iger
/
engelsystem
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

user management

This commit is contained in:
Philip Häusler 2011-06-03 07:44:50 +02:00
parent 11e274a6fe
commit 6b155db36c
8 changed files with 275 additions and 502 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
DB/db_rewrite.sql
View File

@ -3,7 +3,7 @@
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Erstellungszeit: 03. Juni 2011 um 04:47
-- Erstellungszeit: 03. Juni 2011 um 05:44
-- Server Version: 5.1.44
-- PHP-Version: 5.3.1
@ -80,15 +80,15 @@ INSERT INTO `Counter` (`URL`, `Anz`) VALUES
('register', 8),
('admin_rooms', 89),
('admin_angel_types', 71),
('user_settings', 126),
('user_settings', 131),
('user_messages', 113),
('admin_groups', 129),
('user_questions', 55),
('admin_questions', 42),
('admin_questions', 43),
('admin_faq', 55),
('admin_news', 33),
('news_comments', 151),
('admin_user', 59),
('admin_user', 157),
('user_meetings', 5);
-- --------------------------------------------------------
@ -1083,8 +1083,7 @@ CREATE TABLE IF NOT EXISTS `User` (
--
INSERT INTO `User` (`UID`, `Nick`, `Name`, `Vorname`, `Alter`, `Telefon`, `DECT`, `Handy`, `email`, `ICQ`, `jabber`, `Size`, `Passwort`, `Gekommen`, `Aktiv`, `Tshirt`, `color`, `Sprache`, `Avatar`, `Menu`, `lastLogIn`, `CreateDate`, `Art`, `kommentar`, `Hometown`) VALUES
(1, 'admin', '', '', 0, '', '', '', '', '', '', 'L', '21232f297a57a5a743894a0e4a801fc3', 0, 0, 0, 10, 'DE', 115, 'L', 1307076377, '0000-00-00 00:00:00', '', '', ''),
(147, 'msquare', '', '', 23, '', '', '', 'msquare@notrademark.de', '', '', 'L', 'e10adc3949ba59abbe56e057f20f883e', 0, 0, 0, 6, 'EN', 0, 'L', 1307042703, '2011-06-02 00:55:09', '', '', '');
(1, 'admin', 'Gates', 'Bill', 42, '', '', '', '', '', '', '', '4297f44b13955235245b2497399d7a93', 0, 0, 0, 10, 'DE', 115, 'L', 1307079838, '0000-00-00 00:00:00', '', '', '');
-- --------------------------------------------------------
@ -1184,8 +1183,7 @@ INSERT INTO `UserGroups` (`id`, `uid`, `group_id`) VALUES
(1, 1, -2),
(2, 1, -3),
(3, 1, -5),
(4, 1, -4),
(5, 147, -2);
(4, 1, -4);
-- --------------------------------------------------------

359
includes/pages/admin_user.php
View File

@ -1,111 +1,280 @@
<?php
function admin_user() {
global $user;
include ("includes/funktion_db_list.php");
$html = "";
// Userliste, keine UID uebergeben...
$html .= "<a href=\"" . page_link_to("register") . "\">Neuen Engel eintragen &raquo;</a><br /><br />\n";
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_REQUEST['id'])) > 0) {
$id = $_REQUEST['id'];
if (!isset ($_REQUEST['action'])) {
$html .= "Hallo,<br />" .
"hier kannst du den Eintrag &auml;ndern. Unter dem Punkt 'Gekommen' " .
"wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, " .
"dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. " .
"Wenn T-Shirt ein 'Ja' enth&auml;lt, bedeutet dies, dass der Engel " .
"bereits sein T-Shirt erhalten hat.<br /><br />\n";
if (!isset ($_GET["OrderBy"]))
$_GET["OrderBy"] = "Nick";
$SQL = "SELECT * FROM `User` ORDER BY `" . $_GET["OrderBy"] . "` ASC";
$Erg = sql_query($SQL);
$html .= "<form action=\"" . page_link_to("admin_user") . "&action=save&id=$id\" method=\"post\">\n";
$html .= "<table border=\"0\">\n";
$html .= "<input type=\"hidden\" name=\"Type\" value=\"Normal\">\n";
// anzahl zeilen
$Zeilen = mysql_num_rows($Erg);
$SQL = "SELECT * FROM `User` WHERE `UID`='" . $id . "'";
$Erg = sql_query($SQL);
$html .= "Anzahl Engel: $Zeilen<br /><br />\n";
$html .= '
<table width="100%" class="border" cellpadding="2" cellspacing="1"> <thead>
<tr class="contenttopic">
<th>
<a href="' . page_link_to("admin_user") . '&OrderBy=Nick">Nick</a>
</th>
<th><a href="' . page_link_to("admin_user") . '&OrderBy=Vorname">Vorname</a> <a href="' . page_link_to("admin_user") . '&OrderBy=Name">Name</a></th>
<th><a href="' . page_link_to("admin_user") . '&OrderBy=Alter">Alter</a></th>
<th>
<a href="' . page_link_to("admin_user") . '&OrderBy=email">E-Mail</a>
</th>
<th><a href="' . page_link_to("admin_user") . '&OrderBy=Size">Gr&ouml;&szlig;e</a></th>
<th><a href="' . page_link_to("admin_user") . '&OrderBy=Gekommen">Gekommen</a></th>
<th><a href="' . page_link_to("admin_user") . '&OrderBy=Aktiv">Aktiv</a></th>
<th><a href="' . page_link_to("admin_user") . '&OrderBy=Tshirt">T-Shirt</a></th>
<th><a href="' . page_link_to("admin_user") . '&OrderBy=CreateDate">Registrier</a></th>
<th>&Auml;nd.</th>
</tr></thead>';
$Gekommen = 0;
$Active = 0;
$Tshirt = 0;
$html .= "<tr><td>\n";
$html .= "<table>\n";
$html .= " <tr><td>Nick</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eNick\" value=\"" .
mysql_result($Erg, 0, "Nick") . "\"></td></tr>\n";
$html .= " <tr><td>lastLogIn</td><td>" .
date("Y-m-d H:i", mysql_result($Erg, 0, "lastLogIn")) . "</td></tr>\n";
$html .= " <tr><td>Name</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eName\" value=\"" .
mysql_result($Erg, 0, "Name") . "\"></td></tr>\n";
$html .= " <tr><td>Vorname</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eVorname\" value=\"" .
mysql_result($Erg, 0, "Vorname") . "\"></td></tr>\n";
$html .= " <tr><td>Alter</td><td>" .
"<input type=\"text\" size=\"5\" name=\"eAlter\" value=\"" .
mysql_result($Erg, 0, "Alter") . "\"></td></tr>\n";
$html .= " <tr><td>Telefon</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eTelefon\" value=\"" .
mysql_result($Erg, 0, "Telefon") . "\"></td></tr>\n";
$html .= " <tr><td>Handy</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eHandy\" value=\"" .
mysql_result($Erg, 0, "Handy") . "\"></td></tr>\n";
$html .= " <tr><td>DECT</td><td>" .
"<input type=\"text\" size=\"4\" name=\"eDECT\" value=\"" .
mysql_result($Erg, 0, "DECT") . "\"></td></tr>\n";
$html .= " <tr><td>email</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eemail\" value=\"" .
mysql_result($Erg, 0, "email") . "\"></td></tr>\n";
$html .= " <tr><td>ICQ</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eICQ\" value=\"" .
mysql_result($Erg, 0, "ICQ") . "\"></td></tr>\n";
$html .= " <tr><td>jabber</td><td>" .
"<input type=\"text\" size=\"40\" name=\"ejabber\" value=\"" .
mysql_result($Erg, 0, "jabber") . "\"></td></tr>\n";
$html .= " <tr><td>Size</td><td>" .
html_select_key('size', array (
'S' => "S",
'M' => "M",
'L' => "L",
'XL' => "XL",
'2XL' => "2XL",
'3XL' => "3XL",
'4XL' => "4XL",
'5XL' => "5XL",
'S-G' => "S Girl",
'M-G' => "M Girl",
'L-G' => "L Girl",
'XL-G' => "XL Girl"
), mysql_result($Erg, 0, "Size")) . "</td></tr>\n";
for ($n = 0; $n < $Zeilen; $n++) {
$title = "";
$user_groups = sql_select("SELECT * FROM `UserGroups` JOIN `Groups` ON (`Groups`.`UID` = `UserGroups`.`group_id`) WHERE `UserGroups`.`uid`=" . sql_escape(mysql_result($Erg, $n, "UID")) . " ORDER BY `Groups`.`Name`");
$groups = array ();
foreach ($user_groups as $user_group) {
$groups[] = $user_group['Name'];
$options = array (
'1' => "Yes",
'0' => "No"
);
// Gekommen?
$html .= " <tr><td>Gekommen</td><td>\n";
$html .= html_options('eGekommen', $options, mysql_result($Erg, 0, "Gekommen")) . "</td></tr>\n";
// Aktiv?
$html .= " <tr><td>Aktiv</td><td>\n";
$html .= html_options('eAktiv', $options, mysql_result($Erg, 0, "Aktiv")) . "</td></tr>\n";
// T-Shirt bekommen?
$html .= " <tr><td>T-Shirt</td><td>\n";
$html .= html_options('eTshirt', $options, mysql_result($Erg, 0, "Tshirt")) . "</td></tr>\n";
$html .= " <tr><td>Hometown</td><td>" .
"<input type=\"text\" size=\"40\" name=\"Hometown\" value=\"" .
mysql_result($Erg, 0, "Hometown") . "\"></td></tr>\n";
$html .= "</table>\n</td><td valign=\"top\">" . displayavatar($id, false) . "</td></tr>";
$html .= "</td></tr>\n";
$html .= "</table>\n<br />\n";
$html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n";
$html .= "<input type=\"submit\" value=\"Speichern\">\n";
$html .= "</form>";
$html .= "<hr />";
$html .= "Hier kannst Du das Passwort dieses Engels neu setzen:<form action=\"" . page_link_to("admin_user") . "&action=change_pw&id=$id\" method=\"post\">\n";
$html .= "<table>\n";
$html .= " <tr><td>Passwort</td><td>" .
"<input type=\"password\" size=\"40\" name=\"new_pw\" value=\"\"></td></tr>\n";
$html .= " <tr><td>Wiederholung</td><td>" .
"<input type=\"password\" size=\"40\" name=\"new_pw2\" value=\"\"></td></tr>\n";
$html .= "</table>";
$html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n";
$html .= "<input type=\"submit\" value=\"Speichern\">\n";
$html .= "</form>";
$html .= "<hr />";
$html .= "<form action=\"" . page_link_to("admin_user") . "&action=delete&id=" . $id . "\" method=\"post\">\n";
$html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n";
$html .= "<input type=\"submit\" value=\"Löschen\">\n";
$html .= "</form>";
$html .= "<hr />";
$html .= funktion_db_element_list_2row("Freeloader Shifts", "SELECT `Remove_Time`, `Length`, `Comment` FROM `ShiftFreeloader` WHERE UID=" . $_REQUEST['id']);
} else {
switch ($_REQUEST['action']) {
case 'delete' :
if ($user['UID'] != $id) {
sql_query("DELETE FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id));
sql_query("UPDATE `ShiftEntry` SET `UID`=0, `Comment`=NULL WHERE `UID`=" . sql_escape($id));
$html .= success("Benutzer gelöscht!");
} else {
$html .= error("Du kannst Dich nicht selber löschen!");
}
break;
case 'save' :
$SQL = "UPDATE `User` SET ";
$SQL .= " `Nick` = '" . $_POST["eNick"] . "', `Name` = '" . $_POST["eName"] . "', " .
"`Vorname` = '" . $_POST["eVorname"] . "', " .
"`Telefon` = '" . $_POST["eTelefon"] . "', " .
"`Handy` = '" . $_POST["eHandy"] . "', " .
"`Alter` = '" . $_POST["eAlter"] . "', " .
"`DECT` = '" . $_POST["eDECT"] . "', " .
"`email` = '" . $_POST["eemail"] . "', " .
"`ICQ` = '" . $_POST["eICQ"] . "', " .
"`jabber` = '" . $_POST["ejabber"] . "', " .
"`Size` = '" . $_POST["eSize"] . "', " .
"`Gekommen`= '" . $_POST["eGekommen"] . "', " .
"`Aktiv`= '" . $_POST["eAktiv"] . "', " .
"`Tshirt` = '" . $_POST["eTshirt"] . "', " .
"`Hometown` = '" . $_POST["Hometown"] . "' " .
"WHERE `UID` = '" . $id .
"' LIMIT 1;";
sql_query($SQL);
$html .= success("Änderung wurde gespeichert...\n");
break;
case 'change_pw' :
if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) {
sql_query("UPDATE `User` SET `Passwort`='" . sql_escape(PassCrypt($_REQUEST['new_pw'])) . "' WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
$html .= success("Passwort neu gesetzt.");
} else {
$html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!");
}
break;
}
}
$title .= 'Groups: ' . join(", ", $groups) . "<br />";
if (strlen(mysql_result($Erg, $n, "Telefon")) > 0)
$title .= "Tel: " . mysql_result($Erg, $n, "Telefon") . "<br />";
if (strlen(mysql_result($Erg, $n, "Handy")) > 0)
$title .= "Handy: " . mysql_result($Erg, $n, "Handy") . "<br />";
if (strlen(mysql_result($Erg, $n, "DECT")) > 0)
$title .= "DECT: <a href=\"./dect.php?custum=" . mysql_result($Erg, $n, "DECT") . "\">" .
mysql_result($Erg, $n, "DECT") . "</a><br />";
if (strlen(mysql_result($Erg, $n, "Hometown")) > 0)
$title .= "Hometown: " . mysql_result($Erg, $n, "Hometown") . "<br />";
if (strlen(mysql_result($Erg, $n, "lastLogIn")) > 0)
$title .= "Last login: " . date("Y-m-d H:i", mysql_result($Erg, $n, "lastLogIn")) . "<br />";
if (strlen(mysql_result($Erg, $n, "Art")) > 0)
$title .= "Type: " . mysql_result($Erg, $n, "Art") . "<br />";
if (strlen(mysql_result($Erg, $n, "ICQ")) > 0)
$title .= "ICQ: " . mysql_result($Erg, $n, "ICQ") . "<br />";
if (strlen(mysql_result($Erg, $n, "jabber")) > 0)
$title .= "jabber: " . mysql_result($Erg, $n, "jabber") . "<br />";
} else {
// Userliste, keine UID uebergeben...
$html .= "<tr class=\"content\">\n";
$html .= "\t<td>" . mysql_result($Erg, $n, "Nick") . "</td>\n";
$html .= "\t<td>" . mysql_result($Erg, $n, "Vorname") . " " . mysql_result($Erg, $n, "Name") . "</td>\n";
$html .= "\t<td>" . mysql_result($Erg, $n, "Alter") . "</td>\n";
$html .= "\t<td>";
if (strlen(mysql_result($Erg, $n, "email")) > 0)
$html .= "<a href=\"mailto:" . mysql_result($Erg, $n, "email") . "\">" .
mysql_result($Erg, $n, "email") . "</a>";
$html .= '<div class="hidden">' . $title . '</div>';
$html .= "</td>\n";
$html .= "\t<td>" . mysql_result($Erg, $n, "Size") . "</td>\n";
$Gekommen += mysql_result($Erg, $n, "Gekommen");
$html .= "\t<td>" . mysql_result($Erg, $n, "Gekommen") . "</td>\n";
$Active += mysql_result($Erg, $n, "Aktiv");
$html .= "\t<td>" . mysql_result($Erg, $n, "Aktiv") . "</td>\n";
$Tshirt += mysql_result($Erg, $n, "Tshirt");
$html .= "\t<td>" . mysql_result($Erg, $n, "Tshirt") . "</td>\n";
$html .= "<td>" . mysql_result($Erg, $n, "CreateDate") . "</td>";
$html .= "\t<td>" . '<a href="">Edit</a>' .
"</td>\n";
$html .= "</tr>\n";
$html .= "<a href=\"" . page_link_to("register") . "\">Neuen Engel eintragen &raquo;</a><br /><br />\n";
if (!isset ($_GET["OrderBy"]))
$_GET["OrderBy"] = "Nick";
$SQL = "SELECT * FROM `User` ORDER BY `" . sql_escape($_GET["OrderBy"]) . "` ASC";
$Erg = sql_query($SQL);
// anzahl zeilen
$Zeilen = mysql_num_rows($Erg);
$html .= "Anzahl Engel: $Zeilen<br /><br />\n";
$html .= '
<table width="100%" class="border" cellpadding="2" cellspacing="1"> <thead>
<tr class="contenttopic">
<th>
<a href="' . page_link_to("admin_user") . '&OrderBy=Nick">Nick</a>
</th>
<th><a href="' . page_link_to("admin_user") . '&OrderBy=Vorname">Vorname</a> <a href="' . page_link_to("admin_user") . '&OrderBy=Name">Name</a></th>
<th><a href="' . page_link_to("admin_user") . '&OrderBy=Alter">Alter</a></th>
<th>
<a href="' . page_link_to("admin_user") . '&OrderBy=email">E-Mail</a>
</th>
<th><a href="' . page_link_to("admin_user") . '&OrderBy=Size">Gr&ouml;&szlig;e</a></th>
<th><a href="' . page_link_to("admin_user") . '&OrderBy=Gekommen">Gekommen</a></th>
<th><a href="' . page_link_to("admin_user") . '&OrderBy=Aktiv">Aktiv</a></th>
<th><a href="' . page_link_to("admin_user") . '&OrderBy=Tshirt">T-Shirt</a></th>
<th><a href="' . page_link_to("admin_user") . '&OrderBy=CreateDate">Registrier</a></th>
<th>&Auml;nd.</th>
</tr></thead>';
$Gekommen = 0;
$Active = 0;
$Tshirt = 0;
for ($n = 0; $n < $Zeilen; $n++) {
$title = "";
$user_groups = sql_select("SELECT * FROM `UserGroups` JOIN `Groups` ON (`Groups`.`UID` = `UserGroups`.`group_id`) WHERE `UserGroups`.`uid`=" . sql_escape(mysql_result($Erg, $n, "UID")) . " ORDER BY `Groups`.`Name`");
$groups = array ();
foreach ($user_groups as $user_group) {
$groups[] = $user_group['Name'];
}
$title .= 'Groups: ' . join(", ", $groups) . "<br />";
if (strlen(mysql_result($Erg, $n, "Telefon")) > 0)
$title .= "Tel: " . mysql_result($Erg, $n, "Telefon") . "<br />";
if (strlen(mysql_result($Erg, $n, "Handy")) > 0)
$title .= "Handy: " . mysql_result($Erg, $n, "Handy") . "<br />";
if (strlen(mysql_result($Erg, $n, "DECT")) > 0)
$title .= "DECT: <a href=\"./dect.php?custum=" . mysql_result($Erg, $n, "DECT") . "\">" .
mysql_result($Erg, $n, "DECT") . "</a><br />";
if (strlen(mysql_result($Erg, $n, "Hometown")) > 0)
$title .= "Hometown: " . mysql_result($Erg, $n, "Hometown") . "<br />";
if (strlen(mysql_result($Erg, $n, "lastLogIn")) > 0)
$title .= "Last login: " . date("Y-m-d H:i", mysql_result($Erg, $n, "lastLogIn")) . "<br />";
if (strlen(mysql_result($Erg, $n, "Art")) > 0)
$title .= "Type: " . mysql_result($Erg, $n, "Art") . "<br />";
if (strlen(mysql_result($Erg, $n, "ICQ")) > 0)
$title .= "ICQ: " . mysql_result($Erg, $n, "ICQ") . "<br />";
if (strlen(mysql_result($Erg, $n, "jabber")) > 0)
$title .= "jabber: " . mysql_result($Erg, $n, "jabber") . "<br />";
$html .= "<tr class=\"content\">\n";
$html .= "\t<td>" . mysql_result($Erg, $n, "Nick") . "</td>\n";
$html .= "\t<td>" . mysql_result($Erg, $n, "Vorname") . " " . mysql_result($Erg, $n, "Name") . "</td>\n";
$html .= "\t<td>" . mysql_result($Erg, $n, "Alter") . "</td>\n";
$html .= "\t<td>";
if (strlen(mysql_result($Erg, $n, "email")) > 0)
$html .= "<a href=\"mailto:" . mysql_result($Erg, $n, "email") . "\">" .
mysql_result($Erg, $n, "email") . "</a>";
$html .= '<div class="hidden">' . $title . '</div>';
$html .= "</td>\n";
$html .= "\t<td>" . mysql_result($Erg, $n, "Size") . "</td>\n";
$Gekommen += mysql_result($Erg, $n, "Gekommen");
$html .= "\t<td>" . mysql_result($Erg, $n, "Gekommen") . "</td>\n";
$Active += mysql_result($Erg, $n, "Aktiv");
$html .= "\t<td>" . mysql_result($Erg, $n, "Aktiv") . "</td>\n";
$Tshirt += mysql_result($Erg, $n, "Tshirt");
$html .= "\t<td>" . mysql_result($Erg, $n, "Tshirt") . "</td>\n";
$html .= "<td>" . mysql_result($Erg, $n, "CreateDate") . "</td>";
$html .= "\t<td>" . '<a href="' . page_link_to("admin_user") . '&id=' . mysql_result($Erg, $n, "UID") . '">Edit</a>' .
"</td>\n";
$html .= "</tr>\n";
}
$html .= "<tr>" .
"<td></td><td></td><td></td><td></td><td></td>" .
"<td>$Gekommen</td><td>$Active</td><td>$Tshirt</td><td></td><td></td></tr>\n";
$html .= "\t</table>\n";
// Ende Userliste
$html .= "<hr /><h2>Statistics</h2>";
$html .= funktion_db_element_list_2row("Hometown", "SELECT COUNT(`Hometown`), `Hometown` FROM `User` GROUP BY `Hometown`");
$html .= "<br />\n";
$html .= funktion_db_element_list_2row("Engeltypen", "SELECT COUNT(`Art`), `Art` FROM `User` GROUP BY `Art`");
$html .= "<br />\n";
$html .= funktion_db_element_list_2row("Used Groups", "SELECT Groups.Name AS 'GroupName', COUNT(Groups.Name) AS Count FROM `UserGroups` " .
"LEFT JOIN `Groups` ON Groups.UID = UserGroups.group_id " .
"WHERE (UserGroups.group_id!='NULL') " .
"GROUP BY `GroupName` " .
"");
}
$html .= "<tr>" .
"<td></td><td></td><td></td><td></td><td></td>" .
"<td>$Gekommen</td><td>$Active</td><td>$Tshirt</td><td></td><td></td></tr>\n";
$html .= "\t</table>\n";
// Ende Userliste
$html .= "<hr /><h2>Statistics</h2>";
$html .= funktion_db_element_list_2row("Hometown", "SELECT COUNT(`Hometown`), `Hometown` FROM `User` GROUP BY `Hometown`");
$html .= "<br />\n";
$html .= funktion_db_element_list_2row("Engeltypen", "SELECT COUNT(`Art`), `Art` FROM `User` GROUP BY `Art`");
$html .= "<br />\n";
$html .= funktion_db_element_list_2row("Used Groups", "SELECT Groups.Name AS 'GroupName', COUNT(Groups.Name) AS Count FROM `UserGroups` " .
"LEFT JOIN `Groups` ON Groups.UID = UserGroups.group_id " .
"WHERE (UserGroups.group_id!='NULL') " .
"GROUP BY `GroupName` " .
"");
return $html;
}
?>

2
includes/sys_template.php
View File

@ -18,7 +18,7 @@ function template_render($file, $data) {
function html_options($name, $options, $selected = "") {
$html = "";
foreach ($options as $value => $label)
$html .= '<input type="radio"' . ($value == $selected ? ' selected="selected"' : '') . ' name="' . $name . '" value="' . $value . '"> ' . $label;
$html .= '<input type="radio"' . ($value == $selected ? ' checked="checked"' : '') . ' name="' . $name . '" value="' . $value . '"> ' . $label;
return $html;
}

11
includes/sys_user.php
View File

@ -86,13 +86,10 @@ function displayavatar($UID, $height = "30") {
if (GetPicturShow($UID) == 'Y')
return "&nbsp;" . displayPictur($UID, $height);
// show avator
$asql = "select * from User where UID = $UID";
$aerg = mysql_query($asql, $con);
if (mysql_num_rows($aerg))
if (mysql_result($aerg, 0, "Avatar") > 0)
return'<div class="avatar">'. ("&nbsp;<img src=\"" . $url . $ENGEL_ROOT . "pic/avatar/avatar" . mysql_result($aerg, 0, "Avatar") . ".gif\">").'</div>';
$user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($UID) . " LIMIT 1");
if (count($user) > 0)
if ($user[0]['Avatar'] > 0)
return '<div class="avatar">' . ("&nbsp;<img src=\"pic/avatar/avatar" . $user[0]['Avatar'] . ".gif\">") . '</div>';
}
function UIDgekommen($UID) {

1
txt/TODO
View File

@ -4,7 +4,6 @@ jetzt:
* schichtadministration
* meine schichten
* schichten
* meetings
* weckservice?
später:

133
www-ssl/admin/userChangeNormal.php
View File

@ -1,133 +0,0 @@
<?php
require_once ('../bootstrap.php');
$title = "User-Liste";
$header = "Editieren der Engelliste";
include ("includes/header.php");
include ("includes/funktion_db_list.php");
if (IsSet ($_GET["enterUID"])) {
// UserID wurde mit uebergeben --> Aendern...
echo "Hallo,<br />" .
"hier kannst du den Eintrag &auml;ndern. Unter dem Punkt 'Gekommen' " .
"wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, " .
"dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. " .
"Wenn T-Shirt ein 'Ja' enth&auml;lt, bedeutet dies, dass der Engel " .
"bereits sein T-Shirt erhalten hat.<br /><br />\n";
echo "<form action=\"./userSaveNormal.php?action=change\" method=\"POST\">\n";
echo "<table border=\"0\">\n";
echo "<input type=\"hidden\" name=\"Type\" value=\"Normal\">\n";
$SQL = "SELECT * FROM `User` WHERE `UID`='" . $_GET["enterUID"] . "'";
$Erg = mysql_query($SQL, $con);
if (mysql_num_rows($Erg) != 1)
echo "<tr><td>Sorry, der Engel (UID=" . $_GET["enterUID"] .
") wurde in der Liste nicht gefunden.</td></tr>";
else {
echo "<tr><td>\n";
echo "<table>\n";
echo " <tr><td>Nick</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eNick\" value=\"" .
mysql_result($Erg, 0, "Nick") . "\"></td></tr>\n";
echo " <tr><td>lastLogIn</td><td>" .
"<input type=\"text\" size=\"20\" name=\"elastLogIn\" value=\"" .
mysql_result($Erg, 0, "lastLogIn") . "\" disabled></td></tr>\n";
echo " <tr><td>Name</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eName\" value=\"" .
mysql_result($Erg, 0, "Name") . "\"></td></tr>\n";
echo " <tr><td>Vorname</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eVorname\" value=\"" .
mysql_result($Erg, 0, "Vorname") . "\"></td></tr>\n";
echo " <tr><td>Alter</td><td>" .
"<input type=\"text\" size=\"5\" name=\"eAlter\" value=\"" .
mysql_result($Erg, 0, "Alter") . "\"></td></tr>\n";
echo " <tr><td>Telefon</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eTelefon\" value=\"" .
mysql_result($Erg, 0, "Telefon") . "\"></td></tr>\n";
echo " <tr><td>Handy</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eHandy\" value=\"" .
mysql_result($Erg, 0, "Handy") . "\"></td></tr>\n";
echo " <tr><td>DECT</td><td>" .
"<input type=\"text\" size=\"4\" name=\"eDECT\" value=\"" .
mysql_result($Erg, 0, "DECT") . "\"></td></tr>\n";
echo " <tr><td>email</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eemail\" value=\"" .
mysql_result($Erg, 0, "email") . "\"></td></tr>\n";
echo " <tr><td>ICQ</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eICQ\" value=\"" .
mysql_result($Erg, 0, "ICQ") . "\"></td></tr>\n";
echo " <tr><td>jabber</td><td>" .
"<input type=\"text\" size=\"40\" name=\"ejabber\" value=\"" .
mysql_result($Erg, 0, "jabber") . "\"></td></tr>\n";
echo " <tr><td>Size</td><td>" .
"<input type=\"text\" size=\"5\" name=\"eSize\" value=\"" .
mysql_result($Erg, 0, "Size") . "\"></td></tr>\n";
echo " <tr><td>Passwort</td><td>" .
"<a href=\"./userSaveNormal.php?action=newpw&eUID=" .
mysql_result($Erg, 0, "UID") . "\">neues Kennwort setzen</a></td></tr>\n";
// Gekommen?
echo " <tr><td>Gekommen</td><td>\n";
echo " <input type=\"radio\" name=\"eGekommen\" value=\"0\"";
if (mysql_result($Erg, 0, "Gekommen") == '0')
echo " checked";
echo ">No \n";
echo " <input type=\"radio\" name=\"eGekommen\" value=\"1\"";
if (mysql_result($Erg, 0, "Gekommen") == '1')
echo " checked";
echo ">Yes \n";
echo "</td></tr>\n";
// Aktiv?
echo " <tr><td>Aktiv</td><td>\n";
echo " <input type=\"radio\" name=\"eAktiv\" value=\"0\"";
if (mysql_result($Erg, 0, "Aktiv") == '0')
echo " checked";
echo ">No \n";
echo " <input type=\"radio\" name=\"eAktiv\" value=\"1\"";
if (mysql_result($Erg, 0, "Aktiv") == '1')
echo " checked";
echo ">Yes \n";
echo "</td></tr>\n";
// T-Shirt bekommen?
echo " <tr><td>T-Shirt</td><td>\n";
echo " <input type=\"radio\" name=\"eTshirt\" value=\"0\"";
if (mysql_result($Erg, 0, "Tshirt") == '0')
echo " checked";
echo ">No \n";
echo " <input type=\"radio\" name=\"eTshirt\" value=\"1\"";
if (mysql_result($Erg, 0, "Tshirt") == '1')
echo " checked";
echo ">Yes \n";
echo "</td></tr>\n";
echo " <tr><td>Hometown</td><td>" .
"<input type=\"text\" size=\"40\" name=\"Hometown\" value=\"" .
mysql_result($Erg, 0, "Hometown") . "\"></td></tr>\n";
echo "</table>\n</td><td valign=\"top\">" . displayavatar($_GET["enterUID"], FALSE) . "</td></tr>";
}
echo "</td></tr>\n";
echo "</table>\n<br />\n";
echo "<input type=\"hidden\" name=\"enterUID\" value=\"" . $_GET["enterUID"] . "\">\n";
echo "<input type=\"submit\" value=\"sichern...\">\n";
echo "</form>";
echo "<form action=\"./userSaveNormal.php?action=delete\" method=\"POST\">\n";
echo "<input type=\"hidden\" name=\"enterUID\" value=\"" . $_GET["enterUID"] . "\">\n";
echo "<input type=\"submit\" value=\"l&ouml;schen...\">\n";
echo "</form>";
echo "<hr>";
funktion_db_element_list_2row("Freeloader Shifts", "SELECT `Remove_Time`, `Length`, `Comment` FROM `ShiftFreeloader` WHERE UID=" . $_GET["enterUID"]);
}
include ("includes/footer.php");
?>

138
www-ssl/admin/userDefaultSetting.php
View File

@ -1,138 +0,0 @@
<?php
require_once ('../bootstrap.php');
$title = "Defalut User Setting";
$header = "Defalut User Setting";
include ("includes/header.php");
include ("includes/funktion_db_list.php");
echo "Hallo " . $_SESSION['Nick'] .
",<br />\nhier hast du die M&ouml;glichkeit, die Defaulteinstellungen f&uuml;r neue User einzustellen:<br /><br />\n";
echo "<table border=\"0\" class=\"border\">\n";
echo "\t<tr class=\"contenttopic\">\n";
echo "\t\t<th>Page</th>\n\t\t<th>Show</th>\n\t\t<th></th>\n";
echo "\t</tr>\n";
if (isset ($_GET["Field"]) && isset ($_GET["Default"]) && isset ($_GET["Send"])) {
switch ($_GET["Send"]) {
case "New" :
$SQL = "ALTER TABLE `UserCVS` ADD `" . $_GET["Field"] . "` " .
"CHAR( 1 ) DEFAULT '" . $_GET["Default"] . "' NOT NULL";
$Erg = db_query($SQL, "New user default setting");
if ($Erg == 1)
echo "<H2>Create " . $_GET["Field"] . " = " . $_GET["Default"] . " succesfull</h2>\n";
else
echo "<H2>Create " . $_GET["Field"] . " = " . $_GET["Default"] . " error...</h2>\n" .
"[" . mysql_error() . "]<br /><br />";
break;
case "Del" :
echo "\t<tr class=\"content\">\n";
echo "\t\t<form action=\"userDefaultSetting.php\">\n";
echo "\t\t\t<td><input name=\"Field\" type=\"text\" value=\"" . $_GET["Field"] . "\" readonly></td>\n";
echo "\t\t\t<td><input name=\"Default\" type=\"text\" value=\"" . $_GET["Default"] . "\" readonly></td>\n";
echo "\t\t\t<td><input type=\"submit\" name=\"Send\" value=\"Del sure\"></td>\n";
echo "\t\t</form>\n";
echo "\t</tr>\n";
break;
case "Del sure" :
$SQL = "ALTER TABLE `UserCVS` DROP `" . $_GET["Field"] . "` ";
$Erg = db_query($SQL, "del user default setting");
if ($Erg == 1)
echo "<H2>Delete " . $_GET["Field"] . " succesfull</h2>\n";
else
echo "<H2>Delete " . $_GET["Field"] . " error...</h2>\n" .
"[" . mysql_error() . "]<br /><br />";
break;
case "SetForAllUser" :
$SQL = "UPDATE `UserCVS` SET `" . $_GET["Field"] . "`='" . $_GET["Default"] . "' WHERE UID>0";
$Erg = db_query($SQL, "Set new user default setting for all user");
if ($Erg == 1)
echo "<H2>UPDATE " . $_GET["Field"] . " = " . $_GET["Default"] . " for all Users succesfull</h2>\n";
else
echo "<H2>UPDATE " . $_GET["Field"] . " = " . $_GET["Default"] . " for all Users error...</h2>\n" .
"[" . mysql_error() . "]<br /><br />";
case "Save" :
$SQL = "ALTER TABLE `UserCVS` CHANGE `" . $_GET["Field"] . "` " .
"`" . $_GET["Field"] . "` CHAR( 1 ) NOT NULL DEFAULT '" . $_GET["Default"] . "'";
$Erg = db_query($SQL, "Save user default setting");
if ($Erg == 1)
echo "<H2>Write " . $_GET["Field"] . " = " . $_GET["Default"] . " succesfull</h2>\n";
else
echo "<H2>Write " . $_GET["Field"] . " = " . $_GET["Default"] . " error...</h2>\n" .
"[" . mysql_error() . "]<br /><br />";
break;
} //SWITCH
} //IF(
$erg = mysql_query("SHOW COLUMNS FROM `UserCVS`");
echo mysql_error();
echo "\t<tr class=\"content\">\n";
echo "\t\t<form action=\"userDefaultSetting.php\">\n";
echo "\t\t\t<input name=\"Field\" type=\"hidden\" value=\GroupID\">\n";
echo "\t\t\t<td>Group</td>\n";
echo "\t\t\t<td><select name=\"GroupID\">";
$SQL_Group = "SELECT * FROM `UserGroups`";
$Erg_Group = mysql_query($SQL_Group, $con);
for ($n = 0; $n < mysql_num_rows($Erg_Group); $n++) {
$UID = mysql_result($Erg_Group, $n, "UID");
echo "\t<option value=\"$UID\"";
if (mysql_result($erg, 1, "Default") == $UID)
echo " selected";
echo ">" . mysql_result($Erg_Group, $n, "Name") . "</option>\n";
}
echo "</select></td>\n";
echo "\t\t\t<td><input type=\"submit\" name=\"Send\" value=\"Save\">\n";
echo "\t\t\t <input type=\"submit\" name=\"Send\" value=\"SetForAllUser\"></td>\n";
echo "\t\t</form>\n";
echo "\t</tr>\n";
for ($i = 2; $i < mysql_num_rows($erg); $i++) {
echo "\t<tr class=\"content\">\n";
echo "\t\t<form action=\"userDefaultSetting.php\">\n";
echo "\t\t\t<input name=\"Field\" type=\"hidden\" value=\"" . mysql_result($erg, $i, "Field") . "\">\n";
echo "\t\t\t<td>" . mysql_result($erg, $i, "Field") . "</td>\n";
echo "\t\t\t<td>\n";
echo "\t\t\t\t<input type=\"radio\" name=\"Default\" value=\"Y\"";
if (mysql_result($erg, $i, "Default") == "Y")
echo " checked";
echo ">allow\n";
echo "\t\t\t\t<input type=\"radio\" name=\"Default\" value=\"N\"";
if (mysql_result($erg, $i, "Default") == "N")
echo " checked";
echo ">denied\n";
echo "\t\t\t\t<input type=\"radio\" name=\"Default\" value=\"G\"";
if (mysql_result($erg, $i, "Default") == "G")
echo " checked";
echo ">group-setting\n";
echo "\t\t\t</td>\n";
echo "\t\t\t<td><input type=\"submit\" name=\"Send\" value=\"Save\">\n";
echo "\t\t\t <input type=\"submit\" name=\"Send\" value=\"Del\">\n";
echo "\t\t\t <input type=\"submit\" name=\"Send\" value=\"SetForAllUser\"></td>\n";
echo "\t\t</form>\n";
echo "\t</tr>\n";
}
echo "\t<tr class=\"content\">\n";
echo "\t\t<form action=\"userDefaultSetting.php\">\n";
echo "\t\t\t<input name=\"New\" type=\"hidden\" value=\"New\">\n";
echo "\t\t\t<td><input name=\"Field\" type=\"text\" value=\"new\"></td>\n";
echo "\t\t\t<td>\n";
echo "\t\t\t\t<input type=\"radio\" name=\"Default\" value=\"Y\">allow\n";
echo "\t\t\t\t<input type=\"radio\" name=\"Default\" value=\"N\">denied\n";
echo "\t\t\t\t<input type=\"radio\" name=\"Default\" value=\"G\" checked>group-setting\n";
echo "\t\t\t</td>\n";
echo "\t\t\t<td><input type=\"submit\" name=\"Send\" value=\"New\"></td>\n";
echo "\t\t</form>\n";
echo "\t</tr>\n";
echo "</table>\n";
include ("includes/footer.php");
?>

119
www-ssl/admin/userSaveNormal.php
View File

@ -1,119 +0,0 @@
<?php
require_once ('../bootstrap.php');
$title = "User-Liste";
$header = "Index";
include ("includes/header.php");
include ("includes/funktion_db_list.php");
include ("includes/crypt.php");
include ("includes/funktion_db.php");
if (IsSet ($_GET["action"])) {
SetHeaderGo2Back();
echo "Gesendeter Befehl: " . $_GET["action"] . "<br />";
switch ($_GET["action"]) {
case "change" :
if (IsSet ($_POST["enterUID"])) {
if ($_POST["Type"] == "Normal") {
$SQL = "UPDATE `User` SET ";
$SQL .= " `Nick` = '" . $_POST["eNick"] . "', `Name` = '" . $_POST["eName"] . "', " .
"`Vorname` = '" . $_POST["eVorname"] . "', " .
"`Telefon` = '" . $_POST["eTelefon"] . "', " .
"`Handy` = '" . $_POST["eHandy"] . "', " .
"`DECT` = '" . $_POST["eDECT"] . "', " .
"`email` = '" . $_POST["eemail"] . "', " .
"`ICQ` = '" . $_POST["eICQ"] . "', " .
"`jabber` = '" . $_POST["ejabber"] . "', " .
"`Size` = '" . $_POST["eSize"] . "', " .
"`Gekommen`= '" . $_POST["eGekommen"] . "', " .
"`Aktiv`= '" . $_POST["eAktiv"] . "', " .
"`Tshirt` = '" . $_POST["eTshirt"] . "', " .
"`Hometown` = '" . $_POST["Hometown"] . "' " .
"WHERE `UID` = '" . $_POST["enterUID"] .
"' LIMIT 1;";
echo "User-";
$Erg = db_query($SQL, "change user details");
if ($Erg == 1) {
echo "&Auml;nderung wurde gesichert...\n";
} else {
echo "Fehler beim speichern...\n(" . mysql_error($con) . ")";
}
} else
echo "<h1>Fehler: Unbekanter Type (" . $_POST["Type"] . ") <20>bergeben\n</h1>\n";
} else
echo "<h1>Fehler: UserID (enterUID) wurde nicht per POST <20>bergeben</h1>\n";
break;
case "delete" :
if (IsSet ($_POST["enterUID"])) {
echo "delate User...";
$SQL = "DELETE FROM `User` WHERE `UID`='" . $_POST["enterUID"] . "' LIMIT 1;";
$Erg = db_query($SQL, "User delete");
if ($Erg == 1) {
echo "&Auml;nderung wurde gesichert...\n";
} else {
echo "Fehler beim speichern...\n(" . mysql_error($con) . ")";
}
echo "<br />\ndelate UserCVS...";
$SQL2 = "DELETE FROM `UserCVS` WHERE `UID`='" . $_POST["enterUID"] . "' LIMIT 1;";
$Erg = db_query($SQL2, "User CVS delete");
if ($Erg == 1) {
echo "&Auml;nderung wurde gesichert...\n";
} else {
echo "Fehler beim speichern...\n(" . mysql_error($con) . ")";
}
echo "<br />\ndelate UserEntry...";
$SQL3 = "UPDATE `ShiftEntry` SET `UID`='0', `Comment`=NULL " .
"WHERE `UID`='" . $_POST["enterUID"] . "';";
$Erg = db_query($SQL3, "delate UserEntry");
if ($Erg == 1) {
echo "&Auml;nderung wurde gesichert...\n";
} else {
echo "Fehler beim speichern...\n(" . mysql_error($con) . ")";
}
}
break;
case "newpw" :
echo "Bitte neues Kennwort f&uuml;r <b>";
// Get Nick
$USQL = "SELECT * FROM `User` WHERE `UID`='" . $_GET["eUID"] . "'";
$Erg = mysql_query($USQL, $con);
echo mysql_result($Erg, 0, "Nick");
echo "</b> eingeben:<br />";
echo "<form action=\"./userSaveNormal.php?action=newpwsave\" method=\"POST\">\n";
echo "<input type=\"Password\" name=\"ePasswort\">";
echo "<input type=\"Password\" name=\"ePasswort2\">";
echo "<input type=\"hidden\" name=\"eUID\" value=\"" . $_GET["eUID"] . "\">";
echo "<input type=\"submit\" value=\"sichern...\">\n";
echo "</form>";
break;
case "newpwsave" :
if ($_POST["ePasswort"] == $_POST["ePasswort2"]) { // beide Passwoerter passen...
$_POST["ePasswort"] = PassCrypt($_POST["ePasswort"]);
$SQL = "UPDATE `User` SET `Passwort`='" . $_POST["ePasswort"] . "' " .
"WHERE `UID`='" . $_POST["eUID"] . "'";
$Erg = db_query($SQL, "User new passwort");
if ($Erg == 1) {
echo "&Auml;nderung wurde gesichert...\n";
} else {
echo "Fehler beim speichern...\n(" . mysql_error($con) . ")";
}
} else
echo "Das Passwort wurde nicht &uuml;bereinstimmend eingegeben!";
break;
} // end switch
// ende - Action ist gesetzt
} else {
// kein Action gesetzt -> abbruch
echo "Unzul&auml;ssiger Aufruf.<br />Bitte neu editieren...";
}
include ("includes/footer.php");
?>