";
};
// Names of the headquarters e.g. for the global parameters
$hqNameArr = getColVectorFromDB2ArrayByClause("headquarters", "hq_name", "", "hq_id", "hq_id");
// All headquarters of the mandator and additional extended array with "0" (<=> all headquarters)
$f_hq_id_ext_len = 0;
if ($userTypeName == "hq") :
// Extended field needed for global parameters
$f_hq_id_ext = getColVectorFromDB2Array("mandatorheadquarters","md_id",$md_id,"hq_id");
array_unshift($f_hq_id_ext, 0);
$f_hq_id_ext_len = count($f_hq_id_ext);
endif;
// Get the rights of the employee logged in and check the accessibility
$empHasNoAccessToEmployees = FALSE;
$empHasNoAccessToModifyPDALocatingState = FALSE;
$empHasAccessToCC24 = FALSE;
$empHasAccessToResetPassword = FALSE;
$usrAccountReadOnly = "";
$empHasAccessToReset2FA = FALSE;
if ($userTypeName == "hq") :
if (!authCheckEmployeeRights($emp_id, "3")) : $empHasNoAccessToEmployees = TRUE; endif;
if (!authCheckEmployeeRights($emp_id, "9")) : $empHasNoAccessToModifyPDALocatingState = TRUE; endif;
if (authCheckEmployeeRights($emp_id, "34")) : $empHasAccessToCC24 = TRUE; endif;
if (authCheckEmployeeRights($emp_id, "37")) : $empHasAccessToResetPassword = TRUE; endif;
if (authCheckEmployeeRights($emp_id, "43")) : $empHasAccessToReset2FA = TRUE; endif;
elseif ($userTypeName == "cs") :
if (!authCheckEmployeeRights($emp_id, "2")) :
$empHasNoAccessToEmployees = TRUE;
endif;
$globalCustomerReadonlyDisabled = getParameterValue("0", "GLOBAL_CUSTOMER_READONLY_DISABLED", "0");
$usrDataEditable = FALSE;
$usrAccountReadOnly = " readonly";
if (authCheckEmployeeRights($emp_id, "10") || $globalCustomerReadonlyDisabled == "1") :
$usrDataEditable = TRUE;
$usrAccountReadOnly = "";
endif;
// else :
// die ("$PHP_SELF: Access denied!"); // REMARKED, because employee list will be restricted; emp. only can see himself !!!
endif;
$usrTypeEnabledFor2FA = getParameterValue("0", "USERTYPE_2FA_ENABLED", "0");
$usrNoDeactivationByUserOf2FA = getParameterValue("0", "USER_2FA_NO_DEACTIVATION", "0");
$ut2FAarr = explode(",", $usrTypeEnabledFor2FA);
// Birthdate
$f_usr_birthdate = "";
if ($f_usr_birthdate_year != "" && $f_usr_birthdate_month != "" && $f_usr_birthdate_day != "") :
$f_usr_birthdate = $f_usr_birthdate_year . "-" . pad($f_usr_birthdate_month, 2, "0") . "-" . pad($f_usr_birthdate_day, 2, "0");
endif;
// Current timestamp
$currentTime = getDateTime("0");
// Get all rights from the database
$rgtIdArray = getColVectorFromDB2ArrayByClause("rights", "rgt_id", "", "", "rgt_id");
$rgtNameArray = getColVectorFromDB2ArrayByClause("rights", "rgt_name", "", "rgt_id", "");
$rgtVipArray = getColVectorFromDB2ArrayByClause("rights", "rgt_vip", "", "rgt_id", "");
$rgtEmpVipArray = getColVectorFromDB2ArrayByClause("rights", "rgt_emp_vip", "", "rgt_id", "");
$rgtIdArrayLen = count($rgtIdArray);
// Max length of employee rights bit string
$parEmpRgtBitStrMaxLen = getParameterValue("0", "EMP_BITSTR_MAXLEN", "0");
if ($parEmpRgtBitStrMaxLen == "") : $parEmpRgtBitStrMaxLen = 50; endif;
// Check for mode of system usage
$globalParUseRelatedCustomer = getParameterValue("0", "GLOBAL_USE_RELATED_CUSTOMER", "0");
// Use right administration for employee-costcenter-matrix
$parMaskEmpCscMatrixEnabled = getParameterValue("0", "MASK_EMP_CSC_MATRIX_ENABLED", $hq_id);
if ($parMaskEmpCscMatrixEnabled == "") : $parMaskEmpCscMatrixEnabled = getParameterValue("0", "MASK_EMP_CSC_MATRIX_ENABLED", "0"); endif;
// For output only
$styleDivWidth01 = "110px";
$styleDivWidth02 = "190px"; // Container for parameterizing lists
// ********************************
// * Operations for the employees *
// ********************************
$jsRefreshEmployeeList = "0"; // Parameter for refreshing the employee list (opener)
if ($f_act != "") :
if ($f_act == "removeEmployee" || $f_act == "setPwd" || $f_act == "setRights" || $f_act == "setHqAccess" ||
($usr_name != "" && $usr_firstname != "" && $usr_account != "")) :
$jsRefreshEmployeeList = "1";
// Get the user_id of the current employee in $emp_id_act
$usrId = getFieldValueFromId("employee", "emp_id", $emp_id_act, "usr_id");
// Insert new employee
if ($f_act == "newEmployee") :
// Generate log string
$logString = makeLogString(array($userType,$usr_name,$usr_firstname,$usr_email,$usr_phone,$usr_phone2,$usr_account,$f_usr_birthdate), ";", "0");
// Check the user-account within the same customer(!)
// (Not costcenter but unique for all costcenters of a customer)
// Version for unique account for special customer
// $sqlquery = "SELECT usr.usr_id FROM user AS usr, employee AS emp, costcenter AS csc"
// . " WHERE usr_account = '" . $usr_account . "' AND emp.usr_id = usr.usr_id"
// . " AND emp.csc_id = csc.csc_id AND csc.cs_id = " . $customerId;
// Version for unique account for all customers (all data)
$sqlquery = "SELECT usr.usr_id FROM user AS usr"
. " WHERE usr.usr_account = '" . $usr_account . "' ";
$result = $db->query($sqlquery);
if (DB::isError($result)) die ("$PHP_SELF: " . $result->getMessage());
$insertFlag = TRUE;
while ($row = $result->fetch_assoc()):
$insertFlag = FALSE;
endwhile;
$result->free();
if ($insertFlag) :
if (checkPasswordValidation($usr_password,$usr_password2)) :
TA("B");
$sqlStmtPwd = "INSERT INTO user (hq_id,usr_type,usr_name,usr_firstname,usr_email,usr_phone,usr_phone2,usr_account,usr_password,usr_password_modify,usr_birthdate)" .
" VALUES ($hq_id,'$userType','$usr_name','$usr_firstname','$usr_email','$usr_phone','$usr_phone2','$usr_account',PASSWORD('$usr_password'),'$currentTime','$f_usr_birthdate')";
$res = $db->query($sqlStmtPwd);
if (DB::isError($res)) : die ("$PHP_SELF: " . $res->getMessage()); endif;
$usrId = getLastInsertID();
$sqlStmtPwd = "INSERT INTO employee (usr_id,csc_id,emp_headquarters)" .
" VALUES ($usrId,'$cscIdActual',$hq_id)";
$res = $db->query($sqlStmtPwd);
if (DB::isError($res)) : die ("$PHP_SELF: " . $res->getMessage()); endif;
$emp_id_new = getLastInsertId();
// Insert DEFAULTS in "parameter"
$mdId = getFieldValueFromId("mandatorheadquarters", "hq_id", $hq_id, "md_id");
// * Store configuration for customer list *
$csListConfigString = "cmp_comp,cmp_comp2,ad_street,ad_zipcode,cmp_match,cs_eid,usr_phone,usr_email,csc_id_jb_edit,cs_id_history,cs_id_report,cmp_authenticated_img,cs_id_jb_permanent,cmp_id_edit";
if (existsEntry("parameter",array("par_key","MASK_CS_LIST_COLS","emp_id",$emp_id_new,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_new, array("par_value", $csListConfigString), " par_key = 'MASK_CS_LIST_COLS' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "MASK_CS_LIST_COLS", "emp_id", $emp_id_new, "par_value", $csListConfigString, "hq_id", $hq_id, "md_id", $mdId));
endif;
// * Store configuration for courier list *
$crListConfigString = "cr_sid,crvh_vh_sign,cr_eid,crvh_prov,usr_name,usr_firstname,usr_phone,cr_mobile_pda,cmp_authenticated_img,cr_id_history,cr_id_report,cmp_id_edit,ad_zipcode,cr_serialno";
if (existsEntry("parameter",array("par_key","MASK_CR_LIST_COLS","emp_id",$emp_id_new,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_new, array("par_value", $crListConfigString), " par_key = 'MASK_CR_LIST_COLS' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "MASK_CR_LIST_COLS", "emp_id", $emp_id_new, "par_value", $crListConfigString, "hq_id", $hq_id, "md_id", $mdId));
endif;
// * Store configuration for job list *
$jbListConfigString = "jb_id,business_volume,jb_markup,jb_cr_price,jb_cr_subprice,jb_serviceprice,jb_bsg,jb_tourname,tr_comp,streethsno,jb_tourzipcodes,vht_value,jb_taketime,jb_ordertime,jb_warningtime,jb_map,jb_tr_sort,jb_reserv,jb_permanent,cr_id_favoured,jb_csc_id,cr_sid";
if (existsEntry("parameter",array("par_key","MASK_JB_LIST_COLS","emp_id",$emp_id_new,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_new, array("par_value", $jbListConfigString), " par_key = 'MASK_JB_LIST_COLS' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "MASK_JB_LIST_COLS", "emp_id", $emp_id_new, "par_value", $jbListConfigString, "hq_id", $hq_id, "md_id", $mdId));
endif;
// * Store configuration for customer-costcenter list (job edit) *
$cscscListConfigString = "cmp_comp,cmp_comp2,cs_eid,csc_name,cmp_match,cmp_authenticated_img,ad_street,cscad_hsno,ad_zipcode,ad_city,cscad_remark,cscad_person,cscad_phone,statistic";
if (existsEntry("parameter",array("par_key","MASK_CSCSC_LIST_COLS","emp_id",$emp_id_new,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_new, array("par_value", $cscscListConfigString), " par_key = 'MASK_CSCSC_LIST_COLS' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "MASK_CSCSC_LIST_COLS", "emp_id", $emp_id_new, "par_value", $cscscListConfigString, "hq_id", $hq_id, "md_id", $mdId));
endif;
// Automatischer E-Mail-Versand eines systemgenerierten Passwortes ???
// Associate the rights from the parent-employee automatically ??? Yes or not?
// ...
// Write logdata into log database
writeToLogDB("73",$hq_id,"",$usr_id,"","","","STATUS_NEW=" . $logString,"","",$emp_id_new);
TA("C");
TA("E");
// ********** HASH **********
// Check for execute functionality
if ($GLOBAL_USAGE_HASH) :
// Get current global number of THIS database instance
$constGlobalDbInstNo = getParameterValue("0", "GLOBAL_UNIQUE_DB_INSTANCE_NO", "0", "0");
if ($constGlobalDbInstNo != "" && is_numeric($constGlobalDbInstNo)) :
// Generate unique hash value e.g. for newsletter
$tmpHash = makeMD5Hash($hq_id, $usrId, $currentTime);
// Get database instance connection data of metaobject
$constExtDbInst = getExternalMetaDbInst();
$db_conn = getDbConnectionSpecial($constExtDbInst, $dbname, $dblogin, $dbpassword);
$tmpSqlQuery = "INSERT meta_object.metaobject (mo_id_ref_db,mo_obj_type,mo_obj_id,mo_hash) VALUES ('" . $constGlobalDbInstNo . "','usr','" . $usrId . "','" . $tmpHash . "') ";
$result = $db_conn->query($tmpSqlQuery);
$err = "";
if (DB::isError($result)) {$err = "ERR";};
if ($err == "ERR") :
// Message to system administrator...
// $statusMessage = getLngt("Message to system administrator...!");
endif;
endif;
endif;
// Redirect to list view
header("Location: ../admin/employee_list.php?currentNavigationItem=zentralenmitarbeiter&emp_id_act=" . ec($emp_id) . "&customerId=" . ec($customerId) . "&cscIdRoot=" . ec($cscIdRoot) . "&cscIdActual=" . ec($cscIdActual));
endif;
else :
$statusMessage = getLngt("Der Benutzername existiert schon! Bitte wählen Sie einen anderen!");
endif;
endif;
// Modify employee
if ($f_act == "modifyEmployee" && $emp_id_act != "") :
// Check the user-account except the current to be modified in $emp_id_act
$sqlquery = "SELECT usr.usr_id FROM user AS usr, employee AS emp"
. " WHERE usr.usr_account = '" . $usr_account . "' AND usr.hq_id = " . $hq_id . " AND"
. " emp.usr_id = usr.usr_id AND"
. " emp.emp_id != $emp_id_act";
$result = $db->query($sqlquery);
if (DB::isError($result)) die ("$PHP_SELF: " . $result->getMessage());
$updateFlag = TRUE;
while ($row = $result->fetch_assoc()):
$updateFlag = FALSE;
endwhile;
$result->free();
if ($updateFlag) :
if ($usrId != "") :
$tmpUsrName = getFieldValueFromId("user", "usr_id", $usrId, "usr_name");
$tmpUsrFirstName = getFieldValueFromId("user", "usr_id", $usrId, "usr_firstname");
$tmpUsrAccount = getFieldValueFromId("user", "usr_id", $usrId, "usr_account");
$tmpUsrPassword = getFieldValueFromId("user", "usr_id", $usrId, "usr_password");
$tmpEmpActRigths = getFieldValueFromId("employee", "emp_id", $emp_id_act, "emp_rights");
$tmpUsrBirthdate = getFieldValueFromId("user", "usr_id", $usrId, "usr_birthdate");
$logString = makeLogString(array($tmpUsrName,$tmpUsrFirstName,$tmpUsrAccount,$tmpEmpActRigths,$tmpUsrPassword,$tmpEmpActRigths,$tmpUsrBirthdate), ";", "0");
$defaultFields = array("usr_name",$usr_name,"usr_firstname",$usr_firstname,"usr_email",$usr_email,"usr_phone",$usr_phone,"usr_phone2",$usr_phone2,"usr_account",$usr_account,"usr_birthdate",$f_usr_birthdate);
updateStmt("user","usr_id",$usrId,$defaultFields);
// Write logdata into log database
writeToLogDB("74",$hq_id,"",$usr_id,"","","","STATUS_MODIFIED=" . $logString,"","",$emp_id_act);
else :
$statusMessage = getLngt("Datenfehler! Löschen Sie bitte den Mitarbeiter und legen Sie ihn neu an! :-(");
endif;
else :
$statusMessage = getLngt("Der Benutzername existiert schon! Bitte wählen Sie einen anderen!");
endif;
endif;
// Change password
if ($f_act == "setPwd") :
// Get the emp_id of the root admin because he/she is allowed to change a password of an employee
$empIdRootAdmin = getEmpIdOfRootAdmin($userTypeName);
if ($emp_id == $emp_id_act || ($empIdRootAdmin != "" && $emp_id == $empIdRootAdmin) || ($empHasAccessToResetPassword && $emp_id_act != $empIdRootAdmin)) :
if (checkPasswordValidation($usr_password,$usr_password2)) :
if ($usrId != "") :
TA("B");
$tmpUsrName = getFieldValueFromId("user", "usr_id", $usrId, "usr_name");
$tmpUsrFirstName = getFieldValueFromId("user", "usr_id", $usrId, "usr_firstname");
$tmpUsrAccount = getFieldValueFromId("user", "usr_id", $usrId, "usr_account");
$logString = makeLogString(array($tmpUsrName,$tmpUsrFirstName,$tmpUsrAccount), ";", "0");
// Get old password hash (extra call of function necessary to avoid overwriting of parameter "usr_password" !)
$tmpOldPwdHash = getFieldValueFromId("user","usr_id",$usrId,"usr_password");
$sqlStmtPwd = "UPDATE user SET usr_password = PASSWORD('$usr_password'), usr_password_modify = '" . $currentTime . "' WHERE usr_id = '" . $usrId . "'";
$res = $db->query($sqlStmtPwd);
if (DB::isError($res)) : die ("$PHP_SELF: " . $res->getMessage()); endif;
// Get hash value of the new password
$tmpNewPwdHash = getFieldValueFromId("user","usr_id",$usrId,"usr_password");
// Write logdata into log database
writeToLogDB("76",$hq_id,"",$usr_id,"","","","PASSWORD_OLD=" . $tmpOldPwdHash . "|PASSWORD_NEW=" . $tmpNewPwdHash . "|USER_INFO=" . $logString,"","",$emp_id_act);
$statusMessage = getLngt("Das Passwort wurde geändert!");
TA("C");
TA("E");
else :
$statusMessage = getLngt("Datenfehler! Löschen Sie bitte den Mitarbeiter und legen Sie ihn neu an! :-(");
endif;
endif;
else :
$statusMessage = getLngt("Sie sind leider nicht autorisiert!");
endif;
endif;
// Reset 2-FA
if ($f_act == "reset2FAEmployee") :
// Get the emp_id of the root admin because he/she is allowed to change a password of an employee
$empIdRootAdmin = getEmpIdOfRootAdmin($userTypeName);
if ($emp_id == $emp_id_act || ($empIdRootAdmin != "" && $emp_id == $empIdRootAdmin) || ($empHasAccessToReset2FA && $emp_id_act != $empIdRootAdmin)) :
if ($emp_id_act != "") :
$retVal = user2FARemove($emp_id_act, "emp");
$statusMessage = $retVal[1];
else :
$statusMessage = getLngt("Der spezifizierte Mitarbeiter ist nicht im Datenbestand erhalten!");
endif;
else :
$statusMessage = getLngt("Sie haben keinen Mitarbeiter spezifiziert!");
endif;
endif;
// --- STOCK RIGHTS BEGIN ---------------------------------------------------------------
// Change access to root stocks
if ($f_act == "setAccessRootStocks") :
// Get the emp_id of the root admin because he/she is allowed to change a password of an employee
$empIdRootAdmin = getEmpIdOfRootAdmin($userTypeName);
if ($emp_id_act != $empIdRootAdmin) :
if ($emp_id_act != $emp_id) :
$allRootStocksArray = getColVectorFromDB2ArrayByClause("stock", "stk_id", "stk_pre_id = '0' AND stk_path = ''", "", "");
if (!is_array($par_stock_access) || $par_stock_access == "") : $par_stock_access = array(); endif;
$stkRootAccessIDsEmpIdArray = array();
$stkRootAccessIDsActEmpIdArray = array();
// Currrent user logged in
if ($emp_id == $empIdRootAdmin) :
$stkRootAccessIDsEmpIdArray = $allRootStocksArray;
$stkRootAccessIDsEmpId = implode(",", $stkRootAccessIDsEmpIdArray);
else :
$stkRootAccessIDsEmpId = getParameterValue($emp_id, "MASK_STK_ROOT_ACCESS");
if ($stkRootAccessIDsEmpId != "") :
$stkRootAccessIDsEmpIdArray = explode(",",$stkRootAccessIDsEmpId);
endif;
endif;
// Current user to be viewed or edited
$stkRootAccessIDsActEmpId = getParameterValue($emp_id_act, "MASK_STK_ROOT_ACCESS");
if ($stkRootAccessIDsActEmpId != "") :
$stkRootAccessIDsActEmpIdArray = explode(",",$stkRootAccessIDsActEmpId);
endif;
if (count($par_stock_access) > 0) :
// Get the elements the executing employee has access for, but wanted to be disabled for the edited employee (elements to be switched OFF)
$tmpEmpIdRestArray = array_diff($stkRootAccessIDsEmpIdArray, $par_stock_access);
// Get all elements to be switched ON for the edited employee
$tmpEmpIdActUnionArray = array_unique(array_merge($stkRootAccessIDsActEmpIdArray, $par_stock_access));
else :
// All elements the executing employee has access for will be switched OFF for the editing employee
$tmpEmpIdRestArray = $stkRootAccessIDsEmpIdArray;
// Only the existing elements the edited employee has access for are the superset of the merge
$tmpEmpIdActUnionArray = $stkRootAccessIDsActEmpIdArray;
endif;
$storeArray = array_diff($tmpEmpIdActUnionArray, $tmpEmpIdRestArray);
$storeString = implode(",", $storeArray);
if (existsEntry("parameter",array("par_key","MASK_STK_ROOT_ACCESS","emp_id",$emp_id_act,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_act, array("par_value", $storeString), " par_key = 'MASK_STK_ROOT_ACCESS' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "MASK_STK_ROOT_ACCESS", "emp_id", $emp_id_act, "par_value", $storeString, "hq_id", $hq_id, "md_id", $md_id));
endif;
// Switch access state between readonly and writeable substocks if possible (only the changing employee is NOT readonly by himself!)
$tmpStkReadonlyEmpId = getParameterValue($emp_id, "MASK_STK_READONLY_WHERE_DEFINED_WRITEACCESS");
if ($tmpStkReadonlyEmpId == "") : $tmpStkReadonlyEmpId = "0"; endif;
if ($emp_id == $empIdRootAdmin || $tmpStkReadonlyEmpId == "0") :
if (existsEntry("parameter",array("par_key","MASK_STK_READONLY_WHERE_DEFINED_WRITEACCESS","emp_id",$emp_id_act,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_act, array("par_value", $par_substocks_readonly), " par_key = 'MASK_STK_READONLY_WHERE_DEFINED_WRITEACCESS' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "MASK_STK_READONLY_WHERE_DEFINED_WRITEACCESS", "emp_id", $emp_id_act, "par_value", $par_substocks_readonly, "hq_id", $hq_id, "md_id", $md_id));
endif;
endif;
// Switch access state for article master data
$tmpStkArticleAccessEmpId = getParameterValue($emp_id, "MASK_STK_ARTICLE_ACCESS");
if ($tmpStkArticleAccessEmpId == "") : $tmpStkArticleAccessEmpId = "0"; endif;
if ($emp_id == $empIdRootAdmin || $tmpStkArticleAccessEmpId == "0") :
if (existsEntry("parameter",array("par_key","MASK_STK_ARTICLE_ACCESS","emp_id",$emp_id_act,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_act, array("par_value", $par_stk_article_access), " par_key = 'MASK_STK_ARTICLE_ACCESS' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "MASK_STK_ARTICLE_ACCESS", "emp_id", $emp_id_act, "par_value", $par_stk_article_access, "hq_id", $hq_id, "md_id", $md_id));
endif;
endif;
else :
$statusMessage = getLngt("Ihre eigenen Lagerzugänge können Sie nicht verändern!");
endif;
else :
$statusMessage = getLngt("Sie sind leider nicht autorisiert!");
endif;
endif;
// Right management of substocks
if ($f_act == "setAccessSubtocks") :
// Get the emp_id of the root admin because he/she is allowed to change a password of an employee
$empIdRootAdmin = getEmpIdOfRootAdmin($userTypeName);
if ($emp_id_act != $empIdRootAdmin) :
if ($emp_id_act != $emp_id) :
// Get parameter of the viewed or edited emloyee to check the right for substock level
$parMaskStkSubstockActEmpIdAccess = getParameterValue($emp_id_act, "MASK_STK_SUBSTOCK_ACCESS");
// echo "PARAMETER EMP_ACT: " . $parMaskStkSubstockActEmpIdAccess . " ";
$parMaskStkSubstockActEmpIdAccess = str_replace("|", "--", $parMaskStkSubstockActEmpIdAccess);
$tmpPairsActEmpIdArray = explode("--", $parMaskStkSubstockActEmpIdAccess);
$tmpPairsActEmpIdArrayLen = count($tmpPairsActEmpIdArray);
// echo "rootStkIdForSubstkPar: " . $rootStkIdForSubstkPar . " " . getFieldValueFromId("stock","stk_id", $rootStkIdForSubstkPar,"stk_name") . " ";
// Get all HTTP-POST parameters for the substocks
if ($rootStkIdForSubstkPar > 0 && is_numeric($rootStkIdForSubstkPar)) :
$allRootStocksArray = getColVectorFromDB2ArrayByClause("stock", "stk_id", "stk_pre_id = '0' AND stk_path = ''", "", "");
list ($currStock) = getSecHttpVars("1",array("par_stock_access_subtree_" . $rootStkIdForSubstkPar));
// echo "currStock: " . $currStock . " " . getFieldValueFromId("stock","stk_id", $currStock,"stk_name") . " ";
// Check parameter being a root stock or a substock or it is empty
if ($currStock == "") :
// echo "DRIN 1
";
// Current stock is empty, no parameter change
// ...
elseif (in_array($currStock, $allRootStocksArray)) :
// echo "DRIN 2
";
// Current stock is a root stock
// Check restriction of the viewed or edited employee according to the current root stock
for ($j = 0; $j < $tmpPairsActEmpIdArrayLen; $j++) :
$tmpSubStockTupel = explode(",", $tmpPairsActEmpIdArray[$j]);
if ($tmpSubStockTupel[0] == $rootStkIdForSubstkPar) :
unset($tmpPairsActEmpIdArray[$j]);
endif;
endfor;
else :
// echo "DRIN 3
";
// Check restriction of the viewed or edited employee according to the current root stock
$tmpFound = false;
for ($j = 0; $j < $tmpPairsActEmpIdArrayLen; $j++) :
$tmpSubStockTupel = explode(",", $tmpPairsActEmpIdArray[$j]); // E.g. "3,7,4,12,26" <=> (3 = root stock, the others substocks)
if ($tmpSubStockTupel[0] == $rootStkIdForSubstkPar) :
// echo $tmpSubStockTupel[0] . " => ";
// Update ...
$newSubstockIds = $tmpSubStockTupel;
$tmpSubStockTupelLen = count($tmpSubStockTupel);
$opDone = false;
for ($k = 1; $k < $tmpSubStockTupelLen; $k++) :
if ($currStock == $tmpSubStockTupel[$k]) :
if ($rootStkOpForSubstkPar == "add") :
// It does exist, do nothing ...
$opDone = true;
endif;
if ($rootStkOpForSubstkPar == "sub") :
unset($newSubstockIds[$k]);
$opDone = true;
endif;
endif;
if (isStkChild($currStock, $tmpSubStockTupel[$k])) :
if ($rootStkOpForSubstkPar == "add") :
$newSubstockIds[$k] = $currStock;
$opDone = true;
endif;
endif;
endfor;
if (!$opDone) :
// Add new resriction
if ($rootStkOpForSubstkPar == "add") :
$newSubstockIds[] = $currStock;
endif;
endif;
// Check for removement of all substock rights but the root stock
$newSubstockIdsStr = "";
if (count($newSubstockIds) > 1) :
$newSubstockIdsStr = implode(",", $newSubstockIds);
endif;
$tmpPairsActEmpIdArray[$j] = $newSubstockIdsStr;
// echo "tmpPairsActEmpIdArray: " . $tmpPairsActEmpIdArray[$j] . " ";
$tmpFound = true;
endif;
endfor;
if (!$tmpFound) :
// Insert ...
$tmpPairsActEmpIdArray[] = $rootStkIdForSubstkPar . "," . $currStock;
endif;
endif;
// Implode updated parameter value to store
$tmpPairsActEmpId = implode("|", $tmpPairsActEmpIdArray);
if (substr($tmpPairsActEmpId, 0, 1) == "|") : $tmpPairsActEmpId = substr($tmpPairsActEmpId, 1); endif;
if (substr($tmpPairsActEmpId, -1) == "|") : $tmpPairsActEmpId = substr($tmpPairsActEmpId, 0, -1); endif;
// echo "tmpPairsActEmpId: " . $tmpPairsActEmpId . " ";
if (existsEntry("parameter",array("par_key","MASK_STK_SUBSTOCK_ACCESS","emp_id",$emp_id_act,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_act, array("par_value", $tmpPairsActEmpId), " par_key = 'MASK_STK_SUBSTOCK_ACCESS' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "MASK_STK_SUBSTOCK_ACCESS", "emp_id", $emp_id_act, "par_value", $tmpPairsActEmpId, "hq_id", $hq_id, "md_id", $md_id));
endif;
endif;
else :
$statusMessage = getLngt("Ihre eigenen Lagerzugänge können Sie nicht verändern!");
endif;
else :
$statusMessage = getLngt("Sie sind leider nicht autorisiert!");
endif;
endif;
// --- STOCK RIGHTS END -----------------------------------------------------------------
// Change parameters of the employee (... for global parameters look beyond)
if ($f_act == "setPar") :
// Get the emp_id of the root admin because he/she is allowed to change parameters of an employee
$empIdRootAdmin = getEmpIdOfRootAdmin($userTypeName);
if ($emp_id == $emp_id_act || ($empIdRootAdmin != "" && $emp_id == $empIdRootAdmin)) :
if (getDbFieldValues("employee",array("usr_id"),array("emp_id",$emp_id_act))) :
// 1. Write parameter for number of job lists (frames) to be displayed
if (is_numeric($par_numOfJobLists)) :
if (existsEntry("parameter",array("par_key","MASK_MULTI_JOBLIST","emp_id",$emp_id_act,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_act, array("par_value", $par_numOfJobLists), " par_key = 'MASK_MULTI_JOBLIST' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "MASK_MULTI_JOBLIST", "emp_id", $emp_id_act, "par_value", $par_numOfJobLists, "hq_id", $hq_id, "md_id", $md_id));
endif;
else :
$statusMessage = "";
endif;
// 2. Mode to copy a job
if (is_numeric($par_modeCopyJob)) :
if (existsEntry("parameter",array("par_key","MODE_COPY_JOB","emp_id",$emp_id_act,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_act, array("par_value", $par_modeCopyJob), " par_key = 'MODE_COPY_JOB' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "MODE_COPY_JOB", "emp_id", $emp_id_act, "par_value", $par_modeCopyJob, "hq_id", $hq_id, "md_id", $md_id));
endif;
else :
$statusMessage = "";
endif;
// 3. Mode to insert later jobs (flag "Nacherfassung")
if (is_numeric($par_modeLaterJob)) :
if (existsEntry("parameter",array("par_key","MODE_LATER_JOB","emp_id",$emp_id_act,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_act, array("par_value", $par_modeLaterJob), " par_key = 'MODE_LATER_JOB' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "MODE_LATER_JOB", "emp_id", $emp_id_act, "par_value", $par_modeLaterJob, "hq_id", $hq_id, "md_id", $md_id));
endif;
else :
$statusMessage = "";
endif;
// 4. Max. of entries to be displayed in the joblist
if (is_numeric($par_joblistBrowseMax)) :
if (existsEntry("parameter",array("par_key","MASK_JOBLIST_BROWSE_MAX","emp_id",$emp_id_act,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_act, array("par_value", $par_joblistBrowseMax), " par_key = 'MASK_JOBLIST_BROWSE_MAX' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "MASK_JOBLIST_BROWSE_MAX", "emp_id", $emp_id_act, "par_value", $par_joblistBrowseMax, "hq_id", $hq_id, "md_id", $md_id));
endif;
else :
$statusMessage = "";
endif;
// 5. Display entries only up to this vehicle type
if (is_numeric($par_joblistShowUpToVht)) :
if (existsEntry("parameter",array("par_key","MASK_JOBLIST_SHOW_UPTO_VHT","emp_id",$emp_id_act,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_act, array("par_value", $par_joblistShowUpToVht), " par_key = 'MASK_JOBLIST_SHOW_UPTO_VHT' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "MASK_JOBLIST_SHOW_UPTO_VHT", "emp_id", $emp_id_act, "par_value", $par_joblistShowUpToVht, "hq_id", $hq_id, "md_id", $md_id));
endif;
else :
$statusMessage = "";
endif;
// 6. Mode to handle entering job numbers in field "job_from"
if (is_numeric($par_modeJobNum)) :
if (existsEntry("parameter",array("par_key","MASK_JOBLIST_MODE_JOB_NUM","emp_id",$emp_id_act,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_act, array("par_value", $par_modeJobNum), " par_key = 'MASK_JOBLIST_MODE_JOB_NUM' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "MASK_JOBLIST_MODE_JOB_NUM", "emp_id", $emp_id_act, "par_value", $par_modeJobNum, "hq_id", $hq_id, "md_id", $md_id));
endif;
else :
$statusMessage = "";
endif;
// 7. Automatic refresh
if (is_numeric($par_modeJoblistRefresh)) :
if (existsEntry("parameter",array("par_key","MASK_JOBLIST_MODE_REFRESH","emp_id",$emp_id_act,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_act, array("par_value", $par_modeJoblistRefresh), " par_key = 'MASK_JOBLIST_MODE_REFRESH' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "MASK_JOBLIST_MODE_REFRESH", "emp_id", $emp_id_act, "par_value", $par_modeJoblistRefresh, "hq_id", $hq_id, "md_id", $md_id));
endif;
else :
$statusMessage = "";
endif;
// 8. Background colors of the content
if (is_numeric($par_ContentBgCols)) :
if (existsEntry("parameter",array("par_key","MASK_CONTENT_BGCOL","emp_id",$emp_id_act,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_act, array("par_value", $par_ContentBgCols), " par_key = 'MASK_CONTENT_BGCOL' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "MASK_CONTENT_BGCOL", "emp_id", $emp_id_act, "par_value", $par_ContentBgCols, "hq_id", $hq_id, "md_id", $md_id));
endif;
else :
$statusMessage = "";
endif;
// 9. System language
if (is_numeric($par_systemLanguage)) :
if (existsEntry("parameter",array("par_key","SYSTEM_LANGUAGE_DEFAULT","emp_id",$emp_id_act,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_act, array("par_value", $par_systemLanguage), " par_key = 'SYSTEM_LANGUAGE_DEFAULT' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "SYSTEM_LANGUAGE_DEFAULT", "emp_id", $emp_id_act, "par_value", $par_systemLanguage, "hq_id", $hq_id, "md_id", $md_id));
endif;
else :
$statusMessage = "";
endif;
// 10. Inclusion of courier data for columns
if (is_numeric($par_modeJoblistGetCourierData)) :
if (existsEntry("parameter",array("par_key","MASK_JOBLIST_GET_COURIER_DATA","emp_id",$emp_id_act,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_act, array("par_value", $par_modeJoblistGetCourierData), " par_key = 'MASK_JOBLIST_GET_COURIER_DATA' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "MASK_JOBLIST_GET_COURIER_DATA", "emp_id", $emp_id_act, "par_value", $par_modeJoblistGetCourierData, "hq_id", $hq_id, "md_id", $md_id));
endif;
else :
$statusMessage = "";
endif;
// 11. Initial group for the (graphical) disposition
if (is_numeric($par_dispoJbVhtGroup)) :
if (existsEntry("parameter",array("par_key","MASK_DISPOSITION_INIT_GROUP","emp_id",$emp_id_act,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_act, array("par_value", $par_dispoJbVhtGroup), " par_key = 'MASK_DISPOSITION_INIT_GROUP' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "MASK_DISPOSITION_INIT_GROUP", "emp_id", $emp_id_act, "par_value", $par_dispoJbVhtGroup, "hq_id", $hq_id, "md_id", $md_id));
endif;
else :
$statusMessage = "";
endif;
// 12. Initial customer for the (graphical) disposition, depending on the selected group
if (is_numeric($par_dispoJbVhtCustomer)) :
// Check dependency of group parameter "$par_dispoJbVhtGroup"
if ($par_dispoJbVhtGroup == "0") : $par_dispoJbVhtCustomer = "0"; endif;
if (existsEntry("parameter",array("par_key","MASK_DISPOSITION_INIT_CS","emp_id",$emp_id_act,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_act, array("par_value", $par_dispoJbVhtCustomer), " par_key = 'MASK_DISPOSITION_INIT_CS' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "MASK_DISPOSITION_INIT_CS", "emp_id", $emp_id_act, "par_value", $par_dispoJbVhtCustomer, "hq_id", $hq_id, "md_id", $md_id));
endif;
else :
$statusMessage = "";
endif;
// Kind of list to be displayed in each frame
// $jobListArray = explode(",",MASK_JOBLIST_DEFAULTLIST); // Init components with default values
$jobListArray = explode(",",getParameterValue("0", "MASK_JOBLIST_DEFAULTLIST")); // Init components with default values
if (is_numeric($par_statusOfJobLists_1)) : $jobListArray[0] = $par_statusOfJobLists_1; endif;
if (is_numeric($par_statusOfJobLists_2)) : $jobListArray[1] = $par_statusOfJobLists_2; endif;
if (is_numeric($par_statusOfJobLists_3)) : $jobListArray[2] = $par_statusOfJobLists_3; endif;
if (is_numeric($par_statusOfJobLists_4)) : $jobListArray[3] = $par_statusOfJobLists_4; endif;
$jobListString = implode(",", $jobListArray);
if (existsEntry("parameter",array("par_key","MASK_JOBLIST_DEFAULTLIST","emp_id",$emp_id_act,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_act, array("par_value", $jobListString), " par_key = 'MASK_JOBLIST_DEFAULTLIST' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "MASK_JOBLIST_DEFAULTLIST", "emp_id", $emp_id_act, "par_value", $jobListString, "hq_id", $hq_id, "md_id", $md_id));
endif;
// List configurations (customer, courier, jobs, customer-costcenter, ...)
$csListConfigArray = explode(",",getParameterValue("0", "MASK_CS_LIST_COLS")); // Init components with default values
$crListConfigArray = explode(",",getParameterValue("0", "MASK_CR_LIST_COLS")); // Dito
$jbListConfigArray = explode(",",getParameterValue("0", "MASK_JB_LIST_COLS")); // Dito
$cscscListConfigArray = explode(",",getParameterValue("0", "MASK_CSCSC_LIST_COLS")); // Dito
for ($j = 0; $j < $constNumOfFieldParameters; $j++) :
// Sequence
$tmpParCs = "par_csListConfig_" . ($j + 1);
$tmpParCr = "par_crListConfig_" . ($j + 1);
$tmpParJb = "par_jbListConfig_" . ($j + 1);
$tmpParCscsc = "par_cscscListConfig_" . ($j + 1);
$csListConfigArray[$j] = $$tmpParCs;
$crListConfigArray[$j] = $$tmpParCr;
$jbListConfigArray[$j] = $$tmpParJb;
$cscscListConfigArray[$j] = $$tmpParCscsc;
// Length
$tmpParLenCs = "par_csListLenConfig_" . ($j + 1);
$tmpParLenCr = "par_crListLenConfig_" . ($j + 1);
$tmpParLenJb = "par_jbListLenConfig_" . ($j + 1);
$tmpParLenCscsc = "par_cscscListLenConfig_" . ($j + 1);
$csListLenConfigArray[$j] = $$tmpParLenCs;
if ($csListConfigArray[$j] == "") : $csListLenConfigArray[$j] = ""; endif;
$crListLenConfigArray[$j] = $$tmpParLenCr;
if ($crListConfigArray[$j] == "") : $crListLenConfigArray[$j] = ""; endif;
$jbListLenConfigArray[$j] = $$tmpParLenJb;
if ($jbListConfigArray[$j] == "") : $jbListLenConfigArray[$j] = ""; endif;
$cscscListLenConfigArray[$j] = $$tmpParLenCscsc;
if ($cscscListConfigArray[$j] == "") : $cscscListLenConfigArray[$j] = ""; endif;
endfor;
// * Customer list *
// Sequence
$csListConfigString = implode(",", $csListConfigArray);
while (!(strpos($csListConfigString, ",,") === FALSE)):
$csListConfigString = str_replace(",,", ",", $csListConfigString);
endwhile;
while ((strlen($csListConfigString) > 0) && (substr($csListConfigString, 0, 1) == ",")):
$csListConfigString = substr($csListConfigString, 1);
endwhile;
while ((strlen($csListConfigString) > 0) && (substr($csListConfigString, -1) == ",")):
$csListConfigString = substr($csListConfigString, 0, -1);
endwhile;
// Length
$csListLenConfigString = implode(",", $csListLenConfigArray);
while (!(strpos($csListLenConfigString, ",,") === FALSE)):
$csListLenConfigString = str_replace(",,", ",", $csListLenConfigString);
endwhile;
while ((strlen($csListLenConfigString) > 0) && (substr($csListLenConfigString, 0, 1) == ",")):
$csListLenConfigString = substr($csListLenConfigString, 1);
endwhile;
while ((strlen($csListLenConfigString) > 0) && (substr($csListLenConfigString, -1) == ",")):
$csListLenConfigString = substr($csListLenConfigString, 0, -1);
endwhile;
// * Courier list *
// Sequence
$crListConfigString = implode(",", $crListConfigArray);
while (!(strpos($crListConfigString, ",,") === FALSE)):
$crListConfigString = str_replace(",,", ",", $crListConfigString);
endwhile;
while ((strlen($crListConfigString) > 0) && (substr($crListConfigString, 0, 1) == ",")):
$crListConfigString = substr($crListConfigString, 1);
endwhile;
while ((strlen($crListConfigString) > 0) && (substr($crListConfigString, -1) == ",")):
$crListConfigString = substr($crListConfigString, 0, -1);
endwhile;
// Length
$crListLenConfigString = implode(",", $crListLenConfigArray);
while (!(strpos($crListLenConfigString, ",,") === FALSE)):
$crListLenConfigString = str_replace(",,", ",", $crListLenConfigString);
endwhile;
while ((strlen($crListLenConfigString) > 0) && (substr($crListLenConfigString, 0, 1) == ",")):
$crListLenConfigString = substr($crListLenConfigString, 1);
endwhile;
while ((strlen($crListLenConfigString) > 0) && (substr($crListLenConfigString, -1) == ",")):
$crListLenConfigString = substr($crListLenConfigString, 0, -1);
endwhile;
// * Job list *
// Sequence
$jbListConfigString = implode(",", $jbListConfigArray);
while (!(strpos($jbListConfigString, ",,") === FALSE)):
$jbListConfigString = str_replace(",,", ",", $jbListConfigString);
endwhile;
while ((strlen($jbListConfigString) > 0) && (substr($jbListConfigString, 0, 1) == ",")):
$jbListConfigString = substr($jbListConfigString, 1);
endwhile;
while ((strlen($jbListConfigString) > 0) && (substr($jbListConfigString, -1) == ",")):
$jbListConfigString = substr($jbListConfigString, 0, -1);
endwhile;
// Length
$jbListLenConfigString = implode(",", $jbListLenConfigArray);
while (!(strpos($jbListLenConfigString, ",,") === FALSE)):
$jbListLenConfigString = str_replace(",,", ",", $jbListLenConfigString);
endwhile;
while ((strlen($jbListLenConfigString) > 0) && (substr($jbListLenConfigString, 0, 1) == ",")):
$jbListLenConfigString = substr($jbListLenConfigString, 1);
endwhile;
while ((strlen($jbListLenConfigString) > 0) && (substr($jbListLenConfigString, -1) == ",")):
$jbListLenConfigString = substr($jbListLenConfigString, 0, -1);
endwhile;
// * Customer costcenter list (job edit) *
// Sequence
$cscscListConfigString = implode(",", $cscscListConfigArray);
while (!(strpos($cscscListConfigString, ",,") === FALSE)):
$cscscListConfigString = str_replace(",,", ",", $cscscListConfigString);
endwhile;
while ((strlen($cscscListConfigString) > 0) && (substr($cscscListConfigString, 0, 1) == ",")):
$cscscListConfigString = substr($cscscListConfigString, 1);
endwhile;
while ((strlen($cscscListConfigString) > 0) && (substr($cscscListConfigString, -1) == ",")):
$cscscListConfigString = substr($cscscListConfigString, 0, -1);
endwhile;
// Length
$cscscListLenConfigString = implode(",", $cscscListLenConfigArray);
while (!(strpos($cscscListLenConfigString, ",,") === FALSE)):
$cscscListLenConfigString = str_replace(",,", ",", $cscscListLenConfigString);
endwhile;
while ((strlen($cscscListLenConfigString) > 0) && (substr($cscscListLenConfigString, 0, 1) == ",")):
$cscscListLenConfigString = substr($cscscListLenConfigString, 1);
endwhile;
while ((strlen($cscscListLenConfigString) > 0) && (substr($cscscListLenConfigString, -1) == ",")):
$cscscListLenConfigString = substr($cscscListLenConfigString, 0, -1);
endwhile;
// * Store configuration for customer list *
if (existsEntry("parameter",array("par_key","MASK_CS_LIST_COLS","emp_id",$emp_id_act,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_act, array("par_value", $csListConfigString), " par_key = 'MASK_CS_LIST_COLS' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "MASK_CS_LIST_COLS", "emp_id", $emp_id_act, "par_value", $csListConfigString, "hq_id", $hq_id, "md_id", $md_id));
endif;
if (existsEntry("parameter",array("par_key","MASK_CS_LIST_LEN_COLS","emp_id",$emp_id_act,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_act, array("par_value", $csListLenConfigString), " par_key = 'MASK_CS_LIST_LEN_COLS' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "MASK_CS_LIST_LEN_COLS", "emp_id", $emp_id_act, "par_value", $csListLenConfigString, "hq_id", $hq_id, "md_id", $md_id));
endif;
// * Store configuration for courier list *
if (existsEntry("parameter",array("par_key","MASK_CR_LIST_COLS","emp_id",$emp_id_act,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_act, array("par_value", $crListConfigString), " par_key = 'MASK_CR_LIST_COLS' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "MASK_CR_LIST_COLS", "emp_id", $emp_id_act, "par_value", $crListConfigString, "hq_id", $hq_id, "md_id", $md_id));
endif;
if (existsEntry("parameter",array("par_key","MASK_CR_LIST_LEN_COLS","emp_id",$emp_id_act,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_act, array("par_value", $crListLenConfigString), " par_key = 'MASK_CR_LIST_LEN_COLS' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "MASK_CR_LIST_LEN_COLS", "emp_id", $emp_id_act, "par_value", $crListLenConfigString, "hq_id", $hq_id, "md_id", $md_id));
endif;
// * Store configuration for job list *
if (existsEntry("parameter",array("par_key","MASK_JB_LIST_COLS","emp_id",$emp_id_act,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_act, array("par_value", $jbListConfigString), " par_key = 'MASK_JB_LIST_COLS' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "MASK_JB_LIST_COLS", "emp_id", $emp_id_act, "par_value", $jbListConfigString, "hq_id", $hq_id, "md_id", $md_id));
endif;
if (existsEntry("parameter",array("par_key","MASK_JB_LIST_LEN_COLS","emp_id",$emp_id_act,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_act, array("par_value", $jbListLenConfigString), " par_key = 'MASK_JB_LIST_LEN_COLS' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "MASK_JB_LIST_LEN_COLS", "emp_id", $emp_id_act, "par_value", $jbListLenConfigString, "hq_id", $hq_id, "md_id", $md_id));
endif;
// * Store configuration for customer-costcenter list (job edit) *
if (existsEntry("parameter",array("par_key","MASK_CSCSC_LIST_COLS","emp_id",$emp_id_act,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_act, array("par_value", $cscscListConfigString), " par_key = 'MASK_CSCSC_LIST_COLS' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "MASK_CSCSC_LIST_COLS", "emp_id", $emp_id_act, "par_value", $cscscListConfigString, "hq_id", $hq_id, "md_id", $md_id));
endif;
if (existsEntry("parameter",array("par_key","MASK_CSCSC_LIST_LEN_COLS","emp_id",$emp_id_act,"hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", $emp_id_act, array("par_value", $cscscListLenConfigString), " par_key = 'MASK_CSCSC_LIST_LEN_COLS' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "MASK_CSCSC_LIST_LEN_COLS", "emp_id", $emp_id_act, "par_value", $cscscListLenConfigString, "hq_id", $hq_id, "md_id", $md_id));
endif;
else :
$statusMessage = getLngt("Datenfehler! Löschen Sie bitte den Mitarbeiter und legen Sie ihn neu an! :-(");
endif;
else :
$statusMessage = getLngt("Sie sind leider nicht autorisiert!");
endif;
endif;
// Change GLOBAL parameters (for headquarter)
if ($f_act == "setGlobPar") :
if (authCheckEmployeeRights($emp_id, "9")) :
// Store value to enable/disable the PDA locating
if (is_numeric($par_locatingByPDA)) :
if (existsEntry("parameter",array("par_key","LOCATING_PDA_ENABLED","emp_id","0","hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", "0", array("par_value", $par_locatingByPDA), " par_key = 'LOCATING_PDA_ENABLED' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "LOCATING_PDA_ENABLED", "emp_id", "0", "par_value", $par_locatingByPDA, "hq_id", $hq_id, "md_id", $md_id));
endif;
else :
$statusMessage = getLngt("Der Status konnte nicht geändert werden.");
endif;
// Store interval for the PDA locating
if ($par_locatingFromHrs == "" || !is_numeric($par_locatingFromHrs)) : $par_locatingFromHrs = "0"; endif;
if ($par_locatingFromMin == "" || !is_numeric($par_locatingFromMin)) : $par_locatingFromMin = "0"; endif;
if ($par_locatingToHrs == "" || !is_numeric($par_locatingToHrs)) : $par_locatingToHrs = "23"; endif;
if ($par_locatingToMin == "" || !is_numeric($par_locatingToMin)) : $par_locatingToMin = "59"; endif;
// Check for from-time <= to-time
if ($par_locatingToHrs < $par_locatingFromHrs || ($par_locatingToHrs == $par_locatingFromHrs && $par_locatingToMin < $par_locatingFromMin)) :
$statusMessage = getLngt("Die obere Intervallgrenze für die PDA-Ortung ist kleiner als die untere. Bitte neu eingeben!");
else :
if (existsEntry("parameter",array("par_key","LOCATING_PDA_INTERVAL","emp_id","0","hq_id",$hq_id))) :
updateStmt("parameter", "emp_id", "0", array("par_value", $par_locatingFromHrs . "," . $par_locatingFromMin . "," . $par_locatingToHrs . "," . $par_locatingToMin), " par_key = 'LOCATING_PDA_INTERVAL' AND hq_id = '" . $hq_id . "'");
else:
insertStmt("parameter", array("par_key", "LOCATING_PDA_INTERVAL", "emp_id", "0", "par_value", $par_locatingFromHrs . "," . $par_locatingFromMin . "," . $par_locatingToHrs . "," . $par_locatingToMin, "hq_id", $hq_id, "md_id", $md_id));
endif;
endif;
// Write logdata into log database
writeToLogDB("194",$hq_id,"",$usr_id,"","","","LOC_GLOB_PAR_STATE=" . $par_locatingByPDA . "|LOC_GLOB_PAR_INTERVAL=" . $par_locatingFromHrs . "," . $par_locatingFromMin . "," . $par_locatingToHrs . "," . $par_locatingToMin,"","","");
endif;
if (authCheckEmployeeRights($emp_id, "45")) :
/*
$tmpLogStr = "";
for ($f = 0; $f < $f_hq_id_ext_len; $f++) :
// BWV-Hotline
getSecHttpVars("1",array("par_BWV_phone_" . $f_hq_id_ext[$f]));
$par_BWV_phone = ${("par_BWV_phone_" . $f_hq_id_ext[$f])};
if (existsEntry("parameter",array("par_key","BWV_PHONE_NO","emp_id","0","hq_id",$f_hq_id_ext[$f]))) :
updateStmt("parameter", "emp_id", "0", array("par_value", $par_BWV_phone), " par_key = 'BWV_PHONE_NO' AND hq_id = '" . $f_hq_id_ext[$f] . "'");
else:
insertStmt("parameter", array("par_key", "BWV_PHONE_NO", "emp_id", "0", "par_value", $par_BWV_phone, "hq_id", $f_hq_id_ext[$f], "md_id", $md_id));
endif;
if ($tmpLogStr != "") : $tmpLogStr .= "|"; endif;
$tmpLogStr .= $f . "=" . $par_BWV_phone;
// GLN
getSecHttpVars("1",array("par_GLN_" . $f_hq_id_ext[$f]));
$par_GLN = ${("par_GLN_" . $f_hq_id_ext[$f])};
if ($f == 0) :
if (existsEntry("parameter",array("par_key","GLN_HQ_ALL","emp_id","0","hq_id",$f_hq_id_ext[$f]))) :
updateStmt("parameter", "emp_id", "0", array("par_value", $par_GLN), " par_key = 'GLN_HQ_ALL' AND hq_id = '" . $f_hq_id_ext[$f] . "'");
else:
insertStmt("parameter", array("par_key", "GLN_HQ_ALL", "emp_id", "0", "par_value", $par_GLN, "hq_id", $f_hq_id_ext[$f], "md_id", $md_id));
endif;
else :
updateStmt("headquarters", "hq_id", $f_hq_id_ext[$f], array("hq_gln", $par_GLN), "");
endif;
if ($tmpLogStr != "") : $tmpLogStr .= "|"; endif;
$tmpLogStr .= "," . $par_GLN;
endfor;
// Write logdata into log database
writeToLogDB("196",$hq_id,"",$usr_id,"","","","" . $tmpLogStr,"","","");
*/
endif;
endif;
// Set headquarters access
if ($f_act == "setHqAccess") :
// The admin user cannot be modified by a normal user
$empIdRootAdmin = getEmpIdOfRootAdmin($userTypeName);
if ($emp_id != $emp_id_act && $emp_id_act != $empIdRootAdmin) :
// Get ALL headquarter ids of the current mandator
$tmpAllHqArr = getColVectorFromDB2Array("mandatorheadquarters","md_id",$md_id,"hq_id");
// Get existing headquarters access vector of $emp_id
$tmpEmpHeadquarters = getFieldValueFromId("employee", "emp_id", $emp_id, "emp_headquarters");
$tmpEmpHqArr = explode(",", $tmpEmpHeadquarters);
// Get existing headquarters access vector of $emp_id_act
$tmpEmpActHeadquarters = getFieldValueFromId("employee", "emp_id", $emp_id_act, "emp_headquarters");
$tmpEmpActHqArr = explode(",", $tmpEmpActHeadquarters);
// Check headquarters access vector may not be empty
if ($f_hq_id == "") : $f_hq_id = array(); endif;
// If it is then set the own headquarters of the employee being edited as default!
if (count($f_hq_id) == 0) :
$empActUsrId = getFieldValueFromId("employee", "emp_id", $emp_id_act, "usr_id");
$empActHqId = getFieldValueFromId("user", "usr_id", $empActUsrId, "hq_id");
/*
if ($empActHqId != "" && is_numeric($empActHqId)) :
array_push($f_hq_id, $empActHqId);
endif;
*/
endif;
// Init by existing vector of $emp_id_act
$newHeadquartersAccessArr = $tmpEmpActHqArr;
$tmpAllHqArrLen = count($tmpAllHqArr);
for ($i = 0; $i < $tmpAllHqArrLen; $i++) :
// Check editing $emp_id has access to this headquarters
if (in_array($tmpAllHqArr[$i], $tmpEmpHqArr)) :
// Check if current headquarters is checked
if (in_array($tmpAllHqArr[$i], $f_hq_id)) :
if (!in_array($tmpAllHqArr[$i], $newHeadquartersAccessArr)) :
array_push($newHeadquartersAccessArr, $tmpAllHqArr[$i]);
endif;
else :
if (in_array($tmpAllHqArr[$i], $newHeadquartersAccessArr)) :
$newHeadquartersAccessArr = array_diff($newHeadquartersAccessArr, array($tmpAllHqArr[$i]));
endif;
endif;
endif;
endfor;
$newHeadquartersAccess = implode(",", $newHeadquartersAccessArr);
if (trim($newHeadquartersAccess) == "") : $newHeadquartersAccess = $empActHqId; endif;
updateStmt("employee","emp_id",$emp_id_act,array("emp_headquarters",$newHeadquartersAccess));
// Write logdata into log database
writeToLogDB("116",$hq_id,"",$usr_id,"","","","HQ_ACCESS_OLD=" . $tmpEmpActHeadquarters . "|HQ_ACCESS_NEW=" . $newHeadquartersAccess,"","",$emp_id_act);
$statusMessage = getLngt("Die Niederlassungsfreigaben wurden gesetzt!");
else :
$statusMessage = getLngt("Die Niederlassungsfreigaben wurden nicht gesetzt!");
endif;
endif;
// Set rights
if ($f_act == "setRights") :
if ($emp_id != $emp_id_act) :
// Get the emp_id of the root admin because he/she is allowed to change a password of an employee
$empIdRootAdmin = getEmpIdOfRootAdmin($userTypeName);
if ($userTypeName == "cs") :
// Get the rights of the employee to be modified
$tmpEmpRigths = getFieldValueFromId("employee", "emp_id", $emp_id, "emp_rights"); // Get rights of current employee logged in
$tmpEmpActRigths = getFieldValueFromId("employee", "emp_id", $emp_id_act, "emp_rights"); // Get old rights for logging
$newRights = "0000000000000000000000000000000000000000000000000000000000000000000000";
$fieldsLength = count($emp_rights);
for ($i = 0; $i < $fieldsLength; $i++) :
// Special menu for customer-employee (user-type "2")
if ($emp_rights[$i] == "csc_nav") : $newRights = substr_replace($newRights,'1',0,1); endif;
if ($emp_rights[$i] == "csc_admin") : $newRights = substr_replace($newRights,'1',1,1); endif;
if ($emp_rights[$i] == "emp") : $newRights = substr_replace($newRights,'1',2,1); endif;
if ($emp_rights[$i] == "ad") : $newRights = substr_replace($newRights,'1',3,1); endif;
if ($emp_rights[$i] == "job") : $newRights = substr_replace($newRights,'1',4,1); endif;
if ($emp_rights[$i] == "inv") : $newRights = substr_replace($newRights,'1',5,1); endif;
if ($emp_rights[$i] == "set") : $newRights = substr_replace($newRights,'1',6,1); endif;
if ($emp_rights[$i] == "exp") : $newRights = substr_replace($newRights,'1',7,1); endif;
if ($emp_rights[$i] == "st") : $newRights = substr_replace($newRights,'1',8,1); endif;
if ($emp_rights[$i] == "map") : $newRights = substr_replace($newRights,'1',9,1); endif;
if ($emp_rights[$i] == "usr_account") : $newRights = substr_replace($newRights,'1',10,1); endif;
if ($emp_rights[$i] == "download") : $newRights = substr_replace($newRights,'1',11,1); endif;
if ($emp_rights[$i] == "usr_csc_matrix") : $newRights = substr_replace($newRights,'1',12,1); endif;
if ($emp_rights[$i] == "apt") : $newRights = substr_replace($newRights,'1',13,1); endif;
if ($emp_rights[$i] == "obj_mngmnt") : $newRights = substr_replace($newRights,'1',14,1); endif;
if ($emp_rights[$i] == "imp") : $newRights = substr_replace($newRights,'1',15,1); endif;
endfor;
elseif ($userTypeName == "hq") :
// Get the rights of the employee to be modified
$tmpEmpRigths = getFieldValueFromId("employee", "emp_id", $emp_id, "emp_rights"); // Get rights of current employee logged in
$tmpEmpActRigths = getFieldValueFromId("employee", "emp_id", $emp_id_act, "emp_rights"); // Get old rights for logging
// Fill up bit string to x signs
$tmpEmpRigths = str_pad($tmpEmpRigths, $parEmpRgtBitStrMaxLen, "0");
$tmpEmpActRigths = str_pad($tmpEmpActRigths, $parEmpRgtBitStrMaxLen, "0");
$newRights = $tmpEmpActRigths;
$fieldsLength = count($emp_rights);
for ($j = 0; $j < $rgtIdArrayLen; $j++) :
$empRgt = substr($tmpEmpRigths,$j,1);
$empActRgt = substr($tmpEmpActRigths,$j,1);
// Check for VIP status of the current right to be inherited. If it is then change $tmpEmpRigths for the current right to "0"
if ($rgtVipArray[$rgtIdArray[$j]] == "1" && $empRgt == "1") :
$empRgt = "0";
// Check for whitelist user
if ($emp_id == $empIdRootAdmin || isInParameterString($emp_id, $rgtEmpVipArray[$rgtIdArray[$j]])) :
$empRgt = "1";
endif;
endif;
if ($empRgt == "0") :
// Do NOT change emp_id_act right if emp_id right equals "0"
$reqRgtByEmpRights = $empActRgt;
else :
$reqRgtByEmpRights = "0";
// Check by existence in $emp_rights
if ($empRgt == "1" && $reqRgtByEmpRights == "0") :
for ($i = 0; $i < $fieldsLength; $i++) :
if ($emp_rights[$i] == $rgtIdArray[$j]) :
$reqRgtByEmpRights = "1";
endif;
endfor;
endif;
endif;
$newRights = substr_replace($newRights,$reqRgtByEmpRights,$j,1);
endfor;
endif;
updateStmt("employee","emp_id",$emp_id_act,array("emp_rights",$newRights));
// Write logdata into log database
writeToLogDB("115",$hq_id,"",$usr_id,"","","","RIGHTS_OLD=" . $tmpEmpActRigths . "|RIGHTS_NEW=" . $newRights,"","",$emp_id_act);
$statusMessage = getLngt("Die Rechte wurden gesetzt!");
else :
$statusMessage = getLngt("Die Rechte können nicht geändert werden!");
endif;
endif;
else :
$statusMessage = getLngt("Bitte geben Sie mindestens den Namen, den Vornamen, die Mailadresse und einen Anmeldenamen ein!");
endif;
endif;
// ******************
// * Operations end *
// ******************
// Get the emp_id of the root admin, e.g. setting new passwords of employees
$empIdRootAdmin = getEmpIdOfRootAdmin($userTypeName);
// MASTER RIGHTS FOR ALL HEADQUARTERS OF A MANDATOR
// Get the rights of the employee logged in
$empRights = getRights($emp_id);
// Get the rights of the employee to be modified
$empRightsAct = getRights($emp_id_act, "1");
$empParametersArrayAct = getParameterArray($emp_id_act);
// HEADQUARTERS ACCESS
// Check accessibility to headquarters, init for headquarters logged in (also for $userTypeName != "hq")
// First check mandator of the employee logged in has to be the same (!!!) like from the employee edited !!!!
$empActUsrId = getFieldValueFromId("employee", "emp_id", $emp_id_act, "usr_id");
$empActHqId = getFieldValueFromId("user", "usr_id", $empActUsrId, "hq_id");
$empIdActMdId = getFieldValueFromId("mandatorheadquarters", "hq_id", $empActHqId, "md_id");
$empHqAccessArray = array($hq_id);
$empActHqAccessArray = array($hq_id);
$headQuartersOut = "";
if ($emp_id_act != $emp_id && $emp_id_act != $empIdRootAdmin && $empIdActMdId != "" && is_numeric($empIdActMdId) && $empIdActMdId == $md_id) :
if ($userTypeName == "hq") :
// All headquarters of the mandator
$f_hq_id = getColVectorFromDB2Array("mandatorheadquarters","md_id",$md_id,"hq_id");
// Access to headquarters of the employee logged in
if ($emp_id == $empIdRootAdmin) :
$empHqAccessArray = $f_hq_id; // Grant access to all headquarters to the root user (for the current mandator ONLY)
else :
$empHqAccess = getFieldValueFromId("employee","emp_id",$emp_id,"emp_headquarters");
$empHqAccessArray = explode(",", $empHqAccess);
endif;
// Access to headquarters of the current edited employee
$empActHqAccess = getFieldValueFromId("employee","emp_id",$emp_id_act,"emp_headquarters");
$empActHqAccessArray = explode(",", $empActHqAccess);
// The employee edited has to be granted to his default headquarters
/*
if (!in_array($empActHqId, $empActHqAccessArray)) :
array_push($empActHqAccessArray, $empActHqId);
endif;
*/
// Get headquarters to be disabled because the employee logged in has no access to
$hqDisabledArray = array_diff($f_hq_id, $empHqAccessArray); // $f_hq_id "minus" $empHqAccessArray
// The default headquarters of the user be edited ($empActHqId) has to be disabled! Changes by the root user possible only!
/*
if ($emp_id != $empIdRootAdmin) :
if (!in_array($empActHqId, $hqDisabledArray)) :
array_push($hqDisabledArray, $empActHqId);
endif;
endif;
*/
// Output
$headQuartersOut = addCheckboxesFromTable("f_hq_id","headquarters AS hq, mandatorheadquarters AS mdhq","hq.hq_id","hq.hq_mnemonic","hq.hq_mnemonic","mdhq.md_id = '" . $md_id . "' AND hq.hq_id = mdhq.hq_id",$empActHqAccessArray, " ", $hqDisabledArray);
endif;
endif;
// Secure-check of the association between customer and costcenter
$tmpFields = array("cs_id",$customerId,"csc_id",$cscIdActual);
if ($userTypeName == "hq" || existsEntry("costcenter",$tmpFields)) :
$cscNameActual = my_str_check(getFieldValueFromId("costcenter","csc_id",$cscIdActual,"csc_name"));
// Selection of the employee if emp_id_act is not null
if ($emp_id_act != "") :
if ($userTypeName == "hq") :
$sqlquery = "SELECT usr.usr_name, usr.usr_firstname, usr.usr_email, usr.usr_phone,"
. " usr.usr_phone2, usr.usr_account, usr.usr_birthdate"
. " FROM user AS usr, employee AS emp"
. " WHERE emp.emp_id = '$emp_id_act' AND usr.usr_id = emp.usr_id AND emp.csc_id = 0"
. " ORDER BY usr.usr_name";
endif;
if ($userTypeName == "cs") :
$sqlquery = "SELECT usr.usr_name, usr.usr_firstname, usr.usr_email, usr.usr_phone,"
. " usr.usr_phone2, usr.usr_account, usr.usr_birthdate"
. " FROM user AS usr, employee AS emp, costcenter AS csc"
. " WHERE emp.emp_id = '$emp_id_act' AND usr.usr_id = emp.usr_id AND emp.csc_id = csc.csc_id AND"
. " (csc.csc_path LIKE '%//$cscNameActual//%' OR emp.csc_id = '$cscIdActual')"
. " ORDER BY usr.usr_name";
endif;
$result = $db->query($sqlquery);
if (DB::isError($result)) die ("$PHP_SELF: [$sqlquery]" . $result->getMessage());
while ($row = $result->fetch_assoc()):
$usr_name = $row["usr_name"];
$usr_firstname = $row["usr_firstname"];
$usr_email = $row["usr_email"];
$usr_phone = $row["usr_phone"];
$usr_phone2 = $row["usr_phone2"];
$usr_account = $row["usr_account"];
$f_usr_birthdate = $row["usr_birthdate"];
endwhile;
$result->free();
$userToBeModified = getLngt("Benutzerkonto") . ": " . $usr_account;
else :
$userToBeModified = getLngt("Neuer Mitarbeiter für die Kostenstelle") . " " . $cscNameActual;
endif;
// Administrate the special right for CC-24 access.
$changeCC24State = "";
if ($userTypeName == "hq" || !existsEntry("customer",array("cs_admin",$emp_id_act))) :
if ($emp_id_act != "" && $emp_id_act != $empIdRootAdmin) :
// Check right to administrate CC-24 state of the displayed employee
if ($empHasAccessToCC24) :
// Get current state of the displayed employee
$empIdActCC24State = "0";
$empHqList = getParameterValue("0", "HEADQUARTERS_MULTIPLE_ACCESS_EMPLOYEES", "0");
if ($empHqList != "") :
$showMultipleHqSelection = isInParameterString($emp_id_act, $empHqList);
if ($showMultipleHqSelection) :
$empIdActCC24State = "1";
endif;
endif;
// Store new state
if ($f_act == "setCC24") :
// Take value in $par_cc24 and modify
if ($par_cc24 == "") : $par_cc24 = "0"; endif;
// Change parameter if existing state differs from requested state
if ($empIdActCC24State != $par_cc24) :
if ($par_cc24 == "0") :
// Remove user from parameter "HEADQUARTERS_MULTIPLE_ACCESS_EMPLOYEES"
$empHqList = removeItemStringList($empHqList, $emp_id_act);
setParameterValue("HEADQUARTERS_MULTIPLE_ACCESS_EMPLOYEES", $empHqList, "", "", "0", "0");
elseif ($par_cc24 == "1") :
// Add user to parameter "HEADQUARTERS_MULTIPLE_ACCESS_EMPLOYEES"
// $constIdCC24 = getParameterId("HEADQUARTERS_MULTIPLE_ACCESS_EMPLOYEES", "0", "0");
setParameterValue("HEADQUARTERS_MULTIPLE_ACCESS_EMPLOYEES", $empHqList . "|" . $emp_id_act, "", "", "0", "0");
endif;
endif;
$empIdActCC24State = $par_cc24;
endif;
$changeCC24State .= "
" . getLngt("CC-24-Zugang:") . "
\n";
endif;
endif;
endif;
// Administrate the rights of the displayed user.
// One only can set or remove rights if oneself has the same right!
// Nobody can change his own rights!!!
// The root-master cannot be changed, too! Also not by himself/herself, because all rights are enabled!
$changeRights = "";
if ($userTypeName == "hq" || !existsEntry("customer",array("cs_admin",$emp_id_act))) :
if ($emp_id_act != "" && $emp_id != $emp_id_act && $emp_id_act != $empIdRootAdmin) :
for ($i = 0; $i < strlen($empRights); $i++) :
$emp_tmp_checked[$i] = "";
$emp_tmp_disabled[$i] = "";
if (substr($empRightsAct,$i,1) == "1"): $emp_tmp_checked[$i] = "checked"; endif;
if (substr($empRights,$i,1) != "1"): $emp_tmp_disabled[$i] = "disabled"; endif;
// Check right for VIP staus to inherit
if ($emp_id != $empIdRootAdmin && $emp_tmp_disabled[$i] == "") :
if ($rgtVipArray[$rgtIdArray[$i]] == "1") :
// Check for whitelist user
if (!isInParameterString($emp_id, $rgtEmpVipArray[$rgtIdArray[$i]])) :
$emp_tmp_disabled[$i] = "disabled";
endif;
endif;
endif;
endfor;
if ($userTypeName == "hq") :
$changeRights = "";
for ($i = 0; $i < $rgtIdArrayLen; $i++) :
$changeRights .= "
\n";
$changeRights .= defineButtonType10(getLngt("Rechte setzen"), "action_rights", "finishPage('" . ec("setRights") . "');", "150", "left");
endif;
endif;
endif;
// If administrating employee is equal to the employee displayed or(!) the current employee is the root admin,
// the option has to be offered to change the password.
$changePasswordOutput = "";
$changeParameters = "";
$changeParametersListCs = "";
$changeParametersListCr = "";
$changeParametersListCsCsc = "";
$changeParametersListJb = "";
$changeGlobalParameters = "";
$changeEmployeeCostcenterOutput = "";
if ($emp_id_act != "" && ($emp_id == $emp_id_act || ($empIdRootAdmin != "" && $emp_id == $empIdRootAdmin) || ($empHasAccessToResetPassword && $emp_id_act != $empIdRootAdmin))) :
if ($userTypeName == "hq" || ($userTypeName == "cs" && $usrDataEditable)) :
$changePasswordOutput = "
" . getLngt("Passwort:") . "
\n" .
"
" . getLngt("Wiederholung:") . "
\n" .
"
\n" .
defineButtonType10(getLngt("Neues Passwort"), "action_pwd", "finishPage('" . ec("setPwd") . "');", "150", "left");
// To display the button the user logged in has to be (customer) root user
if ($parMaskEmpCscMatrixEnabled == "1" && $emp_id != $emp_id_act && authCheckEmployeeRights($emp_id, "12")) : // || $globalCustomerReadonlyDisabled == "1"
$changeEmployeeCostcenterOutput = defineButtonType10(getLngt("Kostenstellenfreigabe"), "action_csc_access", "openCscAccess('" . ec($emp_id_act) . "');", "180", "left");
endif;
endif;
if ($userTypeName == "hq") :
$parCurrNumOfLists = $empParametersArrayAct["MASK_MULTI_JOBLIST"][1]; // Number of lists (frames) displayed in job lists
$parModeCopyJob = $empParametersArrayAct["MODE_COPY_JOB"][1]; // Mode for "copy job"
$parModeLaterJob = $empParametersArrayAct["MODE_LATER_JOB"][1]; // Mode for later jobs (flag "Nacherfassung")
$parJoblistBrowseMax = $empParametersArrayAct["MASK_JOBLIST_BROWSE_MAX"][1]; // Max. of entries to be displayed in the joblist
$parJoblistShowUpToVht = $empParametersArrayAct["MASK_JOBLIST_SHOW_UPTO_VHT"][1]; // Display entries only up to this vehicle type
$parModeJobNum = $empParametersArrayAct["MASK_JOBLIST_MODE_JOB_NUM"][1]; // If a job number is entered in "job_from", "job_to" will automatically set with the same value
$parModeJoblistRefresh = $empParametersArrayAct["MASK_JOBLIST_MODE_REFRESH"][1]; // Automatic refresh is active after reload or depends on the setting
$parModeJoblistGetCourierData = $empParametersArrayAct["MASK_JOBLIST_GET_COURIER_DATA"][1]; // Inclusion of courier data into the joblist
$parSystemLanguage = $empParametersArrayAct["SYSTEM_LANGUAGE_DEFAULT"][1]; // System language
$parContentBgCols = $empParametersArrayAct["MASK_CONTENT_BGCOL"][1]; // Background colors of the content
$parDispoJbVhtGroup = $empParametersArrayAct["MASK_DISPOSITION_INIT_GROUP"][1]; // Graphical disposition: Initial group displayed
$parDispoJbVhtCustomer = $empParametersArrayAct["MASK_DISPOSITION_INIT_CS"][1]; // Graphical disposition: Initial customer displayed (depending on the selected group)
// List to be shown into the individual frame
$listStatus = getParameterValue($emp_id_act, "MASK_JOBLIST_DEFAULTLIST");
if ($listStatus == "") : $listStatus = MASK_JOBLIST_DEFAULTLIST; endif;
$listStatus = explode(",",$listStatus);
$changeParameters = "
" . getLngt("Berechtigung zur Artikelverwaltung:") . "
\n";
$changeParametersAccessStk .= "
\n";
$changeParametersAccessStk .= "
" . getLngt("Einschränkung auf Unterläger:") . "
\n";
$changeParametersAccessStk .= "
\n";
// Get parameter of the currrent executing emloyee logged in to check the right for substock level
$parMaskStkSubstockEmpIdAccess = getParameterValue($emp_id, "MASK_STK_SUBSTOCK_ACCESS"); // => E.G.: "10,11|13,17|21,23" <=> Pairs of "...|root stock, substock|..."
$parMaskStkSubstockEmpIdAccess = str_replace("|", "--", $parMaskStkSubstockEmpIdAccess);
$tmpPairsEmpIdArray = explode("--", $parMaskStkSubstockEmpIdAccess);
$tmpPairsEmpIdArrayLen = count($tmpPairsEmpIdArray);
// Get parameter of the viewed or edited emloyee to check the right for substock level
$parMaskStkSubstockActEmpIdAccess = getParameterValue($emp_id_act, "MASK_STK_SUBSTOCK_ACCESS"); // => E.G.: "10,11|13,17|21,23" <=> Pairs of "...|root stock, substock|..."
$parMaskStkSubstockActEmpIdAccess = str_replace("|", "--", $parMaskStkSubstockActEmpIdAccess);
$tmpPairsActEmpIdArray = explode("--", $parMaskStkSubstockActEmpIdAccess);
$tmpPairsActEmpIdArrayLen = count($tmpPairsActEmpIdArray);
$stkRootAccessIDsEmpIdArrayLen = count($stkRootAccessIDsEmpIdArray);
for ($i = 0; $i < $stkRootAccessIDsEmpIdArrayLen; $i++) :
// Init with root stock id
$stkIdToGetTheSubtreeFor = array($stkRootAccessIDsEmpIdArray[$i]);
$stkIdToGetTheSubtreeFor2 = array($stkRootAccessIDsEmpIdArray[$i]);
// Check restriction of the executing employee according to the current root stock
for ($j = 0; $j < $tmpPairsEmpIdArrayLen; $j++) :
$tmpSubStockTupel = explode(",", $tmpPairsEmpIdArray[$j]);
if ($tmpSubStockTupel[0] == $stkRootAccessIDsEmpIdArray[$i]) :
$stkIdToGetTheSubtreeFor = array();
$tmpSubStockTupelLen = count($tmpSubStockTupel);
for ($k = 1; $k < $tmpSubStockTupelLen; $k++) :
$stkIdToGetTheSubtreeFor[] = $tmpSubStockTupel[$k];
endfor;
endif;
endfor;
// Check restriction of the viewed or edited employee according to the current root stock
for ($j = 0; $j < $tmpPairsActEmpIdArrayLen; $j++) :
$tmpSubStockTupel = explode(",", $tmpPairsActEmpIdArray[$j]);
if ($tmpSubStockTupel[0] == $stkRootAccessIDsEmpIdArray[$i]) :
$stkIdToGetTheSubtreeFor2 = array();
$tmpSubStockTupelLen = count($tmpSubStockTupel);
for ($k = 1; $k < $tmpSubStockTupelLen; $k++) :
$stkIdToGetTheSubtreeFor2[] = $tmpSubStockTupel[$k];
endfor;
endif;
endfor;
// Check for relation between both sub stock access values of executing and viewed employee
// VERY IMPORTANT:
// 1. The
\n";
// RIGHT MANAGEMENT OF SUBSTOCKS (END)
$changeParametersAccessStk .= "