Einchecken des OnlineStands
This commit is contained in:
100
.actions/portal_actions.php
Normal file
100
.actions/portal_actions.php
Normal file
@@ -0,0 +1,100 @@
|
||||
<?php
|
||||
|
||||
/* Anmelden */
|
||||
if ( isset ( $_POST[ 'siteId' ] ) && $_POST[ 'siteId' ] === 'checkLogin' && isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'checkLogin' )
|
||||
{
|
||||
/* Nur nicht gelöschte Benutzer */
|
||||
$result = $db -> query ( 'SELECT * FROM ' . TBL_USER . ' WHERE userUsername = "' . $_POST[ 'userName' ] . '" AND userPasswordCrypt = "' . md5 ( $_POST[ 'passWord' ] ) . '" AND userDelete = "N";' );
|
||||
if ( $result -> num_rows === 0 )
|
||||
{
|
||||
/* Fehlerhafte Benutzeranmeldung */
|
||||
$arrError[ ] = 'login_001';
|
||||
fnc_writeLog ( '00000001' , array ( $_SERVER[ 'REMOTE_ADDR' ] , $_POST[ 'userName' ] ) , 0 );
|
||||
}
|
||||
else
|
||||
{
|
||||
$dat_user = $result -> fetch_assoc ( );
|
||||
if ( $dat_user[ 'userActive' ] === 'N' )
|
||||
{
|
||||
/* User ist deaktiviert */
|
||||
$arrError[ ] = 'login_002';
|
||||
fnc_writeLog ( '00000002' , array ( ) , $dat_user[ 'userId' ] );
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Anmeldung erfolgreich und Prüfung, ob Passwort geändert werden muss */
|
||||
/* Bearbeitungsrechte abfragen */
|
||||
$editingRights = $db -> query ( 'SELECT * FROM ' . TBL_RIGHTS . ' WHERE userId = "' . $dat_user[ 'userId' ] . '";' );
|
||||
|
||||
$_SESSION[ 'sess_userId' ] = $dat_user[ 'userId' ];
|
||||
$_SESSION[ 'sess_loginDate' ] = date( 'YmdHis' );
|
||||
$_SESSION[ 'sess_loginStatus' ] = ( $dat_user[ 'userPasswordOrgCrypt' ] === $dat_user[ 'userPasswordCrypt' ] )
|
||||
? 'changePW'
|
||||
: 'loggedIn';
|
||||
$_SESSION[ 'sess_sessionId' ] = session_id( );
|
||||
$_SESSION[ 'sess_sessionName' ] = session_name( );
|
||||
$_SESSION[ 'sess_loginLang' ] = 'de';
|
||||
$_SESSION[ 'sess_portalRightsType' ] = $dat_user[ 'userPortalRightsType' ];
|
||||
$_SESSION[ 'sess_portalRights' ] = explode ( ';' , $dat_user[ 'userPortalRights' ] );
|
||||
while ( $singleRights = $editingRights -> fetch_assoc ( ) )
|
||||
{
|
||||
$_SESSION[ 'sess_' . $singleRights[ 'rightsPrefix' ] . 'Type' ] = $singleRights[ 'rightsType' ];
|
||||
$_SESSION[ 'sess_' . $singleRights[ 'rightsPrefix' ] ] = $singleRights[ 'rights' ];
|
||||
}
|
||||
|
||||
if ( $dat_user[ 'userPasswordOrgCrypt' ] === $dat_user[ 'userPasswordCrypt' ] )
|
||||
{
|
||||
$_GET[ 'siteId' ] = 'changePW';
|
||||
fnc_writeLog ( '00000005' , array ( ) , $dat_user[ 'userId' ] );
|
||||
}
|
||||
else
|
||||
{
|
||||
$_GET[ 'siteId' ] = '1';
|
||||
fnc_writeLog ( '00000003' , array ( ) , $dat_user[ 'userId' ] );
|
||||
}
|
||||
|
||||
header( 'Location: index.php?siteId=' . $_GET[ 'siteId' ] );
|
||||
die( );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Abmelden */
|
||||
if ( isset ( $_GET[ 'siteId' ] ) && $_GET[ 'siteId' ] === 'logout' )
|
||||
{
|
||||
if ( isset ( $_SESSION[ 'sess_userId' ] ) )
|
||||
{
|
||||
fnc_writeLog ( '00000004' , array ( ) , $_SESSION[ 'sess_userId' ] );
|
||||
}
|
||||
session_destroy( );
|
||||
header( 'Location: index.php?siteId=login' );
|
||||
die( );
|
||||
}
|
||||
|
||||
/* Passwort ändern */
|
||||
if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'changePW' )
|
||||
{
|
||||
if ( $_POST[ 'newPassWord' ] !== $_POST[ 'passWordRepeat' ] )
|
||||
{
|
||||
$arrError[ ] = 'pw_001';
|
||||
}
|
||||
else
|
||||
{
|
||||
$result = $db -> query ( 'SELECT * FROM ' . TBL_USER . ' WHERE userUsername = "' . $_POST[ 'userName' ] . '" AND userPasswordOrg = "' . $_POST[ 'passWord' ] . '" AND userDelete = "N";' );
|
||||
if ( $result -> num_rows === 0 )
|
||||
{
|
||||
$arrError[ ] = 'login_001';
|
||||
}
|
||||
else
|
||||
{
|
||||
$_SESSION[ 'sess_loginStatus' ] = 'loggedIn';
|
||||
$user = $result -> fetch_assoc ( );
|
||||
$db -> query ( 'UPDATE ' . TBL_USER . ' SET userPasswordCrypt = "' . md5 ( $_POST[ 'newPassWord' ] ) . '" WHERE userId = "' . $user[ 'userId' ] . '" LIMIT 1;' );
|
||||
fnc_writeLog ( '00000016' , array ( fnc_getUsernameById ( $user[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
|
||||
header( 'Location:index.php?siteId=1' );
|
||||
die( );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
151
.actions/usermanagement_actions.php
Normal file
151
.actions/usermanagement_actions.php
Normal file
@@ -0,0 +1,151 @@
|
||||
<?php
|
||||
|
||||
if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'disableUser' )
|
||||
{
|
||||
$db -> query ( 'UPDATE ' . TBL_USER . ' SET userActive = "N" , userActiveUser = "' . $_SESSION[ 'sess_userId' ] . '" , userActiveTS = NOW( ) WHERE userId = "' . $_POST[ 'userId' ] . '" LIMIT 1;' );
|
||||
fnc_writeLog ( '00000011' , array ( fnc_getUsernameById ( $_POST[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
|
||||
header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
|
||||
die( );
|
||||
}
|
||||
|
||||
if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'enableUser' )
|
||||
{
|
||||
$db -> query ( 'UPDATE ' . TBL_USER . ' SET userActive = "Y" WHERE userId = "' . $_POST[ 'userId' ] . '" LIMIT 1;' );
|
||||
fnc_writeLog ( '00000012' , array ( fnc_getUsernameById ( $_POST[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
|
||||
header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
|
||||
die( );
|
||||
}
|
||||
|
||||
if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'deleteUser' )
|
||||
{
|
||||
$db -> query ( 'UPDATE ' . TBL_USER . ' SET userDelete = "Y" , userDeleteUser = "' . $_SESSION[ 'sess_userId' ] . '" , userDeleteTS = NOW( ) WHERE userId = "' . $_POST[ 'userId' ] . '" LIMIT 1;' );
|
||||
fnc_writeLog ( '00000014' , array ( fnc_getUsernameById ( $_POST[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
|
||||
header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
|
||||
die( );
|
||||
}
|
||||
|
||||
if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'resetPW' )
|
||||
{
|
||||
$status = fnc_sendEmailToUser ( '00000015' , $_POST[ 'userId' ] , $_SESSION[ 'sess_userId' ] );
|
||||
if ( $status === 'OK' )
|
||||
{
|
||||
$db -> query ( 'UPDATE ' . TBL_USER . ' SET userPasswordCrypt = "' . $_POST[ 'userPasswordOrgCrypt' ] . '" WHERE userId = "' . $_POST[ 'userId' ] . '" LIMIT 1;' );
|
||||
fnc_writeLog ( '00000015' , array ( fnc_getUsernameById ( $_POST[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
|
||||
header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
|
||||
die( );
|
||||
}
|
||||
else
|
||||
{
|
||||
$arrError[ ] = 'mail_001';
|
||||
}
|
||||
die( );
|
||||
}
|
||||
|
||||
if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'createUser' )
|
||||
{
|
||||
if ( ! isset ( $_POST[ 'user_portalRightsType' ] ) )
|
||||
{
|
||||
$_POST[ 'user_portalRightsType' ] = 'DEF';
|
||||
}
|
||||
$userPortalRights = ( $_POST[ 'user_portalRightsType' ] === 'ALL' || ! isset ( $_POST[ 'user_portalRights' ] ) )
|
||||
? ''
|
||||
: implode ( ';' , $_POST[ 'user_portalRights' ] );
|
||||
|
||||
if ( ! fnc_validateEmailAddress ( $_POST[ 'userEmail' ] ) )
|
||||
{
|
||||
$arrError[ ] = 'mail_002';
|
||||
}
|
||||
if ( ! fnc_checkUniqueEmailAddress ( $_POST[ 'userEmail' ] ) )
|
||||
{
|
||||
$arrError[ ] = 'mail_003';
|
||||
}
|
||||
|
||||
if ( isset ( $arrError ) && ! empty ( $arrError ) )
|
||||
{
|
||||
$_GET[ 'siteId' ] = $_POST[ 'siteId' ];
|
||||
$_GET[ 'todoId' ] = $_POST[ 'todoId' ];
|
||||
}
|
||||
else
|
||||
{
|
||||
$userName = fnc_generateUniqueUsername ( $_POST[ 'userLastname' ] , $_POST[ 'userFirstname' ] );
|
||||
$passWord = fnc_generatePW ( );
|
||||
$crypt = md5 ( $passWord );
|
||||
$insert = $db -> query ( 'INSERT INTO ' . TBL_USER . ' ( userUsername , userEmail , userPhone , userPasswordCrypt , userPasswordOrgCrypt , userPasswordOrg , userFirstname , userLastname , userCreateUser , userActive , userDelete , userPortalRightsType , userPortalRights ) VALUES ( "' . $userName . '" , "' . $_POST[ 'userEmail' ] . '" , "' . $_POST[ 'userPhone' ] . '" , "' . $crypt . '" , "' . $crypt . '" , "' . $passWord . '" , "' . $_POST[ 'userFirstname' ] . '" , "' . $_POST[ 'userLastname' ] . '" , "' . $_SESSION[ 'sess_userId' ] . '" , "Y" , "N" , "' . $_POST[ 'user_portalRightsType' ] . '" , "' . $userPortalRights . '" );' );
|
||||
$userId = $db -> insert_id;
|
||||
|
||||
foreach ( $vC[ 'portal' ][ 'website' ][ 'prefix' ] as $website )
|
||||
{
|
||||
if ( ! isset ( $_POST[ 'user' . $website . 'RightsType' ] ) )
|
||||
{
|
||||
$_POST[ 'user' . $website . 'RightsType' ] = 'DEF';
|
||||
}
|
||||
$userWebsiteRights = ( $_POST[ 'user_' . $website . 'RightsType' ] === 'ALL' || ! isset ( $_POST[ 'user_' . $website . 'Rights' ] ) )
|
||||
? ''
|
||||
: implode ( ';' , $_POST[ 'user' . $website . 'Rights' ] );
|
||||
|
||||
$db -> query ( 'INSERT INTO ' . TBL_RIGHTS . ' SET userId = "' . $userId . '" , rightsPrefix = "' . $website . '" , rightsType = "' . $_POST[ 'user_' . $website . 'RightsType' ] . '" , rights = "' . $userWebsiteRights . '";' );
|
||||
}
|
||||
|
||||
fnc_sendEmailToUser ( '00000010' , $userId , $_SESSION[ 'sess_userId' ] );
|
||||
fnc_writeLog ( '00000010' , array ( fnc_getUsernameById ( $userId ) ) , $_SESSION[ 'sess_userId' ] );
|
||||
header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
|
||||
die ( );
|
||||
}
|
||||
}
|
||||
|
||||
if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'editUser' )
|
||||
{
|
||||
if ( ! isset ( $_POST[ 'user_portalRightsType' ] ) )
|
||||
{
|
||||
$_POST[ 'user_portalRightsType' ] = 'DEF';
|
||||
}
|
||||
$userPortalRights = ( $_POST[ 'user_portalRightsType' ] === 'ALL' || ! isset ( $_POST[ 'user_portalRights' ] ) )
|
||||
? ''
|
||||
: implode ( ';' , $_POST[ 'user_portalRights' ] );
|
||||
|
||||
if ( ! fnc_validateEmailAddress ( $_POST[ 'userEmail' ] ) )
|
||||
{
|
||||
$arrError[ ] = 'mail_002';
|
||||
}
|
||||
if ( ! fnc_checkUniqueEmailAddress ( $_POST[ 'userEmail' ] , $_POST[ 'userId' ] ) )
|
||||
{
|
||||
$arrError[ ] = 'mail_003';
|
||||
}
|
||||
|
||||
if ( isset ( $arrError ) && ! empty ( $arrError ) )
|
||||
{
|
||||
$_GET[ 'siteId' ] = $_POST[ 'siteId' ];
|
||||
$_GET[ 'todoId' ] = $_POST[ 'todoId' ];
|
||||
$_GET[ 'userId' ] = $_POST[ 'userId' ];
|
||||
}
|
||||
else
|
||||
{
|
||||
$db -> query ( 'UPDATE ' . TBL_USER . ' SET userLastname = "' . $_POST[ 'userLastname' ] . '" , userFirstname = "' . $_POST[ 'userFirstname' ] . '" , userEmail = "' . $_POST[ 'userEmail' ] . '" , userPhone = "' . $_POST[ 'userPhone' ] . '" , userPortalRightsType = "' . $_POST[ 'user_portalRightsType' ] . '" , userPortalRights = "' . $userPortalRights . '" WHERE userId = "' . $_POST[ 'userId' ] . '" LIMIT 1;' );
|
||||
|
||||
foreach ( $vC[ 'portal' ][ 'website' ][ 'prefix' ] as $website )
|
||||
{
|
||||
if ( ! isset ( $_POST[ 'user_' . $website . 'RightsType' ] ) )
|
||||
{
|
||||
$_POST[ 'user_' . $website . 'RightsType' ] = 'DEF';
|
||||
}
|
||||
$userWebsiteRights = ( $_POST[ 'user_' . $website . 'RightsType' ] === 'ALL' || ! isset ( $_POST[ 'user_' . $website . 'Rights' ] ) )
|
||||
? ''
|
||||
: implode ( ';' , $_POST[ 'user_' . $website . 'Rights' ] );
|
||||
$rights = $db -> query ( 'SELECT * FROM ' . TBL_RIGHTS . ' WHERE userId = "' . $_POST[ 'userId' ] . '" AND rightsPrefix = "' . $website . '";' );
|
||||
if ( $rights -> num_rows === 0 )
|
||||
{
|
||||
$db -> query ( 'INSERT INTO ' . TBL_RIGHTS . ' SET userId = "' . $_POST[ 'userId' ] . '" , rightsPrefix = "' . $website . '" , rightsType = "' . $_POST[ 'user' . $website . 'RightsType' ] . '" , rights = "' . $userWebsiteRights . '";' );
|
||||
}
|
||||
else
|
||||
{
|
||||
$db -> query ( 'UPDATE ' . TBL_RIGHTS . ' SET rightsType = "' . $_POST[ 'user_' . $website . 'RightsType' ] . '" , rights = "' . $userWebsiteRights . '" WHERE userId = "' . $_POST[ 'userId' ] . '" AND rightsPrefix = "' . $website . '";' );
|
||||
}
|
||||
}
|
||||
|
||||
fnc_writeLog ( '00000013' , array ( fnc_getUsernameById ( $_POST[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
|
||||
header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
|
||||
die ( );
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
Reference in New Issue
Block a user