disable OTP on user password reset

[tt-rss.git] / classes / pref / users.php

diff --git a/classes/pref/users.php b/classes/pref/users.php
index db6dc0d684a7ab5081e7e84f32fe54226bf46777..a5d48ac96ea8fa97b4676684ae67f950b0b3816c 100644 (file)
--- a/classes/pref/users.php
+++ b/classes/pref/users.php
@@ -12,7 +12,7 @@ class Pref_Users extends Handler_Protected {
                }
 
                function csrf_ignore($method) {
-                       $csrf_ignored = array("index", "edit");
+                       $csrf_ignored = array("index", "edit", "userdetails");
 
                        return array_search($method, $csrf_ignored) !== false;
                }
@@ -92,7 +92,7 @@ class Pref_Users extends Handler_Protected {
                        print "</ul>";
 
                        print "<div align='center'>
-                               <button onclick=\"closeInfoBox()\">".__("Close this window").
+                               <button dojoType=\"dijit.form.Button\" type=\"submit\">".__("Close this window").
                                "</button></div>";
 
                        return;
@@ -146,7 +146,7 @@ class Pref_Users extends Handler_Protected {
 
                        print "<hr/>";
 
-                       print "<input dojoType=\"dijit.form.TextBox\" type=\"password\" size=\"20\" onkeypress=\"return filterCR(event, userEditSave)\" placeholder=\"Change password to\"
+                       print "<input dojoType=\"dijit.form.TextBox\" type=\"password\" size=\"20\" onkeypress=\"return filterCR(event, userEditSave)\" placeholder=\"Change password\"
                                name=\"password\">";
 
                        print "</div>";
@@ -154,7 +154,7 @@ class Pref_Users extends Handler_Protected {
                        print "<div class=\"dlgSec\">".__("Options")."</div>";
                        print "<div class=\"dlgSecCont\">";
 
-                       print "<input dojoType=\"dijit.form.TextBox\" size=\"30\" name=\"email\" onkeypress=\"return filterCR(event, userEditSave)\" placeholder=\"Email\"
+                       print "<input dojoType=\"dijit.form.TextBox\" size=\"30\" name=\"email\" onkeypress=\"return filterCR(event, userEditSave)\" placeholder=\"E-mail\"
                                value=\"$email\">";
 
                        print "</div>";
@@ -258,7 +258,7 @@ class Pref_Users extends Handler_Protected {
 
                        $pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true);
 
-                       db_query("UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt'
+                       db_query("UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt', otp_enabled = false
                                WHERE id = '$uid'");
 
                        if ($show_password) {
@@ -320,7 +320,7 @@ class Pref_Users extends Handler_Protected {
                        print "<div style='float : right; padding-right : 4px;'>
                                <input dojoType=\"dijit.form.TextBox\" id=\"user_search\" size=\"20\" type=\"search\"
                                        value=\"$user_search\">
-                               <button dojoType=\"dijit.form.Button\" onclick=\"javascript:updateUsersList()\">".
+                               <button dojoType=\"dijit.form.Button\" onclick=\"updateUsersList()\">".
                                        __('Search')."</button>
                                </div>";
 
@@ -339,16 +339,16 @@ class Pref_Users extends Handler_Protected {
                                dojoType=\"dijit.MenuItem\">".__('None')."</div>";
                        print "</div></div>";
 
-                       print "<button dojoType=\"dijit.form.Button\" onclick=\"javascript:addUser()\">".__('Create user')."</button>";
+                       print "<button dojoType=\"dijit.form.Button\" onclick=\"addUser()\">".__('Create user')."</button>";
 
                        print "
-                               <button dojoType=\"dijit.form.Button\" onclick=\"javascript:selectedUserDetails()\">".
+                               <button dojoType=\"dijit.form.Button\" onclick=\"selectedUserDetails()\">".
                                __('Details')."</button dojoType=\"dijit.form.Button\">
-                               <button dojoType=\"dijit.form.Button\" onclick=\"javascript:editSelectedUser()\">".
+                               <button dojoType=\"dijit.form.Button\" onclick=\"editSelectedUser()\">".
                                __('Edit')."</button dojoType=\"dijit.form.Button\">
-                               <button dojoType=\"dijit.form.Button\" onclick=\"javascript:removeSelectedUsers()\">".
+                               <button dojoType=\"dijit.form.Button\" onclick=\"removeSelectedUsers()\">".
                                __('Remove')."</button dojoType=\"dijit.form.Button\">
-                               <button dojoType=\"dijit.form.Button\" onclick=\"javascript:resetSelectedUserPass()\">".
+                               <button dojoType=\"dijit.form.Button\" onclick=\"resetSelectedUserPass()\">".
                                __('Reset password')."</button dojoType=\"dijit.form.Button\">";
 
                        PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION,
@@ -418,7 +418,7 @@ class Pref_Users extends Handler_Protected {
 
                                $onclick = "onclick='editUser($uid, event)' title='".__('Click to edit')."'";
 
-                               print "<td $onclick>" . $line["login"] . "</td>";
+                               print "<td $onclick><img src='images/user.png' class='markedPic' alt=''> " . $line["login"] . "</td>";
 
                                if (!$line["email"]) $line["email"] = "&nbsp;";