sven/ulogger-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

admin auth handling

Browse Source
This commit is contained in:
Bartek Fabiszewski 2014-09-07 21:19:43 +02:00
parent 5b97b46abc
commit 6796b54794
5 changed files with 45 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README
View File

@ -2,7 +2,8 @@ This is a simple web viewer for GPS tracks uploaded with mobile client.
It is designed to work with Android version of great app TrackMe (http://www.luisespinosa.com/trackme_eng.html), It is designed to work with Android version of great app TrackMe (http://www.luisespinosa.com/trackme_eng.html),
but it should be easy to adjust it for other clients (other database tables). but it should be easy to adjust it for other clients (other database tables).
Interface "look and feel" is based on TrackMe Display (http://forum.xda-developers.com/showthread.php?t=477394). Interface "look and feel" is based on TrackMe Display (http://forum.xda-developers.com/showthread.php?t=477394).
It is possible to switch between Google Maps API and OpenLayers API with OpenStreetMap (any other compatible base layer). It is possible to switch between Google Maps API and OpenLayers API with OpenStreetMap (or any other compatible base layer).
It also supports Backitude client (thanks to markcs: see README_Backitude).
Live demo: Live demo:
- http://flaa.fabiszewski.net/phptrackme/ - http://flaa.fabiszewski.net/phptrackme/

8
auth.php
View File

@ -31,6 +31,7 @@ if ($mysqli->connect_errno) {
} }
$mysqli->set_charset("utf8"); $mysqli->set_charset("utf8");
$auth = NULL; $auth = NULL;
$admin = NULL;
if ($require_authentication) { if ($require_authentication) {
/* authentication */ /* authentication */
session_name('trackme'); session_name('trackme');
@ -38,6 +39,7 @@ if ($require_authentication) {
$sid = session_id(); $sid = session_id();
$auth = (isset($_SESSION['auth']) ? $_SESSION['auth'] : ""); $auth = (isset($_SESSION['auth']) ? $_SESSION['auth'] : "");
$admin = (isset($_SESSION['admin']) ? $_SESSION['admin'] : "");
$user = (isset($_REQUEST['user']) ? $_REQUEST['user'] : ""); $user = (isset($_REQUEST['user']) ? $_REQUEST['user'] : "");
$pass = (isset($_REQUEST['pass']) ? md5($salt.$_REQUEST['pass']) : ""); $pass = (isset($_REQUEST['pass']) ? md5($salt.$_REQUEST['pass']) : "");
$ssl = ((!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "" || $_SERVER['HTTPS'] == "off") ? "http" : "https"); $ssl = ((!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "" || $_SERVER['HTTPS'] == "off") ? "http" : "https");
@ -98,12 +100,10 @@ if ($require_authentication) {
// start new session // start new session
session_name('trackme'); session_name('trackme');
session_start(); session_start();
if (($user==$admin_user) and ($admin_user != "")) { if (($user==$admin_user) && ($admin_user != "")) {
$_SESSION['auth'] = $admin_user; $_SESSION['admin'] = $admin_user;
} }
else {
$_SESSION['auth'] = $rec_ID; $_SESSION['auth'] = $rec_ID;
}
$url = str_replace("//", "/", $_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/index.php"); $url = str_replace("//", "/", $_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/index.php");
header("Location: $ssl://$url"); header("Location: $ssl://$url");
exit; exit;

2
config.php
View File

@ -17,7 +17,7 @@
* License along with this program; if not, write to the Free Software * License along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/ */
$version = "2.2"; $version = "2.3";
// default map drawing framework // default map drawing framework
// (gmaps = google maps, openlayers = openlayers/osm) // (gmaps = google maps, openlayers = openlayers/osm)

46
index.php
View File

@ -20,7 +20,7 @@
require_once("config.php"); require_once("config.php");
require_once("auth.php"); require_once("auth.php");
if (($auth) and ($auth != $admin_user)) { if ($auth && !$admin) {
// get username // get username
$query = "SELECT username FROM users WHERE ID='$auth' LIMIT 1"; $query = "SELECT username FROM users WHERE ID='$auth' LIMIT 1";
$result = $mysqli->query($query); $result = $mysqli->query($query);
@ -33,25 +33,37 @@ if (($auth) and ($auth != $admin_user)) {
else { else {
// free access or admin user // free access or admin user
// prepare user select form // prepare user select form
if (($auth == $admin_user) and ($admin_user != "")) { if ($admin) {
$user = $auth; $user = $admin_user;
$auth = NULL;
} }
$user_form = ' $user_form = '
<u>'.$lang_user.'</u><br /> <u>'.$lang_user.'</u> ';
if ($auth) {
$user_form .= '&nbsp;'.$user.' (<a href="logout.php">'.$lang_logout.'</a>)';
}
$user_form .= '
<br />
<form> <form>
<select name="user" onchange="selectUser(this)"> <select name="user" onchange="selectUser(this)">
<option value="0">'.$lang_suser.'</option>'; <option value="0">'.$lang_suser.'</option>';
// get last position user
$query = "SELECT FK_Users_ID FROM positions ORDER BY DateOccurred LIMIT 1";
$result = $mysqli->query($query);
if ($result->num_rows) {
$last = $result->fetch_row();
$last_id = $last[0];
} else {
$last_id = "";
}
$query = "SELECT ID,username FROM users ORDER BY username"; $query = "SELECT ID,username FROM users ORDER BY username";
$result = $mysqli->query($query); $result = $mysqli->query($query);
while ($row = $result->fetch_assoc()) { while ($row = $result->fetch_assoc()) {
$user_form .= sprintf("<option value=\"%s\">%s</option>\n", $row["ID"], $row["username"]); $user_form .= sprintf("<option %svalue=\"%s\">%s</option>\n", ($row["ID"] == $last_id)?"selected ":"",$row["ID"], $row["username"]);
} }
$user_form .= ' $user_form .= '
</select> </select>
</form> </form>
'; ';
$user_form .= '<u>'.$lang_user.'</u><br />'.$user.' (<a href="logout.php">'.$lang_logout.'</a>)';
} }
// prepare track select form // prepare track select form
@ -59,7 +71,15 @@ $track_form = '
<u>'.$lang_track.'</u><br /> <u>'.$lang_track.'</u><br />
<form> <form>
<select name="track" onchange="selectTrack(this)">'; <select name="track" onchange="selectTrack(this)">';
$query = "SELECT * FROM trips WHERE FK_Users_ID='$auth' ORDER BY ID DESC"; $userid = "";
if ($auth && !$admin) {
// display track of authenticated user
$userid = $auth;
} elseif ($last_id) {
// or user who did last move
$userid = $last_id;
}
$query = "SELECT * FROM trips WHERE FK_Users_ID='$userid' ORDER BY ID DESC";
$result = $mysqli->query($query); $result = $mysqli->query($query);
$trackid = ""; $trackid = "";
@ -115,7 +135,7 @@ print
<link rel="stylesheet" type="text/css" href="main.css" /> <link rel="stylesheet" type="text/css" href="main.css" />
<script> <script>
var interval = '.$interval.'; var interval = '.$interval.';
var userid = '.(($auth)?$auth:-1).'; var userid = '.(($userid)?$userid:-1).';
var trackid = '.(($trackid)?$trackid:-1).'; var trackid = '.(($trackid)?$trackid:-1).';
var lang_user = "'.$lang_user.'"; var lang_user = "'.$lang_user.'";
var lang_time = "'.$lang_time.'"; var lang_time = "'.$lang_time.'";

5
main.js
View File

@ -243,9 +243,13 @@ function getTrips(userid) {
xhr.onreadystatechange = function() { xhr.onreadystatechange = function() {
if (xhr.readyState==4 && xhr.status==200) { if (xhr.readyState==4 && xhr.status==200) {
var xml = xhr.responseXML; var xml = xhr.responseXML;
var trackSelect = document.getElementsByName('track')[0];
clearOptions(trackSelect);
var trips = xml.getElementsByTagName('trip'); var trips = xml.getElementsByTagName('trip');
if (trips.length>0) { if (trips.length>0) {
fillOptions(xml); fillOptions(xml);
} else {
clearMap();
} }
xhr = null; xhr = null;
} }
@ -256,7 +260,6 @@ function getTrips(userid) {
function fillOptions(xml) { function fillOptions(xml) {
var trackSelect = document.getElementsByName('track')[0]; var trackSelect = document.getElementsByName('track')[0];
clearOptions(trackSelect);
var trips = xml.getElementsByTagName('trip'); var trips = xml.getElementsByTagName('trip');
var trpLen = trips.length; var trpLen = trips.length;
for (var i=0; i<trpLen; i++) { for (var i=0; i<trpLen; i++) {