Implement login requirement for adding/changing entries.

Move getlinkdata to an unprotected folder.
Move and rename JSON link retriever.
2018-10-04 11:20:33 -04:00 · 2018-10-03 21:08:53 -04:00 · 2018-10-03 21:06:43 -04:00
11 changed files with 39 additions and 5 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,7 @@
+# Installation specific .htaccess and auth passwd file in ajax/
+ajax/.htaccess
+ajax/links.auth
+
 # OS generated files
 .DS_Store
 .DS_Store?
--- a/README.md
+++ b/README.md
@ -1,3 +1,11 @@
 # LinkProvider

-A basic website/service to keep a list of URLs/Links and provide a URL for retrieving the list as a JSON object.
+A basic website/service to keep a list of URLs/Links and provide a URL for retrieving the list as a JSON object.
+
+## After Installation
+
+- Create a database and maybe user for use by the Link Manager then import the db.sql file.
+- Copy the config-dist.php file to config.php and edit the settings as appropriate.
+- Go into the ajax/ folder.
+  - Add a user with: htpasswd -c links.auth username.
+  - Copy the .htaccess-dist file to .htaccess, then edit the full path to this links.auth file.
--- a/ajax/.htaccess-dist
+++ b/ajax/.htaccess-dist
@ -0,0 +1,6 @@
+AuthType Basic
+AuthName "Links"
+AuthUserFile /full/path/to/this/links.auth
+Require valid-user
+
+RedirectMatch 404 links.auth
--- a/ajax/index.php
+++ b/ajax/index.php
@ -0,0 +1,9 @@
+<?php
+
+require '../header.php';
+
+$parent = dirname($_SERVER['SCRIPT_URL'], 1);
+if ( isset($_SERVER['REMOTE_USER']) ) $_SESSION['validated'] = true;
+
+header("Location: {$parent}");
+exit();
--- a/ajax/savelink.php
+++ b/ajax/savelink.php
@ -19,7 +19,7 @@ $description = $_REQUEST['description'];
 $link = new WebLink($id);
 if ( $link->setURL($url) === false ) {
   $data['success'] = false;
-   $data['message'] = "Invalid URL! URL cannot be left blank.";
+   $data['message'] = "Invalid URL! URL cannot be left blank and must be well formed.";
   pushData();
 }
 if ( $link->setTitle($title) === false ) {
--- a/class_link.php
+++ b/class_link.php
@ -56,6 +56,7 @@ class WebLink {

   public function setURL($value) {
      if ( is_null($value) || ($value == "") ) return false;
+      if ( !filter_var($value, FILTER_VALIDATE_URL) ) return false;
      $this->url = $value;
      return true;
   }
--- a/getlinks/index.php
+++ b/getlinks/index.php
@ -16,6 +16,7 @@ foreach ( $links as $link ) {
   $row['description_safe'] = $link->getDescription(HTMLSAFE);
   $data['links'][] = $row;
 }
+$data['canedit'] = $_SESSION['validated'];

 pushData($data);
 exit();
--- a/htmlheader.php
+++ b/htmlheader.php
@ -35,7 +35,7 @@ echo $extrasheets;
    <img class='navbar-logo' src='images/logo.png' onerror="this.style.display='none'" /><a href='#!' class='brand-logo'><?php echo PAGETITLE; ?></a>
    <a href='#' data-target='mobile-menu' class='sidenav-trigger'><i class='material-icons'>menu</i></a>
    <ul class='right hide-on-med-and-down'>
-      <li><a href='#!' onClick='openNewLinkModal()'>Add A Link</a></li>
+      <?php if ( !$_SESSION['validated'] ) { ?><li><a href='ajax/index.php'>Log In</a></li><?php } ?>
    </ul>
  </div>
 </nav>
--- a/index.php
+++ b/index.php
@ -6,7 +6,9 @@ includeHTMLHeader("Link Manager");

 ?>
 <h3 class='center-align'>Links</h3>
+<?php if ( $_SESSION['validated'] ) { ?>
 <div class='row center-align'><a href='#!' class='tooltipped' data-position='bottom' data-tooltip='Register a new link' onClick='openEditLinkModal()'>Add A New Link</a></div>
+<?php } ?>
 <table class='bordered striped highlight'>
  <thead>
    <tr>
--- a/js/main.js
+++ b/js/main.js
@ -75,13 +75,15 @@ function openEditLinkModal(id = 0) {
 function updateLinkList() {
    $.ajax({
        type: 'GET',
-        url: 'ajax/getlinks.php',
+        url: 'getlinks/index.php',
        dateType: 'json',
        success: function(data, stat, jqo) {
            var tabledata = "";
            for (var i=0; i<data.links.length; i++) {
                var link = data.links[i];
-                tabledata += "<tr class='clickable' onClick='openEditLinkModal(" + link.id + ")'>";
+                tabledata += "<tr";
+                if ( data.canedit ) tabledata += " class='clickable' onClick='openEditLinkModal(" + link.id + ")'";
+                tabledata += ">";
                tabledata += "<td>" + link.url_safe + "</td>";
                tabledata += "<td>" + link.title_safe + "</td>";
                tabledata += "<td>" + link.description_safe + "</td>";
--- a/startsession.php
+++ b/startsession.php
@ -6,3 +6,4 @@ if ( php_sapi_name() == "cli" ) exit();
 session_name(SESSNAME);
 session_start();

+if ( !isset($_SESSION['validated']) ) $_SESSION['validated'] = false;
Author	SHA1	Message	Date
Junior	a27446465a	Implement login requirement for adding/changing entries.	2018-10-04 11:20:33 -04:00
Junior	2dc4dd923d	Move getlinkdata to an unprotected folder.	2018-10-03 21:08:53 -04:00
Junior	f1d0319545	Move and rename JSON link retriever.	2018-10-03 21:06:43 -04:00