aboutsummaryrefslogtreecommitdiff
path: root/app/views/auth
diff options
context:
space:
mode:
Diffstat (limited to 'app/views/auth')
-rw-r--r--app/views/auth/formLogin.phtml1
-rw-r--r--app/views/auth/index.phtml4
-rw-r--r--app/views/auth/personaLogin.phtml28
-rw-r--r--app/views/auth/register.phtml60
-rw-r--r--app/views/auth/reset.phtml33
5 files changed, 31 insertions, 95 deletions
diff --git a/app/views/auth/formLogin.phtml b/app/views/auth/formLogin.phtml
index b0083944f..4bbc8ed55 100644
--- a/app/views/auth/formLogin.phtml
+++ b/app/views/auth/formLogin.phtml
@@ -6,6 +6,7 @@
<?php } ?>
<form id="crypto-form" method="post" action="<?php echo _url('auth', 'login'); ?>">
+ <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
<div>
<label for="username"><?php echo _t('gen.auth.username'); ?></label>
<input type="text" id="username" name="username" size="16" required="required" maxlength="16" pattern="[0-9a-zA-Z]{1,16}" autofocus="autofocus" />
diff --git a/app/views/auth/index.phtml b/app/views/auth/index.phtml
index 8e4df8c2c..74e692ec5 100644
--- a/app/views/auth/index.phtml
+++ b/app/views/auth/index.phtml
@@ -4,17 +4,17 @@
<a href="<?php echo _url('index', 'index'); ?>"><?php echo _t('gen.action.back_to_rss_feeds'); ?></a>
<form method="post" action="<?php echo _url('auth', 'index'); ?>">
+ <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
<legend><?php echo _t('admin.auth.type'); ?></legend>
<div class="form-group">
<label class="group-name" for="auth_type"><?php echo _t('admin.auth.type'); ?></label>
<div class="group-controls">
<select id="auth_type" name="auth_type" required="required" data-leave-validation="<?php echo FreshRSS_Context::$system_conf->auth_type; ?>">
- <?php if (!in_array(FreshRSS_Context::$system_conf->auth_type, array('form', 'persona', 'http_auth', 'none'))) { ?>
+ <?php if (!in_array(FreshRSS_Context::$system_conf->auth_type, array('form', 'http_auth', 'none'))) { ?>
<option selected="selected"></option>
<?php } ?>
<option value="form"<?php echo FreshRSS_Context::$system_conf->auth_type === 'form' ? ' selected="selected"' : '', cryptAvailable() ? '' : ' disabled="disabled"'; ?>><?php echo _t('admin.auth.form'); ?></option>
- <option value="persona"<?php echo FreshRSS_Context::$system_conf->auth_type === 'persona' ? ' selected="selected"' : '', FreshRSS_Context::$user_conf->mail_login == '' ? ' disabled="disabled"' : ''; ?>><?php echo _t('admin.auth.persona'); ?></option>
<option value="http_auth"<?php echo FreshRSS_Context::$system_conf->auth_type === 'http_auth' ? ' selected="selected"' : '', httpAuthUser() == '' ? ' disabled="disabled"' : ''; ?>><?php echo _t('admin.auth.http'); ?> (REMOTE_USER = '<?php echo httpAuthUser(); ?>')</option>
<option value="none"<?php echo FreshRSS_Context::$system_conf->auth_type === 'none' ? ' selected="selected"' : ''; ?>><?php echo _t('admin.auth.none'); ?></option>
</select>
diff --git a/app/views/auth/personaLogin.phtml b/app/views/auth/personaLogin.phtml
deleted file mode 100644
index c6d738bf6..000000000
--- a/app/views/auth/personaLogin.phtml
+++ /dev/null
@@ -1,28 +0,0 @@
-<?php if ($this->res === false) { ?>
-<div class="prompt">
- <h1><?php echo _t('gen.auth.login'); ?></h1>
-
- <?php if (!max_registrations_reached()) { ?>
- <a href="<?php echo _url('auth', 'register'); ?>"><?php echo _t('gen.auth.registration.ask'); ?></a>
- <?php } ?>
-
- <p>
- <a class="signin btn btn-important" href="<?php echo _url('auth', 'login'); ?>">
- <?php echo _i('login'); ?> <?php echo _t('gen.auth.login_persona'); ?>
- </a>
-
- <br /><br />
-
- <?php echo _i('help'); ?>
- <small>
- <a href="<?php echo _url('auth', 'reset'); ?>"><?php echo _t('gen.auth.login_persona_problem'); ?></a>
- </small>
- </p>
-
- <p><a href="<?php echo _url('index', 'about'); ?>"><?php echo _t('gen.freshrss.about'); ?></a></p>
-</div>
-<?php
-} else {
- echo json_encode($this->res);
-}
-?>
diff --git a/app/views/auth/register.phtml b/app/views/auth/register.phtml
index 306679601..1f9976391 100644
--- a/app/views/auth/register.phtml
+++ b/app/views/auth/register.phtml
@@ -1,38 +1,34 @@
<div class="prompt">
- <h1><?php echo _t('gen.auth.registration'); ?></h1>
+ <h1><?php echo _t('gen.auth.registration'); ?></h1>
- <form method="post" action="<?php echo _url('user', 'create'); ?>">
- <div>
- <label class="group-name" for="new_user_name"><?php echo _t('gen.auth.username'), '<br />', _i('help'), ' ', _t('gen.auth.username.format'); ?></label>
- <input id="new_user_name" name="new_user_name" type="text" size="16" required="required" maxlength="16" autocomplete="off" pattern="[0-9a-zA-Z]{1,16}" />
- </div>
+ <form method="post" action="<?php echo _url('user', 'create'); ?>">
+ <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
+ <div>
+ <label class="group-name" for="new_user_name"><?php echo _t('gen.auth.username'), '<br />', _i('help'), ' ', _t('gen.auth.username.format'); ?></label>
+ <input id="new_user_name" name="new_user_name" type="text" size="16" required="required" maxlength="16" autocomplete="off" pattern="[0-9a-zA-Z]{1,16}" />
+ </div>
- <div>
- <label class="group-name" for="new_user_passwordPlain"><?php echo _t('gen.auth.password'), '<br />', _i('help'), ' ', _t('gen.auth.password.format'); ?></label>
- <div class="stick">
- <input type="password" id="new_user_passwordPlain" name="new_user_passwordPlain" required="required" autocomplete="off" pattern=".{7,}" />
- <a class="btn toggle-password" data-toggle="new_user_passwordPlain"><?php echo _i('key'); ?></a>
- </div>
- <noscript><b><?php echo _t('gen.js.should_be_activated'); ?></b></noscript>
- </div>
+ <div>
+ <label class="group-name" for="new_user_passwordPlain"><?php echo _t('gen.auth.password'), '<br />', _i('help'), ' ', _t('gen.auth.password.format'); ?></label>
+ <div class="stick">
+ <input type="password" id="new_user_passwordPlain" name="new_user_passwordPlain" required="required" autocomplete="off" pattern=".{7,}" />
+ <a class="btn toggle-password" data-toggle="new_user_passwordPlain"><?php echo _i('key'); ?></a>
+ </div>
+ <noscript><b><?php echo _t('gen.js.should_be_activated'); ?></b></noscript>
+ </div>
- <div>
- <label class="group-name" for="new_user_email"><?php echo _t('gen.auth.email'); ?></label>
- <input type="email" id="new_user_email" name="new_user_email" class="extend" required="required" autocomplete="off" />
- </div>
+ <div>
+ <?php
+ $redirect_url = urlencode(Minz_Url::display(
+ array('c' => 'index', 'a' => 'index'),
+ 'php', true
+ ));
+ ?>
+ <input type="hidden" name="r" value="<?php echo $redirect_url; ?>" />
+ <button type="submit" class="btn btn-important"><?php echo _t('gen.action.create'); ?></button>
+ <a class="btn" href="<?php echo _url('index', 'index'); ?>"><?php echo _t('gen.action.cancel'); ?></a>
+ </div>
+ </form>
- <div>
- <?php
- $redirect_url = urlencode(Minz_Url::display(
- array('c' => 'index', 'a' => 'index'),
- 'php', true
- ));
- ?>
- <input type="hidden" name="r" value="<?php echo $redirect_url; ?>" />
- <button type="submit" class="btn btn-important"><?php echo _t('gen.action.create'); ?></button>
- <a class="btn" href="<?php echo _url('index', 'index'); ?>"><?php echo _t('gen.action.cancel'); ?></a>
- </div>
- </form>
-
- <p><a href="<?php echo _url('index', 'about'); ?>"><?php echo _t('gen.freshrss.about'); ?></a></p>
+ <p><a href="<?php echo _url('index', 'about'); ?>"><?php echo _t('gen.freshrss.about'); ?></a></p>
</div>
diff --git a/app/views/auth/reset.phtml b/app/views/auth/reset.phtml
deleted file mode 100644
index 9c820c7c8..000000000
--- a/app/views/auth/reset.phtml
+++ /dev/null
@@ -1,33 +0,0 @@
-<div class="prompt">
- <h1><?php echo _t('gen.auth.reset'); ?></h1>
-
- <?php if (!empty($this->message)) { ?>
- <p class="alert <?php echo $this->message['status'] === 'bad' ? 'alert-error' : 'alert-warn'; ?>">
- <span class="alert-head"><?php echo $this->message['title']; ?></span><br />
- <?php echo $this->message['body']; ?>
- </p>
- <?php } ?>
-
- <?php if (!$this->no_form) { ?>
- <form id="crypto-form" method="post" action="<?php echo _url('auth', 'reset'); ?>">
- <p class="alert alert-warn">
- <span class="alert-head"><?php echo _t('gen.short.attention'); ?></span><br />
- <?php echo _t('gen.auth.will_reset'); ?>
- </p>
-
- <div>
- <label for="username"><?php echo _t('gen.auth.username.admin'); ?></label>
- <input type="text" id="username" name="username" size="16" required="required" maxlength="16" pattern="[0-9a-zA-Z]{1,16}" autofocus="autofocus" />
- </div>
- <div>
- <label for="passwordPlain"><?php echo _t('gen.auth.password'); ?></label>
- <input type="password" id="passwordPlain" required="required" />
- <input type="hidden" id="challenge" name="challenge" /><br />
- <noscript><strong><?php echo _t('gen.js.should_be_activated'); ?></strong></noscript>
- </div>
- <div>
- <button id="loginButton" type="submit" class="btn btn-important"><?php echo _t('gen.action.submit'); ?></button>
- </div>
- </form>
- <?php } ?>
-</div>
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-10 07:17:34 +0000