summaryrefslogtreecommitdiff
path: root/admin
diff options
context:
space:
mode:
authorcookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8>2005-11-06 16:33:22 +0000
committercookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8>2005-11-06 16:33:22 +0000
commitde656d885e687337698016024304300a8ac749ea (patch)
treea03f6455575d34cb7d8f56c5d9d3d4a924704314 /admin
parentfc585473934605d12b2e970436bb81f6b28cd7e8 (diff)
und noch ein bichen
git-svn-id: svn://svn.cccv.de/engel-system@16 29ba0400-6e00-0410-a75a-ca02368028f8
Diffstat (limited to 'admin')
-rwxr-xr-xadmin/dect.php3
-rwxr-xr-xadmin/schichtplan.php77
-rwxr-xr-xadmin/shiftadd.php125
-rwxr-xr-xadmin/user.php26
-rwxr-xr-xadmin/user2.php62
5 files changed, 159 insertions, 134 deletions
diff --git a/admin/dect.php b/admin/dect.php
index 0afc7f4f..99a58028 100755
--- a/admin/dect.php
+++ b/admin/dect.php
@@ -7,6 +7,9 @@ include ("./inc/header.php");
include ("./inc/funktion_modem.php");
+if( !isset($_GET["dial"])) $_GET["dial"] = "";
+if( !isset($_GET["custum"])) $_GET["custum"] = "";
+
if( $_GET["dial"]=="dial")
{
if( $_GET["DECT"]=="")
diff --git a/admin/schichtplan.php b/admin/schichtplan.php
index 5c8e90c2..9e7ec81b 100755
--- a/admin/schichtplan.php
+++ b/admin/schichtplan.php
@@ -5,7 +5,7 @@ $submenus = 1;
include ("./inc/header.php");
include ("./inc/funktion_user.php");
-if (!IsSet($action)) {
+if (!IsSet($_GET["action"])) {
echo "Hallo ".$_SESSION['Nick'].",<br>\n";
echo "hier kannst du Schichten anlegen, &auml;ndern oder l&ouml;schen.<br><br>";
echo "<a href=\"./shiftadd.php\">Neue Schicht einplanen</a><br><br>\n\n";
@@ -31,10 +31,13 @@ for( $i = 0; $i < $rowcount; $i++)
$sql2= "SELECT `Name` FROM `Room` WHERE `RID`=\"".mysql_result($Erg, $i, "RID")."\"";
$Erg2 = mysql_query($sql2, $con);
- echo "\t\t<td>".mysql_result($Erg2, 0, "Name")."</td>\n";
-
+ if( mysql_num_rows($Erg2) > 0)
+ echo "\t\t<td>".mysql_result($Erg2, 0, "Name")."</td>\n";
+ else
+ echo "\t\t<td>Unbenkannt (RID=". mysql_result($Erg, $i, "RID"). ")</td>\n";
echo "\t\t<td>".mysql_result($Erg, $i, "Len")." Std. </td>\n";
- echo "\t\t<td><a href=\"./schichtplan.php?action=change&SID=".mysql_result($Erg, $i, "SID")."\">####</a></td>\n";
+ echo "\t\t<td><a href=\"./schichtplan.php?action=change&SID=".
+ mysql_result($Erg, $i, "SID")."\">####</a></td>\n";
echo "\t</tr>\n";
}
echo "</table>";
@@ -45,22 +48,22 @@ echo "</table>";
// aus sicherheitzgründen wegen späterer genuzung
UnSet($chSQL);
-switch ($action){
+switch ($_GET["action"]){
case 'change':
- if ( !IsSet($SID) ){
+ if ( !IsSet($_GET["SID"]) ){
echo "Fehlerhafter Aufruf!\n";
}
else
{
- $sql = "SELECT * FROM `Shifts` WHERE (`SID` = \"$SID\" )";
+ $sql = "SELECT * FROM `Shifts` WHERE (`SID` = \"". $_GET["SID"]. "\" )";
$Erg = mysql_query($sql, $con);
echo "Schicht ab&auml;ndern: <br>\n";
// Anzeige Allgemeiner schaischt daten
- echo "<form action=\"".$_SERVER['SCRIPT_NAME']."\" method=\"POST\" >";
+ echo "<form action=\"".$_SERVER['SCRIPT_NAME']."\" method=\"GET\" >";
echo "<table>\n";
echo " <tr><td>Schichtbeginn</td>".
"<td><input value=\"". mysql_result($Erg, 0, "DateS").
@@ -88,14 +91,14 @@ case 'change':
"\" type=\"text\" size=\"40\" name=\"eName\"></td></tr>\n";
echo "</table>\n";
- echo "<input type=\"hidden\" name=\"SID\" value=\"$SID\">\n";
+ echo "<input type=\"hidden\" name=\"SID\" value=\"". $_GET["SID"]. "\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"changesave\">\n";
echo "<input type=\"submit\" value=\"sichern...\">\n";
echo "</form>\n\n";
// Löschen
- echo "<form action=\"".$_SERVER['SCRIPT_NAME']."\" method=\"POST\" >\n";
- echo "<input type=\"hidden\" name=\"SID\" value=\"$SID\">\n";
+ echo "<form action=\"". $_SERVER['SCRIPT_NAME']. "\" method=\"GET\" >\n";
+ echo "<input type=\"hidden\" name=\"SID\" value=\"". $_GET["SID"]. "\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"delete\">\n";
echo "<input type=\"submit\" value=\"L&ouml;schen...\">\n";
echo "</form>\n\n";
@@ -106,7 +109,7 @@ case 'change':
echo "<br><hr>\n\n\n\n";
//Freie Engelschichten
- $sql3 = "SELECT TID FROM `ShiftEntry` WHERE SID=$SID AND UID=0";
+ $sql3 = "SELECT TID FROM `ShiftEntry` WHERE SID=". $_GET["SID"]. " AND UID=0";
$Erg3 = mysql_query($sql3, $con);
$rowcount = mysql_num_rows($Erg3);
@@ -115,13 +118,13 @@ case 'change':
for ($j=0; $j < $rowcount; $j++)
{
$TID = mysql_result($Erg3, $j, 0);
- echo "<a href=\"./schichtplan.php?action=engelshiftdel&SID=$SID&TID=$TID\">".
+ echo "<a href=\"./schichtplan.php?action=engelshiftdel&SID=". $_GET["SID"]. "&TID=$TID\">".
"freie ". TID2Type($TID). Get_Text("inc_schicht_Engel"). "schicht loeschen</a><br>\n";
}
echo "<br><hr>\n\n\n\n";
//Ausgabe eingetragener schischten
- $sql3 = "SELECT * FROM `ShiftEntry` WHERE SID=$SID AND NOT UID=0";
+ $sql3 = "SELECT * FROM `ShiftEntry` WHERE SID=". $_GET["SID"]. " AND NOT UID=0";
$Erg3 = mysql_query($sql3, $con);
$rowcount = mysql_num_rows($Erg3);
@@ -130,7 +133,7 @@ case 'change':
for ($j=0; $j < $rowcount; $j++)
{
$userUID=mysql_result($Erg3, $j, "UID");
- echo "<a href=\"./schichtplan.php?action=engeldel&SID=$SID&UIDs=$userUID\">".
+ echo "<a href=\"./schichtplan.php?action=engeldel&SID=". $_GET["SID"]. "&UIDs=$userUID\">".
UID2Nick($userUID).
" (". TID2Type(mysql_result($Erg3, $j, "TID")). Get_Text("inc_schicht_Engel").
") austragen</a><br>\n";
@@ -140,8 +143,8 @@ case 'change':
//Nachtragen von Engeln
echo "Hat ein anderer Engel die Schicht &uuml;bernommen, trage ihn bitte ein:";
- echo "<form action=\"".$_SERVER['SCRIPT_NAME']."\" method=\"POST\" >\n";
- echo "<input type=\"hidden\" name=\"SID\" value=\"$SID\">\n";
+ echo "<form action=\"".$_SERVER['SCRIPT_NAME']."\" method=\"GET\" >\n";
+ echo "<input type=\"hidden\" name=\"SID\" value=\"". $_GET["SID"]. "\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"engeladd\">\n";
// Listet alle Nicks auf
@@ -163,7 +166,7 @@ case 'change':
// holt eine liste der benötigten Engel zu dieser Schischt
$sql3 = "SELECT Count(`TID`) AS `CTID`, `TID` FROM `ShiftEntry` ";
- $sql3.= "WHERE (`SID`='$SID' AND `UID`='0') ";
+ $sql3.= "WHERE (`SID`='". $_GET["SID"]. "' AND `UID`='0') ";
$sql3.= "GROUP BY `SID`, `TID`, `UID` ";
$Erg3 = mysql_query($sql3, $con);
$i=-1;
@@ -181,7 +184,7 @@ case 'change':
$EngelTID = mysql_result($Erg2, $l, "TID");
echo "<option value=\"$EngelTID\">";
echo mysql_result($Erg2, $l, "Name"). Get_Text("inc_schicht_engel");
- if( $EngelNeed[$EngelTID] == "" )
+ if( !isset($EngelNeed[$EngelTID]) )
echo " (0)";
else
echo " (".$EngelNeed[$EngelTID].")";
@@ -196,61 +199,65 @@ case 'change':
break;
case 'engeladd':
- if( $UIDs>0)
+ if( $_GET["UIDs"]>0)
{
- $SQL = "SELECT * FROM `ShiftEntry` WHERE (`SID`='$SID' AND `TID`='$TID' AND `UID`='0')";
+ $SQL = "SELECT * FROM `ShiftEntry` ".
+ "WHERE (`SID`='". $_GET["SID"]. "' AND `TID`='". $_GET["TID"]. "' AND `UID`='0')";
$ERG = mysql_query($SQL, $con);
if( mysql_num_rows($ERG) != 0 )
{
$chSQL = "UPDATE `ShiftEntry` SET ".
- "`UID`='$UIDs', `Comment`='shift added by ".$_SESSION['Nick']."' ";
- $chSQL .= "WHERE (`SID`='$SID' AND `TID`='$TID' AND `UID`='0' ) LIMIT 1";
+ "`UID`='". $_GET["UIDs"]. "', `Comment`='shift added by ".$_SESSION['Nick']."' ";
+ $chSQL .= "WHERE (`SID`='". $_GET["SID"]. "' AND ".
+ "`TID`='". $_GET["TID"]. "' AND `UID`='0' ) LIMIT 1";
}
else
{
$chSQL = "INSERT INTO `ShiftEntry` (`SID`, `TID`, `UID`, `Comment`) VALUES (";
- $chSQL .= "'$SID', '$TID', '$UIDs', 'shift added by ".$_SESSION['Nick']."')";
+ $chSQL .= "'". $_GET["SID"]. "', '". $_GET["TID"]. "', ".
+ "'". $_GET["UIDs"]. "', 'shift added by ".$_SESSION['Nick']."')";
}
echo "Es wird folgende Schicht zus&auml;tzlich eingetragen:<br>\n";
- echo "Engel: ".UID2Nick($UIDs)."<br>\n";
+ echo "Engel: ".UID2Nick($_GET["UIDs"])."<br>\n";
echo "Bemerkung: Schicht eingetragen durch Erzengel ".$_SESSION['Nick']."<br>\n<br>\n";
}
else
{
$chSQL = "INSERT INTO `ShiftEntry` (`SID`, `TID`, `UID`, `Comment`) VALUES (";
- $chSQL .= "'$SID', '$TID', '0', NULL)";
+ $chSQL .= "'". $_GET["SID"]. "', '". $_GET["TID"]. "', '0', NULL)";
echo "Es wird eine weitere Schicht eingetragen:<br>\n";
}
break;
case 'engeldel':
- $chSQL = "UPDATE `ShiftEntry` SET `UID`='0', `Comment`= 'NULL' WHERE (`SID`='$SID' AND `UID`='$UIDs') LIMIT 1";
+ $chSQL = "UPDATE `ShiftEntry` SET `UID`='0', `Comment`= 'NULL' WHERE (`SID`='". $_GET["SID"].
+ "' AND `UID`='". $_GET["UIDs"]. "') LIMIT 1";
break;
case 'engelshiftdel':
- $chSQL = "DELETE FROM `ShiftEntry` WHERE `SID`='$SID' AND `TID`='$TID' AND `UID`='0' LIMIT 1";
+ $chSQL = "DELETE FROM `ShiftEntry` WHERE `SID`='". $_GET["SID"]. "' AND `TID`='".
+ $_GET["TID"]. "' AND `UID`='0' LIMIT 1";
break;
case 'changesave':
- $query = mysql_query("SELECT DATE_ADD('".$eDate."', INTERVAL '+0 ".$eDauer."' DAY_HOUR)", $con);
+ $query = mysql_query("SELECT DATE_ADD('". $_GET["eDate"]. "', INTERVAL '+0 ". $_GET["eDauer"]. "' DAY_HOUR)", $con);
$enddate = mysql_fetch_row($query);
- $chSQL = "UPDATE `Shifts` SET `DateS`='$eDate', `DateE`='".$enddate[0]."', `RID`='$eRID', `Len`='$eDauer', ".
- "`Man`='$eName' WHERE `SID`=$SID";
+ $chSQL = "UPDATE `Shifts` SET `DateS`='". $_GET["eDate"]. "', `DateE`='".$enddate[0].
+ "', `RID`='". $_GET["eRID"]. "', `Len`='". $_GET["eDauer"]. "', ".
+ "`Man`='". $_GET["eName"]. "' WHERE `SID`=". $_GET["SID"];
SetHeaderGo2Back();
break;
case 'delete':
- $chSQL = "DELETE FROM `Shifts` WHERE `SID`=$SID LIMIT 1";
- $ch2SQL = "DELETE FROM `ShiftEntry` WHERE `SID`=$SID";
+ $chSQL = "DELETE FROM `Shifts` WHERE `SID`=". $_GET["SID"]. " LIMIT 1";
+ $ch2SQL = "DELETE FROM `ShiftEntry` WHERE `SID`=". $_GET["SID"];
SetHeaderGo2Back();
break;
} // end switch
-// Update ???
-
if (IsSet($chSQL)){
// echo $chSQL;
// hier muesste das SQL ausgefuehrt werden...
diff --git a/admin/shiftadd.php b/admin/shiftadd.php
index a70c01fc..8b2f6451 100755
--- a/admin/shiftadd.php
+++ b/admin/shiftadd.php
@@ -15,7 +15,7 @@ echo "Hallo ".$_SESSION['Nick'].",<br>\n";
for ($i=0; $i<$rowcount; $i++)
{
$Room[$i]["RID"] = mysql_result($Erg, $i, "RID");
- $Room[$i]["Name"] = mysql_result($Erg, $i, "Name");
+ $Room[$i]["Name"] = mysql_result($Erg, $i, "Name");
}
// erstellt ein Aray der Engeltypen
@@ -26,16 +26,17 @@ echo "Hallo ".$_SESSION['Nick'].",<br>\n";
for ($i=0; $i<$rowcount; $i++)
{
$EngelType[$i]["TID"] = mysql_result($Erg, $i, "TID");
- $EngelType[$i]["Name"] = mysql_result($Erg, $i, "Name").Get_Text("inc_schicht_engel");
+ $EngelType[$i]["Name"] = mysql_result($Erg, $i, "Name").Get_Text("inc_schicht_engel");
}
-if (!IsSet($action))
- $action = "new";
+if (!IsSet($_GET["action"]))
+ $_GET["action"] = "new";
$Time = time()+3600+3600;
-switch ($action){
+switch( $_GET["action"])
+{
case 'new':
?>
@@ -110,11 +111,14 @@ mehrere Schichten auf einmal erfasst werden:
break; // Ende new
case 'newsave':
- if (isset($SDatum) && ($len > 0)) {
- $lenOrg = $len;
- if( $NachtON == "ON" )
+ if (isset($_GET["SDatum"]) && ($_GET["len"] > 0))
+ {
+ $lenOrg = $_GET["len"];
+ if( !isset($_GET["NachtON"]))
+ $_GET["NachtON"] = "OFF";
+ if( $_GET["NachtON"] == "ON" )
{
- $lenArrayDummy = explode( ";", $len_night);
+ $lenArrayDummy = explode( ";", $_GET["len_night"]);
foreach ( $lenArrayDummy as $Temp )
{
if( isset($Temp2) )
@@ -138,20 +142,22 @@ case 'newsave':
echo "\t<td valign=\"top\" align=\"center\">Entrys</td>\n";
echo "</tr>\n";
- $DateEnd = $SDatum;
- $TimeEnd = $STime;
- do {
+ $DateEnd = $_GET["SDatum"];
+ $TimeEnd = $_GET["STime"];
+ $len=0;
+ do
+ {
// define Start time
$Date = $DateEnd;
$Time = $TimeEnd;
- $_DateS = $MonthJahr. "-". $Date. " ". $Time. ":00:00";
+ $_DateS = $_GET["MonthJahr"]. "-". $Date. " ". $Time. ":00:00";
// define End time
- if( $NachtON == "ON" )
+ if( $_GET["NachtON"] == "ON" )
{
- $len = $lenArray[$Time];
+ $_GET["len"] = $lenArray[$Time];
}
- $TimeEnd = $Time+ $len;
+ $TimeEnd = $Time+ $_GET["len"];
//Tagesüberschreitung
while( $TimeEnd >= 24 )
@@ -159,43 +165,43 @@ case 'newsave':
$TimeEnd -= 24;
$DateEnd += 1;
}
- //ist schischt zu lang dan verkürzen
- if( $DateEnd > $EDatum || ($DateEnd == $EDatum && $TimeEnd >= $ETime) )
+ //ist schischt zu lang dan verkürzen
+ if( $DateEnd > $_GET["EDatum"] || ($DateEnd == $_GET["EDatum"] && $TimeEnd >= $_GET["ETime"]) )
{
- $len -= ($DateEnd- $EDatum)*24;
- $len -= ($TimeEnd- $ETime); // -(-) ->> +
- $DateEnd = $EDatum;
- $TimeEnd = $ETime;
+ $_GET["len"] -= ($DateEnd- $_GET["EDatum"])*24;
+ $_GET["len"] -= ($TimeEnd- $_GET["ETime"]); // -(-) ->> +
+ $DateEnd = $_GET["EDatum"];
+ $TimeEnd = $_GET["ETime"];
}
- $_DateE = $MonthJahr. "-". $DateEnd. " ". $TimeEnd. ":00:00";
+ $_DateE = $_GET["MonthJahr"]. "-". $DateEnd. " ". $TimeEnd. ":00:00";
if( $_DateS != $_DateE )
CreateNewEntry();
- if( $MoreThenOne!="ON" ) break;
- if( $DateEnd == $EDatum && $TimeEnd >= $ETime ) break;
+ if( $_GET["MoreThenOne"]!="ON" ) break;
+ if( $DateEnd == $_GET["EDatum"] && $TimeEnd >= $_GET["ETime"] ) break;
} while( true );
echo "</table>";
- if( $OnlyShow!="" )
+ if( $_GET["OnlyShow"]=="ON" )
{
echo "<form action=\"". $_SERVER['SCRIPT_NAME']. "\">";
- echo "\n\t<Input type=\"hidden\" name=\"SchichtName\" value=\"$SchichtName\">";
- echo "\n\t<input type=\"hidden\" name=\"MonthJahr\" value=\"$MonthJahr\">";
- echo "\n\t<input type=\"hidden\" name=\"SDatum\" value=\"$SDatum\">";
- echo "\n\t<input type=\"hidden\" name=\"STime\" value=\"$STime\">";
- echo "\n\t<input type=\"hidden\" name=\"MoreThenOne\" value=\"$MoreThenOne\">";
- echo "\n\t<input type=\"hidden\" name=\"EDatum\" value=\"$EDatum\">";
- echo "\n\t<input type=\"hidden\" name=\"ETime\" value=\"$ETime\">";
- echo "\n\t<input type=\"hidden\" name=\"len\" value=\"$lenOrg\">";
- echo "\n\t<input type=\"hidden\" name=\"RID\" value=\"$RID\">";
- echo "\n\t<input type=\"hidden\" name=\"NachtON\" value=\"$NachtON\">";
- echo "\n\t<input type=\"hidden\" name=\"len_night\" value=\"$len_night\">";
- echo "\n\t<input type=\"hidden\" name=\"OnlyShow\" value=\"\">";
+ echo "\n\t<Input type=\"hidden\" name=\"SchichtName\" value=\"". $_GET["SchichtName"]. "\">";
+ echo "\n\t<input type=\"hidden\" name=\"MonthJahr\" value=\"". $_GET["MonthJahr"]. "\">";
+ echo "\n\t<input type=\"hidden\" name=\"SDatum\" value=\"". $_GET["SDatum"]. "\">";
+ echo "\n\t<input type=\"hidden\" name=\"STime\" value=\"". $_GET["STime"]. "\">";
+ echo "\n\t<input type=\"hidden\" name=\"MoreThenOne\" value=\"". $_GET["MoreThenOne"]. "\">";
+ echo "\n\t<input type=\"hidden\" name=\"EDatum\" value=\"". $_GET["EDatum"]. "\">";
+ echo "\n\t<input type=\"hidden\" name=\"ETime\" value=\"". $_GET["ETime"]. "\">";
+ echo "\n\t<input type=\"hidden\" name=\"len\" value=\"". $lenOrg. "\">";
+ echo "\n\t<input type=\"hidden\" name=\"RID\" value=\"". $_GET["RID"]. "\">";
+ echo "\n\t<input type=\"hidden\" name=\"NachtON\" value=\"". $_GET["NachtON"]. "\">";
+ echo "\n\t<input type=\"hidden\" name=\"len_night\" value=\"". $_GET["len_night"]. "\">";
+ echo "\n\t<input type=\"hidden\" name=\"OnlyShow\" value=\"OFF\">";
foreach ($EngelType As $TTemp)
{
$Temp = "EngelType".$TTemp["TID"];
- echo "\n\t<input type=\"hidden\" name=\"". $Temp. "\" value=\"".$$Temp."\">";
+ echo "\n\t<input type=\"hidden\" name=\"". $Temp. "\" value=\"". $_GET[$Temp]. "\">";
}
echo "\n\t<input type=\"hidden\" name=\"action\" value=\"newsave\">";
echo "\n\t<input type=\"submit\" value=\"mach mal Gabriel!\">";
@@ -213,7 +219,7 @@ case 'engeldel':
function CreateNewEntry()
{
- global $con, $_DateS, $_DateE, $len, $RID, $SchichtName, $OnlyShow, $EngelType, $DEBUG;
+ global $con, $_DateS, $_DateE, $EngelType, $DEBUG;
foreach ($EngelType As $TTemp)
{
$Temp = "EngelType".$TTemp["TID"];
@@ -224,9 +230,9 @@ function CreateNewEntry()
echo "\t<td>$_DateS</td>\n";
echo "\t<td>$_DateE</td>\n";
- echo "\t<td>$len</td\n>";
- echo "\t<td>$RID</td>\n";
- echo "\t<td>$SchichtName</td>\n";
+ echo "\t<td>". $_GET["len"]. "</td>\n";
+ echo "\t<td>". $_GET["RID"]. "</td>\n";
+ echo "\t<td>". $_GET["SchichtName"]. "</td>\n";
// Ist eintarg schon vorhanden?
@@ -234,12 +240,12 @@ function CreateNewEntry()
$SQL .= "WHERE (".
"`DateS` = '". $_DateS. "' AND ".
"`DateE` = '". $_DateE. "' AND ".
- "`RID` = '". $RID. "');";
+ "`RID` = '". $_GET["RID"]. "');";
$Erg = mysql_query($SQL, $con);
if( mysql_num_rows($Erg) != 0 )
echo "\t<td>exists</td>";
- elseif( $OnlyShow == "" )
+ elseif( $_GET["OnlyShow"] == "OFF" )
{
//Suchet nach letzter SID
$SQLin = "SELECT `SID` FROM `Shifts` ".
@@ -254,8 +260,8 @@ function CreateNewEntry()
// erstellt Eintrag in Shifts für die algemeine schicht
$SQL = "INSERT INTO `Shifts` (`SID`, `DateS`, `DateE`, `Len`, `RID`, `Man`) VALUES ('$newSID', ";
$SQL .= "'". $_DateS. "', '". $_DateE. "', ";
- $SQL .= "'". $len. "', '". $RID. "', ";
- $SQL .= "'". $SchichtName. "');";
+ $SQL .= "'". $_GET["len"]. "', '". $_GET["RID"]. "', ";
+ $SQL .= "'". $_GET["SchichtName"]. "');";
$Erg = mysql_query($SQL, $con);
$SQLFail = "\n\t<br>[".$SQL. "]";
@@ -271,15 +277,15 @@ function CreateNewEntry()
$SQL .= "WHERE (".
"`DateS` = '". $_DateS. "' AND ".
"`DateE` = '". $_DateE. "' AND ".
- "`Len` = '". $len. "' AND ".
- "`RID` = '". $RID. "');";
+ "`Len` = '". $_GET["len"]. "' AND ".
+ "`RID` = '". $_GET["RID"]. "');";
$Erg = mysql_query($SQL, $con);
if( mysql_num_rows($Erg) == 0 )
echo "\t<td>?</td>";
else
{
$SID = mysql_result($Erg, 0, "SID");
- echo "\t<td>$SID</td>";
+ echo "\t<td>". $SID. "</td>";
}
// erstellt für jeden Engeltypen die eintrage in 'ShiftEntry'
@@ -288,18 +294,18 @@ function CreateNewEntry()
{
$Temp = "EngelType".$TTemp["TID"];
- if( $$Temp > 0 )
+ if( $_GET[$Temp] > 0 )
{
$i = 0;
- echo $$Temp. " ".$TTemp["Name"]. "<br>\t";
- while( $i++ < $$Temp )
+ echo $_GET[$Temp]. " ".$TTemp["Name"]. "<br>\t";
+ while( $i++ < $_GET[$Temp] )
{
- $SQL = "INSERT INTO `ShiftEntry` (`SID`, `TID`) VALUES (";
- $SQL .= "'$SID', ";
- $SQL .= "'". $TTemp["TID"]. "');";
-
- if( $OnlyShow == "" )
+ if( $_GET["OnlyShow"] == "OFF" )
{
+ $SQL = "INSERT INTO `ShiftEntry` (`SID`, `TID`) VALUES (";
+ $SQL .= "'". $SID. "', ";
+ $SQL .= "'". $TTemp["TID"]. "');";
+
$Erg = mysql_query($SQL, $con);
if( $DEBUG ) $SQLFail = "\n\t<br>[".$SQL. "]";
@@ -309,13 +315,12 @@ function CreateNewEntry()
}
else
- echo "'only show' ";
+ echo "+";
}
echo "<br>";
} // IF $$TEMP
} // FOREACH
echo "</td>";
-
echo "</tr>\n";
}
diff --git a/admin/user.php b/admin/user.php
index 503a0983..a1c2aa4b 100755
--- a/admin/user.php
+++ b/admin/user.php
@@ -5,14 +5,14 @@ $header = "Editieren der Engelliste";
include ("./inc/header.php");
include ("./inc/funktion_db_list.php");
-if (!IsSet($enterUID)){
-
+if (!IsSet($_GET["enterUID"]))
+{
// Userliste, keine UID uebergeben...
echo "<a href=\"../makeuser.php\">Neuen Engel eintragen</a><br><br>\n";
- if( !isset($OrderBy) ) $OrderBy = "Nick";
- $SQL = "SELECT * FROM User ORDER BY ". $OrderBy. " ASC";
+ if( !isset($_GET["OrderBy"]) ) $_GET["OrderBy"] = "Nick";
+ $SQL = "SELECT * FROM User ORDER BY ". $_GET["OrderBy"]. " ASC";
$Erg = mysql_query($SQL, $con);
echo mysql_error($con);
@@ -98,13 +98,13 @@ else
{
// UserID wurde mit uebergeben --> Aendern...
- $SQL = "SELECT * FROM User where UID=$enterUID";
+ $SQL = "SELECT * FROM User where UID=". $_GET["enterUID"];
$Erg = mysql_query($SQL, $con);
$anzahl = mysql_num_rows($Erg);
if ($anzahl != 1)
- echo "Sorry, der Engel (UID=$enterUID) wurde in der Liste nicht gefunden.";
+ echo "Sorry, der Engel (UID=". $_GET["enterUID"]. ") wurde in der Liste nicht gefunden.";
else
{
echo "Hallo,<br>".
@@ -116,9 +116,9 @@ else
echo "<form action=\"./user2.php?action=change\" method=\"POST\">\n";
echo "<table>\n";
- echo "<input type=\"hidden\" name=\"Type\" value=\"$Type\">\n";
+ echo "<input type=\"hidden\" name=\"Type\" value=\"". $_GET["Type"]. "\">\n";
- if( $Type == "Normal" )
+ if( $_GET["Type"] == "Normal" )
{
echo " <tr><td>Nick</td><td>".
"<input type=\"text\" size=\"40\" name=\"eNick\" value=\"".
@@ -193,12 +193,12 @@ else
echo "</td></tr>\n";
} //IF TYPE
- if( $Type == "Secure" )
+ if( $_GET["Type"] == "Secure" )
{
// CVS-Rechte
echo " <tr><td><br><u>Rights of \"". mysql_result($Erg, 0, "Nick"). "\":</u></td></tr>\n";
- $SQL_CVS = "SELECT * FROM `UserCVS` WHERE UID=$enterUID";
+ $SQL_CVS = "SELECT * FROM `UserCVS` WHERE UID=". $_GET["enterUID"];
$Erg_CVS = mysql_query($SQL_CVS, $con);
$CVS_Data = mysql_fetch_array($Erg_CVS);
$CVS_Data_i = 1;
@@ -227,14 +227,14 @@ else
// Ende Formular
echo "</td></tr>\n";
echo "</table>\n";
- echo "<input type=\"hidden\" name=\"enterUID\" value=\"$enterUID\">\n";
+ echo "<input type=\"hidden\" name=\"enterUID\" value=\"". $_GET["enterUID"]. "\">\n";
echo "<input type=\"submit\" value=\"sichern...\">\n";
echo "</form>";
- if( $Type == "Normal" )
+ if( $_GET["Type"] == "Normal" )
{
echo "<form action=\"./user2.php?action=delete\" method=\"POST\">\n";
- echo "<input type=\"hidden\" name=\"enterUID\" value=\"$enterUID\">\n";
+ echo "<input type=\"hidden\" name=\"enterUID\" value=\"". $_GET["enterUID"]. "\">\n";
echo "<input type=\"submit\" value=\"l&ouml;schen...\">\n";
echo "</form>";
}
diff --git a/admin/user2.php b/admin/user2.php
index 39b3385b..5f94c093 100755
--- a/admin/user2.php
+++ b/admin/user2.php
@@ -6,7 +6,7 @@ include ("./inc/header.php");
include ("./inc/funktion_db_list.php");
include ("./inc/crypt.php");
-if (IsSet($action))
+if (IsSet($_GET["action"]))
{
function SQLExec( $SQL )
@@ -23,40 +23,46 @@ if (IsSet($action))
}
SetHeaderGo2Back();
- echo "Gesendeter Befehl: $action<br>";
-
- switch ($action) {
+ echo "Gesendeter Befehl: ". $_GET["action"]. "<br>";
+ switch ($_GET["action"])
+ {
case "change":
- if (IsSet($enterUID))
+ if (IsSet($_POST["enterUID"]))
{
- if ($Type == "Normal")
+ if ($_POST["Type"] == "Normal")
{
$SQL = "UPDATE `User` SET ";
- $SQL.= " `Nick` = '$eNick', `Name` = '$eName', `Vorname` = '$eVorname', ".
- "`Telefon` = '$eTelefon', `Handy` = '$eHandy', `DECT` = '$eDECT', ".
- "`email` = '$eemail', `Size` = '$eSize', ".
- "`Gekommen`= '$eGekommen', `Aktiv`= '$eAktiv', ".
- "`Tshirt` = '$eTshirt' ";
- $SQL.= "WHERE `UID` = '$enterUID' LIMIT 1;";
+ $SQL.= " `Nick` = '". $_POST["eNick"]. "', `Name` = '". $_POST["eName"]. "', ".
+ "`Vorname` = '". $_POST["eVorname"]. "', ".
+ "`Telefon` = '". $_POST["eTelefon"]. "', ".
+ "`Handy` = '". $_POST["eHandy"]. "', ".
+ "`DECT` = '". $_POST["eDECT"]. "', ".
+ "`email` = '". $_POST["eemail"]. "', ".
+ "`Size` = '". $_POST["eSize"]. "', ".
+ "`Gekommen`= '". $_POST["eGekommen"]. "', ".
+ "`Aktiv`= '". $_POST["eAktiv"]. "', ".
+ "`Tshirt` = '". $_POST["eTshirt"]. "' ".
+ "WHERE `UID` = '". $_POST["enterUID"].
+ "' LIMIT 1;";
echo "User-";
SQLExec( $SQL );
}
- if ($Type == "Secure")
+ if ($_POST["Type"] == "Secure")
{
$SQL2 = "UPDATE `UserCVS` SET ";
- $SQL_CVS = "SELECT * FROM `UserCVS` WHERE UID=$enterUID";
+ $SQL_CVS = "SELECT * FROM `UserCVS` WHERE UID=". $_POST["enterUID"];
$Erg_CVS = mysql_query($SQL_CVS, $con);
$CVS_Data = mysql_fetch_array($Erg_CVS);
$CVS_Data_i = 1;
foreach ($CVS_Data as $CVS_Data_Name => $CVS_Data_Value)
{
if( ($CVS_Data_i+1)%2 && $CVS_Data_Name!="UID")
- $SQL2.= "`$CVS_Data_Name` = '".$$CVS_Data_i."', ";
+ $SQL2.= "`$CVS_Data_Name` = '". $_POST[$CVS_Data_i]."', ";
$CVS_Data_i++;
}
$SQL2 = substr( $SQL2, 0, strlen($SQL2)-2 );
- $SQL2.= " WHERE `UID` = '$enterUID' LIMIT 1;";
+ $SQL2.= " WHERE `UID` = '". $_POST["enterUID"]. "' LIMIT 1;";
echo "<br>Secure-";
SQLExec( $SQL2 );
}
@@ -64,14 +70,17 @@ if (IsSet($action))
break;
case "delete":
- if (IsSet($enterUID))
+ if (IsSet($_POST["enterUID"]))
{
- $SQL="delete from `User` WHERE `UID` = '$enterUID' LIMIT 1;";
+ echo "delate User...";
+ $SQL="delete from `User` WHERE `UID` = '". $_POST["enterUID"]. "' LIMIT 1;";
SQLExec( $SQL );
- $SQL2="delete from `UserCVS` WHERE `UID` = '$enterUID' LIMIT 1;";
+ echo "<br>\ndelate UserCVS...";
+ $SQL2="delete from `UserCVS` WHERE `UID` = '". $_POST["enterUID"]. "' LIMIT 1;";
SQLExec( $SQL2 );
+ echo "<br>\ndelate UserEntry...";
$SQL3="UPDATE `ShiftEntry` SET `UID` = '0', `Comment` = NULL ".
- "WHERE `UID` = '$enterUID' LIMIT 1;";
+ "WHERE `UID` = '". $_POST["enterUID"]. "' LIMIT 1;";
SQLExec( $SQL3 );
}
break;
@@ -80,24 +89,25 @@ if (IsSet($action))
case "newpw":
echo "Bitte neues Kennwort f&uuml;r <b>";
// Get Nick
- $USQL = "SELECT * FROM User where UID=$eUID";
+ $USQL = "SELECT * FROM User where UID=". $_POST["eUID"];
$Erg = mysql_query($USQL, $con);
echo mysql_result($Erg, 0, "Nick");
echo "</b> eingeben:<br>";
echo "<form action=\"./user2.php\" method=\"POST\">\n";
echo "<input type=\"Password\" name=\"ePasswort\">";
echo "<input type=\"Password\" name=\"ePasswort2\">";
- echo "<input type=\"hidden\" name=\"eUID\" value=\"$eUID\">";
+ echo "<input type=\"hidden\" name=\"eUID\" value=\"". $_POST["eUID"]. "\">";
echo "<input type=\"hidden\" name=\"action\" value=\"newpwsave\">\n";
echo "<input type=\"submit\" value=\"sichern...\">\n";
echo "</form>";
break;
case "newpwsave":
- if ($ePasswort == $ePasswort2)
+ if ($_POST["ePasswort"] == $_POST["ePasswort2"])
{ // beide Passwoerter passen...
- $ePasswort = PassCrypt($ePasswort);
- $SQL="UPDATE `User` SET `Passwort`='$ePasswort' where `UID` = '$eUID'";
+ $_POST["ePasswort"] = PassCrypt($_POST["ePasswort"]);
+ $SQL = "UPDATE `User` SET `Passwort`='". $_POST["ePasswort"]. "' ".
+ "where `UID` = '". $_POST["eUID"]. "'";
SQLExec( $SQL );
}
else
@@ -110,7 +120,7 @@ if (IsSet($action))
else
{
// kein Action gesetzt -> abbruch
- echo "Unzul&auml;ssiger Aufruf. Bitte neu editieren...";
+ echo "Unzul&auml;ssiger Aufruf.<br>Bitte neu editieren...";
}
include ("./inc/footer.php");