public function nonceAction()
{
header('Content-Type: application/json; charset=UTF-8');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s \\G\\M\\T'));
header('Expires: 0');
header('Cache-Control: private, no-cache, no-store, must-revalidate');
header('Pragma: no-cache');
$user = isset($_GET['user']) ? $_GET['user'] : '';
if (ctype_alnum($user)) {
try {
$conf = new FreshRSS_Configuration($user);
$s = $conf->passwordHash;
if (strlen($s) >= 60) {
$this->view->salt1 = substr($s, 0, 29);
//CRYPT_BLOWFISH Salt: "$2a$", a two digit cost parameter, "$", and 22 characters from the alphabet "./0-9A-Za-z".
$this->view->nonce = sha1(Minz_Configuration::salt() . uniqid(mt_rand(), true));
Minz_Session::_param('nonce', $this->view->nonce);
return;
//Success
}
} catch (Minz_Exception $me) {
Minz_Log::record('Nonce failure: ' . $me->getMessage(), Minz_Log::WARNING);
}
}
$this->view->nonce = '';
//Failure
$this->view->salt1 = '';
}
/**
* Parse un fichier de configuration
* @exception Minz_PermissionDeniedException si le CONF_PATH_NAME n'est pas accessible
* @exception Minz_BadConfigurationException si CONF_PATH_NAME mal formaté
*/
private static function parseFile()
{
$ini_array = (include DATA_PATH . self::CONF_PATH_NAME);
if (!is_array($ini_array)) {
throw new Minz_PermissionDeniedException(DATA_PATH . self::CONF_PATH_NAME, Minz_Exception::ERROR);
}
// [general] est obligatoire
if (!isset($ini_array['general'])) {
throw new Minz_BadConfigurationException('[general]', Minz_Exception::ERROR);
}
$general = $ini_array['general'];
// salt est obligatoire
if (!isset($general['salt'])) {
if (isset($general['sel_application'])) {
//v0.6
$general['salt'] = $general['sel_application'];
} else {
throw new Minz_BadConfigurationException('salt', Minz_Exception::ERROR);
}
}
self::$salt = $general['salt'];
if (isset($general['environment'])) {
switch ($general['environment']) {
case 'silent':
self::$environment = Minz_Configuration::SILENT;
break;
case 'development':
self::$environment = Minz_Configuration::DEVELOPMENT;
break;
case 'production':
self::$environment = Minz_Configuration::PRODUCTION;
break;
default:
if ($general['environment'] >= 0 && $general['environment'] <= 2) {
// fallback 0.7-beta
self::$environment = $general['environment'];
} else {
throw new Minz_BadConfigurationException('environment', Minz_Exception::ERROR);
}
}
}
if (isset($general['base_url'])) {
self::$base_url = $general['base_url'];
}
if (isset($general['use_url_rewriting'])) {
self::$use_url_rewriting = $general['use_url_rewriting'];
}
if (isset($general['title'])) {
self::$title = $general['title'];
}
if (isset($general['language'])) {
self::$language = $general['language'];
}
if (isset($general['cache_enabled'])) {
self::$cache_enabled = $general['cache_enabled'];
if (CACHE_PATH === false && self::$cache_enabled) {
throw new FileNotExistException('CACHE_PATH', Minz_Exception::ERROR);
}
}
if (isset($general['delay_cache'])) {
self::$delay_cache = inval($general['delay_cache']);
}
if (isset($general['default_user'])) {
self::$default_user = $general['default_user'];
}
if (isset($general['auth_type'])) {
self::_authType($general['auth_type']);
}
if (isset($general['allow_anonymous'])) {
self::$allow_anonymous = (bool) $general['allow_anonymous'] && $general['allow_anonymous'] !== 'no';
}
if (isset($general['allow_anonymous_refresh'])) {
self::$allow_anonymous_refresh = (bool) $general['allow_anonymous_refresh'] && $general['allow_anonymous_refresh'] !== 'no';
}
// Base de données
if (isset($ini_array['db'])) {
$db = $ini_array['db'];
if (empty($db['host'])) {
throw new Minz_BadConfigurationException('host', Minz_Exception::ERROR);
}
if (empty($db['user'])) {
throw new Minz_BadConfigurationException('user', Minz_Exception::ERROR);
}
if (!isset($db['password'])) {
throw new Minz_BadConfigurationException('password', Minz_Exception::ERROR);
}
if (empty($db['base'])) {
throw new Minz_BadConfigurationException('base', Minz_Exception::ERROR);
}
if (!empty($db['type'])) {
self::$db['type'] = $db['type'];
}
self::$db['host'] = $db['host'];
self::$db['user'] = $db['user'];
self::$db['password'] = $db['password'];
self::$db['base'] = $db['base'];
if (isset($db['prefix'])) {
self::$db['prefix'] = $db['prefix'];
}
}
}
function unlock()
{
$lock = TMP_PATH . '/' . md5(Minz_Configuration::salt() . $this->url) . '.freshrss.lock';
@unlink($lock);
}
