v1.3.0 - Geburtstags in Admin-Edit hinzugefügt
This commit is contained in:
Borgal
138
users.php
138
users.php
@@ -2,6 +2,32 @@
|
||||
include('inc/check_login.php');
|
||||
require_once('inc/db.php');
|
||||
|
||||
// 🔹 Hilfsfunktion: DE-Format → DB-Format
|
||||
function deDateToDb($deDate)
|
||||
{
|
||||
if (empty($deDate)) return null;
|
||||
$parts = explode('.', $deDate);
|
||||
if (count($parts) !== 3) return null;
|
||||
$day = str_pad(trim($parts[0]), 2, '0', STR_PAD_LEFT);
|
||||
$month = str_pad(trim($parts[1]), 2, '0', STR_PAD_LEFT);
|
||||
$year = trim($parts[2]);
|
||||
if (strlen($year) === 2) {
|
||||
$year = (int)$year < 50 ? "20$year" : "19$year";
|
||||
}
|
||||
if (strlen($year) !== 4) return null;
|
||||
if (checkdate((int)$month, (int)$day, (int)$year)) {
|
||||
return "$year-$month-$day";
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
// 🔹 Hilfsfunktion: DB-Format → DE-Format
|
||||
function dbDateToDe($dbDate)
|
||||
{
|
||||
if (empty($dbDate) || $dbDate === '0000-00-00') return '';
|
||||
return date('d.m.Y', strtotime($dbDate));
|
||||
}
|
||||
|
||||
$is_admin = ($_SESSION['role'] === 'admin');
|
||||
|
||||
$message = '';
|
||||
@@ -9,28 +35,6 @@ $message_type = '';
|
||||
$edit_mode = false;
|
||||
$edit_user = null;
|
||||
|
||||
// Hilfsfunktion: DE-Format zu DB-Format
|
||||
function deDateToDb($deDate)
|
||||
{
|
||||
if (empty($deDate)) return null;
|
||||
$parts = explode('.', $deDate);
|
||||
if (count($parts) !== 3) return null;
|
||||
$day = str_pad($parts[0], 2, '0', STR_PAD_LEFT);
|
||||
$month = str_pad($parts[1], 2, '0', STR_PAD_LEFT);
|
||||
$year = $parts[2];
|
||||
if (checkdate((int)$month, (int)$day, (int)$year)) {
|
||||
return "$year-$month-$day";
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
// Hilfsfunktion: DB-Format zu DE-Format
|
||||
function dbDateToDe($dbDate)
|
||||
{
|
||||
if (empty($dbDate) || $dbDate === '0000-00-00') return '';
|
||||
return date('d.m.Y', strtotime($dbDate));
|
||||
}
|
||||
|
||||
// --- Nur Admins: Löschen ---
|
||||
if ($is_admin && isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id'])) {
|
||||
$id = (int)$_GET['id'];
|
||||
@@ -44,7 +48,7 @@ if ($is_admin && isset($_GET['action']) && $_GET['action'] == 'delete' && isset(
|
||||
$message = "Benutzer erfolgreich gelöscht!";
|
||||
$message_type = 'success';
|
||||
} else {
|
||||
$message = "Fehler beim Löschen des Benutzers.";
|
||||
$message = "Fehler beim Löschen: " . mysqli_error($conn);
|
||||
$message_type = 'danger';
|
||||
}
|
||||
mysqli_stmt_close($stmt);
|
||||
@@ -68,7 +72,6 @@ if ($is_admin && isset($_GET['action']) && $_GET['action'] == 'edit' && isset($_
|
||||
$message = "Benutzer nicht gefunden.";
|
||||
$message_type = 'warning';
|
||||
} else {
|
||||
// Konvertiere DB-Datum zu DE-Format für das Formular
|
||||
$edit_user['birthday_de'] = dbDateToDe($edit_user['birthday']);
|
||||
}
|
||||
}
|
||||
@@ -83,22 +86,79 @@ if ($is_admin && $_SERVER["REQUEST_METHOD"] == "POST") {
|
||||
$id = !empty($_POST['id']) ? (int)$_POST['id'] : null;
|
||||
|
||||
$email = !empty($email_raw) ? $email_raw : null;
|
||||
$birthday_db = deDateToDb($birthday_de); // null bei ungültig/leer
|
||||
$birthday_db = deDateToDb($birthday_de);
|
||||
|
||||
// --- DEBUG: Zeige, was konvertiert wurde (kannst du später löschen) ---
|
||||
// error_log("DEBUG: birthday_de='$birthday_de' → birthday_db='$birthday_db'");
|
||||
|
||||
if (empty($username)) {
|
||||
$message = "Benutzername ist erforderlich.";
|
||||
$message_type = 'danger';
|
||||
} else {
|
||||
$success = false;
|
||||
$update_fields = [];
|
||||
$params = [];
|
||||
$types = "";
|
||||
|
||||
if ($id) {
|
||||
if (!empty($password)) {
|
||||
$password_hashed = password_hash($password, PASSWORD_DEFAULT);
|
||||
$stmt = mysqli_prepare($conn, "UPDATE users SET username = ?, password = ?, email = ?, birthday = ?, role = ? WHERE id = ?");
|
||||
mysqli_stmt_bind_param($stmt, "sssssi", $username, $password_hashed, $email, $birthday_db, $role, $id);
|
||||
// 🔹 UPDATE: Nur Felder aktualisieren, die sich geändert haben
|
||||
$current = mysqli_prepare($conn, "SELECT username, email, birthday, role FROM users WHERE id = ?");
|
||||
mysqli_stmt_bind_param($current, "i", $id);
|
||||
mysqli_stmt_execute($current);
|
||||
$curr_data = mysqli_fetch_assoc(mysqli_stmt_get_result($current));
|
||||
mysqli_stmt_close($current);
|
||||
|
||||
if (!$curr_data) {
|
||||
$message = "Benutzer nicht gefunden.";
|
||||
$message_type = 'danger';
|
||||
} else {
|
||||
$stmt = mysqli_prepare($conn, "UPDATE users SET username = ?, email = ?, birthday = ?, role = ? WHERE id = ?");
|
||||
mysqli_stmt_bind_param($stmt, "ssssi", $username, $email, $birthday_db, $role, $id);
|
||||
// Prüfe Änderungen
|
||||
if ($username !== $curr_data['username']) {
|
||||
$update_fields[] = "username = ?";
|
||||
$params[] = $username;
|
||||
$types .= "s";
|
||||
}
|
||||
if ($email !== $curr_data['email']) {
|
||||
$update_fields[] = "email = ?";
|
||||
$params[] = $email;
|
||||
$types .= "s";
|
||||
}
|
||||
if ($birthday_db !== ($curr_data['birthday'] ?: null)) {
|
||||
$update_fields[] = "birthday = ?";
|
||||
$params[] = $birthday_db;
|
||||
$types .= "s";
|
||||
}
|
||||
if ($role !== $curr_data['role']) {
|
||||
$update_fields[] = "role = ?";
|
||||
$params[] = $role;
|
||||
$types .= "s";
|
||||
}
|
||||
|
||||
if (!empty($update_fields)) {
|
||||
// Passwort separat
|
||||
if (!empty($password)) {
|
||||
$password_hashed = password_hash($password, PASSWORD_DEFAULT);
|
||||
$update_fields[] = "password = ?";
|
||||
$params[] = $password_hashed;
|
||||
$types .= "s";
|
||||
}
|
||||
|
||||
$sql = "UPDATE users SET " . implode(", ", $update_fields) . " WHERE id = ?";
|
||||
$stmt = mysqli_prepare($conn, $sql);
|
||||
$params[] = $id;
|
||||
$types .= "i";
|
||||
|
||||
mysqli_stmt_bind_param($stmt, $types, ...$params);
|
||||
$success = mysqli_stmt_execute($stmt);
|
||||
mysqli_stmt_close($stmt);
|
||||
} else {
|
||||
$success = true; // nichts zu ändern → Erfolg
|
||||
$message = "Keine Änderungen vorgenommen.";
|
||||
$message_type = 'info';
|
||||
}
|
||||
}
|
||||
} else {
|
||||
// 🔹 INSERT
|
||||
if (empty($password)) {
|
||||
$message = "Passwort ist beim Erstellen erforderlich.";
|
||||
$message_type = 'danger';
|
||||
@@ -106,25 +166,27 @@ if ($is_admin && $_SERVER["REQUEST_METHOD"] == "POST") {
|
||||
$password_hashed = password_hash($password, PASSWORD_DEFAULT);
|
||||
$stmt = mysqli_prepare($conn, "INSERT INTO users (username, password, email, birthday, role) VALUES (?, ?, ?, ?, ?)");
|
||||
mysqli_stmt_bind_param($stmt, "sssss", $username, $password_hashed, $email, $birthday_db, $role);
|
||||
$success = mysqli_stmt_execute($stmt);
|
||||
mysqli_stmt_close($stmt);
|
||||
}
|
||||
}
|
||||
|
||||
if (!isset($message)) {
|
||||
if (isset($stmt) && mysqli_stmt_execute($stmt)) {
|
||||
$message = $id ? "Benutzer aktualisiert!" : "Neuer Benutzer hinzugefügt!";
|
||||
if ($success) {
|
||||
$message = $id ? "Benutzer erfolgreich aktualisiert!" : "Neuer Benutzer hinzugefügt!";
|
||||
$message_type = 'success';
|
||||
} else {
|
||||
$message = "Fehler beim Speichern.";
|
||||
$message = "Fehler beim Speichern: " . mysqli_error($conn);
|
||||
$message_type = 'danger';
|
||||
}
|
||||
if (isset($stmt)) mysqli_stmt_close($stmt);
|
||||
header("Location: users.php");
|
||||
exit();
|
||||
}
|
||||
|
||||
header("Location: users.php");
|
||||
exit();
|
||||
}
|
||||
}
|
||||
|
||||
// --- Mitgliederliste für alle ---
|
||||
// --- Mitgliederliste ---
|
||||
$users = [];
|
||||
$result = mysqli_query($conn, "SELECT id, username, role, email, birthday FROM users ORDER BY id ASC");
|
||||
while ($row = mysqli_fetch_assoc($result)) {
|
||||
|
||||
Reference in New Issue
Block a user