summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Pointner <equinox@ffgraz.net>2009-02-08 04:48:53 +0000
committerChristian Pointner <equinox@ffgraz.net>2009-02-08 04:48:53 +0000
commitf6be9edd401664d95e60ae3c81aeaf36723ba891 (patch)
tree86f2127f51f0f16053c1b593c722cf0a5eeecba4
parent0c420c393dba896e14972ecb5181904f1a1342a4 (diff)
added login capability
-rw-r--r--check_user.php18
-rw-r--r--data.php24
-rw-r--r--db.class.php100
-rw-r--r--index.php31
-rw-r--r--login.php40
-rw-r--r--map.css15
-rw-r--r--map.js73
7 files changed, 218 insertions, 83 deletions
diff --git a/check_user.php b/check_user.php
new file mode 100644
index 0000000..4b89267
--- /dev/null
+++ b/check_user.php
@@ -0,0 +1,18 @@
+<?php
+require_once("db.class.php");
+
+function check_user($username, $password)
+{
+ require_once("config.php");
+ $db = new DB($conf['db']['user'], $conf['db']['password'], $conf['db']['host'], $conf['db']['database']);
+
+ $escaped_username = $db->escape_string($username);
+
+ $db->query("SELECT password FROM person WHERE email='".$escaped_username."'");
+ $data = $db->getNextObject();
+ if($data->password == md5($password))
+ return true;
+
+ return false;
+}
+?>
diff --git a/data.php b/data.php
index 284e65e..adcdbfa 100644
--- a/data.php
+++ b/data.php
@@ -1,21 +1,5 @@
<?php
-/*
- * Copyright (C) 2006 Gaubatz Patrick <patrick@gaubatz.at>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
+session_start();
require_once("db.class.php");
require_once("ipmatch.php");
@@ -28,6 +12,12 @@ header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
$db = new DB($conf['db']['user'], $conf['db']['password'], $conf['db']['host'], $conf['db']['database']);
$conf['acl']['auth'] = match_network($conf['acl']['range'],$_SERVER[REMOTE_ADDR]);
+if(!$conf['acl']['auth'] )
+{
+ if (isset($_SESSION['logged_in']) && $_SESSION['logged_in'])
+ $conf['acl']['auth'] = true;
+}
+
$x_startpoint = 4080;
$lng_startpoint = 15.43844103813;
$dx_dLng = 50675.5176;
diff --git a/db.class.php b/db.class.php
index 6603804..28dba49 100644
--- a/db.class.php
+++ b/db.class.php
@@ -1,61 +1,47 @@
<?php
-/*
- * Copyright (C) 2006 Gaubatz Patrick <patrick@gaubatz.at>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
class DB {
- var $user, $pass, $host, $dbname;
- var $db;
- var $res;
-
- function DB($user, $pass, $host, $dbname) {
- $this->user = $user;
- $this->pass = $pass;
- $this->host = $host;
- $this->dbname = $dbname;
-
- $this->connect();
- }
-
- function connect() {
- $this->db = mysql_connect($this->host, $this->user, $this->pass)
- or $this->error("Verbindungsaufbau fehlgeschlagen");
-
- mysql_select_db($this->dbname);
- }
-
- function error($msg) {
- die($msg . ": " . @mysql_error());
- }
-
- function query($query) {
- $this->res = mysql_query($query, $this->db)
- or $this->error("Fehler bei Datenbankanfrage");
- }
-
- function numObjects() {
- return mysql_num_rows($this->res);
- }
-
- function getNextObject() {
- if (!$this->res) {
- return;
- }
- return mysql_fetch_object($this->res);
- }
+var $user, $pass, $host, $dbname;
+var $db;
+var $res;
+
+function DB($user, $pass, $host, $dbname) {
+ $this->user = $user;
+ $this->pass = $pass;
+ $this->host = $host;
+ $this->dbname = $dbname;
+ $this->connect();
+}
+
+function connect() {
+ $this->db = mysql_connect($this->host, $this->user, $this->pass)
+ or $this->error("Verbindungsaufbau fehlgeschlagen");
+ mysql_select_db($this->dbname);
+}
+
+function error($msg) {
+ die($msg . ": " . @mysql_error());
+}
+
+function query($query) {
+ $this->res = mysql_query($query, $this->db)
+ or $this->error("Fehler bei Datenbankanfrage");
}
+
+function escape_string($string) {
+ return mysql_real_escape_string($string, $this->db);
+}
+
+function numObjects() {
+ return mysql_num_rows($this->res);
+}
+
+function getNextObject() {
+ if (!$this->res) {
+ return;
+ }
+ return mysql_fetch_object($this->res);
+ }
+}
+
+
?>
diff --git a/index.php b/index.php
index aed6a1a..8233594 100644
--- a/index.php
+++ b/index.php
@@ -1,4 +1,6 @@
<?php
+session_start();
+
if(isset($_REQUEST['lat'])) $lat = mysql_escape_string($_REQUEST['lat']);
if(isset($_REQUEST['lng'])) $lng = mysql_escape_string($_REQUEST['lng']);
if(isset($_REQUEST['res'])) $res = $_REQUEST['res'];
@@ -82,14 +84,27 @@ if($_SERVER['HTTP_HOST'] == 'dev-karte.ffgraz.net') {
</form>
</div>
</div>
- <div id="addressbox" class="box">
- <b>Adresse suchen:</b>
- <form action="#" onsubmit="showAddress(this.address.value); return false">
- <p>
- <input type="text" size="40" name="address" value="Lendkai 1" />
- <input type="submit" value="Suchen" />
- </p>
- </form>
+ <div id="southeastcontainer">
+ <div id="loginbox" class="box">
+ <script type="text/javascript">
+ <?php
+ if (!isset($_SESSION['logged_in']) || !$_SESSION['logged_in']) {
+ echo 'showFFLogin();';
+ } else {
+ echo 'showFFLogout("'.$_SESSION['username'].'");';
+ }
+ ?>11
+ </script>
+ </div>
+ <div id="addressbox" class="box">
+ <b>Adresse suchen:</b>
+ <form action="#" onsubmit="showAddress(this.address.value); return false">
+ <p>
+ <input type="text" size="35" name="address" value="Lendkai 1" />
+ <input type="submit" value="Suchen" />
+ </p>
+ </form>
+ </div>
</div>
</body>
</html>
diff --git a/login.php b/login.php
new file mode 100644
index 0000000..02015e7
--- /dev/null
+++ b/login.php
@@ -0,0 +1,40 @@
+<?php
+session_start();
+
+header("Content-Type: text/xml");
+header("Cache-Control: no-cache, must-revalidate");
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+
+require_once('check_user.php');
+
+echo "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n";
+echo "<root>\n";
+
+if (isset($_POST['login']))
+{
+ if(check_user($_POST['username'], $_POST['password']))
+ {
+ $_SESSION['logged_in'] = true;
+ $_SESSION['username'] = $_POST['username'];
+ }
+ else
+ {
+ echo '<error string="'.'Ihre Anmeldedaten waren nicht korrekt!'.'" />'."\n";
+ }
+}
+else if (isset($_POST['logout']))
+{
+ session_destroy();
+ $_SESSION['logged_in'] = false;
+}
+
+if (isset($_SESSION['logged_in']) && $_SESSION['logged_in'])
+{
+ echo '<status code="'.'logged_in'.'" />'."\n";
+ echo '<username name="'.$_SESSION['username'].'" />'."\n";
+}
+else
+{
+ echo '<status code="'.'logged_out'.'" />'."\n";
+}
+echo "</root>";
diff --git a/map.css b/map.css
index 02fdea9..0466143 100644
--- a/map.css
+++ b/map.css
@@ -55,10 +55,23 @@ div.box {
margin-right: 0;
}
-#addressbox {
+#southeastcontainer {
position: absolute;
right: 10px;
bottom: 10px;
+ padding: 0;
+}
+
+#loginbox {
+ margin-top: 0;
+ margin-left: auto;
+ marign-right: 0;
+}
+
+#addressbox {
+ margin-top: 1ex;
+ margin-left: auto;
+ margin-bottom: 0;
}
#distboxouter {
diff --git a/map.js b/map.js
index 6edc21c..3ac9685 100644
--- a/map.js
+++ b/map.js
@@ -364,6 +364,79 @@ function setNewMarker(point) {
marker.openInfoWindowHtml(addNewNodeText(point));
}
+function fflogin(username, password) {
+ var postbody = "username=" + encodeURIComponent(username) + "&password=" + encodeURIComponent(password) + "&login=Einloggen#";
+ GDownloadUrl("login.php", onFFLogin, postbody);
+}
+
+function onFFLogin(data, responseCode) {
+ if (responseCode < 200 || responseCode > 299) {
+ return alert("Fehler: Konnte die Daten nicht laden!\n(Server Antwort-Code: " + responseCode + ")");
+ }
+ xmlData = GXml.parse(data);
+
+ var error = xmlData.getElementsByTagName("error");
+ if(error.length > 0) {
+ alert(error[0].getAttribute("string"));
+ }
+ else {
+ var status = xmlData.getElementsByTagName("status");
+ if(status[0].getAttribute("code") == "logged_in") {
+ var username = xmlData.getElementsByTagName("username")[0].getAttribute("name");
+ showFFLogout(username);
+
+ reloadcon.started();
+ GDownloadUrl("data.php", onData);
+ }
+ }
+}
+
+function showFFLogin() {
+ var html = '<form action="#" onsubmit="fflogin(this.username.value, this.password.value); this.reset(); return false">';
+ html += '<table><tr>';
+ html += '<td>Benutzername:</td>';
+ html += '<td><input name="username" size="23" type="text" tabindex="1"/></td>';
+ html += '<td rowspan="2" valign="bottom"><input name="login" type="submit" id="login" value="Einloggen" tabindex="3"></td>';
+ html += '</tr><tr>';
+ html += '<td>Passwort:</td>';
+ html += '<td><input name="password" type="password" tabindex="2" /></td>';
+ html += '</tr></table></form>';
+
+ document.getElementById("loginbox").innerHTML = html;
+}
+
+function fflogout() {
+ var postbody = "logout=Ausloggen#";
+ GDownloadUrl("login.php", onFFLogout, postbody);
+}
+
+function onFFLogout(data, responseCode) {
+ if (responseCode < 200 || responseCode > 299) {
+ return alert("Fehler: Konnte die Daten nicht laden!\n(Server Antwort-Code: " + responseCode + ")");
+ }
+ xmlData = GXml.parse(data);
+
+ var error = xmlData.getElementsByTagName("error");
+ if(error.length > 0) {
+ alert(error[0].getAttribute("string"));
+ }
+ else {
+ showFFLogin();
+
+ reloadcon.started();
+ GDownloadUrl("data.php", onData);
+ }
+}
+
+function showFFLogout(username) {
+ var html = '<form action="#" onsubmit="fflogout(); return false">';
+ html += 'Sie sind eingeloggt als:</br >';
+ html += '<b>'+username+'</b>&nbsp;&nbsp;&nbsp;'
+ html += '<input name="login" type="submit" id="logout" value="Ausloggen"></form>';
+
+ document.getElementById("loginbox").innerHTML = html;
+}
+
function showAddress(address) {
if (geocoder) {
address += ", Graz, Austria";