sven/ulogger-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Move isAdmin flag to database

Browse Source
This commit is contained in:
Bartek Fabiszewski 2020-02-17 18:51:27 +01:00
parent f0516b4f14
commit aa9d507d12
14 changed files with 98 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.docker/init.sh
View File

@ -38,28 +38,28 @@ if [ "$ULOGGER_DB_DRIVER" = "pgsql" ]; then
su postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE ulogger TO ulogger\"" su postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE ulogger TO ulogger\""
su postgres -c "psql -d ulogger -c \"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO ulogger\"" su postgres -c "psql -d ulogger -c \"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO ulogger\""
su postgres -c "psql -d ulogger -c \"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO ulogger\"" su postgres -c "psql -d ulogger -c \"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO ulogger\""
su postgres -c "psql -d ulogger -c \"INSERT INTO users (login, password) VALUES ('admin', '\\\$2y\\\$10\\\$7OvZrKgonVZM9lkzrTbiou.CVhO3HjPk5y0W9L68fVwPs/osBRIMq')\"" su postgres -c "psql -d ulogger -c \"INSERT INTO users (login, password, admin) VALUES ('${ULOGGER_ADMIN_USER}', '\\\$2y\\\$10\\\$7OvZrKgonVZM9lkzrTbiou.CVhO3HjPk5y0W9L68fVwPs/osBRIMq', TRUE)\""
su postgres -c "pg_ctl -w stop" su postgres -c "pg_ctl -w stop"
sed -i "s/^\$dbdsn = .*$/\$dbdsn = \"pgsql:host=localhost;port=5432;dbname=ulogger\";/" /var/www/html/config.php sed -i "s/^\$dbdsn = .*$/\$dbdsn = \"pgsql:host=localhost;port=5432;dbname=ulogger\";/" /var/www/html/config.php
elif [ "$ULOGGER_DB_DRIVER" = "sqlite" ]; then elif [ "$ULOGGER_DB_DRIVER" = "sqlite" ]; then
mkdir -p /data/sqlite mkdir -p /data/sqlite
chown -R nobody:nobody /data chown -R nobody:nobody /data
sqlite3 -init /var/www/html/scripts/ulogger.sqlite /data/sqlite/ulogger.db .exit sqlite3 -init /var/www/html/scripts/ulogger.sqlite /data/sqlite/ulogger.db .exit
sqlite3 -line /data/ulogger.db "INSERT INTO users (login, password) VALUES ('admin', '\$2y\$10\$7OvZrKgonVZM9lkzrTbiou.CVhO3HjPk5y0W9L68fVwPs/osBRIMq')" sqlite3 -line /data/ulogger.db "INSERT INTO users (login, password, admin) VALUES ('${ULOGGER_ADMIN_USER}', '\$2y\$10\$7OvZrKgonVZM9lkzrTbiou.CVhO3HjPk5y0W9L68fVwPs/osBRIMq', 1)"
sed -i "s/^\$dbdsn = .*$/\$dbdsn = \"sqlite:\/data\/sqlite\/ulogger.db\";/" /var/www/html/config.php sed -i "s/^\$dbdsn = .*$/\$dbdsn = \"sqlite:\/data\/sqlite\/ulogger.db\";/" /var/www/html/config.php
else else
mkdir -p /run/mysqld mkdir -p /run/mysqld
chown mysql:mysql /run/mysqld chown mysql:mysql /run/mysqld
mysql_install_db --user=mysql --datadir=/data mysql_install_db --user=mysql --datadir=/data
mysqld_safe --datadir=/data & mysqld_safe --datadir=/data &
mysqladmin --silent --wait=30 ping mysqladmin --silent --wait=30 ping
mysqladmin -u root password "${DB_ROOT_PASS}" mysqladmin -u root password "${DB_ROOT_PASS}"
mysql -u root -p"${DB_ROOT_PASS}" < /var/www/html/scripts/ulogger.sql mysql -u root -p"${DB_ROOT_PASS}" < /var/www/html/scripts/ulogger.mysql
mysql -u root -p"${DB_ROOT_PASS}" -e "CREATE USER 'ulogger'@'localhost' IDENTIFIED BY '${DB_USER_PASS}'" mysql -u root -p"${DB_ROOT_PASS}" -e "CREATE USER 'ulogger'@'localhost' IDENTIFIED BY '${DB_USER_PASS}'"
mysql -u root -p"${DB_ROOT_PASS}" -e "GRANT ALL PRIVILEGES ON ulogger.* TO 'ulogger'@'localhost'" mysql -u root -p"${DB_ROOT_PASS}" -e "GRANT ALL PRIVILEGES ON ulogger.* TO 'ulogger'@'localhost'"
mysql -u root -p"${DB_ROOT_PASS}" -e "CREATE USER 'ulogger'@'%' IDENTIFIED BY '${DB_USER_PASS}'" mysql -u root -p"${DB_ROOT_PASS}" -e "CREATE USER 'ulogger'@'%' IDENTIFIED BY '${DB_USER_PASS}'"
mysql -u root -p"${DB_ROOT_PASS}" -e "GRANT ALL PRIVILEGES ON ulogger.* TO 'ulogger'@'%'" mysql -u root -p"${DB_ROOT_PASS}" -e "GRANT ALL PRIVILEGES ON ulogger.* TO 'ulogger'@'%'"
mysql -u root -p"${DB_ROOT_PASS}" -e "INSERT INTO users (login, password) VALUES ('admin', '\$2y\$10\$7OvZrKgonVZM9lkzrTbiou.CVhO3HjPk5y0W9L68fVwPs/osBRIMq')" ulogger mysql -u root -p"${DB_ROOT_PASS}" -e "INSERT INTO users (login, password, admin) VALUES ('${ULOGGER_ADMIN_USER}', '\$2y\$10\$7OvZrKgonVZM9lkzrTbiou.CVhO3HjPk5y0W9L68fVwPs/osBRIMq', TRUE)" ulogger
mysqladmin -u root -p"${DB_ROOT_PASS}" shutdown mysqladmin -u root -p"${DB_ROOT_PASS}" shutdown
sed -i "s/^\$dbdsn = .*$/\$dbdsn = \"mysql:host=localhost;port=3306;dbname=ulogger;charset=utf8\";/" /var/www/html/config.php sed -i "s/^\$dbdsn = .*$/\$dbdsn = \"mysql:host=localhost;port=3306;dbname=ulogger;charset=utf8\";/" /var/www/html/config.php
fi fi

1
.docker/run.sh
View File

@ -1,7 +1,6 @@
#!/bin/sh #!/bin/sh
# set config variables # set config variables
sed -i "s/^\$admin_user = .*$/\$admin_user = \"${ULOGGER_ADMIN_USER}\";/" /var/www/html/config.php
sed -i "s/^\$pass_strength = .*$/\$pass_strength = ${ULOGGER_PASS_STRENGTH};/" /var/www/html/config.php sed -i "s/^\$pass_strength = .*$/\$pass_strength = ${ULOGGER_PASS_STRENGTH};/" /var/www/html/config.php
sed -i "s/^\$pass_lenmin = .*$/\$pass_lenmin = ${ULOGGER_PASS_LENMIN};/" /var/www/html/config.php sed -i "s/^\$pass_lenmin = .*$/\$pass_lenmin = ${ULOGGER_PASS_LENMIN};/" /var/www/html/config.php
sed -i "s/^\$require_authentication = .*$/\$require_authentication = ${ULOGGER_REQUIRE_AUTHENTICATION};/" /var/www/html/config.php sed -i "s/^\$require_authentication = .*$/\$require_authentication = ${ULOGGER_REQUIRE_AUTHENTICATION};/" /var/www/html/config.php

2
.tests/fixtures/fixture_admin.xml
View File

@ -1,6 +1,6 @@
<?xml version="1.0" ?> <?xml version="1.0" ?>
<dataset> <dataset>
<users id="1" login="admin" password="$2y$10$7OvZrKgonVZM9lkzrTbiou.CVhO3HjPk5y0W9L68fVwPs/osBRIMq" /> <users id="1" login="admin" password="$2y$10$7OvZrKgonVZM9lkzrTbiou.CVhO3HjPk5y0W9L68fVwPs/osBRIMq" admin="1" />
<tracks /> <tracks />
<positions /> <positions />
</dataset> </dataset>

28
.tests/lib/BaseDatabaseTestCase.php
View File

@ -1,5 +1,4 @@
<?php <?php
use PHPUnit\Framework\TestCase;
if (!defined("ROOT_DIR")) { define("ROOT_DIR", __DIR__ . "/../.."); } if (!defined("ROOT_DIR")) { define("ROOT_DIR", __DIR__ . "/../.."); }
@ -8,11 +7,11 @@ abstract class BaseDatabaseTestCase extends PHPUnit_Extensions_Database_TestCase
/** /**
* @var PDO $pdo * @var PDO $pdo
*/ */
static private $pdo = null; static private $pdo;
/** /**
* @var PHPUnit_Extensions_Database_DB_IDatabaseConnection $conn * @var PHPUnit_Extensions_Database_DB_IDatabaseConnection $conn
*/ */
private $conn = null; private $conn;
static private $driver = "mysql"; static private $driver = "mysql";
protected $testUser = "testUser"; protected $testUser = "testUser";
@ -28,7 +27,7 @@ abstract class BaseDatabaseTestCase extends PHPUnit_Extensions_Database_TestCase
protected $testTrackName = "test track"; protected $testTrackName = "test track";
protected $testTrackComment = "test track comment"; protected $testTrackComment = "test track comment";
protected $testTimestamp = 1502974402; protected $testTimestamp = 1502974402;
protected $testLat = 0; protected $testLat = 0.0;
protected $testLon = 10.604001083; protected $testLon = 10.604001083;
protected $testAltitude = 10.01; protected $testAltitude = 10.01;
protected $testSpeed = 10.01; protected $testSpeed = 10.01;
@ -93,17 +92,17 @@ abstract class BaseDatabaseTestCase extends PHPUnit_Extensions_Database_TestCase
} }
protected function resetAutoincrement($users = 1, $tracks = 1, $positions = 1) { protected function resetAutoincrement($users = 1, $tracks = 1, $positions = 1) {
if (self::$driver == "pgsql") { if (self::$driver === "pgsql") {
self::$pdo->query("ALTER SEQUENCE users_id_seq RESTART WITH $users"); self::$pdo->exec("ALTER SEQUENCE users_id_seq RESTART WITH $users");
self::$pdo->query("ALTER SEQUENCE tracks_id_seq RESTART WITH $tracks"); self::$pdo->exec("ALTER SEQUENCE tracks_id_seq RESTART WITH $tracks");
self::$pdo->query("ALTER SEQUENCE positions_id_seq RESTART WITH $positions"); self::$pdo->exec("ALTER SEQUENCE positions_id_seq RESTART WITH $positions");
} else if (self::$driver == "sqlite") { } else if (self::$driver === "sqlite") {
$retry = 1; $retry = 1;
do { do {
try { try {
self::$pdo->query("DELETE FROM sqlite_sequence WHERE NAME = 'users'"); self::$pdo->exec("DELETE FROM sqlite_sequence WHERE NAME = 'users'");
self::$pdo->query("DELETE FROM sqlite_sequence WHERE NAME = 'tracks'"); self::$pdo->exec("DELETE FROM sqlite_sequence WHERE NAME = 'tracks'");
self::$pdo->query("DELETE FROM sqlite_sequence WHERE NAME = 'positions'"); self::$pdo->exec("DELETE FROM sqlite_sequence WHERE NAME = 'positions'");
$retry = 0; $retry = 0;
} catch (Exception $e) { } catch (Exception $e) {
// sqlite raises error when db schema changes in another connection. // sqlite raises error when db schema changes in another connection.
@ -175,12 +174,13 @@ abstract class BaseDatabaseTestCase extends PHPUnit_Extensions_Database_TestCase
* *
* @param string $user User login * @param string $user User login
* @param string $pass User password * @param string $pass User password
* @param bool $isAdmin User is admin
* @return int|bool User id or false on error * @return int|bool User id or false on error
*/ */
protected function addTestUser($user = NULL, $pass = NULL) { protected function addTestUser($user = NULL, $pass = NULL, $isAdmin = false) {
if (is_null($user)) { $user = $this->testUser; } if (is_null($user)) { $user = $this->testUser; }
if (is_null($pass)) { $pass = $this->testPass; } if (is_null($pass)) { $pass = $this->testPass; }
$id = $this->pdoInsert('users', [ 'login' => $user, 'password' => $pass ]); $id = $this->pdoInsert('users', [ 'login' => $user, 'password' => $pass, 'admin' => (int) $isAdmin ]);
if ($id !== false) { if ($id !== false) {
return (int) $id; return (int) $id;
} }

19
.tests/tests/AuthTest.php
View File

@ -1,5 +1,4 @@
<?php <?php
use PHPUnit\Framework\TestCase;
require_once(__DIR__ . "/../../helpers/auth.php"); require_once(__DIR__ . "/../../helpers/auth.php");
require_once(__DIR__ . "/../lib/UloggerDatabaseTestCase.php"); require_once(__DIR__ . "/../lib/UloggerDatabaseTestCase.php");
@ -22,10 +21,10 @@ class AuthTest extends UloggerDatabaseTestCase {
$auth = new uAuth(); $auth = new uAuth();
$auth->checkLogin($this->testUser, $this->testPass); $auth->checkLogin($this->testUser, $this->testPass);
$this->assertTrue($auth->isAuthenticated(), "Not authenticated"); $this->assertTrue($auth->isAuthenticated(), "Not authenticated");
$this->assertTrue($auth->user instanceof uUser, "User variable not set"); $this->assertInstanceOf(uUser::class, $auth->user, "User variable not set");
$this->assertEquals($this->testUser, $auth->user->login, "Wrong login"); $this->assertEquals($this->testUser, $auth->user->login, "Wrong login");
$this->assertEquals($_SESSION["user"]->login, $auth->user->login, "Wrong login"); $this->assertEquals($_SESSION["user"]->login, $auth->user->login, "Wrong login");
$this->assertTrue($_SESSION["user"] instanceof uUser, "User not set in session"); $this->assertInstanceOf(uUser::class, $_SESSION["user"], "User not set in session");
} }
/** /**
@ -38,7 +37,7 @@ class AuthTest extends UloggerDatabaseTestCase {
$auth = new uAuth(); $auth = new uAuth();
$auth->checkLogin($this->testUser, "badPass"); $auth->checkLogin($this->testUser, "badPass");
$this->assertFalse($auth->isAuthenticated(), "Should not be authenticated"); $this->assertFalse($auth->isAuthenticated(), "Should not be authenticated");
$this->assertTrue(is_null($auth->user), "User not null"); $this->assertInternalType('null', $auth->user, "User not null");
} }
/** /**
@ -51,7 +50,7 @@ class AuthTest extends UloggerDatabaseTestCase {
$auth = new uAuth(); $auth = new uAuth();
$auth->checkLogin("", $this->testPass); $auth->checkLogin("", $this->testPass);
$this->assertFalse($auth->isAuthenticated(), "Should not be authenticated"); $this->assertFalse($auth->isAuthenticated(), "Should not be authenticated");
$this->assertTrue(is_null($auth->user), "User not null"); $this->assertInternalType('null', $auth->user, "User not null");
} }
/** /**
@ -63,7 +62,7 @@ class AuthTest extends UloggerDatabaseTestCase {
$auth = new uAuth(); $auth = new uAuth();
$this->assertFalse($auth->isAuthenticated(), "Should not be authenticated"); $this->assertFalse($auth->isAuthenticated(), "Should not be authenticated");
$this->assertTrue(is_null($auth->user), "User not null"); $this->assertInternalType('null', $auth->user, "User not null");
} }
/** /**
@ -109,7 +108,7 @@ class AuthTest extends UloggerDatabaseTestCase {
/** /**
* @runInSeparateProcess * @runInSeparateProcess
*/ */
public function testNotIsAdmin() { public function testIsNotAdmin() {
$this->addTestUser($this->testUser, password_hash($this->testPass, PASSWORD_DEFAULT)); $this->addTestUser($this->testUser, password_hash($this->testPass, PASSWORD_DEFAULT));
$this->assertEquals(1, $this->getConnection()->getRowCount('users'), "Wrong row count"); $this->assertEquals(1, $this->getConnection()->getRowCount('users'), "Wrong row count");
@ -123,15 +122,13 @@ class AuthTest extends UloggerDatabaseTestCase {
* @runInSeparateProcess * @runInSeparateProcess
*/ */
public function testIsAdmin() { public function testIsAdmin() {
$this->addTestUser($this->testUser, password_hash($this->testPass, PASSWORD_DEFAULT)); $this->addTestUser($this->testUser, password_hash($this->testPass, PASSWORD_DEFAULT), true);
$this->assertEquals(1, $this->getConnection()->getRowCount('users'), "Wrong row count"); $this->assertEquals(1, $this->getConnection()->getRowCount('users'), "Wrong row count");
uConfig::$admin_user = $this->testUser;
@$auth = new uAuth(); @$auth = new uAuth();
$auth->checkLogin($this->testUser, $this->testPass); $auth->checkLogin($this->testUser, $this->testPass);
$this->assertTrue($auth->isAuthenticated(), "Should be authenticated"); $this->assertTrue($auth->isAuthenticated(), "Should be authenticated");
$this->assertTrue($auth->isAdmin(), "Should not be admin"); $this->assertTrue($auth->isAdmin(), "Should be admin");
} }
} }

14
.tests/tests/UserTest.php
View File

@ -1,5 +1,4 @@
<?php <?php
use PHPUnit\Framework\TestCase;
require_once(__DIR__ . "/../lib/UloggerDatabaseTestCase.php"); require_once(__DIR__ . "/../lib/UloggerDatabaseTestCase.php");
require_once(__DIR__ . "/../../helpers/user.php"); require_once(__DIR__ . "/../../helpers/user.php");
@ -57,17 +56,20 @@ class UserTest extends UloggerDatabaseTestCase {
$this->assertEquals(2, $this->getConnection()->getRowCount('users'), "Wrong row count"); $this->assertEquals(2, $this->getConnection()->getRowCount('users'), "Wrong row count");
$userArr = uUser::getAll(); $userArr = uUser::getAll();
$this->assertEquals(2, count($userArr), "Wrong array size"); $this->assertCount(2, $userArr, "Wrong array size");
$this->assertTrue($userArr[0] instanceof uUser, "Wrong array member"); $this->assertInstanceOf(uUser::class, $userArr[0], "Wrong array member");
} }
public function testIsAdmin() { public function testIsAdmin() {
$this->addTestUser($this->testUser, NULL, true);
$user = new uUser($this->testUser);
$this->assertTrue($user->isAdmin, "User should be admin");
}
public function testIsNotAdmin() {
$this->addTestUser($this->testUser); $this->addTestUser($this->testUser);
$user = new uUser($this->testUser); $user = new uUser($this->testUser);
$this->assertFalse($user->isAdmin, "User should not be admin"); $this->assertFalse($user->isAdmin, "User should not be admin");
uConfig::$admin_user = $this->testUser;
$user = new uUser($this->testUser);
$this->assertTrue($user->isAdmin, "User should be admin");
} }
public function testIsValid() { public function testIsValid() {

7
README.md
View File

@ -42,6 +42,13 @@ Together with a dedicated [μlogger mobile client](https://github.com/bfabiszews
- You may also want to set your new user as an [admin in config file](https://github.com/bfabiszewski/ulogger-server/blob/v0.2/config.default.php#L67). - You may also want to set your new user as an [admin in config file](https://github.com/bfabiszewski/ulogger-server/blob/v0.2/config.default.php#L67).
- Folders `.docker/` and `.tests/` as well as composer files are needed only for development. May be safely removed. - Folders `.docker/` and `.tests/` as well as composer files are needed only for development. May be safely removed.
## Upgrade to version 1.x
- TODO: convert following notes to migration script
- Database changes:
- `ALTER TABLE positions CHANGE image_id image VARCHAR(100) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL`
- `ALTER TABLE users ADD admin BOOLEAN NOT NULL DEFAULT FALSE AFTER password`
- modify admin user entry in `users` table: set `admin` to `true`
## Docker ## Docker
- Run `docker run --name ulogger -p 8080:80 -d bfabiszewski/ulogger` and access `http://localhost:8080` in your browser. Log in with `admin`:`admin` credentials and change default password. - Run `docker run --name ulogger -p 8080:80 -d bfabiszewski/ulogger` and access `http://localhost:8080` in your browser. Log in with `admin`:`admin` credentials and change default password.
- Optional configuration options with ENV variables, for list see [Dockerfile](https://github.com/bfabiszewski/ulogger-server/blob/master/Dockerfile). The variables correspond to main μlogger configuration parameteres. - Optional configuration options with ENV variables, for list see [Dockerfile](https://github.com/bfabiszewski/ulogger-server/blob/master/Dockerfile). The variables correspond to main μlogger configuration parameteres.

7
config.default.php
View File

@ -55,13 +55,6 @@ $require_authentication = 1;
// (0 = no, 1 = yes) // (0 = no, 1 = yes)
$public_tracks = 0; $public_tracks = 0;
// admin user, who
// - can add new users
// - can edit all tracks, users
// - has access to all users locations
// none if empty
$admin_user = "";
// miniumum required length of user password // miniumum required length of user password
$pass_lenmin = 12; $pass_lenmin = 12;

44
helpers/config.php
View File

@ -30,69 +30,69 @@
/** /**
* @var string Version number * @var string Version number
*/ */
static $version = "1.0-beta"; public static $version = "1.0-beta";
/** /**
* @var string Default map drawing framework * @var string Default map drawing framework
*/ */
static $mapapi = "openlayers"; public static $mapapi = "openlayers";
/** /**
* @var string|null Google maps key * @var string|null Google maps key
*/ */
static $gkey = null; public static $gkey;
/** /**
* @var array Openlayers additional map layers * @var array Openlayers additional map layers
*/ */
static $ol_layers = []; public static $ol_layers = [];
/** /**
* @var float Default latitude for initial map * @var float Default latitude for initial map
*/ */
static $init_latitude = 52.23; public static $init_latitude = 52.23;
/** /**
* @var float Default longitude for initial map * @var float Default longitude for initial map
*/ */
static $init_longitude = 21.01; public static $init_longitude = 21.01;
/** /**
* @var string Database dsn * @var string Database dsn
*/ */
static $dbdsn = ""; public static $dbdsn = "";
/** /**
* @var string Database user * @var string Database user
*/ */
static $dbuser = ""; public static $dbuser = "";
/** /**
* @var string Database pass * @var string Database pass
*/ */
static $dbpass = ""; public static $dbpass = "";
/** /**
* @var string Optional table names prefix, eg. "ulogger_" * @var string Optional table names prefix, eg. "ulogger_"
*/ */
static $dbprefix = ""; public static $dbprefix = "";
/** /**
* @var bool Require login/password authentication * @var bool Require login/password authentication
*/ */
static $require_authentication = true; public static $require_authentication = true;
/** /**
* @var bool All users tracks are visible to authenticated user * @var bool All users tracks are visible to authenticated user
*/ */
static $public_tracks = false; public static $public_tracks = false;
/** /**
* @var string Admin user who has access to all users locations * @var string Admin user who has access to all users locations
* none if empty * none if empty
*/ */
static $admin_user = ""; public static $admin_user = "";
/** /**
* @var int Miniumum required length of user password * @var int Miniumum required length of user password
*/ */
static $pass_lenmin = 12; public static $pass_lenmin = 12;
/** /**
* @var int Required strength of user password * @var int Required strength of user password
@ -101,35 +101,35 @@
* 2 = require mixed case and numbers * 2 = require mixed case and numbers
* 3 = require mixed case, numbers and non-alphanumeric characters * 3 = require mixed case, numbers and non-alphanumeric characters
*/ */
static $pass_strength = 2; public static $pass_strength = 2;
/** /**
* @var int Default interval in seconds for live auto reload * @var int Default interval in seconds for live auto reload
*/ */
static $interval = 10; public static $interval = 10;
/** /**
* @var string Default language code * @var string Default language code
*/ */
static $lang = "en"; public static $lang = "en";
/** /**
* @var string Default units * @var string Default units
*/ */
static $units = "metric"; public static $units = "metric";
/** /**
* @var int Stroke weight * @var int Stroke weight
*/ */
static $strokeWeight = 2; public static $strokeWeight = 2;
/** /**
* @var string Stroke color * @var string Stroke color
*/ */
static $strokeColor = '#ff0000'; public static $strokeColor = '#ff0000';
/** /**
* @var int Stroke opacity * @var int Stroke opacity
*/ */
static $strokeOpacity = 1; public static $strokeOpacity = 1;
private static $fileLoaded = false; private static $fileLoaded = false;
@ -138,7 +138,7 @@
/** /**
* Static initializer * Static initializer
*/ */
static public function init() { public static function init() {
if (!self::$initialized) { if (!self::$initialized) {
self::setFromFile(); self::setFromFile();
self::setFromCookies(); self::setFromCookies();

39
helpers/user.php
View File

@ -42,15 +42,15 @@
public function __construct($login = NULL) { public function __construct($login = NULL) {
if (!empty($login)) { if (!empty($login)) {
try { try {
$query = "SELECT id, login, password FROM " . self::db()->table('users') . " WHERE login = ? LIMIT 1"; $query = "SELECT id, login, password, admin FROM " . self::db()->table('users') . " WHERE login = ? LIMIT 1";
$stmt = self::db()->prepare($query); $stmt = self::db()->prepare($query);
$stmt->execute([ $login ]); $stmt->execute([ $login ]);
$stmt->bindColumn('id', $this->id, PDO::PARAM_INT); $stmt->bindColumn('id', $this->id, PDO::PARAM_INT);
$stmt->bindColumn('login', $this->login); $stmt->bindColumn('login', $this->login);
$stmt->bindColumn('password', $this->hash); $stmt->bindColumn('password', $this->hash);
$stmt->bindColumn('admin', $this->isAdmin, PDO::PARAM_BOOL);
if ($stmt->fetch(PDO::FETCH_BOUND)) { if ($stmt->fetch(PDO::FETCH_BOUND)) {
$this->isValid = true; $this->isValid = true;
$this->isAdmin = self::isAdmin($this->login);
} }
} catch (PDOException $e) { } catch (PDOException $e) {
// TODO: handle exception // TODO: handle exception
@ -68,22 +68,23 @@
return uDb::getInstance(); return uDb::getInstance();
} }
/** /**
* Add new user * Add new user
* *
* @param string $login Login * @param string $login Login
* @param string $pass Password * @param string $pass Password
* @return int|bool New user id, false on error * @param bool $isAdmin Is admin
*/ * @return int|bool New user id, false on error
public static function add($login, $pass) { */
public static function add($login, $pass, $isAdmin = false) {
$userid = false; $userid = false;
if (!empty($login) && !empty($pass) && self::validPassStrength($pass)) { if (!empty($login) && !empty($pass) && self::validPassStrength($pass)) {
$hash = password_hash($pass, PASSWORD_DEFAULT); $hash = password_hash($pass, PASSWORD_DEFAULT);
$table = self::db()->table('users'); $table = self::db()->table('users');
try { try {
$query = "INSERT INTO $table (login, password) VALUES (?, ?)"; $query = "INSERT INTO $table (login, password, admin) VALUES (?, ?, ?)";
$stmt = self::db()->prepare($query); $stmt = self::db()->prepare($query);
$stmt->execute([ $login, $hash ]); $stmt->execute([ $login, $hash, (int) $isAdmin ]);
$userid = (int) self::db()->lastInsertId("${table}_id_seq"); $userid = (int) self::db()->lastInsertId("${table}_id_seq");
} catch (PDOException $e) { } catch (PDOException $e) {
// TODO: handle exception // TODO: handle exception
@ -199,7 +200,7 @@
*/ */
public static function getAll() { public static function getAll() {
try { try {
$query = "SELECT id, login, password FROM " . self::db()->table('users') . " ORDER BY login"; $query = "SELECT id, login, password, admin FROM " . self::db()->table('users') . " ORDER BY login";
$result = self::db()->query($query); $result = self::db()->query($query);
$userArr = []; $userArr = [];
while ($row = $result->fetch()) { while ($row = $result->fetch()) {
@ -224,19 +225,9 @@
$user->id = $row['id']; $user->id = $row['id'];
$user->login = $row['login']; $user->login = $row['login'];
$user->hash = $row['password']; $user->hash = $row['password'];
$user->isAdmin = self::isAdmin($row['login']); $user->isAdmin = (bool) $row['admin'];
$user->isValid = true; $user->isValid = true;
return $user; return $user;
} }
/**
* Is given login admin user
*
* @param string $login Login
* @return bool True if admin, false otherwise
*/
private static function isAdmin($login) {
return (!empty(uConfig::$admin_user) && uConfig::$admin_user == $login);
}
} }
?> ?>

20
scripts/setup.php
View File

@ -24,6 +24,7 @@ $enabled = false;
/* -------------------------------------------- */ /* -------------------------------------------- */
/* no user modifications should be needed below */ /* no user modifications should be needed below */
/** @noinspection ConstantCanBeUsedInspection */
if (version_compare(PHP_VERSION, "5.4.0", "<")) { if (version_compare(PHP_VERSION, "5.4.0", "<")) {
die("Sorry, ulogger will not work with PHP version lower than 5.4 (you have " . PHP_VERSION . ")"); die("Sorry, ulogger will not work with PHP version lower than 5.4 (you have " . PHP_VERSION . ")");
} }
@ -63,7 +64,7 @@ switch ($command) {
$queries = getQueries($pdo->getAttribute(PDO::ATTR_DRIVER_NAME)); $queries = getQueries($pdo->getAttribute(PDO::ATTR_DRIVER_NAME));
$pdo->beginTransaction(); $pdo->beginTransaction();
foreach ($queries as $query) { foreach ($queries as $query) {
$pdo->query($query); $pdo->exec($query);
} }
$pdo->commit(); $pdo->commit();
} catch (PDOException $e) { } catch (PDOException $e) {
@ -90,7 +91,7 @@ switch ($command) {
$login = uUtils::postString("login"); $login = uUtils::postString("login");
$pass = uUtils::postPass("pass"); $pass = uUtils::postPass("pass");
if (uUser::add($login, $pass) !== false) { if (uUser::add($login, $pass, true) !== false) {
$messages[] = "<span class=\"ok\">{$langSetup["congratulations"]}</span>"; $messages[] = "<span class=\"ok\">{$langSetup["congratulations"]}</span>";
$messages[] = $langSetup["setupcomplete"]; $messages[] = $langSetup["setupcomplete"];
$messages[] = "<span class=\"warn\">{$langSetup["disablewarn"]}</span><br>"; $messages[] = "<span class=\"warn\">{$langSetup["disablewarn"]}</span><br>";
@ -123,7 +124,7 @@ switch ($command) {
$messages[] = "<form method=\"post\" action=\"setup.php\"><button>{$langSetup["restartbutton"]}</button></form>"; $messages[] = "<form method=\"post\" action=\"setup.php\"><button>{$langSetup["restartbutton"]}</button></form>";
break; break;
} }
if (ini_get("session.auto_start") == "1") { if (ini_get("session.auto_start") === "1") {
$messages[] = sprintf($langSetup["optionwarn"], "session.auto_start", "0 (off)"); $messages[] = sprintf($langSetup["optionwarn"], "session.auto_start", "0 (off)");
$messages[] = $langSetup["dorestart"]; $messages[] = $langSetup["dorestart"];
$messages[] = "<form method=\"post\" action=\"setup.php\"><button>{$langSetup["restartbutton"]}</button></form>"; $messages[] = "<form method=\"post\" action=\"setup.php\"><button>{$langSetup["restartbutton"]}</button></form>";
@ -182,7 +183,8 @@ function getQueries($dbDriver) {
$queries[] = "CREATE TABLE `$tUsers` ( $queries[] = "CREATE TABLE `$tUsers` (
`id` int(11) NOT NULL AUTO_INCREMENT PRIMARY KEY, `id` int(11) NOT NULL AUTO_INCREMENT PRIMARY KEY,
`login` varchar(15) CHARACTER SET latin1 NOT NULL UNIQUE, `login` varchar(15) CHARACTER SET latin1 NOT NULL UNIQUE,
`password` varchar(255) CHARACTER SET latin1 NOT NULL DEFAULT '' `password` varchar(255) CHARACTER SET latin1 NOT NULL DEFAULT '',
`admin` boolean NOT NULL DEFAULT FALSE
) ENGINE=InnoDB DEFAULT CHARSET=utf8"; ) ENGINE=InnoDB DEFAULT CHARSET=utf8";
@ -224,7 +226,8 @@ function getQueries($dbDriver) {
$queries[] = "CREATE TABLE $tUsers ( $queries[] = "CREATE TABLE $tUsers (
id SERIAL PRIMARY KEY, id SERIAL PRIMARY KEY,
login VARCHAR(15) NOT NULL UNIQUE, login VARCHAR(15) NOT NULL UNIQUE,
password VARCHAR(255) NOT NULL DEFAULT '' password VARCHAR(255) NOT NULL DEFAULT '',
admin BOOLEAN NOT NULL DEFAULT FALSE
)"; )";
$queries[] = "CREATE TABLE $tTracks ( $queries[] = "CREATE TABLE $tTracks (
@ -265,7 +268,8 @@ function getQueries($dbDriver) {
$queries[] = "CREATE TABLE `$tUsers` ( $queries[] = "CREATE TABLE `$tUsers` (
`id` integer PRIMARY KEY AUTOINCREMENT, `id` integer PRIMARY KEY AUTOINCREMENT,
`login` varchar(15) NOT NULL UNIQUE, `login` varchar(15) NOT NULL UNIQUE,
`password` varchar(255) NOT NULL DEFAULT '' `password` varchar(255) NOT NULL DEFAULT '',
`admin` integer NOT NULL DEFAULT 0
)"; )";
$queries[] = "CREATE TABLE `$tTracks` ( $queries[] = "CREATE TABLE `$tTracks` (
`id` integer PRIMARY KEY AUTOINCREMENT, `id` integer PRIMARY KEY AUTOINCREMENT,
@ -309,8 +313,7 @@ function getQueries($dbDriver) {
*/ */
function getPdo() { function getPdo() {
$options = [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]; $options = [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION];
$pdo = new PDO(uConfig::$dbdsn, uConfig::$dbuser, uConfig::$dbpass, $options); return new PDO(uConfig::$dbdsn, uConfig::$dbuser, uConfig::$dbpass, $options);
return $pdo;
} }
?> ?>
@ -355,6 +358,7 @@ function getPdo() {
color: #00e700; color: #00e700;
} }
</style> </style>
<!--suppress ES6ConvertVarToLetConst -->
<script> <script>
var lang = <?= json_encode($lang) ?>; var lang = <?= json_encode($lang) ?>;
var pass_regex = <?= uConfig::passRegex() ?>; var pass_regex = <?= uConfig::passRegex() ?>;

3
scripts/ulogger.sql → scripts/ulogger.mysql
View File

@ -16,7 +16,8 @@ DROP TABLE IF EXISTS `users`;
CREATE TABLE `users` ( CREATE TABLE `users` (
`id` int(11) NOT NULL AUTO_INCREMENT PRIMARY KEY, `id` int(11) NOT NULL AUTO_INCREMENT PRIMARY KEY,
`login` varchar(15) CHARACTER SET latin1 NOT NULL UNIQUE, `login` varchar(15) CHARACTER SET latin1 NOT NULL UNIQUE,
`password` varchar(255) CHARACTER SET latin1 NOT NULL DEFAULT '' `password` varchar(255) CHARACTER SET latin1 NOT NULL DEFAULT '',
`admin` boolean NOT NULL DEFAULT FALSE
) ENGINE=InnoDB DEFAULT CHARSET=utf8; ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- -------------------------------------------------------- -- --------------------------------------------------------

3
scripts/ulogger.pgsql
View File

@ -16,7 +16,8 @@ DROP TABLE IF EXISTS users;
CREATE TABLE users ( CREATE TABLE users (
id serial PRIMARY KEY, id serial PRIMARY KEY,
login varchar(15) NOT NULL UNIQUE, login varchar(15) NOT NULL UNIQUE,
password varchar(255) NOT NULL DEFAULT '' password varchar(255) NOT NULL DEFAULT '',
admin boolean NOT NULL DEFAULT FALSE
); );
-- -------------------------------------------------------- -- --------------------------------------------------------

3
scripts/ulogger.sqlite
View File

@ -13,7 +13,8 @@ DROP TABLE IF EXISTS `users`;
CREATE TABLE `users` ( CREATE TABLE `users` (
`id` integer PRIMARY KEY AUTOINCREMENT, `id` integer PRIMARY KEY AUTOINCREMENT,
`login` varchar(15) NOT NULL UNIQUE, `login` varchar(15) NOT NULL UNIQUE,
`password` varchar(255) NOT NULL DEFAULT '' `password` varchar(255) NOT NULL DEFAULT '',
`admin` integer NOT NULL DEFAULT 0
); );
-- -------------------------------------------------------- -- --------------------------------------------------------