From 8a5f510da2fa2a0a4d543d436a8ca96df5d74301 Mon Sep 17 00:00:00 2001 From: Philip Häusler Date: Mon, 26 Sep 2011 16:04:30 +0200 Subject: fix issue #34, edit rights of righless users --- includes/pages/admin_user.php | 49 ++++++++++++++++++++++++------------------- includes/sys_auth.php | 2 +- includes/sys_mysql.php | 1 + 3 files changed, 29 insertions(+), 23 deletions(-) (limited to 'includes') diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index 23c24619..7b3ab86e 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -117,11 +117,16 @@ function admin_user() { $html .= "Hier kannst Du die Benutzergruppen des Engels festlegen:
\n"; $html .= ''; - list ($my_highest_group) = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($user['UID']) . " ORDER BY `uid`"); - list ($his_highest_group) = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($id) . " ORDER BY `uid`"); + $my_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($user['UID']) . " ORDER BY `uid` LIMIT 1"); + if (count($my_highest_group) > 0) + $my_highest_group = $my_highest_group[0]['group_id']; + + $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($id) . " ORDER BY `uid` LIMIT 1"); + if (count($his_highest_group) > 0) + $his_highest_group = $his_highest_group[0]['group_id']; if ($id != $user['UID'] && $my_highest_group <= $his_highest_group) { - $groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group['group_id']) . " ORDER BY `Groups`.`Name`"); + $groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group) . " ORDER BY `Groups`.`Name`"); foreach ($groups as $group) $html .= ''; @@ -138,7 +143,7 @@ function admin_user() { $html .= ""; $html .= "
"; - $html .= funktion_db_element_list_2row("Freeloader Shifts", "SELECT `Remove_Time`, `Length`, `Comment` FROM `ShiftFreeloader` WHERE UID=" . $_REQUEST['id']); + //$html .= funktion_db_element_list_2row("Freeloader Shifts", "SELECT `Remove_Time`, `Length`, `Comment` FROM `ShiftFreeloader` WHERE UID=" . $_REQUEST['id']); } else { switch ($_REQUEST['action']) { case 'save_groups' : @@ -195,7 +200,7 @@ function admin_user() { "`Gekommen`= '" . sql_escape($_POST["eGekommen"]) . "', " . "`Aktiv`= '" . sql_escape($_POST["eAktiv"]) . "', " . "`Tshirt` = '" . sql_escape($_POST["eTshirt"]) . "', " . - "`Hometown` = '" .sql_escape( $_POST["Hometown"]) . "' " . + "`Hometown` = '" . sql_escape($_POST["Hometown"]) . "' " . "WHERE `UID` = '" . sql_escape($id) . "' LIMIT 1;"; sql_query($SQL); @@ -227,23 +232,23 @@ function admin_user() { $html .= "Anzahl Engel: $Zeilen

\n"; $html .= ' -
' . $group['Name'] . '
- - - - - - - - - - - - '; +
- Nick - Vorname NameAlter - E-Mail - GrößeGekommenAktivT-ShirtRegistriertÄnd.
+ + + + + + + + + + + + '; $Gekommen = 0; $Active = 0; $Tshirt = 0; diff --git a/includes/sys_auth.php b/includes/sys_auth.php index 15c5591a..d831f36a 100644 --- a/includes/sys_auth.php +++ b/includes/sys_auth.php @@ -10,7 +10,7 @@ function load_auth() { if ($_SESSION['IP'] != $_SERVER['REMOTE_ADDR']) { session_destroy(); - header("Location: " . link_to_page($start)); + header("Location: " . link_to_page('start')); } $user = null; diff --git a/includes/sys_mysql.php b/includes/sys_mysql.php index c076be7c..e418ddb8 100644 --- a/includes/sys_mysql.php +++ b/includes/sys_mysql.php @@ -26,6 +26,7 @@ function sql_select($query) { } return $data; } else { + print_r(debug_backtrace()); die('MySQL-query error: ' . $query . ", " . mysql_error($con)); } } -- cgit v1.2.3-70-g09d2
+ Nick + Vorname NameAlter + E-Mail + GrößeGekommenAktivT-ShirtRegistriertÄnd.