ready to go

This commit is contained in:
Manuel Weiser 2018-08-04 17:21:54 +02:00
parent 2c0012a6f4
commit 8cf053078a
7 changed files with 82 additions and 63 deletions

View File

@ -27,7 +27,7 @@ $_SESSION["load_complete"] = "";
$_SESSION["lastupdate"] = "";
$_SESSION["online_users"] = "";
// Pr<EFBFBD>fen ob admin
// Prüfen ob admin
if( $_SESSION["admin"] != 1 ) exit;
/**************************/
@ -36,7 +36,7 @@ if( $_SESSION["admin"] != 1 ) exit;
//
// Wenn dme ohne Org anzuschauen ist
if( $_GET["show"] == 'dme' && !$_GET["do"] )
if( isset($_GET["show"]) && $_GET["show"] == 'dme' && !isset($_GET["do"]) )
{
// Alle DME ohne Organisation holen
$result = mysqli_query($dbconn, "SELECT id, adresse, bezeichnung, rec_typ FROM ric_zvei WHERE org_id = '0' ORDER BY bezeichnung ASC") or die (mysqli_error($dbconn));
@ -47,7 +47,7 @@ if( $_GET["show"] == 'dme' && !$_GET["do"] )
<td align="center">'.$row["rec_typ"].'</td>
<td>&nbsp;<b>'.$row["adresse"].'</b> / '.$row["bezeichnung"].'</td>
<td align="center">&nbsp;<a href="'.$_SERVER["PHP_SELF"].'?show=dme&do=update&id='.$row["id"].'">zuordnen</a>&nbsp;</td>
<td align="center">&nbsp;<a href="'.$_SERVER["PHP_SELF"].'?show=dme&do=delete&id='.$row["id"].'">l<EFBFBD>schen</a>&nbsp;</td>
<td align="center">&nbsp;<a href="'.$_SERVER["PHP_SELF"].'?show=dme&do=delete&id='.$row["id"].'">l&ouml;schen</a>&nbsp;</td>
</tr>
';
}
@ -58,7 +58,7 @@ if( $_GET["show"] == 'dme' && !$_GET["do"] )
//
// Wenn dme updaten
elseif( $_GET["show"] == 'dme' && $_GET["do"] == 'update' )
elseif( isset($_GET["show"]) && $_GET["show"] == 'dme' && $_GET["do"] && $_GET["do"] == 'update' )
{
// Zusammenstellung bekannter Organisationen
$result = mysqli_query($dbconn, "SELECT id, org_name, org FROM organisation ORDER BY org ASC, org_name ASC") or die (mysqli_error($dbconn));
@ -86,7 +86,7 @@ elseif( $_GET["show"] == 'dme' && $_GET["do"] == 'update' )
//
// Wenn dme l<>schen
elseif( $_GET["show"] == 'dme' && $_GET["do"] == 'delete' )
elseif( isset($_GET["show"]) && $_GET["show"] == 'dme' && $_GET["do"] && $_GET["do"] == 'delete' )
{
$result = mysqli_query($dbconn, "DELETE FROM ric_zvei WHERE id = '$_GET[id]'") or die (mysqli_error($dbconn));
$result = mysqli_query($dbconn, "DELETE FROM alarm2mail WHERE adresse = '$_GET[adresse]'") or die (mysqli_error($dbconn));
@ -107,7 +107,7 @@ elseif( $_GET["show"] == 'dme' && $_GET["do"] == 'delete' )
}
// Wohin gehen nach Aktion
if( !$_GET["org"] )
if( !isset($_GET["org"]) )
{
echo gohome($_SERVER["PHP_SELF"].'?show=dme&org=0');
}
@ -119,10 +119,10 @@ elseif( $_GET["show"] == 'dme' && $_GET["do"] == 'delete' )
//
// dme Update ausf<73>hren
elseif( $_GET["show"] == 'dme' && $_GET["do"] == 'setupdate' )
elseif( isset($_GET["show"]) && $_GET["show"] == 'dme' && isset($_GET["do"]) && $_GET["do"] == 'setupdate' )
{
// Schauen ob neue oder bestehende Organistaion gew<65>hlt wurde
if( $_REQUEST["new_org"] )
if( isset($_REQUEST["new_org"]) )
{
/////////////////$organisation = $_REQUEST["new_org"];
@ -140,7 +140,7 @@ elseif( $_GET["show"] == 'dme' && $_GET["do"] == 'setupdate' )
$result = mysqli_query($dbconn, "INSERT INTO organisation (org_name, org) VALUES ('$_REQUEST[new_org]', '$_REQUEST[new_org_typ]')");
$result = mysqli_query($dbconn, "SELECT MAX(id) as new_id FROM organisation");
$row = mysql_fetch_row($result);
$row = mysqli_fetch_row($result);
$org_id = $row[0];
}
}
@ -152,7 +152,7 @@ elseif( $_GET["show"] == 'dme' && $_GET["do"] == 'setupdate' )
$result = mysqli_query($dbconn, "UPDATE ric_zvei SET bezeichnung = '$_REQUEST[bezeichnung]', formatierung_id = '$_REQUEST[formatierung]', org_id = '$org_id' WHERE id='$_REQUEST[id]'") or die (mysqli_error($dbconn));
// Pr<50>fen ob noch weitere Eintr<74>ge zur Org da sind, wenn nicht l<>schen
if( $_REQUEST["old_org"] )
if( isset($_REQUEST["old_org"]) )
{
$result = mysqli_query($dbconn, "SELECT a.id AS dme_id, b.id AS kfz_id
FROM ric_zvei a
@ -171,7 +171,7 @@ elseif( $_GET["show"] == 'dme' && $_GET["do"] == 'setupdate' )
//
// Wenn kfz ohne org anzusehen ist
elseif( $_GET["show"] == 'kfz' && !$_GET["do"] )
elseif( isset($_GET["show"]) && $_GET["show"] == 'kfz' && !isset($_GET["do"]) )
{
// Alle DME ohne Organisation holen
$result = mysqli_query($dbconn, "SELECT id, bezeichnung FROM kfz_fms WHERE org_id = '0' ORDER BY bezeichnung ASC") or die (mysqli_error($dbconn));
@ -181,7 +181,7 @@ elseif( $_GET["show"] == 'kfz' && !$_GET["do"] )
<tr bgcolor="#FFFFFF">
<td>&nbsp;'.$row["bezeichnung"].'</td>
<td align="center">&nbsp;<a href="'.$_SERVER["PHP_SELF"].'?show=kfz&do=update&id='.$row["id"].'">zuordnen</a>&nbsp;</td>
<td align="center">&nbsp;<a href="'.$_SERVER["PHP_SELF"].'?show=kfz&do=delete&id='.$row["id"].'">l<EFBFBD>schen</a>&nbsp;</td>
<td align="center">&nbsp;<a href="'.$_SERVER["PHP_SELF"].'?show=kfz&do=delete&id='.$row["id"].'">l&ouml;schen</a>&nbsp;</td>
</tr>
';
}
@ -192,7 +192,7 @@ elseif( $_GET["show"] == 'kfz' && !$_GET["do"] )
//
// Wenn kfz updaten
elseif( $_GET["show"] == 'kfz' && $_GET["do"] == 'update' )
elseif( isset($_GET["show"]) && $_GET["show"] == 'kfz' && isset($_GET["do"]) && $_GET["do"] == 'update' )
{
// Zusammenstellung bekannter Organisationen
$result = mysqli_query($dbconn, "SELECT id, org_name, org FROM organisation ORDER BY org ASC, org_name ASC") or die (mysqli_error($dbconn));
@ -212,12 +212,12 @@ elseif( $_GET["show"] == 'kfz' && $_GET["do"] == 'update' )
//
// Wenn kfz l<>schen
elseif( $_GET["show"] == 'kfz' && $_GET["do"] == 'delete' )
elseif( isset($_GET["show"]) && $_GET["show"] == 'kfz' && isset($_GET["do"]) && $_GET["do"] == 'delete' )
{
$result = mysqli_query($dbconn, "DELETE FROM kfz_fms WHERE id = '$_GET[id]'") or die (mysqli_error($dbconn));
// Pr<50>fen ob noch weitere Eintr<74>ge zur Org da sind, wenn nicht l<>schen
if( $_GET["org"] )
if( isset($_GET["org"]) )
{
$result = mysqli_query($dbconn, "SELECT a.id AS dme_id, b.id AS kfz_id
FROM ric_zvei a
@ -232,7 +232,7 @@ elseif( $_GET["show"] == 'kfz' && $_GET["do"] == 'delete' )
}
// Wohin gehen nach Aktion
if( !$_GET["org"] )
if( !isset($_GET["org"]) )
{
echo gohome($_SERVER["PHP_SELF"].'?show=kfz&org=0');
}
@ -244,16 +244,16 @@ elseif( $_GET["show"] == 'kfz' && $_GET["do"] == 'delete' )
//
// kfz Update ausfhren
elseif( $_GET["show"] == 'kfz' && $_GET["do"] == 'setupdate' )
elseif( isset($_GET["show"]) && $_GET["show"] == 'kfz' && isset($_GET["do"]) && $_GET["do"] == 'setupdate' )
{
// Schauen ob neue oder bestehende Organistaion gewhlt wurde
if( $_REQUEST["new_org"] )
if( isset($_REQUEST["new_org"]) )
{
$organisation = $_REQUEST["new_org"];
$result = mysqli_query($dbconn, "INSERT INTO organisation (org_name, org) VALUES ('$organisation', '$_REQUEST[new_org_typ]')");
$result = mysqli_query($dbconn, "SELECT MAX(id) as new_id FROM organisation");
$row = mysql_fetch_row($result);
$row = mysqli_fetch_row($result);
$organisation = $row[0];
}
else
@ -264,7 +264,7 @@ elseif( $_GET["show"] == 'kfz' && $_GET["do"] == 'setupdate' )
$result = mysqli_query($dbconn, "UPDATE kfz_fms SET bezeichnung = '$_REQUEST[bezeichnung]', org_id = '$organisation' WHERE id='$_REQUEST[id]'") or die (mysqli_error($dbconn));
// Pr<50>fen ob noch weitere Eintr<74>ge zur Org da sind, wenn nicht l<>schen
if( $_REQUEST["old_org"] )
if( isset($_REQUEST["old_org"]) )
{
$result = mysqli_query($dbconn, "SELECT a.id AS dme_id, b.id AS kfz_id
FROM ric_zvei a
@ -283,7 +283,7 @@ elseif( $_GET["show"] == 'kfz' && $_GET["do"] == 'setupdate' )
//
// Wenn Userliste anzeigen
elseif( $_GET["show"] == 'user' && !$_GET["do"] )
elseif( isset($_GET["show"]) && $_GET["show"] == 'user' && !isset($_GET["do"]) )
{
// Alle DME ohne Organisation holen
$result = mysqli_query($dbconn, "SELECT id, a_name, real_name, a_admin, a_mail FROM admin_users ORDER BY a_admin DESC, a_name ASC") or die (mysqli_error($dbconn));
@ -321,7 +321,7 @@ elseif( $_GET["show"] == 'user' && !$_GET["do"] )
<td>EMail</td>
<td colspan="2"></td>
</tr>
<form name="form999" method="post" action="'.$_SERVER[PHP_SELF].'?show=user&do=insert">
<form name="form999" method="post" action="'.$_SERVER["PHP_SELF"].'?show=user&do=insert">
<tr bgcolor="#FFFFFF">
<td><input name="ins_name" id="ins_name" type="text" size="30"> </td>
<td><input name="ins_mail" id="ins_mail" type="text" size="30"> </td>
@ -335,7 +335,7 @@ elseif( $_GET["show"] == 'user' && !$_GET["do"] )
}
// User eintragen
elseif( $_GET["show"] == 'user' && $_GET["do"] == 'insert' )
elseif( isset($_GET["show"]) && $_GET["show"] == 'user' && isset($_GET["do"]) && $_GET["do"] == 'insert' )
{
list($vorname, $nachname) = explode(" ", trim($_REQUEST["ins_name"]));
$ins_user_name = trim($vorname) .".". substr(trim($nachname),0,1);
@ -352,7 +352,7 @@ elseif( $_GET["show"] == 'user' && $_GET["do"] == 'insert' )
//
// Wenn user l<>schen
elseif( $_GET["show"] == 'user' && $_GET["do"] == 'delete' )
elseif( isset($_GET["show"]) && $_GET["show"] == 'user' && isset($_GET["do"]) && $_GET["do"] == 'delete' )
{
$result = mysqli_query($dbconn, "DELETE FROM messages WHERE userid_to = '$_GET[id]'") or die (mysqli_error($dbconn));
$result = mysqli_query($dbconn, "DELETE FROM alarm2mail WHERE userid = '$_GET[id]'") or die (mysqli_error($dbconn));
@ -371,14 +371,14 @@ else
// Wir schauen nach kfz die keiner Org zugeordnet sind
$result = mysqli_query($dbconn, "SELECT id FROM kfz_fms WHERE org_id = '0'") or die (mysqli_error($dbconn));
$num_kfz = mysql_num_rows($result);
$num_kfz = mysqli_num_rows($result);
// Wir schauen nach der Userzahl
$result = mysqli_query($dbconn, "SELECT id FROM admin_users") or die (mysqli_error($dbconn));
$num_user = mysql_num_rows($result);
$num_user = mysqli_num_rows($result);
$result = mysqli_query($dbconn, "SELECT id FROM admin_users WHERE a_admin = '2'") or die (mysqli_error($dbconn));
$num_new_user = mysql_num_rows($result);
$num_new_user = mysqli_num_rows($result);
// Ausklappmenu erstellen
$select_search_org = '
@ -388,7 +388,7 @@ else
$result = mysqli_query($dbconn, "SELECT id, org_name, org FROM organisation WHERE org != '' ORDER BY org ASC, org_name ASC") or die (mysqli_error($dbconn));
while($row = mysqli_fetch_array($result))
{
if( $_REQUEST["search_org"] == $row["id"] ) { $selected = 'selected'; } else { $selected = ''; }
if( isset($_REQUEST["search_org"]) && $_REQUEST["search_org"] == $row["id"] ) { $selected = 'selected'; } else { $selected = ''; }
$select_search_org .= '
<option value="'.$row["id"].'" '.$selected.'>'.$row["org"].' &nbsp;&nbsp;'.$row["org_name"].'</option>
';
@ -399,7 +399,7 @@ else
';
// Ausgabe zusammenstellen wenn org zum bearbeiten gew<65>hlt
if( $_REQUEST["search_org"] )
if( isset($_REQUEST["search_org"]) )
{
$show_ric = '--- <b>RIC/ZVEI</b> ----------<br>';

View File

@ -81,7 +81,7 @@ $meta = '
$css = '<link href="/monitor.css" rel="stylesheet" type="text/css">';
// URL deines Webinterface
$monitordomain = "http://monitor.fire-devils.org";
$monitordomain = "https://monitor.fire-devils.org";
$monitoremail = "monitor@fire-devils.org";
// Login Info Text
@ -96,18 +96,18 @@ $template_dir = '_html/';
$update_adresse_monrc = 1;
// IP Bereich fr auto Login
$ip_start = '192.168.1.2';
$ip_start = '192.168.1.82';
$ip_ende = '192.168.1.250';
// UserID für IP
$ip_users = array(
"192.168.1.81" => 1,
"192.168.1.82" => 1,
"192.168.1.21" => 1,
"192.168.1.38" => 1,
);
// Alarmmails enable/disable
$amenable = 0;
$amenable = 1;
// Pm Funktion
$pmenable = 1;
@ -345,3 +345,11 @@ if( $_SERVER["SCRIPT_NAME"] == "/index.php" ) {
} else {
$body_html = '<body>';
}
// PHP 7 compatibility
if (!isset($show_to_edit)) $show_to_edit="";
if (!isset($page_middle)) $page_middle="";
if (!isset($java_script)) $java_script="";
if (!isset($nav_org_filter)) $nav_org_filter="";
if (!isset($nav_filter)) $nav_filter="";
if (!isset($show_all)) $show_all="";

View File

@ -406,7 +406,8 @@ function time_format($settime) {
}
function pass_erstellen ($wert) {
$i = 0;
if (!isset($pass)) $pass="";
$i = 0;
while($i < $wert) {
mt_srand((double)microtime()*1000000);
$zahl = mt_rand(1,20);
@ -517,7 +518,7 @@ function mail_pass($email,$pass) {
$xtra .= "MIME-Version: 1.0\n";
$xtra .= "Content-Transfer-Encoding: 8bit\n";
$xtra .= "X-Mailer: PHP ". phpversion();
mail("$email", "Monitor Loginanfrage", utf8_decode($body), $xtra);
mail("$email", "Monitor Loginanfrage", $body, $xtra);
}
function mail_alarm($datum,$zeit,$email,$org,$org_name,$bezeichnung,$text) {
@ -537,7 +538,7 @@ function mail_alarm($datum,$zeit,$email,$org,$org_name,$bezeichnung,$text) {
$xtra .= "MIME-Version: 1.0\n";
$xtra .= "Content-Transfer-Encoding: 8bit\n";
$xtra .= "X-Mailer: PHP ". phpversion();
mail("$email", "Monitor Alarm: $org ".mail_message_header($org_name), utf8_decode($body), $xtra);
mail("$email", "Monitor Alarm: $org ".mail_message_header($org_name), $body, $xtra);
}
function mail_alarm_sms($datum,$zeit,$email,$org,$org_name,$text) {
@ -549,7 +550,7 @@ function mail_alarm_sms($datum,$zeit,$email,$org,$org_name,$text) {
$xtra .= "MIME-Version: 1.0\n";
$xtra .= "Content-Transfer-Encoding: 8bit\n";
$xtra .= "X-Mailer: PHP ". phpversion();
mail("$email", "$org ".mail_message_header($org_name).": ".mail_message_body($text), utf8_decode($body), $xtra);
mail("$email", "$org ".mail_message_header($org_name).": ".mail_message_body($text), $body, $xtra);
}
$timestampnow = date("YmdHis");

19
get.php
View File

@ -54,8 +54,8 @@ elseif( $show_filter == 1 && $_SESSION["lastupdate"] != "" && isset($_GET["clean
$show_filter = filter_zeit(1);
$show_filter = " WHERE a.zeit > '$show_filter' ";
}
elseif( $show_filter != 1 ) {
$show_filter = filter_zeit($filter);
else { //if( $show_filter != 1 ) {
$show_filter = filter_zeit((isset($filter) ? $filter : 1));
$show_filter = " WHERE a.zeit > '$show_filter' ";
}
@ -160,13 +160,13 @@ elseif( $show_filter != 1 ) {
// Wenn ZVEI
if( $row["REC_TYP"] == 'ZVEI' ) $row["funktion"] = $row["text"];
$row["bg_farbe"] = $formatierung[$row["formatierung_id"]]["bg_farbe"];
$row["text_farbe"] = $formatierung[$row["formatierung_id"]]["text_farbe"];
//$row["text_farbe_text"] = $formatierung[$row["formatierung_id"]]["text_farbe_text"];
//$row["bg_farbe_text"] = $formatierung[$row["formatierung_id"]]["bg_farbe_text"];
$row["text_groesse"] = $formatierung[$row["formatierung_id"]]["text_groesse"];
$row["text_groesse_text"] = $formatierung[$row["formatierung_id"]]["text_groesse_text"];
$row["text_format"] = $formatierung[$row["formatierung_id"]]["text_format"];
if (isset($formatierung[$row["formatierung_id"]]["bg_farbe"])) $row["bg_farbe"] = $formatierung[$row["formatierung_id"]]["bg_farbe"];
if (isset($formatierung[$row["formatierung_id"]]["text_farbe"])) $row["text_farbe"] = $formatierung[$row["formatierung_id"]]["text_farbe"];
if (isset($formatierung[$row["formatierung_id"]]["text_farbe_text"])) $row["text_farbe_text"] = $formatierung[$row["formatierung_id"]]["text_farbe_text"];
if (isset($formatierung[$row["formatierung_id"]]["bg_farbe_text"])) $row["bg_farbe_text"] = $formatierung[$row["formatierung_id"]]["bg_farbe_text"];
if (isset($formatierung[$row["formatierung_id"]]["text_groesse"])) $row["text_groesse"] = $formatierung[$row["formatierung_id"]]["text_groesse"];
if (isset($formatierung[$row["formatierung_id"]]["text_groesse_text"])) $row["text_groesse_text"] = $formatierung[$row["formatierung_id"]]["text_groesse_text"];
if (isset($formatierung[$row["formatierung_id"]]["text_format"])) $row["text_format"] = $formatierung[$row["formatierung_id"]]["text_format"];
// default Farben bestimmen
if( !isset($row["bg_farbe"]) ) $row["bg_farbe"] = 'white';
@ -175,6 +175,7 @@ elseif( $show_filter != 1 ) {
if( !isset($row["bg_farbe_text"]) ) $row["bg_farbe_text"] = '#CCCCCC';
if( !isset($row["text_groesse"]) ) $row["text_groesse"] = '13';
if( !isset($row["text_groesse_text"]) ) $row["text_groesse_text"] = '12';
if( !isset($row["text_format"]) ) $row["text_format"] = '1';
// pocsag in Array schreiben
//$thisday = $nextday.'

View File

@ -171,12 +171,13 @@ else
////////////////////////
// Sicherheitsabfrage
////////////////////////
if ( !$_SESSION["name"] && $_GET["mode"] != 'login' && !$_GET["login"] )
if (!isset($_GET["mode"])) $_GET["mode"] ="";
if ( !isset($_SESSION["name"]) && $_GET["mode"] != 'login' && !isset($_GET["login"]) )
{
echo '
<br><br>
'.$login_infotext.'<br><br>
<form name="form1" method="post" action="'.$PHP_SELF.'?mode=login">
<form name="form1" method="post" action="'.$_SERVER["PHP_SELF"].'?mode=login">
<table width="300" border="0" cellspacing="0" cellpadding="0" align="center">
<tr>
<td class="table_news_head">&nbsp;<b>Login</b></td>
@ -205,12 +206,12 @@ else
';
exit;
}
elseif (!$_SESSION["name"] && $_GET["mode"] == 'login')
elseif (!isset($_SESSION["name"]) && $_GET["mode"] == 'login')
{
$result = mysqli_query($dbconn, "SELECT id, a_name, a_admin, a_mail FROM admin_users WHERE a_name = '$_POST[a_name]'") or die (mysqli_error($dbconn));
$row = mysqli_fetch_array($result);
if( $row[a_name] && $row["a_admin"] != '2' )
if( $row["a_name"] && $row["a_admin"] != '2' )
{
//$_SESSION["name"] = $_REQUEST["a_name"];
//$_SESSION["admin"] = $row["a_admin"];
@ -221,7 +222,7 @@ else
$result = mysqli_query($dbconn, "UPDATE admin_users SET login_pass='$pass' WHERE id='$row[id]'") or die(mysqli_error($dbconn));
echo'<center><br><br><br>Eine EMail mit deinem Zugang wurde an <b>'.$row[a_mail].'</b> versand.';
echo'<center><br><br><br>Eine EMail mit deinem Zugang wurde an <b>'.$row["a_mail"].'</b> versand.';
exit;
}
@ -232,7 +233,7 @@ else
}
}
elseif (!$_SESSION["name"] && $_GET["mode"] == 'register')
elseif (!isset($_SESSION["name"]) && isset($_GET["mode"]) && $_GET["mode"] == 'register')
{
echo '
<br><br>
@ -272,7 +273,7 @@ else
exit;
}
if( !empty($_GET["login"]) )
if( isset($_GET["login"]) )
{
$result = mysqli_query($dbconn, "SELECT id, a_name, a_admin, a_mail, real_name, login_count, pm_allow, DATE_FORMAT(last_seen, '%Y%m%d%H%i%s') AS last_seen FROM admin_users WHERE login_pass = '$_GET[login]'") or die (mysqli_error($dbconn));
$row = mysqli_fetch_array($result);
@ -290,7 +291,7 @@ exit;
$datnow = date("Y-m-d", mktime(0,0,0, date("m"),date("d"),date("Y")));
$timenow = date("G:i");
$ip = $_SERVER["REMOTE_ADDR"];
$agent = $HTTP_USER_AGENT;
$agent = $_SERVER["HTTP_USER_AGENT"];
$result = mysqli_query($dbconn, "INSERT INTO pocsag_logins (name, zeit, datum, ip, agent) VALUES ('$row[real_name]', '$timenow', '$datnow', '$ip', '$agent')");
$row["login_count"]++;

View File

@ -22,7 +22,7 @@
require_once("config.inc.php");
if( $_GET["pmdo"] == "reply" )
if( isset($_GET["pmdo"]) && $_GET["pmdo"] == "reply" )
{
$result = mysqli_query($dbconn, "SELECT real_name FROM admin_users WHERE id = '$_GET[to]'") or die (mysqli_error($dbconn));
$row = mysqli_fetch_array($result);
@ -30,7 +30,7 @@ if( $_GET["pmdo"] == "reply" )
echo $message_field;
}
elseif( $_GET["pmdo"] == "doreply" )
elseif( isset($_GET["pmdo"]) && $_GET["pmdo"] == "doreply" )
{
$result = mysqli_query($dbconn, "INSERT INTO messages (userid_from, userid_to, message) VALUES ('$_SESSION[userid]', '$_REQUEST[userid_to]', '$_REQUEST[msg_text]')");
$result = mysqli_query($dbconn, "DELETE FROM messages WHERE id = '$_REQUEST[msg_id]'")or die(mysqli_error($dbconn));
@ -38,18 +38,18 @@ elseif( $_GET["pmdo"] == "doreply" )
echo gohome($_SERVER["PHP_SELF"]);
}
elseif( $_GET["pmdo"] == "write" )
elseif( isset($_GET["pmdo"]) && $_GET["pmdo"] == "write" )
{
$select_msg_to = '
<select name="userid_to" id="userid_to">
<option value="0">Empf<EFBFBD>nger</option>
<option value="0">Empf&auml;nger</option>
<option>--------------------</option>
<option value="0">Alle</option>';
$result = mysqli_query($dbconn, "SELECT id, real_name FROM admin_users WHERE pm_allow = '1' ORDER BY real_name ASC") or die (mysqli_error($dbconn));
while($row = mysqli_fetch_array($result))
{
if( $_GET["msg_to"] == $row["id"] ) { $selected = 'selected'; $can_pm = '1'; } else { $selected = ''; }
if( isset($_GET["msg_to"]) && $_GET["msg_to"] == $row["id"] ) { $selected = 'selected'; $can_pm = '1'; } else { $selected = ''; }
$select_msg_to .= '
<option value="'.$row["id"].'" '.$selected.'>'.$row["real_name"].'</option>
';
@ -59,20 +59,22 @@ elseif( $_GET["pmdo"] == "write" )
</select>
';
if( $_GET["msg_to"] && empty($can_pm) )
if( isset($_GET["pmdo"]) && empty($can_pm) )
{
// pm_allow ist auf 0
if (!isset($message_field)) $message_field="";
$message_field .= "<b><font color=\"red\"><br>Der User darf keine PM Empfangen/Senden</font></b><br><br>";
}
else
{
//pm_allow ist auf 1
if (!isset($message_field)) $message_field = "";
eval ("\$message_field .= \"".gettemplate($template_dir."body_message_write")."\";");
}
echo $message_field;
}
elseif( $_GET["pmdo"] == "dowrite" )
elseif( isset($_GET["pmdo"]) && $_GET["pmdo"] == "dowrite" )
{
if( $_REQUEST["userid_to"] != '0' )
{
@ -92,7 +94,7 @@ elseif( $_GET["pmdo"] == "dowrite" )
echo gohome($_SERVER["PHP_SELF"]);
}
elseif( $_GET["pmdo"] == "deletepm" )
elseif( isset($_GET["pmdo"]) && $_GET["pmdo"] == "deletepm" )
{
$result = mysqli_query($dbconn, "DELETE FROM messages WHERE id = '$_GET[msg_id]'")or die(mysqli_error($dbconn));
}

View File

@ -32,7 +32,7 @@ $_SESSION["online_users"] = "";
//
// Startseite
if( !$_GET["do"] )
if( !isset($_GET["do"]) )
{
$result = mysqli_query($dbconn, "SELECT a_alarmmail, a_alarmmail2sms, wap_pass, wap_show, wap_rows, wap_def_orgfilter, wap_def_statfilter FROM admin_users WHERE id = '$_SESSION[userid]'") or die (mysqli_error($dbconn));
@ -121,6 +121,7 @@ if( !$_GET["do"] )
if( !empty($row["stiwo"]) ) { $stiwo = "<span title=\"$row[stiwo]\">Stiwo</span>"; } else { $stiwo = ""; }
if (!isset($abos)) $abos="";
$abos .= '<tr>
<td bgcolor="'.$row["bg_farbe"].'" style="border-bottom-style:solid;border-bottom-width:thin;"><span style="font-family:Verdana;color:'.$row["text_farbe"].';font-size:'.$row["text_groesse"].' px;font-weight:'.$row["text_format"].'">&nbsp; '.$row["org"].' '.$row["org_name"].' '.$row["bezeichnung"].' - '.$row["rec_typ"].'</span></td>
<td align="center" bgcolor="'.$row["bg_farbe"].'" style="border-bottom-style:solid;border-bottom-width:thin;">'.$stiwo.' &nbsp;</td>
@ -131,6 +132,8 @@ if( !$_GET["do"] )
}
// Seiteninhalt ausgeben
$page_middle="";
if (!isset($abos)) $abos="";
eval ("\$page_middle .= \"".gettemplate($template_dir."body_profil_alarmmail")."\";");
}
@ -216,6 +219,9 @@ elseif( $_GET["do"] == 'setwap' )
/**************************/
// Ausgabe Rahmen
//
if( !isset($java_script)) $java_script="";
if( !isset($nav_org_filter)) $nav_org_filter="";
if( !isset($nav_filter)) $nav_filter="";
eval ("dooutput(\"".gettemplate($template_dir."rahmen")."\");");
/**************************/