git.wh0rd.org / tt-rss.git / blame
| Commit | Line | Data |
|---|---|---|
| 0d421af8 AD |
1 | <?php |
| 2 | class Auth_Internal extends Auth_Base { | |
| 3 | ||
| 4 | function authenticate($login, $password) { | |
| 5 | ||
| 6 | $pwd_hash1 = encrypt_password($password); | |
| 7 | $pwd_hash2 = encrypt_password($password, $login); | |
| 8 | $login = db_escape_string($login); | |
| 9 | ||
| 10 | if (get_schema_version($this->link) > 87) { | |
| 11 | ||
| 12 | $result = db_query($this->link, "SELECT salt FROM ttrss_users WHERE | |
| 13 | login = '$login'"); | |
| 14 | ||
| 15 | if (db_num_rows($result) != 1) { | |
| 16 | return false; | |
| 17 | } | |
| 18 | ||
| 19 | $salt = db_fetch_result($result, 0, "salt"); | |
| 20 | ||
| 21 | if ($salt == "") { | |
| 22 | ||
| 23 | $query = "SELECT id | |
| 24 | FROM ttrss_users WHERE | |
| 25 | login = '$login' AND (pwd_hash = '$pwd_hash1' OR | |
| 26 | pwd_hash = '$pwd_hash2')"; | |
| 27 | ||
| 28 | // verify and upgrade password to new salt base | |
| 29 | ||
| 30 | $result = db_query($this->link, $query); | |
| 31 | ||
| 32 | if (db_num_rows($result) == 1) { | |
| 33 | // upgrade password to MODE2 | |
| 34 | ||
| 35 | $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); | |
| 36 | $pwd_hash = encrypt_password($password, $salt, true); | |
| 37 | ||
| 38 | db_query($this->link, "UPDATE ttrss_users SET | |
| 39 | pwd_hash = '$pwd_hash', salt = '$salt' WHERE login = '$login'"); | |
| 40 | ||
| 41 | $query = "SELECT id | |
| 42 | FROM ttrss_users WHERE | |
| 43 | login = '$login' AND pwd_hash = '$pwd_hash'"; | |
| 44 | ||
| 45 | } else { | |
| 46 | return false; | |
| 47 | } | |
| 48 | ||
| 49 | } else { | |
| 50 | ||
| 51 | $pwd_hash = encrypt_password($password, $salt, true); | |
| 52 | ||
| 53 | $query = "SELECT id | |
| 54 | FROM ttrss_users WHERE | |
| 55 | login = '$login' AND pwd_hash = '$pwd_hash'"; | |
| 56 | ||
| 57 | } | |
| 58 | ||
| 59 | } else { | |
| 60 | $query = "SELECT id | |
| 61 | FROM ttrss_users WHERE | |
| 62 | login = '$login' AND (pwd_hash = '$pwd_hash1' OR | |
| 63 | pwd_hash = '$pwd_hash2')"; | |
| 64 | } | |
| 65 | ||
| 66 | $result = db_query($this->link, $query); | |
| 67 | ||
| 68 | if (db_num_rows($result) == 1) { | |
| 69 | return db_fetch_result($result, 0, "id"); | |
| 70 | } | |
| 71 | ||
| 72 | return false; | |
| 73 | } | |
| d5fd183d AD |
74 | |
| 75 | function change_password($owner_uid, $old_password, $new_password) { | |
| 76 | $owner_uid = db_escape_string($owner_uid); | |
| 77 | ||
| 78 | $result = db_query($this->link, "SELECT salt FROM ttrss_users WHERE | |
| 79 | id = '$owner_uid'"); | |
| 80 | ||
| 81 | $salt = db_fetch_result($result, 0, "salt"); | |
| 82 | ||
| 83 | if (!$salt) { | |
| 84 | $old_password_hash1 = encrypt_password($old_password); | |
| 85 | $old_password_hash2 = encrypt_password($old_password, $_SESSION["name"]); | |
| 86 | ||
| 87 | $query = "SELECT id FROM ttrss_users WHERE | |
| 88 | id = '$owner_uid' AND (pwd_hash = '$old_password_hash1' OR | |
| 89 | pwd_hash = '$old_password_hash2')"; | |
| 90 | ||
| 91 | } else { | |
| 92 | $old_password_hash = encrypt_password($old_password, $salt, true); | |
| 93 | ||
| 94 | $query = "SELECT id FROM ttrss_users WHERE | |
| 95 | id = '$owner_uid' AND pwd_hash = '$old_password_hash'"; | |
| 96 | } | |
| 97 | ||
| 98 | $result = db_query($this->link, $query); | |
| 99 | ||
| 100 | if (db_num_rows($result) == 1) { | |
| 101 | ||
| 102 | $new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250); | |
| 103 | $new_password_hash = encrypt_password($new_password, $new_salt, true); | |
| 104 | ||
| 105 | db_query($this->link, "UPDATE ttrss_users SET | |
| 106 | pwd_hash = '$new_password_hash', salt = '$new_salt' | |
| 107 | WHERE id = '$owner_uid'"); | |
| 108 | ||
| 109 | $_SESSION["pwd_hash"] = $new_password_hash; | |
| 110 | ||
| 111 | return __("Password has been changed."); | |
| 112 | } else { | |
| 113 | return "ERROR: ".__('Old password is incorrect.'); | |
| 114 | } | |
| 115 | } | |
| 0d421af8 AD |
116 | } |
| 117 | ?> |