diff --git a/users.php b/users.php index 9a27f21..b5af325 100755 --- a/users.php +++ b/users.php @@ -2,6 +2,32 @@ include('inc/check_login.php'); require_once('inc/db.php'); +// 🔹 Hilfsfunktion: DE-Format → DB-Format +function deDateToDb($deDate) +{ + if (empty($deDate)) return null; + $parts = explode('.', $deDate); + if (count($parts) !== 3) return null; + $day = str_pad(trim($parts[0]), 2, '0', STR_PAD_LEFT); + $month = str_pad(trim($parts[1]), 2, '0', STR_PAD_LEFT); + $year = trim($parts[2]); + if (strlen($year) === 2) { + $year = (int)$year < 50 ? "20$year" : "19$year"; + } + if (strlen($year) !== 4) return null; + if (checkdate((int)$month, (int)$day, (int)$year)) { + return "$year-$month-$day"; + } + return null; +} + +// 🔹 Hilfsfunktion: DB-Format → DE-Format +function dbDateToDe($dbDate) +{ + if (empty($dbDate) || $dbDate === '0000-00-00') return ''; + return date('d.m.Y', strtotime($dbDate)); +} + $is_admin = ($_SESSION['role'] === 'admin'); $message = ''; @@ -9,28 +35,6 @@ $message_type = ''; $edit_mode = false; $edit_user = null; -// Hilfsfunktion: DE-Format zu DB-Format -function deDateToDb($deDate) -{ - if (empty($deDate)) return null; - $parts = explode('.', $deDate); - if (count($parts) !== 3) return null; - $day = str_pad($parts[0], 2, '0', STR_PAD_LEFT); - $month = str_pad($parts[1], 2, '0', STR_PAD_LEFT); - $year = $parts[2]; - if (checkdate((int)$month, (int)$day, (int)$year)) { - return "$year-$month-$day"; - } - return null; -} - -// Hilfsfunktion: DB-Format zu DE-Format -function dbDateToDe($dbDate) -{ - if (empty($dbDate) || $dbDate === '0000-00-00') return ''; - return date('d.m.Y', strtotime($dbDate)); -} - // --- Nur Admins: Löschen --- if ($is_admin && isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id'])) { $id = (int)$_GET['id']; @@ -44,7 +48,7 @@ if ($is_admin && isset($_GET['action']) && $_GET['action'] == 'delete' && isset( $message = "Benutzer erfolgreich gelöscht!"; $message_type = 'success'; } else { - $message = "Fehler beim Löschen des Benutzers."; + $message = "Fehler beim Löschen: " . mysqli_error($conn); $message_type = 'danger'; } mysqli_stmt_close($stmt); @@ -68,7 +72,6 @@ if ($is_admin && isset($_GET['action']) && $_GET['action'] == 'edit' && isset($_ $message = "Benutzer nicht gefunden."; $message_type = 'warning'; } else { - // Konvertiere DB-Datum zu DE-Format für das Formular $edit_user['birthday_de'] = dbDateToDe($edit_user['birthday']); } } @@ -83,22 +86,79 @@ if ($is_admin && $_SERVER["REQUEST_METHOD"] == "POST") { $id = !empty($_POST['id']) ? (int)$_POST['id'] : null; $email = !empty($email_raw) ? $email_raw : null; - $birthday_db = deDateToDb($birthday_de); // null bei ungültig/leer + $birthday_db = deDateToDb($birthday_de); + + // --- DEBUG: Zeige, was konvertiert wurde (kannst du später löschen) --- + // error_log("DEBUG: birthday_de='$birthday_de' → birthday_db='$birthday_db'"); if (empty($username)) { $message = "Benutzername ist erforderlich."; $message_type = 'danger'; } else { + $success = false; + $update_fields = []; + $params = []; + $types = ""; + if ($id) { - if (!empty($password)) { - $password_hashed = password_hash($password, PASSWORD_DEFAULT); - $stmt = mysqli_prepare($conn, "UPDATE users SET username = ?, password = ?, email = ?, birthday = ?, role = ? WHERE id = ?"); - mysqli_stmt_bind_param($stmt, "sssssi", $username, $password_hashed, $email, $birthday_db, $role, $id); + // 🔹 UPDATE: Nur Felder aktualisieren, die sich geändert haben + $current = mysqli_prepare($conn, "SELECT username, email, birthday, role FROM users WHERE id = ?"); + mysqli_stmt_bind_param($current, "i", $id); + mysqli_stmt_execute($current); + $curr_data = mysqli_fetch_assoc(mysqli_stmt_get_result($current)); + mysqli_stmt_close($current); + + if (!$curr_data) { + $message = "Benutzer nicht gefunden."; + $message_type = 'danger'; } else { - $stmt = mysqli_prepare($conn, "UPDATE users SET username = ?, email = ?, birthday = ?, role = ? WHERE id = ?"); - mysqli_stmt_bind_param($stmt, "ssssi", $username, $email, $birthday_db, $role, $id); + // Prüfe Änderungen + if ($username !== $curr_data['username']) { + $update_fields[] = "username = ?"; + $params[] = $username; + $types .= "s"; + } + if ($email !== $curr_data['email']) { + $update_fields[] = "email = ?"; + $params[] = $email; + $types .= "s"; + } + if ($birthday_db !== ($curr_data['birthday'] ?: null)) { + $update_fields[] = "birthday = ?"; + $params[] = $birthday_db; + $types .= "s"; + } + if ($role !== $curr_data['role']) { + $update_fields[] = "role = ?"; + $params[] = $role; + $types .= "s"; + } + + if (!empty($update_fields)) { + // Passwort separat + if (!empty($password)) { + $password_hashed = password_hash($password, PASSWORD_DEFAULT); + $update_fields[] = "password = ?"; + $params[] = $password_hashed; + $types .= "s"; + } + + $sql = "UPDATE users SET " . implode(", ", $update_fields) . " WHERE id = ?"; + $stmt = mysqli_prepare($conn, $sql); + $params[] = $id; + $types .= "i"; + + mysqli_stmt_bind_param($stmt, $types, ...$params); + $success = mysqli_stmt_execute($stmt); + mysqli_stmt_close($stmt); + } else { + $success = true; // nichts zu ändern → Erfolg + $message = "Keine Änderungen vorgenommen."; + $message_type = 'info'; + } } } else { + // 🔹 INSERT if (empty($password)) { $message = "Passwort ist beim Erstellen erforderlich."; $message_type = 'danger'; @@ -106,25 +166,27 @@ if ($is_admin && $_SERVER["REQUEST_METHOD"] == "POST") { $password_hashed = password_hash($password, PASSWORD_DEFAULT); $stmt = mysqli_prepare($conn, "INSERT INTO users (username, password, email, birthday, role) VALUES (?, ?, ?, ?, ?)"); mysqli_stmt_bind_param($stmt, "sssss", $username, $password_hashed, $email, $birthday_db, $role); + $success = mysqli_stmt_execute($stmt); + mysqli_stmt_close($stmt); } } if (!isset($message)) { - if (isset($stmt) && mysqli_stmt_execute($stmt)) { - $message = $id ? "Benutzer aktualisiert!" : "Neuer Benutzer hinzugefügt!"; + if ($success) { + $message = $id ? "Benutzer erfolgreich aktualisiert!" : "Neuer Benutzer hinzugefügt!"; $message_type = 'success'; } else { - $message = "Fehler beim Speichern."; + $message = "Fehler beim Speichern: " . mysqli_error($conn); $message_type = 'danger'; } - if (isset($stmt)) mysqli_stmt_close($stmt); - header("Location: users.php"); - exit(); } + + header("Location: users.php"); + exit(); } } -// --- Mitgliederliste für alle --- +// --- Mitgliederliste --- $users = []; $result = mysqli_query($conn, "SELECT id, username, role, email, birthday FROM users ORDER BY id ASC"); while ($row = mysqli_fetch_assoc($result)) {