From: Andrew Dolgov Date: Sat, 20 May 2006 14:26:00 +0000 (+0100) Subject: user editor improved, some form parameter validation reimplemented for prototyped... X-Git-Tag: 1.2.0~54 X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=3c5783b72688b36d076063b53d23c3bcdbaf6f1a;p=tt-rss.git user editor improved, some form parameter validation reimplemented for prototyped-forms --- diff --git a/backend.php b/backend.php index d203af3f..745a1a13 100644 --- a/backend.php +++ b/backend.php @@ -81,6 +81,10 @@ 1440 => "Daily", 10080 => "Weekly"); + $access_level_names = array( + 0 => "User", + 10 => "Administrator"); + $script_started = getmicrotime(); $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); @@ -2007,13 +2011,9 @@ $edit_cat_id = $_GET["id"]; - if ($subop == "editCat") { - if ($cat_id != $edit_cat_id) { + if ($subop == "editCat" && $cat_id != $edit_cat_id) { $class .= "Grayed"; $this_row_id = ""; - } else { - $class .= "Selected"; - } } else { $this_row_id = "id=\"FCATR-$cat_id\""; } @@ -2683,30 +2683,6 @@ } - if ($id == "quickDelFeed") { - - $param = db_escape_string($param); - - $result = db_query($link, "SELECT title FROM ttrss_feeds WHERE id = '$param'"); - - if ($result) { - - $f_title = db_fetch_result($result, 0, "title"); - - print "Remove current feed ($f_title)?  - - "; - } else { - print "Error: Feed $param not found.  - "; - } - } - if ($id == "search") { print "
Search
"; @@ -3229,16 +3205,78 @@ $subop = $_GET["subop"]; + if ($subop == "edit") { + + $id = db_escape_string($_GET["id"]); + + print "
User editor
"; + + print "
"; + + print "
"; + + print ""; + print ""; + print ""; + + $result = db_query($link, "SELECT * FROM ttrss_users WHERE id = '$id'"); + + $login = db_fetch_result($result, 0, "login"); + $access_level = db_fetch_result($result, 0, "access_level"); + $email = db_fetch_result($result, 0, "email"); + + print ""; + print ""; + + print ""; + + print ""; + + $sel_disabled = ($id == $_SESSION["uid"]) ? "disabled" : ""; + + print ""; + + print "
Login: +
Change password: +
E-mail: +
Access level:"; + print_select_hash("access_level", $access_level, $access_level_names, + $sel_disabled); + print "
"; + + print "
"; + + print "
+ +
"; + + print "
"; + + return; + } + if ($subop == "editSave") { - if (!WEB_DEMO_MODE) { + if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { - $login = db_escape_string($_GET["l"]); + $login = db_escape_string(trim($_GET["login"])); $uid = db_escape_string($_GET["id"]); - $access_level = sprintf("%d", $_GET["al"]); - $email = db_escape_string($_GET["e"]); + $access_level = sprintf("%d", $_GET["access_level"]); + $email = db_escape_string(trim($_GET["email"])); + $password = db_escape_string(trim($_GET["password"])); + + if ($password) { + $pwd_hash = 'SHA1:' . sha1($password); + $pass_query_part = "pwd_hash = '$pwd_hash', "; + print "
Changed password for user $login.
"; + } else { + $pass_query_part = ""; + } - db_query($link, "UPDATE ttrss_users SET login = '$login', + db_query($link, "UPDATE ttrss_users SET $pass_query_part login = '$login', access_level = '$access_level', email = '$email' WHERE id = '$uid'"); } @@ -3363,10 +3401,9 @@ print "   - Login - E-mail - Access Level - Last login"; + Login + Access Level + Last login"; $lnum = 0; @@ -3393,7 +3430,7 @@ $access_level_names = array(0 => "User", 10 => "Administrator"); - if (!$edit_uid || $subop != "edit") { +// if (!$edit_uid || $subop != "edit") { print ""; @@ -3403,13 +3440,10 @@ if (!$line["email"]) $line["email"] = " "; - print "" . - $line["email"] . ""; - print "" . $access_level_names[$line["access_level"]] . ""; - } else if ($uid != $edit_uid) { +/* } else if ($uid != $edit_uid) { if (!$line["email"]) $line["email"] = " "; @@ -3445,7 +3479,7 @@ print ""; print ""; - } + } */ print "".$line["last_login"].""; @@ -3458,14 +3492,14 @@ print "

"; - if ($subop == "edit") { +/* if ($subop == "edit") { print "Edit user: "; - } else { + } else { */ print " Selection: @@ -3478,7 +3512,7 @@ "; - } +// } } if ($op == "user-details") { diff --git a/prefs.js b/prefs.js index 23830cee..00ba1a62 100644 --- a/prefs.js +++ b/prefs.js @@ -1,10 +1,8 @@ var xmlhttp = false; -var active_feed = false; var active_feed_cat = false; var active_filter = false; var active_label = false; -var active_user = false; var active_tab = false; var feed_to_expand = false; @@ -33,18 +31,19 @@ function feedlist_callback() { container.innerHTML=xmlhttp.responseText; selectTab("feedConfig", true); - if (active_feed) { - var row = document.getElementById("FEEDR-" + active_feed); + if (active_feed_cat) { + var row = document.getElementById("FCATR-" + active_feed_cat); if (row) { if (!row.className.match("Selected")) { row.className = row.className + "Selected"; } } - var checkbox = document.getElementById("FRCHK-" + active_feed); + var checkbox = document.getElementById("FCCHK-" + active_feed_cat); if (checkbox) { checkbox.checked = true; } } + notify(""); } catch (e) { exception_error("feedlist_callback", e); @@ -109,20 +108,6 @@ function userlist_callback() { var container = document.getElementById('prefContent'); if (xmlhttp.readyState == 4) { container.innerHTML=xmlhttp.responseText; - - if (active_user) { - var row = document.getElementById("UMRR-" + active_user); - if (row) { - if (!row.className.match("Selected")) { - row.className = row.className + "Selected"; - } - } - var checkbox = document.getElementById("UMCHK-" + active_user); - - if (checkbox) { - checkbox.checked = true; - } - } notify(""); } } @@ -352,11 +337,12 @@ function editUser(id) { return } - active_user = id; + selectTableRowsByIdPrefix('prefUserList', 'UMRR-', 'UMCHK-', false); + selectTableRowById('UMRR-'+id, 'UMCHK-'+id, true); xmlhttp.open("GET", "backend.php?op=pref-users&subop=edit&id=" + param_escape(id), true); - xmlhttp.onreadystatechange=userlist_callback; + xmlhttp.onreadystatechange=infobox_callback; xmlhttp.send(null); } @@ -386,14 +372,12 @@ function editFeed(feed) { return } - active_feed = feed; - // clean selection from all rows & select row being edited selectTableRowsByIdPrefix('prefFeedList', 'FEEDR-', 'FRCHK-', false); selectTableRowById('FEEDR-'+feed, 'FRCHK-'+feed, true); xmlhttp.open("GET", "backend.php?op=pref-feeds&subop=editfeed&id=" + - param_escape(active_feed), true); + param_escape(feed), true); xmlhttp.onreadystatechange=infobox_callback; xmlhttp.send(null); @@ -611,8 +595,6 @@ function feedEditCancel() { selectPrefRows('feed', false); // cleanup feed selection - active_feed = false; - } function feedCatEditCancel() { @@ -645,8 +627,6 @@ function feedEditSave() { var query = Form.serialize("edit_feed_form"); - active_feed = false; - notify("Saving feed..."); xmlhttp.open("POST", "backend.php", true); @@ -730,14 +710,9 @@ function userEditCancel() { return } - active_user = false; - -// notify("Operation cancelled."); - - xmlhttp.open("GET", "backend.php?op=pref-users", true); - xmlhttp.onreadystatechange=userlist_callback; - xmlhttp.send(null); + selectPrefRows('user', false); // cleanup feed selection + closeInfoBox(); } function filterEditCancel() { @@ -766,22 +741,18 @@ function labelEditSave() { return } -/* var sqlexp = document.getElementById("iedit_expr").value; - var descr = document.getElementById("iedit_descr").value; - -// notify("Saving label " + sqlexp + ": " + descr); + var sql_exp = document.forms["label_edit_form"].sql_exp.value; + var description = document.forms["label_edit_form"].description.value; - if (sqlexp.length == 0) { - notify("SQL expression cannot be blank."); + if (sql_exp.length == 0) { + alert("SQL Expression cannot be blank."); return; } - if (descr.length == 0) { - notify("Caption cannot be blank."); + if (description.length == 0) { + alert("Caption field cannot be blank."); return; - } */ - - // FIXME: input validation + } notify("Saving label..."); @@ -798,41 +769,25 @@ function labelEditSave() { function userEditSave() { - var user = active_user; - if (!xmlhttp_ready(xmlhttp)) { printLockingError(); return } - var login = document.getElementById("iedit_ulogin").value; - var level = document.getElementById("iedit_ulevel"); - - level = level[level.selectedIndex].id; - - var email = document.getElementById("iedit_email").value; + var login = document.forms["user_edit_form"].login.value; if (login.length == 0) { - notify("Login cannot be blank."); + alert("Login field cannot be blank."); return; } - - if (level.length == 0) { - notify("User level cannot be blank."); - return; - } - - active_user = false; - + notify("Saving user..."); - - xmlhttp.open("GET", "backend.php?op=pref-users&subop=editSave&id=" + - user + "&l=" + param_escape(login) + "&al=" + param_escape(level) + - "&e=" + param_escape(email), true); - + + var query = Form.serialize("user_edit_form"); + + xmlhttp.open("GET", "backend.php?" + query, true); xmlhttp.onreadystatechange=userlist_callback; xmlhttp.send(null); - } @@ -843,7 +798,12 @@ function filterEditSave() { return } - // FIXME: input validation + var reg_exp = document.forms["filter_edit_form"].reg_exp.value; + + if (reg_exp.length == 0) { + alert("Filter expression field cannot be blank."); + return; + } notify("Saving filter..."); @@ -1171,11 +1131,9 @@ function selectTab(id, noupdate) { notify("Loading, please wait...", true); // clean up all current selections, just in case - active_feed = false; active_feed_cat = false; active_filter = false; active_label = false; - active_user = false; if (id == "feedConfig") { updateFeedList();