#28 begin log
parent
213b6261c8
commit
0dabaa505e
@ -0,0 +1,19 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
if(sql_num_query("SHOW TABLES LIKE 'LogEntries'") == 0) {
|
||||||
|
sql_query("CREATE TABLE `LogEntries` (
|
||||||
|
`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
|
||||||
|
`timestamp` INT NOT NULL ,
|
||||||
|
`nick` VARCHAR( 23 ) NOT NULL ,
|
||||||
|
`message` TEXT NOT NULL ,
|
||||||
|
INDEX ( `timestamp` )
|
||||||
|
) ENGINE = InnoDB;");
|
||||||
|
$applied = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(sql_num_query("SHOW TABLES LIKE 'ChangeLog'") == 0) {
|
||||||
|
sql_query("DROP TABLE `ChangeLog`");
|
||||||
|
$applied = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
@ -0,0 +1,15 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates a log entry.
|
||||||
|
* @param $nick Username
|
||||||
|
* @param $message Log Message
|
||||||
|
*/
|
||||||
|
function LogEntry_create($nick, $message) {
|
||||||
|
$timestamp = date();
|
||||||
|
|
||||||
|
sql_query("INSERT INTO `LogEntries` SET `timestamp`=" . sql_escape($timestamp) . ", `nick`='" . sql_escape($nick) . "', `message`='" . sql_escape($message) . "'");
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
?>
|
@ -0,0 +1,14 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns user by id.
|
||||||
|
* @param $id UID
|
||||||
|
*/
|
||||||
|
function User($id) {
|
||||||
|
$user_source = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
|
||||||
|
if(count($user_source) > 0)
|
||||||
|
return $user_source[0];
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
@ -1,120 +1,144 @@
|
|||||||
<?php
|
<?php
|
||||||
function admin_active() {
|
function admin_active() {
|
||||||
global $tshirt_sizes;
|
global $tshirt_sizes;
|
||||||
|
|
||||||
$msg = "";
|
|
||||||
$search = "";
|
|
||||||
$count = 0;
|
|
||||||
$limit = "";
|
|
||||||
$set_active = "";
|
|
||||||
if (isset ($_REQUEST['search']))
|
|
||||||
$search = strip_request_item('search');
|
|
||||||
|
|
||||||
if (isset ($_REQUEST['set_active'])) {
|
$msg = "";
|
||||||
$ok = true;
|
$search = "";
|
||||||
|
$count = 0;
|
||||||
|
$limit = "";
|
||||||
|
$set_active = "";
|
||||||
|
if (isset ($_REQUEST['search']))
|
||||||
|
$search = strip_request_item('search');
|
||||||
|
|
||||||
if (isset ($_REQUEST['count']) && preg_match("/^[0-9]+$/", $_REQUEST['count']))
|
if (isset ($_REQUEST['set_active'])) {
|
||||||
$count = strip_request_item('count');
|
$ok = true;
|
||||||
else {
|
|
||||||
$ok = false;
|
|
||||||
$msg .= error("Please enter a number of angels to be marked as active.", true);
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($ok)
|
if (isset ($_REQUEST['count']) && preg_match("/^[0-9]+$/", $_REQUEST['count']))
|
||||||
$limit = " LIMIT " . $count;
|
$count = strip_request_item('count');
|
||||||
if (isset ($_REQUEST['ack'])) {
|
else {
|
||||||
sql_query("UPDATE `User` SET `Aktiv` = 0 WHERE `Tshirt` = 0");
|
$ok = false;
|
||||||
$users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit);
|
$msg .= error("Please enter a number of angels to be marked as active.", true);
|
||||||
foreach ($users as $usr)
|
}
|
||||||
sql_query("UPDATE `User` SET `Aktiv` = 1 WHERE `UID`=" . sql_escape($usr['UID']));
|
|
||||||
|
|
||||||
$limit = "";
|
if ($ok)
|
||||||
$msg = success("Marked angels.", true);
|
$limit = " LIMIT " . $count;
|
||||||
} else {
|
if (isset ($_REQUEST['ack'])) {
|
||||||
$set_active = '<a href="' . page_link_to('admin_active') . '&serach=' . $search . '">« back</a> | <a href="' . page_link_to('admin_active') . '&search=' . $search . '&count=' . $count . '&set_active&ack">apply</a>';
|
sql_query("UPDATE `User` SET `Aktiv` = 0 WHERE `Tshirt` = 0");
|
||||||
}
|
$users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit);
|
||||||
}
|
$user_nicks = array();
|
||||||
|
foreach ($users as $usr) {
|
||||||
|
sql_query("UPDATE `User` SET `Aktiv` = 1 WHERE `UID`=" . sql_escape($usr['UID']));
|
||||||
|
$user_nicks[] = $usr['Nick'];
|
||||||
|
}
|
||||||
|
engelsystem_log("These angels are active now: " . join(", ", $user_nicks));
|
||||||
|
|
||||||
if (isset ($_REQUEST['active']) && preg_match("/^[0-9]+$/", $_REQUEST['active'])) {
|
$limit = "";
|
||||||
$id = $_REQUEST['active'];
|
$msg = success("Marked angels.", true);
|
||||||
sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
|
} else {
|
||||||
$msg = success("Angel has been marked as active.", true);
|
$set_active = '<a href="' . page_link_to('admin_active') . '&serach=' . $search . '">« back</a> | <a href="' . page_link_to('admin_active') . '&search=' . $search . '&count=' . $count . '&set_active&ack">apply</a>';
|
||||||
}
|
}
|
||||||
elseif (isset ($_REQUEST['not_active']) && preg_match("/^[0-9]+$/", $_REQUEST['not_active'])) {
|
}
|
||||||
$id = $_REQUEST['not_active'];
|
|
||||||
sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
|
|
||||||
$msg = success("Angel has been marked as not active.", true);
|
|
||||||
}
|
|
||||||
elseif (isset ($_REQUEST['tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['tshirt'])) {
|
|
||||||
$id = $_REQUEST['tshirt'];
|
|
||||||
sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
|
|
||||||
$msg = success("Angel has got a t-shirt.", true);
|
|
||||||
}
|
|
||||||
elseif (isset ($_REQUEST['not_tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['not_tshirt'])) {
|
|
||||||
$id = $_REQUEST['not_tshirt'];
|
|
||||||
sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
|
|
||||||
$msg = success("Angel has got no t-shirt.", true);
|
|
||||||
}
|
|
||||||
|
|
||||||
$users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit);
|
if (isset ($_REQUEST['active']) && preg_match("/^[0-9]+$/", $_REQUEST['active'])) {
|
||||||
|
$id = $_REQUEST['active'];
|
||||||
|
$user_source = User($id);
|
||||||
|
if($user_source != null) {
|
||||||
|
sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
|
||||||
|
engelsystem_log("User " . $user_source['Nick'] . " is active now.");
|
||||||
|
$msg = success("Angel has been marked as active.", true);
|
||||||
|
}
|
||||||
|
else $msg = error("Angel not found.", true);
|
||||||
|
}
|
||||||
|
elseif (isset ($_REQUEST['not_active']) && preg_match("/^[0-9]+$/", $_REQUEST['not_active'])) {
|
||||||
|
$id = $_REQUEST['not_active'];
|
||||||
|
$user_source = User($id);
|
||||||
|
if($user_source != null) {
|
||||||
|
sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
|
||||||
|
engelsystem_log("User " . $user_source['Nick'] . " is NOT active now.");
|
||||||
|
$msg = success("Angel has been marked as not active.", true);
|
||||||
|
}
|
||||||
|
else $msg = error("Angel not found.", true);
|
||||||
|
}
|
||||||
|
elseif (isset ($_REQUEST['tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['tshirt'])) {
|
||||||
|
$id = $_REQUEST['tshirt'];
|
||||||
|
$user_source = User($id);
|
||||||
|
if($user_source != null) {
|
||||||
|
sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
|
||||||
|
engelsystem_log("User " . $user_source['Nick'] . " has tshirt now.");
|
||||||
|
$msg = success("Angel has got a t-shirt.", true);
|
||||||
|
}
|
||||||
|
else $msg = error("Angel not found.", true);
|
||||||
|
}
|
||||||
|
elseif (isset ($_REQUEST['not_tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['not_tshirt'])) {
|
||||||
|
$id = $_REQUEST['not_tshirt'];
|
||||||
|
$user_source = User($id);
|
||||||
|
if($user_source != null) {
|
||||||
|
sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
|
||||||
|
engelsystem_log("User " . $user_source['Nick'] . " NO tshirt.");
|
||||||
|
$msg = success("Angel has got no t-shirt.", true);
|
||||||
|
}
|
||||||
|
else $msg = error("Angel not found.", true);
|
||||||
|
}
|
||||||
|
|
||||||
$table = "";
|
$users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit);
|
||||||
if ($search == "")
|
|
||||||
$tokens = array ();
|
|
||||||
else
|
|
||||||
$tokens = explode(" ", $search);
|
|
||||||
foreach ($users as $usr) {
|
|
||||||
if (count($tokens) > 0) {
|
|
||||||
$match = false;
|
|
||||||
$index = join("", $usr);
|
|
||||||
foreach ($tokens as $t)
|
|
||||||
if (strstr($index, trim($t))) {
|
|
||||||
$match = true;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
if (!$match)
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
$table .= '<tr>';
|
|
||||||
$table .= '<td>' . $usr['Nick'] . '</td>';
|
|
||||||
$table .= '<td>' . $tshirt_sizes[$usr['Size']] . '</td>';
|
|
||||||
$table .= '<td>' . $usr['shift_count'] . '</td>';
|
|
||||||
|
|
||||||
if ($usr['shift_count'] == 0)
|
$table = "";
|
||||||
$table .= '<td>-</td>';
|
if ($search == "")
|
||||||
else
|
$tokens = array ();
|
||||||
$table .= '<td>' . round($usr['shift_length'] / 60) . ' min (' . round($usr['shift_length'] / 3600) . ' h)</td>';
|
else
|
||||||
|
$tokens = explode(" ", $search);
|
||||||
|
foreach ($users as $usr) {
|
||||||
|
if (count($tokens) > 0) {
|
||||||
|
$match = false;
|
||||||
|
$index = join("", $usr);
|
||||||
|
foreach ($tokens as $t)
|
||||||
|
if (strstr($index, trim($t))) {
|
||||||
|
$match = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
if (!$match)
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
$table .= '<tr>';
|
||||||
|
$table .= '<td>' . $usr['Nick'] . '</td>';
|
||||||
|
$table .= '<td>' . $tshirt_sizes[$usr['Size']] . '</td>';
|
||||||
|
$table .= '<td>' . $usr['shift_count'] . '</td>';
|
||||||
|
|
||||||
if ($usr['Aktiv'] == 1)
|
if ($usr['shift_count'] == 0)
|
||||||
$table .= '<td>yes</td>';
|
$table .= '<td>-</td>';
|
||||||
else
|
else
|
||||||
$table .= '<td></td>';
|
$table .= '<td>' . round($usr['shift_length'] / 60) . ' min (' . round($usr['shift_length'] / 3600) . ' h)</td>';
|
||||||
if ($usr['Tshirt'] == 1)
|
|
||||||
$table .= '<td>yes</td>';
|
|
||||||
else
|
|
||||||
$table .= '<td></td>';
|
|
||||||
|
|
||||||
$actions = array ();
|
if ($usr['Aktiv'] == 1)
|
||||||
if ($usr['Aktiv'] == 0)
|
$table .= '<td>yes</td>';
|
||||||
$actions[] = '<a href="' . page_link_to('admin_active') . '&active=' . $usr['UID'] . '&search=' . $search . '">set active</a>';
|
else
|
||||||
if ($usr['Aktiv'] == 1 && $usr['Tshirt'] == 0) {
|
$table .= '<td></td>';
|
||||||
$actions[] = '<a href="' . page_link_to('admin_active') . '&not_active=' . $usr['UID'] . '&search=' . $search . '">remove active</a>';
|
if ($usr['Tshirt'] == 1)
|
||||||
$actions[] = '<a href="' . page_link_to('admin_active') . '&tshirt=' . $usr['UID'] . '&search=' . $search . '">got t-shirt</a>';
|
$table .= '<td>yes</td>';
|
||||||
}
|
else
|
||||||
if ($usr['Tshirt'] == 1)
|
$table .= '<td></td>';
|
||||||
$actions[] = '<a href="' . page_link_to('admin_active') . '&not_tshirt=' . $usr['UID'] . '&search=' . $search . '">remove t-shirt</a>';
|
|
||||||
|
|
||||||
$table .= '<td>' . join(' | ', $actions) . '</td>';
|
$actions = array ();
|
||||||
|
if ($usr['Aktiv'] == 0)
|
||||||
|
$actions[] = '<a href="' . page_link_to('admin_active') . '&active=' . $usr['UID'] . '&search=' . $search . '">set active</a>';
|
||||||
|
if ($usr['Aktiv'] == 1 && $usr['Tshirt'] == 0) {
|
||||||
|
$actions[] = '<a href="' . page_link_to('admin_active') . '&not_active=' . $usr['UID'] . '&search=' . $search . '">remove active</a>';
|
||||||
|
$actions[] = '<a href="' . page_link_to('admin_active') . '&tshirt=' . $usr['UID'] . '&search=' . $search . '">got t-shirt</a>';
|
||||||
|
}
|
||||||
|
if ($usr['Tshirt'] == 1)
|
||||||
|
$actions[] = '<a href="' . page_link_to('admin_active') . '&not_tshirt=' . $usr['UID'] . '&search=' . $search . '">remove t-shirt</a>';
|
||||||
|
|
||||||
$table .= '</tr>';
|
$table .= '<td>' . join(' | ', $actions) . '</td>';
|
||||||
}
|
|
||||||
return template_render('../templates/admin_active.html', array (
|
$table .= '</tr>';
|
||||||
'search' => $search,
|
}
|
||||||
'count' => $count,
|
return template_render('../templates/admin_active.html', array (
|
||||||
'set_active' => $set_active,
|
'search' => $search,
|
||||||
'table' => $table,
|
'count' => $count,
|
||||||
'msg' => $msg,
|
'set_active' => $set_active,
|
||||||
'link' => page_link_to('admin_active')
|
'table' => $table,
|
||||||
));
|
'msg' => $msg,
|
||||||
|
'link' => page_link_to('admin_active')
|
||||||
|
));
|
||||||
}
|
}
|
||||||
?>
|
?>
|
@ -1,52 +1,60 @@
|
|||||||
<?php
|
<?php
|
||||||
function admin_arrive() {
|
function admin_arrive() {
|
||||||
$msg = "";
|
$msg = "";
|
||||||
$search = "";
|
$search = "";
|
||||||
if (isset ($_REQUEST['search']))
|
if (isset ($_REQUEST['search']))
|
||||||
$search = strip_request_item('search');
|
$search = strip_request_item('search');
|
||||||
|
|
||||||
if (isset ($_REQUEST['reset']) && preg_match("/^[0-9]*$/", $_REQUEST['reset'])) {
|
if (isset ($_REQUEST['reset']) && preg_match("/^[0-9]*$/", $_REQUEST['reset'])) {
|
||||||
$id = $_REQUEST['reset'];
|
$id = $_REQUEST['reset'];
|
||||||
sql_query("UPDATE `User` SET `Gekommen`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
|
$user_source = User($id);
|
||||||
$msg = success("Reset done. Angel has not arrived.", true);
|
if($user_source != null) {
|
||||||
}
|
sql_query("UPDATE `User` SET `Gekommen`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
|
||||||
elseif (isset ($_REQUEST['arrived']) && preg_match("/^[0-9]*$/", $_REQUEST['arrived'])) {
|
engelsystem_log("User set to not arrived: " . $user_source['Nick']);
|
||||||
$id = $_REQUEST['arrived'];
|
$msg = success("Reset done. Angel has not arrived.", true);
|
||||||
sql_query("UPDATE `User` SET `Gekommen`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
|
} else $msg = error("Angel not found.", true);
|
||||||
$msg = success("Angel has been marked as arrived.", true);
|
}
|
||||||
}
|
elseif (isset ($_REQUEST['arrived']) && preg_match("/^[0-9]*$/", $_REQUEST['arrived'])) {
|
||||||
|
$id = $_REQUEST['arrived'];
|
||||||
|
$user_source = User($id);
|
||||||
|
if($user_source != null) {
|
||||||
|
sql_query("UPDATE `User` SET `Gekommen`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
|
||||||
|
engelsystem_log("User set has arrived: " . $user_source['Nick']);
|
||||||
|
$msg = success("Angel has been marked as arrived.", true);
|
||||||
|
} else $msg = error("Angel not found.", true);
|
||||||
|
}
|
||||||
|
|
||||||
$users = sql_select("SELECT * FROM `User` ORDER BY `Nick`");
|
$users = sql_select("SELECT * FROM `User` ORDER BY `Nick`");
|
||||||
$table = "";
|
$table = "";
|
||||||
if ($search == "")
|
if ($search == "")
|
||||||
$tokens = array ();
|
$tokens = array ();
|
||||||
else
|
else
|
||||||
$tokens = explode(" ", $search);
|
$tokens = explode(" ", $search);
|
||||||
foreach ($users as $usr) {
|
foreach ($users as $usr) {
|
||||||
if (count($tokens) > 0) {
|
if (count($tokens) > 0) {
|
||||||
$match = false;
|
$match = false;
|
||||||
$index = join("", $usr);
|
$index = join("", $usr);
|
||||||
foreach ($tokens as $t)
|
foreach ($tokens as $t)
|
||||||
if (strstr($index, trim($t))) {
|
if (strstr($index, trim($t))) {
|
||||||
$match = true;
|
$match = true;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if (!$match)
|
if (!$match)
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
$table .= '<tr>';
|
$table .= '<tr>';
|
||||||
$table .= '<td>' . $usr['Nick'] . '</td>';
|
$table .= '<td>' . $usr['Nick'] . '</td>';
|
||||||
if ($usr['Gekommen'] == 1)
|
if ($usr['Gekommen'] == 1)
|
||||||
$table .= '<td>yes</td><td><a href="' . page_link_to('admin_arrive') . '&reset=' . $usr['UID'] . '&search=' . $search . '">reset</a></td>';
|
$table .= '<td>yes</td><td><a href="' . page_link_to('admin_arrive') . '&reset=' . $usr['UID'] . '&search=' . $search . '">reset</a></td>';
|
||||||
else
|
else
|
||||||
$table .= '<td></td><td><a href="' . page_link_to('admin_arrive') . '&arrived=' . $usr['UID'] . '&search=' . $search . '">arrived</a></td>';
|
$table .= '<td></td><td><a href="' . page_link_to('admin_arrive') . '&arrived=' . $usr['UID'] . '&search=' . $search . '">arrived</a></td>';
|
||||||
$table .= '</tr>';
|
$table .= '</tr>';
|
||||||
}
|
}
|
||||||
return template_render('../templates/admin_arrive.html', array (
|
return template_render('../templates/admin_arrive.html', array (
|
||||||
'search' => $search,
|
'search' => $search,
|
||||||
'table' => $table,
|
'table' => $table,
|
||||||
'msg' => $msg,
|
'msg' => $msg,
|
||||||
'link' => page_link_to('admin_arrive')
|
'link' => page_link_to('admin_arrive')
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
?>
|
?>
|
@ -1,91 +1,99 @@
|
|||||||
<?php
|
<?php
|
||||||
function admin_groups() {
|
function admin_groups() {
|
||||||
global $user;
|
global $user;
|
||||||
|
|
||||||
$html = "";
|
$html = "";
|
||||||
$groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`");
|
$groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`");
|
||||||
if (!isset ($_REQUEST["action"])) {
|
if (!isset ($_REQUEST["action"])) {
|
||||||
$groups_html = "";
|
$groups_html = "";
|
||||||
foreach ($groups as $group) {
|
foreach ($groups as $group) {
|
||||||
$groups_html .= sprintf(
|
$groups_html .= sprintf(
|
||||||
'<tr><td>%s</td>',
|
'<tr><td>%s</td>',
|
||||||
$group['Name']
|
$group['Name']
|
||||||
);
|
);
|
||||||
$privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID']));
|
$privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID']));
|
||||||
$privileges_html = array ();
|
$privileges_html = array ();
|
||||||
|
|
||||||
foreach ($privileges as $priv)
|
foreach ($privileges as $priv)
|
||||||
$privileges_html[] = $priv['name'];
|
$privileges_html[] = $priv['name'];
|
||||||
|
|
||||||
$groups_html .= sprintf(
|
$groups_html .= sprintf(
|
||||||
'<td>%s</td>'
|
'<td>%s</td>'
|
||||||
. '<td><a href="%s&action=edit&id=%s">Ändern</a></td>',
|
. '<td><a href="%s&action=edit&id=%s">Ändern</a></td>',
|
||||||
join(', ', $privileges_html),
|
join(', ', $privileges_html),
|
||||||
page_link_to("admin_groups"),
|
page_link_to("admin_groups"),
|
||||||
$group['UID']
|
$group['UID']
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
return template_render('../templates/admin_groups.html', array (
|
return template_render('../templates/admin_groups.html', array (
|
||||||
'nick' => $user['Nick'],
|
'nick' => $user['Nick'],
|
||||||
'groups' => $groups_html
|
'groups' => $groups_html
|
||||||
));
|
));
|
||||||
} else {
|
} else {
|
||||||
switch ($_REQUEST["action"]) {
|
switch ($_REQUEST["action"]) {
|
||||||
case 'edit' :
|
case 'edit' :
|
||||||
if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
|
if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
|
||||||
$id = $_REQUEST['id'];
|
$id = $_REQUEST['id'];
|
||||||
else
|
else
|
||||||
return error("Incomplete call, missing Groups ID.", true);
|
return error("Incomplete call, missing Groups ID.", true);
|
||||||
|
|
||||||
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
|
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
|
||||||
if (count($room) > 0) {
|
if (count($room) > 0) {
|
||||||
list ($room) = $room;
|
list ($room) = $room;
|
||||||
$privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`");
|
$privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`");
|
||||||
$privileges_html = "";
|
$privileges_html = "";
|
||||||
foreach ($privileges as $priv)
|
foreach ($privileges as $priv)
|
||||||
$privileges_html .= sprintf(
|
$privileges_html .= sprintf(
|
||||||
'<tr><td><input type="checkbox" '
|
'<tr><td><input type="checkbox" '
|
||||||
. 'name="privileges[]" value="%s" %s />'
|
. 'name="privileges[]" value="%s" %s />'
|
||||||
. '</td> <td>%s</td> <td>%s</td></tr>',
|
. '</td> <td>%s</td> <td>%s</td></tr>',
|
||||||
$priv['id'],
|
$priv['id'],
|
||||||
($priv['group_id'] != ""
|
($priv['group_id'] != ""
|
||||||
? 'checked="checked"'
|
? 'checked="checked"'
|
||||||
: ''),
|
: ''),
|
||||||
$priv['name'],
|
$priv['name'],
|
||||||
$priv['desc']
|
$priv['desc']
|
||||||
);
|
);
|
||||||
|
|
||||||
$html .= template_render('../templates/admin_groups_edit_form.html', array (
|
$html .= template_render('../templates/admin_groups_edit_form.html', array (
|
||||||
'link' => page_link_to("admin_groups"),
|
'link' => page_link_to("admin_groups"),
|
||||||
'id' => $id,
|
'id' => $id,
|
||||||
'privileges' => $privileges_html
|
'privileges' => $privileges_html
|
||||||
));
|
));
|
||||||
} else
|
} else
|
||||||
return error("No Group found.", true);
|
return error("No Group found.", true);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'save' :
|
case 'save' :
|
||||||
if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
|
if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
|
||||||
$id = $_REQUEST['id'];
|
$id = $_REQUEST['id'];
|
||||||
else
|
else
|
||||||
return error("Incomplete call, missing Groups ID.", true);
|
return error("Incomplete call, missing Groups ID.", true);
|
||||||
|
|
||||||
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
|
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
|
||||||
if (!is_array($_REQUEST['privileges']))
|
if (!is_array($_REQUEST['privileges']))
|
||||||
$_REQUEST['privileges'] = array ();
|
$_REQUEST['privileges'] = array ();
|
||||||
if (count($room) > 0) {
|
if (count($room) > 0) {
|
||||||
list ($room) = $room;
|
list ($room) = $room;
|
||||||
sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id));
|
sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id));
|
||||||
foreach ($_REQUEST['privileges'] as $priv)
|
$privilege_names = array();
|
||||||
if (preg_match("/^[0-9]{1,}$/", $priv) && sql_num_query("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv)) > 0)
|
foreach ($_REQUEST['privileges'] as $priv) {
|
||||||
sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv));
|
if (preg_match("/^[0-9]{1,}$/", $priv)) {
|
||||||
header("Location: " . page_link_to("admin_groups"));
|
$group_privileges_source = sql_select("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv) . " LIMIT 1");
|
||||||
} else
|
if(count($group_privileges_source) > 0) {
|
||||||
return error("No Group found.", true);
|
sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv));
|
||||||
break;
|
$privilege_names[] = $group_privileges_source[0]['name'];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return $html;
|
}
|
||||||
|
engelsystem_log("Group privileges of group " . $room['Name'] . " edited: " . join(", ", $privilege_names));
|
||||||
|
header("Location: " . page_link_to("admin_groups"));
|
||||||
|
} else
|
||||||
|
return error("No Group found.", true);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $html;
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
@ -1,279 +1,281 @@
|
|||||||
<?php
|
<?php
|
||||||
function admin_import() {
|
function admin_import() {
|
||||||
global $PentabarfXMLhost, $PentabarfXMLpath;
|
global $PentabarfXMLhost, $PentabarfXMLpath;
|
||||||
global $rooms_import;
|
global $rooms_import;
|
||||||
global $user;
|
global $user;
|
||||||
$html = "";
|
$html = "";
|
||||||
|
|
||||||
$step = "input";
|
$step = "input";
|
||||||
if (isset ($_REQUEST['step']))
|
if (isset ($_REQUEST['step']))
|
||||||
$step = $_REQUEST['step'];
|
$step = $_REQUEST['step'];
|
||||||
|
|
||||||
$html .= '<p>';
|
$html .= '<p>';
|
||||||
$html .= $step == "input" ? '<b>1. Input</b>' : '1. Input';
|
$html .= $step == "input" ? '<b>1. Input</b>' : '1. Input';
|
||||||
$html .= ' » ';
|
$html .= ' » ';
|
||||||
$html .= $step == "check" ? '<b>2. Validate</b>' : '2. Validate';
|
$html .= $step == "check" ? '<b>2. Validate</b>' : '2. Validate';
|
||||||
$html .= ' » ';
|
$html .= ' » ';
|
||||||
$html .= $step == "import" ? '<b>3. Import</b>' : '3. Import';
|
$html .= $step == "import" ? '<b>3. Import</b>' : '3. Import';
|
||||||
$html .= '</p>';
|
$html .= '</p>';
|
||||||
|
|
||||||
$import_file = '../import/import_' . $user['UID'] . '.xml';
|
$import_file = '../import/import_' . $user['UID'] . '.xml';
|
||||||
|
|
||||||
switch ($step) {
|
switch ($step) {
|
||||||
case "input" :
|
case "input" :
|
||||||
$ok = false;
|
$ok = false;
|
||||||
if ($test_handle = fopen('../import/tmp', 'w')) {
|
if ($test_handle = fopen('../import/tmp', 'w')) {
|
||||||
fclose($test_handle);
|
fclose($test_handle);
|
||||||
unlink('../import/tmp');
|
unlink('../import/tmp');
|
||||||
} else {
|
} else {
|
||||||
$msg = error("Webserver has no write-permission on import directory.", true);
|
$msg = error("Webserver has no write-permission on import directory.", true);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isset ($_REQUEST['submit'])) {
|
if (isset ($_REQUEST['submit'])) {
|
||||||
$ok = true;
|
$ok = true;
|
||||||
if (isset ($_REQUEST['user']) && $_REQUEST['user'] != "" && isset ($_REQUEST['password']) && $_REQUEST['password'] != "") {
|
if (isset ($_REQUEST['user']) && $_REQUEST['user'] != "" && isset ($_REQUEST['password']) && $_REQUEST['password'] != "") {
|
||||||
$fp = fsockopen("ssl://$PentabarfXMLhost", 443, $errno, $errstr, 5);
|
$fp = fsockopen("ssl://$PentabarfXMLhost", 443, $errno, $errstr, 5);
|
||||||
|
|
||||||
if (!$fp) {
|
if (!$fp) {
|
||||||
$ok = false;
|
$ok = false;
|
||||||
$msg = error("File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_REQUEST["url"] . "' not readable!" . "[$errstr ($errno)]", true);
|
$msg = error("File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_REQUEST["url"] . "' not readable!" . "[$errstr ($errno)]", true);
|
||||||
} else {
|
} else {
|
||||||
$fileOut = fopen($import_file, "w");
|
$fileOut = fopen($import_file, "w");
|
||||||
$head = 'GET /' . $PentabarfXMLpath . $_REQUEST["url"] . ' HTTP/1.1' . "\r\n" .
|
$head = 'GET /' . $PentabarfXMLpath . $_REQUEST["url"] . ' HTTP/1.1' . "\r\n" .
|
||||||
'Host: ' . $PentabarfXMLhost . "\r\n" .
|
'Host: ' . $PentabarfXMLhost . "\r\n" .
|
||||||
'User-Agent: Engelsystem' . "\r\n" .
|
'User-Agent: Engelsystem' . "\r\n" .
|
||||||
'Authorization: Basic ' .
|
'Authorization: Basic ' .
|
||||||
base64_encode($_REQUEST["user"] . ':' . $_REQUEST["password"]) . "\r\n" .
|
base64_encode($_REQUEST["user"] . ':' . $_REQUEST["password"]) . "\r\n" .
|
||||||
"\r\n";
|
"\r\n";
|
||||||
fputs($fp, $head);
|
fputs($fp, $head);
|
||||||
$Zeilen = -1;
|
$Zeilen = -1;
|
||||||
echo "<pre>";
|
echo "<pre>";
|
||||||
while (!feof($fp)) {
|
while (!feof($fp)) {
|
||||||
$Temp = fgets($fp, 1024);
|
$Temp = fgets($fp, 1024);
|
||||||
|
|
||||||
// show header
|
// show header
|
||||||
if ($Zeilen == -1) {
|
if ($Zeilen == -1) {
|
||||||
echo $Temp;
|
echo $Temp;
|
||||||
}
|
}
|
||||||
|
|
||||||
// ende des headers
|
// ende des headers
|
||||||
if ($Temp == "\r\n") {
|
if ($Temp == "\r\n") {
|
||||||
echo "</pre>\n";
|
echo "</pre>\n";
|
||||||
$Zeilen = 0;
|
$Zeilen = 0;
|
||||||
$Temp = "";
|
$Temp = "";
|
||||||
}
|
}
|
||||||
|
|
||||||
//file ende?
|
//file ende?
|
||||||
if ($Temp == "0\r\n")
|
if ($Temp == "0\r\n")
|
||||||
break;
|
break;
|
||||||
|
|
||||||
if (($Zeilen > -1) && ($Temp != "ffb\r\n")) {
|
if (($Zeilen > -1) && ($Temp != "ffb\r\n")) {
|
||||||
//steuerzeichen ausfiltern
|
//steuerzeichen ausfiltern
|
||||||
if (strpos("#$Temp", "\r\n") > 0)
|
if (strpos("#$Temp", "\r\n") > 0)
|
||||||
$Temp = substr($Temp, 0, strlen($Temp) - 2);
|
$Temp = substr($Temp, 0, strlen($Temp) - 2);
|
||||||
if (strpos("#$Temp", "1005") > 0)
|
if (strpos("#$Temp", "1005") > 0)
|
||||||
$Temp = "";
|
$Temp = "";
|
||||||
if (strpos("#$Temp", "783") > 0)
|
if (strpos("#$Temp", "783") > 0)
|
||||||
$Temp = "";
|
$Temp = "";
|
||||||
//schreiben in file
|
//schreiben in file
|
||||||
fputs($fileOut, $Temp);
|
fputs($fileOut, $Temp);
|
||||||
$Zeilen++;
|
$Zeilen++;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
fclose($fileOut);
|
fclose($fileOut);
|
||||||
fclose($fp);
|
fclose($fp);
|
||||||
$msg .= success("Es wurden $Zeilen Zeilen eingelesen.", true);
|
$msg .= success("Es wurden $Zeilen Zeilen eingelesen.", true);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
elseif (isset ($_FILES['xcal_file']) && ($_FILES['xcal_file']['error'] == 0)) {
|
elseif (isset ($_FILES['xcal_file']) && ($_FILES['xcal_file']['error'] == 0)) {
|
||||||
if (move_uploaded_file($_FILES['xcal_file']['tmp_name'], $import_file)) {
|
if (move_uploaded_file($_FILES['xcal_file']['tmp_name'], $import_file)) {
|
||||||
libxml_use_internal_errors(true);
|
libxml_use_internal_errors(true);
|
||||||
if (simplexml_load_file($import_file) === false) {
|
if (simplexml_load_file($import_file) === false) {
|
||||||
$ok = false;
|
$ok = false;
|
||||||
$msg = error("No valid xml/xcal file provided.", true);
|
$msg = error("No valid xml/xcal file provided.", true);
|
||||||
unlink($import_file);
|
unlink($import_file);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
$ok = false;
|
$ok = false;
|
||||||
$msg = error("File upload went wrong.", true);
|
$msg = error("File upload went wrong.", true);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
$ok = false;
|
$ok = false;
|
||||||
$msg = error("Please provide some data.", true);
|
$msg = error("Please provide some data.", true);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($ok)
|
if ($ok)
|
||||||
header("Location: " . page_link_to('admin_import') . "&step=check");
|
header("Location: " . page_link_to('admin_import') . "&step=check");
|
||||||
else
|
else
|
||||||
$html .= template_render('../templates/admin_import_input.html', array (
|
$html .= template_render('../templates/admin_import_input.html', array (
|
||||||
'link' => page_link_to('admin_import'),
|
'link' => page_link_to('admin_import'),
|
||||||
'msg' => $msg,
|
'msg' => $msg,
|
||||||
'url' => "https://$PentabarfXMLhost/$PentabarfXMLpath"
|
'url' => "https://$PentabarfXMLhost/$PentabarfXMLpath"
|
||||||
));
|
));
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case "check" :
|
case "check" :
|
||||||
if (!file_exists($import_file))
|
if (!file_exists($import_file))
|
||||||
header("Location: " . page_link_to('admin_import'));
|
header("Location: " . page_link_to('admin_import'));
|
||||||
|
|
||||||
list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file);
|
list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file);
|
||||||
list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file);
|
list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file);
|
||||||
|
|
||||||
$html .= template_render('../templates/admin_import_check.html', array (
|
$html .= template_render('../templates/admin_import_check.html', array (
|
||||||
'link' => page_link_to('admin_import'),
|
'link' => page_link_to('admin_import'),
|
||||||
'rooms_new' => count($rooms_new) == 0 ? "<tr><td>None</td></tr>" : table_body($rooms_new),
|
'rooms_new' => count($rooms_new) == 0 ? "<tr><td>None</td></tr>" : table_body($rooms_new),
|
||||||
'rooms_deleted' => count($rooms_deleted) == 0 ? "<tr><td>None</td></tr>" : table_body($rooms_deleted),
|
'rooms_deleted' => count($rooms_deleted) == 0 ? "<tr><td>None</td></tr>" : table_body($rooms_deleted),
|
||||||
'events_new' => count($events_new) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_new)),
|
'events_new' => count($events_new) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_new)),
|
||||||
'events_updated' => count($events_updated) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_updated)),
|
'events_updated' => count($events_updated) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_updated)),
|
||||||
'events_deleted' => count($events_deleted) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_deleted))
|
'events_deleted' => count($events_deleted) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_deleted))
|
||||||
));
|
));
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case "import" :
|
case "import" :
|
||||||
if (!file_exists($import_file))
|
if (!file_exists($import_file))
|
||||||
header("Location: " . page_link_to('admin_import'));
|
header("Location: " . page_link_to('admin_import'));
|
||||||
|
|
||||||
list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file);
|
list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file);
|
||||||
foreach ($rooms_new as $room) {
|
foreach ($rooms_new as $room) {
|
||||||
sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($room) . "', `FromPentabarf`='Y', `Show`='Y'");
|
sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($room) . "', `FromPentabarf`='Y', `Show`='Y'");
|
||||||
$rooms_import[trim($room)] = sql_id();
|
$rooms_import[trim($room)] = sql_id();
|
||||||
}
|
}
|
||||||
foreach ($rooms_deleted as $room)
|
foreach ($rooms_deleted as $room)
|
||||||
sql_query("DELETE FROM `Room` WHERE `Name`='" . sql_escape($room) . "' LIMIT 1");
|
sql_query("DELETE FROM `Room` WHERE `Name`='" . sql_escape($room) . "' LIMIT 1");
|
||||||
|
|
||||||
list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file);
|
list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file);
|
||||||
foreach ($events_new as $event)
|
foreach ($events_new as $event)
|
||||||
sql_query("INSERT INTO `Shifts` SET `name`='" .
|
sql_query("INSERT INTO `Shifts` SET `name`='" .
|
||||||
sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "'");
|
sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "'");
|
||||||
|
|
||||||
foreach ($events_updated as $event)
|
foreach ($events_updated as $event)
|
||||||
sql_query("UPDATE `Shifts` SET `name`='" .
|
sql_query("UPDATE `Shifts` SET `name`='" .
|
||||||
sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "' WHERE `PSID`=" . sql_escape($event['PSID']) . " LIMIT 1");
|
sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "' WHERE `PSID`=" . sql_escape($event['PSID']) . " LIMIT 1");
|
||||||
|
|
||||||
foreach ($events_deleted as $event)
|
foreach ($events_deleted as $event)
|
||||||
sql_query("DELETE FROM `Shifts` WHERE `PSID`=" .
|
sql_query("DELETE FROM `Shifts` WHERE `PSID`=" .
|
||||||
sql_escape($event['PSID']) . " LIMIT 1");
|
sql_escape($event['PSID']) . " LIMIT 1");
|
||||||
|
|
||||||
unlink($import_file);
|
engelsystem_log("Pentabarf import done");
|
||||||
|
|
||||||
$html .= template_render('../templates/admin_import_import.html', array ());
|
unlink($import_file);
|
||||||
break;
|
|
||||||
}
|
$html .= template_render('../templates/admin_import_import.html', array ());
|
||||||
|
break;
|
||||||
return $html;
|
}
|
||||||
|
|
||||||
|
return $html;
|
||||||
}
|
}
|
||||||
|
|
||||||
function prepare_rooms($file) {
|
function prepare_rooms($file) {
|
||||||
global $rooms_import;
|
global $rooms_import;
|
||||||
$data = read_xml($file);
|
$data = read_xml($file);
|
||||||
|
|
||||||
// Load rooms from db for compare with input
|
// Load rooms from db for compare with input
|
||||||
$rooms = sql_select("SELECT * FROM `Room` WHERE `FromPentabarf`='Y'");
|
$rooms = sql_select("SELECT * FROM `Room` WHERE `FromPentabarf`='Y'");
|
||||||
$rooms_db = array ();
|
$rooms_db = array ();
|
||||||
$rooms_import = array ();
|
$rooms_import = array ();
|
||||||
foreach ($rooms as $room) {
|
foreach ($rooms as $room) {
|
||||||
$rooms_db[] = $room['Name'];
|
$rooms_db[] = $room['Name'];
|
||||||
$rooms_import[$room['Name']] = $room['RID'];
|
$rooms_import[$room['Name']] = $room['RID'];
|
||||||
}
|
}
|
||||||
|
|
||||||
$events = $data->vcalendar->vevent;
|
$events = $data->vcalendar->vevent;
|
||||||
$rooms_pb = array ();
|
$rooms_pb = array ();
|
||||||
foreach ($events as $event) {
|
foreach ($events as $event) {
|
||||||
$rooms_pb[] = $event->location;
|
$rooms_pb[] = $event->location;
|
||||||
if (!isset ($rooms_import[trim($event->location)]))
|
if (!isset ($rooms_import[trim($event->location)]))
|
||||||
$rooms_import[trim($event->location)] = trim($event->location);
|
$rooms_import[trim($event->location)] = trim($event->location);
|
||||||
}
|
}
|
||||||
$rooms_pb = array_unique($rooms_pb);
|
$rooms_pb = array_unique($rooms_pb);
|
||||||
|
|
||||||
$rooms_new = array_diff($rooms_pb, $rooms_db);
|
$rooms_new = array_diff($rooms_pb, $rooms_db);
|
||||||
$rooms_deleted = array_diff($rooms_db, $rooms_pb);
|
$rooms_deleted = array_diff($rooms_db, $rooms_pb);
|
||||||
|
|
||||||
return array (
|
return array (
|
||||||
$rooms_new,
|
$rooms_new,
|
||||||
$rooms_deleted
|
$rooms_deleted
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
function prepare_events($file) {
|
function prepare_events($file) {
|
||||||
global $rooms_import;
|
global $rooms_import;
|
||||||
$data = read_xml($file);
|
$data = read_xml($file);
|
||||||
|
|
||||||
$rooms = sql_select("SELECT * FROM `Room`");
|
$rooms = sql_select("SELECT * FROM `Room`");
|
||||||
$rooms_db = array ();
|
$rooms_db = array ();
|
||||||
foreach ($rooms as $room)
|
foreach ($rooms as $room)
|
||||||
$rooms_db[$room['Name']] = $room['RID'];
|
$rooms_db[$room['Name']] = $room['RID'];
|
||||||
|
|
||||||
$events = $data->vcalendar->vevent;
|
$events = $data->vcalendar->vevent;
|
||||||
$shifts_pb = array ();
|
$shifts_pb = array ();
|
||||||
foreach ($events as $event) {
|
foreach ($events as $event) {
|
||||||
$event_pb = $event->children("http://pentabarf.org");
|
$event_pb = $event->children("http://pentabarf.org");
|
||||||
$event_id = trim($event_pb-> {
|
$event_id = trim($event_pb-> {
|
||||||
'event-id' });
|
'event-id' });
|
||||||
$shifts_pb[$event_id] = array (
|
$shifts_pb[$event_id] = array (
|
||||||
'start' => DateTime :: createFromFormat("Ymd\THis", $event->dtstart)->getTimestamp(),
|
'start' => DateTime :: createFromFormat("Ymd\THis", $event->dtstart)->getTimestamp(),
|
||||||
'end' => DateTime :: createFromFormat("Ymd\THis", $event->dtend)->getTimestamp(),
|
'end' => DateTime :: createFromFormat("Ymd\THis", $event->dtend)->getTimestamp(),
|
||||||
'RID' => $rooms_import[trim($event->location)],
|
'RID' => $rooms_import[trim($event->location)],
|
||||||
'name' => trim($event->summary),
|
'name' => trim($event->summary),
|
||||||
'URL' => trim($event->url),
|
'URL' => trim($event->url),
|
||||||
'PSID' => $event_id
|
'PSID' => $event_id
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
$shifts = sql_select("SELECT * FROM `Shifts` WHERE `PSID` IS NOT NULL ORDER BY `start`");
|
$shifts = sql_select("SELECT * FROM `Shifts` WHERE `PSID` IS NOT NULL ORDER BY `start`");
|
||||||
$shifts_db = array ();
|
$shifts_db = array ();
|
||||||
foreach ($shifts as $shift)
|
foreach ($shifts as $shift)
|
||||||
$shifts_db[$shift['PSID']] = $shift;
|
$shifts_db[$shift['PSID']] = $shift;
|
||||||
|
|
||||||
$shifts_new = array ();
|
$shifts_new = array ();
|
||||||
$shifts_updated = array ();
|
$shifts_updated = array ();
|
||||||
foreach ($shifts_pb as $shift)
|
foreach ($shifts_pb as $shift)
|
||||||
if (!isset ($shifts_db[$shift['PSID']]))
|
if (!isset ($shifts_db[$shift['PSID']]))
|
||||||
$shifts_new[] = $shift;
|
$shifts_new[] = $shift;
|
||||||
else {
|
else {
|
||||||
$tmp = $shifts_db[$shift['PSID']];
|
$tmp = $shifts_db[$shift['PSID']];
|
||||||
if ($shift['name'] != $tmp['name'] || $shift['start'] != $tmp['start'] || $shift['end'] != $tmp['end'] || $shift['RID'] != $tmp['RID'] || $shift['URL'] != $tmp['URL'])
|
if ($shift['name'] != $tmp['name'] || $shift['start'] != $tmp['start'] || $shift['end'] != $tmp['end'] || $shift['RID'] != $tmp['RID'] || $shift['URL'] != $tmp['URL'])
|
||||||
$shifts_updated[] = $shift;
|
$shifts_updated[] = $shift;
|
||||||
}
|
}
|
||||||
|
|
||||||
$shifts_deleted = array ();
|
$shifts_deleted = array ();
|
||||||
foreach ($shifts_db as $shift)
|
foreach ($shifts_db as $shift)
|
||||||
if (!isset ($shifts_pb[$shift['PSID']]))
|
if (!isset ($shifts_pb[$shift['PSID']]))
|
||||||
$shifts_deleted[] = $shift;
|
$shifts_deleted[] = $shift;
|
||||||
|
|
||||||
return array (
|
return array (
|
||||||
$shifts_new,
|
$shifts_new,
|
||||||
$shifts_updated,
|
$shifts_updated,
|
||||||
$shifts_deleted
|
$shifts_deleted
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
function read_xml($file) {
|
function read_xml($file) {
|
||||||
global $xml_import;
|
global $xml_import;
|
||||||
if (!isset ($xml_import))
|
if (!isset ($xml_import))
|
||||||
$xml_import = simplexml_load_file($file);
|
$xml_import = simplexml_load_file($file);
|
||||||
return $xml_import;
|
return $xml_import;
|
||||||
}
|
}
|
||||||
|
|
||||||
function shifts_printable($shifts) {
|
function shifts_printable($shifts) {
|
||||||
global $rooms_import;
|
global $rooms_import;
|
||||||
$rooms = array_flip($rooms_import);
|
$rooms = array_flip($rooms_import);
|
||||||
|
|
||||||
uasort($shifts, 'shift_sort');
|
uasort($shifts, 'shift_sort');
|
||||||
|
|
||||||
$shifts_printable = array ();
|
$shifts_printable = array ();
|
||||||
foreach ($shifts as $shift)
|
foreach ($shifts as $shift)
|
||||||
$shifts_printable[] = array (
|
$shifts_printable[] = array (
|
||||||
'day' => date("l, Y-m-d", $shift['start']),
|
'day' => date("l, Y-m-d", $shift['start']),
|
||||||
'start' => date("H:i", $shift['start']),
|
'start' => date("H:i", $shift['start']),
|
||||||
'name' => shorten($shift['name']),
|
'name' => shorten($shift['name']),
|
||||||
'end' => date("H:i", $shift['end']),
|
'end' => date("H:i", $shift['end']),
|
||||||
'room' => $rooms[$shift['RID']]
|
'room' => $rooms[$shift['RID']]
|
||||||
);
|
);
|
||||||
return $shifts_printable;
|
return $shifts_printable;
|
||||||
}
|
}
|
||||||
|
|
||||||
function shift_sort($a, $b) {
|
function shift_sort($a, $b) {
|
||||||
return ($a['start'] < $b['start']) ? -1 : 1;
|
return ($a['start'] < $b['start']) ? -1 : 1;
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
@ -1,87 +1,89 @@
|
|||||||
<?php
|
<?php
|
||||||
function admin_news() {
|
function admin_news() {
|
||||||
global $user;
|
global $user;
|
||||||
|
|
||||||
if (!isset ($_GET["action"])) {
|
|
||||||
header("Location: " . page_link_to("news"));
|
|
||||||
} else {
|
|
||||||
$html = "";
|
|
||||||
switch ($_GET["action"]) {
|
|
||||||
case 'edit' :
|
|
||||||
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
|
|
||||||
$id = $_REQUEST['id'];
|
|
||||||
else
|
|
||||||
return error("Incomplete call, missing News ID.", true);
|
|
||||||
|
|
||||||
$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
|
if (!isset ($_GET["action"])) {
|
||||||
if (count($news) > 0) {
|
header("Location: " . page_link_to("news"));
|
||||||
list ($news) = $news;
|
} else {
|
||||||
|
$html = "";
|
||||||
|
switch ($_GET["action"]) {
|
||||||
|
case 'edit' :
|
||||||
|
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
|
||||||
|
$id = $_REQUEST['id'];
|
||||||
|
else
|
||||||
|
return error("Incomplete call, missing News ID.", true);
|
||||||
|
|
||||||
$html .= '<a href="' . page_link_to("news") . '">« Back</a>';
|
$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
|
||||||
|
if (count($news) > 0) {
|
||||||
|
list ($news) = $news;
|
||||||
|
|
||||||
$html .= "<form action=\"" . page_link_to("admin_news") . "&action=save\" method=\"post\">\n";
|
$html .= '<a href="' . page_link_to("news") . '">« Back</a>';
|
||||||
|
|
||||||
$html .= "<table>\n";
|
$html .= "<form action=\"" . page_link_to("admin_news") . "&action=save\" method=\"post\">\n";
|
||||||
$html .= " <tr><td>Datum</td><td>" .
|
|
||||||
date("Y-m-d H:i", $news['Datum']) . "</td></tr>\n";
|
|
||||||
$html .= " <tr><td>Betreff</td><td><input type=\"text\" size=\"40\" name=\"eBetreff\" value=\"" .
|
|
||||||
$news["Betreff"] . "\"></td></tr>\n";
|
|
||||||
$html .= " <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">" .
|
|
||||||
$news["Text"] . "</textarea></td></tr>\n";
|
|
||||||
$html .= " <tr><td>Engel</td><td>" .
|
|
||||||
UID2Nick($news["UID"]) . "</td></tr>\n";
|
|
||||||
$html .= " <tr><td>Treffen</td><td>" . html_select_key('eTreffen', 'eTreffen', array (
|
|
||||||
'1' => "Ja",
|
|
||||||
'0' => "Nein"
|
|
||||||
), $news['Treffen']) . "</td></tr>\n";
|
|
||||||
$html .= "</table>";
|
|
||||||
|
|
||||||
$html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n";
|
$html .= "<table>\n";
|
||||||
$html .= "<input type=\"submit\" name=\"submit\" value=\"Speichern\">\n";
|
$html .= " <tr><td>Datum</td><td>" .
|
||||||
$html .= "</form>";
|
date("Y-m-d H:i", $news['Datum']) . "</td></tr>\n";
|
||||||
|
$html .= " <tr><td>Betreff</td><td><input type=\"text\" size=\"40\" name=\"eBetreff\" value=\"" .
|
||||||
|
$news["Betreff"] . "\"></td></tr>\n";
|
||||||
|
$html .= " <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">" .
|
||||||
|
$news["Text"] . "</textarea></td></tr>\n";
|
||||||
|
$html .= " <tr><td>Engel</td><td>" .
|
||||||
|
UID2Nick($news["UID"]) . "</td></tr>\n";
|
||||||
|
$html .= " <tr><td>Treffen</td><td>" . html_select_key('eTreffen', 'eTreffen', array (
|
||||||
|
'1' => "Ja",
|
||||||
|
'0' => "Nein"
|
||||||
|
), $news['Treffen']) . "</td></tr>\n";
|
||||||
|
$html .= "</table>";
|
||||||
|
|
||||||
$html .= "<form action=\"" . page_link_to("admin_news") . "&action=delete\" method=\"POST\">\n";
|
$html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n";
|
||||||
$html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n";
|
$html .= "<input type=\"submit\" name=\"submit\" value=\"Speichern\">\n";
|
||||||
$html .= "<input type=\"submit\" name=\"submit\" value=\"Löschen\">\n";
|
$html .= "</form>";
|
||||||
$html .= "</form>";
|
|
||||||
} else
|
|
||||||
return error("No News found.", true);
|
|
||||||
break;
|
|
||||||
|
|
||||||
case 'save' :
|
$html .= "<form action=\"" . page_link_to("admin_news") . "&action=delete\" method=\"POST\">\n";
|
||||||
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
|
$html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n";
|
||||||
$id = $_REQUEST['id'];
|
$html .= "<input type=\"submit\" name=\"submit\" value=\"Löschen\">\n";
|
||||||
else
|
$html .= "</form>";
|
||||||
return error("Incomplete call, missing News ID.", true);
|
} else
|
||||||
|
return error("No News found.", true);
|
||||||
|
break;
|
||||||
|
|
||||||
$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
|
case 'save' :
|
||||||
if (count($news) > 0) {
|
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
|
||||||
list ($news) = $news;
|
$id = $_REQUEST['id'];
|
||||||
|
else
|
||||||
|
return error("Incomplete call, missing News ID.", true);
|
||||||
|
|
||||||
sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) .
|
$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
|
||||||
"', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1");
|
if (count($news) > 0) {
|
||||||
header("Location: " . page_link_to("news"));
|
list ($news) = $news;
|
||||||
} else
|
|
||||||
return error("No News found.", true);
|
|
||||||
break;
|
|
||||||
|
|
||||||
case 'delete' :
|
sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) .
|
||||||
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
|
"', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1");
|
||||||
$id = $_REQUEST['id'];
|
engelsystem_log("News updated: " . $_POST["eBetreff"]);
|
||||||
else
|
header("Location: " . page_link_to("news"));
|
||||||
return error("Incomplete call, missing News ID.", true);
|
} else
|
||||||
|
return error("No News found.", true);
|
||||||
|
break;
|
||||||
|
|
||||||
$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
|
case 'delete' :
|
||||||
if (count($news) > 0) {
|
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
|
||||||
list ($news) = $news;
|
$id = $_REQUEST['id'];
|
||||||
|
else
|
||||||
|
return error("Incomplete call, missing News ID.", true);
|
||||||
|
|
||||||
sql_query("DELETE FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
|
$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
|
||||||
header("Location: " . page_link_to("news"));
|
if (count($news) > 0) {
|
||||||
} else
|
list ($news) = $news;
|
||||||
return error("No News found.", true);
|
|
||||||
break;
|
sql_query("DELETE FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
|
||||||
}
|
engelsystem_log("News deleted: " . $news['Betreff']);
|
||||||
}
|
header("Location: " . page_link_to("news"));
|
||||||
return $html;
|
} else
|
||||||
|
return error("No News found.", true);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $html;
|
||||||
}
|
}
|
||||||
?>
|
?>
|
@ -1,85 +1,87 @@
|
|||||||
<?php
|
<?php
|
||||||
function admin_new_questions() {
|
function admin_new_questions() {
|
||||||
global $user, $privileges;
|
global $user, $privileges;
|
||||||
|
|
||||||
if (in_array("admin_questions", $privileges)) {
|
if (in_array("admin_questions", $privileges)) {
|
||||||
$new_messages = sql_num_query("SELECT * FROM `Questions` WHERE `AID`=0");
|
$new_messages = sql_num_query("SELECT * FROM `Questions` WHERE `AID`=0");
|
||||||
|
|
||||||
if ($new_messages > 0)
|
if ($new_messages > 0)
|
||||||
return '<p class="info"><a href="' . page_link_to("admin_questions") . '">Es gibt unbeantwortete Fragen!</a></p><hr />';
|
return '<p class="info"><a href="' . page_link_to("admin_questions") . '">Es gibt unbeantwortete Fragen!</a></p><hr />';
|
||||||
}
|
}
|
||||||
|
|
||||||
return "";
|
return "";
|
||||||
}
|
}
|
||||||
|
|
||||||
function admin_questions() {
|
function admin_questions() {
|
||||||
global $user;
|
global $user;
|
||||||
|
|
||||||
if (!isset ($_REQUEST['action'])) {
|
if (!isset ($_REQUEST['action'])) {
|
||||||
$open_questions = "";
|
$open_questions = "";
|
||||||
$questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0");
|
$questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0");
|
||||||
foreach ($questions as $question)
|
foreach ($questions as $question)
|
||||||
$open_questions .= template_render(
|
$open_questions .= template_render(
|
||||||
'../templates/admin_question_unanswered.html', array (
|
'../templates/admin_question_unanswered.html', array (
|
||||||
'question_nick' => UID2Nick($question['UID']),
|
'question_nick' => UID2Nick($question['UID']),
|
||||||
'question_id' => $question['QID'],
|
'question_id' => $question['QID'],
|
||||||
'link' => page_link_to("admin_questions"),
|
'link' => page_link_to("admin_questions"),
|
||||||
'question' => str_replace("\n", '<br />', $question['Question'])
|
'question' => str_replace("\n", '<br />', $question['Question'])
|
||||||
));
|
));
|
||||||
|
|
||||||
$answered_questions = "";
|
$answered_questions = "";
|
||||||
$questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0");
|
$questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0");
|
||||||
|
|
||||||
foreach ($questions as $question)
|
foreach ($questions as $question)
|
||||||
$answered_questions .= template_render(
|
$answered_questions .= template_render(
|
||||||
'../templates/admin_question_answered.html', array (
|
'../templates/admin_question_answered.html', array (
|
||||||
'question_id' => $question['QID'],
|
'question_id' => $question['QID'],
|
||||||
'question_nick' => UID2Nick($question['UID']),
|
'question_nick' => UID2Nick($question['UID']),
|
||||||
'question' => str_replace("\n", "<br />", $question['Question']),
|
'question' => str_replace("\n", "<br />", $question['Question']),
|
||||||
'answer_nick' => UID2Nick($question['AID']),
|
'answer_nick' => UID2Nick($question['AID']),
|
||||||
'answer' => str_replace("\n", "<br />", $question['Answer']),
|
'answer' => str_replace("\n", "<br />", $question['Answer']),
|
||||||
'link' => page_link_to("admin_questions"),
|
'link' => page_link_to("admin_questions"),
|
||||||
));
|
));
|
||||||
|
|
||||||
return template_render('../templates/admin_questions.html', array (
|
return template_render('../templates/admin_questions.html', array (
|
||||||
'link' => page_link_to("admin_questions"),
|
'link' => page_link_to("admin_questions"),
|
||||||
'open_questions' => $open_questions,
|
'open_questions' => $open_questions,
|
||||||
'answered_questions' => $answered_questions
|
'answered_questions' => $answered_questions
|
||||||
));
|
));
|
||||||
} else {
|
} else {
|
||||||
switch ($_REQUEST['action']) {
|
switch ($_REQUEST['action']) {
|
||||||
case 'answer' :
|
case 'answer' :
|
||||||
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
|
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
|
||||||
$id = $_REQUEST['id'];
|
$id = $_REQUEST['id'];
|
||||||
else
|
else
|
||||||
return error("Incomplete call, missing Question ID.", true);
|
return error("Incomplete call, missing Question ID.", true);
|
||||||
|
|
||||||
$question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
|
$question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
|
||||||
if (count($question) > 0 && $question[0]['AID'] == "0") {
|
if (count($question) > 0 && $question[0]['AID'] == "0") {
|
||||||
$answer = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer'])));
|
$answer = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer'])));
|
||||||
|
|
||||||
if ($answer != "") {
|
if ($answer != "") {
|
||||||
sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
|
sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
|
||||||
header("Location: " . page_link_to("admin_questions"));
|
engelsystem_log("Question " . $question[0]['Question'] . " answered: " . $answer);
|
||||||
} else
|
header("Location: " . page_link_to("admin_questions"));
|
||||||
return error("Gib eine Antwort ein!", true);
|
} else
|
||||||
} else
|
return error("Gib eine Antwort ein!", true);
|
||||||
return error("No question found.", true);
|
} else
|
||||||
break;
|
return error("No question found.", true);
|
||||||
case 'delete' :
|
break;
|
||||||
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
|
case 'delete' :
|
||||||
$id = $_REQUEST['id'];
|
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
|
||||||
else
|
$id = $_REQUEST['id'];
|
||||||
return error("Incomplete call, missing Question ID.", true);
|
else
|
||||||
|
return error("Incomplete call, missing Question ID.", true);
|
||||||
|
|
||||||
$question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
|
$question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
|
||||||
if (count($question) > 0) {
|
if (count($question) > 0) {
|
||||||
sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
|
sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
|
||||||
header("Location: " . page_link_to("admin_questions"));
|
engelsystem_log("Question deleted: " . $question[0]['Question']);
|
||||||
} else
|
header("Location: " . page_link_to("admin_questions"));
|
||||||
return error("No question found.", true);
|
} else
|
||||||
break;
|
return error("No question found.", true);
|
||||||
}
|
break;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
@ -0,0 +1,19 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Write a log entry. This should be used to log user's activity.
|
||||||
|
* @param $message
|
||||||
|
*/
|
||||||
|
function engelsystem_log($message) {
|
||||||
|
global $user;
|
||||||
|
|
||||||
|
if(isset($user)) {
|
||||||
|
$nick = $user['Nick'];
|
||||||
|
} else {
|
||||||
|
$nick = "Guest";
|
||||||
|
}
|
||||||
|
|
||||||
|
LogEntry_create($nick, $message);
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
Loading…
Reference in New Issue