function edit() { global $mainframe, $option; $db =& JFactory::getDBO(); $user =& JFactory::getUser(); $task = JRequest::getVar('task'); $cid = JRequest::getVar('cid', array(0), '', 'array'); $option = JRequest::getCmd('option'); $section = JRequest::getVar('section'); JArrayHelper::toInteger($cid, array(0)); // Prüfen ob User Berechtigung zum editieren hat // $row =& JTable::getInstance('users', 'TableCLM'); $row->load($cid[0]); $id = $row->jid; $jid = $user->get('id'); $gid = $user->get('gid'); $sid = $row->sid; // illegaler Einbruchversuch über URL ! // evtl. mitschneiden !?! $saison =& JTable::getInstance('saisons', 'TableCLM'); $saison->load($sid); if ($saison->archiv == "1" and CLM_usertype !== 'admin') { JError::raiseWarning(500, JText::_('USERS_USER_BEAR')); $mainframe->redirect('index.php?option=' . $option . '§ion=' . $section, $msg); } if ($cid[0] == "" and $task == 'edit') { JError::raiseWarning(500, JText::_('USERS_FALSCH')); $mainframe->redirect('index.php?option=' . $option . '§ion=' . $section, $msg); } $acl =& JFactory::getACL(); $objectID = $acl->get_object_id('users', $id, 'ARO'); $groups = $acl->get_object_groups($objectID, 'ARO'); $this_group = strtolower($acl->get_group_name($groups[0], 'ARO')); // User 62 (1. Superadmin) kann von niemanden geändert werden $user_publish = new JUser($id); if ($user_publish->get('id') == 62 and $user->get('id') != 62) { JError::raiseWarning(500, JText::_('USERS_USER_NO')); $link = 'index.php?option=' . $option . '§ion=' . $section; $mainframe->redirect($link, $msg); } // Es können keine Admin / Superadmin geändert werden von nicht-Superadmin-User if ($user_publish->get('gid') > 23 and $gid < 25) { JError::raiseWarning(500, JText::_('USERS_NO_JOMMLA_ADMIN')); $link = 'index.php?option=' . $option . '§ion=' . $section; $mainframe->redirect($link, $msg); } // User kann nur niedrigere CLM-Berechtigungen ändern $sql = "SELECT usertype, user_clm, jid FROM #__clm_user WHERE jid =" . $jid; $db->setQuery($sql); $clmuser = $db->loadObjectList(); if ($clmuser[0]->user_clm <= $row->user_clm and $jid != $row->jid and $gid != 25) { JError::raiseWarning(500, JText::_('USERS_BENUTZER')); $link = 'index.php?option=' . $option . '§ion=' . $section; $mainframe->redirect($link, $msg); } if ($task == 'edit') { // do stuff for existing records $row->checkout($user->get('id')); } else { // do stuff for new records $row->published = 0; $row->aktive = 0; } // Vereinefilter laden require_once JPATH_COMPONENT . DS . 'controllers' . DS . 'filter_vereine.php'; $vereinlist = CLMFilterVerein::vereine_filter(0); $filter_vid = $mainframe->getUserStateFromRequest("{$option}.filter_vid", 'filter_vid', 0, 'string'); if ($filter_vid != "0") { $lists['verein'] = JHTML::_('select.genericlist', $vereinlist, 'zps', 'class="inputbox" size="1"', 'zps', 'name', $filter_vid); } else { $lists['verein'] = JHTML::_('select.genericlist', $vereinlist, 'zps', 'class="inputbox" size="1"', 'zps', 'name', $row->zps); } // Publishliste $lists['published'] = JHTML::_('select.booleanlist', 'published', 'class="inputbox"', $row->published); // Saisonliste if ($task == "edit") { $sql = 'SELECT id as sid, name FROM #__clm_saison WHERE id=' . $sid; } else { $sql = 'SELECT id as sid, name FROM #__clm_saison WHERE archiv =0'; } $db->setQuery($sql); if (!$db->query()) { $this->setRedirect('index.php?option=' . $option . '§ion=' . $section); return JError::raiseWarning(500, $db->getErrorMsg()); } if ($task != "edit") { $saisonlist[] = JHTML::_('select.option', '0', JText::_('USERS_SAISON'), 'sid', 'name'); $saisonlist = array_merge($saisonlist, $db->loadObjectList()); } else { $saisonlist = $db->loadObjectList(); } $lists['saison'] = JHTML::_('select.genericlist', $saisonlist, 'sid', 'class="inputbox" size="1"', 'sid', 'name', $row->sid); // Joomla Nutzer ohne CLM Account $sql = " SELECT u.* FROM #__users as u " . " LEFT JOIN #__clm_user as a ON u.id = a.jid " . " WHERE a.name IS NULL"; $db->setQuery($sql); if (!$db->query()) { $this->setRedirect('index.php?option=' . $option . '§ion=' . $section); return JError::raiseWarning(500, $db->getErrorMsg()); } $jid_list[] = JHTML::_('select.option', '0', JText::_('USERS_USER_AUSW'), 'id', 'name'); $jid_list = array_merge($jid_list, $db->loadObjectList()); $lists['jid'] = JHTML::_('select.genericlist', $jid_list, 'pid', 'class="inputbox" size="1"', 'id', 'name', $row->jid); // Funktionsliste // sich selbst bearbeiten if ($row->jid == $jid) { $sql = "SELECT user_clm as user_clm, name " . " FROM #__clm_usertype WHERE user_clm < " . ($clmuser[0]->user_clm + 1); } else { // Admin if ($clmuser[0]->usertype == 'admin') { $sql = "SELECT user_clm as user_clm, name " . " FROM #__clm_usertype "; } else { $sql = "SELECT user_clm as user_clm, name " . " FROM #__clm_usertype WHERE user_clm < " . $clmuser[0]->user_clm; } } $db->setQuery($sql); if (!$db->query()) { $this->setRedirect('index.php?option=' . $option . '§ion=' . $section); return JError::raiseWarning(500, $db->getErrorMsg()); } $usertypelist[] = JHTML::_('select.option', '0', JText::_('USERS_TYP'), 'user_clm', 'name'); $usertypelist = array_merge($usertypelist, $db->loadObjectList()); $lists['user_clm'] = JHTML::_('select.genericlist', $usertypelist, 'user_clm', 'class="inputbox" size="1"', 'user_clm', 'name', $row->user_clm); require_once JPATH_COMPONENT . DS . 'views' . DS . 'users.php'; CLMViewUsers::user($row, $lists, $option); }
function edit() { $mainframe = JFactory::getApplication(); $db = JFactory::getDBO(); $user = JFactory::getUser(); $task = JRequest::getVar('task'); $cid = JRequest::getVar('cid', array(0), '', 'array'); $option = JRequest::getCmd('option'); $section = JRequest::getVar('section'); JArrayHelper::toInteger($cid, array(0)); // Prüfen ob User Berechtigung zum editieren hat // $row = JTable::getInstance('users', 'TableCLM'); $row->load($cid[0]); $id = $row->jid; $jid = $user->get('id'); //$gid = key($user->get('groups')); // 6 = Manager ; 7 = Admin; 8 = Superadmin ; 2= registered // mit key wird hier nur der erste Schluessel (nicht content, obwohl derzeit identisch!) // geliefert, beim späteren Zurückschreiben fehlen dann alle weiteren Rechte. // besser also folgende Version nutzen: $gids = $user->get('groups'); $gid = 0; foreach ($gids as $key => $value) { $ivalue = intval($value); if ($ivalue == 2 || $ivalue == 6 || $ivalue == 7 || $ivalue == 8) { if ($ivalue > $gid) { // Reihenfolge der Values von oben beachten ! $gid = $ivalue; } } } $sid = $row->sid; $clmAccess = clm_core::$access; $usertypestring = $clmAccess->usertypelist(); // usertypes, die der aktive user ändern darf // illegaler Einbruchversuch über URL ! // evtl. mitschneiden !?! $saison = JTable::getInstance('saisons', 'TableCLM'); $saison->load($sid); if ($task != 'add' && $saison->published == "0" && $clmAccess->access('BE_user_general')) { JError::raiseWarning(500, JText::_('USERS_USER_BEAR')); $mainframe->redirect('index.php?option=' . $option . '§ion=' . $section, $msg, "message"); } if ($cid[0] == "" and $task == 'edit') { JError::raiseWarning(500, JText::_('USERS_FALSCH')); $mainframe->redirect('index.php?option=' . $option . '§ion=' . $section, $msg, "message"); } $user_publish = new JUser($id); // Es können keine Admin / Superadmin geändert werden von nicht-Superadmin-User // Fehler: get('gid') existiert nicht mehr // also erst wie oben gid laden, dann mit neuer gid prüfen //if ( $user_publish->get('gid') > 6 AND $gid < 8 ) $newgid = 0; $newgids = $user_publish->get('groups'); foreach ($newgids as $key => $value) { $ivalue = intval($value); if ($ivalue == 2 || $ivalue == 6 || $ivalue == 7 || $ivalue == 8) { if ($ivalue > $newgid) { // Reihenfolge der Values von oben beachten ! $newgid = $ivalue; } } } if ($newgid > 6 and $gid < 8) { JError::raiseWarning(500, JText::_('USERS_NO_JOMMLA_ADMIN')); $link = 'index.php?option=' . $option . '§ion=' . $section; $mainframe->redirect($link, $msg, "message"); } if (!$clmAccess->compare($row->usertype)) { JError::raiseWarning(500, JText::_('USERS_BENUTZER')); $link = 'index.php?option=' . $option . '§ion=' . $section; $mainframe->redirect($link, $msg, "message"); } if ($task == 'edit') { // do stuff for existing records $row->checkout($user->get('id')); } else { // do stuff for new records $row->published = 0; $row->aktive = 0; } // Vereinefilter laden $vereinlist = CLMFilterVerein::vereine_filter(0); $filter_vid = $mainframe->getUserStateFromRequest("{$option}.filter_vid", 'filter_vid', 0, 'string'); if ($filter_vid != "0") { $lists['verein'] = JHTML::_('select.genericlist', $vereinlist, 'zps', 'class="inputbox" size="1"', 'zps', 'name', $filter_vid); } else { $lists['verein'] = JHTML::_('select.genericlist', $vereinlist, 'zps', 'class="inputbox" size="1"', 'zps', 'name', $row->zps); } // Publishliste $lists['published'] = JHTML::_('select.booleanlist', 'published', 'class="inputbox"', $row->published); // Saisonliste if ($task == "edit") { $season_list[] = JHTML::_('select.option', $sid, clm_core::$db->saison->get($sid)->name, 'sid', 'name'); $lists['saison'] = JHTML::_('select.genericlist', $season_list, 'sid', 'class="inputbox" size="1"', 'sid', 'name', $row->sid); $sql = " SELECT u.* FROM #__users as u " . " LEFT JOIN #__clm_user as a ON u.id = a.jid AND a.sid IN ('" . $sid . "')" . " WHERE a.name IS NULL"; } else { $season_list[] = JHTML::_('select.option', clm_core::$access->getSeason(), clm_core::$db->saison->get(clm_core::$access->getSeason())->name, 'sid', 'name'); $lists['saison'] = JHTML::_('select.genericlist', $season_list, 'sid', 'class="inputbox" size="1"', 'sid', 'name', clm_core::$access->getSeason()); $sql = " SELECT u.* FROM #__users as u " . " LEFT JOIN #__clm_user as a ON u.id = a.jid AND a.sid IN ('" . clm_core::$access->getSeason() . "')" . " WHERE a.name IS NULL"; } $db->setQuery($sql); if (!$db->query()) { $this->setRedirect('index.php?option=' . $option . '§ion=' . $section); return JError::raiseWarning(500, $db->getErrorMsg()); } $jid_list[] = JHTML::_('select.option', '0', JText::_('USERS_USER_AUSW'), 'id', 'name'); $jid_list = array_merge($jid_list, $db->loadObjectList()); $lists['jid'] = JHTML::_('select.genericlist', $jid_list, 'pid', 'class="inputbox" size="1"', 'id', 'name', $row->jid); // Funktionsliste $sql = 'SELECT usertype, name FROM #__clm_usertype '; $sql .= ' WHERE published = 1 '; if ($usertypestring != "") { $sql .= 'AND usertype OUT (' . $usertypestring . ' ) '; } $sql .= ' ORDER BY ordering '; $db->setQuery($sql); $usertypelist[] = JHTML::_('select.option', '', JText::_('USERS_TYP'), 'usertype', 'name'); $usertypelist = array_merge($usertypelist, $db->loadObjectList()); $lists['usertype'] = JHTML::_('select.genericlist', $usertypelist, 'usertype', 'class="inputbox" size="1"', 'usertype', 'name', $row->usertype); require_once JPATH_COMPONENT . DS . 'views' . DS . 'users.php'; CLMViewUsers::user($row, $lists, $option); }
public static function user(&$row, $lists, $option) { CLMViewUsers::setUserToolbar(); JRequest::setVar('hidemainmenu', 1); JFilterOutput::objectHTMLSafe($row, ENT_QUOTES, 'extrainfo'); ?> <script language="javascript" type="text/javascript"> Joomla.submitbutton = function (pressbutton) { var form = document.adminForm; if (pressbutton == 'cancel') { submitform( pressbutton ); return; } if (form.pid.value =="0") { // do field validation if (form.name.value == "") { alert( "<?php echo JText::_('USER_NAME_ANGEBEN', true); ?> " ); } else if (form.username.value == "") { alert( "<?php echo JText::_('USER_USER_ANGEBEN', true); ?> " ); } else if (form.email.value == "") { alert( "<?php echo JText::_('USER_MAIL_ANGEBEN', true); ?> " ); } else if ( getSelectedValue('adminForm','usertype') == "" ) { alert( "<?php echo JText::_('USER_FUNKTION_AUSWAEHLEN', true); ?> " ); } else if ( getSelectedValue('adminForm','zps') == 0 ) { alert( "<?php echo JText::_('USER_VEREIN_AUSWAEHLEN', true); ?> " ); } else { submitform( pressbutton ); } } else { // do field validation if ( getSelectedValue('adminForm','usertype') == "" ) { alert( "<?php echo JText::_('USER_FUNKTION_AUSWAEHLEN', true); ?> " ); } else if ( getSelectedValue('adminForm','zps') == 0 ) { alert( "<?php echo JText::_('USER_VEREIN_AUSWAEHLEN', true); ?> " ); } else if ( getSelectedValue('adminForm','sid') == 0 ) { alert( "<?php echo JText::_('USER_SAISON_AUSWAEHLEN', true); ?> " ); } else { submitform( pressbutton ); } } } </script> <form action="index.php" method="post" name="adminForm" id="adminForm"> <div class="width-50 fltlft"> <fieldset class="adminform"> <legend><?php echo JText::_('USER_DETAILS'); ?> </legend> <table class="admintable"> <tr> <td class="key" width="20%" nowrap="nowrap"> <label for="name"><?php echo JText::_('USER_NAME') . ' : '; ?> </label> </td> <td> <input class="inputbox" type="text" name="name" id="name" size="30" maxlength="60" value="<?php echo $row->name; ?> " /><?php echo JText::_('USER_EXAMPLE_NAME'); ?> </td> </tr> <tr> <td class="key" width="20%" nowrap="nowrap"> <label for="username"><?php echo JText::_('USER') . ' : '; ?> </label> </td> <td> <input class="inputbox" type="text" name="username" id="username" size="30" maxlength="60" value="<?php echo $row->username; ?> " /><?php echo JText::_('USER_EXAMPLE_USERNAME'); ?> </td> </tr> <tr> <td class="key" width="20%" nowrap="nowrap"> <label for="name"><?php echo JText::_('USER_MAIL') . ' : '; ?> </label> </td> <td> <input class="inputbox" type="text" name="email" id="email" size="30" maxlength="60" value="<?php echo $row->email; ?> " /><?php echo JText::_('USER_EXAMPLE_MAIL'); ?> </td> </tr> <tr> <td class="key" width="20%" nowrap="nowrap"> <label for="name"><?php echo JText::_('USER_TELEFON') . ' : '; ?> </label> </td> <td> <input class="inputbox" type="text" name="tel_fest" id="tel_fest" size="30" maxlength="60" value="<?php echo $row->tel_fest; ?> " /><?php echo JText::_('USER_EXAMPLE_PHONE'); ?> </td> </tr> <tr> <td class="key" width="20%" nowrap="nowrap"> <label for="name"><?php echo JText::_('USER_MOBILE') . ' : '; ?> </label> </td> <td> <input class="inputbox" type="text" name="tel_mobil" id="tel_mobil" size="30" maxlength="60" value="<?php echo $row->tel_mobil; ?> " /><?php echo JText::_('USER_EXAMPLE_MOBILE'); ?> </td> </tr> <tr> <td class="key" nowrap="nowrap"> <label for="usertype"><?php echo JText::_('USER_FUNCTION') . ' : '; ?> </label> </td> <td> <?php echo $lists['usertype']; ?> </td> </tr> <tr> <td class="key" nowrap="nowrap"><label for="verein"><?php echo JText::_('VEREIN') . ' : '; ?> </label> </td> <td> <?php echo $lists['verein']; ?> </td> </tr> <tr> <td class="key" width="20%" nowrap="nowrap"> <label for="name"><?php echo JText::_('USER_MGNR') . ' : '; ?> </label> </td> <td> <input class="inputbox" type="text" name="mglnr" id="mglnr" size="30" maxlength="6" value="<?php echo $row->mglnr; ?> " /><?php echo JText::_('USER_EXAMPLE_MGNR'); ?> </td> </tr> <tr> <td class="key" nowrap="nowrap"><label for="sid"><?php echo JText::_('SAISON') . ' : '; ?> </label> </td> <td> <?php echo $lists['saison']; ?> </td> </tr> <tr> <td class="key" nowrap="nowrap"><label for="published"><?php echo JText::_('JPUBLISHED') . ' : '; ?> </label> </td> <td><fieldset class="radio"> <?php echo $lists['published']; ?> </fieldset></td> </tr> <tr> <!-- <td class="key" nowrap="nowrap"><label for="aktive"><?php echo JText::_('USER_MAIL') . ' : '; ?> </label> </td> <td> <?php //echo $lists['aktive']; ?> </td> </tr> --> </table> </fieldset> </div> <div class="width-50 fltrt"> <fieldset class="adminform"> <legend><?php echo JText::_('REMARKS'); ?> </legend> <table class="adminlist"> <legend><?php echo JText::_('REMARKS_PUBLIC'); ?> </legend> <br> <tr> <td width="100%" valign="top"> <textarea class="inputbox" name="bemerkungen" id="bemerkungen" cols="40" rows="2" style="width:90%"><?php echo str_replace('&', '&', $row->bemerkungen); ?> </textarea> </td> </tr> </table> <table class="adminlist"> <tr><legend><?php echo JText::_('REMARKS_INTERNAL'); ?> </legend> <br> <td width="100%" valign="top"> <textarea class="inputbox" name="bem_int" id="bem_int" cols="40" rows="2" style="width:90%"><?php echo str_replace('&', '&', $row->bem_int); ?> </textarea> </td> </tr> </table> </fieldset> <?php if (JRequest::getVar('task') == 'add') { ?> <br> <fieldset class="adminform"> <table class="adminlist"> <legend><?php echo JText::_('USER_LINE01'); ?> </legend> <?php echo JText::_('USER_LINE02'); ?> <br><?php echo JText::_('USER_LINE03'); ?> . <br><br> <tr> <td width="100%" valign="top"> <?php echo $lists['jid']; ?> </td> </tr> </table> </fieldset> <?php } else { ?> <input type="hidden" name="pid" value="0" /> <?php } ?> </div> <div class="clr"></div> <input type="hidden" name="section" value="users" /> <input type="hidden" name="option" value="com_clm" /> <input type="hidden" name="id" value="<?php echo $row->id; ?> " /> <input type="hidden" name="jid" id="jid" value="<?php echo $row->jid; ?> " /> <input type="hidden" name="aktive" value="<?php echo $row->aktive; ?> " /> <input type="hidden" name="script_task" value="<?php echo JRequest::getVar('task'); ?> " /> <input type="hidden" name="task" value="" /> <?php echo JHtml::_('form.token'); ?> </form> <?php }