diff options
Diffstat (limited to 'index.php')
-rw-r--r-- | index.php | 54 |
1 files changed, 4 insertions, 50 deletions
@@ -507,56 +507,8 @@ function renderPage($conf, $pluginManager, $bookmarkService, $history, $sessionM | |||
507 | 507 | ||
508 | // -------- User wants to change his/her password. | 508 | // -------- User wants to change his/her password. |
509 | if ($targetPage == Router::$PAGE_CHANGEPASSWORD) { | 509 | if ($targetPage == Router::$PAGE_CHANGEPASSWORD) { |
510 | if ($conf->get('security.open_shaarli')) { | 510 | header('Location: ./password'); |
511 | die(t('You are not supposed to change a password on an Open Shaarli.')); | 511 | exit; |
512 | } | ||
513 | |||
514 | if (!empty($_POST['setpassword']) && !empty($_POST['oldpassword'])) { | ||
515 | if (!$sessionManager->checkToken($_POST['token'])) { | ||
516 | die(t('Wrong token.')); // Go away! | ||
517 | } | ||
518 | |||
519 | // Make sure old password is correct. | ||
520 | $oldhash = sha1( | ||
521 | $_POST['oldpassword'].$conf->get('credentials.login').$conf->get('credentials.salt') | ||
522 | ); | ||
523 | if ($oldhash != $conf->get('credentials.hash')) { | ||
524 | echo '<script>alert("' | ||
525 | . t('The old password is not correct.') | ||
526 | .'");document.location=\'./?do=changepasswd\';</script>'; | ||
527 | exit; | ||
528 | } | ||
529 | // Save new password | ||
530 | // Salt renders rainbow-tables attacks useless. | ||
531 | $conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand())); | ||
532 | $conf->set( | ||
533 | 'credentials.hash', | ||
534 | sha1( | ||
535 | $_POST['setpassword'] | ||
536 | . $conf->get('credentials.login') | ||
537 | . $conf->get('credentials.salt') | ||
538 | ) | ||
539 | ); | ||
540 | try { | ||
541 | $conf->write($loginManager->isLoggedIn()); | ||
542 | } catch (Exception $e) { | ||
543 | error_log( | ||
544 | 'ERROR while writing config file after changing password.' . PHP_EOL . | ||
545 | $e->getMessage() | ||
546 | ); | ||
547 | |||
548 | // TODO: do not handle exceptions/errors in JS. | ||
549 | echo '<script>alert("'. $e->getMessage() .'");document.location=\'./tools\';</script>'; | ||
550 | exit; | ||
551 | } | ||
552 | echo '<script>alert("'. t('Your password has been changed') .'");document.location=\'./tools\';</script>'; | ||
553 | exit; | ||
554 | } else { | ||
555 | // show the change password form. | ||
556 | $PAGE->assign('pagetitle', t('Change password') .' - '. $conf->get('general.title', 'Shaarli')); | ||
557 | $PAGE->renderPage('changepassword'); | ||
558 | exit; | ||
559 | } | ||
560 | } | 512 | } |
561 | 513 | ||
562 | // -------- User wants to change configuration | 514 | // -------- User wants to change configuration |
@@ -1504,6 +1456,8 @@ $app->group('', function () { | |||
1504 | /* -- LOGGED IN -- */ | 1456 | /* -- LOGGED IN -- */ |
1505 | $this->get('/logout', '\Shaarli\Front\Controller\Admin\LogoutController:index')->setName('logout'); | 1457 | $this->get('/logout', '\Shaarli\Front\Controller\Admin\LogoutController:index')->setName('logout'); |
1506 | $this->get('/tools', '\Shaarli\Front\Controller\Admin\ToolsController:index')->setName('tools'); | 1458 | $this->get('/tools', '\Shaarli\Front\Controller\Admin\ToolsController:index')->setName('tools'); |
1459 | $this->get('/password', '\Shaarli\Front\Controller\Admin\PasswordController:index')->setName('password'); | ||
1460 | $this->post('/password', '\Shaarli\Front\Controller\Admin\PasswordController:change')->setName('changePassword'); | ||
1507 | 1461 | ||
1508 | $this | 1462 | $this |
1509 | ->get('/links-per-page', '\Shaarli\Front\Controller\Admin\SessionFilterController:linksPerPage') | 1463 | ->get('/links-per-page', '\Shaarli\Front\Controller\Admin\SessionFilterController:linksPerPage') |