<?php $user_admin=$_COOKIE["user_admin"]; include("kurs/datenbankanbindung.php"); // fügt die Datenbankanbindung ein: Sys:\php\includes\kurs\datenbankanbindung.php $hs=$_COOKIE["ck_hs"]; // Rechteüberprüfung $db = dbconnect(); if ($user_admin == ""){ require("index.php"); exit;} //Wenn man nicht angemeldet ist, darf man nicht auf die Seite $result = $db->query("SELECT 1 FROM stan_admin_rechte, stan_admin_rechte_zuord , stan_admin where stan_admin_rechte.stan_admin_rolle = stan_admin_rechte_zuord.stan_admin_rolle AND stan_admin_rechte_zuord.said = stan_admin.said AND stan_admin.user = '$user_admin' AND stan_admin_rechte_zuord.stan_admin_rolle = 'a_stan_anl'"); $row = $result->fetch_array(); if ($row[0] != 1){ include("kurs/rechte.php"); exit;} // Rechteüberprüfung ende if (isset($_GET['action'])) $action = $_GET['action']; else $action = ""; switch($action){ default: echo" <html> <head> <meta http-equiv=\"content-type\" content=\"text/html; charset=utf-8\"> <link rel=\"stylesheet\" href=\"../styles_pc.css\" type=\"text/css\"> <title>Administratorrechte</title> <style type=\"text/css\"> select{ width:267px; } </style> </head> <body onload=\"if(document.beleg1)document.beleg1.vorname.focus();return false;\"> <table border=\"0\" style=\"border-collapse: collapse\" width=\"100%\" cellpadding=\"0\" height=\"100%\" id=\"table1\"> <tr> <td> <div align=\"center\"> <table cellspacing=\"0\" cellpadding=\"0\" width=\"550\" border=\"0\"> <tr> <td width=\"10\" background=\"../images/box_e1.gif\"> <img height=\"40\" src=\"../images/blank.gif\" width=\"22\"></td> <td nowrap=\"nowrap\" align=\"left\" width=\"98%\" background=\"../images/box_top.gif\" valign=\"top\"> <img height=\"10\" src=\"../images/blank.gif\" width=\"1\"><br> <font class=\"hd\">Standortadministrator anlegen</font><br> <img height=\"5\" src=\"../images/blank.gif\" width=\"1\"></font></td> <td nowrap=\"nowrap\" align=\"right\" width=\"1%\" background=\"../images/box_e2.gif\"> <img height=\"40\" src=\"../images/blank.gif\" width=\"22\"></td> </tr> <tr> <td width=\"1%\" background=\"../images/box_l.gif\"> <img height=\"1\" src=\"../images/blank.gif\" width=\"22\"></td> <td> <form action="; echo $_SERVER['PHP_SELF'] . "?action=dozbearb1"; echo" method=\"POST\" name=\"beleg1\"> <table border=\"0\" cellpadding=\"4\" cellspacing=\"0\" style=\"border-collapse: collapse; border-width: 0\" bordercolor=\"#111111\" width=\"100%\" id=\"AutoNumber1\" height=\"194\"> <tr> <td width=\"40%\"> <b>Vorname*:</b> </td> <td width=\"60%\"> <input type=\"text\" name=\"vorname\" size=\"40\"> </td> </tr> <tr> <td width=\"40%\"> <b>Nachname*:</b> </td> <td width=\"60%\"> <input type=\"text\" name=\"nachname\" size=\"40\"> </td> </tr> <tr> <td width=\"40%\"> <b>Benutzerkennung*:</b> </td> <td width=\"60%\"> <input type=\"text\" name=\"user\" size=\"40\"> </td> </tr> <tr> <td width=\"40%\"> <b>Mail*:</b> </td> <td width=\"60%\"> <input type=\"text\" name=\"mail\" size=\"40\"> </td> </tr> <tr> <td width=\"40%\"> <b>Standort*:</b> <br> <font size='1'>STRG-Taste für Mehrfachauswahl</font> </td> <td width=\"60%\" colspan=\"2\"> <p align=\"left\"> "; $db = dbconnect(); $query = "SELECT sid, standort, block, abdatum, pendler FROM stan_standort ORDER BY standort ASC"; $result = $db->query ($query) or die ("Cannot execute query"); echo "<select size=\"5\" name=\"standort1[]\" multiple>"; while ($row = $result->fetch_array()){ $db = dbconnect(); $bearb_adm = $db->query ("SELECT 1 FROM stan_admin_rechte_zuord, stan_admin WHERE stan_admin_rechte_zuord.said = stan_admin.said AND stan_admin.said='$_POST[adminre]' AND stan_admin_rolle = '$row[stan_admin_rolle]'"); $admin = $bearb_adm->fetch_array(); echo "<option value='$row[sid]'"; if($admin[0] == 1){echo "selected";} echo">$row[standort] (Block $row[block]) ab $row[abdatum] ($row[pendler])</option>\n"; } echo "</select> </td> </tr> <tr> <td width=\"40%\"> </td> <td width=\"60%\"> </td> </tr <tr> <td width=\"40%\"> * = Pflichtfelder </td> <td width=\"60%\"> </td> </tr> </table> <p align='center'> <input type=\"submit\" value=\"Abschicken\" name=\"B1\"> </form> </td> <td width=\"1%\" background=\"../images/box_r.gif\"> <img height=\"1\" src=\"../images/blank.gif\" width=\"22\"></td> </tr> <tr> <td nowrap=\"nowrap\" align=\"left\" width=\"1%\" background=\"../images/box_e3.gif\"> <img height=\"16\" src=\"../images/blank.gif\" width=\"22\"></td> <td nowrap=\"nowrap\" align=\"left\" width=\"98%\" background=\"../images/box_bottom.gif\"> <img height=\"16\" src=\"../images/blank.gif\" width=\"8\"></td> <td nowrap=\"nowrap\" align=\"right\" width=\"1%\" background=\"../images/box_e4.gif\"> <img height=\"16\" src=\"../images/blank.gif\" width=\"22\"> </td> </tr> </table> </div> </td> </tr> </table> </body> </html>"; break; case "dozbearb1": $db = dbconnect(); if ($_POST[vorname] == "" or $_POST[nachname] == "" or $_POST[user] == "" or $_POST[standort1][0] == "" or $_POST[mail] == ""){ // Fehler, falls Pflichtfelder unausgefüllt echo " <html> <head> <meta http-equiv=\"content-type\" content=\"text/html; charset=utf-8\"> <link rel=\"stylesheet\" href=\"../styles_pc.css\" type=\"text/css\"> <title>Eingabefehler</title> </head> <body> <table border=\"0\" style=\"border-collapse: collapse\" width=\"100%\" cellpadding=\"0\" height=\"100%\" id=\"table1\"> <tr> <td> <div align=\"center\"> <table cellspacing=\"0\" cellpadding=\"0\" width=\"550\" border=\"0\"> <tr> <td width=\"10\" background=\"../images/box_e1.gif\"> <img height=\"40\" src=\"../images/blank.gif\" width=\"22\"></td> <td nowrap=\"nowrap\" align=\"left\" width=\"3%\" background=\"../images/box_top.gif\" valign=\"top\"></td> <td width=\"95%\" background=\"../images/box_top.gif\"> <img height=\"10\" src=\"../images/blank.gif\" width=\"1\"><br> <span class=\"sh\">Eingabefehler</span><br> <img height=\"5\" src=\"../images/blank.gif\" width=\"1\"></td> <td nowrap=\"nowrap\" align=\"right\" width=\"1%\" background=\"../images/box_e2.gif\"> <img height=\"40\" src=\"../images/blank.gif\" width=\"22\"></td> </tr> <tr> <td width=\"1%\" background=\"../images/box_l.gif\"> <img height=\"1\" src=\"../images/blank.gif\" width=\"22\"></td> <td colspan=\"2\"><br> <p align=\"center\"><b>Es müssen mindestens die Pflichtfelder ausgefüllt werden!</b> </p> <p align=\"center\"><a href=\"javascript:history.back()\"> <img border=\"0\" src=\"../images/zurueck.gif\" width=\"77\" height=\"22\"></a><br> </p> <p></p> <p></p> <p></p> <p></p> <p><br> </p> </td> <td width=\"1%\" background=\"../images/box_r.gif\"> <img height=\"1\" src=\"../images/blank.gif\" width=\"22\"></td> </tr> <tr> <td nowrap=\"nowrap\" align=\"left\" width=\"1%\" background=\"../images/box_e3.gif\"> <img height=\"16\" src=\"../images/blank.gif\" width=\"22\"></td> <td nowrap=\"nowrap\" align=\"left\" width=\"98%\" background=\"../images/box_bottom.gif\" colspan=\"2\"> <img height=\"16\" src=\"../images/blank.gif\" width=\"8\"></td> <td nowrap=\"nowrap\" align=\"right\" width=\"1%\" background=\"../images/box_e4.gif\"> <img height=\"16\" src=\"../images/blank.gif\" width=\"22\"> </td> </tr> </table> </div> </td> </tr> </table> </body> </html>"; exit; } $result = $db->query("SELECT uid FROM stan_standort_admin WHERE uid ='$_POST[user]'"); $row = $result->fetch_array(); if ($_POST['user'] == $row[uid] ){ echo" <html> <head> <meta http-equiv=\"content-type\" content=\"text/html; charset=utf-8\"> <link rel=\"stylesheet\" href=\"../styles_pc.css\" type=\"text/css\"> <title>Doppelerfassung</title> </head> <body> <table border=\"0\" style=\"border-collapse: collapse\" width=\"100%\" cellpadding=\"0\" height=\"100%\" id=\"table1\"> <tr> <td> <div align=\"center\"> <table cellspacing=\"0\" cellpadding=\"0\" width=\"550\" border=\"0\"> <tr> <td width=\"10\" background=\"../images/box_e1.gif\"> <img height=\"40\" src=\"../images/blank.gif\" width=\"22\"></td> <td nowrap=\"nowrap\" align=\"left\" width=\"3%\" background=\"../images/box_top.gif\" valign=\"top\"></td> <td width=\"95%\" background=\"../images/box_top.gif\"> <img height=\"10\" src=\"../images/blank.gif\" width=\"1\"><br> <span class=\"sh\">Doppelerfassung</span><br> <img height=\"5\" src=\"../images/blank.gif\" width=\"1\"></td> <td nowrap=\"nowrap\" align=\"right\" width=\"1%\" background=\"../images/box_e2.gif\"> <img height=\"40\" src=\"../images/blank.gif\" width=\"22\"></td> </tr> <tr> <td width=\"1%\" background=\"../images/box_l.gif\"> <img height=\"1\" src=\"../images/blank.gif\" width=\"22\"></td> <td colspan=\"2\"><br> <p align=\"center\"><b>Die Benutzerkennung ist im System bereits vorhanden!</b> </p> <p align=\"center\"><a href=\"javascript:history.back()\"> <img border=\"0\" src=\"../images/zurueck.gif\" width=\"77\" height=\"22\"></a><br> </p> <p></p> <p></p> <p></p> <p></p> <p><br> </p> </td> <td width=\"1%\" background=\"../images/box_r.gif\"> <img height=\"1\" src=\"../images/blank.gif\" width=\"22\"></td> </tr> <tr> <td nowrap=\"nowrap\" align=\"left\" width=\"1%\" background=\"../images/box_e3.gif\"> <img height=\"16\" src=\"../images/blank.gif\" width=\"22\"></td> <td nowrap=\"nowrap\" align=\"left\" width=\"98%\" background=\"../images/box_bottom.gif\" colspan=\"2\"> <img height=\"16\" src=\"../images/blank.gif\" width=\"8\"></td> <td nowrap=\"nowrap\" align=\"right\" width=\"1%\" background=\"../images/box_e4.gif\"> <img height=\"16\" src=\"../images/blank.gif\" width=\"22\"> </td> </tr> </table> </div> </td> </tr> </table> </body> </html>"; exit; } // Ende If zwei benutzerkennungen $passwd = md5($_POST['user']); //$passwd= mysql_escape_string($passwd); $sql = $db->query("INSERT INTO stan_standort_admin ( vorname , nachname , uid , passwort , mail ) VALUES ( '$_POST[vorname]' ,'$_POST[nachname]' ,'$_POST[user]' ,'$passwd' ,'$_POST[mail]' ) "); $seaid = $db->insert_id; #$sql_del = $db->query("DELETE FROM stan_standort_zuord WHERE said = $ck_admre"); $standort = $_POST[standort1]; for ($i=0;$i<sizeof($standort);$i++) { $sql = $db->query ("INSERT INTO stan_standort_zuord (sid, seaid) VALUES ('$standort[$i]', $seaid) "); } $empfaenger = "$_POST[mail]"; $betreff = "Anmeldung Standortadministrator"; $text = " <html> <head> <title>Anmeldung Standortadministrator</title> </head> <body> <font face='Arial' size='2'> Guten Tag $_POST[vorname] $_POST[nachname]!<br><br> Sie wurden als Standortadministrator für das Stellenantragssystem registriert!<br> Nachfolgend finden Sie Ihre Zugangsdaten: <br> <br> <table> <tr> <td valign='top'> <font face='Arial' size='2'> Benutzerkennung: </font> </td> <td valign='top'> <font face='Arial' size='2'> <b>$_POST[user]</b> </font> </td> </tr> <tr> <td valign='top'> <font face='Arial' size='2'> Passwort: </font> </td> <td valign='top'> <font face='Arial' size='2'> <b>$_POST[user]</b> </font> </td> </tr> </table> <br> Bitte beachten Sie, dass zwischen Groß- und<br> Kleinschreibung unterschieden wird. <p> Ändern Sie bitte zu Ihrer eigenen Sicherheit das<br> Passwort nach dem ersten Login. <p> Link zum Stellenantragssystem: <a href=\"http://www.hs-ludwigsburg.de/kurs/stellenantrag_neu/standort\">http://www.hs-ludwigsburg.de/kurs/stellenantrag_neu/standort</a> <p> Diese Mail wurde automatisch generiert!<br> Antworten Sie daher nicht auf diese Mail<br> <br> Vielen Dank </body> </html>"; if($hs =='K' or $hs =='k'){ //Empfängeradresse selektieren. Je nach Hochshule verschieden $result3 = $db->query("SELECT wert2 FROM parameter WHERE pid=7"); $row3 = $result3->fetch_array(); $hochschule = 'Kehl'; }else{ $result3 = $db->query("SELECT wert2 FROM parameter WHERE pid=4"); $row3 = $result3->fetch_array(); $hochschule = 'Ludwigsburg'; } $result_admin = $db->query("SELECT vorname, nachname FROM stan_admin WHERE user='$user_admin'"); $row_admin = $result_admin->fetch_array(); $sender = "$row_admin[vorname] $row_admin[nachname]"; $sendermail = "$row3[wert2]"; ## Mailversand: $headers = "From: $sender <$sendermail>\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/html; charset=utf-8\r\n"; $return = @mail($empfaenger, $betreff, $text, $headers); echo " <html> <head> <meta http-equiv=\"content-type\" content=\"text/html; charset=utf-8\"> <link rel=\"stylesheet\" href=\"../styles_pc.css\" type=\"text/css\"> <title>Anlegen erfolgreich</title> </head> <body> <table border=\"0\" style=\"border-collapse: collapse\" width=\"100%\" cellpadding=\"0\" height=\"100%\" id=\"table1\"> <tr> <td> <div align=\"center\"> <table cellspacing=\"0\" cellpadding=\"0\" width=\"550\" border=\"0\"> <tr> <td width=\"10\" background=\"../images/box_e1.gif\"> <img height=\"40\" src=\"../images/blank.gif\" width=\"22\"></td> <td nowrap=\"nowrap\" align=\"left\" width=\"3%\" background=\"../images/box_top.gif\" valign=\"top\"></td> <td width=\"95%\" background=\"../images/box_top.gif\"> <img height=\"10\" src=\"../images/blank.gif\" width=\"1\"><br> <span class=\"sh\">Anlegen erfolgreich</span><br> <img height=\"5\" src=\"../images/blank.gif\" width=\"1\"></td> <td nowrap=\"nowrap\" align=\"right\" width=\"1%\" background=\"../images/box_e2.gif\"> <img height=\"40\" src=\"../images/blank.gif\" width=\"22\"></td> </tr> <tr> <td width=\"1%\" background=\"../images/box_l.gif\"> <img height=\"1\" src=\"../images/blank.gif\" width=\"22\"></td> <td colspan=\"2\"><br> <p align=\"center\">Der Standortadministrator wurde eingebunden!<br>Das Passwort ist gleich der Benutzerkennung <br><br>"; if($return){ echo "Der Benutzer wurde per Mail informiert ($_POST[mail])"; }else{ echo "Der Benutzer konnte <b>nicht</b> per Mail informiert werden!"; } echo" </p> <p align=\"center\"><a href=".$_SERVER['PHP_SELF'] ."> <img border=\"0\" src=\"../images/zurueck.gif\" width=\"77\" height=\"22\"></a><br> </p> <p></p> <p></p> <p></p> <p></p> <p><br> </p> </td> <td width=\"1%\" background=\"../images/box_r.gif\"> <img height=\"1\" src=\"../images/blank.gif\" width=\"22\"></td> </tr> <tr> <td nowrap=\"nowrap\" align=\"left\" width=\"1%\" background=\"../images/box_e3.gif\"> <img height=\"16\" src=\"../images/blank.gif\" width=\"22\"></td> <td nowrap=\"nowrap\" align=\"left\" width=\"98%\" background=\"../images/box_bottom.gif\" colspan=\"2\"> <img height=\"16\" src=\"../images/blank.gif\" width=\"8\"></td> <td nowrap=\"nowrap\" align=\"right\" width=\"1%\" background=\"../images/box_e4.gif\"> <img height=\"16\" src=\"../images/blank.gif\" width=\"22\"> </td> </tr> </table> </div> </td> </tr> </table> </body> </html>"; } // Ende Action script ?>