[tt-rss.git] / classes / pref / users.php

<?php
class Pref_Users extends Handler_Protected {
		function before($method) {
			if (parent::before($method)) {
				if ($_SESSION["access_level"] < 10) {
					print __("Your access level is insufficient to open this tab.");
					return false;
				}
				return true;
			}
			return false;
		}

		function csrf_ignore($method) {
			$csrf_ignored = array("index", "edit", "userdetails");

			return array_search($method, $csrf_ignored) !== false;
		}

		function userdetails() {

			$uid = sprintf("%d", $_REQUEST["id"]);

			$result = $this->dbh->query("SELECT login,
				".SUBSTRING_FOR_DATE."(last_login,1,16) AS last_login,
				access_level,
				(SELECT COUNT(int_id) FROM ttrss_user_entries
					WHERE owner_uid = id) AS stored_articles,
				".SUBSTRING_FOR_DATE."(created,1,16) AS created
				FROM ttrss_users
				WHERE id = '$uid'");

			if ($this->dbh->num_rows($result) == 0) {
				print "<h1>".__('User not found')."</h1>";
				return;
			}

			print "<table width='100%'>";

			$last_login = make_local_datetime(
				$this->dbh->fetch_result($result, 0, "last_login"), true);

			$created = make_local_datetime(
				$this->dbh->fetch_result($result, 0, "created"), true);

			$stored_articles = $this->dbh->fetch_result($result, 0, "stored_articles");

			print "<tr><td>".__('Registered')."</td><td>$created</td></tr>";
			print "<tr><td>".__('Last logged in')."</td><td>$last_login</td></tr>";

			$result = $this->dbh->query("SELECT COUNT(id) as num_feeds FROM ttrss_feeds
				WHERE owner_uid = '$uid'");

			$num_feeds = $this->dbh->fetch_result($result, 0, "num_feeds");

			print "<tr><td>".__('Subscribed feeds count')."</td><td>$num_feeds</td></tr>";
			print "<tr><td>".__('Stored articles')."</td><td>$stored_articles</td></tr>";

			print "</table>";

			print "<h1>".__('Subscribed feeds')."</h1>";

			$result = $this->dbh->query("SELECT id,title,site_url FROM ttrss_feeds
				WHERE owner_uid = '$uid' ORDER BY title");

			print "<ul class=\"userFeedList\">";

			while ($line = $this->dbh->fetch_assoc($result)) {

				$icon_file = ICONS_URL."/".$line["id"].".ico";

				if (file_exists($icon_file) && filesize($icon_file) > 0) {
					$feed_icon = "<img class=\"tinyFeedIcon\" src=\"$icon_file\">";
				} else {
					$feed_icon = "<img class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\">";
				}

				print "<li>$feed_icon&nbsp;<a href=\"".$line["site_url"]."\">".$line["title"]."</a></li>";

			}

			if ($this->dbh->num_rows($result) < $num_feeds) {
				// FIXME - add link to show ALL subscribed feeds here somewhere
				print "<li><img
					class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\">&nbsp;...</li>";
			}

			print "</ul>";

			print "<div align='center'>
				<button dojoType=\"dijit.form.Button\" type=\"submit\">".__("Close this window").
				"</button></div>";

			return;
		}

		function edit() {
			global $access_level_names;

			$id = $this->dbh->escape_string($_REQUEST["id"]);
			print "<form id=\"user_edit_form\" onsubmit='return false' dojoType=\"dijit.form.Form\">";

			print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$id\">";
			print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-users\">";
			print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"editSave\">";

			$result = $this->dbh->query("SELECT * FROM ttrss_users WHERE id = '$id'");

			$login = $this->dbh->fetch_result($result, 0, "login");
			$access_level = $this->dbh->fetch_result($result, 0, "access_level");
			$email = $this->dbh->fetch_result($result, 0, "email");

			$sel_disabled = ($id == $_SESSION["uid"]) ? "disabled" : "";

			print "<div class=\"dlgSec\">".__("User")."</div>";
			print "<div class=\"dlgSecCont\">";

			if ($sel_disabled) {
				print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"login\" value=\"$login\">";
			}

			print "<input size=\"30\" style=\"font-size : 16px\"
				dojoType=\"dijit.form.ValidationTextBox\" required=\"1\"
				onkeypress=\"return filterCR(event, userEditSave)\" $sel_disabled
				name=\"login\" value=\"$login\">";

			print "</div>";

			print "<div class=\"dlgSec\">".__("Authentication")."</div>";
			print "<div class=\"dlgSecCont\">";

			print __('Access level: ') . " ";

			if (!$sel_disabled) {
				print_select_hash("access_level", $access_level, $access_level_names,
					"dojoType=\"dijit.form.Select\" $sel_disabled");
			} else {
				print_select_hash("", $access_level, $access_level_names,
					"dojoType=\"dijit.form.Select\" $sel_disabled");
				print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"access_level\" value=\"$access_level\">";
			}

			print "<hr/>";

			print "<input dojoType=\"dijit.form.TextBox\" type=\"password\" size=\"20\" onkeypress=\"return filterCR(event, userEditSave)\" placeholder=\"Change password\"
				name=\"password\">";

			print "</div>";

			print "<div class=\"dlgSec\">".__("Options")."</div>";
			print "<div class=\"dlgSecCont\">";

			print "<input dojoType=\"dijit.form.TextBox\" size=\"30\" name=\"email\" onkeypress=\"return filterCR(event, userEditSave)\" placeholder=\"E-mail\"
				value=\"$email\">";

			print "</div>";

			print "</table>";

			print "</form>";

			print "<div class=\"dlgButtons\">
				<button dojoType=\"dijit.form.Button\" type=\"submit\">".
					__('Save')."</button>
				<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('userEditDlg').hide()\">".
					__('Cancel')."</button></div>";

			return;
		}

		function editSave() {
			$login = $this->dbh->escape_string(trim($_REQUEST["login"]));
			$uid = $this->dbh->escape_string($_REQUEST["id"]);
			$access_level = (int) $_REQUEST["access_level"];
			$email = $this->dbh->escape_string(trim($_REQUEST["email"]));
			$password = $_REQUEST["password"];

			if ($password) {
				$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
				$pwd_hash = encrypt_password($password, $salt, true);
				$pass_query_part = "pwd_hash = '$pwd_hash', salt = '$salt',";
			} else {
				$pass_query_part = "";
			}

			$this->dbh->query("UPDATE ttrss_users SET $pass_query_part login = '$login',
				access_level = '$access_level', email = '$email', otp_enabled = false
				WHERE id = '$uid'");

		}

		function remove() {
			$ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));

			foreach ($ids as $id) {
				if ($id != $_SESSION["uid"] && $id != 1) {
					$this->dbh->query("DELETE FROM ttrss_tags WHERE owner_uid = '$id'");
					$this->dbh->query("DELETE FROM ttrss_feeds WHERE owner_uid = '$id'");
					$this->dbh->query("DELETE FROM ttrss_users WHERE id = '$id'");
				}
			}
		}

		function add() {

			$login = $this->dbh->escape_string(trim($_REQUEST["login"]));
			$tmp_user_pwd = make_password(8);
			$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
			$pwd_hash = encrypt_password($tmp_user_pwd, $salt, true);

			$result = $this->dbh->query("SELECT id FROM ttrss_users WHERE
				login = '$login'");

			if ($this->dbh->num_rows($result) == 0) {

				$this->dbh->query("INSERT INTO ttrss_users
					(login,pwd_hash,access_level,last_login,created, salt)
					VALUES ('$login', '$pwd_hash', 0, null, NOW(), '$salt')");


				$result = $this->dbh->query("SELECT id FROM ttrss_users WHERE
					login = '$login' AND pwd_hash = '$pwd_hash'");

				if ($this->dbh->num_rows($result) == 1) {

					$new_uid = $this->dbh->fetch_result($result, 0, "id");

					print format_notice(T_sprintf("Added user <b>%s</b> with password <b>%s</b>",
						$login, $tmp_user_pwd));

					initialize_user($new_uid);

				} else {

					print format_warning(T_sprintf("Could not create user <b>%s</b>", $login));

				}
			} else {
				print format_warning(T_sprintf("User <b>%s</b> already exists.", $login));
			}
		}

		static function resetUserPassword($uid, $show_password) {

			$result = db_query("SELECT login,email
				FROM ttrss_users WHERE id = '$uid'");

			$login = db_fetch_result($result, 0, "login");
			$email = db_fetch_result($result, 0, "email");
			$salt = db_fetch_result($result, 0, "salt");

			$new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
			$tmp_user_pwd = make_password(8);

			$pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true);

			db_query("UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt', otp_enabled = false
				WHERE id = '$uid'");

			if ($show_password) {
				print T_sprintf("Changed password of user <b>%s</b> to <b>%s</b>", $login, $tmp_user_pwd);
			} else {
				print_notice(T_sprintf("Sending new password of user <b>%s</b> to <b>%s</b>", $login, $email));
			}

			require_once 'classes/ttrssmailer.php';

			if ($email) {
				require_once "lib/MiniTemplator.class.php";

				$tpl = new MiniTemplator;

				$tpl->readTemplateFromFile("templates/resetpass_template.txt");

				$tpl->setVariable('LOGIN', $login);
				$tpl->setVariable('NEWPASS', $tmp_user_pwd);

				$tpl->addBlock('message');

				$message = "";

				$tpl->generateOutputToString($message);

				$mail = new ttrssMailer();

				$rc = $mail->quickMail($email, $login,
					__("[tt-rss] Password change notification"),
					$message, false);

				if (!$rc) print_error($mail->ErrorInfo);
			}
		}

		function resetPass() {
			$uid = $this->dbh->escape_string($_REQUEST["id"]);
			Pref_Users::resetUserPassword($uid, true);
		}

		function index() {

			global $access_level_names;

			print "<div id=\"pref-user-wrap\" dojoType=\"dijit.layout.BorderContainer\" gutters=\"false\">";
			print "<div id=\"pref-user-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";

			print "<div id=\"pref-user-toolbar\" dojoType=\"dijit.Toolbar\">";

			$user_search = $this->dbh->escape_string($_REQUEST["search"]);

			if (array_key_exists("search", $_REQUEST)) {
				$_SESSION["prefs_user_search"] = $user_search;
			} else {
				$user_search = $_SESSION["prefs_user_search"];
			}

			print "<div style='float : right; padding-right : 4px;'>
				<input dojoType=\"dijit.form.TextBox\" id=\"user_search\" size=\"20\" type=\"search\"
					value=\"$user_search\">
				<button dojoType=\"dijit.form.Button\" onclick=\"updateUsersList()\">".
					__('Search')."</button>
				</div>";

			$sort = $this->dbh->escape_string($_REQUEST["sort"]);

			if (!$sort || $sort == "undefined") {
				$sort = "login";
			}

			print "<div dojoType=\"dijit.form.DropDownButton\">".
					"<span>" . __('Select')."</span>";
			print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
			print "<div onclick=\"selectTableRows('prefUserList', 'all')\"
				dojoType=\"dijit.MenuItem\">".__('All')."</div>";
			print "<div onclick=\"selectTableRows('prefUserList', 'none')\"
				dojoType=\"dijit.MenuItem\">".__('None')."</div>";
			print "</div></div>";

			print "<button dojoType=\"dijit.form.Button\" onclick=\"addUser()\">".__('Create user')."</button>";

			print "
				<button dojoType=\"dijit.form.Button\" onclick=\"selectedUserDetails()\">".
				__('Details')."</button dojoType=\"dijit.form.Button\">
				<button dojoType=\"dijit.form.Button\" onclick=\"editSelectedUser()\">".
				__('Edit')."</button dojoType=\"dijit.form.Button\">
				<button dojoType=\"dijit.form.Button\" onclick=\"removeSelectedUsers()\">".
				__('Remove')."</button dojoType=\"dijit.form.Button\">
				<button dojoType=\"dijit.form.Button\" onclick=\"resetSelectedUserPass()\">".
				__('Reset password')."</button dojoType=\"dijit.form.Button\">";

			PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION,
				"hook_prefs_tab_section", "prefUsersToolbar");

			print "</div>"; #toolbar
			print "</div>"; #pane
			print "<div id=\"pref-user-content\" dojoType=\"dijit.layout.ContentPane\" region=\"center\">";

			print "<div id=\"sticky-status-msg\"></div>";

			if ($user_search) {

				$user_search = explode(" ", $user_search);
				$tokens = array();

				foreach ($user_search as $token) {
					$token = trim($token);
					array_push($tokens, "(UPPER(login) LIKE UPPER('%$token%'))");
				}

				$user_search_query = "(" . join($tokens, " AND ") . ") AND ";

			} else {
				$user_search_query = "";
			}

			$result = $this->dbh->query("SELECT
					tu.id,
					login,access_level,email,
					".SUBSTRING_FOR_DATE."(last_login,1,16) as last_login,
					".SUBSTRING_FOR_DATE."(created,1,16) as created,
					(SELECT COUNT(id) FROM ttrss_feeds WHERE owner_uid = tu.id) AS num_feeds
				FROM
					ttrss_users tu
				WHERE
					$user_search_query
					tu.id > 0
				ORDER BY $sort");

			if ($this->dbh->num_rows($result) > 0) {

			print "<p><table width=\"100%\" cellspacing=\"0\"
				class=\"prefUserList\" id=\"prefUserList\">";

			print "<tr class=\"title\">
						<td align='center' width=\"5%\">&nbsp;</td>
						<td width='20%'><a href=\"#\" onclick=\"updateUsersList('login')\">".__('Login')."</a></td>
						<td width='20%'><a href=\"#\" onclick=\"updateUsersList('access_level')\">".__('Access Level')."</a></td>
						<td width='10%'><a href=\"#\" onclick=\"updateUsersList('num_feeds')\">".__('Subscribed feeds')."</a></td>
						<td width='20%'><a href=\"#\" onclick=\"updateUsersList('created')\">".__('Registered')."</a></td>
						<td width='20%'><a href=\"#\" onclick=\"updateUsersList('last_login')\">".__('Last login')."</a></td></tr>";

			$lnum = 0;

			while ($line = $this->dbh->fetch_assoc($result)) {

				$uid = $line["id"];

				print "<tr id=\"UMRR-$uid\">";

				$line["login"] = htmlspecialchars($line["login"]);

				$line["created"] = make_local_datetime($line["created"], false);
				$line["last_login"] = make_local_datetime($line["last_login"], false);

				print "<td align='center'><input onclick='toggleSelectRow2(this);'
					dojoType=\"dijit.form.CheckBox\" type=\"checkbox\"
					id=\"UMCHK-$uid\"></td>";

				$onclick = "onclick='editUser($uid, event)' title='".__('Click to edit')."'";

				print "<td $onclick><img src='images/user.png' class='markedPic' alt=''> " . $line["login"] . "</td>";

				if (!$line["email"]) $line["email"] = "&nbsp;";

				print "<td $onclick>" .	$access_level_names[$line["access_level"]] . "</td>";
				print "<td $onclick>" . $line["num_feeds"] . "</td>";
				print "<td $onclick>" . $line["created"] . "</td>";
				print "<td $onclick>" . $line["last_login"] . "</td>";

				print "</tr>";

				++$lnum;
			}

			print "</table>";

			} else {
				print "<p>";
				if (!$user_search) {
					print_warning(__('No users defined.'));
				} else {
					print_warning(__('No matching users found.'));
				}
				print "</p>";

			}

			print "</div>"; #pane

			PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB,
				"hook_prefs_tab", "prefUsers");

			print "</div>"; #container

		}

	}
?>
Commit	Line	Data
66665fba	1	<?php
369dbc19	2	class Pref_Users extends Handler_Protected {
17f9d200 JK	3	function before($method) {
17f9d200 JK	4	if (parent::before($method)) {
66665fba AD	5	if ($_SESSION["access_level"] < 10) {
	6	print __("Your access level is insufficient to open this tab.");
	7	return false;
	8	}
	9	return true;
	10	}
	11	return false;
	12	}
	13
8484ce22	14	function csrf_ignore($method) {
d9afd9b2	15	$csrf_ignored = array("index", "edit", "userdetails");
8484ce22 AD	16
	17	return array_search($method, $csrf_ignored) !== false;
	18	}
	19
66665fba AD	20	function userdetails() {
66665fba AD	21
66665fba AD	22	$uid = sprintf("%d", $_REQUEST["id"]);
66665fba AD	23
d9c85e0f	24	$result = $this->dbh->query("SELECT login,
66665fba AD	25	".SUBSTRING_FOR_DATE."(last_login,1,16) AS last_login,
	26	access_level,
	27	(SELECT COUNT(int_id) FROM ttrss_user_entries
	28	WHERE owner_uid = id) AS stored_articles,
	29	".SUBSTRING_FOR_DATE."(created,1,16) AS created
	30	FROM ttrss_users
	31	WHERE id = '$uid'");
	32
d9c85e0f	33	if ($this->dbh->num_rows($result) == 0) {
66665fba AD	34	print "<h1>".__('User not found')."</h1>";
	35	return;
	36	}
	37
66665fba AD	38	print "<table width='100%'>";
66665fba AD	39
6322ac79	40	$last_login = make_local_datetime(
d9c85e0f	41	$this->dbh->fetch_result($result, 0, "last_login"), true);
66665fba	42
6322ac79	43	$created = make_local_datetime(
d9c85e0f	44	$this->dbh->fetch_result($result, 0, "created"), true);
66665fba	45
d9c85e0f	46	$stored_articles = $this->dbh->fetch_result($result, 0, "stored_articles");
66665fba AD	47
	48	print "<tr><td>".__('Registered')."</td><td>$created</td></tr>";
	49	print "<tr><td>".__('Last logged in')."</td><td>$last_login</td></tr>";
	50
d9c85e0f	51	$result = $this->dbh->query("SELECT COUNT(id) as num_feeds FROM ttrss_feeds
66665fba AD	52	WHERE owner_uid = '$uid'");
66665fba AD	53
d9c85e0f	54	$num_feeds = $this->dbh->fetch_result($result, 0, "num_feeds");
66665fba AD	55
66665fba AD	56	print "<tr><td>".__('Subscribed feeds count')."</td><td>$num_feeds</td></tr>";
f232aa5a	57	print "<tr><td>".__('Stored articles')."</td><td>$stored_articles</td></tr>";
66665fba AD	58
	59	print "</table>";
	60
	61	print "<h1>".__('Subscribed feeds')."</h1>";
	62
d9c85e0f	63	$result = $this->dbh->query("SELECT id,title,site_url FROM ttrss_feeds
66665fba AD	64	WHERE owner_uid = '$uid' ORDER BY title");
	65
	66	print "<ul class=\"userFeedList\">";
	67
d9c85e0f	68	while ($line = $this->dbh->fetch_assoc($result)) {
66665fba AD	69
	70	$icon_file = ICONS_URL."/".$line["id"].".ico";
	71
	72	if (file_exists($icon_file) && filesize($icon_file) > 0) {
	73	$feed_icon = "<img class=\"tinyFeedIcon\" src=\"$icon_file\">";
	74	} else {
	75	$feed_icon = "<img class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\">";
	76	}
	77
8d090a91	78	print "<li>$feed_icon <a href=\"".$line["site_url"]."\">".$line["title"]."</a></li>";
66665fba AD	79
	80	}
	81
d9c85e0f	82	if ($this->dbh->num_rows($result) < $num_feeds) {
66665fba AD	83	// FIXME - add link to show ALL subscribed feeds here somewhere
	84	print "<li><img
	85	class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\"> ...</li>";
	86	}
	87
	88	print "</ul>";
	89
	90	print "<div align='center'>
d9afd9b2	91	<button dojoType=\"dijit.form.Button\" type=\"submit\">".__("Close this window").
66665fba AD	92	"</button></div>";
66665fba AD	93
66665fba AD	94	return;
	95	}
	96
	97	function edit() {
	98	global $access_level_names;
	99
d9c85e0f	100	$id = $this->dbh->escape_string($_REQUEST["id"]);
222a61c2	101	print "<form id=\"user_edit_form\" onsubmit='return false' dojoType=\"dijit.form.Form\">";
66665fba	102
222a61c2 AD	103	print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$id\">";
	104	print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-users\">";
	105	print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"editSave\">";
66665fba	106
d9c85e0f	107	$result = $this->dbh->query("SELECT * FROM ttrss_users WHERE id = '$id'");
66665fba	108
d9c85e0f AD	109	$login = $this->dbh->fetch_result($result, 0, "login");
	110	$access_level = $this->dbh->fetch_result($result, 0, "access_level");
	111	$email = $this->dbh->fetch_result($result, 0, "email");
66665fba AD	112
	113	$sel_disabled = ($id == $_SESSION["uid"]) ? "disabled" : "";
	114
	115	print "<div class=\"dlgSec\">".__("User")."</div>";
	116	print "<div class=\"dlgSecCont\">";
	117
	118	if ($sel_disabled) {
222a61c2	119	print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"login\" value=\"$login\">";
66665fba AD	120	}
66665fba AD	121
222a61c2 AD	122	print "<input size=\"30\" style=\"font-size : 16px\"
	123	dojoType=\"dijit.form.ValidationTextBox\" required=\"1\"
	124	onkeypress=\"return filterCR(event, userEditSave)\" $sel_disabled
	125	name=\"login\" value=\"$login\">";
	126
66665fba AD	127	print "</div>";
	128
	129	print "<div class=\"dlgSec\">".__("Authentication")."</div>";
	130	print "<div class=\"dlgSecCont\">";
	131
	132	print __('Access level: ') . " ";
	133
	134	if (!$sel_disabled) {
	135	print_select_hash("access_level", $access_level, $access_level_names,
222a61c2	136	"dojoType=\"dijit.form.Select\" $sel_disabled");
66665fba AD	137	} else {
66665fba AD	138	print_select_hash("", $access_level, $access_level_names,
222a61c2 AD	139	"dojoType=\"dijit.form.Select\" $sel_disabled");
222a61c2 AD	140	print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"access_level\" value=\"$access_level\">";
66665fba AD	141	}
66665fba AD	142
222a61c2	143	print "<hr/>";
66665fba	144
da8d534a	145	print "<input dojoType=\"dijit.form.TextBox\" type=\"password\" size=\"20\" onkeypress=\"return filterCR(event, userEditSave)\" placeholder=\"Change password\"
66665fba AD	146	name=\"password\">";
	147
	148	print "</div>";
	149
	150	print "<div class=\"dlgSec\">".__("Options")."</div>";
	151	print "<div class=\"dlgSecCont\">";
	152
da8d534a	153	print "<input dojoType=\"dijit.form.TextBox\" size=\"30\" name=\"email\" onkeypress=\"return filterCR(event, userEditSave)\" placeholder=\"E-mail\"
66665fba AD	154	value=\"$email\">";
	155
	156	print "</div>";
	157
	158	print "</table>";
	159
	160	print "</form>";
	161
	162	print "<div class=\"dlgButtons\">
222a61c2	163	<button dojoType=\"dijit.form.Button\" type=\"submit\">".
66665fba	164	__('Save')."</button>
222a61c2	165	<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('userEditDlg').hide()\">".
66665fba AD	166	__('Cancel')."</button></div>";
66665fba AD	167
66665fba AD	168	return;
	169	}
	170
	171	function editSave() {
d9c85e0f AD	172	$login = $this->dbh->escape_string(trim($_REQUEST["login"]));
d9c85e0f AD	173	$uid = $this->dbh->escape_string($_REQUEST["id"]);
66665fba	174	$access_level = (int) $_REQUEST["access_level"];
d9c85e0f	175	$email = $this->dbh->escape_string(trim($_REQUEST["email"]));
c72069b0	176	$password = $_REQUEST["password"];
66665fba AD	177
66665fba AD	178	if ($password) {
8db5d8ea	179	$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
098df83b AD	180	$pwd_hash = encrypt_password($password, $salt, true);
098df83b AD	181	$pass_query_part = "pwd_hash = '$pwd_hash', salt = '$salt',";
66665fba AD	182	} else {
	183	$pass_query_part = "";
	184	}
	185
d9c85e0f	186	$this->dbh->query("UPDATE ttrss_users SET $pass_query_part login = '$login',
e9f42579	187	access_level = '$access_level', email = '$email', otp_enabled = false
b8386ad3	188	WHERE id = '$uid'");
66665fba AD	189
	190	}
	191
	192	function remove() {
d9c85e0f	193	$ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
66665fba AD	194
	195	foreach ($ids as $id) {
	196	if ($id != $_SESSION["uid"] && $id != 1) {
d9c85e0f AD	197	$this->dbh->query("DELETE FROM ttrss_tags WHERE owner_uid = '$id'");
	198	$this->dbh->query("DELETE FROM ttrss_feeds WHERE owner_uid = '$id'");
	199	$this->dbh->query("DELETE FROM ttrss_users WHERE id = '$id'");
66665fba AD	200	}
	201	}
	202	}
	203
	204	function add() {
	205
d9c85e0f	206	$login = $this->dbh->escape_string(trim($_REQUEST["login"]));
66665fba	207	$tmp_user_pwd = make_password(8);
8db5d8ea	208	$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
098df83b	209	$pwd_hash = encrypt_password($tmp_user_pwd, $salt, true);
66665fba	210
d9c85e0f	211	$result = $this->dbh->query("SELECT id FROM ttrss_users WHERE
66665fba AD	212	login = '$login'");
66665fba AD	213
d9c85e0f	214	if ($this->dbh->num_rows($result) == 0) {
66665fba	215
d9c85e0f	216	$this->dbh->query("INSERT INTO ttrss_users
098df83b AD	217	(login,pwd_hash,access_level,last_login,created, salt)
098df83b AD	218	VALUES ('$login', '$pwd_hash', 0, null, NOW(), '$salt')");
66665fba AD	219
66665fba AD	220
d9c85e0f	221	$result = $this->dbh->query("SELECT id FROM ttrss_users WHERE
66665fba AD	222	login = '$login' AND pwd_hash = '$pwd_hash'");
66665fba AD	223
d9c85e0f	224	if ($this->dbh->num_rows($result) == 1) {
66665fba	225
d9c85e0f	226	$new_uid = $this->dbh->fetch_result($result, 0, "id");
66665fba AD	227
	228	print format_notice(T_sprintf("Added user <b>%s</b> with password <b>%s</b>",
	229	$login, $tmp_user_pwd));
	230
a42c55f0	231	initialize_user($new_uid);
66665fba AD	232
	233	} else {
	234
	235	print format_warning(T_sprintf("Could not create user <b>%s</b>", $login));
	236
	237	}
	238	} else {
	239	print format_warning(T_sprintf("User <b>%s</b> already exists.", $login));
	240	}
	241	}
	242
233b74ad	243	static function resetUserPassword($uid, $show_password) {
66665fba	244
233b74ad	245	$result = db_query("SELECT login,email
66665fba AD	246	FROM ttrss_users WHERE id = '$uid'");
	247
	248	$login = db_fetch_result($result, 0, "login");
	249	$email = db_fetch_result($result, 0, "email");
098df83b AD	250	$salt = db_fetch_result($result, 0, "salt");
098df83b AD	251
8db5d8ea	252	$new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
66665fba	253	$tmp_user_pwd = make_password(8);
66665fba	254
098df83b AD	255	$pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true);
098df83b AD	256
b41c5741	257	db_query("UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt', otp_enabled = false
66665fba AD	258	WHERE id = '$uid'");
66665fba AD	259
f43e9e97	260	if ($show_password) {
18446943	261	print T_sprintf("Changed password of user <b>%s</b> to <b>%s</b>", $login, $tmp_user_pwd);
f43e9e97	262	} else {
483f15d5	263	print_notice(T_sprintf("Sending new password of user <b>%s</b> to <b>%s</b>", $login, $email));
f43e9e97	264	}
66665fba	265
68fb3c95	266	require_once 'classes/ttrssmailer.php';
66665fba AD	267
66665fba AD	268	if ($email) {
66665fba AD	269	require_once "lib/MiniTemplator.class.php";
	270
	271	$tpl = new MiniTemplator;
	272
	273	$tpl->readTemplateFromFile("templates/resetpass_template.txt");
	274
	275	$tpl->setVariable('LOGIN', $login);
	276	$tpl->setVariable('NEWPASS', $tmp_user_pwd);
	277
	278	$tpl->addBlock('message');
	279
	280	$message = "";
	281
	282	$tpl->generateOutputToString($message);
	283
68fb3c95	284	$mail = new ttrssMailer();
66665fba	285
68fb3c95 AD	286	$rc = $mail->quickMail($email, $login,
	287	__("[tt-rss] Password change notification"),
	288	$message, false);
66665fba AD	289
	290	if (!$rc) print_error($mail->ErrorInfo);
	291	}
f43e9e97	292	}
66665fba	293
f43e9e97	294	function resetPass() {
d9c85e0f	295	$uid = $this->dbh->escape_string($_REQUEST["id"]);
a42c55f0	296	Pref_Users::resetUserPassword($uid, true);
66665fba AD	297	}
	298
	299	function index() {
	300
	301	global $access_level_names;
	302
	303	print "<div id=\"pref-user-wrap\" dojoType=\"dijit.layout.BorderContainer\" gutters=\"false\">";
	304	print "<div id=\"pref-user-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";
	305
	306	print "<div id=\"pref-user-toolbar\" dojoType=\"dijit.Toolbar\">";
	307
d9c85e0f	308	$user_search = $this->dbh->escape_string($_REQUEST["search"]);
66665fba AD	309
	310	if (array_key_exists("search", $_REQUEST)) {
	311	$_SESSION["prefs_user_search"] = $user_search;
	312	} else {
	313	$user_search = $_SESSION["prefs_user_search"];
	314	}
	315
	316	print "<div style='float : right; padding-right : 4px;'>
	317	<input dojoType=\"dijit.form.TextBox\" id=\"user_search\" size=\"20\" type=\"search\"
	318	value=\"$user_search\">
808ef3d4	319	<button dojoType=\"dijit.form.Button\" onclick=\"updateUsersList()\">".
66665fba AD	320	__('Search')."</button>
	321	</div>";
	322
d9c85e0f	323	$sort = $this->dbh->escape_string($_REQUEST["sort"]);
66665fba AD	324
	325	if (!$sort \|\| $sort == "undefined") {
	326	$sort = "login";
	327	}
	328
	329	print "<div dojoType=\"dijit.form.DropDownButton\">".
	330	"<span>" . __('Select')."</span>";
	331	print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
	332	print "<div onclick=\"selectTableRows('prefUserList', 'all')\"
	333	dojoType=\"dijit.MenuItem\">".__('All')."</div>";
	334	print "<div onclick=\"selectTableRows('prefUserList', 'none')\"
	335	dojoType=\"dijit.MenuItem\">".__('None')."</div>";
	336	print "</div></div>";
	337
808ef3d4	338	print "<button dojoType=\"dijit.form.Button\" onclick=\"addUser()\">".__('Create user')."</button>";
66665fba AD	339
66665fba AD	340	print "
808ef3d4	341	<button dojoType=\"dijit.form.Button\" onclick=\"selectedUserDetails()\">".
66665fba	342	__('Details')."</button dojoType=\"dijit.form.Button\">
808ef3d4	343	<button dojoType=\"dijit.form.Button\" onclick=\"editSelectedUser()\">".
66665fba	344	__('Edit')."</button dojoType=\"dijit.form.Button\">
808ef3d4	345	<button dojoType=\"dijit.form.Button\" onclick=\"removeSelectedUsers()\">".
66665fba	346	__('Remove')."</button dojoType=\"dijit.form.Button\">
808ef3d4	347	<button dojoType=\"dijit.form.Button\" onclick=\"resetSelectedUserPass()\">".
66665fba AD	348	__('Reset password')."</button dojoType=\"dijit.form.Button\">";
66665fba AD	349
610fe115 AD	350	PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION,
	351	"hook_prefs_tab_section", "prefUsersToolbar");
	352
66665fba AD	353	print "</div>"; #toolbar
	354	print "</div>"; #pane
	355	print "<div id=\"pref-user-content\" dojoType=\"dijit.layout.ContentPane\" region=\"center\">";
	356
	357	print "<div id=\"sticky-status-msg\"></div>";
	358
	359	if ($user_search) {
	360
a5680acb	361	$user_search = explode(" ", $user_search);
66665fba AD	362	$tokens = array();
	363
	364	foreach ($user_search as $token) {
	365	$token = trim($token);
	366	array_push($tokens, "(UPPER(login) LIKE UPPER('%$token%'))");
	367	}
	368
	369	$user_search_query = "(" . join($tokens, " AND ") . ") AND ";
	370
	371	} else {
	372	$user_search_query = "";
	373	}
	374
d9c85e0f	375	$result = $this->dbh->query("SELECT
1edff0d4 AD	376	tu.id,
1edff0d4 AD	377	login,access_level,email,
66665fba	378	".SUBSTRING_FOR_DATE."(last_login,1,16) as last_login,
1edff0d4	379	".SUBSTRING_FOR_DATE."(created,1,16) as created,
f232aa5a	380	(SELECT COUNT(id) FROM ttrss_feeds WHERE owner_uid = tu.id) AS num_feeds
66665fba	381	FROM
1edff0d4	382	ttrss_users tu
66665fba AD	383	WHERE
66665fba AD	384	$user_search_query
1edff0d4	385	tu.id > 0
66665fba AD	386	ORDER BY $sort");
66665fba AD	387
d9c85e0f	388	if ($this->dbh->num_rows($result) > 0) {
66665fba AD	389
	390	print "<p><table width=\"100%\" cellspacing=\"0\"
	391	class=\"prefUserList\" id=\"prefUserList\">";
	392
	393	print "<tr class=\"title\">
	394	<td align='center' width=\"5%\"> </td>
1edff0d4 AD	395	<td width='20%'><a href=\"#\" onclick=\"updateUsersList('login')\">".__('Login')."</a></td>
	396	<td width='20%'><a href=\"#\" onclick=\"updateUsersList('access_level')\">".__('Access Level')."</a></td>
	397	<td width='10%'><a href=\"#\" onclick=\"updateUsersList('num_feeds')\">".__('Subscribed feeds')."</a></td>
66665fba AD	398	<td width='20%'><a href=\"#\" onclick=\"updateUsersList('created')\">".__('Registered')."</a></td>
	399	<td width='20%'><a href=\"#\" onclick=\"updateUsersList('last_login')\">".__('Last login')."</a></td></tr>";
	400
	401	$lnum = 0;
	402
d9c85e0f	403	while ($line = $this->dbh->fetch_assoc($result)) {
66665fba	404
66665fba AD	405	$uid = $line["id"];
66665fba AD	406
84391d69	407	print "<tr id=\"UMRR-$uid\">";
66665fba AD	408
	409	$line["login"] = htmlspecialchars($line["login"]);
	410
a42c55f0 AD	411	$line["created"] = make_local_datetime($line["created"], false);
a42c55f0 AD	412	$line["last_login"] = make_local_datetime($line["last_login"], false);
66665fba	413
84391d69 AD	414	print "<td align='center'><input onclick='toggleSelectRow2(this);'
	415	dojoType=\"dijit.form.CheckBox\" type=\"checkbox\"
	416	id=\"UMCHK-$uid\"></td>";
66665fba AD	417
	418	$onclick = "onclick='editUser($uid, event)' title='".__('Click to edit')."'";
	419
2f20dd58	420	print "<td $onclick><img src='images/user.png' class='markedPic' alt=''> " . $line["login"] . "</td>";
66665fba AD	421
	422	if (!$line["email"]) $line["email"] = " ";
	423
	424	print "<td $onclick>" . $access_level_names[$line["access_level"]] . "</td>";
1edff0d4	425	print "<td $onclick>" . $line["num_feeds"] . "</td>";
66665fba AD	426	print "<td $onclick>" . $line["created"] . "</td>";
	427	print "<td $onclick>" . $line["last_login"] . "</td>";
	428
	429	print "</tr>";
	430
	431	++$lnum;
	432	}
	433
	434	print "</table>";
	435
	436	} else {
	437	print "<p>";
	438	if (!$user_search) {
	439	print_warning(__('No users defined.'));
	440	} else {
	441	print_warning(__('No matching users found.'));
	442	}
	443	print "</p>";
	444
	445	}
	446
	447	print "</div>"; #pane
6065f3ad	448
1ffe3391	449	PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB,
6065f3ad AD	450	"hook_prefs_tab", "prefUsers");
6065f3ad AD	451
66665fba AD	452	print "</div>"; #container
	453
	454	}
	455
	456	}
	457	?>