summaryrefslogtreecommitdiff
path: root/www-ssl/nonpublic/schichtplan_add.php
diff options
context:
space:
mode:
Diffstat (limited to 'www-ssl/nonpublic/schichtplan_add.php')
-rwxr-xr-xwww-ssl/nonpublic/schichtplan_add.php78
1 files changed, 53 insertions, 25 deletions
diff --git a/www-ssl/nonpublic/schichtplan_add.php b/www-ssl/nonpublic/schichtplan_add.php
index 6e226e35..d5ae50f7 100755
--- a/www-ssl/nonpublic/schichtplan_add.php
+++ b/www-ssl/nonpublic/schichtplan_add.php
@@ -15,6 +15,12 @@ if (isset($_POST["newtext"]) && isset($_POST["SID"]) && isset($_POST["TID"])) {
$beginSchicht = mysql_result($ShiftErg, 0, "DateS");
$endSchicht = mysql_result($ShiftErg, 0, "DateE");
+ //wenn keien rechte definiert sind
+ if( !isset($_SESSION['CVS'][ $TID2Name[$_POST["TID"]] ]))
+ $_SESSION['CVS'][ $TID2Name[$_POST["TID"]] ] = "Y";
+
+ if( $_SESSION['CVS'][ $TID2Name[$_POST["TID"]] ] == "Y")
+ {
// Ueberpruefung, ob der Engel bereits für eine Schicht zu dieser Zeit eingetragen ist
$SSQL="SELECT * FROM `Shifts`".
" INNER JOIN `ShiftEntry` ON `ShiftEntry`.`SID` = `Shifts`.`SID`".
@@ -57,40 +63,62 @@ if (isset($_POST["newtext"]) && isset($_POST["SID"]) && isset($_POST["TID"])) {
}//TO Many USERS
}//Allready in Shift
+ }
+ else
+ {
+ echo "<h1>:-(</h1>";
+ array_push($error_messages, "Hack atteck\n");
+ }
}
-elseif (isset($_GET["SID"]) && isset($_GET["TID"])) {
- echo Get_Text("pub_schichtplan_add_Text1"). "<br><br>\n\n".
- "<form action=\"./schichtplan_add.php\" method=\"post\">\n".
- "<table border=\"0\">\n";
+elseif (isset($_GET["SID"]) && isset($_GET["TID"]))
+{
+ //wenn keien rechte definiert sind
+ if( !isset($_SESSION['CVS'][ $TID2Name[$_GET["TID"]] ]))
+ $_SESSION['CVS'][ $TID2Name[$_GET["TID"]] ] = "Y";
+
+
- $SQL = "SELECT * FROM `Shifts` WHERE ";
- $SQL .="(`SID` = '". $_GET["SID"]. "')";
- $Erg = mysql_query($SQL, $con);
+ if( $_SESSION['CVS'][ $TID2Name[$_GET["TID"]] ] == "Y")
+ {
+
+ echo Get_Text("pub_schichtplan_add_Text1"). "<br><br>\n\n".
+ "<form action=\"./schichtplan_add.php\" method=\"post\">\n".
+ "<table border=\"0\">\n";
+
+ $SQL = "SELECT * FROM `Shifts` WHERE ";
+ $SQL .="(`SID` = '". $_GET["SID"]. "')";
+ $Erg = mysql_query($SQL, $con);
- echo "<tr><td>". Get_Text("pub_schichtplan_add_Date"). ":</td> <td>".
- mysql_result($Erg, 0, "DateS"). "</td></tr>\n";
+ echo "<tr><td>". Get_Text("pub_schichtplan_add_Date"). ":</td> <td>".
+ mysql_result($Erg, 0, "DateS"). "</td></tr>\n";
- echo "<tr><td>". Get_Text("pub_schichtplan_add_Place"). ":</td> <td>".
- $RoomID[ mysql_result($Erg, 0, "RID") ]. "</td></tr>\n";
+ echo "<tr><td>". Get_Text("pub_schichtplan_add_Place"). ":</td> <td>".
+ $RoomID[ mysql_result($Erg, 0, "RID") ]. "</td></tr>\n";
- echo "<tr><td>". Get_Text("pub_schichtplan_add_Job"). ":</td> <td>".
- $EngelTypeID[$_GET["TID"]]. "</td></tr>\n";
+ echo "<tr><td>". Get_Text("pub_schichtplan_add_Job"). ":</td> <td>".
+ $EngelTypeID[$_GET["TID"]]. "</td></tr>\n";
- echo "<tr><td>". Get_Text("pub_schichtplan_add_Len"). ":</td> <td>".
- mysql_result($Erg, 0, "Len"). "h</td></tr>\n";
+ echo "<tr><td>". Get_Text("pub_schichtplan_add_Len"). ":</td> <td>".
+ mysql_result($Erg, 0, "Len"). "h</td></tr>\n";
- echo "<tr><td>". Get_Text("pub_schichtplan_add_TextFor"). ":</td> <td>".
- mysql_result($Erg, 0, "Man"). "</td></tr>\n";
+ echo "<tr><td>". Get_Text("pub_schichtplan_add_TextFor"). ":</td> <td>".
+ mysql_result($Erg, 0, "Man"). "</td></tr>\n";
- echo "<tr><td valign='top'>". Get_Text("pub_schichtplan_add_Comment"). ":</td>\n <td>".
- "<textarea name='newtext' cols='50' rows='10'></textarea> </td></tr>\n";
+ echo "<tr><td valign='top'>". Get_Text("pub_schichtplan_add_Comment"). ":</td>\n <td>".
+ "<textarea name='newtext' cols='50' rows='10'></textarea> </td></tr>\n";
- echo "<tr><td>&nbsp;</td>\n".
- "<td><input type=\"submit\" value=\"". Get_Text("pub_schichtplan_add_submit"). "\"> </td></tr>\n".
- "</table>\n".
- "<input type=\"hidden\" name=\"SID\" value=\"". $_GET["SID"]. "\">\n".
- "<input type=\"hidden\" name=\"TID\" value=\"". $_GET["TID"]. "\">\n".
- "</form>";
+ echo "<tr><td>&nbsp;</td>\n".
+ "<td><input type=\"submit\" value=\"". Get_Text("pub_schichtplan_add_submit"). "\"> </td></tr>\n".
+ "</table>\n".
+ "<input type=\"hidden\" name=\"SID\" value=\"". $_GET["SID"]. "\">\n".
+ "<input type=\"hidden\" name=\"TID\" value=\"". $_GET["TID"]. "\">\n".
+ "</form>";
+ }
+ else
+ {
+ echo "<h1>:-(</h1>";
+ array_push($error_messages, "Hack atteck\n");
+ }
}
generated by cgit v1.2.3-70-g09d2 (git 2.46.2) at 2024-11-06 15:11:36 +0000