X-Git-Url: https://git.wh0rd.org/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fpref-users.php;h=b75d5b76fb5101529cc62d4101cee2fe07a052e7;hb=8ffd20110ee28ca87ff29da193fdb63ca2e0c2ea;hp=3398f8acf6c876d5a112eeffceb8d7d905d1eb38;hpb=fe7537b5dd0449a074cd0e7f2daefae21e78d16f;p=tt-rss.git diff --git a/modules/pref-users.php b/modules/pref-users.php index 3398f8ac..b75d5b76 100644 --- a/modules/pref-users.php +++ b/modules/pref-users.php @@ -8,15 +8,18 @@ return; } - $subop = $_GET["subop"]; + $subop = $_REQUEST["subop"]; if ($subop == "user-details") { - $uid = sprintf("%d", $_GET["id"]); + header("Content-Type: text/xml"); + print ""; - print "
User details
"; + $uid = sprintf("%d", $_REQUEST["id"]); - print "
"; + print "".__('User details').""; + + print "User not found"; + print "

".__('User not found')."

"; return; } @@ -36,34 +39,20 @@ $login = db_fetch_result($result, 0, "login"); - // print "

$login

"; - print ""; - $last_login = date(get_pref($link, 'LONG_DATE_FORMAT'), - strtotime(db_fetch_result($result, 0, "last_login"))); + $last_login = make_local_datetime($link, + db_fetch_result($result, 0, "last_login"), true); - $created = date(get_pref($link, 'LONG_DATE_FORMAT'), - strtotime(db_fetch_result($result, 0, "created"))); + $created = make_local_datetime($link, + db_fetch_result($result, 0, "created"), true); $access_level = db_fetch_result($result, 0, "access_level"); $stored_articles = db_fetch_result($result, 0, "stored_articles"); - // print ""; - // print ""; print ""; print ""; -/* $result = db_query($link, "SELECT - SUM(LENGTH(content)) AS db_size - FROM ttrss_user_entries,ttrss_entries - WHERE owner_uid = '$uid' AND ref_id = id"); - - $db_size = round(db_fetch_result($result, 0, "db_size") / 1024); - - print ""; */ - $result = db_query($link, "SELECT COUNT(id) as num_feeds FROM ttrss_feeds WHERE owner_uid = '$uid'"); @@ -107,21 +96,23 @@ print ""; print "
-
"; + "; - print ""; + print "]]>"; return; } if ($subop == "edit") { - $id = db_escape_string($_GET["id"]); + header("Content-Type: text/xml"); - print "
".__('User Editor')."
"; - - print "
"; + $id = db_escape_string($_REQUEST["id"]); + + print ""; + print "".__('User Editor').""; + print ""; @@ -140,12 +131,15 @@ print "
".__("User")."
"; print "
"; - print ""; - if ($sel_disabled) { print ""; + print ""; + } else { + print ""; } print "
"; @@ -155,8 +149,14 @@ print __('Access level: ') . " "; - print_select_hash("access_level", $access_level, $access_level_names, - $sel_disabled); + if (!$sel_disabled) { + print_select_hash("access_level", $access_level, $access_level_names, + $sel_disabled); + } else { + print_select_hash("", $access_level, $access_level_names, + $sel_disabled); + print ""; + } print "
"; @@ -178,34 +178,32 @@ print "
Username$login
Access level$access_level
".__('Registered')."$created
".__('Last logged in')."$last_login
".__('Stored articles'). - "$stored_articles (${db_size}K)
"; print ""; - + print "
- -
"; + +
"; - print ""; + print "]]>"; return; } if ($subop == "editSave") { - if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { + if ($_SESSION["access_level"] >= 10) { - $login = db_escape_string(trim($_GET["login"])); - $uid = db_escape_string($_GET["id"]); - $access_level = (int) $_GET["access_level"]; - $email = db_escape_string(trim($_GET["email"])); - $password = db_escape_string(trim($_GET["password"])); + $login = db_escape_string(trim($_REQUEST["login"])); + $uid = db_escape_string($_REQUEST["id"]); + $access_level = (int) $_REQUEST["access_level"]; + $email = db_escape_string(trim($_REQUEST["email"])); + $password = db_escape_string(trim($_REQUEST["password"])); if ($password) { $pwd_hash = encrypt_password($password, $login); $pass_query_part = "pwd_hash = '$pwd_hash', "; - print_notice(T_sprintf('Changed password of user %s.', $login)); + $status_msg = format_notice(T_sprintf('Changed password of user %s.', $login)); } else { $pass_query_part = ""; } @@ -218,10 +216,10 @@ if ($_SESSION["access_level"] >= 10) { - $ids = split(",", db_escape_string($_GET["ids"])); + $ids = split(",", db_escape_string($_REQUEST["ids"])); foreach ($ids as $id) { - if ($id != $_SESSION["uid"]) { + if ($id != $_SESSION["uid"] && $id != 1) { db_query($link, "DELETE FROM ttrss_tags WHERE owner_uid = '$id'"); db_query($link, "DELETE FROM ttrss_feeds WHERE owner_uid = '$id'"); db_query($link, "DELETE FROM ttrss_users WHERE id = '$id'"); @@ -232,7 +230,7 @@ if ($_SESSION["access_level"] >= 10) { - $login = db_escape_string(trim($_GET["login"])); + $login = db_escape_string(trim($_REQUEST["login"])); $tmp_user_pwd = make_password(8); $pwd_hash = encrypt_password($tmp_user_pwd, $login); @@ -253,25 +251,25 @@ $new_uid = db_fetch_result($result, 0, "id"); - print_notice(T_sprintf("Added user %s with password %s", + $status_msg = format_notice(T_sprintf("Added user %s with password %s", $login, $tmp_user_pwd)); initialize_user($link, $new_uid); } else { - print_warning(T_sprintf("Could not create user %s", $login)); + $status_msg = format_warning(T_sprintf("Could not create user %s", $login)); } } else { - print_warning(T_sprintf("User %s already exists.", $login)); + $status_msg = format_warning(T_sprintf("User %s already exists.", $login)); } } } else if ($subop == "resetPass") { - if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { + if ($_SESSION["access_level"] >= 10) { - $uid = db_escape_string($_GET["id"]); + $uid = db_escape_string($_REQUEST["id"]); $result = db_query($link, "SELECT login,email FROM ttrss_users WHERE id = '$uid'"); @@ -284,11 +282,11 @@ db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash' WHERE id = '$uid'"); - print_notice(T_sprintf("Changed password of user %s + $status_msg = format_notice(T_sprintf("Changed password of user %s to %s", $login, $tmp_user_pwd)); if ($email) { - print_notice(T_sprintf("Notifying %s.", $email)); + $status_msg += format_notice(T_sprintf("Notifying %s.", $email)); require_once "lib/MiniTemplator.class.php"; @@ -349,43 +347,72 @@ } } - set_pref($link, "_PREFS_ACTIVE_TAB", "userConfig"); + print "
"; + print "
"; + + print "
"; - $user_search = db_escape_string($_GET["search"]); + $user_search = db_escape_string($_REQUEST["search"]); - if (array_key_exists("search", $_GET)) { + if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_user_search"] = $user_search; } else { $user_search = $_SESSION["prefs_user_search"]; } - print "
- + - +
"; - $sort = db_escape_string($_GET["sort"]); + $sort = db_escape_string($_REQUEST["sort"]); if (!$sort || $sort == "undefined") { $sort = "login"; } - print "
-  "; - - print "
"; + print "
". + "" . __('Select').""; + print "
"; + print "
".__('All')."
"; + print "
".__('None')."
"; + print "
"; + + print ""; + + print " + + + + "; + + print "
"; #toolbar + print "
"; #pane + print "
"; + print "

$status_msg"; if ($user_search) { - $user_search_query = "UPPER(login) LIKE UPPER('%$user_search%') AND"; + + $user_search = split(" ", $user_search); + $tokens = array(); + + foreach ($user_search as $token) { + $token = trim($token); + array_push($tokens, "(UPPER(login) LIKE UPPER('%$token%'))"); + } + + $user_search_query = "(" . join($tokens, " AND ") . ") AND "; + } else { $user_search_query = ""; } @@ -403,23 +430,15 @@ if (db_num_rows($result) > 0) { -// print "

PLACEHOLDER
"; - print "

"; - print " - - - - "; + + + + "; $lnum = 0; @@ -428,10 +447,10 @@ $class = ($lnum % 2) ? "even" : "odd"; $uid = $line["id"]; - $edit_uid = $_GET["id"]; + $edit_uid = $_REQUEST["id"]; if ($subop == "edit" && $uid != $edit_uid) { - $class .= "Grayed"; + $class .= " Grayed"; $this_row_id = ""; } else { $this_row_id = "id=\"UMRR-$uid\""; @@ -441,23 +460,13 @@ $line["login"] = htmlspecialchars($line["login"]); -# $line["last_login"] = date(get_pref($link, 'SHORT_DATE_FORMAT'), -# strtotime($line["last_login"])); - - if (get_pref($link, 'HEADLINES_SMART_DATE')) { - $line["last_login"] = smart_date_time(strtotime($line["last_login"])); - $line["created"] = smart_date_time(strtotime($line["created"])); - } else { - $line["last_login"] = date(get_pref($link, 'SHORT_DATE_FORMAT'), - strtotime($line["last_login"])); - $line["created"] = date(get_pref($link, 'SHORT_DATE_FORMAT'), - strtotime($line["created"])); - } + $line["created"] = make_local_datetime($link, $line["created"], false); + $line["last_login"] = make_local_datetime($link, $line["last_login"], false); - print ""; - $onclick = "onclick='editUser($uid)' title='".__('Click to edit')."'"; + $onclick = "onclick='editUser($uid, event)' title='".__('Click to edit')."'"; print ""; @@ -474,28 +483,19 @@ print "
- ".__('Select:')." - ".__('All').", - ".__('None')." - "; - print "
 ".__('Login')."".__('Access Level')."".__('Registered')."".__('Last login')."
".__('Login')."".__('Access Level')."".__('Registered')."".__('Last login')."
" . $line["login"] . "
"; - print "

"; - - print " - - - - "; - } else { print "

"; if (!$user_search) { - print __('No users defined.'); + print_warning(__('No users defined.')); } else { - print __('No matching users found.'); + print_warning(__('No matching users found.')); } print "

"; } + print "
"; #pane + print "
"; #container + } ?>