function access($rechte)
{
global $db;
if (isset($_SESSION['ID']) && isset($_SESSION['name']) && isset($_SESSION['rechte']) && isset($_SESSION['password']) && $_SESSION['status'] == "logged_in") {
$result = get_table_where("benutzer", "*", "NAME = '" . $_SESSION['name'] . "' \n\t\t\t\t\t\t\t\t\t\t\t\tAND PASSWORT = '" . $_SESSION['password'] . "'");
if ($result->num_rows == 1) {
if ($rechte <= $_SESSION["rechte"]) {
return true;
} else {
return false;
}
} else {
return false;
}
} else {
return false;
}
}
<?php
//teilnehmen.php
ob_start();
session_start();
include "../includes/dbconnect.php";
include "../includes/functions.php";
if (access(0)) {
$heute = date("Y-m-d");
$result = get_table_where("teilnahmen", "*", "BENUTZERID = '" . $_SESSION['ID'] . "' \n\t\t\t\t\t\t\t\t\t\t\t AND EVENTID = '" . $_GET['event'] . "'");
if ($result->num_rows == 1) {
echo "Nicht erfolgreich";
} else {
$sql = 'INSERT INTO
teilnahmen(BENUTZERID, EVENTID, TEILNAHME, DATUM)
VALUES
("' . $_SESSION['ID'] . '","' . $_GET['event'] . '","' . $_GET['set'] . '", "' . $heute . '");';
$result = $db->query($sql);
if (!$result) {
die('Etwas stimmte mit dem Query nicht: ' . $db->error);
}
var_dump($db, $result);
}
header('Location:../index.php');
}
?>
if ($events_array[$i]['Teilnehmer'][$userids[$k]]['ok'] == 1) {
$tabelle[$k][$i + 1] = new participation_output("ok", "JA", date("d.m.y", strtotime($events_array[$i]['Teilnehmer'][$userids[$k]]['datum'])));
$anzahl_teilnahmen++;
} else {
$tabelle[$k][$i + 1] = new participation_output("not_ok", "NEIN", date("d.m.y", strtotime($events_array[$i]['Teilnehmer'][$userids[$k]]['datum'])));
}
} else {
$tabelle[$k][$i + 1] = new participation_output("", "", "");
}
}
if ($anzahl_teilnahmen >= $events_array[$i]['ANZAHL']) {
$tabelle[$k][$i + 1] = new count_output($anzahl_teilnahmen, "TRUE");
} else {
$tabelle[$k][$i + 1] = new count_output($anzahl_teilnahmen, "FALSE");
}
$result = get_table_where("kommentare", "*", "`EVENTID` = '" . $events_array[$i]['ID'] . "'");
$anzahl_kommentare = $result->num_rows;
$tabelle[$k + 1][$i + 1] = new comments_link_output($anzahl_kommentare, $events_array[$i]['ID']);
}
//Anzahl der angezeigten Events anzeigen
$anzeigen = 3;
if ($anzahl_events < $anzeigen && !isset($_GET['more'])) {
$anzeigen = $anzahl_events;
}
if (isset($_GET['more'])) {
$anzeigen = $_GET['more'];
if ($anzeigen > $anzahl_events) {
$anzeigen = $anzahl_events;
}
}
if ($anzeigen < 0) {
<?php
//usercp/aendern_form.php
session_start();
include "../includes/dbconnect.php";
include "../includes/functions.php";
$result = get_table_where("events", "*", "ID = '" . $_GET['event'] . "'");
while ($row = $result->fetch_assoc()) {
$event = $row;
}
if ($event['BESITZERID'] != $_SESSION['ID']) {
die("KEIN MISSBRAUCH!!!!!!!!!!!");
}
//header einfügen
$seite = "Eventplaner";
include "../templates/overall_header.php";
?>
<h2> User-Control-Panel </h2>
<h4> Event bearbeiten</h4>
<form action="functions/aendern.php" method="post" name="input">
<input type="hidden" value="<?php
echo $_GET['event'];
?>
" class="textfeld" size="17" name="id">
<table>
<tr>
<td>Event</td>
<td><input type="text" value="<?php
echo $event['EVENT'];
<?php
//usercp/email_aendern.php
ob_start();
session_start();
require_once "../../includes/dbconnect.php";
require_once "../../includes/functions.php";
if (!access(0)) {
die;
}
$result = get_table_where("benutzer", "*", "ID = " . $_SESSION['ID'] . " ");
if ($result->num_rows) {
$passwort = md5($_POST['neu']);
$sql = "UPDATE benutzer \n\t\t\t\t\tSET EMAIL = '" . $_POST['email'] . "' \n\t\t\t\t\tWHERE ID = " . $_SESSION['ID'] . " \n\t\t\t\t\tLIMIT 1";
$result = $db->query($sql);
header('Location:../index.php');
} else {
die("Es ein Fehler unterlaufen");
}
<?php
//kommentare.php
session_start();
require_once "includes/dbconnect.php";
require_once "includes/functions.php";
if (!access(0)) {
die;
}
$output = array();
$event = "";
$result2 = get_table_where("events", "*", "`ID` = " . $_GET['id'] . "");
while ($row2 = $result2->fetch_assoc()) {
$event = $row2['EVENT'];
}
$result = get_table_where_order("kommentare", "*", "`EVENTID` = " . $_GET['id'] . "", " `DATUM` DESC");
while ($row = $result->fetch_assoc()) {
$name = "";
$result2 = get_table_where("benutzer", "*", "`ID` = " . $row['BENUTZERID'] . "");
while ($row2 = $result2->fetch_assoc()) {
$name = $row2['NAME'];
}
$output[] = array("name" => $name, "comment" => $row['KOMMENTAR']);
}
//OUTPUT
include "templates/comments.php";
?>
<?php
// index.php
ob_start();
session_start();
require_once "includes/dbconnect.php";
require_once "includes/functions.php";
//Datum herrausfinden
date_default_timezone_set("Europe/Paris");
$heute = date("Y-m-d");
if (isset($_POST['name']) && isset($_POST['password'])) {
if (trim($_POST['name']) != "" || trim($_POST['password']) != "") {
$result = get_table_where("benutzer", "*", "NAME = '" . $_POST['name'] . "' \n\t\t\t\t\t\t\t\t\t\t\t\tAND PASSWORT = '" . md5($_POST['password']) . "'");
if ($result->num_rows == 1) {
while ($row = $result->fetch_assoc()) {
$_SESSION['ID'] = $row['ID'];
$_SESSION['rechte'] = $row['RECHTE'];
$_SESSION['email'] = $row['EMAIL'];
}
$_SESSION['name'] = $_POST['name'];
$_SESSION['password'] = md5($_POST['password']);
$_SESSION['status'] = "logged_in";
} else {
$_SESSION['status'] = "failed";
}
} else {
$_SESSION['status'] = "failed";
}
}
if ($_SESSION['status'] == "failed") {
echo "<h1>Die Eingaben waren falsch!</h1>";
case "teilnahme":
$sort_after = "teilnahme";
$sort = "ID ASC";
break;
default:
$sort = "ID ASC";
}
$result = get_table("benutzer", "*", $sort);
$benutzer_array = array();
$anzahl_benutzer = $result->num_rows;
while ($row = $result->fetch_assoc()) {
$benutzer_array[$row['ID']]['id'] = $row['ID'];
$benutzer_array[$row['ID']]['name'] = $row['NAME'];
$result2 = get_table_where("events", "*", "`BESITZERID` = " . $row['ID'] . " ");
$benutzer_array[$row['ID']]['events'] = $result2->num_rows;
$result2 = get_table_where("teilnahmen", "*", "`BENUTZERID` = " . $row['ID'] . " AND `TEILNAHME` = 1 ");
$benutzer_array[$row['ID']]['teilnahmen'] = $result2->num_rows;
$alt = strtotime($row['LAST_LOGIN']);
$aktuell = strtotime($heute);
$differenz = $aktuell - $alt;
$differenz = $differenz / 86400;
$benutzer_array[$row['ID']]['last_login'] = "";
$benutzer_array[$row['ID']]['last_login'] .= $differenz . " Tage";
}
$temp_benutzer_array = array();
if ($sort_after == "events") {
for ($i = 0; $i < $anzahl_benutzer; $i++) {
$max = -1;
$max_id = -1;
foreach ($benutzer_array as $benutzer) {
if ($benutzer['events'] > $max) {
<?php
//usercp/passwort.php
ob_start();
session_start();
require_once "../../includes/dbconnect.php";
require_once "../../includes/functions.php";
if (!access(0)) {
die;
}
$result = get_table_where("benutzer", "*", "ID = " . $_SESSION['ID'] . " AND PASSWORT = '" . md5($_POST['alt']) . "'");
if ($result->num_rows) {
if (isset($_POST['neu']) && $_POST['neu'] == $_POST['nochmal']) {
$passwort = md5($_POST['neu']);
$sql = "UPDATE benutzer \n\t\t\t\t\tSET PASSWORT = '" . $passwort . "' \n\t\t\t\t\tWHERE ID = " . $_SESSION['ID'] . " \n\t\t\t\t\tLIMIT 1";
$result = $db->query($sql);
$_SESSION['password'] = $passwort;
header('Location:../index.php');
} else {
die("Die Passwörter stimmen nicht überein");
}
} else {
die("Das alte Passwort wurde falsch eingegeben");
}
//usercp/ausgabe.php
//Zeit herausfinden
date_default_timezone_set("Europe/Paris");
$heute = date("Y-m-d");
//Events abrufen, nur events in der zukunft
$result = get_table_where_order("events", "*", "`events`.`DATUM` >= '" . $heute . "' AND BESITZERID = '" . $_SESSION['ID'] . "'", "`events`.`DATUM` ASC");
$anzahl_events = $result->num_rows;
$events_array = array();
//Inhalt der Datenbank in ein Array schreiben
//Zu jedem Event abfragen wer sich beteiligt
$count = 0;
while ($row = $result->fetch_assoc()) {
$events_array[$count] = $row;
$result2 = get_table_where("teilnahmen", "*", "`EVENTID` = " . $row['ID'] . " ");
$events_array[$count]['teilnahmen'] = $result2->num_rows;
$count++;
}
for ($i = 0; $i < $anzahl_events; $i++) {
$event_object = new usercp_event_output($events_array[$i]['EVENT'], $events_array[$i]['ORT'], date("d.m.y", strtotime($events_array[$i]['DATUM'])), $events_array[$i]['UHRZEIT'], $events_array[$i]['teilnahmen'], $events_array[$i]['ANZAHL'], $events_array[$i]['ANMERKUNG'], $events_array[$i]['ID']);
//String in Tabelle einfügen
$tabelle[] = $event_object;
}
//Status
$results = get_table_where("benutzer", "STATUS, AWAY", "ID = '" . $_SESSION['ID'] . "'");
while ($row = $results->fetch_assoc()) {
$status = $row['STATUS'];
$away = $row['AWAY'];
}
//Ausgabe
include "templates/usercp.php";
<?php
//ausgabe_profil.php
session_start();
require_once "includes/dbconnect.php";
require_once "includes/functions.php";
require_once "includes/constant.php";
if (!access(0)) {
die;
}
$results = get_table_where("benutzer", "*", "ID = '" . $_GET['user'] . "'");
while ($row = $results->fetch_assoc()) {
$user = $row['NAME'];
$email = $row['EMAIL'];
$rechte = $row['RECHTE'];
$icq = $row['ICQ'];
$status = $row['STATUS'];
$away = $row['AWAY'];
}
if ($rechte == 1) {
$rang = "Admin";
} else {
$rang = "Mitglied";
}
//AUSGABE
?>
<?php
//header einfügen
$seite = "Profil von " . $user;
include "templates/overall_header.php";
