function log_error($errno, $errstr, $file, $line, $context)
{
if (Db::get() && get_schema_version() > 117) {
$errno = Db::get()->escape_string($errno);
$errstr = Db::get()->escape_string($errstr);
$file = Db::get()->escape_string($file);
$line = Db::get()->escape_string($line);
$context = DB::get()->escape_string($context);
$owner_uid = $_SESSION["uid"] ? $_SESSION["uid"] : "NULL";
$result = Db::get()->query("INSERT INTO ttrss_error_log\n\t\t\t\t(errno, errstr, filename, lineno, context, owner_uid, created_at) VALUES\n\t\t\t\t({$errno}, '{$errstr}', '{$file}', '{$line}', '{$context}', {$owner_uid}, NOW())");
return Db::get()->affected_rows($result) != 0;
}
return false;
}
function log_error($errno, $errstr, $file, $line, $context)
{
if (Db::get() && get_schema_version() > 117) {
$errno = Db::get()->escape_string($errno);
$errstr = Db::get()->escape_string($errstr);
$file = Db::get()->escape_string($file);
$line = Db::get()->escape_string($line);
$context = '';
// backtrace is a lot of data which is not really critical to store
//$context = $this->dbh->escape_string(serialize($context));
$owner_uid = $_SESSION["uid"] ? $_SESSION["uid"] : "NULL";
$result = Db::get()->query("INSERT INTO ttrss_error_log\n\t\t\t\t(errno, errstr, filename, lineno, context, owner_uid, created_at) VALUES\n\t\t\t\t({$errno}, '{$errstr}', '{$file}', '{$line}', '{$context}', {$owner_uid}, NOW())");
return Db::get()->affected_rows($result) != 0;
}
return false;
}
function set_pref($link, $key, $value, $user_id = false)
{
$key = db_escape_string($key);
$value = db_escape_string($value);
if (!$user_id) {
$user_id = $_SESSION["uid"];
$profile = $_SESSION["profile"];
} else {
$user_id = sprintf("%d", $user_id);
$prefs_cache = false;
}
if ($profile) {
$profile_qpart = "AND profile = '{$profile}'";
} else {
$profile_qpart = "AND profile IS NULL";
}
if (get_schema_version($link) < 63) {
$profile_qpart = "";
}
$result = db_query($link, "SELECT type_name \n\t\t\tFROM ttrss_prefs,ttrss_prefs_types \n\t\t\tWHERE pref_name = '{$key}' AND type_id = ttrss_prefs_types.id");
if (db_num_rows($result) > 0) {
$type_name = db_fetch_result($result, 0, "type_name");
if ($type_name == "bool") {
if ($value == "1" || $value == "true") {
$value = "true";
} else {
$value = "false";
}
} else {
if ($type_name == "integer") {
$value = sprintf("%d", $value);
}
}
if ($pref_name == 'DEFAULT_ARTICLE_LIMIT' && $value == 0) {
$value = 30;
}
db_query($link, "UPDATE ttrss_user_prefs SET \n\t\t\t\tvalue = '{$value}' WHERE pref_name = '{$key}' \n\t\t\t\t\t{$profile_qpart}\n\t\t\t\t\tAND owner_uid = " . $_SESSION["uid"]);
$_SESSION["prefs_cache"] = array();
}
}
/**
* Update a feed batch.
* Used by daemons to update n feeds by run.
* Only update feed needing a update, and not being processed
* by another process.
*
* @param mixed $link Database link
* @param integer $limit Maximum number of feeds in update batch. Default to DAEMON_FEED_LIMIT.
* @param boolean $from_http Set to true if you call this function from http to disable cli specific code.
* @param boolean $debug Set to false to disable debug output. Default to true.
* @return void
*/
function update_daemon_common($limit = DAEMON_FEED_LIMIT, $from_http = false, $debug = true)
{
// Process all other feeds using last_updated and interval parameters
$schema_version = get_schema_version();
if ($schema_version != SCHEMA_VERSION) {
die("Schema version is wrong, please upgrade the database.\n");
}
define('PREFS_NO_CACHE', true);
// Test if the user has loggued in recently. If not, it does not update its feeds.
if (!SINGLE_USER_MODE && DAEMON_UPDATE_LOGIN_LIMIT > 0) {
if (DB_TYPE == "pgsql") {
$login_thresh_qpart = "AND ttrss_users.last_login >= NOW() - INTERVAL '" . DAEMON_UPDATE_LOGIN_LIMIT . " days'";
} else {
$login_thresh_qpart = "AND ttrss_users.last_login >= DATE_SUB(NOW(), INTERVAL " . DAEMON_UPDATE_LOGIN_LIMIT . " DAY)";
}
} else {
$login_thresh_qpart = "";
}
// Test if the feed need a update (update interval exceded).
if (DB_TYPE == "pgsql") {
$update_limit_qpart = "AND ((\n\t\t\t\t\tttrss_feeds.update_interval = 0\n\t\t\t\t\tAND ttrss_user_prefs.value != '-1'\n\t\t\t\t\tAND ttrss_feeds.last_updated < NOW() - CAST((ttrss_user_prefs.value || ' minutes') AS INTERVAL)\n\t\t\t\t) OR (\n\t\t\t\t\tttrss_feeds.update_interval > 0\n\t\t\t\t\tAND ttrss_feeds.last_updated < NOW() - CAST((ttrss_feeds.update_interval || ' minutes') AS INTERVAL)\n\t\t\t\t) OR ttrss_feeds.last_updated IS NULL\n\t\t\t\tOR last_updated = '1970-01-01 00:00:00')";
} else {
$update_limit_qpart = "AND ((\n\t\t\t\t\tttrss_feeds.update_interval = 0\n\t\t\t\t\tAND ttrss_user_prefs.value != '-1'\n\t\t\t\t\tAND ttrss_feeds.last_updated < DATE_SUB(NOW(), INTERVAL CONVERT(ttrss_user_prefs.value, SIGNED INTEGER) MINUTE)\n\t\t\t\t) OR (\n\t\t\t\t\tttrss_feeds.update_interval > 0\n\t\t\t\t\tAND ttrss_feeds.last_updated < DATE_SUB(NOW(), INTERVAL ttrss_feeds.update_interval MINUTE)\n\t\t\t\t) OR ttrss_feeds.last_updated IS NULL\n\t\t\t\tOR last_updated = '1970-01-01 00:00:00')";
}
// Test if feed is currently being updated by another process.
if (DB_TYPE == "pgsql") {
$updstart_thresh_qpart = "AND (ttrss_feeds.last_update_started IS NULL OR ttrss_feeds.last_update_started < NOW() - INTERVAL '10 minutes')";
} else {
$updstart_thresh_qpart = "AND (ttrss_feeds.last_update_started IS NULL OR ttrss_feeds.last_update_started < DATE_SUB(NOW(), INTERVAL 10 MINUTE))";
}
// Test if there is a limit to number of updated feeds
$query_limit = "";
if ($limit) {
$query_limit = sprintf("LIMIT %d", $limit);
}
$query = "SELECT DISTINCT ttrss_feeds.feed_url, ttrss_feeds.last_updated\n\t\t\tFROM\n\t\t\t\tttrss_feeds, ttrss_users, ttrss_user_prefs\n\t\t\tWHERE\n\t\t\t\tttrss_feeds.owner_uid = ttrss_users.id\n\t\t\t\tAND ttrss_users.id = ttrss_user_prefs.owner_uid\n\t\t\t\tAND ttrss_user_prefs.pref_name = 'DEFAULT_UPDATE_INTERVAL'\n\t\t\t\t{$login_thresh_qpart} {$update_limit_qpart}\n\t\t\t\t{$updstart_thresh_qpart}\n\t\t\t\tORDER BY last_updated {$query_limit}";
// We search for feed needing update.
$result = db_query($query);
if ($debug) {
_debug(sprintf("Scheduled %d feeds to update...", db_num_rows($result)));
}
// Here is a little cache magic in order to minimize risk of double feed updates.
$feeds_to_update = array();
while ($line = db_fetch_assoc($result)) {
array_push($feeds_to_update, db_escape_string($line['feed_url']));
}
// We update the feed last update started date before anything else.
// There is no lag due to feed contents downloads
// It prevent an other process to update the same feed.
if (count($feeds_to_update) > 0) {
$feeds_quoted = array();
foreach ($feeds_to_update as $feed) {
array_push($feeds_quoted, "'" . db_escape_string($feed) . "'");
}
db_query(sprintf("UPDATE ttrss_feeds SET last_update_started = NOW()\n\t\t\t\tWHERE feed_url IN (%s)", implode(',', $feeds_quoted)));
}
$nf = 0;
// For each feed, we call the feed update function.
foreach ($feeds_to_update as $feed) {
if ($debug) {
_debug("Base feed: {$feed}");
}
//update_rss_feed($line["id"], true);
// since we have the data cached, we can deal with other feeds with the same url
$tmp_result = db_query("SELECT DISTINCT ttrss_feeds.id,last_updated,ttrss_feeds.owner_uid\n\t\t\tFROM ttrss_feeds, ttrss_users, ttrss_user_prefs WHERE\n\t\t\t\tttrss_user_prefs.owner_uid = ttrss_feeds.owner_uid AND\n\t\t\t\tttrss_users.id = ttrss_user_prefs.owner_uid AND\n\t\t\t\tttrss_user_prefs.pref_name = 'DEFAULT_UPDATE_INTERVAL' AND\n\t\t\t\tfeed_url = '" . db_escape_string($feed) . "' AND\n\t\t\t\t(ttrss_feeds.update_interval > 0 OR\n\t\t\t\t\tttrss_user_prefs.value != '-1')\n\t\t\t\t{$login_thresh_qpart}\n\t\t\tORDER BY ttrss_feeds.id {$query_limit}");
if (db_num_rows($tmp_result) > 0) {
while ($tline = db_fetch_assoc($tmp_result)) {
if ($debug) {
_debug(" => " . $tline["last_updated"] . ", " . $tline["id"] . " " . $tline["owner_uid"]);
}
update_rss_feed($tline["id"], true);
++$nf;
}
}
}
require_once "digest.php";
// Send feed digests by email if needed.
send_headlines_digests($debug);
return $nf;
}
function sanity_check()
{
require_once 'errors.php';
global $ERRORS;
$error_code = 0;
$schema_version = get_schema_version(true);
if ($schema_version != SCHEMA_VERSION) {
$error_code = 5;
}
if (DB_TYPE == "mysql") {
$result = db_query("SELECT true", false);
if (db_num_rows($result) != 1) {
$error_code = 10;
}
}
if (db_escape_string("testTEST") != "testTEST") {
$error_code = 12;
}
return array("code" => $error_code, "message" => $ERRORS[$error_code]);
}
function write($pref_name, $value, $user_id = false, $strip_tags = true)
{
$pref_name = db_escape_string($pref_name);
$value = db_escape_string($value, $strip_tags);
if (!$user_id) {
$user_id = $_SESSION["uid"];
@($profile = $_SESSION["profile"]);
} else {
$user_id = sprintf("%d", $user_id);
$prefs_cache = false;
}
if ($profile) {
$profile_qpart = "AND profile = '{$profile}'";
} else {
$profile_qpart = "AND profile IS NULL";
}
if (get_schema_version() < 63) {
$profile_qpart = "";
}
$type_name = "";
$current_value = "";
if (isset($this->cache[$pref_name])) {
$type_name = $this->cache[$pref_name]["type"];
$current_value = $this->cache[$pref_name]["value"];
}
if (!$type_name) {
$result = db_query("SELECT type_name\n FROM ttrss_prefs,ttrss_prefs_types\n WHERE pref_name = '{$pref_name}' AND type_id = ttrss_prefs_types.id");
if (db_num_rows($result) > 0) {
$type_name = db_fetch_result($result, 0, "type_name");
}
} elseif ($current_value == $value) {
return;
}
if ($type_name) {
if ($type_name == "bool") {
if ($value == "1" || $value == "true") {
$value = "true";
} else {
$value = "false";
}
} elseif ($type_name == "integer") {
$value = sprintf("%d", $value);
}
if ($pref_name == 'USER_TIMEZONE' && $value == '') {
$value = 'UTC';
}
db_query("UPDATE ttrss_user_prefs SET\n value = '{$value}' WHERE pref_name = '{$pref_name}'\n {$profile_qpart}\n AND owner_uid = " . $_SESSION["uid"]);
if ($user_id == $_SESSION["uid"]) {
$this->cache[$pref_name]["type"] = $type_name;
$this->cache[$pref_name]["value"] = $value;
}
}
}
<?php
function getline($fp, $delim)
{
$result = "";
while (!feof($fp)) {
$tmp = fgetc($fp);
if ($tmp == $delim) {
return $result;
}
$result .= $tmp;
}
return $result;
}
$op = $_POST["op"];
$version = get_schema_version($link);
$update_files = glob("schema/versions/" . DB_TYPE . "/*sql");
$update_versions = array();
foreach ($update_files as $f) {
$m = array();
preg_match_all("/schema\\/versions\\/" . DB_TYPE . "\\/(\\d*)\\.sql/", $f, $m, PREG_PATTERN_ORDER);
if ($m[1][0]) {
$update_versions[$m[1][0]] = $f;
}
}
ksort($update_versions, SORT_NUMERIC);
$latest_version = max(array_keys($update_versions));
if ($version == $latest_version) {
if ($version != SCHEMA_VERSION) {
print_error(__("Could not update database"));
print "<p>" . __("Could not find necessary schema file, need version:") . " " . SCHEMA_VERSION . __(", found: ") . $latest_version . "</p>";
function set_pref($link, $pref_name, $value, $user_id = false, $strip_tags = true)
{
$pref_name = db_escape_string($pref_name);
$value = db_escape_string($value, $strip_tags);
if (!$user_id) {
$user_id = $_SESSION["uid"];
@($profile = $_SESSION["profile"]);
} else {
$user_id = sprintf("%d", $user_id);
$prefs_cache = false;
}
if ($profile) {
$profile_qpart = "AND profile = '{$profile}'";
} else {
$profile_qpart = "AND profile IS NULL";
}
if (get_schema_version($link) < 63) {
$profile_qpart = "";
}
$type_name = "";
$current_value = "";
if (!defined('DISABLE_SESSIONS') && !defined('PREFS_NO_CACHE')) {
if ($_SESSION["prefs_cache"] && @$_SESSION["prefs_cache"][$pref_name]) {
$type_name = $_SESSION["prefs_cache"][$pref_name]["type"];
$current_value = $_SESSION["prefs_cache"][$pref_name]["value"];
}
}
if (!$type_name) {
$result = db_query($link, "SELECT type_name\n\t\t\t\tFROM ttrss_prefs,ttrss_prefs_types\n\t\t\t\tWHERE pref_name = '{$pref_name}' AND type_id = ttrss_prefs_types.id");
if (db_num_rows($result) > 0) {
$type_name = db_fetch_result($result, 0, "type_name");
}
} else {
if ($current_value == $value) {
return;
}
}
if ($type_name) {
if ($type_name == "bool") {
if ($value == "1" || $value == "true") {
$value = "true";
} else {
$value = "false";
}
} else {
if ($type_name == "integer") {
$value = sprintf("%d", $value);
}
}
if ($pref_name == 'DEFAULT_ARTICLE_LIMIT' && $value == 0) {
$value = 30;
}
if ($pref_name == 'USER_TIMEZONE' && $value == '') {
$value = 'UTC';
}
db_query($link, "UPDATE ttrss_user_prefs SET\n\t\t\t\tvalue = '{$value}' WHERE pref_name = '{$pref_name}'\n\t\t\t\t\t{$profile_qpart}\n\t\t\t\t\tAND owner_uid = " . $_SESSION["uid"]);
if (!defined('DISABLE_SESSIONS')) {
if ($user_id == $_SESSION["uid"]) {
$_SESSION["prefs_cache"][$pref_name]["type"] = $type_name;
$_SESSION["prefs_cache"][$pref_name]["value"] = $value;
}
}
}
}
function sanity_check($link)
{
error_reporting(0);
$error_code = 0;
$schema_version = get_schema_version($link);
if ($schema_version != SCHEMA_VERSION) {
$error_code = 5;
}
if (DB_TYPE == "mysql") {
$result = db_query($link, "SELECT true", false);
if (db_num_rows($result) != 1) {
$error_code = 10;
}
}
if (db_escape_string("testTEST") != "testTEST") {
$error_code = 12;
}
error_reporting(DEFAULT_ERROR_LEVEL);
if ($error_code != 0) {
print_error_xml($error_code);
return false;
} else {
return true;
}
}
function login()
{
if (!SINGLE_USER_MODE) {
$login = $this->dbh->escape_string($_POST["login"]);
$password = $_POST["password"];
$remember_me = $_POST["remember_me"];
if ($remember_me) {
session_set_cookie_params(SESSION_COOKIE_LIFETIME);
} else {
session_set_cookie_params(0);
}
@session_start();
if (authenticate_user($login, $password)) {
$_POST["password"] = "";
if (get_schema_version() >= 120) {
$_SESSION["language"] = get_pref("USER_LANGUAGE", $_SESSION["uid"]);
}
$_SESSION["ref_schema_version"] = get_schema_version(true);
$_SESSION["bw_limit"] = !!$_POST["bw_limit"];
if ($_POST["profile"]) {
$profile = $this->dbh->escape_string($_POST["profile"]);
$result = $this->dbh->query("SELECT id FROM ttrss_settings_profiles\n\t\t\t\t\t\tWHERE id = '{$profile}' AND owner_uid = " . $_SESSION["uid"]);
if ($this->dbh->num_rows($result) != 0) {
$_SESSION["profile"] = $profile;
}
}
} else {
$_SESSION["login_error_msg"] = __("Incorrect username or password");
user_error("Failed login attempt from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING);
}
if ($_REQUEST['return']) {
header("Location: " . $_REQUEST['return']);
} else {
header("Location: " . SELF_URL_PATH);
}
}
}
function login()
{
$_SESSION["prefs_cache"] = array();
if (!SINGLE_USER_MODE) {
$login = db_escape_string($_POST["login"]);
$password = $_POST["password"];
$remember_me = $_POST["remember_me"];
if (authenticate_user($this->link, $login, $password)) {
$_POST["password"] = "";
$_SESSION["language"] = $_POST["language"];
$_SESSION["ref_schema_version"] = get_schema_version($this->link, true);
$_SESSION["bw_limit"] = !!$_POST["bw_limit"];
if ($_POST["profile"]) {
$profile = db_escape_string($_POST["profile"]);
$result = db_query($this->link, "SELECT id FROM ttrss_settings_profiles\n\t\t\t\t\t\tWHERE id = '{$profile}' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) != 0) {
$_SESSION["profile"] = $profile;
$_SESSION["prefs_cache"] = array();
}
}
} else {
$_SESSION["login_error_msg"] = __("Incorrect username or password");
}
if ($_REQUEST['return']) {
header("Location: " . $_REQUEST['return']);
} else {
header("Location: " . SELF_URL_PATH);
}
}
}
print " --convert-filters - convert type1 filters to type2\n";
print " --force-update - force update of all feeds\n";
print " --list-plugins - list all available plugins\n";
print " --help - show this help\n";
print "Plugin options:\n";
foreach (PluginHost::getInstance()->get_commands() as $command => $data) {
$args = $data['arghelp'];
printf(" --%-19s - %s\n", "{$command} {$args}", $data["description"]);
}
return;
}
if (!isset($options['daemon'])) {
require_once "errorhandler.php";
}
if (!isset($options['update-schema'])) {
$schema_version = get_schema_version();
if ($schema_version != SCHEMA_VERSION) {
die("Schema version is wrong, please upgrade the database.\n");
}
}
define('QUIET', isset($options['quiet']));
if (isset($options["log"])) {
_debug("Logging to " . $options["log"]);
define('LOGFILE', $options["log"]);
}
if (!isset($options["daemon"])) {
$lock_filename = "update.lock";
} else {
$lock_filename = "update_daemon.lock";
}
if (isset($options["task"])) {
function authenticate($login, $password)
{
$pwd_hash0 = hash_password($password);
$pwd_hash1 = encrypt_password($password);
$pwd_hash2 = encrypt_password($password, $login);
$login = db_escape_string($login);
$otp = db_escape_string($_REQUEST["otp"]);
if (get_schema_version() > 96) {
if (!defined('AUTH_DISABLE_OTP') || !AUTH_DISABLE_OTP) {
$result = db_query("SELECT otp_enabled,salt FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******'");
if (db_num_rows($result) > 0) {
require_once "lib/otphp/vendor/base32.php";
require_once "lib/otphp/lib/otp.php";
require_once "lib/otphp/lib/totp.php";
$base32 = new Base32();
$otp_enabled = sql_bool_to_bool(db_fetch_result($result, 0, "otp_enabled"));
$secret = $base32->encode(sha1(db_fetch_result($result, 0, "salt")));
$topt = new \OTPHP\TOTP($secret);
$otp_check = $topt->now();
if ($otp_enabled) {
if ($otp) {
if ($otp != $otp_check) {
return false;
}
} else {
$return = urlencode($_REQUEST["return"]);
?>
<html>
<head><title>Tiny Tiny RSS</title></head>
<?php
echo stylesheet_tag("css/utility.css");
?>
<body class="otp"><div class="content">
<form action="public.php?return=<?php
echo $return;
?>
"
method="POST" class="otpform">
<input type="hidden" name="op" value="login">
<input type="hidden" name="login" value="<?php
echo htmlspecialchars($login);
?>
">
<input type="hidden" name="password" value="<?php
echo htmlspecialchars($password);
?>
">
<input type="hidden" name="bw_limit" value="<?php
echo htmlspecialchars($_POST["bw_limit"]);
?>
">
<input type="hidden" name="remember_me" value="<?php
echo htmlspecialchars($_POST["remember_me"]);
?>
">
<input type="hidden" name="profile" value="<?php
echo htmlspecialchars($_POST["profile"]);
?>
">
<label><?php
echo __("Please enter your one time password:"******"off" size="6" name="otp" value=""/>
<input type="submit" value="Continue"/>
</form></div>
<script type="text/javascript">
document.forms[0].otp.focus();
</script>
<?php
exit;
}
}
}
}
}
$result = db_query("SELECT id,pwd_hash FROM ttrss_users WHERE\n\t\t\tlogin = '******'");
if (db_num_rows($result) === 1) {
if (version_compare(PHP_VERSION, '5.5.0', '<')) {
require_once 'vendor/ircmaxell/password-compat/lib/password.php';
}
$pwd_hash_dp = db_fetch_result($result, 0, "pwd_hash");
if (password_verify($password, $pwd_hash_dp)) {
return db_fetch_result($result, 0, "id");
}
}
if (get_schema_version() > 87) {
$result = db_query("SELECT salt FROM ttrss_users WHERE\n\t\t\t\tlogin = '******'");
if (db_num_rows($result) !== 1) {
return false;
}
$salt = db_fetch_result($result, 0, "salt");
if ($salt == "") {
$query = "SELECT id\n\t\t\t\t\tFROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******' AND (pwd_hash = '{$pwd_hash1}' OR\n\t\t\t\t\tpwd_hash = '{$pwd_hash2}')";
// verify and upgrade password to new salt base
$result = db_query($query);
if (db_num_rows($result) === 1) {
// upgrade password to MODE2
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
$pwd_hash = encrypt_password($password, $salt, true);
db_query("UPDATE ttrss_users SET\n\t\t\t\t\t\tpwd_hash = '{$pwd_hash}', salt = '{$salt}' WHERE login = '******'");
$query = "SELECT id\n\t\t\t\t\t\tFROM ttrss_users WHERE\n\t\t\t\t\t\tlogin = '******' AND pwd_hash = '{$pwd_hash}'";
} else {
return false;
}
} else {
$pwd_hash = encrypt_password($password, $salt, true);
$query = "SELECT id\n\t\t\t\t\tFROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******' AND pwd_hash = '{$pwd_hash}'";
}
} else {
$query = "SELECT id\n\t\t\t\tFROM ttrss_users WHERE\n\t\t\t\tlogin = '******' AND (pwd_hash = '{$pwd_hash1}' OR\n\t\t\t\t\tpwd_hash = '{$pwd_hash2}')";
}
$result = db_query($query);
if (db_num_rows($result) === 1) {
// Authentication was successful, but the hash in the database
// is not secure. We need to update it.
db_query("UPDATE ttrss_users SET\n\t\t\t\tpwd_hash = '{$pwd_hash0}' WHERE login = '******'");
return db_fetch_result($result, 0, "id");
}
return false;
}
function authenticate($login, $password)
{
$pwd_hash1 = encrypt_password($password);
$pwd_hash2 = encrypt_password($password, $login);
$login = db_escape_string($login);
$otp = db_escape_string($_REQUEST["otp"]);
if (get_schema_version($this->link) > 96) {
if (!defined('AUTH_DISABLE_OTP') || !AUTH_DISABLE_OTP) {
$result = db_query($this->link, "SELECT otp_enabled,salt FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******'");
if (db_num_rows($result) > 0) {
require_once "lib/otphp/vendor/base32.php";
require_once "lib/otphp/lib/otp.php";
require_once "lib/otphp/lib/totp.php";
$base32 = new Base32();
$otp_enabled = sql_bool_to_bool(db_fetch_result($result, 0, "otp_enabled"));
$secret = $base32->encode(sha1(db_fetch_result($result, 0, "salt")));
$topt = new \OTPHP\TOTP($secret);
$otp_check = $topt->now();
if ($otp_enabled) {
if ($otp) {
if ($otp != $otp_check) {
return false;
}
} else {
$return = urlencode($_REQUEST["return"]);
?>
<html>
<head><title>Tiny Tiny RSS</title></head>
<body>
<form action="public.php?return=<?php
echo $return;
?>
"
method="POST">
<input type="hidden" name="op" value="login">
<input type="hidden" name="login" value="<?php
echo htmlspecialchars($login);
?>
">
<input type="hidden" name="password" value="<?php
echo htmlspecialchars($password);
?>
">
<label><?php
echo __("Please enter your one time password:"******"password" size="6" name="otp"/>
<input type="submit" value="Continue"/>
</form>
<script type="text/javascript">
document.forms[0].otp.focus();
</script>
<?php
exit;
}
}
}
}
}
if (get_schema_version($this->link) > 87) {
$result = db_query($this->link, "SELECT salt FROM ttrss_users WHERE\n\t\t\t\tlogin = '******'");
if (db_num_rows($result) != 1) {
return false;
}
$salt = db_fetch_result($result, 0, "salt");
if ($salt == "") {
$query = "SELECT id\n\t FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******' AND (pwd_hash = '{$pwd_hash1}' OR\n\t\t\t\t\tpwd_hash = '{$pwd_hash2}')";
// verify and upgrade password to new salt base
$result = db_query($this->link, $query);
if (db_num_rows($result) == 1) {
// upgrade password to MODE2
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
$pwd_hash = encrypt_password($password, $salt, true);
db_query($this->link, "UPDATE ttrss_users SET\n\t\t\t\t\t\tpwd_hash = '{$pwd_hash}', salt = '{$salt}' WHERE login = '******'");
$query = "SELECT id\n\t\t FROM ttrss_users WHERE\n\t\t\t\t\t\tlogin = '******' AND pwd_hash = '{$pwd_hash}'";
} else {
return false;
}
} else {
$pwd_hash = encrypt_password($password, $salt, true);
$query = "SELECT id\n\t\t FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******' AND pwd_hash = '{$pwd_hash}'";
}
} else {
$query = "SELECT id\n\t FROM ttrss_users WHERE\n\t\t\t\tlogin = '******' AND (pwd_hash = '{$pwd_hash1}' OR\n\t\t\t\t\tpwd_hash = '{$pwd_hash2}')";
}
$result = db_query($this->link, $query);
if (db_num_rows($result) == 1) {
return db_fetch_result($result, 0, "id");
}
return false;
}
function initialize_user_prefs($link, $uid, $profile = false)
{
$uid = db_escape_string($uid);
if (!$profile) {
$profile = "NULL";
$profile_qpart = "AND profile IS NULL";
} else {
$profile_qpart = "AND profile = '{$profile}'";
}
db_query($link, "BEGIN");
$result = db_query($link, "SELECT pref_name,def_value FROM ttirc_prefs");
$u_result = db_query($link, "SELECT pref_name \n\t\t\tFROM ttirc_user_prefs WHERE owner_uid = '{$uid}' {$profile_qpart}");
$active_prefs = array();
while ($line = db_fetch_assoc($u_result)) {
array_push($active_prefs, $line["pref_name"]);
}
while ($line = db_fetch_assoc($result)) {
if (array_search($line["pref_name"], $active_prefs) === FALSE) {
// print "adding " . $line["pref_name"] . "<br>";
if (get_schema_version($link) < 63) {
db_query($link, "INSERT INTO ttirc_user_prefs\n\t\t\t\t\t\t(owner_uid,pref_name,value) VALUES \n\t\t\t\t\t\t('{$uid}', '" . $line["pref_name"] . "','" . $line["def_value"] . "')");
} else {
db_query($link, "INSERT INTO ttirc_user_prefs\n\t\t\t\t\t\t(owner_uid,pref_name,value, profile) VALUES \n\t\t\t\t\t\t('{$uid}', '" . $line["pref_name"] . "','" . $line["def_value"] . "', {$profile})");
}
}
}
db_query($link, "COMMIT");
}
