forks/tinytinyrss-fever-plugin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fixed bug wih escaping password before hashing it

Browse Source
This commit is contained in:
Torsten Stelling
2013-06-28 20:51:18 +02:00
parent b124f64191
commit 9db7b8e96a
3 changed files with 16 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
fever/fever_api.php
View File

@@ -10,7 +10,7 @@ class FeverAPI extends Handler {
const STATUS_ERR = 0;
// debugging only functions with JSON
const DEBUG = false; // enable if you need some debug output in your tinytinyrss root
const DEBUG = true; // enable if you need some debug output in your tinytinyrss root
const DEBUG_USER = 0; // your user id you need to debug - look it up in your mysql database and set it to a value bigger than 0
const DEBUG_FILE = './debug_fever.txt'; // the file for debugging output
@@ -128,7 +128,7 @@ class FeverAPI extends Handler {
(isset($_REQUEST["password"]))) {
$email = $_REQUEST["email"];
$password = $_REQUEST["password"];
$apikey = strtoupper(md5($email.":".db_escape_string($password)));
$apikey = strtoupper(md5($email.":".$password));
setcookie('fever_auth',$apikey,time()+60*60*24*30);
if (self::DEBUG) {
// debug output
@@ -145,7 +145,7 @@ class FeverAPI extends Handler {
{
$result = $this->dbh->query("SELECT owner_uid
FROM ttrss_plugin_storage
WHERE content = '" . db_escape_string('a:1:{s:8:"password";s:32:"') . db_escape_string(strtolower($apikey)) . db_escape_string('";}') . "'");
WHERE content = '".db_escape_string('a:1:{s:8:"password";s:32:"'.strtolower($apikey).'";}') . "'");
if ($this->dbh->num_rows($result) > 0)
{