From 031ee47a3e3de0d86fd5f951af3a136d85b387c5 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Mon, 1 Mar 2021 23:07:20 +0300
Subject: [PATCH] don't try to pass string literal NOW() to ORM as a timestamp

---
 classes/auth/base.php          | 2 +-
 classes/db.php                 | 4 ++++
 classes/feeds.php              | 2 +-
 classes/pref/users.php         | 2 +-
 classes/userhelper.php         | 4 ++--
 plugins/auth_internal/init.php | 2 +-
 6 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/classes/auth/base.php b/classes/auth/base.php
index 883c0df30..82ea06e1b 100644
--- a/classes/auth/base.php
+++ b/classes/auth/base.php
@@ -29,7 +29,7 @@ abstract class Auth_Base extends Plugin implements IAuthModule {
 				$user->login = mb_strtolower($login);
 				$user->pwd_hash = UserHelper::hash_password($password, $user->salt);
 				$user->access_level = 0;
-				$user->created = 'NOW()';
+				$user->created = Db::NOW();
 				$user->save();
 
 				return UserHelper::find_user_by_login($login);
diff --git a/classes/db.php b/classes/db.php
index a30ffad31..008275bca 100755
--- a/classes/db.php
+++ b/classes/db.php
@@ -16,6 +16,10 @@ class Db
 		ORM::configure('return_result_sets', true);
 	}
 
+	static function NOW() {
+		return date("Y-m-d H:i:s", time());
+	}
+
 	private function __clone() {
 		//
 	}
diff --git a/classes/feeds.php b/classes/feeds.php
index d100b2dc9..1e648a958 100755
--- a/classes/feeds.php
+++ b/classes/feeds.php
@@ -475,7 +475,7 @@ class Feeds extends Handler_Protected {
 		/* bump login timestamp if needed */
 		if (time() - $_SESSION["last_login_update"] > 3600) {
 			$user = ORM::for_table('ttrss_users')->find_one($_SESSION["uid"]);
-			$user->last_login = 'NOW()';
+			$user->last_login = Db::NOW();
 			$user->save();
 
 			$_SESSION["last_login_update"] = time();
diff --git a/classes/pref/users.php b/classes/pref/users.php
index 071f20a73..cd56b4f24 100644
--- a/classes/pref/users.php
+++ b/classes/pref/users.php
@@ -157,7 +157,7 @@ class Pref_Users extends Handler_Administrative {
 				$user->login = mb_strtolower($login);
 				$user->pwd_hash = UserHelper::hash_password($new_password, $user->salt);
 				$user->access_level = 0;
-				$user->created = 'NOW()';
+				$user->created = Db::NOW();
 				$user->save();
 
 				if ($new_uid = UserHelper::find_user_by_login($login)) {
diff --git a/classes/userhelper.php b/classes/userhelper.php
index 1d14b51b0..4b795df7d 100644
--- a/classes/userhelper.php
+++ b/classes/userhelper.php
@@ -51,7 +51,7 @@ class UserHelper {
 					$_SESSION["user_agent"] = sha1($_SERVER['HTTP_USER_AGENT']);
 					$_SESSION["pwd_hash"] = $user->pwd_hash;
 
-					$user->last_login = 'NOW()';
+					$user->last_login = Db::NOW();
 					$user->save();
 
 					return true;
@@ -132,7 +132,7 @@ class UserHelper {
 			} else {
 				/* bump login timestamp */
 				$user = ORM::for_table('ttrss_users')->find_one($_SESSION["uid"]);
-				$user->last_login = 'NOW()';
+				$user->last_login = Db::NOW();
 				$user->save();
 
 				$_SESSION["last_login_update"] = time();
diff --git a/plugins/auth_internal/init.php b/plugins/auth_internal/init.php
index 70f071057..bc0527e7f 100644
--- a/plugins/auth_internal/init.php
+++ b/plugins/auth_internal/init.php
@@ -237,7 +237,7 @@ class Auth_Internal extends Auth_Base {
 
 			if (hash_equals("$pwd_algo:$raw_hash", $test_hash)) {
 				$pass = ORM::for_table('ttrss_app_passwords')->find_one($row["id"]);
-				$pass->last_used = 'NOW()';
+				$pass->last_used = Db::NOW();
 
 				if ($pwd_algo != UserHelper::HASH_ALGOS[0]) {
 					// upgrade password to current algo