1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
<?php
declare(strict_types=1);
class FreshRSS_javascript_Controller extends FreshRSS_ActionController {
/**
* @var FreshRSS_ViewJavascript
* @phpstan-ignore property.phpDocType
*/
protected $view;
public function __construct() {
parent::__construct(FreshRSS_ViewJavascript::class);
}
#[\Override]
public function firstAction(): void {
$this->view->_layout(null);
}
public function actualizeAction(): void {
header('Content-Type: application/json; charset=UTF-8');
Minz_Session::_param('actualize_feeds', false);
$databaseDAO = FreshRSS_Factory::createDatabaseDAO();
$databaseDAO->minorDbMaintenance();
Minz_ExtensionManager::callHookVoid('freshrss_user_maintenance');
$catDAO = FreshRSS_Factory::createCategoryDao();
$this->view->categories = $catDAO->listCategoriesOrderUpdate(FreshRSS_Context::userConf()->dynamic_opml_ttl_default);
$feedDAO = FreshRSS_Factory::createFeedDao();
$this->view->feeds = $feedDAO->listFeedsOrderUpdate(FreshRSS_Context::userConf()->ttl_default);
}
public function nbUnreadsPerFeedAction(): void {
header('Content-Type: application/json; charset=UTF-8');
$catDAO = FreshRSS_Factory::createCategoryDao();
$this->view->categories = $catDAO->listCategories(prePopulateFeeds: true, details: false);
$tagDAO = FreshRSS_Factory::createTagDao();
$this->view->tags = $tagDAO->listTags(precounts: true);
}
//For Web-form login
/**
* @throws Exception
*/
public function nonceAction(): void {
header('Content-Type: application/json; charset=UTF-8');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s \G\M\T'));
header('Expires: 0');
header('Cache-Control: private, no-cache, no-store, must-revalidate');
header('Pragma: no-cache');
$user = $_GET['user'] ?? '';
if (!is_string($user) || $user === '') {
Minz_Error::error(400);
return;
}
FreshRSS_Context::initUser($user);
if (FreshRSS_Context::hasUserConf()) {
try {
$salt = FreshRSS_Context::systemConf()->salt;
$s = FreshRSS_Context::userConf()->passwordHash;
if (strlen($s) >= 60) {
//CRYPT_BLOWFISH Salt: "$2a$", a two digit cost parameter, "$", and 22 characters from the alphabet "./0-9A-Za-z".
$this->view->salt1 = substr($s, 0, 29);
$this->view->nonce = sha1($salt . uniqid('' . mt_rand(), true));
Minz_Session::_param('nonce', $this->view->nonce);
return; //Success
}
} catch (Minz_Exception $me) {
Minz_Log::warning('Nonce failure: ' . $me->getMessage());
}
} else {
Minz_Log::notice('Nonce failure due to invalid username! ' . $user);
}
//Failure: Return random data.
$this->view->salt1 = sprintf('$2a$%02d$', FreshRSS_password_Util::BCRYPT_COST);
$alphabet = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
for ($i = 22; $i > 0; $i--) {
$this->view->salt1 .= $alphabet[random_int(0, 63)];
}
$this->view->nonce = sha1('' . mt_rand());
Minz_Session::_param('nonce', $this->view->nonce);
}
}
|
