diff --git a/accessdenied.php b/accessdenied.php index a121d3c..231fa16 100644 --- a/accessdenied.php +++ b/accessdenied.php @@ -1,20 +1,22 @@ - - - + -
- + + + +
+ - -
+ +
+ + + - - \ No newline at end of file diff --git a/bootDB.php b/bootDB.php index c38be86..50dcc28 100644 --- a/bootDB.php +++ b/bootDB.php @@ -21,4 +21,3 @@ print('Database bootstrapped succesfully.'); die(); -?> \ No newline at end of file diff --git a/categories.php b/categories.php index 63dbf4d..2ff920c 100644 --- a/categories.php +++ b/categories.php @@ -1,117 +1,119 @@ - - - - -
- intVal($_GET['to'])), 'id=%d', intVal($_GET['setCategoryId'])); - header("location: categories.php"); - die(); - } else if (isset($_GET['resetSubcategoryId']) && !empty($_GET['resetSubcategoryId'])) { - DB::update('subCategories', array('headcategory' => NULL), 'id=%d', intVal($_GET['resetSubcategoryId'])); - header("location: categories.php"); - die(); - } else if (isset($_GET['to']) && !empty($_GET['to']) && (isset($_GET['headCategory']) || isset($_GET['subCategory']))) { - if (isset($_GET['headCategory']) && !empty($_GET['headCategory'])) { - DB::update('headCategories', array('name' => $_GET['to']), 'id=%d', intVal($_GET['headCategory'])); - if (DB::affectedRows() === 1) echo ''; - } else { - DB::update('subCategories', array('name' => $_GET['to']), 'id=%d', intVal($_GET['subCategory'])); - if (DB::affectedRows() === 1) echo ''; - } - } else if (isset($_GET['removeCategory']) && !empty($_GET['removeCategory'])) { - DB::delete('headCategories', "id=%d", intVal($_GET['removeCategory'])); - if (DB::affectedRows() === 1) echo ''; - } else if (isset($_GET['removeSubcategory']) && !empty($_GET['removeSubcategory'])) { - DB::delete('subCategories', "id=%d", intVal($_GET['removeSubcategory'])); - if (DB::affectedRows() === 1) echo ''; - } - - $headCategories = DB::query('SELECT id, name, amount FROM headCategories ORDER BY name ASC'); - $subCategories = DB::query('SELECT id, name, amount, headcategory FROM subCategories ORDER BY name ASC'); - - echo '
'; - - echo ''; + + + + + +
+ intVal($_GET['to'])), 'id=%d', intVal($_GET['setCategoryId'])); + header("location: categories.php"); + die(); + } else if (isset($_GET['resetSubcategoryId']) && !empty($_GET['resetSubcategoryId'])) { + DB::update('subCategories', array('headcategory' => NULL), 'id=%d', intVal($_GET['resetSubcategoryId'])); + header("location: categories.php"); + die(); + } else if (isset($_GET['to']) && !empty($_GET['to']) && (isset($_GET['headCategory']) || isset($_GET['subCategory']))) { + if (isset($_GET['headCategory']) && !empty($_GET['headCategory'])) { + DB::update('headCategories', array('name' => $_GET['to']), 'id=%d', intVal($_GET['headCategory'])); + if (DB::affectedRows() === 1) echo ''; + } else { + DB::update('subCategories', array('name' => $_GET['to']), 'id=%d', intVal($_GET['subCategory'])); + if (DB::affectedRows() === 1) echo ''; } - ?> -
- - - - - + + echo ''; + } + ?> +
+ + + + + + \ No newline at end of file diff --git a/customFieldsData.php b/customFieldsData.php index ebbaad3..3f91b94 100644 --- a/customFieldsData.php +++ b/customFieldsData.php @@ -43,4 +43,3 @@ 'selection' => gettext('Einzelauswahl, durch Komma getrennt: erlaubt "Neu" oder "Gebraucht" oder "Refurbished" wenn "Neu,Gebraucht,Refurbished" angegeben. Und oder numerische Werte (Ganzzahl, Gleitkommazahlen)'), 'mselection' => gettext('Mehrfachauswahl, durch Komma getrennt: erlaubt "Neu" und oder "Netzwerk", wenn "Neu,Netzwerk" angegeben. Und oder numerische Werte (Ganzzahl, Gleitkommanzahlen).') ]; -?> \ No newline at end of file diff --git a/datafields.php b/datafields.php index d761ae5..50bedc0 100644 --- a/datafields.php +++ b/datafields.php @@ -70,10 +70,10 @@
@@ -122,10 +122,10 @@
Bestehende Datenfelder
@@ -142,9 +142,9 @@ function setDataExample() { } let dataExamples = $values) $joinedFields[] = '\'' . $key . '\': \'' . $values . '\''; - echo '{' . implode(',', $joinedFields) . '}';?> + $joinedFields = array(); + foreach ($dataExamples as $key => $values) $joinedFields[] = '\'' . $key . '\': \'' . $values . '\''; + echo '{' . implode(',', $joinedFields) . '}'; ?> function checkFields(evt) { if (document.querySelector('input[name="doDelete"]').value !== '-1') return @@ -167,11 +167,11 @@ function checkFields(evt) { } let validData = $values) $joinedFields[] = '\'' . $key . '\': [' . implode(', ', $values) . ']'; - echo '{' . implode(',', $joinedFields) . '}';?> + $joinedFields = array(); + foreach ($fieldLimits as $key => $values) $joinedFields[] = '\'' . $key . '\': [' . implode(', ', $values) . ']'; + echo '{' . implode(',', $joinedFields) . '}'; ?> - let dataType = null; + let dataType = null for (let field of dataFields) { let dataValue = '' @@ -207,9 +207,9 @@ function checkFields(evt) { } let fieldTypes = $values) $joinedFields[] = $values . ': \'' . $key . '\''; - echo '{'. implode(',', $joinedFields) . '}';?> + $joinedFields = array(); + foreach ($fieldTypesPos as $key => $values) $joinedFields[] = $values . ': \'' . $key . '\''; + echo '{' . implode(',', $joinedFields) . '}'; ?> let currentSelection = null diff --git a/footer.php b/footer.php index bcfa3d6..3b42a07 100644 --- a/footer.php +++ b/footer.php @@ -3,5 +3,5 @@ \ No newline at end of file diff --git a/index.php b/index.php index 6793406..a270015 100644 --- a/index.php +++ b/index.php @@ -1,284 +1,286 @@ - - - - - $category['amount'] - intVal($existingItem['amount'])), 'id=%d', $category['id']); - - $exitingSubCategories = explode(',', $existingItem['subcategories']); - foreach ($exitingSubCategories as $subcategoryId) { - $subCategory = DB::queryFirstRow('SELECT id, amount FROM subCategories WHERE id=%d', $subcategoryId); - if ($subCategory !== NULL) { - DB::update('subCategories', array('amount' => $subCategory['amount'] - intVal($existingItem['amount'])), 'id=%d', $subCategory['id']); - } - } - - $storage = DB::queryFirstRow('SELECT id,label,amount FROM storages WHERE id=%d', $existingItem['storageid']); - if ($storage != NULL) { - DB::update('storages', array('amount' => $storage['amount'] - $existingItem['amount']), 'id=%d', $storage['id']); - } - } + - $subIds = array(); - if ($subcategories !== NULL) { - foreach ($subcategories as $subcategory) { - $subCategory = DB::queryFirstRow('SELECT id, amount FROM subCategories WHERE name=%s', $subcategory); - if ($subCategory !== NULL) { - $subIds[] = $subCategory['id']; - DB::update('subCategories', array('amount' => $subCategory['amount'] + $amount), 'id=%d', $subCategory['id']); - } else { - DB::insert('subCategories', array('name' => $subcategory, 'amount' => $amount)); - $subIds[] = DB::insertId(); - } - } - } + + - $storage = DB::queryFirstRow('SELECT id,label,amount FROM storages WHERE label=%s', $_POST['storage']); + $_POST['storage'], 'amount' => $amount)); - $storage['id'] = DB::insertId(); - } else DB::update('storages', array('amount' => $storage['amount'] + $amount), 'id=%d', $storage['id']); + if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $amount = isset($_POST['amount']) && !empty($_POST['amount']) ? $_POST['amount'] : 1; + $serialNumber = isset($_POST['serialnumber']) && !empty($_POST['serialnumber']) ? $_POST['serialnumber'] : NULL; + $comment = isset($_POST['comment']) && !empty($_POST['comment']) ? $_POST['comment'] : NULL; + $subcategories = isset($_POST['subcategories']) && !empty($_POST['subcategories']) ? explode(',', $_POST['subcategories']) : NULL; - $category = DB::queryFirstRow('SELECT id,amount FROM headCategories WHERE name=%s', $_POST['category']); - if ($category == NULL) { - DB::insert('headCategories', array('name' => $_POST['category'], 'amount' => $amount)); - $category['id'] = DB::insertId(); - } else DB::update('headCategories', array('amount' => $category['amount'] + $amount), 'id=%d', $category['id']); + if (isset($_POST['itemUpdateId']) && !empty($_POST['itemUpdateId'])) { + $existingItem = DB::queryFirstRow('SELECT * FROM items WHERE id=%d', intVal($_POST['itemUpdateId'])); - if(isset($_POST['itemUpdateId']) && !empty($_POST['itemUpdateId'])) { - $item = DB::update('items', array('label' => $_POST['label'], 'comment' => $comment, 'serialnumber' => $serialNumber, 'amount' => $amount, 'headcategory' => $category['id'], 'subcategories' => (',' . implode($subIds, ',') . ','), 'storageid' => $storage['id']), 'id=%d', $existingItem['id']); - } else { - $item = DB::insert('items', array('label' => $_POST['label'], 'comment' => $comment, 'serialnumber' => $serialNumber, 'amount' => $amount, 'headcategory' => $category['id'], 'subcategories' => (',' . implode($subIds, ',') . ','), 'storageid' => $storage['id'])); - } + $category = DB::queryFirstRow('SELECT id,amount FROM headCategories WHERE id=%d', intVal($existingItem['headcategory'])); + DB::update('headCategories', array('amount' => $category['amount'] - intVal($existingItem['amount'])), 'id=%d', $category['id']); - $success = TRUE; + $exitingSubCategories = explode(',', $existingItem['subcategories']); + foreach ($exitingSubCategories as $subcategoryId) { + $subCategory = DB::queryFirstRow('SELECT id, amount FROM subCategories WHERE id=%d', $subcategoryId); + if ($subCategory !== NULL) { + DB::update('subCategories', array('amount' => $subCategory['amount'] - intVal($existingItem['amount'])), 'id=%d', $subCategory['id']); + } } - $isEdit = FALSE; - if (isset($_GET['editItem']) && !empty($_GET['editItem'])) { - $item = DB::queryFirstRow('SELECT * from items WHERE id=%d', intVal($_GET['editItem'])); - $isEdit = TRUE; + $storage = DB::queryFirstRow('SELECT id,label,amount FROM storages WHERE id=%d', $existingItem['storageid']); + if ($storage != NULL) { + DB::update('storages', array('amount' => $storage['amount'] - $existingItem['amount']), 'id=%d', $storage['id']); } - ?> - -
- + } + + $subIds = array(); + if ($subcategories !== NULL) { + foreach ($subcategories as $subcategory) { + $subCategory = DB::queryFirstRow('SELECT id, amount FROM subCategories WHERE name=%s', $subcategory); + if ($subCategory !== NULL) { + $subIds[] = $subCategory['id']; + DB::update('subCategories', array('amount' => $subCategory['amount'] + $amount), 'id=%d', $subCategory['id']); + } else { + DB::insert('subCategories', array('name' => $subcategory, 'amount' => $amount)); + $subIds[] = DB::insertId(); + } + } + } + + $storage = DB::queryFirstRow('SELECT id,label,amount FROM storages WHERE label=%s', $_POST['storage']); + + if ($storage == NULL) { + DB::insert('storages', array('label' => $_POST['storage'], 'amount' => $amount)); + $storage['id'] = DB::insertId(); + } else DB::update('storages', array('amount' => $storage['amount'] + $amount), 'id=%d', $storage['id']); + + $category = DB::queryFirstRow('SELECT id,amount FROM headCategories WHERE name=%s', $_POST['category']); + if ($category == NULL) { + DB::insert('headCategories', array('name' => $_POST['category'], 'amount' => $amount)); + $category['id'] = DB::insertId(); + } else DB::update('headCategories', array('amount' => $category['amount'] + $amount), 'id=%d', $category['id']); + + if (isset($_POST['itemUpdateId']) && !empty($_POST['itemUpdateId'])) { + $item = DB::update('items', array('label' => $_POST['label'], 'comment' => $comment, 'serialnumber' => $serialNumber, 'amount' => $amount, 'headcategory' => $category['id'], 'subcategories' => (',' . implode($subIds, ',') . ','), 'storageid' => $storage['id']), 'id=%d', $existingItem['id']); + } else { + $item = DB::insert('items', array('label' => $_POST['label'], 'comment' => $comment, 'serialnumber' => $serialNumber, 'amount' => $amount, 'headcategory' => $category['id'], 'subcategories' => (',' . implode($subIds, ',') . ','), 'storageid' => $storage['id'])); + } + + $success = TRUE; + } + + $isEdit = FALSE; + if (isset($_GET['editItem']) && !empty($_GET['editItem'])) { + $item = DB::queryFirstRow('SELECT * from items WHERE id=%d', intVal($_GET['editItem'])); + $isEdit = TRUE; + } + ?> + +
+ - + - + - + + +
+ ', $item['id']); + ?> +
+
+ +
- ', $item['id']); + if (!$isEdit) echo ''; + else printf('', $item['label']); ?> -
-
- -
+
- '; - else printf('', $item['label']); - ?> +
+
+
+ +
-
-
-
- -
-
+ ', $currentStorage['label']); + else echo ''; + ?> +
- ', $currentStorage['label']); - else echo ''; - ?> +
+
+
+ ', $item['comment']); + else echo ''; + ?> -
-
- -
- ', $item['comment']); - else echo ''; - ?> +
+
+
+
+ +
+ '; + } else { + printf('', gettext('Netzwerk/Hardware'), $currentCategory['name']); + } + ?> +
-
-
-
- -
+
+
+
+
- '; - } else { - printf('', gettext('Netzwerk/Hardware'), $currentCategory['name']); - } - ?>
+ '; + else printf('', implode($subCategories, ',')); + ?> -
-
-
- -
-
- '; - else printf('', implode($subCategories, ',')); - ?> +
+
+
+
+ '; + else printf('', $item['amount']); + ?> +
-
-
- -
- '; - else printf('', $item['amount']); - ?> +
+
+
+ '; + else printf('', gettext('Seriennummer/Artikelnummer'), $item['serialnumber']); + ?> -
-
- -
- '; - else printf('', gettext('Seriennummer/Artikelnummer'), $item['serialnumber']); - ?> - -
+
-
- +
+ - + -
- -
- - - + - document.querySelector('#categoryDropdown').addEventListener('change', function(evt) { - if (evt.target.value === '-1') { - document.querySelector('#category').value = '' - return - } - document.querySelector('#category').value = evt.target.value; - }) - - \ No newline at end of file diff --git a/inventory.php b/inventory.php index bfa281c..8dcdb5b 100644 --- a/inventory.php +++ b/inventory.php @@ -1,255 +1,263 @@ - - - + -
+ + + +
intVal($subCategoryDB['amount']) - intVal($item['amount'])), 'id=%d', $subCategoryDB['id']); - } + if ($subCategoryDB != NULL) { + DB::update('subCategories', array('amount' => intVal($subCategoryDB['amount']) - intVal($item['amount'])), 'id=%d', $subCategoryDB['id']); } } - - $headCategory = DB::queryFirstRow('SELECT amount FROM headCategories WHERE id=%d', $item['headcategory']); - DB::update('storages', array('amount' => intVal($storage['amount']) - intVal($item['amount'])), 'id=%d', $item['storageid']); - DB::update('headCategories', array('amount' => intVal($headCategory['amount']) - intVal($item['amount'])), 'id=%d', $item['headcategory']); - DB::query('DELETE FROM items WHERE id=%d', $_POST['remove']); - } else if (isset($_POST['removeStorage']) && !empty($_POST['removeStorage'])) { - DB::update('items', array('storageid' => 0), 'storageid=%d', $_POST['removeStorage']); - DB::query('DELETE FROM storages WHERE id=%d', $_POST['removeStorage']); } + + $headCategory = DB::queryFirstRow('SELECT amount FROM headCategories WHERE id=%d', $item['headcategory']); + DB::update('storages', array('amount' => intVal($storage['amount']) - intVal($item['amount'])), 'id=%d', $item['storageid']); + DB::update('headCategories', array('amount' => intVal($headCategory['amount']) - intVal($item['amount'])), 'id=%d', $item['headcategory']); + DB::query('DELETE FROM items WHERE id=%d', $_POST['remove']); + } else if (isset($_POST['removeStorage']) && !empty($_POST['removeStorage'])) { + DB::update('items', array('storageid' => 0), 'storageid=%d', $_POST['removeStorage']); + DB::query('DELETE FROM storages WHERE id=%d', $_POST['removeStorage']); } - ?> -
+ } + ?> + Keine Gegenstände gefunden.'; - - echo '
'; - } else if (isset($_GET['subcategory']) && !empty($_GET['subcategory'])) { - $categoryId = intVal($_GET['subcategory']); - $category = DB::queryFirstRow('SELECT id, name, amount from subCategories WHERE id=%d', $categoryId); - $items = DB::query('SELECT * FROM items WHERE subCategories LIKE %s', ('%,' . $categoryId . ',%')); - - $itemCount = 0; - foreach ($items as $item) $itemCount += intVal($item['amount']); + $success = FALSE; + if (isset($_GET['storageid']) && !empty($_GET['storageid']) && !isset($_GET['itemid'])) { + $storeId = intVal($_GET['storageid']); + $storages = DB::query('SELECT id, label, amount FROM storages ORDER BY label ASC'); + $store = DB::queryFirstRow('SELECT id, label, amount FROM storages WHERE id=%d', $storeId); + $items = DB::query('SELECT * FROM items WHERE storageid=%d', $storeId); + + addHeadColumns($store); + + if ($items != null) foreach ($items as $item) { + addItem($item, $storages); + } else echo '
  • Keine Gegenstände gefunden.
    • '; + + echo '
    '; + } else if (isset($_GET['subcategory']) && !empty($_GET['subcategory'])) { + $categoryId = intVal($_GET['subcategory']); + $category = DB::queryFirstRow('SELECT id, name, amount from subCategories WHERE id=%d', $categoryId); + $items = DB::query('SELECT * FROM items WHERE subCategories LIKE %s', ('%,' . $categoryId . ',%')); + + $itemCount = 0; + foreach ($items as $item) $itemCount += intVal($item['amount']); + + printf('

      %s (%d %s, %d %s)

      ', $category['name'], DB::affectedRows(), DB::affectedRows() == 1 ? 'Position' : 'Positionen', $itemCount, $itemCount == 1 ? getText('Gegenstand') : gettext('Gegenstände')); + $storages = DB::query('SELECT id, label FROM storages ORDER BY label ASC'); + + echo '
    • ' . gettext('Gruppe') . '' . gettext('Bezeichnung') . '' . gettext('Anzahl') . '' . gettext('Bemerkung') . '' . gettext('Lagerplatz') . '' . gettext('Unterkategorien') . '' . gettext('Aktionen') . '
      • '; + if ($items != null) foreach ($items as $item) { + addItemStore($item, $storages); + } else echo '
    • ' . gettext('Keine Gegenstände gefunden.') . '
      • '; + + echo '
    '; + } else if (isset($_GET['storageid']) && !empty($_GET['storageid']) && isset($_GET['itemid']) && !empty($_GET['itemid'])) { + $storeId = intVal($_GET['storageid']); + $itemId = intVal($_GET['itemid']); + + $item = DB::queryFirstRow('SELECT id, amount, storageid FROM items WHERE id=%d', $itemId); + if ($item['storageid'] == $storeId) { + header("location: inventory.php"); + die(); + } - printf('

      %s (%d %s, %d %s)

      ', $category['name'], DB::affectedRows(), DB::affectedRows() == 1 ? 'Position' : 'Positionen', $itemCount, $itemCount == 1 ? getText('Gegenstand') : gettext('Gegenstände')); - $storages = DB::query('SELECT id, label FROM storages ORDER BY label ASC'); + if ($storeId != NULL) { + $previousStorage = DB::queryFirstRow('SELECT id, amount FROM storages WHERE id=%d', $item['storageid']); + DB::update('storages', array('amount' => intVal($previousStorage['amount']) - intVal($item['amount'])), 'id=%d', $previousStorage['id']); + } - echo '
    • ' . gettext('Gruppe') . '' . gettext('Bezeichnung') . '' . gettext('Anzahl') . '' . gettext('Bemerkung') . '' . gettext('Lagerplatz') . '' . gettext('Unterkategorien') . '' . gettext('Aktionen') . '
      • '; - if ($items != null) foreach($items as $item) { addItemStore($item, $storages); } - else echo '
    • ' . gettext('Keine Gegenstände gefunden.') . '
      • '; + $storage = DB::queryFirstRow('SELECT id, amount FROM storages WHERE id=%d', $storeId); + DB::update('storages', array('amount' => intVal($storage['amount']) + intVal($item['amount'])), 'id=%d', $storage['id']); + DB::update('items', array('storageid' => $storage['id']), 'id=%d', $item['id']); + header("location: inventory.php"); + die(); + } else if (isset($_GET['searchValue']) && !empty($_GET['searchValue'])) { + $searchValue = $_GET['searchValue']; + + $storages = DB::query('SELECT id, label, amount FROM storages'); + $headCategories = DB::query('SELECT id, name FROM headCategories'); + $subCategories = DB::query('SELECT id, name FROM subCategories'); + + $foundData = FALSE; + + $existingItemIds = array(); + foreach ($storages as $store) { + $hasHeader = FALSE; + $hasItems = FALSE; + + if ($headCategories != null) { + foreach ($headCategories as $headCategory) { + if (stripos($headCategory['name'], $searchValue) !== FALSE) $items = DB::query('SELECT * FROM items WHERE storageid=%d', $store['id']); + else $items = DB::query('SELECT * FROM items WHERE storageid=%d AND (label LIKE %ss OR comment LIKE %ss OR serialnumber LIKE %ss)', $store['id'], $searchValue, $searchValue, $searchValue); + + if ($items != null) { + if (!$hasHeader) { + addHeadColumnsPositions($store); + $hasHeader = TRUE; + } - echo '
    '; - } else if (isset($_GET['storageid']) && !empty($_GET['storageid']) && isset($_GET['itemid']) && !empty($_GET['itemid'])) { - $storeId = intVal($_GET['storageid']); - $itemId = intVal($_GET['itemid']); - - $item = DB::queryFirstRow('SELECT id, amount, storageid FROM items WHERE id=%d', $itemId); - if ($item['storageid'] == $storeId) { - header("location: inventory.php"); - die(); - } + foreach ($items as $item) if (!in_array($item['id'], $existingItemIds)) { + addItem($item, $storages); + $existingItemIds[] = $item['id']; + } - if ($storeId != NULL) { - $previousStorage = DB::queryFirstRow('SELECT id, amount FROM storages WHERE id=%d', $item['storageid']); - DB::update('storages', array('amount' => intVal($previousStorage['amount']) - intVal($item['amount'])), 'id=%d', $previousStorage['id']); + $hasItems = TRUE; + $foundData = TRUE; + } + } } - $storage = DB::queryFirstRow('SELECT id, amount FROM storages WHERE id=%d', $storeId); - DB::update('storages', array('amount' => intVal($storage['amount']) + intVal($item['amount'])), 'id=%d', $storage['id']); - DB::update('items', array('storageid' => $storage['id']), 'id=%d', $item['id']); - header("location: inventory.php"); - die(); - } else if (isset($_GET['searchValue']) && !empty($_GET['searchValue'])) { - $searchValue = $_GET['searchValue']; - - $storages = DB::query('SELECT id, label, amount FROM storages'); - $headCategories = DB::query('SELECT id, name FROM headCategories'); - $subCategories = DB::query('SELECT id, name FROM subCategories'); + if ($subCategories != null) { + foreach ($subCategories as $subCategory) { + if (stripos($subCategory['name'], $searchValue) !== FALSE) $items = DB::query('SELECT * FROM items WHERE storageid=%d AND subcategories LIKE %s', $store['id'], ('%,' . $subCategory['id'] . ',%')); + else $items = DB::query('SELECT * FROM items WHERE storageid=%d AND subcategories LIKE %s AND (label LIKE %ss OR comment LIKE %ss OR serialnumber LIKE %ss)', $store['id'], ('%,' . $subCategory['id'] . ',%'), $searchValue, $searchValue, $searchValue, ($searchValue . '%')); - $foundData = FALSE; + if ($items != null) { + if (!$hasHeader) { + addHeadColumnsPositions($store); + $hasHeader = TRUE; + } - $existingItemIds = array(); - foreach ($storages as $store) { - $hasHeader = FALSE; - $hasItems = FALSE; - - if ($headCategories != null) { - foreach ($headCategories as $headCategory) { - if (stripos($headCategory['name'], $searchValue) !== FALSE) $items = DB::query('SELECT * FROM items WHERE storageid=%d', $store['id']); - else $items = DB::query('SELECT * FROM items WHERE storageid=%d AND (label LIKE %ss OR comment LIKE %ss OR serialnumber LIKE %ss)', $store['id'], $searchValue, $searchValue, $searchValue); - - if ($items != null) { - if (!$hasHeader) { - addHeadColumnsPositions($store); - $hasHeader = TRUE; - } - - foreach($items as $item) if (!in_array($item['id'], $existingItemIds)) { - addItem($item, $storages); - $existingItemIds[] = $item['id']; - } - - $hasItems = TRUE; - $foundData = TRUE; + foreach ($items as $item) if (!in_array($item['id'], $existingItemIds)) { + $existingItemIds[] = $item['id']; + addItem($item, $storages); } + + $hasItems = TRUE; + $foundData = TRUE; } } + } - if ($subCategories != null) { - foreach ($subCategories as $subCategory) { - if (stripos($subCategory['name'], $searchValue) !== FALSE) $items = DB::query('SELECT * FROM items WHERE storageid=%d AND subcategories LIKE %s', $store['id'], ('%,' . $subCategory['id'] . ',%')); - else $items = DB::query('SELECT * FROM items WHERE storageid=%d AND subcategories LIKE %s AND (label LIKE %ss OR comment LIKE %ss OR serialnumber LIKE %ss)', $store['id'], ('%,' . $subCategory['id'] . ',%'), $searchValue, $searchValue, $searchValue, ($searchValue . '%')); + if ($foundData) echo '
    '; + } - if ($items != null) { - if (!$hasHeader) { - addHeadColumnsPositions($store); - $hasHeader = TRUE; - } + if (!$foundData) { + echo '
  • ' . gettext('Keine Gegenstände gefunden.') . '
    • '; + echo '
    '; + } + } else if (isset($_GET['category']) && !empty($_GET['category'])) { + $categoryId = intVal($_GET['category']); + $category = DB::queryFirstRow('SELECT id, name, amount from headCategories WHERE id=%d', $categoryId); + $items = DB::query('SELECT * FROM items WHERE headcategory=%d', $categoryId); - foreach($items as $item) if (!in_array($item['id'], $existingItemIds)) { - $existingItemIds[] = $item['id']; - addItem($item, $storages); - } + $itemCount = 0; + foreach ($items as $item) $itemCount += intVal($item['amount']); - $hasItems = TRUE; - $foundData = TRUE; - } - } + printf('

      %s (%d %s, %d %s)

      ', $category['name'], DB::affectedRows(), DB::affectedRows() == 1 ? getText('Position') : gettext('Positionen'), $itemCount, $itemCount == 1 ? getText('Gegenstand') : gettext('Gegenstände')); + $storages = DB::query('SELECT id, label FROM storages'); - } + echo '
    • ' . gettext('Gruppe') . '' . gettext('Bezeichnung') . '' . gettext('Anzahl') . '' . gettext('Bemerkung') . '' . gettext('Lagerplatz') . '' . gettext('Unterkategorien') . '' . gettext('Aktionen') . '
      • '; - if ($foundData) echo '
    '; + if ($items != null) { + foreach ($items as $item) { + addItemStore($item, $storages); } + } else { + echo '
  • ' . gettext('Keine Gegenstände gefunden.') . '
    • '; + } - if (!$foundData) { - echo '
  • ' . gettext('Keine Gegenstände gefunden.') . '
    • '; - echo '
    '; - } + echo '
    '; + echo '

    ' . gettext('Unterkategorien') . '

    '; - } else if (isset($_GET['category']) && !empty($_GET['category'])) { - $categoryId = intVal($_GET['category']); - $category = DB::queryFirstRow('SELECT id, name, amount from headCategories WHERE id=%d', $categoryId); - $items = DB::query('SELECT * FROM items WHERE headcategory=%d', $categoryId); + $subCategories = DB::query('SELECT * FROM subCategories WHERE headcategory=%d ORDER BY name ASC', $categoryId); + foreach ($subCategories as $subCategory) { + $items = DB::query('SELECT * FROM items WHERE subcategories LIKE %s', '%,' . $subCategory['id'] . ',%'); $itemCount = 0; foreach ($items as $item) $itemCount += intVal($item['amount']); - printf('

      %s (%d %s, %d %s)

      ', $category['name'], DB::affectedRows(), DB::affectedRows() == 1 ? getText('Position') : gettext('Positionen'), $itemCount, $itemCount == 1 ? getText('Gegenstand') : gettext('Gegenstände')); + printf('

        %s (%d %s, %d %s)

        ', $subCategory['name'], DB::affectedRows(), DB::affectedRows() == 1 ? getText('Position') : gettext('Positionen'), $itemCount, $itemCount == 1 ? getText('Gegenstand') : gettext('Gegenstände')); $storages = DB::query('SELECT id, label FROM storages'); echo '
      • ' . gettext('Gruppe') . '' . gettext('Bezeichnung') . '' . gettext('Anzahl') . '' . gettext('Bemerkung') . '' . gettext('Lagerplatz') . '' . gettext('Unterkategorien') . '' . gettext('Aktionen') . '
        • '; if ($items != null) { - foreach($items as $item) { addItemStore($item, $storages); } + foreach ($items as $item) { + addItemStore($item, $storages); + } } else { echo '
      • ' . gettext('Keine Gegenstände gefunden.') . '
        • '; } echo '
      '; - echo '

      ' . gettext('Unterkategorien') . '

      '; - - $subCategories = DB::query('SELECT * FROM subCategories WHERE headcategory=%d ORDER BY name ASC', $categoryId); - foreach ($subCategories as $subCategory) { - $items = DB::query('SELECT * FROM items WHERE subcategories LIKE %s', '%,' . $subCategory['id'] . ',%'); + } + } else { + $loseItems = DB::query('SELECT * FROM items WHERE storageid=0'); + $count = DB::affectedRows(); + if ($loseItems != NULL) { + $storages = DB::query('SELECT id, label FROM storages ORDER BY label ASC'); - $itemCount = 0; - foreach ($items as $item) $itemCount += intVal($item['amount']); + printf('

      %s (%d %s)

        ', gettext('Unsortiert'), $count, $count == 1 ? 'Position' : 'Positionen'); - printf('

          %s (%d %s, %d %s)

          ', $subCategory['name'], DB::affectedRows(), DB::affectedRows() == 1 ? getText('Position') : gettext('Positionen'), $itemCount, $itemCount == 1 ? getText('Gegenstand') : gettext('Gegenstände')); - $storages = DB::query('SELECT id, label FROM storages'); + echo '
        • ' . gettext('Gruppe') . '' . gettext('Bezeichnung') . '' . gettext('Anzahl') . '' . gettext('Bemerkung') . '' . gettext('Unterkategorien') . '' . gettext('Hinzugefügt') . '
          • '; - echo '
        • ' . gettext('Gruppe') . '' . gettext('Bezeichnung') . '' . gettext('Anzahl') . '' . gettext('Bemerkung') . '' . gettext('Lagerplatz') . '' . gettext('Unterkategorien') . '' . gettext('Aktionen') . '
          • '; + foreach ($loseItems as $item) addItem($item, $storages); + echo '
        '; + } - if ($items != null) { - foreach($items as $item) { addItemStore($item, $storages); } - } else { - echo '
      • ' . gettext('Keine Gegenstände gefunden.') . '
        • '; - } - echo '
      '; - } + $storages = DB::query('SELECT id, label, amount FROM storages ORDER BY label ASC'); + if ($storages == NULL && $loseItems == NULL) { + echo '
      • Keine Gegenstände gefunden.
        • '; } else { - $loseItems = DB::query('SELECT * FROM items WHERE storageid=0'); - $count = DB::affectedRows(); - if ($loseItems != NULL) { - $storages = DB::query('SELECT id, label FROM storages ORDER BY label ASC'); - - printf('

        %s (%d %s)

          ', gettext('Unsortiert'), $count, $count == 1 ? 'Position' : 'Positionen'); - - echo '
        • ' . gettext('Gruppe') . '' . gettext('Bezeichnung') . '' . gettext('Anzahl') . '' . gettext('Bemerkung') . '' . gettext('Unterkategorien') . '' . gettext('Hinzugefügt') . '
          • '; - - foreach ($loseItems as $item) addItem($item, $storages); - echo '
        '; - } - + foreach ($storages as $store) { + $items = DB::query('SELECT * FROM items WHERE storageid=%d', $store['id']); + addHeadColumns($store); - $storages = DB::query('SELECT id, label, amount FROM storages ORDER BY label ASC'); - if ($storages == NULL && $loseItems == NULL) { - echo '
        • Keine Gegenstände gefunden.
          • '; - } else { - foreach ($storages as $store) { - $items = DB::query('SELECT * FROM items WHERE storageid=%d', $store['id']); - addHeadColumns($store); - - if ($items != NULL) { - foreach($items as $item) { addItem($item, $storages); } - } else { - echo '
        • ' . gettext('Keine Gegenstände gefunden.') . '
          • '; + if ($items != NULL) { + foreach ($items as $item) { + addItem($item, $storages); } - echo '
        '; + } else { + echo '
      • ' . gettext('Keine Gegenstände gefunden.') . '
        • '; } + echo '
      '; } } - ?> - -
    - - - + - let removalButtons = document.querySelectorAll('.smallButton') - for (let button of removalButtons) { - button.addEventListener('click', function (evt) { - let target = evt.target.parentNode - let targetType = target.name === 'removeStorage' ? '' : '' - if (!window.confirm(targetType + ' "' + target.dataset['name'] + '"')) { - evt.preventDefault() - } - }) - } - - - + \ No newline at end of file diff --git a/login.php b/login.php index 1e33d43..022fd0e 100644 --- a/login.php +++ b/login.php @@ -1,243 +1,235 @@ $user['username'], 'id'=>$user['id'], 'usergroupid'=>$user['usergroupid']]; - } - else{ - header('Location: index.php?logout'); - } +if (isset($_GET['logout'])) { + unset($_SESSION['authenticated']); + unset($_SESSION['user']); + header('Location: index.php'); + exit; +} - if($requireAdmin && $user['usergroupid']!=1){ - $error = gettext('Zugriff verweigert!'); - include('accessdenied.php'); - exit; - } +if (!empty($_SESSION['authenticated'])) { + $user = DB::queryFirstRow('SELECT u.id, u.username, u.password, g.usergroupid FROM users u LEFT JOIN users_groups g ON(g.userid=u.id) WHERE u.id=%i LIMIT 1', $_SESSION['user']['id']); + if ($user) { + $_SESSION['authenticated'] = true; + $_SESSION['user'] = ['username' => $user['username'], 'id' => $user['id'], 'usergroupid' => $user['usergroupid']]; + } else { + header('Location: index.php?logout'); + } - return; + if ($requireAdmin && $user['usergroupid'] != 1) { + $error = gettext('Zugriff verweigert!'); + include('accessdenied.php'); + exit; } - $showRecover = isset($_GET['recover']); + return; +} - DB::query('SELECT id FROM users LIMIT 1'); - if (DB::count()==0) { - $showActivation = true; - $createFirstAdmin = true; - } +$showRecover = isset($_GET['recover']); - if ($createFirstAdmin || (isset($_REQUEST['activate']) && !empty($_REQUEST['activate']))) { - DB::delete('users_tokens', 'valid_until < NOW()'); +DB::query('SELECT id FROM users LIMIT 1'); +if (DB::count() == 0) { + $showActivation = true; + $createFirstAdmin = true; +} - if (!$createFirstAdmin) { - $userId = substr($_REQUEST['activate'], 0, -32); - $activationToken = substr($_REQUEST['activate'], -32); - $users = DB::query('SELECT u.username, u.password, t.token, t.id as tokenid FROM users u LEFT JOIN users_tokens t ON(t.userid=u.id) WHERE t.userid=%i', $userId); - foreach($users as $_user){ - $verify = password_verify($activationToken, $_user['token']); - if($verify){ - $user = $_user; - break; - } +if ($createFirstAdmin || (isset($_REQUEST['activate']) && !empty($_REQUEST['activate']))) { + DB::delete('users_tokens', 'valid_until < NOW()'); + + if (!$createFirstAdmin) { + $userId = substr($_REQUEST['activate'], 0, -32); + $activationToken = substr($_REQUEST['activate'], -32); + $users = DB::query('SELECT u.username, u.password, t.token, t.id as tokenid FROM users u LEFT JOIN users_tokens t ON(t.userid=u.id) WHERE t.userid=%i', $userId); + foreach ($users as $_user) { + $verify = password_verify($activationToken, $_user['token']); + if ($verify) { + $user = $_user; + break; } } - if($createFirstAdmin || $user) { - if (isset($_POST['password'])) { - $errors = []; + } + if ($createFirstAdmin || $user) { + if (isset($_POST['password'])) { + $errors = []; - if (strlen($_POST['password']) < 8) { - $errors[] = gettext('Passwort zu kurz, mindestens 8 Zeichen!'); - } + if (strlen($_POST['password']) < 8) { + $errors[] = gettext('Passwort zu kurz, mindestens 8 Zeichen!'); + } - if (!preg_match("#[0-9]+#", $_POST['password'])) { - $errors[] = gettext('Passwort muß eine Zahl enthalten!'); - } + if (!preg_match("#[0-9]+#", $_POST['password'])) { + $errors[] = gettext('Passwort muß eine Zahl enthalten!'); + } - if (!preg_match("#[a-z]+#", $_POST['password'])) { - $errors[] = gettext('Passwort muß einen Kleinbuchstaben enthalten!'); - } + if (!preg_match("#[a-z]+#", $_POST['password'])) { + $errors[] = gettext('Passwort muß einen Kleinbuchstaben enthalten!'); + } - if (!preg_match("#[A-Z]+#", $_POST['password'])) { - $errors[] = gettext('Passwort muß einen Großbuchstaben enthalten!'); - } + if (!preg_match("#[A-Z]+#", $_POST['password'])) { + $errors[] = gettext('Passwort muß einen Großbuchstaben enthalten!'); + } - if ($_POST['password'] != $_POST['password_repeat']) { - $errors[] = gettext('Die Passwörter stimmen nicht überein!'); - } + if ($_POST['password'] != $_POST['password_repeat']) { + $errors[] = gettext('Die Passwörter stimmen nicht überein!'); + } - if (empty($_POST['username'])) { - $errors[] = gettext('Benutzername ist erforderlich.'); - } else if (isset($_POST['username']) && !preg_match('/[^a-zA-Z0-9_\-\.]/', $_POST['username']) == 0) { - $errors[] = gettext('Benutzername enthält nicht zugelassene Zeichen.'); - } + if (empty($_POST['username'])) { + $errors[] = gettext('Benutzername ist erforderlich.'); + } else if (isset($_POST['username']) && !preg_match('/[^a-zA-Z0-9_\-\.]/', $_POST['username']) == 0) { + $errors[] = gettext('Benutzername enthält nicht zugelassene Zeichen.'); + } - if ($createFirstAdmin && !filter_var($_POST['mailaddress'], FILTER_VALIDATE_EMAIL)) { - $errors[] = gettext("E-Mail-Adresse ungültig!"); - } + if ($createFirstAdmin && !filter_var($_POST['mailaddress'], FILTER_VALIDATE_EMAIL)) { + $errors[] = gettext("E-Mail-Adresse ungültig!"); + } - if(count($errors)==0){ - $hashedPassword = password_hash($_POST['password'], PASSWORD_DEFAULT); - DB::$error_handler = false; - DB::$throw_exception_on_error = true; - try { - if ($createFirstAdmin) { - $result = DB::insert('users', array('username'=>trim($_POST['username']), 'mailaddress' => $_POST['mailaddress'], 'password' => $hashedPassword)); - $userId = DB::insertId(); - $result = DB::insert('users_groups', array('userid'=>$userId, 'usergroupid' => 1)); - } else { - $result = DB::update('users', array('username'=>trim($_POST['username']), 'password' => $hashedPassword), 'id=%i', $userId); - } - if ($result && DB::affectedRows()==1) { - if (!empty($user['tokenid'])) { - DB::delete('users_tokens', 'id=%i', $user['tokenid']); - } - $_SESSION['authenticated'] = true; - $_SESSION['user'] = ['id'=>$userId]; - header('Location: index.php'); - } + if (count($errors) == 0) { + $hashedPassword = password_hash($_POST['password'], PASSWORD_DEFAULT); + DB::$error_handler = false; + DB::$throw_exception_on_error = true; + try { + if ($createFirstAdmin) { + $result = DB::insert('users', array('username' => trim($_POST['username']), 'mailaddress' => $_POST['mailaddress'], 'password' => $hashedPassword)); + $userId = DB::insertId(); + $result = DB::insert('users_groups', array('userid' => $userId, 'usergroupid' => 1)); + } else { + $result = DB::update('users', array('username' => trim($_POST['username']), 'password' => $hashedPassword), 'id=%i', $userId); } - catch(Exception $e) { - $message = $e->getMessage(); - if(strpos($message, 'Duplicate entry')!==false){ - $error = 'Der Benutzername ist bereits vergeben.'; - } - else{ - $error = $e->getMessage(); + if ($result && DB::affectedRows() == 1) { + if (!empty($user['tokenid'])) { + DB::delete('users_tokens', 'id=%i', $user['tokenid']); } + $_SESSION['authenticated'] = true; + $_SESSION['user'] = ['id' => $userId]; + header('Location: index.php'); + } + } catch (Exception $e) { + $message = $e->getMessage(); + if (strpos($message, 'Duplicate entry') !== false) { + $error = 'Der Benutzername ist bereits vergeben.'; + } else { + $error = $e->getMessage(); } - DB::$error_handler = true; - DB::$throw_exception_on_error = false; - } - else{ - $error = implode('
    ', $errors); } + DB::$error_handler = true; + DB::$throw_exception_on_error = false; + } else { + $error = implode('
    ', $errors); } - $showActivation = true; - } - else{ - $error = gettext('Der Aktivierungslink ist nicht mehr gültig.'); - } - } else if (isset($_POST['password']) && !empty($_POST['password'])) { - $user = DB::queryFirstRow('SELECT u.id, u.username, u.password, g.usergroupid FROM users u LEFT JOIN users_groups g ON(g.userid=u.id) WHERE u.username=%s LIMIT 1', $_POST['username']); - if($user && password_verify($_POST['password'], $user['password'])) { - $_SESSION['authenticated'] = true; - $_SESSION['user'] = ['id'=>$user['id']]; - header('Location: index.php'); } - else{ - $error = gettext('Zugangsdaten ungültig'); - } - } else if ($showRecover && ((isset($_POST['username']) && !empty($_POST['username'])) || isset($_POST['mailaddress']) && !empty($_POST['mailaddress']))) { - if (empty($_POST['mailaddress'])) { - $user = DB::query('SELECT id, username, mailaddress FROM users WHERE username=%s', $_POST['username']); - } else if (empty($_POST['username'])) { - $user = DB::query('SELECT id, username, mailaddress FROM users WHERE mailaddress=%s', $_POST['mailaddress']); - } else { - $user = DB::query('SELECT id, username, mailaddress FROM users WHERE username=%s AND mailaddress=%s', $_POST['username'], $_POST['mailaddress']); - } - $countUsers = DB::count(); - if ($countUsers > 1) { - $error = gettext('Bitte Benutzername und E-Mail-Adresse angeben.'); - } else if($countUsers == 1) { - $user = $user[0]; - $token = bin2hex(openssl_random_pseudo_bytes(16)); - $hashedToken = password_hash($token, PASSWORD_DEFAULT); - DB::insert('users_tokens', array('userid' => $user['id'], 'token' => $hashedToken, 'valid_until' => DB::sqlEval('NOW( ) + INTERVAL 24 HOUR'))); - $mailSettings = json_decode(DB::queryFirstField('SELECT jsondoc FROM settings WHERE namespace="mail" LIMIT 1')); + $showActivation = true; + } else { + $error = gettext('Der Aktivierungslink ist nicht mehr gültig.'); + } +} else if (isset($_POST['password']) && !empty($_POST['password'])) { + $user = DB::queryFirstRow('SELECT u.id, u.username, u.password, g.usergroupid FROM users u LEFT JOIN users_groups g ON(g.userid=u.id) WHERE u.username=%s LIMIT 1', $_POST['username']); + if ($user && password_verify($_POST['password'], $user['password'])) { + $_SESSION['authenticated'] = true; + $_SESSION['user'] = ['id' => $user['id']]; + header('Location: index.php'); + } else { + $error = gettext('Zugangsdaten ungültig'); + } +} else if ($showRecover && ((isset($_POST['username']) && !empty($_POST['username'])) || isset($_POST['mailaddress']) && !empty($_POST['mailaddress']))) { + if (empty($_POST['mailaddress'])) { + $user = DB::query('SELECT id, username, mailaddress FROM users WHERE username=%s', $_POST['username']); + } else if (empty($_POST['username'])) { + $user = DB::query('SELECT id, username, mailaddress FROM users WHERE mailaddress=%s', $_POST['mailaddress']); + } else { + $user = DB::query('SELECT id, username, mailaddress FROM users WHERE username=%s AND mailaddress=%s', $_POST['username'], $_POST['mailaddress']); + } + $countUsers = DB::count(); + if ($countUsers > 1) { + $error = gettext('Bitte Benutzername und E-Mail-Adresse angeben.'); + } else if ($countUsers == 1) { + $user = $user[0]; + $token = bin2hex(openssl_random_pseudo_bytes(16)); + $hashedToken = password_hash($token, PASSWORD_DEFAULT); + DB::insert('users_tokens', array('userid' => $user['id'], 'token' => $hashedToken, 'valid_until' => DB::sqlEval('NOW( ) + INTERVAL 24 HOUR'))); + $mailSettings = json_decode(DB::queryFirstField('SELECT jsondoc FROM settings WHERE namespace="mail" LIMIT 1')); - if ($mailSettings->enabled && filter_var($mailSettings->senderAddress, FILTER_VALIDATE_EMAIL)) { - $header[] = 'MIME-Version: 1.0'; - $header[] = 'Content-type: text/html; charset=utf-8'; - $header[] = 'From: ' . $mailSettings->senderAddress; - mail($user['mailaddress'], gettext('sqStorage Passwortänderung'), sprintf(gettext("Um das Passwort für sqStorage zu ändern bitte den folgenden Link aufrufen: %s\r\n"), dirname($_SERVER['HTTP_REFERER']) . '/login.php?activate=' . $user['id'] . $token, dirname($_SERVER['HTTP_REFERER']). '/login.php?activate=' . $user['id'] . $token), implode("\r\n", $header)); - $error = gettext('Falls ein Benutzerkonto gefunden wird, erhalten Sie nun eine Mail mit einem Link zum Zurücksetzen des Passworts.'); - } - else{ - $error = gettext('Momentan können keine E-Mails versendet werden, bitte später noch einmal versuchen, oder einen Administrator kontaktieren.'); - } - } - else{ + if ($mailSettings->enabled && filter_var($mailSettings->senderAddress, FILTER_VALIDATE_EMAIL)) { + $header[] = 'MIME-Version: 1.0'; + $header[] = 'Content-type: text/html; charset=utf-8'; + $header[] = 'From: ' . $mailSettings->senderAddress; + mail($user['mailaddress'], gettext('sqStorage Passwortänderung'), sprintf(gettext("Um das Passwort für sqStorage zu ändern bitte den folgenden Link aufrufen: %s\r\n"), dirname($_SERVER['HTTP_REFERER']) . '/login.php?activate=' . $user['id'] . $token, dirname($_SERVER['HTTP_REFERER']) . '/login.php?activate=' . $user['id'] . $token), implode("\r\n", $header)); $error = gettext('Falls ein Benutzerkonto gefunden wird, erhalten Sie nun eine Mail mit einem Link zum Zurücksetzen des Passworts.'); + } else { + $error = gettext('Momentan können keine E-Mails versendet werden, bitte später noch einmal versuchen, oder einen Administrator kontaktieren.'); } + } else { + $error = gettext('Falls ein Benutzerkonto gefunden wird, erhalten Sie nun eine Mail mit einem Link zum Zurücksetzen des Passworts.'); } +} ?> - - - + + + + -
    -