PDO($dsn, $dbOptions['user'], $dbOptions['password'], $driver_options);
+				$sql = sprintf(SQL_CREATE_DB, $dbOptions['base']);
+				$res = $c->query($sql);
+			} catch (PDOException $e) {
+				syslog(LOG_DEBUG, 'FreshRSS MySQL warning: ' . $e->getMessage());
+			}
+			// on écrase la précédente connexion en sélectionnant la nouvelle BDD
+			$dsn = 'mysql:host=' . $dbOptions['host'] . ';dbname=' . $dbOptions['base'];
+			break;
+		case 'sqlite':
+			include_once(APP_PATH . '/SQL/install.sql.sqlite.php');
+			$dsn = 'sqlite:' . join_path(USERS_PATH, $dbOptions['default_user'], 'db.sqlite');
+			$driver_options = array(
+				PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
+			);
+			break;
+		case 'pgsql':
+			include_once(APP_PATH . '/SQL/install.sql.pgsql.php');
+			$driver_options = array(
+				PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
+			);
+			try {	// on ouvre une connexion juste pour créer la base si elle n'existe pas
+				$dsn = 'pgsql:host=' . $dbOptions['host'] . ';dbname=postgres';
+				$c = new PDO($dsn, $dbOptions['user'], $dbOptions['password'], $driver_options);
+				$sql = sprintf(SQL_CREATE_DB, $dbOptions['base']);
+				$res = $c->query($sql);
+			} catch (PDOException $e) {
+				syslog(LOG_DEBUG, 'FreshRSS PostgreSQL warning: ' . $e->getMessage());
+			}
+			// on écrase la précédente connexion en sélectionnant la nouvelle BDD
+			$dsn = 'pgsql:host=' . $dbOptions['host'] . ';dbname=' . $dbOptions['base'];
+			break;
+		default:
+			return false;
+		}
+	} catch (PDOException $e) {
+		$dsn = '';
+		$dbOptions['error'] = $e->getMessage();
+	}
+	$dbOptions['dsn'] = $dsn;
+	$dbOptions['options'] = $driver_options;
+	return $dsn != '';
+}
+
+function deleteInstall() {
+	$path = join_path(DATA_PATH, 'do-install.txt');
+	@unlink($path);
+	return !file_exists($path);
+}
-- 
cgit v1.2.3


From 1182129ce5f07892afed190ffbb2ea4c7fc28967 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Mon, 24 Oct 2016 20:29:08 +0200
Subject: CLI option no-default-feeds

https://github.com/FreshRSS/FreshRSS/issues/1095
---
 app/Controllers/userController.php |  4 ++--
 app/Models/UserDAO.php             | 18 +++++++++++++++++-
 app/SQL/install.sql.mysql.php      |  3 +++
 app/SQL/install.sql.pgsql.php      |  4 ++++
 app/SQL/install.sql.sqlite.php     |  4 ++++
 app/install.php                    | 15 +++++++++++++++
 cli/create-user.php                |  7 +++++--
 7 files changed, 50 insertions(+), 5 deletions(-)

(limited to 'app/Controllers/userController.php')

diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 9dee16e8c..9d6ae18e6 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -99,7 +99,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		$this->view->size_user = $entryDAO->size();
 	}
 
-	public static function createUser($new_user_name, $passwordPlain, $apiPasswordPlain, $userConfig = array()) {
+	public static function createUser($new_user_name, $passwordPlain, $apiPasswordPlain, $userConfig = array(), $insertDefaultFeeds = true) {
 		if (!is_array($userConfig)) {
 			$userConfig = array();
 		}
@@ -138,7 +138,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		}
 		if ($ok) {
 			$userDAO = new FreshRSS_UserDAO();
-			$ok &= $userDAO->createUser($new_user_name, $userConfig['language']);
+			$ok &= $userDAO->createUser($new_user_name, $userConfig['language'], $insertDefaultFeeds);
 		}
 		return $ok;
 	}
diff --git a/app/Models/UserDAO.php b/app/Models/UserDAO.php
index 597182693..a95ee6bc4 100644
--- a/app/Models/UserDAO.php
+++ b/app/Models/UserDAO.php
@@ -1,7 +1,7 @@
 <?php
 
 class FreshRSS_UserDAO extends Minz_ModelPdo {
-	public function createUser($username, $new_user_language) {
+	public function createUser($username, $new_user_language, $insertDefaultFeeds = true) {
 		$db = FreshRSS_Context::$system_conf->db;
 		require_once(APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php');
 
@@ -28,6 +28,22 @@ class FreshRSS_UserDAO extends Minz_ModelPdo {
 					}
 				}
 			}
+			if ($insertDefaultFeeds) {
+				if (defined('SQL_INSERT_FEEDS')) {	//E.g. MySQL
+					$sql = sprintf(SQL_INSERT_FEEDS, $bd_prefix_user);
+					$stm = $userPDO->bd->prepare($sql);
+					$ok &= $stm && $stm->execute();
+				} else {	//E.g. SQLite
+					global $SQL_INSERT_FEEDS;
+					if (is_array($SQL_INSERT_FEEDS)) {
+						foreach ($SQL_INSERT_FEEDS as $instruction) {
+							$sql = sprintf($instruction, $bd_prefix_user);
+							$stm = $userPDO->bd->prepare($sql);
+							$ok &= ($stm && $stm->execute());
+						}
+					}
+				}
+			}
 		} catch (Exception $e) {
 			Minz_Log::error('Error while creating user: ' . $e->getMessage());
 		}
diff --git a/app/SQL/install.sql.mysql.php b/app/SQL/install.sql.mysql.php
index ca181303e..a454829d5 100644
--- a/app/SQL/install.sql.mysql.php
+++ b/app/SQL/install.sql.mysql.php
@@ -59,6 +59,9 @@ CREATE TABLE IF NOT EXISTS `%1$sentry` (
 ENGINE = INNODB;
 
 INSERT IGNORE INTO `%1$scategory` (id, name) VALUES(1, "%2$s");
+');
+
+define('SQL_INSERT_FEEDS', '
 INSERT IGNORE INTO `%1$sfeed` (url, category, name, website, description, ttl) VALUES("http://freshrss.org/feeds/all.atom.xml", 1, "FreshRSS.org", "http://freshrss.org/", "FreshRSS, a free, self-hostable aggregator…", 86400);
 INSERT IGNORE INTO `%1$sfeed` (url, category, name, website, description, ttl) VALUES("https://github.com/FreshRSS/FreshRSS/releases.atom", 1, "FreshRSS @ GitHub", "https://github.com/FreshRSS/FreshRSS/", "FreshRSS releases @ GitHub", 86400);
 ');
diff --git a/app/SQL/install.sql.pgsql.php b/app/SQL/install.sql.pgsql.php
index b343bda86..9f4240b98 100644
--- a/app/SQL/install.sql.pgsql.php
+++ b/app/SQL/install.sql.pgsql.php
@@ -52,6 +52,10 @@ $SQL_CREATE_TABLES = array(
 'CREATE INDEX %1$sentry_lastSeen_index ON "%1$sentry" ("lastSeen");',
 
 'INSERT INTO "%1$scategory" (name) SELECT \'%2$s\' WHERE NOT EXISTS (SELECT id FROM "%1$scategory" WHERE id = 1);',
+);
+
+global $SQL_INSERT_FEEDS;
+$SQL_INSERT_FEEDS = array(
 'INSERT INTO "%1$sfeed" (url, category, name, website, description, ttl) SELECT \'http://freshrss.org/feeds/all.atom.xml\', 1, \'FreshRSS.org\', \'http://freshrss.org/\', \'FreshRSS, a free, self-hostable aggregator…\', 86400 WHERE NOT EXISTS (SELECT id FROM "%1$sfeed" WHERE url = \'http://freshrss.org/feeds/all.atom.xml\');',
 'INSERT INTO "%1$sfeed" (url, category, name, website, description, ttl) SELECT \'https://github.com/FreshRSS/FreshRSS/releases.atom\', 1, \'FreshRSS @ GitHub\', \'https://github.com/FreshRSS/FreshRSS/\', \'FreshRSS releases @ GitHub\', 86400 WHERE NOT EXISTS (SELECT id FROM "%1$sfeed" WHERE url = \'https://github.com/FreshRSS/FreshRSS/releases.atom\');',
 );
diff --git a/app/SQL/install.sql.sqlite.php b/app/SQL/install.sql.sqlite.php
index 1d3a5d92f..68d93ba92 100644
--- a/app/SQL/install.sql.sqlite.php
+++ b/app/SQL/install.sql.sqlite.php
@@ -55,6 +55,10 @@ $SQL_CREATE_TABLES = array(
 'CREATE INDEX IF NOT EXISTS entry_lastSeen_index ON `entry`(`lastSeen`);',	//v1.1.1
 
 'INSERT OR IGNORE INTO `category` (id, name) VALUES(1, "%2$s");',
+);
+
+global $SQL_INSERT_FEEDS;
+$SQL_INSERT_FEEDS = array(
 'INSERT OR IGNORE INTO `feed` (url, category, name, website, description, ttl) VALUES("http://freshrss.org/feeds/all.atom.xml", 1, "FreshRSS.org", "http://freshrss.org/", "FreshRSS, a free, self-hostable aggregator…", 86400);',
 'INSERT OR IGNORE INTO `feed` (url, category, name, website, description, ttl) VALUES("https://github.com/FreshRSS/FreshRSS/releases.atom", 1, "FreshRSS releases", "https://github.com/FreshRSS/FreshRSS/", "FreshRSS releases @ GitHub", 86400);',
 );
diff --git a/app/install.php b/app/install.php
index 6956761c7..0daa02b1b 100644
--- a/app/install.php
+++ b/app/install.php
@@ -357,6 +357,21 @@ function checkDbUser(&$dbOptions) {
 				}
 			}
 		}
+
+		if (defined('SQL_INSERT_FEEDS')) {
+			$sql = sprintf(SQL_INSERT_FEEDS, $dbOptions['bd_prefix_user']);
+			$stm = $c->prepare($sql);
+			$ok &= $stm->execute();
+		} else {
+			global $SQL_INSERT_FEEDS;
+			if (is_array($SQL_INSERT_FEEDS)) {
+				foreach ($SQL_INSERT_FEEDS as $instruction) {
+					$sql = sprintf($instruction, $dbOptions['bd_prefix_user']);
+					$stm = $c->prepare($sql);
+					$ok &= $stm->execute();
+				}
+			}
+		}
 	} catch (PDOException $e) {
 		$ok = false;
 		$dbOptions['bd_error'] = $e->getMessage();
diff --git a/cli/create-user.php b/cli/create-user.php
index 5e93d4605..c790acb59 100755
--- a/cli/create-user.php
+++ b/cli/create-user.php
@@ -9,11 +9,12 @@ $options = getopt('', array(
 		'language:',
 		'email:',
 		'token:',
+		'no-default-feeds',
 	));
 
 if (empty($options['user'])) {
 	fail('Usage: ' . basename(__FILE__) . " --user username ( --password 'password' --api-password 'api_password'" .
-		" --language en --email user@example.net --token 'longRandomString' )");
+		" --language en --email user@example.net --token 'longRandomString --no-default-feeds' )");
 }
 $username = $options['user'];
 if (!ctype_alnum($username)) {
@@ -33,7 +34,9 @@ $ok = FreshRSS_user_Controller::createUser($username,
 	array(
 		'language' => empty($options['language']) ? '' : $options['language'],
 		'token' => empty($options['token']) ? '' : $options['token'],
-	));
+	),
+	!isset($options['no-default-feeds'])
+	);
 
 if (!$ok) {
 	fail('FreshRSS could not create user!');
-- 
cgit v1.2.3


From 8d2b76334cd60356c85810bf4902124105d54ad4 Mon Sep 17 00:00:00 2001
From: Clément <clement@selfhost.fr>
Date: Thu, 16 Feb 2017 14:27:45 +0100
Subject: Possibility to register user having a '-', a '_' or a '.' in username

---
 app/Controllers/userController.php | 6 ++++--
 app/Models/Auth.php                | 5 +++--
 app/install.php                    | 2 +-
 app/views/auth/formLogin.phtml     | 2 +-
 app/views/user/manage.phtml        | 2 +-
 cli/_cli.php                       | 4 +++-
 cli/delete-user.php                | 3 ++-
 cli/do-install.php                 | 3 ++-
 8 files changed, 17 insertions(+), 10 deletions(-)

(limited to 'app/Controllers/userController.php')

diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 9d6ae18e6..6199ff218 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -103,8 +103,9 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		if (!is_array($userConfig)) {
 			$userConfig = array();
 		}
+        $aValid = array('-', '_', '.');
 
-		$ok = ($new_user_name != '') && ctype_alnum($new_user_name);
+		$ok = ($new_user_name != '') && ctype_alnum(str_replace($aValid, '', $new_user_name));
 
 		if ($ok) {
 			$languages = Minz_Translate::availableLanguages();
@@ -187,7 +188,8 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		$db = FreshRSS_Context::$system_conf->db;
 		require_once(APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php');
 
-		$ok = ctype_alnum($username);
+        $aValid = array('-', '_', '.');
+		$ok = ctype_alnum(str_replace($aValid, '', $username));
 		if ($ok) {
 			$default_user = FreshRSS_Context::$system_conf->default_user;
 			$ok &= (strcasecmp($username, $default_user) !== 0);	//It is forbidden to delete the default user
diff --git a/app/Models/Auth.php b/app/Models/Auth.php
index b3255cfbd..e63a24b27 100644
--- a/app/Models/Auth.php
+++ b/app/Models/Auth.php
@@ -182,7 +182,8 @@ class FreshRSS_Auth {
 
 class FreshRSS_FormAuth {
 	public static function checkCredentials($username, $hash, $nonce, $challenge) {
-		if (!ctype_alnum($username) ||
+		$aValid = array('-', '_', '.');
+		if (!ctype_alnum(str_replace($aValid, '', $username)) ||
 				!ctype_graph($challenge) ||
 				!ctype_alnum($nonce)) {
 			Minz_Log::debug('Invalid credential parameters:' .
@@ -211,7 +212,7 @@ class FreshRSS_FormAuth {
 			// Token has expired (> 1 month) or does not exist.
 			// TODO: 1 month -> use a configuration instead
 			@unlink($token_file);
-			return array(); 	
+			return array();
 		}
 
 		$credentials = @file_get_contents($token_file);
diff --git a/app/install.php b/app/install.php
index 986a7dc60..1b23254de 100644
--- a/app/install.php
+++ b/app/install.php
@@ -553,7 +553,7 @@ function printStep2() {
 		<div class="form-group">
 			<label class="group-name" for="default_user"><?php echo _t('install.default_user'); ?></label>
 			<div class="group-controls">
-				<input type="text" id="default_user" name="default_user" required="required" size="16" maxlength="16" pattern="[0-9a-zA-Z]{1,16}" value="<?php echo isset($_SESSION['default_user']) ? $_SESSION['default_user'] : ''; ?>" placeholder="<?php echo httpAuthUser() == '' ? 'alice' : httpAuthUser(); ?>" tabindex="3" />
+				<input type="text" id="default_user" name="default_user" required="required" size="16" maxlength="16" pattern="[0-9a-zA-Z.\-_]{1,16}" value="<?php echo isset($_SESSION['default_user']) ? $_SESSION['default_user'] : ''; ?>" placeholder="<?php echo httpAuthUser() == '' ? 'alice' : httpAuthUser(); ?>" tabindex="3" />
 			</div>
 		</div>
 
diff --git a/app/views/auth/formLogin.phtml b/app/views/auth/formLogin.phtml
index a8213b7ae..6cfe6764a 100644
--- a/app/views/auth/formLogin.phtml
+++ b/app/views/auth/formLogin.phtml
@@ -9,7 +9,7 @@
 		<input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
 		<div>
 			<label for="username"><?php echo _t('gen.auth.username'); ?></label>
-			<input type="text" id="username" name="username" size="16" required="required" maxlength="16" pattern="[0-9a-zA-Z]{1,16}" autofocus="autofocus" />
+			<input type="text" id="username" name="username" size="16" required="required" maxlength="16" pattern="[0-9a-zA-Z.\-_]{1,16}" autofocus="autofocus" />
 		</div>
 		<div>
 			<label for="passwordPlain"><?php echo _t('gen.auth.password'); ?></label>
diff --git a/app/views/user/manage.phtml b/app/views/user/manage.phtml
index a32247d14..334650e56 100644
--- a/app/views/user/manage.phtml
+++ b/app/views/user/manage.phtml
@@ -22,7 +22,7 @@
 		<div class="form-group">
 			<label class="group-name" for="new_user_name"><?php echo _t('admin.user.username'); ?></label>
 			<div class="group-controls">
-				<input id="new_user_name" name="new_user_name" type="text" size="16" required="required" maxlength="16" autocomplete="off" pattern="[0-9a-zA-Z]{1,16}" placeholder="demo" />
+				<input id="new_user_name" name="new_user_name" type="text" size="16" required="required" maxlength="16" autocomplete="off" pattern="[0-9a-zA-Z.\-_]{1,16}" placeholder="demo" />
 			</div>
 		</div>
 
diff --git a/cli/_cli.php b/cli/_cli.php
index 7d1a7c6b2..885199659 100644
--- a/cli/_cli.php
+++ b/cli/_cli.php
@@ -20,7 +20,9 @@ function fail($message) {
 }
 
 function cliInitUser($username) {
-	if (!ctype_alnum($username)) {
+    $aValid = array('-', '_', '.');
+    
+	if (!ctype_alnum(str_replace($aValid, '', $username))) {
 		fail('FreshRSS error: invalid username: ' . $username . "\n");
 	}
 
diff --git a/cli/delete-user.php b/cli/delete-user.php
index 6f0e86e17..82605fb27 100755
--- a/cli/delete-user.php
+++ b/cli/delete-user.php
@@ -9,8 +9,9 @@ $options = getopt('', array(
 if (empty($options['user'])) {
 	fail('Usage: ' . basename(__FILE__) . " --user username");
 }
+$aValid = array('-', '_', '.');
 $username = $options['user'];
-if (!ctype_alnum($username)) {
+if (!ctype_alnum(str_replace($aValid, '', $username))) {
 	fail('FreshRSS error: invalid username “' . $username . '”');
 }
 
diff --git a/cli/do-install.php b/cli/do-install.php
index 100d4947f..eb46c7e93 100755
--- a/cli/do-install.php
+++ b/cli/do-install.php
@@ -47,7 +47,8 @@ if ($requirements['all'] !== 'ok') {
 	fail($message);
 }
 
-if (!ctype_alnum($options['default_user'])) {
+$aValid = array('-', '_', '.');
+if (!ctype_alnum(str_replace($aValid, '', $options['default_user']))) {
 	fail('FreshRSS invalid default username (must be ASCII alphanumeric): ' . $options['default_user']);
 }
 
-- 
cgit v1.2.3


From 4eeae5171b885b6dda392f5dd68d6dd78a0c7858 Mon Sep 17 00:00:00 2001
From: Clément <clement@selfhost.fr>
Date: Thu, 16 Feb 2017 18:54:59 +0100
Subject: use function with preg_match to check username

---
 app/Controllers/userController.php | 11 +++++++----
 app/Models/Auth.php                |  3 +--
 cli/_cli.php                       |  4 +---
 cli/create-user.php                |  3 +--
 cli/delete-user.php                |  3 +--
 cli/do-install.php                 |  3 +--
 6 files changed, 12 insertions(+), 15 deletions(-)

(limited to 'app/Controllers/userController.php')

diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 6199ff218..246be1bfe 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -34,6 +34,11 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		return $passwordHash == '' ? '' : $passwordHash;
 	}
 
+	public static function checkUsername($username) {
+		$match = '/^[a-zA-Z_]{1,38}$/';
+		return preg_match($match, $username) === 1;
+	}
+
 	/**
 	 * This action displays the user profile page.
 	 */
@@ -103,9 +108,8 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		if (!is_array($userConfig)) {
 			$userConfig = array();
 		}
-        $aValid = array('-', '_', '.');
 
-		$ok = ($new_user_name != '') && ctype_alnum(str_replace($aValid, '', $new_user_name));
+		$ok = self::checkUsername($new_user_name);
 
 		if ($ok) {
 			$languages = Minz_Translate::availableLanguages();
@@ -188,8 +192,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		$db = FreshRSS_Context::$system_conf->db;
 		require_once(APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php');
 
-        $aValid = array('-', '_', '.');
-		$ok = ctype_alnum(str_replace($aValid, '', $username));
+		$ok = self::checkUsername($username);
 		if ($ok) {
 			$default_user = FreshRSS_Context::$system_conf->default_user;
 			$ok &= (strcasecmp($username, $default_user) !== 0);	//It is forbidden to delete the default user
diff --git a/app/Models/Auth.php b/app/Models/Auth.php
index e63a24b27..476627e10 100644
--- a/app/Models/Auth.php
+++ b/app/Models/Auth.php
@@ -182,8 +182,7 @@ class FreshRSS_Auth {
 
 class FreshRSS_FormAuth {
 	public static function checkCredentials($username, $hash, $nonce, $challenge) {
-		$aValid = array('-', '_', '.');
-		if (!ctype_alnum(str_replace($aValid, '', $username)) ||
+		if (!FreshRSS_user_Controller::checkUsername($username) ||
 				!ctype_graph($challenge) ||
 				!ctype_alnum($nonce)) {
 			Minz_Log::debug('Invalid credential parameters:' .
diff --git a/cli/_cli.php b/cli/_cli.php
index 885199659..f5e36eabc 100644
--- a/cli/_cli.php
+++ b/cli/_cli.php
@@ -20,9 +20,7 @@ function fail($message) {
 }
 
 function cliInitUser($username) {
-    $aValid = array('-', '_', '.');
-    
-	if (!ctype_alnum(str_replace($aValid, '', $username))) {
+	if (!FreshRSS_user_Controller::checkUsername($username)) {
 		fail('FreshRSS error: invalid username: ' . $username . "\n");
 	}
 
diff --git a/cli/create-user.php b/cli/create-user.php
index e5b4493e3..c9e350c14 100755
--- a/cli/create-user.php
+++ b/cli/create-user.php
@@ -16,9 +16,8 @@ if (empty($options['user'])) {
 	fail('Usage: ' . basename(__FILE__) . " --user username ( --password 'password' --api-password 'api_password'" .
 		" --language en --email user@example.net --token 'longRandomString --no-default-feeds' )");
 }
-$aValid = array('-', '_', '.');
 $username = $options['user'];
-if (!ctype_alnum(str_replace($aValid, '', $username))) {
+if (!FreshRSS_user_Controller::checkUsername($username)) {
 	fail('FreshRSS error: invalid username “' . $username . '”');
 }
 
diff --git a/cli/delete-user.php b/cli/delete-user.php
index 82605fb27..baa81b893 100755
--- a/cli/delete-user.php
+++ b/cli/delete-user.php
@@ -9,9 +9,8 @@ $options = getopt('', array(
 if (empty($options['user'])) {
 	fail('Usage: ' . basename(__FILE__) . " --user username");
 }
-$aValid = array('-', '_', '.');
 $username = $options['user'];
-if (!ctype_alnum(str_replace($aValid, '', $username))) {
+if (!FreshRSS_user_Controller::checkUsername($username)) {
 	fail('FreshRSS error: invalid username “' . $username . '”');
 }
 
diff --git a/cli/do-install.php b/cli/do-install.php
index eb46c7e93..064a64ab2 100755
--- a/cli/do-install.php
+++ b/cli/do-install.php
@@ -47,8 +47,7 @@ if ($requirements['all'] !== 'ok') {
 	fail($message);
 }
 
-$aValid = array('-', '_', '.');
-if (!ctype_alnum(str_replace($aValid, '', $options['default_user']))) {
+if (!FreshRSS_user_Controller::checkUsername($options['default_user'])) {
 	fail('FreshRSS invalid default username (must be ASCII alphanumeric): ' . $options['default_user']);
 }
 
-- 
cgit v1.2.3


From 648fcb63b5170d07ad6d157249be398912da658f Mon Sep 17 00:00:00 2001
From: Clément <clement@selfhost.fr>
Date: Sun, 19 Feb 2017 15:00:26 +0100
Subject: correct check username pattern

---
 app/Controllers/userController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/Controllers/userController.php')

diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 246be1bfe..718207734 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -35,7 +35,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 	}
 
 	public static function checkUsername($username) {
-		$match = '/^[a-zA-Z_]{1,38}$/';
+		$match = '/^[0-9a-zA-Z_]{1,38}$/';
 		return preg_match($match, $username) === 1;
 	}
 
-- 
cgit v1.2.3


From 271a1fdc8900a8b2c32675c22dce1cc458209de4 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sat, 25 Feb 2017 12:39:08 +0100
Subject: Missing checkUsername and const patten

https://github.com/FreshRSS/FreshRSS/pull/1423

https://github.com/YunoHost-Apps/freshrss_ynh/issues/27#issuecomment-279792363
---
 app/Controllers/javascriptController.php | 2 +-
 app/Controllers/userController.php       | 9 +++++++--
 app/Models/Feed.php                      | 2 +-
 app/Models/UserDAO.php                   | 2 +-
 app/install.php                          | 2 +-
 app/views/auth/formLogin.phtml           | 2 +-
 app/views/auth/register.phtml            | 2 +-
 app/views/user/manage.phtml              | 2 +-
 cli/reconfigure.php                      | 2 +-
 lib/lib_rss.php                          | 2 +-
 p/api/greader.php                        | 2 +-
 11 files changed, 17 insertions(+), 12 deletions(-)

(limited to 'app/Controllers/userController.php')

diff --git a/app/Controllers/javascriptController.php b/app/Controllers/javascriptController.php
index 00a7b5c38..6336106a9 100755
--- a/app/Controllers/javascriptController.php
+++ b/app/Controllers/javascriptController.php
@@ -26,7 +26,7 @@ class FreshRSS_javascript_Controller extends Minz_ActionController {
 		header('Pragma: no-cache');
 
 		$user = isset($_GET['user']) ? $_GET['user'] : '';
-		if (ctype_alnum($user)) {
+		if (FreshRSS_user_Controller::checkUsername($user)) {
 			try {
 				$salt = FreshRSS_Context::$system_conf->salt;
 				$conf = get_user_configuration($user);
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 718207734..13a6fce67 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -34,9 +34,14 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		return $passwordHash == '' ? '' : $passwordHash;
 	}
 
+	/**
+	 * The username is also used as folder name, and part of SQL table name.
+	 * '_' is a reserved internal username.
+	 */
+	const USERNAME_PATTERN = '[0-9a-zA-Z]|[0-9a-zA-Z_]{2,38}';
+
 	public static function checkUsername($username) {
-		$match = '/^[0-9a-zA-Z_]{1,38}$/';
-		return preg_match($match, $username) === 1;
+		return preg_match('/^' . self::USERNAME_PATTERN . '$/', $username) === 1;
 	}
 
 	/**
diff --git a/app/Models/Feed.php b/app/Models/Feed.php
index 97cb1c47e..7a9cf8612 100644
--- a/app/Models/Feed.php
+++ b/app/Models/Feed.php
@@ -442,7 +442,7 @@ class FreshRSS_Feed extends Minz_Model {
 				file_put_contents(USERS_PATH . '/_/log_pshb.txt', date('c') . "\t" . $text . "\n", FILE_APPEND);
 			}
 			$currentUser = Minz_Session::param('currentUser');
-			if (ctype_alnum($currentUser) && !file_exists($path . '/' . $currentUser . '.txt')) {
+			if (FreshRSS_user_Controller::checkUsername($currentUser) && !file_exists($path . '/' . $currentUser . '.txt')) {
 				touch($path . '/' . $currentUser . '.txt');
 			}
 		}
diff --git a/app/Models/UserDAO.php b/app/Models/UserDAO.php
index 32bc6de2f..a60caf395 100644
--- a/app/Models/UserDAO.php
+++ b/app/Models/UserDAO.php
@@ -85,7 +85,7 @@ class FreshRSS_UserDAO extends Minz_ModelPdo {
 	}
 
 	public static function touch($username = '') {
-		if (($username == '') || (!ctype_alnum($username))) {
+		if (!FreshRSS_user_Controller::checkUsername($username)) {
 			$username = Minz_Session::param('currentUser', '_');
 		}
 		return touch(join_path(DATA_PATH , 'users', $username, 'config.php'));
diff --git a/app/install.php b/app/install.php
index 8c65a0977..58674e3a7 100644
--- a/app/install.php
+++ b/app/install.php
@@ -553,7 +553,7 @@ function printStep2() {
 		<div class="form-group">
 			<label class="group-name" for="default_user"><?php echo _t('install.default_user'); ?></label>
 			<div class="group-controls">
-				<input type="text" id="default_user" name="default_user" required="required" size="16" maxlength="16" pattern="[0-9a-zA-Z_]{1,16}" value="<?php echo isset($_SESSION['default_user']) ? $_SESSION['default_user'] : ''; ?>" placeholder="<?php echo httpAuthUser() == '' ? 'alice' : httpAuthUser(); ?>" tabindex="3" />
+				<input type="text" id="default_user" name="default_user" required="required" size="16" maxlength="16" pattern="<?php echo FreshRSS_user_Controller::USERNAME_PATTERN; ?>" value="<?php echo isset($_SESSION['default_user']) ? $_SESSION['default_user'] : ''; ?>" placeholder="<?php echo httpAuthUser() == '' ? 'alice' : httpAuthUser(); ?>" tabindex="3" />
 			</div>
 		</div>
 
diff --git a/app/views/auth/formLogin.phtml b/app/views/auth/formLogin.phtml
index 24cb14c6e..2f881dde7 100644
--- a/app/views/auth/formLogin.phtml
+++ b/app/views/auth/formLogin.phtml
@@ -9,7 +9,7 @@
 		<input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
 		<div>
 			<label for="username"><?php echo _t('gen.auth.username'); ?></label>
-			<input type="text" id="username" name="username" size="16" required="required" maxlength="16" pattern="[0-9a-zA-Z_]{1,16}" autofocus="autofocus" />
+			<input type="text" id="username" name="username" size="16" required="required" maxlength="16" pattern="<?php echo FreshRSS_user_Controller::USERNAME_PATTERN; ?>" autofocus="autofocus" />
 		</div>
 		<div>
 			<label for="passwordPlain"><?php echo _t('gen.auth.password'); ?></label>
diff --git a/app/views/auth/register.phtml b/app/views/auth/register.phtml
index d7997f5f5..fce7e1388 100644
--- a/app/views/auth/register.phtml
+++ b/app/views/auth/register.phtml
@@ -5,7 +5,7 @@
 		<input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
 		<div>
 			<label class="group-name" for="new_user_name"><?php echo _t('gen.auth.username'), '<br />', _i('help'), ' ', _t('gen.auth.username.format'); ?></label>
-			<input id="new_user_name" name="new_user_name" type="text" size="16" required="required" maxlength="16" autocomplete="off" pattern="[0-9a-zA-Z_]{1,16}" />
+			<input id="new_user_name" name="new_user_name" type="text" size="16" required="required" maxlength="16" autocomplete="off" pattern="<?php echo FreshRSS_user_Controller::USERNAME_PATTERN; ?>" />
 		</div>
 
 		<div>
diff --git a/app/views/user/manage.phtml b/app/views/user/manage.phtml
index 10bee5507..9238a01b9 100644
--- a/app/views/user/manage.phtml
+++ b/app/views/user/manage.phtml
@@ -22,7 +22,7 @@
 		<div class="form-group">
 			<label class="group-name" for="new_user_name"><?php echo _t('admin.user.username'); ?></label>
 			<div class="group-controls">
-				<input id="new_user_name" name="new_user_name" type="text" size="16" required="required" maxlength="16" autocomplete="off" pattern="[0-9a-zA-Z_]{1,16}" placeholder="demo" />
+				<input id="new_user_name" name="new_user_name" type="text" size="16" required="required" maxlength="16" autocomplete="off" pattern="<?php echo FreshRSS_user_Controller::USERNAME_PATTERN; ?>" placeholder="demo" />
 			</div>
 		</div>
 
diff --git a/cli/reconfigure.php b/cli/reconfigure.php
index 5294dd2df..da451b3ef 100755
--- a/cli/reconfigure.php
+++ b/cli/reconfigure.php
@@ -45,7 +45,7 @@ foreach ($dBparams as $dBparam) {
 }
 $config->db = $db;
 
-if (!ctype_alnum($config->default_user)) {
+if (!FreshRSS_user_Controller::checkUsername($config->default_user)) {
 	fail('FreshRSS invalid default username (must be ASCII alphanumeric): ' . $config->default_user);
 }
 
diff --git a/lib/lib_rss.php b/lib/lib_rss.php
index 560e5b256..cdd08719d 100644
--- a/lib/lib_rss.php
+++ b/lib/lib_rss.php
@@ -285,7 +285,7 @@ function uSecString() {
 }
 
 function invalidateHttpCache($username = '') {
-	if (($username == '') || (!ctype_alnum($username))) {
+	if (!FreshRSS_user_Controller::checkUsername($username)) {
 		Minz_Session::_param('touch', uTimeString());
 		$username = Minz_Session::param('currentUser', '_');
 	}
diff --git a/p/api/greader.php b/p/api/greader.php
index 4965ffd3b..01eca6d4f 100644
--- a/p/api/greader.php
+++ b/p/api/greader.php
@@ -152,7 +152,7 @@ function authorizationToUser() {
 		$headerAuthX = explode('/', $headerAuth, 2);
 		if (count($headerAuthX) === 2) {
 			$user = $headerAuthX[0];
-			if (ctype_alnum($user)) {
+			if (FreshRSS_user_Controller::checkUsername($user)) {
 				FreshRSS_Context::$user_conf = get_user_configuration($user);
 				if (FreshRSS_Context::$user_conf == null) {
 					Minz_Log::warning('Invalid API user ' . $user . ': configuration cannot be found.');
-- 
cgit v1.2.3


From 0bd4b2c74204a2f9360816ab22aac0da4c459824 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sat, 25 Feb 2017 13:08:06 +0100
Subject: Changelog 1423

---
 CHANGELOG.md                       | 2 ++
 app/Controllers/userController.php | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

(limited to 'app/Controllers/userController.php')

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4738b7360..885b625f2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,6 +15,8 @@
 	* Allow empty strings in CLI do-install [#1435](https://github.com/FreshRSS/FreshRSS/pull/1435)
 * Security
 	* No version number for anonymous users [#1404](https://github.com/FreshRSS/FreshRSS/issues/1404)
+* Misc.
+	* Relaxed requirements for username to `/^[0-9a-zA-Z]|[0-9a-zA-Z_]{2,38}/$` [#1423](https://github.com/FreshRSS/FreshRSS/pull/1423)
 
 
 ## 2016-12-26 FreshRSS 1.6.2
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 13a6fce67..593e24cf2 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -35,7 +35,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 	}
 
 	/**
-	 * The username is also used as folder name, and part of SQL table name.
+	 * The username is also used as folder name, file name, and part of SQL table name.
 	 * '_' is a reserved internal username.
 	 */
 	const USERNAME_PATTERN = '[0-9a-zA-Z]|[0-9a-zA-Z_]{2,38}';
-- 
cgit v1.2.3


From 9c012e6c81e435736bfef78e0669cd236ed9d73b Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Thu, 2 Mar 2017 22:57:02 +0100
Subject: Fix SQLite CLI install

https://github.com/FreshRSS/FreshRSS/issues/1445
https://github.com/FreshRSS/FreshRSS/issues/1443
https://github.com/FreshRSS/FreshRSS/issues/1443
---
 app/Controllers/userController.php | 7 +++++--
 lib/lib_rss.php                    | 9 ++-------
 2 files changed, 7 insertions(+), 9 deletions(-)

(limited to 'app/Controllers/userController.php')

diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 593e24cf2..f910cecd9 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -115,6 +115,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		}
 
 		$ok = self::checkUsername($new_user_name);
+		$homeDir = join_path(DATA_PATH, 'users', $new_user_name);
 
 		if ($ok) {
 			$languages = Minz_Translate::availableLanguages();
@@ -124,7 +125,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 
 			$ok &= !in_array(strtoupper($new_user_name), array_map('strtoupper', listUsers()));	//Not an existing user, case-insensitive
 
-			$configPath = join_path(DATA_PATH, 'users', $new_user_name, 'config.php');
+			$configPath = join_path($homeDir, 'config.php');
 			$ok &= !file_exists($configPath);
 		}
 		if ($ok) {
@@ -141,7 +142,9 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 			}
 		}
 		if ($ok) {
-			mkdir(join_path(DATA_PATH, 'users', $new_user_name));
+			if (!is_dir($homeDir)) {
+				mkdir($homeDir);
+			}
 			$userConfig['passwordHash'] = $passwordHash;
 			$userConfig['apiPasswordHash'] = $apiPasswordHash;
 			$ok &= (file_put_contents($configPath, "<?php\n return " . var_export($userConfig, true) . ';') !== false);
diff --git a/lib/lib_rss.php b/lib/lib_rss.php
index aaeeb431f..2d593b6a2 100644
--- a/lib/lib_rss.php
+++ b/lib/lib_rss.php
@@ -295,17 +295,12 @@ function invalidateHttpCache($username = '') {
 function listUsers() {
 	$final_list = array();
 	$base_path = join_path(DATA_PATH, 'users');
-	$dir_list = array_values(array_diff(
-		scandir($base_path),
-		array('..', '.', '_')
-	));
-
+	$dir_list = scandir($base_path);
 	foreach ($dir_list as $file) {
-		if (is_dir(join_path($base_path, $file))) {
+		if ($file[0] !== '.' && is_dir(join_path($base_path, $file)) && file_exists(join_path($base_path, $file, 'config.php'))) {
 			$final_list[] = $file;
 		}
 	}
-
 	return $final_list;
 }
 
-- 
cgit v1.2.3


From 0ce43be9de5bf676ceffa2e419941863f98fa970 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sun, 9 Apr 2017 00:25:04 +0200
Subject: Multi-user token

https://github.com/FreshRSS/FreshRSS/issues/1390
https://github.com/FreshRSS/FreshRSS/issues/366
---
 app/Controllers/authController.php |  9 ++-------
 app/Controllers/userController.php |  4 ++++
 app/Models/Auth.php                | 27 +++++++++++++++++++++++----
 app/layout/nav_menu.phtml          |  1 +
 app/views/auth/index.phtml         | 13 -------------
 app/views/user/profile.phtml       | 13 +++++++++++++
 lib/lib_rss.php                    |  3 +++
 7 files changed, 46 insertions(+), 24 deletions(-)

(limited to 'app/Controllers/userController.php')

diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php
index 1398e4e49..5ad1a51d9 100644
--- a/app/Controllers/authController.php
+++ b/app/Controllers/authController.php
@@ -27,11 +27,6 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
 		if (Minz_Request::isPost()) {
 			$ok = true;
 
-			$current_token = FreshRSS_Context::$user_conf->token;
-			$token = Minz_Request::param('token', $current_token);
-			FreshRSS_Context::$user_conf->token = $token;
-			$ok &= FreshRSS_Context::$user_conf->save();
-
 			$anon = Minz_Request::param('anon_access', false);
 			$anon = ((bool)$anon) && ($anon !== 'no');
 			$anon_refresh = Minz_Request::param('anon_refresh', false);
@@ -123,7 +118,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
 			$challenge = Minz_Request::param('challenge', '');
 
 			$conf = get_user_configuration($username);
-			if (is_null($conf)) {
+			if ($conf == null) {
 				Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false);
 				return;
 			}
@@ -164,7 +159,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
 			}
 
 			$conf = get_user_configuration($username);
-			if (is_null($conf)) {
+			if ($conf == null) {
 				return;
 			}
 
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index f910cecd9..ee575fa09 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -74,6 +74,10 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 				FreshRSS_Context::$user_conf->apiPasswordHash = $passwordHash;
 			}
 
+			$current_token = FreshRSS_Context::$user_conf->token;
+			$token = Minz_Request::param('token', $current_token);
+			FreshRSS_Context::$user_conf->token = $token;
+
 			$ok &= FreshRSS_Context::$user_conf->save();
 
 			if ($ok) {
diff --git a/app/Models/Auth.php b/app/Models/Auth.php
index 476627e10..4de058999 100644
--- a/app/Models/Auth.php
+++ b/app/Models/Auth.php
@@ -74,6 +74,10 @@ class FreshRSS_Auth {
 	public static function giveAccess() {
 		$current_user = Minz_Session::param('currentUser');
 		$user_conf = get_user_configuration($current_user);
+		if ($user_conf == null) {
+			self::$login_ok = false;
+			return;
+		}
 		$system_conf = Minz_Configuration::get('system');
 
 		switch ($system_conf->auth_type) {
@@ -120,13 +124,28 @@ class FreshRSS_Auth {
 	 * Removes all accesses for the current user.
 	 */
 	public static function removeAccess() {
-		Minz_Session::_param('loginOk');
 		self::$login_ok = false;
-		$conf = Minz_Configuration::get('system');
-		Minz_Session::_param('currentUser', $conf->default_user);
+		Minz_Session::_param('loginOk');
 		Minz_Session::_param('csrf');
+		$system_conf = Minz_Configuration::get('system');
 
-		switch ($conf->auth_type) {
+		$username = '';
+		$token_param = Minz_Request::param('token', '');
+		if ($token_param != '') {
+			$username = trim(Minz_Request::param('user', ''));
+			if ($username != '') {
+				$conf = get_user_configuration($username);
+				if ($conf == null) {
+					$username = '';
+				}
+			}
+		}
+		if ($username == '') {
+			$username = $system_conf->default_user;
+		}
+		Minz_Session::_param('currentUser', $username);
+
+		switch ($system_conf->auth_type) {
 		case 'form':
 			Minz_Session::_param('passwordHash');
 			FreshRSS_FormAuth::deleteCookie();
diff --git a/app/layout/nav_menu.phtml b/app/layout/nav_menu.phtml
index f6d824d55..04ee03cd6 100644
--- a/app/layout/nav_menu.phtml
+++ b/app/layout/nav_menu.phtml
@@ -149,6 +149,7 @@
 		<?php
 			$url_output['a'] = 'rss';
 			if (FreshRSS_Context::$user_conf->token) {
+				$url_output['params']['user'] = Minz_Session::param('currentUser');
 				$url_output['params']['token'] = FreshRSS_Context::$user_conf->token;
 			}
 			if (FreshRSS_Context::$user_conf->since_hours_posts_per_rss) {
diff --git a/app/views/auth/index.phtml b/app/views/auth/index.phtml
index 010eae33f..20966f24e 100644
--- a/app/views/auth/index.phtml
+++ b/app/views/auth/index.phtml
@@ -52,19 +52,6 @@
 			</div>
 		</div>
 
-		<?php if (FreshRSS_Auth::accessNeedsAction()) { ?>
-		<div class="form-group">
-			<label class="group-name" for="token"><?php echo _t('admin.auth.token'); ?></label>
-			<?php $token = FreshRSS_Context::$user_conf->token; ?>
-			<div class="group-controls">
-				<input type="text" id="token" name="token" value="<?php echo $token; ?>" placeholder="<?php echo _t('gen.short.blank_to_disable'); ?>"<?php
-					echo FreshRSS_Auth::accessNeedsAction() ? '' : ' disabled="disabled"'; ?> data-leave-validation="<?php echo $token; ?>"/>
-				<?php echo _i('help'); ?> <?php echo _t('admin.auth.token_help'); ?>
-				<kbd><?php echo Minz_Url::display(array('a' => 'rss', 'params' => array('token' => $token, 'hours' => FreshRSS_Context::$user_conf->since_hours_posts_per_rss)), 'html', true); ?></kbd>
-			</div>
-		</div>
-		<?php } ?>
-
 		<div class="form-group">
 			<div class="group-controls">
 				<label class="checkbox" for="api_enabled">
diff --git a/app/views/user/profile.phtml b/app/views/user/profile.phtml
index 429375e44..f09c87765 100644
--- a/app/views/user/profile.phtml
+++ b/app/views/user/profile.phtml
@@ -43,6 +43,19 @@
 		</div>
 		<?php } ?>
 
+		<?php if (FreshRSS_Auth::accessNeedsAction()) { ?>
+		<div class="form-group">
+			<label class="group-name" for="token"><?php echo _t('admin.auth.token'); ?></label>
+			<?php $token = FreshRSS_Context::$user_conf->token; ?>
+			<div class="group-controls">
+				<input type="text" id="token" name="token" value="<?php echo $token; ?>" placeholder="<?php echo _t('gen.short.blank_to_disable'); ?>"<?php
+					echo FreshRSS_Auth::accessNeedsAction() ? '' : ' disabled="disabled"'; ?> data-leave-validation="<?php echo $token; ?>"/>
+				<?php echo _i('help'); ?> <?php echo _t('admin.auth.token_help'); ?>
+				<kbd><?php echo Minz_Url::display(array('a' => 'rss', 'params' => array('user' => Minz_Session::param('currentUser'), 'token' => $token, 'hours' => FreshRSS_Context::$user_conf->since_hours_posts_per_rss)), 'html', true); ?></kbd>
+			</div>
+		</div>
+		<?php } ?>
+
 		<div class="form-group form-actions">
 			<div class="group-controls">
 				<button type="submit" class="btn btn-important"><?php echo _t('gen.action.submit'); ?></button>
diff --git a/lib/lib_rss.php b/lib/lib_rss.php
index 4298e90bf..247cc707b 100644
--- a/lib/lib_rss.php
+++ b/lib/lib_rss.php
@@ -334,6 +334,9 @@ function max_registrations_reached() {
  * @return a Minz_Configuration object, null if the configuration cannot be loaded.
  */
 function get_user_configuration($username) {
+	if (!FreshRSS_user_Controller::checkUsername($username)) {
+		return null;
+	}
 	$namespace = 'user_' . $username;
 	try {
 		Minz_Configuration::register($namespace,
-- 
cgit v1.2.3


From 535aa35ba70d8cc584f37388692022272ab883b2 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Mon, 10 Apr 2017 19:09:21 +0200
Subject: PSHB better unsubscribe

Cases when a user is deleted, or when a feed is deleted.
Removed random key do reduce the risk of subscribing several times to
the same PSHB feed.
---
 app/Controllers/userController.php |  1 +
 app/Models/Feed.php                | 15 ++++++++-------
 p/api/pshb.php                     | 39 +++++++++++++++++++++++++++++---------
 3 files changed, 39 insertions(+), 16 deletions(-)

(limited to 'app/Controllers/userController.php')

diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index f910cecd9..ddc0c6fe4 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -213,6 +213,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 			$userDAO = new FreshRSS_UserDAO();
 			$ok &= $userDAO->deleteUser($username);
 			$ok &= recursive_unlink($user_data);
+			array_map('unlink', glob(PSHB_PATH . '/feeds/*/' . $username . '.txt'));
 		}
 		return $ok;
 	}
diff --git a/app/Models/Feed.php b/app/Models/Feed.php
index 7a9cf8612..1bc6e48e8 100644
--- a/app/Models/Feed.php
+++ b/app/Models/Feed.php
@@ -429,7 +429,7 @@ class FreshRSS_Feed extends Minz_Model {
 				}
 			} else {
 				@mkdir($path, 0777, true);
-				$key = sha1($path . FreshRSS_Context::$system_conf->salt . uniqid(mt_rand(), true));
+				$key = sha1($path . FreshRSS_Context::$system_conf->salt);
 				$hubJson = array(
 					'hub' => $this->hubUrl,
 					'key' => $key,
@@ -451,15 +451,16 @@ class FreshRSS_Feed extends Minz_Model {
 
 	//Parameter true to subscribe, false to unsubscribe.
 	function pubSubHubbubSubscribe($state) {
-		if (FreshRSS_Context::$system_conf->base_url && $this->hubUrl && $this->selfUrl) {
-			$hubFilename = PSHB_PATH . '/feeds/' . base64url_encode($this->selfUrl) . '/!hub.json';
+		$url = $this->selfUrl ? $this->selfUrl : $this->url;
+		if (FreshRSS_Context::$system_conf->base_url && $url) {
+			$hubFilename = PSHB_PATH . '/feeds/' . base64url_encode($url) . '/!hub.json';
 			$hubFile = @file_get_contents($hubFilename);
 			if ($hubFile === false) {
 				Minz_Log::warning('JSON not found for PubSubHubbub: ' . $this->url);
 				return false;
 			}
 			$hubJson = json_decode($hubFile, true);
-			if (!$hubJson || empty($hubJson['key']) || !ctype_xdigit($hubJson['key'])) {
+			if (!$hubJson || empty($hubJson['key']) || !ctype_xdigit($hubJson['key']) || empty($hubJson['hub'])) {
 				Minz_Log::warning('Invalid JSON for PubSubHubbub: ' . $this->url);
 				return false;
 			}
@@ -474,13 +475,13 @@ class FreshRSS_Feed extends Minz_Model {
 			}
 			$ch = curl_init();
 			curl_setopt_array($ch, array(
-				CURLOPT_URL => $this->hubUrl,
+				CURLOPT_URL => $hubJson['hub'],
 				CURLOPT_FOLLOWLOCATION => true,
 				CURLOPT_RETURNTRANSFER => true,
 				CURLOPT_USERAGENT => 'FreshRSS/' . FRESHRSS_VERSION . ' (' . PHP_OS . '; ' . FRESHRSS_WEBSITE . ')',
 				CURLOPT_POSTFIELDS => 'hub.verify=sync'
 					. '&hub.mode=' . ($state ? 'subscribe' : 'unsubscribe')
-					. '&hub.topic=' . urlencode($this->selfUrl)
+					. '&hub.topic=' . urlencode($url)
 					. '&hub.callback=' . urlencode($callbackUrl)
 				)
 			);
@@ -488,7 +489,7 @@ class FreshRSS_Feed extends Minz_Model {
 			$info = curl_getinfo($ch);
 
 			file_put_contents(USERS_PATH . '/_/log_pshb.txt', date('c') . "\t" .
-				'PubSubHubbub ' . ($state ? 'subscribe' : 'unsubscribe') . ' to ' . $this->selfUrl .
+				'PubSubHubbub ' . ($state ? 'subscribe' : 'unsubscribe') . ' to ' . $url .
 				' with callback ' . $callbackUrl . ': ' . $info['http_code'] . ' ' . $response . "\n", FILE_APPEND);
 
 			if (substr($info['http_code'], 0, 1) == '2') {
diff --git a/p/api/pshb.php b/p/api/pshb.php
index e9b66b167..378f43516 100644
--- a/p/api/pshb.php
+++ b/p/api/pshb.php
@@ -23,8 +23,13 @@ if (!ctype_xdigit($key)) {
 chdir(PSHB_PATH);
 $canonical64 = @file_get_contents('keys/' . $key . '.txt');
 if ($canonical64 === false) {
+	if (!empty($_REQUEST['hub_mode']) && $_REQUEST['hub_mode'] === 'unsubscribe') {
+		logMe('Warning: Accept unknown unsubscribe');
+		header('Connection: close');
+		exit(isset($_REQUEST['hub_challenge']) ? $_REQUEST['hub_challenge'] : '');
+	}
 	header('HTTP/1.1 404 Not Found');
-	logMe('Error: Feed key not found!: ' . $key);
+	logMe('Warning: Feed key not found!: ' . $key);
 	die('Feed key not found!');
 }
 $canonical64 = trim($canonical64);
@@ -36,7 +41,7 @@ if (!preg_match('/^[A-Za-z0-9_-]+$/D', $canonical64)) {
 $hubFile = @file_get_contents('feeds/' . $canonical64 . '/!hub.json');
 if ($hubFile === false) {
 	header('HTTP/1.1 404 Not Found');
-	//@unlink('keys/' . $key . '.txt');
+	unlink('keys/' . $key . '.txt');
 	logMe('Error: Feed info not found!: ' . $canonical64);
 	die('Feed info not found!');
 }
@@ -50,8 +55,19 @@ chdir('feeds/' . $canonical64);
 $users = glob('*.txt', GLOB_NOSORT);
 if (empty($users)) {
 	header('HTTP/1.1 410 Gone');
-	logMe('Error: Nobody is subscribed to this feed anymore!: ' . $canonical64);
-	die('Nobody is subscribed to this feed anymore!');
+	$url = base64url_decode($canonical64);
+	logMe('Warning: Nobody subscribes to this feed anymore!: ' . $url);
+	unlink('../../keys/' . $key . '.txt');
+	Minz_Configuration::register('system',
+		DATA_PATH . '/config.php',
+		DATA_PATH . '/config.default.php');
+	FreshRSS_Context::$system_conf = Minz_Configuration::get('system');
+	$feed = new FreshRSS_Feed($url);
+	$feed->pubSubHubbubSubscribe(false);
+	unlink('!hub.json');
+	chdir('..');
+	recursive_unlink($canonical64);
+	die('Nobody subscribes to this feed anymore!');
 }
 
 if (!empty($_REQUEST['hub_mode']) && $_REQUEST['hub_mode'] === 'subscribe') {
@@ -108,7 +124,9 @@ $nb = 0;
 foreach ($users as $userFilename) {
 	$username = basename($userFilename, '.txt');
 	if (!file_exists(USERS_PATH . '/' . $username . '/config.php')) {
-		break;
+		logMe('Warning: Removing broken user link: ' . $username . ' for ' . $self);
+		unlink($userFilename);
+		continue;
 	}
 
 	try {
@@ -119,11 +137,14 @@ foreach ($users as $userFilename) {
 		new Minz_ModelPdo($username);	//TODO: FIXME: Quick-fix while waiting for a better FreshRSS() constructor/init
 		FreshRSS_Context::init();
 		list($updated_feeds, $feed) = FreshRSS_feed_Controller::actualizeFeed(0, $self, false, $simplePie);
-		if ($updated_feeds > 0) {
+		if ($updated_feeds > 0 || $feed != false) {
 			$nb++;
+		} else {
+			logMe('Warning: User ' . $username . ' does not subscribe anymore to ' . $self);
+			unlink($userFilename);
 		}
 	} catch (Exception $e) {
-		logMe('Error: ' . $e->getMessage());
+		logMe('Error: ' . $e->getMessage() . ' for user ' . $username . ' and feed ' . $self);
 	}
 }
 
@@ -132,8 +153,8 @@ unset($simplePie);
 
 if ($nb === 0) {
 	header('HTTP/1.1 410 Gone');
-	logMe('Error: Nobody is subscribed to this feed anymore after all!: ' . $self);
-	die('Nobody is subscribed to this feed anymore after all!');
+	logMe('Warning: Nobody subscribes to this feed anymore after all!: ' . $self);
+	die('Nobody subscribes to this feed anymore after all!');
 } elseif (!empty($hubJson['error'])) {
 	$hubJson['error'] = false;
 	file_put_contents('./!hub.json', json_encode($hubJson));
-- 
cgit v1.2.3


From 1e5b151d88cfe25391a1daf77da99b81cf6f8414 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Thu, 27 Apr 2017 20:25:26 +0200
Subject: Work around for IE / Edge pattern bug

Swap order of regex alternatives
https://github.com/FreshRSS/FreshRSS/issues/1511

http://stackoverflow.com/questions/22360235/do-browsers-support-different-html5-pattern-regexp-features

https://connect.microsoft.com/ie/feedback/details/836117/regex-bug-in-pattern-validator
---
 CHANGELOG.md                       | 1 +
 app/Controllers/userController.php | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

(limited to 'app/Controllers/userController.php')

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0cb5155d3..13b980e9d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,6 +19,7 @@
 	* Do not require PHP extension `fileinfo` for favicons [#1461](https://github.com/FreshRSS/FreshRSS/issues/1461)
 	* Fix UI lowest subscription popup hidden [#1479](https://github.com/FreshRSS/FreshRSS/issues/1479)
 	* Fix update system via ZIP archive [#1498](https://github.com/FreshRSS/FreshRSS/pull/1498)
+	* Work around for IE / Edge bug in username pattern in version 1.6.3 [#1511](https://github.com/FreshRSS/FreshRSS/issues/1511)
 * I18n
 	* Improve English [#1465](https://github.com/FreshRSS/FreshRSS/pull/1465)
 * Misc.
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index ed30eb69f..3cbbd8633 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -38,7 +38,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 	 * The username is also used as folder name, file name, and part of SQL table name.
 	 * '_' is a reserved internal username.
 	 */
-	const USERNAME_PATTERN = '[0-9a-zA-Z]|[0-9a-zA-Z_]{2,38}';
+	const USERNAME_PATTERN = '[0-9a-zA-Z_]{2,38}|[0-9a-zA-Z]';
 
 	public static function checkUsername($username) {
 		return preg_match('/^' . self::USERNAME_PATTERN . '$/', $username) === 1;
-- 
cgit v1.2.3


From e046791c9330ee80580494b8fce3f5fc0bf08f98 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sat, 22 Jul 2017 20:05:36 +0200
Subject: CLI update user

https://github.com/FreshRSS/FreshRSS/issues/1600
Not tested
---
 app/Controllers/userController.php | 50 +++++++++++++++++++++--------------
 cli/README.md                      |  2 ++
 cli/create-user.php                |  1 +
 cli/update-user.php                | 54 ++++++++++++++++++++++++++++++++++++++
 4 files changed, 87 insertions(+), 20 deletions(-)
 create mode 100644 cli/update-user.php

(limited to 'app/Controllers/userController.php')

diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 3cbbd8633..a58501186 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -44,6 +44,29 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		return preg_match('/^' . self::USERNAME_PATTERN . '$/', $username) === 1;
 	}
 
+	public static function updateContextUser($passwordPlain, $apiPasswordPlain, $userConfigUpdated = array()) {
+		if ($passwordPlain != '') {
+			$passwordHash = self::hashPassword($passwordPlain);
+			FreshRSS_Context::$user_conf->passwordHash = $passwordHash;
+		}
+
+		if ($apiPasswordPlain != '') {
+			$apiPasswordHash = self::hashPassword($apiPasswordPlain);
+			FreshRSS_Context::$user_conf->apiPasswordHash = $apiPasswordHash;
+		}
+
+		if (is_array($userConfigUpdated)) {
+			foreach ($userConfigUpdated as $configName => $configValue) {
+				if ($configValue !== null) {
+					FreshRSS_Context::$user_conf->_param($configName, $configValue);
+				}
+			}
+		}
+
+		$ok = FreshRSS_Context::$user_conf->save();
+		return $ok;
+	}
+
 	/**
 	 * This action displays the user profile page.
 	 */
@@ -55,30 +78,17 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		));
 
 		if (Minz_Request::isPost()) {
-			$ok = true;
-
 			$passwordPlain = Minz_Request::param('newPasswordPlain', '', true);
-			if ($passwordPlain != '') {
-				Minz_Request::_param('newPasswordPlain');	//Discard plain-text password ASAP
-				$_POST['newPasswordPlain'] = '';
-				$passwordHash = self::hashPassword($passwordPlain);
-				$ok &= ($passwordHash != '');
-				FreshRSS_Context::$user_conf->passwordHash = $passwordHash;
-			}
-			Minz_Session::_param('passwordHash', FreshRSS_Context::$user_conf->passwordHash);
+			Minz_Request::_param('newPasswordPlain');	//Discard plain-text password ASAP
+			$_POST['newPasswordPlain'] = '';
 
-			$passwordPlain = Minz_Request::param('apiPasswordPlain', '', true);
-			if ($passwordPlain != '') {
-				$passwordHash = self::hashPassword($passwordPlain);
-				$ok &= ($passwordHash != '');
-				FreshRSS_Context::$user_conf->apiPasswordHash = $passwordHash;
-			}
+			$apiPasswordPlain = Minz_Request::param('apiPasswordPlain', '', true);
 
-			$current_token = FreshRSS_Context::$user_conf->token;
-			$token = Minz_Request::param('token', $current_token);
-			FreshRSS_Context::$user_conf->token = $token;
+			$ok = self::updateContextUser($passwordPlain, $apiPasswordPlain, array(
+					'token' => Minz_Request::param('token', null),
+				));
 
-			$ok &= FreshRSS_Context::$user_conf->save();
+			Minz_Session::_param('passwordHash', FreshRSS_Context::$user_conf->passwordHash);
 
 			if ($ok) {
 				Minz_Request::good(_t('feedback.profile.updated'),
diff --git a/cli/README.md b/cli/README.md
index 1ac8c95ce..6e120babe 100644
--- a/cli/README.md
+++ b/cli/README.md
@@ -46,6 +46,8 @@ cd /usr/share/FreshRSS
 ./cli/create-user.php --user username ( --password 'password' --api-password 'api_password' --language en --email user@example.net --token 'longRandomString' --no-default-feeds )
 # --language can be: 'en' (default), 'fr', or one of the [supported languages](../app/i18n/)
 
+./cli/update-user.php --user username ( --password 'password' --api-password 'api_password' --language en --email user@example.net --token 'longRandomString' --purge_after_months 3 --feed_min_articles_default 50 --feed_ttl_default 3600 --since_hours_posts_per_rss 168 --min_posts_per_rss 2 --max_posts_per_rss 400 )
+
 ./cli/delete-user.php --user username
 
 ./cli/list-users.php
diff --git a/cli/create-user.php b/cli/create-user.php
index c9e350c14..0b131ac35 100755
--- a/cli/create-user.php
+++ b/cli/create-user.php
@@ -33,6 +33,7 @@ $ok = FreshRSS_user_Controller::createUser($username,
 	empty($options['api-password']) ? '' : $options['api-password'],
 	array(
 		'language' => empty($options['language']) ? '' : $options['language'],
+		'mail_login' => empty($options['email']) ? '' : $options['email'],
 		'token' => empty($options['token']) ? '' : $options['token'],
 	),
 	!isset($options['no-default-feeds']));
diff --git a/cli/update-user.php b/cli/update-user.php
new file mode 100644
index 000000000..5f3335f2e
--- /dev/null
+++ b/cli/update-user.php
@@ -0,0 +1,54 @@
+#!/usr/bin/php
+<?php
+require('_cli.php');
+
+$options = getopt('', array(
+		'user:',
+		'password:',
+		'api-password:',
+		'language:',
+		'email:',
+		'token:',
+		'purge_after_months:',
+		'feed_min_articles_default:',
+		'feed_ttl_default:',
+		'since_hours_posts_per_rss:',
+		'min_posts_per_rss:',
+		'max_posts_per_rss:',
+	));
+
+if (empty($options['user'])) {
+	fail('Usage: ' . basename(__FILE__) . " --user username ( --password 'password' --api-password 'api_password'" .
+		" --language en --email user@example.net --token 'longRandomString' )");
+}
+
+$username = cliInitUser($options['user']);
+
+echo 'FreshRSS updating user “', $username, "”…\n";
+
+function intParam($name) {
+	return isset($options[$name]) && ctype_digit($options[$name]) ? intval($options[$name]) : null;
+}
+
+$ok = FreshRSS_user_Controller::updateContextUser($username,
+	empty($options['password']) ? '' : $options['password'],
+	empty($options['api-password']) ? '' : $options['api-password'],
+	array(
+		'language' => isset($options['language']) ? $options['language'] : null,
+		'mail_login' => isset($options['email']) ? $options['email'] : null,
+		'token' => isset($options['token']) ? $options['token'] : null,
+		'old_entries' => intParam('purge_after_months'),
+		'keep_history_default' => intParam('feed_min_articles_default'),
+		'ttl_default' => intParam('feed_ttl_default'),
+		'since_hours_posts_per_rss' => intParam('since_hours_posts_per_rss'),
+		'min_posts_per_rss' => intParam('min_posts_per_rss'),
+		'max_posts_per_rss' => intParam('max_posts_per_rss'),
+	));
+
+if (!$ok) {
+	fail('FreshRSS could not update user!');
+}
+
+invalidateHttpCache($username);
+
+done($ok);
-- 
cgit v1.2.3


From f632a346269100d6a93bef318ffa66c97f16f6fa Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Thu, 12 Oct 2017 20:11:06 +0200
Subject: CLI optimize database (#1663)

CLI optimize database https://github.com/FreshRSS/FreshRSS/issues/1583
And VACUUM in SQLite https://github.com/FreshRSS/FreshRSS/issues/918
Add VACUUM for PostgreSQL (Not tested yet)
---
 CHANGELOG.md                            |  4 ++++
 app/Controllers/configureController.php |  6 +++--
 app/Controllers/entryController.php     |  4 ++--
 app/Controllers/userController.php      |  4 +++-
 app/Models/DatabaseDAO.php              | 41 +++++++++++++++++++++++++++++++++
 app/Models/DatabaseDAOPGSQL.php         | 37 +++++++++++++++++++++++++++++
 app/Models/DatabaseDAOSQLite.php        | 13 +++++++++++
 app/Models/EntryDAO.php                 | 22 ------------------
 app/Models/EntryDAOPGSQL.php            | 11 ---------
 app/Models/EntryDAOSQLite.php           |  8 -------
 cli/README.md                           |  3 +++
 cli/db-optimize.php                     | 20 ++++++++++++++++
 cli/user-info.php                       |  5 ++--
 13 files changed, 130 insertions(+), 48 deletions(-)
 create mode 100755 cli/db-optimize.php

(limited to 'app/Controllers/userController.php')

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 051b04a3e..97fcdcbed 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,10 @@
 	* Remove "SimplePie" name from HTTP User-Agent string [#1656](https://github.com/FreshRSS/FreshRSS/pull/1656)
 * Bug fixing
 	* Work-around for `CURLOPT_FOLLOWLOCATION` `open_basedir` bug in favicons and PubSubHubbub [#1655](https://github.com/FreshRSS/FreshRSS/issues/1655)
+* CLI
+	* New command `./cli/db-optimize.php` for database optimisation [#1583](https://github.com/FreshRSS/FreshRSS/issues/1583)
+* SQL
+	* Perform `VACUUM` on SQLite and PostgreSQL databases when optimisation is requested [#918](https://github.com/FreshRSS/FreshRSS/issues/918)
 * Misc.
 	* Translation validation tool [#1653](https://github.com/FreshRSS/FreshRSS/pull/1653)
 	* Translation manipulation tool [#1658](https://github.com/FreshRSS/FreshRSS/pull/1658)
diff --git a/app/Controllers/configureController.php b/app/Controllers/configureController.php
index 155221d19..9d2ee450c 100755
--- a/app/Controllers/configureController.php
+++ b/app/Controllers/configureController.php
@@ -225,10 +225,12 @@ class FreshRSS_configure_Controller extends Minz_ActionController {
 
 		$entryDAO = FreshRSS_Factory::createEntryDao();
 		$this->view->nb_total = $entryDAO->count();
-		$this->view->size_user = $entryDAO->size();
+
+		$databaseDAO = FreshRSS_Factory::createDatabaseDAO();
+		$this->view->size_user = $databaseDAO->size();
 
 		if (FreshRSS_Auth::hasAccess('admin')) {
-			$this->view->size_total = $entryDAO->size(true);
+			$this->view->size_total = $databaseDAO->size(true);
 		}
 	}
 
diff --git a/app/Controllers/entryController.php b/app/Controllers/entryController.php
index c40588105..bd8b65b2b 100755
--- a/app/Controllers/entryController.php
+++ b/app/Controllers/entryController.php
@@ -147,8 +147,8 @@ class FreshRSS_entry_Controller extends Minz_ActionController {
 
 		@set_time_limit(300);
 
-		$entryDAO = FreshRSS_Factory::createEntryDao();
-		$entryDAO->optimizeTable();
+		$databaseDAO = FreshRSS_Factory::createDatabaseDAO();
+		$databaseDAO->optimize();
 
 		$feedDAO = FreshRSS_Factory::createFeedDao();
 		$feedDAO->updateCachedValues();
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index a58501186..2a1d43d9e 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -120,7 +120,9 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		// Get information about the current user.
 		$entryDAO = FreshRSS_Factory::createEntryDao($this->view->current_user);
 		$this->view->nb_articles = $entryDAO->count();
-		$this->view->size_user = $entryDAO->size();
+
+		$databaseDAO = FreshRSS_Factory::createDatabaseDAO();
+		$this->view->size_user = $databaseDAO->size();
 	}
 
 	public static function createUser($new_user_name, $passwordPlain, $apiPasswordPlain, $userConfig = array(), $insertDefaultFeeds = true) {
diff --git a/app/Models/DatabaseDAO.php b/app/Models/DatabaseDAO.php
index 6ba5bca3e..f5469f2b7 100644
--- a/app/Models/DatabaseDAO.php
+++ b/app/Models/DatabaseDAO.php
@@ -80,4 +80,45 @@ class FreshRSS_DatabaseDAO extends Minz_ModelPdo {
 
 		return $list;
 	}
+
+	public function size($all = false) {
+		$db = FreshRSS_Context::$system_conf->db;
+		$sql = 'SELECT SUM(data_length + index_length) FROM information_schema.TABLES WHERE table_schema=?';	//MySQL
+		$values = array($db['base']);
+		if (!$all) {
+			$sql .= ' AND table_name LIKE ?';
+			$values[] = $this->prefix . '%';
+		}
+		$stm = $this->bd->prepare($sql);
+		$stm->execute($values);
+		$res = $stm->fetchAll(PDO::FETCH_COLUMN, 0);
+		return $res[0];
+	}
+
+	public function optimize() {
+		$ok = true;
+
+		$sql = 'OPTIMIZE TABLE `' . $this->prefix . 'entry`';	//MySQL
+		$stm = $this->bd->prepare($sql);
+		$ok &= $stm != false;
+		if ($stm) {
+			$ok &= $stm->execute();
+		}
+
+		$sql = 'OPTIMIZE TABLE `' . $this->prefix . 'feed`';	//MySQL
+		$stm = $this->bd->prepare($sql);
+		$ok &= $stm != false;
+		if ($stm) {
+			$ok &= $stm->execute();
+		}
+
+		$sql = 'OPTIMIZE TABLE `' . $this->prefix . 'category`';	//MySQL
+		$stm = $this->bd->prepare($sql);
+		$ok &= $stm != false;
+		if ($stm) {
+			$ok &= $stm->execute();
+		}
+
+		return $ok;
+	}
 }
diff --git a/app/Models/DatabaseDAOPGSQL.php b/app/Models/DatabaseDAOPGSQL.php
index 2a18db970..1b3f7408d 100644
--- a/app/Models/DatabaseDAOPGSQL.php
+++ b/app/Models/DatabaseDAOPGSQL.php
@@ -40,4 +40,41 @@ class FreshRSS_DatabaseDAOPGSQL extends FreshRSS_DatabaseDAO {
 			'default' => $dao['default'],
 		);
 	}
+
+	public function size($all = true) {
+		$db = FreshRSS_Context::$system_conf->db;
+		$sql = 'SELECT pg_size_pretty(pg_database_size(?))';
+		$values = array($db['base']);
+		$stm = $this->bd->prepare($sql);
+		$stm->execute($values);
+		$res = $stm->fetchAll(PDO::FETCH_COLUMN, 0);
+		return $res[0];
+	}
+
+	public function optimize() {
+		$ok = true;
+
+		$sql = 'VACUUM `' . $this->prefix . 'entry`';
+		$stm = $this->bd->prepare($sql);
+		$ok &= $stm != false;
+		if ($stm) {
+			$ok &= $stm->execute();
+		}
+
+		$sql = 'VACUUM `' . $this->prefix . 'feed`';
+		$stm = $this->bd->prepare($sql);
+		$ok &= $stm != false;
+		if ($stm) {
+			$ok &= $stm->execute();
+		}
+
+		$sql = 'VACUUM `' . $this->prefix . 'category`';
+		$stm = $this->bd->prepare($sql);
+		$ok &= $stm != false;
+		if ($stm) {
+			$ok &= $stm->execute();
+		}
+
+		return $ok;
+	}
 }
diff --git a/app/Models/DatabaseDAOSQLite.php b/app/Models/DatabaseDAOSQLite.php
index 2e1df132e..d3aedb3c0 100644
--- a/app/Models/DatabaseDAOSQLite.php
+++ b/app/Models/DatabaseDAOSQLite.php
@@ -45,4 +45,17 @@ class FreshRSS_DatabaseDAOSQLite extends FreshRSS_DatabaseDAO {
 			'default' => $dao['dflt_value'],
 		);
 	}
+
+	public function size($all = false) {
+		return @filesize(join_path(DATA_PATH, 'users', $this->current_user, 'db.sqlite'));
+	}
+
+	public function optimize() {
+		$sql = 'VACUUM';
+		$stm = $this->bd->prepare($sql);
+		if ($stm) {
+			return $stm->execute();
+		}
+		return false;
+	}
 }
diff --git a/app/Models/EntryDAO.php b/app/Models/EntryDAO.php
index bebafe500..e8b6dcdae 100644
--- a/app/Models/EntryDAO.php
+++ b/app/Models/EntryDAO.php
@@ -885,28 +885,6 @@ class FreshRSS_EntryDAO extends Minz_ModelPdo implements FreshRSS_Searchable {
 		return array('all' => $all, 'unread' => $unread, 'read' => $all - $unread);
 	}
 
-	public function optimizeTable() {
-		$sql = 'OPTIMIZE TABLE `' . $this->prefix . 'entry`';	//MySQL
-		$stm = $this->bd->prepare($sql);
-		if ($stm) {
-			return $stm->execute();
-		}
-	}
-
-	public function size($all = false) {
-		$db = FreshRSS_Context::$system_conf->db;
-		$sql = 'SELECT SUM(data_length + index_length) FROM information_schema.TABLES WHERE table_schema=?';	//MySQL
-		$values = array($db['base']);
-		if (!$all) {
-			$sql .= ' AND table_name LIKE ?';
-			$values[] = $this->prefix . '%';
-		}
-		$stm = $this->bd->prepare($sql);
-		$stm->execute($values);
-		$res = $stm->fetchAll(PDO::FETCH_COLUMN, 0);
-		return $res[0];
-	}
-
 	public static function daoToEntry($dao) {
 		$entry = new FreshRSS_Entry(
 				$dao['id_feed'],
diff --git a/app/Models/EntryDAOPGSQL.php b/app/Models/EntryDAOPGSQL.php
index 405774abf..f09fe8e75 100644
--- a/app/Models/EntryDAOPGSQL.php
+++ b/app/Models/EntryDAOPGSQL.php
@@ -46,15 +46,4 @@ END $$;';
 		}
 		return $result;
 	}
-
-	public function size($all = true) {
-		$db = FreshRSS_Context::$system_conf->db;
-		$sql = 'SELECT pg_size_pretty(pg_database_size(?))';
-		$values = array($db['base']);
-		$stm = $this->bd->prepare($sql);
-		$stm->execute($values);
-		$res = $stm->fetchAll(PDO::FETCH_COLUMN, 0);
-		return $res[0];
-	}
-
 }
diff --git a/app/Models/EntryDAOSQLite.php b/app/Models/EntryDAOSQLite.php
index 8dad54322..0f57dc1ba 100644
--- a/app/Models/EntryDAOSQLite.php
+++ b/app/Models/EntryDAOSQLite.php
@@ -261,12 +261,4 @@ class FreshRSS_EntryDAOSQLite extends FreshRSS_EntryDAO {
 		}
 		return $affected;
 	}
-
-	public function optimizeTable() {
-		//TODO: Search for an equivalent in SQLite
-	}
-
-	public function size($all = false) {
-		return @filesize(join_path(DATA_PATH, 'users', $this->current_user, 'db.sqlite'));
-	}
 }
diff --git a/cli/README.md b/cli/README.md
index ce1be10a7..6f907566c 100644
--- a/cli/README.md
+++ b/cli/README.md
@@ -69,6 +69,9 @@ cd /usr/share/FreshRSS
 # Returns: 1) a * iff the user is admin, 2) the name of the user,
 #  3) the date/time of last user action, 4) the size occupied,
 #  and the number of: 5) categories, 6) feeds, 7) read articles, 8) unread articles, and 9) favourites
+
+./cli/db-optimize.php --user username
+# Optimize database (reduces the size) for a given user (perform `OPTIMIZE TABLE` in MySQL, `VACUUM` in SQLite)
 ```
 
 
diff --git a/cli/db-optimize.php b/cli/db-optimize.php
new file mode 100755
index 000000000..83123a669
--- /dev/null
+++ b/cli/db-optimize.php
@@ -0,0 +1,20 @@
+#!/usr/bin/php
+<?php
+require('_cli.php');
+
+$options = getopt('', array(
+		'user:',
+	));
+
+if (empty($options['user'])) {
+	fail('Usage: ' . basename(__FILE__) . " --user username");
+}
+
+$username = cliInitUser($options['user']);
+
+echo 'FreshRSS optimizing database for user “', $username, "”…\n";
+
+$databaseDAO = FreshRSS_Factory::createDatabaseDAO($username);
+$ok = $databaseDAO->optimize();
+
+done($ok);
diff --git a/cli/user-info.php b/cli/user-info.php
index aa3e239b8..41b95cbf3 100755
--- a/cli/user-info.php
+++ b/cli/user-info.php
@@ -19,6 +19,7 @@ foreach ($users as $username) {
 	$catDAO = new FreshRSS_CategoryDAO();
 	$feedDAO = FreshRSS_Factory::createFeedDao($username);
 	$entryDAO = FreshRSS_Factory::createEntryDao($username);
+	$databaseDAO = FreshRSS_Factory::createDatabaseDAO($username);
 
 	$nbEntries = $entryDAO->countUnreadRead();
 	$nbFavorites = $entryDAO->countUnreadReadFavorites();
@@ -27,7 +28,7 @@ foreach ($users as $username) {
 		echo
 			$username, "\t",
 			date('c', FreshRSS_UserDAO::mtime($username)), "\t",
-			format_bytes($entryDAO->size()), "\t",
+			format_bytes($databaseDAO->size()), "\t",
 			$catDAO->count(), " categories\t",
 			count($feedDAO->listFeedsIds()), " feeds\t",
 			$nbEntries['read'], " reads\t",
@@ -38,7 +39,7 @@ foreach ($users as $username) {
 		echo
 			$username, "\t",
 			FreshRSS_UserDAO::mtime($username), "\t",
-			$entryDAO->size(), "\t",
+			$databaseDAO->size(), "\t",
 			$catDAO->count(), "\t",
 			count($feedDAO->listFeedsIds()), "\t",
 			$nbEntries['read'], "\t",
-- 
cgit v1.2.3