Password Reset + Bugfixes

core/Api/UserAPI.class.php

@@ -84,7 +84,7 @@ namespace Api {
 
     protected function getUser($id) {
       $sql = $this->user->getSQL();
-      $res = $sql->select("User.uid as userId", "User.name", "User.email", "User.registered_at",
+      $res = $sql->select("User.uid as userId", "User.name", "User.email", "User.registered_at", "User.confirmed",
         "Group.uid as groupId", "Group.name as groupName", "Group.color as groupColor")
         ->from("User")
         ->leftJoin("UserGroup", "User.uid", "UserGroup.user_id")
@@ -254,7 +254,7 @@ namespace Api\User {
       }
 
       $sql = $this->user->getSQL();
-      $res = $sql->select("User.uid as userId", "User.name", "User.email", "User.registered_at",
+      $res = $sql->select("User.uid as userId", "User.name", "User.email", "User.registered_at", "User.confirmed",
         "Group.uid as groupId", "Group.name as groupName", "Group.color as groupColor")
         ->from("User")
         ->leftJoin("UserGroup", "User.uid", "UserGroup.user_id")
@@ -278,6 +278,7 @@ namespace Api\User {
               "name" => $row["name"],
               "email" => $row["email"],
               "registered_at" => $row["registered_at"],
+              "confirmed" => $sql->parseBool($row["confirmed"]),
               "groups" => array(),
             );
           }
@@ -310,6 +311,7 @@ namespace Api\User {
         return false;
       }
 
+      $sql = $this->user->getSQL();
       $id = $this->getParam("id");
       $user = $this->getUser($id);
 
@@ -322,6 +324,7 @@ namespace Api\User {
             "name" => $user[0]["name"],
             "email" => $user[0]["email"],
             "registered_at" => $user[0]["registered_at"],
+            "confirmed" => $sql->parseBool($user["0"]["confirmed"]),
             "groups" => array()
           );
 
@@ -450,6 +453,7 @@ namespace Api\User {
         'password' => new StringType('password'),
         'confirmPassword' => new StringType('confirmPassword'),
       ));
+      $this->csrfTokenRequired = false;
     }
 
     private function updateUser($uid, $password) {
@@ -783,7 +787,7 @@ namespace Api\User {
 
     private function checkToken($token) {
       $sql = $this->user->getSQL();
-      $res = $sql->select("UserToken.token_type", "User.uid", "User.name", "User.email", "User.confirmed")
+      $res = $sql->select("UserToken.token_type", "User.uid", "User.name", "User.email")
         ->from("UserToken")
         ->innerJoin("User", "UserToken.user_id", "User.uid")
         ->where(new Compare("UserToken.token", $token))
@@ -817,7 +821,6 @@ namespace Api\User {
           $this->result["user"] = array(
             "name" => $tokenEntry["name"],
             "email" => $tokenEntry["email"],
-            "confirmed" => $this->user->getSQL()->parseBool($tokenEntry["confirmed"]),
             "uid" => $tokenEntry["uid"]
           );
         } else {
@@ -837,6 +840,7 @@ namespace Api\User {
         'email' => new Parameter('email', Parameter::TYPE_EMAIL, true, NULL),
         'password' => new StringType('password', -1, true, NULL),
         'groups' => new Parameter('groups', Parameter::TYPE_ARRAY, true, NULL),
+        'confirmed' => new Parameter('confirmed', Parameter::TYPE_BOOLEAN, true, NULL)
       ));
 
       $this->loginRequired = true;
@@ -859,6 +863,7 @@ namespace Api\User {
         $email = $this->getParam("email");
         $password = $this->getParam("password");
         $groups = $this->getParam("groups");
+        $confirmed = $this->getParam("confirmed");
 
         $email = (!is_null($email) && empty($email)) ? null : $email;
 
@@ -896,6 +901,14 @@ namespace Api\User {
         if ($emailChanged) $query->set("email", $email);
         if (!is_null($password)) $query->set("password", $this->hashPassword($password));
 
+        if (!is_null($confirmed)) {
+          if ($id === $this->user->getId() && $confirmed === false) {
+            return $this->createError("Cannot make own account unconfirmed.");
+          } else {
+            $query->set("confirmed", $confirmed);
+          }
+        }
+
         if (!empty($query->getValues())) {
           $query->where(new Compare("User.uid", $id));
           $res = $query->execute();
@@ -957,7 +970,7 @@ namespace Api\User {
     }
   }
 
-  class RequestResetPassword extends UserAPI {
+  class RequestPasswordReset extends UserAPI {
     public function __construct(User $user, $externalCall = false) {
       $parameters = array(
         'email' => new Parameter('email', Parameter::TYPE_EMAIL),
@@ -969,6 +982,7 @@ namespace Api\User {
       }
 
       parent::__construct($user, $externalCall, $parameters);
+      $this->csrfTokenRequired = false;
     }
 
     public function execute($values = array()) {
@@ -1010,7 +1024,7 @@ namespace Api\User {
         $siteName = htmlspecialchars($settings->getSiteName());
 
         $replacements = array(
-          "link" => "$baseUrl/confirmEmail?token=$token",
+          "link" => "$baseUrl/resetPassword?token=$token",
           "site_name" => $siteName,
           "base_url" => $baseUrl,
           "username" => htmlspecialchars($user["name"])
@@ -1035,6 +1049,7 @@ namespace Api\User {
     private function findUser($email) {
       $sql = $this->user->getSQL();
       $res = $sql->select("User.uid", "User.name")
+        ->from("User")
         ->where(new Compare("User.email", $email))
         ->where(new CondBool("User.confirmed"))
         ->execute();
@@ -1073,6 +1088,8 @@ namespace Api\User {
         'password' => new StringType('password'),
         'confirmPassword' => new StringType('confirmPassword'),
       ));
+
+      $this->csrfTokenRequired = false;
     }
 
     private function updateUser($uid, $password) {
@@ -1108,7 +1125,7 @@ namespace Api\User {
       }
 
       $result = $req->getResult();
-      if (strcasecmp($result["token"]["type"], "reset_password") !== 0) {
+      if (strcasecmp($result["token"]["type"], "password_reset") !== 0) {
         return $this->createError("Invalid token type");
       } else if (!$this->checkPasswordRequirements($password, $confirmPassword)) {
         return false;

core/Documents/Admin.class.php

@@ -6,7 +6,7 @@ namespace Documents {
   use Elements\Document;
   use Objects\User;
   use Views\Admin\AdminDashboardBody;
-  use Views\LoginBody;
+  use Views\Admin\LoginBody;
 
   class Admin extends Document {
     public function __construct(User $user, ?string $view = NULL) {

core/Elements/Link.class.php

@@ -10,7 +10,7 @@ class Link extends StaticView {
   const FONTAWESOME = "/css/fontawesome.min.css";
   const BOOTSTRAP   = "/css/bootstrap.min.css";
   const CORE        = "/css/style.css";
-  const ADMIN       = "/css/admin.css";
+  const ACCOUNT       = "/css/account.css";
 
   private string $type;
   private string $rel;

core/Elements/Script.class.php

@@ -7,7 +7,6 @@ class Script extends StaticView {
   const MIME_TEXT_JAVASCRIPT    = "text/javascript";
 
   const CORE      = "/js/script.js";
-  const ADMIN     = "/js/admin.js";
   const JQUERY    = "/js/jquery.min.js";
   const INSTALL   = "/js/install.js";
   const BOOTSTRAP = "/js/bootstrap.bundle.min.js";

core/Views/Account/AcceptInvite.class.php

@@ -7,15 +7,83 @@ namespace Views\Account;
 use Elements\Document;
 use Elements\View;
 
-class AcceptInvite extends View {
+class AcceptInvite extends AccountView {
+
+  private bool $success;
+  private string $message;
+  private array $invitedUser;
 
   public function __construct(Document $document, $loadView = true) {
     parent::__construct($document, $loadView);
+    $this->title = "Invitation";
+    $this->description = "Finnish your account registration by choosing a password.";
+    $this->icon = "user-check";
+    $this->success = false;
+    $this->message = "No content";
+    $this->invitedUser = array();
   }
 
-  public function getCode() {
-    $html = parent::getCode();
+  public function loadView() {
+    parent::loadView();
+
+    if (isset($_GET["token"]) && is_string($_GET["token"]) && !empty($_GET["token"])) {
+      $req = new \Api\User\CheckToken($this->getDocument()->getUser());
+      $this->success = $req->execute(array("token" => $_GET["token"]));
+      if ($this->success) {
+        if (strcmp($req->getResult()["token"]["type"], "invite") !== 0) {
+          $this->success = false;
+          $this->message = "The given token has a wrong type.";
+        } else {
+          $this->invitedUser = $req->getResult()["user"];
+        }
+      } else {
+        $this->message = "Error confirming e-mail address: " . $req->getLastError();
+      }
+    } else {
+      $this->success = false;
+      $this->message = "The link you visited is no longer valid";
+    }
+  }
+
+  protected function getAccountContent() {
+    if (!$this->success) {
+      return $this->createErrorText($this->message);
+    }
+
+    $token = htmlspecialchars($_GET["token"], ENT_QUOTES);
+    $username = $this->invitedUser["name"];
+    $emailAddress = $this->invitedUser["email"];
 
-    return $html;
+    return "<h4 class=\"pb-4\">Please fill with your details</h4>
+      <form>
+        <input name='token' id='token' type='hidden' value='$token'/>
+        <div class=\"input-group\">
+          <div class=\"input-group-append\">
+            <span class=\"input-group-text\"><i class=\"fas fa-hashtag\"></i></span>  
+          </div>
+          <input id=\"username\" name=\"username\" placeholder=\"Username\" class=\"form-control\" type=\"text\" maxlength=\"32\" value='$username' disabled>
+        </div>
+        <div class=\"input-group mt-3\">
+         <div class=\"input-group-append\">
+            <span class=\"input-group-text\"><i class=\"fas fa-at\"></i></span>
+          </div>
+          <input type=\"email\" name='email' id='email' class=\"form-control\" placeholder=\"Email\" maxlength=\"64\" value='$emailAddress' disabled>
+        </div>
+        <div class=\"input-group mt-3\">
+          <div class=\"input-group-append\">
+            <span class=\"input-group-text\"><i class=\"fas fa-key\"></i></span>
+          </div>
+          <input type=\"password\" name='password' id='password' class=\"form-control\" placeholder=\"Password\">
+        </div>
+        <div class=\"input-group mt-3\">
+          <div class=\"input-group-append\">
+            <span class=\"input-group-text\"><i class=\"fas fa-key\"></i></span>
+          </div>
+          <input type=\"password\" name='confirmPassword' id='confirmPassword' class=\"form-control\" placeholder=\"Confirm Password\">
+        </div>
+        <div class=\"input-group mt-3\">
+          <button type=\"button\" class=\"btn btn-success\" id='btnAcceptInvite'>Submit</button>
+        </div>
+     </form>";
   }
 }

core/Views/Account/Register.class.php

@@ -3,9 +3,7 @@
 
 namespace Views\Account;
 
-
 use Elements\Document;
-use Elements\View;
 
 class Register extends AccountView {
 

core/Views/Account/ResetPassword.class.php

@@ -5,17 +5,83 @@ namespace Views\Account;
 
 
 use Elements\Document;
-use Elements\View;
 
-class ResetPassword extends View {
+class ResetPassword extends AccountView {
+
+  private bool $success;
+  private string $message;
+  private ?string $token;
 
   public function __construct(Document $document, $loadView = true) {
     parent::__construct($document, $loadView);
+    $this->title = "Reset Password";
+    $this->description = "Request a password reset, once you got the e-mail address, you can choose a new password";
+    $this->icon = "user-lock";
+    $this->success = true;
+    $this->message = "";
+    $this->token = NULL;
+  }
+
+  public function loadView() {
+    parent::loadView();
+
+    if (isset($_GET["token"]) && is_string($_GET["token"]) && !empty($_GET["token"])) {
+      $this->token = $_GET["token"];
+      $req = new \Api\User\CheckToken($this->getDocument()->getUser());
+      $this->success = $req->execute(array("token" => $_GET["token"]));
+      if ($this->success) {
+        if (strcmp($req->getResult()["token"]["type"], "password_reset") !== 0) {
+          $this->success = false;
+          $this->message = "The given token has a wrong type.";
+        }
+      } else {
+        $this->message = "Error requesting password reset: " . $req->getLastError();
+      }
+    }
   }
 
-  public function getCode() {
-    $html = parent::getCode();
+  protected function getAccountContent() {
+    if (!$this->success) {
+      $html = $this->createErrorText($this->message);
+      if ($this->token !== null) {
+        $html .= "<a href='/resetPassword' class='btn btn-primary'>Go back</a>";
+      }
+      return $html;
+    }
 
-    return $html;
+    if ($this->token === null) {
+      return  "<p class='lead'>Enter your E-Mail address, to receive a password reset token.</p>
+          <form>
+        <div class=\"input-group\">
+          <div class=\"input-group-append\">
+            <span class=\"input-group-text\"><i class=\"fas fa-at\"></i></span>  
+          </div>
+          <input id=\"email\" name=\"email\" placeholder=\"E-Mail address\" class=\"form-control\" type=\"email\" maxlength=\"64\" />
+        </div>
+        <div class=\"input-group mt-2\">
+          <button id='btnRequestPasswordReset' class='btn btn-primary'>Request</button>
+        </div>
+      ";
+    } else {
+      return "<h4 class=\"pb-4\">Choose a new password</h4>
+      <form>
+        <input name='token' id='token' type='hidden' value='$this->token'/>
+        <div class=\"input-group mt-3\">
+          <div class=\"input-group-append\">
+            <span class=\"input-group-text\"><i class=\"fas fa-key\"></i></span>
+          </div>
+          <input type=\"password\" name='password' id='password' class=\"form-control\" placeholder=\"Password\">
+        </div>
+        <div class=\"input-group mt-3\">
+          <div class=\"input-group-append\">
+            <span class=\"input-group-text\"><i class=\"fas fa-key\"></i></span>
+          </div>
+          <input type=\"password\" name='confirmPassword' id='confirmPassword' class=\"form-control\" placeholder=\"Confirm Password\">
+        </div>
+        <div class=\"input-group mt-3\">
+          <button type=\"button\" class=\"btn btn-success\" id='btnResetPassword'>Submit</button>
+        </div>
+     </form>";
+    }
   }
 }

core/Views/LoginBody.class.php → core/Views/Admin/LoginBody.class.php

@@ -1,10 +1,11 @@
 <?php
 
-namespace Views;
+namespace Views\Admin;
 
 use Elements\Body;
 use Elements\Link;
 use Elements\Script;
+use Views\LanguageFlags;
 
 class LoginBody extends Body {
 
@@ -19,8 +20,8 @@ class LoginBody extends Body {
     $head->loadBootstrap();
     $head->addJS(Script::CORE);
     $head->addCSS(Link::CORE);
-    $head->addJS(Script::ADMIN);
-    $head->addCSS(Link::ADMIN);
+    $head->addJS(Script::ACCOUNT);
+    $head->addCSS(Link::ACCOUNT);
   }
 
   public function getCode() {
@@ -37,14 +38,6 @@ class LoginBody extends Body {
     $domain = $_SERVER['HTTP_HOST'];
     $protocol = getProtocol();
 
-    $accountCreated = "";
-    if(isset($_GET["accountCreated"])) {
-      $accountCreated =
-        '<div class="alert alert-success mt-3" id="accountCreated">
-          Your account was successfully created, you may now login with your credentials
-        </div>';
-    }
-
     $html .= "
       <body>
         <div class=\"container mt-4\">
@@ -63,13 +56,12 @@ class LoginBody extends Body {
                 <label class=\"form-check-label\" for=\"stayLoggedIn\">$stayLoggedIn</label>
               </div>
               <button class=\"btn btn-lg btn-primary btn-block\" id=\"btnLogin\" type=\"button\">$login</button>
-              <div class=\"alert alert-danger hidden\" role=\"alert\" id=\"loginError\"></div>
+              <div class=\"alert alert-danger\" style='display:none' role=\"alert\" id=\"alertMessage\"></div>
               <span class=\"flags position-absolute\">$flags</span>
             </form>
             <div class=\"p-1\">
               <a href=\"$protocol://$domain\">$iconBack&nbsp;$backToStartPage</a>
             </div>
-            $accountCreated
           </div>
           </div>
         </div>

js/account.js

@@ -11,6 +11,30 @@ $(document).ready(function () {
         $("#alertMessage").hide();
     }
 
+    // Login
+    $("#btnLogin").click(function() {
+        const username = $("#username").val();
+        const password = $("#password").val();
+        const createdDiv = $("#accountCreated");
+        const stayLoggedIn = $("#stayLoggedIn").is(":checked");
+        const btn = $(this);
+
+        hideAlert();
+        btn.prop("disabled", true);
+        btn.html("Logging in… <i class=\"fa fa-spin fa-circle-notch\"></i>");
+        jsCore.apiCall("/user/login", {"username": username, "password": password, "stayLoggedIn": stayLoggedIn }, function(res) {
+            if (res.success) {
+                document.location.reload();
+            } else {
+                btn.html("Login");
+                btn.prop("disabled", false);
+                $("#password").val("");
+                createdDiv.hide();
+                showAlert(res.msg);
+            }
+        });
+    });
+
     $("#btnRegister").click(function (e) {
         e.preventDefault();
         e.stopPropagation();
@@ -43,4 +67,86 @@ $(document).ready(function () {
             });
         }
     });
+
+    $("#btnAcceptInvite").click(function (e) {
+        e.preventDefault();
+        e.stopPropagation();
+
+        let btn = $(this);
+        let token = $("#token").val();
+        let password = $("#password").val();
+        let confirmPassword = $("#confirmPassword").val();
+
+        if(password !== confirmPassword) {
+            showAlert("danger", "Your passwords did not match.");
+        } else {
+            let textBefore = btn.text();
+            let params = { token: token, password: password, confirmPassword: confirmPassword };
+
+            btn.prop("disabled", true);
+            btn.html("Submitting… <i class='fas fa-spin fa-spinner'></i>")
+            jsCore.apiCall("user/acceptInvite", params, (res) => {
+                btn.prop("disabled", false);
+                btn.text(textBefore);
+                if (!res.success) {
+                    showAlert("danger", res.msg);
+                } else {
+                    showAlert("success", "Account successfully created. You may now login.");
+                    $("input").val("");
+                }
+            });
+        }
+    });
+
+    $("#btnRequestPasswordReset").click(function (e) {
+        e.preventDefault();
+        e.stopPropagation();
+
+        let btn = $(this);
+        let email = $("#email").val();
+
+        let textBefore = btn.text();
+        btn.prop("disabled", true);
+        btn.html("Submitting… <i class='fas fa-spin fa-spinner'></i>")
+        jsCore.apiCall("user/requestPasswordReset", { email: email }, (res) => {
+            btn.prop("disabled", false);
+            btn.text(textBefore);
+            if (!res.success) {
+                showAlert("danger", res.msg);
+            } else {
+                showAlert("success", "If the e-mail address exists and is linked to a account, you will receive a password reset token.");
+                $("input").val("");
+            }
+        });
+    });
+
+    $("#btnResetPassword").click(function (e) {
+        e.preventDefault();
+        e.stopPropagation();
+
+        let btn = $(this);
+        let token = $("#token").val();
+        let password = $("#password").val();
+        let confirmPassword = $("#confirmPassword").val();
+
+        if(password !== confirmPassword) {
+            showAlert("danger", "Your passwords did not match.");
+        } else {
+            let textBefore = btn.text();
+            let params = { token: token, password: password, confirmPassword: confirmPassword };
+
+            btn.prop("disabled", true);
+            btn.html("Submitting… <i class='fas fa-spin fa-spinner'></i>")
+            jsCore.apiCall("user/resetPassword", params, (res) => {
+                btn.prop("disabled", false);
+                btn.text(textBefore);
+                if (!res.success) {
+                    showAlert("danger", res.msg);
+                } else {
+                    showAlert("success", "Your password was successfully changed. You may now login.");
+                    $("input").val("");
+                }
+            });
+        }
+    });
 });

js/admin.js

@@ -1,28 +0,0 @@
-$(document).ready(function() {
-
-  // Login
-  $("#username").keypress(function(e) { if(e.which === 13) $("#password").focus(); });
-  $("#password").keypress(function(e) { if(e.which === 13) $("#btnLogin").click(); });
-  $("#btnLogin").click(function() {
-    const username = $("#username").val();
-    const password = $("#password").val();
-    const errorDiv = $("#loginError");
-    const createdDiv = $("#accountCreated");
-    const stayLoggedIn = $("#stayLoggedIn").is(":checked");
-    const btn = $(this);
-
-    errorDiv.hide();
-    btn.prop("disabled", true);
-    btn.html("Logging in… <i class=\"fa fa-spin fa-circle-notch\"></i>");
-    jsCore.apiCall("/user/login", {"username": username, "password": password, "stayLoggedIn": stayLoggedIn }, function(data) {
-      document.location.reload();
-    }, function(err) {
-      btn.html("Login");
-      btn.prop("disabled", false);
-      $("#password").val("");
-      createdDiv.hide();
-      errorDiv.html(err);
-      errorDiv.show();
-    });
-  });
-});

src/src/api.js

@@ -35,8 +35,8 @@ export default class API {
         return data && data.success && data.loggedIn;
     }
 
-    async editUser(id, username, email, password, groups) {
-        return this.apiCall("user/edit", { "id": id, "username": username, "email": email, "password": password, "groups": groups });
+    async editUser(id, username, email, password, groups, confirmed) {
+        return this.apiCall("user/edit", { id: id, username: username, email: email, password: password, groups: groups, confirmed: confirmed });
     }
 
     async logout() {

src/src/views/edituser.js

@@ -43,7 +43,8 @@ export default class EditUser extends React.Component {
                         name: res.user.name,
                         email: res.user.email || "",
                         groups: res.user.groups,
-                        password: ""
+                        password: "",
+                        confirmed: res.user.confirmed
                     }
                 });
                 this.parent.api.fetchGroups(1, 50).then((res) => {
@@ -61,11 +62,15 @@ export default class EditUser extends React.Component {
 
     onChangeInput(event) {
         const target = event.target;
-        const value = target.value;
+        let value = target.value;
         const name = target.name;
 
+        if (target.type === "checkbox") {
+            value = !!target.checked;
+        }
+
         if (name === "search") {
-            this.setState({ ...this.state, searchString: value });
+            this.setState({...this.state, searchString: value});
         } else {
             this.setState({ ...this.state, user: { ...this.state.user, [name]: value } });
         }
@@ -85,9 +90,10 @@ export default class EditUser extends React.Component {
         const email = this.state.user["email"];
         let password = this.state.user["password"].length > 0 ? this.state.user["password"] : null;
         let groups = Object.keys(this.state.user.groups);
+        let confirmed = this.state.user["confirmed"];
 
         this.setState({ ...this.state, isSaving: true});
-        this.parent.api.editUser(id, username, email, password, groups).then((res) => {
+        this.parent.api.editUser(id, username, email, password, groups, confirmed).then((res) => {
             let alerts = this.state.alerts.slice();
 
             if (res.success) {
@@ -262,6 +268,15 @@ export default class EditUser extends React.Component {
                     </span>
                 </div>
 
+                <div className={"form-check"}>
+                    <input type={"checkbox"} className={"form-check-input"}
+                           onChange={this.onChangeInput.bind(this)}
+                           id={"confirmed"} name={"confirmed"} checked={this.state.user.confirmed}/>
+                    <label className={"form-check-label"} htmlFor={"confirmed"}>
+                        Confirmed
+                    </label>
+                </div>
+
                 <Link to={"/admin/users"} className={"btn btn-info mt-2 mr-2"}>
                     <Icon icon={"arrow-left"}/>
                     &nbsp;Back

src/src/views/users.js

@@ -167,6 +167,8 @@ export default class UserOverview extends React.Component {
             }
 
             let user = this.state.users.data[uid];
+            let confirmedIcon = <Icon icon={user["confirmed"] ? "check" : "times"}/>;
+
             let groups = [];
 
             for (let groupId in user.groups) {
@@ -193,6 +195,7 @@ export default class UserOverview extends React.Component {
                             {getPeriodString(user["registered_at"])}
                         </span>
                     </td>
+                    <td className={"text-center"}>{confirmedIcon}</td>
                     <td>
                         <Link to={"/admin/user/edit/" + uid} className={"text-reset"}>
                             <Icon icon={"pencil-alt"} data-effect={"solid"}
@@ -212,6 +215,7 @@ export default class UserOverview extends React.Component {
                     <td/>
                     <td/>
                     <td/>
+                    <td/>
                 </tr>
             );
         }
@@ -251,6 +255,7 @@ export default class UserOverview extends React.Component {
                         <th>Email</th>
                         <th>Groups</th>
                         <th>Registered</th>
+                        <th className={"text-center"}>Confirmed</th>
                         <th><Icon icon={"tools"} /></th>
                     </tr>
                     </thead>