diff options
author | neoraider <devnull@localhost> | 2006-01-14 03:14:01 +0100 |
---|---|---|
committer | neoraider <devnull@localhost> | 2006-01-14 03:14:01 +0100 |
commit | c630a2d50349c57660cfc98eb13ec71444b27610 (patch) | |
tree | 4fa7ad9b755a4d8ae9045062cb4fefab248187e4 | |
parent | 8b89c8c8a9001c5f5b38465ceb58306fc6f0659e (diff) | |
download | neon-c630a2d50349c57660cfc98eb13ec71444b27610.tar neon-c630a2d50349c57660cfc98eb13ec71444b27610.zip |
Login implementiert. Puh... Und dabei auch den Handler phpexec und die Nav-Pages eingebaut.
-rw-r--r-- | code/links.inc.php | 44 | ||||
-rw-r--r-- | code/message.inc.php | 3 | ||||
-rw-r--r-- | code/nav.inc.php | 9 | ||||
-rw-r--r-- | code/pages.inc.php | 17 | ||||
-rw-r--r-- | code/user.inc.php | 68 | ||||
-rw-r--r-- | handlers/phpexec.inc.php | 29 | ||||
-rw-r--r-- | index.php | 2 | ||||
-rw-r--r-- | lang/de.inc.php | 1 | ||||
-rw-r--r-- | styles/GreenGrid/style.css | 20 |
9 files changed, 162 insertions, 31 deletions
diff --git a/code/links.inc.php b/code/links.inc.php index 39a1ae2..2e8d551 100644 --- a/code/links.inc.php +++ b/code/links.inc.php @@ -2,33 +2,59 @@ if(!defined('LINKS_INC')) { define('LINKS_INC', 1); + include('code/user.inc.php'); + class Links { function GetNeonLink($page) { - if($GLOBALS['pages']->HasAccess($page)) + if($GLOBALS['pages']->HasAccess($page, 'c')) { + if($GLOBALS['user']->GetLoginType() == 'url') + return 'index.php?page=' . $page . '&login=' . $GLOBALS['user']->GetLoginKey(); + return 'index.php?page=' . $page; + } + return ''; } function GetExternalLink($link) { - return $link; + return $link; } function GetMailtoLink($address) { - return 'mailto:' . $address; + return 'mailto:' . $address; + } + + function GetNavPage($page) { + if($GLOBALS['pages']->HasAccess($page, 'n')) { + $page = $GLOBALS['pages']->Get($page, 'n'); + return $page['content']; + } + + return ''; } - function ParseNavLink($link) { - if(!$link) return ''; + function ParseNavLink($text, $link) { + if(!$link) return $text; switch($link[0]) { case ':': - return $this->GetNeonLink(substr($link, 1)); + $ret = $this->GetNeonLink(substr($link, 1)); + + if($ret) + return '<a href="' . $ret . '">' . $text . '</a>'; + + return $text; case '@': - return $this->GetMailtoLink(substr($link, 1)); + return '<a href="' . $this->GetMailtoLink(substr($link, 1)) . '">' . $text . '</a>'; case '!': - return ''; + $ret = $this->GetNavPage(substr($link, 1)); + + if($ret) + return $ret; + + return $text; default: - return $this->GetExternalLink($link); + return '<a href="' . $this->GetExternalLink($link) . '">' . $text . '</a>'; } } } diff --git a/code/message.inc.php b/code/message.inc.php index e3c648b..a3957d5 100644 --- a/code/message.inc.php +++ b/code/message.inc.php @@ -7,9 +7,10 @@ include('code/util.inc.php'); $message['Error'] = 'Error'; - $message['PageNotFound'] = 'The page \'$page\' does not exist.'; + $message['PageNotFound'] = 'The page \'$page\' does not exist.'; $message['Forbidden'] = 'The page \'$page\' is protected.'; $message['InternalError'] = 'An internal error has occourred.'; + $message['LoginError'] = 'Login failed. Username or password is wrong.'; if($config['language'] != 'en') @include('lang/' . $config['language'] . '.inc.php'); diff --git a/code/nav.inc.php b/code/nav.inc.php index 245e208..59f4c8d 100644 --- a/code/nav.inc.php +++ b/code/nav.inc.php @@ -68,12 +68,9 @@ $ccount = 0; $ret = '<li>'; - $link = $GLOBALS['links']->ParseNavLink($this->link); + $a = $GLOBALS['links']->ParseNavLink($this->text, $this->link); - if($link) - $ret .= '<a href="' . $link . '">' . $this->text . '</a>'; - else - $ret .= $this->text; + $ret .= $a; if(count($this->children) > 0) { $ret .= '<ul>'; @@ -91,7 +88,7 @@ $ret .= '</ul>'; } - if(!$ccount && !$link) + if(!$ccount && $a == $this->text) return ''; return $ret . '</li>'; diff --git a/code/pages.inc.php b/code/pages.inc.php index d529602..541b0ea 100644 --- a/code/pages.inc.php +++ b/code/pages.inc.php @@ -7,8 +7,8 @@ include('code/handlers.inc.php'); class Pages { - function Get($name) { - if(!$this->Exists($name)) { + function Get($name, $type) { + if(!$this->Exists($name, $type)) { $message = $GLOBALS['handlers']['default']->HandleErrorMessage('PageNotFound', array('page' => $name)); if(!$message['title']) $message['title'] = $name; @@ -16,9 +16,9 @@ return $message; } - $res = DBQuery('SELECT handler, data FROM pages WHERE name = ?', $name); + $res = DBQuery('SELECT handler, data FROM pages WHERE name = ? AND type = ?', array($name, $type)); - if(!$this->HasAccess($name)) { + if(!$this->HasAccess($name, $type)) { $message = $GLOBALS['handlers'][$res->fields[0]]->HandleErrorMessage('Forbidden', array('page' => $name)); if(!$message['title']) $message['title'] = $name; @@ -27,21 +27,22 @@ } parse_str($res->fields[1], $data); + $data = array_map('stripslashes', $data); $data['_page'] = $name; return $GLOBALS['handlers'][$res->fields[0]]->HandleContentData($data); } - function Exists($name) { - $res = DBQuery('SELECT id FROM pages WHERE name = ?', $name); + function Exists($name, $type) { + $res = DBQuery('SELECT id FROM pages WHERE name = ? AND type = ?', array($name, $type)); return ($res->RecordCount() > 0); } - function HasAccess($name) { + function HasAccess($name, $type) { $user = $GLOBALS['user']; - $res = DBQuery('SELECT access FROM pages WHERE name = ?', $name); + $res = DBQuery('SELECT access FROM pages WHERE name = ? AND type = ?', array($name, $type)); return ((($user->GetUid() != 0) && ($user->GetGid() == 0)) || ($res->fields[0] & (1 << $user->GetGid())) != 0); diff --git a/code/user.inc.php b/code/user.inc.php index 00c7355..34b12f2 100644 --- a/code/user.inc.php +++ b/code/user.inc.php @@ -6,19 +6,69 @@ class User { var $uid = 0, $gid = 0; + var $key = '', $type = ''; function User() { - if($_GET['id'] && $_GET['sid']) { - $res = DBQuery('SELECT id, gid FROM users WHERE id = ? AND sid = ?', - array($_GET['id'],$_GET['sid'])); - - if($res->RecordCount()) { + if($_COOKIE['login']) { + $res = DBQuery('SELECT id, gid, sid FROM users WHERE id = ? AND sid = ?', + array(substr($_COOKIE['login'], 32), + substr($_COOKIE['login'], 0, 32))); + + if($res->RecordCount() && $res->fields[2]) { $this->uid = $res->fields[0]; $this->gid = $res->fields[1]; + + $this->type = 'cookie'; + $this->key = $_COOKIE['login']; + } + } + + if($this->uid == 0 && $_GET['login']) { + $res = DBQuery('SELECT id, gid, sid FROM users WHERE id = ? AND sid = ?', + array(substr($_GET['login'], 32), + substr($_GET['login'], 0, 32))); + + if($res->RecordCount() && $res->fields[2]) { + $this->uid = $res->fields[0]; + $this->gid = $res->fields[1]; + + $this->type = 'url'; + $this->key = $_GET['login']; } } } + function Login($name, $pass) { + $res = DBQuery('SELECT id, gid FROM users WHERE user = ? AND password = ?', array($name, $pass)); + + if($res->RecordCount()) { + $id = $res->fields[0]; + $sid = md5(uniqid($name . " * " . $pass . " * " . rand())); + + DBQuery('UPDATE users SET sid = ? WHERE id = ?', array($sid, $id)); + + $this->uid = $id; + $this->gid = $res->fields[1]; + + $this->type = 'url'; + $this->key = $sid . $id; + + return $id; + } + + return 0; + } + + function Logout() { + DBQuery('UPDATE users SET sid = \'\' WHERE id = ?', $this->uid); + + $this->uid = 0; + $this->gid = 0; + + $this->type = ''; + $this->key = ''; + } + function GetUid() { return $this->uid; } @@ -26,6 +76,14 @@ function GetGid() { return $this->gid; } + + function GetLoginType() { + return $this->type; + } + + function GetLoginKey() { + return $this->key; + } } $user = new User; diff --git a/handlers/phpexec.inc.php b/handlers/phpexec.inc.php new file mode 100644 index 0000000..76ac18e --- /dev/null +++ b/handlers/phpexec.inc.php @@ -0,0 +1,29 @@ +<?PHP + include('code/message.inc.php'); + + class phpexec_handler { + function HandleContentData($data) { + $tr = array('<' => '<', '>' => '>', '&' => '&', '"' => '"', "\n" => '<br />', "\r" => ''); + + if($data['title']) + $title = strtr($data['title'], $tr); + else + $title = strtr($data['_page'], array(':' => ' - ')); + + ob_start(); + + eval('?>' . $data['code']); + + $content = ob_get_contents(); + ob_end_clean(); + + return array('title' => $title, 'content' => $content); + } + + function HandleErrorMessage($type, $data = array()) { + return array('content' => '<span class="error">' . Message($type, $data) . '</span>', 'title' => Message('error')); + } + } + + $handlers['phpexec'] = new phpexec_handler; +?> @@ -17,7 +17,7 @@ $template_data = join('', file('templates/' . $template)); - $data = $pages->Get($page); + $data = $pages->Get($page, 'c'); echo Subst($template_data, array('title' => $config['title'] . $data['title'], 'stylesheet' => 'styles/' . $style . '/style.css', diff --git a/lang/de.inc.php b/lang/de.inc.php index 8a1ab22..8c6b21b 100644 --- a/lang/de.inc.php +++ b/lang/de.inc.php @@ -3,4 +3,5 @@ $message['PageNotFound'] = 'Die Seite \'$page\' existiert nicht.'; $message['Forbidden'] = 'Die Seite \'$page\' ist geschützt.'; $message['InternalError'] = 'Ein interner Fehler ist aufgetreten.'; + $message['LoginError'] = 'Login fehlgeschlagen. Username oder Passwort ist falsch.'; ?> diff --git a/styles/GreenGrid/style.css b/styles/GreenGrid/style.css index a46151d..6a91eb0 100644 --- a/styles/GreenGrid/style.css +++ b/styles/GreenGrid/style.css @@ -38,7 +38,7 @@ div#content { } div#nav { - position:absolute; + position:fixed; width:9.40em; padding:0 0.8em; border:solid #008000 1px; @@ -70,6 +70,24 @@ div#nav ul li ul li ul { padding-left:0.8em; } +div#nav div.login { + width:9em; +} + +div#nav div.login input { + width:100%; + margin-bottom:0.8em; +} + +div#nav div.login div.login_submit { + text-align:right; +} + +div#nav div.login div.login_submit input { + width:auto; + margin:0; +} + h1, h2, h3, h4, h5, h6 { margin-top:0; } |