summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xauth.php14
-rwxr-xr-xconfig.php3
-rwxr-xr-xindex.php15
3 files changed, 22 insertions, 10 deletions
diff --git a/auth.php b/auth.php
index 7f126e9..c3978ef 100755
--- a/auth.php
+++ b/auth.php
@@ -74,13 +74,12 @@ if ($require_authentication) {
</form>
<div id="error">'.(($auth_error==1) ? $lang_authfail : "").'</div>
</div>
-
</body>
</html>';
$mysqli->close();
exit;
}
-
+
// username submited
if ((!$auth) && ($user)){
$query = $mysqli->prepare("SELECT ID,username,password FROM users WHERE username=? LIMIT 1");
@@ -90,6 +89,7 @@ if ($require_authentication) {
$query->fetch();
$query->free_result();
//correct pass
+
if (($user==$rec_user) && ($pass==$rec_pass)) {
// login successful
//delete old session
@@ -98,8 +98,12 @@ if ($require_authentication) {
// start new session
session_name('trackme');
session_start();
- $_SESSION['auth'] = $rec_ID;
-
+ if (($user==$admin_user) and ($admin_user != "")) {
+ $_SESSION['auth'] = $admin_user;
+ }
+ else {
+ $_SESSION['auth'] = $rec_ID;
+ }
$url = str_replace("//", "/", $_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/index.php");
header("Location: $ssl://$url");
exit;
@@ -117,7 +121,7 @@ if ($require_authentication) {
header("Location: $ssl://$url$error");
exit;
}
- }
+ }
/* end of authentication */
}
?>
diff --git a/config.php b/config.php
index ae48a10..b623cca 100755
--- a/config.php
+++ b/config.php
@@ -50,6 +50,9 @@ $salt = ""; // fill in random string here, it will increase security of password
// (0 = no, 1 = yes)
$require_authentication = 1;
+// admin user who has access to all users locations
+$admin_user = "";
+
// allow automatic registration of new users
// (0 = no, 1 = yes)
$allow_registration = 0;
diff --git a/index.php b/index.php
index f2f4e4c..9ae2b9a 100755
--- a/index.php
+++ b/index.php
@@ -17,9 +17,10 @@
* License along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
+require_once("config.php");
require_once("auth.php");
-
-if ($auth) {
+
+if (($auth) and ($auth != $admin_user)) {
// get username
$query = "SELECT username FROM users WHERE ID='$auth' LIMIT 1";
$result = $mysqli->query($query);
@@ -30,8 +31,11 @@ if ($auth) {
$user_form = '<u>'.$lang_user.'</u><br />'.$user.' (<a href="logout.php">'.$lang_logout.'</a>)';
}
else {
- // free access
+ // free access or admin user
// prepare user select form
+ if (($auth == $admin_user) and ($admin_user != "")) {
+ $user = $auth;
+ }
$user_form = '
<u>'.$lang_user.'</u><br />
<form>
@@ -45,9 +49,9 @@ else {
$user_form .= '
</select>
</form>
-';
+';
+ $user_form .= '<u>'.$lang_user.'</u><br />'.$user.' (<a href="logout.php">'.$lang_logout.'</a>)';
}
-
// prepare track select form
$track_form = '
@@ -56,6 +60,7 @@ $track_form = '
<select name="track" onchange="selectTrack(this)">';
$query = "SELECT * FROM trips WHERE FK_Users_ID='$auth' ORDER BY ID DESC";
$result = $mysqli->query($query);
+
$trackid = "";
while ($row = $result->fetch_assoc()) {
if ($trackid == "") { $trackid = $row["ID"]; } // get first row