From e6cb77a07ad5ff4b7d43aa00fdf1fc810bfebf69 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Fri, 18 Nov 2005 10:00:18 +0100 Subject: user manager --- backend.php | 192 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 189 insertions(+), 3 deletions(-) (limited to 'backend.php') diff --git a/backend.php b/backend.php index 0fbe75b33..42707b09a 100644 --- a/backend.php +++ b/backend.php @@ -1009,7 +1009,7 @@ } else { - print ""; + print ""; print ""; print ""; @@ -1201,7 +1201,7 @@ } else { - print ""; + print ""; print ""; @@ -1356,7 +1356,7 @@ } else { - print ""; + print ""; print ""; @@ -1743,6 +1743,192 @@ } + if ($op == "pref-users") { + + $subop = $_GET["subop"]; + + if ($subop == "editSave") { + + if (!WEB_DEMO_MODE) { + + $login = db_escape_string($_GET["l"]); + $uid = db_escape_string($_GET["id"]); + $access_level = sprintf("%d", $_GET["al"]); + + db_query($link, "UPDATE ttrss_users SET login = '$login', access_level = '$access_level' WHERE id = '$uid'"); + + } + } else if ($subop == "remove") { + + if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { + + $ids = split(",", $_GET["ids"]); + + foreach ($ids as $id) { + db_query($link, "DELETE FROM ttrss_users WHERE id = '$id' AND id != " . $_SESSION["uid"]); + + } + } + } else if ($subop == "add") { + + if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { + + $login = db_escape_string($_GET["login"]); + $tmp_user_pwd = make_password(8); + $pwd_hash = 'SHA1:' . sha1($tmp_user_pwd); + + db_query($link, "INSERT INTO ttrss_users (login,pwd_hash,access_level) + VALUES ('$login', '$pwd_hash', 0)"); + + + $result = db_query($link, "SELECT id FROM ttrss_users WHERE + login = '$login' AND pwd_hash = '$pwd_hash'"); + + if (db_num_rows($result) == 1) { + + $new_uid = db_fetch_result($result, 0, "id"); + + print "
Added user ".$_GET["login"]. + " with password $tmp_user_pwd.
"; + + initialize_user($link, $new_uid); + + } else { + + print "
Error while adding user ". + $_GET["login"].".
"; + + } + } + } else if ($subop == "resetPass") { + + if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { + + $uid = db_escape_string($_GET["id"]); + + $result = db_query($link, "SELECT login FROM ttrss_users WHERE id = '$uid'"); + + $login = db_fetch_result($result, 0, "login"); + $tmp_user_pwd = make_password(8); + $pwd_hash = 'SHA1:' . sha1($tmp_user_pwd); + + db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash' + WHERE id = '$uid'"); + + print "
Changed password of + user $login to $tmp_user_pwd.
"; + + } + } + + print " + "; + + print" +
+ Add user
"; + + $result = db_query($link, "SELECT + id,login,access_level + FROM + ttrss_users + ORDER by login"); + + print "

"; + + print " + + "; + + $lnum = 0; + + while ($line = db_fetch_assoc($result)) { + + $class = ($lnum % 2) ? "even" : "odd"; + + $uid = $line["id"]; + $edit_uid = $_GET["id"]; + + if ($uid == $_SESSION["uid"] || ($subop == "edit" && $uid != $edit_uid)) { + $class .= "Grayed"; + } + + print ""; + + $line["login"] = htmlspecialchars($line["login"]); + + if ($uid == $_SESSION["uid"]) { + + print ""; + + print ""; + print ""; + + + } else if (!$edit_uid || $subop != "edit") { + + print ""; + + print ""; + + print ""; + + } else if ($uid != $edit_uid) { + + print ""; + + print ""; + print ""; + + } else { + + print ""; + + print ""; + + print ""; + + } + + + print ""; + + ++$lnum; + } + + print "
SelectLogin + Access Level
".$line["login"]."".$line["access_level"]."" . + $line["login"] . "" . + $line["access_level"] . "".$line["login"]."".$line["access_level"]."
"; + + print "

"; + + if ($subop == "edit") { + print "Edit label: + + "; + + } else { + + print " + Selection: + + + "; + } + } + + db_close($link); ?> -- cgit v1.2.3