classes/pref_prefs.php

   1 <?php
   2 class Pref_Prefs extends Protected_Handler {
   3
   4         function changepassword() {
   5
   6                 $old_pw = $_POST["old_password"];
   7                 $new_pw = $_POST["new_password"];
   8                 $con_pw = $_POST["confirm_password"];
   9
  10                 if ($old_pw == "") {
  11                         print "ERROR: ".__("Old password cannot be blank.");
  12                         return;
  13                 }
  14
  15                 if ($new_pw == "") {
  16                         print "ERROR: ".__("New password cannot be blank.");
  17                         return;
  18                 }
  19
  20                 if ($new_pw != $con_pw) {
  21                         print "ERROR: ".__("Entered passwords do not match.");
  22                         return;
  23                 }
  24
  25                 $old_pw_hash1 = encrypt_password($old_pw);
  26                 $old_pw_hash2 = encrypt_password($old_pw, $_SESSION["name"]);
  27                 $new_pw_hash = encrypt_password($new_pw, $_SESSION["name"]);
  28
  29                 $active_uid = $_SESSION["uid"];
  30
  31                 if ($old_pw && $new_pw) {
  32
  33                         $login = db_escape_string($_SERVER['PHP_AUTH_USER']);
  34
  35                         $result = db_query($this->link, "SELECT id FROM ttrss_users WHERE
  36                                 id = '$active_uid' AND (pwd_hash = '$old_pw_hash1' OR
  37                                         pwd_hash = '$old_pw_hash2')");
  38
  39                         if (db_num_rows($result) == 1) {
  40                                 db_query($this->link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash'
  41                                         WHERE id = '$active_uid'");
  42
  43                                 $_SESSION["pwd_hash"] = $new_pw_hash;
  44
  45                                 print __("Password has been changed.");
  46                         } else {
  47                                 print "ERROR: ".__('Old password is incorrect.');
  48                         }
  49                 }
  50
  51                 return;
  52
  53         }
  54
  55         function saveconfig() {
  56
  57                 $_SESSION["prefs_cache"] = false;
  58
  59                 $orig_theme = get_pref($this->link, "_THEME_ID");
  60
  61                 foreach (array_keys($_POST) as $pref_name) {
  62
  63                         $pref_name = db_escape_string($pref_name);
  64                         $value = db_escape_string($_POST[$pref_name]);
  65
  66                         set_pref($this->link, $pref_name, $value);
  67
  68                 }
  69
  70                 if ($orig_theme != get_pref($this->link, "_THEME_ID")) {
  71                         print "PREFS_THEME_CHANGED";
  72                 } else {
  73                         print __("The configuration was saved.");
  74                 }
  75         }
  76
  77         function getHelp() {
  78
  79                 $pref_name = db_escape_string($_REQUEST["pn"]);
  80
  81                 $result = db_query($this->link, "SELECT help_text FROM ttrss_prefs
  82                         WHERE pref_name = '$pref_name'");
  83
  84                 if (db_num_rows($result) > 0) {
  85                         $help_text = db_fetch_result($result, 0, "help_text");
  86                         print $help_text;
  87                 } else {
  88                         printf(__("Unknown option: %s"), $pref_name);
  89                 }
  90         }
  91
  92         function changeemail() {
  93
  94                 $email = db_escape_string($_POST["email"]);
  95                 $full_name = db_escape_string($_POST["full_name"]);
  96
  97                 $active_uid = $_SESSION["uid"];
  98
  99                 db_query($this->link, "UPDATE ttrss_users SET email = '$email',
 100                         full_name = '$full_name' WHERE id = '$active_uid'");
 101
 102                 print __("Your personal data has been saved.");
 103
 104                 return;
 105         }
 106
 107         function resetconfig() {
 108
 109                 $_SESSION["prefs_op_result"] = "reset-to-defaults";
 110
 111                 if ($_SESSION["profile"]) {
 112                         $profile_qpart = "profile = '" . $_SESSION["profile"] . "'";
 113                 } else {
 114                         $profile_qpart = "profile IS NULL";
 115                 }
 116
 117                 db_query($this->link, "DELETE FROM ttrss_user_prefs
 118                         WHERE $profile_qpart AND owner_uid = ".$_SESSION["uid"]);
 119
 120                 initialize_user_prefs($this->link, $_SESSION["uid"], $_SESSION["profile"]);
 121
 122                 print "PREFS_THEME_CHANGED";
 123         }
 124
 125         function index() {
 126
 127                 global $access_level_names;
 128
 129                 $prefs_blacklist = array("HIDE_READ_FEEDS", "FEEDS_SORT_BY_UNREAD",
 130                                         "STRIP_UNSAFE_TAGS");
 131
 132                 $profile_blacklist = array("ALLOW_DUPLICATE_POSTS", "PURGE_OLD_DAYS",
 133                                         "PURGE_UNREAD_ARTICLES", "DIGEST_ENABLE", "DIGEST_CATCHUP",
 134                                         "BLACKLISTED_TAGS", "ENABLE_API_ACCESS", "UPDATE_POST_ON_CHECKSUM_CHANGE",
 135                                         "DEFAULT_UPDATE_INTERVAL", "USER_TIMEZONE", "SORT_HEADLINES_BY_FEED_DATE",
 136                                         "SSL_CERT_SERIAL");
 137
 138
 139                 if (!SINGLE_USER_MODE) {
 140
 141                         $_SESSION["prefs_op_result"] = "";
 142
 143                         print "<div dojoType=\"dijit.layout.AccordionContainer\" region=\"center\">";
 144                         print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Personal data')."\">";
 145
 146                         print "<form dojoType=\"dijit.form.Form\" id=\"changeUserdataForm\">";
 147
 148                         print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">
 149                         evt.preventDefault();
 150                         if (this.validate()) {
 151                                 notify_progress('Saving data...', true);
 152
 153                                 new Ajax.Request('backend.php', {
 154                                         parameters: dojo.objectToQuery(this.getValues()),
 155                                         onComplete: function(transport) {
 156                                                 notify_callback2(transport);
 157                                 } });
 158
 159                         }
 160                         </script>";
 161
 162                         print "<table width=\"100%\" class=\"prefPrefsList\">";
 163
 164                         $result = db_query($this->link, "SELECT email,full_name,
 165                                 access_level FROM ttrss_users
 166                                 WHERE id = ".$_SESSION["uid"]);
 167
 168                         $email = htmlspecialchars(db_fetch_result($result, 0, "email"));
 169                         $full_name = htmlspecialchars(db_fetch_result($result, 0, "full_name"));
 170
 171                         print "<tr><td width=\"40%\">".__('Full name')."</td>";
 172                         print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"full_name\" required=\"1\"
 173                                 value=\"$full_name\"></td></tr>";
 174
 175                         print "<tr><td width=\"40%\">".__('E-mail')."</td>";
 176                         print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"email\" required=\"1\" value=\"$email\"></td></tr>";
 177
 178                         if (!SINGLE_USER_MODE) {
 179                                 $access_level = db_fetch_result($result, 0, "access_level");
 180                                 print "<tr><td width=\"40%\">".__('Access level')."</td>";
 181                                 print "<td>" . $access_level_names[$access_level] . "</td></tr>";
 182                         }
 183
 184                         print "</table>";
 185
 186                         print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
 187                         print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"changeemail\">";
 188
 189                         print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">".
 190                                 __("Save data")."</button>";
 191
 192                         print "</form>";
 193
 194                         print "</div>"; # pane
 195                         print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Authentication')."\">";
 196
 197                         $result = db_query($this->link, "SELECT id FROM ttrss_users
 198                                 WHERE id = ".$_SESSION["uid"]." AND pwd_hash
 199                                 = 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'");
 200
 201                         if (db_num_rows($result) != 0) {
 202                                 print format_warning(__("Your password is at default value, please change it."), "default_pass_warning");
 203                         }
 204
 205                         print "<form dojoType=\"dijit.form.Form\">";
 206
 207                         print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">
 208                         evt.preventDefault();
 209                         if (this.validate()) {
 210                                 notify_progress('Changing password...', true);
 211
 212                                 new Ajax.Request('backend.php', {
 213                                         parameters: dojo.objectToQuery(this.getValues()),
 214                                         onComplete: function(transport) {
 215                                                 notify('');
 216                                                 if (transport.responseText.indexOf('ERROR: ') == 0) {
 217                                                         notify_error(transport.responseText.replace('ERROR: ', ''));
 218                                                 } else {
 219                                                         notify_info(transport.responseText);
 220                                                         var warn = $('default_pass_warning');
 221                                                         if (warn) Element.hide(warn);
 222                                                 }
 223                                 }});
 224                                 this.reset();
 225                         }
 226                         </script>";
 227
 228                         print "<table width=\"100%\" class=\"prefPrefsList\">";
 229
 230                         print "<tr><td width=\"40%\">".__("Old password")."</td>";
 231                         print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"old_password\"></td></tr>";
 232
 233                         print "<tr><td width=\"40%\">".__("New password")."</td>";
 234
 235                         print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\"
 236                                 name=\"new_password\"></td></tr>";
 237
 238                         print "<tr><td width=\"40%\">".__("Confirm password")."</td>";
 239
 240                         print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"confirm_password\"></td></tr>";
 241
 242                         print "</table>";
 243
 244                         print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
 245                         print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"changepassword\">";
 246
 247                         print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">".
 248                                 __("Change password")."</button>";
 249
 250                         print "</form>";
 251
 252                         print "</div>"; #pane
 253                 }
 254
 255                 print "<div dojoType=\"dijit.layout.AccordionPane\" selected=\"true\" title=\"".__('Preferences')."\">";
 256
 257                 print "<form dojoType=\"dijit.form.Form\" id=\"changeSettingsForm\">";
 258
 259                 print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">
 260                 evt.preventDefault();
 261                 if (this.validate()) {
 262                         console.log(dojo.objectToQuery(this.getValues()));
 263
 264                         new Ajax.Request('backend.php', {
 265                                 parameters: dojo.objectToQuery(this.getValues()),
 266                                 onComplete: function(transport) {
 267                                         var msg = transport.responseText;
 268                                         if (msg.match('PREFS_THEME_CHANGED')) {
 269                                                 window.location.reload();
 270                                         } else {
 271                                                 notify_info(msg);
 272                                         }
 273                         } });
 274                 }
 275                 </script>";
 276
 277                 print '<div dojoType="dijit.layout.BorderContainer" gutters="false">';
 278
 279                 print '<div dojoType="dijit.layout.ContentPane" region="center" style="overflow-y : auto">';
 280
 281                 if ($_SESSION["profile"]) {
 282                         print_notice("Some preferences are only available in default profile.");
 283                 }
 284
 285                 if ($_SESSION["profile"]) {
 286                         initialize_user_prefs($this->link, $_SESSION["uid"], $_SESSION["profile"]);
 287                         $profile_qpart = "profile = '" . $_SESSION["profile"] . "'";
 288                 } else {
 289                         initialize_user_prefs($this->link, $_SESSION["uid"]);
 290                         $profile_qpart = "profile IS NULL";
 291                 }
 292
 293                 $result = db_query($this->link, "SELECT
 294                         ttrss_user_prefs.pref_name,short_desc,help_text,value,type_name,
 295                         section_name,def_value,section_id
 296                         FROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs
 297                         WHERE type_id = ttrss_prefs_types.id AND
 298                                 $profile_qpart AND
 299                                 section_id = ttrss_prefs_sections.id AND
 300                                 ttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND
 301                                 short_desc != '' AND
 302                                 owner_uid = ".$_SESSION["uid"]."
 303                         ORDER BY section_id,short_desc");
 304
 305                 $lnum = 0;
 306
 307                 $active_section = "";
 308
 309                 while ($line = db_fetch_assoc($result)) {
 310
 311                         if (in_array($line["pref_name"], $prefs_blacklist)) {
 312                                 continue;
 313                         }
 314
 315                         if ($_SESSION["profile"] && in_array($line["pref_name"],
 316                                         $profile_blacklist)) {
 317                                 continue;
 318                         }
 319
 320                         if ($active_section != $line["section_name"]) {
 321
 322                                 if ($active_section != "") {
 323                                         print "</table>";
 324                                 }
 325
 326                                 print "<table width=\"100%\" class=\"prefPrefsList\">";
 327
 328                                 $active_section = $line["section_name"];
 329
 330                                 print "<tr><td colspan=\"3\"><h3>".__($active_section)."</h3></td></tr>";
 331
 332                                 if ($line["section_id"] == 2) {
 333                                         print "<tr><td width=\"40%\">".__("Select theme")."</td>";
 334
 335                                         $user_theme = get_pref($this->link, "_THEME_ID");
 336                                         $themes = get_all_themes();
 337
 338                                         print "<td><select name=\"_THEME_ID\" dojoType=\"dijit.form.Select\">";
 339                                         print "<option value='Default'>".__('Default')."</option>";
 340                                         print "<option value='----------------' disabled=\"1\">--------</option>";
 341
 342                                         foreach ($themes as $t) {
 343                                                 $base = $t['base'];
 344                                                 $name = $t['name'];
 345
 346                                                 if ($base == $user_theme) {
 347                                                         $selected = "selected=\"1\"";
 348                                                 } else {
 349                                                         $selected = "";
 350                                                 }
 351
 352                                                 print "<option $selected value='$base'>$name</option>";
 353
 354                                         }
 355
 356                                         print "</select></td></tr>";
 357                                 }
 358                                 $lnum = 0;
 359                         }
 360
 361                         print "<tr>";
 362
 363                         $type_name = $line["type_name"];
 364                         $pref_name = $line["pref_name"];
 365                         $value = $line["value"];
 366                         $def_value = $line["def_value"];
 367                         $help_text = $line["help_text"];
 368
 369                         print "<td width=\"40%\" class=\"prefName\" id=\"$pref_name\">" . __($line["short_desc"]);
 370
 371                         if ($help_text) print "<div class=\"prefHelp\">".__($help_text)."</div>";
 372
 373                         print "</td>";
 374
 375                         print "<td class=\"prefValue\">";
 376
 377                         if ($pref_name == "USER_TIMEZONE") {
 378
 379                                 $timezones = explode("\n", file_get_contents("lib/timezones.txt"));
 380
 381                                 print_select($pref_name, $value, $timezones, 'dojoType="dijit.form.FilteringSelect"');
 382                         } else if ($pref_name == "USER_STYLESHEET") {
 383
 384                                 print "<button dojoType=\"dijit.form.Button\"
 385                                         onclick=\"customizeCSS()\">" . __('Customize') . "</button>";
 386
 387                         } else if ($pref_name == "DEFAULT_ARTICLE_LIMIT") {
 388
 389                                 $limits = array(15, 30, 45, 60);
 390
 391                                 print_select($pref_name, $value, $limits,
 392                                         'dojoType="dijit.form.Select"');
 393
 394                         } else if ($pref_name == "DEFAULT_UPDATE_INTERVAL") {
 395
 396                                 global $update_intervals_nodefault;
 397
 398                                 print_select_hash($pref_name, $value, $update_intervals_nodefault,
 399                                         'dojoType="dijit.form.Select"');
 400
 401                         } else if ($type_name == "bool") {
 402
 403                                 if ($value == "true") {
 404                                         $value = __("Yes");
 405                                 } else {
 406                                         $value = __("No");
 407                                 }
 408
 409                                 if ($pref_name == "PURGE_UNREAD_ARTICLES" && FORCE_ARTICLE_PURGE != 0) {
 410                                         $disabled = "disabled=\"1\"";
 411                                         $value = __("Yes");
 412                                 } else {
 413                                         $disabled = "";
 414                                 }
 415
 416                                 print_radio($pref_name, $value, __("Yes"), array(__("Yes"), __("No")),
 417                                         $disabled);
 418
 419                         } else if (array_search($pref_name, array('FRESH_ARTICLE_MAX_AGE', 'DEFAULT_ARTICLE_LIMIT',
 420                                         'PURGE_OLD_DAYS', 'LONG_DATE_FORMAT', 'SHORT_DATE_FORMAT')) !== false) {
 421
 422                                 $regexp = ($type_name == 'integer') ? 'regexp="^\d*$"' : '';
 423
 424                                 if ($pref_name == "PURGE_OLD_DAYS" && FORCE_ARTICLE_PURGE != 0) {
 425                                         $disabled = "disabled=\"1\"";
 426                                         $value = FORCE_ARTICLE_PURGE;
 427                                 } else {
 428                                         $disabled = "";
 429                                 }
 430
 431                                 print "<input dojoType=\"dijit.form.ValidationTextBox\"
 432                                         required=\"1\" $regexp $disabled
 433                                         name=\"$pref_name\" value=\"$value\">";
 434
 435                         } else if ($pref_name == "SSL_CERT_SERIAL") {
 436
 437                                 print "<input dojoType=\"dijit.form.ValidationTextBox\"
 438                                         id=\"SSL_CERT_SERIAL\" readonly=\"1\"
 439                                         name=\"$pref_name\" value=\"$value\">";
 440
 441                                 $cert_serial = htmlspecialchars(get_ssl_certificate_id());
 442                                 $has_serial = ($cert_serial) ? "false" : "true";
 443
 444                                 print " <button dojoType=\"dijit.form.Button\" disabled=\"$has_serial\"
 445                                         onclick=\"insertSSLserial('$cert_serial')\">" .
 446                                         __('Register') . "</button>";
 447
 448                                 print " <button dojoType=\"dijit.form.Button\"
 449                                         onclick=\"insertSSLserial('')\">" .
 450                                         __('Clear') . "</button>";
 451
 452                         } else {
 453                                 $regexp = ($type_name == 'integer') ? 'regexp="^\d*$"' : '';
 454
 455                                 print "<input dojoType=\"dijit.form.ValidationTextBox\"
 456                                         $regexp
 457                                         name=\"$pref_name\" value=\"$value\">";
 458                         }
 459
 460                         print "</td>";
 461
 462                         print "</tr>";
 463
 464                         $lnum++;
 465                 }
 466
 467                 print "</table>";
 468
 469                 print '</div>'; # inside pane
 470                 print '<div dojoType="dijit.layout.ContentPane" region="bottom">';
 471
 472                 print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
 473                 print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"saveconfig\">";
 474
 475                 print "<button dojoType=\"dijit.form.Button\" type=\"submit\">".
 476                         __('Save configuration')."</button> ";
 477
 478                 print "<button dojoType=\"dijit.form.Button\" onclick=\"return editProfiles()\">".
 479                         __('Manage profiles')."</button> ";
 480
 481                 print "<button dojoType=\"dijit.form.Button\" onclick=\"return validatePrefsReset()\">".
 482                         __('Reset to defaults')."</button>";
 483
 484                 print '</div>'; # inner pane
 485                 print '</div>'; # border container
 486
 487                 print "</form>";
 488
 489                 print "</div>"; #pane
 490                 print "</div>"; #container
 491         }
 492 }
 493 ?>