Admin User

admin/alter_table.php

@@ -20,4 +20,11 @@ $db->exec("CREATE TABLE IF NOT EXISTS user(
     created_at TEXT DEFAULT CURRENT_TIMESTAMP
  )");
 
-header("Location: configuration.php");
+header("Location: configuration.php");
+
+
+
+INSERT INTO user (username, passwordhash, district)
+SELECT district, "$2y$10$W9CE8IOOfnfi3XTMEVByZeDIrZo1VPxCHz2CfCe.sOH87V/AdaUG2", district
+FROM district;
+

admin/configuration.php

@@ -6,7 +6,13 @@
         header("Location: login.php");
     }
 
-    $dbFilename = "../db/locations.db";
+    if (isset($_SESSION['superadmin'])) {
+        $boolSuperAdmin = $_SESSION['superadmin']==true;
+    } else {
+        $boolSuperAdmin=false;
+    }
+
+
     require_once("../config.php");
     $boolError=false;
 ?>
@@ -72,7 +78,7 @@
 <div class="row">
 <div class="col-md-7 col-lg-7">   
 
-
+<?php if ($boolSuperAdmin): ?>
 <div class="card">
     <div class="card-header">
     <h3>Konfiguration</h3>
@@ -130,6 +136,7 @@
 <input type="hidden" name="csrf" value="<?=$_SESSION['csrf_token']?>">
 <input type="submit" class="btn btn-primary" value="Konfiguration ändern">
 </form>
+<?php endif; ?>
 <br><br><br>
 </div>
 </div> <!-- row -->

admin/dump.php

@@ -16,10 +16,13 @@
       header("Location: login.php");
   }
   $strDistrict=$_SESSION['district'];
+  if (isset($_SESSION['superadmin'])) {
+    $boolSuperAdmin = $_SESSION['superadmin']==true;
+  } else {
+    $boolSuperAdmin=false;
+  }
   $sqlDistrict = ($boolSuperAdmin) ? "1" : "l.district='$strDistrict'";
 
-  
-  require("../config.db.php");
   require ("../config.php");
 
   // Set headers to make the browser download the results as a csv file

admin/export.php

@@ -15,9 +15,13 @@
     if (!$boolLogin) {
         header("Location: login.php");
     }
+ 
+ 
+
     $strDistrict=$_SESSION['district'];
     $sqlDistrict = ($boolSuperAdmin) ? "1" : "l.district='$strDistrict'";
 
+
     require ("../config.php");
 ?>
 <!DOCTYPE html>

admin/index.php

@@ -17,6 +17,14 @@
         header("Location: login.php");
     }
     $strDistrict=$_SESSION['district'];
+   
+ 
+    if (isset($_SESSION['superadmin'])) {
+        $boolSuperAdmin = $_SESSION['superadmin']==true;
+    } else {
+        $boolSuperAdmin=false;
+    }
+    
     include("../config.php");
     $boolShowmap=false;
     

admin/login.php

@@ -25,12 +25,14 @@ $boolLogin=true;
     if (isset($_POST['login']) && isset($_POST['password'])) {
         $strUser         = trim($_POST['login']);
         $strPassword     = trim($_POST['password']);
-        $strSQL = "SELECT username,passwordhash FROM user WHERE username='$strUser'";
+        $strSQL = "SELECT username,passwordhash,district FROM user WHERE username='$strUser'";
         $result = $db->query($strSQL);
         if ($row=$result->fetch(PDO::FETCH_ASSOC))  {
-            if (password_verify($strPassword,$row['passwordhash'])) {
+            $boolOk = $strDistrict==$row['district'] || $row['username']=="admin";
+            if (password_verify($strPassword,$row['passwordhash']) && $boolOk) {
                 $_SESSION['user']=$strUser;
                 $_SESSION['csrf_token'] = uniqid('', true);
+                $_SESSION['superadmin'] = $row['username']=="admin";
                 header ("Location: index.php");
             } else {
                 $boolLogin=false;

admin/logout.php

@@ -1,5 +1,11 @@
 <?php
 
 session_start();
+if (isset($_SESSION['district'])) {
+    $strDistrict=$_SESSION['district'];
+}
 session_destroy();
+session_start();
+$_SESSION['district']=$strDistrict;
+
 header ("Location: ../index.php");

admin/print_html.php

@@ -7,6 +7,11 @@
         header("Location: login.php");
     }
     $strDistrict=$_SESSION['district'];
+    if (isset($_SESSION['superadmin'])) {
+        $boolSuperAdmin = $_SESSION['superadmin']==true;
+    } else {
+        $boolSuperAdmin=false;
+    }
     include("../config.php");
     $sqlDistrict = ($boolSuperAdmin) ? "1" : "l.district='$strDistrict'";