monitor-frontend/admin.php
2018-08-04 11:33:52 +02:00

439 lines
15 KiB
PHP
Executable File
Raw Blame History

<?php
/*
* PHP Frontend for pocsag monitor
*
* Copyright (C) 2004-2005
* Manuel Weiser (manuelw@fire-devils.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
require('config.inc.php');
$_SESSION["load_complete"] = "";
$_SESSION["lastupdate"] = "";
$_SESSION["online_users"] = "";
// Pr<50>fen ob admin
if( $_SESSION["admin"] != 1 ) exit;
/**************************/
// Seite zusammenstellen
//
//
// Wenn dme ohne Org anzuschauen ist
if( $_GET["show"] == 'dme' && !$_GET["do"] )
{
// Alle DME ohne Organisation holen
$result = mysqli_query("SELECT id, adresse, bezeichnung, rec_typ FROM ric_zvei WHERE org_id = '0' ORDER BY bezeichnung ASC") or die (mysqli_error());
while($row = mysqli_fetch_array($result))
{
$show_all .= '
<tr bgcolor="#FFFFFF">
<td align="center">'.$row["rec_typ"].'</td>
<td>&nbsp;<b>'.$row["adresse"].'</b> / '.$row["bezeichnung"].'</td>
<td align="center">&nbsp;<a href="'.$_SERVER["php_self"].'?show=dme&do=update&id='.$row["id"].'">zuordnen</a>&nbsp;</td>
<td align="center">&nbsp;<a href="'.$_SERVER["php_self"].'?show=dme&do=delete&id='.$row["id"].'">l<>schen</a>&nbsp;</td>
</tr>
';
}
// Seiteninhalt ausgeben
eval ("\$page_middle .= \"".gettemplate($template_dir."body_admin_dme-kfz_update")."\";");
}
//
// Wenn dme updaten
elseif( $_GET["show"] == 'dme' && $_GET["do"] == 'update' )
{
// Zusammenstellung bekannter Organisationen
$result = mysqli_query("SELECT id, org_name, org FROM organisation ORDER BY org ASC, org_name ASC") or die (mysqli_error());
while($row = mysqli_fetch_array($result))
{
if( $_REQUEST["org"] == $row["id"] ) { $selected = 'selected'; } else { $selected = ''; }
$option_org .= '<option value="'.$row["id"].'" '.$selected.'>'.$row["org"].' '.$row["org_name"].'</option>';
}
// Zusammenstellung der Formatierungen
$result = mysqli_query("SELECT id, beschreibung FROM formatierung ORDER BY beschreibung ASC") or die (mysqli_error());
while($row = mysqli_fetch_array($result))
{
if( $_REQUEST["form"] == $row["id"] ) { $selected = 'selected'; } else { $selected = ''; }
$option_format .= '<option value="'.$row["id"].'" '.$selected.'>'.$row["beschreibung"].'</option>';
}
// Abfrage des verlangten Datensatzes
$result = mysqli_query("SELECT id, adresse, bezeichnung, rec_typ FROM ric_zvei WHERE id = '$_GET[id]'") or die (mysqli_error());
$row = mysqli_fetch_array($result);
// Seiteninhalt ausgeben
eval ("\$page_middle .= \"".gettemplate($template_dir."body_admin_dme2org")."\";");
}
//
// Wenn dme l<>schen
elseif( $_GET["show"] == 'dme' && $_GET["do"] == 'delete' )
{
$result = mysqli_query("DELETE FROM ric_zvei WHERE id = '$_GET[id]'") or die (mysqli_error());
$result = mysqli_query("DELETE FROM alarm2mail WHERE adresse = '$_GET[adresse]'") or die (mysqli_error());
// Pr<50>fen ob noch weitere Eintr<74>ge zur Org da sind, wenn nicht l<>schen
if( $_GET["org"] )
{
$result = mysqli_query("SELECT a.id AS dme_id, b.id AS kfz_id
FROM ric_zvei a
LEFT JOIN kfz_fms b ON b.org_id = $_GET[org]
WHERE a.org_id = '$_GET[org]' OR b.org_id = '$_GET[org]'") or die (mysqli_error());
$row = mysqli_fetch_array($result);
if( !$row["dme_id"] && !$row["kfz_id"] )
{
$result = mysqli_query("DELETE FROM organisation WHERE id = '$_GET[org]'") or die (mysqli_error());
}
}
// Wohin gehen nach Aktion
if( !$_GET["org"] )
{
echo gohome($_SERVER["PHP_SELF"].'?show=dme&org=0');
}
else
{
echo gohome($_SERVER["PHP_SELF"]);
}
}
//
// dme Update ausf<73>hren
elseif( $_GET["show"] == 'dme' && $_GET["do"] == 'setupdate' )
{
// Schauen ob neue oder bestehende Organistaion gew<65>hlt wurde
if( $_REQUEST["new_org"] )
{
/////////////////$organisation = $_REQUEST["new_org"];
// Pr<50>fen ob die Org schon existiert, wenn ja update kein eintrag
$result = mysqli_query("SELECT id FROM organisation WHERE org_name = '$_REQUEST[new_org]' AND org = '$_REQUEST[new_org_typ]'") or die (mysqli_error());
$row = mysqli_fetch_array($result);
if( $row["id"] )
{
$org_id = $row["id"];
}
if( !$org_id )
{
$result = mysqli_query("INSERT INTO organisation (org_name, org) VALUES ('$_REQUEST[new_org]', '$_REQUEST[new_org_typ]')");
$result = mysqli_query("SELECT MAX(id) as new_id FROM organisation");
$row = mysql_fetch_row($result);
$org_id = $row[0];
}
}
else
{
$org_id = $_REQUEST["select_org"];
}
$result = mysqli_query("UPDATE ric_zvei SET bezeichnung = '$_REQUEST[bezeichnung]', formatierung_id = '$_REQUEST[formatierung]', org_id = '$org_id' WHERE id='$_REQUEST[id]'") or die (mysqli_error());
// Pr<50>fen ob noch weitere Eintr<74>ge zur Org da sind, wenn nicht l<>schen
if( $_REQUEST["old_org"] )
{
$result = mysqli_query("SELECT a.id AS dme_id, b.id AS kfz_id
FROM ric_zvei a
LEFT JOIN kfz_fms b ON b.org_id = $_REQUEST[old_org]
WHERE a.org_id = '$_REQUEST[old_org]' OR b.org_id = '$_REQUEST[old_org]'") or die (mysqli_error());
$row = mysqli_fetch_array($result);
if( !$row["dme_id"] && !$row["kfz_id"] )
{
$result = mysqli_query("DELETE FROM organisation WHERE id = '$_REQUEST[old_org]'") or die (mysqli_error());
}
}
echo gohome($_SERVER["PHP_SELF"]);
}
//
// Wenn kfz ohne org anzusehen ist
elseif( $_GET["show"] == 'kfz' && !$_GET["do"] )
{
// Alle DME ohne Organisation holen
$result = mysqli_query("SELECT id, bezeichnung FROM kfz_fms WHERE org_id = '0' ORDER BY bezeichnung ASC") or die (mysqli_error());
while($row = mysqli_fetch_array($result))
{
$show_all .= '
<tr bgcolor="#FFFFFF">
<td>&nbsp;'.$row["bezeichnung"].'</td>
<td align="center">&nbsp;<a href="'.$_SERVER["php_self"].'?show=kfz&do=update&id='.$row["id"].'">zuordnen</a>&nbsp;</td>
<td align="center">&nbsp;<a href="'.$_SERVER["php_self"].'?show=kfz&do=delete&id='.$row["id"].'">l<>schen</a>&nbsp;</td>
</tr>
';
}
// Seiteninhalt ausgeben
eval ("\$page_middle .= \"".gettemplate($template_dir."body_admin_dme-kfz_update")."\";");
}
//
// Wenn kfz updaten
elseif( $_GET["show"] == 'kfz' && $_GET["do"] == 'update' )
{
// Zusammenstellung bekannter Organisationen
$result = mysqli_query("SELECT id, org_name, org FROM organisation ORDER BY org ASC, org_name ASC") or die (mysqli_error());
while($row = mysqli_fetch_array($result))
{
if( $_REQUEST["org"] == $row["id"] ) { $selected = 'selected'; } else { $selected = ''; }
$option_org .= '<option value="'.$row["id"].'" '.$selected.'>'.$row["org"].' '.$row["org_name"].'</option>';
}
// Abfrage des verlangten Datensatzes
$result = mysqli_query("SELECT id, bezeichnung FROM kfz_fms WHERE id = '$_GET[id]'") or die (mysqli_error());
$row = mysqli_fetch_array($result);
// Seiteninhalt ausgeben
eval ("\$page_middle .= \"".gettemplate($template_dir."body_admin_kfz2org")."\";");
}
//
// Wenn kfz l<>schen
elseif( $_GET["show"] == 'kfz' && $_GET["do"] == 'delete' )
{
$result = mysqli_query("DELETE FROM kfz_fms WHERE id = '$_GET[id]'") or die (mysqli_error());
// Pr<50>fen ob noch weitere Eintr<74>ge zur Org da sind, wenn nicht l<>schen
if( $_GET["org"] )
{
$result = mysqli_query("SELECT a.id AS dme_id, b.id AS kfz_id
FROM ric_zvei a
LEFT JOIN kfz_fms b ON b.org_id = $_GET[org]
WHERE a.org_id = '$_GET[org]' OR b.org_id = '$_GET[org]'") or die (mysqli_error());
$row = mysqli_fetch_array($result);
if( !$row["dme_id"] && !$row["kfz_id"] )
{
$result = mysqli_query("DELETE FROM organisation WHERE id = '$_GET[org]'") or die (mysqli_error());
}
}
// Wohin gehen nach Aktion
if( !$_GET["org"] )
{
echo gohome($_SERVER["PHP_SELF"].'?show=kfz&org=0');
}
else
{
echo gohome($_SERVER["PHP_SELF"]);
}
}
//
// kfz Update ausfhren
elseif( $_GET["show"] == 'kfz' && $_GET["do"] == 'setupdate' )
{
// Schauen ob neue oder bestehende Organistaion gewhlt wurde
if( $_REQUEST["new_org"] )
{
$organisation = $_REQUEST["new_org"];
$result = mysqli_query("INSERT INTO organisation (org_name, org) VALUES ('$organisation', '$_REQUEST[new_org_typ]')");
$result = mysqli_query("SELECT MAX(id) as new_id FROM organisation");
$row = mysql_fetch_row($result);
$organisation = $row[0];
}
else
{
$organisation = $_REQUEST["select_org"];
}
$result = mysqli_query("UPDATE kfz_fms SET bezeichnung = '$_REQUEST[bezeichnung]', org_id = '$organisation' WHERE id='$_REQUEST[id]'") or die (mysqli_error());
// Pr<50>fen ob noch weitere Eintr<74>ge zur Org da sind, wenn nicht l<>schen
if( $_REQUEST["old_org"] )
{
$result = mysqli_query("SELECT a.id AS dme_id, b.id AS kfz_id
FROM ric_zvei a
LEFT JOIN kfz_fms b ON b.org_id = $_REQUEST[old_org]
WHERE a.org_id = '$_REQUEST[old_org]' OR b.org_id = '$_REQUEST[old_org]'") or die (mysqli_error());
$row = mysqli_fetch_array($result);
if( !$row["dme_id"] && !$row["kfz_id"] )
{
$result = mysqli_query("DELETE FROM organisation WHERE id = '$_REQUEST[old_org]'") or die (mysqli_error());
}
}
echo gohome($_SERVER["PHP_SELF"]);
}
//
// Wenn Userliste anzeigen
elseif( $_GET["show"] == 'user' && !$_GET["do"] )
{
// Alle DME ohne Organisation holen
$result = mysqli_query("SELECT id, a_name, real_name, a_admin, a_mail FROM admin_users ORDER BY a_admin DESC, a_name ASC") or die (mysqli_error());
while($row = mysqli_fetch_array($result))
{
if( $row["a_admin"] == '0' ) $status = '<b>(User)</b> ';
elseif( $row["a_admin"] == '1' ) $status = '<b>(Admin)</b> ';
elseif( $row["a_admin"] == '2' ) $status = '<b>(New)</b> ';
elseif( $row["a_admin"] == '3' ) $status = '<b>(Closed)</b> ';
if( $row["a_admin"] != '1') {
$show_del_button = '<a href="'.$_SERVER["php_self"].'?show=user&do=delete&id='.$row["id"].'">l&ouml;schen</a>';
} else {
$show_del_button = "";
}
$show_all .= '
<tr bgcolor="#FFFFFF">
<td>&nbsp;'.$status.$row["real_name"].'</td>
<td><font size="2">&nbsp;'.$row["a_mail"].'</font></td>
<!--<td align="center">&nbsp;<a href="'.$_SERVER["php_self"].'?show=user&do=update&id='.$row["id"].'">&auml;ndern</a>&nbsp;</td>-->
<td>'.$row["a_name"].'</td>
<td align="center">&nbsp;'.$show_del_button.'&nbsp;</td>
</tr>
';
}
// Benutzer eintragen
$show_all .= '
<tr bgcolor="#FFFFFF">
<td colspan="4"><br><br>Neuer User</td>
</tr>
<tr bgcolor="#FFFFFF">
<td>Vorname / Name</td>
<td>EMail</td>
<td colspan="2"></td>
</tr>
<form name="form999" method="post" action="'.$_SERVER[php_self].'?show=user&do=insert">
<tr bgcolor="#FFFFFF">
<td><input name="ins_name" id="ins_name" type="text" size="30"> </td>
<td><input name="ins_mail" id="ins_mail" type="text" size="30"> </td>
<td colspan="2"><input type="submit" name="Submit" value="Eintragen"></td>
</tr>
</form>
';
// Seiteninhalt ausgeben
eval ("\$page_middle .= \"".gettemplate($template_dir."body_admin_dme-kfz_update")."\";");
}
// User eintragen
elseif( $_GET["show"] == 'user' && $_GET["do"] == 'insert' )
{
list($vorname, $nachname) = explode(" ", trim($_REQUEST["ins_name"]));
$ins_user_name = trim($vorname) .".". substr(trim($nachname),0,1);
$result = mysqli_query("SELECT id FROM admin_users WHERE a_name = '$ins_user_name'");
$row = mysqli_fetch_array($result);
if (!empty($row["id"])) $ins_user_name = trim($vorname) .".". substr(trim($nachname),0,1) ."". rand(1,99);
$result = mysqli_query("INSERT INTO admin_users (a_name, real_name, a_mail, pm_allow) VALUES ('$ins_user_name', '$_REQUEST[ins_name]', '$_REQUEST[ins_mail]', '1')") or die(mysqli_error);
echo gohome($_SERVER["PHP_SELF"].'?show=user');
}
//
// Wenn user l<>schen
elseif( $_GET["show"] == 'user' && $_GET["do"] == 'delete' )
{
$result = mysqli_query("DELETE FROM messages WHERE userid_to = '$_GET[id]'") or die (mysqli_error());
$result = mysqli_query("DELETE FROM alarm2mail WHERE userid = '$_GET[id]'") or die (mysqli_error());
$result = mysqli_query("DELETE FROM admin_users WHERE id = '$_GET[id]'") or die (mysqli_error());
echo gohome($_SERVER["PHP_SELF"].'?show=user');
}
//
// Wenn nichts vorgegeben
else
{
// Wir schauen nach dme die keiner Org zugeordnet sind
$result = mysqli_query("SELECT id FROM ric_zvei WHERE org_id = '0'") or die (mysqli_error());
$num_dme = mysql_num_rows($result);
// Wir schauen nach kfz die keiner Org zugeordnet sind
$result = mysqli_query("SELECT id FROM kfz_fms WHERE org_id = '0'") or die (mysqli_error());
$num_kfz = mysql_num_rows($result);
// Wir schauen nach der Userzahl
$result = mysqli_query("SELECT id FROM admin_users") or die (mysqli_error());
$num_user = mysql_num_rows($result);
$result = mysqli_query("SELECT id FROM admin_users WHERE a_admin = '2'") or die (mysqli_error());
$num_new_user = mysql_num_rows($result);
// Ausklappmenu erstellen
$select_search_org = '
<select name="search_org" id="search_org">
<option value="">--- w&auml;hle Org. zum bearbeiten ---</option>';
$result = mysqli_query("SELECT id, org_name, org FROM organisation WHERE org != '' ORDER BY org ASC, org_name ASC") or die (mysqli_error());
while($row = mysqli_fetch_array($result))
{
if( $_REQUEST["search_org"] == $row["id"] ) { $selected = 'selected'; } else { $selected = ''; }
$select_search_org .= '
<option value="'.$row["id"].'" '.$selected.'>'.$row["org"].' &nbsp;&nbsp;'.$row["org_name"].'</option>
';
}
$select_search_org .= '
</select>
';
// Ausgabe zusammenstellen wenn org zum bearbeiten gew<65>hlt
if( $_REQUEST["search_org"] )
{
$show_ric = '--- <b>RIC/ZVEI</b> ----------<br>';
$result = mysqli_query("SELECT id, adresse, bezeichnung, rec_typ, org_id, formatierung_id FROM ric_zvei WHERE org_id = '$_REQUEST[search_org]' ORDER BY rec_typ ASC, adresse ASC") or die (mysqli_error());
while($row = mysqli_fetch_array($result))
{
$show_ric .= '&nbsp;<a href="'.$_SERVER["PHP_SELF"].'?do=update&id='.$row["id"].'&show=dme&org='.$row["org_id"].'&form='.$row["formatierung_id"].'">'.$row["adresse"].'</a> | '.$row["rec_typ"].' | '.$row["bezeichnung"].'<br>';
}
$show_ric .= '<br>--- <b>KFZ/FMS</b> ----------<br>';
$result = mysqli_query("SELECT id, kennung, bezeichnung, org_id FROM kfz_fms WHERE org_id = '$_REQUEST[search_org]' ORDER BY kennung ASC") or die (mysqli_error());
while($row = mysqli_fetch_array($result))
{
$show_ric .= '&nbsp;<a href="'.$_SERVER["PHP_SELF"].'?do=update&id='.$row["id"].'&show=kfz&org='.$row["org_id"].'">'.$row["kennung"].'</a> | '.$row["bezeichnung"].'<br>';
}
$show_to_edit = '<tr bgcolor="#FFFFFF">
<td>'.$show_ric.'</td>
</tr>';
}
// Seiteninhalt ausgeben
eval ("\$page_middle .= \"".gettemplate($template_dir."body_admin_index")."\";");
}
/**************************/
// Ausgabe Rahmen
//
eval ("dooutput(\"".gettemplate($template_dir."rahmen")."\");");
/**************************/
// Datenbank schliessen
//
mysqli_close($dbconn);
?>