API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 7th, 2017
91
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.89 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. include('auth.php'); //Sicherheit
  3.  
  4. function u_admin()
  5. {
  6. $INHALT = "<h2 id=\"title-content\">Userverwaltung</h2>\n"; //�berschrift
  7. if(isset($_GET['opt'])) //�berpr�fen, ob eine bearbeitung vorliegt
  8. {
  9. switch($_GET['opt'])
  10. {
  11. case 'edit': //�ndern eines users
  12. $INHALT .= edituser($_GET['id']);
  13. return $INHALT;
  14. case 'editsave': //speichern der �nderungen
  15. $INHALT .= editusers($_GET['id']);
  16. return $INHALT;
  17. case 'new': //neuen user erstellen
  18. $INHALT .= newuser();
  19. return $INHALT;
  20. case 'newsave': //neuen user speichern
  21. $INHALT .= newusers();
  22. return $INHALT;
  23. case 'delete': //user l�schen nachfragen
  24. $INHALT .= deleteuser($_GET['id']);
  25. return $INHALT;
  26. case 'deletea': //user l�schen
  27. $INHALT .= deleteusera($_GET['id']);
  28. return $INHALT;
  29. }
  30. }
  31. else
  32. {
  33. global $templates;
  34. //standard ansicht
  35. //abfrage f�r den Inhalt
  36. $query = "SELECT virtual_users.id as vid, virtual_users.user, virtual_users.domain_id, user_priv.priv FROM virtual_users right outer join user_priv on user_priv.user_id = virtual_users.id";
  37. $result = mysql_query($query) or die("Anfrage fehlgeschlagen: " . mysql_error());
  38.  
  39. //auslesen
  40. $i = 1;
  41. $code ="";
  42. while($line = mysql_fetch_array($result, MYSQL_ASSOC))
  43. {
  44. $id = $line['vid'];
  45. $Name = $line['user'];
  46. $domain_id = $line['domain_id'];
  47. $Priv = $line['priv'];
  48.  
  49. //abfrage f�r die domain
  50. $query = "SELECT * FROM virtual_domains where id = $domain_id";
  51. $result2 = mysql_query($query);
  52. $array = mysql_fetch_array($result2, MYSQL_ASSOC);
  53. echo mysql_error();
  54. $domain = $array['name'];
  55.  
  56. //ausgeben in Html
  57.  
  58. $form = file_get_contents($templates['user_haupt_element']);
  59. //hinzuf�gen des dynamischen inhalts
  60. $form = preg_replace("/\[\%priv\%\]/", $Priv, $form);
  61. $form = preg_replace("/\[\%name\%\]/", $Name, $form);
  62. $form = preg_replace("/\[\%domain\%\]/", $domain, $form);
  63. $form = preg_replace("/\[\%id%\]/", $id, $form);
  64. $form = preg_replace("/\[\%i\%\]/", $i, $form);
  65. $code .= $form;
  66.  
  67. if($i == 1)
  68. {
  69. $i = 2;
  70. }
  71. else
  72. {
  73. $i = 1;
  74. }
  75. }
  76. //template
  77. $form = file_get_contents($templates['user_haupt']);
  78. //hinzuf�gen des dynamischen inhalts
  79. $form = preg_replace("/\[\%inhalt\%\]/", $code, $form);
  80.  
  81. $INHALT .= $form;
  82. return $INHALT;
  83. }
  84. }
  85.  
  86. //�ndern eines users
  87. function edituser($id)
  88. {
  89. global $templates;
  90.  
  91. //vorhandene informationen aus der Datenbank auslesen
  92. $query = "SELECT * FROM virtual_users right outer join user_priv on user_priv.user_id = virtual_users.id where virtual_users.id = '$id'";
  93. $result = mysql_query($query) or die("Anfrage fehlgeschlagen: " . mysql_error());
  94. $line = mysql_fetch_array($result, MYSQL_ASSOC);
  95. $name = $line['user'];
  96. $priv = $line['priv'];
  97. $domain_id = $line['domain_id'];
  98.  
  99. //domainliste
  100. $container = "";
  101. $domainelments = file_get_contents($templates['user_domain_element']);
  102. $query = "SELECT * FROM virtual_domains";
  103. $result2 = mysql_query($query) or die("Anfrage fehlgeschlagen: " . mysql_error());
  104. while($line = mysql_fetch_array($result2, MYSQL_ASSOC))
  105. {
  106. $Name = $line['name'];
  107. $did = $line['id'];
  108. if ($did == $domain_id)
  109. {
  110. $domain = preg_replace("/\[\%domain\%\]/", $Name, $domainelments);
  111. $domain = preg_replace("/\[\%s\%\]/", "selected", $domain);
  112. $domain = preg_replace("/\[\%id\%\]/", $did, $domain);
  113. }
  114. else
  115. {
  116. $domain = preg_replace("/\[\%domain\%\]/", $Name, $domainelments);
  117. $domain = preg_replace("/\[\%s\%\]/", "", $domain);
  118. $domain = preg_replace("/\[\%id\%\]/", $did, $domain);
  119. }
  120. $container .= $domain;
  121. }
  122.  
  123. $form = file_get_contents($templates['user_edit']);
  124. //hinzuf�gen des dynamischen inhalts
  125. $form = preg_replace("/\[\%id\%\]/", $id, $form);
  126. $form = preg_replace("/\[\%Name\%\]/", $name, $form);
  127. $form = preg_replace("/\[\%delements\%\]/", $container, $form);
  128. $form = preg_replace("/\[\%fehler\%\]/", "", $form);
  129. $form = preg_replace("/\[\%pw\%\]/", "", $form);
  130. switch ($priv)
  131. {
  132. case 'admin':
  133. $form = preg_replace("/\[\%admin\%\]/", "selected", $form);
  134. $form = preg_replace("/\[\%user\%\]/", "", $form);
  135. break;
  136. case 'user':
  137. $form = preg_replace("/\[\%admin\%\]/", "", $form);
  138. $form = preg_replace("/\[\%user\%\]/", "selected", $form);
  139. break;
  140. }
  141. return $form;
  142. }
  143.  
  144. //speichern der �nderungen
  145. function editusers($id)
  146. {
  147. global $templates;
  148.  
  149. //werte auslesen
  150. $fldName = $_POST['fldName'];
  151. $fldPw = $_POST['fldPw'];
  152. $fldPw2 = $_POST['fldPw2'];
  153. $priv = $_POST['typ'];
  154. $domain_id = $_POST['domain'];
  155.  
  156. //fehlervariable
  157. $fehler ="";
  158.  
  159. if ($fldName=="")
  160. {
  161. $fehler = "Keine Usernamen angeben!<br>";
  162. }
  163.  
  164. if ($fldPw!=$fldPw2)
  165. {
  166. $fehler .= "Passw�rter stimmen nicht �berein!<br>";
  167. }
  168.  
  169. //�berpr�fen, ob der name schon vorhanden ist
  170. $query = "SELECT count(id) as anzahl FROM virtual_users WHERE user = '$fldName'";
  171. $result = mysql_query($query);
  172. $array = mysql_fetch_array($result, MYSQL_ASSOC);
  173. $anzahl = $array['anzahl'];
  174.  
  175.  
  176. if (anzahl > 1)
  177. {
  178. $fehler .= "Der User ist schon vorhanden!<br>";
  179. }
  180.  
  181. if($fehler!="")
  182. {
  183. $form = file_get_contents($templates['error']);
  184. //hinzuf�gen des dynamischen inhalts
  185. $error = preg_replace("/\[\%legend%\]/", "Fehler:", $form);
  186. $fehler = preg_replace("/\[\%content%\]/", $fehler, $error);
  187.  
  188. //domainliste
  189. $container = "";
  190. $domainelments = file_get_contents($templates['user_domain_element']);
  191. $query2 = "SELECT * FROM virtual_domains";
  192. $result2 = mysql_query($query2) or die("Anfrage fehlgeschlagen: " . mysql_error());
  193. while($line = mysql_fetch_array($result2, MYSQL_ASSOC))
  194. {
  195. $Name = $line['name'];
  196. $did = $line['id'];
  197. if ($did == $domain_id)
  198. {
  199. $domain = preg_replace("/\[\%domain\%\]/", $Name, $domainelments);
  200. $domain = preg_replace("/\[\%s\%\]/", "selected", $domain);
  201. $domain = preg_replace("/\[\%id\%\]/", $did, $domain);
  202. }
  203. else
  204. {
  205. $domain = preg_replace("/\[\%domain\%\]/", $Name, $domainelments);
  206. $domain = preg_replace("/\[\%s\%\]/", "", $domain);
  207. $domain = preg_replace("/\[\%id\%\]/", $did, $domain);
  208. }
  209.  
  210. $container .= $domain;
  211. }
  212.  
  213. $form = file_get_contents($templates['user_edit']);
  214. //hinzuf�gen des dynamischen inhalts
  215. $form = preg_replace("/\[\%id\%\]/", $id, $form);
  216. $form = preg_replace("/\[\%Name\%\]/", $fldName, $form);
  217. $form = preg_replace("/\[\%fehler\%\]/", $fehler, $form);
  218. $form = preg_replace("/\[\%delements\%\]/", $container, $form);
  219. $form = preg_replace("/\[\%pw\%\]/", "", $form);
  220. switch ($priv)
  221. {
  222. case 'admin':
  223. $form = preg_replace("/\[\%admin\%\]/", "selected", $form);
  224. $form = preg_replace("/\[\%user\%\]/", "", $form);
  225. break;
  226. case 'user':
  227. $form = preg_replace("/\[\%admin\%\]/", "", $form);
  228. $form = preg_replace("/\[\%user\%\]/", "selected", $form);
  229. break;
  230. }
  231. return $form;
  232. }
  233.  
  234. //speichern
  235. //verschl�sseln
  236. $fldPw = md5($fldPw);
  237.  
  238. //SQl-abfrage erstellen
  239. $query = "UPDATE virtual_users SET user = '$fldName', password = '$fldPw', domain_id = $domain_id WHERE id = '$id'";
  240. $result = mysql_query($query) or die("Anfrage fehlgeschlagen: " . mysql_error());
  241.  
  242. $query = "UPDATE user_priv SET priv = '$priv' WHERE user_id = '$id'";
  243. $result = mysql_query($query) or die("Anfrage fehlgeschlagen: " . mysql_error());
  244.  
  245. $INHALT .= "Datensatz erfolgreich ge�ndert!<br>";
  246. $INHALT .= "<br><a href=\"index.php?link=user\">zur�ck</a><br>";
  247. return $INHALT;
  248. }
  249.  
  250. //user erstellen
  251. function newuser()
  252. {
  253. global $templates;
  254.  
  255. //domainliste
  256. $container = "";
  257. $domainelments = file_get_contents($templates['user_domain_element']);
  258. $query = "SELECT * FROM virtual_domains";
  259. $result = mysql_query($query) or die("Anfrage fehlgeschlagen: " . mysql_error());
  260. while($line = mysql_fetch_array($result, MYSQL_ASSOC))
  261. {
  262. $Name = $line['name'];
  263. $did = $line['id'];
  264. $domain = preg_replace("/\[\%domain\%\]/", $Name, $domainelments);
  265. $domain = preg_replace("/\[\%s\%\]/", "", $domain);
  266. $domain = preg_replace("/\[\%id\%\]/", $did, $domain);
  267. $container .= $domain;
  268. }
  269.  
  270. $form = file_get_contents($templates['user_new']);
  271. //hinzuf�gen des dynamischen inhalts
  272. $form = preg_replace("/\[\%fehler\%\]/", "", $form);
  273. $form = preg_replace("/\[\%delements\%\]/", $container, $form);
  274. $form = preg_replace("/\[\%pw\%\]/", "", $form);
  275. $form = preg_replace("/\[\%name\%\]/", "", $form);
  276. $form = preg_replace("/\[\%admin\%\]/", "", $form);
  277. $form = preg_replace("/\[\%user\%\]/", "", $form);
  278. return $form;
  279.  
  280. }
  281.  
  282. //neuen user speichern
  283. function newusers()
  284. {
  285. global $templates;
  286.  
  287. //werte auslesen
  288. $fldName = $_POST['fldName'];
  289. $fldPw = $_POST['fldPw'];
  290. $fldPw2 = $_POST['fldPw2'];
  291. $priv = $_POST['typ'];
  292. $domain_id = $_POST['domain'];
  293.  
  294. //fehlervariable
  295. $fehler ="";
  296.  
  297. if ($fldName=="")
  298. {
  299. $fehler = "Keine Usernamen angeben!<br>";
  300. }
  301.  
  302. if ($fldPw!=$fldPw2)
  303. {
  304. $fehler .= "Passw�rter stimmen nicht �berein!<br>";
  305. }
  306.  
  307. //�berpr�fen, ob der name schon vorhanden ist
  308. $query = "SELECT count(id) as anzahl FROM virtual_users WHERE user = '$fldName'";
  309. $result = mysql_query($query);
  310. $array = mysql_fetch_array($result, MYSQL_ASSOC);
  311. $anzahl = $array['anzahl'];
  312.  
  313. if($fehler!="")
  314. {
  315. $form = file_get_contents($templates['error']);
  316. //hinzuf�gen des dynamischen inhalts
  317. $error = preg_replace("/\[\%legend%\]/", "Fehler:", $form);
  318. $fehler = preg_replace("/\[\%content%\]/", $fehler, $error);
  319.  
  320. //domainliste
  321. $container = "";
  322. $domainelments = file_get_contents($templates['user_domain_element']);
  323. $query = "SELECT * FROM virtual_domains";
  324. $result = mysql_query($query) or die("Anfrage fehlgeschlagen: " . mysql_error());
  325. while($line = mysql_fetch_array($result, MYSQL_ASSOC))
  326. {
  327. $Name = $line['name'];
  328. $did = $line['id'];
  329. if ($did == $domain_id)
  330. {
  331. $domain = preg_replace("/\[\%domain\%\]/", $Name, $domainelments);
  332. $domain = preg_replace("/\[\%s\%\]/", "selected", $domain);
  333. $domain = preg_replace("/\[\%id\%\]/", $did, $domain);
  334. }
  335. else
  336. {
  337. $domain = preg_replace("/\[\%domain\%\]/", $Name, $domainelments);
  338. $domain = preg_replace("/\[\%s\%\]/", "", $domain);
  339. $domain = preg_replace("/\[\%id\%\]/", $did, $domain);
  340. }
  341.  
  342. $container .= $domain;
  343. }
  344.  
  345. $form = file_get_contents($templates['user_new']);
  346. //hinzuf�gen des dynamischen inhalts
  347. $form = preg_replace("/\[\%delements\%\]/", $container, $form);
  348. $form = preg_replace("/\[\%name\%\]/", $fldName, $form);
  349. $form = preg_replace("/\[\%fehler\%\]/", $fehler, $form);
  350. $form = preg_replace("/\[\%pw\%\]/", "", $form);
  351. switch ($priv)
  352. {
  353. case 'admin':
  354. $form = preg_replace("/\[\%admin\%\]/", "selected", $form);
  355. $form = preg_replace("/\[\%user\%\]/", "", $form);
  356. break;
  357. case 'user':
  358. $form = preg_replace("/\[\%admin\%\]/", "", $form);
  359. $form = preg_replace("/\[\%user\%\]/", "selected", $form);
  360. break;
  361. }
  362.  
  363.  
  364. return $form;
  365. }
  366.  
  367. //speichern
  368. //verschl�sseln
  369. $fldPw = md5($fldPw);
  370.  
  371. //SQl-abfrage erstellen
  372. $query = "INSERT INTO virtual_users (user, password, domain_id) VALUES ('$fldName', '$fldPw', $domain_id)";
  373. $result = mysql_query($query) or die("Anfrage fehlgeschlagen: " . mysql_error());
  374.  
  375. //id heraus suchen
  376. $query = "SELECT id FROM virtual_users WHERE user = '$fldName' AND domain_id = '$domain_id'";
  377. $result = mysql_query($query);
  378. $array = mysql_fetch_array($result, MYSQL_ASSOC);
  379. $id = $array['id'];
  380.  
  381. $query = "INSERT INTO user_priv (user_id, priv) VALUES ('$id', '$priv')";
  382. $result = mysql_query($query) or die("Anfrage fehlgeschlagen: " . mysql_error());
  383.  
  384. $INHALT .= "Datensatz erfolgreich erstellt!<br>";
  385. $INHALT .= "<br><a href=\"index.php?link=user\">zur�ck</a><br>";
  386. return $INHALT;
  387. }
  388.  
  389. //user l�schen nachfragen
  390. function deleteuser($id)
  391. {
  392. global $templates;
  393.  
  394. //Abfrage f�r den Namen
  395. $query = "SELECT virtual_users.id as vid, virtual_users.user, virtual_users.password, user_priv.priv FROM virtual_users right outer join user_priv on user_priv.user_id = virtual_users.id where virtual_users.id = '$id'";
  396. $result = mysql_query($query);
  397. $array = mysql_fetch_array($result, MYSQL_ASSOC);
  398. $Name = $array['user'];
  399. $priv = $array['priv'];
  400.  
  401. //verhindern, dass der letzte admin gel�scht wird!
  402. if($priv=='admin')
  403. {
  404. $query = "SELECT count(id) as Anzahl FROM user_priv WHERE priv like 'admin'";
  405. $result = mysql_query($query);
  406. $array = mysql_fetch_array($result, MYSQL_ASSOC);
  407. $anzahl = $array['Anzahl'];
  408.  
  409. if($anzahl == 1)
  410. {
  411. $antwort = "Der letzte Admin \"".$Name."\" kann nicht gel�scht werden.<br>";
  412. $antwort .= "<br><a href=\"index.php?link=user\">zur�ck</a><br>";
  413. return $antwort;
  414. }
  415.  
  416. }
  417.  
  418.  
  419.  
  420. //template
  421. $form = file_get_contents($templates['user_delete']);
  422. //hinzuf�gen des dynamischen inhalts
  423. $form = preg_replace("/\[\%user\%\]/", $Name, $form);
  424. $form = preg_replace("/\[\%id\%\]/", $id, $form);
  425.  
  426. //r�ckgabe
  427. return $form;
  428. }
  429.  
  430. //user l�schen
  431. function deleteusera($id)
  432. {
  433. $query = "DELETE FROM virtual_users WHERE id = '$id' limit 1";
  434.  
  435. //Datenbank updaten
  436. $result = mysql_query($query) or die("Anfrage fehlgeschlagen:<br> " . mysql_error());
  437.  
  438. $query = "DELETE FROM user_priv WHERE user_id = '$id' limit 1";
  439.  
  440. //Datenbank updaten
  441. $result = mysql_query($query) or die("Anfrage fehlgeschlagen:<br> " . mysql_error());
  442.  
  443. $INHALT .= "Datensatz erfolgreich gel�scht!<br>";
  444.  
  445.  
  446. //zur�ck link einf�gen
  447. $INHALT .= "<br><a href=\"index.php?link=user\">zur�ck</a><br>";
  448.  
  449. //r�ckgabe
  450. return $INHALT;
  451. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!