From 044cff2d74ece46256201695346d1a0d1d66c746 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@fakecake.org>
Date: Sat, 13 Apr 2013 18:24:27 +0400
Subject: implement basic feed authentication parameter encryption in the
 database (FEED_CRYPT_KEY)

---
 classes/pref/feeds.php | 36 ++++++++++++++++++++++++++++++++----
 1 file changed, 32 insertions(+), 4 deletions(-)

(limited to 'classes/pref')

diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php
index f57cc37d6..4a77ed8cf 100644
--- a/classes/pref/feeds.php
+++ b/classes/pref/feeds.php
@@ -528,6 +528,9 @@ class Pref_Feeds extends Handler_Protected {
 			"SELECT * FROM ttrss_feeds WHERE id = '$feed_id' AND
 				owner_uid = " . $_SESSION["uid"]);
 
+		$auth_pass_encrypted = sql_bool_to_bool(db_fetch_result($result, 0,
+			"auth_pass_encrypted"));
+
 		$title = htmlspecialchars(db_fetch_result($result,
 			0, "title"));
 
@@ -613,7 +616,14 @@ class Pref_Feeds extends Handler_Protected {
 			placeHolder=\"".__("Login")."\"
 			name=\"auth_login\" value=\"$auth_login\"><hr/>";
 
-		$auth_pass = htmlspecialchars(db_fetch_result($result, 0, "auth_pass"));
+		$auth_pass = db_fetch_result($result, 0, "auth_pass");
+
+		if ($auth_pass_encrypted) {
+			require_once "crypt.php";
+			$auth_pass = decrypt_string($auth_pass);
+		}
+
+		$auth_pass = htmlspecialchars($auth_pass);
 
 		print "<input dojoType=\"dijit.form.TextBox\" type=\"password\" name=\"auth_pass\"
 			placeHolder=\"".__("Password")."\"
@@ -936,6 +946,14 @@ class Pref_Feeds extends Handler_Protected {
 		$mark_unread_on_update = checkbox_to_sql_bool(
 			db_escape_string($this->link, $_POST["mark_unread_on_update"]));
 
+		if (strlen(FEED_CRYPT_KEY) > 0) {
+			require_once "crypt.php";
+			$auth_pass = substr(encrypt_string($auth_pass), 0, 250);
+			$auth_pass_encrypted = 'true';
+		} else {
+			$auth_pass_encrypted = 'false';
+		}
+
 		if (get_pref($this->link, 'ENABLE_FEED_CATS')) {
 			if ($cat_id && $cat_id != 0) {
 				$category_qpart = "cat_id = '$cat_id',";
@@ -958,6 +976,7 @@ class Pref_Feeds extends Handler_Protected {
 				purge_interval = '$purge_intl',
 				auth_login = '$auth_login',
 				auth_pass = '$auth_pass',
+				auth_pass_encrypted = $auth_pass_encrypted,
 				private = $private,
 				cache_images = $cache_images,
 				hide_images = $hide_images,
@@ -1003,7 +1022,8 @@ class Pref_Feeds extends Handler_Protected {
 						break;
 
 					case "auth_pass":
-						$qpart = "auth_pass = '$auth_pass'";
+						$qpart = "auth_pass = '$auth_pass' AND
+							auth_pass_encrypted = $auth_pass_encrypted";
 						break;
 
 					case "private":
@@ -1841,12 +1861,20 @@ class Pref_Feeds extends Handler_Protected {
 					"SELECT id FROM ttrss_feeds
 					WHERE feed_url = '$feed' AND owner_uid = ".$_SESSION["uid"]);
 
+				if (strlen(FEED_CRYPT_KEY) > 0) {
+					require_once "crypt.php";
+					$pass = substr(encrypt_string($pass), 0, 250);
+					$auth_pass_encrypted = 'true';
+				} else {
+					$auth_pass_encrypted = 'false';
+				}
+
 				if (db_num_rows($result) == 0) {
 					$result = db_query($this->link,
 						"INSERT INTO ttrss_feeds
-							(owner_uid,feed_url,title,cat_id,auth_login,auth_pass,update_method)
+							(owner_uid,feed_url,title,cat_id,auth_login,auth_pass,update_method,auth_pass_encrypted)
 						VALUES ('".$_SESSION["uid"]."', '$feed',
-							'[Unknown]', $cat_qpart, '$login', '$pass', 0)");
+							'[Unknown]', $cat_qpart, '$login', '$pass', 0, $auth_pass_encrypted)");
 				}
 
 				db_query($this->link, "COMMIT");
-- 
cgit v1.2.3