From 6322ac79a020ab584d412d782d62b2ee77d7c6cf Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@fakecake.org>
Date: Wed, 17 Apr 2013 16:23:15 +0400
Subject: remove $link

---
 classes/auth/base.php | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'classes/auth')

diff --git a/classes/auth/base.php b/classes/auth/base.php
index ad7ff3646..c2a6bd704 100644
--- a/classes/auth/base.php
+++ b/classes/auth/base.php
@@ -1,9 +1,9 @@
 <?php
 class Auth_Base {
-	protected $link;
+	protected $dbh;
 
-	function __construct($link) {
-		$this->link = $link;
+	function __construct($dbh) {
+		$this->dbh = $dbh;
 	}
 
 	function check_password($owner_uid, $password) {
@@ -21,7 +21,7 @@ class Auth_Base {
 			$user_id = $this->find_user_by_login($login);
 
 			if (!$user_id) {
-				$login = db_escape_string($this->link, $login);
+				$login = db_escape_string( $login);
 				$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
 				$pwd_hash = encrypt_password($password, $salt, true);
 
@@ -29,7 +29,7 @@ class Auth_Base {
 						(login,access_level,last_login,created,pwd_hash,salt)
 						VALUES ('$login', 0, null, NOW(), '$pwd_hash','$salt')";
 
-				db_query($this->link, $query);
+				db_query( $query);
 
 				return $this->find_user_by_login($login);
 
@@ -42,9 +42,9 @@ class Auth_Base {
 	}
 
 	function find_user_by_login($login) {
-		$login = db_escape_string($this->link, $login);
+		$login = db_escape_string( $login);
 
-		$result = db_query($this->link, "SELECT id FROM ttrss_users WHERE
+		$result = db_query( "SELECT id FROM ttrss_users WHERE
 			login = '$login'");
 
 		if (db_num_rows($result) > 0) {
-- 
cgit v1.2.3


From a0ed0d38d467a7ceb5e576e8b363b5ee1af05ab1 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Wed, 17 Apr 2013 18:27:41 +0400
Subject: auth_remote: fix typo

---
 classes/auth/base.php | 6 ------
 1 file changed, 6 deletions(-)

(limited to 'classes/auth')

diff --git a/classes/auth/base.php b/classes/auth/base.php
index c2a6bd704..102a19778 100644
--- a/classes/auth/base.php
+++ b/classes/auth/base.php
@@ -1,11 +1,5 @@
 <?php
 class Auth_Base {
-	protected $dbh;
-
-	function __construct($dbh) {
-		$this->dbh = $dbh;
-	}
-
 	function check_password($owner_uid, $password) {
 		return false;
 	}
-- 
cgit v1.2.3


From a42c55f02b7e313ab61bf826794d0888f2dceae1 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Wed, 17 Apr 2013 18:34:18 +0400
Subject: fix blank character after opening bracket in function calls

---
 classes/auth/base.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'classes/auth')

diff --git a/classes/auth/base.php b/classes/auth/base.php
index 102a19778..782848a79 100644
--- a/classes/auth/base.php
+++ b/classes/auth/base.php
@@ -15,7 +15,7 @@ class Auth_Base {
 			$user_id = $this->find_user_by_login($login);
 
 			if (!$user_id) {
-				$login = db_escape_string( $login);
+				$login = db_escape_string($login);
 				$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
 				$pwd_hash = encrypt_password($password, $salt, true);
 
@@ -23,7 +23,7 @@ class Auth_Base {
 						(login,access_level,last_login,created,pwd_hash,salt)
 						VALUES ('$login', 0, null, NOW(), '$pwd_hash','$salt')";
 
-				db_query( $query);
+				db_query($query);
 
 				return $this->find_user_by_login($login);
 
@@ -36,9 +36,9 @@ class Auth_Base {
 	}
 
 	function find_user_by_login($login) {
-		$login = db_escape_string( $login);
+		$login = db_escape_string($login);
 
-		$result = db_query( "SELECT id FROM ttrss_users WHERE
+		$result = db_query("SELECT id FROM ttrss_users WHERE
 			login = '$login'");
 
 		if (db_num_rows($result) > 0) {
-- 
cgit v1.2.3


From d9c85e0f112034ca3e3f4d34213f6dcccf9d54e1 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@fakecake.org>
Date: Wed, 17 Apr 2013 20:12:14 +0400
Subject: classes: use OO DB interface

---
 classes/auth/base.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'classes/auth')

diff --git a/classes/auth/base.php b/classes/auth/base.php
index 782848a79..284ac1d38 100644
--- a/classes/auth/base.php
+++ b/classes/auth/base.php
@@ -15,7 +15,7 @@ class Auth_Base {
 			$user_id = $this->find_user_by_login($login);
 
 			if (!$user_id) {
-				$login = db_escape_string($login);
+				$login = $this->dbh->escape_string($login);
 				$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
 				$pwd_hash = encrypt_password($password, $salt, true);
 
@@ -23,7 +23,7 @@ class Auth_Base {
 						(login,access_level,last_login,created,pwd_hash,salt)
 						VALUES ('$login', 0, null, NOW(), '$pwd_hash','$salt')";
 
-				db_query($query);
+				$this->dbh->query($query);
 
 				return $this->find_user_by_login($login);
 
@@ -36,13 +36,13 @@ class Auth_Base {
 	}
 
 	function find_user_by_login($login) {
-		$login = db_escape_string($login);
+		$login = $this->dbh->escape_string($login);
 
-		$result = db_query("SELECT id FROM ttrss_users WHERE
+		$result = $this->dbh->query("SELECT id FROM ttrss_users WHERE
 			login = '$login'");
 
-		if (db_num_rows($result) > 0) {
-			return db_fetch_result($result, 0, "id");
+		if ($this->dbh->num_rows($result) > 0) {
+			return $this->dbh->fetch_result($result, 0, "id");
 		} else {
 			return false;
 		}
-- 
cgit v1.2.3


From 8cb5c64d6251718afd0f5ccb70f5040d9c3cb47a Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@fakecake.org>
Date: Thu, 18 Apr 2013 15:36:54 +0400
Subject: fix auth_base referencing dbh which was not present

---
 classes/auth/base.php | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'classes/auth')

diff --git a/classes/auth/base.php b/classes/auth/base.php
index 284ac1d38..83f99d109 100644
--- a/classes/auth/base.php
+++ b/classes/auth/base.php
@@ -1,5 +1,11 @@
 <?php
 class Auth_Base {
+	private $dbh;
+
+	function __construct() {
+		$this->dbh = Db::get();
+	}
+
 	function check_password($owner_uid, $password) {
 		return false;
 	}
-- 
cgit v1.2.3


From 6f7798b6434f5ef6073447998c436901b507e3df Mon Sep 17 00:00:00 2001
From: Rasmus Lerdorf <rasmus@php.net>
Date: Tue, 7 May 2013 00:35:10 -0700
Subject: Fixing bugs found by static analysis

---
 classes/auth/base.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'classes/auth')

diff --git a/classes/auth/base.php b/classes/auth/base.php
index 83f99d109..c77df5157 100644
--- a/classes/auth/base.php
+++ b/classes/auth/base.php
@@ -16,7 +16,7 @@ class Auth_Base {
 
 	// Auto-creates specified user if allowed by system configuration
 	// Can be used instead of find_user_by_login() by external auth modules
-	function auto_create_user($login) {
+	function auto_create_user($login, $password) {
 		if ($login && defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE) {
 			$user_id = $this->find_user_by_login($login);
 
-- 
cgit v1.2.3


From ea46d90eee462d6fc7724340670550f7f5717372 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Tue, 7 May 2013 12:36:09 +0400
Subject: auth_base: choose random password if not supplied by auth module

---
 classes/auth/base.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'classes/auth')

diff --git a/classes/auth/base.php b/classes/auth/base.php
index c77df5157..69acd0985 100644
--- a/classes/auth/base.php
+++ b/classes/auth/base.php
@@ -16,10 +16,12 @@ class Auth_Base {
 
 	// Auto-creates specified user if allowed by system configuration
 	// Can be used instead of find_user_by_login() by external auth modules
-	function auto_create_user($login, $password) {
+	function auto_create_user($login, $password = false) {
 		if ($login && defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE) {
 			$user_id = $this->find_user_by_login($login);
 
+			if (!$password) $password = make_password();
+
 			if (!$user_id) {
 				$login = $this->dbh->escape_string($login);
 				$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
-- 
cgit v1.2.3