From e6cb77a07ad5ff4b7d43aa00fdf1fc810bfebf69 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Fri, 18 Nov 2005 10:00:18 +0100 Subject: [PATCH] user manager --- backend.php | 192 ++++++++++++++++++++++++++++++++++++++++++++- functions.php | 37 +++++++++ login.php | 1 + prefs.js | 213 ++++++++++++++++++++++++++++++++++++++++++++++++++ prefs.php | 10 +-- tt-rss.css | 10 ++- tt-rss.php | 3 - 7 files changed, 454 insertions(+), 12 deletions(-) diff --git a/backend.php b/backend.php index 0fbe75b3..42707b09 100644 --- a/backend.php +++ b/backend.php @@ -1009,7 +1009,7 @@ } else { - print ""; + print ""; print ""; print ""; @@ -1201,7 +1201,7 @@ } else { - print ""; + print ""; print ""; @@ -1356,7 +1356,7 @@ } else { - print ""; + print ""; print ""; @@ -1743,6 +1743,192 @@ } + if ($op == "pref-users") { + + $subop = $_GET["subop"]; + + if ($subop == "editSave") { + + if (!WEB_DEMO_MODE) { + + $login = db_escape_string($_GET["l"]); + $uid = db_escape_string($_GET["id"]); + $access_level = sprintf("%d", $_GET["al"]); + + db_query($link, "UPDATE ttrss_users SET login = '$login', access_level = '$access_level' WHERE id = '$uid'"); + + } + } else if ($subop == "remove") { + + if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { + + $ids = split(",", $_GET["ids"]); + + foreach ($ids as $id) { + db_query($link, "DELETE FROM ttrss_users WHERE id = '$id' AND id != " . $_SESSION["uid"]); + + } + } + } else if ($subop == "add") { + + if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { + + $login = db_escape_string($_GET["login"]); + $tmp_user_pwd = make_password(8); + $pwd_hash = 'SHA1:' . sha1($tmp_user_pwd); + + db_query($link, "INSERT INTO ttrss_users (login,pwd_hash,access_level) + VALUES ('$login', '$pwd_hash', 0)"); + + + $result = db_query($link, "SELECT id FROM ttrss_users WHERE + login = '$login' AND pwd_hash = '$pwd_hash'"); + + if (db_num_rows($result) == 1) { + + $new_uid = db_fetch_result($result, 0, "id"); + + print "
Added user ".$_GET["login"]. + " with password $tmp_user_pwd.
"; + + initialize_user($link, $new_uid); + + } else { + + print "
Error while adding user ". + $_GET["login"].".
"; + + } + } + } else if ($subop == "resetPass") { + + if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { + + $uid = db_escape_string($_GET["id"]); + + $result = db_query($link, "SELECT login FROM ttrss_users WHERE id = '$uid'"); + + $login = db_fetch_result($result, 0, "login"); + $tmp_user_pwd = make_password(8); + $pwd_hash = 'SHA1:' . sha1($tmp_user_pwd); + + db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash' + WHERE id = '$uid'"); + + print "
Changed password of + user $login to $tmp_user_pwd.
"; + + } + } + + print " + "; + + print" +
+ Add user
"; + + $result = db_query($link, "SELECT + id,login,access_level + FROM + ttrss_users + ORDER by login"); + + print "

"; + + print " + + "; + + $lnum = 0; + + while ($line = db_fetch_assoc($result)) { + + $class = ($lnum % 2) ? "even" : "odd"; + + $uid = $line["id"]; + $edit_uid = $_GET["id"]; + + if ($uid == $_SESSION["uid"] || ($subop == "edit" && $uid != $edit_uid)) { + $class .= "Grayed"; + } + + print ""; + + $line["login"] = htmlspecialchars($line["login"]); + + if ($uid == $_SESSION["uid"]) { + + print ""; + + print ""; + print ""; + + + } else if (!$edit_uid || $subop != "edit") { + + print ""; + + print ""; + + print ""; + + } else if ($uid != $edit_uid) { + + print ""; + + print ""; + print ""; + + } else { + + print ""; + + print ""; + + print ""; + + } + + + print ""; + + ++$lnum; + } + + print "
SelectLogin + Access Level
".$line["login"]."".$line["access_level"]."" . + $line["login"] . "" . + $line["access_level"] . "".$line["login"]."".$line["access_level"]."
"; + + print "

"; + + if ($subop == "edit") { + print "Edit label: + + "; + + } else { + + print " + Selection: + + + "; + } + } + + db_close($link); ?> diff --git a/functions.php b/functions.php index 9841f95c..3985890b 100644 --- a/functions.php +++ b/functions.php @@ -553,4 +553,41 @@ } } + function make_password($length = 8) { + + $password = ""; + $possible = "0123456789bcdfghjkmnpqrstvwxyz"; + + $i = 0; + + while ($i < $length) { + $char = substr($possible, mt_rand(0, strlen($possible)-1), 1); + + if (!strstr($password, $char)) { + $password .= $char; + $i++; + } + } + return $password; + } + + // this is called after user is created to initialize default feeds, labels + // or whatever else + + // user preferences are checked on every login, not here + + function initialize_user($link, $uid) { + + db_query($link, "insert into ttrss_labels (owner_uid,sql_exp,description) + values ('$uid','unread = true', 'Unread articles')"); + + db_query($link, "insert into ttrss_labels (owner_uid,sql_exp,description) + values ('$uid','last_read is null and unread = false', 'Updated articles')"); + + db_query($link, "insert into ttrss_feeds (owner_uid,title,feed_url) + values ('$uid', 'Tiny Tiny RSS Dev. Feed', + 'http://bah.spb.su/darcsweb/darcsweb.cgi?r=tt-rss;a=rss')"); + + } + ?> diff --git a/login.php b/login.php index 86694667..1aa606d5 100644 --- a/login.php +++ b/login.php @@ -12,6 +12,7 @@ if ($login && $password) { if (authenticate_user($link, $login, $password)) { + initialize_user_prefs($link, $_SESSION["uid"]); header("Location: tt-rss.php"); } } diff --git a/prefs.js b/prefs.js index df49f85b..c18e5100 100644 --- a/prefs.js +++ b/prefs.js @@ -8,6 +8,7 @@ var xmlhttp = false; var active_feed = false; var active_filter = false; var active_label = false; +var active_user = false; var active_tab = false; @@ -95,6 +96,28 @@ function labellist_callback() { } } +function userlist_callback() { + var container = document.getElementById('prefContent'); + if (xmlhttp.readyState == 4) { + container.innerHTML=xmlhttp.responseText; + +/* if (active_filter) { + var row = document.getElementById("ULRR-" + active_label); + if (row) { + if (!row.className.match("Selected")) { + row.className = row.className + "Selected"; + } + } + var checkbox = document.getElementById("LICHK-" + active_label); + + if (checkbox) { + checkbox.checked = true; + } + } */ + p_notify(""); + } +} + function prefslist_callback() { var container = document.getElementById('prefContent'); if (xmlhttp.readyState == 4) { @@ -141,6 +164,23 @@ function updateFeedList() { } +function updateUsersList() { + + if (!xmlhttp_ready(xmlhttp)) { + printLockingError(); + return + } + +// document.getElementById("prefContent").innerHTML = "Loading feeds, please wait..."; + + p_notify("Loading, please wait..."); + + xmlhttp.open("GET", "backend.php?op=pref-users", true); + xmlhttp.onreadystatechange=userlist_callback; + xmlhttp.send(null); + +} + function toggleSelectRow(sender) { var parent_row = sender.parentNode.parentNode; @@ -233,6 +273,31 @@ function addFeed() { } +function addUser() { + + if (!xmlhttp_ready(xmlhttp)) { + printLockingError(); + return + } + + var sqlexp = document.getElementById("uadd_box"); + + if (sqlexp.value.length == 0) { + notify("Missing user login."); + } else { + notify("Adding user..."); + + xmlhttp.open("GET", "backend.php?op=pref-users&subop=add&login=" + + param_escape(sqlexp.value), true); + + xmlhttp.onreadystatechange=userlist_callback; + xmlhttp.send(null); + + sqlexp.value = ""; + } + +} + function editLabel(id) { if (!xmlhttp_ready(xmlhttp)) { @@ -249,6 +314,22 @@ function editLabel(id) { } +function editUser(id) { + + if (!xmlhttp_ready(xmlhttp)) { + printLockingError(); + return + } + + active_user = id; + + xmlhttp.open("GET", "backend.php?op=pref-users&subop=edit&id=" + + param_escape(id), true); + xmlhttp.onreadystatechange=userlist_callback; + xmlhttp.send(null); + +} + function editFilter(id) { if (!xmlhttp_ready(xmlhttp)) { @@ -299,6 +380,22 @@ function getSelectedLabels() { return sel_rows; } +function getSelectedUsers() { + + var content = document.getElementById("prefUserList"); + + var sel_rows = new Array(); + + for (i = 0; i < content.rows.length; i++) { + if (content.rows[i].className.match("Selected")) { + var row_id = content.rows[i].id.replace("UMRR-", ""); + sel_rows.push(row_id); + } + } + + return sel_rows; +} + function getSelectedFilters() { @@ -405,6 +502,29 @@ function removeSelectedLabels() { } } +function removeSelectedUsers() { + + if (!xmlhttp_ready(xmlhttp)) { + printLockingError(); + return + } + + var sel_rows = getSelectedUsers(); + + if (sel_rows.length > 0) { + + notify("Removing selected users..."); + + xmlhttp.open("GET", "backend.php?op=pref-users&subop=remove&ids="+ + param_escape(sel_rows.toString()), true); + xmlhttp.onreadystatechange=userlist_callback; + xmlhttp.send(null); + + } else { + notify("Please select some labels first."); + } +} + function removeSelectedFilters() { if (!xmlhttp_ready(xmlhttp)) { @@ -535,6 +655,22 @@ function labelEditCancel() { } +function userEditCancel() { + + if (!xmlhttp_ready(xmlhttp)) { + printLockingError(); + return + } + + active_user = false; + + notify("Operation cancelled."); + + xmlhttp.open("GET", "backend.php?op=pref-users", true); + xmlhttp.onreadystatechange=userlist_callback; + xmlhttp.send(null); + +} function filterEditCancel() { @@ -588,6 +724,40 @@ function labelEditSave() { } +function userEditSave() { + + var user = active_user; + + if (!xmlhttp_ready(xmlhttp)) { + printLockingError(); + return + } + + var login = document.getElementById("iedit_ulogin").value; + var level = document.getElementById("iedit_ulevel").value; + + if (login.length == 0) { + notify("Login cannot be blank."); + return; + } + + if (level.length == 0) { + notify("User level cannot be blank."); + return; + } + + active_user = false; + + xmlhttp.open("GET", "backend.php?op=pref-users&subop=editSave&id=" + + user + "&l=" + param_escape(login) + "&al=" + param_escape(level), + true); + + xmlhttp.onreadystatechange=labellist_callback; + xmlhttp.send(null); + +} + + function filterEditSave() { var filter = active_filter; @@ -638,6 +808,47 @@ function editSelectedLabel() { } +function editSelectedUser() { + var rows = getSelectedUsers(); + + if (rows.length == 0) { + notify("No users are selected."); + return; + } + + if (rows.length > 1) { + notify("Please select one user."); + return; + } + + editUser(rows[0]); +} + +function resetSelectedUserPass() { + var rows = getSelectedUsers(); + + if (rows.length == 0) { + notify("No users are selected."); + return; + } + + if (rows.length > 1) { + notify("Please select one user."); + return; + } + + notify("Resetting password for selected user..."); + + var id = rows[0]; + + xmlhttp.open("GET", "backend.php?op=pref-users&subop=resetPass&id=" + + param_escape(id), true); + xmlhttp.onreadystatechange=userlist_callback; + xmlhttp.send(null); + +} + + function editSelectedFilter() { var rows = getSelectedFilters(); @@ -755,6 +966,8 @@ function selectTab(id) { updateLabelList(); } else if (id == "genConfig") { updatePrefsList(); + } else if (id == "userConfig") { + updateUsersList(); } var tab = document.getElementById(active_tab + "Tab"); diff --git a/prefs.php b/prefs.php index f6b862f0..4c19f687 100644 --- a/prefs.php +++ b/prefs.php @@ -23,10 +23,6 @@ $_SESSION["name"] = "admin"; } - - initialize_user_prefs($link, $_SESSION["uid"]); - // FIXME this needs to be moved somewhere after user creation - ?> @@ -77,7 +73,7 @@ - @@ -87,6 +83,10 @@ + = 10) { ?> + + diff --git a/tt-rss.css b/tt-rss.css index 0bc3a522..b45f0d42 100644 --- a/tt-rss.css +++ b/tt-rss.css @@ -241,7 +241,7 @@ a:hover { } #iedit_title, #iedit_link, #iedit_regexp, #iedit_descr, #iedit_expr, #iedit_updintl, -#iedit_purgintl { +#iedit_purgintl, #iedit_ulogin, #iedit_ulevel { width : 100%; padding-left : 2px; } @@ -498,6 +498,14 @@ div.warning { font-size : x-small; } +div.notice { + background : #ffffff; + border : 1px solid #c0c0c0; + padding : 5px; + margin : 5px; + font-size : x-small; +} + ul.nomarks { list-style-type : none; margin : 0px; diff --git a/tt-rss.php b/tt-rss.php index 6dd4195f..5de1c675 100644 --- a/tt-rss.php +++ b/tt-rss.php @@ -23,9 +23,6 @@ $_SESSION["name"] = "admin"; } - initialize_user_prefs($link, $_SESSION["uid"]); - // FIXME this needs to be moved somewhere after user creation - ?> -- 2.39.2