admin groups
Philip Häusler
14 years ago
parent
c0b15dfe0d
commit
3afd05636e
@ -1,40 +0,0 @@
|
||||
<?php
|
||||
// Menue generieren
|
||||
function ShowMenu($MenuName) {
|
||||
global $MenueTableStart, $MenueTableEnd, $_SESSION, $debug, $url, $ENGEL_ROOT;
|
||||
$Gefunden = false;
|
||||
|
||||
// Ueberschift
|
||||
$Text = "";
|
||||
|
||||
// Eintraege
|
||||
foreach ($_SESSION['CVS'] as $Key => $Entry)
|
||||
if (strpos($Key, ".php") > 0)
|
||||
if ((strpos("00$Key", "0$MenuName") > 0) || ((strlen($MenuName) == 0) && (strpos("0$Key", "/") == 0))) {
|
||||
$TempName = Get_Text($Key, true);
|
||||
|
||||
if ((true || $debug) && ($TempName == ""))
|
||||
$TempName = "not found: \"$Key\"";
|
||||
|
||||
if ($Entry == "Y") {
|
||||
//zum absichtlkichen ausblenden von einträgen
|
||||
if (strlen($TempName) > 1) {
|
||||
//sonderfälle:
|
||||
|
||||
if ($Key == "admin/faq.php")
|
||||
$TempName .= " (" . noAnswer() . ")";
|
||||
elseif ($Key == "credits.php") continue;
|
||||
//ausgabe
|
||||
$Text .= "<li><a href=\"" . $url . $ENGEL_ROOT . $Key . "\">$TempName</a></li>\n";
|
||||
$Gefunden = true;
|
||||
}
|
||||
}
|
||||
elseif ($debug) {
|
||||
$Gefunden = true;
|
||||
$Text .= "<li>$TempName ($Key)</li>\n";
|
||||
}
|
||||
}
|
||||
if ($Gefunden)
|
||||
echo '<nav class="container"><h4>' . Get_Text("$MenuName/") . '</h4><ul class="content">' . $Text . '</ul></nav>';
|
||||
} //function ShowMenue
|
||||
?>
|
||||
@ -0,0 +1,73 @@
|
||||
<?php
|
||||
function admin_groups() {
|
||||
global $user;
|
||||
|
||||
$html = "";
|
||||
$groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`");
|
||||
if (!isset ($_REQUEST["action"])) {
|
||||
$groups_html = "";
|
||||
foreach ($groups as $group) {
|
||||
$groups_html .= '<tr>';
|
||||
$groups_html .= '<td>' . $group['Name'] . '</td>';
|
||||
$privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID']));
|
||||
$privileges_html = array ();
|
||||
foreach ($privileges as $priv)
|
||||
$privileges_html[] = $priv['name'];
|
||||
$groups_html .= '<td>' . join(", ", $privileges_html) . '</td>';
|
||||
$groups_html .= '<td><a href="' . page_link_to("admin_groups") . '&action=edit&id=' . $group['UID'] . '">Ändern</a></td>';
|
||||
$groups_html .= '</tr>';
|
||||
}
|
||||
|
||||
return template_render('../templates/admin_groups.html', array (
|
||||
'nick' => $user['Nick'],
|
||||
'groups' => $groups_html
|
||||
));
|
||||
} else {
|
||||
switch ($_REQUEST["action"]) {
|
||||
case 'edit' :
|
||||
if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
|
||||
$id = $_REQUEST['id'];
|
||||
else
|
||||
return error("Incomplete call, missing Groups ID.");
|
||||
|
||||
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
|
||||
if (count($room) > 0) {
|
||||
list ($room) = $room;
|
||||
$privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`");
|
||||
$privileges_html = "";
|
||||
foreach ($privileges as $priv)
|
||||
$privileges_html .= '<tr><td><input type="checkbox" name="privileges[]" value="' . $priv['id'] . '"' . ($priv['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $priv['name'] . '</td><td>' . $priv['desc'] . '</td></tr>';
|
||||
|
||||
$html .= template_render('../templates/admin_groups_edit_form.html', array (
|
||||
'link' => page_link_to("admin_groups"),
|
||||
'id' => $id,
|
||||
'privileges' => $privileges_html
|
||||
));
|
||||
} else
|
||||
return error("No Group found.");
|
||||
break;
|
||||
|
||||
case 'save' :
|
||||
if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
|
||||
$id = $_REQUEST['id'];
|
||||
else
|
||||
return error("Incomplete call, missing Groups ID.");
|
||||
|
||||
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
|
||||
if (!is_array($_REQUEST['privileges']))
|
||||
$_REQUEST['privileges'] = array ();
|
||||
if (count($room) > 0) {
|
||||
list ($room) = $room;
|
||||
sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id));
|
||||
foreach ($_REQUEST['privileges'] as $priv)
|
||||
if (preg_match("/^[0-9]{1,}$/", $priv) && sql_num_query("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv)) > 0)
|
||||
sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv));
|
||||
header("Location: " . page_link_to("admin_groups"));
|
||||
} else
|
||||
return error("No Group found.");
|
||||
break;
|
||||
}
|
||||
}
|
||||
return $html;
|
||||
}
|
||||
?>
|
||||
@ -0,0 +1,21 @@
|
||||
Hallo %nick%,
|
||||
<br/>
|
||||
hier hast du die Möglichkeit Gruppenrechte zu ändern:
|
||||
<table>
|
||||
<thead>
|
||||
<tr>
|
||||
<th>
|
||||
Name
|
||||
</th>
|
||||
<th>
|
||||
Rechte
|
||||
</th>
|
||||
<th>
|
||||
|
||||
</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
%groups%
|
||||
</tbody>
|
||||
</table>
|
||||
@ -0,0 +1,21 @@
|
||||
<form action="%link%&action=save" method="post">
|
||||
<table>
|
||||
<thead>
|
||||
<tr>
|
||||
<th>
|
||||
|
||||
</th>
|
||||
<th>
|
||||
Name
|
||||
</th>
|
||||
<th>
|
||||
Description
|
||||
</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
%privileges%
|
||||
</tbody>
|
||||
</table>
|
||||
<input type="hidden" name="id" value="%id%" /><input type="submit" name="submit" value="Save" />
|
||||
</form>
|
||||
@ -1,49 +0,0 @@
|
||||
<?php
|
||||
require_once ('../bootstrap.php');
|
||||
|
||||
$title = "User-Liste";
|
||||
$header = "Editieren der Engelliste";
|
||||
include ("includes/header.php");
|
||||
include ("includes/funktion_db_list.php");
|
||||
|
||||
if (!IsSet ($_GET["enterGID"])) {
|
||||
// Userliste, keine UID uebergeben...
|
||||
|
||||
$SQL = "SELECT * FROM `UserGroups` ORDER BY `Name` ASC";
|
||||
$Erg = mysql_query($SQL, $con);
|
||||
echo mysql_error($con);
|
||||
|
||||
// anzahl zeilen
|
||||
$Zeilen = mysql_num_rows($Erg);
|
||||
|
||||
echo "<table class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n";
|
||||
echo "<tr class=\"contenttopic\">\n";
|
||||
echo "\t<td>Groupname</td>\n";
|
||||
echo "\t<td>Link</td>\n";
|
||||
echo "</tr>\n";
|
||||
|
||||
for ($n = 0; $n < $Zeilen; $n++) {
|
||||
echo "<tr class=\"content\">\n";
|
||||
echo "\t<td>" . mysql_result($Erg, $n, "Name") . "</td>\n";
|
||||
|
||||
echo "<td><a href=\"./userChangeSecure.php?enterUID=" .
|
||||
mysql_result($Erg, $n, "UID") . "&Type=Secure\">change</a></td>\n";
|
||||
echo "</tr>\n";
|
||||
}
|
||||
|
||||
// new form
|
||||
echo "<tr class=\"content\">\n";
|
||||
echo "\t<form action=\"userSaveSecure.php?new=newGroup\" method=\"POST\">\n";
|
||||
echo "\t\t<td><input name=\"GroupName\" type=\"text\" value=\"--new group--\"></td>\n";
|
||||
echo "\t\t<td><input type=\"submit\" name=\"Send\" value=\"Save\"></td>\n";
|
||||
echo "\t</form>\n";
|
||||
echo "</tr>\n";
|
||||
|
||||
echo "\t</table>\n";
|
||||
// Ende Userliste
|
||||
}
|
||||
|
||||
include ("includes/footer.php");
|
||||
?>
|
||||
|
||||
|
||||
@ -1,124 +0,0 @@
|
||||
<?php
|
||||
require_once ('../bootstrap.php');
|
||||
|
||||
$title = "Himmel";
|
||||
$header = "";
|
||||
|
||||
include "includes/header.php";
|
||||
|
||||
if (!isset ($_GET["action"]))
|
||||
$_GET["action"] = "start";
|
||||
|
||||
switch ($_GET["action"]) {
|
||||
case "start" :
|
||||
echo Get_Text("Hello") . $_SESSION['Nick'] . ", <br />\n";
|
||||
echo Get_Text("pub_messages_text1") . "<br /><br />\n";
|
||||
|
||||
//show exist Messages
|
||||
$SQL = "SELECT * FROM `Messages` WHERE `SUID`='" . $_SESSION["UID"] . "' OR `RUID`='" . $_SESSION["UID"] . "'";
|
||||
$erg = mysql_query($SQL, $con);
|
||||
|
||||
echo "<table border=\"0\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n";
|
||||
echo "<tr>\n";
|
||||
echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Datum") . "</b></td>\n";
|
||||
echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Von") . "</b></td>\n";
|
||||
echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_An") . "</b></td>\n";
|
||||
echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Text") . "</b></td>\n";
|
||||
echo "<td class=\"contenttopic\"></td>\n";
|
||||
echo "</tr>\n";
|
||||
|
||||
for ($i = 0; $i < mysql_num_rows($erg); $i++) {
|
||||
echo "<tr class=\"content\">\n";
|
||||
echo "<td>" . mysql_result($erg, $i, "Datum") . "</td>\n";
|
||||
echo "<td>" . UID2Nick(mysql_result($erg, $i, "SUID")) . "</td>\n";
|
||||
echo "<td>" . UID2Nick(mysql_result($erg, $i, "RUID")) . "</td>\n";
|
||||
echo "<td>" . mysql_result($erg, $i, "Text") . "</td>\n";
|
||||
echo "<td>";
|
||||
|
||||
if (mysql_result($erg, $i, "RUID") == $_SESSION["UID"]) {
|
||||
echo "<a href=\"?action=DelMsg&Datum=" . mysql_result($erg, $i, "Datum") . "\">" . Get_Text("pub_messages_DelMsg") . "</a>";
|
||||
|
||||
if (mysql_result($erg, $i, "isRead") == "N")
|
||||
echo "<a href=\"?action=MarkRead&Datum=" . mysql_result($erg, $i, "Datum") . "\">" . Get_Text("pub_messages_MarkRead") . "</a>";
|
||||
} else {
|
||||
if (mysql_result($erg, $i, "isRead") == "N")
|
||||
echo Get_Text("pub_messages_NotRead");
|
||||
}
|
||||
|
||||
echo "</td>\n";
|
||||
echo "</tr>\n";
|
||||
}
|
||||
|
||||
// send Messeges
|
||||
echo "<form action=\"" . $_SERVER['SCRIPT_NAME'] . "?action=SendMsg\" method=\"POST\">";
|
||||
echo "<tr class=\"content\">\n";
|
||||
echo "<td></td>\n";
|
||||
echo "<td></td>\n";
|
||||
|
||||
// Listet alle Nicks auf
|
||||
echo "<td><select name=\"RUID\">\n";
|
||||
|
||||
$usql = "SELECT * FROM `User` WHERE (`UID`!='" . $_SESSION["UID"] . "') ORDER BY `Nick`";
|
||||
$uErg = mysql_query($usql, $con);
|
||||
$urowcount = mysql_num_rows($uErg);
|
||||
|
||||
for ($k = 0; $k < $urowcount; $k++) {
|
||||
echo "<option value=\"" . mysql_result($uErg, $k, "UID") . "\">" . mysql_result($uErg, $k, "Nick") . "</option>\n";
|
||||
}
|
||||
|
||||
echo "</select></td>\n";
|
||||
echo "<td><textarea name=\"Text\" cols=\"30\" rows=\"10\"></textarea></td>\n";
|
||||
echo "<td><input type=\"submit\" value=\"" . Get_Text("save") . "\"></td>\n";
|
||||
echo "</tr>\n";
|
||||
echo "</form>";
|
||||
|
||||
echo "</table>\n";
|
||||
break;
|
||||
|
||||
case "SendMsg" :
|
||||
echo Get_Text("pub_messages_Send1") . "...<br />\n";
|
||||
|
||||
$SQL = "INSERT INTO `Messages` ( `Datum` , `SUID` , `RUID` , `Text` ) VALUES (" .
|
||||
"'" . gmdate("Y-m-j H:i:s", time()) . "', " .
|
||||
"'" . $_SESSION["UID"] . "', " .
|
||||
"'" . $_POST["RUID"] . "', " .
|
||||
"'" . $_POST["Text"] . "');";
|
||||
|
||||
$Erg = mysql_query($SQL, $con);
|
||||
|
||||
if ($Erg == 1)
|
||||
echo Get_Text("pub_messages_Send_OK") . "\n";
|
||||
else
|
||||
echo Get_Text("pub_messages_Send_Error") . "...\n(" . mysql_error($con) . ")";
|
||||
break;
|
||||
|
||||
case "MarkRead" :
|
||||
$SQL = "UPDATE `Messages` SET `isRead` = 'Y' " .
|
||||
"WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID`='" . $_SESSION["UID"] . "' " .
|
||||
"LIMIT 1 ;";
|
||||
$Erg = mysql_query($SQL, $con);
|
||||
|
||||
if ($Erg == 1)
|
||||
echo Get_Text("pub_messages_MarkRead_OK") . "\n";
|
||||
else
|
||||
echo Get_Text("pub_messages_MarkRead_KO") . "...\n(" . mysql_error($con) . ")";
|
||||
break;
|
||||
|
||||
case "DelMsg" :
|
||||
$SQL = "DELETE FROM `Messages` " .
|
||||
"WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID` ='" . $_SESSION["UID"] . "' " .
|
||||
"LIMIT 1;";
|
||||
$Erg = mysql_query($SQL, $con);
|
||||
|
||||
if ($Erg == 1)
|
||||
echo Get_Text("pub_messages_DelMsg_OK") . "\n";
|
||||
else
|
||||
echo Get_Text("pub_messages_DelMsg_KO") . "...\n(" . mysql_error($con) . ")";
|
||||
break;
|
||||
|
||||
default :
|
||||
echo Get_Text("pub_messages_NoCommand");
|
||||
}
|
||||
|
||||
include "includes/footer.php";
|
||||
?>
|
||||
Loading…
Reference in New Issue