From d93bbd46503836c85b8bec4ed308a8f54758e608 Mon Sep 17 00:00:00 2001
From: Bartek Fabiszewski <github@fabiszewski.net>
Date: Thu, 6 Apr 2017 18:07:15 +0200
Subject: [PATCH] Refactor user handling to use helper classes

---
 adduser.php        |  52 ++--------
 admin.js           |  13 ---
 auth.php           |  66 +++++-------
 client/index.php   |  33 ++----
 config.default.php |   2 -
 download.php       |   2 +-
 helpers/db.php     |  48 +++++++++
 helpers/user.php   | 100 +++++++++++++++++++
 index.php          | 243 +++++++++++++++++++++------------------------
 lang.php           |   2 +-
 main.js            |  13 +++
 11 files changed, 317 insertions(+), 257 deletions(-)
 create mode 100644 helpers/db.php
 create mode 100644 helpers/user.php

diff --git a/adduser.php b/adduser.php
index 1ccad89..57bc98d 100644
--- a/adduser.php
+++ b/adduser.php
@@ -18,7 +18,7 @@
  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  */
  
-  require_once("auth.php");
+  require_once("auth.php"); // sets $mysqli, $user
   
   /** 
    * Exit with xml response
@@ -42,51 +42,17 @@ function exitWithStatus($isError, $errorMessage = NULL) {
     exit;
   }
 
-  /** 
-   * Check if login is allowed
-   * @param string $login Login
-   */
-  function checkUser($login) {
-    global $mysqli;
-    $sql = "SELECT id FROM users WHERE login = ?";
-    $query = $mysqli->prepare($sql);
-    $query->bind_param('s', $login);
-    $query->execute();
-    if ($query->errno) {
-      exitWithStatus(true, $query->error);
-    }
-    $query->store_result();
-    if ($query->num_rows) {
+  $login = isset($_REQUEST['login']) ? trim($_REQUEST['login']) : NULL;
+  $hash = isset($_REQUEST['pass']) ? password_hash($_REQUEST['pass'], PASSWORD_DEFAULT) : NULL;
+  if ($user->isAdmin && !empty($login) && !empty($hash)) {
+    $newUser = new uUser($login);
+    if ($newUser->isValid) {
       exitWithStatus(true, $lang_userexists);
     }
-    $query->free_result();
-    $query->close();
-  }
-
-  /** 
-   * Add new user to database
-   * @param string $login Login
-   * @param string $hash Password hash
-   */
-  function insertUser($login, $hash) {
-    global $mysqli;
-    $sql = "INSERT INTO users (login, password) VALUES (?, ?)";
-    $query = $mysqli->prepare($sql);
-    $query->bind_param('ss', $login, $hash);
-    $query->execute();
-    if ($query->errno) {
-      exitWithStatus(true, $query->error);
-      $isError = false;
+    if ($newUser->add($login, $hash) === false) {
+      exitWithStatus(true, $mysqli->error);
     }
-    $query->close();
-  }
-
-  $login = isset($_REQUEST['login']) ? trim($_REQUEST['login']) : NULL;
-  $hash = isset($_REQUEST['pass']) ? password_hash($_REQUEST['pass'], PASSWORD_DEFAULT) : NULL;
-  if ($admin && !empty($login) && !empty($hash)) {
-    checkUser($login);
-    insertUser($login, $hash);
   }
   exitWithStatus(false);
-  
+
 ?>
\ No newline at end of file
diff --git a/admin.js b/admin.js
index b118c38..6e22906 100644
--- a/admin.js
+++ b/admin.js
@@ -17,19 +17,6 @@
  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  */
 
-function showModal(contentHTML) {
-  var div = document.createElement("div");
-  div.setAttribute("id", "modal");
-  div.innerHTML = '<div id="modal-header"><button type="button" onclick="removeModal()">&times;</button></div><div id="modal-body"></div>';
-  document.body.appendChild(div);
-  var modalBody = document.getElementById('modal-body');
-  modalBody.innerHTML = contentHTML;
-}
-
-function removeModal() {
-  document.body.removeChild(document.getElementById('modal'));
-}
-
 function addUser() {
   var form = '<form id="userForm" method="post" onsubmit="submitUser(); return false">';
   form += '<label><b>' + lang_username + '</b></label><input type="text" placeholder="' + lang_usernameenter + '" name="login" required>';
diff --git a/auth.php b/auth.php
index 8ca9908..c8a8295 100755
--- a/auth.php
+++ b/auth.php
@@ -17,46 +17,36 @@
  * License along with this program; if not, write to the Free Software
  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  */
-require_once("config.php");
-// if is set cookie overwrite config value
-if (isset($_COOKIE["ulogger_api"])) { $mapapi = $_COOKIE["ulogger_api"]; }
-if (isset($_COOKIE["ulogger_lang"])) { $lang = $_COOKIE["ulogger_lang"]; }
-if (isset($_COOKIE["ulogger_units"])) { $units = $_COOKIE["ulogger_units"]; }
-if (isset($_COOKIE["ulogger_interval"])) { $interval = $_COOKIE["ulogger_interval"]; }
+require_once("helpers/config.php");
+$config = new uConfig();
+
 require_once("lang.php");
-$mysqli = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
-if ($mysqli->connect_errno) {
-  if (defined('headless')) {
-    header('HTTP/1.1 503 Service Unavailable', true, 503);
-  } else {
-    printf("Connect failed: %s\n", $mysqli->connect_error);
-  }
-  exit();
-}
-$mysqli->set_charset("utf8");
+require_once("helpers/db.php");
+$mysqli = uDb::getInstance();
+require_once($config::$rootDir . "/helpers/user.php");
 
 session_name('ulogger');
 session_start();
 $sid = session_id();
 
 // check for forced login to authorize admin in case of public access
-$force_login = (isset($_REQUEST['force_login']) ? $_REQUEST['force_login'] : 0);
+$force_login = (isset($_REQUEST['force_login']) ? $_REQUEST['force_login'] : false);
 if ($force_login) {
-  $require_authentication = 1;
+  $config::$require_authentication = true;
 }
 
-$auth = (isset($_SESSION['auth']) ? $_SESSION['auth'] : NULL);
-$admin = (isset($_SESSION['admin']) ? $_SESSION['admin'] : NULL);
-if ($auth || $require_authentication || defined('headless')) {
+$user = new uUser();
+$user->getFromSession();
+if (!$user->isValid && ($config::$require_authentication || defined('headless'))) {
   /* authentication */
-  $user = (isset($_REQUEST['user']) ? $_REQUEST['user'] : "");
-  $pass = (isset($_REQUEST['pass']) ? $_REQUEST['pass'] : "");
+  $login = (isset($_REQUEST['user']) ? $_REQUEST['user'] : NULL);
+  $pass = (isset($_REQUEST['pass']) ? $_REQUEST['pass'] : NULL);
   $ssl = ((!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "" || $_SERVER['HTTPS'] == "off") ? "http" : "https");
   $auth_error = (isset($_REQUEST['auth_error']) ? $_REQUEST['auth_error'] : 0);
 
-  // not authenticated and username not submited
-  // load form
-  if ((!$auth) && (!$user)){
+  if (!$login){
+    // not authenticated and username not submited
+    // load form    
     if (defined('headless')) {
       header('HTTP/1.1 401 Unauthorized', true, 401);
     } else {
@@ -94,19 +84,12 @@ function focus() {
     }
     $mysqli->close();
     exit();
-  }
+  } else {
+    // username submited
+    $user = new uUser($login);
 
-  // username submited
-  if ((!$auth) && ($user)){
-    $query = $mysqli->prepare("SELECT id, login, password FROM users WHERE login=? LIMIT 1");
-    $query->bind_param('s', $user);
-    $query->execute();
-    $query->bind_result($rec_id, $rec_user, $rec_pass);
-    $query->fetch();
-    $query->free_result();
     //correct pass
-
-    if (($user == $rec_user) && password_verify($pass, $rec_pass)) {
+    if ($user->isValid && $user->validPassword($pass)) {
       // login successful
       //delete old session
       $_SESSION = NULL;
@@ -114,10 +97,7 @@ function focus() {
       // start new session
       session_name('ulogger');
       session_start();
-      if (($user == $admin_user) && !empty($admin_user)) {
-          $_SESSION['admin'] = $admin_user;
-      }
-      $_SESSION['auth'] = $rec_id;
+      $user->storeInSession();
       $url = str_replace("//", "/", $_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/index.php");
       header("Location: $ssl://$url");
       exit();
@@ -130,15 +110,15 @@ function focus() {
         setcookie(session_name('ulogger'),'',time()-42000,'/');
       }
       session_destroy();
-      $mysqli->close();
       if (defined('headless')) {
         header('HTTP/1.1 401 Unauthorized', true, 401);
       } else {
         $url = str_replace("//", "/", $_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/index.php");
         header("Location: $ssl://$url$error");
       }
-      exit();
     }
+    $mysqli->close();
+    exit();
   }
   /* end of authentication */
 }
diff --git a/client/index.php b/client/index.php
index d92859d..9296b82 100644
--- a/client/index.php
+++ b/client/index.php
@@ -24,43 +24,32 @@ function setError(&$response, $message) {
 }
 
 define("headless", true); 
-require_once("../auth.php");
+require_once("../auth.php"); // sets $mysqli, $user
+$userid = $user->id;
 
 $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : null;
-$userid = $_SESSION['auth'];
-
 $response = [ 'error' => false ];
 
-$mysqli = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
-if ($mysqli->connect_errno) {
-  setError($response, $mysqli->error);
-  $action = null;
-}
-
 switch ($action) {
   // action: authorize
   case "auth":
     break;
 
-  // action: adduser
+  // action: adduser (currently unused)
   case "adduser":
     $login = isset($_REQUEST['login']) ? $_REQUEST['login'] : NULL;
     $hash = isset($_REQUEST['password']) ? password_hash($_REQUEST['password'], PASSWORD_DEFAULT) : NULL;
     if (!empty($login) && !empty($hash)) {
-      $sql = "INSERT INTO users (login, password) VALUES (?, ?)";
-      $query = $mysqli->prepare($sql);
-      $query->bind_param('ss', $login, $hash);
-      $query->execute();
-      $userid = $mysqli->insert_id;
-      $query->close();
-      if ($mysqli->errno) {
-        setError($response, $mysqli->error);
-        break;
+      $newUser = new uUser();
+      $newId = $newUser->add($login, $hash);
+      if ($newId !== false) {
+        // return user id
+        $response['userid'] = $newId;
+      } else {
+        setError($response, "Server error");
       }
-      // return user id
-      $response['userid'] = $userid;
     } else {
-      setError($response, "Empty login");
+      setError($response, "Empty login or password");
     }
     break;
 
diff --git a/config.default.php b/config.default.php
index e4d32c0..9ea42eb 100755
--- a/config.default.php
+++ b/config.default.php
@@ -21,8 +21,6 @@
 // This is default configuration file. 
 // Copy it to config.php and customize
 
-$version = "0.1";
-
 // default map drawing framework
 // (gmaps = google maps, openlayers = openlayers/osm)
 //$mapapi = "gmaps";
diff --git a/download.php b/download.php
index 58c4019..55da216 100755
--- a/download.php
+++ b/download.php
@@ -22,7 +22,7 @@
 $userid = ((isset($_REQUEST["userid"]) && is_numeric($_REQUEST["userid"])) ? $_REQUEST["userid"] : 0);
 $trackid = ((isset($_REQUEST["trackid"]) && is_numeric($_REQUEST["trackid"])) ? $_REQUEST["trackid"] : 0);
 
-if ($units=="imperial") {
+if ($config::$units=="imperial") {
   $factor_kmh = 0.62; //to mph
   $unit_kmh = "mph";
   $factor_m = 3.28; // to feet
diff --git a/helpers/db.php b/helpers/db.php
new file mode 100644
index 0000000..94063e3
--- /dev/null
+++ b/helpers/db.php
@@ -0,0 +1,48 @@
+<?php
+/* μlogger
+ *
+ * Copyright(C) 2017 Bartek Fabiszewski (www.fabiszewski.net)
+ *
+ * This is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU Library General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+require_once (__DIR__ . "/config.php");
+class uDb extends mysqli {
+  // singleton instance
+  protected static $instance;
+
+  // private constuctor
+  private function __construct($host, $user, $pass, $name) {
+    parent::__construct($host, $user, $pass, $name);
+    if ($this->connect_error) {
+      if (defined('headless')) {
+        header("HTTP/1.1 503 Service Unavailable");
+        exit;
+      }
+      die("Database connection error (" . $this->connect_errno . ")");
+    }
+    $this->set_charset('utf8');
+  }
+
+  // returns singleton instance
+  public static function getInstance() {
+    if (!self::$instance) {
+      $config = new uConfig();
+      self::$instance = new self($config::$dbhost, $config::$dbuser, $config::$dbpass, $config::$dbname);
+    }
+    return self::$instance;
+  }
+}
+?>
\ No newline at end of file
diff --git a/helpers/user.php b/helpers/user.php
new file mode 100644
index 0000000..4fa51ae
--- /dev/null
+++ b/helpers/user.php
@@ -0,0 +1,100 @@
+<?php
+/* μlogger
+ *
+ * Copyright(C) 2017 Bartek Fabiszewski (www.fabiszewski.net)
+ *
+ * This is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU Library General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+require_once(__DIR__ . "/config.php");
+require_once(__DIR__ . "/db.php");
+
+class uUser {
+    public $id;
+    public $login;
+    public $hash;
+    public $isAdmin = false;
+    public $isValid = false;
+
+    private static $db;
+
+    public function __construct($login = NULL) {
+      self::$db = uDB::getInstance();
+      if (!empty($login)) {
+        $stmt = self::$db->prepare("SELECT id, login, password FROM users WHERE login = ? LIMIT 1");
+        $stmt->bind_param('s', $login);
+        $stmt->execute();
+        $stmt->bind_result($this->id, $this->login, $this->hash);
+        if ($stmt->fetch()) {
+          $this->isValid = true;
+        }
+        $stmt->close();
+        $config = new uConfig();
+        if (!empty($config::$admin_user) && $config::$admin_user == $this->login) {
+          $this->isAdmin = true;
+        }
+      }
+    }
+
+    public function add($login, $hash) {
+      $userid = false;
+      if (!empty($login) && !empty($hash)) {
+        $sql = "INSERT INTO users (login, password) VALUES (?, ?)";
+        $stmt = self::$db->prepare($sql);
+        $stmt->bind_param('ss', $login, $hash);
+        $stmt->execute();
+        if (!self::$db->error && !$stmt->errno) {
+          $userid = self::$db->insert_id;
+        }
+        $stmt->close();
+      }
+      return $userid;
+    }
+
+    public function validPassword($password) {
+      return password_verify($password, $this->hash);
+    }
+
+    public function storeInSession() {
+      $_SESSION['user'] = $this;
+    }
+
+    public function getFromSession() {
+      if (isset($_SESSION['user'])) {
+        $sessionUser = $_SESSION['user'];
+        $this->id = $sessionUser->id;
+        $this->login = $sessionUser->login;
+        $this->hash = $sessionUser->hash;
+        $this->isAdmin = $sessionUser->isAdmin;
+        $this->isValid = $sessionUser->isValid;
+      }
+    }
+
+    public function listAll() {
+      $query = "SELECT id, login FROM users ORDER BY login";
+      $result = self::$db->query($query);
+      if ($result === false) {
+        return false;
+      }
+      $userArr = [];
+      while ($row = $result->fetch_assoc()) {
+        $userArr[$row['id']] = $row['login'];
+      }
+      $result->close();
+      return $userArr;
+    }
+}
+
+ ?>
\ No newline at end of file
diff --git a/index.php b/index.php
index f8383f1..3f9ada1 100755
--- a/index.php
+++ b/index.php
@@ -16,191 +16,169 @@
  * You should have received a copy of the GNU Library General Public
  * License along with this program; if not, write to the Free Software
  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-require_once("auth.php");
-
-if ($auth && !$admin && !$public_tracks) {
-  // only authorized user tracks
-  // get username
-  $query = "SELECT login FROM users WHERE id='$auth' LIMIT 1";
-  $result = $mysqli->query($query);
-  $row = $result->fetch_assoc();
-  $user = $row["login"];
-
-  // users
-  $user_form = '<u>'.$lang_user.'</u><br />'.$user.' (<a href="logout.php">'.$lang_logout.'</a>)';
+*/
+require_once ("auth.php");
+if ($user->isValid) {
+  $userHeader = $user->login . ' (<a href="logout.php">' . $lang_logout . '</a>)';
+} else {
+  $userHeader = '<a href="index.php?force_login=1">' . $lang_login . '</a>';
 }
-else {
+$lastUserId = NULL;
+$userForm = '';
+if ($user->isAdmin || $config::$public_tracks) {
   // public access or admin user
   // prepare user select form
-  if ($admin) {
-     $user = $admin_user;
-  }
-  $user_form = '
-  <u>'.$lang_user.'</u> ';
-  if ($auth) {
-    $user_form .= '&nbsp;'.$user.' (<a href="logout.php">'.$lang_logout.'</a>)';
-  } else {
-    $user_form .= '&nbsp;<a href="index.php?force_login=1">'.$lang_login.'</a>';
-  }
-  $user_form .= '
+  $userForm = '
+  <br /><u>' . $lang_user . '</u>
   <br />
   <form>
   <select name="user" onchange="selectUser(this)">
-  <option value="0">'.$lang_suser.'</option>';
+  <option value="0">' . $lang_suser . '</option>';
   // get last position user
   $query = "SELECT p.user_id FROM positions p ORDER BY p.time LIMIT 1";
   $result = $mysqli->query($query);
   if ($result->num_rows) {
     $last = $result->fetch_row();
-    $last_id = $last[0];
-  } else {
-    $last_id = "";
+    $lastUserId = $last[0];
   }
-  $query = "SELECT id, login FROM users ORDER BY login";
-  $result = $mysqli->query($query);
-  while ($row = $result->fetch_assoc()) {
-    $user_form .= sprintf("<option %svalue=\"%s\">%s</option>\n", ($row["id"] == $last_id)?"selected ":"",$row["id"], $row["login"]);
+  $usersArr = $user->listAll();
+  if (!empty($usersArr)) {
+    foreach ($usersArr as $userId => $userLogin) {
+      $userForm.= sprintf("<option %svalue=\"%s\">%s</option>\n", (($userId == $lastUserId) ? "selected " : ""), $userId, $userLogin);
+    }
   }
-  $user_form .= '
+  $userForm.= '
   </select>
   </form>
   ';
 }
-
 // prepare track select form
-$track_form = '
-<u>'.$lang_track.'</u><br />
+$trackForm = '
+<u>' . $lang_track . '</u><br />
 <form>
 <select name="track" onchange="selectTrack(this)">';
-$userid = "";
-if ($auth && !$admin && !$public_tracks) {
-  // display track of authenticated user
-  $userid = $auth;
-} elseif ($last_id) {
+$displayId = NULL;
+if ($lastUserId) {
   // or user who did last move
-  $userid = $last_id;
-}
-$query = "SELECT * FROM tracks WHERE user_id='$userid' ORDER BY id DESC";
+  $displayId = $lastUserId;
+} else if ($user->isValid) {
+  // display track of authenticated user
+  $displayId = $user->id;
+} 
+$query = "SELECT * FROM tracks WHERE user_id='$displayId' ORDER BY id DESC";
 $result = $mysqli->query($query);
-
-$trackid = "";
+$trackId = NULL;
 while ($row = $result->fetch_assoc()) {
-  if ($trackid == "") { $trackid = $row["id"]; } // get first row
-  $track_form .= sprintf("<option value=\"%s\">%s</option>\n", $row["id"], $row["name"]);
+  if (is_null($trackId)) { $trackId = $row["id"]; } // get first row
+  $trackForm.= sprintf("<option value=\"%s\">%s</option>\n", $row["id"], $row["name"]);
 }
-$track_form .= '
+$trackForm.= '
 </select>
-<input id="latest" type="checkbox" onchange="toggleLatest();"> '.$lang_latest.'<br />
+<input id="latest" type="checkbox" onchange="toggleLatest();"> ' . $lang_latest . '<br />
 </form>
 ';
 // map api select form
-$api_form = '
-<u>'.$lang_api.'</u><br />
+$apiForm = '
+<u>' . $lang_api . '</u><br />
 <form>
 <select name="api" onchange="loadMapAPI(this.options[this.selectedIndex].value);">
-<option value="gmaps"'.(($mapapi=="gmaps")?' selected':'').'>Google Maps</option>
-<option value="openlayers"'.(($mapapi=="openlayers")?' selected':'').'>OpenLayers</option>
+<option value="gmaps"' . (($config::$mapapi == "gmaps") ? ' selected' : '') . '>Google Maps</option>
+<option value="openlayers"' . (($config::$mapapi == "openlayers") ? ' selected' : '') . '>OpenLayers</option>
 </select>
 </form>
 ';
-
 // language select form
-$lang_form = '
-<u>'.$lang_language.'</u><br />
+$langForm = '
+<u>' . $lang_language . '</u><br />
 <form>
 <select name="units" onchange="setLang(this.options[this.selectedIndex].value);">
-<option value="en"'.(($lang=="en")?' selected':'').'>English</option>
-<option value="pl"'.(($lang=="pl")?' selected':'').'>Polski</option>
-<option value="de"'.(($lang=="de")?' selected':'').'>Deutsch</option>
-<option value="hu"'.(($lang=="hu")?' selected':'').'>Magyar</option>
-<option value="fr"'.(($lang=="fr")?' selected':'').'>Français</option>
-<option value="it"'.(($lang=="it")?' selected':'').'>Italiano</option>
+<option value="en"' . (($config::$lang == "en") ? ' selected' : '') . '>English</option>
+<option value="pl"' . (($config::$lang == "pl") ? ' selected' : '') . '>Polski</option>
+<option value="de"' . (($config::$lang == "de") ? ' selected' : '') . '>Deutsch</option>
+<option value="hu"' . (($config::$lang == "hu") ? ' selected' : '') . '>Magyar</option>
+<option value="fr"' . (($config::$lang == "fr") ? ' selected' : '') . '>Français</option>
+<option value="it"' . (($config::$lang == "it") ? ' selected' : '') . '>Italiano</option>
 </select>
 </form>
 ';
 // units select form
-$units_form = '
-<u>'.$lang_units.'</u><br />
+$unitsForm = '
+<u>' . $lang_units . '</u><br />
 <form>
 <select name="units" onchange="setUnits(this.options[this.selectedIndex].value);">
-<option value="metric"'.(($units=="metric")?' selected':'').'>'.$lang_metric.'</option>
-<option value="imperial"'.(($units=="imperial")?' selected':'').'>'.$lang_imperial.'</option>
+<option value="metric"' . (($config::$units == "metric") ? ' selected' : '') . '>' . $lang_metric . '</option>
+<option value="imperial"' . (($config::$units == "imperial") ? ' selected' : '') . '>' . $lang_imperial . '</option>
 </select>
 </form>
 ';
 // admin menu
-$admin_menu = '';
-$admin_script = '';
-if ($admin) {
-  $admin_menu = '
+$adminMenu = '';
+$adminScript = '';
+if ($user->isAdmin) {
+  $adminMenu = '
   <div id="admin_menu">
-    <u>'.$lang_adminmenu.'</u><br />
-      <a href="javascript:void(0);" onclick="addUser()">'.$lang_adduser.'</a><br />
+    <u>' . $lang_adminmenu . '</u><br />
+      <a href="javascript:void(0);" onclick="addUser()">' . $lang_adduser . '</a><br />
   </div>
   ';
-  $admin_script = '<script type="text/javascript" src="admin.js"></script>';
+  $adminScript = '<script type="text/javascript" src="admin.js"></script>';
 }
-
-print
-'<!DOCTYPE html>
+print '<!DOCTYPE html>
 <html>
   <head>
-    <title>'.$lang_title.'</title>
+    <title>' . $lang_title . '</title>
     <meta http-equiv="Content-type" content="text/html;charset=UTF-8" />
     <meta name="viewport" content="initial-scale=1.0, user-scalable=no" />
     <link rel="stylesheet" type="text/css" href="main.css" />
     <script>
-      var interval = '.$interval.';
-      var userid = '.(($userid)?$userid:-1).';
-      var trackid = '.(($trackid)?$trackid:-1).';
-      var lang_user = "'.$lang_user.'";
-      var lang_time = "'.$lang_time.'";
-      var lang_speed = "'.$lang_speed.'";
-      var lang_accuracy = "'.$lang_accuracy.'";
-      var lang_altitude = "'.$lang_altitude.'";
-      var lang_ttime = "'.$lang_ttime.'";
-      var lang_aspeed = "'.$lang_aspeed.'";
-      var lang_tdistance = "'.$lang_tdistance.'";
-      var lang_point = "'.$lang_point.'";
-      var lang_of = "'.$lang_of.'";
-      var lang_summary = "'.$lang_summary.'";
-      var lang_latest = "'.$lang_latest.'";
-      var lang_track = "'.$lang_track.'";
-      var lang_newinterval = "'.$lang_newinterval.'";
-      var lang_username = "'.$lang_username.'";
-      var lang_password = "'.$lang_password.'";
-      var lang_passwordrepeat = "'.$lang_passwordrepeat.'";
-      var lang_passwordenter = "'.$lang_passwordenter.'";
-      var lang_usernameenter = "'.$lang_usernameenter.'";
-      var lang_cancel = "'.$lang_cancel.'";
-      var lang_submit = "'.$lang_submit.'";
-      var units = "'.$units.'";
-      var mapapi = "'.$mapapi.'";
-      var gkey = '.(isset($gkey)?'"'.$gkey.'"':'null').';
-      var layer_ocm = "'.$layer_ocm.'";
-      var layer_mq = "'.$layer_mq.'";
-      var layer_osmapa = "'.$layer_osmapa.'";
-      var layer_ump = "'.$layer_ump.'";
-      var init_latitude = "'.$init_latitude.'";
-      var init_longitude = "'.$init_longitude.'";
+      var interval = ' . $config::$interval . ';
+      var userid = ' . (($displayId) ? $displayId : -1) . ';
+      var trackid = ' . (($trackId) ? $trackId : -1) . ';
+      var lang_user = "' . $lang_user . '";
+      var lang_time = "' . $lang_time . '";
+      var lang_speed = "' . $lang_speed . '";
+      var lang_accuracy = "' . $lang_accuracy . '";
+      var lang_altitude = "' . $lang_altitude . '";
+      var lang_ttime = "' . $lang_ttime . '";
+      var lang_aspeed = "' . $lang_aspeed . '";
+      var lang_tdistance = "' . $lang_tdistance . '";
+      var lang_point = "' . $lang_point . '";
+      var lang_of = "' . $lang_of . '";
+      var lang_summary = "' . $lang_summary . '";
+      var lang_latest = "' . $lang_latest . '";
+      var lang_track = "' . $lang_track . '";
+      var lang_newinterval = "' . $lang_newinterval . '";
+      var lang_username = "' . $lang_username . '";
+      var lang_password = "' . $lang_password . '";
+      var lang_passwordrepeat = "' . $lang_passwordrepeat . '";
+      var lang_passwordenter = "' . $lang_passwordenter . '";
+      var lang_usernameenter = "' . $lang_usernameenter . '";
+      var lang_cancel = "' . $lang_cancel . '";
+      var lang_submit = "' . $lang_submit . '";
+      var units = "' . $config::$units . '";
+      var mapapi = "' . $config::$mapapi . '";
+      var gkey = ' . (isset($gkey) ? '"' . $gkey . '"' : 'null') . ';
+      var layer_ocm = "' . $config::$layer_ocm . '";
+      var layer_mq = "' . $config::$layer_mq . '";
+      var layer_osmapa = "' . $config::$layer_osmapa . '";
+      var layer_ump = "' . $config::$layer_ump . '";
+      var init_latitude = "' . $config::$init_latitude . '";
+      var init_longitude = "' . $config::$init_longitude . '";
     </script>
     <script type="text/javascript" src="main.js"></script>
 ';
-if ($mapapi == "gmaps") {
-  print
-'   <script type="text/javascript" src="//maps.googleapis.com/maps/api/js'.(isset($gkey)?'?key='.$gkey:'').'"></script>
+if ($config::$mapapi == "gmaps") {
+  print '   <script type="text/javascript" src="//maps.googleapis.com/maps/api/js' . (isset($gkey) ? '?key=' . $gkey : '') . '"></script>
     <script type="text/javascript" src="api_gmaps.js"></script>
 ';
-}
-else {
-  print
-'   <script type="text/javascript" src="//openlayers.org/api/OpenLayers.js"></script>
+} else {
+  print '   <script type="text/javascript" src="//openlayers.org/api/OpenLayers.js"></script>
     <script type="text/javascript" src="api_openlayers.js"></script>
 ';
 }
 print '
-   '.$admin_script.'
+   ' . $adminScript . '
+   <script type="text/javascript" src="pass.js"></script>
    <script type="text/javascript" src="//www.google.com/jsapi"></script>
     <script type="text/javascript">
       google.load("visualization", "1", {packages:["corechart"]});
@@ -210,42 +188,43 @@
   <body onload="init();loadTrack(userid,trackid,1);">
     <div id="menu">
       <div id="menu-content">
+          ' . $userHeader . '
         <div id="user">
-          '.$user_form.'
+          ' . $userForm . '
         </div>
         <div id="track">
-          '.$track_form.'
-          <input type="checkbox" onchange="autoReload();"> '.$lang_autoreload.' (<a href="javascript:void(0);" onclick="setTime()"><span id="auto">'.$interval.'</span></a> s)<br />
-          <a href="javascript:void(0);" onclick="loadTrack(userid,trackid,0)">'.$lang_reload.'</a><br />
+          ' . $trackForm . '
+          <input type="checkbox" onchange="autoReload();"> ' . $lang_autoreload . ' (<a href="javascript:void(0);" onclick="setTime()"><span id="auto">' . $config::$interval . '</span></a> s)<br />
+          <a href="javascript:void(0);" onclick="loadTrack(userid,trackid,0)">' . $lang_reload . '</a><br />
         </div>
         <div id="summary"></div>
         <div id="other">
-          <a href="javascript:void(0);" onclick="toggleChart();">'.$lang_chart.'</a>
+          <a href="javascript:void(0);" onclick="toggleChart();">' . $lang_chart . '</a>
         </div>
         <div id="api">
-          '.$api_form.'
+          ' . $apiForm . '
         </div>
         <div id="lang">
-          '.$lang_form.'
+          ' . $langForm . '
         </div>
         <div id="units">
-          '.$units_form.'
+          ' . $unitsForm . '
         </div>
         <div id="export">
-          <u>'.$lang_download.'</u><br />
+          <u>' . $lang_download . '</u><br />
           <a href="javascript:void(0);" onclick="load(\'kml\',userid,trackid)">kml</a><br />
           <a href="javascript:void(0);" onclick="load(\'gpx\',userid,trackid)">gpx</a><br />
         </div>
-        '.$admin_menu.'
+        ' . $adminMenu . '
       </div>
       <div id="menu-close" onclick="toggleMenu();">»</div>
-      <div id="footer"><a target="_blank" href="/bfabiszewski/ulogger-server"><span class="mi">μ</span>logger</a> '.$version.'</div>
+      <div id="footer"><a target="_blank" href="/bfabiszewski/ulogger-server"><span class="mi">μ</span>logger</a> ' . $config::$version . '</div>
     </div>
     <div id="main">
       <div id="map-canvas"></div>
       <div id="bottom">
         <div id="chart"></div>
-        <div id="close"><a href="javascript:void(0);" onclick="toggleChart(0);">'.$lang_close.'</a></div>
+        <div id="close"><a href="javascript:void(0);" onclick="toggleChart(0);">' . $lang_close . '</a></div>
       </div>
     </div>
   </body>
diff --git a/lang.php b/lang.php
index d0023a4..34a6cc8 100755
--- a/lang.php
+++ b/lang.php
@@ -17,7 +17,7 @@
  * License along with this program; if not, write to the Free Software
  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  */
-switch($lang) {
+switch($config::$lang) {
   default:
   case "en":
     $lang_title = "• μlogger •";
diff --git a/main.js b/main.js
index 2338001..bfcafa8 100755
--- a/main.js
+++ b/main.js
@@ -403,3 +403,16 @@ function setUnits(unit) {
   setCookie('units',unit,30);
   location.reload();
 }
+
+function showModal(contentHTML) {
+  var div = document.createElement("div");
+  div.setAttribute("id", "modal");
+  div.innerHTML = '<div id="modal-header"><button type="button" onclick="removeModal()">&times;</button></div><div id="modal-body"></div>';
+  document.body.appendChild(div);
+  var modalBody = document.getElementById('modal-body');
+  modalBody.innerHTML = contentHTML;
+}
+
+function removeModal() {
+  document.body.removeChild(document.getElementById('modal'));
+}
\ No newline at end of file