diff options
Diffstat (limited to 'plugins/auth_internal/init.php')
-rw-r--r-- | plugins/auth_internal/init.php | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/plugins/auth_internal/init.php b/plugins/auth_internal/init.php index 576f8ef05..a374c0948 100644 --- a/plugins/auth_internal/init.php +++ b/plugins/auth_internal/init.php @@ -258,6 +258,28 @@ } private function check_app_password($login, $password, $service) { + $sth = $this->pdo->prepare("SELECT p.id, p.pwd_hash, u.id AS uid + FROM ttrss_app_passwords p, ttrss_users u + WHERE p.owner_uid = u.id AND u.login = ? AND service = ?"); + $sth->execute([$login, $service]); + + while ($row = $sth->fetch()) { + list ($algo, $hash, $salt) = explode(":", $row["pwd_hash"]); + + if ($algo == "SSHA-512") { + $test_hash = hash('sha512', $salt . $password); + + if ($test_hash == $hash) { + $usth = $this->pdo->prepare("UPDATE ttrss_app_passwords SET last_used = NOW() WHERE id = ?"); + $usth->execute([$row['id']]); + + return $row['uid']; + } + } else { + user_error("Got unknown algo of app password for user $login: $algo"); + } + } + return false; } |