monitor-frontend/admin.php

<?php

/*
 *      PHP Frontend for pocsag monitor
 *
 *      Copyright (C) 2004-2005
 *          Manuel Weiser (manuelw@fire-devils.org)
 *
 *      This program is free software; you can redistribute it and/or modify
 *      it under the terms of the GNU General Public License as published by
 *      the Free Software Foundation; either version 2 of the License, or
 *      (at your option) any later version.
 *
 *      This program is distributed in the hope that it will be useful,
 *      but WITHOUT ANY WARRANTY; without even the implied warranty of
 *      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *      GNU General Public License for more details.
 *
 *      You should have received a copy of the GNU General Public License
 *      along with this program; if not, write to the Free Software
 *      Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */

require('config.inc.php');

$_SESSION["load_complete"] = "";
$_SESSION["lastupdate"] = "";
$_SESSION["online_users"] = "";

if (!isset($_REQUEST["org"])) $_REQUEST["org"]="";
if (!isset($_REQUEST["form"])) $_REQUEST["form"]="";
if (!isset($option_org)) $option_org="";
if (!isset($option_format)) $option_format="";
if (!isset($_GET["org"])) $_GET["org"]="";

// Prüfen ob admin
if( $_SESSION["admin"] != 1 ) exit;

/**************************/
// Seite zusammenstellen
//

//
// Wenn dme ohne Org anzuschauen ist
if( isset($_GET["show"]) && $_GET["show"] == 'dme' && !isset($_GET["do"]) )
{
	// Alle DME ohne Organisation holen
	$result = mysqli_query($dbconn, "SELECT a.id, a.adresse, a.bezeichnung, a.rec_typ, b.id as import_id, b.i_ric, b.i_org, b.i_ort, b.i_zusatz 
											FROM ric_zvei a
											LEFT JOIN import_ric b ON a.adresse = b.i_ric
											WHERE a.org_id = '0' 
											ORDER BY a.bezeichnung ASC") or die (mysqli_error($dbconn));

	while($row = mysqli_fetch_array($result))
	{
		if (isset($row["import_id"])) {
            $show_all .= '
				  <tr bgcolor="#FFFFFF">
				    <td align="center">' . $row["rec_typ"] . '</td>
				    <td>&nbsp;<b>' . $row["adresse"] . '</b> / ' . $row["i_org"]." ".$row["i_ort"]." | ".$row["i_zusatz"] . '</td>
				    <td align="center">&nbsp;<a href="' . $_SERVER["PHP_SELF"] . '?show=dme&do=update&id=' . $row["id"] . '&ric='.$row["i_ric"].'">zuordnen</a>&nbsp;</td>
				    <td align="center">&nbsp;<a href="' . $_SERVER["PHP_SELF"] . '?show=dme&do=delete&id=' . $row["id"] . '">l&ouml;schen</a>&nbsp;</td>
				  </tr>
			';
		}
		else {
            $show_all .= '
				  <tr bgcolor="#FFFFFF">
				    <td align="center">' . $row["rec_typ"] . '</td>
				    <td>&nbsp;<b>' . $row["adresse"] . '</b> / ' . $row["bezeichnung"] . '</td>
				    <td align="center">&nbsp;<a href="' . $_SERVER["PHP_SELF"] . '?show=dme&do=update&id=' . $row["id"] . '">zuordnen</a>&nbsp;</td>
				    <td align="center">&nbsp;<a href="' . $_SERVER["PHP_SELF"] . '?show=dme&do=delete&id=' . $row["id"] . '">l&ouml;schen</a>&nbsp;</td>
				  </tr>
			';
        }
	}
	
	// Seiteninhalt ausgeben
	eval ("\$page_middle .= \"".gettemplate($template_dir."body_admin_dme-kfz_update")."\";");
}

//
// Wenn dme updaten
elseif( isset($_GET["show"]) && $_GET["show"] == 'dme' && $_GET["do"] && $_GET["do"] == 'update' )
{
    // Abfrage ob in import table vorhanden
	if (isset($_GET["ric"])) {
		$ric = trim($_GET["ric"]);

        $result = mysqli_query($dbconn, "SELECT i_ric, i_org, i_ort, i_zusatz FROM import_ric WHERE i_ric=$ric") or die (mysqli_error($dbconn));
        $imp = mysqli_fetch_array($result);

        (!empty($imp["i_ort"])) ? $org_name = strtoupper($imp["i_ort"]) : $org_name="";
    }

    // Zusammenstellung bekannter Organisationen
    $result = mysqli_query($dbconn, "SELECT a.id, a.org_name, a.org 
											FROM organisation a
											ORDER BY a.org ASC, a.org_name ASC") or die (mysqli_error($dbconn));

	while($row = mysqli_fetch_array($result))
	{
		($_REQUEST["org"] == $row["id"]) ? $selected="selected" : $selected="";
		$option_org	.= '<option value="'.$row["id"].'" '.$selected.'>'.$row["org"].' '.$row["org_name"].'</option>';
	}
	
	// Zusammenstellung der Formatierungen
	$result = mysqli_query($dbconn, "SELECT id, beschreibung FROM formatierung ORDER BY beschreibung ASC") or die (mysqli_error($dbconn));
	while($row = mysqli_fetch_array($result))
	{
		if( $_REQUEST["form"] == $row["id"] ) { $selected = 'selected'; } else { $selected = ''; }
		$option_format	.= '<option value="'.$row["id"].'" '.$selected.'>'.$row["beschreibung"].'</option>';
	}
	
	// Abfrage des verlangten Datensatzes
	$result = mysqli_query($dbconn, "SELECT a.id, a.adresse, a.bezeichnung, a.rec_typ, b.i_org, b.i_ort, b.i_zusatz
											FROM ric_zvei a
											LEFT JOIN import_ric b ON a.adresse=b.i_ric
											WHERE a.id = '$_GET[id]'") or die (mysqli_error($dbconn));
	$row = mysqli_fetch_array($result);

	(!empty($imp["i_zusatz"])) ? $org_bezeichnung=$imp["i_zusatz"] : $org_bezeichnung=$row["bezeichnung"];

	// Formular zusammenstellen
	$updateSelectOrgTyp="";
    $orgs = array("RLS", "FF", "BF", "RD", "THW", "KAT", "KBM", "RLS");
	foreach ($orgs as $v) {
		($v == trim($row["i_org"])) ? $selected="selected" : $selected="";
		$updateSelectOrgTyp .= "<option value=\"$v\" $selected>$v</option>";
	}

	if (!isset($org_name)) $org_name="";

	// Seiteninhalt ausgeben
	eval ("\$page_middle .= \"".gettemplate($template_dir."body_admin_dme2org")."\";");
}

//
// Wenn dme l<>schen
elseif( isset($_GET["show"]) && $_GET["show"] == 'dme' && $_GET["do"] && $_GET["do"] == 'delete' )
{
	$result = mysqli_query($dbconn, "DELETE FROM ric_zvei WHERE id = '$_GET[id]'") or die (mysqli_error($dbconn));
	$result = mysqli_query($dbconn, "DELETE FROM alarm2mail WHERE adresse = '$_GET[adresse]'") or die (mysqli_error($dbconn));
	
	// Pr<50>fen ob noch weitere Eintr<74>ge zur Org da sind, wenn nicht l<>schen
	if( $_GET["org"] != "" )
	{
		$result = mysqli_query($dbconn, "SELECT a.id AS dme_id, b.id AS kfz_id
								FROM ric_zvei a
								LEFT JOIN kfz_fms b ON b.org_id = $_GET[org]
								WHERE a.org_id = '$_GET[org]' OR b.org_id = '$_GET[org]'") or die (mysqli_error($dbconn));
		$row = mysqli_fetch_array($result);
		
		if( !$row["dme_id"] && !$row["kfz_id"] )
		{
			$result = mysqli_query($dbconn, "DELETE FROM organisation WHERE id = '$_GET[org]'") or die (mysqli_error($dbconn));
		}
	}
	
	// Wohin gehen nach Aktion
	if( !isset($_GET["org"]) )
	{
		echo gohome($_SERVER["PHP_SELF"].'?show=dme&org=0');
	}
	else
	{
		echo gohome($_SERVER["PHP_SELF"]);
	}
}

//
// dme Update ausf<73>hren
elseif( isset($_GET["show"]) && $_GET["show"] == 'dme' && isset($_GET["do"]) && $_GET["do"] == 'setupdate' )
{
	// Schauen ob neue oder bestehende Organistaion gew<65>hlt wurde
	if( isset($_REQUEST["new_org"]) && $_REQUEST["new_org"] != "" )
	{
		/////////////////$organisation	= $_REQUEST["new_org"];
		
		// Pr<50>fen ob die Org schon existiert, wenn ja update kein eintrag
		$result = mysqli_query($dbconn, "SELECT id FROM organisation WHERE org_name = '$_REQUEST[new_org]' AND org = '$_REQUEST[new_org_typ]'") or die (mysqli_error($dbconn));
		$row = mysqli_fetch_array($result);
		
		if( $row["id"] )
		{
			$org_id	= $row["id"];
		}
		
		if( !isset($org_id) )
		{
			$result = mysqli_query($dbconn, "INSERT INTO organisation (org_name, org) VALUES ('$_REQUEST[new_org]', '$_REQUEST[new_org_typ]')");
			
			$result = mysqli_query($dbconn, "SELECT MAX(id) as new_id FROM organisation");
			$row = mysqli_fetch_row($result);
			$org_id	= $row[0];
		}
	}
	else
	{
		$org_id	= $_REQUEST["select_org"];
	}
	
	$result = mysqli_query($dbconn, "UPDATE ric_zvei SET bezeichnung = '$_REQUEST[bezeichnung]', formatierung_id = '$_REQUEST[formatierung]', org_id = '$org_id' WHERE id='$_REQUEST[id]'") or die (mysqli_error($dbconn));
	
	// Pr<50>fen ob noch weitere Eintr<74>ge zur Org da sind, wenn nicht l<>schen
	if( isset($_REQUEST["old_org"]) )
	{
		$result = mysqli_query($dbconn, "SELECT a.id AS dme_id, b.id AS kfz_id
								FROM ric_zvei a
								LEFT JOIN kfz_fms b ON b.org_id = $org_id
								WHERE a.org_id = '$org_id' OR b.org_id = '$org_id'") or die (mysqli_error($dbconn));
		$row = mysqli_fetch_array($result);
		
		if( !$row["dme_id"] && !$row["kfz_id"] )
		{
			$result = mysqli_query($dbconn, "DELETE FROM organisation WHERE id = '$org_id'") or die (mysqli_error($dbconn));
		}
	}
	
	echo gohome($_SERVER["PHP_SELF"]);
}

//
// Wenn kfz ohne org anzusehen ist
elseif( isset($_GET["show"]) && $_GET["show"] == 'kfz' && !isset($_GET["do"]) )
{
	// Alle DME ohne Organisation holen
	$result = mysqli_query($dbconn, "SELECT id, bezeichnung FROM kfz_fms WHERE org_id = '0' ORDER BY bezeichnung ASC") or die (mysqli_error($dbconn));
	while($row = mysqli_fetch_array($result))
	{
		$show_all .= '
				  <tr bgcolor="#FFFFFF">
				    <td>&nbsp;'.$row["bezeichnung"].'</td>
				    <td align="center">&nbsp;<a href="'.$_SERVER["PHP_SELF"].'?show=kfz&do=update&id='.$row["id"].'">zuordnen</a>&nbsp;</td>
   				    <td align="center">&nbsp;<a href="'.$_SERVER["PHP_SELF"].'?show=kfz&do=delete&id='.$row["id"].'">l&ouml;schen</a>&nbsp;</td>
				  </tr>
		';
	}
	
	// Seiteninhalt ausgeben
	eval ("\$page_middle .= \"".gettemplate($template_dir."body_admin_dme-kfz_update")."\";");
}

//
// Wenn kfz updaten
elseif( isset($_GET["show"]) && $_GET["show"] == 'kfz' && isset($_GET["do"]) && $_GET["do"] == 'update' )
{
	// Zusammenstellung bekannter Organisationen
	$result = mysqli_query($dbconn, "SELECT id, org_name, org FROM organisation ORDER BY org ASC, org_name ASC") or die (mysqli_error($dbconn));
	while($row = mysqli_fetch_array($result))
	{
		if( $_REQUEST["org"] == $row["id"] ) { $selected = 'selected'; } else { $selected = ''; }
		$option_org	.= '<option value="'.$row["id"].'" '.$selected.'>'.$row["org"].' '.$row["org_name"].'</option>';
	}
	
	// Abfrage des verlangten Datensatzes
	$result = mysqli_query($dbconn, "SELECT id, bezeichnung FROM kfz_fms WHERE id = '$_GET[id]'") or die (mysqli_error($dbconn));
	$row = mysqli_fetch_array($result);
	
	// Seiteninhalt ausgeben
	eval ("\$page_middle .= \"".gettemplate($template_dir."body_admin_kfz2org")."\";");
}

//
// Wenn kfz l<>schen
elseif( isset($_GET["show"]) && $_GET["show"] == 'kfz' && isset($_GET["do"]) && $_GET["do"] == 'delete' )
{
	$result = mysqli_query($dbconn, "DELETE FROM kfz_fms WHERE id = '$_GET[id]'") or die (mysqli_error($dbconn));
	
	// Pr<50>fen ob noch weitere Eintr<74>ge zur Org da sind, wenn nicht l<>schen
	if( isset($_GET["org"]) )
	{
		$result = mysqli_query($dbconn, "SELECT a.id AS dme_id, b.id AS kfz_id
								FROM ric_zvei a
								LEFT JOIN kfz_fms b ON b.org_id = $_GET[org]
								WHERE a.org_id = '$_GET[org]' OR b.org_id = '$_GET[org]'") or die (mysqli_error($dbconn));
		$row = mysqli_fetch_array($result);
		
		if( !$row["dme_id"] && !$row["kfz_id"] )
		{
			$result = mysqli_query($dbconn, "DELETE FROM organisation WHERE id = '$_GET[org]'") or die (mysqli_error($dbconn));
		}
	}
	
	// Wohin gehen nach Aktion
	if( !isset($_GET["org"]) )
	{
		echo gohome($_SERVER["PHP_SELF"].'?show=kfz&org=0');
	}
	else
	{
		echo gohome($_SERVER["PHP_SELF"]);
	}
}

//
// kfz Update ausfhren
elseif( isset($_GET["show"]) && $_GET["show"] == 'kfz' && isset($_GET["do"]) && $_GET["do"] == 'setupdate' )
{
	// Schauen ob neue oder bestehende Organistaion gewhlt wurde
	if( isset($_REQUEST["new_org"]) )
	{
		$organisation	= $_REQUEST["new_org"];
		$result = mysqli_query($dbconn, "INSERT INTO organisation (org_name, org) VALUES ('$organisation', '$_REQUEST[new_org_typ]')");
		
		$result = mysqli_query($dbconn, "SELECT MAX(id) as new_id FROM organisation");
		$row = mysqli_fetch_row($result);
		$organisation	= $row[0];
	}
	else
	{
		$organisation	= $_REQUEST["select_org"];
	}
	
	$result = mysqli_query($dbconn, "UPDATE kfz_fms SET bezeichnung = '$_REQUEST[bezeichnung]', org_id = '$organisation' WHERE id='$_REQUEST[id]'") or die (mysqli_error($dbconn));
	
	// Pr<50>fen ob noch weitere Eintr<74>ge zur Org da sind, wenn nicht l<>schen
	if( isset($_REQUEST["old_org"]) )
	{
		$result = mysqli_query($dbconn, "SELECT a.id AS dme_id, b.id AS kfz_id
								FROM ric_zvei a
								LEFT JOIN kfz_fms b ON b.org_id = $_REQUEST[old_org]
								WHERE a.org_id = '$_REQUEST[old_org]' OR b.org_id = '$_REQUEST[old_org]'") or die (mysqli_error($dbconn));
		$row = mysqli_fetch_array($result);
		
		if( !$row["dme_id"] && !$row["kfz_id"] )
		{
			$result = mysqli_query($dbconn, "DELETE FROM organisation WHERE id = '$_REQUEST[old_org]'") or die (mysqli_error($dbconn));
		}
	}
	
	echo gohome($_SERVER["PHP_SELF"]);
}

//
// Wenn Userliste anzeigen
elseif( isset($_GET["show"]) && $_GET["show"] == 'user' && !isset($_GET["do"]) )
{
	// Alle DME ohne Organisation holen
	$result = mysqli_query($dbconn, "SELECT id, a_name, real_name, a_admin, a_mail FROM admin_users ORDER BY a_admin DESC, a_name ASC") or die (mysqli_error($dbconn));
	while($row = mysqli_fetch_array($result))
	{
		if( $row["a_admin"] == '0' ) $status = '<b>(User)</b> ';
		elseif( $row["a_admin"] == '1' ) $status = '<b>(Admin)</b> ';
		elseif( $row["a_admin"] == '2' ) $status = '<b>(New)</b> ';
		elseif( $row["a_admin"] == '3' ) $status = '<b>(Closed)</b> ';
		
		if( $row["a_admin"] != '1') {
			$show_del_button = '<a href="'.$_SERVER["PHP_SELF"].'?show=user&do=delete&id='.$row["id"].'">l&ouml;schen</a>';
		} else {
			$show_del_button = "";
		}
		
		$show_all .= '
				  <tr bgcolor="#FFFFFF">
				    <td>&nbsp;'.$status.$row["real_name"].'</td>
					<td><font size="2">&nbsp;'.$row["a_mail"].'</font></td>
					<!--<td align="center">&nbsp;<a href="'.$_SERVER["PHP_SELF"].'?show=user&do=update&id='.$row["id"].'">&auml;ndern</a>&nbsp;</td>-->
					<td>'.$row["a_name"].'</td>
					<td align="center">&nbsp;'.$show_del_button.'&nbsp;</td>
				  </tr>
		';
	}

		// Benutzer eintragen
		$show_all .= '
				  <tr bgcolor="#FFFFFF">
				  	<td colspan="4"><br><br>Neuer User</td>
				  </tr>
				  <tr bgcolor="#FFFFFF">
				  	<td>Vorname / Name</td>
				  	<td>EMail</td>
				  	<td colspan="2"></td>
				  </tr>
				  <form name="form999" method="post" action="'.$_SERVER["PHP_SELF"].'?show=user&do=insert">
				  <tr bgcolor="#FFFFFF">
				  	<td><input name="ins_name" id="ins_name" type="text" size="30"> </td>
				  	<td><input name="ins_mail" id="ins_mail" type="text" size="30"> </td>
				  	<td colspan="2"><input type="submit" name="Submit" value="Eintragen"></td>
				  </tr>
				  </form>
		';
	
	// Seiteninhalt ausgeben
	eval ("\$page_middle .= \"".gettemplate($template_dir."body_admin_dme-kfz_update")."\";");
}

// User eintragen
elseif( isset($_GET["show"]) && $_GET["show"] == 'user' && isset($_GET["do"]) && $_GET["do"] == 'insert' )
{
	list($vorname, $nachname) = explode(" ", trim($_REQUEST["ins_name"]));
	$ins_user_name = trim($vorname) .".". substr(trim($nachname),0,1);
	
	$result = mysqli_query($dbconn, "SELECT id FROM admin_users WHERE a_name = '$ins_user_name'");
	$row = mysqli_fetch_array($result);
	
	if (!empty($row["id"])) $ins_user_name = trim($vorname) .".". substr(trim($nachname),0,1) ."". rand(1,99);
	
	$result = mysqli_query($dbconn, "INSERT INTO admin_users (a_name, real_name, a_mail, pm_allow) VALUES ('$ins_user_name', '$_REQUEST[ins_name]', '$_REQUEST[ins_mail]', '1')") or die(mysqli_error);

	echo gohome($_SERVER["PHP_SELF"].'?show=user');
}

//
// Wenn user l<>schen
elseif( isset($_GET["show"]) && $_GET["show"] == 'user' && isset($_GET["do"]) && $_GET["do"] == 'delete' )
{
	$result = mysqli_query($dbconn, "DELETE FROM messages WHERE userid_to = '$_GET[id]'") or die (mysqli_error($dbconn));
	$result = mysqli_query($dbconn, "DELETE FROM alarm2mail WHERE userid = '$_GET[id]'") or die (mysqli_error($dbconn));
	$result = mysqli_query($dbconn, "DELETE FROM admin_users WHERE id = '$_GET[id]'") or die (mysqli_error($dbconn));

	echo gohome($_SERVER["PHP_SELF"].'?show=user');
}

//
// Wenn nichts vorgegeben
else
{
	// Wir schauen nach dme die keiner Org zugeordnet sind
	$result = mysqli_query($dbconn, "SELECT id FROM ric_zvei WHERE org_id = '0'") or die (mysqli_error($dbconn));
	$num_dme = mysqli_num_rows($result);
	
	// Wir schauen nach kfz die keiner Org zugeordnet sind
	$result = mysqli_query($dbconn, "SELECT id FROM kfz_fms WHERE org_id = '0'") or die (mysqli_error($dbconn));
	$num_kfz = mysqli_num_rows($result);

	// Wir schauen nach der Userzahl
	$result = mysqli_query($dbconn, "SELECT id FROM admin_users") or die (mysqli_error($dbconn));
	$num_user = mysqli_num_rows($result);
	
	$result = mysqli_query($dbconn, "SELECT id FROM admin_users WHERE a_admin = '2'") or die (mysqli_error($dbconn));
	$num_new_user = mysqli_num_rows($result);
	
	// Ausklappmenu erstellen
	$select_search_org = '
		<select name="search_org" id="search_org">
			<option value="">--- w&auml;hle Org. zum bearbeiten ---</option>';

	$result	= mysqli_query($dbconn, "SELECT id, org_name, org FROM organisation WHERE org != '' ORDER BY org ASC, org_name ASC") or die (mysqli_error($dbconn));
	while($row = mysqli_fetch_array($result))
	{
		if( isset($_REQUEST["search_org"]) && $_REQUEST["search_org"] == $row["id"] ) { $selected = 'selected'; } else { $selected = ''; }
		$select_search_org .= '
			<option value="'.$row["id"].'" '.$selected.'>'.$row["org"].' &nbsp;&nbsp;'.$row["org_name"].'</option>
		';
	}
	
	$select_search_org .= '
                </select>	
	';
	
	// Ausgabe zusammenstellen wenn org zum bearbeiten gew<65>hlt
	if( isset($_REQUEST["search_org"]) )
	{
		$show_ric = '--- <b>RIC/ZVEI</b> ----------<br>';
		
		$result	= mysqli_query($dbconn,"SELECT id, adresse, bezeichnung, rec_typ, org_id, formatierung_id FROM ric_zvei WHERE org_id = '$_REQUEST[search_org]' ORDER BY rec_typ ASC, adresse ASC") or die (mysqli_error($dbconn));
		while($row = mysqli_fetch_array($result))
		{
			$show_ric .= '&nbsp;<a href="'.$_SERVER["PHP_SELF"].'?do=update&id='.$row["id"].'&show=dme&org='.$row["org_id"].'&form='.$row["formatierung_id"].'">'.$row["adresse"].'</a> | '.$row["rec_typ"].' | '.$row["bezeichnung"].'<br>';
		}
		
		$show_ric .= '<br>--- <b>KFZ/FMS</b> ----------<br>';
		
		$result	= mysqli_query($dbconn, "SELECT id, kennung, bezeichnung, org_id FROM kfz_fms WHERE org_id = '$_REQUEST[search_org]' ORDER BY kennung ASC") or die (mysqli_error($dbconn));
		while($row = mysqli_fetch_array($result))
		{
			$show_ric .= '&nbsp;<a href="'.$_SERVER["PHP_SELF"].'?do=update&id='.$row["id"].'&show=kfz&org='.$row["org_id"].'">'.$row["kennung"].'</a> | '.$row["bezeichnung"].'<br>';
		}
		
		$show_to_edit = '<tr bgcolor="#FFFFFF">
							<td>'.$show_ric.'</td>
						</tr>';
	}

	// Seiteninhalt ausgeben
	eval ("\$page_middle .= \"".gettemplate($template_dir."body_admin_index")."\";");
}

/**************************/
// Ausgabe Rahmen
//
eval ("dooutput(\"".gettemplate($template_dir."rahmen")."\");");

/**************************/
// Datenbank schliessen
//
mysqli_close($dbconn);
?>