summaryrefslogtreecommitdiff
path: root/www-ssl/admin
diff options
context:
space:
mode:
Diffstat (limited to 'www-ssl/admin')
-rwxr-xr-xwww-ssl/admin/group.php40
l---------www-ssl/admin/pic1
-rwxr-xr-xwww-ssl/admin/user.php17
-rwxr-xr-xwww-ssl/admin/userChangeNormal.php143
-rwxr-xr-xwww-ssl/admin/userChangeSecure.php99
-rwxr-xr-xwww-ssl/admin/userSaveNormal.php (renamed from www-ssl/admin/user2.php)0
-rwxr-xr-xwww-ssl/admin/userSaveSecure.php162
7 files changed, 446 insertions, 16 deletions
diff --git a/www-ssl/admin/group.php b/www-ssl/admin/group.php
new file mode 100755
index 00000000..6377593d
--- /dev/null
+++ b/www-ssl/admin/group.php
@@ -0,0 +1,40 @@
+<?PHP
+
+$title = "User-Liste";
+$header = "Editieren der Engelliste";
+include ("../../includes/header.php");
+include ("../../includes/funktion_db_list.php");
+
+if (!IsSet($_GET["enterGID"]))
+{
+ // Userliste, keine UID uebergeben...
+
+ $SQL = "SELECT * FROM `UserGroups` ORDER BY `Name` ASC";
+ $Erg = mysql_query($SQL, $con);
+ echo mysql_error($con);
+
+ // anzahl zeilen
+ $Zeilen = mysql_num_rows($Erg);
+
+ echo "<table width=\"100%\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n";
+ echo "<tr class=\"contenttopic\">\n";
+ echo "\t<td>Groupname</td>\n";
+ echo "\t<td>-</td>\n";
+ echo "</tr>\n";
+
+ for ($n = 0 ; $n < $Zeilen ; $n++) {
+ echo "<tr class=\"content\">\n";
+ echo "\t<td>".mysql_result($Erg, $n, "Name")."</td>\n";
+
+ echo "<td><a href=\"./userChangeSecure.php?enterUID=".
+ mysql_result($Erg, $n, "UID")."&Type=Secure\">change</a></td>\n";
+ echo "</tr>\n";
+ }
+ echo "\t</table>\n";
+ // Ende Userliste
+}
+
+include ("../../includes/footer.php");
+?>
+
+
diff --git a/www-ssl/admin/pic b/www-ssl/admin/pic
deleted file mode 120000
index a21de85f..00000000
--- a/www-ssl/admin/pic
+++ /dev/null
@@ -1 +0,0 @@
-../pic \ No newline at end of file
diff --git a/www-ssl/admin/user.php b/www-ssl/admin/user.php
index 5b6077aa..748c09fa 100755
--- a/www-ssl/admin/user.php
+++ b/www-ssl/admin/user.php
@@ -90,24 +90,11 @@ if (!IsSet($_GET["enterUID"]))
echo "\t<td>".mysql_result($Erg, $n, "Aktiv")."</td>\n";
$Tshirt += mysql_result($Erg, $n, "Tshirt");
echo "\t<td>".mysql_result($Erg, $n, "Tshirt")."</td>\n";
- echo "\t<td><a href=\"./user.php?enterUID=".
+ echo "\t<td><a href=\"./userChangeNormal.php?enterUID=".
mysql_result($Erg, $n, "UID")."&Type=Normal\">&Auml;nd.</a></td>\n";
echo "\t<td>";
- //check userCVS=OK
- $SQL2 = "SELECT `UID` FROM `UserCVS` WHERE (`UID`='". mysql_result($Erg, $n, "UID"). "')";
- $Erg2 = mysql_query($SQL2, $con);
- echo mysql_error($con);
- if( mysql_num_rows($Erg2)==0)
- {
- $SQL3 = "INSERT INTO `UserCVS` (`UID`) VALUES ('". mysql_result($Erg, $n, "UID"). "');";
- $Erg3 = db_query($SQL3, "admin/user.php auto CVS create");
- if( $Erg3 )
- echo "was create<br>\n";
- else
- echo mysql_error($con);
- }
- echo "<a href=\"./user.php?enterUID=".
+ echo "<a href=\"./userChangeSecure.php?enterUID=".
mysql_result($Erg, $n, "UID")."&Type=Secure\">Secure</a></td>\n";
echo "</tr>\n";
}
diff --git a/www-ssl/admin/userChangeNormal.php b/www-ssl/admin/userChangeNormal.php
new file mode 100755
index 00000000..7bcca841
--- /dev/null
+++ b/www-ssl/admin/userChangeNormal.php
@@ -0,0 +1,143 @@
+<?PHP
+
+$title = "User-Liste";
+$header = "Editieren der Engelliste";
+include ("../../includes/header.php");
+include ("../../includes/funktion_db_list.php");
+
+if (IsSet($_GET["enterUID"]))
+{
+ // UserID wurde mit uebergeben --> Aendern...
+
+ echo "Hallo,<br>".
+ "hier kannst du den Eintrag &auml;ndern. Unter dem Punkt 'Gekommen' ".
+ "wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, ".
+ "dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. ".
+ "Wenn T-Shirt ein 'Ja' enth&auml;lt, bedeutet dies, dass der Engel ".
+ "bereits sein T-Shirt erhalten hat.<br><br>\n";
+
+ echo "<form action=\"./userSaveNormal.php?action=change\" method=\"POST\">\n";
+ echo "<table border=\"0\">\n";
+ echo "<input type=\"hidden\" name=\"Type\" value=\"Normal\">\n";
+
+ $SQL = "SELECT * FROM `User` WHERE `UID`='". $_GET["enterUID"]. "'";
+ $Erg = mysql_query($SQL, $con);
+
+ if (mysql_num_rows($Erg) != 1)
+ echo "<tr><td>Sorry, der Engel (UID=". $_GET["enterUID"].
+ ") wurde in der Liste nicht gefunden.</td></tr>";
+ else
+ {
+ echo "<tr><td>\n";
+ echo "<table>\n";
+ echo " <tr><td>Nick</td><td>".
+ "<input type=\"text\" size=\"40\" name=\"eNick\" value=\"".
+ mysql_result($Erg, 0, "Nick")."\"></td></tr>\n";
+ echo " <tr><td>lastLogIn</td><td>".
+ "<input type=\"text\" size=\"20\" name=\"elastLogIn\" value=\"".
+ mysql_result($Erg, 0, "lastLogIn"). "\" disabled></td></tr>\n";
+ echo " <tr><td>Name</td><td>".
+ "<input type=\"text\" size=\"40\" name=\"eName\" value=\"".
+ mysql_result($Erg, 0, "Name")."\"></td></tr>\n";
+ echo " <tr><td>Vorname</td><td>".
+ "<input type=\"text\" size=\"40\" name=\"eVorname\" value=\"".
+ mysql_result($Erg, 0, "Vorname")."\"></td></tr>\n";
+ echo " <tr><td>Alter</td><td>".
+ "<input type=\"text\" size=\"5\" name=\"eAlter\" value=\"".
+ mysql_result($Erg, 0, "Alter")."\"></td></tr>\n";
+ echo " <tr><td>Telefon</td><td>".
+ "<input type=\"text\" size=\"40\" name=\"eTelefon\" value=\"".
+ mysql_result($Erg, 0, "Telefon")."\"></td></tr>\n";
+ echo " <tr><td>Handy</td><td>".
+ "<input type=\"text\" size=\"40\" name=\"eHandy\" value=\"".
+ mysql_result($Erg, 0, "Handy")."\"></td></tr>\n";
+ echo " <tr><td>DECT</td><td>".
+ "<input type=\"text\" size=\"4\" name=\"eDECT\" value=\"".
+ mysql_result($Erg, 0, "DECT")."\"></td></tr>\n";
+ echo " <tr><td>email</td><td>".
+ "<input type=\"text\" size=\"40\" name=\"eemail\" value=\"".
+ mysql_result($Erg, 0, "email")."\"></td></tr>\n";
+ echo " <tr><td>ICQ</td><td>".
+ "<input type=\"text\" size=\"40\" name=\"eICQ\" value=\"".
+ mysql_result($Erg, 0, "ICQ")."\"></td></tr>\n";
+ echo " <tr><td>jabber</td><td>".
+ "<input type=\"text\" size=\"40\" name=\"ejabber\" value=\"".
+ mysql_result($Erg, 0, "jabber")."\"></td></tr>\n";
+ echo " <tr><td>Size</td><td>".
+ "<input type=\"text\" size=\"5\" name=\"eSize\" value=\"".
+ mysql_result($Erg, 0, "Size")."\"></td></tr>\n";
+ echo " <tr><td>Passwort</td><td>".
+ "<a href=\"./user2.php?action=newpw&eUID="
+ .mysql_result($Erg, 0, "UID")."\">neues Kennwort setzen</a></td></tr>\n";
+
+ // Gekommen?
+ echo " <tr><td>Gekommen</td><td>\n";
+ echo " <input type=\"radio\" name=\"eGekommen\" value=\"0\"";
+ if (mysql_result($Erg, 0, "Gekommen")=='0')
+ echo " checked";
+ echo ">No \n";
+ echo " <input type=\"radio\" name=\"eGekommen\" value=\"1\"";
+ if (mysql_result($Erg, 0, "Gekommen")=='1')
+ echo " checked";
+ echo ">Yes \n";
+ echo "</td></tr>\n";
+
+ // Aktiv?
+ echo " <tr><td>Aktiv</td><td>\n";
+ echo " <input type=\"radio\" name=\"eAktiv\" value=\"0\"";
+ if (mysql_result($Erg, 0, "Aktiv")=='0')
+ echo " checked";
+ echo ">No \n";
+ echo " <input type=\"radio\" name=\"eAktiv\" value=\"1\"";
+ if (mysql_result($Erg, 0, "Aktiv")=='1')
+ echo " checked";
+ echo ">Yes \n";
+ echo "</td></tr>\n";
+
+ // T-Shirt bekommen?
+ echo " <tr><td>T-Shirt</td><td>\n";
+ echo " <input type=\"radio\" name=\"eTshirt\" value=\"0\"";
+ if (mysql_result($Erg, 0, "Tshirt")=='0')
+ echo " checked";
+ echo ">No \n";
+ echo " <input type=\"radio\" name=\"eTshirt\" value=\"1\"";
+ if (mysql_result($Erg, 0, "Tshirt")=='1')
+ echo " checked";
+ echo ">Yes \n";
+ echo "</td></tr>\n";
+
+ // Menu links/rechts
+ echo " <tr><td>Menu</td><td>\n";
+ echo " <input type=\"radio\" name=\"eMenu\" value=\"L\"";
+ if (mysql_result($Erg, 0, "Menu")=='L')
+ echo " checked";
+ echo ">L \n";
+ echo " <input type=\"radio\" name=\"eMenu\" value=\"R\"";
+ if (mysql_result($Erg, 0, "Menu")=='R')
+ echo " checked";
+ echo ">R \n";
+ echo "</td></tr>\n";
+
+ echo " <tr><td>Hometown</td><td>".
+ "<input type=\"text\" size=\"40\" name=\"Hometown\" value=\"".
+ mysql_result($Erg, 0, "Hometown")."\"></td></tr>\n";
+
+ echo "</table>\n</td><td valign=\"top\">". displayavatar($_GET["enterUID"], FALSE). "</td></tr>";
+ }
+
+ echo "</td></tr>\n";
+ echo "</table>\n<br>\n";
+ echo "<input type=\"hidden\" name=\"enterUID\" value=\"". $_GET["enterUID"]. "\">\n";
+ echo "<input type=\"submit\" value=\"sichern...\">\n";
+ echo "</form>";
+
+ echo "<form action=\"./userSaveNormal.php?action=delete\" method=\"POST\">\n";
+ echo "<input type=\"hidden\" name=\"enterUID\" value=\"". $_GET["enterUID"]. "\">\n";
+ echo "<input type=\"submit\" value=\"l&ouml;schen...\">\n";
+ echo "</form>";
+}
+
+include ("../../includes/footer.php");
+?>
+
+
diff --git a/www-ssl/admin/userChangeSecure.php b/www-ssl/admin/userChangeSecure.php
new file mode 100755
index 00000000..e7de1b5c
--- /dev/null
+++ b/www-ssl/admin/userChangeSecure.php
@@ -0,0 +1,99 @@
+<?PHP
+
+$title = "User-Liste";
+$header = "Editieren der Engelliste";
+include ("../../includes/header.php");
+include ("../../includes/funktion_db_list.php");
+
+if (IsSet($_GET["enterUID"]))
+{
+ // UserID wurde mit uebergeben --> Aendern...
+
+ echo "Hallo,<br>".
+ "hier kannst du den Eintrag &auml;ndern. Unter dem Punkt 'Gekommen' ".
+ "wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, ".
+ "dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. ".
+ "Wenn T-Shirt ein 'Ja' enth&auml;lt, bedeutet dies, dass der Engel ".
+ "bereits sein T-Shirt erhalten hat.<br><br>\n";
+
+ echo "<form action=\"./userChangeSecure.php?action=change\" method=\"POST\">\n";
+ echo "<table border=\"0\">\n";
+ echo "<input type=\"hidden\" name=\"Type\" value=\"Secure\">\n";
+
+ // CVS-Rechte
+ echo " <tr><td><br><u>Rights of \"". UID2Nick($_GET["enterUID"]). "\":</u></td></tr>\n";
+
+ $SQL_CVS = "SELECT * FROM `UserCVS` WHERE `UID`='". $_GET["enterUID"]. "'";
+ $Erg_CVS = mysql_query($SQL_CVS, $con);
+
+ if( mysql_num_rows($Erg_CVS) != 1)
+ echo "Sorry, der Engel (UID=". $_GET["enterUID"]. ") wurde in der Liste nicht gefunden.";
+ else
+ {
+ $CVS_Data = mysql_fetch_array($Erg_CVS);
+ $CVS_Data_i = 1;
+ foreach ($CVS_Data as $CVS_Data_Name => $CVS_Data_Value)
+ {
+ $CVS_Data_i++;
+ //nur jeder zweiter sonst wird für jeden text noch die position (Zahl) ausgegeben
+ if( $CVS_Data_i%2 && $CVS_Data_Name!="UID")
+ {
+ if($CVS_Data_Name=="GroupID") {
+ if( $_GET["enterUID"] > 0 )
+ {
+ echo "<tr><td><b>Group</b></td>\n".
+ "<td><select name=\"GroupID\">";
+
+ $SQL_Group = "SELECT * FROM `UserGroups`";
+ $Erg_Group = mysql_query($SQL_Group, $con);
+ for ($n = 0 ; $n < mysql_num_rows($Erg_Group) ; $n++)
+ {
+ $UID = mysql_result($Erg_Group, $n, "UID");
+ echo "\t<option value=\"$UID\"";
+ if( $CVS_Data_Value == $UID)
+ echo " selected";
+ echo ">". mysql_result($Erg_Group, $n, "Name"). "</option>\n";
+ }
+ echo "</select></td></tr>";
+ }
+ } else {
+ echo "<tr><td>$CVS_Data_Name</td>\n<td>";
+ echo "<input type=\"radio\" name=\"".($CVS_Data_i-1)."\" value=\"Y\" ";
+ if( $CVS_Data_Value == "Y" )
+ echo " checked";
+ echo ">allow \n";
+ echo "<input type=\"radio\" name=\"".($CVS_Data_i-1)."\" value=\"N\" ";
+ if( $CVS_Data_Value == "N" )
+ echo " checked";
+ echo ">denied \n";
+ if( $_GET["enterUID"] > 0 )
+ {
+ echo "<input type=\"radio\" name=\"".($CVS_Data_i-1)."\" value=\"G\" ";
+ if( $CVS_Data_Value == "G" )
+ echo " checked";
+ echo ">group-setting \n";
+ echo "</td></tr>";
+ }
+ }
+ } //IF
+ } //Foreach
+ echo "</td></tr>\n";
+ } // IF TYPE
+
+ // Ende Formular
+ echo "</td></tr>\n";
+ echo "</table>\n<br>\n";
+ echo "<input type=\"hidden\" name=\"enterUID\" value=\"". $_GET["enterUID"]. "\">\n";
+ echo "<input type=\"submit\" value=\"sichern...\">\n";
+ echo "</form>";
+
+ echo "<form action=\"./userSaveSecure.php?action=delete\" method=\"POST\">\n";
+ echo "<input type=\"hidden\" name=\"enterUID\" value=\"". $_GET["enterUID"]. "\">\n";
+ echo "<input type=\"submit\" value=\"l&ouml;schen...\">\n";
+ echo "</form>";
+}
+
+include ("../../includes/footer.php");
+?>
+
+
diff --git a/www-ssl/admin/user2.php b/www-ssl/admin/userSaveNormal.php
index 229a4cdc..229a4cdc 100755
--- a/www-ssl/admin/user2.php
+++ b/www-ssl/admin/userSaveNormal.php
diff --git a/www-ssl/admin/userSaveSecure.php b/www-ssl/admin/userSaveSecure.php
new file mode 100755
index 00000000..229a4cdc
--- /dev/null
+++ b/www-ssl/admin/userSaveSecure.php
@@ -0,0 +1,162 @@
+<?PHP
+
+$title = "User-Liste";
+$header = "Index";
+include ("../../includes/header.php");
+include ("../../includes/funktion_db_list.php");
+include ("../../includes/crypt.php");
+include ("../../includes/funktion_db.php");
+
+if (IsSet($_GET["action"]))
+{
+
+ SetHeaderGo2Back();
+ echo "Gesendeter Befehl: ". $_GET["action"]. "<br>";
+
+ switch ($_GET["action"])
+ {
+ case "change":
+ if (IsSet($_POST["enterUID"]))
+ {
+ if ($_POST["Type"] == "Normal")
+ {
+ $SQL = "UPDATE `User` SET ";
+ $SQL.= " `Nick` = '". $_POST["eNick"]. "', `Name` = '". $_POST["eName"]. "', ".
+ "`Vorname` = '". $_POST["eVorname"]. "', ".
+ "`Telefon` = '". $_POST["eTelefon"]. "', ".
+ "`Handy` = '". $_POST["eHandy"]. "', ".
+ "`DECT` = '". $_POST["eDECT"]. "', ".
+ "`email` = '". $_POST["eemail"]. "', ".
+ "`ICQ` = '". $_POST["eICQ"]. "', ".
+ "`jabber` = '". $_POST["ejabber"]. "', ".
+ "`Size` = '". $_POST["eSize"]. "', ".
+ "`Gekommen`= '". $_POST["eGekommen"]. "', ".
+ "`Aktiv`= '". $_POST["eAktiv"]. "', ".
+ "`Tshirt` = '". $_POST["eTshirt"]. "', ".
+ "`Hometown` = '". $_POST["Hometown"]. "', ".
+ "`Menu` = '". $_POST["eMenu"]. "' ".
+ "WHERE `UID` = '". $_POST["enterUID"].
+ "' LIMIT 1;";
+ echo "User-";
+ $Erg = db_query($SQL, "change user details");
+ if ($Erg == 1) {
+ echo "&Auml;nderung wurde gesichert...\n";
+ } else {
+ echo "Fehler beim speichern...\n(". mysql_error($con). ")";
+ }
+ }
+ elseif ($_POST["Type"] == "Secure")
+ {
+ $SQL2 = "UPDATE `UserCVS` SET ";
+ $SQL_CVS = "SELECT * FROM `UserCVS` WHERE `UID`='". $_POST["enterUID"]. "'";
+ $Erg_CVS = mysql_query($SQL_CVS, $con);
+ $CVS_Data = mysql_fetch_array($Erg_CVS);
+ $CVS_Data_i = 1;
+ foreach ($CVS_Data as $CVS_Data_Name => $CVS_Data_Value)
+ {
+ if( ($CVS_Data_i+1)%2 && $CVS_Data_Name!="UID") {
+ if( $CVS_Data_Name == "GroupID")
+ {
+ if( $_POST["enterUID"] > 0 )
+ $SQL2.= "`$CVS_Data_Name` = ". $_POST["GroupID"].", ";
+ } else {
+ $SQL2.= "`$CVS_Data_Name` = '". $_POST[$CVS_Data_i]."', ";
+ }
+ }
+ $CVS_Data_i++;
+ }
+ $SQL2 = substr( $SQL2, 0, strlen($SQL2)-2 );
+ $SQL2.= " WHERE `UID`='". $_POST["enterUID"]. "' LIMIT 1;";
+ echo "<br>Secure-";
+ $Erg = db_query($SQL2, "change user CVS");
+ if ($Erg == 1) {
+ echo "&Auml;nderung wurde gesichert...\n";
+ } else {
+ echo "Fehler beim speichern...\n(". mysql_error($con). ")";
+ }
+ }
+ else
+ echo "<h1>Fehler: Unbekanter Type (". $_POST["Type"]. ") übergeben\n</h1>\n";
+ }
+ else
+ echo "<h1>Fehler: UserID (enterUID) wurde nicht per POST übergeben</h1>\n";
+ break;
+
+ case "delete":
+ if (IsSet($_POST["enterUID"]))
+ {
+ echo "delate User...";
+ $SQL="DELETE FROM `User` WHERE `UID`='". $_POST["enterUID"]. "' LIMIT 1;";
+ $Erg = db_query($SQL, "User delete");
+ if ($Erg == 1) {
+ echo "&Auml;nderung wurde gesichert...\n";
+ } else {
+ echo "Fehler beim speichern...\n(". mysql_error($con). ")";
+ }
+
+ echo "<br>\ndelate UserCVS...";
+ $SQL2="DELETE FROM `UserCVS` WHERE `UID`='". $_POST["enterUID"]. "' LIMIT 1;";
+ $Erg = db_query($SQL2, "User CVS delete");
+ if ($Erg == 1) {
+ echo "&Auml;nderung wurde gesichert...\n";
+ } else {
+ echo "Fehler beim speichern...\n(". mysql_error($con). ")";
+ }
+
+ echo "<br>\ndelate UserEntry...";
+ $SQL3="UPDATE `ShiftEntry` SET `UID`='0', `Comment`=NULL ".
+ "WHERE `UID`='". $_POST["enterUID"]. "';";
+ $Erg = db_query($SQL3, "delate UserEntry");
+ if ($Erg == 1) {
+ echo "&Auml;nderung wurde gesichert...\n";
+ } else {
+ echo "Fehler beim speichern...\n(". mysql_error($con). ")";
+ }
+ }
+ break;
+
+
+ case "newpw":
+ echo "Bitte neues Kennwort f&uuml;r <b>";
+ // Get Nick
+ $USQL = "SELECT * FROM `User` WHERE `UID`='". $_GET["eUID"]. "'";
+ $Erg = mysql_query($USQL, $con);
+ echo mysql_result($Erg, 0, "Nick");
+ echo "</b> eingeben:<br>";
+ echo "<form action=\"./user2.php?action=newpwsave\" method=\"POST\">\n";
+ echo "<input type=\"Password\" name=\"ePasswort\">";
+ echo "<input type=\"Password\" name=\"ePasswort2\">";
+ echo "<input type=\"hidden\" name=\"eUID\" value=\"". $_GET["eUID"]. "\">";
+ echo "<input type=\"submit\" value=\"sichern...\">\n";
+ echo "</form>";
+ break;
+
+ case "newpwsave":
+ if ($_POST["ePasswort"] == $_POST["ePasswort2"])
+ { // beide Passwoerter passen...
+ $_POST["ePasswort"] = PassCrypt($_POST["ePasswort"]);
+ $SQL = "UPDATE `User` SET `Passwort`='". $_POST["ePasswort"]. "' ".
+ "WHERE `UID`='". $_POST["eUID"]. "'";
+ $Erg = db_query($SQL, "User new passwort");
+ if ($Erg == 1) {
+ echo "&Auml;nderung wurde gesichert...\n";
+ } else {
+ echo "Fehler beim speichern...\n(". mysql_error($con). ")";
+ }
+ }
+ else
+ echo "Das Passwort wurde nicht &uuml;bereinstimmend eingegeben!";
+ break;
+ } // end switch
+
+// ende - Action ist gesetzt
+}
+else
+{
+ // kein Action gesetzt -> abbruch
+ echo "Unzul&auml;ssiger Aufruf.<br>Bitte neu editieren...";
+}
+
+include ("../../includes/footer.php");
+?>
+