function access($rechte) { global $db; if (isset($_SESSION['ID']) && isset($_SESSION['name']) && isset($_SESSION['rechte']) && isset($_SESSION['password']) && $_SESSION['status'] == "logged_in") { $result = get_table_where("benutzer", "*", "NAME = '" . $_SESSION['name'] . "' \n\t\t\t\t\t\t\t\t\t\t\t\tAND PASSWORT = '" . $_SESSION['password'] . "'"); if ($result->num_rows == 1) { if ($rechte <= $_SESSION["rechte"]) { return true; } else { return false; } } else { return false; } } else { return false; } }
<?php //teilnehmen.php ob_start(); session_start(); include "../includes/dbconnect.php"; include "../includes/functions.php"; if (access(0)) { $heute = date("Y-m-d"); $result = get_table_where("teilnahmen", "*", "BENUTZERID = '" . $_SESSION['ID'] . "' \n\t\t\t\t\t\t\t\t\t\t\t AND EVENTID = '" . $_GET['event'] . "'"); if ($result->num_rows == 1) { echo "Nicht erfolgreich"; } else { $sql = 'INSERT INTO teilnahmen(BENUTZERID, EVENTID, TEILNAHME, DATUM) VALUES ("' . $_SESSION['ID'] . '","' . $_GET['event'] . '","' . $_GET['set'] . '", "' . $heute . '");'; $result = $db->query($sql); if (!$result) { die('Etwas stimmte mit dem Query nicht: ' . $db->error); } var_dump($db, $result); } header('Location:../index.php'); } ?>
if ($events_array[$i]['Teilnehmer'][$userids[$k]]['ok'] == 1) { $tabelle[$k][$i + 1] = new participation_output("ok", "JA", date("d.m.y", strtotime($events_array[$i]['Teilnehmer'][$userids[$k]]['datum']))); $anzahl_teilnahmen++; } else { $tabelle[$k][$i + 1] = new participation_output("not_ok", "NEIN", date("d.m.y", strtotime($events_array[$i]['Teilnehmer'][$userids[$k]]['datum']))); } } else { $tabelle[$k][$i + 1] = new participation_output("", "", ""); } } if ($anzahl_teilnahmen >= $events_array[$i]['ANZAHL']) { $tabelle[$k][$i + 1] = new count_output($anzahl_teilnahmen, "TRUE"); } else { $tabelle[$k][$i + 1] = new count_output($anzahl_teilnahmen, "FALSE"); } $result = get_table_where("kommentare", "*", "`EVENTID` = '" . $events_array[$i]['ID'] . "'"); $anzahl_kommentare = $result->num_rows; $tabelle[$k + 1][$i + 1] = new comments_link_output($anzahl_kommentare, $events_array[$i]['ID']); } //Anzahl der angezeigten Events anzeigen $anzeigen = 3; if ($anzahl_events < $anzeigen && !isset($_GET['more'])) { $anzeigen = $anzahl_events; } if (isset($_GET['more'])) { $anzeigen = $_GET['more']; if ($anzeigen > $anzahl_events) { $anzeigen = $anzahl_events; } } if ($anzeigen < 0) {
<?php //usercp/aendern_form.php session_start(); include "../includes/dbconnect.php"; include "../includes/functions.php"; $result = get_table_where("events", "*", "ID = '" . $_GET['event'] . "'"); while ($row = $result->fetch_assoc()) { $event = $row; } if ($event['BESITZERID'] != $_SESSION['ID']) { die("KEIN MISSBRAUCH!!!!!!!!!!!"); } //header einfügen $seite = "Eventplaner"; include "../templates/overall_header.php"; ?> <h2> User-Control-Panel </h2> <h4> Event bearbeiten</h4> <form action="functions/aendern.php" method="post" name="input"> <input type="hidden" value="<?php echo $_GET['event']; ?> " class="textfeld" size="17" name="id"> <table> <tr> <td>Event</td> <td><input type="text" value="<?php echo $event['EVENT'];
<?php //usercp/email_aendern.php ob_start(); session_start(); require_once "../../includes/dbconnect.php"; require_once "../../includes/functions.php"; if (!access(0)) { die; } $result = get_table_where("benutzer", "*", "ID = " . $_SESSION['ID'] . " "); if ($result->num_rows) { $passwort = md5($_POST['neu']); $sql = "UPDATE benutzer \n\t\t\t\t\tSET EMAIL = '" . $_POST['email'] . "' \n\t\t\t\t\tWHERE ID = " . $_SESSION['ID'] . " \n\t\t\t\t\tLIMIT 1"; $result = $db->query($sql); header('Location:../index.php'); } else { die("Es ein Fehler unterlaufen"); }
<?php //kommentare.php session_start(); require_once "includes/dbconnect.php"; require_once "includes/functions.php"; if (!access(0)) { die; } $output = array(); $event = ""; $result2 = get_table_where("events", "*", "`ID` = " . $_GET['id'] . ""); while ($row2 = $result2->fetch_assoc()) { $event = $row2['EVENT']; } $result = get_table_where_order("kommentare", "*", "`EVENTID` = " . $_GET['id'] . "", " `DATUM` DESC"); while ($row = $result->fetch_assoc()) { $name = ""; $result2 = get_table_where("benutzer", "*", "`ID` = " . $row['BENUTZERID'] . ""); while ($row2 = $result2->fetch_assoc()) { $name = $row2['NAME']; } $output[] = array("name" => $name, "comment" => $row['KOMMENTAR']); } //OUTPUT include "templates/comments.php"; ?>
<?php // index.php ob_start(); session_start(); require_once "includes/dbconnect.php"; require_once "includes/functions.php"; //Datum herrausfinden date_default_timezone_set("Europe/Paris"); $heute = date("Y-m-d"); if (isset($_POST['name']) && isset($_POST['password'])) { if (trim($_POST['name']) != "" || trim($_POST['password']) != "") { $result = get_table_where("benutzer", "*", "NAME = '" . $_POST['name'] . "' \n\t\t\t\t\t\t\t\t\t\t\t\tAND PASSWORT = '" . md5($_POST['password']) . "'"); if ($result->num_rows == 1) { while ($row = $result->fetch_assoc()) { $_SESSION['ID'] = $row['ID']; $_SESSION['rechte'] = $row['RECHTE']; $_SESSION['email'] = $row['EMAIL']; } $_SESSION['name'] = $_POST['name']; $_SESSION['password'] = md5($_POST['password']); $_SESSION['status'] = "logged_in"; } else { $_SESSION['status'] = "failed"; } } else { $_SESSION['status'] = "failed"; } } if ($_SESSION['status'] == "failed") { echo "<h1>Die Eingaben waren falsch!</h1>";
case "teilnahme": $sort_after = "teilnahme"; $sort = "ID ASC"; break; default: $sort = "ID ASC"; } $result = get_table("benutzer", "*", $sort); $benutzer_array = array(); $anzahl_benutzer = $result->num_rows; while ($row = $result->fetch_assoc()) { $benutzer_array[$row['ID']]['id'] = $row['ID']; $benutzer_array[$row['ID']]['name'] = $row['NAME']; $result2 = get_table_where("events", "*", "`BESITZERID` = " . $row['ID'] . " "); $benutzer_array[$row['ID']]['events'] = $result2->num_rows; $result2 = get_table_where("teilnahmen", "*", "`BENUTZERID` = " . $row['ID'] . " AND `TEILNAHME` = 1 "); $benutzer_array[$row['ID']]['teilnahmen'] = $result2->num_rows; $alt = strtotime($row['LAST_LOGIN']); $aktuell = strtotime($heute); $differenz = $aktuell - $alt; $differenz = $differenz / 86400; $benutzer_array[$row['ID']]['last_login'] = ""; $benutzer_array[$row['ID']]['last_login'] .= $differenz . " Tage"; } $temp_benutzer_array = array(); if ($sort_after == "events") { for ($i = 0; $i < $anzahl_benutzer; $i++) { $max = -1; $max_id = -1; foreach ($benutzer_array as $benutzer) { if ($benutzer['events'] > $max) {
<?php //usercp/passwort.php ob_start(); session_start(); require_once "../../includes/dbconnect.php"; require_once "../../includes/functions.php"; if (!access(0)) { die; } $result = get_table_where("benutzer", "*", "ID = " . $_SESSION['ID'] . " AND PASSWORT = '" . md5($_POST['alt']) . "'"); if ($result->num_rows) { if (isset($_POST['neu']) && $_POST['neu'] == $_POST['nochmal']) { $passwort = md5($_POST['neu']); $sql = "UPDATE benutzer \n\t\t\t\t\tSET PASSWORT = '" . $passwort . "' \n\t\t\t\t\tWHERE ID = " . $_SESSION['ID'] . " \n\t\t\t\t\tLIMIT 1"; $result = $db->query($sql); $_SESSION['password'] = $passwort; header('Location:../index.php'); } else { die("Die Passwörter stimmen nicht überein"); } } else { die("Das alte Passwort wurde falsch eingegeben"); }
//usercp/ausgabe.php //Zeit herausfinden date_default_timezone_set("Europe/Paris"); $heute = date("Y-m-d"); //Events abrufen, nur events in der zukunft $result = get_table_where_order("events", "*", "`events`.`DATUM` >= '" . $heute . "' AND BESITZERID = '" . $_SESSION['ID'] . "'", "`events`.`DATUM` ASC"); $anzahl_events = $result->num_rows; $events_array = array(); //Inhalt der Datenbank in ein Array schreiben //Zu jedem Event abfragen wer sich beteiligt $count = 0; while ($row = $result->fetch_assoc()) { $events_array[$count] = $row; $result2 = get_table_where("teilnahmen", "*", "`EVENTID` = " . $row['ID'] . " "); $events_array[$count]['teilnahmen'] = $result2->num_rows; $count++; } for ($i = 0; $i < $anzahl_events; $i++) { $event_object = new usercp_event_output($events_array[$i]['EVENT'], $events_array[$i]['ORT'], date("d.m.y", strtotime($events_array[$i]['DATUM'])), $events_array[$i]['UHRZEIT'], $events_array[$i]['teilnahmen'], $events_array[$i]['ANZAHL'], $events_array[$i]['ANMERKUNG'], $events_array[$i]['ID']); //String in Tabelle einfügen $tabelle[] = $event_object; } //Status $results = get_table_where("benutzer", "STATUS, AWAY", "ID = '" . $_SESSION['ID'] . "'"); while ($row = $results->fetch_assoc()) { $status = $row['STATUS']; $away = $row['AWAY']; } //Ausgabe include "templates/usercp.php";
<?php //ausgabe_profil.php session_start(); require_once "includes/dbconnect.php"; require_once "includes/functions.php"; require_once "includes/constant.php"; if (!access(0)) { die; } $results = get_table_where("benutzer", "*", "ID = '" . $_GET['user'] . "'"); while ($row = $results->fetch_assoc()) { $user = $row['NAME']; $email = $row['EMAIL']; $rechte = $row['RECHTE']; $icq = $row['ICQ']; $status = $row['STATUS']; $away = $row['AWAY']; } if ($rechte == 1) { $rang = "Admin"; } else { $rang = "Mitglied"; } //AUSGABE ?> <?php //header einfügen $seite = "Profil von " . $user; include "templates/overall_header.php";