mirror/FreshRSS
0
0
Fork 0
mirror of https://github.com/FreshRSS/FreshRSS.git synced 2026-02-25 19:16:38 -05:00
Code Issues Packages Projects Releases Wiki Activity

Mot de passe + nonce serveur

Browse Source 
Début de https://github.com/marienfressinaud/FreshRSS/issues/104
This commit is contained in:
Alexandre Alapetite
2014-01-11 16:48:10 +01:00
parent fa34f3149f
commit eb50ab3b61
4 changed files with 35 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
app/Controllers/javascriptController.php
View File

@@ -16,4 +16,31 @@ class FreshRSS_javascript_Controller extends Minz_ActionController {
$catDAO = new FreshRSS_CategoryDAO();
$this->view->categories = $catDAO->listCategories(true, false);
}
// For Web-form login
public function nonceAction() {
header('Content-Type: application/json; charset=UTF-8');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s \G\M\T'));
header('Expires: 0');
header('Cache-Control: private, no-cache, no-store, must-revalidate');
header('Pragma: no-cache');
$user = isset($_GET['user']) ? $_GET['user'] : '';
if (ctype_alnum($user)) {
try {
$conf = new FreshRSS_Configuration($user);
$hash = $conf->passwordHash; //CRYPT_BLOWFISH - Blowfish hashing with a salt as follows: "$2a$", "$2x$" or "$2y$", a two digit cost parameter, "$", and 22 characters from the alphabet "./0-9A-Za-z".
if (strlen($hash) >= 60) {
$this->view->salt1 = substr($hash, 0, 29);
$this->view->nonce = sha1(Minz_Configuration::salt() . uniqid(mt_rand(), true));
Minz_Session::_param ('nonce', $this->view->nonce);
return; //Success
}
} catch (Minz_Exception $me) {
Minz_Log::record ('Login failure: ' . $me->getMessage(), Minz_Log::WARNING);
}
}
$this->view->nonce = ''; //Failure
$this->view->salt1 = '';
}
}