From cd182a1fb9043ded9b369b35d5169a1cc85433b5 Mon Sep 17 00:00:00 2001
From: clemens <creutzburg@ctb-it.de>
Date: Thu, 5 Mar 2026 15:28:03 +0100
Subject: [PATCH] Dateien nach "/" hochladen

---
 favicon.ico       | Bin 0 -> 1150 bytes
 footer.php        |  61 +++++++++++++++++
 functions.php     |  69 +++++++++++++++++++
 functionsLDAP.php | 166 ++++++++++++++++++++++++++++++++++++++++++++++
 header.php        |  38 +++++++++++
 5 files changed, 334 insertions(+)
 create mode 100644 favicon.ico
 create mode 100644 footer.php
 create mode 100644 functions.php
 create mode 100644 functionsLDAP.php
 create mode 100644 header.php

diff --git a/favicon.ico b/favicon.ico
new file mode 100644
index 0000000000000000000000000000000000000000..a11e04fd0e0578bad6fe8a1815a97277b6010f79
GIT binary patch
literal 1150
zcmb_WF$%&^49%y74lV`3wStR-lj3B15HBF&DLU&3JcT$o$uD(xckK~+fI>}_z~j??
z5&BA+<o&#t5E=gBnD{@XeMmGRqB#ds%zSxHAB;yt62GuJuUa>LY2@A2boG5cU9)|h
z>w$Bv2RMfw$YU*5*ki4F<lNe)ms#;Zjh-$X0(+cCJ?_%l&FZ5bL+kZs-Q(+JM)nKz
z9?g1pUys@$^ga*w7I(L36?(7cf3)f$S@oFleW<!g9=49cq6(-e&B>PLlIC>Fa$0h%
cZB9py1@qTUX<lg+9I`svW=-<Ex9!Zn0e9Z*d;kCd

literal 0
HcmV?d00001

diff --git a/footer.php b/footer.php
new file mode 100644
index 0000000..958090a
--- /dev/null
+++ b/footer.php
@@ -0,0 +1,61 @@
+		</div>
+	</div>				
+<!-- Sidebar -->
+	<div id="sidebar">
+		<div class="inner">
+			<!-- Menu -->
+				<nav id="menu">
+					<header class="major">
+						<h2>Menü</h2>
+					</header>
+					<ul>
+						<li><a href="index.php">Meine Kaffeeliste</a></li>
+
+
+
+
+<?php
+if(checkKaffeelisteAdmin($conn, $mailadress)){
+?>
+
+			<li><a href="einzahlung.php">Einzahlung eintragen</a></li>
+			<li><a href="stricheintragen.php"> Striche eintragen</a></li>
+			<li><a href="kaffeeliste.php">Kaffeeliste anzeigen</a></li>
+			<li><a href="mitarbeiterverwalten.php">Mitglieder verwalten</a></li>
+			<li><a href="hinweise.php">Hinweise verwalten</a></li>
+
+
+
+
+
+
+<?php
+}
+?>
+			<li><a href="faq.php">FAQ Kaffeeliste</a></li>
+		</ul>
+	</nav>		
+
+
+
+<!-- Footer -->
+
+					<footer id="footer">
+									<p class="copyright">&copy; Copyright: Clemens Creutzburg All rights reserved. Design: <a href="http://html5up.net">HTML5 UP</a></p>
+						
+								</footer>
+
+						</div>
+					</div>
+
+			</div>
+
+		<!-- Scripts -->
+			<script src="assets/js/jquery.min.js"></script>
+			<script src="assets/js/browser.min.js"></script>
+			<script src="assets/js/breakpoints.min.js"></script>
+			<script src="assets/js/util.js"></script>
+			<script src="assets/js/main.js"></script>
+
+	</body>
+</html>
diff --git a/functions.php b/functions.php
new file mode 100644
index 0000000..317f792
--- /dev/null
+++ b/functions.php
@@ -0,0 +1,69 @@
+<?php
+
+include_once "config.php";
+
+$kennungtemp = $_SERVER['AUTH_USER'];
+$teile = explode("\\", $kennungtemp);
+$kennung = $teile[1];	
+	
+
+include_once "functionsLDAP.php";
+	
+function getUserName($conn, $mail){
+	
+	$sqlMitglieder = "SELECT Name FROM kl_Mitarbeiter WHERE Email like '" . strtolower($mail) . "' ";
+	$stmtMitglieder = sqlsrv_query($conn, $sqlMitglieder);	
+	#$row = sqlsrv_fetch_array($stmtMitglieder, SQLSRV_FETCH_ASSOC)
+	while( $row = sqlsrv_fetch_array( $stmtMitglieder, SQLSRV_FETCH_ASSOC) ) {
+		return trim($row['Name']);
+	}
+	
+}
+
+function getUserId($conn, $mail){
+	
+	$sqlMitglieder = "SELECT MitarbeiterID FROM kl_Mitarbeiter WHERE Email like '" . strtolower($mail) . "' ";
+	$stmtMitglieder = sqlsrv_query($conn, $sqlMitglieder);	
+	#$row = sqlsrv_fetch_array($stmtMitglieder, SQLSRV_FETCH_ASSOC)
+	while( $row = sqlsrv_fetch_array( $stmtMitglieder, SQLSRV_FETCH_ASSOC) ) {
+		return trim($row['MitarbeiterID']);
+	}
+	
+}
+
+
+
+function checkKaffeelisteAccess($conn, $mail)
+{
+	// Mitarbeiter aus der Datenbank abrufen und nach Namen sortieren
+	$sqlMitarbeiter = "SELECT MitarbeiterID FROM kl_Mitarbeiter WHERE Email like '" . strtolower($mail) . "' AND aktiv='1'";
+
+	$stmtMitarbeiter = sqlsrv_query($conn, $sqlMitarbeiter, array(), array("Scrollable"=>"buffered"));
+	$row_count = sqlsrv_num_rows( $stmtMitarbeiter );
+	#return $row_count;
+  if ($row_count == 1)
+  {
+    return true;
+  }else{
+	 return false;
+  } 
+}
+
+function checkKaffeelisteAdmin($conn, $mail)
+{
+	// Mitarbeiter aus der Datenbank abrufen und nach Namen sortieren
+	$sqlMitarbeiter = "SELECT MitarbeiterID FROM kl_Mitarbeiter WHERE Email like '" . strtolower($mail) . "' AND admin='1'";
+
+	$stmtMitarbeiter = sqlsrv_query($conn, $sqlMitarbeiter, array(), array("Scrollable"=>"buffered"));
+	$row_count = sqlsrv_num_rows( $stmtMitarbeiter );
+	#return $row_count;
+  if ($row_count == 1)
+  {
+    return true;
+  }else{
+	 return false;
+  } 
+}
+
+
+?>
\ No newline at end of file
diff --git a/functionsLDAP.php b/functionsLDAP.php
new file mode 100644
index 0000000..e4df15e
--- /dev/null
+++ b/functionsLDAP.php
@@ -0,0 +1,166 @@
+<?php
+ 
+
+
+#$kennungtemp = $_SERVER['AUTH_USER'];
+#$teile = explode("\\", $kennungtemp);
+#$kennung = $teile[1];
+
+$ad = ldap_connect("ldap://{$domain}") or die('Could not connect to LDAP server.');
+ 
+ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3);
+ldap_set_option($ad, LDAP_OPT_REFERRALS, 0);
+ 
+@ldap_bind($ad, "{$aduser}@{$domain}", $adpassword) or die('Could not bind to AD.');
+ 
+$userdn = getDN($ad, $kennung, $basedn);
+$mailadress = getADMail($ad, $kennung, $basedn);
+
+ 
+ldap_unbind($ad);
+ 
+/**
+ * This function searchs in LDAP tree entry specified by samaccountname and
+ * returns its DN or epmty string on failure.
+ *
+ * @param resource $ad
+ *          An LDAP link identifier, returned by ldap_connect().
+ * @param string $samaccountname
+ *          The sAMAccountName, logon name.
+ * @param string $basedn
+ *          The base DN for the directory.
+ * @return string
+ */
+function getDN($ad, $samaccountname, $basedn)
+{
+  $result = ldap_search($ad, $basedn, "(samaccountname={$samaccountname})", array(
+    'dn'
+  ));
+  if (! $result)
+  {
+    return '';
+  }
+ 
+  $entries = ldap_get_entries($ad, $result);
+  if ($entries['count'] > 0)
+  {
+    return $entries[0]['dn'];
+  }
+ 
+  return '';
+}
+
+function getADMail($ad, $samaccountname, $basedn)
+{
+	$attributes = array('mail');
+	$resultz = ldap_search($ad, $basedn, "(samaccountname={$samaccountname})", $attributes);
+	$entriesz = ldap_get_entries($ad, $resultz);
+	
+	#return $entriesz[0]['mail'];
+	#  $entries = ldap_get_entries($ad, $result);
+	  if ($entriesz['count'] > 0)
+	  {
+		 return $entriesz[0]['mail'][0];
+	  }
+	 
+	 return 'nichts gefunden';
+}
+
+ 
+/**
+ * This function retrieves and returns Common Name from a given Distinguished
+ * Name.
+ *
+ * @param string $dn
+ *          The Distinguished Name.
+ * @return string The Common Name.
+ */
+function getCN($dn)
+{
+  preg_match('/[^,]*/', $dn, $matchs, PREG_OFFSET_CAPTURE, 3);
+  return $matchs[0][0];
+}
+ 
+/**
+ * This function checks group membership of the user, searching only in
+ * specified group (not recursively).
+ *
+ * @param resource $ad
+ *          An LDAP link identifier, returned by ldap_connect().
+ * @param string $userdn
+ *          The user Distinguished Name.
+ * @param string $groupdn
+ *          The group Distinguished Name.
+ * @return boolean Return true if user is a member of group, and false if not
+ *         a member.
+ */
+function checkGroup($ad, $userdn, $groupdn)
+{
+  $result = ldap_read($ad, $userdn, "(memberof={$groupdn})", array(
+    'members'
+  ));
+  if (! $result)
+  {
+    return false;
+  }
+ 
+  $entries = ldap_get_entries($ad, $result);
+ 
+  return ($entries['count'] > 0);
+}
+ 
+/**
+ * This function checks group membership of the user, searching in specified
+ * group and groups which is its members (recursively).
+ *
+ * @param resource $ad
+ *          An LDAP link identifier, returned by ldap_connect().
+ * @param string $userdn
+ *          The user Distinguished Name.
+ * @param string $groupdn
+ *          The group Distinguished Name.
+ * @return boolean Return true if user is a member of group, and false if not
+ *         a member.
+ */
+function checkGroupEx($ad, $userdn, $groupdn)
+{
+  if ($groupdn == "")
+  {
+    return false;
+  }
+	
+  $result = ldap_read($ad, $userdn, '(objectclass=*)', array(
+    'memberof'
+  ));
+  if (! $result)
+  {
+    return false;
+  }
+ 
+  $entries = ldap_get_entries($ad, $result);
+  if ($entries['count'] <= 0)
+  {
+    return false;
+  }
+ 
+  if (empty($entries[0]['memberof']))
+  {
+    return false;
+  }
+ 
+  for ($i = 0; $i < $entries[0]['memberof']['count']; $i ++)
+  {
+    if ($entries[0]['memberof'][$i] == $groupdn)
+    {
+      return true;
+    }
+    elseif (checkGroupEx($ad, $entries[0]['memberof'][$i], $groupdn))
+    {
+      return true;
+    }
+  }
+ 
+  return false;
+}
+ 
+?>
\ No newline at end of file
diff --git a/header.php b/header.php
new file mode 100644
index 0000000..4b20ac5
--- /dev/null
+++ b/header.php
@@ -0,0 +1,38 @@
+<!DOCTYPE HTML>
+<!--
+	Miniport by HTML5 UP
+	html5up.net | @ajlkn
+	Free for personal and commercial use under the CCA 3.0 license (html5up.net/license)
+-->
+<html>
+	<head>
+		<title>Kaffeeliste</title>
+		<meta charset="utf-8" />
+		<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no" />
+		<link rel="stylesheet" href="assets/css/main.css" />
+	</head>
+	<body class="is-preload">
+<?php
+
+//echo "<div style='background-color: #ffeb3b; padding: 10px; text-align: center; font-weight: bold;'>1</div>";
+// Aktuelle Hinweise abrufen
+$sql = "SELECT nachricht FROM kl_hinweise WHERE gueltig_bis >= SYSDATETIME() ORDER BY gueltig_bis ASC";
+$stmt = sqlsrv_query($conn, $sql);
+
+if ($stmt === false) {
+    die(print_r(sqlsrv_errors(), true));
+}
+
+if ($row = sqlsrv_fetch_array($stmt, SQLSRV_FETCH_ASSOC)) {
+    echo "<div style='background-color: #ffeb3b; padding: 25px; text-align: center; font-weight: bold; font-size: 20px;'>"
+        . htmlspecialchars($row['nachricht']) .
+        "</div>";
+}
+
+?>
+		<!-- Wrapper -->
+			<div id="wrapper">
+
+				<!-- Main -->
+					<div id="main">
+						<div class="inner">
\ No newline at end of file