Fomulare multiple-Spalte, Admin Panel Auth angefangen

2026-01-03 19:49:22 +01:00
parent 53ce8a4491
commit a7cad8edca
4 changed files with 55 additions and 3 deletions
--- a/admin/login.php
+++ b/admin/login.php
@@ -0,0 +1,20 @@
+<?php
+include("../../mysqlverbinden.php");
+
+if(!isset($_GET["username"])) die("GET username fehlt");
+$username=$_GET["username"];
+
+if(!isset($_GET["password"])) die("GET password fehlt");
+$password=$_GET["password"];
+
+$result=mysqli_execute_query($db_id,"SELECT `password` FROM `adminpanel-users` WHERE `username`=?;",[$username])->fetch_assoc();
+if(!isset($result["password"])) 
+		die('{"error":"Falscher Benutzername","success":false}');
+
+if($result["password"]!=$password)
+		die('{"error":"Falsches Passwort","success":false}');
+
+$token="";
+
+echo json_encode(["token"=>$token,"success"=>true],JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES);
+
--- a/admin/userinfo.php
+++ b/admin/userinfo.php
--- a/formulare/submit.php
+++ b/formulare/submit.php
@@ -4,10 +4,42 @@ include("../../mysqlverbinden.php");

 if(!isset($_POST["internalformid"])) die("POST internalformid fehlt");
 $formid=$_POST["internalformid"];
-print_r($_POST);
+
+if(mysqli_execute_query($db_id,"SELECT * FROM `formulare` WHERE `id`=?;",[$formid])->fetch_assoc()["multiple"]==0) {
+		foreach(mysqli_execute_query($db_id,"SELECT `id` FROM `formulare-ergebnisse`;") as $row){
+				$same=true;
+				$checkedKeys=[];
+			foreach(mysqli_execute_query($db_id,"SELECT `name` FROM `formulare-fields` WHERE `formular`=?;",[$formid]) as $fieldName){
+				$name=$fieldName["name"];
+				$nameStripped=$name;
+				if(substr($name,-2)=="[]"){
+					$nameStripped=substr($name,0,-2);
+				}
+				$row2=mysqli_execute_query($db_id,"SELECT `name`,`value` FROM `formulare-ergebnis` WHERE `ergebnisid`=? AND `name`=?;",[$row["id"],$name])->fetch_assoc();
+				if(isset($row2["value"])!=isset($_POST[$nameStripped])){
+						$same=false;
+					continue;	
+				}
+					$value=$_POST[$nameStripped];
+					if(is_array($value)){
+							$value=json_encode($value,JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES);
+					}
+					if(!is_string($value)) $value=strval($value);
+					if($value!=$row2["value"]){
+							$same=false;
+					}
+					$checkedKeys[]=$name;
+
+			}	
+				if($same) die("Fehler: Doppelte Einträge sind nicht erlaubt");
+		}
+
+
+} 
+
 mysqli_execute_query($db_id,"INSERT INTO `formulare-ergebnisse` (`formular`) VALUES (?);",[$formid]);
 $id = mysqli_insert_id($db_id);
-echo $id;
+

 foreach($_POST as $key => $value){
 	if($key=="internalformid") continue;
--- a/hits.txt
+++ b/hits.txt
@@ -1 +1 @@
-5
+7