mirror of
https://git.tt-rss.org/git/tt-rss.git
synced 2025-12-26 19:01:28 +00:00
4a2a90c980
Since making use of keypress in addition to keydown, hotkeys did not work in certain scenarios, including clicking on the feed tree expanders or empty spaces of the toolbar. This issue is caused by dijit.Tree and dijit.Toolbar implementing the _KeyNavMixin, which explicitly stops propagation of keypress events. This change contains two main fixes plus a smaller hotfix: 1. It overrides _onContainerKeydown and _onContainerKeypress for fox.FeedTree (which inherits from dijit.Tree). 2. It adds fox.Toolbar, which overrides _onContainerKeydown, _onContainerKeypress and focus. This fixes hotkeys being swallowed and the first focusable child receiving focus when clicking on an empty space of the toolbar. 3. It adds the same handling of keydown and keypress to the prefs hotkey handler as is done in the main hotkey handler.
439 lines
13 KiB
PHP
439 lines
13 KiB
PHP
<?php
|
|
class Pref_Users extends Handler_Protected {
|
|
function before($method) {
|
|
if (parent::before($method)) {
|
|
if ($_SESSION["access_level"] < 10) {
|
|
print __("Your access level is insufficient to open this tab.");
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
function csrf_ignore($method) {
|
|
$csrf_ignored = array("index", "edit", "userdetails");
|
|
|
|
return array_search($method, $csrf_ignored) !== false;
|
|
}
|
|
|
|
function edit() {
|
|
global $access_level_names;
|
|
|
|
print "<form id='user_edit_form' onsubmit='return false' dojoType='dijit.form.Form'>";
|
|
|
|
print '<div dojoType="dijit.layout.TabContainer" style="height : 400px">
|
|
<div dojoType="dijit.layout.ContentPane" title="'.__('Edit user').'">';
|
|
|
|
//print "<form id=\"user_edit_form\" onsubmit='return false' dojoType=\"dijit.form.Form\">";
|
|
|
|
$id = (int) clean($_REQUEST["id"]);
|
|
|
|
print_hidden("id", "$id");
|
|
print_hidden("op", "pref-users");
|
|
print_hidden("method", "editSave");
|
|
|
|
$sth = $this->pdo->prepare("SELECT * FROM ttrss_users WHERE id = ?");
|
|
$sth->execute([$id]);
|
|
|
|
if ($row = $sth->fetch()) {
|
|
|
|
$login = $row["login"];
|
|
$access_level = $row["access_level"];
|
|
$email = $row["email"];
|
|
|
|
$sel_disabled = ($id == $_SESSION["uid"] || $login == "admin") ? "disabled" : "";
|
|
|
|
print "<header>".__("User")."</header>";
|
|
print "<section>";
|
|
|
|
if ($sel_disabled) {
|
|
print_hidden("login", "$login");
|
|
}
|
|
|
|
print "<fieldset>";
|
|
print "<label>" . __("Login:") . "</label>";
|
|
print "<input style='font-size : 16px'
|
|
dojoType='dijit.form.ValidationTextBox' required='1'
|
|
$sel_disabled name='login' value=\"$login\">";
|
|
print "</fieldset>";
|
|
|
|
print "</section>";
|
|
|
|
print "<header>".__("Authentication")."</header>";
|
|
print "<section>";
|
|
|
|
print "<fieldset>";
|
|
|
|
print "<label>" . __('Access level: ') . "</label> ";
|
|
|
|
if (!$sel_disabled) {
|
|
print_select_hash("access_level", $access_level, $access_level_names,
|
|
"dojoType=\"dijit.form.Select\" $sel_disabled");
|
|
} else {
|
|
print_select_hash("", $access_level, $access_level_names,
|
|
"dojoType=\"dijit.form.Select\" $sel_disabled");
|
|
print_hidden("access_level", "$access_level");
|
|
}
|
|
|
|
print "</fieldset>";
|
|
print "<fieldset>";
|
|
|
|
print "<label>" . __("New password:") . "</label> ";
|
|
print "<input dojoType='dijit.form.TextBox' type='password' size='20' placeholder='Change password'
|
|
name='password'>";
|
|
|
|
print "</fieldset>";
|
|
|
|
print "</section>";
|
|
|
|
print "<header>".__("Options")."</header>";
|
|
print "<section>";
|
|
|
|
print "<fieldset>";
|
|
print "<label>" . __("E-mail:") . "</label> ";
|
|
print "<input dojoType='dijit.form.TextBox' size='30' name='email'
|
|
value=\"$email\">";
|
|
print "</fieldset>";
|
|
|
|
print "</section>";
|
|
|
|
print "</table>";
|
|
|
|
}
|
|
|
|
print '</div>'; #tab
|
|
print "<div href=\"backend.php?op=pref-users&method=userdetails&id=$id\"
|
|
dojoType=\"dijit.layout.ContentPane\" title=\"".__('User details')."\">";
|
|
|
|
print '</div>';
|
|
print '</div>';
|
|
|
|
print "<footer>
|
|
<button dojoType='dijit.form.Button' class='alt-primary' type='submit' onclick=\"dijit.byId('userEditDlg').execute()\">".
|
|
__('Save')."</button>
|
|
<button dojoType='dijit.form.Button' onclick=\"dijit.byId('userEditDlg').hide()\">".
|
|
__('Cancel')."</button>
|
|
</footer>";
|
|
|
|
print "</form>";
|
|
|
|
return;
|
|
}
|
|
|
|
function userdetails() {
|
|
$id = (int) clean($_REQUEST["id"]);
|
|
|
|
$sth = $this->pdo->prepare("SELECT login,
|
|
".SUBSTRING_FOR_DATE."(last_login,1,16) AS last_login,
|
|
access_level,
|
|
(SELECT COUNT(int_id) FROM ttrss_user_entries
|
|
WHERE owner_uid = id) AS stored_articles,
|
|
".SUBSTRING_FOR_DATE."(created,1,16) AS created
|
|
FROM ttrss_users
|
|
WHERE id = ?");
|
|
$sth->execute([$id]);
|
|
|
|
if ($row = $sth->fetch()) {
|
|
print "<table width='100%'>";
|
|
|
|
$last_login = make_local_datetime(
|
|
$row["last_login"], true);
|
|
|
|
$created = make_local_datetime(
|
|
$row["created"], true);
|
|
|
|
$stored_articles = $row["stored_articles"];
|
|
|
|
print "<tr><td>".__('Registered')."</td><td>$created</td></tr>";
|
|
print "<tr><td>".__('Last logged in')."</td><td>$last_login</td></tr>";
|
|
|
|
$sth = $this->pdo->prepare("SELECT COUNT(id) as num_feeds FROM ttrss_feeds
|
|
WHERE owner_uid = ?");
|
|
$sth->execute([$id]);
|
|
$row = $sth->fetch();
|
|
$num_feeds = $row["num_feeds"];
|
|
|
|
print "<tr><td>".__('Subscribed feeds count')."</td><td>$num_feeds</td></tr>";
|
|
print "<tr><td>".__('Stored articles')."</td><td>$stored_articles</td></tr>";
|
|
|
|
print "</table>";
|
|
|
|
print "<h1>".__('Subscribed feeds')."</h1>";
|
|
|
|
$sth = $this->pdo->prepare("SELECT id,title,site_url FROM ttrss_feeds
|
|
WHERE owner_uid = ? ORDER BY title");
|
|
$sth->execute([$id]);
|
|
|
|
print "<ul class=\"panel panel-scrollable list list-unstyled\">";
|
|
|
|
while ($line = $sth->fetch()) {
|
|
|
|
$icon_file = ICONS_URL."/".$line["id"].".ico";
|
|
|
|
if (file_exists($icon_file) && filesize($icon_file) > 0) {
|
|
$feed_icon = "<img class=\"icon\" src=\"$icon_file\">";
|
|
} else {
|
|
$feed_icon = "<img class=\"icon\" src=\"images/blank_icon.gif\">";
|
|
}
|
|
|
|
print "<li>$feed_icon <a href=\"".$line["site_url"]."\">".$line["title"]."</a></li>";
|
|
|
|
}
|
|
|
|
print "</ul>";
|
|
|
|
|
|
} else {
|
|
print "<h1>".__('User not found')."</h1>";
|
|
}
|
|
|
|
}
|
|
|
|
function editSave() {
|
|
$login = trim(clean($_REQUEST["login"]));
|
|
$uid = clean($_REQUEST["id"]);
|
|
$access_level = (int) clean($_REQUEST["access_level"]);
|
|
$email = trim(clean($_REQUEST["email"]));
|
|
$password = clean($_REQUEST["password"]);
|
|
|
|
if ($password) {
|
|
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
|
|
$pwd_hash = encrypt_password($password, $salt, true);
|
|
$pass_query_part = "pwd_hash = ".$this->pdo->quote($pwd_hash).",
|
|
salt = ".$this->pdo->quote($salt).",";
|
|
} else {
|
|
$pass_query_part = "";
|
|
}
|
|
|
|
$sth = $this->pdo->prepare("UPDATE ttrss_users SET $pass_query_part login = ?,
|
|
access_level = ?, email = ?, otp_enabled = false WHERE id = ?");
|
|
$sth->execute([$login, $access_level, $email, $uid]);
|
|
|
|
}
|
|
|
|
function remove() {
|
|
$ids = explode(",", clean($_REQUEST["ids"]));
|
|
|
|
foreach ($ids as $id) {
|
|
if ($id != $_SESSION["uid"] && $id != 1) {
|
|
$sth = $this->pdo->prepare("DELETE FROM ttrss_tags WHERE owner_uid = ?");
|
|
$sth->execute([$id]);
|
|
|
|
$sth = $this->pdo->prepare("DELETE FROM ttrss_feeds WHERE owner_uid = ?");
|
|
$sth->execute([$id]);
|
|
|
|
$sth = $this->pdo->prepare("DELETE FROM ttrss_users WHERE id = ?");
|
|
$sth->execute([$id]);
|
|
}
|
|
}
|
|
}
|
|
|
|
function add() {
|
|
$login = trim(clean($_REQUEST["login"]));
|
|
$tmp_user_pwd = make_password();
|
|
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
|
|
$pwd_hash = encrypt_password($tmp_user_pwd, $salt, true);
|
|
|
|
if (!$login) return; // no blank usernames
|
|
|
|
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
|
|
login = ?");
|
|
$sth->execute([$login]);
|
|
|
|
if (!$sth->fetch()) {
|
|
|
|
$sth = $this->pdo->prepare("INSERT INTO ttrss_users
|
|
(login,pwd_hash,access_level,last_login,created, salt)
|
|
VALUES (?, ?, 0, null, NOW(), ?)");
|
|
$sth->execute([$login, $pwd_hash, $salt]);
|
|
|
|
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
|
|
login = ? AND pwd_hash = ?");
|
|
$sth->execute([$login, $pwd_hash]);
|
|
|
|
if ($row = $sth->fetch()) {
|
|
|
|
$new_uid = $row['id'];
|
|
|
|
print T_sprintf("Added user %s with password %s",
|
|
$login, $tmp_user_pwd);
|
|
|
|
initialize_user($new_uid);
|
|
|
|
} else {
|
|
|
|
print T_sprintf("Could not create user %s", $login);
|
|
|
|
}
|
|
} else {
|
|
print T_sprintf("User %s already exists.", $login);
|
|
}
|
|
}
|
|
|
|
static function resetUserPassword($uid, $format_output = false) {
|
|
|
|
$pdo = Db::pdo();
|
|
|
|
$sth = $pdo->prepare("SELECT login FROM ttrss_users WHERE id = ?");
|
|
$sth->execute([$uid]);
|
|
|
|
if ($row = $sth->fetch()) {
|
|
|
|
$login = $row["login"];
|
|
|
|
$new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
|
|
$tmp_user_pwd = make_password();
|
|
|
|
$pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true);
|
|
|
|
$sth = $pdo->prepare("UPDATE ttrss_users
|
|
SET pwd_hash = ?, salt = ?, otp_enabled = false
|
|
WHERE id = ?");
|
|
$sth->execute([$pwd_hash, $new_salt, $uid]);
|
|
|
|
$message = T_sprintf("Changed password of user %s to %s", "<strong>$login</strong>", "<strong>$tmp_user_pwd</strong>");
|
|
|
|
if ($format_output)
|
|
print_notice($message);
|
|
else
|
|
print $message;
|
|
|
|
}
|
|
}
|
|
|
|
function resetPass() {
|
|
$uid = clean($_REQUEST["id"]);
|
|
Pref_Users::resetUserPassword($uid);
|
|
}
|
|
|
|
function index() {
|
|
|
|
global $access_level_names;
|
|
|
|
print "<div dojoType='dijit.layout.BorderContainer' gutters='false'>";
|
|
print "<div style='padding : 0px' dojoType='dijit.layout.ContentPane' region='top'>";
|
|
print "<div dojoType='fox.Toolbar'>";
|
|
|
|
$user_search = trim(clean($_REQUEST["search"]));
|
|
|
|
if (array_key_exists("search", $_REQUEST)) {
|
|
$_SESSION["prefs_user_search"] = $user_search;
|
|
} else {
|
|
$user_search = $_SESSION["prefs_user_search"];
|
|
}
|
|
|
|
print "<div style='float : right; padding-right : 4px;'>
|
|
<input dojoType='dijit.form.TextBox' id='user_search' size='20' type='search'
|
|
value=\"$user_search\">
|
|
<button dojoType='dijit.form.Button' onclick='Users.reload()'>".
|
|
__('Search')."</button>
|
|
</div>";
|
|
|
|
$sort = clean($_REQUEST["sort"]);
|
|
|
|
if (!$sort || $sort == "undefined") {
|
|
$sort = "login";
|
|
}
|
|
|
|
print "<div dojoType='dijit.form.DropDownButton'>".
|
|
"<span>" . __('Select')."</span>";
|
|
print "<div dojoType='dijit.Menu' style='display: none'>";
|
|
print "<div onclick=\"Tables.select('prefUserList', true)\"
|
|
dojoType='dijit.MenuItem'>".__('All')."</div>";
|
|
print "<div onclick=\"Tables.select('prefUserList', false)\"
|
|
dojoType='dijit.MenuItem'>".__('None')."</div>";
|
|
print "</div></div>";
|
|
|
|
print "<button dojoType='dijit.form.Button' onclick='Users.add()'>".__('Create user')."</button>";
|
|
|
|
print "
|
|
<button dojoType='dijit.form.Button' onclick='Users.editSelected()'>".
|
|
__('Edit')."</button dojoType=\"dijit.form.Button\">
|
|
<button dojoType='dijit.form.Button' onclick='Users.removeSelected()'>".
|
|
__('Remove')."</button dojoType=\"dijit.form.Button\">
|
|
<button dojoType='dijit.form.Button' onclick='Users.resetSelected()'>".
|
|
__('Reset password')."</button dojoType=\"dijit.form.Button\">";
|
|
|
|
PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION,
|
|
"hook_prefs_tab_section", "prefUsersToolbar");
|
|
|
|
print "</div>"; #toolbar
|
|
print "</div>"; #pane
|
|
print "<div style='padding : 0px' dojoType='dijit.layout.ContentPane' region='center'>";
|
|
|
|
$sort = validate_field($sort,
|
|
["login", "access_level", "created", "num_feeds", "created", "last_login"], "login");
|
|
|
|
if ($sort != "login") $sort = "$sort DESC";
|
|
|
|
$sth = $this->pdo->prepare("SELECT
|
|
tu.id,
|
|
login,access_level,email,
|
|
".SUBSTRING_FOR_DATE."(last_login,1,16) as last_login,
|
|
".SUBSTRING_FOR_DATE."(created,1,16) as created,
|
|
(SELECT COUNT(id) FROM ttrss_feeds WHERE owner_uid = tu.id) AS num_feeds
|
|
FROM
|
|
ttrss_users tu
|
|
WHERE
|
|
(:search = '' OR login LIKE :search) AND tu.id > 0
|
|
ORDER BY $sort");
|
|
$sth->execute([":search" => $user_search ? "%$user_search%" : ""]);
|
|
|
|
print "<p><table width='100%' cellspacing='0' class='prefUserList' id='prefUserList'>";
|
|
|
|
print "<tr class='title'>
|
|
<td align='center' width='5%'> </td>
|
|
<td width='20%'><a href='#' onclick=\"Users.reload('login')\">".__('Login')."</a></td>
|
|
<td width='20%'><a href='#' onclick=\"Users.reload('access_level')\">".__('Access Level')."</a></td>
|
|
<td width='10%'><a href='#' onclick=\"Users.reload('num_feeds')\">".__('Subscribed feeds')."</a></td>
|
|
<td width='20%'><a href='#' onclick=\"Users.reload('created')\">".__('Registered')."</a></td>
|
|
<td width='20%'><a href='#' onclick=\"Users.reload('last_login')\">".__('Last login')."</a></td></tr>";
|
|
|
|
$lnum = 0;
|
|
|
|
while ($line = $sth->fetch()) {
|
|
|
|
$uid = $line["id"];
|
|
|
|
print "<tr data-row-id='$uid' onclick='Users.edit($uid)'>";
|
|
|
|
$line["login"] = htmlspecialchars($line["login"]);
|
|
$line["created"] = make_local_datetime($line["created"], false);
|
|
$line["last_login"] = make_local_datetime($line["last_login"], false);
|
|
|
|
print "<td align='center'><input onclick='Tables.onRowChecked(this); event.stopPropagation();'
|
|
dojoType='dijit.form.CheckBox' type='checkbox'></td>";
|
|
|
|
print "<td title='".__('Click to edit')."'><i class='material-icons'>person</i> " . $line["login"] . "</td>";
|
|
|
|
print "<td>" . $access_level_names[$line["access_level"]] . "</td>";
|
|
print "<td>" . $line["num_feeds"] . "</td>";
|
|
print "<td>" . $line["created"] . "</td>";
|
|
print "<td>" . $line["last_login"] . "</td>";
|
|
|
|
print "</tr>";
|
|
|
|
++$lnum;
|
|
}
|
|
|
|
print "</table>";
|
|
|
|
if ($lnum == 0) {
|
|
if (!$user_search) {
|
|
print_warning(__('No users defined.'));
|
|
} else {
|
|
print_warning(__('No matching users found.'));
|
|
}
|
|
}
|
|
|
|
print "</div>"; #pane
|
|
|
|
PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB,
|
|
"hook_prefs_tab", "prefUsers");
|
|
|
|
print "</div>"; #container
|
|
|
|
}
|
|
}
|