From a27446465a97b45c91c5213d91fe8dc2e3a68cbd Mon Sep 17 00:00:00 2001
From: Junior <junior@jaj.com>
Date: Thu, 4 Oct 2018 11:20:33 -0400
Subject: [PATCH] Implement login requirement for adding/changing entries.

---
 .gitignore                         |  4 ++++
 README.md                          | 10 +++++++++-
 ajax/.htaccess-dist                |  6 ++++++
 {getlinks => ajax}/getlinkdata.php |  0
 ajax/index.php                     |  9 +++++++++
 ajax/savelink.php                  |  2 +-
 class_link.php                     |  1 +
 getlinks/index.php                 |  1 +
 htmlheader.php                     |  2 +-
 index.php                          |  2 ++
 js/main.js                         |  8 +++++---
 startsession.php                   |  1 +
 12 files changed, 40 insertions(+), 6 deletions(-)
 create mode 100644 ajax/.htaccess-dist
 rename {getlinks => ajax}/getlinkdata.php (100%)
 create mode 100644 ajax/index.php

diff --git a/.gitignore b/.gitignore
index 3be745b..8c455e8 100755
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,7 @@
+# Installation specific .htaccess and auth passwd file in ajax/
+ajax/.htaccess
+ajax/links.auth
+
 # OS generated files
 .DS_Store
 .DS_Store?
diff --git a/README.md b/README.md
index 89057b7..5fb5f65 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,11 @@
 # LinkProvider
 
-A basic website/service to keep a list of URLs/Links and provide a URL for retrieving the list as a JSON object.
\ No newline at end of file
+A basic website/service to keep a list of URLs/Links and provide a URL for retrieving the list as a JSON object.
+
+## After Installation
+
+- Create a database and maybe user for use by the Link Manager then import the db.sql file.
+- Copy the config-dist.php file to config.php and edit the settings as appropriate.
+- Go into the ajax/ folder.
+  - Add a user with: htpasswd -c links.auth username.
+  - Copy the .htaccess-dist file to .htaccess, then edit the full path to this links.auth file.
diff --git a/ajax/.htaccess-dist b/ajax/.htaccess-dist
new file mode 100644
index 0000000..3f8d9d0
--- /dev/null
+++ b/ajax/.htaccess-dist
@@ -0,0 +1,6 @@
+AuthType Basic
+AuthName "Links"
+AuthUserFile /full/path/to/this/links.auth
+Require valid-user
+
+RedirectMatch 404 links.auth
diff --git a/getlinks/getlinkdata.php b/ajax/getlinkdata.php
similarity index 100%
rename from getlinks/getlinkdata.php
rename to ajax/getlinkdata.php
diff --git a/ajax/index.php b/ajax/index.php
new file mode 100644
index 0000000..fb12e02
--- /dev/null
+++ b/ajax/index.php
@@ -0,0 +1,9 @@
+<?php
+
+require '../header.php';
+
+$parent = dirname($_SERVER['SCRIPT_URL'], 1);
+if ( isset($_SERVER['REMOTE_USER']) ) $_SESSION['validated'] = true;
+
+header("Location: {$parent}");
+exit();
diff --git a/ajax/savelink.php b/ajax/savelink.php
index 5c30327..b06268e 100755
--- a/ajax/savelink.php
+++ b/ajax/savelink.php
@@ -19,7 +19,7 @@ $description = $_REQUEST['description'];
 $link = new WebLink($id);
 if ( $link->setURL($url) === false ) {
    $data['success'] = false;
-   $data['message'] = "Invalid URL! URL cannot be left blank.";
+   $data['message'] = "Invalid URL! URL cannot be left blank and must be well formed.";
    pushData();
 }
 if ( $link->setTitle($title) === false ) {
diff --git a/class_link.php b/class_link.php
index 555b476..a986db6 100755
--- a/class_link.php
+++ b/class_link.php
@@ -56,6 +56,7 @@ class WebLink {
 
    public function setURL($value) {
       if ( is_null($value) || ($value == "") ) return false;
+      if ( !filter_var($value, FILTER_VALIDATE_URL) ) return false;
       $this->url = $value;
       return true;
    }
diff --git a/getlinks/index.php b/getlinks/index.php
index 2908ad9..ac09f1f 100755
--- a/getlinks/index.php
+++ b/getlinks/index.php
@@ -16,6 +16,7 @@ foreach ( $links as $link ) {
    $row['description_safe'] = $link->getDescription(HTMLSAFE);
    $data['links'][] = $row;
 }
+$data['canedit'] = $_SESSION['validated'];
 
 pushData($data);
 exit();
diff --git a/htmlheader.php b/htmlheader.php
index 60b58bb..d229609 100755
--- a/htmlheader.php
+++ b/htmlheader.php
@@ -35,7 +35,7 @@ echo $extrasheets;
     <img class='navbar-logo' src='images/logo.png' onerror="this.style.display='none'" /><a href='#!' class='brand-logo'><?php echo PAGETITLE; ?></a>
     <a href='#' data-target='mobile-menu' class='sidenav-trigger'><i class='material-icons'>menu</i></a>
     <ul class='right hide-on-med-and-down'>
-      <li><a href='#!' onClick='openNewLinkModal()'>Add A Link</a></li>
+      <?php if ( !$_SESSION['validated'] ) { ?><li><a href='ajax/index.php'>Log In</a></li><?php } ?>
     </ul>
   </div>
 </nav>
diff --git a/index.php b/index.php
index 3a51d5a..a36df02 100755
--- a/index.php
+++ b/index.php
@@ -6,7 +6,9 @@ includeHTMLHeader("Link Manager");
 
 ?>
 <h3 class='center-align'>Links</h3>
+<?php if ( $_SESSION['validated'] ) { ?>
 <div class='row center-align'><a href='#!' class='tooltipped' data-position='bottom' data-tooltip='Register a new link' onClick='openEditLinkModal()'>Add A New Link</a></div>
+<?php } ?>
 <table class='bordered striped highlight'>
   <thead>
     <tr>
diff --git a/js/main.js b/js/main.js
index 596cd02..1304e76 100755
--- a/js/main.js
+++ b/js/main.js
@@ -49,7 +49,7 @@ function toast(message, delay, classname) {
 function openEditLinkModal(id = 0) {
     var instance = M.Modal.getInstance($('#editlink_modal'));
     $.ajax({
-        url: 'getlinks/getlinkdata.php',
+        url: 'ajax/getlinkdata.php',
         dataType: 'json',
         data: {id: id},
         success: function(data, stat, jqo) {
@@ -75,13 +75,15 @@ function openEditLinkModal(id = 0) {
 function updateLinkList() {
     $.ajax({
         type: 'GET',
-        url: 'ajax/getlinks.php',
+        url: 'getlinks/index.php',
         dateType: 'json',
         success: function(data, stat, jqo) {
             var tabledata = "";
             for (var i=0; i<data.links.length; i++) {
                 var link = data.links[i];
-                tabledata += "<tr class='clickable' onClick='openEditLinkModal(" + link.id + ")'>";
+                tabledata += "<tr";
+                if ( data.canedit ) tabledata += " class='clickable' onClick='openEditLinkModal(" + link.id + ")'";
+                tabledata += ">";
                 tabledata += "<td>" + link.url_safe + "</td>";
                 tabledata += "<td>" + link.title_safe + "</td>";
                 tabledata += "<td>" + link.description_safe + "</td>";
diff --git a/startsession.php b/startsession.php
index 38957d1..5455e33 100755
--- a/startsession.php
+++ b/startsession.php
@@ -6,3 +6,4 @@ if ( php_sapi_name() == "cli" ) exit();
 session_name(SESSNAME);
 session_start();
 
+if ( !isset($_SESSION['validated']) ) $_SESSION['validated'] = false;