From 8b1a2406e61952fb8c26c8430a13db1093188702 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Mon, 1 Mar 2021 19:32:27 +0300
Subject: userhelper: use orm for a few more user-related things

---
 classes/auth/base.php  | 15 ++++++++-------
 classes/feeds.php      |  5 +++--
 classes/pref/users.php | 19 +++++++------------
 classes/userhelper.php | 42 ++++++++++++++++++------------------------
 4 files changed, 36 insertions(+), 45 deletions(-)

(limited to 'classes')

diff --git a/classes/auth/base.php b/classes/auth/base.php
index 9b2f630c0..883c0df30 100644
--- a/classes/auth/base.php
+++ b/classes/auth/base.php
@@ -23,13 +23,14 @@ abstract class Auth_Base extends Plugin implements IAuthModule {
 
 				if (!$password) $password = make_password();
 
-				$salt = UserHelper::get_salt();
-				$pwd_hash = UserHelper::hash_password($password, $salt, UserHelper::HASH_ALGOS[0]);
-
-				$sth = $this->pdo->prepare("INSERT INTO ttrss_users
-						(login,access_level,last_login,created,pwd_hash,salt)
-						VALUES (LOWER(?), 0, null, NOW(), ?,?)");
-				$sth->execute([$login, $pwd_hash, $salt]);
+				$user = ORM::for_table('ttrss_users')->create();
+
+				$user->salt = UserHelper::get_salt();
+				$user->login = mb_strtolower($login);
+				$user->pwd_hash = UserHelper::hash_password($password, $user->salt);
+				$user->access_level = 0;
+				$user->created = 'NOW()';
+				$user->save();
 
 				return UserHelper::find_user_by_login($login);
 
diff --git a/classes/feeds.php b/classes/feeds.php
index 55a71aebb..bf165f93a 100755
--- a/classes/feeds.php
+++ b/classes/feeds.php
@@ -474,8 +474,9 @@ class Feeds extends Handler_Protected {
 
 		/* bump login timestamp if needed */
 		if (time() - $_SESSION["last_login_update"] > 3600) {
-			$sth = $this->pdo->prepare("UPDATE ttrss_users SET last_login = NOW() WHERE id = ?");
-			$sth->execute([$_SESSION['uid']]);
+			$user = ORM::for_table('ttrss_users')->find_one($_SESSION["uid"]);
+			$user->last_login = 'NOW()';
+			$user->save();
 
 			$_SESSION["last_login_update"] = time();
 		}
diff --git a/classes/pref/users.php b/classes/pref/users.php
index ff9bf1712..071f20a73 100644
--- a/classes/pref/users.php
+++ b/classes/pref/users.php
@@ -113,7 +113,7 @@ class Pref_Users extends Handler_Administrative {
 				if ($id == 1) $login = "admin";
 				if (!$login) return;
 
-				$user->login = $login;
+				$user->login = mb_strtolower($login);
 				$user->access_level = (int) clean($_REQUEST["access_level"]);
 				$user->email = clean($_REQUEST["email"]);
 
@@ -144,30 +144,25 @@ class Pref_Users extends Handler_Administrative {
 
 		function add() {
 			$login = clean($_REQUEST["login"]);
-			$tmp_user_pwd = make_password();
-			$salt = UserHelper::get_salt();
 
 			if (!$login) return; // no blank usernames
 
 			if (!UserHelper::find_user_by_login($login)) {
 
-				$user = ORM::for_table('ttrss_users')->create();
+				$new_password = make_password();
 
-				$tmp_user_pwd = make_password();
-				$salt = UserHelper::get_salt();
+				$user = ORM::for_table('ttrss_users')->create();
 
-				$user->login = $login;
-				$user->pwd_hash = UserHelper::hash_password($tmp_user_pwd, $salt);
+				$user->salt = UserHelper::get_salt();
+				$user->login = mb_strtolower($login);
+				$user->pwd_hash = UserHelper::hash_password($new_password, $user->salt);
 				$user->access_level = 0;
-				$user->salt = $salt;
 				$user->created = 'NOW()';
 				$user->save();
 
 				if ($new_uid = UserHelper::find_user_by_login($login)) {
-
 					print T_sprintf("Added user %s with password %s",
-						$login, $tmp_user_pwd);
-
+						$login, $new_password);
 				} else {
 					print T_sprintf("Could not create user %s", $login);
 				}
diff --git a/classes/userhelper.php b/classes/userhelper.php
index 84dc71383..1d14b51b0 100644
--- a/classes/userhelper.php
+++ b/classes/userhelper.php
@@ -131,8 +131,9 @@ class UserHelper {
 
 			} else {
 				/* bump login timestamp */
-				$sth = $pdo->prepare("UPDATE ttrss_users SET last_login = NOW() WHERE id = ?");
-				$sth->execute([$_SESSION['uid']]);
+				$user = ORM::for_table('ttrss_users')->find_one($_SESSION["uid"]);
+				$user->last_login = 'NOW()';
+				$user->save();
 
 				$_SESSION["last_login_update"] = time();
 			}
@@ -202,38 +203,31 @@ class UserHelper {
 
 	static function reset_password($uid, $format_output = false, $new_password = "") {
 
-		$pdo = Db::pdo();
-
-		$sth = $pdo->prepare("SELECT login FROM ttrss_users WHERE id = ?");
-		$sth->execute([$uid]);
+		$user = ORM::for_table('ttrss_users')->find_one($uid);
+		$message = "";
 
-		if ($row = $sth->fetch()) {
+		if ($user) {
 
-			$login = $row["login"];
+			$login = $user->login;
 
 			$new_salt = self::get_salt();
 			$tmp_user_pwd = $new_password ? $new_password : make_password();
 
 			$pwd_hash = self::hash_password($tmp_user_pwd, $new_salt, self::HASH_ALGOS[0]);
 
-			$user = ORM::for_table('ttrss_users')->find_one($uid);
-
-			if ($user) {
-				$user->pwd_hash = $pwd_hash;
-				$user->salt = $new_salt;
-				$user->save();
-
-				$message = T_sprintf("Changed password of user %s to %s", "<strong>$login</strong>", "<strong>$tmp_user_pwd</strong>");
-			} else {
-				$message = T_sprintf("User not found: %s", $login);
-			}
-
-			if ($format_output)
-				print_notice($message);
-			else
-				print $message;
+			$user->pwd_hash = $pwd_hash;
+			$user->salt = $new_salt;
+			$user->save();
 
+			$message = T_sprintf("Changed password of user %s to %s", "<strong>$login</strong>", "<strong>$tmp_user_pwd</strong>");
+		} else {
+			$message = __("User not found");
 		}
+
+		if ($format_output)
+			print_notice($message);
+		else
+			print $message;
 	}
 
 	static function check_otp(int $owner_uid, int $otp_check) : bool {
-- 
cgit v1.2.3