X-Git-Url: https://git.wh0rd.org/?a=blobdiff_plain;f=classes%2Fpref%2Fprefs.php;h=9b467ccc15f092289018e48ff9c57743faac0b8c;hb=ef129fed2af2c756d25bb532a37fec1bf3888e1d;hp=fca67d0a6c3056e0a75eeaf9dd6bf485bd6e1d4c;hpb=5f19596651de08a429656cccf1273e79ccf305ea;p=tt-rss.git diff --git a/classes/pref/prefs.php b/classes/pref/prefs.php index fca67d0a..9b467ccc 100644 --- a/classes/pref/prefs.php +++ b/classes/pref/prefs.php @@ -48,7 +48,7 @@ class Pref_Prefs extends Handler_Protected { "SHOW_CONTENT_PREVIEW" => array(__("Show content preview in headlines list"), ""), "SORT_HEADLINES_BY_FEED_DATE" => array(__("Sort headlines by feed date"), __("Use feed-specified date to sort headlines instead of local import date.")), "SSL_CERT_SERIAL" => array(__("Login with an SSL certificate"), __("Click to register your SSL client certificate with tt-rss")), - "STRIP_IMAGES" => array(__("Do not embed images in articles"), ""), + "STRIP_IMAGES" => array(__("Do not embed media in articles"), ""), "STRIP_UNSAFE_TAGS" => array(__("Strip unsafe tags from articles"), __("Strip all but most common HTML tags when reading articles.")), "USER_STYLESHEET" => array(__("Customize stylesheet"), __("Customize CSS stylesheet to your liking")), "USER_TIMEZONE" => array(__("Time zone"), ""), @@ -146,8 +146,8 @@ class Pref_Prefs extends Handler_Protected { $_SESSION["prefs_op_result"] = "reset-to-defaults"; - $sth = $this->pdo->query("DELETE FROM ttrss_user_prefs - WHERE (profile = :profile OR (:profile IS NULL AND profile IS NULL)) + $sth = $this->pdo->prepare("DELETE FROM ttrss_user_prefs + WHERE (profile = :profile OR (:profile IS NULL AND profile IS NULL)) AND owner_uid = :uid"); $sth->execute([":profile" => $_SESSION['profile'], ":uid" => $_SESSION['uid']]); @@ -848,9 +848,6 @@ class Pref_Prefs extends Handler_Protected { } function otpqrcode() { - require_once "lib/otphp/vendor/base32.php"; - require_once "lib/otphp/lib/otp.php"; - require_once "lib/otphp/lib/totp.php"; require_once "lib/phpqrcode/phpqrcode.php"; $sth = $this->pdo->prepare("SELECT login,salt,otp_enabled @@ -860,7 +857,7 @@ class Pref_Prefs extends Handler_Protected { if ($row = $sth->fetch()) { - $base32 = new Base32(); + $base32 = new \OTPHP\Base32(); $login = $row["login"]; $otp_enabled = sql_bool_to_bool($row["otp_enabled"]); @@ -876,9 +873,6 @@ class Pref_Prefs extends Handler_Protected { } function otpenable() { - require_once "lib/otphp/vendor/base32.php"; - require_once "lib/otphp/lib/otp.php"; - require_once "lib/otphp/lib/totp.php"; $password = clean($_REQUEST["password"]); $otp = clean($_REQUEST["otp"]); @@ -887,14 +881,14 @@ class Pref_Prefs extends Handler_Protected { if ($authenticator->check_password($_SESSION["uid"], $password)) { - $sth = $this->pdo->query("SELECT salt + $sth = $this->pdo->prepare("SELECT salt FROM ttrss_users WHERE id = ?"); $sth->execute([$_SESSION['uid']]); if ($row = $sth->fetch()) { - $base32 = new Base32(); + $base32 = new \OTPHP\Base32(); $secret = $base32->encode(sha1($row["salt"])); $topt = new \OTPHP\TOTP($secret); @@ -902,7 +896,7 @@ class Pref_Prefs extends Handler_Protected { $otp_check = $topt->now(); if ($otp == $otp_check) { - $sth = $this->pdo->prepare("UPDATE ttrss_users + $sth = $this->pdo->prepare("UPDATE ttrss_users SET otp_enabled = true WHERE id = ?"); $sth->execute([$_SESSION['uid']]); @@ -922,7 +916,10 @@ class Pref_Prefs extends Handler_Protected { static function isdefaultpassword() { $authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]); - if ($authenticator && function_exists($authenticator->check_password) && $authenticator->check_password($_SESSION["uid"], "password")) { + if ($authenticator && + method_exists($authenticator, "check_password") && + $authenticator->check_password($_SESSION["uid"], "password")) { + return true; } @@ -1092,7 +1089,7 @@ class Pref_Prefs extends Handler_Protected { print "
-