add more security groups and create groups

15 years ago · c6c14dc740
parent ec21c8ade1
commit c6c14dc740
6 changed files with 64 additions and 14 deletions
--- a/DB/UserCVS.sql
+++ b/DB/UserCVS.sql
@ -18,7 +18,7 @@
 DROP TABLE IF EXISTS `UserCVS`;
 CREATE TABLE `UserCVS` (
  `UID` int(11) NOT NULL default '0',
-  `GroupID` int(11) default NULL,
+  `GroupID` int(11) default '-2',
  `index.php` char(1) NOT NULL default 'G',
  `logout.php` char(1) NOT NULL default 'G',
  `faq.php` char(1) NOT NULL default 'G',
@ -47,7 +47,9 @@ CREATE TABLE `UserCVS` (
  `admin/schichtplan_druck.php` char(1) NOT NULL default 'G',
  `admin/user.php` char(1) NOT NULL default 'G',
  `admin/userChangeNormal.php` char(1) NOT NULL default 'G',
+  `admin/userSaveNormal.php` char(1) NOT NULL default 'G',
  `admin/userChangeSecure.php` char(1) NOT NULL default 'G',
+  `admin/userSaveSecure.php` char(1) NOT NULL default 'G',
  `admin/userSaveNormal.php` char(1) NOT NULL default 'G',
  `admin/userSaveSecure.php` char(1) NOT NULL default 'G',
  `admin/group.php` char(1) NOT NULL default 'G',
--- a/www-ssl/admin/group.php
+++ b/www-ssl/admin/group.php
@ -16,10 +16,10 @@ if (!IsSet($_GET["enterGID"]))
 	// anzahl zeilen
 	$Zeilen  = mysql_num_rows($Erg);

-	echo "<table width=\"100%\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n";
+	echo "<table class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n";
 	echo "<tr class=\"contenttopic\">\n";
 	echo "\t<td>Groupname</td>\n";
-	echo "\t<td>-</td>\n";
+	echo "\t<td>Link</td>\n";
 	echo "</tr>\n";

 	for ($n = 0 ; $n < $Zeilen ; $n++) {
@ -30,6 +30,15 @@ if (!IsSet($_GET["enterGID"]))
 			mysql_result($Erg, $n, "UID")."&Type=Secure\">change</a></td>\n";
 		echo "</tr>\n";
 	}
+	
+	// new form
+	echo "<tr class=\"content\">\n";
+	echo "\t<form action=\"userSaveSecure.php?new=newGroup\"  method=\"POST\">\n";
+	echo "\t\t<td><input name=\"GroupName\" type=\"text\" value=\"--new group--\"></td>\n";
+	echo "\t\t<td><input type=\"submit\" name=\"Send\" value=\"Save\"></td>\n";
+	echo "\t</form>\n";
+	echo "</tr>\n";
+
 	echo "\t</table>\n";
 	// Ende Userliste
 } 
--- a/www-ssl/admin/user.php
+++ b/www-ssl/admin/user.php
@ -11,8 +11,6 @@ if (!IsSet($_GET["enterUID"]))

 	echo "<a href=\"../makeuser.php\">Neuen Engel eintragen</a><br><br>\n";
 	
-	echo "\n<a href=\"./user.php?enterUID=-1&Type=Secure\">Edit logout User</a><br><br>\n";
-
 	if( !isset($_GET["OrderBy"]) ) $_GET["OrderBy"] = "Nick";
 	$SQL = "SELECT * FROM `User` ORDER BY `". $_GET["OrderBy"]. "` ASC";
 	$Erg = mysql_query($SQL, $con);
--- a/www-ssl/admin/userChangeSecure.php
+++ b/www-ssl/admin/userChangeSecure.php
@ -16,7 +16,7 @@ if (IsSet($_GET["enterUID"]))
 		"Wenn T-Shirt ein 'Ja' enth&auml;lt, bedeutet dies, dass der Engel ".
 		"bereits sein T-Shirt erhalten hat.<br><br>\n";

-	echo "<form action=\"./userChangeSecure.php?action=change\" method=\"POST\">\n";
+	echo "<form action=\"./userSaveSecure.php?action=change\" method=\"POST\">\n";
 	echo "<table border=\"0\">\n";
 	echo "<input type=\"hidden\" name=\"Type\" value=\"Secure\">\n";

--- a/www-ssl/admin/userSaveNormal.php
+++ b/www-ssl/admin/userSaveNormal.php
@ -9,7 +9,6 @@ include ("../../includes/funktion_db.php");

 if (IsSet($_GET["action"])) 
 {
-	
 	SetHeaderGo2Back();
 	echo "Gesendeter Befehl: ". $_GET["action"]. "<br>";

--- a/www-ssl/admin/userSaveSecure.php
+++ b/www-ssl/admin/userSaveSecure.php
@ -7,12 +7,20 @@ include ("../../includes/funktion_db_list.php");
 include ("../../includes/crypt.php");
 include ("../../includes/funktion_db.php");

-if (IsSet($_GET["action"])) 
+if( !IsSet($_POST["enterUID"]) ) 
+{
+	$Right = "N";
+} elseif( $_POST["enterUID"] > 0 ) {
+	$Right = $_SESSION['CVS'][ "admin/user.php"];
+} else {
+	$Right = $_SESSION['CVS'][ "admin/group.php"];
+}
+
+if ( ($Right=="Y") && IsSet($_GET["action"])) 
 {
-	
 	SetHeaderGo2Back();
 	echo "Gesendeter Befehl: ". $_GET["action"]. "<br>";
-
+	
 	switch ($_GET["action"]) 
 	{
 	case "change":
@ -31,7 +39,9 @@ if (IsSet($_GET["action"]))
 						if( $CVS_Data_Name == "GroupID")
 						{
 							if( $_POST["enterUID"] > 0 )
-								$SQL2.= "`$CVS_Data_Name` = ". $_POST["GroupID"].", ";
+								$SQL2.= "`$CVS_Data_Name` = '". $_POST["GroupID"]."', ";
+							else
+								$SQL2.= "`$CVS_Data_Name` = NULL, ";
 						} else {
 							$SQL2.= "`$CVS_Data_Name` = '". $_POST[$CVS_Data_i]."', ";
 						}
@ -90,9 +100,41 @@ if (IsSet($_GET["action"]))
 	} // end switch

 // ende - Action ist gesetzt 
-} 
-else 
-{
+} elseif ( IsSet($_GET["new"]) &&  ($_SESSION['CVS']["admin/group.php"]=="Y") ) {
+	echo "Gesendeter Befehl: ". $_GET["new"]. "<br>";
+	
+	switch ($_GET["new"]) 
+	{
+	case "newGroup":
+		echo "\tGenerate new Group ID...\n";
+		$SQLid="SELECT MIN(`UID`) FROM `UserCVS`;";
+		$Erg = mysql_query( $SQLid);
+		
+		if( mysql_num_rows($Erg) == 1) {
+			$NewId = mysql_result( $Erg, 0, 0)-1;
+			$SQLnew1 = "INSERT INTO `UserGroups` (`UID`, `Name`) VALUES ('$NewId', '". $_POST["GroupName"]. "' );";
+			$SQLnew2 = "INSERT INTO `UserCVS` (`UID`, `GroupID`) VALUES ('$NewId', NULL );";
+			echo "\t<br>Generate new UserGroup ...\n";
+			$ErgNew1 = db_query($SQLnew1, "create UserGroups Entry");
+			if ($ErgNew1 == 1) 
+			{
+				echo "\t<br>Generate new User rights...\n";
+				$ErgNew2 = db_query($SQLnew2, "UserCVS Entry");
+				if ($ErgNew1 == 1) {
+					echo "\t<br>New group was created.\n";
+				} else {
+					echo "Error on creation\n(". mysql_error($con). ")";
+				}
+			} else {
+				echo "Error on creation\n(". mysql_error($con). ")";
+			}
+
+		}
+
+		
+		break;
+	}
+} else {
 	// kein Action gesetzt -> abbruch
 	echo "Unzul&auml;ssiger Aufruf.<br>Bitte neu editieren...";
 }