From a8cc43a0ff1cf6297577fae8536408287518baf4 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Sun, 14 Feb 2021 15:31:03 +0300 Subject: move logout_user() to UserHelper --- classes/userhelper.php | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'classes/userhelper.php') diff --git a/classes/userhelper.php b/classes/userhelper.php index c9c4dd102..8eb97f5d0 100644 --- a/classes/userhelper.php +++ b/classes/userhelper.php @@ -105,7 +105,7 @@ class UserHelper { } if (empty($_SESSION["uid"])) { - Pref_Users::logout_user(); + UserHelper::logout(); Handler_Public::render_login_form(); exit; @@ -157,4 +157,16 @@ class UserHelper { return false; } + + static function logout() { + if (session_status() === PHP_SESSION_ACTIVE) + session_destroy(); + + if (isset($_COOKIE[session_name()])) { + setcookie(session_name(), '', time()-42000, '/'); + + } + session_commit(); + } + } -- cgit v1.2.3 From 8e79f1717d5270558ffd30c20cc75840b0ecc955 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Mon, 15 Feb 2021 16:07:22 +0300 Subject: prefs: unify naming --- classes/userhelper.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'classes/userhelper.php') diff --git a/classes/userhelper.php b/classes/userhelper.php index 8eb97f5d0..744f77a23 100644 --- a/classes/userhelper.php +++ b/classes/userhelper.php @@ -41,7 +41,7 @@ class UserHelper { $_SESSION["user_agent"] = sha1($_SERVER['HTTP_USER_AGENT']); $_SESSION["pwd_hash"] = $row["pwd_hash"]; - Pref_Prefs::initialize_user_prefs($_SESSION["uid"]); + Pref_Prefs::_init_user_prefs($_SESSION["uid"]); return true; } @@ -64,7 +64,7 @@ class UserHelper { $_SESSION["ip_address"] = UserHelper::get_user_ip(); - Pref_Prefs::initialize_user_prefs($_SESSION["uid"]); + Pref_Prefs::_init_user_prefs($_SESSION["uid"]); return true; } -- cgit v1.2.3 From 39604bedef15b7d56c23ce101d5e74a93bc5620c Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Mon, 15 Feb 2021 16:59:54 +0300 Subject: move reset_password to UserHelper --- classes/userhelper.php | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'classes/userhelper.php') diff --git a/classes/userhelper.php b/classes/userhelper.php index 744f77a23..8e9b9a01b 100644 --- a/classes/userhelper.php +++ b/classes/userhelper.php @@ -169,4 +169,34 @@ class UserHelper { session_commit(); } + static function reset_password($uid, $format_output = false) { + + $pdo = Db::pdo(); + + $sth = $pdo->prepare("SELECT login FROM ttrss_users WHERE id = ?"); + $sth->execute([$uid]); + + if ($row = $sth->fetch()) { + + $login = $row["login"]; + + $new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250); + $tmp_user_pwd = make_password(); + + $pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true); + + $sth = $pdo->prepare("UPDATE ttrss_users + SET pwd_hash = ?, salt = ?, otp_enabled = false + WHERE id = ?"); + $sth->execute([$pwd_hash, $new_salt, $uid]); + + $message = T_sprintf("Changed password of user %s to %s", "$login", "$tmp_user_pwd"); + + if ($format_output) + print_notice($message); + else + print $message; + + } + } } -- cgit v1.2.3 From 9d7ba773ec97bfb44601348c07e818f1a1d2c841 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Tue, 16 Feb 2021 17:13:16 +0300 Subject: move session-related functions to their own namespace --- classes/userhelper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'classes/userhelper.php') diff --git a/classes/userhelper.php b/classes/userhelper.php index 8e9b9a01b..42d50a0f4 100644 --- a/classes/userhelper.php +++ b/classes/userhelper.php @@ -94,7 +94,7 @@ class UserHelper { startup_gettext(); self::load_user_plugins($_SESSION["uid"]); } else { - if (!validate_session()) $_SESSION["uid"] = false; + if (!\Sessions\validate_session()) $_SESSION["uid"] = false; if (empty($_SESSION["uid"])) { -- cgit v1.2.3 From fc0ebf089189ca42875d31b1bec4aa1c27852506 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Fri, 19 Feb 2021 20:21:36 +0300 Subject: move bookmarklet-related methods out of public.php into the plugin --- classes/userhelper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'classes/userhelper.php') diff --git a/classes/userhelper.php b/classes/userhelper.php index 42d50a0f4..7fe1e5557 100644 --- a/classes/userhelper.php +++ b/classes/userhelper.php @@ -107,7 +107,7 @@ class UserHelper { if (empty($_SESSION["uid"])) { UserHelper::logout(); - Handler_Public::render_login_form(); + Handler_Public::_render_login_form(); exit; } -- cgit v1.2.3 From e4107ac9520ca404d4ab49ef79ca74430e8fd772 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Mon, 22 Feb 2021 21:47:48 +0300 Subject: wip: initial for config object --- classes/userhelper.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'classes/userhelper.php') diff --git a/classes/userhelper.php b/classes/userhelper.php index 7fe1e5557..82a2fe05f 100644 --- a/classes/userhelper.php +++ b/classes/userhelper.php @@ -2,7 +2,7 @@ class UserHelper { static function authenticate(string $login = null, string $password = null, bool $check_only = false, string $service = null) { - if (!SINGLE_USER_MODE) { + if (!Config::get(Config::SINGLE_USER_MODE)) { $user_id = false; $auth_module = false; @@ -88,7 +88,7 @@ class UserHelper { static function login_sequence() { $pdo = Db::pdo(); - if (SINGLE_USER_MODE) { + if (Config::get(Config::SINGLE_USER_MODE)) { @session_start(); self::authenticate("admin", null); startup_gettext(); @@ -98,7 +98,7 @@ class UserHelper { if (empty($_SESSION["uid"])) { - if (AUTH_AUTO_LOGIN && self::authenticate(null, null)) { + if (Config::get(Config::AUTH_AUTO_LOGIN) && self::authenticate(null, null)) { $_SESSION["ref_schema_version"] = get_schema_version(true); } else { self::authenticate(null, null, true); -- cgit v1.2.3