From 2547ece0cacb7080060ad3bc32b879fee6b52230 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Sun, 14 Feb 2021 14:59:22 +0300
Subject: pref-users: cleanup index

---
 classes/pref/users.php | 214 +++++++++++++++++++++----------------------------
 1 file changed, 93 insertions(+), 121 deletions(-)

(limited to 'classes/pref/users.php')
diff --git a/classes/pref/users.php b/classes/pref/users.php
index 5c622a9b1..0454a1292 100644
--- a/classes/pref/users.php
+++ b/classes/pref/users.php
@@ -251,12 +251,8 @@ class Pref_Users extends Handler_Protected {
 					print T_sprintf("Added user %s with password %s",
 						$login, $tmp_user_pwd);
 
-					$this->initialize_user($new_uid);
-
 				} else {
-
 					print T_sprintf("Could not create user %s", $login);
-
 				}
 			} else {
 				print T_sprintf("User %s already exists.", $login);
@@ -303,10 +299,6 @@ class Pref_Users extends Handler_Protected {
 
 			global $access_level_names;
 
-			print "<div dojoType='dijit.layout.BorderContainer' gutters='false'>";
-			print "<div style='padding : 0px' dojoType='dijit.layout.ContentPane' region='top'>";
-			print "<div dojoType='fox.Toolbar'>";
-
 			$user_search = clean($_REQUEST["search"] ?? "");
 
 			if (array_key_exists("search", $_REQUEST)) {
@@ -315,137 +307,117 @@ class Pref_Users extends Handler_Protected {
 				$user_search = ($_SESSION["prefs_user_search"] ?? "");
 			}
 
-			print "<div style='float : right; padding-right : 4px;'>
-				<input dojoType='dijit.form.TextBox' id='user_search' size='20' type='search'
-					value=\"$user_search\">
-				<button dojoType='dijit.form.Button' onclick='Users.reload()'>".
-					__('Search')."</button>
-				</div>";
-
 			$sort = clean($_REQUEST["sort"] ?? "");
 
 			if (!$sort || $sort == "undefined") {
 				$sort = "login";
 			}
 
-			print "<div dojoType='fox.form.DropDownButton'>".
-					"<span>" . __('Select')."</span>";
-			print "<div dojoType='dijit.Menu' style='display: none'>";
-			print "<div onclick=\"Tables.select('users-list', true)\"
-				dojoType='dijit.MenuItem'>".__('All')."</div>";
-			print "<div onclick=\"Tables.select('users-list', false)\"
-				dojoType='dijit.MenuItem'>".__('None')."</div>";
-			print "</div></div>";
-
-			print "<button dojoType='dijit.form.Button' onclick='Users.add()'>".__('Create user')."</button>";
-
-			print "
-				<button dojoType='dijit.form.Button' onclick='Users.editSelected()'>".
-				__('Edit')."</button dojoType=\"dijit.form.Button\">
-				<button dojoType='dijit.form.Button' onclick='Users.removeSelected()'>".
-				__('Remove')."</button dojoType=\"dijit.form.Button\">
-				<button dojoType='dijit.form.Button' onclick='Users.resetSelected()'>".
-				__('Reset password')."</button dojoType=\"dijit.form.Button\">";
-
-			PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "prefUsersToolbar");
-
-			print "</div>"; #toolbar
-			print "</div>"; #pane
-			print "<div style='padding : 0px' dojoType='dijit.layout.ContentPane' region='center'>";
-
 			$sort = $this->validate_field($sort,
 				["login", "access_level", "created", "num_feeds", "created", "last_login"], "login");
 
 			if ($sort != "login") $sort = "$sort DESC";
 
-			$sth = $this->pdo->prepare("SELECT
-					tu.id,
-					login,access_level,email,
-					".SUBSTRING_FOR_DATE."(last_login,1,16) as last_login,
-					".SUBSTRING_FOR_DATE."(created,1,16) as created,
-					(SELECT COUNT(id) FROM ttrss_feeds WHERE owner_uid = tu.id) AS num_feeds
-				FROM
-					ttrss_users tu
-				WHERE
-					(:search = '' OR login LIKE :search) AND tu.id > 0
-				ORDER BY $sort");
-			$sth->execute([":search" => $user_search ? "%$user_search%" : ""]);
-
-			print "<table width='100%' class='users-list' id='users-list'>";
-
-			print "<tr class='title'>
-						<td align='center' width='5%'>&nbsp;</td>
-						<td width='20%'><a href='#' onclick=\"Users.reload('login')\">".__('Login')."</a></td>
-						<td width='20%'><a href='#' onclick=\"Users.reload('access_level')\">".__('Access Level')."</a></td>
-						<td width='10%'><a href='#' onclick=\"Users.reload('num_feeds')\">".__('Subscribed feeds')."</a></td>
-						<td width='20%'><a href='#' onclick=\"Users.reload('created')\">".__('Registered')."</a></td>
-						<td width='20%'><a href='#' onclick=\"Users.reload('last_login')\">".__('Last login')."</a></td></tr>";
-
-			$lnum = 0;
-
-			while ($line = $sth->fetch()) {
-
-				$uid = $line["id"];
-
-				print "<tr data-row-id='$uid' onclick='Users.edit($uid)'>";
-
-				$line["login"] = htmlspecialchars($line["login"]);
-				$line["created"] = TimeHelper::make_local_datetime($line["created"], false);
-				$line["last_login"] = TimeHelper::make_local_datetime($line["last_login"], false);
-
-				print "<td align='center'><input onclick='Tables.onRowChecked(this); event.stopPropagation();'
-					dojoType='dijit.form.CheckBox' type='checkbox'></td>";
-
-				print "<td title='".__('Click to edit')."'><i class='material-icons'>person</i> " . $line["login"] . "</td>";
-
-				print "<td>" .	$access_level_names[$line["access_level"]] . "</td>";
-				print "<td>" . $line["num_feeds"] . "</td>";
-				print "<td>" . $line["created"] . "</td>";
-				print "<td>" . $line["last_login"] . "</td>";
-
-				print "</tr>";
-
-				++$lnum;
-			}
-
-			print "</table>";
-
-			if ($lnum == 0) {
-				if (!$user_search) {
-					print_warning(__('No users defined.'));
-				} else {
-					print_warning(__('No matching users found.'));
-				}
-			}
-
-			print "</div>"; #pane
-
-			PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB, "prefUsers");
-
-			print "</div>"; #container
-
-		}
+			?>
+
+			<div dojoType='dijit.layout.BorderContainer' gutters='false'>
+				<div style='padding : 0px' dojoType='dijit.layout.ContentPane' region='top'>
+					<div dojoType='fox.Toolbar'>
+
+						<div style='float : right'>
+							<input dojoType='dijit.form.TextBox' id='user_search' size='20' type='search'
+								value="<?= htmlspecialchars($user_search) ?>">
+							<button dojoType='dijit.form.Button' onclick='Users.reload()'>
+								<?= __('Search') ?>
+							</button>
+						</div>
+
+						<div dojoType='fox.form.DropDownButton'>
+							<span><?= __('Select') ?></span>
+							<div dojoType='dijit.Menu' style='display: none'>
+								<div onclick="Tables.select('users-list', true)"
+									dojoType='dijit.MenuItem'><?= __('All') ?></div>
+								<div onclick="Tables.select('users-list', false)"
+									dojoType='dijit.MenuItem'><?= __('None') ?></div>
+								</div>
+							</div>
+
+						<button dojoType='dijit.form.Button' onclick='Users.add()'>
+							<?= __('Create user') ?>
+						</button>
+
+						<button dojoType='dijit.form.Button' onclick='Users.editSelected()'>
+							<?= __('Edit') ?>
+						</button dojoType="dijit.form.Button">
+
+						<button dojoType='dijit.form.Button' onclick='Users.removeSelected()'>
+							<?= __('Remove') ?>
+						</button>
+
+						<button dojoType='dijit.form.Button' onclick='Users.resetSelected()'>
+							<?= __('Reset password') ?>
+						</button>
+
+						<?php PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "prefUsersToolbar") ?>
+
+					</div>
+				</div>
+				<div style='padding : 0px' dojoType='dijit.layout.ContentPane' region='center'>
+
+					<table width='100%' class='users-list' id='users-list'>
+
+						<tr class='title'>
+							<td align='center' width='5%'> </td>
+							<td width='20%'><a href='#' onclick="Users.reload('login')"><?= ('Login') ?></a></td>
+							<td width='20%'><a href='#' onclick="Users.reload('access_level')"><?= ('Access Level') ?></a></td>
+							<td width='10%'><a href='#' onclick="Users.reload('num_feeds')"><?= ('Subscribed feeds') ?></a></td>
+							<td width='20%'><a href='#' onclick="Users.reload('created')"><?= ('Registered') ?></a></td>
+							<td width='20%'><a href='#' onclick="Users.reload('last_login')"><?= ('Last login') ?></a></td>
+						</tr>
+
+						<?php
+							$sth = $this->pdo->prepare("SELECT
+									tu.id,
+									login,access_level,email,
+									".SUBSTRING_FOR_DATE."(last_login,1,16) as last_login,
+									".SUBSTRING_FOR_DATE."(created,1,16) as created,
+									(SELECT COUNT(id) FROM ttrss_feeds WHERE owner_uid = tu.id) AS num_feeds
+								FROM
+									ttrss_users tu
+								WHERE
+									(:search = '' OR login LIKE :search) AND tu.id > 0
+								ORDER BY $sort");
+							$sth->execute([":search" => $user_search ? "%$user_search%" : ""]);
+
+							while ($row = $sth->fetch()) { ?>
+
+								<tr data-row-id='<?= $row["id"] ?>' onclick='Users.edit(<?= $row["id"] ?>)' title="<?= __('Click to edit') ?>">
+									<td align='center'>
+										<input onclick='Tables.onRowChecked(this); event.stopPropagation();'
+										dojoType='dijit.form.CheckBox' type='checkbox'>
+									</td>
+
+									<td><i class='material-icons'>person</i> <?= htmlspecialchars($row["login"]) ?></td>
+									<td><?= $access_level_names[$row["access_level"]] ?></td>
+									<td><?= $row["num_feeds"] ?></td>
+									<td><?= TimeHelper::make_local_datetime($row["created"], false) ?></td>
+									<td><?= TimeHelper::make_local_datetime($row["last_login"], false) ?></td>
+								</tr>
+						<?php } ?>
+					</table>
+				</div>
+				<?php PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB, "prefUsers") ?>
+			</div>
+		<?php
+	}
 
-		function validate_field($string, $allowed, $default = "") {
+	function validate_field($string, $allowed, $default = "") {
 			if (in_array($string, $allowed))
 				return $string;
 			else
 				return $default;
 		}
 
-	// this is called after user is created to initialize default feeds, labels
-	// or whatever else
-	// user preferences are checked on every login, not here
-	static function initialize_user($uid) {
-
-		$pdo = Db::pdo();
-
-		$sth = $pdo->prepare("insert into ttrss_feeds (owner_uid,title,feed_url)
-			values (?, 'Tiny Tiny RSS: Forum',
-				'https://tt-rss.org/forum/rss.php')");
-		$sth->execute([$uid]);
-	}
-
 	static function logout_user() {
 		if (session_status() === PHP_SESSION_ACTIVE)
 			session_destroy();
-- 
cgit v1.2.3


From a8cc43a0ff1cf6297577fae8536408287518baf4 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Sun, 14 Feb 2021 15:31:03 +0300
Subject: move logout_user() to UserHelper

---
 classes/pref/users.php | 11 -----------
 1 file changed, 11 deletions(-)

(limited to 'classes/pref/users.php')

diff --git a/classes/pref/users.php b/classes/pref/users.php
index 0454a1292..24d28e62a 100644
--- a/classes/pref/users.php
+++ b/classes/pref/users.php
@@ -418,15 +418,4 @@ class Pref_Users extends Handler_Protected {
 				return $default;
 		}
 
-	static function logout_user() {
-		if (session_status() === PHP_SESSION_ACTIVE)
-			session_destroy();
-
-		if (isset($_COOKIE[session_name()])) {
-		   setcookie(session_name(), '', time()-42000, '/');
-
-		}
-		session_commit();
-	}
-
 }
-- 
cgit v1.2.3


From 0fbf10991237b3f91ee5c77349637d7197a22bdc Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Sun, 14 Feb 2021 15:38:45 +0300
Subject:  * remove users/filters toolbar edit button (just click on it)  * fix
 title of edit filter dialog always showing create filter

---
 classes/pref/users.php | 4 ----
 1 file changed, 4 deletions(-)

(limited to 'classes/pref/users.php')

diff --git a/classes/pref/users.php b/classes/pref/users.php
index 24d28e62a..7adb09ab2 100644
--- a/classes/pref/users.php
+++ b/classes/pref/users.php
@@ -346,10 +346,6 @@ class Pref_Users extends Handler_Protected {
 							<?= __('Create user') ?>
 						</button>
 
-						<button dojoType='dijit.form.Button' onclick='Users.editSelected()'>
-							<?= __('Edit') ?>
-						</button dojoType="dijit.form.Button">
-
 						<button dojoType='dijit.form.Button' onclick='Users.removeSelected()'>
 							<?= __('Remove') ?>
 						</button>
-- 
cgit v1.2.3


From 33ea46c2bc5c91d7767f11c230a941cc635c0e67 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Sun, 14 Feb 2021 15:42:12 +0300
Subject: pref-users/add: remove unused variable

---
 classes/pref/users.php | 2 --
 1 file changed, 2 deletions(-)

(limited to 'classes/pref/users.php')

diff --git a/classes/pref/users.php b/classes/pref/users.php
index 7adb09ab2..9d9ea4d8e 100644
--- a/classes/pref/users.php
+++ b/classes/pref/users.php
@@ -246,8 +246,6 @@ class Pref_Users extends Handler_Protected {
 
 				if ($new_uid = UserHelper::find_user_by_login($login)) {
 
-					$new_uid = $row['id'];
-
 					print T_sprintf("Added user %s with password %s",
 						$login, $tmp_user_pwd);
 
-- 
cgit v1.2.3


From 0b7377238a556708035b0cd51a9e58693fb648f6 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Sun, 14 Feb 2021 15:50:46 +0300
Subject: add Handler_Administrative

---
 classes/pref/users.php | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

(limited to 'classes/pref/users.php')

diff --git a/classes/pref/users.php b/classes/pref/users.php
index 9d9ea4d8e..b34f85d88 100644
--- a/classes/pref/users.php
+++ b/classes/pref/users.php
@@ -1,16 +1,5 @@
 <?php
-class Pref_Users extends Handler_Protected {
-		function before($method) {
-			if (parent::before($method)) {
-				if ($_SESSION["access_level"] < 10) {
-					print __("Your access level is insufficient to open this tab.");
-					return false;
-				}
-				return true;
-			}
-			return false;
-		}
-
+class Pref_Users extends Handler_Administrative {
 		function csrf_ignore($method) {
 			$csrf_ignored = array("index", "userdetails");
 
-- 
cgit v1.2.3


From 4996d8ccfed98a5052413cdc4f4b9192fac04a89 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Sun, 14 Feb 2021 16:44:41 +0300
Subject: pref-users edit: use client dialog

---
 classes/pref/users.php | 112 +++++++------------------------------------------
 1 file changed, 16 insertions(+), 96 deletions(-)

(limited to 'classes/pref/users.php')

diff --git a/classes/pref/users.php b/classes/pref/users.php
index b34f85d88..bc125d0ce 100644
--- a/classes/pref/users.php
+++ b/classes/pref/users.php
@@ -1,7 +1,7 @@
 <?php
 class Pref_Users extends Handler_Administrative {
 		function csrf_ignore($method) {
-			$csrf_ignored = array("index", "userdetails");
+			$csrf_ignored = array("index");
 
 			return array_search($method, $csrf_ignored) !== false;
 		}
@@ -9,105 +9,19 @@ class Pref_Users extends Handler_Administrative {
 		function edit() {
 			global $access_level_names;
 
-			print "<form id='user_edit_form' onsubmit='return false' dojoType='dijit.form.Form'>";
+			$id = (int)clean($_REQUEST["id"]);
 
-			print '<div dojoType="dijit.layout.TabContainer" style="height : 400px">
-        		<div dojoType="dijit.layout.ContentPane" title="'.__('Edit user').'">';
-
-			//print "<form id=\"user_edit_form\" onsubmit='return false' dojoType=\"dijit.form.Form\">";
-
-			$id = (int) clean($_REQUEST["id"]);
-
-			print_hidden("id", "$id");
-			print_hidden("op", "pref-users");
-			print_hidden("method", "editSave");
-
-			$sth = $this->pdo->prepare("SELECT * FROM ttrss_users WHERE id = ?");
+			$sth = $this->pdo->prepare("SELECT id, login, access_level, email FROM ttrss_users WHERE id = ?");
 			$sth->execute([$id]);
 
-			if ($row = $sth->fetch()) {
-
-				$login = $row["login"];
-				$access_level = $row["access_level"];
-				$email = $row["email"];
-
-				$sel_disabled = ($id == $_SESSION["uid"] || $login == "admin") ? "disabled" : "";
-
-				print "<header>".__("User")."</header>";
-				print "<section>";
-
-				if ($sel_disabled) {
-					print_hidden("login", "$login");
-				}
-
-				print "<fieldset>";
-				print "<label>" . __("Login:") . "</label>";
-				print "<input style='font-size : 16px'
-					dojoType='dijit.form.ValidationTextBox' required='1'
-					$sel_disabled name='login' value=\"$login\">";
-				print "</fieldset>";
-
-				print "</section>";
-
-				print "<header>".__("Authentication")."</header>";
-				print "<section>";
-
-				print "<fieldset>";
-
-				print "<label>" . __('Access level: ') . "</label> ";
-
-				if (!$sel_disabled) {
-					print_select_hash("access_level", $access_level, $access_level_names,
-						"dojoType=\"fox.form.Select\" $sel_disabled");
-				} else {
-					print_select_hash("", $access_level, $access_level_names,
-						"dojoType=\"fox.form.Select\" $sel_disabled");
-					print_hidden("access_level", "$access_level");
-				}
-
-				print "</fieldset>";
-				print "<fieldset>";
-
-				print "<label>" . __("New password:") . "</label> ";
-				print "<input dojoType='dijit.form.TextBox' type='password' size='20' placeholder='Change password'
-					name='password'>";
-
-				print "</fieldset>";
-
-				print "</section>";
-
-				print "<header>".__("Options")."</header>";
-				print "<section>";
-
-				print "<fieldset>";
-				print "<label>" . __("E-mail:") . "</label> ";
-				print "<input dojoType='dijit.form.TextBox' size='30' name='email'
-					value=\"$email\">";
-				print "</fieldset>";
-
-				print "</section>";
-
-				print "</table>";
-
+			if ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
+				print json_encode([
+						"user" => $row,
+						"access_level_names" => $access_level_names
+					]);
+			} else {
+				print json_encode(["error" => "USER_NOT_FOUND"]);
 			}
-
-			print '</div>'; #tab
-			print "<div href=\"backend.php?op=pref-users&method=userdetails&id=$id\"
-				dojoType=\"dijit.layout.ContentPane\" title=\"".__('User details')."\">";
-
-			print '</div>';
-			print '</div>';
-
-			print "<footer>
-				<button dojoType='dijit.form.Button' class='alt-primary' type='submit' onclick='App.dialogOf(this).execute()'>".
-				__('Save')."</button>
-				<button dojoType='dijit.form.Button' onclick='App.dialogOf(this).hide()'>".
-				__('Cancel')."</button>
-				</footer>";
-
-			print "</form>";
-
-			return;
 		}
 
 		function userdetails() {
@@ -186,6 +100,12 @@ class Pref_Users extends Handler_Administrative {
 			$email = clean($_REQUEST["email"]);
 			$password = clean($_REQUEST["password"]);
 
+			// no blank usernames
+			if (!$login) return;
+
+			// forbid renaming admin
+			if ($uid == 1) $login = "admin";
+
 			if ($password) {
 				$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
 				$pwd_hash = encrypt_password($password, $salt, true);
-- 
cgit v1.2.3


From 8e79f1717d5270558ffd30c20cc75840b0ecc955 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Mon, 15 Feb 2021 16:07:22 +0300
Subject: prefs: unify naming

---
 classes/pref/users.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'classes/pref/users.php')

diff --git a/classes/pref/users.php b/classes/pref/users.php
index bc125d0ce..d2dd06fd8 100644
--- a/classes/pref/users.php
+++ b/classes/pref/users.php
@@ -166,7 +166,7 @@ class Pref_Users extends Handler_Administrative {
 			}
 		}
 
-		static function resetUserPassword($uid, $format_output = false) {
+		static function _reset_password($uid, $format_output = false) {
 
 			$pdo = Db::pdo();
 
@@ -199,7 +199,7 @@ class Pref_Users extends Handler_Administrative {
 
 		function resetPass() {
 			$uid = clean($_REQUEST["id"]);
-			self::resetUserPassword($uid);
+			self::_reset_password($uid);
 		}
 
 		function index() {
@@ -220,7 +220,7 @@ class Pref_Users extends Handler_Administrative {
 				$sort = "login";
 			}
 
-			$sort = $this->validate_field($sort,
+			$sort = $this->_validate_field($sort,
 				["login", "access_level", "created", "num_feeds", "created", "last_login"], "login");
 
 			if ($sort != "login") $sort = "$sort DESC";
@@ -314,7 +314,7 @@ class Pref_Users extends Handler_Administrative {
 		<?php
 	}
 
-	function validate_field($string, $allowed, $default = "") {
+	private function _validate_field($string, $allowed, $default = "") {
 			if (in_array($string, $allowed))
 				return $string;
 			else
-- 
cgit v1.2.3


From 39604bedef15b7d56c23ce101d5e74a93bc5620c Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Mon, 15 Feb 2021 16:59:54 +0300
Subject: move reset_password to UserHelper

---
 classes/pref/users.php | 34 +---------------------------------
 1 file changed, 1 insertion(+), 33 deletions(-)

(limited to 'classes/pref/users.php')

diff --git a/classes/pref/users.php b/classes/pref/users.php
index d2dd06fd8..ab1694564 100644
--- a/classes/pref/users.php
+++ b/classes/pref/users.php
@@ -166,40 +166,8 @@ class Pref_Users extends Handler_Administrative {
 			}
 		}
 
-		static function _reset_password($uid, $format_output = false) {
-
-			$pdo = Db::pdo();
-
-			$sth = $pdo->prepare("SELECT login FROM ttrss_users WHERE id = ?");
-			$sth->execute([$uid]);
-
-			if ($row = $sth->fetch()) {
-
-				$login = $row["login"];
-
-				$new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
-				$tmp_user_pwd = make_password();
-
-				$pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true);
-
-				$sth = $pdo->prepare("UPDATE ttrss_users
-					  SET pwd_hash = ?, salt = ?, otp_enabled = false
-					WHERE id = ?");
-				$sth->execute([$pwd_hash, $new_salt, $uid]);
-
-				$message = T_sprintf("Changed password of user %s to %s", "<strong>$login</strong>", "<strong>$tmp_user_pwd</strong>");
-
-				if ($format_output)
-					print_notice($message);
-				else
-					print $message;
-
-			}
-		}
-
 		function resetPass() {
-			$uid = clean($_REQUEST["id"]);
-			self::_reset_password($uid);
+			UserHelper::reset_password(clean($_REQUEST["id"]));
 		}
 
 		function index() {
-- 
cgit v1.2.3


From 75435aa960997fb4aa7a13c1a084ab3c53111e73 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Thu, 18 Feb 2021 13:00:20 +0300
Subject: user details: cleanup

---
 classes/pref/users.php | 64 ++++++++++++++++++++++++++++++--------------------
 1 file changed, 39 insertions(+), 25 deletions(-)

(limited to 'classes/pref/users.php')

diff --git a/classes/pref/users.php b/classes/pref/users.php
index ab1694564..5ac6a7990 100644
--- a/classes/pref/users.php
+++ b/classes/pref/users.php
@@ -38,7 +38,6 @@ class Pref_Users extends Handler_Administrative {
 			$sth->execute([$id]);
 
 			if ($row = $sth->fetch()) {
-				print "<table width='100%'>";
 
 				$last_login = TimeHelper::make_local_datetime(
 					$row["last_login"], true);
@@ -48,47 +47,62 @@ class Pref_Users extends Handler_Administrative {
 
 				$stored_articles = $row["stored_articles"];
 
-				print "<tr><td>".__('Registered')."</td><td>$created</td></tr>";
-				print "<tr><td>".__('Last logged in')."</td><td>$last_login</td></tr>";
-
 				$sth = $this->pdo->prepare("SELECT COUNT(id) as num_feeds FROM ttrss_feeds
 					WHERE owner_uid = ?");
 				$sth->execute([$id]);
 				$row = $sth->fetch();
-				$num_feeds = $row["num_feeds"];
 
-				print "<tr><td>".__('Subscribed feeds count')."</td><td>$num_feeds</td></tr>";
-				print "<tr><td>".__('Stored articles')."</td><td>$stored_articles</td></tr>";
+				$num_feeds = $row["num_feeds"];
 
-				print "</table>";
+				?>
 
-				print "<h1>".__('Subscribed feeds')."</h1>";
+				<fieldset>
+					<label><?= __('Registered') ?>:</label>
+					<?= $created ?>
+				</fieldset>
 
-				$sth = $this->pdo->prepare("SELECT id,title,site_url FROM ttrss_feeds
-					WHERE owner_uid = ? ORDER BY title");
-				$sth->execute([$id]);
+				<fieldset>
+					<label><?= __('Last logged in') ?>:</label>
+					<?= $last_login ?>
+				</fieldset>
 
-				print "<ul class=\"panel panel-scrollable list list-unstyled\">";
+				<fieldset>
+					<label><?= __('Subscribed feeds') ?>:</label>
+					<?= $num_feeds ?>
+				</fieldset>
 
-				while ($line = $sth->fetch()) {
+				<fieldset>
+					<label><?= __('Stored articles') ?>:</label>
+					<?= $stored_articles ?>
+				</fieldset>
 
-					$icon_file = ICONS_URL."/".$line["id"].".ico";
-
-					if (file_exists($icon_file) && filesize($icon_file) > 0) {
-						$feed_icon = "<img class=\"icon\" src=\"$icon_file\">";
-					} else {
-						$feed_icon = "<img class=\"icon\" src=\"images/blank_icon.gif\">";
-					}
+				<?php
+					$sth = $this->pdo->prepare("SELECT id,title,site_url FROM ttrss_feeds
+						WHERE owner_uid = ? ORDER BY title");
+					$sth->execute([$id]);
+				?>
 
-					print "<li>$feed_icon&nbsp;<a href=\"".$line["site_url"]."\">".$line["title"]."</a></li>";
+				<ul class="panel panel-scrollable list list-unstyled">
+					<?php while ($row = $sth->fetch()) { ?>
+						<li>
+							<?php
+								$icon_file = ICONS_URL . "/" . $row["id"] . ".ico";
+								$icon = file_exists($icon_file) ? $icon_file : "images/blank_icon.gif";
+							?>
 
-				}
+							<img class="icon" src="<?= $icon_file ?>">
 
-				print "</ul>";
+							<a target="_blank" href="<?= htmlspecialchars($row["site_url"]) ?>">
+								<?= htmlspecialchars($row["title"]) ?>
+							</a>
+						</li>
+					<?php } ?>
+				</ul>
 
+				<?php
 
 			} else {
-				print "<h1>".__('User not found')."</h1>";
+				print_error(__('User not found'));
 			}
 
 		}
-- 
cgit v1.2.3


From 211f699aa0c4211e4ee8a02446d51b9811d0c28c Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Mon, 22 Feb 2021 22:35:27 +0300
Subject: migrate the rest into Config::

---
 classes/pref/users.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'classes/pref/users.php')

diff --git a/classes/pref/users.php b/classes/pref/users.php
index 5ac6a7990..f30abe001 100644
--- a/classes/pref/users.php
+++ b/classes/pref/users.php
@@ -86,7 +86,7 @@ class Pref_Users extends Handler_Administrative {
 					<?php while ($row = $sth->fetch()) { ?>
 						<li>
 							<?php
-								$icon_file = ICONS_URL . "/" . $row["id"] . ".ico";
+								$icon_file = Config::get(Config::ICONS_URL) . "/" . $row["id"] . ".ico";
 								$icon = file_exists($icon_file) ? $icon_file : "images/blank_icon.gif";
 							?>
 
-- 
cgit v1.2.3


From 8d2e3c2528e67f8650c122f014364a34bf690d2a Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Tue, 23 Feb 2021 22:26:07 +0300
Subject: drop errors.php and simplify error handling

---
 classes/pref/users.php | 2 --
 1 file changed, 2 deletions(-)

(limited to 'classes/pref/users.php')

diff --git a/classes/pref/users.php b/classes/pref/users.php
index f30abe001..13f808cb3 100644
--- a/classes/pref/users.php
+++ b/classes/pref/users.php
@@ -19,8 +19,6 @@ class Pref_Users extends Handler_Administrative {
 						"user" => $row,
 						"access_level_names" => $access_level_names
 					]);
-			} else {
-				print json_encode(["error" => "USER_NOT_FOUND"]);
 			}
 		}
 
-- 
cgit v1.2.3


	".__('Login')."	".__('Access Level')."	".__('Subscribed feeds')."	".__('Registered')."	".__('Last login')."
	" . $line["login"] . "	" . $access_level_names[$line["access_level"]] . "	" . $line["num_feeds"] . "	" . $line["created"] . "	" . $line["last_login"] . "
".__('Registered')."	$created
".__('Last logged in')."	$last_login
".__('Subscribed feeds count')."	$num_feeds
".__('Stored articles')."	$stored_articles