dbh->query("SELECT login, ".SUBSTRING_FOR_DATE."(last_login,1,16) AS last_login, access_level, (SELECT COUNT(int_id) FROM ttrss_user_entries WHERE owner_uid = id) AS stored_articles, ".SUBSTRING_FOR_DATE."(created,1,16) AS created FROM ttrss_users WHERE id = '$uid'"); if ($this->dbh->num_rows($result) == 0) { print "

".__('User not found')."

"; return; } // print "

User Details

"; $login = $this->dbh->fetch_result($result, 0, "login"); print ""; $last_login = make_local_datetime( $this->dbh->fetch_result($result, 0, "last_login"), true); $created = make_local_datetime( $this->dbh->fetch_result($result, 0, "created"), true); $access_level = $this->dbh->fetch_result($result, 0, "access_level"); $stored_articles = $this->dbh->fetch_result($result, 0, "stored_articles"); print ""; print ""; $result = $this->dbh->query("SELECT COUNT(id) as num_feeds FROM ttrss_feeds WHERE owner_uid = '$uid'"); $num_feeds = $this->dbh->fetch_result($result, 0, "num_feeds"); print ""; print "
".__('Registered')."$created
".__('Last logged in')."$last_login
".__('Subscribed feeds count')."$num_feeds
"; print "

".__('Subscribed feeds')."

"; $result = $this->dbh->query("SELECT id,title,site_url FROM ttrss_feeds WHERE owner_uid = '$uid' ORDER BY title"); print ""; print "
"; return; } function edit() { global $access_level_names; $id = $this->dbh->escape_string($_REQUEST["id"]); print "
"; print ""; print ""; print ""; $result = $this->dbh->query("SELECT * FROM ttrss_users WHERE id = '$id'"); $login = $this->dbh->fetch_result($result, 0, "login"); $access_level = $this->dbh->fetch_result($result, 0, "access_level"); $email = $this->dbh->fetch_result($result, 0, "email"); $sel_disabled = ($id == $_SESSION["uid"]) ? "disabled" : ""; print "
".__("User")."
"; print "
"; if ($sel_disabled) { print ""; } print ""; print "
"; print "
".__("Authentication")."
"; print "
"; print __('Access level: ') . " "; if (!$sel_disabled) { print_select_hash("access_level", $access_level, $access_level_names, "dojoType=\"dijit.form.Select\" $sel_disabled"); } else { print_select_hash("", $access_level, $access_level_names, "dojoType=\"dijit.form.Select\" $sel_disabled"); print ""; } print "
"; print ""; print "
"; print "
".__("Options")."
"; print "
"; print ""; print "
"; print ""; print "
"; print "
"; return; } function editSave() { $login = $this->dbh->escape_string(trim($_REQUEST["login"])); $uid = $this->dbh->escape_string($_REQUEST["id"]); $access_level = (int) $_REQUEST["access_level"]; $email = $this->dbh->escape_string(trim($_REQUEST["email"])); $password = $_REQUEST["password"]; if ($password) { $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $pwd_hash = encrypt_password($password, $salt, true); $pass_query_part = "pwd_hash = '$pwd_hash', salt = '$salt',"; } else { $pass_query_part = ""; } $this->dbh->query("UPDATE ttrss_users SET $pass_query_part login = '$login', access_level = '$access_level', email = '$email', otp_enabled = false WHERE id = '$uid'"); } function remove() { $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"])); foreach ($ids as $id) { if ($id != $_SESSION["uid"] && $id != 1) { $this->dbh->query("DELETE FROM ttrss_tags WHERE owner_uid = '$id'"); $this->dbh->query("DELETE FROM ttrss_feeds WHERE owner_uid = '$id'"); $this->dbh->query("DELETE FROM ttrss_users WHERE id = '$id'"); } } } function add() { $login = $this->dbh->escape_string(trim($_REQUEST["login"])); $tmp_user_pwd = make_password(8); $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $pwd_hash = encrypt_password($tmp_user_pwd, $salt, true); $result = $this->dbh->query("SELECT id FROM ttrss_users WHERE login = '$login'"); if ($this->dbh->num_rows($result) == 0) { $this->dbh->query("INSERT INTO ttrss_users (login,pwd_hash,access_level,last_login,created, salt) VALUES ('$login', '$pwd_hash', 0, null, NOW(), '$salt')"); $result = $this->dbh->query("SELECT id FROM ttrss_users WHERE login = '$login' AND pwd_hash = '$pwd_hash'"); if ($this->dbh->num_rows($result) == 1) { $new_uid = $this->dbh->fetch_result($result, 0, "id"); print format_notice(T_sprintf("Added user %s with password %s", $login, $tmp_user_pwd)); initialize_user($new_uid); } else { print format_warning(T_sprintf("Could not create user %s", $login)); } } else { print format_warning(T_sprintf("User %s already exists.", $login)); } } static function resetUserPassword($uid, $show_password) { $result = db_query("SELECT login,email FROM ttrss_users WHERE id = '$uid'"); $login = db_fetch_result($result, 0, "login"); $email = db_fetch_result($result, 0, "email"); $salt = db_fetch_result($result, 0, "salt"); $new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $tmp_user_pwd = make_password(8); $pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true); db_query("UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt' WHERE id = '$uid'"); if ($show_password) { print T_sprintf("Changed password of user %s to %s", $login, $tmp_user_pwd); } else { print_notice(T_sprintf("Sending new password of user %s to %s", $login, $email)); } require_once 'classes/ttrssmailer.php'; if ($email) { require_once "lib/MiniTemplator.class.php"; $tpl = new MiniTemplator; $tpl->readTemplateFromFile("templates/resetpass_template.txt"); $tpl->setVariable('LOGIN', $login); $tpl->setVariable('NEWPASS', $tmp_user_pwd); $tpl->addBlock('message'); $message = ""; $tpl->generateOutputToString($message); $mail = new ttrssMailer(); $rc = $mail->quickMail($email, $login, __("[tt-rss] Password change notification"), $message, false); if (!$rc) print_error($mail->ErrorInfo); } } function resetPass() { $uid = $this->dbh->escape_string($_REQUEST["id"]); Pref_Users::resetUserPassword($uid, true); } function index() { global $access_level_names; print "
"; print "
"; print "
"; $user_search = $this->dbh->escape_string($_REQUEST["search"]); if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_user_search"] = $user_search; } else { $user_search = $_SESSION["prefs_user_search"]; } print "
"; $sort = $this->dbh->escape_string($_REQUEST["sort"]); if (!$sort || $sort == "undefined") { $sort = "login"; } print "
". "" . __('Select').""; print "
"; print "
".__('All')."
"; print "
".__('None')."
"; print "
"; print ""; print " "; PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "hook_prefs_tab_section", "prefUsersToolbar"); print "
"; #toolbar print "
"; #pane print "
"; print "
"; if ($user_search) { $user_search = explode(" ", $user_search); $tokens = array(); foreach ($user_search as $token) { $token = trim($token); array_push($tokens, "(UPPER(login) LIKE UPPER('%$token%'))"); } $user_search_query = "(" . join($tokens, " AND ") . ") AND "; } else { $user_search_query = ""; } $result = $this->dbh->query("SELECT id,login,access_level,email, ".SUBSTRING_FOR_DATE."(last_login,1,16) as last_login, ".SUBSTRING_FOR_DATE."(created,1,16) as created FROM ttrss_users WHERE $user_search_query id > 0 ORDER BY $sort"); if ($this->dbh->num_rows($result) > 0) { print "

"; print ""; $lnum = 0; while ($line = $this->dbh->fetch_assoc($result)) { $uid = $line["id"]; print ""; $line["login"] = htmlspecialchars($line["login"]); $line["created"] = make_local_datetime($line["created"], false); $line["last_login"] = make_local_datetime($line["last_login"], false); print ""; $onclick = "onclick='editUser($uid, event)' title='".__('Click to edit')."'"; print ""; if (!$line["email"]) $line["email"] = " "; print ""; print ""; print ""; print ""; ++$lnum; } print "
  ".__('Login')." ".__('Access Level')." ".__('Registered')." ".__('Last login')."
" . $line["login"] . "" . $access_level_names[$line["access_level"]] . "" . $line["created"] . "" . $line["last_login"] . "
"; } else { print "

"; if (!$user_search) { print_warning(__('No users defined.')); } else { print_warning(__('No matching users found.')); } print "

"; } print "
"; #pane PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB, "hook_prefs_tab", "prefUsers"); print "
"; #container } } ?>