[tt-rss.git] / modules / pref-users.php

<?php
	function module_pref_users($link) {

		global $access_level_names;

		$subop = $_GET["subop"];

		if ($subop == "edit") {

			$id = db_escape_string($_GET["id"]);

			print "<div id=\"infoBoxTitle\">".__('User editor')."</div>";
			
			print "<div class=\"infoBoxContents\">";

			print "<form id=\"user_edit_form\" onsubmit='return false'>";

			print "<input type=\"hidden\" name=\"id\" value=\"$id\">";
			print "<input type=\"hidden\" name=\"op\" value=\"pref-users\">";
			print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">";

			$result = db_query($link, "SELECT * FROM ttrss_users WHERE id = '$id'");

			$login = db_fetch_result($result, 0, "login");
			$access_level = db_fetch_result($result, 0, "access_level");
			$email = db_fetch_result($result, 0, "email");

			print "<table width='100%'>";
			print "<tr><td>".__('Login:')."</td><td>
				<input class=\"iedit\" onkeypress=\"return filterCR(event)\"
				name=\"login\" value=\"$login\"></td></tr>";

			print "<tr><td>Change password:</td><td>
				<input class=\"iedit\" onkeypress=\"return filterCR(event)\"
				name=\"password\"></td></tr>";

			print "<tr><td>".__('E-mail:')."</td><td>
				<input class=\"iedit\" name=\"email\" onkeypress=\"return filterCR(event)\"
				value=\"$email\"></td></tr>";

			$sel_disabled = ($id == $_SESSION["uid"]) ? "disabled" : "";
				
			print "<tr><td>".__('Access level:')."</td><td>";
			print_select_hash("access_level", $access_level, $access_level_names, 
				$sel_disabled);
			print "</td></tr>";

			print "</table>";

			print "</form>";
			
			print "<div align='right'>
				<input class=\"button\"
					type=\"submit\" onclick=\"return userEditSave()\" 
					value=\"".__('Save')."\">
				<input class=\"button\"
					type=\"submit\" onclick=\"return userEditCancel()\" 
					value=\"".__('Cancel')."\"></div>";

			print "</div>";

			return;
		}

		if ($subop == "editSave") {
	
			if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {

				$login = db_escape_string(trim($_GET["login"]));
				$uid = db_escape_string($_GET["id"]);
				$access_level = (int) $_GET["access_level"];
				$email = db_escape_string(trim($_GET["email"]));
				$password = db_escape_string(trim($_GET["password"]));

				if ($password) {
					$pwd_hash = 'SHA1:' . sha1($password);
					$pass_query_part = "pwd_hash = '$pwd_hash', ";					
					print_notice(T_sprintf('Changed password of user <b>%s</b>.', $login));
				} else {
					$pass_query_part = "";
				}

				db_query($link, "UPDATE ttrss_users SET $pass_query_part login = '$login', 
					access_level = '$access_level', email = '$email' WHERE id = '$uid'");

			}
		} else if ($subop == "remove") {

			if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {

				$ids = split(",", db_escape_string($_GET["ids"]));

				foreach ($ids as $id) {
					db_query($link, "DELETE FROM ttrss_users WHERE id = '$id' AND id != " . $_SESSION["uid"]);
					
				}
			}
		} else if ($subop == "add") {
		
			if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {

				$login = db_escape_string(trim($_GET["login"]));
				$tmp_user_pwd = make_password(8);
				$pwd_hash = 'SHA1:' . sha1($tmp_user_pwd);

				$result = db_query($link, "SELECT id FROM ttrss_users WHERE 
					login = '$login'");

				if (db_num_rows($result) == 0) {

					db_query($link, "INSERT INTO ttrss_users 
						(login,pwd_hash,access_level,last_login)
						VALUES ('$login', '$pwd_hash', 0, NOW())");
	
	
					$result = db_query($link, "SELECT id FROM ttrss_users WHERE 
						login = '$login' AND pwd_hash = '$pwd_hash'");
	
					if (db_num_rows($result) == 1) {
	
						$new_uid = db_fetch_result($result, 0, "id");
	
						print_notice(T_sprintf("Added user <b>%s</b> with password <b>%s</b>", 
							$login, $tmp_user_pwd));
	
						initialize_user($link, $new_uid);
	
					} else {
					
						print_warning(T_sprintf("Could not create user <b>%s</b>", $login));
	
					}
				} else {
					print_warning(T_sprintf("User <b>%s</b> already exists.", $login));
				}
			} 
		} else if ($subop == "resetPass") {

			if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {

				$uid = db_escape_string($_GET["id"]);

				$result = db_query($link, "SELECT login,email 
					FROM ttrss_users WHERE id = '$uid'");

				$login = db_fetch_result($result, 0, "login");
				$email = db_fetch_result($result, 0, "email");
				$tmp_user_pwd = make_password(8);
				$pwd_hash = 'SHA1:' . sha1($tmp_user_pwd);

				db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash'
					WHERE id = '$uid'");

				print_notice(T_sprintf("Changed password of user <b>%s</b>
					 to <b>%s</b>", $login, $tmp_user_pwd));

				if (MAIL_RESET_PASS && $email) {
					print " Notifying <b>$email</b>.";

					mail("$login <$email>", "Password reset notification",
						"Hi, $login.\n".
						"\n".
						"Your password for this TT-RSS installation was reset by".
							" an administrator.\n".
						"\n".
						"Your new password is $tmp_user_pwd, please remember".
							" it for later reference.\n".
						"\n".
						"Sincerely, TT-RSS Mail Daemon.", "From: " . MAIL_FROM);
				}
					
				print "</div>";				

			}
		}

		$sort = db_escape_string($_GET["sort"]);

		if (!$sort || $sort == "undefined") {
			$sort = "login";
		}

		print "<div class=\"prefGenericAddBox\">
			<input id=\"uadd_box\" 			
				onkeyup=\"toggleSubmitNotEmpty(this, 'user_add_btn')\"
				onchange=\"toggleSubmitNotEmpty(this, 'user_add_btn')\"
				size=\"40\">&nbsp;";
			
		print "<input type=\"submit\" class=\"button\" 
			id=\"user_add_btn\" disabled=\"true\"
			onclick=\"javascript:addUser()\" value=\"".__('Create user')."\"></div>";

		$result = db_query($link, "SELECT 
				id,login,access_level,email,
				SUBSTRING(last_login,1,16) as last_login
			FROM 
				ttrss_users
			ORDER BY $sort");

//		print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>";

		print "<p><table width=\"100%\" cellspacing=\"0\" 
			class=\"prefUserList\" id=\"prefUserList\">";

		print "<tr><td class=\"selectPrompt\" colspan=\"8\">
				Select: 
					<a href=\"javascript:selectPrefRows('user', true)\">All</a>,
					<a href=\"javascript:selectPrefRows('user', false)\">None</a>
				</td</tr>";

		print "<tr class=\"title\">
					<td align='center' width=\"5%\">&nbsp;</td>
					<td width='40%'><a href=\"javascript:updateUsersList('login')\">Login</a></td>
					<td width='40%'><a href=\"javascript:updateUsersList('access_level')\">Access Level</a></td>
					<td width='30%'><a href=\"javascript:updateUsersList('last_login')\">Last login</a></td></tr>";
		
		$lnum = 0;
		
		while ($line = db_fetch_assoc($result)) {

			$class = ($lnum % 2) ? "even" : "odd";

			$uid = $line["id"];
			$edit_uid = $_GET["id"];

			if ($subop == "edit" && $uid != $edit_uid) {
				$class .= "Grayed";
				$this_row_id = "";
			} else {
				$this_row_id = "id=\"UMRR-$uid\"";
			}		
			
			print "<tr class=\"$class\" $this_row_id>";

			$line["login"] = htmlspecialchars($line["login"]);

#			$line["last_login"] = date(get_pref($link, 'SHORT_DATE_FORMAT'),
#				strtotime($line["last_login"]));

			if (get_pref($link, 'HEADLINES_SMART_DATE')) {
				$line["last_login"] = smart_date_time(strtotime($line["last_login"]));
			} else {
				$line["last_login"] = date(get_pref($link, 'SHORT_DATE_FORMAT'),
					strtotime($line["last_login"]));
			}				

			$access_level_names = array(0 => "User", 10 => "Administrator");

//			if (!$edit_uid || $subop != "edit") {

				print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"user\");' 
				type=\"checkbox\" id=\"UMCHK-$uid\"></td>";

				print "<td><a href=\"javascript:editUser($uid);\">" . 
					$line["login"] . "</td>";		

				if (!$line["email"]) $line["email"] = "&nbsp;";

				print "<td><a href=\"javascript:editUser($uid);\">" . 
					$access_level_names[$line["access_level"]] . "</td>";			

/*			} else if ($uid != $edit_uid) {

				if (!$line["email"]) $line["email"] = "&nbsp;";

				print "<td align='center'><input disabled=\"true\" type=\"checkbox\" 
					id=\"UMCHK-".$line["id"]."\"></td>";

				print "<td>".$line["login"]."</td>";		
				print "<td>".$line["email"]."</td>";		
				print "<td>".$access_level_names[$line["access_level"]]."</td>";

			} else {

				print "<td align='center'>
					<input disabled=\"true\" type=\"checkbox\" checked></td>";

				print "<td><input id=\"iedit_ulogin\" value=\"".$line["login"].
					"\"></td>";

				print "<td><input id=\"iedit_email\" value=\"".$line["email"].
					"\"></td>";

				print "<td>";
				print "<select id=\"iedit_ulevel\">";
				foreach (array_keys($access_level_names) as $al) {
					if ($al == $line["access_level"]) {
						$selected = "selected";
					} else {
						$selected = "";
					}					
					print "<option $selected id=\"$al\">" . 
						$access_level_names[$al] . "</option>";
				}
				print "</select>";
				print "</td>";

			} */
				
			print "<td>".$line["last_login"]."</td>";		
		
			print "</tr>";

			++$lnum;
		}

		print "</table>";

		print "<p id='userOpToolbar'>";

		print "				
			<input type=\"submit\" class=\"button\" disabled=\"true\"
				onclick=\"javascript:selectedUserDetails()\" value=\"".__('User details')."\">
			<input type=\"submit\" class=\"button\" disabled=\"true\"
				onclick=\"javascript:editSelectedUser()\" value=\"".__('Edit')."\">
			<input type=\"submit\" class=\"button\" disabled=\"true\"
				onclick=\"javascript:removeSelectedUsers()\" value=\"".__('Remove')."\">
			<input type=\"submit\" class=\"button\" disabled=\"true\"
				onclick=\"javascript:resetSelectedUserPass()\" value=\"".__('Reset password')."\">";

	}
?>
Commit	Line	Data
ef8be8ea AD	1	<?php
	2	function module_pref_users($link) {
	3
d20f3544 AD	4	global $access_level_names;
d20f3544 AD	5
ef8be8ea AD	6	$subop = $_GET["subop"];
	7
	8	if ($subop == "edit") {
	9
	10	$id = db_escape_string($_GET["id"]);
	11
11ffbec3	12	print "<div id=\"infoBoxTitle\">".__('User editor')."</div>";
ef8be8ea AD	13
	14	print "<div class=\"infoBoxContents\">";
	15
e6312f6c	16	print "<form id=\"user_edit_form\" onsubmit='return false'>";
ef8be8ea AD	17
	18	print "<input type=\"hidden\" name=\"id\" value=\"$id\">";
	19	print "<input type=\"hidden\" name=\"op\" value=\"pref-users\">";
	20	print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">";
	21
	22	$result = db_query($link, "SELECT * FROM ttrss_users WHERE id = '$id'");
	23
	24	$login = db_fetch_result($result, 0, "login");
	25	$access_level = db_fetch_result($result, 0, "access_level");
	26	$email = db_fetch_result($result, 0, "email");
	27
	28	print "<table width='100%'>";
11ffbec3	29	print "<tr><td>".__('Login:')."</td><td>
ef8be8ea AD	30	<input class=\"iedit\" onkeypress=\"return filterCR(event)\"
	31	name=\"login\" value=\"$login\"></td></tr>";
	32
	33	print "<tr><td>Change password:</td><td>
	34	<input class=\"iedit\" onkeypress=\"return filterCR(event)\"
	35	name=\"password\"></td></tr>";
	36
11ffbec3	37	print "<tr><td>".__('E-mail:')."</td><td>
ef8be8ea AD	38	<input class=\"iedit\" name=\"email\" onkeypress=\"return filterCR(event)\"
	39	value=\"$email\"></td></tr>";
	40
	41	$sel_disabled = ($id == $_SESSION["uid"]) ? "disabled" : "";
	42
11ffbec3	43	print "<tr><td>".__('Access level:')."</td><td>";
ef8be8ea AD	44	print_select_hash("access_level", $access_level, $access_level_names,
	45	$sel_disabled);
	46	print "</td></tr>";
	47
	48	print "</table>";
	49
	50	print "</form>";
	51
	52	print "<div align='right'>
	53	<input class=\"button\"
	54	type=\"submit\" onclick=\"return userEditSave()\"
11ffbec3	55	value=\"".__('Save')."\">
ef8be8ea AD	56	<input class=\"button\"
ef8be8ea AD	57	type=\"submit\" onclick=\"return userEditCancel()\"
11ffbec3	58	value=\"".__('Cancel')."\"></div>";
ef8be8ea AD	59
	60	print "</div>";
	61
	62	return;
	63	}
	64
	65	if ($subop == "editSave") {
	66
	67	if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
	68
	69	$login = db_escape_string(trim($_GET["login"]));
	70	$uid = db_escape_string($_GET["id"]);
4dccf1ed	71	$access_level = (int) $_GET["access_level"];
ef8be8ea AD	72	$email = db_escape_string(trim($_GET["email"]));
	73	$password = db_escape_string(trim($_GET["password"]));
	74
	75	if ($password) {
	76	$pwd_hash = 'SHA1:' . sha1($password);
	77	$pass_query_part = "pwd_hash = '$pwd_hash', ";
4dccf1ed	78	print_notice(T_sprintf('Changed password of user <b>%s</b>.', $login));
ef8be8ea AD	79	} else {
	80	$pass_query_part = "";
	81	}
	82
	83	db_query($link, "UPDATE ttrss_users SET $pass_query_part login = '$login',
	84	access_level = '$access_level', email = '$email' WHERE id = '$uid'");
	85
	86	}
	87	} else if ($subop == "remove") {
	88
	89	if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
	90
	91	$ids = split(",", db_escape_string($_GET["ids"]));
	92
	93	foreach ($ids as $id) {
	94	db_query($link, "DELETE FROM ttrss_users WHERE id = '$id' AND id != " . $_SESSION["uid"]);
	95
	96	}
	97	}
	98	} else if ($subop == "add") {
	99
	100	if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
	101
	102	$login = db_escape_string(trim($_GET["login"]));
	103	$tmp_user_pwd = make_password(8);
	104	$pwd_hash = 'SHA1:' . sha1($tmp_user_pwd);
	105
	106	$result = db_query($link, "SELECT id FROM ttrss_users WHERE
	107	login = '$login'");
	108
	109	if (db_num_rows($result) == 0) {
	110
	111	db_query($link, "INSERT INTO ttrss_users
	112	(login,pwd_hash,access_level,last_login)
	113	VALUES ('$login', '$pwd_hash', 0, NOW())");
	114
	115
	116	$result = db_query($link, "SELECT id FROM ttrss_users WHERE
	117	login = '$login' AND pwd_hash = '$pwd_hash'");
	118
	119	if (db_num_rows($result) == 1) {
	120
	121	$new_uid = db_fetch_result($result, 0, "id");
	122
4dccf1ed AD	123	print_notice(T_sprintf("Added user <b>%s</b> with password <b>%s</b>",
4dccf1ed AD	124	$login, $tmp_user_pwd));
ef8be8ea AD	125
	126	initialize_user($link, $new_uid);
	127
	128	} else {
	129
4dccf1ed	130	print_warning(T_sprintf("Could not create user <b>%s</b>", $login));
ef8be8ea AD	131
	132	}
	133	} else {
4dccf1ed	134	print_warning(T_sprintf("User <b>%s</b> already exists.", $login));
ef8be8ea AD	135	}
	136	}
	137	} else if ($subop == "resetPass") {
	138
	139	if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
	140
	141	$uid = db_escape_string($_GET["id"]);
	142
	143	$result = db_query($link, "SELECT login,email
	144	FROM ttrss_users WHERE id = '$uid'");
	145
	146	$login = db_fetch_result($result, 0, "login");
	147	$email = db_fetch_result($result, 0, "email");
	148	$tmp_user_pwd = make_password(8);
	149	$pwd_hash = 'SHA1:' . sha1($tmp_user_pwd);
	150
	151	db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash'
	152	WHERE id = '$uid'");
	153
4dccf1ed AD	154	print_notice(T_sprintf("Changed password of user <b>%s</b>
4dccf1ed AD	155	to <b>%s</b>", $login, $tmp_user_pwd));
ef8be8ea AD	156
	157	if (MAIL_RESET_PASS && $email) {
	158	print " Notifying <b>$email</b>.";
	159
	160	mail("$login <$email>", "Password reset notification",
	161	"Hi, $login.\n".
	162	"\n".
	163	"Your password for this TT-RSS installation was reset by".
	164	" an administrator.\n".
	165	"\n".
	166	"Your new password is $tmp_user_pwd, please remember".
	167	" it for later reference.\n".
	168	"\n".
	169	"Sincerely, TT-RSS Mail Daemon.", "From: " . MAIL_FROM);
	170	}
	171
	172	print "</div>";
	173
	174	}
	175	}
	176
	177	$sort = db_escape_string($_GET["sort"]);
	178
	179	if (!$sort \|\| $sort == "undefined") {
	180	$sort = "login";
	181	}
	182
	183	print "<div class=\"prefGenericAddBox\">
	184	<input id=\"uadd_box\"
	185	onkeyup=\"toggleSubmitNotEmpty(this, 'user_add_btn')\"
b5015f72	186	onchange=\"toggleSubmitNotEmpty(this, 'user_add_btn')\"
ef8be8ea AD	187	size=\"40\"> ";
	188
	189	print "<input type=\"submit\" class=\"button\"
	190	id=\"user_add_btn\" disabled=\"true\"
807fd4d6	191	onclick=\"javascript:addUser()\" value=\"".__('Create user')."\"></div>";
ef8be8ea AD	192
	193	$result = db_query($link, "SELECT
	194	id,login,access_level,email,
	195	SUBSTRING(last_login,1,16) as last_login
	196	FROM
	197	ttrss_users
	198	ORDER BY $sort");
	199
	200	// print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>";
	201
	202	print "<p><table width=\"100%\" cellspacing=\"0\"
	203	class=\"prefUserList\" id=\"prefUserList\">";
	204
	205	print "<tr><td class=\"selectPrompt\" colspan=\"8\">
	206	Select:
	207	<a href=\"javascript:selectPrefRows('user', true)\">All</a>,
	208	<a href=\"javascript:selectPrefRows('user', false)\">None</a>
	209	</td</tr>";
	210
	211	print "<tr class=\"title\">
	212	<td align='center' width=\"5%\"> </td>
	213	<td width='40%'><a href=\"javascript:updateUsersList('login')\">Login</a></td>
	214	<td width='40%'><a href=\"javascript:updateUsersList('access_level')\">Access Level</a></td>
	215	<td width='30%'><a href=\"javascript:updateUsersList('last_login')\">Last login</a></td></tr>";
	216
	217	$lnum = 0;
	218
	219	while ($line = db_fetch_assoc($result)) {
	220
	221	$class = ($lnum % 2) ? "even" : "odd";
	222
	223	$uid = $line["id"];
	224	$edit_uid = $_GET["id"];
	225
	226	if ($subop == "edit" && $uid != $edit_uid) {
	227	$class .= "Grayed";
	228	$this_row_id = "";
	229	} else {
	230	$this_row_id = "id=\"UMRR-$uid\"";
	231	}
	232
	233	print "<tr class=\"$class\" $this_row_id>";
	234
	235	$line["login"] = htmlspecialchars($line["login"]);
	236
0b6f179e AD	237	# $line["last_login"] = date(get_pref($link, 'SHORT_DATE_FORMAT'),
	238	# strtotime($line["last_login"]));
	239
	240	if (get_pref($link, 'HEADLINES_SMART_DATE')) {
	241	$line["last_login"] = smart_date_time(strtotime($line["last_login"]));
	242	} else {
	243	$line["last_login"] = date(get_pref($link, 'SHORT_DATE_FORMAT'),
	244	strtotime($line["last_login"]));
	245	}
ef8be8ea AD	246
	247	$access_level_names = array(0 => "User", 10 => "Administrator");
	248
	249	// if (!$edit_uid \|\| $subop != "edit") {
	250
	251	print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"user\");'
	252	type=\"checkbox\" id=\"UMCHK-$uid\"></td>";
	253
	254	print "<td><a href=\"javascript:editUser($uid);\">" .
	255	$line["login"] . "</td>";
	256
	257	if (!$line["email"]) $line["email"] = " ";
	258
	259	print "<td><a href=\"javascript:editUser($uid);\">" .
	260	$access_level_names[$line["access_level"]] . "</td>";
	261
	262	/* } else if ($uid != $edit_uid) {
	263
	264	if (!$line["email"]) $line["email"] = " ";
	265
	266	print "<td align='center'><input disabled=\"true\" type=\"checkbox\"
	267	id=\"UMCHK-".$line["id"]."\"></td>";
	268
	269	print "<td>".$line["login"]."</td>";
	270	print "<td>".$line["email"]."</td>";
	271	print "<td>".$access_level_names[$line["access_level"]]."</td>";
	272
	273	} else {
	274
	275	print "<td align='center'>
	276	<input disabled=\"true\" type=\"checkbox\" checked></td>";
	277
	278	print "<td><input id=\"iedit_ulogin\" value=\"".$line["login"].
	279	"\"></td>";
	280
	281	print "<td><input id=\"iedit_email\" value=\"".$line["email"].
	282	"\"></td>";
	283
	284	print "<td>";
	285	print "<select id=\"iedit_ulevel\">";
	286	foreach (array_keys($access_level_names) as $al) {
	287	if ($al == $line["access_level"]) {
	288	$selected = "selected";
	289	} else {
	290	$selected = "";
	291	}
	292	print "<option $selected id=\"$al\">" .
	293	$access_level_names[$al] . "</option>";
	294	}
	295	print "</select>";
	296	print "</td>";
	297
	298	} */
	299
	300	print "<td>".$line["last_login"]."</td>";
	301
	302	print "</tr>";
	303
	304	++$lnum;
	305	}
	306
	307	print "</table>";
	308
	309	print "<p id='userOpToolbar'>";
310
a3c159c4	311	print "
ef8be8ea	312	<input type=\"submit\" class=\"button\" disabled=\"true\"
a3c159c4	313	onclick=\"javascript:selectedUserDetails()\" value=\"".__('User details')."\">
ef8be8ea	314	<input type=\"submit\" class=\"button\" disabled=\"true\"
a3c159c4	315	onclick=\"javascript:editSelectedUser()\" value=\"".__('Edit')."\">
ef8be8ea	316	<input type=\"submit\" class=\"button\" disabled=\"true\"
a3c159c4	317	onclick=\"javascript:removeSelectedUsers()\" value=\"".__('Remove')."\">
ef8be8ea	318	<input type=\"submit\" class=\"button\" disabled=\"true\"
a3c159c4	319	onclick=\"javascript:resetSelectedUserPass()\" value=\"".__('Reset password')."\">";
ef8be8ea	320
ef8be8ea AD	321	}
ef8be8ea AD	322	?>