license. */
function exit_document ($body) {
- exit ("<html><head></head><body>$body</body></html>");
+ $charset_meta = '<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">';
+ exit ("<html>$charset_meta<head></head><body>$body</body></html>");
+}
+
+function success ($reason) {
+ exit_document ("<success request=\"$reason\"></success>");
+}
+
+function success_changepass ($username) {
+ $res = "<success request=\"changepass\"><user>" .
+ htmlspecialchars ($username) .
+ "</user></success>";
+ exit_document ($res);
+}
+
+function success_newuser ($username) {
+ $res = "<success request=\"newuser\"><user>" .
+ htmlspecialchars ($username) .
+ "</user></success>";
+ exit_document ($res);
}
function success_auth ($user) {
exit_document ($res);
}
-function success ($reason) {
- exit_document ("<success request=\"$reason\"></success>");
-}
-
function error ($reason) {
exit_document ("<error reason=\"$reason\"></error>");
}
+function error_newuser_exists () {
+ error ("newuser_exists");
+}
+
function error_feature ($id, $reason) {
$res = "<error reason=\"$reason\"><feature>";
$res .= "<id>" . $id . "</id>";
exit_document ($res);
}
-function nochange_error ($id) {
+function error_nochange ($id) {
error_feature ($id, "nochange");
}
-function unreferenced_error ($id) {
+function error_unreferenced ($id) {
error_feature ($id, "unreferenced");
}
-function server_error () {
+function error_server () {
error ("server");
}
-function unauthorized_error () {
+function error_wrongpass () {
+ error ("wrongpass");
+}
+
+function error_unauthorized () {
error ("unauthorized");
}
-function request_error () {
+function error_request () {
error ("request");
}
-function file_too_big_error () {
+function error_file_too_big () {
error ("toobig");
}
-function notanimage_error () {
+function error_notanimage () {
error ("notimage");
}
$dest = unique_file (UPLOADDIR, $file ["name"], $con);
if (!isset ($dest) ||
(!move_uploaded_file ($file ["tmp_name"], $dest))) {
- server_error ();
+ error_server ();
}
$mini_dest = getthumbsdir () . "/mini_" . basename_safe ($dest);
if (!create_thumbnail_or_copy ($dest, $mini_dest)) {
- server_error ();
+ error_server ();
}
}
return basename_safe ($dest);
function img_check_upload ($file) {
if (!is_uploaded_file ($file ["tmp_name"])) {
if ($file ["error"] == UPLOAD_ERR_INI_SIZE) {
- file_too_big_error ();
+ error_file_too_big ();
} else {
- server_error ();
+ error_server ();
}
}
if (!getimagesize ($file ["tmp_name"])) {
- notanimage_error ();
+ error_notanimage ();
}
}
return null;
}
+function setcookies ($user, $pwd) {
+ // cookie will be valid for 2 weeks. I've chosen that value
+ // arbitrarily, and it may change in the future.
+ $time = time () + 14 * 60 * 24 * 60;
+ if (version_compare (PHP_VERSION, '5.2.0', '>=')) {
+ setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false, true);
+ setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false, true);
+ } else {
+ setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false);
+ setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false);
+ }
+
+}
+
function check_auth ($con, $user, $pwd, $auth_only) {
$authentificated = false;
if (isset ($pwd)) {
if ($con->checkpwdmd5 ($user, md5 ($pwd))) {
- // cookie will be valid for 2 weeks. I've chosen that value
- // arbitrarily, and it may change in the future.
- $time = time () + 14 * 60 * 24 * 60;
- setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false, true);
- setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false, true);
+ setcookies ($user, $pwd);
$authentificated = true;
if ($auth_only) {
success_auth ($user);
}
} else {
- unauthorized_error ();
+ error_unauthorized ();
}
}
if (!$authentificated && !($con->checkpwdmd5 (
$_COOKIE [sprintf ("%suser", DBPREFIX)],
$_COOKIE [sprintf ("%sauth", DBPREFIX)]))) {
- unauthorized_error ();
+ error_unauthorized ();
}
}
function main ($con) {
if (!isset ($_POST ["request"])) {
- request_error ();
+ error_request ();
}
$pwd = unquote ($_POST ["password"]);
$id = $_POST ["fid"];
$feature = $con->getfeature ($id);
if (!isset ($feature)) {
- unreferenced_error ($id);
+ error_unreferenced ($id);
}
- if ($feature->user != $user) {
- unauthorized_error ();
+ if (($feature->user != $user) && ($user != "admin")) {
+ error_unauthorized ();
}
// no file uploaded, but editor currently has an image: it means
if ($_POST ["keep_img"] == "yes") {
$imgpath = $feature->imgpath;
} else {
+ error_request ();
$imgpath = save_uploaded_file ($_FILES ["image_file"], $con);
}
try {
$new_feature = new feature ($id, $lon, $lat, $imgpath, $title, $description, 0, $user);
} catch (Exception $e) {
- request_error ();
+ error_request ();
}
if (($new_feature->lon == $feature->lon) &&
($new_feature->title == $feature->title) &&
($new_feature->imgpath == $feature->imgpath) &&
($new_feature->description == $feature->description)) {
- nochange_error ($feature->id);
+ error_nochange ($feature->id);
}
$old_imgpath = "";
try {
$con->save_feature ($new_feature);
} catch (Exception $e) {
- server_error ();
+ error_server ();
}
if ($old_imgpath) {
try {
success_feature ($new_feature, "update");
break;
case "add":
+ error_request ();
$imgpath = save_uploaded_file ($_FILES ["image_file"], $con);
$lon = $_POST ["lon"];
try {
$feature = new feature (null, $lon, $lat, $imgpath, $title, $description, 0, $user);
} catch (Exception $e) {
- request_error ();
+ error_request ();
}
try {
$feature = $con->save_feature ($feature);
} catch (Exception $e) {
- server_error ();
+ error_server ();
}
success_feature ($feature, "add");
break;
case "del":
+ error_request ();
$id = $_POST ["fid"];
$feature = $con->getfeature ($id);
if (!isset ($feature)) {
- unreferenced_error ($id);
+ error_unreferenced ($id);
}
if ($feature->user != $user) {
- unauthorized_error ();
+ error_unauthorized ();
}
$imgpath = $feature->imgpath;
try {
$con->delete_feature ($feature);
} catch (Exception $e) {
- server_error ();
+ error_server ();
}
try {
} catch (Exception $e) {}
success_delete_feature ($feature);
+ case "changepass":
+ error_request ();
+ $currpass = unquote ($_POST ["pass_current"]);
+ if (!$con->checkpwdmd5 ($user, md5 ($currpass))) {
+ error_wrongpass ();
+ }
+ $newpass = unquote ($_POST ["pass_new"]);
+ try {
+ $con->setpwd ($user, $newpass);
+ } catch (Exception $e) {
+ if ($e->getMessage () == anydbConnection::err_query) {
+ error_request ();
+ }
+ error_server ();
+ }
+ setcookies ($user, $newpass);
+ success_changepass ($user);
+ break;
+ case "newuser":
+ error_request ();
+ if ($user != "admin") {
+ error_unauthorized ();
+ }
+ $newuser_name = unquote ($_POST ["newuser_name"]);
+ if (!$newuser_name) {
+ error_request ();
+ }
+ if ($con->user_exists ($newuser_name)) {
+ error_newuser_exists ();
+ }
+ $newuser_password = unquote ($_POST ["newuser_password"]);
+ try {
+ $con->setpwd ($newuser_name, $newuser_password);
+ } catch (Exception $e) {
+ if ($e->getMessage () == anydbConnection::err_query) {
+ error_request ();
+ }
+ error_server ();
+ }
+ success_newuser ($newuser_name);
+ break;
default:
- request_error();
+ error_request();
break;
}
- server_error ();
+ error_server ();
}
if (!@include_once ("./inc/settings.php")) {
- server_error ();
+ error_server ();
}
-require_once ("./inc/db/mysql.php");
+require_once ("./inc/db/" . (defined ("DBTYPE")? DBTYPE: "mysql") . ".php");
require_once ("./inc/utils.php");
try {
$connection->connect (DBHOST, DBUSER, DBPWD, DBNAME, DBPREFIX);
} catch (Exception $e) {
- server_error ();
+ error_server ();
}
main ($connection);