Closed #1 (Add ability to disable sign up)

11a7f580 · Vadym Gidulian · bbb5bb1b · 11a7f580 · 11a7f580 · 11a7f580
Commit 11a7f580 authored Oct 24, 2016 by Vadym Gidulian
Hide whitespace changes
Inline Side-by-side

Showing with 36 additions and 4 deletions

auth.php auth.php +26 -0

index.php index.php +7 -4

login.php login.php +1 -0

logout.php logout.php +1 -0

signup.php signup.php +1 -0

No files found.
--- a/auth.php
+++ b/auth.php
@@ -19,9 +19,35 @@ function addUser($login, $password) {

 	$users = simplexml_load_file(PATH_TO_XML);

+	if (!$users->count()) {
+		$userWillBeAdmin = true;
+	}
 	$user = $users->addChild('user');
+	if (!empty($userWillBeAdmin)) {
+		$user->addAttribute('rights', 'admin');
+    }
 	$user->addChild('login', $login);
 	$user->addChild('password', $password);

 	$users->asXML(PATH_TO_XML);
 }
+
+function usersNumber() {
+	return simplexml_load_file(PATH_TO_XML)->count();
+}
+
+function hasAdminRights($login) {
+	$users = simplexml_load_file(PATH_TO_XML);
+
+	foreach ($users as $user) {
+		if ($user->login == $login) {
+			$rights = $user->attributes()['rights'];
+			$rights = explode(',', $rights);
+			foreach ($rights as $right) {
+				if (trim($right) == 'admin') return true;
+			}
+		}
+	}
+
+	return false;
+}
--- a/index.php
+++ b/index.php
 <?php
 session_start();
+require 'auth.php';

 if (!isset($_SESSION['logged_in']) || !$_SESSION['logged_in']) : ?>

@@ -7,19 +8,21 @@ if (!isset($_SESSION['logged_in']) || !$_SESSION['logged_in']) : ?>
        <input type="text" name="login" placeholder="User name"><br>
        <input type="password" name="password" placeholder="Password"><br>
        <a href="signup.php">Sign up</a>
-        <button>Log in</button>
+        <button type="submit">Log in</button>

        <?php if (isset($_SESSION['login_failed']) && $_SESSION['login_failed']) : ?>
            <br><span style="color: red">Incorrect login or password</span>
        <?php $_SESSION['login_failed'] = false;
-        endif;
-        ?>
+        endif; ?>
    </form>

 <?php else : ?>

+    <?php if (hasAdminRights($_SESSION['login'])) : ?>
+        <a href="signup.php">Register user</a>
+    <?php endif; ?>
    <form action="logout.php">
-        <button>Log out</button>
+        <button type="submit">Log out</button>
    </form>

    Secret content

--- a/login.php
+++ b/login.php
@@ -7,6 +7,7 @@ $password = $_POST['password'];

 if (authenticateUser($login, $password)) {
    $_SESSION['logged_in'] = true;
+    $_SESSION['login'] = $login;
 } else {
    $_SESSION['login_failed'] = true;
 }

--- a/logout.php
+++ b/logout.php
@@ -2,6 +2,7 @@
 session_start();

 $_SESSION['logged_in'] = false;
+$_SESSION['login'] = '';

 header("Location: index.php");
 die();
\ No newline at end of file
--- a/signup.php
+++ b/signup.php
 <?php
 require 'auth.php';
+session_start();

 switch ($_SERVER['REQUEST_METHOD']) {
    case 'GET': ?>