diff --git a/README.md b/README.md index f20f870dd..cfef89781 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ Privilégiez pour cela des demandes sur GitHub # Pré-requis * Serveur Apache2 ou Nginx (non testé sur les autres) * PHP 5.2+ (PHP 5.3.3+ recommandé) - * Requis : [LibXML](http://php.net/xml), [PCRE](http://php.net/pcre), [cURL](http://php.net/curl), [PDO_MySQL](http://php.net/pdo-mysql) + * Requis : [PDO_MySQL](http://php.net/pdo-mysql), [cURL](http://php.net/curl), [LibXML](http://php.net/xml), [PCRE](http://php.net/pcre), [ctype](http://php.net/ctype) * Recommandés : [JSON](http://php.net/json), [zlib](http://php.net/zlib), [mbstring](http://php.net/mbstring), [iconv](http://php.net/iconv) * MySQL 5.0.3+ (ou SQLite 3.7.4+ à venir) * Un navigateur Web récent tel Firefox, Chrome, Opera, Safari, Internet Explorer 9+ diff --git a/app/Controllers/configureController.php b/app/Controllers/configureController.php index 0c0b4951d..656e2ac89 100755 --- a/app/Controllers/configureController.php +++ b/app/Controllers/configureController.php @@ -2,7 +2,7 @@ class FreshRSS_configure_Controller extends Minz_ActionController { public function firstAction () { - if (login_is_conf ($this->view->conf) && !is_logged ()) { + if (!$this->view->loginOk) { Minz_Error::error ( 403, array ('error' => array (Minz_Translate::t ('access_denied'))) @@ -16,7 +16,6 @@ class FreshRSS_configure_Controller extends Minz_ActionController { public function categorizeAction () { $feedDAO = new FreshRSS_FeedDAO (); $catDAO = new FreshRSS_CategoryDAO (); - $catDAO->checkDefault (); $defaultCategory = $catDAO->getDefault (); $defaultId = $defaultCategory->id (); @@ -167,8 +166,6 @@ class FreshRSS_configure_Controller extends Minz_ActionController { $this->view->conf->_bottomline_link(Minz_Request::param('bottomline_link', false)); $this->view->conf->save(); - Minz_Session::_param ('mail', $this->view->conf->mail_login); - Minz_Session::_param ('language', $this->view->conf->language); Minz_Translate::reset (); diff --git a/app/Controllers/entryController.php b/app/Controllers/entryController.php index b0fc37cdf..da4ab5ecc 100755 --- a/app/Controllers/entryController.php +++ b/app/Controllers/entryController.php @@ -2,7 +2,7 @@ class FreshRSS_entry_Controller extends Minz_ActionController { public function firstAction () { - if (login_is_conf ($this->view->conf) && !is_logged ()) { + if (!$this->view->loginOk) { Minz_Error::error ( 403, array ('error' => array (Minz_Translate::t ('access_denied'))) @@ -38,7 +38,7 @@ class FreshRSS_entry_Controller extends Minz_ActionController { $nextGet = Minz_Request::param ('nextGet', $get); $idMax = Minz_Request::param ('idMax', 0); - $is_read = !!$is_read; + $is_read = (bool)$is_read; $entryDAO = new FreshRSS_EntryDAO (); if ($id == false) { diff --git a/app/Controllers/feedController.php b/app/Controllers/feedController.php index 42a0dcb11..2d7c0ab43 100755 --- a/app/Controllers/feedController.php +++ b/app/Controllers/feedController.php @@ -2,18 +2,17 @@ class FreshRSS_feed_Controller extends Minz_ActionController { public function firstAction () { - $token = $this->view->conf->token; - $token_param = Minz_Request::param ('token', ''); - $token_is_ok = ($token != '' && $token == $token_param); - $action = Minz_Request::actionName (); - - if (login_is_conf ($this->view->conf) && - !is_logged () && - !($token_is_ok && $action == 'actualize')) { - Minz_Error::error ( - 403, - array ('error' => array (Minz_Translate::t ('access_denied'))) - ); + if (!$this->view->loginOk) { + $token = $this->view->conf->token; //TODO: check the token logic again, and if it is still needed + $token_param = Minz_Request::param ('token', ''); + $token_is_ok = ($token != '' && $token == $token_param); + $action = Minz_Request::actionName (); + if (!($token_is_ok && $action === 'actualize')) { + Minz_Error::error ( + 403, + array ('error' => array (Minz_Translate::t ('access_denied'))) + ); + } } $this->catDAO = new FreshRSS_CategoryDAO (); @@ -411,10 +410,8 @@ class FreshRSS_feed_Controller extends Minz_ActionController { } private function addCategories ($categories) { - $catDAO = new FreshRSS_CategoryDAO (); - foreach ($categories as $cat) { - if (!$catDAO->searchByName ($cat->name ())) { + if (!$this->catDAO->searchByName ($cat->name ())) { $values = array ( 'id' => $cat->id (), 'name' => $cat->name (), diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php index 54826636f..66809964d 100755 --- a/app/Controllers/indexController.php +++ b/app/Controllers/indexController.php @@ -16,17 +16,18 @@ class FreshRSS_index_Controller extends Minz_ActionController { public function indexAction () { $output = Minz_Request::param ('output'); + $token = ''; - $token = $this->view->conf->token; - $token_param = Minz_Request::param ('token', ''); - $token_is_ok = ($token != '' && $token === $token_param); - - // check if user is log in - if(login_is_conf ($this->view->conf) && - !is_logged() && - !Minz_Configuration::allowAnonymous() && - !($output === 'rss' && $token_is_ok)) { - return; + // check if user is logged in + if (!$this->view->loginOk && !Minz_Configuration::allowAnonymous()) + { + $token = $this->view->conf->token; + $token_param = Minz_Request::param ('token', ''); + $token_is_ok = ($token != '' && $token === $token_param); + if (!($output === 'rss' && $token_is_ok)) { + return; + } + $params['token'] = $token; } // construction of RSS url of this feed @@ -35,11 +36,6 @@ class FreshRSS_index_Controller extends Minz_ActionController { if (isset ($params['search'])) { $params['search'] = urlencode ($params['search']); } - if (login_is_conf($this->view->conf) && - !Minz_Configuration::allowAnonymous() && - $token !== '') { - $params['token'] = $token; - } $this->view->rss_url = array ( 'c' => 'index', 'a' => 'index', @@ -212,7 +208,7 @@ class FreshRSS_index_Controller extends Minz_ActionController { } public function logsAction () { - if (login_is_conf ($this->view->conf) && !is_logged ()) { + if (!$this->view->loginOk) { Minz_Error::error ( 403, array ('error' => array (Minz_Translate::t ('access_denied'))) @@ -255,6 +251,7 @@ class FreshRSS_index_Controller extends Minz_ActionController { $res = json_decode ($result, true); if ($res['status'] === 'okay' && $res['email'] === $this->view->conf->mail_login) { Minz_Session::_param ('mail', $res['email']); + $this->view->loginOk = true; invalidateHttpCache(); } else { $res = array (); diff --git a/app/FreshRSS.php b/app/FreshRSS.php index 05c8ec8e0..10f362717 100644 --- a/app/FreshRSS.php +++ b/app/FreshRSS.php @@ -1,26 +1,56 @@ accessControl($currentUser); + $this->loadParamsView(); + $this->loadStylesAndScripts(); + $this->loadNotifications(); + } - $this->loadParamsView (); - $this->loadStylesAndScripts (); - $this->loadNotifications (); + private function accessControl($currentUser) { + if ($currentUser === null) { + switch (Minz_Configuration::authType()) { + case 'http_auth': + $currentUser = httpAuthUser(); + $loginOk = $currentUser != ''; + break; + case 'persona': + $currentUser = Minz_Configuration::defaultUser(); + $loginOk = Minz_Session::param('mail') != ''; + break; + case 'none': + $currentUser = Minz_Configuration::defaultUser(); + $loginOk = true; + break; + default: + $loginOk = false; + break; + } + } elseif ((PHP_SAPI === 'cli') && (Minz_Request::actionName() === 'actualize')) { //Command line + Minz_Configuration::_authType('none'); + $loginOk = true; + } + + if (!$loginOk || !isValidUser($currentUser)) { + $currentUser = Minz_Configuration::defaultUser(); + $loginOk = false; + } + Minz_Configuration::_currentUser($currentUser); + Minz_View::_param ('loginOk', $loginOk); + + try { + $this->conf = new FreshRSS_Configuration($currentUser); + } catch (Minz_Exception $e) { + // Permission denied or conf file does not exist + die($e->getMessage()); + } + Minz_View::_param ('conf', $this->conf); } private function loadParamsView () { - try { - $this->conf = new FreshRSS_Configuration(); - } catch (Minz_Exception $e) { - // Permission denied or conf file does not exist - // it's critical! - die($e->getMessage()); - } - - Minz_View::_param ('conf', $this->conf); Minz_Session::_param ('language', $this->conf->language); Minz_Translate::init(); - $output = Minz_Request::param ('output'); if (!$output) { $output = $this->conf->view_mode; @@ -31,12 +61,12 @@ class FreshRSS extends Minz_FrontController { private function loadStylesAndScripts () { $theme = FreshRSS_Themes::get_infos($this->conf->theme); if ($theme) { - foreach($theme["files"] as $file) { + foreach($theme['files'] as $file) { Minz_View::appendStyle (Minz_Url::display ('/themes/' . $theme['path'] . '/' . $file . '?' . @filemtime(PUBLIC_PATH . '/themes/' . $theme['path'] . '/' . $file))); } } - if (login_is_conf ($this->conf)) { + if (Minz_Configuration::authType() === 'persona') { Minz_View::appendScript ('https://login.persona.org/include.js'); } $includeLazyLoad = $this->conf->lazyload && ($this->conf->display_posts || Minz_Request::param ('output') === 'reader'); diff --git a/app/Models/Configuration.php b/app/Models/Configuration.php index b0a5d9940..ec7daaa7d 100644 --- a/app/Models/Configuration.php +++ b/app/Models/Configuration.php @@ -59,10 +59,9 @@ class FreshRSS_Configuration extends Minz_ModelArray { 'fr' => 'Français', ); - public function __construct ($filename = '') { - if (empty($filename)) { - $filename = DATA_PATH . '/' . Minz_Configuration::currentUser () . '_user.php'; - } + public function __construct ($user) { + $filename = DATA_PATH . '/' . $user . '_user.php'; + parent::__construct($filename); $data = parent::loadArray(); @@ -72,6 +71,7 @@ class FreshRSS_Configuration extends Minz_ModelArray { $this->$function($value); } } + $this->data['user'] = $user; } public function save() { @@ -151,10 +151,11 @@ class FreshRSS_Configuration extends Minz_ModelArray { } } public function _mail_login ($value) { - if (filter_var($value, FILTER_VALIDATE_EMAIL)) { - $this->mail_login = $value; + $value = filter_var($value, FILTER_VALIDATE_EMAIL); + if ($value) { + $this->data['mail_login'] = $value; } else { - $this->mail_login = ''; + $this->data['mail_login'] = ''; } } public function _anon_access ($value) { diff --git a/app/actualize_script.php b/app/actualize_script.php index 20438128a..e0c560ff7 100755 --- a/app/actualize_script.php +++ b/app/actualize_script.php @@ -1,6 +1,8 @@ init (); -Minz_Session::_param('mail', true); // permet de se passer de la phase de connexion -$front_controller->run (); -invalidateHttpCache(); + +$users = listUsers(); +shuffle($users); + +foreach ($users as $user) { + $front_controller->init($user); + $front_controller->run(); + invalidateHttpCache($user); +} diff --git a/app/i18n/en.php b/app/i18n/en.php index 65afc11e5..8b9eee548 100644 --- a/app/i18n/en.php +++ b/app/i18n/en.php @@ -158,13 +158,14 @@ return array ( 'current_user' => 'Current user', 'default_user' => 'Username of the default user (maximum 16 alphanumeric characters)', - 'persona_connection_email' => 'Login mail address (use Mozilla Persona)', + 'persona_connection_email' => 'Login mail address (for Mozilla Persona)', 'allow_anonymous' => 'Allow anonymous reading for the default user (%s)', 'auth_token' => 'Authentication token', - 'explain_token' => 'Allows to access RSS output without authentication.
%s?token=%s', + 'explain_token' => 'Allows to access RSS output of the default user without authentication.
%s?token=%s', 'login_configuration' => 'Login', 'is_admin' => 'is administrator', 'auth_type' => 'Authentication method', + 'auth_none' => 'None (dangerous)', 'users_list' => 'List of users', 'language' => 'Language', diff --git a/app/i18n/fr.php b/app/i18n/fr.php index adc38acbe..cad156d47 100644 --- a/app/i18n/fr.php +++ b/app/i18n/fr.php @@ -158,13 +158,14 @@ return array ( 'current_user' => 'Utilisateur actuel', 'default_user' => 'Nom de l’utilisateur par défaut (16 caractères alphanumériques maximum)', - 'persona_connection_email' => 'Adresse courriel de connexion (utilise Mozilla Persona)', + 'persona_connection_email' => 'Adresse courriel de connexion (pour Mozilla Persona)', 'allow_anonymous' => 'Autoriser la lecture anonyme pour l’utilisateur par défaut (%s)', 'auth_token' => 'Jeton d’identification', - 'explain_token' => 'Permet d’accéder à la sortie RSS sans besoin de s’authentifier.
%s?output=rss&token=%s', + 'explain_token' => 'Permet d’accéder à la sortie RSS de l’utilisateur par défaut sans besoin de s’authentifier.
%s?output=rss&token=%s', 'login_configuration' => 'Identification', 'is_admin' => 'est administrateur', 'auth_type' => 'Méthode d’authentification', + 'auth_none' => 'Aucune (dangereux)', 'users_list' => 'Liste des utilisateurs', 'language' => 'Langue', diff --git a/app/layout/aside_flux.phtml b/app/layout/aside_flux.phtml index 9a6b16d58..8730baf0e 100644 --- a/app/layout/aside_flux.phtml +++ b/app/layout/aside_flux.phtml @@ -2,14 +2,14 @@ diff --git a/app/views/index/index.phtml b/app/views/index/index.phtml index 4db53e2a5..549d0b61e 100644 --- a/app/views/index/index.phtml +++ b/app/views/index/index.phtml @@ -1,29 +1,38 @@ conf->token; -$token_param = Minz_Request::param ('token', ''); -$token_is_ok = ($token != '' && $token == $token_param); +function showForbidden() { +?>
+

+

+

+
conf) || - is_logged() || - Minz_Configuration::allowAnonymous() || - ($output == 'rss' && $token_is_ok)) { - if($output == 'rss') { +$output = Minz_Request::param ('output', 'normal'); + +if ($this->loginOk || Minz_Configuration::allowAnonymous()) { + if ($output === 'normal') { + $this->renderHelper ('view/normal_view'); + } elseif ($output === 'rss') { $this->renderHelper ('view/rss_view'); - } elseif($output == 'reader') { + } elseif ($output === 'reader') { $this->renderHelper ('view/reader_view'); - } elseif($output == 'global') { + } elseif ($output === 'global') { $this->renderHelper ('view/global_view'); } else { $this->renderHelper ('view/normal_view'); } +} elseif ($output === 'rss') { + $token = $this->conf->token; + $token_param = Minz_Request::param ('token', ''); + $token_is_ok = ($token != '' && $token == $token_param); + if ($token_is_ok) { + $this->renderHelper ('view/rss_view'); + } else { + showForbidden(); + } } else { -?> -
-

-

-

-
-use_layout = true; - } - self::$title = Minz_Configuration::title (); } @@ -44,6 +38,9 @@ class Minz_View { * Construit la vue */ public function build () { + if ($this->use_layout === null) { //TODO: avoid file_exists and require views to be explicit + $this->use_layout = file_exists (APP_PATH . self::LAYOUT_PATH_NAME . self::LAYOUT_FILENAME); + } if ($this->use_layout) { $this->buildLayout (); } else { @@ -66,10 +63,8 @@ class Minz_View { * Affiche la Vue en elle-même */ public function render () { - if (file_exists ($this->view_filename)) { - include ($this->view_filename); - } else { - Minz_Log::record ('File doesn\'t exist : `' + if ((@include($this->view_filename)) === false) { + Minz_Log::record ('File not found: `' . $this->view_filename . '`', Minz_Log::NOTICE); } @@ -84,10 +79,8 @@ class Minz_View { . self::LAYOUT_PATH_NAME . '/' . $part . '.phtml'; - if (file_exists ($fic_partial)) { - include ($fic_partial); - } else { - Minz_Log::record ('File doesn\'t exist : `' + if ((@include($fic_partial)) === false) { + Minz_Log::record ('File not found: `' . $fic_partial . '`', Minz_Log::WARNING); } @@ -102,10 +95,8 @@ class Minz_View { . '/views/helpers/' . $helper . '.phtml'; - if (file_exists ($fic_helper)) { - include ($fic_helper); - } else { - Minz_Log::record ('File doesn\'t exist : `' + if ((@include($fic_helper)) === false) {; + Minz_Log::record ('File not found: `' . $fic_helper . '`', Minz_Log::WARNING); } diff --git a/lib/lib_rss.php b/lib/lib_rss.php index 3f55c7d58..b266fa5c7 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -56,16 +56,6 @@ function checkUrl($url) { } } -// vérifie qu'on est connecté -function is_logged () { - return Minz_Session::param ('mail') != false; -} - -// vérifie que le système d'authentification est configuré -function login_is_conf ($conf) { - return $conf->mail_login != ''; -} - // tiré de Shaarli de Seb Sauvage //Format RFC 4648 base64url function small_hash ($txt) { $t = rtrim (base64_encode (hash ('crc32', $txt, true)), '='); @@ -173,7 +163,7 @@ function uSecString() { return str_pad($t['usec'], 6, '0'); } -function invalidateHttpCache() { +function invalidateHttpCache($currentUser = '') { //TODO: Make multi-user compatible file_put_contents(DATA_PATH . '/touch.txt', uTimeString()); } @@ -185,6 +175,10 @@ function usernameFromPath($userPath) { } } +function isValidUser($user) { + return $user != '' && ctype_alnum($user) && file_exists(DATA_PATH . '/' . $user . '_user.php'); +} + function listUsers() { return array_map('usernameFromPath', glob(DATA_PATH . '/*_user.php')); } diff --git a/p/i/install.php b/p/i/install.php index 5c654f983..8a74c4492 100644 --- a/p/i/install.php +++ b/p/i/install.php @@ -543,6 +543,8 @@ function checkStep1 () { $minz = file_exists (LIB_PATH . '/Minz'); $curl = extension_loaded ('curl'); $pdo = extension_loaded ('pdo_mysql'); + $pcre = extension_loaded ('pcre'); + $ctype = extension_loaded ('ctype'); $dom = class_exists('DOMDocument'); $data = DATA_PATH && is_writable (DATA_PATH); $cache = CACHE_PATH && is_writable (CACHE_PATH); @@ -554,12 +556,14 @@ function checkStep1 () { 'minz' => $minz ? 'ok' : 'ko', 'curl' => $curl ? 'ok' : 'ko', 'pdo-mysql' => $pdo ? 'ok' : 'ko', + 'pcre' => $pcre ? 'ok' : 'ko', + 'ctype' => $ctype ? 'ok' : 'ko', 'dom' => $dom ? 'ok' : 'ko', 'data' => $data ? 'ok' : 'ko', 'cache' => $cache ? 'ok' : 'ko', 'log' => $log ? 'ok' : 'ko', 'favicons' => $favicons ? 'ok' : 'ko', - 'all' => $php && $minz && $curl && $pdo && $dom && $data && $cache && $log && $favicons ? 'ok' : 'ko' + 'all' => $php && $minz && $curl && $pdo && $pcre && $ctype && $dom && $data && $cache && $log && $favicons ? 'ok' : 'ko' ); } @@ -726,6 +730,12 @@ function printStep1 () {

+ +

+ +

+ +

@@ -733,10 +743,16 @@ function printStep1 () {

- -

+ +

-

+

+ + + +

+ +