diff options
-rw-r--r-- | check_user.php | 18 | ||||
-rw-r--r-- | data.php | 24 | ||||
-rw-r--r-- | db.class.php | 100 | ||||
-rw-r--r-- | index.php | 31 | ||||
-rw-r--r-- | login.php | 40 | ||||
-rw-r--r-- | map.css | 15 | ||||
-rw-r--r-- | map.js | 73 |
7 files changed, 218 insertions, 83 deletions
diff --git a/check_user.php b/check_user.php new file mode 100644 index 0000000..4b89267 --- /dev/null +++ b/check_user.php @@ -0,0 +1,18 @@ +<?php +require_once("db.class.php"); + +function check_user($username, $password) +{ + require_once("config.php"); + $db = new DB($conf['db']['user'], $conf['db']['password'], $conf['db']['host'], $conf['db']['database']); + + $escaped_username = $db->escape_string($username); + + $db->query("SELECT password FROM person WHERE email='".$escaped_username."'"); + $data = $db->getNextObject(); + if($data->password == md5($password)) + return true; + + return false; +} +?> @@ -1,21 +1,5 @@ <?php
-/*
- * Copyright (C) 2006 Gaubatz Patrick <patrick@gaubatz.at>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
+session_start();
require_once("db.class.php");
require_once("ipmatch.php");
@@ -28,6 +12,12 @@ header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); $db = new DB($conf['db']['user'], $conf['db']['password'], $conf['db']['host'], $conf['db']['database']);
$conf['acl']['auth'] = match_network($conf['acl']['range'],$_SERVER[REMOTE_ADDR]);
+if(!$conf['acl']['auth'] )
+{
+ if (isset($_SESSION['logged_in']) && $_SESSION['logged_in'])
+ $conf['acl']['auth'] = true;
+}
+
$x_startpoint = 4080;
$lng_startpoint = 15.43844103813;
$dx_dLng = 50675.5176;
diff --git a/db.class.php b/db.class.php index 6603804..28dba49 100644 --- a/db.class.php +++ b/db.class.php @@ -1,61 +1,47 @@ <?php
-/*
- * Copyright (C) 2006 Gaubatz Patrick <patrick@gaubatz.at>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
class DB {
- var $user, $pass, $host, $dbname;
- var $db;
- var $res;
-
- function DB($user, $pass, $host, $dbname) {
- $this->user = $user;
- $this->pass = $pass;
- $this->host = $host;
- $this->dbname = $dbname;
-
- $this->connect();
- }
-
- function connect() {
- $this->db = mysql_connect($this->host, $this->user, $this->pass)
- or $this->error("Verbindungsaufbau fehlgeschlagen");
-
- mysql_select_db($this->dbname);
- }
-
- function error($msg) {
- die($msg . ": " . @mysql_error());
- }
-
- function query($query) {
- $this->res = mysql_query($query, $this->db)
- or $this->error("Fehler bei Datenbankanfrage");
- }
-
- function numObjects() {
- return mysql_num_rows($this->res);
- }
-
- function getNextObject() {
- if (!$this->res) {
- return;
- }
- return mysql_fetch_object($this->res);
- }
+var $user, $pass, $host, $dbname;
+var $db;
+var $res;
+
+function DB($user, $pass, $host, $dbname) {
+ $this->user = $user;
+ $this->pass = $pass;
+ $this->host = $host;
+ $this->dbname = $dbname;
+ $this->connect();
+}
+
+function connect() {
+ $this->db = mysql_connect($this->host, $this->user, $this->pass)
+ or $this->error("Verbindungsaufbau fehlgeschlagen");
+ mysql_select_db($this->dbname);
+}
+
+function error($msg) {
+ die($msg . ": " . @mysql_error());
+}
+
+function query($query) {
+ $this->res = mysql_query($query, $this->db)
+ or $this->error("Fehler bei Datenbankanfrage");
}
+
+function escape_string($string) {
+ return mysql_real_escape_string($string, $this->db);
+}
+
+function numObjects() {
+ return mysql_num_rows($this->res);
+}
+
+function getNextObject() {
+ if (!$this->res) {
+ return;
+ }
+ return mysql_fetch_object($this->res);
+ }
+}
+
+
?>
@@ -1,4 +1,6 @@ <?php
+session_start();
+
if(isset($_REQUEST['lat'])) $lat = mysql_escape_string($_REQUEST['lat']);
if(isset($_REQUEST['lng'])) $lng = mysql_escape_string($_REQUEST['lng']);
if(isset($_REQUEST['res'])) $res = $_REQUEST['res'];
@@ -82,14 +84,27 @@ if($_SERVER['HTTP_HOST'] == 'dev-karte.ffgraz.net') { </form>
</div>
</div>
- <div id="addressbox" class="box">
- <b>Adresse suchen:</b>
- <form action="#" onsubmit="showAddress(this.address.value); return false">
- <p>
- <input type="text" size="40" name="address" value="Lendkai 1" />
- <input type="submit" value="Suchen" />
- </p>
- </form>
+ <div id="southeastcontainer">
+ <div id="loginbox" class="box">
+ <script type="text/javascript">
+ <?php
+ if (!isset($_SESSION['logged_in']) || !$_SESSION['logged_in']) {
+ echo 'showFFLogin();';
+ } else {
+ echo 'showFFLogout("'.$_SESSION['username'].'");';
+ }
+ ?>11
+ </script>
+ </div>
+ <div id="addressbox" class="box">
+ <b>Adresse suchen:</b>
+ <form action="#" onsubmit="showAddress(this.address.value); return false">
+ <p>
+ <input type="text" size="35" name="address" value="Lendkai 1" />
+ <input type="submit" value="Suchen" />
+ </p>
+ </form>
+ </div>
</div>
</body>
</html>
diff --git a/login.php b/login.php new file mode 100644 index 0000000..02015e7 --- /dev/null +++ b/login.php @@ -0,0 +1,40 @@ +<?php +session_start(); + +header("Content-Type: text/xml"); +header("Cache-Control: no-cache, must-revalidate"); +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); + +require_once('check_user.php'); + +echo "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"; +echo "<root>\n"; + +if (isset($_POST['login'])) +{ + if(check_user($_POST['username'], $_POST['password'])) + { + $_SESSION['logged_in'] = true; + $_SESSION['username'] = $_POST['username']; + } + else + { + echo '<error string="'.'Ihre Anmeldedaten waren nicht korrekt!'.'" />'."\n"; + } +} +else if (isset($_POST['logout'])) +{ + session_destroy(); + $_SESSION['logged_in'] = false; +} + +if (isset($_SESSION['logged_in']) && $_SESSION['logged_in']) +{ + echo '<status code="'.'logged_in'.'" />'."\n"; + echo '<username name="'.$_SESSION['username'].'" />'."\n"; +} +else +{ + echo '<status code="'.'logged_out'.'" />'."\n"; +} +echo "</root>"; @@ -55,10 +55,23 @@ div.box { margin-right: 0; } -#addressbox { +#southeastcontainer { position: absolute; right: 10px; bottom: 10px; + padding: 0; +} + +#loginbox { + margin-top: 0; + margin-left: auto; + marign-right: 0; +} + +#addressbox { + margin-top: 1ex; + margin-left: auto; + margin-bottom: 0; } #distboxouter { @@ -364,6 +364,79 @@ function setNewMarker(point) { marker.openInfoWindowHtml(addNewNodeText(point)); } +function fflogin(username, password) { + var postbody = "username=" + encodeURIComponent(username) + "&password=" + encodeURIComponent(password) + "&login=Einloggen#"; + GDownloadUrl("login.php", onFFLogin, postbody); +} + +function onFFLogin(data, responseCode) { + if (responseCode < 200 || responseCode > 299) { + return alert("Fehler: Konnte die Daten nicht laden!\n(Server Antwort-Code: " + responseCode + ")"); + } + xmlData = GXml.parse(data); + + var error = xmlData.getElementsByTagName("error"); + if(error.length > 0) { + alert(error[0].getAttribute("string")); + } + else { + var status = xmlData.getElementsByTagName("status"); + if(status[0].getAttribute("code") == "logged_in") { + var username = xmlData.getElementsByTagName("username")[0].getAttribute("name"); + showFFLogout(username); + + reloadcon.started(); + GDownloadUrl("data.php", onData); + } + } +} + +function showFFLogin() { + var html = '<form action="#" onsubmit="fflogin(this.username.value, this.password.value); this.reset(); return false">'; + html += '<table><tr>'; + html += '<td>Benutzername:</td>'; + html += '<td><input name="username" size="23" type="text" tabindex="1"/></td>'; + html += '<td rowspan="2" valign="bottom"><input name="login" type="submit" id="login" value="Einloggen" tabindex="3"></td>'; + html += '</tr><tr>'; + html += '<td>Passwort:</td>'; + html += '<td><input name="password" type="password" tabindex="2" /></td>'; + html += '</tr></table></form>'; + + document.getElementById("loginbox").innerHTML = html; +} + +function fflogout() { + var postbody = "logout=Ausloggen#"; + GDownloadUrl("login.php", onFFLogout, postbody); +} + +function onFFLogout(data, responseCode) { + if (responseCode < 200 || responseCode > 299) { + return alert("Fehler: Konnte die Daten nicht laden!\n(Server Antwort-Code: " + responseCode + ")"); + } + xmlData = GXml.parse(data); + + var error = xmlData.getElementsByTagName("error"); + if(error.length > 0) { + alert(error[0].getAttribute("string")); + } + else { + showFFLogin(); + + reloadcon.started(); + GDownloadUrl("data.php", onData); + } +} + +function showFFLogout(username) { + var html = '<form action="#" onsubmit="fflogout(); return false">'; + html += 'Sie sind eingeloggt als:</br >'; + html += '<b>'+username+'</b> ' + html += '<input name="login" type="submit" id="logout" value="Ausloggen"></form>'; + + document.getElementById("loginbox").innerHTML = html; +} + function showAddress(address) { if (geocoder) { address += ", Graz, Austria"; |