- Jquery is available under both MIT and GPL licences. More informations can be
found at http://docs.jquery.com/Licensing
-- editor-throbber.gif and pwd-throbber.gif files have been generated with
- http://ajaxload.info/ generator and are free for use.
+- editor-throbber.gif, newuser-throbber.gif and pwd-throbber.gif files have
+ been generated with http://ajaxload.info/ generator and are free for use.
- copy upload/ back.
- open http://yoururl.com/upgrade.php with your web browser
+co-administrators
+-----------------
+It is possible to allow other people to upload and manage
+pictures/descriptions. In admin interface, select "Add an co-administrator"
+and fill informations (user name and password). Then, you need to communicate
+to your user its username and password. Only admin can add new users.
+
+Other co-administrators will be able to add markers, and delete/modifiy them.
+They cannot modify markers they have not created. admin is the only user
+allowed to manage markers of other users. If you plan to have several
+co-administrators, you may want to create a normal user for yourself, and use
+it to manage your markers. You will then only use admin account when really
+needed.
+
+Currently, SYP does not allow
+
server API
----------
The way server side communicates with client side is described at
exit ("<html><head></head><body>$body</body></html>");
}
+function success ($reason) {
+ exit_document ("<success request=\"$reason\"></success>");
+}
+
+function success_newuser ($username) {
+ $res = "<success request=\"newuser\"><user>" .
+ htmlspecialchars ($user) .
+ "</user></success>";
+ exit_document ($res);
+}
+
function success_auth ($user) {
$res = "<success request=\"$reason\"><user>" .
htmlspecialchars ($user) .
exit_document ($res);
}
-function success ($reason) {
- exit_document ("<success request=\"$reason\"></success>");
-}
-
function error ($reason) {
exit_document ("<error reason=\"$reason\"></error>");
}
+function error_newuser_exists () {
+ error ("newuser_exists");
+}
+
function error_feature ($id, $reason) {
$res = "<error reason=\"$reason\"><feature>";
$res .= "<id>" . $id . "</id>";
exit_document ($res);
}
-function nochange_error ($id) {
+function error_nochange ($id) {
error_feature ($id, "nochange");
}
-function unreferenced_error ($id) {
+function error_unreferenced ($id) {
error_feature ($id, "unreferenced");
}
-function server_error () {
+function error_server () {
error ("server");
}
-function unauthorized_error () {
+function error_unauthorized () {
error ("unauthorized");
}
-function request_error () {
+function error_request () {
error ("request");
}
-function file_too_big_error () {
+function error_file_too_big () {
error ("toobig");
}
-function notanimage_error () {
+function error_notanimage () {
error ("notimage");
}
$dest = unique_file (UPLOADDIR, $file ["name"], $con);
if (!isset ($dest) ||
(!move_uploaded_file ($file ["tmp_name"], $dest))) {
- server_error ();
+ error_server ();
}
$mini_dest = getthumbsdir () . "/mini_" . basename_safe ($dest);
if (!create_thumbnail_or_copy ($dest, $mini_dest)) {
- server_error ();
+ error_server ();
}
}
return basename_safe ($dest);
function img_check_upload ($file) {
if (!is_uploaded_file ($file ["tmp_name"])) {
if ($file ["error"] == UPLOAD_ERR_INI_SIZE) {
- file_too_big_error ();
+ error_file_too_big ();
} else {
- server_error ();
+ error_server ();
}
}
if (!getimagesize ($file ["tmp_name"])) {
- notanimage_error ();
+ error_notanimage ();
}
}
success_auth ($user);
}
} else {
- unauthorized_error ();
+ error_unauthorized ();
}
}
if (!$authentificated && !($con->checkpwdmd5 (
$_COOKIE [sprintf ("%suser", DBPREFIX)],
$_COOKIE [sprintf ("%sauth", DBPREFIX)]))) {
- unauthorized_error ();
+ error_unauthorized ();
}
}
function main ($con) {
if (!isset ($_POST ["request"])) {
- request_error ();
+ error_request ();
}
$pwd = unquote ($_POST ["password"]);
$id = $_POST ["fid"];
$feature = $con->getfeature ($id);
if (!isset ($feature)) {
- unreferenced_error ($id);
+ error_unreferenced ($id);
}
if ($feature->user != $user) {
- unauthorized_error ();
+ error_unauthorized ();
}
// no file uploaded, but editor currently has an image: it means
try {
$new_feature = new feature ($id, $lon, $lat, $imgpath, $title, $description, 0, $user);
} catch (Exception $e) {
- request_error ();
+ error_request ();
}
if (($new_feature->lon == $feature->lon) &&
($new_feature->title == $feature->title) &&
($new_feature->imgpath == $feature->imgpath) &&
($new_feature->description == $feature->description)) {
- nochange_error ($feature->id);
+ error_nochange ($feature->id);
}
$old_imgpath = "";
try {
$con->save_feature ($new_feature);
} catch (Exception $e) {
- server_error ();
+ error_server ();
}
if ($old_imgpath) {
try {
try {
$feature = new feature (null, $lon, $lat, $imgpath, $title, $description, 0, $user);
} catch (Exception $e) {
- request_error ();
+ error_request ();
}
try {
$feature = $con->save_feature ($feature);
} catch (Exception $e) {
- server_error ();
+ error_server ();
}
success_feature ($feature, "add");
break;
$id = $_POST ["fid"];
$feature = $con->getfeature ($id);
if (!isset ($feature)) {
- unreferenced_error ($id);
+ error_unreferenced ($id);
}
if ($feature->user != $user) {
- unauthorized_error ();
+ error_unauthorized ();
}
$imgpath = $feature->imgpath;
try {
$con->delete_feature ($feature);
} catch (Exception $e) {
- server_error ();
+ error_server ();
}
try {
} catch (Exception $e) {}
success_delete_feature ($feature);
+ case "newuser":
+ if ($user != "admin") {
+ error_unauthorized ();
+ }
+ $newuser_name = unquote ($_POST ["newuser_name"]);
+ if (!$newuser_name) {
+ error_request ();
+ }
+ $newuser_password = unquote ($_POST ["newuser_password"]);
+ try {
+ $con->setpwd ($newuser_name, $newuser_password, false);
+ } catch (Exception $e) {
+ if ($e->getMessage () == anydbConnection::err_query) {
+ error_newuser_exists ();
+ } else {
+ error_server ();
+ }
+ }
+ success_newuser ($newuser_name);
+ break;
default:
- request_error();
+ error_request();
break;
}
- server_error ();
+ error_server ();
}
if (!@include_once ("./inc/settings.php")) {
- server_error ();
+ error_server ();
}
require_once ("./inc/db/mysql.php");
require_once ("./inc/utils.php");
try {
$connection->connect (DBHOST, DBUSER, DBPWD, DBNAME, DBPREFIX);
} catch (Exception $e) {
- server_error ();
+ error_server ();
}
main ($connection);
## auth
asks for authentication
+## newuser
+ adds a new user
+ * `$_POST ["newuser_name"]` must contain user name
+ * `$_POST ["newuser_password"]` must contain user password
+
+ Only admin can add new users.
+
+
## add
adds a new feature
* `toobig`: uploaded file was too big
* `notation`: uploaded file was not an image
* `nochange`: when trying to update a feature, there is nothing to update (ie: no field of the feature has changed)
+ * `newuser_exists`: when trying to add an user which has the same name as an already registered user
## success handling:
* `<success request="auth"><user>?user_name?</name></success>`:
authentication was successfull. ?user_name? is name of authenticated user.
+ * `<success request="newuser"><user>?user_name?</name></success>`:
+ new user addition was successfull. ?user_name? is name of newly added user.
+
* `<success request="del">
<feature>
<id>?id?</id>
public function create_items_table();
/*
- * set password $pwd for user $usrname. If $usrname does not exist, create
- * it.
+ * set password $pwd for user $usrname.
+ * If $usrname does not exist:
+ * - if $create_if_not_exists is true: create user.
+ * - if $create_if_not_exists is false: throws an err_query error.
*/
- public function setpwd($usrname, $pwd);
+ public function setpwd($usrname, $pwd, $create_if_not_exists);
/*
* check that $pwd_md5 is md5 for $username password.
$this->_execute_query ($query);
}
- public function setpwd ($user_name, $pwd) {
+ public function setpwd ($user_name, $pwd, $create_if_not_exists) {
$usrname_escaped = mysql_real_escape_string ($user_name);
$query = sprintf ("SELECT COUNT(*) FROM %susers WHERE name LIKE '%s';",
$this->dbprefix, $usrname_escaped);
$res = mysql_fetch_array ($this->_execute_query ($query), MYSQL_NUM);
if ($res [0] == 1) {
- $query = sprintf ("UPDATE %susers SET pwd='%s' WHERE name like '%s';",
+ if ($create_if_not_exists) {
+ $query = sprintf ("UPDATE %susers SET pwd='%s' WHERE name like '%s';",
$this->dbprefix, md5 ($pwd), $usrname_escaped);
+ } else {
+ throw new Exception (anydbConnection::err_query);
+ }
} else {
$query = sprintf ("INSERT INTO %susers VALUES ('%s', '%s');",
$this->dbprefix, $usrname_escaped, md5 ($pwd));
"Server reply was inconsistent."
=> "",
- "There was an unknown error."
- => "",
-
"Removal took place correctly."
=> "",
"Save took place correctly."
=> "",
+ "User name has not been set."
+ => "",
+
+ "Passwords do not match."
+ => "",
+
+ "User already exists in database."
+ => "",
+
+ "User added correctly."
+ => "",
+
"Logout"
=> "",
+ "Add a co-administrator"
+ => "",
+
"close without saving"
=> "",
"close"
=> "",
+ "user name:"
+ => "",
+
+ "user password:"
+ => "",
+
+ "confirm password:"
+ => "",
+
+ "Validate user"
+ => "",
+
"title:"
=> "",
"Le serveur a fait une réponse incohérente"
,
- "There was an unknown error."
- =>
- "Il s'est produit une erreur inconnue."
- ,
-
"Removal took place correctly."
=>
"La suppression s'est déroulée correctement."
"La sauvegarde s'est déroulée correctement."
,
+ "User name has not been set."
+ =>
+ "Il faut un nom pour l'utilisateur."
+ ,
+
+ "Passwords do not match."
+ =>
+ "Les mots de passe ne correspondent pas."
+ ,
+
+ "User already exists in database."
+ =>
+ "L'utilisateur existe déjà ."
+ ,
+
+ "User added correctly."
+ =>
+ "Utilisateur ajouté correctement."
+ ,
+
"Logout"
=>
"Déconnexion"
,
+ "Add a co-administrator"
+ =>
+ "Ajouter un co-administrateur"
+ ,
+
"close without saving"
=>
"fermer sans enregistrer"
"fermer"
,
+ "user name:"
+ =>
+ "nom d'utilisateur :"
+ ,
+
+ "user password:"
+ =>
+ "mot de passe de l'utilisateur :"
+ ,
+
+ "confirm password:"
+ =>
+ "confirmer le mot de passe :"
+ ,
+
+ "Validate user"
+ =>
+ "Valider l'utilisateur"
+ ,
+
"title:"
=>
"titre :"
UnauthorizedError: "<?php ptrans('Password is not correct.')?>",
NotimageError: "<?php ptrans('File does not look like an image.')?>",
UnconsistentError: "<?php ptrans('Server reply was inconsistent.')?>",
- UnknownError: "<?php ptrans('There was an unknown error.')?>",
DelSucces: "<?php ptrans('Removal took place correctly.')?>",
- UpdateSucces: "<?php ptrans('Save took place correctly.')?>"
+ UpdateSucces: "<?php ptrans('Save took place correctly.')?>",
+ newUserNonameError: "<?php ptrans('User name has not been set.')?>",
+ newUserPasswordmatchError: "<?php ptrans('Passwords do not match.')?>",
+ newUserExistsError: "<?php ptrans('User already exists in database.')?>",
+ newUserSuccess: "<?php ptrans('User added correctly.')?>"
};
var sypSettings = {
<div id="header">
<?php other_languages($lang) ?>
- <p id="logout"><a href="logout.php"><?php ptrans('Logout')?></a></p>
+ <div id="user_management">
+ <p id="logout"><a href="logout.php"><?php ptrans('Logout')?></a></p>
+ <p id="add_user"><a href=""><?php ptrans('Add a co-administrator')?></a></p>
+ </div>
+ <div id="newuser_area">
+ <input id="newuser_close" type="image" src="openlayers/theme/default/img/close.gif"
+ title="<?php ptrans('close without saving')?>" alt="<?php ptrans('close')?>">
+ <form id="newuser" method="post">
+ <label for="newuser_name"><?php ptrans('user name:')?></label>
+ <br>
+ <input id="newuser_name" name="newuser_name">
+ <br>
+ <label for="newuser_password"><?php ptrans('user password:')?></label>
+ <br>
+ <input id="newuser_password" name="newuser_password" type="password" value="">
+ <br>
+ <label for="newuser_password_confirm"><?php ptrans('confirm password:')?></label>
+ <br>
+ <input id="newuser_password_confirm" name="newuser_password_confirm" type="password">
+ <br>
+ <input id="newuser_submit" name="newuser_submit" type="submit" value="<?php ptrans('Validate user')?>">
+ <input type="hidden" name="request" value="newuser">
+ </form>
+ <p id="newuser_comm" class="center"></p>
+ <p id="newuser_throbber" class="throbber center">
+ <?php ptrans('Connecting')?>
+ <img src="media/newuser-throbber.gif">
+ </p>
+ </div>
</div>
}
par_success (trans ('User table created.'));
try {
- $connection->setpwd ("admin", $_POST ["admin_pass"]);
+ $connection->setpwd ("admin", $_POST ["admin_pass"], true);
} catch (Exception $e) {
par_error_and_leave (trans ('Error when initializing password.'));
}
},
closeEditor: function() {
+ if ($("#editor").css("display") == "none") {
+ return;
+ }
if (this.currentFeature && this.currentFeature.layer) {
this.selFeatureControl.unselect(this.currentFeature);
}
showEditor: function (feature) {
$("#newfeature_button").hide();
+ userMgr.closeAddUser();
+
if (feature.fid) {
$("#delete").show();
} else {
},
addNewFeature: function () {
+ userMgr.closeAddUser();
+
function cancel() {
$(document).unbind("keydown");
Admin.reset()
cancelCurrentFeature: function() {
if (AjaxMgr.running) {
- return;
+ return false;
}
var feature = this.currentFeature;
- if (feature.fid) {
- FeatureMgr.move (feature, this.currentFeatureLocation);
- } else {
- this.dataLayer.removeFeatures([feature]);
+ if (feature) {
+ if (feature.fid) {
+ FeatureMgr.move (feature, this.currentFeatureLocation);
+ } else {
+ this.dataLayer.removeFeatures([feature]);
+ }
}
this.closeEditor();
+ return true;
},
reloadLayer: function (layer) {
case "error":
switch (xml.documentElement.getAttribute("reason")) {
case "unauthorized":
- $("#login_area").show();
- $("#password").val("");
- $("#user").val(sypSettings.loggedUser).focus().select();
+ pwdMgr.reset();
$("#cookie_warning").show();
this.reset();
Admin.cancelCurrentFeature();
Admin.reset();
+ userMgr.uninit();
break;
case "server":
this.commError(SypStrings.ServerError);
$("#image_file").focus();
break;
default:
- this.commError(SypStrings.UnknownError);
+ this.commError(SypStrings.UnconsistentError);
$("title").focus();
break;
}
commSuccess: function (message) {
$("#server_comm").text(message);
- $("#server_comm").removeClass().addClass("success");
+ $("#server_comm").removeClass("error success").addClass("success");
},
commError: function (message) {
$("#server_comm").text(message);
- $("#server_comm").removeClass().addClass("error");
+ $("#server_comm").removeClass("error success").addClass("error");
}
}
reset: function() {
this.commError ("");
+ $("#login_area").show();
+ $("#password").val("");
+ $("#user").val(sypSettings.loggedUser).focus().select();
},
submit: function () {
},
ajaxReply: function (data) {
-
$("#pwd_throbber").css("visibility", "hidden");
// here, we need a timeout because onsend timeout sometimes has not been triggered yet
window.setTimeout(function() {
this.commError(SypStrings.RequestError);
break;
default:
- this.commError(SypStrings.UnknownError);
+ this.commError(SypStrings.UnconsistentError);
break;
}
$("#login_error").show();
user = $(xml).find("USER,user").text();
sypSettings.loggedUser = user;
+ if (sypSettings.loggedUser == "admin") {
+ userMgr.init();
+ }
+
if (Admin.selFeatureControl) {
Admin.selFeatureControl.destroy();
}
}
}
+var userMgr = {
+ _adduserDisplayed: false,
+ _deluserDisplayed: false,
+
+ init: function() {
+ if (sypSettings.loggedUser != "admin") {
+ return;
+ }
+
+ $("#add_user").show();
+
+ $("#add_user").click(function () {
+ userMgr.toggleAddUser();
+ return false;
+ });
+ $("#newuser_close").click(function () {
+ userMgr.closeAddUser()
+ });
+ $("#newuser").submit(function() {
+ try {
+ userMgr.add();
+ } catch(e) {}
+ return false;
+ });
+ },
+
+ uninit: function() {
+ if (this._adduserDisplayed) {
+ this.closeAddUser();
+ }
+ $("#add_user").unbind("click");
+ $("#add_user").hide();
+ $("#newuser_close").unbind("click");
+ $("#newuser").unbind("submit");
+ },
+
+ toggleAddUser: function() {
+ if (this._adduserDisplayed) {
+ this.closeAddUser();
+ } else {
+ this.showAddUser();
+ }
+ },
+
+ showAddUser: function() {
+ if (!Admin.cancelCurrentFeature()) {
+ return;
+ }
+
+ $(document).unbind("keydown").keydown(function(e) {
+ if (e.keyCode == 27) {
+ userMgr.closeAddUser()
+ e.preventDefault();
+ }
+ });
+
+ Admin.reset();
+ $("#newuser_area").show();
+ $("#newuser_name, #newuser_password, #newuser_password_confirm").val("");
+ $("#newuser_name, #newuser_password, #newuser_password_confirm, #newuser_submit").removeAttr('disabled');
+ $("#newuser_name").focus();;
+ this.commError("");
+
+ this._adduserDisplayed = true;
+ },
+
+ closeAddUser: function() {
+ $("#newuser_area").hide();
+ $(document).unbind("keydown");
+ this._adduserDisplayed = false;
+ },
+
+ add: function() {
+ var newuser_name = $("#newuser_name").val();
+ if (!newuser_name) {
+ this.commError(SypStrings.newUserNonameError);
+ $("#newuser_name").focus();
+ return;
+ }
+
+ var newuser_pass = $("#newuser_password").val();
+ var newuser_pass_confirm = $("#newuser_password_confirm").val();
+ if (newuser_pass != newuser_pass_confirm) {
+ this.commError(SypStrings.newUserPasswordmatchError);
+ $("#newuser_password").focus().select();
+ return;
+ }
+
+ this.commError("");
+
+ AjaxMgr.add({
+ form: $("#newuser"),
+ oncomplete: OpenLayers.Function.bind(this.ajaxReply, this),
+ onsend: function() { $("#newuser_throbber").css("visibility", "visible"); }
+ });
+ },
+
+ ajaxReply: function (data) {
+ $("#newuser_throbber").css("visibility", "hidden");
+ if (!data) {
+ this.commError(SypStrings.ServerError);
+ return;
+ }
+
+ var xml = new OpenLayers.Format.XML().read(data);
+ switch (xml.documentElement.nodeName.toLowerCase()) {
+ case "error":
+ switch (xml.documentElement.getAttribute("reason")) {
+ case "unauthorized":
+ pwdMgr.reset();
+ $("#cookie_warning").show();
+ Admin.reset();
+ this.uninit();
+ break;
+ case "server":
+ this.commError(SypStrings.ServerError);
+ $("#newuser_name").focus().select();
+ break;
+ case "request":
+ this.commError(SypStrings.RequestError);
+ $("#newuser_name").focus().select();
+ break;
+ case "newuser_exists":
+ this.commError(SypStrings.newUserExistsError);
+ $("#newuser_name").focus().select();
+ break;
+ default:
+ this.commError(SypStrings.UnconsistentError);
+ $("#newuser_name").focus().select();
+ break;
+ }
+ break;
+ case "success":
+ switch (xml.documentElement.getAttribute("request")) {
+ case "newuser":
+ this.commSuccess(SypStrings.newUserSuccess);
+ $("#newuser_name, #newuser_password, #newuser_password_confirm, #newuser_submit").attr('disabled', 'disabled');
+ break;
+ default:
+ this.commError(SypStrings.UnconsistentError);
+ $("newuser_name").focus().select();
+ break;
+ }
+ break;
+ default:
+ this.commError(SypStrings.UnconsistentError);
+ $("newuser_name").focus().select();
+ break;
+ }
+ },
+
+ commSuccess: function (message) {
+ $("#newuser_comm").text(message);
+ $("#newuser_comm").removeClass("error success").addClass("success");
+ },
+
+ commError: function (message) {
+ $("#newuser_comm").text(message);
+ $("#newuser_comm").removeClass("error success").addClass("error");
+ }
+}
+
$(window).load(function () {
// if using .ready, ie triggers an error when trying to access
// document.namespaces
$("#image_file").parent().show();
});
+ userMgr.init();
Admin.init();
});
#header {
height: 2em;
}
-#logout {
+#add_user {
+ display: none;
+}
+#logout a, #add_user a {
+ text-decoration: none;
+ color: blue;
+}
+#user_management {
float: right;
margin: 0px 10px 0px 0px;
}
+#user_management p {
+ margin: 0px;
+}
#other-language {
float: left;
margin-top: 1px;
border: #BBBBFF 1px solid;
}
+/*
+ * newuser
+ */
+#newuser_area {
+ border: 1px solid black;
+ display: none;
+ float: right;
+ clear: right;
+ width: 35%;
+}
+#newuser {
+ margin: 12px;
+ text-align: center;
+}
+#newuser_close {
+ float: right;
+}
+#newuser_comm {
+ margin-left: 4px;
+ margin-right: 4px;
+}
+
/*
* map
*/
#editor {
position: absolute;
width: 44%;
- top: 2em;
+ top: 3em;
left: 55%;
display: none;
border: 1px solid black;