<?php
/**
* @author Bettina Schwarzer, Fritz-Haber-Institut
* @copyright 10/2011
*
* INSERT/UPDATE/DELETE Rechte
*/
error_reporting(E_ALL ^ E_NOTICE);
session_start();
if (! isset($_SESSION["userid"]))
{
include_once ("inc/func_lib.inc.php");
login($_SERVER["PHP_SELF"]);
exit;
}
if (is_null($_SESSION["recht"]) || (!is_null($_SESSION["recht"]) && !in_array("rte",$_SESSION["recht"]) && !in_array("rtr",$_SESSION["recht"])))
{
header("Location: start.php");
exit;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<link type="text/css" href="/fhiiqm/css/db.css" rel="Stylesheet" />
<link type="text/css" href="/fhiiqm/css/jquery/ui-lightness/jquery-ui-1.8.16.custom.css" rel="Stylesheet" />
<script type="text/javascript" src="/fhiiqm/js/jquery/jquery-1.6.2.min.js"></script>
<script type="text/javascript" src="/fhiiqm/js/jquery/jquery-ui-1.8.16.custom.min.js"></script>
<title>Nutzer & Rechte</title>
</head>
<body>
<script>
$(document).ready(function() {
$("#persknr").focus();
$("#persknr").autocomplete({
source: "/fhiiqm/inc/ma_list_ac.inc.php",
minLength: 2,
select: function(event,ui){$("#pid").val(ui.item.id);}
});
$("input").filter("long20").addClass("long20");
});
</script>
<?php
echo " ";
echo "<div class=\"float-br smaller\" valign='top'>";
echo " user: " . $_SESSION["userid"];
echo " <a class='sc' href='/fhiiqm/logout.php' title='Session beenden'>logout</a></div>\n";
echo "<div class=\"float-r\"><img src=\"img/user_go.png\" border=\"0\" alt=\"User, Rechte eingeben\" title=\"User, Rechte eingeben\"/></div>\n";
include_once($_SERVER['DOCUMENT_ROOT'] ."/fhiiqm/inc/dbconnect.inc.php");
if (!isset($dbc) || !$dbc) $dbc = new dbconnection();
$pget = $_GET["pid"];
$ok = $_POST["ok"];
$ins = $_POST["ins"];
$del = $_POST["del"];
$rt = $_POST["rt"];
if (!$rt['okn']) $ok=false;
// print_r($rt); echo "$ins, $del<br />";
if (!$ok || (!$ins && !$del))
{
if ($pget && !$ins && !$del)
{
// Daten zu Mitarbeiter bereitstellen
$rt["pid"] = $pget;
$sql = "SELECT userid FROM fhiiqm.userweb WHERE persknr = $pget";
if ($userid = $dbc->querySingleItem($sql))
{
$rt["userid"] = $userid;
$sql = "SELECT CONCAT (nachname, ', ',vorname) AS ma FROM fhiiqm.Mitarbeiter WHERE persknr = $pget";
if ($result = $dbc -> queryObjectArray($sql))
foreach ($result as $row)
$rt["pers"] = $row->ma;
$sql = "SELECT recht_ID FROM fhiiqm.user_recht WHERE userid = '$userid'";
if ($resr = $dbc -> queryObjectArray($sql))
foreach ($resr as $row)
$rt["recht"][] = $row->recht_ID;
$sql = "SELECT prod_group_ID FROM fhiiqm.user_prodgroup WHERE userid = '$userid'";
if ($resg = $dbc -> queryObjectArray($sql))
foreach ($resg as $row)
$rt["prodg"][] = $row->prod_group_ID;
}
}
include_once("form/recht_form.inc.php");
if ($ins || $del)
{
if ($ins) $frage = "Alle Angaben ok?"; else $frage = "Nutzer und seine Rechte wirklich löschen?";
echo "<tr>
<td class=\"red\" valign=\"top\" align=\"left\">$frage</td>
<td><input type=\"checkbox\" name=\"ok\" value=\"1\"";
if ($ok) echo "checked";
echo "></td>\n</tr>\n";
}
if (!is_null($_SESSION["recht"]) && in_array("rte", $_SESSION["recht"]))
{
if ($pget || $rt["pget"]) $sub = "ändern"; else $sub = "eingeben";
echo "<tr>\n";
echo "
<td> </td>
<td><input class=\"button\" type=\"submit\" value=\"$sub\" name=\"ins\" title=\"$sub\" />";
if ($pget || $rt["pget"])
echo " <input class=\"button\" type=\"submit\" value=\"löschen\" name=\"del\" title=\"delete\" />";
echo "</td>\n";;
echo "</tr>\n";
}
echo "</table>\n";
echo "</div>\n";
if (!is_null($_SESSION["recht"]) && !in_array("rte", $_SESSION["recht"]))
echo "<p> <a href=\"recht_list.php\" target=\"_self\" title=\"Nutzerliste\">« zur Nutzerliste</a></p>\n";
echo "</form>\n";
}
elseif ($ok && ($ins || $del))
{
echo "<div align='center'>\n";
//daten speichern
if ($ins == "eingeben")
{
// pruefen, ob userid schon existiert
$sql = "SELECT persknr, userid FROM fhiiqm.userweb WHERE userid = '" . $rt["userid"] . "'";
if ($result = $dbc ->queryObjectArray($sql))
{
foreach ($result as $row)
{
echo "<p class='red'>User-ID <b>" . $rt["userid"] ."</b> ist schon vorhanden!</p>";
$erruid = 1;
}
}
}
else
{
// alte Rechte loeschen
$sql = "DELETE FROM fhiiqm.user_recht WHERE userid ='" . $rt["userid"] . "'";
$resr = $dbc -> execute($sql);
$sql = "DELETE FROM fhiiqm.user_prodgroup WHERE userid ='" . $rt["userid"] . "'";
$resp = $dbc -> execute($sql);
if (!$resr || !$resp) $erruid = 1;
}
if ($del)
{
// User loeschen
$sql = "DELETE FROM fhiiqm.userweb WHERE userid ='" . $rt["userid"] . "'";
$res = $dbc -> execute($sql);
if ($res)
echo "<p class='green'><b>User-ID '".$rt["userid"]."' und zugeordete Rechte wurden gelöscht.</b></p>\n";
else
echo "<p class='red'><b>Löschen von User-ID '".$rt["userid"]."' und zugeordeter Rechte ist fehlgeschlagen.</b></p>\n";
$erruid = 1; //
}
if (!$erruid)
{ // Rechte speichern
$stmt = $dbc -> stmtinit();
if (is_object($stmt))
{
$result = 1;
if ($ins == "eingeben")
{
$stmt -> prepare("INSERT INTO fhiiqm.userweb (persknr, userid) VALUES (?,?)");
$stmt -> bind_param('is',$rt["pid"],$rt["userid"]);
$result = $stmt -> execute();
if ($stmt->error) echo "error userweb: " . $stmt->errno." -> ".$stmt->error . "<br><br>\n";
$stmt -> reset();
}
if ($result)
{
$resr = 1;
if (is_array($rt["recht"]) && !is_null($rt["recht"]))
{
$stmt -> prepare("INSERT INTO fhiiqm.user_recht (userid,recht_ID) VALUES (?,?)");
foreach ($rt["recht"] as $re)
{
$stmt -> bind_param('ss',$rt["userid"],$re);
$resr = $stmt -> execute();
}
$stmt -> reset();
}
if ($stmt->error) echo "error user_recht: " . $stmt->errno." -> ".$stmt->error . "<br><br>\n";
$resp = 1;
if (is_array($rt["prodg"]) && !is_null($rt["prodg"]))
{
echo "userid = " . $rt["userid"] . "<br />";
$stmt -> prepare("INSERT INTO fhiiqm.user_prodgroup (userid,prod_group_ID) VALUES (?,?)");
foreach ($rt["prodg"] as $re)
{
$stmt -> bind_param('ss',$rt["userid"],$re);
$resp = $stmt -> execute();
}
}
if ($stmt->error) echo "error user_prodgroup: " . $stmt->errno." -> ".$stmt->error . "<br><br>\n";
}
// $stmt -> close();
}
if ($result && $resr && $resp)
echo "<p class='green'><b>User-ID '".$rt["userid"]."' und zugeordete Rechte wurden erfolgreich gespeichert.</b></p>\n";
else
echo "<p class='red'><b>Speichern von User-ID '".$rt["userid"]."' und zugeordeter Rechte war nicht erfolgreich.</b></p>\n";
}
$dbc -> close();
echo "</div>\n";
echo "<p> <a href=\"".$_SERVER["PHP_SELF"]."\" target=\"_self\" title=\"Rechte erfassen\">Weiteren User & Rechte erfassen</a></p>\n";
echo "<p> <a href='/fhiiqm/recht_list.php' title='Nutzerliste'>zur Nutzerliste</a></p>";
}
?>
</body>
</html>