deprecate encrypted feed passwords because mcrypt is getting removed from php 7.1

1. transparent decryption for existing installs stays for the time being
2. new passwords are not going to be encrypted even if FEED_CRYPT_KEY is defined
3. added update.php --decrypt-feeds to bulk decrypt existing encrypted passwords
4. updated install to not auto-generate crypt key
5. added warning to config.php-dist

1 files changed, 3 insertions, 17 deletions

diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php
index 2803d68ec..6795236d5 100755
--- a/classes/pref/feeds.php
+++ b/classes/pref/feeds.php
@@ -646,7 +646,7 @@ class Pref_Feeds extends Handler_Protected {
 
 		$auth_pass = $this->dbh->fetch_result($result, 0, "auth_pass");
 
-		if ($auth_pass_encrypted) {
+		if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) {
 			require_once "crypt.php";
 			$auth_pass = decrypt_string($auth_pass);
 		}
@@ -983,14 +983,7 @@ class Pref_Feeds extends Handler_Protected {
 
 		$feed_language = $this->dbh->escape_string(trim($_POST["feed_language"]));
 
-		if (strlen(FEED_CRYPT_KEY) > 0) {
-			require_once "crypt.php";
-			$auth_pass = substr(encrypt_string($auth_pass), 0, 250);
-			$auth_pass_encrypted = 'true';
-		} else {
-			$auth_pass_encrypted = 'false';
-		}
-
+		$auth_pass_encrypted = 'false';
 		$auth_pass = $this->dbh->escape_string($auth_pass);
 
 		if (get_pref('ENABLE_FEED_CATS')) {
@@ -1889,14 +1882,7 @@ class Pref_Feeds extends Handler_Protected {
 					"SELECT id FROM ttrss_feeds
 					WHERE feed_url = '$feed' AND owner_uid = ".$_SESSION["uid"]);
 
-				if (strlen(FEED_CRYPT_KEY) > 0) {
-					require_once "crypt.php";
-					$pass = substr(encrypt_string($pass), 0, 250);
-					$auth_pass_encrypted = 'true';
-				} else {
-					$auth_pass_encrypted = 'false';
-				}
-
+				$auth_pass_encrypted = 'false';
 				$pass = $this->dbh->escape_string($pass);
 
 				if ($this->dbh->num_rows($result) == 0) {