From ef8be8ea8da90596d321bc25e88c48121715ed18 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Sun, 1 Oct 2006 11:05:20 +0100 Subject: split backend.php into modules, backend cleanups --- modules/pref-users.php | 325 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 325 insertions(+) create mode 100644 modules/pref-users.php (limited to 'modules/pref-users.php') diff --git a/modules/pref-users.php b/modules/pref-users.php new file mode 100644 index 000000000..6779bc033 --- /dev/null +++ b/modules/pref-users.php @@ -0,0 +1,325 @@ +User editor"; + + print "
"; + + print "
"; + + print ""; + print ""; + print ""; + + $result = db_query($link, "SELECT * FROM ttrss_users WHERE id = '$id'"); + + $login = db_fetch_result($result, 0, "login"); + $access_level = db_fetch_result($result, 0, "access_level"); + $email = db_fetch_result($result, 0, "email"); + + print ""; + print ""; + + print ""; + + print ""; + + $sel_disabled = ($id == $_SESSION["uid"]) ? "disabled" : ""; + + print ""; + + print "
Login: +
Change password: +
E-mail: +
Access level:"; + print_select_hash("access_level", $access_level, $access_level_names, + $sel_disabled); + print "
"; + + print "
"; + + print "
+ +
"; + + print "
"; + + return; + } + + if ($subop == "editSave") { + + if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { + + $login = db_escape_string(trim($_GET["login"])); + $uid = db_escape_string($_GET["id"]); + $access_level = sprintf("%d", $_GET["access_level"]); + $email = db_escape_string(trim($_GET["email"])); + $password = db_escape_string(trim($_GET["password"])); + + if ($password) { + $pwd_hash = 'SHA1:' . sha1($password); + $pass_query_part = "pwd_hash = '$pwd_hash', "; + print "
Changed password for user $login.
"; + } else { + $pass_query_part = ""; + } + + db_query($link, "UPDATE ttrss_users SET $pass_query_part login = '$login', + access_level = '$access_level', email = '$email' WHERE id = '$uid'"); + + } + } else if ($subop == "remove") { + + if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { + + $ids = split(",", db_escape_string($_GET["ids"])); + + foreach ($ids as $id) { + db_query($link, "DELETE FROM ttrss_users WHERE id = '$id' AND id != " . $_SESSION["uid"]); + + } + } + } else if ($subop == "add") { + + if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { + + $login = db_escape_string(trim($_GET["login"])); + $tmp_user_pwd = make_password(8); + $pwd_hash = 'SHA1:' . sha1($tmp_user_pwd); + + $result = db_query($link, "SELECT id FROM ttrss_users WHERE + login = '$login'"); + + if (db_num_rows($result) == 0) { + + db_query($link, "INSERT INTO ttrss_users + (login,pwd_hash,access_level,last_login) + VALUES ('$login', '$pwd_hash', 0, NOW())"); + + + $result = db_query($link, "SELECT id FROM ttrss_users WHERE + login = '$login' AND pwd_hash = '$pwd_hash'"); + + if (db_num_rows($result) == 1) { + + $new_uid = db_fetch_result($result, 0, "id"); + + print "
Added user ".$_GET["login"]. + " with password $tmp_user_pwd.
"; + + initialize_user($link, $new_uid); + + } else { + + print "
Could not create user ". + $_GET["login"]."
"; + + } + } else { + print "
User ". + $_GET["login"]." already exists.
"; + } + } + } else if ($subop == "resetPass") { + + if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { + + $uid = db_escape_string($_GET["id"]); + + $result = db_query($link, "SELECT login,email + FROM ttrss_users WHERE id = '$uid'"); + + $login = db_fetch_result($result, 0, "login"); + $email = db_fetch_result($result, 0, "email"); + $tmp_user_pwd = make_password(8); + $pwd_hash = 'SHA1:' . sha1($tmp_user_pwd); + + db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash' + WHERE id = '$uid'"); + + print "
Changed password of + user $login to $tmp_user_pwd."; + + if (MAIL_RESET_PASS && $email) { + print " Notifying $email."; + + mail("$login <$email>", "Password reset notification", + "Hi, $login.\n". + "\n". + "Your password for this TT-RSS installation was reset by". + " an administrator.\n". + "\n". + "Your new password is $tmp_user_pwd, please remember". + " it for later reference.\n". + "\n". + "Sincerely, TT-RSS Mail Daemon.", "From: " . MAIL_FROM); + } + + print "
"; + + } + } + + $sort = db_escape_string($_GET["sort"]); + + if (!$sort || $sort == "undefined") { + $sort = "login"; + } + + print "
+  "; + + print "
"; + + $result = db_query($link, "SELECT + id,login,access_level,email, + SUBSTRING(last_login,1,16) as last_login + FROM + ttrss_users + ORDER BY $sort"); + +// print "
PLACEHOLDER
"; + + print "

"; + + print " + + + + "; + + $lnum = 0; + + while ($line = db_fetch_assoc($result)) { + + $class = ($lnum % 2) ? "even" : "odd"; + + $uid = $line["id"]; + $edit_uid = $_GET["id"]; + + if ($subop == "edit" && $uid != $edit_uid) { + $class .= "Grayed"; + $this_row_id = ""; + } else { + $this_row_id = "id=\"UMRR-$uid\""; + } + + print ""; + + $line["login"] = htmlspecialchars($line["login"]); + + $line["last_login"] = date(get_pref($link, 'SHORT_DATE_FORMAT'), + strtotime($line["last_login"])); + + $access_level_names = array(0 => "User", 10 => "Administrator"); + +// if (!$edit_uid || $subop != "edit") { + + print ""; + + print ""; + + if (!$line["email"]) $line["email"] = " "; + + print ""; + +/* } else if ($uid != $edit_uid) { + + if (!$line["email"]) $line["email"] = " "; + + print ""; + + print ""; + print ""; + print ""; + + } else { + + print ""; + + print ""; + + print ""; + + print ""; + + } */ + + print ""; + + print ""; + + ++$lnum; + } + + print "
+ Select: + All, + None + "; + + print "
 LoginAccess LevelLast login
" . + $line["login"] . "" . + $access_level_names[$line["access_level"]] . "".$line["login"]."".$line["email"]."".$access_level_names[$line["access_level"]]." + "; + print ""; + print "".$line["last_login"]."
"; + + print "

"; + +/* if ($subop == "edit") { + print "Edit user: + + "; + + } else { */ + + print " + Selection: + + + + "; + +// } + } +?> -- cgit v1.2.3