From 6796b54794b275bc2483042030ae3f768d3c9e7f Mon Sep 17 00:00:00 2001 From: Bartek Fabiszewski Date: Sun, 7 Sep 2014 21:19:43 +0200 Subject: [PATCH] admin auth handling --- README | 3 ++- auth.php | 10 +++++----- config.php | 2 +- index.php | 46 +++++++++++++++++++++++++++++++++------------- main.js | 5 ++++- 5 files changed, 45 insertions(+), 21 deletions(-) diff --git a/README b/README index 256d018..d883843 100755 --- a/README +++ b/README @@ -2,7 +2,8 @@ This is a simple web viewer for GPS tracks uploaded with mobile client. It is designed to work with Android version of great app TrackMe (http://www.luisespinosa.com/trackme_eng.html), but it should be easy to adjust it for other clients (other database tables). Interface "look and feel" is based on TrackMe Display (http://forum.xda-developers.com/showthread.php?t=477394). -It is possible to switch between Google Maps API and OpenLayers API with OpenStreetMap (any other compatible base layer). +It is possible to switch between Google Maps API and OpenLayers API with OpenStreetMap (or any other compatible base layer). +It also supports Backitude client (thanks to markcs: see README_Backitude). Live demo: - http://flaa.fabiszewski.net/phptrackme/ diff --git a/auth.php b/auth.php index c3978ef..96a12c3 100755 --- a/auth.php +++ b/auth.php @@ -31,6 +31,7 @@ if ($mysqli->connect_errno) { } $mysqli->set_charset("utf8"); $auth = NULL; +$admin = NULL; if ($require_authentication) { /* authentication */ session_name('trackme'); @@ -38,6 +39,7 @@ if ($require_authentication) { $sid = session_id(); $auth = (isset($_SESSION['auth']) ? $_SESSION['auth'] : ""); + $admin = (isset($_SESSION['admin']) ? $_SESSION['admin'] : ""); $user = (isset($_REQUEST['user']) ? $_REQUEST['user'] : ""); $pass = (isset($_REQUEST['pass']) ? md5($salt.$_REQUEST['pass']) : ""); $ssl = ((!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "" || $_SERVER['HTTPS'] == "off") ? "http" : "https"); @@ -98,12 +100,10 @@ if ($require_authentication) { // start new session session_name('trackme'); session_start(); - if (($user==$admin_user) and ($admin_user != "")) { - $_SESSION['auth'] = $admin_user; - } - else { - $_SESSION['auth'] = $rec_ID; + if (($user==$admin_user) && ($admin_user != "")) { + $_SESSION['admin'] = $admin_user; } + $_SESSION['auth'] = $rec_ID; $url = str_replace("//", "/", $_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/index.php"); header("Location: $ssl://$url"); exit; diff --git a/config.php b/config.php index 534dd3b..4aa40c2 100755 --- a/config.php +++ b/config.php @@ -17,7 +17,7 @@ * License along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -$version = "2.2"; +$version = "2.3"; // default map drawing framework // (gmaps = google maps, openlayers = openlayers/osm) diff --git a/index.php b/index.php index 71ba1d2..ad91269 100755 --- a/index.php +++ b/index.php @@ -20,7 +20,7 @@ require_once("config.php"); require_once("auth.php"); -if (($auth) and ($auth != $admin_user)) { +if ($auth && !$admin) { // get username $query = "SELECT username FROM users WHERE ID='$auth' LIMIT 1"; $result = $mysqli->query($query); @@ -33,25 +33,37 @@ if (($auth) and ($auth != $admin_user)) { else { // free access or admin user // prepare user select form - if (($auth == $admin_user) and ($admin_user != "")) { - $user = $auth; - $auth = NULL; + if ($admin) { + $user = $admin_user; } $user_form = ' - '.$lang_user.'
+ '.$lang_user.' '; + if ($auth) { + $user_form .= ' '.$user.' ('.$lang_logout.')'; + } + $user_form .= ' +
-
-'; - $user_form .= ''.$lang_user.'
'.$user.' ('.$lang_logout.')'; + $user_form .= ' + + + '; } // prepare track select form @@ -59,7 +71,15 @@ $track_form = ' '.$lang_track.'