added user managment

app/public/add_entry.php

@@ -20,7 +20,7 @@
         die;
     }
 
-    echo file_get_contents("heder_footer/header.php");
+    include("header_footer/header.php");
 ?>
 
 <body>

app/public/add_station.php

@@ -10,7 +10,7 @@
         die;
     }
 
-    echo file_get_contents("header_footer/header.php");
+    include("header_footer/header.php");
 ?>
 
 <body>

app/public/add_team.php

@@ -10,7 +10,7 @@
         die;      
     }
 
-    echo file_get_contents("header_footer/header.php");
+    include("header_footer/header.php");
 ?>
 
 <body>

app/public/add_user.php

@@ -0,0 +1,60 @@
+<?php
+    session_start();
+    include("../scripts/connection.php");
+    include("../scripts/functions.php");
+    $user_data = check_admin($con);
+
+    if($_SERVER['REQUEST_METHOD'] == "POST") {
+        $user_name = $_POST['user_name'];
+        $password = $_POST['password'];
+        $user_group = $_POST['user_group'];
+        $bind_station = $_POST['bind_station'];
+        if(!empty($user_name) && !empty($password)) {
+            $salt = generate_salt();
+            $user_id = generate_user_id($_POST['user_name'], $salt);
+            $phash = generate_password_hash($_POST['password'], $salt);
+            if($user_group == "station") {
+                write_user($con, $user_name, $user_id, $phash, $salt, $user_group, $bind_station);
+            } else {
+                write_user($con, $user_name, $user_id, $phash, $salt, $user_group, NULL);
+            }
+        } else {
+            echo "Bitte Benutzername und Passwort eintragen!";
+        }
+    }
+
+    include("header_footer/header.php");
+?>
+
+<body>
+    <div class="headline">
+        <h2>Benutzer hinzufügen</h2>
+    </div>
+    <div>
+        <form method="post">
+            <label for="user_name">Benutzername</label>
+            <input type="text" name="user_name"/><br>
+            <label for="password">Passwort</label>
+            <input type="password" name="password"/><br>
+            <label for="user_group">Benutzergruppe</label>
+            <select name="user_group" id="user_group">
+                <option value="station">Station</option>
+                <option value="statistics">Statistik</option>
+                <option value="admin">Administrator</option>
+            </select><br>
+            <label for="bind_station">Gebunden an Station:</label>
+            <select name="bind_station" id="bind_station">
+                <?php
+                    load_options_stations($con, "", false);
+                ?>
+            </select> 
+            <label for="bind_station">(Nur für Benutzergruppe Station)</label><br>
+            <input type="submit" value="Hinzufügen"/>
+        </form>
+    </div>
+</body>
+
+<?php
+    $con = null;
+    echo file_get_contents("header_footer/footer.html");
+?>

app/public/header_footer/header.php

@@ -19,6 +19,13 @@
             <a href="mannschaft.php">Mannschaftsverwaltung</a>
             <a href="stationen.php">Stationen</a>
             <a href="statistik.php">Statistik</a>
+            <?php
+                if(isset($_SESSION['user_group'])) {
+                    if ($_SESSION['user_group'] == 'admin') {
+                        echo "<a href=\"manage_user.php\">Benutzerverwaltung</a>";
+                    }
+                }
+            ?>
         </nav>
         </section>
     </header>

app/public/index.php

@@ -5,7 +5,7 @@
 
     $user_data = check_login($con);
 
-    echo file_get_contents("header_footer/header.php"); 
+    include("header_footer/header.php"); 
 ?>
 
 <body>

app/public/manage_user.php

@@ -0,0 +1,39 @@
+<?php
+    session_start();
+    include("../scripts/connection.php");
+    include("../scripts/functions.php");
+    $user_data = check_admin($con);
+
+    include('header_footer/header.php');
+?>
+
+<body>
+    <div class="headline">
+        <h2>Benutzerverwaltung</h2>
+    </div>
+    <div>
+        <form action="add_user.php" method="get">
+            <input type="submit" value="Benutzer hinzufügen"/>
+        </form>
+    </div>
+    <div class="table-div">
+        <table>
+            <thead>
+                <tr>
+                    <th scope="col">Name</th>
+                    <th scope="col">Benutzergruppe</th>
+                </tr>
+            </thead>
+            <tbody>
+                <?php
+                    load_users($con);
+                ?>
+            </tbody>
+        </table>
+    </div>
+</body>
+
+<?php
+    $con = null;
+    echo file_get_contents("header_footer/footer.html");
+?>

app/public/mannschaft.php

@@ -5,7 +5,7 @@
     include("../scripts/functions.php");
     $user_data = check_login($con);
     
-    echo file_get_contents("header_footer/header.php"); 
+    include("header_footer/header.php"); 
 ?>
 
 <body>

app/public/stationen.php

@@ -5,7 +5,7 @@
     include("../scripts/functions.php");
     $user_data = check_login($con);
     
-    echo file_get_contents("header_footer/header.php"); 
+    include("header_footer/header.php"); 
 ?>
 
 <body>

app/public/statistik.php

@@ -15,7 +15,7 @@
         $session = $_SESSION['select-statistics'];
     }
 
-    echo file_get_contents("header_footer/header.php"); 
+    include("header_footer/header.php"); 
 ?>
 
 <body>
@@ -32,7 +32,7 @@
         <form name="switch-statistics" method="get">
             <select name="stationen" id="station" onchange="this.form.submit()">
                 <?php
-                    load_options_stations($con, $session); 
+                    load_options_stations($con, $session, true); 
                 ?>
             </select>
         </form>

app/scripts/database_queries.php

@@ -171,6 +171,7 @@ function get_fire_departments($con) {
     try {
         $stmt = $con->prepare("SELECT DISTINCT feuerwehr FROM Mannschaft");
         $stmt->execute();
+        $stmt->setFetchMode(PDO::FETCH_ASSOC);
         return $stmt;
     } catch(PDOException $e) {
         handle_pdo_exception($e);
@@ -187,3 +188,29 @@ function write_team($con, $team_name, $fire_department) {
         handle_pdo_exception($e);
     }
 }
+
+function get_users($con) {
+    try {
+        $stmt = $con->prepare("SELECT user_name, user_group FROM users");
+        $stmt->execute();
+        $stmt->setFetchMode(PDO::FETCH_ASSOC);
+        return $stmt;
+    } catch(PDOException $e) {
+        handle_pdo_exception($e);
+    }
+}
+
+function write_user($con, $user_name, $user_id, $phash, $salt, $user_group, $s_id) {
+    try {
+        $stmt = $con->prepare("INSERT INTO users (user_id, password, user_name, salt, user_group, s_id) VALUES (?, ?, ?, ?, ?, ?)");
+        $stmt->bindParam(1, $user_id, PDO::PARAM_STR);
+        $stmt->bindParam(2, $phash, PDO::PARAM_STR);
+        $stmt->bindParam(3, $user_name, PDO::PARAM_STR);
+        $stmt->bindParam(4, $salt, PDO::PARAM_STR);
+        $stmt->bindParam(5, $user_group, PDO::PARAM_STR);
+        $stmt->bindParam(6, $s_id, PDO::PARAM_INT);
+        $stmt->execute();
+    } catch(PDOException $e) {
+        handle_pdo_exception($e);
+    }
+}

app/scripts/functions.php

@@ -72,14 +72,16 @@ function load_total_score($con) {
     echo "</tbody>\n";
 }
 
-function load_options_stations($con, $session) {
+function load_options_stations($con, $session, $stats) {
     $stmt = get_stations_all($con);
     if ($session == "total-score"){
         $total_score_selected = " selected";
     } else {
         $total_score_selected = "";
     }
-    echo "<option value=\"total-score\"" . $total_score_selected . ">Gesamtpunkte</option>";
+    if($stats) {
+        echo "<option value=\"total-score\"" . $total_score_selected . ">Gesamtpunkte</option>";
+    }
     foreach($stmt->fetchAll() as $option) {
         if($session == $option['s_id']){
             $station_selected = " selected";
@@ -125,3 +127,25 @@ function load_fire_departments($con) {
         echo "<option>".$option['feuerwehr']."</option>\n";
     }
 }
+
+function check_admin($con) {
+    $user_data = check_login($con);
+    if($user_data['user_group'] == "admin") {
+        return $user_data;
+    } else {
+        unset($_SESSION['user_id']);
+        unset($_SESSION['user_group']);
+        header("Location: login.php");
+        die;
+    }
+}
+
+function load_users($con) {
+    $stmt = get_users($con);
+    foreach($stmt->fetchAll() as $row) {
+        echo "<tr>\n";
+        echo "<td>" . $row['user_name'] . "</td>\n";
+        echo "<td>" . $row['user_group'] . "</td>\n";
+        echo "</tr>\n";
+    }
+}