fix

admin/index.php

@@ -29,16 +29,19 @@
     $boolShowmap=false;
     
     $sqlDistrict = ($boolSuperAdmin) ? "1" : "l.district='$strDistrict'";
+    $strDistrictTitle = ($boolSuperAdmin) ? "" : $strDistrictTitle;
 
-    // Eintag löschen
+    // --------- Eintag löschen  -----------------
     if (isset($_GET['delid'])) {
         if($_GET['csrf'] !== $_SESSION['csrf_token']) {
             die("Ungültiger Token");
         }
         $numDelete = (int)$_GET['delid'];
 
-
+        if ($superAmdin) {
-        $stmt = $db->prepare("DELETE FROM location WHERE id = :id AND district=:district");
+            $stmt = $db->prepare("DELETE FROM location WHERE id = :id AND district=:district");}
+        else {
+            $stmt = $db->prepare("DELETE FROM location WHERE id = :id AND district=:district");}
         $stmt->bindValue(":id",$numDelete);
         $stmt->bindValue(":district",$strDistrict);
         $stmt->execute();
@@ -61,7 +64,8 @@
         $stmt->execute();
     }
     
-    // Kommentar löschen
+    // -------  Kommentar löschen  ------------
+    // keine Überprüfung - ob richtiger District
     if (isset($_GET['delcid'])) {
         if($_GET['csrf'] !== $_SESSION['csrf_token']) {
             die("Ungültiger Token");
@@ -72,6 +76,8 @@
         $stmt->execute();
     }
 
+    // --------- Feigabe verändern -------------
+    // Keine Überprüfung, ob richtiger District
     if (isset($_GET['approvalId'])) {
         if($_GET['csrf'] !== $_SESSION['csrf_token']) {
             die("Ungültiger Token");
@@ -82,7 +88,8 @@
         $stmt->execute();
     }
 
-    // Bild löschen
+    // ----------- Bild löschen -----------------
+    // Keine Überprüfung, ob richtiger District
     if (isset($_GET['delfid'])) {
         if($_GET['csrf'] !== $_SESSION['csrf_token']) {
             die("Ungültiger Token");
@@ -206,11 +213,11 @@
 
  <?php
     $strScript="";
-    //$strSQL="SELECT * FROM location ORDER BY created_at DESC";
+    //$strSQL="SELECT * FROM location ORDER BY appoval, created_at DESC";
     $strSQL="SELECT l.id as lid,l.*,adr.* 
               FROM location l LEFT JOIN address adr ON l.id=adr.loc_id 
               WHERE $sqlDistrict
-              ORDER BY created_at ASC";
+              ORDER BY approval, created_at ASC";
     $result = $db->query($strSQL);
     while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
         $id = $row['lid'];
@@ -242,8 +249,9 @@
                 .$row['hamlet']." "
                 .$row['suburb']."<br>"
                 .$row['postcode']." ".$row['city']."</td>";
-        $strDefect = (isset($row['defect']) && $row['defect']>0) ? $arrDefect[$row['defect']] : "";
+        $strDefect = (isset($row['defect']) && $row['defect']>=0) ? $arrDefect[$row['defect']] : "";
         echo "<td id='defect_".$id."' value='".$row['defect']."'>".$strDefect."</td>\n";
+        // NRW-Hindernismelder keine leere Eingabe
 
         echo "<td id='img_".$id."'>";
         $strSQL = "SELECT id,filename FROM files WHERE loc_id=".$id;
@@ -254,7 +262,8 @@
             echo "<a href='".$_SERVER['PHP_SELF']."?delfid=".$file['id']."&csrf=".$_SESSION['csrf_token']."'><i class='fa fa-trash'></i></a>";
         }
         echo "</td>\n";
-        // Karte einblenden
+
+        // Karte einblenden -  Für HTML-Export
         if ($boolShowmap) {
             echo "<td><div class='tdmap' id='map_".$id."'></div></td>\n";
         }
@@ -262,22 +271,25 @@
             echo "<td>".round($row['lat'],5)." ".round($row['lng'],5)."</td>";
         }
         echo "<td>".$row['created_at']."</td>";
+
         if ($boolApprove) {
             $strApproved = ($row['approval']) ? "<i class='fa fa-check' style='color:green'></i>" 
                                                              : "<i class='fa fa-circle' style='color:red'></i>" ;
-            echo "<td>".$strApproved." <a href='".$_SERVER['PHP_SELF']."?approvalId=".$id."&csrf=".$_SESSION['csrf_token']."'>change</td>";
+            $strApproved .= " <i class='fa fa-recycle'></i>";
+            echo "<td><a href='".$_SERVER['PHP_SELF']."?approvalId=".$id."&csrf=".$_SESSION['csrf_token']."'>".$strApproved."</a></td>";
         }
         echo "<td><a class='del' href='".$_SERVER['PHP_SELF']."?delid=".$id."&csrf=".$_SESSION['csrf_token']."'><i class='fa fa-trash'></i></a>&nbsp;";
         echo "<a class='edit_defect' href='#' id='edit_".$id."' value='".$id."'><i class='fa fa-pencil'></i></a>";
         echo "</td>";
         echo "</tr>\n";
+        
         if ($boolShowmap) {
             $strScript.="var mymap_".$id." = L.map(map_".$id.").setView([".$row['lat'].", ".$row['lng']."], 16);\n";
             $strScript.="L.tileLayer(url, {maxZoom: 18,minZoom:12,attribution: attribution,id: 'mapbox/streets-v11',tileSize: 512,zoomOffset: -1}).addTo(mymap_".$id.")\n";
             $strScript.="L.marker([".$row['lat'].", ".$row['lng']."], { icon: infoMarker } ).addTo(mymap_".$id.")\n\n";
         }
     }
-    ?>
+?>
 </tbody>
 </table> 
 <a class="btn btn-primary" href="../index.php?ref=1">zurück</a>   
@@ -288,7 +300,6 @@
 <script>
 $( document ).ready(function() {
 
-
     var url = 'https://api.mapbox.com/styles/v1/{id}/tiles/{z}/{x}/{y}?access_token=pk.eyJ1IjoibWFwYm94IiwiYSI6ImNpejY4NXVycTA2emYycXBndHRqcmZ3N3gifQ.rJcFIG214AriISLbB6B5aw';
     var attribution = 'Map data &copy; <a href="https://www.openstreetmap.org/">OpenStreetMap</a> contributors, ' +
                     '<a href="https://creativecommons.org/licenses/by-sa/2.0/">CC-BY-SA</a>, ' +
@@ -313,11 +324,13 @@ $( document ).ready(function() {
         return false;
     })
 
+    //Sicherheitsabfrage beim Löschen von Einträgen
     $(".del").click(function () {
         result=confirm("Wirklich löschen?");
         return result===true;
     })
 
+
     $("#editobjectform").submit(function(event){
         event.preventDefault();
        
@@ -331,7 +344,6 @@ $( document ).ready(function() {
             processData: false, 
             contentType: false,
             cache: false,
-            
             success: function(data)
             {
                 $("#dialog_defect").hide();