]>
Commit | Line | Data |
---|---|---|
0d421af8 AD |
1 | <?php |
2 | class Auth_Internal extends Auth_Base { | |
3 | ||
4 | function authenticate($login, $password) { | |
5 | ||
6 | $pwd_hash1 = encrypt_password($password); | |
7 | $pwd_hash2 = encrypt_password($password, $login); | |
8 | $login = db_escape_string($login); | |
9 | ||
10 | if (get_schema_version($this->link) > 87) { | |
11 | ||
12 | $result = db_query($this->link, "SELECT salt FROM ttrss_users WHERE | |
13 | login = '$login'"); | |
14 | ||
15 | if (db_num_rows($result) != 1) { | |
16 | return false; | |
17 | } | |
18 | ||
19 | $salt = db_fetch_result($result, 0, "salt"); | |
20 | ||
21 | if ($salt == "") { | |
22 | ||
23 | $query = "SELECT id | |
24 | FROM ttrss_users WHERE | |
25 | login = '$login' AND (pwd_hash = '$pwd_hash1' OR | |
26 | pwd_hash = '$pwd_hash2')"; | |
27 | ||
28 | // verify and upgrade password to new salt base | |
29 | ||
30 | $result = db_query($this->link, $query); | |
31 | ||
32 | if (db_num_rows($result) == 1) { | |
33 | // upgrade password to MODE2 | |
34 | ||
35 | $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); | |
36 | $pwd_hash = encrypt_password($password, $salt, true); | |
37 | ||
38 | db_query($this->link, "UPDATE ttrss_users SET | |
39 | pwd_hash = '$pwd_hash', salt = '$salt' WHERE login = '$login'"); | |
40 | ||
41 | $query = "SELECT id | |
42 | FROM ttrss_users WHERE | |
43 | login = '$login' AND pwd_hash = '$pwd_hash'"; | |
44 | ||
45 | } else { | |
46 | return false; | |
47 | } | |
48 | ||
49 | } else { | |
50 | ||
51 | $pwd_hash = encrypt_password($password, $salt, true); | |
52 | ||
53 | $query = "SELECT id | |
54 | FROM ttrss_users WHERE | |
55 | login = '$login' AND pwd_hash = '$pwd_hash'"; | |
56 | ||
57 | } | |
58 | ||
59 | } else { | |
60 | $query = "SELECT id | |
61 | FROM ttrss_users WHERE | |
62 | login = '$login' AND (pwd_hash = '$pwd_hash1' OR | |
63 | pwd_hash = '$pwd_hash2')"; | |
64 | } | |
65 | ||
66 | $result = db_query($this->link, $query); | |
67 | ||
68 | if (db_num_rows($result) == 1) { | |
69 | return db_fetch_result($result, 0, "id"); | |
70 | } | |
71 | ||
72 | return false; | |
73 | } | |
d5fd183d AD |
74 | |
75 | function change_password($owner_uid, $old_password, $new_password) { | |
76 | $owner_uid = db_escape_string($owner_uid); | |
77 | ||
78 | $result = db_query($this->link, "SELECT salt FROM ttrss_users WHERE | |
79 | id = '$owner_uid'"); | |
80 | ||
81 | $salt = db_fetch_result($result, 0, "salt"); | |
82 | ||
83 | if (!$salt) { | |
84 | $old_password_hash1 = encrypt_password($old_password); | |
85 | $old_password_hash2 = encrypt_password($old_password, $_SESSION["name"]); | |
86 | ||
87 | $query = "SELECT id FROM ttrss_users WHERE | |
88 | id = '$owner_uid' AND (pwd_hash = '$old_password_hash1' OR | |
89 | pwd_hash = '$old_password_hash2')"; | |
90 | ||
91 | } else { | |
92 | $old_password_hash = encrypt_password($old_password, $salt, true); | |
93 | ||
94 | $query = "SELECT id FROM ttrss_users WHERE | |
95 | id = '$owner_uid' AND pwd_hash = '$old_password_hash'"; | |
96 | } | |
97 | ||
98 | $result = db_query($this->link, $query); | |
99 | ||
100 | if (db_num_rows($result) == 1) { | |
101 | ||
102 | $new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250); | |
103 | $new_password_hash = encrypt_password($new_password, $new_salt, true); | |
104 | ||
105 | db_query($this->link, "UPDATE ttrss_users SET | |
106 | pwd_hash = '$new_password_hash', salt = '$new_salt' | |
107 | WHERE id = '$owner_uid'"); | |
108 | ||
109 | $_SESSION["pwd_hash"] = $new_password_hash; | |
110 | ||
111 | return __("Password has been changed."); | |
112 | } else { | |
113 | return "ERROR: ".__('Old password is incorrect.'); | |
114 | } | |
115 | } | |
0d421af8 AD |
116 | } |
117 | ?> |