function addprofile()
{
$title = db_escape_string(trim($_REQUEST["title"]));
if ($title) {
db_query($this->link, "BEGIN");
$result = db_query($this->link, "SELECT id FROM ttrss_settings_profiles\n\t\t\t\tWHERE title = '{$title}' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) == 0) {
db_query($this->link, "INSERT INTO ttrss_settings_profiles (title, owner_uid)\n\t\t\t\t\t\t\tVALUES ('{$title}', " . $_SESSION["uid"] . ")");
$result = db_query($this->link, "SELECT id FROM ttrss_settings_profiles WHERE\n\t\t\t\t\ttitle = '{$title}'");
if (db_num_rows($result) != 0) {
$profile_id = db_fetch_result($result, 0, "id");
if ($profile_id) {
initialize_user_prefs($this->link, $_SESSION["uid"], $profile_id);
}
}
}
db_query($this->link, "COMMIT");
}
}
function addprofile()
{
$title = $this->dbh->escape_string(trim($_REQUEST["title"]));
if (!$title) {
return;
}
$this->dbh->query("BEGIN");
$result = $this->dbh->query("SELECT id FROM ttrss_settings_profiles\n WHERE title = '{$title}' AND owner_uid = " . $_SESSION["uid"]);
if ($this->dbh->num_rows($result) == 0) {
$this->dbh->query("INSERT INTO ttrss_settings_profiles (title, owner_uid)\n VALUES ('{$title}', " . $_SESSION["uid"] . ")");
$result = $this->dbh->query("SELECT id FROM ttrss_settings_profiles\n WHERE title = '{$title}'");
if ($this->dbh->num_rows($result) != 0) {
$profile_id = $this->dbh->fetch_result($result, 0, "id");
if ($profile_id) {
initialize_user_prefs($_SESSION["uid"], $profile_id);
}
}
}
$this->dbh->query("COMMIT");
}
function authenticate_user($login, $password, $check_only = false)
{
if (!SINGLE_USER_MODE) {
$user_id = false;
foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_AUTH_USER) as $plugin) {
$user_id = (int) $plugin->authenticate($login, $password);
if ($user_id) {
$_SESSION["auth_module"] = strtolower(get_class($plugin));
break;
}
}
if ($user_id && !$check_only) {
@session_start();
$_SESSION["uid"] = $user_id;
$_SESSION["version"] = VERSION_STATIC;
$result = db_query("SELECT login,access_level,pwd_hash FROM ttrss_users\n\t\t\t\t\tWHERE id = '{$user_id}'");
$_SESSION["name"] = db_fetch_result($result, 0, "login");
$_SESSION["access_level"] = db_fetch_result($result, 0, "access_level");
$_SESSION["csrf_token"] = uniqid_short();
db_query("UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]);
$_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"];
$_SESSION["user_agent"] = sha1($_SERVER['HTTP_USER_AGENT']);
$_SESSION["pwd_hash"] = db_fetch_result($result, 0, "pwd_hash");
$_SESSION["last_version_check"] = time();
initialize_user_prefs($_SESSION["uid"]);
return true;
}
return false;
} else {
$_SESSION["uid"] = 1;
$_SESSION["name"] = "admin";
$_SESSION["access_level"] = 10;
$_SESSION["hide_hello"] = true;
$_SESSION["hide_logout"] = true;
$_SESSION["auth_module"] = false;
if (!$_SESSION["csrf_token"]) {
$_SESSION["csrf_token"] = uniqid_short();
}
$_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"];
initialize_user_prefs($_SESSION["uid"]);
return true;
}
}
function module_pref_prefs($link)
{
global $access_level_names;
$subop = $_REQUEST["subop"];
$prefs_blacklist = array("HIDE_FEEDLIST", "SYNC_COUNTERS", "ENABLE_LABELS", "ENABLE_SEARCH_TOOLBAR", "HIDE_READ_FEEDS");
$profile_blacklist = array("ALLOW_DUPLICATE_POSTS", "PURGE_OLD_DAYS", "PURGE_UNREAD_ARTICLES", "DIGEST_ENABLE", "DIGEST_CATCHUP", "BLACKLISTED_TAGS", "ENABLE_FEED_ICONS", "ENABLE_API_ACCESS", "UPDATE_POST_ON_CHECKSUM_CHANGE", "DEFAULT_UPDATE_INTERVAL", "MARK_UNREAD_ON_UPDATE");
if (FORCE_ARTICLE_PURGE != 0) {
array_push($prefs_blacklist, "PURGE_OLD_DAYS");
array_push($prefs_blacklist, "PURGE_UNREAD_ARTICLES");
}
if ($subop == "change-password") {
$old_pw = $_POST["OLD_PASSWORD"];
$new_pw = $_POST["NEW_PASSWORD"];
$con_pw = $_POST["CONFIRM_PASSWORD"];
if ($old_pw == "") {
print "ERROR: " . __("Old password cannot be blank.");
return;
}
if ($new_pw == "") {
print "ERROR: " . __("New password cannot be blank.");
return;
}
if ($new_pw != $con_pw) {
print "ERROR: " . __("Entered passwords do not match.");
return;
}
$old_pw_hash1 = encrypt_password($_POST["OLD_PASSWORD"]);
$old_pw_hash2 = encrypt_password($_POST["OLD_PASSWORD"], $_SESSION["name"]);
$new_pw_hash = encrypt_password($_POST["NEW_PASSWORD"], $_SESSION["name"]);
$active_uid = $_SESSION["uid"];
if ($old_pw && $new_pw) {
$login = db_escape_string($_SERVER['PHP_AUTH_USER']);
$result = db_query($link, "SELECT id FROM ttrss_users WHERE \n\t\t\t\t\tid = '{$active_uid}' AND (pwd_hash = '{$old_pw_hash1}' OR \n\t\t\t\t\t\tpwd_hash = '{$old_pw_hash2}')");
if (db_num_rows($result) == 1) {
db_query($link, "UPDATE ttrss_users SET pwd_hash = '{$new_pw_hash}' \n\t\t\t\t\t\tWHERE id = '{$active_uid}'");
$_SESSION["pwd_hash"] = $new_pw_hash;
print __("Password has been changed.");
} else {
print "ERROR: " . __('Old password is incorrect.');
}
}
return;
} else {
if ($subop == "save-config") {
# $_SESSION["prefs_op_result"] = "save-config";
$_SESSION["prefs_cache"] = false;
// print_r($_POST);
$orig_theme = get_pref($link, "_THEME_ID");
foreach (array_keys($_POST) as $pref_name) {
$pref_name = db_escape_string($pref_name);
$value = db_escape_string($_POST[$pref_name]);
set_pref($link, $pref_name, $value);
}
if ($orig_theme != get_pref($link, "_THEME_ID")) {
print "PREFS_THEME_CHANGED";
} else {
print __("The configuration was saved.");
}
return;
} else {
if ($subop == "getHelp") {
$pref_name = db_escape_string($_REQUEST["pn"]);
$result = db_query($link, "SELECT help_text FROM ttrss_prefs\n\t\t\t\tWHERE pref_name = '{$pref_name}'");
if (db_num_rows($result) > 0) {
$help_text = db_fetch_result($result, 0, "help_text");
print $help_text;
} else {
printf(__("Unknown option: %s"), $pref_name);
}
} else {
if ($subop == "change-email") {
$email = db_escape_string($_POST["email"]);
$active_uid = $_SESSION["uid"];
db_query($link, "UPDATE ttrss_users SET email = '{$email}' \n\t\t\t\tWHERE id = '{$active_uid}'");
print __("E-mail has been changed.");
return;
} else {
if ($subop == "reset-config") {
$_SESSION["prefs_op_result"] = "reset-to-defaults";
if ($_SESSION["profile"]) {
$profile_qpart = "profile = '" . $_SESSION["profile"] . "'";
} else {
$profile_qpart = "profile IS NULL";
}
db_query($link, "DELETE FROM ttrss_user_prefs \n\t\t\t\tWHERE {$profile_qpart} AND owner_uid = " . $_SESSION["uid"]);
initialize_user_prefs($link, $_SESSION["uid"], $_SESSION["profile"]);
print "PREFS_THEME_CHANGED";
// print __("The configuration was reset to defaults.");
return;
} else {
set_pref($link, "_PREFS_ACTIVE_TAB", "genConfig");
if ($_SESSION["profile"]) {
print_notice("Some preferences are only available in default profile.");
}
if (!SINGLE_USER_MODE) {
$result = db_query($link, "SELECT id FROM ttrss_users\n\t\t\t\t\tWHERE id = " . $_SESSION["uid"] . " AND pwd_hash \n\t\t\t\t\t= 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'");
if (db_num_rows($result) != 0) {
print format_warning(__("Your password is at default value, \n\t\t\t\t\t\tplease change it."), "default_pass_warning");
}
/* if ($_SESSION["pwd_change_result"] == "failed") {
print format_warning("Could not change the password.");
}
if ($_SESSION["pwd_change_result"] == "ok") {
print format_notice("Password was changed.");
}
$_SESSION["pwd_change_result"] = ""; */
/* if ($_SESSION["prefs_op_result"] == "reset-to-defaults") {
print format_notice(__("The configuration was reset to defaults."));
} */
# if ($_SESSION["prefs_op_result"] == "save-config") {
# print format_notice(__("The configuration was saved."));
# }
$_SESSION["prefs_op_result"] = "";
print "<form onsubmit='return false' id='change_email_form'>";
print "<table width=\"100%\" class=\"prefPrefsList\">";
print "<tr><td colspan='3'><h3>" . __("Personal data") . "</h3></tr></td>";
$result = db_query($link, "SELECT email,access_level FROM ttrss_users\n\t\t\t\t\tWHERE id = " . $_SESSION["uid"]);
$email = db_fetch_result($result, 0, "email");
print "<tr><td width=\"40%\">" . __('E-mail') . "</td>";
print "<td class=\"prefValue\"><input class=\"editbox\" name=\"email\" \n\t\t\t\t\tonfocus=\"javascript:disableHotkeys();\" \n\t\t\t\t\tonblur=\"javascript:enableHotkeys();\"\n\t\t\t\t\tonkeypress=\"return filterCR(event, changeUserEmail)\"\n\t\t\t\t\tvalue=\"{$email}\"></td></tr>";
if (!SINGLE_USER_MODE) {
$access_level = db_fetch_result($result, 0, "access_level");
print "<tr><td width=\"40%\">" . __('Access level') . "</td>";
print "<td>" . $access_level_names[$access_level] . "</td></tr>";
}
print "</table>";
print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">";
print "<input type=\"hidden\" name=\"subop\" value=\"change-email\">";
print "</form>";
print "<p><button onclick=\"return changeUserEmail()\">" . __("Change e-mail") . "</button>";
print "<form onsubmit=\"return false\" \n\t\t\t\t\tname=\"change_pass_form\" id=\"change_pass_form\">";
print "<table width=\"100%\" class=\"prefPrefsList\">";
print "<tr><td colspan='3'><h3>" . __("Authentication") . "</h3></tr></td>";
print "<tr><td width=\"40%\">" . __("Old password") . "</td>";
print "<td class=\"prefValue\"><input class=\"editbox\" type=\"password\"\n\t\t\t\t\tonfocus=\"javascript:disableHotkeys();\" \n\t\t\t\t\tonblur=\"javascript:enableHotkeys();\"\n\t\t\t\t\tonkeypress=\"return filterCR(event, changeUserPassword)\"\n\t\t\t\t\tname=\"OLD_PASSWORD\"></td></tr>";
print "<tr><td width=\"40%\">" . __("New password") . "</td>";
print "<td class=\"prefValue\"><input class=\"editbox\" type=\"password\"\n\t\t\t\t\tonfocus=\"javascript:disableHotkeys();\" \n\t\t\t\t\tonblur=\"javascript:enableHotkeys();\"\n\t\t\t\t\tonkeypress=\"return filterCR(event, changeUserPassword)\"\n\t\t\t\t\tname=\"NEW_PASSWORD\"></td></tr>";
print "<tr><td width=\"40%\">" . __("Confirm password") . "</td>";
print "<td class=\"prefValue\"><input class=\"editbox\" type=\"password\"\n\t\t\t\t\tonfocus=\"javascript:disableHotkeys();\" \n\t\t\t\t\tonblur=\"javascript:enableHotkeys();\"\n\t\t\t\t\tonkeypress=\"return filterCR(event, changeUserPassword)\"\n\t\t\t\t\tname=\"CONFIRM_PASSWORD\"></td></tr>";
print "</table>";
print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">";
print "<input type=\"hidden\" name=\"subop\" value=\"change-password\">";
print "</form>";
print "<p><button\tonclick=\"return changeUserPassword()\">" . __("Change password") . "</button>";
}
if ($_SESSION["profile"]) {
initialize_user_prefs($link, $_SESSION["uid"], $_SESSION["profile"]);
$profile_qpart = "profile = '" . $_SESSION["profile"] . "'";
} else {
initialize_user_prefs($link, $_SESSION["uid"]);
$profile_qpart = "profile IS NULL";
}
$result = db_query($link, "SELECT \n\t\t\t\tttrss_user_prefs.pref_name,short_desc,help_text,value,type_name,\n\t\t\t\tsection_name,def_value,section_id\n\t\t\t\tFROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs\n\t\t\t\tWHERE type_id = ttrss_prefs_types.id AND \n\t\t\t\t\t{$profile_qpart} AND\n\t\t\t\t\tsection_id = ttrss_prefs_sections.id AND\n\t\t\t\t\tttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND\n\t\t\t\t\tshort_desc != '' AND\n\t\t\t\t\towner_uid = " . $_SESSION["uid"] . "\n\t\t\t\tORDER BY section_id,short_desc");
print "<form onsubmit='return false' action=\"backend.php\" \n\t\t\t\tmethod=\"POST\" id=\"pref_prefs_form\">";
$lnum = 0;
$active_section = "";
while ($line = db_fetch_assoc($result)) {
if (in_array($line["pref_name"], $prefs_blacklist)) {
continue;
}
if ($_SESSION["profile"] && in_array($line["pref_name"], $profile_blacklist)) {
continue;
}
if ($active_section != $line["section_name"]) {
if ($active_section != "") {
print "</table>";
}
print "<p><table width=\"100%\" class=\"prefPrefsList\">";
$active_section = $line["section_name"];
print "<tr><td colspan=\"3\"><h3>" . __($active_section) . "</h3></td></tr>";
if ($line["section_id"] == 2) {
print "<tr><td width=\"40%\">" . __("Select theme") . "</td>";
$user_theme = get_pref($link, "_THEME_ID");
$themes = get_all_themes();
print "<td><select name=\"_THEME_ID\">";
print "<option value=''>" . __('Default') . "</option>";
print "<option disabled>--------</option>";
foreach ($themes as $t) {
$base = $t['base'];
$name = $t['name'];
if ($base == $user_theme) {
$selected = "selected=\"1\"";
} else {
$selected = "";
}
print "<option {$selected} value='{$base}'>{$name}</option>";
}
print "</select></td></tr>";
}
// print "<tr class=\"title\">
// <td width=\"25%\">Option</td><td>Value</td></tr>";
$lnum = 0;
}
// $class = ($lnum % 2) ? "even" : "odd";
print "<tr>";
$type_name = $line["type_name"];
$pref_name = $line["pref_name"];
$value = $line["value"];
$def_value = $line["def_value"];
$help_text = $line["help_text"];
print "<td width=\"40%\" class=\"prefName\" id=\"{$pref_name}\">" . __($line["short_desc"]);
if ($help_text) {
print "<div class=\"prefHelp\">" . __($help_text) . "</div>";
}
print "</td>";
print "<td class=\"prefValue\">";
if ($pref_name == "DEFAULT_UPDATE_INTERVAL") {
global $update_intervals_nodefault;
print_select_hash($pref_name, $value, $update_intervals_nodefault);
} else {
if ($type_name == "bool") {
// print_select($pref_name, $value, array("true", "false"));
if ($value == "true") {
$value = __("Yes");
} else {
$value = __("No");
}
print_radio($pref_name, $value, __("Yes"), array(__("Yes"), __("No")));
} else {
print "<input class=\"editbox\"\n\t\t\t\t\t\tonfocus=\"javascript:disableHotkeys();\" \n\t\t\t\t\t\tonblur=\"javascript:enableHotkeys();\" \n\t\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\">";
}
}
print "</td>";
print "</tr>";
$lnum++;
}
print "</table>";
print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">";
print "<p><button onclick=\"return validatePrefsSave()\">" . __('Save configuration') . "</button> ";
print "<button onclick=\"return editProfiles()\">" . __('Manage profiles') . "</button> ";
print "<button onclick=\"return validatePrefsReset()\">" . __('Reset to defaults') . "</button></p>";
print "</form>";
}
}
}
}
}
}
function index()
{
global $access_level_names;
$prefs_blacklist = array("STRIP_UNSAFE_TAGS", "REVERSE_HEADLINES", "SORT_HEADLINES_BY_FEED_DATE", "DEFAULT_ARTICLE_LIMIT", "FEEDS_SORT_BY_UNREAD");
/* "FEEDS_SORT_BY_UNREAD", "HIDE_READ_FEEDS", "REVERSE_HEADLINES" */
$profile_blacklist = array("ALLOW_DUPLICATE_POSTS", "PURGE_OLD_DAYS", "PURGE_UNREAD_ARTICLES", "DIGEST_ENABLE", "DIGEST_CATCHUP", "BLACKLISTED_TAGS", "ENABLE_API_ACCESS", "UPDATE_POST_ON_CHECKSUM_CHANGE", "DEFAULT_UPDATE_INTERVAL", "USER_TIMEZONE", "SORT_HEADLINES_BY_FEED_DATE", "SSL_CERT_SERIAL", "DIGEST_PREFERRED_TIME");
$_SESSION["prefs_op_result"] = "";
print "<div dojoType=\"dijit.layout.AccordionContainer\" region=\"center\">";
print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"" . __('Personal data / Authentication') . "\">";
print "<form dojoType=\"dijit.form.Form\" id=\"changeUserdataForm\">";
print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">\n\t\tevt.preventDefault();\n\t\tif (this.validate()) {\n\t\t\tnotify_progress('Saving data...', true);\n\n\t\t\tnew Ajax.Request('backend.php', {\n\t\t\t\tparameters: dojo.objectToQuery(this.getValues()),\n\t\t\t\tonComplete: function(transport) {\n\t\t\t\t\tnotify_callback2(transport);\n\t\t\t} });\n\n\t\t}\n\t\t</script>";
print "<table width=\"100%\" class=\"prefPrefsList\">";
print "<h2>" . __("Personal data") . "</h2>";
$result = $this->dbh->query("SELECT email,full_name,otp_enabled,\n\t\t\taccess_level FROM ttrss_users\n\t\t\tWHERE id = " . $_SESSION["uid"]);
$email = htmlspecialchars($this->dbh->fetch_result($result, 0, "email"));
$full_name = htmlspecialchars($this->dbh->fetch_result($result, 0, "full_name"));
$otp_enabled = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "otp_enabled"));
print "<tr><td width=\"40%\">" . __('Full name') . "</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"full_name\" required=\"1\"\n\t\t\tvalue=\"{$full_name}\"></td></tr>";
print "<tr><td width=\"40%\">" . __('E-mail') . "</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"email\" required=\"1\" value=\"{$email}\"></td></tr>";
if (!SINGLE_USER_MODE && !$_SESSION["hide_hello"]) {
$access_level = $this->dbh->fetch_result($result, 0, "access_level");
print "<tr><td width=\"40%\">" . __('Access level') . "</td>";
print "<td>" . $access_level_names[$access_level] . "</td></tr>";
}
print "</table>";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"changeemail\">";
print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">" . __("Save data") . "</button>";
print "</form>";
if ($_SESSION["auth_module"]) {
$authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
} else {
$authenticator = false;
}
if ($authenticator && method_exists($authenticator, "change_password")) {
print "<h2>" . __("Password") . "</h2>";
$result = $this->dbh->query("SELECT id FROM ttrss_users\n\t\t\t\tWHERE id = " . $_SESSION["uid"] . " AND pwd_hash\n\t\t\t\t= 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'");
if ($this->dbh->num_rows($result) != 0) {
print format_warning(__("Your password is at default value, please change it."), "default_pass_warning");
}
print "<form dojoType=\"dijit.form.Form\">";
print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">\n\t\t\tevt.preventDefault();\n\t\t\tif (this.validate()) {\n\t\t\t\tnotify_progress('Changing password...', true);\n\n\t\t\t\tnew Ajax.Request('backend.php', {\n\t\t\t\t\tparameters: dojo.objectToQuery(this.getValues()),\n\t\t\t\t\tonComplete: function(transport) {\n\t\t\t\t\t\tnotify('');\n\t\t\t\t\t\tif (transport.responseText.indexOf('ERROR: ') == 0) {\n\t\t\t\t\t\t\tnotify_error(transport.responseText.replace('ERROR: ', ''));\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\tnotify_info(transport.responseText);\n\t\t\t\t\t\t\tvar warn = \$('default_pass_warning');\n\t\t\t\t\t\t\tif (warn) Element.hide(warn);\n\t\t\t\t\t\t}\n\t\t\t\t}});\n\t\t\t\tthis.reset();\n\t\t\t}\n\t\t\t</script>";
if ($otp_enabled) {
print_notice(__("Changing your current password will disable OTP."));
}
print "<table width=\"100%\" class=\"prefPrefsList\">";
print "<tr><td width=\"40%\">" . __("Old password") . "</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"old_password\"></td></tr>";
print "<tr><td width=\"40%\">" . __("New password") . "</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\"\n\t\t\t\tname=\"new_password\"></td></tr>";
print "<tr><td width=\"40%\">" . __("Confirm password") . "</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"confirm_password\"></td></tr>";
print "</table>";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"changepassword\">";
print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">" . __("Change password") . "</button>";
print "</form>";
if ($_SESSION["auth_module"] == "auth_internal") {
print "<h2>" . __("One time passwords / Authenticator") . "</h2>";
if ($otp_enabled) {
print_notice(__("One time passwords are currently enabled. Enter your current password below to disable."));
print "<form dojoType=\"dijit.form.Form\">";
print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">\n\t\t\t\tevt.preventDefault();\n\t\t\t\tif (this.validate()) {\n\t\t\t\t\tnotify_progress('Disabling OTP', true);\n\n\t\t\t\t\tnew Ajax.Request('backend.php', {\n\t\t\t\t\t\tparameters: dojo.objectToQuery(this.getValues()),\n\t\t\t\t\t\tonComplete: function(transport) {\n\t\t\t\t\t\t\tnotify('');\n\t\t\t\t\t\t\tif (transport.responseText.indexOf('ERROR: ') == 0) {\n\t\t\t\t\t\t\t\tnotify_error(transport.responseText.replace('ERROR: ', ''));\n\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\twindow.location.reload();\n\t\t\t\t\t\t\t}\n\t\t\t\t\t}});\n\t\t\t\t\tthis.reset();\n\t\t\t\t}\n\t\t\t\t</script>";
print "<table width=\"100%\" class=\"prefPrefsList\">";
print "<tr><td width=\"40%\">" . __("Enter your password") . "</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\"\n\t\t\t\t\tname=\"password\"></td></tr>";
print "</table>";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"otpdisable\">";
print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">" . __("Disable OTP") . "</button>";
print "</form>";
} else {
if (function_exists("imagecreatefromstring")) {
print_warning(__("You will need a compatible Authenticator to use this. Changing your password would automatically disable OTP."));
print "<p>" . __("Scan the following code by the Authenticator application:") . "</p>";
$csrf_token = $_SESSION["csrf_token"];
print "<img src=\"backend.php?op=pref-prefs&method=otpqrcode&csrf_token={$csrf_token}\">";
print "<form dojoType=\"dijit.form.Form\" id=\"changeOtpForm\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"otpenable\">";
print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">\n\t\t\t\t\tevt.preventDefault();\n\t\t\t\t\tif (this.validate()) {\n\t\t\t\t\t\tnotify_progress('Saving data...', true);\n\n\t\t\t\t\t\tnew Ajax.Request('backend.php', {\n\t\t\t\t\t\t\tparameters: dojo.objectToQuery(this.getValues()),\n\t\t\t\t\t\t\tonComplete: function(transport) {\n\t\t\t\t\t\t\t\tnotify('');\n\t\t\t\t\t\t\t\tif (transport.responseText.indexOf('ERROR:') == 0) {\n\t\t\t\t\t\t\t\t\tnotify_error(transport.responseText.replace('ERROR:', ''));\n\t\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t\twindow.location.reload();\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t} });\n\n\t\t\t\t\t}\n\t\t\t\t\t</script>";
print "<table width=\"100%\" class=\"prefPrefsList\">";
print "<tr><td width=\"40%\">" . __("Enter your password") . "</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\"\n\t\t\t\t\t\tname=\"password\"></td></tr>";
print "<tr><td width=\"40%\">" . __("Enter the generated one time password") . "</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" autocomplete=\"off\"\n\t\t\t\t\t\trequired=\"1\"\n\t\t\t\t\t\tname=\"otp\"></td></tr>";
print "<tr><td colspan=\"2\">";
print "</td></tr><tr><td colspan=\"2\">";
print "</td></tr>";
print "</table>";
print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">" . __("Enable OTP") . "</button>";
print "</form>";
} else {
print_notice(__("PHP GD functions are required for OTP support."));
}
}
}
}
PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "hook_prefs_tab_section", "prefPrefsAuth");
print "</div>";
#pane
print "<div dojoType=\"dijit.layout.AccordionPane\" selected=\"true\" title=\"" . __('Preferences') . "\">";
print "<form dojoType=\"dijit.form.Form\" id=\"changeSettingsForm\">";
print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt, quit\">\n\t\tif (evt) evt.preventDefault();\n\t\tif (this.validate()) {\n\t\t\tconsole.log(dojo.objectToQuery(this.getValues()));\n\n\t\t\tnew Ajax.Request('backend.php', {\n\t\t\t\tparameters: dojo.objectToQuery(this.getValues()),\n\t\t\t\tonComplete: function(transport) {\n\t\t\t\t\tvar msg = transport.responseText;\n\t\t\t\t\tif (quit) {\n\t\t\t\t\t\tgotoMain();\n\t\t\t\t\t} else {\n\t\t\t\t\t\tif (msg == 'PREFS_NEED_RELOAD') {\n\t\t\t\t\t\t\twindow.location.reload();\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\tnotify_info(msg);\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t} });\n\t\t}\n\t\t</script>";
print '<div dojoType="dijit.layout.BorderContainer" gutters="false">';
print '<div dojoType="dijit.layout.ContentPane" region="center" style="overflow-y : auto">';
if ($_SESSION["profile"]) {
print_notice(__("Some preferences are only available in default profile."));
}
if ($_SESSION["profile"]) {
initialize_user_prefs($_SESSION["uid"], $_SESSION["profile"]);
$profile_qpart = "profile = '" . $_SESSION["profile"] . "'";
} else {
initialize_user_prefs($_SESSION["uid"]);
$profile_qpart = "profile IS NULL";
}
/* if ($_SESSION["prefs_show_advanced"])
$access_query = "true";
else
$access_query = "(access_level = 0 AND section_id != 3)"; */
$access_query = 'true';
$result = $this->dbh->query("SELECT DISTINCT\n\t\t\tttrss_user_prefs.pref_name,value,type_name,\n\t\t\tttrss_prefs_sections.order_id,\n\t\t\tdef_value,section_id\n\t\t\tFROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs\n\t\t\tWHERE type_id = ttrss_prefs_types.id AND\n\t\t\t\t{$profile_qpart} AND\n\t\t\t\tsection_id = ttrss_prefs_sections.id AND\n\t\t\t\tttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND\n\t\t\t\t{$access_query} AND\n\t\t\t\towner_uid = " . $_SESSION["uid"] . "\n\t\t\tORDER BY ttrss_prefs_sections.order_id,pref_name");
$lnum = 0;
$active_section = "";
$listed_boolean_prefs = array();
while ($line = $this->dbh->fetch_assoc($result)) {
if (in_array($line["pref_name"], $prefs_blacklist)) {
continue;
}
$type_name = $line["type_name"];
$pref_name = $line["pref_name"];
$section_name = $this->getSectionName($line["section_id"]);
$value = $line["value"];
$short_desc = $this->getShortDesc($pref_name);
$help_text = $this->getHelpText($pref_name);
if (!$short_desc) {
continue;
}
if ($_SESSION["profile"] && in_array($line["pref_name"], $profile_blacklist)) {
continue;
}
if ($active_section != $line["section_id"]) {
if ($active_section != "") {
print "</table>";
}
print "<table width=\"100%\" class=\"prefPrefsList\">";
$active_section = $line["section_id"];
print "<tr><td colspan=\"3\"><h3>" . $section_name . "</h3></td></tr>";
$lnum = 0;
}
print "<tr>";
print "<td width=\"40%\" class=\"prefName\" id=\"{$pref_name}\">";
print "<label for='CB_{$pref_name}'>";
print $short_desc;
print "</label>";
if ($help_text) {
print "<div class=\"prefHelp\">" . __($help_text) . "</div>";
}
print "</td>";
print "<td class=\"prefValue\">";
if ($pref_name == "USER_LANGUAGE") {
print_select_hash($pref_name, $value, get_translations(), "style='width : 220px; margin : 0px' dojoType='dijit.form.Select'");
} else {
if ($pref_name == "USER_TIMEZONE") {
$timezones = explode("\n", file_get_contents("lib/timezones.txt"));
print_select($pref_name, $value, $timezones, 'dojoType="dijit.form.FilteringSelect"');
} else {
if ($pref_name == "USER_STYLESHEET") {
print "<button dojoType=\"dijit.form.Button\"\n\t\t\t\t\tonclick=\"customizeCSS()\">" . __('Customize') . "</button>";
} else {
if ($pref_name == "USER_CSS_THEME") {
$themes = array_map("basename", glob("themes/*.css"));
print_select($pref_name, $value, $themes, 'dojoType="dijit.form.Select"');
} else {
if ($pref_name == "DEFAULT_UPDATE_INTERVAL") {
global $update_intervals_nodefault;
print_select_hash($pref_name, $value, $update_intervals_nodefault, 'dojoType="dijit.form.Select"');
} else {
if ($type_name == "bool") {
array_push($listed_boolean_prefs, $pref_name);
$checked = $value == "true" ? "checked=\"checked\"" : "";
if ($pref_name == "PURGE_UNREAD_ARTICLES" && FORCE_ARTICLE_PURGE != 0) {
$disabled = "disabled=\"1\"";
$checked = "checked=\"checked\"";
} else {
$disabled = "";
}
print "<input type='checkbox' name='{$pref_name}' {$checked} {$disabled}\n\t\t\t\t\tdojoType='dijit.form.CheckBox' id='CB_{$pref_name}' value='1'>";
} else {
if (array_search($pref_name, array('FRESH_ARTICLE_MAX_AGE', 'PURGE_OLD_DAYS', 'LONG_DATE_FORMAT', 'SHORT_DATE_FORMAT')) !== false) {
$regexp = $type_name == 'integer' ? 'regexp="^\\d*$"' : '';
if ($pref_name == "PURGE_OLD_DAYS" && FORCE_ARTICLE_PURGE != 0) {
$disabled = "disabled=\"1\"";
$value = FORCE_ARTICLE_PURGE;
} else {
$disabled = "";
}
print "<input dojoType=\"dijit.form.ValidationTextBox\"\n\t\t\t\t\trequired=\"1\" {$regexp} {$disabled}\n\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\">";
} else {
if ($pref_name == "SSL_CERT_SERIAL") {
print "<input dojoType=\"dijit.form.ValidationTextBox\"\n\t\t\t\t\tid=\"SSL_CERT_SERIAL\" readonly=\"1\"\n\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\">";
$cert_serial = htmlspecialchars(get_ssl_certificate_id());
$has_serial = $cert_serial ? "false" : "true";
print " <button dojoType=\"dijit.form.Button\" disabled=\"{$has_serial}\"\n\t\t\t\t\tonclick=\"insertSSLserial('{$cert_serial}')\">" . __('Register') . "</button>";
print " <button dojoType=\"dijit.form.Button\"\n\t\t\t\t\tonclick=\"insertSSLserial('')\">" . __('Clear') . "</button>";
} else {
if ($pref_name == 'DIGEST_PREFERRED_TIME') {
print "<input dojoType=\"dijit.form.ValidationTextBox\"\n\t\t\t\t\tid=\"{$pref_name}\" regexp=\"[012]?\\d:\\d\\d\" placeHolder=\"12:00\"\n\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\"><div class=\"insensitive\">" . T_sprintf("Current server time: %s (UTC)", date("H:i")) . "</div>";
} else {
$regexp = $type_name == 'integer' ? 'regexp="^\\d*$"' : '';
print "<input dojoType=\"dijit.form.ValidationTextBox\"\n\t\t\t\t\t{$regexp}\n\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\">";
}
}
}
}
}
}
}
}
}
print "</td>";
print "</tr>";
$lnum++;
}
print "</table>";
$listed_boolean_prefs = htmlspecialchars(join(",", $listed_boolean_prefs));
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"boolean_prefs\" value=\"{$listed_boolean_prefs}\">";
PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "hook_prefs_tab_section", "prefPrefsPrefsInside");
print '</div>';
# inside pane
print '<div dojoType="dijit.layout.ContentPane" region="bottom">';
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"saveconfig\">";
print "<div dojoType=\"dijit.form.ComboButton\" type=\"submit\">\n\t\t\t<span>" . __('Save configuration') . "</span>\n\t\t\t<div dojoType=\"dijit.DropDownMenu\">\n\t\t\t\t<div dojoType=\"dijit.MenuItem\"\n\t\t\t\t\tonclick=\"dijit.byId('changeSettingsForm').onSubmit(null, true)\">" . __("Save and exit preferences") . "</div>\n\t\t\t</div>\n\t\t\t</div>";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return editProfiles()\">" . __('Manage profiles') . "</button> ";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return validatePrefsReset()\">" . __('Reset to defaults') . "</button>";
print " ";
/* $checked = $_SESSION["prefs_show_advanced"] ? "checked='1'" : "";
print "<input onclick='toggleAdvancedPrefs()'
id='prefs_show_advanced'
dojoType=\"dijit.form.CheckBox\"
$checked
type=\"checkbox\"></input>
<label for='prefs_show_advanced'>" .
__("Show additional preferences") . "</label>"; */
PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "hook_prefs_tab_section", "prefPrefsPrefsOutside");
print "</form>";
print '</div>';
# inner pane
print '</div>';
# border container
print "</div>";
#pane
print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"" . __('Plugins') . "\">";
print "<p>" . __("You will need to reload Tiny Tiny RSS for plugin changes to take effect.") . "</p>";
print_notice(__("Download more plugins at tt-rss.org <a class=\"visibleLink\" target=\"_blank\" href=\"http://tt-rss.org/forum/viewforum.php?f=22\">forums</a> or <a target=\"_blank\" class=\"visibleLink\" href=\"http://tt-rss.org/wiki/Plugins\">wiki</a>."));
print "<form dojoType=\"dijit.form.Form\" id=\"changePluginsForm\">";
print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">\n\t\tevt.preventDefault();\n\t\tif (this.validate()) {\n\t\t\tnotify_progress('Saving data...', true);\n\n\t\t\tnew Ajax.Request('backend.php', {\n\t\t\t\tparameters: dojo.objectToQuery(this.getValues()),\n\t\t\t\tonComplete: function(transport) {\n\t\t\t\t\tnotify('');\n\t\t\t\t\tif (confirm(__('Selected plugins have been enabled. Reload?'))) {\n\t\t\t\t\t\twindow.location.reload();\n\t\t\t\t\t}\n\t\t\t} });\n\n\t\t}\n\t\t</script>";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"setplugins\">";
print "<table width='100%' class='prefPluginsList'>";
print "<tr><td colspan='4'><h3>" . __("System plugins") . "</h3></td></tr>";
print "<tr class=\"title\">\n\t\t\t\t<td width=\"5%\"> </td>\n\t\t\t\t<td width='10%'>" . __('Plugin') . "</td>\n\t\t\t\t<td width=''>" . __('Description') . "</td>\n\t\t\t\t<td width='5%'>" . __('Version') . "</td>\n\t\t\t\t<td width='10%'>" . __('Author') . "</td></tr>";
$system_enabled = array_map("trim", explode(",", PLUGINS));
$user_enabled = array_map("trim", explode(",", get_pref("_ENABLED_PLUGINS")));
$tmppluginhost = new PluginHost();
$tmppluginhost->load_all($tmppluginhost::KIND_ALL, $_SESSION["uid"]);
$tmppluginhost->load_data(true);
foreach ($tmppluginhost->get_plugins() as $name => $plugin) {
$about = $plugin->about();
if ($about[3] && strpos($name, "example") === FALSE) {
if (in_array($name, $system_enabled)) {
$checked = "checked='1'";
} else {
$checked = "";
}
print "<tr>";
print "<td align='center'><input disabled='1'\n\t\t\t\t\t\tdojoType=\"dijit.form.CheckBox\" {$checked}\n\t\t\t\t\t\ttype=\"checkbox\"></td>";
$plugin_icon = $checked ? "plugin.png" : "plugin_disabled.png";
print "<td><label><img src='images/{$plugin_icon}' alt=''> {$name}</label></td>";
print "<td>" . htmlspecialchars($about[1]);
if (@$about[4]) {
print " — <a target=\"_blank\" class=\"visibleLink\"\n\t\t\t\t\t\thref=\"" . htmlspecialchars($about[4]) . "\">" . __("more info") . "</a>";
}
print "</td>";
print "<td>" . htmlspecialchars(sprintf("%.2f", $about[0])) . "</td>";
print "<td>" . htmlspecialchars($about[2]) . "</td>";
if (count($tmppluginhost->get_all($plugin)) > 0) {
if (in_array($name, $system_enabled)) {
print "<td><a href='#' onclick=\"clearPluginData('{$name}')\"\n\t\t\t\t\t\t\tclass='visibleLink'>" . __("Clear data") . "</a></td>";
}
}
print "</tr>";
}
}
print "<tr><td colspan='4'><h3>" . __("User plugins") . "</h3></td></tr>";
print "<tr class=\"title\">\n\t\t\t\t<td width=\"5%\"> </td>\n\t\t\t\t<td width='10%'>" . __('Plugin') . "</td>\n\t\t\t\t<td width=''>" . __('Description') . "</td>\n\t\t\t\t<td width='5%'>" . __('Version') . "</td>\n\t\t\t\t<td width='10%'>" . __('Author') . "</td></tr>";
foreach ($tmppluginhost->get_plugins() as $name => $plugin) {
$about = $plugin->about();
if (!$about[3] && strpos($name, "example") === FALSE) {
if (in_array($name, $system_enabled)) {
$checked = "checked='1'";
$disabled = "disabled='1'";
$rowclass = '';
} else {
if (in_array($name, $user_enabled)) {
$checked = "checked='1'";
$disabled = "";
$rowclass = "Selected";
} else {
$checked = "";
$disabled = "";
$rowclass = '';
}
}
print "<tr class='{$rowclass}'>";
$plugin_icon = $checked ? "plugin.png" : "plugin_disabled.png";
print "<td align='center'><input id='FPCHK-{$name}' name='plugins[]' value='{$name}' onclick='toggleSelectRow2(this);'\n\t\t\t\t\tdojoType=\"dijit.form.CheckBox\" {$checked} {$disabled}\n\t\t\t\t\ttype=\"checkbox\"></td>";
print "<td><label for='FPCHK-{$name}'><img src='images/{$plugin_icon}' alt=''> {$name}</label></td>";
print "<td><label for='FPCHK-{$name}'>" . htmlspecialchars($about[1]) . "</label>";
if (@$about[4]) {
print " — <a target=\"_blank\" class=\"visibleLink\"\n\t\t\t\t\t\thref=\"" . htmlspecialchars($about[4]) . "\">" . __("more info") . "</a>";
}
print "</td>";
print "<td>" . htmlspecialchars(sprintf("%.2f", $about[0])) . "</td>";
print "<td>" . htmlspecialchars($about[2]) . "</td>";
if (count($tmppluginhost->get_all($plugin)) > 0) {
if (in_array($name, $system_enabled) || in_array($name, $user_enabled)) {
print "<td><a href='#' onclick=\"clearPluginData('{$name}')\" class='visibleLink'>" . __("Clear data") . "</a></td>";
}
}
print "</tr>";
}
}
print "</table>";
print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">" . __("Enable selected plugins") . "</button></p>";
print "</form>";
print "</div>";
#pane
PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB, "hook_prefs_tab", "prefPrefs");
print "</div>";
#container
}
function authenticate_user($link, $login, $password, $force_auth = false)
{
if (!SINGLE_USER_MODE) {
$pwd_hash1 = encrypt_password($password);
$pwd_hash2 = encrypt_password($password, $login);
$login = db_escape_string($login);
if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH && $_SERVER["REMOTE_USER"] && $login != "admin") {
$login = db_escape_string($_SERVER["REMOTE_USER"]);
$query = "SELECT id,login,access_level,pwd_hash\n\t FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******'";
} else {
$query = "SELECT id,login,access_level,pwd_hash\n\t FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******' AND (pwd_hash = '{$pwd_hash1}' OR\n\t\t\t\t\t\tpwd_hash = '{$pwd_hash2}')";
}
$result = db_query($link, $query);
if (db_num_rows($result) == 1) {
$_SESSION["uid"] = db_fetch_result($result, 0, "id");
$_SESSION["name"] = db_fetch_result($result, 0, "login");
$_SESSION["access_level"] = db_fetch_result($result, 0, "access_level");
db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]);
$_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"];
$_SESSION["pwd_hash"] = db_fetch_result($result, 0, "pwd_hash");
initialize_user_prefs($link, $_SESSION["uid"]);
return true;
}
return false;
} else {
$_SESSION["uid"] = 1;
$_SESSION["name"] = "admin";
$_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"];
initialize_user_prefs($link, $_SESSION["uid"]);
return true;
}
}
function authenticate_user($link, $login, $password, $check_only = false)
{
if (!SINGLE_USER_MODE) {
$user_id = false;
$modules = explode(",", AUTH_MODULES);
foreach ($modules as $module) {
$module_class = "auth_{$module}";
if (class_exists($module_class)) {
$authenticator = new $module_class($link);
$user_id = (int) $authenticator->authenticate($login, $password);
if ($user_id) {
$_SESSION["auth_module"] = $module;
break;
}
} else {
print T_sprintf("Fatal: authentication module %s not found.", $module);
die;
}
}
if ($user_id && !$check_only) {
$_SESSION["uid"] = $user_id;
$result = db_query($link, "SELECT login,access_level,pwd_hash FROM ttrss_users\n\t\t\t\t\tWHERE id = '{$user_id}'");
$_SESSION["name"] = db_fetch_result($result, 0, "login");
$_SESSION["access_level"] = db_fetch_result($result, 0, "access_level");
$_SESSION["csrf_token"] = sha1(uniqid(rand(), true));
db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]);
$_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"];
$_SESSION["pwd_hash"] = db_fetch_result($result, 0, "pwd_hash");
$_SESSION["last_version_check"] = time();
initialize_user_prefs($link, $_SESSION["uid"]);
return true;
}
return false;
} else {
$_SESSION["uid"] = 1;
$_SESSION["name"] = "admin";
$_SESSION["access_level"] = 10;
$_SESSION["hide_hello"] = true;
$_SESSION["hide_logout"] = true;
$_SESSION["auth_module"] = false;
if (!$_SESSION["csrf_token"]) {
$_SESSION["csrf_token"] = sha1(uniqid(rand(), true));
}
$_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"];
initialize_user_prefs($link, $_SESSION["uid"]);
return true;
}
}
function authenticate_user($link, $login, $password, $force_auth = false)
{
if (!SINGLE_USER_MODE) {
$pwd_hash1 = encrypt_password($password);
$pwd_hash2 = encrypt_password($password, $login);
$login = db_escape_string($login);
$remote_user = get_remote_user($link);
if ($remote_user && $remote_user == $login && $login != "admin") {
$login = $remote_user;
$query = "SELECT id,login,access_level,pwd_hash\n\t FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******'";
if (defined('AUTO_CREATE_USER') && AUTO_CREATE_USER && $_SERVER["REMOTE_USER"]) {
$result = db_query($link, $query);
// First login ?
if (db_num_rows($result) == 0) {
$query2 = "INSERT INTO ttrss_users\n\t\t\t\t\t\t\t\t(login,access_level,last_login,created)\n\t\t\t\t\t\t\t\tVALUES ('{$login}', 0, null, NOW())";
db_query($link, $query2);
}
}
} else {
$query = "SELECT id,login,access_level,pwd_hash\n\t FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******' AND (pwd_hash = '{$pwd_hash1}' OR\n\t\t\t\t\t\tpwd_hash = '{$pwd_hash2}')";
}
$result = db_query($link, $query);
if (db_num_rows($result) == 1) {
$_SESSION["uid"] = db_fetch_result($result, 0, "id");
$_SESSION["name"] = db_fetch_result($result, 0, "login");
$_SESSION["access_level"] = db_fetch_result($result, 0, "access_level");
db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]);
// LemonLDAP can send user informations via HTTP HEADER
if (defined('AUTO_CREATE_USER') && AUTO_CREATE_USER) {
// update user name
$fullname = $_SERVER['HTTP_USER_NAME'] ? $_SERVER['HTTP_USER_NAME'] : $_SERVER['AUTHENTICATE_CN'];
if ($fullname) {
$fullname = db_escape_string($fullname);
db_query($link, "UPDATE ttrss_users SET full_name = '{$fullname}' WHERE id = " . $_SESSION["uid"]);
}
// update user mail
$email = $_SERVER['HTTP_USER_MAIL'] ? $_SERVER['HTTP_USER_MAIL'] : $_SERVER['AUTHENTICATE_MAIL'];
if ($email) {
$email = db_escape_string($email);
db_query($link, "UPDATE ttrss_users SET email = '{$email}' WHERE id = " . $_SESSION["uid"]);
}
}
$_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"];
$_SESSION["pwd_hash"] = db_fetch_result($result, 0, "pwd_hash");
$_SESSION["last_version_check"] = time();
initialize_user_prefs($link, $_SESSION["uid"]);
return true;
}
return false;
} else {
$_SESSION["uid"] = 1;
$_SESSION["name"] = "admin";
$_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"];
initialize_user_prefs($link, $_SESSION["uid"]);
return true;
}
}
function index()
{
global $access_level_names;
$prefs_blacklist = array("HIDE_READ_FEEDS", "FEEDS_SORT_BY_UNREAD", "STRIP_UNSAFE_TAGS");
$profile_blacklist = array("ALLOW_DUPLICATE_POSTS", "PURGE_OLD_DAYS", "PURGE_UNREAD_ARTICLES", "DIGEST_ENABLE", "DIGEST_CATCHUP", "BLACKLISTED_TAGS", "ENABLE_API_ACCESS", "UPDATE_POST_ON_CHECKSUM_CHANGE", "DEFAULT_UPDATE_INTERVAL", "USER_TIMEZONE", "SORT_HEADLINES_BY_FEED_DATE", "SSL_CERT_SERIAL", "DIGEST_PREFERRED_TIME");
$_SESSION["prefs_op_result"] = "";
print "<div dojoType=\"dijit.layout.AccordionContainer\" region=\"center\">";
print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"" . __('Personal data / Authentication') . "\">";
print "<form dojoType=\"dijit.form.Form\" id=\"changeUserdataForm\">";
print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">\n\t\tevt.preventDefault();\n\t\tif (this.validate()) {\n\t\t\tnotify_progress('Saving data...', true);\n\n\t\t\tnew Ajax.Request('backend.php', {\n\t\t\t\tparameters: dojo.objectToQuery(this.getValues()),\n\t\t\t\tonComplete: function(transport) {\n\t\t\t\t\tnotify_callback2(transport);\n\t\t\t} });\n\n\t\t}\n\t\t</script>";
print "<table width=\"100%\" class=\"prefPrefsList\">";
$result = db_query($this->link, "SELECT email,full_name,\n\t\t\taccess_level FROM ttrss_users\n\t\t\tWHERE id = " . $_SESSION["uid"]);
$email = htmlspecialchars(db_fetch_result($result, 0, "email"));
$full_name = htmlspecialchars(db_fetch_result($result, 0, "full_name"));
print "<tr><td width=\"40%\">" . __('Full name') . "</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"full_name\" required=\"1\"\n\t\t\tvalue=\"{$full_name}\"></td></tr>";
print "<tr><td width=\"40%\">" . __('E-mail') . "</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"email\" required=\"1\" value=\"{$email}\"></td></tr>";
if (!SINGLE_USER_MODE && !(ALLOW_REMOTE_USER_AUTH && AUTO_LOGIN)) {
$access_level = db_fetch_result($result, 0, "access_level");
print "<tr><td width=\"40%\">" . __('Access level') . "</td>";
print "<td>" . $access_level_names[$access_level] . "</td></tr>";
}
print "</table>";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"changeemail\">";
print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">" . __("Save data") . "</button>";
print "</form>";
if (!SINGLE_USER_MODE && !(ALLOW_REMOTE_USER_AUTH && AUTO_LOGIN)) {
$result = db_query($this->link, "SELECT id FROM ttrss_users\n\t\t\t\tWHERE id = " . $_SESSION["uid"] . " AND pwd_hash\n\t\t\t\t= 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'");
if (db_num_rows($result) != 0) {
print format_warning(__("Your password is at default value, please change it."), "default_pass_warning");
}
print "<form dojoType=\"dijit.form.Form\">";
print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">\n\t\t\tevt.preventDefault();\n\t\t\tif (this.validate()) {\n\t\t\t\tnotify_progress('Changing password...', true);\n\n\t\t\t\tnew Ajax.Request('backend.php', {\n\t\t\t\t\tparameters: dojo.objectToQuery(this.getValues()),\n\t\t\t\t\tonComplete: function(transport) {\n\t\t\t\t\t\tnotify('');\n\t\t\t\t\t\tif (transport.responseText.indexOf('ERROR: ') == 0) {\n\t\t\t\t\t\t\tnotify_error(transport.responseText.replace('ERROR: ', ''));\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\tnotify_info(transport.responseText);\n\t\t\t\t\t\t\tvar warn = \$('default_pass_warning');\n\t\t\t\t\t\t\tif (warn) Element.hide(warn);\n\t\t\t\t\t\t}\n\t\t\t\t}});\n\t\t\t\tthis.reset();\n\t\t\t}\n\t\t\t</script>";
print "<table width=\"100%\" class=\"prefPrefsList\">";
print "<tr><td width=\"40%\">" . __("Old password") . "</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"old_password\"></td></tr>";
print "<tr><td width=\"40%\">" . __("New password") . "</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\"\n\t\t\t\tname=\"new_password\"></td></tr>";
print "<tr><td width=\"40%\">" . __("Confirm password") . "</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"confirm_password\"></td></tr>";
print "</table>";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"changepassword\">";
print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">" . __("Change password") . "</button>";
print "</form>";
}
print "</div>";
#pane
print "<div dojoType=\"dijit.layout.AccordionPane\" selected=\"true\" title=\"" . __('Preferences') . "\">";
print "<form dojoType=\"dijit.form.Form\" id=\"changeSettingsForm\">";
print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">\n\t\tevt.preventDefault();\n\t\tif (this.validate()) {\n\t\t\tconsole.log(dojo.objectToQuery(this.getValues()));\n\n\t\t\tnew Ajax.Request('backend.php', {\n\t\t\t\tparameters: dojo.objectToQuery(this.getValues()),\n\t\t\t\tonComplete: function(transport) {\n\t\t\t\t\tvar msg = transport.responseText;\n\t\t\t\t\tif (msg.match('PREFS_THEME_CHANGED')) {\n\t\t\t\t\t\twindow.location.reload();\n\t\t\t\t\t} else {\n\t\t\t\t\t\tnotify_info(msg);\n\t\t\t\t\t}\n\t\t\t} });\n\t\t}\n\t\t</script>";
print '<div dojoType="dijit.layout.BorderContainer" gutters="false">';
print '<div dojoType="dijit.layout.ContentPane" region="center" style="overflow-y : auto">';
if ($_SESSION["profile"]) {
print_notice("Some preferences are only available in default profile.");
}
if ($_SESSION["profile"]) {
initialize_user_prefs($this->link, $_SESSION["uid"], $_SESSION["profile"]);
$profile_qpart = "profile = '" . $_SESSION["profile"] . "'";
} else {
initialize_user_prefs($this->link, $_SESSION["uid"]);
$profile_qpart = "profile IS NULL";
}
$result = db_query($this->link, "SELECT DISTINCT\n\t\t\tttrss_user_prefs.pref_name,short_desc,help_text,value,type_name,\n\t\t\tsection_name,def_value,section_id\n\t\t\tFROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs\n\t\t\tWHERE type_id = ttrss_prefs_types.id AND\n\t\t\t\t{$profile_qpart} AND\n\t\t\t\tsection_id = ttrss_prefs_sections.id AND\n\t\t\t\tttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND\n\t\t\t\tshort_desc != '' AND\n\t\t\t\towner_uid = " . $_SESSION["uid"] . "\n\t\t\tORDER BY section_id,short_desc");
$lnum = 0;
$active_section = "";
while ($line = db_fetch_assoc($result)) {
if (in_array($line["pref_name"], $prefs_blacklist)) {
continue;
}
if ($_SESSION["profile"] && in_array($line["pref_name"], $profile_blacklist)) {
continue;
}
if ($active_section != $line["section_name"]) {
if ($active_section != "") {
print "</table>";
}
print "<table width=\"100%\" class=\"prefPrefsList\">";
$active_section = $line["section_name"];
print "<tr><td colspan=\"3\"><h3>" . __($active_section) . "</h3></td></tr>";
if ($line["section_id"] == 2) {
print "<tr><td width=\"40%\">" . __("Select theme") . "</td>";
$user_theme = get_pref($this->link, "_THEME_ID");
$themes = get_all_themes();
print "<td><select name=\"_THEME_ID\" dojoType=\"dijit.form.Select\">";
print "<option value='Default'>" . __('Default') . "</option>";
print "<option value='----------------' disabled=\"1\">--------</option>";
foreach ($themes as $t) {
$base = $t['base'];
$name = $t['name'];
if ($base == $user_theme) {
$selected = "selected=\"1\"";
} else {
$selected = "";
}
print "<option {$selected} value='{$base}'>{$name}</option>";
}
print "</select></td></tr>";
}
$lnum = 0;
}
print "<tr>";
$type_name = $line["type_name"];
$pref_name = $line["pref_name"];
$value = $line["value"];
$def_value = $line["def_value"];
$help_text = $line["help_text"];
print "<td width=\"40%\" class=\"prefName\" id=\"{$pref_name}\">" . __($line["short_desc"]);
if ($help_text) {
print "<div class=\"prefHelp\">" . __($help_text) . "</div>";
}
print "</td>";
print "<td class=\"prefValue\">";
if ($pref_name == "USER_TIMEZONE") {
$timezones = explode("\n", file_get_contents("lib/timezones.txt"));
print_select($pref_name, $value, $timezones, 'dojoType="dijit.form.FilteringSelect"');
} else {
if ($pref_name == "USER_STYLESHEET") {
print "<button dojoType=\"dijit.form.Button\"\n\t\t\t\t\tonclick=\"customizeCSS()\">" . __('Customize') . "</button>";
} else {
if ($pref_name == "DEFAULT_ARTICLE_LIMIT") {
$limits = array(15, 30, 45, 60);
print_select($pref_name, $value, $limits, 'dojoType="dijit.form.Select"');
} else {
if ($pref_name == "DEFAULT_UPDATE_INTERVAL") {
global $update_intervals_nodefault;
print_select_hash($pref_name, $value, $update_intervals_nodefault, 'dojoType="dijit.form.Select"');
} else {
if ($type_name == "bool") {
if ($value == "true") {
$value = __("Yes");
} else {
$value = __("No");
}
if ($pref_name == "PURGE_UNREAD_ARTICLES" && FORCE_ARTICLE_PURGE != 0) {
$disabled = "disabled=\"1\"";
$value = __("Yes");
} else {
$disabled = "";
}
print_radio($pref_name, $value, __("Yes"), array(__("Yes"), __("No")), $disabled);
} else {
if (array_search($pref_name, array('FRESH_ARTICLE_MAX_AGE', 'DEFAULT_ARTICLE_LIMIT', 'PURGE_OLD_DAYS', 'LONG_DATE_FORMAT', 'SHORT_DATE_FORMAT')) !== false) {
$regexp = $type_name == 'integer' ? 'regexp="^\\d*$"' : '';
if ($pref_name == "PURGE_OLD_DAYS" && FORCE_ARTICLE_PURGE != 0) {
$disabled = "disabled=\"1\"";
$value = FORCE_ARTICLE_PURGE;
} else {
$disabled = "";
}
print "<input dojoType=\"dijit.form.ValidationTextBox\"\n\t\t\t\t\trequired=\"1\" {$regexp} {$disabled}\n\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\">";
} else {
if ($pref_name == "SSL_CERT_SERIAL") {
print "<input dojoType=\"dijit.form.ValidationTextBox\"\n\t\t\t\t\tid=\"SSL_CERT_SERIAL\" readonly=\"1\"\n\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\">";
$cert_serial = htmlspecialchars(get_ssl_certificate_id());
$has_serial = $cert_serial ? "false" : "true";
print " <button dojoType=\"dijit.form.Button\" disabled=\"{$has_serial}\"\n\t\t\t\t\tonclick=\"insertSSLserial('{$cert_serial}')\">" . __('Register') . "</button>";
print " <button dojoType=\"dijit.form.Button\"\n\t\t\t\t\tonclick=\"insertSSLserial('')\">" . __('Clear') . "</button>";
} else {
if ($pref_name == 'DIGEST_PREFERRED_TIME') {
print "<input dojoType=\"dijit.form.ValidationTextBox\"\n\t\t\t\t\tid=\"{$pref_name}\" regexp=\"[012]?\\d:\\d\\d\" placeHolder=\"12:00\"\n\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\"><div class=\"insensitive\">" . T_sprintf("Current server time: %s (UTC)", date("H:i")) . "</div>";
} else {
$regexp = $type_name == 'integer' ? 'regexp="^\\d*$"' : '';
print "<input dojoType=\"dijit.form.ValidationTextBox\"\n\t\t\t\t\t{$regexp}\n\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\">";
}
}
}
}
}
}
}
}
print "</td>";
print "</tr>";
$lnum++;
}
print "</table>";
print '</div>';
# inside pane
print '<div dojoType="dijit.layout.ContentPane" region="bottom">';
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"saveconfig\">";
print "<button dojoType=\"dijit.form.Button\" type=\"submit\">" . __('Save configuration') . "</button> ";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return editProfiles()\">" . __('Manage profiles') . "</button> ";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return validatePrefsReset()\">" . __('Reset to defaults') . "</button>";
print '</div>';
# inner pane
print '</div>';
# border container
print "</form>";
print "</div>";
#pane
print "</div>";
#container
}
