summaryrefslogtreecommitdiff
path: root/classes/pref/users.php
diff options
context:
space:
mode:
Diffstat (limited to 'classes/pref/users.php')
-rw-r--r--classes/pref/users.php77
1 files changed, 33 insertions, 44 deletions
diff --git a/classes/pref/users.php b/classes/pref/users.php
index 111cabdca..bf95886ad 100644
--- a/classes/pref/users.php
+++ b/classes/pref/users.php
@@ -14,9 +14,9 @@ class Pref_Users extends Handler_Administrative {
$sth = $this->pdo->prepare("SELECT id, login, access_level, email FROM ttrss_users WHERE id = ?");
$sth->execute([$id]);
- if ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
+ if ($user = $sth->fetch(PDO::FETCH_ASSOC)) {
print json_encode([
- "user" => $row,
+ "user" => $user,
"access_level_names" => $access_level_names
]);
}
@@ -106,21 +106,22 @@ class Pref_Users extends Handler_Administrative {
}
function editSave() {
- $login = clean($_REQUEST["login"]);
- $uid = (int) clean($_REQUEST["id"]);
- $access_level = (int) clean($_REQUEST["access_level"]);
- $email = clean($_REQUEST["email"]);
+ $id = (int)$_REQUEST['id'];
$password = clean($_REQUEST["password"]);
+ $user = ORM::for_table('ttrss_users')->find_one($id);
+
+ if ($user) {
+ $login = clean($_REQUEST["login"]);
- // no blank usernames
- if (!$login) return;
+ if ($id == 1) $login = "admin";
+ if (!$login) return;
- // forbid renaming admin
- if ($uid == 1) $login = "admin";
+ $user->login = $login;
+ $user->access_level = (int) clean($_REQUEST["access_level"]);
+ $user->email = clean($_REQUEST["email"]);
- $sth = $this->pdo->prepare("UPDATE ttrss_users SET login = LOWER(?),
- access_level = ?, email = ?, otp_enabled = false WHERE id = ?");
- $sth->execute([$login, $access_level, $email, $uid]);
+ $user->save();
+ }
if ($password) {
UserHelper::reset_password($uid, false, $password);
@@ -194,11 +195,10 @@ class Pref_Users extends Handler_Administrative {
$sort = "login";
}
- $sort = $this->_validate_field($sort,
- ["login", "access_level", "created", "num_feeds", "created", "last_login"], "login");
+ if (!in_array($sort, ["login", "access_level", "created", "num_feeds", "created", "last_login"]))
+ $sort = "login";
if ($sort != "login") $sort = "$sort DESC";
-
?>
<div dojoType='dijit.layout.BorderContainer' gutters='false'>
@@ -253,32 +253,28 @@ class Pref_Users extends Handler_Administrative {
</tr>
<?php
- $sth = $this->pdo->prepare("SELECT
- tu.id,
- login,access_level,email,
- ".SUBSTRING_FOR_DATE."(last_login,1,16) as last_login,
- ".SUBSTRING_FOR_DATE."(created,1,16) as created,
- (SELECT COUNT(id) FROM ttrss_feeds WHERE owner_uid = tu.id) AS num_feeds
- FROM
- ttrss_users tu
- WHERE
- (:search = '' OR login LIKE :search) AND tu.id > 0
- ORDER BY $sort");
- $sth->execute([":search" => $user_search ? "%$user_search%" : ""]);
-
- while ($row = $sth->fetch()) { ?>
-
- <tr data-row-id='<?= $row["id"] ?>' onclick='Users.edit(<?= $row["id"] ?>)' title="<?= __('Click to edit') ?>">
+ $users = ORM::for_table('ttrss_users')
+ ->table_alias('u')
+ ->left_outer_join("ttrss_feeds", ["owner_uid", "=", "u.id"], 'f')
+ ->select_expr('u.*,COUNT(f.id) AS num_feeds')
+ ->where_like("login", $user_search ? "%$user_search%" : "%")
+ ->order_by_expr($sort)
+ ->group_by_expr('u.id')
+ ->find_many();
+
+ foreach ($users as $user) { ?>
+
+ <tr data-row-id='<?= $user["id"] ?>' onclick='Users.edit(<?= $user["id"] ?>)' title="<?= __('Click to edit') ?>">
<td align='center'>
<input onclick='Tables.onRowChecked(this); event.stopPropagation();'
dojoType='dijit.form.CheckBox' type='checkbox'>
</td>
- <td><i class='material-icons'>person</i> <?= htmlspecialchars($row["login"]) ?></td>
- <td><?= $access_level_names[$row["access_level"]] ?></td>
- <td><?= $row["num_feeds"] ?></td>
- <td><?= TimeHelper::make_local_datetime($row["created"], false) ?></td>
- <td><?= TimeHelper::make_local_datetime($row["last_login"], false) ?></td>
+ <td><i class='material-icons'>person</i> <?= htmlspecialchars($user["login"]) ?></td>
+ <td><?= $access_level_names[$user["access_level"]] ?></td>
+ <td><?= $user["num_feeds"] ?></td>
+ <td><?= TimeHelper::make_local_datetime($user["created"], false) ?></td>
+ <td><?= TimeHelper::make_local_datetime($user["last_login"], false) ?></td>
</tr>
<?php } ?>
</table>
@@ -288,11 +284,4 @@ class Pref_Users extends Handler_Administrative {
<?php
}
- private function _validate_field($string, $allowed, $default = "") {
- if (in_array($string, $allowed))
- return $string;
- else
- return $default;
- }
-
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-28 12:26:58 +0000