]>
Commit | Line | Data |
---|---|---|
0d421af8 AD |
1 | <?php |
2 | class Auth_Internal extends Auth_Base { | |
3 | ||
4 | function authenticate($login, $password) { | |
5 | ||
6 | $pwd_hash1 = encrypt_password($password); | |
7 | $pwd_hash2 = encrypt_password($password, $login); | |
8 | $login = db_escape_string($login); | |
9 | ||
10 | if (get_schema_version($this->link) > 87) { | |
11 | ||
12 | $result = db_query($this->link, "SELECT salt FROM ttrss_users WHERE | |
13 | login = '$login'"); | |
14 | ||
15 | if (db_num_rows($result) != 1) { | |
16 | return false; | |
17 | } | |
18 | ||
19 | $salt = db_fetch_result($result, 0, "salt"); | |
20 | ||
21 | if ($salt == "") { | |
22 | ||
23 | $query = "SELECT id | |
24 | FROM ttrss_users WHERE | |
25 | login = '$login' AND (pwd_hash = '$pwd_hash1' OR | |
26 | pwd_hash = '$pwd_hash2')"; | |
27 | ||
28 | // verify and upgrade password to new salt base | |
29 | ||
30 | $result = db_query($this->link, $query); | |
31 | ||
32 | if (db_num_rows($result) == 1) { | |
33 | // upgrade password to MODE2 | |
34 | ||
35 | $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); | |
36 | $pwd_hash = encrypt_password($password, $salt, true); | |
37 | ||
38 | db_query($this->link, "UPDATE ttrss_users SET | |
39 | pwd_hash = '$pwd_hash', salt = '$salt' WHERE login = '$login'"); | |
40 | ||
41 | $query = "SELECT id | |
42 | FROM ttrss_users WHERE | |
43 | login = '$login' AND pwd_hash = '$pwd_hash'"; | |
44 | ||
45 | } else { | |
46 | return false; | |
47 | } | |
48 | ||
49 | } else { | |
50 | ||
51 | $pwd_hash = encrypt_password($password, $salt, true); | |
52 | ||
53 | $query = "SELECT id | |
54 | FROM ttrss_users WHERE | |
55 | login = '$login' AND pwd_hash = '$pwd_hash'"; | |
56 | ||
57 | } | |
58 | ||
59 | } else { | |
60 | $query = "SELECT id | |
61 | FROM ttrss_users WHERE | |
62 | login = '$login' AND (pwd_hash = '$pwd_hash1' OR | |
63 | pwd_hash = '$pwd_hash2')"; | |
64 | } | |
65 | ||
66 | $result = db_query($this->link, $query); | |
67 | ||
68 | if (db_num_rows($result) == 1) { | |
69 | return db_fetch_result($result, 0, "id"); | |
70 | } | |
71 | ||
72 | return false; | |
73 | } | |
74 | } | |
75 | ?> |