public function authAction() { if (Minz_Request::isPost()) { $ok = true; $passwordPlain = Minz_Request::param('passwordPlain', false); if ($passwordPlain != '') { Minz_Request::_param('passwordPlain'); //Discard plain-text password ASAP $_POST['passwordPlain'] = ''; if (!function_exists('password_hash')) { include_once LIB_PATH . '/password_compat.php'; } $passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => self::BCRYPT_COST)); $passwordPlain = ''; $passwordHash = preg_replace('/^\\$2[xy]\\$/', '\\$2a\\$', $passwordHash); //Compatibility with bcrypt.js $ok &= $passwordHash != ''; $this->view->conf->_passwordHash($passwordHash); } Minz_Session::_param('passwordHash', $this->view->conf->passwordHash); if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) { $this->view->conf->_mail_login(Minz_Request::param('mail_login', false)); } $email = $this->view->conf->mail_login; Minz_Session::_param('mail', $email); $ok &= $this->view->conf->save(); if ($email != '') { $personaFile = DATA_PATH . '/persona/' . $email . '.txt'; @unlink($personaFile); $ok &= file_put_contents($personaFile, Minz_Session::param('currentUser', '_')) !== false; } if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) { $current_token = $this->view->conf->token; $token = Minz_Request::param('token', $current_token); $this->view->conf->_token($token); $ok &= $this->view->conf->save(); $anon = Minz_Request::param('anon_access', false); $anon = (bool) $anon && $anon !== 'no'; $anon_refresh = Minz_Request::param('anon_refresh', false); $anon_refresh = (bool) $anon_refresh && $anon_refresh !== 'no'; $auth_type = Minz_Request::param('auth_type', 'none'); if ($anon != Minz_Configuration::allowAnonymous() || $auth_type != Minz_Configuration::authType() || $anon_refresh != Minz_Configuration::allowAnonymousRefresh()) { Minz_Configuration::_authType($auth_type); Minz_Configuration::_allowAnonymous($anon); Minz_Configuration::_allowAnonymousRefresh($anon_refresh); $ok &= Minz_Configuration::writeFile(); } } invalidateHttpCache(); $notif = array('type' => $ok ? 'good' : 'bad', 'content' => Minz_Translate::t($ok ? 'configuration_updated' : 'error_occurred')); Minz_Session::_param('notification', $notif); } Minz_Request::forward(array('c' => 'configure', 'a' => 'users'), true); }
private function loadStylesAndScripts($loginOk) { $theme = FreshRSS_Themes::load($this->conf->theme); if ($theme) { foreach ($theme['files'] as $file) { Minz_View::appendStyle(Minz_Url::display('/themes/' . $theme['id'] . '/' . $file . '?' . @filemtime(PUBLIC_PATH . '/themes/' . $theme['id'] . '/' . $file))); } } switch (Minz_Configuration::authType()) { case 'form': if (!$loginOk) { Minz_View::appendScript(Minz_Url::display('/scripts/bcrypt.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/bcrypt.min.js'))); } break; case 'persona': Minz_View::appendScript('https://login.persona.org/include.js'); break; } $includeLazyLoad = $this->conf->lazyload && ($this->conf->display_posts || Minz_Request::param('output') === 'reader'); Minz_View::appendScript(Minz_Url::display('/scripts/jquery.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/jquery.min.js')), false, !$includeLazyLoad, !$includeLazyLoad); if ($includeLazyLoad) { Minz_View::appendScript(Minz_Url::display('/scripts/jquery.lazyload.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/jquery.lazyload.min.js'))); } Minz_View::appendScript(Minz_Url::display('/scripts/shortcut.js?' . @filemtime(PUBLIC_PATH . '/scripts/shortcut.js'))); Minz_View::appendScript(Minz_Url::display('/scripts/main.js?' . @filemtime(PUBLIC_PATH . '/scripts/main.js'))); }