From 8d2b76334cd60356c85810bf4902124105d54ad4 Mon Sep 17 00:00:00 2001 From: Clément Date: Thu, 16 Feb 2017 14:27:45 +0100 Subject: Possibility to register user having a '-', a '_' or a '.' in username --- cli/do-install.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'cli/do-install.php') diff --git a/cli/do-install.php b/cli/do-install.php index 100d4947f..eb46c7e93 100755 --- a/cli/do-install.php +++ b/cli/do-install.php @@ -47,7 +47,8 @@ if ($requirements['all'] !== 'ok') { fail($message); } -if (!ctype_alnum($options['default_user'])) { +$aValid = array('-', '_', '.'); +if (!ctype_alnum(str_replace($aValid, '', $options['default_user']))) { fail('FreshRSS invalid default username (must be ASCII alphanumeric): ' . $options['default_user']); } -- cgit v1.2.3 From 4eeae5171b885b6dda392f5dd68d6dd78a0c7858 Mon Sep 17 00:00:00 2001 From: Clément Date: Thu, 16 Feb 2017 18:54:59 +0100 Subject: use function with preg_match to check username --- app/Controllers/userController.php | 11 +++++++---- app/Models/Auth.php | 3 +-- cli/_cli.php | 4 +--- cli/create-user.php | 3 +-- cli/delete-user.php | 3 +-- cli/do-install.php | 3 +-- 6 files changed, 12 insertions(+), 15 deletions(-) (limited to 'cli/do-install.php') diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php index 6199ff218..246be1bfe 100644 --- a/app/Controllers/userController.php +++ b/app/Controllers/userController.php @@ -34,6 +34,11 @@ class FreshRSS_user_Controller extends Minz_ActionController { return $passwordHash == '' ? '' : $passwordHash; } + public static function checkUsername($username) { + $match = '/^[a-zA-Z_]{1,38}$/'; + return preg_match($match, $username) === 1; + } + /** * This action displays the user profile page. */ @@ -103,9 +108,8 @@ class FreshRSS_user_Controller extends Minz_ActionController { if (!is_array($userConfig)) { $userConfig = array(); } - $aValid = array('-', '_', '.'); - $ok = ($new_user_name != '') && ctype_alnum(str_replace($aValid, '', $new_user_name)); + $ok = self::checkUsername($new_user_name); if ($ok) { $languages = Minz_Translate::availableLanguages(); @@ -188,8 +192,7 @@ class FreshRSS_user_Controller extends Minz_ActionController { $db = FreshRSS_Context::$system_conf->db; require_once(APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php'); - $aValid = array('-', '_', '.'); - $ok = ctype_alnum(str_replace($aValid, '', $username)); + $ok = self::checkUsername($username); if ($ok) { $default_user = FreshRSS_Context::$system_conf->default_user; $ok &= (strcasecmp($username, $default_user) !== 0); //It is forbidden to delete the default user diff --git a/app/Models/Auth.php b/app/Models/Auth.php index e63a24b27..476627e10 100644 --- a/app/Models/Auth.php +++ b/app/Models/Auth.php @@ -182,8 +182,7 @@ class FreshRSS_Auth { class FreshRSS_FormAuth { public static function checkCredentials($username, $hash, $nonce, $challenge) { - $aValid = array('-', '_', '.'); - if (!ctype_alnum(str_replace($aValid, '', $username)) || + if (!FreshRSS_user_Controller::checkUsername($username) || !ctype_graph($challenge) || !ctype_alnum($nonce)) { Minz_Log::debug('Invalid credential parameters:' . diff --git a/cli/_cli.php b/cli/_cli.php index 885199659..f5e36eabc 100644 --- a/cli/_cli.php +++ b/cli/_cli.php @@ -20,9 +20,7 @@ function fail($message) { } function cliInitUser($username) { - $aValid = array('-', '_', '.'); - - if (!ctype_alnum(str_replace($aValid, '', $username))) { + if (!FreshRSS_user_Controller::checkUsername($username)) { fail('FreshRSS error: invalid username: ' . $username . "\n"); } diff --git a/cli/create-user.php b/cli/create-user.php index e5b4493e3..c9e350c14 100755 --- a/cli/create-user.php +++ b/cli/create-user.php @@ -16,9 +16,8 @@ if (empty($options['user'])) { fail('Usage: ' . basename(__FILE__) . " --user username ( --password 'password' --api-password 'api_password'" . " --language en --email user@example.net --token 'longRandomString --no-default-feeds' )"); } -$aValid = array('-', '_', '.'); $username = $options['user']; -if (!ctype_alnum(str_replace($aValid, '', $username))) { +if (!FreshRSS_user_Controller::checkUsername($username)) { fail('FreshRSS error: invalid username “' . $username . '”'); } diff --git a/cli/delete-user.php b/cli/delete-user.php index 82605fb27..baa81b893 100755 --- a/cli/delete-user.php +++ b/cli/delete-user.php @@ -9,9 +9,8 @@ $options = getopt('', array( if (empty($options['user'])) { fail('Usage: ' . basename(__FILE__) . " --user username"); } -$aValid = array('-', '_', '.'); $username = $options['user']; -if (!ctype_alnum(str_replace($aValid, '', $username))) { +if (!FreshRSS_user_Controller::checkUsername($username)) { fail('FreshRSS error: invalid username “' . $username . '”'); } diff --git a/cli/do-install.php b/cli/do-install.php index eb46c7e93..064a64ab2 100755 --- a/cli/do-install.php +++ b/cli/do-install.php @@ -47,8 +47,7 @@ if ($requirements['all'] !== 'ok') { fail($message); } -$aValid = array('-', '_', '.'); -if (!ctype_alnum(str_replace($aValid, '', $options['default_user']))) { +if (!FreshRSS_user_Controller::checkUsername($options['default_user'])) { fail('FreshRSS invalid default username (must be ASCII alphanumeric): ' . $options['default_user']); } -- cgit v1.2.3 From efcab77470d2571be6537a92b59fc1e44cecddb9 Mon Sep 17 00:00:00 2001 From: Dennis Schwerdel Date: Thu, 23 Feb 2017 18:53:08 +0100 Subject: Fixed empty db-prefix in do-install.php --- cli/do-install.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'cli/do-install.php') diff --git a/cli/do-install.php b/cli/do-install.php index 100d4947f..1f9072060 100755 --- a/cli/do-install.php +++ b/cli/do-install.php @@ -73,7 +73,7 @@ if ((!empty($config['base_url'])) && server_is_public($config['base_url'])) { foreach ($dBparams as $dBparam) { $dBparam = rtrim($dBparam, ':'); - if (!empty($options[$dBparam])) { + if (isset($options[$dBparam])) { $param = substr($dBparam, strlen('db-')); $config['db'][$param] = $options[$dBparam]; } -- cgit v1.2.3 From 9e931d1bc52443aeaf9ccf7e2b3d6eaa135368ec Mon Sep 17 00:00:00 2001 From: Dennis Schwerdel Date: Fri, 24 Feb 2017 07:20:50 +0100 Subject: Added disable_update option to cli/do-install.php --- cli/do-install.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'cli/do-install.php') diff --git a/cli/do-install.php b/cli/do-install.php index 100d4947f..483ec5224 100755 --- a/cli/do-install.php +++ b/cli/do-install.php @@ -13,6 +13,7 @@ $params = array( 'auth_type:', 'api_enabled', 'allow_robots', + 'disable_update', ); $dBparams = array( @@ -31,7 +32,7 @@ if (empty($options['default_user'])) { " --environment production --base_url https://rss.example.net/" . " --title FreshRSS --allow_anonymous --api_enabled" . " --db-type mysql --db-host localhost:3306 --db-user freshrss --db-password dbPassword123" . - " --db-base freshrss --db-prefix freshrss_ )"); + " --db-base freshrss --db-prefix freshrss_ --disable_update )"); } fwrite(STDERR, 'FreshRSS install…' . "\n"); -- cgit v1.2.3 From 17296f99d26ef3eb5a2e73428e3d67e418846ab7 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Tue, 28 Feb 2017 21:12:47 +0100 Subject: Fix CLI install bug with SQLite And improve requirements check https://github.com/FreshRSS/FreshRSS/issues/1443 --- cli/do-install.php | 41 ++++++++++++++++++++++------------------- lib/lib_install.php | 35 +++++++++++++++++++++++++++++++---- 2 files changed, 53 insertions(+), 23 deletions(-) (limited to 'cli/do-install.php') diff --git a/cli/do-install.php b/cli/do-install.php index c2f5b286d..16d03daaf 100755 --- a/cli/do-install.php +++ b/cli/do-install.php @@ -37,25 +37,6 @@ if (empty($options['default_user'])) { fwrite(STDERR, 'FreshRSS install…' . "\n"); -$requirements = checkRequirements(); -if ($requirements['all'] !== 'ok') { - $message = 'FreshRSS install failed requirements:' . "\n"; - foreach ($requirements as $requirement => $check) { - if ($check !== 'ok' && $requirement !== 'all') { - $message .= '• ' . $requirement . "\n"; - } - } - fail($message); -} - -if (!FreshRSS_user_Controller::checkUsername($options['default_user'])) { - fail('FreshRSS invalid default username (must be ASCII alphanumeric): ' . $options['default_user']); -} - -if (isset($options['auth_type']) && !in_array($options['auth_type'], array('form', 'http_auth', 'none'))) { - fail('FreshRSS invalid authentication method (auth_type must be one of { form, http_auth, none }: ' . $options['auth_type']); -} - $config = array( 'salt' => generateSalt(), 'db' => FreshRSS_Context::$system_conf->db, @@ -80,6 +61,28 @@ foreach ($dBparams as $dBparam) { } } +$requirements = checkRequirements($config['db']['type']); +if ($requirements['all'] !== 'ok') { + $message = 'FreshRSS install failed requirements:' . "\n"; + foreach ($requirements as $requirement => $check) { + if ($check !== 'ok' && !in_array($requirement, array('all', 'pdo', 'message'))) { + $message .= '• ' . $requirement . "\n"; + } + } + if (!empty($requirements['message'])) { + $message .= '• ' . $requirements['message'] . "\n"; + } + fail($message); +} + +if (!FreshRSS_user_Controller::checkUsername($options['default_user'])) { + fail('FreshRSS invalid default username (must be ASCII alphanumeric): ' . $options['default_user']); +} + +if (isset($options['auth_type']) && !in_array($options['auth_type'], array('form', 'http_auth', 'none'))) { + fail('FreshRSS invalid authentication method (auth_type must be one of { form, http_auth, none }: ' . $options['auth_type']); +} + if (file_put_contents(join_path(DATA_PATH, 'config.php'), "= 0; $minz = file_exists(join_path(LIB_PATH, 'Minz')); $curl = extension_loaded('curl'); $pdo_mysql = extension_loaded('pdo_mysql'); $pdo_sqlite = extension_loaded('pdo_sqlite'); $pdo_pgsql = extension_loaded('pdo_pgsql'); - $pdo = $pdo_mysql || $pdo_sqlite || $pdo_pgsql; + $message = ''; + switch ($dbType) { + case 'mysql': + $pdo_sqlite = $pdo_pgsql = true; + $pdo = $pdo_mysql; + break; + case 'sqlite': + $pdo_mysql = $pdo_pgsql = true; + $pdo = $pdo_sqlite; + break; + case 'pgsql': + $pdo_mysql = $pdo_sqlite = true; + $pdo = $pdo_pgsql; + break; + case '': + $pdo = $pdo_mysql || $pdo_sqlite || $pdo_pgsql; + break; + default: + $pdo_mysql = $pdo_sqlite = $pdo_pgsql = true; + $pdo = false; + $message = 'Invalid database type!'; + break; + } $pcre = extension_loaded('pcre'); $ctype = extension_loaded('ctype'); $fileinfo = extension_loaded('fileinfo'); @@ -44,8 +66,9 @@ function checkRequirements() { 'users' => $users ? 'ok' : 'ko', 'favicons' => $favicons ? 'ok' : 'ko', 'http_referer' => $http_referer ? 'ok' : 'ko', + 'message' => $message ?: 'ok', 'all' => $php && $minz && $curl && $pdo && $pcre && $ctype && $fileinfo && $dom && $xml && - $data && $cache && $users && $favicons && $http_referer ? + $data && $cache && $users && $favicons && $http_referer && $message == '' ? 'ok' : 'ko' ); } @@ -77,7 +100,11 @@ function checkDb(&$dbOptions) { break; case 'sqlite': include_once(APP_PATH . '/SQL/install.sql.sqlite.php'); - $dsn = 'sqlite:' . join_path(USERS_PATH, $dbOptions['default_user'], 'db.sqlite'); + $path = join_path(USERS_PATH, $dbOptions['default_user']); + if (!is_dir($path)) { + mkdir($path); + } + $dsn = 'sqlite:' . join_path($path, 'db.sqlite'); $driver_options = array( PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, ); -- cgit v1.2.3 From 992a811df66de7be66c64d3703e854c15a58d337 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Thu, 2 Mar 2017 23:04:38 +0100 Subject: CLI add language to install https://github.com/FreshRSS/FreshRSS/issues/1445 --- cli/do-install.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'cli/do-install.php') diff --git a/cli/do-install.php b/cli/do-install.php index 16d03daaf..4cd7597fe 100755 --- a/cli/do-install.php +++ b/cli/do-install.php @@ -6,6 +6,7 @@ require(LIB_PATH . '/lib_install.php'); $params = array( 'environment:', 'base_url:', + 'language:', 'title:', 'default_user:', 'allow_anonymous', @@ -30,7 +31,7 @@ $options = getopt('', array_merge($params, $dBparams)); if (empty($options['default_user'])) { fail('Usage: ' . basename(__FILE__) . " --default_user admin ( --auth_type form" . " --environment production --base_url https://rss.example.net/" . - " --title FreshRSS --allow_anonymous --api_enabled" . + " --language en --title FreshRSS --allow_anonymous --api_enabled" . " --db-type mysql --db-host localhost:3306 --db-user freshrss --db-password dbPassword123" . " --db-base freshrss --db-prefix freshrss_ --disable_update )"); } -- cgit v1.2.3 From 37957d45b24306f494554ee1e6c911998ca68643 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Fri, 3 Mar 2017 23:15:50 +0100 Subject: Allows do-install.php only if data/do-install.txt exists https://github.com/FreshRSS/FreshRSS/issues/1449 --- cli/do-install.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'cli/do-install.php') diff --git a/cli/do-install.php b/cli/do-install.php index 4cd7597fe..143ca5c3e 100755 --- a/cli/do-install.php +++ b/cli/do-install.php @@ -3,6 +3,10 @@ require('_cli.php'); require(LIB_PATH . '/lib_install.php'); +if (!file_exists(DATA_PATH . '/do-install.txt')) { + fail('FreshRSS looks to be already installed! Please use `./cli/reconfigure.php` instead.'); +} + $params = array( 'environment:', 'base_url:', -- cgit v1.2.3