public function authAction()
{
if (Minz_Request::isPost()) {
$ok = true;
$passwordPlain = Minz_Request::param('passwordPlain', false);
if ($passwordPlain != '') {
Minz_Request::_param('passwordPlain');
//Discard plain-text password ASAP
$_POST['passwordPlain'] = '';
if (!function_exists('password_hash')) {
include_once LIB_PATH . '/password_compat.php';
}
$passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => self::BCRYPT_COST));
$passwordPlain = '';
$passwordHash = preg_replace('/^\\$2[xy]\\$/', '\\$2a\\$', $passwordHash);
//Compatibility with bcrypt.js
$ok &= $passwordHash != '';
$this->view->conf->_passwordHash($passwordHash);
}
Minz_Session::_param('passwordHash', $this->view->conf->passwordHash);
if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) {
$this->view->conf->_mail_login(Minz_Request::param('mail_login', false));
}
$email = $this->view->conf->mail_login;
Minz_Session::_param('mail', $email);
$ok &= $this->view->conf->save();
if ($email != '') {
$personaFile = DATA_PATH . '/persona/' . $email . '.txt';
@unlink($personaFile);
$ok &= file_put_contents($personaFile, Minz_Session::param('currentUser', '_')) !== false;
}
if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) {
$current_token = $this->view->conf->token;
$token = Minz_Request::param('token', $current_token);
$this->view->conf->_token($token);
$ok &= $this->view->conf->save();
$anon = Minz_Request::param('anon_access', false);
$anon = (bool) $anon && $anon !== 'no';
$anon_refresh = Minz_Request::param('anon_refresh', false);
$anon_refresh = (bool) $anon_refresh && $anon_refresh !== 'no';
$auth_type = Minz_Request::param('auth_type', 'none');
if ($anon != Minz_Configuration::allowAnonymous() || $auth_type != Minz_Configuration::authType() || $anon_refresh != Minz_Configuration::allowAnonymousRefresh()) {
Minz_Configuration::_authType($auth_type);
Minz_Configuration::_allowAnonymous($anon);
Minz_Configuration::_allowAnonymousRefresh($anon_refresh);
$ok &= Minz_Configuration::writeFile();
}
}
invalidateHttpCache();
$notif = array('type' => $ok ? 'good' : 'bad', 'content' => Minz_Translate::t($ok ? 'configuration_updated' : 'error_occurred'));
Minz_Session::_param('notification', $notif);
}
Minz_Request::forward(array('c' => 'configure', 'a' => 'users'), true);
}
public function firstAction()
{
if (!$this->view->loginOk) {
// Token is useful in the case that anonymous refresh is forbidden
// and CRON task cannot be used with php command so the user can
// set a CRON task to refresh his feeds by using token inside url
$token = $this->view->conf->token;
$token_param = Minz_Request::param('token', '');
$token_is_ok = $token != '' && $token == $token_param;
$action = Minz_Request::actionName();
if (!(($token_is_ok || Minz_Configuration::allowAnonymousRefresh()) && $action === 'actualize')) {
Minz_Error::error(403, array('error' => array(Minz_Translate::t('access_denied'))));
}
}
}
