You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
119 lines
3.0 KiB
PHP
119 lines
3.0 KiB
PHP
<?PHP
|
|
|
|
$title = "User-Liste";
|
|
$header = "Index";
|
|
include ("./inc/header.php");
|
|
include ("./inc/funktion_db_list.php");
|
|
include ("./inc/crypt.php");
|
|
|
|
if (IsSet($action))
|
|
{
|
|
|
|
function SQLExec( $SQL )
|
|
{
|
|
global $con;
|
|
|
|
$Erg = mysql_query($SQL, $con);
|
|
if ($Erg == 1) {
|
|
echo "Änderung wurde gesichert...\n";
|
|
} else {
|
|
echo "Fehler beim speichern...\n";
|
|
}
|
|
|
|
}
|
|
|
|
SetHeaderGo2Back();
|
|
echo "Gesendeter Befehl: $action<br>";
|
|
|
|
switch ($action) {
|
|
|
|
case "change":
|
|
if (IsSet($enterUID))
|
|
{
|
|
if ($Type == "Normal")
|
|
{
|
|
$SQL = "UPDATE `User` SET ";
|
|
$SQL.= " `Nick` = '$eNick', `Name` = '$eName', `Vorname` = '$eVorname', ".
|
|
"`Telefon` = '$eTelefon', `Handy` = '$eHandy', `DECT` = '$eDECT', ".
|
|
"`email` = '$eemail', `Size` = '$eSize', ".
|
|
"`Gekommen`= '$eGekommen', `Aktiv`= '$eAktiv', ".
|
|
"`Tshirt` = '$eTshirt' ";
|
|
$SQL.= "WHERE `UID` = '$enterUID' LIMIT 1;";
|
|
echo "User-";
|
|
SQLExec( $SQL );
|
|
}
|
|
if ($Type == "Secure")
|
|
{
|
|
$SQL2 = "UPDATE `UserCVS` SET ";
|
|
$SQL_CVS = "SELECT * FROM `UserCVS` WHERE UID=$enterUID";
|
|
$Erg_CVS = mysql_query($SQL_CVS, $con);
|
|
$CVS_Data = mysql_fetch_array($Erg_CVS);
|
|
$CVS_Data_i = 1;
|
|
foreach ($CVS_Data as $CVS_Data_Name => $CVS_Data_Value)
|
|
{
|
|
if( ($CVS_Data_i+1)%2 && $CVS_Data_Name!="UID")
|
|
$SQL2.= "`$CVS_Data_Name` = '".$$CVS_Data_i."', ";
|
|
$CVS_Data_i++;
|
|
}
|
|
$SQL2 = substr( $SQL2, 0, strlen($SQL2)-2 );
|
|
$SQL2.= " WHERE `UID` = '$enterUID' LIMIT 1;";
|
|
echo "<br>Secure-";
|
|
SQLExec( $SQL2 );
|
|
}
|
|
}
|
|
break;
|
|
|
|
case "delete":
|
|
if (IsSet($enterUID))
|
|
{
|
|
$SQL="delete from `User` WHERE `UID` = '$enterUID' LIMIT 1;";
|
|
SQLExec( $SQL );
|
|
$SQL2="delete from `UserCVS` WHERE `UID` = '$enterUID' LIMIT 1;";
|
|
SQLExec( $SQL2 );
|
|
$SQL3="UPDATE `ShiftEntry` SET `UID` = '0', `Comment` = NULL ".
|
|
"WHERE `UID` = '$enterUID' LIMIT 1;";
|
|
SQLExec( $SQL3 );
|
|
}
|
|
break;
|
|
|
|
|
|
case "newpw":
|
|
echo "Bitte neues Kennwort für <b>";
|
|
// Get Nick
|
|
$USQL = "SELECT * FROM User where UID=$eUID";
|
|
$Erg = mysql_query($USQL, $con);
|
|
echo mysql_result($Erg, 0, "Nick");
|
|
echo "</b> eingeben:<br>";
|
|
echo "<form action=\"./user2.php\" method=\"POST\">\n";
|
|
echo "<input type=\"Password\" name=\"ePasswort\">";
|
|
echo "<input type=\"Password\" name=\"ePasswort2\">";
|
|
echo "<input type=\"hidden\" name=\"eUID\" value=\"$eUID\">";
|
|
echo "<input type=\"hidden\" name=\"action\" value=\"newpwsave\">\n";
|
|
echo "<input type=\"submit\" value=\"sichern...\">\n";
|
|
echo "</form>";
|
|
break;
|
|
|
|
case "newpwsave":
|
|
if ($ePasswort == $ePasswort2)
|
|
{ // beide Passwoerter passen...
|
|
$ePasswort = PassCrypt($ePasswort);
|
|
$SQL="UPDATE `User` SET `Passwort`='$ePasswort' where `UID` = '$eUID'";
|
|
SQLExec( $SQL );
|
|
}
|
|
else
|
|
echo "Das Passwort wurde nicht übereinstimmend eingegeben!";
|
|
break;
|
|
} // end switch
|
|
|
|
// ende - Action ist gesetzt
|
|
}
|
|
else
|
|
{
|
|
// kein Action gesetzt -> abbruch
|
|
echo "Unzulässiger Aufruf. Bitte neu editieren...";
|
|
}
|
|
|
|
include ("./inc/footer.php");
|
|
?>
|
|
|