diff options
author | Andrew Dolgov <[email protected]> | 2006-05-20 15:26:00 +0100 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2006-05-20 15:26:00 +0100 |
commit | 3c5783b72688b36d076063b53d23c3bcdbaf6f1a (patch) | |
tree | 8cebfbc223c14fceec765e378b3e6b8a7878b04a | |
parent | a58069db8ad73d2935614d9a2c2fadc19a4260f1 (diff) |
user editor improved, some form parameter validation reimplemented for prototyped-forms
-rw-r--r-- | backend.php | 128 | ||||
-rw-r--r-- | prefs.js | 102 |
2 files changed, 111 insertions, 119 deletions
diff --git a/backend.php b/backend.php index d203af3fa..745a1a132 100644 --- a/backend.php +++ b/backend.php @@ -81,6 +81,10 @@ 1440 => "Daily", 10080 => "Weekly"); + $access_level_names = array( + 0 => "User", + 10 => "Administrator"); + $script_started = getmicrotime(); $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); @@ -2007,13 +2011,9 @@ $edit_cat_id = $_GET["id"]; - if ($subop == "editCat") { - if ($cat_id != $edit_cat_id) { + if ($subop == "editCat" && $cat_id != $edit_cat_id) { $class .= "Grayed"; $this_row_id = ""; - } else { - $class .= "Selected"; - } } else { $this_row_id = "id=\"FCATR-$cat_id\""; } @@ -2683,30 +2683,6 @@ } - if ($id == "quickDelFeed") { - - $param = db_escape_string($param); - - $result = db_query($link, "SELECT title FROM ttrss_feeds WHERE id = '$param'"); - - if ($result) { - - $f_title = db_fetch_result($result, 0, "title"); - - print "Remove current feed (<b>$f_title</b>)? - <input class=\"button\" - type=\"submit\" onclick=\"javascript:qfdDelete($param)\" value=\"Remove\"> - <input class=\"button\" - type=\"submit\" onclick=\"javascript:closeInfoBox()\" - value=\"Cancel\">"; - } else { - print "Error: Feed $param not found. - <input class=\"button\" - type=\"submit\" onclick=\"javascript:closeInfoBox()\" - value=\"Cancel\">"; - } - } - if ($id == "search") { print "<div id=\"infoBoxTitle\">Search</div>"; @@ -3229,16 +3205,78 @@ $subop = $_GET["subop"]; + if ($subop == "edit") { + + $id = db_escape_string($_GET["id"]); + + print "<div id=\"infoBoxTitle\">User editor</div>"; + + print "<div class=\"infoBoxContents\">"; + + print "<form id=\"user_edit_form\">"; + + print "<input type=\"hidden\" name=\"id\" value=\"$id\">"; + print "<input type=\"hidden\" name=\"op\" value=\"pref-users\">"; + print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">"; + + $result = db_query($link, "SELECT * FROM ttrss_users WHERE id = '$id'"); + + $login = db_fetch_result($result, 0, "login"); + $access_level = db_fetch_result($result, 0, "access_level"); + $email = db_fetch_result($result, 0, "email"); + + print "<table width='100%'>"; + print "<tr><td>Login:</td><td> + <input class=\"iedit\" name=\"login\" value=\"$login\"></td></tr>"; + + print "<tr><td>Change password:</td><td> + <input class=\"iedit\" name=\"password\"></td></tr>"; + + print "<tr><td>E-mail:</td><td> + <input class=\"iedit\" name=\"email\" value=\"$email\"></td></tr>"; + + $sel_disabled = ($id == $_SESSION["uid"]) ? "disabled" : ""; + + print "<tr><td>Access level:</td><td>"; + print_select_hash("access_level", $access_level, $access_level_names, + $sel_disabled); + print "</td></tr>"; + + print "</table>"; + + print "</form>"; + + print "<div align='right'> + <input class=\"button\" + type=\"submit\" onclick=\"javascript:userEditSave()\" value=\"Save\"> + <input class=\"button\" + type=\"submit\" onclick=\"javascript:userEditCancel()\" + value=\"Cancel\"></div>"; + + print "</div>"; + + return; + } + if ($subop == "editSave") { - if (!WEB_DEMO_MODE) { + if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { - $login = db_escape_string($_GET["l"]); + $login = db_escape_string(trim($_GET["login"])); $uid = db_escape_string($_GET["id"]); - $access_level = sprintf("%d", $_GET["al"]); - $email = db_escape_string($_GET["e"]); + $access_level = sprintf("%d", $_GET["access_level"]); + $email = db_escape_string(trim($_GET["email"])); + $password = db_escape_string(trim($_GET["password"])); + + if ($password) { + $pwd_hash = 'SHA1:' . sha1($password); + $pass_query_part = "pwd_hash = '$pwd_hash', "; + print "<div class='notice'>Changed password for user <b>$login</b>.</div>"; + } else { + $pass_query_part = ""; + } - db_query($link, "UPDATE ttrss_users SET login = '$login', + db_query($link, "UPDATE ttrss_users SET $pass_query_part login = '$login', access_level = '$access_level', email = '$email' WHERE id = '$uid'"); } @@ -3363,10 +3401,9 @@ print "<tr class=\"title\"> <td align='center' width=\"5%\"> </td> - <td width='20%'>Login</td> - <td width='20%'>E-mail</td> - <td width='20%'>Access Level</td> - <td width='20%'>Last login</td></tr>"; + <td width='40%'>Login</td> + <td width='40%'>Access Level</td> + <td width='30%'>Last login</td></tr>"; $lnum = 0; @@ -3393,7 +3430,7 @@ $access_level_names = array(0 => "User", 10 => "Administrator"); - if (!$edit_uid || $subop != "edit") { +// if (!$edit_uid || $subop != "edit") { print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"user\");' type=\"checkbox\" id=\"UMCHK-$uid\"></td>"; @@ -3404,12 +3441,9 @@ if (!$line["email"]) $line["email"] = " "; print "<td><a href=\"javascript:editUser($uid);\">" . - $line["email"] . "</td>"; - - print "<td><a href=\"javascript:editUser($uid);\">" . $access_level_names[$line["access_level"]] . "</td>"; - } else if ($uid != $edit_uid) { +/* } else if ($uid != $edit_uid) { if (!$line["email"]) $line["email"] = " "; @@ -3445,7 +3479,7 @@ print "</select>"; print "</td>"; - } + } */ print "<td>".$line["last_login"]."</td>"; @@ -3458,14 +3492,14 @@ print "<p id='userOpToolbar'>"; - if ($subop == "edit") { +/* if ($subop == "edit") { print "Edit user: <input type=\"submit\" class=\"button\" onclick=\"javascript:userEditSave()\" value=\"Save\"> <input type=\"submit\" class=\"button\" onclick=\"javascript:userEditCancel()\" value=\"Cancel\">"; - } else { + } else { */ print " Selection: @@ -3478,7 +3512,7 @@ <input type=\"submit\" class=\"button\" disabled=\"true\" onclick=\"javascript:resetSelectedUserPass()\" value=\"Reset password\">"; - } +// } } if ($op == "user-details") { @@ -1,10 +1,8 @@ var xmlhttp = false; -var active_feed = false; var active_feed_cat = false; var active_filter = false; var active_label = false; -var active_user = false; var active_tab = false; var feed_to_expand = false; @@ -33,18 +31,19 @@ function feedlist_callback() { container.innerHTML=xmlhttp.responseText; selectTab("feedConfig", true); - if (active_feed) { - var row = document.getElementById("FEEDR-" + active_feed); + if (active_feed_cat) { + var row = document.getElementById("FCATR-" + active_feed_cat); if (row) { if (!row.className.match("Selected")) { row.className = row.className + "Selected"; } } - var checkbox = document.getElementById("FRCHK-" + active_feed); + var checkbox = document.getElementById("FCCHK-" + active_feed_cat); if (checkbox) { checkbox.checked = true; } } + notify(""); } catch (e) { exception_error("feedlist_callback", e); @@ -109,20 +108,6 @@ function userlist_callback() { var container = document.getElementById('prefContent'); if (xmlhttp.readyState == 4) { container.innerHTML=xmlhttp.responseText; - - if (active_user) { - var row = document.getElementById("UMRR-" + active_user); - if (row) { - if (!row.className.match("Selected")) { - row.className = row.className + "Selected"; - } - } - var checkbox = document.getElementById("UMCHK-" + active_user); - - if (checkbox) { - checkbox.checked = true; - } - } notify(""); } } @@ -352,11 +337,12 @@ function editUser(id) { return } - active_user = id; + selectTableRowsByIdPrefix('prefUserList', 'UMRR-', 'UMCHK-', false); + selectTableRowById('UMRR-'+id, 'UMCHK-'+id, true); xmlhttp.open("GET", "backend.php?op=pref-users&subop=edit&id=" + param_escape(id), true); - xmlhttp.onreadystatechange=userlist_callback; + xmlhttp.onreadystatechange=infobox_callback; xmlhttp.send(null); } @@ -386,14 +372,12 @@ function editFeed(feed) { return } - active_feed = feed; - // clean selection from all rows & select row being edited selectTableRowsByIdPrefix('prefFeedList', 'FEEDR-', 'FRCHK-', false); selectTableRowById('FEEDR-'+feed, 'FRCHK-'+feed, true); xmlhttp.open("GET", "backend.php?op=pref-feeds&subop=editfeed&id=" + - param_escape(active_feed), true); + param_escape(feed), true); xmlhttp.onreadystatechange=infobox_callback; xmlhttp.send(null); @@ -611,8 +595,6 @@ function feedEditCancel() { selectPrefRows('feed', false); // cleanup feed selection - active_feed = false; - } function feedCatEditCancel() { @@ -645,8 +627,6 @@ function feedEditSave() { var query = Form.serialize("edit_feed_form"); - active_feed = false; - notify("Saving feed..."); xmlhttp.open("POST", "backend.php", true); @@ -730,14 +710,9 @@ function userEditCancel() { return } - active_user = false; - -// notify("Operation cancelled."); - - xmlhttp.open("GET", "backend.php?op=pref-users", true); - xmlhttp.onreadystatechange=userlist_callback; - xmlhttp.send(null); + selectPrefRows('user', false); // cleanup feed selection + closeInfoBox(); } function filterEditCancel() { @@ -766,22 +741,18 @@ function labelEditSave() { return } -/* var sqlexp = document.getElementById("iedit_expr").value; - var descr = document.getElementById("iedit_descr").value; - -// notify("Saving label " + sqlexp + ": " + descr); + var sql_exp = document.forms["label_edit_form"].sql_exp.value; + var description = document.forms["label_edit_form"].description.value; - if (sqlexp.length == 0) { - notify("SQL expression cannot be blank."); + if (sql_exp.length == 0) { + alert("SQL Expression cannot be blank."); return; } - if (descr.length == 0) { - notify("Caption cannot be blank."); + if (description.length == 0) { + alert("Caption field cannot be blank."); return; - } */ - - // FIXME: input validation + } notify("Saving label..."); @@ -798,41 +769,25 @@ function labelEditSave() { function userEditSave() { - var user = active_user; - if (!xmlhttp_ready(xmlhttp)) { printLockingError(); return } - var login = document.getElementById("iedit_ulogin").value; - var level = document.getElementById("iedit_ulevel"); - - level = level[level.selectedIndex].id; - - var email = document.getElementById("iedit_email").value; + var login = document.forms["user_edit_form"].login.value; if (login.length == 0) { - notify("Login cannot be blank."); + alert("Login field cannot be blank."); return; } - - if (level.length == 0) { - notify("User level cannot be blank."); - return; - } - - active_user = false; - + notify("Saving user..."); - - xmlhttp.open("GET", "backend.php?op=pref-users&subop=editSave&id=" + - user + "&l=" + param_escape(login) + "&al=" + param_escape(level) + - "&e=" + param_escape(email), true); - + + var query = Form.serialize("user_edit_form"); + + xmlhttp.open("GET", "backend.php?" + query, true); xmlhttp.onreadystatechange=userlist_callback; xmlhttp.send(null); - } @@ -843,7 +798,12 @@ function filterEditSave() { return } - // FIXME: input validation + var reg_exp = document.forms["filter_edit_form"].reg_exp.value; + + if (reg_exp.length == 0) { + alert("Filter expression field cannot be blank."); + return; + } notify("Saving filter..."); @@ -1171,11 +1131,9 @@ function selectTab(id, noupdate) { notify("Loading, please wait...", true); // clean up all current selections, just in case - active_feed = false; active_feed_cat = false; active_filter = false; active_label = false; - active_user = false; if (id == "feedConfig") { updateFeedList(); |