diff --git a/ag/gm/gm_seite.php b/ag/gm/gm_seite.php index b386964..74438b2 100644 --- a/ag/gm/gm_seite.php +++ b/ag/gm/gm_seite.php @@ -68,14 +68,15 @@ function loginUser($user,$pass){ $result = mysql_fetch_assoc($qry); $usergroups = getUserGroups($user); - if(isUserInGroup($usergroups, Admin)) { + if(isUserInGroup($usergroups, admin)) { $_SESSION['user'] = $result['id']; $_SESSION['username'] = $result['nickname']; $_SESSION['password'] = $result['passwort']; $_SESSION['usergroups'] = $usergroups; echo 'Zum Hauptmenu'; + return true; } - return true; + return false; } echo displayHistoryBackLink(); return false; diff --git a/ag/gm/include/user.inc.php b/ag/gm/include/user.inc.php index 37aa2ad..9450f15 100644 --- a/ag/gm/include/user.inc.php +++ b/ag/gm/include/user.inc.php @@ -15,20 +15,20 @@ function getOtherUserGroups($user) { $groups = array(); //prüfen welcher wert für user steht (id oder name) - if(validateInteger($user, null) != null) { - $test = 'SELECT gruppe_id, gruppe_name FROM user_gruppe WHERE gruppe_id not in - (SELECT gruppe_id FROM user_gruppe_zuordnung WHERE user_id = \''.$user.'\')'; + if(is_numeric($user)) { + $test = 'SELECT gruppen_id, gruppen_name FROM user_gruppe WHERE gruppen_id not in + (SELECT gruppen_id FROM user_gruppe_zuordnung WHERE user_id = \''.$user.'\')'; $qry = mysql_query($test); } else if (validateString($user) != null) { - $test = 'SELECT gruppe_id, gruppe_name FROM user_gruppe WHERE gruppe_id not in - (SELECT ugz.gruppe_id FROM user u INNER JOIN user_gruppe_zuordnung ugz ON + $test = 'SELECT gruppen_id, gruppen_name FROM user_gruppe WHERE gruppen_id not in + (SELECT ugz.gruppen_id FROM user u INNER JOIN user_gruppe_zuordnung ugz ON u.id=ugz.user_id WHERE nickname = \''.$user.'\')'; $qry = mysql_query($test); } $i = 0; while ($result = mysql_fetch_assoc($qry)) { - $groups[$i] = array("gruppe_id" => $result['gruppe_id'], "gruppe_name" => $result['gruppe_name']); + $groups[$i] = array("gruppen_id" => $result['gruppen_id'], "gruppen_name" => $result['gruppen_name']); $i++; } @@ -40,10 +40,10 @@ function displayUserGroups($action, $name, $ugname, $delete, $add) { $username = validateName($name); if ($delete !== NULL && $delete >= 0) { $qry = 'DELETE FROM user_gruppe_zuordnung WHERE user_id in (SELECT id FROM user WHERE nickname = \''.$username. - '\') AND gruppe_id = '.$delete.';'; + '\') AND gruppen_id = '.$delete.';'; mysql_query($qry); } else if($add !== NULL && $add >= 0) { - $qry = 'INSERT INTO user_gruppe_zuordnung(user_id, gruppe_id) + $qry = 'INSERT INTO user_gruppe_zuordnung(user_id, gruppen_id) VALUES((SELECT id FROM user WHERE nickname = \''.$username.'\'), '.$add.');'; mysql_query($qry); } @@ -65,7 +65,7 @@ function displayUserGroups($action, $name, $ugname, $delete, $add) { '.$usergroups[$i]['gruppe_name'].''; + echo ''; } ?> @@ -76,7 +76,7 @@ function displayUserGroups($action, $name, $ugname, $delete, $add) { '.$notusergroups[$i]['gruppe_name'].''; + echo ''; } ?> @@ -89,7 +89,7 @@ function displayUserGroups($action, $name, $ugname, $delete, $add) {
Usergruppe | Beschreibung | ' - .$row['gruppe_name'].' | '.$row['gruppe_beschreibung'].' | '; + .$_SERVER['PHP_SELF'].'?choose=usergroups&action=show&ugname='.$row['gruppen_name'].'">' + .$row['gruppen_name'].''.$row['gruppen_beschreibung'].' | '; } ?> diff --git a/ag/include/usergroup.inc.php b/ag/include/usergroup.inc.php index c28f391..0adb19e 100644 --- a/ag/include/usergroup.inc.php +++ b/ag/include/usergroup.inc.php @@ -7,8 +7,8 @@ */ //Konstanten -define("Admin", 1); -define("Tester", 2); +define("admin", 1); +define("tester", 2); include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/parse.inc.php'); @@ -17,14 +17,14 @@ function getUserGroups($user) { $groups = array(); //prüfen welcher wert für user steht (id oder name) - if(validateInteger($user, null) != null) { - $test = 'SELECT ug.gruppe_name, ug.gruppe_id FROM user_gruppe_zuordnung as ugz - INNER JOIN user_gruppe as ug ON ugz.gruppe_id=ug.gruppe_id + if(is_numeric($user)) { + $test = 'SELECT ug.gruppen_name, ug.gruppen_id FROM user_gruppe_zuordnung as ugz + INNER JOIN user_gruppe as ug ON ugz.gruppen_id=ug.gruppen_id WHERE ugz.user_id = \''.$user.'\''; $qry = mysql_query($test); } else if (validateString($user) != null) { - $test = 'SELECT ug.gruppe_name, ug.gruppe_id FROM user_gruppe_zuordnung as ugz - INNER JOIN user_gruppe as ug ON ugz.gruppe_id=ug.gruppe_id + $test = 'SELECT ug.gruppen_name, ug.gruppen_id FROM user_gruppe_zuordnung as ugz + INNER JOIN user_gruppe as ug ON ugz.gruppen_id=ug.gruppen_id INNER JOIN user as u ON u.id=ugz.user_id WHERE u.nickname = \''.$user.'\''; $qry = mysql_query($test); @@ -32,7 +32,7 @@ function getUserGroups($user) { $i = 0; while ($result = mysql_fetch_assoc($qry)) { - $groups[$i] = array("gruppe_id" => $result['gruppe_id'], "gruppe_name" => $result['gruppe_name']); + $groups[$i] = array("gruppen_id" => $result['gruppen_id'], "gruppen_name" => $result['gruppen_name']); $i++; }
---|