diff --git a/admin/admin.php b/admin/admin.php index 83fe0b9fb6a..25616a8285d 100644 --- a/admin/admin.php +++ b/admin/admin.php @@ -217,7 +217,10 @@ ."\t\t\n"; //."\t\t\t\n"; -echo showadminmenu(); +if(isset($_SESSION['loginID'])) + { + echo showadminmenu(); + } if (isset($accesssummary)) {echo $accesssummary;} // added by Dennis diff --git a/admin/html.php b/admin/html.php index e0101fa1457..f6234a804ba 100644 --- a/admin/html.php +++ b/admin/html.php @@ -95,9 +95,7 @@ else $listsurveys="
No Surveys in this Installation

" ; } - - -if ($action == "checksettings" || $action == "changelang") +if ($action == "checksettings" || ($action == "changelang" && isset($_SESSION['loginID']))) { //GET NUMBER OF SURVEYS $query = "SELECT sid FROM ".db_table_name('surveys'); @@ -428,6 +426,13 @@ . "onmouseout=\"hideTooltip()\"" . "onmouseover=\"showTooltip(event,'". _("Export this Survey")."');return false\">" . "". _("Export this Survey")."" ; + + // *********************** + $actsurquery = "SELECT edit_survey_property FROM {$dbprefix}surveys_rights WHERE sid=$surveyid AND uid = ".$_SESSION['loginID']; //Getting rights for this survey + //$actsurresult = $connect->Execute($actsurquery) or die($connect->ErrorMsg()); + $actsurresult = &db_execute_assoc($actsurquery); + $actsurrows = $actsurresult->FetchRow(); + if($actsurrows['edit_survey_property']) { $surveysummary .= "\t\t\t\t\t\n" @@ -1071,9 +1076,7 @@   - - - "; + "; } else { @@ -1094,10 +1097,27 @@   "._("Forgot Your Password?")."
 \n - - - "; + "; + } + // Current language + $loginsummary .= "\t\n" + . "\t\t$setfont\n" + . "\t\t\t"._("Current Language").":\n" + . "\t\t$setfont\n" + . "\t\t\t\n" + . "\t\t\t\n" + . "\t\t\n" + . "\t\n" + . "" + . ""; } // logout user @@ -1182,11 +1202,10 @@ foreach ($_SESSION['userlist'] as $usr) { - if ($usr['uid'] == $_POST['uid']) + if ($usr['uid'] == $_POST['uid']) // ist nicht der fall bei neuen ******* { - $usersummary .="\t\t\n\t\n" - ."\t
" // added by Dennis + ."\t" ."\n"; //content if($_SESSION['USER_RIGHT_CREATE_SURVEY']) { @@ -1279,99 +1298,86 @@ $_SESSION['userlist'] = getuserlistforuser($_SESSION['loginID'], 0, NULL); $ui = count($_SESSION['userlist']); - /* - Tritt im Moment nicht mehr auf, da die Datenbank automatisch initialisiert wird + $usrhimself = $_SESSION['userlist'][0]; + unset($_SESSION['userlist'][0]); - if ($ui < 1) - { - $usersummary .= "\t\n" - . "\t\t\n" - . "\t\t\t
"._("Warning").": "._UC_NOUSERS."
" - . "\t\t\n" - . "\t\n"; - } - else*/ - { + // sort + $sortArray = array(); + + foreach($_SESSION['userlist'] as $key => $array) { + $sortArray[$key] = $array[0]; + } + array_multisort($sortArray, $_SESSION['userlist']); // by user name - // sort - $sortArray = array(); + // output users + $usersummary .= "\t\n" + . "\t$setfont{$usrhimself['user']}\n" + . "\t$setfont{$usrhimself['email']}\n"; - foreach($_SESSION['userlist'] as $key => $array) { - $sortArray[$key] = $array; + $usersummary .= "\t\t$setfont{$usrhimself['password']}\n"; + + $usersummary .= "\t\t$setfont{$usrhimself['level']}\n" + . "\t\t$setfont{$usrhimself['parent_id']}\n" + . "\t\t\n"; + + $usersummary .= "\t\t\t" + ."" + ."" + ."" + ."
"; + + // users are allowed to delete all successor users (but the admin not himself) + if ($usrhimself['parent_id'] != 0 && ($_SESSION['USER_RIGHT_DELETE_USER'] || ($usrhimself['uid'] == $_SESSION['loginID']))) + { + $usersummary .= "\t\t\t
" + ."" + ."" + ."" + ."" + ."
"; } - array_multisort($sortArray, $_SESSION['userlist']); // by user name + + $usersummary .= "\t\t\n" + . "\t\n"; + + // empty row + if(!empty($_SESSION['userlist'])) + $usersummary .= "\t\n\t\n\t"; + + // other users + foreach ($_SESSION['userlist'] as $usr) + { + $usersummary .= "\t\n" + . "\t$setfont{$usr['user']}\n" + . "\t$setfont{$usr['email']}\n"; - // output users - foreach ($_SESSION['userlist'] as $usr) - { - $usersummary .= "\t\n" - . "\t$setfont{$usr['user']}\n" - . "\t$setfont{$usr['email']}\n"; - // passwords of other users will not be displayed - if ($usr['uid'] == $_SESSION['loginID']) - { - $usersummary .= "\t\t$setfont{$usr['password']}\n"; - } - else - { - $usersummary .= "\t\t******\n"; - } - $usersummary .= "\t\t$setfont{$usr['level']}\n" - . "\t\t$setfont{$usr['parent_id']}\n" - . "\t\t\n"; - - - - -/* . "\t$setfont{$usr['user']}\n" - . "\t$setfont{$usr['email']}\n"; - // passwords of other users will not be displayed - if ($usr['uid'] == $_SESSION['loginID']) - { - $usersummary .= "\t\t$setfont{$usr['password']}\n"; - } - else - { - $usersummary .= "\t\t******\n"; - } - $usersummary .= "\t\t$setfont{$usr['level']}\n" - . "\t\t$setfont{$usr['parent_id']}\n" - . "\t\t\n";*/ - - // users are only allowed to change his own data - if ($usr['uid'] == $_SESSION['loginID']) - { - $usersummary .= "\t\t\t
"//?action=modifyuser'>" // added by Dennis - ."" - ."" - ."" - ."
"; - } - - // users are allowed to delete all successor users (but the admin not himself) - if ($usr['parent_id'] != 0 && ($_SESSION['USER_RIGHT_DELETE_USER'] || ($usr['uid'] == $_SESSION['loginID']))) - { - $usersummary .= "\t\t\t
" // added by Dennis - ."" - ."" - ."" - ."" - ."
"; - } - - if ($usr['uid'] != $_SESSION['loginID']) - { - $usersummary .= "\t\t\t
" // added by Dennis - ."" - ."" - ."" - ."" - ."
"; - } + // passwords of other users will not be displayed + $usersummary .= "\t\t******\n"; + + $usersummary .= "\t\t$setfont{$usr['level']}\n" + . "\t\t$setfont{$usr['parent_id']}\n" + . "\t\t\n"; - $usersummary .= "\t\t\n" - . "\t\n"; - } + // users are allowed to delete all successor users (but the admin not himself) + if ($usr['parent_id'] != 0 && ($_SESSION['USER_RIGHT_DELETE_USER'] || ($usr['uid'] == $_SESSION['loginID']))) + { + $usersummary .= "\t\t\t
" + ."" + ."" + ."" + ."" + ."
"; + } + + $usersummary .= "\t\t\t
" + ."" + ."" + ."" + ."" + ."
"; + + $usersummary .= "\t\t\n" + . "\t\n"; } if($_SESSION['USER_RIGHT_CREATE_USER']) { @@ -1930,24 +1936,26 @@ $result = db_execute_assoc($query); if($result->RecordCount() > 0) { - if($_POST['uid'] != _("Please Choose...")){ + if($_POST['uid'] > 0){ $isrquery = "INSERT INTO {$dbprefix}surveys_rights VALUES($surveyid,". $_POST['uid'].",0,0,0,0,0,0)"; $isrresult = $connect->Execute($isrquery); - if(mysql_affected_rows() < 0) + if($isrresult) { - // Username already exists. - $addsummary .= "
"._("Failed to add User.")."
\n" . " " . _("Username already exists.")."
\n"; + $addsummary .= "
"._("User added.")."
\n"; } else { - $addsummary .= "
"._("User added.")."
\n"; - } + // Username already exists. + $addsummary .= "
"._("Failed to add User.")."
\n" . " " . _("Username already exists.")."
\n"; + } + + $addsummary .= "
" ."" ."" - ."" + //."" ."" ."
\n"; $addsummary .= "
"._("Continue")."
 \n"; @@ -2006,7 +2014,8 @@ $resul2row = $result2->FetchRow(); $usersummary = "\n\t\n"; + //. "\t\t$setfont"._("Set Survey Rights").": ".$_POST['user']."\n"; + . "\t\t$setfont"._("Set Survey Rights")."\n"; $usersummary .= "\t\t\n" . "\t\t\n" @@ -2115,7 +2124,7 @@ . "\t\t\t\t\t\n" . "\t\t\t\t\n" - . "\t\t\n" . "\t\n" . "\t
\n" - . "\t\t$setfont"._("Set Survey Rights").": ".$_POST['user']."
edit_survey_propertydefine_questions" + . "\t\t" . "
\n"; diff --git a/admin/install/create-mysql.sql b/admin/install/create-mysql.sql index 6851f280f0c..43ca2514508 100644 --- a/admin/install/create-mysql.sql +++ b/admin/install/create-mysql.sql @@ -218,7 +218,7 @@ CREATE TABLE `prefix_surveys` ( CREATE TABLE `prefix_users` ( `uid` int(11) NOT NULL auto_increment PRIMARY KEY, - `user` varchar(20) NOT NULL default '', + `user` varchar(20) NOT NULL UNIQUE default '', `password` BLOB NOT NULL default '', `parent_id` int(10) unsigned NOT NULL, `lang` varchar(20), diff --git a/admin/sessioncontrol.php b/admin/sessioncontrol.php index 9bb652a76e6..da8a5b66dff 100644 --- a/admin/sessioncontrol.php +++ b/admin/sessioncontrol.php @@ -42,7 +42,7 @@ //LANGUAGE ISSUES -if (returnglobal('action') == "changelang") +if (returnglobal('action') == "changelang" && !$login) // no update when login (just read from db) { $_SESSION['adminlang']=returnglobal('lang'); // if user is logged in update language in database @@ -75,18 +75,6 @@ $_SESSION['USER_RIGHT_PULL_UP_USER'] = $fields['pull_up_user']; $_SESSION['USER_RIGHT_PUSH_DOWN_USER'] = $fields['push_down_user']; $_SESSION['USER_RIGHT_CREATE_TEMPLATE'] = $fields['create_template']; - } - /* - else - { - // nicht mehr nötig - $accesssummary = ("Keine Benutzerrechte gefunden! Bitte kontaktieren Sie den Admin."); - killSession(); - checkfortables(); - } - */ + } } - -//CHANGE LANGUAGE IF SESSION LANG DOESN'T MATCH DEFAULT LANG -//if (isset($_SESSION['adminlang'])) {$defaultlang=$_SESSION['adminlang'];} ?> diff --git a/admin/usercontrol.php b/admin/usercontrol.php index 5174de40efe..6e999335813 100644 --- a/admin/usercontrol.php +++ b/admin/usercontrol.php @@ -112,7 +112,9 @@ $_SESSION['user'] = $fields['user']; $_SESSION['adminlang'] = $fields['lang']; - SetInterfaceLanguage($_SESSION['adminlang']); + $login = true; + include("sessioncontrol.php"); + //SetInterfaceLanguage($_SESSION['adminlang']); $loginsummary .= "
" .str_replace("{NAME}", $_SESSION['user'], _("Welcome {NAME}")) . "
"; $loginsummary .= _("Login successful."); @@ -157,20 +159,26 @@ } elseif($valid_email) { - echo ($new_pass = createPassword()); + echo "Generated Password for testing: ".$new_pass = createPassword(); $uquery = "INSERT INTO {$dbprefix}users VALUES (NULL, '$new_user', ENCODE('{$new_pass}', '{$codeString}'), {$_SESSION['loginID']}, '{$defaultlang}', '{$new_email}',0,0,0,0,0,0,0)"; - //echo($uquery); $uresult = $connect->Execute($uquery); - //echo($uresult); //TODO Is this working?I don't know if you so get the affacted rows - if(mysql_affected_rows() < 0) - //if(modify_database($uquery.";") < 0)//Has to be terminated by a semi-colon + if($uresult) { - $addsummary .= "
"._("Failed to add User.")."
\n" . " " . _("Username and/or email address already exists.")."
\n"; - } - else{ - // send Mail + $newqid = $connect->Insert_ID(); + // add new user to userlist + $squery = "SELECT uid, user, DECODE(password, '{$codeString}'), parent_id, email, create_survey, configurator, create_user, delete_user, pull_up_user, push_down_user, create_template FROM {$dbprefix}users WHERE uid='{$newqid}'"; //added by Dennis + $sresult = db_execute_assoc($squery); + $srow = $sresult->FetchRow(); + + array_push($_SESSION['userlist'], array("user"=>$srow['user'], "uid"=>$srow['uid'], "email"=>$srow['email'], + "password"=>$srow["DECODE(password, '{$codeString}')"], "parent_id"=>$srow['parent_id'], "level"=>$level, + "create_survey"=>$srow['create_survey'], "configurator"=>$srow['configurator'], "create_user"=>$srow['create_user'], + "delete_user"=>$srow['delete_user'], "pull_up_user"=>$srow['pull_up_user'], "push_down_user"=>$srow['push_down_user'], + "create_template"=>$srow['create_template'])); + + // send Mail $body = _("You were signed in. Your data:"); $body .= _("Username") . ": " . $new_user . "
\n"; $body .= _("Password") . ": " . $new_pass . "
\n"; @@ -191,9 +199,19 @@ $tmp = str_replace("{NAME}", "".$new_user."", _("Email to {NAME} ({EMAIL}) failed.")); $addsummary .= "
".str_replace("{EMAIL}", $new_email, $tmp) . "
"; } + + $addsummary .= "
\t\t\t
" + ."" + ."" + ."" + ."" + ."
"; } - } - $addsummary .= "

"._("Continue")."
 \n"; + else{ + $addsummary .= "
"._("Failed to add User.")."
\n" . " " . _("Username and/or email address already exists.")."
\n"; + } + } + $addsummary .= "
"._("Continue")."
 \n"; } elseif ($action == "deluser" && ($_SESSION['USER_RIGHT_DELETE_USER'] || ($_POST['uid'] == $_SESSION['loginID']))) diff --git a/common.php b/common.php index 12803cdcbd0..72bc04ee71b 100644 --- a/common.php +++ b/common.php @@ -201,24 +201,11 @@ function showadminmenu() $adminmenu .= "\t\t\t\t\t\n" . "\t\t\t\t\t\n"; - // if not logged in show login icon - if(!isset($_SESSION['loginID'])) - { - $adminmenu .= "\t\t\t\t\t" . - ""._("Login").""; - } - // show logout icon - else - { - $adminmenu .= "\t\t\t\t\t" . ""._("Logout").""; - } + ." title='' alt='"._("Logout")."' align='left'>"; // edit users $adminmenu .= "\t\t\t\t\t\n".$surveyselecter;} + if (!isset($svexist)) {$surveyselecter = "\t\t\t\n".$surveyselecter;} else {$surveyselecter = "\t\t\t\n".$surveyselecter;} return $surveyselecter; } + ?>