user authentication

index-desktop.php

@@ -338,10 +338,17 @@ function closeMsg() {
 						<input type="password" size="30" class="xlarge" name="password" id="password" />
 					</div>
 				</div>
+
+				<div class="clearfix">
+					<label for="mail">Mail</label>
+					<div class="input">
+						<input type="text" size="30" class="xlarge" name="mail" id="mail" value="Piraten-Adresse zur Registrierung eingeben"/>
+					</div>
+				</div>
 			</form>
           </div>
           <div class="modal-footer">
-			<a href="#" class="btn primary" onclick="javascript:document.forms['formlogin'].submit();">Anmelden</a>
+			<a href="#" class="btn primary" onclick="javascript:document.forms['formlogin'].submit();">Anmelden/Account erstellen</a>
 			<a href="#" class="btn secondary" onclick="javascript:closeModalDlg(false);">Abbrechen</a>
           </div>
         </div>

index-mobile.php

@@ -223,7 +223,11 @@ function gmlreload(result) {
 						<label for="password">Passwort:</label>
 						<input type="password" name="password" id="password" />
 					</li>
-					<li><a href="#home" onclick="document.forms['loginfrm'].submit();">Login</a></li>
+					<li data-role="fieldcontain">
+						<label for="mail">Mail:</label>
+						<input type="text" name="mail" id="mail" />
+					</li>
+					<li><a href="#home" onclick="document.forms['loginfrm'].submit();">Login/Create Account</a></li>
 <?php } else { ?>
 					<li><a href="#home" onclick="document.forms['logout'].submit();">Logout</a></li>
 					<li><a href="#setmarker" >Marker auf aktueller Position</a></li>

index.php

@@ -17,6 +17,8 @@
        specific language governing permissions and limitations
        under the License.
 */
+include("Mobile_Detect.php");
+
 ob_start("ob_gzhandler");
 function detect_ie()
 {
@@ -33,7 +35,7 @@ function detect_ie()
 else {
   require("includes.php");
 
-  $mobile = strpos($_SERVER['HTTP_USER_AGENT'],"iPhone") || strpos($_SERVER['HTTP_USER_AGENT'],"Android") || strpos($_SERVER['HTTP_USER_AGENT'],"iPod") || strpos($_SERVER['HTTP_USER_AGENT'],"iPad");
+  $mobile = strpos($_SERVER['HTTP_USER_AGENT'],"iPhone") || strpos($_SERVER['HTTP_USER_AGENT'],"Android") || strpos($_SERVER['HTTP_USER_AGENT'],"iPod") || strpos($_SERVER['HTTP_USER_AGENT'],"iPad") ||  strpos($_SERVER['HTTP_USER_AGENT'],"webOS");
   if ($mobile)
 	require('index-mobile.php');
   else

install.sql

@@ -51,6 +51,8 @@ CREATE TABLE IF NOT EXISTS `plakate_users` (
   `id` int(11) NOT NULL AUTO_INCREMENT,
   `username` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
   `password` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
+  `active` bool DEFAULT FALSE,
+  `hash` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
   PRIMARY KEY (`id`)
 ) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
 

login.php

@@ -38,47 +38,52 @@ function logout()
 
 
 
-  function login($username, $password)
+  function login($username, $password, $mail)
   {
       global $tbl_prefix, $apiPath, $snoopy, $_SESSION;
       $username = mysql_escape($username);
-      $password = mysql_escape($password);
-      $res = mysql_query("SELECT username, password FROM " . $tbl_prefix . "users WHERE username='" . $username . "' AND password='" . $password . "'");
+      $password = mysql_escape(MD5($password));
+      $res = mysql_query("SELECT username, password FROM " . $tbl_prefix . "users WHERE username='" . $username."';");
+      $num = mysql_num_rows($res);
+      if ($num == 0) return createAccount($username, $password, $mail);
+      $res = mysql_query("SELECT username, password FROM " . $tbl_prefix . "users WHERE username='" . $username."' AND active=true;");
+      $num = mysql_num_rows($res);
+      if ($num == 0) return "Account not yet activated";
+      $res = mysql_query("SELECT username, password FROM " . $tbl_prefix . "users WHERE username='" . $username . "' AND password='" . $password . "' AND active=true");
       $num = mysql_num_rows($res);
-      $result = false;
       if ($num == 1) {
           $_SESSION['siduser'] = mysql_escape(mysql_result($res, 0, "username"));
           $_SESSION['sidip'] = $_SERVER["REMOTE_ADDR"];
-          $result = true;
-      } else {
-          $username = strtoupper(substr($username, 0, 1)) . substr($username, 1, strlen($username) - 1);
-
-          $request_vars = array('action' => 'login', 'lgname' => $username, 'lgpassword' => $password, 'format' => 'php');
-          if (!$snoopy->submit($apiPath, $request_vars))
-              die("Snoopy error: {$snoopy->error}");
-
-          // We're only really interested in the cookies
-          $snoopy->setcookies();
-          $array = unserialize($snoopy->results);
-
-          if ($array[login][result] == "NeedToken") {
-              $request_vars = array('action' => 'login', 'lgname' => $username, 'lgpassword' => $password, 'lgtoken' => $array[login][token], 'format' => 'php');
-              if (!$snoopy->submit($apiPath, $request_vars))
-                  die("Snoopy error: {$snoopy->error}");
-
-              // We're only really interested in the cookies
-              $snoopy->setcookies();
-              $array = unserialize($snoopy->results);
-          }
-
-
-          if ($array[login][result] == "Success") {
-              $_SESSION['siduser'] = mysql_escape($username);
-              $_SESSION['wikisession'] = $snoopy->cookies;
-              $_SESSION['sidip'] = $_SERVER["REMOTE_ADDR"];
-              $result = true;
-          }
-      }
+      } else return "Wrong password";
+      //~ else {
+          //~ $username = strtoupper(substr($username, 0, 1)) . substr($username, 1, strlen($username) - 1);
+          //~ 
+          //~ $request_vars = array('action' => 'login', 'lgname' => $username, 'lgpassword' => $password, 'format' => 'php');
+          //~ if (!$snoopy->submit($apiPath, $request_vars))
+              //~ die("Snoopy error: {$snoopy->error}");
+          //~ 
+          //~ // We're only really interested in the cookies
+          //~ $snoopy->setcookies();
+          //~ $array = unserialize($snoopy->results);
+          //~ 
+          //~ if ($array[login][result] == "NeedToken") {
+              //~ $request_vars = array('action' => 'login', 'lgname' => $username, 'lgpassword' => $password, 'lgtoken' => $array[login][token], 'format' => 'php');
+              //~ if (!$snoopy->submit($apiPath, $request_vars))
+                  //~ die("Snoopy error: {$snoopy->error}");
+              //~ 
+              //~ // We're only really interested in the cookies
+              //~ $snoopy->setcookies();
+              //~ $array = unserialize($snoopy->results);
+          //~ }
+          //~ 
+          //~ 
+          //~ if ($array[login][result] == "Success") {
+              //~ $_SESSION['siduser'] = mysql_escape($username);
+              //~ $_SESSION['wikisession'] = $snoopy->cookies;
+              //~ $_SESSION['sidip'] = $_SERVER["REMOTE_ADDR"];
+              //~ $result = true;
+          //~ }
+      //~ }
 
 
       // Try to get the users location...
@@ -115,20 +120,44 @@ function login($username, $password)
               }
           }
       }
-	  return $result;
+	  return "Login OK";
   }
 
+  function createAccount($username, $password, $mail){
+	  global $tbl_prefix;
+	  if (!strstr($mail, '@piraten')) return "Mail-adresss must contain @piratenpartei";
+	  $res = mysql_query("SELECT * FROM ".$tbl_prefix."users WHERE username='".$username."';") OR dieDB();
+	  $num = mysql_num_rows($res);
+	  if ($num > 0) return "Username already exists";
+	  $date = new DateTime();
+	  $hash = md5($date->getTimestamp().$username);
+	  mysql_query("INSERT INTO ".$tbl_prefix."users (username,password,hash) VALUES('".$username."','".$password."','".$hash."');") OR dieDB();
+	  $header = 'From: noreply@piratenpartei.de';
+	  if (mail($mail, "piratemap account activation", "Visit the following page to activate your account:\r\n".
+			$_SERVER["SERVER_NAME"].$_SERVER['PHP_SELF']."?action=activate&hash=".$hash."&username=".$username, $header))
+		return "Account created";
+	  else return "Delivering mail failed";
+  }
 
+  function activateAccount($hash, $username){
+	  global $tbl_prefix;
+	  $res = mysql_query("SELECT * FROM ".$tbl_prefix."users WHERE username='".$username."' AND hash='".$hash."';") OR dieDB();
+	  $num = mysql_num_rows($res);
+	  if ($num == 0) return;
+	  mysql_query("UPDATE ".$tbl_prefix."users set active=true WHERE username='".$username."' AND hash='".$hash."';") OR dieDB();
+	  header("Location: ./?message=Account%20activated");
+  }
+
 
   if ($_GET['action'] == 'logout') {
       logout();
       header("Location: ./?message=Logout%20OK");
+  } else if ($_GET['action'] == 'activate') {
+	  activateAccount($_GET['hash'], $_GET['username']);
   } else {
-      if (isset($_POST['username']) && isset($_POST['password'])) {
-          if (login($_POST['username'], $_POST['password']))
-              header("Location: ./?message=Login%20OK");
-          else
-              header("Location: ./?message=Login%20Failed");
+      if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['mail'])) {
+		  $res = login($_POST['username'], $_POST['password'], $_POST['mail']);
+		  header("Location: ./?message=".htmlspecialchars($res));
       }
   }
-?>
+?>

settings.php

@@ -24,11 +24,11 @@
 // SSL Wiki Verbindung benutzen?
 $use_ssl = true;
 $curl_path="/usr/bin/curl";
-$allow_view_public = true;
+$allow_view_public = false;
 // Die letzten Änderungen anzeigen
-$show_last_x_changes = 10;
+$show_last_x_changes = 0;
 
-$debug = true;
+$debug = false;
 
 // MySQL Verbindung:
 // =================

viewer.css

@@ -34,7 +34,7 @@ body {
 }
 
 #viewer {
-	background: #dddddd url(../images/loading.gif) center no-repeat;
+	background: #dddddd url(images/loading.gif) center no-repeat;
 	width: 100%;
 	height: 100%;
 	position: relative;
@@ -60,7 +60,7 @@ body.witheffects #viewer {
 }
 
 #viewer .controls span {
-	background-image:url(../images/buttons.png);
+	background-image:url(images/buttons.png);
 	border:none;
 	display:block;
 	height:36px;