Merge pull request #1016 from Alkarex/login403

HTTP 403 for invalid login
author: Marien Fressinaud <dev@marienfressinaud.fr> 2015-10-27 20:31:57 +0100
committer: Marien Fressinaud <dev@marienfressinaud.fr> 2015-10-27 20:31:57 +0100
commit: d677495ca3ded1a65c974fcdc29e989cdae2b583 (patch)
tree: 83d8113d63a79707e98610d5f347f8e761416f0b /app/Controllers/javascriptController.php
parent: b8b0ba6f244b37f5b823f05b6ef00f4684b3d89b (diff)
parent: c992b683a8467de60136e4d4b1860f06a746c6b1 (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/app/Controllers/javascriptController.php b/app/Controllers/javascriptController.php
index 421cf6f72..e3ae3669e 100755
--- a/app/Controllers/javascriptController.php
+++ b/app/Controllers/javascriptController.php
@@ -43,7 +43,12 @@ class FreshRSS_javascript_Controller extends Minz_ActionController {
 		} else {
 			Minz_Log::notice('Nonce failure due to invalid username!');
 		}
-		$this->view->nonce = '';	//Failure
-		$this->view->salt1 = '';
+		//Failure: Return random data.
+		$this->view->salt1 = sprintf('$2a$%02d$', FreshRSS_user_Controller::BCRYPT_COST);
+		$alphabet = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+		for ($i = 22; $i > 0; $i--) {
+			$this->view->salt1 .= $alphabet[rand(0, 63)];
+		}
+		$this->view->nonce = sha1(rand());
 	}
 }
author	Marien Fressinaud <dev@marienfressinaud.fr>	2015-10-27 20:31:57 +0100
committer	Marien Fressinaud <dev@marienfressinaud.fr>	2015-10-27 20:31:57 +0100
commit	d677495ca3ded1a65c974fcdc29e989cdae2b583 (patch)
tree	83d8113d63a79707e98610d5f347f8e761416f0b /app/Controllers/javascriptController.php
parent	b8b0ba6f244b37f5b823f05b6ef00f4684b3d89b (diff)
parent	c992b683a8467de60136e4d4b1860f06a746c6b1 (diff)