10 files changed, 139 insertions, 226 deletions

diff --git a/DB/db_rewrite.sql b/DB/db_rewrite.sql
index d4811235..5041ce9b 100644
--- a/DB/db_rewrite.sql
+++ b/DB/db_rewrite.sql
@@ -3,7 +3,7 @@
 -- http://www.phpmyadmin.net
 --
 -- Host: localhost
--- Erstellungszeit: 02. Juni 2011 um 19:37
+-- Erstellungszeit: 02. Juni 2011 um 20:39
 -- Server Version: 5.1.44
 -- PHP-Version: 5.3.1
 
@@ -80,8 +80,9 @@ INSERT INTO `Counter` (`URL`, `Anz`) VALUES
 ('register', 3),
 ('admin_rooms', 70),
 ('admin_angel_types', 69),
-('user_settings', 111),
-('user_messages', 102);
+('user_settings', 115),
+('user_messages', 102),
+('admin_groups', 86);
 
 -- --------------------------------------------------------
 
@@ -125,22 +126,22 @@ CREATE TABLE IF NOT EXISTS `GroupPrivileges` (
   `privilege_id` int(11) NOT NULL,
   PRIMARY KEY (`id`),
   KEY `group_id` (`group_id`,`privilege_id`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=10 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=28 ;
 
 --
 -- Daten für Tabelle `GroupPrivileges`
 --
 
 INSERT INTO `GroupPrivileges` (`id`, `group_id`, `privilege_id`) VALUES
-(1, -1, 1),
-(2, -1, 2),
+(24, -1, 5),
 (3, -2, 3),
 (4, -2, 4),
-(5, -1, 5),
+(23, -1, 2),
 (6, -4, 6),
 (7, -4, 7),
 (8, -2, 8),
-(9, -2, 9);
+(9, -2, 9),
+(12, -5, 10);
 
 -- --------------------------------------------------------
 
@@ -253,7 +254,7 @@ CREATE TABLE IF NOT EXISTS `Privileges` (
   `desc` varchar(1024) NOT NULL,
   PRIMARY KEY (`id`),
   UNIQUE KEY `name` (`name`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=10 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=11 ;
 
 --
 -- Daten für Tabelle `Privileges`
@@ -268,7 +269,8 @@ INSERT INTO `Privileges` (`id`, `name`, `desc`) VALUES
 (6, 'admin_rooms', 'Räume administrieren'),
 (7, 'admin_angel_types', 'Engel Typen administrieren'),
 (8, 'user_settings', 'User profile settings'),
-(9, 'user_messages', 'Writing and reading messages from user to user');
+(9, 'user_messages', 'Writing and reading messages from user to user'),
+(10, 'admin_groups', 'Manage usergroups and their rights');
 
 -- --------------------------------------------------------
 
@@ -995,7 +997,9 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES
 ('credits', 'DE', 'Credits'),
 ('credits', 'EN', 'Credits'),
 ('pub_messages_Neu', 'DE', 'Neu'),
-('pub_messages_Neu', 'EN', 'New');
+('pub_messages_Neu', 'EN', 'New'),
+('admin_groups', 'DE', 'Gruppenrechte'),
+('admin_groups', 'EN', 'Grouprights');
 
 -- --------------------------------------------------------
 
@@ -1038,7 +1042,7 @@ CREATE TABLE IF NOT EXISTS `User` (
 --
 
 INSERT INTO `User` (`UID`, `Nick`, `Name`, `Vorname`, `Alter`, `Telefon`, `DECT`, `Handy`, `email`, `ICQ`, `jabber`, `Size`, `Passwort`, `Gekommen`, `Aktiv`, `Tshirt`, `color`, `Sprache`, `Avatar`, `Menu`, `lastLogIn`, `CreateDate`, `Art`, `kommentar`, `Hometown`) VALUES
-(1, 'admin', '', '', 0, '', '', '', '', '', '', 'L', '21232f297a57a5a743894a0e4a801fc3', 0, 0, 0, 10, 'DE', 115, 'L', 1307043433, '0000-00-00 00:00:00', '', '', ''),
+(1, 'admin', '', '', 0, '', '', '', '', '', '', 'L', '21232f297a57a5a743894a0e4a801fc3', 0, 0, 0, 10, 'DE', 115, 'L', 1307046926, '0000-00-00 00:00:00', '', '', ''),
 (147, 'msquare', '', '', 23, '', '', '', 'msquare@notrademark.de', '', '', 'L', 'e10adc3949ba59abbe56e057f20f883e', 0, 0, 0, 6, 'EN', 0, 'L', 1307042703, '2011-06-02 00:55:09', '', '', '');
 
 -- --------------------------------------------------------
diff --git a/includes/funktion_menu.php b/includes/funktion_menu.php
deleted file mode 100644
index 0a324758..00000000
--- a/includes/funktion_menu.php
+++ /dev/null
@@ -1,40 +0,0 @@
-<?php
-// Menue generieren
-function ShowMenu($MenuName) {
-	global $MenueTableStart, $MenueTableEnd, $_SESSION, $debug, $url, $ENGEL_ROOT;
-	$Gefunden = false;
-
-	// Ueberschift
-	$Text = "";
-
-	// Eintraege
-	foreach ($_SESSION['CVS'] as $Key => $Entry)
-		if (strpos($Key, ".php") > 0)
-			if ((strpos("00$Key", "0$MenuName") > 0) || ((strlen($MenuName) == 0) && (strpos("0$Key", "/") == 0))) {
-				$TempName = Get_Text($Key, true);
-
-				if ((true || $debug) && ($TempName == ""))
-					$TempName = "not found: \"$Key\"";
-
-				if ($Entry == "Y") {
-					//zum absichtlkichen ausblenden von einträgen
-					if (strlen($TempName) > 1) {
-						//sonderfälle:
-
-						if ($Key == "admin/faq.php")
-							$TempName .= " (" . noAnswer() . ")";
-						elseif ($Key == "credits.php") continue;
-						//ausgabe
-						$Text .= "<li><a href=\"" . $url . $ENGEL_ROOT . $Key . "\">$TempName</a></li>\n";
-						$Gefunden = true;
-					}
-				}
-				elseif ($debug) {
-					$Gefunden = true;
-					$Text .= "<li>$TempName ($Key)</li>\n";
-				}
-			}
-	if ($Gefunden)
-		echo '<nav class="container"><h4>' . Get_Text("$MenuName/") . '</h4><ul class="content">' . $Text . '</ul></nav>';
-} //function ShowMenue
-?>
diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php
new file mode 100644
index 00000000..5d9d8180
--- /dev/null
+++ b/includes/pages/admin_groups.php
@@ -0,0 +1,73 @@
+<?php
+function admin_groups() {
+	global $user;
+
+	$html = "";
+	$groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`");
+	if (!isset ($_REQUEST["action"])) {
+		$groups_html = "";
+		foreach ($groups as $group) {
+			$groups_html .= '<tr>';
+			$groups_html .= '<td>' . $group['Name'] . '</td>';
+			$privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID']));
+			$privileges_html = array ();
+			foreach ($privileges as $priv)
+				$privileges_html[] = $priv['name'];
+			$groups_html .= '<td>' . join(", ", $privileges_html) . '</td>';
+			$groups_html .= '<td><a href="' . page_link_to("admin_groups") . '&action=edit&id=' . $group['UID'] . '">Ändern</a></td>';
+			$groups_html .= '</tr>';
+		}
+
+		return template_render('../templates/admin_groups.html', array (
+			'nick' => $user['Nick'],
+			'groups' => $groups_html
+		));
+	} else {
+		switch ($_REQUEST["action"]) {
+			case 'edit' :
+				if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
+					$id = $_REQUEST['id'];
+				else
+					return error("Incomplete call, missing Groups ID.");
+
+				$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+				if (count($room) > 0) {
+					list ($room) = $room;
+					$privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`");
+					$privileges_html = "";
+					foreach ($privileges as $priv)
+						$privileges_html .= '<tr><td><input type="checkbox" name="privileges[]" value="' . $priv['id'] . '"' . ($priv['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $priv['name'] . '</td><td>' . $priv['desc'] . '</td></tr>';
+
+					$html .= template_render('../templates/admin_groups_edit_form.html', array (
+						'link' => page_link_to("admin_groups"),
+						'id' => $id,
+						'privileges' => $privileges_html
+					));
+				} else
+					return error("No Group found.");
+				break;
+
+			case 'save' :
+				if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
+					$id = $_REQUEST['id'];
+				else
+					return error("Incomplete call, missing Groups ID.");
+
+				$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+				if (!is_array($_REQUEST['privileges']))
+					$_REQUEST['privileges'] = array ();
+				if (count($room) > 0) {
+					list ($room) = $room;
+					sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id));
+					foreach ($_REQUEST['privileges'] as $priv)
+						if (preg_match("/^[0-9]{1,}$/", $priv) && sql_num_query("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv)) > 0)
+							sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv));
+					header("Location: " . page_link_to("admin_groups"));
+				} else
+					return error("No Group found.");
+				break;
+		}
+	}
+	return $html;
+}
+?>
diff --git a/includes/sys_menu.php b/includes/sys_menu.php
index 822d558f..739cb9d1 100644
--- a/includes/sys_menu.php
+++ b/includes/sys_menu.php
@@ -29,7 +29,8 @@ function make_navigation() {
 	// Admin Navigation
 	$menu .= make_navigation_for(Get_Text('admin/'), array (
 		"admin_angel_types",
-		"admin_rooms"
+		"admin_rooms",
+		"admin_groups"
 	));
 	return $menu;
 }
diff --git a/templates/admin_groups.html b/templates/admin_groups.html
new file mode 100644
index 00000000..c5b4ac57
--- /dev/null
+++ b/templates/admin_groups.html
@@ -0,0 +1,21 @@
+Hallo %nick%,
+<br/>
+hier hast du die Möglichkeit Gruppenrechte zu ändern:
+<table>
+    <thead>
+        <tr>
+            <th>
+                Name
+            </th>
+            <th>
+                Rechte
+            </th>
+            <th>
+                &nbsp;
+            </th>
+        </tr>
+    </thead>
+    <tbody>
+        %groups%
+    </tbody>
+</table>
diff --git a/templates/admin_groups_edit_form.html b/templates/admin_groups_edit_form.html
new file mode 100644
index 00000000..5729df64
--- /dev/null
+++ b/templates/admin_groups_edit_form.html
@@ -0,0 +1,21 @@
+<form action="%link%&action=save" method="post">
+    <table>
+        <thead>
+            <tr>
+                <th>
+                    &nbsp;
+                </th>
+                <th>
+                    Name
+                </th>
+                <th>
+                    Description
+                </th>
+            </tr>
+        </thead>
+        <tbody>
+            %privileges%
+        </tbody>
+    </table>
+    <input type="hidden" name="id" value="%id%" /><input type="submit" name="submit" value="Save" />
+</form>
\ No newline at end of file
diff --git a/txt/TODO b/txt/TODO
index fbaf4377..1ebf5e52 100644
--- a/txt/TODO
+++ b/txt/TODO
@@ -4,6 +4,8 @@
  * user_messages schön machen
  * Formulare weg von Tabellen
  * user_news lässt sich nicht bedienen (POST ohne redirects...)
+ * Privilegien korrigieren (an die vom CVS anpassen)
+ * Beim Raum-Management die benötigten Engel anzeigen
 
 
 * schichten ueber monatsgrenzen einbaue im moment werden die tage nur 
diff --git a/www-ssl/admin/group.php b/www-ssl/admin/group.php
deleted file mode 100644
index b8a52ec2..00000000
--- a/www-ssl/admin/group.php
+++ /dev/null
@@ -1,49 +0,0 @@
-<?php
-require_once ('../bootstrap.php');
-
-$title = "User-Liste";
-$header = "Editieren der Engelliste";
-include ("includes/header.php");
-include ("includes/funktion_db_list.php");
-
-if (!IsSet ($_GET["enterGID"])) {
-	// Userliste, keine UID uebergeben...
-
-	$SQL = "SELECT * FROM `UserGroups` ORDER BY `Name` ASC";
-	$Erg = mysql_query($SQL, $con);
-	echo mysql_error($con);
-
-	// anzahl zeilen
-	$Zeilen = mysql_num_rows($Erg);
-
-	echo "<table class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n";
-	echo "<tr class=\"contenttopic\">\n";
-	echo "\t<td>Groupname</td>\n";
-	echo "\t<td>Link</td>\n";
-	echo "</tr>\n";
-
-	for ($n = 0; $n < $Zeilen; $n++) {
-		echo "<tr class=\"content\">\n";
-		echo "\t<td>" . mysql_result($Erg, $n, "Name") . "</td>\n";
-
-		echo "<td><a href=\"./userChangeSecure.php?enterUID=" .
-		mysql_result($Erg, $n, "UID") . "&Type=Secure\">change</a></td>\n";
-		echo "</tr>\n";
-	}
-
-	// new form
-	echo "<tr class=\"content\">\n";
-	echo "\t<form action=\"userSaveSecure.php?new=newGroup\"  method=\"POST\">\n";
-	echo "\t\t<td><input name=\"GroupName\" type=\"text\" value=\"--new group--\"></td>\n";
-	echo "\t\t<td><input type=\"submit\" name=\"Send\" value=\"Save\"></td>\n";
-	echo "\t</form>\n";
-	echo "</tr>\n";
-
-	echo "\t</table>\n";
-	// Ende Userliste
-}
-
-include ("includes/footer.php");
-?>
-
-
diff --git a/www-ssl/index.php b/www-ssl/index.php
index 48aea75c..6bfbcc32 100644
--- a/www-ssl/index.php
+++ b/www-ssl/index.php
@@ -61,6 +61,10 @@ if (in_array($p, $privileges)) {
 	elseif ($p == "admin_rooms") {
 		require_once ('includes/pages/admin_rooms.php');
 		$content = admin_rooms();
+	}
+	elseif ($p == "admin_groups") {
+		require_once ('includes/pages/admin_groups.php');
+		$content = admin_groups();
 	} else {
 		require_once ('includes/pages/guest_start.php');
 		$content = guest_start();
diff --git a/www-ssl/nonpublic/messages.php b/www-ssl/nonpublic/messages.php
deleted file mode 100644
index 4868136d..00000000
--- a/www-ssl/nonpublic/messages.php
+++ /dev/null
@@ -1,124 +0,0 @@
-<?php
-require_once ('../bootstrap.php');
-
-$title = "Himmel";
-$header = "";
-
-include "includes/header.php";
-
-if (!isset ($_GET["action"]))
-	$_GET["action"] = "start";
-
-switch ($_GET["action"]) {
-	case "start" :
-		echo Get_Text("Hello") . $_SESSION['Nick'] . ", <br />\n";
-		echo Get_Text("pub_messages_text1") . "<br /><br />\n";
-
-		//show exist Messages
-		$SQL = "SELECT * FROM `Messages` WHERE `SUID`='" . $_SESSION["UID"] . "' OR `RUID`='" . $_SESSION["UID"] . "'";
-		$erg = mysql_query($SQL, $con);
-
-		echo "<table border=\"0\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n";
-		echo "<tr>\n";
-		echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Datum") . "</b></td>\n";
-		echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Von") . "</b></td>\n";
-		echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_An") . "</b></td>\n";
-		echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Text") . "</b></td>\n";
-		echo "<td class=\"contenttopic\"></td>\n";
-		echo "</tr>\n";
-
-		for ($i = 0; $i < mysql_num_rows($erg); $i++) {
-			echo "<tr class=\"content\">\n";
-			echo "<td>" . mysql_result($erg, $i, "Datum") . "</td>\n";
-			echo "<td>" . UID2Nick(mysql_result($erg, $i, "SUID")) . "</td>\n";
-			echo "<td>" . UID2Nick(mysql_result($erg, $i, "RUID")) . "</td>\n";
-			echo "<td>" . mysql_result($erg, $i, "Text") . "</td>\n";
-			echo "<td>";
-
-			if (mysql_result($erg, $i, "RUID") == $_SESSION["UID"]) {
-				echo "<a href=\"?action=DelMsg&Datum=" . mysql_result($erg, $i, "Datum") . "\">" . Get_Text("pub_messages_DelMsg") . "</a>";
-
-				if (mysql_result($erg, $i, "isRead") == "N")
-					echo "<a href=\"?action=MarkRead&Datum=" . mysql_result($erg, $i, "Datum") . "\">" . Get_Text("pub_messages_MarkRead") . "</a>";
-			} else {
-				if (mysql_result($erg, $i, "isRead") == "N")
-					echo Get_Text("pub_messages_NotRead");
-			}
-
-			echo "</td>\n";
-			echo "</tr>\n";
-		}
-
-		// send Messeges
-		echo "<form action=\"" . $_SERVER['SCRIPT_NAME'] . "?action=SendMsg\" method=\"POST\">";
-		echo "<tr class=\"content\">\n";
-		echo "<td></td>\n";
-		echo "<td></td>\n";
-
-		// Listet alle Nicks auf
-		echo "<td><select name=\"RUID\">\n";
-
-		$usql = "SELECT * FROM `User` WHERE (`UID`!='" . $_SESSION["UID"] . "') ORDER BY `Nick`";
-		$uErg = mysql_query($usql, $con);
-		$urowcount = mysql_num_rows($uErg);
-
-		for ($k = 0; $k < $urowcount; $k++) {
-			echo "<option value=\"" . mysql_result($uErg, $k, "UID") . "\">" . mysql_result($uErg, $k, "Nick") . "</option>\n";
-		}
-
-		echo "</select></td>\n";
-		echo "<td><textarea name=\"Text\"  cols=\"30\" rows=\"10\"></textarea></td>\n";
-		echo "<td><input type=\"submit\" value=\"" . Get_Text("save") . "\"></td>\n";
-		echo "</tr>\n";
-		echo "</form>";
-
-		echo "</table>\n";
-		break;
-
-	case "SendMsg" :
-		echo Get_Text("pub_messages_Send1") . "...<br />\n";
-
-		$SQL = "INSERT INTO `Messages` ( `Datum` , `SUID` , `RUID` , `Text` ) VALUES (" .
-		"'" . gmdate("Y-m-j H:i:s", time()) . "', " .
-		"'" . $_SESSION["UID"] . "', " .
-		"'" . $_POST["RUID"] . "', " .
-		"'" . $_POST["Text"] . "');";
-
-		$Erg = mysql_query($SQL, $con);
-
-		if ($Erg == 1)
-			echo Get_Text("pub_messages_Send_OK") . "\n";
-		else
-			echo Get_Text("pub_messages_Send_Error") . "...\n(" . mysql_error($con) . ")";
-		break;
-
-	case "MarkRead" :
-		$SQL = "UPDATE `Messages` SET `isRead` = 'Y' " .
-		"WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID`='" . $_SESSION["UID"] . "' " .
-		"LIMIT 1 ;";
-		$Erg = mysql_query($SQL, $con);
-
-		if ($Erg == 1)
-			echo Get_Text("pub_messages_MarkRead_OK") . "\n";
-		else
-			echo Get_Text("pub_messages_MarkRead_KO") . "...\n(" . mysql_error($con) . ")";
-		break;
-
-	case "DelMsg" :
-		$SQL = "DELETE FROM `Messages` " .
-		"WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID` ='" . $_SESSION["UID"] . "' " .
-		"LIMIT 1;";
-		$Erg = mysql_query($SQL, $con);
-
-		if ($Erg == 1)
-			echo Get_Text("pub_messages_DelMsg_OK") . "\n";
-		else
-			echo Get_Text("pub_messages_DelMsg_KO") . "...\n(" . mysql_error($con) . ")";
-		break;
-
-	default :
-		echo Get_Text("pub_messages_NoCommand");
-}
-
-include "includes/footer.php";
-?>