$shift['needed_angeltypes'] = sql_select("SELECT DISTINCT `AngelTypes`.* FROM `ShiftEntry` JOIN `AngelTypes` ON `ShiftEntry`.`TID`=`AngelTypes`.`id` WHERE `ShiftEntry`.`SID`=" . sql_escape($shift['SID']) . " ORDER BY `AngelTypes`.`name`");
$shift['needed_angeltypes'] = sql_select("SELECT DISTINCT `AngelTypes`.* FROM `ShiftEntry` JOIN `AngelTypes` ON `ShiftEntry`.`TID`=`AngelTypes`.`id` WHERE `ShiftEntry`.`SID`='" . sql_escape($shift['SID']) . "' ORDER BY `AngelTypes`.`name`");
foreach ($shift['needed_angeltypes'] as &$needed_angeltype) {
foreach ($shift['needed_angeltypes'] as &$needed_angeltype) {
$needed_angeltype['users'] = sql_select("
$needed_angeltype['users'] = sql_select("
SELECT `ShiftEntry`.`freeloaded`, `User`.*
SELECT `ShiftEntry`.`freeloaded`, `User`.*
FROM `ShiftEntry`
FROM `ShiftEntry`
JOIN `User` ON `ShiftEntry`.`UID`=`User`.`UID`
JOIN `User` ON `ShiftEntry`.`UID`=`User`.`UID`
WHERE `ShiftEntry`.`SID`=" . sql_escape($shift['SID']) . "
WHERE `ShiftEntry`.`SID`='" . sql_escape($shift['SID']) . "'
AND `ShiftEntry`.`TID`=" . sql_escape($needed_angeltype['id']));
AND `ShiftEntry`.`TID`='" . sql_escape($needed_angeltype['id']) . "'");
$privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID']));
$privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`='" . sql_escape($group['UID']) . "'");
$privileges_html = array();
$privileges_html = array();
foreach ($privileges as $priv)
foreach ($privileges as $priv)
@ -39,10 +39,10 @@ function admin_groups() {
else
else
return error("Incomplete call, missing Groups ID.", true);
return error("Incomplete call, missing Groups ID.", true);
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
if (count($room) > 0) {
if (count($room) > 0) {
list($room) = $room;
list($room) = $room;
$privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`");
$privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`='" . sql_escape($id) . "') ORDER BY `Privileges`.`name`");
$privileges_html = "";
$privileges_html = "";
$privileges_form = array();
$privileges_form = array();
foreach ($privileges as $priv) {
foreach ($privileges as $priv) {
@ -64,18 +64,18 @@ function admin_groups() {
else
else
return error("Incomplete call, missing Groups ID.", true);
return error("Incomplete call, missing Groups ID.", true);
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
if (! is_array($_REQUEST['privileges']))
if (! is_array($_REQUEST['privileges']))
$_REQUEST['privileges'] = array();
$_REQUEST['privileges'] = array();
if (count($room) > 0) {
if (count($room) > 0) {
list($room) = $room;
list($room) = $room;
sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id));
sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`='" . sql_escape($id) . "'");
$privilege_names = array();
$privilege_names = array();
foreach ($_REQUEST['privileges'] as $priv) {
foreach ($_REQUEST['privileges'] as $priv) {
if (preg_match("/^[0-9]{1,}$/", $priv)) {
if (preg_match("/^[0-9]{1,}$/", $priv)) {
$group_privileges_source = sql_select("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv) . " LIMIT 1");
$group_privileges_source = sql_select("SELECT * FROM `Privileges` WHERE `id`='" . sql_escape($priv) . "' LIMIT 1");
if (count($group_privileges_source) > 0) {
if (count($group_privileges_source) > 0) {
sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv));
sql_query("INSERT INTO `GroupPrivileges` SET `group_id`='" . sql_escape($id) . "', `privilege_id`='" . sql_escape($priv) . "'");
$html .= "Hier kannst Du die Benutzergruppen des Engels festlegen:<formaction=\"".page_link_to("admin_user")."&action=save_groups&id=".$id."\"method=\"post\">\n";
$html .= "Hier kannst Du die Benutzergruppen des Engels festlegen:<formaction=\"".page_link_to("admin_user")."&action=save_groups&id=".$id."\"method=\"post\">\n";
$html .= '<table>';
$html .= '<table>';
$groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group) . " ORDER BY `Groups`.`Name`");
$groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = '" . sql_escape($id) . "') WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group) . "' ORDER BY `Groups`.`Name`");
$groups_source = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group[0]['group_id']) . " ORDER BY `Groups`.`Name`");
$groups_source = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = '" . sql_escape($id) . "') WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group[0]['group_id']) . "' ORDER BY `Groups`.`Name`");
$groups = array();
$groups = array();
$grouplist = array();
$grouplist = array();
foreach ($groups_source as $group) {
foreach ($groups_source as $group) {
@ -141,11 +141,11 @@ function admin_user() {
if (! is_array($_REQUEST['groups']))
if (! is_array($_REQUEST['groups']))
$_REQUEST['groups'] = array();
$_REQUEST['groups'] = array();
sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id));
sql_query("DELETE FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "'");
$user_groups_info = array();
$user_groups_info = array();
foreach ($_REQUEST['groups'] as $group) {
foreach ($_REQUEST['groups'] as $group) {
if (in_array($group, $grouplist)) {
if (in_array($group, $grouplist)) {
sql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape($id) . ", `group_id`=" . sql_escape($group));
sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($id) . "', `group_id`='" . sql_escape($group) . "'");
$user_groups_info[] = $groups[$group]['Name'];
$user_groups_info[] = $groups[$group]['Name'];
}
}
}
}
@ -163,8 +163,8 @@ function admin_user() {
case 'delete':
case 'delete':
if ($user['UID'] != $id) {
if ($user['UID'] != $id) {
$user_source = sql_select("SELECT `Nick`, `UID` FROM `User` WHERE `UID` = '" . sql_escape($id) . "' LIMIT 1");
$user_source = sql_select("SELECT `Nick`, `UID` FROM `User` WHERE `UID` = '" . sql_escape($id) . "' LIMIT 1");
sql_query("DELETE FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
sql_query("DELETE FROM `User` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id));
sql_query("DELETE FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "'");
engelsystem_log("Deleted user " . User_Nick_render($user_source));
engelsystem_log("Deleted user " . User_Nick_render($user_source));
$messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC");
$messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`='" . sql_escape($user['UID']) . "' OR `RUID`='" . sql_escape($user['UID']) . "' ORDER BY `isRead`,`Datum` DESC");
$needed_angel_types_source = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `AngelTypes` LEFT JOIN `NeededAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id` AND `NeededAngelTypes`.`room_id`=" . sql_escape($shift['RID']) . ") ORDER BY `AngelTypes`.`name`");
$needed_angel_types_source = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `AngelTypes` LEFT JOIN `NeededAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id` AND `NeededAngelTypes`.`room_id`='" . sql_escape($shift['RID']) . "') ORDER BY `AngelTypes`.`name`");
$needed_angel_types_source = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `AngelTypes` LEFT JOIN `NeededAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id` AND `NeededAngelTypes`.`shift_id`=" . sql_escape($shift_id) . ") ORDER BY `AngelTypes`.`name`");
$needed_angel_types_source = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `AngelTypes` LEFT JOIN `NeededAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id` AND `NeededAngelTypes`.`shift_id`='" . sql_escape($shift_id) . "') ORDER BY `AngelTypes`.`name`");
if (! in_array('user_shifts_admin', $privileges) && sql_num_query("
if (! in_array('user_shifts_admin', $privileges) && sql_num_query("
SELECT `Shifts`.`SID`
SELECT `Shifts`.`SID`
FROM `Shifts`
FROM `Shifts`
INNER JOIN `ShiftEntry` ON (`Shifts`.`SID` = `ShiftEntry`.`SID` AND `ShiftEntry`.`UID` = " . sql_escape($user['UID']) . ")
INNER JOIN `ShiftEntry` ON (`Shifts`.`SID` = `ShiftEntry`.`SID` AND `ShiftEntry`.`UID` = '" . sql_escape($user['UID']) . "')
WHERE `start` < '" . sql_escape($shift['end']) . "' AND `end` > '" . sql_escape($shift['start']) . "'") > 0) {
WHERE `start` < '" . sql_escape($shift['end']) . "' AND `end` > '" . sql_escape($shift['start']) . "'") > 0) {
error(_("You already subscribed to shift in the same timeslot. Please contact a dispatcher to join the shift."));
error(_("You already subscribed to shift in the same timeslot. Please contact a dispatcher to join the shift."));
redirect(shift_link($shift));
redirect(shift_link($shift));
@ -266,9 +266,9 @@ function user_shifts() {
}
}
if (in_array('user_shifts_admin', $privileges))
if (in_array('user_shifts_admin', $privileges))
$type = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($type_id) . " LIMIT 1");
$type = sql_select("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($type_id) . "' LIMIT 1");
else
else
$type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = " . sql_escape($type_id) . " AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = " . sql_escape($user['UID']) . " AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1");
$type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = '" . sql_escape($type_id) . "' AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = '" . sql_escape($user['UID']) . "' AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1");
if (count($type) == 0)
if (count($type) == 0)
redirect(page_link_to('user_shifts'));
redirect(page_link_to('user_shifts'));
@ -282,10 +282,10 @@ function user_shifts() {
else
else
$user_id = $user['UID'];
$user_id = $user['UID'];
if (sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($user_id) . " LIMIT 1") == 0)
if (sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1") == 0)
redirect(page_link_to('user_shifts'));
redirect(page_link_to('user_shifts'));
if (isset($_REQUEST['angeltype_id']) && test_request_int('angeltype_id') && sql_num_query("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($_REQUEST['angeltype_id']) . " LIMIT 1") > 0)
if (isset($_REQUEST['angeltype_id']) && test_request_int('angeltype_id') && sql_num_query("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($_REQUEST['angeltype_id']) . "' LIMIT 1") > 0)
$selected_type_id = $_REQUEST['angeltype_id'];
$selected_type_id = $_REQUEST['angeltype_id'];
} else
} else
$user_id = $user['UID'];
$user_id = $user['UID'];
@ -370,7 +370,7 @@ function view_user_shifts() {
if (in_array('user_shifts_admin', $privileges))
if (in_array('user_shifts_admin', $privileges))
$types = sql_select("SELECT `id`, `name` FROM `AngelTypes` ORDER BY `AngelTypes`.`name`");
$types = sql_select("SELECT `id`, `name` FROM `AngelTypes` ORDER BY `AngelTypes`.`name`");
else
else
$types = sql_select("SELECT `AngelTypes`.`id`, `AngelTypes`.`name`, (`AngelTypes`.`restricted`=0 OR (NOT `UserAngelTypes`.`confirm_user_id` IS NULL OR `UserAngelTypes`.`id` IS NULL)) as `enabled` FROM `AngelTypes` LEFT JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id`=`AngelTypes`.`id` AND `UserAngelTypes`.`user_id`=" . sql_escape($user['UID']) . ") ORDER BY `AngelTypes`.`name`");
$types = sql_select("SELECT `AngelTypes`.`id`, `AngelTypes`.`name`, (`AngelTypes`.`restricted`=0 OR (NOT `UserAngelTypes`.`confirm_user_id` IS NULL OR `UserAngelTypes`.`id` IS NULL)) as `enabled` FROM `AngelTypes` LEFT JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id`=`AngelTypes`.`id` AND `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "') ORDER BY `AngelTypes`.`name`");
if (empty($types))
if (empty($types))
$types = sql_select("SELECT `id`, `name` FROM `AngelTypes` WHERE `restricted` = 0");
$types = sql_select("SELECT `id`, `name` FROM `AngelTypes` WHERE `restricted` = 0");
$filled = array(
$filled = array(
@ -471,10 +471,10 @@ function view_user_shifts() {
if (count($_SESSION['user_shifts']['filled']) == 1) {
if (count($_SESSION['user_shifts']['filled']) == 1) {
if ($_SESSION['user_shifts']['filled'][0] == 0)
if ($_SESSION['user_shifts']['filled'][0] == 0)
$SQL .= "
$SQL .= "
AND (nat.`count` > entries.`count` OR entries.`count` IS NULL OR EXISTS (SELECT `SID` FROM `ShiftEntry` WHERE `UID` = " . sql_escape($user['UID']) . " AND `ShiftEntry`.`SID` = `Shifts`.`SID`))";
AND (nat.`count` > entries.`count` OR entries.`count` IS NULL OR EXISTS (SELECT `SID` FROM `ShiftEntry` WHERE `UID` = '" . sql_escape($user['UID']) . "' AND `ShiftEntry`.`SID` = `Shifts`.`SID`))";
AND (nat.`count` <= entries.`count` OR EXISTS (SELECT `SID` FROM `ShiftEntry` WHERE `UID` = " . sql_escape($user['UID']) . " AND `ShiftEntry`.`SID` = `Shifts`.`SID`))";
AND (nat.`count` <= entries.`count` OR EXISTS (SELECT `SID` FROM `ShiftEntry` WHERE `UID` = '" . sql_escape($user['UID']) . "' AND `ShiftEntry`.`SID` = `Shifts`.`SID`))";
}
}
$SQL .= "
$SQL .= "
ORDER BY `start`";
ORDER BY `start`";
@ -601,14 +601,14 @@ function view_user_shifts() {
$query .= " AND `angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") ";
$query .= " AND `angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") ";
$query .= " ORDER BY `AngelTypes`.`name`";
$query .= " ORDER BY `AngelTypes`.`name`";
@ -616,7 +616,7 @@ function view_user_shifts() {
if (count($angeltypes) > 0) {
if (count($angeltypes) > 0) {
foreach ($angeltypes as $angeltype) {
foreach ($angeltypes as $angeltype) {
$entries = sql_select("SELECT * FROM `ShiftEntry` JOIN `User` ON (`ShiftEntry`.`UID` = `User`.`UID`) WHERE `SID`=" . sql_escape($shift['SID']) . " AND `TID`=" . sql_escape($angeltype['id']) . " ORDER BY `Nick`");
$entries = sql_select("SELECT * FROM `ShiftEntry` JOIN `User` ON (`ShiftEntry`.`UID` = `User`.`UID`) WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `TID`='" . sql_escape($angeltype['id']) . "' ORDER BY `Nick`");
$entry_list = array();
$entry_list = array();
$freeloader = 0;
$freeloader = 0;
foreach ($entries as $entry) {
foreach ($entries as $entry) {
@ -732,22 +732,22 @@ function view_user_shifts() {
$my_shift = sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`=" . sql_escape($shift['SID']) . " AND `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0;
$my_shift = sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `UID`='" . sql_escape($user['UID']) . "' LIMIT 1") > 0;
foreach ($angeltypes as &$angeltype) {
foreach ($angeltypes as &$angeltype) {
$entries = sql_select("SELECT * FROM `ShiftEntry` JOIN `User` ON (`ShiftEntry`.`UID` = `User`.`UID`) WHERE `SID`=" . sql_escape($shift['SID']) . " AND `TID`=" . sql_escape($angeltype['id']) . " ORDER BY `Nick`");
$entries = sql_select("SELECT * FROM `ShiftEntry` JOIN `User` ON (`ShiftEntry`.`UID` = `User`.`UID`) WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `TID`='" . sql_escape($angeltype['id']) . "' ORDER BY `Nick`");