return;
}
- $old_pw_hash1 = encrypt_password($old_pw);
- $old_pw_hash2 = encrypt_password($old_pw, $_SESSION["name"]);
- $new_pw_hash = encrypt_password($new_pw, $_SESSION["name"]);
+ $result = db_query($this->link, "SELECT salt FROM ttrss_users WHERE
+ id = " . $_SESSION['uid']);
- $active_uid = $_SESSION["uid"];
+ $salt = db_fetch_result($result, 0, "salt");
- if ($old_pw && $new_pw) {
+ if (!$salt) {
+ $old_pw_hash1 = encrypt_password($old_pw);
+ $old_pw_hash2 = encrypt_password($old_pw, $_SESSION["name"]);
- $login = db_escape_string($_SERVER['PHP_AUTH_USER']);
+ $query = "SELECT id FROM ttrss_users WHERE
+ id = ".$_SESSION['uid']." AND (pwd_hash = '$old_pw_hash1' OR
+ pwd_hash = '$old_pw_hash2')";
- $result = db_query($this->link, "SELECT id FROM ttrss_users WHERE
- id = '$active_uid' AND (pwd_hash = '$old_pw_hash1' OR
- pwd_hash = '$old_pw_hash2')");
+ } else {
+ $old_pw_hash = encrypt_password($old_pw, $salt, true);
- if (db_num_rows($result) == 1) {
- db_query($this->link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash'
- WHERE id = '$active_uid'");
+ $query = "SELECT id FROM ttrss_users WHERE
+ id = ".$_SESSION['uid']." AND pwd_hash = '$old_pw_hash'";
+ }
- $_SESSION["pwd_hash"] = $new_pw_hash;
+ $result = db_query($this->link, $query);
- print __("Password has been changed.");
- } else {
- print "ERROR: ".__('Old password is incorrect.');
- }
- }
+ if (db_num_rows($result) == 1) {
- return;
+ $new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
+ $new_pw_hash = encrypt_password($new_pw, $new_salt, true);
+ db_query($this->link, "UPDATE ttrss_users SET
+ pwd_hash = '$new_pw_hash', salt = '$new_salt'
+ WHERE id = ".$_SESSION['uid']);
+
+ $_SESSION["pwd_hash"] = $new_pw_hash;
+
+ print __("Password has been changed.");
+ } else {
+ print "ERROR: ".__('Old password is incorrect.');
+ }
}
function saveconfig() {
"PURGE_UNREAD_ARTICLES", "DIGEST_ENABLE", "DIGEST_CATCHUP",
"BLACKLISTED_TAGS", "ENABLE_API_ACCESS", "UPDATE_POST_ON_CHECKSUM_CHANGE",
"DEFAULT_UPDATE_INTERVAL", "USER_TIMEZONE", "SORT_HEADLINES_BY_FEED_DATE",
- "SSL_CERT_SERIAL");
+ "SSL_CERT_SERIAL", "DIGEST_PREFERRED_TIME");
if (!SINGLE_USER_MODE) {
$_SESSION["prefs_op_result"] = "";
print "<div dojoType=\"dijit.layout.AccordionContainer\" region=\"center\">";
- print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Personal data')."\">";
+ print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Personal data / Authentication')."\">";
print "<form dojoType=\"dijit.form.Form\" id=\"changeUserdataForm\">";
print "</form>";
- print "</div>"; # pane
- print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Authentication')."\">";
-
$result = db_query($this->link, "SELECT id FROM ttrss_users
WHERE id = ".$_SESSION["uid"]." AND pwd_hash
= 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'");
onclick=\"insertSSLserial('')\">" .
__('Clear') . "</button>";
+ } else if ($pref_name = 'DIGEST_RPEFERRED_TIME') {
+ print "<input dojoType=\"dijit.form.ValidationTextBox\"
+ id=\"$pref_name\" regexp=\"[012]\d:\d\d\" placeHolder=\"12:00\"
+ name=\"$pref_name\" value=\"$value\"><div class=\"insensitive\">".
+ T_sprintf("Current server time: %s", date("H:i")) . "</div>";
} else {
$regexp = ($type_name == 'integer') ? 'regexp="^\d*$"' : '';