AdminPanel Formulare hinzugefügt, .gitignore aktualisiert

2026-01-04 17:56:23 +01:00
parent 3c2c8a368e
commit 5cb0b78d27
8 changed files with 85 additions and 20 deletions
--- a/admin/check.php
+++ b/admin/check.php
@@ -0,0 +1,26 @@
+<?php
+header("Content-Type: application/json");
+header("Access-Control-Allow-Origin: *");
+header("Access-Control-Allow-Headers: Authorization");
+
+
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
+
+function getUserInfo(){
+		global $secret;
+		$token = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
+
+		// "Bearer " entfernen
+		$token = str_replace('Bearer ', '', $token);
+
+		try {
+				$payload=JWT::decode($token, new Key($secret,"HS256"));
+				if($payload->expire<time()) die('{"error":"Token expired"}');
+				return $payload;
+		}catch(Exception $e){
+				die('{"error":"Invalid Token"}');
+		}
+}
+
+
--- a/admin/formulare/ergebnisse.php
+++ b/admin/formulare/ergebnisse.php
@@ -0,0 +1,33 @@
+<?php
+include("../../../mysqlverbinden.php");
+include("../secret.php");
+include("../../vendor/autoload.php");
+
+include("../check.php");
+
+$payload=getUserInfo();
+
+$username=$payload->username;
+$id=$payload->id;
+
+if(!isset($_GET["formular"])) die("GET formular fehlt");
+$formular=$_GET["formular"];
+
+$data=[];
+
+foreach(mysqli_execute_query($db_id,"SELECT `id` FROM `formulare-ergebnisse` WHERE `formular`=?;",[$formular]) as $ergebnisidrow){
+		$ergebnisid=$ergebnisidrow["id"];
+		$ergebnis=[];
+		
+		foreach(mysqli_execute_query($db_id,"SELECT `name`, `value` FROM `formulare-ergebnis` WHERE ergebnisid=?;",[$ergebnisid]) as $row){
+
+				$ergebnis[$row["name"]]=$row["value"];
+				
+		}
+		$data[]=$ergebnis;
+
+}
+
+echo json_encode($data,JSON_UNESCAPED_SLASHES|JSON_UNESCAPED_UNICODE);
+
+
--- a/admin/formulare/newForm.php
+++ b/admin/formulare/newForm.php
@@ -0,0 +1,15 @@
+<?php
+include("../../../mysqlverbinden.php");
+include("../secret.php");
+include("../../vendor/autoload.php");
+
+include("../check.php");
+
+$payload=getUserInfo();
+
+$username=$payload->username;
+$id=$payload->id;
+
+mysqli_execute_query($db_id,"INSERT INTO `formulare` (`name`,`minitext`,`public`,`multiple`) VALUES ('','',1,1);");
+
+echo '{"success":true}';
--- a/admin/login.php
+++ b/admin/login.php
@@ -16,7 +16,7 @@ $username=$_GET["username"];
 if(!isset($_GET["password"])) die("GET password fehlt");
 $password=$_GET["password"];

-$result=mysqli_execute_query($db_id,"SELECT `password` FROM `adminpanel-users` WHERE `username`=?;",[$username])->fetch_assoc();
+$result=mysqli_execute_query($db_id,"SELECT `password`, `id` FROM `adminpanel-users` WHERE `username`=?;",[$username])->fetch_assoc();
 if(!isset($result["password"])) 
 		die('{"error":"Falscher Benutzername","success":false}');

@@ -24,6 +24,7 @@ if(!password_verify($password,$result["password"]))
 		die('{"error":"Falsches Passwort","success":false}');

 $payload=[
+		"id"=>$result["id"],
 		"username"=>$username,
 		"expire"=>time()+3600
 ];
--- a/admin/userinfo.php
+++ b/admin/userinfo.php
@@ -1,25 +1,10 @@
 <?php
-header("Content-Type: application/json");
-header("Access-Control-Allow-Origin: *");
-header("Access-Control-Allow-Headers: Authorization");
-
-
 include("../../mysqlverbinden.php");
 include("secret.php");
 include("../vendor/autoload.php");

-use Firebase\JWT\JWT;
-use Firebase\JWT\Key;

-$token = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
+include("check.php");

-// "Bearer " entfernen
-$token = str_replace('Bearer ', '', $token);
-
-try {
-		$payload=JWT::decode($token, new Key($secret,"HS256"));
-		if($payload->expire<time()) die('{"error":"Token expired"}');
-		echo json_encode($payload,JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES);
-}catch(Exception $e){
-		die('{"error":"Invalid Token"}');
-}
+$payload=getUserInfo();
+echo json_encode($payload,JSON_UNESCAPED_SLASHES|JSON_UNESCAPED_UNICODE);