user manager
This commit is contained in:
parent
cd42edf18d
commit
e6cb77a07a
192
backend.php
192
backend.php
|
@ -1009,7 +1009,7 @@
|
|||
|
||||
} else {
|
||||
|
||||
print "<td><input disabled=\"true\" type=\"checkbox\"></td>";
|
||||
print "<td><input disabled=\"true\" type=\"checkbox\" checked></td>";
|
||||
|
||||
print "<td><input id=\"iedit_title\" value=\"$edit_title\"></td>";
|
||||
print "<td><input id=\"iedit_link\" value=\"$edit_link\"></td>";
|
||||
|
@ -1201,7 +1201,7 @@
|
|||
|
||||
} else {
|
||||
|
||||
print "<td><input disabled=\"true\" type=\"checkbox\"></td>";
|
||||
print "<td><input disabled=\"true\" type=\"checkbox\" checked></td>";
|
||||
|
||||
print "<td><input id=\"iedit_regexp\" value=\"".$line["reg_exp"].
|
||||
"\"></td>";
|
||||
|
@ -1356,7 +1356,7 @@
|
|||
|
||||
} else {
|
||||
|
||||
print "<td><input disabled=\"true\" type=\"checkbox\"></td>";
|
||||
print "<td><input disabled=\"true\" type=\"checkbox\" checked></td>";
|
||||
|
||||
print "<td><input id=\"iedit_expr\" value=\"".$line["sql_exp"].
|
||||
"\"></td>";
|
||||
|
@ -1743,6 +1743,192 @@
|
|||
|
||||
}
|
||||
|
||||
if ($op == "pref-users") {
|
||||
|
||||
$subop = $_GET["subop"];
|
||||
|
||||
if ($subop == "editSave") {
|
||||
|
||||
if (!WEB_DEMO_MODE) {
|
||||
|
||||
$login = db_escape_string($_GET["l"]);
|
||||
$uid = db_escape_string($_GET["id"]);
|
||||
$access_level = sprintf("%d", $_GET["al"]);
|
||||
|
||||
db_query($link, "UPDATE ttrss_users SET login = '$login', access_level = '$access_level' WHERE id = '$uid'");
|
||||
|
||||
}
|
||||
} else if ($subop == "remove") {
|
||||
|
||||
if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
|
||||
|
||||
$ids = split(",", $_GET["ids"]);
|
||||
|
||||
foreach ($ids as $id) {
|
||||
db_query($link, "DELETE FROM ttrss_users WHERE id = '$id' AND id != " . $_SESSION["uid"]);
|
||||
|
||||
}
|
||||
}
|
||||
} else if ($subop == "add") {
|
||||
|
||||
if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
|
||||
|
||||
$login = db_escape_string($_GET["login"]);
|
||||
$tmp_user_pwd = make_password(8);
|
||||
$pwd_hash = 'SHA1:' . sha1($tmp_user_pwd);
|
||||
|
||||
db_query($link, "INSERT INTO ttrss_users (login,pwd_hash,access_level)
|
||||
VALUES ('$login', '$pwd_hash', 0)");
|
||||
|
||||
|
||||
$result = db_query($link, "SELECT id FROM ttrss_users WHERE
|
||||
login = '$login' AND pwd_hash = '$pwd_hash'");
|
||||
|
||||
if (db_num_rows($result) == 1) {
|
||||
|
||||
$new_uid = db_fetch_result($result, 0, "id");
|
||||
|
||||
print "<div class=\"notice\">Added user <b>".$_GET["login"].
|
||||
"</b> with password <b>$tmp_user_pwd</b>.</div>";
|
||||
|
||||
initialize_user($link, $new_uid);
|
||||
|
||||
} else {
|
||||
|
||||
print "<div class=\"warning\">Error while adding user <b>".
|
||||
$_GET["login"].".</b></div>";
|
||||
|
||||
}
|
||||
}
|
||||
} else if ($subop == "resetPass") {
|
||||
|
||||
if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
|
||||
|
||||
$uid = db_escape_string($_GET["id"]);
|
||||
|
||||
$result = db_query($link, "SELECT login FROM ttrss_users WHERE id = '$uid'");
|
||||
|
||||
$login = db_fetch_result($result, 0, "login");
|
||||
$tmp_user_pwd = make_password(8);
|
||||
$pwd_hash = 'SHA1:' . sha1($tmp_user_pwd);
|
||||
|
||||
db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash'
|
||||
WHERE id = '$uid'");
|
||||
|
||||
print "<div class=\"notice\">Changed password of
|
||||
user <b>$login</b> to <b>$tmp_user_pwd</b>.</div>";
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
print "<table class=\"prefAddFeed\"><tr>
|
||||
<td><input id=\"uadd_box\"></td>";
|
||||
|
||||
print"<td colspan=\"4\" align=\"right\">
|
||||
<a class=\"button\" href=\"javascript:addUser()\">Add user</a></td></tr>
|
||||
</table>";
|
||||
|
||||
$result = db_query($link, "SELECT
|
||||
id,login,access_level
|
||||
FROM
|
||||
ttrss_users
|
||||
ORDER by login");
|
||||
|
||||
print "<p><table width=\"100%\" class=\"prefUserList\" id=\"prefUserList\">";
|
||||
|
||||
print "<tr class=\"title\">
|
||||
<td width=\"5%\">Select</td><td width='40%'>Login
|
||||
</td>
|
||||
<td width='40%'>Access Level</td></tr>";
|
||||
|
||||
$lnum = 0;
|
||||
|
||||
while ($line = db_fetch_assoc($result)) {
|
||||
|
||||
$class = ($lnum % 2) ? "even" : "odd";
|
||||
|
||||
$uid = $line["id"];
|
||||
$edit_uid = $_GET["id"];
|
||||
|
||||
if ($uid == $_SESSION["uid"] || ($subop == "edit" && $uid != $edit_uid)) {
|
||||
$class .= "Grayed";
|
||||
}
|
||||
|
||||
print "<tr class=\"$class\" id=\"UMRR-$uid\">";
|
||||
|
||||
$line["login"] = htmlspecialchars($line["login"]);
|
||||
|
||||
if ($uid == $_SESSION["uid"]) {
|
||||
|
||||
print "<td><input disabled=\"true\" type=\"checkbox\"
|
||||
id=\"UMCHK-".$line["id"]."\"></td>";
|
||||
|
||||
print "<td>".$line["login"]."</td>";
|
||||
print "<td>".$line["access_level"]."</td>";
|
||||
|
||||
|
||||
} else if (!$edit_uid || $subop != "edit") {
|
||||
|
||||
print "<td><input onclick='toggleSelectRow(this);'
|
||||
type=\"checkbox\" id=\"UMCHK-".$line["id"]."\"></td>";
|
||||
|
||||
print "<td><a href=\"javascript:editUser($uid);\">" .
|
||||
$line["login"] . "</td>";
|
||||
|
||||
print "<td><a href=\"javascript:editUser($uid);\">" .
|
||||
$line["access_level"] . "</td>";
|
||||
|
||||
} else if ($uid != $edit_uid) {
|
||||
|
||||
print "<td><input disabled=\"true\" type=\"checkbox\"
|
||||
id=\"UMCHK-".$line["id"]."\"></td>";
|
||||
|
||||
print "<td>".$line["login"]."</td>";
|
||||
print "<td>".$line["access_level"]."</td>";
|
||||
|
||||
} else {
|
||||
|
||||
print "<td><input disabled=\"true\" type=\"checkbox\" checked></td>";
|
||||
|
||||
print "<td><input id=\"iedit_ulogin\" value=\"".$line["login"].
|
||||
"\"></td>";
|
||||
|
||||
print "<td><input id=\"iedit_ulevel\" value=\"".$line["access_level"].
|
||||
"\"></td>";
|
||||
|
||||
}
|
||||
|
||||
|
||||
print "</tr>";
|
||||
|
||||
++$lnum;
|
||||
}
|
||||
|
||||
print "</table>";
|
||||
|
||||
print "<p>";
|
||||
|
||||
if ($subop == "edit") {
|
||||
print "Edit label:
|
||||
<input type=\"submit\" class=\"button\"
|
||||
onclick=\"javascript:userEditCancel()\" value=\"Cancel\">
|
||||
<input type=\"submit\" class=\"button\"
|
||||
onclick=\"javascript:userEditSave()\" value=\"Save\">";
|
||||
|
||||
} else {
|
||||
|
||||
print "
|
||||
Selection:
|
||||
<input type=\"submit\" class=\"button\"
|
||||
onclick=\"javascript:resetSelectedUserPass()\" value=\"Reset password\">
|
||||
<input type=\"submit\" class=\"button\"
|
||||
onclick=\"javascript:editSelectedUser()\" value=\"Edit\">
|
||||
<input type=\"submit\" class=\"button\"
|
||||
onclick=\"javascript:removeSelectedUsers()\" value=\"Remove\">";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
db_close($link);
|
||||
?>
|
||||
|
||||
|
|
|
@ -553,4 +553,41 @@
|
|||
}
|
||||
}
|
||||
|
||||
function make_password($length = 8) {
|
||||
|
||||
$password = "";
|
||||
$possible = "0123456789bcdfghjkmnpqrstvwxyz";
|
||||
|
||||
$i = 0;
|
||||
|
||||
while ($i < $length) {
|
||||
$char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
|
||||
|
||||
if (!strstr($password, $char)) {
|
||||
$password .= $char;
|
||||
$i++;
|
||||
}
|
||||
}
|
||||
return $password;
|
||||
}
|
||||
|
||||
// this is called after user is created to initialize default feeds, labels
|
||||
// or whatever else
|
||||
|
||||
// user preferences are checked on every login, not here
|
||||
|
||||
function initialize_user($link, $uid) {
|
||||
|
||||
db_query($link, "insert into ttrss_labels (owner_uid,sql_exp,description)
|
||||
values ('$uid','unread = true', 'Unread articles')");
|
||||
|
||||
db_query($link, "insert into ttrss_labels (owner_uid,sql_exp,description)
|
||||
values ('$uid','last_read is null and unread = false', 'Updated articles')");
|
||||
|
||||
db_query($link, "insert into ttrss_feeds (owner_uid,title,feed_url)
|
||||
values ('$uid', 'Tiny Tiny RSS Dev. Feed',
|
||||
'http://bah.spb.su/darcsweb/darcsweb.cgi?r=tt-rss;a=rss')");
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -12,6 +12,7 @@
|
|||
|
||||
if ($login && $password) {
|
||||
if (authenticate_user($link, $login, $password)) {
|
||||
initialize_user_prefs($link, $_SESSION["uid"]);
|
||||
header("Location: tt-rss.php");
|
||||
}
|
||||
}
|
||||
|
|
213
prefs.js
213
prefs.js
|
@ -8,6 +8,7 @@ var xmlhttp = false;
|
|||
var active_feed = false;
|
||||
var active_filter = false;
|
||||
var active_label = false;
|
||||
var active_user = false;
|
||||
|
||||
var active_tab = false;
|
||||
|
||||
|
@ -95,6 +96,28 @@ function labellist_callback() {
|
|||
}
|
||||
}
|
||||
|
||||
function userlist_callback() {
|
||||
var container = document.getElementById('prefContent');
|
||||
if (xmlhttp.readyState == 4) {
|
||||
container.innerHTML=xmlhttp.responseText;
|
||||
|
||||
/* if (active_filter) {
|
||||
var row = document.getElementById("ULRR-" + active_label);
|
||||
if (row) {
|
||||
if (!row.className.match("Selected")) {
|
||||
row.className = row.className + "Selected";
|
||||
}
|
||||
}
|
||||
var checkbox = document.getElementById("LICHK-" + active_label);
|
||||
|
||||
if (checkbox) {
|
||||
checkbox.checked = true;
|
||||
}
|
||||
} */
|
||||
p_notify("");
|
||||
}
|
||||
}
|
||||
|
||||
function prefslist_callback() {
|
||||
var container = document.getElementById('prefContent');
|
||||
if (xmlhttp.readyState == 4) {
|
||||
|
@ -141,6 +164,23 @@ function updateFeedList() {
|
|||
|
||||
}
|
||||
|
||||
function updateUsersList() {
|
||||
|
||||
if (!xmlhttp_ready(xmlhttp)) {
|
||||
printLockingError();
|
||||
return
|
||||
}
|
||||
|
||||
// document.getElementById("prefContent").innerHTML = "Loading feeds, please wait...";
|
||||
|
||||
p_notify("Loading, please wait...");
|
||||
|
||||
xmlhttp.open("GET", "backend.php?op=pref-users", true);
|
||||
xmlhttp.onreadystatechange=userlist_callback;
|
||||
xmlhttp.send(null);
|
||||
|
||||
}
|
||||
|
||||
function toggleSelectRow(sender) {
|
||||
var parent_row = sender.parentNode.parentNode;
|
||||
|
||||
|
@ -233,6 +273,31 @@ function addFeed() {
|
|||
|
||||
}
|
||||
|
||||
function addUser() {
|
||||
|
||||
if (!xmlhttp_ready(xmlhttp)) {
|
||||
printLockingError();
|
||||
return
|
||||
}
|
||||
|
||||
var sqlexp = document.getElementById("uadd_box");
|
||||
|
||||
if (sqlexp.value.length == 0) {
|
||||
notify("Missing user login.");
|
||||
} else {
|
||||
notify("Adding user...");
|
||||
|
||||
xmlhttp.open("GET", "backend.php?op=pref-users&subop=add&login=" +
|
||||
param_escape(sqlexp.value), true);
|
||||
|
||||
xmlhttp.onreadystatechange=userlist_callback;
|
||||
xmlhttp.send(null);
|
||||
|
||||
sqlexp.value = "";
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
function editLabel(id) {
|
||||
|
||||
if (!xmlhttp_ready(xmlhttp)) {
|
||||
|
@ -249,6 +314,22 @@ function editLabel(id) {
|
|||
|
||||
}
|
||||
|
||||
function editUser(id) {
|
||||
|
||||
if (!xmlhttp_ready(xmlhttp)) {
|
||||
printLockingError();
|
||||
return
|
||||
}
|
||||
|
||||
active_user = id;
|
||||
|
||||
xmlhttp.open("GET", "backend.php?op=pref-users&subop=edit&id=" +
|
||||
param_escape(id), true);
|
||||
xmlhttp.onreadystatechange=userlist_callback;
|
||||
xmlhttp.send(null);
|
||||
|
||||
}
|
||||
|
||||
function editFilter(id) {
|
||||
|
||||
if (!xmlhttp_ready(xmlhttp)) {
|
||||
|
@ -299,6 +380,22 @@ function getSelectedLabels() {
|
|||
return sel_rows;
|
||||
}
|
||||
|
||||
function getSelectedUsers() {
|
||||
|
||||
var content = document.getElementById("prefUserList");
|
||||
|
||||
var sel_rows = new Array();
|
||||
|
||||
for (i = 0; i < content.rows.length; i++) {
|
||||
if (content.rows[i].className.match("Selected")) {
|
||||
var row_id = content.rows[i].id.replace("UMRR-", "");
|
||||
sel_rows.push(row_id);
|
||||
}
|
||||
}
|
||||
|
||||
return sel_rows;
|
||||
}
|
||||
|
||||
|
||||
function getSelectedFilters() {
|
||||
|
||||
|
@ -405,6 +502,29 @@ function removeSelectedLabels() {
|
|||
}
|
||||
}
|
||||
|
||||
function removeSelectedUsers() {
|
||||
|
||||
if (!xmlhttp_ready(xmlhttp)) {
|
||||
printLockingError();
|
||||
return
|
||||
}
|
||||
|
||||
var sel_rows = getSelectedUsers();
|
||||
|
||||
if (sel_rows.length > 0) {
|
||||
|
||||
notify("Removing selected users...");
|
||||
|
||||
xmlhttp.open("GET", "backend.php?op=pref-users&subop=remove&ids="+
|
||||
param_escape(sel_rows.toString()), true);
|
||||
xmlhttp.onreadystatechange=userlist_callback;
|
||||
xmlhttp.send(null);
|
||||
|
||||
} else {
|
||||
notify("Please select some labels first.");
|
||||
}
|
||||
}
|
||||
|
||||
function removeSelectedFilters() {
|
||||
|
||||
if (!xmlhttp_ready(xmlhttp)) {
|
||||
|
@ -535,6 +655,22 @@ function labelEditCancel() {
|
|||
|
||||
}
|
||||
|
||||
function userEditCancel() {
|
||||
|
||||
if (!xmlhttp_ready(xmlhttp)) {
|
||||
printLockingError();
|
||||
return
|
||||
}
|
||||
|
||||
active_user = false;
|
||||
|
||||
notify("Operation cancelled.");
|
||||
|
||||
xmlhttp.open("GET", "backend.php?op=pref-users", true);
|
||||
xmlhttp.onreadystatechange=userlist_callback;
|
||||
xmlhttp.send(null);
|
||||
|
||||
}
|
||||
|
||||
function filterEditCancel() {
|
||||
|
||||
|
@ -588,6 +724,40 @@ function labelEditSave() {
|
|||
|
||||
}
|
||||
|
||||
function userEditSave() {
|
||||
|
||||
var user = active_user;
|
||||
|
||||
if (!xmlhttp_ready(xmlhttp)) {
|
||||
printLockingError();
|
||||
return
|
||||
}
|
||||
|
||||
var login = document.getElementById("iedit_ulogin").value;
|
||||
var level = document.getElementById("iedit_ulevel").value;
|
||||
|
||||
if (login.length == 0) {
|
||||
notify("Login cannot be blank.");
|
||||
return;
|
||||
}
|
||||
|
||||
if (level.length == 0) {
|
||||
notify("User level cannot be blank.");
|
||||
return;
|
||||
}
|
||||
|
||||
active_user = false;
|
||||
|
||||
xmlhttp.open("GET", "backend.php?op=pref-users&subop=editSave&id=" +
|
||||
user + "&l=" + param_escape(login) + "&al=" + param_escape(level),
|
||||
true);
|
||||
|
||||
xmlhttp.onreadystatechange=labellist_callback;
|
||||
xmlhttp.send(null);
|
||||
|
||||
}
|
||||
|
||||
|
||||
function filterEditSave() {
|
||||
|
||||
var filter = active_filter;
|
||||
|
@ -638,6 +808,47 @@ function editSelectedLabel() {
|
|||
|
||||
}
|
||||
|
||||
function editSelectedUser() {
|
||||
var rows = getSelectedUsers();
|
||||
|
||||
if (rows.length == 0) {
|
||||
notify("No users are selected.");
|
||||
return;
|
||||
}
|
||||
|
||||
if (rows.length > 1) {
|
||||
notify("Please select one user.");
|
||||
return;
|
||||
}
|
||||
|
||||
editUser(rows[0]);
|
||||
}
|
||||
|
||||
function resetSelectedUserPass() {
|
||||
var rows = getSelectedUsers();
|
||||
|
||||
if (rows.length == 0) {
|
||||
notify("No users are selected.");
|
||||
return;
|
||||
}
|
||||
|
||||
if (rows.length > 1) {
|
||||
notify("Please select one user.");
|
||||
return;
|
||||
}
|
||||
|
||||
notify("Resetting password for selected user...");
|
||||
|
||||
var id = rows[0];
|
||||
|
||||
xmlhttp.open("GET", "backend.php?op=pref-users&subop=resetPass&id=" +
|
||||
param_escape(id), true);
|
||||
xmlhttp.onreadystatechange=userlist_callback;
|
||||
xmlhttp.send(null);
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
function editSelectedFilter() {
|
||||
var rows = getSelectedFilters();
|
||||
|
@ -755,6 +966,8 @@ function selectTab(id) {
|
|||
updateLabelList();
|
||||
} else if (id == "genConfig") {
|
||||
updatePrefsList();
|
||||
} else if (id == "userConfig") {
|
||||
updateUsersList();
|
||||
}
|
||||
|
||||
var tab = document.getElementById(active_tab + "Tab");
|
||||
|
|
10
prefs.php
10
prefs.php
|
@ -23,10 +23,6 @@
|
|||
$_SESSION["name"] = "admin";
|
||||
}
|
||||
|
||||
|
||||
initialize_user_prefs($link, $_SESSION["uid"]);
|
||||
// FIXME this needs to be moved somewhere after user creation
|
||||
|
||||
?>
|
||||
<html>
|
||||
<head>
|
||||
|
@ -77,7 +73,7 @@
|
|||
<? } ?>
|
||||
<tr>
|
||||
<td class="prefsTabs" align="left" valign="bottom">
|
||||
<input id="genConfigTab" class="prefsTab" type="submit" value="User Preferences"
|
||||
<input id="genConfigTab" class="prefsTab" type="submit" value="Preferences"
|
||||
onclick="selectTab('genConfig')">
|
||||
<input id="feedConfigTab" class="prefsTab" type="submit" value="Feed Configuration"
|
||||
onclick="selectTab('feedConfig')">
|
||||
|
@ -87,6 +83,10 @@
|
|||
<input id="labelConfigTab" class="prefsTab" type="submit" value="Label Editor"
|
||||
onclick="selectTab('labelConfig')">
|
||||
<? } ?>
|
||||
<? if ($_SESSION["access_level"] >= 10) { ?>
|
||||
<input id="userConfigTab" class="prefsTab" type="submit" value="User Manager"
|
||||
onclick="selectTab('userConfig')">
|
||||
<? } ?>
|
||||
</td>
|
||||
<td class="prefsToolbar" valign="middle" align="right">
|
||||
<input type="submit" onclick="gotoMain()" class="button" value="Return to main">
|
||||
|
|
10
tt-rss.css
10
tt-rss.css
|
@ -241,7 +241,7 @@ a:hover {
|
|||
}
|
||||
|
||||
#iedit_title, #iedit_link, #iedit_regexp, #iedit_descr, #iedit_expr, #iedit_updintl,
|
||||
#iedit_purgintl {
|
||||
#iedit_purgintl, #iedit_ulogin, #iedit_ulevel {
|
||||
width : 100%;
|
||||
padding-left : 2px;
|
||||
}
|
||||
|
@ -498,6 +498,14 @@ div.warning {
|
|||
font-size : x-small;
|
||||
}
|
||||
|
||||
div.notice {
|
||||
background : #ffffff;
|
||||
border : 1px solid #c0c0c0;
|
||||
padding : 5px;
|
||||
margin : 5px;
|
||||
font-size : x-small;
|
||||
}
|
||||
|
||||
ul.nomarks {
|
||||
list-style-type : none;
|
||||
margin : 0px;
|
||||
|
|
|
@ -23,9 +23,6 @@
|
|||
$_SESSION["name"] = "admin";
|
||||
}
|
||||
|
||||
initialize_user_prefs($link, $_SESSION["uid"]);
|
||||
// FIXME this needs to be moved somewhere after user creation
|
||||
|
||||
?>
|
||||
<html>
|
||||
<head>
|
||||
|
|
Loading…
Reference in New Issue