]> git.wh0rd.org - tt-rss.git/blob - classes/auth/internal.php
git.wh0rd.org / tt-rss.git / blob
? search:


8890d445588cc15e80d7676f941ffaeeef1000a4
[tt-rss.git] / classes / auth / internal.php
1 <?php
2 class Auth_Internal extends Auth_Base {
3
4 function authenticate($login, $password) {
5
6 $pwd_hash1 = encrypt_password($password);
7 $pwd_hash2 = encrypt_password($password, $login);
8 $login = db_escape_string($login);
9
10 if (get_schema_version($this->link) > 87) {
11
12 $result = db_query($this->link, "SELECT salt FROM ttrss_users WHERE
13 login = '$login'");
14
15 if (db_num_rows($result) != 1) {
16 return false;
17 }
18
19 $salt = db_fetch_result($result, 0, "salt");
20
21 if ($salt == "") {
22
23 $query = "SELECT id
24 FROM ttrss_users WHERE
25 login = '$login' AND (pwd_hash = '$pwd_hash1' OR
26 pwd_hash = '$pwd_hash2')";
27
28 // verify and upgrade password to new salt base
29
30 $result = db_query($this->link, $query);
31
32 if (db_num_rows($result) == 1) {
33 // upgrade password to MODE2
34
35 $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
36 $pwd_hash = encrypt_password($password, $salt, true);
37
38 db_query($this->link, "UPDATE ttrss_users SET
39 pwd_hash = '$pwd_hash', salt = '$salt' WHERE login = '$login'");
40
41 $query = "SELECT id
42 FROM ttrss_users WHERE
43 login = '$login' AND pwd_hash = '$pwd_hash'";
44
45 } else {
46 return false;
47 }
48
49 } else {
50
51 $pwd_hash = encrypt_password($password, $salt, true);
52
53 $query = "SELECT id
54 FROM ttrss_users WHERE
55 login = '$login' AND pwd_hash = '$pwd_hash'";
56
57 }
58
59 } else {
60 $query = "SELECT id
61 FROM ttrss_users WHERE
62 login = '$login' AND (pwd_hash = '$pwd_hash1' OR
63 pwd_hash = '$pwd_hash2')";
64 }
65
66 $result = db_query($this->link, $query);
67
68 if (db_num_rows($result) == 1) {
69 return db_fetch_result($result, 0, "id");
70 }
71
72 return false;
73 }
74
75 function change_password($owner_uid, $old_password, $new_password) {
76 $owner_uid = db_escape_string($owner_uid);
77
78 $result = db_query($this->link, "SELECT salt,login FROM ttrss_users WHERE
79 id = '$owner_uid'");
80
81 $salt = db_fetch_result($result, 0, "salt");
82 $login = db_fetch_result($result, 0, "login");
83
84 if (!$salt) {
85 $old_password_hash1 = encrypt_password($old_password);
86 $old_password_hash2 = encrypt_password($old_password, $login);
87
88 $query = "SELECT id FROM ttrss_users WHERE
89 id = '$owner_uid' AND (pwd_hash = '$old_password_hash1' OR
90 pwd_hash = '$old_password_hash2')";
91
92 } else {
93 $old_password_hash = encrypt_password($old_password, $salt, true);
94
95 $query = "SELECT id FROM ttrss_users WHERE
96 id = '$owner_uid' AND pwd_hash = '$old_password_hash'";
97 }
98
99 $result = db_query($this->link, $query);
100
101 if (db_num_rows($result) == 1) {
102
103 $new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
104 $new_password_hash = encrypt_password($new_password, $new_salt, true);
105
106 db_query($this->link, "UPDATE ttrss_users SET
107 pwd_hash = '$new_password_hash', salt = '$new_salt'
108 WHERE id = '$owner_uid'");
109
110 $_SESSION["pwd_hash"] = $new_password_hash;
111
112 return __("Password has been changed.");
113 } else {
114 return "ERROR: ".__('Old password is incorrect.');
115 }
116 }
117 }
118 ?>
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/