API: Real password system

https://github.com/marienfressinaud/FreshRSS/issues/13 Expiring token not implemented yet
author: Alexandre Alapetite <alexandre@alapetite.fr> 2014-03-01 14:45:58 +0100
committer: Alexandre Alapetite <alexandre@alapetite.fr> 2014-03-01 14:45:58 +0100
commit: 29b3bbfe284a6e56413a2e89b740ffc4172c6847 (patch)
tree: 5e1b74f889f071e3e45beca09673304629e79f74 /app/Controllers/usersController.php
parent: f44683b5671b323ba96f0c4cd47ba9458e934679 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/app/Controllers/usersController.php b/app/Controllers/usersController.php
index bb4f34c5e..b03989cd7 100644
--- a/app/Controllers/usersController.php
+++ b/app/Controllers/usersController.php
@@ -32,6 +32,18 @@ class FreshRSS_users_Controller extends Minz_ActionController {
 			}
 			Minz_Session::_param('passwordHash', $this->view->conf->passwordHash);
 
+			$passwordPlain = Minz_Request::param('apiPasswordPlain', false);
+			if ($passwordPlain != '') {
+				if (!function_exists('password_hash')) {
+					include_once(LIB_PATH . '/password_compat.php');
+				}
+				$passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => self::BCRYPT_COST));
+				$passwordPlain = '';
+				$passwordHash = preg_replace('/^\$2[xy]\$/', '\$2a\$', $passwordHash);	//Compatibility with bcrypt.js
+				$ok &= ($passwordHash != '');
+				$this->view->conf->_apiPasswordHash($passwordHash);
+			}
+
 			if (Minz_Configuration::isAdmin(Minz_Session::param('currentUser', '_'))) {
 				$this->view->conf->_mail_login(Minz_Request::param('mail_login', false));
 			}
author	Alexandre Alapetite <alexandre@alapetite.fr>	2014-03-01 14:45:58 +0100
committer	Alexandre Alapetite <alexandre@alapetite.fr>	2014-03-01 14:45:58 +0100
commit	29b3bbfe284a6e56413a2e89b740ffc4172c6847 (patch)
tree	5e1b74f889f071e3e45beca09673304629e79f74 /app/Controllers/usersController.php
parent	f44683b5671b323ba96f0c4cd47ba9458e934679 (diff)