From 131b01b336850c574d3b518927a4910065fc4cb6 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Tue, 23 May 2006 06:45:13 +0100 Subject: [PATCH] authenticate_user always returns true in SINGLE_USER_MODE --- functions.php | 47 ++++++++++++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 19 deletions(-) diff --git a/functions.php b/functions.php index 30f309dd3..99f749e1c 100644 --- a/functions.php +++ b/functions.php @@ -836,31 +836,40 @@ function authenticate_user($link, $login, $password) { - $pwd_hash = 'SHA1:' . sha1($password); - - $result = db_query($link, "SELECT id,login,access_level FROM ttrss_users WHERE - login = '$login' AND pwd_hash = '$pwd_hash'"); - - if (db_num_rows($result) == 1) { - $_SESSION["uid"] = db_fetch_result($result, 0, "id"); - $_SESSION["name"] = db_fetch_result($result, 0, "login"); - $_SESSION["access_level"] = db_fetch_result($result, 0, "access_level"); - - db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . - $_SESSION["uid"]); + if (!SINGLE_USER_MODE) { - $user_theme = get_user_theme_path($link); + $pwd_hash = 'SHA1:' . sha1($password); + + $result = db_query($link, "SELECT id,login,access_level FROM ttrss_users WHERE + login = '$login' AND pwd_hash = '$pwd_hash'"); + + if (db_num_rows($result) == 1) { + $_SESSION["uid"] = db_fetch_result($result, 0, "id"); + $_SESSION["name"] = db_fetch_result($result, 0, "login"); + $_SESSION["access_level"] = db_fetch_result($result, 0, "access_level"); + + db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . + $_SESSION["uid"]); + + $user_theme = get_user_theme_path($link); + + $_SESSION["theme"] = $user_theme; + $_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"]; + + initialize_user_prefs($link, $_SESSION["uid"]); + + return true; + } + + return false; - $_SESSION["theme"] = $user_theme; - $_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"]; + } else { - initialize_user_prefs($link, $_SESSION["uid"]); + $_SESSION["uid"] = 1; + $_SESSION["name"] = "admin"; return true; } - - return false; - } function make_password($length = 8) {