From 4ee4f16ffe06e247d2cb79a2054ab5d5315d82b2 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sun, 15 Dec 2013 11:24:14 +0100 Subject: Problème de casse renommage répertoire MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/Minz/Configuration.php | 262 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 262 insertions(+) create mode 100644 lib/Minz/Configuration.php (limited to 'lib/Minz/Configuration.php') diff --git a/lib/Minz/Configuration.php b/lib/Minz/Configuration.php new file mode 100644 index 000000000..9fc913964 --- /dev/null +++ b/lib/Minz/Configuration.php @@ -0,0 +1,262 @@ + +*/ + +/** + * La classe Configuration permet de gérer la configuration de l'application + */ +class Minz_Configuration { + const CONF_PATH_NAME = '/application.ini'; + + /** + * VERSION est la version actuelle de MINZ + */ + const VERSION = '1.3.1.freshrss'; // version spéciale FreshRSS + + /** + * valeurs possibles pour l'"environment" + * SILENT rend l'application muette (pas de log) + * PRODUCTION est recommandée pour une appli en production + * (log les erreurs critiques) + * DEVELOPMENT log toutes les erreurs + */ + const SILENT = 0; + const PRODUCTION = 1; + const DEVELOPMENT = 2; + + /** + * définition des variables de configuration + * $sel_application une chaîne de caractères aléatoires (obligatoire) + * $environment gère le niveau d'affichage pour log et erreurs + * $use_url_rewriting indique si on utilise l'url_rewriting + * $base_url le chemin de base pour accéder à l'application + * $title le nom de l'application + * $language la langue par défaut de l'application + * $cacheEnabled permet de savoir si le cache doit être activé + * $delayCache la limite de cache + * $db paramètres pour la base de données (tableau) + * - host le serveur de la base + * - user nom d'utilisateur + * - password mot de passe de l'utilisateur + * - base le nom de la base de données + */ + private static $sel_application = ''; + private static $environment = Minz_Configuration::PRODUCTION; + private static $base_url = ''; + private static $use_url_rewriting = false; + private static $title = ''; + private static $language = 'en'; + private static $cache_enabled = false; + private static $delay_cache = 3600; + private static $default_user = ''; + private static $current_user = ''; + + private static $db = array ( + 'host' => false, + 'user' => false, + 'password' => false, + 'base' => false + ); + + /* + * Getteurs + */ + public static function selApplication () { + return self::$sel_application; + } + public static function environment () { + return self::$environment; + } + public static function baseUrl () { + return self::$base_url; + } + public static function useUrlRewriting () { + return self::$use_url_rewriting; + } + public static function title () { + return stripslashes(self::$title); + } + public static function language () { + return self::$language; + } + public static function cacheEnabled () { + return self::$cache_enabled; + } + public static function delayCache () { + return self::$delay_cache; + } + public static function dataBase () { + return self::$db; + } + public static function defaultUser () { + return self::$default_user; + } + public static function currentUser () { + return self::$current_user; + } + + /** + * Initialise les variables de configuration + * @exception Minz_FileNotExistException si le CONF_PATH_NAME n'existe pas + * @exception Minz_BadConfigurationException si CONF_PATH_NAME mal formaté + */ + public static function init () { + try { + self::parseFile (); + self::setReporting (); + } catch (Minz_FileNotExistException $e) { + throw $e; + } catch (Minz_BadConfigurationException $e) { + throw $e; + } + } + + /** + * Parse un fichier de configuration de type ".ini" + * @exception Minz_FileNotExistException si le CONF_PATH_NAME n'existe pas + * @exception Minz_BadConfigurationException si CONF_PATH_NAME mal formaté + */ + private static function parseFile () { + if (!file_exists (DATA_PATH . self::CONF_PATH_NAME)) { + throw new Minz_FileNotExistException ( + DATA_PATH . self::CONF_PATH_NAME, + Minz_Exception::ERROR + ); + } + + $ini_array = parse_ini_file ( + DATA_PATH . self::CONF_PATH_NAME, + true + ); + + if (!$ini_array) { + throw new Minz_PermissionDeniedException ( + DATA_PATH . self::CONF_PATH_NAME, + Minz_Exception::ERROR + ); + } + + // [general] est obligatoire + if (!isset ($ini_array['general'])) { + throw new Minz_BadConfigurationException ( + '[general]', + Minz_Exception::ERROR + ); + } + $general = $ini_array['general']; + + + // sel_application est obligatoire + if (!isset ($general['sel_application'])) { + throw new Minz_BadConfigurationException ( + 'sel_application', + Minz_Exception::ERROR + ); + } + self::$sel_application = $general['sel_application']; + + if (isset ($general['environment'])) { + switch ($general['environment']) { + case 'silent': + self::$environment = Minz_Configuration::SILENT; + break; + case 'development': + self::$environment = Minz_Configuration::DEVELOPMENT; + break; + case 'production': + self::$environment = Minz_Configuration::PRODUCTION; + break; + default: + throw new Minz_BadConfigurationException ( + 'environment', + Minz_Exception::ERROR + ); + } + + } + if (isset ($general['base_url'])) { + self::$base_url = $general['base_url']; + } + if (isset ($general['use_url_rewriting'])) { + self::$use_url_rewriting = $general['use_url_rewriting']; + } + + if (isset ($general['title'])) { + self::$title = $general['title']; + } + if (isset ($general['language'])) { + self::$language = $general['language']; + } + if (isset ($general['cache_enabled'])) { + self::$cache_enabled = $general['cache_enabled']; + if (CACHE_PATH === false && self::$cache_enabled) { + throw new FileNotExistException ( + 'CACHE_PATH', + Minz_Exception::ERROR + ); + } + } + if (isset ($general['delay_cache'])) { + self::$delay_cache = $general['delay_cache']; + } + if (isset ($general['default_user'])) { + self::$default_user = $general['default_user']; + self::$current_user = self::$default_user; + } + + // Base de données + $db = false; + if (isset ($ini_array['db'])) { + $db = $ini_array['db']; + } + if ($db) { + if (!isset ($db['host'])) { + throw new Minz_BadConfigurationException ( + 'host', + Minz_Exception::ERROR + ); + } + if (!isset ($db['user'])) { + throw new Minz_BadConfigurationException ( + 'user', + Minz_Exception::ERROR + ); + } + if (!isset ($db['password'])) { + throw new Minz_BadConfigurationException ( + 'password', + Minz_Exception::ERROR + ); + } + if (!isset ($db['base'])) { + throw new Minz_BadConfigurationException ( + 'base', + Minz_Exception::ERROR + ); + } + + self::$db['type'] = isset ($db['type']) ? $db['type'] : 'mysql'; + self::$db['host'] = $db['host']; + self::$db['user'] = $db['user']; + self::$db['password'] = $db['password']; + self::$db['base'] = $db['base']; + self::$db['prefix'] = isset ($db['prefix']) ? $db['prefix'] : ''; + } + } + + private static function setReporting () { + if (self::environment () == self::DEVELOPMENT) { + error_reporting (E_ALL); + ini_set ('display_errors','On'); + ini_set('log_errors', 'On'); + } elseif (self::environment () == self::PRODUCTION) { + error_reporting(E_ALL); + ini_set('display_errors','Off'); + ini_set('log_errors', 'On'); + } else { + error_reporting(0); + } + } +} -- cgit v1.2.3 From 415d7a5a716726759c30151af11bd588d52acbb2 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sun, 22 Dec 2013 16:08:24 +0100 Subject: config.php plutôt que application.ini MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Implémente https://github.com/marienfressinaud/FreshRSS/issues/272 --- data/.gitignore | 1 + lib/Minz/Configuration.php | 8 ++--- public/index.php | 2 +- public/install.php | 80 +++++++++++++++++++++++++--------------------- 4 files changed, 48 insertions(+), 43 deletions(-) (limited to 'lib/Minz/Configuration.php') diff --git a/data/.gitignore b/data/.gitignore index 677c8f58c..a8091901a 100644 --- a/data/.gitignore +++ b/data/.gitignore @@ -1,4 +1,5 @@ application.ini +config.php *_user.php *.sqlite touch.txt diff --git a/lib/Minz/Configuration.php b/lib/Minz/Configuration.php index 9fc913964..1b108dcdf 100644 --- a/lib/Minz/Configuration.php +++ b/lib/Minz/Configuration.php @@ -8,7 +8,7 @@ * La classe Configuration permet de gérer la configuration de l'application */ class Minz_Configuration { - const CONF_PATH_NAME = '/application.ini'; + const CONF_PATH_NAME = '/config.php'; /** * VERSION est la version actuelle de MINZ @@ -126,10 +126,7 @@ class Minz_Configuration { ); } - $ini_array = parse_ini_file ( - DATA_PATH . self::CONF_PATH_NAME, - true - ); + $ini_array = include(DATA_PATH . self::CONF_PATH_NAME); if (!$ini_array) { throw new Minz_PermissionDeniedException ( @@ -147,7 +144,6 @@ class Minz_Configuration { } $general = $ini_array['general']; - // sel_application est obligatoire if (!isset ($general['sel_application'])) { throw new Minz_BadConfigurationException ( diff --git a/public/index.php b/public/index.php index 829e418f9..c8b15b3d9 100755 --- a/public/index.php +++ b/public/index.php @@ -29,7 +29,7 @@ if (file_exists ('install.php')) { $dateLastModification = max( @filemtime(DATA_PATH . '/touch.txt'), @filemtime(LOG_PATH . '/application.log'), - @filemtime(DATA_PATH . '/application.ini') + @filemtime(DATA_PATH . '/config.php') ); $_SERVER['QUERY_STRING'] .= '&utime=' . file_get_contents(DATA_PATH . '/touch.txt'); //For ETag if (httpConditional($dateLastModification, 0, 0, false, false, true)) { diff --git a/public/install.php b/public/install.php index 7fbae3436..dbbecb1a3 100644 --- a/public/install.php +++ b/public/install.php @@ -261,23 +261,29 @@ function saveStep3 () { $_SESSION['bd_prefix'] = addslashes ($_POST['prefix']); $_SESSION['bd_prefix_user'] = $_SESSION['bd_prefix'] . (empty($_SESSION['default_user']) ? '' : ($_SESSION['default_user'] . '_')); - $file_conf = DATA_PATH . '/application.ini'; - $f = fopen ($file_conf, 'w'); - writeLine ($f, '[general]'); - writeLine ($f, 'environment = "' . empty($_SESSION['environment']) ? 'production' : $_SESSION['environment'] . '"'); - writeLine ($f, 'use_url_rewriting = false'); - writeLine ($f, 'sel_application = "' . $_SESSION['sel_application'] . '"'); - writeLine ($f, 'base_url = ""'); - writeLine ($f, 'title = "' . $_SESSION['title'] . '"'); - writeLine ($f, 'default_user = "' . $_SESSION['default_user'] . '"'); - writeLine ($f, '[db]'); - writeLine ($f, 'type = "' . $_SESSION['bd_type'] . '"'); - writeLine ($f, 'host = "' . $_SESSION['bd_host'] . '"'); - writeLine ($f, 'user = "' . $_SESSION['bd_user'] . '"'); - writeLine ($f, 'password = "' . $_SESSION['bd_password'] . '"'); - writeLine ($f, 'base = "' . $_SESSION['bd_base'] . '"'); - writeLine ($f, 'prefix = "' . $_SESSION['bd_prefix'] . '"'); - fclose ($f); + $ini_array = array( + 'general' => array( + 'environment' => empty($_SESSION['environment']) ? 'production' : $_SESSION['environment'], + 'use_url_rewriting' => false, + 'sel_application' => $_SESSION['sel_application'], + 'base_url' => '', + 'title' => $_SESSION['title'], + 'default_user' => $_SESSION['default_user'], + ), + 'db' => array( + 'type' => $_SESSION['bd_type'], + 'host' => $_SESSION['bd_host'], + 'user' => $_SESSION['bd_user'], + 'password' => $_SESSION['bd_password'], + 'base' => $_SESSION['bd_base'], + 'prefix' => $_SESSION['bd_prefix'], + ), + ); + file_put_contents(DATA_PATH . '/config.php', " Date: Thu, 26 Dec 2013 19:58:17 +0100 Subject: Favicons compatibles multi-utilisateurs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Contribue à https://github.com/marienfressinaud/FreshRSS/issues/126 --- app/Controllers/feedController.php | 2 +- app/Models/CategoryDAO.php | 2 +- app/Models/Feed.php | 13 +++++++++---- lib/Minz/Configuration.php | 2 +- p/f.php | 2 +- 5 files changed, 13 insertions(+), 8 deletions(-) (limited to 'lib/Minz/Configuration.php') diff --git a/app/Controllers/feedController.php b/app/Controllers/feedController.php index 04d0aa98b..dc8a854a9 100755 --- a/app/Controllers/feedController.php +++ b/app/Controllers/feedController.php @@ -395,7 +395,7 @@ class FreshRSS_feed_Controller extends Minz_ActionController { 'type' => 'good', 'content' => Minz_Translate::t ('feed_deleted') ); - FreshRSS_Feed::faviconDelete($id); + //TODO: Delete old favicon } else { $notif = array ( 'type' => 'bad', diff --git a/app/Models/CategoryDAO.php b/app/Models/CategoryDAO.php index 6b07ab063..1cc616ac0 100644 --- a/app/Models/CategoryDAO.php +++ b/app/Models/CategoryDAO.php @@ -90,7 +90,7 @@ class FreshRSS_CategoryDAO extends Minz_ModelPdo { if ($prePopulateFeeds) { $sql = 'SELECT c.id AS c_id, c.name AS c_name, ' . ($details ? 'c.color AS c_color, ' : '') - . ($details ? 'f.* ' : 'f.id, f.name, f.website, f.priority, f.error, f.cache_nbEntries, f.cache_nbUnreads ') + . ($details ? 'f.* ' : 'f.id, f.name, f.url, f.website, f.priority, f.error, f.cache_nbEntries, f.cache_nbUnreads ') . 'FROM `' . $this->prefix . 'category` c ' . 'LEFT OUTER JOIN `' . $this->prefix . 'feed` f ON f.category = c.id ' . 'GROUP BY f.id ' diff --git a/app/Models/Feed.php b/app/Models/Feed.php index 3008e33d7..f9a586122 100644 --- a/app/Models/Feed.php +++ b/app/Models/Feed.php @@ -28,6 +28,11 @@ class FreshRSS_Feed extends Minz_Model { public function id () { return $this->id; } + + public function hash() { + return hash('crc32b', Minz_Configuration::salt() . $this->url); + } + public function url () { return $this->url; } @@ -96,7 +101,7 @@ class FreshRSS_Feed extends Minz_Model { return $this->nbNotRead; } public function faviconPrepare() { - $file = DATA_PATH . '/favicons/' . $this->id () . '.txt'; + $file = DATA_PATH . '/favicons/' . $this->hash() . '.txt'; if (!file_exists ($file)) { $t = $this->website; if (empty($t)) { @@ -105,13 +110,13 @@ class FreshRSS_Feed extends Minz_Model { file_put_contents($file, $t); } } - public static function faviconDelete($id) { - $path = DATA_PATH . '/favicons/' . $id; + public static function faviconDelete($hash) { + $path = DATA_PATH . '/favicons/' . $hash; @unlink($path . '.ico'); @unlink($path . '.txt'); } public function favicon () { - return Minz_Url::display ('/f.php?' . $this->id ()); + return Minz_Url::display ('/f.php?' . $this->hash()); } public function _id ($value) { diff --git a/lib/Minz/Configuration.php b/lib/Minz/Configuration.php index 1b108dcdf..6c7206988 100644 --- a/lib/Minz/Configuration.php +++ b/lib/Minz/Configuration.php @@ -63,7 +63,7 @@ class Minz_Configuration { /* * Getteurs */ - public static function selApplication () { + public static function salt () { return self::$sel_application; } public static function environment () { diff --git a/p/f.php b/p/f.php index a56d58617..872b8cc2c 100644 --- a/p/f.php +++ b/p/f.php @@ -37,7 +37,7 @@ function download_favicon ($website, $dest) { } $id = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '0'; -if (!ctype_digit($id)) { +if (!ctype_xdigit($id)) { $id = '0'; } -- cgit v1.2.3 From 3273fee15e8d944debfaafd025c67c2ac514905d Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sat, 28 Dec 2013 00:04:34 +0100 Subject: Un peu de configuration utilisateur Continue https://github.com/marienfressinaud/FreshRSS/issues/126 --- app/i18n/en.php | 2 ++ app/i18n/fr.php | 2 ++ app/views/configure/users.phtml | 22 +++++++++++++--------- lib/Minz/Configuration.php | 3 +++ 4 files changed, 20 insertions(+), 9 deletions(-) (limited to 'lib/Minz/Configuration.php') diff --git a/app/i18n/en.php b/app/i18n/en.php index a1ab4a025..7c4f090ae 100644 --- a/app/i18n/en.php +++ b/app/i18n/en.php @@ -163,6 +163,8 @@ return array ( 'auth_token' => 'Authentication token', 'explain_token' => 'Allows to access RSS output without authentication.
%s?token=%s', 'login_configuration' => 'Login', + 'is_admin' => 'is administrator', + 'auth_type' => 'Authentication method', 'language' => 'Language', 'month' => 'months', diff --git a/app/i18n/fr.php b/app/i18n/fr.php index f4e9d109c..9dff6dd33 100644 --- a/app/i18n/fr.php +++ b/app/i18n/fr.php @@ -163,6 +163,8 @@ return array ( 'auth_token' => 'Jeton d’identification', 'explain_token' => 'Permet d’accéder à la sortie RSS sans besoin de s’authentifier.
%s?output=rss&token=%s', 'login_configuration' => 'Identification', + 'is_admin' => 'est administrateur', + 'auth_type' => 'Méthode d’authentification', 'language' => 'Langue', 'month' => 'mois', diff --git a/app/views/configure/users.phtml b/app/views/configure/users.phtml index a8e2deea1..81e551d95 100644 --- a/app/views/configure/users.phtml +++ b/app/views/configure/users.phtml @@ -6,14 +6,6 @@
-
- -
- - $_SERVER['REMOTE_USER'] = -
-
-
- +
+ $_SERVER['REMOTE_USER'] = + +
+
+
diff --git a/lib/Minz/Configuration.php b/lib/Minz/Configuration.php index 6c7206988..1e8058dc2 100644 --- a/lib/Minz/Configuration.php +++ b/lib/Minz/Configuration.php @@ -96,6 +96,9 @@ class Minz_Configuration { public static function currentUser () { return self::$current_user; } + public static function isAdmin () { + return self::$current_user === self::$default_user; + } /** * Initialise les variables de configuration -- cgit v1.2.3 From 9ac1496d63da32524a33696187342ce061e9ef28 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sat, 28 Dec 2013 13:54:52 +0100 Subject: Bouge anon_access dans config.php MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit L'accès anonyme n'est pas au niveau utilisateur mais au niveau global. Bouge FreshRSS_Configuration::conf->anonAccess() qui était stocké dans *_user.php vers Minz_Configuration::allowAnonymous() stocké dans config.php Contribue à https://github.com/marienfressinaud/FreshRSS/issues/126 + autres optimisations Contribue à https://github.com/marienfressinaud/FreshRSS/issues/260 --- app/Controllers/configureController.php | 11 ++++--- app/Controllers/indexController.php | 6 ++-- app/Models/Configuration.php | 12 ------- app/Models/ConfigurationDAO.php | 4 --- app/layout/header.phtml | 2 +- app/views/configure/users.phtml | 2 +- app/views/index/index.phtml | 2 +- data/.gitignore | 3 +- lib/Minz/Configuration.php | 58 ++++++++++++++++++++++++++------- 9 files changed, 61 insertions(+), 39 deletions(-) (limited to 'lib/Minz/Configuration.php') diff --git a/app/Controllers/configureController.php b/app/Controllers/configureController.php index 487f6e4ad..dd9674588 100755 --- a/app/Controllers/configureController.php +++ b/app/Controllers/configureController.php @@ -398,15 +398,13 @@ class FreshRSS_configure_Controller extends Minz_ActionController { $current_token = $this->view->conf->token(); $mail = Minz_Request::param('mail_login', false); - $anon = Minz_Request::param('anon_access', 'no'); $token = Minz_Request::param('token', $current_token); + $this->view->conf->_mailLogin($mail); - $this->view->conf->_anonAccess($anon); $this->view->conf->_token($token); $values = array( 'mail_login' => $this->view->conf->mailLogin(), - 'anon_access' => $this->view->conf->anonAccess(), 'token' => $this->view->conf->token(), ); @@ -415,7 +413,12 @@ class FreshRSS_configure_Controller extends Minz_ActionController { Minz_Session::_param('conf', $this->view->conf); Minz_Session::_param('mail', $this->view->conf->mailLogin()); - // notif + $anon = (bool)(Minz_Request::param('anon_access', false)); + if ($anon != Minz_Configuration::allowAnonymous()) { + Minz_Configuration::_allowAnonymous($anon); + Minz_Configuration::writeFile(); + } + $notif = array( 'type' => 'good', 'content' => Minz_Translate::t('configuration_updated') diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php index 6c0ba9058..0c229aedb 100755 --- a/app/Controllers/indexController.php +++ b/app/Controllers/indexController.php @@ -24,7 +24,7 @@ class FreshRSS_index_Controller extends Minz_ActionController { // check if user is log in if(login_is_conf ($this->view->conf) && !is_logged() && - $this->view->conf->anonAccess() === 'no' && + !Minz_Configuration::allowAnonymous() && !($output === 'rss' && $token_is_ok)) { return; } @@ -36,8 +36,8 @@ class FreshRSS_index_Controller extends Minz_ActionController { $params['search'] = urlencode ($params['search']); } if (login_is_conf($this->view->conf) && - $this->view->conf->anonAccess() === 'no' && - $token != '') { + !Minz_Configuration::allowAnonymous() && + $token !== '') { $params['token'] = $token; } $this->view->rss_url = array ( diff --git a/app/Models/Configuration.php b/app/Models/Configuration.php index cb2f90655..7f4be474d 100644 --- a/app/Models/Configuration.php +++ b/app/Models/Configuration.php @@ -20,7 +20,6 @@ class FreshRSS_Configuration extends Minz_Model { private $mark_when = array (); private $sharing = array (); private $theme; - private $anon_access; private $token; private $auto_load_more; private $topline_read; @@ -52,7 +51,6 @@ class FreshRSS_Configuration extends Minz_Model { $this->_sharing ($confDAO->sharing); $this->_theme ($confDAO->theme); FreshRSS_Themes::setThemeId ($confDAO->theme); - $this->_anonAccess ($confDAO->anon_access); $this->_token ($confDAO->token); $this->_autoLoadMore ($confDAO->auto_load_more); $this->_topline_read ($confDAO->topline_read); @@ -132,9 +130,6 @@ class FreshRSS_Configuration extends Minz_Model { public function theme () { return $this->theme; } - public function anonAccess () { - return $this->anon_access; - } public function token () { return $this->token; } @@ -283,13 +278,6 @@ class FreshRSS_Configuration extends Minz_Model { public function _theme ($value) { $this->theme = $value; } - public function _anonAccess ($value) { - if ($value == 'yes') { - $this->anon_access = 'yes'; - } else { - $this->anon_access = 'no'; - } - } public function _token ($value) { $this->token = $value; } diff --git a/app/Models/ConfigurationDAO.php b/app/Models/ConfigurationDAO.php index 91210e701..fa4d3338f 100644 --- a/app/Models/ConfigurationDAO.php +++ b/app/Models/ConfigurationDAO.php @@ -38,7 +38,6 @@ class FreshRSS_ConfigurationDAO extends Minz_ModelArray { 'print' => true ); public $theme = 'default'; - public $anon_access = 'no'; public $token = ''; public $auto_load_more = 'yes'; public $topline_read = 'yes'; @@ -108,9 +107,6 @@ class FreshRSS_ConfigurationDAO extends Minz_ModelArray { if (isset ($this->array['theme'])) { $this->theme = $this->array['theme']; } - if (isset ($this->array['anon_access'])) { - $this->anon_access = $this->array['anon_access']; - } if (isset ($this->array['token'])) { $this->token = $this->array['token']; } diff --git a/app/layout/header.phtml b/app/layout/header.phtml index bba22508e..aeb417a6e 100644 --- a/app/layout/header.phtml +++ b/app/layout/header.phtml @@ -21,7 +21,7 @@
conf) || is_logged() || - $this->conf->anonAccess() == 'yes') { ?> + Minz_Configuration::allowAnonymous()) { ?>
diff --git a/app/views/configure/users.phtml b/app/views/configure/users.phtml index 40cce590e..c57671ef3 100644 --- a/app/views/configure/users.phtml +++ b/app/views/configure/users.phtml @@ -50,7 +50,7 @@
diff --git a/app/views/index/index.phtml b/app/views/index/index.phtml index cf98060c4..2d134ba4e 100644 --- a/app/views/index/index.phtml +++ b/app/views/index/index.phtml @@ -7,7 +7,7 @@ $token_is_ok = ($token != '' && $token == $token_param); if(!login_is_conf ($this->conf) || is_logged() || - $this->conf->anonAccess() == 'yes' || + Minz_Configuration::allowAnonymous() || ($output == 'rss' && $token_is_ok)) { if($output == 'rss') { $this->renderHelper ('view/rss_view'); diff --git a/data/.gitignore b/data/.gitignore index a8091901a..1d8393f3b 100644 --- a/data/.gitignore +++ b/data/.gitignore @@ -3,4 +3,5 @@ config.php *_user.php *.sqlite touch.txt -no-cache.txt \ No newline at end of file +no-cache.txt +*.bak diff --git a/lib/Minz/Configuration.php b/lib/Minz/Configuration.php index 1e8058dc2..fc0a4c2c1 100644 --- a/lib/Minz/Configuration.php +++ b/lib/Minz/Configuration.php @@ -52,6 +52,7 @@ class Minz_Configuration { private static $delay_cache = 3600; private static $default_user = ''; private static $current_user = ''; + private static $allow_anonymous = false; private static $db = array ( 'host' => false, @@ -99,6 +100,12 @@ class Minz_Configuration { public static function isAdmin () { return self::$current_user === self::$default_user; } + public static function allowAnonymous() { + return self::$allow_anonymous; + } + public static function _allowAnonymous($allow = false) { + self::$allow_anonymous = (bool)$allow; + } /** * Initialise les variables de configuration @@ -116,8 +123,25 @@ class Minz_Configuration { } } + public static function writeFile() { + $ini_array = array( + 'general' => array( + 'environment' => self::$environment, + 'use_url_rewriting' => self::$use_url_rewriting, + 'sel_application' => self::$sel_application, + 'base_url' => self::$base_url, + 'title' => self::$title, + 'default_user' => self::$default_user, + 'allow_anonymous' => self::$allow_anonymous, + ), + 'db' => self::$db, + ); + @rename(DATA_PATH . self::CONF_PATH_NAME, DATA_PATH . self::CONF_PATH_NAME . '.bak'); + return file_put_contents(DATA_PATH . self::CONF_PATH_NAME, " Date: Sat, 28 Dec 2013 18:07:16 +0100 Subject: Suite nettoyage des types et chaînes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Contribue à https://github.com/marienfressinaud/FreshRSS/issues/260 --- app/Controllers/configureController.php | 40 +++++++++++++++------------------ lib/Minz/Configuration.php | 2 +- lib/Minz/ModelArray.php | 21 ++--------------- 3 files changed, 21 insertions(+), 42 deletions(-) (limited to 'lib/Minz/Configuration.php') diff --git a/app/Controllers/configureController.php b/app/Controllers/configureController.php index dd9674588..f458cddf1 100755 --- a/app/Controllers/configureController.php +++ b/app/Controllers/configureController.php @@ -93,14 +93,6 @@ class FreshRSS_configure_Controller extends Minz_ActionController { ); } else { if (Minz_Request::isPost () && $this->view->flux) { - $name = Minz_Request::param ('name', ''); - $description = sanitizeHTML(Minz_Request::param('description', '', true)); - $website = Minz_Request::param('website', ''); - $url = Minz_Request::param('url', ''); - $keep_history = intval(Minz_Request::param ('keep_history', -2)); - $cat = Minz_Request::param ('category', 0); - $path = Minz_Request::param ('path_entries', ''); - $priority = Minz_Request::param ('priority', 0); $user = Minz_Request::param ('http_user', ''); $pass = Minz_Request::param ('http_pass', ''); @@ -110,15 +102,15 @@ class FreshRSS_configure_Controller extends Minz_ActionController { } $values = array ( - 'name' => $name, - 'description' => $description, - 'website' => $website, - 'url' => $url, - 'category' => $cat, - 'pathEntries' => $path, - 'priority' => $priority, + 'name' => Minz_Request::param ('name', ''), + 'description' => sanitizeHTML(Minz_Request::param('description', '', true)), + 'website' => Minz_Request::param('website', ''), + 'url' => Minz_Request::param('url', ''), + 'category' => intval(Minz_Request::param ('category', 0)), + 'pathEntries' => Minz_Request::param ('path_entries', ''), + 'priority' => intval(Minz_Request::param ('priority', 0)), 'httpAuth' => $httpAuth, - 'keep_history' => $keep_history + 'keep_history' => intval(Minz_Request::param ('keep_history', -2)), ); if ($feedDAO->updateFeed ($id, $values)) { @@ -176,7 +168,7 @@ class FreshRSS_configure_Controller extends Minz_ActionController { $bottomline_link = Minz_Request::param ('bottomline_link', 'no'); $this->view->conf->_language ($language); - $this->view->conf->_postsPerPage (intval ($nb)); + $this->view->conf->_postsPerPage ($nb); $this->view->conf->_viewMode ($mode); $this->view->conf->_defaultView ($view); $this->view->conf->_autoLoadMore ($auto_load_more); @@ -395,6 +387,7 @@ class FreshRSS_configure_Controller extends Minz_ActionController { public function usersAction() { if (Minz_Request::isPost()) { + $ok = true; $current_token = $this->view->conf->token(); $mail = Minz_Request::param('mail_login', false); @@ -409,16 +402,19 @@ class FreshRSS_configure_Controller extends Minz_ActionController { ); $confDAO = new FreshRSS_ConfigurationDAO(); - $confDAO->update($values); + $ok &= $confDAO->update($values); Minz_Session::_param('conf', $this->view->conf); Minz_Session::_param('mail', $this->view->conf->mailLogin()); - $anon = (bool)(Minz_Request::param('anon_access', false)); - if ($anon != Minz_Configuration::allowAnonymous()) { - Minz_Configuration::_allowAnonymous($anon); - Minz_Configuration::writeFile(); + if (Minz_Configuration::isAdmin()) { + $anon = (bool)(Minz_Request::param('anon_access', false)); + if ($anon != Minz_Configuration::allowAnonymous()) { + Minz_Configuration::_allowAnonymous($anon); + $ok &= Minz_Configuration::writeFile(); + } } + //TODO: use $ok $notif = array( 'type' => 'good', 'content' => Minz_Translate::t('configuration_updated') diff --git a/lib/Minz/Configuration.php b/lib/Minz/Configuration.php index fc0a4c2c1..306328904 100644 --- a/lib/Minz/Configuration.php +++ b/lib/Minz/Configuration.php @@ -77,7 +77,7 @@ class Minz_Configuration { return self::$use_url_rewriting; } public static function title () { - return stripslashes(self::$title); + return self::$title; } public static function language () { return self::$language; diff --git a/lib/Minz/ModelArray.php b/lib/Minz/ModelArray.php index bf2c4cb40..89d7f06c1 100644 --- a/lib/Minz/ModelArray.php +++ b/lib/Minz/ModelArray.php @@ -37,10 +37,8 @@ class Minz_ModelArray { if ($this->array === false) { throw new Minz_PermissionDeniedException($this->filename); - } elseif (is_array($this->array)) { - $this->array = $this->decodeArray($this->array); - } else { - $this->array = array (); + } elseif (!is_array($this->array)) { + $this->array = array(); } } } @@ -55,21 +53,6 @@ class Minz_ModelArray { return true; } - //TODO: check if still useful, and if yes, use a native function such as array_map - private function decodeArray ($array) { - $new_array = array (); - - foreach ($array as $key => $value) { - if (is_array ($value)) { - $new_array[$key] = $this->decodeArray ($value); - } else { - $new_array[$key] = stripslashes ($value); - } - } - - return $new_array; - } - private function getLock() { $handle = fopen($this->filename, 'r'); if ($handle === false) { -- cgit v1.2.3 From 96bdbafceac44af2159e6b80d3d403e0608991d9 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sat, 28 Dec 2013 23:09:39 +0100 Subject: Refactorisation FreshRSS_Configuration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Implémente https://github.com/marienfressinaud/FreshRSS/issues/260 (évite les comparaisons de chaînes au profit des vrais booléens et entiers) Grosse simplification et réduction du code relatif à la configuration. Supprime ConfigurationDAO. Permet de simplifier considérablement configureController. Évite de multiples copies des mêmes données en mémoire. Évite de garder plusieurs versions de la configuration en mémoire (auparavant : dans un tableau au niveau de ModelArray + au niveau de FreshRSS_Configuration + en Session + des copies temporaires comme ConfigurationDAO). Ne stocke plus 'conf' en Session (n'était presque pas utilisé). Évite de recharger plusieurs fois Translate inutilement. Contribue à https://github.com/marienfressinaud/FreshRSS/issues/303 --- app/Controllers/configureController.php | 194 ++++----------- app/Controllers/entryController.php | 4 +- app/Controllers/feedController.php | 15 +- app/Controllers/indexController.php | 14 +- app/FreshRSS.php | 17 +- app/Models/Configuration.php | 397 ++++++++++++------------------- app/Models/ConfigurationDAO.php | 154 ------------ app/i18n/en.php | 2 +- app/i18n/fr.php | 2 +- app/layout/layout.phtml | 2 +- app/layout/nav_menu.phtml | 2 +- app/views/configure/archiving.phtml | 8 +- app/views/configure/display.phtml | 62 ++--- app/views/configure/sharing.phtml | 2 +- app/views/configure/shortcut.phtml | 2 +- app/views/configure/users.phtml | 6 +- app/views/helpers/javascript_vars.phtml | 18 +- app/views/helpers/view/global_view.phtml | 4 +- app/views/helpers/view/normal_view.phtml | 24 +- app/views/helpers/view/reader_view.phtml | 2 +- app/views/index/index.phtml | 2 +- lib/Minz/Configuration.php | 4 +- lib/Minz/ModelArray.php | 20 +- lib/Minz/Session.php | 6 +- lib/lib_rss.php | 2 +- 25 files changed, 311 insertions(+), 654 deletions(-) delete mode 100644 app/Models/ConfigurationDAO.php (limited to 'lib/Minz/Configuration.php') diff --git a/app/Controllers/configureController.php b/app/Controllers/configureController.php index f458cddf1..aabc3e4af 100755 --- a/app/Controllers/configureController.php +++ b/app/Controllers/configureController.php @@ -52,7 +52,6 @@ class FreshRSS_configure_Controller extends Minz_ActionController { } } - // notif $notif = array ( 'type' => 'good', 'content' => Minz_Translate::t ('categories_updated') @@ -139,94 +138,40 @@ class FreshRSS_configure_Controller extends Minz_ActionController { } public function displayAction () { - if (Minz_Request::isPost ()) { - $current_token = $this->view->conf->token (); - - $language = Minz_Request::param ('language', 'en'); - $nb = Minz_Request::param ('posts_per_page', 10); - $mode = Minz_Request::param ('view_mode', 'normal'); - $view = Minz_Request::param ('default_view', 'a'); - $auto_load_more = Minz_Request::param ('auto_load_more', 'no'); - $display = Minz_Request::param ('display_posts', 'no'); - $onread_jump_next = Minz_Request::param ('onread_jump_next', 'no'); - $lazyload = Minz_Request::param ('lazyload', 'no'); - $sort = Minz_Request::param ('sort_order', 'DESC'); - $openArticle = Minz_Request::param ('mark_open_article', 'no'); - $openSite = Minz_Request::param ('mark_open_site', 'no'); - $scroll = Minz_Request::param ('mark_scroll', 'no'); - $reception = Minz_Request::param ('mark_upon_reception', 'no'); - $theme = Minz_Request::param ('theme', 'default'); - $topline_read = Minz_Request::param ('topline_read', 'no'); - $topline_favorite = Minz_Request::param ('topline_favorite', 'no'); - $topline_date = Minz_Request::param ('topline_date', 'no'); - $topline_link = Minz_Request::param ('topline_link', 'no'); - $bottomline_read = Minz_Request::param ('bottomline_read', 'no'); - $bottomline_favorite = Minz_Request::param ('bottomline_favorite', 'no'); - $bottomline_sharing = Minz_Request::param ('bottomline_sharing', 'no'); - $bottomline_tags = Minz_Request::param ('bottomline_tags', 'no'); - $bottomline_date = Minz_Request::param ('bottomline_date', 'no'); - $bottomline_link = Minz_Request::param ('bottomline_link', 'no'); - - $this->view->conf->_language ($language); - $this->view->conf->_postsPerPage ($nb); - $this->view->conf->_viewMode ($mode); - $this->view->conf->_defaultView ($view); - $this->view->conf->_autoLoadMore ($auto_load_more); - $this->view->conf->_displayPosts ($display); - $this->view->conf->_onread_jump_next ($onread_jump_next); - $this->view->conf->_lazyload ($lazyload); - $this->view->conf->_sortOrder ($sort); - $this->view->conf->_markWhen (array ( - 'article' => $openArticle, - 'site' => $openSite, - 'scroll' => $scroll, - 'reception' => $reception, + if (Minz_Request::isPost()) { + $this->view->conf->_language(Minz_Request::param('language', 'en')); + $this->view->conf->_posts_per_page(Minz_Request::param('posts_per_page', 10)); + $this->view->conf->_view_mode(Minz_Request::param('view_mode', 'normal')); + $this->view->conf->_default_view (Minz_Request::param('default_view', 'a')); + $this->view->conf->_auto_load_more(Minz_Request::param('auto_load_more', false)); + $this->view->conf->_display_posts(Minz_Request::param('display_posts', false)); + $this->view->conf->_onread_jump_next(Minz_Request::param('onread_jump_next', false)); + $this->view->conf->_lazyload (Minz_Request::param('lazyload', false)); + $this->view->conf->_sort_order(Minz_Request::param('sort_order', 'DESC')); + $this->view->conf->_mark_when (array( + 'article' => Minz_Request::param('mark_open_article', false), + 'site' => Minz_Request::param('mark_open_site', false), + 'scroll' => Minz_Request::param('mark_scroll', false), + 'reception' => Minz_Request::param('mark_upon_reception', false), )); - $this->view->conf->_theme ($theme); - $this->view->conf->_topline_read ($topline_read); - $this->view->conf->_topline_favorite ($topline_favorite); - $this->view->conf->_topline_date ($topline_date); - $this->view->conf->_topline_link ($topline_link); - $this->view->conf->_bottomline_read ($bottomline_read); - $this->view->conf->_bottomline_favorite ($bottomline_favorite); - $this->view->conf->_bottomline_sharing ($bottomline_sharing); - $this->view->conf->_bottomline_tags ($bottomline_tags); - $this->view->conf->_bottomline_date ($bottomline_date); - $this->view->conf->_bottomline_link ($bottomline_link); - - $values = array ( - 'language' => $this->view->conf->language (), - 'posts_per_page' => $this->view->conf->postsPerPage (), - 'view_mode' => $this->view->conf->viewMode (), - 'default_view' => $this->view->conf->defaultView (), - 'auto_load_more' => $this->view->conf->autoLoadMore (), - 'display_posts' => $this->view->conf->displayPosts (), - 'onread_jump_next' => $this->view->conf->onread_jump_next (), - 'lazyload' => $this->view->conf->lazyload (), - 'sort_order' => $this->view->conf->sortOrder (), - 'mark_when' => $this->view->conf->markWhen (), - 'theme' => $this->view->conf->theme (), - 'topline_read' => $this->view->conf->toplineRead () ? 'yes' : 'no', - 'topline_favorite' => $this->view->conf->toplineFavorite () ? 'yes' : 'no', - 'topline_date' => $this->view->conf->toplineDate () ? 'yes' : 'no', - 'topline_link' => $this->view->conf->toplineLink () ? 'yes' : 'no', - 'bottomline_read' => $this->view->conf->bottomlineRead () ? 'yes' : 'no', - 'bottomline_favorite' => $this->view->conf->bottomlineFavorite () ? 'yes' : 'no', - 'bottomline_sharing' => $this->view->conf->bottomlineSharing () ? 'yes' : 'no', - 'bottomline_tags' => $this->view->conf->bottomlineTags () ? 'yes' : 'no', - 'bottomline_date' => $this->view->conf->bottomlineDate () ? 'yes' : 'no', - 'bottomline_link' => $this->view->conf->bottomlineLink () ? 'yes' : 'no', - ); - - $confDAO = new FreshRSS_ConfigurationDAO (); - $confDAO->update ($values); - Minz_Session::_param ('conf', $this->view->conf); - Minz_Session::_param ('mail', $this->view->conf->mailLogin ()); - - Minz_Session::_param ('language', $this->view->conf->language ()); + $this->view->conf->_theme(Minz_Request::param('theme', 'default')); + $this->view->conf->_topline_read(Minz_Request::param('topline_read', false)); + $this->view->conf->_topline_favorite(Minz_Request::param('topline_favorite', false)); + $this->view->conf->_topline_date(Minz_Request::param('topline_date', false)); + $this->view->conf->_topline_link(Minz_Request::param('topline_link', false)); + $this->view->conf->_bottomline_read(Minz_Request::param('bottomline_read', false)); + $this->view->conf->_bottomline_favorite(Minz_Request::param('bottomline_favorite', false)); + $this->view->conf->_bottomline_sharing(Minz_Request::param('bottomline_sharing', false)); + $this->view->conf->_bottomline_tags(Minz_Request::param('bottomline_tags', false)); + $this->view->conf->_bottomline_date(Minz_Request::param('bottomline_date', false)); + $this->view->conf->_bottomline_link(Minz_Request::param('bottomline_link', false)); + $this->view->conf->save(); + + Minz_Session::_param ('mail', $this->view->conf->mail_login); + + Minz_Session::_param ('language', $this->view->conf->language); Minz_Translate::reset (); - // notif $notif = array ( 'type' => 'good', 'content' => Minz_Translate::t ('configuration_updated') @@ -243,22 +188,18 @@ class FreshRSS_configure_Controller extends Minz_ActionController { public function sharingAction () { if (Minz_Request::isPost ()) { - $this->view->conf->_sharing (array ( - 'shaarli' => Minz_Request::param ('shaarli', ''), - 'poche' => Minz_Request::param ('poche', ''), - 'diaspora' => Minz_Request::param ('diaspora', ''), - 'twitter' => Minz_Request::param ('twitter', 'no') === 'yes', - 'g+' => Minz_Request::param ('g+', 'no') === 'yes', - 'facebook' => Minz_Request::param ('facebook', 'no') === 'yes', - 'email' => Minz_Request::param ('email', 'no') === 'yes', - 'print' => Minz_Request::param ('print', 'no') === 'yes' + $this->view->conf->_sharing (array( + 'shaarli' => Minz_Request::param ('shaarli', false), + 'poche' => Minz_Request::param ('poche', false), + 'diaspora' => Minz_Request::param ('diaspora', false), + 'twitter' => Minz_Request::param ('twitter', false), + 'g+' => Minz_Request::param ('g+', false), + 'facebook' => Minz_Request::param ('facebook', false), + 'email' => Minz_Request::param ('email', false), + 'print' => Minz_Request::param ('print', false), )); + $this->view->conf->save(); - $confDAO = new FreshRSS_ConfigurationDAO (); - $confDAO->update ($this->view->conf->sharing ()); - Minz_Session::_param ('conf', $this->view->conf); - - // notif $notif = array ( 'type' => 'good', 'content' => Minz_Translate::t ('configuration_updated') @@ -269,9 +210,6 @@ class FreshRSS_configure_Controller extends Minz_ActionController { } Minz_View::prependTitle (Minz_Translate::t ('sharing_management') . ' - '); - - $entryDAO = new FreshRSS_EntryDAO (); - $this->view->nb_total = $entryDAO->count (); } public function importExportAction () { @@ -347,32 +285,20 @@ class FreshRSS_configure_Controller extends Minz_ActionController { '9', 'f1', 'f2', 'f3', 'f4', 'f5', 'f6', 'f7', 'f8', 'f9', 'f10', 'f11', 'f12'); $this->view->list_keys = $list_keys; - $list_names = array ('mark_read', 'mark_favorite', 'go_website', 'next_entry', - 'prev_entry', 'next_page', 'prev_page', 'collapse_entry', - 'load_more'); if (Minz_Request::isPost ()) { $shortcuts = Minz_Request::param ('shortcuts'); $shortcuts_ok = array (); foreach ($shortcuts as $key => $value) { - if (in_array ($key, $list_names) - && in_array ($value, $list_keys)) { + if (in_array($value, $list_keys)) { $shortcuts_ok[$key] = $value; } } $this->view->conf->_shortcuts ($shortcuts_ok); + $this->view->conf->save(); - $values = array ( - 'shortcuts' => $this->view->conf->shortcuts () - ); - - $confDAO = new FreshRSS_ConfigurationDAO (); - $confDAO->update ($values); - Minz_Session::_param ('conf', $this->view->conf); - - // notif $notif = array ( 'type' => 'good', 'content' => Minz_Translate::t ('shortcuts_updated') @@ -388,26 +314,20 @@ class FreshRSS_configure_Controller extends Minz_ActionController { public function usersAction() { if (Minz_Request::isPost()) { $ok = true; - $current_token = $this->view->conf->token(); + $current_token = $this->view->conf->token; $mail = Minz_Request::param('mail_login', false); $token = Minz_Request::param('token', $current_token); - $this->view->conf->_mailLogin($mail); + $this->view->conf->_mail_login($mail); $this->view->conf->_token($token); + $ok &= $this->view->conf->save(); - $values = array( - 'mail_login' => $this->view->conf->mailLogin(), - 'token' => $this->view->conf->token(), - ); - - $confDAO = new FreshRSS_ConfigurationDAO(); - $ok &= $confDAO->update($values); - Minz_Session::_param('conf', $this->view->conf); - Minz_Session::_param('mail', $this->view->conf->mailLogin()); + Minz_Session::_param('mail', $this->view->conf->mail_login); if (Minz_Configuration::isAdmin()) { - $anon = (bool)(Minz_Request::param('anon_access', false)); + $anon = (Minz_Request::param('anon_access', false)); + $anon = ((bool)$anon) && ($anon !== 'no'); if ($anon != Minz_Configuration::allowAnonymous()) { Minz_Configuration::_allowAnonymous($anon); $ok &= Minz_Configuration::writeFile(); @@ -432,20 +352,10 @@ class FreshRSS_configure_Controller extends Minz_ActionController { $old = Minz_Request::param('old_entries', 3); $keepHistoryDefault = Minz_Request::param('keep_history_default', 0); - $this->view->conf->_oldEntries($old); - $this->view->conf->_keepHistoryDefault($keepHistoryDefault); - - $values = array( - 'old_entries' => $this->view->conf->oldEntries(), - 'keep_history_default' => $this->view->conf->keepHistoryDefault(), - ); - - $confDAO = new FreshRSS_ConfigurationDAO(); - $confDAO->update($values); - Minz_Session::_param('conf', $this->view->conf); - Minz_Session::_param('mail', $this->view->conf->mailLogin ()); + $this->view->conf->_old_entries($old); + $this->view->conf->_keep_history_default($keepHistoryDefault); + $this->view->conf->save(); - // notif $notif = array( 'type' => 'good', 'content' => Minz_Translate::t('configuration_updated') diff --git a/app/Controllers/entryController.php b/app/Controllers/entryController.php index 9b5081894..b0fc37cdf 100755 --- a/app/Controllers/entryController.php +++ b/app/Controllers/entryController.php @@ -113,7 +113,7 @@ class FreshRSS_entry_Controller extends Minz_ActionController { public function purgeAction() { @set_time_limit(300); - $nb_month_old = max($this->view->conf->oldEntries(), 1); + $nb_month_old = max($this->view->conf->old_entries, 1); $date_min = time() - (3600 * 24 * 30 * $nb_month_old); $feedDAO = new FreshRSS_FeedDAO(); @@ -125,7 +125,7 @@ class FreshRSS_entry_Controller extends Minz_ActionController { foreach ($feeds as $feed) { $feedHistory = $feed->keepHistory(); if ($feedHistory == -2) { //default - $feedHistory = $this->view->conf->keepHistoryDefault(); + $feedHistory = $this->view->conf->keep_history_default; } if ($feedHistory >= 0) { $nb = $feedDAO->cleanOldEntries($feed->id(), $date_min, $feedHistory); diff --git a/app/Controllers/feedController.php b/app/Controllers/feedController.php index 77d36e977..42a0dcb11 100755 --- a/app/Controllers/feedController.php +++ b/app/Controllers/feedController.php @@ -2,7 +2,7 @@ class FreshRSS_feed_Controller extends Minz_ActionController { public function firstAction () { - $token = $this->view->conf->token(); + $token = $this->view->conf->token; $token_param = Minz_Request::param ('token', ''); $token_is_ok = ($token != '' && $token == $token_param); $action = Minz_Request::actionName (); @@ -79,13 +79,13 @@ class FreshRSS_feed_Controller extends Minz_ActionController { $feed->_id ($id); $feed->faviconPrepare(); - $is_read = $this->view->conf->markUponReception() === 'yes' ? 1 : 0; + $is_read = $this->view->conf->mark_when['reception'] ? 1 : 0; $entryDAO = new FreshRSS_EntryDAO (); $entries = array_reverse($feed->entries()); //We want chronological order and SimplePie uses reverse order // on calcule la date des articles les plus anciens qu'on accepte - $nb_month_old = $this->view->conf->oldEntries (); + $nb_month_old = $this->view->conf->old_entries; $date_min = time () - (3600 * 24 * 30 * $nb_month_old); $transactionStarted = true; @@ -182,26 +182,25 @@ class FreshRSS_feed_Controller extends Minz_ActionController { } // on calcule la date des articles les plus anciens qu'on accepte - $nb_month_old = max($this->view->conf->oldEntries(), 1); + $nb_month_old = max($this->view->conf->old_entries, 1); $date_min = time () - (3600 * 24 * 30 * $nb_month_old); $i = 0; $flux_update = 0; + $is_read = $this->view->conf->mark_when['reception'] ? 1 : 0; foreach ($feeds as $feed) { try { $url = $feed->url(); $feed->load(false); $entries = array_reverse($feed->entries()); //We want chronological order and SimplePie uses reverse order - $is_read = $this->view->conf->markUponReception() === 'yes' ? 1 : 0; - //For this feed, check last n entry GUIDs already in database $existingGuids = array_fill_keys ($entryDAO->listLastGuidsByFeed ($feed->id (), count($entries) + 10), 1); $useDeclaredDate = empty($existingGuids); $feedHistory = $feed->keepHistory(); if ($feedHistory == -2) { //default - $feedHistory = $this->view->conf->keepHistoryDefault(); + $feedHistory = $this->view->conf->keep_history_default; } // On ne vérifie pas strictement que l'article n'est pas déjà en BDD @@ -309,7 +308,7 @@ class FreshRSS_feed_Controller extends Minz_ActionController { $this->addCategories ($categories); // on calcule la date des articles les plus anciens qu'on accepte - $nb_month_old = $this->view->conf->oldEntries (); + $nb_month_old = $this->view->conf->old_entries; $date_min = time () - (3600 * 24 * 30 * $nb_month_old); // la variable $error permet de savoir si une erreur est survenue diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php index 4677787c1..54826636f 100755 --- a/app/Controllers/indexController.php +++ b/app/Controllers/indexController.php @@ -17,7 +17,7 @@ class FreshRSS_index_Controller extends Minz_ActionController { public function indexAction () { $output = Minz_Request::param ('output'); - $token = $this->view->conf->token(); + $token = $this->view->conf->token; $token_param = Minz_Request::param ('token', ''); $token_is_ok = ($token != '' && $token === $token_param); @@ -91,13 +91,13 @@ class FreshRSS_index_Controller extends Minz_ActionController { ); // On récupère les différents éléments de filtrage - $this->view->state = $state = Minz_Request::param ('state', $this->view->conf->defaultView ()); + $this->view->state = $state = Minz_Request::param ('state', $this->view->conf->default_view); $filter = Minz_Request::param ('search', ''); if (!empty($filter)) { $state = 'all'; //Search always in read and unread articles } - $this->view->order = $order = Minz_Request::param ('order', $this->view->conf->sortOrder ()); - $nb = Minz_Request::param ('nb', $this->view->conf->postsPerPage ()); + $this->view->order = $order = Minz_Request::param ('order', $this->view->conf->sort_order); + $nb = Minz_Request::param ('nb', $this->view->conf->posts_per_page); $first = Minz_Request::param ('next', ''); if ($state === 'not_read') { //Any unread article in this category at all? @@ -128,9 +128,9 @@ class FreshRSS_index_Controller extends Minz_ActionController { $this->view->today = $today; // on calcule la date des articles les plus anciens qu'on affiche - $nb_month_old = $this->view->conf->oldEntries (); + $nb_month_old = $this->view->conf->old_entries; $date_min = $today - (3600 * 24 * 30 * $nb_month_old); //Do not use a fast changing value such as time() to allow SQL caching - $keepHistoryDefault = $this->view->conf->keepHistoryDefault(); + $keepHistoryDefault = $this->view->conf->keep_history_default; try { $entries = $this->entryDAO->listWhere($getType, $getId, $state, $order, $nb + 1, $first, $filter, $date_min, $keepHistoryDefault); @@ -253,7 +253,7 @@ class FreshRSS_index_Controller extends Minz_ActionController { curl_close ($ch); $res = json_decode ($result, true); - if ($res['status'] === 'okay' && $res['email'] === $this->view->conf->mailLogin ()) { + if ($res['status'] === 'okay' && $res['email'] === $this->view->conf->mail_login) { Minz_Session::_param ('mail', $res['email']); invalidateHttpCache(); } else { diff --git a/app/FreshRSS.php b/app/FreshRSS.php index 60610e352..05c8ec8e0 100644 --- a/app/FreshRSS.php +++ b/app/FreshRSS.php @@ -2,7 +2,6 @@ class FreshRSS extends Minz_FrontController { public function init () { Minz_Session::init ('FreshRSS'); - Minz_Translate::init (); $this->loadParamsView (); $this->loadStylesAndScripts (); @@ -11,26 +10,26 @@ class FreshRSS extends Minz_FrontController { private function loadParamsView () { try { - $this->conf = Minz_Session::param ('conf', new FreshRSS_Configuration ()); + $this->conf = new FreshRSS_Configuration(); } catch (Minz_Exception $e) { // Permission denied or conf file does not exist // it's critical! - print $e->getMessage(); - exit(); + die($e->getMessage()); } Minz_View::_param ('conf', $this->conf); - Minz_Session::_param ('language', $this->conf->language ()); + Minz_Session::_param ('language', $this->conf->language); + Minz_Translate::init(); $output = Minz_Request::param ('output'); - if(!$output) { - $output = $this->conf->viewMode(); + if (!$output) { + $output = $this->conf->view_mode; Minz_Request::_param ('output', $output); } } private function loadStylesAndScripts () { - $theme = FreshRSS_Themes::get_infos($this->conf->theme()); + $theme = FreshRSS_Themes::get_infos($this->conf->theme); if ($theme) { foreach($theme["files"] as $file) { Minz_View::appendStyle (Minz_Url::display ('/themes/' . $theme['path'] . '/' . $file . '?' . @filemtime(PUBLIC_PATH . '/themes/' . $theme['path'] . '/' . $file))); @@ -40,7 +39,7 @@ class FreshRSS extends Minz_FrontController { if (login_is_conf ($this->conf)) { Minz_View::appendScript ('https://login.persona.org/include.js'); } - $includeLazyLoad = $this->conf->lazyload () === 'yes' && ($this->conf->displayPosts () === 'yes' || Minz_Request::param ('output') === 'reader'); + $includeLazyLoad = $this->conf->lazyload && ($this->conf->display_posts || Minz_Request::param ('output') === 'reader'); Minz_View::appendScript (Minz_Url::display ('/scripts/jquery.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/jquery.min.js')), false, !$includeLazyLoad, !$includeLazyLoad); if ($includeLazyLoad) { Minz_View::appendScript (Minz_Url::display ('/scripts/jquery.lazyload.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/jquery.lazyload.min.js'))); diff --git a/app/Models/Configuration.php b/app/Models/Configuration.php index 7f4be474d..b0a5d9940 100644 --- a/app/Models/Configuration.php +++ b/app/Models/Configuration.php @@ -1,258 +1,171 @@ 'en', + 'old_entries' => 3, + 'keep_history_default' => 0, + 'mail_login' => '', + 'token' => '', + 'posts_per_page' => 20, + 'view_mode' => 'normal', + 'default_view' => 'not_read', + 'auto_load_more' => true, + 'display_posts' => false, + 'onread_jump_next' => true, + 'lazyload' => true, + 'sort_order' => 'DESC', + 'anon_access' => false, + 'mark_when' => array( + 'article' => true, + 'site' => true, + 'scroll' => false, + 'reception' => false, + ), + 'theme' => 'default', + 'shortcuts' => array( + 'mark_read' => 'r', + 'mark_favorite' => 'f', + 'go_website' => 'space', + 'next_entry' => 'j', + 'prev_entry' => 'k', + 'collapse_entry' => 'c', + 'load_more' => 'm', + ), + 'topline_read' => true, + 'topline_favorite' => true, + 'topline_date' => true, + 'topline_link' => true, + 'bottomline_read' => true, + 'bottomline_favorite' => true, + 'bottomline_sharing' => true, + 'bottomline_tags' => true, + 'bottomline_date' => true, + 'bottomline_link' => true, + 'sharing' => array( + 'shaarli' => '', + 'poche' => '', + 'diaspora' => '', + 'twitter' => true, + 'g+' => true, + 'facebook' => true, + 'email' => true, + 'print' => true, + ), + ); + + private $available_languages = array( 'en' => 'English', 'fr' => 'Français', ); - private $language; - private $posts_per_page; - private $view_mode; - private $default_view; - private $display_posts; - private $onread_jump_next; - private $lazyload; - private $sort_order; - private $old_entries; - private $keep_history_default; - private $shortcuts = array (); - private $mail_login = ''; - private $mark_when = array (); - private $sharing = array (); - private $theme; - private $token; - private $auto_load_more; - private $topline_read; - private $topline_favorite; - private $topline_date; - private $topline_link; - private $bottomline_read; - private $bottomline_favorite; - private $bottomline_sharing; - private $bottomline_tags; - private $bottomline_date; - private $bottomline_link; - public function __construct () { - $confDAO = new FreshRSS_ConfigurationDAO (); - $this->_language ($confDAO->language); - $this->_postsPerPage ($confDAO->posts_per_page); - $this->_viewMode ($confDAO->view_mode); - $this->_defaultView ($confDAO->default_view); - $this->_displayPosts ($confDAO->display_posts); - $this->_onread_jump_next ($confDAO->onread_jump_next); - $this->_lazyload ($confDAO->lazyload); - $this->_sortOrder ($confDAO->sort_order); - $this->_oldEntries ($confDAO->old_entries); - $this->_keepHistoryDefault($confDAO->keep_history_default); - $this->_shortcuts ($confDAO->shortcuts); - $this->_mailLogin ($confDAO->mail_login); - $this->_markWhen ($confDAO->mark_when); - $this->_sharing ($confDAO->sharing); - $this->_theme ($confDAO->theme); - FreshRSS_Themes::setThemeId ($confDAO->theme); - $this->_token ($confDAO->token); - $this->_autoLoadMore ($confDAO->auto_load_more); - $this->_topline_read ($confDAO->topline_read); - $this->_topline_favorite ($confDAO->topline_favorite); - $this->_topline_date ($confDAO->topline_date); - $this->_topline_link ($confDAO->topline_link); - $this->_bottomline_read ($confDAO->bottomline_read); - $this->_bottomline_favorite ($confDAO->bottomline_favorite); - $this->_bottomline_sharing ($confDAO->bottomline_sharing); - $this->_bottomline_tags ($confDAO->bottomline_tags); - $this->_bottomline_date ($confDAO->bottomline_date); - $this->_bottomline_link ($confDAO->bottomline_link); - } + public function __construct ($filename = '') { + if (empty($filename)) { + $filename = DATA_PATH . '/' . Minz_Configuration::currentUser () . '_user.php'; + } + parent::__construct($filename); + $data = parent::loadArray(); - public function availableLanguages () { - return $this->available_languages; - } - public function language () { - return $this->language; - } - public function postsPerPage () { - return $this->posts_per_page; - } - public function viewMode () { - return $this->view_mode; - } - public function defaultView () { - return $this->default_view; - } - public function displayPosts () { - return $this->display_posts; - } - public function onread_jump_next () { - return $this->onread_jump_next; - } - public function lazyload () { - return $this->lazyload; - } - public function sortOrder () { - return $this->sort_order; - } - public function oldEntries () { - return $this->old_entries; - } - public function keepHistoryDefault() { - return $this->keep_history_default; - } - public function shortcuts () { - return $this->shortcuts; - } - public function mailLogin () { - return $this->mail_login; - } - public function markWhen () { - return $this->mark_when; - } - public function markWhenArticle () { - return $this->mark_when['article']; - } - public function markWhenSite () { - return $this->mark_when['site']; + foreach ($data as $key => $value) { + if (isset($this->data[$key])) { + $function = '_' . $key; + $this->$function($value); + } + } } - public function markWhenScroll () { - return $this->mark_when['scroll']; + + public function save() { + invalidateHttpCache(); + return parent::writeArray($this->data); } - public function markUponReception () { - return $this->mark_when['reception']; + + public function __get($name) { + if (array_key_exists($name, $this->data)) { + return $this->data[$name]; + } else { + $trace = debug_backtrace(); + trigger_error('Undefined FreshRSS_Configuration->' . $name . 'in ' . $trace[0]['file'] . ' line ' . $trace[0]['line'], E_USER_NOTICE); //TODO: Use Minz exceptions + return null; + } } - public function sharing ($key = false) { + + public function sharing($key = false) { if ($key === false) { - return $this->sharing; - } elseif (isset ($this->sharing[$key])) { - return $this->sharing[$key]; + return $this->data['sharing']; + } + if (isset($this->data['sharing'][$key])) { + return $this->data['sharing'][$key]; } return false; } - public function theme () { - return $this->theme; - } - public function token () { - return $this->token; - } - public function autoLoadMore () { - return $this->auto_load_more; - } - public function toplineRead () { - return $this->topline_read; - } - public function toplineFavorite () { - return $this->topline_favorite; - } - public function toplineDate () { - return $this->topline_date; - } - public function toplineLink () { - return $this->topline_link; - } - public function bottomlineRead () { - return $this->bottomline_read; - } - public function bottomlineFavorite () { - return $this->bottomline_favorite; - } - public function bottomlineSharing () { - return $this->bottomline_sharing; - } - public function bottomlineTags () { - return $this->bottomline_tags; - } - public function bottomlineDate () { - return $this->bottomline_date; - } - public function bottomlineLink () { - return $this->bottomline_link; + + public function availableLanguages() { + return $this->available_languages; } - public function _language ($value) { - if (!isset ($this->available_languages[$value])) { + public function _language($value) { + if (!isset($this->available_languages[$value])) { $value = 'en'; } - $this->language = $value; + $this->data['language'] = $value; } - public function _postsPerPage ($value) { + public function _posts_per_page ($value) { $value = intval($value); - $this->posts_per_page = $value > 0 ? $value : 10; + $this->data['posts_per_page'] = $value > 0 ? $value : 10; } - public function _viewMode ($value) { - if ($value == 'global' || $value == 'reader') { - $this->view_mode = $value; + public function _view_mode ($value) { + if ($value === 'global' || $value === 'reader') { + $this->data['view_mode'] = $value; } else { - $this->view_mode = 'normal'; + $this->data['view_mode'] = 'normal'; } } - public function _defaultView ($value) { - if ($value == 'not_read') { - $this->default_view = 'not_read'; - } else { - $this->default_view = 'all'; - } + public function _default_view ($value) { + $this->data['default_view'] = $value === 'all' ? 'all' : 'not_read'; } - public function _displayPosts ($value) { - if ($value == 'yes') { - $this->display_posts = 'yes'; - } else { - $this->display_posts = 'no'; - } + public function _display_posts ($value) { + $this->data['display_posts'] = ((bool)$value) && $value !== 'no'; } public function _onread_jump_next ($value) { - if ($value == 'no') { - $this->onread_jump_next = 'no'; - } else { - $this->onread_jump_next = 'yes'; - } + $this->data['onread_jump_next'] = ((bool)$value) && $value !== 'no'; } public function _lazyload ($value) { - if ($value == 'no') { - $this->lazyload = 'no'; - } else { - $this->lazyload = 'yes'; - } + $this->data['lazyload'] = ((bool)$value) && $value !== 'no'; } - public function _sortOrder ($value) { - $this->sort_order = $value === 'ASC' ? 'ASC' : 'DESC'; + public function _sort_order ($value) { + $this->data['sort_order'] = $value === 'ASC' ? 'ASC' : 'DESC'; } - public function _oldEntries($value) { + public function _old_entries($value) { $value = intval($value); - $this->old_entries = $value > 0 ? $value : 3; + $this->data['old_entries'] = $value > 0 ? $value : 3; } - public function _keepHistoryDefault($value) { + public function _keep_history_default($value) { $value = intval($value); - $this->keep_history_default = $value >= -1 ? $value : 0; + $this->data['keep_history_default'] = $value >= -1 ? $value : 0; } public function _shortcuts ($values) { foreach ($values as $key => $value) { - $this->shortcuts[$key] = $value; + if (isset($this->data['shortcuts'][$key])) { + $this->data['shortcuts'][$key] = $value; + } } } - public function _mailLogin ($value) { - if (filter_var ($value, FILTER_VALIDATE_EMAIL)) { + public function _mail_login ($value) { + if (filter_var($value, FILTER_VALIDATE_EMAIL)) { $this->mail_login = $value; - } elseif ($value == false) { - $this->mail_login = false; + } else { + $this->mail_login = ''; } } - public function _markWhen ($values) { - if(!isset($values['article'])) { - $values['article'] = 'yes'; - } - if(!isset($values['site'])) { - $values['site'] = 'yes'; - } - if(!isset($values['scroll'])) { - $values['scroll'] = 'yes'; - } - if(!isset($values['reception'])) { - $values['reception'] = 'no'; + public function _anon_access ($value) { + $this->data['anon_access'] = ((bool)$value) && $value !== 'no'; + } + public function _mark_when ($values) { + foreach ($values as $key => $value) { + if (isset($this->data['mark_when'][$key])) { + $this->data['mark_when'][$key] = ((bool)$value) && $value !== 'no'; + } } - - $this->mark_when['article'] = $values['article']; - $this->mark_when['site'] = $values['site']; - $this->mark_when['scroll'] = $values['scroll']; - $this->mark_when['reception'] = $values['reception']; } public function _sharing ($values) { $are_url = array ('shaarli', 'poche', 'diaspora'); @@ -268,54 +181,50 @@ class FreshRSS_Configuration extends Minz_Model { if (!$is_url) { $value = ''; } - } elseif(!is_bool ($value)) { + } elseif (!is_bool($value)) { $value = true; } - $this->sharing[$key] = $value; + $this->data['sharing'][$key] = $value; } } - public function _theme ($value) { - $this->theme = $value; + public function _theme($value) { + $this->data['theme'] = $value; } - public function _token ($value) { - $this->token = $value; + public function _token($value) { + $this->data['token'] = $value; } - public function _autoLoadMore ($value) { - if ($value == 'yes') { - $this->auto_load_more = 'yes'; - } else { - $this->auto_load_more = 'no'; - } + public function _auto_load_more($value) { + $this->data['auto_load_more'] = ((bool)$value) && $value !== 'no'; } - public function _topline_read ($value) { - $this->topline_read = $value === 'yes'; + public function _topline_read($value) { + $this->data['topline_read'] = ((bool)$value) && $value !== 'no'; } - public function _topline_favorite ($value) { - $this->topline_favorite = $value === 'yes'; + public function _topline_favorite($value) { + $this->data['topline_favorite'] = ((bool)$value) && $value !== 'no'; } - public function _topline_date ($value) { - $this->topline_date = $value === 'yes'; + public function _topline_date($value) { + $this->data['topline_date'] = ((bool)$value) && $value !== 'no'; } - public function _topline_link ($value) { - $this->topline_link = $value === 'yes'; + public function _topline_link($value) { + $this->data['topline_link'] = ((bool)$value) && $value !== 'no'; } - public function _bottomline_read ($value) { - $this->bottomline_read = $value === 'yes'; + public function _bottomline_read($value) { + $this->data['bottomline_read'] = ((bool)$value) && $value !== 'no'; } - public function _bottomline_favorite ($value) { - $this->bottomline_favorite = $value === 'yes'; + public function _bottomline_favorite($value) { + $this->data['bottomline_favorite'] = ((bool)$value) && $value !== 'no'; } - public function _bottomline_sharing ($value) { - $this->bottomline_sharing = $value === 'yes'; + public function _bottomline_sharing($value) { + $this->data['bottomline_sharing'] = ((bool)$value) && $value !== 'no'; } - public function _bottomline_tags ($value) { - $this->bottomline_tags = $value === 'yes'; + public function _bottomline_tags($value) { + $this->data['bottomline_tags'] = ((bool)$value) && $value !== 'no'; } - public function _bottomline_date ($value) { - $this->bottomline_date = $value === 'yes'; + public function _bottomline_date($value) { + $this->data['bottomline_date'] = ((bool)$value) && $value !== 'no'; } - public function _bottomline_link ($value) { - $this->bottomline_link = $value === 'yes'; + public function _bottomline_link($value) { + $this->data['bottomline_link'] = ((bool)$value) && $value !== 'no'; } } diff --git a/app/Models/ConfigurationDAO.php b/app/Models/ConfigurationDAO.php deleted file mode 100644 index 53312f043..000000000 --- a/app/Models/ConfigurationDAO.php +++ /dev/null @@ -1,154 +0,0 @@ - 'r', - 'mark_favorite' => 'f', - 'go_website' => 'space', - 'next_entry' => 'j', - 'prev_entry' => 'k', - 'collapse_entry' => 'c', - 'load_more' => 'm' - ); - public $mail_login = ''; - public $mark_when = array ( - 'article' => 'yes', - 'site' => 'yes', - 'scroll' => 'no', - 'reception' => 'no' - ); - public $sharing = array ( - 'shaarli' => '', - 'poche' => '', - 'diaspora' => '', - 'twitter' => true, - 'g+' => true, - 'facebook' => true, - 'email' => true, - 'print' => true - ); - public $theme = 'default'; - public $token = ''; - public $auto_load_more = 'yes'; - public $topline_read = 'yes'; - public $topline_favorite = 'yes'; - public $topline_date = 'yes'; - public $topline_link = 'yes'; - public $bottomline_read = 'yes'; - public $bottomline_favorite = 'yes'; - public $bottomline_sharing = 'yes'; - public $bottomline_tags = 'yes'; - public $bottomline_date = 'yes'; - public $bottomline_link = 'yes'; - - public function __construct ($nameFile = '') { - if (empty($nameFile)) { - $nameFile = DATA_PATH . '/' . Minz_Configuration::currentUser () . '_user.php'; - } - parent::__construct ($nameFile); - - // TODO : simplifier ce code, une boucle for() devrait suffire ! - if (isset ($this->array['language'])) { - $this->language = $this->array['language']; - } - if (isset ($this->array['posts_per_page'])) { - $this->posts_per_page = intval($this->array['posts_per_page']); - } - if (isset ($this->array['view_mode'])) { - $this->view_mode = $this->array['view_mode']; - } - if (isset ($this->array['default_view'])) { - $this->default_view = $this->array['default_view']; - } - if (isset ($this->array['display_posts'])) { - $this->display_posts = $this->array['display_posts']; - } - if (isset ($this->array['onread_jump_next'])) { - $this->onread_jump_next = $this->array['onread_jump_next']; - } - if (isset ($this->array['lazyload'])) { - $this->lazyload = $this->array['lazyload']; - } - if (isset ($this->array['sort_order'])) { - $this->sort_order = $this->array['sort_order']; - } - if (isset ($this->array['old_entries'])) { - $this->old_entries = intval($this->array['old_entries']); - } - if (isset ($this->array['keep_history_default'])) { - $this->keep_history_default = intval($this->array['keep_history_default']); - } - if (isset ($this->array['shortcuts'])) { - $this->shortcuts = array_merge ( - $this->shortcuts, $this->array['shortcuts'] - ); - } - if (isset ($this->array['mail_login'])) { - $this->mail_login = $this->array['mail_login']; - } - if (isset ($this->array['mark_when'])) { - $this->mark_when = $this->array['mark_when']; - } - if (isset ($this->array['sharing'])) { - $this->sharing = array_merge ( - $this->sharing, $this->array['sharing'] - ); - } - if (isset ($this->array['theme'])) { - $this->theme = $this->array['theme']; - } - if (isset ($this->array['token'])) { - $this->token = $this->array['token']; - } - if (isset ($this->array['auto_load_more'])) { - $this->auto_load_more = $this->array['auto_load_more']; - } - - if (isset ($this->array['topline_read'])) { - $this->topline_read = $this->array['topline_read']; - } - if (isset ($this->array['topline_favorite'])) { - $this->topline_favorite = $this->array['topline_favorite']; - } - if (isset ($this->array['topline_date'])) { - $this->topline_date = $this->array['topline_date']; - } - if (isset ($this->array['topline_link'])) { - $this->topline_link = $this->array['topline_link']; - } - if (isset ($this->array['bottomline_read'])) { - $this->bottomline_read = $this->array['bottomline_read']; - } - if (isset ($this->array['bottomline_favorite'])) { - $this->bottomline_favorite = $this->array['bottomline_favorite']; - } - if (isset ($this->array['bottomline_sharing'])) { - $this->bottomline_sharing = $this->array['bottomline_sharing']; - } - if (isset ($this->array['bottomline_tags'])) { - $this->bottomline_tags = $this->array['bottomline_tags']; - } - if (isset ($this->array['bottomline_date'])) { - $this->bottomline_date = $this->array['bottomline_date']; - } - if (isset ($this->array['bottomline_link'])) { - $this->bottomline_link = $this->array['bottomline_link']; - } - } - - public function update($values) { - $this->array = array_merge($this->array, $values); - invalidateHttpCache(); - return parent::writeFile(); - } -} diff --git a/app/i18n/en.php b/app/i18n/en.php index c7ac16ae0..65afc11e5 100644 --- a/app/i18n/en.php +++ b/app/i18n/en.php @@ -159,7 +159,7 @@ return array ( 'current_user' => 'Current user', 'default_user' => 'Username of the default user (maximum 16 alphanumeric characters)', 'persona_connection_email' => 'Login mail address (use Mozilla Persona)', - 'allow_anonymous' => 'Allow anonymous reading', + 'allow_anonymous' => 'Allow anonymous reading for the default user (%s)', 'auth_token' => 'Authentication token', 'explain_token' => 'Allows to access RSS output without authentication.
%s?token=%s', 'login_configuration' => 'Login', diff --git a/app/i18n/fr.php b/app/i18n/fr.php index e8da1c603..adc38acbe 100644 --- a/app/i18n/fr.php +++ b/app/i18n/fr.php @@ -159,7 +159,7 @@ return array ( 'current_user' => 'Utilisateur actuel', 'default_user' => 'Nom de l’utilisateur par défaut (16 caractères alphanumériques maximum)', 'persona_connection_email' => 'Adresse courriel de connexion (utilise Mozilla Persona)', - 'allow_anonymous' => 'Autoriser la lecture anonyme', + 'allow_anonymous' => 'Autoriser la lecture anonyme pour l’utilisateur par défaut (%s)', 'auth_token' => 'Jeton d’identification', 'explain_token' => 'Permet d’accéder à la sortie RSS sans besoin de s’authentifier.
%s?output=rss&token=%s', 'login_configuration' => 'Identification', diff --git a/app/layout/layout.phtml b/app/layout/layout.phtml index b7c34f04e..ae75c9bdb 100644 --- a/app/layout/layout.phtml +++ b/app/layout/layout.phtml @@ -1,5 +1,5 @@ - + diff --git a/app/layout/nav_menu.phtml b/app/layout/nav_menu.phtml index 1f2a7b408..37f8a426f 100644 --- a/app/layout/nav_menu.phtml +++ b/app/layout/nav_menu.phtml @@ -19,7 +19,7 @@ $string_mark = Minz_Translate::t ('mark_cat_read'); } $nextGet = $get; - if (($this->conf->onread_jump_next () === 'yes') && (strlen ($get) > 2)) { + if ($this->conf->onread_jump_next && (strlen ($get) > 2)) { $anotherUnreadId = ''; $foundCurrent = false; switch ($get[0]) { diff --git a/app/views/configure/archiving.phtml b/app/views/configure/archiving.phtml index e4aacc7c6..0a68eb76c 100644 --- a/app/views/configure/archiving.phtml +++ b/app/views/configure/archiving.phtml @@ -10,18 +10,18 @@
- +  
- +
+ ?> ()
diff --git a/app/views/configure/display.phtml b/app/views/configure/display.phtml index 800181659..11a987610 100644 --- a/app/views/configure/display.phtml +++ b/app/views/configure/display.phtml @@ -12,7 +12,7 @@
@@ -23,7 +23,7 @@
+
@@ -51,8 +51,8 @@
@@ -61,16 +61,16 @@
@@ -79,9 +79,9 @@
@@ -89,9 +89,9 @@
@@ -99,9 +99,9 @@
@@ -110,19 +110,19 @@
@@ -132,7 +132,7 @@
@@ -162,20 +162,20 @@ - conf->toplineRead () ? ' checked="checked"' : ''; ?> /> - conf->toplineFavorite () ? ' checked="checked"' : ''; ?> /> + conf->topline_read ? ' checked="checked"' : ''; ?> /> + conf->topline_favorite ? ' checked="checked"' : ''; ?> /> - conf->toplineDate () ? ' checked="checked"' : ''; ?> /> - conf->toplineLink () ? ' checked="checked"' : ''; ?> /> + conf->topline_date ? ' checked="checked"' : ''; ?> /> + conf->topline_link ? ' checked="checked"' : ''; ?> /> - conf->bottomlineRead () ? ' checked="checked"' : ''; ?> /> - conf->bottomlineFavorite () ? ' checked="checked"' : ''; ?> /> - conf->bottomlineSharing () ? ' checked="checked"' : ''; ?> /> - conf->bottomlineTags () ? ' checked="checked"' : ''; ?> /> - conf->bottomlineDate () ? ' checked="checked"' : ''; ?> /> - conf->bottomlineLink () ? ' checked="checked"' : ''; ?> /> + conf->bottomline_read ? ' checked="checked"' : ''; ?> /> + conf->bottomline_favorite ? ' checked="checked"' : ''; ?> /> + conf->bottomline_sharing ? ' checked="checked"' : ''; ?> /> + conf->bottomline_tags ? ' checked="checked"' : ''; ?> /> + conf->bottomline_date ? ' checked="checked"' : ''; ?> /> + conf->bottomline_link ? ' checked="checked"' : ''; ?> />
diff --git a/app/views/configure/sharing.phtml b/app/views/configure/sharing.phtml index 825537fc9..c6a96b48a 100644 --- a/app/views/configure/sharing.phtml +++ b/app/views/configure/sharing.phtml @@ -47,7 +47,7 @@ foreach ($services as $service) { ?> diff --git a/app/views/configure/shortcut.phtml b/app/views/configure/shortcut.phtml index e78d91820..2e564a7b6 100644 --- a/app/views/configure/shortcut.phtml +++ b/app/views/configure/shortcut.phtml @@ -9,7 +9,7 @@ - conf->shortcuts (); ?> + conf->shortcuts; ?> diff --git a/app/views/configure/users.phtml b/app/views/configure/users.phtml index c57671ef3..4fd291ba3 100644 --- a/app/views/configure/users.phtml +++ b/app/views/configure/users.phtml @@ -20,7 +20,7 @@
- conf->mailLogin(); ?> + conf->mail_login; ?>
@@ -29,7 +29,7 @@
- conf->token(); ?> + conf->token; ?>
@@ -51,7 +51,7 @@
diff --git a/app/views/helpers/javascript_vars.phtml b/app/views/helpers/javascript_vars.phtml index d008e2e48..8f508487c 100644 --- a/app/views/helpers/javascript_vars.phtml +++ b/app/views/helpers/javascript_vars.phtml @@ -1,16 +1,16 @@ conf->markWhen (); + $mark = $this->conf->mark_when; echo 'var ', - 'hide_posts=', ($this->conf->displayPosts () === 'yes' || Minz_Request::param ('output') === 'reader') ? 'false' : 'true', - ',auto_mark_article=', $mark['article'] === 'yes' ? 'true' : 'false', - ',auto_mark_site=', $mark['site'] === 'yes' ? 'true' : 'false', - ',auto_mark_scroll=', $mark['scroll'] === 'yes' ? 'true' : 'false', - ',auto_load_more=', $this->conf->autoLoadMore () === 'yes' ? 'true' : 'false', - ',full_lazyload=', $this->conf->lazyload () === 'yes' && ($this->conf->displayPosts () === 'yes' || Minz_Request::param ('output') === 'reader') ? 'true' : 'false', - ',does_lazyload=', $this->conf->lazyload() === 'yes' ? 'true' : 'false'; + 'hide_posts=', ($this->conf->display_posts || Minz_Request::param('output') === 'reader') ? 'false' : 'true', + ',auto_mark_article=', $mark['article'] ? 'true' : 'false', + ',auto_mark_site=', $mark['site'] ? 'true' : 'false', + ',auto_mark_scroll=', $mark['scroll'] ? 'true' : 'false', + ',auto_load_more=', $this->conf->auto_load_more ? 'true' : 'false', + ',full_lazyload=', $this->conf->lazyload && ($this->conf->display_posts || Minz_Request::param('output') === 'reader') ? 'true' : 'false', + ',does_lazyload=', $this->conf->lazyload ? 'true' : 'false'; - $s = $this->conf->shortcuts (); + $s = $this->conf->shortcuts; echo ',shortcuts={', 'mark_read:"', $s['mark_read'], '",', 'mark_favorite:"', $s['mark_favorite'], '",', diff --git a/app/views/helpers/view/global_view.phtml b/app/views/helpers/view/global_view.phtml index bc6e24e37..58ff13d4e 100644 --- a/app/views/helpers/view/global_view.phtml +++ b/app/views/helpers/view/global_view.phtml @@ -31,6 +31,6 @@
-
conf->displayPosts () === 'no' ? ' class="hide_posts"' : ''; ?>> +
conf->display_posts ? '' : ' class="hide_posts"'; ?>> -
\ No newline at end of file +
diff --git a/app/views/helpers/view/normal_view.phtml b/app/views/helpers/view/normal_view.phtml index 4307c2113..f59cae2b8 100644 --- a/app/views/helpers/view/normal_view.phtml +++ b/app/views/helpers/view/normal_view.phtml @@ -18,8 +18,8 @@ if (!empty($this->entries)) { $email = $this->conf->sharing ('email'); $print = $this->conf->sharing ('print'); $today = $this->today; - $hidePosts = $this->conf->displayPosts() === 'no'; - $lazyload = $this->conf->lazyload() === 'yes'; + $hidePosts = !$this->conf->display_posts; + $lazyload = $this->conf->lazyload; ?>
@@ -49,13 +49,13 @@ if (!empty($this->entries)) {
@@ -86,13 +86,13 @@ if (!empty($this->entries)) {
    conf->bottomlineRead ()) { + if ($this->conf->bottomline_read) { ?>
  • isRead () ? 'read' : 'unread'); ?>
    • conf->bottomlineFavorite ()) { + if ($this->conf->bottomline_favorite) { ?>
  • isFavorite () ? 'starred' : 'non-starred'); ?>entries)) { } ?>
  • conf->bottomlineSharing () && ( + if ($this->conf->bottomline_sharing && ( $shaarli || $poche || $diaspora || $twitter || $google_plus || $facebook || $email )) { @@ -171,7 +171,7 @@ if (!empty($this->entries)) {
    • conf->bottomlineTags () ? $item->tags() : null; + $tags = $this->conf->bottomline_tags ? $item->tags() : null; if (!empty($tags)) { ?>
  • @@ -190,8 +190,8 @@ if (!empty($this->entries)) {
- conf->bottomlineDate ()) { ?>
  • date (); ?> 
    • - conf->bottomlineLink ()) { ?>
    • + conf->bottomline_date) { ?>
  • date (); ?> 
    • + conf->bottomline_link) { ?>
    • diff --git a/app/views/helpers/view/reader_view.phtml b/app/views/helpers/view/reader_view.phtml index 47254f74e..2f64e672a 100644 --- a/app/views/helpers/view/reader_view.phtml +++ b/app/views/helpers/view/reader_view.phtml @@ -2,7 +2,7 @@ $this->partial ('nav_menu'); if (!empty($this->entries)) { - $lazyload = $this->conf->lazyload() === 'yes'; + $lazyload = $this->conf->lazyload; ?>
    diff --git a/app/views/index/index.phtml b/app/views/index/index.phtml index 2d134ba4e..4db53e2a5 100644 --- a/app/views/index/index.phtml +++ b/app/views/index/index.phtml @@ -1,7 +1,7 @@ conf->token(); +$token = $this->conf->token; $token_param = Minz_Request::param ('token', ''); $token_is_ok = ($token != '' && $token == $token_param); diff --git a/lib/Minz/Configuration.php b/lib/Minz/Configuration.php index 306328904..3864a9335 100644 --- a/lib/Minz/Configuration.php +++ b/lib/Minz/Configuration.php @@ -225,14 +225,14 @@ class Minz_Configuration { } } if (isset ($general['delay_cache'])) { - self::$delay_cache = $general['delay_cache']; + self::$delay_cache = inval($general['delay_cache']); } if (isset ($general['default_user'])) { self::$default_user = $general['default_user']; self::$current_user = self::$default_user; } if (isset ($general['allow_anonymous'])) { - self::$allow_anonymous = (bool)($general['allow_anonymous']); + self::$allow_anonymous = ((bool)($general['allow_anonymous'])) && ($general['allow_anonymous'] !== 'no'); } // Base de données diff --git a/lib/Minz/ModelArray.php b/lib/Minz/ModelArray.php index 89d7f06c1..e3ec77dc9 100644 --- a/lib/Minz/ModelArray.php +++ b/lib/Minz/ModelArray.php @@ -8,11 +8,6 @@ * La classe Model_array représente le modèle interragissant avec les fichiers de type texte gérant des tableaux php */ class Minz_ModelArray { - /** - * $array Le tableau php contenu dans le fichier $filename - */ - protected $array = array (); - /** * $filename est le nom du fichier */ @@ -25,29 +20,32 @@ class Minz_ModelArray { */ public function __construct ($filename) { $this->filename = $filename; + } + protected function loadArray() { if (!file_exists($this->filename)) { throw new Minz_FileNotExistException($this->filename, Minz_Exception::WARNING); } elseif (($handle = $this->getLock()) === false) { throw new Minz_PermissionDeniedException($this->filename); } else { - $this->array = include($this->filename); + $data = include($this->filename); $this->releaseLock($handle); - if ($this->array === false) { + if ($data === false) { throw new Minz_PermissionDeniedException($this->filename); - } elseif (!is_array($this->array)) { - $this->array = array(); + } elseif (!is_array($data)) { + $data = array(); } + return $data; } } /** * Sauve le tableau $array dans le fichier $filename **/ - protected function writeFile() { - if (!file_put_contents($this->filename, "array, true) . ';', LOCK_EX)) { + protected function writeArray($array) { + if (!file_put_contents($this->filename, "filename); } return true; diff --git a/lib/Minz/Session.php b/lib/Minz/Session.php index f527322f5..6e45fd226 100644 --- a/lib/Minz/Session.php +++ b/lib/Minz/Session.php @@ -55,11 +55,6 @@ class Minz_Session { } else { $_SESSION[$p] = $v; self::$session[$p] = $v; - - if($p == 'language') { - // reset pour remettre à jour le fichier de langue à utiliser - Minz_Translate::reset (); - } } } @@ -76,6 +71,7 @@ class Minz_Session { if (!$force) { self::_param ('language', $language); + Minz_Translate::reset (); } } } diff --git a/lib/lib_rss.php b/lib/lib_rss.php index a27ef171a..3f55c7d58 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -63,7 +63,7 @@ function is_logged () { // vérifie que le système d'authentification est configuré function login_is_conf ($conf) { - return $conf->mailLogin () != false; + return $conf->mail_login != ''; } // tiré de Shaarli de Seb Sauvage //Format RFC 4648 base64url -- cgit v1.2.3 From 220341b40642771f9b5db97296edfb1913182464 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sun, 29 Dec 2013 02:12:46 +0100 Subject: Implémente sélecteur de méthode d’authentification MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Contribue à https://github.com/marienfressinaud/FreshRSS/issues/126 --- app/Controllers/configureController.php | 7 +++++-- app/views/configure/users.phtml | 7 +++---- lib/Minz/Configuration.php | 19 +++++++++++++++++++ 3 files changed, 27 insertions(+), 6 deletions(-) (limited to 'lib/Minz/Configuration.php') diff --git a/app/Controllers/configureController.php b/app/Controllers/configureController.php index aabc3e4af..0c0b4951d 100755 --- a/app/Controllers/configureController.php +++ b/app/Controllers/configureController.php @@ -326,10 +326,13 @@ class FreshRSS_configure_Controller extends Minz_ActionController { Minz_Session::_param('mail', $this->view->conf->mail_login); if (Minz_Configuration::isAdmin()) { - $anon = (Minz_Request::param('anon_access', false)); + $anon = Minz_Request::param('anon_access', false); $anon = ((bool)$anon) && ($anon !== 'no'); - if ($anon != Minz_Configuration::allowAnonymous()) { + $auth_type = Minz_Request::param('auth_type', 'none'); + if ($anon != Minz_Configuration::allowAnonymous() || + $auth_type != Minz_Configuration::authType()) { Minz_Configuration::_allowAnonymous($anon); + Minz_Configuration::_authType($auth_type); $ok &= Minz_Configuration::writeFile(); } } diff --git a/app/views/configure/users.phtml b/app/views/configure/users.phtml index 4fd291ba3..7e8edf9af 100644 --- a/app/views/configure/users.phtml +++ b/app/views/configure/users.phtml @@ -60,11 +60,10 @@
    - (selector not implemented yet)
    diff --git a/lib/Minz/Configuration.php b/lib/Minz/Configuration.php index 3864a9335..d0c530ef7 100644 --- a/lib/Minz/Configuration.php +++ b/lib/Minz/Configuration.php @@ -53,6 +53,7 @@ class Minz_Configuration { private static $default_user = ''; private static $current_user = ''; private static $allow_anonymous = false; + private static $auth_type = 'none'; private static $db = array ( 'host' => false, @@ -103,9 +104,23 @@ class Minz_Configuration { public static function allowAnonymous() { return self::$allow_anonymous; } + public static function authType() { + return self::$auth_type; + } + public static function _allowAnonymous($allow = false) { self::$allow_anonymous = (bool)$allow; } + public static function _authType($value) { + $value = strtolower($value); + switch ($value) { + case 'none': + case 'http_auth': + case 'persona': + self::$auth_type = $value; + break; + } + } /** * Initialise les variables de configuration @@ -133,6 +148,7 @@ class Minz_Configuration { 'title' => self::$title, 'default_user' => self::$default_user, 'allow_anonymous' => self::$allow_anonymous, + 'auth_type' => self::$auth_type, ), 'db' => self::$db, ); @@ -234,6 +250,9 @@ class Minz_Configuration { if (isset ($general['allow_anonymous'])) { self::$allow_anonymous = ((bool)($general['allow_anonymous'])) && ($general['allow_anonymous'] !== 'no'); } + if (isset ($general['auth_type'])) { + self::_authType($general['auth_type']); + } // Base de données $db = false; -- cgit v1.2.3 From 92efd68a3a13e49fe7bbfb8441611c0dcd639415 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Mon, 30 Dec 2013 01:03:32 +0100 Subject: Début de mode multi-utilisateur avec http_auth MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit + Légère optimisation de Minz_View. + Encore plus de tests de bibliothèques dans install.php Contribue à https://github.com/marienfressinaud/FreshRSS/issues/126 et https://github.com/marienfressinaud/FreshRSS/issues/303 --- README.md | 2 +- app/Controllers/configureController.php | 5 +-- app/Controllers/entryController.php | 4 +-- app/Controllers/feedController.php | 27 +++++++------- app/Controllers/indexController.php | 31 ++++++++--------- app/FreshRSS.php | 56 ++++++++++++++++++++++------- app/Models/Configuration.php | 15 ++++---- app/actualize_script.php | 15 +++++--- app/i18n/en.php | 5 +-- app/i18n/fr.php | 5 +-- app/layout/aside_flux.phtml | 6 ++-- app/layout/header.phtml | 21 +++++------ app/layout/nav_menu.phtml | 2 +- app/views/configure/users.phtml | 51 +++++++++++++++------------ app/views/helpers/javascript_vars.phtml | 2 +- app/views/helpers/view/normal_view.phtml | 60 ++++++++++++++++++-------------- app/views/index/index.phtml | 45 ++++++++++++++---------- lib/Minz/Configuration.php | 12 ++++++- lib/Minz/View.php | 29 ++++++--------- lib/lib_rss.php | 16 +++------ p/i/install.php | 24 ++++++++++--- 21 files changed, 246 insertions(+), 187 deletions(-) (limited to 'lib/Minz/Configuration.php') diff --git a/README.md b/README.md index f20f870dd..cfef89781 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ Privilégiez pour cela des demandes sur GitHub # Pré-requis * Serveur Apache2 ou Nginx (non testé sur les autres) * PHP 5.2+ (PHP 5.3.3+ recommandé) - * Requis : [LibXML](http://php.net/xml), [PCRE](http://php.net/pcre), [cURL](http://php.net/curl), [PDO_MySQL](http://php.net/pdo-mysql) + * Requis : [PDO_MySQL](http://php.net/pdo-mysql), [cURL](http://php.net/curl), [LibXML](http://php.net/xml), [PCRE](http://php.net/pcre), [ctype](http://php.net/ctype) * Recommandés : [JSON](http://php.net/json), [zlib](http://php.net/zlib), [mbstring](http://php.net/mbstring), [iconv](http://php.net/iconv) * MySQL 5.0.3+ (ou SQLite 3.7.4+ à venir) * Un navigateur Web récent tel Firefox, Chrome, Opera, Safari, Internet Explorer 9+ diff --git a/app/Controllers/configureController.php b/app/Controllers/configureController.php index 0c0b4951d..656e2ac89 100755 --- a/app/Controllers/configureController.php +++ b/app/Controllers/configureController.php @@ -2,7 +2,7 @@ class FreshRSS_configure_Controller extends Minz_ActionController { public function firstAction () { - if (login_is_conf ($this->view->conf) && !is_logged ()) { + if (!$this->view->loginOk) { Minz_Error::error ( 403, array ('error' => array (Minz_Translate::t ('access_denied'))) @@ -16,7 +16,6 @@ class FreshRSS_configure_Controller extends Minz_ActionController { public function categorizeAction () { $feedDAO = new FreshRSS_FeedDAO (); $catDAO = new FreshRSS_CategoryDAO (); - $catDAO->checkDefault (); $defaultCategory = $catDAO->getDefault (); $defaultId = $defaultCategory->id (); @@ -167,8 +166,6 @@ class FreshRSS_configure_Controller extends Minz_ActionController { $this->view->conf->_bottomline_link(Minz_Request::param('bottomline_link', false)); $this->view->conf->save(); - Minz_Session::_param ('mail', $this->view->conf->mail_login); - Minz_Session::_param ('language', $this->view->conf->language); Minz_Translate::reset (); diff --git a/app/Controllers/entryController.php b/app/Controllers/entryController.php index b0fc37cdf..da4ab5ecc 100755 --- a/app/Controllers/entryController.php +++ b/app/Controllers/entryController.php @@ -2,7 +2,7 @@ class FreshRSS_entry_Controller extends Minz_ActionController { public function firstAction () { - if (login_is_conf ($this->view->conf) && !is_logged ()) { + if (!$this->view->loginOk) { Minz_Error::error ( 403, array ('error' => array (Minz_Translate::t ('access_denied'))) @@ -38,7 +38,7 @@ class FreshRSS_entry_Controller extends Minz_ActionController { $nextGet = Minz_Request::param ('nextGet', $get); $idMax = Minz_Request::param ('idMax', 0); - $is_read = !!$is_read; + $is_read = (bool)$is_read; $entryDAO = new FreshRSS_EntryDAO (); if ($id == false) { diff --git a/app/Controllers/feedController.php b/app/Controllers/feedController.php index 42a0dcb11..2d7c0ab43 100755 --- a/app/Controllers/feedController.php +++ b/app/Controllers/feedController.php @@ -2,18 +2,17 @@ class FreshRSS_feed_Controller extends Minz_ActionController { public function firstAction () { - $token = $this->view->conf->token; - $token_param = Minz_Request::param ('token', ''); - $token_is_ok = ($token != '' && $token == $token_param); - $action = Minz_Request::actionName (); - - if (login_is_conf ($this->view->conf) && - !is_logged () && - !($token_is_ok && $action == 'actualize')) { - Minz_Error::error ( - 403, - array ('error' => array (Minz_Translate::t ('access_denied'))) - ); + if (!$this->view->loginOk) { + $token = $this->view->conf->token; //TODO: check the token logic again, and if it is still needed + $token_param = Minz_Request::param ('token', ''); + $token_is_ok = ($token != '' && $token == $token_param); + $action = Minz_Request::actionName (); + if (!($token_is_ok && $action === 'actualize')) { + Minz_Error::error ( + 403, + array ('error' => array (Minz_Translate::t ('access_denied'))) + ); + } } $this->catDAO = new FreshRSS_CategoryDAO (); @@ -411,10 +410,8 @@ class FreshRSS_feed_Controller extends Minz_ActionController { } private function addCategories ($categories) { - $catDAO = new FreshRSS_CategoryDAO (); - foreach ($categories as $cat) { - if (!$catDAO->searchByName ($cat->name ())) { + if (!$this->catDAO->searchByName ($cat->name ())) { $values = array ( 'id' => $cat->id (), 'name' => $cat->name (), diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php index 54826636f..66809964d 100755 --- a/app/Controllers/indexController.php +++ b/app/Controllers/indexController.php @@ -16,17 +16,18 @@ class FreshRSS_index_Controller extends Minz_ActionController { public function indexAction () { $output = Minz_Request::param ('output'); - - $token = $this->view->conf->token; - $token_param = Minz_Request::param ('token', ''); - $token_is_ok = ($token != '' && $token === $token_param); - - // check if user is log in - if(login_is_conf ($this->view->conf) && - !is_logged() && - !Minz_Configuration::allowAnonymous() && - !($output === 'rss' && $token_is_ok)) { - return; + $token = ''; + + // check if user is logged in + if (!$this->view->loginOk && !Minz_Configuration::allowAnonymous()) + { + $token = $this->view->conf->token; + $token_param = Minz_Request::param ('token', ''); + $token_is_ok = ($token != '' && $token === $token_param); + if (!($output === 'rss' && $token_is_ok)) { + return; + } + $params['token'] = $token; } // construction of RSS url of this feed @@ -35,11 +36,6 @@ class FreshRSS_index_Controller extends Minz_ActionController { if (isset ($params['search'])) { $params['search'] = urlencode ($params['search']); } - if (login_is_conf($this->view->conf) && - !Minz_Configuration::allowAnonymous() && - $token !== '') { - $params['token'] = $token; - } $this->view->rss_url = array ( 'c' => 'index', 'a' => 'index', @@ -212,7 +208,7 @@ class FreshRSS_index_Controller extends Minz_ActionController { } public function logsAction () { - if (login_is_conf ($this->view->conf) && !is_logged ()) { + if (!$this->view->loginOk) { Minz_Error::error ( 403, array ('error' => array (Minz_Translate::t ('access_denied'))) @@ -255,6 +251,7 @@ class FreshRSS_index_Controller extends Minz_ActionController { $res = json_decode ($result, true); if ($res['status'] === 'okay' && $res['email'] === $this->view->conf->mail_login) { Minz_Session::_param ('mail', $res['email']); + $this->view->loginOk = true; invalidateHttpCache(); } else { $res = array (); diff --git a/app/FreshRSS.php b/app/FreshRSS.php index 05c8ec8e0..10f362717 100644 --- a/app/FreshRSS.php +++ b/app/FreshRSS.php @@ -1,26 +1,56 @@ loadParamsView (); - $this->loadStylesAndScripts (); - $this->loadNotifications (); + public function init($currentUser = null) { + Minz_Session::init('FreshRSS'); + $this->accessControl($currentUser); + $this->loadParamsView(); + $this->loadStylesAndScripts(); + $this->loadNotifications(); } - private function loadParamsView () { + private function accessControl($currentUser) { + if ($currentUser === null) { + switch (Minz_Configuration::authType()) { + case 'http_auth': + $currentUser = httpAuthUser(); + $loginOk = $currentUser != ''; + break; + case 'persona': + $currentUser = Minz_Configuration::defaultUser(); + $loginOk = Minz_Session::param('mail') != ''; + break; + case 'none': + $currentUser = Minz_Configuration::defaultUser(); + $loginOk = true; + break; + default: + $loginOk = false; + break; + } + } elseif ((PHP_SAPI === 'cli') && (Minz_Request::actionName() === 'actualize')) { //Command line + Minz_Configuration::_authType('none'); + $loginOk = true; + } + + if (!$loginOk || !isValidUser($currentUser)) { + $currentUser = Minz_Configuration::defaultUser(); + $loginOk = false; + } + Minz_Configuration::_currentUser($currentUser); + Minz_View::_param ('loginOk', $loginOk); + try { - $this->conf = new FreshRSS_Configuration(); + $this->conf = new FreshRSS_Configuration($currentUser); } catch (Minz_Exception $e) { // Permission denied or conf file does not exist - // it's critical! die($e->getMessage()); } - Minz_View::_param ('conf', $this->conf); + } + + private function loadParamsView () { Minz_Session::_param ('language', $this->conf->language); Minz_Translate::init(); - $output = Minz_Request::param ('output'); if (!$output) { $output = $this->conf->view_mode; @@ -31,12 +61,12 @@ class FreshRSS extends Minz_FrontController { private function loadStylesAndScripts () { $theme = FreshRSS_Themes::get_infos($this->conf->theme); if ($theme) { - foreach($theme["files"] as $file) { + foreach($theme['files'] as $file) { Minz_View::appendStyle (Minz_Url::display ('/themes/' . $theme['path'] . '/' . $file . '?' . @filemtime(PUBLIC_PATH . '/themes/' . $theme['path'] . '/' . $file))); } } - if (login_is_conf ($this->conf)) { + if (Minz_Configuration::authType() === 'persona') { Minz_View::appendScript ('https://login.persona.org/include.js'); } $includeLazyLoad = $this->conf->lazyload && ($this->conf->display_posts || Minz_Request::param ('output') === 'reader'); diff --git a/app/Models/Configuration.php b/app/Models/Configuration.php index b0a5d9940..ec7daaa7d 100644 --- a/app/Models/Configuration.php +++ b/app/Models/Configuration.php @@ -59,10 +59,9 @@ class FreshRSS_Configuration extends Minz_ModelArray { 'fr' => 'Français', ); - public function __construct ($filename = '') { - if (empty($filename)) { - $filename = DATA_PATH . '/' . Minz_Configuration::currentUser () . '_user.php'; - } + public function __construct ($user) { + $filename = DATA_PATH . '/' . $user . '_user.php'; + parent::__construct($filename); $data = parent::loadArray(); @@ -72,6 +71,7 @@ class FreshRSS_Configuration extends Minz_ModelArray { $this->$function($value); } } + $this->data['user'] = $user; } public function save() { @@ -151,10 +151,11 @@ class FreshRSS_Configuration extends Minz_ModelArray { } } public function _mail_login ($value) { - if (filter_var($value, FILTER_VALIDATE_EMAIL)) { - $this->mail_login = $value; + $value = filter_var($value, FILTER_VALIDATE_EMAIL); + if ($value) { + $this->data['mail_login'] = $value; } else { - $this->mail_login = ''; + $this->data['mail_login'] = ''; } } public function _anon_access ($value) { diff --git a/app/actualize_script.php b/app/actualize_script.php index 20438128a..e0c560ff7 100755 --- a/app/actualize_script.php +++ b/app/actualize_script.php @@ -1,6 +1,8 @@ init (); -Minz_Session::_param('mail', true); // permet de se passer de la phase de connexion -$front_controller->run (); -invalidateHttpCache(); + +$users = listUsers(); +shuffle($users); + +foreach ($users as $user) { + $front_controller->init($user); + $front_controller->run(); + invalidateHttpCache($user); +} diff --git a/app/i18n/en.php b/app/i18n/en.php index 65afc11e5..8b9eee548 100644 --- a/app/i18n/en.php +++ b/app/i18n/en.php @@ -158,13 +158,14 @@ return array ( 'current_user' => 'Current user', 'default_user' => 'Username of the default user (maximum 16 alphanumeric characters)', - 'persona_connection_email' => 'Login mail address (use Mozilla Persona)', + 'persona_connection_email' => 'Login mail address (for Mozilla Persona)', 'allow_anonymous' => 'Allow anonymous reading for the default user (%s)', 'auth_token' => 'Authentication token', - 'explain_token' => 'Allows to access RSS output without authentication.
    %s?token=%s', + 'explain_token' => 'Allows to access RSS output of the default user without authentication.
    %s?token=%s', 'login_configuration' => 'Login', 'is_admin' => 'is administrator', 'auth_type' => 'Authentication method', + 'auth_none' => 'None (dangerous)', 'users_list' => 'List of users', 'language' => 'Language', diff --git a/app/i18n/fr.php b/app/i18n/fr.php index adc38acbe..cad156d47 100644 --- a/app/i18n/fr.php +++ b/app/i18n/fr.php @@ -158,13 +158,14 @@ return array ( 'current_user' => 'Utilisateur actuel', 'default_user' => 'Nom de l’utilisateur par défaut (16 caractères alphanumériques maximum)', - 'persona_connection_email' => 'Adresse courriel de connexion (utilise Mozilla Persona)', + 'persona_connection_email' => 'Adresse courriel de connexion (pour Mozilla Persona)', 'allow_anonymous' => 'Autoriser la lecture anonyme pour l’utilisateur par défaut (%s)', 'auth_token' => 'Jeton d’identification', - 'explain_token' => 'Permet d’accéder à la sortie RSS sans besoin de s’authentifier.
    %s?output=rss&token=%s', + 'explain_token' => 'Permet d’accéder à la sortie RSS de l’utilisateur par défaut sans besoin de s’authentifier.
    %s?output=rss&token=%s', 'login_configuration' => 'Identification', 'is_admin' => 'est administrateur', 'auth_type' => 'Méthode d’authentification', + 'auth_none' => 'Aucune (dangereux)', 'users_list' => 'Liste des utilisateurs', 'language' => 'Langue', diff --git a/app/layout/aside_flux.phtml b/app/layout/aside_flux.phtml index 9a6b16d58..8730baf0e 100644 --- a/app/layout/aside_flux.phtml +++ b/app/layout/aside_flux.phtml @@ -2,14 +2,14 @@
      - conf) || is_logged ()) { ?> + loginOk) { ?>
      • - conf)) { ?> +
      • @@ -69,7 +69,7 @@
      • - conf) || is_logged ()) { ?> + loginOk) { ?>
      • diff --git a/app/layout/header.phtml b/app/layout/header.phtml index aeb417a6e..0f2c524c4 100644 --- a/app/layout/header.phtml +++ b/app/layout/header.phtml @@ -1,9 +1,9 @@ -conf)) { ?> + @@ -19,9 +19,7 @@
    - conf) || - is_logged() || - Minz_Configuration::allowAnonymous()) { ?> + loginOk || Minz_Configuration::allowAnonymous()) { ?>
    @@ -48,11 +46,10 @@
    - conf) || is_logged ()) { ?> + loginOk) { ?>
    -
      • @@ -65,16 +62,14 @@
      • - conf) && is_logged ()) { ?> +
    - conf) && !is_logged ()) { ?> +
    diff --git a/app/layout/nav_menu.phtml b/app/layout/nav_menu.phtml index 37f8a426f..44b49b10c 100644 --- a/app/layout/nav_menu.phtml +++ b/app/layout/nav_menu.phtml @@ -1,7 +1,7 @@
    - conf) || is_logged ()) { ?> + loginOk) { ?> conf->mail_login; ?>
    - +
    -
    - - conf->token; ?> -
    - - -
    -
    -
    @@ -47,21 +38,12 @@ -
    -
    - -
    -
    -
    @@ -75,7 +57,32 @@ echo ''; } ?> - (not implemented yet) +
    +
    + +
    +
    + + +
    +
    + + Mozilla Persona +
    +
    + +
    +
    + +
    + + conf->token; ?> +
    + +
    diff --git a/app/views/helpers/javascript_vars.phtml b/app/views/helpers/javascript_vars.phtml index 8f508487c..8419b9391 100644 --- a/app/views/helpers/javascript_vars.phtml +++ b/app/views/helpers/javascript_vars.phtml @@ -29,7 +29,7 @@ if ($mail != 'null') { $mail = '"' . $mail . '"'; } - echo 'use_persona=', login_is_conf ($this->conf) ? 'true' : 'false', + echo 'use_persona=', Minz_Configuration::authType() === 'persona' ? 'true' : 'false', ',url_freshrss="', _url ('index', 'index'), '",', 'url_login="', _url ('index', 'login'), '",', 'url_logout="', _url ('index', 'logout'), '",', diff --git a/app/views/helpers/view/normal_view.phtml b/app/views/helpers/view/normal_view.phtml index f59cae2b8..1b4388796 100644 --- a/app/views/helpers/view/normal_view.phtml +++ b/app/views/helpers/view/normal_view.phtml @@ -7,39 +7,48 @@ if (!empty($this->entries)) { $display_today = true; $display_yesterday = true; $display_others = true; - - $logged = !login_is_conf ($this->conf) || is_logged (); - $shaarli = $this->conf->sharing ('shaarli'); - $poche = $this->conf->sharing ('poche'); - $diaspora = $this->conf->sharing ('diaspora'); + $shaarli = $this->loginOk && $this->conf->sharing ('shaarli'); + $poche = $this->loginOk && $this->conf->sharing ('poche'); + $diaspora = $this->loginOk && $this->conf->sharing ('diaspora'); $twitter = $this->conf->sharing ('twitter'); $google_plus = $this->conf->sharing ('g+'); $facebook = $this->conf->sharing ('facebook'); $email = $this->conf->sharing ('email'); $print = $this->conf->sharing ('print'); - $today = $this->today; $hidePosts = !$this->conf->display_posts; $lazyload = $this->conf->lazyload; + $topline_read = $this->conf->topline_read; + $topline_favorite = $this->conf->topline_favorite; + $topline_date = $this->conf->topline_date; + $topline_link = $this->conf->topline_link; + $bottomline_read = $this->conf->bottomline_read; + $bottomline_favorite = $this->conf->bottomline_favorite; + $bottomline_sharing = $this->conf->bottomline_sharing && ( + $shaarli || $poche || $diaspora || $twitter || + $google_plus || $facebook || $email); + $bottomline_tags = $this->conf->bottomline_tags; + $bottomline_date = $this->conf->bottomline_date; + $bottomline_link = $this->conf->bottomline_link; ?>
    entries as $item) { ?> - isDay (FreshRSS_Days::TODAY, $today)) { ?> + isDay (FreshRSS_Days::TODAY, $this->today)) { ?>
    - currentName; ?>
    - isDay (FreshRSS_Days::YESTERDAY, $today)) { ?> + isDay (FreshRSS_Days::YESTERDAY, $this->today)) { ?>
    - currentName; ?>
    - isDay (FreshRSS_Days::BEFORE_YESTERDAY, $today)) { ?> + isDay (FreshRSS_Days::BEFORE_YESTERDAY, $this->today)) { ?>
    currentName; ?> @@ -48,14 +57,14 @@ if (!empty($this->entries)) {
    @@ -85,14 +94,14 @@ if (!empty($this->entries)) { ?>
    - conf->bottomline_date) { ?>
  • date (); ?> 
    • - conf->bottomline_link) { ?>
    • +
  • date (); ?> 
    • +
    • diff --git a/app/views/index/index.phtml b/app/views/index/index.phtml index 4db53e2a5..549d0b61e 100644 --- a/app/views/index/index.phtml +++ b/app/views/index/index.phtml @@ -1,29 +1,38 @@
    +

    +

    +

    +
    conf->token; -$token_param = Minz_Request::param ('token', ''); -$token_is_ok = ($token != '' && $token == $token_param); -if(!login_is_conf ($this->conf) || - is_logged() || - Minz_Configuration::allowAnonymous() || - ($output == 'rss' && $token_is_ok)) { - if($output == 'rss') { +if ($this->loginOk || Minz_Configuration::allowAnonymous()) { + if ($output === 'normal') { + $this->renderHelper ('view/normal_view'); + } elseif ($output === 'rss') { $this->renderHelper ('view/rss_view'); - } elseif($output == 'reader') { + } elseif ($output === 'reader') { $this->renderHelper ('view/reader_view'); - } elseif($output == 'global') { + } elseif ($output === 'global') { $this->renderHelper ('view/global_view'); } else { $this->renderHelper ('view/normal_view'); } +} elseif ($output === 'rss') { + $token = $this->conf->token; + $token_param = Minz_Request::param ('token', ''); + $token_is_ok = ($token != '' && $token == $token_param); + if ($token_is_ok) { + $this->renderHelper ('view/rss_view'); + } else { + showForbidden(); + } } else { -?> -
    -

    -

    -

    -
    -use_layout = true; - } - self::$title = Minz_Configuration::title (); } @@ -44,6 +38,9 @@ class Minz_View { * Construit la vue */ public function build () { + if ($this->use_layout === null) { //TODO: avoid file_exists and require views to be explicit + $this->use_layout = file_exists (APP_PATH . self::LAYOUT_PATH_NAME . self::LAYOUT_FILENAME); + } if ($this->use_layout) { $this->buildLayout (); } else { @@ -66,10 +63,8 @@ class Minz_View { * Affiche la Vue en elle-même */ public function render () { - if (file_exists ($this->view_filename)) { - include ($this->view_filename); - } else { - Minz_Log::record ('File doesn\'t exist : `' + if ((@include($this->view_filename)) === false) { + Minz_Log::record ('File not found: `' . $this->view_filename . '`', Minz_Log::NOTICE); } @@ -84,10 +79,8 @@ class Minz_View { . self::LAYOUT_PATH_NAME . '/' . $part . '.phtml'; - if (file_exists ($fic_partial)) { - include ($fic_partial); - } else { - Minz_Log::record ('File doesn\'t exist : `' + if ((@include($fic_partial)) === false) { + Minz_Log::record ('File not found: `' . $fic_partial . '`', Minz_Log::WARNING); } @@ -102,10 +95,8 @@ class Minz_View { . '/views/helpers/' . $helper . '.phtml'; - if (file_exists ($fic_helper)) { - include ($fic_helper); - } else { - Minz_Log::record ('File doesn\'t exist : `' + if ((@include($fic_helper)) === false) {; + Minz_Log::record ('File not found: `' . $fic_helper . '`', Minz_Log::WARNING); } diff --git a/lib/lib_rss.php b/lib/lib_rss.php index 3f55c7d58..b266fa5c7 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -56,16 +56,6 @@ function checkUrl($url) { } } -// vérifie qu'on est connecté -function is_logged () { - return Minz_Session::param ('mail') != false; -} - -// vérifie que le système d'authentification est configuré -function login_is_conf ($conf) { - return $conf->mail_login != ''; -} - // tiré de Shaarli de Seb Sauvage //Format RFC 4648 base64url function small_hash ($txt) { $t = rtrim (base64_encode (hash ('crc32', $txt, true)), '='); @@ -173,7 +163,7 @@ function uSecString() { return str_pad($t['usec'], 6, '0'); } -function invalidateHttpCache() { +function invalidateHttpCache($currentUser = '') { //TODO: Make multi-user compatible file_put_contents(DATA_PATH . '/touch.txt', uTimeString()); } @@ -185,6 +175,10 @@ function usernameFromPath($userPath) { } } +function isValidUser($user) { + return $user != '' && ctype_alnum($user) && file_exists(DATA_PATH . '/' . $user . '_user.php'); +} + function listUsers() { return array_map('usernameFromPath', glob(DATA_PATH . '/*_user.php')); } diff --git a/p/i/install.php b/p/i/install.php index 5c654f983..8a74c4492 100644 --- a/p/i/install.php +++ b/p/i/install.php @@ -543,6 +543,8 @@ function checkStep1 () { $minz = file_exists (LIB_PATH . '/Minz'); $curl = extension_loaded ('curl'); $pdo = extension_loaded ('pdo_mysql'); + $pcre = extension_loaded ('pcre'); + $ctype = extension_loaded ('ctype'); $dom = class_exists('DOMDocument'); $data = DATA_PATH && is_writable (DATA_PATH); $cache = CACHE_PATH && is_writable (CACHE_PATH); @@ -554,12 +556,14 @@ function checkStep1 () { 'minz' => $minz ? 'ok' : 'ko', 'curl' => $curl ? 'ok' : 'ko', 'pdo-mysql' => $pdo ? 'ok' : 'ko', + 'pcre' => $pcre ? 'ok' : 'ko', + 'ctype' => $ctype ? 'ok' : 'ko', 'dom' => $dom ? 'ok' : 'ko', 'data' => $data ? 'ok' : 'ko', 'cache' => $cache ? 'ok' : 'ko', 'log' => $log ? 'ok' : 'ko', 'favicons' => $favicons ? 'ok' : 'ko', - 'all' => $php && $minz && $curl && $pdo && $dom && $data && $cache && $log && $favicons ? 'ok' : 'ko' + 'all' => $php && $minz && $curl && $pdo && $pcre && $ctype && $dom && $data && $cache && $log && $favicons ? 'ok' : 'ko' ); } @@ -726,6 +730,12 @@ function printStep1 () {

    + +

    + +

    + +

    @@ -733,10 +743,16 @@ function printStep1 () {

    - -

    + +

    -

    +

    + + + +

    + +

    -- cgit v1.2.3 From bd5d7a7bcb16cff1c01f4445ceee765fc11e3b50 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Mon, 30 Dec 2013 15:00:41 +0100 Subject: Cache HTTP compatible multi-utilisateur MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Contribue à https://github.com/marienfressinaud/FreshRSS/issues/126 --- app/Controllers/configureController.php | 2 +- app/Controllers/indexController.php | 4 +-- app/FreshRSS.php | 51 ++++++++++++++++++++++++--------- app/Models/LogDAO.php | 8 ++++-- app/actualize_script.php | 12 +++++--- app/views/configure/users.phtml | 6 ++-- lib/Minz/Configuration.php | 13 ++------- lib/Minz/Log.php | 2 +- lib/Minz/ModelPdo.php | 3 +- lib/Minz/Session.php | 10 ++----- lib/lib_rss.php | 9 ++---- p/i/index.php | 13 +++++---- 12 files changed, 73 insertions(+), 60 deletions(-) (limited to 'lib/Minz/Configuration.php') diff --git a/app/Controllers/configureController.php b/app/Controllers/configureController.php index 656e2ac89..2260e978b 100755 --- a/app/Controllers/configureController.php +++ b/app/Controllers/configureController.php @@ -322,7 +322,7 @@ class FreshRSS_configure_Controller extends Minz_ActionController { Minz_Session::_param('mail', $this->view->conf->mail_login); - if (Minz_Configuration::isAdmin()) { + if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) { $anon = Minz_Request::param('anon_access', false); $anon = ((bool)$anon) && ($anon !== 'no'); $auth_type = Minz_Request::param('auth_type', 'none'); diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php index cc851a1fa..7309169a6 100755 --- a/app/Controllers/indexController.php +++ b/app/Controllers/indexController.php @@ -218,10 +218,10 @@ class FreshRSS_index_Controller extends Minz_ActionController { Minz_View::prependTitle (Minz_Translate::t ('logs') . ' - '); if (Minz_Request::isPost ()) { - file_put_contents(LOG_PATH . '/' . Minz_Configuration::currentUser() . '.log', ''); //Truncate + FreshRSS_LogDAO::truncate(); } - $logs = FreshRSS_LogDAO::lines(Minz_Configuration::currentUser()); //TODO: ask only the necessary lines + $logs = FreshRSS_LogDAO::lines(); //TODO: ask only the necessary lines //gestion pagination $page = Minz_Request::param ('page', 1); diff --git a/app/FreshRSS.php b/app/FreshRSS.php index 10f362717..0e166cc3b 100644 --- a/app/FreshRSS.php +++ b/app/FreshRSS.php @@ -1,22 +1,24 @@ accessControl($currentUser); + public function init() { + if (!isset($_SESSION)) { + Minz_Session::init('FreshRSS'); + } + $this->accessControl(Minz_Session::param('currentUser', '')); $this->loadParamsView(); $this->loadStylesAndScripts(); $this->loadNotifications(); } private function accessControl($currentUser) { - if ($currentUser === null) { + if ($currentUser == '') { switch (Minz_Configuration::authType()) { case 'http_auth': $currentUser = httpAuthUser(); $loginOk = $currentUser != ''; break; case 'persona': - $currentUser = Minz_Configuration::defaultUser(); + $currentUser = Minz_Configuration::defaultUser(); //TODO: Make Persona compatible with multi-user $loginOk = Minz_Session::param('mail') != ''; break; case 'none': @@ -24,28 +26,49 @@ class FreshRSS extends Minz_FrontController { $loginOk = true; break; default: + $currentUser = Minz_Configuration::defaultUser(); $loginOk = false; break; } - } elseif ((PHP_SAPI === 'cli') && (Minz_Request::actionName() === 'actualize')) { //Command line - Minz_Configuration::_authType('none'); + } else { $loginOk = true; } - if (!$loginOk || !isValidUser($currentUser)) { - $currentUser = Minz_Configuration::defaultUser(); - $loginOk = false; + if (!ctype_alnum($currentUser)) { + Minz_Session::_param('currentUser', ''); + die('Invalid username [' . $currentUser . ']!'); } - Minz_Configuration::_currentUser($currentUser); - Minz_View::_param ('loginOk', $loginOk); try { $this->conf = new FreshRSS_Configuration($currentUser); } catch (Minz_Exception $e) { - // Permission denied or conf file does not exist - die($e->getMessage()); + Minz_Session::_param('currentUser', ''); + die('Invalid configuration for user [' . $currentUser . ']! ' . $e->getMessage()); //Permission denied or conf file does not exist } Minz_View::_param ('conf', $this->conf); + Minz_Session::_param('currentUser', $currentUser); + + if ($loginOk) { + switch (Minz_Configuration::authType()) { + case 'http_auth': + $loginOk = $currentUser === httpAuthUser(); + break; + case 'persona': + $loginOk = Minz_Session::param('mail') === $this->conf->mail_login; + break; + case 'none': + $loginOk = true; + break; + default: + $loginOk = false; + break; + } + if ((!$loginOk) && (PHP_SAPI === 'cli') && (Minz_Request::actionName() === 'actualize')) { //Command line + Minz_Configuration::_authType('none'); + $loginOk = true; + } + } + Minz_View::_param ('loginOk', $loginOk); } private function loadParamsView () { diff --git a/app/Models/LogDAO.php b/app/Models/LogDAO.php index 6205468bd..d1e515200 100644 --- a/app/Models/LogDAO.php +++ b/app/Models/LogDAO.php @@ -1,9 +1,9 @@ init($user); - $front_controller->run(); - invalidateHttpCache($user); + Minz_Session::init('FreshRSS'); + Minz_Session::_param('currentUser', $user); + $freshRSS->init(); + $freshRSS->run(); + //invalidateHttpCache(); + touch(LOG_PATH . '/' . $user . '.log'); + Minz_Session::unset_session(true); } diff --git a/app/views/configure/users.phtml b/app/views/configure/users.phtml index db57448f6..cb6579a6b 100644 --- a/app/views/configure/users.phtml +++ b/app/views/configure/users.phtml @@ -9,10 +9,10 @@
    - + $_SERVER['REMOTE_USER'] =
    @@ -34,7 +34,7 @@
    - + diff --git a/lib/Minz/Configuration.php b/lib/Minz/Configuration.php index e6d7ae471..1513af6d0 100644 --- a/lib/Minz/Configuration.php +++ b/lib/Minz/Configuration.php @@ -51,7 +51,6 @@ class Minz_Configuration { private static $cache_enabled = false; private static $delay_cache = 3600; private static $default_user = ''; - private static $current_user = ''; private static $allow_anonymous = false; private static $auth_type = 'none'; @@ -95,11 +94,8 @@ class Minz_Configuration { public static function defaultUser () { return self::$default_user; } - public static function currentUser () { - return self::$current_user; - } - public static function isAdmin () { - return self::$current_user === self::$default_user; + public static function isAdmin($currentUser) { + return $currentUser === self::$default_user; } public static function allowAnonymous() { return self::$allow_anonymous; @@ -127,10 +123,6 @@ class Minz_Configuration { break; } } - public static function _currentUser($user) { - self::$current_user = $user; - } - /** * Initialise les variables de configuration @@ -255,7 +247,6 @@ class Minz_Configuration { } if (isset ($general['default_user'])) { self::$default_user = $general['default_user']; - self::$current_user = self::$default_user; } if (isset ($general['allow_anonymous'])) { self::$allow_anonymous = ((bool)($general['allow_anonymous'])) && ($general['allow_anonymous'] !== 'no'); diff --git a/lib/Minz/Log.php b/lib/Minz/Log.php index 968301c81..e710aad4a 100644 --- a/lib/Minz/Log.php +++ b/lib/Minz/Log.php @@ -37,7 +37,7 @@ class Minz_Log { || ($env === Minz_Configuration::PRODUCTION && ($level >= Minz_Log::NOTICE)))) { if ($file_name === null) { - $file_name = LOG_PATH . '/' . Minz_Configuration::currentUser() . '.log'; + $file_name = LOG_PATH . '/' . Minz_Session::param('currentUser', '_') . '.log'; } switch ($level) { diff --git a/lib/Minz/ModelPdo.php b/lib/Minz/ModelPdo.php index 9655539b2..1ea68e104 100644 --- a/lib/Minz/ModelPdo.php +++ b/lib/Minz/ModelPdo.php @@ -60,8 +60,7 @@ class Minz_ModelPdo { ); self::$sharedBd = $this->bd; - $userPrefix = Minz_Configuration::currentUser (); - $this->prefix = $db['prefix'] . (empty($userPrefix) ? '' : ($userPrefix . '_')); + $this->prefix = $db['prefix'] . Minz_Session::param('currentUser', '_') . '_'; self::$sharedPrefix = $this->prefix; } catch (Exception $e) { throw new Minz_PDOConnectionException ( diff --git a/lib/Minz/Session.php b/lib/Minz/Session.php index 6e45fd226..3f6ed88a3 100644 --- a/lib/Minz/Session.php +++ b/lib/Minz/Session.php @@ -8,7 +8,7 @@ class Minz_Session { /** * $session stocke les variables de session */ - private static $session = array (); + private static $session = array (); //TODO: Try to avoid having another local copy /** * Initialise la session, avec un nom @@ -33,13 +33,7 @@ class Minz_Session { * @return la valeur de la variable de session, false si n'existe pas */ public static function param ($p, $default = false) { - if (isset (self::$session[$p])) { - $return = self::$session[$p]; - } else { - $return = $default; - } - - return $return; + return isset(self::$session[$p]) ? self::$session[$p] : $default; } diff --git a/lib/lib_rss.php b/lib/lib_rss.php index b266fa5c7..7489f2bf5 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -163,8 +163,9 @@ function uSecString() { return str_pad($t['usec'], 6, '0'); } -function invalidateHttpCache($currentUser = '') { //TODO: Make multi-user compatible - file_put_contents(DATA_PATH . '/touch.txt', uTimeString()); +function invalidateHttpCache() { + //touch(LOG_PATH . '/' . Minz_Session::param('currentUser', '_') . '.log'); + Minz_Session::_param('touch', uTimeString()); } function usernameFromPath($userPath) { @@ -175,10 +176,6 @@ function usernameFromPath($userPath) { } } -function isValidUser($user) { - return $user != '' && ctype_alnum($user) && file_exists(DATA_PATH . '/' . $user . '_user.php'); -} - function listUsers() { return array_map('usernameFromPath', glob(DATA_PATH . '/*_user.php')); } diff --git a/p/i/index.php b/p/i/index.php index 8d9343a30..3dcf659c9 100755 --- a/p/i/index.php +++ b/p/i/index.php @@ -22,22 +22,23 @@ if (file_exists ('install.php')) { require('install.php'); } else { require('../../constants.php'); + require(LIB_PATH . '/lib_rss.php'); //Includes class autoloader session_cache_limiter(''); + Minz_Session::init('FreshRSS'); + if (!file_exists(DATA_PATH . '/no-cache.txt')) { - require (LIB_PATH . '/http-conditional.php'); - $dateLastModification = max( - @filemtime(DATA_PATH . '/touch.txt'), + require(LIB_PATH . '/http-conditional.php'); + $currentUser = Minz_Session::param('currentUser', ''); + $dateLastModification = $currentUser === '' ? time() : max( + @filemtime(LOG_PATH . '/' . $currentUser . '.log'), @filemtime(DATA_PATH . '/config.php') ); - $_SERVER['QUERY_STRING'] .= '&utime=' . file_get_contents(DATA_PATH . '/touch.txt'); //For ETag if (httpConditional($dateLastModification, 0, 0, false, false, true)) { exit(); //No need to send anything } } - require(LIB_PATH . '/lib_rss.php'); //Includes class autoloader - try { $front_controller = new FreshRSS(); $front_controller->init (); -- cgit v1.2.3 From 1ac09e7fe4a5408290d06116c6fb8152e018fe26 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Tue, 31 Dec 2013 02:59:07 +0100 Subject: Multi-utilisateur fonctionnel en HTTP Auth MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit + Possibilité d'ajout / suppression d'utilisateur (seulement par l'administrateur) + Divers changements pour le mode multi-utilisateur https://github.com/marienfressinaud/FreshRSS/issues/126 + Minz : Renomme "sel_application" en "salt' --- app/Controllers/configureController.php | 41 ++-------- app/Controllers/entryController.php | 28 +++---- app/Controllers/usersController.php | 132 ++++++++++++++++++++++++++++++++ app/Models/UserDAO.php | 33 ++++++++ app/i18n/en.php | 7 +- app/i18n/fr.php | 7 +- app/sql.php | 20 ++--- app/views/configure/archiving.phtml | 23 ++++-- app/views/configure/users.phtml | 91 ++++++++++++++++++---- lib/Minz/Configuration.php | 53 +++++++------ lib/Minz/FileNotExistException.php | 2 +- lib/Minz/ModelPdo.php | 12 ++- p/i/install.php | 48 ++++-------- 13 files changed, 353 insertions(+), 144 deletions(-) create mode 100644 app/Controllers/usersController.php create mode 100644 app/Models/UserDAO.php (limited to 'lib/Minz/Configuration.php') diff --git a/app/Controllers/configureController.php b/app/Controllers/configureController.php index 2260e978b..17abf6b89 100755 --- a/app/Controllers/configureController.php +++ b/app/Controllers/configureController.php @@ -309,41 +309,6 @@ class FreshRSS_configure_Controller extends Minz_ActionController { } public function usersAction() { - if (Minz_Request::isPost()) { - $ok = true; - $current_token = $this->view->conf->token; - - $mail = Minz_Request::param('mail_login', false); - $token = Minz_Request::param('token', $current_token); - - $this->view->conf->_mail_login($mail); - $this->view->conf->_token($token); - $ok &= $this->view->conf->save(); - - Minz_Session::_param('mail', $this->view->conf->mail_login); - - if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) { - $anon = Minz_Request::param('anon_access', false); - $anon = ((bool)$anon) && ($anon !== 'no'); - $auth_type = Minz_Request::param('auth_type', 'none'); - if ($anon != Minz_Configuration::allowAnonymous() || - $auth_type != Minz_Configuration::authType()) { - Minz_Configuration::_allowAnonymous($anon); - Minz_Configuration::_authType($auth_type); - $ok &= Minz_Configuration::writeFile(); - } - } - - //TODO: use $ok - $notif = array( - 'type' => 'good', - 'content' => Minz_Translate::t('configuration_updated') - ); - Minz_Session::_param('notification', $notif); - - Minz_Request::forward(array('c' => 'configure', 'a' => 'users'), true); - } - Minz_View::prependTitle(Minz_Translate::t ('users') . ' - '); } @@ -369,6 +334,10 @@ class FreshRSS_configure_Controller extends Minz_ActionController { $entryDAO = new FreshRSS_EntryDAO(); $this->view->nb_total = $entryDAO->count(); - $this->view->size_total = $entryDAO->size(); + $this->view->size_user = $entryDAO->size(); + + if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) { + $this->view->size_total = $entryDAO->size(true); + } } } diff --git a/app/Controllers/entryController.php b/app/Controllers/entryController.php index da4ab5ecc..a24dfe6d6 100755 --- a/app/Controllers/entryController.php +++ b/app/Controllers/entryController.php @@ -16,6 +16,7 @@ class FreshRSS_entry_Controller extends Minz_ActionController { $this->view->_useLayout (false); } } + public function lastAction () { $ajax = Minz_Request::param ('ajax'); if (!$ajax && $this->redirect) { @@ -87,22 +88,23 @@ class FreshRSS_entry_Controller extends Minz_ActionController { } public function optimizeAction() { - @set_time_limit(300); - invalidateHttpCache(); + if (Minz_Request::isPost()) { + @set_time_limit(300); - // La table des entrées a tendance à grossir énormément - // Cette action permet d'optimiser cette table permettant de grapiller un peu de place - // Cette fonctionnalité n'est à appeler qu'occasionnellement - $entryDAO = new FreshRSS_EntryDAO(); - $entryDAO->optimizeTable(); + // La table des entrées a tendance à grossir énormément + // Cette action permet d'optimiser cette table permettant de grapiller un peu de place + // Cette fonctionnalité n'est à appeler qu'occasionnellement + $entryDAO = new FreshRSS_EntryDAO(); + $entryDAO->optimizeTable(); - invalidateHttpCache(); + invalidateHttpCache(); - $notif = array ( - 'type' => 'good', - 'content' => Minz_Translate::t ('optimization_complete') - ); - Minz_Session::_param ('notification', $notif); + $notif = array ( + 'type' => 'good', + 'content' => Minz_Translate::t ('optimization_complete') + ); + Minz_Session::_param ('notification', $notif); + } Minz_Request::forward(array( 'c' => 'configure', diff --git a/app/Controllers/usersController.php b/app/Controllers/usersController.php new file mode 100644 index 000000000..7d9568083 --- /dev/null +++ b/app/Controllers/usersController.php @@ -0,0 +1,132 @@ +view->loginOk) { + Minz_Error::error( + 403, + array('error' => array(Minz_Translate::t('access_denied'))) + ); + } + } + + public function idAction() { + if (Minz_Request::isPost()) { + $ok = true; + $mail = Minz_Request::param('mail_login', false); + $this->view->conf->_mail_login($mail); + $ok &= $this->view->conf->save(); + + Minz_Session::_param('mail', $this->view->conf->mail_login); + + //TODO: use $ok + $notif = array( + 'type' => 'good', + 'content' => Minz_Translate::t('configuration_updated') + ); + Minz_Session::_param('notification', $notif); + + Minz_Request::forward(array('c' => 'configure', 'a' => 'users'), true); + } + } + + public function authAction() { + if (Minz_Request::isPost() && Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) { + $ok = true; + $current_token = $this->view->conf->token; + $token = Minz_Request::param('token', $current_token); + $this->view->conf->_token($token); + $ok &= $this->view->conf->save(); + + Minz_Session::_param('mail', $this->view->conf->mail_login); + + $anon = Minz_Request::param('anon_access', false); + $anon = ((bool)$anon) && ($anon !== 'no'); + $auth_type = Minz_Request::param('auth_type', 'none'); + if ($anon != Minz_Configuration::allowAnonymous() || + $auth_type != Minz_Configuration::authType()) { + Minz_Configuration::_allowAnonymous($anon); + Minz_Configuration::_authType($auth_type); + $ok &= Minz_Configuration::writeFile(); + } + + $notif = array( + 'type' => $ok ? 'good' : 'bad', + 'content' => Minz_Translate::t($ok ? 'configuration_updated' : 'error_occurred') + ); + Minz_Session::_param('notification', $notif); + } + Minz_Request::forward(array('c' => 'configure', 'a' => 'users'), true); + } + + public function createAction() { + if (Minz_Request::isPost() && Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) { + require_once(APP_PATH . '/sql.php'); + + $new_user_language = Minz_Request::param('new_user_language', $this->view->conf->language); + if (!in_array($new_user_language, $this->view->conf->availableLanguages())) { + $new_user_language = $this->view->conf->language; + } + + $new_user_name = Minz_Request::param('new_user_name'); + $ok = ctype_alnum($new_user_name); + + $new_user_email = filter_var($_POST['new_user_email'], FILTER_VALIDATE_EMAIL); + if (empty($new_user_email)) { + $new_user_email = ''; + $ok &= Minz_Configuration::authType() !== 'persona'; + } + + if ($ok) { + $configPath = DATA_PATH . '/' . $new_user_name . '_user.php'; + $ok &= !file_exists($configPath); + } + if ($ok) { + $config_array = array( + 'language' => $new_user_language, + 'mail_login' => $new_user_email, + ); + $ok &= (file_put_contents($configPath, "createUser($new_user_name); + } + + $notif = array( + 'type' => $ok ? 'good' : 'bad', + 'content' => Minz_Translate::t($ok ? 'user_created' : 'error_occurred', $new_user_name) + ); + Minz_Session::_param('notification', $notif); + } + Minz_Request::forward(array('c' => 'configure', 'a' => 'users'), true); + } + + public function deleteAction() { + if (Minz_Request::isPost() && Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) { + require_once(APP_PATH . '/sql.php'); + + $username = Minz_Request::param('username'); + $ok = ctype_alnum($username); + + if ($ok) { + $ok &= ($username !== Minz_Configuration::defaultUser()); //It is forbidden to delete the default user + } + if ($ok) { + $configPath = DATA_PATH . '/' . $username . '_user.php'; + $ok &= file_exists($configPath); + } + if ($ok) { + $userDAO = new FreshRSS_UserDAO(); + $ok &= $userDAO->deleteUser($username); + $ok &= unlink($configPath); + } + $notif = array( + 'type' => $ok ? 'good' : 'bad', + 'content' => Minz_Translate::t($ok ? 'user_deleted' : 'error_occurred', $username) + ); + Minz_Session::_param('notification', $notif); + } + Minz_Request::forward(array('c' => 'configure', 'a' => 'users'), true); + } +} diff --git a/app/Models/UserDAO.php b/app/Models/UserDAO.php new file mode 100644 index 000000000..afa049fb9 --- /dev/null +++ b/app/Models/UserDAO.php @@ -0,0 +1,33 @@ +bd->prepare($sql, array(PDO::ATTR_EMULATE_PREPARES => true)); + if ($stm && $stm->execute()) { + return true; + } else { + $info = $stm->errorInfo(); + Minz_Log::record ('SQL error : ' . $info[2], Minz_Log::ERROR); + return false; + } + } + + public function deleteUser($username) { + require_once(APP_PATH . '/sql.php'); + $db = Minz_Configuration::dataBase(); + + $sql = sprintf(SQL_DROP_TABLES, $db['prefix'] . $username . '_'); + $stm = $this->bd->prepare($sql); + if ($stm && $stm->execute()) { + return true; + } else { + $info = $stm->errorInfo(); + Minz_Log::record ('SQL error : ' . $info[2], Minz_Log::ERROR); + return false; + } + } +} diff --git a/app/i18n/en.php b/app/i18n/en.php index 8b9eee548..28aa1296a 100644 --- a/app/i18n/en.php +++ b/app/i18n/en.php @@ -137,7 +137,7 @@ return array ( 'articles' => 'articles', 'number_articles' => 'Number of articles', 'by_feed' => 'by feed', - 'by_default' => 'By default', + 'by_default' => 'By default', 'keep_history' => 'Minimum number of articles to keep', 'categorize' => 'Store in a category', 'truncate' => 'Delete all articles', @@ -167,6 +167,11 @@ return array ( 'auth_type' => 'Authentication method', 'auth_none' => 'None (dangerous)', 'users_list' => 'List of users', + 'create_user' => 'Create new user', + 'username' => 'Username', + 'create' => 'Create', + 'user_created' => 'User %s has been created', + 'user_deleted' => 'User %s has been deleted', 'language' => 'Language', 'month' => 'months', diff --git a/app/i18n/fr.php b/app/i18n/fr.php index cad156d47..39aeaf29a 100644 --- a/app/i18n/fr.php +++ b/app/i18n/fr.php @@ -137,7 +137,7 @@ return array ( 'articles' => 'articles', 'number_articles' => 'Nombre d’articles', 'by_feed' => 'par flux', - 'by_default' => 'Par défaut', + 'by_default' => 'Par défaut', 'keep_history' => 'Nombre minimum d’articles à conserver', 'categorize' => 'Ranger dans une catégorie', 'truncate' => 'Supprimer tous les articles', @@ -167,6 +167,11 @@ return array ( 'auth_type' => 'Méthode d’authentification', 'auth_none' => 'Aucune (dangereux)', 'users_list' => 'Liste des utilisateurs', + 'create_user' => 'Créer un nouvel utilisateur', + 'username' => 'Nom d’utilisateur', + 'create' => 'Créer', + 'user_created' => 'L’utilisateur %s a été créé', + 'user_deleted' => 'L’utilisateur %s a été supprimé', 'language' => 'Langue', 'month' => 'mois', diff --git a/app/sql.php b/app/sql.php index 6951d7231..8646b4da5 100644 --- a/app/sql.php +++ b/app/sql.php @@ -1,16 +1,15 @@ ">

    - +
    @@ -31,17 +31,28 @@
    + +
    +
    - +

    -

    nb_total; ?> , size_total); ?>.

    -

    - -

    +

    nb_total, ' ', Minz_Translate::t('articles'), ', ', formatBytes($this->size_user); ?>

    + +
    + + +
    +

    +
    +

    size_total); ?>

    +
    +
    +
    diff --git a/app/views/configure/users.phtml b/app/views/configure/users.phtml index cb6579a6b..223f81e8d 100644 --- a/app/views/configure/users.phtml +++ b/app/views/configure/users.phtml @@ -3,16 +3,15 @@
    -
    +
    - $_SERVER['REMOTE_USER'] =
    @@ -22,21 +21,25 @@ conf->mail_login; ?>
    - + placeholder="alice@example.net" />
    +
    + +
    - + - +
    +
    @@ -46,17 +49,7 @@ -
    -
    - -
    - -
    - + $_SERVER['REMOTE_USER'] = ``
    @@ -67,6 +60,8 @@
    + + Mozilla Persona
    @@ -95,4 +90,66 @@ + +
    + + +
    + +
    + +
    +
    + +
    +
    + +
    +
    +
    + +
    + + +
    + +
    + +
    +
    + +
    + +
    + +
    +
    + +
    + + conf->mail_login; ?> +
    + +
    +
    + +
    +
    + + +
    +
    + +
    + +
    diff --git a/lib/Minz/Configuration.php b/lib/Minz/Configuration.php index 1513af6d0..873908ce6 100644 --- a/lib/Minz/Configuration.php +++ b/lib/Minz/Configuration.php @@ -28,7 +28,7 @@ class Minz_Configuration { /** * définition des variables de configuration - * $sel_application une chaîne de caractères aléatoires (obligatoire) + * $salt une chaîne de caractères aléatoires (obligatoire) * $environment gère le niveau d'affichage pour log et erreurs * $use_url_rewriting indique si on utilise l'url_rewriting * $base_url le chemin de base pour accéder à l'application @@ -42,7 +42,7 @@ class Minz_Configuration { * - password mot de passe de l'utilisateur * - base le nom de la base de données */ - private static $sel_application = ''; + private static $salt = ''; private static $environment = Minz_Configuration::PRODUCTION; private static $base_url = ''; private static $use_url_rewriting = false; @@ -55,17 +55,19 @@ class Minz_Configuration { private static $auth_type = 'none'; private static $db = array ( - 'host' => false, - 'user' => false, - 'password' => false, - 'base' => false + 'type' => 'mysql', + 'host' => '', + 'user' => '', + 'password' => '', + 'base' => '', + 'prefix' => '', ); /* * Getteurs */ public static function salt () { - return self::$sel_application; + return self::$salt; } public static function environment () { return self::$environment; @@ -145,7 +147,7 @@ class Minz_Configuration { 'general' => array( 'environment' => self::$environment, 'use_url_rewriting' => self::$use_url_rewriting, - 'sel_application' => self::$sel_application, + 'salt' => self::$salt, 'base_url' => self::$base_url, 'title' => self::$title, 'default_user' => self::$default_user, @@ -189,14 +191,18 @@ class Minz_Configuration { } $general = $ini_array['general']; - // sel_application est obligatoire - if (!isset ($general['sel_application'])) { - throw new Minz_BadConfigurationException ( - 'sel_application', - Minz_Exception::ERROR - ); + // salt est obligatoire + if (!isset ($general['salt'])) { + if (isset($general['sel_application'])) { //v0.6 + $general['salt'] = $general['sel_application']; + } else { + throw new Minz_BadConfigurationException ( + 'salt', + Minz_Exception::ERROR + ); + } } - self::$sel_application = $general['sel_application']; + self::$salt = $general['salt']; if (isset ($general['environment'])) { switch ($general['environment']) { @@ -256,18 +262,15 @@ class Minz_Configuration { } // Base de données - $db = false; if (isset ($ini_array['db'])) { $db = $ini_array['db']; - } - if ($db) { - if (!isset ($db['host'])) { + if (empty($db['host'])) { throw new Minz_BadConfigurationException ( 'host', Minz_Exception::ERROR ); } - if (!isset ($db['user'])) { + if (empty($db['user'])) { throw new Minz_BadConfigurationException ( 'user', Minz_Exception::ERROR @@ -279,19 +282,23 @@ class Minz_Configuration { Minz_Exception::ERROR ); } - if (!isset ($db['base'])) { + if (empty($db['base'])) { throw new Minz_BadConfigurationException ( 'base', Minz_Exception::ERROR ); } - self::$db['type'] = isset ($db['type']) ? $db['type'] : 'mysql'; + if (!empty($db['type'])) { + self::$db['type'] = $db['type']; + } self::$db['host'] = $db['host']; self::$db['user'] = $db['user']; self::$db['password'] = $db['password']; self::$db['base'] = $db['base']; - self::$db['prefix'] = isset ($db['prefix']) ? $db['prefix'] : ''; + if (isset($db['prefix'])) { + self::$db['prefix'] = $db['prefix']; + } } } diff --git a/lib/Minz/FileNotExistException.php b/lib/Minz/FileNotExistException.php index df2b8ff6c..f8dfbdf66 100644 --- a/lib/Minz/FileNotExistException.php +++ b/lib/Minz/FileNotExistException.php @@ -1,7 +1,7 @@ */ @@ -23,7 +23,7 @@ class Minz_ModelPdo { protected $bd; protected $prefix; - + /** * Créé la connexion à la base de données à l'aide des variables * HOST, BASE, USER et PASS définies dans le fichier de configuration @@ -80,11 +80,15 @@ class Minz_ModelPdo { $this->bd->rollBack(); } - public function size() { + public function size($all = false) { $db = Minz_Configuration::dataBase (); $sql = 'SELECT SUM(data_length + index_length) FROM information_schema.TABLES WHERE table_schema = ?'; - $stm = $this->bd->prepare ($sql); $values = array ($db['base']); + if (!$all) { + $sql .= ' AND table_name LIKE ?'; + $values[] = $this->prefix . '%'; + } + $stm = $this->bd->prepare ($sql); $stm->execute ($values); $res = $stm->fetchAll(PDO::FETCH_COLUMN, 0); return $res[0]; diff --git a/p/i/install.php b/p/i/install.php index 672f64b94..e953cf699 100644 --- a/p/i/install.php +++ b/p/i/install.php @@ -12,6 +12,8 @@ if (isset ($_GET['step'])) { define ('STEP', 1); } +define('SQL_CREATE_DB', 'CREATE DATABASE %1$s DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;'); + include(APP_PATH . '/sql.php'); // @@ -151,7 +153,7 @@ function saveStep2 () { return false; } - $_SESSION['sel_application'] = sha1(uniqid(mt_rand(), true).implode('', stat(__FILE__))); + $_SESSION['salt'] = sha1(uniqid(mt_rand(), true).implode('', stat(__FILE__))); $_SESSION['title'] = substr(trim($_POST['title']), 0, 25); $_SESSION['old_entries'] = $_POST['old_entries']; if ((!ctype_digit($_SESSION['old_entries'])) || ($_SESSION['old_entries'] < 1)) { @@ -162,7 +164,7 @@ function saveStep2 () { $token = ''; if ($_SESSION['mail_login']) { - $token = sha1($_SESSION['sel_application'] . $_SESSION['mail_login']); + $token = sha1($_SESSION['salt'] . $_SESSION['mail_login']); } $config_array = array ( @@ -173,7 +175,7 @@ function saveStep2 () { ); $configPath = DATA_PATH . '/' . $_SESSION['default_user'] . '_user.php'; - @unlink(configPath); //To avoid access-rights problems + @unlink($configPath); //To avoid access-rights problems file_put_contents($configPath, " array( 'environment' => empty($_SESSION['environment']) ? 'production' : $_SESSION['environment'], 'use_url_rewriting' => false, - 'sel_application' => $_SESSION['sel_application'], + 'salt' => $_SESSION['salt'], 'base_url' => '', 'title' => $_SESSION['title'], 'default_user' => $_SESSION['default_user'], @@ -424,7 +426,7 @@ function checkStep0 () { if ($ini_array) { $ini_general = isset($ini_array['general']) ? $ini_array['general'] : null; if ($ini_general) { - $keys = array('environment', 'sel_application', 'title', 'default_user'); + $keys = array('environment', 'salt', 'title', 'default_user'); foreach ($keys as $key) { if ((empty($_SESSION[$key])) && isset($ini_general[$key])) { $_SESSION[$key] = $ini_general[$key]; @@ -496,7 +498,7 @@ function checkStep1 () { } function checkStep2 () { - $conf = !empty($_SESSION['sel_application']) && + $conf = !empty($_SESSION['salt']) && !empty($_SESSION['title']) && !empty($_SESSION['old_entries']) && isset($_SESSION['mail_login']) && @@ -537,7 +539,7 @@ function checkStep3 () { } function checkBD () { - $error = false; + $ok = false; try { $str = ''; @@ -575,35 +577,18 @@ function checkBD () { $res = $c->query($sql); //Backup tables } - $sql = sprintf (SQL_CAT, $_SESSION['bd_prefix_user']); - $res = $c->query ($sql); - - if (!$res) { - $error = true; - } - - $sql = sprintf (SQL_FEED, $_SESSION['bd_prefix_user']); - $res = $c->query ($sql); - - if (!$res) { - $error = true; - } - - $sql = sprintf (SQL_ENTRY, $_SESSION['bd_prefix_user']); - $res = $c->query ($sql); - - if (!$res) { - $error = true; - } + $sql = sprintf(SQL_CREATE_TABLES, $_SESSION['bd_prefix_user']); + $stm = $c->prepare($sql, array(PDO::ATTR_EMULATE_PREPARES => true)); + $ok = $stm->execute(); } catch (PDOException $e) { $error = true; } - if ($error && file_exists (DATA_PATH . '/config.php')) { - unlink (DATA_PATH . '/config.php'); + if (!$ok) { + @unlink(DATA_PATH . '/config.php'); } - return !$error; + return $ok; } /*** AFFICHAGE ***/ @@ -729,9 +714,6 @@ function printStep2 () {
    -
    -- cgit v1.2.3 From 66229a5d71b85c0a57d63fa8b1cc6e5729cabfe4 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Wed, 1 Jan 2014 04:39:39 +0100 Subject: Minz : bug avec OPcache de PHP 5.5+ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Minz ne prenait pas en charge OPcache (cache PHP) http://php.net/opcache activé par défaut depuis PHP5.5. Ce fut un peu dur d'isoler ce bug :-/ Il faut penser à appeler opcache_invalidate avant de ré-utiliser un fichier par include(). Aussi, le mécanisme de lock() n'est plus approprié ni nécessaire. Pour FreshRSS, évite l'utilisation de ModelArray car il ne restait que quelques lignes d'utiles, et évite un héritage + appel de classe, ce qui est toujours ça de gagné. --- app/Models/Configuration.php | 20 +++++++++++++++----- lib/Minz/Configuration.php | 17 +++++++---------- lib/Minz/ModelArray.php | 5 ++++- 3 files changed, 26 insertions(+), 16 deletions(-) (limited to 'lib/Minz/Configuration.php') diff --git a/app/Models/Configuration.php b/app/Models/Configuration.php index ec7daaa7d..abd874f27 100644 --- a/app/Models/Configuration.php +++ b/app/Models/Configuration.php @@ -1,6 +1,8 @@ 'en', 'old_entries' => 3, @@ -60,10 +62,12 @@ class FreshRSS_Configuration extends Minz_ModelArray { ); public function __construct ($user) { - $filename = DATA_PATH . '/' . $user . '_user.php'; + $this->filename = DATA_PATH . '/' . $user . '_user.php'; - parent::__construct($filename); - $data = parent::loadArray(); + $data = include($this->filename); + if (!is_array($data)) { + throw new Minz_PermissionDeniedException($this->filename); + } foreach ($data as $key => $value) { if (isset($this->data[$key])) { @@ -75,8 +79,14 @@ class FreshRSS_Configuration extends Minz_ModelArray { } public function save() { + if (file_put_contents($this->filename, "filename); + } + if (function_exists('opcache_invalidate')) { + opcache_invalidate($this->filename); //Clear PHP 5.5+ cache for include + } invalidateHttpCache(); - return parent::writeArray($this->data); + return true; } public function __get($name) { diff --git a/lib/Minz/Configuration.php b/lib/Minz/Configuration.php index 873908ce6..fc94d9731 100644 --- a/lib/Minz/Configuration.php +++ b/lib/Minz/Configuration.php @@ -157,25 +157,22 @@ class Minz_Configuration { 'db' => self::$db, ); @rename(DATA_PATH . self::CONF_PATH_NAME, DATA_PATH . self::CONF_PATH_NAME . '.bak'); - return file_put_contents(DATA_PATH . self::CONF_PATH_NAME, "filename, "filename, "filename); } + if (function_exists('opcache_invalidate')) { + opcache_invalidate($this->filename); //Clear PHP 5.5+ cache for include + } return true; } -- cgit v1.2.3 From 8beb15460a3c55c37264fdf414e7dcf9ff4e2a62 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Wed, 1 Jan 2014 05:06:36 +0100 Subject: Sauvegardes avec extension .bak.php pour plus de sécurité MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Évite le téléchargement --- app/Models/Configuration.php | 2 +- data/.gitignore | 2 +- lib/Minz/Configuration.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/Minz/Configuration.php') diff --git a/app/Models/Configuration.php b/app/Models/Configuration.php index a39d47888..e0ae3bf6b 100644 --- a/app/Models/Configuration.php +++ b/app/Models/Configuration.php @@ -79,7 +79,7 @@ class FreshRSS_Configuration { } public function save() { - @rename($this->filename, $this->filename . '.bak'); + @rename($this->filename, $this->filename . '.bak.php'); if (file_put_contents($this->filename, "data, true) . ';', LOCK_EX) === false) { throw new Minz_PermissionDeniedException($this->filename); } diff --git a/data/.gitignore b/data/.gitignore index 1d8393f3b..005982b00 100644 --- a/data/.gitignore +++ b/data/.gitignore @@ -4,4 +4,4 @@ config.php *.sqlite touch.txt no-cache.txt -*.bak +*.bak.php diff --git a/lib/Minz/Configuration.php b/lib/Minz/Configuration.php index fc94d9731..2c30661ed 100644 --- a/lib/Minz/Configuration.php +++ b/lib/Minz/Configuration.php @@ -156,7 +156,7 @@ class Minz_Configuration { ), 'db' => self::$db, ); - @rename(DATA_PATH . self::CONF_PATH_NAME, DATA_PATH . self::CONF_PATH_NAME . '.bak'); + @rename(DATA_PATH . self::CONF_PATH_NAME, DATA_PATH . self::CONF_PATH_NAME . '.bak.php'); $result = file_put_contents(DATA_PATH . self::CONF_PATH_NAME, " Date: Sun, 12 Jan 2014 03:10:31 +0100 Subject: Implémentation de l'indentification par mot de passe MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Implémentation de https://github.com/marienfressinaud/FreshRSS/issues/104 --- CHANGELOG | 3 ++ app/Controllers/indexController.php | 52 +++++++++++++++++++++++++++-- app/Controllers/javascriptController.php | 12 +++---- app/Controllers/usersController.php | 26 ++++++++++++--- app/FreshRSS.php | 27 ++++++++++++--- app/i18n/en.php | 7 ++-- app/i18n/fr.php | 7 ++-- app/layout/header.phtml | 51 +++++++++++++++++++--------- app/views/configure/users.phtml | 16 ++++++--- app/views/helpers/javascript_vars.phtml | 4 +-- app/views/helpers/view/login.phtml | 43 ++++++++++++++++++++++++ app/views/index/index.phtml | 14 ++------ lib/Minz/Configuration.php | 3 +- lib/Minz/FrontController.php | 2 +- p/scripts/main.js | 57 ++++++++++++++++++++++++++++++-- 15 files changed, 265 insertions(+), 59 deletions(-) create mode 100644 app/views/helpers/view/login.phtml (limited to 'lib/Minz/Configuration.php') diff --git a/CHANGELOG b/CHANGELOG index fe856fe4a..5c9b56465 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -5,6 +5,8 @@ * Nouveau mode multi-utilisateur * L’utilisateur par défaut (administrateur) peut créer et supprimer d’autres utilisateurs * Nécessite un contrôle d’accès, soit : + * par le nouveau mode de connexion par formulaire (nom d’utilisateur + mot de passe) + * relativement sûr même sans HTTPS (le mot de passe n’est pas transmis en clair) * par HTTP (par exemple sous Apache en créant un fichier ./p/i/.htaccess et .htpasswd) * le nom d’utilisateur HTTP doit correspondre au nom d’utilisateur FreshRSS * par Mozilla Persona, en renseignant l’adresse courriel des utilisateurs @@ -68,6 +70,7 @@ * Réorganisation des fichiers et répertoires, en particulier : * Tous les fichiers utilisateur sont dans “./data/” (y compris “cache”, “favicons”, et “log”) * Déplacement de “./app/configuration/application.ini” vers “./data/config.php” + * Meilleure sécurité et compatibilité * Déplacement de “./public/data/Configuration.array.php” vers “./data/*_user.php” * Déplacement de “./public/” vers “./p/” * Déplacement de “./public/index.php” vers “./p/i/index.php” (voir cookie ci-dessous) diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php index 81dfefabb..772a08f30 100755 --- a/app/Controllers/indexController.php +++ b/app/Controllers/indexController.php @@ -47,8 +47,6 @@ class FreshRSS_index_Controller extends Minz_ActionController { $this->view->_useLayout (false); header('Content-Type: application/rss+xml; charset=utf-8'); } else { - Minz_View::appendScript (Minz_Url::display ('/scripts/shortcut.js?' . @filemtime(PUBLIC_PATH . '/scripts/shortcut.js'))); - if ($output === 'global') { Minz_View::appendScript (Minz_Url::display ('/scripts/global_view.js?' . @filemtime(PUBLIC_PATH . '/scripts/global_view.js'))); } @@ -290,8 +288,56 @@ class FreshRSS_index_Controller extends Minz_ActionController { } public function logoutAction () { + $this->view->_useLayout(false); + invalidateHttpCache(); + Minz_Session::_param('currentUser'); + Minz_Session::_param('mail'); + Minz_Session::_param('passwordHash'); + } + + public function formLoginAction () { $this->view->_useLayout (false); - Minz_Session::_param ('mail'); + if (Minz_Request::isPost()) { + $ok = false; + $nonce = Minz_Session::param('nonce'); + $username = Minz_Request::param('username', ''); + $c = Minz_Request::param('challenge', ''); + if (ctype_alnum($username) && ctype_graph($c) && ctype_alnum($nonce)) { + if (!function_exists('password_verify')) { + include_once(LIB_PATH . '/password_compat.php'); + } + try { + $conf = new FreshRSS_Configuration($username); + $s = $conf->passwordHash; + $ok = password_verify($nonce . $s, $c); + if ($ok) { + Minz_Session::_param('currentUser', $username); + Minz_Session::_param('passwordHash', $s); + } else { + Minz_Log::record('Password mismatch for user ' . $username . ', nonce=' . $nonce . ', c=' . $c, Minz_Log::WARNING); + } + } catch (Minz_Exception $me) { + Minz_Log::record('Login failure: ' . $me->getMessage(), Minz_Log::WARNING); + } + } + if (!$ok) { + $notif = array( + 'type' => 'bad', + 'content' => Minz_Translate::t('invalid_login') + ); + Minz_Session::_param('notification', $notif); + } + } + invalidateHttpCache(); + Minz_Request::forward(array('c' => 'index', 'a' => 'index'), true); + } + + public function formLogoutAction () { + $this->view->_useLayout(false); invalidateHttpCache(); + Minz_Session::_param('currentUser'); + Minz_Session::_param('mail'); + Minz_Session::_param('passwordHash'); + Minz_Request::forward(array('c' => 'index', 'a' => 'index'), true); } } diff --git a/app/Controllers/javascriptController.php b/app/Controllers/javascriptController.php index e29f439d8..02e424437 100755 --- a/app/Controllers/javascriptController.php +++ b/app/Controllers/javascriptController.php @@ -17,7 +17,7 @@ class FreshRSS_javascript_Controller extends Minz_ActionController { $this->view->categories = $catDAO->listCategories(true, false); } - // For Web-form login + //For Web-form login public function nonceAction() { header('Content-Type: application/json; charset=UTF-8'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s \G\M\T')); @@ -29,15 +29,15 @@ class FreshRSS_javascript_Controller extends Minz_ActionController { if (ctype_alnum($user)) { try { $conf = new FreshRSS_Configuration($user); - $hash = $conf->passwordHash; //CRYPT_BLOWFISH - Blowfish hashing with a salt as follows: "$2a$", "$2x$" or "$2y$", a two digit cost parameter, "$", and 22 characters from the alphabet "./0-9A-Za-z". - if (strlen($hash) >= 60) { - $this->view->salt1 = substr($hash, 0, 29); + $s = $conf->passwordHash; + if (strlen($s) >= 60) { + $this->view->salt1 = substr($s, 0, 29); //CRYPT_BLOWFISH Salt: "$2a$", a two digit cost parameter, "$", and 22 characters from the alphabet "./0-9A-Za-z". $this->view->nonce = sha1(Minz_Configuration::salt() . uniqid(mt_rand(), true)); - Minz_Session::_param ('nonce', $this->view->nonce); + Minz_Session::_param('nonce', $this->view->nonce); return; //Success } } catch (Minz_Exception $me) { - Minz_Log::record ('Login failure: ' . $me->getMessage(), Minz_Log::WARNING); + Minz_Log::record('Login failure: ' . $me->getMessage(), Minz_Log::WARNING); } } $this->view->nonce = ''; //Failure diff --git a/app/Controllers/usersController.php b/app/Controllers/usersController.php index 8954c845d..cb5ebd209 100644 --- a/app/Controllers/usersController.php +++ b/app/Controllers/usersController.php @@ -21,18 +21,20 @@ class FreshRSS_users_Controller extends Minz_ActionController { if (!function_exists('password_hash')) { include_once(LIB_PATH . '/password_compat.php'); } - $passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT); //A bit expensive, on purpose + $passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => 8)); //This will also have to be computed client side on mobile devices, so do not use a too high cost $passwordPlain = ''; + $passwordHash = preg_replace('/^\$2[xy]\$/', '\$2a\$', $passwordHash); //Compatibility with bcrypt.js $this->view->conf->_passwordHash($passwordHash); } - $mail = Minz_Request::param('mail_login', false); - $this->view->conf->_mail_login($mail); + $email = Minz_Request::param('mail_login', false); + $this->view->conf->_mail_login($email); $ok &= $this->view->conf->save(); $email = $this->view->conf->mail_login; Minz_Session::_param('mail', $email); + Minz_Session::_param('passwordHash', $this->view->conf->passwordHash); if ($email != '') { $personaFile = DATA_PATH . '/persona/' . $email . '.txt'; @@ -89,10 +91,25 @@ class FreshRSS_users_Controller extends Minz_ActionController { $ok &= !file_exists($configPath); } if ($ok) { + + $passwordPlain = Minz_Request::param('new_user_passwordPlain', false); + $passwordHash = ''; + if ($passwordPlain != '') { + Minz_Request::_param('new_user_passwordPlain'); //Discard plain-text password ASAP + $_POST['new_user_passwordPlain'] = ''; + if (!function_exists('password_hash')) { + include_once(LIB_PATH . '/password_compat.php'); + } + $passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => 8)); + $passwordPlain = ''; + } + if (empty($passwordHash)) { + $passwordHash = ''; + } + $new_user_email = filter_var($_POST['new_user_email'], FILTER_VALIDATE_EMAIL); if (empty($new_user_email)) { $new_user_email = ''; - $ok &= Minz_Configuration::authType() !== 'persona'; } else { $personaFile = DATA_PATH . '/persona/' . $new_user_email . '.txt'; @unlink($personaFile); @@ -102,6 +119,7 @@ class FreshRSS_users_Controller extends Minz_ActionController { if ($ok) { $config_array = array( 'language' => $new_user_language, + 'passwordHash' => $passwordHash, 'mail_login' => $new_user_email, ); $ok &= (file_put_contents($configPath, "accessControl(Minz_Session::param('currentUser', '')); + $loginOk = $this->accessControl(Minz_Session::param('currentUser', '')); $this->loadParamsView(); - $this->loadStylesAndScripts(); //TODO: Do not load that when not needed, e.g. some Ajax requests + $this->loadStylesAndScripts($loginOk); //TODO: Do not load that when not needed, e.g. some Ajax requests $this->loadNotifications(); } private function accessControl($currentUser) { if ($currentUser == '') { switch (Minz_Configuration::authType()) { + case 'form': + $currentUser = Minz_Configuration::defaultUser(); + Minz_Session::_param('passwordHash'); + $loginOk = false; + break; case 'http_auth': $currentUser = httpAuthUser(); $loginOk = $currentUser != ''; @@ -73,6 +78,9 @@ class FreshRSS extends Minz_FrontController { if ($loginOk) { switch (Minz_Configuration::authType()) { + case 'form': + $loginOk = Minz_Session::param('passwordHash') === $this->conf->passwordHash; + break; case 'http_auth': $loginOk = strcasecmp($currentUser, httpAuthUser()) === 0; break; @@ -92,6 +100,7 @@ class FreshRSS extends Minz_FrontController { } } Minz_View::_param ('loginOk', $loginOk); + return $loginOk; } private function loadParamsView () { @@ -104,7 +113,7 @@ class FreshRSS extends Minz_FrontController { } } - private function loadStylesAndScripts () { + private function loadStylesAndScripts ($loginOk) { $theme = FreshRSS_Themes::get_infos($this->conf->theme); if ($theme) { foreach($theme['files'] as $file) { @@ -112,14 +121,22 @@ class FreshRSS extends Minz_FrontController { } } - if (Minz_Configuration::authType() === 'persona') { - Minz_View::appendScript ('https://login.persona.org/include.js'); + switch (Minz_Configuration::authType()) { + case 'form': + if (!$loginOk) { + Minz_View::appendScript(Minz_Url::display ('/scripts/bcrypt.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/bcrypt.min.js'))); + } + break; + case 'persona': + Minz_View::appendScript('https://login.persona.org/include.js'); + break; } $includeLazyLoad = $this->conf->lazyload && ($this->conf->display_posts || Minz_Request::param ('output') === 'reader'); Minz_View::appendScript (Minz_Url::display ('/scripts/jquery.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/jquery.min.js')), false, !$includeLazyLoad, !$includeLazyLoad); if ($includeLazyLoad) { Minz_View::appendScript (Minz_Url::display ('/scripts/jquery.lazyload.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/jquery.lazyload.min.js'))); } + Minz_View::appendScript (Minz_Url::display ('/scripts/shortcut.js?' . @filemtime(PUBLIC_PATH . '/scripts/shortcut.js'))); Minz_View::appendScript (Minz_Url::display ('/scripts/main.js?' . @filemtime(PUBLIC_PATH . '/scripts/main.js'))); } diff --git a/app/i18n/en.php b/app/i18n/en.php index 3b9936e8e..71ca9538f 100644 --- a/app/i18n/en.php +++ b/app/i18n/en.php @@ -170,6 +170,9 @@ return array ( 'is_admin' => 'is administrator', 'auth_type' => 'Authentication method', 'auth_none' => 'None (dangerous)', + 'auth_form' => 'Web form (traditional, requires JavaScript)', + 'http_auth' => 'HTTP (for advanced users with HTTPS)', + 'auth_persona' => 'Mozilla Persona (modern, requires JavaScript)', 'users_list' => 'List of users', 'create_user' => 'Create new user', 'username' => 'Username', @@ -258,8 +261,8 @@ return array ( 'logs_empty' => 'Log file is empty', 'clear_logs' => 'Clear the logs', - 'forbidden_access' => 'Forbidden access', - 'forbidden_access_description' => 'Access is password protected, please to read your feeds.', + 'forbidden_access' => 'Access forbidden! (%s)', + 'login_required' => 'Login required:', 'confirm_action' => 'Are you sure you want to perform this action? It cannot be cancelled!', diff --git a/app/i18n/fr.php b/app/i18n/fr.php index 7e71cbb6d..8ffc5ec88 100644 --- a/app/i18n/fr.php +++ b/app/i18n/fr.php @@ -170,6 +170,9 @@ return array ( 'is_admin' => 'est administrateur', 'auth_type' => 'Méthode d’authentification', 'auth_none' => 'Aucune (dangereux)', + 'auth_form' => 'Formulaire (traditionnel, requiert JavaScript)', + 'http_auth' => 'HTTP (pour utilisateurs avancés avec HTTPS)', + 'auth_persona' => 'Mozilla Persona (moderne, requiert JavaScript)', 'users_list' => 'Liste des utilisateurs', 'create_user' => 'Créer un nouvel utilisateur', 'username' => 'Nom d’utilisateur', @@ -258,8 +261,8 @@ return array ( 'logs_empty' => 'Les logs sont vides', 'clear_logs' => 'Effacer les logs', - 'forbidden_access' => 'Accès interdit', - 'forbidden_access_description' => 'L’accès est protégé par un mot de passe, veuillez pour accéder aux flux.', + 'forbidden_access' => 'Accès interdit ! (%s)', + 'login_required' => 'Accès protégé par mot de passe :', 'confirm_action' => 'Êtes-vous sûr(e) de vouloir continuer ? Cette action ne peut être annulée !', diff --git a/app/layout/header.phtml b/app/layout/header.phtml index 0f2c524c4..e90da6196 100644 --- a/app/layout/header.phtml +++ b/app/layout/header.phtml @@ -1,12 +1,25 @@ - - - +
    @@ -62,16 +75,24 @@
    • - -
  • -
    • - +
    • - +
    - +
    diff --git a/app/views/configure/users.phtml b/app/views/configure/users.phtml index 68111bdbe..1597004e1 100644 --- a/app/views/configure/users.phtml +++ b/app/views/configure/users.phtml @@ -20,7 +20,7 @@
    - +
    @@ -52,11 +52,11 @@
    - $_SERVER['REMOTE_USER'] = ``
    @@ -141,6 +141,14 @@
    +
    + +
    + + +
    +
    +
    conf->mail_login; ?> diff --git a/app/views/helpers/javascript_vars.phtml b/app/views/helpers/javascript_vars.phtml index 92c068f7e..935294e60 100644 --- a/app/views/helpers/javascript_vars.phtml +++ b/app/views/helpers/javascript_vars.phtml @@ -30,8 +30,8 @@ if ($mail != 'null') { $mail = '"' . $mail . '"'; } - echo 'use_persona=', Minz_Configuration::authType() === 'persona' ? 'true' : 'false', - ',url_freshrss="', _url ('index', 'index'), '",', + echo 'authType="', Minz_Configuration::authType(), '",', + 'url_freshrss="', _url ('index', 'index'), '",', 'url_login="', _url ('index', 'login'), '",', 'url_logout="', _url ('index', 'logout'), '",', 'current_user_mail=', $mail, ",\n"; diff --git a/app/views/helpers/view/login.phtml b/app/views/helpers/view/login.phtml new file mode 100644 index 000000000..e4a24f9ed --- /dev/null +++ b/app/views/helpers/view/login.phtml @@ -0,0 +1,43 @@ +
    + +

    +
    + +
    + +
    +
    +
    + +
    + + + +
    +
    +
    +
    + +
    +
    +

    FreshRSS

    +

    + +

    +
    diff --git a/app/views/index/index.phtml b/app/views/index/index.phtml index 549d0b61e..9b69233e9 100644 --- a/app/views/index/index.phtml +++ b/app/views/index/index.phtml @@ -1,15 +1,5 @@
    -

    -

    -

    -
    loginOk || Minz_Configuration::allowAnonymous()) { @@ -31,8 +21,8 @@ if ($this->loginOk || Minz_Configuration::allowAnonymous()) { if ($token_is_ok) { $this->renderHelper ('view/rss_view'); } else { - showForbidden(); + $this->renderHelper ('view/login'); } } else { - showForbidden(); + $this->renderHelper ('view/login'); } diff --git a/lib/Minz/Configuration.php b/lib/Minz/Configuration.php index 2c30661ed..433992e0d 100644 --- a/lib/Minz/Configuration.php +++ b/lib/Minz/Configuration.php @@ -109,7 +109,7 @@ class Minz_Configuration { return self::$auth_type !== 'none'; } public static function canLogIn() { - return self::$auth_type === 'persona'; + return self::$auth_type === 'form' || self::$auth_type === 'persona'; } public static function _allowAnonymous($allow = false) { @@ -118,6 +118,7 @@ class Minz_Configuration { public static function _authType($value) { $value = strtolower($value); switch ($value) { + case 'form': case 'http_auth': case 'persona': case 'none': diff --git a/lib/Minz/FrontController.php b/lib/Minz/FrontController.php index 7b8526bc8..80eda8877 100644 --- a/lib/Minz/FrontController.php +++ b/lib/Minz/FrontController.php @@ -34,7 +34,7 @@ class Minz_FrontController { */ public function __construct () { if (LOG_PATH === false) { - $this->killApp ('Path doesn’t exist : LOG_PATH'); + $this->killApp ('Path not found: LOG_PATH'); } try { diff --git a/p/scripts/main.js b/p/scripts/main.js index 24af1b210..0c4c3f1b2 100644 --- a/p/scripts/main.js +++ b/p/scripts/main.js @@ -587,6 +587,54 @@ function init_load_more(box) { } // +// +function poormanSalt() { //If crypto.getRandomValues is not available + var text = '$2a$04$', + base = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789/abcdefghijklmnopqrstuvwxyz'; + for (var i = 22; i > 0; i--) { + text += base.charAt(Math.floor(Math.random() * 64)); + } + return text; +} + +function init_loginForm() { + var $loginForm = $('#loginForm'); + if ($loginForm.length === 0) { + return; + } + if (!(window.dcodeIO)) { + if (window.console) { + console.log('FreshRSS waiting for bcrypt.js…'); + } + window.setTimeout(init_loginForm, 100); + return; + } + $loginForm.on('submit', function() { + $('#loginButton').attr('disabled', ''); + var success = false; + $.ajax({ + url: './?c=javascript&a=nonce&user=' + $('#username').val(), + dataType: 'json', + async: false + }).done(function (data) { + if (data.salt1 == '' || data.nonce == '') { + alert('Invalid user!'); + } else { + var strong = window.Uint32Array && window.crypto && (typeof window.crypto.getRandomValues === 'function'), + s = dcodeIO.bcrypt.hashSync($('#passwordPlain').val(), data.salt1), + c = dcodeIO.bcrypt.hashSync(data.nonce + s, strong ? 4 : poormanSalt()); + $('#challenge').val(c); + success = true; + } + }).fail(function() { + alert('Communication error!'); + }); + $('#loginButton').removeAttr('disabled'); + return success; + }); +} +// + // function init_persona() { if (!(navigator.id)) { @@ -696,8 +744,13 @@ function init_all() { init_notifications(); init_actualize(); init_load_more($stream); - if (use_persona) { - init_persona(); + switch (authType) { + case 'form': + init_loginForm(); + break; + case 'persona': + init_persona(); + break; } init_confirm_action(); init_print_action(); -- cgit v1.2.3 From 41033768c3eacbd564c3ec15455587e4f725a055 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sat, 18 Jan 2014 01:00:17 +0100 Subject: Mode anonyme pour connexion avec formulaire MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Contribue à https://github.com/marienfressinaud/FreshRSS/issues/361 --- app/Controllers/usersController.php | 2 +- app/views/configure/users.phtml | 18 ++++-------------- lib/Minz/Configuration.php | 9 +++++---- 3 files changed, 10 insertions(+), 19 deletions(-) (limited to 'lib/Minz/Configuration.php') diff --git a/app/Controllers/usersController.php b/app/Controllers/usersController.php index 7e44b3d35..a044cd25b 100644 --- a/app/Controllers/usersController.php +++ b/app/Controllers/usersController.php @@ -57,8 +57,8 @@ class FreshRSS_users_Controller extends Minz_ActionController { $auth_type = Minz_Request::param('auth_type', 'none'); if ($anon != Minz_Configuration::allowAnonymous() || $auth_type != Minz_Configuration::authType()) { - Minz_Configuration::_allowAnonymous($anon); Minz_Configuration::_authType($auth_type); + Minz_Configuration::_allowAnonymous($anon); $ok &= Minz_Configuration::writeFile(); } } diff --git a/app/views/configure/users.phtml b/app/views/configure/users.phtml index 602dfaf62..3f352f9bf 100644 --- a/app/views/configure/users.phtml +++ b/app/views/configure/users.phtml @@ -58,20 +58,11 @@
    -
    -
    - - -
    -
    - - - - Mozilla Persona
    @@ -81,7 +72,8 @@ conf->token; ?>
    - + />
    @@ -92,8 +84,6 @@ - -
    diff --git a/lib/Minz/Configuration.php b/lib/Minz/Configuration.php index 433992e0d..72e2cedc0 100644 --- a/lib/Minz/Configuration.php +++ b/lib/Minz/Configuration.php @@ -113,7 +113,7 @@ class Minz_Configuration { } public static function _allowAnonymous($allow = false) { - self::$allow_anonymous = (bool)$allow; + self::$allow_anonymous = ((bool)$allow) && self::canLogIn(); } public static function _authType($value) { $value = strtolower($value); @@ -125,6 +125,7 @@ class Minz_Configuration { self::$auth_type = $value; break; } + self::_allowAnonymous(self::$allow_anonymous); } /** @@ -252,12 +253,12 @@ class Minz_Configuration { if (isset ($general['default_user'])) { self::$default_user = $general['default_user']; } - if (isset ($general['allow_anonymous'])) { - self::$allow_anonymous = ((bool)($general['allow_anonymous'])) && ($general['allow_anonymous'] !== 'no'); - } if (isset ($general['auth_type'])) { self::_authType($general['auth_type']); } + if (isset ($general['allow_anonymous'])) { + self::$allow_anonymous = ((bool)($general['allow_anonymous'])) && ($general['allow_anonymous'] !== 'no'); + } // Base de données if (isset ($ini_array['db'])) { -- cgit v1.2.3 From 84c30445d4fbfcb0ecc3a61aedc94844f84bf171 Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Sat, 25 Jan 2014 22:50:38 +0100 Subject: Corrige bug initialisation environnement MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit L'environnement était toujours à SILENT et plus rien n'était loggué. --- lib/Minz/Configuration.php | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) (limited to 'lib/Minz/Configuration.php') diff --git a/lib/Minz/Configuration.php b/lib/Minz/Configuration.php index 72e2cedc0..a06ebe195 100644 --- a/lib/Minz/Configuration.php +++ b/lib/Minz/Configuration.php @@ -69,8 +69,24 @@ class Minz_Configuration { public static function salt () { return self::$salt; } - public static function environment () { - return self::$environment; + public static function environment ($str = false) { + $env = self::$environment; + + if ($str) { + switch (self::$environment) { + case self::SILENT: + $env = 'silent'; + break; + case self::DEVELOPMENT: + $env = 'development'; + break; + case self::PRODUCTION: + default: + $env = 'production'; + } + } + + return $env; } public static function baseUrl () { return self::$base_url; @@ -147,7 +163,7 @@ class Minz_Configuration { public static function writeFile() { $ini_array = array( 'general' => array( - 'environment' => self::$environment, + 'environment' => self::environment(true), 'use_url_rewriting' => self::$use_url_rewriting, 'salt' => self::$salt, 'base_url' => self::$base_url, @@ -205,15 +221,12 @@ class Minz_Configuration { if (isset ($general['environment'])) { switch ($general['environment']) { - case Minz_Configuration::SILENT: case 'silent': self::$environment = Minz_Configuration::SILENT; break; - case Minz_Configuration::DEVELOPMENT: case 'development': self::$environment = Minz_Configuration::DEVELOPMENT; break; - case Minz_Configuration::PRODUCTION: case 'production': self::$environment = Minz_Configuration::PRODUCTION; break; -- cgit v1.2.3 From a46ee26e3592f8be95df9265e759796f3dc945eb Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Sat, 25 Jan 2014 23:03:53 +0100 Subject: Fallback config pour 0.7-beta --- lib/Minz/Configuration.php | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'lib/Minz/Configuration.php') diff --git a/lib/Minz/Configuration.php b/lib/Minz/Configuration.php index a06ebe195..572b9984d 100644 --- a/lib/Minz/Configuration.php +++ b/lib/Minz/Configuration.php @@ -231,10 +231,16 @@ class Minz_Configuration { self::$environment = Minz_Configuration::PRODUCTION; break; default: - throw new Minz_BadConfigurationException ( - 'environment', - Minz_Exception::ERROR - ); + if ($general['environment'] >= 0 && + $general['environment'] <= 2) { + // fallback 0.7-beta + self::$environment = $general['environment']; + } else { + throw new Minz_BadConfigurationException ( + 'environment', + Minz_Exception::ERROR + ); + } } } -- cgit v1.2.3