user editor improved, some form parameter validation reimplemented for prototyped-forms
This commit is contained in:
parent
a58069db8a
commit
3c5783b726
128
backend.php
128
backend.php
|
@ -81,6 +81,10 @@
|
||||||
1440 => "Daily",
|
1440 => "Daily",
|
||||||
10080 => "Weekly");
|
10080 => "Weekly");
|
||||||
|
|
||||||
|
$access_level_names = array(
|
||||||
|
0 => "User",
|
||||||
|
10 => "Administrator");
|
||||||
|
|
||||||
$script_started = getmicrotime();
|
$script_started = getmicrotime();
|
||||||
|
|
||||||
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
|
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
|
||||||
|
@ -2007,13 +2011,9 @@
|
||||||
|
|
||||||
$edit_cat_id = $_GET["id"];
|
$edit_cat_id = $_GET["id"];
|
||||||
|
|
||||||
if ($subop == "editCat") {
|
if ($subop == "editCat" && $cat_id != $edit_cat_id) {
|
||||||
if ($cat_id != $edit_cat_id) {
|
|
||||||
$class .= "Grayed";
|
$class .= "Grayed";
|
||||||
$this_row_id = "";
|
$this_row_id = "";
|
||||||
} else {
|
|
||||||
$class .= "Selected";
|
|
||||||
}
|
|
||||||
} else {
|
} else {
|
||||||
$this_row_id = "id=\"FCATR-$cat_id\"";
|
$this_row_id = "id=\"FCATR-$cat_id\"";
|
||||||
}
|
}
|
||||||
|
@ -2683,30 +2683,6 @@
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($id == "quickDelFeed") {
|
|
||||||
|
|
||||||
$param = db_escape_string($param);
|
|
||||||
|
|
||||||
$result = db_query($link, "SELECT title FROM ttrss_feeds WHERE id = '$param'");
|
|
||||||
|
|
||||||
if ($result) {
|
|
||||||
|
|
||||||
$f_title = db_fetch_result($result, 0, "title");
|
|
||||||
|
|
||||||
print "Remove current feed (<b>$f_title</b>)?
|
|
||||||
<input class=\"button\"
|
|
||||||
type=\"submit\" onclick=\"javascript:qfdDelete($param)\" value=\"Remove\">
|
|
||||||
<input class=\"button\"
|
|
||||||
type=\"submit\" onclick=\"javascript:closeInfoBox()\"
|
|
||||||
value=\"Cancel\">";
|
|
||||||
} else {
|
|
||||||
print "Error: Feed $param not found.
|
|
||||||
<input class=\"button\"
|
|
||||||
type=\"submit\" onclick=\"javascript:closeInfoBox()\"
|
|
||||||
value=\"Cancel\">";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($id == "search") {
|
if ($id == "search") {
|
||||||
|
|
||||||
print "<div id=\"infoBoxTitle\">Search</div>";
|
print "<div id=\"infoBoxTitle\">Search</div>";
|
||||||
|
@ -3229,16 +3205,78 @@
|
||||||
|
|
||||||
$subop = $_GET["subop"];
|
$subop = $_GET["subop"];
|
||||||
|
|
||||||
|
if ($subop == "edit") {
|
||||||
|
|
||||||
|
$id = db_escape_string($_GET["id"]);
|
||||||
|
|
||||||
|
print "<div id=\"infoBoxTitle\">User editor</div>";
|
||||||
|
|
||||||
|
print "<div class=\"infoBoxContents\">";
|
||||||
|
|
||||||
|
print "<form id=\"user_edit_form\">";
|
||||||
|
|
||||||
|
print "<input type=\"hidden\" name=\"id\" value=\"$id\">";
|
||||||
|
print "<input type=\"hidden\" name=\"op\" value=\"pref-users\">";
|
||||||
|
print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">";
|
||||||
|
|
||||||
|
$result = db_query($link, "SELECT * FROM ttrss_users WHERE id = '$id'");
|
||||||
|
|
||||||
|
$login = db_fetch_result($result, 0, "login");
|
||||||
|
$access_level = db_fetch_result($result, 0, "access_level");
|
||||||
|
$email = db_fetch_result($result, 0, "email");
|
||||||
|
|
||||||
|
print "<table width='100%'>";
|
||||||
|
print "<tr><td>Login:</td><td>
|
||||||
|
<input class=\"iedit\" name=\"login\" value=\"$login\"></td></tr>";
|
||||||
|
|
||||||
|
print "<tr><td>Change password:</td><td>
|
||||||
|
<input class=\"iedit\" name=\"password\"></td></tr>";
|
||||||
|
|
||||||
|
print "<tr><td>E-mail:</td><td>
|
||||||
|
<input class=\"iedit\" name=\"email\" value=\"$email\"></td></tr>";
|
||||||
|
|
||||||
|
$sel_disabled = ($id == $_SESSION["uid"]) ? "disabled" : "";
|
||||||
|
|
||||||
|
print "<tr><td>Access level:</td><td>";
|
||||||
|
print_select_hash("access_level", $access_level, $access_level_names,
|
||||||
|
$sel_disabled);
|
||||||
|
print "</td></tr>";
|
||||||
|
|
||||||
|
print "</table>";
|
||||||
|
|
||||||
|
print "</form>";
|
||||||
|
|
||||||
|
print "<div align='right'>
|
||||||
|
<input class=\"button\"
|
||||||
|
type=\"submit\" onclick=\"javascript:userEditSave()\" value=\"Save\">
|
||||||
|
<input class=\"button\"
|
||||||
|
type=\"submit\" onclick=\"javascript:userEditCancel()\"
|
||||||
|
value=\"Cancel\"></div>";
|
||||||
|
|
||||||
|
print "</div>";
|
||||||
|
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if ($subop == "editSave") {
|
if ($subop == "editSave") {
|
||||||
|
|
||||||
if (!WEB_DEMO_MODE) {
|
if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
|
||||||
|
|
||||||
$login = db_escape_string($_GET["l"]);
|
$login = db_escape_string(trim($_GET["login"]));
|
||||||
$uid = db_escape_string($_GET["id"]);
|
$uid = db_escape_string($_GET["id"]);
|
||||||
$access_level = sprintf("%d", $_GET["al"]);
|
$access_level = sprintf("%d", $_GET["access_level"]);
|
||||||
$email = db_escape_string($_GET["e"]);
|
$email = db_escape_string(trim($_GET["email"]));
|
||||||
|
$password = db_escape_string(trim($_GET["password"]));
|
||||||
|
|
||||||
db_query($link, "UPDATE ttrss_users SET login = '$login',
|
if ($password) {
|
||||||
|
$pwd_hash = 'SHA1:' . sha1($password);
|
||||||
|
$pass_query_part = "pwd_hash = '$pwd_hash', ";
|
||||||
|
print "<div class='notice'>Changed password for user <b>$login</b>.</div>";
|
||||||
|
} else {
|
||||||
|
$pass_query_part = "";
|
||||||
|
}
|
||||||
|
|
||||||
|
db_query($link, "UPDATE ttrss_users SET $pass_query_part login = '$login',
|
||||||
access_level = '$access_level', email = '$email' WHERE id = '$uid'");
|
access_level = '$access_level', email = '$email' WHERE id = '$uid'");
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -3363,10 +3401,9 @@
|
||||||
|
|
||||||
print "<tr class=\"title\">
|
print "<tr class=\"title\">
|
||||||
<td align='center' width=\"5%\"> </td>
|
<td align='center' width=\"5%\"> </td>
|
||||||
<td width='20%'>Login</td>
|
<td width='40%'>Login</td>
|
||||||
<td width='20%'>E-mail</td>
|
<td width='40%'>Access Level</td>
|
||||||
<td width='20%'>Access Level</td>
|
<td width='30%'>Last login</td></tr>";
|
||||||
<td width='20%'>Last login</td></tr>";
|
|
||||||
|
|
||||||
$lnum = 0;
|
$lnum = 0;
|
||||||
|
|
||||||
|
@ -3393,7 +3430,7 @@
|
||||||
|
|
||||||
$access_level_names = array(0 => "User", 10 => "Administrator");
|
$access_level_names = array(0 => "User", 10 => "Administrator");
|
||||||
|
|
||||||
if (!$edit_uid || $subop != "edit") {
|
// if (!$edit_uid || $subop != "edit") {
|
||||||
|
|
||||||
print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"user\");'
|
print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"user\");'
|
||||||
type=\"checkbox\" id=\"UMCHK-$uid\"></td>";
|
type=\"checkbox\" id=\"UMCHK-$uid\"></td>";
|
||||||
|
@ -3403,13 +3440,10 @@
|
||||||
|
|
||||||
if (!$line["email"]) $line["email"] = " ";
|
if (!$line["email"]) $line["email"] = " ";
|
||||||
|
|
||||||
print "<td><a href=\"javascript:editUser($uid);\">" .
|
|
||||||
$line["email"] . "</td>";
|
|
||||||
|
|
||||||
print "<td><a href=\"javascript:editUser($uid);\">" .
|
print "<td><a href=\"javascript:editUser($uid);\">" .
|
||||||
$access_level_names[$line["access_level"]] . "</td>";
|
$access_level_names[$line["access_level"]] . "</td>";
|
||||||
|
|
||||||
} else if ($uid != $edit_uid) {
|
/* } else if ($uid != $edit_uid) {
|
||||||
|
|
||||||
if (!$line["email"]) $line["email"] = " ";
|
if (!$line["email"]) $line["email"] = " ";
|
||||||
|
|
||||||
|
@ -3445,7 +3479,7 @@
|
||||||
print "</select>";
|
print "</select>";
|
||||||
print "</td>";
|
print "</td>";
|
||||||
|
|
||||||
}
|
} */
|
||||||
|
|
||||||
print "<td>".$line["last_login"]."</td>";
|
print "<td>".$line["last_login"]."</td>";
|
||||||
|
|
||||||
|
@ -3458,14 +3492,14 @@
|
||||||
|
|
||||||
print "<p id='userOpToolbar'>";
|
print "<p id='userOpToolbar'>";
|
||||||
|
|
||||||
if ($subop == "edit") {
|
/* if ($subop == "edit") {
|
||||||
print "Edit user:
|
print "Edit user:
|
||||||
<input type=\"submit\" class=\"button\"
|
<input type=\"submit\" class=\"button\"
|
||||||
onclick=\"javascript:userEditSave()\" value=\"Save\">
|
onclick=\"javascript:userEditSave()\" value=\"Save\">
|
||||||
<input type=\"submit\" class=\"button\"
|
<input type=\"submit\" class=\"button\"
|
||||||
onclick=\"javascript:userEditCancel()\" value=\"Cancel\">";
|
onclick=\"javascript:userEditCancel()\" value=\"Cancel\">";
|
||||||
|
|
||||||
} else {
|
} else { */
|
||||||
|
|
||||||
print "
|
print "
|
||||||
Selection:
|
Selection:
|
||||||
|
@ -3478,7 +3512,7 @@
|
||||||
<input type=\"submit\" class=\"button\" disabled=\"true\"
|
<input type=\"submit\" class=\"button\" disabled=\"true\"
|
||||||
onclick=\"javascript:resetSelectedUserPass()\" value=\"Reset password\">";
|
onclick=\"javascript:resetSelectedUserPass()\" value=\"Reset password\">";
|
||||||
|
|
||||||
}
|
// }
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($op == "user-details") {
|
if ($op == "user-details") {
|
||||||
|
|
96
prefs.js
96
prefs.js
|
@ -1,10 +1,8 @@
|
||||||
var xmlhttp = false;
|
var xmlhttp = false;
|
||||||
|
|
||||||
var active_feed = false;
|
|
||||||
var active_feed_cat = false;
|
var active_feed_cat = false;
|
||||||
var active_filter = false;
|
var active_filter = false;
|
||||||
var active_label = false;
|
var active_label = false;
|
||||||
var active_user = false;
|
|
||||||
var active_tab = false;
|
var active_tab = false;
|
||||||
var feed_to_expand = false;
|
var feed_to_expand = false;
|
||||||
|
|
||||||
|
@ -33,18 +31,19 @@ function feedlist_callback() {
|
||||||
container.innerHTML=xmlhttp.responseText;
|
container.innerHTML=xmlhttp.responseText;
|
||||||
selectTab("feedConfig", true);
|
selectTab("feedConfig", true);
|
||||||
|
|
||||||
if (active_feed) {
|
if (active_feed_cat) {
|
||||||
var row = document.getElementById("FEEDR-" + active_feed);
|
var row = document.getElementById("FCATR-" + active_feed_cat);
|
||||||
if (row) {
|
if (row) {
|
||||||
if (!row.className.match("Selected")) {
|
if (!row.className.match("Selected")) {
|
||||||
row.className = row.className + "Selected";
|
row.className = row.className + "Selected";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
var checkbox = document.getElementById("FRCHK-" + active_feed);
|
var checkbox = document.getElementById("FCCHK-" + active_feed_cat);
|
||||||
if (checkbox) {
|
if (checkbox) {
|
||||||
checkbox.checked = true;
|
checkbox.checked = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
notify("");
|
notify("");
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
exception_error("feedlist_callback", e);
|
exception_error("feedlist_callback", e);
|
||||||
|
@ -109,20 +108,6 @@ function userlist_callback() {
|
||||||
var container = document.getElementById('prefContent');
|
var container = document.getElementById('prefContent');
|
||||||
if (xmlhttp.readyState == 4) {
|
if (xmlhttp.readyState == 4) {
|
||||||
container.innerHTML=xmlhttp.responseText;
|
container.innerHTML=xmlhttp.responseText;
|
||||||
|
|
||||||
if (active_user) {
|
|
||||||
var row = document.getElementById("UMRR-" + active_user);
|
|
||||||
if (row) {
|
|
||||||
if (!row.className.match("Selected")) {
|
|
||||||
row.className = row.className + "Selected";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
var checkbox = document.getElementById("UMCHK-" + active_user);
|
|
||||||
|
|
||||||
if (checkbox) {
|
|
||||||
checkbox.checked = true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
notify("");
|
notify("");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -352,11 +337,12 @@ function editUser(id) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
active_user = id;
|
selectTableRowsByIdPrefix('prefUserList', 'UMRR-', 'UMCHK-', false);
|
||||||
|
selectTableRowById('UMRR-'+id, 'UMCHK-'+id, true);
|
||||||
|
|
||||||
xmlhttp.open("GET", "backend.php?op=pref-users&subop=edit&id=" +
|
xmlhttp.open("GET", "backend.php?op=pref-users&subop=edit&id=" +
|
||||||
param_escape(id), true);
|
param_escape(id), true);
|
||||||
xmlhttp.onreadystatechange=userlist_callback;
|
xmlhttp.onreadystatechange=infobox_callback;
|
||||||
xmlhttp.send(null);
|
xmlhttp.send(null);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -386,14 +372,12 @@ function editFeed(feed) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
active_feed = feed;
|
|
||||||
|
|
||||||
// clean selection from all rows & select row being edited
|
// clean selection from all rows & select row being edited
|
||||||
selectTableRowsByIdPrefix('prefFeedList', 'FEEDR-', 'FRCHK-', false);
|
selectTableRowsByIdPrefix('prefFeedList', 'FEEDR-', 'FRCHK-', false);
|
||||||
selectTableRowById('FEEDR-'+feed, 'FRCHK-'+feed, true);
|
selectTableRowById('FEEDR-'+feed, 'FRCHK-'+feed, true);
|
||||||
|
|
||||||
xmlhttp.open("GET", "backend.php?op=pref-feeds&subop=editfeed&id=" +
|
xmlhttp.open("GET", "backend.php?op=pref-feeds&subop=editfeed&id=" +
|
||||||
param_escape(active_feed), true);
|
param_escape(feed), true);
|
||||||
|
|
||||||
xmlhttp.onreadystatechange=infobox_callback;
|
xmlhttp.onreadystatechange=infobox_callback;
|
||||||
xmlhttp.send(null);
|
xmlhttp.send(null);
|
||||||
|
@ -611,8 +595,6 @@ function feedEditCancel() {
|
||||||
|
|
||||||
selectPrefRows('feed', false); // cleanup feed selection
|
selectPrefRows('feed', false); // cleanup feed selection
|
||||||
|
|
||||||
active_feed = false;
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function feedCatEditCancel() {
|
function feedCatEditCancel() {
|
||||||
|
@ -645,8 +627,6 @@ function feedEditSave() {
|
||||||
|
|
||||||
var query = Form.serialize("edit_feed_form");
|
var query = Form.serialize("edit_feed_form");
|
||||||
|
|
||||||
active_feed = false;
|
|
||||||
|
|
||||||
notify("Saving feed...");
|
notify("Saving feed...");
|
||||||
|
|
||||||
xmlhttp.open("POST", "backend.php", true);
|
xmlhttp.open("POST", "backend.php", true);
|
||||||
|
@ -730,14 +710,9 @@ function userEditCancel() {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
active_user = false;
|
selectPrefRows('user', false); // cleanup feed selection
|
||||||
|
|
||||||
// notify("Operation cancelled.");
|
|
||||||
|
|
||||||
xmlhttp.open("GET", "backend.php?op=pref-users", true);
|
|
||||||
xmlhttp.onreadystatechange=userlist_callback;
|
|
||||||
xmlhttp.send(null);
|
|
||||||
|
|
||||||
|
closeInfoBox();
|
||||||
}
|
}
|
||||||
|
|
||||||
function filterEditCancel() {
|
function filterEditCancel() {
|
||||||
|
@ -766,22 +741,18 @@ function labelEditSave() {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
/* var sqlexp = document.getElementById("iedit_expr").value;
|
var sql_exp = document.forms["label_edit_form"].sql_exp.value;
|
||||||
var descr = document.getElementById("iedit_descr").value;
|
var description = document.forms["label_edit_form"].description.value;
|
||||||
|
|
||||||
// notify("Saving label " + sqlexp + ": " + descr);
|
if (sql_exp.length == 0) {
|
||||||
|
alert("SQL Expression cannot be blank.");
|
||||||
if (sqlexp.length == 0) {
|
|
||||||
notify("SQL expression cannot be blank.");
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (descr.length == 0) {
|
if (description.length == 0) {
|
||||||
notify("Caption cannot be blank.");
|
alert("Caption field cannot be blank.");
|
||||||
return;
|
return;
|
||||||
} */
|
}
|
||||||
|
|
||||||
// FIXME: input validation
|
|
||||||
|
|
||||||
notify("Saving label...");
|
notify("Saving label...");
|
||||||
|
|
||||||
|
@ -798,41 +769,25 @@ function labelEditSave() {
|
||||||
|
|
||||||
function userEditSave() {
|
function userEditSave() {
|
||||||
|
|
||||||
var user = active_user;
|
|
||||||
|
|
||||||
if (!xmlhttp_ready(xmlhttp)) {
|
if (!xmlhttp_ready(xmlhttp)) {
|
||||||
printLockingError();
|
printLockingError();
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
var login = document.getElementById("iedit_ulogin").value;
|
var login = document.forms["user_edit_form"].login.value;
|
||||||
var level = document.getElementById("iedit_ulevel");
|
|
||||||
|
|
||||||
level = level[level.selectedIndex].id;
|
|
||||||
|
|
||||||
var email = document.getElementById("iedit_email").value;
|
|
||||||
|
|
||||||
if (login.length == 0) {
|
if (login.length == 0) {
|
||||||
notify("Login cannot be blank.");
|
alert("Login field cannot be blank.");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (level.length == 0) {
|
|
||||||
notify("User level cannot be blank.");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
active_user = false;
|
|
||||||
|
|
||||||
notify("Saving user...");
|
notify("Saving user...");
|
||||||
|
|
||||||
xmlhttp.open("GET", "backend.php?op=pref-users&subop=editSave&id=" +
|
var query = Form.serialize("user_edit_form");
|
||||||
user + "&l=" + param_escape(login) + "&al=" + param_escape(level) +
|
|
||||||
"&e=" + param_escape(email), true);
|
|
||||||
|
|
||||||
|
xmlhttp.open("GET", "backend.php?" + query, true);
|
||||||
xmlhttp.onreadystatechange=userlist_callback;
|
xmlhttp.onreadystatechange=userlist_callback;
|
||||||
xmlhttp.send(null);
|
xmlhttp.send(null);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -843,7 +798,12 @@ function filterEditSave() {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// FIXME: input validation
|
var reg_exp = document.forms["filter_edit_form"].reg_exp.value;
|
||||||
|
|
||||||
|
if (reg_exp.length == 0) {
|
||||||
|
alert("Filter expression field cannot be blank.");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
notify("Saving filter...");
|
notify("Saving filter...");
|
||||||
|
|
||||||
|
@ -1171,11 +1131,9 @@ function selectTab(id, noupdate) {
|
||||||
notify("Loading, please wait...", true);
|
notify("Loading, please wait...", true);
|
||||||
|
|
||||||
// clean up all current selections, just in case
|
// clean up all current selections, just in case
|
||||||
active_feed = false;
|
|
||||||
active_feed_cat = false;
|
active_feed_cat = false;
|
||||||
active_filter = false;
|
active_filter = false;
|
||||||
active_label = false;
|
active_label = false;
|
||||||
active_user = false;
|
|
||||||
|
|
||||||
if (id == "feedConfig") {
|
if (id == "feedConfig") {
|
||||||
updateFeedList();
|
updateFeedList();
|
||||||
|
|
Loading…
Reference in New Issue