]> git.wh0rd.org - tt-rss.git/blobdiff - classes/pref/users.php
git.wh0rd.org / tt-rss.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
pre-users: disallow renaming admin user
[tt-rss.git] / classes / pref / users.php
diff --git a/classes/pref/users.php b/classes/pref/users.php
index d483c771b4532b87803baa6b303c03f815264044..164935b234533db0d773f06734fcc93a2819bdb5 100644 (file)
--- a/classes/pref/users.php
+++ b/classes/pref/users.php
@@ -12,14 +12,98 @@ class Pref_Users extends Handler_Protected {
                }
 
                function csrf_ignore($method) {
-                       $csrf_ignored = array("index");
+                       $csrf_ignored = array("index", "edit", "userdetails");
 
                        return array_search($method, $csrf_ignored) !== false;
                }
 
-               function userdetails() {
+               function edit() {
+                       global $access_level_names;
+
+                       print '<div dojoType="dijit.layout.TabContainer" style="height : 400px">
+                       <div dojoType="dijit.layout.ContentPane" title="'.__('Edit user').'">';
+
+                       print "<form id=\"user_edit_form\" onsubmit='return false' dojoType=\"dijit.form.Form\">";
+
+                       $id = (int) $this->dbh->escape_string($_REQUEST["id"]);
+
+                       print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$id\">";
+                       print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-users\">";
+                       print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"editSave\">";
+
+                       $result = $this->dbh->query("SELECT * FROM ttrss_users WHERE id = '$id'");
+
+                       $login = $this->dbh->fetch_result($result, 0, "login");
+                       $access_level = $this->dbh->fetch_result($result, 0, "access_level");
+                       $email = $this->dbh->fetch_result($result, 0, "email");
+
+                       $sel_disabled = ($id == $_SESSION["uid"] || $login == "admin") ? "disabled" : "";
+
+                       print "<div class=\"dlgSec\">".__("User")."</div>";
+                       print "<div class=\"dlgSecCont\">";
+
+                       if ($sel_disabled) {
+                               print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"login\" value=\"$login\">";
+                       }
+
+                       print "<input size=\"30\" style=\"font-size : 16px\"
+                               dojoType=\"dijit.form.ValidationTextBox\" required=\"1\"
+                               $sel_disabled
+                               name=\"login\" value=\"$login\">";
+
+                       print "</div>";
+
+                       print "<div class=\"dlgSec\">".__("Authentication")."</div>";
+                       print "<div class=\"dlgSecCont\">";
+
+                       print __('Access level: ') . " ";
+
+                       if (!$sel_disabled) {
+                               print_select_hash("access_level", $access_level, $access_level_names,
+                                       "dojoType=\"dijit.form.Select\" $sel_disabled");
+                       } else {
+                               print_select_hash("", $access_level, $access_level_names,
+                                       "dojoType=\"dijit.form.Select\" $sel_disabled");
+                               print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"access_level\" value=\"$access_level\">";
+                       }
+
+                       print "<hr/>";
+
+                       print "<input dojoType=\"dijit.form.TextBox\" type=\"password\" size=\"20\" placeholder=\"Change password\"
+                               name=\"password\">";
+
+                       print "</div>";
 
-                       $uid = sprintf("%d", $_REQUEST["id"]);
+                       print "<div class=\"dlgSec\">".__("Options")."</div>";
+                       print "<div class=\"dlgSecCont\">";
+
+                       print "<input dojoType=\"dijit.form.TextBox\" size=\"30\" name=\"email\" placeholder=\"E-mail\"
+                               value=\"$email\">";
+
+                       print "</div>";
+
+                       print "</table>";
+
+                       print "</form>";
+
+                       print '</div>'; #tab
+                       print "<div href=\"backend.php?op=pref-users&method=userdetails&id=$id\"
+                               dojoType=\"dijit.layout.ContentPane\" title=\"".__('User details')."\">";
+
+                       print '</div>';
+                       print '</div>';
+
+                       print "<div class=\"dlgButtons\">
+                               <button dojoType=\"dijit.form.Button\" type=\"submit\">".
+                               __('Save')."</button>
+                               <button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('userEditDlg').hide()\">".
+                               __('Cancel')."</button></div>";
+
+                       return;
+               }
+
+               function userdetails() {
+                       $id = (int) $this->dbh->escape_string($_REQUEST["id"]);
 
                        $result = $this->dbh->query("SELECT login,
                                ".SUBSTRING_FOR_DATE."(last_login,1,16) AS last_login,
@@ -28,17 +112,13 @@ class Pref_Users extends Handler_Protected {
                                        WHERE owner_uid = id) AS stored_articles,
                                ".SUBSTRING_FOR_DATE."(created,1,16) AS created
                                FROM ttrss_users
-                               WHERE id = '$uid'");
+                               WHERE id = '$id'");
 
                        if ($this->dbh->num_rows($result) == 0) {
                                print "<h1>".__('User not found')."</h1>";
                                return;
                        }
 
-                       // print "<h1>User Details</h1>";
-
-                       $login = $this->dbh->fetch_result($result, 0, "login");
-
                        print "<table width='100%'>";
 
                        $last_login = make_local_datetime(
@@ -47,30 +127,28 @@ class Pref_Users extends Handler_Protected {
                        $created = make_local_datetime(
                                $this->dbh->fetch_result($result, 0, "created"), true);
 
-                       $access_level = $this->dbh->fetch_result($result, 0, "access_level");
                        $stored_articles = $this->dbh->fetch_result($result, 0, "stored_articles");
 
                        print "<tr><td>".__('Registered')."</td><td>$created</td></tr>";
                        print "<tr><td>".__('Last logged in')."</td><td>$last_login</td></tr>";
 
                        $result = $this->dbh->query("SELECT COUNT(id) as num_feeds FROM ttrss_feeds
-                               WHERE owner_uid = '$uid'");
+                               WHERE owner_uid = '$id'");
 
                        $num_feeds = $this->dbh->fetch_result($result, 0, "num_feeds");
 
                        print "<tr><td>".__('Subscribed feeds count')."</td><td>$num_feeds</td></tr>";
+                       print "<tr><td>".__('Stored articles')."</td><td>$stored_articles</td></tr>";
 
                        print "</table>";
 
                        print "<h1>".__('Subscribed feeds')."</h1>";
 
                        $result = $this->dbh->query("SELECT id,title,site_url FROM ttrss_feeds
-                               WHERE owner_uid = '$uid' ORDER BY title");
+                               WHERE owner_uid = '$id' ORDER BY title");
 
                        print "<ul class=\"userFeedList\">";
 
-                       $row_class = "odd";
-
                        while ($line = $this->dbh->fetch_assoc($result)) {
 
                                $icon_file = ICONS_URL."/".$line["id"].".ico";
@@ -81,9 +159,7 @@ class Pref_Users extends Handler_Protected {
                                        $feed_icon = "<img class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\">";
                                }
 
-                               print "<li class=\"$row_class\">$feed_icon&nbsp;<a href=\"".$line["site_url"]."\">".$line["title"]."</a></li>";
-
-                               $row_class = $row_class == "even" ? "odd" : "even";
+                               print "<li>$feed_icon&nbsp;<a href=\"".$line["site_url"]."\">".$line["title"]."</a></li>";
 
                        }
 
@@ -94,90 +170,6 @@ class Pref_Users extends Handler_Protected {
                        }
 
                        print "</ul>";
-
-                       print "<div align='center'>
-                               <button onclick=\"closeInfoBox()\">".__("Close this window").
-                               "</button></div>";
-
-                       return;
-               }
-
-               function edit() {
-                       global $access_level_names;
-
-                       $id = $this->dbh->escape_string($_REQUEST["id"]);
-                       print "<form id=\"user_edit_form\" onsubmit='return false'>";
-
-                       print "<input type=\"hidden\" name=\"id\" value=\"$id\">";
-                       print "<input type=\"hidden\" name=\"op\" value=\"pref-users\">";
-                       print "<input type=\"hidden\" name=\"method\" value=\"editSave\">";
-
-                       $result = $this->dbh->query("SELECT * FROM ttrss_users WHERE id = '$id'");
-
-                       $login = $this->dbh->fetch_result($result, 0, "login");
-                       $access_level = $this->dbh->fetch_result($result, 0, "access_level");
-                       $email = $this->dbh->fetch_result($result, 0, "email");
-
-                       $sel_disabled = ($id == $_SESSION["uid"]) ? "disabled" : "";
-
-                       print "<div class=\"dlgSec\">".__("User")."</div>";
-                       print "<div class=\"dlgSecCont\">";
-
-                       if ($sel_disabled) {
-                               print "<input type=\"hidden\" name=\"login\" value=\"$login\">";
-                               print "<input size=\"30\" style=\"font-size : 16px\"
-                                       onkeypress=\"return filterCR(event, userEditSave)\" $sel_disabled
-                                       value=\"$login\">";
-                       } else {
-                               print "<input size=\"30\" style=\"font-size : 16px\"
-                                       onkeypress=\"return filterCR(event, userEditSave)\" $sel_disabled
-                                       name=\"login\" value=\"$login\">";
-                       }
-
-                       print "</div>";
-
-                       print "<div class=\"dlgSec\">".__("Authentication")."</div>";
-                       print "<div class=\"dlgSecCont\">";
-
-                       print __('Access level: ') . " ";
-
-                       if (!$sel_disabled) {
-                               print_select_hash("access_level", $access_level, $access_level_names,
-                                       $sel_disabled);
-                       } else {
-                               print_select_hash("", $access_level, $access_level_names,
-                                       $sel_disabled);
-                               print "<input type=\"hidden\" name=\"access_level\" value=\"$access_level\">";
-                       }
-
-                       print "<br/>";
-
-                       print __('Change password to') .
-                               " <input type=\"password\" size=\"20\" onkeypress=\"return filterCR(event, userEditSave)\"
-                               name=\"password\">";
-
-                       print "</div>";
-
-                       print "<div class=\"dlgSec\">".__("Options")."</div>";
-                       print "<div class=\"dlgSecCont\">";
-
-                       print __('E-mail: ').
-                               " <input size=\"30\" name=\"email\" onkeypress=\"return filterCR(event, userEditSave)\"
-                               value=\"$email\">";
-
-                       print "</div>";
-
-                       print "</table>";
-
-                       print "</form>";
-
-                       print "<div class=\"dlgButtons\">
-                               <button onclick=\"return userEditSave()\">".
-                                       __('Save')."</button>
-                               <button onclick=\"return userEditCancel()\">".
-                                       __('Cancel')."</button></div>";
-
-                       return;
                }
 
                function editSave() {
@@ -252,9 +244,9 @@ class Pref_Users extends Handler_Protected {
                        }
                }
 
-               static function resetUserPassword($link, $uid, $show_password) {
+               static function resetUserPassword($uid, $show_password) {
 
-                       $result = db_query($link, "SELECT login,email
+                       $result = db_query("SELECT login,email
                                FROM ttrss_users WHERE id = '$uid'");
 
                        $login = db_fetch_result($result, 0, "login");
@@ -266,7 +258,7 @@ class Pref_Users extends Handler_Protected {
 
                        $pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true);
 
-                       db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt'
+                       db_query("UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt', otp_enabled = false
                                WHERE id = '$uid'");
 
                        if ($show_password) {
@@ -328,7 +320,7 @@ class Pref_Users extends Handler_Protected {
                        print "<div style='float : right; padding-right : 4px;'>
                                <input dojoType=\"dijit.form.TextBox\" id=\"user_search\" size=\"20\" type=\"search\"
                                        value=\"$user_search\">
-                               <button dojoType=\"dijit.form.Button\" onclick=\"javascript:updateUsersList()\">".
+                               <button dojoType=\"dijit.form.Button\" onclick=\"updateUsersList()\">".
                                        __('Search')."</button>
                                </div>";
 
@@ -347,18 +339,19 @@ class Pref_Users extends Handler_Protected {
                                dojoType=\"dijit.MenuItem\">".__('None')."</div>";
                        print "</div></div>";
 
-                       print "<button dojoType=\"dijit.form.Button\" onclick=\"javascript:addUser()\">".__('Create user')."</button>";
+                       print "<button dojoType=\"dijit.form.Button\" onclick=\"addUser()\">".__('Create user')."</button>";
 
                        print "
-                               <button dojoType=\"dijit.form.Button\" onclick=\"javascript:selectedUserDetails()\">".
-                               __('Details')."</button dojoType=\"dijit.form.Button\">
-                               <button dojoType=\"dijit.form.Button\" onclick=\"javascript:editSelectedUser()\">".
+                               <button dojoType=\"dijit.form.Button\" onclick=\"editSelectedUser()\">".
                                __('Edit')."</button dojoType=\"dijit.form.Button\">
-                               <button dojoType=\"dijit.form.Button\" onclick=\"javascript:removeSelectedUsers()\">".
+                               <button dojoType=\"dijit.form.Button\" onclick=\"removeSelectedUsers()\">".
                                __('Remove')."</button dojoType=\"dijit.form.Button\">
-                               <button dojoType=\"dijit.form.Button\" onclick=\"javascript:resetSelectedUserPass()\">".
+                               <button dojoType=\"dijit.form.Button\" onclick=\"resetSelectedUserPass()\">".
                                __('Reset password')."</button dojoType=\"dijit.form.Button\">";
 
+                       PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION,
+                               "hook_prefs_tab_section", "prefUsersToolbar");
+
                        print "</div>"; #toolbar
                        print "</div>"; #pane
                        print "<div id=\"pref-user-content\" dojoType=\"dijit.layout.ContentPane\" region=\"center\">";
@@ -382,14 +375,16 @@ class Pref_Users extends Handler_Protected {
                        }
 
                        $result = $this->dbh->query("SELECT
-                                       id,login,access_level,email,
+                                       tu.id,
+                                       login,access_level,email,
                                        ".SUBSTRING_FOR_DATE."(last_login,1,16) as last_login,
-                                       ".SUBSTRING_FOR_DATE."(created,1,16) as created
+                                       ".SUBSTRING_FOR_DATE."(created,1,16) as created,
+                                       (SELECT COUNT(id) FROM ttrss_feeds WHERE owner_uid = tu.id) AS num_feeds
                                FROM
-                                       ttrss_users
+                                       ttrss_users tu
                                WHERE
                                        $user_search_query
-                                       id > 0
+                                       tu.id > 0
                                ORDER BY $sort");
 
                        if ($this->dbh->num_rows($result) > 0) {
@@ -399,8 +394,9 @@ class Pref_Users extends Handler_Protected {
 
                        print "<tr class=\"title\">
                                                <td align='center' width=\"5%\">&nbsp;</td>
-                                               <td width='30%'><a href=\"#\" onclick=\"updateUsersList('login')\">".__('Login')."</a></td>
-                                               <td width='30%'><a href=\"#\" onclick=\"updateUsersList('access_level')\">".__('Access Level')."</a></td>
+                                               <td width='20%'><a href=\"#\" onclick=\"updateUsersList('login')\">".__('Login')."</a></td>
+                                               <td width='20%'><a href=\"#\" onclick=\"updateUsersList('access_level')\">".__('Access Level')."</a></td>
+                                               <td width='10%'><a href=\"#\" onclick=\"updateUsersList('num_feeds')\">".__('Subscribed feeds')."</a></td>
                                                <td width='20%'><a href=\"#\" onclick=\"updateUsersList('created')\">".__('Registered')."</a></td>
                                                <td width='20%'><a href=\"#\" onclick=\"updateUsersList('last_login')\">".__('Last login')."</a></td></tr>";
 
@@ -408,8 +404,6 @@ class Pref_Users extends Handler_Protected {
 
                        while ($line = $this->dbh->fetch_assoc($result)) {
 
-                               $class = ($lnum % 2) ? "even" : "odd";
-
                                $uid = $line["id"];
 
                                print "<tr id=\"UMRR-$uid\">";
@@ -425,11 +419,12 @@ class Pref_Users extends Handler_Protected {
 
                                $onclick = "onclick='editUser($uid, event)' title='".__('Click to edit')."'";
 
-                               print "<td $onclick>" . $line["login"] . "</td>";
+                               print "<td $onclick><img src='images/user.png' class='markedPic' alt=''> " . $line["login"] . "</td>";
 
                                if (!$line["email"]) $line["email"] = "&nbsp;";
 
                                print "<td $onclick>" . $access_level_names[$line["access_level"]] . "</td>";
+                               print "<td $onclick>" . $line["num_feeds"] . "</td>";
                                print "<td $onclick>" . $line["created"] . "</td>";
                                print "<td $onclick>" . $line["last_login"] . "</td>";
 
@@ -453,8 +448,7 @@ class Pref_Users extends Handler_Protected {
 
                        print "</div>"; #pane
 
-                       global $pluginhost;
-                       $pluginhost->run_hooks($pluginhost::HOOK_PREFS_TAB,
+                       PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB,
                                "hook_prefs_tab", "prefUsers");
 
                        print "</div>"; #container
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/