fix various password-change related functions
This commit is contained in:
parent
8b4fb0d0d6
commit
098df83ba6
|
@ -28,23 +28,36 @@ class Pref_Prefs extends Protected_Handler {
|
|||
return;
|
||||
}
|
||||
|
||||
$result = db_query($this->link, "SELECT salt FROM ttrss_users WHERE
|
||||
id = " . $_SESSION['uid']);
|
||||
|
||||
$salt = db_fetch_result($result, 0, "salt");
|
||||
|
||||
if (!$salt) {
|
||||
$old_pw_hash1 = encrypt_password($old_pw);
|
||||
$old_pw_hash2 = encrypt_password($old_pw, $_SESSION["name"]);
|
||||
$new_pw_hash = encrypt_password($new_pw, $_SESSION["name"]);
|
||||
|
||||
$active_uid = $_SESSION["uid"];
|
||||
$query = "SELECT id FROM ttrss_users WHERE
|
||||
id = ".$_SESSION['uid']." AND (pwd_hash = '$old_pw_hash1' OR
|
||||
pwd_hash = '$old_pw_hash2')";
|
||||
|
||||
if ($old_pw && $new_pw) {
|
||||
} else {
|
||||
$old_pw_hash = encrypt_password($old_pw, $salt, true);
|
||||
|
||||
$login = db_escape_string($_SERVER['PHP_AUTH_USER']);
|
||||
$query = "SELECT id FROM ttrss_users WHERE
|
||||
id = ".$_SESSION['uid']." AND pwd_hash = '$old_pw_hash'";
|
||||
}
|
||||
|
||||
$result = db_query($this->link, "SELECT id FROM ttrss_users WHERE
|
||||
id = '$active_uid' AND (pwd_hash = '$old_pw_hash1' OR
|
||||
pwd_hash = '$old_pw_hash2')");
|
||||
$result = db_query($this->link, $query);
|
||||
|
||||
if (db_num_rows($result) == 1) {
|
||||
db_query($this->link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash'
|
||||
WHERE id = '$active_uid'");
|
||||
|
||||
$new_salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
|
||||
$new_pw_hash = encrypt_password($new_pw, $new_salt, true);
|
||||
|
||||
db_query($this->link, "UPDATE ttrss_users SET
|
||||
pwd_hash = '$new_pw_hash', salt = '$new_salt'
|
||||
WHERE id = ".$_SESSION['uid']);
|
||||
|
||||
$_SESSION["pwd_hash"] = $new_pw_hash;
|
||||
|
||||
|
@ -54,10 +67,6 @@ class Pref_Prefs extends Protected_Handler {
|
|||
}
|
||||
}
|
||||
|
||||
return;
|
||||
|
||||
}
|
||||
|
||||
function saveconfig() {
|
||||
|
||||
$_SESSION["prefs_cache"] = false;
|
||||
|
|
|
@ -206,8 +206,9 @@ class Pref_Users extends Protected_Handler {
|
|||
$password = db_escape_string(trim($_REQUEST["password"]));
|
||||
|
||||
if ($password) {
|
||||
$pwd_hash = encrypt_password($password, $login);
|
||||
$pass_query_part = "pwd_hash = '$pwd_hash', ";
|
||||
$salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
|
||||
$pwd_hash = encrypt_password($password, $salt, true);
|
||||
$pass_query_part = "pwd_hash = '$pwd_hash', salt = '$salt',";
|
||||
} else {
|
||||
$pass_query_part = "";
|
||||
}
|
||||
|
@ -233,7 +234,8 @@ class Pref_Users extends Protected_Handler {
|
|||
|
||||
$login = db_escape_string(trim($_REQUEST["login"]));
|
||||
$tmp_user_pwd = make_password(8);
|
||||
$pwd_hash = encrypt_password($tmp_user_pwd, $login);
|
||||
$salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
|
||||
$pwd_hash = encrypt_password($tmp_user_pwd, $salt, true);
|
||||
|
||||
$result = db_query($this->link, "SELECT id FROM ttrss_users WHERE
|
||||
login = '$login'");
|
||||
|
@ -241,8 +243,8 @@ class Pref_Users extends Protected_Handler {
|
|||
if (db_num_rows($result) == 0) {
|
||||
|
||||
db_query($this->link, "INSERT INTO ttrss_users
|
||||
(login,pwd_hash,access_level,last_login,created)
|
||||
VALUES ('$login', '$pwd_hash', 0, null, NOW())");
|
||||
(login,pwd_hash,access_level,last_login,created, salt)
|
||||
VALUES ('$login', '$pwd_hash', 0, null, NOW(), '$salt')");
|
||||
|
||||
|
||||
$result = db_query($this->link, "SELECT id FROM ttrss_users WHERE
|
||||
|
@ -276,10 +278,14 @@ class Pref_Users extends Protected_Handler {
|
|||
|
||||
$login = db_fetch_result($result, 0, "login");
|
||||
$email = db_fetch_result($result, 0, "email");
|
||||
$tmp_user_pwd = make_password(8);
|
||||
$pwd_hash = encrypt_password($tmp_user_pwd, $login);
|
||||
$salt = db_fetch_result($result, 0, "salt");
|
||||
|
||||
db_query($this->link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash'
|
||||
$new_salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
|
||||
$tmp_user_pwd = make_password(8);
|
||||
|
||||
$pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true);
|
||||
|
||||
db_query($this->link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt'
|
||||
WHERE id = '$uid'");
|
||||
|
||||
print T_sprintf("Changed password of user <b>%s</b>
|
||||
|
|
|
@ -270,11 +270,12 @@
|
|||
|
||||
$password = make_password();
|
||||
|
||||
$pwd_hash = encrypt_password($password, $login);
|
||||
$salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
|
||||
$pwd_hash = encrypt_password($password, $salt, true);
|
||||
|
||||
db_query($link, "INSERT INTO ttrss_users
|
||||
(login,pwd_hash,access_level,last_login, email, created)
|
||||
VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW())");
|
||||
(login,pwd_hash,access_level,last_login, email, created, salt)
|
||||
VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW(), '$salt')");
|
||||
|
||||
$result = db_query($link, "SELECT id FROM ttrss_users WHERE
|
||||
login = '$login' AND pwd_hash = '$pwd_hash'");
|
||||
|
|
Loading…
Reference in New Issue