]> git.wh0rd.org - tt-rss.git/blob - plugins/auth_internal/init.php
git.wh0rd.org / tt-rss.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
set charset to "utf-8"
[tt-rss.git] / plugins / auth_internal / init.php
1 <?php
2 class Auth_Internal extends Plugin implements IAuthModule {
3
4 private $host;
5
6 function about() {
7 return array(1.0,
8 "Authenticates against internal tt-rss database",
9 "fox",
10 true);
11 }
12
13 /* @var PluginHost $host */
14 function init($host) {
15 $this->host = $host;
16 $this->pdo = Db::pdo();
17
18 $host->add_hook($host::HOOK_AUTH_USER, $this);
19 }
20
21 function authenticate($login, $password) {
22
23 $pwd_hash1 = encrypt_password($password);
24 $pwd_hash2 = encrypt_password($password, $login);
25 $otp = $_REQUEST["otp"];
26
27 if (get_schema_version() > 96) {
28 if (!defined('AUTH_DISABLE_OTP') || !AUTH_DISABLE_OTP) {
29
30 $sth = $this->pdo->prepare("SELECT otp_enabled,salt FROM ttrss_users WHERE
31 login = ?");
32 $sth->execute([$login]);
33
34 if ($row = $sth->fetch()) {
35
36 require_once "lib/otphp/vendor/base32.php";
37 require_once "lib/otphp/lib/otp.php";
38 require_once "lib/otphp/lib/totp.php";
39
40 $base32 = new Base32();
41
42 $otp_enabled = $row['otp_enabled'];
43 $secret = $base32->encode(sha1($row['salt']));
44
45 $topt = new \OTPHP\TOTP($secret);
46 $otp_check = $topt->now();
47
48 if ($otp_enabled) {
49 if ($otp) {
50 if ($otp != $otp_check) {
51 return false;
52 }
53 } else {
54 $return = urlencode($_REQUEST["return"]);
55 ?><html>
56 <head>
57 <title>Tiny Tiny RSS</title>
58 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
59 </head>
60 <?php echo stylesheet_tag("css/default.css") ?>
61 <body class="ttrss_utility otp"><div class="content">
62 <form action="public.php?return=<?php echo $return ?>"
63 method="POST" class="otpform">
64 <input type="hidden" name="op" value="login">
65 <input type="hidden" name="login" value="<?php echo htmlspecialchars($login) ?>">
66 <input type="hidden" name="password" value="<?php echo htmlspecialchars($password) ?>">
67 <input type="hidden" name="bw_limit" value="<?php echo htmlspecialchars($_POST["bw_limit"]) ?>">
68 <input type="hidden" name="remember_me" value="<?php echo htmlspecialchars($_POST["remember_me"]) ?>">
69 <input type="hidden" name="profile" value="<?php echo htmlspecialchars($_POST["profile"]) ?>">
70
71 <label><?php echo __("Please enter your one time password:") ?></label>
72 <input autocomplete="off" size="6" name="otp" value=""/>
73 <input type="submit" value="Continue"/>
74 </form></div>
75 <script type="text/javascript">
76 document.forms[0].otp.focus();
77 </script>
78 <?php
79 exit;
80 }
81 }
82 }
83 }
84 }
85
86 if (get_schema_version() > 87) {
87
88 $sth = $this->pdo->prepare("SELECT salt FROM ttrss_users WHERE login = ?");
89 $sth->execute([$login]);
90
91 if ($row = $sth->fetch()) {
92 $salt = $row['salt'];
93
94 if ($salt == "") {
95
96 $sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
97 login = ? AND (pwd_hash = ? OR pwd_hash = ?)");
98
99 $sth->execute([$login, $pwd_hash1, $pwd_hash2]);
100
101 // verify and upgrade password to new salt base
102
103 if ($row = $sth->fetch()) {
104 // upgrade password to MODE2
105
106 $user_id = $row['id'];
107
108 $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
109 $pwd_hash = encrypt_password($password, $salt, true);
110
111 $sth = $this->pdo->prepare("UPDATE ttrss_users SET
112 pwd_hash = ?, salt = ? WHERE login = ?");
113
114 $sth->execute([$pwd_hash, $salt, $login]);
115
116 return $user_id;
117
118 } else {
119 return false;
120 }
121
122 } else {
123 $pwd_hash = encrypt_password($password, $salt, true);
124
125 $sth = $this->pdo->prepare("SELECT id
126 FROM ttrss_users WHERE
127 login = ? AND pwd_hash = ?");
128 $sth->execute([$login, $pwd_hash]);
129
130 if ($row = $sth->fetch()) {
131 return $row['id'];
132 }
133 }
134
135 } else {
136 $sth = $this->pdo->prepare("SELECT id
137 FROM ttrss_users WHERE
138 login = ? AND (pwd_hash = ? OR pwd_hash = ?)");
139
140 $sth->execute([$login, $pwd_hash1, $pwd_hash2]);
141
142 if ($row = $sth->fetch()) {
143 return $row['id'];
144 }
145 }
146 } else {
147 $sth = $this->pdo->prepare("SELECT id
148 FROM ttrss_users WHERE
149 login = ? AND (pwd_hash = ? OR pwd_hash = ?)");
150
151 $sth->execute([$login, $pwd_hash1, $pwd_hash2]);
152
153 if ($row = $sth->fetch()) {
154 return $row['id'];
155 }
156 }
157
158 return false;
159 }
160
161 function check_password($owner_uid, $password) {
162
163 $sth = $this->pdo->prepare("SELECT salt,login FROM ttrss_users WHERE
164 id = ?");
165 $sth->execute([$owner_uid]);
166
167 if ($row = $sth->fetch()) {
168
169 $salt = $row['salt'];
170 $login = $row['login'];
171
172 if (!$salt) {
173 $password_hash1 = encrypt_password($password);
174 $password_hash2 = encrypt_password($password, $login);
175
176 $sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
177 id = ? AND (pwd_hash = ? OR pwd_hash = ?)");
178
179 $sth->execute([$owner_uid, $password_hash1, $password_hash2]);
180
181 return $sth->fetch();
182
183 } else {
184 $password_hash = encrypt_password($password, $salt, true);
185
186 $sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
187 id = ? AND pwd_hash = ?");
188
189 $sth->execute([$owner_uid, $password_hash]);
190
191 return $sth->fetch();
192 }
193 }
194
195 return false;
196 }
197
198 function change_password($owner_uid, $old_password, $new_password) {
199
200 if ($this->check_password($owner_uid, $old_password)) {
201
202 $new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
203 $new_password_hash = encrypt_password($new_password, $new_salt, true);
204
205 $sth = $this->pdo->prepare("UPDATE ttrss_users SET
206 pwd_hash = ?, salt = ?, otp_enabled = false
207 WHERE id = ?");
208 $sth->execute([$new_password_hash, $new_salt, $owner_uid]);
209
210 $_SESSION["pwd_hash"] = $new_password_hash;
211
212 return __("Password has been changed.");
213 } else {
214 return "ERROR: ".__('Old password is incorrect.');
215 }
216 }
217
218 function api_version() {
219 return 2;
220 }
221
222 }
223 ?>
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/