diff options
Diffstat (limited to 'classes')
-rwxr-xr-x | classes/db.php | 29 | ||||
-rw-r--r-- | classes/pref/users.php | 77 |
2 files changed, 53 insertions, 53 deletions
diff --git a/classes/db.php b/classes/db.php index a760d4402..a30ffad31 100755 --- a/classes/db.php +++ b/classes/db.php @@ -1,27 +1,38 @@ <?php class Db { - /* @var Db $instance */ + /** @var Db $instance */ private static $instance; private $link; - /* @var PDO $pdo */ + /** @var PDO $pdo */ private $pdo; + function __construct() { + ORM::configure(self::get_dsn()); + ORM::configure('username', Config::get(Config::DB_USER)); + ORM::configure('password', Config::get(Config::DB_PASS)); + ORM::configure('return_result_sets', true); + } + private function __clone() { // } - // this really shouldn't be used unless a separate PDO connection is needed - // normal usage is Db::pdo()->prepare(...) etc - public function pdo_connect() { - + public static function get_dsn() { $db_port = Config::get(Config::DB_PORT) ? ';port=' . Config::get(Config::DB_PORT) : ''; $db_host = Config::get(Config::DB_HOST) ? ';host=' . Config::get(Config::DB_HOST) : ''; + return Config::get(Config::DB_TYPE) . ':dbname=' . Config::get(Config::DB_NAME) . $db_host . $db_port; + } + + // this really shouldn't be used unless a separate PDO connection is needed + // normal usage is Db::pdo()->prepare(...) etc + public function pdo_connect() : PDO { + try { - $pdo = new PDO(Config::get(Config::DB_TYPE) . ':dbname=' . Config::get(Config::DB_NAME) . $db_host . $db_port, + $pdo = new PDO(self::get_dsn(), Config::get(Config::DB_USER), Config::get(Config::DB_PASS)); } catch (Exception $e) { @@ -49,7 +60,7 @@ class Db return $pdo; } - public static function instance() { + public static function instance() : Db { if (self::$instance == null) self::$instance = new self(); @@ -60,7 +71,7 @@ class Db if (self::$instance == null) self::$instance = new self(); - if (!self::$instance->pdo) { + if (empty(self::$instance->pdo)) { self::$instance->pdo = self::$instance->pdo_connect(); } diff --git a/classes/pref/users.php b/classes/pref/users.php index 111cabdca..bf95886ad 100644 --- a/classes/pref/users.php +++ b/classes/pref/users.php @@ -14,9 +14,9 @@ class Pref_Users extends Handler_Administrative { $sth = $this->pdo->prepare("SELECT id, login, access_level, email FROM ttrss_users WHERE id = ?"); $sth->execute([$id]); - if ($row = $sth->fetch(PDO::FETCH_ASSOC)) { + if ($user = $sth->fetch(PDO::FETCH_ASSOC)) { print json_encode([ - "user" => $row, + "user" => $user, "access_level_names" => $access_level_names ]); } @@ -106,21 +106,22 @@ class Pref_Users extends Handler_Administrative { } function editSave() { - $login = clean($_REQUEST["login"]); - $uid = (int) clean($_REQUEST["id"]); - $access_level = (int) clean($_REQUEST["access_level"]); - $email = clean($_REQUEST["email"]); + $id = (int)$_REQUEST['id']; $password = clean($_REQUEST["password"]); + $user = ORM::for_table('ttrss_users')->find_one($id); + + if ($user) { + $login = clean($_REQUEST["login"]); - // no blank usernames - if (!$login) return; + if ($id == 1) $login = "admin"; + if (!$login) return; - // forbid renaming admin - if ($uid == 1) $login = "admin"; + $user->login = $login; + $user->access_level = (int) clean($_REQUEST["access_level"]); + $user->email = clean($_REQUEST["email"]); - $sth = $this->pdo->prepare("UPDATE ttrss_users SET login = LOWER(?), - access_level = ?, email = ?, otp_enabled = false WHERE id = ?"); - $sth->execute([$login, $access_level, $email, $uid]); + $user->save(); + } if ($password) { UserHelper::reset_password($uid, false, $password); @@ -194,11 +195,10 @@ class Pref_Users extends Handler_Administrative { $sort = "login"; } - $sort = $this->_validate_field($sort, - ["login", "access_level", "created", "num_feeds", "created", "last_login"], "login"); + if (!in_array($sort, ["login", "access_level", "created", "num_feeds", "created", "last_login"])) + $sort = "login"; if ($sort != "login") $sort = "$sort DESC"; - ?> <div dojoType='dijit.layout.BorderContainer' gutters='false'> @@ -253,32 +253,28 @@ class Pref_Users extends Handler_Administrative { </tr> <?php - $sth = $this->pdo->prepare("SELECT - tu.id, - login,access_level,email, - ".SUBSTRING_FOR_DATE."(last_login,1,16) as last_login, - ".SUBSTRING_FOR_DATE."(created,1,16) as created, - (SELECT COUNT(id) FROM ttrss_feeds WHERE owner_uid = tu.id) AS num_feeds - FROM - ttrss_users tu - WHERE - (:search = '' OR login LIKE :search) AND tu.id > 0 - ORDER BY $sort"); - $sth->execute([":search" => $user_search ? "%$user_search%" : ""]); - - while ($row = $sth->fetch()) { ?> - - <tr data-row-id='<?= $row["id"] ?>' onclick='Users.edit(<?= $row["id"] ?>)' title="<?= __('Click to edit') ?>"> + $users = ORM::for_table('ttrss_users') + ->table_alias('u') + ->left_outer_join("ttrss_feeds", ["owner_uid", "=", "u.id"], 'f') + ->select_expr('u.*,COUNT(f.id) AS num_feeds') + ->where_like("login", $user_search ? "%$user_search%" : "%") + ->order_by_expr($sort) + ->group_by_expr('u.id') + ->find_many(); + + foreach ($users as $user) { ?> + + <tr data-row-id='<?= $user["id"] ?>' onclick='Users.edit(<?= $user["id"] ?>)' title="<?= __('Click to edit') ?>"> <td align='center'> <input onclick='Tables.onRowChecked(this); event.stopPropagation();' dojoType='dijit.form.CheckBox' type='checkbox'> </td> - <td><i class='material-icons'>person</i> <?= htmlspecialchars($row["login"]) ?></td> - <td><?= $access_level_names[$row["access_level"]] ?></td> - <td><?= $row["num_feeds"] ?></td> - <td><?= TimeHelper::make_local_datetime($row["created"], false) ?></td> - <td><?= TimeHelper::make_local_datetime($row["last_login"], false) ?></td> + <td><i class='material-icons'>person</i> <?= htmlspecialchars($user["login"]) ?></td> + <td><?= $access_level_names[$user["access_level"]] ?></td> + <td><?= $user["num_feeds"] ?></td> + <td><?= TimeHelper::make_local_datetime($user["created"], false) ?></td> + <td><?= TimeHelper::make_local_datetime($user["last_login"], false) ?></td> </tr> <?php } ?> </table> @@ -288,11 +284,4 @@ class Pref_Users extends Handler_Administrative { <?php } - private function _validate_field($string, $allowed, $default = "") { - if (in_array($string, $allowed)) - return $string; - else - return $default; - } - } |