xingcheng
/
FreshRSS
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Permet aux utilisations non-administrateurs de changer leur mot de passe

Browse Source 
https://github.com/marienfressinaud/FreshRSS/issues/104
pull/384/head
Alexandre Alapetite 11 years ago
parent d58886a937
commit 0f481f7f24
2 changed files with 13 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 21
      app/Controllers/usersController.php
  2. 2
      app/views/configure/users.phtml

21
app/Controllers/usersController.php
Unescape View File

@ -1,6 +1,9 @@
<?php <?php
class FreshRSS_users_Controller extends Minz_ActionController { class FreshRSS_users_Controller extends Minz_ActionController {
const BCRYPT_COST = 9; //Will also have to be computed client side on mobile devices, so do not use a too high cost
public function firstAction() { public function firstAction() {
if (!$this->view->loginOk) { if (!$this->view->loginOk) {
Minz_Error::error( Minz_Error::error(
@ -21,20 +24,21 @@ class FreshRSS_users_Controller extends Minz_ActionController {
if (!function_exists('password_hash')) { if (!function_exists('password_hash')) {
include_once(LIB_PATH . '/password_compat.php'); include_once(LIB_PATH . '/password_compat.php');
} }
$passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => 8)); //This will also have to be computed client side on mobile devices, so do not use a too high cost $passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => self::BCRYPT_COST));
$passwordPlain = ''; $passwordPlain = '';
$passwordHash = preg_replace('/^\$2[xy]\$/', '\$2a\$', $passwordHash); //Compatibility with bcrypt.js $passwordHash = preg_replace('/^\$2[xy]\$/', '\$2a\$', $passwordHash); //Compatibility with bcrypt.js
$ok &= ($passwordHash != '');
$this->view->conf->_passwordHash($passwordHash); $this->view->conf->_passwordHash($passwordHash);
} }
Minz_Session::_param('passwordHash', $this->view->conf->passwordHash);
$email = Minz_Request::param('mail_login', false); if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) {
$this->view->conf->_mail_login($email); $this->view->conf->_mail_login(Minz_Request::param('mail_login', false));
}
$ok &= $this->view->conf->save();
$email = $this->view->conf->mail_login; $email = $this->view->conf->mail_login;
Minz_Session::_param('mail', $email); Minz_Session::_param('mail', $email);
Minz_Session::_param('passwordHash', $this->view->conf->passwordHash);
$ok &= $this->view->conf->save();
if ($email != '') { if ($email != '') {
$personaFile = DATA_PATH . '/persona/' . $email . '.txt'; $personaFile = DATA_PATH . '/persona/' . $email . '.txt';
@ -100,8 +104,9 @@ class FreshRSS_users_Controller extends Minz_ActionController {
if (!function_exists('password_hash')) { if (!function_exists('password_hash')) {
include_once(LIB_PATH . '/password_compat.php'); include_once(LIB_PATH . '/password_compat.php');
} }
$passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => 8)); $passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => self::BCRYPT_COST));
$passwordPlain = ''; $passwordPlain = '';
$ok &= ($passwordHash != '');
} }
if (empty($passwordHash)) { if (empty($passwordHash)) {
$passwordHash = ''; $passwordHash = '';

2
app/views/configure/users.phtml
Unescape View File

@ -34,14 +34,12 @@
</div> </div>
</div> </div>
<?php if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) { ?>
<div class="form-group form-actions"> <div class="form-group form-actions">
<div class="group-controls"> <div class="group-controls">
<button type="submit" class="btn btn-important"><?php echo Minz_Translate::t('save'); ?></button> <button type="submit" class="btn btn-important"><?php echo Minz_Translate::t('save'); ?></button>
<button type="reset" class="btn"><?php echo Minz_Translate::t('cancel'); ?></button> <button type="reset" class="btn"><?php echo Minz_Translate::t('cancel'); ?></button>
</div> </div>
</div> </div>
<?php } ?>
<?php if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) { ?> <?php if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) { ?>

Write Preview
Loading…
Cancel
Save