From b8671a54a89463d25dee1eac61fa08b38abf4fdd Mon Sep 17 00:00:00 2001
From: Walter Hupfeld <Walter.Hupfeld@gmx.de>
Date: Wed, 21 Feb 2024 10:29:10 +0100
Subject: [PATCH] fixes

---
 admin/index.php      | 20 +++++++++++++++-----
 admin/print_html.php |  9 +++++----
 config.php           |  2 ++
 lib/geocoding.php    |  2 +-
 4 files changed, 23 insertions(+), 10 deletions(-)

diff --git a/admin/index.php b/admin/index.php
index 0274fb3..5e2ba91 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -18,15 +18,20 @@
     $strDistrict=$_SESSION['district'];
     include("../config.php");
     $boolShowmap=false;
+    
+    $sqlDistrict = ($boolSuperAdmin) ? "1" : "l.district='$strDistrict'";
 
+    // Eintag löschen
     if (isset($_GET['delid'])) {
         if($_GET['csrf'] !== $_SESSION['csrf_token']) {
             die("Ungültiger Token");
         }
         $numDelete = (int)$_GET['delid'];
 
-        $stmt = $db->prepare("DELETE FROM location WHERE id = :id");
+
+        $stmt = $db->prepare("DELETE FROM location WHERE id = :id AND district=:district");
         $stmt->bindValue(":id",$numDelete);
+        $stmt->bindValue(":district",$strDistrict);
         $stmt->execute();
 
         $stmt = $db->prepare("DELETE FROM comment WHERE loc_id= :loc_id");
@@ -46,7 +51,8 @@
         $stmt->bindValue(":loc_id",$numDelete);
         $stmt->execute();
     }
-
+    
+    // Kommentar löschen
     if (isset($_GET['delcid'])) {
         if($_GET['csrf'] !== $_SESSION['csrf_token']) {
             die("Ungültiger Token");
@@ -57,7 +63,7 @@
         $stmt->execute();
     }
 
-
+    // Bild löschen
     if (isset($_GET['delfid'])) {
         if($_GET['csrf'] !== $_SESSION['csrf_token']) {
             die("Ungültiger Token");
@@ -77,7 +83,8 @@
         $stmt->execute();
         
     }
-
+    
+    // Karte zeigen
     if (isset($_GET['showmap'])) {
         $numShowmap=(int)$_GET['showmap'];
         $boolShowmap=$numShowmap==1;
@@ -180,7 +187,10 @@
     <?php
     $strScript="";
     //$strSQL="SELECT * FROM location ORDER BY created_at DESC";
-    $strSQL="SELECT l.id as lid,l.*,adr.* FROM location l LEFT JOIN address adr ON l.id=adr.loc_id ORDER BY created_at ASC";
+    $strSQL="SELECT l.id as lid,l.*,adr.* 
+              FROM location l LEFT JOIN address adr ON l.id=adr.loc_id 
+              WHERE $sqlDistrict
+              ORDER BY created_at ASC";
     $result = $db->query($strSQL);
     while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
         $id = $row['lid'];
diff --git a/admin/print_html.php b/admin/print_html.php
index a166462..3828098 100644
--- a/admin/print_html.php
+++ b/admin/print_html.php
@@ -7,9 +7,8 @@
         header("Location: login.php");
     }
 
-    $dbFilename = "../db/locations.db";
     include("../config.php");
-
+    $sqlDistrict = ($boolSuperAdmin) ? "1" : "l.district='$strDistrict'";
 
 
     $arrTopic = array (
@@ -70,7 +69,10 @@
 
     <?php
         $strScript="";
-        $strSQL="SELECT l.id as lid,l.*,adr.* FROM location l LEFT JOIN address adr ON l.id=adr.loc_id ORDER BY city,postcode,suburb,hamlet,road ASC";
+        $strSQL="SELECT l.id as lid,l.*,adr.* 
+              FROM location l LEFT JOIN address adr ON l.id=adr.loc_id 
+              WHERE $sqlDistrict
+              ORDER BY city,postcode,suburb,hamlet,road ASC";
         $result = $db->query($strSQL);
         while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
             $id = $row['lid'];
@@ -132,7 +134,6 @@ $( document ).ready(function() {
                     'Imagery © <a href="https://www.mapbox.com/">Mapbox</a>';
     var infoMarker    = L.AwesomeMarkers.icon({icon: 'info', prefix: 'fa', markerColor: 'orange'});
 
-
     <?= $strScript ?>
 
 
diff --git a/config.php b/config.php
index 4f372ff..c52513f 100644
--- a/config.php
+++ b/config.php
@@ -11,6 +11,8 @@
 
 require_once("config.db.php");
 
+$boolSuperAdmin=false;
+
 $strSQL = "select * from config";
 $result = $db->query($strSQL);
 
diff --git a/lib/geocoding.php b/lib/geocoding.php
index 13d0beb..1f06558 100644
--- a/lib/geocoding.php
+++ b/lib/geocoding.php
@@ -109,7 +109,7 @@ function fillAddressTable($db,$limit=20) {
             }
             $strTable .=  "</tr>";
 
-            sleep(0.5); //api restriction
+            sleep(1); //api restriction
             writeAddress($db,$id,$data);
         }
     }