diff options
-rwxr-xr-x | auth.php | 14 | ||||
-rwxr-xr-x | config.php | 3 | ||||
-rwxr-xr-x | index.php | 15 |
3 files changed, 22 insertions, 10 deletions
@@ -74,13 +74,12 @@ if ($require_authentication) { </form> <div id="error">'.(($auth_error==1) ? $lang_authfail : "").'</div> </div> - </body> </html>'; $mysqli->close(); exit; } - + // username submited if ((!$auth) && ($user)){ $query = $mysqli->prepare("SELECT ID,username,password FROM users WHERE username=? LIMIT 1"); @@ -90,6 +89,7 @@ if ($require_authentication) { $query->fetch(); $query->free_result(); //correct pass + if (($user==$rec_user) && ($pass==$rec_pass)) { // login successful //delete old session @@ -98,8 +98,12 @@ if ($require_authentication) { // start new session session_name('trackme'); session_start(); - $_SESSION['auth'] = $rec_ID; - + if (($user==$admin_user) and ($admin_user != "")) { + $_SESSION['auth'] = $admin_user; + } + else { + $_SESSION['auth'] = $rec_ID; + } $url = str_replace("//", "/", $_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/index.php"); header("Location: $ssl://$url"); exit; @@ -117,7 +121,7 @@ if ($require_authentication) { header("Location: $ssl://$url$error"); exit; } - } + } /* end of authentication */ } ?> @@ -50,6 +50,9 @@ $salt = ""; // fill in random string here, it will increase security of password // (0 = no, 1 = yes) $require_authentication = 1; +// admin user who has access to all users locations +$admin_user = ""; + // allow automatic registration of new users // (0 = no, 1 = yes) $allow_registration = 0; @@ -17,9 +17,10 @@ * License along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ +require_once("config.php"); require_once("auth.php"); - -if ($auth) { + +if (($auth) and ($auth != $admin_user)) { // get username $query = "SELECT username FROM users WHERE ID='$auth' LIMIT 1"; $result = $mysqli->query($query); @@ -30,8 +31,11 @@ if ($auth) { $user_form = '<u>'.$lang_user.'</u><br />'.$user.' (<a href="logout.php">'.$lang_logout.'</a>)'; } else { - // free access + // free access or admin user // prepare user select form + if (($auth == $admin_user) and ($admin_user != "")) { + $user = $auth; + } $user_form = ' <u>'.$lang_user.'</u><br /> <form> @@ -45,9 +49,9 @@ else { $user_form .= ' </select> </form> -'; +'; + $user_form .= '<u>'.$lang_user.'</u><br />'.$user.' (<a href="logout.php">'.$lang_logout.'</a>)'; } - // prepare track select form $track_form = ' @@ -56,6 +60,7 @@ $track_form = ' <select name="track" onchange="selectTrack(this)">'; $query = "SELECT * FROM trips WHERE FK_Users_ID='$auth' ORDER BY ID DESC"; $result = $mysqli->query($query); + $trackid = ""; while ($row = $result->fetch_assoc()) { if ($trackid == "") { $trackid = $row["ID"]; } // get first row |