fix

2024-03-12 11:58:55 +01:00 · 2024-03-12 11:58:55 +01:00 · beba08d4ff
commit beba08d4ff
parent f79819fda7
2 changed files with 29 additions and 17 deletions
--- a/admin/index.php
+++ b/admin/index.php
@ -29,16 +29,19 @@
    $boolShowmap=false;
    
    $sqlDistrict = ($boolSuperAdmin) ? "1" : "l.district='$strDistrict'";
+    $strDistrictTitle = ($boolSuperAdmin) ? "" : $strDistrictTitle;

-    // Eintag löschen
+    // --------- Eintag löschen  -----------------
    if (isset($_GET['delid'])) {
        if($_GET['csrf'] !== $_SESSION['csrf_token']) {
            die("Ungültiger Token");
        }
        $numDelete = (int)$_GET['delid'];

-
-        $stmt = $db->prepare("DELETE FROM location WHERE id = :id AND district=:district");
+        if ($superAmdin) {
+            $stmt = $db->prepare("DELETE FROM location WHERE id = :id AND district=:district");}
+        else {
+            $stmt = $db->prepare("DELETE FROM location WHERE id = :id AND district=:district");}
        $stmt->bindValue(":id",$numDelete);
        $stmt->bindValue(":district",$strDistrict);
        $stmt->execute();
@ -61,7 +64,8 @@
        $stmt->execute();
    }
    
-    // Kommentar löschen
+    // -------  Kommentar löschen  ------------
+    // keine Überprüfung - ob richtiger District
    if (isset($_GET['delcid'])) {
        if($_GET['csrf'] !== $_SESSION['csrf_token']) {
            die("Ungültiger Token");
@ -72,6 +76,8 @@
        $stmt->execute();
    }

+    // --------- Feigabe verändern -------------
+    // Keine Überprüfung, ob richtiger District
    if (isset($_GET['approvalId'])) {
        if($_GET['csrf'] !== $_SESSION['csrf_token']) {
            die("Ungültiger Token");
@ -82,7 +88,8 @@
        $stmt->execute();
    }

-    // Bild löschen
+    // ----------- Bild löschen -----------------
+    // Keine Überprüfung, ob richtiger District
    if (isset($_GET['delfid'])) {
        if($_GET['csrf'] !== $_SESSION['csrf_token']) {
            die("Ungültiger Token");
@ -101,7 +108,7 @@
        $stmt->execute();
    }
    
-    // Karte zeigen
+    // Karte zeigen 
    if (isset($_GET['showmap'])) {
        $numShowmap=(int)$_GET['showmap'];
        $boolShowmap=$numShowmap==1;
@ -204,13 +211,13 @@
    </thead>
    <tbody>

-    <?php
+ <?php
    $strScript="";
-    //$strSQL="SELECT * FROM location ORDER BY created_at DESC";
+    //$strSQL="SELECT * FROM location ORDER BY appoval, created_at DESC";
    $strSQL="SELECT l.id as lid,l.*,adr.* 
              FROM location l LEFT JOIN address adr ON l.id=adr.loc_id 
              WHERE $sqlDistrict
-              ORDER BY created_at ASC";
+              ORDER BY approval, created_at ASC";
    $result = $db->query($strSQL);
    while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
        $id = $row['lid'];
@ -242,9 +249,10 @@
                .$row['hamlet']." "
                .$row['suburb']."<br>"
                .$row['postcode']." ".$row['city']."</td>";
-        $strDefect = (isset($row['defect']) && $row['defect']>0) ? $arrDefect[$row['defect']] : "";
+        $strDefect = (isset($row['defect']) && $row['defect']>=0) ? $arrDefect[$row['defect']] : "";
        echo "<td id='defect_".$id."' value='".$row['defect']."'>".$strDefect."</td>\n";
-        
+        // NRW-Hindernismelder keine leere Eingabe
+
        echo "<td id='img_".$id."'>";
        $strSQL = "SELECT id,filename FROM files WHERE loc_id=".$id;
        $files=$db->query($strSQL);
@ -254,7 +262,8 @@
            echo "<a href='".$_SERVER['PHP_SELF']."?delfid=".$file['id']."&csrf=".$_SESSION['csrf_token']."'><i class='fa fa-trash'></i></a>";
        }
        echo "</td>\n";
-        // Karte einblenden
+
+        // Karte einblenden -  Für HTML-Export
        if ($boolShowmap) {
            echo "<td><div class='tdmap' id='map_".$id."'></div></td>\n";
        }
@ -262,22 +271,25 @@
            echo "<td>".round($row['lat'],5)." ".round($row['lng'],5)."</td>";
        }
        echo "<td>".$row['created_at']."</td>";
+
        if ($boolApprove) {
            $strApproved = ($row['approval']) ? "<i class='fa fa-check' style='color:green'></i>" 
                                                             : "<i class='fa fa-circle' style='color:red'></i>" ;
-            echo "<td>".$strApproved." <a href='".$_SERVER['PHP_SELF']."?approvalId=".$id."&csrf=".$_SESSION['csrf_token']."'>change</td>";
+            $strApproved .= " <i class='fa fa-recycle'></i>";
+            echo "<td><a href='".$_SERVER['PHP_SELF']."?approvalId=".$id."&csrf=".$_SESSION['csrf_token']."'>".$strApproved."</a></td>";
        }
        echo "<td><a class='del' href='".$_SERVER['PHP_SELF']."?delid=".$id."&csrf=".$_SESSION['csrf_token']."'><i class='fa fa-trash'></i></a>&nbsp;";
        echo "<a class='edit_defect' href='#' id='edit_".$id."' value='".$id."'><i class='fa fa-pencil'></i></a>";
        echo "</td>";
        echo "</tr>\n";
+        
        if ($boolShowmap) {
            $strScript.="var mymap_".$id." = L.map(map_".$id.").setView([".$row['lat'].", ".$row['lng']."], 16);\n";
            $strScript.="L.tileLayer(url, {maxZoom: 18,minZoom:12,attribution: attribution,id: 'mapbox/streets-v11',tileSize: 512,zoomOffset: -1}).addTo(mymap_".$id.")\n";
            $strScript.="L.marker([".$row['lat'].", ".$row['lng']."], { icon: infoMarker } ).addTo(mymap_".$id.")\n\n";
        }
    }
-    ?>
+?>
 </tbody>
 </table> 
 <a class="btn btn-primary" href="../index.php?ref=1">zurück</a>   
@ -288,7 +300,6 @@
 <script>
 $( document ).ready(function() {

-
    var url = 'https://api.mapbox.com/styles/v1/{id}/tiles/{z}/{x}/{y}?access_token=pk.eyJ1IjoibWFwYm94IiwiYSI6ImNpejY4NXVycTA2emYycXBndHRqcmZ3N3gifQ.rJcFIG214AriISLbB6B5aw';
    var attribution = 'Map data &copy; <a href="https://www.openstreetmap.org/">OpenStreetMap</a> contributors, ' +
                    '<a href="https://creativecommons.org/licenses/by-sa/2.0/">CC-BY-SA</a>, ' +
@ -313,11 +324,13 @@ $( document ).ready(function() {
        return false;
    })

+    //Sicherheitsabfrage beim Löschen von Einträgen
    $(".del").click(function () {
        result=confirm("Wirklich löschen?");
        return result===true;
    })

+
    $("#editobjectform").submit(function(event){
        event.preventDefault();
       
@ -331,7 +344,6 @@ $( document ).ready(function() {
            processData: false, 
            contentType: false,
            cache: false,
-            
            success: function(data)
            {
                $("#dialog_defect").hide();
--- a/lib/dialog_edit_location.php
+++ b/lib/dialog_edit_location.php
@ -25,7 +25,7 @@
    </div>

    <div class="card-body">
-        <form id="editobjectform"  enctype="multipart/form-data" action="#" method="post" >
+    <form id="editobjectform"  enctype="multipart/form-data" action="#" method="post" >
                    

 <!-- Beschreibung  ----------------------------------   -->