Browse code

Umstellung von filter_input_general() auf filter_output_html()

Bernd Wurst authored on21/09/2019 17:07:48
Showing1 changed files
... ...
@@ -16,7 +16,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
16 16
 
17 17
 require_once('inc/base.php');
18 18
 require_once('inc/security.php');
19
-require_once('inc/debug.php');
20 19
 
21 20
 require_once('session/start.php');
22 21
 require_once('su.php');
... ...
@@ -37,7 +36,7 @@ if (isset($_GET['do'])) {
37 36
 $search = null;
38 37
 if (isset($_POST['query'])) {
39 38
     check_form_token('su_su');
40
-    $id = filter_input_general($_POST['query']);
39
+    $id = $_POST['query'];
41 40
     if (! su(null, $id)) {
42 41
         $search = $_POST['query'];
43 42
     }
... ...
@@ -48,11 +47,6 @@ title("Benutzer wechseln");
48 47
 output('<p>Hiermit können Sie (als Admin) das Webinterface mit den Rechten eines beliebigen anderen Benutzers benutzen.</p>
49 48
 ');
50 49
 
51
-$debug = '';
52
-if ($debugmode) {
53
-    $debug = 'debug&amp;';
54
-}
55
-
56 50
 require_once('inc/jquery.php');
57 51
 // lädt die JS-Datei mit gleichem basename
58 52
 javascript();
... ...
@@ -63,6 +57,6 @@ output(html_form('su_su', '', '', '<p><label for="query"><strong>Suchtext:</stro
63 57
 if ($search) {
64 58
     $allentries = build_results($search);
65 59
     foreach ($allentries as $entry) {
66
-        output("  <p><a href=\"?do=".filter_input_general($entry['id'])."\">".filter_input_general($entry['value'])."</a></p>");
60
+        output("  <p><a href=\"?do=".filter_output_html($entry['id'])."\">".filter_output_html($entry['value'])."</a></p>");
67 61
     }
68 62
 }
Browse code

Fix coding style with php-cs-checker, see https://cs.sensiolabs.org/

Hanno authored on26/06/2018 13:58:19
Showing1 changed files
... ...
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely
8 8
 
9 9
 To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10 10
 
11
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see
12 12
 http://creativecommons.org/publicdomain/zero/1.0/
13 13
 
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
... ...
@@ -25,24 +25,22 @@ require_role(ROLE_SYSADMIN);
25 25
 
26 26
 
27 27
 
28
-if (isset($_GET['do']))
29
-{
30
-  if ($_SESSION['su_ajax_timestamp'] < time() - 30) {
31
-    system_failure("Die su-Auswahl ist schon abgelaufen!");
32
-  }
33
-  $type = $_GET['do'][0];
34
-  $id = (int) substr($_GET['do'], 1);
35
-  su($type, $id);
28
+if (isset($_GET['do'])) {
29
+    if ($_SESSION['su_ajax_timestamp'] < time() - 30) {
30
+        system_failure("Die su-Auswahl ist schon abgelaufen!");
31
+    }
32
+    $type = $_GET['do'][0];
33
+    $id = (int) substr($_GET['do'], 1);
34
+    su($type, $id);
36 35
 }
37 36
 
38
-$search = NULL;
39
-if (isset($_POST['query']))
40
-{
41
-  check_form_token('su_su');
42
-  $id = filter_input_general($_POST['query']);
43
-  if (! su(NULL, $id)) {
44
-    $search = $_POST['query'];
45
-  }
37
+$search = null;
38
+if (isset($_POST['query'])) {
39
+    check_form_token('su_su');
40
+    $id = filter_input_general($_POST['query']);
41
+    if (! su(null, $id)) {
42
+        $search = $_POST['query'];
43
+    }
46 44
 }
47 45
 
48 46
 title("Benutzer wechseln");
... ...
@@ -51,8 +49,9 @@ output('<p>Hiermit können Sie (als Admin) das Webinterface mit den Rechten eine
51 49
 ');
52 50
 
53 51
 $debug = '';
54
-if ($debugmode)
55
-  $debug = 'debug&amp;';
52
+if ($debugmode) {
53
+    $debug = 'debug&amp;';
54
+}
56 55
 
57 56
 require_once('inc/jquery.php');
58 57
 // lädt die JS-Datei mit gleichem basename
... ...
@@ -62,9 +61,8 @@ output(html_form('su_su', '', '', '<p><label for="query"><strong>Suchtext:</stro
62 61
 '));
63 62
 
64 63
 if ($search) {
65
-  $allentries = build_results($search);
66
-  foreach ($allentries as $entry) {
67
-    output("  <p><a href=\"?do=".filter_input_general($entry['id'])."\">".filter_input_general($entry['value'])."</a></p>");
68
-  }
64
+    $allentries = build_results($search);
65
+    foreach ($allentries as $entry) {
66
+        output("  <p><a href=\"?do=".filter_input_general($entry['id'])."\">".filter_input_general($entry['value'])."</a></p>");
67
+    }
69 68
 }
70
-
Browse code

Copyright year update

Bernd Wurst authored on13/01/2018 06:07:05
Showing1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2014 by schokokeks.org Hosting, namely
5
+Written 2008-2018 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

Generelle Su-Möglichkeit für alle Kundenaccounts zu ihren eigenen Usern

Bernd Wurst authored on29/10/2015 20:46:09
Showing1 changed files
... ...
@@ -24,34 +24,6 @@ require_once('su.php');
24 24
 require_role(ROLE_SYSADMIN);
25 25
 
26 26
 
27
-function su($type, $id) {
28
-  $role = NULL;
29
-  $admin_user = $_SESSION['userinfo']['username'];
30
-  $_SESSION['admin_user'] = $admin_user;
31
-  $role = find_role($id, '', True);
32
-  if (!$role) {
33
-    unset($_SESSION['admin_user']);
34
-    return False;
35
-  }
36
-  setup_session($role, $id);
37
-  if ($type == 'c') {
38
-    if (! (ROLE_CUSTOMER & $_SESSION['role'])) {
39
-      session_destroy();
40
-      system_failure('Es wurde ein "su" zu einem Kundenaccount angefordert, das war aber kein Kundenaccount!');
41
-    }
42
-  } elseif ($type == 'u') {
43
-    if (! (ROLE_SYSTEMUSER & $_SESSION['role'])) {
44
-      session_destroy();
45
-      system_failure('Es wurde ein "su" zu einem Benutzeraccount angefordert, das war aber kein Benutzeraccount!');
46
-    }
47
-  } elseif ($type) {
48
-    // wenn type leer ist, dann ist es auch egal
49
-    system_failure('unknown type');
50
-  }
51
-
52
-  redirect('../../go/index/index');
53
-  die();
54
-}
55 27
 
56 28
 if (isset($_GET['do']))
57 29
 {
Browse code

Lizenzinfos in eigenes Modul ausgelagert und Copyright auf 2014 angepasst

Bernd Wurst authored on08/02/2014 05:45:07
Showing1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2013 by schokokeks.org Hosting, namely
5
+Written 2008-2014 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

JQuery/-UI integriert und Vorbereitung für ausgelagerte JS-Dateien. Su-modul testweise umgestellt.

Bernd Wurst authored on06/02/2014 18:26:10
Showing1 changed files
... ...
@@ -83,20 +83,11 @@ if ($debugmode)
83 83
   $debug = 'debug&amp;';
84 84
 
85 85
 require_once('inc/jquery.php');
86
+// lädt die JS-Datei mit gleichem basename
87
+javascript();
86 88
 
87 89
 output(html_form('su_su', '', '', '<p><label for="query"><strong>Suchtext:</strong></label> <input type="text" name="query" id="query" /> <input type="submit" value="Suchen" /></p>
88 90
 '));
89
-output('
90
-<script type="text/javascript">
91
-$("#query").autocomplete({
92
-    source: "su_ajax",
93
-    select: function( event, ui ) {
94
-      if (ui.item) {
95
-        window.location.href = "?do="+ui.item.id;
96
-      }
97
-}
98
- });
99
-</script>');
100 91
 
101 92
 if ($search) {
102 93
   $allentries = build_results($search);
... ...
@@ -105,39 +96,3 @@ if ($search) {
105 96
   }
106 97
 }
107 98
 
108
-/*
109
-
110
-
111
-$users = list_system_users();
112
-$options = '';
113
-foreach ($users as $user)
114
-{
115
-  $options .= "  <option value=\"{$user->uid}\">{$user->username} ({$user->uid})</option>\n";
116
-}
117
-
118
-output(html_form('su_su', 'su', '', '<p>Benutzer auswählen:
119
-<select name="destination" size="1">
120
-'.$options.'
121
-</select>
122
-<input type="submit" name="submit" value="zum Benutzer wechseln" />
123
-</p>
124
-'));
125
-
126
-$customers = list_customers();
127
-$options = '';
128
-foreach ($customers as $customer)
129
-{
130
-  $options .= "  <option value=\"{$customer->id}\">{$customer->id} - ".htmlspecialchars($customer->name)."</option>\n";
131
-}
132
-
133
-output(html_form('su_su', 'su', '', '<p>Kunde auswählen:
134
-<select name="destination" size="1">
135
-'.$options.'
136
-</select>
137
-<input type="submit" name="submit" value="zum Kunden wechseln" />
138
-</p>
139
-'));
140
-
141
-*/
142
-
143
-?>
Browse code

Nutze zentrales JQuery

Bernd Wurst authored on31/01/2014 17:11:13
Showing1 changed files
... ...
@@ -82,13 +82,7 @@ $debug = '';
82 82
 if ($debugmode)
83 83
   $debug = 'debug&amp;';
84 84
 
85
-$path = config('jquery_ui_path');
86
-
87
-html_header('
88
-<link rel="stylesheet" href="'.$path.'/themes/base/jquery-ui.css" />
89
-<script type="text/javascript" src="'.$path.'/jquery-1.9.0.js" ></script>
90
-<script type="text/javascript" src="'.$path.'/ui/jquery-ui.js" ></script>
91
-');
85
+require_once('inc/jquery.php');
92 86
 
93 87
 output(html_form('su_su', '', '', '<p><label for="query"><strong>Suchtext:</strong></label> <input type="text" name="query" id="query" /> <input type="submit" value="Suchen" /></p>
94 88
 '));
Browse code

Cookie-based autologin when previous login was via client cert validation issues

Bernd Wurst authored on26/01/2013 14:49:03
Showing1 changed files
... ...
@@ -85,15 +85,15 @@ if ($debugmode)
85 85
 $path = config('jquery_ui_path');
86 86
 
87 87
 html_header('
88
-<link rel="stylesheet" href="'.$path.'/themes/base/jquery-ui.css">
88
+<link rel="stylesheet" href="'.$path.'/themes/base/jquery-ui.css" />
89 89
 <script type="text/javascript" src="'.$path.'/jquery-1.9.0.js" ></script>
90 90
 <script type="text/javascript" src="'.$path.'/ui/jquery-ui.js" ></script>
91 91
 ');
92 92
 
93
-output(html_form('su_su', '', '', '<label for="query"><strong>Suchtext:</strong></label> <input autocomplete="off" type="text" name="query" id="query" />
93
+output(html_form('su_su', '', '', '<p><label for="query"><strong>Suchtext:</strong></label> <input type="text" name="query" id="query" /> <input type="submit" value="Suchen" /></p>
94 94
 '));
95 95
 output('
96
-<script>
96
+<script type="text/javascript">
97 97
 $("#query").autocomplete({
98 98
     source: "su_ajax",
99 99
     select: function( event, ui ) {
Browse code

Suche auch bei unvollständiger Eingabe

Bernd Wurst authored on22/01/2013 08:27:11
Showing1 changed files
... ...
@@ -15,6 +15,7 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
15 15
 */
16 16
 
17 17
 require_once('inc/base.php');
18
+require_once('inc/security.php');
18 19
 require_once('inc/debug.php');
19 20
 
20 21
 require_once('session/start.php');
... ...
@@ -30,7 +31,7 @@ function su($type, $id) {
30 31
   $role = find_role($id, '', True);
31 32
   if (!$role) {
32 33
     unset($_SESSION['admin_user']);
33
-    return;
34
+    return False;
34 35
   }
35 36
   setup_session($role, $id);
36 37
   if ($type == 'c') {
... ...
@@ -62,11 +63,14 @@ if (isset($_GET['do']))
62 63
   su($type, $id);
63 64
 }
64 65
 
66
+$search = NULL;
65 67
 if (isset($_POST['query']))
66 68
 {
67 69
   check_form_token('su_su');
68 70
   $id = filter_input_general($_POST['query']);
69
-  su(NULL, $id);
71
+  if (! su(NULL, $id)) {
72
+    $search = $_POST['query'];
73
+  }
70 74
 }
71 75
 
72 76
 title("Benutzer wechseln");
... ...
@@ -100,6 +104,13 @@ $("#query").autocomplete({
100 104
  });
101 105
 </script>');
102 106
 
107
+if ($search) {
108
+  $allentries = build_results($search);
109
+  foreach ($allentries as $entry) {
110
+    output("  <p><a href=\"?do=".filter_input_general($entry['id'])."\">".filter_input_general($entry['value'])."</a></p>");
111
+  }
112
+}
113
+
103 114
 /*
104 115
 
105 116
 
Browse code

Configurable jQuery-path

Bernd Wurst authored on21/01/2013 17:04:26
Showing1 changed files
... ...
@@ -78,13 +78,15 @@ $debug = '';
78 78
 if ($debugmode)
79 79
   $debug = 'debug&amp;';
80 80
 
81
+$path = config('jquery_ui_path');
82
+
81 83
 html_header('
82
-<link rel="stylesheet" href="http://code.jquery.com/ui/1.10.0/themes/base/jquery-ui.css">
83
-<script type="text/javascript" src="http://code.jquery.com/jquery-1.9.0.js" ></script>
84
-<script type="text/javascript" src="http://code.jquery.com/ui/1.10.0/jquery-ui.js" ></script>
84
+<link rel="stylesheet" href="'.$path.'/themes/base/jquery-ui.css">
85
+<script type="text/javascript" src="'.$path.'/jquery-1.9.0.js" ></script>
86
+<script type="text/javascript" src="'.$path.'/ui/jquery-ui.js" ></script>
85 87
 ');
86 88
 
87
-output(html_form('su_su', '', '', '<label for="query"><strong>Suchtext:</strong></label> <input type="text" name="query" id="query" />
89
+output(html_form('su_su', '', '', '<label for="query"><strong>Suchtext:</strong></label> <input autocomplete="off" type="text" name="query" id="query" />
88 90
 '));
89 91
 output('
90 92
 <script>
Browse code

Erlaube auch das Absenden des Formulars

Bernd Wurst authored on21/01/2013 16:28:08
Showing1 changed files
... ...
@@ -22,39 +22,51 @@ require_once('su.php');
22 22
 
23 23
 require_role(ROLE_SYSADMIN);
24 24
 
25
-if (isset($_GET['do']))
26
-{
27
-  if ($_SESSION['su_ajax_timestamp'] < time() - 30) {
28
-    system_failure("Die su-Auswahl ist schon abgelaufen!");
29
-  }
30
-  $type = $_GET['do'][0];
31
-  $id = (int) substr($_GET['do'], 1);
25
+
26
+function su($type, $id) {
32 27
   $role = NULL;
33 28
   $admin_user = $_SESSION['userinfo']['username'];
34 29
   $_SESSION['admin_user'] = $admin_user;
30
+  $role = find_role($id, '', True);
31
+  if (!$role) {
32
+    unset($_SESSION['admin_user']);
33
+    return;
34
+  }
35
+  setup_session($role, $id);
35 36
   if ($type == 'c') {
36
-    $role = find_role($id, '', True);
37
-    setup_session($role, $id);
37
+    if (! (ROLE_CUSTOMER & $_SESSION['role'])) {
38
+      session_destroy();
39
+      system_failure('Es wurde ein "su" zu einem Kundenaccount angefordert, das war aber kein Kundenaccount!');
40
+    }
38 41
   } elseif ($type == 'u') {
39
-    $role = find_role($id, '', True);
40
-    setup_session($role, $id);
41
-  } else {
42
+    if (! (ROLE_SYSTEMUSER & $_SESSION['role'])) {
43
+      session_destroy();
44
+      system_failure('Es wurde ein "su" zu einem Benutzeraccount angefordert, das war aber kein Benutzeraccount!');
45
+    }
46
+  } elseif ($type) {
47
+    // wenn type leer ist, dann ist es auch egal
42 48
     system_failure('unknown type');
43 49
   }
44 50
 
45
-  header('Location: ../../go/index/index');
51
+  redirect('../../go/index/index');
46 52
   die();
47 53
 }
48 54
 
49
-if (isset($_POST['submit']))
55
+if (isset($_GET['do']))
50 56
 {
51
-  check_form_token('su_su');
52
-  $id = (int) $_POST['destination'];
53
-  $role = find_role($id, '', True);
54
-  setup_session($role, $id);
57
+  if ($_SESSION['su_ajax_timestamp'] < time() - 30) {
58
+    system_failure("Die su-Auswahl ist schon abgelaufen!");
59
+  }
60
+  $type = $_GET['do'][0];
61
+  $id = (int) substr($_GET['do'], 1);
62
+  su($type, $id);
63
+}
55 64
 
56
-  header('Location: ../../go/index/index');
57
-  die();
65
+if (isset($_POST['query']))
66
+{
67
+  check_form_token('su_su');
68
+  $id = filter_input_general($_POST['query']);
69
+  su(NULL, $id);
58 70
 }
59 71
 
60 72
 title("Benutzer wechseln");
... ...
@@ -72,9 +84,8 @@ html_header('
72 84
 <script type="text/javascript" src="http://code.jquery.com/ui/1.10.0/jquery-ui.js" ></script>
73 85
 ');
74 86
 
75
-output('<label for="query"><strong>Suchtext:</strong></label> <input type="text" id="query" />
76
-<input type="hidden" id="query_id" name="query_id" />
77
-');
87
+output(html_form('su_su', '', '', '<label for="query"><strong>Suchtext:</strong></label> <input type="text" name="query" id="query" />
88
+'));
78 89
 output('
79 90
 <script>
80 91
 $("#query").autocomplete({
Browse code

su-Modul auf jQuery umgestellt (ohne weitere Verbesserungen der Usability)

Bernd Wurst authored on20/01/2013 12:09:29
Showing1 changed files
... ...
@@ -22,18 +22,22 @@ require_once('su.php');
22 22
 
23 23
 require_role(ROLE_SYSADMIN);
24 24
 
25
-if (isset($_GET['type']))
25
+if (isset($_GET['do']))
26 26
 {
27
-  check_form_token('su_su_ajax', $_GET['formtoken']);
27
+  if ($_SESSION['su_ajax_timestamp'] < time() - 30) {
28
+    system_failure("Die su-Auswahl ist schon abgelaufen!");
29
+  }
30
+  $type = $_GET['do'][0];
31
+  $id = (int) substr($_GET['do'], 1);
28 32
   $role = NULL;
29 33
   $admin_user = $_SESSION['userinfo']['username'];
30 34
   $_SESSION['admin_user'] = $admin_user;
31
-  if ($_GET['type'] == 'customer') {
32
-    $role = find_role($_GET['id'], '', True);
33
-    setup_session($role, $_GET['id']);
34
-  } elseif ($_GET['type'] == 'systemuser') {
35
-    $role = find_role($_GET['uid'], '', True);
36
-    setup_session($role, $_GET['uid']);
35
+  if ($type == 'c') {
36
+    $role = find_role($id, '', True);
37
+    setup_session($role, $id);
38
+  } elseif ($type == 'u') {
39
+    $role = find_role($id, '', True);
40
+    setup_session($role, $id);
37 41
   } else {
38 42
     system_failure('unknown type');
39 43
   }
... ...
@@ -62,32 +66,26 @@ $debug = '';
62 66
 if ($debugmode)
63 67
   $debug = 'debug&amp;';
64 68
 
65
-html_header('<script type="text/javascript" src="'.$prefix.'js/ajax.js" ></script>
66
-<script type="text/javascript">
67
-
68
-function doRequest() {
69
-  ajax_request(\'su_ajax\', \''.$debug.'q=\'+document.getElementById(\'query\').value, got_response)
70
-}
71
-
72
-function keyPressed() {
73
-  if(window.mytimeout) window.clearTimeout(window.mytimeout);
74
-  window.mytimeout = window.setTimeout(doRequest, 500);
75
-  return true;
76
-}
77
-
78
-function got_response() {
79
-  if (xmlHttp.readyState == 4) {
80
-    document.getElementById(\'response\').innerHTML = xmlHttp.responseText;
81
-  }
82
-}
83
-
84
-</script>
69
+html_header('
70
+<link rel="stylesheet" href="http://code.jquery.com/ui/1.10.0/themes/base/jquery-ui.css">
71
+<script type="text/javascript" src="http://code.jquery.com/jquery-1.9.0.js" ></script>
72
+<script type="text/javascript" src="http://code.jquery.com/ui/1.10.0/jquery-ui.js" ></script>
85 73
 ');
86 74
 
87
-output(html_form('su_su_ajax', '', '', '<strong>Suchtext:</strong> <input type="text" id="query" onkeyup="keyPressed()" />
88
-'));
89
-output('<div id="response"></div>
90
-<div style="height: 3em;">&#160;</div>');
75
+output('<label for="query"><strong>Suchtext:</strong></label> <input type="text" id="query" />
76
+<input type="hidden" id="query_id" name="query_id" />
77
+');
78
+output('
79
+<script>
80
+$("#query").autocomplete({
81
+    source: "su_ajax",
82
+    select: function( event, ui ) {
83
+      if (ui.item) {
84
+        window.location.href = "?do="+ui.item.id;
85
+      }
86
+}
87
+ });
88
+</script>');
91 89
 
92 90
 /*
93 91
 
Browse code

Updated copyright notice (2012 => 2013)

Bernd Wurst authored on19/01/2013 10:49:50
Showing1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2012 by schokokeks.org Hosting, namely
5
+Written 2008-2013 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

Added license tags for CC0, README and COPYING

Bernd Wurst authored on11/03/2012 15:40:04
Showing1 changed files
... ...
@@ -1,4 +1,18 @@
1 1
 <?php
2
+/*
3
+This file belongs to the Webinterface of schokokeks.org Hosting
4
+
5
+Written 2008-2012 by schokokeks.org Hosting, namely
6
+  Bernd Wurst <bernd@schokokeks.org>
7
+  Hanno Böck <hanno@schokokeks.org>
8
+
9
+To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10
+
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
12
+http://creativecommons.org/publicdomain/zero/1.0/
13
+
14
+Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15
+*/
2 16
 
3 17
 require_once('inc/base.php');
4 18
 require_once('inc/debug.php');
Browse code

Setze lastlogin nur bei Nicht-Admin-Logins

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1919 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on12/02/2011 07:58:16
Showing1 changed files
... ...
@@ -13,6 +13,7 @@ if (isset($_GET['type']))
13 13
   check_form_token('su_su_ajax', $_GET['formtoken']);
14 14
   $role = NULL;
15 15
   $admin_user = $_SESSION['userinfo']['username'];
16
+  $_SESSION['admin_user'] = $admin_user;
16 17
   if ($_GET['type'] == 'customer') {
17 18
     $role = find_role($_GET['id'], '', True);
18 19
     setup_session($role, $_GET['id']);
... ...
@@ -22,7 +23,6 @@ if (isset($_GET['type']))
22 23
   } else {
23 24
     system_failure('unknown type');
24 25
   }
25
-  $_SESSION['admin_user'] = $admin_user;
26 26
 
27 27
   header('Location: ../../go/index/index');
28 28
   die();
Browse code

Benutze überall title() statt output("<h3>...</h3>")

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1812 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on18/09/2010 13:35:15
Showing1 changed files
... ...
@@ -39,10 +39,9 @@ if (isset($_POST['submit']))
39 39
   die();
40 40
 }
41 41
 
42
-$title = "Benutzer wechseln";
42
+title("Benutzer wechseln");
43 43
 
44
-output('<h3>Benutzer wechseln</h3>
45
-<p>Hiermit können Sie (als Admin) das Webinterface mit den Rechten eines beliebigen anderen Benutzers benutzen.</p>
44
+output('<p>Hiermit können Sie (als Admin) das Webinterface mit den Rechten eines beliebigen anderen Benutzers benutzen.</p>
46 45
 ');
47 46
 
48 47
 $debug = '';
Browse code

Einige Dummheiten repariert, die beim ersetzen von $config durch config() aufgetreten sind. Zudem einige Closing-Tag-mismatches repariert, die man nur sieht wenn man XHTML-Modus einschaltet

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1377 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on23/05/2009 15:55:23
Showing1 changed files
... ...
@@ -51,7 +51,6 @@ if ($debugmode)
51 51
 
52 52
 html_header('<script type="text/javascript" src="'.$prefix.'js/ajax.js" ></script>
53 53
 <script type="text/javascript">
54
-<!--
55 54
 
56 55
 function doRequest() {
57 56
   ajax_request(\'su_ajax\', \''.$debug.'q=\'+document.getElementById(\'query\').value, got_response)
... ...
@@ -69,7 +68,6 @@ function got_response() {
69 68
   }
70 69
 }
71 70
 
72
-// -->
73 71
 </script>
74 72
 ');
75 73
 
... ...
@@ -78,6 +76,7 @@ output(html_form('su_su_ajax', '', '', '<strong>Suchtext:</strong> <input type="
78 76
 output('<div id="response"></div>
79 77
 <div style="height: 3em;">&#160;</div>');
80 78
 
79
+/*
81 80
 
82 81
 
83 82
 $users = list_system_users();
... ...
@@ -99,7 +98,7 @@ $customers = list_customers();
99 98
 $options = '';
100 99
 foreach ($customers as $customer)
101 100
 {
102
-  $options .= "  <option value=\"{$customer->id}\">{$customer->id} - {$customer->name}</option>\n";
101
+  $options .= "  <option value=\"{$customer->id}\">{$customer->id} - ".htmlspecialchars($customer->name)."</option>\n";
103 102
 }
104 103
 
105 104
 output(html_form('su_su', 'su', '', '<p>Kunde auswählen:
... ...
@@ -110,6 +109,6 @@ output(html_form('su_su', 'su', '', '<p>Kunde auswählen:
110 109
 </p>
111 110
 '));
112 111
 
113
-
112
+*/
114 113
 
115 114
 ?>
Browse code

back-to-admin feature

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1159 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on22/09/2008 19:56:03
Showing1 changed files
... ...
@@ -12,6 +12,7 @@ if (isset($_GET['type']))
12 12
 {
13 13
   check_form_token('su_su_ajax', $_GET['formtoken']);
14 14
   $role = NULL;
15
+  $admin_user = $_SESSION['userinfo']['username'];
15 16
   if ($_GET['type'] == 'customer') {
16 17
     $role = find_role($_GET['id'], '', True);
17 18
     setup_session($role, $_GET['id']);
... ...
@@ -21,6 +22,7 @@ if (isset($_GET['type']))
21 22
   } else {
22 23
     system_failure('unknown type');
23 24
   }
25
+  $_SESSION['admin_user'] = $admin_user;
24 26
 
25 27
   header('Location: ../../go/index/index');
26 28
   die();
Browse code

AJAXified

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1158 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on22/09/2008 17:29:57
Showing1 changed files
... ...
@@ -1,5 +1,6 @@
1 1
 <?php
2 2
 
3
+require_once('inc/base.php');
3 4
 require_once('inc/debug.php');
4 5
 
5 6
 require_once('session/start.php');
... ...
@@ -7,6 +8,24 @@ require_once('su.php');
7 8
 
8 9
 require_role(ROLE_SYSADMIN);
9 10
 
11
+if (isset($_GET['type']))
12
+{
13
+  check_form_token('su_su_ajax', $_GET['formtoken']);
14
+  $role = NULL;
15
+  if ($_GET['type'] == 'customer') {
16
+    $role = find_role($_GET['id'], '', True);
17
+    setup_session($role, $_GET['id']);
18
+  } elseif ($_GET['type'] == 'systemuser') {
19
+    $role = find_role($_GET['uid'], '', True);
20
+    setup_session($role, $_GET['uid']);
21
+  } else {
22
+    system_failure('unknown type');
23
+  }
24
+
25
+  header('Location: ../../go/index/index');
26
+  die();
27
+}
28
+
10 29
 if (isset($_POST['submit']))
11 30
 {
12 31
   check_form_token('su_su');
... ...
@@ -18,14 +37,47 @@ if (isset($_POST['submit']))
18 37
   die();
19 38
 }
20 39
 
21
-
22
-
23 40
 $title = "Benutzer wechseln";
24 41
 
25 42
 output('<h3>Benutzer wechseln</h3>
26 43
 <p>Hiermit können Sie (als Admin) das Webinterface mit den Rechten eines beliebigen anderen Benutzers benutzen.</p>
27 44
 ');
28 45
 
46
+$debug = '';
47
+if ($debugmode)
48
+  $debug = 'debug&amp;';
49
+
50
+html_header('<script type="text/javascript" src="'.$prefix.'js/ajax.js" ></script>
51
+<script type="text/javascript">
52
+<!--
53
+
54
+function doRequest() {
55
+  ajax_request(\'su_ajax\', \''.$debug.'q=\'+document.getElementById(\'query\').value, got_response)
56
+}
57
+
58
+function keyPressed() {
59
+  if(window.mytimeout) window.clearTimeout(window.mytimeout);
60
+  window.mytimeout = window.setTimeout(doRequest, 500);
61
+  return true;
62
+}
63
+
64
+function got_response() {
65
+  if (xmlHttp.readyState == 4) {
66
+    document.getElementById(\'response\').innerHTML = xmlHttp.responseText;
67
+  }
68
+}
69
+
70
+// -->
71
+</script>
72
+');
73
+
74
+output(html_form('su_su_ajax', '', '', '<strong>Suchtext:</strong> <input type="text" id="query" onkeyup="keyPressed()" />
75
+'));
76
+output('<div id="response"></div>
77
+<div style="height: 3em;">&#160;</div>');
78
+
79
+
80
+
29 81
 $users = list_system_users();
30 82
 $options = '';
31 83
 foreach ($users as $user)
Browse code

eliminate .php extensions for URLs

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1128 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on08/08/2008 19:32:32
Showing1 changed files
... ...
@@ -14,7 +14,7 @@ if (isset($_POST['submit']))
14 14
   $role = find_role($id, '', True);
15 15
   setup_session($role, $id);
16 16
 
17
-  header('Location: ../../go/index/index.php');
17
+  header('Location: ../../go/index/index');
18 18
   die();
19 19
 }
20 20
 
... ...
@@ -33,7 +33,7 @@ foreach ($users as $user)
33 33
   $options .= "  <option value=\"{$user->uid}\">{$user->username} ({$user->uid})</option>\n";
34 34
 }
35 35
 
36
-output(html_form('su_su', 'su.php', '', '<p>Benutzer auswählen:
36
+output(html_form('su_su', 'su', '', '<p>Benutzer auswählen:
37 37
 <select name="destination" size="1">
38 38
 '.$options.'
39 39
 </select>
... ...
@@ -48,7 +48,7 @@ foreach ($customers as $customer)
48 48
   $options .= "  <option value=\"{$customer->id}\">{$customer->id} - {$customer->name}</option>\n";
49 49
 }
50 50
 
51
-output(html_form('su_su', 'su.php', '', '<p>Kunde auswählen:
51
+output(html_form('su_su', 'su', '', '<p>Kunde auswählen:
52 52
 <select name="destination" size="1">
53 53
 '.$options.'
54 54
 </select>
Browse code

Viele XHTML-Fehler korrigiert, jetzt validiert alles.

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@612 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on09/08/2007 20:20:29
Showing1 changed files
... ...
@@ -24,7 +24,7 @@ $title = "Benutzer wechseln";
24 24
 
25 25
 output('<h3>Benutzer wechseln</h3>
26 26
 <p>Hiermit können Sie (als Admin) das Webinterface mit den Rechten eines beliebigen anderen Benutzers benutzen.</p>
27
-<p>Benutzer auswählen: ');
27
+');
28 28
 
29 29
 $users = list_system_users();
30 30
 $options = '';
... ...
@@ -33,12 +33,13 @@ foreach ($users as $user)
33 33
   $options .= "  <option value=\"{$user->uid}\">{$user->username} ({$user->uid})</option>\n";
34 34
 }
35 35
 
36
-output(html_form('su_su', 'su.php', '', '<select name="destination" size="1">
36
+output(html_form('su_su', 'su.php', '', '<p>Benutzer auswählen:
37
+<select name="destination" size="1">
37 38
 '.$options.'
38 39
 </select>
39 40
 <input type="submit" name="submit" value="zum Benutzer wechseln" />
41
+</p>
40 42
 '));
41
-output('</p><p>Kunde auswählen: ');
42 43
 
43 44
 $customers = list_customers();
44 45
 $options = '';
... ...
@@ -47,12 +48,13 @@ foreach ($customers as $customer)
47 48
   $options .= "  <option value=\"{$customer->id}\">{$customer->id} - {$customer->name}</option>\n";
48 49
 }
49 50
 
50
-output(html_form('su_su', 'su.php', '', '<select name="destination" size="1">
51
+output(html_form('su_su', 'su.php', '', '<p>Kunde auswählen:
52
+<select name="destination" size="1">
51 53
 '.$options.'
52 54
 </select>
53 55
 <input type="submit" name="submit" value="zum Kunden wechseln" />
56
+</p>
54 57
 '));
55
-output("</p><br />");
56 58
 
57 59
 
58 60
 
Browse code

XML-Fehler

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@573 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on30/07/2007 17:15:39
Showing1 changed files
... ...
@@ -38,7 +38,7 @@ output(html_form('su_su', 'su.php', '', '<select name="destination" size="1">
38 38
 </select>
39 39
 <input type="submit" name="submit" value="zum Benutzer wechseln" />
40 40
 '));
41
-output('<p>Kunde auswählen: ');
41
+output('</p><p>Kunde auswählen: ');
42 42
 
43 43
 $customers = list_customers();
44 44
 $options = '';
... ...
@@ -52,7 +52,7 @@ output(html_form('su_su', 'su.php', '', '<select name="destination" size="1">
52 52
 </select>
53 53
 <input type="submit" name="submit" value="zum Kunden wechseln" />
54 54
 '));
55
-output("<br />");
55
+output("</p><br />");
56 56
 
57 57
 
58 58
 
Browse code

Su-Login für Admins

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@567 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on30/07/2007 13:02:55
Showing1 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,59 @@
1
+<?php
2
+
3
+require_once('inc/debug.php');
4
+
5
+require_once('session/start.php');
6
+require_once('su.php');
7
+
8
+require_role(ROLE_SYSADMIN);
9
+
10
+if (isset($_POST['submit']))
11
+{
12
+  check_form_token('su_su');
13
+  $id = (int) $_POST['destination'];
14
+  $role = find_role($id, '', True);
15
+  setup_session($role, $id);
16
+
17
+  header('Location: ../../go/index/index.php');
18
+  die();
19
+}
20
+
21
+
22
+
23
+$title = "Benutzer wechseln";
24
+
25
+output('<h3>Benutzer wechseln</h3>
26
+<p>Hiermit können Sie (als Admin) das Webinterface mit den Rechten eines beliebigen anderen Benutzers benutzen.</p>
27
+<p>Benutzer auswählen: ');
28
+
29
+$users = list_system_users();
30
+$options = '';
31
+foreach ($users as $user)
32
+{
33
+  $options .= "  <option value=\"{$user->uid}\">{$user->username} ({$user->uid})</option>\n";
34
+}
35
+
36
+output(html_form('su_su', 'su.php', '', '<select name="destination" size="1">
37
+'.$options.'
38
+</select>
39
+<input type="submit" name="submit" value="zum Benutzer wechseln" />
40
+'));
41
+output('<p>Kunde auswählen: ');
42
+
43
+$customers = list_customers();
44
+$options = '';
45
+foreach ($customers as $customer)
46
+{
47
+  $options .= "  <option value=\"{$customer->id}\">{$customer->id} - {$customer->name}</option>\n";
48
+}
49
+
50
+output(html_form('su_su', 'su.php', '', '<select name="destination" size="1">
51
+'.$options.'
52
+</select>
53
+<input type="submit" name="submit" value="zum Kunden wechseln" />
54
+'));
55
+output("<br />");
56
+
57
+
58
+
59
+?>