Einchecken des OnlineStands

2016-09-07 14:36:03 +00:00
parent feed788c84
commit 53295535eb
241 changed files with 69161 additions and 0 deletions
--- a/.actions/usermanagement_actions.php
+++ b/.actions/usermanagement_actions.php
@@ -0,0 +1,151 @@
+<?php
+
+	if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'disableUser' )
+		{
+			$db -> query ( 'UPDATE ' . TBL_USER . ' SET userActive = "N" , userActiveUser = "' . $_SESSION[ 'sess_userId' ] . '" , userActiveTS = NOW( ) WHERE userId = "' . $_POST[ 'userId' ] . '" LIMIT 1;' );
+			fnc_writeLog ( '00000011' , array ( fnc_getUsernameById ( $_POST[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
+			header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
+			die( );
+		}
+
+	if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'enableUser' )
+		{
+			$db -> query ( 'UPDATE ' . TBL_USER . ' SET userActive = "Y" WHERE userId = "' . $_POST[ 'userId' ] . '" LIMIT 1;' );
+			fnc_writeLog ( '00000012' , array ( fnc_getUsernameById ( $_POST[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
+			header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
+			die( );
+		}
+
+	if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'deleteUser' )
+		{
+			$db -> query ( 'UPDATE ' . TBL_USER . ' SET userDelete = "Y" , userDeleteUser = "' . $_SESSION[ 'sess_userId' ] . '" , userDeleteTS = NOW( ) WHERE userId = "' . $_POST[ 'userId' ] . '" LIMIT 1;' );
+			fnc_writeLog ( '00000014' , array ( fnc_getUsernameById ( $_POST[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
+			header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
+			die( );
+		}
+
+	if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'resetPW' )
+		{
+			$status	= fnc_sendEmailToUser ( '00000015' , $_POST[ 'userId' ] , $_SESSION[ 'sess_userId' ] );
+			if ( $status === 'OK' )
+				{
+					$db -> query ( 'UPDATE ' . TBL_USER . ' SET userPasswordCrypt = "' . $_POST[ 'userPasswordOrgCrypt' ] . '" WHERE userId = "' . $_POST[ 'userId' ] . '" LIMIT 1;' );
+					fnc_writeLog ( '00000015' , array ( fnc_getUsernameById ( $_POST[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
+					header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
+					die( );
+				}
+			else
+				{
+					$arrError[ ]	= 'mail_001';
+				}
+			die( );
+		}
+	
+	if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'createUser' )
+		{
+			if ( ! isset ( $_POST[ 'user_portalRightsType' ] ) )
+				{
+					$_POST[ 'user_portalRightsType' ]	= 'DEF';
+				}
+			$userPortalRights	= ( $_POST[ 'user_portalRightsType' ] === 'ALL' || ! isset ( $_POST[ 'user_portalRights' ] ) )
+								? ''
+								: implode ( ';' , $_POST[ 'user_portalRights' ] );
+				
+			if ( ! fnc_validateEmailAddress ( $_POST[ 'userEmail' ] ) )
+				{
+					$arrError[ ]	= 'mail_002';
+				}
+			if ( ! fnc_checkUniqueEmailAddress ( $_POST[ 'userEmail' ] ) )
+				{
+					$arrError[ ]	= 'mail_003';
+				}
+				
+			if ( isset ( $arrError ) && ! empty ( $arrError ) )
+				{
+					$_GET[ 'siteId' ]	= $_POST[ 'siteId' ];
+					$_GET[ 'todoId' ]	= $_POST[ 'todoId' ];
+				}
+			else
+				{
+					$userName	= fnc_generateUniqueUsername ( $_POST[ 'userLastname' ] , $_POST[ 'userFirstname' ] );
+					$passWord	= fnc_generatePW ( );
+					$crypt		= md5 ( $passWord );
+					$insert		= $db -> query ( 'INSERT INTO ' . TBL_USER . ' ( userUsername , userEmail , userPhone , userPasswordCrypt , userPasswordOrgCrypt , userPasswordOrg , userFirstname , userLastname , userCreateUser , userActive , userDelete , userPortalRightsType , userPortalRights ) VALUES ( "' . $userName . '" , "' . $_POST[ 'userEmail' ] . '" , "' . $_POST[ 'userPhone' ] . '" , "' . $crypt . '" , "' . $crypt . '" , "' . $passWord . '" , "' . $_POST[ 'userFirstname' ] . '" , "' . $_POST[ 'userLastname' ] . '" , "' . $_SESSION[ 'sess_userId' ] . '" , "Y" , "N" , "' . $_POST[ 'user_portalRightsType' ] . '" , "' . $userPortalRights . '" );' );
+					$userId		= $db -> insert_id;
+					
+					foreach ( $vC[ 'portal' ][ 'website' ][ 'prefix' ] as $website )
+						{
+							if ( ! isset ( $_POST[ 'user' . $website . 'RightsType' ] ) )
+								{
+									$_POST[ 'user' . $website . 'RightsType' ]	= 'DEF';
+								}
+							$userWebsiteRights	= ( $_POST[ 'user_' . $website . 'RightsType' ] === 'ALL' || ! isset ( $_POST[ 'user_' . $website . 'Rights' ] ) )
+												? ''
+												: implode ( ';' , $_POST[ 'user' . $website . 'Rights' ] );
+
+							$db -> query ( 'INSERT INTO ' . TBL_RIGHTS . ' SET userId = "' . $userId . '" , rightsPrefix = "' . $website . '" , rightsType = "' . $_POST[ 'user_' . $website . 'RightsType' ] . '" , rights = "' . $userWebsiteRights . '";' );
+						}
+						
+					fnc_sendEmailToUser ( '00000010' , $userId , $_SESSION[ 'sess_userId' ] );
+					fnc_writeLog ( '00000010' , array ( fnc_getUsernameById ( $userId ) ) , $_SESSION[ 'sess_userId' ] );
+					header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
+					die ( );
+				}
+		}
+		
+	if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'editUser' )
+		{
+			if ( ! isset ( $_POST[ 'user_portalRightsType' ] ) )
+				{
+					$_POST[ 'user_portalRightsType' ]	= 'DEF';
+				}
+			$userPortalRights	= ( $_POST[ 'user_portalRightsType' ] === 'ALL' || ! isset ( $_POST[ 'user_portalRights' ] ) )
+								? ''
+								: implode ( ';' , $_POST[ 'user_portalRights' ] );
+			
+			if ( ! fnc_validateEmailAddress ( $_POST[ 'userEmail' ] ) )
+				{
+					$arrError[ ]	= 'mail_002';
+				}
+			if ( ! fnc_checkUniqueEmailAddress ( $_POST[ 'userEmail' ] , $_POST[ 'userId' ] ) )
+				{
+					$arrError[ ]	= 'mail_003';
+				}
+			
+			if ( isset ( $arrError ) && ! empty ( $arrError ) )
+				{
+					$_GET[ 'siteId' ]	= $_POST[ 'siteId' ];
+					$_GET[ 'todoId' ]	= $_POST[ 'todoId' ];
+					$_GET[ 'userId' ]	= $_POST[ 'userId' ];
+				}
+			else
+				{
+					$db -> query ( 'UPDATE ' . TBL_USER . ' SET userLastname = "' . $_POST[ 'userLastname' ] . '" , userFirstname = "' . $_POST[ 'userFirstname' ] . '" , userEmail = "' . $_POST[ 'userEmail' ] . '" , userPhone = "' . $_POST[ 'userPhone' ] . '" , userPortalRightsType = "' . $_POST[ 'user_portalRightsType' ] . '" , userPortalRights = "' . $userPortalRights . '" WHERE userId = "' . $_POST[ 'userId' ] . '" LIMIT 1;' );
+					
+					foreach ( $vC[ 'portal' ][ 'website' ][ 'prefix' ] as $website )
+						{
+							if ( ! isset ( $_POST[ 'user_' . $website . 'RightsType' ] ) )
+								{
+									$_POST[ 'user_' . $website . 'RightsType' ]	= 'DEF';
+								}
+							$userWebsiteRights	= ( $_POST[ 'user_' . $website . 'RightsType' ] === 'ALL' || ! isset ( $_POST[ 'user_' . $website . 'Rights' ] ) )
+												? ''
+												: implode ( ';' , $_POST[ 'user_' . $website . 'Rights' ] );
+							$rights	= $db -> query ( 'SELECT * FROM ' . TBL_RIGHTS . ' WHERE userId = "' . $_POST[ 'userId' ] . '" AND rightsPrefix = "' . $website . '";' );
+							if ( $rights -> num_rows === 0 )
+								{
+									$db -> query ( 'INSERT INTO ' . TBL_RIGHTS . ' SET userId = "' . $_POST[ 'userId' ] . '" , rightsPrefix = "' . $website . '" , rightsType = "' . $_POST[ 'user' . $website . 'RightsType' ] . '" , rights = "' . $userWebsiteRights . '";' );
+								}
+							else
+								{
+									$db -> query ( 'UPDATE ' . TBL_RIGHTS . ' SET rightsType = "' . $_POST[ 'user_' . $website . 'RightsType' ] . '" , rights = "' . $userWebsiteRights . '" WHERE userId = "' . $_POST[ 'userId' ] . '" AND rightsPrefix = "' . $website . '";' );
+								}
+						}
+						
+					fnc_writeLog ( '00000013' , array ( fnc_getUsernameById ( $_POST[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
+					header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
+					die ( );
+				}
+		}
+
+?>