bugfix link to user informations
This commit is contained in:
parent
566035d0b8
commit
4cd6081353
|
@ -1,3 +1,2 @@
|
||||||
rem hole(sql-injection) in makeuser.php (no secure.php but sql-query)
|
|
||||||
todo: replace secure.php
|
todo: replace secure.php
|
||||||
|
|
||||||
|
|
|
@ -39,8 +39,8 @@ for( $i=0; $i<mysql_num_rows($Erg); $i++)
|
||||||
if( $_SESSION['UID']>0 )
|
if( $_SESSION['UID']>0 )
|
||||||
echo DisplayAvatar( mysql_result( $Erg, $i, "UID"));
|
echo DisplayAvatar( mysql_result( $Erg, $i, "UID"));
|
||||||
// Schow Admin Page
|
// Schow Admin Page
|
||||||
if( $_SESSION['CVS'][ "admin/user.php" ] == "Y" )
|
if( $_SESSION['CVS'][ "admin/userChangeNormal.php" ] == "Y" )
|
||||||
echo " <a href=\"./../admin/user.php?enterUID=". mysql_result( $Erg, $i, "UID"). "&Type=Normal\">".
|
echo " <a href=\"./../admin/userChangeNormal.php?enterUID=". mysql_result( $Erg, $i, "UID"). "&Type=Normal\">".
|
||||||
mysql_result( $Erg, $i, "Nick"). "</a>";
|
mysql_result( $Erg, $i, "Nick"). "</a>";
|
||||||
else
|
else
|
||||||
echo mysql_result( $Erg, $i, "Nick");
|
echo mysql_result( $Erg, $i, "Nick");
|
||||||
|
|
|
@ -104,8 +104,8 @@ function ausgabe_Feld_Inhalt( $SID, $Man )
|
||||||
|
|
||||||
foreach( $TempValue["Engel"] as $TempEngelEntry=> $TempEngelID )
|
foreach( $TempValue["Engel"] as $TempEngelEntry=> $TempEngelID )
|
||||||
{
|
{
|
||||||
if( $_SESSION['CVS'][ "admin/user.php" ] == "Y" )
|
if( $_SESSION['CVS'][ "admin/userChangeNormal.php" ] == "Y" )
|
||||||
$Spalten.= " <a href=\"./../admin/user.php?enterUID=$TempEngelID&Type=Normal\">";
|
$Spalten.= " <a href=\"./../admin/userChangeNormal.php?enterUID=$TempEngelID&Type=Normal\">";
|
||||||
|
|
||||||
if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" )
|
if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" )
|
||||||
{
|
{
|
||||||
|
@ -124,7 +124,7 @@ function ausgabe_Feld_Inhalt( $SID, $Man )
|
||||||
$Spalten.= " ". UID2Nick( $TempEngelID ).
|
$Spalten.= " ". UID2Nick( $TempEngelID ).
|
||||||
($_GET["Icon"]==1? DisplayAvatar( $TempEngelID ): "").
|
($_GET["Icon"]==1? DisplayAvatar( $TempEngelID ): "").
|
||||||
"<br>\n\t\t";
|
"<br>\n\t\t";
|
||||||
if( $_SESSION['CVS'][ "admin/user.php" ] == "Y" )
|
if( $_SESSION['CVS'][ "admin/userChangeNormal.php" ] == "Y" )
|
||||||
$Spalten.= " </a>";
|
$Spalten.= " </a>";
|
||||||
}
|
}
|
||||||
$Spalten = substr( $Spalten, 0, strlen($Spalten)-7 );
|
$Spalten = substr( $Spalten, 0, strlen($Spalten)-7 );
|
||||||
|
|
|
@ -63,7 +63,7 @@ $inuse="";
|
||||||
for ($i=0; $i < $Zeilen; $i++)
|
for ($i=0; $i < $Zeilen; $i++)
|
||||||
{
|
{
|
||||||
echo "<tr class=\"content\">\n";
|
echo "<tr class=\"content\">\n";
|
||||||
echo "<td><a href=\"./user.php?Type=Normal&enterUID=". mysql_result($Erg, $i, "UID"). "\">".
|
echo "<td><a href=\"./userChangeNormal.php?Type=Normal&enterUID=". mysql_result($Erg, $i, "UID"). "\">".
|
||||||
UID2Nick(mysql_result($Erg, $i, "UID")). "</td></a>\n";
|
UID2Nick(mysql_result($Erg, $i, "UID")). "</td></a>\n";
|
||||||
echo "<td></td>\n";
|
echo "<td></td>\n";
|
||||||
echo "<td>". mysql_result($Erg, $i, "RID"). "</td>\n";
|
echo "<td>". mysql_result($Erg, $i, "RID"). "</td>\n";
|
||||||
|
@ -92,7 +92,7 @@ $Zeilen = mysql_num_rows($Erg);
|
||||||
for ($i=0; $i < $Zeilen; $i++)
|
for ($i=0; $i < $Zeilen; $i++)
|
||||||
{
|
{
|
||||||
echo "\t<tr class=\"content\">\n";
|
echo "\t<tr class=\"content\">\n";
|
||||||
echo "\t\t<td><a href=\"./user.php?Type=Normal&enterUID=". mysql_result($Erg, $i, "UID"). "\">".
|
echo "\t\t<td><a href=\"./userChangeNormal.php?Type=Normal&enterUID=". mysql_result($Erg, $i, "UID"). "\">".
|
||||||
mysql_result($Erg, $i, "Nick"). "</a></td>\n";
|
mysql_result($Erg, $i, "Nick"). "</a></td>\n";
|
||||||
echo "\t\t<td>". mysql_result($Erg, $i, "DECT"). "</td>\n";
|
echo "\t\t<td>". mysql_result($Erg, $i, "DECT"). "</td>\n";
|
||||||
echo "\n</tr>\n";
|
echo "\n</tr>\n";
|
||||||
|
|
|
@ -101,206 +101,10 @@ if (!IsSet($_GET["enterUID"]))
|
||||||
"<td>$Gekommen</td><td>$Active</td><td>$Tshirt</td><td></td></tr>\n";
|
"<td>$Gekommen</td><td>$Active</td><td>$Tshirt</td><td></td></tr>\n";
|
||||||
echo "\t</table>\n";
|
echo "\t</table>\n";
|
||||||
// Ende Userliste
|
// Ende Userliste
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
// UserID wurde mit uebergeben --> Aendern...
|
echo "error";
|
||||||
|
|
||||||
echo "Hallo,<br>".
|
|
||||||
"hier kannst du den Eintrag ändern. Unter dem Punkt 'Gekommen' ".
|
|
||||||
"wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, ".
|
|
||||||
"dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. ".
|
|
||||||
"Wenn T-Shirt ein 'Ja' enthält, bedeutet dies, dass der Engel ".
|
|
||||||
"bereits sein T-Shirt erhalten hat.<br><br>\n";
|
|
||||||
|
|
||||||
echo "<form action=\"./user2.php?action=change\" method=\"POST\">\n";
|
|
||||||
echo "<table border=\"0\">\n";
|
|
||||||
echo "<input type=\"hidden\" name=\"Type\" value=\"". $_GET["Type"]. "\">\n";
|
|
||||||
|
|
||||||
if( $_GET["Type"] == "Normal" )
|
|
||||||
{
|
|
||||||
$SQL = "SELECT * FROM `User` WHERE `UID`='". $_GET["enterUID"]. "'";
|
|
||||||
$Erg = mysql_query($SQL, $con);
|
|
||||||
|
|
||||||
if (mysql_num_rows($Erg) != 1)
|
|
||||||
echo "<tr><td>Sorry, der Engel (UID=". $_GET["enterUID"].
|
|
||||||
") wurde in der Liste nicht gefunden.</td></tr>";
|
|
||||||
else
|
|
||||||
{
|
|
||||||
echo "<tr><td>\n";
|
|
||||||
echo "<table>\n";
|
|
||||||
echo " <tr><td>Nick</td><td>".
|
|
||||||
"<input type=\"text\" size=\"40\" name=\"eNick\" value=\"".
|
|
||||||
mysql_result($Erg, 0, "Nick")."\"></td></tr>\n";
|
|
||||||
echo " <tr><td>lastLogIn</td><td>".
|
|
||||||
"<input type=\"text\" size=\"20\" name=\"elastLogIn\" value=\"".
|
|
||||||
mysql_result($Erg, 0, "lastLogIn"). "\" disabled></td></tr>\n";
|
|
||||||
echo " <tr><td>Name</td><td>".
|
|
||||||
"<input type=\"text\" size=\"40\" name=\"eName\" value=\"".
|
|
||||||
mysql_result($Erg, 0, "Name")."\"></td></tr>\n";
|
|
||||||
echo " <tr><td>Vorname</td><td>".
|
|
||||||
"<input type=\"text\" size=\"40\" name=\"eVorname\" value=\"".
|
|
||||||
mysql_result($Erg, 0, "Vorname")."\"></td></tr>\n";
|
|
||||||
echo " <tr><td>Alter</td><td>".
|
|
||||||
"<input type=\"text\" size=\"5\" name=\"eAlter\" value=\"".
|
|
||||||
mysql_result($Erg, 0, "Alter")."\"></td></tr>\n";
|
|
||||||
echo " <tr><td>Telefon</td><td>".
|
|
||||||
"<input type=\"text\" size=\"40\" name=\"eTelefon\" value=\"".
|
|
||||||
mysql_result($Erg, 0, "Telefon")."\"></td></tr>\n";
|
|
||||||
echo " <tr><td>Handy</td><td>".
|
|
||||||
"<input type=\"text\" size=\"40\" name=\"eHandy\" value=\"".
|
|
||||||
mysql_result($Erg, 0, "Handy")."\"></td></tr>\n";
|
|
||||||
echo " <tr><td>DECT</td><td>".
|
|
||||||
"<input type=\"text\" size=\"4\" name=\"eDECT\" value=\"".
|
|
||||||
mysql_result($Erg, 0, "DECT")."\"></td></tr>\n";
|
|
||||||
echo " <tr><td>email</td><td>".
|
|
||||||
"<input type=\"text\" size=\"40\" name=\"eemail\" value=\"".
|
|
||||||
mysql_result($Erg, 0, "email")."\"></td></tr>\n";
|
|
||||||
echo " <tr><td>ICQ</td><td>".
|
|
||||||
"<input type=\"text\" size=\"40\" name=\"eICQ\" value=\"".
|
|
||||||
mysql_result($Erg, 0, "ICQ")."\"></td></tr>\n";
|
|
||||||
echo " <tr><td>jabber</td><td>".
|
|
||||||
"<input type=\"text\" size=\"40\" name=\"ejabber\" value=\"".
|
|
||||||
mysql_result($Erg, 0, "jabber")."\"></td></tr>\n";
|
|
||||||
echo " <tr><td>Size</td><td>".
|
|
||||||
"<input type=\"text\" size=\"5\" name=\"eSize\" value=\"".
|
|
||||||
mysql_result($Erg, 0, "Size")."\"></td></tr>\n";
|
|
||||||
echo " <tr><td>Passwort</td><td>".
|
|
||||||
"<a href=\"./user2.php?action=newpw&eUID="
|
|
||||||
.mysql_result($Erg, 0, "UID")."\">neues Kennwort setzen</a></td></tr>\n";
|
|
||||||
|
|
||||||
// Gekommen?
|
|
||||||
echo " <tr><td>Gekommen</td><td>\n";
|
|
||||||
echo " <input type=\"radio\" name=\"eGekommen\" value=\"0\"";
|
|
||||||
if (mysql_result($Erg, 0, "Gekommen")=='0')
|
|
||||||
echo " checked";
|
|
||||||
echo ">No \n";
|
|
||||||
echo " <input type=\"radio\" name=\"eGekommen\" value=\"1\"";
|
|
||||||
if (mysql_result($Erg, 0, "Gekommen")=='1')
|
|
||||||
echo " checked";
|
|
||||||
echo ">Yes \n";
|
|
||||||
echo "</td></tr>\n";
|
|
||||||
|
|
||||||
// Aktiv?
|
|
||||||
echo " <tr><td>Aktiv</td><td>\n";
|
|
||||||
echo " <input type=\"radio\" name=\"eAktiv\" value=\"0\"";
|
|
||||||
if (mysql_result($Erg, 0, "Aktiv")=='0')
|
|
||||||
echo " checked";
|
|
||||||
echo ">No \n";
|
|
||||||
echo " <input type=\"radio\" name=\"eAktiv\" value=\"1\"";
|
|
||||||
if (mysql_result($Erg, 0, "Aktiv")=='1')
|
|
||||||
echo " checked";
|
|
||||||
echo ">Yes \n";
|
|
||||||
echo "</td></tr>\n";
|
|
||||||
|
|
||||||
// T-Shirt bekommen?
|
|
||||||
echo " <tr><td>T-Shirt</td><td>\n";
|
|
||||||
echo " <input type=\"radio\" name=\"eTshirt\" value=\"0\"";
|
|
||||||
if (mysql_result($Erg, 0, "Tshirt")=='0')
|
|
||||||
echo " checked";
|
|
||||||
echo ">No \n";
|
|
||||||
echo " <input type=\"radio\" name=\"eTshirt\" value=\"1\"";
|
|
||||||
if (mysql_result($Erg, 0, "Tshirt")=='1')
|
|
||||||
echo " checked";
|
|
||||||
echo ">Yes \n";
|
|
||||||
echo "</td></tr>\n";
|
|
||||||
|
|
||||||
// Menu links/rechts
|
|
||||||
echo " <tr><td>Menu</td><td>\n";
|
|
||||||
echo " <input type=\"radio\" name=\"eMenu\" value=\"L\"";
|
|
||||||
if (mysql_result($Erg, 0, "Menu")=='L')
|
|
||||||
echo " checked";
|
|
||||||
echo ">L \n";
|
|
||||||
echo " <input type=\"radio\" name=\"eMenu\" value=\"R\"";
|
|
||||||
if (mysql_result($Erg, 0, "Menu")=='R')
|
|
||||||
echo " checked";
|
|
||||||
echo ">R \n";
|
|
||||||
echo "</td></tr>\n";
|
|
||||||
|
|
||||||
echo " <tr><td>Hometown</td><td>".
|
|
||||||
"<input type=\"text\" size=\"40\" name=\"Hometown\" value=\"".
|
|
||||||
mysql_result($Erg, 0, "Hometown")."\"></td></tr>\n";
|
|
||||||
|
|
||||||
echo "</table>\n</td><td valign=\"top\">". displayavatar($_GET["enterUID"], FALSE). "</td></tr>";
|
|
||||||
}
|
|
||||||
}//IF TYPE Normal
|
|
||||||
if( $_GET["Type"] == "Secure" )
|
|
||||||
{
|
|
||||||
// CVS-Rechte
|
|
||||||
echo " <tr><td><br><u>Rights of \"". UID2Nick($_GET["enterUID"]). "\":</u></td></tr>\n";
|
|
||||||
|
|
||||||
$SQL_CVS = "SELECT * FROM `UserCVS` WHERE `UID`='". $_GET["enterUID"]. "'";
|
|
||||||
$Erg_CVS = mysql_query($SQL_CVS, $con);
|
|
||||||
|
|
||||||
if( mysql_num_rows($Erg_CVS) != 1)
|
|
||||||
echo "Sorry, der Engel (UID=". $_GET["enterUID"]. ") wurde in der Liste nicht gefunden.";
|
|
||||||
else
|
|
||||||
{
|
|
||||||
$CVS_Data = mysql_fetch_array($Erg_CVS);
|
|
||||||
$CVS_Data_i = 1;
|
|
||||||
foreach ($CVS_Data as $CVS_Data_Name => $CVS_Data_Value)
|
|
||||||
{
|
|
||||||
$CVS_Data_i++;
|
|
||||||
//nur jeder zweiter sonst wird für jeden text noch die position (Zahl) ausgegeben
|
|
||||||
if( $CVS_Data_i%2 && $CVS_Data_Name!="UID")
|
|
||||||
{
|
|
||||||
if($CVS_Data_Name=="GroupID") {
|
|
||||||
if( $_GET["enterUID"] > 0 )
|
|
||||||
{
|
|
||||||
echo "<tr><td><b>Group</b></td>\n".
|
|
||||||
"<td><select name=\"GroupID\">";
|
|
||||||
|
|
||||||
$SQL_Group = "SELECT * FROM `UserGroups`";
|
|
||||||
$Erg_Group = mysql_query($SQL_Group, $con);
|
|
||||||
for ($n = 0 ; $n < mysql_num_rows($Erg_Group) ; $n++)
|
|
||||||
{
|
|
||||||
$UID = mysql_result($Erg_Group, $n, "UID");
|
|
||||||
echo "\t<option value=\"$UID\"";
|
|
||||||
if( $CVS_Data_Value == $UID)
|
|
||||||
echo " selected";
|
|
||||||
echo ">". mysql_result($Erg_Group, $n, "Name"). "</option>\n";
|
|
||||||
}
|
|
||||||
echo "</select></td></tr>";
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
echo "<tr><td>$CVS_Data_Name</td>\n<td>";
|
|
||||||
echo "<input type=\"radio\" name=\"".($CVS_Data_i-1)."\" value=\"Y\" ";
|
|
||||||
if( $CVS_Data_Value == "Y" )
|
|
||||||
echo " checked";
|
|
||||||
echo ">allow \n";
|
|
||||||
echo "<input type=\"radio\" name=\"".($CVS_Data_i-1)."\" value=\"N\" ";
|
|
||||||
if( $CVS_Data_Value == "N" )
|
|
||||||
echo " checked";
|
|
||||||
echo ">denied \n";
|
|
||||||
if( $_GET["enterUID"] > 0 )
|
|
||||||
{
|
|
||||||
echo "<input type=\"radio\" name=\"".($CVS_Data_i-1)."\" value=\"G\" ";
|
|
||||||
if( $CVS_Data_Value == "G" )
|
|
||||||
echo " checked";
|
|
||||||
echo ">group-setting \n";
|
|
||||||
echo "</td></tr>";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} //IF
|
|
||||||
} //Foreach
|
|
||||||
echo "</td></tr>\n";
|
|
||||||
} // IF TYPE
|
|
||||||
}
|
|
||||||
|
|
||||||
// Ende Formular
|
|
||||||
echo "</td></tr>\n";
|
|
||||||
echo "</table>\n<br>\n";
|
|
||||||
echo "<input type=\"hidden\" name=\"enterUID\" value=\"". $_GET["enterUID"]. "\">\n";
|
|
||||||
echo "<input type=\"submit\" value=\"sichern...\">\n";
|
|
||||||
echo "</form>";
|
|
||||||
|
|
||||||
if( $_GET["Type"] == "Normal" )
|
|
||||||
{
|
|
||||||
echo "<form action=\"./user2.php?action=delete\" method=\"POST\">\n";
|
|
||||||
echo "<input type=\"hidden\" name=\"enterUID\" value=\"". $_GET["enterUID"]. "\">\n";
|
|
||||||
echo "<input type=\"submit\" value=\"löschen...\">\n";
|
|
||||||
echo "</form>";
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
include ("../../includes/footer.php");
|
include ("../../includes/footer.php");
|
||||||
|
|
Loading…
Reference in New Issue