Configuration du mot de passe

https://github.com/marienfressinaud/FreshRSS/issues/104
author: Alexandre Alapetite <alexandre@alapetite.fr> 2014-01-11 17:13:22 +0100
committer: Alexandre Alapetite <alexandre@alapetite.fr> 2014-01-11 17:13:22 +0100
commit: 43f1b227b459f8edade9d551164c18f56cfa1925 (patch)
tree: b3d79d6c4c3a555191418564a51d5473f2f2df74 /app/Controllers/usersController.php
parent: eb50ab3b61ee2280dac2696598a58803e246fe22 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/app/Controllers/usersController.php b/app/Controllers/usersController.php
index 482e35c3e..8954c845d 100644
--- a/app/Controllers/usersController.php
+++ b/app/Controllers/usersController.php
@@ -14,8 +14,21 @@ class FreshRSS_users_Controller extends Minz_ActionController {
 		if (Minz_Request::isPost()) {
 			$ok = true;
 
+			$passwordPlain = Minz_Request::param('passwordPlain', false);
+			if ($passwordPlain != '') {
+				Minz_Request::_param('passwordPlain');	//Discard plain-text password ASAP
+				$_POST['passwordPlain'] = '';
+				if (!function_exists('password_hash')) {
+					include_once(LIB_PATH . '/password_compat.php');
+				}
+				$passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT);	//A bit expensive, on purpose
+				$passwordPlain = '';
+				$this->view->conf->_passwordHash($passwordHash);
+			}
+
 			$mail = Minz_Request::param('mail_login', false);
 			$this->view->conf->_mail_login($mail);
+
 			$ok &= $this->view->conf->save();
 
 			$email = $this->view->conf->mail_login;
author	Alexandre Alapetite <alexandre@alapetite.fr>	2014-01-11 17:13:22 +0100
committer	Alexandre Alapetite <alexandre@alapetite.fr>	2014-01-11 17:13:22 +0100
commit	43f1b227b459f8edade9d551164c18f56cfa1925 (patch)
tree	b3d79d6c4c3a555191418564a51d5473f2f2df74 /app/Controllers/usersController.php
parent	eb50ab3b61ee2280dac2696598a58803e246fe22 (diff)