<?php
class Pref_Prefs extends Protected_Handler {
+ function csrf_ignore($method) {
+ $csrf_ignored = array("index");
+
+ return array_search($method, $csrf_ignored) !== false;
+ }
+
function changepassword() {
$old_pw = $_POST["old_password"];
return;
}
- $old_pw_hash1 = encrypt_password($old_pw);
- $old_pw_hash2 = encrypt_password($old_pw, $_SESSION["name"]);
- $new_pw_hash = encrypt_password($new_pw, $_SESSION["name"]);
+ $result = db_query($this->link, "SELECT salt FROM ttrss_users WHERE
+ id = " . $_SESSION['uid']);
- $active_uid = $_SESSION["uid"];
+ $salt = db_fetch_result($result, 0, "salt");
- if ($old_pw && $new_pw) {
+ if (!$salt) {
+ $old_pw_hash1 = encrypt_password($old_pw);
+ $old_pw_hash2 = encrypt_password($old_pw, $_SESSION["name"]);
- $login = db_escape_string($_SERVER['PHP_AUTH_USER']);
+ $query = "SELECT id FROM ttrss_users WHERE
+ id = ".$_SESSION['uid']." AND (pwd_hash = '$old_pw_hash1' OR
+ pwd_hash = '$old_pw_hash2')";
- $result = db_query($this->link, "SELECT id FROM ttrss_users WHERE
- id = '$active_uid' AND (pwd_hash = '$old_pw_hash1' OR
- pwd_hash = '$old_pw_hash2')");
+ } else {
+ $old_pw_hash = encrypt_password($old_pw, $salt, true);
- if (db_num_rows($result) == 1) {
- db_query($this->link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash'
- WHERE id = '$active_uid'");
+ $query = "SELECT id FROM ttrss_users WHERE
+ id = ".$_SESSION['uid']." AND pwd_hash = '$old_pw_hash'";
+ }
- $_SESSION["pwd_hash"] = $new_pw_hash;
+ $result = db_query($this->link, $query);
- print __("Password has been changed.");
- } else {
- print "ERROR: ".__('Old password is incorrect.');
- }
- }
+ if (db_num_rows($result) == 1) {
- return;
+ $new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
+ $new_pw_hash = encrypt_password($new_pw, $new_salt, true);
+
+ db_query($this->link, "UPDATE ttrss_users SET
+ pwd_hash = '$new_pw_hash', salt = '$new_salt'
+ WHERE id = ".$_SESSION['uid']);
+ $_SESSION["pwd_hash"] = $new_pw_hash;
+
+ print __("Password has been changed.");
+ } else {
+ print "ERROR: ".__('Old password is incorrect.');
+ }
}
function saveconfig() {
$pref_name = db_escape_string($pref_name);
$value = db_escape_string($_POST[$pref_name]);
+ if ($pref_name == 'DIGEST_PREFERRED_TIME') {
+ if (get_pref($this->link, 'DIGEST_PREFERRED_TIME') != $value) {
+
+ db_query($this->link, "UPDATE ttrss_users SET
+ last_digest_sent = NULL WHERE id = " . $_SESSION['uid']);
+
+ }
+ }
+
set_pref($this->link, $pref_name, $value);
}
"PURGE_UNREAD_ARTICLES", "DIGEST_ENABLE", "DIGEST_CATCHUP",
"BLACKLISTED_TAGS", "ENABLE_API_ACCESS", "UPDATE_POST_ON_CHECKSUM_CHANGE",
"DEFAULT_UPDATE_INTERVAL", "USER_TIMEZONE", "SORT_HEADLINES_BY_FEED_DATE",
- "SSL_CERT_SERIAL");
-
+ "SSL_CERT_SERIAL", "DIGEST_PREFERRED_TIME");
- if (!SINGLE_USER_MODE) {
- $_SESSION["prefs_op_result"] = "";
+ $_SESSION["prefs_op_result"] = "";
- print "<div dojoType=\"dijit.layout.AccordionContainer\" region=\"center\">";
- print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Personal data')."\">";
+ print "<div dojoType=\"dijit.layout.AccordionContainer\" region=\"center\">";
+ print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Personal data / Authentication')."\">";
- print "<form dojoType=\"dijit.form.Form\" id=\"changeUserdataForm\">";
+ print "<form dojoType=\"dijit.form.Form\" id=\"changeUserdataForm\">";
- print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">
- evt.preventDefault();
- if (this.validate()) {
- notify_progress('Saving data...', true);
+ print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">
+ evt.preventDefault();
+ if (this.validate()) {
+ notify_progress('Saving data...', true);
- new Ajax.Request('backend.php', {
- parameters: dojo.objectToQuery(this.getValues()),
- onComplete: function(transport) {
- notify_callback2(transport);
- } });
+ new Ajax.Request('backend.php', {
+ parameters: dojo.objectToQuery(this.getValues()),
+ onComplete: function(transport) {
+ notify_callback2(transport);
+ } });
- }
- </script>";
+ }
+ </script>";
- print "<table width=\"100%\" class=\"prefPrefsList\">";
+ print "<table width=\"100%\" class=\"prefPrefsList\">";
- $result = db_query($this->link, "SELECT email,full_name,
- access_level FROM ttrss_users
- WHERE id = ".$_SESSION["uid"]);
+ $result = db_query($this->link, "SELECT email,full_name,
+ access_level FROM ttrss_users
+ WHERE id = ".$_SESSION["uid"]);
- $email = htmlspecialchars(db_fetch_result($result, 0, "email"));
- $full_name = htmlspecialchars(db_fetch_result($result, 0, "full_name"));
+ $email = htmlspecialchars(db_fetch_result($result, 0, "email"));
+ $full_name = htmlspecialchars(db_fetch_result($result, 0, "full_name"));
- print "<tr><td width=\"40%\">".__('Full name')."</td>";
- print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"full_name\" required=\"1\"
- value=\"$full_name\"></td></tr>";
+ print "<tr><td width=\"40%\">".__('Full name')."</td>";
+ print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"full_name\" required=\"1\"
+ value=\"$full_name\"></td></tr>";
- print "<tr><td width=\"40%\">".__('E-mail')."</td>";
- print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"email\" required=\"1\" value=\"$email\"></td></tr>";
+ print "<tr><td width=\"40%\">".__('E-mail')."</td>";
+ print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"email\" required=\"1\" value=\"$email\"></td></tr>";
- if (!SINGLE_USER_MODE) {
- $access_level = db_fetch_result($result, 0, "access_level");
- print "<tr><td width=\"40%\">".__('Access level')."</td>";
- print "<td>" . $access_level_names[$access_level] . "</td></tr>";
- }
+ if (!SINGLE_USER_MODE) {
+ $access_level = db_fetch_result($result, 0, "access_level");
+ print "<tr><td width=\"40%\">".__('Access level')."</td>";
+ print "<td>" . $access_level_names[$access_level] . "</td></tr>";
+ }
- print "</table>";
+ print "</table>";
- print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
- print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"changeemail\">";
+ print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
+ print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"changeemail\">";
- print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">".
- __("Save data")."</button>";
+ print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">".
+ __("Save data")."</button>";
- print "</form>";
+ print "</form>";
- print "</div>"; # pane
- print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Authentication')."\">";
+ if (!SINGLE_USER_MODE) {
$result = db_query($this->link, "SELECT id FROM ttrss_users
WHERE id = ".$_SESSION["uid"]." AND pwd_hash
print "</form>";
- print "</div>"; #pane
}
+ print "</div>"; #pane
+
print "<div dojoType=\"dijit.layout.AccordionPane\" selected=\"true\" title=\"".__('Preferences')."\">";
print "<form dojoType=\"dijit.form.Form\" id=\"changeSettingsForm\">";
onclick=\"insertSSLserial('')\">" .
__('Clear') . "</button>";
+ } else if ($pref_name == 'DIGEST_PREFERRED_TIME') {
+ print "<input dojoType=\"dijit.form.ValidationTextBox\"
+ id=\"$pref_name\" regexp=\"[012]?\d:\d\d\" placeHolder=\"12:00\"
+ name=\"$pref_name\" value=\"$value\"><div class=\"insensitive\">".
+ T_sprintf("Current server time: %s (UTC)", date("H:i")) . "</div>";
} else {
$regexp = ($type_name == 'integer') ? 'regexp="^\d*$"' : '';