diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2014-01-12 14:00:02 +0100 |
|---|---|---|
| committer | Alexandre Alapetite <alexandre@alapetite.fr>
| 2014-01-12 14:00:02 +0100 |
| commit | 0f481f7f24dfad3bf9775213f487dd6802b6cb6a (patch) | |
| tree | f35bcb78131bae088e8ed28466be40a4ce23de3f /app/Controllers/usersController.php | |
| parent | d58886a937cbe425163526fc2ba3d2a118602035 (diff) | |
Permet aux utilisations non-administrateurs de changer leur mot de passe
https://github.com/marienfressinaud/FreshRSS/issues/104
Diffstat (limited to 'app/Controllers/usersController.php')
| -rw-r--r-- | app/Controllers/usersController.php | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/app/Controllers/usersController.php b/app/Controllers/usersController.php index cb5ebd209..7e44b3d35 100644 --- a/app/Controllers/usersController.php +++ b/app/Controllers/usersController.php @@ -1,6 +1,9 @@ <?php class FreshRSS_users_Controller extends Minz_ActionController { + + const BCRYPT_COST = 9; //Will also have to be computed client side on mobile devices, so do not use a too high cost + public function firstAction() { if (!$this->view->loginOk) { Minz_Error::error( @@ -21,20 +24,21 @@ class FreshRSS_users_Controller extends Minz_ActionController { if (!function_exists('password_hash')) { include_once(LIB_PATH . '/password_compat.php'); } - $passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => 8)); //This will also have to be computed client side on mobile devices, so do not use a too high cost + $passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => self::BCRYPT_COST)); $passwordPlain = ''; $passwordHash = preg_replace('/^\$2[xy]\$/', '\$2a\$', $passwordHash); //Compatibility with bcrypt.js + $ok &= ($passwordHash != ''); $this->view->conf->_passwordHash($passwordHash); } + Minz_Session::_param('passwordHash', $this->view->conf->passwordHash); - $email = Minz_Request::param('mail_login', false); - $this->view->conf->_mail_login($email); - - $ok &= $this->view->conf->save(); - + if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) { + $this->view->conf->_mail_login(Minz_Request::param('mail_login', false)); + } $email = $this->view->conf->mail_login; Minz_Session::_param('mail', $email); - Minz_Session::_param('passwordHash', $this->view->conf->passwordHash); + + $ok &= $this->view->conf->save(); if ($email != '') { $personaFile = DATA_PATH . '/persona/' . $email . '.txt'; @@ -100,8 +104,9 @@ class FreshRSS_users_Controller extends Minz_ActionController { if (!function_exists('password_hash')) { include_once(LIB_PATH . '/password_compat.php'); } - $passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => 8)); + $passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => self::BCRYPT_COST)); $passwordPlain = ''; + $ok &= ($passwordHash != ''); } if (empty($passwordHash)) { $passwordHash = ''; |