/* Copyright (c) 2009 Arnaud Renevier, Inc, published under the modified BSD
license. */
-require_once ("./inc/settings.php");
-require_once ("./inc/db/mysql.php");
-require_once ("./inc/utils.php");
-
function exit_document ($body) {
- exit ("<html><head></head><body>$body</body></html>");
+ $charset_meta = '<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">';
+ exit ("<html>$charset_meta<head></head><body>$body</body></html>");
+}
+
+function success ($reason) {
+ exit_document ("<success request=\"$reason\"></success>");
}
-function success_auth () {
- success ("auth");
+function success_changepass ($username) {
+ $res = "<success request=\"changepass\"><user>" .
+ htmlspecialchars ($username) .
+ "</user></success>";
+ exit_document ($res);
+}
+
+function success_newuser ($username) {
+ $res = "<success request=\"newuser\"><user>" .
+ htmlspecialchars ($username) .
+ "</user></success>";
+ exit_document ($res);
+}
+
+function success_auth ($user) {
+ $res = "<success request=\"$reason\"><user>" .
+ htmlspecialchars ($user) .
+ "</user></success>";
+ exit_document ($res);
}
function success_feature ($feature, $request) {
exit_document ($res);
}
-function success ($reason) {
- exit_document ("<success request=\"$reason\"></success>");
-}
-
function error ($reason) {
exit_document ("<error reason=\"$reason\"></error>");
}
+function error_newuser_exists () {
+ error ("newuser_exists");
+}
+
function error_feature ($id, $reason) {
$res = "<error reason=\"$reason\"><feature>";
$res .= "<id>" . $id . "</id>";
exit_document ($res);
}
-function nochange_error ($id) {
+function error_nochange ($id) {
error_feature ($id, "nochange");
}
-function unreferenced_error ($id) {
+function error_unreferenced ($id) {
error_feature ($id, "unreferenced");
}
-function server_error () {
+function error_server () {
error ("server");
}
-function unauthorized_error () {
+function error_wrongpass () {
+ error ("wrongpass");
+}
+
+function error_unauthorized () {
error ("unauthorized");
}
-function request_error () {
+function error_request () {
error ("request");
}
-function file_too_big_error () {
+function error_file_too_big () {
error ("toobig");
}
-function notanimage_error () {
+function error_notanimage () {
error ("notimage");
}
$dest = unique_file (UPLOADDIR, $file ["name"], $con);
if (!isset ($dest) ||
(!move_uploaded_file ($file ["tmp_name"], $dest))) {
- server_error ();
+ error_server ();
}
$mini_dest = getthumbsdir () . "/mini_" . basename_safe ($dest);
- try {
- $thumbnail_ok = create_thumbnail ($dest, $mini_dest);
- } catch (Exception $e) {
- $thumbnail_ok = false;
- }
- if (!$thumbnail_ok) {
- if (!copy ($dest, $mini_dest)) {
- server_error ();
- }
+ if (!create_thumbnail_or_copy ($dest, $mini_dest)) {
+ error_server ();
}
-
}
return basename_safe ($dest);
}
function img_check_upload ($file) {
if (!is_uploaded_file ($file ["tmp_name"])) {
if ($file ["error"] == UPLOAD_ERR_INI_SIZE) {
- file_too_big_error ();
+ error_file_too_big ();
} else {
- server_error ();
+ error_server ();
}
}
if (!getimagesize ($file ["tmp_name"])) {
- notanimage_error ();
+ error_notanimage ();
}
}
return null;
}
-function check_auth ($con, $pwd, $cookie_name, $auth_only) {
+function setcookies ($user, $pwd) {
+ // cookie will be valid for 2 weeks. I've chosen that value
+ // arbitrarily, and it may change in the future.
+ $time = time () + 14 * 60 * 24 * 60;
+ if (version_compare (PHP_VERSION, '5.2.0', '>=')) {
+ setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false, true);
+ setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false, true);
+ } else {
+ setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false);
+ setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false);
+ }
+
+}
+
+function check_auth ($con, $user, $pwd, $auth_only) {
$authentificated = false;
- $user = "admin";
- if ($pwd) {
+ if (isset ($pwd)) {
if ($con->checkpwdmd5 ($user, md5 ($pwd))) {
- // cookie will be valid for 2 weeks. I've chosen that value
- // arbitrarily, and it may change in the future.
- $time = time () + 14 * 60 * 24 * 60;
- setcookie ($cookie_name, md5 ($pwd), $time, "" , "", false, true);
+ setcookies ($user, $pwd);
$authentificated = true;
if ($auth_only) {
- success_auth ();
+ success_auth ($user);
}
} else {
- unauthorized_error ();
+ error_unauthorized ();
}
}
- if (!$authentificated && !($con->checkpwdmd5 ($user,
- $_COOKIE [$cookie_name]))) {
- unauthorized_error ();
+ if (!$authentificated && !($con->checkpwdmd5 (
+ $_COOKIE [sprintf ("%suser", DBPREFIX)],
+ $_COOKIE [sprintf ("%sauth", DBPREFIX)]))) {
+ error_unauthorized ();
}
}
function main ($con) {
if (!isset ($_POST ["request"])) {
- request_error ();
+ error_request ();
}
- $pwd = unquote ($_POST["password"]);
- $cookie_name = sprintf ("%sauth", DBPREFIX);
+ $pwd = unquote ($_POST ["password"]);
+ $user = unquote ($_POST ["user"]);
// does user only want authentication or does he want to do other things
$auth_only = ($_POST ["request"] == "auth");
- check_auth ($con, $pwd, $cookie_name, $auth_only);
+ check_auth ($con, $user, $pwd, $auth_only);
+ if (!$user) {
+ $user = $_COOKIE [sprintf ("%suser", DBPREFIX)];
+ }
switch ($_POST ["request"]) {
case "update":
$id = $_POST ["fid"];
$feature = $con->getfeature ($id);
if (!isset ($feature)) {
- unreferenced_error ($id);
+ error_unreferenced ($id);
+ }
+ if (($feature->user != $user) && ($user != "admin")) {
+ error_unauthorized ();
}
// no file uploaded, but editor currently has an image: it means
if ($_POST ["keep_img"] == "yes") {
$imgpath = $feature->imgpath;
} else {
+ error_request ();
$imgpath = save_uploaded_file ($_FILES ["image_file"], $con);
}
$description = unquote ($_POST ["description"]);
try {
- $new_feature = new feature ($id, $lon, $lat, $imgpath, $title, $description, 0);
+ $new_feature = new feature ($id, $lon, $lat, $imgpath, $title, $description, 0, $user);
} catch (Exception $e) {
- request_error ();
+ error_request ();
}
if (($new_feature->lon == $feature->lon) &&
($new_feature->title == $feature->title) &&
($new_feature->imgpath == $feature->imgpath) &&
($new_feature->description == $feature->description)) {
- nochange_error ($feature->id);
+ error_nochange ($feature->id);
}
$old_imgpath = "";
try {
$con->save_feature ($new_feature);
} catch (Exception $e) {
- server_error ();
+ error_server ();
}
if ($old_imgpath) {
try {
success_feature ($new_feature, "update");
break;
case "add":
+ error_request ();
$imgpath = save_uploaded_file ($_FILES ["image_file"], $con);
$lon = $_POST ["lon"];
$title = unquote ($_POST ["title"]);
$description = unquote ($_POST ["description"]);
try {
- $feature = new feature (null, $lon, $lat, $imgpath, $title, $description, 0);
+ $feature = new feature (null, $lon, $lat, $imgpath, $title, $description, 0, $user);
} catch (Exception $e) {
- request_error ();
+ error_request ();
}
try {
$feature = $con->save_feature ($feature);
} catch (Exception $e) {
- server_error ();
+ error_server ();
}
success_feature ($feature, "add");
break;
case "del":
+ error_request ();
$id = $_POST ["fid"];
$feature = $con->getfeature ($id);
if (!isset ($feature)) {
- unreferenced_error ($id);
+ error_unreferenced ($id);
+ }
+ if ($feature->user != $user) {
+ error_unauthorized ();
}
$imgpath = $feature->imgpath;
try {
$con->delete_feature ($feature);
} catch (Exception $e) {
- server_error ();
+ error_server ();
}
try {
} catch (Exception $e) {}
success_delete_feature ($feature);
+ case "changepass":
+ error_request ();
+ $currpass = unquote ($_POST ["pass_current"]);
+ if (!$con->checkpwdmd5 ($user, md5 ($currpass))) {
+ error_wrongpass ();
+ }
+ $newpass = unquote ($_POST ["pass_new"]);
+ try {
+ $con->setpwd ($user, $newpass);
+ } catch (Exception $e) {
+ if ($e->getMessage () == anydbConnection::err_query) {
+ error_request ();
+ }
+ error_server ();
+ }
+ setcookies ($user, $newpass);
+ success_changepass ($user);
+ break;
+ case "newuser":
+ error_request ();
+ if ($user != "admin") {
+ error_unauthorized ();
+ }
+ $newuser_name = unquote ($_POST ["newuser_name"]);
+ if (!$newuser_name) {
+ error_request ();
+ }
+ if ($con->user_exists ($newuser_name)) {
+ error_newuser_exists ();
+ }
+ $newuser_password = unquote ($_POST ["newuser_password"]);
+ try {
+ $con->setpwd ($newuser_name, $newuser_password);
+ } catch (Exception $e) {
+ if ($e->getMessage () == anydbConnection::err_query) {
+ error_request ();
+ }
+ error_server ();
+ }
+ success_newuser ($newuser_name);
+ break;
default:
- request_error();
+ error_request();
break;
}
- server_error ();
+ error_server ();
}
+if (!@include_once ("./inc/settings.php")) {
+ error_server ();
+}
+require_once ("./inc/db/" . (defined ("DBTYPE")? DBTYPE: "mysql") . ".php");
+require_once ("./inc/utils.php");
+
try {
$connection->connect (DBHOST, DBUSER, DBPWD, DBNAME, DBPREFIX);
} catch (Exception $e) {
- server_error ();
+ error_server ();
}
main ($connection);