Mot de passe + nonce serveur

Début de https://github.com/marienfressinaud/FreshRSS/issues/104

1 files changed, 27 insertions, 0 deletions

diff --git a/app/Controllers/javascriptController.php b/app/Controllers/javascriptController.php
index 2d0ff4984..e29f439d8 100755
--- a/app/Controllers/javascriptController.php
+++ b/app/Controllers/javascriptController.php
@@ -16,4 +16,31 @@ class FreshRSS_javascript_Controller extends Minz_ActionController {
 		$catDAO = new FreshRSS_CategoryDAO();
 		$this->view->categories = $catDAO->listCategories(true, false);
 	}
+
+	// For Web-form login
+	public function nonceAction() {
+		header('Content-Type: application/json; charset=UTF-8');
+		header('Last-Modified: ' . gmdate('D, d M Y H:i:s \G\M\T'));
+		header('Expires: 0');
+		header('Cache-Control: private, no-cache, no-store, must-revalidate');
+		header('Pragma: no-cache');
+
+		$user = isset($_GET['user']) ? $_GET['user'] : '';
+		if (ctype_alnum($user)) {
+			try {
+				$conf = new FreshRSS_Configuration($user);
+				$hash = $conf->passwordHash;	//CRYPT_BLOWFISH - Blowfish hashing with a salt as follows: "$2a$", "$2x$" or "$2y$", a two digit cost parameter, "$", and 22 characters from the alphabet "./0-9A-Za-z".
+				if (strlen($hash) >= 60) {
+					$this->view->salt1 = substr($hash, 0, 29);
+					$this->view->nonce = sha1(Minz_Configuration::salt() . uniqid(mt_rand(), true));
+					Minz_Session::_param ('nonce', $this->view->nonce);
+					return;	//Success
+				}
+			} catch (Minz_Exception $me) {
+				Minz_Log::record ('Login failure: ' . $me->getMessage(), Minz_Log::WARNING);
+			}
+		}
+		$this->view->nonce = '';	//Failure
+		$this->view->salt1 = '';
+	}
 }