Ejemplo n.º 1
0
function module_pref_prefs($link)
{
    global $access_level_names;
    $subop = $_REQUEST["subop"];
    $prefs_blacklist = array("HIDE_FEEDLIST", "SYNC_COUNTERS", "ENABLE_LABELS", "ENABLE_SEARCH_TOOLBAR", "HIDE_READ_FEEDS");
    $profile_blacklist = array("ALLOW_DUPLICATE_POSTS", "PURGE_OLD_DAYS", "PURGE_UNREAD_ARTICLES", "DIGEST_ENABLE", "DIGEST_CATCHUP", "BLACKLISTED_TAGS", "ENABLE_FEED_ICONS", "ENABLE_API_ACCESS", "UPDATE_POST_ON_CHECKSUM_CHANGE", "DEFAULT_UPDATE_INTERVAL", "MARK_UNREAD_ON_UPDATE");
    if (FORCE_ARTICLE_PURGE != 0) {
        array_push($prefs_blacklist, "PURGE_OLD_DAYS");
        array_push($prefs_blacklist, "PURGE_UNREAD_ARTICLES");
    }
    if ($subop == "change-password") {
        $old_pw = $_POST["OLD_PASSWORD"];
        $new_pw = $_POST["NEW_PASSWORD"];
        $con_pw = $_POST["CONFIRM_PASSWORD"];
        if ($old_pw == "") {
            print "ERROR: " . __("Old password cannot be blank.");
            return;
        }
        if ($new_pw == "") {
            print "ERROR: " . __("New password cannot be blank.");
            return;
        }
        if ($new_pw != $con_pw) {
            print "ERROR: " . __("Entered passwords do not match.");
            return;
        }
        $old_pw_hash1 = encrypt_password($_POST["OLD_PASSWORD"]);
        $old_pw_hash2 = encrypt_password($_POST["OLD_PASSWORD"], $_SESSION["name"]);
        $new_pw_hash = encrypt_password($_POST["NEW_PASSWORD"], $_SESSION["name"]);
        $active_uid = $_SESSION["uid"];
        if ($old_pw && $new_pw) {
            $login = db_escape_string($_SERVER['PHP_AUTH_USER']);
            $result = db_query($link, "SELECT id FROM ttrss_users WHERE \n\t\t\t\t\tid = '{$active_uid}' AND (pwd_hash = '{$old_pw_hash1}' OR \n\t\t\t\t\t\tpwd_hash = '{$old_pw_hash2}')");
            if (db_num_rows($result) == 1) {
                db_query($link, "UPDATE ttrss_users SET pwd_hash = '{$new_pw_hash}' \n\t\t\t\t\t\tWHERE id = '{$active_uid}'");
                $_SESSION["pwd_hash"] = $new_pw_hash;
                print __("Password has been changed.");
            } else {
                print "ERROR: " . __('Old password is incorrect.');
            }
        }
        return;
    } else {
        if ($subop == "save-config") {
            #			$_SESSION["prefs_op_result"] = "save-config";
            $_SESSION["prefs_cache"] = false;
            //			print_r($_POST);
            $orig_theme = get_pref($link, "_THEME_ID");
            foreach (array_keys($_POST) as $pref_name) {
                $pref_name = db_escape_string($pref_name);
                $value = db_escape_string($_POST[$pref_name]);
                set_pref($link, $pref_name, $value);
            }
            if ($orig_theme != get_pref($link, "_THEME_ID")) {
                print "PREFS_THEME_CHANGED";
            } else {
                print __("The configuration was saved.");
            }
            return;
        } else {
            if ($subop == "getHelp") {
                $pref_name = db_escape_string($_REQUEST["pn"]);
                $result = db_query($link, "SELECT help_text FROM ttrss_prefs\n\t\t\t\tWHERE pref_name = '{$pref_name}'");
                if (db_num_rows($result) > 0) {
                    $help_text = db_fetch_result($result, 0, "help_text");
                    print $help_text;
                } else {
                    printf(__("Unknown option: %s"), $pref_name);
                }
            } else {
                if ($subop == "change-email") {
                    $email = db_escape_string($_POST["email"]);
                    $active_uid = $_SESSION["uid"];
                    db_query($link, "UPDATE ttrss_users SET email = '{$email}' \n\t\t\t\tWHERE id = '{$active_uid}'");
                    print __("E-mail has been changed.");
                    return;
                } else {
                    if ($subop == "reset-config") {
                        $_SESSION["prefs_op_result"] = "reset-to-defaults";
                        if ($_SESSION["profile"]) {
                            $profile_qpart = "profile = '" . $_SESSION["profile"] . "'";
                        } else {
                            $profile_qpart = "profile IS NULL";
                        }
                        db_query($link, "DELETE FROM ttrss_user_prefs \n\t\t\t\tWHERE {$profile_qpart} AND owner_uid = " . $_SESSION["uid"]);
                        initialize_user_prefs($link, $_SESSION["uid"], $_SESSION["profile"]);
                        print "PREFS_THEME_CHANGED";
                        //			print __("The configuration was reset to defaults.");
                        return;
                    } else {
                        set_pref($link, "_PREFS_ACTIVE_TAB", "genConfig");
                        if ($_SESSION["profile"]) {
                            print_notice("Some preferences are only available in default profile.");
                        }
                        if (!SINGLE_USER_MODE) {
                            $result = db_query($link, "SELECT id FROM ttrss_users\n\t\t\t\t\tWHERE id = " . $_SESSION["uid"] . " AND pwd_hash \n\t\t\t\t\t= 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'");
                            if (db_num_rows($result) != 0) {
                                print format_warning(__("Your password is at default value, \n\t\t\t\t\t\tplease change it."), "default_pass_warning");
                            }
                            /*				if ($_SESSION["pwd_change_result"] == "failed") {
                            					print format_warning("Could not change the password.");
                            				}
                            
                            				if ($_SESSION["pwd_change_result"] == "ok") {
                            					print format_notice("Password was changed.");
                            				}
                            
                            				$_SESSION["pwd_change_result"] = ""; */
                            /*				if ($_SESSION["prefs_op_result"] == "reset-to-defaults") {
                            					print format_notice(__("The configuration was reset to defaults."));
                            } */
                            #				if ($_SESSION["prefs_op_result"] == "save-config") {
                            #					print format_notice(__("The configuration was saved."));
                            #				}
                            $_SESSION["prefs_op_result"] = "";
                            print "<form onsubmit='return false' id='change_email_form'>";
                            print "<table width=\"100%\" class=\"prefPrefsList\">";
                            print "<tr><td colspan='3'><h3>" . __("Personal data") . "</h3></tr></td>";
                            $result = db_query($link, "SELECT email,access_level FROM ttrss_users\n\t\t\t\t\tWHERE id = " . $_SESSION["uid"]);
                            $email = db_fetch_result($result, 0, "email");
                            print "<tr><td width=\"40%\">" . __('E-mail') . "</td>";
                            print "<td class=\"prefValue\"><input class=\"editbox\" name=\"email\" \n\t\t\t\t\tonfocus=\"javascript:disableHotkeys();\" \n\t\t\t\t\tonblur=\"javascript:enableHotkeys();\"\n\t\t\t\t\tonkeypress=\"return filterCR(event, changeUserEmail)\"\n\t\t\t\t\tvalue=\"{$email}\"></td></tr>";
                            if (!SINGLE_USER_MODE) {
                                $access_level = db_fetch_result($result, 0, "access_level");
                                print "<tr><td width=\"40%\">" . __('Access level') . "</td>";
                                print "<td>" . $access_level_names[$access_level] . "</td></tr>";
                            }
                            print "</table>";
                            print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">";
                            print "<input type=\"hidden\" name=\"subop\" value=\"change-email\">";
                            print "</form>";
                            print "<p><button onclick=\"return changeUserEmail()\">" . __("Change e-mail") . "</button>";
                            print "<form onsubmit=\"return false\" \n\t\t\t\t\tname=\"change_pass_form\" id=\"change_pass_form\">";
                            print "<table width=\"100%\" class=\"prefPrefsList\">";
                            print "<tr><td colspan='3'><h3>" . __("Authentication") . "</h3></tr></td>";
                            print "<tr><td width=\"40%\">" . __("Old password") . "</td>";
                            print "<td class=\"prefValue\"><input class=\"editbox\" type=\"password\"\n\t\t\t\t\tonfocus=\"javascript:disableHotkeys();\" \n\t\t\t\t\tonblur=\"javascript:enableHotkeys();\"\n\t\t\t\t\tonkeypress=\"return filterCR(event, changeUserPassword)\"\n\t\t\t\t\tname=\"OLD_PASSWORD\"></td></tr>";
                            print "<tr><td width=\"40%\">" . __("New password") . "</td>";
                            print "<td class=\"prefValue\"><input class=\"editbox\" type=\"password\"\n\t\t\t\t\tonfocus=\"javascript:disableHotkeys();\" \n\t\t\t\t\tonblur=\"javascript:enableHotkeys();\"\n\t\t\t\t\tonkeypress=\"return filterCR(event, changeUserPassword)\"\n\t\t\t\t\tname=\"NEW_PASSWORD\"></td></tr>";
                            print "<tr><td width=\"40%\">" . __("Confirm password") . "</td>";
                            print "<td class=\"prefValue\"><input class=\"editbox\" type=\"password\"\n\t\t\t\t\tonfocus=\"javascript:disableHotkeys();\" \n\t\t\t\t\tonblur=\"javascript:enableHotkeys();\"\n\t\t\t\t\tonkeypress=\"return filterCR(event, changeUserPassword)\"\n\t\t\t\t\tname=\"CONFIRM_PASSWORD\"></td></tr>";
                            print "</table>";
                            print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">";
                            print "<input type=\"hidden\" name=\"subop\" value=\"change-password\">";
                            print "</form>";
                            print "<p><button\tonclick=\"return changeUserPassword()\">" . __("Change password") . "</button>";
                        }
                        if ($_SESSION["profile"]) {
                            initialize_user_prefs($link, $_SESSION["uid"], $_SESSION["profile"]);
                            $profile_qpart = "profile = '" . $_SESSION["profile"] . "'";
                        } else {
                            initialize_user_prefs($link, $_SESSION["uid"]);
                            $profile_qpart = "profile IS NULL";
                        }
                        $result = db_query($link, "SELECT \n\t\t\t\tttrss_user_prefs.pref_name,short_desc,help_text,value,type_name,\n\t\t\t\tsection_name,def_value,section_id\n\t\t\t\tFROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs\n\t\t\t\tWHERE type_id = ttrss_prefs_types.id AND \n\t\t\t\t\t{$profile_qpart} AND\n\t\t\t\t\tsection_id = ttrss_prefs_sections.id AND\n\t\t\t\t\tttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND\n\t\t\t\t\tshort_desc != '' AND\n\t\t\t\t\towner_uid = " . $_SESSION["uid"] . "\n\t\t\t\tORDER BY section_id,short_desc");
                        print "<form onsubmit='return false' action=\"backend.php\" \n\t\t\t\tmethod=\"POST\" id=\"pref_prefs_form\">";
                        $lnum = 0;
                        $active_section = "";
                        while ($line = db_fetch_assoc($result)) {
                            if (in_array($line["pref_name"], $prefs_blacklist)) {
                                continue;
                            }
                            if ($_SESSION["profile"] && in_array($line["pref_name"], $profile_blacklist)) {
                                continue;
                            }
                            if ($active_section != $line["section_name"]) {
                                if ($active_section != "") {
                                    print "</table>";
                                }
                                print "<p><table width=\"100%\" class=\"prefPrefsList\">";
                                $active_section = $line["section_name"];
                                print "<tr><td colspan=\"3\"><h3>" . __($active_section) . "</h3></td></tr>";
                                if ($line["section_id"] == 2) {
                                    print "<tr><td width=\"40%\">" . __("Select theme") . "</td>";
                                    $user_theme = get_pref($link, "_THEME_ID");
                                    $themes = get_all_themes();
                                    print "<td><select name=\"_THEME_ID\">";
                                    print "<option value=''>" . __('Default') . "</option>";
                                    print "<option disabled>--------</option>";
                                    foreach ($themes as $t) {
                                        $base = $t['base'];
                                        $name = $t['name'];
                                        if ($base == $user_theme) {
                                            $selected = "selected=\"1\"";
                                        } else {
                                            $selected = "";
                                        }
                                        print "<option {$selected} value='{$base}'>{$name}</option>";
                                    }
                                    print "</select></td></tr>";
                                }
                                //					print "<tr class=\"title\">
                                //						<td width=\"25%\">Option</td><td>Value</td></tr>";
                                $lnum = 0;
                            }
                            //				$class = ($lnum % 2) ? "even" : "odd";
                            print "<tr>";
                            $type_name = $line["type_name"];
                            $pref_name = $line["pref_name"];
                            $value = $line["value"];
                            $def_value = $line["def_value"];
                            $help_text = $line["help_text"];
                            print "<td width=\"40%\" class=\"prefName\" id=\"{$pref_name}\">" . __($line["short_desc"]);
                            if ($help_text) {
                                print "<div class=\"prefHelp\">" . __($help_text) . "</div>";
                            }
                            print "</td>";
                            print "<td class=\"prefValue\">";
                            if ($pref_name == "DEFAULT_UPDATE_INTERVAL") {
                                global $update_intervals_nodefault;
                                print_select_hash($pref_name, $value, $update_intervals_nodefault);
                            } else {
                                if ($type_name == "bool") {
                                    //					print_select($pref_name, $value, array("true", "false"));
                                    if ($value == "true") {
                                        $value = __("Yes");
                                    } else {
                                        $value = __("No");
                                    }
                                    print_radio($pref_name, $value, __("Yes"), array(__("Yes"), __("No")));
                                } else {
                                    print "<input class=\"editbox\"\n\t\t\t\t\t\tonfocus=\"javascript:disableHotkeys();\" \n\t\t\t\t\t\tonblur=\"javascript:enableHotkeys();\"  \n\t\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\">";
                                }
                            }
                            print "</td>";
                            print "</tr>";
                            $lnum++;
                        }
                        print "</table>";
                        print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">";
                        print "<p><button onclick=\"return validatePrefsSave()\">" . __('Save configuration') . "</button> ";
                        print "<button onclick=\"return editProfiles()\">" . __('Manage profiles') . "</button> ";
                        print "<button onclick=\"return validatePrefsReset()\">" . __('Reset to defaults') . "</button></p>";
                        print "</form>";
                    }
                }
            }
        }
    }
}
Ejemplo n.º 2
0
function print_warning($msg)
{
    return print format_warning($msg);
}
Ejemplo n.º 3
0
 function add()
 {
     $login = $this->dbh->escape_string(trim($_REQUEST["login"]));
     $tmp_user_pwd = make_password(8);
     $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
     $pwd_hash = encrypt_password($tmp_user_pwd, $salt, true);
     $result = $this->dbh->query("SELECT id FROM ttrss_users WHERE\n\t\t\t\tlogin = '******'");
     if ($this->dbh->num_rows($result) == 0) {
         $this->dbh->query("INSERT INTO ttrss_users\n\t\t\t\t\t(login,pwd_hash,access_level,last_login,created, salt)\n\t\t\t\t\tVALUES ('{$login}', '{$pwd_hash}', 0, null, NOW(), '{$salt}')");
         $result = $this->dbh->query("SELECT id FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******' AND pwd_hash = '{$pwd_hash}'");
         if ($this->dbh->num_rows($result) == 1) {
             $new_uid = $this->dbh->fetch_result($result, 0, "id");
             print format_notice(T_sprintf("Added user <b>%s</b> with password <b>%s</b>", $login, $tmp_user_pwd));
             initialize_user($new_uid);
         } else {
             print format_warning(T_sprintf("Could not create user <b>%s</b>", $login));
         }
     } else {
         print format_warning(T_sprintf("User <b>%s</b> already exists.", $login));
     }
 }
 function index()
 {
     global $access_level_names;
     $prefs_blacklist = array("STRIP_UNSAFE_TAGS", "REVERSE_HEADLINES", "SORT_HEADLINES_BY_FEED_DATE", "DEFAULT_ARTICLE_LIMIT", "FEEDS_SORT_BY_UNREAD");
     /* "FEEDS_SORT_BY_UNREAD", "HIDE_READ_FEEDS", "REVERSE_HEADLINES" */
     $profile_blacklist = array("ALLOW_DUPLICATE_POSTS", "PURGE_OLD_DAYS", "PURGE_UNREAD_ARTICLES", "DIGEST_ENABLE", "DIGEST_CATCHUP", "BLACKLISTED_TAGS", "ENABLE_API_ACCESS", "UPDATE_POST_ON_CHECKSUM_CHANGE", "DEFAULT_UPDATE_INTERVAL", "USER_TIMEZONE", "SORT_HEADLINES_BY_FEED_DATE", "SSL_CERT_SERIAL", "DIGEST_PREFERRED_TIME");
     $_SESSION["prefs_op_result"] = "";
     print "<div dojoType=\"dijit.layout.AccordionContainer\" region=\"center\">";
     print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"" . __('Personal data / Authentication') . "\">";
     print "<form dojoType=\"dijit.form.Form\" id=\"changeUserdataForm\">";
     print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">\n\t\tevt.preventDefault();\n\t\tif (this.validate()) {\n\t\t\tnotify_progress('Saving data...', true);\n\n\t\t\tnew Ajax.Request('backend.php', {\n\t\t\t\tparameters: dojo.objectToQuery(this.getValues()),\n\t\t\t\tonComplete: function(transport) {\n\t\t\t\t\tnotify_callback2(transport);\n\t\t\t} });\n\n\t\t}\n\t\t</script>";
     print "<table width=\"100%\" class=\"prefPrefsList\">";
     print "<h2>" . __("Personal data") . "</h2>";
     $result = $this->dbh->query("SELECT email,full_name,otp_enabled,\n\t\t\taccess_level FROM ttrss_users\n\t\t\tWHERE id = " . $_SESSION["uid"]);
     $email = htmlspecialchars($this->dbh->fetch_result($result, 0, "email"));
     $full_name = htmlspecialchars($this->dbh->fetch_result($result, 0, "full_name"));
     $otp_enabled = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "otp_enabled"));
     print "<tr><td width=\"40%\">" . __('Full name') . "</td>";
     print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"full_name\" required=\"1\"\n\t\t\tvalue=\"{$full_name}\"></td></tr>";
     print "<tr><td width=\"40%\">" . __('E-mail') . "</td>";
     print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"email\" required=\"1\" value=\"{$email}\"></td></tr>";
     if (!SINGLE_USER_MODE && !$_SESSION["hide_hello"]) {
         $access_level = $this->dbh->fetch_result($result, 0, "access_level");
         print "<tr><td width=\"40%\">" . __('Access level') . "</td>";
         print "<td>" . $access_level_names[$access_level] . "</td></tr>";
     }
     print "</table>";
     print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
     print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"changeemail\">";
     print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">" . __("Save data") . "</button>";
     print "</form>";
     if ($_SESSION["auth_module"]) {
         $authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
     } else {
         $authenticator = false;
     }
     if ($authenticator && method_exists($authenticator, "change_password")) {
         print "<h2>" . __("Password") . "</h2>";
         $result = $this->dbh->query("SELECT id FROM ttrss_users\n\t\t\t\tWHERE id = " . $_SESSION["uid"] . " AND pwd_hash\n\t\t\t\t= 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'");
         if ($this->dbh->num_rows($result) != 0) {
             print format_warning(__("Your password is at default value, please change it."), "default_pass_warning");
         }
         print "<form dojoType=\"dijit.form.Form\">";
         print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">\n\t\t\tevt.preventDefault();\n\t\t\tif (this.validate()) {\n\t\t\t\tnotify_progress('Changing password...', true);\n\n\t\t\t\tnew Ajax.Request('backend.php', {\n\t\t\t\t\tparameters: dojo.objectToQuery(this.getValues()),\n\t\t\t\t\tonComplete: function(transport) {\n\t\t\t\t\t\tnotify('');\n\t\t\t\t\t\tif (transport.responseText.indexOf('ERROR: ') == 0) {\n\t\t\t\t\t\t\tnotify_error(transport.responseText.replace('ERROR: ', ''));\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\tnotify_info(transport.responseText);\n\t\t\t\t\t\t\tvar warn = \$('default_pass_warning');\n\t\t\t\t\t\t\tif (warn) Element.hide(warn);\n\t\t\t\t\t\t}\n\t\t\t\t}});\n\t\t\t\tthis.reset();\n\t\t\t}\n\t\t\t</script>";
         if ($otp_enabled) {
             print_notice(__("Changing your current password will disable OTP."));
         }
         print "<table width=\"100%\" class=\"prefPrefsList\">";
         print "<tr><td width=\"40%\">" . __("Old password") . "</td>";
         print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"old_password\"></td></tr>";
         print "<tr><td width=\"40%\">" . __("New password") . "</td>";
         print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\"\n\t\t\t\tname=\"new_password\"></td></tr>";
         print "<tr><td width=\"40%\">" . __("Confirm password") . "</td>";
         print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"confirm_password\"></td></tr>";
         print "</table>";
         print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
         print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"changepassword\">";
         print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">" . __("Change password") . "</button>";
         print "</form>";
         if ($_SESSION["auth_module"] == "auth_internal") {
             print "<h2>" . __("One time passwords / Authenticator") . "</h2>";
             if ($otp_enabled) {
                 print_notice(__("One time passwords are currently enabled. Enter your current password below to disable."));
                 print "<form dojoType=\"dijit.form.Form\">";
                 print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">\n\t\t\t\tevt.preventDefault();\n\t\t\t\tif (this.validate()) {\n\t\t\t\t\tnotify_progress('Disabling OTP', true);\n\n\t\t\t\t\tnew Ajax.Request('backend.php', {\n\t\t\t\t\t\tparameters: dojo.objectToQuery(this.getValues()),\n\t\t\t\t\t\tonComplete: function(transport) {\n\t\t\t\t\t\t\tnotify('');\n\t\t\t\t\t\t\tif (transport.responseText.indexOf('ERROR: ') == 0) {\n\t\t\t\t\t\t\t\tnotify_error(transport.responseText.replace('ERROR: ', ''));\n\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\twindow.location.reload();\n\t\t\t\t\t\t\t}\n\t\t\t\t\t}});\n\t\t\t\t\tthis.reset();\n\t\t\t\t}\n\t\t\t\t</script>";
                 print "<table width=\"100%\" class=\"prefPrefsList\">";
                 print "<tr><td width=\"40%\">" . __("Enter your password") . "</td>";
                 print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\"\n\t\t\t\t\tname=\"password\"></td></tr>";
                 print "</table>";
                 print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
                 print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"otpdisable\">";
                 print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">" . __("Disable OTP") . "</button>";
                 print "</form>";
             } else {
                 if (function_exists("imagecreatefromstring")) {
                     print_warning(__("You will need a compatible Authenticator to use this. Changing your password would automatically disable OTP."));
                     print "<p>" . __("Scan the following code by the Authenticator application:") . "</p>";
                     $csrf_token = $_SESSION["csrf_token"];
                     print "<img src=\"backend.php?op=pref-prefs&method=otpqrcode&csrf_token={$csrf_token}\">";
                     print "<form dojoType=\"dijit.form.Form\" id=\"changeOtpForm\">";
                     print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
                     print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"otpenable\">";
                     print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">\n\t\t\t\t\tevt.preventDefault();\n\t\t\t\t\tif (this.validate()) {\n\t\t\t\t\t\tnotify_progress('Saving data...', true);\n\n\t\t\t\t\t\tnew Ajax.Request('backend.php', {\n\t\t\t\t\t\t\tparameters: dojo.objectToQuery(this.getValues()),\n\t\t\t\t\t\t\tonComplete: function(transport) {\n\t\t\t\t\t\t\t\tnotify('');\n\t\t\t\t\t\t\t\tif (transport.responseText.indexOf('ERROR:') == 0) {\n\t\t\t\t\t\t\t\t\tnotify_error(transport.responseText.replace('ERROR:', ''));\n\t\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t\twindow.location.reload();\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t} });\n\n\t\t\t\t\t}\n\t\t\t\t\t</script>";
                     print "<table width=\"100%\" class=\"prefPrefsList\">";
                     print "<tr><td width=\"40%\">" . __("Enter your password") . "</td>";
                     print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\"\n\t\t\t\t\t\tname=\"password\"></td></tr>";
                     print "<tr><td width=\"40%\">" . __("Enter the generated one time password") . "</td>";
                     print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" autocomplete=\"off\"\n\t\t\t\t\t\trequired=\"1\"\n\t\t\t\t\t\tname=\"otp\"></td></tr>";
                     print "<tr><td colspan=\"2\">";
                     print "</td></tr><tr><td colspan=\"2\">";
                     print "</td></tr>";
                     print "</table>";
                     print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">" . __("Enable OTP") . "</button>";
                     print "</form>";
                 } else {
                     print_notice(__("PHP GD functions are required for OTP support."));
                 }
             }
         }
     }
     PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "hook_prefs_tab_section", "prefPrefsAuth");
     print "</div>";
     #pane
     print "<div dojoType=\"dijit.layout.AccordionPane\" selected=\"true\" title=\"" . __('Preferences') . "\">";
     print "<form dojoType=\"dijit.form.Form\" id=\"changeSettingsForm\">";
     print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt, quit\">\n\t\tif (evt) evt.preventDefault();\n\t\tif (this.validate()) {\n\t\t\tconsole.log(dojo.objectToQuery(this.getValues()));\n\n\t\t\tnew Ajax.Request('backend.php', {\n\t\t\t\tparameters: dojo.objectToQuery(this.getValues()),\n\t\t\t\tonComplete: function(transport) {\n\t\t\t\t\tvar msg = transport.responseText;\n\t\t\t\t\tif (quit) {\n\t\t\t\t\t\tgotoMain();\n\t\t\t\t\t} else {\n\t\t\t\t\t\tif (msg == 'PREFS_NEED_RELOAD') {\n\t\t\t\t\t\t\twindow.location.reload();\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\tnotify_info(msg);\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t} });\n\t\t}\n\t\t</script>";
     print '<div dojoType="dijit.layout.BorderContainer" gutters="false">';
     print '<div dojoType="dijit.layout.ContentPane" region="center" style="overflow-y : auto">';
     if ($_SESSION["profile"]) {
         print_notice(__("Some preferences are only available in default profile."));
     }
     if ($_SESSION["profile"]) {
         initialize_user_prefs($_SESSION["uid"], $_SESSION["profile"]);
         $profile_qpart = "profile = '" . $_SESSION["profile"] . "'";
     } else {
         initialize_user_prefs($_SESSION["uid"]);
         $profile_qpart = "profile IS NULL";
     }
     /* if ($_SESSION["prefs_show_advanced"])
     			$access_query = "true";
     		else
     			$access_query = "(access_level = 0 AND section_id != 3)"; */
     $access_query = 'true';
     $result = $this->dbh->query("SELECT DISTINCT\n\t\t\tttrss_user_prefs.pref_name,value,type_name,\n\t\t\tttrss_prefs_sections.order_id,\n\t\t\tdef_value,section_id\n\t\t\tFROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs\n\t\t\tWHERE type_id = ttrss_prefs_types.id AND\n\t\t\t\t{$profile_qpart} AND\n\t\t\t\tsection_id = ttrss_prefs_sections.id AND\n\t\t\t\tttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND\n\t\t\t\t{$access_query} AND\n\t\t\t\towner_uid = " . $_SESSION["uid"] . "\n\t\t\tORDER BY ttrss_prefs_sections.order_id,pref_name");
     $lnum = 0;
     $active_section = "";
     $listed_boolean_prefs = array();
     while ($line = $this->dbh->fetch_assoc($result)) {
         if (in_array($line["pref_name"], $prefs_blacklist)) {
             continue;
         }
         $type_name = $line["type_name"];
         $pref_name = $line["pref_name"];
         $section_name = $this->getSectionName($line["section_id"]);
         $value = $line["value"];
         $short_desc = $this->getShortDesc($pref_name);
         $help_text = $this->getHelpText($pref_name);
         if (!$short_desc) {
             continue;
         }
         if ($_SESSION["profile"] && in_array($line["pref_name"], $profile_blacklist)) {
             continue;
         }
         if ($active_section != $line["section_id"]) {
             if ($active_section != "") {
                 print "</table>";
             }
             print "<table width=\"100%\" class=\"prefPrefsList\">";
             $active_section = $line["section_id"];
             print "<tr><td colspan=\"3\"><h3>" . $section_name . "</h3></td></tr>";
             $lnum = 0;
         }
         print "<tr>";
         print "<td width=\"40%\" class=\"prefName\" id=\"{$pref_name}\">";
         print "<label for='CB_{$pref_name}'>";
         print $short_desc;
         print "</label>";
         if ($help_text) {
             print "<div class=\"prefHelp\">" . __($help_text) . "</div>";
         }
         print "</td>";
         print "<td class=\"prefValue\">";
         if ($pref_name == "USER_LANGUAGE") {
             print_select_hash($pref_name, $value, get_translations(), "style='width : 220px; margin : 0px' dojoType='dijit.form.Select'");
         } else {
             if ($pref_name == "USER_TIMEZONE") {
                 $timezones = explode("\n", file_get_contents("lib/timezones.txt"));
                 print_select($pref_name, $value, $timezones, 'dojoType="dijit.form.FilteringSelect"');
             } else {
                 if ($pref_name == "USER_STYLESHEET") {
                     print "<button dojoType=\"dijit.form.Button\"\n\t\t\t\t\tonclick=\"customizeCSS()\">" . __('Customize') . "</button>";
                 } else {
                     if ($pref_name == "USER_CSS_THEME") {
                         $themes = array_map("basename", glob("themes/*.css"));
                         print_select($pref_name, $value, $themes, 'dojoType="dijit.form.Select"');
                     } else {
                         if ($pref_name == "DEFAULT_UPDATE_INTERVAL") {
                             global $update_intervals_nodefault;
                             print_select_hash($pref_name, $value, $update_intervals_nodefault, 'dojoType="dijit.form.Select"');
                         } else {
                             if ($type_name == "bool") {
                                 array_push($listed_boolean_prefs, $pref_name);
                                 $checked = $value == "true" ? "checked=\"checked\"" : "";
                                 if ($pref_name == "PURGE_UNREAD_ARTICLES" && FORCE_ARTICLE_PURGE != 0) {
                                     $disabled = "disabled=\"1\"";
                                     $checked = "checked=\"checked\"";
                                 } else {
                                     $disabled = "";
                                 }
                                 print "<input type='checkbox' name='{$pref_name}' {$checked} {$disabled}\n\t\t\t\t\tdojoType='dijit.form.CheckBox' id='CB_{$pref_name}' value='1'>";
                             } else {
                                 if (array_search($pref_name, array('FRESH_ARTICLE_MAX_AGE', 'PURGE_OLD_DAYS', 'LONG_DATE_FORMAT', 'SHORT_DATE_FORMAT')) !== false) {
                                     $regexp = $type_name == 'integer' ? 'regexp="^\\d*$"' : '';
                                     if ($pref_name == "PURGE_OLD_DAYS" && FORCE_ARTICLE_PURGE != 0) {
                                         $disabled = "disabled=\"1\"";
                                         $value = FORCE_ARTICLE_PURGE;
                                     } else {
                                         $disabled = "";
                                     }
                                     print "<input dojoType=\"dijit.form.ValidationTextBox\"\n\t\t\t\t\trequired=\"1\" {$regexp} {$disabled}\n\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\">";
                                 } else {
                                     if ($pref_name == "SSL_CERT_SERIAL") {
                                         print "<input dojoType=\"dijit.form.ValidationTextBox\"\n\t\t\t\t\tid=\"SSL_CERT_SERIAL\" readonly=\"1\"\n\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\">";
                                         $cert_serial = htmlspecialchars(get_ssl_certificate_id());
                                         $has_serial = $cert_serial ? "false" : "true";
                                         print " <button dojoType=\"dijit.form.Button\" disabled=\"{$has_serial}\"\n\t\t\t\t\tonclick=\"insertSSLserial('{$cert_serial}')\">" . __('Register') . "</button>";
                                         print " <button dojoType=\"dijit.form.Button\"\n\t\t\t\t\tonclick=\"insertSSLserial('')\">" . __('Clear') . "</button>";
                                     } else {
                                         if ($pref_name == 'DIGEST_PREFERRED_TIME') {
                                             print "<input dojoType=\"dijit.form.ValidationTextBox\"\n\t\t\t\t\tid=\"{$pref_name}\" regexp=\"[012]?\\d:\\d\\d\" placeHolder=\"12:00\"\n\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\"><div class=\"insensitive\">" . T_sprintf("Current server time: %s (UTC)", date("H:i")) . "</div>";
                                         } else {
                                             $regexp = $type_name == 'integer' ? 'regexp="^\\d*$"' : '';
                                             print "<input dojoType=\"dijit.form.ValidationTextBox\"\n\t\t\t\t\t{$regexp}\n\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\">";
                                         }
                                     }
                                 }
                             }
                         }
                     }
                 }
             }
         }
         print "</td>";
         print "</tr>";
         $lnum++;
     }
     print "</table>";
     $listed_boolean_prefs = htmlspecialchars(join(",", $listed_boolean_prefs));
     print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"boolean_prefs\" value=\"{$listed_boolean_prefs}\">";
     PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "hook_prefs_tab_section", "prefPrefsPrefsInside");
     print '</div>';
     # inside pane
     print '<div dojoType="dijit.layout.ContentPane" region="bottom">';
     print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
     print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"saveconfig\">";
     print "<div dojoType=\"dijit.form.ComboButton\" type=\"submit\">\n\t\t\t<span>" . __('Save configuration') . "</span>\n\t\t\t<div dojoType=\"dijit.DropDownMenu\">\n\t\t\t\t<div dojoType=\"dijit.MenuItem\"\n\t\t\t\t\tonclick=\"dijit.byId('changeSettingsForm').onSubmit(null, true)\">" . __("Save and exit preferences") . "</div>\n\t\t\t</div>\n\t\t\t</div>";
     print "<button dojoType=\"dijit.form.Button\" onclick=\"return editProfiles()\">" . __('Manage profiles') . "</button> ";
     print "<button dojoType=\"dijit.form.Button\" onclick=\"return validatePrefsReset()\">" . __('Reset to defaults') . "</button>";
     print "&nbsp;";
     /* $checked = $_SESSION["prefs_show_advanced"] ? "checked='1'" : "";
     
     		print "<input onclick='toggleAdvancedPrefs()'
     				id='prefs_show_advanced'
     				dojoType=\"dijit.form.CheckBox\"
     				$checked
     				type=\"checkbox\"></input>
     				<label for='prefs_show_advanced'>" .
     				__("Show additional preferences") . "</label>"; */
     PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "hook_prefs_tab_section", "prefPrefsPrefsOutside");
     print "</form>";
     print '</div>';
     # inner pane
     print '</div>';
     # border container
     print "</div>";
     #pane
     print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"" . __('Plugins') . "\">";
     print "<p>" . __("You will need to reload Tiny Tiny RSS for plugin changes to take effect.") . "</p>";
     print_notice(__("Download more plugins at tt-rss.org <a class=\"visibleLink\" target=\"_blank\" href=\"http://tt-rss.org/forum/viewforum.php?f=22\">forums</a> or <a target=\"_blank\" class=\"visibleLink\" href=\"http://tt-rss.org/wiki/Plugins\">wiki</a>."));
     print "<form dojoType=\"dijit.form.Form\" id=\"changePluginsForm\">";
     print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">\n\t\tevt.preventDefault();\n\t\tif (this.validate()) {\n\t\t\tnotify_progress('Saving data...', true);\n\n\t\t\tnew Ajax.Request('backend.php', {\n\t\t\t\tparameters: dojo.objectToQuery(this.getValues()),\n\t\t\t\tonComplete: function(transport) {\n\t\t\t\t\tnotify('');\n\t\t\t\t\tif (confirm(__('Selected plugins have been enabled. Reload?'))) {\n\t\t\t\t\t\twindow.location.reload();\n\t\t\t\t\t}\n\t\t\t} });\n\n\t\t}\n\t\t</script>";
     print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
     print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"setplugins\">";
     print "<table width='100%' class='prefPluginsList'>";
     print "<tr><td colspan='4'><h3>" . __("System plugins") . "</h3></td></tr>";
     print "<tr class=\"title\">\n\t\t\t\t<td width=\"5%\">&nbsp;</td>\n\t\t\t\t<td width='10%'>" . __('Plugin') . "</td>\n\t\t\t\t<td width=''>" . __('Description') . "</td>\n\t\t\t\t<td width='5%'>" . __('Version') . "</td>\n\t\t\t\t<td width='10%'>" . __('Author') . "</td></tr>";
     $system_enabled = array_map("trim", explode(",", PLUGINS));
     $user_enabled = array_map("trim", explode(",", get_pref("_ENABLED_PLUGINS")));
     $tmppluginhost = new PluginHost();
     $tmppluginhost->load_all($tmppluginhost::KIND_ALL, $_SESSION["uid"]);
     $tmppluginhost->load_data(true);
     foreach ($tmppluginhost->get_plugins() as $name => $plugin) {
         $about = $plugin->about();
         if ($about[3] && strpos($name, "example") === FALSE) {
             if (in_array($name, $system_enabled)) {
                 $checked = "checked='1'";
             } else {
                 $checked = "";
             }
             print "<tr>";
             print "<td align='center'><input disabled='1'\n\t\t\t\t\t\tdojoType=\"dijit.form.CheckBox\" {$checked}\n\t\t\t\t\t\ttype=\"checkbox\"></td>";
             $plugin_icon = $checked ? "plugin.png" : "plugin_disabled.png";
             print "<td><label><img src='images/{$plugin_icon}' alt=''> {$name}</label></td>";
             print "<td>" . htmlspecialchars($about[1]);
             if (@$about[4]) {
                 print " &mdash; <a target=\"_blank\" class=\"visibleLink\"\n\t\t\t\t\t\thref=\"" . htmlspecialchars($about[4]) . "\">" . __("more info") . "</a>";
             }
             print "</td>";
             print "<td>" . htmlspecialchars(sprintf("%.2f", $about[0])) . "</td>";
             print "<td>" . htmlspecialchars($about[2]) . "</td>";
             if (count($tmppluginhost->get_all($plugin)) > 0) {
                 if (in_array($name, $system_enabled)) {
                     print "<td><a href='#' onclick=\"clearPluginData('{$name}')\"\n\t\t\t\t\t\t\tclass='visibleLink'>" . __("Clear data") . "</a></td>";
                 }
             }
             print "</tr>";
         }
     }
     print "<tr><td colspan='4'><h3>" . __("User plugins") . "</h3></td></tr>";
     print "<tr class=\"title\">\n\t\t\t\t<td width=\"5%\">&nbsp;</td>\n\t\t\t\t<td width='10%'>" . __('Plugin') . "</td>\n\t\t\t\t<td width=''>" . __('Description') . "</td>\n\t\t\t\t<td width='5%'>" . __('Version') . "</td>\n\t\t\t\t<td width='10%'>" . __('Author') . "</td></tr>";
     foreach ($tmppluginhost->get_plugins() as $name => $plugin) {
         $about = $plugin->about();
         if (!$about[3] && strpos($name, "example") === FALSE) {
             if (in_array($name, $system_enabled)) {
                 $checked = "checked='1'";
                 $disabled = "disabled='1'";
                 $rowclass = '';
             } else {
                 if (in_array($name, $user_enabled)) {
                     $checked = "checked='1'";
                     $disabled = "";
                     $rowclass = "Selected";
                 } else {
                     $checked = "";
                     $disabled = "";
                     $rowclass = '';
                 }
             }
             print "<tr class='{$rowclass}'>";
             $plugin_icon = $checked ? "plugin.png" : "plugin_disabled.png";
             print "<td align='center'><input id='FPCHK-{$name}' name='plugins[]' value='{$name}' onclick='toggleSelectRow2(this);'\n\t\t\t\t\tdojoType=\"dijit.form.CheckBox\" {$checked} {$disabled}\n\t\t\t\t\ttype=\"checkbox\"></td>";
             print "<td><label for='FPCHK-{$name}'><img src='images/{$plugin_icon}' alt=''> {$name}</label></td>";
             print "<td><label for='FPCHK-{$name}'>" . htmlspecialchars($about[1]) . "</label>";
             if (@$about[4]) {
                 print " &mdash; <a target=\"_blank\" class=\"visibleLink\"\n\t\t\t\t\t\thref=\"" . htmlspecialchars($about[4]) . "\">" . __("more info") . "</a>";
             }
             print "</td>";
             print "<td>" . htmlspecialchars(sprintf("%.2f", $about[0])) . "</td>";
             print "<td>" . htmlspecialchars($about[2]) . "</td>";
             if (count($tmppluginhost->get_all($plugin)) > 0) {
                 if (in_array($name, $system_enabled) || in_array($name, $user_enabled)) {
                     print "<td><a href='#' onclick=\"clearPluginData('{$name}')\" class='visibleLink'>" . __("Clear data") . "</a></td>";
                 }
             }
             print "</tr>";
         }
     }
     print "</table>";
     print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">" . __("Enable selected plugins") . "</button></p>";
     print "</form>";
     print "</div>";
     #pane
     PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB, "hook_prefs_tab", "prefPrefs");
     print "</div>";
     #container
 }
Ejemplo n.º 5
0
 function index()
 {
     global $access_level_names;
     $prefs_blacklist = array("HIDE_READ_FEEDS", "FEEDS_SORT_BY_UNREAD", "STRIP_UNSAFE_TAGS");
     $profile_blacklist = array("ALLOW_DUPLICATE_POSTS", "PURGE_OLD_DAYS", "PURGE_UNREAD_ARTICLES", "DIGEST_ENABLE", "DIGEST_CATCHUP", "BLACKLISTED_TAGS", "ENABLE_API_ACCESS", "UPDATE_POST_ON_CHECKSUM_CHANGE", "DEFAULT_UPDATE_INTERVAL", "USER_TIMEZONE", "SORT_HEADLINES_BY_FEED_DATE", "SSL_CERT_SERIAL", "DIGEST_PREFERRED_TIME");
     $_SESSION["prefs_op_result"] = "";
     print "<div dojoType=\"dijit.layout.AccordionContainer\" region=\"center\">";
     print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"" . __('Personal data / Authentication') . "\">";
     print "<form dojoType=\"dijit.form.Form\" id=\"changeUserdataForm\">";
     print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">\n\t\tevt.preventDefault();\n\t\tif (this.validate()) {\n\t\t\tnotify_progress('Saving data...', true);\n\n\t\t\tnew Ajax.Request('backend.php', {\n\t\t\t\tparameters: dojo.objectToQuery(this.getValues()),\n\t\t\t\tonComplete: function(transport) {\n\t\t\t\t\tnotify_callback2(transport);\n\t\t\t} });\n\n\t\t}\n\t\t</script>";
     print "<table width=\"100%\" class=\"prefPrefsList\">";
     $result = db_query($this->link, "SELECT email,full_name,\n\t\t\taccess_level FROM ttrss_users\n\t\t\tWHERE id = " . $_SESSION["uid"]);
     $email = htmlspecialchars(db_fetch_result($result, 0, "email"));
     $full_name = htmlspecialchars(db_fetch_result($result, 0, "full_name"));
     print "<tr><td width=\"40%\">" . __('Full name') . "</td>";
     print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"full_name\" required=\"1\"\n\t\t\tvalue=\"{$full_name}\"></td></tr>";
     print "<tr><td width=\"40%\">" . __('E-mail') . "</td>";
     print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"email\" required=\"1\" value=\"{$email}\"></td></tr>";
     if (!SINGLE_USER_MODE && !(ALLOW_REMOTE_USER_AUTH && AUTO_LOGIN)) {
         $access_level = db_fetch_result($result, 0, "access_level");
         print "<tr><td width=\"40%\">" . __('Access level') . "</td>";
         print "<td>" . $access_level_names[$access_level] . "</td></tr>";
     }
     print "</table>";
     print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
     print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"changeemail\">";
     print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">" . __("Save data") . "</button>";
     print "</form>";
     if (!SINGLE_USER_MODE && !(ALLOW_REMOTE_USER_AUTH && AUTO_LOGIN)) {
         $result = db_query($this->link, "SELECT id FROM ttrss_users\n\t\t\t\tWHERE id = " . $_SESSION["uid"] . " AND pwd_hash\n\t\t\t\t= 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'");
         if (db_num_rows($result) != 0) {
             print format_warning(__("Your password is at default value, please change it."), "default_pass_warning");
         }
         print "<form dojoType=\"dijit.form.Form\">";
         print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">\n\t\t\tevt.preventDefault();\n\t\t\tif (this.validate()) {\n\t\t\t\tnotify_progress('Changing password...', true);\n\n\t\t\t\tnew Ajax.Request('backend.php', {\n\t\t\t\t\tparameters: dojo.objectToQuery(this.getValues()),\n\t\t\t\t\tonComplete: function(transport) {\n\t\t\t\t\t\tnotify('');\n\t\t\t\t\t\tif (transport.responseText.indexOf('ERROR: ') == 0) {\n\t\t\t\t\t\t\tnotify_error(transport.responseText.replace('ERROR: ', ''));\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\tnotify_info(transport.responseText);\n\t\t\t\t\t\t\tvar warn = \$('default_pass_warning');\n\t\t\t\t\t\t\tif (warn) Element.hide(warn);\n\t\t\t\t\t\t}\n\t\t\t\t}});\n\t\t\t\tthis.reset();\n\t\t\t}\n\t\t\t</script>";
         print "<table width=\"100%\" class=\"prefPrefsList\">";
         print "<tr><td width=\"40%\">" . __("Old password") . "</td>";
         print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"old_password\"></td></tr>";
         print "<tr><td width=\"40%\">" . __("New password") . "</td>";
         print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\"\n\t\t\t\tname=\"new_password\"></td></tr>";
         print "<tr><td width=\"40%\">" . __("Confirm password") . "</td>";
         print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"confirm_password\"></td></tr>";
         print "</table>";
         print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
         print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"changepassword\">";
         print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">" . __("Change password") . "</button>";
         print "</form>";
     }
     print "</div>";
     #pane
     print "<div dojoType=\"dijit.layout.AccordionPane\" selected=\"true\" title=\"" . __('Preferences') . "\">";
     print "<form dojoType=\"dijit.form.Form\" id=\"changeSettingsForm\">";
     print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">\n\t\tevt.preventDefault();\n\t\tif (this.validate()) {\n\t\t\tconsole.log(dojo.objectToQuery(this.getValues()));\n\n\t\t\tnew Ajax.Request('backend.php', {\n\t\t\t\tparameters: dojo.objectToQuery(this.getValues()),\n\t\t\t\tonComplete: function(transport) {\n\t\t\t\t\tvar msg = transport.responseText;\n\t\t\t\t\tif (msg.match('PREFS_THEME_CHANGED')) {\n\t\t\t\t\t\twindow.location.reload();\n\t\t\t\t\t} else {\n\t\t\t\t\t\tnotify_info(msg);\n\t\t\t\t\t}\n\t\t\t} });\n\t\t}\n\t\t</script>";
     print '<div dojoType="dijit.layout.BorderContainer" gutters="false">';
     print '<div dojoType="dijit.layout.ContentPane" region="center" style="overflow-y : auto">';
     if ($_SESSION["profile"]) {
         print_notice("Some preferences are only available in default profile.");
     }
     if ($_SESSION["profile"]) {
         initialize_user_prefs($this->link, $_SESSION["uid"], $_SESSION["profile"]);
         $profile_qpart = "profile = '" . $_SESSION["profile"] . "'";
     } else {
         initialize_user_prefs($this->link, $_SESSION["uid"]);
         $profile_qpart = "profile IS NULL";
     }
     $result = db_query($this->link, "SELECT DISTINCT\n\t\t\tttrss_user_prefs.pref_name,short_desc,help_text,value,type_name,\n\t\t\tsection_name,def_value,section_id\n\t\t\tFROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs\n\t\t\tWHERE type_id = ttrss_prefs_types.id AND\n\t\t\t\t{$profile_qpart} AND\n\t\t\t\tsection_id = ttrss_prefs_sections.id AND\n\t\t\t\tttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND\n\t\t\t\tshort_desc != '' AND\n\t\t\t\towner_uid = " . $_SESSION["uid"] . "\n\t\t\tORDER BY section_id,short_desc");
     $lnum = 0;
     $active_section = "";
     while ($line = db_fetch_assoc($result)) {
         if (in_array($line["pref_name"], $prefs_blacklist)) {
             continue;
         }
         if ($_SESSION["profile"] && in_array($line["pref_name"], $profile_blacklist)) {
             continue;
         }
         if ($active_section != $line["section_name"]) {
             if ($active_section != "") {
                 print "</table>";
             }
             print "<table width=\"100%\" class=\"prefPrefsList\">";
             $active_section = $line["section_name"];
             print "<tr><td colspan=\"3\"><h3>" . __($active_section) . "</h3></td></tr>";
             if ($line["section_id"] == 2) {
                 print "<tr><td width=\"40%\">" . __("Select theme") . "</td>";
                 $user_theme = get_pref($this->link, "_THEME_ID");
                 $themes = get_all_themes();
                 print "<td><select name=\"_THEME_ID\" dojoType=\"dijit.form.Select\">";
                 print "<option value='Default'>" . __('Default') . "</option>";
                 print "<option value='----------------' disabled=\"1\">--------</option>";
                 foreach ($themes as $t) {
                     $base = $t['base'];
                     $name = $t['name'];
                     if ($base == $user_theme) {
                         $selected = "selected=\"1\"";
                     } else {
                         $selected = "";
                     }
                     print "<option {$selected} value='{$base}'>{$name}</option>";
                 }
                 print "</select></td></tr>";
             }
             $lnum = 0;
         }
         print "<tr>";
         $type_name = $line["type_name"];
         $pref_name = $line["pref_name"];
         $value = $line["value"];
         $def_value = $line["def_value"];
         $help_text = $line["help_text"];
         print "<td width=\"40%\" class=\"prefName\" id=\"{$pref_name}\">" . __($line["short_desc"]);
         if ($help_text) {
             print "<div class=\"prefHelp\">" . __($help_text) . "</div>";
         }
         print "</td>";
         print "<td class=\"prefValue\">";
         if ($pref_name == "USER_TIMEZONE") {
             $timezones = explode("\n", file_get_contents("lib/timezones.txt"));
             print_select($pref_name, $value, $timezones, 'dojoType="dijit.form.FilteringSelect"');
         } else {
             if ($pref_name == "USER_STYLESHEET") {
                 print "<button dojoType=\"dijit.form.Button\"\n\t\t\t\t\tonclick=\"customizeCSS()\">" . __('Customize') . "</button>";
             } else {
                 if ($pref_name == "DEFAULT_ARTICLE_LIMIT") {
                     $limits = array(15, 30, 45, 60);
                     print_select($pref_name, $value, $limits, 'dojoType="dijit.form.Select"');
                 } else {
                     if ($pref_name == "DEFAULT_UPDATE_INTERVAL") {
                         global $update_intervals_nodefault;
                         print_select_hash($pref_name, $value, $update_intervals_nodefault, 'dojoType="dijit.form.Select"');
                     } else {
                         if ($type_name == "bool") {
                             if ($value == "true") {
                                 $value = __("Yes");
                             } else {
                                 $value = __("No");
                             }
                             if ($pref_name == "PURGE_UNREAD_ARTICLES" && FORCE_ARTICLE_PURGE != 0) {
                                 $disabled = "disabled=\"1\"";
                                 $value = __("Yes");
                             } else {
                                 $disabled = "";
                             }
                             print_radio($pref_name, $value, __("Yes"), array(__("Yes"), __("No")), $disabled);
                         } else {
                             if (array_search($pref_name, array('FRESH_ARTICLE_MAX_AGE', 'DEFAULT_ARTICLE_LIMIT', 'PURGE_OLD_DAYS', 'LONG_DATE_FORMAT', 'SHORT_DATE_FORMAT')) !== false) {
                                 $regexp = $type_name == 'integer' ? 'regexp="^\\d*$"' : '';
                                 if ($pref_name == "PURGE_OLD_DAYS" && FORCE_ARTICLE_PURGE != 0) {
                                     $disabled = "disabled=\"1\"";
                                     $value = FORCE_ARTICLE_PURGE;
                                 } else {
                                     $disabled = "";
                                 }
                                 print "<input dojoType=\"dijit.form.ValidationTextBox\"\n\t\t\t\t\trequired=\"1\" {$regexp} {$disabled}\n\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\">";
                             } else {
                                 if ($pref_name == "SSL_CERT_SERIAL") {
                                     print "<input dojoType=\"dijit.form.ValidationTextBox\"\n\t\t\t\t\tid=\"SSL_CERT_SERIAL\" readonly=\"1\"\n\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\">";
                                     $cert_serial = htmlspecialchars(get_ssl_certificate_id());
                                     $has_serial = $cert_serial ? "false" : "true";
                                     print " <button dojoType=\"dijit.form.Button\" disabled=\"{$has_serial}\"\n\t\t\t\t\tonclick=\"insertSSLserial('{$cert_serial}')\">" . __('Register') . "</button>";
                                     print " <button dojoType=\"dijit.form.Button\"\n\t\t\t\t\tonclick=\"insertSSLserial('')\">" . __('Clear') . "</button>";
                                 } else {
                                     if ($pref_name == 'DIGEST_PREFERRED_TIME') {
                                         print "<input dojoType=\"dijit.form.ValidationTextBox\"\n\t\t\t\t\tid=\"{$pref_name}\" regexp=\"[012]?\\d:\\d\\d\" placeHolder=\"12:00\"\n\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\"><div class=\"insensitive\">" . T_sprintf("Current server time: %s (UTC)", date("H:i")) . "</div>";
                                     } else {
                                         $regexp = $type_name == 'integer' ? 'regexp="^\\d*$"' : '';
                                         print "<input dojoType=\"dijit.form.ValidationTextBox\"\n\t\t\t\t\t{$regexp}\n\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\">";
                                     }
                                 }
                             }
                         }
                     }
                 }
             }
         }
         print "</td>";
         print "</tr>";
         $lnum++;
     }
     print "</table>";
     print '</div>';
     # inside pane
     print '<div dojoType="dijit.layout.ContentPane" region="bottom">';
     print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
     print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"saveconfig\">";
     print "<button dojoType=\"dijit.form.Button\" type=\"submit\">" . __('Save configuration') . "</button> ";
     print "<button dojoType=\"dijit.form.Button\" onclick=\"return editProfiles()\">" . __('Manage profiles') . "</button> ";
     print "<button dojoType=\"dijit.form.Button\" onclick=\"return validatePrefsReset()\">" . __('Reset to defaults') . "</button>";
     print '</div>';
     # inner pane
     print '</div>';
     # border container
     print "</form>";
     print "</div>";
     #pane
     print "</div>";
     #container
 }
Ejemplo n.º 6
0
function module_pref_users($link)
{
    global $access_level_names;
    if (!SINGLE_USER_MODE && $_SESSION["access_level"] < 10) {
        print __("Your access level is insufficient to open this tab.");
        return;
    }
    $subop = $_REQUEST["subop"];
    if ($subop == "user-details") {
        header("Content-Type: text/xml");
        print "<dlg id=\"{$subop}\">";
        $uid = sprintf("%d", $_REQUEST["id"]);
        print "<title>" . __('User details') . "</title>";
        print "<content><![CDATA[";
        $result = db_query($link, "SELECT login,\n\t\t\t\t" . SUBSTRING_FOR_DATE . "(last_login,1,16) AS last_login,\n\t\t\t\taccess_level,\n\t\t\t\t(SELECT COUNT(int_id) FROM ttrss_user_entries\n\t\t\t\t\tWHERE owner_uid = id) AS stored_articles,\n\t\t\t\t" . SUBSTRING_FOR_DATE . "(created,1,16) AS created\n\t\t\t\tFROM ttrss_users\n\t\t\t\tWHERE id = '{$uid}'");
        if (db_num_rows($result) == 0) {
            print "<h1>" . __('User not found') . "</h1>";
            return;
        }
        // print "<h1>User Details</h1>";
        $login = db_fetch_result($result, 0, "login");
        print "<table width='100%'>";
        $last_login = make_local_datetime($link, db_fetch_result($result, 0, "last_login"), true);
        $created = make_local_datetime($link, db_fetch_result($result, 0, "created"), true);
        $access_level = db_fetch_result($result, 0, "access_level");
        $stored_articles = db_fetch_result($result, 0, "stored_articles");
        print "<tr><td>" . __('Registered') . "</td><td>{$created}</td></tr>";
        print "<tr><td>" . __('Last logged in') . "</td><td>{$last_login}</td></tr>";
        $result = db_query($link, "SELECT COUNT(id) as num_feeds FROM ttrss_feeds\n\t\t\t\tWHERE owner_uid = '{$uid}'");
        $num_feeds = db_fetch_result($result, 0, "num_feeds");
        print "<tr><td>" . __('Subscribed feeds count') . "</td><td>{$num_feeds}</td></tr>";
        print "</table>";
        print "<h1>" . __('Subscribed feeds') . "</h1>";
        $result = db_query($link, "SELECT id,title,site_url FROM ttrss_feeds\n\t\t\t\tWHERE owner_uid = '{$uid}' ORDER BY title");
        print "<ul class=\"userFeedList\">";
        $row_class = "odd";
        while ($line = db_fetch_assoc($result)) {
            $icon_file = ICONS_URL . "/" . $line["id"] . ".ico";
            if (file_exists($icon_file) && filesize($icon_file) > 0) {
                $feed_icon = "<img class=\"tinyFeedIcon\" src=\"{$icon_file}\">";
            } else {
                $feed_icon = "<img class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\">";
            }
            print "<li class=\"{$row_class}\">{$feed_icon}&nbsp;<a href=\"" . $line["site_url"] . "\">" . $line["title"] . "</a></li>";
            $row_class = toggleEvenOdd($row_class);
        }
        if (db_num_rows($result) < $num_feeds) {
            // FIXME - add link to show ALL subscribed feeds here somewhere
            print "<li><img\n\t\t\t\t\tclass=\"tinyFeedIcon\" src=\"images/blank_icon.gif\">&nbsp;...</li>";
        }
        print "</ul>";
        print "<div align='center'>\n\t\t\t\t<button onclick=\"closeInfoBox()\">" . __("Close this window") . "</button></div>";
        print "]]></content></dlg>";
        return;
    }
    if ($subop == "edit") {
        header("Content-Type: text/xml");
        $id = db_escape_string($_REQUEST["id"]);
        print "<dlg id=\"{$subop}\">";
        print "<title>" . __('User Editor') . "</title>";
        print "<content><![CDATA[";
        print "<form id=\"user_edit_form\" onsubmit='return false'>";
        print "<input type=\"hidden\" name=\"id\" value=\"{$id}\">";
        print "<input type=\"hidden\" name=\"op\" value=\"pref-users\">";
        print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">";
        $result = db_query($link, "SELECT * FROM ttrss_users WHERE id = '{$id}'");
        $login = db_fetch_result($result, 0, "login");
        $access_level = db_fetch_result($result, 0, "access_level");
        $email = db_fetch_result($result, 0, "email");
        $sel_disabled = $id == $_SESSION["uid"] ? "disabled" : "";
        print "<div class=\"dlgSec\">" . __("User") . "</div>";
        print "<div class=\"dlgSecCont\">";
        if ($sel_disabled) {
            print "<input type=\"hidden\" name=\"login\" value=\"{$login}\">";
            print "<input size=\"30\" style=\"font-size : 16px\"\n\t\t\t\t\tonkeypress=\"return filterCR(event, userEditSave)\" {$sel_disabled}\n\t\t\t\t\tvalue=\"{$login}\">";
        } else {
            print "<input size=\"30\" style=\"font-size : 16px\"\n\t\t\t\t\tonkeypress=\"return filterCR(event, userEditSave)\" {$sel_disabled}\n\t\t\t\t\tname=\"login\" value=\"{$login}\">";
        }
        print "</div>";
        print "<div class=\"dlgSec\">" . __("Authentication") . "</div>";
        print "<div class=\"dlgSecCont\">";
        print __('Access level: ') . " ";
        if (!$sel_disabled) {
            print_select_hash("access_level", $access_level, $access_level_names, $sel_disabled);
        } else {
            print_select_hash("", $access_level, $access_level_names, $sel_disabled);
            print "<input type=\"hidden\" name=\"access_level\" value=\"{$access_level}\">";
        }
        print "<br/>";
        print __('Change password to') . " <input size=\"20\" onkeypress=\"return filterCR(event, userEditSave)\"\n\t\t\t\tname=\"password\">";
        print "</div>";
        print "<div class=\"dlgSec\">" . __("Options") . "</div>";
        print "<div class=\"dlgSecCont\">";
        print __('E-mail: ') . " <input size=\"30\" name=\"email\" onkeypress=\"return filterCR(event, userEditSave)\"\n\t\t\t\tvalue=\"{$email}\">";
        print "</div>";
        print "</table>";
        print "</form>";
        print "<div class=\"dlgButtons\">\n\t\t\t\t<button onclick=\"return userEditSave()\">" . __('Save') . "</button>\n\t\t\t\t<button onclick=\"return userEditCancel()\">" . __('Cancel') . "</button></div>";
        print "]]></content></dlg>";
        return;
    }
    if ($subop == "editSave") {
        if ($_SESSION["access_level"] >= 10) {
            $login = db_escape_string(trim($_REQUEST["login"]));
            $uid = db_escape_string($_REQUEST["id"]);
            $access_level = (int) $_REQUEST["access_level"];
            $email = db_escape_string(trim($_REQUEST["email"]));
            $password = db_escape_string(trim($_REQUEST["password"]));
            if ($password) {
                $pwd_hash = encrypt_password($password, $login);
                $pass_query_part = "pwd_hash = '{$pwd_hash}', ";
                $status_msg = format_notice(T_sprintf('Changed password of user <b>%s</b>.', $login));
            } else {
                $pass_query_part = "";
            }
            db_query($link, "UPDATE ttrss_users SET {$pass_query_part} login = '******',\n\t\t\t\t\taccess_level = '{$access_level}', email = '{$email}' WHERE id = '{$uid}'");
        }
    } else {
        if ($subop == "remove") {
            if ($_SESSION["access_level"] >= 10) {
                $ids = split(",", db_escape_string($_REQUEST["ids"]));
                foreach ($ids as $id) {
                    if ($id != $_SESSION["uid"] && $id != 1) {
                        db_query($link, "DELETE FROM ttrss_tags WHERE owner_uid = '{$id}'");
                        db_query($link, "DELETE FROM ttrss_feeds WHERE owner_uid = '{$id}'");
                        db_query($link, "DELETE FROM ttrss_users WHERE id = '{$id}'");
                    }
                }
            }
        } else {
            if ($subop == "add") {
                if ($_SESSION["access_level"] >= 10) {
                    $login = db_escape_string(trim($_REQUEST["login"]));
                    $tmp_user_pwd = make_password(8);
                    $pwd_hash = encrypt_password($tmp_user_pwd, $login);
                    $result = db_query($link, "SELECT id FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******'");
                    if (db_num_rows($result) == 0) {
                        db_query($link, "INSERT INTO ttrss_users\n\t\t\t\t\t\t(login,pwd_hash,access_level,last_login,created)\n\t\t\t\t\t\tVALUES ('{$login}', '{$pwd_hash}', 0, null, NOW())");
                        $result = db_query($link, "SELECT id FROM ttrss_users WHERE\n\t\t\t\t\t\tlogin = '******' AND pwd_hash = '{$pwd_hash}'");
                        if (db_num_rows($result) == 1) {
                            $new_uid = db_fetch_result($result, 0, "id");
                            $status_msg = format_notice(T_sprintf("Added user <b>%s</b> with password <b>%s</b>", $login, $tmp_user_pwd));
                            initialize_user($link, $new_uid);
                        } else {
                            $status_msg = format_warning(T_sprintf("Could not create user <b>%s</b>", $login));
                        }
                    } else {
                        $status_msg = format_warning(T_sprintf("User <b>%s</b> already exists.", $login));
                    }
                }
            } else {
                if ($subop == "resetPass") {
                    if ($_SESSION["access_level"] >= 10) {
                        $uid = db_escape_string($_REQUEST["id"]);
                        $result = db_query($link, "SELECT login,email\n\t\t\t\t\tFROM ttrss_users WHERE id = '{$uid}'");
                        $login = db_fetch_result($result, 0, "login");
                        $email = db_fetch_result($result, 0, "email");
                        $tmp_user_pwd = make_password(8);
                        $pwd_hash = encrypt_password($tmp_user_pwd, $login);
                        db_query($link, "UPDATE ttrss_users SET pwd_hash = '{$pwd_hash}'\n\t\t\t\t\tWHERE id = '{$uid}'");
                        $status_msg = format_notice(T_sprintf("Changed password of user <b>%s</b>\n\t\t\t\t\t to <b>%s</b>", $login, $tmp_user_pwd));
                        if ($email) {
                            $status_msg += format_notice(T_sprintf("Notifying <b>%s</b>.", $email));
                            require_once "lib/MiniTemplator.class.php";
                            $tpl = new MiniTemplator();
                            $tpl->readTemplateFromFile("templates/resetpass_template.txt");
                            $tpl->setVariable('LOGIN', $login);
                            $tpl->setVariable('NEWPASS', $tmp_user_pwd);
                            $tpl->addBlock('message');
                            $message = "";
                            $tpl->generateOutputToString($message);
                            $mail = new PHPMailer();
                            $mail->PluginDir = "lib/phpmailer/";
                            $mail->SetLanguage("en", "lib/phpmailer/language/");
                            $mail->CharSet = "UTF-8";
                            $mail->From = DIGEST_FROM_ADDRESS;
                            $mail->FromName = DIGEST_FROM_NAME;
                            $mail->AddAddress($email, $login);
                            if (DIGEST_SMTP_HOST) {
                                $mail->Host = DIGEST_SMTP_HOST;
                                $mail->Mailer = "smtp";
                                $mail->SMTPAuth = DIGEST_SMTP_LOGIN != '';
                                $mail->Username = DIGEST_SMTP_LOGIN;
                                $mail->Password = DIGEST_SMTP_PASSWORD;
                            }
                            $mail->IsHTML(false);
                            $mail->Subject = __("[tt-rss] Password change notification");
                            $mail->Body = $message;
                            $rc = $mail->Send();
                            if (!$rc) {
                                print_error($mail->ErrorInfo);
                            }
                            /*					mail("$login <$email>", "Password reset notification",
                            						"Hi, $login.\n".
                            						"\n".
                            						"Your password for this TT-RSS installation was reset by".
                            							" an administrator.\n".
                            						"\n".
                            						"Your new password is $tmp_user_pwd, please remember".
                            							" it for later reference.\n".
                            						"\n".
                            						"Sincerely, TT-RSS Mail Daemon.", "From: " . MAIL_FROM); */
                        }
                        print "</div>";
                    }
                }
            }
        }
    }
    print "<div id=\"pref-user-wrap\" dojoType=\"dijit.layout.BorderContainer\" gutters=\"false\">";
    print "<div id=\"pref-user-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";
    print "<div id=\"pref-user-toolbar\" dojoType=\"dijit.Toolbar\">";
    $user_search = db_escape_string($_REQUEST["search"]);
    if (array_key_exists("search", $_REQUEST)) {
        $_SESSION["prefs_user_search"] = $user_search;
    } else {
        $user_search = $_SESSION["prefs_user_search"];
    }
    print "<div style='float : right; padding-right : 4px;'>\n\t\t\t<input dojoType=\"dijit.form.TextBox\" id=\"user_search\" size=\"20\" type=\"search\"\n\t\t\t\tvalue=\"{$user_search}\">\n\t\t\t<button dojoType=\"dijit.form.Button\" onclick=\"javascript:updateUsersList()\">" . __('Search') . "</button>\n\t\t\t</div>";
    $sort = db_escape_string($_REQUEST["sort"]);
    if (!$sort || $sort == "undefined") {
        $sort = "login";
    }
    print "<div dojoType=\"dijit.form.DropDownButton\">" . "<span>" . __('Select') . "</span>";
    print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
    print "<div onclick=\"selectTableRows('prefUserList', 'all')\"\n\t\t\tdojoType=\"dijit.MenuItem\">" . __('All') . "</div>";
    print "<div onclick=\"selectTableRows('prefUserList', 'none')\"\n\t\t\tdojoType=\"dijit.MenuItem\">" . __('None') . "</div>";
    print "</div></div>";
    print "<button dojoType=\"dijit.form.Button\" onclick=\"javascript:addUser()\">" . __('Create user') . "</button>";
    print "\n\t\t\t<button dojoType=\"dijit.form.Button\" onclick=\"javascript:selectedUserDetails()\">" . __('Details') . "</button dojoType=\"dijit.form.Button\">\n\t\t\t<button dojoType=\"dijit.form.Button\" onclick=\"javascript:editSelectedUser()\">" . __('Edit') . "</button dojoType=\"dijit.form.Button\">\n\t\t\t<button dojoType=\"dijit.form.Button\" onclick=\"javascript:removeSelectedUsers()\">" . __('Remove') . "</button dojoType=\"dijit.form.Button\">\n\t\t\t<button dojoType=\"dijit.form.Button\" onclick=\"javascript:resetSelectedUserPass()\">" . __('Reset password') . "</button dojoType=\"dijit.form.Button\">";
    print "</div>";
    #toolbar
    print "</div>";
    #pane
    print "<div id=\"pref-user-content\" dojoType=\"dijit.layout.ContentPane\" region=\"center\">";
    print "<p>{$status_msg}";
    if ($user_search) {
        $user_search = split(" ", $user_search);
        $tokens = array();
        foreach ($user_search as $token) {
            $token = trim($token);
            array_push($tokens, "(UPPER(login) LIKE UPPER('%{$token}%'))");
        }
        $user_search_query = "(" . join($tokens, " AND ") . ") AND ";
    } else {
        $user_search_query = "";
    }
    $result = db_query($link, "SELECT\n\t\t\t\tid,login,access_level,email,\n\t\t\t\t" . SUBSTRING_FOR_DATE . "(last_login,1,16) as last_login,\n\t\t\t\t" . SUBSTRING_FOR_DATE . "(created,1,16) as created\n\t\t\tFROM\n\t\t\t\tttrss_users\n\t\t\tWHERE\n\t\t\t\t{$user_search_query}\n\t\t\t\tid > 0\n\t\t\tORDER BY {$sort}");
    if (db_num_rows($result) > 0) {
        print "<p><table width=\"100%\" cellspacing=\"0\"\n\t\t\tclass=\"prefUserList\" id=\"prefUserList\">";
        print "<tr class=\"title\">\n\t\t\t\t\t<td align='center' width=\"5%\">&nbsp;</td>\n\t\t\t\t\t<td width=''><a href=\"#\" onclick=\"updateUsersList('login')\">" . __('Login') . "</a></td>\n\t\t\t\t\t<td width='20%'><a href=\"#\" onclick=\"updateUsersList('access_level')\">" . __('Access Level') . "</a></td>\n\t\t\t\t\t<td width='20%'><a href=\"#\" onclick=\"updateUsersList('created')\">" . __('Registered') . "</a></td>\n\t\t\t\t\t<td width='20%'><a href=\"#\" onclick=\"updateUsersList('last_login')\">" . __('Last login') . "</a></td></tr>";
        $lnum = 0;
        while ($line = db_fetch_assoc($result)) {
            $class = $lnum % 2 ? "even" : "odd";
            $uid = $line["id"];
            $edit_uid = $_REQUEST["id"];
            if ($subop == "edit" && $uid != $edit_uid) {
                $class .= " Grayed";
                $this_row_id = "";
            } else {
                $this_row_id = "id=\"UMRR-{$uid}\"";
            }
            print "<tr class=\"{$class}\" {$this_row_id}>";
            $line["login"] = htmlspecialchars($line["login"]);
            $line["created"] = make_local_datetime($link, $line["created"], false);
            $line["last_login"] = make_local_datetime($link, $line["last_login"], false);
            print "<td align='center'><input onclick='toggleSelectRow(this);'\n\t\t\t\ttype=\"checkbox\" id=\"UMCHK-{$uid}\"></td>";
            $onclick = "onclick='editUser({$uid}, event)' title='" . __('Click to edit') . "'";
            print "<td {$onclick}>" . $line["login"] . "</td>";
            if (!$line["email"]) {
                $line["email"] = "&nbsp;";
            }
            print "<td {$onclick}>" . $access_level_names[$line["access_level"]] . "</td>";
            print "<td {$onclick}>" . $line["created"] . "</td>";
            print "<td {$onclick}>" . $line["last_login"] . "</td>";
            print "</tr>";
            ++$lnum;
        }
        print "</table>";
    } else {
        print "<p>";
        if (!$user_search) {
            print_warning(__('No users defined.'));
        } else {
            print_warning(__('No matching users found.'));
        }
        print "</p>";
    }
    print "</div>";
    #pane
    print "</div>";
    #container
}