ready to go

2018-08-04 17:21:54 +02:00 · 2018-08-04 17:21:54 +02:00 · 8cf053078a
commit 8cf053078a
parent 2c0012a6f4
7 changed files with 82 additions and 63 deletions
--- a/admin.php
+++ b/admin.php
@ -27,7 +27,7 @@ $_SESSION["load_complete"] = "";
 $_SESSION["lastupdate"] = "";
 $_SESSION["online_users"] = "";
-// Pr<EFBFBD>fen ob admin
+// Prüfen ob admin
 if( $_SESSION["admin"] != 1 ) exit;
 /**************************/
@ -36,7 +36,7 @@ if( $_SESSION["admin"] != 1 ) exit;
 //
 // Wenn dme ohne Org anzuschauen ist
-if( $_GET["show"] == 'dme' && !$_GET["do"] )
+if( isset($_GET["show"]) && $_GET["show"] == 'dme' && !isset($_GET["do"]) )
 {
 	// Alle DME ohne Organisation holen
 	$result = mysqli_query($dbconn, "SELECT id, adresse, bezeichnung, rec_typ FROM ric_zvei WHERE org_id = '0' ORDER BY bezeichnung ASC") or die (mysqli_error($dbconn));
@ -47,7 +47,7 @@ if( $_GET["show"] == 'dme' && !$_GET["do"] )
 				    <td align="center">'.$row["rec_typ"].'</td>
 				    <td>&nbsp;<b>'.$row["adresse"].'</b> / '.$row["bezeichnung"].'</td>
 				    <td align="center">&nbsp;<a href="'.$_SERVER["PHP_SELF"].'?show=dme&do=update&id='.$row["id"].'">zuordnen</a>&nbsp;</td>
-				    <td align="center">&nbsp;<a href="'.$_SERVER["PHP_SELF"].'?show=dme&do=delete&id='.$row["id"].'">l<EFBFBD>schen</a>&nbsp;</td>
+				    <td align="center">&nbsp;<a href="'.$_SERVER["PHP_SELF"].'?show=dme&do=delete&id='.$row["id"].'">l&ouml;schen</a>&nbsp;</td>
 				  </tr>
 		';
 	}
@ -58,7 +58,7 @@ if( $_GET["show"] == 'dme' && !$_GET["do"] )
 //
 // Wenn dme updaten
-elseif( $_GET["show"] == 'dme' && $_GET["do"] == 'update' )
+elseif( isset($_GET["show"]) && $_GET["show"] == 'dme' && $_GET["do"] && $_GET["do"] == 'update' )
 {
 	// Zusammenstellung bekannter Organisationen
 	$result = mysqli_query($dbconn, "SELECT id, org_name, org FROM organisation ORDER BY org ASC, org_name ASC") or die (mysqli_error($dbconn));
@ -86,7 +86,7 @@ elseif( $_GET["show"] == 'dme' && $_GET["do"] == 'update' )
 //
 // Wenn dme l<>schen
-elseif( $_GET["show"] == 'dme' && $_GET["do"] == 'delete' )
+elseif( isset($_GET["show"]) && $_GET["show"] == 'dme' && $_GET["do"] && $_GET["do"] == 'delete' )
 {
 	$result = mysqli_query($dbconn, "DELETE FROM ric_zvei WHERE id = '$_GET[id]'") or die (mysqli_error($dbconn));
 	$result = mysqli_query($dbconn, "DELETE FROM alarm2mail WHERE adresse = '$_GET[adresse]'") or die (mysqli_error($dbconn));
@ -107,7 +107,7 @@ elseif( $_GET["show"] == 'dme' && $_GET["do"] == 'delete' )
 	}
 	// Wohin gehen nach Aktion
-	if( !$_GET["org"] )
+	if( !isset($_GET["org"]) )
 	{
 		echo gohome($_SERVER["PHP_SELF"].'?show=dme&org=0');
 	}
@ -119,10 +119,10 @@ elseif( $_GET["show"] == 'dme' && $_GET["do"] == 'delete' )
 //
 // dme Update ausf<73>hren
-elseif( $_GET["show"] == 'dme' && $_GET["do"] == 'setupdate' )
+elseif( isset($_GET["show"]) && $_GET["show"] == 'dme' && isset($_GET["do"]) && $_GET["do"] == 'setupdate' )
 {
 	// Schauen ob neue oder bestehende Organistaion gew<65>hlt wurde
-	if( $_REQUEST["new_org"] )
+	if( isset($_REQUEST["new_org"]) )
 	{
 		/////////////////$organisation	= $_REQUEST["new_org"];
@ -140,7 +140,7 @@ elseif( $_GET["show"] == 'dme' && $_GET["do"] == 'setupdate' )
 			$result = mysqli_query($dbconn, "INSERT INTO organisation (org_name, org) VALUES ('$_REQUEST[new_org]', '$_REQUEST[new_org_typ]')");
 			$result = mysqli_query($dbconn, "SELECT MAX(id) as new_id FROM organisation");
-			$row = mysql_fetch_row($result);
+			$row = mysqli_fetch_row($result);
 			$org_id	= $row[0];
 		}
 	}
@ -152,7 +152,7 @@ elseif( $_GET["show"] == 'dme' && $_GET["do"] == 'setupdate' )
 	$result = mysqli_query($dbconn, "UPDATE ric_zvei SET bezeichnung = '$_REQUEST[bezeichnung]', formatierung_id = '$_REQUEST[formatierung]', org_id = '$org_id' WHERE id='$_REQUEST[id]'") or die (mysqli_error($dbconn));
 	// Pr<50>fen ob noch weitere Eintr<74>ge zur Org da sind, wenn nicht l<>schen
-	if( $_REQUEST["old_org"] )
+	if( isset($_REQUEST["old_org"]) )
 	{
 		$result = mysqli_query($dbconn, "SELECT a.id AS dme_id, b.id AS kfz_id
 								FROM ric_zvei a
@ -171,7 +171,7 @@ elseif( $_GET["show"] == 'dme' && $_GET["do"] == 'setupdate' )
 //
 // Wenn kfz ohne org anzusehen ist
-elseif( $_GET["show"] == 'kfz' && !$_GET["do"] )
+elseif( isset($_GET["show"]) && $_GET["show"] == 'kfz' && !isset($_GET["do"]) )
 {
 	// Alle DME ohne Organisation holen
 	$result = mysqli_query($dbconn, "SELECT id, bezeichnung FROM kfz_fms WHERE org_id = '0' ORDER BY bezeichnung ASC") or die (mysqli_error($dbconn));
@ -181,7 +181,7 @@ elseif( $_GET["show"] == 'kfz' && !$_GET["do"] )
 				  <tr bgcolor="#FFFFFF">
 				    <td>&nbsp;'.$row["bezeichnung"].'</td>
 				    <td align="center">&nbsp;<a href="'.$_SERVER["PHP_SELF"].'?show=kfz&do=update&id='.$row["id"].'">zuordnen</a>&nbsp;</td>
-   				    <td align="center">&nbsp;<a href="'.$_SERVER["PHP_SELF"].'?show=kfz&do=delete&id='.$row["id"].'">l<EFBFBD>schen</a>&nbsp;</td>
+   				    <td align="center">&nbsp;<a href="'.$_SERVER["PHP_SELF"].'?show=kfz&do=delete&id='.$row["id"].'">l&ouml;schen</a>&nbsp;</td>
 				  </tr>
 		';
 	}
@ -192,7 +192,7 @@ elseif( $_GET["show"] == 'kfz' && !$_GET["do"] )
 //
 // Wenn kfz updaten
-elseif( $_GET["show"] == 'kfz' && $_GET["do"] == 'update' )
+elseif( isset($_GET["show"]) && $_GET["show"] == 'kfz' && isset($_GET["do"]) && $_GET["do"] == 'update' )
 {
 	// Zusammenstellung bekannter Organisationen
 	$result = mysqli_query($dbconn, "SELECT id, org_name, org FROM organisation ORDER BY org ASC, org_name ASC") or die (mysqli_error($dbconn));
@ -212,12 +212,12 @@ elseif( $_GET["show"] == 'kfz' && $_GET["do"] == 'update' )
 //
 // Wenn kfz l<>schen
-elseif( $_GET["show"] == 'kfz' && $_GET["do"] == 'delete' )
+elseif( isset($_GET["show"]) && $_GET["show"] == 'kfz' && isset($_GET["do"]) && $_GET["do"] == 'delete' )
 {
 	$result = mysqli_query($dbconn, "DELETE FROM kfz_fms WHERE id = '$_GET[id]'") or die (mysqli_error($dbconn));
 	// Pr<50>fen ob noch weitere Eintr<74>ge zur Org da sind, wenn nicht l<>schen
-	if( $_GET["org"] )
+	if( isset($_GET["org"]) )
 	{
 		$result = mysqli_query($dbconn, "SELECT a.id AS dme_id, b.id AS kfz_id
 								FROM ric_zvei a
@ -232,7 +232,7 @@ elseif( $_GET["show"] == 'kfz' && $_GET["do"] == 'delete' )
 	}
 	// Wohin gehen nach Aktion
-	if( !$_GET["org"] )
+	if( !isset($_GET["org"]) )
 	{
 		echo gohome($_SERVER["PHP_SELF"].'?show=kfz&org=0');
 	}
@ -244,16 +244,16 @@ elseif( $_GET["show"] == 'kfz' && $_GET["do"] == 'delete' )
 //
 // kfz Update ausfhren
-elseif( $_GET["show"] == 'kfz' && $_GET["do"] == 'setupdate' )
+elseif( isset($_GET["show"]) && $_GET["show"] == 'kfz' && isset($_GET["do"]) && $_GET["do"] == 'setupdate' )
 {
 	// Schauen ob neue oder bestehende Organistaion gewhlt wurde
-	if( $_REQUEST["new_org"] )
+	if( isset($_REQUEST["new_org"]) )
 	{
 		$organisation	= $_REQUEST["new_org"];
 		$result = mysqli_query($dbconn, "INSERT INTO organisation (org_name, org) VALUES ('$organisation', '$_REQUEST[new_org_typ]')");
 		$result = mysqli_query($dbconn, "SELECT MAX(id) as new_id FROM organisation");
-		$row = mysql_fetch_row($result);
+		$row = mysqli_fetch_row($result);
 		$organisation	= $row[0];
 	}
 	else
@ -264,7 +264,7 @@ elseif( $_GET["show"] == 'kfz' && $_GET["do"] == 'setupdate' )
 	$result = mysqli_query($dbconn, "UPDATE kfz_fms SET bezeichnung = '$_REQUEST[bezeichnung]', org_id = '$organisation' WHERE id='$_REQUEST[id]'") or die (mysqli_error($dbconn));
 	// Pr<50>fen ob noch weitere Eintr<74>ge zur Org da sind, wenn nicht l<>schen
-	if( $_REQUEST["old_org"] )
+	if( isset($_REQUEST["old_org"]) )
 	{
 		$result = mysqli_query($dbconn, "SELECT a.id AS dme_id, b.id AS kfz_id
 								FROM ric_zvei a
@ -283,7 +283,7 @@ elseif( $_GET["show"] == 'kfz' && $_GET["do"] == 'setupdate' )
 //
 // Wenn Userliste anzeigen
-elseif( $_GET["show"] == 'user' && !$_GET["do"] )
+elseif( isset($_GET["show"]) && $_GET["show"] == 'user' && !isset($_GET["do"]) )
 {
 	// Alle DME ohne Organisation holen
 	$result = mysqli_query($dbconn, "SELECT id, a_name, real_name, a_admin, a_mail FROM admin_users ORDER BY a_admin DESC, a_name ASC") or die (mysqli_error($dbconn));
@ -321,7 +321,7 @@ elseif( $_GET["show"] == 'user' && !$_GET["do"] )
 				  	<td>EMail</td>
 				  	<td colspan="2"></td>
 				  </tr>
-				  <form name="form999" method="post" action="'.$_SERVER[PHP_SELF].'?show=user&do=insert">
+				  <form name="form999" method="post" action="'.$_SERVER["PHP_SELF"].'?show=user&do=insert">
 				  <tr bgcolor="#FFFFFF">
 				  	<td><input name="ins_name" id="ins_name" type="text" size="30"> </td>
 				  	<td><input name="ins_mail" id="ins_mail" type="text" size="30"> </td>
@ -335,7 +335,7 @@ elseif( $_GET["show"] == 'user' && !$_GET["do"] )
 }
 // User eintragen
-elseif( $_GET["show"] == 'user' && $_GET["do"] == 'insert' )
+elseif( isset($_GET["show"]) && $_GET["show"] == 'user' && isset($_GET["do"]) && $_GET["do"] == 'insert' )
 {
 	list($vorname, $nachname) = explode(" ", trim($_REQUEST["ins_name"]));
 	$ins_user_name = trim($vorname) .".". substr(trim($nachname),0,1);
@ -352,7 +352,7 @@ elseif( $_GET["show"] == 'user' && $_GET["do"] == 'insert' )
 //
 // Wenn user l<>schen
-elseif( $_GET["show"] == 'user' && $_GET["do"] == 'delete' )
+elseif( isset($_GET["show"]) && $_GET["show"] == 'user' && isset($_GET["do"]) && $_GET["do"] == 'delete' )
 {
 	$result = mysqli_query($dbconn, "DELETE FROM messages WHERE userid_to = '$_GET[id]'") or die (mysqli_error($dbconn));
 	$result = mysqli_query($dbconn, "DELETE FROM alarm2mail WHERE userid = '$_GET[id]'") or die (mysqli_error($dbconn));
@ -371,14 +371,14 @@ else
 	// Wir schauen nach kfz die keiner Org zugeordnet sind
 	$result = mysqli_query($dbconn, "SELECT id FROM kfz_fms WHERE org_id = '0'") or die (mysqli_error($dbconn));
-	$num_kfz = mysql_num_rows($result);
+	$num_kfz = mysqli_num_rows($result);
 	// Wir schauen nach der Userzahl
 	$result = mysqli_query($dbconn, "SELECT id FROM admin_users") or die (mysqli_error($dbconn));
-	$num_user = mysql_num_rows($result);
+	$num_user = mysqli_num_rows($result);
 	$result = mysqli_query($dbconn, "SELECT id FROM admin_users WHERE a_admin = '2'") or die (mysqli_error($dbconn));
-	$num_new_user = mysql_num_rows($result);
+	$num_new_user = mysqli_num_rows($result);
 	// Ausklappmenu erstellen
 	$select_search_org = '
@ -388,7 +388,7 @@ else
 	$result	= mysqli_query($dbconn, "SELECT id, org_name, org FROM organisation WHERE org != '' ORDER BY org ASC, org_name ASC") or die (mysqli_error($dbconn));
 	while($row = mysqli_fetch_array($result))
 	{
-		if( $_REQUEST["search_org"] == $row["id"] ) { $selected = 'selected'; } else { $selected = ''; }
+		if( isset($_REQUEST["search_org"]) && $_REQUEST["search_org"] == $row["id"] ) { $selected = 'selected'; } else { $selected = ''; }
 		$select_search_org .= '
 			<option value="'.$row["id"].'" '.$selected.'>'.$row["org"].' &nbsp;&nbsp;'.$row["org_name"].'</option>
 		';
@ -399,7 +399,7 @@ else
 	';
 	// Ausgabe zusammenstellen wenn org zum bearbeiten gew<65>hlt
-	if( $_REQUEST["search_org"] )
+	if( isset($_REQUEST["search_org"]) )
 	{
 		$show_ric = '--- <b>RIC/ZVEI</b> ----------<br>';
--- a/config.inc.php
+++ b/config.inc.php
@ -81,7 +81,7 @@ $meta = '
 $css = '<link href="/monitor.css" rel="stylesheet" type="text/css">';
 // URL deines Webinterface
-$monitordomain 	= "http://monitor.fire-devils.org";
+$monitordomain 	= "https://monitor.fire-devils.org";
 $monitoremail	= "monitor@fire-devils.org";
 // Login Info Text
@ -96,18 +96,18 @@ $template_dir 	= '_html/';
 $update_adresse_monrc = 1;
 // IP Bereich fr auto Login
-$ip_start   = '192.168.1.2';
+$ip_start   = '192.168.1.82';
 $ip_ende    = '192.168.1.250';
 // UserID für IP
 $ip_users = array(
-		"192.168.1.81"	=> 1,
+		"192.168.1.82"	=> 1,
 		"192.168.1.21"	=> 1,
 		"192.168.1.38"  => 1,
 );
 // Alarmmails enable/disable
-$amenable = 0;
+$amenable = 1;
 // Pm Funktion
 $pmenable	= 1;
@ -345,3 +345,11 @@ if( $_SERVER["SCRIPT_NAME"] == "/index.php" ) {
 } else {
 	$body_html = '<body>';
 }
 // PHP 7 compatibility
 if (!isset($show_to_edit)) $show_to_edit="";
 if (!isset($page_middle)) $page_middle="";
 if (!isset($java_script)) $java_script="";
 if (!isset($nav_org_filter)) $nav_org_filter="";
 if (!isset($nav_filter)) $nav_filter="";
 if (!isset($show_all)) $show_all="";
--- a/functions.inc.php
+++ b/functions.inc.php
@ -406,7 +406,8 @@ function time_format($settime) {
 	}
 	function pass_erstellen ($wert) {
-		 $i = 0;
+		if (!isset($pass)) $pass="";
        $i = 0;
 		 while($i < $wert) {
 		  mt_srand((double)microtime()*1000000);
 		  $zahl = mt_rand(1,20);
@ -517,7 +518,7 @@ function mail_pass($email,$pass) {
 			$xtra   .= "MIME-Version: 1.0\n";
 			$xtra   .= "Content-Transfer-Encoding: 8bit\n";
 			$xtra   .= "X-Mailer: PHP ". phpversion();
-			mail("$email", "Monitor Loginanfrage", utf8_decode($body), $xtra);
+			mail("$email", "Monitor Loginanfrage", $body, $xtra);
 }
 function mail_alarm($datum,$zeit,$email,$org,$org_name,$bezeichnung,$text) {
@ -537,7 +538,7 @@ function mail_alarm($datum,$zeit,$email,$org,$org_name,$bezeichnung,$text) {
 			$xtra   .= "MIME-Version: 1.0\n";
 			$xtra   .= "Content-Transfer-Encoding: 8bit\n";
 			$xtra   .= "X-Mailer: PHP ". phpversion();
-			mail("$email", "Monitor Alarm: $org ".mail_message_header($org_name), utf8_decode($body), $xtra);
+			mail("$email", "Monitor Alarm: $org ".mail_message_header($org_name), $body, $xtra);
 }
 function mail_alarm_sms($datum,$zeit,$email,$org,$org_name,$text) {
@ -549,7 +550,7 @@ function mail_alarm_sms($datum,$zeit,$email,$org,$org_name,$text) {
 			$xtra   .= "MIME-Version: 1.0\n";
 			$xtra   .= "Content-Transfer-Encoding: 8bit\n";
 			$xtra   .= "X-Mailer: PHP ". phpversion();
-			mail("$email", "$org ".mail_message_header($org_name).": ".mail_message_body($text), utf8_decode($body), $xtra);
+			mail("$email", "$org ".mail_message_header($org_name).": ".mail_message_body($text), $body, $xtra);
 }
 $timestampnow				= date("YmdHis");
--- a/get.php
+++ b/get.php
@ -54,8 +54,8 @@ elseif( $show_filter == 1 && $_SESSION["lastupdate"] != "" && isset($_GET["clean
 	$show_filter 		= filter_zeit(1);
 	$show_filter		= " WHERE a.zeit > '$show_filter' ";
 }
-elseif( $show_filter != 1 ) {
+else { //if( $show_filter != 1 ) {
-	$show_filter 		= filter_zeit($filter);
+	$show_filter 		= filter_zeit((isset($filter) ? $filter : 1));
 	$show_filter		= " WHERE a.zeit > '$show_filter' ";
 } 
@ -160,13 +160,13 @@ elseif( $show_filter != 1 ) {
 		// Wenn ZVEI
 		if( $row["REC_TYP"] == 'ZVEI' ) $row["funktion"] = $row["text"];
-		$row["bg_farbe"] 			= $formatierung[$row["formatierung_id"]]["bg_farbe"];
+		if (isset($formatierung[$row["formatierung_id"]]["bg_farbe"])) $row["bg_farbe"]					= $formatierung[$row["formatierung_id"]]["bg_farbe"];
-		$row["text_farbe"] 			= $formatierung[$row["formatierung_id"]]["text_farbe"];
+		if (isset($formatierung[$row["formatierung_id"]]["text_farbe"])) $row["text_farbe"] 			= $formatierung[$row["formatierung_id"]]["text_farbe"];
-		//$row["text_farbe_text"] 	= $formatierung[$row["formatierung_id"]]["text_farbe_text"];
+		if (isset($formatierung[$row["formatierung_id"]]["text_farbe_text"])) $row["text_farbe_text"]	= $formatierung[$row["formatierung_id"]]["text_farbe_text"];
-		//$row["bg_farbe_text"] 		= $formatierung[$row["formatierung_id"]]["bg_farbe_text"];
+		if (isset($formatierung[$row["formatierung_id"]]["bg_farbe_text"])) $row["bg_farbe_text"] 		= $formatierung[$row["formatierung_id"]]["bg_farbe_text"];
-		$row["text_groesse"] 		= $formatierung[$row["formatierung_id"]]["text_groesse"];
+		if (isset($formatierung[$row["formatierung_id"]]["text_groesse"])) $row["text_groesse"] 		= $formatierung[$row["formatierung_id"]]["text_groesse"];
-		$row["text_groesse_text"] 	= $formatierung[$row["formatierung_id"]]["text_groesse_text"];
+		if (isset($formatierung[$row["formatierung_id"]]["text_groesse_text"])) $row["text_groesse_text"] 	= $formatierung[$row["formatierung_id"]]["text_groesse_text"];
-		$row["text_format"]			= $formatierung[$row["formatierung_id"]]["text_format"];
+		if (isset($formatierung[$row["formatierung_id"]]["text_format"])) $row["text_format"]			= $formatierung[$row["formatierung_id"]]["text_format"];
 		// default Farben bestimmen
 		if( !isset($row["bg_farbe"]) )				$row["bg_farbe"]			= 'white';
@ -175,6 +175,7 @@ elseif( $show_filter != 1 ) {
 		if( !isset($row["bg_farbe_text"]) )			$row["bg_farbe_text"]		= '#CCCCCC';
 		if( !isset($row["text_groesse"]) )			$row["text_groesse"]		= '13';
 		if( !isset($row["text_groesse_text"]) )		$row["text_groesse_text"]	= '12';
        if( !isset($row["text_format"]) )			$row["text_format"]			= '1';
 		// pocsag in Array schreiben
 		//$thisday = $nextday.'
--- a/loginfunctions.inc.php
+++ b/loginfunctions.inc.php
@ -171,12 +171,13 @@ else
 	////////////////////////
 	// Sicherheitsabfrage
 	////////////////////////
-	if ( !$_SESSION["name"] && $_GET["mode"] != 'login' && !$_GET["login"] )
+	if (!isset($_GET["mode"])) $_GET["mode"] ="";
 	if ( !isset($_SESSION["name"]) && $_GET["mode"] != 'login' && !isset($_GET["login"]) )
 	{
 		echo '
 <br><br>
 '.$login_infotext.'<br><br>
-<form name="form1" method="post" action="'.$PHP_SELF.'?mode=login">
+<form name="form1" method="post" action="'.$_SERVER["PHP_SELF"].'?mode=login">
 <table width="300" border="0" cellspacing="0" cellpadding="0" align="center">
 	<tr>
 		<td class="table_news_head">&nbsp;<b>Login</b></td>
@ -205,12 +206,12 @@ else
 ';
 		exit;
 	}
-	elseif (!$_SESSION["name"] && $_GET["mode"] == 'login')
+	elseif (!isset($_SESSION["name"]) && $_GET["mode"] == 'login')
 	{
 		$result = mysqli_query($dbconn, "SELECT id, a_name, a_admin, a_mail FROM admin_users WHERE a_name = '$_POST[a_name]'") or die (mysqli_error($dbconn));
 		$row = mysqli_fetch_array($result);
-		if( $row[a_name] && $row["a_admin"] != '2' ) 
+		if( $row["a_name"] && $row["a_admin"] != '2' )
 		{
 			//$_SESSION["name"] 	= $_REQUEST["a_name"];
 			//$_SESSION["admin"]	= $row["a_admin"];
@ -221,7 +222,7 @@ else
 			$result 	= mysqli_query($dbconn, "UPDATE admin_users SET login_pass='$pass' WHERE id='$row[id]'") or die(mysqli_error($dbconn));
-			echo'<center><br><br><br>Eine EMail mit deinem Zugang wurde an <b>'.$row[a_mail].'</b> versand.';
+			echo'<center><br><br><br>Eine EMail mit deinem Zugang wurde an <b>'.$row["a_mail"].'</b> versand.';
 			exit;
 		} 
@ -232,7 +233,7 @@ else
 		}
 	}
-	elseif (!$_SESSION["name"] && $_GET["mode"] == 'register')
+	elseif (!isset($_SESSION["name"]) && isset($_GET["mode"]) && $_GET["mode"] == 'register')
 	{
 		echo '
 <br><br>
@ -272,7 +273,7 @@ else
 exit;
 	}
-	if( !empty($_GET["login"]) )
+	if( isset($_GET["login"]) )
 	{
 		$result = mysqli_query($dbconn, "SELECT id, a_name, a_admin, a_mail, real_name, login_count, pm_allow, DATE_FORMAT(last_seen, '%Y%m%d%H%i%s') AS last_seen FROM admin_users WHERE login_pass = '$_GET[login]'") or die (mysqli_error($dbconn));
 		$row = mysqli_fetch_array($result);
@ -290,7 +291,7 @@ exit;
 			$datnow 	= date("Y-m-d", mktime(0,0,0, date("m"),date("d"),date("Y")));
 			$timenow	= date("G:i");
 			$ip		= $_SERVER["REMOTE_ADDR"];
-			$agent		= $HTTP_USER_AGENT;
+			$agent		= $_SERVER["HTTP_USER_AGENT"];
 			$result 	= mysqli_query($dbconn, "INSERT INTO pocsag_logins (name, zeit, datum, ip, agent) VALUES ('$row[real_name]', '$timenow', '$datnow', '$ip', '$agent')");
 			$row["login_count"]++;
--- a/pmfunctions.inc.php
+++ b/pmfunctions.inc.php
@ -22,7 +22,7 @@
 require_once("config.inc.php");
-if( $_GET["pmdo"] == "reply" )
+if( isset($_GET["pmdo"]) && $_GET["pmdo"] == "reply" )
 {
 	$result	= mysqli_query($dbconn, "SELECT real_name FROM admin_users WHERE id = '$_GET[to]'") or die (mysqli_error($dbconn));
 	$row = mysqli_fetch_array($result);
@ -30,7 +30,7 @@ if( $_GET["pmdo"] == "reply" )
 	echo $message_field;
 }
-elseif( $_GET["pmdo"] == "doreply" )
+elseif( isset($_GET["pmdo"]) && $_GET["pmdo"] == "doreply" )
 {
 	$result 	= mysqli_query($dbconn, "INSERT INTO messages (userid_from, userid_to, message) VALUES ('$_SESSION[userid]', '$_REQUEST[userid_to]', '$_REQUEST[msg_text]')");
 	$result 	= mysqli_query($dbconn, "DELETE FROM messages WHERE id = '$_REQUEST[msg_id]'")or die(mysqli_error($dbconn));
@ -38,18 +38,18 @@ elseif( $_GET["pmdo"] == "doreply" )
 	echo gohome($_SERVER["PHP_SELF"]);
 }
-elseif( $_GET["pmdo"] == "write" )
+elseif( isset($_GET["pmdo"]) && $_GET["pmdo"] == "write" )
 {
 	$select_msg_to = '
 							<select name="userid_to" id="userid_to">
-									<option value="0">Empf<EFBFBD>nger</option>
+									<option value="0">Empf&auml;nger</option>
 									<option>--------------------</option>
 					                <option value="0">Alle</option>';
 		$result	= mysqli_query($dbconn, "SELECT id, real_name FROM admin_users WHERE pm_allow = '1' ORDER BY real_name ASC") or die (mysqli_error($dbconn));
 		while($row = mysqli_fetch_array($result))
 		{
-			if( $_GET["msg_to"] == $row["id"] ) { $selected = 'selected'; $can_pm = '1'; } else { $selected = ''; }
+			if( isset($_GET["msg_to"]) && $_GET["msg_to"] == $row["id"] ) { $selected = 'selected'; $can_pm = '1'; } else { $selected = ''; }
 			$select_msg_to .= '
 				<option value="'.$row["id"].'" '.$selected.'>'.$row["real_name"].'</option>
 			';
@ -59,20 +59,22 @@ elseif( $_GET["pmdo"] == "write" )
               				 </select>
 	';
-	if( $_GET["msg_to"] && empty($can_pm) )
+	if( isset($_GET["pmdo"]) && empty($can_pm) )
 	{
 		// pm_allow ist auf 0
        if (!isset($message_field)) $message_field="";
 		$message_field .= "<b><font color=\"red\"><br>Der User darf keine PM Empfangen/Senden</font></b><br><br>";
 	}
 	else
 	{
 		//pm_allow ist auf 1
        if (!isset($message_field)) $message_field = "";
 		eval ("\$message_field .= \"".gettemplate($template_dir."body_message_write")."\";");
 	}
 	echo $message_field;
 }
-elseif( $_GET["pmdo"] == "dowrite" )
+elseif( isset($_GET["pmdo"]) && $_GET["pmdo"] == "dowrite" )
 {
 	if( $_REQUEST["userid_to"] != '0' )
 	{
@ -92,7 +94,7 @@ elseif( $_GET["pmdo"] == "dowrite" )
 	echo gohome($_SERVER["PHP_SELF"]);
 }
-elseif( $_GET["pmdo"] == "deletepm" )
+elseif( isset($_GET["pmdo"]) && $_GET["pmdo"] == "deletepm" )
 {
 	$result 	= mysqli_query($dbconn, "DELETE FROM messages WHERE id = '$_GET[msg_id]'")or die(mysqli_error($dbconn));
 }
--- a/profile.php
+++ b/profile.php
@ -32,7 +32,7 @@ $_SESSION["online_users"] = "";
 //
 // Startseite
-if( !$_GET["do"] )
+if( !isset($_GET["do"]) )
 {
 	$result	= mysqli_query($dbconn, "SELECT a_alarmmail, a_alarmmail2sms, wap_pass, wap_show, wap_rows, wap_def_orgfilter, wap_def_statfilter FROM admin_users WHERE id = '$_SESSION[userid]'") or die (mysqli_error($dbconn));
@ -121,6 +121,7 @@ if( !$_GET["do"] )
 		if( !empty($row["stiwo"]) ) { $stiwo = "<span title=\"$row[stiwo]\">Stiwo</span>"; } else { $stiwo = ""; }
 		if (!isset($abos)) $abos="";
 		$abos .= '<tr>
 					<td bgcolor="'.$row["bg_farbe"].'" style="border-bottom-style:solid;border-bottom-width:thin;"><span style="font-family:Verdana;color:'.$row["text_farbe"].';font-size:'.$row["text_groesse"].' px;font-weight:'.$row["text_format"].'">&nbsp; '.$row["org"].' '.$row["org_name"].' '.$row["bezeichnung"].' - '.$row["rec_typ"].'</span></td>
 					<td align="center" bgcolor="'.$row["bg_farbe"].'" style="border-bottom-style:solid;border-bottom-width:thin;">'.$stiwo.' &nbsp;</td>
@ -131,6 +132,8 @@ if( !$_GET["do"] )
 	}
 	// Seiteninhalt ausgeben
 	$page_middle="";
 	if (!isset($abos)) $abos="";
 	eval ("\$page_middle .= \"".gettemplate($template_dir."body_profil_alarmmail")."\";");
 }
@ -216,6 +219,9 @@ elseif( $_GET["do"] == 'setwap' )
 /**************************/
 // Ausgabe Rahmen
 //
 if( !isset($java_script)) $java_script="";
 if( !isset($nav_org_filter)) $nav_org_filter="";
 if( !isset($nav_filter)) $nav_filter="";
 eval ("dooutput(\"".gettemplate($template_dir."rahmen")."\");");
 /**************************/