Grisu/PunkteSystem-KSP
1
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases Wiki Activity

user_group station can now only access their own station

Browse Source
This commit is contained in:
Grisu
2022-06-18 12:37:23 +02:00
parent 039e798b30
commit 32d8d5583e
9 changed files with 51 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/public/delete_station.php
View File

@@ -2,7 +2,7 @@
session_start(); session_start();
include("../scripts/connection.php"); include("../scripts/connection.php");
include("../scripts/functions.php"); include("../scripts/functions.php");
$user_data = check_login($con); $user_data = check_admin($con);
if($_SERVER['REQUEST_METHOD'] == "POST") { if($_SERVER['REQUEST_METHOD'] == "POST") {
try { try {

2
app/public/delete_team.php
View File

@@ -2,7 +2,7 @@
session_start(); session_start();
include("../scripts/connection.php"); include("../scripts/connection.php");
include("../scripts/functions.php"); include("../scripts/functions.php");
$user_data = check_login($con); $user_data = check_admin($con);
if($_SERVER['REQUEST_METHOD'] == "POST") { if($_SERVER['REQUEST_METHOD'] == "POST") {
try { try {

2
app/public/edit_station.php
View File

@@ -2,7 +2,7 @@
session_start(); session_start();
include("../scripts/connection.php"); include("../scripts/connection.php");
include("../scripts/functions.php"); include("../scripts/functions.php");
$user_data = check_login($con); $user_data = check_admin($con);
if($_SERVER['REQUEST_METHOD'] == "GET") { if($_SERVER['REQUEST_METHOD'] == "GET") {
$row = get_station_all($con, $_GET['s_id'])->fetch(); $row = get_station_all($con, $_GET['s_id'])->fetch();

2
app/public/edit_team.php
View File

@@ -2,7 +2,7 @@
session_start(); session_start();
include("../scripts/connection.php"); include("../scripts/connection.php");
include("../scripts/functions.php"); include("../scripts/functions.php");
$user_data = check_login($con); $user_data = check_admin($con);
if($_SERVER['REQUEST_METHOD'] == "GET") { if($_SERVER['REQUEST_METHOD'] == "GET") {
$row = get_team($con, $_GET['m_id'])->fetch(); $row = get_team($con, $_GET['m_id'])->fetch();

8
app/public/header_footer/header.php
View File

@@ -17,16 +17,16 @@
<nav> <nav>
<a href="logout.php">logout</a> <a href="logout.php">logout</a>
<a href="index.php">Home</a> <a href="index.php">Home</a>
<a href="mannschaft.php">Mannschaftsverwaltung</a>
<a href="stationen.php">Stationen</a>
<a href="statistik.php">Statistik</a>
<?php <?php
if(isset($_SESSION['user_group'])) { if(isset($_SESSION['user_group'])) {
if ($_SESSION['user_group'] == 'admin') { if ($_SESSION['user_group'] == 'admin') {
echo "<a href=\"manage_user.php\">Benutzerverwaltung</a>"; echo "<a href=\"manage_user.php\">Benutzerverwaltung</a>\n";
echo "<a href=\"mannschaft.php\">Mannschaftsverwaltung</a>\n";
echo "<a href=\"stationen.php\">Stationen</a>\n";
} }
} }
?> ?>
<a href="statistik.php">Ergebnisse eintragen</a>
</nav> </nav>
</section> </section>
</header> </header>

16
app/public/index.php
View File

@@ -9,10 +9,18 @@
?> ?>
<body> <body>
<h1><span>Punktesystem Kreispokalwettbewerb Altdorf</span></h1> <h1><span>Punktesystem Kreispokalwettbewerb Altdorf</span></h1>
<p>test</p> <div class="headline">
<h2>Gesamtergebniss</h2>
</div>
<div class="table-div">
<table id="table">
<?php load_total_score($con); ?>
</table>
</div>
</body> </body>
<?php <?php
$con = null; $con = null;
echo file_get_contents("header_footer/footer.html"); echo file_get_contents("header_footer/footer.html");
?> ?>

2
app/public/mannschaft.php
View File

@@ -3,7 +3,7 @@
include("../scripts/connection.php"); include("../scripts/connection.php");
include("../scripts/functions.php"); include("../scripts/functions.php");
$user_data = check_login($con); $user_data = check_admin($con);
include("header_footer/header.php"); include("header_footer/header.php");
?> ?>

2
app/public/stationen.php
View File

@@ -3,7 +3,7 @@
include("../scripts/connection.php"); include("../scripts/connection.php");
include("../scripts/functions.php"); include("../scripts/functions.php");
$user_data = check_login($con); $user_data = check_admin($con);
include("header_footer/header.php"); include("header_footer/header.php");
?> ?>

57
app/public/statistik.php
View File

@@ -9,8 +9,10 @@
$_SESSION['select-statistics'] = $_GET['stationen']; $_SESSION['select-statistics'] = $_GET['stationen'];
} }
if(!isset($_SESSION['select-statistics']) || $_SESSION['select-statistics'] == "total-score") { if((!isset($_SESSION['select-statistics']) || $_SESSION['select-statistics'] == "total-score") && $user_data['user_group'] != 'station') {
$session = "total-score"; $session = "total-score";
} else if ($user_data['user_group'] == 'station') {
$session = $user_data['s_id'];
} else { } else {
$session = $_SESSION['select-statistics']; $session = $_SESSION['select-statistics'];
} }
@@ -22,21 +24,21 @@
<div class="headline"> <div class="headline">
<?php <?php
if($session == "total-score") { if($session == "total-score") {
echo "<h2>Gesamtpunkte</h2\n"; echo "<h2>Gesamtpunkte</h2>\n";
} else { } else {
echo "<h2>" . get_station_name($con, $session)['name'] . "</h2>\n"; echo "<h2>" . get_station_name($con, $session)['name'] . "</h2>\n";
} }
?> ?>
</div> </div>
<div> <div>
<form name="switch-statistics" method="get">
<select name="stationen" id="station" onchange="this.form.submit()">
<?php
load_options_stations($con, $session, true);
?>
</select>
</form>
<?php <?php
if($user_data['user_group'] != "station") {
echo "<form name=\"switch-statistics\" method=\"get\">
<select name=\"stationen\" id=\"station\" onchange=\"this.form.submit()\">";
load_options_stations($con, $session, true);
echo "</select>
</form>";
}
if($session != "total-score" && get_teams_no_points($con, $session)->rowCount() > 0) { if($session != "total-score" && get_teams_no_points($con, $session)->rowCount() > 0) {
echo "<form action=\"add_entry.php\" method=\"get\"> echo "<form action=\"add_entry.php\" method=\"get\">
<input type=\"hidden\" name=\"station\" value=\"$session\"/> <input type=\"hidden\" name=\"station\" value=\"$session\"/>
@@ -44,27 +46,26 @@
</form>\n"; </form>\n";
} }
if ($session != "total-score") {
//add edit button
echo "<div>
<form action=\"edit_statistics.php\" method=\"get\">
<input type=\"button\" id=\"edit_statistic\" value=\"Eintrag bearbeiten\" class=\"edit\" disabled=true/>
<input type=\"hidden\" id=\"team_id\" name=\"m_id\"/>
<input type=\"hidden\" id=\"station_id\" name=\"s_id\" value=\"". $session . "\"/>
</form>
</div>";
//add delete button
echo "<div>
<form action=\"delete_statistics.php\" method=\"post\">
<input type=\"button\" id=\"delete_statistic\" value=\"Löschen\" class=\"edit\" disabled=\"true\"/>
<input type=\"hidden\" id=\"m_id_delete\" name=\"m_id\"/>
<input type=\"hidden\" id=\"s_id_delete\" name=\"s_id\" value=\"" . $session . "\"/>
</form>
</div>";
}
?> ?>
</div> </div>
<?php
if ($session != "total-score") {
//add edit button
echo "<div>
<form action=\"edit_statistics.php\" method=\"get\">
<input type=\"button\" id=\"edit_statistic\" value=\"Eintrag bearbeiten\" class=\"edit\" disabled=true/>
<input type=\"hidden\" id=\"team_id\" name=\"m_id\"/>
<input type=\"hidden\" id=\"station_id\" name=\"s_id\" value=\"". $session . "\"/>
</form>
</div>";
//add delete button
echo "<div>
<form action=\"delete_statistics.php\" method=\"post\">
<input type=\"button\" id=\"delete_statistic\" value=\"Löschen\" class=\"edit\" disabled=\"true\"/>
<input type=\"hidden\" id=\"m_id_delete\" name=\"m_id\"/>
<input type=\"hidden\" id=\"s_id_delete\" name=\"s_id\" value=\"" . $session . "\"/>
</form>
</div>";
} ?>
<div class="table-div"> <div class="table-div">
<table id="table"> <table id="table">
<?php <?php