From 1395083e9471ef5cd39314479790552a569d37d0 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Tue, 13 Dec 2011 10:00:42 +0400 Subject: add pref_prefs class --- classes/pref_prefs.php | 493 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 493 insertions(+) create mode 100644 classes/pref_prefs.php (limited to 'classes/pref_prefs.php') diff --git a/classes/pref_prefs.php b/classes/pref_prefs.php new file mode 100644 index 000000000..896268275 --- /dev/null +++ b/classes/pref_prefs.php @@ -0,0 +1,493 @@ +link, "SELECT id FROM ttrss_users WHERE + id = '$active_uid' AND (pwd_hash = '$old_pw_hash1' OR + pwd_hash = '$old_pw_hash2')"); + + if (db_num_rows($result) == 1) { + db_query($this->link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash' + WHERE id = '$active_uid'"); + + $_SESSION["pwd_hash"] = $new_pw_hash; + + print __("Password has been changed."); + } else { + print "ERROR: ".__('Old password is incorrect.'); + } + } + + return; + + } + + function saveconfig() { + + $_SESSION["prefs_cache"] = false; + + $orig_theme = get_pref($this->link, "_THEME_ID"); + + foreach (array_keys($_POST) as $pref_name) { + + $pref_name = db_escape_string($pref_name); + $value = db_escape_string($_POST[$pref_name]); + + set_pref($this->link, $pref_name, $value); + + } + + if ($orig_theme != get_pref($this->link, "_THEME_ID")) { + print "PREFS_THEME_CHANGED"; + } else { + print __("The configuration was saved."); + } + } + + function getHelp() { + + $pref_name = db_escape_string($_REQUEST["pn"]); + + $result = db_query($this->link, "SELECT help_text FROM ttrss_prefs + WHERE pref_name = '$pref_name'"); + + if (db_num_rows($result) > 0) { + $help_text = db_fetch_result($result, 0, "help_text"); + print $help_text; + } else { + printf(__("Unknown option: %s"), $pref_name); + } + } + + function changeemail() { + + $email = db_escape_string($_POST["email"]); + $full_name = db_escape_string($_POST["full_name"]); + + $active_uid = $_SESSION["uid"]; + + db_query($this->link, "UPDATE ttrss_users SET email = '$email', + full_name = '$full_name' WHERE id = '$active_uid'"); + + print __("Your personal data has been saved."); + + return; + } + + function resetconfig() { + + $_SESSION["prefs_op_result"] = "reset-to-defaults"; + + if ($_SESSION["profile"]) { + $profile_qpart = "profile = '" . $_SESSION["profile"] . "'"; + } else { + $profile_qpart = "profile IS NULL"; + } + + db_query($this->link, "DELETE FROM ttrss_user_prefs + WHERE $profile_qpart AND owner_uid = ".$_SESSION["uid"]); + + initialize_user_prefs($this->link, $_SESSION["uid"], $_SESSION["profile"]); + + print "PREFS_THEME_CHANGED"; + } + + function index() { + + global $access_level_names; + + $prefs_blacklist = array("HIDE_READ_FEEDS", "FEEDS_SORT_BY_UNREAD", + "STRIP_UNSAFE_TAGS"); + + $profile_blacklist = array("ALLOW_DUPLICATE_POSTS", "PURGE_OLD_DAYS", + "PURGE_UNREAD_ARTICLES", "DIGEST_ENABLE", "DIGEST_CATCHUP", + "BLACKLISTED_TAGS", "ENABLE_API_ACCESS", "UPDATE_POST_ON_CHECKSUM_CHANGE", + "DEFAULT_UPDATE_INTERVAL", "USER_TIMEZONE", "SORT_HEADLINES_BY_FEED_DATE", + "SSL_CERT_SERIAL"); + + + if (!SINGLE_USER_MODE) { + + $_SESSION["prefs_op_result"] = ""; + + print "
"; + print "
"; + + print "
"; + + print ""; + + print ""; + + $result = db_query($this->link, "SELECT email,full_name, + access_level FROM ttrss_users + WHERE id = ".$_SESSION["uid"]); + + $email = htmlspecialchars(db_fetch_result($result, 0, "email")); + $full_name = htmlspecialchars(db_fetch_result($result, 0, "full_name")); + + print ""; + print ""; + + print ""; + print ""; + + if (!SINGLE_USER_MODE) { + $access_level = db_fetch_result($result, 0, "access_level"); + print ""; + print ""; + } + + print "
".__('Full name')."
".__('E-mail')."
".__('Access level')."" . $access_level_names[$access_level] . "
"; + + print ""; + print ""; + + print "

"; + + print "

"; + + print "
"; # pane + print "
"; + + $result = db_query($this->link, "SELECT id FROM ttrss_users + WHERE id = ".$_SESSION["uid"]." AND pwd_hash + = 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'"); + + if (db_num_rows($result) != 0) { + print format_warning(__("Your password is at default value, please change it."), "default_pass_warning"); + } + + print "
"; + + print ""; + + print ""; + + print ""; + print ""; + + print ""; + + print ""; + + print ""; + + print ""; + + print "
".__("Old password")."
".__("New password")."
".__("Confirm password")."
"; + + print ""; + print ""; + + print "

"; + + print "

"; + + print "
"; #pane + } + + print "
"; + + print "
"; + + print ""; + + print '
'; + + print '
'; + + if ($_SESSION["profile"]) { + print_notice("Some preferences are only available in default profile."); + } + + if ($_SESSION["profile"]) { + initialize_user_prefs($this->link, $_SESSION["uid"], $_SESSION["profile"]); + $profile_qpart = "profile = '" . $_SESSION["profile"] . "'"; + } else { + initialize_user_prefs($this->link, $_SESSION["uid"]); + $profile_qpart = "profile IS NULL"; + } + + $result = db_query($this->link, "SELECT + ttrss_user_prefs.pref_name,short_desc,help_text,value,type_name, + section_name,def_value,section_id + FROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs + WHERE type_id = ttrss_prefs_types.id AND + $profile_qpart AND + section_id = ttrss_prefs_sections.id AND + ttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND + short_desc != '' AND + owner_uid = ".$_SESSION["uid"]." + ORDER BY section_id,short_desc"); + + $lnum = 0; + + $active_section = ""; + + while ($line = db_fetch_assoc($result)) { + + if (in_array($line["pref_name"], $prefs_blacklist)) { + continue; + } + + if ($_SESSION["profile"] && in_array($line["pref_name"], + $profile_blacklist)) { + continue; + } + + if ($active_section != $line["section_name"]) { + + if ($active_section != "") { + print ""; + } + + print ""; + + $active_section = $line["section_name"]; + + print ""; + + if ($line["section_id"] == 2) { + print ""; + + $user_theme = get_pref($this->link, "_THEME_ID"); + $themes = get_all_themes(); + + print ""; + } + $lnum = 0; + } + + print ""; + + $type_name = $line["type_name"]; + $pref_name = $line["pref_name"]; + $value = $line["value"]; + $def_value = $line["def_value"]; + $help_text = $line["help_text"]; + + print ""; + + print ""; + + print ""; + + $lnum++; + } + + print "

".__($active_section)."

".__("Select theme")."
" . __($line["short_desc"]); + + if ($help_text) print "
".__($help_text)."
"; + + print "		"; + + if ($pref_name == "USER_TIMEZONE") { + + $timezones = explode("\n", file_get_contents("lib/timezones.txt")); + + print_select($pref_name, $value, $timezones, 'dojoType="dijit.form.FilteringSelect"'); + } else if ($pref_name == "USER_STYLESHEET") { + + print ""; + + } else if ($pref_name == "DEFAULT_ARTICLE_LIMIT") { + + $limits = array(15, 30, 45, 60); + + print_select($pref_name, $value, $limits, + 'dojoType="dijit.form.Select"'); + + } else if ($pref_name == "DEFAULT_UPDATE_INTERVAL") { + + global $update_intervals_nodefault; + + print_select_hash($pref_name, $value, $update_intervals_nodefault, + 'dojoType="dijit.form.Select"'); + + } else if ($type_name == "bool") { + + if ($value == "true") { + $value = __("Yes"); + } else { + $value = __("No"); + } + + if ($pref_name == "PURGE_UNREAD_ARTICLES" && FORCE_ARTICLE_PURGE != 0) { + $disabled = "disabled=\"1\""; + $value = __("Yes"); + } else { + $disabled = ""; + } + + print_radio($pref_name, $value, __("Yes"), array(__("Yes"), __("No")), + $disabled); + + } else if (array_search($pref_name, array('FRESH_ARTICLE_MAX_AGE', 'DEFAULT_ARTICLE_LIMIT', + 'PURGE_OLD_DAYS', 'LONG_DATE_FORMAT', 'SHORT_DATE_FORMAT')) !== false) { + + $regexp = ($type_name == 'integer') ? 'regexp="^\d*$"' : ''; + + if ($pref_name == "PURGE_OLD_DAYS" && FORCE_ARTICLE_PURGE != 0) { + $disabled = "disabled=\"1\""; + $value = FORCE_ARTICLE_PURGE; + } else { + $disabled = ""; + } + + print ""; + + } else if ($pref_name == "SSL_CERT_SERIAL") { + + print ""; + + $cert_serial = htmlspecialchars(get_ssl_certificate_id()); + $has_serial = ($cert_serial) ? "false" : "true"; + + print " "; + + print " "; + + } else { + $regexp = ($type_name == 'integer') ? 'regexp="^\d*$"' : ''; + + print ""; + } + + print "
"; + + print '
'; # inside pane + print '
'; + + print ""; + print ""; + + print " "; + + print " "; + + print ""; + + print '
'; # inner pane + print '
'; # border container + + print "
"; + + print "
"; #pane + print "
"; #container + } +} +?> -- cgit v1.2.3-54-g00ecf From 46da73c255353a3f874d9742d7b2f9c64e7607b5 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Tue, 13 Dec 2011 14:15:42 +0400 Subject: implement ProtectedHandler --- classes/article.php | 2 +- classes/dlg.php | 16 ++++---- classes/feeds.php | 94 +++++++++++++++++++++---------------------- classes/pref_feeds.php | 12 +++--- classes/pref_filters.php | 2 +- classes/pref_labels.php | 2 +- classes/pref_prefs.php | 2 +- classes/pref_users.php | 2 +- classes/protected_handler.php | 8 ++++ classes/rpc.php | 10 ++--- 10 files changed, 79 insertions(+), 71 deletions(-) create mode 100644 classes/protected_handler.php (limited to 'classes/pref_prefs.php') diff --git a/classes/article.php b/classes/article.php index 70ecd2653..90ca129b9 100644 --- a/classes/article.php +++ b/classes/article.php @@ -1,5 +1,5 @@ "; } function importOpml() { header("Content-Type: text/html"); # required for iframe - + print "
"; $owner_uid = $_SESSION["uid"]; @@ -534,7 +534,7 @@ class Dlg extends Handler { } function inactiveFeeds() { - + if (DB_TYPE == "pgsql") { $interval_qpart = "NOW() - INTERVAL '3 months'"; } else { @@ -714,7 +714,7 @@ class Dlg extends Handler { } function printTagSelect() { - + print "" . __('Select item(s) by tags') . ""; print "".__('View as RSS').""; print "link); $version = $version_data['version']; $id = $version_data['version_id']; diff --git a/classes/feeds.php b/classes/feeds.php index a654c92ae..f4d19c00c 100644 --- a/classes/feeds.php +++ b/classes/feeds.php @@ -1,11 +1,11 @@ link, "UPDATE ttrss_user_entries SET last_read = NOW(),unread = false WHERE owner_uid = " . $_SESSION["uid"]); ccache_zero_all($this->link, $_SESSION["uid"]); - } + } function collapse() { $cat_id = db_escape_string($_REQUEST["cid"]); @@ -15,36 +15,36 @@ class Feeds extends Handler { function index() { $root = (bool)$_REQUEST["root"]; - + if (!$root) { print json_encode(outputFeedList($this->link)); } else { - + $feeds = outputFeedList($this->link, false); - + $root = array(); $root['id'] = 'root'; $root['name'] = __('Feeds'); $root['items'] = $feeds['items']; - + $fl = array(); $fl['identifier'] = 'id'; $fl['label'] = 'name'; $fl['items'] = array($root); - + print json_encode($fl); } - } - + } + function view() { $timing_info = getmicrotime(); - + $reply = array(); - + if ($_REQUEST["debug"]) $timing_info = print_checkpoint("0", $timing_info); - + $omode = db_escape_string($_REQUEST["omode"]); - + $feed = db_escape_string($_REQUEST["feed"]); $method = db_escape_string($_REQUEST["m"]); $view_mode = db_escape_string($_REQUEST["view_mode"]); @@ -54,19 +54,19 @@ class Feeds extends Handler { @$offset = db_escape_string($_REQUEST["skip"]); @$vgroup_last_feed = db_escape_string($_REQUEST["vgrlf"]); $order_by = db_escape_string($_REQUEST["order_by"]); - + if (is_numeric($feed)) $feed = (int) $feed; - + /* Feed -5 is a special case: it is used to display auxiliary information * when there's nothing to load - e.g. no stuff in fresh feed */ - + if ($feed == -5) { print json_encode(generate_dashboard_feed($this->link)); return; } - + $result = false; - + if ($feed < -10) { $label_feed = -11-$feed; $result = db_query($this->link, "SELECT id FROM ttrss_labels2 WHERE @@ -78,45 +78,45 @@ class Feeds extends Handler { $result = db_query($this->link, "SELECT id FROM ttrss_feed_categories WHERE id = '$feed' AND owner_uid = " . $_SESSION['uid']); } - + if ($result && db_num_rows($result) == 0) { print json_encode(generate_error_feed($this->link, __("Feed not found."))); return; } - + /* Updating a label ccache means recalculating all of the caches * so for performance reasons we don't do that here */ - + if ($feed >= 0) { ccache_update($this->link, $feed, $_SESSION["uid"], $cat_view); } - + set_pref($this->link, "_DEFAULT_VIEW_MODE", $view_mode); set_pref($this->link, "_DEFAULT_VIEW_LIMIT", $limit); set_pref($this->link, "_DEFAULT_VIEW_ORDER_BY", $order_by); - + if (!$cat_view && preg_match("/^[0-9][0-9]*$/", $feed)) { db_query($this->link, "UPDATE ttrss_feeds SET last_viewed = NOW() WHERE id = '$feed' AND owner_uid = ".$_SESSION["uid"]); } - + $reply['headlines'] = array(); - + if (!$next_unread_feed) $reply['headlines']['id'] = $feed; else $reply['headlines']['id'] = $next_unread_feed; - + $reply['headlines']['is_cat'] = (bool) $cat_view; - + $override_order = false; - + if (get_pref($this->link, "SORT_HEADLINES_BY_FEED_DATE", $owner_uid)) { $date_sort_field = "updated"; } else { $date_sort_field = "date_entered"; } - + switch ($order_by) { case "date": if (get_pref($this->link, 'REVERSE_HEADLINES', $owner_uid)) { @@ -125,7 +125,7 @@ class Feeds extends Handler { $override_order = "$date_sort_field DESC"; } break; - + case "title": if (get_pref($this->link, 'REVERSE_HEADLINES', $owner_uid)) { $override_order = "title DESC, $date_sort_field"; @@ -133,7 +133,7 @@ class Feeds extends Handler { $override_order = "title, $date_sort_field DESC"; } break; - + case "score": if (get_pref($this->link, 'REVERSE_HEADLINES', $owner_uid)) { $override_order = "score, $date_sort_field"; @@ -142,46 +142,46 @@ class Feeds extends Handler { } break; } - + if ($_REQUEST["debug"]) $timing_info = print_checkpoint("04", $timing_info); - + $ret = format_headlines_list($this->link, $feed, $method, $view_mode, $limit, $cat_view, $next_unread_feed, $offset, $vgroup_last_feed, $override_order); - + $topmost_article_ids = $ret[0]; $headlines_count = $ret[1]; $returned_feed = $ret[2]; $disable_cache = $ret[3]; $vgroup_last_feed = $ret[4]; - + $reply['headlines']['content'] =& $ret[5]['content']; $reply['headlines']['toolbar'] =& $ret[5]['toolbar']; - + if ($_REQUEST["debug"]) $timing_info = print_checkpoint("05", $timing_info); - + $reply['headlines-info'] = array("count" => (int) $headlines_count, "vgroup_last_feed" => $vgroup_last_feed, "disable_cache" => (bool) $disable_cache); - + if ($_REQUEST["debug"]) $timing_info = print_checkpoint("20", $timing_info); - + if (is_array($topmost_article_ids) && !get_pref($this->link, 'COMBINED_DISPLAY_MODE') && !$_SESSION["bw_limit"]) { $articles = array(); - + foreach ($topmost_article_ids as $id) { array_push($articles, format_article($this->link, $id, false)); } - + $reply['articles'] = $articles; } - + if ($_REQUEST["debug"]) $timing_info = print_checkpoint("30", $timing_info); - + $reply['runtime-info'] = make_runtime_info($this->link); - + print json_encode($reply); - + } } -?> \ No newline at end of file +?> diff --git a/classes/pref_feeds.php b/classes/pref_feeds.php index bf15bf25a..783d29f79 100644 --- a/classes/pref_feeds.php +++ b/classes/pref_feeds.php @@ -1,5 +1,5 @@ "; @@ -529,7 +529,7 @@ class Pref_Feeds extends Handler { global $purge_intervals; global $update_intervals; global $update_methods; - + $feed_ids = db_escape_string($_REQUEST["ids"]); print ""; @@ -688,13 +688,13 @@ class Pref_Feeds extends Handler { function batchEditSave() { return editsaveops(true); } - + function editSave() { return editsaveops(false); } - - function editsaveops($batch) { - + + function editsaveops($batch) { + $feed_title = db_escape_string(trim($_POST["title"])); $feed_link = db_escape_string(trim($_POST["feed_url"])); $upd_intl = (int) db_escape_string($_POST["update_interval"]); diff --git a/classes/pref_filters.php b/classes/pref_filters.php index 754e8d211..fdae5f59e 100644 --- a/classes/pref_filters.php +++ b/classes/pref_filters.php @@ -1,5 +1,5 @@ diff --git a/classes/rpc.php b/classes/rpc.php index 8f03381f8..c6fc8c263 100644 --- a/classes/rpc.php +++ b/classes/rpc.php @@ -1,9 +1,9 @@ link)) { $omode = $_REQUEST["omode"]; - + if ($omode != "T") $reply['counters'] = getAllCounters($this->link, $omode); else @@ -403,11 +403,11 @@ class RPC extends Handler { function assigntolabel() { return labelops(true); } - + function removefromlabel() { return labelops(false); } - + function labelops($assign) { $reply = array(); -- cgit v1.2.3-54-g00ecf