diff options
| -rw-r--r-- | backend.php | 63 | ||||
| -rw-r--r-- | functions.php | 29 | ||||
| -rw-r--r-- | opml.php | 2 | ||||
| -rw-r--r-- | prefs.js | 1 | ||||
| -rw-r--r-- | prefs.php | 4 | ||||
| -rw-r--r-- | tt-rss.php | 7 | ||||
| -rw-r--r-- | version.php | 1 |
7 files changed, 93 insertions, 14 deletions
diff --git a/backend.php b/backend.php index bc75ead8a..ed8ab6c18 100644 --- a/backend.php +++ b/backend.php @@ -1,6 +1,8 @@ <? session_start(); + if (!$_SESSION["uid"]) { exit; } + define(SCHEMA_VERSION, 2); require_once "config.php"; @@ -9,8 +11,8 @@ require_once "functions.php"; require_once "magpierss/rss_fetch.inc"; - $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder - $_SESSION["name"] = PLACEHOLDER_NAME; +// $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder +// $_SESSION["name"] = PLACEHOLDER_NAME; $op = $_REQUEST["op"]; @@ -1578,6 +1580,34 @@ print "Unknown option: $pref_name"; } + } else if ($subop == "Change password") { + + if (WEB_DEMO_MODE) return; + + $old_pw = $_POST["OLD_PASSWORD"]; + $new_pw = $_POST["OLD_PASSWORD"]; + + $old_pw_hash = 'SHA1:' . sha1($_POST["OLD_PASSWORD"]); + $new_pw_hash = 'SHA1:' . sha1($_POST["NEW_PASSWORD"]); + + $active_uid = $_SESSION["uid"]; + + if ($old_pw && $new_pw) { + + $login = db_escape_string($_SERVER['PHP_AUTH_USER']); + + $result = db_query($link, "SELECT id FROM ttrss_users WHERE + id = '$active_uid' AND (pwd_hash = '$old_pw' OR + pwd_hash = '$old_pw_hash')"); + + if (db_num_rows($result) == 1) { + db_query($link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash' + WHERE id = '$active_uid'"); + } + } + + header("Location: prefs.php"); + } else if ($subop == "Reset to defaults") { if (WEB_DEMO_MODE) return; @@ -1591,6 +1621,29 @@ } else { + print "<form action=\"backend.php\" method=\"POST\">"; + + print "<table width=\"100%\" class=\"prefPrefsList\">"; + print "<tr><td colspan='3'><h3>Authentication</h3></tr></td>"; + + print "<tr><td width=\"40%\">Old password</td>"; + print "<td><input class=\"editbox\" type=\"password\" + name=\"OLD_PASSWORD\"></td></tr>"; + + print "<tr><td width=\"40%\">New password</td>"; + + print "<td><input class=\"editbox\" type=\"password\" + name=\"NEW_PASSWORD\"></td></tr>"; + + print "</table>"; + + print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">"; + + print "<p><input class=\"button\" type=\"submit\" + value=\"Change password\" name=\"subop\">"; + + print "</form>"; + $result = db_query($link, "SELECT ttrss_user_prefs.pref_name,short_desc,help_text,value,type_name, section_name,def_value @@ -1602,8 +1655,6 @@ print "<form action=\"backend.php\" method=\"POST\">"; - print "<table width=\"100%\" class=\"prefPrefsList\">"; - $lnum = 0; $active_section = ""; @@ -1613,8 +1664,10 @@ if ($active_section != $line["section_name"]) { if ($active_section != "") { - print "</table><p><table width=\"100%\" class=\"prefPrefsList\">"; + print "</table>"; } + + print "<p><table width=\"100%\" class=\"prefPrefsList\">"; $active_section = $line["section_name"]; diff --git a/functions.php b/functions.php index d07ce024f..fc9818021 100644 --- a/functions.php +++ b/functions.php @@ -4,8 +4,8 @@ require_once 'config.php'; require_once 'db-prefs.php'; - $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder - $_SESSION["name"] = PLACEHOLDER_NAME; +// $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder +// $_SESSION["name"] = PLACEHOLDER_NAME; define('MAGPIE_OUTPUT_ENCODING', 'UTF-8'); @@ -516,4 +516,29 @@ } + function authenticate_user($link) { + + if (!$_SERVER['PHP_AUTH_USER']) { + + header('WWW-Authenticate: Basic realm="Tiny Tiny RSS"'); + header('HTTP/1.0 401 Unauthorized'); + print "<h1>401 Unathorized</h1>"; + exit; + + } else { + + $login = db_escape_string($_SERVER['PHP_AUTH_USER']); + $password = db_escape_string($_SERVER['PHP_AUTH_PW']); + $pwd_hash = 'SHA1:' . sha1($password); + + $result = db_query($link, "SELECT id,login FROM ttrss_users WHERE + login = '$login' AND (pwd_hash = '$password' OR pwd_hash = '$pwd_hash')"); + + if (db_num_rows($result) == 1) { + $_SESSION["uid"] = db_fetch_result($result, 0, "id"); + $_SESSION["name"] = db_fetch_result($result, 0, "login"); + } + } + } + ?> @@ -13,7 +13,7 @@ require_once "db.php"; require_once "db-prefs.php"; - $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder +// $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); @@ -818,3 +818,4 @@ function dispOptionHelp(event, sender) { } */ + @@ -8,8 +8,8 @@ $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); - $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder - $_SESSION["name"] = PLACEHOLDER_NAME; +// $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder +// $_SESSION["name"] = PLACEHOLDER_NAME; initialize_user_prefs($link, $_SESSION["uid"]); // FIXME this needs to be moved somewhere after user creation diff --git a/tt-rss.php b/tt-rss.php index 769940c70..7b6b11b48 100644 --- a/tt-rss.php +++ b/tt-rss.php @@ -1,6 +1,6 @@ <? session_start(); - + require_once "version.php"; require_once "config.php"; require_once "db-prefs.php"; @@ -8,9 +8,10 @@ $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); - $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder - $_SESSION["name"] = PLACEHOLDER_NAME; + authenticate_user($link); +// $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder +// $_SESSION["name"] = PLACEHOLDER_NAME; initialize_user_prefs($link, $_SESSION["uid"]); // FIXME this needs to be moved somewhere after user creation diff --git a/version.php b/version.php index ec2ce24f6..a8c1fee7c 100644 --- a/version.php +++ b/version.php @@ -1,4 +1,3 @@ <? define(VERSION, "1.0.7.99"); ?> - |