user_group station can now only access their own station

2022-06-18 12:37:23 +02:00
parent 039e798b30
commit 32d8d5583e
9 changed files with 51 additions and 42 deletions
--- a/app/public/delete_station.php
+++ b/app/public/delete_station.php
@@ -2,7 +2,7 @@
    session_start();
    include("../scripts/connection.php");
    include("../scripts/functions.php");
-    $user_data = check_login($con);
+    $user_data = check_admin($con);
    if($_SERVER['REQUEST_METHOD'] == "POST") {
        try {
--- a/app/public/delete_team.php
+++ b/app/public/delete_team.php
@@ -2,7 +2,7 @@
    session_start();
    include("../scripts/connection.php");
    include("../scripts/functions.php");
-    $user_data = check_login($con);
+    $user_data = check_admin($con);
    if($_SERVER['REQUEST_METHOD'] == "POST") {
        try {
--- a/app/public/edit_station.php
+++ b/app/public/edit_station.php
@@ -2,7 +2,7 @@
    session_start();
    include("../scripts/connection.php");
    include("../scripts/functions.php");
-    $user_data = check_login($con);
+    $user_data = check_admin($con);
    if($_SERVER['REQUEST_METHOD'] == "GET") {
        $row = get_station_all($con, $_GET['s_id'])->fetch();
--- a/app/public/edit_team.php
+++ b/app/public/edit_team.php
@@ -2,7 +2,7 @@
    session_start();
    include("../scripts/connection.php");
    include("../scripts/functions.php");
-    $user_data = check_login($con);
+    $user_data = check_admin($con);
    if($_SERVER['REQUEST_METHOD'] == "GET") {
        $row = get_team($con, $_GET['m_id'])->fetch();
--- a/app/public/header_footer/header.php
+++ b/app/public/header_footer/header.php
@@ -17,16 +17,16 @@
        <nav>
            <a href="logout.php">logout</a>
            <a href="index.php">Home</a>
            <a href="mannschaft.php">Mannschaftsverwaltung</a>
            <a href="stationen.php">Stationen</a>
            <a href="statistik.php">Statistik</a>
            <?php
                if(isset($_SESSION['user_group'])) {
                    if ($_SESSION['user_group'] == 'admin') {
-                        echo "<a href=\"manage_user.php\">Benutzerverwaltung</a>";
+                        echo "<a href=\"manage_user.php\">Benutzerverwaltung</a>\n";
                        echo "<a href=\"mannschaft.php\">Mannschaftsverwaltung</a>\n";
                        echo "<a href=\"stationen.php\">Stationen</a>\n";
                    }
                }
            ?>
            <a href="statistik.php">Ergebnisse eintragen</a>
        </nav>
        </section>
    </header>
--- a/app/public/index.php
+++ b/app/public/index.php
@@ -9,10 +9,18 @@
 ?>
 <body>
-<h1><span>Punktesystem Kreispokalwettbewerb Altdorf</span></h1>
+    <h1><span>Punktesystem Kreispokalwettbewerb Altdorf</span></h1>
-    <p>test</p>
+    <div class="headline">
        <h2>Gesamtergebniss</h2>
    </div>
    <div class="table-div">
        <table id="table">
            <?php load_total_score($con); ?>
        </table>
    </div>
 </body>
 <?php
-$con = null;
+    $con = null;
-echo file_get_contents("header_footer/footer.html"); 
+    echo file_get_contents("header_footer/footer.html"); 
 ?>
--- a/app/public/mannschaft.php
+++ b/app/public/mannschaft.php
@@ -3,7 +3,7 @@
    include("../scripts/connection.php");
    include("../scripts/functions.php");
-    $user_data = check_login($con);
+    $user_data = check_admin($con);
    include("header_footer/header.php"); 
 ?>
--- a/app/public/stationen.php
+++ b/app/public/stationen.php
@@ -3,7 +3,7 @@
    include("../scripts/connection.php");
    include("../scripts/functions.php");
-    $user_data = check_login($con);
+    $user_data = check_admin($con);
    include("header_footer/header.php");
 ?>
--- a/app/public/statistik.php
+++ b/app/public/statistik.php
@@ -9,8 +9,10 @@
        $_SESSION['select-statistics'] = $_GET['stationen'];
    }
-    if(!isset($_SESSION['select-statistics']) || $_SESSION['select-statistics'] == "total-score") {
+    if((!isset($_SESSION['select-statistics']) || $_SESSION['select-statistics'] == "total-score") && $user_data['user_group'] != 'station') {
        $session = "total-score";
    } else if ($user_data['user_group'] == 'station') {
        $session = $user_data['s_id'];
    } else {
        $session = $_SESSION['select-statistics'];
    }
@@ -22,21 +24,21 @@
    <div class="headline">
        <?php
            if($session == "total-score") {
-                echo "<h2>Gesamtpunkte</h2\n";
+                echo "<h2>Gesamtpunkte</h2>\n";
            } else {
                echo "<h2>" . get_station_name($con, $session)['name'] . "</h2>\n";
            }
            ?>
    </div>
    <div>
        <form name="switch-statistics" method="get">
            <select name="stationen" id="station" onchange="this.form.submit()">
        <?php
            if($user_data['user_group'] != "station") {
                echo "<form name=\"switch-statistics\" method=\"get\">
                        <select name=\"stationen\" id=\"station\" onchange=\"this.form.submit()\">";
                load_options_stations($con, $session, true);
-                ?>
+                echo "</select>
-            </select>
+                    </form>";
-        </form>
+            }
        <?php
            if($session != "total-score" && get_teams_no_points($con, $session)->rowCount() > 0) {
                echo "<form action=\"add_entry.php\" method=\"get\">
                <input type=\"hidden\" name=\"station\" value=\"$session\"/> 
@@ -44,9 +46,6 @@
                </form>\n";
            }
        ?>
    </div>
    <?php
            if ($session != "total-score") {
                //add edit button
                echo "<div>
@@ -64,7 +63,9 @@
                        <input type=\"hidden\" id=\"s_id_delete\" name=\"s_id\" value=\"" . $session . "\"/>
                    </form>
                </div>";
-    } ?>
+            } 
        ?>
    </div>
    <div class="table-div">
        <table id="table">
            <?php