mirror/FreshRSS
0
0
Fork 0
mirror of https://github.com/FreshRSS/FreshRSS.git synced 2026-05-15 18:53:57 -04:00
Code Issues Packages Projects Releases Wiki Activity

API: Real password system

Browse Source 
https://github.com/marienfressinaud/FreshRSS/issues/13
Expiring token not implemented yet
This commit is contained in:
Alexandre Alapetite
2014-03-01 14:45:58 +01:00
parent f44683b567
commit 29b3bbfe28
6 changed files with 82 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/Controllers/usersController.php
View File

@@ -32,6 +32,18 @@ class FreshRSS_users_Controller extends Minz_ActionController {
}
Minz_Session::_param('passwordHash', $this->view->conf->passwordHash);
$passwordPlain = Minz_Request::param('apiPasswordPlain', false);
if ($passwordPlain != '') {
if (!function_exists('password_hash')) {
include_once(LIB_PATH . '/password_compat.php');
}
$passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => self::BCRYPT_COST));
$passwordPlain = '';
$passwordHash = preg_replace('/^\$2[xy]\$/', '\$2a\$', $passwordHash); //Compatibility with bcrypt.js
$ok &= ($passwordHash != '');
$this->view->conf->_apiPasswordHash($passwordHash);
}
if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) {
$this->view->conf->_mail_login(Minz_Request::param('mail_login', false));
}