guest access, login in, logout, etc etc

git-svn-id: https://svn.iamcal.com/public/php/iTunesServer/trunk@5769 ac7c8259-0de0-4f3c-bb6a-12394caf8efd
iamcal · Aug 25, 2010 · 20d98a3 · 20d98a3
1 parent 05e770f
commit 20d98a3
Show file tree

Hide file tree

Showing 5 changed files with 145 additions and 5 deletions.
diff --git a/css/player.css b/css/player.css
@@ -538,3 +538,11 @@ table#playlist th.sort-rev div {
 
 
 
+#login {
+	margin: 0.5em;
+	padding: 0.5em;
+	background-color: #C0C9D8;
+	border: 1px solid #8496B4;
+	font-size: 13px;
+	font-family: Helvetica, Arial, sans-serif;
+}
diff --git a/include/lib_auth.php b/include/lib_auth.php
@@ -36,6 +36,13 @@ function auth_set_login($row){
 		setcookie('u', $value, $expire, $GLOBALS[cfg][cookie_path], $GLOBALS[cfg][cookie_domain]);
 	}
 
+	function auth_logout(){
+
+		$expire = time() - (60 * 60);
+
+		setcookie('u', '0', $expire, $GLOBALS[cfg][cookie_path], $GLOBALS[cfg][cookie_domain]);
+	}
+
 	##############################################################
 
 	function auth_hash_password($password){

diff --git a/index.php b/index.php
@@ -1,10 +1,13 @@
 <?
 	include('include/init.php');
 
-	header('Content-type: text/html; charset=UTF-8');
+	if (!$cfg[allow_anon_users] && !$cfg[user][id]){
+
+		header("location: login.php");
+		exit;
+	}
 
-	$user = 'cal';
-	$auth = auth_create_token($user);
+	header('Content-type: text/html; charset=UTF-8');
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
 <html>
@@ -19,7 +22,16 @@
 	<script type="text/javascript" src="sm2/flashblock.js"></script>
 	<script type="text/javascript" src="js/jquery-1.4.2.min.js"></script>
 	<script type="text/javascript" src="js/core.js?<?=time()?>"></script>
-	<script type="text/javascript"> var g_user = '<?=$user?>'; var g_auth = '<?=$auth?>'; </script>
+
+<script type="text/javascript">
+<? if ($cfg[user][id]){ ?>
+var g_user = '<?=$cfg[user][name]?>';
+var g_auth = '<?=auth_create_token($cfg[user][name])?>';
+<? }else{ ?>
+var g_user = null;
+var g_auth = '<?=auth_create_token('anon')?>';
+<? } ?>
+</script>
 
 </head>
 <body>
@@ -54,8 +66,16 @@
 	<div id="sidebar">
 
 <? if (0){ ?>
-		<a href="#" onclick="updateArtwork(); return false;"><img src="artwork.png" id="artwork" /></a>
+		<a href="#" onclick="updateArtwork(); return false;">ART<img src="artwork.png" id="artwork" /></a>
+<? } ?>
+
+		<div id="login">
+<? if ($cfg[user][id]){ ?>
+			Hello <?=HtmlSpecialChars($cfg[user][name])?> [<a href="logout.php">Logout</a>]<br />
+<? }else{ ?>
+			Guest [<a href="login.php">Log in</a>]<br />
 <? } ?>
+		</div>
 
 		<div id="playlists">
 			<!-- stuff will go here -->

diff --git a/login.php b/login.php
@@ -0,0 +1,93 @@
+<?
+	#
+	# $Id$
+	#
+
+	include('include/init.php');
+
+	auth_ensure_loggedout();
+
+
+	#
+	# are we logging in?
+	#
+
+	$u = trim($_POST[username]);
+	$p = trim($_POST[password]);
+	$bad_login = 0;
+
+	if (strlen($u) && strlen($p)){
+
+		$u_enc = AddSlashes($u);
+		$row = db_fetch_hash(db_query("SELECT * FROM users WHERE name='$u_enc'"));
+
+		if (auth_compare_password($p, $row[password])){
+
+			auth_set_login($row);
+
+			header("location: ./");
+			exit;
+		}
+
+
+		#
+		# this is for boot strapping - create a user row, try and login with the password
+		# you want, and then copy the shown hash into the password field in the database.
+		#
+
+		echo "Bootstrap hash: ".auth_hash_password($p);
+
+		$bad_login = 1;
+	}
+
+
+	#
+	# show login page
+	#
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
+<html>
+<head>
+	<title>iTunes Server - Login</title>
+	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<style>
+
+#login {
+	margin: 20% auto 0 auto;
+	width: 150px;
+	border: 2px solid #666;
+	padding: 1em;
+}
+
+</style>
+</head>
+<body>
+
+
+	<div id="login">
+<? if ($cfg[allow_authed_users]){ ?>
+
+		<form action="login.php" method="post">
+	<? if ($bad_login){ ?>
+			LOGIN ERROR<br />
+	<? } ?>
+			Username: <input type="text" name="username" /><br />
+			Password: <input type="password" name="password" /><br />
+			<input type="submit" value="Log In" />
+		</form>
+
+	<? if ($cfg[allow_anon_users]){ ?>
+		Or <a href="./">use anonymously</a>.
+	<? } ?>
+<? }else{ ?>
+	<? if ($cfg[allow_anon_users]){ ?>
+		You can only <a href="./">use this anonymously</a>.
+	<? }else{ ?>
+		Autnenticated and anonymous access are both turned off. Oops!
+	<? } ?>
+<? } ?>
+	</div>
+
+
+</body>
+</html>
diff --git a/logout.php b/logout.php
@@ -0,0 +1,12 @@
+<?
+	#
+	# $Id$
+	#
+
+	include('include/init.php');
+
+	auth_logout();
+
+	header("location: ./");
+	exit;
+?>