diff options
author | Andrew Dolgov <[email protected]> | 2023-10-25 12:55:09 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2023-10-25 12:55:09 +0300 |
commit | 865ecc87963dc3b26e66296616eef2a1cc41ac3f (patch) | |
tree | bf2ecd8a391103bdb2c8b70cd33c47467310754b /classes/Pref_Users.php | |
parent | 0a5507d3bd79d04c860455664f919bf8e7274fda (diff) |
move to psr-4 autoloader
Diffstat (limited to 'classes/Pref_Users.php')
-rw-r--r-- | classes/Pref_Users.php | 294 |
1 files changed, 294 insertions, 0 deletions
diff --git a/classes/Pref_Users.php b/classes/Pref_Users.php new file mode 100644 index 000000000..78291592d --- /dev/null +++ b/classes/Pref_Users.php @@ -0,0 +1,294 @@ +<?php +class Pref_Users extends Handler_Administrative { + function csrf_ignore(string $method): bool { + return $method == "index"; + } + + function edit(): void { + $user = ORM::for_table('ttrss_users') + ->select_expr("id,login,access_level,email,full_name,otp_enabled") + ->find_one((int)$_REQUEST["id"]) + ->as_array(); + + global $access_level_names; + + if ($user) { + print json_encode([ + "user" => $user, + "access_level_names" => $access_level_names + ]); + } + } + + function userdetails(): void { + $id = (int) clean($_REQUEST["id"]); + + $sth = $this->pdo->prepare("SELECT login, + ".SUBSTRING_FOR_DATE."(last_login,1,16) AS last_login, + access_level, + (SELECT COUNT(int_id) FROM ttrss_user_entries + WHERE owner_uid = id) AS stored_articles, + ".SUBSTRING_FOR_DATE."(created,1,16) AS created + FROM ttrss_users + WHERE id = ?"); + $sth->execute([$id]); + + if ($row = $sth->fetch()) { + + $last_login = TimeHelper::make_local_datetime( + $row["last_login"], true); + + $created = TimeHelper::make_local_datetime( + $row["created"], true); + + $stored_articles = $row["stored_articles"]; + + $sth = $this->pdo->prepare("SELECT COUNT(id) as num_feeds FROM ttrss_feeds + WHERE owner_uid = ?"); + $sth->execute([$id]); + $row = $sth->fetch(); + + $num_feeds = $row["num_feeds"]; + + ?> + + <fieldset> + <label><?= __('Registered') ?>:</label> + <?= $created ?> + </fieldset> + + <fieldset> + <label><?= __('Last logged in') ?>:</label> + <?= $last_login ?> + </fieldset> + + <fieldset> + <label><?= __('Subscribed feeds') ?>:</label> + <?= $num_feeds ?> + </fieldset> + + <fieldset> + <label><?= __('Stored articles') ?>:</label> + <?= $stored_articles ?> + </fieldset> + + <?php + $sth = $this->pdo->prepare("SELECT id,title,site_url FROM ttrss_feeds + WHERE owner_uid = ? ORDER BY title"); + $sth->execute([$id]); + ?> + + <ul class="panel panel-scrollable list list-unstyled"> + <?php while ($row = $sth->fetch()) { ?> + <li> + <?php + $icon_url = Feeds::_get_icon_url($row['id'], 'images/blank_icon.gif'); + ?> + + <img class="icon" src="<?= htmlspecialchars($icon_url) ?>"> + + <a target="_blank" href="<?= htmlspecialchars($row["site_url"]) ?>"> + <?= htmlspecialchars($row["title"]) ?> + </a> + </li> + <?php } ?> + </ul> + + <?php + + } else { + print_error(__('User not found')); + } + + } + + function editSave(): void { + $id = (int)$_REQUEST['id']; + $password = clean($_REQUEST["password"]); + $user = ORM::for_table('ttrss_users')->find_one($id); + + if ($user) { + $login = clean($_REQUEST["login"]); + + if ($id == 1) $login = "admin"; + if (!$login) return; + + $user->login = mb_strtolower($login); + $user->access_level = (int) clean($_REQUEST["access_level"]); + $user->email = clean($_REQUEST["email"]); + $user->otp_enabled = checkbox_to_sql_bool($_REQUEST["otp_enabled"] ?? ""); + + // force new OTP secret when next enabled + if (Config::get_schema_version() >= 143 && !$user->otp_enabled) { + $user->otp_secret = null; + } + + $user->save(); + } + + if ($password) { + UserHelper::reset_password($id, false, $password); + } + } + + function remove(): void { + $ids = explode(",", clean($_REQUEST["ids"])); + + foreach ($ids as $id) { + if ($id != $_SESSION["uid"] && $id != 1) { + $sth = $this->pdo->prepare("DELETE FROM ttrss_tags WHERE owner_uid = ?"); + $sth->execute([$id]); + + $sth = $this->pdo->prepare("DELETE FROM ttrss_feeds WHERE owner_uid = ?"); + $sth->execute([$id]); + + $sth = $this->pdo->prepare("DELETE FROM ttrss_users WHERE id = ?"); + $sth->execute([$id]); + } + } + } + + function add(): void { + $login = clean($_REQUEST["login"]); + + if (!$login) return; // no blank usernames + + if (!UserHelper::find_user_by_login($login)) { + + $new_password = make_password(); + + $user = ORM::for_table('ttrss_users')->create(); + + $user->salt = UserHelper::get_salt(); + $user->login = mb_strtolower($login); + $user->pwd_hash = UserHelper::hash_password($new_password, $user->salt); + $user->access_level = 0; + $user->created = Db::NOW(); + $user->save(); + + if (!is_null(UserHelper::find_user_by_login($login))) { + print T_sprintf("Added user %s with password %s", + $login, $new_password); + } else { + print T_sprintf("Could not create user %s", $login); + } + } else { + print T_sprintf("User %s already exists.", $login); + } + } + + function resetPass(): void { + UserHelper::reset_password(clean($_REQUEST["id"])); + } + + function index(): void { + + global $access_level_names; + + $user_search = clean($_REQUEST["search"] ?? ""); + + if (array_key_exists("search", $_REQUEST)) { + $_SESSION["prefs_user_search"] = $user_search; + } else { + $user_search = ($_SESSION["prefs_user_search"] ?? ""); + } + + $sort = clean($_REQUEST["sort"] ?? ""); + + if (!$sort || $sort == "undefined") { + $sort = "login"; + } + + if (!in_array($sort, ["login", "access_level", "created", "num_feeds", "created", "last_login"])) + $sort = "login"; + + if ($sort != "login") $sort = "$sort DESC"; + ?> + + <div dojoType='dijit.layout.BorderContainer' gutters='false'> + <div style='padding : 0px' dojoType='dijit.layout.ContentPane' region='top'> + <div dojoType='fox.Toolbar'> + + <div style='float : right'> + <input dojoType='dijit.form.TextBox' id='user_search' size='20' type='search' + value="<?= htmlspecialchars($user_search) ?>"> + <button dojoType='dijit.form.Button' onclick='Users.reload()'> + <?= __('Search') ?> + </button> + </div> + + <div dojoType='fox.form.DropDownButton'> + <span><?= __('Select') ?></span> + <div dojoType='dijit.Menu' style='display: none'> + <div onclick="Tables.select('users-list', true)" + dojoType='dijit.MenuItem'><?= __('All') ?></div> + <div onclick="Tables.select('users-list', false)" + dojoType='dijit.MenuItem'><?= __('None') ?></div> + </div> + </div> + + <button dojoType='dijit.form.Button' onclick='Users.add()'> + <?= __('Create user') ?> + </button> + + <button dojoType='dijit.form.Button' onclick='Users.removeSelected()'> + <?= __('Remove') ?> + </button> + + <button dojoType='dijit.form.Button' onclick='Users.resetSelected()'> + <?= __('Reset password') ?> + </button> + + <?php PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "prefUsersToolbar") ?> + + </div> + </div> + <div style='padding : 0px' dojoType='dijit.layout.ContentPane' region='center'> + + <table width='100%' class='users-list' id='users-list'> + + <tr> + <th></th> + <th><a href='#' onclick="Users.reload('login')"><?= ('Login') ?></a></th> + <th><a href='#' onclick="Users.reload('access_level')"><?= ('Access Level') ?></a></th> + <th><a href='#' onclick="Users.reload('num_feeds')"><?= ('Subscribed feeds') ?></a></th> + <th><a href='#' onclick="Users.reload('created')"><?= ('Registered') ?></a></th> + <th><a href='#' onclick="Users.reload('last_login')"><?= ('Last login') ?></a></th> + </tr> + + <?php + $users = ORM::for_table('ttrss_users') + ->table_alias('u') + ->left_outer_join("ttrss_feeds", ["owner_uid", "=", "u.id"], 'f') + ->select_expr('u.*,COUNT(f.id) AS num_feeds') + ->where_like("login", $user_search ? "%$user_search%" : "%") + ->order_by_expr($sort) + ->group_by_expr('u.id') + ->find_many(); + + foreach ($users as $user) { ?> + + <tr data-row-id='<?= $user["id"] ?>' onclick='Users.edit(<?= $user["id"] ?>)' title="<?= __('Click to edit') ?>"> + <td class='checkbox'> + <input onclick='Tables.onRowChecked(this); event.stopPropagation();' + dojoType='dijit.form.CheckBox' type='checkbox'> + </td> + + <td width='30%'> + <i class='material-icons'>person</i> + <strong><?= htmlspecialchars($user["login"]) ?></strong> + </td> + <td><?= $access_level_names[$user["access_level"]] ?></td> + <td><?= $user["num_feeds"] ?></td> + <td class='text-muted'><?= TimeHelper::make_local_datetime($user["created"], false) ?></td> + <td class='text-muted'><?= TimeHelper::make_local_datetime($user["last_login"], false) ?></td> + </tr> + <?php } ?> + </table> + </div> + <?php PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB, "prefUsers") ?> + </div> + <?php + } + +} |