svj/website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Code-Formatierungen und Anpassungen an neue Editoren

Browse Source
This commit is contained in:
Christian Steinle
2016-09-12 22:24:04 +00:00
parent 5ca973cb00
commit 73c64c5f65
46 changed files with 5167 additions and 5374 deletions
Download Patch File Download Diff File Expand all files Collapse all files

186
.actions/portal_actions.php
View File

@@ -1,100 +1,98 @@
<?php
/* Anmelden */
if ( isset ( $_POST[ 'siteId' ] ) && $_POST[ 'siteId' ] === 'checkLogin' && isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'checkLogin' )
/* Anmelden */
if (isset ($_POST['siteId']) && $_POST['siteId'] === 'checkLogin' && isset ($_POST['formAction']) && $_POST['formAction'] === 'checkLogin')
{
/* Nur nicht gelöschte Benutzer */
$result = $db->query('SELECT * FROM ' . TBL_USER . ' WHERE userUsername = "' . $_POST['userName'] . '" AND userPasswordCrypt = "' . md5($_POST['passWord']) . '" AND userDelete = "N";');
if ($result->num_rows === 0)
{
/* Fehlerhafte Benutzeranmeldung */
$arrError[] = 'login_001';
fnc_writeLog('00000001', array($_SERVER['REMOTE_ADDR'], $_POST['userName']), 0);
}
else
{
$dat_user = $result->fetch_assoc();
if ($dat_user['userActive'] === 'N')
{
/* Nur nicht gelöschte Benutzer */
$result = $db -> query ( 'SELECT * FROM ' . TBL_USER . ' WHERE userUsername = "' . $_POST[ 'userName' ] . '" AND userPasswordCrypt = "' . md5 ( $_POST[ 'passWord' ] ) . '" AND userDelete = "N";' );
if ( $result -> num_rows === 0 )
{
/* Fehlerhafte Benutzeranmeldung */
$arrError[ ] = 'login_001';
fnc_writeLog ( '00000001' , array ( $_SERVER[ 'REMOTE_ADDR' ] , $_POST[ 'userName' ] ) , 0 );
}
else
{
$dat_user = $result -> fetch_assoc ( );
if ( $dat_user[ 'userActive' ] === 'N' )
{
/* User ist deaktiviert */
$arrError[ ] = 'login_002';
fnc_writeLog ( '00000002' , array ( ) , $dat_user[ 'userId' ] );
}
else
{
/* Anmeldung erfolgreich und Prüfung, ob Passwort geändert werden muss */
/* Bearbeitungsrechte abfragen */
$editingRights = $db -> query ( 'SELECT * FROM ' . TBL_RIGHTS . ' WHERE userId = "' . $dat_user[ 'userId' ] . '";' );
$_SESSION[ 'sess_userId' ] = $dat_user[ 'userId' ];
$_SESSION[ 'sess_loginDate' ] = date( 'YmdHis' );
$_SESSION[ 'sess_loginStatus' ] = ( $dat_user[ 'userPasswordOrgCrypt' ] === $dat_user[ 'userPasswordCrypt' ] )
? 'changePW'
: 'loggedIn';
$_SESSION[ 'sess_sessionId' ] = session_id( );
$_SESSION[ 'sess_sessionName' ] = session_name( );
$_SESSION[ 'sess_loginLang' ] = 'de';
$_SESSION[ 'sess_portalRightsType' ] = $dat_user[ 'userPortalRightsType' ];
$_SESSION[ 'sess_portalRights' ] = explode ( ';' , $dat_user[ 'userPortalRights' ] );
while ( $singleRights = $editingRights -> fetch_assoc ( ) )
{
$_SESSION[ 'sess_' . $singleRights[ 'rightsPrefix' ] . 'Type' ] = $singleRights[ 'rightsType' ];
$_SESSION[ 'sess_' . $singleRights[ 'rightsPrefix' ] ] = $singleRights[ 'rights' ];
}
if ( $dat_user[ 'userPasswordOrgCrypt' ] === $dat_user[ 'userPasswordCrypt' ] )
{
$_GET[ 'siteId' ] = 'changePW';
fnc_writeLog ( '00000005' , array ( ) , $dat_user[ 'userId' ] );
}
else
{
$_GET[ 'siteId' ] = '1';
fnc_writeLog ( '00000003' , array ( ) , $dat_user[ 'userId' ] );
}
header( 'Location: index.php?siteId=' . $_GET[ 'siteId' ] );
die( );
}
}
/* User ist deaktiviert */
$arrError[] = 'login_002';
fnc_writeLog('00000002', array(), $dat_user['userId']);
}
/* Abmelden */
if ( isset ( $_GET[ 'siteId' ] ) && $_GET[ 'siteId' ] === 'logout' )
else
{
if ( isset ( $_SESSION[ 'sess_userId' ] ) )
{
fnc_writeLog ( '00000004' , array ( ) , $_SESSION[ 'sess_userId' ] );
}
session_destroy( );
header( 'Location: index.php?siteId=login' );
die( );
}
/* Passwort ändern */
if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'changePW' )
{
if ( $_POST[ 'newPassWord' ] !== $_POST[ 'passWordRepeat' ] )
{
$arrError[ ] = 'pw_001';
}
else
{
$result = $db -> query ( 'SELECT * FROM ' . TBL_USER . ' WHERE userUsername = "' . $_POST[ 'userName' ] . '" AND userPasswordOrg = "' . $_POST[ 'passWord' ] . '" AND userDelete = "N";' );
if ( $result -> num_rows === 0 )
{
$arrError[ ] = 'login_001';
}
else
{
$_SESSION[ 'sess_loginStatus' ] = 'loggedIn';
$user = $result -> fetch_assoc ( );
$db -> query ( 'UPDATE ' . TBL_USER . ' SET userPasswordCrypt = "' . md5 ( $_POST[ 'newPassWord' ] ) . '" WHERE userId = "' . $user[ 'userId' ] . '" LIMIT 1;' );
fnc_writeLog ( '00000016' , array ( fnc_getUsernameById ( $user[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
header( 'Location:index.php?siteId=1' );
die( );
}
}
}
/* Anmeldung erfolgreich und Prüfung, ob Passwort geändert werden muss */
/* Bearbeitungsrechte abfragen */
$editingRights = $db->query('SELECT * FROM ' . TBL_RIGHTS . ' WHERE userId = "' . $dat_user['userId'] . '";');
?>
$_SESSION['sess_userId'] = $dat_user['userId'];
$_SESSION['sess_loginDate'] = date('YmdHis');
$_SESSION['sess_loginStatus'] = ($dat_user['userPasswordOrgCrypt'] === $dat_user['userPasswordCrypt'])
? 'changePW'
: 'loggedIn';
$_SESSION['sess_sessionId'] = session_id();
$_SESSION['sess_sessionName'] = session_name();
$_SESSION['sess_loginLang'] = 'de';
$_SESSION['sess_portalRightsType'] = $dat_user['userPortalRightsType'];
$_SESSION['sess_portalRights'] = explode(';', $dat_user['userPortalRights']);
while ($singleRights = $editingRights->fetch_assoc())
{
$_SESSION['sess_' . $singleRights['rightsPrefix'] . 'Type'] = $singleRights['rightsType'];
$_SESSION['sess_' . $singleRights['rightsPrefix']] = $singleRights['rights'];
}
if ($dat_user['userPasswordOrgCrypt'] === $dat_user['userPasswordCrypt'])
{
$_GET['siteId'] = 'changePW';
fnc_writeLog('00000005', array(), $dat_user['userId']);
}
else
{
$_GET['siteId'] = '1';
fnc_writeLog('00000003', array(), $dat_user['userId']);
}
header('Location: index.php?siteId=' . $_GET['siteId']);
die();
}
}
}
/* Abmelden */
if (isset ($_GET['siteId']) && $_GET['siteId'] === 'logout')
{
if (isset ($_SESSION['sess_userId']))
{
fnc_writeLog('00000004', array(), $_SESSION['sess_userId']);
}
session_destroy();
header('Location: index.php?siteId=login');
die();
}
/* Passwort ändern */
if (isset ($_POST['formAction']) && $_POST['formAction'] === 'changePW')
{
if ($_POST['newPassWord'] !== $_POST['passWordRepeat'])
{
$arrError[] = 'pw_001';
}
else
{
$result = $db->query('SELECT * FROM ' . TBL_USER . ' WHERE userUsername = "' . $_POST['userName'] . '" AND userPasswordOrg = "' . $_POST['passWord'] . '" AND userDelete = "N";');
if ($result->num_rows === 0)
{
$arrError[] = 'login_001';
}
else
{
$_SESSION['sess_loginStatus'] = 'loggedIn';
$user = $result->fetch_assoc();
$db->query('UPDATE ' . TBL_USER . ' SET userPasswordCrypt = "' . md5($_POST['newPassWord']) . '" WHERE userId = "' . $user['userId'] . '" LIMIT 1;');
fnc_writeLog('00000016', array(fnc_getUsernameById($user['userId'])), $_SESSION['sess_userId']);
header('Location:index.php?siteId=1');
die();
}
}
}

278
.actions/usermanagement_actions.php
View File

@@ -1,151 +1,149 @@
<?php
if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'disableUser' )
if (isset ($_POST['formAction']) && $_POST['formAction'] === 'disableUser')
{
$db->query('UPDATE ' . TBL_USER . ' SET userActive = "N" , userActiveUser = "' . $_SESSION['sess_userId'] . '" , userActiveTS = NOW( ) WHERE userId = "' . $_POST['userId'] . '" LIMIT 1;');
fnc_writeLog('00000011', array(fnc_getUsernameById($_POST['userId'])), $_SESSION['sess_userId']);
header('Location:index.php?siteId=' . $_POST['siteId']);
die();
}
if (isset ($_POST['formAction']) && $_POST['formAction'] === 'enableUser')
{
$db->query('UPDATE ' . TBL_USER . ' SET userActive = "Y" WHERE userId = "' . $_POST['userId'] . '" LIMIT 1;');
fnc_writeLog('00000012', array(fnc_getUsernameById($_POST['userId'])), $_SESSION['sess_userId']);
header('Location:index.php?siteId=' . $_POST['siteId']);
die();
}
if (isset ($_POST['formAction']) && $_POST['formAction'] === 'deleteUser')
{
$db->query('UPDATE ' . TBL_USER . ' SET userDelete = "Y" , userDeleteUser = "' . $_SESSION['sess_userId'] . '" , userDeleteTS = NOW( ) WHERE userId = "' . $_POST['userId'] . '" LIMIT 1;');
fnc_writeLog('00000014', array(fnc_getUsernameById($_POST['userId'])), $_SESSION['sess_userId']);
header('Location:index.php?siteId=' . $_POST['siteId']);
die();
}
if (isset ($_POST['formAction']) && $_POST['formAction'] === 'resetPW')
{
$status = fnc_sendEmailToUser('00000015', $_POST['userId'], $_SESSION['sess_userId']);
if ($status === 'OK')
{
$db->query('UPDATE ' . TBL_USER . ' SET userPasswordCrypt = "' . $_POST['userPasswordOrgCrypt'] . '" WHERE userId = "' . $_POST['userId'] . '" LIMIT 1;');
fnc_writeLog('00000015', array(fnc_getUsernameById($_POST['userId'])), $_SESSION['sess_userId']);
header('Location:index.php?siteId=' . $_POST['siteId']);
die();
}
else
{
$arrError[] = 'mail_001';
}
die();
}
if (isset ($_POST['formAction']) && $_POST['formAction'] === 'createUser')
{
if (!isset ($_POST['user_portalRightsType']))
{
$_POST['user_portalRightsType'] = 'DEF';
}
$userPortalRights = ($_POST['user_portalRightsType'] === 'ALL' || !isset ($_POST['user_portalRights']))
? ''
: implode(';', $_POST['user_portalRights']);
if (!fnc_validateEmailAddress($_POST['userEmail']))
{
$arrError[] = 'mail_002';
}
if (!fnc_checkUniqueEmailAddress($_POST['userEmail']))
{
$arrError[] = 'mail_003';
}
if (isset ($arrError) && !empty ($arrError))
{
$_GET['siteId'] = $_POST['siteId'];
$_GET['todoId'] = $_POST['todoId'];
}
else
{
$userName = fnc_generateUniqueUsername($_POST['userLastname'], $_POST['userFirstname']);
$passWord = fnc_generatePW();
$crypt = md5($passWord);
$insert = $db->query('INSERT INTO ' . TBL_USER . ' ( userUsername , userEmail , userPhone , userPasswordCrypt , userPasswordOrgCrypt , userPasswordOrg , userFirstname , userLastname , userCreateUser , userActive , userDelete , userPortalRightsType , userPortalRights ) VALUES ( "' . $userName . '" , "' . $_POST['userEmail'] . '" , "' . $_POST['userPhone'] . '" , "' . $crypt . '" , "' . $crypt . '" , "' . $passWord . '" , "' . $_POST['userFirstname'] . '" , "' . $_POST['userLastname'] . '" , "' . $_SESSION['sess_userId'] . '" , "Y" , "N" , "' . $_POST['user_portalRightsType'] . '" , "' . $userPortalRights . '" );');
$userId = $db->insert_id;
foreach ($vC['portal']['website']['prefix'] as $website)
{
$db -> query ( 'UPDATE ' . TBL_USER . ' SET userActive = "N" , userActiveUser = "' . $_SESSION[ 'sess_userId' ] . '" , userActiveTS = NOW( ) WHERE userId = "' . $_POST[ 'userId' ] . '" LIMIT 1;' );
fnc_writeLog ( '00000011' , array ( fnc_getUsernameById ( $_POST[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
die( );
if (!isset ($_POST['user' . $website . 'RightsType']))
{
$_POST['user' . $website . 'RightsType'] = 'DEF';
}
$userWebsiteRights = ($_POST['user_' . $website . 'RightsType'] === 'ALL' || !isset ($_POST['user_' . $website . 'Rights']))
? ''
: implode(';', $_POST['user' . $website . 'Rights']);
$db->query('INSERT INTO ' . TBL_RIGHTS . ' SET userId = "' . $userId . '" , rightsPrefix = "' . $website . '" , rightsType = "' . $_POST['user_' . $website . 'RightsType'] . '" , rights = "' . $userWebsiteRights . '";');
}
if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'enableUser' )
{
$db -> query ( 'UPDATE ' . TBL_USER . ' SET userActive = "Y" WHERE userId = "' . $_POST[ 'userId' ] . '" LIMIT 1;' );
fnc_writeLog ( '00000012' , array ( fnc_getUsernameById ( $_POST[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
die( );
}
fnc_sendEmailToUser('00000010', $userId, $_SESSION['sess_userId']);
fnc_writeLog('00000010', array(fnc_getUsernameById($userId)), $_SESSION['sess_userId']);
header('Location:index.php?siteId=' . $_POST['siteId']);
die ();
}
}
if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'deleteUser' )
{
$db -> query ( 'UPDATE ' . TBL_USER . ' SET userDelete = "Y" , userDeleteUser = "' . $_SESSION[ 'sess_userId' ] . '" , userDeleteTS = NOW( ) WHERE userId = "' . $_POST[ 'userId' ] . '" LIMIT 1;' );
fnc_writeLog ( '00000014' , array ( fnc_getUsernameById ( $_POST[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
die( );
}
if (isset ($_POST['formAction']) && $_POST['formAction'] === 'editUser')
{
if (!isset ($_POST['user_portalRightsType']))
{
$_POST['user_portalRightsType'] = 'DEF';
}
$userPortalRights = ($_POST['user_portalRightsType'] === 'ALL' || !isset ($_POST['user_portalRights']))
? ''
: implode(';', $_POST['user_portalRights']);
if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'resetPW' )
if (!fnc_validateEmailAddress($_POST['userEmail']))
{
$arrError[] = 'mail_002';
}
if (!fnc_checkUniqueEmailAddress($_POST['userEmail'], $_POST['userId']))
{
$arrError[] = 'mail_003';
}
if (isset ($arrError) && !empty ($arrError))
{
$_GET['siteId'] = $_POST['siteId'];
$_GET['todoId'] = $_POST['todoId'];
$_GET['userId'] = $_POST['userId'];
}
else
{
$db->query('UPDATE ' . TBL_USER . ' SET userLastname = "' . $_POST['userLastname'] . '" , userFirstname = "' . $_POST['userFirstname'] . '" , userEmail = "' . $_POST['userEmail'] . '" , userPhone = "' . $_POST['userPhone'] . '" , userPortalRightsType = "' . $_POST['user_portalRightsType'] . '" , userPortalRights = "' . $userPortalRights . '" WHERE userId = "' . $_POST['userId'] . '" LIMIT 1;');
foreach ($vC['portal']['website']['prefix'] as $website)
{
$status = fnc_sendEmailToUser ( '00000015' , $_POST[ 'userId' ] , $_SESSION[ 'sess_userId' ] );
if ( $status === 'OK' )
{
$db -> query ( 'UPDATE ' . TBL_USER . ' SET userPasswordCrypt = "' . $_POST[ 'userPasswordOrgCrypt' ] . '" WHERE userId = "' . $_POST[ 'userId' ] . '" LIMIT 1;' );
fnc_writeLog ( '00000015' , array ( fnc_getUsernameById ( $_POST[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
die( );
}
if (!isset ($_POST['user_' . $website . 'RightsType']))
{
$_POST['user_' . $website . 'RightsType'] = 'DEF';
}
$userWebsiteRights = ($_POST['user_' . $website . 'RightsType'] === 'ALL' || !isset ($_POST['user_' . $website . 'Rights']))
? ''
: implode(';', $_POST['user_' . $website . 'Rights']);
$rights = $db->query('SELECT * FROM ' . TBL_RIGHTS . ' WHERE userId = "' . $_POST['userId'] . '" AND rightsPrefix = "' . $website . '";');
if ($rights->num_rows === 0)
{
$db->query('INSERT INTO ' . TBL_RIGHTS . ' SET userId = "' . $_POST['userId'] . '" , rightsPrefix = "' . $website . '" , rightsType = "' . $_POST['user' . $website . 'RightsType'] . '" , rights = "' . $userWebsiteRights . '";');
}
else
{
$arrError[ ] = 'mail_001';
}
die( );
}
if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'createUser' )
{
if ( ! isset ( $_POST[ 'user_portalRightsType' ] ) )
{
$_POST[ 'user_portalRightsType' ] = 'DEF';
}
$userPortalRights = ( $_POST[ 'user_portalRightsType' ] === 'ALL' || ! isset ( $_POST[ 'user_portalRights' ] ) )
? ''
: implode ( ';' , $_POST[ 'user_portalRights' ] );
if ( ! fnc_validateEmailAddress ( $_POST[ 'userEmail' ] ) )
{
$arrError[ ] = 'mail_002';
}
if ( ! fnc_checkUniqueEmailAddress ( $_POST[ 'userEmail' ] ) )
{
$arrError[ ] = 'mail_003';
}
if ( isset ( $arrError ) && ! empty ( $arrError ) )
{
$_GET[ 'siteId' ] = $_POST[ 'siteId' ];
$_GET[ 'todoId' ] = $_POST[ 'todoId' ];
}
else
{
$userName = fnc_generateUniqueUsername ( $_POST[ 'userLastname' ] , $_POST[ 'userFirstname' ] );
$passWord = fnc_generatePW ( );
$crypt = md5 ( $passWord );
$insert = $db -> query ( 'INSERT INTO ' . TBL_USER . ' ( userUsername , userEmail , userPhone , userPasswordCrypt , userPasswordOrgCrypt , userPasswordOrg , userFirstname , userLastname , userCreateUser , userActive , userDelete , userPortalRightsType , userPortalRights ) VALUES ( "' . $userName . '" , "' . $_POST[ 'userEmail' ] . '" , "' . $_POST[ 'userPhone' ] . '" , "' . $crypt . '" , "' . $crypt . '" , "' . $passWord . '" , "' . $_POST[ 'userFirstname' ] . '" , "' . $_POST[ 'userLastname' ] . '" , "' . $_SESSION[ 'sess_userId' ] . '" , "Y" , "N" , "' . $_POST[ 'user_portalRightsType' ] . '" , "' . $userPortalRights . '" );' );
$userId = $db -> insert_id;
foreach ( $vC[ 'portal' ][ 'website' ][ 'prefix' ] as $website )
{
if ( ! isset ( $_POST[ 'user' . $website . 'RightsType' ] ) )
{
$_POST[ 'user' . $website . 'RightsType' ] = 'DEF';
}
$userWebsiteRights = ( $_POST[ 'user_' . $website . 'RightsType' ] === 'ALL' || ! isset ( $_POST[ 'user_' . $website . 'Rights' ] ) )
? ''
: implode ( ';' , $_POST[ 'user' . $website . 'Rights' ] );
$db -> query ( 'INSERT INTO ' . TBL_RIGHTS . ' SET userId = "' . $userId . '" , rightsPrefix = "' . $website . '" , rightsType = "' . $_POST[ 'user_' . $website . 'RightsType' ] . '" , rights = "' . $userWebsiteRights . '";' );
}
fnc_sendEmailToUser ( '00000010' , $userId , $_SESSION[ 'sess_userId' ] );
fnc_writeLog ( '00000010' , array ( fnc_getUsernameById ( $userId ) ) , $_SESSION[ 'sess_userId' ] );
header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
die ( );
}
}
if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'editUser' )
{
if ( ! isset ( $_POST[ 'user_portalRightsType' ] ) )
{
$_POST[ 'user_portalRightsType' ] = 'DEF';
}
$userPortalRights = ( $_POST[ 'user_portalRightsType' ] === 'ALL' || ! isset ( $_POST[ 'user_portalRights' ] ) )
? ''
: implode ( ';' , $_POST[ 'user_portalRights' ] );
if ( ! fnc_validateEmailAddress ( $_POST[ 'userEmail' ] ) )
{
$arrError[ ] = 'mail_002';
}
if ( ! fnc_checkUniqueEmailAddress ( $_POST[ 'userEmail' ] , $_POST[ 'userId' ] ) )
{
$arrError[ ] = 'mail_003';
}
if ( isset ( $arrError ) && ! empty ( $arrError ) )
{
$_GET[ 'siteId' ] = $_POST[ 'siteId' ];
$_GET[ 'todoId' ] = $_POST[ 'todoId' ];
$_GET[ 'userId' ] = $_POST[ 'userId' ];
}
else
{
$db -> query ( 'UPDATE ' . TBL_USER . ' SET userLastname = "' . $_POST[ 'userLastname' ] . '" , userFirstname = "' . $_POST[ 'userFirstname' ] . '" , userEmail = "' . $_POST[ 'userEmail' ] . '" , userPhone = "' . $_POST[ 'userPhone' ] . '" , userPortalRightsType = "' . $_POST[ 'user_portalRightsType' ] . '" , userPortalRights = "' . $userPortalRights . '" WHERE userId = "' . $_POST[ 'userId' ] . '" LIMIT 1;' );
foreach ( $vC[ 'portal' ][ 'website' ][ 'prefix' ] as $website )
{
if ( ! isset ( $_POST[ 'user_' . $website . 'RightsType' ] ) )
{
$_POST[ 'user_' . $website . 'RightsType' ] = 'DEF';
}
$userWebsiteRights = ( $_POST[ 'user_' . $website . 'RightsType' ] === 'ALL' || ! isset ( $_POST[ 'user_' . $website . 'Rights' ] ) )
? ''
: implode ( ';' , $_POST[ 'user_' . $website . 'Rights' ] );
$rights = $db -> query ( 'SELECT * FROM ' . TBL_RIGHTS . ' WHERE userId = "' . $_POST[ 'userId' ] . '" AND rightsPrefix = "' . $website . '";' );
if ( $rights -> num_rows === 0 )
{
$db -> query ( 'INSERT INTO ' . TBL_RIGHTS . ' SET userId = "' . $_POST[ 'userId' ] . '" , rightsPrefix = "' . $website . '" , rightsType = "' . $_POST[ 'user' . $website . 'RightsType' ] . '" , rights = "' . $userWebsiteRights . '";' );
}
else
{
$db -> query ( 'UPDATE ' . TBL_RIGHTS . ' SET rightsType = "' . $_POST[ 'user_' . $website . 'RightsType' ] . '" , rights = "' . $userWebsiteRights . '" WHERE userId = "' . $_POST[ 'userId' ] . '" AND rightsPrefix = "' . $website . '";' );
}
}
fnc_writeLog ( '00000013' , array ( fnc_getUsernameById ( $_POST[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
die ( );
}
{
$db->query('UPDATE ' . TBL_RIGHTS . ' SET rightsType = "' . $_POST['user_' . $website . 'RightsType'] . '" , rights = "' . $userWebsiteRights . '" WHERE userId = "' . $_POST['userId'] . '" AND rightsPrefix = "' . $website . '";');
}
}
?>
fnc_writeLog('00000013', array(fnc_getUsernameById($_POST['userId'])), $_SESSION['sess_userId']);
header('Location:index.php?siteId=' . $_POST['siteId']);
die ();
}
}