iger
/
engelsystem
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix issue #34, edit rights of righless users

This commit is contained in:
Philip Häusler 2011-09-26 16:04:30 +02:00
parent 01463f0ac0
commit 8a5f510da2
3 changed files with 29 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
includes/pages/admin_user.php
View File

@ -117,11 +117,16 @@ function admin_user() {
$html .= "Hier kannst Du die Benutzergruppen des Engels festlegen:<form action=\"" . page_link_to("admin_user") . "&action=save_groups&id=" . $id . "\" method=\"post\">\n"; $html .= "Hier kannst Du die Benutzergruppen des Engels festlegen:<form action=\"" . page_link_to("admin_user") . "&action=save_groups&id=" . $id . "\" method=\"post\">\n";
$html .= '<table>'; $html .= '<table>';
list ($my_highest_group) = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($user['UID']) . " ORDER BY `uid`"); $my_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($user['UID']) . " ORDER BY `uid` LIMIT 1");
list ($his_highest_group) = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($id) . " ORDER BY `uid`"); if (count($my_highest_group) > 0)
$my_highest_group = $my_highest_group[0]['group_id'];
$his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($id) . " ORDER BY `uid` LIMIT 1");
if (count($his_highest_group) > 0)
$his_highest_group = $his_highest_group[0]['group_id'];
if ($id != $user['UID'] && $my_highest_group <= $his_highest_group) { if ($id != $user['UID'] && $my_highest_group <= $his_highest_group) {
$groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group['group_id']) . " ORDER BY `Groups`.`Name`"); $groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group) . " ORDER BY `Groups`.`Name`");
foreach ($groups as $group) foreach ($groups as $group)
$html .= '<tr><td><input type="checkbox" name="groups[]" value="' . $group['UID'] . '"' . ($group['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $group['Name'] . '</td></tr>'; $html .= '<tr><td><input type="checkbox" name="groups[]" value="' . $group['UID'] . '"' . ($group['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $group['Name'] . '</td></tr>';
@ -138,7 +143,7 @@ function admin_user() {
$html .= "</form>"; $html .= "</form>";
$html .= "<hr />"; $html .= "<hr />";
$html .= funktion_db_element_list_2row("Freeloader Shifts", "SELECT `Remove_Time`, `Length`, `Comment` FROM `ShiftFreeloader` WHERE UID=" . $_REQUEST['id']); //$html .= funktion_db_element_list_2row("Freeloader Shifts", "SELECT `Remove_Time`, `Length`, `Comment` FROM `ShiftFreeloader` WHERE UID=" . $_REQUEST['id']);
} else { } else {
switch ($_REQUEST['action']) { switch ($_REQUEST['action']) {
case 'save_groups' : case 'save_groups' :

2
includes/sys_auth.php
View File

@ -10,7 +10,7 @@ function load_auth() {
if ($_SESSION['IP'] != $_SERVER['REMOTE_ADDR']) { if ($_SESSION['IP'] != $_SERVER['REMOTE_ADDR']) {
session_destroy(); session_destroy();
header("Location: " . link_to_page($start)); header("Location: " . link_to_page('start'));
} }
$user = null; $user = null;

1
includes/sys_mysql.php
View File

@ -26,6 +26,7 @@ function sql_select($query) {
} }
return $data; return $data;
} else { } else {
print_r(debug_backtrace());
die('MySQL-query error: ' . $query . ", " . mysql_error($con)); die('MySQL-query error: ' . $query . ", " . mysql_error($con));
} }
} }