kontakt
/
engelsystem
3
0
Fork 0
Code Issues 12 Pull Requests Projects Releases Wiki Activity

merge special_includes_camp

Browse Source
main
Philip Häusler 14 years ago
parent ebecae2ccc 80a1a65aef
commit 3a31cebd1d
729 changed files with 10804 additions and 7709 deletions
Show Stats Download Patch File Download Diff File

6
DB/ChangeLog.sql
Unescape Escape View File

@ -18,8 +18,8 @@
DROP TABLE IF EXISTS `ChangeLog`;
CREATE TABLE IF NOT EXISTS `ChangeLog` (
`Time` timestamp(14) NOT NULL,
`UID` int(11) NOT NULL default '0',
`Time` timestamp NOT NULL,
`UID` int(11) NOT NULL default 0,
`Commend` text NOT NULL,
`SQLCommad` text NOT NULL
) TYPE=MyISAM;
) ENGINE=MyISAM;

44
DB/Himmel.sql
Unescape Escape View File

@ -26,7 +26,7 @@ CREATE TABLE IF NOT EXISTS `EngelType` (
`Man` text,
PRIMARY KEY (`TID`),
UNIQUE KEY `Name` (`Name`)
) TYPE=MyISAM AUTO_INCREMENT=1 ;
) ENGINE=MyISAM AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
@ -43,23 +43,23 @@ CREATE TABLE IF NOT EXISTS `FAQ` (
`Frage` text NOT NULL,
`Antwort` text NOT NULL,
PRIMARY KEY (`FID`)
) TYPE=MyISAM AUTO_INCREMENT=24 ;
) ENGINE=MyISAM AUTO_INCREMENT=24 ;
--
-- Daten für Tabelle `FAQ`
--
INSERT INTO `FAQ` (`FID`, `Frage`, `Antwort`) VALUES (1, 'Komme ich als Engel billiger/kostenlos auf den Congress?<br>\r\nDo I get in cheaper / for free to the congress as an angel ?', 'Nein, jeder Engel muss normal Eintritt bezahlen.<br>\r\nNo, every angel has to pay full price.'),
(2, 'Was bekomme ich f&uuml;r meine Mitarbeit?<br>\r\nWhat can i expect in return for my help? \r\n', 'Jeder Engel der arbeitet bekommt ein kostenloses T-Shirt nach der Veranstalltung <br>\r\nEvery working angel gets a free shirt after the event. '),
(3, 'Wie lange muss ich als Engel arbeiten?<br>\r\nHow long do I have to work as an angel ?', 'Diese Frage ist schwer zu beantworten. Es h&auml;ngt z.B. davon ab, was man macht (z.B. Workshop-Engel) und wieviele Engel wir zusammen bekommen. <br>\r\nThis is difficult to answer. It depends on what you decide to do (e.g. workshop angel) and how many people will attend. '),
(6, 'Ich bin erst XX Jahre alt. Kann ich &uuml;berhaupt helfen?<br>\r\nI''m only XX years old. Can I help anyway?', 'Wir k&ouml;nnen jede helfende Hand gebrauchen. Wenn du alt genug bist, um zum Congress zu kommen, bist du auch alt genug zu helfen. <br>\r\nWe need every help we can get. If your old enough to come to the congress, your old enough to help.'),
(8, 'Wer sind eigentlich die Erzengel?<br>\r\nWho <b>are</b> the Arch-Angels?\r\n', 'Erzengel sind dieses Jahr: BugBlue, TabascoEye, Jeedi, Daizy, volty<br> \r\nThe ArchAngels for this year are: BugBlue, TabascoEye, Jeedi, Daizy, volty\r\n'),
(9, 'Gibt es dieses Jahr wieder einen IRC-Channel f&uuml;r Engel?<br>\r\nWill there be an IRC-channel for angels again?', 'Ja, im IRC-Net existiert #chaos-angel. Einfach mal reinschaun!<br>\r\nYes, in the IRC-net there''s #chaos-angel. Just have a look!'),
(10, 'Wie gehe ich mit den Besuchern um? <br>\r\nHow do I treat visitors?', 'Man soll gegen&uuml;ber den Besuchern immer h&ouml;flich und freundlich sein, auch wenn diese gestresst sind. Wenn man das Gef&uuml;hl hat, dass man mit der Situation nicht mehr klarkommt, sollte man sich jemanden zur Unterst&uuml;tzung holen, bevor man selbst auch gestresst wird :-) <br>\r\nYou should always be polite and friendly, especially if they are stressed. When you feel you can''t handle it on your own, get someone to help you out before you get so stressed yourself that you get impolite.'),
(11, 'Wann sind die Engelbesprechungen? <br>\r\nWhen are the angels briefings?', 'Das wird vor Ort noch festgelegt und steht im Himmelnewssystem.<br>\r\nThe information on the Angel Briefings will be in the news section of this system.'),
(12, 'Was muss ich noch bedenken?<br>\r\nAnything else I should know?', 'Man sollte nicht total &uuml;berm&uuml;det oder ausgehungert, wenn n man einen Einsatz hat. Eine gewisse Fitness ist hilfreich.<br>\r\nYou should not be exhausted or starving when you arrive for a shift. A reasonable amount of fitness for work would be very helpful.'),
(13, 'Ich habe eine Frage, auf die ich in der FAQ keine Antwort gefunden habe. Wohin soll ich mich wenden? <br>\r\nI have a guestion not answered here. Who can I ask?', 'Bei weitere Fragen kannst du die Anfragen an die Erzengel Formular benutzen.<br>\r\nIf you have further questions, you can use the Questions for the ArchAngels form.'),
(20, 'Wer muss alles Eintritt zahlen?<br>\r\nWho has to pay the full entrance price?', 'Jeder. Zumindest, solange er/sie &auml;lter als 12 Jahre ist...<br>\r\nEveryone who is at older than 12 years old.');
INSERT INTO `FAQ` (`FID`, `Frage`, `Antwort`) VALUES (1, 'Komme ich als Engel billiger/kostenlos auf den Congress?<br />\r\nDo I get in cheaper / for free to the congress as an angel ?', 'Nein, jeder Engel muss normal Eintritt bezahlen.<br />\r\nNo, every angel has to pay full price.'),
(2, 'Was bekomme ich f&uuml;r meine Mitarbeit?<br />\r\nWhat can i expect in return for my help? \r\n', 'Jeder Engel der arbeitet bekommt ein kostenloses T-Shirt nach der Veranstalltung <br />\r\nEvery working angel gets a free shirt after the event. '),
(3, 'Wie lange muss ich als Engel arbeiten?<br />\r\nHow long do I have to work as an angel ?', 'Diese Frage ist schwer zu beantworten. Es h&auml;ngt z.B. davon ab, was man macht (z.B. Workshop-Engel) und wieviele Engel wir zusammen bekommen. <br />\r\nThis is difficult to answer. It depends on what you decide to do (e.g. workshop angel) and how many people will attend. '),
(6, 'Ich bin erst XX Jahre alt. Kann ich &uuml;berhaupt helfen?<br />\r\nI''m only XX years old. Can I help anyway?', 'Wir k&ouml;nnen jede helfende Hand gebrauchen. Wenn du alt genug bist, um zum Congress zu kommen, bist du auch alt genug zu helfen. <br />\r\nWe need every help we can get. If your old enough to come to the congress, your old enough to help.'),
(8, 'Wer sind eigentlich die Erzengel?<br />\r\nWho <b>are</b> the Arch-Angels?\r\n', 'Erzengel sind dieses Jahr: BugBlue, TabascoEye, Jeedi, Daizy, volty<br /> \r\nThe ArchAngels for this year are: BugBlue, TabascoEye, Jeedi, Daizy, volty\r\n'),
(9, 'Gibt es dieses Jahr wieder einen IRC-Channel f&uuml;r Engel?<br />\r\nWill there be an IRC-channel for angels again?', 'Ja, im IRC-Net existiert #chaos-angel. Einfach mal reinschaun!<br />\r\nYes, in the IRC-net there''s #chaos-angel. Just have a look!'),
(10, 'Wie gehe ich mit den Besuchern um? <br />\r\nHow do I treat visitors?', 'Man soll gegen&uuml;ber den Besuchern immer h&ouml;flich und freundlich sein, auch wenn diese gestresst sind. Wenn man das Gef&uuml;hl hat, dass man mit der Situation nicht mehr klarkommt, sollte man sich jemanden zur Unterst&uuml;tzung holen, bevor man selbst auch gestresst wird :-) <br />\r\nYou should always be polite and friendly, especially if they are stressed. When you feel you can''t handle it on your own, get someone to help you out before you get so stressed yourself that you get impolite.'),
(11, 'Wann sind die Engelbesprechungen? <br />\r\nWhen are the angels briefings?', 'Das wird vor Ort noch festgelegt und steht im Himmelnewssystem.<br />\r\nThe information on the Angel Briefings will be in the news section of this system.'),
(12, 'Was muss ich noch bedenken?<br />\r\nAnything else I should know?', 'Man sollte nicht total &uuml;berm&uuml;det oder ausgehungert, wenn n man einen Einsatz hat. Eine gewisse Fitness ist hilfreich.<br />\r\nYou should not be exhausted or starving when you arrive for a shift. A reasonable amount of fitness for work would be very helpful.'),
(13, 'Ich habe eine Frage, auf die ich in der FAQ keine Antwort gefunden habe. Wohin soll ich mich wenden? <br />\r\nI have a guestion not answered here. Who can I ask?', 'Bei weitere Fragen kannst du die Anfragen an die Erzengel Formular benutzen.<br />\r\nIf you have further questions, you can use the Questions for the ArchAngels form.'),
(20, 'Wer muss alles Eintritt zahlen?<br />\r\nWho has to pay the full entrance price?', 'Jeder. Zumindest, solange er/sie &auml;lter als 12 Jahre ist...<br />\r\nEveryone who is at older than 12 years old.');
-- --------------------------------------------------------
@ -79,7 +79,7 @@ CREATE TABLE IF NOT EXISTS `News` (
`UID` int(11) NOT NULL default '0',
`Treffen` tinyint(4) NOT NULL default '0',
PRIMARY KEY (`ID`)
) TYPE=MyISAM AUTO_INCREMENT=1 ;
) ENGINE=MyISAM AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
@ -98,7 +98,7 @@ CREATE TABLE IF NOT EXISTS `Questions` (
`AID` int(11) NOT NULL default '0',
`Answer` text NOT NULL,
PRIMARY KEY (`QID`)
) TYPE=MyISAM COMMENT='Fragen und Antworten' AUTO_INCREMENT=21 ;
) ENGINE=MyISAM COMMENT='Fragen und Antworten' AUTO_INCREMENT=21 ;
-- --------------------------------------------------------
@ -118,7 +118,7 @@ CREATE TABLE IF NOT EXISTS `Room` (
`show` char(1) NOT NULL default 'Y',
`Number` int(11) default NULL,
PRIMARY KEY (`RID`)
) TYPE=MyISAM AUTO_INCREMENT=1 ;
) ENGINE=MyISAM AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
@ -137,7 +137,7 @@ CREATE TABLE IF NOT EXISTS `ShiftEntry` (
`TID` int(11) NOT NULL default '0',
`UID` int(11) NOT NULL default '0',
`Comment` text
) TYPE=MyISAM;
) ENGINE=MyISAM;
-- --------------------------------------------------------
@ -161,7 +161,7 @@ CREATE TABLE IF NOT EXISTS `Shifts` (
`URL` text,
`PSID` text,
PRIMARY KEY (`SID`)
) TYPE=MyISAM AUTO_INCREMENT=1 ;
) ENGINE=MyISAM AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
@ -180,7 +180,7 @@ CREATE TABLE IF NOT EXISTS `Wecken` (
`Ort` text NOT NULL,
`Bemerkung` text NOT NULL,
PRIMARY KEY (`ID`)
) TYPE=MyISAM AUTO_INCREMENT=1 ;
) ENGINE=MyISAM AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
@ -201,7 +201,7 @@ CREATE TABLE IF NOT EXISTS `news_comments` (
`UID` int(11) NOT NULL default '0',
PRIMARY KEY (`ID`),
KEY `Refid` (`Refid`)
) TYPE=MyISAM AUTO_INCREMENT=1 ;
) ENGINE=MyISAM AUTO_INCREMENT=1 ;
--
-- Tabellenstruktur für Tabelle `Counter`
@ -212,7 +212,7 @@ CREATE TABLE IF NOT EXISTS `Counter` (
`URL` varchar(255) NOT NULL default '',
`Anz` bigint(20) NOT NULL default '0',
PRIMARY KEY (`URL`)
) TYPE=MyISAM COMMENT='Counter der Seiten';
) ENGINE=MyISAM COMMENT='Counter der Seiten';
--
-- Tabellenstruktur für Tabelle `ShiftFreeloader`
@ -225,5 +225,5 @@ CREATE TABLE IF NOT EXISTS `ShiftFreeloader` (
`Length` int(11) NOT NULL,
`Comment` text NOT NULL,
PRIMARY KEY (`ID`)
) TYPE=MyISAM AUTO_INCREMENT=1 ;
) ENGINE=MyISAM AUTO_INCREMENT=1 ;

2
DB/SDrohnen.sql
Unescape Escape View File

@ -22,7 +22,7 @@ CREATE TABLE `Sprache` (
`Sprache` char(2) NOT NULL default 'DE',
`Text` text NOT NULL,
KEY `TextID` (`TextID`,`Sprache`)
) TYPE=MyISAM;
) ENGINE=MyISAM;
--
-- Daten fuer Tabelle `Sprache`

2
DB/Sprache.sql
Unescape Escape View File

@ -22,7 +22,7 @@ CREATE TABLE `Sprache` (
`Sprache` char(2) NOT NULL default 'DE',
`Text` text NOT NULL,
KEY `TextID` (`TextID`,`Sprache`)
) TYPE=MyISAM;
) ENGINE=MyISAM;
--
-- Daten für Tabelle `Sprache`

152
DB/UserCVS.sql
Unescape Escape View File

@ -1,87 +1,100 @@
-- phpMyAdmin SQL Dump
-- version 3.2.4
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Erstellungszeit: 01. Juni 2011 um 13:24
-- Server Version: 5.1.44
-- PHP-Version: 5.3.1
SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
--
-- Datenbank: `engelsystem`
--
-- --------------------------------------------------------
--
-- Tabellenstruktur für Tabelle `UserCVS`
-- Tabellenstruktur für Tabelle `UserCVS`
--
DROP TABLE IF EXISTS `UserCVS`;
CREATE TABLE `UserCVS` (
`UID` int(11) NOT NULL default '0',
`GroupID` int(11) default '-2',
`index.php` char(1) NOT NULL default 'G',
`logout.php` char(1) NOT NULL default 'G',
`faq.php` char(1) NOT NULL default 'G',
`lageplan.php` char(1) NOT NULL default 'G',
`makeuser.php` char(1) NOT NULL default 'G',
`nonpublic/index.php` char(1) NOT NULL default 'G',
`nonpublic/news.php` char(1) NOT NULL default 'G',
`nonpublic/newsAddMeting` char(1) NOT NULL default 'G',
`nonpublic/news_comments.php` char(1) NOT NULL default 'G',
`nonpublic/myschichtplan.php` char(1) NOT NULL default 'G',
`nonpublic/myschichtplan_ical.php` char(1) NOT NULL default 'G',
`nonpublic/schichtplan_beamer.php` char(1) NOT NULL default 'G',
`nonpublic/engelbesprechung.php` char(1) NOT NULL default 'G',
`nonpublic/schichtplan.php` char(1) NOT NULL default 'G',
`nonpublic/schichtplan_add.php` char(1) NOT NULL default 'G',
`nonpublic/wecken.php` char(1) NOT NULL default 'G',
`nonpublic/waeckliste.php` char(1) NOT NULL default 'G',
`nonpublic/messages.php` char(1) NOT NULL default 'G',
`nonpublic/faq.php` char(1) NOT NULL default 'G',
`nonpublic/einstellungen.php` char(1) NOT NULL default 'G',
`Change T_Shirt Size` char(1) NOT NULL default 'G',
`admin/index.php` char(1) NOT NULL default 'G',
`admin/room.php` char(1) NOT NULL default 'G',
`admin/EngelType.php` char(1) NOT NULL default 'G',
`admin/schichtplan.php` char(1) NOT NULL default 'G',
`admin/shiftadd.php` char(1) NOT NULL default 'G',
`admin/schichtplan_druck.php` char(1) NOT NULL default 'G',
`admin/user.php` char(1) NOT NULL default 'G',
`admin/userChangeNormal.php` char(1) NOT NULL default 'G',
`admin/userSaveNormal.php` char(1) NOT NULL default 'G',
`admin/userChangeSecure.php` char(1) NOT NULL default 'G',
`admin/userSaveSecure.php` char(1) NOT NULL default 'G',
`admin/group.php` char(1) NOT NULL default 'G',
`admin/userDefaultSetting.php` char(1) NOT NULL default 'G',
`admin/UserPicture.php` char(1) NOT NULL default 'G',
`admin/userArrived.php` char(1) NOT NULL default 'G',
`admin/aktiv.php` char(1) NOT NULL default 'G',
`admin/tshirt.php` char(1) NOT NULL default 'G',
`admin/news.php` char(1) NOT NULL default 'G',
`admin/faq.php` char(1) NOT NULL default 'G',
`admin/free.php` char(1) NOT NULL default 'G',
`admin/sprache.php` char(1) NOT NULL default 'G',
`admin/dect.php` char(1) NOT NULL default 'G',
`admin/dect_call.php` char(1) NOT NULL default 'G',
`admin/dbUpdateFromXLS.php` char(1) NOT NULL default 'G',
`admin/Recentchanges.php` char(1) NOT NULL default 'G',
`admin/debug.php` char(1) NOT NULL default 'G',
`Herald` char(1) NOT NULL default 'G',
`Info` char(1) NOT NULL default 'G',
`Conference` char(1) NOT NULL default 'G',
`Kasse` char(1) NOT NULL default 'G',
CREATE TABLE IF NOT EXISTS `UserCVS` (
`UID` int(11) NOT NULL DEFAULT '0',
`GroupID` int(11) DEFAULT '-2',
`index.php` char(1) NOT NULL DEFAULT 'G',
`logout.php` char(1) NOT NULL DEFAULT 'G',
`faq.php` char(1) NOT NULL DEFAULT 'G',
`lageplan.php` char(1) NOT NULL DEFAULT 'G',
`makeuser.php` char(1) NOT NULL DEFAULT 'G',
`nonpublic/index.php` char(1) NOT NULL DEFAULT 'G',
`nonpublic/news.php` char(1) NOT NULL DEFAULT 'G',
`nonpublic/newsAddMeting` char(1) NOT NULL DEFAULT 'G',
`nonpublic/news_comments.php` char(1) NOT NULL DEFAULT 'G',
`nonpublic/myschichtplan.php` char(1) NOT NULL DEFAULT 'G',
`nonpublic/myschichtplan_ical.php` char(1) NOT NULL DEFAULT 'G',
`nonpublic/schichtplan_beamer.php` char(1) NOT NULL DEFAULT 'G',
`nonpublic/engelbesprechung.php` char(1) NOT NULL DEFAULT 'G',
`nonpublic/schichtplan.php` char(1) NOT NULL DEFAULT 'G',
`nonpublic/schichtplan_add.php` char(1) NOT NULL DEFAULT 'G',
`nonpublic/wecken.php` char(1) NOT NULL DEFAULT 'G',
`nonpublic/waeckliste.php` char(1) NOT NULL DEFAULT 'G',
`nonpublic/messages.php` char(1) NOT NULL DEFAULT 'G',
`nonpublic/faq.php` char(1) NOT NULL DEFAULT 'G',
`nonpublic/einstellungen.php` char(1) NOT NULL DEFAULT 'G',
`Change T_Shirt Size` char(1) NOT NULL DEFAULT 'G',
`admin/index.php` char(1) NOT NULL DEFAULT 'G',
`admin/room.php` char(1) NOT NULL DEFAULT 'G',
`admin/EngelType.php` char(1) NOT NULL DEFAULT 'G',
`admin/schichtplan.php` char(1) NOT NULL DEFAULT 'G',
`admin/shiftadd.php` char(1) NOT NULL DEFAULT 'G',
`admin/schichtplan_druck.php` char(1) NOT NULL DEFAULT 'G',
`admin/user.php` char(1) NOT NULL DEFAULT 'G',
`admin/userChangeNormal.php` char(1) NOT NULL DEFAULT 'G',
`admin/userSaveNormal.php` char(1) NOT NULL DEFAULT 'G',
`admin/userChangeSecure.php` char(1) NOT NULL DEFAULT 'G',
`admin/userSaveSecure.php` char(1) NOT NULL DEFAULT 'G',
`admin/group.php` char(1) NOT NULL DEFAULT 'G',
`admin/userDefaultSetting.php` char(1) NOT NULL DEFAULT 'G',
`admin/UserPicture.php` char(1) NOT NULL DEFAULT 'G',
`admin/userArrived.php` char(1) NOT NULL DEFAULT 'G',
`admin/aktiv.php` char(1) NOT NULL DEFAULT 'G',
`admin/tshirt.php` char(1) NOT NULL DEFAULT 'G',
`admin/news.php` char(1) NOT NULL DEFAULT 'G',
`admin/faq.php` char(1) NOT NULL DEFAULT 'G',
`admin/free.php` char(1) NOT NULL DEFAULT 'G',
`admin/sprache.php` char(1) NOT NULL DEFAULT 'G',
`admin/dect.php` char(1) NOT NULL DEFAULT 'G',
`admin/dect_call.php` char(1) NOT NULL DEFAULT 'G',
`admin/dbUpdateFromXLS.php` char(1) NOT NULL DEFAULT 'G',
`admin/Recentchanges.php` char(1) NOT NULL DEFAULT 'G',
`admin/debug.php` char(1) NOT NULL DEFAULT 'G',
`Herald` char(1) NOT NULL DEFAULT 'G',
`Info` char(1) NOT NULL DEFAULT 'G',
`Conference` char(1) NOT NULL DEFAULT 'G',
`Kasse` char(1) NOT NULL DEFAULT 'G',
`credits.php` char(1) NOT NULL,
PRIMARY KEY (`UID`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
--
-- Daten für Tabelle `UserCVS`
-- Daten für Tabelle `UserCVS`
--
INSERT INTO `UserCVS` (`UID`, `GroupID`, `index.php`, `logout.php`, `faq.php`, `lageplan.php`, `makeuser.php`, `nonpublic/index.php`, `nonpublic/news.php`, `nonpublic/newsAddMeting`, `nonpublic/news_comments.php`, `nonpublic/myschichtplan.php`, `nonpublic/myschichtplan_ical.php`, `nonpublic/schichtplan_beamer.php`, `nonpublic/engelbesprechung.php`, `nonpublic/schichtplan.php`, `nonpublic/schichtplan_add.php`, `nonpublic/wecken.php`, `nonpublic/waeckliste.php`, `nonpublic/messages.php`, `nonpublic/faq.php`, `nonpublic/einstellungen.php`, `Change T_Shirt Size`, `admin/index.php`, `admin/room.php`, `admin/EngelType.php`, `admin/schichtplan.php`, `admin/shiftadd.php`, `admin/schichtplan_druck.php`, `admin/user.php`, `admin/userChangeNormal.php`, `admin/userSaveNormal.php`, `admin/userChangeSecure.php`, `admin/userSaveSecure.php`, `admin/group.php`, `admin/userDefaultSetting.php`, `admin/UserPicture.php`, `admin/userArrived.php`, `admin/aktiv.php`, `admin/tshirt.php`, `admin/news.php`, `admin/faq.php`, `admin/free.php`, `admin/sprache.php`, `admin/dect.php`, `admin/dect_call.php`, `admin/dbUpdateFromXLS.php`, `admin/Recentchanges.php`, `admin/debug.php`, `Herald`, `Info`, `Conference`, `Kasse`) VALUES
(1, -4, 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G'),
(-1, NULL, 'Y', 'N', 'Y', 'N', 'Y', 'Y', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N'),
(-2, NULL, 'N', 'Y', 'Y', 'N', 'N', 'Y', 'Y', 'N', 'Y', 'Y', 'Y', 'N', 'Y', 'Y', 'Y', 'N', 'N', 'Y', 'Y', 'Y', 'Y', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N'),
(-3, NULL, 'N', 'Y', 'Y', 'N', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'N', 'N', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'N', 'N', 'N', 'N', 'Y', 'Y', 'N', 'N', 'Y', 'Y', 'Y', 'N', 'N', 'N', 'N', 'Y', 'N', 'Y', 'Y', 'Y', 'Y'),
(-4, NULL, 'N', 'Y', 'Y', 'N', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'N', 'Y', 'Y', 'Y', 'N', 'N', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'N', 'N', 'N', 'Y', 'Y', 'N', 'Y', 'Y', 'Y', 'Y'),
(-5, NULL, 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y');
INSERT INTO `UserCVS` (`UID`, `GroupID`, `index.php`, `logout.php`, `faq.php`, `lageplan.php`, `makeuser.php`, `nonpublic/index.php`, `nonpublic/news.php`, `nonpublic/newsAddMeting`, `nonpublic/news_comments.php`, `nonpublic/myschichtplan.php`, `nonpublic/myschichtplan_ical.php`, `nonpublic/schichtplan_beamer.php`, `nonpublic/engelbesprechung.php`, `nonpublic/schichtplan.php`, `nonpublic/schichtplan_add.php`, `nonpublic/wecken.php`, `nonpublic/waeckliste.php`, `nonpublic/messages.php`, `nonpublic/faq.php`, `nonpublic/einstellungen.php`, `Change T_Shirt Size`, `admin/index.php`, `admin/room.php`, `admin/EngelType.php`, `admin/schichtplan.php`, `admin/shiftadd.php`, `admin/schichtplan_druck.php`, `admin/user.php`, `admin/userChangeNormal.php`, `admin/userSaveNormal.php`, `admin/userChangeSecure.php`, `admin/userSaveSecure.php`, `admin/group.php`, `admin/userDefaultSetting.php`, `admin/UserPicture.php`, `admin/userArrived.php`, `admin/aktiv.php`, `admin/tshirt.php`, `admin/news.php`, `admin/faq.php`, `admin/free.php`, `admin/sprache.php`, `admin/dect.php`, `admin/dect_call.php`, `admin/dbUpdateFromXLS.php`, `admin/Recentchanges.php`, `admin/debug.php`, `Herald`, `Info`, `Conference`, `Kasse`, `credits.php`) VALUES
(1, -4, 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G'),
(-1, NULL, 'Y', 'N', 'Y', 'N', 'Y', 'Y', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'Y'),
(-2, NULL, 'N', 'Y', 'Y', 'N', 'N', 'Y', 'Y', 'N', 'Y', 'Y', 'Y', 'N', 'Y', 'Y', 'Y', 'N', 'N', 'Y', 'Y', 'Y', 'Y', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'Y'),
(-3, NULL, 'N', 'Y', 'Y', 'N', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'N', 'N', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'N', 'N', 'N', 'N', 'Y', 'Y', 'N', 'N', 'Y', 'Y', 'Y', 'N', 'N', 'N', 'N', 'Y', 'N', 'Y', 'Y', 'Y', 'Y', 'Y'),
(-4, NULL, 'N', 'Y', 'Y', 'N', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'N', 'Y', 'Y', 'Y', 'N', 'N', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'N', 'N', 'N', 'Y', 'Y', 'N', 'Y', 'Y', 'Y', 'Y', 'Y'),
(-5, NULL, 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y'),
-- --------------------------------------------------------
-- --------------------------------------------------------
-- --------------------------------------------------------
--
-- Tabellenstruktur für Tabelle `UserGroups`
-- Tabellenstruktur für Tabelle `UserGroups`
--
DROP TABLE IF EXISTS `UserGroups`;
CREATE TABLE IF NOT EXISTS `UserGroups` (
`Name` varchar(35) NOT NULL,
`UID` int(11) NOT NULL,
@ -89,7 +102,7 @@ CREATE TABLE IF NOT EXISTS `UserGroups` (
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
--
-- Daten für Tabelle `UserGroups`
-- Daten für Tabelle `UserGroups`
--
INSERT INTO `UserGroups` (`Name`, `UID`) VALUES
@ -98,4 +111,3 @@ INSERT INTO `UserGroups` (`Name`, `UID`) VALUES
('3-Shift Coordinator', -3),
('4-Erzengel', -4),
('5-Developer', -5);

2
DB/UserPicture.sql
Unescape Escape View File

@ -22,7 +22,7 @@ CREATE TABLE `UserPicture` (
`ContentType` varchar(20) NOT NULL default '',
`show` char(1) NOT NULL default 'N',
PRIMARY KEY (`UID`)
) TYPE=MyISAM;
) ENGINE=MyISAM;
--
-- Daten für Tabelle `UserPicture`

1248
DB/db_rewrite.sql
View File

File diff suppressed because one or more lines are too long

6
config/.gitignore vendored
Unescape Escape View File

@ -0,0 +1,6 @@
config_db.php
config_jabber.php
config_modem.php
config.php
config_IAX.php
config_MessegeServer.php

16
default-conf/var_www_includes/config.php
Unescape Escape View File

@ -1,10 +1,13 @@
<?PHP
<?php
// Adresse des Webservers
$url = "https://SEDENGELURL";
// Startverzeichnis des Engelhome
$ENGEL_ROOT = "/";
// Default-Theme auf der Startseite, 1=style1.css usw.
$default_theme = 10;
// System disable message, ist ist set is: bages schow only this text
//$SystemDisableMessage="<H1>This system ist moved to a server in the BCC, you can in the moment only youse it in the in Engel Room</H1>";
@ -16,18 +19,15 @@ $LETZTES_AUSTRAGEN=3;
//Setzt den zu verwendenden Crypto algorismis
// mp5 oder crypt
// achtung crypt schaltet password ändern ab
// achtung crypt schaltet password <EFBFBD>ndern ab
$crypt_system="md5";
//$crypt_system="crypt";
// the archangels
$arch_angels="fnord";
// timezonen offsett
$gmdateOffset=3600;
// für Developen 1, sonst = 0
$DEBUG = 0;
// f<EFBFBD>r Developen 1, sonst = 0
$debug = 0;
// SSL Cert-KEY
$show_SSLCERT = "MD5:<br>MD5SED<br>\n".
@ -42,7 +42,7 @@ $Tempdir="./tmp";
// local timezone
date_default_timezone_set("Europe/Berlin");
//Pentabarf ConferenzDI für UpdateDB
//Pentabarf ConferenzDI f<EFBFBD>r UpdateDB
$PentabarfXMLhost = "cccv.pentabarf.org";
$PentabarfXMLpath = "Xcal/conference/";
$PentabarfXMLEventID = "31";

2
default-conf/var_www_includes/config_IAX.php
Unescape Escape View File

@ -1,4 +1,4 @@
<?PHP
<?php
$IAXenable = TRUE;

9
default-conf/var_www_includes/config_db.php
Unescape Escape View File

@ -1,6 +1,9 @@
<?php
include("funktion_db.php");
$con = mysql_connect("localhost", "root", "changeme") or die ("connection failed");
$sel = mysql_select_db("tabel") or die (mysql_error());
// MySQL-Connection Settings
$config['host'] = "localhost";
$config['user'] = "root";
$config['pw'] = "";
$config['db'] = "engelsystem";
?>

0
default-conf/var_www_includes/config_jabber.php
Unescape Escape View File

15
default-conf/var_www_includes/config_modem.php
Unescape Escape View File

@ -1,11 +1,10 @@
<?PHP
<?php
// ist ein modem angeschlossen
$ModemEnable = false;
//ist ein modem angeschlossen
$ModemEnable = false;
// COM port
$ModemDev ="/dev/ttyS0";
// COM port
$ModemDev="/dev/ttyS0";
// vorwahl, bei tnovis telefonanlage für das programmieren von weckrufen
$WackupNumber="**3";
// vorwahl, bei tnovis telefonanlage fuer das programmieren von weckrufen
$WakeupNumber="**3";
?>

2090
import/27C3_sample.xcs.xml
View File

File diff suppressed because it is too large Load Diff

102
includes/UserCVS.php
Unescape Escape View File

@ -1,102 +0,0 @@
<?php
if( !isset($_SESSION['UID']))
$_SESSION['UID'] = -1;
// CVS import Data
$SQL_CVS = "SELECT * FROM `UserCVS` WHERE UID=".$_SESSION['UID'];
$Erg_CVS = mysql_query($SQL_CVS, $con);
$_SESSION['CVS'] = mysql_fetch_array($Erg_CVS);
// Group import Data, if nesseary
if( isset( $_SESSION['CVS'][ "GroupID" ]))
{
$SQL_GRP = "SELECT * FROM `UserCVS` WHERE UID=".$_SESSION['CVS'][ "GroupID" ];
$Erg_GRP = mysql_query($SQL_GRP, $con);
$_SESSION['CVS_Group'] = mysql_fetch_array($Erg_GRP);
foreach( $_SESSION['CVS'] as $k => $v)
{
if($v=="G") // Right == Group
$_SESSION['CVS'][$k] = $_SESSION['CVS_Group'][$k];
}
}
//pagename ermitteln
$Page["Name"] = substr( $_SERVER['PHP_SELF'], strlen($ENGEL_ROOT) );
//recht für diese seite auslesen
if( isset( $_SESSION['CVS'][ $Page["Name"] ]))
$Page["CVS"] = $_SESSION['CVS'][ $Page["Name"] ];
else
{
echo "SYSTEM ERROR: now right for ". $Page["Name"]. "exist";
die;
}
if( $DEBUG )
{
// foreach( $_SESSION as $k => $v)
// echo "$k = $v<br>\n";
echo "<pre>\$_SESSION:\n";
print_r($_SESSION);
echo "</pre>";
if( strlen($Page["CVS"]) == 0 )
echo "<h1><u> CVS ERROR, on page '". $Page["Name"]. "'</u></h1>";
else
echo "CVS: ". $Page["Name"]. " => '". $Page["CVS"]. "'<br>";
}
function funktion_isLinkAllowed( $PageName)
{
global $_SESSION;
// separate page parameter
$ParameterPos = strpos( $PageName, ".php?");
if( $ParameterPos === FALSE)
{
$pName = $PageName;
}
else
{
$pName = substr( $PageName, 0, $ParameterPos + 4);
}
// check rights
if( (isset( $_SESSION['CVS'][ $pName ]) === TRUE) &&
($_SESSION['CVS'][ $pName ] == "Y") )
{
return TRUE;
}
return FALSE;
}
function funktion_isLinkAllowed_addLink_OrLinkText( $PageName, $LinkText)
{
global $url, $ENGEL_ROOT;
if( funktion_isLinkAllowed( $PageName) === TRUE)
{
return "<a href=\"". $url. $ENGEL_ROOT. $PageName. "\">". $LinkText. "</a>";
}
return $LinkText;
}
function funktion_isLinkAllowed_addLink_OrEmpty( $PageName, $LinkText)
{
global $url, $ENGEL_ROOT;
if( funktion_isLinkAllowed( $PageName) === TRUE)
{
return "<a href=\"". $url. $ENGEL_ROOT. $PageName. "\">". $LinkText. "</a>";
}
return "";
}
?>

8
includes/config_MessegeServer.php
Unescape Escape View File

@ -1,8 +0,0 @@
<?
// Set the ip and port we will listen on
define( SERVER_ADDRESS, "127.0.0.1" );
define( SERVER_PORT, 9000 );
define( DEBUG, TRUE);
?>

11
includes/config_modem.php
Unescape Escape View File

@ -1,11 +0,0 @@
<?PHP
//ist ein modem angeschlossen
$ModemEnable = false;
// COM port
$ModemDev="/dev/ttyS0";
// vorwahl, bei tnovis telefonanlage für das programmieren von weckrufen
$WackupNumber="**3";
?>

18
includes/crypt.php
Unescape Escape View File

@ -1,18 +0,0 @@
<?php
function PassCrypt($passwort) {
include "config.php";
switch ($crypt_system) {
case "crypt":
return "{crypt}".crypt($passwort, "77");
case "md5":
return md5($passwort);
}
}
?>

60
includes/error_handler.php
Unescape Escape View File

@ -1,67 +1,65 @@
<?php
require_once("funktion_jabber.php");
require_once "funktion_jabber.php";
// global array for collected error_messages
$error_messages = array();
// general error handler collecting all messages in an array
function Error_Handler($error_number, $error_string, $error_file, $error_line, $error_context)
{
function Error_Handler($error_number, $error_string, $error_file, $error_line, $error_context) {
global $error_messages, $con;
//SQL error genauer analysiert
// SQL error genauer analysiert
$Temp = "";
foreach ($error_context as $k => $v )
if( (strpos( "0$k", "sql") > 0) || (strpos( "0$k", "SQL") > 0))
foreach ($error_context as $k => $v)
if((strpos( "0$k", "sql") > 0) || (strpos( "0$k", "SQL") > 0))
$Temp .= "Error Context: $k = $v\n";
if( (strpos( "0$error_string", "MySQL") > 0) )
if((strpos( "0$error_string", "MySQL") > 0))
$Temp .= "Error MySQL: ". mysql_error($con). "\n";
//übergeben des arrays
array_push( $error_messages, "Error Number: $error_number\n".
"Error String: $error_string\n".
"Error File: $error_file\n".
"Error Line: $error_line\n".
(strlen($Temp)? "$Temp": "")
);
// Uebergeben des arrays
array_push($error_messages, "Error Number: " . $error_number . "\n".
"Error String: " . $error_string . "\n".
"Error File: " . $error_file . "\n".
"Error Line: " . $error_line . "\n".
(strlen($Temp)? "$Temp": ""));
}
// register error handler
set_error_handler("Error_Handler");
ini_set( "error_reporting", E_ALL);
if( $DEBUG)
{
ini_set( "display_errors", "On");
ini_set( "display_startup_errors", "On");
ini_set( "html_errors", "On");
error_reporting(E_ALL);
if($debug) {
ini_set("display_errors", "On");
ini_set("display_startup_errors", "On");
ini_set("html_errors", "On");
}
// send errors
function send_errors()
{
function send_errors() {
global $error_messages;
if (!$error_messages) return;
if(!$error_messages)
return;
$message = "";
foreach($error_messages as $value)
$message .= $value."\n";
$message .= "\n";
if( isset( $_POST))
{
foreach ($_POST as $k => $v )
if(isset($_POST)) {
foreach ($_POST as $k => $v)
$message .= "_POST: $k = ". ( $k!="password"? $v : "???..."). "\n";
$message .= "\n";
}
if( isset( $_GET))
{
foreach ($_GET as $k => $v )
if(isset($_GET)) {
foreach ($_GET as $k => $v)
$message .= "_GET: $k = $v\n";
$message .= "\n";
}
@ -102,7 +100,7 @@
function send_message(&$message)
{
chdir(dirname(__FILE__));
require_once('./config_jabber.php');
require_once('../config/config_jabber.php');
if (isset($jabber_recipient) && count($jabber_recipient)) {
$jabber = new Jabber($server, $port, $username, $password, $resource);

57
includes/footer.php
Unescape Escape View File

@ -1,57 +0,0 @@
<?PHP
?>
<!-- anfang des footers //-->
<br>
<p align="center">
<?PHP If (IsSet($_SESSION['oldurl']))
echo "<a href=\"". $_SESSION["oldurl"]. "\">".Get_Text("back")."</a>&nbsp;";
?>
<a href="#top"><?PHP echo Get_Text("top"); ?></a>
</p>
</td>
</tr>
</table>
</td>
<!-- anfang des menue parts //-->
<?PHP
if( $_SESSION['Menu'] =="R") include("menu.php");
?>
</td>
<!-- ende des menue parts //-->
</tr>
<tr>
<td colspan="2">
<h5 align="center"> &#169; copyleft - <a href="mailto:erzengel@lists.ccc.de">Kontakt</a>
<?PHP
include( "funktion_counter.php");
include( "funktion_flag.php");
?></h5>
</td>
</tr>
</table>
<!-- </div> -->
<?php mysql_close($con); ?>
</div>
</BODY>
</HTML>

16
includes/funktion_SendMessenges.php
Unescape Escape View File

@ -1,18 +1,14 @@
<?php
function SendData($Data)
{
include("config_MessegeServer.php");
function SendData($Data) {
include "config_MessegeServer.php";
// Create a UDP socket
$sock = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP);
//send packed
socket_sendto($sock, $Data, 9999, 0x4, SERVER_ADDRESS, SERVER_PORT);
}
}
function SendMessageJabber($Adresse, $Nachricht)
{
function SendMessageJabber($Adresse, $Nachricht) {
SendData( "#message $Adresse $Nachricht");
}
}
?>

59
includes/funktion_activeUser.php
Unescape Escape View File

@ -1,59 +0,0 @@
<?PHP
// Functionen gibt es nicht auf ellen rechern
if( !function_exists("bcdiv"))
{
function bcdiv( $param1, $param2)
{
return floor( $param1 / $param2);
}
}
if( !function_exists("bcmod"))
{
function bcmod( $param1, $param2)
{
return $param1 - ( $param2 * bcdiv( $param1, $param2));
}
}
echo "<h4 class=\"menu\">Engel online</h4>";
$SQL = "SELECT UID, Nick, lastLogIn ".
"FROM User ".
"WHERE (`lastLogIn` > '". gmdate("YmdHis", time()-(60*60)). "' AND NOT (UID=". $_SESSION['UID']. ")) ".
"ORDER BY lastLogIn DESC;";
$Erg = mysql_query( $SQL, $con);
$Tist = (gmdate("d", time()) * 60 * 60 * 24) + // Tag
(gmdate("H", time()) * 60 * 60) + // Stunde
(gmdate("i", time()) * 60) + // Minute
(gmdate("s", time()) ); // Sekunde
for( $i=0; $i<mysql_num_rows($Erg); $i++)
{
echo "\t\t\t<li>";
if( $_SESSION['UID']>0 )
echo DisplayAvatar( mysql_result( $Erg, $i, "UID"));
// Schow Admin Page
echo funktion_isLinkAllowed_addLink_OrLinkText(
"admin/userChangeNormal.php?enterUID=". mysql_result( $Erg, $i, "UID"). "&Type=Normal",
mysql_result( $Erg, $i, "Nick"));
$Tlog = (substr( mysql_result( $Erg, $i, "lastLogIn"), 8, 2) * 60 * 60 * 24) + // Tag
(substr( mysql_result( $Erg, $i, "lastLogIn"), 11, 2) * 60 * 60) + // Stunde
(substr( mysql_result( $Erg, $i, "lastLogIn"), 14, 2) * 60) + // Minute
(substr( mysql_result( $Erg, $i, "lastLogIn"), 17, 2) ); // Sekunde
$Tlog = $Tist-$Tlog;
echo " ". bcdiv( $Tlog, 60). ":";
if( strlen(bcmod( $Tlog, 60))==1)
echo "0";
echo bcmod( $Tlog, 60);
echo "</li>\n";
}
?>

24
includes/funktion_counter.php
Unescape Escape View File

@ -1,24 +0,0 @@
<?PHP
$SQL = "SELECT `Anz` FROM `Counter` WHERE `URL`=\"". $Page["Name"]. "\"";
$Erg = mysql_query($SQL, $con);
echo mysql_error($con);
if(mysql_num_rows($Erg)==0)
{
// echo "Counter: 1";
$SQL = "INSERT INTO `Counter` ( `URL` , `Anz` ) ".
"VALUES ('". $Page["Name"]. "', '1');";
$Erg = mysql_query($SQL, $con);
}
elseif(mysql_num_rows($Erg)==1)
{
// echo "Counter: ". (mysql_result($Erg, 0, 0)+1);
$SQL = "UPDATE `Counter` SET `Anz` = '". (mysql_result($Erg, 0, 0) +1). "' ".
"WHERE `URL` = '". $Page["Name"]. "' LIMIT 1 ;";
$Erg = mysql_query($SQL, $con);
}
?>

141
includes/funktion_cron.php
Unescape Escape View File

@ -1,61 +1,61 @@
<?PHP
function UID2DECT($UID)
{
<?php
function UID2DECT($UID) {
global $con;
$SQL = "SELECT DECT FROM `User` WHERE UID='$UID'";
$Erg = mysql_query($SQL, $con);
if( mysql_num_rows( $Erg) == 1)
if(mysql_num_rows( $Erg) == 1)
return mysql_result($Erg, 0);
else
return "";
}
function RID2Room($RID)
{
}
function RID2Room($RID) {
global $con;
$SQL = "SELECT Name FROM `Room` WHERE RID='$RID'";
$Erg = mysql_query($SQL, $con);
if( mysql_num_rows( $Erg) == 1)
if(mysql_num_rows( $Erg) == 1)
return mysql_result($Erg, 0);
else
return "";
}
}
function TID2Engeltype($TID)
{
function TID2Engeltype($TID) {
global $con;
$SQL = "SELECT Name FROM `EngelType` WHERE TID='$TID'";
$Erg = mysql_query($SQL, $con);
if( mysql_num_rows( $Erg) == 1)
if(mysql_num_rows( $Erg) == 1)
return mysql_result($Erg, 0);
else
return "";
}
}
function DialNumberIAX( $DECTnumber, $Time, $RID, $TID)
{
function DialNumberIAX( $DECTnumber, $Time, $RID, $TID) {
global $IAXenable, $IAXcontent, $IAXserver, $AnrufDelay, $DebugDECT, $Tempdir, $AsteriskOutputDir;
//Parameter verarbeiten
// Parameter verarbeiten
$TimeH = substr( $Time, 11, 2);
$TimeM = substr( $Time, 14, 2);
$TimeM = substr( $Time, 14, 2) + $AnrufDelay;
if( $TimeM < 0 )
{
if($TimeM < 0) {
$TimeM += 60;
$TimeH -= 1;
}
if( $TimeH < 0 )
if($TimeH < 0)
$TimeH += 24;
if( strlen( $TimeH) == 1)
$TimeH = "0".$TimeH;
if(strlen( $TimeH) == 1)
$TimeH = "0" . $TimeH;
if( $IAXenable)
{ $Message="die-nee shisht beh-kinned , in where-neegin me-nooten . . . your shift beginns in a few minutes";
if (isset($SetHttpIAX))
{
if($IAXenable) {
$Message = "die-nee shisht beh-kinned, in where-neegin me-nooten . . . your shift beginns in a few minutes";
if(isset($SetHttpIAX)) {
$post_data = array();
$post_data['code'] = "89o8eu9cg4";
$post_data['callerid'] = "1023";
@ -64,81 +64,68 @@ function DialNumberIAX( $DECTnumber, $Time, $RID, $TID)
$post_data['message'] = "die-nee shisht beh-kinned , in where-neegin me-nooten . . . your shift beginns in a few minutes ";
$url = "https://23c3.eventphone.de/~bef/call.php";
$o="";
foreach ($post_data as $k=>$v)
{
$o.= "$k=".urlencode(utf8_encode($v))."&";
$o = "";
foreach ($post_data as $k => $v) {
$o.= "$k=" . urlencode(utf8_encode($v)) . "&";
}
$post_data=substr($o,0,-1);
$post_data = substr($o, 0, -1);
$ch = curl_init();
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$result = curl_exec($ch);
echo curl_error($ch);
curl_close($ch);
}
else
{
} else {
// IAX file Schareiebn
$CallFile = $Tempdir. "/call_". date("Ymd_His"). "_$DECTnumber";
if($DebugDECT) echo "IAX create file for dialing Number $DECTnumber\n";
$file = fopen( $CallFile, 'w' );
if( $file != FALSE)
{
fputs( $file, "Channel: SIP/$DECTnumber@$IAXserver\n"); //Ziel nummer
fputs( $file, "Callerid: Engelserver\n");
// fputs( $file, "Callerid: $IAXcontent\n");
// fputs( $file, "Context: $DECTnumber@$IAXserver\n");
fputs( $file, "Extension: s\n");
fputs( $file, "MaxRetries: 1\n");
fputs( $file, "RetryTime: 10\n");
fputs( $file, "SetVar: msg=$Message\n");
// fputs( $file, "SetVar: TimeH=$TimeH\n");
// fputs( $file, "SetVar: TimeM=$TimeM\n");
// fputs( $file, "SetVar: DECTnumber=$DECTnumber\n");
// fputs( $file, "SetVar: Room=". RID2Room( $RID). "\n");
// fputs( $file, "SetVar: Engeltype=". TID2Engeltype( $TID). "\n");
fclose($file);
system( "chmod 777 ". $CallFile);
system( "mv ". $CallFile. " ". $AsteriskOutputDir);
if($DebugDECT)
echo "IAX create file for dialing Number $DECTnumber\n";
}
else
$file = fopen( $CallFile, 'w');
if($file != false) {
fputs($file, "Channel: SIP/$DECTnumber@$IAXserver\n");
fputs($file, "Callerid: Engelserver\n");
fputs($file, "Extension: s\n");
fputs($file, "MaxRetries: 1\n");
fputs($file, "RetryTime: 10\n");
fputs($file, "SetVar: msg=$Message\n");
fclose($file);
system("chmod 777 " . $CallFile);
system("mv " . $CallFile . " " . $AsteriskOutputDir);
} else
echo "error: $CallFile not created";
}
} else
if($DebugDECT)
echo "IAX is disable\n";
}
else
if($DebugDECT) echo "IAX is disable\n";
}
function DialNumberModem( $DECTnumber, $Time)
{
function DialNumberModem($DECTnumber, $Time) {
global $AnrufDelay;
//Parameter verarbeiten
$TimeH = substr( $Time, 11, 2);
$TimeM = substr( $Time, 14, 2);
$TimeM = substr( $Time, 14, 2) + $AnrufDelay;
if( $TimeM < 0 )
{
// Parameter verarbeiten
$TimeH = substr($Time, 11, 2);
$TimeM = substr($Time, 14, 2);
$TimeM = substr($Time, 14, 2) + $AnrufDelay;
if($TimeM < 0) {
$TimeM += 60;
$TimeH -= 1;
}
if( $TimeH < 0 )
$TimeH += 24;
if( strlen( $TimeH) == 1)
$TimeH = "0".$TimeH;
SetWackeup( $DECTnumber, $TimeH, $TimeM);
}
if($TimeH < 0)
$TimeH += 24;
return 0;
if(strlen( $TimeH) == 1)
$TimeH = "0" . $TimeH;
SetWackeup($DECTnumber, $TimeH, $TimeM);
}
?>

70
includes/funktion_db.php
Unescape Escape View File

@ -1,9 +1,6 @@
<?PHP
if( !function_exists("db_query"))
{
function Ausgabe_Daten($SQL)
{
<?php
if( !function_exists("db_query")) {
function Ausgabe_Daten($SQL) {
global $con;
$Erg = mysql_query($SQL, $con);
@ -14,78 +11,77 @@ if( !function_exists("db_query"))
$Diff = "<table border=1>";
$Diff .= "<tr>";
for ($m = 0 ; $m < $Anzahl_Felder ; $m++)
$Diff .= "<th>". mysql_field_name($Erg, $m). "</th>";
$Diff .= "</tr>";
for ($n = 0 ; $n < $Zeilen ; $n++)
{
for ($n = 0 ; $n < $Zeilen ; $n++) {
$Diff .= "<tr>";
for ($m = 0 ; $m < $Anzahl_Felder ; $m++)
$Diff .= "<td>".mysql_result($Erg, $n, $m). "</td>";
$Diff .= "</tr>";
}
$Diff .= "</table>";
return $Diff;
}
function db_querry_getDatenAssocArray($SQL)
{
function db_querry_getDatenAssocArray($SQL) {
global $con;
$Erg = mysql_query($SQL, $con);
echo mysql_error($con);
$Daten = array();
for( $i=0; $i<mysql_num_rows($Erg); $i++)
$Daten[$i] = mysql_fetch_assoc($Erg);
return $Daten;
}
function db_querry_diffDaten($Daten1, $Daten2)
{
$Gefunden=False;
function db_querry_diffDaten($Daten1, $Daten2) {
$Gefunden = false;
$Diff = "\n<table border=1>\n";
$Diff .= "<tr>\n\t<th>Feldname</th>\n\t<th>old Value</th>\n\t<th>new Value</th>\n";
$Diff .= "<tr>\n<th>Feldname</th>\n<th>old Value</th>\n<th>new Value</th>\n";
$Diff .= "</tr>\n";
foreach($Daten1 as $DataKey => $Data1)
{
if( isset( $Daten2[$DataKey]))
{
foreach($Daten1 as $DataKey => $Data1) {
if(isset( $Daten2[$DataKey])) {
$Data2 = $Daten2[$DataKey];
foreach($Data1 as $key => $value)
if( $value != $Data2[$key])
{
$Gefunden=TRUE;
$Diff .= "<tr>\n\t<td>$key</td>\n\t<td>$value</td>\n\t<td>".$Data2[$key]."</rd>\n</tr>";
if( $value != $Data2[$key]) {
$Gefunden = true;
$Diff .= "<tr>\n<td>$key</td>\n<td>$value</td>\n<td>" . $Data2[$key] . "</rd>\n</tr>";
}
}
else
foreach($Data1 as $key => $value)
{
$Gefunden=TRUE;
$Diff .= "<tr>\n\t<td>$key</td>\n\t<td>$value</td>\n\t<td></rd>\n</tr>";
} else
foreach($Data1 as $key => $value) {
$Gefunden = true;
$Diff .= "<tr>\n<td>$key</td>\n<td>$value</td>\n<td></rd>\n</tr>";
}
}
$Diff .= "</table>\n";
if( $Gefunden)
if($Gefunden)
return $Diff;
else
return "\nno changes Fount\n";
}
function db_query( $SQL, $comment)
{
function db_query( $SQL, $comment) {
global $con, $Page;
$Diff = "";
//commed anlyse udn daten sicherung
if( strpos( "#$SQL", "UPDATE") > 0)
{
//Tabellen name ermitteln
// commed anlyse udn daten sicherung
if(strpos("#$SQL", "UPDATE") > 0) {
// Tabellen name ermitteln
$Table_Start = strpos( $SQL, "`");
$Table_End = strpos( $SQL, "`", $Table_Start+1);
$Table = substr( $SQL, $Table_Start, ($Table_End-$Table_Start+1));
@ -130,9 +126,9 @@ if( !function_exists("db_query"))
$querry_erg = mysql_query($SQL, $con);
}
$SQLCommand = "SQL:<br>". htmlentities( $SQL, ENT_QUOTES);
$SQLCommand = "SQL:<br />". htmlentities( $SQL, ENT_QUOTES);
if( strlen($Diff) > 0)
$SQLCommand .= "<br><br>Diff:<br>$Diff";
$SQLCommand .= "<br /><br />Diff:<br />$Diff";
$Commend = htmlentities( ($Page["Name"]. ": ". $comment), ENT_QUOTES);
//LOG commands in DB

79
includes/funktion_db_list.php
Unescape Escape View File

@ -1,10 +1,13 @@
<?PHP
<?php
function funktion_db_list($Table_Name)
{
// Gibt eine Tabelle generisch als HTML aus
function funktion_db_list($Table_Name) {
global $con;
$SQL = "SELECT * FROM `".$Table_Name."`";
$html = "";
$SQL = "SELECT * FROM `" . $Table_Name . "`";
$Erg = mysql_query($SQL, $con);
// anzahl zeilen
@ -12,56 +15,48 @@ function funktion_db_list($Table_Name)
$Anzahl_Felder = mysql_num_fields($Erg);
echo "<table class=\"border\" cellpadding=\"2\" cellspacing=\"1\">";
echo "<caption>DB: $Table_Name</caption>";
$html .= "<table class=\"border\" cellpadding=\"2\" cellspacing=\"1\">";
$html .= "<caption>DB: $Table_Name</caption>";
echo "<tr class=\"contenttopic\">";
for ($m = 0 ; $m < $Anzahl_Felder ; $m++)
{
echo "<th>". mysql_field_name($Erg, $m). "</th>";
$html .= "<tr class=\"contenttopic\">";
for ($m = 0; $m < $Anzahl_Felder; $m++) {
$html .= "<th>" . mysql_field_name($Erg, $m) . "</th>";
}
echo "</tr>";
$html .= "</tr>";
for ($n = 0 ; $n < $Zeilen ; $n++)
{
echo "<tr class=\"content\">";
for ($m = 0 ; $m < $Anzahl_Felder ; $m++)
{
echo "<td>".mysql_result($Erg, $n, $m). "</td>";
for ($n = 0; $n < $Zeilen; $n++) {
$html .= "<tr class=\"content\">";
for ($m = 0; $m < $Anzahl_Felder; $m++) {
$html .= "<td>" . mysql_result($Erg, $n, $m) . "</td>";
}
echo "</tr>";
$html .= "</tr>";
}
echo "</table>";
$html .= "</table>";
return $html;
}
function funktion_db_element_list_2row( $TopicName, $SQL)
{
global $con;
echo "<table class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n";
echo "<caption>$TopicName</caption>";
# echo "\t<tr class=\"contenttopic\"> <td><h1>$TopicName</h1></td> </tr>\n";
function funktion_db_element_list_2row($TopicName, $SQL) {
$html = "";
$html .= "<table class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n";
$html .= "<caption>$TopicName</caption>";
# $html .= "<tr class=\"contenttopic\"> <td><h1>$TopicName</h1></td> </tr>\n";
$Erg = mysql_query($SQL, $con);
echo mysql_error($con);
$Erg = sql_query($SQL);
echo "<tr class=\"contenttopic\">";
for ($m = 0 ; $m < mysql_num_fields($Erg) ; $m++)
{
echo "<th>". mysql_field_name($Erg, $m). "</th>";
$html .= "<tr class=\"contenttopic\">";
for ($m = 0; $m < mysql_num_fields($Erg); $m++) {
$html .= "<th>" . mysql_field_name($Erg, $m) . "</th>";
}
echo "</tr>";
$html .= "</tr>";
for ($n = 0 ; $n < mysql_num_rows($Erg) ; $n++)
{
echo "<tr class=\"content\">";
for ($m = 0 ; $m < mysql_num_fields($Erg) ; $m++)
{
echo "<td>".mysql_result($Erg, $n, $m). "</td>";
for ($n = 0; $n < mysql_num_rows($Erg); $n++) {
$html .= "<tr class=\"content\">";
for ($m = 0; $m < mysql_num_fields($Erg); $m++) {
$html .= "<td>" . mysql_result($Erg, $n, $m) . "</td>";
}
echo "</tr>";
$html .= "</tr>";
}
echo "</table>\n";
$html .= "</table>\n";
return $html;
}
?>

12
includes/funktion_faq.php
Unescape Escape View File

@ -1,12 +0,0 @@
<?PHP
function noAnswer() {
global $con;
$SQL = "SELECT UID FROM Questions WHERE `AID`='0'";
$Res=mysql_query($SQL, $con);
return mysql_num_rows($Res);
}
?>

12
includes/funktion_flag.php
Unescape Escape View File

@ -1,12 +0,0 @@
<?PHP
echo "<br>";
if( strpos( $_SERVER["REQUEST_URI"], "?") >0)
$URL = $_SERVER["REQUEST_URI"]. "&SetLanguage=";
else
$URL = $_SERVER["REQUEST_URI"]. "?SetLanguage=";
echo "<a href=\"". $URL. "DE\"><img src=\"". $url. $ENGEL_ROOT. "pic/flag/de.gif\" alt=\"DE\"></a> ";
echo "<a href=\"". $URL. "EN\"><img src=\"". $url. $ENGEL_ROOT. "pic/flag/en.gif\" alt=\"EN\"></a> ";
?>

0
includes/funktion_jabber.php
Unescape Escape View File

35
includes/funktion_lang.php
Unescape Escape View File

@ -1,35 +0,0 @@
<?PHP
function Get_Text ($TextID, $NoError=FALSE)
{
GLOBAL $con, $error_messages, $DEBUG;
if( !isset($_SESSION['Sprache']))
$_SESSION['Sprache'] = "EN";
if( $_SESSION['Sprache']=="")
$_SESSION['Sprache']="EN";
if( isset($_GET["SetLanguage"]))
$_SESSION['Sprache']= $_GET["SetLanguage"];
$SQL = "SELECT * FROM `Sprache` WHERE TextID=\"$TextID\" AND Sprache ='".$_SESSION['Sprache']."'";
@$Erg = mysql_query($SQL, $con);
if( mysql_num_rows( $Erg) == 1)
return (@mysql_result($Erg, 0, "Text"));
elseif( $NoError && !$DEBUG)
return "";
else
{
array_push($error_messages, "Get_Text, '$TextID' found ". mysql_num_rows( $Erg). "x in Sprache Database Table for Language (".$_SESSION['Sprache'].")\n");
return "Error Data, '$TextID' found ". mysql_num_rows( $Erg). "x";
}
}
function Print_Text ($TextID, $NoError=FALSE)
{
echo Get_Text ($TextID, $NoError);
}
?>

44
includes/funktion_menu.php
Unescape Escape View File

@ -1,44 +0,0 @@
<?PHP
function ShowMenu( $MenuName)
{
global $MenueTableStart, $MenueTableEnd, $_SESSION, $DEBUG, $url, $ENGEL_ROOT;
$Gefunden=FALSE;
//Überschift
$Text = "<h4 class=\"menu\">". Get_Text("$MenuName/"). "</h4>";
//einträge
foreach( $_SESSION['CVS'] as $Key => $Entry )
if( strpos( $Key, ".php") > 0)
if( (strpos( "00$Key", "0$MenuName") > 0) ||
((strlen($MenuName)==0) && (strpos( "0$Key", "/") == 0) ) )
{
$TempName = Get_Text($Key, TRUE);
if(( TRUE||$DEBUG) && (strlen($TempName)==0) )
$TempName = "not found: \"$Key\"";
if( $Entry == "Y")
{
//zum absichtlkichen ausblenden von einträgen
if( strlen($TempName)>1)
{
//sonderfälle:
if( $Key=="admin/faq.php")
$TempName .= " (". noAnswer(). ")";
//ausgabe
$Text .= "\t\t\t<li><a href=\"". $url. $ENGEL_ROOT. $Key. "\">$TempName</a></li>\n";
$Gefunden = TRUE;
}
}
elseif( $DEBUG )
{
$Gefunden = TRUE;
$Text .= "\t\t\t<li>$TempName ($Key)</li>\n";
}
}
if( $Gefunden)
echo $MenueTableStart.$Text.$MenueTableEnd;
}//function ShowMenue
?>

19
includes/funktion_modem.php
Unescape Escape View File

@ -1,13 +1,12 @@
<?PHP
include "config_modem.php";
<?php
include "config_modem.php";
function DialNumber( $Number )
{
function DialNumber($Number) {
global $Dev, $ModemEnable;
if( $ModemEnable)
{
echo "Dial number: '<u>$Number</u>' was called<br>\n";
if($ModemEnable) {
echo "Dial number: '<u>$Number</u>' was called<br />\n";
$fp = fopen( $ModemDev, "w");
sleep(1);
fwrite( $fp, "+++");
@ -22,14 +21,14 @@ function DialNumber( $Number )
sleep(1);
}
else
echo "Modem is Disable, number: '<u>$Number</u>' was not called<br>\n";
echo "Modem is Disable, number: '<u>$Number</u>' was not called<br />\n";
}
function SetWackeup( $Number, $TimeH, $TimeM)
{
global $WackupNumber;
DialNumber( "$WackupNumber$TimeH$TimeM$Number");
global $WakeupNumber;
DialNumber( "$WakeupNumber$TimeH$TimeM$Number");
}
?>

389
includes/funktion_schichtplan.php
Unescape Escape View File

@ -1,389 +0,0 @@
<?php
/*#######################################################
# gibt die engelschischten aus #
#######################################################*/
function ausgabe_Feld_Inhalt( $SID, $Man )
{
// gibt, nach übergabe der der SchichtID (SID) und der RaumBeschreibung,
// die eingetragenden und und offenden Schichteintäge zurück
global $EngelType, $EngelTypeID, $TID2Name, $con, $DEBUG, $gmdateOffset;
$Spalten = "";
if( !isset($_GET["Icon"]))
$_GET["Icon"]=1;
///////////////////////////////////////////////////////////////////
// Schow Admin Page
///////////////////////////////////////////////////////////////////
$Spalten.=funktion_isLinkAllowed_addLink_OrEmpty(
"admin/schichtplan.php?action=change&SID=$SID",
"edit<br>\n\t\t");
///////////////////////////////////////////////////////////////////
// Ausgabe des Schischtnamens
///////////////////////////////////////////////////////////////////
$SQL = "SELECT `URL` FROM `Shifts` WHERE (`SID` = '$SID');";
$Erg = mysql_query($SQL, $con);
if( mysql_result($Erg, 0, 0) != "")
$Spalten.="<a href=\"". mysql_result($Erg, 0, 0). "\" target=\"_black\"><u>$Man:</u></a><br>";
else
$Spalten.="<u>".$Man.":</u><br>";
///////////////////////////////////////////////////////////////////
// SQL abfrage für die benötigten schichten
///////////////////////////////////////////////////////////////////
$SQL = "SELECT * FROM `ShiftEntry` WHERE (`SID` = '$SID') ORDER BY `TID`, `UID` DESC ;";
$Erg = mysql_query($SQL, $con);
$Anzahl = mysql_num_rows($Erg);
$Feld=0;
$Temp_TID_old=-1;
for( $i = 0; $i < $Anzahl; $i++ )
{
if( isset($Temp[$Feld]["TID"]))
$Temp_TID_old = $Temp[$Feld]["TID"];
if( isset($Temp[$Feld]["UID"]))
$Temp_UID_old = $Temp[$Feld]["UID"];
$Temp_TID = mysql_result($Erg, $i, "TID");
// wenn sich der Type ändert wird zumnästen feld geweckselt
if( $Temp_TID_old != $Temp_TID )
$Feld++;
$Temp[$Feld]["TID"] = $Temp_TID;
$Temp[$Feld]["UID"] = mysql_result($Erg, $i, "UID");
// sonderfall ersten durchlauf
if( $i == 0 )
{
$Temp_TID_old = $Temp[$Feld]["TID"];
$Temp_UID_old = $Temp[$Feld]["UID"];
}
// ist es eine zu vergeben schicht?
if( $Temp[$Feld]["UID"] == 0 )
{
if( isset($Temp[$Feld]["free"]))
$Temp[$Feld]["free"]++;
else
$Temp[$Feld]["free"]=1;
}
else
$Temp[$Feld]["Engel"][] = $Temp[$Feld]["UID"];
} // FOR
///////////////////////////////////////////////////////////////////
// Aus gabe der Schicht
///////////////////////////////////////////////////////////////////
if( isset($Temp))
if( count($Temp) )
foreach( $Temp as $TempEntry => $TempValue )
{
if( !isset($TempValue["free"]))
$TempValue["free"] = 0;
// ausgabe EngelType
$Spalten.= $EngelTypeID[ $TempValue["TID"] ]. " ";
// ausgabe Eingetragener Engel
if( isset($TempValue["Engel"]))
if( count($TempValue["Engel"]) > 0 )
{
if( count($TempValue["Engel"]) == 1 )
$Spalten.= Get_Text("inc_schicht_ist"). ":<br>\n\t\t";
else
$Spalten.= Get_Text("inc_schicht_sind"). ":<br>\n\t\t";
foreach( $TempValue["Engel"] as $TempEngelEntry=> $TempEngelID )
{
if( funktion_isLinkAllowed( "admin/user.php") === TRUE)
{
// add color, wenn Engel "Gekommen"
$TempText=
((UIDgekommen( $TempEngelID ) == "1")
? "<span style=\"color: blue;\">"
: "<span style=\"color: red;\">").
UID2Nick( $TempEngelID). "</span>";
}
else
{
$TempText = UID2Nick( $TempEngelID );
}
// add link to user
$TempText= funktion_isLinkAllowed_addLink_OrLinkText(
"admin/userChangeNormal.php?enterUID=$TempEngelID&Type=Normal",
$TempText);
$Spalten.= "&nbsp;&nbsp;". $TempText.
( ($_GET["Icon"]==1) ? DisplayAvatar( $TempEngelID): "").
"<br>\n\t\t";
}
$Spalten = substr( $Spalten, 0, strlen($Spalten)-7 );
}
// ausgabe benötigter Engel
////////////////////////////
//in vergangenheit
$SQLtime = "SELECT `DateE` FROM `Shifts` WHERE (`SID`='$SID' AND `DateE` >= '".
gmdate("Y-m-d H:i:s", time()+ $gmdateOffset). "')";
$Ergtime = mysql_query($SQLtime, $con);
if( mysql_num_rows( $Ergtime) > 0)
{
//wenn keien rechte definiert sind
if( !isset($_SESSION['CVS'][ $TID2Name[$TempValue["TID"]] ]))
$_SESSION['CVS'][ $TID2Name[$TempValue["TID"]] ] = "Y";
if( $_SESSION['CVS'][ $TID2Name[$TempValue["TID"]] ] == "Y")
if( $TempValue["free"] > 0 )
{
$Spalten.= "<br>\n\t\t&nbsp;&nbsp;<a href=\"./schichtplan_add.php?SID=$SID&TID=".
$TempValue["TID"]."\">";
$Spalten.= $TempValue["free"];
if( $TempValue["free"] != 1 )
$Spalten.= Get_Text("inc_schicht_weitere").
" ".Get_Text("inc_schicht_Engel").
Get_Text("inc_schicht_wird");
else
$Spalten.= Get_Text("inc_schicht_weiterer").
" ".Get_Text("inc_schicht_Engel").
Get_Text("inc_schicht_werden");
$Spalten.= Get_Text("inc_schicht_noch_gesucht");
$Spalten.= "</a>";
}
}
else
{
if( isset($TempValue["free"]))
if( $TempValue["free"] > 0 )
$Spalten.= "<br>\n\t\t&nbsp;&nbsp;<h3><a>Fehlen noch: ".
$TempValue["free"]. "</a></h3>";
}
$Spalten.= "<br>\n\t\t";
} // FOREACH
return $Spalten;
} // function Ausgabe_Feld_Inhalt
/*#######################################################
# gibt die engelschischten Druckergerecht aus #
#######################################################*/
function Ausgabe_Feld_Inhalt_Druck($RID, $Man )
{
// gibt, nach übergabe der der SchichtID (SID) und der RaumBeschreibung,
// die eingetragenden und und offenden Schichteintäge zurück
} // function Ausgabe_Feld_Inhalt
/*#######################################################
# Ausgabe der Raum Spalten #
#######################################################*/
function CreateRoomShifts( $raum )
{
global $Spalten, $ausdatum, $con, $DEBUG, $GlobalZeileProStunde, $error_messages;
/////////////////////////////////////////////////////////////
// beginnt die erste schicht vor dem heutigen tag und geht darüber hinaus
/////////////////////////////////////////////////////////////
$SQLSonder = "SELECT `SID`, `DateS`, `DateE` , `Len`, `Man` FROM `Shifts` ".
"WHERE ((`RID` = '$raum') AND (`DateE` > '$ausdatum 23:59:59') AND ".
"(`DateS` < '$ausdatum 00:00:00') ) ORDER BY `DateS`;";
$ErgSonder = mysql_query($SQLSonder, $con);
if( (mysql_num_rows( $ErgSonder) > 1) )
{
if( funktion_isLinkAllowed( "admin/schichtplan.php") === TRUE )
{
echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> ";
for( $i=0; $i<mysql_num_rows( $ErgSonder); $i++)
{
echo "<a href=\"./../admin/schichtplan.php?action=change&SID=".
mysql_result($ErgSonder, $i, "SID"). "\">".
mysql_result($ErgSonder, $i, "DateS").
" '". mysql_result($ErgSonder, $i, "Man")."' (RID $raum) (00-24)".
"</a><br>\n\t\t";
}
}
}
elseif( (mysql_num_rows( $ErgSonder) == 1) )
{
$Spalten[0].= "\t\t<td valign=\"top\" rowspan=\"". (24 * $GlobalZeileProStunde). "\">\n".
"\t\t\t<h3>&uarr;&uarr;&uarr;</h3>".
Ausgabe_Feld_Inhalt( mysql_result($ErgSonder, 0, "SID"),
mysql_result($ErgSonder, 0, "Man") ).
"\t\t\t<h3>&darr;&darr;&darr;</h3>".
"\n\t\t</td>\n";
return;
}
$ZeitZeiger = 0;
/////////////////////////////////////////////////////////////
// beginnt die erste schicht vor dem heutigen tag?
/////////////////////////////////////////////////////////////
$SQLSonder = "SELECT `SID`, `DateS`, `DateE` , `Len`, `Man` FROM `Shifts` ".
"WHERE ((`RID` = '$raum') AND (`DateE` > '$ausdatum 00:00:00') AND ".
"(`DateS` < '$ausdatum 00:00:00') ) ORDER BY `DateS`;";
$ErgSonder = mysql_query($SQLSonder, $con);
if( (mysql_num_rows( $ErgSonder) > 1) )
{
if( funktion_isLinkAllowed( "admin/schichtplan.php") === TRUE )
{
echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> ";
for( $i=0; $i<mysql_num_rows( $ErgSonder); $i++)
{
echo "<a href=\"./../admin/schichtplan.php?action=change&SID=".
mysql_result($ErgSonder, $i, "SID"). "\">".
mysql_result($ErgSonder, $i, "DateS").
" '". mysql_result($ErgSonder, $i, "Man")."' (RID $raum) (00-xx)".
"</a><br>\n\t\t";
}
}
}
elseif( (mysql_num_rows( $ErgSonder) == 1) )
{
$ZeitZeiger = substr( mysql_result($ErgSonder, 0, "DateE"), 11, 2 )+
(substr( mysql_result($ErgSonder, 0, "DateE"), 14, 2 ) / 60);
$Spalten[0].= "\t\t<td valign=\"top\" rowspan=\"". ($ZeitZeiger * $GlobalZeileProStunde). "\">\n".
"\t\t\t<h3>&uarr;&uarr;&uarr;</h3>".
Ausgabe_Feld_Inhalt( mysql_result($ErgSonder, 0, "SID"),
mysql_result($ErgSonder, 0, "Man") ).
"\n\t\t</td>\n";
}
/////////////////////////////////////////////////////////////
// gibt die schichten für den tag aus
/////////////////////////////////////////////////////////////
$SQL = "SELECT `SID`, `DateS`, `Len`, `Man` FROM `Shifts` ".
"WHERE ((`RID` = '$raum') and ".
"(`DateS` >= '$ausdatum $ZeitZeiger:00:00') and ".
"(`DateS` like '$ausdatum%')) ORDER BY `DateS`;";
$Erg = mysql_query($SQL, $con);
for( $i = 0; $i < mysql_num_rows($Erg); ++$i )
{
$ZeitPos = substr( mysql_result($Erg, $i, "DateS"), 11, 2 )+
(substr( mysql_result($Erg, $i, "DateS"), 14, 2 ) / 60);
$len = mysql_result($Erg, $i, "Len");
if( $len <= 0)
array_push( $error_messages, "Error in shift denition SID=". mysql_result($Erg, $i, "SID"). " Len=$len");
if( $ZeitZeiger < $ZeitPos )
{
$Spalten[$ZeitZeiger * $GlobalZeileProStunde].=
"\t\t<td valign=\"top\" rowspan=\"". ( ($ZeitPos - $ZeitZeiger ) * $GlobalZeileProStunde ). "\">&nbsp;</td>\n";
$ZeitZeiger += $ZeitPos - $ZeitZeiger;
}
if($ZeitZeiger == $ZeitPos )
{
//sonderfall wenn die schicht über dei 24 stunden hinaus geht
// (eintrag abkürzen, pfeiel ausgeben)
$Spalten[$ZeitZeiger * $GlobalZeileProStunde].=
"\t\t<td valign=\"top\" rowspan=\"".
( ( ($len+$ZeitZeiger)? $len : 24-$len+$ZeitZeiger) * $GlobalZeileProStunde).
"\">\n".
"\t\t\t".
Ausgabe_Feld_Inhalt( mysql_result($Erg, $i, "SID"),
mysql_result($Erg, $i, "Man") ).
(( ($ZeitZeiger+$len) > 24)? "\t\t\t<h3>&darr;&darr;&darr;</h3>" : "").
"\n\t\t</td>\n";
$ZeitZeiger += $len;
}
else
{
echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> ";
echo "<a href=\"./../admin/schichtplan.php?action=change&SID=".
mysql_result($Erg, $i, "SID"). "\">".
mysql_result($Erg, $i, "DateS").
" '". mysql_result($Erg, $i, "Man"). "' ".
" (". mysql_result($Erg, $i, "SID"). " R$raum) (xx-xx)</a><br><br>";
}
}
if( $ZeitZeiger < 24 )
$Spalten[($ZeitZeiger * $GlobalZeileProStunde)].=
"\t\t<td valign=\"top\" rowspan=\"".
((24 - $ZeitZeiger) * $GlobalZeileProStunde ).
"\">&nbsp;</td>\n";
} // function CreateRoomShifts
/*#######################################################
# Ausgabe der freien schichten #
#######################################################*/
function showEmptyShifts( )
{
global $con, $DEBUG, $RoomID, $gmdateOffset;
echo "<table border=\"1\">\n";
echo "<tr>\n";
echo "\t<th>". Get_Text("inc_schicht_date"). "</th>\n";
echo "\t<th>". Get_Text("inc_schicht_time"). "</th>\n";
echo "\t<th>". Get_Text("inc_schicht_room"). "</th>\n";
echo "\t<th>". Get_Text("inc_schicht_commend"). "</th>\n";
echo "</tr>\n";
$sql = "SELECT `SID`, `DateS`, `Man`, `RID` FROM `Shifts` ".
"WHERE (`Shifts`.`DateS`>='". gmdate("Y-m-d H:i:s", time()+$gmdateOffset). "') ".
"ORDER BY `DateS`, `RID`;";
$Erg = mysql_query($sql, $con);
$angezeigt = 0;
for ($i=0; ($i<mysql_num_rows($Erg)) && ($angezeigt< 15); $i++)
if( isset($RoomID[mysql_result( $Erg, $i, "RID")]))
if( $RoomID[mysql_result( $Erg, $i, "RID")]!="" )
{
$Sql2 = "SELECT `UID` FROM `ShiftEntry` ".
"WHERE `SID`=". mysql_result( $Erg, $i, "SID"). " AND ".
"`UID`='0';";
$Erg2 = mysql_query($Sql2, $con);
if( mysql_num_rows($Erg2)>0)
{
$angezeigt++;
echo "<tr>\n";
echo "\t<td>". substr(mysql_result( $Erg, $i, "DateS"), 0, 10). "</td>\n";
echo "\t<td>". substr(mysql_result( $Erg, $i, "DateS"), 11). "</td>\n";
echo "\t<td>". $RoomID[mysql_result( $Erg, $i, "RID")]. "</td>\n";
echo "\t<td>".
ausgabe_Feld_Inhalt( mysql_result( $Erg, $i, "SID"), mysql_result( $Erg, $i, "Man")).
"</td>\n";
echo "</tr>\n";
}
}
echo "</table>\n";
} //function showEmptyShifts
/*#######################################################
# Gibt die anzahl der Schichten im Raum zurück #
#######################################################*/
function SummRoomShifts( $raum )
{
global $ausdatum, $con, $DEBUG, $GlobalZeileProStunde;
$SQLSonder = "SELECT `SID`, `DateS`, `Len`, `Man` FROM `Shifts` ".
"WHERE ((`RID` = '$raum') AND (`DateE` >= '$ausdatum 00:00:00') AND ".
"(`DateS` <= '$ausdatum 23:59:59') ) ORDER BY `DateS`;";
$ErgSonder = mysql_query($SQLSonder, $con);
return mysql_num_rows($ErgSonder);
}
?>

87
includes/funktion_schichtplan_Tage.php
Unescape Escape View File

@ -1,87 +0,0 @@
<?PHP
if( !function_exists("DatumUm1TagErhoehen"))
{
function DatumUm1TagErhoehen( $Datum)
{
$Jahr = substr( $Datum, 0, 4);
$Monat = substr( $Datum, 5, 2);
$Tag = substr( $Datum, 8, 2);
$Tag++;
switch( $Monat)
{
case 1: $Mmax=31; break;
case 2: $Mmax=28; break;
case 3: $Mmax=31; break;
case 4: $Mmax=30; break;
case 5: $Mmax=31; break;
case 6: $Mmax=30; break;
case 7: $Mmax=31; break;
case 8: $Mmax=31; break;
case 9: $Mmax=30; break;
case 10: $Mmax=31; break;
case 11: $Mmax=30; break;
case 12: $Mmax=31; break;
}
if( $Tag > $Mmax)
{
$Tag = 1;
$Monat++;
}
if( $Monat > 12 )
{
$Monat = 1;
$Jahr++;
}
$Tag = strlen( $Tag ) == 1 ? "0".$Tag : $Tag;
$Monat = strlen( $Monat ) == 1 ? "0".$Monat : $Monat;
return ("$Jahr-$Monat-$Tag");
} //function DatumUm1Tagerhoehen(
}
//suchen den ersten eintrags
$SQL = "SELECT `DateS` FROM `Shifts` ORDER BY `DateS` LIMIT 1";
$Erg = mysql_query($SQL, $con);
$Pos=0;
if( mysql_num_rows($Erg)>0)
{
do
{
//Startdatum einlesen und link ausgeben
$DateS = substr(mysql_result($Erg, 0 , 0), 0,10);
$VeranstaltungsTage[$Pos++] = $DateS;
//auslesen den endes und eventuelle weitere tage ausgeben
$SQL2 = "SELECT MAX(`DateE`) FROM `Shifts` ".
"WHERE ( (`DateS` like '$DateS%') AND NOT (`DateE` like '%00:00:00'))";
$Erg2 = mysql_query($SQL2, $con);
$DateE = substr(mysql_result($Erg2, 0 , 0), 0,10);
if( strlen($DateE) == 0)
$DateE = $DateS;
else
while( $DateS != $DateE)
{
$DateS = DatumUm1TagErhoehen( $DateS);
$VeranstaltungsTage[$Pos++] = $DateS;
}
//suchen den nästen eintrag
$SQL = "SELECT `DateS` FROM `Shifts` ".
"WHERE (`DateS` > '$DateE 23:59:59' ) ".
"ORDER BY `DateS` ".
"LIMIT 1";
$Erg = mysql_query($SQL, $con);
} while( mysql_fetch_row($Erg) > 0);
}
$VeranstaltungsTageMax = $Pos-1;
?>

28
includes/funktion_schichtplan_beamer.php
Unescape Escape View File

@ -43,16 +43,16 @@ function ausgabe_Feld_Inhalt( $SID, $Man )
// die eingetragenden und und offenden Schichteintäge zurück
global $EngelType, $EngelTypeID, $con;
//form Config
global $DEBUG;
global $debug;
$Out = "";
$Out.= "<table border=\"0\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" frame=\"void\">\n";
$Out.= "\t\t\t<colgroup span=\"2\" align=\"left\" valign=\"center\">\n".
"\t\t\t\t<col width=\"45%\">\n".
"\t\t\t\t<col width=\"*\">\n".
"\t\t\t\t</colgroup>\n";
$Out.= "<colgroup span=\"2\" align=\"left\" valign=\"center\">\n".
"<col width=\"45%\">\n".
"<col width=\"*\">\n".
"</colgroup>\n";
///////////////////////////////////////////////////////////////////
// SQL abfrage für die benötigten schichten
@ -94,10 +94,10 @@ function ausgabe_Feld_Inhalt( $SID, $Man )
if( isset($Temp) && count($Temp) )
foreach( $Temp as $TempEntry => $TempValue )
{
$Out.= "\t\t\t<tr>\n";
$Out.= "<tr>\n";
// ausgabe EngelType
$Out.= "\t\t\t\t<td>". $EngelTypeID[ $TempValue["TID"] ];
$Out.= "<td>". $EngelTypeID[ $TempValue["TID"] ];
// ausgabe Eingetragener Engel
if( count($TempValue["Engel"]) > 0 )
@ -107,7 +107,7 @@ function ausgabe_Feld_Inhalt( $SID, $Man )
else
$Out.= " ". trim(Get_Text("inc_schicht_sind")). ":";
$Out.= "</td>\n";
$Out.= "\t\t\t\t<td>";
$Out.= "<td>";
foreach( $TempValue["Engel"] as $TempEngelEntry=> $TempEngelID )
$Out.= UID2Nick( $TempEngelID ). ", ";
@ -117,7 +117,7 @@ function ausgabe_Feld_Inhalt( $SID, $Man )
else
{
$Out.= ":</td>\n";
$Out.= "\t\t\t\t<td>\n";
$Out.= "<td>\n";
}
@ -133,11 +133,11 @@ function ausgabe_Feld_Inhalt( $SID, $Man )
}
}
$Out.= "</td>\n";
$Out.= "\t\t\t</tr>\n";
$Out.= "</tr>\n";
} // FOREACH
$Out.= "\t\t\t</table>\n\t";
$Out.= "</table>\n";
return $Out;
} // function Ausgabe_Feld_Inhalt
@ -157,7 +157,7 @@ function ausgabe_Zeile( $RID, $Time, &$AnzahlEintraege )
" (`DateS` like '". gmdate("Y-m-d H", $Time). "%')) ) ORDER BY `DateS`;";
$ErgRoom = mysql_query($SQL, $con);
$Out= "\t<td>";
$Out= "<td>";
if( mysql_num_rows( $ErgRoom)>0 )
for( $i=1; $i<=mysql_num_rows( $ErgRoom); $i++ )
{
@ -165,8 +165,8 @@ function ausgabe_Zeile( $RID, $Time, &$AnzahlEintraege )
$Out.= ausgabe_Feld_Inhalt( mysql_result( $ErgRoom, $i-1, "SID"),
mysql_result( $ErgRoom, $i-1, "Man"));
if( (mysql_num_rows( $ErgRoom) > 1) && !($i==mysql_num_rows( $ErgRoom)) )
$Out.= "<br>";
// $Out.= "<hr width=\"95%\" align=\"center\">\n\t\t\t\t";
$Out.= "<br />";
// $Out.= "<hr width=\"95%\" align=\"center\">\n";
}
else

132
includes/funktion_user.php
Unescape Escape View File

@ -1,132 +0,0 @@
<?php
function UID2Nick($UID)
{
global $con;
if( $UID>0) {
$SQL = "SELECT Nick FROM `User` WHERE UID='$UID'";
} else {
$SQL = "SELECT Name FROM `UserGroups` WHERE UID='$UID'";
}
$Erg = mysql_query($SQL, $con);
//echo $UID."#";
if( mysql_num_rows($Erg)) {
if( $UID>0 ) {
return mysql_result($Erg, 0);
} else {
return "Group-".mysql_result($Erg, 0);
}
} else {
if( $UID == -1)
return "logout User";
else
return "UserID $UID not found";
}
}
function TID2Type($TID)
{
global $con;
$SQL = "SELECT Name FROM `EngelType` WHERE TID='$TID'";
$Erg = mysql_query($SQL, $con);
if( mysql_num_rows($Erg))
return mysql_result($Erg, 0);
else
return "";
}
function ReplaceSmilies($eckig)
{
global $url, $ENGEL_ROOT;
$neueckig = $eckig;
$neueckig = str_replace(";o))", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_redface.gif\">",$neueckig);
$neueckig = str_replace(":-))", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_redface.gif\">",$neueckig);
$neueckig = str_replace(";o)", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_wind.gif\">",$neueckig);
$neueckig = str_replace(":)", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_smile.gif\">",$neueckig);
$neueckig = str_replace(":-)", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_smile.gif\">",$neueckig);
$neueckig = str_replace(":(", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_sad.gif\">",$neueckig);
$neueckig = str_replace(":-(", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_sad.gif\">",$neueckig);
$neueckig = str_replace(":o(", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_sad.gif\">",$neueckig);
$neueckig = str_replace(":o)", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_lol.gif\">",$neueckig);
$neueckig = str_replace(";o(", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_cry.gif\">",$neueckig);
$neueckig = str_replace(";(", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_cry.gif\">",$neueckig);
$neueckig = str_replace(";-(", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_cry.gif\">",$neueckig);
$neueckig = str_replace("8)", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_rolleyes.gif\">",$neueckig);
$neueckig = str_replace("8o)", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_rolleyes.gif\">",$neueckig);
$neueckig = str_replace(":P", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_evil.gif\">",$neueckig);
$neueckig = str_replace(":-P", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_evil.gif\">",$neueckig);
$neueckig = str_replace(":oP", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_evil.gif\">",$neueckig);
$neueckig = str_replace(";P", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_mad.gif\">",$neueckig);
$neueckig = str_replace(";oP", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_mad.gif\">",$neueckig);
$neueckig = str_replace("?)", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_question.gif\">",$neueckig);
return $neueckig;
}
function GetPicturShow($UID)
{
global $con;
$SQL= "SELECT `show` FROM `UserPicture` WHERE `UID`='$UID'";
$res = mysql_query( $SQL, $con);
if( mysql_num_rows($res) == 1)
return mysql_result( $res, 0, 0);
else
return "";
}
/* Parameter:
<UserID>
[<Höhe des Bildes (wenn die höhe kleiner 1 ist wird die höhe nicht begrenzt)>] */
function displayPictur($UID, $height="30")
{
global $url, $ENGEL_ROOT;
if( $height > 0)
return( "<img src=\"". $url. $ENGEL_ROOT. "ShowUserPicture.php?UID=$UID\" height=\"$height\" alt=\"picture of USER$UID\" class=\"photo\">");
else
return( "<img src=\"". $url. $ENGEL_ROOT. "ShowUserPicture.php?UID=$UID\" alt=\"picture of USER$UID\">");
}
/* Parameter:
<UserID>
[<Höhe des Bildes (wenn die höhe kleiner 1 ist wird die höhe nicht begrenzt)>] */
function displayavatar( $UID, $height="30")
{
global $con, $url, $ENGEL_ROOT;
if( GetPicturShow($UID) == 'Y')
return "&nbsp;". displayPictur( $UID, $height);
// show avator
$asql = "select * from User where UID = $UID";
$aerg = mysql_query ($asql, $con);
if( mysql_num_rows($aerg) )
if( mysql_result($aerg, 0, "Avatar") > 0)
return ("&nbsp;<img src=\"". $url. $ENGEL_ROOT. "pic/avatar/avatar". mysql_result($aerg, 0, "Avatar"). ".gif\">");
}
function UIDgekommen($UID)
{
global $con;
$SQL = "SELECT `Gekommen` FROM `User` WHERE UID='$UID'";
$Erg = mysql_query($SQL, $con);
//echo $UID."#";
if( mysql_num_rows($Erg))
return mysql_result($Erg, 0);
else
return "0";
}
?>

150
includes/funktion_xml.php
Unescape Escape View File

@ -1,109 +1,109 @@
<?PHP
class element
{
<?php
class element {
var $name = '';
var $attributes = array();
var $attributes = array ();
var $data = '';
var $depth = 0;
var $sub = array();
var $sub = array ();
}
$XMLDEBUG = 0;
$depth = 0;
$XMLmain = new element;
$XMLpos = array( 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
$XMLpos = array (
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0
);
//$XMLpos = array( 0, 0, 0, 0, 0, 0);
function convertValues( $Data)
{
function convertValues($Data) {
global $XMLDEBUG;
if( $XMLDEBUG)
{
if ($XMLDEBUG) {
$Data = htmlspecialchars($Data);
$Data = mysql_escape_string($Data);
$Data = htmlentities($Data);
}
$Data = utf8_decode($Data);
return $Data;
}
function dataXMLmain( $Data, &$Objekt, $Tiefe )
{
function dataXMLmain($Data, & $Objekt, $Tiefe) {
global $XMLmain, $XMLpos, $depth, $XMLDEBUG;
if( $XMLDEBUG)
if ($XMLDEBUG)
echo "?$Tiefe$depth";
if( ($depth-1)==$Tiefe)
{
// $Objekt->sub[ $XMLpos[$Tiefe] ]->data .= convertValues($Data);
$Objekt->sub[ $XMLpos[$Tiefe] ]->data .= htmlentities( convertValues($Data), ENT_QUOTES);
if( $XMLDEBUG)
echo "???". $Objekt->sub[ $XMLpos[$Tiefe] ]->name. "|$Data|$Tiefe???<br>";
}
else
dataXMLmain( $Data, $Objekt->sub[ $XMLpos[$Tiefe] ], $Tiefe+1);
if (($depth -1) == $Tiefe) {
$Objekt->sub[$XMLpos[$Tiefe]]->data .= htmlentities(convertValues($Data), ENT_QUOTES);
if ($XMLDEBUG)
echo "???" . $Objekt->sub[$XMLpos[$Tiefe]]->name . "|$Data|$Tiefe???<br />";
} else
dataXMLmain($Data, $Objekt->sub[$XMLpos[$Tiefe]], $Tiefe +1);
}
function startXMLmain( $Data, &$Objekt, $Tiefe )
{
function startXMLmain($Data, & $Objekt, $Tiefe) {
global $XMLpos, $depth, $XMLDEBUG;
if( $XMLDEBUG)
if($Tiefe==1)
{ print_r(array_values ($XMLpos)); echo "--".$Data->name;
if ($XMLDEBUG)
if ($Tiefe == 1) {
print_r(array_values($XMLpos));
echo "--" . $Data->name;
echo " #$Tiefe/$depth#";
}
if( $depth==$Tiefe)
{
$Objekt->sub[ $XMLpos[$Tiefe] ] = $Data;
if( $XMLDEBUG)
echo "|". $XMLpos[$Tiefe]."|". $Objekt->sub[ $XMLpos[$Tiefe] ]->name. " ". $Data->name." save|". "#-#<br>";
}
else
startXMLmain( $Data, $Objekt->sub[ $XMLpos[$Tiefe] ], $Tiefe+1);
if ($depth == $Tiefe) {
$Objekt->sub[$XMLpos[$Tiefe]] = $Data;
if ($XMLDEBUG)
echo "|" . $XMLpos[$Tiefe] . "|" . $Objekt->sub[$XMLpos[$Tiefe]]->name . " " . $Data->name . " save|" . "#-#<br />";
} else
startXMLmain($Data, $Objekt->sub[$XMLpos[$Tiefe]], $Tiefe +1);
}
function start_element_handler($parser, $name, $attribs)
{
function start_element_handler($parser, $name, $attribs) {
global $depth, $XMLmain, $XMLpos;
$Data = new element;
$Data->name = $name;
while(list($key, $value) = each($attribs))
while (list ($key, $value) = each($attribs))
$Data->attributes[$key] = convertValues($value);
$Data->depth = $depth;
$XMLpos[$depth]++;
if( $depth==0)
$XMLmain= $Data;
if ($depth == 0)
$XMLmain = $Data;
else
startXMLmain( $Data, $XMLmain, 1);
startXMLmain($Data, $XMLmain, 1);
$depth++;
}
function end_element_handler($parser, $name)
{
function end_element_handler($parser, $name) {
global $depth, $XMLpos;
$XMLpos[$depth]=0;
$XMLpos[$depth] = 0;
$depth--;
}
function character_data_handler($parser, $data)
{
function character_data_handler($parser, $data) {
global $XMLmain;
if( strlen(trim($data)) )
dataXMLmain( $data, $XMLmain, 1);
if (strlen(trim($data)))
dataXMLmain($data, $XMLmain, 1);
}
/*#######################################################################################*/
function readXMLfile( $file )
{
function readXMLfile($file) {
global $XMLDEBUG;
//$xml_parser = xml_parser_create_ns();
@ -111,52 +111,42 @@ function readXMLfile( $file )
xml_set_element_handler($xml_parser, "start_element_handler", "end_element_handler");
xml_set_character_data_handler($xml_parser, "character_data_handler");
if (file_exists($file))
{
if (!($fp = fopen($file, "r")))
{
echo(" <h1>could not open XML file \"$file\"</h1>");
if (file_exists($file)) {
if (!($fp = fopen($file, "r"))) {
echo (" <h1>could not open XML file \"$file\"</h1>");
return -1;
}
}
else
{
echo(" <h1>XML file \"$file\" not exist</h1>");
} else {
echo (" <h1>XML file \"$file\" not exist</h1>");
return -1;
}
if( $XMLDEBUG) echo "<pre>";
while ($data = fread($fp, 4096))
{
if (!xml_parse($xml_parser, $data, feof($fp)))
{
die(sprintf("XML error: %s at line %d",
xml_error_string(xml_get_error_code($xml_parser)),
xml_get_current_line_number($xml_parser)));
if ($XMLDEBUG)
echo "<pre>";
while ($data = fread($fp, 4096)) {
if (!xml_parse($xml_parser, $data, feof($fp))) {
die(sprintf("XML error: %s at line %d", xml_error_string(xml_get_error_code($xml_parser)), xml_get_current_line_number($xml_parser)));
}
}
if( $XMLDEBUG) echo "</pre>";
if ($XMLDEBUG)
echo "</pre>";
xml_parser_free($xml_parser);
return 0;
}
/*#######################################################################################*/
function getXMLsubPease( $Sourse, $Name )
{
foreach($Sourse->sub as $key => $value) {
function getXMLsubPease($Sourse, $Name) {
foreach ($Sourse->sub as $key => $value) {
if ($value->name == $Name) {
return $value;
}
}
echo "<h1>Fehler: getXMLsubPease( $Sourse, $Name ) not found</h1>";
// die;
// die;
}
/*#######################################################################################*/
function getXMLsubData( $Sourse, $Name )
{
$XML = getXMLsubPease( $Sourse, $Name);
function getXMLsubData($Sourse, $Name) {
$XML = getXMLsubPease($Sourse, $Name);
return $XML->data;
}
?>

80
includes/funktion_xml_room.php
Unescape Escape View File

@ -1,69 +1,61 @@
<?PHP
<?php
echo "<h1>Rooms:</h1>\n";
/*##############################################################################################
R o o m
##############################################################################################*/
echo "\n\n<br>\n<h1>Rooms:</h1>\n";
function saveRoomData()
{
function saveRoomData() {
global $con;
if( isset($_GET["NameXML"]))
{
$SQL= "INSERT INTO `Room` ( `Name`, `FromPentabarf` ) ".
if(isset($_GET["NameXML"])) {
$SQL = "INSERT INTO `Room` ( `Name`, `FromPentabarf` ) ".
"VALUES ('". mysql_escape_string($_GET["NameXML"]). "', 'Y');";
$Erg = mysql_query($SQL, $con);
if( $Erg )
echo "Aenderung, an Raum ". $_GET["NameXML"]. ", war erfogreich<br>";
if($Erg)
echo "Aenderung, an Raum ". $_GET["NameXML"]. ", war erfogreich<br />";
else
echo "Aenderung, an Raum ". $_GET["NameXML"]. ", war <u>nicht</u> erfogreich.(".
mysql_error($con). ")<br>[$SQL]<br>";
mysql_error($con). ")<br />[$SQL]<br />";
} else
echo "Fehler in den Parametern!<br />";
}
else
echo "Fehler in den Parametern!<br>";
} /*function saveRoomData*/
if( isset($_GET["RoomUpdate"]))
if(isset($_GET["RoomUpdate"]))
saveRoomData();
//INIT Status counter
$DS_KO = 0;
// INIT Status counter
$DS_KO = 0;
//Ausgabe
echo "<table border=\"0\">\n";
echo "<tr><th>Name</th><th>state</th></tr>\n";
if( $EnableSchudle)
foreach($XMLmain->sub as $EventKey => $Event)
{
if( $Event->name == "VEVENT")
{
// Ausgabe
echo "<table border=\"0\">\n";
echo "<tr><th>Name</th><th>state</th></tr>\n";
if($EnableSchudle) {
foreach($XMLmain->sub as $EventKey => $Event) {
if( $Event->name == "VEVENT") {
$NameXML = getXMLsubData( $Event, "LOCATION");
if( !isset( $RoomName[$NameXML]))
{
if( !isset( $RoomName[$NameXML])) {
$RoomName[$NameXML] = "";
if( isset($_GET["UpdateALL"]))
{
if(isset($_GET["UpdateALL"])) {
$_GET["NameXML"] = $NameXML;
saveRoomData();
CreateRoomArrays();
}
else
{
} else {
echo "<form action=\"dbUpdateFromXLS.php\">\n";
echo "\t<tr>\n";
echo "\t<td><input name=\"NameXML\" type=\"text\" value=\"$NameXML\" readonly></td>\n";
echo "\t<td><input type=\"submit\" name=\"RoomUpdate\" value=\"update\"></td>\n";
echo "<tr>\n";
echo "<td><input name=\"NameXML\" type=\"text\" value=\"$NameXML\" readonly></td>\n";
echo "<td><input type=\"submit\" name=\"RoomUpdate\" value=\"update\"></td>\n";
$DS_KO++;
echo "\t</tr>\n";
echo "</tr>\n";
echo "</form>\n";
echo "<br>";
echo "<br />";
}
}
}
}
}
}
echo "<tr><td colspan=\"6\">status: $DS_KO nicht vorhanden.</td></tr>\n";
echo "</table>\n";
echo "<tr><td colspan=\"6\">status: $DS_KO nicht vorhanden.</td></tr>\n";
echo "</table>\n";
?>

62
includes/funktion_xml_schudle.php
Unescape Escape View File

@ -1,4 +1,4 @@
<?PHP
<?php
/*##############################################################################################
s c h e d u l e
@ -69,7 +69,7 @@ function SaveSchedule()
$Erg = mysql_query($SQL, $con);
if( $Erg )
{
echo ", war erfogreich<br>\n";
echo ", war erfogreich<br />\n";
//SID auslesen
$SQL1 = "Select `SID` FROM `Shifts` WHERE `PSID`='". $_GET["PSIDXML"]. "';";
@ -109,7 +109,7 @@ function SaveSchedule()
if( $EngelNeeded > $EngelNeeded_Exist)
{
echo "---->Create Shifts for engeltype: ". TID2Type($EngelTypeID). " ".
($EngelNeeded-$EngelNeeded_Exist). "x<br>\n------>\n";
($EngelNeeded-$EngelNeeded_Exist). "x<br />\n------>\n";
for( $i=0; $i < ($EngelNeeded-$EngelNeeded_Exist); $i++ )
{
$SQL3 = "INSERT INTO `ShiftEntry` (`SID`, `TID`) VALUES (".
@ -120,9 +120,9 @@ function SaveSchedule()
echo "pass ";
else
echo "fail <u>". mysql_error($con).
"</u>($SQL3)<br>\n";
"</u>($SQL3)<br />\n";
}
echo "<br>\n";
echo "<br />\n";
}
else if ($EngelNeeded < $EngelNeeded_Exist)
{
@ -134,11 +134,11 @@ function SaveSchedule()
{
$EngelMin = $EngelNeeded_NotEmpty;
echo "---> WARING ". $EngelNeeded_NotEmpty.
" shift is used, can't del ". TID2Type($EngelTypeID). " shifts\t";
" shift is used, can't del ". TID2Type($EngelTypeID). " shifts";
}
echo "---->Delete empty Shifts for engeltype: ". TID2Type($EngelTypeID). " ".
($EngelNeeded_Exist-$EngelMin)."x<br>\n------>\n";
($EngelNeeded_Exist-$EngelMin)."x<br />\n------>\n";
for( $i=$EngelMin; $i<$EngelNeeded_Exist; $i++ )
{
$SQL3 = "DELETE FROM `ShiftEntry` ".
@ -151,13 +151,13 @@ function SaveSchedule()
echo "pass ";
else
echo "fail <u>". mysql_error($con).
"</u>($SQL3)<br>\n";
"</u>($SQL3)<br />\n";
}
echo "<br>\n";
echo "<br />\n";
}
else
{
// echo "---->Nothing to do, for engeltype: ". TID2Type($EngelTypeID). "<br>\n";
// echo "---->Nothing to do, for engeltype: ". TID2Type($EngelTypeID). "<br />\n";
}
}
}
@ -165,10 +165,10 @@ function SaveSchedule()
}
else
echo ", war <u>nicht</u> erfogreich.(".
mysql_error($con). ")<br>[$SQL]<br>\n";
mysql_error($con). ")<br />[$SQL]<br />\n";
}
else
echo "Fehler in den Parametern!<br>";
echo "Fehler in den Parametern!<br />";
} /*SaveSchedule*/
if( isset($_GET["ScheduleUpdate"]))
@ -192,7 +192,7 @@ foreach($XMLmain->sub as $EventKey => $Event)
if( $Event->name == "VEVENT")
{
echo "<form action=\"dbUpdateFromXLS.php\">\n";
echo "\t<tr>\n";
echo "<tr>\n";
$PSIDXML = getXMLsubData( $Event, "UID");
$DateXML =
@ -236,17 +236,17 @@ foreach($XMLmain->sub as $EventKey => $Event)
else
$SIDDB = $PSIDDB = $TimeDB = $LenDB = $RIDDB = $ManDB = $URLDB = "";
echo "\t<td><input name=\"PSIDXML\" type=\"text\" value=\"$PSIDXML\" size=\"2\" eadonly></td>\n";
echo "\t<td><input name=\"DateXML\" type=\"text\" value=\"$DateXML\" size=\"17\" readonly>\n\t\t".
echo "<td><input name=\"PSIDXML\" type=\"text\" value=\"$PSIDXML\" size=\"2\" eadonly></td>\n";
echo "<td><input name=\"DateXML\" type=\"text\" value=\"$DateXML\" size=\"17\" readonly>\n".
"<input name=\"DateDB\" type=\"text\" value=\"$TimeDB\" size=\"17\" readonly></td>\n";
echo "\t<td><input name=\"RIDXML\" type=\"text\" value=\"$RIDXML\" size=\"15\" readonly>\n\t\t".
echo "<td><input name=\"RIDXML\" type=\"text\" value=\"$RIDXML\" size=\"15\" readonly>\n".
"<input name=\"RIDDB\" type=\"text\" value=\"$RIDDB\" size=\"15\" readonly></td>\n";
echo "\t<td><input name=\"LenXML\" type=\"text\" value=\"$LenXML\" size=\"1\"readonly>\n\t\t".
echo "<td><input name=\"LenXML\" type=\"text\" value=\"$LenXML\" size=\"1\"readonly>\n".
"<input name=\"LenDB\" type=\"text\" value=\"$LenDB\" size=\"1\"readonly></td>\n";
echo "\t<td><input name=\"ManXML\" type=\"text\" value=\"$ManXML\" size=\"40\"readonly>\n\t\t".
echo "<td><input name=\"ManXML\" type=\"text\" value=\"$ManXML\" size=\"40\"readonly>\n".
"<input name=\"ManDB\" type=\"text\" value=\"$ManDB\" size=\"40\"readonly></td>\n";
echo "\t<td><input name=\"URLXML\" type=\"hidden\" value=\"$URLXML\"></td>\n";
echo "\t<td><input name=\"URLDB\" type=\"hidden\" value=\"$URLDB\"></td>\n";
echo "<td><input name=\"URLXML\" type=\"hidden\" value=\"$URLXML\"></td>\n";
echo "<td><input name=\"URLDB\" type=\"hidden\" value=\"$URLDB\"></td>\n";
if( !( $PSIDXML==$PSIDDB &&
$DateXML==$TimeDB &&
$RIDXML==$RIDDB &&
@ -254,15 +254,15 @@ foreach($XMLmain->sub as $EventKey => $Event)
$ManXML==$ManDB &&
$URLXML==$URLDB) )
{
echo "\t<td><input type=\"submit\" name=\"ScheduleUpdate\" value=\"update\"></td>\n";
echo "<td><input type=\"submit\" name=\"ScheduleUpdate\" value=\"update\"></td>\n";
$DS_KO++;
}
else
{
echo "\t<td>". funktion_isLinkAllowed_addLink_OrLinkText("admin/schichtplan.php?action=change&SID=".$SIDDB, "edit"). "</td>\n";
echo "<td>". funktion_isLinkAllowed_addLink_OrLinkText("admin/schichtplan.php?action=change&SID=".$SIDDB, "edit"). "</td>\n";
$DS_OK++;
}
echo "\t</tr>\n";
echo "</tr>\n";
echo "</form>\n";
$Where.= " OR `PSID`='$PSIDXML'";
}
@ -281,7 +281,7 @@ echo mysql_error($con);
if(mysql_num_rows($Erg2)>0 && $EnableSchudleDB )
for( $i=0; $i<mysql_num_rows( $Erg2); $i++)
{
echo "\t<tr>\n";
echo "<tr>\n";
$SID = mysql_result($Erg2, $i, "SID");
$Time = mysql_result($Erg2, $i, "DateS");
$Len = mysql_result($Erg2, $i, "Len");
@ -290,18 +290,18 @@ if(mysql_num_rows($Erg2)>0 && $EnableSchudleDB )
else
$RID = "RID.". mysql_result($Erg2, $i, "RID");
$Man = mysql_result($Erg2, $i, "Man");
echo "\t<td><input name=\"SIDXML\" type=\"text\" value=\"$SID\" size=\"2\" eadonly></td>\n";
echo "\t<td><input name=\"DateXML\" type=\"text\" value=\"\" size=\"17\" readonly>\n\t\t".
echo "<td><input name=\"SIDXML\" type=\"text\" value=\"$SID\" size=\"2\" eadonly></td>\n";
echo "<td><input name=\"DateXML\" type=\"text\" value=\"\" size=\"17\" readonly>\n".
"<input name=\"DateDB\" type=\"text\" value=\"$Time\" size=\"17\" readonly></td>\n";
echo "\t<td><input name=\"RIDXML\" type=\"text\" value=\"\" size=\"15\" readonly>\n\t\t".
echo "<td><input name=\"RIDXML\" type=\"text\" value=\"\" size=\"15\" readonly>\n".
"<input name=\"RIDDB\" type=\"text\" value=\"$RID\" size=\"15\" readonly></td>\n";
echo "\t<td><input name=\"LenXML\" type=\"text\" value=\"\" size=\"1\"readonly>\n\t\t".
echo "<td><input name=\"LenXML\" type=\"text\" value=\"\" size=\"1\"readonly>\n".
"<input name=\"LenDB\" type=\"text\" value=\"$Len\" size=\"1\"readonly></td>\n";
echo "\t<td><input name=\"ManXML\" type=\"text\" value=\"\" size=\"40\"readonly>\n\t\t".
echo "<td><input name=\"ManXML\" type=\"text\" value=\"\" size=\"40\"readonly>\n".
"<input name=\"ManDB\" type=\"text\" value=\"$Man\" size=\"40\"readonly></td>\n";
echo "\t<td>". funktion_isLinkAllowed_addLink_OrLinkText( "admin/schichtplan.php?action=change&SID=".$SID, "edit").
echo "<td>". funktion_isLinkAllowed_addLink_OrLinkText( "admin/schichtplan.php?action=change&SID=".$SID, "edit").
"</td>\n";
echo "\t<tr>\n";
echo "<tr>\n";
}
echo "</table>";

26
includes/funktionen.php
Unescape Escape View File

@ -1,26 +0,0 @@
<?php
/* Schichtverplanung im Adminbereich */
function Dsubstr($DateString,$re) {
if ($re==1)
return substr($DateString, 0, 2);
elseif ($re==2)
return substr($DateString, 3, 2);
else
return substr($DateString, 6, 4);
}
/* Schichtverplanung im Engelbereich */
function engeldate($edate,$m) {
if ($m==t)
return substr($edate, 8, 2);
elseif ($m==m)
return substr($edate, 5, 2);
elseif ($m==u)
return substr($edate, 11, 5);
else
return substr($edate, 0, 4);
}
?>

163
includes/header.php
Unescape Escape View File

@ -1,137 +1,102 @@
<?PHP
include ("header_start.php");
<?php
include "header_start.php";
echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n";
echo "<!DOCTYPE html>\n";
?>
<HTML>
<HEAD>
<?PHP
<html>
<head>
<title><?php echo $title; ?> - Engelsystem</title>
<meta charset="UTF-8" />
<meta http-equiv="content-type" content="text/html;charset=utf-8" />
<meta name="content-style-type" content="text/css" />
<meta name="keywords" content="Engel, Himmelsverwaltung" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<meta http-equiv="expires" content="0" />
<meta name="robots" content="index" />
<meta name="revisit-after" content="1 days" />
<script type="text/javascript" src="css/grossbild.js"></script>
<link rel="stylesheet" type="text/css" href="css/base.css" />
<link rel="stylesheet" type="text/css" href="css/style<?php echo isset($_SESSION['color']) ? $_SESSION['color'] : $default_theme ?>.css" />
<link rel="stylesheet" type="text/css" href="../css/base.css" />
<link rel="stylesheet" type="text/css" href="../css/style<?php echo isset($_SESSION['color']) ? $_SESSION['color'] : $default_theme ?>.css" />
echo "<TITLE>--- $title ---</TITLE>\n";
?>
<meta name="keywords" content="Engel, Himmelsverwaltung">
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
<meta http-equiv="Content-Style-Type" content="text/css">
<meta http-equiv="expires" content="0">
<meta name="robots" content="index">
<meta name="revisit-after" content="1 days">
<meta http-equiv="content-language" content="de">
<script type="text/javascript" src="<?PHP echo $url. $ENGEL_ROOT; ?>/css/grossbild.js"></script>
<link rel=stylesheet type="text/css" href="<?PHP echo $url. $ENGEL_ROOT; ?>css/style<?PHP
if (!IsSet($_SESSION['color']))
echo "6";
else
echo $_SESSION['color'];
?>.css">
<?PHP
if (isset($reload))
{
if ($reload=="")
{
$reload=3330;
}
echo "\n<meta http-equiv=\"refresh\" content=\"".$reload.
"; URL=./?reload=".$reload."\">\n";
}
<?php
if (isset ($reload)) {
if ($reload == "")
$reload = 3330;
if (isset($Page["AutoReload"]))
{
echo "\n<meta http-equiv=\"refresh\" content=\"". $Page["AutoReload"].
"; URL=". $url. $ENGEL_ROOT. $Page["Name"]."\">\n";
echo "\n<meta http-equiv=\"refresh\" content=\"" . $reload . "; URL=./?reload=" . $reload . "\">\n";
}
echo "</HEAD>\n";
if (isset ($Page["AutoReload"]))
echo "\n<meta http-equiv=\"refresh\" content=\"" . $Page["AutoReload"] .
"; URL=" . $url . $ENGEL_ROOT . $Page["Name"] . "\">\n";
echo "</head>\n";
/////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////// B O D Y
/////////////////////////////////////////////////////////////////////////////////////////////
echo "<BODY>\n";
echo "<div name=\"topic\" align=\"center\">\n\n";
if( isset($_SESSION['color']) && ($_SESSION['color']==6) )
{
echo "\t<a name=\"#top\"><img src=\"". $url. $ENGEL_ROOT. "pic/himmel_w.png\" alt=\"Unser Himmel\"></a>\n";
}
else
{
echo "\t<a name=\"#top\"><img src=\"". $url. $ENGEL_ROOT. "pic/himmel.png\" alt=\"Unser Himmel\"></a>\n";
}
echo "</div>\n\n";
echo "<body class=\"background\">\n";
echo '<header><a href="' . $url . $ENGEL_ROOT . '" id="logo"></a></header>';
//ausgabe new message
if( isset($_SESSION['CVS']["nonpublic/messages.php"]))
{
if( $_SESSION['CVS']["nonpublic/messages.php"] == "Y")
{
$SQL = "SELECT `Datum` FROM `Messages` WHERE `RUID`=". $_SESSION["UID"]. " AND `isRead`='N'";
if (isset ($_SESSION['CVS']["nonpublic/messages.php"])) {
if ($_SESSION['CVS']["nonpublic/messages.php"] == "Y") {
$SQL = "SELECT `Datum` FROM `Messages` WHERE `RUID`=" . $_SESSION["UID"] . " AND `isRead`='N'";
$erg = mysql_query($SQL, $con);
if( mysql_num_rows( $erg ) > 0 )
echo "<br><a href=\"". $url. $ENGEL_ROOT.
"nonpublic/messages.php\">". Get_Text("pub_messages_new1").
" ". mysql_num_rows( $erg ). " ".
Get_Text("pub_messages_new2"). "</a><br><br>";
if (mysql_num_rows($erg) > 0)
echo "<br /><a href=\"" . $url . $ENGEL_ROOT .
"nonpublic/messages.php\">" . Get_Text("pub_messages_new1") .
" " . mysql_num_rows($erg) . " " .
Get_Text("pub_messages_new2") . "</a><br /><br />";
}
}
?>
<table width="95%" align="center" border="0" cellpadding="7" cellspacing="0">
<tr>
<?PHP
//ausgaeb Menu
if( !isset($_SESSION['Menu'])) $_SESSION['Menu'] = "L";
if( $_SESSION['Menu'] =="L") include("menu.php");
?>
<div id="body">
<div id="menu">
<?php
<td valign="top" align="center">
<table border="0" width="100%" align="center" class="border" cellpadding="5" cellspacing="1">
<tr class="contenttopic">
<td>
<?PHP
echo "\t<a name=\"#$header\" class=\"contenttopic\">";
if( strlen( $header) == 0 )
echo "\n\t<b>". Get_Text($Page["Name"]). "</b></a>\n";
else
echo "\n\t<b>$header</b></a>\n";
//ausgaeb Menu
if (!isset ($_SESSION['Menu']))
$_SESSION['Menu'] = "L";
if ($_SESSION['Menu'] == "L")
include ("menu.php");
?>
</td>
</tr>
<tr class="content">
<td>
<br>
</div>
<div id="content" class="container">
<?php
echo "\n\n\n";
if (IsSet($_SESSION['UID'])) {
if( isset($_SESSION['oldurl']))
echo '<h1>' . (strlen($header) == 0 ? Get_Text($Page["Name"]) : $header) . '</h1>';
echo '<article class="content">';
if (isset ($_SESSION['UID'])) {
if (isset ($_SESSION['oldurl']))
$BACKUP_SESSION_OLDURL = $_SESSION['oldurl'];
if( isset($_SESSION['newurl']))
if (isset ($_SESSION['newurl']))
$_SESSION['oldurl'] = $_SESSION['newurl'];
$_SESSION['newurl'] = $_SERVER["REQUEST_URI"];
}
function SetHeaderGo2Back ()
{
function SetHeaderGo2Back() {
global $BACKUP_SESSION_OLDURL;
$_SESSION['oldurl'] = $BACKUP_SESSION_OLDURL;
}
if ($Page["CVS"] != "Y") {
echo "Du besitzt kein Rechte f&uuml;r diesen Bereich.<br />\n";
if ( $Page["CVS"] != "Y" )
{
echo "Du besitzt kein Rechte für diesen Bereich.<br>\n";
If (IsSet($_SESSION['oldurl']))
echo "<a href=\"". $_SESSION["oldurl"]. "\">".Get_Text("back")."</a> geht's zur&uuml;ck...\n";
if (isset ($_SESSION['oldurl']))
echo "<a href=\"" . $_SESSION["oldurl"] . "\">hier</a> gehts zur&uuml;ck...\n";
else
echo "<a href=\"". $url. $ENGEL_ROOT. "\">".Get_Text("back")."</a> geht's zur&uuml;ck...\n";
echo "<a href=\"" . $url . $ENGEL_ROOT . "\">hier</a> geht's zur&uuml;ck...\n";
exit ();
}
?>
<!-- ende des header parts //-->

50
includes/header_start.php
Unescape Escape View File

@ -1,50 +0,0 @@
<?PHP
ini_set( "session.gc_maxlifetime", "65535");
include ("config.php");
include ("error_handler.php");
include ("config_db.php");
include ("funktion_lang.php");
include ("funktion_faq.php"); //für noAnswer() im menu
include ("funktion_menu.php");
include ("funktion_user.php");
if( isset($SystemDisableMessage) && ( strlen($SystemDisableMessage)>0) )
{
echo "<HTML>\n".
"<BODY>\n". $SystemDisableMessage. "\n<BODY>\n".
"</HTML>";
die();
}
if( !isset($_SESSION))
{
session_start();
}
include ("secure.php");
if( !isset($_SESSION['IP']))
{
$_SESSION['IP'] = $_SERVER['REMOTE_ADDR'];
}
if (IsSet($_SESSION['UID']) and ($_SESSION['IP'] <> $_SERVER['REMOTE_ADDR']))
{
session_destroy ();
header("Location: $url". $ENGEL_ROOT );
}
include ("UserCVS.php");
//UPdate LASTlogin
if( isset($_SESSION['UID']))
{
$SQLlastLogIn = "UPDATE `User` SET ".
"`lastLogIn` = '". gmdate("Y-m-j H:i:s", time()). "'".
" WHERE `UID` = '". $_SESSION['UID']. "' LIMIT 1;";
mysql_query ($SQLlastLogIn, $con);
}
?>

18
includes/login_eingabefeld.php
Unescape Escape View File

@ -1,18 +0,0 @@
<?PHP
include ("config.php");
echo "<form action=\"". $url. $ENGEL_ROOT. "nonpublic/index.php\" method=\"post\">";
echo "<table>\n".
"\t<tr>".
"\t\t<td align=\"right\">". Get_Text("index_lang_nick"). "</td>".
"\t\t<td><input type=\"text\" name=\"user\" size=\"23\"></td>".
"\t</tr>".
"\t<tr>".
"\t\t<td align=\"right\">". Get_Text("index_lang_pass"). "</td>".
"\t\t<td><input type=\"password\" name=\"password\" size=\"23\"></td>".
"\t</tr>".
"</table>".
"<br><input type=\"submit\" value=\"". Get_Text("index_lang_send"). "\">";
echo "</form>";

63
includes/menu.php
Unescape Escape View File

@ -1,63 +0,0 @@
<!-- anfang des menue parts //-->
<td width="160" valign="top">
<?PHP
$MenueTableStart="
<table align=\"center\" class=\"border\" cellpadding=\"3\" cellspacing=\"1\">
<tr>
<td width=\"160\" class=\"menu\">
";
$MenueTableEnd="
<br>
</td>
</tr>
</table><br>
";
ShowMenu("");
ShowMenu("nonpublic");
ShowMenu("admin");
if( !isset($submenus))
$submenus = 0;
if ($submenus >= 1 ) {
$inc_name=$_SERVER['PHP_SELF'];
$filenamepos=strrpos($inc_name, '/');
$filenamepos+=1;
$filename = substr ($inc_name, $filenamepos );
$filepost = substr ($filename, 0, -4);
$filepre = substr ($filename, -4 );
$verzeichnis = substr ($inc_name, 0 , $filenamepos);
for ($index_nummer=1; $index_nummer <= $submenus; $index_nummer++) {
?>
<table align="center" class="border" cellpadding="3" cellspacing="1">
<tr>
<td width="160" class="menu">
<?php include ("./".$filepost.".".$index_nummer.$filepre); ?>
</td>
</tr>
</table>
<br>
<?PHP
}
}
if( isset($_SESSION['UID']))
{
?>
<table align="center" class="border" cellpadding="3" cellspacing="1">
<tr>
<td width="160" class="menu">
<?php include("funktion_activeUser.php"); ?>
</td>
</tr>
</table>
<?PHP
}
?>
</td>
<!-- ende des menue parts //-->

96
includes/pages/admin_angel_types.php
Unescape Escape View File

@ -0,0 +1,96 @@
<?php
function admin_angel_types() {
$html = "";
if (!isset ($_REQUEST['action'])) {
$table = "";
$angel_types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `Name`");
foreach ($angel_types as $angel_type)
$table .= sprintf(
'<tr><td>%s</td><td>%s</td><td>'
. '<a href="%s&action=edit&id=%s">Edit</a></td></tr>',
$angel_type['Name'], $angel_type['Man'],
page_link_to("admin_angel_types"),
$angel_type['TID']
);
$html .= template_render('../templates/admin_angel_types.html', array (
'link' => page_link_to("admin_angel_types"),
'table' => $table
));
} else {
switch ($_REQUEST['action']) {
case 'create' :
$name = strip_request_item("name");
$man = strip_request_item("man");
sql_query("INSERT INTO `AngelTypes` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "'");
header("Location: " . page_link_to("admin_angel_types"));
break;
case 'edit' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing AngelType ID.");
$angel_type = sql_select("SELECT * FROM `AngelTypes` WHERE `TID`=" . sql_escape($id) . " LIMIT 1");
if (count($angel_type) > 0) {
list ($angel_type) = $angel_type;
$html .= template_render(
'../templates/admin_angel_types_edit_form.html', array (
'link' => page_link_to("admin_angel_types"),
'id' => $id,
'name' => $angel_type['Name'],
'man' => $angel_type['Man']
));
} else
return error("No Angel Type found.");
break;
case 'save' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing AngelType ID.");
$angel_type = sql_select("SELECT * FROM `AngelTypes` WHERE `TID`=" . sql_escape($id) . " LIMIT 1");
if (count($angel_type) > 0) {
list ($angel_type) = $angel_type;
$name = strip_request_item("name");
$man = strip_request_item("man");
sql_query("UPDATE `AngelTypes` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "' WHERE `TID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("admin_angel_types"));
} else
return error("No Angel Type found.");
break;
case 'delete' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing AngelType ID.");
$angel_type = sql_select("SELECT * FROM `AngelTypes` WHERE `TID`=" . sql_escape($id) . " LIMIT 1");
if (count($angel_type) > 0) {
sql_query("DELETE FROM `AngelTypes` WHERE `TID`=" . sql_escape($id) . " LIMIT 1");
sql_query("DELETE FROM `RoomAngelTypes` WHERE `angel_type_id`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("admin_angel_types"));
} else
return error("No Angel Type found.");
break;
}
}
return $html;
}
?>

105
includes/pages/admin_faq.php
Unescape Escape View File

@ -0,0 +1,105 @@
<?php
function admin_faq() {
if (!isset ($_REQUEST['action'])) {
$faqs_html = "";
$faqs = sql_select("SELECT * FROM `FAQ`");
foreach ($faqs as $faq) {
$faqs_html .= sprintf(
'<tr><td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>'
. '<td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>'
. '<td><a href="%s&action=edit&id=%s">Edit</a></td></tr>',
$faq['Frage_de'], $faq['Antwort_de'],
$faq['Frage_en'], $faq['Antwort_en'],
page_link_to('admin_faq'), $faq['FID']
);
}
return template_render('../templates/admin_faq.html', array (
'link' => page_link_to("admin_faq"),
'faqs' => $faqs_html
));
} else {
switch ($_REQUEST['action']) {
case 'create' :
$frage = strip_request_item_nl('frage');
$antwort = strip_request_item_nl('antwort');
$question = strip_request_item_nl('question');
$answer = strip_request_item_nl('answer');
sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage)
. "', `Frage_en`='" . sql_escape($question)
. "', `Antwort_de`='" . sql_escape($antwort)
. "', `Antwort_en`='" . sql_escape($answer)
. "'"
);
header("Location: " . page_link_to("admin_faq"));
break;
case 'save' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing FAQ ID.");
$faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
if (count($faq) > 0) {
list ($faq) = $faq;
$frage = strip_request_item_nl('frage');
$antwort = strip_request_item_nl('antwort');
$question = strip_request_item_nl('question');
$answer = strip_request_item_nl('answer');
sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage)
. "', `Frage_en`='" . sql_escape($question)
. "', `Antwort_de`='" . sql_escape($antwort)
. "', `Antwort_en`='" . sql_escape($answer)
. "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1"
);
header("Location: " . page_link_to("admin_faq"));
} else
return error("No FAQ found.");
break;
case 'edit' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing FAQ ID.");
$faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
if (count($faq) > 0) {
list ($faq) = $faq;
return template_render('../templates/admin_faq_edit_form.html', array (
'link' => page_link_to("admin_faq"),
'id' => $id,
'frage' => $faq['Frage_de'],
'antwort' => $faq['Antwort_de'],
'question' => $faq['Frage_en'],
'answer' => $faq['Antwort_en']
));
} else
return error("No FAQ found.");
break;
case 'delete' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing FAQ ID.");
$faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
if (count($faq) > 0) {
list ($faq) = $faq;
sql_query("DELETE FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("admin_faq"));
} else
return error("No FAQ found.");
break;
}
}
}
?>

91
includes/pages/admin_groups.php
Unescape Escape View File

@ -0,0 +1,91 @@
<?php
function admin_groups() {
global $user;
$html = "";
$groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`");
if (!isset ($_REQUEST["action"])) {
$groups_html = "";
foreach ($groups as $group) {
$groups_html .= sprintf(
'<tr><td>%s</td>',
$group['Name']
);
$privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID']));
$privileges_html = array ();
foreach ($privileges as $priv)
$privileges_html[] = $priv['name'];
$groups_html .= sprintf(
'<td>%s</td>'
. '<td><a href="%s&action=edit&id=%s">Ändern</a></td>',
join(', ', $privileges_html),
page_link_to("admin_groups"),
$group['UID']
);
}
return template_render('../templates/admin_groups.html', array (
'nick' => $user['Nick'],
'groups' => $groups_html
));
} else {
switch ($_REQUEST["action"]) {
case 'edit' :
if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing Groups ID.");
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
if (count($room) > 0) {
list ($room) = $room;
$privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`");
$privileges_html = "";
foreach ($privileges as $priv)
$privileges_html .= sprintf(
'<tr><td><input type="checkbox" '
. 'name="privileges[]" value="%s" %s />'
. '</td> <td>%s</td> <td>%s</td></tr>',
$priv['id'],
($priv['group_id'] != ""
? 'checked="checked"'
: ''),
$priv['name'],
$priv['desc']
);
$html .= template_render('../templates/admin_groups_edit_form.html', array (
'link' => page_link_to("admin_groups"),
'id' => $id,
'privileges' => $privileges_html
));
} else
return error("No Group found.");
break;
case 'save' :
if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing Groups ID.");
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
if (!is_array($_REQUEST['privileges']))
$_REQUEST['privileges'] = array ();
if (count($room) > 0) {
list ($room) = $room;
sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id));
foreach ($_REQUEST['privileges'] as $priv)
if (preg_match("/^[0-9]{1,}$/", $priv) && sql_num_query("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv)) > 0)
sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv));
header("Location: " . page_link_to("admin_groups"));
} else
return error("No Group found.");
break;
}
}
return $html;
}
?>

253
includes/pages/admin_import.php
Unescape Escape View File

@ -0,0 +1,253 @@
<?php
function admin_import() {
global $Room, $RoomID, $RoomName;
global $PentabarfGetWith, $PentabarfXMLpath, $PentabarfXMLhost;
require_once ("includes/funktion_xml.php");
///////////
// DEBUG //
///////////
$ShowDataStrukture = 0;
$EnableRoomFunctions = 1;
$EnableRooms = 1;
$EnableSchudleFunctions = 1;
$EnableSchudle = 1;
$EnableSchudleDB = 1;
CreateRoomArrays();
$html = "";
/*##############################################################################################
F I L E
##############################################################################################*/
$html .= "\n\n<br />\n<h1>XML File:</h1>\n";
if (isset ($_POST["PentabarfUser"]) && isset ($_POST["password"]) && isset ($_POST["PentabarfURL"])) {
$html .= "Update XCAL-File from Pentabarf..";
if ($PentabarfGetWith == "fsockopen") {
//backup error messeges and delate
$Backuperror_messages = $error_messages;
$fp = fsockopen("ssl://$PentabarfXMLhost", 443, $errno, $errstr, 30);
// $error_messages = $Backuperror_messages;
if (!$fp) {
$html .= "<h2>fail: File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_POST["PentabarfURL"] . "' not readable!" .
"[$errstr ($errno)]</h2>";
} else {
if (($fileOut = fopen("$Tempdir/engelXML", "w")) != FALSE) {
$head = 'GET /' . $PentabarfXMLpath . $_POST["PentabarfURL"] . ' HTTP/1.1' . "\r\n" .
'Host: ' . $PentabarfXMLhost . "\r\n" .
'User-Agent: Engelsystem' . "\r\n" .
'Authorization: Basic ' .
base64_encode($_POST["PentabarfUser"] . ':' . $_POST["password"]) . "\r\n" .
"\r\n";
fputs($fp, $head);
$Zeilen = -1;
while (!feof($fp)) {
$Temp = fgets($fp, 1024);
// ende des headers
if ($Temp == "f20\r\n") {
$Zeilen = 0;
$Temp = "";
}
//file ende?
if ($Temp == "0\r\n")
break;
if (($Zeilen > -1) && ($Temp != "ffb\r\n")) {
//steuerzeichen ausfiltern
if (strpos("#$Temp", "\r\n") > 0)
$Temp = substr($Temp, 0, strlen($Temp) - 2);
if (strpos("#$Temp", "1005") > 0)
$Temp = "";
if (strpos("#$Temp", "783") > 0)
$Temp = "";
//schreiben in file
fputs($fileOut, $Temp);
$Zeilen++;
}
}
fclose($fileOut);
$html .= "<br />Es wurden $Zeilen Zeilen eingelesen<br />";
} else
$html .= "<h2>fail: File '$Tempdir/engelXML' not writeable!</h2>";
fclose($fp);
}
}
elseif ($PentabarfGetWith == "fopen") {
//user uns password in url einbauen
$FileNameIn = "https://" . $_POST["PentabarfUser"] . ':' . $_POST["password"] . "@" .
$PentabarfXMLhost . "/" . $PentabarfXMLpath . $_POST["PentabarfURL"];
if (($fileIn = fopen($FileNameIn, "r")) != FALSE) {
if (($fileOut = fopen("$Tempdir/engelXML", "w")) != FALSE) {
$Zeilen = 0;
while (!feof($fileIn)) {
$Zeilen++;
fputs($fileOut, fgets($fileIn));
}
fclose($fileOut);
$html .= "<br />Es wurden $Zeilen Zeilen eingelesen<br />";
} else
$html .= "<h2>fail: File '$Tempdir/engelXML' not writeable!</h2>";
fclose($fileIn);
} else
$html .= "<h2>fail: File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_POST["PentabarfURL"] . "' not readable!</h2>";
}
elseif ($PentabarfGetWith == "wget") {
$Command = "wget --http-user=" . $_POST["PentabarfUser"] . " --http-passwd=" . $_POST["password"] . " " .
"https://$PentabarfXMLhost/$PentabarfXMLpath" . $_POST["PentabarfURL"] .
" --output-file=$Tempdir/engelXMLwgetLog --output-document=$Tempdir/engelXML" .
" --no-check-certificate";
$html .= system($Command, $Status);
if ($Status == 0)
$html .= "OK.<br />";
else
$html .= "fail ($Status)($Command).<br />";
}
elseif ($PentabarfGetWith == "lynx") {
$Command = "lynx -auth=" . $_POST["PentabarfUser"] . ":" . $_POST["password"] . " -dump " .
"https://$PentabarfXMLhost/$PentabarfXMLpath" . $_POST["PentabarfURL"] . " > $Tempdir/engelXML";
$html .= system($Command, $Status);
if ($Status == 0)
$html .= "OK.<br />";
else
$html .= "fail ($Status)($Command).<br />";
}
elseif ($PentabarfGetWith == "fopen") {
//user uns password in url einbauen
$FileNameIn = "https://" . $_POST["PentabarfUser"] . ':' . $_POST["password"] . "@" .
$PentabarfXMLhost . "/" . $PentabarfXMLpath . $_POST["PentabarfURL"];
if (($fileIn = fopen($FileNameIn, "r")) != FALSE) {
if (($fileOut = fopen("$Tempdir/engelXML", "w")) != FALSE) {
$Zeilen = 0;
while (!feof($fileIn)) {
$Zeilen++;
fputs($fileOut, fgets($fileIn));
}
fclose($fileOut);
$html .= "<br />Es wurden $Zeilen Zeilen eingelesen<br />";
} else
$html .= "<h2>fail: File '$Tempdir/engelXML' not writeable!</h2>";
fclose($fileIn);
} else
$html .= "<h2>fail: File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_POST["PentabarfURL"] . "' not readable!</h2>";
}
elseif ($PentabarfGetWith == "wget") {
$Command = "wget --http-user=" . $_POST["PentabarfUser"] . " --http-passwd=" . $_POST["password"] . " " .
"https://$PentabarfXMLhost/$PentabarfXMLpath" . $_POST["PentabarfURL"] .
" --output-file=$Tempdir/engelXMLwgetLog --output-document=$Tempdir/engelXML" .
" --no-check-certificate";
$html .= system($Command, $Status);
if ($Status == 0)
$html .= "OK.<br />";
else
$html .= "fail ($Status)($Command).<br />";
}
elseif ($PentabarfGetWith == "lynx") {
$Command = "lynx -auth=" . $_POST["PentabarfUser"] . ":" . $_POST["password"] . " -dump " .
"https://$PentabarfXMLhost/$PentabarfXMLpath" . $_POST["PentabarfURL"] . " > $Tempdir/engelXML";
$html .= system($Command, $Status);
if ($Status == 0)
$html .= "OK.<br />";
else
$html .= "fail ($Status)($Command).<br />";
} else
$html .= "<h1>The PentabarfGetWith='$PentabarfGetWith' not supported</h1>";
} else {
$html .= "<form action=\"dbUpdateFromXLS.php\" method=\"post\">\n";
$html .= "<table border=\"0\">\n";
$html .= "\t<tr><td>XCAL-File: https://$PentabarfXMLhost/$PentabarfXMLpath</td>" .
"<td><input name=\"PentabarfURL\" type=\"text\" size=\"4\" maxlength=\"5\" " .
"value=\"$PentabarfXMLEventID\"></td></tr>\n";
$html .= "\t<tr><td>Username:</td>" .
"<td><input name=\"PentabarfUser\" type=\"text\" size=\"30\" maxlength=\"30\"></td></tr>\n";
$html .= "\t<tr><td>Password:</td>" .
"<td><input name=\"password\" type=\"password\" size=\"30\" maxlength=\"30\"></td></tr>\n";
$html .= "\t<tr><td></td><td><input type=\"submit\" name=\"FileUpload\" value=\"upload\"></td></tr>\n";
$html .= "</table>\n";
$html .= "</form>\n";
}
//readXMLfile("xml.php.xml");
if (readXMLfile("../import/27C3_sample.xcs.xml") == 0) {
$XMLmain = getXMLsubPease($XMLmain, "VCALENDAR");
if ($ShowDataStrukture) {
$html .= "<pre><br />";
$html .= $XMLmain->name;
$html .= "<br />";
print_r(array_values($XMLmain->sub));
$html .= "</pre>";
}
/*
$html .= "<br />";
$Feld=7;
$html .= "$Feld#". $XMLmain->sub[$Feld]->name. "<br />";
$html .= "$Feld#". $XMLmain->sub[$Feld]->sub;
//print_r(array_values ($XMLmain->sub[$Feld]->sub));
while(list($key, $value) = each($XMLmain->sub[$Feld]->sub))
$html .= "?ID".$value->sub[1]->data. "=". $value->sub[2]->data. "\n";
$html .= "</pre>";
*/
/*##############################################################################################
V e r s i o n
##############################################################################################*/
$html .= "<hr>\n";
$XMLrelease = getXMLsubPease($XMLmain, "X-WR-CALDESC");
$html .= "release: " . $XMLrelease->data . "<br />\n";
//$XMLreleaseDate = getXMLsubPease( $XMLmain, "RELEASE-DATE");
//$html .= "release date: ". $XMLreleaseDate->data. "<br />\n";
$html .= "<hr>\n";
/*##############################################################################################
V e r s i o n
##############################################################################################*/
if ($EnableRoomFunctions)
include ("includes/funktion_xml_room.php");
if ($EnableSchudleFunctions)
include ("includes/funktion_xml_schudle.php");
/*##############################################################################################
U P D A T E A L L
##############################################################################################*/
$html .= "\n\n<br />\n<h1>Update ALL:</h1>\n";
$html .= "<form action=\"dbUpdateFromXLS.php\">\n";
$html .= "\t<input type=\"submit\" name=\"UpdateALL\" value=\"now\">\n";
$html .= "</form>\n";
} //if XMLopenOOK
return $html;
}
/*##############################################################################################
erstellt Arrays der Reume
##############################################################################################*/
function CreateRoomArrays() {
global $Room, $RoomID, $RoomName, $con;
$sql = "SELECT `RID`, `Name` FROM `Room` " .
"WHERE `Show`='Y'" .
"ORDER BY `Number`, `Name`;";
$Erg = mysql_query($sql, $con);
$rowcount = mysql_num_rows($Erg);
for ($i = 0; $i < $rowcount; $i++) {
$Room[$i]["RID"] = mysql_result($Erg, $i, "RID");
$Room[$i]["Name"] = mysql_result($Erg, $i, "Name");
$RoomID[mysql_result($Erg, $i, "RID")] = mysql_result($Erg, $i, "Name");
$RoomName[mysql_result($Erg, $i, "Name")] = mysql_result($Erg, $i, "RID");
}
}
?>

110
includes/pages/admin_language.php
Unescape Escape View File

@ -0,0 +1,110 @@
<?php
function admin_language() {
global $user;
$html = "";
if (!isset ($_POST["TextID"])) {
$html .= Get_Text("Hello") . $user['Nick'] . ", <br />\n";
$html .= Get_Text("pub_sprache_text1") . "<br /><br />\n";
$html .= "<a href=\"" . page_link_to("admin_language") . "&ShowEntry=y\">" . Get_Text("pub_sprache_ShowEntry") . "</a>";
// ausgabe Tabellenueberschift
$SQL_Sprachen = "SELECT `Sprache` FROM `Sprache` GROUP BY `Sprache`;";
$erg_Sprachen = sql_query($SQL_Sprachen);
for ($i = 0; $i < mysql_num_rows($erg_Sprachen); $i++)
$Sprachen[mysql_result($erg_Sprachen, $i, "Sprache")] = $i;
$html .= "\t<table border=\"0\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n\t\t<tr>";
$html .= "\t\t<td class=\"contenttopic\"><b>" . Get_Text("pub_sprache_TextID") . "</b></td>";
foreach ($Sprachen as $Name => $Value)
$html .= "<td class=\"contenttopic\"><b>" .
Get_Text("pub_sprache_Sprache") . " " . $Name .
"</b></td>";
$html .= "\t\t<td class=\"contenttopic\"><b>" . Get_Text("pub_sprache_Edit") . "</b></td>";
$html .= "\t\t</tr>";
if (isset ($_GET["ShowEntry"])) {
// ausgabe eintraege
$SQL = "SELECT * FROM `Sprache` ORDER BY `TextID`;";
$erg = sql_query($SQL);
$TextID_Old = mysql_result($erg, 0, "TextID");
for ($i = 0; $i < mysql_num_rows($erg); $i++) {
$TextID_New = mysql_result($erg, $i, "TextID");
if ($TextID_Old != $TextID_New) {
$html .= "<form action=\"" . page_link_to("admin_language") . "\" method=\"post\">";
$html .= "<tr class=\"content\">\n";
$html .= "\t\t<td>$TextID_Old " .
"<input name=\"TextID\" type=\"hidden\" value=\"$TextID_Old\"> </td>\n";
foreach ($Sprachen as $Name => $Value) {
$Value = html_entity_decode($Value, ENT_QUOTES);
$html .= "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Value</textarea></td>\n";
$Sprachen[$Name] = "";
}
$html .= "\t\t<td><input type=\"submit\" value=\"Save\"></td>\n";
$html .= "</tr>";
$html .= "</form>\n";
$TextID_Old = $TextID_New;
}
$Sprachen[mysql_result($erg, $i, "Sprache")] = mysql_result($erg, $i, "Text");
} /*FOR*/
}
//fuer neu eintraege
$html .= "<form action=\"" . page_link_to("admin_language") . "\" method=\"post\">";
$html .= "<tr class=\"content\">\n";
$html .= "\t\t<td><input name=\"TextID\" type=\"text\" size=\"40\" value=\"new\"> </td>\n";
foreach ($Sprachen as $Name => $Value)
$html .= "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Name Text</textarea></td>\n";
$html .= "\t\t<td><input type=\"submit\" value=\"Save\"></td>\n";
$html .= "</tr>";
$html .= "</form>\n";
$html .= "</table>\n";
} /*if( !isset( $TextID ) )*/
else {
$html .= "edit: " . $_POST["TextID"] . "<br /><br />";
foreach ($_POST as $k => $v) {
if ($k != "TextID") {
$sql_test = "SELECT * FROM `Sprache` " .
"WHERE `TextID`='" . sql_escape($_POST["TextID"])
. "' AND `Sprache`='"
. sql_escape($k) . "'";
$erg_test = sql_query($sql_test);
if (mysql_num_rows($erg_test) == 0) {
$sql_save = "INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) " .
"VALUES ('" . sql_escape($_POST["TextID"]) . "', '"
. sql_escape($k) . "', '"
. sql_escape($v) . "')";
$html .= $sql_save . "<br />";
$Erg = sql_query($sql_save);
$html .= success("$k Save: OK<br />\n");
} else
if (mysql_result($erg_test, 0, "Text") != $v) {
$sql_save = "UPDATE `Sprache` SET `Text`='"
. sql_escape($v) . "' " .
"WHERE `TextID`='"
. sql_escape($_POST["TextID"])
. "' AND `Sprache`='" . sql_escape($k) . "' ";
$html .= $sql_save . "<br />";
$Erg = sql_query($sql_save);
$html .= success(" $k Update: OK<br />\n");
} else
$html .= "\t $k no changes<br />\n";
}
}
}
return $html;
}
?>

76
includes/pages/admin_log.php
Unescape Escape View File

@ -0,0 +1,76 @@
<?php
function admin_log() {
require_once ("includes/funktion_db_list.php");
$html = "";
$SQL = "SELECT * FROM `ChangeLog` ORDER BY `Time` DESC LIMIT 0,10000";
$Erg = sql_query($SQL);
if (mysql_num_rows($Erg) > 0) {
$html .= "<table border=1>\n";
$html .= "<tr>\n\t<th>Time</th>\n\t<th>User</th>\n\t<th>Commend</th>\n\t<th>SQL Command</th>\n</tr>\n";
for ($n = 0; $n < mysql_num_rows($Erg); $n++) {
$html .= "<tr>\n";
$html .= "\t<td>" . mysql_result($Erg, $n, "Time") . "</td>\n";
$html .= "\t<td>" . UID2Nick(mysql_result($Erg, $n, "UID")) . displayavatar(mysql_result($Erg, $n, "UID")) . "</td>\n";
$html .= "\t<td>" . mysql_result($Erg, $n, "Commend") . "</td>\n";
$html .= "\t<td>" . mysql_result($Erg, $n, "SQLCommad") . "</td>\n";
$html .= "</tr>\n";
}
$html .= "</table>\n";
} else {
$html .= "Log is empty...";
}
$html .= "<hr />";
$html .= "<h1>Web Counter</h1>";
$html .= funktion_db_list("Counter");
/*
$html .= "<h1>Raeume</h1> <br />";
funktion_db_list("Raeume");
$html .= "<h1>Schichtbelegung</h1> <br />";
funktion_db_list("Schichtbelegung");
$html .= "<h1>Schichtplan</h1> <br />Hier findest du alle bisher eingetragenen Schichten:";
funktion_db_list("Schichtplan");
$html .= "<h1>User</h1> <br />";
funktion_db_list("User");
$html .= "<h1>News</h1> <br />";
funktion_db_list("News");
$html .= "<h1>FAQ</h1> <br />";
funktion_db_list("FAQ");
$html .= "Deaktiviert";
*/
$html .= "<hr>\n";
$html .= funktion_db_element_list_2row("Tshirt-Size aller engel", "SELECT `Size`, COUNT(`Size`) FROM `User` GROUP BY `Size`");
$html .= "<br />\n";
$html .= funktion_db_element_list_2row("Tshirt ausgegeben", "SELECT `Size`, COUNT(`Size`) FROM `User` WHERE `Tshirt`='1' GROUP BY `Size`");
$html .= "<br />\n";
$html .= funktion_db_element_list_2row("Tshirt nicht ausgegeben (Gekommen=1)", "SELECT COUNT(`Size`), `Size` FROM `User` WHERE `Gekommen`='1' and `Tshirt`='0' GROUP BY `Size`");
$html .= "<hr>\n";
$html .= funktion_db_element_list_2row("Hometown", "SELECT COUNT(`Hometown`), `Hometown` FROM `User` GROUP BY `Hometown`");
$html .= "<br />\n";
$html .= funktion_db_element_list_2row("Engeltypen", "SELECT COUNT(`Art`), `Art` FROM `User` GROUP BY `Art`");
$html .= "<hr>\n";
$html .= funktion_db_element_list_2row("Gesamte Arbeit", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID)");
$html .= "<br />\n";
$html .= funktion_db_element_list_2row("Geleisteter Arbeit", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (ShiftEntry.UID!=0)");
$html .= "<hr>\n";
$html .= funktion_db_element_list_2row("Gesamte Arbeit (Ohne Raum aufabau (RID=7)", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (Shifts.RID!=7)");
$html .= "<br />\n";
$html .= funktion_db_element_list_2row("Geleisteter Arbeit (Ohne Raum aufabau (RID=7)", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (ShiftEntry.UID!=0) AND (Shifts.RID!=7)");
return $html;
}
?>

87
includes/pages/admin_news.php
Unescape Escape View File

@ -0,0 +1,87 @@
<?php
function admin_news() {
global $user;
if (!isset ($_GET["action"])) {
header("Location: " . page_link_to("news"));
} else {
$html = "";
switch ($_GET["action"]) {
case 'edit' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing News ID.");
$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
if (count($news) > 0) {
list ($news) = $news;
$html .= '<a href="' . page_link_to("news") . '">&laquo Back</a>';
$html .= "<form action=\"" . page_link_to("admin_news") . "&action=save\" method=\"post\">\n";
$html .= "<table>\n";
$html .= " <tr><td>Datum</td><td>" .
date("Y-m-d H:i", $news['Datum']) . "</td></tr>\n";
$html .= " <tr><td>Betreff</td><td><input type=\"text\" size=\"40\" name=\"eBetreff\" value=\"" .
$news["Betreff"] . "\"></td></tr>\n";
$html .= " <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">" .
$news["Text"] . "</textarea></td></tr>\n";
$html .= " <tr><td>Engel</td><td>" .
UID2Nick($news["UID"]) . "</td></tr>\n";
$html .= " <tr><td>Treffen</td><td>" . html_select_key('eTreffen', array (
'1' => "Ja",
'0' => "Nein"
), $news['Treffen']) . "</td></tr>\n";
$html .= "</table>";
$html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n";
$html .= "<input type=\"submit\" name=\"submit\" value=\"Speichern\">\n";
$html .= "</form>";
$html .= "<form action=\"" . page_link_to("admin_news") . "&action=delete\" method=\"POST\">\n";
$html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n";
$html .= "<input type=\"submit\" name=\"submit\" value=\"Löschen\">\n";
$html .= "</form>";
} else
return error("No News found.");
break;
case 'save' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing News ID.");
$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
if (count($news) > 0) {
list ($news) = $news;
sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) .
"', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1");
header("Location: " . page_link_to("news"));
} else
return error("No News found.");
break;
case 'delete' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing News ID.");
$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
if (count($news) > 0) {
list ($news) = $news;
sql_query("DELETE FROM `news` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("news"));
} else
return error("No News found.");
break;
}
}
return $html;
}
?>

85
includes/pages/admin_questions.php
Unescape Escape View File

@ -0,0 +1,85 @@
<?php
function admin_new_questions() {
global $user, $privileges;
if (in_array("admin_questions", $privileges)) {
$new_messages = sql_num_query("SELECT * FROM `Questions` WHERE `AID`=0");
if ($new_messages > 0)
return '<p class="notice"><a href="' . page_link_to("admin_questions") . '">There are unanswered questions!</a></p><hr />';
}
return "";
}
function admin_questions() {
global $user;
if (!isset ($_REQUEST['action'])) {
$open_questions = "";
$questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0");
foreach ($questions as $question)
$open_questions .= template_render(
'../templates/admin_question_unanswered.html', array (
'question_nick' => UID2Nick($question['UID']),
'question_id' => $question['QID'],
'link' => page_link_to("admin_questions"),
'question' => str_replace("\n", '<br />', $question['Question'])
));
$answered_questions = "";
$questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0");
foreach ($questions as $question)
$answered_questions .= template_render(
'../templates/admin_question_answered.html', array (
'question_id' => $question['QID'],
'question_nick' => UID2Nick($question['UID']),
'question' => str_replace("\n", "<br />", $question['Question']),
'answer_nick' => UID2Nick($question['AID']),
'answer' => str_replace("\n", "<br />", $question['Answer']),
'link' => page_link_to("admin_questions"),
));
return template_render('../templates/admin_questions.html', array (
'link' => page_link_to("admin_questions"),
'open_questions' => $open_questions,
'answered_questions' => $answered_questions
));
} else {
switch ($_REQUEST['action']) {
case 'answer' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing Question ID.");
$question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
if (count($question) > 0 && $question[0]['AID'] == "0") {
$answer = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer'])));
if ($answer != "") {
sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("admin_questions"));
} else
return error("Please enter an answer!");
} else
return error("No question found.");
break;
case 'delete' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing Question ID.");
$question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
if (count($question) > 0) {
sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("admin_questions"));
} else
return error("No question found.");
break;
}
}
}
?>

143
includes/pages/admin_rooms.php
Unescape Escape View File

@ -0,0 +1,143 @@
<?php
function admin_rooms() {
global $user;
$html = "";
$rooms = sql_select("SELECT * FROM `Room` ORDER BY `Number`, `Name`");
if (!isset ($_REQUEST["action"])) {
$html .= "Hallo " . $user['Nick'] .
",<br />\nhier hast du die M&ouml;glichkeit, neue R&auml;ume f&uuml;r die Schichtpl&auml;ne einzutragen " .
"oder vorhandene abzu&auml;ndern:<br /><br />\n";
// Räume auflisten
if (count($rooms) > 0) {
$html .= '<table><thead><tr>';
$html .= "<table width=\"100%\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n";
$html .= "<tr class=\"contenttopic\">\n";
// Tabellenüberschriften generieren
foreach ($rooms[0] as $attr => $tmp)
if ($attr != 'RID')
$html .= '<th>' . $attr . '</th>';
$html .= '<th>&nbsp;</th>';
$html .= '</tr></thead><tbody>';
foreach ($rooms as $i => $room) {
$html .= '<tr>';
foreach ($room as $attr => $value)
if ($attr != 'RID')
$html .= '<td>' . $value . '</td>';
$html .= '<td><a href="' . page_link_to("admin_rooms") . '&action=change&RID=' . $room['RID'] . '">Edit</a></td>';
$html .= '</tr>';
}
$html .= '</tbody></table>';
}
$html .= "<hr /><a href=\"" . page_link_to("admin_rooms") . "&action=new\">Neuen Raum/Ort eintragen</a><br />\n";
} else {
switch ($_REQUEST["action"]) {
case 'new' :
$html .= template_render('../templates/admin_rooms_new_form.html', array (
'link' => page_link_to("admin_rooms")
));
break;
case 'newsave' :
$name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Name']));
$man = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Man']));
$from_pentabarf = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['FromPentabarf']));
$show = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['Show']));
$number = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['Number']));
sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($show) . "', `Number`='" . sql_escape($number) . "'");
header("Location: " . page_link_to("admin_rooms"));
break;
case 'change' :
if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID']))
$rid = $_REQUEST['RID'];
else
return error("Incomplete call, missing Room ID.");
$room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
if (count($room) > 0) {
list ($room) = $room;
$room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `RoomAngelTypes` ON (`AngelTypes`.`TID` = `RoomAngelTypes`.`angel_type_id` AND `RoomAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`Name`");
$angel_types = "";
foreach ($room_angel_types as $room_angel_type) {
if ($room_angel_type['count'] == "")
$room_angel_type['count'] = "0";
$angel_types .= '<tr><td>' . $room_angel_type['Name'] . '</td><td><input type="text" name="angel_type_' . $room_angel_type['TID'] . '" value="' . $room_angel_type['count'] . '" /></td></tr>';
}
$html .= template_render('../templates/admin_rooms_edit_form.html', array (
'link' => page_link_to("admin_rooms"),
'room_id' => $rid,
'name' => $room['Name'],
'man' => $room['Man'],
'number' => $room['Number'],
'from_pentabarf_options' => html_options('FromPentabarf', array (
'Y' => 'Yes',
'N' => 'No'
), $room['FromPentabarf']),
'show_options' => html_options('Show', array (
'Y' => 'Yes',
'N' => 'No'
), $room['show']),
'angel_types' => $angel_types
));
} else
return error("No Room found.");
break;
case 'changesave' :
if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID']))
$rid = $_REQUEST['RID'];
else
return error("Incomplete call, missing Room ID.");
$room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
if (count($room) > 0) {
list ($room) = $room;
$room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `RoomAngelTypes` ON (`AngelTypes`.`TID` = `RoomAngelTypes`.`angel_type_id` AND `RoomAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`Name`");
$name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Name']));
$man = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Man']));
$from_pentabarf = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['FromPentabarf']));
$show = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['Show']));
$number = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['Number']));
sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($show) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
sql_query("DELETE FROM `RoomAngelTypes` WHERE `room_id`=" . sql_escape($rid));
foreach ($room_angel_types as $room_angel_type) {
if (isset ($_REQUEST['angel_type_' . $room_angel_type['TID']]) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['angel_type_' . $room_angel_type['TID']]))
$count = $_REQUEST['angel_type_' . $room_angel_type['TID']];
else
$count = "0";
sql_query("INSERT INTO `RoomAngelTypes` SET `room_id`=" . sql_escape($rid) . ", `angel_type_id`=" . sql_escape($room_angel_type['TID']) . ", `count`=" . sql_escape($count));
}
header("Location: " . page_link_to("admin_rooms"));
} else
return error("No Room found.");
break;
case 'delete' :
if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID']))
$rid = $_REQUEST['RID'];
else
return error("Incomplete call, missing Room ID.");
if (sql_num_query("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1") > 0) {
sql_query("DELETE FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
sql_query("DELETE FROM `RoomAngelTypes` WHERE `room_id`=" . sql_escape($rid) . " LIMIT 1");
header("Location: " . page_link_to("admin_rooms"));
} else
return error("No Room found.");
break;
}
}
return $html;
}
?>

324
includes/pages/admin_user.php
Unescape Escape View File

@ -0,0 +1,324 @@
<?php
function admin_user() {
global $user;
include ("includes/funktion_db_list.php");
$html = "";
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_REQUEST['id'])) > 0) {
$id = $_REQUEST['id'];
if (!isset ($_REQUEST['action'])) {
$html .= "Hallo,<br />" .
"hier kannst du den Eintrag &auml;ndern. Unter dem Punkt 'Gekommen' " .
"wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, " .
"dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. " .
"Wenn T-Shirt ein 'Ja' enth&auml;lt, bedeutet dies, dass der Engel " .
"bereits sein T-Shirt erhalten hat.<br /><br />\n";
$html .= "<form action=\"" . page_link_to("admin_user") . "&action=save&id=$id\" method=\"post\">\n";
$html .= "<table border=\"0\">\n";
$html .= "<input type=\"hidden\" name=\"Type\" value=\"Normal\">\n";
$SQL = "SELECT * FROM `User` WHERE `UID`='" . $id . "'";
$Erg = sql_query($SQL);
$html .= "<tr><td>\n";
$html .= "<table>\n";
$html .= " <tr><td>Nick</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eNick\" value=\"" .
mysql_result($Erg, 0, "Nick") . "\"></td></tr>\n";
$html .= " <tr><td>lastLogIn</td><td>" .
date("Y-m-d H:i", mysql_result($Erg, 0, "lastLogIn")) . "</td></tr>\n";
$html .= " <tr><td>Name</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eName\" value=\"" .
mysql_result($Erg, 0, "Name") . "\"></td></tr>\n";
$html .= " <tr><td>Vorname</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eVorname\" value=\"" .
mysql_result($Erg, 0, "Vorname") . "\"></td></tr>\n";
$html .= " <tr><td>Alter</td><td>" .
"<input type=\"text\" size=\"5\" name=\"eAlter\" value=\"" .
mysql_result($Erg, 0, "Alter") . "\"></td></tr>\n";
$html .= " <tr><td>Telefon</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eTelefon\" value=\"" .
mysql_result($Erg, 0, "Telefon") . "\"></td></tr>\n";
$html .= " <tr><td>Handy</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eHandy\" value=\"" .
mysql_result($Erg, 0, "Handy") . "\"></td></tr>\n";
$html .= " <tr><td>DECT</td><td>" .
"<input type=\"text\" size=\"4\" name=\"eDECT\" value=\"" .
mysql_result($Erg, 0, "DECT") . "\"></td></tr>\n";
$html .= " <tr><td>email</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eemail\" value=\"" .
mysql_result($Erg, 0, "email") . "\"></td></tr>\n";
$html .= " <tr><td>ICQ</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eICQ\" value=\"" .
mysql_result($Erg, 0, "ICQ") . "\"></td></tr>\n";
$html .= " <tr><td>jabber</td><td>" .
"<input type=\"text\" size=\"40\" name=\"ejabber\" value=\"" .
mysql_result($Erg, 0, "jabber") . "\"></td></tr>\n";
$html .= " <tr><td>Size</td><td>" .
html_select_key('size', array (
'S' => "S",
'M' => "M",
'L' => "L",
'XL' => "XL",
'2XL' => "2XL",
'3XL' => "3XL",
'4XL' => "4XL",
'5XL' => "5XL",
'S-G' => "S Girl",
'M-G' => "M Girl",
'L-G' => "L Girl",
'XL-G' => "XL Girl"
), mysql_result($Erg, 0, "Size")) . "</td></tr>\n";
$options = array (
'1' => "Yes",
'0' => "No"
);
// Gekommen?
$html .= " <tr><td>Gekommen</td><td>\n";
$html .= html_options('eGekommen', $options, mysql_result($Erg, 0, "Gekommen")) . "</td></tr>\n";
// Aktiv?
$html .= " <tr><td>Aktiv</td><td>\n";
$html .= html_options('eAktiv', $options, mysql_result($Erg, 0, "Aktiv")) . "</td></tr>\n";
// T-Shirt bekommen?
$html .= " <tr><td>T-Shirt</td><td>\n";
$html .= html_options('eTshirt', $options, mysql_result($Erg, 0, "Tshirt")) . "</td></tr>\n";
$html .= " <tr><td>Hometown</td><td>" .
"<input type=\"text\" size=\"40\" name=\"Hometown\" value=\"" .
mysql_result($Erg, 0, "Hometown") . "\"></td></tr>\n";
$html .= "</table>\n</td><td valign=\"top\">" . displayavatar($id, false) . "</td></tr>";
$html .= "</td></tr>\n";
$html .= "</table>\n<br />\n";
$html .= "<input type=\"submit\" value=\"Speichern\">\n";
$html .= "</form>";
$html .= "<hr />";
$html .= "Hier kannst Du das Passwort dieses Engels neu setzen:<form action=\"" . page_link_to("admin_user") . "&action=change_pw&id=$id\" method=\"post\">\n";
$html .= "<table>\n";
$html .= " <tr><td>Passwort</td><td>" .
"<input type=\"password\" size=\"40\" name=\"new_pw\" value=\"\"></td></tr>\n";
$html .= " <tr><td>Wiederholung</td><td>" .
"<input type=\"password\" size=\"40\" name=\"new_pw2\" value=\"\"></td></tr>\n";
$html .= "</table>";
$html .= "<input type=\"submit\" value=\"Speichern\">\n";
$html .= "</form>";
$html .= "<hr />";
$html .= "Hier kannst Du die Benutzergruppen des Engels festlegen:<form action=\"" . page_link_to("admin_user") . "&action=save_groups&id=" . $id . "\" method=\"post\">\n";
$html .= '<table>';
list ($my_highest_group) = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($user['UID']) . " ORDER BY `uid`");
list ($his_highest_group) = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($id) . " ORDER BY `uid`");
if ($id != $user['UID'] && $my_highest_group <= $his_highest_group) {
$groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group['group_id']) . " ORDER BY `Groups`.`Name`");
foreach ($groups as $group)
$html .= '<tr><td><input type="checkbox" name="groups[]" value="' . $group['UID'] . '"' . ($group['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $group['Name'] . '</td></tr>';
$html .= '</table>';
$html .= "<input type=\"submit\" value=\"Speichern\">\n";
$html .= "</form>";
$html .= "<hr />";
}
$html .= "<form action=\"" . page_link_to("admin_user") . "&action=delete&id=" . $id . "\" method=\"post\">\n";
$html .= "<input type=\"submit\" value=\"Löschen\">\n";
$html .= "</form>";
$html .= "<hr />";
$html .= funktion_db_element_list_2row("Freeloader Shifts", "SELECT `Remove_Time`, `Length`, `Comment` FROM `ShiftFreeloader` WHERE UID=" . $_REQUEST['id']);
} else {
switch ($_REQUEST['action']) {
case 'save_groups' :
if ($id != $user['UID']) {
list ($my_highest_group) = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($user['UID']) . " ORDER BY `uid`");
list ($his_highest_group) = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($id) . " ORDER BY `uid`");
if ($my_highest_group <= $his_highest_group) {
$groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group['group_id']) . " ORDER BY `Groups`.`Name`");
$grouplist = array ();
foreach ($groups as $group)
$grouplist[] = $group['UID'];
if (!is_array($_REQUEST['groups']))
$_REQUEST['groups'] = array ();
sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id));
foreach ($_REQUEST['groups'] as $group)
if (in_array($group, $grouplist))
sql_query("INSERT INTO `UserGroups` SET `uid`=" .
sql_escape($id) . ", `group_id`=" . sql_escape($group));
$html .= success("Benutzergruppen gespeichert.");
} else {
$html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten.");
}
} else {
$html .= error("Du kannst Deine eigenen Rechte nicht bearbeiten.");
}
break;
case 'delete' :
if ($user['UID'] != $id) {
sql_query("DELETE FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id));
sql_query("UPDATE `ShiftEntry` SET `UID`=0, `Comment`=NULL WHERE `UID`=" . sql_escape($id));
$html .= success("Benutzer gelöscht!");
} else {
$html .= error("Du kannst Dich nicht selber löschen!");
}
break;
case 'save' :
$SQL = "UPDATE `User` SET ";
$SQL .= " `Nick` = '" . $_POST["eNick"] . "', `Name` = '" . $_POST["eName"] . "', " .
"`Vorname` = '" . $_POST["eVorname"] . "', " .
"`Telefon` = '" . $_POST["eTelefon"] . "', " .
"`Handy` = '" . $_POST["eHandy"] . "', " .
"`Alter` = '" . $_POST["eAlter"] . "', " .
"`DECT` = '" . $_POST["eDECT"] . "', " .
"`email` = '" . $_POST["eemail"] . "', " .
"`ICQ` = '" . $_POST["eICQ"] . "', " .
"`jabber` = '" . $_POST["ejabber"] . "', " .
"`Size` = '" . $_POST["eSize"] . "', " .
"`Gekommen`= '" . $_POST["eGekommen"] . "', " .
"`Aktiv`= '" . $_POST["eAktiv"] . "', " .
"`Tshirt` = '" . $_POST["eTshirt"] . "', " .
"`Hometown` = '" . $_POST["Hometown"] . "' " .
"WHERE `UID` = '" . $id .
"' LIMIT 1;";
sql_query($SQL);
$html .= success("Änderung wurde gespeichert...\n");
break;
case 'change_pw' :
if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) {
sql_query("UPDATE `User` SET `Passwort`='" . sql_escape(PassCrypt($_REQUEST['new_pw'])) . "' WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
$html .= success("Passwort neu gesetzt.");
} else {
$html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!");
}
break;
}
}
} else {
// Userliste, keine UID uebergeben...
$html .= "<a href=\"" . page_link_to("register") . "\">Neuen Engel eintragen &raquo;</a><br /><br />\n";
if (!isset ($_GET["OrderBy"]))
$_GET["OrderBy"] = "Nick";
$SQL = "SELECT * FROM `User` ORDER BY `" . sql_escape($_GET["OrderBy"]) . "` ASC";
$Erg = sql_query($SQL);
// anzahl zeilen
$Zeilen = mysql_num_rows($Erg);
$html .= "Anzahl Engel: $Zeilen<br /><br />\n";
$html .= '
<table width="100%" class="border" cellpadding="2" cellspacing="1"> <thead>
<tr class="contenttopic">
<th>
<a href="' . page_link_to("admin_user") . '&OrderBy=Nick">Nick</a>
</th>
<th><a href="' . page_link_to("admin_user") . '&OrderBy=Vorname">Vorname</a> <a href="' . page_link_to("admin_user") . '&OrderBy=Name">Name</a></th>
<th><a href="' . page_link_to("admin_user") . '&OrderBy=Alter">Alter</a></th>
<th>
<a href="' . page_link_to("admin_user") . '&OrderBy=email">E-Mail</a>
</th>
<th><a href="' . page_link_to("admin_user") . '&OrderBy=Size">Gr&ouml;&szlig;e</a></th>
<th><a href="' . page_link_to("admin_user") . '&OrderBy=Gekommen">Gekommen</a></th>
<th><a href="' . page_link_to("admin_user") . '&OrderBy=Aktiv">Aktiv</a></th>
<th><a href="' . page_link_to("admin_user") . '&OrderBy=Tshirt">T-Shirt</a></th>
<th><a href="' . page_link_to("admin_user") . '&OrderBy=CreateDate">Registriert</a></th>
<th>&Auml;nd.</th>
</tr></thead>';
$Gekommen = 0;
$Active = 0;
$Tshirt = 0;
for ($n = 0; $n < $Zeilen; $n++) {
$title = "";
$user_groups = sql_select("SELECT * FROM `UserGroups` JOIN `Groups` ON (`Groups`.`UID` = `UserGroups`.`group_id`) WHERE `UserGroups`.`uid`=" . sql_escape(mysql_result($Erg, $n, "UID")) . " ORDER BY `Groups`.`Name`");
$groups = array ();
foreach ($user_groups as $user_group) {
$groups[] = $user_group['Name'];
}
$title .= 'Groups: ' . join(", ", $groups) . "<br />";
if (strlen(mysql_result($Erg, $n, "Telefon")) > 0)
$title .= "Tel: " . mysql_result($Erg, $n, "Telefon") . "<br />";
if (strlen(mysql_result($Erg, $n, "Handy")) > 0)
$title .= "Handy: " . mysql_result($Erg, $n, "Handy") . "<br />";
if (strlen(mysql_result($Erg, $n, "DECT")) > 0)
$title .= "DECT: <a href=\"./dect.php?custum=" . mysql_result($Erg, $n, "DECT") . "\">" .
mysql_result($Erg, $n, "DECT") . "</a><br />";
if (strlen(mysql_result($Erg, $n, "Hometown")) > 0)
$title .= "Hometown: " . mysql_result($Erg, $n, "Hometown") . "<br />";
if (strlen(mysql_result($Erg, $n, "lastLogIn")) > 0)
$title .= "Last login: " . date("Y-m-d H:i", mysql_result($Erg, $n, "lastLogIn")) . "<br />";
if (strlen(mysql_result($Erg, $n, "Art")) > 0)
$title .= "Type: " . mysql_result($Erg, $n, "Art") . "<br />";
if (strlen(mysql_result($Erg, $n, "ICQ")) > 0)
$title .= "ICQ: " . mysql_result($Erg, $n, "ICQ") . "<br />";
if (strlen(mysql_result($Erg, $n, "jabber")) > 0)
$title .= "jabber: " . mysql_result($Erg, $n, "jabber") . "<br />";
$html .= "<tr class=\"content\">\n";
$html .= "\t<td>" . mysql_result($Erg, $n, "Nick") . "</td>\n";
$html .= "\t<td>" . mysql_result($Erg, $n, "Vorname") . " " . mysql_result($Erg, $n, "Name") . "</td>\n";
$html .= "\t<td>" . mysql_result($Erg, $n, "Alter") . "</td>\n";
$html .= "\t<td>";
if (strlen(mysql_result($Erg, $n, "email")) > 0)
$html .= "<a href=\"mailto:" . mysql_result($Erg, $n, "email") . "\">" .
mysql_result($Erg, $n, "email") . "</a>";
$html .= '<div class="hidden">' . $title . '</div>';
$html .= "</td>\n";
$html .= "\t<td>" . mysql_result($Erg, $n, "Size") . "</td>\n";
$Gekommen += mysql_result($Erg, $n, "Gekommen");
$html .= "\t<td>" . mysql_result($Erg, $n, "Gekommen") . "</td>\n";
$Active += mysql_result($Erg, $n, "Aktiv");
$html .= "\t<td>" . mysql_result($Erg, $n, "Aktiv") . "</td>\n";
$Tshirt += mysql_result($Erg, $n, "Tshirt");
$html .= "\t<td>" . mysql_result($Erg, $n, "Tshirt") . "</td>\n";
$html .= "<td>" . mysql_result($Erg, $n, "CreateDate") . "</td>";
$html .= "\t<td>" . '<a href="' . page_link_to("admin_user") . '&id=' . mysql_result($Erg, $n, "UID") . '">Edit</a>' .
"</td>\n";
$html .= "</tr>\n";
}
$html .= "<tr>" .
"<td></td><td></td><td></td><td></td><td></td>" .
"<td>$Gekommen</td><td>$Active</td><td>$Tshirt</td><td></td><td></td></tr>\n";
$html .= "\t</table>\n";
// Ende Userliste
$html .= "<hr /><h2>Statistics</h2>";
$html .= funktion_db_element_list_2row("Hometown", "SELECT COUNT(`Hometown`), `Hometown` FROM `User` GROUP BY `Hometown`");
$html .= "<br />\n";
$html .= funktion_db_element_list_2row("Engeltypen", "SELECT COUNT(`Art`), `Art` FROM `User` GROUP BY `Art`");
$html .= "<br />\n";
$html .= funktion_db_element_list_2row("Used Groups", "SELECT Groups.Name AS 'GroupName', COUNT(Groups.Name) AS Count FROM `UserGroups` " .
"LEFT JOIN `Groups` ON Groups.UID = UserGroups.group_id " .
"WHERE (UserGroups.group_id!='NULL') " .
"GROUP BY `GroupName` " .
"");
}
return $html;
}
?>

5
includes/pages/guest_credits.php
Unescape Escape View File

@ -0,0 +1,5 @@
<?php
function guest_credits() {
return template_render('../templates/guest_credits.html', array ());
}
?>

24
includes/pages/guest_faq.php
Unescape Escape View File

@ -0,0 +1,24 @@
<?php
function guest_faq() {
$html = "";
$faqs = sql_select("SELECT * FROM `FAQ`");
foreach ($faqs as $faq) {
$html .= "<dl>";
if ($_SESSION['Sprache'] == "DE") {
$html .= sprintf(
'<dt>%s</dt> <dd>%s</dd>',
$faq['Frage_de'],
$faq['Antwort_de']
);
} else {
$html .= sprintf(
'<dt>%s</dt> <dd>%s</dd>',
$faq['Frage_en'],
$faq['Antwort_en']
);
}
$html .= "</dl>";
}
return $html;
}
?>

269
includes/pages/guest_login.php
Unescape Escape View File

@ -0,0 +1,269 @@
<?php
// Engel registrieren
function guest_register() {
$html = "";
$success = "none";
if (isset ($_POST["send"])) {
$eNick = trim($_POST["Nick"]);
if ($_POST["Alter"] == "")
$_POST["Alter"] = 23;
// user vorhanden?
$Ergans = sql_select("SELECT UID FROM `User` WHERE `Nick`='" . sql_escape($_POST["Nick"]) . "'");
if (strlen($_POST["Nick"]) < 2)
$error = Get_Text("makeuser_error_nick1")
. $_POST["Nick"] . Get_Text("makeuser_error_nick2");
elseif (count($Ergans) > 0)
$error = Get_Text("makeuser_error_nick1")
. $_POST["Nick"] . Get_Text("makeuser_error_nick3");
elseif (strlen($_POST["email"]) <= 6 && strstr($_POST["email"], "@") == FALSE && strstr($_POST["email"], ".") == false)
$error = Get_Text("makeuser_error_mail");
elseif (!is_numeric($_POST["Alter"]))
$error = Get_Text("makeuser_error_Alter");
elseif ($_POST["Passwort"] != $_POST["Passwort2"])
$error = Get_Text("makeuser_error_password1");
elseif (strlen($_POST["Passwort"]) < 6)
$error = Get_Text("makeuser_error_password2");
else {
$_POST["Passwort"] = PassCrypt($_POST["Passwort"]);
unset ($_POST["Passwort2"]);
$Erg = sql_query("INSERT INTO `User` (" .
"`Nick` , " . "`Name` , " .
"`Vorname`, " . "`Alter` , " .
"`Telefon`, " . "`DECT`, " .
"`Handy`, " . "`email`, " .
"`ICQ`, " . "`jabber`, " .
"`Size`, " . "`Passwort`, " .
"`Art` , " . "`kommentar`, " .
"`Hometown`," . "`CreateDate`, `Sprache` ) " .
"VALUES ( '"
. sql_escape($_POST["Nick"]) . "', " . "'"
. sql_escape($_POST["Name"]) . "', " . "'"
. sql_escape($_POST["Vorname"]) . "', " . "'"
. sql_escape($_POST["Alter"]) . "', " . "'"
. sql_escape($_POST["Telefon"]) . "', " . "'"
. sql_escape($_POST["DECT"]) . "', " . "'"
. sql_escape($_POST["Handy"]) . "', " . "'"
. sql_escape($_POST["email"]) . "', " . "'"
. sql_escape($_POST["ICQ"]) . "', " . "'"
. sql_escape($_POST["jabber"]) . "', " . "'"
. sql_escape($_POST["Size"]) . "', " . "'"
. sql_escape($_POST["Passwort"]) . "', " . "'"
. sql_escape($_POST["Art"]) . "', " . "'"
. sql_escape($_POST["kommentar"]) . "', " . "'"
. sql_escape($_POST["Hometown"]) . "',"
. "NOW(), '"
. sql_escape($_SESSION["Sprache"])
. "')"
);
if ($Erg != 1) {
$html .= Get_Text("makeuser_error_write1") . "<br />\n";
$error = sql_error();
} else {
$html .= "<p class=\"success\">" . Get_Text("makeuser_writeOK") . "\n";
$Erg3 = mysql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape(sql_id()) . ", `group_id`=-2");
if ($Erg3 != 1) {
$html .= "<h1>" . Get_Text("makeuser_error_write2") . "<br />\n";
$error = sql_error();
} else {
$html .= Get_Text("makeuser_writeOK2") . "<br />\n";
$html .= "<h1>" . Get_Text("makeuser_writeOK3") . "</h1>\n";
}
$html .= Get_Text("makeuser_writeOK4") . "</p><p></p>\n<br /><br />\n";
$success = "any";
if (isset ($SubscribeMailinglist)) {
if ($_POST["subscribe-mailinglist"] == "") {
$headers = "From: " . $_POST["email"] . "\r\n" .
"X-Mailer: PHP/" . phpversion();
mail($SubscribeMailinglist, "subject", "message", $headers);
}
}
}
}
if (isset ($error))
$html .= error($error);
} else {
// init vars
$_POST["Nick"] = "";
$_POST["Name"] = "";
$_POST["Vorname"] = "";
$_POST["Alter"] = "";
$_POST["Telefon"] = "";
$_POST["DECT"] = "";
$_POST["Handy"] = "";
$_POST["email"] = "";
$_POST["subscribe-mailinglist"] = "";
$_POST["ICQ"] = "";
$_POST["jabber"] = "";
$_POST["Size"] = "L";
$_POST["Art"] = "";
$_POST["kommentar"] = "";
$_POST["Hometown"] = "";
}
if ($success == "none") {
$html .= "<h1>" . Get_Text("makeuser_text0") . "</h1>\n";
$html .= "<h2>" . Get_Text("makeuser_text1") . "</h2>\n";
$html .= "<form action=\"\" method=\"post\">\n";
$html .= "<table>\n";
$html .= "<tr><td>" . Get_Text("makeuser_Nickname") . "*</td><td><input type=\"text\" size=\"40\" name=\"Nick\" value=\"" . $_POST["Nick"] . "\" /></td></tr>\n";
$html .= "<tr><td>" . Get_Text("makeuser_Nachname") . "</td><td><input type=\"text\" size=\"40\" name=\"Name\" value=\"" . $_POST["Name"] . "\" /></td></tr>\n";
$html .= "<tr><td>" . Get_Text("makeuser_Vorname") . "</td><td><input type=\"text\" size=\"40\" name=\"Vorname\" value=\"" . $_POST["Vorname"] . "\" /></td></tr>\n";
$html .= "<tr><td>" . Get_Text("makeuser_Alter") . "</td><td><input type=\"text\" size=\"40\" name=\"Alter\" value=\"" . $_POST["Alter"] . "\"></td></tr>\n";
$html .= "<tr><td>" . Get_Text("makeuser_Telefon") . "</td><td><input type=\"text\" size=\"40\" name=\"Telefon\" value=\"" . $_POST["Telefon"] . "\"></td></tr>\n";
$html .= "<tr><td>" . Get_Text("makeuser_DECT") . "</td><td><input type=\"text\" size=\"40\" name=\"DECT\" value=\"" . $_POST["DECT"] . "\"></td><td>\n";
$html .= "<!--a href=\"https://21c3.ccc.de/wiki/index.php/POC\"><img src=\"./pic/external.png\" alt=\"external: \">DECT</a--></td></tr>\n";
$html .= "<tr><td>" . Get_Text("makeuser_Handy") . "</td><td><input type=\"text\" size=\"40\" name=\"Handy\" value=\"" . $_POST["Handy"] . "\"></td></tr>\n";
$html .= "<tr><td>" . Get_Text("makeuser_E-Mail") . "*</td><td><input type=\"text\" size=\"40\" name=\"email\" value=\"" . $_POST["email"] . "\"></td></tr>\n";
if (isset ($SubscribeMailinglist))
$html .= "<tr><td>" . Get_Text("makeuser_subscribe-mailinglist") . "</td><td><input type=\"checkbox\" name=\"subscribe-mailinglist\" value=\"" . $_POST["subscribe-mailinglist"] . "\">($SubscribeMailinglist)</td></tr>\n";
$html .= "<tr><td>ICQ</td><td><input type=\"text\" size=\"40\" name=\"ICQ\" value=\"" . $_POST["ICQ"] . "\"></td></tr>\n";
$html .= "<tr><td>jabber</td><td><input type=\"text\" size=\"40\" name=\"jabber\" value=\"" . $_POST["jabber"] . "\"></td></tr>\n";
$html .= "<tr><td>" . Get_Text("makeuser_T-Shirt") . " Gr&ouml;sse*</td><td align=\"left\">\n";
$html .= "<select name=\"Size\">\n";
$html .= "<option value=\"S\"";
if ($_POST["Size"] == "S")
$html .= " selected";
$html .= ">S</option>\n";
$html .= "<option value=\"M\"";
if ($_POST["Size"] == "M")
$html .= " selected";
$html .= ">M</option>\n";
$html .= "<option value=\"L\"";
if ($_POST["Size"] == "L")
$html .= " selected";
$html .= ">L</option>\n";
$html .= "<option value=\"XL\"";
if ($_POST["Size"] == "XL")
$html .= " selected";
$html .= ">XL</option>\n";
$html .= "<option value=\"2XL\"";
if ($_POST["Size"] == "2XL")
$html .= " selected";
$html .= ">2XL</option>\n";
$html .= "<option value=\"3XL\"";
if ($_POST["Size"] == "3XL")
$html .= " selected";
$html .= ">3XL</option>\n";
$html .= "<option value=\"4XL\"";
if ($_POST["Size"] == "4XL")
$html .= " selected";
$html .= ">4XL</option>\n";
$html .= "<option value=\"5XL\"";
if ($_POST["Size"] == "5XL")
$html .= " selected";
$html .= ">5XL</option>\n";
$html .= "<option value=\"S-G\"";
if ($_POST["Size"] == "S-G")
$html .= " selected";
$html .= ">S Girl</option>\n";
$html .= "<option value=\"M-G\"";
if ($_POST["Size"] == "M-G")
$html .= " selected";
$html .= ">M Girl</option>\n";
$html .= "<option value=\"L-G\"";
if ($_POST["Size"] == "L-G")
$html .= " selected";
$html .= ">L Girl</option>\n";
$html .= "<option value=\"XL-G\"";
if ($_POST["Size"] == "XL-G")
$html .= " selected";
$html .= ">XL Girl</option>\n";
$html .= "</select>\n";
$html .= "</td></tr>\n";
$html .= "<tr><td>" . Get_Text("makeuser_Engelart") . "</td><td align=\"left\">\n";
$html .= "<select name=\"Art\">\n";
$engel_types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `NAME`");
foreach ($engel_types as $engel_type) {
$Name = $engel_type['Name'] . Get_Text("inc_schicht_engel");
$html .= "<option value=\"" . $Name . "\"";
if ($_POST["Art"] == $Name)
$html .= " selected";
$html .= ">$Name</option>\n";
}
$html .= "</select>\n";
$html .= "</td>\n";
$html .= "</tr>\n";
$html .= "<tr>\n";
$html .= "<td>" . Get_Text("makeuser_text2") . "</td>\n";
$html .= "<td><textarea rows=\"5\" cols=\"40\" name=\"kommentar\">" . $_POST["kommentar"] . "</textarea></td>\n";
$html .= "</tr>\n";
$html .= "<tr><td>" . Get_Text("makeuser_Hometown") . "</td><td><input type=\"text\" size=\"40\" name=\"Hometown\" value=\"" . $_POST["Hometown"] . "\"></td></tr>\n";
$html .= "<tr><td>" . Get_Text("makeuser_Passwort") . "*</td><td><input type=\"password\" size=\"40\" name=\"Passwort\"/></td></tr>\n";
$html .= "<tr><td>" . Get_Text("makeuser_Passwort2") . "*</td><td><input type=\"password\" size=\"40\" name=\"Passwort2\"/></td></tr>\n";
$html .= "<tr><td>&nbsp;</td><td><input type=\"submit\" name=\"send\" value=\"" . Get_Text("makeuser_Anmelden") . "\"/></td></tr>\n";
$html .= "</table>\n";
$html .= "</form>\n";
$html .= Get_Text("makeuser_text3");
}
return $html;
}
function guest_logout() {
unset ($_SESSION['uid']);
header("Location: " . page_link_to("start"));
}
function guest_login() {
global $user;
unset ($_SESSION['uid']);
$html = "";
if (isset ($_REQUEST['login_submit'])) {
$login_user = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($_REQUEST["user"]) . "'");
if (count($login_user) == 1) { // Check, ob User angemeldet wird...
$login_user = $login_user[0];
if ($login_user["Passwort"] == PassCrypt($_REQUEST["password"])) { // Passwort ok...
$_SESSION['uid'] = $login_user['UID'];
$_SESSION['Sprache'] = $login_user['Sprache'];
header("Location: " . page_link_to("news"));
} else { // Passwort nicht ok...
$ErrorText = "pub_index_pass_no_ok";
} // Ende Passwort-Check
} else { // Anzahl der User in User-Tabelle <> 1 --> keine Anmeldung
if ($user_anz == 0)
$ErrorText = "pub_index_User_unset";
else
$ErrorText = "pub_index_User_more_as_one";
} // Ende Check, ob User angemeldet wurde}
}
if (isset ($ErrorText))
$html .= error(Get_Text($ErrorText));
$html .= guest_login_form();
return $html;
}
function guest_login_form() {
return template_render("../templates/guest_login_form.html", array (
'link' => page_link_to("login"),
'nick' => Get_Text("index_lang_nick"),
'pass' => Get_Text("index_lang_pass"),
'send' => Get_Text("index_lang_send")
));
}
?>

13
includes/pages/guest_start.php
Unescape Escape View File

@ -0,0 +1,13 @@
<?php
function guest_start() {
require_once ('includes/pages/guest_login.php');
$html = "<p>" . Get_Text("index_text1") . "</p>\n";
$html .= "<p>" . Get_Text("index_text2") . "</p>\n";
$html .= "<p>" . Get_Text("index_text3") . "</p>\n";
$html .= guest_login_form();
$html .= "<h6>" . Get_Text("index_text4") . "</h6>";
return $html;
}
?>

239
includes/pages/user_messages.php
Unescape Escape View File

@ -0,0 +1,239 @@
<?php
function user_unread_messages() {
global $user, $privileges;
if (in_array("user_messages", $privileges)) {
$new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`=" . sql_escape($user['UID']));
if ($new_messages > 0)
return sprintf(
'<p class="notice"><a href="%s">%s %s %s</a></p><hr />',
page_link_to("user_messages"),
Get_Text("pub_messages_new1"),
$new_messages,
Get_Text("pub_messages_new2")
);
}
return "";
}
function user_messages() {
global $user;
if (!isset ($_REQUEST['action'])) {
$users = sql_select("SELECT * FROM `User` WHERE NOT `UID`="
. sql_escape($user['UID']) . " ORDER BY `Nick`");
$to_select_data = array (
"" => "Select receiver..."
);
foreach ($users as $u)
$to_select_data[$u['UID']] = $u['Nick'];
$to_select = html_select_key('to', $to_select_data, '');
$messages_html = "";
$messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`="
. sql_escape($user['UID'])
. " OR `RUID`=" . sql_escape($user['UID'])
. " ORDER BY `isRead`,`Datum` DESC"
);
foreach ($messages as $message) {
$messages_html .= sprintf(
'<tr %s> <td>%s</td> <td>%s</td> <td>%s</td> <td>%s</td>'
.'<td>%s</td>',
($message['isRead'] == 'N' ? ' class="new_message"' : ''),
($message['isRead'] == 'N' ? '•' : ''),
date("Y-m-d H:i", $message['Datum']),
UID2Nick($message['SUID']),
UID2Nick($message['RUID']),
str_replace("\n", '<br />', $message['Text'])
);
$messages_html .= '<td>';
if ($message['RUID'] == $user['UID']) {
if ($message['isRead'] == 'N')
$messages_html .= '<a href="' . page_link_to("user_messages") . '&action=read&id=' . $message['id'] . '">' . Get_Text("pub_messages_MarkRead") . '</a>';
} else {
$messages_html .= '<a href="' . page_link_to("user_messages") . '&action=delete&id=' . $message['id'] . '">' . Get_Text("pub_messages_DelMsg") . '</a>';
}
$messages_html .= '</td></tr>';
}
return template_render('../templates/user_messages.html', array (
'link' => page_link_to("user_messages"),
'greeting' => Get_Text("Hello") . $user['Nick'] . ", <br />\n"
. Get_Text("pub_messages_text1") . "<br /><br />\n",
'messages' => $messages_html,
'new_label' => Get_Text("pub_messages_Neu"),
'date_label' => Get_Text("pub_messages_Datum"),
'from_label' => Get_Text("pub_messages_Von"),
'to_label' => Get_Text("pub_messages_An"),
'text_label' => Get_Text("pub_messages_Text"),
'date' => date("Y-m-d H:i"),
'from' => $user['Nick'],
'to_select' => $to_select,
'submit_label' => Get_Text("save")
));
} else {
switch ($_REQUEST['action']) {
case "read" :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing Message ID.");
$message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) {
sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("user_messages"));
} else
return error("No Message found.");
break;
case "delete" :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing Message ID.");
$message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) {
sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("user_messages"));
} else
return error("No Message found.");
break;
case "send" :
$text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
$to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['to']));
if ($text != "" && is_numeric($to) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) {
sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'");
header("Location: " . page_link_to("user_messages"));
} else {
return error(Get_Text("pub_messages_Send_Error"));
}
break;
}
return "";
}
if (!isset ($_GET["action"]))
$_GET["action"] = "start";
switch ($_GET["action"]) {
case "start" :
echo Get_Text("Hello") . $_SESSION['Nick'] . ", <br />\n";
echo Get_Text("pub_messages_text1") . "<br /><br />\n";
//show exist Messages
$SQL = "SELECT * FROM `Messages` WHERE `SUID`='" . $_SESSION["UID"] . "' OR `RUID`='" . $_SESSION["UID"] . "'";
$erg = mysql_query($SQL, $con);
echo "<table border=\"0\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n";
echo "<tr>\n";
echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Datum") . "</b></td>\n";
echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Von") . "</b></td>\n";
echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_An") . "</b></td>\n";
echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Text") . "</b></td>\n";
echo "<td class=\"contenttopic\"></td>\n";
echo "</tr>\n";
for ($i = 0; $i < mysql_num_rows($erg); $i++) {
echo "<tr class=\"content\">\n";
echo "<td>" . mysql_result($erg, $i, "Datum") . "</td>\n";
echo "<td>" . UID2Nick(mysql_result($erg, $i, "SUID")) . "</td>\n";
echo "<td>" . UID2Nick(mysql_result($erg, $i, "RUID")) . "</td>\n";
echo "<td>" . mysql_result($erg, $i, "Text") . "</td>\n";
echo "<td>";
if (mysql_result($erg, $i, "RUID") == $_SESSION["UID"]) {
echo "<a href=\"?action=DelMsg&Datum=" . mysql_result($erg, $i, "Datum") . "\">" . Get_Text("pub_messages_DelMsg") . "</a>";
if (mysql_result($erg, $i, "isRead") == "N")
echo "<a href=\"?action=MarkRead&Datum=" . mysql_result($erg, $i, "Datum") . "\">" . Get_Text("pub_messages_MarkRead") . "</a>";
} else {
if (mysql_result($erg, $i, "isRead") == "N")
echo Get_Text("pub_messages_NotRead");
}
echo "</td>\n";
echo "</tr>\n";
}
// send Messeges
echo "<form action=\"" . $_SERVER['SCRIPT_NAME'] . "?action=SendMsg\" method=\"POST\">";
echo "<tr class=\"content\">\n";
echo "<td></td>\n";
echo "<td></td>\n";
// Listet alle Nicks auf
echo "<td><select name=\"RUID\">\n";
$usql = "SELECT * FROM `User` WHERE (`UID`!='" . $_SESSION["UID"] . "') ORDER BY `Nick`";
$uErg = mysql_query($usql, $con);
$urowcount = mysql_num_rows($uErg);
for ($k = 0; $k < $urowcount; $k++) {
echo "<option value=\"" . mysql_result($uErg, $k, "UID") . "\">" . mysql_result($uErg, $k, "Nick") . "</option>\n";
}
echo "</select></td>\n";
echo "<td><textarea name=\"Text\" cols=\"30\" rows=\"10\"></textarea></td>\n";
echo "<td><input type=\"submit\" value=\"" . Get_Text("save") . "\"></td>\n";
echo "</tr>\n";
echo "</form>";
echo "</table>\n";
break;
case "SendMsg" :
echo Get_Text("pub_messages_Send1") . "...<br />\n";
$SQL = "INSERT INTO `Messages` ( `Datum` , `SUID` , `RUID` , `Text` ) VALUES (" .
"'" . gmdate("Y-m-j H:i:s", time()) . "', " .
"'" . $_SESSION["UID"] . "', " .
"'" . $_POST["RUID"] . "', " .
"'" . $_POST["Text"] . "');";
$Erg = mysql_query($SQL, $con);
if ($Erg == 1)
echo Get_Text("pub_messages_Send_OK") . "\n";
else
echo Get_Text("pub_messages_Send_Error") . "...\n(" . mysql_error($con) . ")";
break;
case "MarkRead" :
$SQL = "UPDATE `Messages` SET `isRead` = 'Y' " .
"WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID`='" . $_SESSION["UID"] . "' " .
"LIMIT 1 ;";
$Erg = mysql_query($SQL, $con);
if ($Erg == 1)
echo Get_Text("pub_messages_MarkRead_OK") . "\n";
else
echo Get_Text("pub_messages_MarkRead_KO") . "...\n(" . mysql_error($con) . ")";
break;
case "DelMsg" :
$SQL = "DELETE FROM `Messages` " .
"WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID` ='" . $_SESSION["UID"] . "' " .
"LIMIT 1;";
$Erg = mysql_query($SQL, $con);
if ($Erg == 1)
echo Get_Text("pub_messages_DelMsg_OK") . "\n";
else
echo Get_Text("pub_messages_DelMsg_KO") . "...\n(" . mysql_error($con) . ")";
break;
default :
echo Get_Text("pub_messages_NoCommand");
}
}
?>

168
includes/pages/user_news.php
Unescape Escape View File

@ -0,0 +1,168 @@
<?php
function user_meetings() {
global $DISPLAY_NEWS, $privileges, $user;
$html = "";
if (isset ($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page']))
$page = $_REQUEST['page'];
else
$page = 0;
$news = sql_select("SELECT * FROM `News` WHERE `Treffen`=1 ORDER BY `ID` DESC LIMIT " . ($page * $DISPLAY_NEWS) . ", " . $DISPLAY_NEWS);
foreach ($news as $entry)
$html .= display_news($entry);
$html .= "<div class=\"pagination\">\n\n";
$dis_rows = ceil(sql_num_query("SELECT * FROM `News` WHERE `Treffen`=1") / $DISPLAY_NEWS);
$html .= Get_Text(5);
for ($i = 0; $i < $dis_rows; $i++) {
if ($i == $_REQUEST['page'])
$html .= ($i +1) . "&nbsp; ";
else
$html .= '<a href="' . page_link_to("news") . '&page=' . $i . '">' . ($i +1) . '</a>&nbsp; ';
}
$html .= '</div>';
return $html;
}
function display_news($news) {
global $privileges, $p;
$html .= "";
$html .= '<article class="news' . ($news['Treffen'] == 1 ? ' meeting' : '') . '">';
$html .= '<details>';
$html .= date("Y-m-d H:i", $news['Datum']) . ', ';
$html .= UID2Nick($news['UID']);
if ($p != "news_comments")
$html .= ', <a href="' . page_link_to("news_comments") . '&nid=' . $news['ID'] . '">Kommentare (' . sql_num_query("SELECT * FROM `news_comments` WHERE `Refid`='" . sql_escape($news['ID']) . "'") . ') &raquo;</a>';
$html .= '</details>';
$html .= '<h3>' . ($news['Treffen'] == 1 ? '[Meeting] ' : '') . ReplaceSmilies($news['Betreff']) . '</h3>';
$html .= '<p>' . ReplaceSmilies(nl2br($news['Text'])) . '</p>';
if (in_array("admin_news", $privileges))
$html .= "<details><a href=\"" . page_link_to("admin_news") . "&action=edit&id=" . $news['ID'] . "\">Edit</a></details>\n";
$html .= '</article>';
return $html;
}
function user_news_comments() {
global $user;
$html = "";
if (isset ($_REQUEST["nid"]) && preg_match("/^[0-9]{1,}$/", $_REQUEST['nid']) && sql_num_query("SELECT * FROM `News` WHERE `ID`=" . sql_escape($_REQUEST['nid']) . " LIMIT 1") > 0) {
$nid = $_REQUEST["nid"];
list ($news) = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($_REQUEST['nid']) . " LIMIT 1");
if (isset ($_REQUEST["text"])) {
$text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
sql_query("INSERT INTO `news_comments` (`Refid`, `Datum`, `Text`, `UID`) VALUES ('" . sql_escape($nid) . "', '" . date("Y-m-d H:i:s") . "', '" . sql_escape($text) . "', '" . sql_escape($user["UID"]) . "')");
$html .= success("Eintrag wurde gespeichert");
}
$html .= '<a href="' . page_link_to("news") . '">&laquo; Back</a>';
$html .= display_news($news);
$html .= '<h2>Kommentare</h2>';
$comments = sql_select("SELECT * FROM `news_comments` WHERE `Refid`='" . $nid . "' ORDER BY 'ID'");
foreach ($comments as $comment) {
$html .= '<article class="news_comment">';
$html .= DisplayAvatar($comment['UID']);
$html .= '<details>';
$html .= $comment['Datum'] . ', ';
$html .= UID2Nick($comment['UID']);
$html .= '</details>';
$html .= '<p>' . nl2br($comment['Text']) . '</p>';
$html .= '</article>';
}
$html .= "</table>";
$html .= '
<br />
<hr>
<h2>Neuer Kommentar:</h2>
<a name="Neu">&nbsp;</a>
<form action="' . page_link_to("news_comments") . '" method="post">
<input type="hidden" name="nid" value="' . $_REQUEST["nid"] . '">
<table>
<tr>
<td align="right" valign="top">Text:</td>
<td><textarea name="text" cols="50" rows="10"></textarea></td>
</tr>
</table>
<br />
<input type="submit" value="sichern...">
</form>';
} else {
$html .= "Fehlerhafter Aufruf!";
}
return $html;
}
function user_news() {
global $DISPLAY_NEWS, $privileges, $user;
$html = "";
if (isset ($_POST["text"]) && isset ($_POST["betreff"])) {
if (!isset ($_POST["treffen"]) || !in_array("admin_news", $privileges))
$_POST["treffen"] = 0;
sql_query("INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) " .
"VALUES ('" . sql_escape(time()) . "', '" . sql_escape($_POST["betreff"]) . "', '" . sql_escape($_POST["text"]) . "', '" . sql_escape($user['UID']) .
"', '" . sql_escape($_POST["treffen"]) . "');");
$html .= success(Get_Text(4));
}
if (isset ($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page']))
$page = $_REQUEST['page'];
else
$page = 0;
$news = sql_select("SELECT * FROM `News` ORDER BY `ID` DESC LIMIT " . ($page * $DISPLAY_NEWS) . ", " . $DISPLAY_NEWS);
foreach ($news as $entry)
$html .= display_news($entry);
$html .= "<div class=\"pagination\">\n\n";
$dis_rows = ceil(sql_num_query("SELECT * FROM `News`") / $DISPLAY_NEWS);
$html .= Get_Text(5);
for ($i = 0; $i < $dis_rows; $i++) {
if ($i == $_REQUEST['page'])
$html .= ($i +1) . "&nbsp; ";
else
$html .= '<a href="' . page_link_to("news") . '&page=' . $i . '">' . ($i +1) . '</a>&nbsp; ';
}
$html .= '</div>
<br /><hr />
<h2>' . Get_Text(6) . '</h2>
<a name="Neu">&nbsp;</a>
<form action="" method="post">
<table>
<tr>
<td align="right">' . Get_Text(7) . '</td>
<td><input type="text" name="betreff" size="60"></td>
</tr>
<tr>
<td align="right">' . Get_Text(8) . '</td>
<td><textarea name="text" cols="50" rows="10"></textarea></td>
</tr>';
if (in_array('admin_news', $privileges)) {
$html .= ' <tr>
<td align="right">' . Get_Text(9) . '</td>
<td><input type="checkbox" name="treffen" size="1" value="1"></td>
</tr>';
}
$html .= '</table>
<br />
<input type="submit" value="' . Get_Text("save") . '">
</form>';
return $html;
}
?>

50
includes/pages/user_questions.php
Unescape Escape View File

@ -0,0 +1,50 @@
<?php
function user_questions() {
global $user;
if (!isset ($_REQUEST['action'])) {
$open_questions = "";
$questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0 AND `UID`=" . sql_escape($user['UID']));
foreach ($questions as $question)
$open_questions .= '<tr><td>' . str_replace("\n", '<br />', $question['Question']) . '</td><td><a href="' . page_link_to("user_questions") . '&action=delete&id=' . $question['QID'] . '">Delete</a></td><tr>';
$answered_questions = "";
$questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0 AND `UID`=" . sql_escape($user['UID']));
foreach ($questions as $question) {
$answered_questions .= '<tr><td>' . str_replace("\n", '<br />', $question['Question']) . '</td>';
$answered_questions .= '<td>' . UID2Nick($question['AID']) . '</td><td>' . str_replace("\n", '<br />', $question['Answer']) . '</td>';
$answered_questions .= '<td><a href="' . page_link_to("user_questions") . '&action=delete&id=' . $question['QID'] . '">Delete</a></td><tr>';
}
return template_render('../templates/user_questions.html', array (
'link' => page_link_to("user_questions"),
'open_questions' => $open_questions,
'answered_questions' => $answered_questions
));
} else {
switch ($_REQUEST['action']) {
case 'ask' :
$question = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['question'])));
if ($question != "") {
sql_query("INSERT INTO `Questions` SET `UID`=" . sql_escape($user['UID']) . ", `Question`='" . sql_escape($question) . "'");
header("Location: " . page_link_to("user_questions"));
} else
return error("Please enter a question!");
break;
case 'delete' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing Question ID.");
$question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
if (count($question) > 0 && $question[0]['UID'] == $user['UID']) {
sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("user_questions"));
} else
return error("No question found.");
break;
}
}
}
?>

252
includes/pages/user_settings.php
Unescape Escape View File

@ -0,0 +1,252 @@
<?php
function user_settings() {
global $user;
if (!isset ($_REQUEST['action'])) {
$tshirt_html = template_render('../templates/user_settings_tshirt.html', array (
'label_size' => Get_Text("makeuser_T-Shirt"),
'size_select' => ($user['Tshirt'] == 0) ? html_select_key('size', array (
'S' => "S",
'M' => "M",
'L' => "L",
'XL' => "XL",
'2XL' => "2XL",
'3XL' => "3XL",
'4XL' => "4XL",
'5XL' => "5XL",
'S-G' => "S Girl",
'M-G' => "M Girl",
'L-G' => "L Girl",
'XL-G' => "XL Girl"
), $user['Size']) : $user['Size']
));
return template_render('../templates/user_settings.html', array (
'link' => page_link_to("user_settings"),
'greeting' => Get_Text("Hallo") . $user['Nick'] . ",<br />" . Get_Text(13),
'text_user_data' => Get_Text("pub_einstellungen_Text_UserData"),
'label_nick' => Get_Text("pub_einstellungen_Nick"),
'label_name' => Get_Text("pub_einstellungen_Name"),
'label_prename' => Get_Text("pub_einstellungen_Vorname"),
'label_age' => Get_Text("pub_einstellungen_Alter"),
'label_tel' => Get_Text("pub_einstellungen_Telefon"),
'label_mobile' => Get_Text("pub_einstellungen_Handy"),
'label_dect' => Get_Text("pub_einstellungen_DECT"),
'label_mail' => Get_Text("pub_einstellungen_Email"),
'label_hometown' => Get_Text("pub_einstellungen_Hometown"),
'nick' => $user['Nick'],
'name' => $user['Name'],
'prename' => $user['Vorname'],
'age' => $user['Alter'],
'tel' => $user['Telefon'],
'mobile' => $user['Handy'],
'dect' => $user['DECT'],
'mail' => $user['email'],
'icq' => $user['ICQ'],
'jabber' => $user['jabber'],
'hometown' => $user['Hometown'],
'label_save' => Get_Text("save"),
'tshirts' => $tshirt_html,
'text_password' => Get_Text(14),
'current_pw_label' => Get_Text(15),
'new_pw_label' => Get_Text(16),
'new_pw2_label' => Get_Text(17),
'text_theme' => Get_Text(18),
'theme_label' => Get_Text(19),
'theme_select' => html_select_key('theme', array (
"1" => "Standard-Style",
"2" => "ot/Gelber Style",
"3" => "Club-Mate Style",
"5" => "Debian Style",
"6" => "c-base Style",
"7" => "Blau/Gelber Style",
"8" => "Pastel Style",
"4" => "Test Style",
"9" => "Test Style 21c3",
"10" => "msquare (cccamp2011)"
), $user['color']),
'text_language' => Get_Text(20),
'language_label' => Get_Text(21),
'language_select' => html_select_key('language', array (
'DE' => "Deutsch",
'EN' => "English"
), $user['Sprache'])
));
} else {
switch ($_REQUEST['action']) {
case 'sprache' :
if (isset ($_REQUEST['language']) && preg_match("/^DE|EN$/", $_REQUEST['language']))
$language = $_REQUEST['language'];
else
$language = "EN";
sql_query("UPDATE `User` SET " . "`Sprache`='" . sql_escape($language) . "' WHERE `UID`=" . sql_escape($user['UID']) . " LIMIT 1");
$_SESSION['Sprache'] = $language;
header("Location: " . page_link_to("user_settings"));
break;
case 'colour' :
$theme = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['theme']));
sql_query("UPDATE `User` SET " . "`color`='" . sql_escape($theme) . "' WHERE `UID`=" . sql_escape($user['UID']) . " LIMIT 1");
header("Location: " . page_link_to("user_settings"));
break;
case 'set' :
$html = "";
if ($_REQUEST["new_pw"] == $_REQUEST["new_pw2"]) {
if (PassCrypt($_REQUEST["current_pw"]) == $user['Passwort']) {
sql_query("UPDATE `User` SET `Passwort`='" . sql_escape(PassCrypt($_REQUEST['new_pw'])) . "' WHERE `UID`=" . sql_escape($user['UID']) . " LIMIT 1");
header("Location: " . page_link_to("user_settings"));
} else {
$html .= error(Get_Text(30));
}
} else {
$html .= error(Get_Text(31));
}
return $html;
break;
case "setUserData" :
$nick = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['nick']));
$name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['name']));
$prename = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['prename']));
$age = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['age']));
$tel = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['tel']));
$mobile = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['mobile']));
$dect = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['dect']));
$mail = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['mail']));
$icq = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['icq']));
$jabber = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['jabber']));
$hometown = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['hometown']));
$size = ($user['TShirt'] == 0) ? preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['size'])) : $user['Size'];
sql_query("UPDATE `User` SET " .
"`Nick`='" . sql_escape($nick) . "', " .
"`Name`='" . sql_escape($name) . "', " .
"`Vorname`='" . sql_escape($prename) . "', " .
"`Alter`='" . sql_escape($age) . "', " .
"`Telefon`='" . sql_escape($tel) . "', " .
"`Handy`='" . sql_escape($mobile) . "', " .
"`DECT`='" . sql_escape($dect) . "', " .
"`email`='" . sql_escape($mail) . "', " .
"`ICQ`='" . sql_escape($icq) . "', " .
"`jabber`='" . sql_escape($jabber) . "', " .
"`Hometown`='" . sql_escape($hometown) . "', " .
"`Size`='" . sql_escape($size) . "' " .
"WHERE `UID`=" . sql_escape($user['UID']) . " LIMIT 1");
header("Location: " . page_link_to("user_settings"));
break;
}
}
// AVATARE
/*
if (get_cfg_var("file_uploads")) {
echo "<br />\n<hr width=\"100%\">\n<br />\n\n";
echo Get_Text('pub_einstellungen_PictureUpload') . "<br />";
echo "<form action=\"./einstellungen.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"sendPicture\">\n";
echo "<input name=\"file\" type=\"file\" size=\"50\" maxlength=\"" . get_cfg_var("post_max_size") . "\">\n";
echo "(max " . get_cfg_var("post_max_size") . "Byte)<br />\n";
echo "<input type=\"submit\" value=\"" . Get_Text("upload"), "\">\n";
echo "</form>\n";
}
switch (GetPicturShow($_SESSION['UID'])) {
case 'Y' :
echo Get_Text('pub_einstellungen_PictureShow') . "<br />";
echo displayPictur($_SESSION['UID'], 0);
echo "<form action=\"./einstellungen.php\" method=\"post\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"delPicture\">\n";
echo "<input type=\"submit\" value=\"" . Get_Text("delete"), "\">\n";
echo "</form>\n";
break;
case 'N' :
echo Get_Text('pub_einstellungen_PictureNoShow') . "<br />";
echo displayPictur($_SESSION['UID'], 0);
echo "<form action=\"./einstellungen.php\" method=\"post\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"delPicture\">\n";
echo "<input type=\"submit\" value=\"" . Get_Text("delete"), "\">\n";
echo "</form>\n";
echo "<br />\n<hr width=\"100%\">\n<br />\n\n";
case '' :
echo "<br />\n<hr width=\"100%\">\n<br />\n\n";
echo Get_Text(22) . "<br />";
echo "\n<form action=\"./einstellungen.php\" method=\"post\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"avatar\">\n";
echo "<table>\n";
echo "<tr>\n<td>" . Get_Text(23) . "<br /></td>\n</tr>\n";
echo "<tr>\n";
echo "<td>\n";
echo "<select name=\"eAvatar\" onChange=\"document.avatar.src = '" . $url . $ENGEL_ROOT . "pic/avatar/avatar' + this.value + '.gif'\" onKeyup=\"document.avatar.src = '" . $url . $ENGEL_ROOT . "pic/avatar/avatar' + this.value + '.gif'\">\n";
for ($i = 1; file_exists("../pic/avatar/avatar" . $i . ".gif"); $i++)
echo "<option value=\"" . $i . "\"" . ($_SESSION['Avatar'] == $i ? " selected" : "") . ">avatar" . $i . "</option>\n";
echo "</select>&nbsp;&nbsp;\n";
echo "<img src=\"" . $url . $ENGEL_ROOT . "pic/avatar/avatar" . $_SESSION['Avatar'] . ".gif\" name=\"avatar\" border=\"0\" align=\"top\">\n";
echo "</td>\n</tr>\n";
echo "</table>\n";
echo "<input type=\"submit\" value=\"" . Get_Text("save") . "\">\n";
echo "</form>\n";
break;
} //CASE
} else {
switch ($_POST["action"]) {
case 'avatar' :
$chsql = "UPDATE `User` SET `Avatar`='" . $_POST["eAvatar"] . "' WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1";
$Erg = mysql_query($chsql, $con);
$_SESSION['Avatar'] = $_POST["eAvatar"];
if ($Erg == 1)
Print_Text(34);
else
Print_Text(29);
break;
case 'setUserData' :
break;
case 'sendPicture' :
if ($_FILES["file"]["size"] > 0) {
if (($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/png") || ($_FILES["file"]["type"] == "image/gif")) {
$data = addslashes(fread(fopen($_FILES["file"]["tmp_name"], "r"), filesize($_FILES["file"]["tmp_name"])));
if (GetPicturShow($_SESSION['UID']) == "")
$SQL = "INSERT INTO `UserPicture` " .
"( `UID`,`Bild`, `ContentType`, `show`) " .
"VALUES ('" . $_SESSION['UID'] . "', '$data', '" . $_FILES["file"]["type"] . "', 'N')";
else
$SQL = "UPDATE `UserPicture` SET " .
"`Bild`='$data', " .
"`ContentType`='" . $_FILES["file"]["type"] . "', " .
"`show`='N' " .
"WHERE `UID`='" . $_SESSION['UID'] . "'";
$res = mysql_query($SQL, $con);
if ($res)
Print_Text("pub_einstellungen_send_OK");
else
Print_Text("pub_einstellungen_send_KO");
echo "<h6>('" . $_FILES["file"]["name"] . "', MIME-Type: " . $_FILES["file"]["type"] . ", " . $_FILES["file"]["size"] . " Byte)</h6>";
} else
Print_Text("pub_einstellungen_send_KO");
} else
Print_Text("pub_einstellungen_send_KO");
break;
case 'delPicture' :
$chsql = "DELETE FROM `UserPicture` WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1";
$Erg = mysql_query($chsql, $con);
if ($Erg == 1)
Print_Text("pub_einstellungen_del_OK");
else
Print_Text("pub_einstellungen_del_KO");
Break;
}
}
*/
}
?>

86
includes/pages/user_wakeup.php
Unescape Escape View File

@ -0,0 +1,86 @@
<?php
function user_wakeup() {
global $user;
$html = "";
if (isset ($_REQUEST['action'])) {
switch ($_REQUEST['action']) {
case 'create' :
$date = DateTime::createFromFormat("Y-m-d H:i", $_REQUEST['Date']);
if ($date != null) {
$date = $date->getTimestamp();
$bemerkung = strip_request_item_nl('Bemerkung');
$ort = strip_request_item('Ort');
$SQL = "INSERT INTO `Wecken` (`UID`, `Date`, `Ort`, `Bemerkung`) "
. "VALUES ('" . sql_escape($user['UID']) . "', '"
. sql_escape($date) . "', '" . sql_escape($ort) . "', " . "'"
. sql_escape($bemerkung) . "')";
sql_query($SQL);
$html .= success(Get_Text(4));
} else
$html .= error("Broken date!");
break;
case 'delete' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing wake-up ID.");
$wakeup = sql_select("SELECT * FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
if (count($wakeup) > 0 && $wakeup[0]['UID'] == $user['UID']) {
sql_query("DELETE FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
$html .= success("Wake-up call deleted.");
} else
return error("No wake-up found.");
break;
}
}
$html .= "<p>" . Get_Text("Hello") . $user['Nick'] . ",<br />"
. Get_Text("pub_wake_beschreibung") . "</p>\n\n";
$html .= Get_Text("pub_wake_beschreibung2");
$html .= '
<table border="0" width="100%" class="border" cellpadding="2" cellspacing="1">
<tr class="contenttopic">
<th>' . Get_Text("pub_wake_Datum") . '</th>
<th>' . Get_Text("pub_waeckliste_Nick") . '</th>
<th>' . Get_Text("pub_wake_Ort") . '</th>
<th>' . Get_Text("pub_wake_Bemerkung") . '</th>
<th></th>
</tr>
';
$sql = "SELECT * FROM `Wecken` ORDER BY `Date` ASC";
$Erg = sql_query($sql);
$count = mysql_num_rows($Erg);
for ($i = 0; $i < $count; $i++) {
$row = mysql_fetch_row($Erg);
$html .= '<tr class="content">';
$html .= '<td>' . date("Y-m-d H:i", mysql_result($Erg, $i, "Date")) . ' </td>';
$html .= '<td>' . UID2Nick(mysql_result($Erg, $i, "UID")) . ' </td>';
$html .= '<td>' . mysql_result($Erg, $i, "Ort") . ' </td>';
$html .= '<td>' . mysql_result($Erg, $i, "Bemerkung") . ' </td>';
if (mysql_result($Erg, $i, "UID") == $user['UID'])
$html .= '<td><a href="' . page_link_to("user_wakeup") . '&action=delete&id=' . mysql_result($Erg, $i, "ID") . "\">" . Get_Text("pub_wake_del") . '</a></td>';
else
$html .= '<td></td>';
$html .= '</tr>';
}
$html .= '</table><hr />' . Get_Text("pub_wake_Text2");
$html .= template_render('../templates/user_wakeup.html', array (
'wakeup_link' => page_link_to("user_wakeup"),
'date_text' => Get_Text("pub_wake_Datum"),
'date_value' => date("Y-m-d H:i"),
'place_text' => Get_Text("pub_wake_Ort"),
'comment_text' => Get_Text("pub_wake_Bemerkung"),
'comment_value' => "Knock knock Leo, follow the white rabbit to the blue tent",
'submit_text' => Get_Text("pub_wake_bouton")
));
return $html;
}
?>

41
includes/secure.php
Unescape Escape View File

@ -1,41 +0,0 @@
<?php
//soll dein funktion entahlten die alle übergebenen parameter überprüft
//'`'"
if( $DEBUG)
echo "secure.php START<br>\n";
foreach ($_GET as $k => $v)
{
// $v = htmlspecialchars($v, ENT_QUOTES);
// $v = mysql_escape_string($v);
$v = htmlentities($v, ENT_QUOTES);
if (preg_match('/([\'"`\'])/', $v, $match))
{
print "sorry get has illegal char '$match[1]'";
exit;
}
$_GET[$k] = $v;
if( $DEBUG)
echo "GET $k=\"$v\"<br>";
}
foreach ($_POST as $k => $v)
{
// $v = htmlspecialchars($v, ENT_QUOTES);
// $v = mysql_escape_string($v);
$v = htmlentities($v, ENT_QUOTES);
if (preg_match('/([\'"`\'])/', $v, $match)) {
print "sorry post has illegal char '$match[1]'";
exit;
}
$_POST[$k] = $v;
if( $DEBUG)
echo "POST $k=\"$v\"<br>";
}
if( $DEBUG)
echo "secure.php END<br>\n";
?>

95
includes/sys_auth.php
Unescape Escape View File

@ -0,0 +1,95 @@
<?php
// Testet ob ein User eingeloggt ist und lädt die entsprechenden Privilegien
function load_auth() {
global $user, $privileges;
if (!isset ($_SESSION['IP']))
$_SESSION['IP'] = $_SERVER['REMOTE_ADDR'];
if ($_SESSION['IP'] != $_SERVER['REMOTE_ADDR']) {
session_destroy();
header("Location: " . link_to_page($start));
}
$user = null;
if (isset ($_SESSION['uid'])) {
$user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_SESSION['uid']) . " LIMIT 1");
if (count($user) > 0) {
// User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten
list ($user) = $user;
sql_query("UPDATE `User` SET " . "`lastLogIn` = '" . time() . "'" . " WHERE `UID` = '" . sql_escape($_SESSION['uid']) . "' LIMIT 1;");
} else
unset ($_SESSION['uid']);
}
$privileges = isset ($user) ? privileges_for_user($user['UID']) : privileges_for_group(-1);
}
function PassCrypt($passwort) {
global $crypt_system;
switch ($crypt_system) {
case "crypt" :
return "{crypt}" . crypt($passwort, "77");
case "md5" :
return md5($passwort);
}
}
// JSON Authorisierungs-Schnittstelle
function json_auth_service() {
global $CurrentExternAuthPass;
header("Content-Type: application/json");
$User = $_REQUEST['user'];
$Pass = $_REQUEST['pw'];
$SourceOuth = $_REQUEST['so'];
if (isset ($CurrentExternAuthPass) && $SourceOuth == $CurrentExternAuthPass) {
$sql = "SELECT * FROM `User` WHERE `Nick`='" . sql_escape($User) . "'";
$Erg = sql_query($sql);
if (mysql_num_rows($Erg) == 1) {
if (mysql_result($Erg, 0, "Passwort") == PassCrypt($Pass)) {
$UID = mysql_result($Erg, 0, "UID");
$user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($UID) . ";");
foreach ($user_privs as $user_priv)
$privileges[] = $user_priv['name'];
$msg = array (
'status' => 'success',
'rights' => $privileges
);
echo json_encode($msg);
die();
}
}
}
echo json_encode(array (
'status' => 'failed',
'error' => "JSON Service GET syntax: https://engelsystem.de/?auth&user=<user>&pw=<password>&so=<key>, POST is possible too"
));
die();
}
function privileges_for_user($user_id) {
$privileges = array ();
$user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($user_id) . ";");
foreach ($user_privs as $user_priv)
$privileges[] = $user_priv['name'];
return $privileges;
}
function privileges_for_group($group_id) {
$privileges = array ();
$groups_privs = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group_id));
foreach ($groups_privs as $guest_priv)
$privileges[] = $guest_priv['name'];
return $privileges;
}
?>

10
includes/sys_counter.php
Unescape Escape View File

@ -0,0 +1,10 @@
<?php
function counter() {
global $p;
if (sql_num_query("SELECT `Anz` FROM `Counter` WHERE `URL`='" . sql_escape($p) . "'") == 0)
sql_query("INSERT INTO `Counter` ( `URL` , `Anz` ) VALUES ('" . sql_escape($p) . "', '1');");
else
sql_query("UPDATE `Counter` SET `Anz` = `Anz` + 1 WHERE `URL` = '" . sql_escape($p) . "' LIMIT 1 ;");
}
?>

26
includes/sys_lang.php
Unescape Escape View File

@ -0,0 +1,26 @@
<?php
function Get_Text($TextID, $NoError = false) {
global $con, $error_messages, $debug;
if (!isset ($_SESSION['Sprache']))
$_SESSION['Sprache'] = "EN";
if ($_SESSION['Sprache'] == "")
$_SESSION['Sprache'] = "EN";
if (isset ($_GET["SetLanguage"]))
$_SESSION['Sprache'] = $_GET["SetLanguage"];
$SQL = "SELECT * FROM `Sprache` WHERE TextID=\"$TextID\" AND Sprache ='" . $_SESSION['Sprache'] . "'";
@ $Erg = mysql_query($SQL, $con);
if (mysql_num_rows($Erg) == 1)
return (@ mysql_result($Erg, 0, "Text"));
elseif ($NoError && !$debug) return "";
else {
return "Error Data, '$TextID' found " . mysql_num_rows($Erg) . "x";
}
}
function Print_Text($TextID, $NoError = false) {
echo Get_Text($TextID, $NoError);
}
?>

121
includes/sys_menu.php
Unescape Escape View File

@ -0,0 +1,121 @@
<?php
function page_link_to($page) {
return '?p=' . $page;
}
function make_navigation() {
global $p;
global $privileges;
$menu_items = $privileges;
$menu_items[] = "faq";
$menu = "";
// Standard Navigation
$menu .= make_navigation_for(Get_Text('/'), array (
"start",
"login",
"logout",
"register",
"faq"
));
// Engel Navigation
$menu .= make_navigation_for(Get_Text('inc_schicht_engel'), array (
"news",
"user_meetings",
"user_myshifts",
"user_shifts",
"user_messages",
"user_questions",
"user_wakeup",
"user_settings"
));
// Admin Navigation
$menu .= make_navigation_for(Get_Text('admin/'), array (
"admin_user",
"admin_usershifts",
"admin_questions",
"admin_angel_types",
"admin_shifts",
"admin_rooms",
"admin_groups",
"admin_faq",
"admin_language",
"admin_import",
"admin_log"
));
return $menu;
}
function make_navigation_for($name, $pages) {
global $privileges, $p;
$specials = array (
"faq"
);
$menu = "";
foreach ($pages as $page)
if (in_array($page, $privileges) || in_array($page, $specials))
$menu .= '<li' . ($page == $p ? ' class="selected"' : '') . '><a href="' . page_link_to($page) . '">' . Get_Text($page) . '</a></li>';
if ($menu != "")
$menu = '<nav class="container"><h4>' . $name . '</h4><ul class="content">' . $menu . '</ul></nav>';
return $menu;
}
function make_menu() {
return make_navigation() . make_onlineusers() . make_langselect();
}
function make_onlineusers() {
global $privileges, $user;
$html = '<nav class="container"><h4>Engel online</h4>';
$query = "SELECT UID, Nick, lastLogIn " . "FROM User " . "WHERE (`lastLogIn` > '" . (time() - 60 * 60) . "') " . "ORDER BY lastLogIn DESC";
$users = sql_select($query);
if (count($users) > 0) {
$html .= "<ul class=\"content\">";
foreach ($users as $online_user) {
if (isset ($user) && $online_user['UID'] == $user['UID'])
continue;
$html .= "<li>";
//if (isset ($user))
//$html .= DisplayAvatar($online_user['UID']);
// Show Admin Page
if (in_array("admin_user_edit", $privileges)) {
$html .= '<a href="admin/userChangeNormal.php?enterUID=' . $online_user['UID'] . '&Type=Normal">' . $online_user['Nick'] . '</a>';
} else {
$html .= $online_user['Nick'];
}
$last_action = time() - $online_user['lastLogIn'];
$html .= " " . date("i:s", $last_action);
$html .= "</li>\n";
}
$html .= "</ul>";
} else {
$html .= '<p class="content">Nobody...</p>';
}
$html .= '</nav>';
return $html;
}
function make_langselect() {
if (strpos($_SERVER["REQUEST_URI"], "?") > 0)
$URL = $_SERVER["REQUEST_URI"] . "&SetLanguage=";
else
$URL = $_SERVER["REQUEST_URI"] . "?SetLanguage=";
$html = '<p class="content"><a class="sprache" href="' . $URL . 'DE"><img src="pic/flag/de.png" alt="DE" title="Deutsch"></a>';
$html .= '<a class="sprache" href="' . $URL . 'EN"><img src="pic/flag/en.png" alt="EN" title="English"></a></p>';
return '<nav class="container"><h4>' . Get_Text("Sprache") . '</h4>' . $html . '</nav>';
}
?>

61
includes/sys_mysql.php
Unescape Escape View File

@ -0,0 +1,61 @@
<?php
function sql_connect($host, $user, $pw, $db) {
global $con;
global $host;
@ $con = mysql_connect($host, $user, $pw);
if ($con == null)
die("no mysql-connection");
if (!mysql_select_db($db, $con))
die("mysql db-selection failed");
mysql_query("SET CHARACTER SET utf8;", $con);
mysql_query("SET NAMES 'utf8'", $con);
}
// Do select query
function sql_select($query) {
global $con;
$start = microtime(true);
if ($result = mysql_query($query, $con)) {
$data = array ();
while ($line = mysql_fetch_assoc($result)) {
array_push($data, $line);
}
return $data;
} else {
die('MySQL-query error: ' . $query . ", " . mysql_error($con));
}
}
// Execute a query
function sql_query($query) {
global $con;
$start = microtime(true);
if ($result = mysql_query($query, $con)) {
return $result;
} else {
die('MySQL-query error: ' . $query . ", " . mysql_error($con));
}
}
function sql_id() {
global $con;
return mysql_insert_id($con);
}
function sql_escape($query) {
return mysql_real_escape_string($query);
}
function sql_num_query($query) {
return mysql_num_rows(sql_query($query));
}
function sql_error() {
global $con;
return mysql_error($con);
}
?>

26
includes/sys_page.php
Unescape Escape View File

@ -0,0 +1,26 @@
<?php
function strip_request_item($name) {
return preg_replace(
"/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui",
'',
strip_tags($_REQUEST[$name])
);
}
function strip_request_item_nl($name) {
return preg_replace(
"/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui",
'',
strip_tags($_REQUEST[$name])
);
}
function error($msg) {
return '<p class="error">' . $msg . '</p>';
}
function success($msg) {
return '<p class="success">' . $msg . '</p>';
}
?>

443
includes/sys_shift.php
Unescape Escape View File

@ -0,0 +1,443 @@
<?php
function load_shift_basics() {
global $VeranstaltungsTageMax, $Room, $RoomID, $EngelType, $EngelTypeID, $TID2Name, $Veranstaltungstage;
// erstellt ein Array der Räume
$rooms = sql_select("SELECT `RID`, `Name` FROM `Room` WHERE `Show`='Y' ORDER BY `Number`, `Name`");
foreach ($rooms as $i => $r) {
$Room[$i] = array (
'RID' => $r['RID'],
'Name' => $r['Name']
);
$RoomID[$r['RID']] = $r['Name'];
}
// erstellt ein Array der Engeltypen
$engel_types = sql_select("SELECT `TID`, `Name` FROM `EngelType` ORDER BY `Name`");
foreach ($engel_types as $engel_type) {
$EngelType[$i] = array (
'TID' => $engel_type['TID'],
'Name' => $engel_type['Name'] . Get_Text("inc_schicht_engel")
);
$EngelTypeID[$engel_type['TID']] = $engel_type['Name'] . Get_Text("inc_schicht_engel");
$TID2Name[$engel_type['TID']] = $engel_type['Name'];
}
// Erste Schicht suchen
$Pos = 0;
$first_shift = sql_select("SELECT `DateS` FROM `Shifts` ORDER BY `DateS` LIMIT 1");
if (count($first_shift) > 0) {
do {
// Startdatum einlesen und link ausgeben
$DateS = substr($first_shift[0]['DateS'], 0, 10);
$VeranstaltungsTage[$Pos++] = $DateS;
// auslesen den endes und eventuelle weitere tage ausgeben
$last_shift = sql_select("SELECT MAX(`DateE`) FROM `Shifts` WHERE ( (`DateS` like '" . sql_escape($DateS) . "%') AND NOT (`DateE` like '%00:00:00'))");
$DateE = substr($last_shift[0]['DateE'], 0, 10);
if (strlen($DateE) == 0)
$DateE = $DateS;
else
while ($DateS != $DateE) {
$DateS = DatumUm1TagErhoehen($DateS);
$VeranstaltungsTage[$Pos++] = $DateS;
}
// suchen den nächsten eintrag
$first_shift = sql_select("SELECT `DateS` FROM `Shifts` " . "WHERE (`DateS` > '" . sql_escape($DateE) . " 23:59:59' ) " . "ORDER BY `DateS` " . "LIMIT 1");
} while (count($first_shift) > 0);
}
$VeranstaltungsTageMax = $Pos -1;
}
/*#######################################################
# gibt die engelschischten aus #
#######################################################*/
function ausgabe_Feld_Inhalt($SID, $Man) {
// gibt, nach <20>bergabe der der SchichtID (SID) und der RaumBeschreibung,
// die eingetragenden und und offenden Schichteint<6E>ge zur<75>ck
global $EngelType, $EngelTypeID, $TID2Name, $con, $debug, $gmdateOffset;
$Spalten = "";
if (!isset ($_GET["Icon"]))
$_GET["Icon"] = 1;
///////////////////////////////////////////////////////////////////
// Schow Admin Page
///////////////////////////////////////////////////////////////////
$Spalten .= funktion_isLinkAllowed_addLink_OrEmpty("admin/schichtplan.php?action=change&SID=$SID", "edit<br />\n");
///////////////////////////////////////////////////////////////////
// Ausgabe des Schichtnamens
///////////////////////////////////////////////////////////////////
$SQL = "SELECT `URL` FROM `Shifts` WHERE (`SID` = '$SID');";
$Erg = mysql_query($SQL, $con);
if (mysql_result($Erg, 0, 0) != "")
$Spalten .= "<a href=\"" . mysql_result($Erg, 0, 0) . "\" target=\"_black\"><u>$Man:</u></a><br />";
else
$Spalten .= "<u>" .
$Man . ":</u><br />";
///////////////////////////////////////////////////////////////////
// SQL abfrage f<>r die ben<65>tigten schichten
///////////////////////////////////////////////////////////////////
$SQL = "SELECT * FROM `ShiftEntry` WHERE (`SID` = '" . sql_escape($SID) . "') ORDER BY `TID`, `UID` DESC ;";
$Erg = mysql_query($SQL, $con);
$Anzahl = mysql_num_rows($Erg);
$Feld = 0;
$Temp_TID_old = -1;
for ($i = 0; $i < $Anzahl; $i++) {
if (isset ($Temp[$Feld]["TID"]))
$Temp_TID_old = $Temp[$Feld]["TID"];
if (isset ($Temp[$Feld]["UID"]))
$Temp_UID_old = $Temp[$Feld]["UID"];
$Temp_TID = mysql_result($Erg, $i, "TID");
// wenn sich der Type <20>ndert wird zumn<6D>sten feld geweckselt
if ($Temp_TID_old != $Temp_TID)
$Feld++;
$Temp[$Feld]["TID"] = $Temp_TID;
$Temp[$Feld]["UID"] = mysql_result($Erg, $i, "UID");
// sonderfall ersten durchlauf
if ($i == 0) {
$Temp_TID_old = $Temp[$Feld]["TID"];
$Temp_UID_old = $Temp[$Feld]["UID"];
}
// ist es eine zu vergeben schicht?
if ($Temp[$Feld]["UID"] == 0) {
if (isset ($Temp[$Feld]["free"]))
$Temp[$Feld]["free"]++;
else
$Temp[$Feld]["free"] = 1;
} else
$Temp[$Feld]["Engel"][] = $Temp[$Feld]["UID"];
} // FOR
///////////////////////////////////////////////////////////////////
// Aus gabe der Schicht
///////////////////////////////////////////////////////////////////
if (isset ($Temp))
if (count($Temp))
foreach ($Temp as $TempEntry => $TempValue) {
if (!isset ($TempValue["free"]))
$TempValue["free"] = 0;
// ausgabe EngelType
$Spalten .= $EngelTypeID[$TempValue["TID"]] . " ";
// ausgabe Eingetragener Engel
if (isset ($TempValue["Engel"]))
if (count($TempValue["Engel"]) > 0) {
if (count($TempValue["Engel"]) == 1)
$Spalten .= Get_Text("inc_schicht_ist") . ":<br />\n";
else
$Spalten .= Get_Text("inc_schicht_sind") . ":<br />\n";
foreach ($TempValue["Engel"] as $TempEngelEntry => $TempEngelID) {
if (funktion_isLinkAllowed("admin/user.php") === TRUE) {
// add color, wenn Engel "Gekommen"
$TempText = ((UIDgekommen($TempEngelID) == "1") ? "<span style=\"color: blue;\">" : "<span style=\"color: red;\">") .
UID2Nick($TempEngelID) . "</span>";
} else {
$TempText = UID2Nick($TempEngelID);
}
// add link to user
$TempText = funktion_isLinkAllowed_addLink_OrLinkText("admin/userChangeNormal.php?enterUID=$TempEngelID&Type=Normal", $TempText);
$Spalten .= "&nbsp;&nbsp;" . $TempText .
(($_GET["Icon"] == 1) ? DisplayAvatar($TempEngelID) : "") .
"<br />\n";
}
$Spalten = substr($Spalten, 0, strlen($Spalten) - 7);
}
// ausgabe ben<65>tigter Engel
////////////////////////////
//in vergangenheit
$SQLtime = "SELECT `DateE` FROM `Shifts` WHERE (`SID`='" . sql_escape($SID) . "' AND `DateE` >= '" .
gmdate("Y-m-d H:i:s", time() + $gmdateOffset) . "')";
$Ergtime = mysql_query($SQLtime, $con);
if (mysql_num_rows($Ergtime) > 0) {
//wenn keien rechte definiert sind
if (!isset ($_SESSION['CVS'][$TID2Name[$TempValue["TID"]]]))
$_SESSION['CVS'][$TID2Name[$TempValue["TID"]]] = "Y";
if ($_SESSION['CVS'][$TID2Name[$TempValue["TID"]]] == "Y")
if ($TempValue["free"] > 0) {
$Spalten .= "<br />\n&nbsp;&nbsp;<a href=\"./schichtplan_add.php?SID=$SID&TID=" .
$TempValue["TID"] . "\">";
$Spalten .= $TempValue["free"];
if ($TempValue["free"] != 1)
$Spalten .= Get_Text("inc_schicht_weitere") .
" " . Get_Text("inc_schicht_Engel") .
Get_Text("inc_schicht_wird");
else
$Spalten .= Get_Text("inc_schicht_weiterer") .
" " . Get_Text("inc_schicht_Engel") .
Get_Text("inc_schicht_werden");
$Spalten .= Get_Text("inc_schicht_noch_gesucht");
$Spalten .= "</a>";
}
} else {
if (isset ($TempValue["free"]))
if ($TempValue["free"] > 0)
$Spalten .= "<br />\n&nbsp;&nbsp;<h3><a>Fehlen noch: " .
$TempValue["free"] . "</a></h3>";
}
$Spalten .= "<br />\n";
} // FOREACH
return $Spalten;
} // function Ausgabe_Feld_Inhalt
/*#######################################################
# gibt die engelschischten Druckergerecht aus #
#######################################################*/
function Ausgabe_Feld_Inhalt_Druck($RID, $Man) {
// gibt, nach <20>bergabe der der SchichtID (SID) und der RaumBeschreibung,
// die eingetragenden und und offenden Schichteint<6E>ge zur<75>ck
} // function Ausgabe_Feld_Inhalt
/*#######################################################
# Ausgabe der Raum Spalten #
#######################################################*/
function CreateRoomShifts($raum) {
global $Spalten, $ausdatum, $con, $debug, $GlobalZeileProStunde, $error_messages;
/////////////////////////////////////////////////////////////
// beginnt die erste schicht vor dem heutigen tag und geht dar<61>ber hinaus
/////////////////////////////////////////////////////////////
$SQLSonder = "SELECT `SID`, `DateS`, `DateE` , `Len`, `Man` FROM `Shifts` " .
"WHERE ((`RID` = '" . sql_escape($raum) . "') AND (`DateE` > '$ausdatum 23:59:59') AND " .
"(`DateS` < '" . sql_escape($ausdatum) . " 00:00:00') ) ORDER BY `DateS`;";
$ErgSonder = mysql_query($SQLSonder, $con);
if ((mysql_num_rows($ErgSonder) > 1)) {
if (funktion_isLinkAllowed("admin/schichtplan.php") === TRUE) {
echo "<h1>" . Get_Text("pub_schichtplan_colision") . "</h1> ";
for ($i = 0; $i < mysql_num_rows($ErgSonder); $i++) {
echo "<a href=\"./../admin/schichtplan.php?action=change&SID=" .
mysql_result($ErgSonder, $i, "SID") . "\">" .
mysql_result($ErgSonder, $i, "DateS") .
" '" . mysql_result($ErgSonder, $i, "Man") . "' (RID $raum) (00-24)" .
"</a><br />\n";
}
}
}
elseif ((mysql_num_rows($ErgSonder) == 1)) {
$Spalten[0] .= "<td valign=\"top\" rowspan=\"" . (24 * $GlobalZeileProStunde) . "\">\n" .
"<h3>&uarr;&uarr;&uarr;</h3>" .
Ausgabe_Feld_Inhalt(mysql_result($ErgSonder, 0, "SID"), mysql_result($ErgSonder, 0, "Man")) .
"<h3>&darr;&darr;&darr;</h3>" .
"\n</td>\n";
return;
}
$ZeitZeiger = 0;
/////////////////////////////////////////////////////////////
// beginnt die erste schicht vor dem heutigen tag?
/////////////////////////////////////////////////////////////
$SQLSonder = "SELECT `SID`, `DateS`, `DateE` , `Len`, `Man` FROM `Shifts` " .
"WHERE ((`RID` = '" . sql_escape($raum) . "') AND (`DateE` > '" . sql_escape($ausdatum) . " 00:00:00') AND " .
"(`DateS` < '" . sql_escape($ausdatum) . " 00:00:00') ) ORDER BY `DateS`;";
$ErgSonder = mysql_query($SQLSonder, $con);
if ((mysql_num_rows($ErgSonder) > 1)) {
if (funktion_isLinkAllowed("admin/schichtplan.php") === TRUE) {
echo "<h1>" . Get_Text("pub_schichtplan_colision") . "</h1> ";
for ($i = 0; $i < mysql_num_rows($ErgSonder); $i++) {
echo "<a href=\"./../admin/schichtplan.php?action=change&SID=" .
mysql_result($ErgSonder, $i, "SID") . "\">" .
mysql_result($ErgSonder, $i, "DateS") .
" '" . mysql_result($ErgSonder, $i, "Man") . "' (RID $raum) (00-xx)" .
"</a><br />\n";
}
}
}
elseif ((mysql_num_rows($ErgSonder) == 1)) {
$ZeitZeiger = substr(mysql_result($ErgSonder, 0, "DateE"), 11, 2) + (substr(mysql_result($ErgSonder, 0, "DateE"), 14, 2) / 60);
$Spalten[0] .= "<td valign=\"top\" rowspan=\"" . ($ZeitZeiger * $GlobalZeileProStunde) . "\">\n" .
"<h3>&uarr;&uarr;&uarr;</h3>" .
Ausgabe_Feld_Inhalt(mysql_result($ErgSonder, 0, "SID"), mysql_result($ErgSonder, 0, "Man")) .
"\n</td>\n";
}
/////////////////////////////////////////////////////////////
// gibt die schichten f<>r den tag aus
/////////////////////////////////////////////////////////////
$SQL = "SELECT `SID`, `DateS`, `Len`, `Man` FROM `Shifts` " .
"WHERE ((`RID` = '" . sql_escape($raum) . "') and " .
"(`DateS` >= '" . sql_escape($ausdatum) . ' ' . sql_escape($ZeitZeiger) . ":00:00') and " .
"(`DateS` like '" . sql_escape($ausdatum) . "%')) ORDER BY `DateS`;";
$Erg = mysql_query($SQL, $con);
for ($i = 0; $i < mysql_num_rows($Erg); ++ $i) {
$ZeitPos = substr(mysql_result($Erg, $i, "DateS"), 11, 2) + (substr(mysql_result($Erg, $i, "DateS"), 14, 2) / 60);
$len = mysql_result($Erg, $i, "Len");
if ($len <= 0)
array_push($error_messages, "Error in shift denition SID=" . mysql_result($Erg, $i, "SID") . " Len=$len");
if ($ZeitZeiger < $ZeitPos) {
$Spalten[$ZeitZeiger * $GlobalZeileProStunde] .= "<td valign=\"top\" rowspan=\"" . (($ZeitPos - $ZeitZeiger) * $GlobalZeileProStunde) . "\">&nbsp;</td>\n";
$ZeitZeiger += $ZeitPos - $ZeitZeiger;
}
if ($ZeitZeiger == $ZeitPos) {
//sonderfall wenn die schicht <20>ber dei 24 stunden hinaus geht
// (eintrag abk<62>rzen, pfeiel ausgeben)
$Spalten[$ZeitZeiger * $GlobalZeileProStunde] .= "<td valign=\"top\" rowspan=\"" .
((($len + $ZeitZeiger) ? $len : 24 - $len + $ZeitZeiger) * $GlobalZeileProStunde) .
"\">\n" .
"" .
Ausgabe_Feld_Inhalt(mysql_result($Erg, $i, "SID"), mysql_result($Erg, $i, "Man")) .
((($ZeitZeiger + $len) > 24) ? "<h3>&darr;&darr;&darr;</h3>" : "") .
"\n</td>\n";
$ZeitZeiger += $len;
} else {
echo "<h1>" . Get_Text("pub_schichtplan_colision") . "</h1> ";
echo "<a href=\"./../admin/schichtplan.php?action=change&SID=" .
mysql_result($Erg, $i, "SID") . "\">" .
mysql_result($Erg, $i, "DateS") .
" '" . mysql_result($Erg, $i, "Man") . "' " .
" (" . mysql_result($Erg, $i, "SID") . " R$raum) (xx-xx)</a><br /><br />";
}
}
if ($ZeitZeiger < 24)
$Spalten[($ZeitZeiger * $GlobalZeileProStunde)] .= "<td valign=\"top\" rowspan=\"" .
((24 - $ZeitZeiger) * $GlobalZeileProStunde) .
"\">&nbsp;</td>\n";
} // function CreateRoomShifts
/*#######################################################
# Ausgabe der freien schichten #
#######################################################*/
function showEmptyShifts() {
global $con, $debug, $RoomID, $gmdateOffset;
echo "<table border=\"1\">\n";
echo "<tr>\n";
echo "<th>" . Get_Text("inc_schicht_date") . "</th>\n";
echo "<th>" . Get_Text("inc_schicht_time") . "</th>\n";
echo "<th>" . Get_Text("inc_schicht_room") . "</th>\n";
echo "<th>" . Get_Text("inc_schicht_commend") . "</th>\n";
echo "</tr>\n";
$sql = "SELECT `SID`, `DateS`, `Man`, `RID` FROM `Shifts` " .
"WHERE (`Shifts`.`DateS`>='" . gmdate("Y-m-d H:i:s", time() + $gmdateOffset) . "') " .
"ORDER BY `DateS`, `RID`;";
$Erg = mysql_query($sql, $con);
$angezeigt = 0;
for ($i = 0;($i < mysql_num_rows($Erg)) && ($angezeigt < 15); $i++)
if (isset ($RoomID[mysql_result($Erg, $i, "RID")]))
if ($RoomID[mysql_result($Erg, $i, "RID")] != "") {
$Sql2 = "SELECT `UID` FROM `ShiftEntry` " .
"WHERE `SID`=" . mysql_result($Erg, $i, "SID") . " AND " .
"`UID`='0';";
$Erg2 = mysql_query($Sql2, $con);
if (mysql_num_rows($Erg2) > 0) {
$angezeigt++;
echo "<tr>\n";
echo "<td>" . substr(mysql_result($Erg, $i, "DateS"), 0, 10) . "</td>\n";
echo "<td>" . substr(mysql_result($Erg, $i, "DateS"), 11) . "</td>\n";
echo "<td>" . $RoomID[mysql_result($Erg, $i, "RID")] . "</td>\n";
echo "<td>" .
ausgabe_Feld_Inhalt(mysql_result($Erg, $i, "SID"), mysql_result($Erg, $i, "Man")) .
"</td>\n";
echo "</tr>\n";
}
}
echo "</table>\n";
} //function showEmptyShifts
/*#######################################################
# Gibt die anzahl der Schichten im Raum zur<75>ck #
#######################################################*/
function SummRoomShifts($raum) {
global $ausdatum, $con, $debug, $GlobalZeileProStunde;
$SQLSonder = "SELECT `SID`, `DateS`, `Len`, `Man` FROM `Shifts` " .
"WHERE ((`RID` = '" . sql_escape($raum) . "') AND (`DateE` >= '$ausdatum 00:00:00') AND " .
"(`DateS` <= '$ausdatum 23:59:59') ) ORDER BY `DateS`;";
$ErgSonder = mysql_query($SQLSonder, $con);
return mysql_num_rows($ErgSonder);
}
function DatumUm1TagErhoehen($Datum) {
$Jahr = substr($Datum, 0, 4);
$Monat = substr($Datum, 5, 2);
$Tag = substr($Datum, 8, 2);
$Tag++;
switch ($Monat) {
case 1 :
$Mmax = 31;
break;
case 2 :
$Mmax = 28;
break;
case 3 :
$Mmax = 31;
break;
case 4 :
$Mmax = 30;
break;
case 5 :
$Mmax = 31;
break;
case 6 :
$Mmax = 30;
break;
case 7 :
$Mmax = 31;
break;
case 8 :
$Mmax = 31;
break;
case 9 :
$Mmax = 30;
break;
case 10 :
$Mmax = 31;
break;
case 11 :
$Mmax = 30;
break;
case 12 :
$Mmax = 31;
break;
}
if ($Tag > $Mmax) {
$Tag = 1;
$Monat++;
}
if ($Monat > 12) {
$Monat = 1;
$Jahr++;
}
$Tag = strlen($Tag) == 1 ? "0" . $Tag : $Tag;
$Monat = strlen($Monat) == 1 ? "0" . $Monat : $Monat;
return ("$Jahr-$Monat-$Tag");
}
?>

36
includes/sys_template.php
Unescape Escape View File

@ -0,0 +1,36 @@
<?php
// Load and render template
function template_render($file, $data) {
if (file_exists($file)) {
$template = file_get_contents($file);
if (is_array($data))
foreach ($data as $name => $content) {
$template = str_replace("%" . $name . "%", $content, $template);
}
return $template;
} else {
die('Cannot find template file &laquo;' . $file . '&raquo;.');
}
}
function html_options($name, $options, $selected = "") {
$html = "";
foreach ($options as $value => $label)
$html .= '<input type="radio"' . ($value == $selected ? ' checked="checked"' : '') . ' name="' . $name . '" value="' . $value . '"> ' . $label;
return $html;
}
function html_select_key($name, $rows, $selected) {
$html = '<select name="' . $name . '">';
foreach ($rows as $key => $row)
if (($key == $selected) || ($row == $selected))
$html .= '<option value="' . $key . '" selected="selected">' . $row . '</option>';
else
$html .= '<option value="' . $key . '">' . $row . '</option>';
$html .= '</select>';
return $html;
}
?>

106
includes/sys_user.php
Unescape Escape View File

@ -0,0 +1,106 @@
<?php
function UID2Nick($UID) {
if ($UID > 0)
$SQL = "SELECT Nick FROM `User` WHERE UID='" . sql_escape($UID) . "'";
else
$SQL = "SELECT Name FROM `Groups` WHERE UID='" . sql_escape($UID) . "'";
$Erg = sql_select($SQL);
if (count($Erg) > 0) {
if ($UID > 0)
return $Erg[0]['Nick'];
else
return "Group-" . $Erg[0]['Name'];
} else {
if ($UID == -1)
return "Guest";
else
return "UserID $UID not found";
}
}
function TID2Type($TID) {
global $con;
$SQL = "SELECT Name FROM `EngelType` WHERE TID='" . sql_escape($TID) . "'";
$Erg = mysql_query($SQL, $con);
if (mysql_num_rows($Erg))
return mysql_result($Erg, 0);
else
return "";
}
function ReplaceSmilies($neueckig) {
global $url, $ENGEL_ROOT;
$neueckig = str_replace(";o))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig);
$neueckig = str_replace(":-))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig);
$neueckig = str_replace(";o)", "<img src=\"pic/smiles/icon_wind.gif\">", $neueckig);
$neueckig = str_replace(":)", "<img src=\"pic/smiles/icon_smile.gif\">", $neueckig);
$neueckig = str_replace(":-)", "<img src=\"pic/smiles/icon_smile.gif\">", $neueckig);
$neueckig = str_replace(":(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig);
$neueckig = str_replace(":-(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig);
$neueckig = str_replace(":o(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig);
$neueckig = str_replace(":o)", "<img src=\"pic/smiles/icon_lol.gif\">", $neueckig);
$neueckig = str_replace(";o(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig);
$neueckig = str_replace(";(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig);
$neueckig = str_replace(";-(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig);
$neueckig = str_replace("8)", "<img src=\"pic/smiles/icon_rolleyes.gif\">", $neueckig);
$neueckig = str_replace("8o)", "<img src=\"pic/smiles/icon_rolleyes.gif\">", $neueckig);
$neueckig = str_replace(":P", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig);
$neueckig = str_replace(":-P", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig);
$neueckig = str_replace(":oP", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig);
$neueckig = str_replace(";P", "<img src=\"pic/smiles/icon_mad.gif\">", $neueckig);
$neueckig = str_replace(";oP", "<img src=\"pic/smiles/icon_mad.gif\">", $neueckig);
$neueckig = str_replace("?)", "<img src=\"pic/smiles/icon_question.gif\">", $neueckig);
return $neueckig;
}
function GetPicturShow($UID) {
global $con;
$SQL = "SELECT `show` FROM `UserPicture` WHERE `UID`='" . sql_escape($UID) . "'";
$res = mysql_query($SQL, $con);
if (mysql_num_rows($res) == 1)
return mysql_result($res, 0, 0);
else
return "";
}
function displayPictur($UID, $height = "30") {
global $url, $ENGEL_ROOT;
if ($height > 0)
return ("<div class=\"avatar\"><img src=\"" . $url . $ENGEL_ROOT . "ShowUserPicture.php?UID=$UID\" height=\"$height\" alt=\"picture of USER$UID\" class=\"photo\"></div>");
else
return ("<div class=\"avatar\"><img class=\"avatar\" src=\"" . $url . $ENGEL_ROOT . "ShowUserPicture.php?UID=$UID\" alt=\"picture of USER$UID\"></div>");
}
function displayavatar($UID, $height = "30") {
global $con, $url, $ENGEL_ROOT;
if (GetPicturShow($UID) == 'Y')
return "&nbsp;" . displayPictur($UID, $height);
$user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($UID) . " LIMIT 1");
if (count($user) > 0)
if ($user[0]['Avatar'] > 0)
return '<div class="avatar">' . ("&nbsp;<img src=\"pic/avatar/avatar" . $user[0]['Avatar'] . ".gif\">") . '</div>';
}
function UIDgekommen($UID) {
global $con;
$SQL = "SELECT `Gekommen` FROM `User` WHERE UID='" . sql_escape($UID) . "'";
$Erg = mysql_query($SQL, $con);
if (mysql_num_rows($Erg))
return mysql_result($Erg, 0);
else
return "0";
}
?>

82
services/cron_dect.php
Unescape Escape View File

@ -1,61 +1,51 @@
<?PHP
include ("../includes/config.php");
include ("../includes/config_IAX.php");
include ("../includes/config_db.php");
include ("../includes/error_handler.php");
include ("../includes/funktion_modem.php");
include ("../includes/funktion_cron.php");
//ausfuerungs Ruetmuss (in s)
$StartTimeBeforEvent = (60/4)*60;
$AnrufDelay = -5;
$DebugDECT = FALSE;
#$DebugDECT = TRUE;
//Timeout erhöhen;
set_time_limit(50000);
//SQL zusammensetzen
$SQL = "SELECT Shifts.DateS, Shifts.RID, ShiftEntry.UID, ShiftEntry.TID ".
<?php
include "../includes/config.php";
include "../includes/config_IAX.php";
include "../includes/config_db.php";
include "../includes/error_handler.php";
include "../includes/funktion_modem.php";
include "../includes/funktion_cron.php";
// ausfuerungs Ruetmuss (in s)
$StartTimeBeforEvent = (60 / 4) * 60;
$AnrufDelay = -5;
$DebugDECT = false;
// Timeout erhoehen
set_time_limit(50000);
// SQL zusammensetzen
$SQL = "SELECT Shifts.DateS, Shifts.RID, ShiftEntry.UID, ShiftEntry.TID ".
"FROM `Shifts` INNER JOIN `ShiftEntry` ON `Shifts`.`SID` = `ShiftEntry`.`SID` ";
if( $DebugDECT)
if($DebugDECT)
$SQL .= "WHERE (Shifts.DateS>'2007-07-09 09:45:00' AND ".
"Shifts.DateS<='2007-07-09 11:00:00');";
else
else
$SQL .= "WHERE ((`Shifts`.`DateS`>'". gmdate("Y-m-d H:i:s", time()+120+$gmdateOffset). "') AND ".
"(`Shifts`.`DateS`<='". gmdate("Y-m-d H:i:s", time()+120+$gmdateOffset+$StartTimeBeforEvent). "') );";
$Erg = mysql_query($SQL, $con);
echo mysql_error($con);
$Erg = mysql_query($SQL, $con);
echo mysql_error($con);
$Z = 0;
$Z=0;
for( $i=0; $i<mysql_num_rows($Erg); $i++)
{
if( mysql_result($Erg, $i, "UID")>0)
{
for($i = 0; $i < mysql_num_rows($Erg); $i++) {
if(mysql_result($Erg, $i, "UID") > 0) {
$DECTnumber = UID2DECT(mysql_result($Erg, $i, "UID"));
if( $DECTnumber!="")
{
if($DECTnumber != "") {
echo "dial $DECTnumber\n";
DialNumberIAX( $DECTnumber,
mysql_result($Erg, $i, "DateS"),
mysql_result($Erg, $i, "RID"),
mysql_result($Erg, $i, "TID"));
DialNumberModem( $DECTnumber,
mysql_result($Erg, $i, "DateS"));
if( $Z++>10)
{
$Z=0;
DialNumberIAX( $DECTnumber, mysql_result($Erg, $i, "DateS"), mysql_result($Erg, $i, "RID"), mysql_result($Erg, $i, "TID"));
DialNumberModem( $DECTnumber, mysql_result($Erg, $i, "DateS"));
if($Z++ > 10) {
$Z = 0;
sleep(30);
}
}
}
}
return 0;
}
return 0;
?>

32
services/dect_clear.php
Unescape Escape View File

@ -1,25 +1,19 @@
<?PHP
// löscht alle eintrag in der telefonanlage, indem jede nummer einzähln gelöscht wir (#10<NUMBER>)
<?php
include "../includes/db.php";
include "../includes/config.php";
include "../includes/funktion_modem.php";
include ("../includes/db.php");
include ("../includes/config.php");
include ("../includes/funktion_modem.php");
$SQL = "SELECT DECT FROM `User`;";
$Erg = mysql_query($SQL, $con);
echo mysql_error($con);
$SQL = "SELECT DECT FROM `User`;";
for($i=0; $i < mysql_num_rows($Erg); $i++) {
$Number = "#10" . mysql_result($Erg, $i, "DECT");
$Erg = mysql_query($SQL, $con);
echo mysql_error($con);
for( $i=0; $i<mysql_num_rows($Erg); $i++)
{
$Number = "#10". mysql_result($Erg, $i, "DECT");
if( strlen($Number)==7)
DialNumber( $Number);
}
return 0;
if(strlen($Number) == 7)
DialNumber($Number);
}
return 0;
?>

116
services/jabberserver.php
Unescape Escape View File

@ -1,113 +1,75 @@
<?php
require_once "../includes/config_jabber.php";
require_once "../includes/funktion_jabber.php";
include "../includes/config_MessegeServer.php";
/****************************************************************************************************/
// INCLUDE
/****************************************************************************************************/
require_once('../includes/config_jabber.php');
require_once("../includes/funktion_jabber.php");
include("../includes/config_MessegeServer.php");
// Set time limit to indefinite execution
set_time_limit(0);
// Set time limit to indefinite execution
set_time_limit( 0 );
/****************************************************************************************************/
// show MODE
/****************************************************************************************************/
if( DEBUG)
if(DEBUG)
echo "DEBUG mode is enable\n\tjabber is disable\n\n";
/****************************************************************************************************/
// INIT jabber
/****************************************************************************************************/
if( !DEBUG)
{
if(!DEBUG) {
echo "INIT jabber\n";
$jabber = new Jabber($server, $port, $username, $password, $resource);
if ( !($jabber->Connect() && $jabber->SendAuth()))
if(!($jabber->Connect() && $jabber->SendAuth()))
die("Couldn't connect to Jabber Server.");
}
}
echo "INIT socked\n";
// Create a UDP socket
$sock = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP) or die('Could not create socked (' . socket_strerror(socket_last_error()) . ')');
/****************************************************************************************************/
// INIT socked
/****************************************************************************************************/
echo "INIT socked\n";
//http://de3.php.net/manual/de/function.socket-listen.php
// Create a UDP socket
$sock = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP) or die('Could not create socked ('.socket_strerror(socket_last_error()). ')');
// Bind the socket to an address/port
socket_bind($sock, SERVER_ADDRESS, SERVER_PORT) or die('Could not bind to address ('.socket_strerror(socket_last_error()). ')');
// Setzt Nonbock Mode
socket_set_nonblock($sock);
// Bind the socket to an address/port
socket_bind($sock, SERVER_ADDRESS, SERVER_PORT) or die('Could not bind to address (' . socket_strerror(socket_last_error()) . ')');
// Setzt Nonbock Mode
socket_set_nonblock($sock);
/****************************************************************************************************/
// Loop continuos
/****************************************************************************************************/
$RUNNING = TRUE;
while( $RUNNING )
{
if( @socket_recvfrom($sock, $data, 65535, 0, $ip, $port))
{
//daten empfangen
$data = substr($data,0, strlen($data)-1); //ENTER entfernen
$RUNNING = true;
while($RUNNING) {
if(@socket_recvfrom($sock, $data, 65535, 0, $ip, $port)) {
// daten empfangen
$data = substr($data, 0, strlen($data)-1); //ENTER entfernen
echo "\n". gmdate("Y-m-d H:i:s", time()). "\tresive from $ip:$port ". strlen($data). " byte data ($data)\n";
PackedAnalyser( $data);
}
usleep(100000); // 100ms delay keeps the doctor away
} // end while
} // end while
//disconnect jabber
if( !DEBUG)
// disconnect jabber
if(!DEBUG)
$jabber->Disconnect();
// Close the master sockets
socket_close($sock);
/****************************************************************************************************/
/****************************************** MAIN END ************************************************/
/****************************************************************************************************/
// Close the master sockets
socket_close($sock);
/****************************************************************************************************/
//***** function PackedAnalyser
/****************************************************************************************************/
function PackedAnalyser( $data )
{
GLOBAL $jabber, $RUNNING;
function PackedAnalyser($data) {
global $jabber, $RUNNING;
// init array
$matches = array();
//#message
if( preg_match( "/^#(message) ([^ ]+) (.+)/i", $data, $matches ) )
{
if( $matches[2]=="" || $matches[3]=="")
{
// Wrong syntax
if(preg_match("/^#(message) ([^ ]+) (.+)/i", $data, $matches)) {
if($matches[2]=="" || $matches[3]=="")
echo "\t\t\t\t#messaage parameter fail\n";
}
else
{
else {
// Whisper
if( !DEBUG)
if(!DEBUG)
$jabber->SendMessage($value, "normal", NULL, array("body" => $message, "subject" => "Error in Pentabarf"), NULL);
else
echo "\t\t\t\tmessage to:\"". $matches[2]. "\" Text: \"". $matches[3]. "\"\n";
}
}
elseif( preg_match( "/^#quit/i", $data, $matches ) )
{
if( DEBUG)
{
} elseif(preg_match("/^#quit/i", $data, $matches)) {
if(DEBUG) {
echo "\t\t\t\tSystem Shutdown\n\n";
$RUNNING = FALSE;
$RUNNING = false;
}
}
else
{
} else
echo "\t\t\t\tcommand not found\n\n";
}
}
?>

41
templates/admin_angel_types.html
Unescape Escape View File

@ -0,0 +1,41 @@
Angel types:
<table>
<thead>
<tr>
<th>
Name
</th>
<th>
Man
</th>
<th>
Action
</th>
</tr>
</thead>
<tbody>
%table%
</tbody>
</table>
<hr />
<h2>Create new Angel type:</h2>
<form action="%link%&action=create" method="post">
<table>
<tr>
<td>
Name
</td>
<td>
<input type="text" name="name" value="" />
</td>
</tr>
<tr>
<td>
Man
</td>
<td>
<input type="text" name="man" value="" />
</td>
</tr>
</table><input type="submit" name="submit" value="Create" />
</form>

24
templates/admin_angel_types_edit_form.html
Unescape Escape View File

@ -0,0 +1,24 @@
Edit angel type:
<form action="%link%&action=save" method="post">
<table>
<tr>
<td>
Name
</td>
<td>
<input type="text" name="name" value="%name%" />
</td>
</tr>
<tr>
<td>
Man
</td>
<td>
<input type="text" name="man" value="%man%" />
</td>
</tr>
</table><input type="hidden" name="id" value="%id%" /><input type="submit" name="submit" value="Save" />
</form>
<form action="%link%&action=delete" method="post">
<input type="hidden" name="id" value="%id%" /><input type="submit" name="submit" value="Delete" />
</form>

56
templates/admin_faq.html
Unescape Escape View File

@ -0,0 +1,56 @@
<table>
<thead>
<tr>
<th>
Deutsch
</th>
<th>
English
</th>
<th>
&nbsp;
</th>
</tr>
</thead>
<tbody>
%faqs%
</tbody>
</table>
<hr/>Create new FAQ:
<form action="%link%&action=create" method="post">
<table>
<tr>
<td>
Frage
</td>
<td>
<textarea name="frage"></textarea>
</td>
</tr>
<tr>
<td>
Antwort
</td>
<td>
<textarea name="antwort"></textarea>
</td>
</tr>
<tr>
<td>
Question
</td>
<td>
<textarea name="question"></textarea>
</td>
</tr>
<tr>
<td>
Answer
</td>
<td>
<textarea name="answer"></textarea>
</td>
</tr>
</table>
<input type="submit" name="submit" value="Create" />
</form>

41
templates/admin_faq_edit_form.html
Unescape Escape View File

@ -0,0 +1,41 @@
Edit FAQ:
<form action="%link%&action=save" method="post">
<table>
<tr>
<td>
Frage
</td>
<td>
<textarea name="frage">%frage%</textarea>
</td>
</tr>
<tr>
<td>
Antwort
</td>
<td>
<textarea name="antwort">%antwort%</textarea>
</td>
</tr>
<tr>
<td>
Question
</td>
<td>
<textarea name="question">%question%</textarea>
</td>
</tr>
<tr>
<td>
Answer
</td>
<td>
<textarea name="answer">%answer%</textarea>
</td>
</tr>
</table>
<input type="hidden" name="id" value="%id%" /><input type="submit" name="submit" value="Save" />
</form><hr/>
<form action="%link%&action=delete" method="post">
Delete FAQ: <input type="hidden" name="id" value="%id%" /><input type="submit" name="submit" value="Delete" />
</form>

21
templates/admin_groups.html
Unescape Escape View File

@ -0,0 +1,21 @@
Hallo %nick%,
<br/>
hier hast du die Möglichkeit Gruppenrechte zu ändern:
<table>
<thead>
<tr>
<th>
Name
</th>
<th>
Rechte
</th>
<th>
&nbsp;
</th>
</tr>
</thead>
<tbody>
%groups%
</tbody>
</table>

21
templates/admin_groups_edit_form.html
Unescape Escape View File

@ -0,0 +1,21 @@
<form action="%link%&action=save" method="post">
<table>
<thead>
<tr>
<th>
&nbsp;
</th>
<th>
Name
</th>
<th>
Description
</th>
</tr>
</thead>
<tbody>
%privileges%
</tbody>
</table>
<input type="hidden" name="id" value="%id%" /><input type="submit" name="submit" value="Save" />
</form>

9
templates/admin_question_answered.html
Unescape Escape View File

@ -0,0 +1,9 @@
<tr>
<td> %question_nick% </td>
<td> %question% </td>
<td> %answer_nick% </td>
<td> %answer% </td>
<td>
<a href="%link%&action=delete&id=%question_id%">Delete</a>
</td>
</tr>

14
templates/admin_question_unanswered.html
Unescape Escape View File

@ -0,0 +1,14 @@
<tr>
<td> %question_nick% </td>
<td> %question% </td>
<td>
<form action="%link%&action=answer" method="post">
<textarea name="answer"></textarea>
<input type="hidden" name="id" value="%question_id%" />
<input type="submit" name="submit" value="Send" />
</form>
</td>
<td>
<a href="%link%&action=delete&id=%question_id%">Delete</a>
</td>
</tr>

47
templates/admin_questions.html
Unescape Escape View File

@ -0,0 +1,47 @@
Not yet answered questions:
<table>
<thead>
<tr>
<th>
From
</th>
<th>
Question
</th>
<th>
Answer
</th>
<th>
&nbsp;
</th>
</tr>
</thead>
<tbody>
%open_questions%
</tbody>
</table>
<hr/> Answered questions:
<table>
<thead>
<tr>
<th>
From
</th>
<th>
Question
</th>
<th>
From
</th>
<th>
Answer
</th>
<th>
&nbsp;
</th>
</tr>
</thead>
<tbody>
%answered_questions%
</tbody>
</table>

59
templates/admin_rooms_edit_form.html
Unescape Escape View File

@ -0,0 +1,59 @@
Raum und dafür benötigte Engel bearbeiten:
<br/>
<form action="%link%&action=changesave" method="post">
<table>
<tr>
<td>
Name
</td>
<td>
<input type="text" name="Name" value="%name%" />
</td>
</tr>
<tr>
<td>
Man
</td>
<td>
<input type="text" name="Man" value="%man%" />
</td>
</tr>
<tr>
<td>
From Pentabarf
</td>
<td>
%from_pentabarf_options%
</td>
</tr>
<tr>
<td>
Show
</td>
<td>
%show_options%
</td>
</tr>
<tr>
<td>
Number
</td>
<td>
<input type="text" name="Number" value="%number%" />
</td>
</tr>
<tr>
<th>
Angle Type
</th>
<th>
Needed for this room
</th>
</tr>
%angel_types%
</table>
<input type="hidden" name="RID" value="%room_id%" /><input type="submit" value="Save" />
</form>
<form action="%link%&action=delete" method="post">
<input type="hidden" name="RID" value="%room_id%" /><input type="submit" value="Delete" />
</form>

46
templates/admin_rooms_new_form.html
Unescape Escape View File

@ -0,0 +1,46 @@
Neuen Raum einrichten:
<br/>
<form action="%link%&action=newsave" method="post">
<table>
<tr>
<td>
Name
</td>
<td>
<input type="text" name="Name" />
</td>
</tr>
<tr>
<td>
Man
</td>
<td>
<input type="text" name="Man" />
</td>
</tr>
<tr>
<td>
From Pentabarf
</td>
<td>
<input type="radio" name="FromPentabarf" value="Y" /> Yes <input type="radio" name="FromPentabarf" value="N" />No
</td>
</tr>
<tr>
<td>
Show
</td>
<td>
<input type="radio" name="Show" value="Y" /> Yes<input type="radio" name="Show" value="N" /> No
</td>
</tr>
<tr>
<td>
Number
</td>
<td>
<input type="text" name="Number" value="" />
</td>
</tr>
</table><input type="submit" value="Create" />
</form>

12
templates/guest_credits.html
Unescape Escape View File

@ -0,0 +1,12 @@
<h2>The angelsystem has been (re)done by:</h2>
<ul>
<li>
?
</li>
<li>
helios
</li>
<li>
msquare
</li>
</ul>

22
templates/guest_login_form.html
Unescape Escape View File

@ -0,0 +1,22 @@
<form action="%link%" method="post">
<table>
<tr>
<td align="right">
%nick%
</td>
<td>
<input type="text" name="user" size="23" />
</td>
</tr>
<tr>
<td align="right">
%pass%
</td>
<td>
<input type="password" name="password" size="23">
</td>
</tr>
</table>
<br/>
<input type="submit" name="login_submit" value="%send%">
</form>

42
templates/layout.html
Unescape Escape View File

@ -0,0 +1,42 @@
<!DOCTYPE html>
<html>
<head>
<title>%title% - Engelsystem</title>
<meta charset="UTF-8" />
<meta http-equiv="content-type" content="text/html;charset=utf-8" />
<meta name="content-style-type" content="text/css" />
<meta name="keywords" content="Engel, Himmelsverwaltung" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<meta http-equiv="expires" content="0" />
<meta name="robots" content="index" />
<meta name="revisit-after" content="1 days" />
<script type="text/javascript" src="css/grossbild.js">
</script>
<link rel="stylesheet" type="text/css" href="css/base.css" />
<link rel="stylesheet" type="text/css" href="css/style%theme%.css" />
</head>
<body class="background">
<header>
<a href="?" id="logo"></a>
</header>
<div id="body">
<div id="menu">
%menu%
</div>
<div id="content" class="container">
<h1>%title%</h1>
<article class="content">
%content%
</article>
</div>
</div>
<footer>
<p>
&copy; copyleft | <a href="mailto:erzengel@lists.ccc.de">Contact</a>
| <a href="?p=credits">Credits</a>
<br/>
This is hell. Temporarily.
</p>
</footer>
</body>
</html>

50
templates/user_messages.html
Unescape Escape View File

@ -0,0 +1,50 @@
%greeting%
<form action="%link%&action=send" method="post">
<table>
<thead>
<tr>
<th>
%new_label%
</th>
<th>
%date_label%
</th>
<th>
%from_label%
</th>
<th>
%to_label%
</th>
<th>
%text_label%
</th>
<th>
&nbsp;
</th>
</tr>
</thead>
<tbody>
%messages%
<tr>
<td>
&nbsp;
</td>
<td>
%date%
</td>
<td>
%from%
</td>
<td>
%to_select%
</td>
<td>
<textarea name="text"></textarea>
</td>
<td>
<input type="submit" name="submit" value="%submit_label%" />
</td>
</tr>
</tbody>
</table>
</form>

52
templates/user_questions.html
Unescape Escape View File

@ -0,0 +1,52 @@
Not yet answered questions:
<table>
<thead>
<tr>
<th>
Question
</th>
<th>
&nbsp;
</th>
</tr>
</thead>
<tbody>
%open_questions%
</tbody>
</table>
<hr/> Answered questions:
<table>
<thead>
<tr>
<th>
Question
</th>
<th>
From
</th>
<th>
Answer
</th>
<th>
&nbsp;
</th>
</tr>
</thead>
<tbody>
%answered_questions%
</tbody>
</table>
<hr/>Ask an arch angel:
<form action="%link%&action=ask" method="post">
<table>
<tr>
<td>
Question:
</td>
<td>
<textarea name="question"></textarea>
</td>
</tr>
</table>
<input type="submit" name="submit" value="Ask" />
</form>

106
templates/user_settings.html
Unescape Escape View File

@ -0,0 +1,106 @@
%greeting%
<hr width="100%">
%text_user_data%
<form action="%link%&action=setUserData" method="post">
<table>
<tr>
<td>%label_nick%</td>
<td><input type="text" name="nick" size="23" value="%nick%"></td>
</tr>
<tr>
<td>%label_name%</td>
<td><input type="text" name="name" size="23" value="%name%"></td>
</tr>
<tr>
<td>%label_prename%</td>
<td><input type="text" name="prename" size="23" value="%prename%"></td>
</tr>
<tr>
<td>%label_age%</td>
<td><input type="text" name="age" size="3" value="%age%"></td>
</tr>
<tr>
<td>%label_tel%</td>
<td><input type="text" name="tel" size="40" value="%tel%"></td>
</tr>
<tr>
<td>%label_mobile%</td>
<td><input type="text" name="mobile" size="40" value="%mobile%"></td>
</tr>
<tr>
<td>%label_dect%</td>
<td><input type="text" name="dect" size="4" value="%dect%"></td>
</tr>
<tr>
<td>%label_mail%</td>
<td><input type="text" name="mail" size="40" value="%mail%"></td>
</tr>
<tr>
<td>ICQ</td>
<td><input type="text" name="icq" size="40" value="%icq%"></td>
</tr>
<tr>
<td>jabber</td>
<td><input type="text" name="jabber" size="40" value="%jabber%"></td>
</tr>
<tr>
<td>%label_hometown%</td>
<td><input type="text" name="hometown" size="40" value="%hometown%"></td>
</tr>
%tshirts%
</table>
<input type="submit" value="%label_save%">
</form>
<hr />
%text_password%
<form action="%link%&action=set" method="post">
<table>
<tr><td>%current_pw_label%</td><td><input type="password" name="current_pw" size="20"></td></tr>
<tr><td>%new_pw_label%</td><td><input type="password" name="new_pw" size="20"></td></tr>
<tr><td>%new_pw2_label%</td><td><input type="password" name="new_pw2" size="20"></td></tr>
</table>
<input type="submit" value="%label_save%">
</form>
<hr />
%text_theme%
<form action="%link%&action=colour" method="post">
<table>
<tr>
<td>%theme_label%</td>
<td>
%theme_select%
</td>
</tr>
</table>
<input type="submit" value="%label_save%">
</form>
<hr />
%text_language%
<form action="%link%&action=sprache" method="post">
<table>
<tr>
<td>%language_label%</td>
<td>
%language_select%
</td>
</tr>
</table>
<input type="submit" value="%label_save%">
</form>

4
templates/user_settings_tshirt.html
Unescape Escape View File

@ -0,0 +1,4 @@
<tr>
<td>%label_size%</td>
<td>%size_select%</td>
</tr>

18
templates/user_wakeup.html
Unescape Escape View File

@ -0,0 +1,18 @@
<form action="%wakeup_link%&amp;action=create" method="post">
<table>
<tr>
<td align="right"> %date_text%: </td>
<td><input type="text" name="Date" value="%date_value%"></td>
</tr>
<tr>
<td align="right"> %place_text% </td>
<td><input type="text" name="Ort" value=""></td>
</tr>
<tr>
<td align="right"> %comment_text% </td>
<td><textarea name="Bemerkung" rows="5" cols="40">
%comment_value%</textarea></td>
</tr>
</table>
<input type="submit" name="submit" value="%submit_text%" />
</form>

0
txt/LICENSE
Unescape Escape View File

4
txt/README
Unescape Escape View File

@ -3,9 +3,9 @@ DIRS:
./DB
Standart DB File
./www
daten für http verbindung
daten fuer http verbindung
./www-ssl
daten für https verbindung
daten fuer https verbindung
Anfordeungen:
-------------

29
txt/TODO
Unescape Escape View File

@ -1,3 +1,32 @@
jetzt:
* aktiv
* gekommen
* tshirt
* schichtimport
* schichtadministration
* meine schichten
* schichten
* Services?
* DECT-kram?
* weckservice?
später:
* Zurück-/Backlinks setzen
* Pagination
* MD5-Passwörter mit Salt speichern
* Passwort-Mindestanforderungen stellen
* User-Avatare (code liegt auskommentiert in user_settings.php)
* user_messages schön machen (dialogbasiert)
* Formulare weg von Tabellen
* Privilegien korrigieren (an die vom CVS anpassen)
* (Beim Raum-Management die benötigten Engel anzeigen)
* Löschen nur mit Rückfrage
* FAQ ordentlich mehrsprachig machen
* Fertig übersetzen/Sprachwirrwarr beseitigen
* Übersetzung
* Infotresen-Support (Engel angekommen/Badge gekriegt ohne Adminrechte
setzen)
* schichten ueber monatsgrenzen einbaue im moment werden die tage nur
hochgezaehlt und die monatzgrenzen werden ignoriert
* verify use of dect_clear.php and jabberserver.php

82
www-ssl/ShowUserPicture.php
Unescape Escape View File

@ -1,58 +1,56 @@
<?PHP
<?php
// Momentan keine Avatar-Funktionen
die();
include ("../includes/config.php");
include ("../includes/error_handler.php");
include ("../includes/config_db.php");
if( !isset($_SESSION)) session_start();
include ("../includes/secure.php");
require_once ('bootstrap.php');
include "config/config.php";
include "includes/error_handler.php";
include "config/config_db.php";
if (!isset ($_SESSION))
session_start();
include "includes/secure.php";
// Parameter check
if( !isset($_GET["UID"]) )
$_GET["UID"]= "-1";
$SQL= "SELECT * FROM `UserPicture` WHERE `UID`='". $_GET["UID"]. "'";
$res = mysql_query( $SQL, $con);
if( mysql_num_rows($res) == 1)
{
//genügend rechte
if( !isset($_SESSION['UID']) || $_SESSION['UID'] == -1)
{
header( "HTTP/1.0 403 Forbidden");
die( "403 Forbidden");
if (!isset ($_GET["UID"]))
$_GET["UID"] = "-1";
$SQL = "SELECT * FROM `UserPicture` WHERE `UID`='" . $_GET["UID"] . "'";
$res = mysql_query($SQL, $con);
if (mysql_num_rows($res) == 1) {
// genuegend rechte
if (!isset ($_SESSION['UID']) || $_SESSION['UID'] == -1) {
header("HTTP/1.0 403 Forbidden");
die("403 Forbidden");
}
// ist das bild sichtbar?
if( (mysql_result($res, 0, "show")=="N") AND
($_SESSION['UID']!=$_GET["UID"]) AND
($_SESSION['CVS'][ "admin/UserPicture.php" ] == "N"))
{
$SQL= "SELECT * FROM `UserPicture` WHERE `UID`='-1'";
$res = mysql_query( $SQL, $con);
if( mysql_num_rows($res) != 1)
{
header( 'HTTP/1.0 404 Not Found');
die( "404 Not Found");
if ((mysql_result($res, 0, "show") == "N") AND ($_SESSION['UID'] != $_GET["UID"]) AND ($_SESSION['CVS']["admin/UserPicture.php"] == "N")) {
$SQL = "SELECT * FROM `UserPicture` WHERE `UID`='-1'";
$res = mysql_query($SQL, $con);
if (mysql_num_rows($res) != 1) {
header("HTTP/1.0 404 Not Found");
die("404 Not Found");
}
}
/// bild aus db auslesen
// bild aus db auslesen
$bild = mysql_result($res, 0, "Bild");
// ausgabe bild
header( "Accept-Ranges: bytes");
header( "Content-Length: ". strlen($bild));
header( "Content-type: ". mysql_result($res, 0, "ContentType"));
header( "Cache-control: public");
header( "Cache-request-directive: min-fresh = 120");
header( "Cache-request-directive: max-age = 360");
header("Accept-Ranges: bytes");
header("Content-Length: " . strlen($bild));
header("Content-type: " . mysql_result($res, 0, "ContentType"));
header("Cache-control: public");
header("Cache-request-directive: min-fresh = 120");
header("Cache-request-directive: max-age = 360");
echo $bild;
} else {
header("HTTP/1.0 404 Not Found");
die("404 Not Found");
}
else
{
header( 'HTTP/1.0 404 Not Found');
die( "404 Not Found");
}
?>

191
www-ssl/admin/EngelType.php
Unescape Escape View File

@ -1,191 +0,0 @@
<?php
$title = "R&auml;ume";
$header = "Verwaltung der R&auml;ume";
include ("../../includes/header.php");
include("../../includes/funktion_db.php");
function runSQL( $SQL)
{
global $con;
// hier muesste das SQL ausgefuehrt werden...
$Erg = mysql_query($SQL, $con);
if ($Erg)
{
echo "&Auml;nderung wurde gesichert...<br>";
echo "[$SQL]<br>";
return 1;
}
else
{
echo "Fehler beim speichern... bitte noch ein mal probieren :)";
echo "<br><br>".mysql_error( $con ). "<br>";
echo "[$SQL]<br>";
return 0;
}
}
function runSQL_log( $SQL, $commed)
{
global $con;
// hier muesste das SQL ausgefuehrt werden...
$Erg = db_query($SQL, $commed);
if ($Erg)
{
echo "&Auml;nderung wurde gesichert...<br>";
echo "[$SQL]<br>";
return 1;
}
else
{
echo "Fehler beim speichern... bitte noch ein mal probieren :)";
echo "<br><br>".mysql_error( $con ). "<br>";
echo "[$SQL]<br>";
return 0;
}
}
$Sql = "SELECT * FROM `EngelType` ORDER BY `NAME`";
$Erg = mysql_query($Sql, $con);
if( !IsSet($_GET["action"]) )
{
echo "Hallo ".$_SESSION['Nick'].
",<br>\nhier hast du die M&ouml;glichkeit, neue Engeltypen f&uuml;r die Schichtpl&auml;ne einzutragen ".
"oder vorhandene abzu&auml;ndern:<br><br>\n";
echo "<a href=\"./EngelType.php?action=new\">- Neuen EngelType eintragen</a><br>\n";
echo "<table width=\"100%\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n";
echo "<tr class=\"contenttopic\">\n";
for( $i = 1; $i < mysql_num_fields($Erg); $i++ )
{
echo "\t<td>". mysql_field_name($Erg, $i). "</td>";
}
echo "\t<td>&Auml;ndern</td>";
echo "</tr>";
for( $t = 0; $t < mysql_num_rows($Erg); $t++ )
{
echo "\t<tr class=\"content\">\n";
for ($j = 1; $j < mysql_num_fields($Erg); $j++)
{
echo "\t\t<td>".mysql_result($Erg, $t, $j)."</td>\n";
}
echo "\t\t<td><a href=\"./EngelType.php?action=change&TID=".mysql_result($Erg, $t, "TID")."\">###</a></td>\n";
echo "\t</tr>\n";
} // ende Auflistung Raeume
echo "</table>";
}
else
{
switch ($_GET["action"]) {
case 'new':
echo "Neuen EngelType einrichten: <br>";
echo "<form action=\"./EngelType.php\" method=\"GET\">\n";
echo "<table>\n";
for( $Uj = 1; $Uj < mysql_num_fields($Erg); $Uj++ )
{
echo "<td>".mysql_field_name($Erg, $Uj)."</td>".
"<td><input type=\"text\" size=\"40\" name=\"".mysql_field_name($Erg, $Uj)."\"></td></tr>\n";
}
echo "</table>\n";
echo "<input type=\"hidden\" name=\"action\" value=\"newsave\">\n";
echo "<input type=\"submit\" value=\"sichern...\">\n";
echo "</form>";
break;
case 'newsave':
$vars = $_GET;
$count = count($vars) - 1;
$vars = array_splice($vars, 0, $count);
$Keys="";
$Values="";
foreach($vars as $key => $value){
$Keys .= ", `$key`";
$Values .= ", '$value'";
}
if( runSQL_log( "INSERT INTO `EngelType` (". substr($Keys, 2). ") VALUES (". substr($Values, 2). ")",
"save new EngelType") )
{
SetHeaderGo2Back();
$SQL2 = "SELECT * FROM `EngelType` WHERE `Name`='". $_GET["Name"]. "'";
$ERG = mysql_query($SQL2, $con);
if( mysql_num_rows($ERG) == 1)
runSQL_log( "ALTER TABLE `Room` ADD `DEFAULT_EID_". mysql_result( $ERG, 0, 0).
"` INT DEFAULT '0' NOT NULL;",
"add new EngelType in Romm Table");
}
break;
case 'change':
if (! IsSet($_GET["TID"]))
echo "Fehlerhafter Aufruf!";
else
{
echo "Raum ab&auml;ndern:\n";
echo "Hier kannst du eintragen, den EngelType &auml;ndern.";
echo "<form action=\"./EngelType.php\" method=\"GET\">\n";
echo "<table>\n";
$SQL2 = "SELECT * FROM `EngelType` WHERE `TID`='". $_GET["TID"]. "'";
$ERG = mysql_query($SQL2, $con);
for ($Uj = 1; $Uj < mysql_num_fields($ERG); $Uj++)
echo "<tr><td>". mysql_field_name($ERG, $Uj). "</td>".
"<td><input type=\"text\" size=\"40\" name=\"e". mysql_field_name($ERG, $Uj). "\" ".
"value=\"". mysql_result($ERG, 0, $Uj). "\"></td></tr>\n";
echo "</table>\n";
echo "<input type=\"hidden\" name=\"eTID\" value=\"". $_GET["TID"]. "\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"changesave\">\n";
echo "<input type=\"submit\" value=\"sichern...\">\n";
echo "</form>";
echo "<form action=\"./EngelType.php\" method=\"GET\">\n";
echo "<input type=\"hidden\" name=\"TID\" value=\"". $_GET["TID"]. "\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"delete\">\n";
echo "<input type=\"submit\" value=\"L&ouml;schen...\">";
echo "</form>";
}
break;
case 'changesave':
$vars = $_GET;
$count = count($vars) - 2;
$vars = array_splice($vars, 0, $count);
$keys="";
$sql="";
foreach($vars as $key => $value)
{
$keys = substr( $key, 1);
$sql .= ", `". $keys. "`='". $value. "'";
}
runSQL_log( "UPDATE `EngelType` SET ". substr($sql, 2). " WHERE `TID`='". $_GET["eTID"]. "'",
"Save Change EngelType");
SetHeaderGo2Back();
break;
case 'delete':
if (IsSet($_GET["TID"]))
{
if( runSQL_log( "DELETE FROM `EngelType` WHERE `TID`='". $_GET["TID"]. "'", "delete EngelType"))
runSQL_log( "ALTER TABLE `Room` DROP `DEFAULT_EID_". $_GET["TID"]. "`;",
"delete EngelType in Room Table");
}
else
echo "Fehlerhafter Aufruf";
SetHeaderGo2Back();
break;
}
}
include ("../../includes/footer.php");
?>

Some files were not shown because too many files have changed in this diff Show More

Write Preview
Loading…
Cancel
Save