[tt-rss.git] / classes / pref / users.php

<?php
class Pref_Users extends Handler_Protected {
		function before($method) {
			if (parent::before($method)) {
				if ($_SESSION["access_level"] < 10) {
					print __("Your access level is insufficient to open this tab.");
					return false;
				}
				return true;
			}
			return false;
		}

		function csrf_ignore($method) {
			$csrf_ignored = array("index");

			return array_search($method, $csrf_ignored) !== false;
		}

		function userdetails() {

			$uid = sprintf("%d", $_REQUEST["id"]);

			$result = $this->dbh->query("SELECT login,
				".SUBSTRING_FOR_DATE."(last_login,1,16) AS last_login,
				access_level,
				(SELECT COUNT(int_id) FROM ttrss_user_entries
					WHERE owner_uid = id) AS stored_articles,
				".SUBSTRING_FOR_DATE."(created,1,16) AS created
				FROM ttrss_users
				WHERE id = '$uid'");

			if ($this->dbh->num_rows($result) == 0) {
				print "<h1>".__('User not found')."</h1>";
				return;
			}

			// print "<h1>User Details</h1>";

			$login = $this->dbh->fetch_result($result, 0, "login");

			print "<table width='100%'>";

			$last_login = make_local_datetime(
				$this->dbh->fetch_result($result, 0, "last_login"), true);

			$created = make_local_datetime(
				$this->dbh->fetch_result($result, 0, "created"), true);

			$access_level = $this->dbh->fetch_result($result, 0, "access_level");
			$stored_articles = $this->dbh->fetch_result($result, 0, "stored_articles");

			print "<tr><td>".__('Registered')."</td><td>$created</td></tr>";
			print "<tr><td>".__('Last logged in')."</td><td>$last_login</td></tr>";

			$result = $this->dbh->query("SELECT COUNT(id) as num_feeds FROM ttrss_feeds
				WHERE owner_uid = '$uid'");

			$num_feeds = $this->dbh->fetch_result($result, 0, "num_feeds");

			print "<tr><td>".__('Subscribed feeds count')."</td><td>$num_feeds</td></tr>";

			print "</table>";

			print "<h1>".__('Subscribed feeds')."</h1>";

			$result = $this->dbh->query("SELECT id,title,site_url FROM ttrss_feeds
				WHERE owner_uid = '$uid' ORDER BY title");

			print "<ul class=\"userFeedList\">";

			while ($line = $this->dbh->fetch_assoc($result)) {

				$icon_file = ICONS_URL."/".$line["id"].".ico";

				if (file_exists($icon_file) && filesize($icon_file) > 0) {
					$feed_icon = "<img class=\"tinyFeedIcon\" src=\"$icon_file\">";
				} else {
					$feed_icon = "<img class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\">";
				}

				print "<li>$feed_icon&nbsp;<a href=\"".$line["site_url"]."\">".$line["title"]."</a></li>";

			}

			if ($this->dbh->num_rows($result) < $num_feeds) {
				// FIXME - add link to show ALL subscribed feeds here somewhere
				print "<li><img
					class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\">&nbsp;...</li>";
			}

			print "</ul>";

			print "<div align='center'>
				<button onclick=\"closeInfoBox()\">".__("Close this window").
				"</button></div>";

			return;
		}

		function edit() {
			global $access_level_names;

			$id = $this->dbh->escape_string($_REQUEST["id"]);
			print "<form id=\"user_edit_form\" onsubmit='return false'>";

			print "<input type=\"hidden\" name=\"id\" value=\"$id\">";
			print "<input type=\"hidden\" name=\"op\" value=\"pref-users\">";
			print "<input type=\"hidden\" name=\"method\" value=\"editSave\">";

			$result = $this->dbh->query("SELECT * FROM ttrss_users WHERE id = '$id'");

			$login = $this->dbh->fetch_result($result, 0, "login");
			$access_level = $this->dbh->fetch_result($result, 0, "access_level");
			$email = $this->dbh->fetch_result($result, 0, "email");

			$sel_disabled = ($id == $_SESSION["uid"]) ? "disabled" : "";

			print "<div class=\"dlgSec\">".__("User")."</div>";
			print "<div class=\"dlgSecCont\">";

			if ($sel_disabled) {
				print "<input type=\"hidden\" name=\"login\" value=\"$login\">";
				print "<input size=\"30\" style=\"font-size : 16px\"
					onkeypress=\"return filterCR(event, userEditSave)\" $sel_disabled
					value=\"$login\">";
			} else {
				print "<input size=\"30\" style=\"font-size : 16px\"
					onkeypress=\"return filterCR(event, userEditSave)\" $sel_disabled
					name=\"login\" value=\"$login\">";
			}

			print "</div>";

			print "<div class=\"dlgSec\">".__("Authentication")."</div>";
			print "<div class=\"dlgSecCont\">";

			print __('Access level: ') . " ";

			if (!$sel_disabled) {
				print_select_hash("access_level", $access_level, $access_level_names,
					$sel_disabled);
			} else {
				print_select_hash("", $access_level, $access_level_names,
					$sel_disabled);
				print "<input type=\"hidden\" name=\"access_level\" value=\"$access_level\">";
			}

			print "<br/>";

			print __('Change password to') .
				" <input type=\"password\" size=\"20\" onkeypress=\"return filterCR(event, userEditSave)\"
				name=\"password\">";

			print "</div>";

			print "<div class=\"dlgSec\">".__("Options")."</div>";
			print "<div class=\"dlgSecCont\">";

			print __('E-mail: ').
				" <input size=\"30\" name=\"email\" onkeypress=\"return filterCR(event, userEditSave)\"
				value=\"$email\">";

			print "</div>";

			print "</table>";

			print "</form>";

			print "<div class=\"dlgButtons\">
				<button onclick=\"return userEditSave()\">".
					__('Save')."</button>
				<button onclick=\"return userEditCancel()\">".
					__('Cancel')."</button></div>";

			return;
		}

		function editSave() {
			$login = $this->dbh->escape_string(trim($_REQUEST["login"]));
			$uid = $this->dbh->escape_string($_REQUEST["id"]);
			$access_level = (int) $_REQUEST["access_level"];
			$email = $this->dbh->escape_string(trim($_REQUEST["email"]));
			$password = $_REQUEST["password"];

			if ($password) {
				$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
				$pwd_hash = encrypt_password($password, $salt, true);
				$pass_query_part = "pwd_hash = '$pwd_hash', salt = '$salt',";
			} else {
				$pass_query_part = "";
			}

			$this->dbh->query("UPDATE ttrss_users SET $pass_query_part login = '$login',
				access_level = '$access_level', email = '$email', otp_enabled = false
				WHERE id = '$uid'");

		}

		function remove() {
			$ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));

			foreach ($ids as $id) {
				if ($id != $_SESSION["uid"] && $id != 1) {
					$this->dbh->query("DELETE FROM ttrss_tags WHERE owner_uid = '$id'");
					$this->dbh->query("DELETE FROM ttrss_feeds WHERE owner_uid = '$id'");
					$this->dbh->query("DELETE FROM ttrss_users WHERE id = '$id'");
				}
			}
		}

		function add() {

			$login = $this->dbh->escape_string(trim($_REQUEST["login"]));
			$tmp_user_pwd = make_password(8);
			$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
			$pwd_hash = encrypt_password($tmp_user_pwd, $salt, true);

			$result = $this->dbh->query("SELECT id FROM ttrss_users WHERE
				login = '$login'");

			if ($this->dbh->num_rows($result) == 0) {

				$this->dbh->query("INSERT INTO ttrss_users
					(login,pwd_hash,access_level,last_login,created, salt)
					VALUES ('$login', '$pwd_hash', 0, null, NOW(), '$salt')");


				$result = $this->dbh->query("SELECT id FROM ttrss_users WHERE
					login = '$login' AND pwd_hash = '$pwd_hash'");

				if ($this->dbh->num_rows($result) == 1) {

					$new_uid = $this->dbh->fetch_result($result, 0, "id");

					print format_notice(T_sprintf("Added user <b>%s</b> with password <b>%s</b>",
						$login, $tmp_user_pwd));

					initialize_user($new_uid);

				} else {

					print format_warning(T_sprintf("Could not create user <b>%s</b>", $login));

				}
			} else {
				print format_warning(T_sprintf("User <b>%s</b> already exists.", $login));
			}
		}

		static function resetUserPassword($uid, $show_password) {

			$result = db_query("SELECT login,email
				FROM ttrss_users WHERE id = '$uid'");

			$login = db_fetch_result($result, 0, "login");
			$email = db_fetch_result($result, 0, "email");
			$salt = db_fetch_result($result, 0, "salt");

			$new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
			$tmp_user_pwd = make_password(8);

			$pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true);

			db_query("UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt'
				WHERE id = '$uid'");

			if ($show_password) {
				print T_sprintf("Changed password of user <b>%s</b> to <b>%s</b>", $login, $tmp_user_pwd);
			} else {
				print_notice(T_sprintf("Sending new password of user <b>%s</b> to <b>%s</b>", $login, $email));
			}

			require_once 'classes/ttrssmailer.php';

			if ($email) {
				require_once "lib/MiniTemplator.class.php";

				$tpl = new MiniTemplator;

				$tpl->readTemplateFromFile("templates/resetpass_template.txt");

				$tpl->setVariable('LOGIN', $login);
				$tpl->setVariable('NEWPASS', $tmp_user_pwd);

				$tpl->addBlock('message');

				$message = "";

				$tpl->generateOutputToString($message);

				$mail = new ttrssMailer();

				$rc = $mail->quickMail($email, $login,
					__("[tt-rss] Password change notification"),
					$message, false);

				if (!$rc) print_error($mail->ErrorInfo);
			}
		}

		function resetPass() {
			$uid = $this->dbh->escape_string($_REQUEST["id"]);
			Pref_Users::resetUserPassword($uid, true);
		}

		function index() {

			global $access_level_names;

			print "<div id=\"pref-user-wrap\" dojoType=\"dijit.layout.BorderContainer\" gutters=\"false\">";
			print "<div id=\"pref-user-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";

			print "<div id=\"pref-user-toolbar\" dojoType=\"dijit.Toolbar\">";

			$user_search = $this->dbh->escape_string($_REQUEST["search"]);

			if (array_key_exists("search", $_REQUEST)) {
				$_SESSION["prefs_user_search"] = $user_search;
			} else {
				$user_search = $_SESSION["prefs_user_search"];
			}

			print "<div style='float : right; padding-right : 4px;'>
				<input dojoType=\"dijit.form.TextBox\" id=\"user_search\" size=\"20\" type=\"search\"
					value=\"$user_search\">
				<button dojoType=\"dijit.form.Button\" onclick=\"javascript:updateUsersList()\">".
					__('Search')."</button>
				</div>";

			$sort = $this->dbh->escape_string($_REQUEST["sort"]);

			if (!$sort || $sort == "undefined") {
				$sort = "login";
			}

			print "<div dojoType=\"dijit.form.DropDownButton\">".
					"<span>" . __('Select')."</span>";
			print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
			print "<div onclick=\"selectTableRows('prefUserList', 'all')\"
				dojoType=\"dijit.MenuItem\">".__('All')."</div>";
			print "<div onclick=\"selectTableRows('prefUserList', 'none')\"
				dojoType=\"dijit.MenuItem\">".__('None')."</div>";
			print "</div></div>";

			print "<button dojoType=\"dijit.form.Button\" onclick=\"javascript:addUser()\">".__('Create user')."</button>";

			print "
				<button dojoType=\"dijit.form.Button\" onclick=\"javascript:selectedUserDetails()\">".
				__('Details')."</button dojoType=\"dijit.form.Button\">
				<button dojoType=\"dijit.form.Button\" onclick=\"javascript:editSelectedUser()\">".
				__('Edit')."</button dojoType=\"dijit.form.Button\">
				<button dojoType=\"dijit.form.Button\" onclick=\"javascript:removeSelectedUsers()\">".
				__('Remove')."</button dojoType=\"dijit.form.Button\">
				<button dojoType=\"dijit.form.Button\" onclick=\"javascript:resetSelectedUserPass()\">".
				__('Reset password')."</button dojoType=\"dijit.form.Button\">";

			PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION,
				"hook_prefs_tab_section", "prefUsersToolbar");

			print "</div>"; #toolbar
			print "</div>"; #pane
			print "<div id=\"pref-user-content\" dojoType=\"dijit.layout.ContentPane\" region=\"center\">";

			print "<div id=\"sticky-status-msg\"></div>";

			if ($user_search) {

				$user_search = explode(" ", $user_search);
				$tokens = array();

				foreach ($user_search as $token) {
					$token = trim($token);
					array_push($tokens, "(UPPER(login) LIKE UPPER('%$token%'))");
				}

				$user_search_query = "(" . join($tokens, " AND ") . ") AND ";

			} else {
				$user_search_query = "";
			}

			$result = $this->dbh->query("SELECT
					id,login,access_level,email,
					".SUBSTRING_FOR_DATE."(last_login,1,16) as last_login,
					".SUBSTRING_FOR_DATE."(created,1,16) as created
				FROM
					ttrss_users
				WHERE
					$user_search_query
					id > 0
				ORDER BY $sort");

			if ($this->dbh->num_rows($result) > 0) {

			print "<p><table width=\"100%\" cellspacing=\"0\"
				class=\"prefUserList\" id=\"prefUserList\">";

			print "<tr class=\"title\">
						<td align='center' width=\"5%\">&nbsp;</td>
						<td width='30%'><a href=\"#\" onclick=\"updateUsersList('login')\">".__('Login')."</a></td>
						<td width='30%'><a href=\"#\" onclick=\"updateUsersList('access_level')\">".__('Access Level')."</a></td>
						<td width='20%'><a href=\"#\" onclick=\"updateUsersList('created')\">".__('Registered')."</a></td>
						<td width='20%'><a href=\"#\" onclick=\"updateUsersList('last_login')\">".__('Last login')."</a></td></tr>";

			$lnum = 0;

			while ($line = $this->dbh->fetch_assoc($result)) {

				$uid = $line["id"];

				print "<tr id=\"UMRR-$uid\">";

				$line["login"] = htmlspecialchars($line["login"]);

				$line["created"] = make_local_datetime($line["created"], false);
				$line["last_login"] = make_local_datetime($line["last_login"], false);

				print "<td align='center'><input onclick='toggleSelectRow2(this);'
					dojoType=\"dijit.form.CheckBox\" type=\"checkbox\"
					id=\"UMCHK-$uid\"></td>";

				$onclick = "onclick='editUser($uid, event)' title='".__('Click to edit')."'";

				print "<td $onclick>" . $line["login"] . "</td>";

				if (!$line["email"]) $line["email"] = "&nbsp;";

				print "<td $onclick>" .	$access_level_names[$line["access_level"]] . "</td>";
				print "<td $onclick>" . $line["created"] . "</td>";
				print "<td $onclick>" . $line["last_login"] . "</td>";

				print "</tr>";

				++$lnum;
			}

			print "</table>";

			} else {
				print "<p>";
				if (!$user_search) {
					print_warning(__('No users defined.'));
				} else {
					print_warning(__('No matching users found.'));
				}
				print "</p>";

			}

			print "</div>"; #pane

			PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB,
				"hook_prefs_tab", "prefUsers");

			print "</div>"; #container

		}

	}
?>
Commit	Line	Data
66665fba	1	<?php
369dbc19	2	class Pref_Users extends Handler_Protected {
17f9d200 JK	3	function before($method) {
17f9d200 JK	4	if (parent::before($method)) {
66665fba AD	5	if ($_SESSION["access_level"] < 10) {
	6	print __("Your access level is insufficient to open this tab.");
	7	return false;
	8	}
	9	return true;
	10	}
	11	return false;
	12	}
	13
8484ce22 AD	14	function csrf_ignore($method) {
	15	$csrf_ignored = array("index");
	16
	17	return array_search($method, $csrf_ignored) !== false;
	18	}
	19
66665fba AD	20	function userdetails() {
66665fba AD	21
66665fba AD	22	$uid = sprintf("%d", $_REQUEST["id"]);
66665fba AD	23
d9c85e0f	24	$result = $this->dbh->query("SELECT login,
66665fba AD	25	".SUBSTRING_FOR_DATE."(last_login,1,16) AS last_login,
	26	access_level,
	27	(SELECT COUNT(int_id) FROM ttrss_user_entries
	28	WHERE owner_uid = id) AS stored_articles,
	29	".SUBSTRING_FOR_DATE."(created,1,16) AS created
	30	FROM ttrss_users
	31	WHERE id = '$uid'");
	32
d9c85e0f	33	if ($this->dbh->num_rows($result) == 0) {
66665fba AD	34	print "<h1>".__('User not found')."</h1>";
	35	return;
	36	}
	37
	38	// print "<h1>User Details</h1>";
	39
d9c85e0f	40	$login = $this->dbh->fetch_result($result, 0, "login");
66665fba AD	41
	42	print "<table width='100%'>";
	43
6322ac79	44	$last_login = make_local_datetime(
d9c85e0f	45	$this->dbh->fetch_result($result, 0, "last_login"), true);
66665fba	46
6322ac79	47	$created = make_local_datetime(
d9c85e0f	48	$this->dbh->fetch_result($result, 0, "created"), true);
66665fba	49
d9c85e0f AD	50	$access_level = $this->dbh->fetch_result($result, 0, "access_level");
d9c85e0f AD	51	$stored_articles = $this->dbh->fetch_result($result, 0, "stored_articles");
66665fba AD	52
	53	print "<tr><td>".__('Registered')."</td><td>$created</td></tr>";
	54	print "<tr><td>".__('Last logged in')."</td><td>$last_login</td></tr>";
	55
d9c85e0f	56	$result = $this->dbh->query("SELECT COUNT(id) as num_feeds FROM ttrss_feeds
66665fba AD	57	WHERE owner_uid = '$uid'");
66665fba AD	58
d9c85e0f	59	$num_feeds = $this->dbh->fetch_result($result, 0, "num_feeds");
66665fba AD	60
	61	print "<tr><td>".__('Subscribed feeds count')."</td><td>$num_feeds</td></tr>";
	62
	63	print "</table>";
	64
	65	print "<h1>".__('Subscribed feeds')."</h1>";
	66
d9c85e0f	67	$result = $this->dbh->query("SELECT id,title,site_url FROM ttrss_feeds
66665fba AD	68	WHERE owner_uid = '$uid' ORDER BY title");
	69
	70	print "<ul class=\"userFeedList\">";
	71
d9c85e0f	72	while ($line = $this->dbh->fetch_assoc($result)) {
66665fba AD	73
	74	$icon_file = ICONS_URL."/".$line["id"].".ico";
	75
	76	if (file_exists($icon_file) && filesize($icon_file) > 0) {
	77	$feed_icon = "<img class=\"tinyFeedIcon\" src=\"$icon_file\">";
	78	} else {
	79	$feed_icon = "<img class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\">";
	80	}
	81
8d090a91	82	print "<li>$feed_icon <a href=\"".$line["site_url"]."\">".$line["title"]."</a></li>";
66665fba AD	83
	84	}
	85
d9c85e0f	86	if ($this->dbh->num_rows($result) < $num_feeds) {
66665fba AD	87	// FIXME - add link to show ALL subscribed feeds here somewhere
	88	print "<li><img
	89	class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\"> ...</li>";
	90	}
	91
	92	print "</ul>";
	93
	94	print "<div align='center'>
	95	<button onclick=\"closeInfoBox()\">".__("Close this window").
	96	"</button></div>";
	97
66665fba AD	98	return;
	99	}
	100
	101	function edit() {
	102	global $access_level_names;
	103
d9c85e0f	104	$id = $this->dbh->escape_string($_REQUEST["id"]);
66665fba AD	105	print "<form id=\"user_edit_form\" onsubmit='return false'>";
	106
	107	print "<input type=\"hidden\" name=\"id\" value=\"$id\">";
	108	print "<input type=\"hidden\" name=\"op\" value=\"pref-users\">";
	109	print "<input type=\"hidden\" name=\"method\" value=\"editSave\">";
	110
d9c85e0f	111	$result = $this->dbh->query("SELECT * FROM ttrss_users WHERE id = '$id'");
66665fba	112
d9c85e0f AD	113	$login = $this->dbh->fetch_result($result, 0, "login");
	114	$access_level = $this->dbh->fetch_result($result, 0, "access_level");
	115	$email = $this->dbh->fetch_result($result, 0, "email");
66665fba AD	116
	117	$sel_disabled = ($id == $_SESSION["uid"]) ? "disabled" : "";
	118
	119	print "<div class=\"dlgSec\">".__("User")."</div>";
	120	print "<div class=\"dlgSecCont\">";
	121
	122	if ($sel_disabled) {
	123	print "<input type=\"hidden\" name=\"login\" value=\"$login\">";
	124	print "<input size=\"30\" style=\"font-size : 16px\"
	125	onkeypress=\"return filterCR(event, userEditSave)\" $sel_disabled
	126	value=\"$login\">";
	127	} else {
	128	print "<input size=\"30\" style=\"font-size : 16px\"
	129	onkeypress=\"return filterCR(event, userEditSave)\" $sel_disabled
	130	name=\"login\" value=\"$login\">";
	131	}
	132
	133	print "</div>";
	134
	135	print "<div class=\"dlgSec\">".__("Authentication")."</div>";
	136	print "<div class=\"dlgSecCont\">";
	137
	138	print __('Access level: ') . " ";
	139
	140	if (!$sel_disabled) {
	141	print_select_hash("access_level", $access_level, $access_level_names,
	142	$sel_disabled);
	143	} else {
	144	print_select_hash("", $access_level, $access_level_names,
	145	$sel_disabled);
	146	print "<input type=\"hidden\" name=\"access_level\" value=\"$access_level\">";
	147	}
	148
	149	print "<br/>";
	150
	151	print __('Change password to') .
9bb6811d	152	" <input type=\"password\" size=\"20\" onkeypress=\"return filterCR(event, userEditSave)\"
66665fba AD	153	name=\"password\">";
	154
	155	print "</div>";
	156
	157	print "<div class=\"dlgSec\">".__("Options")."</div>";
	158	print "<div class=\"dlgSecCont\">";
	159
	160	print __('E-mail: ').
	161	" <input size=\"30\" name=\"email\" onkeypress=\"return filterCR(event, userEditSave)\"
	162	value=\"$email\">";
	163
	164	print "</div>";
	165
	166	print "</table>";
	167
	168	print "</form>";
	169
	170	print "<div class=\"dlgButtons\">
	171	<button onclick=\"return userEditSave()\">".
	172	__('Save')."</button>
	173	<button onclick=\"return userEditCancel()\">".
	174	__('Cancel')."</button></div>";
	175
66665fba AD	176	return;
	177	}
	178
	179	function editSave() {
d9c85e0f AD	180	$login = $this->dbh->escape_string(trim($_REQUEST["login"]));
d9c85e0f AD	181	$uid = $this->dbh->escape_string($_REQUEST["id"]);
66665fba	182	$access_level = (int) $_REQUEST["access_level"];
d9c85e0f	183	$email = $this->dbh->escape_string(trim($_REQUEST["email"]));
c72069b0	184	$password = $_REQUEST["password"];
66665fba AD	185
66665fba AD	186	if ($password) {
8db5d8ea	187	$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
098df83b AD	188	$pwd_hash = encrypt_password($password, $salt, true);
098df83b AD	189	$pass_query_part = "pwd_hash = '$pwd_hash', salt = '$salt',";
66665fba AD	190	} else {
	191	$pass_query_part = "";
	192	}
	193
d9c85e0f	194	$this->dbh->query("UPDATE ttrss_users SET $pass_query_part login = '$login',
e9f42579	195	access_level = '$access_level', email = '$email', otp_enabled = false
b8386ad3	196	WHERE id = '$uid'");
66665fba AD	197
	198	}
	199
	200	function remove() {
d9c85e0f	201	$ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
66665fba AD	202
	203	foreach ($ids as $id) {
	204	if ($id != $_SESSION["uid"] && $id != 1) {
d9c85e0f AD	205	$this->dbh->query("DELETE FROM ttrss_tags WHERE owner_uid = '$id'");
	206	$this->dbh->query("DELETE FROM ttrss_feeds WHERE owner_uid = '$id'");
	207	$this->dbh->query("DELETE FROM ttrss_users WHERE id = '$id'");
66665fba AD	208	}
	209	}
	210	}
	211
	212	function add() {
	213
d9c85e0f	214	$login = $this->dbh->escape_string(trim($_REQUEST["login"]));
66665fba	215	$tmp_user_pwd = make_password(8);
8db5d8ea	216	$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
098df83b	217	$pwd_hash = encrypt_password($tmp_user_pwd, $salt, true);
66665fba	218
d9c85e0f	219	$result = $this->dbh->query("SELECT id FROM ttrss_users WHERE
66665fba AD	220	login = '$login'");
66665fba AD	221
d9c85e0f	222	if ($this->dbh->num_rows($result) == 0) {
66665fba	223
d9c85e0f	224	$this->dbh->query("INSERT INTO ttrss_users
098df83b AD	225	(login,pwd_hash,access_level,last_login,created, salt)
098df83b AD	226	VALUES ('$login', '$pwd_hash', 0, null, NOW(), '$salt')");
66665fba AD	227
66665fba AD	228
d9c85e0f	229	$result = $this->dbh->query("SELECT id FROM ttrss_users WHERE
66665fba AD	230	login = '$login' AND pwd_hash = '$pwd_hash'");
66665fba AD	231
d9c85e0f	232	if ($this->dbh->num_rows($result) == 1) {
66665fba	233
d9c85e0f	234	$new_uid = $this->dbh->fetch_result($result, 0, "id");
66665fba AD	235
	236	print format_notice(T_sprintf("Added user <b>%s</b> with password <b>%s</b>",
	237	$login, $tmp_user_pwd));
	238
a42c55f0	239	initialize_user($new_uid);
66665fba AD	240
	241	} else {
	242
	243	print format_warning(T_sprintf("Could not create user <b>%s</b>", $login));
	244
	245	}
	246	} else {
	247	print format_warning(T_sprintf("User <b>%s</b> already exists.", $login));
	248	}
	249	}
	250
233b74ad	251	static function resetUserPassword($uid, $show_password) {
66665fba	252
233b74ad	253	$result = db_query("SELECT login,email
66665fba AD	254	FROM ttrss_users WHERE id = '$uid'");
	255
	256	$login = db_fetch_result($result, 0, "login");
	257	$email = db_fetch_result($result, 0, "email");
098df83b AD	258	$salt = db_fetch_result($result, 0, "salt");
098df83b AD	259
8db5d8ea	260	$new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
66665fba	261	$tmp_user_pwd = make_password(8);
66665fba	262
098df83b AD	263	$pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true);
098df83b AD	264
233b74ad	265	db_query("UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt'
66665fba AD	266	WHERE id = '$uid'");
66665fba AD	267
f43e9e97	268	if ($show_password) {
18446943	269	print T_sprintf("Changed password of user <b>%s</b> to <b>%s</b>", $login, $tmp_user_pwd);
f43e9e97	270	} else {
483f15d5	271	print_notice(T_sprintf("Sending new password of user <b>%s</b> to <b>%s</b>", $login, $email));
f43e9e97	272	}
66665fba	273
68fb3c95	274	require_once 'classes/ttrssmailer.php';
66665fba AD	275
66665fba AD	276	if ($email) {
66665fba AD	277	require_once "lib/MiniTemplator.class.php";
	278
	279	$tpl = new MiniTemplator;
	280
	281	$tpl->readTemplateFromFile("templates/resetpass_template.txt");
	282
	283	$tpl->setVariable('LOGIN', $login);
	284	$tpl->setVariable('NEWPASS', $tmp_user_pwd);
	285
	286	$tpl->addBlock('message');
	287
	288	$message = "";
	289
	290	$tpl->generateOutputToString($message);
	291
68fb3c95	292	$mail = new ttrssMailer();
66665fba	293
68fb3c95 AD	294	$rc = $mail->quickMail($email, $login,
	295	__("[tt-rss] Password change notification"),
	296	$message, false);
66665fba AD	297
	298	if (!$rc) print_error($mail->ErrorInfo);
	299	}
f43e9e97	300	}
66665fba	301
f43e9e97	302	function resetPass() {
d9c85e0f	303	$uid = $this->dbh->escape_string($_REQUEST["id"]);
a42c55f0	304	Pref_Users::resetUserPassword($uid, true);
66665fba AD	305	}
	306
	307	function index() {
	308
	309	global $access_level_names;
	310
	311	print "<div id=\"pref-user-wrap\" dojoType=\"dijit.layout.BorderContainer\" gutters=\"false\">";
	312	print "<div id=\"pref-user-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";
	313
	314	print "<div id=\"pref-user-toolbar\" dojoType=\"dijit.Toolbar\">";
	315
d9c85e0f	316	$user_search = $this->dbh->escape_string($_REQUEST["search"]);
66665fba AD	317
	318	if (array_key_exists("search", $_REQUEST)) {
	319	$_SESSION["prefs_user_search"] = $user_search;
	320	} else {
	321	$user_search = $_SESSION["prefs_user_search"];
	322	}
	323
	324	print "<div style='float : right; padding-right : 4px;'>
	325	<input dojoType=\"dijit.form.TextBox\" id=\"user_search\" size=\"20\" type=\"search\"
	326	value=\"$user_search\">
	327	<button dojoType=\"dijit.form.Button\" onclick=\"javascript:updateUsersList()\">".
	328	__('Search')."</button>
	329	</div>";
	330
d9c85e0f	331	$sort = $this->dbh->escape_string($_REQUEST["sort"]);
66665fba AD	332
	333	if (!$sort \|\| $sort == "undefined") {
	334	$sort = "login";
	335	}
	336
	337	print "<div dojoType=\"dijit.form.DropDownButton\">".
	338	"<span>" . __('Select')."</span>";
	339	print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
	340	print "<div onclick=\"selectTableRows('prefUserList', 'all')\"
	341	dojoType=\"dijit.MenuItem\">".__('All')."</div>";
	342	print "<div onclick=\"selectTableRows('prefUserList', 'none')\"
	343	dojoType=\"dijit.MenuItem\">".__('None')."</div>";
	344	print "</div></div>";
	345
	346	print "<button dojoType=\"dijit.form.Button\" onclick=\"javascript:addUser()\">".__('Create user')."</button>";
	347
	348	print "
	349	<button dojoType=\"dijit.form.Button\" onclick=\"javascript:selectedUserDetails()\">".
	350	__('Details')."</button dojoType=\"dijit.form.Button\">
	351	<button dojoType=\"dijit.form.Button\" onclick=\"javascript:editSelectedUser()\">".
	352	__('Edit')."</button dojoType=\"dijit.form.Button\">
	353	<button dojoType=\"dijit.form.Button\" onclick=\"javascript:removeSelectedUsers()\">".
	354	__('Remove')."</button dojoType=\"dijit.form.Button\">
	355	<button dojoType=\"dijit.form.Button\" onclick=\"javascript:resetSelectedUserPass()\">".
	356	__('Reset password')."</button dojoType=\"dijit.form.Button\">";
	357
610fe115 AD	358	PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION,
	359	"hook_prefs_tab_section", "prefUsersToolbar");
	360
66665fba AD	361	print "</div>"; #toolbar
	362	print "</div>"; #pane
	363	print "<div id=\"pref-user-content\" dojoType=\"dijit.layout.ContentPane\" region=\"center\">";
	364
	365	print "<div id=\"sticky-status-msg\"></div>";
	366
	367	if ($user_search) {
	368
a5680acb	369	$user_search = explode(" ", $user_search);
66665fba AD	370	$tokens = array();
	371
	372	foreach ($user_search as $token) {
	373	$token = trim($token);
	374	array_push($tokens, "(UPPER(login) LIKE UPPER('%$token%'))");
	375	}
	376
	377	$user_search_query = "(" . join($tokens, " AND ") . ") AND ";
	378
	379	} else {
	380	$user_search_query = "";
	381	}
	382
d9c85e0f	383	$result = $this->dbh->query("SELECT
66665fba AD	384	id,login,access_level,email,
	385	".SUBSTRING_FOR_DATE."(last_login,1,16) as last_login,
	386	".SUBSTRING_FOR_DATE."(created,1,16) as created
	387	FROM
	388	ttrss_users
	389	WHERE
	390	$user_search_query
	391	id > 0
	392	ORDER BY $sort");
	393
d9c85e0f	394	if ($this->dbh->num_rows($result) > 0) {
66665fba AD	395
	396	print "<p><table width=\"100%\" cellspacing=\"0\"
	397	class=\"prefUserList\" id=\"prefUserList\">";
	398
	399	print "<tr class=\"title\">
	400	<td align='center' width=\"5%\"> </td>
84391d69 AD	401	<td width='30%'><a href=\"#\" onclick=\"updateUsersList('login')\">".__('Login')."</a></td>
84391d69 AD	402	<td width='30%'><a href=\"#\" onclick=\"updateUsersList('access_level')\">".__('Access Level')."</a></td>
66665fba AD	403	<td width='20%'><a href=\"#\" onclick=\"updateUsersList('created')\">".__('Registered')."</a></td>
	404	<td width='20%'><a href=\"#\" onclick=\"updateUsersList('last_login')\">".__('Last login')."</a></td></tr>";
	405
	406	$lnum = 0;
	407
d9c85e0f	408	while ($line = $this->dbh->fetch_assoc($result)) {
66665fba	409
66665fba AD	410	$uid = $line["id"];
66665fba AD	411
84391d69	412	print "<tr id=\"UMRR-$uid\">";
66665fba AD	413
	414	$line["login"] = htmlspecialchars($line["login"]);
	415
a42c55f0 AD	416	$line["created"] = make_local_datetime($line["created"], false);
a42c55f0 AD	417	$line["last_login"] = make_local_datetime($line["last_login"], false);
66665fba	418
84391d69 AD	419	print "<td align='center'><input onclick='toggleSelectRow2(this);'
	420	dojoType=\"dijit.form.CheckBox\" type=\"checkbox\"
	421	id=\"UMCHK-$uid\"></td>";
66665fba AD	422
	423	$onclick = "onclick='editUser($uid, event)' title='".__('Click to edit')."'";
	424
	425	print "<td $onclick>" . $line["login"] . "</td>";
	426
	427	if (!$line["email"]) $line["email"] = " ";
	428
	429	print "<td $onclick>" . $access_level_names[$line["access_level"]] . "</td>";
	430	print "<td $onclick>" . $line["created"] . "</td>";
	431	print "<td $onclick>" . $line["last_login"] . "</td>";
	432
	433	print "</tr>";
	434
	435	++$lnum;
	436	}
	437
	438	print "</table>";
	439
	440	} else {
	441	print "<p>";
	442	if (!$user_search) {
	443	print_warning(__('No users defined.'));
	444	} else {
	445	print_warning(__('No matching users found.'));
	446	}
	447	print "</p>";
	448
	449	}
	450
	451	print "</div>"; #pane
6065f3ad	452
1ffe3391	453	PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB,
6065f3ad AD	454	"hook_prefs_tab", "prefUsers");
6065f3ad AD	455
66665fba AD	456	print "</div>"; #container
	457
	458	}
	459
	460	}
	461	?>