From f38be747d132d754801c46ee3df15f8c27a03762 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Mon, 1 Mar 2021 18:36:47 +0300
Subject: initial for idiorm

---
 classes/db.php         | 29 +++++++++++++------
 classes/pref/users.php | 77 ++++++++++++++++++++++----------------------------
 2 files changed, 53 insertions(+), 53 deletions(-)

(limited to 'classes')

diff --git a/classes/db.php b/classes/db.php
index a760d4402..a30ffad31 100755
--- a/classes/db.php
+++ b/classes/db.php
@@ -1,27 +1,38 @@
 <?php
 class Db
 {
-	/* @var Db $instance */
+	/** @var Db $instance */
 	private static $instance;
 
 	private $link;
 
-	/* @var PDO $pdo */
+	/** @var PDO $pdo */
 	private $pdo;
 
+	function __construct() {
+		ORM::configure(self::get_dsn());
+		ORM::configure('username', Config::get(Config::DB_USER));
+		ORM::configure('password', Config::get(Config::DB_PASS));
+		ORM::configure('return_result_sets', true);
+	}
+
 	private function __clone() {
 		//
 	}
 
-	// this really shouldn't be used unless a separate PDO connection is needed
-	// normal usage is Db::pdo()->prepare(...) etc
-	public function pdo_connect() {
-
+	public static function get_dsn() {
 		$db_port = Config::get(Config::DB_PORT) ? ';port=' . Config::get(Config::DB_PORT) : '';
 		$db_host = Config::get(Config::DB_HOST) ? ';host=' . Config::get(Config::DB_HOST) : '';
 
+		return Config::get(Config::DB_TYPE) . ':dbname=' . Config::get(Config::DB_NAME) . $db_host . $db_port;
+	}
+
+	// this really shouldn't be used unless a separate PDO connection is needed
+	// normal usage is Db::pdo()->prepare(...) etc
+	public function pdo_connect() : PDO {
+
 		try {
-			$pdo = new PDO(Config::get(Config::DB_TYPE) . ':dbname=' . Config::get(Config::DB_NAME) . $db_host . $db_port,
+			$pdo = new PDO(self::get_dsn(),
 				Config::get(Config::DB_USER),
 				Config::get(Config::DB_PASS));
 		} catch (Exception $e) {
@@ -49,7 +60,7 @@ class Db
 		return $pdo;
 	}
 
-	public static function instance() {
+	public static function instance() : Db {
 		if (self::$instance == null)
 			self::$instance = new self();
 
@@ -60,7 +71,7 @@ class Db
 		if (self::$instance == null)
 			self::$instance = new self();
 
-		if (!self::$instance->pdo) {
+		if (empty(self::$instance->pdo)) {
 			self::$instance->pdo = self::$instance->pdo_connect();
 		}
 
diff --git a/classes/pref/users.php b/classes/pref/users.php
index 111cabdca..bf95886ad 100644
--- a/classes/pref/users.php
+++ b/classes/pref/users.php
@@ -14,9 +14,9 @@ class Pref_Users extends Handler_Administrative {
 			$sth = $this->pdo->prepare("SELECT id, login, access_level, email FROM ttrss_users WHERE id = ?");
 			$sth->execute([$id]);
 
-			if ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
+			if ($user = $sth->fetch(PDO::FETCH_ASSOC)) {
 				print json_encode([
-						"user" => $row,
+						"user" => $user,
 						"access_level_names" => $access_level_names
 					]);
 			}
@@ -106,21 +106,22 @@ class Pref_Users extends Handler_Administrative {
 		}
 
 		function editSave() {
-			$login = clean($_REQUEST["login"]);
-			$uid = (int) clean($_REQUEST["id"]);
-			$access_level = (int) clean($_REQUEST["access_level"]);
-			$email = clean($_REQUEST["email"]);
+			$id = (int)$_REQUEST['id'];
 			$password = clean($_REQUEST["password"]);
+			$user = ORM::for_table('ttrss_users')->find_one($id);
+
+			if ($user) {
+				$login = clean($_REQUEST["login"]);
 
-			// no blank usernames
-			if (!$login) return;
+				if ($id == 1) $login = "admin";
+				if (!$login) return;
 
-			// forbid renaming admin
-			if ($uid == 1) $login = "admin";
+				$user->login = $login;
+				$user->access_level = (int) clean($_REQUEST["access_level"]);
+				$user->email = clean($_REQUEST["email"]);
 
-			$sth = $this->pdo->prepare("UPDATE ttrss_users SET login = LOWER(?),
-					access_level = ?, email = ?, otp_enabled = false WHERE id = ?");
-			$sth->execute([$login, $access_level, $email, $uid]);
+				$user->save();
+			}
 
 			if ($password) {
 				UserHelper::reset_password($uid, false, $password);
@@ -194,11 +195,10 @@ class Pref_Users extends Handler_Administrative {
 				$sort = "login";
 			}
 
-			$sort = $this->_validate_field($sort,
-				["login", "access_level", "created", "num_feeds", "created", "last_login"], "login");
+			if (!in_array($sort, ["login", "access_level", "created", "num_feeds", "created", "last_login"]))
+				$sort = "login";
 
 			if ($sort != "login") $sort = "$sort DESC";
-
 			?>
 
 			<div dojoType='dijit.layout.BorderContainer' gutters='false'>
@@ -253,32 +253,28 @@ class Pref_Users extends Handler_Administrative {
 						</tr>
 
 						<?php
-							$sth = $this->pdo->prepare("SELECT
-									tu.id,
-									login,access_level,email,
-									".SUBSTRING_FOR_DATE."(last_login,1,16) as last_login,
-									".SUBSTRING_FOR_DATE."(created,1,16) as created,
-									(SELECT COUNT(id) FROM ttrss_feeds WHERE owner_uid = tu.id) AS num_feeds
-								FROM
-									ttrss_users tu
-								WHERE
-									(:search = '' OR login LIKE :search) AND tu.id > 0
-								ORDER BY $sort");
-							$sth->execute([":search" => $user_search ? "%$user_search%" : ""]);
-
-							while ($row = $sth->fetch()) { ?>
-
-								<tr data-row-id='<?= $row["id"] ?>' onclick='Users.edit(<?= $row["id"] ?>)' title="<?= __('Click to edit') ?>">
+							$users = ORM::for_table('ttrss_users')
+								->table_alias('u')
+								->left_outer_join("ttrss_feeds", ["owner_uid", "=", "u.id"], 'f')
+									->select_expr('u.*,COUNT(f.id) AS num_feeds')
+									->where_like("login", $user_search ? "%$user_search%" : "%")
+									->order_by_expr($sort)
+									->group_by_expr('u.id')
+									->find_many();
+
+							foreach ($users as $user) { ?>
+
+								<tr data-row-id='<?= $user["id"] ?>' onclick='Users.edit(<?= $user["id"] ?>)' title="<?= __('Click to edit') ?>">
 									<td align='center'>
 										<input onclick='Tables.onRowChecked(this); event.stopPropagation();'
 										dojoType='dijit.form.CheckBox' type='checkbox'>
 									</td>
 
-									<td><i class='material-icons'>person</i> <?= htmlspecialchars($row["login"]) ?></td>
-									<td><?= $access_level_names[$row["access_level"]] ?></td>
-									<td><?= $row["num_feeds"] ?></td>
-									<td><?= TimeHelper::make_local_datetime($row["created"], false) ?></td>
-									<td><?= TimeHelper::make_local_datetime($row["last_login"], false) ?></td>
+									<td><i class='material-icons'>person</i> <?= htmlspecialchars($user["login"]) ?></td>
+									<td><?= $access_level_names[$user["access_level"]] ?></td>
+									<td><?= $user["num_feeds"] ?></td>
+									<td><?= TimeHelper::make_local_datetime($user["created"], false) ?></td>
+									<td><?= TimeHelper::make_local_datetime($user["last_login"], false) ?></td>
 								</tr>
 						<?php } ?>
 					</table>
@@ -288,11 +284,4 @@ class Pref_Users extends Handler_Administrative {
 		<?php
 	}
 
-	private function _validate_field($string, $allowed, $default = "") {
-			if (in_array($string, $allowed))
-				return $string;
-			else
-				return $default;
-		}
-
 }
-- 
cgit v1.2.3-54-g00ecf