http user auth, password changer in preferences

This commit is contained in:
Andrew Dolgov 2005-11-18 07:04:32 +01:00
parent 99620a7fe0
commit 1c7f75ed2c
7 changed files with 93 additions and 14 deletions

View File

@ -1,6 +1,8 @@
<?
session_start();
if (!$_SESSION["uid"]) { exit; }
define(SCHEMA_VERSION, 2);
require_once "config.php";
@ -9,8 +11,8 @@
require_once "functions.php";
require_once "magpierss/rss_fetch.inc";
$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
$_SESSION["name"] = PLACEHOLDER_NAME;
// $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
// $_SESSION["name"] = PLACEHOLDER_NAME;
$op = $_REQUEST["op"];
@ -1578,6 +1580,34 @@
print "Unknown option: $pref_name";
}
} else if ($subop == "Change password") {
if (WEB_DEMO_MODE) return;
$old_pw = $_POST["OLD_PASSWORD"];
$new_pw = $_POST["OLD_PASSWORD"];
$old_pw_hash = 'SHA1:' . sha1($_POST["OLD_PASSWORD"]);
$new_pw_hash = 'SHA1:' . sha1($_POST["NEW_PASSWORD"]);
$active_uid = $_SESSION["uid"];
if ($old_pw && $new_pw) {
$login = db_escape_string($_SERVER['PHP_AUTH_USER']);
$result = db_query($link, "SELECT id FROM ttrss_users WHERE
id = '$active_uid' AND (pwd_hash = '$old_pw' OR
pwd_hash = '$old_pw_hash')");
if (db_num_rows($result) == 1) {
db_query($link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash'
WHERE id = '$active_uid'");
}
}
header("Location: prefs.php");
} else if ($subop == "Reset to defaults") {
if (WEB_DEMO_MODE) return;
@ -1591,6 +1621,29 @@
} else {
print "<form action=\"backend.php\" method=\"POST\">";
print "<table width=\"100%\" class=\"prefPrefsList\">";
print "<tr><td colspan='3'><h3>Authentication</h3></tr></td>";
print "<tr><td width=\"40%\">Old password</td>";
print "<td><input class=\"editbox\" type=\"password\"
name=\"OLD_PASSWORD\"></td></tr>";
print "<tr><td width=\"40%\">New password</td>";
print "<td><input class=\"editbox\" type=\"password\"
name=\"NEW_PASSWORD\"></td></tr>";
print "</table>";
print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">";
print "<p><input class=\"button\" type=\"submit\"
value=\"Change password\" name=\"subop\">";
print "</form>";
$result = db_query($link, "SELECT
ttrss_user_prefs.pref_name,short_desc,help_text,value,type_name,
section_name,def_value
@ -1602,8 +1655,6 @@
print "<form action=\"backend.php\" method=\"POST\">";
print "<table width=\"100%\" class=\"prefPrefsList\">";
$lnum = 0;
$active_section = "";
@ -1613,8 +1664,10 @@
if ($active_section != $line["section_name"]) {
if ($active_section != "") {
print "</table><p><table width=\"100%\" class=\"prefPrefsList\">";
print "</table>";
}
print "<p><table width=\"100%\" class=\"prefPrefsList\">";
$active_section = $line["section_name"];

View File

@ -4,8 +4,8 @@
require_once 'config.php';
require_once 'db-prefs.php';
$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
$_SESSION["name"] = PLACEHOLDER_NAME;
// $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
// $_SESSION["name"] = PLACEHOLDER_NAME;
define('MAGPIE_OUTPUT_ENCODING', 'UTF-8');
@ -516,4 +516,29 @@
}
function authenticate_user($link) {
if (!$_SERVER['PHP_AUTH_USER']) {
header('WWW-Authenticate: Basic realm="Tiny Tiny RSS"');
header('HTTP/1.0 401 Unauthorized');
print "<h1>401 Unathorized</h1>";
exit;
} else {
$login = db_escape_string($_SERVER['PHP_AUTH_USER']);
$password = db_escape_string($_SERVER['PHP_AUTH_PW']);
$pwd_hash = 'SHA1:' . sha1($password);
$result = db_query($link, "SELECT id,login FROM ttrss_users WHERE
login = '$login' AND (pwd_hash = '$password' OR pwd_hash = '$pwd_hash')");
if (db_num_rows($result) == 1) {
$_SESSION["uid"] = db_fetch_result($result, 0, "id");
$_SESSION["name"] = db_fetch_result($result, 0, "login");
}
}
}
?>

View File

@ -13,7 +13,7 @@
require_once "db.php";
require_once "db-prefs.php";
$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
// $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);

View File

@ -818,3 +818,4 @@ function dispOptionHelp(event, sender) {
} */

View File

@ -8,8 +8,8 @@
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
$_SESSION["name"] = PLACEHOLDER_NAME;
// $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
// $_SESSION["name"] = PLACEHOLDER_NAME;
initialize_user_prefs($link, $_SESSION["uid"]);
// FIXME this needs to be moved somewhere after user creation

View File

@ -1,6 +1,6 @@
<?
session_start();
require_once "version.php";
require_once "config.php";
require_once "db-prefs.php";
@ -8,9 +8,10 @@
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
$_SESSION["name"] = PLACEHOLDER_NAME;
authenticate_user($link);
// $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
// $_SESSION["name"] = PLACEHOLDER_NAME;
initialize_user_prefs($link, $_SESSION["uid"]);
// FIXME this needs to be moved somewhere after user creation

View File

@ -1,4 +1,3 @@
<?
define(VERSION, "1.0.7.99");
?>