http user auth, password changer in preferences

2026-02-10 16:01:33 +00:00 · 2005-11-18 07:04:32 +01:00
parent 99620a7fe0
commit 1c7f75ed2c
7 changed files with 93 additions and 14 deletions
--- a/backend.php
+++ b/backend.php
@@ -1,6 +1,8 @@
 <?
 	session_start();

+	if (!$_SESSION["uid"]) { exit; }
+
 	define(SCHEMA_VERSION, 2);

 	require_once "config.php";
@@ -9,8 +11,8 @@
 	require_once "functions.php";
 	require_once "magpierss/rss_fetch.inc";

-	$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
-	$_SESSION["name"] = PLACEHOLDER_NAME;
+//	$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
+//	$_SESSION["name"] = PLACEHOLDER_NAME;

 	$op = $_REQUEST["op"];

@@ -1578,6 +1580,34 @@
 				print "Unknown option: $pref_name";
 			}

+		} else if ($subop == "Change password") {
+
+			if (WEB_DEMO_MODE) return;
+
+			$old_pw = $_POST["OLD_PASSWORD"];
+			$new_pw = $_POST["OLD_PASSWORD"];
+
+			$old_pw_hash = 'SHA1:' . sha1($_POST["OLD_PASSWORD"]);
+			$new_pw_hash = 'SHA1:' . sha1($_POST["NEW_PASSWORD"]);
+
+			$active_uid = $_SESSION["uid"];
+
+			if ($old_pw && $new_pw) {
+
+				$login = db_escape_string($_SERVER['PHP_AUTH_USER']);
+
+				$result = db_query($link, "SELECT id FROM ttrss_users WHERE 
+					id = '$active_uid' AND (pwd_hash = '$old_pw' OR 
+						pwd_hash = '$old_pw_hash')");
+
+				if (db_num_rows($result) == 1) {
+					db_query($link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash' 
+						WHERE id = '$active_uid'");				
+				}
+			}
+
+			header("Location: prefs.php");
+	
 		} else if ($subop == "Reset to defaults") {

 			if (WEB_DEMO_MODE) return;
@@ -1591,6 +1621,29 @@

 		} else {

+			print "<form action=\"backend.php\" method=\"POST\">";
+
+			print "<table width=\"100%\" class=\"prefPrefsList\">";
+ 			print "<tr><td colspan='3'><h3>Authentication</h3></tr></td>";
+
+			print "<tr><td width=\"40%\">Old password</td>";
+			print "<td><input class=\"editbox\" type=\"password\"
+				name=\"OLD_PASSWORD\"></td></tr>";
+
+			print "<tr><td width=\"40%\">New password</td>";
+			
+			print "<td><input class=\"editbox\" type=\"password\"
+				name=\"NEW_PASSWORD\"></td></tr>";
+
+			print "</table>";
+
+			print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">";
+
+			print "<p><input class=\"button\" type=\"submit\" 
+				value=\"Change password\" name=\"subop\">";
+
+			print "</form>";
+
 			$result = db_query($link, "SELECT 
 				ttrss_user_prefs.pref_name,short_desc,help_text,value,type_name,
 				section_name,def_value
@@ -1602,8 +1655,6 @@

 			print "<form action=\"backend.php\" method=\"POST\">";

-			print "<table width=\"100%\" class=\"prefPrefsList\">";
-	
 			$lnum = 0;

 			$active_section = "";
@@ -1613,8 +1664,10 @@
 				if ($active_section != $line["section_name"]) {

 					if ($active_section != "") {
-						print "</table><p><table width=\"100%\" class=\"prefPrefsList\">";
+						print "</table>";
 					}
+
+					print "<p><table width=\"100%\" class=\"prefPrefsList\">";
 				
 					$active_section = $line["section_name"];