From c6c14dc740ac2aa6ff0452b4585a5e8c9d9fe043 Mon Sep 17 00:00:00 2001 From: Angelo Cuccato Date: Tue, 26 Jan 2010 22:38:19 +0100 Subject: add more security groups and create groups --- DB/UserCVS.sql | 4 ++- www-ssl/admin/group.php | 13 +++++++-- www-ssl/admin/user.php | 2 -- www-ssl/admin/userChangeSecure.php | 2 +- www-ssl/admin/userSaveNormal.php | 1 - www-ssl/admin/userSaveSecure.php | 56 +++++++++++++++++++++++++++++++++----- 6 files changed, 64 insertions(+), 14 deletions(-) diff --git a/DB/UserCVS.sql b/DB/UserCVS.sql index 487bd965..11377aff 100644 --- a/DB/UserCVS.sql +++ b/DB/UserCVS.sql @@ -18,7 +18,7 @@ DROP TABLE IF EXISTS `UserCVS`; CREATE TABLE `UserCVS` ( `UID` int(11) NOT NULL default '0', - `GroupID` int(11) default NULL, + `GroupID` int(11) default '-2', `index.php` char(1) NOT NULL default 'G', `logout.php` char(1) NOT NULL default 'G', `faq.php` char(1) NOT NULL default 'G', @@ -47,7 +47,9 @@ CREATE TABLE `UserCVS` ( `admin/schichtplan_druck.php` char(1) NOT NULL default 'G', `admin/user.php` char(1) NOT NULL default 'G', `admin/userChangeNormal.php` char(1) NOT NULL default 'G', + `admin/userSaveNormal.php` char(1) NOT NULL default 'G', `admin/userChangeSecure.php` char(1) NOT NULL default 'G', + `admin/userSaveSecure.php` char(1) NOT NULL default 'G', `admin/userSaveNormal.php` char(1) NOT NULL default 'G', `admin/userSaveSecure.php` char(1) NOT NULL default 'G', `admin/group.php` char(1) NOT NULL default 'G', diff --git a/www-ssl/admin/group.php b/www-ssl/admin/group.php index 6377593d..00b7329f 100755 --- a/www-ssl/admin/group.php +++ b/www-ssl/admin/group.php @@ -16,10 +16,10 @@ if (!IsSet($_GET["enterGID"])) // anzahl zeilen $Zeilen = mysql_num_rows($Erg); - echo "\n"; + echo "
\n"; echo "\n"; echo "\t\n"; - echo "\t\n"; + echo "\t\n"; echo "\n"; for ($n = 0 ; $n < $Zeilen ; $n++) { @@ -30,6 +30,15 @@ if (!IsSet($_GET["enterGID"])) mysql_result($Erg, $n, "UID")."&Type=Secure\">change\n"; echo "\n"; } + + // new form + echo "\n"; + echo "\t\n"; + echo "\t\t\n"; + echo "\t\t\n"; + echo "\t\n"; + echo "\n"; + echo "\t
Groupname-Link
\n"; // Ende Userliste } diff --git a/www-ssl/admin/user.php b/www-ssl/admin/user.php index 748c09fa..5f0888e4 100755 --- a/www-ssl/admin/user.php +++ b/www-ssl/admin/user.php @@ -11,8 +11,6 @@ if (!IsSet($_GET["enterUID"])) echo "Neuen Engel eintragen

\n"; - echo "\nEdit logout User

\n"; - if( !isset($_GET["OrderBy"]) ) $_GET["OrderBy"] = "Nick"; $SQL = "SELECT * FROM `User` ORDER BY `". $_GET["OrderBy"]. "` ASC"; $Erg = mysql_query($SQL, $con); diff --git a/www-ssl/admin/userChangeSecure.php b/www-ssl/admin/userChangeSecure.php index e7de1b5c..bae26ad4 100755 --- a/www-ssl/admin/userChangeSecure.php +++ b/www-ssl/admin/userChangeSecure.php @@ -16,7 +16,7 @@ if (IsSet($_GET["enterUID"])) "Wenn T-Shirt ein 'Ja' enthält, bedeutet dies, dass der Engel ". "bereits sein T-Shirt erhalten hat.

\n"; - echo "
\n"; + echo "\n"; echo "\n"; echo "\n"; diff --git a/www-ssl/admin/userSaveNormal.php b/www-ssl/admin/userSaveNormal.php index 466c2e6e..62ba44a3 100755 --- a/www-ssl/admin/userSaveNormal.php +++ b/www-ssl/admin/userSaveNormal.php @@ -9,7 +9,6 @@ include ("../../includes/funktion_db.php"); if (IsSet($_GET["action"])) { - SetHeaderGo2Back(); echo "Gesendeter Befehl: ". $_GET["action"]. "
"; diff --git a/www-ssl/admin/userSaveSecure.php b/www-ssl/admin/userSaveSecure.php index 02da8d6d..6eadeddc 100755 --- a/www-ssl/admin/userSaveSecure.php +++ b/www-ssl/admin/userSaveSecure.php @@ -7,12 +7,20 @@ include ("../../includes/funktion_db_list.php"); include ("../../includes/crypt.php"); include ("../../includes/funktion_db.php"); -if (IsSet($_GET["action"])) +if( !IsSet($_POST["enterUID"]) ) +{ + $Right = "N"; +} elseif( $_POST["enterUID"] > 0 ) { + $Right = $_SESSION['CVS'][ "admin/user.php"]; +} else { + $Right = $_SESSION['CVS'][ "admin/group.php"]; +} + +if ( ($Right=="Y") && IsSet($_GET["action"])) { - SetHeaderGo2Back(); echo "Gesendeter Befehl: ". $_GET["action"]. "
"; - + switch ($_GET["action"]) { case "change": @@ -31,7 +39,9 @@ if (IsSet($_GET["action"])) if( $CVS_Data_Name == "GroupID") { if( $_POST["enterUID"] > 0 ) - $SQL2.= "`$CVS_Data_Name` = ". $_POST["GroupID"].", "; + $SQL2.= "`$CVS_Data_Name` = '". $_POST["GroupID"]."', "; + else + $SQL2.= "`$CVS_Data_Name` = NULL, "; } else { $SQL2.= "`$CVS_Data_Name` = '". $_POST[$CVS_Data_i]."', "; } @@ -90,9 +100,41 @@ if (IsSet($_GET["action"])) } // end switch // ende - Action ist gesetzt -} -else -{ +} elseif ( IsSet($_GET["new"]) && ($_SESSION['CVS']["admin/group.php"]=="Y") ) { + echo "Gesendeter Befehl: ". $_GET["new"]. "
"; + + switch ($_GET["new"]) + { + case "newGroup": + echo "\tGenerate new Group ID...\n"; + $SQLid="SELECT MIN(`UID`) FROM `UserCVS`;"; + $Erg = mysql_query( $SQLid); + + if( mysql_num_rows($Erg) == 1) { + $NewId = mysql_result( $Erg, 0, 0)-1; + $SQLnew1 = "INSERT INTO `UserGroups` (`UID`, `Name`) VALUES ('$NewId', '". $_POST["GroupName"]. "' );"; + $SQLnew2 = "INSERT INTO `UserCVS` (`UID`, `GroupID`) VALUES ('$NewId', NULL );"; + echo "\t
Generate new UserGroup ...\n"; + $ErgNew1 = db_query($SQLnew1, "create UserGroups Entry"); + if ($ErgNew1 == 1) + { + echo "\t
Generate new User rights...\n"; + $ErgNew2 = db_query($SQLnew2, "UserCVS Entry"); + if ($ErgNew1 == 1) { + echo "\t
New group was created.\n"; + } else { + echo "Error on creation\n(". mysql_error($con). ")"; + } + } else { + echo "Error on creation\n(". mysql_error($con). ")"; + } + + } + + + break; + } +} else { // kein Action gesetzt -> abbruch echo "Unzulässiger Aufruf.
Bitte neu editieren..."; } -- cgit v1.2.3-54-g00ecf