New features:

- Duplicate a tour in another collection
- Allow tour with an unique 360° photo
- Local login for dev purpose

Author: ted

.gitignore

@@ -1,6 +1,15 @@
-composer.phar
-/vendor/
-
-# Commit your application's lock file https://getcomposer.org/doc/01-basic-usage.md#commit-your-composer-lock-file-to-version-control
-# You may choose to ignore a library lock file http://getcomposer.org/doc/02-libraries.md#lock-file
-# composer.lock
+ cache/*
+*.bak
+*.log
+.env
+config.php
+/vue-app/node_modules
+.DS_Store
+.DS_Store?
+__MACOSX
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+.ansible/*

CHANGELOG.md

@@ -0,0 +1,18 @@
+# Changelog
+
+## [1.1.0] - 2024-11-29
+
+### Added
+
+ - **BREAKING** Allowing the copy of a tour between user acounts. You'll need to update the database schema.
+ - Creation of a tour with one unique 360° photo
+ - Dev only feature to create and connect a user without OIDC
+
+## [1.0.0] - 2024-10-10
+
+### Added
+
+ - Initial release
+ - Creation, modification, sharing, export, deletion of a tour
+ - Addition of point of interest with text and image
+ - OIDC connection

README.md

@@ -20,14 +20,9 @@
 
 Instructions stands in /doc/installation.md. You will find a docker-compose file to quickly setup a development or production environment.
 
-## Issues
-
-Any issue can be reported at bugs@skilltech.dev
-
 ## Licences
 
 Unless otherwise stated, source code found in this repository is distributed under the AGPL v3 licence.
 The source code of the viewer that resides in www/v is distributed under the MIT Licence (Expat)
 
 See CREDITS.md for more details about licences and contributors.
-

docs/installation.md

@@ -1,5 +1,9 @@
 # 360.skilltech.tools
 
+## Read the changelog
+
+We maintain a CHANGELOG.md file at the root of the source code repository. When an update requires an action like updating the database schema or adding new entries into config.php, we will inform you in this file.
+
 ## Setup
 
 To redirect the 360.skilltech.tools domain to your computer, add this line to your hosts file:
@@ -9,7 +13,7 @@ To redirect the 360.skilltech.tools domain to your computer, add this line to yo
 127.0.0.1 360.skilltech.tools
 ```
 
-A sample config file is located at src/config.sample.php, copy it to src/config.php and adjust its content to your needs. Especially, you need to fill all the OIDC* constants to allow this app to use an autentication server. You should modify the USER_AGENT value with a unique string representing you so that when the app download an image from the web, the remote web server recognizes you.
+A sample config file is located at src/config.sample.php, copy it to src/config.php and adjust its content to your needs. Especially, you need to fill all the OIDC* constants to allow this app to use an autentication server.
 
 ## Spin containers
 
@@ -80,10 +84,11 @@ When it's done you can quit the mariadb shell with the ```exit``` command.
 
 This app needs an OIDC server to authenticate users. To configure the identity provider, copy the file /src/config.sample.php to /src/config.php with appropriate values.
 
+If you don't have yet an identity provider, you may enable the dev mode that allows you to log in without a password, creating a new account if needed. Put the DEV variable to true in /src/config.php then browse to the page /dev/login.php. Obviously, you must never activate this feature in production.
 
 ### Install PHP dependencies
 
-We use Composer to manage PHP dependencies. If you don't have it installed on your computer you can install it in a container. To do so, ppen a bash shell in the PHP dev container (it must be running):
+We use Composer to manage PHP dependencies. If you don't have it installed on your computer you can install it in a container. To do so, open a bash shell in the PHP dev container (it must be running):
 
     docker exec -ti 360skilltechtools-php-dev-1 bash
 
@@ -111,9 +116,14 @@ chown -R 33:$USER
 chmod -R ug+rw www
 ```
 
+## Demo tour
+
+When a user enters for the first time in their library the app will ask they to launch an onboarding demo. This will copy a demo tour into the user's collection.
+
+For this option to work you will need to create first a demo tour using the app then copy its ID into /src/config.php.
+
 ## Files
 
-Files at the root path https://360.skilltech.tools
 All PHP files in /www are served by the nginx server at https://360.skilltech.tools. The PHP source files are in the /src folder as not to be directly accessible by the web server.
 
 ## Branches

sql_dump/.gitignore

@@ -1,3 +1,4 @@
  # Ignore everything in this directory except this file
 *
 !.gitignore
+!/create_tables.sql

sql_dump/create_tables.sql

@@ -0,0 +1,98 @@
+--USE tour;
+
+CREATE TABLE IF NOT EXISTS `user` (
+    `id` INT PRIMARY KEY NOT NULL AUTO_INCREMENT,
+    `email` VARCHAR(255) NOT NULL,
+    `directory` CHAR(12) UNIQUE NOT NULL,
+    `onboarding` TINYINT DEFAULT 1,
+    `creation_date` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    `modification_date` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
+);
+
+CREATE TABLE IF NOT EXISTS `tour` (
+    `id` INT PRIMARY KEY NOT NULL AUTO_INCREMENT,
+    `title` VARCHAR(65),
+    `filename` CHAR(10) UNIQUE NOT NULL,
+    `user_id` INT NOT NULL,
+    `description` TEXT(1023) DEFAULT NULL,
+    `author` VARCHAR(255) DEFAULT NULL,
+    `license` VARCHAR(16) DEFAULT NULL,
+    `start_id` INT DEFAULT NULL,
+    `thumb_id` VARCHAR(255) DEFAULT NULL,
+    `password` VARCHAR(255) DEFAULT NULL,
+    `share` BOOLEAN DEFAULT FALSE,
+    `creation_date` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    `modification_date` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    FOREIGN KEY (user_id) REFERENCES user(id)
+);
+
+CREATE TABLE IF NOT EXISTS `spot` (
+    `id` INT PRIMARY KEY NOT NULL AUTO_INCREMENT,
+    `title` VARCHAR(65),
+    `tour_id` INT NOT NULL,
+    `lat` FLOAT DEFAULT NULL, 
+    `lng` FLOAT DEFAULT NULL, 
+    `creation_date` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    `modification_date` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    FOREIGN KEY (tour_id) REFERENCES tour(id)
+);
+
+CREATE TABLE IF NOT EXISTS `spot_has_spot` (
+    `id` INT PRIMARY KEY NOT NULL AUTO_INCREMENT,
+    `spot1` INT,
+    `spot2` INT,
+    `spot1x` INT,
+    `spot1y` INT,
+    `spot2x` INT,
+    `spot2y` INT,
+    `spot1t` TINYINT NOT NULL DEFAULT 0,
+    `spot2t` TINYINT NOT NULL DEFAULT 0,
+    FOREIGN KEY (spot1) REFERENCES spot(id),
+    FOREIGN KEY (spot2) REFERENCES spot(id)
+);
+
+CREATE TABLE IF NOT EXISTS `image` (
+    `id` INT PRIMARY KEY NOT NULL AUTO_INCREMENT,
+    `user_id` INT NOT NULL,
+    `src_filename` VARCHAR(255) DEFAULT NULL,
+    `filename` CHAR(10) NOT NULL,
+    `filetype` CHAR(3) NOT NULL,
+    `filesize` INT NOT NULL,
+    `title` VARCHAR(127),
+    `width` INT NOT NULL,
+    `height` INT NOT NULL,
+    `creation_date` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    `modification_date` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    FOREIGN KEY (user_id) REFERENCES user(id)
+);
+
+CREATE TABLE IF NOT EXISTS `poi` (
+    `id` INT PRIMARY KEY NOT NULL AUTO_INCREMENT,
+    `icon` VARCHAR(10) DEFAULT NULL,
+    `title` VARCHAR(65) DEFAULT NULL,
+    `text` TEXT DEFAULT NULL,
+    `image_id` INT DEFAULT NULL,
+    `spot_id` INT NOT NULL,
+    `x` INT NOT NULL DEFAULT 0,
+    `y` INT NOT NULL DEFAULT 0,
+    `layer` INT NOT NULL DEFAULT 0,
+    `template` INT NOT NULL DEFAULT 0,
+    `creation_date` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    `modification_date` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    FOREIGN KEY (spot_id) REFERENCES spot(id),
+    FOREIGN KEY (image_id) REFERENCES image(id)
+);
+
+CREATE TABLE IF NOT EXISTS `sky` (
+    `id` INT PRIMARY KEY NOT NULL AUTO_INCREMENT,
+    `image_id` INT DEFAULT NULL,
+    `spot_id` INT NOT NULL,
+    `layer` INT NOT NULL DEFAULT 0,
+    `creation_date` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    `modification_date` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    FOREIGN KEY (spot_id) REFERENCES spot(id),
+    FOREIGN KEY (image_id) REFERENCES image(id)
+);
+
+ALTER TABLE `tour` ADD `password` VARCHAR(255) DEFAULT NULL;
+ALTER TABLE `tour` ADD `share` BOOLEAN NOT NULL DEFAULT FALSE;

src/Controller/copyTour.php

@@ -0,0 +1,51 @@
+<?php
+namespace tour\Controller;
+/*
+ * Copies the requested tour into the user's collection
+ */
+use \tour\Repository\TourRepository;
+require_once(__DIR__ . "/../Autoloader.php");
+require_once(__DIR__ . "/../Functions/copyTour.php");
+require_once(__DIR__ . "/../config.php");
+session_start();
+header('Content-Type: application/json; charset=utf-8');
+
+$user = isset($_SESSION["user"]) ? $_SESSION["user"] : null;
+$filename = isset($_POST["filename"]) ? $_POST["filename"] : null;
+$password = isset($_POST["password"]) ? $_POST["password"] : null;
+
+// Verify the CSRF token
+if (!isset($_SESSION['csrf']) || !isset($_POST['csrf']) || $_POST['csrf'] != $_SESSION['csrf']) {
+  exit("{\"error\": \"Invalid CSRF token\"}");
+}
+// User must be connected
+if ( !$user ) {
+  exit("{\"error\": \"User not connected\"}");
+}
+
+// Check tour ID
+if ( !$filename ) {
+  exit("{\"error\": \"Empty filename\"}");
+}
+
+$tourRepo = new TourRepository();
+$tour = $tourRepo->findOneBy(["filename" => $filename]);
+
+// Check tour
+if ( !$tour ) {
+  exit("{\"error\": \"Bad tour ID\"}");
+}
+
+// Check share option
+if ( !$tour->getShare() ) {
+  exit("{\"error\": \"Not allowed\"}");
+}
+
+// Check password
+if ( !$tour->verifyPassword($password) ) {
+  exit("{\"error\": \"Not allowed\"}");
+}
+
+$result = copyTour($tour->getID(), $user);
+
+exit("{\"success\": \"Tour copied\", \"id\": \"{$result}\"}");

src/Controller/dev/login.php

@@ -0,0 +1,86 @@
+<?php
+require_once __DIR__ . "/../../Autoloader.php";
+require_once __DIR__ . "/../../config.php";
+
+use \tour\Entity\User;
+use \tour\Repository\UserRepository;
+session_start();
+
+if (DEV !== true){
+  exit("Prod");
+}
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="utf-8" />
+<title>Login as a developer</title>
+<script>
+  async function fetchGet(url){
+    var response = new Object();
+    try {
+      response = await fetch(url,{
+        method: "GET",
+        mode: "cors",
+        credentials: 'include',
+        headers: {
+          "Content-Type": "application/json",
+        },
+      });
+    } catch (error) {
+      console.log("error Get");
+    }
+    return response;
+  }
+
+  async function logout(){
+    const response = await fetchGet("/logout.php");
+    window.location = "/";
+  }
+</script>
+</head>
+<body>
+
+<?php
+if (
+  isset($_POST['email']) && strlen($_POST['email']) >= 4 &&
+  isset($_POST['csrf']) && $_POST['csrf'] == $_SESSION["csrf"]
+){
+  echo "Connection<br>";
+  $repo = new UserRepository();
+  $user = $repo->findByEmail($_POST['email']);
+  if ($user == null) {
+    $userInfo = new stdClass();
+    $userInfo->email = $_POST['email'];
+    $user = $repo->create($userInfo);
+  }
+  $_SESSION["user"] = $user;
+} elseif (isset($_POST['email']) && strlen($_POST['email']) < 4){
+  echo "Bad email<br>";
+} elseif (isset($_POST['email']) && (!isset($_POST['csrf']) || $_POST['csrf'] != $_SESSION["csrf"])){
+  echo "Bad CSRF<br>";
+}
+
+$_SESSION["csrf"] = random_int(1,999999);
+
+if(array_key_exists("user", $_SESSION)){
+  echo "<p>Connected as " . htmlspecialchars($_SESSION["user"]->getEmail()) . " </p>";
+  echo "<a href='/'>Go to home page</a><br>";
+  echo "<a href='#' onclick='logout()'>Log out</a>";
+}
+else {
+?>
+
+<form method="post">
+  <label for="email">Login:</label>
+  <input type=email id="email" value="demo@example.com" name="email">
+  <input type="hidden" name="csrf" value="<?= $_SESSION["csrf"] ?>">
+  <button type="submit">OK</button>
+</form>
+
+<?php
+}
+?>
+
+</body>
+</html>

src/Controller/getTour.php

@@ -14,17 +14,18 @@
   $tour = $repo->findOneBy(array('id' => $tourId, 'user_id' => $user->getId()));
   $tour = $repo->find($tourId, $user->getId());
   if ($tour){
+    $tour_array = $tour->jsonSerialize();
+    $tour_array["password"] = $tour_array["password"] === null ? 0 : 1;
     //search for the thumbnail
     if($tour->getThumbID()){
-      $tour_array = $tour->jsonSerialize();
       $imageRepo = new ImageRepository();
       $thumb = $imageRepo->find($tour->getThumbID(), $user->getId());
       if ($thumb){
         $tour_array["thumb_filename"] = $thumb->getFilename() . "." . $thumb->getFiletype();
       }
       exit(json_encode($tour_array));
     }
-    exit(json_encode($tour));
+    exit(json_encode($tour_array));
   } else {
     exit("{\"error\": \"Tour not found\"}");
   }

src/Controller/getTours.php

@@ -7,9 +7,15 @@
 $user = isset($_SESSION["user"]) ? $_SESSION["user"] : null;
 header('Content-Type: application/json; charset=utf-8');
 
+function isPassword($tour){
+  $tour["password"] = $tour["password"] === null ? false : true;
+  return $tour;
+}
+
 if ($user) {
   $repo = new TourRepository();
   $tour = $repo->getAllByUserID($user->getId());
+  $tour = array_map('isPassword', $tour);
   echo json_encode($tour);
 } else {
   echo "{\"error\": \"user not connected\"}";