Use User::authenticate in addons

- dav
- jappixmini
- windowsphonepush

diff --git a/dav/friendica/dav_friendica_auth.inc.php b/dav/friendica/dav_friendica_auth.inc.php
index 31a88b6884d0547048b5205c850a20ba6b5ebd14..9b42ab8a8c789062533bcc1a56d0506093e08209 100644 (file)
--- a/dav/friendica/dav_friendica_auth.inc.php
+++ b/dav/friendica/dav_friendica_auth.inc.php
@@ -67,7 +67,7 @@ class Sabre_DAV_Auth_Backend_Std extends Sabre_DAV_Auth_Backend_AbstractBasic
                }
 
                // Authenticates the user
-               if (!$this->validateUserPass($userpass[0],$userpass[1])) {
+               if (!$this->validateUserPass($userpass[0], $userpass[1])) {
                        $auth->requireLogin();
                        throw new Sabre_DAV_Exception_NotAuthenticated('Username or password does not match');
                }
@@ -80,13 +80,8 @@ class Sabre_DAV_Auth_Backend_Std extends Sabre_DAV_Auth_Backend_AbstractBasic
         * @param string $password
         * @return bool
         */
-       protected function validateUserPass($username, $password) {
-               $encrypted = hash('whirlpool',trim($password));
-               $r = q("SELECT COUNT(*) anz FROM `user` WHERE `nickname` = '%s' AND `password` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1",
-                       dbesc(trim($username)),
-                       dbesc($encrypted)
-               );
-               return ($r[0]["anz"] == 1);
-    }
-    
+       protected function validateUserPass($username, $password)
+       {
+               return User::authenticate($username, $password);
+       }
 }

diff --git a/jappixmini/jappixmini.php b/jappixmini/jappixmini.php
index ba82a076270f4ee36b47cbeed35b286ed614dbf2..faac6a815477a45712baa2c9835628948f3a0991 100644 (file)
--- a/jappixmini/jappixmini.php
+++ b/jappixmini/jappixmini.php
@@ -429,11 +429,7 @@ function jappixmini_settings_post(App $a, &$b)
                if ($encrypt) {
                        // check that Jabber password was encrypted with correct Friendica password
                        $friendica_password = trim($b['jappixmini-friendica-password']);
-                       $encrypted = hash('whirlpool',$friendica_password);
-                       $r = q("SELECT * FROM `user` WHERE `uid`=$uid AND `password`='%s'",
-                               dbesc($encrypted)
-                       );
-                       if (!count($r)) {
+                       if (!User::authenticate((int) $uid, $friendica_password)) {
                                info("Wrong friendica password!");
                                return;
                        }

diff --git a/windowsphonepush/windowsphonepush.php b/windowsphonepush/windowsphonepush.php
index ffebd410c3f299071388586e1ae1b5c6c9f11b67..baa4c656e3beace9c1b015cfb223fd70edd4ea69 100644 (file)
--- a/windowsphonepush/windowsphonepush.php
+++ b/windowsphonepush/windowsphonepush.php
@@ -455,19 +455,10 @@ function windowsphonepush_login(App $a)
                die('This api requires login');
        }
 
-       $user = $_SERVER['PHP_AUTH_USER'];
-       $encrypted = hash('whirlpool',trim($_SERVER['PHP_AUTH_PW']));
-
-       // check if user specified by app is available in the user table
-       $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' )
-           AND `password` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 LIMIT 1",
-           dbesc(trim($user)),
-           dbesc(trim($user)),
-           dbesc($encrypted)
-       );
+       $user_id = User::authenticate($_SERVER['PHP_AUTH_USER'], trim($_SERVER['PHP_AUTH_PW']));
 
-       if(count($r)){
-           $record = $r[0];
+       if ($user_id) {
+               $record = dba::select('user', [], ['uid' => $user_id], ['limit' => 1]);
        } else {
                logger('API_login failure: ' . print_r($_SERVER, true), LOGGER_DEBUG);
                header('WWW-Authenticate: Basic realm="Friendica"');