function changepassword() {
- $old_pw = $_POST["old_password"];
- $new_pw = $_POST["new_password"];
- $con_pw = $_POST["confirm_password"];
+ $old_pw = clean($_POST["old_password"]);
+ $new_pw = clean($_POST["new_password"]);
+ $con_pw = clean($_POST["confirm_password"]);
if ($old_pw == "") {
print "ERROR: ".format_error("Old password cannot be blank.");
}
function saveconfig() {
- $boolean_prefs = explode(",", $_POST["boolean_prefs"]);
+ $boolean_prefs = explode(",", clean($_POST["boolean_prefs"]));
foreach ($boolean_prefs as $pref) {
if (!isset($_POST[$pref])) $_POST[$pref] = 'false';
foreach (array_keys($_POST) as $pref_name) {
- $pref_name = $pref_name;
$value = $_POST[$pref_name];
if ($pref_name == 'DIGEST_PREFERRED_TIME') {
function changeemail() {
- $email = $_POST["email"];
- $full_name = $_POST["full_name"];
+ $email = clean($_POST["email"]);
+ $full_name = clean($_POST["full_name"]);
$active_uid = $_SESSION["uid"];
$sth = $this->pdo->prepare("UPDATE ttrss_users SET email = ?,
print_hidden("op", "pref-prefs");
print_hidden("method", "changeemail");
- print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">".
+ print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\" class=\"btn-primary\">".
__("Save data")."</button>";
print "</form>";
print_hidden("op", "pref-prefs");
print_hidden("method", "changepassword");
- print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">".
+ print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\" class=\"btn-primary\">".
__("Change password")."</button>";
print "</form>";
print "</td></tr>";
print "</table>";
- print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">".
+ print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\" class=\"btn-primary\">".
__("Enable OTP")."</button>";
print "</form>";
print_hidden("op", "pref-prefs");
print_hidden("method", "saveconfig");
- print "<div dojoType=\"dijit.form.ComboButton\" type=\"submit\">
+ print "<div dojoType=\"dijit.form.ComboButton\" type=\"submit\" class=\"btn-primary\">
<span>".__('Save configuration')."</span>
<div dojoType=\"dijit.DropDownMenu\">
<div dojoType=\"dijit.MenuItem\"
print "<button dojoType=\"dijit.form.Button\" onclick=\"return editProfiles()\">".
__('Manage profiles')."</button> ";
- print "<button dojoType=\"dijit.form.Button\" onclick=\"return validatePrefsReset()\">".
+ print "<button dojoType=\"dijit.form.Button\" class=\"btn-danger\" onclick=\"return validatePrefsReset()\">".
__('Reset to defaults')."</button>";
print " ";
require_once "lib/otphp/lib/otp.php";
require_once "lib/otphp/lib/totp.php";
- $password = $_REQUEST["password"];
- $otp = $_REQUEST["otp"];
+ $password = clean($_REQUEST["password"]);
+ $otp = clean($_REQUEST["otp"]);
$authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
}
+ static function isdefaultpassword() {
+ $authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
+
+ if ($authenticator->check_password($_SESSION["uid"], "password")) {
+ return true;
+ }
+
+ return false;
+ }
+
function otpdisable() {
- $password = $_REQUEST["password"];
+ $password = clean($_REQUEST["password"]);
$authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
}
function setplugins() {
- if (is_array($_REQUEST["plugins"]))
- $plugins = join(",", $_REQUEST["plugins"]);
+ if (is_array(clean($_REQUEST["plugins"])))
+ $plugins = join(",", clean($_REQUEST["plugins"]));
else
$plugins = "";
}
function clearplugindata() {
- $name = $_REQUEST["name"];
+ $name = clean($_REQUEST["name"]);
PluginHost::getInstance()->clear_data(PluginHost::getInstance()->get_plugin($name));
}