diff --git a/README b/README
index 888f14e..a609600 100755
--- a/README
+++ b/README
@@ -24,8 +24,9 @@ Features:
Todo
- install script
- custom icons
-- admin page (users management)
+- admin menu (users management)
- track editing
+- track display filters (accurracy, provider)
License
- GPL
diff --git a/adduser.php b/adduser.php
new file mode 100644
index 0000000..ebc4632
--- /dev/null
+++ b/adduser.php
@@ -0,0 +1,92 @@
+openURI("php://output");
+ $xml->startDocument("1.0");
+ $xml->setIndent(true);
+ $xml->startElement('root');
+ $xml->writeElement("error", (int) $isError);
+ if ($isError) {
+ $xml->writeElement("message", $errorMessage);
+ }
+ $xml->endElement();
+ $xml->endDocument();
+ $xml->flush();
+ exit;
+ }
+
+ /**
+ * Check if login is allowed
+ * @param string $login Login
+ */
+ function checkUser($login) {
+ global $mysqli;
+ $sql = "SELECT id FROM users WHERE login = ?";
+ $query = $mysqli->prepare($sql);
+ $query->bind_param('s', $login);
+ $query->execute();
+ if ($query->errno) {
+ exitWithStatus(true, $query->error);
+ }
+ $query->store_result();
+ if ($query->num_rows) {
+ exitWithStatus(true, "User exists");
+ }
+ $query->free_result();
+ $query->close();
+ }
+
+ /**
+ * Add new user to database
+ * @param string $login Login
+ * @param string $hash Password hash
+ */
+ function insertUser($login, $hash) {
+ global $mysqli;
+ $sql = "INSERT INTO users (login, password) VALUES (?, ?)";
+ $query = $mysqli->prepare($sql);
+ $query->bind_param('ss', $login, $hash);
+ $query->execute();
+ if ($query->errno) {
+ exitWithStatus(true, $query->error);
+ $isError = false;
+ }
+ $query->close();
+ }
+
+ $login = isset($_REQUEST['login']) ? trim($_REQUEST['login']) : NULL;
+ $hash = isset($_REQUEST['pass']) ? password_hash($_REQUEST['pass'], PASSWORD_DEFAULT) : NULL;
+ if ($admin && !empty($login) && !empty($hash)) {
+ checkUser($login);
+ insertUser($login, $hash);
+ }
+ exitWithStatus(false);
+
+?>
\ No newline at end of file
diff --git a/admin.js b/admin.js
new file mode 100644
index 0000000..3bc693f
--- /dev/null
+++ b/admin.js
@@ -0,0 +1,79 @@
+/* μlogger
+ *
+ * Copyright(C) 2017 Bartek Fabiszewski (www.fabiszewski.net)
+ *
+ * This is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU Library General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+function showModal(contentHTML) {
+ var div = document.createElement("div");
+ div.setAttribute("id", "modal");
+ div.innerHTML = '';
+ document.body.appendChild(div);
+ var modalBody = document.getElementById('modal-body');
+ modalBody.innerHTML = contentHTML;
+}
+
+function removeModal() {
+ document.body.removeChild(document.getElementById('modal'));
+}
+
+function addUser() {
+ var form = '';
+ showModal(form);
+}
+
+function submitUser() {
+ var form = document.getElementById('userForm');
+ var login = form.elements['login'].value;
+ var pass = form.elements['pass'].value;
+ var pass2 = form.elements['pass2'].value;
+ if (!login || !pass || !pass2) {
+ alert("All fields are required");
+ return;
+ }
+ if (pass != pass2) {
+ alert("Passwords don't match");
+ return;
+ }
+ var xhr = getXHR();
+ xhr.onreadystatechange = function() {
+ if (xhr.readyState==4 && xhr.status==200) {
+ var xml = xhr.responseXML;
+ var message = "";
+ if (xml) {
+ var root = xml.getElementsByTagName('root');
+ if (root.length && getNode(root[0], 'error') == 0) {
+ removeModal();
+ alert("User successfully added");
+ return;
+ }
+ errorMsg = getNode(root[0], 'message');
+ if (errorMsg) { message = errorMsg; }
+ }
+ alert("Something went wrong\n" + message);
+ xhr = null;
+ }
+ }
+ xhr.open('POST', 'adduser.php', true);
+ xhr.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
+ xhr.send('login=' + login + '&pass=' + pass);
+ return;
+}
\ No newline at end of file
diff --git a/auth.php b/auth.php
index 6336edf..7888ca2 100755
--- a/auth.php
+++ b/auth.php
@@ -95,7 +95,7 @@ if ($require_authentication || defined('headless')) {
$query = $mysqli->prepare("SELECT id, login, password FROM users WHERE login=? LIMIT 1");
$query->bind_param('s', $user);
$query->execute();
- $query->bind_result($rec_ID, $rec_user, $rec_pass);
+ $query->bind_result($rec_id, $rec_user, $rec_pass);
$query->fetch();
$query->free_result();
//correct pass
@@ -111,14 +111,9 @@ if ($require_authentication || defined('headless')) {
if (($user == $admin_user) && !empty($admin_user)) {
$_SESSION['admin'] = $admin_user;
}
- $_SESSION['auth'] = $rec_ID;
- if (defined('headless')) {
- $url = str_replace("//", "/", $_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/client/index.php");
- header("Location: $ssl://$url");
- } else {
- $url = str_replace("//", "/", $_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/index.php");
- header("Location: $ssl://$url");
- }
+ $_SESSION['auth'] = $rec_id;
+ $url = str_replace("//", "/", $_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/index.php");
+ header("Location: $ssl://$url");
exit();
} else {
// unsuccessful
diff --git a/config.default.php b/config.default.php
index d1eb250..a47a86f 100755
--- a/config.default.php
+++ b/config.default.php
@@ -57,14 +57,14 @@ $dbname = ""; // database name
// (0 = no, 1 = yes)
$require_authentication = 1;
+// all users tracks are visible to authenticated user
+// (0 = no, 1 = yes)
+$public_tracks = 0;
+
// admin user who has access to all users locations
// none if empty
$admin_user = "";
-// allow automatic registration of new users
-// (0 = no, 1 = yes)
-$allow_registration = 0;
-
// Default interval in seconds for live auto reload
$interval = 10;
diff --git a/index.php b/index.php
index 46afca6..0bce681 100755
--- a/index.php
+++ b/index.php
@@ -19,7 +19,8 @@
*/
require_once("auth.php");
-if ($auth && !$admin) {
+if ($auth && !$admin && !$public_tracks) {
+ // only authorized user tracks
// get username
$query = "SELECT login FROM users WHERE id='$auth' LIMIT 1";
$result = $mysqli->query($query);
@@ -30,7 +31,7 @@ if ($auth && !$admin) {
$user_form = ''.$lang_user.'
'.$user.' ('.$lang_logout.')';
}
else {
- // free access or admin user
+ // public access or admin user
// prepare user select form
if ($admin) {
$user = $admin_user;
@@ -71,7 +72,7 @@ $track_form = '
';
+// admin menu
+$admin_menu = '';
+$admin_script = '';
+if ($admin) {
+ $admin_menu = '
+
+ ';
+ $admin_script = '';
+}
print
'
@@ -176,6 +189,7 @@ else {
';
}
print '
+ '.$admin_script.'