diff options
author | cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8> | 2005-11-06 16:33:22 +0000 |
---|---|---|
committer | cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8> | 2005-11-06 16:33:22 +0000 |
commit | de656d885e687337698016024304300a8ac749ea (patch) | |
tree | a03f6455575d34cb7d8f56c5d9d3d4a924704314 /admin | |
parent | fc585473934605d12b2e970436bb81f6b28cd7e8 (diff) |
und noch ein bichen
git-svn-id: svn://svn.cccv.de/engel-system@16 29ba0400-6e00-0410-a75a-ca02368028f8
Diffstat (limited to 'admin')
-rwxr-xr-x | admin/dect.php | 3 | ||||
-rwxr-xr-x | admin/schichtplan.php | 77 | ||||
-rwxr-xr-x | admin/shiftadd.php | 125 | ||||
-rwxr-xr-x | admin/user.php | 26 | ||||
-rwxr-xr-x | admin/user2.php | 62 |
5 files changed, 159 insertions, 134 deletions
diff --git a/admin/dect.php b/admin/dect.php index 0afc7f4f..99a58028 100755 --- a/admin/dect.php +++ b/admin/dect.php @@ -7,6 +7,9 @@ include ("./inc/header.php"); include ("./inc/funktion_modem.php"); +if( !isset($_GET["dial"])) $_GET["dial"] = ""; +if( !isset($_GET["custum"])) $_GET["custum"] = ""; + if( $_GET["dial"]=="dial") { if( $_GET["DECT"]=="") diff --git a/admin/schichtplan.php b/admin/schichtplan.php index 5c8e90c2..9e7ec81b 100755 --- a/admin/schichtplan.php +++ b/admin/schichtplan.php @@ -5,7 +5,7 @@ $submenus = 1; include ("./inc/header.php"); include ("./inc/funktion_user.php"); -if (!IsSet($action)) { +if (!IsSet($_GET["action"])) { echo "Hallo ".$_SESSION['Nick'].",<br>\n"; echo "hier kannst du Schichten anlegen, ändern oder löschen.<br><br>"; echo "<a href=\"./shiftadd.php\">Neue Schicht einplanen</a><br><br>\n\n"; @@ -31,10 +31,13 @@ for( $i = 0; $i < $rowcount; $i++) $sql2= "SELECT `Name` FROM `Room` WHERE `RID`=\"".mysql_result($Erg, $i, "RID")."\""; $Erg2 = mysql_query($sql2, $con); - echo "\t\t<td>".mysql_result($Erg2, 0, "Name")."</td>\n"; - + if( mysql_num_rows($Erg2) > 0) + echo "\t\t<td>".mysql_result($Erg2, 0, "Name")."</td>\n"; + else + echo "\t\t<td>Unbenkannt (RID=". mysql_result($Erg, $i, "RID"). ")</td>\n"; echo "\t\t<td>".mysql_result($Erg, $i, "Len")." Std. </td>\n"; - echo "\t\t<td><a href=\"./schichtplan.php?action=change&SID=".mysql_result($Erg, $i, "SID")."\">####</a></td>\n"; + echo "\t\t<td><a href=\"./schichtplan.php?action=change&SID=". + mysql_result($Erg, $i, "SID")."\">####</a></td>\n"; echo "\t</tr>\n"; } echo "</table>"; @@ -45,22 +48,22 @@ echo "</table>"; // aus sicherheitzgründen wegen späterer genuzung UnSet($chSQL); -switch ($action){ +switch ($_GET["action"]){ case 'change': - if ( !IsSet($SID) ){ + if ( !IsSet($_GET["SID"]) ){ echo "Fehlerhafter Aufruf!\n"; } else { - $sql = "SELECT * FROM `Shifts` WHERE (`SID` = \"$SID\" )"; + $sql = "SELECT * FROM `Shifts` WHERE (`SID` = \"". $_GET["SID"]. "\" )"; $Erg = mysql_query($sql, $con); echo "Schicht abändern: <br>\n"; // Anzeige Allgemeiner schaischt daten - echo "<form action=\"".$_SERVER['SCRIPT_NAME']."\" method=\"POST\" >"; + echo "<form action=\"".$_SERVER['SCRIPT_NAME']."\" method=\"GET\" >"; echo "<table>\n"; echo " <tr><td>Schichtbeginn</td>". "<td><input value=\"". mysql_result($Erg, 0, "DateS"). @@ -88,14 +91,14 @@ case 'change': "\" type=\"text\" size=\"40\" name=\"eName\"></td></tr>\n"; echo "</table>\n"; - echo "<input type=\"hidden\" name=\"SID\" value=\"$SID\">\n"; + echo "<input type=\"hidden\" name=\"SID\" value=\"". $_GET["SID"]. "\">\n"; echo "<input type=\"hidden\" name=\"action\" value=\"changesave\">\n"; echo "<input type=\"submit\" value=\"sichern...\">\n"; echo "</form>\n\n"; // Löschen - echo "<form action=\"".$_SERVER['SCRIPT_NAME']."\" method=\"POST\" >\n"; - echo "<input type=\"hidden\" name=\"SID\" value=\"$SID\">\n"; + echo "<form action=\"". $_SERVER['SCRIPT_NAME']. "\" method=\"GET\" >\n"; + echo "<input type=\"hidden\" name=\"SID\" value=\"". $_GET["SID"]. "\">\n"; echo "<input type=\"hidden\" name=\"action\" value=\"delete\">\n"; echo "<input type=\"submit\" value=\"Löschen...\">\n"; echo "</form>\n\n"; @@ -106,7 +109,7 @@ case 'change': echo "<br><hr>\n\n\n\n"; //Freie Engelschichten - $sql3 = "SELECT TID FROM `ShiftEntry` WHERE SID=$SID AND UID=0"; + $sql3 = "SELECT TID FROM `ShiftEntry` WHERE SID=". $_GET["SID"]. " AND UID=0"; $Erg3 = mysql_query($sql3, $con); $rowcount = mysql_num_rows($Erg3); @@ -115,13 +118,13 @@ case 'change': for ($j=0; $j < $rowcount; $j++) { $TID = mysql_result($Erg3, $j, 0); - echo "<a href=\"./schichtplan.php?action=engelshiftdel&SID=$SID&TID=$TID\">". + echo "<a href=\"./schichtplan.php?action=engelshiftdel&SID=". $_GET["SID"]. "&TID=$TID\">". "freie ". TID2Type($TID). Get_Text("inc_schicht_Engel"). "schicht loeschen</a><br>\n"; } echo "<br><hr>\n\n\n\n"; //Ausgabe eingetragener schischten - $sql3 = "SELECT * FROM `ShiftEntry` WHERE SID=$SID AND NOT UID=0"; + $sql3 = "SELECT * FROM `ShiftEntry` WHERE SID=". $_GET["SID"]. " AND NOT UID=0"; $Erg3 = mysql_query($sql3, $con); $rowcount = mysql_num_rows($Erg3); @@ -130,7 +133,7 @@ case 'change': for ($j=0; $j < $rowcount; $j++) { $userUID=mysql_result($Erg3, $j, "UID"); - echo "<a href=\"./schichtplan.php?action=engeldel&SID=$SID&UIDs=$userUID\">". + echo "<a href=\"./schichtplan.php?action=engeldel&SID=". $_GET["SID"]. "&UIDs=$userUID\">". UID2Nick($userUID). " (". TID2Type(mysql_result($Erg3, $j, "TID")). Get_Text("inc_schicht_Engel"). ") austragen</a><br>\n"; @@ -140,8 +143,8 @@ case 'change': //Nachtragen von Engeln echo "Hat ein anderer Engel die Schicht übernommen, trage ihn bitte ein:"; - echo "<form action=\"".$_SERVER['SCRIPT_NAME']."\" method=\"POST\" >\n"; - echo "<input type=\"hidden\" name=\"SID\" value=\"$SID\">\n"; + echo "<form action=\"".$_SERVER['SCRIPT_NAME']."\" method=\"GET\" >\n"; + echo "<input type=\"hidden\" name=\"SID\" value=\"". $_GET["SID"]. "\">\n"; echo "<input type=\"hidden\" name=\"action\" value=\"engeladd\">\n"; // Listet alle Nicks auf @@ -163,7 +166,7 @@ case 'change': // holt eine liste der benötigten Engel zu dieser Schischt $sql3 = "SELECT Count(`TID`) AS `CTID`, `TID` FROM `ShiftEntry` "; - $sql3.= "WHERE (`SID`='$SID' AND `UID`='0') "; + $sql3.= "WHERE (`SID`='". $_GET["SID"]. "' AND `UID`='0') "; $sql3.= "GROUP BY `SID`, `TID`, `UID` "; $Erg3 = mysql_query($sql3, $con); $i=-1; @@ -181,7 +184,7 @@ case 'change': $EngelTID = mysql_result($Erg2, $l, "TID"); echo "<option value=\"$EngelTID\">"; echo mysql_result($Erg2, $l, "Name"). Get_Text("inc_schicht_engel"); - if( $EngelNeed[$EngelTID] == "" ) + if( !isset($EngelNeed[$EngelTID]) ) echo " (0)"; else echo " (".$EngelNeed[$EngelTID].")"; @@ -196,61 +199,65 @@ case 'change': break; case 'engeladd': - if( $UIDs>0) + if( $_GET["UIDs"]>0) { - $SQL = "SELECT * FROM `ShiftEntry` WHERE (`SID`='$SID' AND `TID`='$TID' AND `UID`='0')"; + $SQL = "SELECT * FROM `ShiftEntry` ". + "WHERE (`SID`='". $_GET["SID"]. "' AND `TID`='". $_GET["TID"]. "' AND `UID`='0')"; $ERG = mysql_query($SQL, $con); if( mysql_num_rows($ERG) != 0 ) { $chSQL = "UPDATE `ShiftEntry` SET ". - "`UID`='$UIDs', `Comment`='shift added by ".$_SESSION['Nick']."' "; - $chSQL .= "WHERE (`SID`='$SID' AND `TID`='$TID' AND `UID`='0' ) LIMIT 1"; + "`UID`='". $_GET["UIDs"]. "', `Comment`='shift added by ".$_SESSION['Nick']."' "; + $chSQL .= "WHERE (`SID`='". $_GET["SID"]. "' AND ". + "`TID`='". $_GET["TID"]. "' AND `UID`='0' ) LIMIT 1"; } else { $chSQL = "INSERT INTO `ShiftEntry` (`SID`, `TID`, `UID`, `Comment`) VALUES ("; - $chSQL .= "'$SID', '$TID', '$UIDs', 'shift added by ".$_SESSION['Nick']."')"; + $chSQL .= "'". $_GET["SID"]. "', '". $_GET["TID"]. "', ". + "'". $_GET["UIDs"]. "', 'shift added by ".$_SESSION['Nick']."')"; } echo "Es wird folgende Schicht zusätzlich eingetragen:<br>\n"; - echo "Engel: ".UID2Nick($UIDs)."<br>\n"; + echo "Engel: ".UID2Nick($_GET["UIDs"])."<br>\n"; echo "Bemerkung: Schicht eingetragen durch Erzengel ".$_SESSION['Nick']."<br>\n<br>\n"; } else { $chSQL = "INSERT INTO `ShiftEntry` (`SID`, `TID`, `UID`, `Comment`) VALUES ("; - $chSQL .= "'$SID', '$TID', '0', NULL)"; + $chSQL .= "'". $_GET["SID"]. "', '". $_GET["TID"]. "', '0', NULL)"; echo "Es wird eine weitere Schicht eingetragen:<br>\n"; } break; case 'engeldel': - $chSQL = "UPDATE `ShiftEntry` SET `UID`='0', `Comment`= 'NULL' WHERE (`SID`='$SID' AND `UID`='$UIDs') LIMIT 1"; + $chSQL = "UPDATE `ShiftEntry` SET `UID`='0', `Comment`= 'NULL' WHERE (`SID`='". $_GET["SID"]. + "' AND `UID`='". $_GET["UIDs"]. "') LIMIT 1"; break; case 'engelshiftdel': - $chSQL = "DELETE FROM `ShiftEntry` WHERE `SID`='$SID' AND `TID`='$TID' AND `UID`='0' LIMIT 1"; + $chSQL = "DELETE FROM `ShiftEntry` WHERE `SID`='". $_GET["SID"]. "' AND `TID`='". + $_GET["TID"]. "' AND `UID`='0' LIMIT 1"; break; case 'changesave': - $query = mysql_query("SELECT DATE_ADD('".$eDate."', INTERVAL '+0 ".$eDauer."' DAY_HOUR)", $con); + $query = mysql_query("SELECT DATE_ADD('". $_GET["eDate"]. "', INTERVAL '+0 ". $_GET["eDauer"]. "' DAY_HOUR)", $con); $enddate = mysql_fetch_row($query); - $chSQL = "UPDATE `Shifts` SET `DateS`='$eDate', `DateE`='".$enddate[0]."', `RID`='$eRID', `Len`='$eDauer', ". - "`Man`='$eName' WHERE `SID`=$SID"; + $chSQL = "UPDATE `Shifts` SET `DateS`='". $_GET["eDate"]. "', `DateE`='".$enddate[0]. + "', `RID`='". $_GET["eRID"]. "', `Len`='". $_GET["eDauer"]. "', ". + "`Man`='". $_GET["eName"]. "' WHERE `SID`=". $_GET["SID"]; SetHeaderGo2Back(); break; case 'delete': - $chSQL = "DELETE FROM `Shifts` WHERE `SID`=$SID LIMIT 1"; - $ch2SQL = "DELETE FROM `ShiftEntry` WHERE `SID`=$SID"; + $chSQL = "DELETE FROM `Shifts` WHERE `SID`=". $_GET["SID"]. " LIMIT 1"; + $ch2SQL = "DELETE FROM `ShiftEntry` WHERE `SID`=". $_GET["SID"]; SetHeaderGo2Back(); break; } // end switch -// Update ??? - if (IsSet($chSQL)){ // echo $chSQL; // hier muesste das SQL ausgefuehrt werden... diff --git a/admin/shiftadd.php b/admin/shiftadd.php index a70c01fc..8b2f6451 100755 --- a/admin/shiftadd.php +++ b/admin/shiftadd.php @@ -15,7 +15,7 @@ echo "Hallo ".$_SESSION['Nick'].",<br>\n"; for ($i=0; $i<$rowcount; $i++) { $Room[$i]["RID"] = mysql_result($Erg, $i, "RID"); - $Room[$i]["Name"] = mysql_result($Erg, $i, "Name"); + $Room[$i]["Name"] = mysql_result($Erg, $i, "Name"); } // erstellt ein Aray der Engeltypen @@ -26,16 +26,17 @@ echo "Hallo ".$_SESSION['Nick'].",<br>\n"; for ($i=0; $i<$rowcount; $i++) { $EngelType[$i]["TID"] = mysql_result($Erg, $i, "TID"); - $EngelType[$i]["Name"] = mysql_result($Erg, $i, "Name").Get_Text("inc_schicht_engel"); + $EngelType[$i]["Name"] = mysql_result($Erg, $i, "Name").Get_Text("inc_schicht_engel"); } -if (!IsSet($action)) - $action = "new"; +if (!IsSet($_GET["action"])) + $_GET["action"] = "new"; $Time = time()+3600+3600; -switch ($action){ +switch( $_GET["action"]) +{ case 'new': ?> @@ -110,11 +111,14 @@ mehrere Schichten auf einmal erfasst werden: break; // Ende new case 'newsave': - if (isset($SDatum) && ($len > 0)) { - $lenOrg = $len; - if( $NachtON == "ON" ) + if (isset($_GET["SDatum"]) && ($_GET["len"] > 0)) + { + $lenOrg = $_GET["len"]; + if( !isset($_GET["NachtON"])) + $_GET["NachtON"] = "OFF"; + if( $_GET["NachtON"] == "ON" ) { - $lenArrayDummy = explode( ";", $len_night); + $lenArrayDummy = explode( ";", $_GET["len_night"]); foreach ( $lenArrayDummy as $Temp ) { if( isset($Temp2) ) @@ -138,20 +142,22 @@ case 'newsave': echo "\t<td valign=\"top\" align=\"center\">Entrys</td>\n"; echo "</tr>\n"; - $DateEnd = $SDatum; - $TimeEnd = $STime; - do { + $DateEnd = $_GET["SDatum"]; + $TimeEnd = $_GET["STime"]; + $len=0; + do + { // define Start time $Date = $DateEnd; $Time = $TimeEnd; - $_DateS = $MonthJahr. "-". $Date. " ". $Time. ":00:00"; + $_DateS = $_GET["MonthJahr"]. "-". $Date. " ". $Time. ":00:00"; // define End time - if( $NachtON == "ON" ) + if( $_GET["NachtON"] == "ON" ) { - $len = $lenArray[$Time]; + $_GET["len"] = $lenArray[$Time]; } - $TimeEnd = $Time+ $len; + $TimeEnd = $Time+ $_GET["len"]; //Tagesüberschreitung while( $TimeEnd >= 24 ) @@ -159,43 +165,43 @@ case 'newsave': $TimeEnd -= 24; $DateEnd += 1; } - //ist schischt zu lang dan verkürzen - if( $DateEnd > $EDatum || ($DateEnd == $EDatum && $TimeEnd >= $ETime) ) + //ist schischt zu lang dan verkürzen + if( $DateEnd > $_GET["EDatum"] || ($DateEnd == $_GET["EDatum"] && $TimeEnd >= $_GET["ETime"]) ) { - $len -= ($DateEnd- $EDatum)*24; - $len -= ($TimeEnd- $ETime); // -(-) ->> + - $DateEnd = $EDatum; - $TimeEnd = $ETime; + $_GET["len"] -= ($DateEnd- $_GET["EDatum"])*24; + $_GET["len"] -= ($TimeEnd- $_GET["ETime"]); // -(-) ->> + + $DateEnd = $_GET["EDatum"]; + $TimeEnd = $_GET["ETime"]; } - $_DateE = $MonthJahr. "-". $DateEnd. " ". $TimeEnd. ":00:00"; + $_DateE = $_GET["MonthJahr"]. "-". $DateEnd. " ". $TimeEnd. ":00:00"; if( $_DateS != $_DateE ) CreateNewEntry(); - if( $MoreThenOne!="ON" ) break; - if( $DateEnd == $EDatum && $TimeEnd >= $ETime ) break; + if( $_GET["MoreThenOne"]!="ON" ) break; + if( $DateEnd == $_GET["EDatum"] && $TimeEnd >= $_GET["ETime"] ) break; } while( true ); echo "</table>"; - if( $OnlyShow!="" ) + if( $_GET["OnlyShow"]=="ON" ) { echo "<form action=\"". $_SERVER['SCRIPT_NAME']. "\">"; - echo "\n\t<Input type=\"hidden\" name=\"SchichtName\" value=\"$SchichtName\">"; - echo "\n\t<input type=\"hidden\" name=\"MonthJahr\" value=\"$MonthJahr\">"; - echo "\n\t<input type=\"hidden\" name=\"SDatum\" value=\"$SDatum\">"; - echo "\n\t<input type=\"hidden\" name=\"STime\" value=\"$STime\">"; - echo "\n\t<input type=\"hidden\" name=\"MoreThenOne\" value=\"$MoreThenOne\">"; - echo "\n\t<input type=\"hidden\" name=\"EDatum\" value=\"$EDatum\">"; - echo "\n\t<input type=\"hidden\" name=\"ETime\" value=\"$ETime\">"; - echo "\n\t<input type=\"hidden\" name=\"len\" value=\"$lenOrg\">"; - echo "\n\t<input type=\"hidden\" name=\"RID\" value=\"$RID\">"; - echo "\n\t<input type=\"hidden\" name=\"NachtON\" value=\"$NachtON\">"; - echo "\n\t<input type=\"hidden\" name=\"len_night\" value=\"$len_night\">"; - echo "\n\t<input type=\"hidden\" name=\"OnlyShow\" value=\"\">"; + echo "\n\t<Input type=\"hidden\" name=\"SchichtName\" value=\"". $_GET["SchichtName"]. "\">"; + echo "\n\t<input type=\"hidden\" name=\"MonthJahr\" value=\"". $_GET["MonthJahr"]. "\">"; + echo "\n\t<input type=\"hidden\" name=\"SDatum\" value=\"". $_GET["SDatum"]. "\">"; + echo "\n\t<input type=\"hidden\" name=\"STime\" value=\"". $_GET["STime"]. "\">"; + echo "\n\t<input type=\"hidden\" name=\"MoreThenOne\" value=\"". $_GET["MoreThenOne"]. "\">"; + echo "\n\t<input type=\"hidden\" name=\"EDatum\" value=\"". $_GET["EDatum"]. "\">"; + echo "\n\t<input type=\"hidden\" name=\"ETime\" value=\"". $_GET["ETime"]. "\">"; + echo "\n\t<input type=\"hidden\" name=\"len\" value=\"". $lenOrg. "\">"; + echo "\n\t<input type=\"hidden\" name=\"RID\" value=\"". $_GET["RID"]. "\">"; + echo "\n\t<input type=\"hidden\" name=\"NachtON\" value=\"". $_GET["NachtON"]. "\">"; + echo "\n\t<input type=\"hidden\" name=\"len_night\" value=\"". $_GET["len_night"]. "\">"; + echo "\n\t<input type=\"hidden\" name=\"OnlyShow\" value=\"OFF\">"; foreach ($EngelType As $TTemp) { $Temp = "EngelType".$TTemp["TID"]; - echo "\n\t<input type=\"hidden\" name=\"". $Temp. "\" value=\"".$$Temp."\">"; + echo "\n\t<input type=\"hidden\" name=\"". $Temp. "\" value=\"". $_GET[$Temp]. "\">"; } echo "\n\t<input type=\"hidden\" name=\"action\" value=\"newsave\">"; echo "\n\t<input type=\"submit\" value=\"mach mal Gabriel!\">"; @@ -213,7 +219,7 @@ case 'engeldel': function CreateNewEntry() { - global $con, $_DateS, $_DateE, $len, $RID, $SchichtName, $OnlyShow, $EngelType, $DEBUG; + global $con, $_DateS, $_DateE, $EngelType, $DEBUG; foreach ($EngelType As $TTemp) { $Temp = "EngelType".$TTemp["TID"]; @@ -224,9 +230,9 @@ function CreateNewEntry() echo "\t<td>$_DateS</td>\n"; echo "\t<td>$_DateE</td>\n"; - echo "\t<td>$len</td\n>"; - echo "\t<td>$RID</td>\n"; - echo "\t<td>$SchichtName</td>\n"; + echo "\t<td>". $_GET["len"]. "</td>\n"; + echo "\t<td>". $_GET["RID"]. "</td>\n"; + echo "\t<td>". $_GET["SchichtName"]. "</td>\n"; // Ist eintarg schon vorhanden? @@ -234,12 +240,12 @@ function CreateNewEntry() $SQL .= "WHERE (". "`DateS` = '". $_DateS. "' AND ". "`DateE` = '". $_DateE. "' AND ". - "`RID` = '". $RID. "');"; + "`RID` = '". $_GET["RID"]. "');"; $Erg = mysql_query($SQL, $con); if( mysql_num_rows($Erg) != 0 ) echo "\t<td>exists</td>"; - elseif( $OnlyShow == "" ) + elseif( $_GET["OnlyShow"] == "OFF" ) { //Suchet nach letzter SID $SQLin = "SELECT `SID` FROM `Shifts` ". @@ -254,8 +260,8 @@ function CreateNewEntry() // erstellt Eintrag in Shifts für die algemeine schicht $SQL = "INSERT INTO `Shifts` (`SID`, `DateS`, `DateE`, `Len`, `RID`, `Man`) VALUES ('$newSID', "; $SQL .= "'". $_DateS. "', '". $_DateE. "', "; - $SQL .= "'". $len. "', '". $RID. "', "; - $SQL .= "'". $SchichtName. "');"; + $SQL .= "'". $_GET["len"]. "', '". $_GET["RID"]. "', "; + $SQL .= "'". $_GET["SchichtName"]. "');"; $Erg = mysql_query($SQL, $con); $SQLFail = "\n\t<br>[".$SQL. "]"; @@ -271,15 +277,15 @@ function CreateNewEntry() $SQL .= "WHERE (". "`DateS` = '". $_DateS. "' AND ". "`DateE` = '". $_DateE. "' AND ". - "`Len` = '". $len. "' AND ". - "`RID` = '". $RID. "');"; + "`Len` = '". $_GET["len"]. "' AND ". + "`RID` = '". $_GET["RID"]. "');"; $Erg = mysql_query($SQL, $con); if( mysql_num_rows($Erg) == 0 ) echo "\t<td>?</td>"; else { $SID = mysql_result($Erg, 0, "SID"); - echo "\t<td>$SID</td>"; + echo "\t<td>". $SID. "</td>"; } // erstellt für jeden Engeltypen die eintrage in 'ShiftEntry' @@ -288,18 +294,18 @@ function CreateNewEntry() { $Temp = "EngelType".$TTemp["TID"]; - if( $$Temp > 0 ) + if( $_GET[$Temp] > 0 ) { $i = 0; - echo $$Temp. " ".$TTemp["Name"]. "<br>\t"; - while( $i++ < $$Temp ) + echo $_GET[$Temp]. " ".$TTemp["Name"]. "<br>\t"; + while( $i++ < $_GET[$Temp] ) { - $SQL = "INSERT INTO `ShiftEntry` (`SID`, `TID`) VALUES ("; - $SQL .= "'$SID', "; - $SQL .= "'". $TTemp["TID"]. "');"; - - if( $OnlyShow == "" ) + if( $_GET["OnlyShow"] == "OFF" ) { + $SQL = "INSERT INTO `ShiftEntry` (`SID`, `TID`) VALUES ("; + $SQL .= "'". $SID. "', "; + $SQL .= "'". $TTemp["TID"]. "');"; + $Erg = mysql_query($SQL, $con); if( $DEBUG ) $SQLFail = "\n\t<br>[".$SQL. "]"; @@ -309,13 +315,12 @@ function CreateNewEntry() } else - echo "'only show' "; + echo "+"; } echo "<br>"; } // IF $$TEMP } // FOREACH echo "</td>"; - echo "</tr>\n"; } diff --git a/admin/user.php b/admin/user.php index 503a0983..a1c2aa4b 100755 --- a/admin/user.php +++ b/admin/user.php @@ -5,14 +5,14 @@ $header = "Editieren der Engelliste"; include ("./inc/header.php"); include ("./inc/funktion_db_list.php"); -if (!IsSet($enterUID)){ - +if (!IsSet($_GET["enterUID"])) +{ // Userliste, keine UID uebergeben... echo "<a href=\"../makeuser.php\">Neuen Engel eintragen</a><br><br>\n"; - if( !isset($OrderBy) ) $OrderBy = "Nick"; - $SQL = "SELECT * FROM User ORDER BY ". $OrderBy. " ASC"; + if( !isset($_GET["OrderBy"]) ) $_GET["OrderBy"] = "Nick"; + $SQL = "SELECT * FROM User ORDER BY ". $_GET["OrderBy"]. " ASC"; $Erg = mysql_query($SQL, $con); echo mysql_error($con); @@ -98,13 +98,13 @@ else { // UserID wurde mit uebergeben --> Aendern... - $SQL = "SELECT * FROM User where UID=$enterUID"; + $SQL = "SELECT * FROM User where UID=". $_GET["enterUID"]; $Erg = mysql_query($SQL, $con); $anzahl = mysql_num_rows($Erg); if ($anzahl != 1) - echo "Sorry, der Engel (UID=$enterUID) wurde in der Liste nicht gefunden."; + echo "Sorry, der Engel (UID=". $_GET["enterUID"]. ") wurde in der Liste nicht gefunden."; else { echo "Hallo,<br>". @@ -116,9 +116,9 @@ else echo "<form action=\"./user2.php?action=change\" method=\"POST\">\n"; echo "<table>\n"; - echo "<input type=\"hidden\" name=\"Type\" value=\"$Type\">\n"; + echo "<input type=\"hidden\" name=\"Type\" value=\"". $_GET["Type"]. "\">\n"; - if( $Type == "Normal" ) + if( $_GET["Type"] == "Normal" ) { echo " <tr><td>Nick</td><td>". "<input type=\"text\" size=\"40\" name=\"eNick\" value=\"". @@ -193,12 +193,12 @@ else echo "</td></tr>\n"; } //IF TYPE - if( $Type == "Secure" ) + if( $_GET["Type"] == "Secure" ) { // CVS-Rechte echo " <tr><td><br><u>Rights of \"". mysql_result($Erg, 0, "Nick"). "\":</u></td></tr>\n"; - $SQL_CVS = "SELECT * FROM `UserCVS` WHERE UID=$enterUID"; + $SQL_CVS = "SELECT * FROM `UserCVS` WHERE UID=". $_GET["enterUID"]; $Erg_CVS = mysql_query($SQL_CVS, $con); $CVS_Data = mysql_fetch_array($Erg_CVS); $CVS_Data_i = 1; @@ -227,14 +227,14 @@ else // Ende Formular echo "</td></tr>\n"; echo "</table>\n"; - echo "<input type=\"hidden\" name=\"enterUID\" value=\"$enterUID\">\n"; + echo "<input type=\"hidden\" name=\"enterUID\" value=\"". $_GET["enterUID"]. "\">\n"; echo "<input type=\"submit\" value=\"sichern...\">\n"; echo "</form>"; - if( $Type == "Normal" ) + if( $_GET["Type"] == "Normal" ) { echo "<form action=\"./user2.php?action=delete\" method=\"POST\">\n"; - echo "<input type=\"hidden\" name=\"enterUID\" value=\"$enterUID\">\n"; + echo "<input type=\"hidden\" name=\"enterUID\" value=\"". $_GET["enterUID"]. "\">\n"; echo "<input type=\"submit\" value=\"löschen...\">\n"; echo "</form>"; } diff --git a/admin/user2.php b/admin/user2.php index 39b3385b..5f94c093 100755 --- a/admin/user2.php +++ b/admin/user2.php @@ -6,7 +6,7 @@ include ("./inc/header.php"); include ("./inc/funktion_db_list.php"); include ("./inc/crypt.php"); -if (IsSet($action)) +if (IsSet($_GET["action"])) { function SQLExec( $SQL ) @@ -23,40 +23,46 @@ if (IsSet($action)) } SetHeaderGo2Back(); - echo "Gesendeter Befehl: $action<br>"; - - switch ($action) { + echo "Gesendeter Befehl: ". $_GET["action"]. "<br>"; + switch ($_GET["action"]) + { case "change": - if (IsSet($enterUID)) + if (IsSet($_POST["enterUID"])) { - if ($Type == "Normal") + if ($_POST["Type"] == "Normal") { $SQL = "UPDATE `User` SET "; - $SQL.= " `Nick` = '$eNick', `Name` = '$eName', `Vorname` = '$eVorname', ". - "`Telefon` = '$eTelefon', `Handy` = '$eHandy', `DECT` = '$eDECT', ". - "`email` = '$eemail', `Size` = '$eSize', ". - "`Gekommen`= '$eGekommen', `Aktiv`= '$eAktiv', ". - "`Tshirt` = '$eTshirt' "; - $SQL.= "WHERE `UID` = '$enterUID' LIMIT 1;"; + $SQL.= " `Nick` = '". $_POST["eNick"]. "', `Name` = '". $_POST["eName"]. "', ". + "`Vorname` = '". $_POST["eVorname"]. "', ". + "`Telefon` = '". $_POST["eTelefon"]. "', ". + "`Handy` = '". $_POST["eHandy"]. "', ". + "`DECT` = '". $_POST["eDECT"]. "', ". + "`email` = '". $_POST["eemail"]. "', ". + "`Size` = '". $_POST["eSize"]. "', ". + "`Gekommen`= '". $_POST["eGekommen"]. "', ". + "`Aktiv`= '". $_POST["eAktiv"]. "', ". + "`Tshirt` = '". $_POST["eTshirt"]. "' ". + "WHERE `UID` = '". $_POST["enterUID"]. + "' LIMIT 1;"; echo "User-"; SQLExec( $SQL ); } - if ($Type == "Secure") + if ($_POST["Type"] == "Secure") { $SQL2 = "UPDATE `UserCVS` SET "; - $SQL_CVS = "SELECT * FROM `UserCVS` WHERE UID=$enterUID"; + $SQL_CVS = "SELECT * FROM `UserCVS` WHERE UID=". $_POST["enterUID"]; $Erg_CVS = mysql_query($SQL_CVS, $con); $CVS_Data = mysql_fetch_array($Erg_CVS); $CVS_Data_i = 1; foreach ($CVS_Data as $CVS_Data_Name => $CVS_Data_Value) { if( ($CVS_Data_i+1)%2 && $CVS_Data_Name!="UID") - $SQL2.= "`$CVS_Data_Name` = '".$$CVS_Data_i."', "; + $SQL2.= "`$CVS_Data_Name` = '". $_POST[$CVS_Data_i]."', "; $CVS_Data_i++; } $SQL2 = substr( $SQL2, 0, strlen($SQL2)-2 ); - $SQL2.= " WHERE `UID` = '$enterUID' LIMIT 1;"; + $SQL2.= " WHERE `UID` = '". $_POST["enterUID"]. "' LIMIT 1;"; echo "<br>Secure-"; SQLExec( $SQL2 ); } @@ -64,14 +70,17 @@ if (IsSet($action)) break; case "delete": - if (IsSet($enterUID)) + if (IsSet($_POST["enterUID"])) { - $SQL="delete from `User` WHERE `UID` = '$enterUID' LIMIT 1;"; + echo "delate User..."; + $SQL="delete from `User` WHERE `UID` = '". $_POST["enterUID"]. "' LIMIT 1;"; SQLExec( $SQL ); - $SQL2="delete from `UserCVS` WHERE `UID` = '$enterUID' LIMIT 1;"; + echo "<br>\ndelate UserCVS..."; + $SQL2="delete from `UserCVS` WHERE `UID` = '". $_POST["enterUID"]. "' LIMIT 1;"; SQLExec( $SQL2 ); + echo "<br>\ndelate UserEntry..."; $SQL3="UPDATE `ShiftEntry` SET `UID` = '0', `Comment` = NULL ". - "WHERE `UID` = '$enterUID' LIMIT 1;"; + "WHERE `UID` = '". $_POST["enterUID"]. "' LIMIT 1;"; SQLExec( $SQL3 ); } break; @@ -80,24 +89,25 @@ if (IsSet($action)) case "newpw": echo "Bitte neues Kennwort für <b>"; // Get Nick - $USQL = "SELECT * FROM User where UID=$eUID"; + $USQL = "SELECT * FROM User where UID=". $_POST["eUID"]; $Erg = mysql_query($USQL, $con); echo mysql_result($Erg, 0, "Nick"); echo "</b> eingeben:<br>"; echo "<form action=\"./user2.php\" method=\"POST\">\n"; echo "<input type=\"Password\" name=\"ePasswort\">"; echo "<input type=\"Password\" name=\"ePasswort2\">"; - echo "<input type=\"hidden\" name=\"eUID\" value=\"$eUID\">"; + echo "<input type=\"hidden\" name=\"eUID\" value=\"". $_POST["eUID"]. "\">"; echo "<input type=\"hidden\" name=\"action\" value=\"newpwsave\">\n"; echo "<input type=\"submit\" value=\"sichern...\">\n"; echo "</form>"; break; case "newpwsave": - if ($ePasswort == $ePasswort2) + if ($_POST["ePasswort"] == $_POST["ePasswort2"]) { // beide Passwoerter passen... - $ePasswort = PassCrypt($ePasswort); - $SQL="UPDATE `User` SET `Passwort`='$ePasswort' where `UID` = '$eUID'"; + $_POST["ePasswort"] = PassCrypt($_POST["ePasswort"]); + $SQL = "UPDATE `User` SET `Passwort`='". $_POST["ePasswort"]. "' ". + "where `UID` = '". $_POST["eUID"]. "'"; SQLExec( $SQL ); } else @@ -110,7 +120,7 @@ if (IsSet($action)) else { // kein Action gesetzt -> abbruch - echo "Unzulässiger Aufruf. Bitte neu editieren..."; + echo "Unzulässiger Aufruf.<br>Bitte neu editieren..."; } include ("./inc/footer.php"); |