\n
![\"Icon\"](\"https:\/\/www.librarypi.com\/wp-content\/plugins\/download-manager\/assets\/file-type-icons\/zip.svg\")
<\/div>\n Library Pi Stage 3 Image<\/a><\/h3>\n <\/i> 1 file(s) <\/i> 528 MB<\/div>\n <\/div>\n \n Download<\/a>\n <\/div>\n <\/div>\n <\/div>\n<\/div>\n\n<\/div><\/p>\nOr, you can also just download the Zip file with the Stage\u00a03 PHP files here (you still need to create the database, and setup lp_dbconf.php):
\n
\n\n\n \n \n <\/div>\n \n PHP Files for Stage 3<\/a><\/h3>\n <\/i> 1 file(s) <\/i> 313.96 KB<\/div>\n <\/div>\n \n Download<\/a>\n <\/div>\n <\/div>\n <\/div>\n<\/div>\n\n<\/div><\/p>\nSQL script for stage 3
\n
\n\n\n \n \n ![\"Icon\"](\"data:image\/svg+xml;base64,CiAgICAgICAgICAgIDxzdmcgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2aWV3Qm94PSIwIDAgNDAgNDAiPgogICAgICAgICAgICAgICAgPGRlZnM+CiAgICAgICAgICAgICAgICAgICAgPGxpbmVhckdyYWRpZW50IGlkPSJncmFkaWVudCIgeDE9IjAiIHkxPSIwIiB4Mj0iMCIgeTI9IjEiPgogICAgICAgICAgICAgICAgICAgICAgICA8c3RvcCBzdG9wLWNvbG9yPSIjMjY5ZGVmIiBvZmZzZXQ9IjAiLz4KICAgICAgICAgICAgICAgICAgICAgICAgPHN0b3Agc3RvcC1jb2xvcj0iIzI2YmRlZiIgb2Zmc2V0PSIxIi8+CiAgICAgICAgICAgICAgICAgICAgPC9saW5lYXJHcmFkaWVudD4KICAgICAgICAgICAgICAgIDwvZGVmcz4KICAgICAgICAgICAgICAgIDxnPgogICAgICAgICAgICAgICAgICAgIDxyZWN0IGZpbGw9InVybCgjZ3JhZGllbnQpIiB4PSIwIiB5PSIwIiB3aWR0aD0iNDAiIGhlaWdodD0iNDAiIHJ4PSIzIiByeT0iMyIvPgogICAgICAgICAgICAgICAgICAgIDx0ZXh0IHg9IjUiIHk9IjE5IiBmb250LWZhbWlseT0iQXJpYWwsIEhlbHZldGljYSwgc2Fucy1zZXJpZiIgZm9udC1zaXplPSIxM3B4IiBsZXR0ZXItc3BhY2luZz0iMSIgZmlsbD0iI0ZGRkZGRiI+CiAgICAgICAgICAgICAgICAgICAgICAgIDx0c3Bhbj5TUUw8L3RzcGFuPgogICAgICAgICAgICAgICAgICAgICAgICA8dHNwYW4geD0iNiIgeT0iMjgiPl88L3RzcGFuPgogICAgICAgICAgICAgICAgICAgIDwvdGV4dD4KICAgICAgICAgICAgICAgIDwvZz4KICAgICAgICAgICAgPC9zdmc+CgoJCQk=\")
<\/div>\n \n SQL Stage 3<\/a><\/h3>\n <\/i> 1 file(s) <\/i> 1.21 KB<\/div>\n <\/div>\n \n Download<\/a>\n <\/div>\n <\/div>\n <\/div>\n<\/div>\n\n<\/div><\/p>\nDatamodel<\/h3>\n
We’re going to need some new tables in our datamodel: lp_user and lp_book_del.\u00a0 lp_user will contain a simple ID, login\/email, and password for user authentication, and lp_book_del will serve as a ‘recycle bin’ for deleted books so that we can delete them when it’s convenient.<\/p>\n
NOTE: The password is stored un-encrypted, which is a bad practice.\u00a0 I am leaving it this way for simplicity of demonstration.\u00a0 The password should use some salt with an MD5 hash so that if anyone steals or compromises the database their passwords aren’t exposed.\u00a0 I am also not enforcing any sort of minimal requirements for weak password.<\/em><\/p>\ncreate table if not exists lp_user(\r\n\u00a0 id integer\u00a0 NOT NULL AUTO_INCREMENT,\r\n\u00a0 email varchar(254),\r\n\u00a0 password varchar( 32 ),\r\n\u00a0 connection_key varchar( 32 ),\r\n\u00a0 PRIMARY KEY PK_lp_used (id)\r\n);<\/pre>\ncreate table if not exists lp_book_del (\r\n\u00a0 id integer,\r\n\u00a0 ukey varchar(32),\r\n\u00a0 PRIMARY KEY PK_lp_book_del (id)\r\n);<\/pre>\n <\/p>\n
Authentication<\/h3>\n
We are going to add a new lp_user<\/em> table to hold our login information.\u00a0 Since our LP->HTMLPageTop function is called at the top of every site page, we are going to add all the steps for authentication, which include Registration, Login, and Logout.\u00a0 HTMLPageTop will call 2 new functions to support this interaction: UserProcess() and UserHTML().<\/p>\n\n- When there are no users in the lp_user table, the HTMLPageTop method will call UserHTML() to output a Registration form allowing one user to enter a username and password.<\/li>\n
- If there is one user in lp_user, the HTMLPageTop method will call UserHTML() to output a login form.<\/li>\n
- If there is a cookie value that indicates a user has logged in, HTMLPageTop will call UserHTML() to output a Logout button.<\/li>\n<\/ul>\n
So, the UserHTML() method outputs the proper type of form based on the authentication status.\u00a0 Examples:<\/p>\n
![\"auth1\"](\"http:\/\/www.librarypi.com\/wp-content\/uploads\/2016\/03\/auth1.png\")
<\/p>\n
![\"auth3\"](\"http:\/\/www.librarypi.com\/wp-content\/uploads\/2016\/03\/auth3.png\")
<\/p>\n
![\"auth2\"](\"http:\/\/www.librarypi.com\/wp-content\/uploads\/2016\/03\/auth2.png\")
<\/p>\n
The HTMLPageTop method also calls the UserProcess() method.\u00a0 This new method will check the input parameters from the forms, and either register the admin user, or attempt a login.\u00a0 If a login is successful, then a cookie is set that can be checked upon the next page view (to remember the user already logged in).<\/p>\n
With the login process, the LP class will now have a UserID variable.\u00a0 Pages and code can check this variable to determine if the admin is logged in (>zero) or not (=zero).\u00a0 Look at the example of how the new HTMLPageTop makes use of this to only show the Upload menu link to the admin user:<\/p>\n
if( $this->UserID == 0 )\r\n $Upload<\/span> = \"\";\r\nelse\r\n $Upload<\/span> = \" <a href=upload.php>Upload<\/a>\";\r\n\u2026\r\necho \"<!DOCTYPE HTML PUBLIC ...>\\n\".\r\n \"<html lang=\\\"en\\\">\\n\" .\r\n\u00a0 \"<head>\\n\" .\r\n\u2026\r\n\u00a0 \"<div id=lpmenu><a href=index.php>Home<\/a>$Upload<\/span><span style=\\\"float:right;\\\">\" \r\n . $this->UserHTML()<\/span> \r\n . \"<\/span><\/div>\";<\/pre>\nWe can see that the Upload menu link is now only output if a user is logged in.\u00a0 Just to be safe that nobody is trying a malicious hack of the URL, the AddBook<\/em> method also checks for user access:<\/p>\nfunction AddBook( $Title )\r\n{\r\n\u00a0 if( $this->UserID == 0 ) die( \"Access denied\" );<\/span>\r\n\u2026<\/pre>\nUserHTML<\/h3>\n
The UserHTML method in the LP class will output the different HTML forms for Registration, Login, and Logout, and is called from HTMLPageTop.\u00a0 Take a look at the if<\/em> tests that determine the current authentication status, and output the needed HTML in $Ret:<\/p>\nfunction UserHTML()\r\n{\r\n\u00a0\/\/ Output either Register, Login, or Logout\r\n\u00a0$Ret = \"\";\r\n\u00a0if( $this->UserID > 0 ) \/\/ Must have just logged in<\/span>\r\n\u00a0\u00a0$Ret = \"<form method=post><input type=hidden name=act value=logout> <input type=submit value=Logout><\/form>\";\r\n\u00a0if( strlen( $Ret ) == 0 ) \r\n\u00a0{\r\n\u00a0\u00a0$result = mysqli_query( db(), \"select count(*) Cnt from lp_user\");\r\n\u00a0\u00a0if( $result === false )\r\n\u00a0\u00a0\u00a0return ( \"Error: Can't read user data.\u00a0 Did you create the SQL tables in the correct database?<br>\" );\r\n\u00a0\u00a0if ( $row = mysqli_fetch_array( $result ) )\r\n\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0if( $row[\"Cnt\"] == 0 ) \/\/ If there are no users, it's a register<\/span>\r\n\u00a0\u00a0\u00a0\u00a0$Ret = \"<form method=post>$this->UserErr Register: EMail: <input type=text name=email maxlength=254>\"\r\n\u00a0\u00a0\u00a0\u00a0.\" Password: <input type=password name=pass1 >\u00a0 again: <input type=password name=pass2 >\"\r\n\u00a0\u00a0\u00a0\u00a0.\"<input type=hidden name=act value=register>\"\r\n\u00a0\u00a0\u00a0\u00a0.\"<input type=submit value=Register><\/form>\";\r\n\u00a0\u00a0}\r\n\u00a0\u00a0$result->close();\r\n\u00a0}\r\n\u00a0if( strlen( $Ret ) == 0 )\u00a0 \/\/ else, there are users, but nobody logged in, so login:<\/span>\r\n\u00a0\u00a0$Ret = \"<form method=post>$this->UserErr EMail: <input type=text name=email maxlength=254>\"\r\n\u00a0\u00a0\u00a0.\" Password: <input type=password name=pass1 >\"\r\n\u00a0\u00a0\u00a0.\"<input type=hidden name=act value=login>\"\r\n\u00a0\u00a0\u00a0.\"<input type=submit value=Login><\/form>\";\r\n\u00a0return\u00a0 $Ret;\r\n}<\/pre>\nAgain, the HTMLPageTop function that is called on every page will in turn call the above UserHTML to output the correct authentication form.<\/p>\n
UserProcess<\/h3>\n
The UserProcess method will process the user’s data from the registration form, login form, or logout button:<\/p>\n
\n- When a user registers, their name and password are added to the lp_user table.\u00a0 Only one user can register.<\/li>\n
- When a user logs in, their name and password is checked against the lp_user table.\u00a0 If found, a cookie is created and stored in lp_user so that the authentication is remembered.<\/li>\n
- When a user logs out, their cookie is cleared and the lp_user table also has the cookie cleared.<\/li>\n<\/ul>\n
<\/p>\n
\u00a0function UserProcess()\r\n\u00a0{\r\n\u00a0\u00a0$Act = isset( $_POST[\"act\"] ) ? $_POST[\"act\"] : \"\";\r\n\u00a0\u00a0$ConnKey = isset( $_COOKIE[ 'connkey' ] ) ? $_COOKIE[ 'connkey' ] : '';\r\n\u00a0\u00a0if( $Act != \"logout\" && strlen( $ConnKey ) > 0 ) \/\/ Reconnect using cookie?<\/span>\r\n\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0$result = mysqli_query( db(), \"select * from lp_user where connection_key = '$ConnKey'\");\r\n\u00a0\u00a0\u00a0if( $result === false )\r\n\u00a0\u00a0\u00a0\u00a0die( \"Error: Looks like user table is not setup\" );\r\n\u00a0\u00a0\u00a0if ( $row = mysqli_fetch_array( $result ) )\r\n\u00a0\u00a0\u00a0\u00a0$this->UserID = $row[\"id\"];\r\n\u00a0\u00a0\u00a0$result->close();\r\n\u00a0\u00a0}\r\n\u00a0\u00a0if( $this->UserID > 0 )\r\n\u00a0\u00a0\u00a0return;\r\n\u00a0\u00a0$EMail = str_replace( \"'\", \"\", isset( $_POST[\"email\"] ) ? $_POST[\"email\"] : \"\" );\r\n\u00a0\u00a0$Pass1 = str_replace( \"'\", \"\", isset( $_POST[\"pass1\"] ) ? $_POST[\"pass1\"] : \"\" );\r\n\u00a0\u00a0if( $Act == \"register\" ) \/\/ Was the Registration form submitted?<\/span>\r\n\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0$Pass2 = str_replace( \"'\", \"\", isset( $_POST[\"pass2\"] ) ? $_POST[\"pass2\"] : \"\" );\r\n\u00a0\u00a0\u00a0if( strcmp( $Pass1, $Pass2 ) != 0 || strlen( $Pass1 )==0 || strlen( $EMail) == 0 )\r\n\u00a0\u00a0\u00a0\u00a0$this->UserErr = \"<span class=err>Verify email & password<\/span>\";\r\n\u00a0\u00a0\u00a0else{\r\n\u00a0\u00a0\u00a0\u00a0mysqli_query( db(), \"insert ignore into lp_user set id=1, email='$EMail', password='$Pass1'\" ); \/\/ Only 1 user!\r\n\u00a0\u00a0\u00a0\u00a0$Act = \"login\";\r\n\u00a0\u00a0\u00a0}\r\n\u00a0\u00a0} \r\n\u00a0\u00a0if( $Act == \"login\" ) \/\/ Was the Login form submitted?<\/span>\r\n\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0$result = mysqli_query( db(), \"select * from\u00a0 lp_user where email='$EMail' and password='$Pass1'\" );\r\n\u00a0\u00a0\u00a0if ( $row = mysqli_fetch_array( $result ) )\r\n\u00a0\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0\u00a0$this->UserID = $row[\"id\"];\r\n\u00a0\u00a0\u00a0\u00a0$Key = $this->UKey();\r\n\u00a0\u00a0\u00a0\u00a0setcookie( \"connkey\", $Key );\r\n\u00a0\u00a0\u00a0\u00a0mysqli_query( db(), \"update lp_user set connection_key = '$Key' where email='$EMail' and password='$Pass1'\" );\r\n\u00a0\u00a0\u00a0}\r\n\u00a0\u00a0\u00a0else\r\n\u00a0\u00a0\u00a0\u00a0$this->UserErr = \"<span class=err>Invalid login<\/span>\";\r\n\u00a0\u00a0\u00a0$result->close();\u00a0\u00a0\u00a0\r\n\u00a0\u00a0}\r\n\u00a0\u00a0else if( $Act == \"logout\" ) \/\/ Was the logout form\/button submitted?<\/span>\r\n\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0$this->UserID = 0;\r\n\u00a0\u00a0\u00a0setcookie( \"connkey\", null );\r\n\u00a0\u00a0\u00a0mysqli_query( db(), \"update lp_user set connection_key = '' where key='$ConnKey'\" );\r\n\u00a0\u00a0}\r\n\u00a0}<\/pre>\nSecurity<\/h3>\n
Now with authentication, we’re going to make some additional changes:\u00a0 only the admin user can upload books, and will also be able to\u00a0delete books.<\/p>\n
In order to only show the Uploads option to the admin user, we’ve already seen this code that was added to the HTMLPageTop method:<\/p>\n
if( $this->UserID == 0 )\r\n $Upload<\/span> = \"\";\r\nelse\r\n $Upload<\/span> = \" <a href=upload.php>Upload<\/a>\";<\/pre>\nIf the UserID is zero. then nobody is logged in and we won’t present the link to the upload page.\u00a0 If the UserID is > zero, then it’s the admin that’s logged in, and we can display the upload link.<\/p>\n
For deleting books, look at this change to the BookList method:<\/p>\n
while ( $row = mysqli_fetch_array( $result ) )\r\n{\r\n\u00a0\u00a0if( $this->UserID == 0 )<\/span>\r\n\u00a0\u00a0\u00a0\u00a0$Del = \"\";<\/span>\r\n\u00a0\u00a0else<\/span>\r\n\u00a0\u00a0\u00a0\u00a0$Del = \" <a href=# onclick=\\\"if( confirm( 'Are you sure you want to delete this?' ) ) window.location='index.php?act=del&bk=\" . $row[\"ukey\"] . \"';\\\">[DELETE]<a> \";<\/span>\r\n\u00a0\u00a0$Pages = $row[\"Pages\"];\r\n\u00a0\u00a0$ToDo = $row[\"ToDo\"];\r\n\u00a0\u00a0if( $ToDo == 0 )\r\n\u00a0\u00a0\u00a0\u00a0$Det = \"$Pages pages\";\r\n\u00a0\u00a0else\r\n\u00a0\u00a0\u00a0\u00a0$Det = \"$ToDo pages to process\";\r\n\u00a0\u00a0$Ret .= \"$Del<\/span><a href=\\\"reader.php?bk=\" . $row[\"ukey\"] . \"\\\">\".$row[\"title\"] . \" [$Det]<\/a><br \/>\";\r\n}<\/pre>\nIn the above code, if the Admin user is logged in, then the $Del variable is initialized with a link that will lead the user to delete the book.\u00a0 And now look again at the change to HTMLPageTop:<\/p>\n
if( $this->UserID == 0<\/span> )\r\n $Upload = \"\";\r\nelse<\/span>\r\n{\r\n $Upload = \" <a href=upload.php>Upload<\/a>\";\r\n\u00a0\u00a0$Act = isset( $_GET[\"act\"] ) ? $_GET[\"act\"] : \"\";<\/span>\r\n\u00a0\u00a0if( $Act == \"del\" )<\/span>\r\n\u00a0\u00a0{<\/span>\r\n\u00a0\u00a0 $UKey = isset( $_GET[\"bk\"] ) ? $_GET[\"bk\"] : \"\";<\/span>\r\n\u00a0\u00a0\u00a0\u00a0$this->DeleteBook( $UKey );<\/span>\r\n\u00a0\u00a0}<\/span>\r\n}<\/pre>\nSo when the UserID > zero (admin logged in) not only does the page show the ‘Upload’ option, but it also checks for the “del” delete operation and calls a new DeleteBook method.<\/p>\n
DeleteBook<\/h3>\n
Remember how we have a scheduled crontab job, that is calling the proc.php page every minute?\u00a0 Well, if the user wants to delete a book while the proc.php script is in the middle of OCR’ing it, then we can have remnant files and possible errors.\u00a0 So here’s how we’re going to avoid that:<\/p>\n
\n- When a book is deleted, it’s not really deleted.\u00a0 It’s record is moved into another table named lp_book_del.<\/li>\n
- Since the book isn’t in lp_book anymore, the OCR code won’t see it and won’t process anymore pages in it.<\/li>\n
- The proc.php script will now also check for records in lp_book_del to be purged from the system.\u00a0 Since this is the same method that invokes the OCR process, we can make sure that the delete doesn’t occur in the middle of an OCR.<\/li>\n<\/ul>\n
So here is the DeleteBook method in the LP class:<\/p>\n
function DeleteBook( $UKey )\r\n{\r\n\u00a0\u00a0if( $this->UserID == 0 ) die( \"Access denied\" );\r\n\u00a0\u00a0$UKey = str_replace( \"'\", \"\", $UKey );\r\n\u00a0\u00a0$result = mysqli_query( db(), \"select * from lp_book where ukey = '$UKey'\" );\r\n\u00a0\u00a0if ( $row = mysqli_fetch_array( $result ) )\r\n\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0 $BookID = $row[\"id\"];\r\n\u00a0\u00a0\u00a0 mysqli_query( db(), \"insert into lp_book_del select id, ukey from lp_book where id = $BookID<\/span>\" );\r\n\u00a0\u00a0\u00a0 mysqli_query( db(), \"delete from lp_book where id = $BookID<\/span>\" );\r\n\u00a0\u00a0}\r\n\u00a0\u00a0$result->close();\r\n}<\/pre>\nOf course, there is a ‘real’ method to delete the book and related files, and it’s called PurgeBooks:<\/p>\n
function PurgeBooks()\r\n{\r\n\u00a0\u00a0$result = mysqli_query( db(), \"select * from lp_book_del<\/span>\" );\r\n\u00a0\u00a0if ( $row = mysqli_fetch_array( $result ) )\r\n\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0 $UKey = $row[ \"ukey\"];\r\n\u00a0\u00a0\u00a0 $BookID = $row[\"id\"];\r\n\u00a0\u00a0\u00a0 $this->deleteDir( $_SERVER[\"DOCUMENT_ROOT\"].\"\/uploads\/$UKey\/\" );\r\n\u00a0\u00a0\u00a0 mysqli_query( db(), \"delete from lp_page_word<\/span> where page_id in (select id from lp_page where book_id = $BookID)\" );\r\n\u00a0\u00a0\u00a0 mysqli_query( db(), \"delete from lp_page<\/span> where book_id = $BookID\" );\r\n\u00a0\u00a0\u00a0 mysqli_query( db(), \"delete from lp_book_del<\/span> where id = $BookID\" );\r\n\u00a0\u00a0}\r\n}<\/pre>\nAnd finally, we see how proc.php (which is called every minute) is modified to include the above code:<\/p>\n
\u00a0function DoProcess() {\r\n\u00a0\u00a0$lp = new LP();\r\n\u00a0\u00a0$lp->OCRFiles();\r\n\u00a0\u00a0$lp->AddOCRRecords();\r\n\u00a0\u00a0$lp->PurgeBooks();<\/span>\r\n\u00a0} \/\/ end of function DoProcess()<\/pre>\n <\/p>\n
<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
In stage 3 we are going to add some very basic authentication and registration.\u00a0 Basically, the site will support only one user, an administrator.\u00a0 Only that user will be able to add or delete books. Note that you can download…
Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":4,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-25","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/pages\/25","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/comments?post=25"}],"version-history":[{"count":20,"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/pages\/25\/revisions"}],"predecessor-version":[{"id":186,"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/pages\/25\/revisions\/186"}],"wp:attachment":[{"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/media?parent=25"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Or, you can also just download the Zip file with the Stage\u00a03 PHP files here (you still need to create the database, and setup lp_dbconf.php):
\n
<\/div>\n PHP Files for Stage 3<\/a><\/h3>\n <\/i> 1 file(s) <\/i> 313.96 KB<\/div>\n <\/div>\n \n Download<\/a>\n <\/div>\n <\/div>\n <\/div>\n<\/div>\n\n<\/div><\/p>\nSQL script for stage 3
\n
\n\n\n \n \n <\/div>\n \n SQL Stage 3<\/a><\/h3>\n <\/i> 1 file(s) <\/i> 1.21 KB<\/div>\n <\/div>\n \n Download<\/a>\n <\/div>\n <\/div>\n <\/div>\n<\/div>\n\n<\/div><\/p>\nDatamodel<\/h3>\n
We’re going to need some new tables in our datamodel: lp_user and lp_book_del.\u00a0 lp_user will contain a simple ID, login\/email, and password for user authentication, and lp_book_del will serve as a ‘recycle bin’ for deleted books so that we can delete them when it’s convenient.<\/p>\n
NOTE: The password is stored un-encrypted, which is a bad practice.\u00a0 I am leaving it this way for simplicity of demonstration.\u00a0 The password should use some salt with an MD5 hash so that if anyone steals or compromises the database their passwords aren’t exposed.\u00a0 I am also not enforcing any sort of minimal requirements for weak password.<\/em><\/p>\ncreate table if not exists lp_user(\r\n\u00a0 id integer\u00a0 NOT NULL AUTO_INCREMENT,\r\n\u00a0 email varchar(254),\r\n\u00a0 password varchar( 32 ),\r\n\u00a0 connection_key varchar( 32 ),\r\n\u00a0 PRIMARY KEY PK_lp_used (id)\r\n);<\/pre>\ncreate table if not exists lp_book_del (\r\n\u00a0 id integer,\r\n\u00a0 ukey varchar(32),\r\n\u00a0 PRIMARY KEY PK_lp_book_del (id)\r\n);<\/pre>\n <\/p>\n
Authentication<\/h3>\n
We are going to add a new lp_user<\/em> table to hold our login information.\u00a0 Since our LP->HTMLPageTop function is called at the top of every site page, we are going to add all the steps for authentication, which include Registration, Login, and Logout.\u00a0 HTMLPageTop will call 2 new functions to support this interaction: UserProcess() and UserHTML().<\/p>\n\n- When there are no users in the lp_user table, the HTMLPageTop method will call UserHTML() to output a Registration form allowing one user to enter a username and password.<\/li>\n
- If there is one user in lp_user, the HTMLPageTop method will call UserHTML() to output a login form.<\/li>\n
- If there is a cookie value that indicates a user has logged in, HTMLPageTop will call UserHTML() to output a Logout button.<\/li>\n<\/ul>\n
So, the UserHTML() method outputs the proper type of form based on the authentication status.\u00a0 Examples:<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
The HTMLPageTop method also calls the UserProcess() method.\u00a0 This new method will check the input parameters from the forms, and either register the admin user, or attempt a login.\u00a0 If a login is successful, then a cookie is set that can be checked upon the next page view (to remember the user already logged in).<\/p>\n
With the login process, the LP class will now have a UserID variable.\u00a0 Pages and code can check this variable to determine if the admin is logged in (>zero) or not (=zero).\u00a0 Look at the example of how the new HTMLPageTop makes use of this to only show the Upload menu link to the admin user:<\/p>\n
if( $this->UserID == 0 )\r\n $Upload<\/span> = \"\";\r\nelse\r\n $Upload<\/span> = \" <a href=upload.php>Upload<\/a>\";\r\n\u2026\r\necho \"<!DOCTYPE HTML PUBLIC ...>\\n\".\r\n \"<html lang=\\\"en\\\">\\n\" .\r\n\u00a0 \"<head>\\n\" .\r\n\u2026\r\n\u00a0 \"<div id=lpmenu><a href=index.php>Home<\/a>$Upload<\/span><span style=\\\"float:right;\\\">\" \r\n . $this->UserHTML()<\/span> \r\n . \"<\/span><\/div>\";<\/pre>\nWe can see that the Upload menu link is now only output if a user is logged in.\u00a0 Just to be safe that nobody is trying a malicious hack of the URL, the AddBook<\/em> method also checks for user access:<\/p>\nfunction AddBook( $Title )\r\n{\r\n\u00a0 if( $this->UserID == 0 ) die( \"Access denied\" );<\/span>\r\n\u2026<\/pre>\nUserHTML<\/h3>\n
The UserHTML method in the LP class will output the different HTML forms for Registration, Login, and Logout, and is called from HTMLPageTop.\u00a0 Take a look at the if<\/em> tests that determine the current authentication status, and output the needed HTML in $Ret:<\/p>\nfunction UserHTML()\r\n{\r\n\u00a0\/\/ Output either Register, Login, or Logout\r\n\u00a0$Ret = \"\";\r\n\u00a0if( $this->UserID > 0 ) \/\/ Must have just logged in<\/span>\r\n\u00a0\u00a0$Ret = \"<form method=post><input type=hidden name=act value=logout> <input type=submit value=Logout><\/form>\";\r\n\u00a0if( strlen( $Ret ) == 0 ) \r\n\u00a0{\r\n\u00a0\u00a0$result = mysqli_query( db(), \"select count(*) Cnt from lp_user\");\r\n\u00a0\u00a0if( $result === false )\r\n\u00a0\u00a0\u00a0return ( \"Error: Can't read user data.\u00a0 Did you create the SQL tables in the correct database?<br>\" );\r\n\u00a0\u00a0if ( $row = mysqli_fetch_array( $result ) )\r\n\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0if( $row[\"Cnt\"] == 0 ) \/\/ If there are no users, it's a register<\/span>\r\n\u00a0\u00a0\u00a0\u00a0$Ret = \"<form method=post>$this->UserErr Register: EMail: <input type=text name=email maxlength=254>\"\r\n\u00a0\u00a0\u00a0\u00a0.\" Password: <input type=password name=pass1 >\u00a0 again: <input type=password name=pass2 >\"\r\n\u00a0\u00a0\u00a0\u00a0.\"<input type=hidden name=act value=register>\"\r\n\u00a0\u00a0\u00a0\u00a0.\"<input type=submit value=Register><\/form>\";\r\n\u00a0\u00a0}\r\n\u00a0\u00a0$result->close();\r\n\u00a0}\r\n\u00a0if( strlen( $Ret ) == 0 )\u00a0 \/\/ else, there are users, but nobody logged in, so login:<\/span>\r\n\u00a0\u00a0$Ret = \"<form method=post>$this->UserErr EMail: <input type=text name=email maxlength=254>\"\r\n\u00a0\u00a0\u00a0.\" Password: <input type=password name=pass1 >\"\r\n\u00a0\u00a0\u00a0.\"<input type=hidden name=act value=login>\"\r\n\u00a0\u00a0\u00a0.\"<input type=submit value=Login><\/form>\";\r\n\u00a0return\u00a0 $Ret;\r\n}<\/pre>\nAgain, the HTMLPageTop function that is called on every page will in turn call the above UserHTML to output the correct authentication form.<\/p>\n
UserProcess<\/h3>\n
The UserProcess method will process the user’s data from the registration form, login form, or logout button:<\/p>\n
\n- When a user registers, their name and password are added to the lp_user table.\u00a0 Only one user can register.<\/li>\n
- When a user logs in, their name and password is checked against the lp_user table.\u00a0 If found, a cookie is created and stored in lp_user so that the authentication is remembered.<\/li>\n
- When a user logs out, their cookie is cleared and the lp_user table also has the cookie cleared.<\/li>\n<\/ul>\n
<\/p>\n
\u00a0function UserProcess()\r\n\u00a0{\r\n\u00a0\u00a0$Act = isset( $_POST[\"act\"] ) ? $_POST[\"act\"] : \"\";\r\n\u00a0\u00a0$ConnKey = isset( $_COOKIE[ 'connkey' ] ) ? $_COOKIE[ 'connkey' ] : '';\r\n\u00a0\u00a0if( $Act != \"logout\" && strlen( $ConnKey ) > 0 ) \/\/ Reconnect using cookie?<\/span>\r\n\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0$result = mysqli_query( db(), \"select * from lp_user where connection_key = '$ConnKey'\");\r\n\u00a0\u00a0\u00a0if( $result === false )\r\n\u00a0\u00a0\u00a0\u00a0die( \"Error: Looks like user table is not setup\" );\r\n\u00a0\u00a0\u00a0if ( $row = mysqli_fetch_array( $result ) )\r\n\u00a0\u00a0\u00a0\u00a0$this->UserID = $row[\"id\"];\r\n\u00a0\u00a0\u00a0$result->close();\r\n\u00a0\u00a0}\r\n\u00a0\u00a0if( $this->UserID > 0 )\r\n\u00a0\u00a0\u00a0return;\r\n\u00a0\u00a0$EMail = str_replace( \"'\", \"\", isset( $_POST[\"email\"] ) ? $_POST[\"email\"] : \"\" );\r\n\u00a0\u00a0$Pass1 = str_replace( \"'\", \"\", isset( $_POST[\"pass1\"] ) ? $_POST[\"pass1\"] : \"\" );\r\n\u00a0\u00a0if( $Act == \"register\" ) \/\/ Was the Registration form submitted?<\/span>\r\n\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0$Pass2 = str_replace( \"'\", \"\", isset( $_POST[\"pass2\"] ) ? $_POST[\"pass2\"] : \"\" );\r\n\u00a0\u00a0\u00a0if( strcmp( $Pass1, $Pass2 ) != 0 || strlen( $Pass1 )==0 || strlen( $EMail) == 0 )\r\n\u00a0\u00a0\u00a0\u00a0$this->UserErr = \"<span class=err>Verify email & password<\/span>\";\r\n\u00a0\u00a0\u00a0else{\r\n\u00a0\u00a0\u00a0\u00a0mysqli_query( db(), \"insert ignore into lp_user set id=1, email='$EMail', password='$Pass1'\" ); \/\/ Only 1 user!\r\n\u00a0\u00a0\u00a0\u00a0$Act = \"login\";\r\n\u00a0\u00a0\u00a0}\r\n\u00a0\u00a0} \r\n\u00a0\u00a0if( $Act == \"login\" ) \/\/ Was the Login form submitted?<\/span>\r\n\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0$result = mysqli_query( db(), \"select * from\u00a0 lp_user where email='$EMail' and password='$Pass1'\" );\r\n\u00a0\u00a0\u00a0if ( $row = mysqli_fetch_array( $result ) )\r\n\u00a0\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0\u00a0$this->UserID = $row[\"id\"];\r\n\u00a0\u00a0\u00a0\u00a0$Key = $this->UKey();\r\n\u00a0\u00a0\u00a0\u00a0setcookie( \"connkey\", $Key );\r\n\u00a0\u00a0\u00a0\u00a0mysqli_query( db(), \"update lp_user set connection_key = '$Key' where email='$EMail' and password='$Pass1'\" );\r\n\u00a0\u00a0\u00a0}\r\n\u00a0\u00a0\u00a0else\r\n\u00a0\u00a0\u00a0\u00a0$this->UserErr = \"<span class=err>Invalid login<\/span>\";\r\n\u00a0\u00a0\u00a0$result->close();\u00a0\u00a0\u00a0\r\n\u00a0\u00a0}\r\n\u00a0\u00a0else if( $Act == \"logout\" ) \/\/ Was the logout form\/button submitted?<\/span>\r\n\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0$this->UserID = 0;\r\n\u00a0\u00a0\u00a0setcookie( \"connkey\", null );\r\n\u00a0\u00a0\u00a0mysqli_query( db(), \"update lp_user set connection_key = '' where key='$ConnKey'\" );\r\n\u00a0\u00a0}\r\n\u00a0}<\/pre>\nSecurity<\/h3>\n
Now with authentication, we’re going to make some additional changes:\u00a0 only the admin user can upload books, and will also be able to\u00a0delete books.<\/p>\n
In order to only show the Uploads option to the admin user, we’ve already seen this code that was added to the HTMLPageTop method:<\/p>\n
if( $this->UserID == 0 )\r\n $Upload<\/span> = \"\";\r\nelse\r\n $Upload<\/span> = \" <a href=upload.php>Upload<\/a>\";<\/pre>\nIf the UserID is zero. then nobody is logged in and we won’t present the link to the upload page.\u00a0 If the UserID is > zero, then it’s the admin that’s logged in, and we can display the upload link.<\/p>\n
For deleting books, look at this change to the BookList method:<\/p>\n
while ( $row = mysqli_fetch_array( $result ) )\r\n{\r\n\u00a0\u00a0if( $this->UserID == 0 )<\/span>\r\n\u00a0\u00a0\u00a0\u00a0$Del = \"\";<\/span>\r\n\u00a0\u00a0else<\/span>\r\n\u00a0\u00a0\u00a0\u00a0$Del = \" <a href=# onclick=\\\"if( confirm( 'Are you sure you want to delete this?' ) ) window.location='index.php?act=del&bk=\" . $row[\"ukey\"] . \"';\\\">[DELETE]<a> \";<\/span>\r\n\u00a0\u00a0$Pages = $row[\"Pages\"];\r\n\u00a0\u00a0$ToDo = $row[\"ToDo\"];\r\n\u00a0\u00a0if( $ToDo == 0 )\r\n\u00a0\u00a0\u00a0\u00a0$Det = \"$Pages pages\";\r\n\u00a0\u00a0else\r\n\u00a0\u00a0\u00a0\u00a0$Det = \"$ToDo pages to process\";\r\n\u00a0\u00a0$Ret .= \"$Del<\/span><a href=\\\"reader.php?bk=\" . $row[\"ukey\"] . \"\\\">\".$row[\"title\"] . \" [$Det]<\/a><br \/>\";\r\n}<\/pre>\nIn the above code, if the Admin user is logged in, then the $Del variable is initialized with a link that will lead the user to delete the book.\u00a0 And now look again at the change to HTMLPageTop:<\/p>\n
if( $this->UserID == 0<\/span> )\r\n $Upload = \"\";\r\nelse<\/span>\r\n{\r\n $Upload = \" <a href=upload.php>Upload<\/a>\";\r\n\u00a0\u00a0$Act = isset( $_GET[\"act\"] ) ? $_GET[\"act\"] : \"\";<\/span>\r\n\u00a0\u00a0if( $Act == \"del\" )<\/span>\r\n\u00a0\u00a0{<\/span>\r\n\u00a0\u00a0 $UKey = isset( $_GET[\"bk\"] ) ? $_GET[\"bk\"] : \"\";<\/span>\r\n\u00a0\u00a0\u00a0\u00a0$this->DeleteBook( $UKey );<\/span>\r\n\u00a0\u00a0}<\/span>\r\n}<\/pre>\nSo when the UserID > zero (admin logged in) not only does the page show the ‘Upload’ option, but it also checks for the “del” delete operation and calls a new DeleteBook method.<\/p>\n
DeleteBook<\/h3>\n
Remember how we have a scheduled crontab job, that is calling the proc.php page every minute?\u00a0 Well, if the user wants to delete a book while the proc.php script is in the middle of OCR’ing it, then we can have remnant files and possible errors.\u00a0 So here’s how we’re going to avoid that:<\/p>\n
\n- When a book is deleted, it’s not really deleted.\u00a0 It’s record is moved into another table named lp_book_del.<\/li>\n
- Since the book isn’t in lp_book anymore, the OCR code won’t see it and won’t process anymore pages in it.<\/li>\n
- The proc.php script will now also check for records in lp_book_del to be purged from the system.\u00a0 Since this is the same method that invokes the OCR process, we can make sure that the delete doesn’t occur in the middle of an OCR.<\/li>\n<\/ul>\n
So here is the DeleteBook method in the LP class:<\/p>\n
function DeleteBook( $UKey )\r\n{\r\n\u00a0\u00a0if( $this->UserID == 0 ) die( \"Access denied\" );\r\n\u00a0\u00a0$UKey = str_replace( \"'\", \"\", $UKey );\r\n\u00a0\u00a0$result = mysqli_query( db(), \"select * from lp_book where ukey = '$UKey'\" );\r\n\u00a0\u00a0if ( $row = mysqli_fetch_array( $result ) )\r\n\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0 $BookID = $row[\"id\"];\r\n\u00a0\u00a0\u00a0 mysqli_query( db(), \"insert into lp_book_del select id, ukey from lp_book where id = $BookID<\/span>\" );\r\n\u00a0\u00a0\u00a0 mysqli_query( db(), \"delete from lp_book where id = $BookID<\/span>\" );\r\n\u00a0\u00a0}\r\n\u00a0\u00a0$result->close();\r\n}<\/pre>\nOf course, there is a ‘real’ method to delete the book and related files, and it’s called PurgeBooks:<\/p>\n
function PurgeBooks()\r\n{\r\n\u00a0\u00a0$result = mysqli_query( db(), \"select * from lp_book_del<\/span>\" );\r\n\u00a0\u00a0if ( $row = mysqli_fetch_array( $result ) )\r\n\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0 $UKey = $row[ \"ukey\"];\r\n\u00a0\u00a0\u00a0 $BookID = $row[\"id\"];\r\n\u00a0\u00a0\u00a0 $this->deleteDir( $_SERVER[\"DOCUMENT_ROOT\"].\"\/uploads\/$UKey\/\" );\r\n\u00a0\u00a0\u00a0 mysqli_query( db(), \"delete from lp_page_word<\/span> where page_id in (select id from lp_page where book_id = $BookID)\" );\r\n\u00a0\u00a0\u00a0 mysqli_query( db(), \"delete from lp_page<\/span> where book_id = $BookID\" );\r\n\u00a0\u00a0\u00a0 mysqli_query( db(), \"delete from lp_book_del<\/span> where id = $BookID\" );\r\n\u00a0\u00a0}\r\n}<\/pre>\nAnd finally, we see how proc.php (which is called every minute) is modified to include the above code:<\/p>\n
\u00a0function DoProcess() {\r\n\u00a0\u00a0$lp = new LP();\r\n\u00a0\u00a0$lp->OCRFiles();\r\n\u00a0\u00a0$lp->AddOCRRecords();\r\n\u00a0\u00a0$lp->PurgeBooks();<\/span>\r\n\u00a0} \/\/ end of function DoProcess()<\/pre>\n <\/p>\n
<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
In stage 3 we are going to add some very basic authentication and registration.\u00a0 Basically, the site will support only one user, an administrator.\u00a0 Only that user will be able to add or delete books. Note that you can download…
Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":4,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-25","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/pages\/25","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/comments?post=25"}],"version-history":[{"count":20,"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/pages\/25\/revisions"}],"predecessor-version":[{"id":186,"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/pages\/25\/revisions\/186"}],"wp:attachment":[{"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/media?parent=25"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
SQL script for stage 3
\n
SQL Stage 3<\/a><\/h3>\n <\/i> 1 file(s) <\/i> 1.21 KB<\/div>\n <\/div>\n \n Download<\/a>\n <\/div>\n <\/div>\n <\/div>\n<\/div>\n\n<\/div><\/p>\nDatamodel<\/h3>\n
We’re going to need some new tables in our datamodel: lp_user and lp_book_del.\u00a0 lp_user will contain a simple ID, login\/email, and password for user authentication, and lp_book_del will serve as a ‘recycle bin’ for deleted books so that we can delete them when it’s convenient.<\/p>\n
NOTE: The password is stored un-encrypted, which is a bad practice.\u00a0 I am leaving it this way for simplicity of demonstration.\u00a0 The password should use some salt with an MD5 hash so that if anyone steals or compromises the database their passwords aren’t exposed.\u00a0 I am also not enforcing any sort of minimal requirements for weak password.<\/em><\/p>\ncreate table if not exists lp_user(\r\n\u00a0 id integer\u00a0 NOT NULL AUTO_INCREMENT,\r\n\u00a0 email varchar(254),\r\n\u00a0 password varchar( 32 ),\r\n\u00a0 connection_key varchar( 32 ),\r\n\u00a0 PRIMARY KEY PK_lp_used (id)\r\n);<\/pre>\ncreate table if not exists lp_book_del (\r\n\u00a0 id integer,\r\n\u00a0 ukey varchar(32),\r\n\u00a0 PRIMARY KEY PK_lp_book_del (id)\r\n);<\/pre>\n <\/p>\n
Authentication<\/h3>\n
We are going to add a new lp_user<\/em> table to hold our login information.\u00a0 Since our LP->HTMLPageTop function is called at the top of every site page, we are going to add all the steps for authentication, which include Registration, Login, and Logout.\u00a0 HTMLPageTop will call 2 new functions to support this interaction: UserProcess() and UserHTML().<\/p>\n\n- When there are no users in the lp_user table, the HTMLPageTop method will call UserHTML() to output a Registration form allowing one user to enter a username and password.<\/li>\n
- If there is one user in lp_user, the HTMLPageTop method will call UserHTML() to output a login form.<\/li>\n
- If there is a cookie value that indicates a user has logged in, HTMLPageTop will call UserHTML() to output a Logout button.<\/li>\n<\/ul>\n
So, the UserHTML() method outputs the proper type of form based on the authentication status.\u00a0 Examples:<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
The HTMLPageTop method also calls the UserProcess() method.\u00a0 This new method will check the input parameters from the forms, and either register the admin user, or attempt a login.\u00a0 If a login is successful, then a cookie is set that can be checked upon the next page view (to remember the user already logged in).<\/p>\n
With the login process, the LP class will now have a UserID variable.\u00a0 Pages and code can check this variable to determine if the admin is logged in (>zero) or not (=zero).\u00a0 Look at the example of how the new HTMLPageTop makes use of this to only show the Upload menu link to the admin user:<\/p>\n
if( $this->UserID == 0 )\r\n $Upload<\/span> = \"\";\r\nelse\r\n $Upload<\/span> = \" <a href=upload.php>Upload<\/a>\";\r\n\u2026\r\necho \"<!DOCTYPE HTML PUBLIC ...>\\n\".\r\n \"<html lang=\\\"en\\\">\\n\" .\r\n\u00a0 \"<head>\\n\" .\r\n\u2026\r\n\u00a0 \"<div id=lpmenu><a href=index.php>Home<\/a>$Upload<\/span><span style=\\\"float:right;\\\">\" \r\n . $this->UserHTML()<\/span> \r\n . \"<\/span><\/div>\";<\/pre>\nWe can see that the Upload menu link is now only output if a user is logged in.\u00a0 Just to be safe that nobody is trying a malicious hack of the URL, the AddBook<\/em> method also checks for user access:<\/p>\nfunction AddBook( $Title )\r\n{\r\n\u00a0 if( $this->UserID == 0 ) die( \"Access denied\" );<\/span>\r\n\u2026<\/pre>\nUserHTML<\/h3>\n
The UserHTML method in the LP class will output the different HTML forms for Registration, Login, and Logout, and is called from HTMLPageTop.\u00a0 Take a look at the if<\/em> tests that determine the current authentication status, and output the needed HTML in $Ret:<\/p>\nfunction UserHTML()\r\n{\r\n\u00a0\/\/ Output either Register, Login, or Logout\r\n\u00a0$Ret = \"\";\r\n\u00a0if( $this->UserID > 0 ) \/\/ Must have just logged in<\/span>\r\n\u00a0\u00a0$Ret = \"<form method=post><input type=hidden name=act value=logout> <input type=submit value=Logout><\/form>\";\r\n\u00a0if( strlen( $Ret ) == 0 ) \r\n\u00a0{\r\n\u00a0\u00a0$result = mysqli_query( db(), \"select count(*) Cnt from lp_user\");\r\n\u00a0\u00a0if( $result === false )\r\n\u00a0\u00a0\u00a0return ( \"Error: Can't read user data.\u00a0 Did you create the SQL tables in the correct database?<br>\" );\r\n\u00a0\u00a0if ( $row = mysqli_fetch_array( $result ) )\r\n\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0if( $row[\"Cnt\"] == 0 ) \/\/ If there are no users, it's a register<\/span>\r\n\u00a0\u00a0\u00a0\u00a0$Ret = \"<form method=post>$this->UserErr Register: EMail: <input type=text name=email maxlength=254>\"\r\n\u00a0\u00a0\u00a0\u00a0.\" Password: <input type=password name=pass1 >\u00a0 again: <input type=password name=pass2 >\"\r\n\u00a0\u00a0\u00a0\u00a0.\"<input type=hidden name=act value=register>\"\r\n\u00a0\u00a0\u00a0\u00a0.\"<input type=submit value=Register><\/form>\";\r\n\u00a0\u00a0}\r\n\u00a0\u00a0$result->close();\r\n\u00a0}\r\n\u00a0if( strlen( $Ret ) == 0 )\u00a0 \/\/ else, there are users, but nobody logged in, so login:<\/span>\r\n\u00a0\u00a0$Ret = \"<form method=post>$this->UserErr EMail: <input type=text name=email maxlength=254>\"\r\n\u00a0\u00a0\u00a0.\" Password: <input type=password name=pass1 >\"\r\n\u00a0\u00a0\u00a0.\"<input type=hidden name=act value=login>\"\r\n\u00a0\u00a0\u00a0.\"<input type=submit value=Login><\/form>\";\r\n\u00a0return\u00a0 $Ret;\r\n}<\/pre>\nAgain, the HTMLPageTop function that is called on every page will in turn call the above UserHTML to output the correct authentication form.<\/p>\n
UserProcess<\/h3>\n
The UserProcess method will process the user’s data from the registration form, login form, or logout button:<\/p>\n
\n- When a user registers, their name and password are added to the lp_user table.\u00a0 Only one user can register.<\/li>\n
- When a user logs in, their name and password is checked against the lp_user table.\u00a0 If found, a cookie is created and stored in lp_user so that the authentication is remembered.<\/li>\n
- When a user logs out, their cookie is cleared and the lp_user table also has the cookie cleared.<\/li>\n<\/ul>\n
<\/p>\n
\u00a0function UserProcess()\r\n\u00a0{\r\n\u00a0\u00a0$Act = isset( $_POST[\"act\"] ) ? $_POST[\"act\"] : \"\";\r\n\u00a0\u00a0$ConnKey = isset( $_COOKIE[ 'connkey' ] ) ? $_COOKIE[ 'connkey' ] : '';\r\n\u00a0\u00a0if( $Act != \"logout\" && strlen( $ConnKey ) > 0 ) \/\/ Reconnect using cookie?<\/span>\r\n\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0$result = mysqli_query( db(), \"select * from lp_user where connection_key = '$ConnKey'\");\r\n\u00a0\u00a0\u00a0if( $result === false )\r\n\u00a0\u00a0\u00a0\u00a0die( \"Error: Looks like user table is not setup\" );\r\n\u00a0\u00a0\u00a0if ( $row = mysqli_fetch_array( $result ) )\r\n\u00a0\u00a0\u00a0\u00a0$this->UserID = $row[\"id\"];\r\n\u00a0\u00a0\u00a0$result->close();\r\n\u00a0\u00a0}\r\n\u00a0\u00a0if( $this->UserID > 0 )\r\n\u00a0\u00a0\u00a0return;\r\n\u00a0\u00a0$EMail = str_replace( \"'\", \"\", isset( $_POST[\"email\"] ) ? $_POST[\"email\"] : \"\" );\r\n\u00a0\u00a0$Pass1 = str_replace( \"'\", \"\", isset( $_POST[\"pass1\"] ) ? $_POST[\"pass1\"] : \"\" );\r\n\u00a0\u00a0if( $Act == \"register\" ) \/\/ Was the Registration form submitted?<\/span>\r\n\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0$Pass2 = str_replace( \"'\", \"\", isset( $_POST[\"pass2\"] ) ? $_POST[\"pass2\"] : \"\" );\r\n\u00a0\u00a0\u00a0if( strcmp( $Pass1, $Pass2 ) != 0 || strlen( $Pass1 )==0 || strlen( $EMail) == 0 )\r\n\u00a0\u00a0\u00a0\u00a0$this->UserErr = \"<span class=err>Verify email & password<\/span>\";\r\n\u00a0\u00a0\u00a0else{\r\n\u00a0\u00a0\u00a0\u00a0mysqli_query( db(), \"insert ignore into lp_user set id=1, email='$EMail', password='$Pass1'\" ); \/\/ Only 1 user!\r\n\u00a0\u00a0\u00a0\u00a0$Act = \"login\";\r\n\u00a0\u00a0\u00a0}\r\n\u00a0\u00a0} \r\n\u00a0\u00a0if( $Act == \"login\" ) \/\/ Was the Login form submitted?<\/span>\r\n\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0$result = mysqli_query( db(), \"select * from\u00a0 lp_user where email='$EMail' and password='$Pass1'\" );\r\n\u00a0\u00a0\u00a0if ( $row = mysqli_fetch_array( $result ) )\r\n\u00a0\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0\u00a0$this->UserID = $row[\"id\"];\r\n\u00a0\u00a0\u00a0\u00a0$Key = $this->UKey();\r\n\u00a0\u00a0\u00a0\u00a0setcookie( \"connkey\", $Key );\r\n\u00a0\u00a0\u00a0\u00a0mysqli_query( db(), \"update lp_user set connection_key = '$Key' where email='$EMail' and password='$Pass1'\" );\r\n\u00a0\u00a0\u00a0}\r\n\u00a0\u00a0\u00a0else\r\n\u00a0\u00a0\u00a0\u00a0$this->UserErr = \"<span class=err>Invalid login<\/span>\";\r\n\u00a0\u00a0\u00a0$result->close();\u00a0\u00a0\u00a0\r\n\u00a0\u00a0}\r\n\u00a0\u00a0else if( $Act == \"logout\" ) \/\/ Was the logout form\/button submitted?<\/span>\r\n\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0$this->UserID = 0;\r\n\u00a0\u00a0\u00a0setcookie( \"connkey\", null );\r\n\u00a0\u00a0\u00a0mysqli_query( db(), \"update lp_user set connection_key = '' where key='$ConnKey'\" );\r\n\u00a0\u00a0}\r\n\u00a0}<\/pre>\nSecurity<\/h3>\n
Now with authentication, we’re going to make some additional changes:\u00a0 only the admin user can upload books, and will also be able to\u00a0delete books.<\/p>\n
In order to only show the Uploads option to the admin user, we’ve already seen this code that was added to the HTMLPageTop method:<\/p>\n
if( $this->UserID == 0 )\r\n $Upload<\/span> = \"\";\r\nelse\r\n $Upload<\/span> = \" <a href=upload.php>Upload<\/a>\";<\/pre>\nIf the UserID is zero. then nobody is logged in and we won’t present the link to the upload page.\u00a0 If the UserID is > zero, then it’s the admin that’s logged in, and we can display the upload link.<\/p>\n
For deleting books, look at this change to the BookList method:<\/p>\n
while ( $row = mysqli_fetch_array( $result ) )\r\n{\r\n\u00a0\u00a0if( $this->UserID == 0 )<\/span>\r\n\u00a0\u00a0\u00a0\u00a0$Del = \"\";<\/span>\r\n\u00a0\u00a0else<\/span>\r\n\u00a0\u00a0\u00a0\u00a0$Del = \" <a href=# onclick=\\\"if( confirm( 'Are you sure you want to delete this?' ) ) window.location='index.php?act=del&bk=\" . $row[\"ukey\"] . \"';\\\">[DELETE]<a> \";<\/span>\r\n\u00a0\u00a0$Pages = $row[\"Pages\"];\r\n\u00a0\u00a0$ToDo = $row[\"ToDo\"];\r\n\u00a0\u00a0if( $ToDo == 0 )\r\n\u00a0\u00a0\u00a0\u00a0$Det = \"$Pages pages\";\r\n\u00a0\u00a0else\r\n\u00a0\u00a0\u00a0\u00a0$Det = \"$ToDo pages to process\";\r\n\u00a0\u00a0$Ret .= \"$Del<\/span><a href=\\\"reader.php?bk=\" . $row[\"ukey\"] . \"\\\">\".$row[\"title\"] . \" [$Det]<\/a><br \/>\";\r\n}<\/pre>\nIn the above code, if the Admin user is logged in, then the $Del variable is initialized with a link that will lead the user to delete the book.\u00a0 And now look again at the change to HTMLPageTop:<\/p>\n
if( $this->UserID == 0<\/span> )\r\n $Upload = \"\";\r\nelse<\/span>\r\n{\r\n $Upload = \" <a href=upload.php>Upload<\/a>\";\r\n\u00a0\u00a0$Act = isset( $_GET[\"act\"] ) ? $_GET[\"act\"] : \"\";<\/span>\r\n\u00a0\u00a0if( $Act == \"del\" )<\/span>\r\n\u00a0\u00a0{<\/span>\r\n\u00a0\u00a0 $UKey = isset( $_GET[\"bk\"] ) ? $_GET[\"bk\"] : \"\";<\/span>\r\n\u00a0\u00a0\u00a0\u00a0$this->DeleteBook( $UKey );<\/span>\r\n\u00a0\u00a0}<\/span>\r\n}<\/pre>\nSo when the UserID > zero (admin logged in) not only does the page show the ‘Upload’ option, but it also checks for the “del” delete operation and calls a new DeleteBook method.<\/p>\n
DeleteBook<\/h3>\n
Remember how we have a scheduled crontab job, that is calling the proc.php page every minute?\u00a0 Well, if the user wants to delete a book while the proc.php script is in the middle of OCR’ing it, then we can have remnant files and possible errors.\u00a0 So here’s how we’re going to avoid that:<\/p>\n
\n- When a book is deleted, it’s not really deleted.\u00a0 It’s record is moved into another table named lp_book_del.<\/li>\n
- Since the book isn’t in lp_book anymore, the OCR code won’t see it and won’t process anymore pages in it.<\/li>\n
- The proc.php script will now also check for records in lp_book_del to be purged from the system.\u00a0 Since this is the same method that invokes the OCR process, we can make sure that the delete doesn’t occur in the middle of an OCR.<\/li>\n<\/ul>\n
So here is the DeleteBook method in the LP class:<\/p>\n
function DeleteBook( $UKey )\r\n{\r\n\u00a0\u00a0if( $this->UserID == 0 ) die( \"Access denied\" );\r\n\u00a0\u00a0$UKey = str_replace( \"'\", \"\", $UKey );\r\n\u00a0\u00a0$result = mysqli_query( db(), \"select * from lp_book where ukey = '$UKey'\" );\r\n\u00a0\u00a0if ( $row = mysqli_fetch_array( $result ) )\r\n\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0 $BookID = $row[\"id\"];\r\n\u00a0\u00a0\u00a0 mysqli_query( db(), \"insert into lp_book_del select id, ukey from lp_book where id = $BookID<\/span>\" );\r\n\u00a0\u00a0\u00a0 mysqli_query( db(), \"delete from lp_book where id = $BookID<\/span>\" );\r\n\u00a0\u00a0}\r\n\u00a0\u00a0$result->close();\r\n}<\/pre>\nOf course, there is a ‘real’ method to delete the book and related files, and it’s called PurgeBooks:<\/p>\n
function PurgeBooks()\r\n{\r\n\u00a0\u00a0$result = mysqli_query( db(), \"select * from lp_book_del<\/span>\" );\r\n\u00a0\u00a0if ( $row = mysqli_fetch_array( $result ) )\r\n\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0 $UKey = $row[ \"ukey\"];\r\n\u00a0\u00a0\u00a0 $BookID = $row[\"id\"];\r\n\u00a0\u00a0\u00a0 $this->deleteDir( $_SERVER[\"DOCUMENT_ROOT\"].\"\/uploads\/$UKey\/\" );\r\n\u00a0\u00a0\u00a0 mysqli_query( db(), \"delete from lp_page_word<\/span> where page_id in (select id from lp_page where book_id = $BookID)\" );\r\n\u00a0\u00a0\u00a0 mysqli_query( db(), \"delete from lp_page<\/span> where book_id = $BookID\" );\r\n\u00a0\u00a0\u00a0 mysqli_query( db(), \"delete from lp_book_del<\/span> where id = $BookID\" );\r\n\u00a0\u00a0}\r\n}<\/pre>\nAnd finally, we see how proc.php (which is called every minute) is modified to include the above code:<\/p>\n
\u00a0function DoProcess() {\r\n\u00a0\u00a0$lp = new LP();\r\n\u00a0\u00a0$lp->OCRFiles();\r\n\u00a0\u00a0$lp->AddOCRRecords();\r\n\u00a0\u00a0$lp->PurgeBooks();<\/span>\r\n\u00a0} \/\/ end of function DoProcess()<\/pre>\n <\/p>\n
<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
In stage 3 we are going to add some very basic authentication and registration.\u00a0 Basically, the site will support only one user, an administrator.\u00a0 Only that user will be able to add or delete books. Note that you can download…
Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":4,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-25","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/pages\/25","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/comments?post=25"}],"version-history":[{"count":20,"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/pages\/25\/revisions"}],"predecessor-version":[{"id":186,"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/pages\/25\/revisions\/186"}],"wp:attachment":[{"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/media?parent=25"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Datamodel<\/h3>\n
We’re going to need some new tables in our datamodel: lp_user and lp_book_del.\u00a0 lp_user will contain a simple ID, login\/email, and password for user authentication, and lp_book_del will serve as a ‘recycle bin’ for deleted books so that we can delete them when it’s convenient.<\/p>\n
NOTE: The password is stored un-encrypted, which is a bad practice.\u00a0 I am leaving it this way for simplicity of demonstration.\u00a0 The password should use some salt with an MD5 hash so that if anyone steals or compromises the database their passwords aren’t exposed.\u00a0 I am also not enforcing any sort of minimal requirements for weak password.<\/em><\/p>\n <\/p>\n We are going to add a new lp_user<\/em> table to hold our login information.\u00a0 Since our LP->HTMLPageTop function is called at the top of every site page, we are going to add all the steps for authentication, which include Registration, Login, and Logout.\u00a0 HTMLPageTop will call 2 new functions to support this interaction: UserProcess() and UserHTML().<\/p>\n So, the UserHTML() method outputs the proper type of form based on the authentication status.\u00a0 Examples:<\/p>\n The HTMLPageTop method also calls the UserProcess() method.\u00a0 This new method will check the input parameters from the forms, and either register the admin user, or attempt a login.\u00a0 If a login is successful, then a cookie is set that can be checked upon the next page view (to remember the user already logged in).<\/p>\n With the login process, the LP class will now have a UserID variable.\u00a0 Pages and code can check this variable to determine if the admin is logged in (>zero) or not (=zero).\u00a0 Look at the example of how the new HTMLPageTop makes use of this to only show the Upload menu link to the admin user:<\/p>\n We can see that the Upload menu link is now only output if a user is logged in.\u00a0 Just to be safe that nobody is trying a malicious hack of the URL, the AddBook<\/em> method also checks for user access:<\/p>\n The UserHTML method in the LP class will output the different HTML forms for Registration, Login, and Logout, and is called from HTMLPageTop.\u00a0 Take a look at the if<\/em> tests that determine the current authentication status, and output the needed HTML in $Ret:<\/p>\n Again, the HTMLPageTop function that is called on every page will in turn call the above UserHTML to output the correct authentication form.<\/p>\n The UserProcess method will process the user’s data from the registration form, login form, or logout button:<\/p>\n <\/p>\n Now with authentication, we’re going to make some additional changes:\u00a0 only the admin user can upload books, and will also be able to\u00a0delete books.<\/p>\n In order to only show the Uploads option to the admin user, we’ve already seen this code that was added to the HTMLPageTop method:<\/p>\n If the UserID is zero. then nobody is logged in and we won’t present the link to the upload page.\u00a0 If the UserID is > zero, then it’s the admin that’s logged in, and we can display the upload link.<\/p>\n For deleting books, look at this change to the BookList method:<\/p>\n In the above code, if the Admin user is logged in, then the $Del variable is initialized with a link that will lead the user to delete the book.\u00a0 And now look again at the change to HTMLPageTop:<\/p>\n So when the UserID > zero (admin logged in) not only does the page show the ‘Upload’ option, but it also checks for the “del” delete operation and calls a new DeleteBook method.<\/p>\n Remember how we have a scheduled crontab job, that is calling the proc.php page every minute?\u00a0 Well, if the user wants to delete a book while the proc.php script is in the middle of OCR’ing it, then we can have remnant files and possible errors.\u00a0 So here’s how we’re going to avoid that:<\/p>\n So here is the DeleteBook method in the LP class:<\/p>\n Of course, there is a ‘real’ method to delete the book and related files, and it’s called PurgeBooks:<\/p>\n And finally, we see how proc.php (which is called every minute) is modified to include the above code:<\/p>\n <\/p>\n <\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" In stage 3 we are going to add some very basic authentication and registration.\u00a0 Basically, the site will support only one user, an administrator.\u00a0 Only that user will be able to add or delete books. Note that you can download…create table if not exists lp_user(\r\n\u00a0 id integer\u00a0 NOT NULL AUTO_INCREMENT,\r\n\u00a0 email varchar(254),\r\n\u00a0 password varchar( 32 ),\r\n\u00a0 connection_key varchar( 32 ),\r\n\u00a0 PRIMARY KEY PK_lp_used (id)\r\n);<\/pre>\n
create table if not exists lp_book_del (\r\n\u00a0 id integer,\r\n\u00a0 ukey varchar(32),\r\n\u00a0 PRIMARY KEY PK_lp_book_del (id)\r\n);<\/pre>\n
Authentication<\/h3>\n
\n
<\/p>\n<\/p>\n<\/p>\nif( $this->UserID == 0 )\r\n $Upload<\/span> = \"\";\r\nelse\r\n $Upload<\/span> = \" <a href=upload.php>Upload<\/a>\";\r\n\u2026\r\necho \"<!DOCTYPE HTML PUBLIC ...>\\n\".\r\n \"<html lang=\\\"en\\\">\\n\" .\r\n\u00a0 \"<head>\\n\" .\r\n\u2026\r\n\u00a0 \"<div id=lpmenu><a href=index.php>Home<\/a>$Upload<\/span><span style=\\\"float:right;\\\">\" \r\n . $this->UserHTML()<\/span> \r\n . \"<\/span><\/div>\";<\/pre>\nfunction AddBook( $Title )\r\n{\r\n\u00a0 if( $this->UserID == 0 ) die( \"Access denied\" );<\/span>\r\n\u2026<\/pre>\nUserHTML<\/h3>\n
function UserHTML()\r\n{\r\n\u00a0\/\/ Output either Register, Login, or Logout\r\n\u00a0$Ret = \"\";\r\n\u00a0if( $this->UserID > 0 ) \/\/ Must have just logged in<\/span>\r\n\u00a0\u00a0$Ret = \"<form method=post><input type=hidden name=act value=logout> <input type=submit value=Logout><\/form>\";\r\n\u00a0if( strlen( $Ret ) == 0 ) \r\n\u00a0{\r\n\u00a0\u00a0$result = mysqli_query( db(), \"select count(*) Cnt from lp_user\");\r\n\u00a0\u00a0if( $result === false )\r\n\u00a0\u00a0\u00a0return ( \"Error: Can't read user data.\u00a0 Did you create the SQL tables in the correct database?<br>\" );\r\n\u00a0\u00a0if ( $row = mysqli_fetch_array( $result ) )\r\n\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0if( $row[\"Cnt\"] == 0 ) \/\/ If there are no users, it's a register<\/span>\r\n\u00a0\u00a0\u00a0\u00a0$Ret = \"<form method=post>$this->UserErr Register: EMail: <input type=text name=email maxlength=254>\"\r\n\u00a0\u00a0\u00a0\u00a0.\" Password: <input type=password name=pass1 >\u00a0 again: <input type=password name=pass2 >\"\r\n\u00a0\u00a0\u00a0\u00a0.\"<input type=hidden name=act value=register>\"\r\n\u00a0\u00a0\u00a0\u00a0.\"<input type=submit value=Register><\/form>\";\r\n\u00a0\u00a0}\r\n\u00a0\u00a0$result->close();\r\n\u00a0}\r\n\u00a0if( strlen( $Ret ) == 0 )\u00a0 \/\/ else, there are users, but nobody logged in, so login:<\/span>\r\n\u00a0\u00a0$Ret = \"<form method=post>$this->UserErr EMail: <input type=text name=email maxlength=254>\"\r\n\u00a0\u00a0\u00a0.\" Password: <input type=password name=pass1 >\"\r\n\u00a0\u00a0\u00a0.\"<input type=hidden name=act value=login>\"\r\n\u00a0\u00a0\u00a0.\"<input type=submit value=Login><\/form>\";\r\n\u00a0return\u00a0 $Ret;\r\n}<\/pre>\nUserProcess<\/h3>\n
\n
\u00a0function UserProcess()\r\n\u00a0{\r\n\u00a0\u00a0$Act = isset( $_POST[\"act\"] ) ? $_POST[\"act\"] : \"\";\r\n\u00a0\u00a0$ConnKey = isset( $_COOKIE[ 'connkey' ] ) ? $_COOKIE[ 'connkey' ] : '';\r\n\u00a0\u00a0if( $Act != \"logout\" && strlen( $ConnKey ) > 0 ) \/\/ Reconnect using cookie?<\/span>\r\n\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0$result = mysqli_query( db(), \"select * from lp_user where connection_key = '$ConnKey'\");\r\n\u00a0\u00a0\u00a0if( $result === false )\r\n\u00a0\u00a0\u00a0\u00a0die( \"Error: Looks like user table is not setup\" );\r\n\u00a0\u00a0\u00a0if ( $row = mysqli_fetch_array( $result ) )\r\n\u00a0\u00a0\u00a0\u00a0$this->UserID = $row[\"id\"];\r\n\u00a0\u00a0\u00a0$result->close();\r\n\u00a0\u00a0}\r\n\u00a0\u00a0if( $this->UserID > 0 )\r\n\u00a0\u00a0\u00a0return;\r\n\u00a0\u00a0$EMail = str_replace( \"'\", \"\", isset( $_POST[\"email\"] ) ? $_POST[\"email\"] : \"\" );\r\n\u00a0\u00a0$Pass1 = str_replace( \"'\", \"\", isset( $_POST[\"pass1\"] ) ? $_POST[\"pass1\"] : \"\" );\r\n\u00a0\u00a0if( $Act == \"register\" ) \/\/ Was the Registration form submitted?<\/span>\r\n\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0$Pass2 = str_replace( \"'\", \"\", isset( $_POST[\"pass2\"] ) ? $_POST[\"pass2\"] : \"\" );\r\n\u00a0\u00a0\u00a0if( strcmp( $Pass1, $Pass2 ) != 0 || strlen( $Pass1 )==0 || strlen( $EMail) == 0 )\r\n\u00a0\u00a0\u00a0\u00a0$this->UserErr = \"<span class=err>Verify email & password<\/span>\";\r\n\u00a0\u00a0\u00a0else{\r\n\u00a0\u00a0\u00a0\u00a0mysqli_query( db(), \"insert ignore into lp_user set id=1, email='$EMail', password='$Pass1'\" ); \/\/ Only 1 user!\r\n\u00a0\u00a0\u00a0\u00a0$Act = \"login\";\r\n\u00a0\u00a0\u00a0}\r\n\u00a0\u00a0} \r\n\u00a0\u00a0if( $Act == \"login\" ) \/\/ Was the Login form submitted?<\/span>\r\n\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0$result = mysqli_query( db(), \"select * from\u00a0 lp_user where email='$EMail' and password='$Pass1'\" );\r\n\u00a0\u00a0\u00a0if ( $row = mysqli_fetch_array( $result ) )\r\n\u00a0\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0\u00a0$this->UserID = $row[\"id\"];\r\n\u00a0\u00a0\u00a0\u00a0$Key = $this->UKey();\r\n\u00a0\u00a0\u00a0\u00a0setcookie( \"connkey\", $Key );\r\n\u00a0\u00a0\u00a0\u00a0mysqli_query( db(), \"update lp_user set connection_key = '$Key' where email='$EMail' and password='$Pass1'\" );\r\n\u00a0\u00a0\u00a0}\r\n\u00a0\u00a0\u00a0else\r\n\u00a0\u00a0\u00a0\u00a0$this->UserErr = \"<span class=err>Invalid login<\/span>\";\r\n\u00a0\u00a0\u00a0$result->close();\u00a0\u00a0\u00a0\r\n\u00a0\u00a0}\r\n\u00a0\u00a0else if( $Act == \"logout\" ) \/\/ Was the logout form\/button submitted?<\/span>\r\n\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0$this->UserID = 0;\r\n\u00a0\u00a0\u00a0setcookie( \"connkey\", null );\r\n\u00a0\u00a0\u00a0mysqli_query( db(), \"update lp_user set connection_key = '' where key='$ConnKey'\" );\r\n\u00a0\u00a0}\r\n\u00a0}<\/pre>\nSecurity<\/h3>\n
if( $this->UserID == 0 )\r\n $Upload<\/span> = \"\";\r\nelse\r\n $Upload<\/span> = \" <a href=upload.php>Upload<\/a>\";<\/pre>\nwhile ( $row = mysqli_fetch_array( $result ) )\r\n{\r\n\u00a0\u00a0if( $this->UserID == 0 )<\/span>\r\n\u00a0\u00a0\u00a0\u00a0$Del = \"\";<\/span>\r\n\u00a0\u00a0else<\/span>\r\n\u00a0\u00a0\u00a0\u00a0$Del = \" <a href=# onclick=\\\"if( confirm( 'Are you sure you want to delete this?' ) ) window.location='index.php?act=del&bk=\" . $row[\"ukey\"] . \"';\\\">[DELETE]<a> \";<\/span>\r\n\u00a0\u00a0$Pages = $row[\"Pages\"];\r\n\u00a0\u00a0$ToDo = $row[\"ToDo\"];\r\n\u00a0\u00a0if( $ToDo == 0 )\r\n\u00a0\u00a0\u00a0\u00a0$Det = \"$Pages pages\";\r\n\u00a0\u00a0else\r\n\u00a0\u00a0\u00a0\u00a0$Det = \"$ToDo pages to process\";\r\n\u00a0\u00a0$Ret .= \"$Del<\/span><a href=\\\"reader.php?bk=\" . $row[\"ukey\"] . \"\\\">\".$row[\"title\"] . \" [$Det]<\/a><br \/>\";\r\n}<\/pre>\nif( $this->UserID == 0<\/span> )\r\n $Upload = \"\";\r\nelse<\/span>\r\n{\r\n $Upload = \" <a href=upload.php>Upload<\/a>\";\r\n\u00a0\u00a0$Act = isset( $_GET[\"act\"] ) ? $_GET[\"act\"] : \"\";<\/span>\r\n\u00a0\u00a0if( $Act == \"del\" )<\/span>\r\n\u00a0\u00a0{<\/span>\r\n\u00a0\u00a0 $UKey = isset( $_GET[\"bk\"] ) ? $_GET[\"bk\"] : \"\";<\/span>\r\n\u00a0\u00a0\u00a0\u00a0$this->DeleteBook( $UKey );<\/span>\r\n\u00a0\u00a0}<\/span>\r\n}<\/pre>\nDeleteBook<\/h3>\n
\n
function DeleteBook( $UKey )\r\n{\r\n\u00a0\u00a0if( $this->UserID == 0 ) die( \"Access denied\" );\r\n\u00a0\u00a0$UKey = str_replace( \"'\", \"\", $UKey );\r\n\u00a0\u00a0$result = mysqli_query( db(), \"select * from lp_book where ukey = '$UKey'\" );\r\n\u00a0\u00a0if ( $row = mysqli_fetch_array( $result ) )\r\n\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0 $BookID = $row[\"id\"];\r\n\u00a0\u00a0\u00a0 mysqli_query( db(), \"insert into lp_book_del select id, ukey from lp_book where id = $BookID<\/span>\" );\r\n\u00a0\u00a0\u00a0 mysqli_query( db(), \"delete from lp_book where id = $BookID<\/span>\" );\r\n\u00a0\u00a0}\r\n\u00a0\u00a0$result->close();\r\n}<\/pre>\nfunction PurgeBooks()\r\n{\r\n\u00a0\u00a0$result = mysqli_query( db(), \"select * from lp_book_del<\/span>\" );\r\n\u00a0\u00a0if ( $row = mysqli_fetch_array( $result ) )\r\n\u00a0\u00a0{\r\n\u00a0\u00a0\u00a0 $UKey = $row[ \"ukey\"];\r\n\u00a0\u00a0\u00a0 $BookID = $row[\"id\"];\r\n\u00a0\u00a0\u00a0 $this->deleteDir( $_SERVER[\"DOCUMENT_ROOT\"].\"\/uploads\/$UKey\/\" );\r\n\u00a0\u00a0\u00a0 mysqli_query( db(), \"delete from lp_page_word<\/span> where page_id in (select id from lp_page where book_id = $BookID)\" );\r\n\u00a0\u00a0\u00a0 mysqli_query( db(), \"delete from lp_page<\/span> where book_id = $BookID\" );\r\n\u00a0\u00a0\u00a0 mysqli_query( db(), \"delete from lp_book_del<\/span> where id = $BookID\" );\r\n\u00a0\u00a0}\r\n}<\/pre>\n\u00a0function DoProcess() {\r\n\u00a0\u00a0$lp = new LP();\r\n\u00a0\u00a0$lp->OCRFiles();\r\n\u00a0\u00a0$lp->AddOCRRecords();\r\n\u00a0\u00a0$lp->PurgeBooks();<\/span>\r\n\u00a0} \/\/ end of function DoProcess()<\/pre>\n
Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":4,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-25","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/pages\/25","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/comments?post=25"}],"version-history":[{"count":20,"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/pages\/25\/revisions"}],"predecessor-version":[{"id":186,"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/pages\/25\/revisions\/186"}],"wp:attachment":[{"href":"https:\/\/www.librarypi.com\/index.php\/wp-json\/wp\/v2\/media?parent=25"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}