Admin User

This commit is contained in:
Walter Hupfeld 2024-02-21 19:42:20 +01:00
parent 11575edc75
commit c1c4151300
12 changed files with 69 additions and 59 deletions

View File

@ -21,3 +21,10 @@ $db->exec("CREATE TABLE IF NOT EXISTS user(
)"); )");
header("Location: configuration.php"); header("Location: configuration.php");
INSERT INTO user (username, passwordhash, district)
SELECT district, "$2y$10$W9CE8IOOfnfi3XTMEVByZeDIrZo1VPxCHz2CfCe.sOH87V/AdaUG2", district
FROM district;

View File

@ -6,7 +6,13 @@
header("Location: login.php"); header("Location: login.php");
} }
$dbFilename = "../db/locations.db"; if (isset($_SESSION['superadmin'])) {
$boolSuperAdmin = $_SESSION['superadmin']==true;
} else {
$boolSuperAdmin=false;
}
require_once("../config.php"); require_once("../config.php");
$boolError=false; $boolError=false;
?> ?>
@ -72,7 +78,7 @@
<div class="row"> <div class="row">
<div class="col-md-7 col-lg-7"> <div class="col-md-7 col-lg-7">
<?php if ($boolSuperAdmin): ?>
<div class="card"> <div class="card">
<div class="card-header"> <div class="card-header">
<h3>Konfiguration</h3> <h3>Konfiguration</h3>
@ -130,6 +136,7 @@
<input type="hidden" name="csrf" value="<?=$_SESSION['csrf_token']?>"> <input type="hidden" name="csrf" value="<?=$_SESSION['csrf_token']?>">
<input type="submit" class="btn btn-primary" value="Konfiguration ändern"> <input type="submit" class="btn btn-primary" value="Konfiguration ändern">
</form> </form>
<?php endif; ?>
<br><br><br> <br><br><br>
</div> </div>
</div> <!-- row --> </div> <!-- row -->

View File

@ -16,10 +16,13 @@
header("Location: login.php"); header("Location: login.php");
} }
$strDistrict=$_SESSION['district']; $strDistrict=$_SESSION['district'];
if (isset($_SESSION['superadmin'])) {
$boolSuperAdmin = $_SESSION['superadmin']==true;
} else {
$boolSuperAdmin=false;
}
$sqlDistrict = ($boolSuperAdmin) ? "1" : "l.district='$strDistrict'"; $sqlDistrict = ($boolSuperAdmin) ? "1" : "l.district='$strDistrict'";
require("../config.db.php");
require ("../config.php"); require ("../config.php");
// Set headers to make the browser download the results as a csv file // Set headers to make the browser download the results as a csv file

View File

@ -15,9 +15,13 @@
if (!$boolLogin) { if (!$boolLogin) {
header("Location: login.php"); header("Location: login.php");
} }
$strDistrict=$_SESSION['district']; $strDistrict=$_SESSION['district'];
$sqlDistrict = ($boolSuperAdmin) ? "1" : "l.district='$strDistrict'"; $sqlDistrict = ($boolSuperAdmin) ? "1" : "l.district='$strDistrict'";
require ("../config.php"); require ("../config.php");
?> ?>
<!DOCTYPE html> <!DOCTYPE html>

View File

@ -17,6 +17,14 @@
header("Location: login.php"); header("Location: login.php");
} }
$strDistrict=$_SESSION['district']; $strDistrict=$_SESSION['district'];
if (isset($_SESSION['superadmin'])) {
$boolSuperAdmin = $_SESSION['superadmin']==true;
} else {
$boolSuperAdmin=false;
}
include("../config.php"); include("../config.php");
$boolShowmap=false; $boolShowmap=false;

View File

@ -25,12 +25,14 @@ $boolLogin=true;
if (isset($_POST['login']) && isset($_POST['password'])) { if (isset($_POST['login']) && isset($_POST['password'])) {
$strUser = trim($_POST['login']); $strUser = trim($_POST['login']);
$strPassword = trim($_POST['password']); $strPassword = trim($_POST['password']);
$strSQL = "SELECT username,passwordhash FROM user WHERE username='$strUser'"; $strSQL = "SELECT username,passwordhash,district FROM user WHERE username='$strUser'";
$result = $db->query($strSQL); $result = $db->query($strSQL);
if ($row=$result->fetch(PDO::FETCH_ASSOC)) { if ($row=$result->fetch(PDO::FETCH_ASSOC)) {
if (password_verify($strPassword,$row['passwordhash'])) { $boolOk = $strDistrict==$row['district'] || $row['username']=="admin";
if (password_verify($strPassword,$row['passwordhash']) && $boolOk) {
$_SESSION['user']=$strUser; $_SESSION['user']=$strUser;
$_SESSION['csrf_token'] = uniqid('', true); $_SESSION['csrf_token'] = uniqid('', true);
$_SESSION['superadmin'] = $row['username']=="admin";
header ("Location: index.php"); header ("Location: index.php");
} else { } else {
$boolLogin=false; $boolLogin=false;

View File

@ -1,5 +1,11 @@
<?php <?php
session_start(); session_start();
if (isset($_SESSION['district'])) {
$strDistrict=$_SESSION['district'];
}
session_destroy(); session_destroy();
session_start();
$_SESSION['district']=$strDistrict;
header ("Location: ../index.php"); header ("Location: ../index.php");

View File

@ -7,6 +7,11 @@
header("Location: login.php"); header("Location: login.php");
} }
$strDistrict=$_SESSION['district']; $strDistrict=$_SESSION['district'];
if (isset($_SESSION['superadmin'])) {
$boolSuperAdmin = $_SESSION['superadmin']==true;
} else {
$boolSuperAdmin=false;
}
include("../config.php"); include("../config.php");
$sqlDistrict = ($boolSuperAdmin) ? "1" : "l.district='$strDistrict'"; $sqlDistrict = ($boolSuperAdmin) ? "1" : "l.district='$strDistrict'";

View File

@ -11,8 +11,6 @@
require_once("config.db.php"); require_once("config.db.php");
$boolSuperAdmin=false;
$strSQL = "select * from config"; $strSQL = "select * from config";
$result = $db->query($strSQL); $result = $db->query($strSQL);

View File

@ -1,29 +1,29 @@
version: '3' version: '3'
services: services:
dev-unfallkarte: dev-ideenmelder:
image: php81:v1 image: php81:v1
container_name: dev-unfallkarte container_name: dev-ideenmelder
volumes: volumes:
- ./:/var/www/html - ./:/var/www/html
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.dev-unfallkarte.entrypoints=https" - "traefik.http.routers.dev-ideenmelder.entrypoints=https"
- "traefik.http.routers.dev-unfallkarte.rule=Host(`unfallkarte.hpadm.de`)" - "traefik.http.routers.dev-ideenmelder.rule=Host(`nrw-ideenmelder.hpadm.de`)"
- "traefik.http.routers.dev-unfallkarte.tls=true" - "traefik.http.routers.dev-ideenmelder.tls=true"
- "traefik.http.routers.dev-unfallkarte.tls.certresolver=http" - "traefik.http.routers.dev-ideenmelder.tls.certresolver=http"
- "traefik.http.routers.dev-unfallkarte.middlewares=default@file" - "traefik.http.routers.dev-ideenmelder.middlewares=default@file"
- "traefik.http.routers.dev-unfallkarte.service=dev-unfallkarte" - "traefik.http.routers.dev-ideenmelder.service=dev-ideenmelder"
- "traefik.http.services.dev-unfallkarte.loadbalancer.server.port=80" - "traefik.http.services.dev-ideenmelder.loadbalancer.server.port=80"
- "traefik.docker.network=proxy" - "traefik.docker.network=proxy"
networks: networks:
- default - default
- proxy - proxy
restart: always restart: always
dev-unfallkarte-db: dev-ideenmelder-db:
image: mariadb image: mariadb
container_name: dev-unfallkarte-db container_name: dev-ideenmelder-db
restart: unless-stopped restart: unless-stopped
environment: environment:
- MYSQL_ROOT_PASSWORD=geheim #SQL root Passwort eingeben - MYSQL_ROOT_PASSWORD=geheim #SQL root Passwort eingeben

View File

@ -1,6 +1,5 @@
<?php <?php
/*******************************
/** *****************************
* Ideenmelder * Ideenmelder
* Autor: Walter Hupfeld, Hamm * Autor: Walter Hupfeld, Hamm
* E-Mail: info@hupfeld-software.de * E-Mail: info@hupfeld-software.de

View File

@ -8,15 +8,11 @@
* Datum: 18.05.2021 * Datum: 18.05.2021
******************************** */ ******************************** */
exit();
$dbFilename = "db/locations.db"; require("config.db.php");
$boolError=false; $boolError=false;
if (file_exists("db/locations.php")) {
die ("Datenbank existiert bereits.");
}
?> ?>
@ -79,9 +75,9 @@
* Datenbank anlegen * Datenbank anlegen
* *
************************************************** */ ************************************************** */
$boolError=true;
echo "Datenbank anlegen: "; echo "Datenbank anlegen: ";
if (!$boolError && !file_exists("db/locations.db")) { if (!$boolError) {
require("admin/create_database.php"); require("admin/create_database.php");
echo "Datenbank angelegt"; echo "Datenbank angelegt";
} else { } else {
@ -108,7 +104,7 @@ require("config.php");
</div> </div>
</div> </div>
<br> <br>
<!--
<div class="card"> <div class="card">
<div class="card-header"> <div class="card-header">
<h3>Dateneingabe aktivieren</h3> <h3>Dateneingabe aktivieren</h3>
@ -119,7 +115,7 @@ require("config.php");
</div> </div>
</div> </div>
<br> <br>
-->
<div class="card"> <div class="card">
<div class="card-header"> <div class="card-header">
<h3>Konfiguration</h3> <h3>Konfiguration</h3>
@ -143,31 +139,6 @@ require("config.php");
<br> <br>
<div class="card">
<div class="card-header">
<h3>Karteninfo</h3>
</div>
<div class="card-body">
<h4>Stadt oder Kreis</h4>
<label class="leftlabel">Stadt/Kreis: </label>
<input type="text" name="district" id="district" value="<?=$strStadt?>" required >
<h4>Kartenzentrum</h4>
<div class="small">Hier liegt das Zentrum der Karte und es erscheint der Info-Marker.</div>
<label class="leftlabel">Latitude:</label><input type="text" name="lat" id="lat" value="<?=$numInfoLat?>" required><br>
<label class="leftlabel">Longitude:</label><input type="text" name="lng" id="lng" value="<?=$numInfoLng?>" required><br>
<div class="small">Zoom-Faktor beim Start der Karte.</div>
<label class="leftlabel">Startzoom:</label><input type="text" name="zoom" id="zoom" value="<?=$numZoom?>" required>
<h4>GeoJson</h4>
<p>Die Datei kann man von folgender Adresse laden und ins Vezeichnis /geojson kopieren:
<a href="https://public.opendatasoft.com/explore/dataset/landkreise-in-germany/export/">public.opendatasoft.com</a>
</p>
<label class="leftlabel">GeoJson-Datei: </label><input type="text" name="geojson" id="geojson" value="<?=$fileGeojson?>" required>
</div>
</div>
<br>