diff options
| author | Andrew Dolgov <[email protected]> | 2005-11-18 10:00:18 +0100 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2005-11-18 10:00:18 +0100 |
| commit | e6cb77a07ad5ff4b7d43aa00fdf1fc810bfebf69 (patch) | |
| tree | 9b02156c3d1debc5530b1ec6b671ce54f700e53b /backend.php | |
| parent | cd42edf18dac1955a4046cc68a790aaf77cd6536 (diff) | |
user manager
Diffstat (limited to 'backend.php')
| -rw-r--r-- | backend.php | 192 |
1 files changed, 189 insertions, 3 deletions
diff --git a/backend.php b/backend.php index 0fbe75b33..42707b09a 100644 --- a/backend.php +++ b/backend.php @@ -1009,7 +1009,7 @@ } else { - print "<td><input disabled=\"true\" type=\"checkbox\"></td>"; + print "<td><input disabled=\"true\" type=\"checkbox\" checked></td>"; print "<td><input id=\"iedit_title\" value=\"$edit_title\"></td>"; print "<td><input id=\"iedit_link\" value=\"$edit_link\"></td>"; @@ -1201,7 +1201,7 @@ } else { - print "<td><input disabled=\"true\" type=\"checkbox\"></td>"; + print "<td><input disabled=\"true\" type=\"checkbox\" checked></td>"; print "<td><input id=\"iedit_regexp\" value=\"".$line["reg_exp"]. "\"></td>"; @@ -1356,7 +1356,7 @@ } else { - print "<td><input disabled=\"true\" type=\"checkbox\"></td>"; + print "<td><input disabled=\"true\" type=\"checkbox\" checked></td>"; print "<td><input id=\"iedit_expr\" value=\"".$line["sql_exp"]. "\"></td>"; @@ -1743,6 +1743,192 @@ } + if ($op == "pref-users") { + + $subop = $_GET["subop"]; + + if ($subop == "editSave") { + + if (!WEB_DEMO_MODE) { + + $login = db_escape_string($_GET["l"]); + $uid = db_escape_string($_GET["id"]); + $access_level = sprintf("%d", $_GET["al"]); + + db_query($link, "UPDATE ttrss_users SET login = '$login', access_level = '$access_level' WHERE id = '$uid'"); + + } + } else if ($subop == "remove") { + + if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { + + $ids = split(",", $_GET["ids"]); + + foreach ($ids as $id) { + db_query($link, "DELETE FROM ttrss_users WHERE id = '$id' AND id != " . $_SESSION["uid"]); + + } + } + } else if ($subop == "add") { + + if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { + + $login = db_escape_string($_GET["login"]); + $tmp_user_pwd = make_password(8); + $pwd_hash = 'SHA1:' . sha1($tmp_user_pwd); + + db_query($link, "INSERT INTO ttrss_users (login,pwd_hash,access_level) + VALUES ('$login', '$pwd_hash', 0)"); + + + $result = db_query($link, "SELECT id FROM ttrss_users WHERE + login = '$login' AND pwd_hash = '$pwd_hash'"); + + if (db_num_rows($result) == 1) { + + $new_uid = db_fetch_result($result, 0, "id"); + + print "<div class=\"notice\">Added user <b>".$_GET["login"]. + "</b> with password <b>$tmp_user_pwd</b>.</div>"; + + initialize_user($link, $new_uid); + + } else { + + print "<div class=\"warning\">Error while adding user <b>". + $_GET["login"].".</b></div>"; + + } + } + } else if ($subop == "resetPass") { + + if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { + + $uid = db_escape_string($_GET["id"]); + + $result = db_query($link, "SELECT login FROM ttrss_users WHERE id = '$uid'"); + + $login = db_fetch_result($result, 0, "login"); + $tmp_user_pwd = make_password(8); + $pwd_hash = 'SHA1:' . sha1($tmp_user_pwd); + + db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash' + WHERE id = '$uid'"); + + print "<div class=\"notice\">Changed password of + user <b>$login</b> to <b>$tmp_user_pwd</b>.</div>"; + + } + } + + print "<table class=\"prefAddFeed\"><tr> + <td><input id=\"uadd_box\"></td>"; + + print"<td colspan=\"4\" align=\"right\"> + <a class=\"button\" href=\"javascript:addUser()\">Add user</a></td></tr> + </table>"; + + $result = db_query($link, "SELECT + id,login,access_level + FROM + ttrss_users + ORDER by login"); + + print "<p><table width=\"100%\" class=\"prefUserList\" id=\"prefUserList\">"; + + print "<tr class=\"title\"> + <td width=\"5%\">Select</td><td width='40%'>Login + </td> + <td width='40%'>Access Level</td></tr>"; + + $lnum = 0; + + while ($line = db_fetch_assoc($result)) { + + $class = ($lnum % 2) ? "even" : "odd"; + + $uid = $line["id"]; + $edit_uid = $_GET["id"]; + + if ($uid == $_SESSION["uid"] || ($subop == "edit" && $uid != $edit_uid)) { + $class .= "Grayed"; + } + + print "<tr class=\"$class\" id=\"UMRR-$uid\">"; + + $line["login"] = htmlspecialchars($line["login"]); + + if ($uid == $_SESSION["uid"]) { + + print "<td><input disabled=\"true\" type=\"checkbox\" + id=\"UMCHK-".$line["id"]."\"></td>"; + + print "<td>".$line["login"]."</td>"; + print "<td>".$line["access_level"]."</td>"; + + + } else if (!$edit_uid || $subop != "edit") { + + print "<td><input onclick='toggleSelectRow(this);' + type=\"checkbox\" id=\"UMCHK-".$line["id"]."\"></td>"; + + print "<td><a href=\"javascript:editUser($uid);\">" . + $line["login"] . "</td>"; + + print "<td><a href=\"javascript:editUser($uid);\">" . + $line["access_level"] . "</td>"; + + } else if ($uid != $edit_uid) { + + print "<td><input disabled=\"true\" type=\"checkbox\" + id=\"UMCHK-".$line["id"]."\"></td>"; + + print "<td>".$line["login"]."</td>"; + print "<td>".$line["access_level"]."</td>"; + + } else { + + print "<td><input disabled=\"true\" type=\"checkbox\" checked></td>"; + + print "<td><input id=\"iedit_ulogin\" value=\"".$line["login"]. + "\"></td>"; + + print "<td><input id=\"iedit_ulevel\" value=\"".$line["access_level"]. + "\"></td>"; + + } + + + print "</tr>"; + + ++$lnum; + } + + print "</table>"; + + print "<p>"; + + if ($subop == "edit") { + print "Edit label: + <input type=\"submit\" class=\"button\" + onclick=\"javascript:userEditCancel()\" value=\"Cancel\"> + <input type=\"submit\" class=\"button\" + onclick=\"javascript:userEditSave()\" value=\"Save\">"; + + } else { + + print " + Selection: + <input type=\"submit\" class=\"button\" + onclick=\"javascript:resetSelectedUserPass()\" value=\"Reset password\"> + <input type=\"submit\" class=\"button\" + onclick=\"javascript:editSelectedUser()\" value=\"Edit\"> + <input type=\"submit\" class=\"button\" + onclick=\"javascript:removeSelectedUsers()\" value=\"Remove\">"; + } + } + + db_close($link); ?> |