valvin
/
ttrss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add UserHelper::find_user_by_login() and rewrite some user checks to invoke it instead of going through PDO

This commit is contained in:
Andrew Dolgov 2021-02-11 10:22:27 +03:00
parent 7af8744c85
commit 09e9f34bb4
7 changed files with 51 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
classes/api.php
View File

@ -59,35 +59,25 @@ class API extends Handler {
if (SINGLE_USER_MODE) $login = "admin";
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE LOWER(login) = LOWER(?)");
$sth->execute([$login]);
if ($row = $sth->fetch()) {
$uid = $row["id"];
if ($uid = UserHelper::find_user_by_login($login)) {
if (get_pref("ENABLE_API_ACCESS", $uid)) {
if (UserHelper::authenticate($login, $password, false, Auth_Base::AUTH_SERVICE_API)) { // try login with normal password
$this->wrap(self::STATUS_OK, array("session_id" => session_id(),
"api_level" => self::API_LEVEL));
} else if (UserHelper::authenticate($login, $password_base64, false, Auth_Base::AUTH_SERVICE_API)) { // else try with base64_decoded password
$this->wrap(self::STATUS_OK, array("session_id" => session_id(),
"api_level" => self::API_LEVEL));
} else { // else we are not logged in
user_error("Failed login attempt for $login from " . UserHelper::get_user_ip(), E_USER_WARNING);
$this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR"));
}
} else {
$this->wrap(self::STATUS_ERR, array("error" => "API_DISABLED"));
}
} else {
$uid = 0;
}
if (!$uid) {
$this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR"));
return;
}
if (get_pref("ENABLE_API_ACCESS", $uid)) {
if (UserHelper::authenticate($login, $password, false, Auth_Base::AUTH_SERVICE_API)) { // try login with normal password
$this->wrap(self::STATUS_OK, array("session_id" => session_id(),
"api_level" => self::API_LEVEL));
} else if (UserHelper::authenticate($login, $password_base64, false, Auth_Base::AUTH_SERVICE_API)) { // else try with base64_decoded password
$this->wrap(self::STATUS_OK, array("session_id" => session_id(),
"api_level" => self::API_LEVEL));
} else { // else we are not logged in
user_error("Failed login attempt for $login from " . UserHelper::get_user_ip(), E_USER_WARNING);
$this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR"));
}
} else {
$this->wrap(self::STATUS_ERR, array("error" => "API_DISABLED"));
}
}
function logout() {

27
classes/auth/base.php
View File

@ -15,13 +15,14 @@ abstract class Auth_Base extends Plugin implements IAuthModule {
// Auto-creates specified user if allowed by system configuration
// Can be used instead of find_user_by_login() by external auth modules
function auto_create_user($login, $password = false) {
function auto_create_user(string $login, $password = false) {
if ($login && defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE) {
$user_id = $this->find_user_by_login($login);
if (!$password) $password = make_password();
$user_id = UserHelper::find_user_by_login($login);
if (!$user_id) {
if (!$password) $password = make_password();
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
$pwd_hash = encrypt_password($password, $salt, true);
@ -30,26 +31,18 @@ abstract class Auth_Base extends Plugin implements IAuthModule {
VALUES (LOWER(?), 0, null, NOW(), ?,?)");
$sth->execute([$login, $pwd_hash, $salt]);
return $this->find_user_by_login($login);
return UserHelper::find_user_by_login($login);
} else {
return $user_id;
}
}
return $this->find_user_by_login($login);
return UserHelper::find_user_by_login($login);
}
function find_user_by_login($login) {
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
LOWER(login) = LOWER(?)");
$sth->execute([$login]);
if ($row = $sth->fetch()) {
return $row["id"];
} else {
return false;
}
// @deprecated
function find_user_by_login(string $login) {
return UserHelper::find_user_by_login($login);
}
}

8
classes/handler/public.php
View File

@ -248,19 +248,15 @@ class Handler_Public extends Handler {
$login = clean($_REQUEST["login"]);
$fresh = clean($_REQUEST["fresh"]) == "1";
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE LOWER(login) = LOWER(?)");
$sth->execute([$login]);
if ($row = $sth->fetch()) {
$uid = $row["id"];
$uid = UserHelper::find_user_by_login($login);
if ($uid) {
print Feeds::getGlobalUnread($uid);
if ($fresh) {
print ";";
print Feeds::getFeedArticles(-3, false, true, $uid);
}
} else {
print "-1;User not found";
}

12
classes/pref/users.php
View File

@ -237,22 +237,14 @@ class Pref_Users extends Handler_Protected {
if (!$login) return; // no blank usernames
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
LOWER(login) = LOWER(?)");
$sth->execute([$login]);
if (!$sth->fetch()) {
if (!UserHelper::find_user_by_login($login)) {
$sth = $this->pdo->prepare("INSERT INTO ttrss_users
(login,pwd_hash,access_level,last_login,created, salt)
VALUES (LOWER(?), ?, 0, null, NOW(), ?)");
$sth->execute([$login, $pwd_hash, $salt]);
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
LOWER(login) = LOWER(?) AND pwd_hash = ?");
$sth->execute([$login, $pwd_hash]);
if ($row = $sth->fetch()) {
if ($new_uid = UserHelper::find_user_by_login($login)) {
$new_uid = $row['id'];

18
classes/userhelper.php
View File

@ -1,8 +1,7 @@
<?php
class UserHelper {
static function authenticate($login, $password, $check_only = false, $service = false) {
static function authenticate(string $login = null, string $password = null, bool $check_only = false, string $service = null) {
if (!SINGLE_USER_MODE) {
$user_id = false;
$auth_module = false;
@ -71,7 +70,7 @@ class UserHelper {
}
}
static function load_user_plugins($owner_uid, $pluginhost = false) {
static function load_user_plugins(int $owner_uid, PluginHost $pluginhost = null) {
if (!$pluginhost) $pluginhost = PluginHost::getInstance();
@ -145,4 +144,17 @@ class UserHelper {
}
}
static function find_user_by_login(string $login) {
$pdo = Db::pdo();
$sth = $pdo->prepare("SELECT id FROM ttrss_users WHERE
LOWER(login) = LOWER(?)");
$sth->execute([$login]);
if ($row = $sth->fetch()) {
return $row["id"];
}
return false;
}
}

21
register.php
View File

@ -73,12 +73,8 @@
if ($action == "check") {
header("Content-Type: application/xml");
$login = trim(db_escape_string( $_REQUEST['login']));
$result = db_query( "SELECT id FROM ttrss_users WHERE
LOWER(login) = LOWER('$login')");
$is_registered = db_num_rows($result) > 0;
$login = clean($_REQUEST['login']);
$is_registered = UserHelper::find_user_by_login($login);
print "<result>";
@ -258,10 +254,7 @@
if ($test == "four" || $test == "4") {
$result = db_query( "SELECT id FROM ttrss_users WHERE
login = '$login'");
$is_registered = db_num_rows($result) > 0;
$is_registered = UserHelper::find_user_by_login($login);
if ($is_registered) {
print_error(__('Sorry, this username is already taken.'));
@ -279,18 +272,14 @@
(login,pwd_hash,access_level,last_login, email, created, salt)
VALUES (LOWER('$login'), '$pwd_hash', 0, null, '$email', NOW(), '$salt')");
$result = db_query( "SELECT id FROM ttrss_users WHERE
login = '$login' AND pwd_hash = '$pwd_hash'");
$new_uid = UserHelper::find_user_by_login($login);
if (db_num_rows($result) != 1) {
if (!$new_uid) {
print_error(__('Registration failed.'));
print "<p><form method=\"GET\" action=\"index.php\">
<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
</form>";
} else {
$new_uid = db_fetch_result($result, 0, "id");
Pref_Users::initialize_user($new_uid);
$reg_text = "Hi!\n".

7
update.php
View File

@ -502,13 +502,10 @@
Debug::log("Exporting feeds of user $user to $filename as OPML...");
$sth = $pdo->prepare("SELECT id FROM ttrss_users WHERE LOWER(login) = LOWER(?)");
$sth->execute([$user]);
if ($res = $sth->fetch()) {
if ($owner_uid = UserHelper::find_user_by_login($user)) {
$opml = new OPML("");
$rc = $opml->opml_export($filename, $res["id"], false, true, true);
$rc = $opml->opml_export($filename, $owner_uid, false, true, true);
Debug::log($rc ? "Success." : "Failed.");
} else {