1440 => "Daily",
10080 => "Weekly");
+ $access_level_names = array(
+ 0 => "User",
+ 10 => "Administrator");
+
$script_started = getmicrotime();
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
$edit_cat_id = $_GET["id"];
- if ($subop == "editCat") {
- if ($cat_id != $edit_cat_id) {
+ if ($subop == "editCat" && $cat_id != $edit_cat_id) {
$class .= "Grayed";
$this_row_id = "";
- } else {
- $class .= "Selected";
- }
} else {
$this_row_id = "id=\"FCATR-$cat_id\"";
}
}
- if ($id == "quickDelFeed") {
-
- $param = db_escape_string($param);
-
- $result = db_query($link, "SELECT title FROM ttrss_feeds WHERE id = '$param'");
-
- if ($result) {
-
- $f_title = db_fetch_result($result, 0, "title");
-
- print "Remove current feed (<b>$f_title</b>)?
- <input class=\"button\"
- type=\"submit\" onclick=\"javascript:qfdDelete($param)\" value=\"Remove\">
- <input class=\"button\"
- type=\"submit\" onclick=\"javascript:closeInfoBox()\"
- value=\"Cancel\">";
- } else {
- print "Error: Feed $param not found.
- <input class=\"button\"
- type=\"submit\" onclick=\"javascript:closeInfoBox()\"
- value=\"Cancel\">";
- }
- }
-
if ($id == "search") {
print "<div id=\"infoBoxTitle\">Search</div>";
$subop = $_GET["subop"];
+ if ($subop == "edit") {
+
+ $id = db_escape_string($_GET["id"]);
+
+ print "<div id=\"infoBoxTitle\">User editor</div>";
+
+ print "<div class=\"infoBoxContents\">";
+
+ print "<form id=\"user_edit_form\">";
+
+ print "<input type=\"hidden\" name=\"id\" value=\"$id\">";
+ print "<input type=\"hidden\" name=\"op\" value=\"pref-users\">";
+ print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">";
+
+ $result = db_query($link, "SELECT * FROM ttrss_users WHERE id = '$id'");
+
+ $login = db_fetch_result($result, 0, "login");
+ $access_level = db_fetch_result($result, 0, "access_level");
+ $email = db_fetch_result($result, 0, "email");
+
+ print "<table width='100%'>";
+ print "<tr><td>Login:</td><td>
+ <input class=\"iedit\" name=\"login\" value=\"$login\"></td></tr>";
+
+ print "<tr><td>Change password:</td><td>
+ <input class=\"iedit\" name=\"password\"></td></tr>";
+
+ print "<tr><td>E-mail:</td><td>
+ <input class=\"iedit\" name=\"email\" value=\"$email\"></td></tr>";
+
+ $sel_disabled = ($id == $_SESSION["uid"]) ? "disabled" : "";
+
+ print "<tr><td>Access level:</td><td>";
+ print_select_hash("access_level", $access_level, $access_level_names,
+ $sel_disabled);
+ print "</td></tr>";
+
+ print "</table>";
+
+ print "</form>";
+
+ print "<div align='right'>
+ <input class=\"button\"
+ type=\"submit\" onclick=\"javascript:userEditSave()\" value=\"Save\">
+ <input class=\"button\"
+ type=\"submit\" onclick=\"javascript:userEditCancel()\"
+ value=\"Cancel\"></div>";
+
+ print "</div>";
+
+ return;
+ }
+
if ($subop == "editSave") {
- if (!WEB_DEMO_MODE) {
+ if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
- $login = db_escape_string($_GET["l"]);
+ $login = db_escape_string(trim($_GET["login"]));
$uid = db_escape_string($_GET["id"]);
- $access_level = sprintf("%d", $_GET["al"]);
- $email = db_escape_string($_GET["e"]);
+ $access_level = sprintf("%d", $_GET["access_level"]);
+ $email = db_escape_string(trim($_GET["email"]));
+ $password = db_escape_string(trim($_GET["password"]));
+
+ if ($password) {
+ $pwd_hash = 'SHA1:' . sha1($password);
+ $pass_query_part = "pwd_hash = '$pwd_hash', ";
+ print "<div class='notice'>Changed password for user <b>$login</b>.</div>";
+ } else {
+ $pass_query_part = "";
+ }
- db_query($link, "UPDATE ttrss_users SET login = '$login',
+ db_query($link, "UPDATE ttrss_users SET $pass_query_part login = '$login',
access_level = '$access_level', email = '$email' WHERE id = '$uid'");
}
print "<tr class=\"title\">
<td align='center' width=\"5%\"> </td>
- <td width='20%'>Login</td>
- <td width='20%'>E-mail</td>
- <td width='20%'>Access Level</td>
- <td width='20%'>Last login</td></tr>";
+ <td width='40%'>Login</td>
+ <td width='40%'>Access Level</td>
+ <td width='30%'>Last login</td></tr>";
$lnum = 0;
$access_level_names = array(0 => "User", 10 => "Administrator");
- if (!$edit_uid || $subop != "edit") {
+// if (!$edit_uid || $subop != "edit") {
print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"user\");'
type=\"checkbox\" id=\"UMCHK-$uid\"></td>";
if (!$line["email"]) $line["email"] = " ";
- print "<td><a href=\"javascript:editUser($uid);\">" .
- $line["email"] . "</td>";
-
print "<td><a href=\"javascript:editUser($uid);\">" .
$access_level_names[$line["access_level"]] . "</td>";
- } else if ($uid != $edit_uid) {
+/* } else if ($uid != $edit_uid) {
if (!$line["email"]) $line["email"] = " ";
print "</select>";
print "</td>";
- }
+ } */
print "<td>".$line["last_login"]."</td>";
print "<p id='userOpToolbar'>";
- if ($subop == "edit") {
+/* if ($subop == "edit") {
print "Edit user:
<input type=\"submit\" class=\"button\"
onclick=\"javascript:userEditSave()\" value=\"Save\">
<input type=\"submit\" class=\"button\"
onclick=\"javascript:userEditCancel()\" value=\"Cancel\">";
- } else {
+ } else { */
print "
Selection:
<input type=\"submit\" class=\"button\" disabled=\"true\"
onclick=\"javascript:resetSelectedUserPass()\" value=\"Reset password\">";
- }
+// }
}
if ($op == "user-details") {
var xmlhttp = false;
-var active_feed = false;
var active_feed_cat = false;
var active_filter = false;
var active_label = false;
-var active_user = false;
var active_tab = false;
var feed_to_expand = false;
container.innerHTML=xmlhttp.responseText;
selectTab("feedConfig", true);
- if (active_feed) {
- var row = document.getElementById("FEEDR-" + active_feed);
+ if (active_feed_cat) {
+ var row = document.getElementById("FCATR-" + active_feed_cat);
if (row) {
if (!row.className.match("Selected")) {
row.className = row.className + "Selected";
}
}
- var checkbox = document.getElementById("FRCHK-" + active_feed);
+ var checkbox = document.getElementById("FCCHK-" + active_feed_cat);
if (checkbox) {
checkbox.checked = true;
}
}
+
notify("");
} catch (e) {
exception_error("feedlist_callback", e);
var container = document.getElementById('prefContent');
if (xmlhttp.readyState == 4) {
container.innerHTML=xmlhttp.responseText;
-
- if (active_user) {
- var row = document.getElementById("UMRR-" + active_user);
- if (row) {
- if (!row.className.match("Selected")) {
- row.className = row.className + "Selected";
- }
- }
- var checkbox = document.getElementById("UMCHK-" + active_user);
-
- if (checkbox) {
- checkbox.checked = true;
- }
- }
notify("");
}
}
return
}
- active_user = id;
+ selectTableRowsByIdPrefix('prefUserList', 'UMRR-', 'UMCHK-', false);
+ selectTableRowById('UMRR-'+id, 'UMCHK-'+id, true);
xmlhttp.open("GET", "backend.php?op=pref-users&subop=edit&id=" +
param_escape(id), true);
- xmlhttp.onreadystatechange=userlist_callback;
+ xmlhttp.onreadystatechange=infobox_callback;
xmlhttp.send(null);
}
return
}
- active_feed = feed;
-
// clean selection from all rows & select row being edited
selectTableRowsByIdPrefix('prefFeedList', 'FEEDR-', 'FRCHK-', false);
selectTableRowById('FEEDR-'+feed, 'FRCHK-'+feed, true);
xmlhttp.open("GET", "backend.php?op=pref-feeds&subop=editfeed&id=" +
- param_escape(active_feed), true);
+ param_escape(feed), true);
xmlhttp.onreadystatechange=infobox_callback;
xmlhttp.send(null);
selectPrefRows('feed', false); // cleanup feed selection
- active_feed = false;
-
}
function feedCatEditCancel() {
var query = Form.serialize("edit_feed_form");
- active_feed = false;
-
notify("Saving feed...");
xmlhttp.open("POST", "backend.php", true);
return
}
- active_user = false;
-
-// notify("Operation cancelled.");
-
- xmlhttp.open("GET", "backend.php?op=pref-users", true);
- xmlhttp.onreadystatechange=userlist_callback;
- xmlhttp.send(null);
+ selectPrefRows('user', false); // cleanup feed selection
+ closeInfoBox();
}
function filterEditCancel() {
return
}
-/* var sqlexp = document.getElementById("iedit_expr").value;
- var descr = document.getElementById("iedit_descr").value;
-
-// notify("Saving label " + sqlexp + ": " + descr);
+ var sql_exp = document.forms["label_edit_form"].sql_exp.value;
+ var description = document.forms["label_edit_form"].description.value;
- if (sqlexp.length == 0) {
- notify("SQL expression cannot be blank.");
+ if (sql_exp.length == 0) {
+ alert("SQL Expression cannot be blank.");
return;
}
- if (descr.length == 0) {
- notify("Caption cannot be blank.");
+ if (description.length == 0) {
+ alert("Caption field cannot be blank.");
return;
- } */
-
- // FIXME: input validation
+ }
notify("Saving label...");
function userEditSave() {
- var user = active_user;
-
if (!xmlhttp_ready(xmlhttp)) {
printLockingError();
return
}
- var login = document.getElementById("iedit_ulogin").value;
- var level = document.getElementById("iedit_ulevel");
-
- level = level[level.selectedIndex].id;
-
- var email = document.getElementById("iedit_email").value;
+ var login = document.forms["user_edit_form"].login.value;
if (login.length == 0) {
- notify("Login cannot be blank.");
+ alert("Login field cannot be blank.");
return;
}
-
- if (level.length == 0) {
- notify("User level cannot be blank.");
- return;
- }
-
- active_user = false;
-
+
notify("Saving user...");
-
- xmlhttp.open("GET", "backend.php?op=pref-users&subop=editSave&id=" +
- user + "&l=" + param_escape(login) + "&al=" + param_escape(level) +
- "&e=" + param_escape(email), true);
-
+
+ var query = Form.serialize("user_edit_form");
+
+ xmlhttp.open("GET", "backend.php?" + query, true);
xmlhttp.onreadystatechange=userlist_callback;
xmlhttp.send(null);
-
}
return
}
- // FIXME: input validation
+ var reg_exp = document.forms["filter_edit_form"].reg_exp.value;
+
+ if (reg_exp.length == 0) {
+ alert("Filter expression field cannot be blank.");
+ return;
+ }
notify("Saving filter...");
notify("Loading, please wait...", true);
// clean up all current selections, just in case
- active_feed = false;
active_feed_cat = false;
active_filter = false;
active_label = false;
- active_user = false;
if (id == "feedConfig") {
updateFeedList();