12 years ago · eb50ab3b61
--- a/README.md
+++ b/README.md
@@ -74,17 +74,14 @@ mysqldump -u utilisateur -p --databases freshrss > freshrss.sql
 
				 ```
			
 
				 
			
 
				 
			
 
				-
			
 
				----
			
 
				-
			
 
				 # Bibliothèques incluses
			
 
				-* [SimplePie](https://github.com/simplepie/simplepie)
			
 
				+* [SimplePie](http://simplepie.org/)
			
 
				 * [MINZ](https://github.com/marienfressinaud/MINZ)
			
 
				 * [php-http-304](http://alexandre.alapetite.fr/doc-alex/php-http-304/)
			
 
				 * [jQuery](http://jquery.com/)
			
 
				 * [keyboard_shortcuts](http://www.openjs.com/scripts/events/keyboard_shortcuts/)
			
 
				 
			
 
				-## Uniquement dans certaines configurations
			
 
				+## Uniquement pour certaines options
			
 
				 * [bcrypt.js](https://github.com/dcodeIO/bcrypt.js)
			
 
				 * [phpQuery](http://code.google.com/p/phpquery/)
			
 
				 * [Lazy Load](http://www.appelsiini.net/projects/lazyload)
			
--- a/app/Controllers/javascriptController.php
+++ b/app/Controllers/javascriptController.php
@@ -16,4 +16,31 @@ class FreshRSS_javascript_Controller extends Minz_ActionController {
 
				 		$catDAO = new FreshRSS_CategoryDAO();
			
 
				 		$this->view->categories = $catDAO->listCategories(true, false);
			
 
				 	}
			
 
				+
			
 
				+	// For Web-form login
			
 
				+	public function nonceAction() {
			
 
				+		header('Content-Type: application/json; charset=UTF-8');
			
 
				+		header('Last-Modified: ' . gmdate('D, d M Y H:i:s \G\M\T'));
			
 
				+		header('Expires: 0');
			
 
				+		header('Cache-Control: private, no-cache, no-store, must-revalidate');
			
 
				+		header('Pragma: no-cache');
			
 
				+
			
 
				+		$user = isset($_GET['user']) ? $_GET['user'] : '';
			
 
				+		if (ctype_alnum($user)) {
			
 
				+			try {
			
 
				+				$conf = new FreshRSS_Configuration($user);
			
 
				+				$hash = $conf->passwordHash;	//CRYPT_BLOWFISH - Blowfish hashing with a salt as follows: "$2a$", "$2x$" or "$2y$", a two digit cost parameter, "$", and 22 characters from the alphabet "./0-9A-Za-z".
			
 
				+				if (strlen($hash) >= 60) {
			
 
				+					$this->view->salt1 = substr($hash, 0, 29);
			
 
				+					$this->view->nonce = sha1(Minz_Configuration::salt() . uniqid(mt_rand(), true));
			
 
				+					Minz_Session::_param ('nonce', $this->view->nonce);
			
 
				+					return;	//Success
			
 
				+				}
			
 
				+			} catch (Minz_Exception $me) {
			
 
				+				Minz_Log::record ('Login failure: ' . $me->getMessage(), Minz_Log::WARNING);
			
 
				+			}
			
 
				+		}
			
 
				+		$this->view->nonce = '';	//Failure
			
 
				+		$this->view->salt1 = '';
			
 
				+	}
			
 
				 }
			
--- a/app/Models/Configuration.php
+++ b/app/Models/Configuration.php
@@ -9,6 +9,7 @@ class FreshRSS_Configuration {
 
				 		'keep_history_default' => 0,
			
 
				 		'mail_login' => '',
			
 
				 		'token' => '',
			
 
				+		'passwordHash' => '',	//CRYPT_BLOWFISH
			
 
				 		'posts_per_page' => 20,
			
 
				 		'view_mode' => 'normal',
			
 
				 		'default_view' => 'not_read',
			
@@ -162,6 +163,9 @@ class FreshRSS_Configuration {
 
				 			}
			
 
				 		}
			
 
				 	}
			
 
				+	public function _passwordHash ($value) {
			
 
				+		$this->data['passwordHash'] = ctype_graph($value) && (strlen($value) >= 60) ? $value : '';
			
 
				+	}
			
 
				 	public function _mail_login ($value) {
			
 
				 		$value = filter_var($value, FILTER_VALIDATE_EMAIL);
			
 
				 		if ($value) {
			
--- a/app/views/javascript/nonce.phtml
+++ b/app/views/javascript/nonce.phtml
@@ -0,0 +1,2 @@
 
				+<?php
			
 
				+echo json_encode(array('salt1' => $this->salt1, 'nonce' => $this->nonce));