Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include('auth.php'); //Sicherheit
- function u_admin()
- {
- $INHALT = "<h2 id=\"title-content\">Userverwaltung</h2>\n"; //�berschrift
- if(isset($_GET['opt'])) //�berpr�fen, ob eine bearbeitung vorliegt
- {
- switch($_GET['opt'])
- {
- case 'edit': //�ndern eines users
- $INHALT .= edituser($_GET['id']);
- return $INHALT;
- case 'editsave': //speichern der �nderungen
- $INHALT .= editusers($_GET['id']);
- return $INHALT;
- case 'new': //neuen user erstellen
- $INHALT .= newuser();
- return $INHALT;
- case 'newsave': //neuen user speichern
- $INHALT .= newusers();
- return $INHALT;
- case 'delete': //user l�schen nachfragen
- $INHALT .= deleteuser($_GET['id']);
- return $INHALT;
- case 'deletea': //user l�schen
- $INHALT .= deleteusera($_GET['id']);
- return $INHALT;
- }
- }
- else
- {
- global $templates;
- //standard ansicht
- //abfrage f�r den Inhalt
- $query = "SELECT virtual_users.id as vid, virtual_users.user, virtual_users.domain_id, user_priv.priv FROM virtual_users right outer join user_priv on user_priv.user_id = virtual_users.id";
- $result = mysql_query($query) or die("Anfrage fehlgeschlagen: " . mysql_error());
- //auslesen
- $i = 1;
- $code ="";
- while($line = mysql_fetch_array($result, MYSQL_ASSOC))
- {
- $id = $line['vid'];
- $Name = $line['user'];
- $domain_id = $line['domain_id'];
- $Priv = $line['priv'];
- //abfrage f�r die domain
- $query = "SELECT * FROM virtual_domains where id = $domain_id";
- $result2 = mysql_query($query);
- $array = mysql_fetch_array($result2, MYSQL_ASSOC);
- echo mysql_error();
- $domain = $array['name'];
- //ausgeben in Html
- $form = file_get_contents($templates['user_haupt_element']);
- //hinzuf�gen des dynamischen inhalts
- $form = preg_replace("/\[\%priv\%\]/", $Priv, $form);
- $form = preg_replace("/\[\%name\%\]/", $Name, $form);
- $form = preg_replace("/\[\%domain\%\]/", $domain, $form);
- $form = preg_replace("/\[\%id%\]/", $id, $form);
- $form = preg_replace("/\[\%i\%\]/", $i, $form);
- $code .= $form;
- if($i == 1)
- {
- $i = 2;
- }
- else
- {
- $i = 1;
- }
- }
- //template
- $form = file_get_contents($templates['user_haupt']);
- //hinzuf�gen des dynamischen inhalts
- $form = preg_replace("/\[\%inhalt\%\]/", $code, $form);
- $INHALT .= $form;
- return $INHALT;
- }
- }
- //�ndern eines users
- function edituser($id)
- {
- global $templates;
- //vorhandene informationen aus der Datenbank auslesen
- $query = "SELECT * FROM virtual_users right outer join user_priv on user_priv.user_id = virtual_users.id where virtual_users.id = '$id'";
- $result = mysql_query($query) or die("Anfrage fehlgeschlagen: " . mysql_error());
- $line = mysql_fetch_array($result, MYSQL_ASSOC);
- $name = $line['user'];
- $priv = $line['priv'];
- $domain_id = $line['domain_id'];
- //domainliste
- $container = "";
- $domainelments = file_get_contents($templates['user_domain_element']);
- $query = "SELECT * FROM virtual_domains";
- $result2 = mysql_query($query) or die("Anfrage fehlgeschlagen: " . mysql_error());
- while($line = mysql_fetch_array($result2, MYSQL_ASSOC))
- {
- $Name = $line['name'];
- $did = $line['id'];
- if ($did == $domain_id)
- {
- $domain = preg_replace("/\[\%domain\%\]/", $Name, $domainelments);
- $domain = preg_replace("/\[\%s\%\]/", "selected", $domain);
- $domain = preg_replace("/\[\%id\%\]/", $did, $domain);
- }
- else
- {
- $domain = preg_replace("/\[\%domain\%\]/", $Name, $domainelments);
- $domain = preg_replace("/\[\%s\%\]/", "", $domain);
- $domain = preg_replace("/\[\%id\%\]/", $did, $domain);
- }
- $container .= $domain;
- }
- $form = file_get_contents($templates['user_edit']);
- //hinzuf�gen des dynamischen inhalts
- $form = preg_replace("/\[\%id\%\]/", $id, $form);
- $form = preg_replace("/\[\%Name\%\]/", $name, $form);
- $form = preg_replace("/\[\%delements\%\]/", $container, $form);
- $form = preg_replace("/\[\%fehler\%\]/", "", $form);
- $form = preg_replace("/\[\%pw\%\]/", "", $form);
- switch ($priv)
- {
- case 'admin':
- $form = preg_replace("/\[\%admin\%\]/", "selected", $form);
- $form = preg_replace("/\[\%user\%\]/", "", $form);
- break;
- case 'user':
- $form = preg_replace("/\[\%admin\%\]/", "", $form);
- $form = preg_replace("/\[\%user\%\]/", "selected", $form);
- break;
- }
- return $form;
- }
- //speichern der �nderungen
- function editusers($id)
- {
- global $templates;
- //werte auslesen
- $fldName = $_POST['fldName'];
- $fldPw = $_POST['fldPw'];
- $fldPw2 = $_POST['fldPw2'];
- $priv = $_POST['typ'];
- $domain_id = $_POST['domain'];
- //fehlervariable
- $fehler ="";
- if ($fldName=="")
- {
- $fehler = "Keine Usernamen angeben!<br>";
- }
- if ($fldPw!=$fldPw2)
- {
- $fehler .= "Passw�rter stimmen nicht �berein!<br>";
- }
- //�berpr�fen, ob der name schon vorhanden ist
- $query = "SELECT count(id) as anzahl FROM virtual_users WHERE user = '$fldName'";
- $result = mysql_query($query);
- $array = mysql_fetch_array($result, MYSQL_ASSOC);
- $anzahl = $array['anzahl'];
- if (anzahl > 1)
- {
- $fehler .= "Der User ist schon vorhanden!<br>";
- }
- if($fehler!="")
- {
- $form = file_get_contents($templates['error']);
- //hinzuf�gen des dynamischen inhalts
- $error = preg_replace("/\[\%legend%\]/", "Fehler:", $form);
- $fehler = preg_replace("/\[\%content%\]/", $fehler, $error);
- //domainliste
- $container = "";
- $domainelments = file_get_contents($templates['user_domain_element']);
- $query2 = "SELECT * FROM virtual_domains";
- $result2 = mysql_query($query2) or die("Anfrage fehlgeschlagen: " . mysql_error());
- while($line = mysql_fetch_array($result2, MYSQL_ASSOC))
- {
- $Name = $line['name'];
- $did = $line['id'];
- if ($did == $domain_id)
- {
- $domain = preg_replace("/\[\%domain\%\]/", $Name, $domainelments);
- $domain = preg_replace("/\[\%s\%\]/", "selected", $domain);
- $domain = preg_replace("/\[\%id\%\]/", $did, $domain);
- }
- else
- {
- $domain = preg_replace("/\[\%domain\%\]/", $Name, $domainelments);
- $domain = preg_replace("/\[\%s\%\]/", "", $domain);
- $domain = preg_replace("/\[\%id\%\]/", $did, $domain);
- }
- $container .= $domain;
- }
- $form = file_get_contents($templates['user_edit']);
- //hinzuf�gen des dynamischen inhalts
- $form = preg_replace("/\[\%id\%\]/", $id, $form);
- $form = preg_replace("/\[\%Name\%\]/", $fldName, $form);
- $form = preg_replace("/\[\%fehler\%\]/", $fehler, $form);
- $form = preg_replace("/\[\%delements\%\]/", $container, $form);
- $form = preg_replace("/\[\%pw\%\]/", "", $form);
- switch ($priv)
- {
- case 'admin':
- $form = preg_replace("/\[\%admin\%\]/", "selected", $form);
- $form = preg_replace("/\[\%user\%\]/", "", $form);
- break;
- case 'user':
- $form = preg_replace("/\[\%admin\%\]/", "", $form);
- $form = preg_replace("/\[\%user\%\]/", "selected", $form);
- break;
- }
- return $form;
- }
- //speichern
- //verschl�sseln
- $fldPw = md5($fldPw);
- //SQl-abfrage erstellen
- $query = "UPDATE virtual_users SET user = '$fldName', password = '$fldPw', domain_id = $domain_id WHERE id = '$id'";
- $result = mysql_query($query) or die("Anfrage fehlgeschlagen: " . mysql_error());
- $query = "UPDATE user_priv SET priv = '$priv' WHERE user_id = '$id'";
- $result = mysql_query($query) or die("Anfrage fehlgeschlagen: " . mysql_error());
- $INHALT .= "Datensatz erfolgreich ge�ndert!<br>";
- $INHALT .= "<br><a href=\"index.php?link=user\">zur�ck</a><br>";
- return $INHALT;
- }
- //user erstellen
- function newuser()
- {
- global $templates;
- //domainliste
- $container = "";
- $domainelments = file_get_contents($templates['user_domain_element']);
- $query = "SELECT * FROM virtual_domains";
- $result = mysql_query($query) or die("Anfrage fehlgeschlagen: " . mysql_error());
- while($line = mysql_fetch_array($result, MYSQL_ASSOC))
- {
- $Name = $line['name'];
- $did = $line['id'];
- $domain = preg_replace("/\[\%domain\%\]/", $Name, $domainelments);
- $domain = preg_replace("/\[\%s\%\]/", "", $domain);
- $domain = preg_replace("/\[\%id\%\]/", $did, $domain);
- $container .= $domain;
- }
- $form = file_get_contents($templates['user_new']);
- //hinzuf�gen des dynamischen inhalts
- $form = preg_replace("/\[\%fehler\%\]/", "", $form);
- $form = preg_replace("/\[\%delements\%\]/", $container, $form);
- $form = preg_replace("/\[\%pw\%\]/", "", $form);
- $form = preg_replace("/\[\%name\%\]/", "", $form);
- $form = preg_replace("/\[\%admin\%\]/", "", $form);
- $form = preg_replace("/\[\%user\%\]/", "", $form);
- return $form;
- }
- //neuen user speichern
- function newusers()
- {
- global $templates;
- //werte auslesen
- $fldName = $_POST['fldName'];
- $fldPw = $_POST['fldPw'];
- $fldPw2 = $_POST['fldPw2'];
- $priv = $_POST['typ'];
- $domain_id = $_POST['domain'];
- //fehlervariable
- $fehler ="";
- if ($fldName=="")
- {
- $fehler = "Keine Usernamen angeben!<br>";
- }
- if ($fldPw!=$fldPw2)
- {
- $fehler .= "Passw�rter stimmen nicht �berein!<br>";
- }
- //�berpr�fen, ob der name schon vorhanden ist
- $query = "SELECT count(id) as anzahl FROM virtual_users WHERE user = '$fldName'";
- $result = mysql_query($query);
- $array = mysql_fetch_array($result, MYSQL_ASSOC);
- $anzahl = $array['anzahl'];
- if($fehler!="")
- {
- $form = file_get_contents($templates['error']);
- //hinzuf�gen des dynamischen inhalts
- $error = preg_replace("/\[\%legend%\]/", "Fehler:", $form);
- $fehler = preg_replace("/\[\%content%\]/", $fehler, $error);
- //domainliste
- $container = "";
- $domainelments = file_get_contents($templates['user_domain_element']);
- $query = "SELECT * FROM virtual_domains";
- $result = mysql_query($query) or die("Anfrage fehlgeschlagen: " . mysql_error());
- while($line = mysql_fetch_array($result, MYSQL_ASSOC))
- {
- $Name = $line['name'];
- $did = $line['id'];
- if ($did == $domain_id)
- {
- $domain = preg_replace("/\[\%domain\%\]/", $Name, $domainelments);
- $domain = preg_replace("/\[\%s\%\]/", "selected", $domain);
- $domain = preg_replace("/\[\%id\%\]/", $did, $domain);
- }
- else
- {
- $domain = preg_replace("/\[\%domain\%\]/", $Name, $domainelments);
- $domain = preg_replace("/\[\%s\%\]/", "", $domain);
- $domain = preg_replace("/\[\%id\%\]/", $did, $domain);
- }
- $container .= $domain;
- }
- $form = file_get_contents($templates['user_new']);
- //hinzuf�gen des dynamischen inhalts
- $form = preg_replace("/\[\%delements\%\]/", $container, $form);
- $form = preg_replace("/\[\%name\%\]/", $fldName, $form);
- $form = preg_replace("/\[\%fehler\%\]/", $fehler, $form);
- $form = preg_replace("/\[\%pw\%\]/", "", $form);
- switch ($priv)
- {
- case 'admin':
- $form = preg_replace("/\[\%admin\%\]/", "selected", $form);
- $form = preg_replace("/\[\%user\%\]/", "", $form);
- break;
- case 'user':
- $form = preg_replace("/\[\%admin\%\]/", "", $form);
- $form = preg_replace("/\[\%user\%\]/", "selected", $form);
- break;
- }
- return $form;
- }
- //speichern
- //verschl�sseln
- $fldPw = md5($fldPw);
- //SQl-abfrage erstellen
- $query = "INSERT INTO virtual_users (user, password, domain_id) VALUES ('$fldName', '$fldPw', $domain_id)";
- $result = mysql_query($query) or die("Anfrage fehlgeschlagen: " . mysql_error());
- //id heraus suchen
- $query = "SELECT id FROM virtual_users WHERE user = '$fldName' AND domain_id = '$domain_id'";
- $result = mysql_query($query);
- $array = mysql_fetch_array($result, MYSQL_ASSOC);
- $id = $array['id'];
- $query = "INSERT INTO user_priv (user_id, priv) VALUES ('$id', '$priv')";
- $result = mysql_query($query) or die("Anfrage fehlgeschlagen: " . mysql_error());
- $INHALT .= "Datensatz erfolgreich erstellt!<br>";
- $INHALT .= "<br><a href=\"index.php?link=user\">zur�ck</a><br>";
- return $INHALT;
- }
- //user l�schen nachfragen
- function deleteuser($id)
- {
- global $templates;
- //Abfrage f�r den Namen
- $query = "SELECT virtual_users.id as vid, virtual_users.user, virtual_users.password, user_priv.priv FROM virtual_users right outer join user_priv on user_priv.user_id = virtual_users.id where virtual_users.id = '$id'";
- $result = mysql_query($query);
- $array = mysql_fetch_array($result, MYSQL_ASSOC);
- $Name = $array['user'];
- $priv = $array['priv'];
- //verhindern, dass der letzte admin gel�scht wird!
- if($priv=='admin')
- {
- $query = "SELECT count(id) as Anzahl FROM user_priv WHERE priv like 'admin'";
- $result = mysql_query($query);
- $array = mysql_fetch_array($result, MYSQL_ASSOC);
- $anzahl = $array['Anzahl'];
- if($anzahl == 1)
- {
- $antwort = "Der letzte Admin \"".$Name."\" kann nicht gel�scht werden.<br>";
- $antwort .= "<br><a href=\"index.php?link=user\">zur�ck</a><br>";
- return $antwort;
- }
- }
- //template
- $form = file_get_contents($templates['user_delete']);
- //hinzuf�gen des dynamischen inhalts
- $form = preg_replace("/\[\%user\%\]/", $Name, $form);
- $form = preg_replace("/\[\%id\%\]/", $id, $form);
- //r�ckgabe
- return $form;
- }
- //user l�schen
- function deleteusera($id)
- {
- $query = "DELETE FROM virtual_users WHERE id = '$id' limit 1";
- //Datenbank updaten
- $result = mysql_query($query) or die("Anfrage fehlgeschlagen:<br> " . mysql_error());
- $query = "DELETE FROM user_priv WHERE user_id = '$id' limit 1";
- //Datenbank updaten
- $result = mysql_query($query) or die("Anfrage fehlgeschlagen:<br> " . mysql_error());
- $INHALT .= "Datensatz erfolgreich gel�scht!<br>";
- //zur�ck link einf�gen
- $INHALT .= "<br><a href=\"index.php?link=user\">zur�ck</a><br>";
- //r�ckgabe
- return $INHALT;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement