add UserHelper::find_user_by_login() and rewrite some user checks to invoke it instead of going through PDO
This commit is contained in:
Andrew Dolgov
parent
7af8744c85
commit
09e9f34bb4
|
|
@ -59,35 +59,25 @@ class API extends Handler {
|
|||
|
||||
if (SINGLE_USER_MODE) $login = "admin";
|
||||
|
||||
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE LOWER(login) = LOWER(?)");
|
||||
$sth->execute([$login]);
|
||||
|
||||
if ($row = $sth->fetch()) {
|
||||
$uid = $row["id"];
|
||||
if ($uid = UserHelper::find_user_by_login($login)) {
|
||||
if (get_pref("ENABLE_API_ACCESS", $uid)) {
|
||||
if (UserHelper::authenticate($login, $password, false, Auth_Base::AUTH_SERVICE_API)) { // try login with normal password
|
||||
$this->wrap(self::STATUS_OK, array("session_id" => session_id(),
|
||||
"api_level" => self::API_LEVEL));
|
||||
} else if (UserHelper::authenticate($login, $password_base64, false, Auth_Base::AUTH_SERVICE_API)) { // else try with base64_decoded password
|
||||
$this->wrap(self::STATUS_OK, array("session_id" => session_id(),
|
||||
"api_level" => self::API_LEVEL));
|
||||
} else { // else we are not logged in
|
||||
user_error("Failed login attempt for $login from " . UserHelper::get_user_ip(), E_USER_WARNING);
|
||||
$this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR"));
|
||||
}
|
||||
} else {
|
||||
$this->wrap(self::STATUS_ERR, array("error" => "API_DISABLED"));
|
||||
}
|
||||
} else {
|
||||
$uid = 0;
|
||||
}
|
||||
|
||||
if (!$uid) {
|
||||
$this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR"));
|
||||
return;
|
||||
}
|
||||
|
||||
if (get_pref("ENABLE_API_ACCESS", $uid)) {
|
||||
if (UserHelper::authenticate($login, $password, false, Auth_Base::AUTH_SERVICE_API)) { // try login with normal password
|
||||
$this->wrap(self::STATUS_OK, array("session_id" => session_id(),
|
||||
"api_level" => self::API_LEVEL));
|
||||
} else if (UserHelper::authenticate($login, $password_base64, false, Auth_Base::AUTH_SERVICE_API)) { // else try with base64_decoded password
|
||||
$this->wrap(self::STATUS_OK, array("session_id" => session_id(),
|
||||
"api_level" => self::API_LEVEL));
|
||||
} else { // else we are not logged in
|
||||
user_error("Failed login attempt for $login from " . UserHelper::get_user_ip(), E_USER_WARNING);
|
||||
$this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR"));
|
||||
}
|
||||
} else {
|
||||
$this->wrap(self::STATUS_ERR, array("error" => "API_DISABLED"));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
function logout() {
|
||||
|
|
|
|||
|
|
@ -15,13 +15,14 @@ abstract class Auth_Base extends Plugin implements IAuthModule {
|
|||
|
||||
// Auto-creates specified user if allowed by system configuration
|
||||
// Can be used instead of find_user_by_login() by external auth modules
|
||||
function auto_create_user($login, $password = false) {
|
||||
function auto_create_user(string $login, $password = false) {
|
||||
if ($login && defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE) {
|
||||
$user_id = $this->find_user_by_login($login);
|
||||
|
||||
if (!$password) $password = make_password();
|
||||
$user_id = UserHelper::find_user_by_login($login);
|
||||
|
||||
if (!$user_id) {
|
||||
|
||||
if (!$password) $password = make_password();
|
||||
|
||||
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
|
||||
$pwd_hash = encrypt_password($password, $salt, true);
|
||||
|
||||
|
|
@ -30,26 +31,18 @@ abstract class Auth_Base extends Plugin implements IAuthModule {
|
|||
VALUES (LOWER(?), 0, null, NOW(), ?,?)");
|
||||
$sth->execute([$login, $pwd_hash, $salt]);
|
||||
|
||||
return $this->find_user_by_login($login);
|
||||
return UserHelper::find_user_by_login($login);
|
||||
|
||||
} else {
|
||||
return $user_id;
|
||||
}
|
||||
}
|
||||
|
||||
return $this->find_user_by_login($login);
|
||||
return UserHelper::find_user_by_login($login);
|
||||
}
|
||||
|
||||
function find_user_by_login($login) {
|
||||
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
|
||||
LOWER(login) = LOWER(?)");
|
||||
$sth->execute([$login]);
|
||||
|
||||
if ($row = $sth->fetch()) {
|
||||
return $row["id"];
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
|
||||
// @deprecated
|
||||
function find_user_by_login(string $login) {
|
||||
return UserHelper::find_user_by_login($login);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -248,19 +248,15 @@ class Handler_Public extends Handler {
|
|||
$login = clean($_REQUEST["login"]);
|
||||
$fresh = clean($_REQUEST["fresh"]) == "1";
|
||||
|
||||
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE LOWER(login) = LOWER(?)");
|
||||
$sth->execute([$login]);
|
||||
|
||||
if ($row = $sth->fetch()) {
|
||||
$uid = $row["id"];
|
||||
$uid = UserHelper::find_user_by_login($login);
|
||||
|
||||
if ($uid) {
|
||||
print Feeds::getGlobalUnread($uid);
|
||||
|
||||
if ($fresh) {
|
||||
print ";";
|
||||
print Feeds::getFeedArticles(-3, false, true, $uid);
|
||||
}
|
||||
|
||||
} else {
|
||||
print "-1;User not found";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -237,22 +237,14 @@ class Pref_Users extends Handler_Protected {
|
|||
|
||||
if (!$login) return; // no blank usernames
|
||||
|
||||
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
|
||||
LOWER(login) = LOWER(?)");
|
||||
$sth->execute([$login]);
|
||||
|
||||
if (!$sth->fetch()) {
|
||||
if (!UserHelper::find_user_by_login($login)) {
|
||||
|
||||
$sth = $this->pdo->prepare("INSERT INTO ttrss_users
|
||||
(login,pwd_hash,access_level,last_login,created, salt)
|
||||
VALUES (LOWER(?), ?, 0, null, NOW(), ?)");
|
||||
$sth->execute([$login, $pwd_hash, $salt]);
|
||||
|
||||
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
|
||||
LOWER(login) = LOWER(?) AND pwd_hash = ?");
|
||||
$sth->execute([$login, $pwd_hash]);
|
||||
|
||||
if ($row = $sth->fetch()) {
|
||||
if ($new_uid = UserHelper::find_user_by_login($login)) {
|
||||
|
||||
$new_uid = $row['id'];
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,7 @@
|
|||
<?php
|
||||
class UserHelper {
|
||||
|
||||
static function authenticate($login, $password, $check_only = false, $service = false) {
|
||||
|
||||
static function authenticate(string $login = null, string $password = null, bool $check_only = false, string $service = null) {
|
||||
if (!SINGLE_USER_MODE) {
|
||||
$user_id = false;
|
||||
$auth_module = false;
|
||||
|
|
@ -71,7 +70,7 @@ class UserHelper {
|
|||
}
|
||||
}
|
||||
|
||||
static function load_user_plugins($owner_uid, $pluginhost = false) {
|
||||
static function load_user_plugins(int $owner_uid, PluginHost $pluginhost = null) {
|
||||
|
||||
if (!$pluginhost) $pluginhost = PluginHost::getInstance();
|
||||
|
||||
|
|
@ -145,4 +144,17 @@ class UserHelper {
|
|||
}
|
||||
}
|
||||
|
||||
static function find_user_by_login(string $login) {
|
||||
$pdo = Db::pdo();
|
||||
|
||||
$sth = $pdo->prepare("SELECT id FROM ttrss_users WHERE
|
||||
LOWER(login) = LOWER(?)");
|
||||
$sth->execute([$login]);
|
||||
|
||||
if ($row = $sth->fetch()) {
|
||||
return $row["id"];
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
21
register.php
21
register.php
|
|
@ -73,12 +73,8 @@
|
|||
if ($action == "check") {
|
||||
header("Content-Type: application/xml");
|
||||
|
||||
$login = trim(db_escape_string( $_REQUEST['login']));
|
||||
|
||||
$result = db_query( "SELECT id FROM ttrss_users WHERE
|
||||
LOWER(login) = LOWER('$login')");
|
||||
|
||||
$is_registered = db_num_rows($result) > 0;
|
||||
$login = clean($_REQUEST['login']);
|
||||
$is_registered = UserHelper::find_user_by_login($login);
|
||||
|
||||
print "<result>";
|
||||
|
||||
|
|
@ -258,10 +254,7 @@
|
|||
|
||||
if ($test == "four" || $test == "4") {
|
||||
|
||||
$result = db_query( "SELECT id FROM ttrss_users WHERE
|
||||
login = '$login'");
|
||||
|
||||
$is_registered = db_num_rows($result) > 0;
|
||||
$is_registered = UserHelper::find_user_by_login($login);
|
||||
|
||||
if ($is_registered) {
|
||||
print_error(__('Sorry, this username is already taken.'));
|
||||
|
|
@ -279,18 +272,14 @@
|
|||
(login,pwd_hash,access_level,last_login, email, created, salt)
|
||||
VALUES (LOWER('$login'), '$pwd_hash', 0, null, '$email', NOW(), '$salt')");
|
||||
|
||||
$result = db_query( "SELECT id FROM ttrss_users WHERE
|
||||
login = '$login' AND pwd_hash = '$pwd_hash'");
|
||||
$new_uid = UserHelper::find_user_by_login($login);
|
||||
|
||||
if (db_num_rows($result) != 1) {
|
||||
if (!$new_uid) {
|
||||
print_error(__('Registration failed.'));
|
||||
print "<p><form method=\"GET\" action=\"index.php\">
|
||||
<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
|
||||
</form>";
|
||||
} else {
|
||||
|
||||
$new_uid = db_fetch_result($result, 0, "id");
|
||||
|
||||
Pref_Users::initialize_user($new_uid);
|
||||
|
||||
$reg_text = "Hi!\n".
|
||||
|
|
|
|||
|
|
@ -502,13 +502,10 @@
|
|||
|
||||
Debug::log("Exporting feeds of user $user to $filename as OPML...");
|
||||
|
||||
$sth = $pdo->prepare("SELECT id FROM ttrss_users WHERE LOWER(login) = LOWER(?)");
|
||||
$sth->execute([$user]);
|
||||
|
||||
if ($res = $sth->fetch()) {
|
||||
if ($owner_uid = UserHelper::find_user_by_login($user)) {
|
||||
$opml = new OPML("");
|
||||
|
||||
$rc = $opml->opml_export($filename, $res["id"], false, true, true);
|
||||
$rc = $opml->opml_export($filename, $owner_uid, false, true, true);
|
||||
|
||||
Debug::log($rc ? "Success." : "Failed.");
|
||||
} else {
|
||||
|
|
|
|||
Loading…
Reference in New Issue