]> git.wh0rd.org - tt-rss.git/blob - plugins/auth_internal/init.php
git.wh0rd.org / tt-rss.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
further stylesheet simplification related fixes
[tt-rss.git] / plugins / auth_internal / init.php
1 <?php
2 class Auth_Internal extends Plugin implements IAuthModule {
3
4 private $host;
5
6 function about() {
7 return array(1.0,
8 "Authenticates against internal tt-rss database",
9 "fox",
10 true);
11 }
12
13 /* @var PluginHost $host */
14 function init($host) {
15 $this->host = $host;
16 $this->pdo = Db::pdo();
17
18 $host->add_hook($host::HOOK_AUTH_USER, $this);
19 }
20
21 function authenticate($login, $password) {
22
23 $pwd_hash1 = encrypt_password($password);
24 $pwd_hash2 = encrypt_password($password, $login);
25 $otp = $_REQUEST["otp"];
26
27 if (get_schema_version() > 96) {
28 if (!defined('AUTH_DISABLE_OTP') || !AUTH_DISABLE_OTP) {
29
30 $sth = $this->pdo->prepare("SELECT otp_enabled,salt FROM ttrss_users WHERE
31 login = ?");
32 $sth->execute([$login]);
33
34 if ($row = $sth->fetch()) {
35
36 require_once "lib/otphp/vendor/base32.php";
37 require_once "lib/otphp/lib/otp.php";
38 require_once "lib/otphp/lib/totp.php";
39
40 $base32 = new Base32();
41
42 $otp_enabled = $row['otp_enabled'];
43 $secret = $base32->encode(sha1($row['salt']));
44
45 $topt = new \OTPHP\TOTP($secret);
46 $otp_check = $topt->now();
47
48 if ($otp_enabled) {
49 if ($otp) {
50 if ($otp != $otp_check) {
51 return false;
52 }
53 } else {
54 $return = urlencode($_REQUEST["return"]);
55 ?><html>
56 <head><title>Tiny Tiny RSS</title></head>
57 <?php echo stylesheet_tag("css/default.css") ?>
58 <body class="ttrss_utility otp"><div class="content">
59 <form action="public.php?return=<?php echo $return ?>"
60 method="POST" class="otpform">
61 <input type="hidden" name="op" value="login">
62 <input type="hidden" name="login" value="<?php echo htmlspecialchars($login) ?>">
63 <input type="hidden" name="password" value="<?php echo htmlspecialchars($password) ?>">
64 <input type="hidden" name="bw_limit" value="<?php echo htmlspecialchars($_POST["bw_limit"]) ?>">
65 <input type="hidden" name="remember_me" value="<?php echo htmlspecialchars($_POST["remember_me"]) ?>">
66 <input type="hidden" name="profile" value="<?php echo htmlspecialchars($_POST["profile"]) ?>">
67
68 <label><?php echo __("Please enter your one time password:") ?></label>
69 <input autocomplete="off" size="6" name="otp" value=""/>
70 <input type="submit" value="Continue"/>
71 </form></div>
72 <script type="text/javascript">
73 document.forms[0].otp.focus();
74 </script>
75 <?php
76 exit;
77 }
78 }
79 }
80 }
81 }
82
83 if (get_schema_version() > 87) {
84
85 $sth = $this->pdo->prepare("SELECT salt FROM ttrss_users WHERE login = ?");
86 $sth->execute([$login]);
87
88 if ($row = $sth->fetch()) {
89 $salt = $row['salt'];
90
91 if ($salt == "") {
92
93 $sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
94 login = ? AND (pwd_hash = ? OR pwd_hash = ?)");
95
96 $sth->execute([$login, $pwd_hash1, $pwd_hash2]);
97
98 // verify and upgrade password to new salt base
99
100 if ($row = $sth->fetch()) {
101 // upgrade password to MODE2
102
103 $user_id = $row['id'];
104
105 $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
106 $pwd_hash = encrypt_password($password, $salt, true);
107
108 $sth = $this->pdo->prepare("UPDATE ttrss_users SET
109 pwd_hash = ?, salt = ? WHERE login = ?");
110
111 $sth->execute([$pwd_hash, $salt, $login]);
112
113 return $user_id;
114
115 } else {
116 return false;
117 }
118
119 } else {
120 $pwd_hash = encrypt_password($password, $salt, true);
121
122 $sth = $this->pdo->prepare("SELECT id
123 FROM ttrss_users WHERE
124 login = ? AND pwd_hash = ?");
125 $sth->execute([$login, $pwd_hash]);
126
127 if ($row = $sth->fetch()) {
128 return $row['id'];
129 }
130 }
131
132 } else {
133 $sth = $this->pdo->prepare("SELECT id
134 FROM ttrss_users WHERE
135 login = ? AND (pwd_hash = ? OR pwd_hash = ?)");
136
137 $sth->execute([$login, $pwd_hash1, $pwd_hash2]);
138
139 if ($row = $sth->fetch()) {
140 return $row['id'];
141 }
142 }
143 } else {
144 $sth = $this->pdo->prepare("SELECT id
145 FROM ttrss_users WHERE
146 login = ? AND (pwd_hash = ? OR pwd_hash = ?)");
147
148 $sth->execute([$login, $pwd_hash1, $pwd_hash2]);
149
150 if ($row = $sth->fetch()) {
151 return $row['id'];
152 }
153 }
154
155 return false;
156 }
157
158 function check_password($owner_uid, $password) {
159
160 $sth = $this->pdo->prepare("SELECT salt,login FROM ttrss_users WHERE
161 id = ?");
162 $sth->execute([$owner_uid]);
163
164 if ($row = $sth->fetch()) {
165
166 $salt = $row['salt'];
167 $login = $row['login'];
168
169 if (!$salt) {
170 $password_hash1 = encrypt_password($password);
171 $password_hash2 = encrypt_password($password, $login);
172
173 $sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
174 id = ? AND (pwd_hash = ? OR pwd_hash = ?)");
175
176 $sth->execute([$owner_uid, $password_hash1, $password_hash2]);
177
178 return $sth->fetch();
179
180 } else {
181 $password_hash = encrypt_password($password, $salt, true);
182
183 $sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
184 id = ? AND pwd_hash = ?");
185
186 $sth->execute([$owner_uid, $password_hash]);
187
188 return $sth->fetch();
189 }
190 }
191
192 return false;
193 }
194
195 function change_password($owner_uid, $old_password, $new_password) {
196
197 if ($this->check_password($owner_uid, $old_password)) {
198
199 $new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
200 $new_password_hash = encrypt_password($new_password, $new_salt, true);
201
202 $sth = $this->pdo->prepare("UPDATE ttrss_users SET
203 pwd_hash = ?, salt = ?, otp_enabled = false
204 WHERE id = ?");
205 $sth->execute([$new_password_hash, $new_salt, $owner_uid]);
206
207 $_SESSION["pwd_hash"] = $new_password_hash;
208
209 return __("Password has been changed.");
210 } else {
211 return "ERROR: ".__('Old password is incorrect.');
212 }
213 }
214
215 function api_version() {
216 return 2;
217 }
218
219 }
220 ?>
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/