-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathupdate_user.php
198 lines (186 loc) · 9.12 KB
/
update_user.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
<?php
$checkme = "a30ee472364c50735ad1d43cc09be0a1";
require_once "include/constant.php";
$pageRestricted = false; // defines if the page is restricted to logged-in Users only
$userLevel = ""; // uses a PERM_ const now and hasPermission($userLevel) now if fails a 403 Error-Page is returned
$title = "Benutzerdaten ändern"; // defines the name of the current page, displayed in the title and as a header on the page
include "include/init.php"; // includes base function like session handling
include "include/page/top.php"; // top-part of html-template (stylesheets, navigation, ..)
if (isset($_POST["user"])) {
$user = $_POST["user"];
} else {
echo "Kein Benutzer ausgewählt";
}
if (isset($_POST["senden"])) {
foreach ($_POST as $key => $value) {
if ($key !== "") {
// Nur eingegebene Werte werden übergeben, leere Inputs ignoriert
if ($key == "user") {
/*echo "UserID: $value";*/ // user wird im Array ignoriert
} elseif ($key == "senden") {
// senden wird ignoriert
} elseif ($key == "budget" AND $value == "") {
//Budget ist integer also kein Leerstring erlaubt
} else {
$sql = "UPDATE user
SET $key = :param
WHERE objectID=$user";
$statement = connectDB()->prepare($sql);
$statement->bindParam(":param", $value);
$statement->execute();
/*echo "$key : $value";*/
}
}
}
}
?>
<div class="container-fluid">
<h1 class="h3 mb-4 text-gray-800"><?php echo $title ?></h1>
<div class="content">
<!-- Content -->
<a href='http://localhost/vemapproject01/user.php'>Zurück zur Übersicht</a>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<?php
if (isset($_POST["user"])) {
// Der gewünschte User wird angezeigt
$sql = "SELECT * FROM user
WHERE objectID = :user";
$statement = connectDB()->prepare($sql);
$statement->bindParam(":user", $user);
$statement->execute();
while ($row = $statement->fetch()) {
$fname = $row["firstName"];
$lname = $row["lastName"];
$role = $row["rolesFID"];
$email = $row["email"];
$budget = $row["budget"];
$tel = $row["telNr"];
$mobil = $row["mobilNr"];
$branch = $row["branchName"];
$street = $row["street"];
$house = $row["houseNumber"];
$stairs = $row["stairs"];
$door = $row["door"];
$post = $row["postCode"];
$city = $row["city"];
$country = $row["country"];
$sector = $row["sectorCode"];
}
?>
<div class="form-group">
<label for="firstName">Vorname</label>
<input class="form-control" type="text" name="firstName" id="firstName" value="<?php echo $fname; ?>"></label>
</div>
<div class="form-group">
<label for="lastName">Nachname</label>
<input class="form-control" type="text" name="lastName" id="lastName" value="<?php echo $lname; ?>"></label>
</div>
<div class="form-group">
<label for="rolesFID">Rolle</label>
<select name="rolesFID" class="form-control">
<?php
//DropDown Menü mit allen Rollen zum auswählen
var_dump($_SESSION);
if($_SESSION["userRole"] == 2) {
$sql = "SELECT DISTINCT * FROM roles";
} else{
$sql = "SELECT DISTINCT * FROM roles
WHERE objectID <> 2";
}
$statement = connectDB()->prepare($sql);
$statement->execute();
while ($row = $statement->fetch()) {
$selected = "";
if ($row["objectID"] == $role) {
$selected = "selected";
}
//value=RoleID, inhalt ist RoleName
echo "<option value='$row[objectID]' $selected>$row[name]</option>";
}
?>
</select>
</div>
<div class="form-group">
<label for="email">Email</label>
<input class="form-control" type="email" name="email" id="email" value="<?php echo $email; ?>">
</div>
<div class="form-group">
<label for="budget">Budget</label>
<input class="form-control" type="number" name="budget" id="budget" value="<?php echo $budget; ?>">
</div>
<div class="form-group">
<label for="telNr">telephone</label>
<input class="form-control" type="text" name="telNr" id="telNr" value="<?php echo $tel; ?>">
</div>
<div class="form-group">
<label for="mobilNr">mobile</label>
<input class="form-control" type="text" name="mobilNr" id="mobilNr" value="<?php echo $mobil; ?>">
</div>
<div class="form-group">
<label for="branchName">Filiale</label>
<input class="form-control" type="text" name="branchName" id="branchName" value="<?php echo $branch; ?>">
</div>
<div class="form-group">
<label for="street">Straße</label>
<input class="form-control" type="text" name="street" id="street" value="<?php echo $street; ?>">
</div>
<div class="form-group">
<label for="houseNumber">Haus</label>
<input class="form-control" type="text" name="houseNumber" id="houseNumber" value="<?php echo $house; ?>">
</div>
<div class="form-group">
<label for="stairs">Stiege</label>
<input class="form-control" type="text" name="stairs" id="stairs" value="<?php echo $stairs; ?>">
</div>
<div class="form-group">
<label for="door">Tür</label>
<input class="form-control" type="text" name="door" id="door" value="<?php echo $door; ?>">
</div>
<div class="form-group">
<label for="postCode">PLZ</label>
<input class="form-control" type="text" name="postCode" id="postCode" value="<?php echo $post; ?>">
</div>
<div class="form-group">
<label for="city">Stadt</label>
<input class="form-control" type="text" name="city" id="city" value="<?php echo $city; ?>">
</div>
<div class="form-group">
<label for="country">Land</label>
<input class="form-control" type="text" name="country" id="country" value="<?php echo $country; ?>">
</div>
<div class="form-group">
<label for="sectorCode">Sektor</label>
<input class="form-control" type="text" name="sectorCode" id="sectorCode" value="<?php echo $sector; ?>">
</div>
<button type="submit" class="btn btn-primary form-button" name="senden">Senden</button>
<?php
/*echo "<table>";
$sql="SELECT * FROM user";
$statement=connectDB()->query($sql);
$statement->execute();
while ($row = $statement->fetch()) {
echo "User: $row[email]";
echo "<td>$row[firstName]</td>";
echo "<td>$row[lastName]</td>";
echo "<td>$row[email]</td>";
echo "<td>$row[rolesFID]</td>";
echo "<td>$row[telNr]</td>";
echo "<td>$row[mobilNr]</td>";
echo "<td>$row[branchName]</td>";
echo "<td>$row[street]</td>";
echo "<td>$row[houseNumber]</td>";
echo "<td>$row[stairs]</td>";
echo "<td>$row[door]</td>";
echo "<td>$row[postCode]</td>";
echo "<td>$row[city]</td>";
echo "<td>$row[country]</td>";
echo "<td>$row[sectorCode]</td>";
}
echo "</table>";*/
}
?>
<input type="hidden" name="user" value="<?php echo htmlspecialchars($_POST['user']); ?>">
</form>
</div>
</div>
<?php include "include/page/bottom.php"; ?>