]> git.wh0rd.org Git - tt-rss.git/commitdiff
user editor improved, some form parameter validation reimplemented for prototyped...
authorAndrew Dolgov <fox@bah.spb.su>
Sat, 20 May 2006 14:26:00 +0000 (15:26 +0100)
committerAndrew Dolgov <fox@bah.spb.su>
Sat, 20 May 2006 14:26:00 +0000 (15:26 +0100)
backend.php
prefs.js

index d203af3fa8786ca17d856775e422b9a1a0038e19..745a1a13269a4f640a3c492427ef4494992e5c75 100644 (file)
                1440 => "Daily",
                10080 => "Weekly");
 
+       $access_level_names = array(
+               0 => "User", 
+               10 => "Administrator");
+
        $script_started = getmicrotime();
 
        $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); 
                
                                        $edit_cat_id = $_GET["id"];
                
-                                       if ($subop == "editCat") {
-                                               if ($cat_id != $edit_cat_id) {
+                                       if ($subop == "editCat" && $cat_id != $edit_cat_id) {
                                                        $class .= "Grayed";
                                                        $this_row_id = "";
-                                               } else {
-                                                       $class .= "Selected";
-                                               }
                                        } else {
                                                $this_row_id = "id=\"FCATR-$cat_id\"";
                                        }
 
                }
 
-               if ($id == "quickDelFeed") {
-
-                       $param = db_escape_string($param);
-
-                       $result = db_query($link, "SELECT title FROM ttrss_feeds WHERE id = '$param'");
-
-                       if ($result) {
-
-                               $f_title = db_fetch_result($result, 0, "title");
-               
-                               print "Remove current feed (<b>$f_title</b>)?&nbsp;
-                               <input class=\"button\"
-                                       type=\"submit\" onclick=\"javascript:qfdDelete($param)\" value=\"Remove\">
-                               <input class=\"button\"
-                                       type=\"submit\" onclick=\"javascript:closeInfoBox()\" 
-                                       value=\"Cancel\">";
-                       } else {
-                               print "Error: Feed $param not found.&nbsp;
-                               <input class=\"button\"
-                                       type=\"submit\" onclick=\"javascript:closeInfoBox()\" 
-                                       value=\"Cancel\">";             
-                       }
-               }
-
                if ($id == "search") {
 
                        print "<div id=\"infoBoxTitle\">Search</div>";
 
                $subop = $_GET["subop"];
 
+               if ($subop == "edit") {
+
+                       $id = db_escape_string($_GET["id"]);
+
+                       print "<div id=\"infoBoxTitle\">User editor</div>";
+                       
+                       print "<div class=\"infoBoxContents\">";
+
+                       print "<form id=\"user_edit_form\">";
+
+                       print "<input type=\"hidden\" name=\"id\" value=\"$id\">";
+                       print "<input type=\"hidden\" name=\"op\" value=\"pref-users\">";
+                       print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">";
+
+                       $result = db_query($link, "SELECT * FROM ttrss_users WHERE id = '$id'");
+
+                       $login = db_fetch_result($result, 0, "login");
+                       $access_level = db_fetch_result($result, 0, "access_level");
+                       $email = db_fetch_result($result, 0, "email");
+
+                       print "<table width='100%'>";
+                       print "<tr><td>Login:</td><td>
+                               <input class=\"iedit\" name=\"login\" value=\"$login\"></td></tr>";
+
+                       print "<tr><td>Change password:</td><td>
+                               <input class=\"iedit\" name=\"password\"></td></tr>";
+
+                       print "<tr><td>E-mail:</td><td>
+                               <input class=\"iedit\" name=\"email\" value=\"$email\"></td></tr>";
+
+                       $sel_disabled = ($id == $_SESSION["uid"]) ? "disabled" : "";
+                               
+                       print "<tr><td>Access level:</td><td>";
+                       print_select_hash("access_level", $access_level, $access_level_names, 
+                               $sel_disabled);
+                       print "</td></tr>";
+
+                       print "</table>";
+
+                       print "</form>";
+                       
+                       print "<div align='right'>
+                               <input class=\"button\"
+                                       type=\"submit\" onclick=\"javascript:userEditSave()\" value=\"Save\">
+                               <input class=\"button\"
+                                       type=\"submit\" onclick=\"javascript:userEditCancel()\" 
+                                       value=\"Cancel\"></div>";
+
+                       print "</div>";
+
+                       return;
+               }
+
                if ($subop == "editSave") {
        
-                       if (!WEB_DEMO_MODE) {
+                       if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
 
-                               $login = db_escape_string($_GET["l"]);
+                               $login = db_escape_string(trim($_GET["login"]));
                                $uid = db_escape_string($_GET["id"]);
-                               $access_level = sprintf("%d", $_GET["al"]);
-                               $email = db_escape_string($_GET["e"]);
+                               $access_level = sprintf("%d", $_GET["access_level"]);
+                               $email = db_escape_string(trim($_GET["email"]));
+                               $password = db_escape_string(trim($_GET["password"]));
+
+                               if ($password) {
+                                       $pwd_hash = 'SHA1:' . sha1($password);
+                                       $pass_query_part = "pwd_hash = '$pwd_hash', ";                                  
+                                       print "<div class='notice'>Changed password for user <b>$login</b>.</div>";
+                               } else {
+                                       $pass_query_part = "";
+                               }
 
-                               db_query($link, "UPDATE ttrss_users SET login = '$login', 
+                               db_query($link, "UPDATE ttrss_users SET $pass_query_part login = '$login', 
                                        access_level = '$access_level', email = '$email' WHERE id = '$uid'");
 
                        }
 
                print "<tr class=\"title\">
                                        <td align='center' width=\"5%\">&nbsp;</td>
-                                       <td width='20%'>Login</td>
-                                       <td width='20%'>E-mail</td>
-                                       <td width='20%'>Access Level</td>
-                                       <td width='20%'>Last login</td></tr>";
+                                       <td width='40%'>Login</td>
+                                       <td width='40%'>Access Level</td>
+                                       <td width='30%'>Last login</td></tr>";
                
                $lnum = 0;
                
 
                        $access_level_names = array(0 => "User", 10 => "Administrator");
 
-                       if (!$edit_uid || $subop != "edit") {
+//                     if (!$edit_uid || $subop != "edit") {
 
                                print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"user\");' 
                                type=\"checkbox\" id=\"UMCHK-$uid\"></td>";
 
                                if (!$line["email"]) $line["email"] = "&nbsp;";
 
-                               print "<td><a href=\"javascript:editUser($uid);\">" . 
-                                       $line["email"] . "</td>";                       
-
                                print "<td><a href=\"javascript:editUser($uid);\">" . 
                                        $access_level_names[$line["access_level"]] . "</td>";                   
 
-                       } else if ($uid != $edit_uid) {
+/*                     } else if ($uid != $edit_uid) {
 
                                if (!$line["email"]) $line["email"] = "&nbsp;";
 
                                print "</select>";
                                print "</td>";
 
-                       }
+                       } */
                                
                        print "<td>".$line["last_login"]."</td>";               
                
 
                print "<p id='userOpToolbar'>";
 
-               if ($subop == "edit") {
+/*             if ($subop == "edit") {
                        print "Edit user:
                                <input type=\"submit\" class=\"button\" 
                                        onclick=\"javascript:userEditSave()\" value=\"Save\">
                                <input type=\"submit\" class=\"button\" 
                                        onclick=\"javascript:userEditCancel()\" value=\"Cancel\">";
                                        
-               } else {
+               } else { */
 
                        print "
                                Selection:
                        <input type=\"submit\" class=\"button\" disabled=\"true\"
                                onclick=\"javascript:resetSelectedUserPass()\" value=\"Reset password\">";
 
-               }
+//             }
        }
 
        if ($op == "user-details") {
index 23830cee74cb8a853bb75b46a44d23b5a8c96e6f..00ba1a62bed8095bbf4f497b59f1c5d629b7c4b6 100644 (file)
--- a/prefs.js
+++ b/prefs.js
@@ -1,10 +1,8 @@
 var xmlhttp = false;
 
-var active_feed = false;
 var active_feed_cat = false;
 var active_filter = false;
 var active_label = false;
-var active_user = false;
 var active_tab = false;
 var feed_to_expand = false;
 
@@ -33,18 +31,19 @@ function feedlist_callback() {
                        container.innerHTML=xmlhttp.responseText;
                        selectTab("feedConfig", true);
 
-                       if (active_feed) {
-                               var row = document.getElementById("FEEDR-" + active_feed);
+                       if (active_feed_cat) {
+                               var row = document.getElementById("FCATR-" + active_feed_cat);
                                if (row) {
                                        if (!row.className.match("Selected")) {
                                                row.className = row.className + "Selected";
                                        }               
                                }
-                               var checkbox = document.getElementById("FRCHK-" + active_feed);
+                               var checkbox = document.getElementById("FCCHK-" + active_feed_cat);
                                if (checkbox) {
                                        checkbox.checked = true;
                                }
                        }
+
                        notify("");
                } catch (e) {
                        exception_error("feedlist_callback", e);
@@ -109,20 +108,6 @@ function userlist_callback() {
        var container = document.getElementById('prefContent');
        if (xmlhttp.readyState == 4) {
                container.innerHTML=xmlhttp.responseText;
-
-               if (active_user) {
-                       var row = document.getElementById("UMRR-" + active_user);
-                       if (row) {
-                               if (!row.className.match("Selected")) {
-                                       row.className = row.className + "Selected";
-                               }               
-                       }
-                       var checkbox = document.getElementById("UMCHK-" + active_user);
-                       
-                       if (checkbox) {
-                               checkbox.checked = true;
-                       }
-               } 
                notify("");
        }
 }
@@ -352,11 +337,12 @@ function editUser(id) {
                return
        }
 
-       active_user = id;
+       selectTableRowsByIdPrefix('prefUserList', 'UMRR-', 'UMCHK-', false);
+       selectTableRowById('UMRR-'+id, 'UMCHK-'+id, true);
 
        xmlhttp.open("GET", "backend.php?op=pref-users&subop=edit&id=" +
                param_escape(id), true);
-       xmlhttp.onreadystatechange=userlist_callback;
+       xmlhttp.onreadystatechange=infobox_callback;
        xmlhttp.send(null);
 
 }
@@ -386,14 +372,12 @@ function editFeed(feed) {
                return
        }
 
-       active_feed = feed;
-
        // clean selection from all rows & select row being edited
        selectTableRowsByIdPrefix('prefFeedList', 'FEEDR-', 'FRCHK-', false);
        selectTableRowById('FEEDR-'+feed, 'FRCHK-'+feed, true);
 
        xmlhttp.open("GET", "backend.php?op=pref-feeds&subop=editfeed&id=" +
-               param_escape(active_feed), true);
+               param_escape(feed), true);
 
        xmlhttp.onreadystatechange=infobox_callback;
        xmlhttp.send(null);
@@ -611,8 +595,6 @@ function feedEditCancel() {
 
        selectPrefRows('feed', false); // cleanup feed selection
 
-       active_feed = false;
-
 }
 
 function feedCatEditCancel() {
@@ -645,8 +627,6 @@ function feedEditSave() {
 
                var query = Form.serialize("edit_feed_form");
 
-               active_feed = false;
-
                notify("Saving feed...");
 
                xmlhttp.open("POST", "backend.php", true);
@@ -730,14 +710,9 @@ function userEditCancel() {
                return
        }
 
-       active_user = false;
-
-//     notify("Operation cancelled.");
-
-       xmlhttp.open("GET", "backend.php?op=pref-users", true);
-       xmlhttp.onreadystatechange=userlist_callback;
-       xmlhttp.send(null);
+       selectPrefRows('user', false); // cleanup feed selection
 
+       closeInfoBox();
 }
 
 function filterEditCancel() {
@@ -766,22 +741,18 @@ function labelEditSave() {
                return
        }
 
-/*     var sqlexp = document.getElementById("iedit_expr").value;
-       var descr = document.getElementById("iedit_descr").value;
-
-//     notify("Saving label " + sqlexp + ": " + descr);
+       var sql_exp = document.forms["label_edit_form"].sql_exp.value;
+       var description = document.forms["label_edit_form"].description.value;
 
-       if (sqlexp.length == 0) {
-               notify("SQL expression cannot be blank.");
+       if (sql_exp.length == 0) {
+               alert("SQL Expression cannot be blank.");
                return;
        }
 
-       if (descr.length == 0) {
-               notify("Caption cannot be blank.");
+       if (description.length == 0) {
+               alert("Caption field cannot be blank.");
                return;
-       } */
-
-       // FIXME: input validation
+       }
 
        notify("Saving label...");
 
@@ -798,41 +769,25 @@ function labelEditSave() {
 
 function userEditSave() {
 
-       var user = active_user;
-
        if (!xmlhttp_ready(xmlhttp)) {
                printLockingError();
                return
        }
 
-       var login = document.getElementById("iedit_ulogin").value;
-       var level = document.getElementById("iedit_ulevel");
-
-       level = level[level.selectedIndex].id;
-       
-       var email = document.getElementById("iedit_email").value;
+       var login = document.forms["user_edit_form"].login.value;
 
        if (login.length == 0) {
-               notify("Login cannot be blank.");
+               alert("Login field cannot be blank.");
                return;
        }
-
-       if (level.length == 0) {
-               notify("User level cannot be blank.");
-               return;
-       }
-
-       active_user = false;
-
+       
        notify("Saving user...");
-
-       xmlhttp.open("GET", "backend.php?op=pref-users&subop=editSave&id=" +
-               user + "&l=" + param_escape(login) + "&al=" + param_escape(level) +
-               "&e=" + param_escape(email), true);
-               
+       
+       var query = Form.serialize("user_edit_form");
+       
+       xmlhttp.open("GET", "backend.php?" + query, true);                      
        xmlhttp.onreadystatechange=userlist_callback;
        xmlhttp.send(null);
-
 }
 
 
@@ -843,7 +798,12 @@ function filterEditSave() {
                return
        }
 
-       // FIXME: input validation
+       var reg_exp = document.forms["filter_edit_form"].reg_exp.value;
+
+       if (reg_exp.length == 0) {
+               alert("Filter expression field cannot be blank.");
+               return;
+       }
 
        notify("Saving filter...");
 
@@ -1171,11 +1131,9 @@ function selectTab(id, noupdate) {
                notify("Loading, please wait...", true);
 
                // clean up all current selections, just in case
-               active_feed = false;
                active_feed_cat = false;
                active_filter = false;
                active_label = false;
-               active_user = false;
 
                if (id == "feedConfig") {
                        updateFeedList();