".__('User editor').""; print "
"; print "
"; print ""; print ""; print ""; $result = db_query($link, "SELECT * FROM ttrss_users WHERE id = '$id'"); $login = db_fetch_result($result, 0, "login"); $access_level = db_fetch_result($result, 0, "access_level"); $email = db_fetch_result($result, 0, "email"); print ""; print ""; print ""; print ""; $sel_disabled = ($id == $_SESSION["uid"]) ? "disabled" : ""; print ""; print "
".__('Login:')."
".__('Change password:')."
".__('E-mail:')."
".__('Access level:').""; print_select_hash("access_level", $access_level, $access_level_names, $sel_disabled); print "
"; print "
"; print "
"; print "
"; return; } if ($subop == "editSave") { if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { $login = db_escape_string(trim($_GET["login"])); $uid = db_escape_string($_GET["id"]); $access_level = (int) $_GET["access_level"]; $email = db_escape_string(trim($_GET["email"])); $password = db_escape_string(trim($_GET["password"])); if ($password) { $pwd_hash = encrypt_password($password, $login); $pass_query_part = "pwd_hash = '$pwd_hash', "; print_notice(T_sprintf('Changed password of user %s.', $login)); } else { $pass_query_part = ""; } db_query($link, "UPDATE ttrss_users SET $pass_query_part login = '$login', access_level = '$access_level', email = '$email' WHERE id = '$uid'"); } } else if ($subop == "remove") { if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { $ids = split(",", db_escape_string($_GET["ids"])); foreach ($ids as $id) { db_query($link, "DELETE FROM ttrss_users WHERE id = '$id' AND id != " . $_SESSION["uid"]); } } } else if ($subop == "add") { if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { $login = db_escape_string(trim($_GET["login"])); $tmp_user_pwd = make_password(8); $pwd_hash = encrypt_password($tmp_user_pwd, $login); $result = db_query($link, "SELECT id FROM ttrss_users WHERE login = '$login'"); if (db_num_rows($result) == 0) { db_query($link, "INSERT INTO ttrss_users (login,pwd_hash,access_level,last_login,created) VALUES ('$login', '$pwd_hash', 0, null, NOW())"); $result = db_query($link, "SELECT id FROM ttrss_users WHERE login = '$login' AND pwd_hash = '$pwd_hash'"); if (db_num_rows($result) == 1) { $new_uid = db_fetch_result($result, 0, "id"); print_notice(T_sprintf("Added user %s with password %s", $login, $tmp_user_pwd)); initialize_user($link, $new_uid); } else { print_warning(T_sprintf("Could not create user %s", $login)); } } else { print_warning(T_sprintf("User %s already exists.", $login)); } } } else if ($subop == "resetPass") { if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { $uid = db_escape_string($_GET["id"]); $result = db_query($link, "SELECT login,email FROM ttrss_users WHERE id = '$uid'"); $login = db_fetch_result($result, 0, "login"); $email = db_fetch_result($result, 0, "email"); $tmp_user_pwd = make_password(8); $pwd_hash = encrypt_password($tmp_user_pwd, $login); db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash' WHERE id = '$uid'"); print_notice(T_sprintf("Changed password of user %s to %s", $login, $tmp_user_pwd)); if (MAIL_RESET_PASS && $email) { print " Notifying $email."; mail("$login <$email>", "Password reset notification", "Hi, $login.\n". "\n". "Your password for this TT-RSS installation was reset by". " an administrator.\n". "\n". "Your new password is $tmp_user_pwd, please remember". " it for later reference.\n". "\n". "Sincerely, TT-RSS Mail Daemon.", "From: " . MAIL_FROM); } print ""; } } set_pref($link, "_PREFS_ACTIVE_TAB", "userConfig"); $sort = db_escape_string($_GET["sort"]); if (!$sort || $sort == "undefined") { $sort = "login"; } print "
 "; print "
"; $result = db_query($link, "SELECT id,login,access_level,email, SUBSTRING(last_login,1,16) as last_login FROM ttrss_users ORDER BY $sort"); // print "
PLACEHOLDER
"; print "

"; print ""; $lnum = 0; while ($line = db_fetch_assoc($result)) { $class = ($lnum % 2) ? "even" : "odd"; $uid = $line["id"]; $edit_uid = $_GET["id"]; if ($subop == "edit" && $uid != $edit_uid) { $class .= "Grayed"; $this_row_id = ""; } else { $this_row_id = "id=\"UMRR-$uid\""; } print ""; $line["login"] = htmlspecialchars($line["login"]); # $line["last_login"] = date(get_pref($link, 'SHORT_DATE_FORMAT'), # strtotime($line["last_login"])); if (get_pref($link, 'HEADLINES_SMART_DATE')) { $line["last_login"] = smart_date_time(strtotime($line["last_login"])); } else { $line["last_login"] = date(get_pref($link, 'SHORT_DATE_FORMAT'), strtotime($line["last_login"])); } $access_level_names = array(0 => __("User"), 10 => __("Administrator")); // if (!$edit_uid || $subop != "edit") { print ""; print ""; if (!$line["email"]) $line["email"] = " "; print ""; /* } else if ($uid != $edit_uid) { if (!$line["email"]) $line["email"] = " "; print ""; print ""; print ""; print ""; } else { print ""; print ""; print ""; print ""; } */ print ""; print ""; ++$lnum; } print "
".__('Select:')." ".__('All').", ".__('None')." "; print "
  ".__('Login')." ".__('Access Level')." ".__('Last login')."
" . $line["login"] . "" . $access_level_names[$line["access_level"]] . "".$line["login"]."".$line["email"]."".$access_level_names[$line["access_level"]]." "; print ""; print "".$line["last_login"]."
"; print "

"; print " "; } ?>