melder/admin/index.php

377 lines
14 KiB
PHP
Raw Normal View History

2024-02-16 15:35:01 +01:00
<?php
/** *****************************
* Ideenmelder
* Autor: Walter Hupfeld, Hamm
* E-Mail: info@hupfeld-software.de
* Version: 1.0
* Datum: 18.05.2021
2024-02-21 14:31:28 +01:00
* zuletzte bearbeitet: 21.02.2024
2024-02-16 15:35:01 +01:00
******************************** */
session_start();
$strLoginName=(isset($_SESSION['user'])) ? $_SESSION['user'] : "" ;
$boolLogin = (!empty($strLoginName));
if (!$boolLogin) {
header("Location: login.php");
}
2024-02-21 19:42:20 +01:00
if (isset($_SESSION['superadmin'])) {
2024-03-12 17:40:20 +01:00
$boolSuperAdmin = (bool)$_SESSION['superadmin'];
2024-02-21 19:42:20 +01:00
}
2024-03-12 17:40:20 +01:00
$strDistrict = $_SESSION['district'];
$sqlDistrict = ($boolSuperAdmin) ? "1" : "l.district='$strDistrict'";
2024-02-16 15:35:01 +01:00
include("../config.php");
$boolShowmap=false;
2024-02-21 10:29:10 +01:00
$sqlDistrict = ($boolSuperAdmin) ? "1" : "l.district='$strDistrict'";
2024-03-12 11:58:55 +01:00
$strDistrictTitle = ($boolSuperAdmin) ? "" : $strDistrictTitle;
2024-02-16 15:35:01 +01:00
2024-03-12 11:58:55 +01:00
// --------- Eintag löschen -----------------
2024-02-16 15:35:01 +01:00
if (isset($_GET['delid'])) {
if($_GET['csrf'] !== $_SESSION['csrf_token']) {
die("Ungültiger Token");
}
$numDelete = (int)$_GET['delid'];
2024-03-12 11:58:55 +01:00
if ($superAmdin) {
$stmt = $db->prepare("DELETE FROM location WHERE id = :id AND district=:district");}
else {
$stmt = $db->prepare("DELETE FROM location WHERE id = :id AND district=:district");}
2024-02-16 15:35:01 +01:00
$stmt->bindValue(":id",$numDelete);
2024-02-21 10:29:10 +01:00
$stmt->bindValue(":district",$strDistrict);
2024-02-16 15:35:01 +01:00
$stmt->execute();
$stmt = $db->prepare("DELETE FROM comment WHERE loc_id= :loc_id");
$stmt->bindValue(":loc_id",$numDelete);
$stmt->execute();
$stmt = $db->prepare("SELECT * FROM files where loc_id = :loc_id");
2024-02-18 09:09:31 +01:00
$stmt->bindValue(":loc_id", $numDelete, PDO::PARAM_INT);
2024-02-17 08:42:54 +01:00
if ($row = $result->fetch(PDO::FETCH_ASSOC)) {
2024-02-16 15:35:01 +01:00
$strFilename = $row['filename'];
$strFilename = $uploaddir . $strFilename;
unset($strFilename);
}
$stmt = $db->prepare("DELETE FROM files WHERE loc_id= :loc_id");
$stmt->bindValue(":loc_id",$numDelete);
$stmt->execute();
}
2024-02-21 10:29:10 +01:00
2024-03-12 11:58:55 +01:00
// ------- Kommentar löschen ------------
// keine Überprüfung - ob richtiger District
2024-02-16 15:35:01 +01:00
if (isset($_GET['delcid'])) {
if($_GET['csrf'] !== $_SESSION['csrf_token']) {
die("Ungültiger Token");
}
$numDelete=(int)$_GET['delcid'];
$stmt = $db->prepare("DELETE FROM comment WHERE id= :id");
$stmt->bindValue(":id",$numDelete);
$stmt->execute();
}
2024-03-12 11:58:55 +01:00
// --------- Feigabe verändern -------------
// Keine Überprüfung, ob richtiger District
2024-03-11 23:06:15 +01:00
if (isset($_GET['approvalId'])) {
if($_GET['csrf'] !== $_SESSION['csrf_token']) {
die("Ungültiger Token");
}
$numApproval=(int)$_GET['approvalId'];
$stmt = $db->prepare("UPDATE location SET approval = not approval WHERE id= :id");
$stmt->bindValue(":id",$numApproval);
$stmt->execute();
}
2024-03-12 11:58:55 +01:00
// ----------- Bild löschen -----------------
// Keine Überprüfung, ob richtiger District
2024-02-16 15:35:01 +01:00
if (isset($_GET['delfid'])) {
if($_GET['csrf'] !== $_SESSION['csrf_token']) {
die("Ungültiger Token");
}
$numDelete=(int)$_GET['delfid'];
$stmt = $db->prepare("SELECT * FROM files where id = :id");
2024-02-18 10:40:48 +01:00
$stmt->bindParam(':id', $id);
//$result = $stmt->execute();
2024-02-17 08:42:54 +01:00
if ($row=$result->fetch(PDO::FETCH_ASSOC)) {
2024-02-16 15:35:01 +01:00
$strFilename = $row['filename'];
$strFilename = $uploaddir . $strFilename;
unset($strFilename);
}
$stmt = $db->prepare("DELETE FROM files WHERE id= :id");
$stmt->bindValue(":id",$numDelete);
$stmt->execute();
}
2024-02-21 10:29:10 +01:00
2024-03-12 11:58:55 +01:00
// Karte zeigen
2024-02-16 15:35:01 +01:00
if (isset($_GET['showmap'])) {
$numShowmap=(int)$_GET['showmap'];
$boolShowmap=$numShowmap==1;
}
2024-03-11 23:06:15 +01:00
2024-02-16 15:35:01 +01:00
$arrTopic = array (
1 => "Fußverkehr",
2 => "Radverkehr",
3 => "Bus und Bahn",
4 => "Pkw-Verkehr",
5 => "Lkw-Verkehr"
);
$arrIcon = array (
1 => "<i class='fa fa-male'></i>",
2 => "<i class='fa fa-bicycle'></i>",
3 => "<i class='fa fa-train'></i>",
4 => "<i class='fa fa-car'></i>",
5 => "<i class='fa fa-truck'></i>"
);
2024-03-11 23:06:15 +01:00
2024-02-16 15:35:01 +01:00
?>
<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="../css/bootstrap.min.css" />
<link rel="stylesheet" href="../css/font-awesome.min.css">
<link rel="stylesheet" href="../css/lightbox.css" />
<link rel="stylesheet" href="../css/leaflet.css" />
<link rel="stylesheet" href="../css/leaflet.awesome-markers.css" />
<script src="../js/jquery.min.js"></script>
<script src="../js/leaflet.js"></script>
<script src="../js/leaflet.awesome-markers.js"></script>
<script src="../js/lightbox.min.js"></script>
<title>Eintragsliste</title>
<style>
.tdmap { height:350px; width:300px;}
</style>
</head>
<body>
<!-- Navbar -->
<nav class="navbar navbar-expand-md navbar-dark bg-dark fixed-top">
2024-02-21 07:55:02 +01:00
<a class="navbar-brand" href="#">Administration <?=$strTitle?> <?=$strDistrictTitle?></a>
2024-02-16 15:35:01 +01:00
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbars" aria-controls="navbars" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbars">
<ul class="navbar-nav mr-auto">
<li class="nav-item active">
<a class="nav-link" href="index.php">Liste <span class="sr-only">(current)</span></a>
</li>
2024-03-12 17:40:20 +01:00
<?php if ($boolSuperAdmin): ?>
2024-02-16 15:35:01 +01:00
<li class="nav-item">
<a class="nav-link" href="configuration.php">Konfiguration </a>
</li>
<li class="nav-item">
<a class="nav-link" href="geocoding.php">Addressen ermitteln </a>
</li>
2024-03-12 17:40:20 +01:00
<?php endif; ?>
2024-02-16 15:35:01 +01:00
<li class="nav-item">
<a class="nav-link" href="export.php">Export </a>
</li>
<li class="nav-item">
<a class="nav-link" href="password.php">Passwort ändern </a>
</li>
</ul>
<div>
<ul class="navbar-nav mr-auto right">
<li class="nav-item">
<a class="nav-link" href="logout.php">Logout (<?=$strLoginName?>)</a>
</li>
</ul>
</div>
</nav>
<!-- Ende Navbar -->
<div class="container-fluid" style="margin-top:5em;">
<table class="table table-bordered table-striped">
<thead>
2024-02-22 18:31:48 +01:00
<tr><th>id</th>
<?= ($boolSuperAdmin) ? "<th>Kreis</th>" : "" ?>
<th>Username</th>
2024-02-16 15:35:01 +01:00
<?= ($boolUserinfo) ? "<th>Alter</th><th>Transport</th>" : "" ?>
<th>Topic</th>
<th>Beschreibung</th>
<th><i class="fa fa-thumbs-up"></i></th><th><i class="fa fa-thumbs-down"></i></th>
<th>Kommentare</th>
<th>Adresse</th>
<th>Mangel</th>
<th>Bild</th>
<th>lat/lng</th>
<th>Datum</th>
2024-03-11 23:06:15 +01:00
<?= ($boolApprove) ? "<th>Freigabe</th>" : "" ?>
2024-02-16 15:35:01 +01:00
<th>Aktion</th></tr>
</thead>
<tbody>
2024-03-12 11:58:55 +01:00
<?php
2024-02-16 15:35:01 +01:00
$strScript="";
2024-03-12 11:58:55 +01:00
//$strSQL="SELECT * FROM location ORDER BY appoval, created_at DESC";
2024-02-21 10:29:10 +01:00
$strSQL="SELECT l.id as lid,l.*,adr.*
FROM location l LEFT JOIN address adr ON l.id=adr.loc_id
WHERE $sqlDistrict
2024-03-12 11:58:55 +01:00
ORDER BY approval, created_at ASC";
2024-02-16 15:35:01 +01:00
$result = $db->query($strSQL);
2024-02-17 08:42:54 +01:00
while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
2024-02-16 15:35:01 +01:00
$id = $row['lid'];
echo "<tr>";
echo "<td>".$id."</td>";
2024-02-22 18:31:48 +01:00
echo ($boolSuperAdmin) ? "<td>".$row['district']."</td>" : "";
2024-02-16 15:35:01 +01:00
echo "<td>". stripslashes($row['username']) ."</td>";
echo ($boolUserinfo) ? "<td>".$row['age']."</td><td>".$row['transport']."</td>" : "";
echo "<td>".$arrIcon[$row['topic']]." ".$arrTopic[$row['topic']]."</td>";
echo "<td id='desc_".$id."'>" . nl2br(stripslashes($row['description'])) . "</td>";
echo "<td>".$row['thumb_ups']."</td>";
echo "<td>".$row['thumb_downs']."</td>";
echo "<td>";
$strSQL = "SELECT id,username,comment,created_at FROM comment WHERE loc_id=".$id;
$comments = $db->query($strSQL);
2024-02-17 08:42:54 +01:00
while ($comment = $comments->fetch(PDO::FETCH_ASSOC)) {
2024-02-16 15:35:01 +01:00
echo "<div class='comment'>";
echo "<em>".$comment['username']." schrieb am ";
$numDatum = strtotime($comment['created_at']);
$strDatum = date("d.m.Y",$numDatum);
echo $strDatum."</em><br>";
echo nl2br(stripslashes($comment['comment']));
echo "<a class='left' href='".$_SERVER['PHP_SELF']."?delcid=".$comment['id']."&csrf=".$_SESSION['csrf_token']."'><i class='fa fa-trash'></i></a>";
echo "</div>";
}
echo "</td>";
echo "<td>".$row['road']." ".$row['house_number']."<br>"
.$row['neighbourhood']." "
.$row['hamlet']." "
2024-02-18 14:55:16 +01:00
.$row['suburb']."<br>"
.$row['postcode']." ".$row['city']."</td>";
2024-03-12 11:58:55 +01:00
$strDefect = (isset($row['defect']) && $row['defect']>=0) ? $arrDefect[$row['defect']] : "";
2024-02-16 15:35:01 +01:00
echo "<td id='defect_".$id."' value='".$row['defect']."'>".$strDefect."</td>\n";
2024-03-12 11:58:55 +01:00
// NRW-Hindernismelder keine leere Eingabe
2024-02-16 15:35:01 +01:00
echo "<td id='img_".$id."'>";
$strSQL = "SELECT id,filename FROM files WHERE loc_id=".$id;
$files=$db->query($strSQL);
2024-02-17 08:42:54 +01:00
if ($file=$files->fetch(PDO::FETCH_ASSOC)) {
2024-02-16 15:35:01 +01:00
echo "<a href='../images/".$file['filename']."' data-lightbox='radweg".$id."'>";
echo "<img src='../images/".$file['filename']."' style='width:150px'></a>";
echo "<a href='".$_SERVER['PHP_SELF']."?delfid=".$file['id']."&csrf=".$_SESSION['csrf_token']."'><i class='fa fa-trash'></i></a>";
}
echo "</td>\n";
2024-03-12 11:58:55 +01:00
// Karte einblenden - Für HTML-Export
2024-02-16 15:35:01 +01:00
if ($boolShowmap) {
echo "<td><div class='tdmap' id='map_".$id."'></div></td>\n";
}
else {
echo "<td>".round($row['lat'],5)." ".round($row['lng'],5)."</td>";
}
echo "<td>".$row['created_at']."</td>";
2024-03-12 11:58:55 +01:00
2024-03-11 23:06:15 +01:00
if ($boolApprove) {
$strApproved = ($row['approval']) ? "<i class='fa fa-check' style='color:green'></i>"
: "<i class='fa fa-circle' style='color:red'></i>" ;
2024-03-12 11:58:55 +01:00
$strApproved .= " <i class='fa fa-recycle'></i>";
echo "<td><a href='".$_SERVER['PHP_SELF']."?approvalId=".$id."&csrf=".$_SESSION['csrf_token']."'>".$strApproved."</a></td>";
2024-03-11 23:06:15 +01:00
}
2024-02-16 15:35:01 +01:00
echo "<td><a class='del' href='".$_SERVER['PHP_SELF']."?delid=".$id."&csrf=".$_SESSION['csrf_token']."'><i class='fa fa-trash'></i></a>&nbsp;";
echo "<a class='edit_defect' href='#' id='edit_".$id."' value='".$id."'><i class='fa fa-pencil'></i></a>";
echo "</td>";
echo "</tr>\n";
2024-03-12 11:58:55 +01:00
2024-02-16 15:35:01 +01:00
if ($boolShowmap) {
$strScript.="var mymap_".$id." = L.map(map_".$id.").setView([".$row['lat'].", ".$row['lng']."], 16);\n";
$strScript.="L.tileLayer(url, {maxZoom: 18,minZoom:12,attribution: attribution,id: 'mapbox/streets-v11',tileSize: 512,zoomOffset: -1}).addTo(mymap_".$id.")\n";
$strScript.="L.marker([".$row['lat'].", ".$row['lng']."], { icon: infoMarker } ).addTo(mymap_".$id.")\n\n";
}
}
2024-03-12 11:58:55 +01:00
?>
2024-02-16 15:35:01 +01:00
</tbody>
</table>
<a class="btn btn-primary" href="../index.php?ref=1">zurück</a>
</div>
<?php include("../lib/dialog_edit_location.php"); ?>
<script>
$( document ).ready(function() {
var url = 'https://api.mapbox.com/styles/v1/{id}/tiles/{z}/{x}/{y}?access_token=pk.eyJ1IjoibWFwYm94IiwiYSI6ImNpejY4NXVycTA2emYycXBndHRqcmZ3N3gifQ.rJcFIG214AriISLbB6B5aw';
var attribution = 'Map data &copy; <a href="https://www.openstreetmap.org/">OpenStreetMap</a> contributors, ' +
'<a href="https://creativecommons.org/licenses/by-sa/2.0/">CC-BY-SA</a>, ' +
'Imagery © <a href="https://www.mapbox.com/">Mapbox</a>';
var infoMarker = L.AwesomeMarkers.icon({icon: 'info', prefix: 'fa', markerColor: 'orange'});
$(".edit_defect").on("click", function(e){
e.preventDefault();
$('#dialog_defect').hide();
$('#dialog_defect').css({'top':e.pageY-90,'left':e.pageX-520});
id = $(this).attr("value");
descr = $("#desc_"+id).html();
descr = descr.replace(/(<|&lt;)br\s*\/*(>|&gt;)/g,' ');
$("#description").html(descr);
defect_id=$("#defect_"+id).attr("value");
$("#defect select").val(defect_id);
$("#loc_id").val(id);
$('#dialog_defect').show();
return false;
})
2024-03-12 11:58:55 +01:00
//Sicherheitsabfrage beim Löschen von Einträgen
2024-02-16 15:35:01 +01:00
$(".del").click(function () {
result=confirm("Wirklich löschen?");
return result===true;
})
2024-03-12 11:58:55 +01:00
2024-02-16 15:35:01 +01:00
$("#editobjectform").submit(function(event){
event.preventDefault();
//grab all form data
var formData = new FormData($(this)[0]);
$.ajax({
type: "POST",
url: "../ajax/ajax_update.php",
enctype: 'multipart/form-data',
data: formData, //$("#newobjectform").serialize(), // serializes the form's elements.
processData: false,
contentType: false,
cache: false,
success: function(data)
{
$("#dialog_defect").hide();
console.log(data);
newdata=JSON.parse(data);
console.log(newdata);
id=newdata.id;
$("#desc_"+id).html(newdata.description);
$("#defect_"+id).html(newdata.defect);
if (newdata.filename>"") {
img="<img src='../images/"+newdata.filename+"' style='width:150px;'>";
$("#img_"+id).html(img);
}
//$("#btnSubmit").prop("disabled", false);
event.preventDefault();
},
error: function(data)
{
alert('Fehler: Konnte keine Daten senden!');
}
});
return false;
});
$('#close').click(function(e){
$('#dialog_defect').hide();
});
<?= $strScript ?>
});
</script>
</body>
</html>