From 0f481f7f24dfad3bf9775213f487dd6802b6cb6a Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sun, 12 Jan 2014 14:00:02 +0100
Subject: [PATCH] Permet aux utilisations non-administrateurs de changer leur
 mot de passe

https://github.com/marienfressinaud/FreshRSS/issues/104
---
 app/Controllers/usersController.php | 21 +++++++++++++--------
 app/views/configure/users.phtml     |  2 --
 2 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/app/Controllers/usersController.php b/app/Controllers/usersController.php
index cb5ebd209..7e44b3d35 100644
--- a/app/Controllers/usersController.php
+++ b/app/Controllers/usersController.php
@@ -1,6 +1,9 @@
 <?php
 
 class FreshRSS_users_Controller extends Minz_ActionController {
+
+	const BCRYPT_COST = 9;	//Will also have to be computed client side on mobile devices, so do not use a too high cost
+
 	public function firstAction() {
 		if (!$this->view->loginOk) {
 			Minz_Error::error(
@@ -21,20 +24,21 @@ class FreshRSS_users_Controller extends Minz_ActionController {
 				if (!function_exists('password_hash')) {
 					include_once(LIB_PATH . '/password_compat.php');
 				}
-				$passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => 8));	//This will also have to be computed client side on mobile devices, so do not use a too high cost
+				$passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => self::BCRYPT_COST));
 				$passwordPlain = '';
 				$passwordHash = preg_replace('/^\$2[xy]\$/', '\$2a\$', $passwordHash);	//Compatibility with bcrypt.js
+				$ok &= ($passwordHash != '');
 				$this->view->conf->_passwordHash($passwordHash);
 			}
+			Minz_Session::_param('passwordHash', $this->view->conf->passwordHash);
 
-			$email = Minz_Request::param('mail_login', false);
-			$this->view->conf->_mail_login($email);
-
-			$ok &= $this->view->conf->save();
-
+			if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) {
+				$this->view->conf->_mail_login(Minz_Request::param('mail_login', false));
+			}
 			$email = $this->view->conf->mail_login;
 			Minz_Session::_param('mail', $email);
-			Minz_Session::_param('passwordHash', $this->view->conf->passwordHash);
+
+			$ok &= $this->view->conf->save();
 
 			if ($email != '') {
 				$personaFile = DATA_PATH . '/persona/' . $email . '.txt';
@@ -100,8 +104,9 @@ class FreshRSS_users_Controller extends Minz_ActionController {
 					if (!function_exists('password_hash')) {
 						include_once(LIB_PATH . '/password_compat.php');
 					}
-					$passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => 8));
+					$passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => self::BCRYPT_COST));
 					$passwordPlain = '';
+					$ok &= ($passwordHash != '');
 				}
 				if (empty($passwordHash)) {
 					$passwordHash = '';
diff --git a/app/views/configure/users.phtml b/app/views/configure/users.phtml
index 1597004e1..0419df747 100644
--- a/app/views/configure/users.phtml
+++ b/app/views/configure/users.phtml
@@ -34,14 +34,12 @@
 			</div>
 		</div>
 
-		<?php if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) { ?>
 		<div class="form-group form-actions">
 			<div class="group-controls">
 				<button type="submit" class="btn btn-important"><?php echo Minz_Translate::t('save'); ?></button>
 				<button type="reset" class="btn"><?php echo Minz_Translate::t('cancel'); ?></button>
 			</div>
 		</div>
-		<?php } ?>
 
 	<?php if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) { ?>