<?php
$user_admin=$_COOKIE["user_admin"];
include("kurs/datenbankanbindung.php"); // fügt die Datenbankanbindung ein: Sys:\php\includes\kurs\datenbankanbindung.php
$hs=$_COOKIE["ck_hs"];
// Rechteüberprüfung
$db = dbconnect();
if ($user_admin == ""){ require("index.php"); exit;} //Wenn man nicht angemeldet ist, darf man nicht auf die Seite
$result = $db->query("SELECT 1 FROM stan_admin_rechte, stan_admin_rechte_zuord , stan_admin where stan_admin_rechte.stan_admin_rolle = stan_admin_rechte_zuord.stan_admin_rolle AND stan_admin_rechte_zuord.said = stan_admin.said AND stan_admin.user = '$user_admin' AND stan_admin_rechte_zuord.stan_admin_rolle = 'a_stan_anl'");
$row = $result->fetch_array();
if ($row[0] != 1){ include("kurs/rechte.php"); exit;}
// Rechteüberprüfung ende
if (isset($_GET['action']))
$action = $_GET['action'];
else
$action = "";
switch($action){
default:
echo"
<html>
<head>
<meta http-equiv=\"content-type\" content=\"text/html; charset=utf-8\">
<link rel=\"stylesheet\" href=\"../styles_pc.css\" type=\"text/css\">
<title>Administratorrechte</title>
<style type=\"text/css\">
select{
width:267px;
}
</style>
</head>
<body onload=\"if(document.beleg1)document.beleg1.vorname.focus();return false;\">
<table border=\"0\" style=\"border-collapse: collapse\" width=\"100%\" cellpadding=\"0\" height=\"100%\" id=\"table1\">
<tr>
<td>
<div align=\"center\">
<table cellspacing=\"0\" cellpadding=\"0\" width=\"550\" border=\"0\">
<tr>
<td width=\"10\" background=\"../images/box_e1.gif\">
<img height=\"40\" src=\"../images/blank.gif\" width=\"22\"></td>
<td nowrap=\"nowrap\" align=\"left\" width=\"98%\" background=\"../images/box_top.gif\" valign=\"top\">
<img height=\"10\" src=\"../images/blank.gif\" width=\"1\"><br>
<font class=\"hd\">Standortadministrator anlegen</font><br>
<img height=\"5\" src=\"../images/blank.gif\" width=\"1\"></font></td>
<td nowrap=\"nowrap\" align=\"right\" width=\"1%\" background=\"../images/box_e2.gif\">
<img height=\"40\" src=\"../images/blank.gif\" width=\"22\"></td>
</tr>
<tr>
<td width=\"1%\" background=\"../images/box_l.gif\">
<img height=\"1\" src=\"../images/blank.gif\" width=\"22\"></td>
<td>
<form action="; echo $_SERVER['PHP_SELF'] . "?action=dozbearb1"; echo" method=\"POST\" name=\"beleg1\">
<table border=\"0\" cellpadding=\"4\" cellspacing=\"0\" style=\"border-collapse: collapse; border-width: 0\" bordercolor=\"#111111\" width=\"100%\" id=\"AutoNumber1\" height=\"194\">
<tr>
<td width=\"40%\">
<b>Vorname*:</b>
</td>
<td width=\"60%\">
<input type=\"text\" name=\"vorname\" size=\"40\">
</td>
</tr>
<tr>
<td width=\"40%\">
<b>Nachname*:</b>
</td>
<td width=\"60%\">
<input type=\"text\" name=\"nachname\" size=\"40\">
</td>
</tr>
<tr>
<td width=\"40%\">
<b>Benutzerkennung*:</b>
</td>
<td width=\"60%\">
<input type=\"text\" name=\"user\" size=\"40\">
</td>
</tr>
<tr>
<td width=\"40%\">
<b>Mail*:</b>
</td>
<td width=\"60%\">
<input type=\"text\" name=\"mail\" size=\"40\">
</td>
</tr>
<tr>
<td width=\"40%\">
<b>Standort*:</b>
<br>
<font size='1'>STRG-Taste für Mehrfachauswahl</font>
</td>
<td width=\"60%\" colspan=\"2\">
<p align=\"left\">
";
$db = dbconnect();
$query = "SELECT sid, standort, block, abdatum, pendler
FROM stan_standort
ORDER BY standort ASC";
$result = $db->query ($query)
or die ("Cannot execute query");
echo "<select size=\"5\" name=\"standort1[]\" multiple>";
while ($row = $result->fetch_array()){
$db = dbconnect();
$bearb_adm = $db->query ("SELECT 1
FROM stan_admin_rechte_zuord, stan_admin
WHERE stan_admin_rechte_zuord.said = stan_admin.said
AND stan_admin.said='$_POST[adminre]'
AND stan_admin_rolle = '$row[stan_admin_rolle]'");
$admin = $bearb_adm->fetch_array();
echo "<option value='$row[sid]'"; if($admin[0] == 1){echo "selected";} echo">$row[standort] (Block $row[block]) ab $row[abdatum] ($row[pendler])</option>\n";
}
echo "</select>
</td>
</tr>
<tr>
<td width=\"40%\">
</td>
<td width=\"60%\">
</td>
</tr
<tr>
<td width=\"40%\">
* = Pflichtfelder
</td>
<td width=\"60%\">
</td>
</tr>
</table>
<p align='center'>
<input type=\"submit\" value=\"Abschicken\" name=\"B1\">
</form>
</td>
<td width=\"1%\" background=\"../images/box_r.gif\">
<img height=\"1\" src=\"../images/blank.gif\" width=\"22\"></td>
</tr>
<tr>
<td nowrap=\"nowrap\" align=\"left\" width=\"1%\" background=\"../images/box_e3.gif\">
<img height=\"16\" src=\"../images/blank.gif\" width=\"22\"></td>
<td nowrap=\"nowrap\" align=\"left\" width=\"98%\" background=\"../images/box_bottom.gif\">
<img height=\"16\" src=\"../images/blank.gif\" width=\"8\"></td>
<td nowrap=\"nowrap\" align=\"right\" width=\"1%\" background=\"../images/box_e4.gif\">
<img height=\"16\" src=\"../images/blank.gif\" width=\"22\"> </td>
</tr>
</table>
</div>
</td>
</tr>
</table>
</body>
</html>";
break;
case "dozbearb1":
$db = dbconnect();
if ($_POST[vorname] == "" or $_POST[nachname] == "" or $_POST[user] == "" or $_POST[standort1][0] == "" or $_POST[mail] == ""){ // Fehler, falls Pflichtfelder unausgefüllt
echo "
<html>
<head>
<meta http-equiv=\"content-type\" content=\"text/html; charset=utf-8\">
<link rel=\"stylesheet\" href=\"../styles_pc.css\" type=\"text/css\">
<title>Eingabefehler</title>
</head>
<body>
<table border=\"0\" style=\"border-collapse: collapse\" width=\"100%\" cellpadding=\"0\" height=\"100%\" id=\"table1\">
<tr>
<td>
<div align=\"center\">
<table cellspacing=\"0\" cellpadding=\"0\" width=\"550\" border=\"0\">
<tr>
<td width=\"10\" background=\"../images/box_e1.gif\">
<img height=\"40\" src=\"../images/blank.gif\" width=\"22\"></td>
<td nowrap=\"nowrap\" align=\"left\" width=\"3%\" background=\"../images/box_top.gif\" valign=\"top\"></td>
<td width=\"95%\" background=\"../images/box_top.gif\">
<img height=\"10\" src=\"../images/blank.gif\" width=\"1\"><br>
<span class=\"sh\">Eingabefehler</span><br>
<img height=\"5\" src=\"../images/blank.gif\" width=\"1\"></td>
<td nowrap=\"nowrap\" align=\"right\" width=\"1%\" background=\"../images/box_e2.gif\">
<img height=\"40\" src=\"../images/blank.gif\" width=\"22\"></td>
</tr>
<tr>
<td width=\"1%\" background=\"../images/box_l.gif\">
<img height=\"1\" src=\"../images/blank.gif\" width=\"22\"></td>
<td colspan=\"2\"><br>
<p align=\"center\"><b>Es müssen mindestens die Pflichtfelder ausgefüllt werden!</b>
</p>
<p align=\"center\"><a href=\"javascript:history.back()\">
<img border=\"0\" src=\"../images/zurueck.gif\" width=\"77\" height=\"22\"></a><br>
</p>
<p></p>
<p></p>
<p></p>
<p></p>
<p><br>
</p>
</td>
<td width=\"1%\" background=\"../images/box_r.gif\">
<img height=\"1\" src=\"../images/blank.gif\" width=\"22\"></td>
</tr>
<tr>
<td nowrap=\"nowrap\" align=\"left\" width=\"1%\" background=\"../images/box_e3.gif\">
<img height=\"16\" src=\"../images/blank.gif\" width=\"22\"></td>
<td nowrap=\"nowrap\" align=\"left\" width=\"98%\" background=\"../images/box_bottom.gif\" colspan=\"2\">
<img height=\"16\" src=\"../images/blank.gif\" width=\"8\"></td>
<td nowrap=\"nowrap\" align=\"right\" width=\"1%\" background=\"../images/box_e4.gif\">
<img height=\"16\" src=\"../images/blank.gif\" width=\"22\"> </td>
</tr>
</table>
</div>
</td>
</tr>
</table>
</body>
</html>";
exit;
}
$result = $db->query("SELECT uid FROM stan_standort_admin WHERE uid ='$_POST[user]'");
$row = $result->fetch_array();
if ($_POST['user'] == $row[uid] ){
echo"
<html>
<head>
<meta http-equiv=\"content-type\" content=\"text/html; charset=utf-8\">
<link rel=\"stylesheet\" href=\"../styles_pc.css\" type=\"text/css\">
<title>Doppelerfassung</title>
</head>
<body>
<table border=\"0\" style=\"border-collapse: collapse\" width=\"100%\" cellpadding=\"0\" height=\"100%\" id=\"table1\">
<tr>
<td>
<div align=\"center\">
<table cellspacing=\"0\" cellpadding=\"0\" width=\"550\" border=\"0\">
<tr>
<td width=\"10\" background=\"../images/box_e1.gif\">
<img height=\"40\" src=\"../images/blank.gif\" width=\"22\"></td>
<td nowrap=\"nowrap\" align=\"left\" width=\"3%\" background=\"../images/box_top.gif\" valign=\"top\"></td>
<td width=\"95%\" background=\"../images/box_top.gif\">
<img height=\"10\" src=\"../images/blank.gif\" width=\"1\"><br>
<span class=\"sh\">Doppelerfassung</span><br>
<img height=\"5\" src=\"../images/blank.gif\" width=\"1\"></td>
<td nowrap=\"nowrap\" align=\"right\" width=\"1%\" background=\"../images/box_e2.gif\">
<img height=\"40\" src=\"../images/blank.gif\" width=\"22\"></td>
</tr>
<tr>
<td width=\"1%\" background=\"../images/box_l.gif\">
<img height=\"1\" src=\"../images/blank.gif\" width=\"22\"></td>
<td colspan=\"2\"><br>
<p align=\"center\"><b>Die Benutzerkennung ist im System bereits vorhanden!</b>
</p>
<p align=\"center\"><a href=\"javascript:history.back()\">
<img border=\"0\" src=\"../images/zurueck.gif\" width=\"77\" height=\"22\"></a><br>
</p>
<p></p>
<p></p>
<p></p>
<p></p>
<p><br>
</p>
</td>
<td width=\"1%\" background=\"../images/box_r.gif\">
<img height=\"1\" src=\"../images/blank.gif\" width=\"22\"></td>
</tr>
<tr>
<td nowrap=\"nowrap\" align=\"left\" width=\"1%\" background=\"../images/box_e3.gif\">
<img height=\"16\" src=\"../images/blank.gif\" width=\"22\"></td>
<td nowrap=\"nowrap\" align=\"left\" width=\"98%\" background=\"../images/box_bottom.gif\" colspan=\"2\">
<img height=\"16\" src=\"../images/blank.gif\" width=\"8\"></td>
<td nowrap=\"nowrap\" align=\"right\" width=\"1%\" background=\"../images/box_e4.gif\">
<img height=\"16\" src=\"../images/blank.gif\" width=\"22\"> </td>
</tr>
</table>
</div>
</td>
</tr>
</table>
</body>
</html>";
exit;
} // Ende If zwei benutzerkennungen
$passwd = md5($_POST['user']);
//$passwd= mysql_escape_string($passwd);
$sql = $db->query("INSERT INTO stan_standort_admin ( vorname
, nachname
, uid
, passwort
, mail
)
VALUES
( '$_POST[vorname]'
,'$_POST[nachname]'
,'$_POST[user]'
,'$passwd'
,'$_POST[mail]'
)
");
$seaid = $db->insert_id;
#$sql_del = $db->query("DELETE FROM stan_standort_zuord WHERE said = $ck_admre");
$standort = $_POST[standort1];
for ($i=0;$i<sizeof($standort);$i++) {
$sql = $db->query ("INSERT INTO stan_standort_zuord (sid, seaid)
VALUES
('$standort[$i]', $seaid)
");
}
$empfaenger = "$_POST[mail]";
$betreff = "Anmeldung Standortadministrator";
$text = "
<html>
<head>
<title>Anmeldung Standortadministrator</title>
</head>
<body>
<font face='Arial' size='2'>
Guten Tag $_POST[vorname] $_POST[nachname]!<br><br>
Sie wurden als Standortadministrator für das Stellenantragssystem registriert!<br>
Nachfolgend finden Sie Ihre Zugangsdaten:
<br>
<br>
<table>
<tr>
<td valign='top'>
<font face='Arial' size='2'>
Benutzerkennung:
</font>
</td>
<td valign='top'>
<font face='Arial' size='2'>
<b>$_POST[user]</b>
</font>
</td>
</tr>
<tr>
<td valign='top'>
<font face='Arial' size='2'>
Passwort:
</font>
</td>
<td valign='top'>
<font face='Arial' size='2'>
<b>$_POST[user]</b>
</font>
</td>
</tr>
</table>
<br>
Bitte beachten Sie, dass zwischen Groß- und<br>
Kleinschreibung unterschieden wird.
<p>
Ändern Sie bitte zu Ihrer eigenen Sicherheit das<br>
Passwort nach dem ersten Login.
<p>
Link zum Stellenantragssystem: <a href=\"http://www.hs-ludwigsburg.de/kurs/stellenantrag_neu/standort\">http://www.hs-ludwigsburg.de/kurs/stellenantrag_neu/standort</a>
<p>
Diese Mail wurde automatisch generiert!<br>
Antworten Sie daher nicht auf diese Mail<br>
<br>
Vielen Dank
</body>
</html>";
if($hs =='K' or $hs =='k'){ //Empfängeradresse selektieren. Je nach Hochshule verschieden
$result3 = $db->query("SELECT wert2 FROM parameter WHERE pid=7");
$row3 = $result3->fetch_array();
$hochschule = 'Kehl';
}else{
$result3 = $db->query("SELECT wert2 FROM parameter WHERE pid=4");
$row3 = $result3->fetch_array();
$hochschule = 'Ludwigsburg';
}
$result_admin = $db->query("SELECT vorname, nachname FROM stan_admin WHERE user='$user_admin'");
$row_admin = $result_admin->fetch_array();
$sender = "$row_admin[vorname] $row_admin[nachname]";
$sendermail = "$row3[wert2]";
## Mailversand:
$headers = "From: $sender <$sendermail>\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=utf-8\r\n";
$return = @mail($empfaenger, $betreff, $text, $headers);
echo "
<html>
<head>
<meta http-equiv=\"content-type\" content=\"text/html; charset=utf-8\">
<link rel=\"stylesheet\" href=\"../styles_pc.css\" type=\"text/css\">
<title>Anlegen erfolgreich</title>
</head>
<body>
<table border=\"0\" style=\"border-collapse: collapse\" width=\"100%\" cellpadding=\"0\" height=\"100%\" id=\"table1\">
<tr>
<td>
<div align=\"center\">
<table cellspacing=\"0\" cellpadding=\"0\" width=\"550\" border=\"0\">
<tr>
<td width=\"10\" background=\"../images/box_e1.gif\">
<img height=\"40\" src=\"../images/blank.gif\" width=\"22\"></td>
<td nowrap=\"nowrap\" align=\"left\" width=\"3%\" background=\"../images/box_top.gif\" valign=\"top\"></td>
<td width=\"95%\" background=\"../images/box_top.gif\">
<img height=\"10\" src=\"../images/blank.gif\" width=\"1\"><br>
<span class=\"sh\">Anlegen erfolgreich</span><br>
<img height=\"5\" src=\"../images/blank.gif\" width=\"1\"></td>
<td nowrap=\"nowrap\" align=\"right\" width=\"1%\" background=\"../images/box_e2.gif\">
<img height=\"40\" src=\"../images/blank.gif\" width=\"22\"></td>
</tr>
<tr>
<td width=\"1%\" background=\"../images/box_l.gif\">
<img height=\"1\" src=\"../images/blank.gif\" width=\"22\"></td>
<td colspan=\"2\"><br>
<p align=\"center\">Der Standortadministrator wurde eingebunden!<br>Das Passwort ist gleich der Benutzerkennung
<br><br>";
if($return){
echo "Der Benutzer wurde per Mail informiert ($_POST[mail])";
}else{
echo "Der Benutzer konnte <b>nicht</b> per Mail informiert werden!";
}
echo"
</p>
<p align=\"center\"><a href=".$_SERVER['PHP_SELF'] .">
<img border=\"0\" src=\"../images/zurueck.gif\" width=\"77\" height=\"22\"></a><br>
</p>
<p></p>
<p></p>
<p></p>
<p></p>
<p><br>
</p>
</td>
<td width=\"1%\" background=\"../images/box_r.gif\">
<img height=\"1\" src=\"../images/blank.gif\" width=\"22\"></td>
</tr>
<tr>
<td nowrap=\"nowrap\" align=\"left\" width=\"1%\" background=\"../images/box_e3.gif\">
<img height=\"16\" src=\"../images/blank.gif\" width=\"22\"></td>
<td nowrap=\"nowrap\" align=\"left\" width=\"98%\" background=\"../images/box_bottom.gif\" colspan=\"2\">
<img height=\"16\" src=\"../images/blank.gif\" width=\"8\"></td>
<td nowrap=\"nowrap\" align=\"right\" width=\"1%\" background=\"../images/box_e4.gif\">
<img height=\"16\" src=\"../images/blank.gif\" width=\"22\"> </td>
</tr>
</table>
</div>
</td>
</tr>
</table>
</body>
</html>";
} // Ende Action script
?>