summaryrefslogtreecommitdiff
path: root/admin/user2.php
blob: 5f94c093dbea83194ac18a0f274565384e0ee665 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
<?PHP

$title = "User-Liste";
$header = "Index";
include ("./inc/header.php");
include ("./inc/funktion_db_list.php");
include ("./inc/crypt.php");

if (IsSet($_GET["action"])) 
{
	
	function SQLExec( $SQL )
	{ 
		global $con;
	
		$Erg = mysql_query($SQL, $con);
		if ($Erg == 1) {
			echo "&Auml;nderung wurde gesichert...\n";
		} else {
			echo "Fehler beim speichern...\n";
		}

	}

	SetHeaderGo2Back();
	echo "Gesendeter Befehl: ". $_GET["action"]. "<br>";

	switch ($_GET["action"]) 
	{
	case "change":
		if (IsSet($_POST["enterUID"]))
		{
			if ($_POST["Type"] == "Normal")
			{
				$SQL = "UPDATE `User` SET ";
				$SQL.= " `Nick` = '". $_POST["eNick"]. "', `Name` = '". $_POST["eName"]. "', ".
					"`Vorname` = '". $_POST["eVorname"]. "', ".
					"`Telefon` = '". $_POST["eTelefon"]. "', ".
					"`Handy` = '". $_POST["eHandy"]. "', ".
					"`DECT` = '". $_POST["eDECT"]. "', ".
					"`email` = '". $_POST["eemail"]. "', ".
					"`Size` = '". $_POST["eSize"]. "', ".
					"`Gekommen`= '". $_POST["eGekommen"]. "', ".
					"`Aktiv`= '". $_POST["eAktiv"]. "', ".
					"`Tshirt` = '". $_POST["eTshirt"]. "' ".
					"WHERE `UID` = '". $_POST["enterUID"]. 
					"' LIMIT 1;";
				echo "User-";
				SQLExec( $SQL );
			}
			if ($_POST["Type"] == "Secure")
			{
				$SQL2 = "UPDATE `UserCVS` SET ";
			  	$SQL_CVS = "SELECT * FROM `UserCVS` WHERE UID=". $_POST["enterUID"];
				$Erg_CVS =  mysql_query($SQL_CVS, $con);
				$CVS_Data = mysql_fetch_array($Erg_CVS);
				$CVS_Data_i = 1;
				foreach ($CVS_Data as $CVS_Data_Name => $CVS_Data_Value) 
				{
					if( ($CVS_Data_i+1)%2 && $CVS_Data_Name!="UID")
						$SQL2.= "`$CVS_Data_Name` = '". $_POST[$CVS_Data_i]."', ";
			    		$CVS_Data_i++;
					}
				$SQL2 = substr( $SQL2, 0, strlen($SQL2)-2 );
				$SQL2.= "  WHERE `UID` = '". $_POST["enterUID"]. "' LIMIT 1;";
				echo "<br>Secure-";
				SQLExec( $SQL2 );
			}
		}
		break;

	case "delete":
		if (IsSet($_POST["enterUID"]))
		{
			echo "delate User...";
			$SQL="delete from `User` WHERE `UID` = '". $_POST["enterUID"]. "' LIMIT 1;";
			SQLExec( $SQL );
			echo "<br>\ndelate UserCVS...";
			$SQL2="delete from `UserCVS` WHERE `UID` = '". $_POST["enterUID"]. "' LIMIT 1;";
			SQLExec( $SQL2 );
			echo "<br>\ndelate UserEntry...";
			$SQL3="UPDATE `ShiftEntry` SET `UID` = '0', `Comment` = NULL ".
				"WHERE `UID` = '". $_POST["enterUID"]. "' LIMIT 1;";
			SQLExec( $SQL3 );
		}
		break;


	case "newpw":
		echo "Bitte neues Kennwort f&uuml;r <b>";
		// Get Nick
		$USQL = "SELECT * FROM User where UID=". $_POST["eUID"];
		$Erg = mysql_query($USQL, $con);
		echo mysql_result($Erg, 0, "Nick");
		echo "</b> eingeben:<br>";
		echo "<form action=\"./user2.php\" method=\"POST\">\n";	
		echo "<input type=\"Password\" name=\"ePasswort\">";
		echo "<input type=\"Password\" name=\"ePasswort2\">";
		echo "<input type=\"hidden\" name=\"eUID\" value=\"". $_POST["eUID"]. "\">";
		echo "<input type=\"hidden\" name=\"action\" value=\"newpwsave\">\n";
	        echo "<input type=\"submit\" value=\"sichern...\">\n";
	        echo "</form>";
		break;

	case "newpwsave":
		if ($_POST["ePasswort"] == $_POST["ePasswort2"]) 
		{	// beide Passwoerter passen... 
			$_POST["ePasswort"] = PassCrypt($_POST["ePasswort"]);
			$SQL =	"UPDATE `User` SET `Passwort`='". $_POST["ePasswort"]. "' ".
				"where `UID` = '". $_POST["eUID"]. "'";
			SQLExec( $SQL );
		} 
		else 
			echo "Das Passwort wurde nicht &uuml;bereinstimmend eingegeben!";
		break;
	} // end switch

// ende - Action ist gesetzt 
} 
else 
{
	// kein Action gesetzt -> abbruch
	echo "Unzul&auml;ssiger Aufruf.<br>Bitte neu editieren...";
}

include ("./inc/footer.php");
?>