whupfeld/melder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Walter Hupfeld 2024-03-15 21:57:30 +01:00
parent 0d5fb5e5da
commit d94ea09940
4 changed files with 31 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
admin/index.php
View File

@ -3,9 +3,9 @@
* Ideenmelder * Ideenmelder
* Autor: Walter Hupfeld, Hamm * Autor: Walter Hupfeld, Hamm
* E-Mail: info@hupfeld-software.de * E-Mail: info@hupfeld-software.de
* Version: 1.0 * Version: 3.0
* Datum: 18.05.2021 * Datum: 18.05.2021
* zuletzte bearbeitet: 21.02.2024 * zuletzte bearbeitet: 15.03.2024
******************************** */ ******************************** */
session_start(); session_start();
@ -33,12 +33,13 @@
} }
$numDelete = (int)$_GET['delid']; $numDelete = (int)$_GET['delid'];
if ($superAmdin) { if ($boolSuperAdmin) {
$stmt = $db->prepare("DELETE FROM location WHERE id = :id AND district=:district");} $stmt = $db->prepare("DELETE FROM location WHERE id = :id");}
else { else {
$stmt = $db->prepare("DELETE FROM location WHERE id = :id AND district=:district");} $stmt = $db->prepare("DELETE FROM location WHERE id = :id AND district=:district");
$stmt->bindValue(":district",$strDistrict);
}
$stmt->bindValue(":id",$numDelete); $stmt->bindValue(":id",$numDelete);
$stmt->bindValue(":district",$strDistrict);
$stmt->execute(); $stmt->execute();
$stmt = $db->prepare("DELETE FROM comment WHERE loc_id= :loc_id"); $stmt = $db->prepare("DELETE FROM comment WHERE loc_id= :loc_id");

29
ajax/ajax_location_push.php
View File

@ -5,6 +5,8 @@ require_once("../config.php");
require_once("../lib/functions.php"); require_once("../lib/functions.php");
require_once("../lib/geocoding.php"); require_once("../lib/geocoding.php");
$allowed_extensions = array("jpg", "jpeg", "png", "gif");
$strUsername = htmlentities(trim($_POST['username'])); $strUsername = htmlentities(trim($_POST['username']));
$strUsername = addslashes($strUsername); $strUsername = addslashes($strUsername);
$strAge = (isset($_POST['ext_age'])) ? $_POST['ext_age'] : ""; $strAge = (isset($_POST['ext_age'])) ? $_POST['ext_age'] : "";
@ -23,21 +25,26 @@ if (empty($strUsername) || empty($numLng) || empty($numLat)) {
die("not valid!"); die("not valid!");
} }
if ($boolUpload && !empty($_FILES['uploadfile']['name'])) { if ($boolUpload && !empty($_FILES['uploadfile']['name'])) {
$uploadfile = $uploaddir . basename($_FILES['uploadfile']['name']); $file=$_FILES['uploadfile'];
$fileinfo = @getimagesize($_FILES["uploadfile"]["tmp_name"]); $uploadfile = $uploaddir . basename($file['name']);
$fileinfo = @getimagesize($file["tmp_name"]);
if (!empty($fileinfo)) { if (!empty($fileinfo)) {
//$info=read_gps_location($_FILES["uploadfile"]["tmp_name"]); //$info=read_gps_location($_FILES["uploadfile"]["tmp_name"]);
$i=1; $file_extension = pathinfo($file["name"], PATHINFO_EXTENSION);
while (file_exists($uploadfile)) { if (!in_array(strtolower($file_extension), $allowed_extensions)) {
$uploadfile=$uploaddir.$i."_".basename($_FILES['uploadfile']['name']); echo "Invalid file type. Please upload only jpg, jpeg, png, or gif images.";
$i++; exit();
} }
if (move_uploaded_file($_FILES['uploadfile']['tmp_name'], $uploadfile)) { $strNewfilename = uniqid("", true) . "." . $file_extension;
$filename=$_FILES['uploadfile']['name']; while (file_exists($uploaddir . $strNewfilename)) {
$filesize=$_FILES['uploadfile']['size']; $strNewfilename = uniqid("", true) . "." . $file_extension;
$filetype=$_FILES['uploadfile']['type']; }
//echo "Filetype: ".$filetype; if (move_uploaded_file($file['tmp_name'], $uploaddir.$strNewfilename)) {
$filename=$strNewfilename;//$file['name'];
$filesize=$file['size'];
$filetype=$file['type'];
$boolUploadOk = true; $boolUploadOk = true;
} else { } else {
die("Upload failed with error code " . $_FILES['file']['error']); die("Upload failed with error code " . $_FILES['file']['error']);

4
index.php
View File

@ -72,13 +72,15 @@
<script src="js/leaflet.ajax.js"></script> <script src="js/leaflet.ajax.js"></script>
<script src="js/leaflet.awesome-markers.js"></script> <script src="js/leaflet.awesome-markers.js"></script>
<script src="js/leaflet.snogylop.js"></script> <script src="js/leaflet.snogylop.js"></script>
<script src="js/jquery.fancybox.min.js"></script>
<link rel="stylesheet" href="css/font-awesome.min.css"> <link rel="stylesheet" href="css/font-awesome.min.css">
<link rel="stylesheet" href="css/bootstrap.min.css" /> <link rel="stylesheet" href="css/bootstrap.min.css" />
<link rel="stylesheet" href="css/leaflet.css" /> <link rel="stylesheet" href="css/leaflet.css" />
<link rel="stylesheet" href="css/leaflet.awesome-markers.css" /> <link rel="stylesheet" href="css/leaflet.awesome-markers.css" />
<link rel="stylesheet" href="css/style.css" /> <link rel="stylesheet" href="css/style.css" />
<link rel="stylesheet" href="css/jquery.fancybox.min.css" />
<title><?=$strTitle?></title> <title><?=$strTitle?></title>
</head> </head>

5
lib/functions.php
View File

@ -28,18 +28,19 @@ function generate_tooltip_description($row) {
$topic = $row['topic']; $topic = $row['topic'];
$numDatum= strtotime($row['created_at']); $numDatum= strtotime($row['created_at']);
$datum= date("d.m.Y",$numDatum); $datum= date("d.m.Y",$numDatum);
$strDefect= $arrDefect[$row['defect']];
$strDescription = "<strong>Anmerkung zu ".$arrTopic[$topic]."</strong><br>"; $strDescription = "<strong>Anmerkung zu ".$arrTopic[$topic]."</strong><br>";
if ($boolUpload && isset($row['filename']) && $boolShow) { if ($boolUpload && isset($row['filename']) && $boolShow) {
$strDescription .= "<a href=\'images/".$row['filename']."\' data-lightbox=\'radweg".$id."\'>"; $strDescription .= "<a href=\'images/".$row['filename']."\' data-fancybox data-caption=\'".$strDefect."\'>";
$strDescription .= "<img src=\'images/".$row['filename']."\' style=\'width:200px;\' /></a><br>"; $strDescription .= "<img src=\'images/".$row['filename']."\' style=\'width:200px;\' /></a><br>";
} }
$strDescription .= nl2br2($description); $strDescription .= nl2br2($description);
$strDescription .= ($boolShow) ? "<br> - ".$row['username']." (".$datum.")":"<br>".$datum; $strDescription .= ($boolShow) ? "<br> - ".$row['username']." (".$datum.")":"<br>".$datum;
if ($boolDefect) { if ($boolDefect) {
if ($row['defect']>=0) { //Hindernis kann nicht leer sein if ($row['defect']>=0) { //Hindernis kann nicht leer sein
$strDescription .= "<br><em>" . $arrDefect[$row['defect']] ."</em>"; $strDescription .= "<br><em>" . $strDefect ."</em>";
} }
} }
if ($boolRating) { if ($boolRating) {