diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index a2ab7b07..a23abc0c 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -135,6 +135,7 @@ function admin_user() { } } + engelsystem_log("Set angeltypes of " . $user_source['Nick'] . " to: " . join(", ", $user_angel_type_info)); success("Angeltypes saved."); redirect(page_link_to('admin_user') . '&id=' . $user_source['UID']); } @@ -202,19 +203,26 @@ function admin_user() { $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($id) . " ORDER BY `group_id`"); if (count($my_highest_group) > 0 && (count($his_highest_group) == 0 || ($my_highest_group[0]['group_id'] <= $his_highest_group[0]['group_id']))) { - $groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group[0]['group_id']) . " ORDER BY `Groups`.`Name`"); + $groups_source = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group[0]['group_id']) . " ORDER BY `Groups`.`Name`"); + $groups = array(); $grouplist = array (); - foreach ($groups as $group) + foreach ($groups_source as $group) { + $groups[$group['UID']] = $group; $grouplist[] = $group['UID']; + } if (!is_array($_REQUEST['groups'])) $_REQUEST['groups'] = array (); sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id)); - foreach ($_REQUEST['groups'] as $group) - if (in_array($group, $grouplist)) - sql_query("INSERT INTO `UserGroups` SET `uid`=" . - sql_escape($id) . ", `group_id`=" . sql_escape($group)); + $user_groups_info = array(); + foreach ($_REQUEST['groups'] as $group) { + if (in_array($group, $grouplist)) { + sql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape($id) . ", `group_id`=" . sql_escape($group)); + $user_groups_info[] = $groups[$group]['Name']; + } + } + engelsystem_log("Set groups of " . $user_source['Nick'] . " to: " . join(", ", $user_groups_info)); $html .= success("Benutzergruppen gespeichert.", true); } else { $html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten.", true); @@ -229,6 +237,7 @@ function admin_user() { sql_query("DELETE FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id)); sql_query("UPDATE `ShiftEntry` SET `UID`=0, `Comment`=NULL WHERE `UID`=" . sql_escape($id)); + engelsystem_log("Deleted user " . $user_source['Nick']); $html .= success("Benutzer gelöscht!", true); } else { $html .= error("Du kannst Dich nicht selber löschen!", true); @@ -254,12 +263,14 @@ function admin_user() { "WHERE `UID` = '" . sql_escape($id) . "' LIMIT 1;"; sql_query($SQL); + engelsystem_log("Updated user: " . $_POST["eNick"] . ", " . $_POST["eSize"] . ", arrived: " . $_POST["eGekommen"] . ", active: " . $_POST["eAktiv"] . ", tshirt: " . $_POST["eTshirt"]); $html .= success("Änderung wurde gespeichert...\n", true); break; case 'change_pw' : if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) { set_password($id, $_REQUEST['new_pw']); + engelsystem_log("Set new password for " . $user_source['Nick']); $html .= success("Passwort neu gesetzt.", true); } else { $html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!", true); diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index db479388..073e2625 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -116,9 +116,12 @@ function guest_register() { set_password($user_id, $_REQUEST['password']); // Assign angel-types - foreach ($selected_angel_types as $selected_angel_type_id) + $user_angel_types_info = array(); + foreach ($selected_angel_types as $selected_angel_type_id) { sql_query("INSERT INTO `UserAngelTypes` SET `user_id`=" . sql_escape($user_id) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id)); - + $user_angel_types_info[] = $angel_types[$selected_angel_type_id]['name']; + } + engelsystem_log("User " . $nick . " signed up as: " . join(", ", $user_angel_types_info)); success(Get_Text("makeuser_writeOK4")); //if (!isset ($_SESSION['uid'])) redirect(page_link_to('login')); diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php index 2d1981fa..d8f94b81 100644 --- a/includes/pages/user_myshifts.php +++ b/includes/pages/user_myshifts.php @@ -3,100 +3,98 @@ // Zeigt die Schichten an, die ein Benutzer belegt function user_myshifts() { - global $LETZTES_AUSTRAGEN; - global $user, $privileges; - $msg = ""; + global $LETZTES_AUSTRAGEN; + global $user, $privileges; + $msg = ""; - if (isset ($_REQUEST['id']) && in_array("user_shifts_admin", $privileges) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_REQUEST['id'])) > 0) { - $id = $_REQUEST['id']; - } else { - $id = $user['UID']; - } + if (isset ($_REQUEST['id']) && in_array("user_shifts_admin", $privileges) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_REQUEST['id'])) > 0) { + $id = $_REQUEST['id']; + } else { + $id = $user['UID']; + } - list ($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + list ($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - if ($id != $user['UID']) - $msg .= info(sprintf("You are viewing %s's shifts.", $shifts_user['Nick']), true); + if ($id != $user['UID']) + $msg .= info(sprintf("You are viewing %s's shifts.", $shifts_user['Nick']), true); - if (isset ($_REQUEST['reset'])) { - if ($_REQUEST['reset'] == "ack") { - user_reset_ical_key($user); - success("Key geändert."); - redirect(page_link_to('user_myshifts')); - } - return template_render('../templates/user_myshifts_reset.html', array ()); - } - elseif (isset ($_REQUEST['edit']) && preg_match("/^[0-9]*$/", $_REQUEST['edit'])) { - $id = $_REQUEST['edit']; - $shift = sql_select("SELECT `ShiftEntry`.`Comment`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`name` as `angel_type` FROM `ShiftEntry` JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`) JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `ShiftEntry`.`id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1"); - if (count($shift) > 0) { - $shift = $shift[0]; + if (isset ($_REQUEST['reset'])) { + if ($_REQUEST['reset'] == "ack") { + user_reset_ical_key($user); + success("Key geändert."); + redirect(page_link_to('user_myshifts')); + } + return template_render('../templates/user_myshifts_reset.html', array ()); + } + elseif (isset ($_REQUEST['edit']) && preg_match("/^[0-9]*$/", $_REQUEST['edit'])) { + $id = $_REQUEST['edit']; + $shift = sql_select("SELECT `ShiftEntry`.`Comment`, `ShiftEntry`.`UID`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`name` as `angel_type` FROM `ShiftEntry` JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`) JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `ShiftEntry`.`id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1"); + if (count($shift) > 0) { + $shift = $shift[0]; - if (isset ($_REQUEST['submit'])) { - $comment = strip_request_item_nl('comment'); - sql_query("UPDATE `ShiftEntry` SET `Comment`='" . sql_escape($comment) . "' WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + if (isset ($_REQUEST['submit'])) { + $comment = strip_request_item_nl('comment'); + $user_source = User($shift['UID']); + sql_query("UPDATE `ShiftEntry` SET `Comment`='" . sql_escape($comment) . "' WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + engelsystem_log("Updated " . $user_source['Nick'] . "'s shift " . $shift['name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end']) . " with comment " . $comment); + success("Schicht gespeichert."); + redirect(page_link_to('user_myshifts')); + } - success("Schicht gespeichert."); - redirect(page_link_to('user_myshifts')); - } + return template_render('../templates/user_shifts_add.html', array ( + 'angel' => $shifts_user['Nick'], + 'date' => date("Y-m-d H:i", $shift['start']) . ', ' . shift_length($shift), + 'location' => $shift['Name'], + 'title' => $shift['name'], + 'type' => $shift['angel_type'], + 'comment' => $shift['Comment'] + )); + } else + redirect(page_link_to('user_myshifts')); + } + elseif (isset ($_REQUEST['cancel']) && preg_match("/^[0-9]*$/", $_REQUEST['cancel'])) { + $id = $_REQUEST['cancel']; + $shift = sql_select("SELECT * FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1"); + if (count($shift) > 0) { + $shift = $shift[0]; + if (($shift['start'] - time() < $LETZTES_AUSTRAGEN * 3600) || in_array('user_shifts_admin', $privileges)) { + sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + $msg .= success(Get_Text("pub_myshifts_signed_off"), true); + } else + $msg .= error(Get_Text("pub_myshifts_too_late"), true); + } else + redirect(page_link_to('user_myshifts')); + } + $shifts = sql_select("SELECT * FROM `ShiftEntry` JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `UID`=" . sql_escape($shifts_user['UID']) . " ORDER BY `start`"); - return template_render('../templates/user_shifts_add.html', array ( - 'angel' => $shifts_user['Nick'], - 'date' => date("Y-m-d H:i", $shift['start']) . ', ' . shift_length($shift), - 'location' => $shift['Name'], - 'title' => $shift['name'], - 'type' => $shift['angel_type'], - 'comment' => $shift['Comment'] - )); - } else - redirect(page_link_to('user_myshifts')); - } - elseif (isset ($_REQUEST['cancel']) && preg_match("/^[0-9]*$/", $_REQUEST['cancel'])) { - $id = $_REQUEST['cancel']; - $shift = sql_select("SELECT * FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1"); - if (count($shift) > 0) { - $shift = $shift[0]; - if (($shift['start'] - time() < $LETZTES_AUSTRAGEN * 3600) || in_array('user_shifts_admin', $privileges)) { - sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); - $msg .= success(Get_Text("pub_myshifts_signed_off"), true); - } else - $msg .= error(Get_Text("pub_myshifts_too_late"), true); - } else - redirect(page_link_to('user_myshifts')); - } - $shifts = sql_select("SELECT * FROM `ShiftEntry` JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `UID`=" . sql_escape($shifts_user['UID']) . " ORDER BY `start`"); + $html = ""; + foreach ($shifts as $shift) { + if (time() > $shift['end']) + $html .= ''; + else + $html .= ''; + $html .= '' . date("Y-m-d", $shift['start']) . ''; + $html .= '' . date("H:i", $shift['start']) . ' - ' . date("H:i", $shift['end']) . ''; + $html .= '' . $shift['Name'] . ''; + $html .= '' . $shift['name'] . ''; + $html .= '' . $shift['Comment'] . ''; + $html .= ''; + $html .= '' . Get_Text('edit') . ''; + if ($shift['start'] - time() > $LETZTES_AUSTRAGEN * 3600) + $html .= ' | ' . Get_Text('sign_off') . ''; + $html .= ''; + $html .= ''; + } + if ($html == "") + $html = '' . ucfirst(Get_Text('none')) . '...' . sprintf(Get_Text('pub_myshifts_goto_shifts'), page_link_to('user_shifts')) . ''; - $html = ""; - foreach ($shifts as $shift) { - if (time() > $shift['end']) - $html .= ''; - else - $html .= ''; - $html .= '' . date("Y-m-d", $shift['start']) . ''; - $html .= '' . date("H:i", $shift['start']) . ' - ' . date("H:i", $shift['end']) . ''; - $html .= '' . $shift['Name'] . ''; - $html .= '' . $shift['name'] . ''; - $html .= '' . $shift['Comment'] . ''; - $html .= ''; - $html .= '' . Get_Text('edit') . ''; - if ($shift['start'] - time() > $LETZTES_AUSTRAGEN * 3600) - $html .= ' | ' . Get_Text('sign_off') . ''; - $html .= ''; - $html .= ''; - } - if ($html == "") - $html = '' . ucfirst(Get_Text('none')) . '...' . sprintf(Get_Text('pub_myshifts_goto_shifts'), page_link_to('user_shifts')) . ''; - - if ($shifts_user['ical_key'] == "") - user_reset_ical_key($shifts_user); - - return msg().template_render('../templates/user_myshifts.html', array ( - 'intro' => sprintf(Get_Text('pub_myshifts_intro'), $LETZTES_AUSTRAGEN), - 'shifts' => $html, - 'msg' => $msg, - 'ical_text' => sprintf(Get_Text('inc_schicht_ical_text'), - page_link_to_absolute('ical') . '&key=' . $shifts_user['ical_key'], - page_link_to('user_myshifts') . '&reset'), -)); + return msg().template_render('../templates/user_myshifts.html', array ( + 'intro' => sprintf(Get_Text('pub_myshifts_intro'), $LETZTES_AUSTRAGEN), + 'shifts' => $html, + 'msg' => $msg, + 'ical_text' => sprintf(Get_Text('inc_schicht_ical_text'), + page_link_to_absolute('ical') . '&key=' . $shifts_user['ical_key'], + page_link_to('user_myshifts') . '&reset'), + )); } ?> diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php index fcf2437c..95cc345e 100644 --- a/includes/pages/user_news.php +++ b/includes/pages/user_news.php @@ -58,6 +58,7 @@ function user_news_comments() { if (isset ($_REQUEST["text"])) { $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text'])); sql_query("INSERT INTO `news_comments` (`Refid`, `Datum`, `Text`, `UID`) VALUES ('" . sql_escape($nid) . "', '" . date("Y-m-d H:i:s") . "', '" . sql_escape($text) . "', '" . sql_escape($user["UID"]) . "')"); + engelsystem_log("Created news_comment: " . $text); $html .= success("Eintrag wurde gespeichert", true); } @@ -114,6 +115,7 @@ function user_news() { sql_query("INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) " . "VALUES ('" . sql_escape(time()) . "', '" . sql_escape($_POST["betreff"]) . "', '" . sql_escape($_POST["text"]) . "', '" . sql_escape($user['UID']) . "', '" . sql_escape($_POST["treffen"]) . "');"); + engelsystem_log("Created news: " . $_POST["betreff"] . ", treffen: " . $_POST["treffen"]); $html .= success(Get_Text(4), true); } diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php index 14dcf96f..70033d18 100644 --- a/includes/pages/user_settings.php +++ b/includes/pages/user_settings.php @@ -1,201 +1,207 @@ 1) { - $nick = strip_request_item('nick'); - if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) { - $ok = false; - $msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick3"), $nick), true); - } - } else { - $ok = false; - $msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick2"), strip_request_item('nick')), true); - } - - if (isset ($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) { - $mail = strip_request_item('mail'); - if (!check_email($mail)) { - $ok = false; - $msg .= error(Get_Text("makeuser_error_mail"), true); - } - } else { - $ok = false; - $msg .= error("Please enter your e-mail.", true); - } - - if (isset ($_REQUEST['icq'])) - $icq = strip_request_item('icq'); - if (isset ($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) { - $jabber = strip_request_item('jabber'); - if (!check_email($jabber)) { - $ok = false; - $msg .= error("Please check your jabber.", true); - } - } - - if (isset ($_REQUEST['tshirt_size']) && isset ($tshirt_sizes[$_REQUEST['tshirt_size']])) - $tshirt_size = $_REQUEST['tshirt_size']; - else { - $ok = false; - } - - $selected_angel_types = array (); - foreach ($angel_types as $angel_type_id => $angel_type_name) - if (isset ($_REQUEST['angel_types_' . $angel_type_id])) - $selected_angel_types[] = $angel_type_id; - - // Trivia - if (isset ($_REQUEST['lastname'])) - $lastname = strip_request_item('lastname'); - if (isset ($_REQUEST['prename'])) - $prename = strip_request_item('prename'); - if (isset ($_REQUEST['age']) && preg_match("/^[0-9]{0,4}$/", $_REQUEST['age'])) - $age = strip_request_item('age'); - if (isset ($_REQUEST['tel'])) - $tel = strip_request_item('tel'); - if (isset ($_REQUEST['dect'])) - $dect = strip_request_item('dect'); - if (isset ($_REQUEST['mobile'])) - $mobile = strip_request_item('mobile'); - if (isset ($_REQUEST['hometown'])) - $hometown = strip_request_item('hometown'); - - if ($ok) { - sql_query("UPDATE `User` SET `Nick`='" . sql_escape($nick) . "', `Vorname`='" . sql_escape($prename) . "', `Name`='" . sql_escape($lastname) . - "', `Alter`='" . sql_escape($age) . "', `Telefon`='" . sql_escape($tel) . "', `DECT`='" . sql_escape($dect) . "', `Handy`='" . sql_escape($mobile) . - "', `email`='" . sql_escape($mail) . "', `ICQ`='" . sql_escape($icq) . "', `jabber`='" . sql_escape($jabber) . "', `Size`='" . sql_escape($tshirt_size) . - "', `Hometown`='" . sql_escape($hometown) . "' WHERE `UID`=" . sql_escape($user['UID'])); - - // Assign angel-types - foreach ($angel_types_source as $angel_type) - if (!in_array($angel_type['id'], $selected_angel_types)) - sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID']) . " AND `angeltype_id`=" . sql_escape($angel_type['id']) . " LIMIT 1"); - - foreach ($selected_angel_types as $selected_angel_type_id) - if (sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID']) . " AND `angeltype_id`=" . sql_escape($selected_angel_type_id) . " LIMIT 1") == 0) - sql_query("INSERT INTO `UserAngelTypes` SET `user_id`=" . sql_escape($user['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id)); - - success("Settings saved."); - redirect(page_link_to('user_settings')); - } - } - elseif (isset ($_REQUEST['submit_password'])) { - $ok = true; - - if (!isset ($_REQUEST['password']) || !verify_password($_REQUEST['password'], $user['Passwort'], $user['UID'])) - $msg .= error(Get_Text(30), true); - elseif (strlen($_REQUEST['new_password']) < MIN_PASSWORD_LENGTH) - $msg .= error(Get_Text("makeuser_error_password2")); - elseif ($_REQUEST['new_password'] != $_REQUEST['new_password2']) - $msg .= error(Get_Text("makeuser_error_password1"), true); - elseif(set_password($user['UID'], $_REQUEST['new_password'])) - success("Password saved."); - else - error("Failed setting password."); - redirect(page_link_to('user_settings')); - } - elseif (isset ($_REQUEST['submit_theme'])) { - $ok = true; - - if (isset ($_REQUEST['theme']) && isset ($themes[$_REQUEST['theme']])) - $selected_theme = $_REQUEST['theme']; - else - $ok = false; - - if ($ok) { - sql_query("UPDATE `User` SET `color`='" . sql_escape($selected_theme) . "' WHERE `UID`=" . sql_escape($user['UID'])); - - success("Theme changed."); - redirect(page_link_to('user_settings')); - } - } - elseif (isset ($_REQUEST['submit_language'])) { - $ok = true; - - if (isset ($_REQUEST['language']) && isset ($languages[$_REQUEST['language']])) - $selected_language = $_REQUEST['language']; - else - $ok = false; - - if ($ok) { - sql_query("UPDATE `User` SET `Sprache`='" . sql_escape($selected_language) . "' WHERE `UID`=" . sql_escape($user['UID'])); - $_SESSION['Sprache'] = $selected_language; - - success("Language changed."); - redirect(page_link_to('user_settings')); - } - } - - return page(array ( - sprintf(Get_Text("Hallo") . "%s,
" . Get_Text(13), $user['Nick']), - $msg, - msg(), - form(array ( - form_info("", Get_Text("pub_einstellungen_Text_UserData")), - form_text('nick', Get_Text("makeuser_Nickname") . "*", $nick), - form_text('lastname', Get_Text("makeuser_Nachname"), $lastname), - form_text('prename', Get_Text("makeuser_Vorname"), $prename), - form_text('age', Get_Text("makeuser_Alter"), $age), - form_text('tel', Get_Text("makeuser_Telefon"), $tel), - form_text('dect', Get_Text("makeuser_DECT"), $dect), - form_text('mobile', Get_Text("makeuser_Handy"), $mobile), - form_text('mail', Get_Text("makeuser_E-Mail") . "*", $mail), - form_text('icq', "ICQ", $icq), - form_text('jabber', "Jabber", $jabber), - form_text('hometown', Get_Text("makeuser_Hometown"), $hometown), - $enable_tshirt_size ? form_select('tshirt_size', Get_Text("makeuser_T-Shirt"), $tshirt_sizes, $tshirt_size) : '', - form_checkboxes('angel_types', "What do you want to do?", $angel_types, $selected_angel_types), - form_submit('submit', Get_Text("save")) - )), - form(array ( - form_info("", Get_Text(14)), - form_password('password', Get_Text(15)), - form_password('new_password', Get_Text(16)), - form_password('new_password2', Get_Text(17)), - form_submit('submit_password', Get_Text("save")) - )), - form(array ( - form_info("", Get_Text(18)), - form_select('theme', Get_Text(19), $themes, $selected_theme), - form_submit('submit_theme', Get_Text("save")) - )), - form(array ( - form_info("", Get_Text(20)), - form_select('language', Get_Text(21), $languages, $selected_language), - form_submit('submit_language', Get_Text("save")) - )) - )); + global $enable_tshirt_size, $tshirt_sizes, $themes, $languages; + global $user; + + $msg = ""; + $nick = $user['Nick']; + $lastname = $user['Name']; + $prename = $user['Vorname']; + $age = $user['Alter']; + $tel = $user['Telefon']; + $dect = $user['DECT']; + $mobile = $user['Handy']; + $mail = $user['email']; + $icq = $user['ICQ']; + $jabber = $user['jabber']; + $hometown = $user['Hometown']; + $tshirt_size = $user['Size']; + $password_hash = ""; + $selected_theme = $user['color']; + $selected_language = $user['Sprache']; + + $selected_angel_types_source = sql_select("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID'])); + $selected_angel_types = array (); + foreach ($selected_angel_types_source as $selected_angel_type) + $selected_angel_types[] = $selected_angel_type['angeltype_id']; + + $angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); + $angel_types = array (); + foreach ($angel_types_source as $angel_type) + $angel_types[$angel_type['id']] = $angel_type['name'] . ($angel_type['restricted'] ? " (restricted)" : ""); + + if (isset ($_REQUEST['submit'])) { + $ok = true; + + if (isset ($_REQUEST['nick']) && strlen(strip_request_item('nick')) > 1) { + $nick = strip_request_item('nick'); + if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) { + $ok = false; + $msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick3"), $nick), true); + } + } else { + $ok = false; + $msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick2"), strip_request_item('nick')), true); + } + + if (isset ($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) { + $mail = strip_request_item('mail'); + if (!check_email($mail)) { + $ok = false; + $msg .= error(Get_Text("makeuser_error_mail"), true); + } + } else { + $ok = false; + $msg .= error("Please enter your e-mail.", true); + } + + if (isset ($_REQUEST['icq'])) + $icq = strip_request_item('icq'); + if (isset ($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) { + $jabber = strip_request_item('jabber'); + if (!check_email($jabber)) { + $ok = false; + $msg .= error("Please check your jabber.", true); + } + } + + if (isset ($_REQUEST['tshirt_size']) && isset ($tshirt_sizes[$_REQUEST['tshirt_size']])) + $tshirt_size = $_REQUEST['tshirt_size']; + else { + $ok = false; + } + + $selected_angel_types = array (); + foreach ($angel_types as $angel_type_id => $angel_type_name) + if (isset ($_REQUEST['angel_types_' . $angel_type_id])) + $selected_angel_types[] = $angel_type_id; + + // Trivia + if (isset ($_REQUEST['lastname'])) + $lastname = strip_request_item('lastname'); + if (isset ($_REQUEST['prename'])) + $prename = strip_request_item('prename'); + if (isset ($_REQUEST['age']) && preg_match("/^[0-9]{0,4}$/", $_REQUEST['age'])) + $age = strip_request_item('age'); + if (isset ($_REQUEST['tel'])) + $tel = strip_request_item('tel'); + if (isset ($_REQUEST['dect'])) + $dect = strip_request_item('dect'); + if (isset ($_REQUEST['mobile'])) + $mobile = strip_request_item('mobile'); + if (isset ($_REQUEST['hometown'])) + $hometown = strip_request_item('hometown'); + + if ($ok) { + sql_query("UPDATE `User` SET `Nick`='" . sql_escape($nick) . "', `Vorname`='" . sql_escape($prename) . "', `Name`='" . sql_escape($lastname) . + "', `Alter`='" . sql_escape($age) . "', `Telefon`='" . sql_escape($tel) . "', `DECT`='" . sql_escape($dect) . "', `Handy`='" . sql_escape($mobile) . + "', `email`='" . sql_escape($mail) . "', `ICQ`='" . sql_escape($icq) . "', `jabber`='" . sql_escape($jabber) . "', `Size`='" . sql_escape($tshirt_size) . + "', `Hometown`='" . sql_escape($hometown) . "' WHERE `UID`=" . sql_escape($user['UID'])); + + // Assign angel-types + $user_angel_type_info = array(); + foreach ($angel_types_source as $angel_type) { + if (!in_array($angel_type['id'], $selected_angel_types)) + sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID']) . " AND `angeltype_id`=" . sql_escape($angel_type['id']) . " LIMIT 1"); + else + $user_angel_type_info[] = $angel_type['name']; + } + + foreach ($selected_angel_types as $selected_angel_type_id) { + if (sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID']) . " AND `angeltype_id`=" . sql_escape($selected_angel_type_id) . " LIMIT 1") == 0) + sql_query("INSERT INTO `UserAngelTypes` SET `user_id`=" . sql_escape($user['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id)); + } + + engelsystem_log("Own angel types set to: " . join(", ", $user_angel_type_info)); + success("Settings saved."); + redirect(page_link_to('user_settings')); + } + } + elseif (isset ($_REQUEST['submit_password'])) { + $ok = true; + + if (!isset ($_REQUEST['password']) || !verify_password($_REQUEST['password'], $user['Passwort'], $user['UID'])) + $msg .= error(Get_Text(30), true); + elseif (strlen($_REQUEST['new_password']) < MIN_PASSWORD_LENGTH) + $msg .= error(Get_Text("makeuser_error_password2")); + elseif ($_REQUEST['new_password'] != $_REQUEST['new_password2']) + $msg .= error(Get_Text("makeuser_error_password1"), true); + elseif(set_password($user['UID'], $_REQUEST['new_password'])) + success("Password saved."); + else + error("Failed setting password."); + redirect(page_link_to('user_settings')); + } + elseif (isset ($_REQUEST['submit_theme'])) { + $ok = true; + + if (isset ($_REQUEST['theme']) && isset ($themes[$_REQUEST['theme']])) + $selected_theme = $_REQUEST['theme']; + else + $ok = false; + + if ($ok) { + sql_query("UPDATE `User` SET `color`='" . sql_escape($selected_theme) . "' WHERE `UID`=" . sql_escape($user['UID'])); + + success("Theme changed."); + redirect(page_link_to('user_settings')); + } + } + elseif (isset ($_REQUEST['submit_language'])) { + $ok = true; + + if (isset ($_REQUEST['language']) && isset ($languages[$_REQUEST['language']])) + $selected_language = $_REQUEST['language']; + else + $ok = false; + + if ($ok) { + sql_query("UPDATE `User` SET `Sprache`='" . sql_escape($selected_language) . "' WHERE `UID`=" . sql_escape($user['UID'])); + $_SESSION['Sprache'] = $selected_language; + + success("Language changed."); + redirect(page_link_to('user_settings')); + } + } + + return page(array ( + sprintf(Get_Text("Hallo") . "%s,
" . Get_Text(13), $user['Nick']), + $msg, + msg(), + form(array ( + form_info("", Get_Text("pub_einstellungen_Text_UserData")), + form_text('nick', Get_Text("makeuser_Nickname") . "*", $nick), + form_text('lastname', Get_Text("makeuser_Nachname"), $lastname), + form_text('prename', Get_Text("makeuser_Vorname"), $prename), + form_text('age', Get_Text("makeuser_Alter"), $age), + form_text('tel', Get_Text("makeuser_Telefon"), $tel), + form_text('dect', Get_Text("makeuser_DECT"), $dect), + form_text('mobile', Get_Text("makeuser_Handy"), $mobile), + form_text('mail', Get_Text("makeuser_E-Mail") . "*", $mail), + form_text('icq', "ICQ", $icq), + form_text('jabber', "Jabber", $jabber), + form_text('hometown', Get_Text("makeuser_Hometown"), $hometown), + $enable_tshirt_size ? form_select('tshirt_size', Get_Text("makeuser_T-Shirt"), $tshirt_sizes, $tshirt_size) : '', + form_checkboxes('angel_types', "What do you want to do?", $angel_types, $selected_angel_types), + form_submit('submit', Get_Text("save")) + )), + form(array ( + form_info("", Get_Text(14)), + form_password('password', Get_Text(15)), + form_password('new_password', Get_Text(16)), + form_password('new_password2', Get_Text(17)), + form_submit('submit_password', Get_Text("save")) + )), + form(array ( + form_info("", Get_Text(18)), + form_select('theme', Get_Text(19), $themes, $selected_theme), + form_submit('submit_theme', Get_Text("save")) + )), + form(array ( + form_info("", Get_Text(20)), + form_select('language', Get_Text(21), $languages, $selected_language), + form_submit('submit_language', Get_Text("save")) + )) + )); } ?> diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php index d627e3a2..3fb8e91f 100644 --- a/includes/pages/user_shifts.php +++ b/includes/pages/user_shifts.php @@ -9,8 +9,15 @@ function user_shifts() { else redirect(page_link_to('user_shifts')); - sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($entry_id) . " LIMIT 1"); - success("Der Schicht-Eintrag wurde gelöscht."); + $shift_entry_source = sql_select("SELECT `User`.`Nick`, `ShiftEntry`.`Comment`, `ShiftEntry`.`UID`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`name` as `angel_type` FROM `ShiftEntry` JOIN `User` ON (`User`.`UID`=`ShiftEntry`.`UID`) JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`) JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `ShiftEntry`.`id`=" . sql_escape($entry_id) . " LIMIT 1"); + if(count($shift_entry_source) > 0) { + $shift_entry_source = $shift_entry_source[0]; + sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($entry_id) . " LIMIT 1"); + + engelsystem_log("Deleted " . $shift_entry_source['Nick'] . "'s shift: " . $shift_entry_source['name'] . " at " . $shift_entry_source['Name'] . " from " . date("y-m-d H:i", $shift_entry_source['start']) . " to " . date("y-m-d H:i", $shift_entry_source['end']) . " as " . $shift_entry_source['angel_type']); + success("Der Schicht-Eintrag wurde gelöscht."); + } + else error("Entry not found."); redirect(page_link_to('user_shifts')); } // Schicht bearbeiten @@ -43,9 +50,12 @@ function user_shifts() { // Engeltypen laden $types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); + $angel_types = array(); $needed_angel_types = array (); - foreach ($types as $type) + foreach ($types as $type) { + $angel_types[$type['id']] = $type; $needed_angel_types[$type['id']] = 0; + } // Benötigte Engeltypen vom Raum $needed_angel_types_source = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `AngelTypes` LEFT JOIN `NeededAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id` AND `NeededAngelTypes`.`room_id`=" . sql_escape($shift['RID']) . ") ORDER BY `AngelTypes`.`name`"); @@ -110,8 +120,13 @@ function user_shifts() { if ($ok) { sql_query("UPDATE `Shifts` SET `start`=" . sql_escape($start) . ", `end`=" . sql_escape($end) . ", `RID`=" . sql_escape($rid) . ", `name`='" . sql_escape($name) . "' WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1"); sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`=" . sql_escape($shift_id)); - foreach ($needed_angel_types as $type_id => $count) + $needed_angel_types_info = array(); + foreach ($needed_angel_types as $type_id => $count) { sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count)); + $needed_angel_types_info[] = $angel_types[$type_id]; + } + + engelsystem_log("Updated shift " . $name . " from " . date("y-m-d H:i", $start) . " to " . date("y-m-d H:i", $end) . " with angel types " . join(", ", $needed_angel_types_info)); success("Schicht gespeichert."); redirect(page_link_to('user_shifts')); } @@ -155,6 +170,7 @@ function user_shifts() { sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`=" . sql_escape($shift_id)); sql_query("DELETE FROM `Shifts` WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1"); + engelsystem_log("Deleted shift " . $shift['name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end'])); success("Die Schicht wurde gelöscht."); redirect(page_link_to('user_shifts')); } @@ -222,6 +238,8 @@ function user_shifts() { $comment = strip_request_item_nl('comment'); sql_query("INSERT INTO `ShiftEntry` SET `Comment`='" . sql_escape($comment) . "', `UID`=" . sql_escape($user_id) . ", `TID`=" . sql_escape($selected_type_id) . ", `SID`=" . sql_escape($shift_id)); + $user_source = User($user_id); + engelsystem_log("User " . $user_source['Nick'] . " signed up for shift " . $shift['name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end'])); success("Du bist eingetragen. Danke!" . ' Meine Schichten »'); redirect(page_link_to('user_shifts')); } diff --git a/includes/sys_user.php b/includes/sys_user.php index 20d9eca0..88002706 100644 --- a/includes/sys_user.php +++ b/includes/sys_user.php @@ -6,125 +6,126 @@ */ $tshirt_sizes = array ( '' => "Please select...", - 'S' => "S", - 'M' => "M", - 'L' => "L", - 'XL' => "XL", - '2XL' => "2XL", - '3XL' => "3XL", - '4XL' => "4XL", - '5XL' => "5XL", - 'S-G' => "S Girl", - 'M-G' => "M Girl", - 'L-G' => "L Girl", - 'XL-G' => "XL Girl" + 'S' => "S", + 'M' => "M", + 'L' => "L", + 'XL' => "XL", + '2XL' => "2XL", + '3XL' => "3XL", + '4XL' => "4XL", + '5XL' => "5XL", + 'S-G' => "S Girl", + 'M-G' => "M Girl", + 'L-G' => "L Girl", + 'XL-G' => "XL Girl" ); function user_reset_ical_key($user) { - $user['ical_key'] = md5($user['Nick'] . time() . rand()); - sql_query("UPDATE `User` SET `ical_key`='" . sql_escape($user['ical_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1"); + $user['ical_key'] = md5($user['Nick'] . time() . rand()); + sql_query("UPDATE `User` SET `ical_key`='" . sql_escape($user['ical_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1"); + engelsystem_log("iCal key resetted."); } function UID2Nick($UID) { - if ($UID > 0) - $SQL = "SELECT Nick FROM `User` WHERE UID='" . sql_escape($UID) . "'"; - else - $SQL = "SELECT Name FROM `Groups` WHERE UID='" . sql_escape($UID) . "'"; - - $Erg = sql_select($SQL); - - if (count($Erg) > 0) { - if ($UID > 0) - return $Erg[0]['Nick']; - else - return "Group-" . $Erg[0]['Name']; - } else { - if ($UID == -1) - return "Guest"; - else - return "UserID $UID not found"; - } + if ($UID > 0) + $SQL = "SELECT Nick FROM `User` WHERE UID='" . sql_escape($UID) . "'"; + else + $SQL = "SELECT Name FROM `Groups` WHERE UID='" . sql_escape($UID) . "'"; + + $Erg = sql_select($SQL); + + if (count($Erg) > 0) { + if ($UID > 0) + return $Erg[0]['Nick']; + else + return "Group-" . $Erg[0]['Name']; + } else { + if ($UID == -1) + return "Guest"; + else + return "UserID $UID not found"; + } } function TID2Type($TID) { - global $con; + global $con; - $SQL = "SELECT Name FROM `EngelType` WHERE TID='" . sql_escape($TID) . "'"; - $Erg = mysql_query($SQL, $con); + $SQL = "SELECT Name FROM `EngelType` WHERE TID='" . sql_escape($TID) . "'"; + $Erg = mysql_query($SQL, $con); - if (mysql_num_rows($Erg)) - return mysql_result($Erg, 0); - else - return ""; + if (mysql_num_rows($Erg)) + return mysql_result($Erg, 0); + else + return ""; } function ReplaceSmilies($neueckig) { - $neueckig = str_replace(";o))", "", $neueckig); - $neueckig = str_replace(":-))", "", $neueckig); - $neueckig = str_replace(";o)", "", $neueckig); - $neueckig = str_replace(":)", "", $neueckig); - $neueckig = str_replace(":-)", "", $neueckig); - $neueckig = str_replace(":(", "", $neueckig); - $neueckig = str_replace(":-(", "", $neueckig); - $neueckig = str_replace(":o(", "", $neueckig); - $neueckig = str_replace(":o)", "", $neueckig); - $neueckig = str_replace(";o(", "", $neueckig); - $neueckig = str_replace(";(", "", $neueckig); - $neueckig = str_replace(";-(", "", $neueckig); - $neueckig = str_replace("8)", "", $neueckig); - $neueckig = str_replace("8o)", "", $neueckig); - $neueckig = str_replace(":P", "", $neueckig); - $neueckig = str_replace(":-P", "", $neueckig); - $neueckig = str_replace(":oP", "", $neueckig); - $neueckig = str_replace(";P", "", $neueckig); - $neueckig = str_replace(";oP", "", $neueckig); - $neueckig = str_replace("?)", "", $neueckig); - - return $neueckig; + $neueckig = str_replace(";o))", "", $neueckig); + $neueckig = str_replace(":-))", "", $neueckig); + $neueckig = str_replace(";o)", "", $neueckig); + $neueckig = str_replace(":)", "", $neueckig); + $neueckig = str_replace(":-)", "", $neueckig); + $neueckig = str_replace(":(", "", $neueckig); + $neueckig = str_replace(":-(", "", $neueckig); + $neueckig = str_replace(":o(", "", $neueckig); + $neueckig = str_replace(":o)", "", $neueckig); + $neueckig = str_replace(";o(", "", $neueckig); + $neueckig = str_replace(";(", "", $neueckig); + $neueckig = str_replace(";-(", "", $neueckig); + $neueckig = str_replace("8)", "", $neueckig); + $neueckig = str_replace("8o)", "", $neueckig); + $neueckig = str_replace(":P", "", $neueckig); + $neueckig = str_replace(":-P", "", $neueckig); + $neueckig = str_replace(":oP", "", $neueckig); + $neueckig = str_replace(";P", "", $neueckig); + $neueckig = str_replace(";oP", "", $neueckig); + $neueckig = str_replace("?)", "", $neueckig); + + return $neueckig; } function GetPictureShow($UID) { - global $con; + global $con; - $SQL = "SELECT `show` FROM `UserPicture` WHERE `UID`='" . sql_escape($UID) . "'"; - $res = mysql_query($SQL, $con); + $SQL = "SELECT `show` FROM `UserPicture` WHERE `UID`='" . sql_escape($UID) . "'"; + $res = mysql_query($SQL, $con); - if (mysql_num_rows($res) == 1) - return mysql_result($res, 0, 0); - else - return ""; + if (mysql_num_rows($res) == 1) + return mysql_result($res, 0, 0); + else + return ""; } function displayPicture($UID, $height = "30") { - global $url, $ENGEL_ROOT; + global $url, $ENGEL_ROOT; - if ($height > 0) - return ("
\"picture
"); - else - return ("
\"picture
"); + if ($height > 0) + return ("
\"picture
"); + else + return ("
\"picture
"); } function displayavatar($UID, $height = "30") { - global $con, $url, $ENGEL_ROOT; + global $con, $url, $ENGEL_ROOT; - if (GetPictureShow($UID) == 'Y') - return " " . displayPicture($UID, $height); + if (GetPictureShow($UID) == 'Y') + return " " . displayPicture($UID, $height); - $user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($UID) . " LIMIT 1"); - if (count($user) > 0) - if ($user[0]['Avatar'] > 0) - return '
' . (" ") . '
'; + $user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($UID) . " LIMIT 1"); + if (count($user) > 0) + if ($user[0]['Avatar'] > 0) + return '
' . (" ") . '
'; } function UIDgekommen($UID) { - global $con; + global $con; - $SQL = "SELECT `Gekommen` FROM `User` WHERE UID='" . sql_escape($UID) . "'"; - $Erg = mysql_query($SQL, $con); + $SQL = "SELECT `Gekommen` FROM `User` WHERE UID='" . sql_escape($UID) . "'"; + $Erg = mysql_query($SQL, $con); - if (mysql_num_rows($Erg)) - return mysql_result($Erg, 0); - else - return "0"; + if (mysql_num_rows($Erg)) + return mysql_result($Erg, 0); + else + return "0"; } ?> diff --git a/templates/user_questions.html b/templates/user_questions.html index 4cbe0338..0167ba6d 100644 --- a/templates/user_questions.html +++ b/templates/user_questions.html @@ -43,7 +43,7 @@

- Frage einen Orga: + Frage einen Erzengel: