check link before show

14 years ago · 1e47799384
parent 3b6e2b24b1
commit 1e47799384
6 changed files with 115 additions and 53 deletions
--- a/DB/Sprache.sql
+++ b/DB/Sprache.sql
@ -96,8 +96,8 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('33', 'DE', 'Sprache
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('33', 'EN', 'Language is saved. On the next page it will be active.');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('34', 'DE', 'Avatar wurde gesetzt.');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('34', 'EN', 'Avatar is saved.');
-INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('35', 'DE', '&lt;b&gt;Neue Anfrage:&lt;/b&gt;\r\nIn diesem Formular hast du die M&ouml;glichkeit, den Erzengeln eine Frage zu stellen. Wenn diese beantwortet ist, wirst du hier dar&uuml;ber informiert. Sollte die Frage von allgemeinem Interesse sein, wird diese in die Engel-FAQ &uuml;bernommen.');
+INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('35', 'DE', 'Neue Anfrage In diesem Formular hast du die M&ouml;glichkeit, den Erzengeln eine Frage zu stellen. Wenn diese beantwortet ist, wirst du hier dar&uuml;ber informiert. Sollte die Frage von allgemeinem Interesse sein, wird diese in die Engel-FAQ &uuml;bernommen.');
-INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('35', 'EN', '<b>New Question</b>\r\nWith this form you may sumbit questions to our Archangels. Topics of common interest may be added to the FAQ. (Section: answered questions).\r\n');
+INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('35', 'EN', 'New Question With this form you may sumbit questions to our Archangels. Topics of common interest may be added to the FAQ. (Section: answered questions).\r\n');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('36', 'DE', 'Stelle hier deine Frage');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('36', 'EN', 'Tell us your question');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('37', 'DE', 'Deine Anfrage war:');
@ -325,8 +325,8 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_aktive_Active',
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_add_TextFor', 'EN', 'text for shift');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_add_WriteOK', 'EN', 'Now, you signed up for this shift. Thank you for your cooperation.');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_add_Text1', 'EN', 'Here you can sign up for a shift. As commend can you write what you want, it is only for you.');
-INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_colision', 'DE', '&lt;h1&gt;Fehler&lt;/h1&gt;\r\n&Uuml;berschneidung von Schichten:');
+INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_colision', 'DE', 'Fehler &Uuml;berschneidung von Schichten:');
-INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_colision', 'EN', '&lt;h1&gt;error&lt;/h1&gt;\r\noverlap on shift:');
+INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_colision', 'EN', 'error noverlap on shift:');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schicht_EmptyShifts', 'DE', 'Die n&auml;chsten 15 freien Schichten:');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schicht_EmptyShifts', 'EN', 'The next 15 empty shifts:');
 INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('inc_schicht_date', 'DE', 'Datum');
--- a/includes/UserCVS.php
+++ b/includes/UserCVS.php
@ -50,4 +50,53 @@ if( $DEBUG )
 }
 function funktion_isLinkAllowed( $PageName)
 {
        global $_SESSION;
 	// separate page parameter
 	$ParameterPos = strpos( $PageName, ".php?");
 	if( $ParameterPos === FALSE)
 	{
 		$pName = $PageName;
 	}
 	else
 	{
 		$pName = substr( $PageName, 0, $ParameterPos + 4);
 	}
 	// check rights
 	if( (isset( $_SESSION['CVS'][ $pName ]) === TRUE) &&
 	    ($_SESSION['CVS'][ $pName ] == "Y") )
 	{
 		return TRUE;
 	}
 	return FALSE;
 }
 function funktion_isLinkAllowed_addLink_OrLinkText( $PageName, $LinkText)
 {
        global $url, $ENGEL_ROOT;
 	if( funktion_isLinkAllowed( $PageName) === TRUE)
 	{
 		return "<a href=\"". $url. $ENGEL_ROOT. $PageName. "\">". $LinkText. "</a>";
 	}
 	return $LinkText;
 }
 function funktion_isLinkAllowed_addLink_OrEmpty( $PageName, $LinkText)
 {
        global $url, $ENGEL_ROOT;
 	if( funktion_isLinkAllowed( $PageName) === TRUE)
 	{
 		return "<a href=\"". $url. $ENGEL_ROOT. $PageName. "\">". $LinkText. "</a>";
 	}
 	return "";
 }
 ?>
--- a/includes/funktion_activeUser.php
+++ b/includes/funktion_activeUser.php
@ -39,11 +39,9 @@ for( $i=0; $i<mysql_num_rows($Erg); $i++)
 	if( $_SESSION['UID']>0 )
 		echo DisplayAvatar( mysql_result( $Erg, $i, "UID"));
 	// Schow Admin Page
-	if( $_SESSION['CVS'][ "admin/userChangeNormal.php" ] == "Y" )
+	echo funktion_isLinkAllowed_addLink_OrLinkText(
-		echo " <a href=\"./../admin/userChangeNormal.php?enterUID=". mysql_result( $Erg, $i, "UID"). "&Type=Normal\">". 
+		"admin/userChangeNormal.php?enterUID=". mysql_result( $Erg, $i, "UID"). "&Type=Normal",
-			mysql_result( $Erg, $i, "Nick"). "</a>";
+		mysql_result( $Erg, $i, "Nick"));
 	else
 		echo mysql_result( $Erg, $i, "Nick");
 	$Tlog =	(substr( mysql_result( $Erg, $i, "lastLogIn"),  8, 2) * 60 * 60 * 24) +	// Tag
 		(substr( mysql_result( $Erg, $i, "lastLogIn"), 11, 2) * 60 * 60) +	// Stunde
--- a/includes/funktion_schichtplan.php
+++ b/includes/funktion_schichtplan.php
@ -18,11 +18,9 @@ function ausgabe_Feld_Inhalt( $SID, $Man )
 	///////////////////////////////////////////////////////////////////
 	// Schow Admin Page
 	///////////////////////////////////////////////////////////////////
-	if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" )
+	$Spalten.=funktion_isLinkAllowed_addLink_OrEmpty( 
-	{
+		"admin/schichtplan.php?action=change&SID=$SID",
-		$Spalten.= "<a href=\"./../admin/schichtplan.php?action=change&SID=$SID\">edit</a><br>\n\t\t";
+		"edit<br>\n\t\t");
 	}
 	///////////////////////////////////////////////////////////////////
  	// Ausgabe des Schischtnamens
@ -104,28 +102,30 @@ function ausgabe_Feld_Inhalt( $SID, $Man )
 			foreach( $TempValue["Engel"] as $TempEngelEntry=> $TempEngelID )
 			{
-				if( $_SESSION['CVS'][ "admin/userChangeNormal.php" ] == "Y" )
+				if( funktion_isLinkAllowed( "admin/user.php") === TRUE)
 					$Spalten.= " <a href=\"./../admin/userChangeNormal.php?enterUID=$TempEngelID&Type=Normal\">"; 
 				if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" )
 				{
-					if( UIDgekommen( $TempEngelID ) == "1")
+					// add color, wenn Engel "Gekommen"
-	      					$Spalten.= "&nbsp;&nbsp;<span style=\"color: blue;\">".
+	      				$TempText= 
-							   UID2Nick( $TempEngelID ).
+						((UIDgekommen( $TempEngelID ) == "1")
-      							   ($_GET["Icon"]==1? DisplayAvatar( $TempEngelID ): "").
+							? "<span style=\"color: blue;\">"
-							   "</span><br>\n\t\t";
+							: "<span style=\"color: red;\">").
-					else
+						UID2Nick( $TempEngelID). "</span>";
      						$Spalten.= "&nbsp;&nbsp;<span style=\"color: red;\">". 
 							   UID2Nick( $TempEngelID ).
      							   ($_GET["Icon"]==1? DisplayAvatar( $TempEngelID ): "").
 							   "</span><br>\n\t\t";
 				}
 				else
-      					$Spalten.= "&nbsp;&nbsp;". UID2Nick( $TempEngelID ).
+				{
-      						   ($_GET["Icon"]==1? DisplayAvatar( $TempEngelID ): "").
+					$TempText = UID2Nick( $TempEngelID );
 				}
 				// add link to user
 				$TempText= funktion_isLinkAllowed_addLink_OrLinkText(
 					"admin/userChangeNormal.php?enterUID=$TempEngelID&Type=Normal",
 					$TempText);
 				$Spalten.= "&nbsp;&nbsp;". $TempText.
 						( ($_GET["Icon"]==1) ? DisplayAvatar( $TempEngelID): "").
 						"<br>\n\t\t";
-				if( $_SESSION['CVS'][ "admin/userChangeNormal.php" ] == "Y" )
+
-					$Spalten.= " </a>"; 
+
 			}
 			$Spalten = substr( $Spalten, 0, strlen($Spalten)-7 );
 		  }
@ -205,15 +205,19 @@ function CreateRoomShifts( $raum )
 	$ErgSonder = mysql_query($SQLSonder, $con);
 	if( (mysql_num_rows( $ErgSonder) > 1) )
 	{
-		if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" )
+		if( funktion_isLinkAllowed( "admin/schichtplan.php") === TRUE )
 		{
 			echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> ";
-			echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". mysql_result($ErgSonder, 0, "SID"). "\">".
+			for( $i=0; $i<mysql_num_rows( $ErgSonder); $i++)
-				mysql_result($ErgSonder, 0, "DateS"). 
+			{
-				" '". mysql_result($ErgSonder, 0, "Man")."' (RID $raum) (00-24)".
+				echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". 
 					mysql_result($ErgSonder, $i, "SID"). "\">".
 					mysql_result($ErgSonder, $i, "DateS"). 
 					" '". mysql_result($ErgSonder, $i, "Man")."' (RID $raum) (00-24)".
 					"</a><br>\n\t\t";
 			}
 		}
 	}
 	elseif( (mysql_num_rows( $ErgSonder) == 1) )
 	{
 		$Spalten[0].=	"\t\t<td valign=\"top\" rowspan=\"". (24 * $GlobalZeileProStunde). "\">\n".
@ -236,15 +240,19 @@ function CreateRoomShifts( $raum )
 	$ErgSonder = mysql_query($SQLSonder, $con);
 	if( (mysql_num_rows( $ErgSonder) > 1) )
 	{
-		if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" )
+		if( funktion_isLinkAllowed( "admin/schichtplan.php") === TRUE )
 		{
 			echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> ";
-			echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". mysql_result($ErgSonder, 0, "SID"). "\">".
+			for( $i=0; $i<mysql_num_rows( $ErgSonder); $i++)
-				mysql_result($ErgSonder, 0, "DateS"). 
+			{
-				" '". mysql_result($ErgSonder, 0, "Man")."' (RID $raum) (00-xx)".
+				echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". 
 					mysql_result($ErgSonder, $i, "SID"). "\">".
 					mysql_result($ErgSonder, $i, "DateS"). 
 					" '". mysql_result($ErgSonder, $i, "Man")."' (RID $raum) (00-xx)".
 					"</a><br>\n\t\t";
 			}
 		}
 	}
 	elseif( (mysql_num_rows( $ErgSonder) == 1) )
 	{
 		$ZeitZeiger =	substr( mysql_result($ErgSonder, 0, "DateE"), 11, 2 )+
@ -297,10 +305,12 @@ function CreateRoomShifts( $raum )
 		}
 		else
 		{
-			echo Get_Text("pub_schichtplan_colision"). " ".
+			echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> ";
 			echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". 
 				mysql_result($Erg, $i, "SID"). "\">".
 				mysql_result($Erg, $i, "DateS"). 
 				" '". mysql_result($Erg, $i, "Man"). "' ".
-				" (".  mysql_result($Erg, $i, "SID"). " R$raum) (xx-xx)<br><br>";
+				" (".  mysql_result($Erg, $i, "SID"). " R$raum) (xx-xx)</a><br><br>";
 		}
 	}
 	if( $ZeitZeiger < 24 )
--- a/includes/funktion_xml_schudle.php
+++ b/includes/funktion_xml_schudle.php
@ -259,7 +259,7 @@ foreach($XMLmain->sub as $EventKey => $Event)
 		}
 		else
 		{
-			echo "\t<td><a href=\"./schichtplan.php?action=change&SID=$SIDDB\">edit</a></td>\n";
+			echo "\t<td>". funktion_isLinkAllowed_addLink_OrLinkText("admin/schichtplan.php?action=change&SID=".$SIDDB, "edit"). "</td>\n";
 			$DS_OK++;
 		}
 		echo "\t</tr>\n";
@ -299,7 +299,8 @@ if(mysql_num_rows($Erg2)>0 && $EnableSchudleDB )
 			   "<input name=\"LenDB\" type=\"text\" value=\"$Len\" size=\"1\"readonly></td>\n";
 		echo "\t<td><input name=\"ManXML\" type=\"text\" value=\"\" size=\"40\"readonly>\n\t\t".
 			   "<input name=\"ManDB\" type=\"text\" value=\"$Man\" size=\"40\"readonly></td>\n";
-		echo "\t<td><a href=\"./schichtplan.php?action=change&SID=$SID\">edit</a></td>\n";
+		echo "\t<td>". funktion_isLinkAllowed_addLink_OrLinkText( "admin/schichtplan.php?action=change&SID=".$SID, "edit"). 
 				"</td>\n";
 		echo "\t<tr>\n";
 	}
 echo "</table>";
--- a/www-ssl/admin/user.php
+++ b/www-ssl/admin/user.php
@ -88,12 +88,16 @@ if (!IsSet($_GET["enterUID"]))
 		echo "\t<td>".mysql_result($Erg, $n, "Aktiv")."</td>\n";
 		$Tshirt += mysql_result($Erg, $n, "Tshirt");
 		echo "\t<td>".mysql_result($Erg, $n, "Tshirt")."</td>\n";
-		echo "\t<td><a href=\"./userChangeNormal.php?enterUID=".
+		echo "\t<td>". funktion_isLinkAllowed_addLink_OrEmpty( 
-			mysql_result($Erg, $n, "UID")."&Type=Normal\">&Auml;nd.</a></td>\n";
+				"admin/userChangeNormal.php?enterUID=". 
-		echo "\t<td>";
+					mysql_result($Erg, $n, "UID")."&Type=Normal",
-		
+				"&Auml;nd.").
-		echo "<a href=\"./userChangeSecure.php?enterUID=".
+			"</td>\n";
-			mysql_result($Erg, $n, "UID")."&Type=Secure\">Secure</a></td>\n";
+		echo "\t<td>". funktion_isLinkAllowed_addLink_OrEmpty( 
 				"admin/userChangeSecure.php?enterUID=". 
 					mysql_result($Erg, $n, "UID")."&Type=Secure",
 				"Secure").
 			"</td>\n";
 		echo "</tr>\n";
 	}
 	echo "<tr>".