user manager

This commit is contained in:
Andrew Dolgov 2005-11-18 10:00:18 +01:00
parent cd42edf18d
commit e6cb77a07a
7 changed files with 454 additions and 12 deletions

View File

@ -1009,7 +1009,7 @@
} else {
print "<td><input disabled=\"true\" type=\"checkbox\"></td>";
print "<td><input disabled=\"true\" type=\"checkbox\" checked></td>";
print "<td><input id=\"iedit_title\" value=\"$edit_title\"></td>";
print "<td><input id=\"iedit_link\" value=\"$edit_link\"></td>";
@ -1201,7 +1201,7 @@
} else {
print "<td><input disabled=\"true\" type=\"checkbox\"></td>";
print "<td><input disabled=\"true\" type=\"checkbox\" checked></td>";
print "<td><input id=\"iedit_regexp\" value=\"".$line["reg_exp"].
"\"></td>";
@ -1356,7 +1356,7 @@
} else {
print "<td><input disabled=\"true\" type=\"checkbox\"></td>";
print "<td><input disabled=\"true\" type=\"checkbox\" checked></td>";
print "<td><input id=\"iedit_expr\" value=\"".$line["sql_exp"].
"\"></td>";
@ -1743,6 +1743,192 @@
}
if ($op == "pref-users") {
$subop = $_GET["subop"];
if ($subop == "editSave") {
if (!WEB_DEMO_MODE) {
$login = db_escape_string($_GET["l"]);
$uid = db_escape_string($_GET["id"]);
$access_level = sprintf("%d", $_GET["al"]);
db_query($link, "UPDATE ttrss_users SET login = '$login', access_level = '$access_level' WHERE id = '$uid'");
}
} else if ($subop == "remove") {
if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
$ids = split(",", $_GET["ids"]);
foreach ($ids as $id) {
db_query($link, "DELETE FROM ttrss_users WHERE id = '$id' AND id != " . $_SESSION["uid"]);
}
}
} else if ($subop == "add") {
if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
$login = db_escape_string($_GET["login"]);
$tmp_user_pwd = make_password(8);
$pwd_hash = 'SHA1:' . sha1($tmp_user_pwd);
db_query($link, "INSERT INTO ttrss_users (login,pwd_hash,access_level)
VALUES ('$login', '$pwd_hash', 0)");
$result = db_query($link, "SELECT id FROM ttrss_users WHERE
login = '$login' AND pwd_hash = '$pwd_hash'");
if (db_num_rows($result) == 1) {
$new_uid = db_fetch_result($result, 0, "id");
print "<div class=\"notice\">Added user <b>".$_GET["login"].
"</b> with password <b>$tmp_user_pwd</b>.</div>";
initialize_user($link, $new_uid);
} else {
print "<div class=\"warning\">Error while adding user <b>".
$_GET["login"].".</b></div>";
}
}
} else if ($subop == "resetPass") {
if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
$uid = db_escape_string($_GET["id"]);
$result = db_query($link, "SELECT login FROM ttrss_users WHERE id = '$uid'");
$login = db_fetch_result($result, 0, "login");
$tmp_user_pwd = make_password(8);
$pwd_hash = 'SHA1:' . sha1($tmp_user_pwd);
db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash'
WHERE id = '$uid'");
print "<div class=\"notice\">Changed password of
user <b>$login</b> to <b>$tmp_user_pwd</b>.</div>";
}
}
print "<table class=\"prefAddFeed\"><tr>
<td><input id=\"uadd_box\"></td>";
print"<td colspan=\"4\" align=\"right\">
<a class=\"button\" href=\"javascript:addUser()\">Add user</a></td></tr>
</table>";
$result = db_query($link, "SELECT
id,login,access_level
FROM
ttrss_users
ORDER by login");
print "<p><table width=\"100%\" class=\"prefUserList\" id=\"prefUserList\">";
print "<tr class=\"title\">
<td width=\"5%\">Select</td><td width='40%'>Login
</td>
<td width='40%'>Access Level</td></tr>";
$lnum = 0;
while ($line = db_fetch_assoc($result)) {
$class = ($lnum % 2) ? "even" : "odd";
$uid = $line["id"];
$edit_uid = $_GET["id"];
if ($uid == $_SESSION["uid"] || ($subop == "edit" && $uid != $edit_uid)) {
$class .= "Grayed";
}
print "<tr class=\"$class\" id=\"UMRR-$uid\">";
$line["login"] = htmlspecialchars($line["login"]);
if ($uid == $_SESSION["uid"]) {
print "<td><input disabled=\"true\" type=\"checkbox\"
id=\"UMCHK-".$line["id"]."\"></td>";
print "<td>".$line["login"]."</td>";
print "<td>".$line["access_level"]."</td>";
} else if (!$edit_uid || $subop != "edit") {
print "<td><input onclick='toggleSelectRow(this);'
type=\"checkbox\" id=\"UMCHK-".$line["id"]."\"></td>";
print "<td><a href=\"javascript:editUser($uid);\">" .
$line["login"] . "</td>";
print "<td><a href=\"javascript:editUser($uid);\">" .
$line["access_level"] . "</td>";
} else if ($uid != $edit_uid) {
print "<td><input disabled=\"true\" type=\"checkbox\"
id=\"UMCHK-".$line["id"]."\"></td>";
print "<td>".$line["login"]."</td>";
print "<td>".$line["access_level"]."</td>";
} else {
print "<td><input disabled=\"true\" type=\"checkbox\" checked></td>";
print "<td><input id=\"iedit_ulogin\" value=\"".$line["login"].
"\"></td>";
print "<td><input id=\"iedit_ulevel\" value=\"".$line["access_level"].
"\"></td>";
}
print "</tr>";
++$lnum;
}
print "</table>";
print "<p>";
if ($subop == "edit") {
print "Edit label:
<input type=\"submit\" class=\"button\"
onclick=\"javascript:userEditCancel()\" value=\"Cancel\">
<input type=\"submit\" class=\"button\"
onclick=\"javascript:userEditSave()\" value=\"Save\">";
} else {
print "
Selection:
<input type=\"submit\" class=\"button\"
onclick=\"javascript:resetSelectedUserPass()\" value=\"Reset password\">
<input type=\"submit\" class=\"button\"
onclick=\"javascript:editSelectedUser()\" value=\"Edit\">
<input type=\"submit\" class=\"button\"
onclick=\"javascript:removeSelectedUsers()\" value=\"Remove\">";
}
}
db_close($link);
?>

View File

@ -553,4 +553,41 @@
}
}
function make_password($length = 8) {
$password = "";
$possible = "0123456789bcdfghjkmnpqrstvwxyz";
$i = 0;
while ($i < $length) {
$char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
if (!strstr($password, $char)) {
$password .= $char;
$i++;
}
}
return $password;
}
// this is called after user is created to initialize default feeds, labels
// or whatever else
// user preferences are checked on every login, not here
function initialize_user($link, $uid) {
db_query($link, "insert into ttrss_labels (owner_uid,sql_exp,description)
values ('$uid','unread = true', 'Unread articles')");
db_query($link, "insert into ttrss_labels (owner_uid,sql_exp,description)
values ('$uid','last_read is null and unread = false', 'Updated articles')");
db_query($link, "insert into ttrss_feeds (owner_uid,title,feed_url)
values ('$uid', 'Tiny Tiny RSS Dev. Feed',
'http://bah.spb.su/darcsweb/darcsweb.cgi?r=tt-rss;a=rss')");
}
?>

View File

@ -12,6 +12,7 @@
if ($login && $password) {
if (authenticate_user($link, $login, $password)) {
initialize_user_prefs($link, $_SESSION["uid"]);
header("Location: tt-rss.php");
}
}

213
prefs.js
View File

@ -8,6 +8,7 @@ var xmlhttp = false;
var active_feed = false;
var active_filter = false;
var active_label = false;
var active_user = false;
var active_tab = false;
@ -95,6 +96,28 @@ function labellist_callback() {
}
}
function userlist_callback() {
var container = document.getElementById('prefContent');
if (xmlhttp.readyState == 4) {
container.innerHTML=xmlhttp.responseText;
/* if (active_filter) {
var row = document.getElementById("ULRR-" + active_label);
if (row) {
if (!row.className.match("Selected")) {
row.className = row.className + "Selected";
}
}
var checkbox = document.getElementById("LICHK-" + active_label);
if (checkbox) {
checkbox.checked = true;
}
} */
p_notify("");
}
}
function prefslist_callback() {
var container = document.getElementById('prefContent');
if (xmlhttp.readyState == 4) {
@ -141,6 +164,23 @@ function updateFeedList() {
}
function updateUsersList() {
if (!xmlhttp_ready(xmlhttp)) {
printLockingError();
return
}
// document.getElementById("prefContent").innerHTML = "Loading feeds, please wait...";
p_notify("Loading, please wait...");
xmlhttp.open("GET", "backend.php?op=pref-users", true);
xmlhttp.onreadystatechange=userlist_callback;
xmlhttp.send(null);
}
function toggleSelectRow(sender) {
var parent_row = sender.parentNode.parentNode;
@ -233,6 +273,31 @@ function addFeed() {
}
function addUser() {
if (!xmlhttp_ready(xmlhttp)) {
printLockingError();
return
}
var sqlexp = document.getElementById("uadd_box");
if (sqlexp.value.length == 0) {
notify("Missing user login.");
} else {
notify("Adding user...");
xmlhttp.open("GET", "backend.php?op=pref-users&subop=add&login=" +
param_escape(sqlexp.value), true);
xmlhttp.onreadystatechange=userlist_callback;
xmlhttp.send(null);
sqlexp.value = "";
}
}
function editLabel(id) {
if (!xmlhttp_ready(xmlhttp)) {
@ -249,6 +314,22 @@ function editLabel(id) {
}
function editUser(id) {
if (!xmlhttp_ready(xmlhttp)) {
printLockingError();
return
}
active_user = id;
xmlhttp.open("GET", "backend.php?op=pref-users&subop=edit&id=" +
param_escape(id), true);
xmlhttp.onreadystatechange=userlist_callback;
xmlhttp.send(null);
}
function editFilter(id) {
if (!xmlhttp_ready(xmlhttp)) {
@ -299,6 +380,22 @@ function getSelectedLabels() {
return sel_rows;
}
function getSelectedUsers() {
var content = document.getElementById("prefUserList");
var sel_rows = new Array();
for (i = 0; i < content.rows.length; i++) {
if (content.rows[i].className.match("Selected")) {
var row_id = content.rows[i].id.replace("UMRR-", "");
sel_rows.push(row_id);
}
}
return sel_rows;
}
function getSelectedFilters() {
@ -405,6 +502,29 @@ function removeSelectedLabels() {
}
}
function removeSelectedUsers() {
if (!xmlhttp_ready(xmlhttp)) {
printLockingError();
return
}
var sel_rows = getSelectedUsers();
if (sel_rows.length > 0) {
notify("Removing selected users...");
xmlhttp.open("GET", "backend.php?op=pref-users&subop=remove&ids="+
param_escape(sel_rows.toString()), true);
xmlhttp.onreadystatechange=userlist_callback;
xmlhttp.send(null);
} else {
notify("Please select some labels first.");
}
}
function removeSelectedFilters() {
if (!xmlhttp_ready(xmlhttp)) {
@ -535,6 +655,22 @@ function labelEditCancel() {
}
function userEditCancel() {
if (!xmlhttp_ready(xmlhttp)) {
printLockingError();
return
}
active_user = false;
notify("Operation cancelled.");
xmlhttp.open("GET", "backend.php?op=pref-users", true);
xmlhttp.onreadystatechange=userlist_callback;
xmlhttp.send(null);
}
function filterEditCancel() {
@ -588,6 +724,40 @@ function labelEditSave() {
}
function userEditSave() {
var user = active_user;
if (!xmlhttp_ready(xmlhttp)) {
printLockingError();
return
}
var login = document.getElementById("iedit_ulogin").value;
var level = document.getElementById("iedit_ulevel").value;
if (login.length == 0) {
notify("Login cannot be blank.");
return;
}
if (level.length == 0) {
notify("User level cannot be blank.");
return;
}
active_user = false;
xmlhttp.open("GET", "backend.php?op=pref-users&subop=editSave&id=" +
user + "&l=" + param_escape(login) + "&al=" + param_escape(level),
true);
xmlhttp.onreadystatechange=labellist_callback;
xmlhttp.send(null);
}
function filterEditSave() {
var filter = active_filter;
@ -638,6 +808,47 @@ function editSelectedLabel() {
}
function editSelectedUser() {
var rows = getSelectedUsers();
if (rows.length == 0) {
notify("No users are selected.");
return;
}
if (rows.length > 1) {
notify("Please select one user.");
return;
}
editUser(rows[0]);
}
function resetSelectedUserPass() {
var rows = getSelectedUsers();
if (rows.length == 0) {
notify("No users are selected.");
return;
}
if (rows.length > 1) {
notify("Please select one user.");
return;
}
notify("Resetting password for selected user...");
var id = rows[0];
xmlhttp.open("GET", "backend.php?op=pref-users&subop=resetPass&id=" +
param_escape(id), true);
xmlhttp.onreadystatechange=userlist_callback;
xmlhttp.send(null);
}
function editSelectedFilter() {
var rows = getSelectedFilters();
@ -755,6 +966,8 @@ function selectTab(id) {
updateLabelList();
} else if (id == "genConfig") {
updatePrefsList();
} else if (id == "userConfig") {
updateUsersList();
}
var tab = document.getElementById(active_tab + "Tab");

View File

@ -23,10 +23,6 @@
$_SESSION["name"] = "admin";
}
initialize_user_prefs($link, $_SESSION["uid"]);
// FIXME this needs to be moved somewhere after user creation
?>
<html>
<head>
@ -77,7 +73,7 @@
<? } ?>
<tr>
<td class="prefsTabs" align="left" valign="bottom">
<input id="genConfigTab" class="prefsTab" type="submit" value="User Preferences"
<input id="genConfigTab" class="prefsTab" type="submit" value="Preferences"
onclick="selectTab('genConfig')">
<input id="feedConfigTab" class="prefsTab" type="submit" value="Feed Configuration"
onclick="selectTab('feedConfig')">
@ -87,6 +83,10 @@
<input id="labelConfigTab" class="prefsTab" type="submit" value="Label Editor"
onclick="selectTab('labelConfig')">
<? } ?>
<? if ($_SESSION["access_level"] >= 10) { ?>
<input id="userConfigTab" class="prefsTab" type="submit" value="User Manager"
onclick="selectTab('userConfig')">
<? } ?>
</td>
<td class="prefsToolbar" valign="middle" align="right">
<input type="submit" onclick="gotoMain()" class="button" value="Return to main">

View File

@ -241,7 +241,7 @@ a:hover {
}
#iedit_title, #iedit_link, #iedit_regexp, #iedit_descr, #iedit_expr, #iedit_updintl,
#iedit_purgintl {
#iedit_purgintl, #iedit_ulogin, #iedit_ulevel {
width : 100%;
padding-left : 2px;
}
@ -498,6 +498,14 @@ div.warning {
font-size : x-small;
}
div.notice {
background : #ffffff;
border : 1px solid #c0c0c0;
padding : 5px;
margin : 5px;
font-size : x-small;
}
ul.nomarks {
list-style-type : none;
margin : 0px;

View File

@ -23,9 +23,6 @@
$_SESSION["name"] = "admin";
}
initialize_user_prefs($link, $_SESSION["uid"]);
// FIXME this needs to be moved somewhere after user creation
?>
<html>
<head>