link); if (method_exists($authenticator, "change_password")) { print $authenticator->change_password($_SESSION["uid"], $old_pw, $new_pw); } else { print "ERROR: ".__("Function not supported by authentication module."); } } function saveconfig() { $_SESSION["prefs_cache"] = false; $orig_theme = get_pref($this->link, "_THEME_ID"); foreach (array_keys($_POST) as $pref_name) { $pref_name = db_escape_string($pref_name); $value = db_escape_string($_POST[$pref_name]); if ($pref_name == 'DIGEST_PREFERRED_TIME') { if (get_pref($this->link, 'DIGEST_PREFERRED_TIME') != $value) { db_query($this->link, "UPDATE ttrss_users SET last_digest_sent = NULL WHERE id = " . $_SESSION['uid']); } } set_pref($this->link, $pref_name, $value); } if ($orig_theme != get_pref($this->link, "_THEME_ID")) { print "PREFS_THEME_CHANGED"; } else { print __("The configuration was saved."); } } function getHelp() { $pref_name = db_escape_string($_REQUEST["pn"]); $result = db_query($this->link, "SELECT help_text FROM ttrss_prefs WHERE pref_name = '$pref_name'"); if (db_num_rows($result) > 0) { $help_text = db_fetch_result($result, 0, "help_text"); print $help_text; } else { printf(__("Unknown option: %s"), $pref_name); } } function changeemail() { $email = db_escape_string($_POST["email"]); $full_name = db_escape_string($_POST["full_name"]); $active_uid = $_SESSION["uid"]; db_query($this->link, "UPDATE ttrss_users SET email = '$email', full_name = '$full_name' WHERE id = '$active_uid'"); print __("Your personal data has been saved."); return; } function resetconfig() { $_SESSION["prefs_op_result"] = "reset-to-defaults"; if ($_SESSION["profile"]) { $profile_qpart = "profile = '" . $_SESSION["profile"] . "'"; } else { $profile_qpart = "profile IS NULL"; } db_query($this->link, "DELETE FROM ttrss_user_prefs WHERE $profile_qpart AND owner_uid = ".$_SESSION["uid"]); initialize_user_prefs($this->link, $_SESSION["uid"], $_SESSION["profile"]); print "PREFS_THEME_CHANGED"; } function index() { global $access_level_names; $prefs_blacklist = array("HIDE_READ_FEEDS", "FEEDS_SORT_BY_UNREAD", "STRIP_UNSAFE_TAGS"); $profile_blacklist = array("ALLOW_DUPLICATE_POSTS", "PURGE_OLD_DAYS", "PURGE_UNREAD_ARTICLES", "DIGEST_ENABLE", "DIGEST_CATCHUP", "BLACKLISTED_TAGS", "ENABLE_API_ACCESS", "UPDATE_POST_ON_CHECKSUM_CHANGE", "DEFAULT_UPDATE_INTERVAL", "USER_TIMEZONE", "SORT_HEADLINES_BY_FEED_DATE", "SSL_CERT_SERIAL", "DIGEST_PREFERRED_TIME"); $_SESSION["prefs_op_result"] = ""; print "
"; print "
"; print "
"; print ""; print ""; print "

" . __("Personal data") . "

"; $result = db_query($this->link, "SELECT email,full_name,otp_enabled, access_level FROM ttrss_users WHERE id = ".$_SESSION["uid"]); $email = htmlspecialchars(db_fetch_result($result, 0, "email")); $full_name = htmlspecialchars(db_fetch_result($result, 0, "full_name")); $otp_enabled = sql_bool_to_bool(db_fetch_result($result, 0, "otp_enabled")); print ""; print ""; print ""; print ""; if (!SINGLE_USER_MODE && !$_SESSION["hide_hello"]) { $access_level = db_fetch_result($result, 0, "access_level"); print ""; print ""; } print "
".__('Full name')."
".__('E-mail')."
".__('Access level')."" . $access_level_names[$access_level] . "
"; print ""; print ""; print "

"; print "

"; if ($_SESSION["auth_module"]) { $module_class = "auth_" . $_SESSION["auth_module"]; $authenticator = new $module_class($this->link); } else { $authenticator = false; } if ($authenticator && method_exists($authenticator, "change_password")) { print "

" . __("Password") . "

"; $result = db_query($this->link, "SELECT id FROM ttrss_users WHERE id = ".$_SESSION["uid"]." AND pwd_hash = 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'"); if (db_num_rows($result) != 0) { print format_warning(__("Your password is at default value, please change it."), "default_pass_warning"); } print "
"; print ""; if ($otp_enabled) { print_notice("Changing your current password will disable OTP."); } print ""; print ""; print ""; print ""; print ""; print ""; print ""; print "
".__("Old password")."
".__("New password")."
".__("Confirm password")."
"; print ""; print ""; print "

"; print "

"; if (version_compare(PHP_VERSION, '5.3.0') >= 0 && $_SESSION["auth_module"] == "internal") { print "

" . __("One time passwords / Authenticator") . "

"; if ($otp_enabled) { print_notice("One time passwords are currently enabled. Enter your current password below to disable."); print "
"; print ""; print ""; print ""; print ""; print "
".__("Enter your password")."
"; print ""; print ""; print "

"; print "

"; } else { print "

".__("You will need a compatible Authenticator to use this. Changing your password would automatically disable OTP.") . "

"; print "

".__("Scan the following code by the Authenticator application:")."

"; $csrf_token = $_SESSION["csrf_token"]; print ""; print "
"; print ""; print ""; print ""; print ""; print ""; print ""; print ""; print "
".__("Enter your password")."
"; print " "; print ""; print "
"; print "
"; print "

"; print "

"; } } } print "
"; #pane print "
"; print "
"; print ""; print '
'; print '
'; if ($_SESSION["profile"]) { print_notice("Some preferences are only available in default profile."); } if ($_SESSION["profile"]) { initialize_user_prefs($this->link, $_SESSION["uid"], $_SESSION["profile"]); $profile_qpart = "profile = '" . $_SESSION["profile"] . "'"; } else { initialize_user_prefs($this->link, $_SESSION["uid"]); $profile_qpart = "profile IS NULL"; } if ($_SESSION["prefs_show_advanced"]) $access_query = "true"; else $access_query = "(access_level = 0 AND section_id != 3)"; $result = db_query($this->link, "SELECT DISTINCT ttrss_user_prefs.pref_name,short_desc,help_text,value,type_name, ttrss_prefs_sections.order_id, section_name,def_value,section_id FROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs WHERE type_id = ttrss_prefs_types.id AND $profile_qpart AND section_id = ttrss_prefs_sections.id AND ttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND $access_query AND short_desc != '' AND owner_uid = ".$_SESSION["uid"]." ORDER BY ttrss_prefs_sections.order_id,short_desc"); $lnum = 0; $active_section = ""; while ($line = db_fetch_assoc($result)) { if (in_array($line["pref_name"], $prefs_blacklist)) { continue; } if ($_SESSION["profile"] && in_array($line["pref_name"], $profile_blacklist)) { continue; } if ($active_section != $line["section_name"]) { if ($active_section != "") { print ""; } print ""; $active_section = $line["section_name"]; print ""; if ($line["section_id"] == 2) { print ""; $user_theme = get_pref($this->link, "_THEME_ID"); $themes = get_all_themes(); print ""; } $lnum = 0; } print ""; $type_name = $line["type_name"]; $pref_name = $line["pref_name"]; $value = $line["value"]; $def_value = $line["def_value"]; $help_text = $line["help_text"]; print ""; print ""; print ""; $lnum++; } print "

".__($active_section)."

".__("Select theme")."
" . __($line["short_desc"]); if ($help_text) print "
".__($help_text)."
"; print "
"; if ($pref_name == "USER_TIMEZONE") { $timezones = explode("\n", file_get_contents("lib/timezones.txt")); print_select($pref_name, $value, $timezones, 'dojoType="dijit.form.FilteringSelect"'); } else if ($pref_name == "USER_STYLESHEET") { print ""; } else if ($pref_name == "DEFAULT_ARTICLE_LIMIT") { $limits = array(15, 30, 45, 60); print_select($pref_name, $value, $limits, 'dojoType="dijit.form.Select"'); } else if ($pref_name == "DEFAULT_UPDATE_INTERVAL") { global $update_intervals_nodefault; print_select_hash($pref_name, $value, $update_intervals_nodefault, 'dojoType="dijit.form.Select"'); } else if ($type_name == "bool") { if ($value == "true") { $value = __("Yes"); } else { $value = __("No"); } if ($pref_name == "PURGE_UNREAD_ARTICLES" && FORCE_ARTICLE_PURGE != 0) { $disabled = "disabled=\"1\""; $value = __("Yes"); } else { $disabled = ""; } print_radio($pref_name, $value, __("Yes"), array(__("Yes"), __("No")), $disabled); } else if (array_search($pref_name, array('FRESH_ARTICLE_MAX_AGE', 'DEFAULT_ARTICLE_LIMIT', 'PURGE_OLD_DAYS', 'LONG_DATE_FORMAT', 'SHORT_DATE_FORMAT')) !== false) { $regexp = ($type_name == 'integer') ? 'regexp="^\d*$"' : ''; if ($pref_name == "PURGE_OLD_DAYS" && FORCE_ARTICLE_PURGE != 0) { $disabled = "disabled=\"1\""; $value = FORCE_ARTICLE_PURGE; } else { $disabled = ""; } print ""; } else if ($pref_name == "SSL_CERT_SERIAL") { print ""; $cert_serial = htmlspecialchars(get_ssl_certificate_id()); $has_serial = ($cert_serial) ? "false" : "true"; print " "; print " "; } else if ($pref_name == 'DIGEST_PREFERRED_TIME') { print "
". T_sprintf("Current server time: %s (UTC)", date("H:i")) . "
"; } else { $regexp = ($type_name == 'integer') ? 'regexp="^\d*$"' : ''; print ""; } print "
"; print '
'; # inside pane print '
'; print ""; print ""; print " "; print " "; print ""; print " "; $checked = $_SESSION["prefs_show_advanced"] ? "checked='1'" : ""; print " "; print '
'; # inner pane print '
'; # border container print "
"; print "
"; #pane if (($_SESSION["access_level"] >= 10 || SINGLE_USER_MODE) && CHECK_FOR_NEW_VERSION) { print "
"; if ($_SESSION["pref_last_version_check"] + 86400 + rand(-1000, 1000) < time()) { $_SESSION["version_data"] = @check_for_update($this->link); $_SESSION["pref_last_version_check"] = time(); } if (is_array($_SESSION["version_data"])) { $version = $_SESSION["version_data"]["version"]; print_notice(T_sprintf("New version of Tiny Tiny RSS is available (%s).", "$version")); print "

"; } else { print_notice(__("Your Tiny Tiny RSS installation is up to date.")); } print "
"; #pane } print "
"; #container } function updateSelf() { print "
"; print "
".__("Do not close this dialog until updating is finished. Backup your tt-rss directory before continuing.")."
"; print ""; print "
"; print ""; print ""; print "
"; print "
"; } function performUpdate() { $step = (int) $_REQUEST["step"]; $params = json_decode($_REQUEST["params"], true); $force = (bool) $_REQUEST["force"]; if (($_SESSION["access_level"] >= 10 || SINGLE_USER_MODE) && CHECK_FOR_NEW_VERSION) { include "update_self.php"; print json_encode(update_self_step($this->link, $step, $params, $force)); } } function toggleAdvanced() { $_SESSION["prefs_show_advanced"] = !$_SESSION["prefs_show_advanced"]; } function otpqrcode() { require_once "lib/otphp/vendor/base32.php"; require_once "lib/otphp/lib/otp.php"; require_once "lib/otphp/lib/totp.php"; require_once "lib/phpqrcode/phpqrcode.php"; $result = db_query($this->link, "SELECT login,salt,otp_enabled FROM ttrss_users WHERE id = ".$_SESSION["uid"]); $base32 = new Base32(); $login = db_fetch_result($result, 0, "login"); $otp_enabled = sql_bool_to_bool(db_fetch_result($result, 0, "otp_enabled")); if (!$otp_enabled) { $secret = $base32->encode(sha1(db_fetch_result($result, 0, "salt"))); $topt = new \OTPHP\TOTP($secret); print QRcode::png($topt->provisioning_uri($login)); } } function otpenable() { $password = db_escape_string($_REQUEST["password"]); $module_class = "auth_" . $_SESSION["auth_module"]; $authenticator = new $module_class($this->link); $enable_otp = $_REQUEST["enable_otp"] == "on"; if ($authenticator->check_password($_SESSION["uid"], $password)) { if ($enable_otp) { db_query($this->link, "UPDATE ttrss_users SET otp_enabled = true WHERE id = " . $_SESSION["uid"]); print "OK"; } } else { print "ERROR: ".__("Incorrect password"); } } function otpdisable() { $password = db_escape_string($_REQUEST["password"]); $module_class = "auth_" . $_SESSION["auth_module"]; $authenticator = new $module_class($this->link); if ($authenticator->check_password($_SESSION["uid"], $password)) { db_query($this->link, "UPDATE ttrss_users SET otp_enabled = false WHERE id = " . $_SESSION["uid"]); print "OK"; } else { print "ERROR: ".__("Incorrect password"); } } } ?>