function addprofile() { $title = db_escape_string(trim($_REQUEST["title"])); if ($title) { db_query($this->link, "BEGIN"); $result = db_query($this->link, "SELECT id FROM ttrss_settings_profiles\n\t\t\t\tWHERE title = '{$title}' AND owner_uid = " . $_SESSION["uid"]); if (db_num_rows($result) == 0) { db_query($this->link, "INSERT INTO ttrss_settings_profiles (title, owner_uid)\n\t\t\t\t\t\t\tVALUES ('{$title}', " . $_SESSION["uid"] . ")"); $result = db_query($this->link, "SELECT id FROM ttrss_settings_profiles WHERE\n\t\t\t\t\ttitle = '{$title}'"); if (db_num_rows($result) != 0) { $profile_id = db_fetch_result($result, 0, "id"); if ($profile_id) { initialize_user_prefs($this->link, $_SESSION["uid"], $profile_id); } } } db_query($this->link, "COMMIT"); } }
function addprofile() { $title = $this->dbh->escape_string(trim($_REQUEST["title"])); if (!$title) { return; } $this->dbh->query("BEGIN"); $result = $this->dbh->query("SELECT id FROM ttrss_settings_profiles\n WHERE title = '{$title}' AND owner_uid = " . $_SESSION["uid"]); if ($this->dbh->num_rows($result) == 0) { $this->dbh->query("INSERT INTO ttrss_settings_profiles (title, owner_uid)\n VALUES ('{$title}', " . $_SESSION["uid"] . ")"); $result = $this->dbh->query("SELECT id FROM ttrss_settings_profiles\n WHERE title = '{$title}'"); if ($this->dbh->num_rows($result) != 0) { $profile_id = $this->dbh->fetch_result($result, 0, "id"); if ($profile_id) { initialize_user_prefs($_SESSION["uid"], $profile_id); } } } $this->dbh->query("COMMIT"); }
function authenticate_user($login, $password, $check_only = false) { if (!SINGLE_USER_MODE) { $user_id = false; foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_AUTH_USER) as $plugin) { $user_id = (int) $plugin->authenticate($login, $password); if ($user_id) { $_SESSION["auth_module"] = strtolower(get_class($plugin)); break; } } if ($user_id && !$check_only) { @session_start(); $_SESSION["uid"] = $user_id; $_SESSION["version"] = VERSION_STATIC; $result = db_query("SELECT login,access_level,pwd_hash FROM ttrss_users\n\t\t\t\t\tWHERE id = '{$user_id}'"); $_SESSION["name"] = db_fetch_result($result, 0, "login"); $_SESSION["access_level"] = db_fetch_result($result, 0, "access_level"); $_SESSION["csrf_token"] = uniqid_short(); db_query("UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]); $_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"]; $_SESSION["user_agent"] = sha1($_SERVER['HTTP_USER_AGENT']); $_SESSION["pwd_hash"] = db_fetch_result($result, 0, "pwd_hash"); $_SESSION["last_version_check"] = time(); initialize_user_prefs($_SESSION["uid"]); return true; } return false; } else { $_SESSION["uid"] = 1; $_SESSION["name"] = "admin"; $_SESSION["access_level"] = 10; $_SESSION["hide_hello"] = true; $_SESSION["hide_logout"] = true; $_SESSION["auth_module"] = false; if (!$_SESSION["csrf_token"]) { $_SESSION["csrf_token"] = uniqid_short(); } $_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"]; initialize_user_prefs($_SESSION["uid"]); return true; } }
function module_pref_prefs($link) { global $access_level_names; $subop = $_REQUEST["subop"]; $prefs_blacklist = array("HIDE_FEEDLIST", "SYNC_COUNTERS", "ENABLE_LABELS", "ENABLE_SEARCH_TOOLBAR", "HIDE_READ_FEEDS"); $profile_blacklist = array("ALLOW_DUPLICATE_POSTS", "PURGE_OLD_DAYS", "PURGE_UNREAD_ARTICLES", "DIGEST_ENABLE", "DIGEST_CATCHUP", "BLACKLISTED_TAGS", "ENABLE_FEED_ICONS", "ENABLE_API_ACCESS", "UPDATE_POST_ON_CHECKSUM_CHANGE", "DEFAULT_UPDATE_INTERVAL", "MARK_UNREAD_ON_UPDATE"); if (FORCE_ARTICLE_PURGE != 0) { array_push($prefs_blacklist, "PURGE_OLD_DAYS"); array_push($prefs_blacklist, "PURGE_UNREAD_ARTICLES"); } if ($subop == "change-password") { $old_pw = $_POST["OLD_PASSWORD"]; $new_pw = $_POST["NEW_PASSWORD"]; $con_pw = $_POST["CONFIRM_PASSWORD"]; if ($old_pw == "") { print "ERROR: " . __("Old password cannot be blank."); return; } if ($new_pw == "") { print "ERROR: " . __("New password cannot be blank."); return; } if ($new_pw != $con_pw) { print "ERROR: " . __("Entered passwords do not match."); return; } $old_pw_hash1 = encrypt_password($_POST["OLD_PASSWORD"]); $old_pw_hash2 = encrypt_password($_POST["OLD_PASSWORD"], $_SESSION["name"]); $new_pw_hash = encrypt_password($_POST["NEW_PASSWORD"], $_SESSION["name"]); $active_uid = $_SESSION["uid"]; if ($old_pw && $new_pw) { $login = db_escape_string($_SERVER['PHP_AUTH_USER']); $result = db_query($link, "SELECT id FROM ttrss_users WHERE \n\t\t\t\t\tid = '{$active_uid}' AND (pwd_hash = '{$old_pw_hash1}' OR \n\t\t\t\t\t\tpwd_hash = '{$old_pw_hash2}')"); if (db_num_rows($result) == 1) { db_query($link, "UPDATE ttrss_users SET pwd_hash = '{$new_pw_hash}' \n\t\t\t\t\t\tWHERE id = '{$active_uid}'"); $_SESSION["pwd_hash"] = $new_pw_hash; print __("Password has been changed."); } else { print "ERROR: " . __('Old password is incorrect.'); } } return; } else { if ($subop == "save-config") { # $_SESSION["prefs_op_result"] = "save-config"; $_SESSION["prefs_cache"] = false; // print_r($_POST); $orig_theme = get_pref($link, "_THEME_ID"); foreach (array_keys($_POST) as $pref_name) { $pref_name = db_escape_string($pref_name); $value = db_escape_string($_POST[$pref_name]); set_pref($link, $pref_name, $value); } if ($orig_theme != get_pref($link, "_THEME_ID")) { print "PREFS_THEME_CHANGED"; } else { print __("The configuration was saved."); } return; } else { if ($subop == "getHelp") { $pref_name = db_escape_string($_REQUEST["pn"]); $result = db_query($link, "SELECT help_text FROM ttrss_prefs\n\t\t\t\tWHERE pref_name = '{$pref_name}'"); if (db_num_rows($result) > 0) { $help_text = db_fetch_result($result, 0, "help_text"); print $help_text; } else { printf(__("Unknown option: %s"), $pref_name); } } else { if ($subop == "change-email") { $email = db_escape_string($_POST["email"]); $active_uid = $_SESSION["uid"]; db_query($link, "UPDATE ttrss_users SET email = '{$email}' \n\t\t\t\tWHERE id = '{$active_uid}'"); print __("E-mail has been changed."); return; } else { if ($subop == "reset-config") { $_SESSION["prefs_op_result"] = "reset-to-defaults"; if ($_SESSION["profile"]) { $profile_qpart = "profile = '" . $_SESSION["profile"] . "'"; } else { $profile_qpart = "profile IS NULL"; } db_query($link, "DELETE FROM ttrss_user_prefs \n\t\t\t\tWHERE {$profile_qpart} AND owner_uid = " . $_SESSION["uid"]); initialize_user_prefs($link, $_SESSION["uid"], $_SESSION["profile"]); print "PREFS_THEME_CHANGED"; // print __("The configuration was reset to defaults."); return; } else { set_pref($link, "_PREFS_ACTIVE_TAB", "genConfig"); if ($_SESSION["profile"]) { print_notice("Some preferences are only available in default profile."); } if (!SINGLE_USER_MODE) { $result = db_query($link, "SELECT id FROM ttrss_users\n\t\t\t\t\tWHERE id = " . $_SESSION["uid"] . " AND pwd_hash \n\t\t\t\t\t= 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'"); if (db_num_rows($result) != 0) { print format_warning(__("Your password is at default value, \n\t\t\t\t\t\tplease change it."), "default_pass_warning"); } /* if ($_SESSION["pwd_change_result"] == "failed") { print format_warning("Could not change the password."); } if ($_SESSION["pwd_change_result"] == "ok") { print format_notice("Password was changed."); } $_SESSION["pwd_change_result"] = ""; */ /* if ($_SESSION["prefs_op_result"] == "reset-to-defaults") { print format_notice(__("The configuration was reset to defaults.")); } */ # if ($_SESSION["prefs_op_result"] == "save-config") { # print format_notice(__("The configuration was saved.")); # } $_SESSION["prefs_op_result"] = ""; print "<form onsubmit='return false' id='change_email_form'>"; print "<table width=\"100%\" class=\"prefPrefsList\">"; print "<tr><td colspan='3'><h3>" . __("Personal data") . "</h3></tr></td>"; $result = db_query($link, "SELECT email,access_level FROM ttrss_users\n\t\t\t\t\tWHERE id = " . $_SESSION["uid"]); $email = db_fetch_result($result, 0, "email"); print "<tr><td width=\"40%\">" . __('E-mail') . "</td>"; print "<td class=\"prefValue\"><input class=\"editbox\" name=\"email\" \n\t\t\t\t\tonfocus=\"javascript:disableHotkeys();\" \n\t\t\t\t\tonblur=\"javascript:enableHotkeys();\"\n\t\t\t\t\tonkeypress=\"return filterCR(event, changeUserEmail)\"\n\t\t\t\t\tvalue=\"{$email}\"></td></tr>"; if (!SINGLE_USER_MODE) { $access_level = db_fetch_result($result, 0, "access_level"); print "<tr><td width=\"40%\">" . __('Access level') . "</td>"; print "<td>" . $access_level_names[$access_level] . "</td></tr>"; } print "</table>"; print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">"; print "<input type=\"hidden\" name=\"subop\" value=\"change-email\">"; print "</form>"; print "<p><button onclick=\"return changeUserEmail()\">" . __("Change e-mail") . "</button>"; print "<form onsubmit=\"return false\" \n\t\t\t\t\tname=\"change_pass_form\" id=\"change_pass_form\">"; print "<table width=\"100%\" class=\"prefPrefsList\">"; print "<tr><td colspan='3'><h3>" . __("Authentication") . "</h3></tr></td>"; print "<tr><td width=\"40%\">" . __("Old password") . "</td>"; print "<td class=\"prefValue\"><input class=\"editbox\" type=\"password\"\n\t\t\t\t\tonfocus=\"javascript:disableHotkeys();\" \n\t\t\t\t\tonblur=\"javascript:enableHotkeys();\"\n\t\t\t\t\tonkeypress=\"return filterCR(event, changeUserPassword)\"\n\t\t\t\t\tname=\"OLD_PASSWORD\"></td></tr>"; print "<tr><td width=\"40%\">" . __("New password") . "</td>"; print "<td class=\"prefValue\"><input class=\"editbox\" type=\"password\"\n\t\t\t\t\tonfocus=\"javascript:disableHotkeys();\" \n\t\t\t\t\tonblur=\"javascript:enableHotkeys();\"\n\t\t\t\t\tonkeypress=\"return filterCR(event, changeUserPassword)\"\n\t\t\t\t\tname=\"NEW_PASSWORD\"></td></tr>"; print "<tr><td width=\"40%\">" . __("Confirm password") . "</td>"; print "<td class=\"prefValue\"><input class=\"editbox\" type=\"password\"\n\t\t\t\t\tonfocus=\"javascript:disableHotkeys();\" \n\t\t\t\t\tonblur=\"javascript:enableHotkeys();\"\n\t\t\t\t\tonkeypress=\"return filterCR(event, changeUserPassword)\"\n\t\t\t\t\tname=\"CONFIRM_PASSWORD\"></td></tr>"; print "</table>"; print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">"; print "<input type=\"hidden\" name=\"subop\" value=\"change-password\">"; print "</form>"; print "<p><button\tonclick=\"return changeUserPassword()\">" . __("Change password") . "</button>"; } if ($_SESSION["profile"]) { initialize_user_prefs($link, $_SESSION["uid"], $_SESSION["profile"]); $profile_qpart = "profile = '" . $_SESSION["profile"] . "'"; } else { initialize_user_prefs($link, $_SESSION["uid"]); $profile_qpart = "profile IS NULL"; } $result = db_query($link, "SELECT \n\t\t\t\tttrss_user_prefs.pref_name,short_desc,help_text,value,type_name,\n\t\t\t\tsection_name,def_value,section_id\n\t\t\t\tFROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs\n\t\t\t\tWHERE type_id = ttrss_prefs_types.id AND \n\t\t\t\t\t{$profile_qpart} AND\n\t\t\t\t\tsection_id = ttrss_prefs_sections.id AND\n\t\t\t\t\tttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND\n\t\t\t\t\tshort_desc != '' AND\n\t\t\t\t\towner_uid = " . $_SESSION["uid"] . "\n\t\t\t\tORDER BY section_id,short_desc"); print "<form onsubmit='return false' action=\"backend.php\" \n\t\t\t\tmethod=\"POST\" id=\"pref_prefs_form\">"; $lnum = 0; $active_section = ""; while ($line = db_fetch_assoc($result)) { if (in_array($line["pref_name"], $prefs_blacklist)) { continue; } if ($_SESSION["profile"] && in_array($line["pref_name"], $profile_blacklist)) { continue; } if ($active_section != $line["section_name"]) { if ($active_section != "") { print "</table>"; } print "<p><table width=\"100%\" class=\"prefPrefsList\">"; $active_section = $line["section_name"]; print "<tr><td colspan=\"3\"><h3>" . __($active_section) . "</h3></td></tr>"; if ($line["section_id"] == 2) { print "<tr><td width=\"40%\">" . __("Select theme") . "</td>"; $user_theme = get_pref($link, "_THEME_ID"); $themes = get_all_themes(); print "<td><select name=\"_THEME_ID\">"; print "<option value=''>" . __('Default') . "</option>"; print "<option disabled>--------</option>"; foreach ($themes as $t) { $base = $t['base']; $name = $t['name']; if ($base == $user_theme) { $selected = "selected=\"1\""; } else { $selected = ""; } print "<option {$selected} value='{$base}'>{$name}</option>"; } print "</select></td></tr>"; } // print "<tr class=\"title\"> // <td width=\"25%\">Option</td><td>Value</td></tr>"; $lnum = 0; } // $class = ($lnum % 2) ? "even" : "odd"; print "<tr>"; $type_name = $line["type_name"]; $pref_name = $line["pref_name"]; $value = $line["value"]; $def_value = $line["def_value"]; $help_text = $line["help_text"]; print "<td width=\"40%\" class=\"prefName\" id=\"{$pref_name}\">" . __($line["short_desc"]); if ($help_text) { print "<div class=\"prefHelp\">" . __($help_text) . "</div>"; } print "</td>"; print "<td class=\"prefValue\">"; if ($pref_name == "DEFAULT_UPDATE_INTERVAL") { global $update_intervals_nodefault; print_select_hash($pref_name, $value, $update_intervals_nodefault); } else { if ($type_name == "bool") { // print_select($pref_name, $value, array("true", "false")); if ($value == "true") { $value = __("Yes"); } else { $value = __("No"); } print_radio($pref_name, $value, __("Yes"), array(__("Yes"), __("No"))); } else { print "<input class=\"editbox\"\n\t\t\t\t\t\tonfocus=\"javascript:disableHotkeys();\" \n\t\t\t\t\t\tonblur=\"javascript:enableHotkeys();\" \n\t\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\">"; } } print "</td>"; print "</tr>"; $lnum++; } print "</table>"; print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">"; print "<p><button onclick=\"return validatePrefsSave()\">" . __('Save configuration') . "</button> "; print "<button onclick=\"return editProfiles()\">" . __('Manage profiles') . "</button> "; print "<button onclick=\"return validatePrefsReset()\">" . __('Reset to defaults') . "</button></p>"; print "</form>"; } } } } } }
function index() { global $access_level_names; $prefs_blacklist = array("STRIP_UNSAFE_TAGS", "REVERSE_HEADLINES", "SORT_HEADLINES_BY_FEED_DATE", "DEFAULT_ARTICLE_LIMIT", "FEEDS_SORT_BY_UNREAD"); /* "FEEDS_SORT_BY_UNREAD", "HIDE_READ_FEEDS", "REVERSE_HEADLINES" */ $profile_blacklist = array("ALLOW_DUPLICATE_POSTS", "PURGE_OLD_DAYS", "PURGE_UNREAD_ARTICLES", "DIGEST_ENABLE", "DIGEST_CATCHUP", "BLACKLISTED_TAGS", "ENABLE_API_ACCESS", "UPDATE_POST_ON_CHECKSUM_CHANGE", "DEFAULT_UPDATE_INTERVAL", "USER_TIMEZONE", "SORT_HEADLINES_BY_FEED_DATE", "SSL_CERT_SERIAL", "DIGEST_PREFERRED_TIME"); $_SESSION["prefs_op_result"] = ""; print "<div dojoType=\"dijit.layout.AccordionContainer\" region=\"center\">"; print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"" . __('Personal data / Authentication') . "\">"; print "<form dojoType=\"dijit.form.Form\" id=\"changeUserdataForm\">"; print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">\n\t\tevt.preventDefault();\n\t\tif (this.validate()) {\n\t\t\tnotify_progress('Saving data...', true);\n\n\t\t\tnew Ajax.Request('backend.php', {\n\t\t\t\tparameters: dojo.objectToQuery(this.getValues()),\n\t\t\t\tonComplete: function(transport) {\n\t\t\t\t\tnotify_callback2(transport);\n\t\t\t} });\n\n\t\t}\n\t\t</script>"; print "<table width=\"100%\" class=\"prefPrefsList\">"; print "<h2>" . __("Personal data") . "</h2>"; $result = $this->dbh->query("SELECT email,full_name,otp_enabled,\n\t\t\taccess_level FROM ttrss_users\n\t\t\tWHERE id = " . $_SESSION["uid"]); $email = htmlspecialchars($this->dbh->fetch_result($result, 0, "email")); $full_name = htmlspecialchars($this->dbh->fetch_result($result, 0, "full_name")); $otp_enabled = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "otp_enabled")); print "<tr><td width=\"40%\">" . __('Full name') . "</td>"; print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"full_name\" required=\"1\"\n\t\t\tvalue=\"{$full_name}\"></td></tr>"; print "<tr><td width=\"40%\">" . __('E-mail') . "</td>"; print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"email\" required=\"1\" value=\"{$email}\"></td></tr>"; if (!SINGLE_USER_MODE && !$_SESSION["hide_hello"]) { $access_level = $this->dbh->fetch_result($result, 0, "access_level"); print "<tr><td width=\"40%\">" . __('Access level') . "</td>"; print "<td>" . $access_level_names[$access_level] . "</td></tr>"; } print "</table>"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"changeemail\">"; print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">" . __("Save data") . "</button>"; print "</form>"; if ($_SESSION["auth_module"]) { $authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]); } else { $authenticator = false; } if ($authenticator && method_exists($authenticator, "change_password")) { print "<h2>" . __("Password") . "</h2>"; $result = $this->dbh->query("SELECT id FROM ttrss_users\n\t\t\t\tWHERE id = " . $_SESSION["uid"] . " AND pwd_hash\n\t\t\t\t= 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'"); if ($this->dbh->num_rows($result) != 0) { print format_warning(__("Your password is at default value, please change it."), "default_pass_warning"); } print "<form dojoType=\"dijit.form.Form\">"; print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">\n\t\t\tevt.preventDefault();\n\t\t\tif (this.validate()) {\n\t\t\t\tnotify_progress('Changing password...', true);\n\n\t\t\t\tnew Ajax.Request('backend.php', {\n\t\t\t\t\tparameters: dojo.objectToQuery(this.getValues()),\n\t\t\t\t\tonComplete: function(transport) {\n\t\t\t\t\t\tnotify('');\n\t\t\t\t\t\tif (transport.responseText.indexOf('ERROR: ') == 0) {\n\t\t\t\t\t\t\tnotify_error(transport.responseText.replace('ERROR: ', ''));\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\tnotify_info(transport.responseText);\n\t\t\t\t\t\t\tvar warn = \$('default_pass_warning');\n\t\t\t\t\t\t\tif (warn) Element.hide(warn);\n\t\t\t\t\t\t}\n\t\t\t\t}});\n\t\t\t\tthis.reset();\n\t\t\t}\n\t\t\t</script>"; if ($otp_enabled) { print_notice(__("Changing your current password will disable OTP.")); } print "<table width=\"100%\" class=\"prefPrefsList\">"; print "<tr><td width=\"40%\">" . __("Old password") . "</td>"; print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"old_password\"></td></tr>"; print "<tr><td width=\"40%\">" . __("New password") . "</td>"; print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\"\n\t\t\t\tname=\"new_password\"></td></tr>"; print "<tr><td width=\"40%\">" . __("Confirm password") . "</td>"; print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"confirm_password\"></td></tr>"; print "</table>"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"changepassword\">"; print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">" . __("Change password") . "</button>"; print "</form>"; if ($_SESSION["auth_module"] == "auth_internal") { print "<h2>" . __("One time passwords / Authenticator") . "</h2>"; if ($otp_enabled) { print_notice(__("One time passwords are currently enabled. Enter your current password below to disable.")); print "<form dojoType=\"dijit.form.Form\">"; print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">\n\t\t\t\tevt.preventDefault();\n\t\t\t\tif (this.validate()) {\n\t\t\t\t\tnotify_progress('Disabling OTP', true);\n\n\t\t\t\t\tnew Ajax.Request('backend.php', {\n\t\t\t\t\t\tparameters: dojo.objectToQuery(this.getValues()),\n\t\t\t\t\t\tonComplete: function(transport) {\n\t\t\t\t\t\t\tnotify('');\n\t\t\t\t\t\t\tif (transport.responseText.indexOf('ERROR: ') == 0) {\n\t\t\t\t\t\t\t\tnotify_error(transport.responseText.replace('ERROR: ', ''));\n\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\twindow.location.reload();\n\t\t\t\t\t\t\t}\n\t\t\t\t\t}});\n\t\t\t\t\tthis.reset();\n\t\t\t\t}\n\t\t\t\t</script>"; print "<table width=\"100%\" class=\"prefPrefsList\">"; print "<tr><td width=\"40%\">" . __("Enter your password") . "</td>"; print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\"\n\t\t\t\t\tname=\"password\"></td></tr>"; print "</table>"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"otpdisable\">"; print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">" . __("Disable OTP") . "</button>"; print "</form>"; } else { if (function_exists("imagecreatefromstring")) { print_warning(__("You will need a compatible Authenticator to use this. Changing your password would automatically disable OTP.")); print "<p>" . __("Scan the following code by the Authenticator application:") . "</p>"; $csrf_token = $_SESSION["csrf_token"]; print "<img src=\"backend.php?op=pref-prefs&method=otpqrcode&csrf_token={$csrf_token}\">"; print "<form dojoType=\"dijit.form.Form\" id=\"changeOtpForm\">"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"otpenable\">"; print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">\n\t\t\t\t\tevt.preventDefault();\n\t\t\t\t\tif (this.validate()) {\n\t\t\t\t\t\tnotify_progress('Saving data...', true);\n\n\t\t\t\t\t\tnew Ajax.Request('backend.php', {\n\t\t\t\t\t\t\tparameters: dojo.objectToQuery(this.getValues()),\n\t\t\t\t\t\t\tonComplete: function(transport) {\n\t\t\t\t\t\t\t\tnotify('');\n\t\t\t\t\t\t\t\tif (transport.responseText.indexOf('ERROR:') == 0) {\n\t\t\t\t\t\t\t\t\tnotify_error(transport.responseText.replace('ERROR:', ''));\n\t\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t\twindow.location.reload();\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t} });\n\n\t\t\t\t\t}\n\t\t\t\t\t</script>"; print "<table width=\"100%\" class=\"prefPrefsList\">"; print "<tr><td width=\"40%\">" . __("Enter your password") . "</td>"; print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\"\n\t\t\t\t\t\tname=\"password\"></td></tr>"; print "<tr><td width=\"40%\">" . __("Enter the generated one time password") . "</td>"; print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" autocomplete=\"off\"\n\t\t\t\t\t\trequired=\"1\"\n\t\t\t\t\t\tname=\"otp\"></td></tr>"; print "<tr><td colspan=\"2\">"; print "</td></tr><tr><td colspan=\"2\">"; print "</td></tr>"; print "</table>"; print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">" . __("Enable OTP") . "</button>"; print "</form>"; } else { print_notice(__("PHP GD functions are required for OTP support.")); } } } } PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "hook_prefs_tab_section", "prefPrefsAuth"); print "</div>"; #pane print "<div dojoType=\"dijit.layout.AccordionPane\" selected=\"true\" title=\"" . __('Preferences') . "\">"; print "<form dojoType=\"dijit.form.Form\" id=\"changeSettingsForm\">"; print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt, quit\">\n\t\tif (evt) evt.preventDefault();\n\t\tif (this.validate()) {\n\t\t\tconsole.log(dojo.objectToQuery(this.getValues()));\n\n\t\t\tnew Ajax.Request('backend.php', {\n\t\t\t\tparameters: dojo.objectToQuery(this.getValues()),\n\t\t\t\tonComplete: function(transport) {\n\t\t\t\t\tvar msg = transport.responseText;\n\t\t\t\t\tif (quit) {\n\t\t\t\t\t\tgotoMain();\n\t\t\t\t\t} else {\n\t\t\t\t\t\tif (msg == 'PREFS_NEED_RELOAD') {\n\t\t\t\t\t\t\twindow.location.reload();\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\tnotify_info(msg);\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t} });\n\t\t}\n\t\t</script>"; print '<div dojoType="dijit.layout.BorderContainer" gutters="false">'; print '<div dojoType="dijit.layout.ContentPane" region="center" style="overflow-y : auto">'; if ($_SESSION["profile"]) { print_notice(__("Some preferences are only available in default profile.")); } if ($_SESSION["profile"]) { initialize_user_prefs($_SESSION["uid"], $_SESSION["profile"]); $profile_qpart = "profile = '" . $_SESSION["profile"] . "'"; } else { initialize_user_prefs($_SESSION["uid"]); $profile_qpart = "profile IS NULL"; } /* if ($_SESSION["prefs_show_advanced"]) $access_query = "true"; else $access_query = "(access_level = 0 AND section_id != 3)"; */ $access_query = 'true'; $result = $this->dbh->query("SELECT DISTINCT\n\t\t\tttrss_user_prefs.pref_name,value,type_name,\n\t\t\tttrss_prefs_sections.order_id,\n\t\t\tdef_value,section_id\n\t\t\tFROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs\n\t\t\tWHERE type_id = ttrss_prefs_types.id AND\n\t\t\t\t{$profile_qpart} AND\n\t\t\t\tsection_id = ttrss_prefs_sections.id AND\n\t\t\t\tttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND\n\t\t\t\t{$access_query} AND\n\t\t\t\towner_uid = " . $_SESSION["uid"] . "\n\t\t\tORDER BY ttrss_prefs_sections.order_id,pref_name"); $lnum = 0; $active_section = ""; $listed_boolean_prefs = array(); while ($line = $this->dbh->fetch_assoc($result)) { if (in_array($line["pref_name"], $prefs_blacklist)) { continue; } $type_name = $line["type_name"]; $pref_name = $line["pref_name"]; $section_name = $this->getSectionName($line["section_id"]); $value = $line["value"]; $short_desc = $this->getShortDesc($pref_name); $help_text = $this->getHelpText($pref_name); if (!$short_desc) { continue; } if ($_SESSION["profile"] && in_array($line["pref_name"], $profile_blacklist)) { continue; } if ($active_section != $line["section_id"]) { if ($active_section != "") { print "</table>"; } print "<table width=\"100%\" class=\"prefPrefsList\">"; $active_section = $line["section_id"]; print "<tr><td colspan=\"3\"><h3>" . $section_name . "</h3></td></tr>"; $lnum = 0; } print "<tr>"; print "<td width=\"40%\" class=\"prefName\" id=\"{$pref_name}\">"; print "<label for='CB_{$pref_name}'>"; print $short_desc; print "</label>"; if ($help_text) { print "<div class=\"prefHelp\">" . __($help_text) . "</div>"; } print "</td>"; print "<td class=\"prefValue\">"; if ($pref_name == "USER_LANGUAGE") { print_select_hash($pref_name, $value, get_translations(), "style='width : 220px; margin : 0px' dojoType='dijit.form.Select'"); } else { if ($pref_name == "USER_TIMEZONE") { $timezones = explode("\n", file_get_contents("lib/timezones.txt")); print_select($pref_name, $value, $timezones, 'dojoType="dijit.form.FilteringSelect"'); } else { if ($pref_name == "USER_STYLESHEET") { print "<button dojoType=\"dijit.form.Button\"\n\t\t\t\t\tonclick=\"customizeCSS()\">" . __('Customize') . "</button>"; } else { if ($pref_name == "USER_CSS_THEME") { $themes = array_map("basename", glob("themes/*.css")); print_select($pref_name, $value, $themes, 'dojoType="dijit.form.Select"'); } else { if ($pref_name == "DEFAULT_UPDATE_INTERVAL") { global $update_intervals_nodefault; print_select_hash($pref_name, $value, $update_intervals_nodefault, 'dojoType="dijit.form.Select"'); } else { if ($type_name == "bool") { array_push($listed_boolean_prefs, $pref_name); $checked = $value == "true" ? "checked=\"checked\"" : ""; if ($pref_name == "PURGE_UNREAD_ARTICLES" && FORCE_ARTICLE_PURGE != 0) { $disabled = "disabled=\"1\""; $checked = "checked=\"checked\""; } else { $disabled = ""; } print "<input type='checkbox' name='{$pref_name}' {$checked} {$disabled}\n\t\t\t\t\tdojoType='dijit.form.CheckBox' id='CB_{$pref_name}' value='1'>"; } else { if (array_search($pref_name, array('FRESH_ARTICLE_MAX_AGE', 'PURGE_OLD_DAYS', 'LONG_DATE_FORMAT', 'SHORT_DATE_FORMAT')) !== false) { $regexp = $type_name == 'integer' ? 'regexp="^\\d*$"' : ''; if ($pref_name == "PURGE_OLD_DAYS" && FORCE_ARTICLE_PURGE != 0) { $disabled = "disabled=\"1\""; $value = FORCE_ARTICLE_PURGE; } else { $disabled = ""; } print "<input dojoType=\"dijit.form.ValidationTextBox\"\n\t\t\t\t\trequired=\"1\" {$regexp} {$disabled}\n\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\">"; } else { if ($pref_name == "SSL_CERT_SERIAL") { print "<input dojoType=\"dijit.form.ValidationTextBox\"\n\t\t\t\t\tid=\"SSL_CERT_SERIAL\" readonly=\"1\"\n\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\">"; $cert_serial = htmlspecialchars(get_ssl_certificate_id()); $has_serial = $cert_serial ? "false" : "true"; print " <button dojoType=\"dijit.form.Button\" disabled=\"{$has_serial}\"\n\t\t\t\t\tonclick=\"insertSSLserial('{$cert_serial}')\">" . __('Register') . "</button>"; print " <button dojoType=\"dijit.form.Button\"\n\t\t\t\t\tonclick=\"insertSSLserial('')\">" . __('Clear') . "</button>"; } else { if ($pref_name == 'DIGEST_PREFERRED_TIME') { print "<input dojoType=\"dijit.form.ValidationTextBox\"\n\t\t\t\t\tid=\"{$pref_name}\" regexp=\"[012]?\\d:\\d\\d\" placeHolder=\"12:00\"\n\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\"><div class=\"insensitive\">" . T_sprintf("Current server time: %s (UTC)", date("H:i")) . "</div>"; } else { $regexp = $type_name == 'integer' ? 'regexp="^\\d*$"' : ''; print "<input dojoType=\"dijit.form.ValidationTextBox\"\n\t\t\t\t\t{$regexp}\n\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\">"; } } } } } } } } } print "</td>"; print "</tr>"; $lnum++; } print "</table>"; $listed_boolean_prefs = htmlspecialchars(join(",", $listed_boolean_prefs)); print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"boolean_prefs\" value=\"{$listed_boolean_prefs}\">"; PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "hook_prefs_tab_section", "prefPrefsPrefsInside"); print '</div>'; # inside pane print '<div dojoType="dijit.layout.ContentPane" region="bottom">'; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"saveconfig\">"; print "<div dojoType=\"dijit.form.ComboButton\" type=\"submit\">\n\t\t\t<span>" . __('Save configuration') . "</span>\n\t\t\t<div dojoType=\"dijit.DropDownMenu\">\n\t\t\t\t<div dojoType=\"dijit.MenuItem\"\n\t\t\t\t\tonclick=\"dijit.byId('changeSettingsForm').onSubmit(null, true)\">" . __("Save and exit preferences") . "</div>\n\t\t\t</div>\n\t\t\t</div>"; print "<button dojoType=\"dijit.form.Button\" onclick=\"return editProfiles()\">" . __('Manage profiles') . "</button> "; print "<button dojoType=\"dijit.form.Button\" onclick=\"return validatePrefsReset()\">" . __('Reset to defaults') . "</button>"; print " "; /* $checked = $_SESSION["prefs_show_advanced"] ? "checked='1'" : ""; print "<input onclick='toggleAdvancedPrefs()' id='prefs_show_advanced' dojoType=\"dijit.form.CheckBox\" $checked type=\"checkbox\"></input> <label for='prefs_show_advanced'>" . __("Show additional preferences") . "</label>"; */ PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "hook_prefs_tab_section", "prefPrefsPrefsOutside"); print "</form>"; print '</div>'; # inner pane print '</div>'; # border container print "</div>"; #pane print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"" . __('Plugins') . "\">"; print "<p>" . __("You will need to reload Tiny Tiny RSS for plugin changes to take effect.") . "</p>"; print_notice(__("Download more plugins at tt-rss.org <a class=\"visibleLink\" target=\"_blank\" href=\"http://tt-rss.org/forum/viewforum.php?f=22\">forums</a> or <a target=\"_blank\" class=\"visibleLink\" href=\"http://tt-rss.org/wiki/Plugins\">wiki</a>.")); print "<form dojoType=\"dijit.form.Form\" id=\"changePluginsForm\">"; print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">\n\t\tevt.preventDefault();\n\t\tif (this.validate()) {\n\t\t\tnotify_progress('Saving data...', true);\n\n\t\t\tnew Ajax.Request('backend.php', {\n\t\t\t\tparameters: dojo.objectToQuery(this.getValues()),\n\t\t\t\tonComplete: function(transport) {\n\t\t\t\t\tnotify('');\n\t\t\t\t\tif (confirm(__('Selected plugins have been enabled. Reload?'))) {\n\t\t\t\t\t\twindow.location.reload();\n\t\t\t\t\t}\n\t\t\t} });\n\n\t\t}\n\t\t</script>"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"setplugins\">"; print "<table width='100%' class='prefPluginsList'>"; print "<tr><td colspan='4'><h3>" . __("System plugins") . "</h3></td></tr>"; print "<tr class=\"title\">\n\t\t\t\t<td width=\"5%\"> </td>\n\t\t\t\t<td width='10%'>" . __('Plugin') . "</td>\n\t\t\t\t<td width=''>" . __('Description') . "</td>\n\t\t\t\t<td width='5%'>" . __('Version') . "</td>\n\t\t\t\t<td width='10%'>" . __('Author') . "</td></tr>"; $system_enabled = array_map("trim", explode(",", PLUGINS)); $user_enabled = array_map("trim", explode(",", get_pref("_ENABLED_PLUGINS"))); $tmppluginhost = new PluginHost(); $tmppluginhost->load_all($tmppluginhost::KIND_ALL, $_SESSION["uid"]); $tmppluginhost->load_data(true); foreach ($tmppluginhost->get_plugins() as $name => $plugin) { $about = $plugin->about(); if ($about[3] && strpos($name, "example") === FALSE) { if (in_array($name, $system_enabled)) { $checked = "checked='1'"; } else { $checked = ""; } print "<tr>"; print "<td align='center'><input disabled='1'\n\t\t\t\t\t\tdojoType=\"dijit.form.CheckBox\" {$checked}\n\t\t\t\t\t\ttype=\"checkbox\"></td>"; $plugin_icon = $checked ? "plugin.png" : "plugin_disabled.png"; print "<td><label><img src='images/{$plugin_icon}' alt=''> {$name}</label></td>"; print "<td>" . htmlspecialchars($about[1]); if (@$about[4]) { print " — <a target=\"_blank\" class=\"visibleLink\"\n\t\t\t\t\t\thref=\"" . htmlspecialchars($about[4]) . "\">" . __("more info") . "</a>"; } print "</td>"; print "<td>" . htmlspecialchars(sprintf("%.2f", $about[0])) . "</td>"; print "<td>" . htmlspecialchars($about[2]) . "</td>"; if (count($tmppluginhost->get_all($plugin)) > 0) { if (in_array($name, $system_enabled)) { print "<td><a href='#' onclick=\"clearPluginData('{$name}')\"\n\t\t\t\t\t\t\tclass='visibleLink'>" . __("Clear data") . "</a></td>"; } } print "</tr>"; } } print "<tr><td colspan='4'><h3>" . __("User plugins") . "</h3></td></tr>"; print "<tr class=\"title\">\n\t\t\t\t<td width=\"5%\"> </td>\n\t\t\t\t<td width='10%'>" . __('Plugin') . "</td>\n\t\t\t\t<td width=''>" . __('Description') . "</td>\n\t\t\t\t<td width='5%'>" . __('Version') . "</td>\n\t\t\t\t<td width='10%'>" . __('Author') . "</td></tr>"; foreach ($tmppluginhost->get_plugins() as $name => $plugin) { $about = $plugin->about(); if (!$about[3] && strpos($name, "example") === FALSE) { if (in_array($name, $system_enabled)) { $checked = "checked='1'"; $disabled = "disabled='1'"; $rowclass = ''; } else { if (in_array($name, $user_enabled)) { $checked = "checked='1'"; $disabled = ""; $rowclass = "Selected"; } else { $checked = ""; $disabled = ""; $rowclass = ''; } } print "<tr class='{$rowclass}'>"; $plugin_icon = $checked ? "plugin.png" : "plugin_disabled.png"; print "<td align='center'><input id='FPCHK-{$name}' name='plugins[]' value='{$name}' onclick='toggleSelectRow2(this);'\n\t\t\t\t\tdojoType=\"dijit.form.CheckBox\" {$checked} {$disabled}\n\t\t\t\t\ttype=\"checkbox\"></td>"; print "<td><label for='FPCHK-{$name}'><img src='images/{$plugin_icon}' alt=''> {$name}</label></td>"; print "<td><label for='FPCHK-{$name}'>" . htmlspecialchars($about[1]) . "</label>"; if (@$about[4]) { print " — <a target=\"_blank\" class=\"visibleLink\"\n\t\t\t\t\t\thref=\"" . htmlspecialchars($about[4]) . "\">" . __("more info") . "</a>"; } print "</td>"; print "<td>" . htmlspecialchars(sprintf("%.2f", $about[0])) . "</td>"; print "<td>" . htmlspecialchars($about[2]) . "</td>"; if (count($tmppluginhost->get_all($plugin)) > 0) { if (in_array($name, $system_enabled) || in_array($name, $user_enabled)) { print "<td><a href='#' onclick=\"clearPluginData('{$name}')\" class='visibleLink'>" . __("Clear data") . "</a></td>"; } } print "</tr>"; } } print "</table>"; print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">" . __("Enable selected plugins") . "</button></p>"; print "</form>"; print "</div>"; #pane PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB, "hook_prefs_tab", "prefPrefs"); print "</div>"; #container }
function authenticate_user($link, $login, $password, $force_auth = false) { if (!SINGLE_USER_MODE) { $pwd_hash1 = encrypt_password($password); $pwd_hash2 = encrypt_password($password, $login); $login = db_escape_string($login); if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH && $_SERVER["REMOTE_USER"] && $login != "admin") { $login = db_escape_string($_SERVER["REMOTE_USER"]); $query = "SELECT id,login,access_level,pwd_hash\n\t FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******'"; } else { $query = "SELECT id,login,access_level,pwd_hash\n\t FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******' AND (pwd_hash = '{$pwd_hash1}' OR\n\t\t\t\t\t\tpwd_hash = '{$pwd_hash2}')"; } $result = db_query($link, $query); if (db_num_rows($result) == 1) { $_SESSION["uid"] = db_fetch_result($result, 0, "id"); $_SESSION["name"] = db_fetch_result($result, 0, "login"); $_SESSION["access_level"] = db_fetch_result($result, 0, "access_level"); db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]); $_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"]; $_SESSION["pwd_hash"] = db_fetch_result($result, 0, "pwd_hash"); initialize_user_prefs($link, $_SESSION["uid"]); return true; } return false; } else { $_SESSION["uid"] = 1; $_SESSION["name"] = "admin"; $_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"]; initialize_user_prefs($link, $_SESSION["uid"]); return true; } }
function authenticate_user($link, $login, $password, $check_only = false) { if (!SINGLE_USER_MODE) { $user_id = false; $modules = explode(",", AUTH_MODULES); foreach ($modules as $module) { $module_class = "auth_{$module}"; if (class_exists($module_class)) { $authenticator = new $module_class($link); $user_id = (int) $authenticator->authenticate($login, $password); if ($user_id) { $_SESSION["auth_module"] = $module; break; } } else { print T_sprintf("Fatal: authentication module %s not found.", $module); die; } } if ($user_id && !$check_only) { $_SESSION["uid"] = $user_id; $result = db_query($link, "SELECT login,access_level,pwd_hash FROM ttrss_users\n\t\t\t\t\tWHERE id = '{$user_id}'"); $_SESSION["name"] = db_fetch_result($result, 0, "login"); $_SESSION["access_level"] = db_fetch_result($result, 0, "access_level"); $_SESSION["csrf_token"] = sha1(uniqid(rand(), true)); db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]); $_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"]; $_SESSION["pwd_hash"] = db_fetch_result($result, 0, "pwd_hash"); $_SESSION["last_version_check"] = time(); initialize_user_prefs($link, $_SESSION["uid"]); return true; } return false; } else { $_SESSION["uid"] = 1; $_SESSION["name"] = "admin"; $_SESSION["access_level"] = 10; $_SESSION["hide_hello"] = true; $_SESSION["hide_logout"] = true; $_SESSION["auth_module"] = false; if (!$_SESSION["csrf_token"]) { $_SESSION["csrf_token"] = sha1(uniqid(rand(), true)); } $_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"]; initialize_user_prefs($link, $_SESSION["uid"]); return true; } }
function authenticate_user($link, $login, $password, $force_auth = false) { if (!SINGLE_USER_MODE) { $pwd_hash1 = encrypt_password($password); $pwd_hash2 = encrypt_password($password, $login); $login = db_escape_string($login); $remote_user = get_remote_user($link); if ($remote_user && $remote_user == $login && $login != "admin") { $login = $remote_user; $query = "SELECT id,login,access_level,pwd_hash\n\t FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******'"; if (defined('AUTO_CREATE_USER') && AUTO_CREATE_USER && $_SERVER["REMOTE_USER"]) { $result = db_query($link, $query); // First login ? if (db_num_rows($result) == 0) { $query2 = "INSERT INTO ttrss_users\n\t\t\t\t\t\t\t\t(login,access_level,last_login,created)\n\t\t\t\t\t\t\t\tVALUES ('{$login}', 0, null, NOW())"; db_query($link, $query2); } } } else { $query = "SELECT id,login,access_level,pwd_hash\n\t FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******' AND (pwd_hash = '{$pwd_hash1}' OR\n\t\t\t\t\t\tpwd_hash = '{$pwd_hash2}')"; } $result = db_query($link, $query); if (db_num_rows($result) == 1) { $_SESSION["uid"] = db_fetch_result($result, 0, "id"); $_SESSION["name"] = db_fetch_result($result, 0, "login"); $_SESSION["access_level"] = db_fetch_result($result, 0, "access_level"); db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]); // LemonLDAP can send user informations via HTTP HEADER if (defined('AUTO_CREATE_USER') && AUTO_CREATE_USER) { // update user name $fullname = $_SERVER['HTTP_USER_NAME'] ? $_SERVER['HTTP_USER_NAME'] : $_SERVER['AUTHENTICATE_CN']; if ($fullname) { $fullname = db_escape_string($fullname); db_query($link, "UPDATE ttrss_users SET full_name = '{$fullname}' WHERE id = " . $_SESSION["uid"]); } // update user mail $email = $_SERVER['HTTP_USER_MAIL'] ? $_SERVER['HTTP_USER_MAIL'] : $_SERVER['AUTHENTICATE_MAIL']; if ($email) { $email = db_escape_string($email); db_query($link, "UPDATE ttrss_users SET email = '{$email}' WHERE id = " . $_SESSION["uid"]); } } $_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"]; $_SESSION["pwd_hash"] = db_fetch_result($result, 0, "pwd_hash"); $_SESSION["last_version_check"] = time(); initialize_user_prefs($link, $_SESSION["uid"]); return true; } return false; } else { $_SESSION["uid"] = 1; $_SESSION["name"] = "admin"; $_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"]; initialize_user_prefs($link, $_SESSION["uid"]); return true; } }
function index() { global $access_level_names; $prefs_blacklist = array("HIDE_READ_FEEDS", "FEEDS_SORT_BY_UNREAD", "STRIP_UNSAFE_TAGS"); $profile_blacklist = array("ALLOW_DUPLICATE_POSTS", "PURGE_OLD_DAYS", "PURGE_UNREAD_ARTICLES", "DIGEST_ENABLE", "DIGEST_CATCHUP", "BLACKLISTED_TAGS", "ENABLE_API_ACCESS", "UPDATE_POST_ON_CHECKSUM_CHANGE", "DEFAULT_UPDATE_INTERVAL", "USER_TIMEZONE", "SORT_HEADLINES_BY_FEED_DATE", "SSL_CERT_SERIAL", "DIGEST_PREFERRED_TIME"); $_SESSION["prefs_op_result"] = ""; print "<div dojoType=\"dijit.layout.AccordionContainer\" region=\"center\">"; print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"" . __('Personal data / Authentication') . "\">"; print "<form dojoType=\"dijit.form.Form\" id=\"changeUserdataForm\">"; print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">\n\t\tevt.preventDefault();\n\t\tif (this.validate()) {\n\t\t\tnotify_progress('Saving data...', true);\n\n\t\t\tnew Ajax.Request('backend.php', {\n\t\t\t\tparameters: dojo.objectToQuery(this.getValues()),\n\t\t\t\tonComplete: function(transport) {\n\t\t\t\t\tnotify_callback2(transport);\n\t\t\t} });\n\n\t\t}\n\t\t</script>"; print "<table width=\"100%\" class=\"prefPrefsList\">"; $result = db_query($this->link, "SELECT email,full_name,\n\t\t\taccess_level FROM ttrss_users\n\t\t\tWHERE id = " . $_SESSION["uid"]); $email = htmlspecialchars(db_fetch_result($result, 0, "email")); $full_name = htmlspecialchars(db_fetch_result($result, 0, "full_name")); print "<tr><td width=\"40%\">" . __('Full name') . "</td>"; print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"full_name\" required=\"1\"\n\t\t\tvalue=\"{$full_name}\"></td></tr>"; print "<tr><td width=\"40%\">" . __('E-mail') . "</td>"; print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"email\" required=\"1\" value=\"{$email}\"></td></tr>"; if (!SINGLE_USER_MODE && !(ALLOW_REMOTE_USER_AUTH && AUTO_LOGIN)) { $access_level = db_fetch_result($result, 0, "access_level"); print "<tr><td width=\"40%\">" . __('Access level') . "</td>"; print "<td>" . $access_level_names[$access_level] . "</td></tr>"; } print "</table>"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"changeemail\">"; print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">" . __("Save data") . "</button>"; print "</form>"; if (!SINGLE_USER_MODE && !(ALLOW_REMOTE_USER_AUTH && AUTO_LOGIN)) { $result = db_query($this->link, "SELECT id FROM ttrss_users\n\t\t\t\tWHERE id = " . $_SESSION["uid"] . " AND pwd_hash\n\t\t\t\t= 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'"); if (db_num_rows($result) != 0) { print format_warning(__("Your password is at default value, please change it."), "default_pass_warning"); } print "<form dojoType=\"dijit.form.Form\">"; print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">\n\t\t\tevt.preventDefault();\n\t\t\tif (this.validate()) {\n\t\t\t\tnotify_progress('Changing password...', true);\n\n\t\t\t\tnew Ajax.Request('backend.php', {\n\t\t\t\t\tparameters: dojo.objectToQuery(this.getValues()),\n\t\t\t\t\tonComplete: function(transport) {\n\t\t\t\t\t\tnotify('');\n\t\t\t\t\t\tif (transport.responseText.indexOf('ERROR: ') == 0) {\n\t\t\t\t\t\t\tnotify_error(transport.responseText.replace('ERROR: ', ''));\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\tnotify_info(transport.responseText);\n\t\t\t\t\t\t\tvar warn = \$('default_pass_warning');\n\t\t\t\t\t\t\tif (warn) Element.hide(warn);\n\t\t\t\t\t\t}\n\t\t\t\t}});\n\t\t\t\tthis.reset();\n\t\t\t}\n\t\t\t</script>"; print "<table width=\"100%\" class=\"prefPrefsList\">"; print "<tr><td width=\"40%\">" . __("Old password") . "</td>"; print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"old_password\"></td></tr>"; print "<tr><td width=\"40%\">" . __("New password") . "</td>"; print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\"\n\t\t\t\tname=\"new_password\"></td></tr>"; print "<tr><td width=\"40%\">" . __("Confirm password") . "</td>"; print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"confirm_password\"></td></tr>"; print "</table>"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"changepassword\">"; print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">" . __("Change password") . "</button>"; print "</form>"; } print "</div>"; #pane print "<div dojoType=\"dijit.layout.AccordionPane\" selected=\"true\" title=\"" . __('Preferences') . "\">"; print "<form dojoType=\"dijit.form.Form\" id=\"changeSettingsForm\">"; print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">\n\t\tevt.preventDefault();\n\t\tif (this.validate()) {\n\t\t\tconsole.log(dojo.objectToQuery(this.getValues()));\n\n\t\t\tnew Ajax.Request('backend.php', {\n\t\t\t\tparameters: dojo.objectToQuery(this.getValues()),\n\t\t\t\tonComplete: function(transport) {\n\t\t\t\t\tvar msg = transport.responseText;\n\t\t\t\t\tif (msg.match('PREFS_THEME_CHANGED')) {\n\t\t\t\t\t\twindow.location.reload();\n\t\t\t\t\t} else {\n\t\t\t\t\t\tnotify_info(msg);\n\t\t\t\t\t}\n\t\t\t} });\n\t\t}\n\t\t</script>"; print '<div dojoType="dijit.layout.BorderContainer" gutters="false">'; print '<div dojoType="dijit.layout.ContentPane" region="center" style="overflow-y : auto">'; if ($_SESSION["profile"]) { print_notice("Some preferences are only available in default profile."); } if ($_SESSION["profile"]) { initialize_user_prefs($this->link, $_SESSION["uid"], $_SESSION["profile"]); $profile_qpart = "profile = '" . $_SESSION["profile"] . "'"; } else { initialize_user_prefs($this->link, $_SESSION["uid"]); $profile_qpart = "profile IS NULL"; } $result = db_query($this->link, "SELECT DISTINCT\n\t\t\tttrss_user_prefs.pref_name,short_desc,help_text,value,type_name,\n\t\t\tsection_name,def_value,section_id\n\t\t\tFROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs\n\t\t\tWHERE type_id = ttrss_prefs_types.id AND\n\t\t\t\t{$profile_qpart} AND\n\t\t\t\tsection_id = ttrss_prefs_sections.id AND\n\t\t\t\tttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND\n\t\t\t\tshort_desc != '' AND\n\t\t\t\towner_uid = " . $_SESSION["uid"] . "\n\t\t\tORDER BY section_id,short_desc"); $lnum = 0; $active_section = ""; while ($line = db_fetch_assoc($result)) { if (in_array($line["pref_name"], $prefs_blacklist)) { continue; } if ($_SESSION["profile"] && in_array($line["pref_name"], $profile_blacklist)) { continue; } if ($active_section != $line["section_name"]) { if ($active_section != "") { print "</table>"; } print "<table width=\"100%\" class=\"prefPrefsList\">"; $active_section = $line["section_name"]; print "<tr><td colspan=\"3\"><h3>" . __($active_section) . "</h3></td></tr>"; if ($line["section_id"] == 2) { print "<tr><td width=\"40%\">" . __("Select theme") . "</td>"; $user_theme = get_pref($this->link, "_THEME_ID"); $themes = get_all_themes(); print "<td><select name=\"_THEME_ID\" dojoType=\"dijit.form.Select\">"; print "<option value='Default'>" . __('Default') . "</option>"; print "<option value='----------------' disabled=\"1\">--------</option>"; foreach ($themes as $t) { $base = $t['base']; $name = $t['name']; if ($base == $user_theme) { $selected = "selected=\"1\""; } else { $selected = ""; } print "<option {$selected} value='{$base}'>{$name}</option>"; } print "</select></td></tr>"; } $lnum = 0; } print "<tr>"; $type_name = $line["type_name"]; $pref_name = $line["pref_name"]; $value = $line["value"]; $def_value = $line["def_value"]; $help_text = $line["help_text"]; print "<td width=\"40%\" class=\"prefName\" id=\"{$pref_name}\">" . __($line["short_desc"]); if ($help_text) { print "<div class=\"prefHelp\">" . __($help_text) . "</div>"; } print "</td>"; print "<td class=\"prefValue\">"; if ($pref_name == "USER_TIMEZONE") { $timezones = explode("\n", file_get_contents("lib/timezones.txt")); print_select($pref_name, $value, $timezones, 'dojoType="dijit.form.FilteringSelect"'); } else { if ($pref_name == "USER_STYLESHEET") { print "<button dojoType=\"dijit.form.Button\"\n\t\t\t\t\tonclick=\"customizeCSS()\">" . __('Customize') . "</button>"; } else { if ($pref_name == "DEFAULT_ARTICLE_LIMIT") { $limits = array(15, 30, 45, 60); print_select($pref_name, $value, $limits, 'dojoType="dijit.form.Select"'); } else { if ($pref_name == "DEFAULT_UPDATE_INTERVAL") { global $update_intervals_nodefault; print_select_hash($pref_name, $value, $update_intervals_nodefault, 'dojoType="dijit.form.Select"'); } else { if ($type_name == "bool") { if ($value == "true") { $value = __("Yes"); } else { $value = __("No"); } if ($pref_name == "PURGE_UNREAD_ARTICLES" && FORCE_ARTICLE_PURGE != 0) { $disabled = "disabled=\"1\""; $value = __("Yes"); } else { $disabled = ""; } print_radio($pref_name, $value, __("Yes"), array(__("Yes"), __("No")), $disabled); } else { if (array_search($pref_name, array('FRESH_ARTICLE_MAX_AGE', 'DEFAULT_ARTICLE_LIMIT', 'PURGE_OLD_DAYS', 'LONG_DATE_FORMAT', 'SHORT_DATE_FORMAT')) !== false) { $regexp = $type_name == 'integer' ? 'regexp="^\\d*$"' : ''; if ($pref_name == "PURGE_OLD_DAYS" && FORCE_ARTICLE_PURGE != 0) { $disabled = "disabled=\"1\""; $value = FORCE_ARTICLE_PURGE; } else { $disabled = ""; } print "<input dojoType=\"dijit.form.ValidationTextBox\"\n\t\t\t\t\trequired=\"1\" {$regexp} {$disabled}\n\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\">"; } else { if ($pref_name == "SSL_CERT_SERIAL") { print "<input dojoType=\"dijit.form.ValidationTextBox\"\n\t\t\t\t\tid=\"SSL_CERT_SERIAL\" readonly=\"1\"\n\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\">"; $cert_serial = htmlspecialchars(get_ssl_certificate_id()); $has_serial = $cert_serial ? "false" : "true"; print " <button dojoType=\"dijit.form.Button\" disabled=\"{$has_serial}\"\n\t\t\t\t\tonclick=\"insertSSLserial('{$cert_serial}')\">" . __('Register') . "</button>"; print " <button dojoType=\"dijit.form.Button\"\n\t\t\t\t\tonclick=\"insertSSLserial('')\">" . __('Clear') . "</button>"; } else { if ($pref_name == 'DIGEST_PREFERRED_TIME') { print "<input dojoType=\"dijit.form.ValidationTextBox\"\n\t\t\t\t\tid=\"{$pref_name}\" regexp=\"[012]?\\d:\\d\\d\" placeHolder=\"12:00\"\n\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\"><div class=\"insensitive\">" . T_sprintf("Current server time: %s (UTC)", date("H:i")) . "</div>"; } else { $regexp = $type_name == 'integer' ? 'regexp="^\\d*$"' : ''; print "<input dojoType=\"dijit.form.ValidationTextBox\"\n\t\t\t\t\t{$regexp}\n\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\">"; } } } } } } } } print "</td>"; print "</tr>"; $lnum++; } print "</table>"; print '</div>'; # inside pane print '<div dojoType="dijit.layout.ContentPane" region="bottom">'; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"saveconfig\">"; print "<button dojoType=\"dijit.form.Button\" type=\"submit\">" . __('Save configuration') . "</button> "; print "<button dojoType=\"dijit.form.Button\" onclick=\"return editProfiles()\">" . __('Manage profiles') . "</button> "; print "<button dojoType=\"dijit.form.Button\" onclick=\"return validatePrefsReset()\">" . __('Reset to defaults') . "</button>"; print '</div>'; # inner pane print '</div>'; # border container print "</form>"; print "</div>"; #pane print "</div>"; #container }