From 5cb0b78d27eb513950a63391018ef440fd9da473 Mon Sep 17 00:00:00 2001
From: R40fendt <r40test311@gmail.com>
Date: Sun, 4 Jan 2026 17:56:23 +0100
Subject: [PATCH] =?UTF-8?q?AdminPanel=20Formulare=20hinzugef=C3=BCgt,=20.g?=
 =?UTF-8?q?itignore=20aktualisiert?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .gitignore                     |  1 +
 admin/check.php                | 26 ++++++++++++++++++++++++++
 admin/formulare/ergebnisse.php | 33 +++++++++++++++++++++++++++++++++
 admin/formulare/newForm.php    | 15 +++++++++++++++
 admin/login.php                |  3 ++-
 admin/userinfo.php             | 21 +++------------------
 formulare/get_results.php      |  4 ++++
 hits.txt                       |  2 +-
 8 files changed, 85 insertions(+), 20 deletions(-)
 create mode 100755 admin/check.php
 create mode 100755 admin/formulare/ergebnisse.php
 create mode 100755 admin/formulare/newForm.php

diff --git a/.gitignore b/.gitignore
index fe042c2..9a63921 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 copy.sh
 /bulitipp/script.lock
+/admin/secret.php
diff --git a/admin/check.php b/admin/check.php
new file mode 100755
index 0000000..e670d53
--- /dev/null
+++ b/admin/check.php
@@ -0,0 +1,26 @@
+<?php
+header("Content-Type: application/json");
+header("Access-Control-Allow-Origin: *");
+header("Access-Control-Allow-Headers: Authorization");
+
+
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
+
+function getUserInfo(){
+		global $secret;
+		$token = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
+
+		// "Bearer " entfernen
+		$token = str_replace('Bearer ', '', $token);
+
+		try {
+				$payload=JWT::decode($token, new Key($secret,"HS256"));
+				if($payload->expire<time()) die('{"error":"Token expired"}');
+				return $payload;
+		}catch(Exception $e){
+				die('{"error":"Invalid Token"}');
+		}
+}
+
+
diff --git a/admin/formulare/ergebnisse.php b/admin/formulare/ergebnisse.php
new file mode 100755
index 0000000..c474ad3
--- /dev/null
+++ b/admin/formulare/ergebnisse.php
@@ -0,0 +1,33 @@
+<?php
+include("../../../mysqlverbinden.php");
+include("../secret.php");
+include("../../vendor/autoload.php");
+
+include("../check.php");
+
+$payload=getUserInfo();
+
+$username=$payload->username;
+$id=$payload->id;
+
+if(!isset($_GET["formular"])) die("GET formular fehlt");
+$formular=$_GET["formular"];
+
+$data=[];
+
+foreach(mysqli_execute_query($db_id,"SELECT `id` FROM `formulare-ergebnisse` WHERE `formular`=?;",[$formular]) as $ergebnisidrow){
+		$ergebnisid=$ergebnisidrow["id"];
+		$ergebnis=[];
+		
+		foreach(mysqli_execute_query($db_id,"SELECT `name`, `value` FROM `formulare-ergebnis` WHERE ergebnisid=?;",[$ergebnisid]) as $row){
+
+				$ergebnis[$row["name"]]=$row["value"];
+				
+		}
+		$data[]=$ergebnis;
+
+}
+
+echo json_encode($data,JSON_UNESCAPED_SLASHES|JSON_UNESCAPED_UNICODE);
+
+
diff --git a/admin/formulare/newForm.php b/admin/formulare/newForm.php
new file mode 100755
index 0000000..2d266eb
--- /dev/null
+++ b/admin/formulare/newForm.php
@@ -0,0 +1,15 @@
+<?php
+include("../../../mysqlverbinden.php");
+include("../secret.php");
+include("../../vendor/autoload.php");
+
+include("../check.php");
+
+$payload=getUserInfo();
+
+$username=$payload->username;
+$id=$payload->id;
+
+mysqli_execute_query($db_id,"INSERT INTO `formulare` (`name`,`minitext`,`public`,`multiple`) VALUES ('','',1,1);");
+
+echo '{"success":true}';
diff --git a/admin/login.php b/admin/login.php
index 5e865a7..5091994 100755
--- a/admin/login.php
+++ b/admin/login.php
@@ -16,7 +16,7 @@ $username=$_GET["username"];
 if(!isset($_GET["password"])) die("GET password fehlt");
 $password=$_GET["password"];
 
-$result=mysqli_execute_query($db_id,"SELECT `password` FROM `adminpanel-users` WHERE `username`=?;",[$username])->fetch_assoc();
+$result=mysqli_execute_query($db_id,"SELECT `password`, `id` FROM `adminpanel-users` WHERE `username`=?;",[$username])->fetch_assoc();
 if(!isset($result["password"])) 
 		die('{"error":"Falscher Benutzername","success":false}');
 
@@ -24,6 +24,7 @@ if(!password_verify($password,$result["password"]))
 		die('{"error":"Falsches Passwort","success":false}');
 
 $payload=[
+		"id"=>$result["id"],
 		"username"=>$username,
 		"expire"=>time()+3600
 ];
diff --git a/admin/userinfo.php b/admin/userinfo.php
index a4e54ab..4391ac5 100755
--- a/admin/userinfo.php
+++ b/admin/userinfo.php
@@ -1,25 +1,10 @@
 <?php
-header("Content-Type: application/json");
-header("Access-Control-Allow-Origin: *");
-header("Access-Control-Allow-Headers: Authorization");
-
-
 include("../../mysqlverbinden.php");
 include("secret.php");
 include("../vendor/autoload.php");
 
-use Firebase\JWT\JWT;
-use Firebase\JWT\Key;
 
-$token = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
+include("check.php");
 
-// "Bearer " entfernen
-$token = str_replace('Bearer ', '', $token);
-
-try {
-		$payload=JWT::decode($token, new Key($secret,"HS256"));
-		if($payload->expire<time()) die('{"error":"Token expired"}');
-		echo json_encode($payload,JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES);
-}catch(Exception $e){
-		die('{"error":"Invalid Token"}');
-}
+$payload=getUserInfo();
+echo json_encode($payload,JSON_UNESCAPED_SLASHES|JSON_UNESCAPED_UNICODE);
diff --git a/formulare/get_results.php b/formulare/get_results.php
index 2289b9b..245a937 100755
--- a/formulare/get_results.php
+++ b/formulare/get_results.php
@@ -6,6 +6,10 @@ include("../../mysqlverbinden.php");
 if(!isset($_GET["id"])) die("GET id fehlt");
 $formularid=$_GET["id"];
 
+if(!mysqli_execute_query($db_id,"SELECT `public` FROM `formulare` WHERE `id`=?;",[$formularid])->fetch_assoc()["public"]){
+		die('{"error":"not_public"}');
+}
+
 function get_type_by_name($name){
 		global $db_id;
 		return mysqli_fetch_assoc(mysqli_execute_query($db_id,"SELECT `type` FROM `formulare-fields` WHERE `name`=?;",[$name]))["type"];
diff --git a/hits.txt b/hits.txt
index c793025..301160a 100755
--- a/hits.txt
+++ b/hits.txt
@@ -1 +1 @@
-7
\ No newline at end of file
+8
\ No newline at end of file