Mercurial Mercurial > IQM / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nochmal Recht, Prodgroup->Vertrag edit
authorBettina Schwarzer <schwarzer@fhi-berlin.mpg.de>
Fri, 14 Oct 2011 15:37:47 +0200
changeset 16 3ebe66308a00
parent 15 1ed6fbdf4237
child 17 f990704af47b
nochmal Recht, Prodgroup->Vertrag edit
fhiiqm/form/ma_fkt_form.inc.php file | annotate | diff | comparison | revisions
fhiiqm/form/recht_form.inc.php file | annotate | diff | comparison | revisions
fhiiqm/form/vertrag_form.inc.php file | annotate | diff | comparison | revisions
fhiiqm/inc/menu.inc.php file | annotate | diff | comparison | revisions
fhiiqm/info_upd.php file | annotate | diff | comparison | revisions
fhiiqm/partner_upd.php file | annotate | diff | comparison | revisions
fhiiqm/produkt_upd.php file | annotate | diff | comparison | revisions
fhiiqm/raum_upd.php file | annotate | diff | comparison | revisions
fhiiqm/recht_ed.php file | annotate | diff | comparison | revisions
fhiiqm/recht_list.php file | annotate | diff | comparison | revisions
fhiiqm/vertrag_flist1.php file | annotate | diff | comparison | revisions
fhiiqm/vertrag_upd.php file | annotate | diff | comparison | revisions 
--- a/fhiiqm/form/ma_fkt_form.inc.php	Tue Oct 11 12:17:55 2011 +0200
+++ b/fhiiqm/form/ma_fkt_form.inc.php	Fri Oct 14 15:37:47 2011 +0200
@@ -78,6 +78,6 @@
 <?php
     echo "</div>\n";
     if (!is_null($_SESSION["recht"]) && !in_array("fme", $_SESSION["recht"]))
-        echo "<p>&nbsp;&nbsp;&nbsp;<a href=\"ma_fkt_flist.php\" target=\"_self\" title=\"Funktionen\">Zur Funktionenliste</a></p>\n"; 
+        echo "<p>&nbsp;&nbsp;&nbsp;<a href=\"ma_fkt_flist.php\" target=\"_self\" title=\"Funktionen\">&laquo; zur Funktionenliste</a></p>\n"; 
     echo "</form>\n";   
 ?>
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/fhiiqm/form/recht_form.inc.php	Fri Oct 14 15:37:47 2011 +0200
@@ -0,0 +1,165 @@
+<?php
+
+/**
+ * @author Bettina Schwarzer, Fritz-Haber-Institut
+ * @copyright 10/2011
+ * 
+ * Form Rechtezuordnung
+ */
+
+
+	include_once($_SERVER['DOCUMENT_ROOT'] ."/fhiiqm/inc/dbconnect.inc.php");
+	if (!isset($dbc) || !$dbc) $dbc = new dbconnection();
+    $okn = true;
+
+    if (!is_null($_SESSION["recht"]) && !in_array("rte",$_SESSION["recht"]))
+    {
+        $text = "";
+        $ro = " readonly='readonly'";
+        $da = " disabled='disabled'";
+    }    
+    else
+    {
+        if  (!$pget) $text = "Eingabe"; else $text="&Auml;ndern / L&ouml;schen";
+        $ro = "";
+        $da = "";
+    }    
+?>
+<div align="center">
+<h3><font face="Verdana, Arial, Helvetica, sans-serif"><?php echo $text;?> Nutzer &amp; Rechte fhiiqm</font></h3>
+<h5>* - Felder sind erforderlich!</h5>
+<table>
+<tr><td class="bigger">Die Auswahl eines Mitarbeiters geschieht durch Eingeben von mindesten 2 Zeichen in das Mitarbeiter-Feld.
+</td></tr>
+<tr><td class="bigger"><div class="red">Achtung! </div>Umlaute wie '&auml;', '&uuml;', '&ouml;', '&szlig;' werden nicht gefunden, bitte benachbarte Zeichen eingeben.</td></tr>
+<tr><td class="bigger">&nbsp;</td></tr>
+</table>
+</div>
+<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post" enctype="application/x-www-form-urlencoded" name="form_recht">	
+<div align="center">
+<table width="30%" border="0" cellspacing="3" cellpadding="3">
+    <tr><td>Mitarbeiter *</td>
+        <td valign="top"><input class="long20" type="text" name="rt[pers]" id="persknr" value="<?php echo $rt['pers'] . "\"" . $ro; ?>/>
+            <?php
+                if (isset($ins) && $rt['pid']<"1")
+                {
+    				echo "<br /><span class=\"red\">Mitarbeiter ist erforderlich!</span>\n";
+    				$okn = false;
+                }
+    			else
+    				if ($okn) $okn = true; else $okn=false; 
+            ?>
+        </td>
+    </tr>
+<!--
+    <tr>
+        <td>Mitarbeiter FHI *</td>
+        <td>
+            <select name="rt[pers]" size="10">
+                <?php
+/*                    $select = null;
+//                    $select = ("-1"==$rt['pers'] ) ? ' selected' : null;
+//                    echo "<option $select value=\"-1\"></option>\n";
+                    $sql = "SELECT persknr, CONCAT (nachname, ', ',vorname) as pname FROM fhiiqm.Mitarbeiter ORDER BY 2";
+                    if ($result = $dbc->queryObjectArray($sql))
+                    {
+                        foreach ($result as $row)
+                        {
+                            if (isset($rt['pers'])) $select = ($row->persknr==$rt['pers'] ) ? ' selected' : null;
+        					echo "<option $select value=\"$row->persknr\">$row->pname</option>\n";
+                        }
+                    }    */ 
+                ?>
+            </select>
+            <?php
+/*                if (isset($ins) && $rt['pers']<1)
+                {
+    				echo "<br /><span class=\"red\">Mitarbeiter ist erforderlich!</span>\n";
+    				$okn = false;
+                }
+    			else
+    				if ($okn) $okn = true; else $okn=false; */
+            ?>
+        </td>
+    </tr>
+-->
+    <tr>
+        <td>Nutzername *</td>
+        <td><input name="rt[userid]" type="text" size="10" maxlength="10" value="<?php echo $rt['userid'] . "\"" . $ro; ?>/>
+            <?php 
+			     if (isset($rt['userid']) && $rt['userid']<'!')
+				{
+					echo "<br><span class=\"red\">Nutzername(userid) ist erforderlich!</span>\n";
+					$okn = false;
+				}
+				else
+					if ($okn) $okn = true; else $okn=false;
+             ?> 
+        </td>
+    </tr>
+    <tr>
+        <td>Rechte <br /><br />
+            &nbsp;&nbsp;&nbsp;<span class="green">Recht mu&szlig; explizit gew&auml;hlt werden</span><br /><br />
+            &nbsp;&nbsp;&nbsp;Mehrfachauswahl m&ouml;glich:<br />
+            &nbsp;&nbsp;&nbsp;[Strg]-Taste + Anklicken der<br /> 
+            &nbsp;&nbsp;&nbsp;gewünschten Listeneinträge
+        </td>
+        <td>
+            <select name="rt[recht][]" size="14" multiple="multiple"<?php echo $da; ?>>
+                <?php
+//                    $select = null;
+//                    if (is_array($rt['recht'])) $select = in_array( "-1", $rt['recht'] ) ? ' selected' : null;
+//                    echo "<option $select value=\"-1\"></option>\n";
+                    $sql = "SELECT recht_ID, thema FROM fhiiqm.recht ORDER BY 2";
+                    if ($result = $dbc->queryObjectArray($sql))
+                    {
+                        foreach ($result as $row)
+                        {
+                            if (is_array($rt['recht'])) $select = in_array( $row->recht_ID, $rt['recht'] ) ? ' selected' : null;
+        					echo "<option $select value=\"$row->recht_ID\">$row->thema</option>\n";
+                        }
+                    }
+                ?>
+            </select>
+            <?php
+/*                    if (isset($ins) && (count($rt["recht"])< 1) || (count($rt["recht"])==1 && $rt["recht"][0]== "-1"))
+                    {
+    					echo "<br><span class=\"red\">mindestens ein Recht ist erforderlich!</span>\n";
+    					$okn = false;
+                    }
+    				else
+    					if ($okn) $okn = true; else $okn=false;    
+*/
+            ?>
+        </td>
+    </tr>
+    <tr>
+        <td>Rechteinschr&auml;nkung Produktgruppe<br /><br />
+            &nbsp;&nbsp;&nbsp;<span class="green">nichts ausw&auml;hlen = alle Rechte</span><br /><br />
+            &nbsp;&nbsp;&nbsp;Mehrfachauswahl m&ouml;glich
+        </td>
+        <td>
+            <select name="rt[prodg][]" size="7" multiple="multiple"<?php echo $da; ?>>
+                <?php
+                    $select = null;
+//                    if (is_array($rt['prodg'])) $select = in_array( "-1", $rt['prodg'] ) ? ' selected' : null;
+//                    echo "<option $select value=\"-1\"></option>\n";
+                    $sql = "SELECT prod_group_ID, prod_group_name FROM fhiiqm.Produkt_Gruppe ORDER BY 2";
+                    if ($result = $dbc->queryObjectArray($sql))
+                    {
+                        foreach ($result as $row)
+                        {
+                            if (is_array($rt['prodg'])) $select = in_array( $row->prod_group_ID, $rt['prodg'] ) ? ' selected' : null;
+        					echo "<option $select value=\"$row->prod_group_ID\">$row->prod_group_name</option>\n";
+                        }
+                    }
+                ?>
+            </select>
+        </td>
+    </tr>
+    <input type="hidden" name="rt[pid]" id="pid" value="<?php echo $rt['pid']; ?>"/>
+<!--    <input type="hidden" name="rt[pget]" value="<?php echo $rt['pget']; ?>"/> -->
+    <input type="hidden" name="rt[okn]" value="<?php echo $okn; ?>"/>
+<!--  </table>
+ </div>   
+</form> -->
--- a/fhiiqm/form/vertrag_form.inc.php	Tue Oct 11 12:17:55 2011 +0200
+++ b/fhiiqm/form/vertrag_form.inc.php	Fri Oct 14 15:37:47 2011 +0200
@@ -347,7 +347,16 @@
                     }
                 }
 */
-                $sql = "CALL prod_hiera_all(0,0)";  
+                // Recht Produktgruppe beruecksichtigen
+                if (is_array($_SESSION["prodg"]))
+                {
+                        foreach ($_SESSION["prodg"] as $val)
+                            $listg .= "," .$val;
+                        $listg = substr($listg,1);
+                        $sql = "CALL fhiiqm.hier_prodgroup('$listg')";                
+                }
+                else
+                    $sql = "CALL fhiiqm.prod_hiera_all(0,0)";  
                 if ($result = $dbc->queryObjectArray($sql))
                 {
                     foreach ($result as $row)
--- a/fhiiqm/inc/menu.inc.php	Tue Oct 11 12:17:55 2011 +0200
+++ b/fhiiqm/inc/menu.inc.php	Fri Oct 14 15:37:47 2011 +0200
@@ -83,6 +83,10 @@
             		echo "<li><a href=\"/fhiiqm/ma_fkt_flist.php\" target=\"_blank\" title=\"MA-Funktionen-Liste\">Mitarbeiter - Funktion sort., filtern, bearbeiten</a></li>\n";
           if (in_array("fme",$_SESSION["recht"]))
             		echo "<li><a href=\"/fhiiqm/ma_fkt_ed.php\" target=\"_blank\" title=\"MA-Funktionen\">Mitarbeiter - Funktion erfassen</a></li>\n";
+          if (in_array("rtr",$_SESSION["recht"]) || in_array("rte",$_SESSION["recht"]))
+            		echo "<li><a href=\"/fhiiqm/recht_list.php\" target=\"_blank\" title=\"Nutzerliste\"><b>Nutzer - Rechte bearbeiten</b></a></li>\n";
+          if (in_array("rte",$_SESSION["recht"]))
+            		echo "<li><a href=\"/fhiiqm/recht_ed.php\" target=\"_blank\" title=\"Rechte\"><b>Rechteverwaltung neuer Nutzer</b></a></li>\n";
     
     //<!--				<li><a href="#">Anleitungen</a></li> -->
     	  echo "   </ul>\n
--- a/fhiiqm/info_upd.php	Tue Oct 11 12:17:55 2011 +0200
+++ b/fhiiqm/info_upd.php	Fri Oct 14 15:37:47 2011 +0200
@@ -140,7 +140,7 @@
         echo "</table>\n";
         echo "</div>\n";
         if (!is_null($_SESSION["recht"]) && !in_array("ie",$_SESSION["recht"]))
-            echo "<p>&nbsp;&nbsp;&nbsp;<a href=\"info_flist.php\" target=\"_self\" title=\"Infoliste\">Zur&uuml;ck zur Infoliste</a></p>\n";    
+            echo "<p>&nbsp;&nbsp;&nbsp;<a href=\"info_flist.php\" target=\"_self\" title=\"Infoliste\">&laquo; zur Infoliste</a></p>\n";    
         echo "</form>\n";	
 
         
--- a/fhiiqm/partner_upd.php	Tue Oct 11 12:17:55 2011 +0200
+++ b/fhiiqm/partner_upd.php	Fri Oct 14 15:37:47 2011 +0200
@@ -113,7 +113,7 @@
         echo "</table>\n";
         echo "</div>\n";
         if (!is_null($_SESSION["recht"]) && !in_array("vpe",$_SESSION["recht"]))
-            echo "<p>&nbsp;&nbsp;&nbsp;<a href=\"partner_flist.php\" target=\"_self\" title=\"Partnerliste\">Zur&uuml;ck zur Partnerliste</a></p>\n";    
+            echo "<p>&nbsp;&nbsp;&nbsp;<a href=\"partner_flist.php\" target=\"_self\" title=\"Partnerliste\">&laquo; zur Partnerliste</a></p>\n";    
         echo "</form>\n";	
 
     }
--- a/fhiiqm/produkt_upd.php	Tue Oct 11 12:17:55 2011 +0200
+++ b/fhiiqm/produkt_upd.php	Fri Oct 14 15:37:47 2011 +0200
@@ -100,7 +100,7 @@
         echo "</table>\n";
         echo "</div>\n";
         if (!is_null($_SESSION["recht"]) && !in_array("pe",$_SESSION["recht"]))
-            echo "<p>&nbsp;&nbsp;&nbsp;<a href=\"prod_hier.php\" target=\"_self\" title=\"Produkthierarchie\">Zur Produkthierarchie</a></p>\n";    
+            echo "<p>&nbsp;&nbsp;&nbsp;<a href=\"prod_hier.php\" target=\"_self\" title=\"Produkthierarchie\">&laquo; zur Produkthierarchie</a></p>\n";    
         echo "</form>\n";	
 
     }
--- a/fhiiqm/raum_upd.php	Tue Oct 11 12:17:55 2011 +0200
+++ b/fhiiqm/raum_upd.php	Fri Oct 14 15:37:47 2011 +0200
@@ -116,7 +116,7 @@
         echo "</table>\n";
         echo "</div>\n";
         if (!is_null($_SESSION["recht"]) && !in_array("re", $_SESSION["recht"]))
-            echo "<p>&nbsp;&nbsp;&nbsp;<a href=\"raum_flist.php$liste\" target=\"_self\" title=\"Raumliste\">Zur&uuml;ck zur Raumliste</a></p>\n";    
+            echo "<p>&nbsp;&nbsp;&nbsp;<a href=\"raum_flist.php$liste\" target=\"_self\" title=\"Raumliste\">&laquo; zur Raumliste</a></p>\n";    
         echo "</form>\n";	
 
     }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/fhiiqm/recht_ed.php	Fri Oct 14 15:37:47 2011 +0200
@@ -0,0 +1,222 @@
+<?php
+
+/**
+ * @author Bettina Schwarzer, Fritz-Haber-Institut
+ * @copyright 10/2011
+ *
+ * INSERT/UPDATE/DELETE Rechte   
+ */
+
+    error_reporting(E_ALL ^ E_NOTICE);
+
+    session_start();
+    if (! isset($_SESSION["userid"]))
+    { 
+        include_once ("inc/func_lib.inc.php");	
+        login($_SERVER["PHP_SELF"]);
+        exit;
+    }
+    
+    if (is_null($_SESSION["recht"]) || (!is_null($_SESSION["recht"]) && !in_array("rte",$_SESSION["recht"]) && !in_array("rtr",$_SESSION["recht"])))
+    {
+        header("Location: start.php");
+        exit;
+    }    
+    
+?>    
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+
+<head>
+	<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
+    <link type="text/css" href="/fhiiqm/css/db.css" rel="Stylesheet" />	
+    <link type="text/css" href="/fhiiqm/css/jquery/ui-lightness/jquery-ui-1.8.16.custom.css" rel="Stylesheet" />	
+    <script type="text/javascript" src="/fhiiqm/js/jquery/jquery-1.6.2.min.js"></script>
+    <script type="text/javascript" src="/fhiiqm/js/jquery/jquery-ui-1.8.16.custom.min.js"></script>
+	<title>Nutzer &amp; Rechte</title>
+</head>
+
+<body>
+    
+    <script>
+      $(document).ready(function() {
+        $("#persknr").focus();
+        $("#persknr").autocomplete({
+                source: "/fhiiqm/inc/ma_list_ac.inc.php",
+    			minLength: 2,
+                select: function(event,ui){$("#pid").val(ui.item.id);}
+    		});
+        $("input").filter("long20").addClass("long20");
+        });
+    </script>
+
+<?php
+    echo "&nbsp;";  
+    echo "<div class=\"float-br smaller\" valign='top'>";
+    echo "&nbsp;&nbsp;&nbsp;user: " . $_SESSION["userid"];
+    echo "&nbsp;&nbsp;&nbsp;<a class='sc' href='/fhiiqm/logout.php' title='Session beenden'>logout</a></div>\n";
+    echo "<div class=\"float-r\"><img src=\"img/user_go.png\" border=\"0\" alt=\"User, Rechte eingeben\" title=\"User, Rechte eingeben\"/></div>\n";
+
+	include_once($_SERVER['DOCUMENT_ROOT'] ."/fhiiqm/inc/dbconnect.inc.php");
+	if (!isset($dbc) || !$dbc) $dbc = new dbconnection();
+    
+	$pget   = $_GET["pid"];
+    $ok     = $_POST["ok"];
+	$ins	= $_POST["ins"];
+	$del	= $_POST["del"];
+    $rt     = $_POST["rt"];
+    if (!$rt['okn']) $ok=false;
+// print_r($rt); echo "$ins, $del<br />";    
+    if (!$ok || (!$ins && !$del))
+    {
+        if ($pget && !$ins && !$del)
+        {
+            // Daten zu Mitarbeiter bereitstellen
+            $rt["pid"] = $pget;
+            $sql = "SELECT userid FROM fhiiqm.userweb WHERE persknr = $pget";
+            if ($userid = $dbc->querySingleItem($sql))
+            {
+                $rt["userid"] = $userid;
+                $sql = "SELECT CONCAT (nachname, ', ',vorname) AS ma FROM fhiiqm.Mitarbeiter WHERE persknr = $pget";
+                if ($result = $dbc -> queryObjectArray($sql))
+                    foreach ($result as $row)
+                        $rt["pers"] = $row->ma;
+                $sql = "SELECT recht_ID FROM fhiiqm.user_recht WHERE userid = '$userid'";
+                if ($resr = $dbc -> queryObjectArray($sql))
+                    foreach ($resr as $row)
+                        $rt["recht"][] = $row->recht_ID;
+                $sql = "SELECT prod_group_ID FROM fhiiqm.user_prodgroup WHERE userid = '$userid'";
+                if ($resg = $dbc -> queryObjectArray($sql))
+                    foreach ($resg as $row)
+                        $rt["prodg"][] = $row->prod_group_ID;
+            }
+        }
+        
+        include_once("form/recht_form.inc.php");
+
+        if ($ins || $del)
+		{
+    
+		  	if ($ins) $frage = "Alle Angaben ok?"; else $frage = "Nutzer und seine Rechte wirklich löschen?";
+			echo "<tr>
+			  <td class=\"red\" valign=\"top\" align=\"left\">$frage</td>
+			        <td><input type=\"checkbox\" name=\"ok\" value=\"1\"";
+			        if ($ok)  echo "checked"; 
+			echo "></td>\n</tr>\n"; 
+		}
+		
+        if (!is_null($_SESSION["recht"]) && in_array("rte", $_SESSION["recht"]))
+        {
+    		if ($pget || $rt["pget"]) $sub = "&auml;ndern"; else $sub = "eingeben";
+                
+            echo "<tr>\n";
+    		echo "
+    		  <td>&nbsp;</td>
+    		  <td><input class=\"button\" type=\"submit\" value=\"$sub\" name=\"ins\" title=\"$sub\" />";
+            if ($pget || $rt["pget"])
+                echo "&nbsp;&nbsp;&nbsp;<input class=\"button\" type=\"submit\" value=\"l&ouml;schen\" name=\"del\" title=\"delete\" />";         
+            echo  "</td>\n";;
+    		echo "</tr>\n";
+        }
+        echo "</table>\n";
+        echo "</div>\n";
+        if (!is_null($_SESSION["recht"]) && !in_array("rte", $_SESSION["recht"]))
+            echo "<p>&nbsp;&nbsp;&nbsp;<a href=\"recht_list.php\" target=\"_self\" title=\"Nutzerliste\">&laquo; zur Nutzerliste</a></p>\n"; 
+        echo "</form>\n";	
+
+    }
+    elseif ($ok && ($ins || $del))
+    {
+        echo "<div align='center'>\n";
+        //daten speichern
+        
+        if ($ins == "eingeben")
+        {
+            // pruefen, ob userid schon existiert
+            $sql = "SELECT persknr, userid FROM fhiiqm.userweb WHERE userid = '" . $rt["userid"] . "'";
+            if ($result = $dbc ->queryObjectArray($sql))
+            {
+                foreach ($result as $row)
+                { 
+                    echo "<p class='red'>User-ID <b>" . $rt["userid"] ."</b> ist schon vorhanden!</p>";
+                    $erruid = 1;
+                }
+            }
+        }
+        else
+        {
+            // alte Rechte loeschen
+            $sql = "DELETE FROM fhiiqm.user_recht WHERE userid ='" . $rt["userid"] . "'";
+            $resr = $dbc -> execute($sql);
+            $sql = "DELETE FROM fhiiqm.user_prodgroup WHERE userid ='" . $rt["userid"] . "'";
+            $resp = $dbc -> execute($sql);
+            if (!$resr || !$resp) $erruid = 1;
+        }    
+        if ($del)
+        {
+            // User loeschen
+            $sql = "DELETE FROM fhiiqm.userweb WHERE userid ='" . $rt["userid"] . "'";
+            $res = $dbc -> execute($sql);
+            if ($res) 
+                echo "<p class='green'><b>User-ID '".$rt["userid"]."' und zugeordete Rechte wurden gel&ouml;scht.</b></p>\n";
+            else
+                 echo "<p class='red'><b>L&ouml;schen von User-ID '".$rt["userid"]."' und zugeordeter Rechte ist fehlgeschlagen.</b></p>\n";
+            $erruid = 1;    // 
+        }
+        if (!$erruid)
+        {   // Rechte speichern
+            $stmt = $dbc -> stmtinit();
+            if (is_object($stmt))
+            {
+                $result = 1;
+                if ($ins == "eingeben")
+                {
+                    $stmt -> prepare("INSERT INTO fhiiqm.userweb (persknr, userid) VALUES (?,?)");
+                    $stmt -> bind_param('is',$rt["pid"],$rt["userid"]);
+                    $result = $stmt -> execute();
+                    if ($stmt->error) echo "error userweb: " . $stmt->errno." -> ".$stmt->error . "<br><br>\n";
+                    $stmt -> reset();
+                }
+                if ($result)
+                {
+                    $resr = 1;
+                    if (is_array($rt["recht"]) && !is_null($rt["recht"]))
+                    {
+                        $stmt -> prepare("INSERT INTO fhiiqm.user_recht (userid,recht_ID) VALUES (?,?)");
+                        foreach ($rt["recht"] as $re)
+                        {
+                                $stmt -> bind_param('ss',$rt["userid"],$re);
+                                $resr = $stmt -> execute();
+                        }
+                        $stmt -> reset();
+                    }
+                    if ($stmt->error) echo "error user_recht: " . $stmt->errno." -> ".$stmt->error . "<br><br>\n";
+                    $resp = 1;            
+                    if (is_array($rt["prodg"]) && !is_null($rt["prodg"]))
+                    {
+                        echo "userid = " . $rt["userid"] . "<br />";
+                        $stmt -> prepare("INSERT INTO fhiiqm.user_prodgroup (userid,prod_group_ID) VALUES (?,?)");
+                        foreach ($rt["prodg"] as $re)
+                        {
+                                $stmt -> bind_param('ss',$rt["userid"],$re);
+                                $resp = $stmt -> execute();
+                        }
+                    }
+                    if ($stmt->error) echo "error user_prodgroup: " . $stmt->errno." -> ".$stmt->error . "<br><br>\n";
+                    
+                }
+                $stmt -> close();      
+            }
+            if ($result && $resr && $resp)
+                echo "<p class='green'><b>User-ID '".$rt["userid"]."' und zugeordete Rechte wurden erfolgreich gespeichert.</b></p>\n";
+            else
+                echo "<p class='red'><b>Speichern von User-ID '".$rt["userid"]."' und zugeordeter Rechte war nicht erfolgreich.</b></p>\n";
+        }
+        $dbc -> close();
+        echo "</div>\n";
+        echo "<p>&nbsp;&nbsp;&nbsp;<a href=\"".$_SERVER["PHP_SELF"]."\" target=\"_self\" title=\"Rechte erfassen\">Weiteren User & Rechte erfassen</a></p>\n";    
+        echo "<p>&nbsp;&nbsp;&nbsp;<a href='/fhiiqm/recht_list.php' title='Nutzerliste'>zur Nutzerliste</a></p>";
+    }
+?>
+</body>
+</html>
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/fhiiqm/recht_list.php	Fri Oct 14 15:37:47 2011 +0200
@@ -0,0 +1,79 @@
+<?php
+
+/**
+ * @author Bettina Schwarzer, Fritz-Haber-Institut
+ * @copyright 10/2011
+ *
+ * INSERT Rechte   
+ */
+
+    error_reporting(E_ALL ^ E_NOTICE);
+
+    session_start();
+    if (! isset($_SESSION["userid"]))
+    { 
+        include_once ("inc/func_lib.inc.php");	
+        login($_SERVER["PHP_SELF"]);
+        exit;
+    }
+    
+    if (is_null($_SESSION["recht"]) || (!is_null($_SESSION["recht"]) && !in_array("rte",$_SESSION["recht"]) && !in_array("rtr",$_SESSION["recht"])))
+    {
+        header("Location: start.php");
+        exit;
+    }    
+    
+?>    
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+
+<head>
+	<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
+    <link type="text/css" href="/fhiiqm/css/db.css" rel="Stylesheet" />	
+	<title>Nutzer fhiiqm</title>
+</head>
+
+<body>
+
+<?php
+    echo "&nbsp;";  
+    echo "<div class=\"float-br smaller\" valign='top'>";
+    echo "&nbsp;&nbsp;&nbsp;user: " . $_SESSION["userid"];
+    echo "&nbsp;&nbsp;&nbsp;<a class='sc' href='/fhiiqm/logout.php' title='Session beenden'>logout</a></div>\n";
+    echo "<div class=\"float-r\"><img src=\"img/user_go.png\" border=\"0\" alt=\"User, Rechte eingeben\" title=\"User, Rechte eingeben\"/></div>\n";
+
+	include_once($_SERVER['DOCUMENT_ROOT'] ."/fhiiqm/inc/dbconnect.inc.php");
+	if (!isset($dbc) || !$dbc) $dbc = new dbconnection();
+    
+    $sql = "SELECT u.persknr, CONCAT (nachname, ', ',vorname) AS ma, userid,
+            CASE WHEN ISNULL(pwd) THEN '-' ELSE 'ja' END AS pw 
+            FROM fhiiqm.userweb u INNER JOIN fhiiqm.Mitarbeiter m ON u.persknr = m.persknr
+            ORDER BY ma";
+    if ($result = $dbc -> queryObjectArray($sql))
+    {
+        $bg1 = "#F8F8F8";
+		$bg2 = "#DEDFE1";
+		$bg = "#FFFFFF";
+     
+        echo "<div align='center'>\n";
+        echo "<p><b>Liste der fhiiqm-Nutzer</b></p>\n";
+        echo "<p>Klick auf '<img src='/fhiiqm/img/edit.gif' border='0' width='11' hight='11'>' - Sichten/Bearbeiten der Nutzer-Rechte</p>";
+        
+        echo "<table cellpadding='2' cellspacing='2'>\n";
+        // Listenkopf
+        echo "<tr bgcolor='#68ACBF'>";
+        echo "<th>Mitarbeiter</th><th>userid</th><th>passwort?</th><th>&nbsp;</th></tr>\n";
+        foreach ($result as $row)
+        {
+			if ($bg == $bg1) $bg = $bg2; else $bg = $bg1;
+            echo "<tr bgcolor='" . $bg . "'><td><b>$row->ma</b></td>";
+            echo "<td>$row->userid</td>";
+            echo "<td class='center'>$row->pw</td>";
+            echo "<td><a href='/fhiiqm/recht_ed.php?pid=$row->persknr'><img src=\"/fhiiqm/img/edit.gif\" alt='edit' title='edit' border='0'/></a></td></tr>\n";
+        }
+        echo "</table></div>\n";
+    }
+
+?>
+</body>
+</html>
\ No newline at end of file
--- a/fhiiqm/vertrag_flist1.php	Tue Oct 11 12:17:55 2011 +0200
+++ b/fhiiqm/vertrag_flist1.php	Fri Oct 14 15:37:47 2011 +0200
@@ -96,7 +96,7 @@
 //echo "$sort, $dir, $fnum, $filter<br><br>\n";    
 //    $sql = "CALL fhiiqm.vertrag_flist1(" . $sort . ",'" . $dir . "', " . $fnum . ", '" . $filter . "',$start,$zeil, @anz)";
     $sql = "CALL fhiiqm.vertrag_flist1_1(" . $sort . ",'" . $dir . "', " . $fnum . ", '" . $filter . "', '" . $listg . "', $start,$zeil, @anz)";
-    // Parameter: Nr. Sortfelf, Sortierrichtung, Nr. Filterfeld, Filterbegriff, Start bei DS $start+1, Anzahl DS/Seite, Anzahl gefundener Vertraege
+    // Parameter: Nr. Sortfelf, Sortierrichtung, Nr. Filterfeld, Filterbegriff, Liste der berechtigten prodgroup, Start bei DS $start+1, Anzahl DS/Seite, Anzahl gefundener Vertraege
     // liefert Felder: contract_ID,cname,clong,bearb,doc,typ,prod
     $result = $dbc -> queryObjectArray($sql);
     if ($result)
--- a/fhiiqm/vertrag_upd.php	Tue Oct 11 12:17:55 2011 +0200
+++ b/fhiiqm/vertrag_upd.php	Fri Oct 14 15:37:47 2011 +0200
@@ -172,7 +172,7 @@
         echo "</table>\n";
         echo "</div>\n";
         if (!is_null($_SESSION["recht"]) && !in_array("ve",$_SESSION["recht"]))
-            echo "<p>&nbsp;&nbsp;&nbsp;<a href=\"vertrag_flist1.php\" target=\"_self\" title=\"Vertragsliste\">Zur&uuml;ck zur Vertragsliste</a></p>\n";    
+            echo "<p>&nbsp;&nbsp;&nbsp;<a href=\"vertrag_flist1.php\" target=\"_self\" title=\"Vertragsliste\">&laquo; zur Vertragsliste</a></p>\n";    
         echo "</form>\n";
         	
     }
IQM