if (!SINGLE_USER_MODE) {
- $pwd_hash = 'SHA1:' . sha1($password);
+ $pwd_hash1 = encrypt_password($password);
+ $pwd_hash2 = encrypt_password($password, $login);
if ($force_auth && defined('_DEBUG_USER_SWITCH')) {
$query = "SELECT id,login,access_level
FROM ttrss_users WHERE
login = '$login'";
} else {
- $query = "SELECT id,login,access_level
+ $query = "SELECT id,login,access_level,pwd_hash
FROM ttrss_users WHERE
- login = '$login' AND pwd_hash = '$pwd_hash'";
+ login = '$login' AND (pwd_hash = '$pwd_hash1' OR
+ pwd_hash = '$pwd_hash2')";
}
$result = db_query($link, $query);
$_SESSION["theme"] = $user_theme;
$_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"];
- $_SESSION["pwd_hash"] = $pwd_hash;
+ $_SESSION["pwd_hash"] = db_fetch_result($result, 0, "pwd_hash");
initialize_user_prefs($link, $_SESSION["uid"]);
return $url_path;
}
+ function encrypt_password($pass, $login = '') {
+ if ($login) {
+ return "SHA1X:" . sha1("$login:$pass");
+ } else {
+ return "SHA1:" . sha1($pass);
+ }
+ }
+
?>
return;
}
- $old_pw_hash = 'SHA1:' . sha1($_POST["OLD_PASSWORD"]);
- $new_pw_hash = 'SHA1:' . sha1($_POST["NEW_PASSWORD"]);
+ $old_pw_hash1 = encrypt_password($_POST["OLD_PASSWORD"]);
+ $old_pw_hash2 = encrypt_password($_POST["OLD_PASSWORD"],
+ $_SESSION["name"]);
+
+ $new_pw_hash = encrypt_password($_POST["NEW_PASSWORD"],
+ $_SESSION["name"]);
$active_uid = $_SESSION["uid"];
$login = db_escape_string($_SERVER['PHP_AUTH_USER']);
$result = db_query($link, "SELECT id FROM ttrss_users WHERE
- id = '$active_uid' AND (pwd_hash = '$old_pw' OR
- pwd_hash = '$old_pw_hash')");
+ id = '$active_uid' AND (pwd_hash = '$old_pw_hash1' OR
+ pwd_hash = '$old_pw_hash2')");
if (db_num_rows($result) == 1) {
db_query($link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash'
git.wh0rd.org / tt-rss.git / commitdiff
