]> git.wh0rd.org Git - tt-rss.git/commitdiff
move changing password code to authentication modules
authorAndrew Dolgov <fox@fakecake.org>
Thu, 16 Aug 2012 14:21:35 +0000 (18:21 +0400)
committerAndrew Dolgov <fox@fakecake.org>
Thu, 16 Aug 2012 14:21:35 +0000 (18:21 +0400)
classes/auth_internal.php
classes/pref_prefs.php
include/functions.php

index b4c473f210e335c4e7a2b98f4100f668475e17a6..eb376568d093e2b68dd4d39bce1ac1bf0b7c33d4 100644 (file)
@@ -71,5 +71,47 @@ class Auth_Internal extends Auth_Base {
 
                return false;
        }
+
+       function change_password($owner_uid, $old_password, $new_password) {
+               $owner_uid = db_escape_string($owner_uid);
+
+               $result = db_query($this->link, "SELECT salt FROM ttrss_users WHERE
+                       id = '$owner_uid'");
+
+               $salt = db_fetch_result($result, 0, "salt");
+
+               if (!$salt) {
+                       $old_password_hash1 = encrypt_password($old_password);
+                       $old_password_hash2 = encrypt_password($old_password, $_SESSION["name"]);
+
+                       $query = "SELECT id FROM ttrss_users WHERE
+                               id = '$owner_uid' AND (pwd_hash = '$old_password_hash1' OR
+                               pwd_hash = '$old_password_hash2')";
+
+               } else {
+                       $old_password_hash = encrypt_password($old_password, $salt, true);
+
+                       $query = "SELECT id FROM ttrss_users WHERE
+                               id = '$owner_uid' AND pwd_hash = '$old_password_hash'";
+               }
+
+               $result = db_query($this->link, $query);
+
+               if (db_num_rows($result) == 1) {
+
+                       $new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
+                       $new_password_hash = encrypt_password($new_password, $new_salt, true);
+
+                       db_query($this->link, "UPDATE ttrss_users SET
+                               pwd_hash = '$new_password_hash', salt = '$new_salt'
+                                       WHERE id = '$owner_uid'");
+
+                       $_SESSION["pwd_hash"] = $new_password_hash;
+
+                       return __("Password has been changed.");
+               } else {
+                       return "ERROR: ".__('Old password is incorrect.');
+               }
+       }
 }
 ?>
index 5339095bac4d0e4c614bba7534d79ae6c07ab118..60d241103ac92a1699c06e668bfe2dece35b22b4 100644 (file)
@@ -28,42 +28,13 @@ class Pref_Prefs extends Protected_Handler {
                        return;
                }
 
-               $result = db_query($this->link, "SELECT salt FROM ttrss_users WHERE
-                       id = " . $_SESSION['uid']);
-
-               $salt = db_fetch_result($result, 0, "salt");
-
-               if (!$salt) {
-                       $old_pw_hash1 = encrypt_password($old_pw);
-                       $old_pw_hash2 = encrypt_password($old_pw, $_SESSION["name"]);
-
-                       $query = "SELECT id FROM ttrss_users WHERE
-                               id = ".$_SESSION['uid']." AND (pwd_hash = '$old_pw_hash1' OR
-                               pwd_hash = '$old_pw_hash2')";
+               $module_class = "auth_" . $_SESSION["auth_module"];
+               $authenticator = new $module_class($this->link);
 
+               if (method_exists($authenticator, "change_password")) {
+                       print $authenticator->change_password($_SESSION["uid"], $old_pw, $new_pw);
                } else {
-                       $old_pw_hash = encrypt_password($old_pw, $salt, true);
-
-                       $query = "SELECT id FROM ttrss_users WHERE
-                               id = ".$_SESSION['uid']." AND pwd_hash = '$old_pw_hash'";
-               }
-
-               $result = db_query($this->link, $query);
-
-               if (db_num_rows($result) == 1) {
-
-                       $new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
-                       $new_pw_hash = encrypt_password($new_pw, $new_salt, true);
-
-                       db_query($this->link, "UPDATE ttrss_users SET
-                               pwd_hash = '$new_pw_hash', salt = '$new_salt'
-                                       WHERE id = ".$_SESSION['uid']);
-
-                       $_SESSION["pwd_hash"] = $new_pw_hash;
-
-                       print __("Password has been changed.");
-               } else {
-                       print "ERROR: ".__('Old password is incorrect.');
+                       print "ERROR: ".__("Function not supported by authentication module.");
                }
        }
 
@@ -214,7 +185,14 @@ class Pref_Prefs extends Protected_Handler {
 
                print "</form>";
 
-               if (!SINGLE_USER_MODE && $_SESSION["auth_module"] == 'internal') {
+               if  ($_SESSION["auth_module"]) {
+                       $module_class = "auth_" . $_SESSION["auth_module"];
+                       $authenticator = new $module_class($this->link);
+               } else {
+                       $authenticator = false;
+               }
+
+               if ($authenticator && method_exists($authenticator, "change_password")) {
 
                        $result = db_query($this->link, "SELECT id FROM ttrss_users
                                WHERE id = ".$_SESSION["uid"]." AND pwd_hash
index a2e164416a5f0fc7fd276021b47390c67c7122df..702843c1601416d6b303447a99b1226de89e3eca 100644 (file)
                        $_SESSION["hide_hello"] = true;
                        $_SESSION["hide_logout"] = true;
 
+                       $_SESSION["auth_module"] = false;
+
                        if (!$_SESSION["csrf_token"]) {
                                $_SESSION["csrf_token"] = sha1(uniqid(rand(), true));
                        }