diff options
| author | Angelo Cuccato <cuccato@web.de> | 2010-01-19 23:48:43 +0100 |
|---|---|---|
| committer | Angelo Cuccato <cuccato@web.de> | 2010-01-19 23:48:43 +0100 |
| commit | 6cfc2d6da0213aca24b1c97647c7bd5009971d4d (patch) | |
| tree | 3439cad390d1d70c7100ea5a544d8d139efba190 /www-ssl/admin | |
| parent | 93e0fc9705ec2fa8210748be1a56028c0d7c4379 (diff) | |
split user setting in different files
Diffstat (limited to 'www-ssl/admin')
| -rwxr-xr-x | www-ssl/admin/group.php | 40 | ||||
| l--------- | www-ssl/admin/pic | 1 | ||||
| -rwxr-xr-x | www-ssl/admin/user.php | 17 | ||||
| -rwxr-xr-x | www-ssl/admin/userChangeNormal.php | 143 | ||||
| -rwxr-xr-x | www-ssl/admin/userChangeSecure.php | 99 | ||||
| -rwxr-xr-x | www-ssl/admin/userSaveNormal.php (renamed from www-ssl/admin/user2.php) | 0 | ||||
| -rwxr-xr-x | www-ssl/admin/userSaveSecure.php | 162 |
7 files changed, 446 insertions, 16 deletions
diff --git a/www-ssl/admin/group.php b/www-ssl/admin/group.php new file mode 100755 index 00000000..6377593d --- /dev/null +++ b/www-ssl/admin/group.php @@ -0,0 +1,40 @@ +<?PHP + +$title = "User-Liste"; +$header = "Editieren der Engelliste"; +include ("../../includes/header.php"); +include ("../../includes/funktion_db_list.php"); + +if (!IsSet($_GET["enterGID"])) +{ + // Userliste, keine UID uebergeben... + + $SQL = "SELECT * FROM `UserGroups` ORDER BY `Name` ASC"; + $Erg = mysql_query($SQL, $con); + echo mysql_error($con); + + // anzahl zeilen + $Zeilen = mysql_num_rows($Erg); + + echo "<table width=\"100%\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n"; + echo "<tr class=\"contenttopic\">\n"; + echo "\t<td>Groupname</td>\n"; + echo "\t<td>-</td>\n"; + echo "</tr>\n"; + + for ($n = 0 ; $n < $Zeilen ; $n++) { + echo "<tr class=\"content\">\n"; + echo "\t<td>".mysql_result($Erg, $n, "Name")."</td>\n"; + + echo "<td><a href=\"./userChangeSecure.php?enterUID=". + mysql_result($Erg, $n, "UID")."&Type=Secure\">change</a></td>\n"; + echo "</tr>\n"; + } + echo "\t</table>\n"; + // Ende Userliste +} + +include ("../../includes/footer.php"); +?> + + diff --git a/www-ssl/admin/pic b/www-ssl/admin/pic deleted file mode 120000 index a21de85f..00000000 --- a/www-ssl/admin/pic +++ /dev/null @@ -1 +0,0 @@ -../pic
\ No newline at end of file diff --git a/www-ssl/admin/user.php b/www-ssl/admin/user.php index 5b6077aa..748c09fa 100755 --- a/www-ssl/admin/user.php +++ b/www-ssl/admin/user.php @@ -90,24 +90,11 @@ if (!IsSet($_GET["enterUID"])) echo "\t<td>".mysql_result($Erg, $n, "Aktiv")."</td>\n"; $Tshirt += mysql_result($Erg, $n, "Tshirt"); echo "\t<td>".mysql_result($Erg, $n, "Tshirt")."</td>\n"; - echo "\t<td><a href=\"./user.php?enterUID=". + echo "\t<td><a href=\"./userChangeNormal.php?enterUID=". mysql_result($Erg, $n, "UID")."&Type=Normal\">Änd.</a></td>\n"; echo "\t<td>"; - //check userCVS=OK - $SQL2 = "SELECT `UID` FROM `UserCVS` WHERE (`UID`='". mysql_result($Erg, $n, "UID"). "')"; - $Erg2 = mysql_query($SQL2, $con); - echo mysql_error($con); - if( mysql_num_rows($Erg2)==0) - { - $SQL3 = "INSERT INTO `UserCVS` (`UID`) VALUES ('". mysql_result($Erg, $n, "UID"). "');"; - $Erg3 = db_query($SQL3, "admin/user.php auto CVS create"); - if( $Erg3 ) - echo "was create<br>\n"; - else - echo mysql_error($con); - } - echo "<a href=\"./user.php?enterUID=". + echo "<a href=\"./userChangeSecure.php?enterUID=". mysql_result($Erg, $n, "UID")."&Type=Secure\">Secure</a></td>\n"; echo "</tr>\n"; } diff --git a/www-ssl/admin/userChangeNormal.php b/www-ssl/admin/userChangeNormal.php new file mode 100755 index 00000000..7bcca841 --- /dev/null +++ b/www-ssl/admin/userChangeNormal.php @@ -0,0 +1,143 @@ +<?PHP + +$title = "User-Liste"; +$header = "Editieren der Engelliste"; +include ("../../includes/header.php"); +include ("../../includes/funktion_db_list.php"); + +if (IsSet($_GET["enterUID"])) +{ + // UserID wurde mit uebergeben --> Aendern... + + echo "Hallo,<br>". + "hier kannst du den Eintrag ändern. Unter dem Punkt 'Gekommen' ". + "wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, ". + "dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. ". + "Wenn T-Shirt ein 'Ja' enthält, bedeutet dies, dass der Engel ". + "bereits sein T-Shirt erhalten hat.<br><br>\n"; + + echo "<form action=\"./userSaveNormal.php?action=change\" method=\"POST\">\n"; + echo "<table border=\"0\">\n"; + echo "<input type=\"hidden\" name=\"Type\" value=\"Normal\">\n"; + + $SQL = "SELECT * FROM `User` WHERE `UID`='". $_GET["enterUID"]. "'"; + $Erg = mysql_query($SQL, $con); + + if (mysql_num_rows($Erg) != 1) + echo "<tr><td>Sorry, der Engel (UID=". $_GET["enterUID"]. + ") wurde in der Liste nicht gefunden.</td></tr>"; + else + { + echo "<tr><td>\n"; + echo "<table>\n"; + echo " <tr><td>Nick</td><td>". + "<input type=\"text\" size=\"40\" name=\"eNick\" value=\"". + mysql_result($Erg, 0, "Nick")."\"></td></tr>\n"; + echo " <tr><td>lastLogIn</td><td>". + "<input type=\"text\" size=\"20\" name=\"elastLogIn\" value=\"". + mysql_result($Erg, 0, "lastLogIn"). "\" disabled></td></tr>\n"; + echo " <tr><td>Name</td><td>". + "<input type=\"text\" size=\"40\" name=\"eName\" value=\"". + mysql_result($Erg, 0, "Name")."\"></td></tr>\n"; + echo " <tr><td>Vorname</td><td>". + "<input type=\"text\" size=\"40\" name=\"eVorname\" value=\"". + mysql_result($Erg, 0, "Vorname")."\"></td></tr>\n"; + echo " <tr><td>Alter</td><td>". + "<input type=\"text\" size=\"5\" name=\"eAlter\" value=\"". + mysql_result($Erg, 0, "Alter")."\"></td></tr>\n"; + echo " <tr><td>Telefon</td><td>". + "<input type=\"text\" size=\"40\" name=\"eTelefon\" value=\"". + mysql_result($Erg, 0, "Telefon")."\"></td></tr>\n"; + echo " <tr><td>Handy</td><td>". + "<input type=\"text\" size=\"40\" name=\"eHandy\" value=\"". + mysql_result($Erg, 0, "Handy")."\"></td></tr>\n"; + echo " <tr><td>DECT</td><td>". + "<input type=\"text\" size=\"4\" name=\"eDECT\" value=\"". + mysql_result($Erg, 0, "DECT")."\"></td></tr>\n"; + echo " <tr><td>email</td><td>". + "<input type=\"text\" size=\"40\" name=\"eemail\" value=\"". + mysql_result($Erg, 0, "email")."\"></td></tr>\n"; + echo " <tr><td>ICQ</td><td>". + "<input type=\"text\" size=\"40\" name=\"eICQ\" value=\"". + mysql_result($Erg, 0, "ICQ")."\"></td></tr>\n"; + echo " <tr><td>jabber</td><td>". + "<input type=\"text\" size=\"40\" name=\"ejabber\" value=\"". + mysql_result($Erg, 0, "jabber")."\"></td></tr>\n"; + echo " <tr><td>Size</td><td>". + "<input type=\"text\" size=\"5\" name=\"eSize\" value=\"". + mysql_result($Erg, 0, "Size")."\"></td></tr>\n"; + echo " <tr><td>Passwort</td><td>". + "<a href=\"./user2.php?action=newpw&eUID=" + .mysql_result($Erg, 0, "UID")."\">neues Kennwort setzen</a></td></tr>\n"; + + // Gekommen? + echo " <tr><td>Gekommen</td><td>\n"; + echo " <input type=\"radio\" name=\"eGekommen\" value=\"0\""; + if (mysql_result($Erg, 0, "Gekommen")=='0') + echo " checked"; + echo ">No \n"; + echo " <input type=\"radio\" name=\"eGekommen\" value=\"1\""; + if (mysql_result($Erg, 0, "Gekommen")=='1') + echo " checked"; + echo ">Yes \n"; + echo "</td></tr>\n"; + + // Aktiv? + echo " <tr><td>Aktiv</td><td>\n"; + echo " <input type=\"radio\" name=\"eAktiv\" value=\"0\""; + if (mysql_result($Erg, 0, "Aktiv")=='0') + echo " checked"; + echo ">No \n"; + echo " <input type=\"radio\" name=\"eAktiv\" value=\"1\""; + if (mysql_result($Erg, 0, "Aktiv")=='1') + echo " checked"; + echo ">Yes \n"; + echo "</td></tr>\n"; + + // T-Shirt bekommen? + echo " <tr><td>T-Shirt</td><td>\n"; + echo " <input type=\"radio\" name=\"eTshirt\" value=\"0\""; + if (mysql_result($Erg, 0, "Tshirt")=='0') + echo " checked"; + echo ">No \n"; + echo " <input type=\"radio\" name=\"eTshirt\" value=\"1\""; + if (mysql_result($Erg, 0, "Tshirt")=='1') + echo " checked"; + echo ">Yes \n"; + echo "</td></tr>\n"; + + // Menu links/rechts + echo " <tr><td>Menu</td><td>\n"; + echo " <input type=\"radio\" name=\"eMenu\" value=\"L\""; + if (mysql_result($Erg, 0, "Menu")=='L') + echo " checked"; + echo ">L \n"; + echo " <input type=\"radio\" name=\"eMenu\" value=\"R\""; + if (mysql_result($Erg, 0, "Menu")=='R') + echo " checked"; + echo ">R \n"; + echo "</td></tr>\n"; + + echo " <tr><td>Hometown</td><td>". + "<input type=\"text\" size=\"40\" name=\"Hometown\" value=\"". + mysql_result($Erg, 0, "Hometown")."\"></td></tr>\n"; + + echo "</table>\n</td><td valign=\"top\">". displayavatar($_GET["enterUID"], FALSE). "</td></tr>"; + } + + echo "</td></tr>\n"; + echo "</table>\n<br>\n"; + echo "<input type=\"hidden\" name=\"enterUID\" value=\"". $_GET["enterUID"]. "\">\n"; + echo "<input type=\"submit\" value=\"sichern...\">\n"; + echo "</form>"; + + echo "<form action=\"./userSaveNormal.php?action=delete\" method=\"POST\">\n"; + echo "<input type=\"hidden\" name=\"enterUID\" value=\"". $_GET["enterUID"]. "\">\n"; + echo "<input type=\"submit\" value=\"löschen...\">\n"; + echo "</form>"; +} + +include ("../../includes/footer.php"); +?> + + diff --git a/www-ssl/admin/userChangeSecure.php b/www-ssl/admin/userChangeSecure.php new file mode 100755 index 00000000..e7de1b5c --- /dev/null +++ b/www-ssl/admin/userChangeSecure.php @@ -0,0 +1,99 @@ +<?PHP + +$title = "User-Liste"; +$header = "Editieren der Engelliste"; +include ("../../includes/header.php"); +include ("../../includes/funktion_db_list.php"); + +if (IsSet($_GET["enterUID"])) +{ + // UserID wurde mit uebergeben --> Aendern... + + echo "Hallo,<br>". + "hier kannst du den Eintrag ändern. Unter dem Punkt 'Gekommen' ". + "wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, ". + "dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. ". + "Wenn T-Shirt ein 'Ja' enthält, bedeutet dies, dass der Engel ". + "bereits sein T-Shirt erhalten hat.<br><br>\n"; + + echo "<form action=\"./userChangeSecure.php?action=change\" method=\"POST\">\n"; + echo "<table border=\"0\">\n"; + echo "<input type=\"hidden\" name=\"Type\" value=\"Secure\">\n"; + + // CVS-Rechte + echo " <tr><td><br><u>Rights of \"". UID2Nick($_GET["enterUID"]). "\":</u></td></tr>\n"; + + $SQL_CVS = "SELECT * FROM `UserCVS` WHERE `UID`='". $_GET["enterUID"]. "'"; + $Erg_CVS = mysql_query($SQL_CVS, $con); + + if( mysql_num_rows($Erg_CVS) != 1) + echo "Sorry, der Engel (UID=". $_GET["enterUID"]. ") wurde in der Liste nicht gefunden."; + else + { + $CVS_Data = mysql_fetch_array($Erg_CVS); + $CVS_Data_i = 1; + foreach ($CVS_Data as $CVS_Data_Name => $CVS_Data_Value) + { + $CVS_Data_i++; + //nur jeder zweiter sonst wird für jeden text noch die position (Zahl) ausgegeben + if( $CVS_Data_i%2 && $CVS_Data_Name!="UID") + { + if($CVS_Data_Name=="GroupID") { + if( $_GET["enterUID"] > 0 ) + { + echo "<tr><td><b>Group</b></td>\n". + "<td><select name=\"GroupID\">"; + + $SQL_Group = "SELECT * FROM `UserGroups`"; + $Erg_Group = mysql_query($SQL_Group, $con); + for ($n = 0 ; $n < mysql_num_rows($Erg_Group) ; $n++) + { + $UID = mysql_result($Erg_Group, $n, "UID"); + echo "\t<option value=\"$UID\""; + if( $CVS_Data_Value == $UID) + echo " selected"; + echo ">". mysql_result($Erg_Group, $n, "Name"). "</option>\n"; + } + echo "</select></td></tr>"; + } + } else { + echo "<tr><td>$CVS_Data_Name</td>\n<td>"; + echo "<input type=\"radio\" name=\"".($CVS_Data_i-1)."\" value=\"Y\" "; + if( $CVS_Data_Value == "Y" ) + echo " checked"; + echo ">allow \n"; + echo "<input type=\"radio\" name=\"".($CVS_Data_i-1)."\" value=\"N\" "; + if( $CVS_Data_Value == "N" ) + echo " checked"; + echo ">denied \n"; + if( $_GET["enterUID"] > 0 ) + { + echo "<input type=\"radio\" name=\"".($CVS_Data_i-1)."\" value=\"G\" "; + if( $CVS_Data_Value == "G" ) + echo " checked"; + echo ">group-setting \n"; + echo "</td></tr>"; + } + } + } //IF + } //Foreach + echo "</td></tr>\n"; + } // IF TYPE + + // Ende Formular + echo "</td></tr>\n"; + echo "</table>\n<br>\n"; + echo "<input type=\"hidden\" name=\"enterUID\" value=\"". $_GET["enterUID"]. "\">\n"; + echo "<input type=\"submit\" value=\"sichern...\">\n"; + echo "</form>"; + + echo "<form action=\"./userSaveSecure.php?action=delete\" method=\"POST\">\n"; + echo "<input type=\"hidden\" name=\"enterUID\" value=\"". $_GET["enterUID"]. "\">\n"; + echo "<input type=\"submit\" value=\"löschen...\">\n"; + echo "</form>"; +} + +include ("../../includes/footer.php"); +?> + + diff --git a/www-ssl/admin/user2.php b/www-ssl/admin/userSaveNormal.php index 229a4cdc..229a4cdc 100755 --- a/www-ssl/admin/user2.php +++ b/www-ssl/admin/userSaveNormal.php diff --git a/www-ssl/admin/userSaveSecure.php b/www-ssl/admin/userSaveSecure.php new file mode 100755 index 00000000..229a4cdc --- /dev/null +++ b/www-ssl/admin/userSaveSecure.php @@ -0,0 +1,162 @@ +<?PHP + +$title = "User-Liste"; +$header = "Index"; +include ("../../includes/header.php"); +include ("../../includes/funktion_db_list.php"); +include ("../../includes/crypt.php"); +include ("../../includes/funktion_db.php"); + +if (IsSet($_GET["action"])) +{ + + SetHeaderGo2Back(); + echo "Gesendeter Befehl: ". $_GET["action"]. "<br>"; + + switch ($_GET["action"]) + { + case "change": + if (IsSet($_POST["enterUID"])) + { + if ($_POST["Type"] == "Normal") + { + $SQL = "UPDATE `User` SET "; + $SQL.= " `Nick` = '". $_POST["eNick"]. "', `Name` = '". $_POST["eName"]. "', ". + "`Vorname` = '". $_POST["eVorname"]. "', ". + "`Telefon` = '". $_POST["eTelefon"]. "', ". + "`Handy` = '". $_POST["eHandy"]. "', ". + "`DECT` = '". $_POST["eDECT"]. "', ". + "`email` = '". $_POST["eemail"]. "', ". + "`ICQ` = '". $_POST["eICQ"]. "', ". + "`jabber` = '". $_POST["ejabber"]. "', ". + "`Size` = '". $_POST["eSize"]. "', ". + "`Gekommen`= '". $_POST["eGekommen"]. "', ". + "`Aktiv`= '". $_POST["eAktiv"]. "', ". + "`Tshirt` = '". $_POST["eTshirt"]. "', ". + "`Hometown` = '". $_POST["Hometown"]. "', ". + "`Menu` = '". $_POST["eMenu"]. "' ". + "WHERE `UID` = '". $_POST["enterUID"]. + "' LIMIT 1;"; + echo "User-"; + $Erg = db_query($SQL, "change user details"); + if ($Erg == 1) { + echo "Änderung wurde gesichert...\n"; + } else { + echo "Fehler beim speichern...\n(". mysql_error($con). ")"; + } + } + elseif ($_POST["Type"] == "Secure") + { + $SQL2 = "UPDATE `UserCVS` SET "; + $SQL_CVS = "SELECT * FROM `UserCVS` WHERE `UID`='". $_POST["enterUID"]. "'"; + $Erg_CVS = mysql_query($SQL_CVS, $con); + $CVS_Data = mysql_fetch_array($Erg_CVS); + $CVS_Data_i = 1; + foreach ($CVS_Data as $CVS_Data_Name => $CVS_Data_Value) + { + if( ($CVS_Data_i+1)%2 && $CVS_Data_Name!="UID") { + if( $CVS_Data_Name == "GroupID") + { + if( $_POST["enterUID"] > 0 ) + $SQL2.= "`$CVS_Data_Name` = ". $_POST["GroupID"].", "; + } else { + $SQL2.= "`$CVS_Data_Name` = '". $_POST[$CVS_Data_i]."', "; + } + } + $CVS_Data_i++; + } + $SQL2 = substr( $SQL2, 0, strlen($SQL2)-2 ); + $SQL2.= " WHERE `UID`='". $_POST["enterUID"]. "' LIMIT 1;"; + echo "<br>Secure-"; + $Erg = db_query($SQL2, "change user CVS"); + if ($Erg == 1) { + echo "Änderung wurde gesichert...\n"; + } else { + echo "Fehler beim speichern...\n(". mysql_error($con). ")"; + } + } + else + echo "<h1>Fehler: Unbekanter Type (". $_POST["Type"]. ") übergeben\n</h1>\n"; + } + else + echo "<h1>Fehler: UserID (enterUID) wurde nicht per POST übergeben</h1>\n"; + break; + + case "delete": + if (IsSet($_POST["enterUID"])) + { + echo "delate User..."; + $SQL="DELETE FROM `User` WHERE `UID`='". $_POST["enterUID"]. "' LIMIT 1;"; + $Erg = db_query($SQL, "User delete"); + if ($Erg == 1) { + echo "Änderung wurde gesichert...\n"; + } else { + echo "Fehler beim speichern...\n(". mysql_error($con). ")"; + } + + echo "<br>\ndelate UserCVS..."; + $SQL2="DELETE FROM `UserCVS` WHERE `UID`='". $_POST["enterUID"]. "' LIMIT 1;"; + $Erg = db_query($SQL2, "User CVS delete"); + if ($Erg == 1) { + echo "Änderung wurde gesichert...\n"; + } else { + echo "Fehler beim speichern...\n(". mysql_error($con). ")"; + } + + echo "<br>\ndelate UserEntry..."; + $SQL3="UPDATE `ShiftEntry` SET `UID`='0', `Comment`=NULL ". + "WHERE `UID`='". $_POST["enterUID"]. "';"; + $Erg = db_query($SQL3, "delate UserEntry"); + if ($Erg == 1) { + echo "Änderung wurde gesichert...\n"; + } else { + echo "Fehler beim speichern...\n(". mysql_error($con). ")"; + } + } + break; + + + case "newpw": + echo "Bitte neues Kennwort für <b>"; + // Get Nick + $USQL = "SELECT * FROM `User` WHERE `UID`='". $_GET["eUID"]. "'"; + $Erg = mysql_query($USQL, $con); + echo mysql_result($Erg, 0, "Nick"); + echo "</b> eingeben:<br>"; + echo "<form action=\"./user2.php?action=newpwsave\" method=\"POST\">\n"; + echo "<input type=\"Password\" name=\"ePasswort\">"; + echo "<input type=\"Password\" name=\"ePasswort2\">"; + echo "<input type=\"hidden\" name=\"eUID\" value=\"". $_GET["eUID"]. "\">"; + echo "<input type=\"submit\" value=\"sichern...\">\n"; + echo "</form>"; + break; + + case "newpwsave": + if ($_POST["ePasswort"] == $_POST["ePasswort2"]) + { // beide Passwoerter passen... + $_POST["ePasswort"] = PassCrypt($_POST["ePasswort"]); + $SQL = "UPDATE `User` SET `Passwort`='". $_POST["ePasswort"]. "' ". + "WHERE `UID`='". $_POST["eUID"]. "'"; + $Erg = db_query($SQL, "User new passwort"); + if ($Erg == 1) { + echo "Änderung wurde gesichert...\n"; + } else { + echo "Fehler beim speichern...\n(". mysql_error($con). ")"; + } + } + else + echo "Das Passwort wurde nicht übereinstimmend eingegeben!"; + break; + } // end switch + +// ende - Action ist gesetzt +} +else +{ + // kein Action gesetzt -> abbruch + echo "Unzulässiger Aufruf.<br>Bitte neu editieren..."; +} + +include ("../../includes/footer.php"); +?> + |