removed debug flag

fixed bug wih escaping password before hashing it
2013-06-28 20:51:55 +02:00 · 2013-06-28 20:51:18 +02:00
3 changed files with 15 additions and 3 deletions
--- a/README.md
+++ b/README.md
@@ -11,6 +11,7 @@ This plugin is an open source module for TinyTinyRSS which simulates the Fever A
 * <a href="#supported">Supported/Tested Clients</a>
 * <a href="#installation">Installation</a>
 * <a href="#debug">Debugging</a>
+* <a href="#error">Error reporting</a>
 * <a href="#license">License</a>
 * <a href="#changelog">Changelog</a>

@@ -49,6 +50,12 @@ In the file ```fever_api.php``` there are two flags for debugging at the beginni
 * ```DEBUG_USER``` - set this to the id (from ttrss_users) of your user you would like to always authenticate on your Tiny Tiny RSS installation. The authentication process is then skipped and the api gets always authentication.
 * ```DEBUG_FILE``` - set this to a filename that suits you for debugging this plugin if you need to.

+## <a name="error">Error reporting</a>
+
+When you find an error you may post it in the plugin [thread](http://tt-rss.org/forum/viewtopic.php?f=22&t=1981) or here on github.com in the ```Issues``` section.
+
+Please include your debug log which should be cleaned up. Please remove your username, password and apikey before posting it.
+
 ## <a name="license">License</a>

 Licensed under GNU GPL version 2 (<- I think this is okay for this plugin…)
@@ -84,3 +91,8 @@ v1.4.3 - 2013/6/28
 * added ```DEBUG_FILE``` to debug configuration
 * changed authentication call from Mr.Reader so that the reply is also uppercase, since the API-KEY comes in uppercase from clients
 * fixed debug output while authentication in Mr.Reader with displaying the email adress
+
+v1.4.4 - 2013/6/28
+
+* updated the documentation
+* changed some in saving the generated API-KEY - now its generated like in the Fever API documentation
--- a/fever/fever_api.php
+++ b/fever/fever_api.php
@@ -128,7 +128,7 @@ class FeverAPI extends Handler {
 			(isset($_REQUEST["password"]))) {
 			$email = $_REQUEST["email"];
 			$password = $_REQUEST["password"];
-			$apikey = strtoupper(md5($email.":".db_escape_string($password)));
+			$apikey = strtoupper(md5($email.":".$password));
 			setcookie('fever_auth',$apikey,time()+60*60*24*30);
 			if (self::DEBUG) {
 				// debug output
@@ -145,7 +145,7 @@ class FeverAPI extends Handler {
 		{
 			$result = $this->dbh->query("SELECT	owner_uid
 										 FROM ttrss_plugin_storage
-										 WHERE content = '" . db_escape_string('a:1:{s:8:"password";s:32:"') . db_escape_string(strtolower($apikey)) . db_escape_string('";}') . "'");
+										 WHERE content = '".db_escape_string('a:1:{s:8:"password";s:32:"'.strtolower($apikey).'";}') . "'");

 			if ($this->dbh->num_rows($result) > 0)
 			{
--- a/fever/init.php
+++ b/fever/init.php
@@ -69,7 +69,7 @@ class Fever extends Plugin {
 			$result = db_query("SELECT login FROM ttrss_users WHERE id = '" . db_escape_string($_SESSION["uid"]) . "'");
 			if ($line = db_fetch_assoc($result))
 			{
-				$password = md5($line["login"] . ":" . db_escape_string($_POST["password"]));
+				$password = md5($line["login"] . ":" . $_POST["password"]);
 				$this->host->set($this, "password", $password);
 				echo __("Password saved.");
 			}
Author	SHA1	Message	Date
Torsten Stelling	5627bdeb7f	removed debug flag	2013-06-28 20:51:55 +02:00
Torsten Stelling	9db7b8e96a	fixed bug wih escaping password before hashing it	2013-06-28 20:51:18 +02:00