webinterface.git

@@ -22,18 +22,22 @@ require_once('su.php');

 require_role(ROLE_SYSADMIN);

-if (isset($_GET['type']))

+if (isset($_GET['do']))

 {

-  check_form_token('su_su_ajax', $_GET['formtoken']);

+  if ($_SESSION['su_ajax_timestamp'] < time() - 30) {

+    system_failure("Die su-Auswahl ist schon abgelaufen!");

+  }

+  $type = $_GET['do'][0];

+  $id = (int) substr($_GET['do'], 1);

   $role = NULL;

   $admin_user = $_SESSION['userinfo']['username'];

   $_SESSION['admin_user'] = $admin_user;

-  if ($_GET['type'] == 'customer') {

-    $role = find_role($_GET['id'], '', True);

-    setup_session($role, $_GET['id']);

-  } elseif ($_GET['type'] == 'systemuser') {

-    $role = find_role($_GET['uid'], '', True);

-    setup_session($role, $_GET['uid']);

+  if ($type == 'c') {

+    $role = find_role($id, '', True);

+    setup_session($role, $id);

+  } elseif ($type == 'u') {

+    $role = find_role($id, '', True);

+    setup_session($role, $id);

   } else {

     system_failure('unknown type');

   }

@@ -62,32 +66,26 @@ $debug = '';

 if ($debugmode)

   $debug = 'debug&';

-html_header('<script type="text/javascript" src="'.$prefix.'js/ajax.js" ></script>

-<script type="text/javascript">

-

-function doRequest() {

-  ajax_request(\'su_ajax\', \''.$debug.'q=\'+document.getElementById(\'query\').value, got_response)

-}

-

-function keyPressed() {

-  if(window.mytimeout) window.clearTimeout(window.mytimeout);

-  window.mytimeout = window.setTimeout(doRequest, 500);

-  return true;

-}

+html_header('

+<link rel="stylesheet" href="http://code.jquery.com/ui/1.10.0/themes/base/jquery-ui.css">

+<script type="text/javascript" src="http://code.jquery.com/jquery-1.9.0.js" ></script>

+<script type="text/javascript" src="http://code.jquery.com/ui/1.10.0/jquery-ui.js" ></script>

+');

-function got_response() {

-  if (xmlHttp.readyState == 4) {

-    document.getElementById(\'response\').innerHTML = xmlHttp.responseText;

+output('<label for="query"><strong>Suchtext:</strong></label> <input type="text" id="query" />

+<input type="hidden" id="query_id" name="query_id" />

+');

+output('

+<script>

+$("#query").autocomplete({

+    source: "su_ajax",

+    select: function( event, ui ) {

+      if (ui.item) {

+        window.location.href = "?do="+ui.item.id;

       }

 }

-

-</script>

-');

-

-output(html_form('su_su_ajax', '', '', '<strong>Suchtext:</strong> <input type="text" id="query" onkeyup="keyPressed()" />

-'));

-output('<div id="response"></div>

-<div style="height: 3em;">&#160;</div>');

+ });

+</script>');

 /*

@@ -24,19 +24,24 @@ require_once('class/customer.php');

 require_role(ROLE_SYSADMIN);

-$ajax_formtoken = generate_form_token('su_su_ajax');

+# Save the timestamp of this request to the session, so we accept only actions performed some seconds after this

+$_SESSION['su_ajax_timestamp'] = time();

-$result = array_unique(find_customers($_GET['q']));

+header("Content-Type: text/javascript");

+echo "[\n";

+

+$result = array_unique(find_customers($_GET['term']));

 sort($result);

 foreach ($result as $val) {

   $c = new Customer((int) $val);

-  echo '<div style="margin-bottom: 0.5em;">'.internal_link('su.php', 'Kunde '.$c->id.': <strong>'.$c->fullname.'</strong>', 'type=customer&id='.$c->id.'&formtoken='.$ajax_formtoken);

+  echo " {\"id\": \"c{$c->id}\", \"value\": \"Kunde {$c->id}: {$c->fullname}\"},\n";

   $users = find_users_for_customer($c->id);

   foreach ($users as $uid => $username) {

-    echo '<p style="padding:0; margin:0;margin-left: 2em;">'.internal_link('', 'User »'.$username.'« (UID '.$uid.')', 'type=systemuser&uid='.$uid.'&formtoken='.$ajax_formtoken).'</p>';

+    echo " {\"id\": \"u{$uid}\", \"label\": \"User {$uid}: {$username}\"},\n";

   }

-  echo '</div>';

 }

+echo ' {}

+]';

 die();