From d2799d168e0d885cb6de24cf012e2a909215fcd8 Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Thu, 18 Sep 2014 15:09:47 +0200
Subject: Improve resetAuth redirections

See https://github.com/marienfressinaud/FreshRSS/issues/521
---
 app/Controllers/indexController.php | 39 ++++++++++++++-----------------------
 1 file changed, 15 insertions(+), 24 deletions(-)

(limited to 'app/Controllers/indexController.php')

diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php
index 86863cc84..26e2618f0 100755
--- a/app/Controllers/indexController.php
+++ b/app/Controllers/indexController.php
@@ -451,6 +451,8 @@ class FreshRSS_index_Controller extends Minz_ActionController {
 			return;
 		}
 
+		invalidateHttpCache();
+
 		if (Minz_Request::isPost()) {
 			$nonce = Minz_Session::param('nonce');
 			$username = Minz_Request::param('username', '');
@@ -460,43 +462,32 @@ class FreshRSS_index_Controller extends Minz_ActionController {
 				                ' user=' . $username .
 				                ' challenge=' . $c .
 				                ' nonce=' . $nonce);
-				Minz_Session::_param('notification', array(
-					'type' => 'bad',
-					'content' => Minz_Translate::t('invalid_login')
-				));
-				return;
+				Minz_Request::bad(_t('invalid_login'),
+				                  array('c' => 'index', 'a' => 'resetAuth'));
 			}
 
 			if (!function_exists('password_verify')) {
 				include_once(LIB_PATH . '/password_compat.php');
 			}
 
-			try {
-				$s = $conf->passwordHash;
-				$ok = password_verify($nonce . $s, $c);
-				if (!$ok) {
-					Minz_Log::debug('Password mismatch for user ' . $username .
-					                ', nonce=' . $nonce . ', c=' . $c);
-					Minz_Session::_param('notification', array(
-						'type' => 'bad',
-						'content' => Minz_Translate::t('invalid_login')
-					));
-					return;
-				}
-
+			$s = $conf->passwordHash;
+			$ok = password_verify($nonce . $s, $c);
+			if ($ok) {
 				Minz_Configuration::_authType('form');
 				$ok = Minz_Configuration::writeFile();
 
 				if ($ok) {
 					Minz_Request::good(_t('auth_form_set'));
 				} else {
-					Minz_Session::_param('notification', array(
-						'type' => 'bad',
-						'content' => _t('auth_form_not_set')
-					));
+					Minz_Request::bad(_t('auth_form_not_set'),
+				                      array('c' => 'index', 'a' => 'resetAuth'));
 				}
-			} catch (Minz_Exception $e) {
-				Minz_Log::warning('Login failure: ' . $e->getMessage());
+			} else {
+				Minz_Log::debug('Password mismatch for user ' . $username .
+				                ', nonce=' . $nonce . ', c=' . $c);
+
+				Minz_Request::bad(_t('invalid_login'),
+				                  array('c' => 'index', 'a' => 'resetAuth'));
 			}
 		}
 	}
-- 
cgit v1.2.3