[tt-rss.git] / modules / pref-users.php

<?php
	function module_pref_users($link) {

		$subop = $_GET["subop"];

		if ($subop == "edit") {

			$id = db_escape_string($_GET["id"]);

			print "<div id=\"infoBoxTitle\">User editor</div>";
			
			print "<div class=\"infoBoxContents\">";

			print "<form id=\"user_edit_form\">";

			print "<input type=\"hidden\" name=\"id\" value=\"$id\">";
			print "<input type=\"hidden\" name=\"op\" value=\"pref-users\">";
			print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">";

			$result = db_query($link, "SELECT * FROM ttrss_users WHERE id = '$id'");

			$login = db_fetch_result($result, 0, "login");
			$access_level = db_fetch_result($result, 0, "access_level");
			$email = db_fetch_result($result, 0, "email");

			print "<table width='100%'>";
			print "<tr><td>Login:</td><td>
				<input class=\"iedit\" onkeypress=\"return filterCR(event)\"
				name=\"login\" value=\"$login\"></td></tr>";

			print "<tr><td>Change password:</td><td>
				<input class=\"iedit\" onkeypress=\"return filterCR(event)\"
				name=\"password\"></td></tr>";

			print "<tr><td>E-mail:</td><td>
				<input class=\"iedit\" name=\"email\" onkeypress=\"return filterCR(event)\"
				value=\"$email\"></td></tr>";

			$sel_disabled = ($id == $_SESSION["uid"]) ? "disabled" : "";
				
			print "<tr><td>Access level:</td><td>";
			print_select_hash("access_level", $access_level, $access_level_names, 
				$sel_disabled);
			print "</td></tr>";

			print "</table>";

			print "</form>";
			
			print "<div align='right'>
				<input class=\"button\"
					type=\"submit\" onclick=\"return userEditSave()\" 
					value=\"Save\">
				<input class=\"button\"
					type=\"submit\" onclick=\"return userEditCancel()\" 
					value=\"Cancel\"></div>";

			print "</div>";

			return;
		}

		if ($subop == "editSave") {
	
			if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {

				$login = db_escape_string(trim($_GET["login"]));
				$uid = db_escape_string($_GET["id"]);
				$access_level = sprintf("%d", $_GET["access_level"]);
				$email = db_escape_string(trim($_GET["email"]));
				$password = db_escape_string(trim($_GET["password"]));

				if ($password) {
					$pwd_hash = 'SHA1:' . sha1($password);
					$pass_query_part = "pwd_hash = '$pwd_hash', ";					
					print "<div class='notice'>Changed password for user <b>$login</b>.</div>";
				} else {
					$pass_query_part = "";
				}

				db_query($link, "UPDATE ttrss_users SET $pass_query_part login = '$login', 
					access_level = '$access_level', email = '$email' WHERE id = '$uid'");

			}
		} else if ($subop == "remove") {

			if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {

				$ids = split(",", db_escape_string($_GET["ids"]));

				foreach ($ids as $id) {
					db_query($link, "DELETE FROM ttrss_users WHERE id = '$id' AND id != " . $_SESSION["uid"]);
					
				}
			}
		} else if ($subop == "add") {
		
			if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {

				$login = db_escape_string(trim($_GET["login"]));
				$tmp_user_pwd = make_password(8);
				$pwd_hash = 'SHA1:' . sha1($tmp_user_pwd);

				$result = db_query($link, "SELECT id FROM ttrss_users WHERE 
					login = '$login'");

				if (db_num_rows($result) == 0) {

					db_query($link, "INSERT INTO ttrss_users 
						(login,pwd_hash,access_level,last_login)
						VALUES ('$login', '$pwd_hash', 0, NOW())");
	
	
					$result = db_query($link, "SELECT id FROM ttrss_users WHERE 
						login = '$login' AND pwd_hash = '$pwd_hash'");
	
					if (db_num_rows($result) == 1) {
	
						$new_uid = db_fetch_result($result, 0, "id");
	
						print "<div class=\"notice\">Added user <b>".$_GET["login"].
							"</b> with password <b>$tmp_user_pwd</b>.</div>";
	
						initialize_user($link, $new_uid);
	
					} else {
					
						print "<div class=\"warning\">Could not create user <b>".
							$_GET["login"]."</b></div>";
	
					}
				} else {
					print "<div class=\"warning\">User <b>".
						$_GET["login"]."</b> already exists.</div>";
				}
			} 
		} else if ($subop == "resetPass") {

			if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {

				$uid = db_escape_string($_GET["id"]);

				$result = db_query($link, "SELECT login,email 
					FROM ttrss_users WHERE id = '$uid'");

				$login = db_fetch_result($result, 0, "login");
				$email = db_fetch_result($result, 0, "email");
				$tmp_user_pwd = make_password(8);
				$pwd_hash = 'SHA1:' . sha1($tmp_user_pwd);

				db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash'
					WHERE id = '$uid'");

				print "<div class=\"notice\">Changed password of 
					user <b>$login</b> to <b>$tmp_user_pwd</b>.";

				if (MAIL_RESET_PASS && $email) {
					print " Notifying <b>$email</b>.";

					mail("$login <$email>", "Password reset notification",
						"Hi, $login.\n".
						"\n".
						"Your password for this TT-RSS installation was reset by".
							" an administrator.\n".
						"\n".
						"Your new password is $tmp_user_pwd, please remember".
							" it for later reference.\n".
						"\n".
						"Sincerely, TT-RSS Mail Daemon.", "From: " . MAIL_FROM);
				}
					
				print "</div>";				

			}
		}

		$sort = db_escape_string($_GET["sort"]);

		if (!$sort || $sort == "undefined") {
			$sort = "login";
		}

		print "<div class=\"prefGenericAddBox\">
			<input id=\"uadd_box\" 			
				onkeyup=\"toggleSubmitNotEmpty(this, 'user_add_btn')\"
				size=\"40\">&nbsp;";
			
		print "<input type=\"submit\" class=\"button\" 
			id=\"user_add_btn\" disabled=\"true\"
			onclick=\"javascript:addUser()\" value=\"Create user\"></div>";

		$result = db_query($link, "SELECT 
				id,login,access_level,email,
				SUBSTRING(last_login,1,16) as last_login
			FROM 
				ttrss_users
			ORDER BY $sort");

//		print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>";

		print "<p><table width=\"100%\" cellspacing=\"0\" 
			class=\"prefUserList\" id=\"prefUserList\">";

		print "<tr><td class=\"selectPrompt\" colspan=\"8\">
				Select: 
					<a href=\"javascript:selectPrefRows('user', true)\">All</a>,
					<a href=\"javascript:selectPrefRows('user', false)\">None</a>
				</td</tr>";

		print "<tr class=\"title\">
					<td align='center' width=\"5%\">&nbsp;</td>
					<td width='40%'><a href=\"javascript:updateUsersList('login')\">Login</a></td>
					<td width='40%'><a href=\"javascript:updateUsersList('access_level')\">Access Level</a></td>
					<td width='30%'><a href=\"javascript:updateUsersList('last_login')\">Last login</a></td></tr>";
		
		$lnum = 0;
		
		while ($line = db_fetch_assoc($result)) {

			$class = ($lnum % 2) ? "even" : "odd";

			$uid = $line["id"];
			$edit_uid = $_GET["id"];

			if ($subop == "edit" && $uid != $edit_uid) {
				$class .= "Grayed";
				$this_row_id = "";
			} else {
				$this_row_id = "id=\"UMRR-$uid\"";
			}		
			
			print "<tr class=\"$class\" $this_row_id>";

			$line["login"] = htmlspecialchars($line["login"]);

			$line["last_login"] = date(get_pref($link, 'SHORT_DATE_FORMAT'),
				strtotime($line["last_login"]));

			$access_level_names = array(0 => "User", 10 => "Administrator");

//			if (!$edit_uid || $subop != "edit") {

				print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"user\");' 
				type=\"checkbox\" id=\"UMCHK-$uid\"></td>";

				print "<td><a href=\"javascript:editUser($uid);\">" . 
					$line["login"] . "</td>";		

				if (!$line["email"]) $line["email"] = "&nbsp;";

				print "<td><a href=\"javascript:editUser($uid);\">" . 
					$access_level_names[$line["access_level"]] . "</td>";			

/*			} else if ($uid != $edit_uid) {

				if (!$line["email"]) $line["email"] = "&nbsp;";

				print "<td align='center'><input disabled=\"true\" type=\"checkbox\" 
					id=\"UMCHK-".$line["id"]."\"></td>";

				print "<td>".$line["login"]."</td>";		
				print "<td>".$line["email"]."</td>";		
				print "<td>".$access_level_names[$line["access_level"]]."</td>";

			} else {

				print "<td align='center'>
					<input disabled=\"true\" type=\"checkbox\" checked></td>";

				print "<td><input id=\"iedit_ulogin\" value=\"".$line["login"].
					"\"></td>";

				print "<td><input id=\"iedit_email\" value=\"".$line["email"].
					"\"></td>";

				print "<td>";
				print "<select id=\"iedit_ulevel\">";
				foreach (array_keys($access_level_names) as $al) {
					if ($al == $line["access_level"]) {
						$selected = "selected";
					} else {
						$selected = "";
					}					
					print "<option $selected id=\"$al\">" . 
						$access_level_names[$al] . "</option>";
				}
				print "</select>";
				print "</td>";

			} */
				
			print "<td>".$line["last_login"]."</td>";		
		
			print "</tr>";

			++$lnum;
		}

		print "</table>";

		print "<p id='userOpToolbar'>";

/*		if ($subop == "edit") {
			print "Edit user:
				<input type=\"submit\" class=\"button\" 
					onclick=\"javascript:userEditSave()\" value=\"Save\">
				<input type=\"submit\" class=\"button\" 
					onclick=\"javascript:userEditCancel()\" value=\"Cancel\">";
					
		} else { */

			print "
				Selection:
			<input type=\"submit\" class=\"button\" disabled=\"true\"
				onclick=\"javascript:selectedUserDetails()\" value=\"User details\">
			<input type=\"submit\" class=\"button\" disabled=\"true\"
				onclick=\"javascript:editSelectedUser()\" value=\"Edit\">
			<input type=\"submit\" class=\"button\" disabled=\"true\"
				onclick=\"javascript:removeSelectedUsers()\" value=\"Remove\">
			<input type=\"submit\" class=\"button\" disabled=\"true\"
				onclick=\"javascript:resetSelectedUserPass()\" value=\"Reset password\">";

//		}
	}
?>
Commit	Line	Data
ef8be8ea AD	1	<?php
	2	function module_pref_users($link) {
	3
	4	$subop = $_GET["subop"];
	5
	6	if ($subop == "edit") {
	7
	8	$id = db_escape_string($_GET["id"]);
	9
	10	print "<div id=\"infoBoxTitle\">User editor</div>";
	11
	12	print "<div class=\"infoBoxContents\">";
	13
	14	print "<form id=\"user_edit_form\">";
	15
	16	print "<input type=\"hidden\" name=\"id\" value=\"$id\">";
	17	print "<input type=\"hidden\" name=\"op\" value=\"pref-users\">";
	18	print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">";
	19
	20	$result = db_query($link, "SELECT * FROM ttrss_users WHERE id = '$id'");
	21
	22	$login = db_fetch_result($result, 0, "login");
	23	$access_level = db_fetch_result($result, 0, "access_level");
	24	$email = db_fetch_result($result, 0, "email");
	25
	26	print "<table width='100%'>";
	27	print "<tr><td>Login:</td><td>
	28	<input class=\"iedit\" onkeypress=\"return filterCR(event)\"
	29	name=\"login\" value=\"$login\"></td></tr>";
	30
	31	print "<tr><td>Change password:</td><td>
	32	<input class=\"iedit\" onkeypress=\"return filterCR(event)\"
	33	name=\"password\"></td></tr>";
	34
	35	print "<tr><td>E-mail:</td><td>
	36	<input class=\"iedit\" name=\"email\" onkeypress=\"return filterCR(event)\"
	37	value=\"$email\"></td></tr>";
	38
	39	$sel_disabled = ($id == $_SESSION["uid"]) ? "disabled" : "";
	40
	41	print "<tr><td>Access level:</td><td>";
	42	print_select_hash("access_level", $access_level, $access_level_names,
	43	$sel_disabled);
	44	print "</td></tr>";
	45
	46	print "</table>";
	47
	48	print "</form>";
	49
	50	print "<div align='right'>
	51	<input class=\"button\"
	52	type=\"submit\" onclick=\"return userEditSave()\"
	53	value=\"Save\">
	54	<input class=\"button\"
	55	type=\"submit\" onclick=\"return userEditCancel()\"
	56	value=\"Cancel\"></div>";
	57
	58	print "</div>";
	59
	60	return;
	61	}
	62
	63	if ($subop == "editSave") {
	64
65	if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
66
67	$login = db_escape_string(trim($_GET["login"]));
68	$uid = db_escape_string($_GET["id"]);
69	$access_level = sprintf("%d", $_GET["access_level"]);
70	$email = db_escape_string(trim($_GET["email"]));
71	$password = db_escape_string(trim($_GET["password"]));
72
73	if ($password) {
74	$pwd_hash = 'SHA1:' . sha1($password);
75	$pass_query_part = "pwd_hash = '$pwd_hash', ";
76	print "<div class='notice'>Changed password for user <b>$login</b>.</div>";
77	} else {
78	$pass_query_part = "";
79	}
80
81	db_query($link, "UPDATE ttrss_users SET $pass_query_part login = '$login',
82	access_level = '$access_level', email = '$email' WHERE id = '$uid'");
83
84	}
85	} else if ($subop == "remove") {
86
87	if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
88
89	$ids = split(",", db_escape_string($_GET["ids"]));
90
91	foreach ($ids as $id) {
92	db_query($link, "DELETE FROM ttrss_users WHERE id = '$id' AND id != " . $_SESSION["uid"]);
93
94	}
95	}
96	} else if ($subop == "add") {
97
98	if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
99
100	$login = db_escape_string(trim($_GET["login"]));
101	$tmp_user_pwd = make_password(8);
102	$pwd_hash = 'SHA1:' . sha1($tmp_user_pwd);
103
104	$result = db_query($link, "SELECT id FROM ttrss_users WHERE
105	login = '$login'");
106
107	if (db_num_rows($result) == 0) {
108
109	db_query($link, "INSERT INTO ttrss_users
110	(login,pwd_hash,access_level,last_login)
111	VALUES ('$login', '$pwd_hash', 0, NOW())");
112
113
114	$result = db_query($link, "SELECT id FROM ttrss_users WHERE
115	login = '$login' AND pwd_hash = '$pwd_hash'");
116
117	if (db_num_rows($result) == 1) {
118
119	$new_uid = db_fetch_result($result, 0, "id");
120
121	print "<div class=\"notice\">Added user <b>".$_GET["login"].
122	"</b> with password <b>$tmp_user_pwd</b>.</div>";
123
124	initialize_user($link, $new_uid);
125
126	} else {
127
128	print "<div class=\"warning\">Could not create user <b>".
129	$_GET["login"]."</b></div>";
130
131	}
132	} else {
133	print "<div class=\"warning\">User <b>".
134	$_GET["login"]."</b> already exists.</div>";
135	}
136	}
137	} else if ($subop == "resetPass") {
138
139	if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
140
141	$uid = db_escape_string($_GET["id"]);
142
143	$result = db_query($link, "SELECT login,email
144	FROM ttrss_users WHERE id = '$uid'");
145
146	$login = db_fetch_result($result, 0, "login");
147	$email = db_fetch_result($result, 0, "email");
148	$tmp_user_pwd = make_password(8);
149	$pwd_hash = 'SHA1:' . sha1($tmp_user_pwd);
150
151	db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash'
152	WHERE id = '$uid'");
153
154	print "<div class=\"notice\">Changed password of
155	user <b>$login</b> to <b>$tmp_user_pwd</b>.";
156
157	if (MAIL_RESET_PASS && $email) {
158	print " Notifying <b>$email</b>.";
159
160	mail("$login <$email>", "Password reset notification",
161	"Hi, $login.\n".
162	"\n".
163	"Your password for this TT-RSS installation was reset by".
164	" an administrator.\n".
165	"\n".
166	"Your new password is $tmp_user_pwd, please remember".
167	" it for later reference.\n".
168	"\n".
169	"Sincerely, TT-RSS Mail Daemon.", "From: " . MAIL_FROM);
170	}
171
172	print "</div>";
173
174	}
175	}
176
177	$sort = db_escape_string($_GET["sort"]);
178
179	if (!$sort \|\| $sort == "undefined") {
180	$sort = "login";
181	}
182
183	print "<div class=\"prefGenericAddBox\">
184	<input id=\"uadd_box\"
185	onkeyup=\"toggleSubmitNotEmpty(this, 'user_add_btn')\"
186	size=\"40\"> ";
187
188	print "<input type=\"submit\" class=\"button\"
189	id=\"user_add_btn\" disabled=\"true\"
190	onclick=\"javascript:addUser()\" value=\"Create user\"></div>";
191
192	$result = db_query($link, "SELECT
193	id,login,access_level,email,
194	SUBSTRING(last_login,1,16) as last_login
195	FROM
196	ttrss_users
197	ORDER BY $sort");
198
199	// print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>";
200
201	print "<p><table width=\"100%\" cellspacing=\"0\"
202	class=\"prefUserList\" id=\"prefUserList\">";
203
204	print "<tr><td class=\"selectPrompt\" colspan=\"8\">
205	Select:
206	<a href=\"javascript:selectPrefRows('user', true)\">All</a>,
207	<a href=\"javascript:selectPrefRows('user', false)\">None</a>
208	</td</tr>";
209
210	print "<tr class=\"title\">
211	<td align='center' width=\"5%\"> </td>
212	<td width='40%'><a href=\"javascript:updateUsersList('login')\">Login</a></td>
213	<td width='40%'><a href=\"javascript:updateUsersList('access_level')\">Access Level</a></td>
214	<td width='30%'><a href=\"javascript:updateUsersList('last_login')\">Last login</a></td></tr>";
215
216	$lnum = 0;
217
218	while ($line = db_fetch_assoc($result)) {
219
220	$class = ($lnum % 2) ? "even" : "odd";
221
222	$uid = $line["id"];
223	$edit_uid = $_GET["id"];
224
225	if ($subop == "edit" && $uid != $edit_uid) {
226	$class .= "Grayed";
227	$this_row_id = "";
228	} else {
229	$this_row_id = "id=\"UMRR-$uid\"";
230	}
231
232	print "<tr class=\"$class\" $this_row_id>";
233
234	$line["login"] = htmlspecialchars($line["login"]);
235
236	$line["last_login"] = date(get_pref($link, 'SHORT_DATE_FORMAT'),
237	strtotime($line["last_login"]));
238
239	$access_level_names = array(0 => "User", 10 => "Administrator");
240
241	// if (!$edit_uid \|\| $subop != "edit") {
242
243	print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"user\");'
244	type=\"checkbox\" id=\"UMCHK-$uid\"></td>";
245
246	print "<td><a href=\"javascript:editUser($uid);\">" .
247	$line["login"] . "</td>";
248
249	if (!$line["email"]) $line["email"] = " ";
250
251	print "<td><a href=\"javascript:editUser($uid);\">" .
252	$access_level_names[$line["access_level"]] . "</td>";
253
254	/* } else if ($uid != $edit_uid) {
255
256	if (!$line["email"]) $line["email"] = " ";
257
258	print "<td align='center'><input disabled=\"true\" type=\"checkbox\"
259	id=\"UMCHK-".$line["id"]."\"></td>";
260
261	print "<td>".$line["login"]."</td>";
262	print "<td>".$line["email"]."</td>";
263	print "<td>".$access_level_names[$line["access_level"]]."</td>";
264
265	} else {
266
267	print "<td align='center'>
268	<input disabled=\"true\" type=\"checkbox\" checked></td>";
269
270	print "<td><input id=\"iedit_ulogin\" value=\"".$line["login"].
271	"\"></td>";
272
273	print "<td><input id=\"iedit_email\" value=\"".$line["email"].
274	"\"></td>";
275
276	print "<td>";
277	print "<select id=\"iedit_ulevel\">";
278	foreach (array_keys($access_level_names) as $al) {
279	if ($al == $line["access_level"]) {
280	$selected = "selected";
281	} else {
282	$selected = "";
283	}
284	print "<option $selected id=\"$al\">" .
285	$access_level_names[$al] . "</option>";
286	}
287	print "</select>";
288	print "</td>";
289
290	} */
291
292	print "<td>".$line["last_login"]."</td>";
293
294	print "</tr>";
295
296	++$lnum;
297	}
298
299	print "</table>";
300
301	print "<p id='userOpToolbar'>";
302
303	/* if ($subop == "edit") {
304	print "Edit user:
305	<input type=\"submit\" class=\"button\"
306	onclick=\"javascript:userEditSave()\" value=\"Save\">
307	<input type=\"submit\" class=\"button\"
308	onclick=\"javascript:userEditCancel()\" value=\"Cancel\">";
309
310	} else { */
311
312	print "
313	Selection:
314	<input type=\"submit\" class=\"button\" disabled=\"true\"
315	onclick=\"javascript:selectedUserDetails()\" value=\"User details\">
316	<input type=\"submit\" class=\"button\" disabled=\"true\"
317	onclick=\"javascript:editSelectedUser()\" value=\"Edit\">
318	<input type=\"submit\" class=\"button\" disabled=\"true\"
319	onclick=\"javascript:removeSelectedUsers()\" value=\"Remove\">
320	<input type=\"submit\" class=\"button\" disabled=\"true\"
321	onclick=\"javascript:resetSelectedUserPass()\" value=\"Reset password\">";
322
323	// }
324	}
325	?>