public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 19:05:55 +00:00
Code Issues Releases Wiki Activity

implement basic feed authentication parameter encryption in the database (FEED_CRYPT_KEY)

Browse Source
This commit is contained in:
Andrew Dolgov
2013-04-13 18:24:27 +04:00
parent 5b27cb05a8
commit 044cff2d74
8 changed files with 130 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
classes/pref/feeds.php
View File

@@ -528,6 +528,9 @@ class Pref_Feeds extends Handler_Protected {
"SELECT * FROM ttrss_feeds WHERE id = '$feed_id' AND
owner_uid = " . $_SESSION["uid"]);
$auth_pass_encrypted = sql_bool_to_bool(db_fetch_result($result, 0,
"auth_pass_encrypted"));
$title = htmlspecialchars(db_fetch_result($result,
0, "title"));
@@ -613,7 +616,14 @@ class Pref_Feeds extends Handler_Protected {
placeHolder=\"".__("Login")."\"
name=\"auth_login\" value=\"$auth_login\"><hr/>";
$auth_pass = htmlspecialchars(db_fetch_result($result, 0, "auth_pass"));
$auth_pass = db_fetch_result($result, 0, "auth_pass");
if ($auth_pass_encrypted) {
require_once "crypt.php";
$auth_pass = decrypt_string($auth_pass);
}
$auth_pass = htmlspecialchars($auth_pass);
print "<input dojoType=\"dijit.form.TextBox\" type=\"password\" name=\"auth_pass\"
placeHolder=\"".__("Password")."\"
@@ -936,6 +946,14 @@ class Pref_Feeds extends Handler_Protected {
$mark_unread_on_update = checkbox_to_sql_bool(
db_escape_string($this->link, $_POST["mark_unread_on_update"]));
if (strlen(FEED_CRYPT_KEY) > 0) {
require_once "crypt.php";
$auth_pass = substr(encrypt_string($auth_pass), 0, 250);
$auth_pass_encrypted = 'true';
} else {
$auth_pass_encrypted = 'false';
}
if (get_pref($this->link, 'ENABLE_FEED_CATS')) {
if ($cat_id && $cat_id != 0) {
$category_qpart = "cat_id = '$cat_id',";
@@ -958,6 +976,7 @@ class Pref_Feeds extends Handler_Protected {
purge_interval = '$purge_intl',
auth_login = '$auth_login',
auth_pass = '$auth_pass',
auth_pass_encrypted = $auth_pass_encrypted,
private = $private,
cache_images = $cache_images,
hide_images = $hide_images,
@@ -1003,7 +1022,8 @@ class Pref_Feeds extends Handler_Protected {
break;
case "auth_pass":
$qpart = "auth_pass = '$auth_pass'";
$qpart = "auth_pass = '$auth_pass' AND
auth_pass_encrypted = $auth_pass_encrypted";
break;
case "private":
@@ -1841,12 +1861,20 @@ class Pref_Feeds extends Handler_Protected {
"SELECT id FROM ttrss_feeds
WHERE feed_url = '$feed' AND owner_uid = ".$_SESSION["uid"]);
if (strlen(FEED_CRYPT_KEY) > 0) {
require_once "crypt.php";
$pass = substr(encrypt_string($pass), 0, 250);
$auth_pass_encrypted = 'true';
} else {
$auth_pass_encrypted = 'false';
}
if (db_num_rows($result) == 0) {
$result = db_query($this->link,
"INSERT INTO ttrss_feeds
(owner_uid,feed_url,title,cat_id,auth_login,auth_pass,update_method)
(owner_uid,feed_url,title,cat_id,auth_login,auth_pass,update_method,auth_pass_encrypted)
VALUES ('".$_SESSION["uid"]."', '$feed',
'[Unknown]', $cat_qpart, '$login', '$pass', 0)");
'[Unknown]', $cat_qpart, '$login', '$pass', 0, $auth_pass_encrypted)");
}
db_query($this->link, "COMMIT");