diff --git a/backend.php b/backend.php index 5511668cf..9dd4c6f55 100644 --- a/backend.php +++ b/backend.php @@ -161,11 +161,6 @@ module_pref_filters($link); break; // pref-filters - case "pref_users": - require_once "modules/pref-users.php"; - module_pref_users($link); - break; // prefs-users - case "pref_instances": require_once "modules/pref-instances.php"; module_pref_instances($link); diff --git a/classes/pref_users.php b/classes/pref_users.php new file mode 100644 index 000000000..5f762b50e --- /dev/null +++ b/classes/pref_users.php @@ -0,0 +1,483 @@ +"; + + $uid = sprintf("%d", $_REQUEST["id"]); + + print "".__('User details').""; + + print "link, "SELECT login, + ".SUBSTRING_FOR_DATE."(last_login,1,16) AS last_login, + access_level, + (SELECT COUNT(int_id) FROM ttrss_user_entries + WHERE owner_uid = id) AS stored_articles, + ".SUBSTRING_FOR_DATE."(created,1,16) AS created + FROM ttrss_users + WHERE id = '$uid'"); + + if (db_num_rows($result) == 0) { + print "

".__('User not found')."

"; + return; + } + + // print "

User Details

"; + + $login = db_fetch_result($result, 0, "login"); + + print ""; + + $last_login = make_local_datetime($this->link, + db_fetch_result($result, 0, "last_login"), true); + + $created = make_local_datetime($this->link, + db_fetch_result($result, 0, "created"), true); + + $access_level = db_fetch_result($result, 0, "access_level"); + $stored_articles = db_fetch_result($result, 0, "stored_articles"); + + print ""; + print ""; + + $result = db_query($this->link, "SELECT COUNT(id) as num_feeds FROM ttrss_feeds + WHERE owner_uid = '$uid'"); + + $num_feeds = db_fetch_result($result, 0, "num_feeds"); + + print ""; + + print "
".__('Registered')."$created
".__('Last logged in')."$last_login
".__('Subscribed feeds count')."$num_feeds
"; + + print "

".__('Subscribed feeds')."

"; + + $result = db_query($this->link, "SELECT id,title,site_url FROM ttrss_feeds + WHERE owner_uid = '$uid' ORDER BY title"); + + print ""; + + print "
+
"; + + print "]]>"; + + return; + } + + function edit() { + global $access_level_names; + + header("Content-Type: text/xml"); + + $id = db_escape_string($_REQUEST["id"]); + + print ""; + print "".__('User Editor').""; + print ""; + + print ""; + print ""; + print ""; + + $result = db_query($this->link, "SELECT * FROM ttrss_users WHERE id = '$id'"); + + $login = db_fetch_result($result, 0, "login"); + $access_level = db_fetch_result($result, 0, "access_level"); + $email = db_fetch_result($result, 0, "email"); + + $sel_disabled = ($id == $_SESSION["uid"]) ? "disabled" : ""; + + print "
".__("User")."
"; + print "
"; + + if ($sel_disabled) { + print ""; + print ""; + } else { + print ""; + } + + print "
"; + + print "
".__("Authentication")."
"; + print "
"; + + print __('Access level: ') . " "; + + if (!$sel_disabled) { + print_select_hash("access_level", $access_level, $access_level_names, + $sel_disabled); + } else { + print_select_hash("", $access_level, $access_level_names, + $sel_disabled); + print ""; + } + + print "
"; + + print __('Change password to') . + " "; + + print "
"; + + print "
".__("Options")."
"; + print "
"; + + print __('E-mail: '). + " "; + + print "
"; + + print ""; + + print ""; + + print "
+ +
"; + + print "]]>"; + + return; + } + + function editSave() { + $login = db_escape_string(trim($_REQUEST["login"])); + $uid = db_escape_string($_REQUEST["id"]); + $access_level = (int) $_REQUEST["access_level"]; + $email = db_escape_string(trim($_REQUEST["email"])); + $password = db_escape_string(trim($_REQUEST["password"])); + + if ($password) { + $pwd_hash = encrypt_password($password, $login); + $pass_query_part = "pwd_hash = '$pwd_hash', "; + } else { + $pass_query_part = ""; + } + + db_query($this->link, "UPDATE ttrss_users SET $pass_query_part login = '$login', + access_level = '$access_level', email = '$email' WHERE id = '$uid'"); + + } + + function remove() { + $ids = split(",", db_escape_string($_REQUEST["ids"])); + + foreach ($ids as $id) { + if ($id != $_SESSION["uid"] && $id != 1) { + db_query($this->link, "DELETE FROM ttrss_tags WHERE owner_uid = '$id'"); + db_query($this->link, "DELETE FROM ttrss_feeds WHERE owner_uid = '$id'"); + db_query($this->link, "DELETE FROM ttrss_users WHERE id = '$id'"); + } + } + } + + function add() { + + $login = db_escape_string(trim($_REQUEST["login"])); + $tmp_user_pwd = make_password(8); + $pwd_hash = encrypt_password($tmp_user_pwd, $login); + + $result = db_query($this->link, "SELECT id FROM ttrss_users WHERE + login = '$login'"); + + if (db_num_rows($result) == 0) { + + db_query($this->link, "INSERT INTO ttrss_users + (login,pwd_hash,access_level,last_login,created) + VALUES ('$login', '$pwd_hash', 0, null, NOW())"); + + + $result = db_query($this->link, "SELECT id FROM ttrss_users WHERE + login = '$login' AND pwd_hash = '$pwd_hash'"); + + if (db_num_rows($result) == 1) { + + $new_uid = db_fetch_result($result, 0, "id"); + + print format_notice(T_sprintf("Added user %s with password %s", + $login, $tmp_user_pwd)); + + initialize_user($this->link, $new_uid); + + } else { + + print format_warning(T_sprintf("Could not create user %s", $login)); + + } + } else { + print format_warning(T_sprintf("User %s already exists.", $login)); + } + } + + function resetPass() { + + $uid = db_escape_string($_REQUEST["id"]); + + $result = db_query($this->link, "SELECT login,email + FROM ttrss_users WHERE id = '$uid'"); + + $login = db_fetch_result($result, 0, "login"); + $email = db_fetch_result($result, 0, "email"); + $tmp_user_pwd = make_password(8); + $pwd_hash = encrypt_password($tmp_user_pwd, $login); + + db_query($this->link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash' + WHERE id = '$uid'"); + + print T_sprintf("Changed password of user %s + to %s", $login, $tmp_user_pwd); + + require_once 'lib/phpmailer/class.phpmailer.php'; + + if ($email) { + print " "; + print T_sprintf("Notifying %s.", $email); + + require_once "lib/MiniTemplator.class.php"; + + $tpl = new MiniTemplator; + + $tpl->readTemplateFromFile("templates/resetpass_template.txt"); + + $tpl->setVariable('LOGIN', $login); + $tpl->setVariable('NEWPASS', $tmp_user_pwd); + + $tpl->addBlock('message'); + + $message = ""; + + $tpl->generateOutputToString($message); + + $mail = new PHPMailer(); + + $mail->PluginDir = "lib/phpmailer/"; + $mail->SetLanguage("en", "lib/phpmailer/language/"); + + $mail->CharSet = "UTF-8"; + + $mail->From = DIGEST_FROM_ADDRESS; + $mail->FromName = DIGEST_FROM_NAME; + $mail->AddAddress($email, $login); + + if (DIGEST_SMTP_HOST) { + $mail->Host = DIGEST_SMTP_HOST; + $mail->Mailer = "smtp"; + $mail->SMTPAuth = DIGEST_SMTP_LOGIN != ''; + $mail->Username = DIGEST_SMTP_LOGIN; + $mail->Password = DIGEST_SMTP_PASSWORD; + } + + $mail->IsHTML(false); + $mail->Subject = __("[tt-rss] Password change notification"); + $mail->Body = $message; + + $rc = $mail->Send(); + + if (!$rc) print_error($mail->ErrorInfo); + } + + print ""; + } + + function index() { + + global $access_level_names; + + print "
"; + print "
"; + + print "
"; + + $user_search = db_escape_string($_REQUEST["search"]); + + if (array_key_exists("search", $_REQUEST)) { + $_SESSION["prefs_user_search"] = $user_search; + } else { + $user_search = $_SESSION["prefs_user_search"]; + } + + print "
+ + +
"; + + $sort = db_escape_string($_REQUEST["sort"]); + + if (!$sort || $sort == "undefined") { + $sort = "login"; + } + + print "
". + "" . __('Select').""; + print "
"; + print "
".__('All')."
"; + print "
".__('None')."
"; + print "
"; + + print ""; + + print " + + + + "; + + print "
"; #toolbar + print "
"; #pane + print "
"; + + print "
"; + + if ($user_search) { + + $user_search = split(" ", $user_search); + $tokens = array(); + + foreach ($user_search as $token) { + $token = trim($token); + array_push($tokens, "(UPPER(login) LIKE UPPER('%$token%'))"); + } + + $user_search_query = "(" . join($tokens, " AND ") . ") AND "; + + } else { + $user_search_query = ""; + } + + $result = db_query($this->link, "SELECT + id,login,access_level,email, + ".SUBSTRING_FOR_DATE."(last_login,1,16) as last_login, + ".SUBSTRING_FOR_DATE."(created,1,16) as created + FROM + ttrss_users + WHERE + $user_search_query + id > 0 + ORDER BY $sort"); + + if (db_num_rows($result) > 0) { + + print "

"; + + print " + + + + + "; + + $lnum = 0; + + while ($line = db_fetch_assoc($result)) { + + $class = ($lnum % 2) ? "even" : "odd"; + + $uid = $line["id"]; + + print ""; + + $line["login"] = htmlspecialchars($line["login"]); + + $line["created"] = make_local_datetime($this->link, $line["created"], false); + $line["last_login"] = make_local_datetime($this->link, $line["last_login"], false); + + print ""; + + $onclick = "onclick='editUser($uid, event)' title='".__('Click to edit')."'"; + + print ""; + + if (!$line["email"]) $line["email"] = " "; + + print ""; + print ""; + print ""; + + print ""; + + ++$lnum; + } + + print "
 ".__('Login')."".__('Access Level')."".__('Registered')."".__('Last login')."
" . $line["login"] . "" . $access_level_names[$line["access_level"]] . "" . $line["created"] . "" . $line["last_login"] . "
"; + + } else { + print "

"; + if (!$user_search) { + print_warning(__('No users defined.')); + } else { + print_warning(__('No matching users found.')); + } + print "

"; + + } + + print "
"; #pane + print "
"; #container + + } + + } +?> diff --git a/js/prefs.js b/js/prefs.js index 4e1dadda2..896a787c6 100644 --- a/js/prefs.js +++ b/js/prefs.js @@ -5,33 +5,8 @@ var hotkey_prefix_pressed = false; var seq = ""; -function instancelist_callback2(transport) { - try { - dijit.byId('instanceConfigTab').attr('content', transport.responseText); - selectTab("instanceConfig", true); - notify(""); - } catch (e) { - exception_error("instancelist_callback2", e); - } -} - -function filterlist_callback2(transport) { - dijit.byId('filterConfigTab').attr('content', transport.responseText); - notify(""); -} - -function userlist_callback2(transport) { - try { - dijit.byId('userConfigTab').attr('content', transport.responseText); - - notify(""); - } catch (e) { - exception_error("userlist_callback2", e); - } -} - -function notify_callback2(transport) { - notify_info(transport.responseText); +function notify_callback2(transport, sticky) { + notify_info(transport.responseText, sticky); } function updateFeedList(sort_key) { @@ -53,14 +28,14 @@ function updateInstanceList(sort_key) { new Ajax.Request("backend.php", { parameters: "?op=pref-instances&sort=" + param_escape(sort_key), onComplete: function(transport) { - instancelist_callback2(transport); + dijit.byId('instanceConfigTab').attr('content', transport.responseText); + selectTab("instanceConfig", true); + notify(""); } }); } function updateUsersList(sort_key) { - try { - var user_search = $("user_search"); var search = ""; if (user_search) { search = user_search.value; } @@ -72,7 +47,9 @@ function updateUsersList(sort_key) { new Ajax.Request("backend.php", { parameters: query, onComplete: function(transport) { - userlist_callback2(transport); + dijit.byId('userConfigTab').attr('content', transport.responseText); + selectTab("userConfig", true) + notify(""); } }); } catch (e) { @@ -103,7 +80,8 @@ function addUser() { new Ajax.Request("backend.php", { parameters: query, onComplete: function(transport) { - userlist_callback2(transport); + notify_callback2(transport); + updateUsersList(); } }); } catch (e) { @@ -332,7 +310,7 @@ function removeSelectedUsers() { new Ajax.Request("backend.php", { parameters: query, onComplete: function(transport) { - userlist_callback2(transport); + updateUsersList(); } }); } @@ -503,7 +481,7 @@ function userEditSave() { new Ajax.Request("backend.php", { parameters: query, onComplete: function(transport) { - userlist_callback2(transport); + updateUsersList(); } }); } catch (e) { @@ -562,7 +540,7 @@ function resetSelectedUserPass() { new Ajax.Request("backend.php", { parameters: query, onComplete: function(transport) { - userlist_callback2(transport); + notify_info(transport.responseText); } }); } @@ -592,7 +570,7 @@ function selectedUserDetails() { var id = rows[0]; - var query = "?op=pref-users&method=user-details&id=" + id; + var query = "?op=pref-users&method=userdetails&id=" + id; new Ajax.Request("backend.php", { parameters: query, @@ -816,7 +794,8 @@ function updateFilterList() { new Ajax.Request("backend.php", { parameters: "?op=pref-filters", onComplete: function(transport) { - filterlist_callback2(transport); + dijit.byId('filterConfigTab').attr('content', transport.responseText); + notify(""); } }); } diff --git a/modules/pref-users.php b/modules/pref-users.php deleted file mode 100644 index 8f6ba10a2..000000000 --- a/modules/pref-users.php +++ /dev/null @@ -1,501 +0,0 @@ -"; - - $uid = sprintf("%d", $_REQUEST["id"]); - - print "".__('User details').""; - - print "".__('User not found').""; - return; - } - - // print "

User Details

"; - - $login = db_fetch_result($result, 0, "login"); - - print ""; - - $last_login = make_local_datetime($link, - db_fetch_result($result, 0, "last_login"), true); - - $created = make_local_datetime($link, - db_fetch_result($result, 0, "created"), true); - - $access_level = db_fetch_result($result, 0, "access_level"); - $stored_articles = db_fetch_result($result, 0, "stored_articles"); - - print ""; - print ""; - - $result = db_query($link, "SELECT COUNT(id) as num_feeds FROM ttrss_feeds - WHERE owner_uid = '$uid'"); - - $num_feeds = db_fetch_result($result, 0, "num_feeds"); - - print ""; - - print "
".__('Registered')."$created
".__('Last logged in')."$last_login
".__('Subscribed feeds count')."$num_feeds
"; - - print "

".__('Subscribed feeds')."

"; - - $result = db_query($link, "SELECT id,title,site_url FROM ttrss_feeds - WHERE owner_uid = '$uid' ORDER BY title"); - - print ""; - - print "
-
"; - - print "]]>"; - - return; - } - - if ($method == "edit") { - - header("Content-Type: text/xml"); - - $id = db_escape_string($_REQUEST["id"]); - - print ""; - print "".__('User Editor').""; - print ""; - - print ""; - print ""; - print ""; - - $result = db_query($link, "SELECT * FROM ttrss_users WHERE id = '$id'"); - - $login = db_fetch_result($result, 0, "login"); - $access_level = db_fetch_result($result, 0, "access_level"); - $email = db_fetch_result($result, 0, "email"); - - $sel_disabled = ($id == $_SESSION["uid"]) ? "disabled" : ""; - - print "
".__("User")."
"; - print "
"; - - if ($sel_disabled) { - print ""; - print ""; - } else { - print ""; - } - - print "
"; - - print "
".__("Authentication")."
"; - print "
"; - - print __('Access level: ') . " "; - - if (!$sel_disabled) { - print_select_hash("access_level", $access_level, $access_level_names, - $sel_disabled); - } else { - print_select_hash("", $access_level, $access_level_names, - $sel_disabled); - print ""; - } - - print "
"; - - print __('Change password to') . - " "; - - print "
"; - - print "
".__("Options")."
"; - print "
"; - - print __('E-mail: '). - " "; - - print "
"; - - print ""; - - print ""; - - print "
- -
"; - - print "]]>"; - - return; - } - - if ($method == "editSave") { - - if ($_SESSION["access_level"] >= 10) { - - $login = db_escape_string(trim($_REQUEST["login"])); - $uid = db_escape_string($_REQUEST["id"]); - $access_level = (int) $_REQUEST["access_level"]; - $email = db_escape_string(trim($_REQUEST["email"])); - $password = db_escape_string(trim($_REQUEST["password"])); - - if ($password) { - $pwd_hash = encrypt_password($password, $login); - $pass_query_part = "pwd_hash = '$pwd_hash', "; - $status_msg = format_notice(T_sprintf('Changed password of user %s.', $login)); - } else { - $pass_query_part = ""; - } - - db_query($link, "UPDATE ttrss_users SET $pass_query_part login = '$login', - access_level = '$access_level', email = '$email' WHERE id = '$uid'"); - - } - } else if ($method == "remove") { - - if ($_SESSION["access_level"] >= 10) { - - $ids = split(",", db_escape_string($_REQUEST["ids"])); - - foreach ($ids as $id) { - if ($id != $_SESSION["uid"] && $id != 1) { - db_query($link, "DELETE FROM ttrss_tags WHERE owner_uid = '$id'"); - db_query($link, "DELETE FROM ttrss_feeds WHERE owner_uid = '$id'"); - db_query($link, "DELETE FROM ttrss_users WHERE id = '$id'"); - } - } - } - } else if ($method == "add") { - - if ($_SESSION["access_level"] >= 10) { - - $login = db_escape_string(trim($_REQUEST["login"])); - $tmp_user_pwd = make_password(8); - $pwd_hash = encrypt_password($tmp_user_pwd, $login); - - $result = db_query($link, "SELECT id FROM ttrss_users WHERE - login = '$login'"); - - if (db_num_rows($result) == 0) { - - db_query($link, "INSERT INTO ttrss_users - (login,pwd_hash,access_level,last_login,created) - VALUES ('$login', '$pwd_hash', 0, null, NOW())"); - - - $result = db_query($link, "SELECT id FROM ttrss_users WHERE - login = '$login' AND pwd_hash = '$pwd_hash'"); - - if (db_num_rows($result) == 1) { - - $new_uid = db_fetch_result($result, 0, "id"); - - $status_msg = format_notice(T_sprintf("Added user %s with password %s", - $login, $tmp_user_pwd)); - - initialize_user($link, $new_uid); - - } else { - - $status_msg = format_warning(T_sprintf("Could not create user %s", $login)); - - } - } else { - $status_msg = format_warning(T_sprintf("User %s already exists.", $login)); - } - } - } else if ($method == "resetPass") { - - if ($_SESSION["access_level"] >= 10) { - - $uid = db_escape_string($_REQUEST["id"]); - - $result = db_query($link, "SELECT login,email - FROM ttrss_users WHERE id = '$uid'"); - - $login = db_fetch_result($result, 0, "login"); - $email = db_fetch_result($result, 0, "email"); - $tmp_user_pwd = make_password(8); - $pwd_hash = encrypt_password($tmp_user_pwd, $login); - - db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash' - WHERE id = '$uid'"); - - $status_msg = format_notice(T_sprintf("Changed password of user %s - to %s", $login, $tmp_user_pwd)); - - require_once 'lib/phpmailer/class.phpmailer.php'; - - if ($email) { - $status_msg += format_notice(T_sprintf("Notifying %s.", $email)); - - require_once "lib/MiniTemplator.class.php"; - - $tpl = new MiniTemplator; - - $tpl->readTemplateFromFile("templates/resetpass_template.txt"); - - $tpl->setVariable('LOGIN', $login); - $tpl->setVariable('NEWPASS', $tmp_user_pwd); - - $tpl->addBlock('message'); - - $message = ""; - - $tpl->generateOutputToString($message); - - $mail = new PHPMailer(); - - $mail->PluginDir = "lib/phpmailer/"; - $mail->SetLanguage("en", "lib/phpmailer/language/"); - - $mail->CharSet = "UTF-8"; - - $mail->From = DIGEST_FROM_ADDRESS; - $mail->FromName = DIGEST_FROM_NAME; - $mail->AddAddress($email, $login); - - if (DIGEST_SMTP_HOST) { - $mail->Host = DIGEST_SMTP_HOST; - $mail->Mailer = "smtp"; - $mail->SMTPAuth = DIGEST_SMTP_LOGIN != ''; - $mail->Username = DIGEST_SMTP_LOGIN; - $mail->Password = DIGEST_SMTP_PASSWORD; - } - - $mail->IsHTML(false); - $mail->Subject = __("[tt-rss] Password change notification"); - $mail->Body = $message; - - $rc = $mail->Send(); - - if (!$rc) print_error($mail->ErrorInfo); - -/* mail("$login <$email>", "Password reset notification", - "Hi, $login.\n". - "\n". - "Your password for this TT-RSS installation was reset by". - " an administrator.\n". - "\n". - "Your new password is $tmp_user_pwd, please remember". - " it for later reference.\n". - "\n". - "Sincerely, TT-RSS Mail Daemon.", "From: " . MAIL_FROM); */ - } - - print ""; - - } - } - - print "
"; - print "
"; - - print "
"; - - $user_search = db_escape_string($_REQUEST["search"]); - - if (array_key_exists("search", $_REQUEST)) { - $_SESSION["prefs_user_search"] = $user_search; - } else { - $user_search = $_SESSION["prefs_user_search"]; - } - - print "
- - -
"; - - $sort = db_escape_string($_REQUEST["sort"]); - - if (!$sort || $sort == "undefined") { - $sort = "login"; - } - - print "
". - "" . __('Select').""; - print "
"; - print "
".__('All')."
"; - print "
".__('None')."
"; - print "
"; - - print ""; - - print " - - - - "; - - print "
"; #toolbar - print "
"; #pane - print "
"; - print "

$status_msg"; - - if ($user_search) { - - $user_search = split(" ", $user_search); - $tokens = array(); - - foreach ($user_search as $token) { - $token = trim($token); - array_push($tokens, "(UPPER(login) LIKE UPPER('%$token%'))"); - } - - $user_search_query = "(" . join($tokens, " AND ") . ") AND "; - - } else { - $user_search_query = ""; - } - - $result = db_query($link, "SELECT - id,login,access_level,email, - ".SUBSTRING_FOR_DATE."(last_login,1,16) as last_login, - ".SUBSTRING_FOR_DATE."(created,1,16) as created - FROM - ttrss_users - WHERE - $user_search_query - id > 0 - ORDER BY $sort"); - - if (db_num_rows($result) > 0) { - - print "

"; - - print " - - - - - "; - - $lnum = 0; - - while ($line = db_fetch_assoc($result)) { - - $class = ($lnum % 2) ? "even" : "odd"; - - $uid = $line["id"]; - $edit_uid = $_REQUEST["id"]; - - if ($method == "edit" && $uid != $edit_uid) { - $class .= " Grayed"; - $this_row_id = ""; - } else { - $this_row_id = "id=\"UMRR-$uid\""; - } - - print ""; - - $line["login"] = htmlspecialchars($line["login"]); - - $line["created"] = make_local_datetime($link, $line["created"], false); - $line["last_login"] = make_local_datetime($link, $line["last_login"], false); - - print ""; - - $onclick = "onclick='editUser($uid, event)' title='".__('Click to edit')."'"; - - print ""; - - if (!$line["email"]) $line["email"] = " "; - - print ""; - print ""; - print ""; - - print ""; - - ++$lnum; - } - - print "
 ".__('Login')."".__('Access Level')."".__('Registered')."".__('Last login')."
" . $line["login"] . "" . $access_level_names[$line["access_level"]] . "" . $line["created"] . "" . $line["last_login"] . "
"; - - } else { - print "

"; - if (!$user_search) { - print_warning(__('No users defined.')); - } else { - print_warning(__('No matching users found.')); - } - print "

"; - - } - - print "
"; #pane - print "
"; #container - - } -?>