From 0ef0b52f3a8c45d8222729c1423f6139edf0695c Mon Sep 17 00:00:00 2001
From: Mark Campbell-Smith <mcampbellsmith@gmail.com>
Date: Tue, 1 Apr 2014 17:28:27 +1100
Subject: add admin user

---
 auth.php   | 14 +++++++++-----
 config.php |  3 +++
 index.php  | 15 ++++++++++-----
 3 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/auth.php b/auth.php
index 7f126e9..c3978ef 100755
--- a/auth.php
+++ b/auth.php
@@ -74,13 +74,12 @@ if ($require_authentication) {
         </form>
         <div id="error">'.(($auth_error==1) ? $lang_authfail : "").'</div>
       </div>
-      
     </body>
   </html>';
     $mysqli->close();
     exit;
   }
-  
+
   // username submited
   if ((!$auth) && ($user)){
     $query = $mysqli->prepare("SELECT ID,username,password FROM users WHERE username=? LIMIT 1");
@@ -90,6 +89,7 @@ if ($require_authentication) {
     $query->fetch();
     $query->free_result();
     //correct pass
+
     if (($user==$rec_user) && ($pass==$rec_pass)) { 
       // login successful
       //delete old session
@@ -98,8 +98,12 @@ if ($require_authentication) {
       // start new session
       session_name('trackme');    
       session_start();
-      $_SESSION['auth'] = $rec_ID;
-    
+      if (($user==$admin_user) and ($admin_user != "")) {
+          $_SESSION['auth'] = $admin_user;
+      }
+      else {
+          $_SESSION['auth'] = $rec_ID;
+      }
       $url = str_replace("//", "/", $_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/index.php");
       header("Location: $ssl://$url");
       exit;    
@@ -117,7 +121,7 @@ if ($require_authentication) {
       header("Location: $ssl://$url$error");
       exit;
     }
-  }  
+  }
   /* end of authentication */
 }
 ?>
diff --git a/config.php b/config.php
index ae48a10..b623cca 100755
--- a/config.php
+++ b/config.php
@@ -50,6 +50,9 @@ $salt = ""; // fill in random string here, it will increase security of password
 // (0 = no, 1 = yes)
 $require_authentication = 1;
 
+// admin user who has access to all users locations
+$admin_user = "";
+
 // allow automatic registration of new users 
 // (0 = no, 1 = yes)
 $allow_registration = 0;
diff --git a/index.php b/index.php
index f2f4e4c..9ae2b9a 100755
--- a/index.php
+++ b/index.php
@@ -17,9 +17,10 @@
  * License along with this program; if not, write to the Free Software
  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  */
+require_once("config.php");
 require_once("auth.php");
-  
-if ($auth) {
+
+if (($auth) and ($auth != $admin_user)) {
   // get username
   $query = "SELECT username FROM users WHERE ID='$auth' LIMIT 1"; 
   $result = $mysqli->query($query);
@@ -30,8 +31,11 @@ if ($auth) {
   $user_form = '<u>'.$lang_user.'</u><br />'.$user.' (<a href="logout.php">'.$lang_logout.'</a>)';
 } 
 else {
-  // free access
+  // free access or admin user
   // prepare user select form
+  if (($auth == $admin_user) and ($admin_user != "")) {
+     $user = $auth;
+  }
   $user_form = '
   <u>'.$lang_user.'</u><br />
   <form>
@@ -45,9 +49,9 @@ else {
 $user_form .= '
 </select>
 </form>
-';  
+';
+  $user_form .= '<u>'.$lang_user.'</u><br />'.$user.' (<a href="logout.php">'.$lang_logout.'</a>)';
 }
-  
 
 // prepare track select form
 $track_form = '
@@ -56,6 +60,7 @@ $track_form = '
 <select name="track" onchange="selectTrack(this)">';
 $query = "SELECT * FROM trips WHERE FK_Users_ID='$auth' ORDER BY ID DESC"; 
 $result = $mysqli->query($query);
+
 $trackid = "";
 while ($row = $result->fetch_assoc()) {
   if ($trackid == "") { $trackid = $row["ID"]; } // get first row
-- 
cgit v1.2.3