diff options
author | Andrew Dolgov <[email protected]> | 2011-03-28 08:30:00 +0400 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2011-03-28 08:30:15 +0400 |
commit | 3d72afa19a7e8e7f7691086dedba7c5f9631f42f (patch) | |
tree | 397f1e5936935122f0f023819fef26fbf1613cb4 /modules/pref-prefs.php | |
parent | f98252f27cb979f5285b65908b1b24a913b1af81 (diff) |
use SSL serial to bind certificate to user; implement autologin using SSL certificate; set a separate session cookie for SSL connections (refs #324)
Diffstat (limited to 'modules/pref-prefs.php')
-rw-r--r-- | modules/pref-prefs.php | 86 |
1 files changed, 50 insertions, 36 deletions
diff --git a/modules/pref-prefs.php b/modules/pref-prefs.php index 806d295d0..1a2b2cd77 100644 --- a/modules/pref-prefs.php +++ b/modules/pref-prefs.php @@ -6,12 +6,12 @@ $subop = $_REQUEST["subop"]; $prefs_blacklist = array("HIDE_FEEDLIST", "SYNC_COUNTERS", "ENABLE_LABELS", - "ENABLE_SEARCH_TOOLBAR", "HIDE_READ_FEEDS", "ENABLE_FEED_ICONS", + "ENABLE_SEARCH_TOOLBAR", "HIDE_READ_FEEDS", "ENABLE_FEED_ICONS", "ENABLE_OFFLINE_READING", "EXTENDED_FEEDLIST", "FEEDS_SORT_BY_UNREAD", "OPEN_LINKS_IN_NEW_WINDOW", "USER_STYLESHEET_URL", "ENABLE_FLASH_PLAYER"); - $profile_blacklist = array("ALLOW_DUPLICATE_POSTS", "PURGE_OLD_DAYS", - "PURGE_UNREAD_ARTICLES", "DIGEST_ENABLE", "DIGEST_CATCHUP", + $profile_blacklist = array("ALLOW_DUPLICATE_POSTS", "PURGE_OLD_DAYS", + "PURGE_UNREAD_ARTICLES", "DIGEST_ENABLE", "DIGEST_CATCHUP", "BLACKLISTED_TAGS", "ENABLE_FEED_ICONS", "ENABLE_API_ACCESS", "UPDATE_POST_ON_CHECKSUM_CHANGE", "DEFAULT_UPDATE_INTERVAL", "MARK_UNREAD_ON_UPDATE", "USER_TIMEZONE", "SORT_HEADLINES_BY_FEED_DATE"); @@ -47,18 +47,18 @@ $new_pw_hash = encrypt_password($new_pw, $_SESSION["name"]); $active_uid = $_SESSION["uid"]; - + if ($old_pw && $new_pw) { $login = db_escape_string($_SERVER['PHP_AUTH_USER']); - $result = db_query($link, "SELECT id FROM ttrss_users WHERE - id = '$active_uid' AND (pwd_hash = '$old_pw_hash1' OR + $result = db_query($link, "SELECT id FROM ttrss_users WHERE + id = '$active_uid' AND (pwd_hash = '$old_pw_hash1' OR pwd_hash = '$old_pw_hash2')"); if (db_num_rows($result) == 1) { - db_query($link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash' - WHERE id = '$active_uid'"); + db_query($link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash' + WHERE id = '$active_uid'"); $_SESSION["pwd_hash"] = $new_pw_hash; @@ -81,7 +81,7 @@ $orig_theme = get_pref($link, "_THEME_ID"); foreach (array_keys($_POST) as $pref_name) { - + $pref_name = db_escape_string($pref_name); $value = db_escape_string($_POST[$pref_name]); @@ -119,10 +119,10 @@ $active_uid = $_SESSION["uid"]; db_query($link, "UPDATE ttrss_users SET email = '$email', - full_name = '$full_name' WHERE id = '$active_uid'"); - + full_name = '$full_name' WHERE id = '$active_uid'"); + print __("Your personal data has been saved."); - + return; } else if ($subop == "reset-config") { @@ -135,7 +135,7 @@ $profile_qpart = "profile IS NULL"; } - db_query($link, "DELETE FROM ttrss_user_prefs + db_query($link, "DELETE FROM ttrss_user_prefs WHERE $profile_qpart AND owner_uid = ".$_SESSION["uid"]); initialize_user_prefs($link, $_SESSION["uid"], $_SESSION["profile"]); @@ -164,8 +164,8 @@ new Ajax.Request('backend.php', { parameters: dojo.objectToQuery(this.getValues()), - onComplete: function(transport) { - notify_callback2(transport); + onComplete: function(transport) { + notify_callback2(transport); } }); } @@ -176,7 +176,7 @@ $result = db_query($link, "SELECT email,full_name, access_level FROM ttrss_users WHERE id = ".$_SESSION["uid"]); - + $email = htmlspecialchars(db_fetch_result($result, 0, "email")); $full_name = htmlspecialchars(db_fetch_result($result, 0, "full_name")); @@ -192,9 +192,9 @@ print "<tr><td width=\"40%\">".__('Access level')."</td>"; print "<td>" . $access_level_names[$access_level] . "</td></tr>"; } - + print "</table>"; - + print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"subop\" value=\"change-email\">"; @@ -207,7 +207,7 @@ print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Authentication')."\">"; $result = db_query($link, "SELECT id FROM ttrss_users - WHERE id = ".$_SESSION["uid"]." AND pwd_hash + WHERE id = ".$_SESSION["uid"]." AND pwd_hash = 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'"); if (db_num_rows($result) != 0) { @@ -223,7 +223,7 @@ new Ajax.Request('backend.php', { parameters: dojo.objectToQuery(this.getValues()), - onComplete: function(transport) { + onComplete: function(transport) { notify(''); if (transport.responseText.indexOf('ERROR: ') == 0) { notify_error(transport.responseText.replace('ERROR: ', '')); @@ -238,12 +238,12 @@ </script>"; print "<table width=\"100%\" class=\"prefPrefsList\">"; - + print "<tr><td width=\"40%\">".__("Old password")."</td>"; print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"old_password\"></td></tr>"; - + print "<tr><td width=\"40%\">".__("New password")."</td>"; - + print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"new_password\"></td></tr>"; @@ -252,7 +252,7 @@ print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"confirm_password\"></td></tr>"; print "</table>"; - + print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"subop\" value=\"change-password\">"; @@ -278,11 +278,11 @@ $profile_qpart = "profile IS NULL"; } - $result = db_query($link, "SELECT + $result = db_query($link, "SELECT ttrss_user_prefs.pref_name,short_desc,help_text,value,type_name, section_name,def_value,section_id FROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs - WHERE type_id = ttrss_prefs_types.id AND + WHERE type_id = ttrss_prefs_types.id AND $profile_qpart AND section_id = ttrss_prefs_sections.id AND ttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND @@ -299,7 +299,7 @@ new Ajax.Request('backend.php', { parameters: dojo.objectToQuery(this.getValues()), - onComplete: function(transport) { + onComplete: function(transport) { var msg = transport.responseText; if (msg.match('PREFS_THEME_CHANGED')) { window.location.reload(); @@ -313,14 +313,14 @@ $lnum = 0; $active_section = ""; - + while ($line = db_fetch_assoc($result)) { if (in_array($line["pref_name"], $prefs_blacklist)) { continue; } - if ($_SESSION["profile"] && in_array($line["pref_name"], + if ($_SESSION["profile"] && in_array($line["pref_name"], $profile_blacklist)) { continue; } @@ -333,8 +333,8 @@ print "<table width=\"100%\" class=\"prefPrefsList\">"; - $active_section = $line["section_name"]; - + $active_section = $line["section_name"]; + print "<tr><td colspan=\"3\"><h3>".__($active_section)."</h3></td></tr>"; if ($line["section_id"] == 2) { @@ -345,7 +345,7 @@ print "<td><select name=\"_THEME_ID\" dojoType=\"dijit.form.Select\">"; print "<option value='Default'>".__('Default')."</option>"; - print "<option value='----------------' disabled=\"1\">--------</option>"; + print "<option value='----------------' disabled=\"1\">--------</option>"; foreach ($themes as $t) { $base = $t['base']; @@ -360,7 +360,7 @@ print "<option $selected value='$base'>$name</option>"; } - + print "</select></td></tr>"; } @@ -383,7 +383,7 @@ print "<td width=\"40%\" class=\"prefName\" id=\"$pref_name\">" . __($line["short_desc"]); if ($help_text) print "<div class=\"prefHelp\">".__($help_text)."</div>"; - + print "</td>"; print "<td class=\"prefValue\">"; @@ -402,14 +402,14 @@ $limits = array(15, 30, 45, 60); - print_select($pref_name, $value, $limits, + print_select($pref_name, $value, $limits, 'dojoType="dijit.form.Select"'); } else if ($pref_name == "DEFAULT_UPDATE_INTERVAL") { global $update_intervals_nodefault; - print_select_hash($pref_name, $value, $update_intervals_nodefault, + print_select_hash($pref_name, $value, $update_intervals_nodefault, 'dojoType="dijit.form.Select"'); } else if ($type_name == "bool") { @@ -432,6 +432,20 @@ required=\"1\" $regexp name=\"$pref_name\" value=\"$value\">"; + } else if ($pref_name == "SSL_CERT_SERIAL") { + + print "<input dojoType=\"dijit.form.ValidationTextBox\" + id=\"SSL_CERT_SERIAL\" + name=\"$pref_name\" value=\"$value\">"; + + $cert_serial = htmlspecialchars($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"]); + + if ($cert_serial) { + print " <button dojoType=\"dijit.form.Button\" + onclick=\"insertSSLserial('$cert_serial')\">" . + __('Fill automatically') . "</button>"; + } + } else { $regexp = ($type_name == 'integer') ? 'regexp="^\d*$"' : ''; |