hace 12 años · 7a510af73a
--- a/app/Controllers/indexController.php
+++ b/app/Controllers/indexController.php
@@ -320,6 +320,8 @@ class FreshRSS_index_Controller extends Minz_ActionController {
 
				 				} catch (Minz_Exception $me) {
			
 
				 					Minz_Log::record('Login failure: ' . $me->getMessage(), Minz_Log::WARNING);
			
 
				 				}
			
 
				+			} else {
			
 
				+				Minz_Log::record('Invalid credential parameters: user=' . $username . ' challenge=' . $c . ' nonce=' . $nonce, Minz_Log::DEBUG);
			
 
				 			}
			
 
				 			if (!$ok) {
			
 
				 				$notif = array(
			
--- a/app/Controllers/javascriptController.php
+++ b/app/Controllers/javascriptController.php
@@ -37,7 +37,7 @@ class FreshRSS_javascript_Controller extends Minz_ActionController {
 
				 					return;	//Success
			
 
				 				}
			
 
				 			} catch (Minz_Exception $me) {
			
 
				-				Minz_Log::record('Login failure: ' . $me->getMessage(), Minz_Log::WARNING);
			
 
				+				Minz_Log::record('Nonce failure: ' . $me->getMessage(), Minz_Log::WARNING);
			
 
				 			}
			
 
				 		}
			
 
				 		$this->view->nonce = '';	//Failure
			
--- a/app/Controllers/usersController.php
+++ b/app/Controllers/usersController.php
@@ -106,6 +106,7 @@ class FreshRSS_users_Controller extends Minz_ActionController {
 
				 					}
			
 
				 					$passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => self::BCRYPT_COST));
			
 
				 					$passwordPlain = '';
			
 
				+					$passwordHash = preg_replace('/^\$2[xy]\$/', '\$2a\$', $passwordHash);	//Compatibility with bcrypt.js
			
 
				 					$ok &= ($passwordHash != '');
			
 
				 				}
			
 
				 				if (empty($passwordHash)) {
			
--- a/p/scripts/main.js
+++ b/p/scripts/main.js
@@ -626,14 +626,18 @@ function init_loginForm() {
 
				 			if (data.salt1 == '' || data.nonce == '') {
			
 
				 				alert('Invalid user!');
			
 
				 			} else {
			
 
				-				var strong = window.Uint32Array && window.crypto && (typeof window.crypto.getRandomValues === 'function'),
			
 
				-					s = dcodeIO.bcrypt.hashSync($('#passwordPlain').val(), data.salt1),
			
 
				-					c = dcodeIO.bcrypt.hashSync(data.nonce + s, strong ? 4 : poormanSalt());
			
 
				-				$('#challenge').val(c);
			
 
				-				if (s == '' || c == '') {
			
 
				-					alert('Crypto error!');
			
 
				-				} else {
			
 
				-					success = true;
			
 
				+				try {
			
 
				+					var strong = window.Uint32Array && window.crypto && (typeof window.crypto.getRandomValues === 'function'),
			
 
				+						s = dcodeIO.bcrypt.hashSync($('#passwordPlain').val(), data.salt1),
			
 
				+						c = dcodeIO.bcrypt.hashSync(data.nonce + s, strong ? 4 : poormanSalt());
			
 
				+					$('#challenge').val(c);
			
 
				+					if (s == '' || c == '') {
			
 
				+						alert('Crypto error!');
			
 
				+					} else {
			
 
				+						success = true;
			
 
				+					}
			
 
				+				} catch (e) {
			
 
				+					alert('Crypto exception! ' + e);
			
 
				 				}
			
 
				 			}
			
 
				 		}).fail(function() {