"; print '
'; //print "
"; $id = (int) clean($_REQUEST["id"]); print_hidden("id", "$id"); print_hidden("op", "pref-users"); print_hidden("method", "editSave"); $sth = $this->pdo->prepare("SELECT * FROM ttrss_users WHERE id = ?"); $sth->execute([$id]); if ($row = $sth->fetch()) { $login = $row["login"]; $access_level = $row["access_level"]; $email = $row["email"]; $sel_disabled = ($id == $_SESSION["uid"] || $login == "admin") ? "disabled" : ""; print "
".__("User")."
"; print "
"; if ($sel_disabled) { print_hidden("login", "$login"); } print "
"; print ""; print ""; print "
"; print "
"; print "
".__("Authentication")."
"; print "
"; print "
"; print " "; if (!$sel_disabled) { print_select_hash("access_level", $access_level, $access_level_names, "dojoType=\"fox.form.Select\" $sel_disabled"); } else { print_select_hash("", $access_level, $access_level_names, "dojoType=\"fox.form.Select\" $sel_disabled"); print_hidden("access_level", "$access_level"); } print "
"; print "
"; print " "; print ""; print "
"; print "
"; print "
".__("Options")."
"; print "
"; print "
"; print " "; print ""; print "
"; print "
"; print ""; } print '
'; #tab print "
"; print '
'; print '
'; print ""; print ""; return; } function userdetails() { $id = (int) clean($_REQUEST["id"]); $sth = $this->pdo->prepare("SELECT login, ".SUBSTRING_FOR_DATE."(last_login,1,16) AS last_login, access_level, (SELECT COUNT(int_id) FROM ttrss_user_entries WHERE owner_uid = id) AS stored_articles, ".SUBSTRING_FOR_DATE."(created,1,16) AS created FROM ttrss_users WHERE id = ?"); $sth->execute([$id]); if ($row = $sth->fetch()) { print ""; $last_login = TimeHelper::make_local_datetime( $row["last_login"], true); $created = TimeHelper::make_local_datetime( $row["created"], true); $stored_articles = $row["stored_articles"]; print ""; print ""; $sth = $this->pdo->prepare("SELECT COUNT(id) as num_feeds FROM ttrss_feeds WHERE owner_uid = ?"); $sth->execute([$id]); $row = $sth->fetch(); $num_feeds = $row["num_feeds"]; print ""; print ""; print "
".__('Registered')."$created
".__('Last logged in')."$last_login
".__('Subscribed feeds count')."$num_feeds
".__('Stored articles')."$stored_articles
"; print "

".__('Subscribed feeds')."

"; $sth = $this->pdo->prepare("SELECT id,title,site_url FROM ttrss_feeds WHERE owner_uid = ? ORDER BY title"); $sth->execute([$id]); print ""; } else { print "

".__('User not found')."

"; } } function editSave() { $login = clean($_REQUEST["login"]); $uid = clean($_REQUEST["id"]); $access_level = (int) clean($_REQUEST["access_level"]); $email = clean($_REQUEST["email"]); $password = clean($_REQUEST["password"]); if ($password) { $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $pwd_hash = encrypt_password($password, $salt, true); $pass_query_part = "pwd_hash = ".$this->pdo->quote($pwd_hash).", salt = ".$this->pdo->quote($salt).","; } else { $pass_query_part = ""; } $sth = $this->pdo->prepare("UPDATE ttrss_users SET $pass_query_part login = LOWER(?), access_level = ?, email = ?, otp_enabled = false WHERE id = ?"); $sth->execute([$login, $access_level, $email, $uid]); } function remove() { $ids = explode(",", clean($_REQUEST["ids"])); foreach ($ids as $id) { if ($id != $_SESSION["uid"] && $id != 1) { $sth = $this->pdo->prepare("DELETE FROM ttrss_tags WHERE owner_uid = ?"); $sth->execute([$id]); $sth = $this->pdo->prepare("DELETE FROM ttrss_feeds WHERE owner_uid = ?"); $sth->execute([$id]); $sth = $this->pdo->prepare("DELETE FROM ttrss_users WHERE id = ?"); $sth->execute([$id]); } } } function add() { $login = clean($_REQUEST["login"]); $tmp_user_pwd = make_password(); $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $pwd_hash = encrypt_password($tmp_user_pwd, $salt, true); if (!$login) return; // no blank usernames if (!UserHelper::find_user_by_login($login)) { $sth = $this->pdo->prepare("INSERT INTO ttrss_users (login,pwd_hash,access_level,last_login,created, salt) VALUES (LOWER(?), ?, 0, null, NOW(), ?)"); $sth->execute([$login, $pwd_hash, $salt]); if ($new_uid = UserHelper::find_user_by_login($login)) { $new_uid = $row['id']; print T_sprintf("Added user %s with password %s", $login, $tmp_user_pwd); $this->initialize_user($new_uid); } else { print T_sprintf("Could not create user %s", $login); } } else { print T_sprintf("User %s already exists.", $login); } } static function resetUserPassword($uid, $format_output = false) { $pdo = Db::pdo(); $sth = $pdo->prepare("SELECT login FROM ttrss_users WHERE id = ?"); $sth->execute([$uid]); if ($row = $sth->fetch()) { $login = $row["login"]; $new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $tmp_user_pwd = make_password(); $pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true); $sth = $pdo->prepare("UPDATE ttrss_users SET pwd_hash = ?, salt = ?, otp_enabled = false WHERE id = ?"); $sth->execute([$pwd_hash, $new_salt, $uid]); $message = T_sprintf("Changed password of user %s to %s", "$login", "$tmp_user_pwd"); if ($format_output) print_notice($message); else print $message; } } function resetPass() { $uid = clean($_REQUEST["id"]); self::resetUserPassword($uid); } function index() { global $access_level_names; print "
"; print "
"; print "
"; $user_search = clean($_REQUEST["search"] ?? ""); if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_user_search"] = $user_search; } else { $user_search = ($_SESSION["prefs_user_search"] ?? ""); } print "
"; $sort = clean($_REQUEST["sort"] ?? ""); if (!$sort || $sort == "undefined") { $sort = "login"; } print "
". "" . __('Select').""; print "
"; print "
".__('All')."
"; print "
".__('None')."
"; print "
"; print ""; print " "; PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "prefUsersToolbar"); print "
"; #toolbar print "
"; #pane print "
"; $sort = $this->validate_field($sort, ["login", "access_level", "created", "num_feeds", "created", "last_login"], "login"); if ($sort != "login") $sort = "$sort DESC"; $sth = $this->pdo->prepare("SELECT tu.id, login,access_level,email, ".SUBSTRING_FOR_DATE."(last_login,1,16) as last_login, ".SUBSTRING_FOR_DATE."(created,1,16) as created, (SELECT COUNT(id) FROM ttrss_feeds WHERE owner_uid = tu.id) AS num_feeds FROM ttrss_users tu WHERE (:search = '' OR login LIKE :search) AND tu.id > 0 ORDER BY $sort"); $sth->execute([":search" => $user_search ? "%$user_search%" : ""]); print ""; print ""; $lnum = 0; while ($line = $sth->fetch()) { $uid = $line["id"]; print ""; $line["login"] = htmlspecialchars($line["login"]); $line["created"] = TimeHelper::make_local_datetime($line["created"], false); $line["last_login"] = TimeHelper::make_local_datetime($line["last_login"], false); print ""; print ""; print ""; print ""; print ""; print ""; print ""; ++$lnum; } print "
  ".__('Login')." ".__('Access Level')." ".__('Subscribed feeds')." ".__('Registered')." ".__('Last login')."
person " . $line["login"] . "" . $access_level_names[$line["access_level"]] . "" . $line["num_feeds"] . "" . $line["created"] . "" . $line["last_login"] . "
"; if ($lnum == 0) { if (!$user_search) { print_warning(__('No users defined.')); } else { print_warning(__('No matching users found.')); } } print "
"; #pane PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB, "prefUsers"); print "
"; #container } function validate_field($string, $allowed, $default = "") { if (in_array($string, $allowed)) return $string; else return $default; } // this is called after user is created to initialize default feeds, labels // or whatever else // user preferences are checked on every login, not here static function initialize_user($uid) { $pdo = Db::pdo(); $sth = $pdo->prepare("insert into ttrss_feeds (owner_uid,title,feed_url) values (?, 'Tiny Tiny RSS: Forum', 'https://tt-rss.org/forum/rss.php')"); $sth->execute([$uid]); } static function logout_user() { if (session_status() === PHP_SESSION_ACTIVE) session_destroy(); if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time()-42000, '/'); } session_commit(); } }