public function formLoginAction() { if (Minz_Request::isPost()) { $ok = false; $nonce = Minz_Session::param('nonce'); $username = Minz_Request::param('username', ''); $c = Minz_Request::param('challenge', ''); if (ctype_alnum($username) && ctype_graph($c) && ctype_alnum($nonce)) { if (!function_exists('password_verify')) { include_once LIB_PATH . '/password_compat.php'; } try { $conf = new FreshRSS_Configuration($username); $s = $conf->passwordHash; $ok = password_verify($nonce . $s, $c); if ($ok) { Minz_Session::_param('currentUser', $username); Minz_Session::_param('passwordHash', $s); } else { Minz_Log::record('Password mismatch for user ' . $username . ', nonce=' . $nonce . ', c=' . $c, Minz_Log::WARNING); } } catch (Minz_Exception $me) { Minz_Log::record('Login failure: ' . $me->getMessage(), Minz_Log::WARNING); } } else { Minz_Log::record('Invalid credential parameters: user='******' challenge=' . $c . ' nonce=' . $nonce, Minz_Log::DEBUG); } if (!$ok) { $notif = array('type' => 'bad', 'content' => Minz_Translate::t('invalid_login')); Minz_Session::_param('notification', $notif); } $this->view->_useLayout(false); Minz_Request::forward(array('c' => 'index', 'a' => 'index'), true); } elseif (!Minz_Configuration::canLogIn()) { Minz_Error::error(403, array('error' => array(Minz_Translate::t('access_denied')))); } invalidateHttpCache(); }