Ejemplo n.º 1
0
 function log_error($errno, $errstr, $file, $line, $context)
 {
     if (Db::get() && get_schema_version() > 117) {
         $errno = Db::get()->escape_string($errno);
         $errstr = Db::get()->escape_string($errstr);
         $file = Db::get()->escape_string($file);
         $line = Db::get()->escape_string($line);
         $context = DB::get()->escape_string($context);
         $owner_uid = $_SESSION["uid"] ? $_SESSION["uid"] : "NULL";
         $result = Db::get()->query("INSERT INTO ttrss_error_log\n\t\t\t\t(errno, errstr, filename, lineno, context, owner_uid, created_at) VALUES\n\t\t\t\t({$errno}, '{$errstr}', '{$file}', '{$line}', '{$context}', {$owner_uid}, NOW())");
         return Db::get()->affected_rows($result) != 0;
     }
     return false;
 }
Ejemplo n.º 2
0
 function log_error($errno, $errstr, $file, $line, $context)
 {
     if (Db::get() && get_schema_version() > 117) {
         $errno = Db::get()->escape_string($errno);
         $errstr = Db::get()->escape_string($errstr);
         $file = Db::get()->escape_string($file);
         $line = Db::get()->escape_string($line);
         $context = '';
         // backtrace is a lot of data which is not really critical to store
         //$context = $this->dbh->escape_string(serialize($context));
         $owner_uid = $_SESSION["uid"] ? $_SESSION["uid"] : "NULL";
         $result = Db::get()->query("INSERT INTO ttrss_error_log\n\t\t\t\t(errno, errstr, filename, lineno, context, owner_uid, created_at) VALUES\n\t\t\t\t({$errno}, '{$errstr}', '{$file}', '{$line}', '{$context}', {$owner_uid}, NOW())");
         return Db::get()->affected_rows($result) != 0;
     }
     return false;
 }
Ejemplo n.º 3
0
function set_pref($link, $key, $value, $user_id = false)
{
    $key = db_escape_string($key);
    $value = db_escape_string($value);
    if (!$user_id) {
        $user_id = $_SESSION["uid"];
        $profile = $_SESSION["profile"];
    } else {
        $user_id = sprintf("%d", $user_id);
        $prefs_cache = false;
    }
    if ($profile) {
        $profile_qpart = "AND profile = '{$profile}'";
    } else {
        $profile_qpart = "AND profile IS NULL";
    }
    if (get_schema_version($link) < 63) {
        $profile_qpart = "";
    }
    $result = db_query($link, "SELECT type_name \n\t\t\tFROM ttrss_prefs,ttrss_prefs_types \n\t\t\tWHERE pref_name = '{$key}' AND type_id = ttrss_prefs_types.id");
    if (db_num_rows($result) > 0) {
        $type_name = db_fetch_result($result, 0, "type_name");
        if ($type_name == "bool") {
            if ($value == "1" || $value == "true") {
                $value = "true";
            } else {
                $value = "false";
            }
        } else {
            if ($type_name == "integer") {
                $value = sprintf("%d", $value);
            }
        }
        if ($pref_name == 'DEFAULT_ARTICLE_LIMIT' && $value == 0) {
            $value = 30;
        }
        db_query($link, "UPDATE ttrss_user_prefs SET \n\t\t\t\tvalue = '{$value}' WHERE pref_name = '{$key}' \n\t\t\t\t\t{$profile_qpart}\n\t\t\t\t\tAND owner_uid = " . $_SESSION["uid"]);
        $_SESSION["prefs_cache"] = array();
    }
}
/**
 * Update a feed batch.
 * Used by daemons to update n feeds by run.
 * Only update feed needing a update, and not being processed
 * by another process.
 *
 * @param mixed $link Database link
 * @param integer $limit Maximum number of feeds in update batch. Default to DAEMON_FEED_LIMIT.
 * @param boolean $from_http Set to true if you call this function from http to disable cli specific code.
 * @param boolean $debug Set to false to disable debug output. Default to true.
 * @return void
 */
function update_daemon_common($limit = DAEMON_FEED_LIMIT, $from_http = false, $debug = true)
{
    // Process all other feeds using last_updated and interval parameters
    $schema_version = get_schema_version();
    if ($schema_version != SCHEMA_VERSION) {
        die("Schema version is wrong, please upgrade the database.\n");
    }
    define('PREFS_NO_CACHE', true);
    // Test if the user has loggued in recently. If not, it does not update its feeds.
    if (!SINGLE_USER_MODE && DAEMON_UPDATE_LOGIN_LIMIT > 0) {
        if (DB_TYPE == "pgsql") {
            $login_thresh_qpart = "AND ttrss_users.last_login >= NOW() - INTERVAL '" . DAEMON_UPDATE_LOGIN_LIMIT . " days'";
        } else {
            $login_thresh_qpart = "AND ttrss_users.last_login >= DATE_SUB(NOW(), INTERVAL " . DAEMON_UPDATE_LOGIN_LIMIT . " DAY)";
        }
    } else {
        $login_thresh_qpart = "";
    }
    // Test if the feed need a update (update interval exceded).
    if (DB_TYPE == "pgsql") {
        $update_limit_qpart = "AND ((\n\t\t\t\t\tttrss_feeds.update_interval = 0\n\t\t\t\t\tAND ttrss_user_prefs.value != '-1'\n\t\t\t\t\tAND ttrss_feeds.last_updated < NOW() - CAST((ttrss_user_prefs.value || ' minutes') AS INTERVAL)\n\t\t\t\t) OR (\n\t\t\t\t\tttrss_feeds.update_interval > 0\n\t\t\t\t\tAND ttrss_feeds.last_updated < NOW() - CAST((ttrss_feeds.update_interval || ' minutes') AS INTERVAL)\n\t\t\t\t) OR ttrss_feeds.last_updated IS NULL\n\t\t\t\tOR last_updated = '1970-01-01 00:00:00')";
    } else {
        $update_limit_qpart = "AND ((\n\t\t\t\t\tttrss_feeds.update_interval = 0\n\t\t\t\t\tAND ttrss_user_prefs.value != '-1'\n\t\t\t\t\tAND ttrss_feeds.last_updated < DATE_SUB(NOW(), INTERVAL CONVERT(ttrss_user_prefs.value, SIGNED INTEGER) MINUTE)\n\t\t\t\t) OR (\n\t\t\t\t\tttrss_feeds.update_interval > 0\n\t\t\t\t\tAND ttrss_feeds.last_updated < DATE_SUB(NOW(), INTERVAL ttrss_feeds.update_interval MINUTE)\n\t\t\t\t) OR ttrss_feeds.last_updated IS NULL\n\t\t\t\tOR last_updated = '1970-01-01 00:00:00')";
    }
    // Test if feed is currently being updated by another process.
    if (DB_TYPE == "pgsql") {
        $updstart_thresh_qpart = "AND (ttrss_feeds.last_update_started IS NULL OR ttrss_feeds.last_update_started < NOW() - INTERVAL '10 minutes')";
    } else {
        $updstart_thresh_qpart = "AND (ttrss_feeds.last_update_started IS NULL OR ttrss_feeds.last_update_started < DATE_SUB(NOW(), INTERVAL 10 MINUTE))";
    }
    // Test if there is a limit to number of updated feeds
    $query_limit = "";
    if ($limit) {
        $query_limit = sprintf("LIMIT %d", $limit);
    }
    $query = "SELECT DISTINCT ttrss_feeds.feed_url, ttrss_feeds.last_updated\n\t\t\tFROM\n\t\t\t\tttrss_feeds, ttrss_users, ttrss_user_prefs\n\t\t\tWHERE\n\t\t\t\tttrss_feeds.owner_uid = ttrss_users.id\n\t\t\t\tAND ttrss_users.id = ttrss_user_prefs.owner_uid\n\t\t\t\tAND ttrss_user_prefs.pref_name = 'DEFAULT_UPDATE_INTERVAL'\n\t\t\t\t{$login_thresh_qpart} {$update_limit_qpart}\n\t\t\t\t{$updstart_thresh_qpart}\n\t\t\t\tORDER BY last_updated {$query_limit}";
    // We search for feed needing update.
    $result = db_query($query);
    if ($debug) {
        _debug(sprintf("Scheduled %d feeds to update...", db_num_rows($result)));
    }
    // Here is a little cache magic in order to minimize risk of double feed updates.
    $feeds_to_update = array();
    while ($line = db_fetch_assoc($result)) {
        array_push($feeds_to_update, db_escape_string($line['feed_url']));
    }
    // We update the feed last update started date before anything else.
    // There is no lag due to feed contents downloads
    // It prevent an other process to update the same feed.
    if (count($feeds_to_update) > 0) {
        $feeds_quoted = array();
        foreach ($feeds_to_update as $feed) {
            array_push($feeds_quoted, "'" . db_escape_string($feed) . "'");
        }
        db_query(sprintf("UPDATE ttrss_feeds SET last_update_started = NOW()\n\t\t\t\tWHERE feed_url IN (%s)", implode(',', $feeds_quoted)));
    }
    $nf = 0;
    // For each feed, we call the feed update function.
    foreach ($feeds_to_update as $feed) {
        if ($debug) {
            _debug("Base feed: {$feed}");
        }
        //update_rss_feed($line["id"], true);
        // since we have the data cached, we can deal with other feeds with the same url
        $tmp_result = db_query("SELECT DISTINCT ttrss_feeds.id,last_updated,ttrss_feeds.owner_uid\n\t\t\tFROM ttrss_feeds, ttrss_users, ttrss_user_prefs WHERE\n\t\t\t\tttrss_user_prefs.owner_uid = ttrss_feeds.owner_uid AND\n\t\t\t\tttrss_users.id = ttrss_user_prefs.owner_uid AND\n\t\t\t\tttrss_user_prefs.pref_name = 'DEFAULT_UPDATE_INTERVAL' AND\n\t\t\t\tfeed_url = '" . db_escape_string($feed) . "' AND\n\t\t\t\t(ttrss_feeds.update_interval > 0 OR\n\t\t\t\t\tttrss_user_prefs.value != '-1')\n\t\t\t\t{$login_thresh_qpart}\n\t\t\tORDER BY ttrss_feeds.id {$query_limit}");
        if (db_num_rows($tmp_result) > 0) {
            while ($tline = db_fetch_assoc($tmp_result)) {
                if ($debug) {
                    _debug(" => " . $tline["last_updated"] . ", " . $tline["id"] . " " . $tline["owner_uid"]);
                }
                update_rss_feed($tline["id"], true);
                ++$nf;
            }
        }
    }
    require_once "digest.php";
    // Send feed digests by email if needed.
    send_headlines_digests($debug);
    return $nf;
}
Ejemplo n.º 5
0
function sanity_check()
{
    require_once 'errors.php';
    global $ERRORS;
    $error_code = 0;
    $schema_version = get_schema_version(true);
    if ($schema_version != SCHEMA_VERSION) {
        $error_code = 5;
    }
    if (DB_TYPE == "mysql") {
        $result = db_query("SELECT true", false);
        if (db_num_rows($result) != 1) {
            $error_code = 10;
        }
    }
    if (db_escape_string("testTEST") != "testTEST") {
        $error_code = 12;
    }
    return array("code" => $error_code, "message" => $ERRORS[$error_code]);
}
Ejemplo n.º 6
0
 function write($pref_name, $value, $user_id = false, $strip_tags = true)
 {
     $pref_name = db_escape_string($pref_name);
     $value = db_escape_string($value, $strip_tags);
     if (!$user_id) {
         $user_id = $_SESSION["uid"];
         @($profile = $_SESSION["profile"]);
     } else {
         $user_id = sprintf("%d", $user_id);
         $prefs_cache = false;
     }
     if ($profile) {
         $profile_qpart = "AND profile = '{$profile}'";
     } else {
         $profile_qpart = "AND profile IS NULL";
     }
     if (get_schema_version() < 63) {
         $profile_qpart = "";
     }
     $type_name = "";
     $current_value = "";
     if (isset($this->cache[$pref_name])) {
         $type_name = $this->cache[$pref_name]["type"];
         $current_value = $this->cache[$pref_name]["value"];
     }
     if (!$type_name) {
         $result = db_query("SELECT type_name\n                FROM ttrss_prefs,ttrss_prefs_types\n                WHERE pref_name = '{$pref_name}' AND type_id = ttrss_prefs_types.id");
         if (db_num_rows($result) > 0) {
             $type_name = db_fetch_result($result, 0, "type_name");
         }
     } elseif ($current_value == $value) {
         return;
     }
     if ($type_name) {
         if ($type_name == "bool") {
             if ($value == "1" || $value == "true") {
                 $value = "true";
             } else {
                 $value = "false";
             }
         } elseif ($type_name == "integer") {
             $value = sprintf("%d", $value);
         }
         if ($pref_name == 'USER_TIMEZONE' && $value == '') {
             $value = 'UTC';
         }
         db_query("UPDATE ttrss_user_prefs SET\n                value = '{$value}' WHERE pref_name = '{$pref_name}'\n                    {$profile_qpart}\n                    AND owner_uid = " . $_SESSION["uid"]);
         if ($user_id == $_SESSION["uid"]) {
             $this->cache[$pref_name]["type"] = $type_name;
             $this->cache[$pref_name]["value"] = $value;
         }
     }
 }
Ejemplo n.º 7
0
<?php 
function getline($fp, $delim)
{
    $result = "";
    while (!feof($fp)) {
        $tmp = fgetc($fp);
        if ($tmp == $delim) {
            return $result;
        }
        $result .= $tmp;
    }
    return $result;
}
$op = $_POST["op"];
$version = get_schema_version($link);
$update_files = glob("schema/versions/" . DB_TYPE . "/*sql");
$update_versions = array();
foreach ($update_files as $f) {
    $m = array();
    preg_match_all("/schema\\/versions\\/" . DB_TYPE . "\\/(\\d*)\\.sql/", $f, $m, PREG_PATTERN_ORDER);
    if ($m[1][0]) {
        $update_versions[$m[1][0]] = $f;
    }
}
ksort($update_versions, SORT_NUMERIC);
$latest_version = max(array_keys($update_versions));
if ($version == $latest_version) {
    if ($version != SCHEMA_VERSION) {
        print_error(__("Could not update database"));
        print "<p>" . __("Could not find necessary schema file, need version:") . " " . SCHEMA_VERSION . __(", found: ") . $latest_version . "</p>";
function set_pref($link, $pref_name, $value, $user_id = false, $strip_tags = true)
{
    $pref_name = db_escape_string($pref_name);
    $value = db_escape_string($value, $strip_tags);
    if (!$user_id) {
        $user_id = $_SESSION["uid"];
        @($profile = $_SESSION["profile"]);
    } else {
        $user_id = sprintf("%d", $user_id);
        $prefs_cache = false;
    }
    if ($profile) {
        $profile_qpart = "AND profile = '{$profile}'";
    } else {
        $profile_qpart = "AND profile IS NULL";
    }
    if (get_schema_version($link) < 63) {
        $profile_qpart = "";
    }
    $type_name = "";
    $current_value = "";
    if (!defined('DISABLE_SESSIONS') && !defined('PREFS_NO_CACHE')) {
        if ($_SESSION["prefs_cache"] && @$_SESSION["prefs_cache"][$pref_name]) {
            $type_name = $_SESSION["prefs_cache"][$pref_name]["type"];
            $current_value = $_SESSION["prefs_cache"][$pref_name]["value"];
        }
    }
    if (!$type_name) {
        $result = db_query($link, "SELECT type_name\n\t\t\t\tFROM ttrss_prefs,ttrss_prefs_types\n\t\t\t\tWHERE pref_name = '{$pref_name}' AND type_id = ttrss_prefs_types.id");
        if (db_num_rows($result) > 0) {
            $type_name = db_fetch_result($result, 0, "type_name");
        }
    } else {
        if ($current_value == $value) {
            return;
        }
    }
    if ($type_name) {
        if ($type_name == "bool") {
            if ($value == "1" || $value == "true") {
                $value = "true";
            } else {
                $value = "false";
            }
        } else {
            if ($type_name == "integer") {
                $value = sprintf("%d", $value);
            }
        }
        if ($pref_name == 'DEFAULT_ARTICLE_LIMIT' && $value == 0) {
            $value = 30;
        }
        if ($pref_name == 'USER_TIMEZONE' && $value == '') {
            $value = 'UTC';
        }
        db_query($link, "UPDATE ttrss_user_prefs SET\n\t\t\t\tvalue = '{$value}' WHERE pref_name = '{$pref_name}'\n\t\t\t\t\t{$profile_qpart}\n\t\t\t\t\tAND owner_uid = " . $_SESSION["uid"]);
        if (!defined('DISABLE_SESSIONS')) {
            if ($user_id == $_SESSION["uid"]) {
                $_SESSION["prefs_cache"][$pref_name]["type"] = $type_name;
                $_SESSION["prefs_cache"][$pref_name]["value"] = $value;
            }
        }
    }
}
Ejemplo n.º 9
0
function sanity_check($link)
{
    error_reporting(0);
    $error_code = 0;
    $schema_version = get_schema_version($link);
    if ($schema_version != SCHEMA_VERSION) {
        $error_code = 5;
    }
    if (DB_TYPE == "mysql") {
        $result = db_query($link, "SELECT true", false);
        if (db_num_rows($result) != 1) {
            $error_code = 10;
        }
    }
    if (db_escape_string("testTEST") != "testTEST") {
        $error_code = 12;
    }
    error_reporting(DEFAULT_ERROR_LEVEL);
    if ($error_code != 0) {
        print_error_xml($error_code);
        return false;
    } else {
        return true;
    }
}
 function login()
 {
     if (!SINGLE_USER_MODE) {
         $login = $this->dbh->escape_string($_POST["login"]);
         $password = $_POST["password"];
         $remember_me = $_POST["remember_me"];
         if ($remember_me) {
             session_set_cookie_params(SESSION_COOKIE_LIFETIME);
         } else {
             session_set_cookie_params(0);
         }
         @session_start();
         if (authenticate_user($login, $password)) {
             $_POST["password"] = "";
             if (get_schema_version() >= 120) {
                 $_SESSION["language"] = get_pref("USER_LANGUAGE", $_SESSION["uid"]);
             }
             $_SESSION["ref_schema_version"] = get_schema_version(true);
             $_SESSION["bw_limit"] = !!$_POST["bw_limit"];
             if ($_POST["profile"]) {
                 $profile = $this->dbh->escape_string($_POST["profile"]);
                 $result = $this->dbh->query("SELECT id FROM ttrss_settings_profiles\n\t\t\t\t\t\tWHERE id = '{$profile}' AND owner_uid = " . $_SESSION["uid"]);
                 if ($this->dbh->num_rows($result) != 0) {
                     $_SESSION["profile"] = $profile;
                 }
             }
         } else {
             $_SESSION["login_error_msg"] = __("Incorrect username or password");
             user_error("Failed login attempt from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING);
         }
         if ($_REQUEST['return']) {
             header("Location: " . $_REQUEST['return']);
         } else {
             header("Location: " . SELF_URL_PATH);
         }
     }
 }
 function login()
 {
     $_SESSION["prefs_cache"] = array();
     if (!SINGLE_USER_MODE) {
         $login = db_escape_string($_POST["login"]);
         $password = $_POST["password"];
         $remember_me = $_POST["remember_me"];
         if (authenticate_user($this->link, $login, $password)) {
             $_POST["password"] = "";
             $_SESSION["language"] = $_POST["language"];
             $_SESSION["ref_schema_version"] = get_schema_version($this->link, true);
             $_SESSION["bw_limit"] = !!$_POST["bw_limit"];
             if ($_POST["profile"]) {
                 $profile = db_escape_string($_POST["profile"]);
                 $result = db_query($this->link, "SELECT id FROM ttrss_settings_profiles\n\t\t\t\t\t\tWHERE id = '{$profile}' AND owner_uid = " . $_SESSION["uid"]);
                 if (db_num_rows($result) != 0) {
                     $_SESSION["profile"] = $profile;
                     $_SESSION["prefs_cache"] = array();
                 }
             }
         } else {
             $_SESSION["login_error_msg"] = __("Incorrect username or password");
         }
         if ($_REQUEST['return']) {
             header("Location: " . $_REQUEST['return']);
         } else {
             header("Location: " . SELF_URL_PATH);
         }
     }
 }
    print "  --convert-filters    - convert type1 filters to type2\n";
    print "  --force-update       - force update of all feeds\n";
    print "  --list-plugins       - list all available plugins\n";
    print "  --help               - show this help\n";
    print "Plugin options:\n";
    foreach (PluginHost::getInstance()->get_commands() as $command => $data) {
        $args = $data['arghelp'];
        printf(" --%-19s - %s\n", "{$command} {$args}", $data["description"]);
    }
    return;
}
if (!isset($options['daemon'])) {
    require_once "errorhandler.php";
}
if (!isset($options['update-schema'])) {
    $schema_version = get_schema_version();
    if ($schema_version != SCHEMA_VERSION) {
        die("Schema version is wrong, please upgrade the database.\n");
    }
}
define('QUIET', isset($options['quiet']));
if (isset($options["log"])) {
    _debug("Logging to " . $options["log"]);
    define('LOGFILE', $options["log"]);
}
if (!isset($options["daemon"])) {
    $lock_filename = "update.lock";
} else {
    $lock_filename = "update_daemon.lock";
}
if (isset($options["task"])) {
Ejemplo n.º 13
0
    function authenticate($login, $password)
    {
        $pwd_hash0 = hash_password($password);
        $pwd_hash1 = encrypt_password($password);
        $pwd_hash2 = encrypt_password($password, $login);
        $login = db_escape_string($login);
        $otp = db_escape_string($_REQUEST["otp"]);
        if (get_schema_version() > 96) {
            if (!defined('AUTH_DISABLE_OTP') || !AUTH_DISABLE_OTP) {
                $result = db_query("SELECT otp_enabled,salt FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******'");
                if (db_num_rows($result) > 0) {
                    require_once "lib/otphp/vendor/base32.php";
                    require_once "lib/otphp/lib/otp.php";
                    require_once "lib/otphp/lib/totp.php";
                    $base32 = new Base32();
                    $otp_enabled = sql_bool_to_bool(db_fetch_result($result, 0, "otp_enabled"));
                    $secret = $base32->encode(sha1(db_fetch_result($result, 0, "salt")));
                    $topt = new \OTPHP\TOTP($secret);
                    $otp_check = $topt->now();
                    if ($otp_enabled) {
                        if ($otp) {
                            if ($otp != $otp_check) {
                                return false;
                            }
                        } else {
                            $return = urlencode($_REQUEST["return"]);
                            ?>
<html>
								<head><title>Tiny Tiny RSS</title></head>
								<?php 
                            echo stylesheet_tag("css/utility.css");
                            ?>
							<body class="otp"><div class="content">
							<form action="public.php?return=<?php 
                            echo $return;
                            ?>
"
									method="POST" class="otpform">
								<input type="hidden" name="op" value="login">
								<input type="hidden" name="login" value="<?php 
                            echo htmlspecialchars($login);
                            ?>
">
								<input type="hidden" name="password" value="<?php 
                            echo htmlspecialchars($password);
                            ?>
">
								<input type="hidden" name="bw_limit" value="<?php 
                            echo htmlspecialchars($_POST["bw_limit"]);
                            ?>
">
								<input type="hidden" name="remember_me" value="<?php 
                            echo htmlspecialchars($_POST["remember_me"]);
                            ?>
">
								<input type="hidden" name="profile" value="<?php 
                            echo htmlspecialchars($_POST["profile"]);
                            ?>
">

								<label><?php 
                            echo __("Please enter your one time password:"******"off" size="6" name="otp" value=""/>
								<input type="submit" value="Continue"/>
							</form></div>
							<script type="text/javascript">
								document.forms[0].otp.focus();
							</script>
							<?php 
                            exit;
                        }
                    }
                }
            }
        }
        $result = db_query("SELECT id,pwd_hash FROM ttrss_users WHERE\n\t\t\tlogin = '******'");
        if (db_num_rows($result) === 1) {
            if (version_compare(PHP_VERSION, '5.5.0', '<')) {
                require_once 'vendor/ircmaxell/password-compat/lib/password.php';
            }
            $pwd_hash_dp = db_fetch_result($result, 0, "pwd_hash");
            if (password_verify($password, $pwd_hash_dp)) {
                return db_fetch_result($result, 0, "id");
            }
        }
        if (get_schema_version() > 87) {
            $result = db_query("SELECT salt FROM ttrss_users WHERE\n\t\t\t\tlogin = '******'");
            if (db_num_rows($result) !== 1) {
                return false;
            }
            $salt = db_fetch_result($result, 0, "salt");
            if ($salt == "") {
                $query = "SELECT id\n\t\t\t\t\tFROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******' AND (pwd_hash = '{$pwd_hash1}' OR\n\t\t\t\t\tpwd_hash = '{$pwd_hash2}')";
                // verify and upgrade password to new salt base
                $result = db_query($query);
                if (db_num_rows($result) === 1) {
                    // upgrade password to MODE2
                    $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
                    $pwd_hash = encrypt_password($password, $salt, true);
                    db_query("UPDATE ttrss_users SET\n\t\t\t\t\t\tpwd_hash = '{$pwd_hash}', salt = '{$salt}' WHERE login = '******'");
                    $query = "SELECT id\n\t\t\t\t\t\tFROM ttrss_users WHERE\n\t\t\t\t\t\tlogin = '******' AND pwd_hash = '{$pwd_hash}'";
                } else {
                    return false;
                }
            } else {
                $pwd_hash = encrypt_password($password, $salt, true);
                $query = "SELECT id\n\t\t\t\t\tFROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******' AND pwd_hash = '{$pwd_hash}'";
            }
        } else {
            $query = "SELECT id\n\t\t\t\tFROM ttrss_users WHERE\n\t\t\t\tlogin = '******' AND (pwd_hash = '{$pwd_hash1}' OR\n\t\t\t\t\tpwd_hash = '{$pwd_hash2}')";
        }
        $result = db_query($query);
        if (db_num_rows($result) === 1) {
            // Authentication was successful, but the hash in the database
            // is not secure. We need to update it.
            db_query("UPDATE ttrss_users SET\n\t\t\t\tpwd_hash = '{$pwd_hash0}' WHERE login = '******'");
            return db_fetch_result($result, 0, "id");
        }
        return false;
    }
    function authenticate($login, $password)
    {
        $pwd_hash1 = encrypt_password($password);
        $pwd_hash2 = encrypt_password($password, $login);
        $login = db_escape_string($login);
        $otp = db_escape_string($_REQUEST["otp"]);
        if (get_schema_version($this->link) > 96) {
            if (!defined('AUTH_DISABLE_OTP') || !AUTH_DISABLE_OTP) {
                $result = db_query($this->link, "SELECT otp_enabled,salt FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******'");
                if (db_num_rows($result) > 0) {
                    require_once "lib/otphp/vendor/base32.php";
                    require_once "lib/otphp/lib/otp.php";
                    require_once "lib/otphp/lib/totp.php";
                    $base32 = new Base32();
                    $otp_enabled = sql_bool_to_bool(db_fetch_result($result, 0, "otp_enabled"));
                    $secret = $base32->encode(sha1(db_fetch_result($result, 0, "salt")));
                    $topt = new \OTPHP\TOTP($secret);
                    $otp_check = $topt->now();
                    if ($otp_enabled) {
                        if ($otp) {
                            if ($otp != $otp_check) {
                                return false;
                            }
                        } else {
                            $return = urlencode($_REQUEST["return"]);
                            ?>
<html>
								<head><title>Tiny Tiny RSS</title></head>
							<body>
							<form action="public.php?return=<?php 
                            echo $return;
                            ?>
"
									method="POST">
								<input type="hidden" name="op" value="login">
								<input type="hidden" name="login" value="<?php 
                            echo htmlspecialchars($login);
                            ?>
">
								<input type="hidden" name="password" value="<?php 
                            echo htmlspecialchars($password);
                            ?>
">

								<label><?php 
                            echo __("Please enter your one time password:"******"password" size="6" name="otp"/>
								<input type="submit" value="Continue"/>
							</form>
							<script type="text/javascript">
								document.forms[0].otp.focus();
							</script>
							<?php 
                            exit;
                        }
                    }
                }
            }
        }
        if (get_schema_version($this->link) > 87) {
            $result = db_query($this->link, "SELECT salt FROM ttrss_users WHERE\n\t\t\t\tlogin = '******'");
            if (db_num_rows($result) != 1) {
                return false;
            }
            $salt = db_fetch_result($result, 0, "salt");
            if ($salt == "") {
                $query = "SELECT id\n\t            FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******' AND (pwd_hash = '{$pwd_hash1}' OR\n\t\t\t\t\tpwd_hash = '{$pwd_hash2}')";
                // verify and upgrade password to new salt base
                $result = db_query($this->link, $query);
                if (db_num_rows($result) == 1) {
                    // upgrade password to MODE2
                    $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
                    $pwd_hash = encrypt_password($password, $salt, true);
                    db_query($this->link, "UPDATE ttrss_users SET\n\t\t\t\t\t\tpwd_hash = '{$pwd_hash}', salt = '{$salt}' WHERE login = '******'");
                    $query = "SELECT id\n\t\t            FROM ttrss_users WHERE\n\t\t\t\t\t\tlogin = '******' AND pwd_hash = '{$pwd_hash}'";
                } else {
                    return false;
                }
            } else {
                $pwd_hash = encrypt_password($password, $salt, true);
                $query = "SELECT id\n\t\t         FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******' AND pwd_hash = '{$pwd_hash}'";
            }
        } else {
            $query = "SELECT id\n\t         FROM ttrss_users WHERE\n\t\t\t\tlogin = '******' AND (pwd_hash = '{$pwd_hash1}' OR\n\t\t\t\t\tpwd_hash = '{$pwd_hash2}')";
        }
        $result = db_query($this->link, $query);
        if (db_num_rows($result) == 1) {
            return db_fetch_result($result, 0, "id");
        }
        return false;
    }
Ejemplo n.º 15
0
function initialize_user_prefs($link, $uid, $profile = false)
{
    $uid = db_escape_string($uid);
    if (!$profile) {
        $profile = "NULL";
        $profile_qpart = "AND profile IS NULL";
    } else {
        $profile_qpart = "AND profile = '{$profile}'";
    }
    db_query($link, "BEGIN");
    $result = db_query($link, "SELECT pref_name,def_value FROM ttirc_prefs");
    $u_result = db_query($link, "SELECT pref_name \n\t\t\tFROM ttirc_user_prefs WHERE owner_uid = '{$uid}' {$profile_qpart}");
    $active_prefs = array();
    while ($line = db_fetch_assoc($u_result)) {
        array_push($active_prefs, $line["pref_name"]);
    }
    while ($line = db_fetch_assoc($result)) {
        if (array_search($line["pref_name"], $active_prefs) === FALSE) {
            //				print "adding " . $line["pref_name"] . "<br>";
            if (get_schema_version($link) < 63) {
                db_query($link, "INSERT INTO ttirc_user_prefs\n\t\t\t\t\t\t(owner_uid,pref_name,value) VALUES \n\t\t\t\t\t\t('{$uid}', '" . $line["pref_name"] . "','" . $line["def_value"] . "')");
            } else {
                db_query($link, "INSERT INTO ttirc_user_prefs\n\t\t\t\t\t\t(owner_uid,pref_name,value, profile) VALUES \n\t\t\t\t\t\t('{$uid}', '" . $line["pref_name"] . "','" . $line["def_value"] . "', {$profile})");
            }
        }
    }
    db_query($link, "COMMIT");
}