monitor-frontend/admin.php
2018-10-01 12:12:24 +02:00

490 lines
18 KiB
PHP
Executable File
Raw Blame History

<?php
/*
* PHP Frontend for pocsag monitor
*
* Copyright (C) 2004-2005
* Manuel Weiser (manuelw@fire-devils.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
require('config.inc.php');
$_SESSION["load_complete"] = "";
$_SESSION["lastupdate"] = "";
$_SESSION["online_users"] = "";
if (!isset($_REQUEST["org"])) $_REQUEST["org"]="";
if (!isset($_REQUEST["form"])) $_REQUEST["form"]="";
if (!isset($option_org)) $option_org="";
if (!isset($option_format)) $option_format="";
if (!isset($_GET["org"])) $_GET["org"]="";
// Prüfen ob admin
if( $_SESSION["admin"] != 1 ) exit;
/**************************/
// Seite zusammenstellen
//
//
// Wenn dme ohne Org anzuschauen ist
if( isset($_GET["show"]) && $_GET["show"] == 'dme' && !isset($_GET["do"]) )
{
// Alle DME ohne Organisation holen
$result = mysqli_query($dbconn, "SELECT a.id, a.adresse, a.bezeichnung, a.rec_typ, b.id as import_id, b.i_ric, b.i_org, b.i_ort, b.i_zusatz
FROM ric_zvei a
LEFT JOIN import_ric b ON a.adresse = b.i_ric
WHERE a.org_id = '0'
ORDER BY a.bezeichnung ASC") or die (mysqli_error($dbconn));
while($row = mysqli_fetch_array($result))
{
if (isset($row["import_id"])) {
$show_all .= '
<tr bgcolor="#FFFFFF">
<td align="center">' . $row["rec_typ"] . '</td>
<td>&nbsp;<b>' . $row["adresse"] . '</b> / ' . $row["i_org"]." ".$row["i_ort"]." | ".$row["i_zusatz"] . '</td>
<td align="center">&nbsp;<a href="' . $_SERVER["PHP_SELF"] . '?show=dme&do=update&id=' . $row["id"] . '&ric='.$row["i_ric"].'">zuordnen</a>&nbsp;</td>
<td align="center">&nbsp;<a href="' . $_SERVER["PHP_SELF"] . '?show=dme&do=delete&id=' . $row["id"] . '">l&ouml;schen</a>&nbsp;</td>
</tr>
';
}
else {
$show_all .= '
<tr bgcolor="#FFFFFF">
<td align="center">' . $row["rec_typ"] . '</td>
<td>&nbsp;<b>' . $row["adresse"] . '</b> / ' . $row["bezeichnung"] . '</td>
<td align="center">&nbsp;<a href="' . $_SERVER["PHP_SELF"] . '?show=dme&do=update&id=' . $row["id"] . '">zuordnen</a>&nbsp;</td>
<td align="center">&nbsp;<a href="' . $_SERVER["PHP_SELF"] . '?show=dme&do=delete&id=' . $row["id"] . '">l&ouml;schen</a>&nbsp;</td>
</tr>
';
}
}
// Seiteninhalt ausgeben
eval ("\$page_middle .= \"".gettemplate($template_dir."body_admin_dme-kfz_update")."\";");
}
//
// Wenn dme updaten
elseif( isset($_GET["show"]) && $_GET["show"] == 'dme' && $_GET["do"] && $_GET["do"] == 'update' )
{
// Abfrage ob in import table vorhanden
if (isset($_GET["ric"])) {
$ric = trim($_GET["ric"]);
$result = mysqli_query($dbconn, "SELECT i_ric, i_org, i_ort, i_zusatz FROM import_ric WHERE i_ric=$ric") or die (mysqli_error($dbconn));
$imp = mysqli_fetch_array($result);
(!empty($imp["i_ort"])) ? $org_name = strtoupper($imp["i_ort"]) : $org_name="";
}
// Zusammenstellung bekannter Organisationen
$result = mysqli_query($dbconn, "SELECT a.id, a.org_name, a.org
FROM organisation a
ORDER BY a.org ASC, a.org_name ASC") or die (mysqli_error($dbconn));
while($row = mysqli_fetch_array($result))
{
($_REQUEST["org"] == $row["id"]) ? $selected="selected" : $selected="";
$option_org .= '<option value="'.$row["id"].'" '.$selected.'>'.$row["org"].' '.$row["org_name"].'</option>';
}
// Zusammenstellung der Formatierungen
$result = mysqli_query($dbconn, "SELECT id, beschreibung FROM formatierung ORDER BY beschreibung ASC") or die (mysqli_error($dbconn));
while($row = mysqli_fetch_array($result))
{
if( $_REQUEST["form"] == $row["id"] ) { $selected = 'selected'; } else { $selected = ''; }
$option_format .= '<option value="'.$row["id"].'" '.$selected.'>'.$row["beschreibung"].'</option>';
}
// Abfrage des verlangten Datensatzes
$result = mysqli_query($dbconn, "SELECT a.id, a.adresse, a.bezeichnung, a.rec_typ, b.i_org, b.i_ort, b.i_zusatz
FROM ric_zvei a
LEFT JOIN import_ric b ON a.adresse=b.i_ric
WHERE a.id = '$_GET[id]'") or die (mysqli_error($dbconn));
$row = mysqli_fetch_array($result);
(!empty($imp["i_zusatz"])) ? $org_bezeichnung=$imp["i_zusatz"] : $org_bezeichnung=$row["bezeichnung"];
// Formular zusammenstellen
$updateSelectOrgTyp="";
$orgs = array("RLS", "FF", "BF", "RD", "THW", "KAT", "KBM", "RLS");
foreach ($orgs as $v) {
($v == trim($row["i_org"])) ? $selected="selected" : $selected="";
$updateSelectOrgTyp .= "<option value=\"$v\" $selected>$v</option>";
}
if (!isset($org_name)) $org_name="";
// Seiteninhalt ausgeben
eval ("\$page_middle .= \"".gettemplate($template_dir."body_admin_dme2org")."\";");
}
//
// Wenn dme l<>schen
elseif( isset($_GET["show"]) && $_GET["show"] == 'dme' && $_GET["do"] && $_GET["do"] == 'delete' )
{
$result = mysqli_query($dbconn, "DELETE FROM ric_zvei WHERE id = '$_GET[id]'") or die (mysqli_error($dbconn));
$result = mysqli_query($dbconn, "DELETE FROM alarm2mail WHERE adresse = '$_GET[adresse]'") or die (mysqli_error($dbconn));
// Pr<50>fen ob noch weitere Eintr<74>ge zur Org da sind, wenn nicht l<>schen
if( $_GET["org"] != "" )
{
$result = mysqli_query($dbconn, "SELECT a.id AS dme_id, b.id AS kfz_id
FROM ric_zvei a
LEFT JOIN kfz_fms b ON b.org_id = $_GET[org]
WHERE a.org_id = '$_GET[org]' OR b.org_id = '$_GET[org]'") or die (mysqli_error($dbconn));
$row = mysqli_fetch_array($result);
if( !$row["dme_id"] && !$row["kfz_id"] )
{
$result = mysqli_query($dbconn, "DELETE FROM organisation WHERE id = '$_GET[org]'") or die (mysqli_error($dbconn));
}
}
// Wohin gehen nach Aktion
if( !isset($_GET["org"]) )
{
echo gohome($_SERVER["PHP_SELF"].'?show=dme&org=0');
}
else
{
echo gohome($_SERVER["PHP_SELF"]);
}
}
//
// dme Update ausf<73>hren
elseif( isset($_GET["show"]) && $_GET["show"] == 'dme' && isset($_GET["do"]) && $_GET["do"] == 'setupdate' )
{
// Schauen ob neue oder bestehende Organistaion gew<65>hlt wurde
if( isset($_REQUEST["new_org"]) && $_REQUEST["new_org"] != "" )
{
/////////////////$organisation = $_REQUEST["new_org"];
// Pr<50>fen ob die Org schon existiert, wenn ja update kein eintrag
$result = mysqli_query($dbconn, "SELECT id FROM organisation WHERE org_name = '$_REQUEST[new_org]' AND org = '$_REQUEST[new_org_typ]'") or die (mysqli_error($dbconn));
$row = mysqli_fetch_array($result);
if( $row["id"] )
{
$org_id = $row["id"];
}
if( !isset($org_id) )
{
$result = mysqli_query($dbconn, "INSERT INTO organisation (org_name, org) VALUES ('$_REQUEST[new_org]', '$_REQUEST[new_org_typ]')");
$result = mysqli_query($dbconn, "SELECT MAX(id) as new_id FROM organisation");
$row = mysqli_fetch_row($result);
$org_id = $row[0];
}
}
else
{
$org_id = $_REQUEST["select_org"];
}
$result = mysqli_query($dbconn, "UPDATE ric_zvei SET bezeichnung = '$_REQUEST[bezeichnung]', formatierung_id = '$_REQUEST[formatierung]', org_id = '$org_id' WHERE id='$_REQUEST[id]'") or die (mysqli_error($dbconn));
// Pr<50>fen ob noch weitere Eintr<74>ge zur Org da sind, wenn nicht l<>schen
if( isset($_REQUEST["old_org"]) )
{
$result = mysqli_query($dbconn, "SELECT a.id AS dme_id, b.id AS kfz_id
FROM ric_zvei a
LEFT JOIN kfz_fms b ON b.org_id = $org_id
WHERE a.org_id = '$org_id' OR b.org_id = '$org_id'") or die (mysqli_error($dbconn));
$row = mysqli_fetch_array($result);
if( !$row["dme_id"] && !$row["kfz_id"] )
{
$result = mysqli_query($dbconn, "DELETE FROM organisation WHERE id = '$org_id'") or die (mysqli_error($dbconn));
}
}
echo gohome($_SERVER["PHP_SELF"]);
}
//
// Wenn kfz ohne org anzusehen ist
elseif( isset($_GET["show"]) && $_GET["show"] == 'kfz' && !isset($_GET["do"]) )
{
// Alle DME ohne Organisation holen
$result = mysqli_query($dbconn, "SELECT id, bezeichnung FROM kfz_fms WHERE org_id = '0' ORDER BY bezeichnung ASC") or die (mysqli_error($dbconn));
while($row = mysqli_fetch_array($result))
{
$show_all .= '
<tr bgcolor="#FFFFFF">
<td>&nbsp;'.$row["bezeichnung"].'</td>
<td align="center">&nbsp;<a href="'.$_SERVER["PHP_SELF"].'?show=kfz&do=update&id='.$row["id"].'">zuordnen</a>&nbsp;</td>
<td align="center">&nbsp;<a href="'.$_SERVER["PHP_SELF"].'?show=kfz&do=delete&id='.$row["id"].'">l&ouml;schen</a>&nbsp;</td>
</tr>
';
}
// Seiteninhalt ausgeben
eval ("\$page_middle .= \"".gettemplate($template_dir."body_admin_dme-kfz_update")."\";");
}
//
// Wenn kfz updaten
elseif( isset($_GET["show"]) && $_GET["show"] == 'kfz' && isset($_GET["do"]) && $_GET["do"] == 'update' )
{
// Zusammenstellung bekannter Organisationen
$result = mysqli_query($dbconn, "SELECT id, org_name, org FROM organisation ORDER BY org ASC, org_name ASC") or die (mysqli_error($dbconn));
while($row = mysqli_fetch_array($result))
{
if( $_REQUEST["org"] == $row["id"] ) { $selected = 'selected'; } else { $selected = ''; }
$option_org .= '<option value="'.$row["id"].'" '.$selected.'>'.$row["org"].' '.$row["org_name"].'</option>';
}
// Abfrage des verlangten Datensatzes
$result = mysqli_query($dbconn, "SELECT id, bezeichnung FROM kfz_fms WHERE id = '$_GET[id]'") or die (mysqli_error($dbconn));
$row = mysqli_fetch_array($result);
// Seiteninhalt ausgeben
eval ("\$page_middle .= \"".gettemplate($template_dir."body_admin_kfz2org")."\";");
}
//
// Wenn kfz l<>schen
elseif( isset($_GET["show"]) && $_GET["show"] == 'kfz' && isset($_GET["do"]) && $_GET["do"] == 'delete' )
{
$result = mysqli_query($dbconn, "DELETE FROM kfz_fms WHERE id = '$_GET[id]'") or die (mysqli_error($dbconn));
// Pr<50>fen ob noch weitere Eintr<74>ge zur Org da sind, wenn nicht l<>schen
if( isset($_GET["org"]) )
{
$result = mysqli_query($dbconn, "SELECT a.id AS dme_id, b.id AS kfz_id
FROM ric_zvei a
LEFT JOIN kfz_fms b ON b.org_id = $_GET[org]
WHERE a.org_id = '$_GET[org]' OR b.org_id = '$_GET[org]'") or die (mysqli_error($dbconn));
$row = mysqli_fetch_array($result);
if( !$row["dme_id"] && !$row["kfz_id"] )
{
$result = mysqli_query($dbconn, "DELETE FROM organisation WHERE id = '$_GET[org]'") or die (mysqli_error($dbconn));
}
}
// Wohin gehen nach Aktion
if( !isset($_GET["org"]) )
{
echo gohome($_SERVER["PHP_SELF"].'?show=kfz&org=0');
}
else
{
echo gohome($_SERVER["PHP_SELF"]);
}
}
//
// kfz Update ausfhren
elseif( isset($_GET["show"]) && $_GET["show"] == 'kfz' && isset($_GET["do"]) && $_GET["do"] == 'setupdate' )
{
// Schauen ob neue oder bestehende Organistaion gewhlt wurde
if( isset($_REQUEST["new_org"]) )
{
$organisation = $_REQUEST["new_org"];
$result = mysqli_query($dbconn, "INSERT INTO organisation (org_name, org) VALUES ('$organisation', '$_REQUEST[new_org_typ]')");
$result = mysqli_query($dbconn, "SELECT MAX(id) as new_id FROM organisation");
$row = mysqli_fetch_row($result);
$organisation = $row[0];
}
else
{
$organisation = $_REQUEST["select_org"];
}
$result = mysqli_query($dbconn, "UPDATE kfz_fms SET bezeichnung = '$_REQUEST[bezeichnung]', org_id = '$organisation' WHERE id='$_REQUEST[id]'") or die (mysqli_error($dbconn));
// Pr<50>fen ob noch weitere Eintr<74>ge zur Org da sind, wenn nicht l<>schen
if( isset($_REQUEST["old_org"]) )
{
$result = mysqli_query($dbconn, "SELECT a.id AS dme_id, b.id AS kfz_id
FROM ric_zvei a
LEFT JOIN kfz_fms b ON b.org_id = $_REQUEST[old_org]
WHERE a.org_id = '$_REQUEST[old_org]' OR b.org_id = '$_REQUEST[old_org]'") or die (mysqli_error($dbconn));
$row = mysqli_fetch_array($result);
if( !$row["dme_id"] && !$row["kfz_id"] )
{
$result = mysqli_query($dbconn, "DELETE FROM organisation WHERE id = '$_REQUEST[old_org]'") or die (mysqli_error($dbconn));
}
}
echo gohome($_SERVER["PHP_SELF"]);
}
//
// Wenn Userliste anzeigen
elseif( isset($_GET["show"]) && $_GET["show"] == 'user' && !isset($_GET["do"]) )
{
// Alle DME ohne Organisation holen
$result = mysqli_query($dbconn, "SELECT id, a_name, real_name, a_admin, a_mail FROM admin_users ORDER BY a_admin DESC, a_name ASC") or die (mysqli_error($dbconn));
while($row = mysqli_fetch_array($result))
{
if( $row["a_admin"] == '0' ) $status = '<b>(User)</b> ';
elseif( $row["a_admin"] == '1' ) $status = '<b>(Admin)</b> ';
elseif( $row["a_admin"] == '2' ) $status = '<b>(New)</b> ';
elseif( $row["a_admin"] == '3' ) $status = '<b>(Closed)</b> ';
if( $row["a_admin"] != '1') {
$show_del_button = '<a href="'.$_SERVER["PHP_SELF"].'?show=user&do=delete&id='.$row["id"].'">l&ouml;schen</a>';
} else {
$show_del_button = "";
}
$show_all .= '
<tr bgcolor="#FFFFFF">
<td>&nbsp;'.$status.$row["real_name"].'</td>
<td><font size="2">&nbsp;'.$row["a_mail"].'</font></td>
<!--<td align="center">&nbsp;<a href="'.$_SERVER["PHP_SELF"].'?show=user&do=update&id='.$row["id"].'">&auml;ndern</a>&nbsp;</td>-->
<td>'.$row["a_name"].'</td>
<td align="center">&nbsp;'.$show_del_button.'&nbsp;</td>
</tr>
';
}
// Benutzer eintragen
$show_all .= '
<tr bgcolor="#FFFFFF">
<td colspan="4"><br><br>Neuer User</td>
</tr>
<tr bgcolor="#FFFFFF">
<td>Vorname / Name</td>
<td>EMail</td>
<td colspan="2"></td>
</tr>
<form name="form999" method="post" action="'.$_SERVER["PHP_SELF"].'?show=user&do=insert">
<tr bgcolor="#FFFFFF">
<td><input name="ins_name" id="ins_name" type="text" size="30"> </td>
<td><input name="ins_mail" id="ins_mail" type="text" size="30"> </td>
<td colspan="2"><input type="submit" name="Submit" value="Eintragen"></td>
</tr>
</form>
';
// Seiteninhalt ausgeben
eval ("\$page_middle .= \"".gettemplate($template_dir."body_admin_dme-kfz_update")."\";");
}
// User eintragen
elseif( isset($_GET["show"]) && $_GET["show"] == 'user' && isset($_GET["do"]) && $_GET["do"] == 'insert' )
{
list($vorname, $nachname) = explode(" ", trim($_REQUEST["ins_name"]));
$ins_user_name = trim($vorname) .".". substr(trim($nachname),0,1);
$result = mysqli_query($dbconn, "SELECT id FROM admin_users WHERE a_name = '$ins_user_name'");
$row = mysqli_fetch_array($result);
if (!empty($row["id"])) $ins_user_name = trim($vorname) .".". substr(trim($nachname),0,1) ."". rand(1,99);
$result = mysqli_query($dbconn, "INSERT INTO admin_users (a_name, real_name, a_mail, pm_allow) VALUES ('$ins_user_name', '$_REQUEST[ins_name]', '$_REQUEST[ins_mail]', '1')") or die(mysqli_error);
echo gohome($_SERVER["PHP_SELF"].'?show=user');
}
//
// Wenn user l<>schen
elseif( isset($_GET["show"]) && $_GET["show"] == 'user' && isset($_GET["do"]) && $_GET["do"] == 'delete' )
{
$result = mysqli_query($dbconn, "DELETE FROM messages WHERE userid_to = '$_GET[id]'") or die (mysqli_error($dbconn));
$result = mysqli_query($dbconn, "DELETE FROM alarm2mail WHERE userid = '$_GET[id]'") or die (mysqli_error($dbconn));
$result = mysqli_query($dbconn, "DELETE FROM admin_users WHERE id = '$_GET[id]'") or die (mysqli_error($dbconn));
echo gohome($_SERVER["PHP_SELF"].'?show=user');
}
//
// Wenn nichts vorgegeben
else
{
// Wir schauen nach dme die keiner Org zugeordnet sind
$result = mysqli_query($dbconn, "SELECT id FROM ric_zvei WHERE org_id = '0'") or die (mysqli_error($dbconn));
$num_dme = mysqli_num_rows($result);
// Wir schauen nach kfz die keiner Org zugeordnet sind
$result = mysqli_query($dbconn, "SELECT id FROM kfz_fms WHERE org_id = '0'") or die (mysqli_error($dbconn));
$num_kfz = mysqli_num_rows($result);
// Wir schauen nach der Userzahl
$result = mysqli_query($dbconn, "SELECT id FROM admin_users") or die (mysqli_error($dbconn));
$num_user = mysqli_num_rows($result);
$result = mysqli_query($dbconn, "SELECT id FROM admin_users WHERE a_admin = '2'") or die (mysqli_error($dbconn));
$num_new_user = mysqli_num_rows($result);
// Ausklappmenu erstellen
$select_search_org = '
<select name="search_org" id="search_org">
<option value="">--- w&auml;hle Org. zum bearbeiten ---</option>';
$result = mysqli_query($dbconn, "SELECT id, org_name, org FROM organisation WHERE org != '' ORDER BY org ASC, org_name ASC") or die (mysqli_error($dbconn));
while($row = mysqli_fetch_array($result))
{
if( isset($_REQUEST["search_org"]) && $_REQUEST["search_org"] == $row["id"] ) { $selected = 'selected'; } else { $selected = ''; }
$select_search_org .= '
<option value="'.$row["id"].'" '.$selected.'>'.$row["org"].' &nbsp;&nbsp;'.$row["org_name"].'</option>
';
}
$select_search_org .= '
</select>
';
// Ausgabe zusammenstellen wenn org zum bearbeiten gew<65>hlt
if( isset($_REQUEST["search_org"]) )
{
$show_ric = '--- <b>RIC/ZVEI</b> ----------<br>';
$result = mysqli_query($dbconn,"SELECT id, adresse, bezeichnung, rec_typ, org_id, formatierung_id FROM ric_zvei WHERE org_id = '$_REQUEST[search_org]' ORDER BY rec_typ ASC, adresse ASC") or die (mysqli_error($dbconn));
while($row = mysqli_fetch_array($result))
{
$show_ric .= '&nbsp;<a href="'.$_SERVER["PHP_SELF"].'?do=update&id='.$row["id"].'&show=dme&org='.$row["org_id"].'&form='.$row["formatierung_id"].'">'.$row["adresse"].'</a> | '.$row["rec_typ"].' | '.$row["bezeichnung"].'<br>';
}
$show_ric .= '<br>--- <b>KFZ/FMS</b> ----------<br>';
$result = mysqli_query($dbconn, "SELECT id, kennung, bezeichnung, org_id FROM kfz_fms WHERE org_id = '$_REQUEST[search_org]' ORDER BY kennung ASC") or die (mysqli_error($dbconn));
while($row = mysqli_fetch_array($result))
{
$show_ric .= '&nbsp;<a href="'.$_SERVER["PHP_SELF"].'?do=update&id='.$row["id"].'&show=kfz&org='.$row["org_id"].'">'.$row["kennung"].'</a> | '.$row["bezeichnung"].'<br>';
}
$show_to_edit = '<tr bgcolor="#FFFFFF">
<td>'.$show_ric.'</td>
</tr>';
}
// Seiteninhalt ausgeben
eval ("\$page_middle .= \"".gettemplate($template_dir."body_admin_index")."\";");
}
/**************************/
// Ausgabe Rahmen
//
eval ("dooutput(\"".gettemplate($template_dir."rahmen")."\");");
/**************************/
// Datenbank schliessen
//
mysqli_close($dbconn);
?>