From de656d885e687337698016024304300a8ac749ea Mon Sep 17 00:00:00 2001 From: cookie Date: Sun, 6 Nov 2005 16:33:22 +0000 Subject: und noch ein bichen git-svn-id: svn://svn.cccv.de/engel-system@16 29ba0400-6e00-0410-a75a-ca02368028f8 --- admin/dect.php | 3 ++ admin/schichtplan.php | 77 +++++++++++++++++-------------- admin/shiftadd.php | 125 ++++++++++++++++++++++++++------------------------ admin/user.php | 26 +++++------ admin/user2.php | 62 ++++++++++++++----------- 5 files changed, 159 insertions(+), 134 deletions(-) (limited to 'admin') diff --git a/admin/dect.php b/admin/dect.php index 0afc7f4f..99a58028 100755 --- a/admin/dect.php +++ b/admin/dect.php @@ -7,6 +7,9 @@ include ("./inc/header.php"); include ("./inc/funktion_modem.php"); +if( !isset($_GET["dial"])) $_GET["dial"] = ""; +if( !isset($_GET["custum"])) $_GET["custum"] = ""; + if( $_GET["dial"]=="dial") { if( $_GET["DECT"]=="") diff --git a/admin/schichtplan.php b/admin/schichtplan.php index 5c8e90c2..9e7ec81b 100755 --- a/admin/schichtplan.php +++ b/admin/schichtplan.php @@ -5,7 +5,7 @@ $submenus = 1; include ("./inc/header.php"); include ("./inc/funktion_user.php"); -if (!IsSet($action)) { +if (!IsSet($_GET["action"])) { echo "Hallo ".$_SESSION['Nick'].",
\n"; echo "hier kannst du Schichten anlegen, ändern oder löschen.

"; echo "Neue Schicht einplanen

\n\n"; @@ -31,10 +31,13 @@ for( $i = 0; $i < $rowcount; $i++) $sql2= "SELECT `Name` FROM `Room` WHERE `RID`=\"".mysql_result($Erg, $i, "RID")."\""; $Erg2 = mysql_query($sql2, $con); - echo "\t\t".mysql_result($Erg2, 0, "Name")."\n"; - + if( mysql_num_rows($Erg2) > 0) + echo "\t\t".mysql_result($Erg2, 0, "Name")."\n"; + else + echo "\t\tUnbenkannt (RID=". mysql_result($Erg, $i, "RID"). ")\n"; echo "\t\t".mysql_result($Erg, $i, "Len")." Std. \n"; - echo "\t\t####\n"; + echo "\t\t####\n"; echo "\t\n"; } echo ""; @@ -45,22 +48,22 @@ echo ""; // aus sicherheitzgründen wegen späterer genuzung UnSet($chSQL); -switch ($action){ +switch ($_GET["action"]){ case 'change': - if ( !IsSet($SID) ){ + if ( !IsSet($_GET["SID"]) ){ echo "Fehlerhafter Aufruf!\n"; } else { - $sql = "SELECT * FROM `Shifts` WHERE (`SID` = \"$SID\" )"; + $sql = "SELECT * FROM `Shifts` WHERE (`SID` = \"". $_GET["SID"]. "\" )"; $Erg = mysql_query($sql, $con); echo "Schicht abändern:
\n"; // Anzeige Allgemeiner schaischt daten - echo "
"; + echo ""; echo "\n"; echo " ". "\n"; echo "
Schichtbeginn
\n"; - echo "\n"; + echo "\n"; echo "\n"; echo "\n"; echo "
\n\n"; // Löschen - echo "
\n"; - echo "\n"; + echo "\n"; + echo "\n"; echo "\n"; echo "\n"; echo "
\n\n"; @@ -106,7 +109,7 @@ case 'change': echo "
\n\n\n\n"; //Freie Engelschichten - $sql3 = "SELECT TID FROM `ShiftEntry` WHERE SID=$SID AND UID=0"; + $sql3 = "SELECT TID FROM `ShiftEntry` WHERE SID=". $_GET["SID"]. " AND UID=0"; $Erg3 = mysql_query($sql3, $con); $rowcount = mysql_num_rows($Erg3); @@ -115,13 +118,13 @@ case 'change': for ($j=0; $j < $rowcount; $j++) { $TID = mysql_result($Erg3, $j, 0); - echo "". + echo "". "freie ". TID2Type($TID). Get_Text("inc_schicht_Engel"). "schicht loeschen
\n"; } echo "
\n\n\n\n"; //Ausgabe eingetragener schischten - $sql3 = "SELECT * FROM `ShiftEntry` WHERE SID=$SID AND NOT UID=0"; + $sql3 = "SELECT * FROM `ShiftEntry` WHERE SID=". $_GET["SID"]. " AND NOT UID=0"; $Erg3 = mysql_query($sql3, $con); $rowcount = mysql_num_rows($Erg3); @@ -130,7 +133,7 @@ case 'change': for ($j=0; $j < $rowcount; $j++) { $userUID=mysql_result($Erg3, $j, "UID"); - echo "". + echo "". UID2Nick($userUID). " (". TID2Type(mysql_result($Erg3, $j, "TID")). Get_Text("inc_schicht_Engel"). ") austragen
\n"; @@ -140,8 +143,8 @@ case 'change': //Nachtragen von Engeln echo "Hat ein anderer Engel die Schicht übernommen, trage ihn bitte ein:"; - echo "
\n"; - echo "\n"; + echo "\n"; + echo "\n"; echo "\n"; // Listet alle Nicks auf @@ -163,7 +166,7 @@ case 'change': // holt eine liste der benötigten Engel zu dieser Schischt $sql3 = "SELECT Count(`TID`) AS `CTID`, `TID` FROM `ShiftEntry` "; - $sql3.= "WHERE (`SID`='$SID' AND `UID`='0') "; + $sql3.= "WHERE (`SID`='". $_GET["SID"]. "' AND `UID`='0') "; $sql3.= "GROUP BY `SID`, `TID`, `UID` "; $Erg3 = mysql_query($sql3, $con); $i=-1; @@ -181,7 +184,7 @@ case 'change': $EngelTID = mysql_result($Erg2, $l, "TID"); echo "
"; - if( $Type == "Normal" ) + if( $_GET["Type"] == "Normal" ) { echo "
\n"; - echo "\n"; + echo "\n"; echo "\n"; echo "
"; } diff --git a/admin/user2.php b/admin/user2.php index 39b3385b..5f94c093 100755 --- a/admin/user2.php +++ b/admin/user2.php @@ -6,7 +6,7 @@ include ("./inc/header.php"); include ("./inc/funktion_db_list.php"); include ("./inc/crypt.php"); -if (IsSet($action)) +if (IsSet($_GET["action"])) { function SQLExec( $SQL ) @@ -23,40 +23,46 @@ if (IsSet($action)) } SetHeaderGo2Back(); - echo "Gesendeter Befehl: $action
"; - - switch ($action) { + echo "Gesendeter Befehl: ". $_GET["action"]. "
"; + switch ($_GET["action"]) + { case "change": - if (IsSet($enterUID)) + if (IsSet($_POST["enterUID"])) { - if ($Type == "Normal") + if ($_POST["Type"] == "Normal") { $SQL = "UPDATE `User` SET "; - $SQL.= " `Nick` = '$eNick', `Name` = '$eName', `Vorname` = '$eVorname', ". - "`Telefon` = '$eTelefon', `Handy` = '$eHandy', `DECT` = '$eDECT', ". - "`email` = '$eemail', `Size` = '$eSize', ". - "`Gekommen`= '$eGekommen', `Aktiv`= '$eAktiv', ". - "`Tshirt` = '$eTshirt' "; - $SQL.= "WHERE `UID` = '$enterUID' LIMIT 1;"; + $SQL.= " `Nick` = '". $_POST["eNick"]. "', `Name` = '". $_POST["eName"]. "', ". + "`Vorname` = '". $_POST["eVorname"]. "', ". + "`Telefon` = '". $_POST["eTelefon"]. "', ". + "`Handy` = '". $_POST["eHandy"]. "', ". + "`DECT` = '". $_POST["eDECT"]. "', ". + "`email` = '". $_POST["eemail"]. "', ". + "`Size` = '". $_POST["eSize"]. "', ". + "`Gekommen`= '". $_POST["eGekommen"]. "', ". + "`Aktiv`= '". $_POST["eAktiv"]. "', ". + "`Tshirt` = '". $_POST["eTshirt"]. "' ". + "WHERE `UID` = '". $_POST["enterUID"]. + "' LIMIT 1;"; echo "User-"; SQLExec( $SQL ); } - if ($Type == "Secure") + if ($_POST["Type"] == "Secure") { $SQL2 = "UPDATE `UserCVS` SET "; - $SQL_CVS = "SELECT * FROM `UserCVS` WHERE UID=$enterUID"; + $SQL_CVS = "SELECT * FROM `UserCVS` WHERE UID=". $_POST["enterUID"]; $Erg_CVS = mysql_query($SQL_CVS, $con); $CVS_Data = mysql_fetch_array($Erg_CVS); $CVS_Data_i = 1; foreach ($CVS_Data as $CVS_Data_Name => $CVS_Data_Value) { if( ($CVS_Data_i+1)%2 && $CVS_Data_Name!="UID") - $SQL2.= "`$CVS_Data_Name` = '".$$CVS_Data_i."', "; + $SQL2.= "`$CVS_Data_Name` = '". $_POST[$CVS_Data_i]."', "; $CVS_Data_i++; } $SQL2 = substr( $SQL2, 0, strlen($SQL2)-2 ); - $SQL2.= " WHERE `UID` = '$enterUID' LIMIT 1;"; + $SQL2.= " WHERE `UID` = '". $_POST["enterUID"]. "' LIMIT 1;"; echo "
Secure-"; SQLExec( $SQL2 ); } @@ -64,14 +70,17 @@ if (IsSet($action)) break; case "delete": - if (IsSet($enterUID)) + if (IsSet($_POST["enterUID"])) { - $SQL="delete from `User` WHERE `UID` = '$enterUID' LIMIT 1;"; + echo "delate User..."; + $SQL="delete from `User` WHERE `UID` = '". $_POST["enterUID"]. "' LIMIT 1;"; SQLExec( $SQL ); - $SQL2="delete from `UserCVS` WHERE `UID` = '$enterUID' LIMIT 1;"; + echo "
\ndelate UserCVS..."; + $SQL2="delete from `UserCVS` WHERE `UID` = '". $_POST["enterUID"]. "' LIMIT 1;"; SQLExec( $SQL2 ); + echo "
\ndelate UserEntry..."; $SQL3="UPDATE `ShiftEntry` SET `UID` = '0', `Comment` = NULL ". - "WHERE `UID` = '$enterUID' LIMIT 1;"; + "WHERE `UID` = '". $_POST["enterUID"]. "' LIMIT 1;"; SQLExec( $SQL3 ); } break; @@ -80,24 +89,25 @@ if (IsSet($action)) case "newpw": echo "Bitte neues Kennwort für "; // Get Nick - $USQL = "SELECT * FROM User where UID=$eUID"; + $USQL = "SELECT * FROM User where UID=". $_POST["eUID"]; $Erg = mysql_query($USQL, $con); echo mysql_result($Erg, 0, "Nick"); echo " eingeben:
"; echo "
\n"; echo ""; echo ""; - echo ""; + echo ""; echo "\n"; echo "\n"; echo "
"; break; case "newpwsave": - if ($ePasswort == $ePasswort2) + if ($_POST["ePasswort"] == $_POST["ePasswort2"]) { // beide Passwoerter passen... - $ePasswort = PassCrypt($ePasswort); - $SQL="UPDATE `User` SET `Passwort`='$ePasswort' where `UID` = '$eUID'"; + $_POST["ePasswort"] = PassCrypt($_POST["ePasswort"]); + $SQL = "UPDATE `User` SET `Passwort`='". $_POST["ePasswort"]. "' ". + "where `UID` = '". $_POST["eUID"]. "'"; SQLExec( $SQL ); } else @@ -110,7 +120,7 @@ if (IsSet($action)) else { // kein Action gesetzt -> abbruch - echo "Unzulässiger Aufruf. Bitte neu editieren..."; + echo "Unzulässiger Aufruf.
Bitte neu editieren..."; } include ("./inc/footer.php"); -- cgit v1.2.3-70-g09d2