main
Philip Häusler 12 years ago
parent 213b6261c8
commit 0dabaa505e

@ -0,0 +1,19 @@
<?php
if(sql_num_query("SHOW TABLES LIKE 'LogEntries'") == 0) {
sql_query("CREATE TABLE `LogEntries` (
`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`timestamp` INT NOT NULL ,
`nick` VARCHAR( 23 ) NOT NULL ,
`message` TEXT NOT NULL ,
INDEX ( `timestamp` )
) ENGINE = InnoDB;");
$applied = true;
}
if(sql_num_query("SHOW TABLES LIKE 'ChangeLog'") == 0) {
sql_query("DROP TABLE `ChangeLog`");
$applied = true;
}
?>

@ -0,0 +1,15 @@
<?php
/**
* Creates a log entry.
* @param $nick Username
* @param $message Log Message
*/
function LogEntry_create($nick, $message) {
$timestamp = date();
sql_query("INSERT INTO `LogEntries` SET `timestamp`=" . sql_escape($timestamp) . ", `nick`='" . sql_escape($nick) . "', `message`='" . sql_escape($message) . "'");
}
?>

@ -0,0 +1,14 @@
<?php
/**
* Returns user by id.
* @param $id UID
*/
function User($id) {
$user_source = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
if(count($user_source) > 0)
return $user_source[0];
return null;
}
?>

@ -1,120 +1,144 @@
<?php <?php
function admin_active() { function admin_active() {
global $tshirt_sizes; global $tshirt_sizes;
$msg = ""; $msg = "";
$search = ""; $search = "";
$count = 0; $count = 0;
$limit = ""; $limit = "";
$set_active = ""; $set_active = "";
if (isset ($_REQUEST['search'])) if (isset ($_REQUEST['search']))
$search = strip_request_item('search'); $search = strip_request_item('search');
if (isset ($_REQUEST['set_active'])) { if (isset ($_REQUEST['set_active'])) {
$ok = true; $ok = true;
if (isset ($_REQUEST['count']) && preg_match("/^[0-9]+$/", $_REQUEST['count'])) if (isset ($_REQUEST['count']) && preg_match("/^[0-9]+$/", $_REQUEST['count']))
$count = strip_request_item('count'); $count = strip_request_item('count');
else { else {
$ok = false; $ok = false;
$msg .= error("Please enter a number of angels to be marked as active.", true); $msg .= error("Please enter a number of angels to be marked as active.", true);
} }
if ($ok) if ($ok)
$limit = " LIMIT " . $count; $limit = " LIMIT " . $count;
if (isset ($_REQUEST['ack'])) { if (isset ($_REQUEST['ack'])) {
sql_query("UPDATE `User` SET `Aktiv` = 0 WHERE `Tshirt` = 0"); sql_query("UPDATE `User` SET `Aktiv` = 0 WHERE `Tshirt` = 0");
$users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit); $users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit);
foreach ($users as $usr) $user_nicks = array();
sql_query("UPDATE `User` SET `Aktiv` = 1 WHERE `UID`=" . sql_escape($usr['UID'])); foreach ($users as $usr) {
sql_query("UPDATE `User` SET `Aktiv` = 1 WHERE `UID`=" . sql_escape($usr['UID']));
$user_nicks[] = $usr['Nick'];
}
engelsystem_log("These angels are active now: " . join(", ", $user_nicks));
$limit = ""; $limit = "";
$msg = success("Marked angels.", true); $msg = success("Marked angels.", true);
} else { } else {
$set_active = '<a href="' . page_link_to('admin_active') . '&amp;serach=' . $search . '">&laquo; back</a> | <a href="' . page_link_to('admin_active') . '&amp;search=' . $search . '&amp;count=' . $count . '&amp;set_active&amp;ack">apply</a>'; $set_active = '<a href="' . page_link_to('admin_active') . '&amp;serach=' . $search . '">&laquo; back</a> | <a href="' . page_link_to('admin_active') . '&amp;search=' . $search . '&amp;count=' . $count . '&amp;set_active&amp;ack">apply</a>';
} }
} }
if (isset ($_REQUEST['active']) && preg_match("/^[0-9]+$/", $_REQUEST['active'])) { if (isset ($_REQUEST['active']) && preg_match("/^[0-9]+$/", $_REQUEST['active'])) {
$id = $_REQUEST['active']; $id = $_REQUEST['active'];
sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); $user_source = User($id);
$msg = success("Angel has been marked as active.", true); if($user_source != null) {
} sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
elseif (isset ($_REQUEST['not_active']) && preg_match("/^[0-9]+$/", $_REQUEST['not_active'])) { engelsystem_log("User " . $user_source['Nick'] . " is active now.");
$id = $_REQUEST['not_active']; $msg = success("Angel has been marked as active.", true);
sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); }
$msg = success("Angel has been marked as not active.", true); else $msg = error("Angel not found.", true);
} }
elseif (isset ($_REQUEST['tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['tshirt'])) { elseif (isset ($_REQUEST['not_active']) && preg_match("/^[0-9]+$/", $_REQUEST['not_active'])) {
$id = $_REQUEST['tshirt']; $id = $_REQUEST['not_active'];
sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); $user_source = User($id);
$msg = success("Angel has got a t-shirt.", true); if($user_source != null) {
} sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
elseif (isset ($_REQUEST['not_tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['not_tshirt'])) { engelsystem_log("User " . $user_source['Nick'] . " is NOT active now.");
$id = $_REQUEST['not_tshirt']; $msg = success("Angel has been marked as not active.", true);
sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); }
$msg = success("Angel has got no t-shirt.", true); else $msg = error("Angel not found.", true);
} }
elseif (isset ($_REQUEST['tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['tshirt'])) {
$id = $_REQUEST['tshirt'];
$user_source = User($id);
if($user_source != null) {
sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
engelsystem_log("User " . $user_source['Nick'] . " has tshirt now.");
$msg = success("Angel has got a t-shirt.", true);
}
else $msg = error("Angel not found.", true);
}
elseif (isset ($_REQUEST['not_tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['not_tshirt'])) {
$id = $_REQUEST['not_tshirt'];
$user_source = User($id);
if($user_source != null) {
sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
engelsystem_log("User " . $user_source['Nick'] . " NO tshirt.");
$msg = success("Angel has got no t-shirt.", true);
}
else $msg = error("Angel not found.", true);
}
$users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit); $users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit);
$table = ""; $table = "";
if ($search == "") if ($search == "")
$tokens = array (); $tokens = array ();
else else
$tokens = explode(" ", $search); $tokens = explode(" ", $search);
foreach ($users as $usr) { foreach ($users as $usr) {
if (count($tokens) > 0) { if (count($tokens) > 0) {
$match = false; $match = false;
$index = join("", $usr); $index = join("", $usr);
foreach ($tokens as $t) foreach ($tokens as $t)
if (strstr($index, trim($t))) { if (strstr($index, trim($t))) {
$match = true; $match = true;
break; break;
} }
if (!$match) if (!$match)
continue; continue;
} }
$table .= '<tr>'; $table .= '<tr>';
$table .= '<td>' . $usr['Nick'] . '</td>'; $table .= '<td>' . $usr['Nick'] . '</td>';
$table .= '<td>' . $tshirt_sizes[$usr['Size']] . '</td>'; $table .= '<td>' . $tshirt_sizes[$usr['Size']] . '</td>';
$table .= '<td>' . $usr['shift_count'] . '</td>'; $table .= '<td>' . $usr['shift_count'] . '</td>';
if ($usr['shift_count'] == 0) if ($usr['shift_count'] == 0)
$table .= '<td>-</td>'; $table .= '<td>-</td>';
else else
$table .= '<td>' . round($usr['shift_length'] / 60) . ' min (' . round($usr['shift_length'] / 3600) . ' h)</td>'; $table .= '<td>' . round($usr['shift_length'] / 60) . ' min (' . round($usr['shift_length'] / 3600) . ' h)</td>';
if ($usr['Aktiv'] == 1) if ($usr['Aktiv'] == 1)
$table .= '<td>yes</td>'; $table .= '<td>yes</td>';
else else
$table .= '<td></td>'; $table .= '<td></td>';
if ($usr['Tshirt'] == 1) if ($usr['Tshirt'] == 1)
$table .= '<td>yes</td>'; $table .= '<td>yes</td>';
else else
$table .= '<td></td>'; $table .= '<td></td>';
$actions = array (); $actions = array ();
if ($usr['Aktiv'] == 0) if ($usr['Aktiv'] == 0)
$actions[] = '<a href="' . page_link_to('admin_active') . '&amp;active=' . $usr['UID'] . '&amp;search=' . $search . '">set active</a>'; $actions[] = '<a href="' . page_link_to('admin_active') . '&amp;active=' . $usr['UID'] . '&amp;search=' . $search . '">set active</a>';
if ($usr['Aktiv'] == 1 && $usr['Tshirt'] == 0) { if ($usr['Aktiv'] == 1 && $usr['Tshirt'] == 0) {
$actions[] = '<a href="' . page_link_to('admin_active') . '&amp;not_active=' . $usr['UID'] . '&amp;search=' . $search . '">remove active</a>'; $actions[] = '<a href="' . page_link_to('admin_active') . '&amp;not_active=' . $usr['UID'] . '&amp;search=' . $search . '">remove active</a>';
$actions[] = '<a href="' . page_link_to('admin_active') . '&amp;tshirt=' . $usr['UID'] . '&amp;search=' . $search . '">got t-shirt</a>'; $actions[] = '<a href="' . page_link_to('admin_active') . '&amp;tshirt=' . $usr['UID'] . '&amp;search=' . $search . '">got t-shirt</a>';
} }
if ($usr['Tshirt'] == 1) if ($usr['Tshirt'] == 1)
$actions[] = '<a href="' . page_link_to('admin_active') . '&amp;not_tshirt=' . $usr['UID'] . '&amp;search=' . $search . '">remove t-shirt</a>'; $actions[] = '<a href="' . page_link_to('admin_active') . '&amp;not_tshirt=' . $usr['UID'] . '&amp;search=' . $search . '">remove t-shirt</a>';
$table .= '<td>' . join(' | ', $actions) . '</td>'; $table .= '<td>' . join(' | ', $actions) . '</td>';
$table .= '</tr>'; $table .= '</tr>';
} }
return template_render('../templates/admin_active.html', array ( return template_render('../templates/admin_active.html', array (
'search' => $search, 'search' => $search,
'count' => $count, 'count' => $count,
'set_active' => $set_active, 'set_active' => $set_active,
'table' => $table, 'table' => $table,
'msg' => $msg, 'msg' => $msg,
'link' => page_link_to('admin_active') 'link' => page_link_to('admin_active')
)); ));
} }
?> ?>

@ -47,10 +47,13 @@ function admin_angel_types() {
$restricted = 0; $restricted = 0;
if ($ok) { if ($ok) {
if (isset ($id)) if (isset ($id)) {
sql_query("UPDATE `AngelTypes` SET `name`='" . sql_escape($name) . "', `restricted`=" . sql_escape($restricted) . " WHERE `id`=" . sql_escape($id) . " LIMIT 1"); sql_query("UPDATE `AngelTypes` SET `name`='" . sql_escape($name) . "', `restricted`=" . sql_escape($restricted) . " WHERE `id`=" . sql_escape($id) . " LIMIT 1");
else engelsystem_log("Updated angeltype: " . $name . ", restricted: " . $restricted);
} else {
sql_query("INSERT INTO `AngelTypes` SET `name`='" . sql_escape($name) . "', `restricted`=" . sql_escape($restricted)); sql_query("INSERT INTO `AngelTypes` SET `name`='" . sql_escape($name) . "', `restricted`=" . sql_escape($restricted));
engelsystem_log("Created angeltype: " . $name . ", restricted: " . $restricted);
}
success("Angel type saved."); success("Angel type saved.");
redirect(page_link_to('admin_angel_types')); redirect(page_link_to('admin_angel_types'));
@ -76,6 +79,7 @@ function admin_angel_types() {
sql_query("DELETE FROM `ShiftEntry` WHERE `TID`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `ShiftEntry` WHERE `TID`=" . sql_escape($id) . " LIMIT 1");
sql_query("DELETE FROM `AngelTypes` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `AngelTypes` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
sql_query("DELETE FROM `UserAngelTypes` WHERE `angeltype_id`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `UserAngelTypes` WHERE `angeltype_id`=" . sql_escape($id) . " LIMIT 1");
engelsystem_log("Deleted angel type: " . $name);
success(sprintf("Angel type %s deleted.", $name)); success(sprintf("Angel type %s deleted.", $name));
redirect(page_link_to('admin_angel_types')); redirect(page_link_to('admin_angel_types'));
} }

@ -1,52 +1,60 @@
<?php <?php
function admin_arrive() { function admin_arrive() {
$msg = ""; $msg = "";
$search = ""; $search = "";
if (isset ($_REQUEST['search'])) if (isset ($_REQUEST['search']))
$search = strip_request_item('search'); $search = strip_request_item('search');
if (isset ($_REQUEST['reset']) && preg_match("/^[0-9]*$/", $_REQUEST['reset'])) { if (isset ($_REQUEST['reset']) && preg_match("/^[0-9]*$/", $_REQUEST['reset'])) {
$id = $_REQUEST['reset']; $id = $_REQUEST['reset'];
sql_query("UPDATE `User` SET `Gekommen`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); $user_source = User($id);
$msg = success("Reset done. Angel has not arrived.", true); if($user_source != null) {
} sql_query("UPDATE `User` SET `Gekommen`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
elseif (isset ($_REQUEST['arrived']) && preg_match("/^[0-9]*$/", $_REQUEST['arrived'])) { engelsystem_log("User set to not arrived: " . $user_source['Nick']);
$id = $_REQUEST['arrived']; $msg = success("Reset done. Angel has not arrived.", true);
sql_query("UPDATE `User` SET `Gekommen`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); } else $msg = error("Angel not found.", true);
$msg = success("Angel has been marked as arrived.", true); }
} elseif (isset ($_REQUEST['arrived']) && preg_match("/^[0-9]*$/", $_REQUEST['arrived'])) {
$id = $_REQUEST['arrived'];
$user_source = User($id);
if($user_source != null) {
sql_query("UPDATE `User` SET `Gekommen`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
engelsystem_log("User set has arrived: " . $user_source['Nick']);
$msg = success("Angel has been marked as arrived.", true);
} else $msg = error("Angel not found.", true);
}
$users = sql_select("SELECT * FROM `User` ORDER BY `Nick`"); $users = sql_select("SELECT * FROM `User` ORDER BY `Nick`");
$table = ""; $table = "";
if ($search == "") if ($search == "")
$tokens = array (); $tokens = array ();
else else
$tokens = explode(" ", $search); $tokens = explode(" ", $search);
foreach ($users as $usr) { foreach ($users as $usr) {
if (count($tokens) > 0) { if (count($tokens) > 0) {
$match = false; $match = false;
$index = join("", $usr); $index = join("", $usr);
foreach ($tokens as $t) foreach ($tokens as $t)
if (strstr($index, trim($t))) { if (strstr($index, trim($t))) {
$match = true; $match = true;
break; break;
} }
if (!$match) if (!$match)
continue; continue;
} }
$table .= '<tr>'; $table .= '<tr>';
$table .= '<td>' . $usr['Nick'] . '</td>'; $table .= '<td>' . $usr['Nick'] . '</td>';
if ($usr['Gekommen'] == 1) if ($usr['Gekommen'] == 1)
$table .= '<td>yes</td><td><a href="' . page_link_to('admin_arrive') . '&reset=' . $usr['UID'] . '&search=' . $search . '">reset</a></td>'; $table .= '<td>yes</td><td><a href="' . page_link_to('admin_arrive') . '&reset=' . $usr['UID'] . '&search=' . $search . '">reset</a></td>';
else else
$table .= '<td></td><td><a href="' . page_link_to('admin_arrive') . '&arrived=' . $usr['UID'] . '&search=' . $search . '">arrived</a></td>'; $table .= '<td></td><td><a href="' . page_link_to('admin_arrive') . '&arrived=' . $usr['UID'] . '&search=' . $search . '">arrived</a></td>';
$table .= '</tr>'; $table .= '</tr>';
} }
return template_render('../templates/admin_arrive.html', array ( return template_render('../templates/admin_arrive.html', array (
'search' => $search, 'search' => $search,
'table' => $table, 'table' => $table,
'msg' => $msg, 'msg' => $msg,
'link' => page_link_to('admin_arrive') 'link' => page_link_to('admin_arrive')
)); ));
} }
?> ?>

@ -1,91 +1,99 @@
<?php <?php
function admin_groups() { function admin_groups() {
global $user; global $user;
$html = ""; $html = "";
$groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`"); $groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`");
if (!isset ($_REQUEST["action"])) { if (!isset ($_REQUEST["action"])) {
$groups_html = ""; $groups_html = "";
foreach ($groups as $group) { foreach ($groups as $group) {
$groups_html .= sprintf( $groups_html .= sprintf(
'<tr><td>%s</td>', '<tr><td>%s</td>',
$group['Name'] $group['Name']
); );
$privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID'])); $privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID']));
$privileges_html = array (); $privileges_html = array ();
foreach ($privileges as $priv) foreach ($privileges as $priv)
$privileges_html[] = $priv['name']; $privileges_html[] = $priv['name'];
$groups_html .= sprintf( $groups_html .= sprintf(
'<td>%s</td>' '<td>%s</td>'
. '<td><a href="%s&action=edit&id=%s">Ändern</a></td>', . '<td><a href="%s&action=edit&id=%s">Ändern</a></td>',
join(', ', $privileges_html), join(', ', $privileges_html),
page_link_to("admin_groups"), page_link_to("admin_groups"),
$group['UID'] $group['UID']
); );
} }
return template_render('../templates/admin_groups.html', array ( return template_render('../templates/admin_groups.html', array (
'nick' => $user['Nick'], 'nick' => $user['Nick'],
'groups' => $groups_html 'groups' => $groups_html
)); ));
} else { } else {
switch ($_REQUEST["action"]) { switch ($_REQUEST["action"]) {
case 'edit' : case 'edit' :
if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id']; $id = $_REQUEST['id'];
else else
return error("Incomplete call, missing Groups ID.", true); return error("Incomplete call, missing Groups ID.", true);
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
if (count($room) > 0) { if (count($room) > 0) {
list ($room) = $room; list ($room) = $room;
$privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`"); $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`");
$privileges_html = ""; $privileges_html = "";
foreach ($privileges as $priv) foreach ($privileges as $priv)
$privileges_html .= sprintf( $privileges_html .= sprintf(
'<tr><td><input type="checkbox" ' '<tr><td><input type="checkbox" '
. 'name="privileges[]" value="%s" %s />' . 'name="privileges[]" value="%s" %s />'
. '</td> <td>%s</td> <td>%s</td></tr>', . '</td> <td>%s</td> <td>%s</td></tr>',
$priv['id'], $priv['id'],
($priv['group_id'] != "" ($priv['group_id'] != ""
? 'checked="checked"' ? 'checked="checked"'
: ''), : ''),
$priv['name'], $priv['name'],
$priv['desc'] $priv['desc']
); );
$html .= template_render('../templates/admin_groups_edit_form.html', array ( $html .= template_render('../templates/admin_groups_edit_form.html', array (
'link' => page_link_to("admin_groups"), 'link' => page_link_to("admin_groups"),
'id' => $id, 'id' => $id,
'privileges' => $privileges_html 'privileges' => $privileges_html
)); ));
} else } else
return error("No Group found.", true); return error("No Group found.", true);
break; break;
case 'save' : case 'save' :
if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id']; $id = $_REQUEST['id'];
else else
return error("Incomplete call, missing Groups ID.", true); return error("Incomplete call, missing Groups ID.", true);
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
if (!is_array($_REQUEST['privileges'])) if (!is_array($_REQUEST['privileges']))
$_REQUEST['privileges'] = array (); $_REQUEST['privileges'] = array ();
if (count($room) > 0) { if (count($room) > 0) {
list ($room) = $room; list ($room) = $room;
sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id)); sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id));
foreach ($_REQUEST['privileges'] as $priv) $privilege_names = array();
if (preg_match("/^[0-9]{1,}$/", $priv) && sql_num_query("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv)) > 0) foreach ($_REQUEST['privileges'] as $priv) {
sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv)); if (preg_match("/^[0-9]{1,}$/", $priv)) {
header("Location: " . page_link_to("admin_groups")); $group_privileges_source = sql_select("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv) . " LIMIT 1");
} else if(count($group_privileges_source) > 0) {
return error("No Group found.", true); sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv));
break; $privilege_names[] = $group_privileges_source[0]['name'];
} }
} }
return $html; }
engelsystem_log("Group privileges of group " . $room['Name'] . " edited: " . join(", ", $privilege_names));
header("Location: " . page_link_to("admin_groups"));
} else
return error("No Group found.", true);
break;
}
}
return $html;
} }
?> ?>

@ -1,279 +1,281 @@
<?php <?php
function admin_import() { function admin_import() {
global $PentabarfXMLhost, $PentabarfXMLpath; global $PentabarfXMLhost, $PentabarfXMLpath;
global $rooms_import; global $rooms_import;
global $user; global $user;
$html = ""; $html = "";
$step = "input"; $step = "input";
if (isset ($_REQUEST['step'])) if (isset ($_REQUEST['step']))
$step = $_REQUEST['step']; $step = $_REQUEST['step'];
$html .= '<p>'; $html .= '<p>';
$html .= $step == "input" ? '<b>1. Input</b>' : '1. Input'; $html .= $step == "input" ? '<b>1. Input</b>' : '1. Input';
$html .= ' &raquo; '; $html .= ' &raquo; ';
$html .= $step == "check" ? '<b>2. Validate</b>' : '2. Validate'; $html .= $step == "check" ? '<b>2. Validate</b>' : '2. Validate';
$html .= ' &raquo; '; $html .= ' &raquo; ';
$html .= $step == "import" ? '<b>3. Import</b>' : '3. Import'; $html .= $step == "import" ? '<b>3. Import</b>' : '3. Import';
$html .= '</p>'; $html .= '</p>';
$import_file = '../import/import_' . $user['UID'] . '.xml'; $import_file = '../import/import_' . $user['UID'] . '.xml';
switch ($step) { switch ($step) {
case "input" : case "input" :
$ok = false; $ok = false;
if ($test_handle = fopen('../import/tmp', 'w')) { if ($test_handle = fopen('../import/tmp', 'w')) {
fclose($test_handle); fclose($test_handle);
unlink('../import/tmp'); unlink('../import/tmp');
} else { } else {
$msg = error("Webserver has no write-permission on import directory.", true); $msg = error("Webserver has no write-permission on import directory.", true);
} }
if (isset ($_REQUEST['submit'])) { if (isset ($_REQUEST['submit'])) {
$ok = true; $ok = true;
if (isset ($_REQUEST['user']) && $_REQUEST['user'] != "" && isset ($_REQUEST['password']) && $_REQUEST['password'] != "") { if (isset ($_REQUEST['user']) && $_REQUEST['user'] != "" && isset ($_REQUEST['password']) && $_REQUEST['password'] != "") {
$fp = fsockopen("ssl://$PentabarfXMLhost", 443, $errno, $errstr, 5); $fp = fsockopen("ssl://$PentabarfXMLhost", 443, $errno, $errstr, 5);
if (!$fp) { if (!$fp) {
$ok = false; $ok = false;
$msg = error("File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_REQUEST["url"] . "' not readable!" . "[$errstr ($errno)]", true); $msg = error("File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_REQUEST["url"] . "' not readable!" . "[$errstr ($errno)]", true);
} else { } else {
$fileOut = fopen($import_file, "w"); $fileOut = fopen($import_file, "w");
$head = 'GET /' . $PentabarfXMLpath . $_REQUEST["url"] . ' HTTP/1.1' . "\r\n" . $head = 'GET /' . $PentabarfXMLpath . $_REQUEST["url"] . ' HTTP/1.1' . "\r\n" .
'Host: ' . $PentabarfXMLhost . "\r\n" . 'Host: ' . $PentabarfXMLhost . "\r\n" .
'User-Agent: Engelsystem' . "\r\n" . 'User-Agent: Engelsystem' . "\r\n" .
'Authorization: Basic ' . 'Authorization: Basic ' .
base64_encode($_REQUEST["user"] . ':' . $_REQUEST["password"]) . "\r\n" . base64_encode($_REQUEST["user"] . ':' . $_REQUEST["password"]) . "\r\n" .
"\r\n"; "\r\n";
fputs($fp, $head); fputs($fp, $head);
$Zeilen = -1; $Zeilen = -1;
echo "<pre>"; echo "<pre>";
while (!feof($fp)) { while (!feof($fp)) {
$Temp = fgets($fp, 1024); $Temp = fgets($fp, 1024);
// show header // show header
if ($Zeilen == -1) { if ($Zeilen == -1) {
echo $Temp; echo $Temp;
} }
// ende des headers // ende des headers
if ($Temp == "\r\n") { if ($Temp == "\r\n") {
echo "</pre>\n"; echo "</pre>\n";
$Zeilen = 0; $Zeilen = 0;
$Temp = ""; $Temp = "";
} }
//file ende? //file ende?
if ($Temp == "0\r\n") if ($Temp == "0\r\n")
break; break;
if (($Zeilen > -1) && ($Temp != "ffb\r\n")) { if (($Zeilen > -1) && ($Temp != "ffb\r\n")) {
//steuerzeichen ausfiltern //steuerzeichen ausfiltern
if (strpos("#$Temp", "\r\n") > 0) if (strpos("#$Temp", "\r\n") > 0)
$Temp = substr($Temp, 0, strlen($Temp) - 2); $Temp = substr($Temp, 0, strlen($Temp) - 2);
if (strpos("#$Temp", "1005") > 0) if (strpos("#$Temp", "1005") > 0)
$Temp = ""; $Temp = "";
if (strpos("#$Temp", "783") > 0) if (strpos("#$Temp", "783") > 0)
$Temp = ""; $Temp = "";
//schreiben in file //schreiben in file
fputs($fileOut, $Temp); fputs($fileOut, $Temp);
$Zeilen++; $Zeilen++;
} }
} }
fclose($fileOut); fclose($fileOut);
fclose($fp); fclose($fp);
$msg .= success("Es wurden $Zeilen Zeilen eingelesen.", true); $msg .= success("Es wurden $Zeilen Zeilen eingelesen.", true);
} }
} }
elseif (isset ($_FILES['xcal_file']) && ($_FILES['xcal_file']['error'] == 0)) { elseif (isset ($_FILES['xcal_file']) && ($_FILES['xcal_file']['error'] == 0)) {
if (move_uploaded_file($_FILES['xcal_file']['tmp_name'], $import_file)) { if (move_uploaded_file($_FILES['xcal_file']['tmp_name'], $import_file)) {
libxml_use_internal_errors(true); libxml_use_internal_errors(true);
if (simplexml_load_file($import_file) === false) { if (simplexml_load_file($import_file) === false) {
$ok = false; $ok = false;
$msg = error("No valid xml/xcal file provided.", true); $msg = error("No valid xml/xcal file provided.", true);
unlink($import_file); unlink($import_file);
} }
} else { } else {
$ok = false; $ok = false;
$msg = error("File upload went wrong.", true); $msg = error("File upload went wrong.", true);
} }
} else { } else {
$ok = false; $ok = false;
$msg = error("Please provide some data.", true); $msg = error("Please provide some data.", true);
} }
} }
if ($ok) if ($ok)
header("Location: " . page_link_to('admin_import') . "&step=check"); header("Location: " . page_link_to('admin_import') . "&step=check");
else else
$html .= template_render('../templates/admin_import_input.html', array ( $html .= template_render('../templates/admin_import_input.html', array (
'link' => page_link_to('admin_import'), 'link' => page_link_to('admin_import'),
'msg' => $msg, 'msg' => $msg,
'url' => "https://$PentabarfXMLhost/$PentabarfXMLpath" 'url' => "https://$PentabarfXMLhost/$PentabarfXMLpath"
)); ));
break; break;
case "check" : case "check" :
if (!file_exists($import_file)) if (!file_exists($import_file))
header("Location: " . page_link_to('admin_import')); header("Location: " . page_link_to('admin_import'));
list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file); list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file);
list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file); list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file);
$html .= template_render('../templates/admin_import_check.html', array ( $html .= template_render('../templates/admin_import_check.html', array (
'link' => page_link_to('admin_import'), 'link' => page_link_to('admin_import'),
'rooms_new' => count($rooms_new) == 0 ? "<tr><td>None</td></tr>" : table_body($rooms_new), 'rooms_new' => count($rooms_new) == 0 ? "<tr><td>None</td></tr>" : table_body($rooms_new),
'rooms_deleted' => count($rooms_deleted) == 0 ? "<tr><td>None</td></tr>" : table_body($rooms_deleted), 'rooms_deleted' => count($rooms_deleted) == 0 ? "<tr><td>None</td></tr>" : table_body($rooms_deleted),
'events_new' => count($events_new) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_new)), 'events_new' => count($events_new) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_new)),
'events_updated' => count($events_updated) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_updated)), 'events_updated' => count($events_updated) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_updated)),
'events_deleted' => count($events_deleted) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_deleted)) 'events_deleted' => count($events_deleted) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_deleted))
)); ));
break; break;
case "import" : case "import" :
if (!file_exists($import_file)) if (!file_exists($import_file))
header("Location: " . page_link_to('admin_import')); header("Location: " . page_link_to('admin_import'));
list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file); list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file);
foreach ($rooms_new as $room) { foreach ($rooms_new as $room) {
sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($room) . "', `FromPentabarf`='Y', `Show`='Y'"); sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($room) . "', `FromPentabarf`='Y', `Show`='Y'");
$rooms_import[trim($room)] = sql_id(); $rooms_import[trim($room)] = sql_id();
} }
foreach ($rooms_deleted as $room) foreach ($rooms_deleted as $room)
sql_query("DELETE FROM `Room` WHERE `Name`='" . sql_escape($room) . "' LIMIT 1"); sql_query("DELETE FROM `Room` WHERE `Name`='" . sql_escape($room) . "' LIMIT 1");
list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file); list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file);
foreach ($events_new as $event) foreach ($events_new as $event)
sql_query("INSERT INTO `Shifts` SET `name`='" . sql_query("INSERT INTO `Shifts` SET `name`='" .
sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "'"); sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "'");
foreach ($events_updated as $event) foreach ($events_updated as $event)
sql_query("UPDATE `Shifts` SET `name`='" . sql_query("UPDATE `Shifts` SET `name`='" .
sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "' WHERE `PSID`=" . sql_escape($event['PSID']) . " LIMIT 1"); sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "' WHERE `PSID`=" . sql_escape($event['PSID']) . " LIMIT 1");
foreach ($events_deleted as $event) foreach ($events_deleted as $event)
sql_query("DELETE FROM `Shifts` WHERE `PSID`=" . sql_query("DELETE FROM `Shifts` WHERE `PSID`=" .
sql_escape($event['PSID']) . " LIMIT 1"); sql_escape($event['PSID']) . " LIMIT 1");
unlink($import_file); engelsystem_log("Pentabarf import done");
$html .= template_render('../templates/admin_import_import.html', array ()); unlink($import_file);
break;
} $html .= template_render('../templates/admin_import_import.html', array ());
break;
return $html; }
return $html;
} }
function prepare_rooms($file) { function prepare_rooms($file) {
global $rooms_import; global $rooms_import;
$data = read_xml($file); $data = read_xml($file);
// Load rooms from db for compare with input // Load rooms from db for compare with input
$rooms = sql_select("SELECT * FROM `Room` WHERE `FromPentabarf`='Y'"); $rooms = sql_select("SELECT * FROM `Room` WHERE `FromPentabarf`='Y'");
$rooms_db = array (); $rooms_db = array ();
$rooms_import = array (); $rooms_import = array ();
foreach ($rooms as $room) { foreach ($rooms as $room) {
$rooms_db[] = $room['Name']; $rooms_db[] = $room['Name'];
$rooms_import[$room['Name']] = $room['RID']; $rooms_import[$room['Name']] = $room['RID'];
} }
$events = $data->vcalendar->vevent; $events = $data->vcalendar->vevent;
$rooms_pb = array (); $rooms_pb = array ();
foreach ($events as $event) { foreach ($events as $event) {
$rooms_pb[] = $event->location; $rooms_pb[] = $event->location;
if (!isset ($rooms_import[trim($event->location)])) if (!isset ($rooms_import[trim($event->location)]))
$rooms_import[trim($event->location)] = trim($event->location); $rooms_import[trim($event->location)] = trim($event->location);
} }
$rooms_pb = array_unique($rooms_pb); $rooms_pb = array_unique($rooms_pb);
$rooms_new = array_diff($rooms_pb, $rooms_db); $rooms_new = array_diff($rooms_pb, $rooms_db);
$rooms_deleted = array_diff($rooms_db, $rooms_pb); $rooms_deleted = array_diff($rooms_db, $rooms_pb);
return array ( return array (
$rooms_new, $rooms_new,
$rooms_deleted $rooms_deleted
); );
} }
function prepare_events($file) { function prepare_events($file) {
global $rooms_import; global $rooms_import;
$data = read_xml($file); $data = read_xml($file);
$rooms = sql_select("SELECT * FROM `Room`"); $rooms = sql_select("SELECT * FROM `Room`");
$rooms_db = array (); $rooms_db = array ();
foreach ($rooms as $room) foreach ($rooms as $room)
$rooms_db[$room['Name']] = $room['RID']; $rooms_db[$room['Name']] = $room['RID'];
$events = $data->vcalendar->vevent; $events = $data->vcalendar->vevent;
$shifts_pb = array (); $shifts_pb = array ();
foreach ($events as $event) { foreach ($events as $event) {
$event_pb = $event->children("http://pentabarf.org"); $event_pb = $event->children("http://pentabarf.org");
$event_id = trim($event_pb-> { $event_id = trim($event_pb-> {
'event-id' }); 'event-id' });
$shifts_pb[$event_id] = array ( $shifts_pb[$event_id] = array (
'start' => DateTime :: createFromFormat("Ymd\THis", $event->dtstart)->getTimestamp(), 'start' => DateTime :: createFromFormat("Ymd\THis", $event->dtstart)->getTimestamp(),
'end' => DateTime :: createFromFormat("Ymd\THis", $event->dtend)->getTimestamp(), 'end' => DateTime :: createFromFormat("Ymd\THis", $event->dtend)->getTimestamp(),
'RID' => $rooms_import[trim($event->location)], 'RID' => $rooms_import[trim($event->location)],
'name' => trim($event->summary), 'name' => trim($event->summary),
'URL' => trim($event->url), 'URL' => trim($event->url),
'PSID' => $event_id 'PSID' => $event_id
); );
} }
$shifts = sql_select("SELECT * FROM `Shifts` WHERE `PSID` IS NOT NULL ORDER BY `start`"); $shifts = sql_select("SELECT * FROM `Shifts` WHERE `PSID` IS NOT NULL ORDER BY `start`");
$shifts_db = array (); $shifts_db = array ();
foreach ($shifts as $shift) foreach ($shifts as $shift)
$shifts_db[$shift['PSID']] = $shift; $shifts_db[$shift['PSID']] = $shift;
$shifts_new = array (); $shifts_new = array ();
$shifts_updated = array (); $shifts_updated = array ();
foreach ($shifts_pb as $shift) foreach ($shifts_pb as $shift)
if (!isset ($shifts_db[$shift['PSID']])) if (!isset ($shifts_db[$shift['PSID']]))
$shifts_new[] = $shift; $shifts_new[] = $shift;
else { else {
$tmp = $shifts_db[$shift['PSID']]; $tmp = $shifts_db[$shift['PSID']];
if ($shift['name'] != $tmp['name'] || $shift['start'] != $tmp['start'] || $shift['end'] != $tmp['end'] || $shift['RID'] != $tmp['RID'] || $shift['URL'] != $tmp['URL']) if ($shift['name'] != $tmp['name'] || $shift['start'] != $tmp['start'] || $shift['end'] != $tmp['end'] || $shift['RID'] != $tmp['RID'] || $shift['URL'] != $tmp['URL'])
$shifts_updated[] = $shift; $shifts_updated[] = $shift;
} }
$shifts_deleted = array (); $shifts_deleted = array ();
foreach ($shifts_db as $shift) foreach ($shifts_db as $shift)
if (!isset ($shifts_pb[$shift['PSID']])) if (!isset ($shifts_pb[$shift['PSID']]))
$shifts_deleted[] = $shift; $shifts_deleted[] = $shift;
return array ( return array (
$shifts_new, $shifts_new,
$shifts_updated, $shifts_updated,
$shifts_deleted $shifts_deleted
); );
} }
function read_xml($file) { function read_xml($file) {
global $xml_import; global $xml_import;
if (!isset ($xml_import)) if (!isset ($xml_import))
$xml_import = simplexml_load_file($file); $xml_import = simplexml_load_file($file);
return $xml_import; return $xml_import;
} }
function shifts_printable($shifts) { function shifts_printable($shifts) {
global $rooms_import; global $rooms_import;
$rooms = array_flip($rooms_import); $rooms = array_flip($rooms_import);
uasort($shifts, 'shift_sort'); uasort($shifts, 'shift_sort');
$shifts_printable = array (); $shifts_printable = array ();
foreach ($shifts as $shift) foreach ($shifts as $shift)
$shifts_printable[] = array ( $shifts_printable[] = array (
'day' => date("l, Y-m-d", $shift['start']), 'day' => date("l, Y-m-d", $shift['start']),
'start' => date("H:i", $shift['start']), 'start' => date("H:i", $shift['start']),
'name' => shorten($shift['name']), 'name' => shorten($shift['name']),
'end' => date("H:i", $shift['end']), 'end' => date("H:i", $shift['end']),
'room' => $rooms[$shift['RID']] 'room' => $rooms[$shift['RID']]
); );
return $shifts_printable; return $shifts_printable;
} }
function shift_sort($a, $b) { function shift_sort($a, $b) {
return ($a['start'] < $b['start']) ? -1 : 1; return ($a['start'] < $b['start']) ? -1 : 1;
} }
?> ?>

@ -1,87 +1,89 @@
<?php <?php
function admin_news() { function admin_news() {
global $user; global $user;
if (!isset ($_GET["action"])) { if (!isset ($_GET["action"])) {
header("Location: " . page_link_to("news")); header("Location: " . page_link_to("news"));
} else { } else {
$html = ""; $html = "";
switch ($_GET["action"]) { switch ($_GET["action"]) {
case 'edit' : case 'edit' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id']; $id = $_REQUEST['id'];
else else
return error("Incomplete call, missing News ID.", true); return error("Incomplete call, missing News ID.", true);
$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
if (count($news) > 0) { if (count($news) > 0) {
list ($news) = $news; list ($news) = $news;
$html .= '<a href="' . page_link_to("news") . '">&laquo Back</a>'; $html .= '<a href="' . page_link_to("news") . '">&laquo Back</a>';
$html .= "<form action=\"" . page_link_to("admin_news") . "&action=save\" method=\"post\">\n"; $html .= "<form action=\"" . page_link_to("admin_news") . "&action=save\" method=\"post\">\n";
$html .= "<table>\n"; $html .= "<table>\n";
$html .= " <tr><td>Datum</td><td>" . $html .= " <tr><td>Datum</td><td>" .
date("Y-m-d H:i", $news['Datum']) . "</td></tr>\n"; date("Y-m-d H:i", $news['Datum']) . "</td></tr>\n";
$html .= " <tr><td>Betreff</td><td><input type=\"text\" size=\"40\" name=\"eBetreff\" value=\"" . $html .= " <tr><td>Betreff</td><td><input type=\"text\" size=\"40\" name=\"eBetreff\" value=\"" .
$news["Betreff"] . "\"></td></tr>\n"; $news["Betreff"] . "\"></td></tr>\n";
$html .= " <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">" . $html .= " <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">" .
$news["Text"] . "</textarea></td></tr>\n"; $news["Text"] . "</textarea></td></tr>\n";
$html .= " <tr><td>Engel</td><td>" . $html .= " <tr><td>Engel</td><td>" .
UID2Nick($news["UID"]) . "</td></tr>\n"; UID2Nick($news["UID"]) . "</td></tr>\n";
$html .= " <tr><td>Treffen</td><td>" . html_select_key('eTreffen', 'eTreffen', array ( $html .= " <tr><td>Treffen</td><td>" . html_select_key('eTreffen', 'eTreffen', array (
'1' => "Ja", '1' => "Ja",
'0' => "Nein" '0' => "Nein"
), $news['Treffen']) . "</td></tr>\n"; ), $news['Treffen']) . "</td></tr>\n";
$html .= "</table>"; $html .= "</table>";
$html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n"; $html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n";
$html .= "<input type=\"submit\" name=\"submit\" value=\"Speichern\">\n"; $html .= "<input type=\"submit\" name=\"submit\" value=\"Speichern\">\n";
$html .= "</form>"; $html .= "</form>";
$html .= "<form action=\"" . page_link_to("admin_news") . "&action=delete\" method=\"POST\">\n"; $html .= "<form action=\"" . page_link_to("admin_news") . "&action=delete\" method=\"POST\">\n";
$html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n"; $html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n";
$html .= "<input type=\"submit\" name=\"submit\" value=\"Löschen\">\n"; $html .= "<input type=\"submit\" name=\"submit\" value=\"Löschen\">\n";
$html .= "</form>"; $html .= "</form>";
} else } else
return error("No News found.", true); return error("No News found.", true);
break; break;
case 'save' : case 'save' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id']; $id = $_REQUEST['id'];
else else
return error("Incomplete call, missing News ID.", true); return error("Incomplete call, missing News ID.", true);
$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
if (count($news) > 0) { if (count($news) > 0) {
list ($news) = $news; list ($news) = $news;
sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) . sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) .
"', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1"); "', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1");
header("Location: " . page_link_to("news")); engelsystem_log("News updated: " . $_POST["eBetreff"]);
} else header("Location: " . page_link_to("news"));
return error("No News found.", true); } else
break; return error("No News found.", true);
break;
case 'delete' : case 'delete' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id']; $id = $_REQUEST['id'];
else else
return error("Incomplete call, missing News ID.", true); return error("Incomplete call, missing News ID.", true);
$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
if (count($news) > 0) { if (count($news) > 0) {
list ($news) = $news; list ($news) = $news;
sql_query("DELETE FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("news")); engelsystem_log("News deleted: " . $news['Betreff']);
} else header("Location: " . page_link_to("news"));
return error("No News found.", true); } else
break; return error("No News found.", true);
} break;
} }
return $html; }
return $html;
} }
?> ?>

@ -1,85 +1,87 @@
<?php <?php
function admin_new_questions() { function admin_new_questions() {
global $user, $privileges; global $user, $privileges;
if (in_array("admin_questions", $privileges)) { if (in_array("admin_questions", $privileges)) {
$new_messages = sql_num_query("SELECT * FROM `Questions` WHERE `AID`=0"); $new_messages = sql_num_query("SELECT * FROM `Questions` WHERE `AID`=0");
if ($new_messages > 0) if ($new_messages > 0)
return '<p class="info"><a href="' . page_link_to("admin_questions") . '">Es gibt unbeantwortete Fragen!</a></p><hr />'; return '<p class="info"><a href="' . page_link_to("admin_questions") . '">Es gibt unbeantwortete Fragen!</a></p><hr />';
} }
return ""; return "";
} }
function admin_questions() { function admin_questions() {
global $user; global $user;
if (!isset ($_REQUEST['action'])) { if (!isset ($_REQUEST['action'])) {
$open_questions = ""; $open_questions = "";
$questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0"); $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0");
foreach ($questions as $question) foreach ($questions as $question)
$open_questions .= template_render( $open_questions .= template_render(
'../templates/admin_question_unanswered.html', array ( '../templates/admin_question_unanswered.html', array (
'question_nick' => UID2Nick($question['UID']), 'question_nick' => UID2Nick($question['UID']),
'question_id' => $question['QID'], 'question_id' => $question['QID'],
'link' => page_link_to("admin_questions"), 'link' => page_link_to("admin_questions"),
'question' => str_replace("\n", '<br />', $question['Question']) 'question' => str_replace("\n", '<br />', $question['Question'])
)); ));
$answered_questions = ""; $answered_questions = "";
$questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0"); $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0");
foreach ($questions as $question) foreach ($questions as $question)
$answered_questions .= template_render( $answered_questions .= template_render(
'../templates/admin_question_answered.html', array ( '../templates/admin_question_answered.html', array (
'question_id' => $question['QID'], 'question_id' => $question['QID'],
'question_nick' => UID2Nick($question['UID']), 'question_nick' => UID2Nick($question['UID']),
'question' => str_replace("\n", "<br />", $question['Question']), 'question' => str_replace("\n", "<br />", $question['Question']),
'answer_nick' => UID2Nick($question['AID']), 'answer_nick' => UID2Nick($question['AID']),
'answer' => str_replace("\n", "<br />", $question['Answer']), 'answer' => str_replace("\n", "<br />", $question['Answer']),
'link' => page_link_to("admin_questions"), 'link' => page_link_to("admin_questions"),
)); ));
return template_render('../templates/admin_questions.html', array ( return template_render('../templates/admin_questions.html', array (
'link' => page_link_to("admin_questions"), 'link' => page_link_to("admin_questions"),
'open_questions' => $open_questions, 'open_questions' => $open_questions,
'answered_questions' => $answered_questions 'answered_questions' => $answered_questions
)); ));
} else { } else {
switch ($_REQUEST['action']) { switch ($_REQUEST['action']) {
case 'answer' : case 'answer' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id']; $id = $_REQUEST['id'];
else else
return error("Incomplete call, missing Question ID.", true); return error("Incomplete call, missing Question ID.", true);
$question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
if (count($question) > 0 && $question[0]['AID'] == "0") { if (count($question) > 0 && $question[0]['AID'] == "0") {
$answer = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer']))); $answer = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer'])));
if ($answer != "") { if ($answer != "") {
sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("admin_questions")); engelsystem_log("Question " . $question[0]['Question'] . " answered: " . $answer);
} else header("Location: " . page_link_to("admin_questions"));
return error("Gib eine Antwort ein!", true); } else
} else return error("Gib eine Antwort ein!", true);
return error("No question found.", true); } else
break; return error("No question found.", true);
case 'delete' : break;
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) case 'delete' :
$id = $_REQUEST['id']; if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
else $id = $_REQUEST['id'];
return error("Incomplete call, missing Question ID.", true); else
return error("Incomplete call, missing Question ID.", true);
$question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
if (count($question) > 0) { if (count($question) > 0) {
sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("admin_questions")); engelsystem_log("Question deleted: " . $question[0]['Question']);
} else header("Location: " . page_link_to("admin_questions"));
return error("No question found.", true); } else
break; return error("No question found.", true);
} break;
} }
}
} }
?> ?>

@ -77,17 +77,26 @@ function admin_rooms() {
} }
if ($ok) { if ($ok) {
if(isset($id)) if(isset($id)) {
sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`=" . sql_escape($id) . " LIMIT 1"); sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`=" . sql_escape($id) . " LIMIT 1");
else { engelsystem_log("Room updated: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number);
} else {
sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "'"); sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "'");
$id = sql_id(); $id = sql_id();
engelsystem_log("Room created: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number);
} }
sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($id)); sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($id));
foreach ($angeltypes_count as $angeltype_id => $angeltype_count) $needed_angeltype_info = array();
sql_query("INSERT INTO `NeededAngelTypes` SET `room_id`=" . sql_escape($id) . ", `angel_type_id`=" . sql_escape($angeltype_id) . ", `count`=" . sql_escape($angeltype_count)); foreach ($angeltypes_count as $angeltype_id => $angeltype_count) {
$angeltype_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($angeltype_id) . " LIMIT 1");
if(count($angeltype_source) > 0) {
sql_query("INSERT INTO `NeededAngelTypes` SET `room_id`=" . sql_escape($id) . ", `angel_type_id`=" . sql_escape($angeltype_id) . ", `count`=" . sql_escape($angeltype_count));
$needed_angeltype_info[] = $angeltypes_source[0]['name'] . ": " . $angeltype_count;
}
}
engelsystem_log("Set needed angeltypes of room " . $name . " to: " . join(", ", $needed_angeltype_info));
success("Room saved."); success("Room saved.");
redirect(page_link_to("admin_rooms")); redirect(page_link_to("admin_rooms"));
} }
@ -116,6 +125,8 @@ function admin_rooms() {
if (isset ($_REQUEST['ack'])) { if (isset ($_REQUEST['ack'])) {
sql_query("DELETE FROM `Room` WHERE `RID`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `Room` WHERE `RID`=" . sql_escape($id) . " LIMIT 1");
sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($id) . " LIMIT 1");
engelsystem_log("Room deleted: " . $name);
success(sprintf("Room %s deleted.", $name)); success(sprintf("Room %s deleted.", $name));
redirect(page_link_to('admin_rooms')); redirect(page_link_to('admin_rooms'));
} }

@ -233,11 +233,18 @@ function admin_shifts() {
foreach ($_SESSION['admin_shifts_shifts'] as $shift) { foreach ($_SESSION['admin_shifts_shifts'] as $shift) {
sql_query("INSERT INTO `Shifts` SET `start`=" . sql_escape($shift['start']) . ", `end`=" . sql_escape($shift['end']) . ", `RID`=" . sql_escape($shift['RID']) . ", `name`='" . sql_escape($shift['name']) . "'"); sql_query("INSERT INTO `Shifts` SET `start`=" . sql_escape($shift['start']) . ", `end`=" . sql_escape($shift['end']) . ", `RID`=" . sql_escape($shift['RID']) . ", `name`='" . sql_escape($shift['name']) . "'");
$shift_id = sql_id(); $shift_id = sql_id();
engelsystem_log("Shift created: " . $shift['name'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end']));
$needed_angel_types_info = array();
foreach ($_SESSION['admin_shifts_types'] as $type_id => $count) { foreach ($_SESSION['admin_shifts_types'] as $type_id => $count) {
sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count)); $angel_type_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($type_id) . " LIMIT 1");
if(count($angel_type_source) > 0) {
sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count));
$needed_angel_types_info[] = $angel_type_source[0]['name'] . ": " . $count;
}
} }
} }
engelsystem_log("Shift needs following angel types: " . join(", ", $needed_angel_types_info));
$msg = success("Schichten angelegt.", true); $msg = success("Schichten angelegt.", true);
} else { } else {
unset ($_SESSION['admin_shifts_shifts']); unset ($_SESSION['admin_shifts_shifts']);

@ -8,16 +8,24 @@ function admin_user_angeltypes() {
global $privileges; global $privileges;
if (isset ($_REQUEST['confirm']) && test_request_int('confirm') && sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " AND `confirm_user_id` IS NULL") > 0) { if (isset ($_REQUEST['confirm']) && test_request_int('confirm') && sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " AND `confirm_user_id` IS NULL") > 0) {
sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id`=" . sql_escape($_SESSION['uid']) . " WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " LIMIT 1"); $user_angel_type_source = sql_select("SELECT `UserAngelTypes`.*, `User`.`Nick`, `AngelTypes`.`name` FROM `UserAngelTypes` JOIN `User` ON `User`.`UID`=`UserAngelTypes`.`user_id` JOIN `AngelTypes` ON `AngelTypes`.`id`=`UserAngelTypes`.`angeltype_id` WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " LIMIT 1");
if(count($user_angel_type_source) > 0) {
success("Confirmed."); sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id`=" . sql_escape($_SESSION['uid']) . " WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " LIMIT 1");
engelsystem_log("Confirmed " . $user_angel_type_source[0]['Nick'] . " as " . $user_angel_type_source[0]['name']);
success("Confirmed.");
}
else error("Entry not found.");
redirect(page_link_to('admin_user_angeltypes')); redirect(page_link_to('admin_user_angeltypes'));
} }
if (isset ($_REQUEST['discard']) && test_request_int('discard') && sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " AND `confirm_user_id` IS NULL") > 0) { if (isset ($_REQUEST['discard']) && test_request_int('discard') && sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " AND `confirm_user_id` IS NULL") > 0) {
sql_query("DELETE FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " LIMIT 1"); $user_angel_type_source = sql_select("SELECT `UserAngelTypes`.*, `User`.`Nick`, `AngelTypes`.`name` FROM `UserAngelTypes` JOIN `User` ON `User`.`UID`=`UserAngelTypes`.`user_id` JOIN `AngelTypes` ON `AngelTypes`.`id`=`UserAngelTypes`.`angeltype_id` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " LIMIT 1");
if(count($user_angel_type_source) > 0) {
success("Discarded."); sql_query("DELETE FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " LIMIT 1");
engelsystem_log("Discarded " . $user_angel_type_source[0]['Nick'] . " as " . $user_angel_type_source[0]['name']);
success("Discarded.");
}
else error("Entry not found.");
redirect(page_link_to('admin_user_angeltypes')); redirect(page_link_to('admin_user_angeltypes'));
} }

@ -0,0 +1,19 @@
<?php
/**
* Write a log entry. This should be used to log user's activity.
* @param $message
*/
function engelsystem_log($message) {
global $user;
if(isset($user)) {
$nick = $user['Nick'];
} else {
$nick = "Guest";
}
LogEntry_create($nick, $message);
}
?>

@ -3,6 +3,7 @@ require_once ('bootstrap.php');
require_once ('includes/sys_auth.php'); require_once ('includes/sys_auth.php');
require_once ('includes/sys_counter.php'); require_once ('includes/sys_counter.php');
require_once ('includes/sys_lang.php'); require_once ('includes/sys_lang.php');
require_once ('includes/sys_log.php');
require_once ('includes/sys_menu.php'); require_once ('includes/sys_menu.php');
require_once ('includes/sys_mysql.php'); require_once ('includes/sys_mysql.php');
require_once ('includes/sys_page.php'); require_once ('includes/sys_page.php');

Loading…
Cancel
Save