diff options
author | Andrew Dolgov <[email protected]> | 2019-11-01 15:03:57 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2019-11-01 15:03:57 +0300 |
commit | 249130e58ddd20c5ad937f75e0e6cf3e4f6792a3 (patch) | |
tree | 8e896bc621989df3b8c1baae8078a7fb9371d6b2 /plugins/auth_internal/init.php | |
parent | b158103f2f6a3295d00dc4a1344b8bc38bcb43a4 (diff) |
implement app password checking / management UI
Diffstat (limited to 'plugins/auth_internal/init.php')
-rw-r--r-- | plugins/auth_internal/init.php | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/plugins/auth_internal/init.php b/plugins/auth_internal/init.php index 576f8ef05..a374c0948 100644 --- a/plugins/auth_internal/init.php +++ b/plugins/auth_internal/init.php @@ -258,6 +258,28 @@ } private function check_app_password($login, $password, $service) { + $sth = $this->pdo->prepare("SELECT p.id, p.pwd_hash, u.id AS uid + FROM ttrss_app_passwords p, ttrss_users u + WHERE p.owner_uid = u.id AND u.login = ? AND service = ?"); + $sth->execute([$login, $service]); + + while ($row = $sth->fetch()) { + list ($algo, $hash, $salt) = explode(":", $row["pwd_hash"]); + + if ($algo == "SSHA-512") { + $test_hash = hash('sha512', $salt . $password); + + if ($test_hash == $hash) { + $usth = $this->pdo->prepare("UPDATE ttrss_app_passwords SET last_used = NOW() WHERE id = ?"); + $usth->execute([$row['id']]); + + return $row['uid']; + } + } else { + user_error("Got unknown algo of app password for user $login: $algo"); + } + } + return false; } |