public function nonceAction() { header('Content-Type: application/json; charset=UTF-8'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s \\G\\M\\T')); header('Expires: 0'); header('Cache-Control: private, no-cache, no-store, must-revalidate'); header('Pragma: no-cache'); $user = isset($_GET['user']) ? $_GET['user'] : ''; if (ctype_alnum($user)) { try { $conf = new FreshRSS_Configuration($user); $s = $conf->passwordHash; if (strlen($s) >= 60) { $this->view->salt1 = substr($s, 0, 29); //CRYPT_BLOWFISH Salt: "$2a$", a two digit cost parameter, "$", and 22 characters from the alphabet "./0-9A-Za-z". $this->view->nonce = sha1(Minz_Configuration::salt() . uniqid(mt_rand(), true)); Minz_Session::_param('nonce', $this->view->nonce); return; //Success } } catch (Minz_Exception $me) { Minz_Log::record('Nonce failure: ' . $me->getMessage(), Minz_Log::WARNING); } } $this->view->nonce = ''; //Failure $this->view->salt1 = ''; }
/** * Parse un fichier de configuration * @exception Minz_PermissionDeniedException si le CONF_PATH_NAME n'est pas accessible * @exception Minz_BadConfigurationException si CONF_PATH_NAME mal formaté */ private static function parseFile() { $ini_array = (include DATA_PATH . self::CONF_PATH_NAME); if (!is_array($ini_array)) { throw new Minz_PermissionDeniedException(DATA_PATH . self::CONF_PATH_NAME, Minz_Exception::ERROR); } // [general] est obligatoire if (!isset($ini_array['general'])) { throw new Minz_BadConfigurationException('[general]', Minz_Exception::ERROR); } $general = $ini_array['general']; // salt est obligatoire if (!isset($general['salt'])) { if (isset($general['sel_application'])) { //v0.6 $general['salt'] = $general['sel_application']; } else { throw new Minz_BadConfigurationException('salt', Minz_Exception::ERROR); } } self::$salt = $general['salt']; if (isset($general['environment'])) { switch ($general['environment']) { case 'silent': self::$environment = Minz_Configuration::SILENT; break; case 'development': self::$environment = Minz_Configuration::DEVELOPMENT; break; case 'production': self::$environment = Minz_Configuration::PRODUCTION; break; default: if ($general['environment'] >= 0 && $general['environment'] <= 2) { // fallback 0.7-beta self::$environment = $general['environment']; } else { throw new Minz_BadConfigurationException('environment', Minz_Exception::ERROR); } } } if (isset($general['base_url'])) { self::$base_url = $general['base_url']; } if (isset($general['use_url_rewriting'])) { self::$use_url_rewriting = $general['use_url_rewriting']; } if (isset($general['title'])) { self::$title = $general['title']; } if (isset($general['language'])) { self::$language = $general['language']; } if (isset($general['cache_enabled'])) { self::$cache_enabled = $general['cache_enabled']; if (CACHE_PATH === false && self::$cache_enabled) { throw new FileNotExistException('CACHE_PATH', Minz_Exception::ERROR); } } if (isset($general['delay_cache'])) { self::$delay_cache = inval($general['delay_cache']); } if (isset($general['default_user'])) { self::$default_user = $general['default_user']; } if (isset($general['auth_type'])) { self::_authType($general['auth_type']); } if (isset($general['allow_anonymous'])) { self::$allow_anonymous = (bool) $general['allow_anonymous'] && $general['allow_anonymous'] !== 'no'; } if (isset($general['allow_anonymous_refresh'])) { self::$allow_anonymous_refresh = (bool) $general['allow_anonymous_refresh'] && $general['allow_anonymous_refresh'] !== 'no'; } // Base de données if (isset($ini_array['db'])) { $db = $ini_array['db']; if (empty($db['host'])) { throw new Minz_BadConfigurationException('host', Minz_Exception::ERROR); } if (empty($db['user'])) { throw new Minz_BadConfigurationException('user', Minz_Exception::ERROR); } if (!isset($db['password'])) { throw new Minz_BadConfigurationException('password', Minz_Exception::ERROR); } if (empty($db['base'])) { throw new Minz_BadConfigurationException('base', Minz_Exception::ERROR); } if (!empty($db['type'])) { self::$db['type'] = $db['type']; } self::$db['host'] = $db['host']; self::$db['user'] = $db['user']; self::$db['password'] = $db['password']; self::$db['base'] = $db['base']; if (isset($db['prefix'])) { self::$db['prefix'] = $db['prefix']; } } }
function unlock() { $lock = TMP_PATH . '/' . md5(Minz_Configuration::salt() . $this->url) . '.freshrss.lock'; @unlink($lock); }