X-Git-Url: https://git.wh0rd.org/?a=blobdiff_plain;f=classes%2Fpref%2Fprefs.php;h=faab69235504c66097fc3baf1717f91f4ea19ef5;hb=6322ac79a020ab584d412d782d62b2ee77d7c6cf;hp=445d0aadb37c4aef842237bb0c1fd8c091ec9421;hpb=bf8783388413a9f19b5b8ae4b998d10b93bf4617;p=tt-rss.git diff --git a/classes/pref/prefs.php b/classes/pref/prefs.php index 445d0aad..faab6923 100644 --- a/classes/pref/prefs.php +++ b/classes/pref/prefs.php @@ -30,7 +30,7 @@ class Pref_Prefs extends Handler_Protected { "COMBINED_DISPLAY_MODE" => array(__("Combined feed display"), __("Display expanded list of feed articles, instead of separate displays for headlines and article content")), "CONFIRM_FEED_CATCHUP" => array(__("Confirm marking feed as read"), ""), "DEFAULT_ARTICLE_LIMIT" => array(__("Amount of articles to display at once"), ""), - "DEFAULT_UPDATE_INTERVAL" => array(__("Default interval between feed updates"), ""), + "DEFAULT_UPDATE_INTERVAL" => array(__("Default feed update interval"), __("Shortest interval at which a feed will be checked for updates regardless of update method")), "DIGEST_CATCHUP" => array(__("Mark articles in e-mail digest as read"), ""), "DIGEST_ENABLE" => array(__("Enable e-mail digest"), __("This option enables sending daily digest of new (and unread) headlines on your configured e-mail address")), "DIGEST_PREFERRED_TIME" => array(__("Try to send digests around specified time"), __("Uses UTC timezone")), @@ -103,13 +103,13 @@ class Pref_Prefs extends Handler_Protected { foreach (array_keys($_POST) as $pref_name) { - $pref_name = db_escape_string($this->link, $pref_name); - $value = db_escape_string($this->link, $_POST[$pref_name]); + $pref_name = db_escape_string( $pref_name); + $value = db_escape_string( $_POST[$pref_name]); if ($pref_name == 'DIGEST_PREFERRED_TIME') { - if (get_pref($this->link, 'DIGEST_PREFERRED_TIME') != $value) { + if (get_pref( 'DIGEST_PREFERRED_TIME') != $value) { - db_query($this->link, "UPDATE ttrss_users SET + db_query( "UPDATE ttrss_users SET last_digest_sent = NULL WHERE id = " . $_SESSION['uid']); } @@ -124,7 +124,7 @@ class Pref_Prefs extends Handler_Protected { $need_reload = true; } } else { - set_pref($this->link, $pref_name, $value); + set_pref( $pref_name, $value); } } @@ -138,9 +138,9 @@ class Pref_Prefs extends Handler_Protected { function getHelp() { - $pref_name = db_escape_string($this->link, $_REQUEST["pn"]); + $pref_name = db_escape_string( $_REQUEST["pn"]); - $result = db_query($this->link, "SELECT help_text FROM ttrss_prefs + $result = db_query( "SELECT help_text FROM ttrss_prefs WHERE pref_name = '$pref_name'"); if (db_num_rows($result) > 0) { @@ -153,12 +153,12 @@ class Pref_Prefs extends Handler_Protected { function changeemail() { - $email = db_escape_string($this->link, $_POST["email"]); - $full_name = db_escape_string($this->link, $_POST["full_name"]); + $email = db_escape_string( $_POST["email"]); + $full_name = db_escape_string( $_POST["full_name"]); $active_uid = $_SESSION["uid"]; - db_query($this->link, "UPDATE ttrss_users SET email = '$email', + db_query( "UPDATE ttrss_users SET email = '$email', full_name = '$full_name' WHERE id = '$active_uid'"); print __("Your personal data has been saved."); @@ -176,10 +176,10 @@ class Pref_Prefs extends Handler_Protected { $profile_qpart = "profile IS NULL"; } - db_query($this->link, "DELETE FROM ttrss_user_prefs + db_query( "DELETE FROM ttrss_user_prefs WHERE $profile_qpart AND owner_uid = ".$_SESSION["uid"]); - initialize_user_prefs($this->link, $_SESSION["uid"], $_SESSION["profile"]); + initialize_user_prefs( $_SESSION["uid"], $_SESSION["profile"]); echo __("Your preferences are now set to default values."); } @@ -225,7 +225,7 @@ class Pref_Prefs extends Handler_Protected { print "

" . __("Personal data") . "

"; - $result = db_query($this->link, "SELECT email,full_name,otp_enabled, + $result = db_query( "SELECT email,full_name,otp_enabled, access_level FROM ttrss_users WHERE id = ".$_SESSION["uid"]); @@ -270,7 +270,7 @@ class Pref_Prefs extends Handler_Protected { print "

" . __("Password") . "

"; - $result = db_query($this->link, "SELECT id FROM ttrss_users + $result = db_query( "SELECT id FROM ttrss_users WHERE id = ".$_SESSION["uid"]." AND pwd_hash = 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'"); @@ -399,8 +399,8 @@ class Pref_Prefs extends Handler_Protected { parameters: dojo.objectToQuery(this.getValues()), onComplete: function(transport) { notify(''); - if (transport.responseText.indexOf('ERROR: ') == 0) { - notify_error(transport.responseText.replace('ERROR: ', '')); + if (transport.responseText.indexOf('ERROR:') == 0) { + notify_error(transport.responseText.replace('ERROR:', '')); } else { window.location.reload(); } @@ -416,11 +416,13 @@ class Pref_Prefs extends Handler_Protected { print ""; - print ""; + print "".__("Enter the generated one time password").""; + + print ""; - print " "; - print ""; + print ""; print ""; @@ -478,10 +480,10 @@ class Pref_Prefs extends Handler_Protected { } if ($_SESSION["profile"]) { - initialize_user_prefs($this->link, $_SESSION["uid"], $_SESSION["profile"]); + initialize_user_prefs( $_SESSION["uid"], $_SESSION["profile"]); $profile_qpart = "profile = '" . $_SESSION["profile"] . "'"; } else { - initialize_user_prefs($this->link, $_SESSION["uid"]); + initialize_user_prefs( $_SESSION["uid"]); $profile_qpart = "profile IS NULL"; } @@ -492,7 +494,7 @@ class Pref_Prefs extends Handler_Protected { $access_query = 'true'; - $result = db_query($this->link, "SELECT DISTINCT + $result = db_query( "SELECT DISTINCT ttrss_user_prefs.pref_name,value,type_name, ttrss_prefs_sections.order_id, def_value,section_id @@ -765,9 +767,9 @@ class Pref_Prefs extends Handler_Protected { ".__('Author').""; $system_enabled = array_map("trim", explode(",", PLUGINS)); - $user_enabled = array_map("trim", explode(",", get_pref($this->link, "_ENABLED_PLUGINS"))); + $user_enabled = array_map("trim", explode(",", get_pref( "_ENABLED_PLUGINS"))); - $tmppluginhost = new PluginHost($this->link); + $tmppluginhost = new PluginHost(); $tmppluginhost->load_all($tmppluginhost::KIND_ALL, $_SESSION["uid"]); $tmppluginhost->load_data(true); @@ -895,7 +897,7 @@ class Pref_Prefs extends Handler_Protected { require_once "lib/otphp/lib/totp.php"; require_once "lib/phpqrcode/phpqrcode.php"; - $result = db_query($this->link, "SELECT login,salt,otp_enabled + $result = db_query( "SELECT login,salt,otp_enabled FROM ttrss_users WHERE id = ".$_SESSION["uid"]); @@ -912,35 +914,52 @@ class Pref_Prefs extends Handler_Protected { } function otpenable() { - $password = db_escape_string($this->link, $_REQUEST["password"]); - $enable_otp = $_REQUEST["enable_otp"] == "on"; + require_once "lib/otphp/vendor/base32.php"; + require_once "lib/otphp/lib/otp.php"; + require_once "lib/otphp/lib/totp.php"; + + $password = $_REQUEST["password"]; + $otp = $_REQUEST["otp"]; global $pluginhost; $authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]); if ($authenticator->check_password($_SESSION["uid"], $password)) { - if ($enable_otp) { - db_query($this->link, "UPDATE ttrss_users SET otp_enabled = true WHERE + $result = db_query( "SELECT salt + FROM ttrss_users + WHERE id = ".$_SESSION["uid"]); + + $base32 = new Base32(); + + $secret = $base32->encode(sha1(db_fetch_result($result, 0, "salt"))); + $topt = new \OTPHP\TOTP($secret); + + $otp_check = $topt->now(); + + if ($otp == $otp_check) { + db_query( "UPDATE ttrss_users SET otp_enabled = true WHERE id = " . $_SESSION["uid"]); print "OK"; + } else { + print "ERROR:".__("Incorrect one time password"); } } else { - print "ERROR: ".__("Incorrect password"); + print "ERROR:".__("Incorrect password"); } } function otpdisable() { - $password = db_escape_string($this->link, $_REQUEST["password"]); + $password = db_escape_string( $_REQUEST["password"]); global $pluginhost; $authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]); if ($authenticator->check_password($_SESSION["uid"], $password)) { - db_query($this->link, "UPDATE ttrss_users SET otp_enabled = false WHERE + db_query( "UPDATE ttrss_users SET otp_enabled = false WHERE id = " . $_SESSION["uid"]); print "OK"; @@ -956,18 +975,18 @@ class Pref_Prefs extends Handler_Protected { else $plugins = ""; - set_pref($this->link, "_ENABLED_PLUGINS", $plugins); + set_pref( "_ENABLED_PLUGINS", $plugins); } function clearplugindata() { - $name = db_escape_string($this->link, $_REQUEST["name"]); + $name = db_escape_string( $_REQUEST["name"]); global $pluginhost; $pluginhost->clear_data($pluginhost->get_plugin($name)); } function customizeCSS() { - $value = get_pref($this->link, "USER_STYLESHEET"); + $value = get_pref( "USER_STYLESHEET"); $value = str_replace("
", "\n", $value); @@ -1015,7 +1034,7 @@ class Pref_Prefs extends Handler_Protected { print ""; - $result = db_query($this->link, "SELECT title,id FROM ttrss_settings_profiles + $result = db_query( "SELECT title,id FROM ttrss_settings_profiles WHERE owner_uid = ".$_SESSION["uid"]." ORDER BY title"); print "
";