return;
}
- $result = db_query($this->link, "SELECT salt FROM ttrss_users WHERE
- id = " . $_SESSION['uid']);
-
- $salt = db_fetch_result($result, 0, "salt");
-
- if (!$salt) {
- $old_pw_hash1 = encrypt_password($old_pw);
- $old_pw_hash2 = encrypt_password($old_pw, $_SESSION["name"]);
-
- $query = "SELECT id FROM ttrss_users WHERE
- id = ".$_SESSION['uid']." AND (pwd_hash = '$old_pw_hash1' OR
- pwd_hash = '$old_pw_hash2')";
+ $module_class = "auth_" . $_SESSION["auth_module"];
+ $authenticator = new $module_class($this->link);
+ if (method_exists($authenticator, "change_password")) {
+ print $authenticator->change_password($_SESSION["uid"], $old_pw, $new_pw);
} else {
- $old_pw_hash = encrypt_password($old_pw, $salt, true);
-
- $query = "SELECT id FROM ttrss_users WHERE
- id = ".$_SESSION['uid']." AND pwd_hash = '$old_pw_hash'";
- }
-
- $result = db_query($this->link, $query);
-
- if (db_num_rows($result) == 1) {
-
- $new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
- $new_pw_hash = encrypt_password($new_pw, $new_salt, true);
-
- db_query($this->link, "UPDATE ttrss_users SET
- pwd_hash = '$new_pw_hash', salt = '$new_salt'
- WHERE id = ".$_SESSION['uid']);
-
- $_SESSION["pwd_hash"] = $new_pw_hash;
-
- print __("Password has been changed.");
- } else {
- print "ERROR: ".__('Old password is incorrect.');
+ print "ERROR: ".__("Function not supported by authentication module.");
}
}
print "<tr><td width=\"40%\">".__('E-mail')."</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"email\" required=\"1\" value=\"$email\"></td></tr>";
- if (!SINGLE_USER_MODE && !(ALLOW_REMOTE_USER_AUTH && AUTO_LOGIN)) {
+ if (!SINGLE_USER_MODE && !$_SESSION["hide_hello"]) {
$access_level = db_fetch_result($result, 0, "access_level");
print "<tr><td width=\"40%\">".__('Access level')."</td>";
print "</form>";
- if (!SINGLE_USER_MODE && !(ALLOW_REMOTE_USER_AUTH && AUTO_LOGIN)) {
+ if ($_SESSION["auth_module"]) {
+ $module_class = "auth_" . $_SESSION["auth_module"];
+ $authenticator = new $module_class($this->link);
+ } else {
+ $authenticator = false;
+ }
+
+ if ($authenticator && method_exists($authenticator, "change_password")) {
$result = db_query($this->link, "SELECT id FROM ttrss_users
WHERE id = ".$_SESSION["uid"]." AND pwd_hash
$profile_qpart = "profile IS NULL";
}
- $result = db_query($this->link, "SELECT
+ $result = db_query($this->link, "SELECT DISTINCT
ttrss_user_prefs.pref_name,short_desc,help_text,value,type_name,
section_name,def_value,section_id
FROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs