]>
git.wh0rd.org - tt-rss.git/blob - classes/auth/internal.php
2 class Auth_Internal
extends Auth_Base
{
4 function authenticate($login, $password) {
6 $pwd_hash1 = encrypt_password($password);
7 $pwd_hash2 = encrypt_password($password, $login);
8 $login = db_escape_string($login);
10 if (get_schema_version($this->link
) > 87) {
12 $result = db_query($this->link
, "SELECT salt FROM ttrss_users WHERE
15 if (db_num_rows($result) != 1) {
19 $salt = db_fetch_result($result, 0, "salt");
24 FROM ttrss_users WHERE
25 login = '$login' AND (pwd_hash = '$pwd_hash1' OR
26 pwd_hash = '$pwd_hash2')";
28 // verify and upgrade password to new salt base
30 $result = db_query($this->link
, $query);
32 if (db_num_rows($result) == 1) {
33 // upgrade password to MODE2
35 $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
36 $pwd_hash = encrypt_password($password, $salt, true);
38 db_query($this->link
, "UPDATE ttrss_users SET
39 pwd_hash = '$pwd_hash', salt = '$salt' WHERE login = '$login'");
42 FROM ttrss_users WHERE
43 login = '$login' AND pwd_hash = '$pwd_hash'";
51 $pwd_hash = encrypt_password($password, $salt, true);
54 FROM ttrss_users WHERE
55 login = '$login' AND pwd_hash = '$pwd_hash'";
61 FROM ttrss_users WHERE
62 login = '$login' AND (pwd_hash = '$pwd_hash1' OR
63 pwd_hash = '$pwd_hash2')";
66 $result = db_query($this->link
, $query);
68 if (db_num_rows($result) == 1) {
69 return db_fetch_result($result, 0, "id");
75 function change_password($owner_uid, $old_password, $new_password) {
76 $owner_uid = db_escape_string($owner_uid);
78 $result = db_query($this->link
, "SELECT salt,login FROM ttrss_users WHERE
81 $salt = db_fetch_result($result, 0, "salt");
82 $login = db_fetch_result($result, 0, "login");
85 $old_password_hash1 = encrypt_password($old_password);
86 $old_password_hash2 = encrypt_password($old_password, $login);
88 $query = "SELECT id FROM ttrss_users WHERE
89 id = '$owner_uid' AND (pwd_hash = '$old_password_hash1' OR
90 pwd_hash = '$old_password_hash2')";
93 $old_password_hash = encrypt_password($old_password, $salt, true);
95 $query = "SELECT id FROM ttrss_users WHERE
96 id = '$owner_uid' AND pwd_hash = '$old_password_hash'";
99 $result = db_query($this->link
, $query);
101 if (db_num_rows($result) == 1) {
103 $new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
104 $new_password_hash = encrypt_password($new_password, $new_salt, true);
106 db_query($this->link
, "UPDATE ttrss_users SET
107 pwd_hash = '$new_password_hash', salt = '$new_salt'
108 WHERE id = '$owner_uid'");
110 $_SESSION["pwd_hash"] = $new_password_hash;
112 return __("Password has been changed.");
114 return "ERROR: ".__('Old password is incorrect.');