diff --git a/config.inc.php b/config.inc.php index 51423c0..32ef164 100644 --- a/config.inc.php +++ b/config.inc.php @@ -3,41 +3,11 @@ if(!isset($_SESSION)) { session_start(); } require_once("config/datenbankanbindung.php"); // fügt die Datenbankanbindung ein: Sys:\php\includes\kurs\datenbankanbindung.php header('Content-Type: text/html; charset=utf-8'); - -#--------------------------------------------------------------------------------------------------------------------------------------- -# Ermittlung der Globalen Einstellungen - $db = dbconnect(); -# $result_ansprech_global = $db->query("SELECT wert1, wert2 FROM dep_parameter WHERE pid='1'"); -# $row_ansprech_global = $result_ansprech_global->fetch_array(); - -# $global_service_admin = "$row_ansprech_global[wert1]"; -# $global_service_mail = "$row_ansprech_global[wert2]"; - -# $query_ldapuser = $db->query("SELECT wert1, wert2 FROM dep_parameter WHERE pid='2'"); -# $row_ldapuser = $query_ldapuser->fetch_array(); - -# $global_ldap_user = "$row_ldapuser[wert1]"; -# $global_ldap_pwd = "$row_ldapuser[wert2]"; - -# $query_ldapserver = $db->query("SELECT wert1, wert2 FROM dep_parameter WHERE pid='3'"); -# $row_ldapserver = $query_ldapserver->fetch_array(); -# $global_ldap_serverhsnet = "$row_ldapserver[wert1]"; -# $global_ldap_porthsnet = "$row_ldapserver[wert2]"; - -# $result_ldap_global = $db->query("SELECT wert1 FROM dep_parameter WHERE pid='4'"); -# $row_ldap_global = $result_ldap_global->fetch_array(); -# $global_ldap_art = "$row_ldap_global[wert1]"; - -#--------------------------------------------------------------------------------------------------------------------------------------- - - -#$username = $_SESSION["global_username"]; $db = dbconnect(); $uid = $_SESSION["global_uid"]; -# if ($uid == "") { -# echo ""; -# } + + $login_dateiname = basename($_SERVER['PHP_SELF']); @@ -46,12 +16,24 @@ if($uid == "" AND $login_dateiname !='index.php'){ exit; } -# echo "
"; -# echo nl2br(print_r($_SESSION,true)); -# echo "
"; - - $template = "modern"; +function rechte($curpage, $uid){ + $db = dbconnect(); + $result_rechte = $db->query("SELECT count(*) Anz + FROM jumi_menu_entries + WHERE lower(link) like lower('$curpage%') + AND meid IN (SELECT DISTINCT meid + FROM jumi_admin_rollen_rechte_zuord a, jumi_admin_rollen_user_zuord b + WHERE a.rid = b.rid + AND b.uid = $uid)"); + $row_rechte = $result_rechte->fetch_array(); + if($row_rechte['Anz'] > 0){ + return true; + }else{ + return false; + } + +} #--------------------------------------------------------------------------------------------------------------------------------------- ?> \ No newline at end of file diff --git a/dashboard/changepwd.php b/dashboard/changepwd.php index 6ba591d..0de807e 100644 --- a/dashboard/changepwd.php +++ b/dashboard/changepwd.php @@ -11,6 +11,10 @@ include_once '../classes/TestProjektSmarty.class_subdir.php'; require_once("../config.inc.php"); $templatename = substr(basename($_SERVER['PHP_SELF']), 0, -3) . "html"; $smarty = new SmartyAdmin(); +if(!rechte(basename(__FILE__), $uid)){ + echo ""; + exit; +} require_once "../language/german.inc.php"; diff --git a/dashboard/create_user.php b/dashboard/create_user.php index 0396e34..6e582e3 100644 --- a/dashboard/create_user.php +++ b/dashboard/create_user.php @@ -11,6 +11,10 @@ include_once '../classes/TestProjektSmarty.class_subdir.php'; require_once("../config.inc.php"); $templatename = substr(basename($_SERVER['PHP_SELF']), 0, -3) . "html"; $smarty = new SmartyAdmin(); +if(!rechte(basename(__FILE__), $uid)){ + echo ""; + exit; +} require_once "../language/german.inc.php"; diff --git a/dashboard/edit_user.php b/dashboard/edit_user.php index 6535d03..157e1f0 100644 --- a/dashboard/edit_user.php +++ b/dashboard/edit_user.php @@ -11,6 +11,10 @@ include_once '../classes/TestProjektSmarty.class_subdir.php'; require_once("../config.inc.php"); $templatename = substr(basename($_SERVER['PHP_SELF']), 0, -3) . "html"; $smarty = new SmartyAdmin(); +if(!rechte(basename(__FILE__), $uid)){ + echo ""; + exit; +} require_once "../language/german.inc.php"; diff --git a/dashboard/error.php b/dashboard/error.php new file mode 100644 index 0000000..b5f799f --- /dev/null +++ b/dashboard/error.php @@ -0,0 +1,15 @@ +assign('action', "$action"); +$smarty->display("modern/dashboard/$templatename"); +?> diff --git a/dashboard/nav.php b/dashboard/nav.php index 5a2ad4d..7bb0ffb 100644 --- a/dashboard/nav.php +++ b/dashboard/nav.php @@ -15,6 +15,11 @@ require_once "../language/german.inc.php"; ############################################################################## $query = "SELECT mhid, headline, visible FROM jumi_menu_headline + WHERE mhid IN (SELECT DISTINCT mhid + FROM jumi_menu_entries a, jumi_admin_rollen_rechte_zuord b, jumi_admin_rollen_user_zuord c + WHERE a.meid=b.meid + AND b.rid=c.rid + AND c.uid=$uid) ORDER by mhid ASC"; $result = $db->query($query); @@ -34,9 +39,14 @@ while ($row = $result->fetch_array()) { FROM jumi_menu_entries WHERE mhid=$row[mhid] AND sup = meid + AND meid IN (SELECT DISTINCT meid + FROM jumi_admin_rollen_rechte_zuord a, jumi_admin_rollen_user_zuord b + WHERE a.rid = b.rid + AND b.uid = $uid) ORDER BY meid ASC "; - + +#echo "







----------------------------------------$query2"; $result2 = $db->query($query2) or die("Cannot execute query2"); $ln2 = 0; @@ -60,6 +70,10 @@ while ($row = $result->fetch_array()) { FROM jumi_menu_entries WHERE mhid=$row2[mhid] AND sup != meid + AND meid IN (SELECT DISTINCT meid + FROM jumi_admin_rollen_rechte_zuord a, jumi_admin_rollen_user_zuord b + WHERE a.rid = b.rid + AND b.uid = $uid) ORDER BY meid ASC "; diff --git a/dashboard/parameter.php b/dashboard/parameter.php index 76373bf..691c0f1 100644 --- a/dashboard/parameter.php +++ b/dashboard/parameter.php @@ -4,6 +4,10 @@ if(!isset($_SESSION)) { session_start(); } include_once '../classes/TestProjektSmarty.class_subdir.php'; require_once("../config.inc.php"); $smarty = new SmartyAdmin(); +if(!rechte(basename(__FILE__), $uid)){ + echo ""; + exit; +} $templatename = substr(basename($_SERVER['PHP_SELF']), 0, -3) . "html"; require_once "../language/german.inc.php"; diff --git a/dashboard/startseite.php b/dashboard/startseite.php index 5fd3b35..24ee2ad 100644 --- a/dashboard/startseite.php +++ b/dashboard/startseite.php @@ -4,11 +4,13 @@ if (!isset($_SESSION)) { session_start(); } #$_SESSION['sessionid'] = session_id(); - - include_once '../classes/TestProjektSmarty.class_subdir.php'; require_once("../config.inc.php"); $smarty = new SmartyAdmin(); +if(!rechte(basename(__FILE__), $uid)){ + echo ""; + exit; +} $templatename = substr(basename($_SERVER['PHP_SELF']), 0, -3) . "html"; require_once "../language/german.inc.php"; diff --git a/dashboard/survey_edit.php b/dashboard/survey_edit.php index 133dbfe..5bc38b9 100644 --- a/dashboard/survey_edit.php +++ b/dashboard/survey_edit.php @@ -6,6 +6,10 @@ include_once '../classes/TestProjektSmarty.class_subdir.php'; require_once("../config.inc.php"); $templatename = substr(basename($_SERVER['PHP_SELF']), 0, -3) . "html"; $smarty = new SmartyAdmin(); +if(!rechte(basename(__FILE__), $uid)){ +# echo ""; +# exit; +} require_once "../language/german.inc.php"; diff --git a/dashboard/survey_erfassen.php b/dashboard/survey_erfassen.php index 7bf0df8..c767f9b 100644 --- a/dashboard/survey_erfassen.php +++ b/dashboard/survey_erfassen.php @@ -6,6 +6,10 @@ include_once '../classes/TestProjektSmarty.class_subdir.php'; require_once("../config.inc.php"); $templatename = substr(basename($_SERVER['PHP_SELF']), 0, -3) . "html"; $smarty = new SmartyAdmin(); +if(!rechte(basename(__FILE__), $uid)){ + echo ""; + exit; +} require_once "../language/german.inc.php"; diff --git a/templates/modern/dashboard/error.html b/templates/modern/dashboard/error.html new file mode 100644 index 0000000..a2f09ce --- /dev/null +++ b/templates/modern/dashboard/error.html @@ -0,0 +1,42 @@ + + + + JU & MI Startseite + + + + + + + + + + + + + + + {literal} + + {/literal} +
+ + +
+
+
Sie haben keinen Zugriff auf diese Seite
+
+ + +
+
+ + + \ No newline at end of file diff --git a/templates_c/1696c541489271569981fcd8d65c4528b54f6950_0.file.error.html.php b/templates_c/1696c541489271569981fcd8d65c4528b54f6950_0.file.error.html.php new file mode 100644 index 0000000..cb62b35 --- /dev/null +++ b/templates_c/1696c541489271569981fcd8d65c4528b54f6950_0.file.error.html.php @@ -0,0 +1,74 @@ +_decodeProperties($_smarty_tpl, array ( + 'version' => '3.1.39', + 'unifunc' => 'content_6421ac5a55d5f3_54963755', + 'has_nocache_code' => false, + 'file_dependency' => + array ( + '1696c541489271569981fcd8d65c4528b54f6950' => + array ( + 0 => 'F:\\git\\survey\\templates\\modern\\dashboard\\error.html', + 1 => 1679928223, + 2 => 'file', + ), + ), + 'includes' => + array ( + ), +),false)) { +function content_6421ac5a55d5f3_54963755 (Smarty_Internal_Template $_smarty_tpl) { +?> + + + JU & MI Startseite + + + + + + + + + + + src="js/all.js" crossorigin="anonymous"> +> + + src="../jquery/jquery-3.4.1.min.js"> +> + + + + + +> + $(function(){ + // im Navbar muss der toggle in der Callbackfunktion definiert werden. Sonst findet jquery getelementbyID nicht + $("#navtop").load('navtop.php', null, function(){$.getScript('js/scripts.js');}); + $("#navleft").load("nav.php"); + $("#footer").load("footer.php"); + }); + +> + +
+ + +
+
+
Sie haben keinen Zugriff auf diese Seite
+
+ + +
+
+ + src="../bootstrap/node_modules/bootstrap/dist/js/bootstrap.bundle.min.js"> +> + +_decodeProperties($_smarty_tpl, array ( 'version' => '3.1.39', - 'unifunc' => 'content_6421666db0bc49_35421907', + 'unifunc' => 'content_6421ac028e2800_44904301', 'has_nocache_code' => false, 'file_dependency' => array ( '1d7d9664b76f0bd4587451aa9401c286ca72b20b' => array ( 0 => 'F:\\git\\survey\\templates\\modern\\dashboard\\startseite.html', - 1 => 1679910508, + 1 => 1679928167, 2 => 'file', ), ), @@ -20,7 +20,7 @@ if ($_smarty_tpl->_decodeProperties($_smarty_tpl, array ( array ( ), ),false)) { -function content_6421666db0bc49_35421907 (Smarty_Internal_Template $_smarty_tpl) { +function content_6421ac028e2800_44904301 (Smarty_Internal_Template $_smarty_tpl) { ?> diff --git a/templates_c/85403c192b4eecdf6efb10ab95d6ca8c2bf3e350_0.file.survey_erfassen.html.php b/templates_c/85403c192b4eecdf6efb10ab95d6ca8c2bf3e350_0.file.survey_erfassen.html.php index 24e79e0..f06a20c 100644 --- a/templates_c/85403c192b4eecdf6efb10ab95d6ca8c2bf3e350_0.file.survey_erfassen.html.php +++ b/templates_c/85403c192b4eecdf6efb10ab95d6ca8c2bf3e350_0.file.survey_erfassen.html.php @@ -1,18 +1,18 @@ _decodeProperties($_smarty_tpl, array ( 'version' => '3.1.39', - 'unifunc' => 'content_642075e4e840b2_61240326', + 'unifunc' => 'content_64219a2bcd61b4_25514715', 'has_nocache_code' => false, 'file_dependency' => array ( '85403c192b4eecdf6efb10ab95d6ca8c2bf3e350' => array ( 0 => 'F:\\git\\survey\\templates\\modern\\dashboard\\survey_erfassen.html', - 1 => 1679668664, + 1 => 1679910312, 2 => 'file', ), ), @@ -20,7 +20,7 @@ if ($_smarty_tpl->_decodeProperties($_smarty_tpl, array ( array ( ), ),false)) { -function content_642075e4e840b2_61240326 (Smarty_Internal_Template $_smarty_tpl) { +function content_64219a2bcd61b4_25514715 (Smarty_Internal_Template $_smarty_tpl) { if ($_smarty_tpl->tpl_vars['action']->value == '') {?> @@ -55,7 +55,7 @@ if ($_smarty_tpl->tpl_vars['action']->value == '') {?> - src="all.js" crossorigin="anonymous"> + src="js/all.js" crossorigin="anonymous"> >