[Phonehome-commits] r34 - in trunk/server: . cms common css

lauren at garage.maemo.org lauren at garage.maemo.org
Sat Oct 18 02:36:43 EEST 2008 

Author: lauren
Date: 2008-10-18 02:36:43 +0300 (Sat, 18 Oct 2008)
New Revision: 34

Added:
   trunk/server/cms/m_users.php
   trunk/server/common/footer.php
   trunk/server/common/header.php
   trunk/server/css/main.css
   trunk/server/data.php
   trunk/server/index.php
   trunk/server/login.php
   trunk/server/logout.php
   trunk/server/profile.php
   trunk/server/register.php
   trunk/server/sendpw.php
Modified:
   trunk/server/common/useful_stuff.php
   trunk/server/ets.php
Log:
basic website framework in place

Added: trunk/server/cms/m_users.php
===================================================================
--- trunk/server/cms/m_users.php	                        (rev 0)
+++ trunk/server/cms/m_users.php	2008-10-17 23:36:43 UTC (rev 34)
@@ -0,0 +1,46 @@
+<?php
+include '../common/useful_stuff.php';
+if (!db_connect())
+	die();
+
+$ps = getvar("ps","n");
+$dbps = $ps * PAGING_USERS_PER_PAGE;
+
+$res = mysql_query("select count(user_id) from users");
+$row = mysql_fetch_row($res);
+$items = $row[0];
+
+?>
+<html>
+<head>
+<title>ETMAEMO | Users</title>
+<link href="cms.css" rel="stylesheet" type="text/css" />
+</head>
+<body>
+<?php
+include 'cmsheader.php';
+
+echo "<h3>Manage Users</h3>";
+
+echo "<div style='padding:5px;border-bottom:1px solid #444;'>".draw_paging($ps,$items,PAGING_USERS_PER_PAGE,PAGING_PAGES_PER_BLOCK)."</div>";
+
+echo "<table width='600' cellpadding='1' cellspacing='2' border='0'>";
+$res = mysql_query("select status,uname,email,date_format(joined,'%Y-%m-%d %H:%i') as jdate
+					from users order by email limit {$dbps},".PAGING_USERS_PER_PAGE);
+while ($row = mysql_fetch_assoc($res)){
+	echo "<tr>
+		<td>[edit user]</td>
+		<td>{$row['jdate']}</td>
+		<td>{$row['status']}</td>
+		<td>{$row['uname']}</td>
+		<td>{$row['email']}</td>
+	</tr>";
+}
+echo "</table>";
+
+echo "<div style='padding:5px;border-top:1px solid #444;'>".draw_paging($ps,$items,PAGING_USERS_PER_PAGE,PAGING_PAGES_PER_BLOCK)."</div>";
+
+include 'cmsfooter.php';
+?>
+</body>
+</html>

Added: trunk/server/common/footer.php
===================================================================
--- trunk/server/common/footer.php	                        (rev 0)
+++ trunk/server/common/footer.php	2008-10-17 23:36:43 UTC (rev 34)
@@ -0,0 +1,9 @@
+<?php
+
+echo "<div class='botdiv'>
+<a href='about.php'>about</a> | <a href='terms.php'>terms & conditions</a> | <a href='privacy.php'>privacy</a> | <a href='contact.php'>contact</a>
+</div>";
+
+// close off main page area
+echo "</div>";
+?>

Added: trunk/server/common/header.php
===================================================================
--- trunk/server/common/header.php	                        (rev 0)
+++ trunk/server/common/header.php	2008-10-17 23:36:43 UTC (rev 34)
@@ -0,0 +1,22 @@
+<?php
+
+echo "<div style='width:700px;margin-left:auto;margin-right:auto;'>";
+
+echo "<div class='topdiv'>";
+
+// not logged in user
+if ($_uid == 0){
+	echo "<a href='/'>HOME</a> | <a href='register.php'>REGISTER</a> | <a href='login.php'>LOG IN</a>";
+}
+
+// logged in user
+else{
+	echo "<a href='/'>HOME</a> | <a href='profile.php'>PROFILE</a> | <a href='data.php'>YOUR DATA</a> | <a href='logout.php'>LOG OUT</a>
+		<span style='margin-left:100px;color:#fff;'>-[ ".get_uname()." logged in ]-</span>";
+}
+
+echo "</div>";
+
+
+
+?>

Modified: trunk/server/common/useful_stuff.php
===================================================================
--- trunk/server/common/useful_stuff.php	2008-10-15 18:50:44 UTC (rev 33)
+++ trunk/server/common/useful_stuff.php	2008-10-17 23:36:43 UTC (rev 34)
@@ -1,5 +1,11 @@
 <?php
 
+// this contains encryption keys and passwords
+// and so cannot be generally released
+// documentation and notes can be found in "secret-dummy.php"
+require_once("secret.php");
+
+
 ////////////////////////////////////////////////
 // xml-rpc param offsets
 define("XMLRPC_USERNAME",0);
@@ -14,30 +20,103 @@
 ////////////////////////////////////////////////
 // paging controls values
 define("PAGING_PAGES_PER_BLOCK",10);
-
 define("PAGING_USERS_PER_PAGE",25);
 
 
 
+// get logged in user_id or zero automatically
+$_uid = chk_user();
 
 
 //-----------------------------------------------
-// check if a given username actually exists
-// as a user in the system
+// checks user is logged in to website
 //-----------------------------------------------
-function get_uid($uname,$pw)
+function chk_user()
 {
-	$safe_uname = mysql_real_escape_string($uname);
-	$safe_pw = mysql_real_escape_string($pw);
-	$res = mysql_query("select user_id from users where uname='{$safe_uname}' and pw='{$safe_pw}'");
-	$row = mysql_fetch_assoc($res);
-	if (!$row)
+	if (!isset($_COOKIE[COOKIE_UID]) || !isset($_COOKIE[COOKIE_MAGIC]))
 		return 0;
-	// else we return the user_id
-	return $row['user_id'];
+	$str = rtrim(my_decrypt($_COOKIE[COOKIE_MAGIC]));
+	if ($str != COOKIE_MAGIC_VALUE)
+		return 0;
+	return my_decrypt($_COOKIE[COOKIE_UID]);
 }
 
+
+//-----------------------------------------------
+// get logged in username from cookie
+//-----------------------------------------------
+function get_uname()
+{
+	if (!isset($_COOKIE[COOKIE_UNAME]) || !isset($_COOKIE[COOKIE_MAGIC]))
+		return "";
+	$str = rtrim(my_decrypt($_COOKIE[COOKIE_MAGIC]));
+	if ($str != COOKIE_MAGIC_VALUE)
+		return "";
+	return my_decrypt($_COOKIE[COOKIE_UNAME]);
+}
+
+
 //-----------------------------------------
+// chk username is valid
+//-----------------------------------------
+function is_username_valid($uname)
+{
+	if (preg_match('/^[_a-z0-9]*$/i',$uname))
+		return true;
+	// no good
+	return false;
+}
+
+//-----------------------------------------
+// chk email addr is maybe valid
+//-----------------------------------------
+function is_email_valid($address)
+{
+	if ($address == "")
+		return false;
+
+	if (ereg("^[a-zA-Z0-9_\.\-]+@[a-zA-Z0-9\-]+\.[a-zA-Z0-9\-\.]+$", $address))
+		return true;
+
+	return false;
+}
+
+
+//-----------------------------------------------
+// encrypt data
+//-----------------------------------------------
+function my_encrypt($str)
+{
+	$iv = substr(md5(ENC_KEY),0,mcrypt_get_iv_size(MCRYPT_CAST_256,MCRYPT_MODE_CFB));
+	$crypted = mcrypt_ecb(MCRYPT_LOKI97,ENC_KEY,$str,MCRYPT_ENCRYPT,$iv);
+	return bin2hex($crypted);
+}
+
+
+//-----------------------------------------------
+// decrypt data
+//-----------------------------------------------
+function my_decrypt($str)
+{
+	$tmp = hex2bin($str);
+	$iv = substr(md5(ENC_KEY),0,mcrypt_get_iv_size(MCRYPT_CAST_256,MCRYPT_MODE_CFB));
+	return trim(mcrypt_ecb(MCRYPT_LOKI97,ENC_KEY,$tmp,MCRYPT_DECRYPT,$iv));
+}
+
+
+//-----------------------------------------------
+// undo bin2hex
+//-----------------------------------------------
+function hex2bin($hexdata)
+{
+	$bindata = "";
+	for ($i=0; $i<strlen($hexdata); $i+=2)
+		$bindata .= chr(hexdec(substr($hexdata,$i,2)));
+	return $bindata;
+}
+
+
+//-----------------------------------------
 // global db connect function
 // change username / pw here
 //-----------------------------------------

Added: trunk/server/css/main.css
===================================================================
--- trunk/server/css/main.css	                        (rev 0)
+++ trunk/server/css/main.css	2008-10-17 23:36:43 UTC (rev 34)
@@ -0,0 +1,5 @@
+
+body {margin:0;background:#E6EFB0;}
+
+.topdiv {padding:5px;margin-bottom:10px;border-bottom:1px solid #888;background:#B5C98F;}
+.botdiv {padding:5px;margin-top:10px;border-top:1px solid #888;}

Added: trunk/server/data.php
===================================================================
--- trunk/server/data.php	                        (rev 0)
+++ trunk/server/data.php	2008-10-17 23:36:43 UTC (rev 34)
@@ -0,0 +1,27 @@
+<?php
+include 'common/useful_stuff.php';
+if (!db_connect())
+	die();
+
+if ($_uid == 0){
+	header("location:login.php");
+	die();
+}
+
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>ET-MAEMO | My Data</title>
+<link rel="stylesheet" type="text/css" href="css/main.css">
+</head>
+<body>
+<?php
+include 'common/header.php';
+
+echo "<h1>My Data here</h1>";
+
+include 'common/footer.php';
+?>
+</body>
+</html>

Modified: trunk/server/ets.php
===================================================================
--- trunk/server/ets.php	2008-10-15 18:50:44 UTC (rev 33)
+++ trunk/server/ets.php	2008-10-17 23:36:43 UTC (rev 34)
@@ -9,6 +9,21 @@
 
 
 ///////////////////////////////////////////////////////////////////////
+// check if a given user exists based on mac & password
+function get_uid($mac,$pw)
+{
+	$safe_uname = mysql_real_escape_string($uname);
+	$safe_pw = mysql_real_escape_string($pw);
+	$res = mysql_query("select user_id from users where uname='{$safe_uname}' and pw='{$safe_pw}'");
+	$row = mysql_fetch_assoc($res);
+	if (!$row)
+		return 0;
+	// else we return the user_id
+	return $row['user_id'];
+}
+
+
+///////////////////////////////////////////////////////////////////////
 // store gps data
 function rpc_store_location($method_name,$params,$app_data)
 {

Added: trunk/server/index.php
===================================================================
--- trunk/server/index.php	                        (rev 0)
+++ trunk/server/index.php	2008-10-17 23:36:43 UTC (rev 34)
@@ -0,0 +1,22 @@
+<?php
+include 'common/useful_stuff.php';
+if (!db_connect())
+	die();
+
+
+?>
+<html>
+<head>
+<title>ET-MAEMO | HOME</title>
+<link rel="stylesheet" type="text/css" href="css/main.css">
+</head>
+<body onload='document.aa.username.focus();'>
+<?php
+include 'common/header.php';
+
+echo "<h1>welcome to et-maemo (phonehome)</h1>";
+
+include 'common/footer.php';
+?>
+</body>
+</html>

Added: trunk/server/login.php
===================================================================
--- trunk/server/login.php	                        (rev 0)
+++ trunk/server/login.php	2008-10-17 23:36:43 UTC (rev 34)
@@ -0,0 +1,77 @@
+<?php
+include 'common/useful_stuff.php';
+if (!db_connect())
+	die();
+
+
+$errmsg = "";
+$uname = getvar("uname");
+$pw = getvar("pw");
+$rem = getvar("rem");
+
+$doit = getvar("doit");
+if ($doit == "yes"){
+	if ($uname == "" || $pw == "")
+		$errmsg = "Please enter a username & password!";
+	else {
+		$safe_uname = mysql_real_escape_string($uname);
+		$safe_pw = mysql_real_escape_string($pw);
+		$res = mysql_query("select user_id,status from users where uname='{$safe_uname}' and pw='{$safe_pw}'");
+		$row = mysql_fetch_assoc($res);
+		if (!$row){
+			$errmsg = "Unknown username & password combination!";
+		}
+		//else if ($row['status'] != "A"){
+		//	$errmsg = "ERROR: Account not verified yet!";
+		//}
+		else {
+			$cookielife = 0;
+			if ($rem != "")
+				$cookielife = time()+(60*60*24*365);
+			setcookie(COOKIE_UID,my_encrypt($row['user_id']),$cookielife,"/");
+			setcookie(COOKIE_UNAME,my_encrypt($uname),$cookielife,"/");
+			setcookie(COOKIE_MAGIC,my_encrypt(COOKIE_MAGIC_VALUE),$cookielife,"/");
+			mysql_query("update users set lastlogin=now() where user_id={$row['user_id']}");
+			header("location:data.php");
+			die();
+		}
+	}
+}
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>ET-MAEMO | Log In</title>
+<link rel="stylesheet" type="text/css" href="css/main.css">
+</head>
+<body onload='document.forms[0].uname.focus();'>
+<?php
+include 'common/header.php';
+
+echo "<table width='100%' cellpadding='1' cellspacing='1' border='0'>
+<tr>
+	<td style='vertical-align:top;width:40%;'>
+		<b>ET-MAEMO Log In</b>
+		<div style='color:red;padding:4px 0px;'><b>{$errmsg}&nbsp;</b></div>
+		<form method='post' action='{$_SERVER['PHP_SELF']}'>
+		<input type='hidden' name='doit' value='yes'>
+		username<br><input type='text' name='uname' size='30' value='".stripslashes(htmlentities($uname,ENT_QUOTES))."'>
+		<br>password<br><input type='password' name='pw' size='20'>
+		<br><input type='checkbox' name='rem'> remember me on this computer
+		<br><input type='submit' value='LOG IN'>
+		</form>
+		<p><a href='sendpw.php' target='_blank' onclick='javascript:window.open(\"sendpw.php\",\"pw\",\"width=400,height=250\");return false;''>
+			Click here if you forgot your password
+			</a>
+	</td>
+	<td style='vertical-align:top;padding-left:30px;'>
+		<b>Notes</b>
+		<p>Log In here to gain access to your profile and data. If you are not already a
+		member <a href='register.php'>CLICK HERE</a> to register.
+	</td>
+</tr>
+</table>";
+include 'common/footer.php';
+?>
+</body>
+</html>

Added: trunk/server/logout.php
===================================================================
--- trunk/server/logout.php	                        (rev 0)
+++ trunk/server/logout.php	2008-10-17 23:36:43 UTC (rev 34)
@@ -0,0 +1,8 @@
+<?php
+include 'common/secret.php';
+
+setcookie(COOKIE_UID,"",0,"/");
+setcookie(COOKIE_UNAME,"",0,"/");
+setcookie(COOKIE_MAGIC,"",0,"/");
+header("location:/");
+?>

Added: trunk/server/profile.php
===================================================================
--- trunk/server/profile.php	                        (rev 0)
+++ trunk/server/profile.php	2008-10-17 23:36:43 UTC (rev 34)
@@ -0,0 +1,27 @@
+<?php
+include 'common/useful_stuff.php';
+if (!db_connect())
+	die();
+
+if ($_uid == 0){
+	header("location:login.php");
+	die();
+}
+
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>ET-MAEMO | My Profile</title>
+<link rel="stylesheet" type="text/css" href="css/main.css">
+</head>
+<body>
+<?php
+include 'common/header.php';
+
+echo "<h1>My Profile here</h1>";
+
+include 'common/footer.php';
+?>
+</body>
+</html>

Added: trunk/server/register.php
===================================================================
--- trunk/server/register.php	                        (rev 0)
+++ trunk/server/register.php	2008-10-17 23:36:43 UTC (rev 34)
@@ -0,0 +1,89 @@
+<?php
+include 'common/useful_stuff.php';
+if (!db_connect())
+	die();
+
+$errmsg = "";
+$uname = getvar("uname");
+$pw = getvar("pw");
+$pwc = getvar("pwc");
+$email = getvar("email");
+
+$doit = getvar("doit");
+if ($doit == "yes"){
+	if ($uname == ""){
+		$errmsg = "Please enter a user name!";
+	}
+	if ($errmsg == "" && !is_username_valid($uname)){
+		$errmsg = "Username contains illegal characters!";
+	}
+	if ($errmsg == ""){
+		$res = mysql_query("select user_id from users where uname='{$uname}'");
+		if (mysql_num_rows($res) > 0)
+			$errmsg = "That username is already taken!";
+	}
+	if ($errmsg == "" && $email == "")
+		$errmsg = "Please enter a valid email address!";
+	if ($errmsg == "" && !is_email_valid($email))
+		$errmsg = "Please supply a valid email address!";
+	if ($errmsg == ""){
+		$res = mysql_query("select user_id from users where email='{$email}'");
+		if (mysql_num_rows($res) > 0)
+			$errmsg = "That email address is already taken!";
+	}
+	if ($errmsg == "" && ($pw != $pwc || $pw == ""))
+		$errmsg = "Please enter & confirm a valid password!";
+
+	// no errors so here we go...
+	if ($errmsg == ""){
+		mysql_query("insert into users (status,joined,lastlogin,uname,pw,email) values ('A',now(),now(),'$uname','$pw','$email')");
+		$uid = mysql_insert_id();
+		// now log them in
+		setcookie(COOKIE_UID,my_encrypt($uid),0,"/");
+		setcookie(COOKIE_UNAME,my_encrypt($uname),0,"/");
+		setcookie(COOKIE_MAGIC,my_encrypt(COOKIE_MAGIC_VALUE),0,"/");
+		mysql_query("update users set lastlogin=now() where user_id={$uid}");
+		header("location:data.php");
+		die();
+	}
+}
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>ET-MAEMO | Register</title>
+<link rel="stylesheet" type="text/css" href="css/main.css">
+</head>
+<body onload='document.forms[0].uname.focus();'>
+<?php
+include 'common/header.php';
+
+echo "<table width='100%' cellpadding='1' cellspacing='1' border='0'>
+<tr>
+	<td style='vertical-align:top;width:40%;'>
+		<b>ET-MAEMO Registration</b>
+		<div style='color:red;padding:4px 0px;'><b>{$errmsg}&nbsp;</b></div>
+		<form method='post' action='{$_SERVER['PHP_SELF']}'>
+		<input type='hidden' name='doit' value='yes'>
+		username<br><input type='text' name='uname' size='30' value='".stripslashes(htmlentities($uname,ENT_QUOTES))."'>
+		<br>password<br><input type='password' name='pw' size='20'>
+		<br>confirm password<br><input type='password' name='pwc' size='20'>
+		<br>email<br><input type='text' name='email' size='30' value='".stripslashes(htmlentities($email,ENT_QUOTES))."'>
+		<br><input type='submit' value='REGISTER'>
+		</form>
+	</td>
+	<td style='vertical-align:top;padding-left:30px;'>
+		<b>Notes</b>
+		<p>The username you pick must be unique, along with your email address. Please use only
+		letters, numbers and underscores for your username and keep it to 20 characters or less.
+		<p>Passwords are case-sensitive and must be 10 characters or less. Try not to make them too
+		obvious.
+		<p>After registering you will be able to log into your profile and add your devices.
+	</td>
+</tr>
+</table>";
+
+include 'common/footer.php';
+?>
+</body>
+</html>

Added: trunk/server/sendpw.php
===================================================================
--- trunk/server/sendpw.php	                        (rev 0)
+++ trunk/server/sendpw.php	2008-10-17 23:36:43 UTC (rev 34)
@@ -0,0 +1,56 @@
+<?php
+include 'common/useful_stuff.php';
+if (!db_connect())
+	die();
+
+$done_ok = false;
+$errmsg = "";
+$email = getvar("email");
+$doit = getvar("doit");
+if ($doit == "yes"){
+
+	if ($email == ""){
+		$errmsg = "Please enter your email address";
+	}
+	else {
+		$safe_email = mysql_real_escape_string($email);
+		$res = mysql_query("select pw from users where email='{$safe_email}'");
+		$row = mysql_fetch_assoc($res);
+		if (!$row){
+			$errmsg = "We could not find that email address.";
+		}
+		else {
+			$msg = "Hi there,<br><br>Your ET-MAEMO password is: {$row['pw']}<br><br>ET-MAEMO";
+			$header = "From: admin at etmaemo.com\nMIME-Version: 1.0\nContent-type: text/html; charset=iso-8859-1\n";
+			@mail($email,"ET-MAEMO Password",$msg,$header);
+			$errmsg = "Your password has been sent to<br><br>$email";
+			$done_ok = true;
+		}
+	}
+}
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<link rel="stylesheet" type="text/css" href="css/main.css">
+</head>
+<body style='margin:1em;' onload='document.forms[0].email.focus()'>
+<b>Request Password</b>
+<?php
+echo "<div style='color:red;padding:4px 0px;'><b>$errmsg&nbsp;</b></div>";
+if ($done_ok == true)
+	die();
+
+echo "To have your ET-MAEMO password sent to you please enter the email address you
+		registered under and click the 'SEND MY PASSWORD' button.
+<br><br>
+<form action='{$_SERVER['PHP_SELF']}' method='post'>
+<input type='hidden' name='doit' value='yes'>
+email address<br><input type='text' name='email' size='30' value='{$email}'>
+<br><input type='submit' value='SEND MY PASSWORD'>
+</form>";
+?>
+</body>
+</html>
+
+

More information about the Phonehome-commits mailing list