servers
/
ttrss
mirror of https://tt-rss.org/git/tt-rss.git
1
0
Fork 0
Code Issues Releases Wiki Activity

auth_internal.change_password: do not rely on session

This commit is contained in:
Andrew Dolgov 2012-08-16 18:27:26 +04:00
parent d5fd183d18
commit dc0374df2b
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
classes/auth_internal.php
View File

@ -75,14 +75,15 @@ class Auth_Internal extends Auth_Base {
function change_password($owner_uid, $old_password, $new_password) {
$owner_uid = db_escape_string($owner_uid);
$result = db_query($this->link, "SELECT salt FROM ttrss_users WHERE
$result = db_query($this->link, "SELECT salt,login FROM ttrss_users WHERE
id = '$owner_uid'");
$salt = db_fetch_result($result, 0, "salt");
$login = db_fetch_result($result, 0, "login");
if (!$salt) {
$old_password_hash1 = encrypt_password($old_password);
$old_password_hash2 = encrypt_password($old_password, $_SESSION["name"]);
$old_password_hash2 = encrypt_password($old_password, $login);
$query = "SELECT id FROM ttrss_users WHERE
id = '$owner_uid' AND (pwd_hash = '$old_password_hash1' OR