diff options
| author | cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8> | 2005-11-06 00:44:48 +0000 |
|---|---|---|
| committer | cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8> | 2005-11-06 00:44:48 +0000 |
| commit | 1b5b81d601cc1860f257ba0eb66178875834a111 (patch) | |
| tree | 9cf2eb95d08d7e21956b1de553043cd3e4c3d72d /nonpublic | |
| parent | abf811c6048b3bd77243d284b8864fd608f094b1 (diff) | |
be begonen auf auf registerglobals=off aus gegeben anlass umzustellen, hab nonpublic geschafft
Variabenpruefung ist auch auf strickt gesetzt und eventuelle error beseitigt
git-svn-id: svn://svn.cccv.de/engel-system@14 29ba0400-6e00-0410-a75a-ca02368028f8
Diffstat (limited to 'nonpublic')
| -rwxr-xr-x | nonpublic/einstellungen.php | 66 | ||||
| -rwxr-xr-x | nonpublic/faq.php | 10 | ||||
| -rwxr-xr-x | nonpublic/index.php | 4 | ||||
| -rwxr-xr-x | nonpublic/myschichtplan.php | 20 | ||||
| -rwxr-xr-x | nonpublic/schichtplan.php | 6 | ||||
| -rwxr-xr-x | nonpublic/schichtplan_add.php | 26 | ||||
| -rwxr-xr-x | nonpublic/schichtplan_beamer.php | 2 | ||||
| -rwxr-xr-x | nonpublic/waeckliste.php | 13 | ||||
| -rwxr-xr-x | nonpublic/wecken.php | 31 |
9 files changed, 88 insertions, 90 deletions
diff --git a/nonpublic/einstellungen.php b/nonpublic/einstellungen.php index 36fa76a7..214593ae 100755 --- a/nonpublic/einstellungen.php +++ b/nonpublic/einstellungen.php @@ -4,12 +4,10 @@ $header = "Deine persönlichen Einstellungen"; include ("./inc/header.php"); include ("./inc/crypt.php"); -if (!IsSet($action)) { - -echo Get_Text(1).$_SESSION['Nick'].",<br>\n\n"; - -Print_Text(13); - +if (!IsSet($_POST["action"])) +{ + echo Get_Text(1).$_SESSION['Nick'].",<br>\n\n"; + Print_Text(13); ?> <hr width=\"100%\"> <? Print_Text("pub_einstellungen_Text_UserData");?> @@ -115,17 +113,16 @@ Print_Text(13); //$ANZ_AVATAR= shell_exec("ls ".$_SERVER["DOCUMENT_ROOT"].$ENGEL_ROOT."inc/avatar/ | wc -l"); $ANZ_AVATAR= shell_exec("ls inc/avatar/ | wc -l"); - ?> <select name="eAvatar" onChange="document.avatar.src = './inc/avatar/avatar' + this.value + '.gif'" onKeyup= "document.avatar.src = './inc/avatar/avatar' + this.value + '.gif'"> - <option value="0" name="eAvatar" <?php if ($_SESSION['Avatar'] == $i) { echo " selected"; } ?>> <?PHP Print_Text(24); ?> </option> <?php - for ($i=1; $i <= $ANZ_AVATAR; $i++ ){ - echo "\t\t\t\t<option value=\"$i\""; - if ($_SESSION['Avatar'] == $i) { echo " selected"; } - echo ">avatar$i</option>\n"; + for ($i=1; $i <= $ANZ_AVATAR; $i++ ) + { + echo "\t\t\t\t<option value=\"$i\""; + if ($_SESSION['Avatar'] == $i) { echo " selected"; } + echo ">avatar$i</option>\n"; } echo "\n"; ?> @@ -141,17 +138,18 @@ $ANZ_AVATAR= shell_exec("ls inc/avatar/ | wc -l"); } else { -switch ($action) { +switch ($_POST["action"]) { case 'set': - if ($new1==$new2){ + if ($_POST["new1"]==$_POST["new2"]){ Print_Text(25); $sql = "select * from User where UID=".$_SESSION['UID']; $Erg = mysql_query($sql, $con); - if (PassCrypt($old)==mysql_result($Erg, $i, "Passwort")) { + if (PassCrypt($_POST["old"])==mysql_result($Erg, 0, "Passwort")) { Print_Text(26); Print_Text(27); - $usql = "update User set Passwort='".PassCrypt($new1)."' where UID=".$_SESSION['UID']." limit 1"; + $usql = "update User set Passwort='".PassCrypt($_POST["new1"])."' ". + "where UID=".$_SESSION['UID']." limit 1"; $Erg = mysql_query($usql, $con); if ($Erg==1) { Print_Text(28); @@ -168,9 +166,9 @@ case 'set': case 'colour': - $chsql="Update User set color= \"$colourid\" where UID = \"".$_SESSION['UID']."\" limit 1"; + $chsql="Update User set color= \"". $_POST["colourid"]. "\" where UID = \"".$_SESSION['UID']."\" limit 1"; $Erg = mysql_query($chsql, $con); - $_SESSION['color']=$colourid; + $_SESSION['color']=$_POST["colourid"]; if ($Erg==1) { Print_Text(32); } else { @@ -181,9 +179,9 @@ case 'colour': case 'sprache': - $chsql="Update User set Sprache = \"$language\" where UID = \"".$_SESSION['UID']."\" limit 1"; + $chsql="Update User set Sprache = \"". $_POST["language"]. "\" where UID = \"".$_SESSION['UID']."\" limit 1"; $Erg = mysql_query($chsql, $con); - $_SESSION['Sprache']=$language; + $_SESSION['Sprache']=$_POST["language"]; if ($Erg==1) { Print_Text(33); } else { @@ -192,11 +190,10 @@ case 'sprache': break; - case 'avatar': - $chsql="Update User set Avatar = \"$eAvatar\" where UID = \"".$_SESSION['UID']."\" limit 1"; + $chsql="Update User set Avatar = \"". $_POST["eAvatar"]. "\" where UID = \"". $_SESSION['UID']. "\" limit 1"; $Erg = mysql_query($chsql, $con); - $_SESSION['Avatar']=$eAvatar; + $_SESSION['Avatar']=$_POST["eAvatar"]; if ($Erg==1) { Print_Text(34); } else { @@ -206,22 +203,23 @@ case 'avatar': case 'setUserData': $chsql= "UPDATE User SET ". - "`Nick`='$eNick', `Name`='$eName', `Vorname`='$eVorname', ". - "`Alter`='$eAlter', `Telefon`='$eTelefon', `Handy`='$eHandy', ". - "`DECT`='$eDECT', `email`='$eemail' ". + "`Nick`='". $_POST["eNick"]. "', `Name`='". $_POST["eName"]. "', ". + "`Vorname`='". $_POST["eVorname"]. "', `Alter`='". $_POST["eAlter"]. "', ". + "`Telefon`='". $_POST["eTelefon"]. "', `Handy`='". $_POST["eHandy"]. "', ". + "`DECT`='". $_POST["eDECT"]. "', `email`='". $_POST["eemail"]. "' ". "WHERE UID='". $_SESSION['UID']. "' LIMIT 1;"; $Erg = mysql_query($chsql, $con); if ($Erg==1) { - $_SESSION['Nick'] = $eNick; - $_SESSION['Name'] = $eName; - $_SESSION['Vorname'] = $eVorname; - $_SESSION['Alter'] = $eAlter; - $_SESSION['Telefon'] = $eTelefon; - $_SESSION['Handy'] = $eHandy; - $_SESSION['DECT'] = $eDECT; - $_SESSION['email'] = $eemail; + $_SESSION['Nick'] = $_POST["eNick"]; + $_SESSION['Name'] = $_POST["eName"]; + $_SESSION['Vorname'] = $_POST["eVorname"]; + $_SESSION['Alter'] = $_POST["eAlter"]; + $_SESSION['Telefon'] = $_POST["eTelefon"]; + $_SESSION['Handy'] = $_POST["eHandy"]; + $_SESSION['DECT'] = $_POST["eDECT"]; + $_SESSION['email'] = $_POST["eemail"]; Print_Text("pub_einstellungen_UserDateSaved"); } diff --git a/nonpublic/faq.php b/nonpublic/faq.php index d8388f50..6470ba4f 100755 --- a/nonpublic/faq.php +++ b/nonpublic/faq.php @@ -5,9 +5,9 @@ include ("./inc/header.php"); // Erstaufruf, oder Frage bereits abgeschickt? -if (!IsSet($eUID)) { - -Print_Text(35); +if (!IsSet($_POST["eUID"])) +{ + Print_Text(35); ?> <br><br> <form action="./faq.php" method="POST"> @@ -20,9 +20,9 @@ Print_Text(35); } else { // Auswertung d. Formular-Daten: -echo "<b>".Get_Text(37)."</b><br><br>\n".nl2br($frage)."<br><br>\n".Get_Text(38)."<br>\n"; +echo "<b>".Get_Text(37)."</b><br><br>\n".nl2br($_POST["frage"])."<br><br>\n".Get_Text(38)."<br>\n"; -$SQL = "INSERT into Questions VALUES (\"\", \"".$_SESSION['UID']."\", \"$frage\", \"\", \"\")"; +$SQL = "INSERT into Questions VALUES (\"\", \"".$_SESSION['UID']."\", \"". $_POST["frage"]. "\", \"\", \"\")"; $Erg = mysql_query($SQL, $con); } diff --git a/nonpublic/index.php b/nonpublic/index.php index 0646714e..d46b0a10 100755 --- a/nonpublic/index.php +++ b/nonpublic/index.php @@ -10,7 +10,7 @@ session_start(); // alte Session - falls vorhanden - wiederherstellen... if (!IsSet($_SESSION['UID'])) { - $sql = "select * from User where Nick = '$user'"; + $sql = "select * from User where Nick = '". $_POST["user"]. "'"; $userstring = mysql_query($sql, $con); @@ -18,7 +18,7 @@ if (!IsSet($_SESSION['UID'])) { $user_anz = mysql_num_rows($userstring); if ($user_anz == 1) { // Check, ob User angemeldet wird... - if (mysql_result($userstring, 0, "Passwort") == PassCrypt($password)) { // Passwort ok... + if (mysql_result($userstring, 0, "Passwort") == PassCrypt($_POST["password"])) { // Passwort ok... // Session wird eingeleitet und Session-Variablen gesetzt.. // session_start(); session_name("Himmel"); diff --git a/nonpublic/myschichtplan.php b/nonpublic/myschichtplan.php index c9bfb703..dba8b6a9 100755 --- a/nonpublic/myschichtplan.php +++ b/nonpublic/myschichtplan.php @@ -8,7 +8,7 @@ include ("./inc/funktionen.php"); include ("./inc/funktion_schichtplan.php"); -If( !IsSet($action) ) +If( !IsSet($_GET["action"]) ) { echo Get_Text("Hello").$_SESSION['Nick'].", <br>\n"; @@ -81,12 +81,12 @@ echo "</table>\n\n"; } else { - If( $action == "austragen" ) + If( $_GET["action"] == "austragen" ) { echo Get_Text("pub_mywake_delate1")."<br>\n"; $sql = "SELECT * FROM `Shifts` WHERE "; - $sql.= "(SID = \"$SID\")"; + $sql.= "(SID = \"". $_GET["SID"]. "\")"; $Erg = mysql_query($sql, $con); $schichtdate = mysql_result( $Erg, 0, "DateS" ); @@ -106,7 +106,7 @@ else { $sql2 = "UPDATE `ShiftEntry` ". "SET `UID` = '0', `Comment` = NULL ". - "WHERE `SID` = '$SID' AND `UID` = '". $_SESSION['UID']. "' LIMIT 1;"; + "WHERE `SID` = '". $_GET["SID"]. "' AND `UID` = '". $_SESSION['UID']. "' LIMIT 1;"; $Erg2 = mysql_query($sql2, $con); if ($Erg2 == 1) echo Get_Text("pub_mywake_add_ok"). "\n"; @@ -116,27 +116,27 @@ else else echo Get_Text("pub_mywake_after"). "\n"; } - elseif( $action == "edit" ) + elseif( $_GET["action"] == "edit" ) { echo Get_Text("pub_myshift_Edit_Text1"). "\n"; $sql = "SELECT * FROM `ShiftEntry` WHERE "; - $sql.= "(SID=\"$SID\" AND UID=\"". $_SESSION['UID']. "\" )"; + $sql.= "(SID=\"". $_GET["SID"]. "\" AND UID=\"". $_SESSION['UID']. "\" )"; $Erg = mysql_query($sql, $con); echo "<form action=\"./myschichtplan.php\" method=\"post\">\n"; echo "<textarea name='newtext' cols='50' rows='10'>". mysql_result( $Erg, 0, "Comment" ). "</textarea><br><br>\n"; echo "<input type=\"submit\" value=\"save\">\n"; - echo "<input type=\"hidden\" name=\"SID\" value=\"$SID\">\n"; + echo "<input type=\"hidden\" name=\"SID\" value=\"". $_GET["SID"]. "\">\n"; echo "<input type=\"hidden\" name=\"action\" value=\"editSave\">\n"; echo "</form>"; } - elseif( $action == "editSave" ) + elseif( $_GET["action"] == "editSave" ) { echo Get_Text("pub_myshift_EditSave_Text1"). "<br>\n"; $sql = "UPDATE `ShiftEntry` ". - "SET `Comment` = \"". $newtext. "\" ". - "WHERE `SID`='$SID' AND `UID`='". $_SESSION['UID']. "' LIMIT 1;"; + "SET `Comment` = \"". $_GET["newtext"]. "\" ". + "WHERE `SID`='". $_GET["SID"]. "' AND `UID`='". $_SESSION['UID']. "' LIMIT 1;"; $Erg = mysql_query($sql, $con); if ($Erg == 1) echo "\t ...". Get_Text("pub_myshift_EditSave_OK"). "\n"; diff --git a/nonpublic/schichtplan.php b/nonpublic/schichtplan.php index 1dc9af87..b784be0c 100755 --- a/nonpublic/schichtplan.php +++ b/nonpublic/schichtplan.php @@ -2,6 +2,12 @@ $title = "Himmel"; $header = "Schichtpläne"; $submenus = 2; + +if( isset($_GET["ausdatum"])) + $ausdatum = $_GET["ausdatum"]; +if( isset($_GET["raum"])) + $raum = $_GET["raum"]; + include ("./inc/header.php"); include ("./inc/funktion_user.php"); include ("./inc/funktionen.php"); diff --git a/nonpublic/schichtplan_add.php b/nonpublic/schichtplan_add.php index 33b25d2c..21a0b508 100755 --- a/nonpublic/schichtplan_add.php +++ b/nonpublic/schichtplan_add.php @@ -6,11 +6,11 @@ include ("./inc/funktion_user.php"); include ("./inc/funktion_schichtplan.php"); include ("./inc/funktionen.php"); -if (isset($newtext) && isset($SID) && isset($TID)) { +if (isset($_POST["newtext"]) && isset($_POST["SID"]) && isset($_POST["TID"])) { SetHeaderGo2Back(); // datum der einzutragenden schicht heraussuhen... - $ShiftSQL = "SELECT `DateS`, `DateE` FROM `Shifts` WHERE `SID`='$SID'"; + $ShiftSQL = "SELECT `DateS`, `DateE` FROM `Shifts` WHERE `SID`='". $_POST["SID"]. ".'"; $ShiftErg = mysql_query ($ShiftSQL, $con); $beginSchicht = mysql_result($ShiftErg, 0, "DateS"); $endSchicht = mysql_result($ShiftErg, 0, "DateE"); @@ -34,7 +34,7 @@ if (isset($newtext) && isset($SID) && isset($TID)) { { //ermitteln der noch gesuchten $SQL3 = "SELECT * FROM `ShiftEntry`". - " WHERE ((`SID` = '$SID') and (`TID` = '$TID') and (`UID` = '0'));"; + " WHERE ((`SID` = '". $_POST["SID"]. "') and (`TID` = '". $_POST["TID"]. "') and (`UID` = '0'));"; $Erg3 = mysql_query($SQL3, $con); if( mysql_num_rows($Erg3) <= 0 ) @@ -44,8 +44,10 @@ if (isset($newtext) && isset($SID) && isset($TID)) { //write shift $SQL = "UPDATE `ShiftEntry` SET ". "`UID` = '". $_SESSION['UID']. "', ". - "`Comment` = '$newtext' ". - "WHERE ((`SID` = '$SID') and (`TID` = '$TID') and (`UID` = '0')) LIMIT 1;"; + "`Comment` = '". $_POST["newtext"]. "' ". + "WHERE ( (`SID` = '". $_POST["SID"]. "') and ". + "(`TID` = '". $_POST["TID"]. "') and ". + "(`UID` = '0')) LIMIT 1;"; $Erg = mysql_query($SQL, $con); if ($Erg != 1) @@ -56,13 +58,13 @@ if (isset($newtext) && isset($SID) && isset($TID)) { }//TO Many USERS }//Allready in Shift } -elseif (isset($SID) && isset($TID)) { +elseif (isset($_GET["SID"]) && isset($_GET["TID"])) { echo Get_Text("pub_schichtplan_add_Text1"). "<br><br>\n\n". - "<form action=\"./schichtplan_add.php\" method=\"post\">". - "<table border=\"0\">"; + "<form action=\"./schichtplan_add.php\" method=\"post\">\n". + "<table border=\"0\">\n"; $SQL = "SELECT * FROM `Shifts` WHERE "; - $SQL .="(SID = '".$SID."')"; + $SQL .="(SID = '". $_GET["SID"]. "')"; $Erg = mysql_query($SQL, $con); echo "<tr><td>". Get_Text("pub_schichtplan_add_Date"). ":</td> <td>". @@ -72,7 +74,7 @@ elseif (isset($SID) && isset($TID)) { $RoomID[ mysql_result($Erg, 0, "RID") ]. "</td></tr>\n"; echo "<tr><td>". Get_Text("pub_schichtplan_add_Job"). ":</td> <td>". - $EngelTypeID[$TID]. "</td></tr>\n"; + $EngelTypeID[$_GET["TID"]]. "</td></tr>\n"; echo "<tr><td>". Get_Text("pub_schichtplan_add_Len"). ":</td> <td>". mysql_result($Erg, 0, "Len"). "h</td></tr>\n"; @@ -86,8 +88,8 @@ elseif (isset($SID) && isset($TID)) { echo "<tr><td> </td>\n". "<td><input type=\"submit\" value=\"". Get_Text("pub_schichtplan_add_submit"). "\"> </td></tr>\n". "</table>\n". - "<input type=\"hidden\" name=\"SID\" value=\"$SID\">\n". - "<input type=\"hidden\" name=\"TID\" value=\"$TID\">\n". + "<input type=\"hidden\" name=\"SID\" value=\"". $_GET["SID"]. "\">\n". + "<input type=\"hidden\" name=\"TID\" value=\"". $_GET["TID"]. "\">\n". "</form>"; } diff --git a/nonpublic/schichtplan_beamer.php b/nonpublic/schichtplan_beamer.php index 6274b289..bcaca64c 100755 --- a/nonpublic/schichtplan_beamer.php +++ b/nonpublic/schichtplan_beamer.php @@ -15,7 +15,7 @@ $Time = time()+3600+3600; <HEAD> <TITLE>Schichtpläne für Beamer</TITLE> <!--<link rel=stylesheet type="text/css" href="./inc/css/style1.css">--> -<meta http-equiv="refresh" content="30; URL=<?substr($url, 0, strlen($url)-1). $ENGEL_ROOT. $Page["Name"]?>"> +<meta http-equiv="refresh" content="30; URL=<?echo substr($url, 0, strlen($url)-1). $_SERVER['PHP_SELF']?>"> </HEAD> <BODY> <? diff --git a/nonpublic/waeckliste.php b/nonpublic/waeckliste.php index 80303168..198a741a 100755 --- a/nonpublic/waeckliste.php +++ b/nonpublic/waeckliste.php @@ -6,19 +6,6 @@ $header = "Weckdienst - Liste der zu weckenden Engel"; include ("./inc/header.php"); -if ($eintragen == "Weck mich!") { - $SQL = "INSERT INTO Wecken (`UID`, `Date`, `Ort`, `Bemerkung`) VALUES (".$_SESSION['UID'].", \"$Date\", \"$Ort\", \"$Bemerkung\") "; - $Erg = mysql_query($SQL, $con); - if ($Erg == 1) { Print_Text(4); } -} - -if ($eintragen == "loeschen") { - $SQL = "Delete from Wecken where UID = ".$_SESSION['UID']." and ID = $weckID limit 1"; - $Erg = mysql_query($SQL, $con); - if ($Erg == 1) { - Print_Text(4); - } -} ?> <? echo Get_Text(1). $_SESSION['Nick'].",<br>\n". diff --git a/nonpublic/wecken.php b/nonpublic/wecken.php index 91c64d93..f7145336 100755 --- a/nonpublic/wecken.php +++ b/nonpublic/wecken.php @@ -5,19 +5,24 @@ $header = "Weckdienst"; include ("./inc/header.php"); include ("./inc/funktion_user.php"); -if ($eintragen == Get_Text("pub_wake_bouton") ) { - $SQL = "INSERT INTO Wecken (`UID`, `Date`, `Ort`, `Bemerkung`) VALUES (".$_SESSION['UID'].", \"$Date\", \"$Ort\", \"$Bemerkung\") "; - $Erg = mysql_query($SQL, $con); - if ($Erg == 1) { Print_Text(4); } -} - -if ($eintragen == "loeschen") { - $SQL = "Delete from Wecken where UID = ".$_SESSION['UID']." and ID = $weckID limit 1"; - $Erg = mysql_query($SQL, $con); - if ($Erg == 1) { - Print_Text(4); - } -} +if( isset($_POST["eintragen"])) + if( $_POST["eintragen"] == Get_Text("pub_wake_bouton") ) + { + $SQL = "INSERT INTO Wecken (`UID`, `Date`, `Ort`, `Bemerkung`) ". + "VALUES (".$_SESSION['UID'].", \"". $_POST["Date"]. "\", \"". $_POST["Ort"]. + "\", \"". $_POST["Bemerkung"]. "\") "; + $Erg = mysql_query($SQL, $con); + if ($Erg == 1) + Print_Text(4); + } +if( isset($_GET["eintragen"])) + if ($_GET["eintragen"] == "loeschen") + { + $SQL = "Delete from Wecken where UID = ".$_SESSION['UID']." and ID = ". $_GET["weckID"]." limit 1"; + $Erg = mysql_query($SQL, $con); + if ($Erg == 1) + Print_Text(4); + } ?> <? echo Get_Text("Hello").$_SESSION['Nick'].",<br>".Get_Text("pub_wake_beschreibung")?> |