if (isset($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
if (isset($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) {
$id = $_REQUEST['id'];
$id = $_REQUEST['id'];
else
} else {
return error("Incomplete call, missing Groups ID.", true);
return error("Incomplete call, missing Groups ID.", true);
}
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
if (count($room) > 0) {
if (count($room) > 0) {
list($room) = $room;
list($room) = $room;
$privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`='" . sql_escape($id) . "') ORDER BY `Privileges`.`name`");
$privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`='" . sql_escape($id) . "') ORDER BY `Privileges`.`name`");
if ($id != $user['UID'] && $my_highest_group <= $his_highest_group) {
if ($id != $user['UID'] && $my_highest_group <= $his_highest_group) {
$html .= "Hier kannst Du die Benutzergruppen des Engels festlegen:<formaction=\"".page_link_to("admin_user")."&action=save_groups&id=".$id."\"method=\"post\">\n";
$html .= "Hier kannst Du die Benutzergruppen des Engels festlegen:<formaction=\"".page_link_to("admin_user")."&action=save_groups&id=".$id."\"method=\"post\">\n";
$html .= '<table>';
$html .= '<table>';
$groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = '" . sql_escape($id) . "') WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group) . "' ORDER BY `Groups`.`Name`");
$groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = '" . sql_escape($id) . "') WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group) . "' ORDER BY `Groups`.`Name`");
$groups_source = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = '" . sql_escape($id) . "') WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group[0]['group_id']) . "' ORDER BY `Groups`.`Name`");
$groups_source = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = '" . sql_escape($id) . "') WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group[0]['group_id']) . "' ORDER BY `Groups`.`Name`");
$groups = array();
$groups = [];
$grouplist = array();
$grouplist = [];
foreach ($groups_source as $group) {
foreach ($groups_source as $group) {
$groups[$group['UID']] = $group;
$groups[$group['UID']] = $group;
$grouplist[] = $group['UID'];
$grouplist[] = $group['UID'];
}
}
if (! is_array($_REQUEST['groups']))
if (! is_array($_REQUEST['groups'])) {
$_REQUEST['groups'] = array();
$_REQUEST['groups'] = [];
}
sql_query("DELETE FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "'");
sql_query("DELETE FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "'");
$user_groups_info = array();
$user_groups_info = [];
foreach ($_REQUEST['groups'] as $group) {
foreach ($_REQUEST['groups'] as $group) {
if (in_array($group, $grouplist)) {
if (in_array($group, $grouplist)) {
sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($id) . "', `group_id`='" . sql_escape($group) . "'");
sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($id) . "', `group_id`='" . sql_escape($group) . "'");
form_checkboxes('angel_types', _("What do you want to do?") . sprintf(" (<ahref=\"%s\">%s</a>)", page_link_to('angeltypes') . '&action=about', _("Description of job types")), $angel_types, $selected_angel_types),
form_checkboxes('angel_types', _("What do you want to do?") . sprintf(" (<ahref=\"%s\">%s</a>)", page_link_to('angeltypes') . '&action=about', _("Description of job types")), $angel_types, $selected_angel_types),
form_info("", _("Restricted angel types need will be confirmed later by an archangel. You can change your selection in the options section."))
form_info("", _("Restricted angel types need will be confirmed later by an archangel. You can change your selection in the options section."))
error(_("If you reset the key, the url to your iCal- and JSON-export and your atom feed changes! You have to update it in every application using one of these exports."), true),
error(_("If you reset the key, the url to your iCal- and JSON-export and your atom feed changes! You have to update it in every application using one of these exports."), true),
$needed_angel_types_source = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `AngelTypes` LEFT JOIN `NeededAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id` AND `NeededAngelTypes`.`room_id`='" . sql_escape($shift['RID']) . "') ORDER BY `AngelTypes`.`name`");
$needed_angel_types_source = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `AngelTypes` LEFT JOIN `NeededAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id` AND `NeededAngelTypes`.`room_id`='" . sql_escape($shift['RID']) . "') ORDER BY `AngelTypes`.`name`");
$needed_angel_types_source = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `AngelTypes` LEFT JOIN `NeededAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id` AND `NeededAngelTypes`.`shift_id`='" . sql_escape($shift_id) . "') ORDER BY `AngelTypes`.`name`");
$needed_angel_types_source = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `AngelTypes` LEFT JOIN `NeededAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id` AND `NeededAngelTypes`.`shift_id`='" . sql_escape($shift_id) . "') ORDER BY `AngelTypes`.`name`");
error(sprintf(_("Do you want to delete the shift %s from %s to %s?"), $shift['name'], date("Y-m-d H:i", $shift['start']), date("H:i", $shift['end'])), true),
error(sprintf(_("Do you want to delete the shift %s from %s to %s?"), $shift['name'], date("Y-m-d H:i", $shift['start']), date("H:i", $shift['end'])), true),
if (isset($_REQUEST['shift_id']) && preg_match("/^[0-9]*$/", $_REQUEST['shift_id']))
if (isset($_REQUEST['shift_id']) && preg_match("/^[0-9]*$/", $_REQUEST['shift_id'])) {
$shift_id = $_REQUEST['shift_id'];
$shift_id = $_REQUEST['shift_id'];
else
} else {
redirect(page_link_to('user_shifts'));
redirect(page_link_to('user_shifts'));
}
$shift = Shift($shift_id);
$shift = Shift($shift_id);
$room;
$room;
$shift['Name'] = $room_array[$shift['RID']];
$shift['Name'] = $room_array[$shift['RID']];
if ($shift === false)
if ($shift === false) {
engelsystem_error('Unable to load shift.');
engelsystem_error('Unable to load shift.');
if ($shift == null)
}
if ($shift == null) {
redirect(page_link_to('user_shifts'));
redirect(page_link_to('user_shifts'));
}
if (isset($_REQUEST['type_id']) && preg_match("/^[0-9]*$/", $_REQUEST['type_id']))
if (isset($_REQUEST['type_id']) && preg_match("/^[0-9]*$/", $_REQUEST['type_id'])) {
$type_id = $_REQUEST['type_id'];
$type_id = $_REQUEST['type_id'];
else
} else {
redirect(page_link_to('user_shifts'));
redirect(page_link_to('user_shifts'));
}
if (in_array('user_shifts_admin', $privileges))
if (in_array('user_shifts_admin', $privileges)) {
$type = sql_select("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($type_id) . "' LIMIT 1");
$type = sql_select("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($type_id) . "' LIMIT 1");
else
} else {
$type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = '" . sql_escape($type_id) . "' AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = '" . sql_escape($user['UID']) . "' AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1");
$type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = '" . sql_escape($type_id) . "' AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = '" . sql_escape($user['UID']) . "' AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1");
}
if (count($type) == 0)
if (count($type) == 0) {
redirect(page_link_to('user_shifts'));
redirect(page_link_to('user_shifts'));
}
$type = $type[0];
$type = $type[0];
if (! Shift_signup_allowed($shift, $type)) {
if (! Shift_signup_allowed($shift, $type)) {
@ -253,21 +275,26 @@ function user_shifts() {
if (isset($_REQUEST['submit'])) {
if (isset($_REQUEST['submit'])) {
$selected_type_id = $type_id;
$selected_type_id = $type_id;
if (in_array('user_shifts_admin', $privileges)) {
if (in_array('user_shifts_admin', $privileges)) {
if (isset($_REQUEST['user_id']) && preg_match("/^[0-9]*$/", $_REQUEST['user_id']))
if (isset($_REQUEST['user_id']) && preg_match("/^[0-9]*$/", $_REQUEST['user_id'])) {
$user_id = $_REQUEST['user_id'];
$user_id = $_REQUEST['user_id'];
else
} else {
$user_id = $user['UID'];
$user_id = $user['UID'];
}
if (sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1") == 0)
if (sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1") == 0) {
redirect(page_link_to('user_shifts'));
redirect(page_link_to('user_shifts'));
}
if (isset($_REQUEST['angeltype_id']) && test_request_int('angeltype_id') && sql_num_query("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($_REQUEST['angeltype_id']) . "' LIMIT 1") > 0)
if (isset($_REQUEST['angeltype_id']) && test_request_int('angeltype_id') && sql_num_query("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($_REQUEST['angeltype_id']) . "' LIMIT 1") > 0) {
$selected_type_id = $_REQUEST['angeltype_id'];
$selected_type_id = $_REQUEST['angeltype_id'];
} else
}
} else {
$user_id = $user['UID'];
$user_id = $user['UID'];
}
if (sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `UID` = '" . sql_escape($user_id) . "'"))
if (sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `UID` = '" . sql_escape($user_id) . "'")) {
return error("This angel does already have an entry for this shift.", true);
return error("This angel does already have an entry for this shift.", true);
}
$freeloaded = $shift['freeloaded'];
$freeloaded = $shift['freeloaded'];
$freeload_comment = $shift['freeload_comment'];
$freeload_comment = $shift['freeload_comment'];
@ -277,19 +304,21 @@ function user_shifts() {
}
}
$comment = strip_request_item_nl('comment');
$comment = strip_request_item_nl('comment');
$result = ShiftEntry_create(array(
$result = ShiftEntry_create([
'SID' => $shift_id,
'SID' => $shift_id,
'TID' => $selected_type_id,
'TID' => $selected_type_id,
'UID' => $user_id,
'UID' => $user_id,
'Comment' => $comment,
'Comment' => $comment,
'freeloaded' => $freeloaded,
'freeloaded' => $freeloaded,
'freeload_comment' => $freeload_comment
'freeload_comment' => $freeload_comment
));
]);
if ($result === false)
if ($result === false) {
engelsystem_error('Unable to create shift entry.');
engelsystem_error('Unable to create shift entry.');
}
if ($type['restricted'] == 0 && sql_num_query("SELECT * FROM `UserAngelTypes` INNER JOIN `AngelTypes` ON `AngelTypes`.`id` = `UserAngelTypes`.`angeltype_id` WHERE `angeltype_id` = '" . sql_escape($selected_type_id) . "' AND `user_id` = '" . sql_escape($user_id) . "' ") == 0)
if ($type['restricted'] == 0 && sql_num_query("SELECT * FROM `UserAngelTypes` INNER JOIN `AngelTypes` ON `AngelTypes`.`id` = `UserAngelTypes`.`angeltype_id` WHERE `angeltype_id` = '" . sql_escape($selected_type_id) . "' AND `user_id` = '" . sql_escape($user_id) . "' ") == 0) {
engelsystem_log("User " . User_Nick_render($user_source) . " signed up for shift " . $shift['name'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end']));
engelsystem_log("User " . User_Nick_render($user_source) . " signed up for shift " . $shift['name'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end']));
@ -299,16 +328,18 @@ function user_shifts() {
if (in_array('user_shifts_admin', $privileges)) {
if (in_array('user_shifts_admin', $privileges)) {
$users = sql_select("SELECT *, (SELECT count(*) FROM `ShiftEntry` WHERE `freeloaded`=1 AND `ShiftEntry`.`UID`=`User`.`UID`) AS `freeloaded` FROM `User` ORDER BY `Nick`");
$users = sql_select("SELECT *, (SELECT count(*) FROM `ShiftEntry` WHERE `freeloaded`=1 AND `ShiftEntry`.`UID`=`User`.`UID`) AS `freeloaded` FROM `User` ORDER BY `Nick`");
SELECT DISTINCT DATE(FROM_UNIXTIME(`start`)) AS `id`, DATE(FROM_UNIXTIME(`start`)) AS `name`
SELECT DISTINCT DATE(FROM_UNIXTIME(`start`)) AS `id`, DATE(FROM_UNIXTIME(`start`)) AS `name`
FROM `Shifts`
FROM `Shifts`
@ -343,30 +374,33 @@ function view_user_shifts() {
redirect('?');
redirect('?');
}
}
if (in_array('user_shifts_admin', $privileges))
if (in_array('user_shifts_admin', $privileges)) {
$types = sql_select("SELECT `id`, `name` FROM `AngelTypes` ORDER BY `AngelTypes`.`name`");
$types = sql_select("SELECT `id`, `name` FROM `AngelTypes` ORDER BY `AngelTypes`.`name`");
else
} else {
$types = sql_select("SELECT `AngelTypes`.`id`, `AngelTypes`.`name`, (`AngelTypes`.`restricted`=0 OR (NOT `UserAngelTypes`.`confirm_user_id` IS NULL OR `UserAngelTypes`.`id` IS NULL)) as `enabled` FROM `AngelTypes` LEFT JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id`=`AngelTypes`.`id` AND `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "') ORDER BY `AngelTypes`.`name`");
$types = sql_select("SELECT `AngelTypes`.`id`, `AngelTypes`.`name`, (`AngelTypes`.`restricted`=0 OR (NOT `UserAngelTypes`.`confirm_user_id` IS NULL OR `UserAngelTypes`.`id` IS NULL)) as `enabled` FROM `AngelTypes` LEFT JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id`=`AngelTypes`.`id` AND `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "') ORDER BY `AngelTypes`.`name`");
if (empty($types))
}
if (empty($types)) {
$types = sql_select("SELECT `id`, `name` FROM `AngelTypes` WHERE `restricted` = 0");
$types = sql_select("SELECT `id`, `name` FROM `AngelTypes` WHERE `restricted` = 0");
$filled = array(
}
array(
$filled = [
[
'id' => '1',
'id' => '1',
'name' => _('occupied')
'name' => _("occupied")
),
],
array(
[
'id' => '0',
'id' => '0',
'name' => _('free')
'name' => _("free")
)
]
);
];
if (count($types) == 0) {
if (count($types) == 0) {
error(_("The administration has not configured any angeltypes yet - or you are not subscribed to any angeltype."));
error(_("The administration has not configured any angeltypes yet - or you are not subscribed to any angeltype."));
redirect('?');
redirect('?');
}
}
if (! isset($_SESSION['user_shifts']))
if (! isset($_SESSION['user_shifts'])) {
$_SESSION['user_shifts'] = array();
$_SESSION['user_shifts'] = [];
}
if (! isset($_SESSION['user_shifts']['filled'])) {
if (! isset($_SESSION['user_shifts']['filled'])) {
// User shift admins see free and occupied shifts by default
// User shift admins see free and occupied shifts by default
@ -378,65 +412,77 @@ function view_user_shifts() {
if (! isset($_SESSION['user_shifts']['rooms']) || count($_SESSION['user_shifts']['rooms']) == 0)
if (! isset($_SESSION['user_shifts']['rooms']) || count($_SESSION['user_shifts']['rooms']) == 0) {
$_SESSION['user_shifts']['rooms'] = array(
$_SESSION['user_shifts']['rooms'] = [
0
0
);
];
}
$SQL = "SELECT DISTINCT `Shifts`.*, `ShiftTypes`.`name`, `Room`.`Name` as `room_name`, nat2.`special_needs` > 0 AS 'has_special_needs'
$SQL = "SELECT DISTINCT `Shifts`.*, `ShiftTypes`.`name`, `Room`.`Name` as `room_name`, nat2.`special_needs` > 0 AS 'has_special_needs'
FROM `Shifts`
FROM `Shifts`
@ -449,13 +495,14 @@ function view_user_shifts() {
AND `start` BETWEEN " . $starttime . " AND " . $endtime;
AND `start` BETWEEN " . $starttime . " AND " . $endtime;
if (count($_SESSION['user_shifts']['filled']) == 1) {
if (count($_SESSION['user_shifts']['filled']) == 1) {
if ($_SESSION['user_shifts']['filled'][0] == 0)
if ($_SESSION['user_shifts']['filled'][0] == 0) {
$SQL .= "
$SQL .= "
AND (nat.`count` > entries.`count` OR entries.`count` IS NULL OR EXISTS (SELECT `SID` FROM `ShiftEntry` WHERE `UID` = '" . sql_escape($user['UID']) . "' AND `ShiftEntry`.`SID` = `Shifts`.`SID`))";
AND (nat.`count` > entries.`count` OR entries.`count` IS NULL OR EXISTS (SELECT `SID` FROM `ShiftEntry` WHERE `UID` = '" . sql_escape($user['UID']) . "' AND `ShiftEntry`.`SID` = `Shifts`.`SID`))";
AND (nat.`count` <= entries.`count` OR EXISTS (SELECT `SID` FROM `ShiftEntry` WHERE `UID` = '" . sql_escape($user['UID']) . "' AND `ShiftEntry`.`SID` = `Shifts`.`SID`))";
AND (nat.`count` <= entries.`count` OR EXISTS (SELECT `SID` FROM `ShiftEntry` WHERE `UID` = '" . sql_escape($user['UID']) . "' AND `ShiftEntry`.`SID` = `Shifts`.`SID`))";
}
}
}
$SQL .= "
$SQL .= "
ORDER BY `start`";
ORDER BY `start`";
@ -468,27 +515,28 @@ function view_user_shifts() {
INNER JOIN `ShiftEntry` ON (`Shifts`.`SID` = `ShiftEntry`.`SID` AND `ShiftEntry`.`UID` = '" . sql_escape($user['UID']) . "')
INNER JOIN `ShiftEntry` ON (`Shifts`.`SID` = `ShiftEntry`.`SID` AND `ShiftEntry`.`UID` = '" . sql_escape($user['UID']) . "')
WHERE `Shifts`.`RID` IN (" . implode(',', $_SESSION['user_shifts']['rooms']) . ")
WHERE `Shifts`.`RID` IN (" . implode(',', $_SESSION['user_shifts']['rooms']) . ")
AND `start` BETWEEN " . $starttime . " AND " . $endtime);
AND `start` BETWEEN " . $starttime . " AND " . $endtime);
$query .= " AND `angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") ";
$query .= " AND `angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") ";
}
$query .= " ORDER BY `AngelTypes`.`name`";
$query .= " ORDER BY `AngelTypes`.`name`";
$angeltypes = sql_select($query);
$angeltypes = sql_select($query);
if (count($angeltypes) > 0) {
if (count($angeltypes) > 0) {
foreach ($angeltypes as $angeltype) {
foreach ($angeltypes as $angeltype) {
$entries = sql_select("SELECT * FROM `ShiftEntry` JOIN `User` ON (`ShiftEntry`.`UID` = `User`.`UID`) WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `TID`='" . sql_escape($angeltype['id']) . "' ORDER BY `Nick`");
$entries = sql_select("SELECT * FROM `ShiftEntry` JOIN `User` ON (`ShiftEntry`.`UID` = `User`.`UID`) WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `TID`='" . sql_escape($angeltype['id']) . "' ORDER BY `Nick`");
$entry_list = array();
$entry_list = [];
$freeloader = 0;
$freeloader = 0;
foreach ($entries as $entry) {
foreach ($entries as $entry) {
$style = '';
$style = '';
@ -605,13 +659,14 @@ function view_user_shifts() {
@ -728,16 +791,17 @@ function view_user_shifts() {
foreach ($angeltypes as &$angeltype) {
foreach ($angeltypes as &$angeltype) {
$entries = sql_select("SELECT * FROM `ShiftEntry` JOIN `User` ON (`ShiftEntry`.`UID` = `User`.`UID`) WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `TID`='" . sql_escape($angeltype['id']) . "' ORDER BY `Nick`");
$entries = sql_select("SELECT * FROM `ShiftEntry` JOIN `User` ON (`ShiftEntry`.`UID` = `User`.`UID`) WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `TID`='" . sql_escape($angeltype['id']) . "' ORDER BY `Nick`");