Enforce admin privileges

inc/converter.php

@@ -110,7 +110,7 @@ class GeoJson extends Geo {
 	const EXT = '.geojson';
 	const MAX_FILESIZE = 2; //MB
 	const MAX_DEVIATION_FLAT = 0.1; //10%
-	const MAX_DEVIATION_ELEV = 0.1; //20%
+	const MAX_DEVIATION_ELEV = 0.1; //10%
 
 	public function __construct($sCodeName) {
 		parent::__construct($sCodeName);

inc/feed.php

@@ -114,7 +114,7 @@ class Feed extends PhpObject {
 			$oNow = new DateTime('now');
 			$iSecDiff = $oNow->getTimestamp() - $oLastUpdate->getTimestamp();
 
-			if($iSecDiff > self::FEED_MAX_REFRESH) $bNewMsg = $this->updateFeed();
+			if($iSecDiff > self::FEED_MAX_REFRESH && !Settings::DEBUG) $bNewMsg = $this->updateFeed();
 		}
 
 		return $bNewMsg;

inc/project.php

@@ -135,7 +135,7 @@ class Project extends PhpObject {
 				case 2: $asProject['mode'] = self::MODE_HISTO; break;
 			}
 
-			if($sCodeName!= '' && !Converter::isGeoJsonValid($sCodeName)) Converter::convertToGeoJson($sCodeName);
+			if($sCodeName != '' && !Converter::isGeoJsonValid($sCodeName)) Converter::convertToGeoJson($sCodeName);
 
 			$asProject['geofilepath'] = Spot::addTimestampToFilePath(Geo::getFilePath($sCodeName, GeoJson::EXT));
 			$asProject['gpxfilepath'] = Spot::addTimestampToFilePath(Geo::getFilePath($sCodeName, Gpx::EXT));

inc/spot.php

@@ -73,6 +73,8 @@ class Spot extends Main
 	{
 		//Install DB
 		$this->oDb->install();
+
+		$this->oUser->addUser('admin@admin.com', $this->oLang->getLanguage(), date_default_timezone_get());
 	}
 
 	public function syncPics() {
@@ -93,13 +95,14 @@ class Spot extends Main
 				Project::PROJ_TABLE	=> array('name', 'codename', 'active_from', 'active_to'),
 				self::POST_TABLE	=> array(Db::getId(Project::PROJ_TABLE), Db::getId(User::USER_TABLE), 'name', 'content', 'site_time', 'timezone'),
 				Media::MEDIA_TABLE	=> array(Db::getId(Project::PROJ_TABLE), 'filename', 'type', 'taken_on', 'posted_on', 'timezone', 'rotate', 'comment'),
-				User::USER_TABLE	=> array('name', 'email', 'gravatar', 'language', 'timezone', 'active'),
+				User::USER_TABLE	=> array('name', 'email', 'gravatar', 'language', 'timezone', 'active', 'clearance'),
 				self::MAP_TABLE		=> array('codename', 'geo_name', 'min_zoom', 'max_zoom', 'attribution'),
 				self::MAPPING_TABLE	=> array(Db::getId(self::MAP_TABLE) , Db::getId(Project::PROJ_TABLE))
 			),
 			'types' 			=> array
 			(
-				'active'		=> "BOOLEAN",
+				'active'		=> "BOOLEAN DEFAULT ".User::USER_INACTIVE,
+				'clearance'		=> "TINYINT(1) DEFAULT ".User::CLEARANCE_USER,
 				'active_from'	=> "TIMESTAMP DEFAULT 0",
 				'active_to'		=> "TIMESTAMP DEFAULT 0",
 				'battery_state'	=> "VARCHAR(10)",
@@ -149,8 +152,14 @@ class Spot extends Main
 		);
 	}
 
-	public function getMainPage($asGlobalVars = array(), $sMainPage = 'index', $asMainPageTags=array())
+	public function getAppMainPage()
 	{
+		//Cache Page List
+		$asPages = array_diff($this->asMasks, array('email_update', 'email_conf'));
+		if(!$this->oUser->checkUserClearance(User::CLEARANCE_ADMIN)) {
+			$asPages = array_diff($asPages, array('admin', 'upload'));
+		}
+
 		return parent::getMainPage(
 			array(
 				'vars' => array(
@@ -166,7 +175,7 @@ class Spot extends Main
 					'default_timezone'			=> Settings::TIMEZONE
 				)
 			),
-			$sMainPage,
+			'index',
 			array(
 				'host_url'					=> $this->asContext['serv_name'],
 				'filepath_css'				=> self::addTimestampToFilePath('style/spot.css'),
@@ -176,10 +185,15 @@ class Spot extends Main
 				'filepath_js_jquery_mods'	=> self::addTimestampToFilePath('script/jquery.mods.js'),
 				'filepath_js_spot'			=> self::addTimestampToFilePath('script/spot.js'),
 				'filepath_js_lightbox'		=> self::addTimestampToFilePath('script/lightbox.js')
-			)
+			),
+			$asPages
 		);
 	}
 
+	public function checkUserClearance($iClearance) {
+		return $this->oUser->checkUserClearance($iClearance);
+	}
+
 	/* Managing projects */
 
 	public function setProjectId($iProjectId=0) {
@@ -188,6 +202,8 @@ class Spot extends Main
 
 	public function updateProject() {
 		$bNewMsg = false;
+		$bSuccess = true;
+		$sDesc = '';
 
 		//Update all feeds belonging to the project
 		$asFeeds = $this->oProject->getFeedIds();
@@ -227,8 +243,13 @@ class Spot extends Main
 				if($iPostCount == self::MAIL_CHUNK_SIZE) break;
 			}
 
-			$oEmail->send();
+			$bSuccess = $oEmail->send();
+			if(!$bSuccess) $sDesc = $oEmail->ErrorInfo;
+			else $sDesc = 'mail_sent';
 		}
+		else $sDesc = 'no_new_msg';
+
+		return self::getJsonResult($bSuccess, $sDesc);
 	}
 
 	public function genCronFile() {
@@ -303,9 +324,8 @@ class Spot extends Main
 		$this->oLang->setLanguage($this->oUser->getLang(), self::DEFAULT_LANG);
 		$asResult = $this->oUser->removeUser();
 
-		$sDesc = $asResult['desc'];
-		if($sDesc=='') $sDesc = $this->oLang->getTranslation('nl_unsubscribed');
-		return $sDesc;
+		$sDesc = explode(':', $asResult['desc'])[1];
+		return $this->oLang->getTranslation($sDesc);
 	}
 
 	private function getSpotMessages()
@@ -491,7 +511,8 @@ class Spot extends Main
 		$asData = array(
 			'project'	=> $this->oProject->getProjects(),
 			'feed'		=> $oFeed->getFeeds(),
-			'spot'		=> $oFeed->getSpots()
+			'spot'		=> $oFeed->getSpots(),
+			'user'		=> $this->oUser->getActiveUsersInfo()
 		);
 
 		foreach($asData['project'] as &$asProject) {
@@ -499,6 +520,8 @@ class Spot extends Main
 			$asProject['active_to'] = substr($asProject['active_to'], 0, 10);
 		}
 
+		foreach($asData['user'] as &$asUser) $asUser['id'] = $asUser[Db::getId(User::USER_TABLE)];
+
 		return self::getJsonResult(true, '', $asData);
 	}
 
@@ -587,10 +610,6 @@ class Spot extends Main
 		));
 	}
 
-	public function convertGpxToGeojson($sGeoFileName) {
-		return Converter::convertToGeoJson($sGeoFileName);
-	}
-
 	public static function decToDms($dValue, $sType) {
 		if($sType=='lat')	$sDirection = ($dValue >= 0)?'N':'S'; //Latitude
 		else				$sDirection = ($dValue >= 0)?'E':'W'; //Longitude

inc/user.php

@@ -5,6 +5,12 @@ class User extends PhpObject {
 	//DB Tables
 	const USER_TABLE = 'users';
 
+	//Clearance Levels
+	const USER_ACTIVE = 1;
+	const USER_INACTIVE = 0;
+	const CLEARANCE_USER = 0;
+	const CLEARANCE_ADMIN = 9;
+
 	//Cookie
 	const COOKIE_ID_USER = 'subscriber';
 	const COOKIE_DURATION = 60 * 60 * 24 * 365; //1 year
@@ -22,7 +28,15 @@ class User extends PhpObject {
 		parent::__construct(__CLASS__, Settings::DEBUG);
 		$this->oDb = &$oDb;
 		$this->iUserId = 0;
-		$this->asUserInfo = array(Db::getId(self::USER_TABLE)=>0, 'name'=>'', 'email'=>'', 'language'=>'', 'timezone'=>'', 'active'=>'0');
+		$this->asUserInfo = array(
+			Db::getId(self::USER_TABLE)	=> 0,
+			'name'						=> '',
+			'email'						=> '',
+			'language'					=> '',
+			'timezone'					=> '',
+			'active'					=> self::USER_INACTIVE,
+			'clearance'					=> self::CLEARANCE_USER
+		);
 		$this->checkUserCookie();
 	}
 
@@ -36,7 +50,7 @@ class User extends PhpObject {
 		$sEmail = trim($sEmail);
 
 		//Check Email availability
-		$iUserId = $this->oDb->selectValue(self::USER_TABLE, Db::getId(self::USER_TABLE), array('email'=>$sEmail, 'active'=>'1'));
+		$iUserId = $this->oDb->selectValue(self::USER_TABLE, Db::getId(self::USER_TABLE), array('email'=>$sEmail, 'active'=>self::USER_ACTIVE));
 
 		if($iUserId > 0) {
 			//Log user in
@@ -45,7 +59,12 @@ class User extends PhpObject {
 		}
 		else {
 			//Add/Reactivate user
-			$iUserId = $this->oDb->insertUpdateRow(self::USER_TABLE, array('email'=>$sEmail, 'language'=>$sLang, 'timezone'=>$sTimezone, 'active'=>'1'), array('email'));
+			$iUserId = $this->oDb->insertUpdateRow(
+				self::USER_TABLE,
+				array('email'=>$sEmail, 'language'=>$sLang, 'timezone'=>$sTimezone, 'active'=>self::USER_ACTIVE),
+				array('email')
+			);
+
 			if($iUserId==0) $sDesc = 'lang:error_commit_db';
 			else {
 				$this->updateGravatar($iUserId, $sEmail);
@@ -68,7 +87,7 @@ class User extends PhpObject {
 		$sDesc = '';
 
 		if($this->iUserId > 0) {
-			$iUserId = $this->oDb->updateRow(self::USER_TABLE, $this->iUserId, array('active'=>'0'));
+			$iUserId = $this->oDb->updateRow(self::USER_TABLE, $this->iUserId, array('active'=>self::USER_INACTIVE));
 			if($iUserId==0) $sDesc = 'lang:error_commit_db';
 			else {
 				$sDesc = 'lang:nl_unsubscribed';
@@ -121,13 +140,20 @@ class User extends PhpObject {
 		$asInfo = array(
 			'select'	=> array_keys($this->asUserInfo),
 			'from'		=> self::USER_TABLE,
-			'constraint'=> array('active'=>'1')
+			'constraint'=> array('active'=>self::USER_ACTIVE)
 		);
 		if($iUserId != -1) $asInfo['constraint'][Db::getId(self::USER_TABLE)] = $iUserId;
 
+		if(!$this->checkUserClearance(self::CLEARANCE_ADMIN)) unset($asInfo['select']['clearance']);
+
 		return $this->oDb->selectRows($asInfo);
 	}
 
+	public function checkUserClearance($iClearance)
+	{
+		return ($this->asUserInfo['clearance'] >= $iClearance);
+	}
+
 	private function updateCookie($iDeltaTime) {
 		setcookie(self::COOKIE_ID_USER, ($iDeltaTime < 0)?'':$this->iUserId, array('samesite' => 'Lax', 'expires' => time() + $iDeltaTime));
 	}

index.php

@@ -39,24 +39,32 @@ if($sAction!='')
 		case 'feed':
 			$sResult = $oSpot->getNewsFeed($iChunk);
 			break;
+		case 'add_post':
+			$sResult = $oSpot->addPost($sName, $sContent);
+			break;
+		case 'subscribe':
+			$sResult = $oSpot->subscribe($sEmail);
+			break;
+		case 'unsubscribe':
+			$sResult = $oSpot->unsubscribe();
+			break;
+		case 'unsubscribe_email':
+			$sResult = $oSpot->unsubscribeFromEmail($iId);
+			break;
 		case 'update_project':
 			$sResult = $oSpot->updateProject();
 			break;
+		default:
+			if($oSpot->checkUserClearance(User::CLEARANCE_ADMIN))
+			{
+				switch($sAction)
+				{
 					case 'upload':
 						$sResult = $oSpot->upload();
 						break;
 					case 'add_comment':
 						$sResult = $oSpot->addComment($iId, $sContent);
 						break;
-		case 'add_post':
-			$sResult = $oSpot->addPost($sName, $sContent);
-			break;
-		/*case 'sql':
-			$sResult = $oSpot->getDbBuildScript();
-			break;*/
-		case 'sync_pics':
-			$sResult = $oSpot->syncPics();
-			break;
 					case 'admin_new':
 						$sResult = $oSpot->createProject();
 						break;
@@ -69,26 +77,23 @@ if($sAction!='')
 					case 'admin_del':
 						$sResult = $oSpot->delAdminSettings($sType, $iId);
 						break;
-		case 'build_geojson':
-			$sResult = $oSpot->convertGpxToGeojson($sName);
-			break;
-		case 'subscribe':
-			$sResult = $oSpot->subscribe($sEmail);
-			break;
-		case 'unsubscribe':
-			$sResult = $oSpot->unsubscribe();
-			break;
-		case 'unsubscribe_email':
-			$sResult = $oSpot->unsubscribeFromEmail($iId);
+					case 'sync_pics':
+						$sResult = $oSpot->syncPics();
 						break;
 					case 'generate_cron':
 						$sResult = $oSpot->genCronFile();
 						break;
+					case 'sql':
+						$sResult = $oSpot->getDbBuildScript();
+						break;
 					default:
 						$sResult = Main::getJsonResult(false, Main::NOT_FOUND);
 				}
+			}
+			else $sResult = Main::getJsonResult(false, Main::NOT_FOUND);
+	}
 }
-else $sResult = $oSpot->getMainPage();
+else $sResult = $oSpot->getAppMainPage();
 
 $sDebug = ob_get_clean();
 if(Settings::DEBUG && $sDebug!='') $oSpot->addUncaughtError($sDebug);

languages/en.lang

@@ -68,6 +68,9 @@ last_update			= Last Spot update
 ref_spot_id			= Ref. Spot ID
 model				= Model
 delete				= Delete
+id_user             = User ID
+language            = Language
+clearance           = Clearance
 
 unit_day			= day
 unit_days			= days
@@ -93,7 +96,7 @@ conf_preheader		= Thanks for keeping in touch!
 conf_thanks_sub		= You're all set!
 conf_body_para_1	= Thank you for checking in on my wanderings :). I'll make sure to keep you posted on my progress along the trail.
 conf_body_para_2	= I usually check-in once a day, plus sometimes on special events, like successful peak ascents. I am using a GPS-based device (PLB) which does not require phone reception to work. Thus the messages should be pretty frequent, but, being awestruck by the beauty of nature, I could also just forget to send a signal once in a while. So do not worry if you don't receive anything for a couple of days.
-conf_body_para_3	= If I've posted some pictures recently, you should also get them in this email.
+conf_body_para_3	= If I've posted some pictures recently, you should also get them in the same email.
 conf_body_conclusion= Happy Trails!
 conf_signature		= --François
 

languages/fr.lang

@@ -68,6 +68,9 @@ last_update			= Dernière maj depuis Spot
 ref_spot_id			= ID Spot ref.
 model				= Modèle
 delete				= Supprimer
+id_user             = ID Utilisateur
+language            = Langue
+clearance           = Niveau d'autorisation
 
 unit_day			= jour
 unit_days			= jours

masks/admin.html

@@ -49,12 +49,30 @@
 			<tbody></tbody>
 		</table>
 	</div>
+	<h1>Users</h1>
+	<div id="users">
+		<table>
+			<thead>
+				<tr>
+					<th>[#]lang:id_user[#]</th>
+					<th>[#]lang:name[#]</th>
+					<th>[#]lang:language[#]</th>
+					<th>[#]lang:time_zone[#]</th>
+					<th>[#]lang:clearance[#]</th>
+				</tr>
+			</thead>
+			<tbody></tbody>
+		</table>
+	</div>
+	<h1>ToolBox</h1>
+	<div id="toolbox"></div>
 	<div id="feedback" class="feedback"></div>
 </div>
 <script type="text/javascript">
 oSpot.pageInit = function(asHash) {
 	self.get('admin_get', setProjects);
 	$('#new').addButton('new', 'New Project', 'new', createProject, 'main-btn');
+	$('#toolbox').addButton('refresh', 'Update Project', 'refresh', updateProject, 'main-btn');
 };
 
 oSpot.onFeedback = function(sType, sMsg, asContext) {
@@ -116,6 +134,13 @@ function setProjects(asElemTypes) {
 							.append($('<td>').text(oElem.name))
 							.append($('<td>').text(oElem.model))
 						break;
+					case 'user':
+						$Elem
+							.append($('<td>').text(oElem.name))
+							.append($('<td>').text(oElem.language))
+							.append($('<td>').text(oElem.timezone))
+							.append($('<td>').text(oElem.clearance))
+						break;
 				}
 
 				$Elem.appendTo($('#'+sElemType+'s').find('table tbody'));
@@ -128,6 +153,15 @@ function createProject() {
 	self.get('admin_new', setProjects);
 }
 
+function updateProject() {
+	self.get(
+		'update_project',
+		function(asData, sMsg){oSpot.onFeedback('success', sMsg, {'update':'project'});},
+		{},
+		function(sMsg){oSpot.onFeedback('error', sMsg, {'update':'project'});}
+	);
+}
+
 function commit(event, $This) {
 	$This = $This || $(this);
 	if(typeof self.tmp('wait') != 'undefined') clearTimeout(self.tmp('wait'));

script/spot.js

@@ -175,8 +175,14 @@ function Spot(asGlobals)
 	this.switchPage = function(asHash)
 	{
 		var sPageName = asHash.page;
-		var bSamePage = self.vars('page')==sPageName;
-		if(self.onQuitPage(bSamePage) && !bSamePage || self.onSamePageMove(asHash))
+		var bSamePage = (self.vars('page') == sPageName);
+		var bFirstPage = (self.vars('page') == '');
+
+		if(!self.consts.pages[sPageName]) { //Page does not exist
+			if(bFirstPage)	self.setHash(self.consts.default_page);
+			else 			self.setHash(self.vars('page'), self.vars(['hash', 'items']));
+		}
+		else if(self.onQuitPage(bSamePage) && !bSamePage || self.onSamePageMove(asHash))
 		{
 			//Delete tmp variables
 			self.vars('tmp', {});
@@ -185,8 +191,8 @@ function Spot(asGlobals)
 			self.resetTmpFunctions();
 
 			//Officially a new page
-			var bFirstPage = self.vars('page')=='';
 			self.vars('page', sPageName);
+			self.vars('hash', asHash);
 
 			//Update Page Title
 			this.setPageTitle(sPageName+' '+(asHash.items[0] || ''));
@@ -202,6 +208,7 @@ function Spot(asGlobals)
 				self.elem.main.stop().fadeTo('fast', 0, function(){self.splash($Dom, asHash, bFirstPage);}); //Switching page
 			}
 		}
+		else if(bSamePage) self.vars('hash', asHash);
 	};
 
 	this.setPageTitle = function(sTitle) {

style/_fa.scss

@@ -91,3 +91,4 @@ $fa-css-prefix: fa;
 
 /* Admin */
 .#{$fa-css-prefix}-new:before { content: fa-content($fa-var-plus); }
+.#{$fa-css-prefix}-refresh:before { content: fa-content($fa-var-sync); }