[tt-rss.git] / modules / pref-prefs.php

<?php
	function module_pref_prefs($link) {
		$subop = $_REQUEST["subop"];

		if ($subop == "Save configuration") {

			if (WEB_DEMO_MODE) {
				header("Location: prefs.php");
				return;
			}

			$_SESSION["prefs_op_result"] = "save-config";

			$_SESSION["prefs_cache"] = false;

			foreach (array_keys($_POST) as $pref_name) {
			
				$pref_name = db_escape_string($pref_name);
				$value = db_escape_string($_POST[$pref_name]);

				$result = db_query($link, "SELECT type_name 
					FROM ttrss_prefs,ttrss_prefs_types 
					WHERE pref_name = '$pref_name' AND type_id = ttrss_prefs_types.id");

				if (db_num_rows($result) > 0) {

					$type_name = db_fetch_result($result, 0, "type_name");

//					print "$pref_name : $type_name : $value<br>";

					if ($type_name == "bool") {
						if ($value == "1") {
							$value = "true";
						} else {
							$value = "false";
						}
					} else if ($type_name == "integer") {
						$value = sprintf("%d", $value);
					}

//					print "$pref_name : $type_name : $value<br>";

					db_query($link, "UPDATE ttrss_user_prefs SET value = '$value' 
						WHERE pref_name = '$pref_name' AND owner_uid = ".$_SESSION["uid"]);

				}

				header("Location: prefs.php");

			}

		} else if ($subop == "getHelp") {

			$pref_name = db_escape_string($_GET["pn"]);

			$result = db_query($link, "SELECT help_text FROM ttrss_prefs
				WHERE pref_name = '$pref_name'");

			if (db_num_rows($result) > 0) {
				$help_text = db_fetch_result($result, 0, "help_text");
				print $help_text;
			} else {
				print "Unknown option: $pref_name";
			}

		} else if ($subop == "Change e-mail") {

			if (WEB_DEMO_MODE) {
				header("Location: prefs.php");
				return;
			}

			$email = db_escape_string($_GET["email"]);
			$active_uid = $_SESSION["uid"];

			if ($email) {
				db_query($link, "UPDATE ttrss_users SET email = '$email' 
						WHERE id = '$active_uid'");				
			}

			header("Location: prefs.php");

		} else if ($subop == "Change password") {

			if (WEB_DEMO_MODE) {
				header("Location: prefs.php");
				return;
			}

			$old_pw = $_POST["OLD_PASSWORD"];
			$new_pw = $_POST["OLD_PASSWORD"];

			$old_pw_hash = 'SHA1:' . sha1($_POST["OLD_PASSWORD"]);
			$new_pw_hash = 'SHA1:' . sha1($_POST["NEW_PASSWORD"]);

			$active_uid = $_SESSION["uid"];

			if ($old_pw && $new_pw) {

				$login = db_escape_string($_SERVER['PHP_AUTH_USER']);

				$result = db_query($link, "SELECT id FROM ttrss_users WHERE 
					id = '$active_uid' AND (pwd_hash = '$old_pw' OR 
						pwd_hash = '$old_pw_hash')");

				if (db_num_rows($result) == 1) {
					db_query($link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash' 
						WHERE id = '$active_uid'");				

					$_SESSION["pwd_change_result"] = "ok";
				} else {
					$_SESSION["pwd_change_result"] = "failed";					
				}
			}

			header("Location: prefs.php");

		} else if ($subop == "Reset to defaults") {

			if (WEB_DEMO_MODE) {
				header("Location: prefs.php");
				return;
			}

			$_SESSION["prefs_op_result"] = "reset-to-defaults";

			if (DB_TYPE == "pgsql") {
				db_query($link,"UPDATE ttrss_user_prefs 
					SET value = ttrss_prefs.def_value 
					WHERE owner_uid = '".$_SESSION["uid"]."' AND
					ttrss_prefs.pref_name = ttrss_user_prefs.pref_name");
			} else {
				db_query($link, "DELETE FROM ttrss_user_prefs 
					WHERE owner_uid = ".$_SESSION["uid"]);
				initialize_user_prefs($link, $_SESSION["uid"]);
			}

			header("Location: prefs.php");

		} else if ($subop == "Change theme") {

			$theme = db_escape_string($_POST["theme"]);

			if ($theme == "Default") {
				$theme_qpart = 'NULL';
			} else {
				$theme_qpart = "'$theme'";
			}

			$result = db_query($link, "SELECT id,theme_path FROM ttrss_themes
				WHERE theme_name = '$theme'");

			if (db_num_rows($result) == 1) {
				$theme_id = db_fetch_result($result, 0, "id");
				$theme_path = db_fetch_result($result, 0, "theme_path");
			} else {
				$theme_id = "NULL";
				$theme_path = "";
			}

			db_query($link, "UPDATE ttrss_users SET
				theme_id = $theme_id WHERE id = " . $_SESSION["uid"]);

			$_SESSION["theme"] = $theme_path;

			header("Location: prefs.php");

		} else {

			print check_for_update($link);

			if (!SINGLE_USER_MODE) {

				$result = db_query($link, "SELECT id,email FROM ttrss_users
					WHERE id = ".$_SESSION["uid"]." AND (pwd_hash = 'password' OR
						pwd_hash = 'SHA1:".sha1("password")."')");

				if (db_num_rows($result) != 0) {
					print "<div class=\"warning\"> 
						Your password is at default value, please change it.
					</div>";
				}

				if ($_SESSION["pwd_change_result"] == "failed") {
					print "<div class=\"warning\"> 
							There was an error while changing your password.
						</div>";
				}

				if ($_SESSION["pwd_change_result"] == "ok") {
					print "<div class=\"notice\"> 
							Password changed successfully.
						</div>";
				}

				$_SESSION["pwd_change_result"] = "";

				if ($_SESSION["prefs_op_result"] == "reset-to-defaults") {
					print "<div class=\"notice\"> 
							Your configuration was reset to defaults.
						</div>";
				}

				if ($_SESSION["prefs_op_result"] == "save-config") {
					print "<div class=\"notice\"> 
							Your configuration was saved successfully.
						</div>";
				}

				$_SESSION["prefs_op_result"] = "";

				print "<form action=\"backend.php\" method=\"GET\">";
	
				print "<table width=\"100%\" class=\"prefPrefsList\">";
	 			print "<tr><td colspan='3'><h3>Personal data</h3></tr></td>";

				$result = db_query($link, "SELECT email FROM ttrss_users
					WHERE id = ".$_SESSION["uid"]);
					
				$email = db_fetch_result($result, 0, "email");
	
				print "<tr><td width=\"40%\">E-mail</td>";
				print "<td><input class=\"editbox\" name=\"email\" 
					value=\"$email\"></td></tr>";
	
				print "</table>";
	
				print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">";
	
				print "<p><input class=\"button\" type=\"submit\" 
					value=\"Change e-mail\" name=\"subop\">";

				print "</form>";

				print "<form action=\"backend.php\" method=\"POST\" name=\"changePassForm\">";
	
				print "<table width=\"100%\" class=\"prefPrefsList\">";
	 			print "<tr><td colspan='3'><h3>Authentication</h3></tr></td>";
	
				print "<tr><td width=\"40%\">Old password</td>";
				print "<td><input class=\"editbox\" type=\"password\"
					name=\"OLD_PASSWORD\"></td></tr>";
	
				print "<tr><td width=\"40%\">New password</td>";
				
				print "<td><input class=\"editbox\" type=\"password\"
					name=\"NEW_PASSWORD\"></td></tr>";
	
				print "</table>";
	
				print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">";
	
				print "<p><input class=\"button\" type=\"submit\" 
					onclick=\"return validateNewPassword(this.form)\"
					value=\"Change password\" name=\"subop\">";
	
				print "</form>";

			}

			$result = db_query($link, "SELECT
				theme_id FROM ttrss_users WHERE id = " . $_SESSION["uid"]);

			$user_theme_id = db_fetch_result($result, 0, "theme_id");

			$result = db_query($link, "SELECT
				id,theme_name FROM ttrss_themes ORDER BY theme_name");

			if (db_num_rows($result) > 0) {

				print "<form action=\"backend.php\" method=\"POST\">";
				print "<table width=\"100%\" class=\"prefPrefsList\">";
	 			print "<tr><td colspan='3'><h3>Themes</h3></tr></td>";
				print "<tr><td width=\"40%\">Select theme</td>";
				print "<td><select name=\"theme\">";
				print "<option>Default</option>";
				print "<option disabled>--------</option>";				
				
				while ($line = db_fetch_assoc($result)) {	
					if ($line["id"] == $user_theme_id) {
						$selected = "selected";
					} else {
						$selected = "";
					}
					print "<option $selected>" . $line["theme_name"] . "</option>";
				}
				print "</select></td></tr>";
				print "</table>";
				print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">";
				print "<p><input class=\"button\" type=\"submit\" 
					value=\"Change theme\" name=\"subop\">";
				print "</form>";
			}

			initialize_user_prefs($link, $_SESSION["uid"]);

			$result = db_query($link, "SELECT 
				ttrss_user_prefs.pref_name,short_desc,help_text,value,type_name,
				section_name,def_value
				FROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs
				WHERE type_id = ttrss_prefs_types.id AND 
					section_id = ttrss_prefs_sections.id AND
					ttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND
					owner_uid = ".$_SESSION["uid"]."
				ORDER BY section_id,short_desc");

			print "<form action=\"backend.php\" method=\"POST\">";

			$lnum = 0;

			$active_section = "";
	
			while ($line = db_fetch_assoc($result)) {

				if ($active_section != $line["section_name"]) {

					if ($active_section != "") {
						print "</table>";
					}

					print "<p><table width=\"100%\" class=\"prefPrefsList\">";
				
					$active_section = $line["section_name"];				
					
					print "<tr><td colspan=\"3\"><h3>$active_section</h3></td></tr>";
//					print "<tr class=\"title\">
//						<td width=\"25%\">Option</td><td>Value</td></tr>";

					$lnum = 0;
				}

//				$class = ($lnum % 2) ? "even" : "odd";

				print "<tr>";

				$type_name = $line["type_name"];
				$pref_name = $line["pref_name"];
				$value = $line["value"];
				$def_value = $line["def_value"];
				$help_text = $line["help_text"];

				print "<td width=\"40%\" id=\"$pref_name\">" . $line["short_desc"];

				if ($help_text) print "<div class=\"prefHelp\">$help_text</div>";
				
				print "</td>";

				print "<td>";

				if ($type_name == "bool") {
//					print_select($pref_name, $value, array("true", "false"));

					if ($value == "true") {
						$value = "Yes";
					} else {
						$value = "No";
					}

					print_radio($pref_name, $value, array("Yes", "No"));
			
				} else {
					print "<input class=\"editbox\" name=\"$pref_name\" value=\"$value\">";
				}

				print "</td>";

				print "</tr>";

				$lnum++;
			}

			print "</table>";

			print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">";

			print "<p><input class=\"button\" type=\"submit\" 
				name=\"subop\" value=\"Save configuration\">";
				
			print "&nbsp;<input class=\"button\" type=\"submit\" 
				name=\"subop\" onclick=\"return validatePrefsReset()\" 
				value=\"Reset to defaults\"></p>";

			print "</form>";

		}
	}
?>
Commit	Line	Data
ef8be8ea AD	1	<?php
	2	function module_pref_prefs($link) {
	3	$subop = $_REQUEST["subop"];
	4
	5	if ($subop == "Save configuration") {
	6
	7	if (WEB_DEMO_MODE) {
	8	header("Location: prefs.php");
	9	return;
	10	}
	11
	12	$_SESSION["prefs_op_result"] = "save-config";
	13
	14	$_SESSION["prefs_cache"] = false;
	15
	16	foreach (array_keys($_POST) as $pref_name) {
	17
	18	$pref_name = db_escape_string($pref_name);
	19	$value = db_escape_string($_POST[$pref_name]);
	20
	21	$result = db_query($link, "SELECT type_name
	22	FROM ttrss_prefs,ttrss_prefs_types
	23	WHERE pref_name = '$pref_name' AND type_id = ttrss_prefs_types.id");
	24
	25	if (db_num_rows($result) > 0) {
	26
	27	$type_name = db_fetch_result($result, 0, "type_name");
	28
	29	// print "$pref_name : $type_name : $value<br>";
	30
	31	if ($type_name == "bool") {
	32	if ($value == "1") {
	33	$value = "true";
	34	} else {
	35	$value = "false";
	36	}
	37	} else if ($type_name == "integer") {
	38	$value = sprintf("%d", $value);
	39	}
	40
	41	// print "$pref_name : $type_name : $value<br>";
	42
	43	db_query($link, "UPDATE ttrss_user_prefs SET value = '$value'
	44	WHERE pref_name = '$pref_name' AND owner_uid = ".$_SESSION["uid"]);
	45
	46	}
	47
	48	header("Location: prefs.php");
	49
	50	}
	51
	52	} else if ($subop == "getHelp") {
	53
	54	$pref_name = db_escape_string($_GET["pn"]);
	55
	56	$result = db_query($link, "SELECT help_text FROM ttrss_prefs
	57	WHERE pref_name = '$pref_name'");
	58
	59	if (db_num_rows($result) > 0) {
	60	$help_text = db_fetch_result($result, 0, "help_text");
	61	print $help_text;
	62	} else {
	63	print "Unknown option: $pref_name";
	64	}
65
66	} else if ($subop == "Change e-mail") {
67
68	if (WEB_DEMO_MODE) {
69	header("Location: prefs.php");
70	return;
71	}
72
73	$email = db_escape_string($_GET["email"]);
74	$active_uid = $_SESSION["uid"];
75
76	if ($email) {
77	db_query($link, "UPDATE ttrss_users SET email = '$email'
78	WHERE id = '$active_uid'");
79	}
80
81	header("Location: prefs.php");
82
83	} else if ($subop == "Change password") {
84
85	if (WEB_DEMO_MODE) {
86	header("Location: prefs.php");
87	return;
88	}
89
90	$old_pw = $_POST["OLD_PASSWORD"];
91	$new_pw = $_POST["OLD_PASSWORD"];
92
93	$old_pw_hash = 'SHA1:' . sha1($_POST["OLD_PASSWORD"]);
94	$new_pw_hash = 'SHA1:' . sha1($_POST["NEW_PASSWORD"]);
95
96	$active_uid = $_SESSION["uid"];
97
98	if ($old_pw && $new_pw) {
99
100	$login = db_escape_string($_SERVER['PHP_AUTH_USER']);
101
102	$result = db_query($link, "SELECT id FROM ttrss_users WHERE
103	id = '$active_uid' AND (pwd_hash = '$old_pw' OR
104	pwd_hash = '$old_pw_hash')");
105
106	if (db_num_rows($result) == 1) {
107	db_query($link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash'
108	WHERE id = '$active_uid'");
109
110	$_SESSION["pwd_change_result"] = "ok";
111	} else {
112	$_SESSION["pwd_change_result"] = "failed";
113	}
114	}
115
116	header("Location: prefs.php");
117
118	} else if ($subop == "Reset to defaults") {
119
120	if (WEB_DEMO_MODE) {
121	header("Location: prefs.php");
122	return;
123	}
124
125	$_SESSION["prefs_op_result"] = "reset-to-defaults";
126
127	if (DB_TYPE == "pgsql") {
128	db_query($link,"UPDATE ttrss_user_prefs
129	SET value = ttrss_prefs.def_value
130	WHERE owner_uid = '".$_SESSION["uid"]."' AND
131	ttrss_prefs.pref_name = ttrss_user_prefs.pref_name");
132	} else {
133	db_query($link, "DELETE FROM ttrss_user_prefs
134	WHERE owner_uid = ".$_SESSION["uid"]);
135	initialize_user_prefs($link, $_SESSION["uid"]);
136	}
137
138	header("Location: prefs.php");
139
140	} else if ($subop == "Change theme") {
141
142	$theme = db_escape_string($_POST["theme"]);
143
144	if ($theme == "Default") {
145	$theme_qpart = 'NULL';
146	} else {
147	$theme_qpart = "'$theme'";
148	}
149
150	$result = db_query($link, "SELECT id,theme_path FROM ttrss_themes
151	WHERE theme_name = '$theme'");
152
153	if (db_num_rows($result) == 1) {
154	$theme_id = db_fetch_result($result, 0, "id");
155	$theme_path = db_fetch_result($result, 0, "theme_path");
156	} else {
157	$theme_id = "NULL";
158	$theme_path = "";
159	}
160
161	db_query($link, "UPDATE ttrss_users SET
162	theme_id = $theme_id WHERE id = " . $_SESSION["uid"]);
163
164	$_SESSION["theme"] = $theme_path;
165
166	header("Location: prefs.php");
167
168	} else {
169
170	print check_for_update($link);
171
172	if (!SINGLE_USER_MODE) {
173
174	$result = db_query($link, "SELECT id,email FROM ttrss_users
175	WHERE id = ".$_SESSION["uid"]." AND (pwd_hash = 'password' OR
176	pwd_hash = 'SHA1:".sha1("password")."')");
177
178	if (db_num_rows($result) != 0) {
179	print "<div class=\"warning\">
180	Your password is at default value, please change it.
181	</div>";
182	}
183
184	if ($_SESSION["pwd_change_result"] == "failed") {
185	print "<div class=\"warning\">
186	There was an error while changing your password.
187	</div>";
188	}
189
190	if ($_SESSION["pwd_change_result"] == "ok") {
191	print "<div class=\"notice\">
192	Password changed successfully.
193	</div>";
194	}
195
196	$_SESSION["pwd_change_result"] = "";
197
198	if ($_SESSION["prefs_op_result"] == "reset-to-defaults") {
199	print "<div class=\"notice\">
200	Your configuration was reset to defaults.
201	</div>";
202	}
203
204	if ($_SESSION["prefs_op_result"] == "save-config") {
205	print "<div class=\"notice\">
206	Your configuration was saved successfully.
207	</div>";
208	}
209
210	$_SESSION["prefs_op_result"] = "";
211
212	print "<form action=\"backend.php\" method=\"GET\">";
213
214	print "<table width=\"100%\" class=\"prefPrefsList\">";
215	print "<tr><td colspan='3'><h3>Personal data</h3></tr></td>";
216
217	$result = db_query($link, "SELECT email FROM ttrss_users
218	WHERE id = ".$_SESSION["uid"]);
219
220	$email = db_fetch_result($result, 0, "email");
221
222	print "<tr><td width=\"40%\">E-mail</td>";
223	print "<td><input class=\"editbox\" name=\"email\"
224	value=\"$email\"></td></tr>";
225
226	print "</table>";
227
228	print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">";
229
230	print "<p><input class=\"button\" type=\"submit\"
231	value=\"Change e-mail\" name=\"subop\">";
232
233	print "</form>";
234
235	print "<form action=\"backend.php\" method=\"POST\" name=\"changePassForm\">";
236
237	print "<table width=\"100%\" class=\"prefPrefsList\">";
238	print "<tr><td colspan='3'><h3>Authentication</h3></tr></td>";
239
240	print "<tr><td width=\"40%\">Old password</td>";
241	print "<td><input class=\"editbox\" type=\"password\"
242	name=\"OLD_PASSWORD\"></td></tr>";
243
244	print "<tr><td width=\"40%\">New password</td>";
245
246	print "<td><input class=\"editbox\" type=\"password\"
247	name=\"NEW_PASSWORD\"></td></tr>";
248
249	print "</table>";
250
251	print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">";
252
253	print "<p><input class=\"button\" type=\"submit\"
254	onclick=\"return validateNewPassword(this.form)\"
255	value=\"Change password\" name=\"subop\">";
256
257	print "</form>";
258
259	}
260
261	$result = db_query($link, "SELECT
262	theme_id FROM ttrss_users WHERE id = " . $_SESSION["uid"]);
263
264	$user_theme_id = db_fetch_result($result, 0, "theme_id");
265
266	$result = db_query($link, "SELECT
267	id,theme_name FROM ttrss_themes ORDER BY theme_name");
268
269	if (db_num_rows($result) > 0) {
270
271	print "<form action=\"backend.php\" method=\"POST\">";
272	print "<table width=\"100%\" class=\"prefPrefsList\">";
273	print "<tr><td colspan='3'><h3>Themes</h3></tr></td>";
274	print "<tr><td width=\"40%\">Select theme</td>";
275	print "<td><select name=\"theme\">";
276	print "<option>Default</option>";
277	print "<option disabled>--------</option>";
278
279	while ($line = db_fetch_assoc($result)) {
280	if ($line["id"] == $user_theme_id) {
281	$selected = "selected";
282	} else {
283	$selected = "";
284	}
285	print "<option $selected>" . $line["theme_name"] . "</option>";
286	}
287	print "</select></td></tr>";
288	print "</table>";
289	print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">";
290	print "<p><input class=\"button\" type=\"submit\"
291	value=\"Change theme\" name=\"subop\">";
292	print "</form>";
293	}
294
295	initialize_user_prefs($link, $_SESSION["uid"]);
296
297	$result = db_query($link, "SELECT
298	ttrss_user_prefs.pref_name,short_desc,help_text,value,type_name,
299	section_name,def_value
300	FROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs
301	WHERE type_id = ttrss_prefs_types.id AND
302	section_id = ttrss_prefs_sections.id AND
303	ttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND
304	owner_uid = ".$_SESSION["uid"]."
305	ORDER BY section_id,short_desc");
306
307	print "<form action=\"backend.php\" method=\"POST\">";
308
309	$lnum = 0;
310
311	$active_section = "";
312
313	while ($line = db_fetch_assoc($result)) {
314
315	if ($active_section != $line["section_name"]) {
316
317	if ($active_section != "") {
318	print "</table>";
319	}
320
321	print "<p><table width=\"100%\" class=\"prefPrefsList\">";
322
323	$active_section = $line["section_name"];
324
325	print "<tr><td colspan=\"3\"><h3>$active_section</h3></td></tr>";
326	// print "<tr class=\"title\">
327	// <td width=\"25%\">Option</td><td>Value</td></tr>";
328
329	$lnum = 0;
330	}
331
332	// $class = ($lnum % 2) ? "even" : "odd";
333
334	print "<tr>";
335
336	$type_name = $line["type_name"];
337	$pref_name = $line["pref_name"];
338	$value = $line["value"];
339	$def_value = $line["def_value"];
340	$help_text = $line["help_text"];
341
342	print "<td width=\"40%\" id=\"$pref_name\">" . $line["short_desc"];
343
344	if ($help_text) print "<div class=\"prefHelp\">$help_text</div>";
345
346	print "</td>";
347
348	print "<td>";
349
350	if ($type_name == "bool") {
351	// print_select($pref_name, $value, array("true", "false"));
352
353	if ($value == "true") {
354	$value = "Yes";
355	} else {
356	$value = "No";
357	}
358
359	print_radio($pref_name, $value, array("Yes", "No"));
360
361	} else {
362	print "<input class=\"editbox\" name=\"$pref_name\" value=\"$value\">";
363	}
364
365	print "</td>";
366
367	print "</tr>";
368
369	$lnum++;
370	}
371
372	print "</table>";
373
374	print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">";
375
376	print "<p><input class=\"button\" type=\"submit\"
377	name=\"subop\" value=\"Save configuration\">";
378
379	print " <input class=\"button\" type=\"submit\"
380	name=\"subop\" onclick=\"return validatePrefsReset()\"
381	value=\"Reset to defaults\"></p>";
382
383	print "</form>";
384
385	}
386	}
387	?>