]>
git.wh0rd.org - tt-rss.git/blob - plugins/auth_internal/init.php
2 class Auth_Internal
extends Plugin
implements IAuthModule
{
8 "Authenticates against internal tt-rss database",
13 /* @var PluginHost $host */
14 function init($host) {
16 $this->pdo
= Db
::pdo();
18 $host->add_hook($host::HOOK_AUTH_USER
, $this);
21 function authenticate($login, $password) {
23 $pwd_hash1 = encrypt_password($password);
24 $pwd_hash2 = encrypt_password($password, $login);
25 $otp = $_REQUEST["otp"];
27 if (get_schema_version() > 96) {
28 if (!defined('AUTH_DISABLE_OTP') ||
!AUTH_DISABLE_OTP
) {
30 $sth = $this->pdo
->prepare("SELECT otp_enabled,salt FROM ttrss_users WHERE
32 $sth->execute([$login]);
34 if ($row = $sth->fetch()) {
36 require_once "lib/otphp/vendor/base32.php";
37 require_once "lib/otphp/lib/otp.php";
38 require_once "lib/otphp/lib/totp.php";
40 $base32 = new Base32();
42 $otp_enabled = $row['otp_enabled'];
43 $secret = $base32->encode(sha1($row['salt']));
45 $topt = new \OTPHP\
TOTP($secret);
46 $otp_check = $topt->now();
50 if ($otp != $otp_check) {
54 $return = urlencode($_REQUEST["return"]);
57 <title
>Tiny Tiny RSS
</title
>
58 <meta http
-equiv
="Content-Type" content
="text/html; charset=UTF-8" />
60 <?php
echo stylesheet_tag("css/default.css") ?
>
61 <body
class="ttrss_utility otp"><div
class="content">
62 <form action
="public.php?return=<?php echo $return ?>"
63 method
="POST" class="otpform">
64 <input type
="hidden" name
="op" value
="login">
65 <input type
="hidden" name
="login" value
="<?php echo htmlspecialchars($login) ?>">
66 <input type
="hidden" name
="password" value
="<?php echo htmlspecialchars($password) ?>">
67 <input type
="hidden" name
="bw_limit" value
="<?php echo htmlspecialchars($_POST["bw_limit
"]) ?>">
68 <input type
="hidden" name
="remember_me" value
="<?php echo htmlspecialchars($_POST["remember_me
"]) ?>">
69 <input type
="hidden" name
="profile" value
="<?php echo htmlspecialchars($_POST["profile
"]) ?>">
71 <label
><?php
echo __("Please enter your one time password:") ?
></label
>
72 <input autocomplete
="off" size
="6" name
="otp" value
=""/>
73 <input type
="submit" value
="Continue"/>
75 <script type
="text/javascript">
76 document
.forms
[0].otp
.focus();
86 if (get_schema_version() > 87) {
88 $sth = $this->pdo
->prepare("SELECT salt FROM ttrss_users WHERE login = ?");
89 $sth->execute([$login]);
91 if ($row = $sth->fetch()) {
96 $sth = $this->pdo
->prepare("SELECT id FROM ttrss_users WHERE
97 login = ? AND (pwd_hash = ? OR pwd_hash = ?)");
99 $sth->execute([$login, $pwd_hash1, $pwd_hash2]);
101 // verify and upgrade password to new salt base
103 if ($row = $sth->fetch()) {
104 // upgrade password to MODE2
106 $user_id = $row['id'];
108 $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
109 $pwd_hash = encrypt_password($password, $salt, true);
111 $sth = $this->pdo
->prepare("UPDATE ttrss_users SET
112 pwd_hash = ?, salt = ? WHERE login = ?");
114 $sth->execute([$pwd_hash, $salt, $login]);
123 $pwd_hash = encrypt_password($password, $salt, true);
125 $sth = $this->pdo
->prepare("SELECT id
126 FROM ttrss_users WHERE
127 login = ? AND pwd_hash = ?");
128 $sth->execute([$login, $pwd_hash]);
130 if ($row = $sth->fetch()) {
136 $sth = $this->pdo
->prepare("SELECT id
137 FROM ttrss_users WHERE
138 login = ? AND (pwd_hash = ? OR pwd_hash = ?)");
140 $sth->execute([$login, $pwd_hash1, $pwd_hash2]);
142 if ($row = $sth->fetch()) {
147 $sth = $this->pdo
->prepare("SELECT id
148 FROM ttrss_users WHERE
149 login = ? AND (pwd_hash = ? OR pwd_hash = ?)");
151 $sth->execute([$login, $pwd_hash1, $pwd_hash2]);
153 if ($row = $sth->fetch()) {
161 function check_password($owner_uid, $password) {
163 $sth = $this->pdo
->prepare("SELECT salt,login FROM ttrss_users WHERE
165 $sth->execute([$owner_uid]);
167 if ($row = $sth->fetch()) {
169 $salt = $row['salt'];
170 $login = $row['login'];
173 $password_hash1 = encrypt_password($password);
174 $password_hash2 = encrypt_password($password, $login);
176 $sth = $this->pdo
->prepare("SELECT id FROM ttrss_users WHERE
177 id = ? AND (pwd_hash = ? OR pwd_hash = ?)");
179 $sth->execute([$owner_uid, $password_hash1, $password_hash2]);
181 return $sth->fetch();
184 $password_hash = encrypt_password($password, $salt, true);
186 $sth = $this->pdo
->prepare("SELECT id FROM ttrss_users WHERE
187 id = ? AND pwd_hash = ?");
189 $sth->execute([$owner_uid, $password_hash]);
191 return $sth->fetch();
198 function change_password($owner_uid, $old_password, $new_password) {
200 if ($this->check_password($owner_uid, $old_password)) {
202 $new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
203 $new_password_hash = encrypt_password($new_password, $new_salt, true);
205 $sth = $this->pdo
->prepare("UPDATE ttrss_users SET
206 pwd_hash = ?, salt = ?, otp_enabled = false
208 $sth->execute([$new_password_hash, $new_salt, $owner_uid]);
210 $_SESSION["pwd_hash"] = $new_password_hash;
212 return __("Password has been changed.");
214 return "ERROR: ".__('Old password is incorrect.');
218 function api_version() {