diff options
Diffstat (limited to 'plugins/auth_internal/init.php')
-rw-r--r-- | plugins/auth_internal/init.php | 39 |
1 files changed, 22 insertions, 17 deletions
diff --git a/plugins/auth_internal/init.php b/plugins/auth_internal/init.php index cf6c13780..87c8555c0 100644 --- a/plugins/auth_internal/init.php +++ b/plugins/auth_internal/init.php @@ -1,7 +1,5 @@ <?php class Auth_Internal extends Plugin implements IAuthModule { - - private $link; private $host; function about() { @@ -12,7 +10,6 @@ class Auth_Internal extends Plugin implements IAuthModule { } function init($host) { - $this->link = $host->get_link(); $this->host = $host; $host->add_hook($host::HOOK_AUTH_USER, $this); @@ -25,12 +22,14 @@ class Auth_Internal extends Plugin implements IAuthModule { $login = db_escape_string($login); $otp = db_escape_string($_REQUEST["otp"]); - if (get_schema_version($this->link) > 96) { + if (get_schema_version() > 96) { if (!defined('AUTH_DISABLE_OTP') || !AUTH_DISABLE_OTP) { - $result = db_query($this->link, "SELECT otp_enabled,salt FROM ttrss_users WHERE + + $result = db_query("SELECT otp_enabled,salt FROM ttrss_users WHERE login = '$login'"); if (db_num_rows($result) > 0) { + require_once "lib/otphp/vendor/base32.php"; require_once "lib/otphp/lib/otp.php"; require_once "lib/otphp/lib/totp.php"; @@ -52,17 +51,18 @@ class Auth_Internal extends Plugin implements IAuthModule { $return = urlencode($_REQUEST["return"]); ?><html> <head><title>Tiny Tiny RSS</title></head> - <body> + <?php stylesheet_tag("utility.css") ?> + <body class="otp"><div class="content"> <form action="public.php?return=<?php echo $return ?>" - method="POST"> + method="POST" class="otpform"> <input type="hidden" name="op" value="login"> <input type="hidden" name="login" value="<?php echo htmlspecialchars($login) ?>"> <input type="hidden" name="password" value="<?php echo htmlspecialchars($password) ?>"> <label><?php echo __("Please enter your one time password:") ?></label> - <input type="password" size="6" name="otp"/> + <input autocomplete="off" size="6" name="otp" value=""/> <input type="submit" value="Continue"/> - </form> + </form></div> <script type="text/javascript"> document.forms[0].otp.focus(); </script> @@ -74,9 +74,9 @@ class Auth_Internal extends Plugin implements IAuthModule { } } - if (get_schema_version($this->link) > 87) { + if (get_schema_version() > 87) { - $result = db_query($this->link, "SELECT salt FROM ttrss_users WHERE + $result = db_query("SELECT salt FROM ttrss_users WHERE login = '$login'"); if (db_num_rows($result) != 1) { @@ -94,7 +94,7 @@ class Auth_Internal extends Plugin implements IAuthModule { // verify and upgrade password to new salt base - $result = db_query($this->link, $query); + $result = db_query($query); if (db_num_rows($result) == 1) { // upgrade password to MODE2 @@ -102,7 +102,7 @@ class Auth_Internal extends Plugin implements IAuthModule { $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $pwd_hash = encrypt_password($password, $salt, true); - db_query($this->link, "UPDATE ttrss_users SET + db_query("UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$salt' WHERE login = '$login'"); $query = "SELECT id @@ -130,7 +130,7 @@ class Auth_Internal extends Plugin implements IAuthModule { pwd_hash = '$pwd_hash2')"; } - $result = db_query($this->link, $query); + $result = db_query($query); if (db_num_rows($result) == 1) { return db_fetch_result($result, 0, "id"); @@ -142,7 +142,7 @@ class Auth_Internal extends Plugin implements IAuthModule { function check_password($owner_uid, $password) { $owner_uid = db_escape_string($owner_uid); - $result = db_query($this->link, "SELECT salt,login FROM ttrss_users WHERE + $result = db_query("SELECT salt,login FROM ttrss_users WHERE id = '$owner_uid'"); $salt = db_fetch_result($result, 0, "salt"); @@ -163,7 +163,7 @@ class Auth_Internal extends Plugin implements IAuthModule { id = '$owner_uid' AND pwd_hash = '$password_hash'"; } - $result = db_query($this->link, $query); + $result = db_query($query); return db_num_rows($result) != 0; } @@ -176,7 +176,7 @@ class Auth_Internal extends Plugin implements IAuthModule { $new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $new_password_hash = encrypt_password($new_password, $new_salt, true); - db_query($this->link, "UPDATE ttrss_users SET + db_query("UPDATE ttrss_users SET pwd_hash = '$new_password_hash', salt = '$new_salt', otp_enabled = false WHERE id = '$owner_uid'"); @@ -187,5 +187,10 @@ class Auth_Internal extends Plugin implements IAuthModule { return "ERROR: ".__('Old password is incorrect.'); } } + + function api_version() { + return 2; + } + } ?> |