prefs.php 35 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122
  1. <?php
  2. class Pref_Prefs extends Handler_Protected {
  3. private $pref_help = array();
  4. private $pref_sections = array();
  5. function csrf_ignore($method) {
  6. $csrf_ignored = array("index", "updateself", "customizecss", "editprefprofiles");
  7. return array_search($method, $csrf_ignored) !== false;
  8. }
  9. function __construct($args) {
  10. parent::__construct($args);
  11. $this->pref_sections = array(
  12. 1 => __('General'),
  13. 2 => __('Interface'),
  14. 3 => __('Advanced'),
  15. 4 => __('Digest')
  16. );
  17. $this->pref_help = array(
  18. "ALLOW_DUPLICATE_POSTS" => array(__("Allow duplicate articles"), ""),
  19. "BLACKLISTED_TAGS" => array(__("Blacklisted tags"), __("When auto-detecting tags in articles these tags will not be applied (comma-separated list).")),
  20. "CDM_AUTO_CATCHUP" => array(__("Automatically mark articles as read"), __("This option enables marking articles as read automatically while you scroll article list.")),
  21. "CDM_EXPANDED" => array(__("Automatically expand articles in combined mode"), ""),
  22. "COMBINED_DISPLAY_MODE" => array(__("Combined feed display"), __("Display expanded list of feed articles, instead of separate displays for headlines and article content")),
  23. "CONFIRM_FEED_CATCHUP" => array(__("Confirm marking feed as read"), ""),
  24. "DEFAULT_ARTICLE_LIMIT" => array(__("Amount of articles to display at once"), ""),
  25. "DEFAULT_UPDATE_INTERVAL" => array(__("Default feed update interval"), __("Shortest interval at which a feed will be checked for updates regardless of update method")),
  26. "DIGEST_CATCHUP" => array(__("Mark articles in e-mail digest as read"), ""),
  27. "DIGEST_ENABLE" => array(__("Enable e-mail digest"), __("This option enables sending daily digest of new (and unread) headlines on your configured e-mail address")),
  28. "DIGEST_PREFERRED_TIME" => array(__("Try to send digests around specified time"), __("Uses UTC timezone")),
  29. "ENABLE_API_ACCESS" => array(__("Enable API access"), __("Allows external clients to access this account through the API")),
  30. "ENABLE_FEED_CATS" => array(__("Enable feed categories"), ""),
  31. "FEEDS_SORT_BY_UNREAD" => array(__("Sort feeds by unread articles count"), ""),
  32. "FRESH_ARTICLE_MAX_AGE" => array(__("Maximum age of fresh articles (in hours)"), ""),
  33. "HIDE_READ_FEEDS" => array(__("Hide feeds with no unread articles"), ""),
  34. "HIDE_READ_SHOWS_SPECIAL" => array(__("Show special feeds when hiding read feeds"), ""),
  35. "LONG_DATE_FORMAT" => array(__("Long date format"), __("The syntax used is identical to the PHP <a href='http://php.net/manual/function.date.php'>date()</a> function.")),
  36. "ON_CATCHUP_SHOW_NEXT_FEED" => array(__("On catchup show next feed"), __("Automatically open next feed with unread articles after marking one as read")),
  37. "PURGE_OLD_DAYS" => array(__("Purge articles after this number of days (0 - disables)"), ""),
  38. "PURGE_UNREAD_ARTICLES" => array(__("Purge unread articles"), ""),
  39. "REVERSE_HEADLINES" => array(__("Reverse headline order (oldest first)"), ""),
  40. "SHORT_DATE_FORMAT" => array(__("Short date format"), ""),
  41. "SHOW_CONTENT_PREVIEW" => array(__("Show content preview in headlines list"), ""),
  42. "SORT_HEADLINES_BY_FEED_DATE" => array(__("Sort headlines by feed date"), __("Use feed-specified date to sort headlines instead of local import date.")),
  43. "SSL_CERT_SERIAL" => array(__("Login with an SSL certificate"), __("Click to register your SSL client certificate with tt-rss")),
  44. "STRIP_IMAGES" => array(__("Do not embed media in articles"), ""),
  45. "STRIP_UNSAFE_TAGS" => array(__("Strip unsafe tags from articles"), __("Strip all but most common HTML tags when reading articles.")),
  46. "USER_STYLESHEET" => array(__("Customize stylesheet"), __("Customize CSS stylesheet to your liking")),
  47. "USER_TIMEZONE" => array(__("Time zone"), ""),
  48. "VFEED_GROUP_BY_FEED" => array(__("Group headlines in virtual feeds"), __("Special feeds, labels, and categories are grouped by originating feeds")),
  49. "USER_LANGUAGE" => array(__("Language")),
  50. "USER_CSS_THEME" => array(__("Theme"), __("Select one of the available CSS themes"))
  51. );
  52. }
  53. function changepassword() {
  54. $old_pw = clean($_POST["old_password"]);
  55. $new_pw = clean($_POST["new_password"]);
  56. $con_pw = clean($_POST["confirm_password"]);
  57. if ($old_pw == "") {
  58. print "ERROR: ".format_error("Old password cannot be blank.");
  59. return;
  60. }
  61. if ($new_pw == "") {
  62. print "ERROR: ".format_error("New password cannot be blank.");
  63. return;
  64. }
  65. if ($new_pw != $con_pw) {
  66. print "ERROR: ".format_error("Entered passwords do not match.");
  67. return;
  68. }
  69. $authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
  70. if (method_exists($authenticator, "change_password")) {
  71. print format_notice($authenticator->change_password($_SESSION["uid"], $old_pw, $new_pw));
  72. } else {
  73. print "ERROR: ".format_error("Function not supported by authentication module.");
  74. }
  75. }
  76. function saveconfig() {
  77. $boolean_prefs = explode(",", clean($_POST["boolean_prefs"]));
  78. foreach ($boolean_prefs as $pref) {
  79. if (!isset($_POST[$pref])) $_POST[$pref] = 'false';
  80. }
  81. $need_reload = false;
  82. foreach (array_keys($_POST) as $pref_name) {
  83. $value = $_POST[$pref_name];
  84. if ($pref_name == 'DIGEST_PREFERRED_TIME') {
  85. if (get_pref('DIGEST_PREFERRED_TIME') != $value) {
  86. $sth = $this->pdo->prepare("UPDATE ttrss_users SET
  87. last_digest_sent = NULL WHERE id = ?");
  88. $sth->execute([$_SESSION['uid']]);
  89. }
  90. }
  91. if ($pref_name == "USER_LANGUAGE") {
  92. if ($_SESSION["language"] != $value) {
  93. $need_reload = true;
  94. }
  95. }
  96. set_pref($pref_name, $value);
  97. }
  98. if ($need_reload) {
  99. print "PREFS_NEED_RELOAD";
  100. } else {
  101. print __("The configuration was saved.");
  102. }
  103. }
  104. function changeemail() {
  105. $email = clean($_POST["email"]);
  106. $full_name = clean($_POST["full_name"]);
  107. $active_uid = $_SESSION["uid"];
  108. $sth = $this->pdo->prepare("UPDATE ttrss_users SET email = ?,
  109. full_name = ? WHERE id = ?");
  110. $sth->execute([$email, $full_name, $active_uid]);
  111. print __("Your personal data has been saved.");
  112. return;
  113. }
  114. function resetconfig() {
  115. $_SESSION["prefs_op_result"] = "reset-to-defaults";
  116. $sth = $this->pdo->prepare("DELETE FROM ttrss_user_prefs
  117. WHERE (profile = :profile OR (:profile IS NULL AND profile IS NULL))
  118. AND owner_uid = :uid");
  119. $sth->execute([":profile" => $_SESSION['profile'], ":uid" => $_SESSION['uid']]);
  120. initialize_user_prefs($_SESSION["uid"], $_SESSION["profile"]);
  121. echo __("Your preferences are now set to default values.");
  122. }
  123. function index() {
  124. global $access_level_names;
  125. $prefs_blacklist = array("ALLOW_DUPLICATE_POSTS", "STRIP_UNSAFE_TAGS", "REVERSE_HEADLINES",
  126. "SORT_HEADLINES_BY_FEED_DATE", "DEFAULT_ARTICLE_LIMIT",
  127. "FEEDS_SORT_BY_UNREAD", "CDM_EXPANDED");
  128. /* "FEEDS_SORT_BY_UNREAD", "HIDE_READ_FEEDS", "REVERSE_HEADLINES" */
  129. $profile_blacklist = array("ALLOW_DUPLICATE_POSTS", "PURGE_OLD_DAYS",
  130. "PURGE_UNREAD_ARTICLES", "DIGEST_ENABLE", "DIGEST_CATCHUP",
  131. "BLACKLISTED_TAGS", "ENABLE_API_ACCESS", "UPDATE_POST_ON_CHECKSUM_CHANGE",
  132. "DEFAULT_UPDATE_INTERVAL", "USER_TIMEZONE", "SORT_HEADLINES_BY_FEED_DATE",
  133. "SSL_CERT_SERIAL", "DIGEST_PREFERRED_TIME");
  134. $_SESSION["prefs_op_result"] = "";
  135. print "<div dojoType=\"dijit.layout.AccordionContainer\" region=\"center\">";
  136. print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Personal data / Authentication')."\">";
  137. print "<form dojoType=\"dijit.form.Form\" id=\"changeUserdataForm\">";
  138. print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">
  139. evt.preventDefault();
  140. if (this.validate()) {
  141. Notify.progress('Saving data...', true);
  142. new Ajax.Request('backend.php', {
  143. parameters: dojo.objectToQuery(this.getValues()),
  144. onComplete: function(transport) {
  145. notify_callback2(transport);
  146. } });
  147. }
  148. </script>";
  149. print "<table width=\"100%\" class=\"prefPrefsList\">";
  150. print "<h2>" . __("Personal data") . "</h2>";
  151. $sth = $this->pdo->prepare("SELECT email,full_name,otp_enabled,
  152. access_level FROM ttrss_users
  153. WHERE id = ?");
  154. $sth->execute([$_SESSION["uid"]]);
  155. $row = $sth->fetch();
  156. $email = htmlspecialchars($row["email"]);
  157. $full_name = htmlspecialchars($row["full_name"]);
  158. $otp_enabled = sql_bool_to_bool($row["otp_enabled"]);
  159. print "<tr><td width=\"40%\">".__('Full name')."</td>";
  160. print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"full_name\" required=\"1\"
  161. value=\"$full_name\"></td></tr>";
  162. print "<tr><td width=\"40%\">".__('E-mail')."</td>";
  163. print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"email\" required=\"1\" value=\"$email\"></td></tr>";
  164. if (!SINGLE_USER_MODE && !$_SESSION["hide_hello"]) {
  165. $access_level = $row["access_level"];
  166. print "<tr><td width=\"40%\">".__('Access level')."</td>";
  167. print "<td>" . $access_level_names[$access_level] . "</td></tr>";
  168. }
  169. print "</table>";
  170. print_hidden("op", "pref-prefs");
  171. print_hidden("method", "changeemail");
  172. print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\" class=\"btn-primary\">".
  173. __("Save data")."</button>";
  174. print "</form>";
  175. if ($_SESSION["auth_module"]) {
  176. $authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
  177. } else {
  178. $authenticator = false;
  179. }
  180. if ($authenticator && method_exists($authenticator, "change_password")) {
  181. print "<h2>" . __("Password") . "</h2>";
  182. print "<div style='display : none' id='pwd_change_infobox'></div>";
  183. print "<form dojoType=\"dijit.form.Form\">";
  184. print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">
  185. evt.preventDefault();
  186. if (this.validate()) {
  187. Notify.progress('Changing password...', true);
  188. new Ajax.Request('backend.php', {
  189. parameters: dojo.objectToQuery(this.getValues()),
  190. onComplete: function(transport) {
  191. Notify.close();
  192. if (transport.responseText.indexOf('ERROR: ') == 0) {
  193. $('pwd_change_infobox').innerHTML =
  194. transport.responseText.replace('ERROR: ', '');
  195. } else {
  196. $('pwd_change_infobox').innerHTML =
  197. transport.responseText.replace('ERROR: ', '');
  198. var warn = $('default_pass_warning');
  199. if (warn) Element.hide(warn);
  200. }
  201. new Effect.Appear('pwd_change_infobox');
  202. }});
  203. this.reset();
  204. }
  205. </script>";
  206. if ($otp_enabled) {
  207. print_notice(__("Changing your current password will disable OTP."));
  208. }
  209. print "<table width=\"100%\" class=\"prefPrefsList\">";
  210. print "<tr><td width=\"40%\">".__("Old password")."</td>";
  211. print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"old_password\"></td></tr>";
  212. print "<tr><td width=\"40%\">".__("New password")."</td>";
  213. print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\"
  214. name=\"new_password\"></td></tr>";
  215. print "<tr><td width=\"40%\">".__("Confirm password")."</td>";
  216. print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"confirm_password\"></td></tr>";
  217. print "</table>";
  218. print_hidden("op", "pref-prefs");
  219. print_hidden("method", "changepassword");
  220. print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\" class=\"btn-primary\">".
  221. __("Change password")."</button>";
  222. print "</form>";
  223. if ($_SESSION["auth_module"] == "auth_internal") {
  224. print "<h2>" . __("One time passwords / Authenticator") . "</h2>";
  225. if ($otp_enabled) {
  226. print_notice(__("One time passwords are currently enabled. Enter your current password below to disable."));
  227. print "<form dojoType=\"dijit.form.Form\">";
  228. print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">
  229. evt.preventDefault();
  230. if (this.validate()) {
  231. Notify.progress('Disabling OTP', true);
  232. new Ajax.Request('backend.php', {
  233. parameters: dojo.objectToQuery(this.getValues()),
  234. onComplete: function(transport) {
  235. Notify.close();
  236. if (transport.responseText.indexOf('ERROR: ') == 0) {
  237. Notify.error(transport.responseText.replace('ERROR: ', ''));
  238. } else {
  239. window.location.reload();
  240. }
  241. }});
  242. this.reset();
  243. }
  244. </script>";
  245. print "<table width=\"100%\" class=\"prefPrefsList\">";
  246. print "<tr><td width=\"40%\">".__("Enter your password")."</td>";
  247. print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\"
  248. name=\"password\"></td></tr>";
  249. print "</table>";
  250. print_hidden("op", "pref-prefs");
  251. print_hidden("method", "otpdisable");
  252. print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">".
  253. __("Disable OTP")."</button>";
  254. print "</form>";
  255. } else if (function_exists("imagecreatefromstring")) {
  256. print_warning(__("You will need a compatible Authenticator to use this. Changing your password would automatically disable OTP."));
  257. print "<p>".__("Scan the following code by the Authenticator application:")."</p>";
  258. $csrf_token = $_SESSION["csrf_token"];
  259. print "<img src=\"backend.php?op=pref-prefs&method=otpqrcode&csrf_token=$csrf_token\">";
  260. print "<form dojoType=\"dijit.form.Form\" id=\"changeOtpForm\">";
  261. print_hidden("op", "pref-prefs");
  262. print_hidden("method", "otpenable");
  263. print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">
  264. evt.preventDefault();
  265. if (this.validate()) {
  266. Notify.progress('Saving data...', true);
  267. new Ajax.Request('backend.php', {
  268. parameters: dojo.objectToQuery(this.getValues()),
  269. onComplete: function(transport) {
  270. Notify.close();
  271. if (transport.responseText.indexOf('ERROR:') == 0) {
  272. Notify.error(transport.responseText.replace('ERROR:', ''));
  273. } else {
  274. window.location.reload();
  275. }
  276. } });
  277. }
  278. </script>";
  279. print "<table width=\"100%\" class=\"prefPrefsList\">";
  280. print "<tr><td width=\"40%\">".__("Enter your password")."</td>";
  281. print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\"
  282. name=\"password\"></td></tr>";
  283. print "<tr><td width=\"40%\">".__("Enter the generated one time password")."</td>";
  284. print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" autocomplete=\"off\"
  285. required=\"1\"
  286. name=\"otp\"></td></tr>";
  287. print "<tr><td colspan=\"2\">";
  288. print "</td></tr><tr><td colspan=\"2\">";
  289. print "</td></tr>";
  290. print "</table>";
  291. print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\" class=\"btn-primary\">".
  292. __("Enable OTP")."</button>";
  293. print "</form>";
  294. } else {
  295. print_notice(__("PHP GD functions are required for OTP support."));
  296. }
  297. }
  298. }
  299. PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION,
  300. "hook_prefs_tab_section", "prefPrefsAuth");
  301. print "</div>"; #pane
  302. print "<div dojoType=\"dijit.layout.AccordionPane\" selected=\"true\" title=\"".__('Preferences')."\">";
  303. print "<form dojoType=\"dijit.form.Form\" id=\"changeSettingsForm\">";
  304. print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt, quit\">
  305. if (evt) evt.preventDefault();
  306. if (this.validate()) {
  307. console.log(dojo.objectToQuery(this.getValues()));
  308. new Ajax.Request('backend.php', {
  309. parameters: dojo.objectToQuery(this.getValues()),
  310. onComplete: function(transport) {
  311. var msg = transport.responseText;
  312. if (quit) {
  313. document.location.href = 'index.php';
  314. } else {
  315. if (msg == 'PREFS_NEED_RELOAD') {
  316. window.location.reload();
  317. } else {
  318. Notify.info(msg);
  319. }
  320. }
  321. } });
  322. }
  323. </script>";
  324. print '<div dojoType="dijit.layout.BorderContainer" gutters="false">';
  325. print '<div dojoType="dijit.layout.ContentPane" region="center" style="overflow-y : auto">';
  326. if ($_SESSION["profile"]) {
  327. print_notice(__("Some preferences are only available in default profile."));
  328. }
  329. if ($_SESSION["profile"]) {
  330. initialize_user_prefs($_SESSION["uid"], $_SESSION["profile"]);
  331. } else {
  332. initialize_user_prefs($_SESSION["uid"]);
  333. }
  334. $sth = $this->pdo->prepare("SELECT DISTINCT
  335. ttrss_user_prefs.pref_name,value,type_name,
  336. ttrss_prefs_sections.order_id,
  337. def_value,section_id
  338. FROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs
  339. WHERE type_id = ttrss_prefs_types.id AND
  340. (profile = :profile OR (:profile IS NULL AND profile IS NULL)) AND
  341. section_id = ttrss_prefs_sections.id AND
  342. ttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND
  343. owner_uid = :uid
  344. ORDER BY ttrss_prefs_sections.order_id,pref_name");
  345. $sth->execute([":uid" => $_SESSION['uid'], ":profile" => $_SESSION['profile']]);
  346. $lnum = 0;
  347. $active_section = "";
  348. $listed_boolean_prefs = array();
  349. while ($line = $sth->fetch()) {
  350. if (in_array($line["pref_name"], $prefs_blacklist)) {
  351. continue;
  352. }
  353. $type_name = $line["type_name"];
  354. $pref_name = $line["pref_name"];
  355. $section_name = $this->getSectionName($line["section_id"]);
  356. $value = $line["value"];
  357. $short_desc = $this->getShortDesc($pref_name);
  358. $help_text = $this->getHelpText($pref_name);
  359. if (!$short_desc) continue;
  360. if ($_SESSION["profile"] && in_array($line["pref_name"],
  361. $profile_blacklist)) {
  362. continue;
  363. }
  364. if ($active_section != $line["section_id"]) {
  365. if ($active_section != "") {
  366. print "</table>";
  367. }
  368. print "<table width=\"100%\" class=\"prefPrefsList\">";
  369. $active_section = $line["section_id"];
  370. print "<tr><td colspan=\"3\"><h3>".$section_name."</h3></td></tr>";
  371. $lnum = 0;
  372. }
  373. print "<tr>";
  374. print "<td width=\"40%\" class=\"prefName\" id=\"$pref_name\">";
  375. print "<label for='CB_$pref_name'>";
  376. print $short_desc;
  377. print "</label>";
  378. if ($help_text) print "<div class=\"prefHelp\">".__($help_text)."</div>";
  379. print "</td>";
  380. print "<td class=\"prefValue\">";
  381. if ($pref_name == "USER_LANGUAGE") {
  382. print_select_hash($pref_name, $value, get_translations(),
  383. "style='width : 220px; margin : 0px' dojoType='dijit.form.Select'");
  384. } else if ($pref_name == "USER_TIMEZONE") {
  385. $timezones = explode("\n", file_get_contents("lib/timezones.txt"));
  386. print_select($pref_name, $value, $timezones, 'dojoType="dijit.form.FilteringSelect"');
  387. } else if ($pref_name == "USER_STYLESHEET") {
  388. print "<button dojoType=\"dijit.form.Button\"
  389. onclick=\"Prefs.customizeCSS()\">" . __('Customize') . "</button>";
  390. } else if ($pref_name == "USER_CSS_THEME") {
  391. $themes = array_merge(glob("themes/*.php"), glob("themes/*.css"), glob("themes.local/*.css"));
  392. $themes = array_map("basename", $themes);
  393. $themes = array_filter($themes, "theme_valid");
  394. asort($themes);
  395. if (!theme_valid($value)) $value = "default.php";
  396. print_select($pref_name, $value, $themes,
  397. 'dojoType="dijit.form.Select"');
  398. } else if ($pref_name == "DEFAULT_UPDATE_INTERVAL") {
  399. global $update_intervals_nodefault;
  400. print_select_hash($pref_name, $value, $update_intervals_nodefault,
  401. 'dojoType="dijit.form.Select"');
  402. } else if ($type_name == "bool") {
  403. array_push($listed_boolean_prefs, $pref_name);
  404. $checked = ($value == "true") ? "checked=\"checked\"" : "";
  405. if ($pref_name == "PURGE_UNREAD_ARTICLES" && FORCE_ARTICLE_PURGE != 0) {
  406. $disabled = "disabled=\"1\"";
  407. $checked = "checked=\"checked\"";
  408. } else {
  409. $disabled = "";
  410. }
  411. print "<input type='checkbox' name='$pref_name' $checked $disabled
  412. dojoType='dijit.form.CheckBox' id='CB_$pref_name' value='1'>";
  413. } else if (array_search($pref_name, array('FRESH_ARTICLE_MAX_AGE',
  414. 'PURGE_OLD_DAYS', 'LONG_DATE_FORMAT', 'SHORT_DATE_FORMAT')) !== false) {
  415. $regexp = ($type_name == 'integer') ? 'regexp="^\d*$"' : '';
  416. if ($pref_name == "PURGE_OLD_DAYS" && FORCE_ARTICLE_PURGE != 0) {
  417. $disabled = "disabled=\"1\"";
  418. $value = FORCE_ARTICLE_PURGE;
  419. } else {
  420. $disabled = "";
  421. }
  422. print "<input dojoType=\"dijit.form.ValidationTextBox\"
  423. required=\"1\" $regexp $disabled
  424. name=\"$pref_name\" value=\"$value\">";
  425. } else if ($pref_name == "SSL_CERT_SERIAL") {
  426. print "<input dojoType=\"dijit.form.ValidationTextBox\"
  427. id=\"SSL_CERT_SERIAL\" readonly=\"1\"
  428. name=\"$pref_name\" value=\"$value\">";
  429. $cert_serial = htmlspecialchars(get_ssl_certificate_id());
  430. $has_serial = ($cert_serial) ? "false" : "true";
  431. print "<br/>";
  432. print " <button dojoType=\"dijit.form.Button\" disabled=\"$has_serial\"
  433. onclick=\"dijit.byId('SSL_CERT_SERIAL').attr('value', '$cert_serial')\">" .
  434. __('Register') . "</button>";
  435. print " <button dojoType=\"dijit.form.Button\"
  436. onclick=\"dijit.byId('SSL_CERT_SERIAL').attr('value', '')\">" .
  437. __('Clear') . "</button>";
  438. } else if ($pref_name == 'DIGEST_PREFERRED_TIME') {
  439. print "<input dojoType=\"dijit.form.ValidationTextBox\"
  440. id=\"$pref_name\" regexp=\"[012]?\d:\d\d\" placeHolder=\"12:00\"
  441. name=\"$pref_name\" value=\"$value\"><div class=\"insensitive\">".
  442. T_sprintf("Current server time: %s (UTC)", date("H:i")) . "</div>";
  443. } else {
  444. $regexp = ($type_name == 'integer') ? 'regexp="^\d*$"' : '';
  445. print "<input dojoType=\"dijit.form.ValidationTextBox\"
  446. $regexp
  447. name=\"$pref_name\" value=\"$value\">";
  448. }
  449. print "</td>";
  450. print "</tr>";
  451. $lnum++;
  452. }
  453. print "</table>";
  454. $listed_boolean_prefs = htmlspecialchars(join(",", $listed_boolean_prefs));
  455. print_hidden("boolean_prefs", "$listed_boolean_prefs");
  456. PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION,
  457. "hook_prefs_tab_section", "prefPrefsPrefsInside");
  458. print '</div>'; # inside pane
  459. print '<div dojoType="dijit.layout.ContentPane" region="bottom">';
  460. print_hidden("op", "pref-prefs");
  461. print_hidden("method", "saveconfig");
  462. print "<div dojoType=\"dijit.form.ComboButton\" type=\"submit\" class=\"btn-primary\">
  463. <span>".__('Save configuration')."</span>
  464. <div dojoType=\"dijit.DropDownMenu\">
  465. <div dojoType=\"dijit.MenuItem\"
  466. onclick=\"dijit.byId('changeSettingsForm').onSubmit(null, true)\">".
  467. __("Save and exit preferences")."</div>
  468. </div>
  469. </div>";
  470. print "<button dojoType=\"dijit.form.Button\" onclick=\"return Prefs.editProfiles()\">".
  471. __('Manage profiles')."</button> ";
  472. print "<button dojoType=\"dijit.form.Button\" class=\"btn-danger\" onclick=\"return Prefs.confirmReset()\">".
  473. __('Reset to defaults')."</button>";
  474. print "&nbsp;";
  475. PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION,
  476. "hook_prefs_tab_section", "prefPrefsPrefsOutside");
  477. print "</form>";
  478. print '</div>'; # inner pane
  479. print '</div>'; # border container
  480. print "</div>"; #pane
  481. print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Plugins')."\">";
  482. print_notice(__("You will need to reload Tiny Tiny RSS for plugin changes to take effect."));
  483. if (ini_get("open_basedir") && function_exists("curl_init") && !defined("NO_CURL")) {
  484. print_warning("Your PHP configuration has open_basedir restrictions enabled. Some plugins relying on CURL for functionality may not work correctly.");
  485. }
  486. print "<form dojoType=\"dijit.form.Form\" id=\"changePluginsForm\">";
  487. print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">
  488. evt.preventDefault();
  489. if (this.validate()) {
  490. Notify.progress('Saving data...', true);
  491. new Ajax.Request('backend.php', {
  492. parameters: dojo.objectToQuery(this.getValues()),
  493. onComplete: function(transport) {
  494. Notify.close();
  495. if (confirm(__('Selected plugins have been enabled. Reload?'))) {
  496. window.location.reload();
  497. }
  498. } });
  499. }
  500. </script>";
  501. print_hidden("op", "pref-prefs");
  502. print_hidden("method", "setplugins");
  503. print "<table width='100%' class='prefPluginsList'>";
  504. print "<tr><td colspan='5'><h3>".__("System plugins")."</h3>".
  505. format_notice(__("System plugins are enabled in <strong>config.php</strong> for all users.")).
  506. "</td></tr>";
  507. print "<tr class=\"title\">
  508. <td width=\"5%\">&nbsp;</td>
  509. <td width='10%'>".__('Plugin')."</td>
  510. <td width=''>".__('Description')."</td>
  511. <td width='5%'>".__('Version')."</td>
  512. <td width='10%'>".__('Author')."</td></tr>";
  513. $system_enabled = array_map("trim", explode(",", PLUGINS));
  514. $user_enabled = array_map("trim", explode(",", get_pref("_ENABLED_PLUGINS", $_SESSION['uid'])));
  515. $tmppluginhost = new PluginHost();
  516. $tmppluginhost->load_all($tmppluginhost::KIND_ALL, $_SESSION["uid"], true);
  517. $tmppluginhost->load_data(true);
  518. foreach ($tmppluginhost->get_plugins() as $name => $plugin) {
  519. $about = $plugin->about();
  520. if ($about[3]) {
  521. if (in_array($name, $system_enabled)) {
  522. $checked = "checked='1'";
  523. } else {
  524. $checked = "";
  525. }
  526. print "<tr>";
  527. print "<td align='center'><input disabled='1'
  528. dojoType=\"dijit.form.CheckBox\" $checked
  529. type=\"checkbox\"></td>";
  530. $plugin_icon = $checked ? "plugin.png" : "plugin_disabled.png";
  531. print "<td><label><img src='images/$plugin_icon' alt=''> $name</label></td>";
  532. print "<td>" . htmlspecialchars($about[1]);
  533. if (@$about[4]) {
  534. print " &mdash; <a target=\"_blank\" rel=\"noopener noreferrer\" class=\"visibleLink\"
  535. href=\"".htmlspecialchars($about[4])."\">".__("more info")."</a>";
  536. }
  537. print "</td>";
  538. print "<td>" . htmlspecialchars(sprintf("%.2f", $about[0])) . "</td>";
  539. print "<td>" . htmlspecialchars($about[2]) . "</td>";
  540. if (count($tmppluginhost->get_all($plugin)) > 0) {
  541. if (in_array($name, $system_enabled)) {
  542. print "<td><a href='#' onclick=\"Prefs.clearPluginData('$name')\"
  543. class='visibleLink'>".__("Clear data")."</a></td>";
  544. }
  545. }
  546. print "</tr>";
  547. }
  548. }
  549. print "<tr><td colspan='4'><h3>".__("User plugins")."</h3></td></tr>";
  550. print "<tr class=\"title\">
  551. <td width=\"5%\">&nbsp;</td>
  552. <td width='10%'>".__('Plugin')."</td>
  553. <td width=''>".__('Description')."</td>
  554. <td width='5%'>".__('Version')."</td>
  555. <td width='10%'>".__('Author')."</td></tr>";
  556. foreach ($tmppluginhost->get_plugins() as $name => $plugin) {
  557. $about = $plugin->about();
  558. if (!$about[3]) {
  559. if (in_array($name, $system_enabled)) {
  560. $checked = "checked='1'";
  561. $disabled = "disabled='1'";
  562. $rowclass = '';
  563. } else if (in_array($name, $user_enabled)) {
  564. $checked = "checked='1'";
  565. $disabled = "";
  566. $rowclass = "Selected";
  567. } else {
  568. $checked = "";
  569. $disabled = "";
  570. $rowclass = '';
  571. }
  572. print "<tr class='$rowclass'>";
  573. $plugin_icon = $checked ? "plugin.png" : "plugin_disabled.png";
  574. print "<td align='center'><input id='FPCHK-$name' name='plugins[]' value='$name' onclick='Tables.onRowChecked(this);'
  575. dojoType=\"dijit.form.CheckBox\" $checked $disabled
  576. type=\"checkbox\"></td>";
  577. print "<td><label for='FPCHK-$name'><img src='images/$plugin_icon' alt=''> $name</label></td>";
  578. print "<td><label for='FPCHK-$name'>" . htmlspecialchars($about[1]) . "</label>";
  579. if (@$about[4]) {
  580. print " &mdash; <a target=\"_blank\" rel=\"noopener noreferrer\" class=\"visibleLink\"
  581. href=\"".htmlspecialchars($about[4])."\">".__("more info")."</a>";
  582. }
  583. print "</td>";
  584. print "<td>" . htmlspecialchars(sprintf("%.2f", $about[0])) . "</td>";
  585. print "<td>" . htmlspecialchars($about[2]) . "</td>";
  586. if (count($tmppluginhost->get_all($plugin)) > 0) {
  587. if (in_array($name, $system_enabled) || in_array($name, $user_enabled)) {
  588. print "<td><a href='#' onclick=\"Prefs.clearPluginData('$name')\" class='visibleLink'>".__("Clear data")."</a></td>";
  589. }
  590. }
  591. print "</tr>";
  592. }
  593. }
  594. print "</table>";
  595. print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">".
  596. __("Enable selected plugins")."</button></p>";
  597. print "</form>";
  598. print "</div>"; #pane
  599. PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB,
  600. "hook_prefs_tab", "prefPrefs");
  601. print "</div>"; #container
  602. }
  603. function toggleAdvanced() {
  604. $_SESSION["prefs_show_advanced"] = !$_SESSION["prefs_show_advanced"];
  605. }
  606. function otpqrcode() {
  607. require_once "lib/phpqrcode/phpqrcode.php";
  608. $sth = $this->pdo->prepare("SELECT login,salt,otp_enabled
  609. FROM ttrss_users
  610. WHERE id = ?");
  611. $sth->execute([$_SESSION['uid']]);
  612. if ($row = $sth->fetch()) {
  613. $base32 = new \OTPHP\Base32();
  614. $login = $row["login"];
  615. $otp_enabled = sql_bool_to_bool($row["otp_enabled"]);
  616. if (!$otp_enabled) {
  617. $secret = $base32->encode(sha1($row["salt"]));
  618. QRcode::png("otpauth://totp/".urlencode($login).
  619. "?secret=$secret&issuer=".urlencode("Tiny Tiny RSS"));
  620. }
  621. }
  622. }
  623. function otpenable() {
  624. $password = clean($_REQUEST["password"]);
  625. $otp = clean($_REQUEST["otp"]);
  626. $authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
  627. if ($authenticator->check_password($_SESSION["uid"], $password)) {
  628. $sth = $this->pdo->prepare("SELECT salt
  629. FROM ttrss_users
  630. WHERE id = ?");
  631. $sth->execute([$_SESSION['uid']]);
  632. if ($row = $sth->fetch()) {
  633. $base32 = new \OTPHP\Base32();
  634. $secret = $base32->encode(sha1($row["salt"]));
  635. $topt = new \OTPHP\TOTP($secret);
  636. $otp_check = $topt->now();
  637. if ($otp == $otp_check) {
  638. $sth = $this->pdo->prepare("UPDATE ttrss_users
  639. SET otp_enabled = true WHERE id = ?");
  640. $sth->execute([$_SESSION['uid']]);
  641. print "OK";
  642. } else {
  643. print "ERROR:".__("Incorrect one time password");
  644. }
  645. }
  646. } else {
  647. print "ERROR:".__("Incorrect password");
  648. }
  649. }
  650. static function isdefaultpassword() {
  651. $authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
  652. if ($authenticator &&
  653. method_exists($authenticator, "check_password") &&
  654. $authenticator->check_password($_SESSION["uid"], "password")) {
  655. return true;
  656. }
  657. return false;
  658. }
  659. function otpdisable() {
  660. $password = clean($_REQUEST["password"]);
  661. $authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
  662. if ($authenticator->check_password($_SESSION["uid"], $password)) {
  663. $sth = $this->pdo->prepare("UPDATE ttrss_users SET otp_enabled = false WHERE
  664. id = ?");
  665. $sth->execute([$_SESSION['uid']]);
  666. print "OK";
  667. } else {
  668. print "ERROR: ".__("Incorrect password");
  669. }
  670. }
  671. function setplugins() {
  672. if (is_array(clean($_REQUEST["plugins"])))
  673. $plugins = join(",", clean($_REQUEST["plugins"]));
  674. else
  675. $plugins = "";
  676. set_pref("_ENABLED_PLUGINS", $plugins, $_SESSION["uid"]);
  677. }
  678. function clearplugindata() {
  679. $name = clean($_REQUEST["name"]);
  680. PluginHost::getInstance()->clear_data(PluginHost::getInstance()->get_plugin($name));
  681. }
  682. function customizeCSS() {
  683. $value = get_pref("USER_STYLESHEET");
  684. $value = str_replace("<br/>", "\n", $value);
  685. print_notice(T_sprintf("You can override colors, fonts and layout of your currently selected theme with custom CSS declarations here. <a target=\"_blank\" class=\"visibleLink\" href=\"%s\">This file</a> can be used as a baseline.", "css/tt-rss.css"));
  686. print_hidden("op", "rpc");
  687. print_hidden("method", "setpref");
  688. print_hidden("key", "USER_STYLESHEET");
  689. print "<table width='100%'><tr><td>";
  690. print "<textarea dojoType=\"dijit.form.SimpleTextarea\"
  691. style='font-size : 12px; width : 98%; height: 200px;'
  692. placeHolder='body#ttrssMain { font-size : 14px; };'
  693. name='value'>$value</textarea>";
  694. print "</td></tr></table>";
  695. print "<div class='dlgButtons'>";
  696. print "<button dojoType=\"dijit.form.Button\"
  697. onclick=\"dijit.byId('cssEditDlg').execute()\">".__('Save')."</button> ";
  698. print "<button dojoType=\"dijit.form.Button\"
  699. onclick=\"dijit.byId('cssEditDlg').hide()\">".__('Cancel')."</button>";
  700. print "</div>";
  701. }
  702. function editPrefProfiles() {
  703. print "<div dojoType=\"dijit.Toolbar\">";
  704. print "<div dojoType=\"dijit.form.DropDownButton\">".
  705. "<span>" . __('Select')."</span>";
  706. print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
  707. print "<div onclick=\"Tables.select('prefFeedProfileList', true)\"
  708. dojoType=\"dijit.MenuItem\">".__('All')."</div>";
  709. print "<div onclick=\"Tables.select('prefFeedProfileList', false)\"
  710. dojoType=\"dijit.MenuItem\">".__('None')."</div>";
  711. print "</div></div>";
  712. print "<div style=\"float : right\">";
  713. print "<input name=\"newprofile\" dojoType=\"dijit.form.ValidationTextBox\"
  714. required=\"1\">
  715. <button dojoType=\"dijit.form.Button\"
  716. onclick=\"dijit.byId('profileEditDlg').addProfile()\">".
  717. __('Create profile')."</button></div>";
  718. print "</div>";
  719. $sth = $this->pdo->prepare("SELECT title,id FROM ttrss_settings_profiles
  720. WHERE owner_uid = ? ORDER BY title");
  721. $sth->execute([$_SESSION['uid']]);
  722. print "<div class=\"prefProfileHolder\">";
  723. print "<form id=\"profile_edit_form\" onsubmit=\"return false\">";
  724. print "<table width=\"100%\" class=\"prefFeedProfileList\"
  725. cellspacing=\"0\" id=\"prefFeedProfileList\">";
  726. print "<tr class=\"placeholder\">"; # data-row-id='0' <-- no point, shouldn't be removed
  727. print "<td width='5%' align='center'><input
  728. onclick='Tables.onRowChecked(this);'
  729. dojoType=\"dijit.form.CheckBox\"
  730. type=\"checkbox\"></td>";
  731. if (!$_SESSION["profile"]) {
  732. $is_active = __("(active)");
  733. } else {
  734. $is_active = "";
  735. }
  736. print "<td><span>" .
  737. __("Default profile") . " $is_active</span></td>";
  738. print "</tr>";
  739. $lnum = 1;
  740. while ($line = $sth->fetch()) {
  741. $profile_id = $line["id"];
  742. print "<tr class=\"placeholder\" data-row-id='$profile_id'>";
  743. $edit_title = htmlspecialchars($line["title"]);
  744. print "<td width='5%' align='center'><input
  745. onclick='Tables.onRowChecked(this);'
  746. dojoType=\"dijit.form.CheckBox\"
  747. type=\"checkbox\"></td>";
  748. if ($_SESSION["profile"] == $line["id"]) {
  749. $is_active = __("(active)");
  750. } else {
  751. $is_active = "";
  752. }
  753. print "<td><span dojoType=\"dijit.InlineEditBox\"
  754. width=\"300px\" autoSave=\"false\"
  755. profile-id=\"$profile_id\">" . $edit_title .
  756. "<script type=\"dojo/method\" event=\"onChange\" args=\"item\">
  757. var elem = this;
  758. dojo.xhrPost({
  759. url: 'backend.php',
  760. content: {op: 'rpc', method: 'saveprofile',
  761. value: this.value,
  762. id: this.srcNodeRef.getAttribute('profile-id')},
  763. load: function(response) {
  764. elem.attr('value', response);
  765. }
  766. });
  767. </script>
  768. </span> $is_active</td>";
  769. print "</tr>";
  770. ++$lnum;
  771. }
  772. print "</table>";
  773. print "</form>";
  774. print "</div>";
  775. print "<div class='dlgButtons'>
  776. <div style='float : left'>
  777. <button class=\"btn-danger\" dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('profileEditDlg').removeSelected()\">".
  778. __('Remove selected profiles')."</button>
  779. <button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('profileEditDlg').activateProfile()\">".
  780. __('Activate profile')."</button>
  781. </div>";
  782. print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('profileEditDlg').hide()\">".
  783. __('Close this window')."</button>";
  784. print "</div>";
  785. }
  786. private function getShortDesc($pref_name) {
  787. if (isset($this->pref_help[$pref_name])) {
  788. return $this->pref_help[$pref_name][0];
  789. }
  790. return "";
  791. }
  792. private function getHelpText($pref_name) {
  793. if (isset($this->pref_help[$pref_name])) {
  794. return $this->pref_help[$pref_name][1];
  795. }
  796. return "";
  797. }
  798. private function getSectionName($id) {
  799. if (isset($this->pref_sections[$id])) {
  800. return $this->pref_sections[$id];
  801. }
  802. return "";
  803. }
  804. }