From bd5d7a7bcb16cff1c01f4445ceee765fc11e3b50 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Mon, 30 Dec 2013 15:00:41 +0100
Subject: Cache HTTP compatible multi-utilisateur
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Contribue à https://github.com/marienfressinaud/FreshRSS/issues/126
---
 app/Controllers/configureController.php |  2 +-
 app/Controllers/indexController.php     |  4 +--
 app/FreshRSS.php                        | 51 ++++++++++++++++++++++++---------
 app/Models/LogDAO.php                   |  8 ++++--
 app/actualize_script.php                | 12 +++++---
 app/views/configure/users.phtml         |  6 ++--
 6 files changed, 57 insertions(+), 26 deletions(-)

(limited to 'app')

diff --git a/app/Controllers/configureController.php b/app/Controllers/configureController.php
index 656e2ac89..2260e978b 100755
--- a/app/Controllers/configureController.php
+++ b/app/Controllers/configureController.php
@@ -322,7 +322,7 @@ class FreshRSS_configure_Controller extends Minz_ActionController {
 
 			Minz_Session::_param('mail', $this->view->conf->mail_login);
 
-			if (Minz_Configuration::isAdmin()) {
+			if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) {
 				$anon = Minz_Request::param('anon_access', false);
 				$anon = ((bool)$anon) && ($anon !== 'no');
 				$auth_type = Minz_Request::param('auth_type', 'none');
diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php
index cc851a1fa..7309169a6 100755
--- a/app/Controllers/indexController.php
+++ b/app/Controllers/indexController.php
@@ -218,10 +218,10 @@ class FreshRSS_index_Controller extends Minz_ActionController {
 		Minz_View::prependTitle (Minz_Translate::t ('logs') . ' - ');
 
 		if (Minz_Request::isPost ()) {
-			file_put_contents(LOG_PATH . '/' . Minz_Configuration::currentUser() . '.log', '');	//Truncate
+			FreshRSS_LogDAO::truncate();
 		}
 
-		$logs = FreshRSS_LogDAO::lines(Minz_Configuration::currentUser());	//TODO: ask only the necessary lines
+		$logs = FreshRSS_LogDAO::lines();	//TODO: ask only the necessary lines
 
 		//gestion pagination
 		$page = Minz_Request::param ('page', 1);
diff --git a/app/FreshRSS.php b/app/FreshRSS.php
index 10f362717..0e166cc3b 100644
--- a/app/FreshRSS.php
+++ b/app/FreshRSS.php
@@ -1,22 +1,24 @@
 <?php
 class FreshRSS extends Minz_FrontController {
-	public function init($currentUser = null) {
-		Minz_Session::init('FreshRSS');
-		$this->accessControl($currentUser);
+	public function init() {
+		if (!isset($_SESSION)) {
+			Minz_Session::init('FreshRSS');
+		}
+		$this->accessControl(Minz_Session::param('currentUser', ''));
 		$this->loadParamsView();
 		$this->loadStylesAndScripts();
 		$this->loadNotifications();
 	}
 
 	private function accessControl($currentUser) {
-		if ($currentUser === null) {
+		if ($currentUser == '') {
 			switch (Minz_Configuration::authType()) {
 				case 'http_auth':
 					$currentUser = httpAuthUser();
 					$loginOk = $currentUser != '';
 					break;
 				case 'persona':
-					$currentUser = Minz_Configuration::defaultUser();
+					$currentUser = Minz_Configuration::defaultUser();	//TODO: Make Persona compatible with multi-user
 					$loginOk = Minz_Session::param('mail') != '';
 					break;
 				case 'none':
@@ -24,28 +26,49 @@ class FreshRSS extends Minz_FrontController {
 					$loginOk = true;
 					break;
 				default:
+					$currentUser = Minz_Configuration::defaultUser();
 					$loginOk = false;
 					break;
 			}
-		} elseif ((PHP_SAPI === 'cli') && (Minz_Request::actionName() === 'actualize')) {	//Command line
-			Minz_Configuration::_authType('none');
+		} else {
 			$loginOk = true;
 		}
 
-		if (!$loginOk || !isValidUser($currentUser)) {
-			$currentUser = Minz_Configuration::defaultUser();
-			$loginOk = false;
+		if (!ctype_alnum($currentUser)) {
+			Minz_Session::_param('currentUser', '');
+			die('Invalid username [' . $currentUser . ']!');
 		}
-		Minz_Configuration::_currentUser($currentUser);
-		Minz_View::_param ('loginOk', $loginOk);
 
 		try {
 			$this->conf = new FreshRSS_Configuration($currentUser);
 		} catch (Minz_Exception $e) {
-			// Permission denied or conf file does not exist
-			die($e->getMessage());
+			Minz_Session::_param('currentUser', '');
+			die('Invalid configuration for user [' . $currentUser . ']! ' . $e->getMessage());	//Permission denied or conf file does not exist
 		}
 		Minz_View::_param ('conf', $this->conf);
+		Minz_Session::_param('currentUser', $currentUser);
+
+		if ($loginOk) {
+			switch (Minz_Configuration::authType()) {
+				case 'http_auth':
+					$loginOk = $currentUser === httpAuthUser();
+					break;
+				case 'persona':
+					$loginOk = Minz_Session::param('mail') === $this->conf->mail_login;
+					break;
+				case 'none':
+					$loginOk = true;
+					break;
+				default:
+					$loginOk = false;
+					break;
+			}
+			if ((!$loginOk) && (PHP_SAPI === 'cli') && (Minz_Request::actionName() === 'actualize')) {	//Command line
+				Minz_Configuration::_authType('none');
+				$loginOk = true;
+			}
+		}
+		Minz_View::_param ('loginOk', $loginOk);
 	}
 
 	private function loadParamsView () {
diff --git a/app/Models/LogDAO.php b/app/Models/LogDAO.php
index 6205468bd..d1e515200 100644
--- a/app/Models/LogDAO.php
+++ b/app/Models/LogDAO.php
@@ -1,9 +1,9 @@
 <?php
 
 class FreshRSS_LogDAO {
-	public static function lines($user) {
+	public static function lines() {
 		$logs = array ();
-		$handle = @fopen(LOG_PATH . '/' . $user . '.log', 'r');
+		$handle = @fopen(LOG_PATH . '/' . Minz_Session::param('currentUser', '_') . '.log', 'r');
 		if ($handle) {
 			while (($line = fgets($handle)) !== false) {
 				if (preg_match ('/^\[([^\[]+)\] \[([^\[]+)\] --- (.*)$/', $line, $matches)) {
@@ -18,4 +18,8 @@ class FreshRSS_LogDAO {
 		}
 		return array_reverse($logs);
 	}
+
+	public static function truncate() {
+		file_put_contents(LOG_PATH . '/' . Minz_Session::param('currentUser', '_') . '.log', '');
+	}
 }
diff --git a/app/actualize_script.php b/app/actualize_script.php
index e0c560ff7..efe21fab6 100755
--- a/app/actualize_script.php
+++ b/app/actualize_script.php
@@ -10,13 +10,17 @@ $_SERVER['HTTP_HOST'] = '';
 
 require(LIB_PATH . '/lib_rss.php');	//Includes class autoloader
 
-$front_controller = new FreshRSS ();
+$freshRSS = new FreshRSS ();
 
 $users = listUsers();
 shuffle($users);
 
 foreach ($users as $user) {
-	$front_controller->init($user);
-	$front_controller->run();
-	invalidateHttpCache($user);
+	Minz_Session::init('FreshRSS');
+	Minz_Session::_param('currentUser', $user);
+	$freshRSS->init();
+	$freshRSS->run();
+	//invalidateHttpCache();
+	touch(LOG_PATH . '/' . $user . '.log');
+	Minz_Session::unset_session(true);
 }
diff --git a/app/views/configure/users.phtml b/app/views/configure/users.phtml
index db57448f6..cb6579a6b 100644
--- a/app/views/configure/users.phtml
+++ b/app/views/configure/users.phtml
@@ -9,10 +9,10 @@
 		<div class="form-group">
 			<label class="group-name" for="current_user"><?php echo Minz_Translate::t('current_user'); ?></label>
 			<div class="group-controls">
-				<input id="current_user" type="text" disabled="disabled" value="<?php echo Minz_Configuration::currentUser(); ?>" />
+				<input id="current_user" type="text" disabled="disabled" value="<?php echo Minz_Session::param('currentUser', '_'); ?>" />
 				<code>$_SERVER['REMOTE_USER'] = <?php echo httpAuthUser(); ?></code>
 				<label class="checkbox" for="is_admin">
-					<input type="checkbox" id="is_admin" disabled="disabled"<?php echo Minz_Configuration::isAdmin() ? ' checked="checked"' : ''; ?> />
+					<input type="checkbox" id="is_admin" disabled="disabled"<?php echo Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_')) ? ' checked="checked"' : ''; ?> />
 					<?php echo Minz_Translate::t('is_admin'); ?>
 				</label>
 			</div>
@@ -34,7 +34,7 @@
 			</div>
 		</div>
 
-		<?php if (Minz_Configuration::isAdmin()) { ?>
+		<?php if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) { ?>
 
 		<legend><?php echo Minz_Translate::t('users'); ?></legend>
 
-- 
cgit v1.2.3