]> git.wh0rd.org Git - tt-rss.git/commitdiff
user manager
authorAndrew Dolgov <fox@madoka.spb.ru>
Fri, 18 Nov 2005 09:00:18 +0000 (10:00 +0100)
committerAndrew Dolgov <fox@madoka.spb.ru>
Fri, 18 Nov 2005 09:00:18 +0000 (10:00 +0100)
backend.php
functions.php
login.php
prefs.js
prefs.php
tt-rss.css
tt-rss.php

index 0fbe75b3368517fc41980f146fa1e594e8ad4e38..42707b09a650e5faef91f4a652aff6448e455a7d 100644 (file)
 
                        } else {
 
-                               print "<td><input disabled=\"true\" type=\"checkbox\"></td>";
+                               print "<td><input disabled=\"true\" type=\"checkbox\" checked></td>";
 
                                print "<td><input id=\"iedit_title\" value=\"$edit_title\"></td>";
                                print "<td><input id=\"iedit_link\" value=\"$edit_link\"></td>";
 
                        } else {
 
-                               print "<td><input disabled=\"true\" type=\"checkbox\"></td>";
+                               print "<td><input disabled=\"true\" type=\"checkbox\" checked></td>";
 
                                print "<td><input id=\"iedit_regexp\" value=\"".$line["reg_exp"].
                                        "\"></td>";
 
                        } else {
 
-                               print "<td><input disabled=\"true\" type=\"checkbox\"></td>";
+                               print "<td><input disabled=\"true\" type=\"checkbox\" checked></td>";
 
                                print "<td><input id=\"iedit_expr\" value=\"".$line["sql_exp"].
                                        "\"></td>";
 
        }
 
+       if ($op == "pref-users") {
+
+               $subop = $_GET["subop"];
+
+               if ($subop == "editSave") {
+       
+                       if (!WEB_DEMO_MODE) {
+
+                               $login = db_escape_string($_GET["l"]);
+                               $uid = db_escape_string($_GET["id"]);
+                               $access_level = sprintf("%d", $_GET["al"]);
+
+                               db_query($link, "UPDATE ttrss_users SET login = '$login', access_level = '$access_level' WHERE id = '$uid'");
+
+                       }
+               } else if ($subop == "remove") {
+
+                       if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
+
+                               $ids = split(",", $_GET["ids"]);
+
+                               foreach ($ids as $id) {
+                                       db_query($link, "DELETE FROM ttrss_users WHERE id = '$id' AND id != " . $_SESSION["uid"]);
+                                       
+                               }
+                       }
+               } else if ($subop == "add") {
+               
+                       if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
+
+                               $login = db_escape_string($_GET["login"]);
+                               $tmp_user_pwd = make_password(8);
+                               $pwd_hash = 'SHA1:' . sha1($tmp_user_pwd);
+
+                               db_query($link, "INSERT INTO ttrss_users (login,pwd_hash,access_level)
+                                       VALUES ('$login', '$pwd_hash', 0)");
+
+
+                               $result = db_query($link, "SELECT id FROM ttrss_users WHERE 
+                                       login = '$login' AND pwd_hash = '$pwd_hash'");
+
+                               if (db_num_rows($result) == 1) {
+
+                                       $new_uid = db_fetch_result($result, 0, "id");
+
+                                       print "<div class=\"notice\">Added user <b>".$_GET["login"].
+                                               "</b> with password <b>$tmp_user_pwd</b>.</div>";
+
+                                       initialize_user($link, $new_uid);
+
+                               } else {
+                               
+                                       print "<div class=\"warning\">Error while adding user <b>".
+                                       $_GET["login"].".</b></div>";
+
+                               }
+                       } 
+               } else if ($subop == "resetPass") {
+
+                       if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
+
+                               $uid = db_escape_string($_GET["id"]);
+
+                               $result = db_query($link, "SELECT login FROM ttrss_users WHERE id = '$uid'");
+
+                               $login = db_fetch_result($result, 0, "login");
+                               $tmp_user_pwd = make_password(8);
+                               $pwd_hash = 'SHA1:' . sha1($tmp_user_pwd);
+
+                               db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash'
+                                       WHERE id = '$uid'");
+
+                               print "<div class=\"notice\">Changed password of 
+                                       user <b>$login</b> to <b>$tmp_user_pwd</b>.</div>";                             
+
+                       }
+               }
+
+               print "<table class=\"prefAddFeed\"><tr>
+                       <td><input id=\"uadd_box\"></td>";
+                       
+               print"<td colspan=\"4\" align=\"right\">
+                               <a class=\"button\" href=\"javascript:addUser()\">Add user</a></td></tr>
+               </table>";
+
+               $result = db_query($link, "SELECT 
+                               id,login,access_level
+                       FROM 
+                               ttrss_users
+                       ORDER by login");
+
+               print "<p><table width=\"100%\" class=\"prefUserList\" id=\"prefUserList\">";
+
+               print "<tr class=\"title\">
+                                       <td width=\"5%\">Select</td><td width='40%'>Login
+                                       </td>
+                                       <td width='40%'>Access Level</td></tr>";
+               
+               $lnum = 0;
+               
+               while ($line = db_fetch_assoc($result)) {
+
+                       $class = ($lnum % 2) ? "even" : "odd";
+
+                       $uid = $line["id"];
+                       $edit_uid = $_GET["id"];
+
+                       if ($uid == $_SESSION["uid"] || ($subop == "edit" && $uid != $edit_uid)) {
+                               $class .= "Grayed";
+                       }
+               
+                       print "<tr class=\"$class\" id=\"UMRR-$uid\">";
+
+                       $line["login"] = htmlspecialchars($line["login"]);
+
+                       if ($uid == $_SESSION["uid"]) {
+
+                               print "<td><input disabled=\"true\" type=\"checkbox\" 
+                                       id=\"UMCHK-".$line["id"]."\"></td>";
+
+                               print "<td>".$line["login"]."</td>";            
+                               print "<td>".$line["access_level"]."</td>";             
+                       
+
+                       } else if (!$edit_uid || $subop != "edit") {
+
+                               print "<td><input onclick='toggleSelectRow(this);' 
+                               type=\"checkbox\" id=\"UMCHK-".$line["id"]."\"></td>";
+
+                               print "<td><a href=\"javascript:editUser($uid);\">" . 
+                                       $line["login"] . "</td>";               
+                                       
+                               print "<td><a href=\"javascript:editUser($uid);\">" . 
+                                       $line["access_level"] . "</td>";                        
+
+                       } else if ($uid != $edit_uid) {
+
+                               print "<td><input disabled=\"true\" type=\"checkbox\" 
+                                       id=\"UMCHK-".$line["id"]."\"></td>";
+
+                               print "<td>".$line["login"]."</td>";            
+                               print "<td>".$line["access_level"]."</td>";             
+
+                       } else {
+
+                               print "<td><input disabled=\"true\" type=\"checkbox\" checked></td>";
+
+                               print "<td><input id=\"iedit_ulogin\" value=\"".$line["login"].
+                                       "\"></td>";
+
+                               print "<td><input id=\"iedit_ulevel\" value=\"".$line["access_level"].
+                                       "\"></td>";
+                                               
+                       }
+                               
+                       
+                       print "</tr>";
+
+                       ++$lnum;
+               }
+
+               print "</table>";
+
+               print "<p>";
+
+               if ($subop == "edit") {
+                       print "Edit label:
+                               <input type=\"submit\" class=\"button\" 
+                                       onclick=\"javascript:userEditCancel()\" value=\"Cancel\">
+                               <input type=\"submit\" class=\"button\" 
+                                       onclick=\"javascript:userEditSave()\" value=\"Save\">";
+                                       
+               } else {
+
+                       print "
+                               Selection:
+                       <input type=\"submit\" class=\"button\" 
+                               onclick=\"javascript:resetSelectedUserPass()\" value=\"Reset password\">
+                       <input type=\"submit\" class=\"button\" 
+                               onclick=\"javascript:editSelectedUser()\" value=\"Edit\">
+                       <input type=\"submit\" class=\"button\" 
+                               onclick=\"javascript:removeSelectedUsers()\" value=\"Remove\">";
+               }
+       }
+
+
        db_close($link);
 ?>
 
index 9841f95c9f1f0cc037c2368f4b543f99157a2311..3985890b155d10ad5436bcdd66e2ab5815daebae 100644 (file)
                }               
        }
 
+       function make_password($length = 8) {
+
+               $password = "";
+               $possible = "0123456789bcdfghjkmnpqrstvwxyz"; 
+    
+               $i = 0; 
+    
+               while ($i < $length) { 
+                       $char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
+        
+                       if (!strstr($password, $char)) { 
+                               $password .= $char;
+                               $i++;
+                       }
+               }
+               return $password;
+       }
+
+       // this is called after user is created to initialize default feeds, labels
+       // or whatever else
+       
+       // user preferences are checked on every login, not here
+
+       function initialize_user($link, $uid) {
+
+               db_query($link, "insert into ttrss_labels (owner_uid,sql_exp,description) 
+                       values ('$uid','unread = true', 'Unread articles')");
+
+               db_query($link, "insert into ttrss_labels (owner_uid,sql_exp,description) 
+                       values ('$uid','last_read is null and unread = false', 'Updated articles')");
+               
+               db_query($link, "insert into ttrss_feeds (owner_uid,title,feed_url)
+                       values ('$uid', 'Tiny Tiny RSS Dev. Feed',
+                       'http://bah.spb.su/darcsweb/darcsweb.cgi?r=tt-rss;a=rss')");
+               
+               }
+
 ?>
index 86694667af8d227b0300f6a10c386136af811b2f..1aa606d5083fe2a2a9fe33b3de77498e2dc2caf7 100644 (file)
--- a/login.php
+++ b/login.php
@@ -12,6 +12,7 @@
 
        if ($login && $password) {
                if (authenticate_user($link, $login, $password)) {
+                       initialize_user_prefs($link, $_SESSION["uid"]); 
                        header("Location: tt-rss.php");
                }
        }
index df49f85be1dacd2e103c2a4d752c215c04dd7935..c18e5100f3706d391e6b87cfc0701db2a5f850cb 100644 (file)
--- a/prefs.js
+++ b/prefs.js
@@ -8,6 +8,7 @@ var xmlhttp = false;
 var active_feed = false;
 var active_filter = false;
 var active_label = false;
+var active_user = false;
 
 var active_tab = false;
 
@@ -95,6 +96,28 @@ function labellist_callback() {
        }
 }
 
+function userlist_callback() {
+       var container = document.getElementById('prefContent');
+       if (xmlhttp.readyState == 4) {
+               container.innerHTML=xmlhttp.responseText;
+
+/*             if (active_filter) {
+                       var row = document.getElementById("ULRR-" + active_label);
+                       if (row) {
+                               if (!row.className.match("Selected")) {
+                                       row.className = row.className + "Selected";
+                               }               
+                       }
+                       var checkbox = document.getElementById("LICHK-" + active_label);
+                       
+                       if (checkbox) {
+                               checkbox.checked = true;
+                       }
+               } */
+               p_notify("");
+       }
+}
+
 function prefslist_callback() {
        var container = document.getElementById('prefContent');
        if (xmlhttp.readyState == 4) {
@@ -141,6 +164,23 @@ function updateFeedList() {
 
 }
 
+function updateUsersList() {
+
+       if (!xmlhttp_ready(xmlhttp)) {
+               printLockingError();
+               return
+       }
+
+//     document.getElementById("prefContent").innerHTML = "Loading feeds, please wait...";
+
+       p_notify("Loading, please wait...");
+
+       xmlhttp.open("GET", "backend.php?op=pref-users", true);
+       xmlhttp.onreadystatechange=userlist_callback;
+       xmlhttp.send(null);
+
+}
+
 function toggleSelectRow(sender) {
        var parent_row = sender.parentNode.parentNode;
 
@@ -233,6 +273,31 @@ function addFeed() {
 
 }
 
+function addUser() {
+
+       if (!xmlhttp_ready(xmlhttp)) {
+               printLockingError();
+               return
+       }
+
+       var sqlexp = document.getElementById("uadd_box");
+
+       if (sqlexp.value.length == 0) {
+               notify("Missing user login.");
+       } else {
+               notify("Adding user...");
+
+               xmlhttp.open("GET", "backend.php?op=pref-users&subop=add&login=" +
+                       param_escape(sqlexp.value), true);                      
+                       
+               xmlhttp.onreadystatechange=userlist_callback;
+               xmlhttp.send(null);
+
+               sqlexp.value = "";
+       }
+
+}
+
 function editLabel(id) {
 
        if (!xmlhttp_ready(xmlhttp)) {
@@ -249,6 +314,22 @@ function editLabel(id) {
 
 }
 
+function editUser(id) {
+
+       if (!xmlhttp_ready(xmlhttp)) {
+               printLockingError();
+               return
+       }
+
+       active_user = id;
+
+       xmlhttp.open("GET", "backend.php?op=pref-users&subop=edit&id=" +
+               param_escape(id), true);
+       xmlhttp.onreadystatechange=userlist_callback;
+       xmlhttp.send(null);
+
+}
+
 function editFilter(id) {
 
        if (!xmlhttp_ready(xmlhttp)) {
@@ -299,6 +380,22 @@ function getSelectedLabels() {
        return sel_rows;
 }
 
+function getSelectedUsers() {
+
+       var content = document.getElementById("prefUserList");
+
+       var sel_rows = new Array();
+
+       for (i = 0; i < content.rows.length; i++) {
+               if (content.rows[i].className.match("Selected")) {
+                       var row_id = content.rows[i].id.replace("UMRR-", "");
+                       sel_rows.push(row_id);  
+               }
+       }
+
+       return sel_rows;
+}
+
 
 function getSelectedFilters() {
 
@@ -405,6 +502,29 @@ function removeSelectedLabels() {
        }
 }
 
+function removeSelectedUsers() {
+
+       if (!xmlhttp_ready(xmlhttp)) {
+               printLockingError();
+               return
+       }
+
+       var sel_rows = getSelectedUsers();
+
+       if (sel_rows.length > 0) {
+
+               notify("Removing selected users...");
+
+               xmlhttp.open("GET", "backend.php?op=pref-users&subop=remove&ids="+
+                       param_escape(sel_rows.toString()), true);
+               xmlhttp.onreadystatechange=userlist_callback;
+               xmlhttp.send(null);
+
+       } else {
+               notify("Please select some labels first.");
+       }
+}
+
 function removeSelectedFilters() {
 
        if (!xmlhttp_ready(xmlhttp)) {
@@ -535,6 +655,22 @@ function labelEditCancel() {
 
 }
 
+function userEditCancel() {
+
+       if (!xmlhttp_ready(xmlhttp)) {
+               printLockingError();
+               return
+       }
+
+       active_user = false;
+
+       notify("Operation cancelled.");
+
+       xmlhttp.open("GET", "backend.php?op=pref-users", true);
+       xmlhttp.onreadystatechange=userlist_callback;
+       xmlhttp.send(null);
+
+}
 
 function filterEditCancel() {
 
@@ -588,6 +724,40 @@ function labelEditSave() {
 
 }
 
+function userEditSave() {
+
+       var user = active_user;
+
+       if (!xmlhttp_ready(xmlhttp)) {
+               printLockingError();
+               return
+       }
+
+       var login = document.getElementById("iedit_ulogin").value;
+       var level = document.getElementById("iedit_ulevel").value;
+
+       if (login.length == 0) {
+               notify("Login cannot be blank.");
+               return;
+       }
+
+       if (level.length == 0) {
+               notify("User level cannot be blank.");
+               return;
+       }
+
+       active_user = false;
+
+       xmlhttp.open("GET", "backend.php?op=pref-users&subop=editSave&id=" +
+               user + "&l=" + param_escape(login) + "&al=" + param_escape(level),
+               true);
+               
+       xmlhttp.onreadystatechange=labellist_callback;
+       xmlhttp.send(null);
+
+}
+
+
 function filterEditSave() {
 
        var filter = active_filter;
@@ -638,6 +808,47 @@ function editSelectedLabel() {
 
 }
 
+function editSelectedUser() {
+       var rows = getSelectedUsers();
+
+       if (rows.length == 0) {
+               notify("No users are selected.");
+               return;
+       }
+
+       if (rows.length > 1) {
+               notify("Please select one user.");
+               return;
+       }
+
+       editUser(rows[0]);
+}
+
+function resetSelectedUserPass() {
+       var rows = getSelectedUsers();
+
+       if (rows.length == 0) {
+               notify("No users are selected.");
+               return;
+       }
+
+       if (rows.length > 1) {
+               notify("Please select one user.");
+               return;
+       }
+
+       notify("Resetting password for selected user...");
+
+       var id = rows[0];
+
+       xmlhttp.open("GET", "backend.php?op=pref-users&subop=resetPass&id=" +
+               param_escape(id), true);
+       xmlhttp.onreadystatechange=userlist_callback;
+       xmlhttp.send(null);
+
+}
+
+
 
 function editSelectedFilter() {
        var rows = getSelectedFilters();
@@ -755,6 +966,8 @@ function selectTab(id) {
                updateLabelList();
        } else if (id == "genConfig") {
                updatePrefsList();
+       } else if (id == "userConfig") {
+               updateUsersList();
        }
 
        var tab = document.getElementById(active_tab + "Tab");
index f6b862f0760d020bff1f944d24e43566b1c42d6a..4c19f687f73d7af201cb41f6bb5eaef0997a544d 100644 (file)
--- a/prefs.php
+++ b/prefs.php
                $_SESSION["name"] = "admin";
        }
 
-
-       initialize_user_prefs($link, $_SESSION["uid"]); 
-       // FIXME this needs to be moved somewhere after user creation
-
 ?>
 <html>
 <head>
@@ -77,7 +73,7 @@
 <? } ?>
 <tr>
        <td class="prefsTabs" align="left" valign="bottom">
-               <input id="genConfigTab" class="prefsTab" type="submit" value="User Preferences"
+               <input id="genConfigTab" class="prefsTab" type="submit" value="Preferences"
                        onclick="selectTab('genConfig')">
                <input id="feedConfigTab" class="prefsTab" type="submit" value="Feed Configuration"
                        onclick="selectTab('feedConfig')">
                <input id="labelConfigTab" class="prefsTab" type="submit" value="Label Editor"
                        onclick="selectTab('labelConfig')">
                <? } ?>
+               <? if ($_SESSION["access_level"] >= 10) { ?>
+               <input id="userConfigTab" class="prefsTab" type="submit" value="User Manager"
+                       onclick="selectTab('userConfig')">
+               <? } ?>         
        </td>
        <td class="prefsToolbar" valign="middle" align="right"> 
                <input type="submit" onclick="gotoMain()" class="button" value="Return to main">
index 0bc3a522ebc97ff657ade44127df68dd14d8fcf4..b45f0d4274deac21dc6ae8963f3caead59431612 100644 (file)
@@ -241,7 +241,7 @@ a:hover {
 }
 
 #iedit_title, #iedit_link, #iedit_regexp, #iedit_descr, #iedit_expr, #iedit_updintl,
-#iedit_purgintl {
+#iedit_purgintl, #iedit_ulogin, #iedit_ulevel {
        width : 100%;
        padding-left : 2px;
 }
@@ -498,6 +498,14 @@ div.warning {
        font-size : x-small;
 }
 
+div.notice {
+       background : #ffffff;
+       border : 1px solid #c0c0c0;
+       padding : 5px;
+       margin : 5px;
+       font-size : x-small;
+}
+
 ul.nomarks {
        list-style-type : none;
        margin : 0px;
index 6dd4195fae1559a0c6405f40fd621bbbd92d3fd5..5de1c67589d5b1bc07de07db12670ef544bf9652 100644 (file)
@@ -23,9 +23,6 @@
                $_SESSION["name"] = "admin";
        }
 
-       initialize_user_prefs($link, $_SESSION["uid"]); 
-       // FIXME this needs to be moved somewhere after user creation
-
 ?>
 <html>
 <head>