From 8a131b056ee3566c2b54466f650c26c143b7c369 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sun, 14 Jun 2015 16:22:33 +0200 Subject: Force autocomplete off https://github.com/FreshRSS/FreshRSS/issues/880 Put a space in the user field instead of empty to avoid autocomplete. Use feed ID in the username/password field name. --- app/Controllers/feedController.php | 6 +++--- app/Controllers/subscriptionController.php | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'app/Controllers') diff --git a/app/Controllers/feedController.php b/app/Controllers/feedController.php index 957a809cd..b91f63b5b 100755 --- a/app/Controllers/feedController.php +++ b/app/Controllers/feedController.php @@ -98,10 +98,10 @@ class FreshRSS_feed_Controller extends Minz_ActionController { // HTTP information are useful if feed is protected behind a // HTTP authentication - $user = Minz_Request::param('http_user'); - $pass = Minz_Request::param('http_pass'); + $user = trim(Minz_Request::param('http_user', '')); + $pass = Minz_Request::param('http_pass', ''); $http_auth = ''; - if ($user != '' || $pass != '') { + if ($user != '' && $pass != '') { //TODO: Sanitize $http_auth = $user . ':' . $pass; } diff --git a/app/Controllers/subscriptionController.php b/app/Controllers/subscriptionController.php index 333565faf..03d3ee15e 100644 --- a/app/Controllers/subscriptionController.php +++ b/app/Controllers/subscriptionController.php @@ -77,11 +77,11 @@ class FreshRSS_subscription_Controller extends Minz_ActionController { Minz_View::prependTitle(_t('sub.title.feed_management') . ' · ' . $this->view->feed->name() . ' · '); if (Minz_Request::isPost()) { - $user = Minz_Request::param('http_user', ''); - $pass = Minz_Request::param('http_pass', ''); + $user = trim(Minz_Request::param('http_user_feed' . $id, '')); + $pass = Minz_Request::param('http_pass_feed' . $id, ''); $httpAuth = ''; - if ($user != '' || $pass != '') { + if ($user != '' && $pass != '') { //TODO: Sanitize $httpAuth = $user . ':' . $pass; } -- cgit v1.2.3 From 079150eee4eebce3549c3d7db84dd0180bdd11e7 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Fri, 3 Jul 2015 23:47:18 +0200 Subject: Updated log visibility In particular, ensure that ERROR is only used for errors that may affect FreshRSS integrity, and ensure that feed errors are visible also in production, i.e. visibility of WARNING https://github.com/FreshRSS/FreshRSS/issues/885 https://github.com/FreshRSS/FreshRSS/issues/884 --- app/Controllers/authController.php | 2 +- app/Controllers/feedController.php | 2 +- app/Controllers/importExportController.php | 6 +++--- app/Controllers/updateController.php | 2 +- app/Models/CategoryDAO.php | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) (limited to 'app/Controllers') diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php index 937c0759d..b55892475 100644 --- a/app/Controllers/authController.php +++ b/app/Controllers/authController.php @@ -253,7 +253,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController { FreshRSS_Auth::giveAccess(); invalidateHttpCache(); } else { - Minz_Log::error($reason); + Minz_Log::warning($reason); $res = array(); $res['status'] = 'failure'; diff --git a/app/Controllers/feedController.php b/app/Controllers/feedController.php index b91f63b5b..488d066a9 100755 --- a/app/Controllers/feedController.php +++ b/app/Controllers/feedController.php @@ -322,7 +322,7 @@ class FreshRSS_feed_Controller extends Minz_ActionController { $feed->load(false); } } catch (FreshRSS_Feed_Exception $e) { - Minz_Log::notice($e->getMessage()); + Minz_Log::warning($e->getMessage()); $feedDAO->updateLastUpdate($feed->id(), true); $feed->unlock(); continue; diff --git a/app/Controllers/importExportController.php b/app/Controllers/importExportController.php index 26b163e43..60e467255 100644 --- a/app/Controllers/importExportController.php +++ b/app/Controllers/importExportController.php @@ -47,7 +47,7 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { $status_file = $file['error']; if ($status_file !== 0) { - Minz_Log::error('File cannot be uploaded. Error code: ' . $status_file); + Minz_Log::warning('File cannot be uploaded. Error code: ' . $status_file); Minz_Request::bad(_t('feedback.import_export.file_cannot_be_uploaded'), array('c' => 'importExport', 'a' => 'index')); } @@ -69,7 +69,7 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { if (!is_resource($zip)) { // zip_open cannot open file: something is wrong - Minz_Log::error('Zip archive cannot be imported. Error code: ' . $zip); + Minz_Log::warning('Zip archive cannot be imported. Error code: ' . $zip); Minz_Request::bad(_t('feedback.import_export.zip_error'), array('c' => 'importExport', 'a' => 'index')); } @@ -77,7 +77,7 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { while (($zipfile = zip_read($zip)) !== false) { if (!is_resource($zipfile)) { // zip_entry() can also return an error code! - Minz_Log::error('Zip file cannot be imported. Error code: ' . $zipfile); + Minz_Log::warning('Zip file cannot be imported. Error code: ' . $zipfile); } else { $type_zipfile = $this->guessFileType(zip_entry_name($zipfile)); if ($type_file !== 'unknown') { diff --git a/app/Controllers/updateController.php b/app/Controllers/updateController.php index 4797a3486..84a33fe85 100644 --- a/app/Controllers/updateController.php +++ b/app/Controllers/updateController.php @@ -63,7 +63,7 @@ class FreshRSS_update_Controller extends Minz_ActionController { curl_close($c); if ($c_status !== 200) { - Minz_Log::error( + Minz_Log::warning( 'Error during update (HTTP code ' . $c_status . '): ' . $c_error ); diff --git a/app/Models/CategoryDAO.php b/app/Models/CategoryDAO.php index 189a5f0e4..b5abac519 100644 --- a/app/Models/CategoryDAO.php +++ b/app/Models/CategoryDAO.php @@ -13,7 +13,7 @@ class FreshRSS_CategoryDAO extends Minz_ModelPdo implements FreshRSS_Searchable return $this->bd->lastInsertId(); } else { $info = $stm == null ? array(2 => 'syntax error') : $stm->errorInfo(); - Minz_Log::error('SQL error addCategory: ' . $info[2] ); + Minz_Log::error('SQL error addCategory: ' . $info[2]); return false; } } -- cgit v1.2.3 From ac8bd3d2512dd1bfca43d71ea10202ba9e6a82a6 Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Tue, 21 Jul 2015 15:31:23 +0200 Subject: Add a max_registrations limit - Allow user to create accounts (not implemented) - Admin only can set this limit See https://github.com/FreshRSS/FreshRSS/issues/679 --- app/Controllers/userController.php | 24 ++++++++++++++++++++++++ app/Models/ConfigurationSetter.php | 3 +++ app/views/user/manage.phtml | 19 +++++++++++++++++++ data/config.default.php | 4 ++++ 4 files changed, 50 insertions(+) (limited to 'app/Controllers') diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php index ed01b83c5..1c7745753 100644 --- a/app/Controllers/userController.php +++ b/app/Controllers/userController.php @@ -211,4 +211,28 @@ class FreshRSS_user_Controller extends Minz_ActionController { Minz_Request::forward(array('c' => 'user', 'a' => 'manage'), true); } + + /** + * This action updates the max number of registrations. + * + * Request parameter is: + * - max-registrations (int >= 0) + */ + public function setRegistrationAction() { + if (Minz_Request::isPost() && FreshRSS_Auth::hasAccess('admin')) { + $limits = FreshRSS_Context::$system_conf->limits; + $limits['max_registrations'] = Minz_Request::param('max-registrations', 1); + FreshRSS_Context::$system_conf->limits = $limits; + FreshRSS_Context::$system_conf->save(); + + invalidateHttpCache(); + + Minz_Session::_param('notification', array( + 'type' => 'good', + 'content' => _t('feedback.user.set_registration') + )); + } + + Minz_Request::forward(array('c' => 'user', 'a' => 'manage'), true); + } } diff --git a/app/Models/ConfigurationSetter.php b/app/Models/ConfigurationSetter.php index 4bd29ecb0..236bf5b0b 100644 --- a/app/Models/ConfigurationSetter.php +++ b/app/Models/ConfigurationSetter.php @@ -352,6 +352,9 @@ class FreshRSS_ConfigurationSetter { 'min' => 0, 'max' => $max_small_int, ), + 'max_registrations' => array( + 'min' => 0, + ), ); foreach ($values as $key => $value) { diff --git a/app/views/user/manage.phtml b/app/views/user/manage.phtml index fe1b6618b..a7cbf0795 100644 --- a/app/views/user/manage.phtml +++ b/app/views/user/manage.phtml @@ -3,6 +3,25 @@
+
+ + +
+ +
+ + +
+
+ +
+
+ + +
+
+
+
diff --git a/data/config.default.php b/data/config.default.php index 6013b13b8..5db933ff8 100644 --- a/data/config.default.php +++ b/data/config.default.php @@ -77,6 +77,10 @@ return array( # Max number of categories for a user. 'max_categories' => 16384, + # Max number of accounts that anonymous users can create + # 0 for an unlimited number of accounts + # 1 is to not allow user registrations (1 is corresponding to the admin account) + 'max_registrations' => 1, ), # Options used by cURL when making HTTP requests, e.g. when the SimplePie library retrieves feeds. -- cgit v1.2.3 From 37f06799589d9bb92ecfa6368197daf187251ab4 Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Tue, 21 Jul 2015 16:03:46 +0200 Subject: First draft for registration form See https://github.com/FreshRSS/FreshRSS/issues/679 --- app/Controllers/authController.php | 6 ++++++ app/views/auth/formLogin.phtml | 2 ++ app/views/auth/register.phtml | 31 +++++++++++++++++++++++++++++++ 3 files changed, 39 insertions(+) create mode 100644 app/views/auth/register.phtml (limited to 'app/Controllers') diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php index b55892475..1c8ad2193 100644 --- a/app/Controllers/authController.php +++ b/app/Controllers/authController.php @@ -346,4 +346,10 @@ class FreshRSS_auth_Controller extends Minz_ActionController { } } } + + /** + * This action gives possibility to a user to create an account. + */ + public function registerAction() { + } } diff --git a/app/views/auth/formLogin.phtml b/app/views/auth/formLogin.phtml index 979e17349..75537ee26 100644 --- a/app/views/auth/formLogin.phtml +++ b/app/views/auth/formLogin.phtml @@ -1,6 +1,8 @@

+ +
diff --git a/app/views/auth/register.phtml b/app/views/auth/register.phtml new file mode 100644 index 000000000..f67ecc4d9 --- /dev/null +++ b/app/views/auth/register.phtml @@ -0,0 +1,31 @@ +
+

+ + +
+ + +
+ +
+ +
+ + +
+ +
+ +
+ + +
+ +
+ + +
+ + +

+
-- cgit v1.2.3 From 9fca5c70f33291cacc04e7bdfa01a12c6df3f97c Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Wed, 22 Jul 2015 12:20:00 +0200 Subject: Add some comments --- app/Controllers/userController.php | 19 +++++++++++++++++++ app/views/auth/register.phtml | 7 +++++++ 2 files changed, 26 insertions(+) (limited to 'app/Controllers') diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php index 1c7745753..c198d1328 100644 --- a/app/Controllers/userController.php +++ b/app/Controllers/userController.php @@ -103,6 +103,17 @@ class FreshRSS_user_Controller extends Minz_ActionController { $this->view->size_user = $entryDAO->size(); } + /** + * This action creates a new user. + * + * Request parameters are: + * - new_user_language + * - new_user_name + * - new_user_passwordPlain + * - new_user_email + * + * @todo clean up this method. Idea: write a method to init a user with basic information. + */ public function createAction() { if (Minz_Request::isPost() && FreshRSS_Auth::hasAccess('admin')) { $db = FreshRSS_Context::$system_conf->db; @@ -178,6 +189,14 @@ class FreshRSS_user_Controller extends Minz_ActionController { Minz_Request::forward(array('c' => 'user', 'a' => 'manage'), true); } + /** + * This action delete an existing user. + * + * Request parameter is: + * - username + * + * @todo clean up this method. Idea: create a User->clean() method. + */ public function deleteAction() { if (Minz_Request::isPost() && FreshRSS_Auth::hasAccess('admin')) { $db = FreshRSS_Context::$system_conf->db; diff --git a/app/views/auth/register.phtml b/app/views/auth/register.phtml index f67ecc4d9..31ab89d26 100644 --- a/app/views/auth/register.phtml +++ b/app/views/auth/register.phtml @@ -1,3 +1,10 @@ +

-- cgit v1.2.3 From 02c3546440f961018adc1e2c8e97c16f2aca18fc Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Wed, 22 Jul 2015 13:52:03 +0200 Subject: Registration action is handled and create a user See https://github.com/FreshRSS/FreshRSS/issues/679 --- app/Controllers/userController.php | 20 +++++++++++++++++--- app/views/auth/register.phtml | 7 +++++++ lib/lib_rss.php | 16 ++++++++++++++++ 3 files changed, 40 insertions(+), 3 deletions(-) (limited to 'app/Controllers') diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php index c198d1328..46f4f434d 100644 --- a/app/Controllers/userController.php +++ b/app/Controllers/userController.php @@ -12,9 +12,14 @@ class FreshRSS_user_Controller extends Minz_ActionController { * This action is called before every other action in that class. It is * the common boiler plate for every action. It is triggered by the * underlying framework. + * + * @todo clean up the access condition. */ public function firstAction() { - if (!FreshRSS_Auth::hasAccess()) { + if (!FreshRSS_Auth::hasAccess() && !( + Minz_Request::actionName() === 'create' && + !max_registrations_reached() + )) { Minz_Error::error(403); } } @@ -111,11 +116,16 @@ class FreshRSS_user_Controller extends Minz_ActionController { * - new_user_name * - new_user_passwordPlain * - new_user_email + * - r (i.e. a redirection url, optional) * * @todo clean up this method. Idea: write a method to init a user with basic information. + * @todo handle r redirection in Minz_Request::forward directly? */ public function createAction() { - if (Minz_Request::isPost() && FreshRSS_Auth::hasAccess('admin')) { + if (Minz_Request::isPost() && ( + FreshRSS_Auth::hasAccess('admin') || + !max_registrations_reached() + )) { $db = FreshRSS_Context::$system_conf->db; require_once(APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php'); @@ -186,7 +196,11 @@ class FreshRSS_user_Controller extends Minz_ActionController { Minz_Session::_param('notification', $notif); } - Minz_Request::forward(array('c' => 'user', 'a' => 'manage'), true); + $redirect_url = urldecode(Minz_Request::param('r', false, true)); + if (!$redirect_url) { + $redirect_url = array('c' => 'user', 'a' => 'manage'); + } + Minz_Request::forward($redirect_url, true); } /** diff --git a/app/views/auth/register.phtml b/app/views/auth/register.phtml index 31ab89d26..96c91f411 100644 --- a/app/views/auth/register.phtml +++ b/app/views/auth/register.phtml @@ -29,6 +29,13 @@
+ 'index', 'a' => 'index'), + 'php', true + )); + ?> +
diff --git a/lib/lib_rss.php b/lib/lib_rss.php index 0118e0f46..c99e2c7e8 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -266,6 +266,22 @@ function listUsers() { } +/** + * Return if the maximum number of registrations has been reached. + * + * Note a max_regstrations of 0 means there is no limit. + * + * @return true if number of users >= max registrations, false else. + */ +function max_registrations_reached() { + $system_conf = Minz_Configuration::get('system'); + $limit_registrations = $system_conf->limits['max_registrations']; + $number_accounts = count(listUsers()); + + return $limit_registrations > 0 && $number_accounts >= $limit_registrations; +} + + /** * Register and return the configuration for a given user. * -- cgit v1.2.3 From f560c44a003ca69644f8e7262dca2f8f7e6932d5 Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Wed, 22 Jul 2015 14:00:08 +0200 Subject: Hide registration form if max registration reached See https://github.com/FreshRSS/FreshRSS/issues/679 --- app/Controllers/authController.php | 3 +++ app/views/auth/formLogin.phtml | 4 +++- app/views/auth/personaLogin.phtml | 4 ++++ 3 files changed, 10 insertions(+), 1 deletion(-) (limited to 'app/Controllers') diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php index 1c8ad2193..223282afb 100644 --- a/app/Controllers/authController.php +++ b/app/Controllers/authController.php @@ -351,5 +351,8 @@ class FreshRSS_auth_Controller extends Minz_ActionController { * This action gives possibility to a user to create an account. */ public function registerAction() { + if (max_registrations_reached()) { + Minz_Error::error(403); + } } } diff --git a/app/views/auth/formLogin.phtml b/app/views/auth/formLogin.phtml index 75537ee26..3a6053065 100644 --- a/app/views/auth/formLogin.phtml +++ b/app/views/auth/formLogin.phtml @@ -1,7 +1,9 @@

- + + +
diff --git a/app/views/auth/personaLogin.phtml b/app/views/auth/personaLogin.phtml index 545ed2eac..91349a67e 100644 --- a/app/views/auth/personaLogin.phtml +++ b/app/views/auth/personaLogin.phtml @@ -2,6 +2,10 @@

+ + + +

+ /> +
@@ -59,21 +59,30 @@ -
+

+
+ +
+ +
+ +
+
+
'index', 'a' => 'index'), + array('c' => 'user', 'a' => 'profile'), 'php', true )); ?> - +
-- cgit v1.2.3 From f0a1b26584787e173c8c9cd1a5fea27bb3044f1c Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Wed, 22 Jul 2015 23:06:46 +0200 Subject: Add title to the account creation page See https://github.com/FreshRSS/FreshRSS/issues/679 --- app/Controllers/authController.php | 2 ++ app/i18n/cz/gen.php | 1 + app/i18n/de/gen.php | 1 + app/i18n/en/gen.php | 1 + app/i18n/fr/gen.php | 1 + 5 files changed, 6 insertions(+) (limited to 'app/Controllers') diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php index 223282afb..aff184263 100644 --- a/app/Controllers/authController.php +++ b/app/Controllers/authController.php @@ -354,5 +354,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController { if (max_registrations_reached()) { Minz_Error::error(403); } + + Minz_View::prependTitle(_t('gen.auth.registration.title') . ' · '); } } diff --git a/app/i18n/cz/gen.php b/app/i18n/cz/gen.php index a89bf6b49..53127998f 100644 --- a/app/i18n/cz/gen.php +++ b/app/i18n/cz/gen.php @@ -34,6 +34,7 @@ return array( 'registration' => array( '_' => 'New account', // TODO: translate 'ask' => 'Create an account?', // TODO: translate + 'title' => 'Account creation', // TODO: translate ), 'reset' => 'Reset přihlášení', 'username' => array( diff --git a/app/i18n/de/gen.php b/app/i18n/de/gen.php index d6fcfe1e4..f8f4823a6 100644 --- a/app/i18n/de/gen.php +++ b/app/i18n/de/gen.php @@ -34,6 +34,7 @@ return array( 'registration' => array( '_' => 'New account', // TODO: translate 'ask' => 'Create an account?', // TODO: translate + 'title' => 'Account creation', // TODO: translate ), 'reset' => 'Zurücksetzen der Authentifizierung', 'username' => array( diff --git a/app/i18n/en/gen.php b/app/i18n/en/gen.php index 063322cbf..1feb8d6ac 100644 --- a/app/i18n/en/gen.php +++ b/app/i18n/en/gen.php @@ -34,6 +34,7 @@ return array( 'registration' => array( '_' => 'New account', 'ask' => 'Create an account?', + 'title' => 'Account creation', ), 'reset' => 'Authentication reset', 'username' => array( diff --git a/app/i18n/fr/gen.php b/app/i18n/fr/gen.php index 5abc7a27b..67d278be4 100644 --- a/app/i18n/fr/gen.php +++ b/app/i18n/fr/gen.php @@ -34,6 +34,7 @@ return array( 'registration' => array( '_' => 'Nouveau compte', 'ask' => 'Créer un compte ?', + 'title' => 'Création de compte', ), 'reset' => 'Réinitialisation de l’authentification', 'username' => array( -- cgit v1.2.3