sven/ulogger-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

admin auth handling

Browse Source
This commit is contained in:
Bartek Fabiszewski 2014-09-07 21:19:43 +02:00
parent 5b97b46abc
commit 6796b54794
5 changed files with 45 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README
View File

@ -2,7 +2,8 @@ This is a simple web viewer for GPS tracks uploaded with mobile client.
It is designed to work with Android version of great app TrackMe (http://www.luisespinosa.com/trackme_eng.html),
but it should be easy to adjust it for other clients (other database tables).
Interface "look and feel" is based on TrackMe Display (http://forum.xda-developers.com/showthread.php?t=477394).
It is possible to switch between Google Maps API and OpenLayers API with OpenStreetMap (any other compatible base layer).
It is possible to switch between Google Maps API and OpenLayers API with OpenStreetMap (or any other compatible base layer).
It also supports Backitude client (thanks to markcs: see README_Backitude).
Live demo:
- http://flaa.fabiszewski.net/phptrackme/

10
auth.php
View File

@ -31,6 +31,7 @@ if ($mysqli->connect_errno) {
}
$mysqli->set_charset("utf8");
$auth = NULL;
$admin = NULL;
if ($require_authentication) {
/* authentication */
session_name('trackme');
@ -38,6 +39,7 @@ if ($require_authentication) {
$sid = session_id();
$auth = (isset($_SESSION['auth']) ? $_SESSION['auth'] : "");
$admin = (isset($_SESSION['admin']) ? $_SESSION['admin'] : "");
$user = (isset($_REQUEST['user']) ? $_REQUEST['user'] : "");
$pass = (isset($_REQUEST['pass']) ? md5($salt.$_REQUEST['pass']) : "");
$ssl = ((!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "" || $_SERVER['HTTPS'] == "off") ? "http" : "https");
@ -98,12 +100,10 @@ if ($require_authentication) {
// start new session
session_name('trackme');
session_start();
if (($user==$admin_user) and ($admin_user != "")) {
$_SESSION['auth'] = $admin_user;
}
else {
$_SESSION['auth'] = $rec_ID;
if (($user==$admin_user) && ($admin_user != "")) {
$_SESSION['admin'] = $admin_user;
}
$_SESSION['auth'] = $rec_ID;
$url = str_replace("//", "/", $_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/index.php");
header("Location: $ssl://$url");
exit;

2
config.php
View File

@ -17,7 +17,7 @@
* License along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
$version = "2.2";
$version = "2.3";
// default map drawing framework
// (gmaps = google maps, openlayers = openlayers/osm)

46
index.php
View File

@ -20,7 +20,7 @@
require_once("config.php");
require_once("auth.php");
if (($auth) and ($auth != $admin_user)) {
if ($auth && !$admin) {
// get username
$query = "SELECT username FROM users WHERE ID='$auth' LIMIT 1";
$result = $mysqli->query($query);
@ -33,25 +33,37 @@ if (($auth) and ($auth != $admin_user)) {
else {
// free access or admin user
// prepare user select form
if (($auth == $admin_user) and ($admin_user != "")) {
$user = $auth;
$auth = NULL;
if ($admin) {
$user = $admin_user;
}
$user_form = '
<u>'.$lang_user.'</u><br />
<u>'.$lang_user.'</u> ';
if ($auth) {
$user_form .= '&nbsp;'.$user.' (<a href="logout.php">'.$lang_logout.'</a>)';
}
$user_form .= '
<br />
<form>
<select name="user" onchange="selectUser(this)">
<option value="0">'.$lang_suser.'</option>';
// get last position user
$query = "SELECT FK_Users_ID FROM positions ORDER BY DateOccurred LIMIT 1";
$result = $mysqli->query($query);
if ($result->num_rows) {
$last = $result->fetch_row();
$last_id = $last[0];
} else {
$last_id = "";
}
$query = "SELECT ID,username FROM users ORDER BY username";
$result = $mysqli->query($query);
while ($row = $result->fetch_assoc()) {
$user_form .= sprintf("<option value=\"%s\">%s</option>\n", $row["ID"], $row["username"]);
$user_form .= sprintf("<option %svalue=\"%s\">%s</option>\n", ($row["ID"] == $last_id)?"selected ":"",$row["ID"], $row["username"]);
}
$user_form .= '
</select>
</form>
';
$user_form .= '<u>'.$lang_user.'</u><br />'.$user.' (<a href="logout.php">'.$lang_logout.'</a>)';
$user_form .= '
</select>
</form>
';
}
// prepare track select form
@ -59,7 +71,15 @@ $track_form = '
<u>'.$lang_track.'</u><br />
<form>
<select name="track" onchange="selectTrack(this)">';
$query = "SELECT * FROM trips WHERE FK_Users_ID='$auth' ORDER BY ID DESC";
$userid = "";
if ($auth && !$admin) {
// display track of authenticated user
$userid = $auth;
} elseif ($last_id) {
// or user who did last move
$userid = $last_id;
}
$query = "SELECT * FROM trips WHERE FK_Users_ID='$userid' ORDER BY ID DESC";
$result = $mysqli->query($query);
$trackid = "";
@ -115,7 +135,7 @@ print
<link rel="stylesheet" type="text/css" href="main.css" />
<script>
var interval = '.$interval.';
var userid = '.(($auth)?$auth:-1).';
var userid = '.(($userid)?$userid:-1).';
var trackid = '.(($trackid)?$trackid:-1).';
var lang_user = "'.$lang_user.'";
var lang_time = "'.$lang_time.'";

5
main.js
View File

@ -243,9 +243,13 @@ function getTrips(userid) {
xhr.onreadystatechange = function() {
if (xhr.readyState==4 && xhr.status==200) {
var xml = xhr.responseXML;
var trackSelect = document.getElementsByName('track')[0];
clearOptions(trackSelect);
var trips = xml.getElementsByTagName('trip');
if (trips.length>0) {
fillOptions(xml);
} else {
clearMap();
}
xhr = null;
}
@ -256,7 +260,6 @@ function getTrips(userid) {
function fillOptions(xml) {
var trackSelect = document.getElementsByName('track')[0];
clearOptions(trackSelect);
var trips = xml.getElementsByTagName('trip');
var trpLen = trips.length;
for (var i=0; i<trpLen; i++) {