From aee828463e9a113182317ff897970c89033bdf52 Mon Sep 17 00:00:00 2001
From: aschwarz <a.schwarz@polizei.bwl.de>
Date: Mon, 27 Mar 2023 16:54:46 +0200
Subject: [PATCH] Systemerweiterungen
---
config.inc.php | 56 +++++---------
dashboard/changepwd.php | 4 +
dashboard/create_user.php | 4 +
dashboard/edit_user.php | 4 +
dashboard/error.php | 15 ++++
dashboard/nav.php | 16 +++-
dashboard/parameter.php | 4 +
dashboard/startseite.php | 6 +-
dashboard/survey_edit.php | 4 +
dashboard/survey_erfassen.php | 4 +
templates/modern/dashboard/error.html | 42 +++++++++++
...fcd8d65c4528b54f6950_0.file.error.html.php | 74 +++++++++++++++++++
...401c286ca72b20b_0.file.startseite.html.php | 8 +-
...8c2bf3e350_0.file.survey_erfassen.html.php | 12 +--
todo.txt | 6 +-
15 files changed, 207 insertions(+), 52 deletions(-)
create mode 100644 dashboard/error.php
create mode 100644 templates/modern/dashboard/error.html
create mode 100644 templates_c/1696c541489271569981fcd8d65c4528b54f6950_0.file.error.html.php
diff --git a/config.inc.php b/config.inc.php
index 51423c0..32ef164 100644
--- a/config.inc.php
+++ b/config.inc.php
@@ -3,41 +3,11 @@ if(!isset($_SESSION)) { session_start(); }
require_once("config/datenbankanbindung.php"); // fügt die Datenbankanbindung ein: Sys:\php\includes\kurs\datenbankanbindung.php
header('Content-Type: text/html; charset=utf-8');
-
-#---------------------------------------------------------------------------------------------------------------------------------------
-# Ermittlung der Globalen Einstellungen
- $db = dbconnect();
-# $result_ansprech_global = $db->query("SELECT wert1, wert2 FROM dep_parameter WHERE pid='1'");
-# $row_ansprech_global = $result_ansprech_global->fetch_array();
-
-# $global_service_admin = "$row_ansprech_global[wert1]";
-# $global_service_mail = "$row_ansprech_global[wert2]";
-
-# $query_ldapuser = $db->query("SELECT wert1, wert2 FROM dep_parameter WHERE pid='2'");
-# $row_ldapuser = $query_ldapuser->fetch_array();
-
-# $global_ldap_user = "$row_ldapuser[wert1]";
-# $global_ldap_pwd = "$row_ldapuser[wert2]";
-
-# $query_ldapserver = $db->query("SELECT wert1, wert2 FROM dep_parameter WHERE pid='3'");
-# $row_ldapserver = $query_ldapserver->fetch_array();
-# $global_ldap_serverhsnet = "$row_ldapserver[wert1]";
-# $global_ldap_porthsnet = "$row_ldapserver[wert2]";
-
-# $result_ldap_global = $db->query("SELECT wert1 FROM dep_parameter WHERE pid='4'");
-# $row_ldap_global = $result_ldap_global->fetch_array();
-# $global_ldap_art = "$row_ldap_global[wert1]";
-
-#---------------------------------------------------------------------------------------------------------------------------------------
-
-
-#$username = $_SESSION["global_username"];
$db = dbconnect();
$uid = $_SESSION["global_uid"];
-# if ($uid == "") {
-# echo "<meta http-equiv=\"refresh\" content=\"0; URL=\"index.php?error=4\">";
-# }
+
+
$login_dateiname = basename($_SERVER['PHP_SELF']);
@@ -46,12 +16,24 @@ if($uid == "" AND $login_dateiname !='index.php'){
exit;
}
-# echo "<hr>";
-# echo nl2br(print_r($_SESSION,true));
-# echo "<hr>";
-
-
$template = "modern";
+function rechte($curpage, $uid){
+ $db = dbconnect();
+ $result_rechte = $db->query("SELECT count(*) Anz
+ FROM jumi_menu_entries
+ WHERE lower(link) like lower('$curpage%')
+ AND meid IN (SELECT DISTINCT meid
+ FROM jumi_admin_rollen_rechte_zuord a, jumi_admin_rollen_user_zuord b
+ WHERE a.rid = b.rid
+ AND b.uid = $uid)");
+ $row_rechte = $result_rechte->fetch_array();
+ if($row_rechte['Anz'] > 0){
+ return true;
+ }else{
+ return false;
+ }
+
+}
#---------------------------------------------------------------------------------------------------------------------------------------
?>
\ No newline at end of file
diff --git a/dashboard/changepwd.php b/dashboard/changepwd.php
index 6ba591d..0de807e 100644
--- a/dashboard/changepwd.php
+++ b/dashboard/changepwd.php
@@ -11,6 +11,10 @@ include_once '../classes/TestProjektSmarty.class_subdir.php';
require_once("../config.inc.php");
$templatename = substr(basename($_SERVER['PHP_SELF']), 0, -3) . "html";
$smarty = new SmartyAdmin();
+if(!rechte(basename(__FILE__), $uid)){
+ echo "<meta http-equiv=\"refresh\" content=\"0; URL=error.php\">";
+ exit;
+}
require_once "../language/german.inc.php";
diff --git a/dashboard/create_user.php b/dashboard/create_user.php
index 0396e34..6e582e3 100644
--- a/dashboard/create_user.php
+++ b/dashboard/create_user.php
@@ -11,6 +11,10 @@ include_once '../classes/TestProjektSmarty.class_subdir.php';
require_once("../config.inc.php");
$templatename = substr(basename($_SERVER['PHP_SELF']), 0, -3) . "html";
$smarty = new SmartyAdmin();
+if(!rechte(basename(__FILE__), $uid)){
+ echo "<meta http-equiv=\"refresh\" content=\"0; URL=error.php\">";
+ exit;
+}
require_once "../language/german.inc.php";
diff --git a/dashboard/edit_user.php b/dashboard/edit_user.php
index 6535d03..157e1f0 100644
--- a/dashboard/edit_user.php
+++ b/dashboard/edit_user.php
@@ -11,6 +11,10 @@ include_once '../classes/TestProjektSmarty.class_subdir.php';
require_once("../config.inc.php");
$templatename = substr(basename($_SERVER['PHP_SELF']), 0, -3) . "html";
$smarty = new SmartyAdmin();
+if(!rechte(basename(__FILE__), $uid)){
+ echo "<meta http-equiv=\"refresh\" content=\"0; URL=error.php\">";
+ exit;
+}
require_once "../language/german.inc.php";
diff --git a/dashboard/error.php b/dashboard/error.php
new file mode 100644
index 0000000..b5f799f
--- /dev/null
+++ b/dashboard/error.php
@@ -0,0 +1,15 @@
+<?php
+## INDEX gegen DB
+if (!isset($_SESSION)) {
+ session_start();
+}
+#$_SESSION['sessionid'] = session_id();
+include_once '../classes/TestProjektSmarty.class_subdir.php';
+require_once("../config.inc.php");
+$smarty = new SmartyAdmin();
+$templatename = substr(basename($_SERVER['PHP_SELF']), 0, -3) . "html";
+require_once "../language/german.inc.php";
+
+$smarty->assign('action', "$action");
+$smarty->display("modern/dashboard/$templatename");
+?>
diff --git a/dashboard/nav.php b/dashboard/nav.php
index 5a2ad4d..7bb0ffb 100644
--- a/dashboard/nav.php
+++ b/dashboard/nav.php
@@ -15,6 +15,11 @@ require_once "../language/german.inc.php";
##############################################################################
$query = "SELECT mhid, headline, visible
FROM jumi_menu_headline
+ WHERE mhid IN (SELECT DISTINCT mhid
+ FROM jumi_menu_entries a, jumi_admin_rollen_rechte_zuord b, jumi_admin_rollen_user_zuord c
+ WHERE a.meid=b.meid
+ AND b.rid=c.rid
+ AND c.uid=$uid)
ORDER by mhid ASC";
$result = $db->query($query);
@@ -34,9 +39,14 @@ while ($row = $result->fetch_array()) {
FROM jumi_menu_entries
WHERE mhid=$row[mhid]
AND sup = meid
+ AND meid IN (SELECT DISTINCT meid
+ FROM jumi_admin_rollen_rechte_zuord a, jumi_admin_rollen_user_zuord b
+ WHERE a.rid = b.rid
+ AND b.uid = $uid)
ORDER BY meid ASC
";
-
+
+#echo "<br><br><br><br><br><br><br><br>----------------------------------------$query2";
$result2 = $db->query($query2) or die("Cannot execute query2");
$ln2 = 0;
@@ -60,6 +70,10 @@ while ($row = $result->fetch_array()) {
FROM jumi_menu_entries
WHERE mhid=$row2[mhid]
AND sup != meid
+ AND meid IN (SELECT DISTINCT meid
+ FROM jumi_admin_rollen_rechte_zuord a, jumi_admin_rollen_user_zuord b
+ WHERE a.rid = b.rid
+ AND b.uid = $uid)
ORDER BY meid ASC
";
diff --git a/dashboard/parameter.php b/dashboard/parameter.php
index 76373bf..691c0f1 100644
--- a/dashboard/parameter.php
+++ b/dashboard/parameter.php
@@ -4,6 +4,10 @@ if(!isset($_SESSION)) { session_start(); }
include_once '../classes/TestProjektSmarty.class_subdir.php';
require_once("../config.inc.php");
$smarty = new SmartyAdmin();
+if(!rechte(basename(__FILE__), $uid)){
+ echo "<meta http-equiv=\"refresh\" content=\"0; URL=error.php\">";
+ exit;
+}
$templatename = substr(basename($_SERVER['PHP_SELF']), 0, -3) . "html";
require_once "../language/german.inc.php";
diff --git a/dashboard/startseite.php b/dashboard/startseite.php
index 5fd3b35..24ee2ad 100644
--- a/dashboard/startseite.php
+++ b/dashboard/startseite.php
@@ -4,11 +4,13 @@ if (!isset($_SESSION)) {
session_start();
}
#$_SESSION['sessionid'] = session_id();
-
-
include_once '../classes/TestProjektSmarty.class_subdir.php';
require_once("../config.inc.php");
$smarty = new SmartyAdmin();
+if(!rechte(basename(__FILE__), $uid)){
+ echo "<meta http-equiv=\"refresh\" content=\"0; URL=error.php\">";
+ exit;
+}
$templatename = substr(basename($_SERVER['PHP_SELF']), 0, -3) . "html";
require_once "../language/german.inc.php";
diff --git a/dashboard/survey_edit.php b/dashboard/survey_edit.php
index 133dbfe..5bc38b9 100644
--- a/dashboard/survey_edit.php
+++ b/dashboard/survey_edit.php
@@ -6,6 +6,10 @@ include_once '../classes/TestProjektSmarty.class_subdir.php';
require_once("../config.inc.php");
$templatename = substr(basename($_SERVER['PHP_SELF']), 0, -3) . "html";
$smarty = new SmartyAdmin();
+if(!rechte(basename(__FILE__), $uid)){
+# echo "<meta http-equiv=\"refresh\" content=\"0; URL=error.php\">";
+# exit;
+}
require_once "../language/german.inc.php";
diff --git a/dashboard/survey_erfassen.php b/dashboard/survey_erfassen.php
index 7bf0df8..c767f9b 100644
--- a/dashboard/survey_erfassen.php
+++ b/dashboard/survey_erfassen.php
@@ -6,6 +6,10 @@ include_once '../classes/TestProjektSmarty.class_subdir.php';
require_once("../config.inc.php");
$templatename = substr(basename($_SERVER['PHP_SELF']), 0, -3) . "html";
$smarty = new SmartyAdmin();
+if(!rechte(basename(__FILE__), $uid)){
+ echo "<meta http-equiv=\"refresh\" content=\"0; URL=error.php\">";
+ exit;
+}
require_once "../language/german.inc.php";
diff --git a/templates/modern/dashboard/error.html b/templates/modern/dashboard/error.html
new file mode 100644
index 0000000..a2f09ce
--- /dev/null
+++ b/templates/modern/dashboard/error.html
@@ -0,0 +1,42 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <title>JU & MI Startseite</title>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge" />
+ <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
+ <meta name="description" content="" />
+ <meta name="author" content="" />
+ <link href="../bootstrap/node_modules/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet">
+ <!-- nochmals bootstrap.css mit Erweiterungen vom Dashboard -->
+ <link href="css/styles.css" rel="stylesheet" />
+ <!-- icons in nav-->
+ <script src="js/all.js" crossorigin="anonymous"></script>
+ <script src="../jquery/jquery-3.4.1.min.js"></script>
+ </head>
+ <body class="sb-nav-fixed">
+ <div id="navtop"></div>
+ {literal}
+ <script>
+ $(function(){
+ // im Navbar muss der toggle in der Callbackfunktion definiert werden. Sonst findet jquery getelementbyID nicht
+ $("#navtop").load('navtop.php', null, function(){$.getScript('js/scripts.js');});
+ $("#navleft").load("nav.php");
+ $("#footer").load("footer.php");
+ });
+ </script>
+ {/literal}
+ <div id="layoutSidenav">
+ <!-- Navigation left -->
+ <div id="navleft"></div>
+ <div id="layoutSidenav_content">
+ <main>
+ <div id="global_rechte"><div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Sie haben keinen Zugriff auf diese Seite</div></div>
+ </main>
+ <!-- footer -->
+ <div id="footer"></div>
+ </div>
+ </div>
+ <script src="../bootstrap/node_modules/bootstrap/dist/js/bootstrap.bundle.min.js"></script>
+ </body>
+</html>
\ No newline at end of file
diff --git a/templates_c/1696c541489271569981fcd8d65c4528b54f6950_0.file.error.html.php b/templates_c/1696c541489271569981fcd8d65c4528b54f6950_0.file.error.html.php
new file mode 100644
index 0000000..cb62b35
--- /dev/null
+++ b/templates_c/1696c541489271569981fcd8d65c4528b54f6950_0.file.error.html.php
@@ -0,0 +1,74 @@
+<?php
+/* Smarty version 3.1.39, created on 2023-03-27 16:46:50
+ from 'F:\git\survey\templates\modern\dashboard\error.html' */
+
+/* @var Smarty_Internal_Template $_smarty_tpl */
+if ($_smarty_tpl->_decodeProperties($_smarty_tpl, array (
+ 'version' => '3.1.39',
+ 'unifunc' => 'content_6421ac5a55d5f3_54963755',
+ 'has_nocache_code' => false,
+ 'file_dependency' =>
+ array (
+ '1696c541489271569981fcd8d65c4528b54f6950' =>
+ array (
+ 0 => 'F:\\git\\survey\\templates\\modern\\dashboard\\error.html',
+ 1 => 1679928223,
+ 2 => 'file',
+ ),
+ ),
+ 'includes' =>
+ array (
+ ),
+),false)) {
+function content_6421ac5a55d5f3_54963755 (Smarty_Internal_Template $_smarty_tpl) {
+?><!DOCTYPE html>
+<html lang="en">
+<head>
+ <title>JU & MI Startseite</title>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge" />
+ <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
+ <meta name="description" content="" />
+ <meta name="author" content="" />
+ <link href="../bootstrap/node_modules/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet">
+ <!-- nochmals bootstrap.css mit Erweiterungen vom Dashboard -->
+ <link href="css/styles.css" rel="stylesheet" />
+ <!-- icons in nav-->
+ <?php echo '<script'; ?>
+ src="js/all.js" crossorigin="anonymous"><?php echo '</script'; ?>
+>
+ <?php echo '<script'; ?>
+ src="../jquery/jquery-3.4.1.min.js"><?php echo '</script'; ?>
+>
+ </head>
+ <body class="sb-nav-fixed">
+ <div id="navtop"></div>
+
+ <?php echo '<script'; ?>
+>
+ $(function(){
+ // im Navbar muss der toggle in der Callbackfunktion definiert werden. Sonst findet jquery getelementbyID nicht
+ $("#navtop").load('navtop.php', null, function(){$.getScript('js/scripts.js');});
+ $("#navleft").load("nav.php");
+ $("#footer").load("footer.php");
+ });
+ <?php echo '</script'; ?>
+>
+
+ <div id="layoutSidenav">
+ <!-- Navigation left -->
+ <div id="navleft"></div>
+ <div id="layoutSidenav_content">
+ <main>
+ <div id="global_rechte"><div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Sie haben keinen Zugriff auf diese Seite</div></div>
+ </main>
+ <!-- footer -->
+ <div id="footer"></div>
+ </div>
+ </div>
+ <?php echo '<script'; ?>
+ src="../bootstrap/node_modules/bootstrap/dist/js/bootstrap.bundle.min.js"><?php echo '</script'; ?>
+>
+ </body>
+</html><?php }
+}
diff --git a/templates_c/1d7d9664b76f0bd4587451aa9401c286ca72b20b_0.file.startseite.html.php b/templates_c/1d7d9664b76f0bd4587451aa9401c286ca72b20b_0.file.startseite.html.php
index e47cb7d..d24a010 100644
--- a/templates_c/1d7d9664b76f0bd4587451aa9401c286ca72b20b_0.file.startseite.html.php
+++ b/templates_c/1d7d9664b76f0bd4587451aa9401c286ca72b20b_0.file.startseite.html.php
@@ -1,18 +1,18 @@
<?php
-/* Smarty version 3.1.39, created on 2023-03-27 11:48:29
+/* Smarty version 3.1.39, created on 2023-03-27 16:45:22
from 'F:\git\survey\templates\modern\dashboard\startseite.html' */
/* @var Smarty_Internal_Template $_smarty_tpl */
if ($_smarty_tpl->_decodeProperties($_smarty_tpl, array (
'version' => '3.1.39',
- 'unifunc' => 'content_6421666db0bc49_35421907',
+ 'unifunc' => 'content_6421ac028e2800_44904301',
'has_nocache_code' => false,
'file_dependency' =>
array (
'1d7d9664b76f0bd4587451aa9401c286ca72b20b' =>
array (
0 => 'F:\\git\\survey\\templates\\modern\\dashboard\\startseite.html',
- 1 => 1679910508,
+ 1 => 1679928167,
2 => 'file',
),
),
@@ -20,7 +20,7 @@ if ($_smarty_tpl->_decodeProperties($_smarty_tpl, array (
array (
),
),false)) {
-function content_6421666db0bc49_35421907 (Smarty_Internal_Template $_smarty_tpl) {
+function content_6421ac028e2800_44904301 (Smarty_Internal_Template $_smarty_tpl) {
?><!DOCTYPE html>
<html lang="en">
<head>
diff --git a/templates_c/85403c192b4eecdf6efb10ab95d6ca8c2bf3e350_0.file.survey_erfassen.html.php b/templates_c/85403c192b4eecdf6efb10ab95d6ca8c2bf3e350_0.file.survey_erfassen.html.php
index 24e79e0..f06a20c 100644
--- a/templates_c/85403c192b4eecdf6efb10ab95d6ca8c2bf3e350_0.file.survey_erfassen.html.php
+++ b/templates_c/85403c192b4eecdf6efb10ab95d6ca8c2bf3e350_0.file.survey_erfassen.html.php
@@ -1,18 +1,18 @@
<?php
-/* Smarty version 3.1.39, created on 2023-03-26 18:42:12
+/* Smarty version 3.1.39, created on 2023-03-27 15:29:15
from 'F:\git\survey\templates\modern\dashboard\survey_erfassen.html' */
/* @var Smarty_Internal_Template $_smarty_tpl */
if ($_smarty_tpl->_decodeProperties($_smarty_tpl, array (
'version' => '3.1.39',
- 'unifunc' => 'content_642075e4e840b2_61240326',
+ 'unifunc' => 'content_64219a2bcd61b4_25514715',
'has_nocache_code' => false,
'file_dependency' =>
array (
'85403c192b4eecdf6efb10ab95d6ca8c2bf3e350' =>
array (
0 => 'F:\\git\\survey\\templates\\modern\\dashboard\\survey_erfassen.html',
- 1 => 1679668664,
+ 1 => 1679910312,
2 => 'file',
),
),
@@ -20,7 +20,7 @@ if ($_smarty_tpl->_decodeProperties($_smarty_tpl, array (
array (
),
),false)) {
-function content_642075e4e840b2_61240326 (Smarty_Internal_Template $_smarty_tpl) {
+function content_64219a2bcd61b4_25514715 (Smarty_Internal_Template $_smarty_tpl) {
if ($_smarty_tpl->tpl_vars['action']->value == '') {?>
<!DOCTYPE html>
<html lang="de">
@@ -55,7 +55,7 @@ if ($_smarty_tpl->tpl_vars['action']->value == '') {?>
<link href="css/styles.css" rel="stylesheet" />
<!-- icons in nav-->
<?php echo '<script'; ?>
- src="all.js" crossorigin="anonymous"><?php echo '</script'; ?>
+ src="js/all.js" crossorigin="anonymous"><?php echo '</script'; ?>
>
<link rel="stylesheet" href="../bootstrap/node_modules/bootstrap-icons/font/bootstrap-icons.css">
<style type="text/css">
@@ -252,7 +252,7 @@ if ($_smarty_tpl->tpl_vars['action']->value == 'fragen') {?>
<link href="css/styles.css" rel="stylesheet" />
<!-- icons in nav-->
<?php echo '<script'; ?>
- src="all.js" crossorigin="anonymous"><?php echo '</script'; ?>
+ src="js/all.js" crossorigin="anonymous"><?php echo '</script'; ?>
>
<link rel="stylesheet" href="../bootstrap/node_modules/bootstrap-icons/font/bootstrap-icons.css">
<?php echo '<script'; ?>
diff --git a/todo.txt b/todo.txt
index 15453b9..91f73de 100644
--- a/todo.txt
+++ b/todo.txt
@@ -2,7 +2,9 @@ todo
-- Spalte ausblenden wenn klein
-- Ladebalken 5 Sekunden
-- systemparameter
+-- Men� in Datenbank �bernommen
+-- unlock im Login ber�cksichtigen
+-- Rechte einbauen
+
Rechteverwaltung
Kacheln Startseite
--- unlock im Login ber�cksichtigen
-Rechte einbauen auf Einzelseiten
\ No newline at end of file