add UserHelper::find_user_by_login() and rewrite some user checks to invoke it instead of going through PDO
This commit is contained in:
parent
7af8744c85
commit
09e9f34bb4
|
@ -59,20 +59,7 @@ class API extends Handler {
|
||||||
|
|
||||||
if (SINGLE_USER_MODE) $login = "admin";
|
if (SINGLE_USER_MODE) $login = "admin";
|
||||||
|
|
||||||
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE LOWER(login) = LOWER(?)");
|
if ($uid = UserHelper::find_user_by_login($login)) {
|
||||||
$sth->execute([$login]);
|
|
||||||
|
|
||||||
if ($row = $sth->fetch()) {
|
|
||||||
$uid = $row["id"];
|
|
||||||
} else {
|
|
||||||
$uid = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!$uid) {
|
|
||||||
$this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR"));
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (get_pref("ENABLE_API_ACCESS", $uid)) {
|
if (get_pref("ENABLE_API_ACCESS", $uid)) {
|
||||||
if (UserHelper::authenticate($login, $password, false, Auth_Base::AUTH_SERVICE_API)) { // try login with normal password
|
if (UserHelper::authenticate($login, $password, false, Auth_Base::AUTH_SERVICE_API)) { // try login with normal password
|
||||||
$this->wrap(self::STATUS_OK, array("session_id" => session_id(),
|
$this->wrap(self::STATUS_OK, array("session_id" => session_id(),
|
||||||
|
@ -87,7 +74,10 @@ class API extends Handler {
|
||||||
} else {
|
} else {
|
||||||
$this->wrap(self::STATUS_ERR, array("error" => "API_DISABLED"));
|
$this->wrap(self::STATUS_ERR, array("error" => "API_DISABLED"));
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
$this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR"));
|
||||||
|
return;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
function logout() {
|
function logout() {
|
||||||
|
|
|
@ -15,13 +15,14 @@ abstract class Auth_Base extends Plugin implements IAuthModule {
|
||||||
|
|
||||||
// Auto-creates specified user if allowed by system configuration
|
// Auto-creates specified user if allowed by system configuration
|
||||||
// Can be used instead of find_user_by_login() by external auth modules
|
// Can be used instead of find_user_by_login() by external auth modules
|
||||||
function auto_create_user($login, $password = false) {
|
function auto_create_user(string $login, $password = false) {
|
||||||
if ($login && defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE) {
|
if ($login && defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE) {
|
||||||
$user_id = $this->find_user_by_login($login);
|
$user_id = UserHelper::find_user_by_login($login);
|
||||||
|
|
||||||
|
if (!$user_id) {
|
||||||
|
|
||||||
if (!$password) $password = make_password();
|
if (!$password) $password = make_password();
|
||||||
|
|
||||||
if (!$user_id) {
|
|
||||||
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
|
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
|
||||||
$pwd_hash = encrypt_password($password, $salt, true);
|
$pwd_hash = encrypt_password($password, $salt, true);
|
||||||
|
|
||||||
|
@ -30,26 +31,18 @@ abstract class Auth_Base extends Plugin implements IAuthModule {
|
||||||
VALUES (LOWER(?), 0, null, NOW(), ?,?)");
|
VALUES (LOWER(?), 0, null, NOW(), ?,?)");
|
||||||
$sth->execute([$login, $pwd_hash, $salt]);
|
$sth->execute([$login, $pwd_hash, $salt]);
|
||||||
|
|
||||||
return $this->find_user_by_login($login);
|
return UserHelper::find_user_by_login($login);
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
return $user_id;
|
return $user_id;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->find_user_by_login($login);
|
return UserHelper::find_user_by_login($login);
|
||||||
}
|
|
||||||
|
|
||||||
function find_user_by_login($login) {
|
|
||||||
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
|
|
||||||
LOWER(login) = LOWER(?)");
|
|
||||||
$sth->execute([$login]);
|
|
||||||
|
|
||||||
if ($row = $sth->fetch()) {
|
|
||||||
return $row["id"];
|
|
||||||
} else {
|
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// @deprecated
|
||||||
|
function find_user_by_login(string $login) {
|
||||||
|
return UserHelper::find_user_by_login($login);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -248,19 +248,15 @@ class Handler_Public extends Handler {
|
||||||
$login = clean($_REQUEST["login"]);
|
$login = clean($_REQUEST["login"]);
|
||||||
$fresh = clean($_REQUEST["fresh"]) == "1";
|
$fresh = clean($_REQUEST["fresh"]) == "1";
|
||||||
|
|
||||||
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE LOWER(login) = LOWER(?)");
|
$uid = UserHelper::find_user_by_login($login);
|
||||||
$sth->execute([$login]);
|
|
||||||
|
|
||||||
if ($row = $sth->fetch()) {
|
|
||||||
$uid = $row["id"];
|
|
||||||
|
|
||||||
|
if ($uid) {
|
||||||
print Feeds::getGlobalUnread($uid);
|
print Feeds::getGlobalUnread($uid);
|
||||||
|
|
||||||
if ($fresh) {
|
if ($fresh) {
|
||||||
print ";";
|
print ";";
|
||||||
print Feeds::getFeedArticles(-3, false, true, $uid);
|
print Feeds::getFeedArticles(-3, false, true, $uid);
|
||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
print "-1;User not found";
|
print "-1;User not found";
|
||||||
}
|
}
|
||||||
|
|
|
@ -237,22 +237,14 @@ class Pref_Users extends Handler_Protected {
|
||||||
|
|
||||||
if (!$login) return; // no blank usernames
|
if (!$login) return; // no blank usernames
|
||||||
|
|
||||||
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
|
if (!UserHelper::find_user_by_login($login)) {
|
||||||
LOWER(login) = LOWER(?)");
|
|
||||||
$sth->execute([$login]);
|
|
||||||
|
|
||||||
if (!$sth->fetch()) {
|
|
||||||
|
|
||||||
$sth = $this->pdo->prepare("INSERT INTO ttrss_users
|
$sth = $this->pdo->prepare("INSERT INTO ttrss_users
|
||||||
(login,pwd_hash,access_level,last_login,created, salt)
|
(login,pwd_hash,access_level,last_login,created, salt)
|
||||||
VALUES (LOWER(?), ?, 0, null, NOW(), ?)");
|
VALUES (LOWER(?), ?, 0, null, NOW(), ?)");
|
||||||
$sth->execute([$login, $pwd_hash, $salt]);
|
$sth->execute([$login, $pwd_hash, $salt]);
|
||||||
|
|
||||||
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
|
if ($new_uid = UserHelper::find_user_by_login($login)) {
|
||||||
LOWER(login) = LOWER(?) AND pwd_hash = ?");
|
|
||||||
$sth->execute([$login, $pwd_hash]);
|
|
||||||
|
|
||||||
if ($row = $sth->fetch()) {
|
|
||||||
|
|
||||||
$new_uid = $row['id'];
|
$new_uid = $row['id'];
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,7 @@
|
||||||
<?php
|
<?php
|
||||||
class UserHelper {
|
class UserHelper {
|
||||||
|
|
||||||
static function authenticate($login, $password, $check_only = false, $service = false) {
|
static function authenticate(string $login = null, string $password = null, bool $check_only = false, string $service = null) {
|
||||||
|
|
||||||
if (!SINGLE_USER_MODE) {
|
if (!SINGLE_USER_MODE) {
|
||||||
$user_id = false;
|
$user_id = false;
|
||||||
$auth_module = false;
|
$auth_module = false;
|
||||||
|
@ -71,7 +70,7 @@ class UserHelper {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static function load_user_plugins($owner_uid, $pluginhost = false) {
|
static function load_user_plugins(int $owner_uid, PluginHost $pluginhost = null) {
|
||||||
|
|
||||||
if (!$pluginhost) $pluginhost = PluginHost::getInstance();
|
if (!$pluginhost) $pluginhost = PluginHost::getInstance();
|
||||||
|
|
||||||
|
@ -145,4 +144,17 @@ class UserHelper {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static function find_user_by_login(string $login) {
|
||||||
|
$pdo = Db::pdo();
|
||||||
|
|
||||||
|
$sth = $pdo->prepare("SELECT id FROM ttrss_users WHERE
|
||||||
|
LOWER(login) = LOWER(?)");
|
||||||
|
$sth->execute([$login]);
|
||||||
|
|
||||||
|
if ($row = $sth->fetch()) {
|
||||||
|
return $row["id"];
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
21
register.php
21
register.php
|
@ -73,12 +73,8 @@
|
||||||
if ($action == "check") {
|
if ($action == "check") {
|
||||||
header("Content-Type: application/xml");
|
header("Content-Type: application/xml");
|
||||||
|
|
||||||
$login = trim(db_escape_string( $_REQUEST['login']));
|
$login = clean($_REQUEST['login']);
|
||||||
|
$is_registered = UserHelper::find_user_by_login($login);
|
||||||
$result = db_query( "SELECT id FROM ttrss_users WHERE
|
|
||||||
LOWER(login) = LOWER('$login')");
|
|
||||||
|
|
||||||
$is_registered = db_num_rows($result) > 0;
|
|
||||||
|
|
||||||
print "<result>";
|
print "<result>";
|
||||||
|
|
||||||
|
@ -258,10 +254,7 @@
|
||||||
|
|
||||||
if ($test == "four" || $test == "4") {
|
if ($test == "four" || $test == "4") {
|
||||||
|
|
||||||
$result = db_query( "SELECT id FROM ttrss_users WHERE
|
$is_registered = UserHelper::find_user_by_login($login);
|
||||||
login = '$login'");
|
|
||||||
|
|
||||||
$is_registered = db_num_rows($result) > 0;
|
|
||||||
|
|
||||||
if ($is_registered) {
|
if ($is_registered) {
|
||||||
print_error(__('Sorry, this username is already taken.'));
|
print_error(__('Sorry, this username is already taken.'));
|
||||||
|
@ -279,18 +272,14 @@
|
||||||
(login,pwd_hash,access_level,last_login, email, created, salt)
|
(login,pwd_hash,access_level,last_login, email, created, salt)
|
||||||
VALUES (LOWER('$login'), '$pwd_hash', 0, null, '$email', NOW(), '$salt')");
|
VALUES (LOWER('$login'), '$pwd_hash', 0, null, '$email', NOW(), '$salt')");
|
||||||
|
|
||||||
$result = db_query( "SELECT id FROM ttrss_users WHERE
|
$new_uid = UserHelper::find_user_by_login($login);
|
||||||
login = '$login' AND pwd_hash = '$pwd_hash'");
|
|
||||||
|
|
||||||
if (db_num_rows($result) != 1) {
|
if (!$new_uid) {
|
||||||
print_error(__('Registration failed.'));
|
print_error(__('Registration failed.'));
|
||||||
print "<p><form method=\"GET\" action=\"index.php\">
|
print "<p><form method=\"GET\" action=\"index.php\">
|
||||||
<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
|
<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
|
||||||
</form>";
|
</form>";
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
$new_uid = db_fetch_result($result, 0, "id");
|
|
||||||
|
|
||||||
Pref_Users::initialize_user($new_uid);
|
Pref_Users::initialize_user($new_uid);
|
||||||
|
|
||||||
$reg_text = "Hi!\n".
|
$reg_text = "Hi!\n".
|
||||||
|
|
|
@ -502,13 +502,10 @@
|
||||||
|
|
||||||
Debug::log("Exporting feeds of user $user to $filename as OPML...");
|
Debug::log("Exporting feeds of user $user to $filename as OPML...");
|
||||||
|
|
||||||
$sth = $pdo->prepare("SELECT id FROM ttrss_users WHERE LOWER(login) = LOWER(?)");
|
if ($owner_uid = UserHelper::find_user_by_login($user)) {
|
||||||
$sth->execute([$user]);
|
|
||||||
|
|
||||||
if ($res = $sth->fetch()) {
|
|
||||||
$opml = new OPML("");
|
$opml = new OPML("");
|
||||||
|
|
||||||
$rc = $opml->opml_export($filename, $res["id"], false, true, true);
|
$rc = $opml->opml_export($filename, $owner_uid, false, true, true);
|
||||||
|
|
||||||
Debug::log($rc ? "Success." : "Failed.");
|
Debug::log($rc ? "Success." : "Failed.");
|
||||||
} else {
|
} else {
|
||||||
|
|
Loading…
Reference in New Issue