http user auth, password changer in preferences
This commit is contained in:
parent
99620a7fe0
commit
1c7f75ed2c
63
backend.php
63
backend.php
|
@ -1,6 +1,8 @@
|
||||||
<?
|
<?
|
||||||
session_start();
|
session_start();
|
||||||
|
|
||||||
|
if (!$_SESSION["uid"]) { exit; }
|
||||||
|
|
||||||
define(SCHEMA_VERSION, 2);
|
define(SCHEMA_VERSION, 2);
|
||||||
|
|
||||||
require_once "config.php";
|
require_once "config.php";
|
||||||
|
@ -9,8 +11,8 @@
|
||||||
require_once "functions.php";
|
require_once "functions.php";
|
||||||
require_once "magpierss/rss_fetch.inc";
|
require_once "magpierss/rss_fetch.inc";
|
||||||
|
|
||||||
$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
|
// $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
|
||||||
$_SESSION["name"] = PLACEHOLDER_NAME;
|
// $_SESSION["name"] = PLACEHOLDER_NAME;
|
||||||
|
|
||||||
$op = $_REQUEST["op"];
|
$op = $_REQUEST["op"];
|
||||||
|
|
||||||
|
@ -1578,6 +1580,34 @@
|
||||||
print "Unknown option: $pref_name";
|
print "Unknown option: $pref_name";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
} else if ($subop == "Change password") {
|
||||||
|
|
||||||
|
if (WEB_DEMO_MODE) return;
|
||||||
|
|
||||||
|
$old_pw = $_POST["OLD_PASSWORD"];
|
||||||
|
$new_pw = $_POST["OLD_PASSWORD"];
|
||||||
|
|
||||||
|
$old_pw_hash = 'SHA1:' . sha1($_POST["OLD_PASSWORD"]);
|
||||||
|
$new_pw_hash = 'SHA1:' . sha1($_POST["NEW_PASSWORD"]);
|
||||||
|
|
||||||
|
$active_uid = $_SESSION["uid"];
|
||||||
|
|
||||||
|
if ($old_pw && $new_pw) {
|
||||||
|
|
||||||
|
$login = db_escape_string($_SERVER['PHP_AUTH_USER']);
|
||||||
|
|
||||||
|
$result = db_query($link, "SELECT id FROM ttrss_users WHERE
|
||||||
|
id = '$active_uid' AND (pwd_hash = '$old_pw' OR
|
||||||
|
pwd_hash = '$old_pw_hash')");
|
||||||
|
|
||||||
|
if (db_num_rows($result) == 1) {
|
||||||
|
db_query($link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash'
|
||||||
|
WHERE id = '$active_uid'");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
header("Location: prefs.php");
|
||||||
|
|
||||||
} else if ($subop == "Reset to defaults") {
|
} else if ($subop == "Reset to defaults") {
|
||||||
|
|
||||||
if (WEB_DEMO_MODE) return;
|
if (WEB_DEMO_MODE) return;
|
||||||
|
@ -1591,6 +1621,29 @@
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
|
print "<form action=\"backend.php\" method=\"POST\">";
|
||||||
|
|
||||||
|
print "<table width=\"100%\" class=\"prefPrefsList\">";
|
||||||
|
print "<tr><td colspan='3'><h3>Authentication</h3></tr></td>";
|
||||||
|
|
||||||
|
print "<tr><td width=\"40%\">Old password</td>";
|
||||||
|
print "<td><input class=\"editbox\" type=\"password\"
|
||||||
|
name=\"OLD_PASSWORD\"></td></tr>";
|
||||||
|
|
||||||
|
print "<tr><td width=\"40%\">New password</td>";
|
||||||
|
|
||||||
|
print "<td><input class=\"editbox\" type=\"password\"
|
||||||
|
name=\"NEW_PASSWORD\"></td></tr>";
|
||||||
|
|
||||||
|
print "</table>";
|
||||||
|
|
||||||
|
print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">";
|
||||||
|
|
||||||
|
print "<p><input class=\"button\" type=\"submit\"
|
||||||
|
value=\"Change password\" name=\"subop\">";
|
||||||
|
|
||||||
|
print "</form>";
|
||||||
|
|
||||||
$result = db_query($link, "SELECT
|
$result = db_query($link, "SELECT
|
||||||
ttrss_user_prefs.pref_name,short_desc,help_text,value,type_name,
|
ttrss_user_prefs.pref_name,short_desc,help_text,value,type_name,
|
||||||
section_name,def_value
|
section_name,def_value
|
||||||
|
@ -1602,8 +1655,6 @@
|
||||||
|
|
||||||
print "<form action=\"backend.php\" method=\"POST\">";
|
print "<form action=\"backend.php\" method=\"POST\">";
|
||||||
|
|
||||||
print "<table width=\"100%\" class=\"prefPrefsList\">";
|
|
||||||
|
|
||||||
$lnum = 0;
|
$lnum = 0;
|
||||||
|
|
||||||
$active_section = "";
|
$active_section = "";
|
||||||
|
@ -1613,8 +1664,10 @@
|
||||||
if ($active_section != $line["section_name"]) {
|
if ($active_section != $line["section_name"]) {
|
||||||
|
|
||||||
if ($active_section != "") {
|
if ($active_section != "") {
|
||||||
print "</table><p><table width=\"100%\" class=\"prefPrefsList\">";
|
print "</table>";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
print "<p><table width=\"100%\" class=\"prefPrefsList\">";
|
||||||
|
|
||||||
$active_section = $line["section_name"];
|
$active_section = $line["section_name"];
|
||||||
|
|
||||||
|
|
|
@ -4,8 +4,8 @@
|
||||||
require_once 'config.php';
|
require_once 'config.php';
|
||||||
require_once 'db-prefs.php';
|
require_once 'db-prefs.php';
|
||||||
|
|
||||||
$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
|
// $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
|
||||||
$_SESSION["name"] = PLACEHOLDER_NAME;
|
// $_SESSION["name"] = PLACEHOLDER_NAME;
|
||||||
|
|
||||||
define('MAGPIE_OUTPUT_ENCODING', 'UTF-8');
|
define('MAGPIE_OUTPUT_ENCODING', 'UTF-8');
|
||||||
|
|
||||||
|
@ -516,4 +516,29 @@
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function authenticate_user($link) {
|
||||||
|
|
||||||
|
if (!$_SERVER['PHP_AUTH_USER']) {
|
||||||
|
|
||||||
|
header('WWW-Authenticate: Basic realm="Tiny Tiny RSS"');
|
||||||
|
header('HTTP/1.0 401 Unauthorized');
|
||||||
|
print "<h1>401 Unathorized</h1>";
|
||||||
|
exit;
|
||||||
|
|
||||||
|
} else {
|
||||||
|
|
||||||
|
$login = db_escape_string($_SERVER['PHP_AUTH_USER']);
|
||||||
|
$password = db_escape_string($_SERVER['PHP_AUTH_PW']);
|
||||||
|
$pwd_hash = 'SHA1:' . sha1($password);
|
||||||
|
|
||||||
|
$result = db_query($link, "SELECT id,login FROM ttrss_users WHERE
|
||||||
|
login = '$login' AND (pwd_hash = '$password' OR pwd_hash = '$pwd_hash')");
|
||||||
|
|
||||||
|
if (db_num_rows($result) == 1) {
|
||||||
|
$_SESSION["uid"] = db_fetch_result($result, 0, "id");
|
||||||
|
$_SESSION["name"] = db_fetch_result($result, 0, "login");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
2
opml.php
2
opml.php
|
@ -13,7 +13,7 @@
|
||||||
require_once "db.php";
|
require_once "db.php";
|
||||||
require_once "db-prefs.php";
|
require_once "db-prefs.php";
|
||||||
|
|
||||||
$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
|
// $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
|
||||||
|
|
||||||
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
|
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
|
||||||
|
|
||||||
|
|
|
@ -8,8 +8,8 @@
|
||||||
|
|
||||||
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
|
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
|
||||||
|
|
||||||
$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
|
// $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
|
||||||
$_SESSION["name"] = PLACEHOLDER_NAME;
|
// $_SESSION["name"] = PLACEHOLDER_NAME;
|
||||||
|
|
||||||
initialize_user_prefs($link, $_SESSION["uid"]);
|
initialize_user_prefs($link, $_SESSION["uid"]);
|
||||||
// FIXME this needs to be moved somewhere after user creation
|
// FIXME this needs to be moved somewhere after user creation
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
<?
|
<?
|
||||||
session_start();
|
session_start();
|
||||||
|
|
||||||
require_once "version.php";
|
require_once "version.php";
|
||||||
require_once "config.php";
|
require_once "config.php";
|
||||||
require_once "db-prefs.php";
|
require_once "db-prefs.php";
|
||||||
|
@ -8,9 +8,10 @@
|
||||||
|
|
||||||
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
|
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
|
||||||
|
|
||||||
$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
|
authenticate_user($link);
|
||||||
$_SESSION["name"] = PLACEHOLDER_NAME;
|
|
||||||
|
|
||||||
|
// $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
|
||||||
|
// $_SESSION["name"] = PLACEHOLDER_NAME;
|
||||||
|
|
||||||
initialize_user_prefs($link, $_SESSION["uid"]);
|
initialize_user_prefs($link, $_SESSION["uid"]);
|
||||||
// FIXME this needs to be moved somewhere after user creation
|
// FIXME this needs to be moved somewhere after user creation
|
||||||
|
|
|
@ -1,4 +1,3 @@
|
||||||
<?
|
<?
|
||||||
define(VERSION, "1.0.7.99");
|
define(VERSION, "1.0.7.99");
|
||||||
?>
|
?>
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue