0) { $input_id = $_id; } else { $input_id = $_POST["input_id"]; } if ($input_id <> '') { $pdoHost = getenv('MAIN_MYSQL_DB_HOST'); $pdoPort = getenv('MAIN_MYSQL_DB_PORT'); $pdoUser = getenv('MAIN_MYSQL_DB_USER'); $pdoPass = getenv('MAIN_MYSQL_DB_PASS'); $pdoSchema = getenv('MAIN_MYSQL_DB_SCHEMA'); $pdo = new \DynCom\mysyde\common\classes\PDOQueryWrapper($pdoHost, $pdoPort, $pdoSchema, $pdoUser, $pdoPass); $prepStatement = " SELECT * FROM main_contact WHERE id = :id LIMIT 1 "; $params = [ [':id', $input_id, PDO::PARAM_STR], ]; $pdo->setQuery($prepStatement); $pdo->prepareQuery(); $pdo->bindParameters($params); $pdo->executePreparedStatement(); $result = $pdo->getResultArray(); if (count($result) == 1) { $input_contact = $result[0]; $input_contact["password"] = "nochange"; echo ""; require_once("edit_contact_cardform.inc.php"); } } else { $input_contact = array(); require_once("edit_contact_cardform.inc.php"); } } function delete_contact($curr_contact_id) { $translation = \DynCom\mysyde\common\classes\Registry::get("translation"); if ($_POST["input_id"] <> '') { if ($_POST["input_id"] <> $curr_contact_id) { $query = "DELETE FROM main_contact WHERE id = '" . $_POST["input_id"] . "' LIMIT 1"; @mysqli_query($GLOBALS['mysql_con'], $query); $deleteDepartment = @mysqli_query($GLOBALS["mysql_con"], "DELETE FROM main_contact_department WHERE main_contact_id=".$_POST["input_id"]); $deletePermission = @mysqli_query($GLOBALS["mysql_con"], "DELETE FROM main_contact_permission WHERE main_contact_id=".$_POST["input_id"]); $deleteProfileContent = @mysqli_query($GLOBALS["mysql_con"], "DELETE FROM main_contact_profile_content WHERE main_contact_id=".$_POST["input_id"]); $deleteSkills = @mysqli_query($GLOBALS["mysql_con"], "DELETE FROM main_contact_skills WHERE main_contact_id=".$_POST["input_id"]); } else { header('EDIT_ERROR: 1'); $messages[] = "
" . $translation->get("contact_error5") . "
"; edit_contact($_POST["input_id"], $messages); } } require_once("edit_contact_listform.inc.php"); } function save_contact() { $messages = array(); $error = FALSE; $input_id = ""; $translation = \DynCom\mysyde\common\classes\Registry::get("translation"); if($_POST['input_password'] != ""){ $password = md5($_POST['input_password']); $query = "UPDATE main_contact SET password = '".$password."' WHERE id = '".$_POST['input_id']."' LIMIT 1"; @mysqli_query($GLOBALS['mysql_con'],$query); } $birthday = new DateTime($_POST['input_birthday']); if ($_POST["input_id"] <> '') { $inserted = FALSE; $input_id = $_POST["input_id"]; $query = "UPDATE main_contact SET name = '" . $_POST['input_name'] . "', email = '" . $_POST['input_email'] . "', shortcut = '" . $_POST['input_shortcut'] . "', address = '" . $_POST['input_address'] . "', post_code = '" . $_POST['input_post_code'] . "', city = '" . $_POST['input_city'] . "', cost_center = '" . $_POST['input_cost_center'] . "', birthday = '" . $birthday->format('Y-m-d') . "', phone_no = '" . $_POST['input_phone_no'] . "', birthday_state = '" . $_POST['input_birthday_state'] . "', master_mandant_id = '" . $_POST['master_mandant_id'] . "' WHERE id = '" . $_POST["input_id"] . "' LIMIT 1"; } else { $query = "INSERT INTO main_contact (id, name, email, shortcut, password, address, post_code, city, birthday, birthday_state, phone_no, cost_center, master_mandant_id, current_mandant_id, active) VALUES ( NULL, '" . $_POST['input_name'] . "', '" . $_POST['input_email'] . "', '" . $_POST['input_shortcut'] . "', '" . $password . "', '" . $_POST['input_address'] . "', '" . $_POST['input_post_code'] . "', '" . $_POST['input_city'] . "', '" . $birthday->format('Y-m-d') . "', '" . $_POST['input_birthday_state'] . "', '" . $_POST['input_phone_no'] . "', '" . $_POST['input_cost_center'] . "', '" . $_POST['master_mandant_id'] . "', '" . $_POST['master_mandant_id'] . "', '1' )"; $inserted = TRUE; } // $query_shortcut = "SELECT * FROM main_contact WHERE shortcut = '".$_POST['input_shortcut']."'"; // $result_shortcut = @mysqli_query($GLOBALS['mysql_con'], $query_shortcut); // if(@mysqli_num_rows($result_shortcut) >= 1 && $inserted == TRUE){ // $messages[] = "
" . $translation->get("user_error4") . "
\n"; // $error = TRUE; // } if (!$error) { @mysqli_query($GLOBALS['mysql_con'], $query); if ($inserted == TRUE) { $input_id = mysqli_insert_id($GLOBALS['mysql_con']); $query2 = "INSERT INTO main_contact_profile_content (id, main_contact_id) VALUES ( NULL, '" . $input_id. "' )"; @mysqli_query($GLOBALS['mysql_con'], $query2); $messages[] = '
' . $translation->get("contact_msg_success1") . '
'; } else { $messages[] = '
' . $translation->get("contact_msg_success2") . '
'; } if(isset($_FILES) && $_FILES['input_image']['size'] != 0 ){ $fileName = saveImage('input_image', $input_id); $query = "UPDATE main_contact SET image = '" . $fileName. "' WHERE id = '" . $input_id . "' LIMIT 1"; @mysqli_query($GLOBALS['mysql_con'],$query); } save_mandant_link($_POST, $input_id); save_permission($input_id); echo ""; edit_contact($input_id, $messages); } else { header('EDIT_ERROR: 1'); $input_contact["id"] = $_POST["input_id"]; $input_contact["name"] = $_POST["input_name"]; $input_contact["email"] = $_POST["input_email"]; $input_contact["login"] = $_POST["input_login"]; require_once("edit_contact_cardform.inc.php"); } } function report_new_emp() { $message = "Neuer Mitarbeiter wurde registriert!" . "
Name:" . $_POST['input_name'] . "
Email:" . $_POST['input_email']; if (mail_create("Neuer Mitarbeiter", // titel $message, "intranet@awo-hamburg.de", // wer send "helpdesk@awo-hamburg.de", // wer kriegt "AWO Hamburg", // name des senders "AWO Hamburg IT", // name des empfängers FALSE, $file, "", "", 0, "", $spid)) { mail_send(); } } function report_emp_dismissal() { $message = "Der Mitarbeiter muss entlassen werden!" . "
Name:" . $_POST['input_name'] . "
Email:" . $_POST['input_email']; if (mail_create("Mitarbeiter entlassen!", // titel $message, "intranet@awo-hamburg.de", // wer send "helpdesk@awo-hamburg.de", // wer kriegt "AWO Hamburg", // name des senders "AWO Hamburg IT", // name des empfängers FALSE, $file, "", "", 0, "", $spid)) { mail_send(); } } function hausausweis_request() { $message = "Der Mitarbeiter soll einen Hausausweis erhalten!" . "
Name:" . $_POST['input_name'] . "
Email:" . $_POST['input_email']; if (mail_create("Der Mitarbeiter soll einen Hausausweis erhalten!", // titel $message, "intranet@awo-hamburg.de", // wer send "helpdesk@awo-hamburg.de", // wer kriegt "AWO Hamburg", // name des senders "AWO Hamburg IT", // name des empfängers FALSE, $file, "", "", 0, "", $spid)) { mail_send(); } } function saveImage($filekey, $input_id){ $erlaubte_endungen = array("jpg", "jpeg", "gif", "png"); $filename = strtolower($_FILES[$filekey]['name']); $filename_expl = explode(".", $filename); if (!in_array($filename_expl[count($filename_expl) - 1], $erlaubte_endungen)) { $messages = "
" . $translation->get("error_slideshow_line2") . "
\n"; $error = TRUE; } $saveFilename = $input_id . "_" . time() . "_" . cleanFilename($_FILES[$filekey]['name']); require_once("intranet_config.inc.php"); move_uploaded_file($_FILES[$filekey]['tmp_name'], PATH_CONTACT . $saveFilename); return $saveFilename; } function delete_contact_image(){ $contact_id = $_POST['input_id']; $query = "SELECT * FROM main_contact WHERE id =".$contact_id." LIMIT 1"; $result = @mysqli_query($GLOBALS['mysql_con'], $query); $contact = @mysqli_fetch_array($result); if(!empty($contact)){ $filename = $contact['image']; require_once("intranet_config.inc.php"); if (file_exists(PATH_CONTACT . $filename)) { unlink(PATH_CONTACT . $filename); } $query = "UPDATE main_contact SET image = '' WHERE id = '" . $contact_id . "' LIMIT 1"; @mysqli_query($GLOBALS['mysql_con'], $query); } edit_contact(); } function save_mandant_link($contacts, $contact_id) { // $contact_id als Integer absichern $contact_id = intval($contact_id); // Vorherige Einträge löschen $deleteQuery = "DELETE FROM main_contact_department WHERE main_contact_id='" . $contact_id . "'"; mysqli_query($GLOBALS["mysql_con"], $deleteQuery); // Array initialisieren $mandants = array(); // Mandant-Werte aus $contacts extrahieren foreach ($contacts as $key => $value) { if (strpos($key, needle: 'input_mandant_') === 0 && $value != 0) { $mandants[] = $value; } elseif (strpos($key, needle: 'input_mandant_') === 1 && $value == 0 ) { $mandants[] = $value; } } // Falls $mandants nicht leer ist, Einträge einfügen for ($i = 0; $i < count($mandants); $i++) { // Wert absichern $mandantEscaped = mysqli_real_escape_string($GLOBALS['mysql_con'], $mandants[$i]); $query = "INSERT INTO main_contact_department (main_contact_id, main_mandant_id, sorting) VALUES ( " . $contact_id . ", '" . $mandantEscaped . "', '" . ($i + 1) . "' )"; mysqli_query($GLOBALS['mysql_con'], $query); // Falls du die eingefügte ID benötigst: $input_id = mysqli_insert_id($GLOBALS['mysql_con']); if ($i === 0) { $query2 = "UPDATE main_contact SET master_mandant_id = " . $mandantEscaped . " WHERE id = " . $contact_id; mysqli_query($GLOBALS['mysql_con'], $query2); } } // Weitere Verarbeitung save_contact_department($contacts, $contact_id); } function save_contact_department($contacts, $contact_id) { // Arrays initialisieren $mandants = []; $departments = []; $roles = []; $bereiches = []; $einrichtungs = []; $phone_numbers = []; $emails = []; // Durchlaufe alle Einträge in $contacts und fülle die jeweiligen Arrays foreach ($contacts as $key => $value) { if (strpos($key, 'input_mandant_') === 0) { if ($value != 0) { $mandants[] = $value; } } elseif (strpos($key, 'input_department_') === 0) { $departments[] = $value; } elseif (strpos($key, 'input_role_') === 0) { $roles[] = $value; } elseif (strpos($key, 'input_bereiche_') === 0) { $bereiches[] = $value; } elseif (strpos($key, 'input_einrichtung_') === 0) { $einrichtungs[] = $value; } elseif (strpos($key, 'input_phone_no_') === 0) { $phone_numbers[] = $value; } elseif (strpos($key, 'input_email_') === 0) { $emails[] = $value; } } // Nur fortfahren, wenn mindestens ein Mandant vorhanden ist if (count($mandants) > 0) { try { for ($i = 0; $i < count($mandants); $i++) { // Werte absichern $departmentEscaped = mysqli_real_escape_string($GLOBALS['mysql_con'], $departments[$i]); $roleEscaped = mysqli_real_escape_string($GLOBALS['mysql_con'], $roles[$i]); $bereichEscaped = mysqli_real_escape_string($GLOBALS['mysql_con'], $bereiches[$i]); $einrichtungEscaped = mysqli_real_escape_string($GLOBALS['mysql_con'], $einrichtungs[$i]); $phoneEscaped = mysqli_real_escape_string($GLOBALS['mysql_con'], $phone_numbers[$i]); $emailEscaped = mysqli_real_escape_string($GLOBALS['mysql_con'], $emails[$i]); // SQL-Abfrage zum Update $query = "UPDATE main_contact_department SET main_department_id = '$departmentEscaped', main_role_id = '$roleEscaped', main_bereich_id = '$bereichEscaped', main_einricht_id = '$einrichtungEscaped', phone_no = '$phoneEscaped', email = '$emailEscaped' WHERE main_contact_id = '" . intval($contact_id) . "' AND sorting = '" . ($i + 1) . "' LIMIT 1"; mysqli_query($GLOBALS['mysql_con'], $query); } } catch (\Throwable $th) { // Bei einem Fehler wird die Fehlermeldung ausgegeben. echo $th->getMessage(); } } } function load_mandant_list($contact){ $translation = \DynCom\mysyde\common\classes\Registry::get("translation"); $query = "SELECT * FROM main_mandant"; $result = @mysqli_query($GLOBALS['mysql_con'], $query); while($mandant = @mysqli_fetch_array($result)) { $mandant_id = $mandant['id']; $check_master_mandant = ($contact['master_mandant_id'] == $mandant_id) ? 'checked' : ''; $query_contact = "SELECT * FROM main_contact_department WHERE main_contact_id = '".$contact['id']."' AND main_mandant_id = '".$mandant_id."'"; $result_contact = @mysqli_query($GLOBALS['mysql_con'], $query_contact); $contact_link = @mysqli_fetch_array($result_contact); $check_active = ($contact_link['active'] == 1) ? 'checked' : ''; // $query_department = "SELECT DISTINCT main_department.id, main_department.description AS name FROM main_department LEFT JOIN main_department_mandant_link ON main_department.id = main_department_mandant_link.main_department_id WHERE main_mandant_id = ".$mandant_id; $query_department = "SELECT DISTINCT main_department.id, main_department.description AS name FROM main_department"; $query_role = "SELECT id,description AS name FROM main_role"; $query_bereich = "SELECT * FROM `organogramm_space`"; $query_einricht = "SELECT * FROM `organigramm_einricht`"; ?> > > num_rows == 0) { // // Eintrag existiert nicht, neuen Eintrag erstellen // $insertQuery = "INSERT INTO main_contact_department // (main_contact_id, main_mandant_id, main_department_id, main_role_id, main_bereich_id, main_einricht_id, phone_no, email, active) // VALUES // ('$contact_id', 1, 13, 13, 3, 1, '', '$email', 1)"; // if (@mysqli_query($GLOBALS['mysql_con'], $insertQuery)) { // echo "Eintrag für Kontakt-ID $contact_id in main_contact_department erstellt.
"; // } else { // echo "Fehler beim Erstellen des Eintrags für Kontakt-ID $contact_id: " . mysqli_error($GLOBALS['mysql_con']) . "
"; // } // } // } // } else { // echo "Fehler beim Abrufen der Kontakte: " . mysqli_error($GLOBALS['mysql_con']) . "
"; // } // } // function updateFromJSON() { // // JSON-Daten laden // $json_file_path = "https://awo-hamburg.breadcrumb-online.de/mysyde/intranet/admin/awo_hamburg_benutzer.json"; // $json_data = file_get_contents($json_file_path); // // Überprüfen, ob die Daten erfolgreich geladen wurden // if ($json_data === false) { // die("Fehler beim Laden der JSON-Datei."); // } // // JSON-Daten parsen // $data = json_decode($json_data, true); // // Überprüfen, ob das Parsen erfolgreich war // if ($data === null) { // die("Fehler beim Parsen der JSON-Daten: " . json_last_error_msg()); // } // $new_entries_count = 0; // // Überprüfen, ob der 'users'-Schlüssel vorhanden ist // if (!isset($data['users']) || !is_array($data['users'])) { // die("Keine Benutzerdaten gefunden."); // } // // Durchlaufen der Benutzerdaten // foreach ($data['users'] as $user) { // $displayName = mysqli_real_escape_string($GLOBALS['mysql_con'], $user['displayName']); // $mail = mysqli_real_escape_string($GLOBALS['mysql_con'], $user['mail']); // $surname = mysqli_real_escape_string($GLOBALS['mysql_con'], $user['surname']); // $telephoneNumber = mysqli_real_escape_string($GLOBALS['mysql_con'], $user['telephoneNumber']); // $azureId = mysqli_real_escape_string($GLOBALS['mysql_con'], $user['id']); // Azure ID aus der JSON // // Abfrage, ob der Eintrag bereits existiert // $query = "SELECT * FROM main_contact WHERE azure_id = '$azureId'"; // $result = @mysqli_query($GLOBALS['mysql_con'], $query); // if ($result->num_rows > 0) { // // Eintrag existiert bereits // //echo "Eintrag für $displayName existiert bereits. Keine Aktion erforderlich.
"; // } else { // // Eintrag existiert nicht, neuen Eintrag erstellen // $query = "INSERT INTO main_contact (name, email, shortcut, phone_no, master_mandant_id, current_mandant_id, active, azure_id) // VALUES ('$displayName', '$mail', '$surname', '$telephoneNumber', 12, 12, 1, '$azureId')"; // if (@mysqli_query($GLOBALS['mysql_con'], $query)) { // $new_entries_count++; // } // } // } // // Gesamtmeldung // if ($new_entries_count > 0) { // echo "Es wurden $new_entries_count neue Einträge erfolgreich hinzugefügt."; // } else { // echo "Keine neuen Einträge hinzugefügt."; // } // }