Grisu/PunkteSystem-KSP
1
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases Wiki Activity

user_group station can now only access their own station

Browse Source
This commit is contained in:
Grisu
2022-06-18 12:37:23 +02:00
parent 039e798b30
commit 32d8d5583e
9 changed files with 51 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/public/delete_station.php
View File

@@ -2,7 +2,7 @@
session_start();
include("../scripts/connection.php");
include("../scripts/functions.php");
$user_data = check_login($con);
$user_data = check_admin($con);
if($_SERVER['REQUEST_METHOD'] == "POST") {
try {

2
app/public/delete_team.php
View File

@@ -2,7 +2,7 @@
session_start();
include("../scripts/connection.php");
include("../scripts/functions.php");
$user_data = check_login($con);
$user_data = check_admin($con);
if($_SERVER['REQUEST_METHOD'] == "POST") {
try {

2
app/public/edit_station.php
View File

@@ -2,7 +2,7 @@
session_start();
include("../scripts/connection.php");
include("../scripts/functions.php");
$user_data = check_login($con);
$user_data = check_admin($con);
if($_SERVER['REQUEST_METHOD'] == "GET") {
$row = get_station_all($con, $_GET['s_id'])->fetch();

2
app/public/edit_team.php
View File

@@ -2,7 +2,7 @@
session_start();
include("../scripts/connection.php");
include("../scripts/functions.php");
$user_data = check_login($con);
$user_data = check_admin($con);
if($_SERVER['REQUEST_METHOD'] == "GET") {
$row = get_team($con, $_GET['m_id'])->fetch();

8
app/public/header_footer/header.php
View File

@@ -17,16 +17,16 @@
<nav>
<a href="logout.php">logout</a>
<a href="index.php">Home</a>
<a href="mannschaft.php">Mannschaftsverwaltung</a>
<a href="stationen.php">Stationen</a>
<a href="statistik.php">Statistik</a>
<?php
if(isset($_SESSION['user_group'])) {
if ($_SESSION['user_group'] == 'admin') {
echo "<a href=\"manage_user.php\">Benutzerverwaltung</a>";
echo "<a href=\"manage_user.php\">Benutzerverwaltung</a>\n";
echo "<a href=\"mannschaft.php\">Mannschaftsverwaltung</a>\n";
echo "<a href=\"stationen.php\">Stationen</a>\n";
}
}
?>
<a href="statistik.php">Ergebnisse eintragen</a>
</nav>
</section>
</header>

16
app/public/index.php
View File

@@ -9,10 +9,18 @@
?>
<body>
<h1><span>Punktesystem Kreispokalwettbewerb Altdorf</span></h1>
<p>test</p>
<h1><span>Punktesystem Kreispokalwettbewerb Altdorf</span></h1>
<div class="headline">
<h2>Gesamtergebniss</h2>
</div>
<div class="table-div">
<table id="table">
<?php load_total_score($con); ?>
</table>
</div>
</body>
<?php
$con = null;
echo file_get_contents("header_footer/footer.html");
$con = null;
echo file_get_contents("header_footer/footer.html");
?>

2
app/public/mannschaft.php
View File

@@ -3,7 +3,7 @@
include("../scripts/connection.php");
include("../scripts/functions.php");
$user_data = check_login($con);
$user_data = check_admin($con);
include("header_footer/header.php");
?>

2
app/public/stationen.php
View File

@@ -3,7 +3,7 @@
include("../scripts/connection.php");
include("../scripts/functions.php");
$user_data = check_login($con);
$user_data = check_admin($con);
include("header_footer/header.php");
?>

57
app/public/statistik.php
View File

@@ -9,8 +9,10 @@
$_SESSION['select-statistics'] = $_GET['stationen'];
}
if(!isset($_SESSION['select-statistics']) || $_SESSION['select-statistics'] == "total-score") {
if((!isset($_SESSION['select-statistics']) || $_SESSION['select-statistics'] == "total-score") && $user_data['user_group'] != 'station') {
$session = "total-score";
} else if ($user_data['user_group'] == 'station') {
$session = $user_data['s_id'];
} else {
$session = $_SESSION['select-statistics'];
}
@@ -22,21 +24,21 @@
<div class="headline">
<?php
if($session == "total-score") {
echo "<h2>Gesamtpunkte</h2\n";
echo "<h2>Gesamtpunkte</h2>\n";
} else {
echo "<h2>" . get_station_name($con, $session)['name'] . "</h2>\n";
}
?>
</div>
<div>
<form name="switch-statistics" method="get">
<select name="stationen" id="station" onchange="this.form.submit()">
<?php
load_options_stations($con, $session, true);
?>
</select>
</form>
<?php
if($user_data['user_group'] != "station") {
echo "<form name=\"switch-statistics\" method=\"get\">
<select name=\"stationen\" id=\"station\" onchange=\"this.form.submit()\">";
load_options_stations($con, $session, true);
echo "</select>
</form>";
}
if($session != "total-score" && get_teams_no_points($con, $session)->rowCount() > 0) {
echo "<form action=\"add_entry.php\" method=\"get\">
<input type=\"hidden\" name=\"station\" value=\"$session\"/>
@@ -44,27 +46,26 @@
</form>\n";
}
if ($session != "total-score") {
//add edit button
echo "<div>
<form action=\"edit_statistics.php\" method=\"get\">
<input type=\"button\" id=\"edit_statistic\" value=\"Eintrag bearbeiten\" class=\"edit\" disabled=true/>
<input type=\"hidden\" id=\"team_id\" name=\"m_id\"/>
<input type=\"hidden\" id=\"station_id\" name=\"s_id\" value=\"". $session . "\"/>
</form>
</div>";
//add delete button
echo "<div>
<form action=\"delete_statistics.php\" method=\"post\">
<input type=\"button\" id=\"delete_statistic\" value=\"Löschen\" class=\"edit\" disabled=\"true\"/>
<input type=\"hidden\" id=\"m_id_delete\" name=\"m_id\"/>
<input type=\"hidden\" id=\"s_id_delete\" name=\"s_id\" value=\"" . $session . "\"/>
</form>
</div>";
}
?>
</div>
<?php
if ($session != "total-score") {
//add edit button
echo "<div>
<form action=\"edit_statistics.php\" method=\"get\">
<input type=\"button\" id=\"edit_statistic\" value=\"Eintrag bearbeiten\" class=\"edit\" disabled=true/>
<input type=\"hidden\" id=\"team_id\" name=\"m_id\"/>
<input type=\"hidden\" id=\"station_id\" name=\"s_id\" value=\"". $session . "\"/>
</form>
</div>";
//add delete button
echo "<div>
<form action=\"delete_statistics.php\" method=\"post\">
<input type=\"button\" id=\"delete_statistic\" value=\"Löschen\" class=\"edit\" disabled=\"true\"/>
<input type=\"hidden\" id=\"m_id_delete\" name=\"m_id\"/>
<input type=\"hidden\" id=\"s_id_delete\" name=\"s_id\" value=\"" . $session . "\"/>
</form>
</div>";
} ?>
<div class="table-div">
<table id="table">
<?php