kontakt
/
engelsystem
3
0
Fork 0
Code Issues 12 Pull Requests Projects Releases Wiki Activity

Merge pull request #344 from MyIgel/master

Browse Source 
Prepared routing, added symfony http Closes #336 and closes #337
main
msquare 7 years ago committed by GitHub
parent 581b81f1b2 0a20883aa8
commit 3591606130
62 changed files with 1135 additions and 711 deletions
Show Stats Download Patch File Download Diff File

2
README.md
Unescape Escape View File

@ -8,7 +8,7 @@ Please visit https://engelsystem.de for a feature list.
## Installation ## Installation
### Requirements: ### Requirements:
* PHP >= 5.6.4, PHP >= 7.0.0 recommended * PHP >= 7.0.0
* MySQL-Server >= 5.5.x * MySQL-Server >= 5.5.x
* Webserver, i.e. lighttpd, nginx, or Apache * Webserver, i.e. lighttpd, nginx, or Apache

7
composer.json
Unescape Escape View File

@ -14,12 +14,13 @@
} }
], ],
"require": { "require": {
"php": ">=5.6.4", "php": ">=7.0.0",
"erusev/parsedown": "1.6.*", "erusev/parsedown": "1.6.*",
"twbs/bootstrap": "^3.3" "twbs/bootstrap": "^3.3",
"symfony/http-foundation": "^3.3"
}, },
"require-dev": { "require-dev": {
"phpunit/phpunit": "^6.2" "phpunit/phpunit": "^6.3"
}, },
"autoload": { "autoload": {
"psr-4": { "psr-4": {

27
config/config.default.php
Unescape Escape View File

@ -4,7 +4,7 @@
return [ return [
// MySQL-Connection Settings // MySQL-Connection Settings
'database' => [ 'database' => [
'host' => 'localhost', 'host' => 'localhost',
'user' => 'root', 'user' => 'root',
'pw' => '', 'pw' => '',
@ -12,28 +12,28 @@ return [
], ],
// For accessing stats // For accessing stats
'api_key' => '', 'api_key' => '',
// Enable maintenance mode (show a static page) // Enable maintenance mode (show a static page)
'maintenance' => false, 'maintenance' => false,
// Set to development to enable debugging messages // Set to development to enable debugging messages
'environment' => 'production', 'environment' => 'production',
// URL to the angel faq and job description // URL to the angel faq and job description
'faq_url' => 'https://events.ccc.de/congress/2013/wiki/Static:Volunteers', 'faq_url' => 'https://events.ccc.de/congress/2013/wiki/Static:Volunteers',
// Contact email address, linked on every page // Contact email address, linked on every page
'contact_email' => 'mailto:ticket@c3heaven.de', 'contact_email' => 'mailto:ticket@c3heaven.de',
// From address of all emails // From address of all emails
'no_reply_email' => 'noreply@engelsystem.de', 'no_reply_email' => 'noreply@engelsystem.de',
// Default theme, 1=style1.css // Default theme, 1=style1.css
'theme' => 1, 'theme' => 1,
// Available themes // Available themes
'available_themes' => [ 'available_themes' => [
'4' => 'Engelsystem 33c3 (2016)', '4' => 'Engelsystem 33c3 (2016)',
'3' => 'Engelsystem 32c3 (2015)', '3' => 'Engelsystem 32c3 (2015)',
'2' => 'Engelsystem cccamp15', '2' => 'Engelsystem cccamp15',
@ -42,10 +42,13 @@ return [
], ],
// Number of News shown on one site // Number of News shown on one site
'display_news' => 6, 'display_news' => 6,
// Only arrived angels can sign up for shifts
'signup_requires_arrival' => false,
// Anzahl Stunden bis zum Austragen eigener Schichten // Anzahl Stunden bis zum Austragen eigener Schichten
'last_unsubscribe' => 3, 'last_unsubscribe' => 3,
// Setzt den zu verwendenden Crypto-Algorithmus (entsprechend der Dokumentation von crypt()). // Setzt den zu verwendenden Crypto-Algorithmus (entsprechend der Dokumentation von crypt()).
// Falls ein Benutzerpasswort in einem anderen Format gespeichert ist, // Falls ein Benutzerpasswort in einem anderen Format gespeichert ist,
@ -55,7 +58,7 @@ return [
// Blowfish '$2y$13' // Blowfish '$2y$13'
// SHA-256 '$5$rounds=5000' // SHA-256 '$5$rounds=5000'
// SHA-512 '$6$rounds=5000' // SHA-512 '$6$rounds=5000'
'crypt_alg' => '$6$rounds=5000', // SHA-512 'crypt_alg' => '$6$rounds=5000',
'min_password_length' => 8, 'min_password_length' => 8,

22
db/update.sql
Unescape Escape View File

@ -8,19 +8,23 @@ ALTER TABLE `User` ADD COLUMN `email_by_human_allowed` BOOLEAN NOT NULL;
-- No Self Sign Up for some Angel Types -- No Self Sign Up for some Angel Types
ALTER TABLE AngelTypes ADD no_self_signup TINYINT(1) NOT NULL; ALTER TABLE AngelTypes ADD no_self_signup TINYINT(1) NOT NULL;
ALTER TABLE `AngelTypes` ALTER TABLE `AngelTypes`
ADD `contact_user_id` INT NULL, ADD `contact_user_id` INT NULL,
ADD `contact_name` VARCHAR(250) NULL, ADD `contact_name` VARCHAR(250) NULL,
ADD `contact_dect` VARCHAR(5) NULL, ADD `contact_dect` VARCHAR(5) NULL,
ADD `contact_email` VARCHAR(250) NULL, ADD `contact_email` VARCHAR(250) NULL,
ADD INDEX (`contact_user_id`); ADD INDEX (`contact_user_id`);
ALTER TABLE `AngelTypes` ALTER TABLE `AngelTypes`
ADD FOREIGN KEY (`contact_user_id`) REFERENCES `User`(`UID`) ON DELETE SET NULL ON UPDATE CASCADE; ADD FOREIGN KEY (`contact_user_id`) REFERENCES `User`(`UID`) ON DELETE SET NULL ON UPDATE CASCADE;
INSERT INTO `Privileges` (`id`, `name`, `desc`) VALUES (NULL, 'shiftentry_edit_angeltype_supporter', 'If user with this privilege is angeltype supporter, he can put users in shifts for their angeltype'); INSERT INTO `Privileges` (`id`, `name`, `desc`) VALUES (NULL, 'shiftentry_edit_angeltype_supporter', 'If user with this privilege is angeltype supporter, he can put users in shifts for their angeltype');
-- DB Performance -- DB Performance
ALTER TABLE `Shifts` ADD INDEX(`start`); ALTER TABLE `Shifts` ADD INDEX(`start`);
ALTER TABLE `NeededAngelTypes` ADD INDEX(`count`); ALTER TABLE `NeededAngelTypes` ADD INDEX(`count`);
-- Security
UPDATE `Groups` SET UID = UID * 10;
INSERT INTO `Groups` (Name, UID) VALUES ('News Admin', -65);
INSERT INTO `Privileges` (id, name, `desc`) VALUES (42, 'admin_news_html', 'Use HTML in news');
INSERT INTO `GroupPrivileges` (group_id, privilege_id) VALUES (-65, 14), (-65, 42);

9
includes/autoload.php
Unescape Escape View File

@ -0,0 +1,9 @@
<?php
// Check for autoloader
if (!is_readable(__DIR__ . '/../vendor/autoload.php')) {
die('Please run composer.phar install');
}
// Include composer autoloader
require_once __DIR__ . '/../vendor/autoload.php';

26
includes/controller/angeltypes_controller.php
Unescape Escape View File

@ -42,7 +42,7 @@ function angeltypes_controller()
*/ */
function angeltype_link($angeltype_id) function angeltype_link($angeltype_id)
{ {
return page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype_id; return page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype_id]);
} }
/** /**
@ -127,7 +127,7 @@ function angeltype_edit_controller()
if (!$supporter_mode) { if (!$supporter_mode) {
if ($request->has('name')) { if ($request->has('name')) {
$result = AngelType_validate_name($request->input('name'), $angeltype); $result = AngelType_validate_name($request->postData('name'), $angeltype);
$angeltype['name'] = $result->getValue(); $angeltype['name'] = $result->getValue();
if (!$result->isValid()) { if (!$result->isValid()) {
$valid = false; $valid = false;
@ -211,17 +211,21 @@ function angeltypes_list_controller()
foreach ($angeltypes as &$angeltype) { foreach ($angeltypes as &$angeltype) {
$actions = [ $actions = [
button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('view'), 'btn-xs') button(
page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]),
_('view'),
'btn-xs'
)
]; ];
if (in_array('admin_angel_types', $privileges)) { if (in_array('admin_angel_types', $privileges)) {
$actions[] = button( $actions[] = button(
page_link_to('angeltypes') . '&action=edit&angeltype_id=' . $angeltype['id'], page_link_to('angeltypes', ['action' => 'edit', 'angeltype_id' => $angeltype['id']]),
_('edit'), _('edit'),
'btn-xs' 'btn-xs'
); );
$actions[] = button( $actions[] = button(
page_link_to('angeltypes') . '&action=delete&angeltype_id=' . $angeltype['id'], page_link_to('angeltypes', ['action' => 'delete', 'angeltype_id' => $angeltype['id']]),
_('delete'), _('delete'),
'btn-xs' 'btn-xs'
); );
@ -230,13 +234,15 @@ function angeltypes_list_controller()
$angeltype['membership'] = AngelType_render_membership($angeltype); $angeltype['membership'] = AngelType_render_membership($angeltype);
if ($angeltype['user_angeltype_id'] != null) { if ($angeltype['user_angeltype_id'] != null) {
$actions[] = button( $actions[] = button(
page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $angeltype['user_angeltype_id'], page_link_to('user_angeltypes',
['action' => 'delete', 'user_angeltype_id' => $angeltype['user_angeltype_id']]
),
_('leave'), _('leave'),
'btn-xs' 'btn-xs'
); );
} else { } else {
$actions[] = button( $actions[] = button(
page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'], page_link_to('user_angeltypes', ['action' => 'add', 'angeltype_id' => $angeltype['id']]),
_('join'), _('join'),
'btn-xs' 'btn-xs'
); );
@ -245,7 +251,11 @@ function angeltypes_list_controller()
$angeltype['restricted'] = $angeltype['restricted'] ? glyph('lock') : ''; $angeltype['restricted'] = $angeltype['restricted'] ? glyph('lock') : '';
$angeltype['no_self_signup'] = $angeltype['no_self_signup'] ? '' : glyph('share'); $angeltype['no_self_signup'] = $angeltype['no_self_signup'] ? '' : glyph('share');
$angeltype['name'] = '<a href="' . page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'] . '">' . $angeltype['name'] . '</a>'; $angeltype['name'] = '<a href="'
. page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']])
. '">'
. $angeltype['name']
. '</a>';
$angeltype['actions'] = table_buttons($actions); $angeltype['actions'] = table_buttons($actions);
} }

5
includes/controller/rooms_controller.php
Unescape Escape View File

@ -1,4 +1,5 @@
<?php <?php
use Engelsystem\ShiftsFilter; use Engelsystem\ShiftsFilter;
use Engelsystem\ShiftsFilterRenderer; use Engelsystem\ShiftsFilterRenderer;
@ -88,7 +89,7 @@ function rooms_controller()
*/ */
function room_link($room) function room_link($room)
{ {
return page_link_to('rooms') . '&action=view&room_id=' . $room['RID']; return page_link_to('rooms', ['action' => 'view', 'room_id' => $room['RID']]);
} }
/** /**
@ -97,7 +98,7 @@ function room_link($room)
*/ */
function room_edit_link($room) function room_edit_link($room)
{ {
return page_link_to('admin_rooms') . '&show=edit&id=' . $room['RID']; return page_link_to('admin_rooms', ['show' => 'edit', 'id' => $room['RID']]);
} }
/** /**

8
includes/controller/shift_entries_controller.php
Unescape Escape View File

@ -13,7 +13,7 @@ function shift_entry_add_controller()
$request = request(); $request = request();
$shift_id = 0; $shift_id = 0;
if ($request->has('shift_id') && preg_match('/^\d*$/', $request->input('shift_id'))) { if ($request->has('shift_id') && preg_match('/^\d+$/', $request->input('shift_id'))) {
$shift_id = $request->input('shift_id'); $shift_id = $request->input('shift_id');
} else { } else {
redirect(page_link_to('user_shifts')); redirect(page_link_to('user_shifts'));
@ -27,13 +27,13 @@ function shift_entry_add_controller()
} }
$shift = Shift($shift_id); $shift = Shift($shift_id);
$shift['Name'] = $room_array[$shift['RID']];
if ($shift == null) { if ($shift == null) {
redirect(page_link_to('user_shifts')); redirect(page_link_to('user_shifts'));
} }
$shift['Name'] = $room_array[$shift['RID']];
$type_id = 0; $type_id = 0;
if ($request->has('type_id') && preg_match('/^\d*$/', $request->input('type_id'))) { if ($request->has('type_id') && preg_match('/^\d+$/', $request->input('type_id'))) {
$type_id = $request->input('type_id'); $type_id = $request->input('type_id');
} else { } else {
redirect(page_link_to('user_shifts')); redirect(page_link_to('user_shifts'));
@ -64,7 +64,7 @@ function shift_entry_add_controller()
if ( if (
$request->has('user_id') $request->has('user_id')
&& preg_match('/^\d*$/', $request->input('user_id')) && preg_match('/^\d+$/', $request->input('user_id'))
&& ( && (
in_array('user_shifts_admin', $privileges) in_array('user_shifts_admin', $privileges)
|| in_array('shiftentry_edit_angeltype_supporter', $privileges) || in_array('shiftentry_edit_angeltype_supporter', $privileges)

45
includes/controller/shifts_controller.php
Unescape Escape View File

@ -1,4 +1,5 @@
<?php <?php
use Engelsystem\ShiftSignupState; use Engelsystem\ShiftSignupState;
/** /**
@ -7,10 +8,13 @@ use Engelsystem\ShiftSignupState;
*/ */
function shift_link($shift) function shift_link($shift)
{ {
$link = page_link_to('shifts') . '&action=view'; $parameters = ['action' => 'view'];
if (isset($shift['SID'])) { if (isset($shift['SID'])) {
$link .= '&shift_id=' . $shift['SID']; $parameters['shift_id'] = $shift['SID'];
} }
$link = page_link_to('shifts', $parameters);
return $link; return $link;
} }
@ -20,7 +24,7 @@ function shift_link($shift)
*/ */
function shift_delete_link($shift) function shift_delete_link($shift)
{ {
return page_link_to('user_shifts') . '&delete_shift=' . $shift['SID']; return page_link_to('user_shifts', ['delete_shift' => $shift['SID']]);
} }
/** /**
@ -29,7 +33,7 @@ function shift_delete_link($shift)
*/ */
function shift_edit_link($shift) function shift_edit_link($shift)
{ {
return page_link_to('user_shifts') . '&edit_shift=' . $shift['SID']; return page_link_to('user_shifts', ['edit_shift' => $shift['SID']]);
} }
/** /**
@ -61,7 +65,7 @@ function shift_edit_controller()
$angeltypes = select_array(AngelTypes(), 'id', 'name'); $angeltypes = select_array(AngelTypes(), 'id', 'name');
$shifttypes = select_array(ShiftTypes(), 'id', 'name'); $shifttypes = select_array(ShiftTypes(), 'id', 'name');
$needed_angel_types = select_array(NeededAngelTypes_by_shift($shift_id), 'id', 'count'); $needed_angel_types = select_array(NeededAngelTypes_by_shift($shift_id), 'angel_type_id', 'count');
foreach (array_keys($angeltypes) as $angeltype_id) { foreach (array_keys($angeltypes) as $angeltype_id) {
if (!isset($needed_angel_types[$angeltype_id])) { if (!isset($needed_angel_types[$angeltype_id])) {
$needed_angel_types[$angeltype_id] = 0; $needed_angel_types[$angeltype_id] = 0;
@ -116,15 +120,20 @@ function shift_edit_controller()
$msg .= error(_('The ending time has to be after the starting time.'), true); $msg .= error(_('The ending time has to be after the starting time.'), true);
} }
foreach ($needed_angel_types as $needed_angeltype_id => $needed_angeltype_name) { foreach ($needed_angel_types as $needed_angeltype_id => $count) {
if ($request->has('type_' . $needed_angeltype_id) && test_request_int('type_' . $needed_angeltype_id)) { $needed_angel_types[$needed_angeltype_id] = 0;
$needed_angel_types[$needed_angeltype_id] = trim($request->input('type_' . $needed_angeltype_id));
} else { $queryKey = 'type_' . $needed_angeltype_id;
$valid = false; if ($request->has($queryKey)) {
$msg .= error(sprintf( if (test_request_int($queryKey)) {
_('Please check your input for needed angels of type %s.'), $needed_angel_types[$needed_angeltype_id] = trim($request->input($queryKey));
$needed_angeltype_name } else {
), true); $valid = false;
$msg .= error(sprintf(
_('Please check your input for needed angels of type %s.'),
$angeltypes[$needed_angeltype_id]
), true);
}
} }
} }
@ -195,7 +204,7 @@ function shift_delete_controller()
} }
// Schicht komplett löschen (nur für admins/user mit user_shifts_admin privileg) // Schicht komplett löschen (nur für admins/user mit user_shifts_admin privileg)
if (!$request->has('delete_shift') || !preg_match('/^\d*$/', $request->input('delete_shift'))) { if (!$request->has('delete_shift') || !preg_match('/^\d+$/', $request->input('delete_shift'))) {
redirect(page_link_to('user_shifts')); redirect(page_link_to('user_shifts'));
} }
$shift_id = $request->input('delete_shift'); $shift_id = $request->input('delete_shift');
@ -225,7 +234,9 @@ function shift_delete_controller()
date('Y-m-d H:i', $shift['start']), date('Y-m-d H:i', $shift['start']),
date('H:i', $shift['end']) date('H:i', $shift['end'])
), true), ), true),
'<a class="button" href="?p=user_shifts&delete_shift=' . $shift_id . '&delete">' . _('delete') . '</a>' '<a class="button" href="'
. page_link_to('user_shifts', ['delete_shift' => $shift_id, 'delete' => 1]) .
'">' . _('delete') . '</a>'
]); ]);
} }
@ -308,8 +319,6 @@ function shifts_controller()
/** /**
* Redirects the user to his next shift. * Redirects the user to his next shift.
*
* @return false
*/ */
function shift_next_controller() function shift_next_controller()
{ {

4
includes/controller/shifttypes_controller.php
Unescape Escape View File

@ -6,7 +6,7 @@
*/ */
function shifttype_link($shifttype) function shifttype_link($shifttype)
{ {
return page_link_to('shifttypes') . '&action=view&shifttype_id=' . $shifttype['id']; return page_link_to('shifttypes', ['action' => 'view', 'shifttype_id' => $shifttype['id']]);
} }
/** /**
@ -100,7 +100,7 @@ function shifttype_edit_controller()
engelsystem_log('Created shifttype ' . $name); engelsystem_log('Created shifttype ' . $name);
success(_('Created shifttype.')); success(_('Created shifttype.'));
} }
redirect(page_link_to('shifttypes') . '&action=view&shifttype_id=' . $shifttype_id); redirect(page_link_to('shifttypes', ['action' => 'view', 'shifttype_id' => $shifttype_id]));
} }
} }

17
includes/controller/user_angeltypes_controller.php
Unescape Escape View File

@ -17,8 +17,7 @@ function user_angeltypes_unconfirmed_hint()
$unconfirmed_links = []; $unconfirmed_links = [];
foreach ($unconfirmed_user_angeltypes as $user_angeltype) { foreach ($unconfirmed_user_angeltypes as $user_angeltype) {
$unconfirmed_links[] = '<a href="' $unconfirmed_links[] = '<a href="'
. page_link_to('angeltypes') . page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $user_angeltype['angeltype_id']])
. '&action=view&angeltype_id=' . $user_angeltype['angeltype_id']
. '">' . $user_angeltype['name'] . '">' . $user_angeltype['name']
. ' (+' . $user_angeltype['count'] . ')' . ' (+' . $user_angeltype['count'] . ')'
. '</a>'; . '</a>';
@ -61,7 +60,7 @@ function user_angeltypes_delete_all_controller()
engelsystem_log(sprintf('Denied all users for angeltype %s', AngelType_name_render($angeltype))); engelsystem_log(sprintf('Denied all users for angeltype %s', AngelType_name_render($angeltype)));
success(sprintf(_('Denied all users for angeltype %s.'), AngelType_name_render($angeltype))); success(sprintf(_('Denied all users for angeltype %s.'), AngelType_name_render($angeltype)));
redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']); redirect(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]));
} }
return [ return [
@ -107,7 +106,7 @@ function user_angeltypes_confirm_all_controller()
engelsystem_log(sprintf('Confirmed all users for angeltype %s', AngelType_name_render($angeltype))); engelsystem_log(sprintf('Confirmed all users for angeltype %s', AngelType_name_render($angeltype)));
success(sprintf(_('Confirmed all users for angeltype %s.'), AngelType_name_render($angeltype))); success(sprintf(_('Confirmed all users for angeltype %s.'), AngelType_name_render($angeltype)));
redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']); redirect(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]));
} }
return [ return [
@ -167,7 +166,7 @@ function user_angeltype_confirm_controller()
User_Nick_render($user_source), User_Nick_render($user_source),
AngelType_name_render($angeltype) AngelType_name_render($angeltype)
)); ));
redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']); redirect(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]));
} }
return [ return [
@ -221,7 +220,7 @@ function user_angeltype_delete_controller()
engelsystem_log($success_message); engelsystem_log($success_message);
success($success_message); success($success_message);
redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']); redirect(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]));
} }
return [ return [
@ -287,7 +286,7 @@ function user_angeltype_update_controller()
engelsystem_log($success_message); engelsystem_log($success_message);
success($success_message); success($success_message);
redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']); redirect(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]));
} }
return [ return [
@ -341,7 +340,7 @@ function user_angeltype_add_controller()
AngelType_name_render($angeltype) AngelType_name_render($angeltype)
)); ));
redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']); redirect(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]));
} }
} }
@ -383,7 +382,7 @@ function user_angeltype_join_controller($angeltype)
)); ));
} }
redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']); redirect(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]));
} }
return [ return [

2
includes/controller/user_driver_licenses_controller.php
Unescape Escape View File

@ -63,7 +63,7 @@ function user_driver_license_edit_link($user = null)
if ($user == null) { if ($user == null) {
return page_link_to('user_driver_licenses'); return page_link_to('user_driver_licenses');
} }
return page_link_to('user_driver_licenses') . '&user_id=' . $user['UID']; return page_link_to('user_driver_licenses', ['user_id' => $user['UID']]);
} }
/** /**

18
includes/controller/users_controller.php
Unescape Escape View File

@ -47,7 +47,7 @@ function user_delete_controller()
$request = request(); $request = request();
if ($request->has('user_id')) { if ($request->has('user_id')) {
$user_source = User($request->get('user_id')); $user_source = User($request->query->get('user_id'));
} else { } else {
$user_source = $user; $user_source = $user;
} }
@ -68,7 +68,7 @@ function user_delete_controller()
if ( if (
!( !(
$request->has('password') $request->has('password')
&& verify_password($request->post('password'), $user['Passwort'], $user['UID']) && verify_password($request->postData('password'), $user['Passwort'], $user['UID'])
) )
) { ) {
$valid = false; $valid = false;
@ -106,7 +106,7 @@ function users_link()
*/ */
function user_edit_link($user) function user_edit_link($user)
{ {
return page_link_to('admin_user') . '&user_id=' . $user['UID']; return page_link_to('admin_user', ['user_id' => $user['UID']]);
} }
/** /**
@ -115,7 +115,7 @@ function user_edit_link($user)
*/ */
function user_delete_link($user) function user_delete_link($user)
{ {
return page_link_to('users') . '&action=delete&user_id=' . $user['UID']; return page_link_to('users', ['action' => 'delete', 'user_id' => $user['UID']]);
} }
/** /**
@ -124,7 +124,7 @@ function user_delete_link($user)
*/ */
function user_link($user) function user_link($user)
{ {
return page_link_to('users') . '&action=view&user_id=' . $user['UID']; return page_link_to('users', ['action' => 'view', 'user_id' => $user['UID']]);
} }
/** /**
@ -297,9 +297,9 @@ function user_password_recovery_set_new_controller()
if ( if (
$request->has('password') $request->has('password')
&& strlen($request->post('password')) >= config('min_password_length') && strlen($request->postData('password')) >= config('min_password_length')
) { ) {
if ($request->post('password') != $request->post('password2')) { if ($request->postData('password') != $request->postData('password2')) {
$valid = false; $valid = false;
error(_('Your passwords don\'t match.')); error(_('Your passwords don\'t match.'));
} }
@ -309,7 +309,7 @@ function user_password_recovery_set_new_controller()
} }
if ($valid) { if ($valid) {
set_password($user_source['UID'], $request->post('password')); set_password($user_source['UID'], $request->postData('password'));
success(_('Password saved.')); success(_('Password saved.'));
redirect(page_link_to('login')); redirect(page_link_to('login'));
} }
@ -353,7 +353,7 @@ function user_password_recovery_start_controller()
_('Password recovery'), _('Password recovery'),
sprintf( sprintf(
_('Please visit %s to recover your password.'), _('Please visit %s to recover your password.'),
page_link_to_absolute('user_password_recovery') . '&token=' . $token page_link_to('user_password_recovery', ['token' => $token])
) )
); );
success(_('We sent an email containing your password recovery link.')); success(_('We sent an email containing your password recovery link.'));

173
includes/engelsystem_provider.php
Unescape Escape View File

@ -6,16 +6,13 @@ use Engelsystem\Exceptions\Handler as ExceptionHandler;
use Engelsystem\Http\Request; use Engelsystem\Http\Request;
use Engelsystem\Renderer\HtmlEngine; use Engelsystem\Renderer\HtmlEngine;
use Engelsystem\Renderer\Renderer; use Engelsystem\Renderer\Renderer;
use Symfony\Component\HttpFoundation\Session\Session;
/** /**
* This file includes all needed functions, connects to the db etc. * This file includes all needed functions, connects to the db etc.
*/ */
if (!is_readable(__DIR__ . '/../vendor/autoload.php')) { require_once __DIR__ . '/autoload.php';
die('Please run composer.phar install');
}
require __DIR__ . '/../vendor/autoload.php';
/** /**
* Load configuration * Load configuration
@ -36,9 +33,10 @@ date_default_timezone_set($config->get('timezone'));
/** /**
* Initialize Request * Initialize Request
*
* @var Request $request
*/ */
$request = new Request(); $request = Request::createFromGlobals();
$request->create();
$request::setInstance($request); $request::setInstance($request);
/** /**
@ -86,88 +84,95 @@ Db::getPdo()->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
/** /**
* Include legacy code * Include legacy code
*/ */
require_once realpath(__DIR__ . '/../includes/sys_auth.php'); $includeFiles = [
require_once realpath(__DIR__ . '/../includes/sys_form.php'); __DIR__ . '/../includes/sys_auth.php',
require_once realpath(__DIR__ . '/../includes/sys_log.php'); __DIR__ . '/../includes/sys_form.php',
require_once realpath(__DIR__ . '/../includes/sys_menu.php'); __DIR__ . '/../includes/sys_log.php',
require_once realpath(__DIR__ . '/../includes/sys_page.php'); __DIR__ . '/../includes/sys_menu.php',
require_once realpath(__DIR__ . '/../includes/sys_template.php'); __DIR__ . '/../includes/sys_page.php',
__DIR__ . '/../includes/sys_template.php',
require_once realpath(__DIR__ . '/../includes/model/AngelType_model.php');
require_once realpath(__DIR__ . '/../includes/model/EventConfig_model.php'); __DIR__ . '/../includes/model/AngelType_model.php',
require_once realpath(__DIR__ . '/../includes/model/LogEntries_model.php'); __DIR__ . '/../includes/model/EventConfig_model.php',
require_once realpath(__DIR__ . '/../includes/model/Message_model.php'); __DIR__ . '/../includes/model/LogEntries_model.php',
require_once realpath(__DIR__ . '/../includes/model/NeededAngelTypes_model.php'); __DIR__ . '/../includes/model/Message_model.php',
require_once realpath(__DIR__ . '/../includes/model/Room_model.php'); __DIR__ . '/../includes/model/NeededAngelTypes_model.php',
require_once realpath(__DIR__ . '/../includes/model/ShiftEntry_model.php'); __DIR__ . '/../includes/model/Room_model.php',
require_once realpath(__DIR__ . '/../includes/model/Shifts_model.php'); __DIR__ . '/../includes/model/ShiftEntry_model.php',
require_once realpath(__DIR__ . '/../includes/model/ShiftsFilter.php'); __DIR__ . '/../includes/model/Shifts_model.php',
require_once realpath(__DIR__ . '/../includes/model/ShiftSignupState.php'); __DIR__ . '/../includes/model/ShiftsFilter.php',
require_once realpath(__DIR__ . '/../includes/model/ShiftTypes_model.php'); __DIR__ . '/../includes/model/ShiftSignupState.php',
require_once realpath(__DIR__ . '/../includes/model/UserAngelTypes_model.php'); __DIR__ . '/../includes/model/ShiftTypes_model.php',
require_once realpath(__DIR__ . '/../includes/model/UserDriverLicenses_model.php'); __DIR__ . '/../includes/model/UserAngelTypes_model.php',
require_once realpath(__DIR__ . '/../includes/model/UserGroups_model.php'); __DIR__ . '/../includes/model/UserDriverLicenses_model.php',
require_once realpath(__DIR__ . '/../includes/model/User_model.php'); __DIR__ . '/../includes/model/UserGroups_model.php',
require_once realpath(__DIR__ . '/../includes/model/ValidationResult.php'); __DIR__ . '/../includes/model/User_model.php',
__DIR__ . '/../includes/model/ValidationResult.php',
require_once realpath(__DIR__ . '/../includes/view/AngelTypes_view.php');
require_once realpath(__DIR__ . '/../includes/view/EventConfig_view.php'); __DIR__ . '/../includes/view/AngelTypes_view.php',
require_once realpath(__DIR__ . '/../includes/view/Questions_view.php'); __DIR__ . '/../includes/view/EventConfig_view.php',
require_once realpath(__DIR__ . '/../includes/view/Rooms_view.php'); __DIR__ . '/../includes/view/Questions_view.php',
require_once realpath(__DIR__ . '/../includes/view/ShiftCalendarLane.php'); __DIR__ . '/../includes/view/Rooms_view.php',
require_once realpath(__DIR__ . '/../includes/view/ShiftCalendarRenderer.php'); __DIR__ . '/../includes/view/ShiftCalendarLane.php',
require_once realpath(__DIR__ . '/../includes/view/ShiftCalendarShiftRenderer.php'); __DIR__ . '/../includes/view/ShiftCalendarRenderer.php',
require_once realpath(__DIR__ . '/../includes/view/ShiftsFilterRenderer.php'); __DIR__ . '/../includes/view/ShiftCalendarShiftRenderer.php',
require_once realpath(__DIR__ . '/../includes/view/Shifts_view.php'); __DIR__ . '/../includes/view/ShiftsFilterRenderer.php',
require_once realpath(__DIR__ . '/../includes/view/ShiftEntry_view.php'); __DIR__ . '/../includes/view/Shifts_view.php',
require_once realpath(__DIR__ . '/../includes/view/ShiftTypes_view.php'); __DIR__ . '/../includes/view/ShiftEntry_view.php',
require_once realpath(__DIR__ . '/../includes/view/UserAngelTypes_view.php'); __DIR__ . '/../includes/view/ShiftTypes_view.php',
require_once realpath(__DIR__ . '/../includes/view/UserDriverLicenses_view.php'); __DIR__ . '/../includes/view/UserAngelTypes_view.php',
require_once realpath(__DIR__ . '/../includes/view/UserHintsRenderer.php'); __DIR__ . '/../includes/view/UserDriverLicenses_view.php',
require_once realpath(__DIR__ . '/../includes/view/User_view.php'); __DIR__ . '/../includes/view/UserHintsRenderer.php',
__DIR__ . '/../includes/view/User_view.php',
require_once realpath(__DIR__ . '/../includes/controller/angeltypes_controller.php');
require_once realpath(__DIR__ . '/../includes/controller/event_config_controller.php'); __DIR__ . '/../includes/controller/angeltypes_controller.php',
require_once realpath(__DIR__ . '/../includes/controller/rooms_controller.php'); __DIR__ . '/../includes/controller/event_config_controller.php',
require_once realpath(__DIR__ . '/../includes/controller/shift_entries_controller.php'); __DIR__ . '/../includes/controller/rooms_controller.php',
require_once realpath(__DIR__ . '/../includes/controller/shifts_controller.php'); __DIR__ . '/../includes/controller/shift_entries_controller.php',
require_once realpath(__DIR__ . '/../includes/controller/shifttypes_controller.php'); __DIR__ . '/../includes/controller/shifts_controller.php',
require_once realpath(__DIR__ . '/../includes/controller/users_controller.php'); __DIR__ . '/../includes/controller/shifttypes_controller.php',
require_once realpath(__DIR__ . '/../includes/controller/user_angeltypes_controller.php'); __DIR__ . '/../includes/controller/users_controller.php',
require_once realpath(__DIR__ . '/../includes/controller/user_driver_licenses_controller.php'); __DIR__ . '/../includes/controller/user_angeltypes_controller.php',
__DIR__ . '/../includes/controller/user_driver_licenses_controller.php',
require_once realpath(__DIR__ . '/../includes/helper/graph_helper.php');
require_once realpath(__DIR__ . '/../includes/helper/internationalization_helper.php'); __DIR__ . '/../includes/helper/graph_helper.php',
require_once realpath(__DIR__ . '/../includes/helper/message_helper.php'); __DIR__ . '/../includes/helper/internationalization_helper.php',
require_once realpath(__DIR__ . '/../includes/helper/error_helper.php'); __DIR__ . '/../includes/helper/message_helper.php',
require_once realpath(__DIR__ . '/../includes/helper/email_helper.php'); __DIR__ . '/../includes/helper/error_helper.php',
__DIR__ . '/../includes/helper/email_helper.php',
require_once realpath(__DIR__ . '/../includes/mailer/shifts_mailer.php');
require_once realpath(__DIR__ . '/../includes/mailer/users_mailer.php'); __DIR__ . '/../includes/mailer/shifts_mailer.php',
__DIR__ . '/../includes/mailer/users_mailer.php',
require_once realpath(__DIR__ . '/../includes/pages/admin_active.php');
require_once realpath(__DIR__ . '/../includes/pages/admin_arrive.php'); __DIR__ . '/../includes/pages/admin_active.php',
require_once realpath(__DIR__ . '/../includes/pages/admin_free.php'); __DIR__ . '/../includes/pages/admin_arrive.php',
require_once realpath(__DIR__ . '/../includes/pages/admin_groups.php'); __DIR__ . '/../includes/pages/admin_free.php',
require_once realpath(__DIR__ . '/../includes/pages/admin_import.php'); __DIR__ . '/../includes/pages/admin_groups.php',
require_once realpath(__DIR__ . '/../includes/pages/admin_log.php'); __DIR__ . '/../includes/pages/admin_import.php',
require_once realpath(__DIR__ . '/../includes/pages/admin_questions.php'); __DIR__ . '/../includes/pages/admin_log.php',
require_once realpath(__DIR__ . '/../includes/pages/admin_rooms.php'); __DIR__ . '/../includes/pages/admin_questions.php',
require_once realpath(__DIR__ . '/../includes/pages/admin_shifts.php'); __DIR__ . '/../includes/pages/admin_rooms.php',
require_once realpath(__DIR__ . '/../includes/pages/admin_user.php'); __DIR__ . '/../includes/pages/admin_shifts.php',
require_once realpath(__DIR__ . '/../includes/pages/guest_login.php'); __DIR__ . '/../includes/pages/admin_user.php',
require_once realpath(__DIR__ . '/../includes/pages/user_messages.php'); __DIR__ . '/../includes/pages/guest_login.php',
require_once realpath(__DIR__ . '/../includes/pages/user_myshifts.php'); __DIR__ . '/../includes/pages/user_messages.php',
require_once realpath(__DIR__ . '/../includes/pages/user_news.php'); __DIR__ . '/../includes/pages/user_myshifts.php',
require_once realpath(__DIR__ . '/../includes/pages/user_questions.php'); __DIR__ . '/../includes/pages/user_news.php',
require_once realpath(__DIR__ . '/../includes/pages/user_settings.php'); __DIR__ . '/../includes/pages/user_questions.php',
require_once realpath(__DIR__ . '/../includes/pages/user_shifts.php'); __DIR__ . '/../includes/pages/user_settings.php',
__DIR__ . '/../includes/pages/user_shifts.php',
];
foreach ($includeFiles as $file) {
require_once realpath($file);
}
/** /**
* Init application * Init application
*/ */
session_start(); $session = new Session();
$session->start();
$request->setSession($session);
gettext_init(); gettext_init();

25
includes/helper/internationalization_helper.php
Unescape Escape View File

@ -1,5 +1,7 @@
<?php <?php
use Engelsystem\Http\Request;
/** /**
* Return currently active locale * Return currently active locale
* *
@ -7,7 +9,7 @@
*/ */
function locale() function locale()
{ {
return $_SESSION['locale']; return session()->get('locale');
} }
/** /**
@ -27,11 +29,12 @@ function gettext_init()
{ {
$locales = config('locales'); $locales = config('locales');
$request = request(); $request = request();
$session = session();
if ($request->has('set_locale') && isset($locales[$request->input('set_locale')])) { if ($request->has('set_locale') && isset($locales[$request->input('set_locale')])) {
$_SESSION['locale'] = $request->input('set_locale'); $session->set('locale', $request->input('set_locale'));
} elseif (!isset($_SESSION['locale'])) { } elseif (!$session->has('locale')) {
$_SESSION['locale'] = config('default_locale'); $session->set('locale', config('default_locale'));
} }
gettext_locale(); gettext_locale();
@ -48,7 +51,7 @@ function gettext_init()
function gettext_locale($locale = null) function gettext_locale($locale = null)
{ {
if ($locale == null) { if ($locale == null) {
$locale = $_SESSION['locale']; $locale = session()->get('locale');
} }
putenv('LC_ALL=' . $locale); putenv('LC_ALL=' . $locale);
@ -62,14 +65,20 @@ function gettext_locale($locale = null)
*/ */
function make_langselect() function make_langselect()
{ {
$url = $_SERVER['REQUEST_URI'] . (strpos($_SERVER['REQUEST_URI'], '?') > 0 ? '&' : '?') . 'set_locale='; $request = Request::getInstance();
$items = []; $items = [];
foreach (config('locales') as $locale => $name) { foreach (config('locales') as $locale => $name) {
$url = url($request->getPathInfo(), ['set_locale' => $locale]);
$items[] = toolbar_item_link( $items[] = toolbar_item_link(
htmlspecialchars($url) . $locale, htmlspecialchars($url),
'', '',
'<img src="pic/flag/' . $locale . '.png" alt="' . $name . '" title="' . $name . '"> ' . $name sprintf(
'<img src="%s" alt="%s" title="%2$s"> %2$s',
url('pic/flag/' . $locale . '.png'),
$name
)
); );
} }
return $items; return $items;

32
includes/helper/message_helper.php
Unescape Escape View File

@ -7,12 +7,12 @@
*/ */
function msg() function msg()
{ {
if (!isset($_SESSION['msg'])) { $session = session();
return '';
} $message = $session->get('msg', '');
$msg = $_SESSION['msg']; $session->set('msg', '');
$_SESSION['msg'] = '';
return $msg; return $message;
} }
/** /**
@ -57,21 +57,23 @@ function success($msg, $immediately = false)
* @param string $class * @param string $class
* @param string $msg * @param string $msg
* @param bool $immediately * @param bool $immediately
* @return string|null * @return string
*/ */
function alert($class, $msg, $immediately = false) function alert($class, $msg, $immediately = false)
{ {
$session = session();
if (empty($msg)) {
return '';
}
if ($immediately) { if ($immediately) {
if ($msg == '') {
return '';
}
return '<div class="alert alert-' . $class . '">' . $msg . '</div>'; return '<div class="alert alert-' . $class . '">' . $msg . '</div>';
} }
if (!isset($_SESSION['msg'])) { $message = $session->get('msg', '');
$_SESSION['msg'] = ''; $message .= alert($class, $msg, true);
} $session->set('msg', $message);
$_SESSION['msg'] .= alert($class, $msg, true);
return null; return '';
} }

7
includes/model/Shifts_model.php
Unescape Escape View File

@ -45,7 +45,7 @@ function Shifts_by_ShiftsFilter(ShiftsFilter $shiftsFilter)
AND NOT `Shifts`.`PSID` IS NULL) AS tmp_shifts AND NOT `Shifts`.`PSID` IS NULL) AS tmp_shifts
ORDER BY `start`'; ORDER BY `start`';
return DB::select( return DB::select(
$sql, $sql,
[ [
@ -245,6 +245,10 @@ function Shift_signup_allowed_angel(
) { ) {
$free_entries = Shift_free_entries($needed_angeltype, $shift_entries); $free_entries = Shift_free_entries($needed_angeltype, $shift_entries);
if (config('signup_requires_arrival') && !$user['Gekommen']) {
return new ShiftSignupState(ShiftSignupState::SHIFT_ENDED, $free_entries);
}
if ($user_shifts == null) { if ($user_shifts == null) {
$user_shifts = Shifts_by_user($user); $user_shifts = Shifts_by_user($user);
} }
@ -444,6 +448,7 @@ function Shift_update($shift)
* *
* @param array $shift * @param array $shift
* @return bool|null * @return bool|null
* @throws Exception
*/ */
function Shift_update_by_psid($shift) function Shift_update_by_psid($shift)
{ {

2
includes/model/User_model.php
Unescape Escape View File

@ -241,7 +241,7 @@ function Users_by_angeltype($angeltype)
`UserAngelTypes`.`id` AS `user_angeltype_id`, `UserAngelTypes`.`id` AS `user_angeltype_id`,
`UserAngelTypes`.`confirm_user_id`, `UserAngelTypes`.`confirm_user_id`,
`UserAngelTypes`.`supporter`, `UserAngelTypes`.`supporter`,
(`UserDriverLicenses`.`user_id` IS NOT NULL) as `wants_to_drive`, (`UserDriverLicenses`.`user_id` IS NOT NULL) AS `wants_to_drive`,
`UserDriverLicenses`.* `UserDriverLicenses`.*
FROM `User` FROM `User`
JOIN `UserAngelTypes` ON `User`.`UID`=`UserAngelTypes`.`user_id` JOIN `UserAngelTypes` ON `User`.`UID`=`UserAngelTypes`.`user_id`

52
includes/pages/admin_active.php
Unescape Escape View File

@ -82,9 +82,13 @@ function admin_active()
$limit = ''; $limit = '';
$msg = success(_('Marked angels.'), true); $msg = success(_('Marked angels.'), true);
} else { } else {
$set_active = '<a href="' . page_link_to('admin_active') . '&amp;serach=' . $search . '">&laquo; ' $set_active = '<a href="' . page_link_to('admin_active', ['search' => $search]) . '">&laquo; '
. _('back') . '</a> | <a href="' . _('back')
. page_link_to('admin_active') . '&amp;search=' . $search . '&amp;count=' . $count . '&amp;set_active&amp;ack">' . '</a> | <a href="'
. page_link_to(
'admin_active',
['search' => $search, 'count' => $count, 'set_active' => 1, 'ack' => 1]
) . '">'
. _('apply') . _('apply')
. '</a>'; . '</a>';
} }
@ -176,28 +180,46 @@ function admin_active()
$actions = []; $actions = [];
if ($usr['Aktiv'] == 0) { if ($usr['Aktiv'] == 0) {
$actions[] = '<a href="' $parameters = [
. page_link_to('admin_active') . '&amp;active=' . $usr['UID'] 'active' => $usr['UID'],
. ($show_all_shifts ? '&amp;show_all_shifts=' : '') . '&amp;search=' . $search . '">' 'search' => $search,
];
if ($show_all_shifts) {
$parameters['show_all_shifts'] = 1;
}
$actions[] = '<a href="' . page_link_to('admin_active', $parameters) . '">'
. _('set active') . _('set active')
. '</a>'; . '</a>';
} }
if ($usr['Aktiv'] == 1 && $usr['Tshirt'] == 0) { if ($usr['Aktiv'] == 1 && $usr['Tshirt'] == 0) {
$actions[] = '<a href="' $parametersRemove = [
. page_link_to('admin_active') . '&amp;not_active=' . $usr['UID'] 'not_active' => $usr['UID'],
. ($show_all_shifts ? '&amp;show_all_shifts=' : '') . '&amp;search=' . $search . '">' 'search' => $search,
];
$parametersShirt = [
'tshirt' => $usr['UID'],
'search' => $search,
];
if ($show_all_shifts) {
$parametersRemove['show_all_shifts'] = 1;
$parametersShirt['show_all_shifts'] = 1;
}
$actions[] = '<a href="' . page_link_to('admin_active', $parametersRemove) . '">'
. _('remove active') . _('remove active')
. '</a>'; . '</a>';
$actions[] = '<a href="' $actions[] = '<a href="' . page_link_to('admin_active', $parametersShirt) . '">'
. page_link_to('admin_active') . '&amp;tshirt=' . $usr['UID']
. ($show_all_shifts ? '&amp;show_all_shifts=' : '') . '&amp;search=' . $search . '">'
. _('got t-shirt') . _('got t-shirt')
. '</a>'; . '</a>';
} }
if ($usr['Tshirt'] == 1) { if ($usr['Tshirt'] == 1) {
$actions[] = '<a href="' $parameters = [
. page_link_to('admin_active') . '&amp;not_tshirt=' . $usr['UID'] 'not_tshirt' => $usr['UID'],
. ($show_all_shifts ? '&amp;show_all_shifts=' : '') . '&amp;search=' . $search . '">' 'search' => $search,
];
if ($show_all_shifts) {
$parameters['show_all_shifts'] = 1;
}
$actions[] = '<a href="' . page_link_to('admin_active', $parameters) . '">'
. _('remove t-shirt') . _('remove t-shirt')
. '</a>'; . '</a>';
} }

14
includes/pages/admin_arrive.php
Unescape Escape View File

@ -23,7 +23,7 @@ function admin_arrive()
$search = strip_request_item('search'); $search = strip_request_item('search');
} }
if ($request->has('reset') && preg_match('/^\d*$/', $request->input('reset'))) { if ($request->has('reset') && preg_match('/^\d+$/', $request->input('reset'))) {
$user_id = $request->input('reset'); $user_id = $request->input('reset');
$user_source = User($user_id); $user_source = User($user_id);
if ($user_source != null) { if ($user_source != null) {
@ -39,7 +39,7 @@ function admin_arrive()
} else { } else {
$msg = error(_('Angel not found.'), true); $msg = error(_('Angel not found.'), true);
} }
} elseif ($request->has('arrived') && preg_match('/^\d*$/', $request->input('arrived'))) { } elseif ($request->has('arrived') && preg_match('/^\d+$/', $request->input('arrived'))) {
$user_id = $request->input('arrived'); $user_id = $request->input('arrived');
$user_source = User($user_id); $user_source = User($user_id);
if ($user_source != null) { if ($user_source != null) {
@ -92,8 +92,14 @@ function admin_arrive()
$usr['rendered_arrival_date'] = $usr['arrival_date'] > 0 ? date('Y-m-d', $usr['arrival_date']) : '-'; $usr['rendered_arrival_date'] = $usr['arrival_date'] > 0 ? date('Y-m-d', $usr['arrival_date']) : '-';
$usr['arrived'] = $usr['Gekommen'] == 1 ? _('yes') : ''; $usr['arrived'] = $usr['Gekommen'] == 1 ? _('yes') : '';
$usr['actions'] = $usr['Gekommen'] == 1 $usr['actions'] = $usr['Gekommen'] == 1
? '<a href="' . page_link_to('admin_arrive') . '&reset=' . $usr['UID'] . '&search=' . $search . '">' . _('reset') . '</a>' ? '<a href="' . page_link_to(
: '<a href="' . page_link_to('admin_arrive') . '&arrived=' . $usr['UID'] . '&search=' . $search . '">' . _('arrived') . '</a>'; 'admin_arrive',
['reset' => $usr['UID'], 'search' => $search]
) . '">' . _('reset') . '</a>'
: '<a href="' . page_link_to(
'admin_arrive',
['arrived' => $usr['UID'], 'search' => $search]
) . '">' . _('arrived') . '</a>';
if ($usr['arrival_date'] > 0) { if ($usr['arrival_date'] > 0) {
$day = date('Y-m-d', $usr['arrival_date']); $day = date('Y-m-d', $usr['arrival_date']);

2
includes/pages/admin_free.php
Unescape Escape View File

@ -94,7 +94,7 @@ function admin_free()
'email' => $usr['email_by_human_allowed'] ? $usr['email'] : glyph('eye-close'), 'email' => $usr['email_by_human_allowed'] ? $usr['email'] : glyph('eye-close'),
'actions' => 'actions' =>
in_array('admin_user', $privileges) in_array('admin_user', $privileges)
? button(page_link_to('admin_user') . '&amp;id=' . $usr['UID'], _('edit'), 'btn-xs') ? button(page_link_to('admin_user', ['id' => $usr['UID']]), _('edit'), 'btn-xs')
: '' : ''
]; ];
} }

13
includes/pages/admin_groups.php
Unescape Escape View File

@ -38,7 +38,8 @@ function admin_groups()
'name' => $group['Name'], 'name' => $group['Name'],
'privileges' => join(', ', $privileges_html), 'privileges' => join(', ', $privileges_html),
'actions' => button( 'actions' => button(
page_link_to('admin_groups') . '&action=edit&id=' . $group['UID'], page_link_to('admin_groups',
['action' => 'edit', 'id' => $group['UID']]),
_('edit'), _('edit'),
'btn-xs' 'btn-xs'
) )
@ -80,7 +81,8 @@ function admin_groups()
'privileges[]', 'privileges[]',
$privilege['desc'] . ' (' . $privilege['name'] . ')', $privilege['desc'] . ' (' . $privilege['name'] . ')',
$privilege['group_id'] != '', $privilege['group_id'] != '',
$privilege['id'] $privilege['id'],
'privilege-' . $privilege['name']
); );
$privileges_html .= sprintf( $privileges_html .= sprintf(
'<tr><td><input type="checkbox" name="privileges[]" value="%s" %s /></td> <td>%s</td> <td>%s</td></tr>', '<tr><td><input type="checkbox" name="privileges[]" value="%s" %s /></td> <td>%s</td> <td>%s</td></tr>',
@ -93,7 +95,10 @@ function admin_groups()
$privileges_form[] = form_submit('submit', _('Save')); $privileges_form[] = form_submit('submit', _('Save'));
$html .= page_with_title(_('Edit group'), [ $html .= page_with_title(_('Edit group'), [
form($privileges_form, page_link_to('admin_groups') . '&action=save&id=' . $group_id) form(
$privileges_form,
page_link_to('admin_groups', ['action' => 'save', 'id' => $group_id])
)
]); ]);
} else { } else {
return error('No Group found.', true); return error('No Group found.', true);
@ -108,7 +113,7 @@ function admin_groups()
} }
$group = DB::selectOne('SELECT * FROM `Groups` WHERE `UID`=? LIMIT 1', [$group_id]); $group = DB::selectOne('SELECT * FROM `Groups` WHERE `UID`=? LIMIT 1', [$group_id]);
$privileges = $request->get('privileges'); $privileges = $request->postData('privileges');
if (!is_array($privileges)) { if (!is_array($privileges)) {
$privileges = []; $privileges = [];
} }

22
includes/pages/admin_import.php
Unescape Escape View File

@ -98,10 +98,12 @@ function admin_import()
if ($valid) { if ($valid) {
redirect( redirect(
page_link_to('admin_import') page_link_to('admin_import', [
. '&step=check&shifttype_id=' . $shifttype_id 'step' => 'check',
. '&add_minutes_end=' . $add_minutes_end 'shifttype_id' => $shifttype_id,
. '&add_minutes_start=' . $add_minutes_start 'add_minutes_end' => $add_minutes_end,
'add_minutes_start' => $add_minutes_start,
])
); );
} else { } else {
$html .= div('well well-sm text-center', [ $html .= div('well well-sm text-center', [
@ -207,10 +209,12 @@ function admin_import()
], shifts_printable($events_deleted, $shifttypes)), ], shifts_printable($events_deleted, $shifttypes)),
form_submit('submit', _('Import')) form_submit('submit', _('Import'))
], ],
page_link_to('admin_import') page_link_to('admin_import', [
. '&step=import&shifttype_id=' . $shifttype_id 'step' => 'import',
. '&add_minutes_end=' . $add_minutes_end 'shifttype_id' => $shifttype_id,
. '&add_minutes_start=' . $add_minutes_start 'add_minutes_end' => $add_minutes_end,
'add_minutes_start' => $add_minutes_start,
])
); );
break; break;
@ -248,7 +252,7 @@ function admin_import()
list($rooms_new, $rooms_deleted) = prepare_rooms($import_file); list($rooms_new, $rooms_deleted) = prepare_rooms($import_file);
foreach ($rooms_new as $room) { foreach ($rooms_new as $room) {
$result = Room_create($room, true, true); $result = Room_create($room, true, true);
$rooms_import[trim($room)] = $result; $rooms_import[trim($room)] = $result;
} }
foreach ($rooms_deleted as $room) { foreach ($rooms_deleted as $room) {

37
includes/pages/admin_news.php
Unescape Escape View File

@ -7,7 +7,7 @@ use Engelsystem\Database\DB;
*/ */
function admin_news() function admin_news()
{ {
global $user; global $user, $privileges;
$request = request(); $request = request();
if (!$request->has('action')) { if (!$request->has('action')) {
@ -30,21 +30,31 @@ function admin_news()
case 'edit': case 'edit':
$user_source = User($news['UID']); $user_source = User($news['UID']);
$html .= form([ $html .= form(
form_info(_('Date'), date('Y-m-d H:i', $news['Datum'])), [
form_info(_('Author'), User_Nick_render($user_source)), form_info(_('Date'), date('Y-m-d H:i', $news['Datum'])),
form_text('eBetreff', _('Subject'), $news['Betreff']), form_info(_('Author'), User_Nick_render($user_source)),
form_textarea('eText', _('Message'), $news['Text']), form_text('eBetreff', _('Subject'), $news['Betreff']),
form_checkbox('eTreffen', _('Meeting'), $news['Treffen'] == 1, 1), form_textarea('eText', _('Message'), $news['Text']),
form_submit('submit', _('Save')) form_checkbox('eTreffen', _('Meeting'), $news['Treffen'] == 1, 1),
], page_link_to('admin_news&action=save&id=' . $news_id)); form_submit('submit', _('Save'))
],
page_link_to('admin_news', ['action' => 'save', 'id' => $news_id])
);
$html .= '<a class="btn btn-danger" href="' . page_link_to('admin_news&action=delete&id=' . $news_id) . '">' $html .= '<a class="btn btn-danger" href="'
. page_link_to('admin_news', ['action' => 'delete', 'id' => $news_id])
. '">'
. '<span class="glyphicon glyphicon-trash"></span> ' . _('Delete') . '<span class="glyphicon glyphicon-trash"></span> ' . _('Delete')
. '</a>'; . '</a>';
break; break;
case 'save': case 'save':
$text = $request->postData('eText');
if (!in_array('admin_news_html', $privileges)) {
$text = strip_tags($text);
}
DB::update(' DB::update('
UPDATE `News` SET UPDATE `News` SET
`Datum`=?, `Datum`=?,
@ -56,14 +66,15 @@ function admin_news()
', ',
[ [
time(), time(),
$request->post('eBetreff'), strip_tags($request->postData('eBetreff')),
$request->post('eText'), $text,
$user['UID'], $user['UID'],
$request->has('eTreffen') ? 1 : 0, $request->has('eTreffen') ? 1 : 0,
$news_id $news_id
] ]
); );
engelsystem_log('News updated: ' . $request->post('eBetreff'));
engelsystem_log('News updated: ' . $request->postData('eBetreff'));
success(_('News entry updated.')); success(_('News entry updated.'));
redirect(page_link_to('news')); redirect(page_link_to('news'));
break; break;

6
includes/pages/admin_questions.php
Unescape Escape View File

@ -52,9 +52,9 @@ function admin_questions()
'answer' => form([ 'answer' => form([
form_textarea('answer', '', ''), form_textarea('answer', '', ''),
form_submit('submit', _('Save')) form_submit('submit', _('Save'))
], page_link_to('admin_questions') . '&action=answer&id=' . $question['QID']), ], page_link_to('admin_questions', ['action' => 'answer', 'id' => $question['QID']])),
'actions' => button( 'actions' => button(
page_link_to('admin_questions') . '&action=delete&id=' . $question['QID'], page_link_to('admin_questions', ['action' => 'delete', 'id' => $question['QID']]),
_('delete'), _('delete'),
'btn-xs' 'btn-xs'
) )
@ -72,7 +72,7 @@ function admin_questions()
'answered_by' => User_Nick_render($answer_user_source), 'answered_by' => User_Nick_render($answer_user_source),
'answer' => str_replace("\n", '<br />', $question['Answer']), 'answer' => str_replace("\n", '<br />', $question['Answer']),
'actions' => button( 'actions' => button(
page_link_to('admin_questions') . '&action=delete&id=' . $question['QID'], page_link_to('admin_questions', ['action' => 'delete', 'id' => $question['QID']]),
_('delete'), _('delete'),
'btn-xs' 'btn-xs'
) )

21
includes/pages/admin_rooms.php
Unescape Escape View File

@ -25,8 +25,8 @@ function admin_rooms()
'from_pentabarf' => glyph_bool($room['FromPentabarf'] == 'Y'), 'from_pentabarf' => glyph_bool($room['FromPentabarf'] == 'Y'),
'public' => glyph_bool($room['show'] == 'Y'), 'public' => glyph_bool($room['show'] == 'Y'),
'actions' => table_buttons([ 'actions' => table_buttons([
button(page_link_to('admin_rooms') . '&show=edit&id=' . $room['RID'], _('edit'), 'btn-xs'), button(page_link_to('admin_rooms', ['show' => 'edit', 'id' => $room['RID']]), _('edit'), 'btn-xs'),
button(page_link_to('admin_rooms') . '&show=delete&id=' . $room['RID'], _('delete'), 'btn-xs') button(page_link_to('admin_rooms', ['show' => 'delete', 'id' => $room['RID']]), _('delete'), 'btn-xs')
]) ])
]; ];
} }
@ -107,11 +107,14 @@ function admin_rooms()
} }
foreach ($angeltypes as $angeltype_id => $angeltype) { foreach ($angeltypes as $angeltype_id => $angeltype) {
if ( $angeltypes_count[$angeltype_id] = 0;
$request->has('angeltype_count_' . $angeltype_id) $queryKey = 'angeltype_count_' . $angeltype_id;
&& preg_match('/^\d{1,4}$/', $request->input('angeltype_count_' . $angeltype_id)) if (!$request->has($queryKey)) {
) { continue;
$angeltypes_count[$angeltype_id] = $request->input('angeltype_count_' . $angeltype_id); }
if (preg_match('/^\d{1,4}$/', $request->input($queryKey))) {
$angeltypes_count[$angeltype_id] = $request->input($queryKey);
} else { } else {
$valid = false; $valid = false;
$msg .= error(sprintf(_('Please enter needed angels for type %s.'), $angeltype), true); $msg .= error(sprintf(_('Please enter needed angels for type %s.'), $angeltype), true);
@ -220,7 +223,7 @@ function admin_rooms()
sprintf(_('Do you want to delete room %s?'), $name), sprintf(_('Do you want to delete room %s?'), $name),
buttons([ buttons([
button( button(
page_link_to('admin_rooms') . '&show=delete&id=' . $room_id . '&ack', page_link_to('admin_rooms', ['show' => 'delete', 'id' => $room_id, 'ack' => 1]),
_('Delete'), _('Delete'),
'delete btn-danger' 'delete btn-danger'
) )
@ -231,7 +234,7 @@ function admin_rooms()
return page_with_title(admin_rooms_title(), [ return page_with_title(admin_rooms_title(), [
buttons([ buttons([
button(page_link_to('admin_rooms') . '&show=edit', _('add')) button(page_link_to('admin_rooms', ['show' => 'edit']), _('add'))
]), ]),
msg(), msg(),
table([ table([

27
includes/pages/admin_shifts.php
Unescape Escape View File

@ -19,6 +19,7 @@ function admin_shifts()
{ {
$valid = true; $valid = true;
$request = request(); $request = request();
$session = session();
$start = parse_date('Y-m-d H:i', date('Y-m-d') . ' 00:00'); $start = parse_date('Y-m-d H:i', date('Y-m-d') . ' 00:00');
$end = $start; $end = $start;
$mode = 'single'; $mode = 'single';
@ -132,16 +133,14 @@ function admin_shifts()
} elseif ($request->input('angelmode') == 'manually') { } elseif ($request->input('angelmode') == 'manually') {
$angelmode = 'manually'; $angelmode = 'manually';
foreach ($types as $type) { foreach ($types as $type) {
if ( if (preg_match('/^\d+$/', trim($request->input('type_' . $type['id'], 0)))) {
$request->has('type_' . $type['id']) $needed_angel_types[$type['id']] = trim($request->input('type_' . $type['id'], 0));
&& preg_match('/^\d+$/', trim($request->input('type_' . $type['id'])))
) {
$needed_angel_types[$type['id']] = trim($request->input('type_' . $type['id']));
} else { } else {
$valid = false; $valid = false;
error(sprintf(_('Please check the needed angels for team %s.'), $type['name'])); error(sprintf(_('Please check the needed angels for team %s.'), $type['name']));
} }
} }
if (array_sum($needed_angel_types) == 0) { if (array_sum($needed_angel_types) == 0) {
$valid = false; $valid = false;
error(_('There are 0 angels needed. Please enter the amounts of needed angels.')); error(_('There are 0 angels needed. Please enter the amounts of needed angels.'));
@ -272,8 +271,8 @@ function admin_shifts()
} }
// Fürs Anlegen zwischenspeichern: // Fürs Anlegen zwischenspeichern:
$_SESSION['admin_shifts_shifts'] = $shifts; $session->set('admin_shifts_shifts', $shifts);
$_SESSION['admin_shifts_types'] = $needed_angel_types; $session->set('admin_shifts_types', $needed_angel_types);
$hidden_types = ''; $hidden_types = '';
foreach ($needed_angel_types as $type_id => $count) { foreach ($needed_angel_types as $type_id => $count) {
@ -303,16 +302,14 @@ function admin_shifts()
} }
} elseif ($request->has('submit')) { } elseif ($request->has('submit')) {
if ( if (
!$request->has('admin_shifts_shifts') !is_array($session->get('admin_shifts_shifts'))
|| !isset($_SESSION['admin_shifts_types']) || !is_array($session->get('admin_shifts_types'))
|| !is_array($_SESSION['admin_shifts_shifts'])
|| !is_array($_SESSION['admin_shifts_types'])
) { ) {
redirect(page_link_to('admin_shifts')); redirect(page_link_to('admin_shifts'));
} }
$needed_angel_types_info = []; $needed_angel_types_info = [];
foreach ($_SESSION['admin_shifts_shifts'] as $shift) { foreach ($session->get('admin_shifts_shifts', []) as $shift) {
$shift['URL'] = null; $shift['URL'] = null;
$shift['PSID'] = null; $shift['PSID'] = null;
$shift_id = Shift_create($shift); $shift_id = Shift_create($shift);
@ -324,7 +321,7 @@ function admin_shifts()
. ' to ' . date('Y-m-d H:i', $shift['end']) . ' to ' . date('Y-m-d H:i', $shift['end'])
); );
foreach ($_SESSION['admin_shifts_types'] as $type_id => $count) { foreach ($session->get('admin_shifts_types', []) as $type_id => $count) {
$angel_type_source = DB::selectOne(' $angel_type_source = DB::selectOne('
SELECT * SELECT *
FROM `AngelTypes` FROM `AngelTypes`
@ -350,8 +347,8 @@ function admin_shifts()
success('Schichten angelegt.'); success('Schichten angelegt.');
redirect(page_link_to('admin_shifts')); redirect(page_link_to('admin_shifts'));
} else { } else {
unset($_SESSION['admin_shifts_shifts']); $session->remove('admin_shifts_shifts');
unset($_SESSION['admin_shifts_types']); $session->remove('admin_shifts_types');
} }
$rid = null; $rid = null;

74
includes/pages/admin_user.php
Unescape Escape View File

@ -46,25 +46,27 @@ function admin_user()
. 'Wenn T-Shirt ein \'Ja\' enth&auml;lt, bedeutet dies, dass der Engel ' . 'Wenn T-Shirt ein \'Ja\' enth&auml;lt, bedeutet dies, dass der Engel '
. 'bereits sein T-Shirt erhalten hat.<br /><br />' . "\n"; . 'bereits sein T-Shirt erhalten hat.<br /><br />' . "\n";
$html .= '<form action="' . page_link_to('admin_user') . '&action=save&id=' . $user_id . '" method="post">' . "\n"; $html .= '<form action="'
. page_link_to('admin_user', ['action' => 'save', 'id' => $user_id])
. '" method="post">' . "\n";
$html .= '<table border="0">' . "\n"; $html .= '<table border="0">' . "\n";
$html .= '<input type="hidden" name="Type" value="Normal">' . "\n"; $html .= '<input type="hidden" name="Type" value="Normal">' . "\n";
$html .= '<tr><td>' . "\n"; $html .= '<tr><td>' . "\n";
$html .= '<table>' . "\n"; $html .= '<table>' . "\n";
$html .= ' <tr><td>Nick</td><td>' . '<input type="text" size="40" name="eNick" value="' . $user_source['Nick'] . '" class="form-control"></td></tr>' . "\n"; $html .= ' <tr><td>Nick</td><td>' . '<input size="40" name="eNick" value="' . $user_source['Nick'] . '" class="form-control"></td></tr>' . "\n";
$html .= ' <tr><td>Last login</td><td><p class="help-block">' $html .= ' <tr><td>Last login</td><td><p class="help-block">'
. date('Y-m-d H:i', $user_source['lastLogIn']) . date('Y-m-d H:i', $user_source['lastLogIn'])
. '</p></td></tr>' . "\n"; . '</p></td></tr>' . "\n";
$html .= ' <tr><td>Name</td><td>' . '<input type="text" size="40" name="eName" value="' . $user_source['Name'] . '" class="form-control"></td></tr>' . "\n"; $html .= ' <tr><td>Name</td><td>' . '<input size="40" name="eName" value="' . $user_source['Name'] . '" class="form-control"></td></tr>' . "\n";
$html .= ' <tr><td>Vorname</td><td>' . '<input type="text" size="40" name="eVorname" value="' . $user_source['Vorname'] . '" class="form-control"></td></tr>' . "\n"; $html .= ' <tr><td>Vorname</td><td>' . '<input size="40" name="eVorname" value="' . $user_source['Vorname'] . '" class="form-control"></td></tr>' . "\n";
$html .= ' <tr><td>Alter</td><td>' . '<input type="text" size="5" name="eAlter" value="' . $user_source['Alter'] . '" class="form-control"></td></tr>' . "\n"; $html .= ' <tr><td>Alter</td><td>' . '<input size="5" name="eAlter" value="' . $user_source['Alter'] . '" class="form-control"></td></tr>' . "\n";
$html .= ' <tr><td>Telefon</td><td>' . '<input type="text" size="40" name="eTelefon" value="' . $user_source['Telefon'] . '" class="form-control"></td></tr>' . "\n"; $html .= ' <tr><td>Telefon</td><td>' . '<input size="40" name="eTelefon" value="' . $user_source['Telefon'] . '" class="form-control"></td></tr>' . "\n";
$html .= ' <tr><td>Handy</td><td>' . '<input type="text" size="40" name="eHandy" value="' . $user_source['Handy'] . '" class="form-control"></td></tr>' . "\n"; $html .= ' <tr><td>Handy</td><td>' . '<input size="40" name="eHandy" value="' . $user_source['Handy'] . '" class="form-control"></td></tr>' . "\n";
$html .= ' <tr><td>DECT</td><td>' . '<input type="text" size="4" name="eDECT" value="' . $user_source['DECT'] . '" class="form-control"></td></tr>' . "\n"; $html .= ' <tr><td>DECT</td><td>' . '<input size="4" name="eDECT" value="' . $user_source['DECT'] . '" class="form-control"></td></tr>' . "\n";
if ($user_source['email_by_human_allowed']) { if ($user_source['email_by_human_allowed']) {
$html .= " <tr><td>email</td><td>" . '<input type="text" size="40" name="eemail" value="' . $user_source['email'] . '" class="form-control"></td></tr>' . "\n"; $html .= " <tr><td>email</td><td>" . '<input size="40" name="eemail" value="' . $user_source['email'] . '" class="form-control"></td></tr>' . "\n";
} }
$html .= " <tr><td>jabber</td><td>" . '<input type="text" size="40" name="ejabber" value="' . $user_source['jabber'] . '" class="form-control"></td></tr>' . "\n"; $html .= " <tr><td>jabber</td><td>" . '<input size="40" name="ejabber" value="' . $user_source['jabber'] . '" class="form-control"></td></tr>' . "\n";
$html .= ' <tr><td>Size</td><td>' $html .= ' <tr><td>Size</td><td>'
. html_select_key('size', 'eSize', $tshirt_sizes, $user_source['Size']) . '</td></tr>' . "\n"; . html_select_key('size', 'eSize', $tshirt_sizes, $user_source['Size']) . '</td></tr>' . "\n";
@ -91,7 +93,7 @@ function admin_user()
$html .= ' <tr><td>T-Shirt</td><td>' . "\n"; $html .= ' <tr><td>T-Shirt</td><td>' . "\n";
$html .= html_options('eTshirt', $options, $user_source['Tshirt']) . '</td></tr>' . "\n"; $html .= html_options('eTshirt', $options, $user_source['Tshirt']) . '</td></tr>' . "\n";
$html .= ' <tr><td>Hometown</td><td>' . '<input type="text" size="40" name="Hometown" value="' . $user_source['Hometown'] . '" class="form-control"></td></tr>' . "\n"; $html .= ' <tr><td>Hometown</td><td>' . '<input size="40" name="Hometown" value="' . $user_source['Hometown'] . '" class="form-control"></td></tr>' . "\n";
$html .= '</table>' . "\n" . '</td><td valign="top"></td></tr>'; $html .= '</table>' . "\n" . '</td><td valign="top"></td></tr>';
@ -105,7 +107,8 @@ function admin_user()
$html .= form_info('', _('Please visit the angeltypes page or the users profile to manage users angeltypes.')); $html .= form_info('', _('Please visit the angeltypes page or the users profile to manage users angeltypes.'));
$html .= 'Hier kannst Du das Passwort dieses Engels neu setzen:<form action="' $html .= 'Hier kannst Du das Passwort dieses Engels neu setzen:<form action="'
. page_link_to('admin_user') . '&action=change_pw&id=' . $user_id . '" method="post">' . "\n"; . page_link_to('admin_user', ['action' => 'change_pw', 'id' => $user_id])
. '" method="post">' . "\n";
$html .= '<table>' . "\n"; $html .= '<table>' . "\n";
$html .= ' <tr><td>Passwort</td><td>' . '<input type="password" size="40" name="new_pw" value="" class="form-control"></td></tr>' . "\n"; $html .= ' <tr><td>Passwort</td><td>' . '<input type="password" size="40" name="new_pw" value="" class="form-control"></td></tr>' . "\n";
$html .= ' <tr><td>Wiederholung</td><td>' . '<input type="password" size="40" name="new_pw2" value="" class="form-control"></td></tr>' . "\n"; $html .= ' <tr><td>Wiederholung</td><td>' . '<input type="password" size="40" name="new_pw2" value="" class="form-control"></td></tr>' . "\n";
@ -134,7 +137,8 @@ function admin_user()
if ($user_id != $user['UID'] && $my_highest_group <= $his_highest_group) { if ($user_id != $user['UID'] && $my_highest_group <= $his_highest_group) {
$html .= 'Hier kannst Du die Benutzergruppen des Engels festlegen:<form action="' $html .= 'Hier kannst Du die Benutzergruppen des Engels festlegen:<form action="'
. page_link_to('admin_user') . '&action=save_groups&id=' . $user_id . '" method="post">' . "\n"; . page_link_to('admin_user', ['action' => 'save_groups', 'id' => $user_id])
. '" method="post">' . "\n";
$html .= '<table>'; $html .= '<table>';
$groups = DB::select(' $groups = DB::select('
@ -175,11 +179,11 @@ function admin_user()
switch ($request->input('action')) { switch ($request->input('action')) {
case 'save_groups': case 'save_groups':
if ($user_id != $user['UID']) { if ($user_id != $user['UID']) {
$my_highest_group = DB::select( $my_highest_group = DB::selectOne(
'SELECT * FROM `UserGroups` WHERE `uid`=? ORDER BY `group_id`', 'SELECT * FROM `UserGroups` WHERE `uid`=? ORDER BY `group_id`',
[$user['UID']] [$user['UID']]
); );
$his_highest_group = DB::select( $his_highest_group = DB::selectOne(
'SELECT * FROM `UserGroups` WHERE `uid`=? ORDER BY `group_id`', 'SELECT * FROM `UserGroups` WHERE `uid`=? ORDER BY `group_id`',
[$user_id] [$user_id]
); );
@ -257,7 +261,7 @@ function admin_user()
`Handy` = ?, `Handy` = ?,
`Alter` =?, `Alter` =?,
`DECT` = ?, `DECT` = ?,
' . ($user_source['email_by_human_allowed'] ? '`email` = ' . DB::getPdo()->quote($request->post('eemail')) . ',' : '') . ' ' . ($user_source['email_by_human_allowed'] ? '`email` = ' . DB::getPdo()->quote($request->postData('eemail')) . ',' : '') . '
`jabber` = ?, `jabber` = ?,
`Size` = ?, `Size` = ?,
`Gekommen`= ?, `Gekommen`= ?,
@ -268,34 +272,34 @@ function admin_user()
WHERE `UID` = ? WHERE `UID` = ?
LIMIT 1'; LIMIT 1';
DB::update($sql, [ DB::update($sql, [
$request->post('eNick'), User_validate_Nick($request->postData('eNick')),
$request->post('eName'), $request->postData('eName'),
$request->post('eVorname'), $request->postData('eVorname'),
$request->post('eTelefon'), $request->postData('eTelefon'),
$request->post('eHandy'), $request->postData('eHandy'),
$request->post('eAlter'), $request->postData('eAlter'),
$request->post('eDECT'), $request->postData('eDECT'),
$request->post('ejabber'), $request->postData('ejabber'),
$request->post('eSize'), $request->postData('eSize'),
$request->post('eGekommen'), $request->postData('eGekommen'),
$request->post('eAktiv'), $request->postData('eAktiv'),
$force_active, $force_active,
$request->post('eTshirt'), $request->postData('eTshirt'),
$request->post('Hometown'), $request->postData('Hometown'),
$user_id, $user_id,
]); ]);
engelsystem_log( engelsystem_log(
'Updated user: ' . $request->post('eNick') . ', ' . $request->post('eSize') 'Updated user: ' . $request->postData('eNick') . ', ' . $request->postData('eSize')
. ', arrived: ' . $request->post('eVorname') . ', arrived: ' . $request->postData('eVorname')
. ', active: ' . $request->post('eAktiv') . ', active: ' . $request->postData('eAktiv')
. ', tshirt: ' . $request->post('eTshirt') . ', tshirt: ' . $request->postData('eTshirt')
); );
$html .= success('Änderung wurde gespeichert...' . "\n", true); $html .= success('Änderung wurde gespeichert...' . "\n", true);
break; break;
case 'change_pw': case 'change_pw':
if ($request->post('new_pw') != '' && $request->post('new_pw') == $request->post('new_pw2')) { if ($request->postData('new_pw') != '' && $request->postData('new_pw') == $request->postData('new_pw2')) {
set_password($user_id, $request->post('new_pw')); set_password($user_id, $request->postData('new_pw'));
$user_source = User($user_id); $user_source = User($user_id);
engelsystem_log('Set new password for ' . User_Nick_render($user_source)); engelsystem_log('Set new password for ' . User_Nick_render($user_source));
$html .= success('Passwort neu gesetzt.', true); $html .= success('Passwort neu gesetzt.', true);

42
includes/pages/guest_login.php
Unescape Escape View File

@ -39,6 +39,7 @@ function guest_register()
$min_password_length = config('min_password_length'); $min_password_length = config('min_password_length');
$event_config = EventConfig(); $event_config = EventConfig();
$request = request(); $request = request();
$session = session();
$msg = ''; $msg = '';
$nick = ''; $nick = '';
@ -127,8 +128,8 @@ function guest_register()
} }
} }
if ($request->has('password') && strlen($request->post('password')) >= $min_password_length) { if ($request->has('password') && strlen($request->postData('password')) >= $min_password_length) {
if ($request->post('password') != $request->post('password2')) { if ($request->postData('password') != $request->postData('password2')) {
$valid = false; $valid = false;
$msg .= error(_('Your passwords don\'t match.'), true); $msg .= error(_('Your passwords don\'t match.'), true);
} }
@ -226,15 +227,15 @@ function guest_register()
$password_hash, $password_hash,
$comment, $comment,
$hometown, $hometown,
$_SESSION['locale'], $session->get('locale'),
$planned_arrival_date, $planned_arrival_date,
] ]
); );
// Assign user-group and set password // Assign user-group and set password
$user_id = DB::getPdo()->lastInsertId(); $user_id = DB::getPdo()->lastInsertId();
DB::insert('INSERT INTO `UserGroups` (`uid`, `group_id`) VALUES (?, -2)', [$user_id]); DB::insert('INSERT INTO `UserGroups` (`uid`, `group_id`) VALUES (?, -20)', [$user_id]);
set_password($user_id, $request->post('password')); set_password($user_id, $request->postData('password'));
// Assign angel-types // Assign angel-types
$user_angel_types_info = []; $user_angel_types_info = [];
@ -328,7 +329,7 @@ function guest_register()
'angel_types', 'angel_types',
_('What do you want to do?') . sprintf( _('What do you want to do?') . sprintf(
' (<a href="%s">%s</a>)', ' (<a href="%s">%s</a>)',
page_link_to('angeltypes') . '&action=about', page_link_to('angeltypes', ['action' => 'about']),
_('Description of job types') _('Description of job types')
), ),
$angel_types, $angel_types,
@ -377,32 +378,43 @@ function guest_register()
]); ]);
} }
/**
* @return string
*/
function entry_required() function entry_required()
{ {
return '<span class="text-info glyphicon glyphicon-warning-sign"></span>'; return '<span class="text-info glyphicon glyphicon-warning-sign"></span>';
} }
/**
* @return bool
*/
function guest_logout() function guest_logout()
{ {
session_destroy(); session()->invalidate();
redirect(page_link_to('start')); redirect(page_link_to('start'));
return true; return true;
} }
/**
* @return string
*/
function guest_login() function guest_login()
{ {
$nick = ''; $nick = '';
$request = request(); $request = request();
unset($_SESSION['uid']); $session = session();
$valid = true; $valid = true;
$session->remove('uid');
if ($request->has('submit')) { if ($request->has('submit')) {
if ($request->has('nick') && strlen(User_validate_Nick($request->input('nick'))) > 0) { if ($request->has('nick') && strlen(User_validate_Nick($request->input('nick'))) > 0) {
$nick = User_validate_Nick($request->input('nick')); $nick = User_validate_Nick($request->input('nick'));
$login_user = DB::selectOne('SELECT * FROM `User` WHERE `Nick`=?', [$nick]); $login_user = DB::selectOne('SELECT * FROM `User` WHERE `Nick`=?', [$nick]);
if (!empty($login_user)) { if (!empty($login_user)) {
if ($request->has('password')) { if ($request->has('password')) {
if (!verify_password($request->post('password'), $login_user['Passwort'], $login_user['UID'])) { if (!verify_password($request->postData('password'), $login_user['Passwort'], $login_user['UID'])) {
$valid = false; $valid = false;
error(_('Your password is incorrect. Please try it again.')); error(_('Your password is incorrect. Please try it again.'));
} }
@ -420,8 +432,8 @@ function guest_login()
} }
if ($valid && !empty($login_user)) { if ($valid && !empty($login_user)) {
$_SESSION['uid'] = $login_user['UID']; $session->set('uid', $login_user['UID']);
$_SESSION['locale'] = $login_user['Sprache']; $session->set('locale', $login_user['Sprache']);
redirect(page_link_to('news')); redirect(page_link_to('news'));
} }
@ -466,7 +478,10 @@ function guest_login()
heading(_('What can I do?'), 2), heading(_('What can I do?'), 2),
'<p>' . _('Please read about the jobs you can do to help us.') . '</p>', '<p>' . _('Please read about the jobs you can do to help us.') . '</p>',
buttons([ buttons([
button(page_link_to('angeltypes') . '&action=about', _('Teams/Job description') . ' &raquo;') button(
page_link_to('angeltypes', ['action' => 'about']),
_('Teams/Job description') . ' &raquo;'
)
]) ])
]) ])
]) ])
@ -474,6 +489,9 @@ function guest_login()
]); ]);
} }
/**
* @return string
*/
function get_register_hint() function get_register_hint()
{ {
global $privileges; global $privileges;

19
includes/pages/user_atom.php
Unescape Escape View File

@ -1,6 +1,7 @@
<?php <?php
use Engelsystem\Database\DB; use Engelsystem\Database\DB;
use Engelsystem\Http\Request;
/** /**
* Publically available page to feed the news to feed readers * Publically available page to feed the news to feed readers
@ -44,14 +45,15 @@ function user_atom()
*/ */
function make_atom_entries_from_news($news_entries) function make_atom_entries_from_news($news_entries)
{ {
$request = Request::getInstance();
$html = '<?xml version="1.0" encoding="utf-8"?> $html = '<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom"> <feed xmlns="http://www.w3.org/2005/Atom">
<title>Engelsystem</title> <title>Engelsystem</title>
<id>' . $_SERVER['HTTP_HOST'] <id>' . $request->getHttpHost()
. htmlspecialchars(preg_replace( . htmlspecialchars(preg_replace(
'#[&?]key=[a-f\d]{32}#', '#[&?]key=[a-f\d]{32}#',
'', '',
$_SERVER['REQUEST_URI'] $request->getRequestUri()
)) ))
. '</id> . '</id>
<updated>' . date('Y-m-d\TH:i:sP', $news_entries[0]['Datum']) . '</updated>' . "\n"; <updated>' . date('Y-m-d\TH:i:sP', $news_entries[0]['Datum']) . '</updated>' . "\n";
@ -64,11 +66,12 @@ function make_atom_entries_from_news($news_entries)
function make_atom_entry_from_news($news_entry) function make_atom_entry_from_news($news_entry)
{ {
return ' <entry> return '
<entry>
<title>' . htmlspecialchars($news_entry['Betreff']) . '</title> <title>' . htmlspecialchars($news_entry['Betreff']) . '</title>
<link href="' . page_link_to_absolute('news_comments&amp;nid=') . $news_entry['ID'] . '"/> <link href="' . page_link_to('news_comments', ['nid' => $news_entry['ID']]) . '"/>
<id>' . preg_replace('#^https?://#', '', page_link_to_absolute('news')) . '-' . $news_entry['ID'] . '</id> <id>' . preg_replace('#^https?://#', '', page_link_to('news_comments', ['nid' => $news_entry['ID']])) . '</id>
<updated>' . date('Y-m-d\TH:i:sP', $news_entry['Datum']) . '</updated> <updated>' . date('Y-m-d\TH:i:sP', $news_entry['Datum']) . '</updated>
<summary type="html">' . htmlspecialchars($news_entry['Text']) . '</summary> <summary>' . htmlspecialchars($news_entry['Text']) . '</summary>
</entry>' . "\n"; </entry>' . "\n";
} }

6
includes/pages/user_messages.php
Unescape Escape View File

@ -92,14 +92,14 @@ function user_messages()
if ($message['RUID'] == $user['UID']) { if ($message['RUID'] == $user['UID']) {
if ($message['isRead'] == 'N') { if ($message['isRead'] == 'N') {
$messages_table_entry['actions'] = button( $messages_table_entry['actions'] = button(
page_link_to('user_messages') . '&action=read&id=' . $message['id'], page_link_to('user_messages', ['action' => 'read', 'id' => $message['id']]),
_('mark as read'), _('mark as read'),
'btn-xs' 'btn-xs'
); );
} }
} else { } else {
$messages_table_entry['actions'] = button( $messages_table_entry['actions'] = button(
page_link_to('user_messages') . '&action=delete&id=' . $message['id'], page_link_to('user_messages', ['action' => 'delete', 'id' => $message['id']]),
_('delete message'), _('delete message'),
'btn-xs' 'btn-xs'
); );
@ -119,7 +119,7 @@ function user_messages()
'text' => _('Message'), 'text' => _('Message'),
'actions' => '' 'actions' => ''
], $messages_table) ], $messages_table)
], page_link_to('user_messages') . '&action=send') ], page_link_to('user_messages', ['action' => 'send']))
]); ]);
} else { } else {
switch ($request->input('action')) { switch ($request->input('action')) {

12
includes/pages/user_myshifts.php
Unescape Escape View File

@ -37,16 +37,16 @@ function user_myshifts()
if ($request->input('reset') == 'ack') { if ($request->input('reset') == 'ack') {
User_reset_api_key($user); User_reset_api_key($user);
success(_('Key changed.')); success(_('Key changed.'));
redirect(page_link_to('users') . '&action=view&user_id=' . $shifts_user['UID']); redirect(page_link_to('users', ['action' => 'view', 'user_id' => $shifts_user['UID']]));
} }
return page_with_title(_('Reset API key'), [ return page_with_title(_('Reset API key'), [
error( error(
_('If you reset the key, the url to your iCal- and JSON-export and your atom feed changes! You have to update it in every application using one of these exports.'), _('If you reset the key, the url to your iCal- and JSON-export and your atom feed changes! You have to update it in every application using one of these exports.'),
true true
), ),
button(page_link_to('user_myshifts') . '&reset=ack', _('Continue'), 'btn-danger') button(page_link_to('user_myshifts', ['reset' => 'ack']), _('Continue'), 'btn-danger')
]); ]);
} elseif ($request->has('edit') && preg_match('/^\d*$/', $request->input('edit'))) { } elseif ($request->has('edit') && preg_match('/^\d+$/', $request->input('edit'))) {
$user_id = $request->input('edit'); $user_id = $request->input('edit');
$shift = DB::selectOne(' $shift = DB::selectOne('
SELECT SELECT
@ -106,7 +106,7 @@ function user_myshifts()
. '. Freeloaded: ' . ($freeloaded ? 'YES Comment: ' . $freeload_comment : 'NO') . '. Freeloaded: ' . ($freeloaded ? 'YES Comment: ' . $freeload_comment : 'NO')
); );
success(_('Shift saved.')); success(_('Shift saved.'));
redirect(page_link_to('users') . '&action=view&user_id=' . $shifts_user['UID']); redirect(page_link_to('users', ['action' => 'view', 'user_id' => $shifts_user['UID']]));
} }
} }
@ -124,7 +124,7 @@ function user_myshifts()
} else { } else {
redirect(page_link_to('user_myshifts')); redirect(page_link_to('user_myshifts'));
} }
} elseif ($request->has('cancel') && preg_match('/^\d*$/', $request->input('cancel'))) { } elseif ($request->has('cancel') && preg_match('/^\d+$/', $request->input('cancel'))) {
$user_id = $request->input('cancel'); $user_id = $request->input('cancel');
$shift = DB::selectOne(' $shift = DB::selectOne('
SELECT * SELECT *
@ -164,6 +164,6 @@ function user_myshifts()
} }
} }
redirect(page_link_to('users') . '&action=view&user_id=' . $shifts_user['UID']); redirect(page_link_to('users', ['action' => 'view', 'user_id' => $shifts_user['UID']]));
return ''; return '';
} }

40
includes/pages/user_news.php
Unescape Escape View File

@ -35,8 +35,8 @@ function user_meetings()
$html = '<div class="col-md-12"><h1>' . meetings_title() . '</h1>' . msg(); $html = '<div class="col-md-12"><h1>' . meetings_title() . '</h1>' . msg();
$request = request(); $request = request();
if ($request->has('page') && preg_match('/^\d{1,}$/', $request->input('page'))) { if (preg_match('/^\d{1,}$/', $request->input('page', 0))) {
$page = $request->input('page'); $page = $request->input('page', 0);
} else { } else {
$page = 0; $page = 0;
} }
@ -57,14 +57,14 @@ function user_meetings()
$dis_rows = ceil(count(DB::select('SELECT `ID` FROM `News`')) / $display_news); $dis_rows = ceil(count(DB::select('SELECT `ID` FROM `News`')) / $display_news);
$html .= '<div class="text-center">' . '<ul class="pagination">'; $html .= '<div class="text-center">' . '<ul class="pagination">';
for ($i = 0; $i < $dis_rows; $i++) { for ($i = 0; $i < $dis_rows; $i++) {
if ($request->has('page') && $i == $request->input('page')) { if ($request->has('page') && $i == $request->input('page', 0)) {
$html .= '<li class="active">'; $html .= '<li class="active">';
} elseif (!$request->has('page') && $i == 0) { } elseif (!$request->has('page') && $i == 0) {
$html .= '<li class="active">'; $html .= '<li class="active">';
} else { } else {
$html .= '<li>'; $html .= '<li>';
} }
$html .= '<a href="' . page_link_to('user_meetings') . '&page=' . $i . '">' . ($i + 1) . '</a></li>'; $html .= '<a href="' . page_link_to('user_meetings', ['page' => $i]) . '">' . ($i + 1) . '</a></li>';
} }
$html .= '</ul></div></div>'; $html .= '</ul></div></div>';
@ -89,7 +89,7 @@ function display_news($news)
$html .= '<div class="panel-footer text-muted">'; $html .= '<div class="panel-footer text-muted">';
if (in_array('admin_news', $privileges)) { if (in_array('admin_news', $privileges)) {
$html .= '<div class="pull-right">' $html .= '<div class="pull-right">'
. button_glyph(page_link_to('admin_news') . '&action=edit&id=' . $news['ID'], 'edit', 'btn-xs') . button_glyph(page_link_to('admin_news', ['action' => 'edit', 'id' => $news['ID']]), 'edit', 'btn-xs')
. '</div>'; . '</div>';
} }
$html .= '<span class="glyphicon glyphicon-time"></span> ' . date('Y-m-d H:i', $news['Datum']) . '&emsp;'; $html .= '<span class="glyphicon glyphicon-time"></span> ' . date('Y-m-d H:i', $news['Datum']) . '&emsp;';
@ -98,7 +98,7 @@ function display_news($news)
$html .= User_Nick_render($user_source); $html .= User_Nick_render($user_source);
if ($page != 'news_comments') { if ($page != 'news_comments') {
$html .= '&emsp;<a href="' . page_link_to('news_comments') . '&nid=' . $news['ID'] . '">' $html .= '&emsp;<a href="' . page_link_to('news_comments', ['nid' => $news['ID']]) . '">'
. '<span class="glyphicon glyphicon-comment"></span> ' . '<span class="glyphicon glyphicon-comment"></span> '
. _('Comments') . ' &raquo;</a> ' . _('Comments') . ' &raquo;</a> '
. '<span class="badge">' . '<span class="badge">'
@ -154,7 +154,7 @@ function user_news_comments()
$user_source = User($comment['UID']); $user_source = User($comment['UID']);
$html .= '<div class="panel panel-default">'; $html .= '<div class="panel panel-default">';
$html .= '<div class="panel-body">' . nl2br($comment['Text']) . '</div>'; $html .= '<div class="panel-body">' . nl2br(htmlspecialchars($comment['Text'])) . '</div>';
$html .= '<div class="panel-footer text-muted">'; $html .= '<div class="panel-footer text-muted">';
$html .= '<span class="glyphicon glyphicon-time"></span> ' . $comment['Datum'] . '&emsp;'; $html .= '<span class="glyphicon glyphicon-time"></span> ' . $comment['Datum'] . '&emsp;';
$html .= User_Nick_render($user_source); $html .= User_Nick_render($user_source);
@ -166,7 +166,7 @@ function user_news_comments()
$html .= form([ $html .= form([
form_textarea('text', _('Message'), ''), form_textarea('text', _('Message'), ''),
form_submit('submit', _('Save')) form_submit('submit', _('Save'))
], page_link_to('news_comments') . '&nid=' . $news['ID']); ], page_link_to('news_comments', ['nid' => $news['ID']]));
} else { } else {
$html .= _('Invalid request.'); $html .= _('Invalid request.');
} }
@ -185,30 +185,36 @@ function user_news()
$html = '<div class="col-md-12"><h1>' . news_title() . '</h1>' . msg(); $html = '<div class="col-md-12"><h1>' . news_title() . '</h1>' . msg();
$isMeeting = $request->post('treffen'); $isMeeting = $request->postData('treffen');
if ($request->has('text') && $request->has('betreff') && in_array('admin_news', $privileges)) { if ($request->has('text') && $request->has('betreff') && in_array('admin_news', $privileges)) {
if (!$request->has('treffen') || !in_array('admin_news', $privileges)) { if (!$request->has('treffen')) {
$isMeeting = 0; $isMeeting = 0;
} }
$text = $request->postData('text');
if (!in_array('admin_news_html', $privileges)) {
$text = strip_tags($text);
}
DB::insert(' DB::insert('
INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`)
VALUES (?, ?, ?, ?, ?) VALUES (?, ?, ?, ?, ?)
', ',
[ [
time(), time(),
$request->post('betreff'), strip_tags($request->postData('betreff')),
$request->post('text'), $text,
$user['UID'], $user['UID'],
$isMeeting, $isMeeting,
] ]
); );
engelsystem_log('Created news: ' . $_POST['betreff'] . ', treffen: ' . $isMeeting); engelsystem_log('Created news: ' . $request->postData('betreff') . ', treffen: ' . $isMeeting);
success(_('Entry saved.')); success(_('Entry saved.'));
redirect(page_link_to('news')); redirect(page_link_to('news'));
} }
if ($request->has('page') && preg_match('/^\d{1,}$/', $request->input('page'))) { if (preg_match('/^\d{1,}$/', $request->input('page', 0))) {
$page = $request->input('page'); $page = $request->input('page', 0);
} else { } else {
$page = 0; $page = 0;
} }
@ -229,14 +235,14 @@ function user_news()
$dis_rows = ceil(count(DB::select('SELECT `ID` FROM `News`')) / $display_news); $dis_rows = ceil(count(DB::select('SELECT `ID` FROM `News`')) / $display_news);
$html .= '<div class="text-center">' . '<ul class="pagination">'; $html .= '<div class="text-center">' . '<ul class="pagination">';
for ($i = 0; $i < $dis_rows; $i++) { for ($i = 0; $i < $dis_rows; $i++) {
if ($request->has('page') && $i == $request->input('page')) { if ($request->has('page') && $i == $request->input('page', 0)) {
$html .= '<li class="active">'; $html .= '<li class="active">';
} elseif (!$request->has('page') && $i == 0) { } elseif (!$request->has('page') && $i == 0) {
$html .= '<li class="active">'; $html .= '<li class="active">';
} else { } else {
$html .= '<li>'; $html .= '<li>';
} }
$html .= '<a href="' . page_link_to('news') . '&page=' . $i . '">' . ($i + 1) . '</a></li>'; $html .= '<a href="' . page_link_to('news', ['page' => $i]) . '">' . ($i + 1) . '</a></li>';
} }
$html .= '</ul></div>'; $html .= '</ul></div>';

6
includes/pages/user_questions.php
Unescape Escape View File

@ -33,7 +33,11 @@ function user_questions()
$question['answer_user'] = User_Nick_render($answer_user_source); $question['answer_user'] = User_Nick_render($answer_user_source);
} }
return Questions_view($open_questions, $answered_questions, page_link_to('user_questions') . '&action=ask'); return Questions_view(
$open_questions,
$answered_questions,
page_link_to('user_questions', ['action' => 'ask'])
);
} else { } else {
switch ($request->input('action')) { switch ($request->input('action')) {
case 'ask': case 'ask':

13
includes/pages/user_settings.php
Unescape Escape View File

@ -84,7 +84,7 @@ function user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes)
if ($valid) { if ($valid) {
User_update($user_source); User_update($user_source);
success(_('Settings saved.')); success(_('Settings saved.'));
redirect(page_link_to('user_settings')); redirect(page_link_to('user_settings'));
} }
@ -102,15 +102,15 @@ function user_settings_password($user_source)
$request = request(); $request = request();
if ( if (
!$request->has('password') !$request->has('password')
|| !verify_password($request->post('password'), $user_source['Passwort'], $user_source['UID']) || !verify_password($request->postData('password'), $user_source['Passwort'], $user_source['UID'])
) { ) {
error(_('-> not OK. Please try again.')); error(_('-> not OK. Please try again.'));
} elseif (strlen($request->post('new_password')) < config('min_password_length')) { } elseif (strlen($request->postData('new_password')) < config('min_password_length')) {
error(_('Your password is to short (please use at least 6 characters).')); error(_('Your password is to short (please use at least 6 characters).'));
} elseif ($request->post('new_password') != $request->post('new_password2')) { } elseif ($request->postData('new_password') != $request->postData('new_password2')) {
error(_('Your passwords don\'t match.')); error(_('Your passwords don\'t match.'));
} else { } else {
set_password($user_source['UID'], $request->post('new_password')); set_password($user_source['UID'], $request->postData('new_password'));
success(_('Password saved.')); success(_('Password saved.'));
} }
redirect(page_link_to('user_settings')); redirect(page_link_to('user_settings'));
@ -164,6 +164,7 @@ function user_settings_locale($user_source, $locales)
{ {
$valid = true; $valid = true;
$request = request(); $request = request();
$session = session();
if ($request->has('language') && isset($locales[$request->input('language')])) { if ($request->has('language') && isset($locales[$request->input('language')])) {
$user_source['Sprache'] = $request->input('language'); $user_source['Sprache'] = $request->input('language');
@ -182,7 +183,7 @@ function user_settings_locale($user_source, $locales)
$user_source['UID'], $user_source['UID'],
] ]
); );
$_SESSION['locale'] = $user_source['Sprache']; $session->set('locale', $user_source['Sprache']);
success('Language changed.'); success('Language changed.');
redirect(page_link_to('user_settings')); redirect(page_link_to('user_settings'));

25
includes/pages/user_shifts.php
Unescape Escape View File

@ -167,20 +167,23 @@ function view_user_shifts()
{ {
global $user, $privileges, $ical_shifts; global $user, $privileges, $ical_shifts;
$session = session();
$ical_shifts = []; $ical_shifts = [];
$days = load_days(); $days = load_days();
$rooms = load_rooms(); $rooms = load_rooms();
$types = load_types(); $types = load_types();
if (!isset($_SESSION['ShiftsFilter'])) { if (!$session->has('ShiftsFilter')) {
$room_ids = [ $room_ids = [
$rooms[0]['id'] $rooms[0]['id']
]; ];
$type_ids = array_map('get_ids_from_array', $types); $type_ids = array_map('get_ids_from_array', $types);
$_SESSION['ShiftsFilter'] = new ShiftsFilter(in_array('user_shifts_admin', $privileges), $room_ids, $type_ids); $shiftsFilter = new ShiftsFilter(in_array('user_shifts_admin', $privileges), $room_ids, $type_ids);
$session->set('ShiftsFilter', $shiftsFilter);
} }
update_ShiftsFilter($_SESSION['ShiftsFilter'], in_array('user_shifts_admin', $privileges), $days);
$shiftsFilter = $_SESSION['ShiftsFilter']; $shiftsFilter = $session->get('ShiftsFilter');
update_ShiftsFilter($shiftsFilter, in_array('user_shifts_admin', $privileges), $days);
$shiftCalendarRenderer = shiftCalendarRendererByShiftFilter($shiftsFilter); $shiftCalendarRenderer = shiftCalendarRendererByShiftFilter($shiftsFilter);
@ -203,6 +206,11 @@ function view_user_shifts()
$end_day = date('Y-m-d', $shiftsFilter->getEndTime()); $end_day = date('Y-m-d', $shiftsFilter->getEndTime());
$end_time = date('H:i', $shiftsFilter->getEndTime()); $end_time = date('H:i', $shiftsFilter->getEndTime());
$assignNotice = '';
if (config('signup_requires_arrival') && !$user['Gekommen']) {
$assignNotice = info(render_user_arrived_hint(), true);
}
return page([ return page([
div('col-md-12', [ div('col-md-12', [
msg(), msg(),
@ -223,15 +231,16 @@ function view_user_shifts()
'task_notice' => 'task_notice' =>
'<sup>1</sup>' '<sup>1</sup>'
. _('The tasks shown here are influenced by the angeltypes you joined already!') . _('The tasks shown here are influenced by the angeltypes you joined already!')
. ' <a href="' . page_link_to('angeltypes') . '&action=about' . '">' . ' <a href="' . page_link_to('angeltypes', ['action' => 'about']) . '">'
. _('Description of the jobs.') . _('Description of the jobs.')
. '</a>', . '</a>',
'assign_notice' => $assignNotice,
'shifts_table' => msg() . $shiftCalendarRenderer->render(), 'shifts_table' => msg() . $shiftCalendarRenderer->render(),
'ical_text' => '<h2>' . _('iCal export') . '</h2><p>' . sprintf( 'ical_text' => '<h2>' . _('iCal export') . '</h2><p>' . sprintf(
_('Export of shown shifts. <a href="%s">iCal format</a> or <a href="%s">JSON format</a> available (please keep secret, otherwise <a href="%s">reset the api key</a>).'), _('Export of shown shifts. <a href="%s">iCal format</a> or <a href="%s">JSON format</a> available (please keep secret, otherwise <a href="%s">reset the api key</a>).'),
page_link_to_absolute('ical') . '&key=' . $user['api_key'], page_link_to('ical', ['key' => $user['api_key']]),
page_link_to_absolute('shifts_json_export') . '&key=' . $user['api_key'], page_link_to('shifts_json_export', ['key' => $user['api_key']]),
page_link_to('user_myshifts') . '&reset' page_link_to('user_myshifts', ['reset' => 1])
) . '</p>', ) . '</p>',
'filter' => _('Filter') 'filter' => _('Filter')
]) ])

13
includes/sys_auth.php
Unescape Escape View File

@ -10,8 +10,10 @@ function load_auth()
global $user, $privileges; global $user, $privileges;
$user = null; $user = null;
if (isset($_SESSION['uid'])) { $session = session();
$user = DB::selectOne('SELECT * FROM `User` WHERE `UID`=? LIMIT 1', [$_SESSION['uid']]);
if ($session->has('uid')) {
$user = DB::selectOne('SELECT * FROM `User` WHERE `UID`=? LIMIT 1', [$session->get('uid')]);
if (!empty($user)) { if (!empty($user)) {
// User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten // User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten
DB::update(' DB::update('
@ -21,16 +23,17 @@ function load_auth()
LIMIT 1 LIMIT 1
', [ ', [
time(), time(),
$_SESSION['uid'], $session->get('uid'),
]); ]);
$privileges = privileges_for_user($user['UID']); $privileges = privileges_for_user($user['UID']);
return; return;
} }
unset($_SESSION['uid']);
$session->remove('uid');
} }
// guest privileges // guest privileges
$privileges = privileges_for_group(-1); $privileges = privileges_for_group(-10);
} }
/** /**

24
includes/sys_form.php
Unescape Escape View File

@ -10,7 +10,7 @@
*/ */
function form_hidden($name, $value) function form_hidden($name, $value)
{ {
return '<input type="hidden" name="' . $name . '" value="' . $value . '" />'; return '<input type="hidden" name="' . $name . '" value="' . htmlspecialchars($value) . '" />';
} }
/** /**
@ -25,7 +25,7 @@ function form_spinner($name, $label, $value)
{ {
return form_element($label, ' return form_element($label, '
<div class="input-group"> <div class="input-group">
<input id="spinner-' . $name . '" class="form-control" type="text" name="' . $name . '" value="' . $value . '" /> <input id="spinner-' . $name . '" class="form-control" name="' . $name . '" value="' . htmlspecialchars($value) . '" />
<div class="input-group-btn"> <div class="input-group-btn">
<button id="spinner-' . $name . '-down" class="btn btn-default" type="button"> <button id="spinner-' . $name . '-down" class="btn btn-default" type="button">
<span class="glyphicon glyphicon-minus"></span> <span class="glyphicon glyphicon-minus"></span>
@ -66,7 +66,8 @@ function form_date($name, $label, $value, $start_date = '', $end_date = '')
$end_date = is_numeric($end_date) ? date('Y-m-d', $end_date) : ''; $end_date = is_numeric($end_date) ? date('Y-m-d', $end_date) : '';
return form_element($label, ' return form_element($label, '
<div class="input-group date" id="' . $dom_id . '"> <div class="input-group date" id="' . $dom_id . '">
<input type="text" name="' . $name . '" class="form-control" value="' . $value . '"><span class="input-group-addon">' . glyph('th') . '</span> <input name="' . $name . '" class="form-control" value="' . htmlspecialchars($value) . '">'
. '<span class="input-group-addon">' . glyph('th') . '</span>
</div> </div>
<script type="text/javascript"> <script type="text/javascript">
$(function(){ $(function(){
@ -144,12 +145,17 @@ function form_multi_checkboxes($names, $label, $items, $selected, $disabled = []
* @param string $label * @param string $label
* @param string $selected * @param string $selected
* @param string $value * @param string $value
* @param string $id
* @return string * @return string
*/ */
function form_checkbox($name, $label, $selected, $value = 'checked') function form_checkbox($name, $label, $selected, $value = 'checked', $id = null)
{ {
if (is_null($id)) {
$id = $name;
}
return '<div class="checkbox"><label>' return '<div class="checkbox"><label>'
. '<input type="checkbox" id="' . $name . '" name="' . $name . '" value="' . $value . '" ' . '<input type="checkbox" id="' . $id . '" name="' . $name . '" value="' . htmlspecialchars($value) . '" '
. ($selected ? ' checked="checked"' : '') . ' /> ' . ($selected ? ' checked="checked"' : '') . ' /> '
. $label . $label
. '</label></div>'; . '</label></div>';
@ -167,7 +173,7 @@ function form_checkbox($name, $label, $selected, $value = 'checked')
function form_radio($name, $label, $selected, $value) function form_radio($name, $label, $selected, $value)
{ {
return '<div class="radio">' return '<div class="radio">'
. '<label><input type="radio" id="' . $name . '" name="' . $name . '" value="' . $value . '" ' . '<label><input type="radio" id="' . $name . '" name="' . $name . '" value="' . htmlspecialchars($value) . '" '
. ($selected ? ' checked="checked"' : '') . ' /> ' . ($selected ? ' checked="checked"' : '') . ' /> '
. $label . $label
. '</label></div>'; . '</label></div>';
@ -328,8 +334,8 @@ function form_textarea($name, $label, $value, $disabled = false)
$disabled = $disabled ? ' disabled="disabled"' : ''; $disabled = $disabled ? ' disabled="disabled"' : '';
return form_element( return form_element(
$label, $label,
'<textarea rows="5" class="form-control" id="form_' . $name . '" type="text" name="' '<textarea rows="5" class="form-control" id="form_' . $name . '" name="'
. $name . '" ' . $disabled . '>' . $value . '</textarea>', . $name . '" ' . $disabled . '>' . htmlspecialchars($value) . '</textarea>',
'form_' . $name 'form_' . $name
); );
} }
@ -374,7 +380,7 @@ function form_element($label, $input, $for = '')
*/ */
function form($elements, $action = '') function form($elements, $action = '')
{ {
return '<form role="form" action="' . $action . '" enctype="multipart/form-data" method="post">' . join($elements) . '</form>'; return '<form action="' . $action . '" enctype="multipart/form-data" method="post">' . join($elements) . '</form>';
} }
/** /**

26
includes/sys_menu.php
Unescape Escape View File

@ -1,28 +1,16 @@
<?php <?php
use Engelsystem\UserHintsRenderer;
/** use Engelsystem\UserHintsRenderer;
* @param string $page
* @return string
*/
function page_link_to($page = '')
{
if ($page == '') {
return '?';
}
return '?p=' . $page;
}
/** /**
* @param string $page * @param string $page
* @param array $parameters get parameters
* @return string * @return string
*/ */
function page_link_to_absolute($page) function page_link_to($page = '', $parameters = [])
{ {
return (isset($_SERVER['HTTPS']) ? 'https' : 'http') . '://' $page = str_replace('_', '-', $page);
. $_SERVER['HTTP_HOST'] return url($page, $parameters);
. preg_replace("/\?.*$/", '', $_SERVER['REQUEST_URI'])
. page_link_to($page);
} }
/** /**
@ -65,7 +53,7 @@ function header_toolbar()
if (isset($user)) { if (isset($user)) {
$toolbar_items[] = toolbar_item_link( $toolbar_items[] = toolbar_item_link(
page_link_to('shifts') . '&amp;action=next', page_link_to('shifts', ['action' => 'next']),
'time', 'time',
User_shift_state_render($user) User_shift_state_render($user)
); );
@ -86,7 +74,7 @@ function header_toolbar()
$toolbar_items[] = header_render_hints(); $toolbar_items[] = header_render_hints();
if (in_array('user_myshifts', $privileges)) { if (in_array('user_myshifts', $privileges)) {
$toolbar_items[] = toolbar_item_link( $toolbar_items[] = toolbar_item_link(
page_link_to('users') . '&amp;action=view', page_link_to('users', ['action' => 'view']),
' icon-icon_angel', ' icon-icon_angel',
$user['Nick'], $user['Nick'],
$page == 'users' $page == 'users'

16
includes/sys_page.php
Unescape Escape View File

@ -1,4 +1,5 @@
<?php <?php
use Engelsystem\ValidationResult; use Engelsystem\ValidationResult;
/** /**
@ -168,11 +169,12 @@ function strip_request_item($name, $default_value = null)
*/ */
function test_request_int($name) function test_request_int($name)
{ {
$request = request(); $input = request()->input($name);
if ($request->has($name)) { if (is_null($input)) {
return preg_match('/^\d*$/', $request->input($name)); return false;
} }
return false;
return preg_match('/^\d+$/', $input);
} }
/** /**
@ -186,7 +188,11 @@ function strip_request_item_nl($name, $default_value = null)
{ {
$request = request(); $request = request();
if ($request->has($name)) { if ($request->has($name)) {
return preg_replace("/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+\n]{1,})/ui", '', strip_tags($request->input($name))); return preg_replace(
"/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+\n]{1,})/ui",
'',
strip_tags($request->input($name))
);
} }
return $default_value; return $default_value;
} }

71
includes/view/AngelTypes_view.php
Unescape Escape View File

@ -50,7 +50,10 @@ function AngelType_delete_view($angeltype)
buttons([ buttons([
button(page_link_to('angeltypes'), _('cancel'), 'cancel'), button(page_link_to('angeltypes'), _('cancel'), 'cancel'),
button( button(
page_link_to('angeltypes') . '&action=delete&angeltype_id=' . $angeltype['id'] . '&confirmed', page_link_to(
'angeltypes',
['action' => 'delete', 'angeltype_id' => $angeltype['id'], 'confirmed' => 1]
),
_('delete'), _('delete'),
'ok' 'ok'
) )
@ -67,7 +70,6 @@ function AngelType_delete_view($angeltype)
*/ */
function AngelType_edit_view($angeltype, $supporter_mode) function AngelType_edit_view($angeltype, $supporter_mode)
{ {
$contact_info = AngelType_contact_info($angeltype);
return page_with_title(sprintf(_('Edit %s'), $angeltype['name']), [ return page_with_title(sprintf(_('Edit %s'), $angeltype['name']), [
buttons([ buttons([
button(page_link_to('angeltypes'), _('Angeltypes'), 'back') button(page_link_to('angeltypes'), _('Angeltypes'), 'back')
@ -127,7 +129,7 @@ function AngelType_view_buttons($angeltype, $user_angeltype, $admin_angeltypes,
if ($user_angeltype == null) { if ($user_angeltype == null) {
$buttons[] = button( $buttons[] = button(
page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'], page_link_to('user_angeltypes', ['action' => 'add', 'angeltype_id' => $angeltype['id']]),
_('join'), _('join'),
'add' 'add'
); );
@ -142,20 +144,22 @@ function AngelType_view_buttons($angeltype, $user_angeltype, $admin_angeltypes,
$angeltype['name'] $angeltype['name']
)); ));
} }
$buttons[] = button(page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $user_angeltype['id'], $buttons[] = button(
_('leave'), 'cancel'); page_link_to('user_angeltypes', ['action' => 'delete', 'user_angeltype_id' => $user_angeltype['id']]),
_('leave'), 'cancel'
);
} }
if ($admin_angeltypes || $supporter) { if ($admin_angeltypes || $supporter) {
$buttons[] = button( $buttons[] = button(
page_link_to('angeltypes') . '&action=edit&angeltype_id=' . $angeltype['id'], page_link_to('angeltypes', ['action' => 'edit', 'angeltype_id' => $angeltype['id']]),
_('edit'), _('edit'),
'edit' 'edit'
); );
} }
if ($admin_angeltypes) { if ($admin_angeltypes) {
$buttons[] = button( $buttons[] = button(
page_link_to('angeltypes') . '&action=delete&angeltype_id=' . $angeltype['id'], page_link_to('angeltypes', ['action' => 'delete', 'angeltype_id' => $angeltype['id']]),
_('delete'), _('delete'),
'delete' 'delete'
); );
@ -193,12 +197,18 @@ function AngelType_view_members($angeltype, $members, $admin_user_angeltypes, $a
if ($angeltype['restricted'] && $member['confirm_user_id'] == null) { if ($angeltype['restricted'] && $member['confirm_user_id'] == null) {
$member['actions'] = table_buttons([ $member['actions'] = table_buttons([
button( button(
page_link_to('user_angeltypes') . '&action=confirm&user_angeltype_id=' . $member['user_angeltype_id'], page_link_to(
'user_angeltypes',
['action' => 'confirm', 'user_angeltype_id' => $member['user_angeltype_id']]
),
_('confirm'), _('confirm'),
'btn-xs' 'btn-xs'
), ),
button( button(
page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $member['user_angeltype_id'], page_link_to(
'user_angeltypes',
['action' => 'delete', 'user_angeltype_id' => $member['user_angeltype_id']]
),
_('deny'), _('deny'),
'btn-xs' 'btn-xs'
) )
@ -208,7 +218,11 @@ function AngelType_view_members($angeltype, $members, $admin_user_angeltypes, $a
if ($admin_angeltypes) { if ($admin_angeltypes) {
$member['actions'] = table_buttons([ $member['actions'] = table_buttons([
button( button(
page_link_to('user_angeltypes') . '&action=update&user_angeltype_id=' . $member['user_angeltype_id'] . '&supporter=0', page_link_to('user_angeltypes', [
'action' => 'update',
'user_angeltype_id' => $member['user_angeltype_id'],
'supporter' => 0
]),
_('Remove supporter rights'), _('Remove supporter rights'),
'btn-xs' 'btn-xs'
) )
@ -221,11 +235,18 @@ function AngelType_view_members($angeltype, $members, $admin_user_angeltypes, $a
if ($admin_user_angeltypes) { if ($admin_user_angeltypes) {
$member['actions'] = table_buttons([ $member['actions'] = table_buttons([
$admin_angeltypes $admin_angeltypes
? button(page_link_to('user_angeltypes') . '&action=update&user_angeltype_id=' . $member['user_angeltype_id'] . '&supporter=1', ? button(page_link_to('user_angeltypes', [
'action' => 'update',
'user_angeltype_id' => $member['user_angeltype_id'],
'supporter' => 1
]),
_('Add supporter rights'), 'btn-xs') _('Add supporter rights'), 'btn-xs')
: '', : '',
button( button(
page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $member['user_angeltype_id'], page_link_to('user_angeltypes', [
'action' => 'delete',
'user_angeltype_id' => $member['user_angeltype_id']
]),
_('remove'), _('remove'),
'btn-xs' 'btn-xs'
) )
@ -339,7 +360,14 @@ function AngelType_view(
$page[] = '<h3>' . _('Members') . '</h3>'; $page[] = '<h3>' . _('Members') . '</h3>';
if ($admin_user_angeltypes) { if ($admin_user_angeltypes) {
$page[] = buttons([ $page[] = buttons([
button(page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'], _('Add'), 'add') button(
page_link_to(
'user_angeltypes',
['action' => 'add', 'angeltype_id' => $angeltype['id']]
),
_('Add'),
'add'
)
]); ]);
} }
$page[] = table($table_headers, $members_confirmed); $page[] = table($table_headers, $members_confirmed);
@ -348,12 +376,12 @@ function AngelType_view(
$page[] = '<h3>' . _('Unconfirmed') . '</h3>'; $page[] = '<h3>' . _('Unconfirmed') . '</h3>';
$page[] = buttons([ $page[] = buttons([
button( button(
page_link_to('user_angeltypes') . '&action=confirm_all&angeltype_id=' . $angeltype['id'], page_link_to('user_angeltypes', ['action' => 'confirm_all', 'angeltype_id' => $angeltype['id']]),
_('confirm all'), _('confirm all'),
'ok' 'ok'
), ),
button( button(
page_link_to('user_angeltypes') . '&action=delete_all&angeltype_id=' . $angeltype['id'], page_link_to('user_angeltypes', ['action' => 'delete_all', 'angeltype_id' => $angeltype['id']]),
_('deny all'), _('deny all'),
'cancel' 'cancel'
) )
@ -376,8 +404,10 @@ function AngelTypes_list_view($angeltypes, $admin_angeltypes)
return page_with_title(angeltypes_title(), [ return page_with_title(angeltypes_title(), [
msg(), msg(),
buttons([ buttons([
$admin_angeltypes ? button(page_link_to('angeltypes') . '&action=edit', _('New angeltype'), 'add') : '', $admin_angeltypes
button(page_link_to('angeltypes') . '&action=about', _('Teams/Job description')) ? button(page_link_to('angeltypes', ['action' => 'edit']), _('New angeltype'), 'add')
: '',
button(page_link_to('angeltypes', ['action' => 'about']), _('Teams/Job description'))
]), ]),
table([ table([
'name' => _('Name'), 'name' => _('Name'),
@ -405,13 +435,16 @@ function AngelTypes_about_view_angeltype($angeltype)
$buttons = []; $buttons = [];
if ($angeltype['user_angeltype_id'] != null) { if ($angeltype['user_angeltype_id'] != null) {
$buttons[] = button( $buttons[] = button(
page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $angeltype['user_angeltype_id'], page_link_to(
'user_angeltypes',
['action' => 'delete', 'user_angeltype_id' => $angeltype['user_angeltype_id']]
),
_('leave'), _('leave'),
'cancel' 'cancel'
); );
} else { } else {
$buttons[] = button( $buttons[] = button(
page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'], page_link_to('user_angeltypes', ['action' => 'add', 'angeltype_id' => $angeltype['id']]),
_('join'), _('join'),
'add' 'add'
); );

12
includes/view/Questions_view.php
Unescape Escape View File

@ -9,14 +9,22 @@
function Questions_view($open_questions, $answered_questions, $ask_action) function Questions_view($open_questions, $answered_questions, $ask_action)
{ {
foreach ($open_questions as &$question) { foreach ($open_questions as &$question) {
$question['actions'] = '<a href="' . page_link_to('user_questions') . '&action=delete&id=' . $question['QID'] . '">' . _('delete') . '</a>'; $question['actions'] = '<a href="'
. page_link_to('user_questions', ['action' => 'delete', 'id' => $question['QID']])
. '">'
. _('delete')
. '</a>';
$question['Question'] = str_replace("\n", '<br />', $question['Question']); $question['Question'] = str_replace("\n", '<br />', $question['Question']);
} }
foreach ($answered_questions as &$question) { foreach ($answered_questions as &$question) {
$question['Question'] = str_replace("\n", '<br />', $question['Question']); $question['Question'] = str_replace("\n", '<br />', $question['Question']);
$question['Answer'] = str_replace("\n", '<br />', $question['Answer']); $question['Answer'] = str_replace("\n", '<br />', $question['Answer']);
$question['actions'] = '<a href="' . page_link_to('user_questions') . '&action=delete&id=' . $question['QID'] . '">' . _('delete') . '</a>'; $question['actions'] = '<a href="'
. page_link_to('user_questions', ['action' => 'delete', 'id' => $question['QID']])
. '">'
. _('delete')
. '</a>';
} }
return page_with_title(questions_title(), [ return page_with_title(questions_title(), [

11
includes/view/Rooms_view.php
Unescape Escape View File

@ -1,4 +1,5 @@
<?php <?php
use Engelsystem\ShiftCalendarRenderer; use Engelsystem\ShiftCalendarRenderer;
use Engelsystem\ShiftsFilterRenderer; use Engelsystem\ShiftsFilterRenderer;
@ -10,8 +11,16 @@ use Engelsystem\ShiftsFilterRenderer;
*/ */
function Room_view($room, ShiftsFilterRenderer $shiftsFilterRenderer, ShiftCalendarRenderer $shiftCalendarRenderer) function Room_view($room, ShiftsFilterRenderer $shiftsFilterRenderer, ShiftCalendarRenderer $shiftCalendarRenderer)
{ {
global $user;
$assignNotice = '';
if (config('signup_requires_arrival') && !$user['Gekommen']) {
$assignNotice = info(render_user_arrived_hint(), true);
}
return page_with_title(glyph('map-marker') . $room['Name'], [ return page_with_title(glyph('map-marker') . $room['Name'], [
$shiftsFilterRenderer->render(room_link($room)), $shiftsFilterRenderer->render($room),
$assignNotice,
$shiftCalendarRenderer->render() $shiftCalendarRenderer->render()
]); ]);
} }

76
includes/view/ShiftCalendarRenderer.php
Unescape Escape View File

@ -1,11 +1,9 @@
<?php <?php
namespace Engelsystem;
use Exception; namespace Engelsystem;
class ShiftCalendarRenderer class ShiftCalendarRenderer
{ {
/** /**
* 15m * 60s/m = 900s * 15m * 60s/m = 900s
*/ */
@ -51,10 +49,10 @@ class ShiftCalendarRenderer
/** /**
* ShiftCalendarRenderer constructor. * ShiftCalendarRenderer constructor.
* *
* @param array[] $shifts * @param array[] $shifts
* @param array[] $needed_angeltypes * @param array[] $needed_angeltypes
* @param array[] $shift_entries * @param array[] $shift_entries
* @param ShiftsFilter $shiftsFilter * @param ShiftsFilter $shiftsFilter
*/ */
public function __construct($shifts, $needed_angeltypes, $shift_entries, ShiftsFilter $shiftsFilter) public function __construct($shifts, $needed_angeltypes, $shift_entries, ShiftsFilter $shiftsFilter)
{ {
@ -69,23 +67,21 @@ class ShiftCalendarRenderer
/** /**
* Assigns the shifts to different lanes per room if they collide * Assigns the shifts to different lanes per room if they collide
* *
* @param array[] $shifts * @param array[] $shifts The shifts to assign
* The shifts to assign
*
* @return array Returns an array that assigns a room_id to an array of ShiftCalendarLane containing the shifts * @return array Returns an array that assigns a room_id to an array of ShiftCalendarLane containing the shifts
*/ */
private function assignShiftsToLanes($shifts) private function assignShiftsToLanes($shifts)
{ {
// array that assigns a room id to a list of lanes (per room) // array that assigns a room id to a list of lanes (per room)
$lanes = []; $lanes = [];
foreach ($shifts as $shift) { foreach ($shifts as $shift) {
$room_id = $shift['RID']; $room_id = $shift['RID'];
$header = Room_name_render([ $header = Room_name_render([
'RID' => $room_id, 'RID' => $room_id,
'Name' => $shift['room_name'] 'Name' => $shift['room_name']
]); ]);
if (! isset($lanes[$room_id])) { if (!isset($lanes[$room_id])) {
// initialize room with one lane // initialize room with one lane
$lanes[$room_id] = [ $lanes[$room_id] = [
new ShiftCalendarLane($header, $this->getFirstBlockStartTime(), $this->getBlocksPerSlot()) new ShiftCalendarLane($header, $this->getFirstBlockStartTime(), $this->getBlocksPerSlot())
@ -95,7 +91,7 @@ class ShiftCalendarRenderer
$shift_added = false; $shift_added = false;
foreach ($lanes[$room_id] as $lane) { foreach ($lanes[$room_id] as $lane) {
/** @var ShiftCalendarLane $lane */ /** @var ShiftCalendarLane $lane */
if($lane->shiftFits($shift)) { if ($lane->shiftFits($shift)) {
$lane->addShift($shift); $lane->addShift($shift);
$shift_added = true; $shift_added = true;
break; break;
@ -108,12 +104,11 @@ class ShiftCalendarRenderer
$lanes[$room_id][] = $newLane; $lanes[$room_id][] = $newLane;
} }
} }
return $lanes; return $lanes;
} }
/** /**
*
* @return int * @return int
*/ */
public function getFirstBlockStartTime() public function getFirstBlockStartTime()
@ -122,7 +117,6 @@ class ShiftCalendarRenderer
} }
/** /**
*
* @return int * @return int
*/ */
public function getLastBlockEndTime() public function getLastBlockEndTime()
@ -131,7 +125,6 @@ class ShiftCalendarRenderer
} }
/** /**
*
* @return float * @return float
*/ */
public function getBlocksPerSlot() public function getBlocksPerSlot()
@ -153,9 +146,9 @@ class ShiftCalendarRenderer
return ''; return '';
} }
return div('shift-calendar', [ return div('shift-calendar', [
$this->renderTimeLane(), $this->renderTimeLane(),
$this->renderShiftLanes() $this->renderShiftLanes()
]) . $this->renderLegend(); ]) . $this->renderLegend();
} }
/** /**
@ -171,41 +164,45 @@ class ShiftCalendarRenderer
$html .= $this->renderLane($lane); $html .= $this->renderLane($lane);
} }
} }
return $html; return $html;
} }
/** /**
* Renders a single lane * Renders a single lane
* *
* @param ShiftCalendarLane $lane * @param ShiftCalendarLane $lane The lane to render
* The lane to render
* @return string * @return string
*/ */
private function renderLane(ShiftCalendarLane $lane) private function renderLane(ShiftCalendarLane $lane)
{ {
global $user; global $user;
$shift_renderer = new ShiftCalendarShiftRenderer(); $shift_renderer = new ShiftCalendarShiftRenderer();
$html = ''; $html = '';
$rendered_until = $this->getFirstBlockStartTime(); $rendered_until = $this->getFirstBlockStartTime();
foreach ($lane->getShifts() as $shift) { foreach ($lane->getShifts() as $shift) {
while ($rendered_until + ShiftCalendarRenderer::SECONDS_PER_ROW <= $shift['start']) { while ($rendered_until + ShiftCalendarRenderer::SECONDS_PER_ROW <= $shift['start']) {
$html .= $this->renderTick($rendered_until); $html .= $this->renderTick($rendered_until);
$rendered_until += ShiftCalendarRenderer::SECONDS_PER_ROW; $rendered_until += ShiftCalendarRenderer::SECONDS_PER_ROW;
} }
list ($shift_height, $shift_html) = $shift_renderer->render($shift, $this->needed_angeltypes[$shift['SID']], $this->shift_entries[$shift['SID']], $user); list ($shift_height, $shift_html) = $shift_renderer->render(
$shift,
$this->needed_angeltypes[$shift['SID']],
$this->shift_entries[$shift['SID']],
$user
);
$html .= $shift_html; $html .= $shift_html;
$rendered_until += $shift_height * ShiftCalendarRenderer::SECONDS_PER_ROW; $rendered_until += $shift_height * ShiftCalendarRenderer::SECONDS_PER_ROW;
} }
while ($rendered_until < $this->getLastBlockEndTime()) { while ($rendered_until < $this->getLastBlockEndTime()) {
$html .= $this->renderTick($rendered_until); $html .= $this->renderTick($rendered_until);
$rendered_until += ShiftCalendarRenderer::SECONDS_PER_ROW; $rendered_until += ShiftCalendarRenderer::SECONDS_PER_ROW;
} }
return div('lane', [ return div('lane', [
div('header', $lane->getHeader()), div('header', $lane->getHeader()),
$html $html
@ -215,23 +212,21 @@ class ShiftCalendarRenderer
/** /**
* Renders a tick/block for given time * Renders a tick/block for given time
* *
* @param int $time * @param int $time unix timestamp
* unix timestamp * @param boolean $label Should time labels be generated?
* @param boolean $label
* Should time labels be generated?
* @return string rendered tick html * @return string rendered tick html
*/ */
private function renderTick($time, $label = false) private function renderTick($time, $label = false)
{ {
if ($time % (24 * 60 * 60) == 23 * 60 * 60) { if ($time % (24 * 60 * 60) == 23 * 60 * 60) {
if (! $label) { if (!$label) {
return div('tick day'); return div('tick day');
} }
return div('tick day', [ return div('tick day', [
date('m-d<b\r />H:i', $time) date('m-d<b\r />H:i', $time)
]); ]);
} elseif ($time % (60 * 60) == 0) { } elseif ($time % (60 * 60) == 0) {
if (! $label) { if (!$label) {
return div('tick hour'); return div('tick hour');
} }
return div('tick hour', [ return div('tick hour', [
@ -253,7 +248,7 @@ class ShiftCalendarRenderer
_('Time') _('Time')
]) ])
]; ];
for ($block = 0; $block < $this->getBlocksPerSlot(); $block ++) { for ($block = 0; $block < $this->getBlocksPerSlot(); $block++) {
$thistime = $this->getFirstBlockStartTime() + ($block * ShiftCalendarRenderer::SECONDS_PER_ROW); $thistime = $this->getFirstBlockStartTime() + ($block * ShiftCalendarRenderer::SECONDS_PER_ROW);
$time_slot[] = $this->renderTick($thistime, true); $time_slot[] = $this->renderTick($thistime, true);
} }
@ -261,8 +256,7 @@ class ShiftCalendarRenderer
} }
/** /**
* * @param array[] $shifts
* @param array[] $shifts
* @return int * @return int
*/ */
private function calcFirstBlockStartTime($shifts) private function calcFirstBlockStartTime($shifts)
@ -277,8 +271,7 @@ class ShiftCalendarRenderer
} }
/** /**
* * @param array[] $shifts
* @param array[] $shifts
* @return int * @return int
*/ */
private function calcLastBlockEndTime($shifts) private function calcLastBlockEndTime($shifts)
@ -293,7 +286,6 @@ class ShiftCalendarRenderer
} }
/** /**
*
* @return int * @return int
*/ */
private function calcBlocksPerSlot() private function calcBlocksPerSlot()

26
includes/view/ShiftCalendarShiftRenderer.php
Unescape Escape View File

@ -124,11 +124,15 @@ class ShiftCalendarShiftRenderer
} }
if (in_array('user_shifts_admin', $privileges)) { if (in_array('user_shifts_admin', $privileges)) {
$html .= '<li class="list-group-item">' . button( $html .= '<li class="list-group-item">' . _('Add more angels') . ':';
page_link_to('user_shifts') . '&amp;shift_id=' . $shift['SID'], foreach ($needed_angeltypes as $angeltype) {
_('Add more angels'), $html .= ' ' . button(
'btn-xs' page_link_to('user_shifts', ['shift_id' => $shift['SID'], 'type_id' => $angeltype['id']]),
) . '</li>'; $angeltype['name'],
'btn-xs'
);
}
$html .= '</li>';
} }
if ($html != '') { if ($html != '') {
return [ return [
@ -169,11 +173,13 @@ class ShiftCalendarShiftRenderer
case ShiftSignupState::ADMIN: case ShiftSignupState::ADMIN:
case ShiftSignupState::FREE: case ShiftSignupState::FREE:
// When admin or free display a link + button for sign up // When admin or free display a link + button for sign up
$entry_list[] = '<a href="' . page_link_to('user_shifts') . '&amp;shift_id=' . $shift['SID'] . '&amp;type_id=' . $angeltype['id'] . '">' $entry_list[] = '<a href="'
. page_link_to('user_shifts', ['shift_id' => $shift['SID'], 'type_id' => $angeltype['id']])
. '">'
. $inner_text . $inner_text
. '</a> ' . '</a> '
. button( . button(
page_link_to('user_shifts') . '&amp;shift_id=' . $shift['SID'] . '&amp;type_id=' . $angeltype['id'], page_link_to('user_shifts', ['shift_id' => $shift['SID'], 'type_id' => $angeltype['id']]),
_('Sign up'), 'btn-xs btn-primary' _('Sign up'), 'btn-xs btn-primary'
); );
break; break;
@ -191,7 +197,7 @@ class ShiftCalendarShiftRenderer
// Add link to join the angeltype first // Add link to join the angeltype first
$entry_list[] = $inner_text . '<br />' $entry_list[] = $inner_text . '<br />'
. button( . button(
page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'], page_link_to('user_angeltypes', ['action' => 'add', 'angeltype_id' => $angeltype['id']]),
sprintf(_('Become %s'), $angeltype['name']), sprintf(_('Become %s'), $angeltype['name']),
'btn-xs' 'btn-xs'
); );
@ -232,8 +238,8 @@ class ShiftCalendarShiftRenderer
$header_buttons = ''; $header_buttons = '';
if (in_array('admin_shifts', $privileges)) { if (in_array('admin_shifts', $privileges)) {
$header_buttons = '<div class="pull-right">' . table_buttons([ $header_buttons = '<div class="pull-right">' . table_buttons([
button(page_link_to('user_shifts') . '&edit_shift=' . $shift['SID'], glyph('edit'), 'btn-xs'), button(page_link_to('user_shifts', ['edit_shift' => $shift['SID']]), glyph('edit'), 'btn-xs'),
button(page_link_to('user_shifts') . '&delete_shift=' . $shift['SID'], glyph('trash'), 'btn-xs') button(page_link_to('user_shifts', ['delete_shift' => $shift['SID']]), glyph('trash'), 'btn-xs')
]) . '</div>'; ]) . '</div>';
} }
$shift_heading = date('H:i', $shift['start']) . ' &dash; ' $shift_heading = date('H:i', $shift['start']) . ' &dash; '

34
includes/view/ShiftTypes_view.php
Unescape Escape View File

@ -24,7 +24,10 @@ function ShiftType_delete_view($shifttype)
buttons([ buttons([
button(page_link_to('shifttypes'), _('cancel'), 'cancel'), button(page_link_to('shifttypes'), _('cancel'), 'cancel'),
button( button(
page_link_to('shifttypes') . '&action=delete&shifttype_id=' . $shifttype['id'] . '&confirmed', page_link_to(
'shifttypes',
['action' => 'delete', 'shifttype_id' => $shifttype['id'], 'confirmed' => 1]
),
_('delete'), _('delete'),
'ok btn-danger' 'ok btn-danger'
) )
@ -81,12 +84,16 @@ function ShiftType_view($shifttype, $angeltype)
buttons([ buttons([
button(page_link_to('shifttypes'), shifttypes_title(), 'back'), button(page_link_to('shifttypes'), shifttypes_title(), 'back'),
$angeltype ? button( $angeltype ? button(
page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]),
$angeltype['name'] $angeltype['name']
) : '', ) : '',
button(page_link_to('shifttypes') . '&action=edit&shifttype_id=' . $shifttype['id'], _('edit'), 'edit'),
button( button(
page_link_to('shifttypes') . '&action=delete&shifttype_id=' . $shifttype['id'], page_link_to('shifttypes', ['action' => 'edit', 'shifttype_id' => $shifttype['id']]),
_('edit'),
'edit'
),
button(
page_link_to('shifttypes', ['action' => 'delete', 'shifttype_id' => $shifttype['id']]),
_('delete'), _('delete'),
'delete' 'delete'
) )
@ -103,11 +110,22 @@ function ShiftType_view($shifttype, $angeltype)
function ShiftTypes_list_view($shifttypes) function ShiftTypes_list_view($shifttypes)
{ {
foreach ($shifttypes as &$shifttype) { foreach ($shifttypes as &$shifttype) {
$shifttype['name'] = '<a href="' . page_link_to('shifttypes') . '&action=view&shifttype_id=' . $shifttype['id'] . '">' . $shifttype['name'] . '</a>'; $shifttype['name'] = '<a href="'
. page_link_to('shifttypes', ['action' => 'view', 'shifttype_id' => $shifttype['id']])
. '">'
. $shifttype['name']
. '</a>';
$shifttype['actions'] = table_buttons([ $shifttype['actions'] = table_buttons([
button(page_link_to('shifttypes') . '&action=edit&shifttype_id=' . $shifttype['id'], _('edit'), 'btn-xs'),
button( button(
page_link_to('shifttypes') . '&action=delete&shifttype_id=' . $shifttype['id'], page_link_to(
'shifttypes',
['action' => 'edit', 'shifttype_id' => $shifttype['id']]
),
_('edit'),
'btn-xs'
),
button(
page_link_to('shifttypes', ['action' => 'delete', 'shifttype_id' => $shifttype['id']]),
_('delete'), _('delete'),
'btn-xs' 'btn-xs'
) )
@ -117,7 +135,7 @@ function ShiftTypes_list_view($shifttypes)
return page_with_title(shifttypes_title(), [ return page_with_title(shifttypes_title(), [
msg(), msg(),
buttons([ buttons([
button(page_link_to('shifttypes') . '&action=edit', _('New shifttype'), 'add') button(page_link_to('shifttypes', ['action' => 'edit']), _('New shifttype'), 'add')
]), ]),
table([ table([
'name' => _('Name'), 'name' => _('Name'),

11
includes/view/ShiftsFilterRenderer.php
Unescape Escape View File

@ -39,17 +39,22 @@ class ShiftsFilterRenderer
/** /**
* Renders the filter. * Renders the filter.
* *
* @param string $link_base * @param array $room
* @return string Generated HTML * @return string Generated HTML
*/ */
public function render($link_base) public function render($room)
{ {
$toolbar = []; $toolbar = [];
if ($this->daySelectionEnabled && !empty($this->days)) { if ($this->daySelectionEnabled && !empty($this->days)) {
$selected_day = date('Y-m-d', $this->shiftsFilter->getStartTime()); $selected_day = date('Y-m-d', $this->shiftsFilter->getStartTime());
$day_dropdown_items = []; $day_dropdown_items = [];
foreach ($this->days as $day) { foreach ($this->days as $day) {
$day_dropdown_items[] = toolbar_item_link($link_base . '&shifts_filter_day=' . $day, '', $day); $link = page_link_to('rooms', [
'action' => 'view',
'room_id' => $room['RID'],
'shifts_filter_day' => $day,
]);
$day_dropdown_items[] = toolbar_item_link($link, '', $day);
} }
$toolbar[] = toolbar_dropdown('', $selected_day, $day_dropdown_items, 'active'); $toolbar[] = toolbar_dropdown('', $selected_day, $day_dropdown_items, 'active');
} }

9
includes/view/Shifts_view.php
Unescape Escape View File

@ -1,4 +1,5 @@
<?php <?php
use Engelsystem\ShiftSignupState; use Engelsystem\ShiftSignupState;
/** /**
@ -41,12 +42,12 @@ function Shift_signup_button_render($shift, $angeltype, $user_angeltype = null)
if ($angeltype['shift_signup_state']->isSignupAllowed()) { if ($angeltype['shift_signup_state']->isSignupAllowed()) {
return button( return button(
page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'], page_link_to('user_shifts', ['shift_id' => $shift['SID'], 'type_id' => $angeltype['id']]),
_('Sign up') _('Sign up')
); );
} elseif ($user_angeltype == null) { } elseif ($user_angeltype == null) {
return button( return button(
page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]),
sprintf(_('Become %s'), sprintf(_('Become %s'),
$angeltype['name']) $angeltype['name'])
); );
@ -207,12 +208,12 @@ function Shift_view_render_shift_entry($shift_entry, $user_shift_admin, $angelty
$entry .= ' <div class="btn-group">'; $entry .= ' <div class="btn-group">';
if ($user_shift_admin) { if ($user_shift_admin) {
$entry .= button_glyph( $entry .= button_glyph(
page_link_to('user_myshifts') . '&edit=' . $shift_entry['id'] . '&id=' . $shift_entry['UID'], page_link_to('user_myshifts', ['edit' => $shift_entry['id'], 'id' => $shift_entry['UID']]),
'pencil', 'pencil',
'btn-xs' 'btn-xs'
); );
} }
$entry .= button_glyph(page_link_to('user_shifts') . '&entry_id=' . $shift_entry['id'], 'trash', 'btn-xs'); $entry .= button_glyph(page_link_to('user_shifts', ['entry_id' => $shift_entry['id']]), 'trash', 'btn-xs');
$entry .= '</div>'; $entry .= '</div>';
} }
return $entry; return $entry;

73
includes/view/UserAngelTypes_view.php
Unescape Escape View File

@ -19,12 +19,18 @@ function UserAngelType_update_view($user_angeltype, $user, $angeltype, $supporte
User_Nick_render($user) User_Nick_render($user)
), true), ), true),
buttons([ buttons([
button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('cancel'), 'cancel'),
button( button(
page_link_to('user_angeltypes') page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]),
. '&action=update&user_angeltype_id=' . $user_angeltype['id'] _('cancel'),
. '&supporter=' . ($supporter ? '1' : '0') 'cancel'
. '&confirmed', ),
button(
page_link_to('user_angeltypes', [
'action' => 'update',
'user_angeltype_id' => $user_angeltype['id'],
'supporter' => ($supporter ? '1' : '0'),
'confirmed' => 1,
]),
_('yes'), _('yes'),
'ok' 'ok'
) )
@ -42,9 +48,19 @@ function UserAngelTypes_delete_all_view($angeltype)
msg(), msg(),
info(sprintf(_('Do you really want to deny all users for %s?'), $angeltype['name']), true), info(sprintf(_('Do you really want to deny all users for %s?'), $angeltype['name']), true),
buttons([ buttons([
button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('cancel'), 'cancel'),
button( button(
page_link_to('user_angeltypes') . '&action=delete_all&angeltype_id=' . $angeltype['id'] . '&confirmed', page_link_to(
'angeltypes',
['action' => 'view', 'angeltype_id' => $angeltype['id']]
),
_('cancel'),
'cancel'
),
button(
page_link_to(
'user_angeltypes',
['action' => 'delete_all', 'angeltype_id' => $angeltype['id'], 'confirmed' => 1]
),
_('yes'), _('yes'),
'ok' 'ok'
) )
@ -62,9 +78,11 @@ function UserAngelTypes_confirm_all_view($angeltype)
msg(), msg(),
info(sprintf(_('Do you really want to confirm all users for %s?'), $angeltype['name']), true), info(sprintf(_('Do you really want to confirm all users for %s?'), $angeltype['name']), true),
buttons([ buttons([
button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('cancel'), 'cancel'), button(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]), _('cancel'),
'cancel'),
button( button(
page_link_to('user_angeltypes') . '&action=confirm_all&angeltype_id=' . $angeltype['id'] . '&confirmed', page_link_to('user_angeltypes',
['action' => 'confirm_all', 'angeltype_id' => $angeltype['id'], 'confirmed' => 1]),
_('yes'), _('yes'),
'ok' 'ok'
) )
@ -84,9 +102,16 @@ function UserAngelType_confirm_view($user_angeltype, $user, $angeltype)
msg(), msg(),
info(sprintf(_('Do you really want to confirm %s for %s?'), User_Nick_render($user), $angeltype['name']), true), info(sprintf(_('Do you really want to confirm %s for %s?'), User_Nick_render($user), $angeltype['name']), true),
buttons([ buttons([
button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('cancel'), 'cancel'),
button( button(
page_link_to('user_angeltypes') . '&action=confirm&user_angeltype_id=' . $user_angeltype['id'] . '&confirmed', page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]),
_('cancel'),
'cancel'
),
button(
page_link_to(
'user_angeltypes',
['action' => 'confirm', 'user_angeltype_id' => $user_angeltype['id'], 'confirmed' => 1]
),
_('yes'), _('yes'),
'ok' 'ok'
) )
@ -106,9 +131,14 @@ function UserAngelType_delete_view($user_angeltype, $user, $angeltype)
msg(), msg(),
info(sprintf(_('Do you really want to delete %s from %s?'), User_Nick_render($user), $angeltype['name']), true), info(sprintf(_('Do you really want to delete %s from %s?'), User_Nick_render($user), $angeltype['name']), true),
buttons([ buttons([
button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('cancel'), 'cancel'),
button( button(
page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $user_angeltype['id'] . '&confirmed', page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]),
_('cancel'),
'cancel'
),
button(
page_link_to('user_angeltypes',
['action' => 'delete', 'user_angeltype_id' => $user_angeltype['id'], 'confirmed' => 1]),
_('yes'), _('yes'),
'ok' 'ok'
) )
@ -132,7 +162,11 @@ function UserAngelType_add_view($angeltype, $users_source, $user_id)
return page_with_title(_('Add user to angeltype'), [ return page_with_title(_('Add user to angeltype'), [
msg(), msg(),
buttons([ buttons([
button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('back'), 'back') button(
page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]),
_('back'),
'back'
)
]), ]),
form([ form([
form_info(_('Angeltype'), $angeltype['name']), form_info(_('Angeltype'), $angeltype['name']),
@ -153,9 +187,16 @@ function UserAngelType_join_view($user, $angeltype)
msg(), msg(),
info(sprintf(_('Do you really want to add %s to %s?'), User_Nick_render($user), $angeltype['name']), true), info(sprintf(_('Do you really want to add %s to %s?'), User_Nick_render($user), $angeltype['name']), true),
buttons([ buttons([
button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('cancel'), 'cancel'),
button( button(
page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'] . '&user_id=' . $user['UID'] . '&confirmed', page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]),
_('cancel'),
'cancel'
),
button(
page_link_to(
'user_angeltypes',
['action' => 'add', 'angeltype_id' => $angeltype['id'], 'user_id' => $user['UID'], 'confirmed' => 1]
),
_('save'), _('save'),
'ok' 'ok'
) )

46
includes/view/User_view.php
Unescape Escape View File

@ -127,7 +127,7 @@ function User_registration_success_view($event_welcome_message)
'<h2>' . _('What can I do?') . '</h2>', '<h2>' . _('What can I do?') . '</h2>',
'<p>' . _('Please read about the jobs you can do to help us.') . '</p>', '<p>' . _('Please read about the jobs you can do to help us.') . '</p>',
buttons([ buttons([
button(page_link_to('angeltypes') . '&action=about', _('Teams/Job description') . ' &raquo;') button(page_link_to('angeltypes', ['action' => 'about']), _('Teams/Job description') . ' &raquo;')
]) ])
]) ])
]) ])
@ -172,10 +172,13 @@ function User_edit_vouchers_view($user)
button(user_link($user), glyph('chevron-left') . _('back')) button(user_link($user), glyph('chevron-left') . _('back'))
]), ]),
info(sprintf(_('Angel should receive at least %d vouchers.'), User_get_eligable_voucher_count($user)), true), info(sprintf(_('Angel should receive at least %d vouchers.'), User_get_eligable_voucher_count($user)), true),
form([ form(
form_spinner('vouchers', _('Number of vouchers given out'), $user['got_voucher']), [
form_submit('submit', _('Save')) form_spinner('vouchers', _('Number of vouchers given out'), $user['got_voucher']),
], page_link_to('users') . '&action=edit_vouchers&user_id=' . $user['UID']) form_submit('submit', _('Save'))
],
page_link_to('users', ['action' => 'edit_vouchers', 'user_id' => $user['UID']])
)
]); ]);
} }
@ -208,7 +211,7 @@ function Users_view(
$user['Tshirt'] = glyph_bool($user['Tshirt']); $user['Tshirt'] = glyph_bool($user['Tshirt']);
$user['lastLogIn'] = date(_('m/d/Y h:i a'), $user['lastLogIn']); $user['lastLogIn'] = date(_('m/d/Y h:i a'), $user['lastLogIn']);
$user['actions'] = table_buttons([ $user['actions'] = table_buttons([
button_glyph(page_link_to('admin_user') . '&id=' . $user['UID'], 'edit', 'btn-xs') button_glyph(page_link_to('admin_user', ['id' => $user['UID']]), 'edit', 'btn-xs')
]); ]);
} }
$users[] = [ $users[] = [
@ -253,7 +256,11 @@ function Users_view(
*/ */
function Users_table_header_link($column, $label, $order_by) function Users_table_header_link($column, $label, $order_by)
{ {
return '<a href="' . page_link_to('users') . '&OrderBy=' . $column . '">' . $label . ($order_by == $column ? ' <span class="caret"></span>' : '') . '</a>'; return '<a href="'
. page_link_to('users', ['OrderBy' => $column])
. '">'
. $label . ($order_by == $column ? ' <span class="caret"></span>' : '')
. '</a>';
} }
/** /**
@ -347,7 +354,7 @@ function User_view_myshift($shift, $user_source, $its_me)
]; ];
if ($its_me || in_array('user_shifts_admin', $privileges)) { if ($its_me || in_array('user_shifts_admin', $privileges)) {
$myshift['actions'][] = button( $myshift['actions'][] = button(
page_link_to('user_myshifts') . '&edit=' . $shift['id'] . '&id=' . $user_source['UID'], page_link_to('user_myshifts', ['edit' => $shift['id'], 'id' => $user_source['UID']]),
glyph('edit') . _('edit'), glyph('edit') . _('edit'),
'btn-xs' 'btn-xs'
); );
@ -356,8 +363,15 @@ function User_view_myshift($shift, $user_source, $its_me)
($shift['start'] > time() + config('last_unsubscribe') * 3600) ($shift['start'] > time() + config('last_unsubscribe') * 3600)
|| in_array('user_shifts_admin', $privileges) || in_array('user_shifts_admin', $privileges)
) { ) {
$parameters = [
'cancel' => $shift['id'],
'id' => $user_source['UID'],
];
if ($its_me) {
$parameters['id'] = '';
}
$myshift['actions'][] = button( $myshift['actions'][] = button(
page_link_to('user_myshifts') . ((!$its_me) ? '&id=' . $user_source['UID'] : '') . '&cancel=' . $shift['id'], page_link_to('user_myshifts', $parameters),
glyph('trash') . _('sign off'), glyph('trash') . _('sign off'),
'btn-xs' 'btn-xs'
); );
@ -427,7 +441,7 @@ function User_view($user_source, $admin_user_privilege, $freeloader, $user_angel
div('col-md-12', [ div('col-md-12', [
buttons([ buttons([
$admin_user_privilege ? button( $admin_user_privilege ? button(
page_link_to('admin_user') . '&id=' . $user_source['UID'], page_link_to('admin_user', ['id' => $user_source['UID']]),
glyph('edit') . _('edit') glyph('edit') . _('edit')
) : '', ) : '',
$admin_user_privilege ? button( $admin_user_privilege ? button(
@ -435,24 +449,24 @@ function User_view($user_source, $admin_user_privilege, $freeloader, $user_angel
glyph('road') . _('driving license') glyph('road') . _('driving license')
) : '', ) : '',
($admin_user_privilege && !$user_source['Gekommen']) ? button( ($admin_user_privilege && !$user_source['Gekommen']) ? button(
page_link_to('admin_arrive') . '&arrived=' . $user_source['UID'], page_link_to('admin_arrive', ['arrived' => $user_source['UID']]),
_('arrived') _('arrived')
) : '', ) : '',
$admin_user_privilege ? button( $admin_user_privilege ? button(
page_link_to('users') . '&action=edit_vouchers&user_id=' . $user_source['UID'], page_link_to('users', ['action' => 'edit_vouchers', 'user_id' => $user_source['UID']]),
glyph('cutlery') . _('Edit vouchers') glyph('cutlery') . _('Edit vouchers')
) : '', ) : '',
$its_me ? button(page_link_to('user_settings'), glyph('list-alt') . _('Settings')) : '', $its_me ? button(page_link_to('user_settings'), glyph('list-alt') . _('Settings')) : '',
$its_me ? button( $its_me ? button(
page_link_to('ical') . '&key=' . $user_source['api_key'], page_link_to('ical', ['key' => $user_source['api_key']]),
glyph('calendar') . _('iCal Export') glyph('calendar') . _('iCal Export')
) : '', ) : '',
$its_me ? button( $its_me ? button(
page_link_to('shifts_json_export') . '&key=' . $user_source['api_key'], page_link_to('shifts_json_export', ['key' => $user_source['api_key']]),
glyph('export') . _('JSON Export') glyph('export') . _('JSON Export')
) : '', ) : '',
$its_me ? button( $its_me ? button(
page_link_to('user_myshifts') . '&reset', page_link_to('user_myshifts', ['reset' => 1]),
glyph('repeat') . _('Reset API key') glyph('repeat') . _('Reset API key')
) : '' ) : ''
]) ])
@ -607,7 +621,7 @@ function User_groups_render($user_groups)
function User_Nick_render($user_source) function User_Nick_render($user_source)
{ {
return '<a class="' . ($user_source['Gekommen'] ? '' : 'text-muted') . '" href="' return '<a class="' . ($user_source['Gekommen'] ? '' : 'text-muted') . '" href="'
. page_link_to('users') . '&amp;action=view&amp;user_id=' . $user_source['UID'] . page_link_to('users', ['action' => 'view', 'user_id' => $user_source['UID']])
. '"><span class="icon-icon_angel"></span> ' . htmlspecialchars($user_source['Nick']) . '</a>'; . '"><span class="icon-icon_angel"></span> ' . htmlspecialchars($user_source['Nick']) . '</a>';
} }

15
phpunit.xml
Unescape Escape View File

@ -1,12 +1,8 @@
<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" <phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://schema.phpunit.de/4.5/phpunit.xsd"
backupGlobals="false"
bootstrap="./includes/engelsystem_provider.php" bootstrap="./includes/engelsystem_provider.php"
xsi:noNamespaceSchemaLocation="http://schema.phpunit.de/6.3/phpunit.xsd"
colors="true" colors="true"
convertErrorsToExceptions="true" >
convertNoticesToExceptions="true"
convertWarningsToExceptions="true"
processIsolation="false">
<testsuites> <testsuites>
<testsuite name="Models"> <testsuite name="Models">
<directory>./test/model/</directory> <directory>./test/model/</directory>
@ -16,10 +12,7 @@
<whitelist> <whitelist>
<directory>./include/</directory> <directory>./include/</directory>
<directory>./public/</directory> <directory>./public/</directory>
<directory>./src/</directory> <directory>./src/</directory>
</whitelist> </whitelist>
</filter> </filter>
<php>
<const name="PHPUNIT_TESTSUITE" value="true"/>
</php>
</phpunit> </phpunit>

8
public/.htaccess
Unescape Escape View File

@ -0,0 +1,8 @@
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>

291
public/index.php
Unescape Escape View File

@ -1,4 +1,7 @@
<?php <?php
use Engelsystem\Http\Request;
require_once realpath(__DIR__ . '/../includes/engelsystem_provider.php'); require_once realpath(__DIR__ . '/../includes/engelsystem_provider.php');
$free_pages = [ $free_pages = [
@ -16,7 +19,7 @@ $free_pages = [
'stats', 'stats',
'users', 'users',
'user_driver_licenses', 'user_driver_licenses',
'user_password_recovery' 'user_password_recovery',
]; ];
// Gewünschte Seite/Funktion // Gewünschte Seite/Funktion
@ -24,8 +27,13 @@ $page = '';
$title = ''; $title = '';
$content = ''; $content = '';
$page = $request->input('p'); /** @var Request $request */
$page = $request->query->get('p');
if (empty($page)) { if (empty($page)) {
$page = $request->path();
$page = str_replace('-', '_', $page);
}
if ($page == '/') {
$page = isset($user) ? 'news' : 'login'; $page = isset($user) ? 'news' : 'login';
} }
@ -38,120 +46,158 @@ if (
) { ) {
$title = $page; $title = $page;
if ($page == 'api') { switch ($page) {
error('Api disabled temporarily.'); case 'api':
redirect(page_link_to()); error('Api disabled temporarily.');
require_once realpath(__DIR__ . '/../includes/controller/api.php'); redirect(page_link_to());
api_controller(); break;
} elseif ($page == 'ical') { case 'ical':
require_once realpath(__DIR__ . '/../includes/pages/user_ical.php'); require_once realpath(__DIR__ . '/../includes/pages/user_ical.php');
user_ical(); user_ical();
} elseif ($page == 'atom') { break;
require_once realpath(__DIR__ . '/../includes/pages/user_atom.php'); case 'atom':
user_atom(); require_once realpath(__DIR__ . '/../includes/pages/user_atom.php');
} elseif ($page == 'shifts_json_export') { user_atom();
require_once realpath(__DIR__ . '/../includes/controller/shifts_controller.php'); break;
shifts_json_export_controller(); case 'shifts_json_export':
} elseif ($page == 'shifts_json_export_all') { require_once realpath(__DIR__ . '/../includes/controller/shifts_controller.php');
require_once realpath(__DIR__ . '/../includes/controller/shifts_controller.php'); shifts_json_export_controller();
shifts_json_export_all_controller(); break;
} elseif ($page == 'stats') { case 'shifts_json_export_all':
require_once realpath(__DIR__ . '/../includes/pages/guest_stats.php'); require_once realpath(__DIR__ . '/../includes/controller/shifts_controller.php');
guest_stats(); shifts_json_export_all_controller();
} elseif ($page == 'user_password_recovery') { break;
require_once realpath(__DIR__ . '/../includes/controller/users_controller.php'); case 'stats':
$title = user_password_recovery_title(); require_once realpath(__DIR__ . '/../includes/pages/guest_stats.php');
$content = user_password_recovery_controller(); guest_stats();
} elseif ($page == 'angeltypes') { break;
list($title, $content) = angeltypes_controller(); case 'user_password_recovery':
} elseif ($page == 'shifts') { require_once realpath(__DIR__ . '/../includes/controller/users_controller.php');
list($title, $content) = shifts_controller(); $title = user_password_recovery_title();
} elseif ($page == 'users') { $content = user_password_recovery_controller();
list($title, $content) = users_controller(); break;
} elseif ($page == 'user_angeltypes') { case 'angeltypes':
list($title, $content) = user_angeltypes_controller(); list($title, $content) = angeltypes_controller();
} elseif ($page == 'user_driver_licenses') { break;
list($title, $content) = user_driver_licenses_controller(); case 'shifts':
} elseif ($page == 'shifttypes') { list($title, $content) = shifts_controller();
list($title, $content) = shifttypes_controller(); break;
} elseif ($page == 'admin_event_config') { case 'users':
list($title, $content) = event_config_edit_controller(); list($title, $content) = users_controller();
} elseif ($page == 'rooms') { break;
list($title, $content) = rooms_controller(); case 'user_angeltypes':
} elseif ($page == 'news') { list($title, $content) = user_angeltypes_controller();
$title = news_title(); break;
$content = user_news(); case 'user_driver_licenses':
} elseif ($page == 'news_comments') { list($title, $content) = user_driver_licenses_controller();
require_once realpath(__DIR__ . '/../includes/pages/user_news.php'); break;
$title = user_news_comments_title(); case 'shifttypes':
$content = user_news_comments(); list($title, $content) = shifttypes_controller();
} elseif ($page == 'user_meetings') { break;
$title = meetings_title(); case 'admin_event_config':
$content = user_meetings(); list($title, $content) = event_config_edit_controller();
} elseif ($page == 'user_myshifts') { break;
$title = myshifts_title(); case 'rooms':
$content = user_myshifts(); list($title, $content) = rooms_controller();
} elseif ($page == 'user_shifts') { break;
$title = shifts_title(); case 'news':
$content = user_shifts(); $title = news_title();
} elseif ($page == 'user_messages') { $content = user_news();
$title = messages_title(); break;
$content = user_messages(); case 'news_comments':
} elseif ($page == 'user_questions') { require_once realpath(__DIR__ . '/../includes/pages/user_news.php');
$title = questions_title(); $title = user_news_comments_title();
$content = user_questions(); $content = user_news_comments();
} elseif ($page == 'user_settings') { break;
$title = settings_title(); case 'user_meetings':
$content = user_settings(); $title = meetings_title();
} elseif ($page == 'login') { $content = user_meetings();
$title = login_title(); break;
$content = guest_login(); case 'user_myshifts':
} elseif ($page == 'register') { $title = myshifts_title();
$title = register_title(); $content = user_myshifts();
$content = guest_register(); break;
} elseif ($page == 'logout') { case 'user_shifts':
$title = logout_title(); $title = shifts_title();
$content = guest_logout(); $content = user_shifts();
} elseif ($page == 'admin_questions') { break;
$title = admin_questions_title(); case 'user_messages':
$content = admin_questions(); $title = messages_title();
} elseif ($page == 'admin_user') { $content = user_messages();
$title = admin_user_title(); break;
$content = admin_user(); case 'user_questions':
} elseif ($page == 'admin_arrive') { $title = questions_title();
$title = admin_arrive_title(); $content = user_questions();
$content = admin_arrive(); break;
} elseif ($page == 'admin_active') { case 'user_settings':
$title = admin_active_title(); $title = settings_title();
$content = admin_active(); $content = user_settings();
} elseif ($page == 'admin_free') { break;
$title = admin_free_title(); case 'login':
$content = admin_free(); $title = login_title();
} elseif ($page == 'admin_news') { $content = guest_login();
require_once realpath(__DIR__ . '/../includes/pages/admin_news.php'); break;
$content = admin_news(); case 'register':
} elseif ($page == 'admin_rooms') { $title = register_title();
$title = admin_rooms_title(); $content = guest_register();
$content = admin_rooms(); break;
} elseif ($page == 'admin_groups') { case 'logout':
$title = admin_groups_title(); $title = logout_title();
$content = admin_groups(); $content = guest_logout();
} elseif ($page == 'admin_import') { break;
$title = admin_import_title(); case 'admin_questions':
$content = admin_import(); $title = admin_questions_title();
} elseif ($page == 'admin_shifts') { $content = admin_questions();
$title = admin_shifts_title(); break;
$content = admin_shifts(); case 'admin_user':
} elseif ($page == 'admin_log') { $title = admin_user_title();
$title = admin_log_title(); $content = admin_user();
$content = admin_log(); break;
} elseif ($page == 'credits') { case 'admin_arrive':
require_once realpath(__DIR__ . '/../includes/pages/guest_credits.php'); $title = admin_arrive_title();
$title = credits_title(); $content = admin_arrive();
$content = guest_credits(); break;
} else { case 'admin_active':
require_once realpath(__DIR__ . '/../includes/pages/guest_start.php'); $title = admin_active_title();
$content = guest_start(); $content = admin_active();
break;
case 'admin_free':
$title = admin_free_title();
$content = admin_free();
break;
case 'admin_news':
require_once realpath(__DIR__ . '/../includes/pages/admin_news.php');
$content = admin_news();
break;
case 'admin_rooms':
$title = admin_rooms_title();
$content = admin_rooms();
break;
case 'admin_groups':
$title = admin_groups_title();
$content = admin_groups();
break;
case 'admin_import':
$title = admin_import_title();
$content = admin_import();
break;
case 'admin_shifts':
$title = admin_shifts_title();
$content = admin_shifts();
break;
case 'admin_log':
$title = admin_log_title();
$content = admin_log();
break;
case 'credits':
require_once realpath(__DIR__ . '/../includes/pages/guest_credits.php');
$title = credits_title();
$content = guest_credits();
break;
default:
require_once realpath(__DIR__ . '/../includes/pages/guest_start.php');
$content = guest_start();
break;
} }
} else { } else {
// Wenn schon eingeloggt, keine-Berechtigung-Seite anzeigen // Wenn schon eingeloggt, keine-Berechtigung-Seite anzeigen
@ -166,14 +212,23 @@ if (
$event_config = EventConfig(); $event_config = EventConfig();
$parameters = [
'key' => (isset($user) ? $user['api_key'] : ''),
];
if ($page == 'user_meetings') {
$parameters['meetings'] = 1;
}
echo view(__DIR__ . '/../templates/layout.html', [ echo view(__DIR__ . '/../templates/layout.html', [
'theme' => isset($user) ? $user['color'] : config('theme'), 'theme' => isset($user) ? $user['color'] : config('theme'),
'title' => $title, 'title' => $title,
'atom_link' => ($page == 'news' || $page == 'user_meetings') 'atom_link' => ($page == 'news' || $page == 'user_meetings')
? ' <link href="' . page_link_to('atom') . (($page == 'user_meetings') ? '&meetings=1' : '') ? ' <link href="'
. '&amp;key=' . (isset($user) ? $user['api_key'] : '') . page_link_to('atom', $parameters)
. '" type = "application/atom+xml" rel = "alternate" title = "Atom Feed">' . '" type = "application/atom+xml" rel = "alternate" title = "Atom Feed">'
: '', : '',
'start_page_url' => page_link_to('/'),
'credits_url' => page_link_to('credits'),
'menu' => make_menu(), 'menu' => make_menu(),
'content' => msg() . $content, 'content' => msg() . $content,
'header_toolbar' => header_toolbar(), 'header_toolbar' => header_toolbar(),

9
src/Database/Db.php
Unescape Escape View File

@ -79,9 +79,10 @@ class Db
return self::$stm->fetchAll(PDO::FETCH_ASSOC); return self::$stm->fetchAll(PDO::FETCH_ASSOC);
} }
/** /**
* Run a select query and return only the first result or null if no result is found. * Run a select query and return only the first result or null if no result is found.
*
* @param string $query * @param string $query
* @param array $bindings * @param array $bindings
* @return array|null * @return array|null
@ -89,11 +90,11 @@ class Db
public static function selectOne($query, array $bindings = []) public static function selectOne($query, array $bindings = [])
{ {
$result = self::select($query, $bindings); $result = self::select($query, $bindings);
if(empty($result)) { if (empty($result)) {
return null; return null;
} }
return array_shift($result); return array_shift($result);
} }

56
src/Exceptions/Handler.php
Unescape Escape View File

@ -34,7 +34,9 @@ class Handler
*/ */
public function errorHandler($number, $string, $file, $line, $context) public function errorHandler($number, $string, $file, $line, $context)
{ {
$this->handle('error', $number, $string, $file, $line, $context); $trace = array_reverse(debug_backtrace());
$this->handle('error', $number, $string, $file, $line, $context, $trace);
} }
/** /**
@ -59,8 +61,9 @@ class Handler
* @param string $file * @param string $file
* @param int $line * @param int $line
* @param array $context * @param array $context
* @param array $trace
*/ */
protected function handle($type, $number, $string, $file, $line, $context = []) protected function handle($type, $number, $string, $file, $line, $context = [], $trace = [])
{ {
error_log(sprintf('%s: Number: %s, String: %s, File: %s:%u, Context: %s', error_log(sprintf('%s: Number: %s, String: %s, File: %s:%u, Context: %s',
$type, $type,
@ -71,13 +74,16 @@ class Handler
json_encode($context) json_encode($context)
)); ));
$file = $this->stripBasePath($file);
if ($this->environment == self::ENV_DEVELOPMENT) { if ($this->environment == self::ENV_DEVELOPMENT) {
echo '<pre style="background-color:#333;color:#ccc;z-index:1000;position:absolute;top:1em;padding:1em;width:97%;overflow-y:auto;">'; echo '<pre style="background-color:#333;color:#ccc;z-index:1000;position:fixed;bottom:1em;padding:1em;width:97%;max-height: 90%;overflow-y:auto;">';
echo sprintf('%s: (%s)' . PHP_EOL, ucfirst($type), $number); echo sprintf('%s: (%s)' . PHP_EOL, ucfirst($type), $number);
var_export([ var_export([
'string' => $string, 'string' => $string,
'file' => $file . ':' . $line, 'file' => $file . ':' . $line,
'context' => ($this->environment == self::ENV_DEVELOPMENT ? $context : null), 'context' => $context,
'stacktrace' => $this->formatStackTrace($trace),
]); ]);
echo '</pre>'; echo '</pre>';
die(); die();
@ -87,6 +93,44 @@ class Handler
die(); die();
} }
/**
* @param array $stackTrace
* @return array
*/
protected function formatStackTrace($stackTrace)
{
$return = [];
foreach ($stackTrace as $trace) {
$path = '';
$line = '';
if (isset($trace['file']) && isset($trace['line'])) {
$path = $this->stripBasePath($trace['file']);
$line = $trace['line'];
}
$functionName = $trace['function'];
$return[] = [
'file' => $path . ':' . $line,
$functionName => $trace['args'],
];
}
return $return;
}
/**
* @param string $path
* @return string
*/
protected function stripBasePath($path)
{
$basePath = realpath(__DIR__ . '/../..') . '/';
return str_replace($basePath, '', $path);
}
/** /**
* @param string $environment * @param string $environment
*/ */

70
src/Http/Request.php
Unescape Escape View File

@ -3,88 +3,70 @@
namespace Engelsystem\Http; namespace Engelsystem\Http;
use ErrorException; use ErrorException;
use Symfony\Component\HttpFoundation\Request as SymfonyRequest;
class Request class Request extends SymfonyRequest
{ {
/** @var self */ /** @var self */
protected static $instance; protected static $instance;
/** @var array of POST data */
protected $request;
/** @var array of GET data */
protected $query;
/** /**
* Initialize request * Get POST input
*
* @param string $key
* @param mixed $default
* @return mixed
*/ */
public function create() public function postData($key, $default = null)
{ {
$this->request = $_POST; return $this->request->get($key, $default);
$this->query = $_GET;
} }
/** /**
* Get GET input * Get input data
* *
* @param string $key * @param string $key
* @param mixed $default * @param mixed $default
* @return mixed * @return mixed
*/ */
public function get($key, $default = null) public function input($key, $default = null)
{ {
if (!empty($this->query[$key])) { return $this->get($key, $default);
return $this->query[$key];
}
return $default;
} }
/** /**
* Get POST input * Checks if the input exists
* *
* @param string $key * @param string $key
* @param mixed $default * @return bool
* @return mixed
*/ */
public function post($key, $default = null) public function has($key)
{ {
if (!empty($this->request[$key])) { $value = $this->input($key);
return $this->request[$key];
}
return $default; return !empty($value);
} }
/** /**
* Get input data * Get the requested path
* *
* @param string $key * @return string
* @param mixed $default
* @return mixed
*/ */
public function input($key, $default = null) public function path()
{ {
$data = $this->request + $this->query; $pattern = trim($this->getPathInfo(), '/');
if (isset($data[$key])) { return $pattern == '' ? '/' : $pattern;
return $data[$key];
}
return $default;
} }
/** /**
* Checks if the input exists * Return the current URL
* *
* @param string $key * @return string
* @return bool
*/ */
public function has($key) public function url()
{ {
$data = $this->request + $this->query; return rtrim(preg_replace('/\?.*/', '', $this->getUri()), '/');
return isset($data[$key]);
} }
/** /**

27
src/Routing/UrlGenerator.php
Unescape Escape View File

@ -0,0 +1,27 @@
<?php
namespace Engelsystem\Routing;
use Engelsystem\Http\Request;
class UrlGenerator
{
/**
* @param string $path
* @param array $parameters
* @return string
*/
public static function to($path, $parameters = [])
{
$path = '/' . ltrim($path, '/');
$request = Request::getInstance();
$uri = $request->getUriForPath($path);
if (!empty($parameters) && is_array($parameters)) {
$parameters = http_build_query($parameters);
$uri .= '?' . $parameters;
}
return $uri;
}
}

28
src/helpers.php
Unescape Escape View File

@ -4,6 +4,8 @@
use Engelsystem\Config\Config; use Engelsystem\Config\Config;
use Engelsystem\Http\Request; use Engelsystem\Http\Request;
use Engelsystem\Renderer\Renderer; use Engelsystem\Renderer\Renderer;
use Engelsystem\Routing\UrlGenerator;
use Symfony\Component\HttpFoundation\Session\SessionInterface;
/** /**
* Get or set config values * Get or set config values
@ -41,6 +43,22 @@ function request($key = null, $default = null)
return $request->input($key, $default); return $request->input($key, $default);
} }
/**
* @param string $key
* @param mixed $default
* @return SessionInterface|mixed
*/
function session($key = null, $default = null)
{
$session = request()->getSession();
if (is_null($key)) {
return $session;
}
return $session->get($key, $default);
}
/** /**
* @param string $template * @param string $template
* @param mixed[] $data * @param mixed[] $data
@ -56,3 +74,13 @@ function view($template = null, $data = null)
return $renderer->render($template, $data); return $renderer->render($template, $data);
} }
/**
* @param string $path
* @param array $parameters
* @return string
*/
function url($path, $parameters = [])
{
return UrlGenerator::to($path, $parameters);
}

7
templates/guest_credits.html
Unescape Escape View File

@ -20,11 +20,10 @@
<div class="col-md-4"> <div class="col-md-4">
<h2>Hosting</h2> <h2>Hosting</h2>
<p> <p>
Webspace, development platform and domain on <a href="https://engelsystem.de">engelsystem.de</a> is currently provided by Webspace, development platform and domain on <a href="https://engelsystem.de">engelsystem.de</a>
<a href="https://www.wybt.net/">would you buy this?</a> (ichdasich) is currently provided by <a href="https://www.wybt.net/">would you buy this?</a> (ichdasich)
and adminstrated by <a href="http://mortzu.de/">mortzu</a>, and adminstrated by <a href="http://mortzu.de/">mortzu</a>,
<a href="http://derf.homelinux.org/">derf</a> <a href="http://derf.homelinux.org/">derf</a> and ichdasich.
and ichdasich.
</p> </p>
</div> </div>
<div class="col-md-4"> <div class="col-md-4">

6
templates/layout.html
Unescape Escape View File

@ -22,7 +22,9 @@
<span class="icon-bar"></span> <span class="icon-bar"></span>
<span class="icon-bar"></span> <span class="icon-bar"></span>
</button> </button>
<a class="navbar-brand" href="?"><span class="icon-icon_angel"></span> <strong class="visible-lg-inline">ENGELSYSTEM</strong></a> <a class="navbar-brand" href="%start_page_url%">
<span class="icon-icon_angel"></span> <strong class="visible-lg-inline">ENGELSYSTEM</strong>
</a>
</div> </div>
<div class="collapse navbar-collapse" id="navbar-collapse-1">%menu% %header_toolbar%</div> <div class="collapse navbar-collapse" id="navbar-collapse-1">%menu% %header_toolbar%</div>
</div> </div>
@ -38,7 +40,7 @@
· <a href="%contact_email%"><span class="glyphicon glyphicon-envelope"></span> Contact</a> · <a href="%contact_email%"><span class="glyphicon glyphicon-envelope"></span> Contact</a>
· <a href="https://github.com/engelsystem/engelsystem/issues">Bugs / Features</a> · <a href="https://github.com/engelsystem/engelsystem/issues">Bugs / Features</a>
· <a href="https://github.com/engelsystem/engelsystem/">Development Platform</a> · <a href="https://github.com/engelsystem/engelsystem/">Development Platform</a>
· <a href="?p=credits">Credits</a> · <a href="%credits_url%">Credits</a>
</div> </div>
</div> </div>
</div> </div>

2
templates/maintenance.html
Unescape Escape View File

@ -21,7 +21,7 @@
<span class="icon-bar"></span> <span class="icon-bar"></span>
<span class="icon-bar"></span> <span class="icon-bar"></span>
</button> </button>
<a class="navbar-brand" href="?"> <a class="navbar-brand" href="#">
<span class="icon-icon_angel"></span> <strong class="visible-lg-inline">ENGELSYSTEM</strong> <span class="icon-icon_angel"></span> <strong class="visible-lg-inline">ENGELSYSTEM</strong>
</a> </a>
</div> </div>

17
templates/user_shifts.html
Unescape Escape View File

@ -4,12 +4,14 @@
var days = document.getElementById(id + '_day').getElementsByTagName( var days = document.getElementById(id + '_day').getElementsByTagName(
'option'); 'option');
for (var i = 0; i < days.length; i++) { for (var i = 0; i < days.length; i++) {
if (days[i].value == moment().format('YYYY-MM-DD')) if (days[i].value === moment().format('YYYY-MM-DD')) {
days[i].selected = true; days[i].selected = true;
}
} }
} }
</script> </script>
<form class="form-inline" action="" method="get">
<form class="form-inline" action="">
<input type="hidden" name="p" value="user_shifts"> <input type="hidden" name="p" value="user_shifts">
<div class="row"> <div class="row">
<div class="col-md-6"> <div class="col-md-6">
@ -17,7 +19,7 @@
<div class="form-group">%start_select%</div> <div class="form-group">%start_select%</div>
<div class="form-group"> <div class="form-group">
<div class="input-group"> <div class="input-group">
<input class="form-control" type="text" id="start_time" name="start_time" size="5" <input class="form-control" id="start_time" name="start_time" size="5"
pattern="^\d{1,2}:\d{2}$" placeholder="HH:MM" maxlength="5" value="%start_time%"> pattern="^\d{1,2}:\d{2}$" placeholder="HH:MM" maxlength="5" value="%start_time%">
<div class="input-group-btn"> <div class="input-group-btn">
<button class="btn btn-default" title="Now" type="button" onclick="set_to_now('start');"> <button class="btn btn-default" title="Now" type="button" onclick="set_to_now('start');">
@ -30,7 +32,7 @@
<div class="form-group">%end_select%</div> <div class="form-group">%end_select%</div>
<div class="form-group"> <div class="form-group">
<div class="input-group"> <div class="input-group">
<input class="form-control" type="text" id="end_time" name="end_time" size="5" <input class="form-control" id="end_time" name="end_time" size="5"
pattern="^\d{1,2}:\d{2}$" placeholder="HH:MM" maxlength="5" value="%end_time%"> pattern="^\d{1,2}:\d{2}$" placeholder="HH:MM" maxlength="5" value="%end_time%">
<div class="input-group-btn"> <div class="input-group-btn">
<button class="btn btn-default" title="Now" type="button" onclick="set_to_now('end');"> <button class="btn btn-default" title="Now" type="button" onclick="set_to_now('end');">
@ -46,8 +48,11 @@
</div> </div>
<div class="row"> <div class="row">
<div class="col-md-6"> <div class="col-md-6">
<div>%task_notice%</div> <div>%assign_notice%</div>
<input class="btn btn-primary" type="submit" style="width: 75%; margin-bottom: 20px" value="%filter%"> </div>
<div class="col-md-6">
<div><p>%task_notice%</p></div>
<input class="btn btn-primary" type="submit" style="width:75%; margin-bottom: 20px" value="%filter%">
</div> </div>
</div> </div>
</form> </form>

Write Preview
Loading…
Cancel
Save