diff options
-rw-r--r-- | DB/db_rewrite.sql | 28 | ||||
-rw-r--r-- | includes/funktion_menu.php | 40 | ||||
-rw-r--r-- | includes/pages/admin_groups.php | 73 | ||||
-rw-r--r-- | includes/sys_menu.php | 3 | ||||
-rw-r--r-- | templates/admin_groups.html | 21 | ||||
-rw-r--r-- | templates/admin_groups_edit_form.html | 21 | ||||
-rw-r--r-- | txt/TODO | 2 | ||||
-rw-r--r-- | www-ssl/admin/group.php | 49 | ||||
-rw-r--r-- | www-ssl/index.php | 4 | ||||
-rw-r--r-- | www-ssl/nonpublic/messages.php | 124 |
10 files changed, 139 insertions, 226 deletions
diff --git a/DB/db_rewrite.sql b/DB/db_rewrite.sql index d4811235..5041ce9b 100644 --- a/DB/db_rewrite.sql +++ b/DB/db_rewrite.sql @@ -3,7 +3,7 @@ -- http://www.phpmyadmin.net -- -- Host: localhost --- Erstellungszeit: 02. Juni 2011 um 19:37 +-- Erstellungszeit: 02. Juni 2011 um 20:39 -- Server Version: 5.1.44 -- PHP-Version: 5.3.1 @@ -80,8 +80,9 @@ INSERT INTO `Counter` (`URL`, `Anz`) VALUES ('register', 3), ('admin_rooms', 70), ('admin_angel_types', 69), -('user_settings', 111), -('user_messages', 102); +('user_settings', 115), +('user_messages', 102), +('admin_groups', 86); -- -------------------------------------------------------- @@ -125,22 +126,22 @@ CREATE TABLE IF NOT EXISTS `GroupPrivileges` ( `privilege_id` int(11) NOT NULL, PRIMARY KEY (`id`), KEY `group_id` (`group_id`,`privilege_id`) -) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=10 ; +) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=28 ; -- -- Daten für Tabelle `GroupPrivileges` -- INSERT INTO `GroupPrivileges` (`id`, `group_id`, `privilege_id`) VALUES -(1, -1, 1), -(2, -1, 2), +(24, -1, 5), (3, -2, 3), (4, -2, 4), -(5, -1, 5), +(23, -1, 2), (6, -4, 6), (7, -4, 7), (8, -2, 8), -(9, -2, 9); +(9, -2, 9), +(12, -5, 10); -- -------------------------------------------------------- @@ -253,7 +254,7 @@ CREATE TABLE IF NOT EXISTS `Privileges` ( `desc` varchar(1024) NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `name` (`name`) -) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=10 ; +) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=11 ; -- -- Daten für Tabelle `Privileges` @@ -268,7 +269,8 @@ INSERT INTO `Privileges` (`id`, `name`, `desc`) VALUES (6, 'admin_rooms', 'Räume administrieren'), (7, 'admin_angel_types', 'Engel Typen administrieren'), (8, 'user_settings', 'User profile settings'), -(9, 'user_messages', 'Writing and reading messages from user to user'); +(9, 'user_messages', 'Writing and reading messages from user to user'), +(10, 'admin_groups', 'Manage usergroups and their rights'); -- -------------------------------------------------------- @@ -995,7 +997,9 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('credits', 'DE', 'Credits'), ('credits', 'EN', 'Credits'), ('pub_messages_Neu', 'DE', 'Neu'), -('pub_messages_Neu', 'EN', 'New'); +('pub_messages_Neu', 'EN', 'New'), +('admin_groups', 'DE', 'Gruppenrechte'), +('admin_groups', 'EN', 'Grouprights'); -- -------------------------------------------------------- @@ -1038,7 +1042,7 @@ CREATE TABLE IF NOT EXISTS `User` ( -- INSERT INTO `User` (`UID`, `Nick`, `Name`, `Vorname`, `Alter`, `Telefon`, `DECT`, `Handy`, `email`, `ICQ`, `jabber`, `Size`, `Passwort`, `Gekommen`, `Aktiv`, `Tshirt`, `color`, `Sprache`, `Avatar`, `Menu`, `lastLogIn`, `CreateDate`, `Art`, `kommentar`, `Hometown`) VALUES -(1, 'admin', '', '', 0, '', '', '', '', '', '', 'L', '21232f297a57a5a743894a0e4a801fc3', 0, 0, 0, 10, 'DE', 115, 'L', 1307043433, '0000-00-00 00:00:00', '', '', ''), +(1, 'admin', '', '', 0, '', '', '', '', '', '', 'L', '21232f297a57a5a743894a0e4a801fc3', 0, 0, 0, 10, 'DE', 115, 'L', 1307046926, '0000-00-00 00:00:00', '', '', ''), (147, 'msquare', '', '', 23, '', '', '', 'msquare@notrademark.de', '', '', 'L', 'e10adc3949ba59abbe56e057f20f883e', 0, 0, 0, 6, 'EN', 0, 'L', 1307042703, '2011-06-02 00:55:09', '', '', ''); -- -------------------------------------------------------- diff --git a/includes/funktion_menu.php b/includes/funktion_menu.php deleted file mode 100644 index 0a324758..00000000 --- a/includes/funktion_menu.php +++ /dev/null @@ -1,40 +0,0 @@ -<?php -// Menue generieren -function ShowMenu($MenuName) { - global $MenueTableStart, $MenueTableEnd, $_SESSION, $debug, $url, $ENGEL_ROOT; - $Gefunden = false; - - // Ueberschift - $Text = ""; - - // Eintraege - foreach ($_SESSION['CVS'] as $Key => $Entry) - if (strpos($Key, ".php") > 0) - if ((strpos("00$Key", "0$MenuName") > 0) || ((strlen($MenuName) == 0) && (strpos("0$Key", "/") == 0))) { - $TempName = Get_Text($Key, true); - - if ((true || $debug) && ($TempName == "")) - $TempName = "not found: \"$Key\""; - - if ($Entry == "Y") { - //zum absichtlkichen ausblenden von einträgen - if (strlen($TempName) > 1) { - //sonderfälle: - - if ($Key == "admin/faq.php") - $TempName .= " (" . noAnswer() . ")"; - elseif ($Key == "credits.php") continue; - //ausgabe - $Text .= "<li><a href=\"" . $url . $ENGEL_ROOT . $Key . "\">$TempName</a></li>\n"; - $Gefunden = true; - } - } - elseif ($debug) { - $Gefunden = true; - $Text .= "<li>$TempName ($Key)</li>\n"; - } - } - if ($Gefunden) - echo '<nav class="container"><h4>' . Get_Text("$MenuName/") . '</h4><ul class="content">' . $Text . '</ul></nav>'; -} //function ShowMenue -?> diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php new file mode 100644 index 00000000..5d9d8180 --- /dev/null +++ b/includes/pages/admin_groups.php @@ -0,0 +1,73 @@ +<?php +function admin_groups() { + global $user; + + $html = ""; + $groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`"); + if (!isset ($_REQUEST["action"])) { + $groups_html = ""; + foreach ($groups as $group) { + $groups_html .= '<tr>'; + $groups_html .= '<td>' . $group['Name'] . '</td>'; + $privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID'])); + $privileges_html = array (); + foreach ($privileges as $priv) + $privileges_html[] = $priv['name']; + $groups_html .= '<td>' . join(", ", $privileges_html) . '</td>'; + $groups_html .= '<td><a href="' . page_link_to("admin_groups") . '&action=edit&id=' . $group['UID'] . '">Ändern</a></td>'; + $groups_html .= '</tr>'; + } + + return template_render('../templates/admin_groups.html', array ( + 'nick' => $user['Nick'], + 'groups' => $groups_html + )); + } else { + switch ($_REQUEST["action"]) { + case 'edit' : + if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Groups ID."); + + $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + if (count($room) > 0) { + list ($room) = $room; + $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`"); + $privileges_html = ""; + foreach ($privileges as $priv) + $privileges_html .= '<tr><td><input type="checkbox" name="privileges[]" value="' . $priv['id'] . '"' . ($priv['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $priv['name'] . '</td><td>' . $priv['desc'] . '</td></tr>'; + + $html .= template_render('../templates/admin_groups_edit_form.html', array ( + 'link' => page_link_to("admin_groups"), + 'id' => $id, + 'privileges' => $privileges_html + )); + } else + return error("No Group found."); + break; + + case 'save' : + if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Groups ID."); + + $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + if (!is_array($_REQUEST['privileges'])) + $_REQUEST['privileges'] = array (); + if (count($room) > 0) { + list ($room) = $room; + sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id)); + foreach ($_REQUEST['privileges'] as $priv) + if (preg_match("/^[0-9]{1,}$/", $priv) && sql_num_query("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv)) > 0) + sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv)); + header("Location: " . page_link_to("admin_groups")); + } else + return error("No Group found."); + break; + } + } + return $html; +} +?> diff --git a/includes/sys_menu.php b/includes/sys_menu.php index 822d558f..739cb9d1 100644 --- a/includes/sys_menu.php +++ b/includes/sys_menu.php @@ -29,7 +29,8 @@ function make_navigation() { // Admin Navigation $menu .= make_navigation_for(Get_Text('admin/'), array ( "admin_angel_types", - "admin_rooms" + "admin_rooms", + "admin_groups" )); return $menu; } diff --git a/templates/admin_groups.html b/templates/admin_groups.html new file mode 100644 index 00000000..c5b4ac57 --- /dev/null +++ b/templates/admin_groups.html @@ -0,0 +1,21 @@ +Hallo %nick%, +<br/> +hier hast du die Möglichkeit Gruppenrechte zu ändern: +<table> + <thead> + <tr> + <th> + Name + </th> + <th> + Rechte + </th> + <th> + + </th> + </tr> + </thead> + <tbody> + %groups% + </tbody> +</table> diff --git a/templates/admin_groups_edit_form.html b/templates/admin_groups_edit_form.html new file mode 100644 index 00000000..5729df64 --- /dev/null +++ b/templates/admin_groups_edit_form.html @@ -0,0 +1,21 @@ +<form action="%link%&action=save" method="post"> + <table> + <thead> + <tr> + <th> + + </th> + <th> + Name + </th> + <th> + Description + </th> + </tr> + </thead> + <tbody> + %privileges% + </tbody> + </table> + <input type="hidden" name="id" value="%id%" /><input type="submit" name="submit" value="Save" /> +</form>
\ No newline at end of file @@ -4,6 +4,8 @@ * user_messages schön machen * Formulare weg von Tabellen * user_news lässt sich nicht bedienen (POST ohne redirects...) + * Privilegien korrigieren (an die vom CVS anpassen) + * Beim Raum-Management die benötigten Engel anzeigen * schichten ueber monatsgrenzen einbaue im moment werden die tage nur diff --git a/www-ssl/admin/group.php b/www-ssl/admin/group.php deleted file mode 100644 index b8a52ec2..00000000 --- a/www-ssl/admin/group.php +++ /dev/null @@ -1,49 +0,0 @@ -<?php -require_once ('../bootstrap.php'); - -$title = "User-Liste"; -$header = "Editieren der Engelliste"; -include ("includes/header.php"); -include ("includes/funktion_db_list.php"); - -if (!IsSet ($_GET["enterGID"])) { - // Userliste, keine UID uebergeben... - - $SQL = "SELECT * FROM `UserGroups` ORDER BY `Name` ASC"; - $Erg = mysql_query($SQL, $con); - echo mysql_error($con); - - // anzahl zeilen - $Zeilen = mysql_num_rows($Erg); - - echo "<table class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n"; - echo "<tr class=\"contenttopic\">\n"; - echo "\t<td>Groupname</td>\n"; - echo "\t<td>Link</td>\n"; - echo "</tr>\n"; - - for ($n = 0; $n < $Zeilen; $n++) { - echo "<tr class=\"content\">\n"; - echo "\t<td>" . mysql_result($Erg, $n, "Name") . "</td>\n"; - - echo "<td><a href=\"./userChangeSecure.php?enterUID=" . - mysql_result($Erg, $n, "UID") . "&Type=Secure\">change</a></td>\n"; - echo "</tr>\n"; - } - - // new form - echo "<tr class=\"content\">\n"; - echo "\t<form action=\"userSaveSecure.php?new=newGroup\" method=\"POST\">\n"; - echo "\t\t<td><input name=\"GroupName\" type=\"text\" value=\"--new group--\"></td>\n"; - echo "\t\t<td><input type=\"submit\" name=\"Send\" value=\"Save\"></td>\n"; - echo "\t</form>\n"; - echo "</tr>\n"; - - echo "\t</table>\n"; - // Ende Userliste -} - -include ("includes/footer.php"); -?> - - diff --git a/www-ssl/index.php b/www-ssl/index.php index 48aea75c..6bfbcc32 100644 --- a/www-ssl/index.php +++ b/www-ssl/index.php @@ -61,6 +61,10 @@ if (in_array($p, $privileges)) { elseif ($p == "admin_rooms") { require_once ('includes/pages/admin_rooms.php'); $content = admin_rooms(); + } + elseif ($p == "admin_groups") { + require_once ('includes/pages/admin_groups.php'); + $content = admin_groups(); } else { require_once ('includes/pages/guest_start.php'); $content = guest_start(); diff --git a/www-ssl/nonpublic/messages.php b/www-ssl/nonpublic/messages.php deleted file mode 100644 index 4868136d..00000000 --- a/www-ssl/nonpublic/messages.php +++ /dev/null @@ -1,124 +0,0 @@ -<?php -require_once ('../bootstrap.php'); - -$title = "Himmel"; -$header = ""; - -include "includes/header.php"; - -if (!isset ($_GET["action"])) - $_GET["action"] = "start"; - -switch ($_GET["action"]) { - case "start" : - echo Get_Text("Hello") . $_SESSION['Nick'] . ", <br />\n"; - echo Get_Text("pub_messages_text1") . "<br /><br />\n"; - - //show exist Messages - $SQL = "SELECT * FROM `Messages` WHERE `SUID`='" . $_SESSION["UID"] . "' OR `RUID`='" . $_SESSION["UID"] . "'"; - $erg = mysql_query($SQL, $con); - - echo "<table border=\"0\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n"; - echo "<tr>\n"; - echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Datum") . "</b></td>\n"; - echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Von") . "</b></td>\n"; - echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_An") . "</b></td>\n"; - echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Text") . "</b></td>\n"; - echo "<td class=\"contenttopic\"></td>\n"; - echo "</tr>\n"; - - for ($i = 0; $i < mysql_num_rows($erg); $i++) { - echo "<tr class=\"content\">\n"; - echo "<td>" . mysql_result($erg, $i, "Datum") . "</td>\n"; - echo "<td>" . UID2Nick(mysql_result($erg, $i, "SUID")) . "</td>\n"; - echo "<td>" . UID2Nick(mysql_result($erg, $i, "RUID")) . "</td>\n"; - echo "<td>" . mysql_result($erg, $i, "Text") . "</td>\n"; - echo "<td>"; - - if (mysql_result($erg, $i, "RUID") == $_SESSION["UID"]) { - echo "<a href=\"?action=DelMsg&Datum=" . mysql_result($erg, $i, "Datum") . "\">" . Get_Text("pub_messages_DelMsg") . "</a>"; - - if (mysql_result($erg, $i, "isRead") == "N") - echo "<a href=\"?action=MarkRead&Datum=" . mysql_result($erg, $i, "Datum") . "\">" . Get_Text("pub_messages_MarkRead") . "</a>"; - } else { - if (mysql_result($erg, $i, "isRead") == "N") - echo Get_Text("pub_messages_NotRead"); - } - - echo "</td>\n"; - echo "</tr>\n"; - } - - // send Messeges - echo "<form action=\"" . $_SERVER['SCRIPT_NAME'] . "?action=SendMsg\" method=\"POST\">"; - echo "<tr class=\"content\">\n"; - echo "<td></td>\n"; - echo "<td></td>\n"; - - // Listet alle Nicks auf - echo "<td><select name=\"RUID\">\n"; - - $usql = "SELECT * FROM `User` WHERE (`UID`!='" . $_SESSION["UID"] . "') ORDER BY `Nick`"; - $uErg = mysql_query($usql, $con); - $urowcount = mysql_num_rows($uErg); - - for ($k = 0; $k < $urowcount; $k++) { - echo "<option value=\"" . mysql_result($uErg, $k, "UID") . "\">" . mysql_result($uErg, $k, "Nick") . "</option>\n"; - } - - echo "</select></td>\n"; - echo "<td><textarea name=\"Text\" cols=\"30\" rows=\"10\"></textarea></td>\n"; - echo "<td><input type=\"submit\" value=\"" . Get_Text("save") . "\"></td>\n"; - echo "</tr>\n"; - echo "</form>"; - - echo "</table>\n"; - break; - - case "SendMsg" : - echo Get_Text("pub_messages_Send1") . "...<br />\n"; - - $SQL = "INSERT INTO `Messages` ( `Datum` , `SUID` , `RUID` , `Text` ) VALUES (" . - "'" . gmdate("Y-m-j H:i:s", time()) . "', " . - "'" . $_SESSION["UID"] . "', " . - "'" . $_POST["RUID"] . "', " . - "'" . $_POST["Text"] . "');"; - - $Erg = mysql_query($SQL, $con); - - if ($Erg == 1) - echo Get_Text("pub_messages_Send_OK") . "\n"; - else - echo Get_Text("pub_messages_Send_Error") . "...\n(" . mysql_error($con) . ")"; - break; - - case "MarkRead" : - $SQL = "UPDATE `Messages` SET `isRead` = 'Y' " . - "WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID`='" . $_SESSION["UID"] . "' " . - "LIMIT 1 ;"; - $Erg = mysql_query($SQL, $con); - - if ($Erg == 1) - echo Get_Text("pub_messages_MarkRead_OK") . "\n"; - else - echo Get_Text("pub_messages_MarkRead_KO") . "...\n(" . mysql_error($con) . ")"; - break; - - case "DelMsg" : - $SQL = "DELETE FROM `Messages` " . - "WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID` ='" . $_SESSION["UID"] . "' " . - "LIMIT 1;"; - $Erg = mysql_query($SQL, $con); - - if ($Erg == 1) - echo Get_Text("pub_messages_DelMsg_OK") . "\n"; - else - echo Get_Text("pub_messages_DelMsg_KO") . "...\n(" . mysql_error($con) . ")"; - break; - - default : - echo Get_Text("pub_messages_NoCommand"); -} - -include "includes/footer.php"; -?> |