summaryrefslogtreecommitdiff
path: root/www-ssl
diff options
context:
space:
mode:
authorPhilip Häusler <msquare@notrademark.de>2011-06-03 08:17:16 +0200
committerPhilip Häusler <msquare@notrademark.de>2011-06-03 08:17:16 +0200
commit170f8d2342e87f91f3ee3c4ad8ef161095666349 (patch)
tree06c95294895b85c720951791e57de9677917113c /www-ssl
parentbad34a0b263a60f024102df21a5613f9b0e72cc9 (diff)
user management
Diffstat (limited to 'www-ssl')
-rw-r--r--www-ssl/admin/userChangeSecure.php104
-rw-r--r--www-ssl/admin/userSaveSecure.php167
2 files changed, 0 insertions, 271 deletions
diff --git a/www-ssl/admin/userChangeSecure.php b/www-ssl/admin/userChangeSecure.php
deleted file mode 100644
index 69c4601d..00000000
--- a/www-ssl/admin/userChangeSecure.php
+++ /dev/null
@@ -1,104 +0,0 @@
-<?php
-require_once ('../bootstrap.php');
-
-$title = "User-Liste";
-$header = "Editieren der Engelliste";
-include ("includes/header.php");
-include ("includes/funktion_db_list.php");
-
-if (IsSet ($_GET["enterUID"])) {
- // UserID wurde mit uebergeben --> Aendern...
-
- echo "Hallo,<br />" .
- "hier kannst du den Eintrag &auml;ndern. Unter dem Punkt 'Gekommen' " .
- "wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, " .
- "dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. " .
- "Wenn T-Shirt ein 'Ja' enth&auml;lt, bedeutet dies, dass der Engel " .
- "bereits sein T-Shirt erhalten hat.<br /><br />\n";
-
- $SQL_CVS = "SELECT * FROM `UserCVS` WHERE `UID`='" . $_GET["enterUID"] . "'";
- $Erg_CVS = mysql_query($SQL_CVS, $con);
-
- if (mysql_num_rows($Erg_CVS) != 1)
- echo "Sorry, der Engel (UID=" . $_GET["enterUID"] . ") wurde in der Liste nicht gefunden.";
- else {
- // Rename if is an group
- if ($_GET["enterUID"] < 0) {
- $SQLname = "SELECT `Name` FROM `UserGroups` WHERE `UID`='" . $_GET["enterUID"] . "'";
- $ErgName = mysql_query($SQLname, $con);
- echo mysql_error($con);
-
- echo "<form action=\"./userSaveSecure.php?action=changeGroupName\" method=\"POST\">\n";
- echo "<input type=\"hidden\" name=\"enterUID\" value=\"" . $_GET["enterUID"] . "\">\n";
- echo "<input type=\"text\" name=\"GroupName\" value=\"" . mysql_result($ErgName, 0, "Name") . "\">\n";
- echo "<input type=\"submit\" value=\"rename\">\n";
- echo "</form>";
- }
-
- echo "<form action=\"./userSaveSecure.php?action=change\" method=\"POST\">\n";
- echo "<table border=\"0\">\n";
- echo "<input type=\"hidden\" name=\"Type\" value=\"Secure\">\n";
- echo " <tr><td><br /><u>Rights of \"" . UID2Nick($_GET["enterUID"]) . "\":</u></td></tr>\n";
-
- $CVS_Data = mysql_fetch_array($Erg_CVS);
- $CVS_Data_i = 1;
- foreach ($CVS_Data as $CVS_Data_Name => $CVS_Data_Value) {
- $CVS_Data_i++;
- //nur jeder zweiter sonst wird f�r jeden text noch die position (Zahl) ausgegeben
- if ($CVS_Data_i % 2 && $CVS_Data_Name != "UID") {
- if ($CVS_Data_Name == "GroupID") {
- if ($_GET["enterUID"] > 0) {
- echo "<tr><td><b>Group</b></td>\n" .
- "<td><select name=\"GroupID\">";
-
- $SQL_Group = "SELECT * FROM `UserGroups`";
- $Erg_Group = mysql_query($SQL_Group, $con);
- for ($n = 0; $n < mysql_num_rows($Erg_Group); $n++) {
- $UID = mysql_result($Erg_Group, $n, "UID");
- echo "\t<option value=\"$UID\"";
- if ($CVS_Data_Value == $UID)
- echo " selected";
- echo ">" . mysql_result($Erg_Group, $n, "Name") . "</option>\n";
- }
- echo "</select></td></tr>";
- }
- } else {
- echo "<tr><td>$CVS_Data_Name</td>\n<td>";
- echo "<input type=\"radio\" name=\"" . ($CVS_Data_i -1) . "\" value=\"Y\" ";
- if ($CVS_Data_Value == "Y")
- echo " checked";
- echo ">allow \n";
- echo "<input type=\"radio\" name=\"" . ($CVS_Data_i -1) . "\" value=\"N\" ";
- if ($CVS_Data_Value == "N")
- echo " checked";
- echo ">denied \n";
- if ($_GET["enterUID"] > 0) {
- echo "<input type=\"radio\" name=\"" . ($CVS_Data_i -1) . "\" value=\"G\" ";
- if ($CVS_Data_Value == "G")
- echo " checked";
- echo ">group-setting \n";
- echo "</td></tr>";
- }
- }
- } //IF
- } //Foreach
- echo "</td></tr>\n";
-
- // Ende Formular
- echo "</td></tr>\n";
- echo "</table>\n<br />\n";
- echo "<input type=\"hidden\" name=\"enterUID\" value=\"" . $_GET["enterUID"] . "\">\n";
- echo "<input type=\"submit\" value=\"sichern...\">\n";
- echo "</form>";
-
- echo "<br /><form action=\"./userSaveSecure.php?action=delete\" method=\"POST\">\n";
- echo "<input type=\"hidden\" name=\"enterUID\" value=\"" . $_GET["enterUID"] . "\">\n";
- echo "<input type=\"submit\" value=\"l&ouml;schen...\">\n";
- echo "</form>";
- }
-}
-
-include ("includes/footer.php");
-?>
-
-
diff --git a/www-ssl/admin/userSaveSecure.php b/www-ssl/admin/userSaveSecure.php
deleted file mode 100644
index de4b47ff..00000000
--- a/www-ssl/admin/userSaveSecure.php
+++ /dev/null
@@ -1,167 +0,0 @@
-<?php
-require_once ('../bootstrap.php');
-
-$title = "User-Liste";
-$header = "Index";
-include ("includes/header.php");
-include ("includes/funktion_db_list.php");
-include ("includes/crypt.php");
-include ("includes/funktion_db.php");
-
-if (!IsSet ($_POST["enterUID"])) {
- $Right = "N";
-}
-elseif ($_POST["enterUID"] > 0) {
- $Right = $_SESSION['CVS']["admin/user.php"];
-} else {
- $Right = $_SESSION['CVS']["admin/group.php"];
-}
-
-if (($Right == "Y") && IsSet ($_GET["action"])) {
- SetHeaderGo2Back();
- echo "Gesendeter Befehl: " . $_GET["action"] . "<br />";
-
- switch ($_GET["action"]) {
- case "change" :
- if (IsSet ($_POST["enterUID"])) {
- if ($_POST["Type"] == "Secure") {
- $SQL2 = "UPDATE `UserCVS` SET ";
- $SQL_CVS = "SELECT * FROM `UserCVS` WHERE `UID`='" . $_POST["enterUID"] . "'";
- $Erg_CVS = mysql_query($SQL_CVS, $con);
- $CVS_Data = mysql_fetch_array($Erg_CVS);
- $CVS_Data_i = 1;
- foreach ($CVS_Data as $CVS_Data_Name => $CVS_Data_Value) {
- if (($CVS_Data_i +1) % 2 && $CVS_Data_Name != "UID") {
- if ($CVS_Data_Name == "GroupID") {
- if ($_POST["enterUID"] > 0)
- $SQL2 .= "`$CVS_Data_Name` = '" . $_POST["GroupID"] . "', ";
- else
- $SQL2 .= "`$CVS_Data_Name` = NULL, ";
- } else {
- $SQL2 .= "`$CVS_Data_Name` = '" . $_POST[$CVS_Data_i] . "', ";
- }
- }
- $CVS_Data_i++;
- }
- $SQL2 = substr($SQL2, 0, strlen($SQL2) - 2);
- $SQL2 .= " WHERE `UID`='" . $_POST["enterUID"] . "' LIMIT 1;";
- echo "<br />Secure-";
- $Erg = db_query($SQL2, "change user CVS");
- if ($Erg == 1) {
- echo "&Auml;nderung wurde gesichert...\n";
- } else {
- echo "Fehler beim speichern...\n(" . mysql_error($con) . ")";
- }
- } else
- echo "<h1>Fehler: Unbekanter Type (" . $_POST["Type"] . ") �bergeben\n</h1>\n";
- } else
- echo "<h1>Fehler: UserID (enterUID) wurde nicht per POST �bergeben</h1>\n";
- break;
-
- case "changeGroupName" :
- if (IsSet ($_POST["enterUID"]) && ($_POST["enterUID"] < 0)) {
- $SQL = "UPDATE `UserGroups` SET `Name`='" . $_POST["GroupName"] . "' WHERE `UID`='" . $_POST["enterUID"] . "' LIMIT 1 ;";
- $Erg = db_query($SQL, "Update Group Name");
- if ($Erg == 1) {
- echo "&Auml;nderung wurde gesichert...\n";
- } else {
- echo "Fehler beim speichern...\n(" . mysql_error($con) . ")";
- }
- } else
- echo "<h1>Fehler: UserID (enterUID) wurde nicht per POST �bergeben</h1>\n";
- break;
-
- case "delete" :
- if (IsSet ($_POST["enterUID"]) && ($_POST["enterUID"] > 0)) {
- echo "delate User...";
- $SQL = "DELETE FROM `User` WHERE `UID`='" . $_POST["enterUID"] . "' LIMIT 1;";
- $Erg = db_query($SQL, "User delete");
- if ($Erg == 1) {
- echo "&Auml;nderung wurde gesichert...\n";
- } else {
- echo "Fehler beim speichern...\n(" . mysql_error($con) . ")";
- }
-
- echo "<br />\ndelate UserCVS...";
- $SQL2 = "DELETE FROM `UserCVS` WHERE `UID`='" . $_POST["enterUID"] . "' LIMIT 1;";
- $Erg = db_query($SQL2, "User CVS delete");
- if ($Erg == 1) {
- echo "&Auml;nderung wurde gesichert...\n";
- } else {
- echo "Fehler beim speichern...\n(" . mysql_error($con) . ")";
- }
-
- echo "<br />\ndelate UserEntry...";
- $SQL3 = "UPDATE `ShiftEntry` SET `UID`='0', `Comment`=NULL " .
- "WHERE `UID`='" . $_POST["enterUID"] . "';";
- $Erg = db_query($SQL3, "delate UserEntry");
- if ($Erg == 1) {
- echo "&Auml;nderung wurde gesichert...\n";
- } else {
- echo "Fehler beim speichern...\n(" . mysql_error($con) . ")";
- }
- }
- elseif (IsSet ($_POST["enterUID"]) && ($_POST["enterUID"] < 0)) {
- echo "delate Group...";
- $SQL = "DELETE FROM `UserGroups` WHERE `UID`='" . $_POST["enterUID"] . "' LIMIT 1;";
- $Erg = db_query($SQL, "Group delete");
- if ($Erg == 1) {
- echo "&Auml;nderung wurde gesichert...\n";
- } else {
- echo "Fehler beim speichern...\n(" . mysql_error($con) . ")";
- }
-
- echo "<br />\ndelate UserCVS...";
- $SQL2 = "DELETE FROM `UserCVS` WHERE `UID`='" . $_POST["enterUID"] . "' LIMIT 1;";
- $Erg = db_query($SQL2, "User CVS delete");
- if ($Erg == 1) {
- echo "&Auml;nderung wurde gesichert...\n";
- } else {
- echo "Fehler beim speichern...\n(" . mysql_error($con) . ")";
- }
-
- }
- break;
- } // end switch
-
- // ende - Action ist gesetzt
-}
-elseif (IsSet ($_GET["new"]) && ($_SESSION['CVS']["admin/group.php"] == "Y")) {
- echo "Gesendeter Befehl: " . $_GET["new"] . "<br />";
-
- switch ($_GET["new"]) {
- case "newGroup" :
- echo "\tGenerate new Group ID...\n";
- $SQLid = "SELECT MIN(`UID`) FROM `UserCVS`;";
- $Erg = mysql_query($SQLid);
-
- if (mysql_num_rows($Erg) == 1) {
- $NewId = mysql_result($Erg, 0, 0) - 1;
- $SQLnew1 = "INSERT INTO `UserGroups` (`UID`, `Name`) VALUES ('$NewId', '" . $_POST["GroupName"] . "' );";
- $SQLnew2 = "INSERT INTO `UserCVS` (`UID`, `GroupID`) VALUES ('$NewId', NULL );";
- echo "\t<br />Generate new UserGroup ...\n";
- $ErgNew1 = db_query($SQLnew1, "create UserGroups Entry");
- if ($ErgNew1 == 1) {
- echo "\t<br />Generate new User rights...\n";
- $ErgNew2 = db_query($SQLnew2, "UserCVS Entry");
- if ($ErgNew1 == 1) {
- echo "\t<br />New group was created.\n";
- } else {
- echo "Error on creation\n(" . mysql_error($con) . ")";
- }
- } else {
- echo "Error on creation\n(" . mysql_error($con) . ")";
- }
-
- }
-
- break;
- }
-} else {
- // kein Action gesetzt -> abbruch
- echo "Unzul&auml;ssiger Aufruf.<br />Bitte neu editieren...";
-}
-
-include ("includes/footer.php");
-?>
-