lukas.uptmoor/webgis-lohne
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added moderation portal with admin authentification and seperate styling

Browse Source
This commit is contained in:
patrickzerhusen
2026-04-20 16:01:10 +02:00
parent 11a062dd84
commit 7dea362c89
7 changed files with 604 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
public/api/auth.php Normal file
View File

@@ -0,0 +1,41 @@
<?php
// =====================================================================
// Admin Authentication Helper
// Provides simple Password-based Session Authentication for the
// Moderation Page. Uses ADMIN_PASSWORD from .env File.
// ToDo: Replace with full User Authentication in Phase 3-3.
// =====================================================================
// Reads Admin Password from Environment
function get_admin_password() {
return getenv('ADMIN_PASSWORD');
}
// Checks if current Session is authenticated as Admin
function is_admin() {
return isset($_SESSION['is_admin']) && $_SESSION['is_admin'] === true;
}
// Authenticates with Password, returns true on Success
function admin_login($password) {
$correct = get_admin_password();
if ($correct && $password === $correct) {
$_SESSION['is_admin'] = true;
return true;
}
return false;
}
// Logs out Admin Session
function admin_logout() {
$_SESSION['is_admin'] = false;
session_destroy();
}
// Redirects to Login if not authenticated
function require_admin() {
if (!is_admin()) {
header('Location: admin.php?page=login');
exit;
}
}

9
public/api/contributions.php
View File

@@ -67,9 +67,16 @@ function handle_read($input) {
// Builds SQL Query with Placeholders for prepared Statement
$sql = "SELECT *, ST_AsGeoJSON(geom) AS geojson
FROM contributions
WHERE municipality_id = :mid AND status = 'approved'";
WHERE municipality_id = :mid";
$params = [':mid' => $municipality_id];
// Optional: Filters by Status (Default: only approved)
$status = $input['status'] ?? 'approved';
if ($status !== 'all') {
$sql .= " AND status = :status";
$params[':status'] = $status;
}
// Optional: Filters by Category
if (!empty($input['category'])) {
$sql .= " AND category = :cat";