diff options
-rw-r--r-- | backend.php | 192 | ||||
-rw-r--r-- | functions.php | 37 | ||||
-rw-r--r-- | login.php | 1 | ||||
-rw-r--r-- | prefs.js | 213 | ||||
-rw-r--r-- | prefs.php | 10 | ||||
-rw-r--r-- | tt-rss.css | 10 | ||||
-rw-r--r-- | tt-rss.php | 3 |
7 files changed, 454 insertions, 12 deletions
diff --git a/backend.php b/backend.php index 0fbe75b33..42707b09a 100644 --- a/backend.php +++ b/backend.php @@ -1009,7 +1009,7 @@ } else { - print "<td><input disabled=\"true\" type=\"checkbox\"></td>"; + print "<td><input disabled=\"true\" type=\"checkbox\" checked></td>"; print "<td><input id=\"iedit_title\" value=\"$edit_title\"></td>"; print "<td><input id=\"iedit_link\" value=\"$edit_link\"></td>"; @@ -1201,7 +1201,7 @@ } else { - print "<td><input disabled=\"true\" type=\"checkbox\"></td>"; + print "<td><input disabled=\"true\" type=\"checkbox\" checked></td>"; print "<td><input id=\"iedit_regexp\" value=\"".$line["reg_exp"]. "\"></td>"; @@ -1356,7 +1356,7 @@ } else { - print "<td><input disabled=\"true\" type=\"checkbox\"></td>"; + print "<td><input disabled=\"true\" type=\"checkbox\" checked></td>"; print "<td><input id=\"iedit_expr\" value=\"".$line["sql_exp"]. "\"></td>"; @@ -1743,6 +1743,192 @@ } + if ($op == "pref-users") { + + $subop = $_GET["subop"]; + + if ($subop == "editSave") { + + if (!WEB_DEMO_MODE) { + + $login = db_escape_string($_GET["l"]); + $uid = db_escape_string($_GET["id"]); + $access_level = sprintf("%d", $_GET["al"]); + + db_query($link, "UPDATE ttrss_users SET login = '$login', access_level = '$access_level' WHERE id = '$uid'"); + + } + } else if ($subop == "remove") { + + if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { + + $ids = split(",", $_GET["ids"]); + + foreach ($ids as $id) { + db_query($link, "DELETE FROM ttrss_users WHERE id = '$id' AND id != " . $_SESSION["uid"]); + + } + } + } else if ($subop == "add") { + + if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { + + $login = db_escape_string($_GET["login"]); + $tmp_user_pwd = make_password(8); + $pwd_hash = 'SHA1:' . sha1($tmp_user_pwd); + + db_query($link, "INSERT INTO ttrss_users (login,pwd_hash,access_level) + VALUES ('$login', '$pwd_hash', 0)"); + + + $result = db_query($link, "SELECT id FROM ttrss_users WHERE + login = '$login' AND pwd_hash = '$pwd_hash'"); + + if (db_num_rows($result) == 1) { + + $new_uid = db_fetch_result($result, 0, "id"); + + print "<div class=\"notice\">Added user <b>".$_GET["login"]. + "</b> with password <b>$tmp_user_pwd</b>.</div>"; + + initialize_user($link, $new_uid); + + } else { + + print "<div class=\"warning\">Error while adding user <b>". + $_GET["login"].".</b></div>"; + + } + } + } else if ($subop == "resetPass") { + + if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { + + $uid = db_escape_string($_GET["id"]); + + $result = db_query($link, "SELECT login FROM ttrss_users WHERE id = '$uid'"); + + $login = db_fetch_result($result, 0, "login"); + $tmp_user_pwd = make_password(8); + $pwd_hash = 'SHA1:' . sha1($tmp_user_pwd); + + db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash' + WHERE id = '$uid'"); + + print "<div class=\"notice\">Changed password of + user <b>$login</b> to <b>$tmp_user_pwd</b>.</div>"; + + } + } + + print "<table class=\"prefAddFeed\"><tr> + <td><input id=\"uadd_box\"></td>"; + + print"<td colspan=\"4\" align=\"right\"> + <a class=\"button\" href=\"javascript:addUser()\">Add user</a></td></tr> + </table>"; + + $result = db_query($link, "SELECT + id,login,access_level + FROM + ttrss_users + ORDER by login"); + + print "<p><table width=\"100%\" class=\"prefUserList\" id=\"prefUserList\">"; + + print "<tr class=\"title\"> + <td width=\"5%\">Select</td><td width='40%'>Login + </td> + <td width='40%'>Access Level</td></tr>"; + + $lnum = 0; + + while ($line = db_fetch_assoc($result)) { + + $class = ($lnum % 2) ? "even" : "odd"; + + $uid = $line["id"]; + $edit_uid = $_GET["id"]; + + if ($uid == $_SESSION["uid"] || ($subop == "edit" && $uid != $edit_uid)) { + $class .= "Grayed"; + } + + print "<tr class=\"$class\" id=\"UMRR-$uid\">"; + + $line["login"] = htmlspecialchars($line["login"]); + + if ($uid == $_SESSION["uid"]) { + + print "<td><input disabled=\"true\" type=\"checkbox\" + id=\"UMCHK-".$line["id"]."\"></td>"; + + print "<td>".$line["login"]."</td>"; + print "<td>".$line["access_level"]."</td>"; + + + } else if (!$edit_uid || $subop != "edit") { + + print "<td><input onclick='toggleSelectRow(this);' + type=\"checkbox\" id=\"UMCHK-".$line["id"]."\"></td>"; + + print "<td><a href=\"javascript:editUser($uid);\">" . + $line["login"] . "</td>"; + + print "<td><a href=\"javascript:editUser($uid);\">" . + $line["access_level"] . "</td>"; + + } else if ($uid != $edit_uid) { + + print "<td><input disabled=\"true\" type=\"checkbox\" + id=\"UMCHK-".$line["id"]."\"></td>"; + + print "<td>".$line["login"]."</td>"; + print "<td>".$line["access_level"]."</td>"; + + } else { + + print "<td><input disabled=\"true\" type=\"checkbox\" checked></td>"; + + print "<td><input id=\"iedit_ulogin\" value=\"".$line["login"]. + "\"></td>"; + + print "<td><input id=\"iedit_ulevel\" value=\"".$line["access_level"]. + "\"></td>"; + + } + + + print "</tr>"; + + ++$lnum; + } + + print "</table>"; + + print "<p>"; + + if ($subop == "edit") { + print "Edit label: + <input type=\"submit\" class=\"button\" + onclick=\"javascript:userEditCancel()\" value=\"Cancel\"> + <input type=\"submit\" class=\"button\" + onclick=\"javascript:userEditSave()\" value=\"Save\">"; + + } else { + + print " + Selection: + <input type=\"submit\" class=\"button\" + onclick=\"javascript:resetSelectedUserPass()\" value=\"Reset password\"> + <input type=\"submit\" class=\"button\" + onclick=\"javascript:editSelectedUser()\" value=\"Edit\"> + <input type=\"submit\" class=\"button\" + onclick=\"javascript:removeSelectedUsers()\" value=\"Remove\">"; + } + } + + db_close($link); ?> diff --git a/functions.php b/functions.php index 9841f95c9..3985890b1 100644 --- a/functions.php +++ b/functions.php @@ -553,4 +553,41 @@ } } + function make_password($length = 8) { + + $password = ""; + $possible = "0123456789bcdfghjkmnpqrstvwxyz"; + + $i = 0; + + while ($i < $length) { + $char = substr($possible, mt_rand(0, strlen($possible)-1), 1); + + if (!strstr($password, $char)) { + $password .= $char; + $i++; + } + } + return $password; + } + + // this is called after user is created to initialize default feeds, labels + // or whatever else + + // user preferences are checked on every login, not here + + function initialize_user($link, $uid) { + + db_query($link, "insert into ttrss_labels (owner_uid,sql_exp,description) + values ('$uid','unread = true', 'Unread articles')"); + + db_query($link, "insert into ttrss_labels (owner_uid,sql_exp,description) + values ('$uid','last_read is null and unread = false', 'Updated articles')"); + + db_query($link, "insert into ttrss_feeds (owner_uid,title,feed_url) + values ('$uid', 'Tiny Tiny RSS Dev. Feed', + 'http://bah.spb.su/darcsweb/darcsweb.cgi?r=tt-rss;a=rss')"); + + } + ?> @@ -12,6 +12,7 @@ if ($login && $password) { if (authenticate_user($link, $login, $password)) { + initialize_user_prefs($link, $_SESSION["uid"]); header("Location: tt-rss.php"); } } @@ -8,6 +8,7 @@ var xmlhttp = false; var active_feed = false; var active_filter = false; var active_label = false; +var active_user = false; var active_tab = false; @@ -95,6 +96,28 @@ function labellist_callback() { } } +function userlist_callback() { + var container = document.getElementById('prefContent'); + if (xmlhttp.readyState == 4) { + container.innerHTML=xmlhttp.responseText; + +/* if (active_filter) { + var row = document.getElementById("ULRR-" + active_label); + if (row) { + if (!row.className.match("Selected")) { + row.className = row.className + "Selected"; + } + } + var checkbox = document.getElementById("LICHK-" + active_label); + + if (checkbox) { + checkbox.checked = true; + } + } */ + p_notify(""); + } +} + function prefslist_callback() { var container = document.getElementById('prefContent'); if (xmlhttp.readyState == 4) { @@ -141,6 +164,23 @@ function updateFeedList() { } +function updateUsersList() { + + if (!xmlhttp_ready(xmlhttp)) { + printLockingError(); + return + } + +// document.getElementById("prefContent").innerHTML = "Loading feeds, please wait..."; + + p_notify("Loading, please wait..."); + + xmlhttp.open("GET", "backend.php?op=pref-users", true); + xmlhttp.onreadystatechange=userlist_callback; + xmlhttp.send(null); + +} + function toggleSelectRow(sender) { var parent_row = sender.parentNode.parentNode; @@ -233,6 +273,31 @@ function addFeed() { } +function addUser() { + + if (!xmlhttp_ready(xmlhttp)) { + printLockingError(); + return + } + + var sqlexp = document.getElementById("uadd_box"); + + if (sqlexp.value.length == 0) { + notify("Missing user login."); + } else { + notify("Adding user..."); + + xmlhttp.open("GET", "backend.php?op=pref-users&subop=add&login=" + + param_escape(sqlexp.value), true); + + xmlhttp.onreadystatechange=userlist_callback; + xmlhttp.send(null); + + sqlexp.value = ""; + } + +} + function editLabel(id) { if (!xmlhttp_ready(xmlhttp)) { @@ -249,6 +314,22 @@ function editLabel(id) { } +function editUser(id) { + + if (!xmlhttp_ready(xmlhttp)) { + printLockingError(); + return + } + + active_user = id; + + xmlhttp.open("GET", "backend.php?op=pref-users&subop=edit&id=" + + param_escape(id), true); + xmlhttp.onreadystatechange=userlist_callback; + xmlhttp.send(null); + +} + function editFilter(id) { if (!xmlhttp_ready(xmlhttp)) { @@ -299,6 +380,22 @@ function getSelectedLabels() { return sel_rows; } +function getSelectedUsers() { + + var content = document.getElementById("prefUserList"); + + var sel_rows = new Array(); + + for (i = 0; i < content.rows.length; i++) { + if (content.rows[i].className.match("Selected")) { + var row_id = content.rows[i].id.replace("UMRR-", ""); + sel_rows.push(row_id); + } + } + + return sel_rows; +} + function getSelectedFilters() { @@ -405,6 +502,29 @@ function removeSelectedLabels() { } } +function removeSelectedUsers() { + + if (!xmlhttp_ready(xmlhttp)) { + printLockingError(); + return + } + + var sel_rows = getSelectedUsers(); + + if (sel_rows.length > 0) { + + notify("Removing selected users..."); + + xmlhttp.open("GET", "backend.php?op=pref-users&subop=remove&ids="+ + param_escape(sel_rows.toString()), true); + xmlhttp.onreadystatechange=userlist_callback; + xmlhttp.send(null); + + } else { + notify("Please select some labels first."); + } +} + function removeSelectedFilters() { if (!xmlhttp_ready(xmlhttp)) { @@ -535,6 +655,22 @@ function labelEditCancel() { } +function userEditCancel() { + + if (!xmlhttp_ready(xmlhttp)) { + printLockingError(); + return + } + + active_user = false; + + notify("Operation cancelled."); + + xmlhttp.open("GET", "backend.php?op=pref-users", true); + xmlhttp.onreadystatechange=userlist_callback; + xmlhttp.send(null); + +} function filterEditCancel() { @@ -588,6 +724,40 @@ function labelEditSave() { } +function userEditSave() { + + var user = active_user; + + if (!xmlhttp_ready(xmlhttp)) { + printLockingError(); + return + } + + var login = document.getElementById("iedit_ulogin").value; + var level = document.getElementById("iedit_ulevel").value; + + if (login.length == 0) { + notify("Login cannot be blank."); + return; + } + + if (level.length == 0) { + notify("User level cannot be blank."); + return; + } + + active_user = false; + + xmlhttp.open("GET", "backend.php?op=pref-users&subop=editSave&id=" + + user + "&l=" + param_escape(login) + "&al=" + param_escape(level), + true); + + xmlhttp.onreadystatechange=labellist_callback; + xmlhttp.send(null); + +} + + function filterEditSave() { var filter = active_filter; @@ -638,6 +808,47 @@ function editSelectedLabel() { } +function editSelectedUser() { + var rows = getSelectedUsers(); + + if (rows.length == 0) { + notify("No users are selected."); + return; + } + + if (rows.length > 1) { + notify("Please select one user."); + return; + } + + editUser(rows[0]); +} + +function resetSelectedUserPass() { + var rows = getSelectedUsers(); + + if (rows.length == 0) { + notify("No users are selected."); + return; + } + + if (rows.length > 1) { + notify("Please select one user."); + return; + } + + notify("Resetting password for selected user..."); + + var id = rows[0]; + + xmlhttp.open("GET", "backend.php?op=pref-users&subop=resetPass&id=" + + param_escape(id), true); + xmlhttp.onreadystatechange=userlist_callback; + xmlhttp.send(null); + +} + + function editSelectedFilter() { var rows = getSelectedFilters(); @@ -755,6 +966,8 @@ function selectTab(id) { updateLabelList(); } else if (id == "genConfig") { updatePrefsList(); + } else if (id == "userConfig") { + updateUsersList(); } var tab = document.getElementById(active_tab + "Tab"); @@ -23,10 +23,6 @@ $_SESSION["name"] = "admin"; } - - initialize_user_prefs($link, $_SESSION["uid"]); - // FIXME this needs to be moved somewhere after user creation - ?> <html> <head> @@ -77,7 +73,7 @@ <? } ?> <tr> <td class="prefsTabs" align="left" valign="bottom"> - <input id="genConfigTab" class="prefsTab" type="submit" value="User Preferences" + <input id="genConfigTab" class="prefsTab" type="submit" value="Preferences" onclick="selectTab('genConfig')"> <input id="feedConfigTab" class="prefsTab" type="submit" value="Feed Configuration" onclick="selectTab('feedConfig')"> @@ -87,6 +83,10 @@ <input id="labelConfigTab" class="prefsTab" type="submit" value="Label Editor" onclick="selectTab('labelConfig')"> <? } ?> + <? if ($_SESSION["access_level"] >= 10) { ?> + <input id="userConfigTab" class="prefsTab" type="submit" value="User Manager" + onclick="selectTab('userConfig')"> + <? } ?> </td> <td class="prefsToolbar" valign="middle" align="right"> <input type="submit" onclick="gotoMain()" class="button" value="Return to main"> diff --git a/tt-rss.css b/tt-rss.css index 0bc3a522e..b45f0d427 100644 --- a/tt-rss.css +++ b/tt-rss.css @@ -241,7 +241,7 @@ a:hover { } #iedit_title, #iedit_link, #iedit_regexp, #iedit_descr, #iedit_expr, #iedit_updintl, -#iedit_purgintl { +#iedit_purgintl, #iedit_ulogin, #iedit_ulevel { width : 100%; padding-left : 2px; } @@ -498,6 +498,14 @@ div.warning { font-size : x-small; } +div.notice { + background : #ffffff; + border : 1px solid #c0c0c0; + padding : 5px; + margin : 5px; + font-size : x-small; +} + ul.nomarks { list-style-type : none; margin : 0px; diff --git a/tt-rss.php b/tt-rss.php index 6dd4195fa..5de1c6758 100644 --- a/tt-rss.php +++ b/tt-rss.php @@ -23,9 +23,6 @@ $_SESSION["name"] = "admin"; } - initialize_user_prefs($link, $_SESSION["uid"]); - // FIXME this needs to be moved somewhere after user creation - ?> <html> <head> |