diff options
| author | Philip Häusler <msquare@notrademark.de> | 2011-06-03 08:17:16 +0200 |
|---|---|---|
| committer | Philip Häusler <msquare@notrademark.de> | 2011-06-03 08:17:16 +0200 |
| commit | 170f8d2342e87f91f3ee3c4ad8ef161095666349 (patch) | |
| tree | 06c95294895b85c720951791e57de9677917113c /www-ssl | |
| parent | bad34a0b263a60f024102df21a5613f9b0e72cc9 (diff) | |
user management
Diffstat (limited to 'www-ssl')
| -rw-r--r-- | www-ssl/admin/userChangeSecure.php | 104 | ||||
| -rw-r--r-- | www-ssl/admin/userSaveSecure.php | 167 |
2 files changed, 0 insertions, 271 deletions
diff --git a/www-ssl/admin/userChangeSecure.php b/www-ssl/admin/userChangeSecure.php deleted file mode 100644 index 69c4601d..00000000 --- a/www-ssl/admin/userChangeSecure.php +++ /dev/null @@ -1,104 +0,0 @@ -<?php -require_once ('../bootstrap.php'); - -$title = "User-Liste"; -$header = "Editieren der Engelliste"; -include ("includes/header.php"); -include ("includes/funktion_db_list.php"); - -if (IsSet ($_GET["enterUID"])) { - // UserID wurde mit uebergeben --> Aendern... - - echo "Hallo,<br />" . - "hier kannst du den Eintrag ändern. Unter dem Punkt 'Gekommen' " . - "wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, " . - "dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. " . - "Wenn T-Shirt ein 'Ja' enthält, bedeutet dies, dass der Engel " . - "bereits sein T-Shirt erhalten hat.<br /><br />\n"; - - $SQL_CVS = "SELECT * FROM `UserCVS` WHERE `UID`='" . $_GET["enterUID"] . "'"; - $Erg_CVS = mysql_query($SQL_CVS, $con); - - if (mysql_num_rows($Erg_CVS) != 1) - echo "Sorry, der Engel (UID=" . $_GET["enterUID"] . ") wurde in der Liste nicht gefunden."; - else { - // Rename if is an group - if ($_GET["enterUID"] < 0) { - $SQLname = "SELECT `Name` FROM `UserGroups` WHERE `UID`='" . $_GET["enterUID"] . "'"; - $ErgName = mysql_query($SQLname, $con); - echo mysql_error($con); - - echo "<form action=\"./userSaveSecure.php?action=changeGroupName\" method=\"POST\">\n"; - echo "<input type=\"hidden\" name=\"enterUID\" value=\"" . $_GET["enterUID"] . "\">\n"; - echo "<input type=\"text\" name=\"GroupName\" value=\"" . mysql_result($ErgName, 0, "Name") . "\">\n"; - echo "<input type=\"submit\" value=\"rename\">\n"; - echo "</form>"; - } - - echo "<form action=\"./userSaveSecure.php?action=change\" method=\"POST\">\n"; - echo "<table border=\"0\">\n"; - echo "<input type=\"hidden\" name=\"Type\" value=\"Secure\">\n"; - echo " <tr><td><br /><u>Rights of \"" . UID2Nick($_GET["enterUID"]) . "\":</u></td></tr>\n"; - - $CVS_Data = mysql_fetch_array($Erg_CVS); - $CVS_Data_i = 1; - foreach ($CVS_Data as $CVS_Data_Name => $CVS_Data_Value) { - $CVS_Data_i++; - //nur jeder zweiter sonst wird f�r jeden text noch die position (Zahl) ausgegeben - if ($CVS_Data_i % 2 && $CVS_Data_Name != "UID") { - if ($CVS_Data_Name == "GroupID") { - if ($_GET["enterUID"] > 0) { - echo "<tr><td><b>Group</b></td>\n" . - "<td><select name=\"GroupID\">"; - - $SQL_Group = "SELECT * FROM `UserGroups`"; - $Erg_Group = mysql_query($SQL_Group, $con); - for ($n = 0; $n < mysql_num_rows($Erg_Group); $n++) { - $UID = mysql_result($Erg_Group, $n, "UID"); - echo "\t<option value=\"$UID\""; - if ($CVS_Data_Value == $UID) - echo " selected"; - echo ">" . mysql_result($Erg_Group, $n, "Name") . "</option>\n"; - } - echo "</select></td></tr>"; - } - } else { - echo "<tr><td>$CVS_Data_Name</td>\n<td>"; - echo "<input type=\"radio\" name=\"" . ($CVS_Data_i -1) . "\" value=\"Y\" "; - if ($CVS_Data_Value == "Y") - echo " checked"; - echo ">allow \n"; - echo "<input type=\"radio\" name=\"" . ($CVS_Data_i -1) . "\" value=\"N\" "; - if ($CVS_Data_Value == "N") - echo " checked"; - echo ">denied \n"; - if ($_GET["enterUID"] > 0) { - echo "<input type=\"radio\" name=\"" . ($CVS_Data_i -1) . "\" value=\"G\" "; - if ($CVS_Data_Value == "G") - echo " checked"; - echo ">group-setting \n"; - echo "</td></tr>"; - } - } - } //IF - } //Foreach - echo "</td></tr>\n"; - - // Ende Formular - echo "</td></tr>\n"; - echo "</table>\n<br />\n"; - echo "<input type=\"hidden\" name=\"enterUID\" value=\"" . $_GET["enterUID"] . "\">\n"; - echo "<input type=\"submit\" value=\"sichern...\">\n"; - echo "</form>"; - - echo "<br /><form action=\"./userSaveSecure.php?action=delete\" method=\"POST\">\n"; - echo "<input type=\"hidden\" name=\"enterUID\" value=\"" . $_GET["enterUID"] . "\">\n"; - echo "<input type=\"submit\" value=\"löschen...\">\n"; - echo "</form>"; - } -} - -include ("includes/footer.php"); -?> - - diff --git a/www-ssl/admin/userSaveSecure.php b/www-ssl/admin/userSaveSecure.php deleted file mode 100644 index de4b47ff..00000000 --- a/www-ssl/admin/userSaveSecure.php +++ /dev/null @@ -1,167 +0,0 @@ -<?php -require_once ('../bootstrap.php'); - -$title = "User-Liste"; -$header = "Index"; -include ("includes/header.php"); -include ("includes/funktion_db_list.php"); -include ("includes/crypt.php"); -include ("includes/funktion_db.php"); - -if (!IsSet ($_POST["enterUID"])) { - $Right = "N"; -} -elseif ($_POST["enterUID"] > 0) { - $Right = $_SESSION['CVS']["admin/user.php"]; -} else { - $Right = $_SESSION['CVS']["admin/group.php"]; -} - -if (($Right == "Y") && IsSet ($_GET["action"])) { - SetHeaderGo2Back(); - echo "Gesendeter Befehl: " . $_GET["action"] . "<br />"; - - switch ($_GET["action"]) { - case "change" : - if (IsSet ($_POST["enterUID"])) { - if ($_POST["Type"] == "Secure") { - $SQL2 = "UPDATE `UserCVS` SET "; - $SQL_CVS = "SELECT * FROM `UserCVS` WHERE `UID`='" . $_POST["enterUID"] . "'"; - $Erg_CVS = mysql_query($SQL_CVS, $con); - $CVS_Data = mysql_fetch_array($Erg_CVS); - $CVS_Data_i = 1; - foreach ($CVS_Data as $CVS_Data_Name => $CVS_Data_Value) { - if (($CVS_Data_i +1) % 2 && $CVS_Data_Name != "UID") { - if ($CVS_Data_Name == "GroupID") { - if ($_POST["enterUID"] > 0) - $SQL2 .= "`$CVS_Data_Name` = '" . $_POST["GroupID"] . "', "; - else - $SQL2 .= "`$CVS_Data_Name` = NULL, "; - } else { - $SQL2 .= "`$CVS_Data_Name` = '" . $_POST[$CVS_Data_i] . "', "; - } - } - $CVS_Data_i++; - } - $SQL2 = substr($SQL2, 0, strlen($SQL2) - 2); - $SQL2 .= " WHERE `UID`='" . $_POST["enterUID"] . "' LIMIT 1;"; - echo "<br />Secure-"; - $Erg = db_query($SQL2, "change user CVS"); - if ($Erg == 1) { - echo "Änderung wurde gesichert...\n"; - } else { - echo "Fehler beim speichern...\n(" . mysql_error($con) . ")"; - } - } else - echo "<h1>Fehler: Unbekanter Type (" . $_POST["Type"] . ") �bergeben\n</h1>\n"; - } else - echo "<h1>Fehler: UserID (enterUID) wurde nicht per POST �bergeben</h1>\n"; - break; - - case "changeGroupName" : - if (IsSet ($_POST["enterUID"]) && ($_POST["enterUID"] < 0)) { - $SQL = "UPDATE `UserGroups` SET `Name`='" . $_POST["GroupName"] . "' WHERE `UID`='" . $_POST["enterUID"] . "' LIMIT 1 ;"; - $Erg = db_query($SQL, "Update Group Name"); - if ($Erg == 1) { - echo "Änderung wurde gesichert...\n"; - } else { - echo "Fehler beim speichern...\n(" . mysql_error($con) . ")"; - } - } else - echo "<h1>Fehler: UserID (enterUID) wurde nicht per POST �bergeben</h1>\n"; - break; - - case "delete" : - if (IsSet ($_POST["enterUID"]) && ($_POST["enterUID"] > 0)) { - echo "delate User..."; - $SQL = "DELETE FROM `User` WHERE `UID`='" . $_POST["enterUID"] . "' LIMIT 1;"; - $Erg = db_query($SQL, "User delete"); - if ($Erg == 1) { - echo "Änderung wurde gesichert...\n"; - } else { - echo "Fehler beim speichern...\n(" . mysql_error($con) . ")"; - } - - echo "<br />\ndelate UserCVS..."; - $SQL2 = "DELETE FROM `UserCVS` WHERE `UID`='" . $_POST["enterUID"] . "' LIMIT 1;"; - $Erg = db_query($SQL2, "User CVS delete"); - if ($Erg == 1) { - echo "Änderung wurde gesichert...\n"; - } else { - echo "Fehler beim speichern...\n(" . mysql_error($con) . ")"; - } - - echo "<br />\ndelate UserEntry..."; - $SQL3 = "UPDATE `ShiftEntry` SET `UID`='0', `Comment`=NULL " . - "WHERE `UID`='" . $_POST["enterUID"] . "';"; - $Erg = db_query($SQL3, "delate UserEntry"); - if ($Erg == 1) { - echo "Änderung wurde gesichert...\n"; - } else { - echo "Fehler beim speichern...\n(" . mysql_error($con) . ")"; - } - } - elseif (IsSet ($_POST["enterUID"]) && ($_POST["enterUID"] < 0)) { - echo "delate Group..."; - $SQL = "DELETE FROM `UserGroups` WHERE `UID`='" . $_POST["enterUID"] . "' LIMIT 1;"; - $Erg = db_query($SQL, "Group delete"); - if ($Erg == 1) { - echo "Änderung wurde gesichert...\n"; - } else { - echo "Fehler beim speichern...\n(" . mysql_error($con) . ")"; - } - - echo "<br />\ndelate UserCVS..."; - $SQL2 = "DELETE FROM `UserCVS` WHERE `UID`='" . $_POST["enterUID"] . "' LIMIT 1;"; - $Erg = db_query($SQL2, "User CVS delete"); - if ($Erg == 1) { - echo "Änderung wurde gesichert...\n"; - } else { - echo "Fehler beim speichern...\n(" . mysql_error($con) . ")"; - } - - } - break; - } // end switch - - // ende - Action ist gesetzt -} -elseif (IsSet ($_GET["new"]) && ($_SESSION['CVS']["admin/group.php"] == "Y")) { - echo "Gesendeter Befehl: " . $_GET["new"] . "<br />"; - - switch ($_GET["new"]) { - case "newGroup" : - echo "\tGenerate new Group ID...\n"; - $SQLid = "SELECT MIN(`UID`) FROM `UserCVS`;"; - $Erg = mysql_query($SQLid); - - if (mysql_num_rows($Erg) == 1) { - $NewId = mysql_result($Erg, 0, 0) - 1; - $SQLnew1 = "INSERT INTO `UserGroups` (`UID`, `Name`) VALUES ('$NewId', '" . $_POST["GroupName"] . "' );"; - $SQLnew2 = "INSERT INTO `UserCVS` (`UID`, `GroupID`) VALUES ('$NewId', NULL );"; - echo "\t<br />Generate new UserGroup ...\n"; - $ErgNew1 = db_query($SQLnew1, "create UserGroups Entry"); - if ($ErgNew1 == 1) { - echo "\t<br />Generate new User rights...\n"; - $ErgNew2 = db_query($SQLnew2, "UserCVS Entry"); - if ($ErgNew1 == 1) { - echo "\t<br />New group was created.\n"; - } else { - echo "Error on creation\n(" . mysql_error($con) . ")"; - } - } else { - echo "Error on creation\n(" . mysql_error($con) . ")"; - } - - } - - break; - } -} else { - // kein Action gesetzt -> abbruch - echo "Unzulässiger Aufruf.<br />Bitte neu editieren..."; -} - -include ("includes/footer.php"); -?> - |