kontakt
/
engelsystem
3
0
Fork 0
Code Issues 12 Pull Requests Projects Releases Wiki Activity

replaced header with redirect function

Browse Source
main
Philip Häusler 12 years ago
parent 8fd5ffb335
commit a573b4e325
11 changed files with 29 additions and 32 deletions
Show Stats Download Patch File Download Diff File

6
includes/pages/admin_faq.php
Unescape Escape View File

@ -20,7 +20,7 @@ function admin_faq() {
sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "'"); sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "'");
header("Location: " . page_link_to("admin_faq")); redirect(page_link_to("admin_faq"));
break; break;
case 'save' : case 'save' :
@ -40,7 +40,7 @@ function admin_faq() {
sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1"); sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("admin_faq")); redirect(page_link_to("admin_faq"));
} else } else
return error("No FAQ found.", true); return error("No FAQ found.", true);
break; break;
@ -78,7 +78,7 @@ function admin_faq() {
list ($faq) = $faq; list ($faq) = $faq;
sql_query("DELETE FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("admin_faq")); redirect(page_link_to("admin_faq"));
} else } else
return error("No FAQ found.", true); return error("No FAQ found.", true);
break; break;

2
includes/pages/admin_groups.php
Unescape Escape View File

@ -88,7 +88,7 @@ function admin_groups() {
} }
} }
engelsystem_log("Group privileges of group " . $room['Name'] . " edited: " . join(", ", $privilege_names)); engelsystem_log("Group privileges of group " . $room['Name'] . " edited: " . join(", ", $privilege_names));
header("Location: " . page_link_to("admin_groups")); redirect(page_link_to("admin_groups"));
} else } else
return error("No Group found.", true); return error("No Group found.", true);
break; break;

6
includes/pages/admin_import.php
Unescape Escape View File

@ -104,7 +104,7 @@ function admin_import() {
} }
if ($ok) if ($ok)
header("Location: " . page_link_to('admin_import') . "&step=check"); redirect(page_link_to('admin_import') . "&step=check");
else else
$html .= template_render('../templates/admin_import_input.html', array ( $html .= template_render('../templates/admin_import_input.html', array (
'link' => page_link_to('admin_import'), 'link' => page_link_to('admin_import'),
@ -115,7 +115,7 @@ function admin_import() {
case "check" : case "check" :
if (!file_exists($import_file)) if (!file_exists($import_file))
header("Location: " . page_link_to('admin_import')); redirect(page_link_to('admin_import'));
list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file); list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file);
list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file); list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file);
@ -132,7 +132,7 @@ function admin_import() {
case "import" : case "import" :
if (!file_exists($import_file)) if (!file_exists($import_file))
header("Location: " . page_link_to('admin_import')); redirect(page_link_to('admin_import'));
list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file); list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file);
foreach ($rooms_new as $room) { foreach ($rooms_new as $room) {

6
includes/pages/admin_news.php
Unescape Escape View File

@ -3,7 +3,7 @@ function admin_news() {
global $user; global $user;
if (!isset ($_GET["action"])) { if (!isset ($_GET["action"])) {
header("Location: " . page_link_to("news")); redirect(page_link_to("news"));
} else { } else {
$html = ""; $html = "";
switch ($_GET["action"]) { switch ($_GET["action"]) {
@ -61,7 +61,7 @@ function admin_news() {
sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) . sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) .
"', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1"); "', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1");
engelsystem_log("News updated: " . $_POST["eBetreff"]); engelsystem_log("News updated: " . $_POST["eBetreff"]);
header("Location: " . page_link_to("news")); redirect(page_link_to("news"));
} else } else
return error("No News found.", true); return error("No News found.", true);
break; break;
@ -78,7 +78,7 @@ function admin_news() {
sql_query("DELETE FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
engelsystem_log("News deleted: " . $news['Betreff']); engelsystem_log("News deleted: " . $news['Betreff']);
header("Location: " . page_link_to("news")); redirect(page_link_to("news"));
} else } else
return error("No News found.", true); return error("No News found.", true);
break; break;

4
includes/pages/admin_questions.php
Unescape Escape View File

@ -61,7 +61,7 @@ function admin_questions() {
if ($answer != "") { if ($answer != "") {
sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
engelsystem_log("Question " . $question[0]['Question'] . " answered: " . $answer); engelsystem_log("Question " . $question[0]['Question'] . " answered: " . $answer);
header("Location: " . page_link_to("admin_questions")); redirect(page_link_to("admin_questions"));
} else } else
return error("Gib eine Antwort ein!", true); return error("Gib eine Antwort ein!", true);
} else } else
@ -77,7 +77,7 @@ function admin_questions() {
if (count($question) > 0) { if (count($question) > 0) {
sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
engelsystem_log("Question deleted: " . $question[0]['Question']); engelsystem_log("Question deleted: " . $question[0]['Question']);
header("Location: " . page_link_to("admin_questions")); redirect(page_link_to("admin_questions"));
} else } else
return error("No question found.", true); return error("No question found.", true);
break; break;

6
includes/pages/admin_shifts.php
Unescape Escape View File

@ -226,10 +226,8 @@ function admin_shifts() {
} }
elseif (isset ($_REQUEST['submit'])) { elseif (isset ($_REQUEST['submit'])) {
if (!is_array($_SESSION['admin_shifts_shifts']) || !is_array($_SESSION['admin_shifts_types'])) { if (!is_array($_SESSION['admin_shifts_shifts']) || !is_array($_SESSION['admin_shifts_types']))
header("Location: ?p=admin_shifts"); redirect(page_link_to('admin_shifts'));
die();
}
foreach ($_SESSION['admin_shifts_shifts'] as $shift) { foreach ($_SESSION['admin_shifts_shifts'] as $shift) {
sql_query("INSERT INTO `Shifts` SET `start`=" . sql_escape($shift['start']) . ", `end`=" . sql_escape($shift['end']) . ", `RID`=" . sql_escape($shift['RID']) . ", `name`='" . sql_escape($shift['name']) . "'"); sql_query("INSERT INTO `Shifts` SET `start`=" . sql_escape($shift['start']) . ", `end`=" . sql_escape($shift['end']) . ", `RID`=" . sql_escape($shift['RID']) . ", `name`='" . sql_escape($shift['name']) . "'");

2
includes/pages/guest_login.php
Unescape Escape View File

@ -158,7 +158,7 @@ function guest_register() {
function guest_logout() { function guest_logout() {
session_destroy(); session_destroy();
header("Location: " . page_link_to("start")); redirect(page_link_to("start"));
} }
function guest_login() { function guest_login() {

3
includes/pages/guest_start.php
Unescape Escape View File

@ -1,6 +1,5 @@
<?php <?php
function guest_start() { function guest_start() {
header("Location: ?p=login"); redirect(page_link_to('login'));
die();
} }
?> ?>

6
includes/pages/user_messages.php
Unescape Escape View File

@ -69,7 +69,7 @@ function user_messages() {
$message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) { if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) {
sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1"); sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("user_messages")); redirect(page_link_to("user_messages"));
} else } else
return error("No Message found.", true); return error("No Message found.", true);
break; break;
@ -83,7 +83,7 @@ function user_messages() {
$message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) { if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) {
sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("user_messages")); redirect(page_link_to("user_messages"));
} else } else
return error("No Message found.", true); return error("No Message found.", true);
break; break;
@ -93,7 +93,7 @@ function user_messages() {
$to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['to'])); $to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['to']));
if ($text != "" && is_numeric($to) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) { if ($text != "" && is_numeric($to) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) {
sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'"); sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'");
header("Location: " . page_link_to("user_messages")); redirect(page_link_to("user_messages"));
} else { } else {
return error(Get_Text("pub_messages_Send_Error"), true); return error(Get_Text("pub_messages_Send_Error"), true);
} }

4
includes/pages/user_questions.php
Unescape Escape View File

@ -27,7 +27,7 @@ function user_questions() {
$question = strip_request_item_nl('question'); $question = strip_request_item_nl('question');
if ($question != "") { if ($question != "") {
sql_query("INSERT INTO `Questions` SET `UID`=" . sql_escape($user['UID']) . ", `Question`='" . sql_escape($question) . "'"); sql_query("INSERT INTO `Questions` SET `UID`=" . sql_escape($user['UID']) . ", `Question`='" . sql_escape($question) . "'");
header("Location: " . page_link_to("user_questions")); redirect(page_link_to("user_questions"));
} else } else
return error("Gib eine Frage ein!", true); return error("Gib eine Frage ein!", true);
break; break;
@ -40,7 +40,7 @@ function user_questions() {
$question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
if (count($question) > 0 && $question[0]['UID'] == $user['UID']) { if (count($question) > 0 && $question[0]['UID'] == $user['UID']) {
sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("user_questions")); redirect(page_link_to("user_questions"));
} else } else
return error("No question found.", true); return error("No question found.", true);
break; break;

16
includes/pages/user_shifts.php
Unescape Escape View File

@ -157,11 +157,11 @@ function user_shifts() {
if (isset ($_REQUEST['delete_shift']) && preg_match("/^[0-9]*$/", $_REQUEST['delete_shift'])) if (isset ($_REQUEST['delete_shift']) && preg_match("/^[0-9]*$/", $_REQUEST['delete_shift']))
$shift_id = $_REQUEST['delete_shift']; $shift_id = $_REQUEST['delete_shift'];
else else
header("Location: " . page_link_to('user_shifts')); redirect(page_link_to('user_shifts'));
$shift = sql_select("SELECT * FROM `Shifts` JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1"); $shift = sql_select("SELECT * FROM `Shifts` JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1");
if (count($shift) == 0) if (count($shift) == 0)
header("Location: " . page_link_to('user_shifts')); redirect(page_link_to('user_shifts'));
$shift = $shift[0]; $shift = $shift[0];
// Schicht löschen bestätigt // Schicht löschen bestätigt
@ -186,28 +186,28 @@ function user_shifts() {
if (isset ($_REQUEST['shift_id']) && preg_match("/^[0-9]*$/", $_REQUEST['shift_id'])) if (isset ($_REQUEST['shift_id']) && preg_match("/^[0-9]*$/", $_REQUEST['shift_id']))
$shift_id = $_REQUEST['shift_id']; $shift_id = $_REQUEST['shift_id'];
else else
header("Location: " . page_link_to('user_shifts')); redirect(page_link_to('user_shifts'));
$shift = sql_select("SELECT * FROM `Shifts` JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1"); $shift = sql_select("SELECT * FROM `Shifts` JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1");
if (count($shift) == 0) if (count($shift) == 0)
header("Location: " . page_link_to('user_shifts')); redirect(page_link_to('user_shifts'));
$shift = $shift[0]; $shift = $shift[0];
if (isset ($_REQUEST['type_id']) && preg_match("/^[0-9]*$/", $_REQUEST['type_id'])) if (isset ($_REQUEST['type_id']) && preg_match("/^[0-9]*$/", $_REQUEST['type_id']))
$type_id = $_REQUEST['type_id']; $type_id = $_REQUEST['type_id'];
else else
header("Location: " . page_link_to('user_shifts')); redirect(page_link_to('user_shifts'));
// Schicht läuft schon, Eintragen für Engel nicht mehr möglich // Schicht läuft schon, Eintragen für Engel nicht mehr möglich
if(!in_array('user_shifts_admin', $privileges) && time() > $shift['start']) { if(!in_array('user_shifts_admin', $privileges) && time() > $shift['start']) {
error("Diese Schicht läuft gerade oder ist bereits vorbei. Bitte kontaktiere den Schichtkoordinator um Dich eintragen zu lassen."); error("Diese Schicht läuft gerade oder ist bereits vorbei. Bitte kontaktiere den Schichtkoordinator um Dich eintragen zu lassen.");
header("Location: " . page_link_to('user_shifts')); redirect(page_link_to('user_shifts'));
} }
// Another shift the user is signed up for collides with this one // Another shift the user is signed up for collides with this one
if(!in_array('user_shifts_admin', $privileges) && sql_num_query("SELECT `Shifts`.`SID` FROM `Shifts` INNER JOIN `ShiftEntry` ON (`Shifts`.`SID` = `ShiftEntry`.`SID` AND `ShiftEntry`.`UID` = " . sql_escape($user['UID']) . ") WHERE `start` < '" . sql_escape($shift['end']) . "' AND `end` > '" . sql_escape($shift['start']) . "'") > 0) { if(!in_array('user_shifts_admin', $privileges) && sql_num_query("SELECT `Shifts`.`SID` FROM `Shifts` INNER JOIN `ShiftEntry` ON (`Shifts`.`SID` = `ShiftEntry`.`SID` AND `ShiftEntry`.`UID` = " . sql_escape($user['UID']) . ") WHERE `start` < '" . sql_escape($shift['end']) . "' AND `end` > '" . sql_escape($shift['start']) . "'") > 0) {
error("Du bist bereits in einer parallelen Schicht eingetragen. Bitte kontaktiere den Schichtkoordinator, um dich eintragen zu lassen."); error("Du bist bereits in einer parallelen Schicht eingetragen. Bitte kontaktiere den Schichtkoordinator, um dich eintragen zu lassen.");
header("Location: " . page_link_to('user_shifts')); redirect(page_link_to('user_shifts'));
} }
if (in_array('user_shifts_admin', $privileges)) if (in_array('user_shifts_admin', $privileges))
@ -216,7 +216,7 @@ function user_shifts() {
$type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = " . sql_escape($type_id) . " AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = " . sql_escape($user['UID']) . " AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1"); $type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = " . sql_escape($type_id) . " AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = " . sql_escape($user['UID']) . " AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1");
if (count($type) == 0) if (count($type) == 0)
header("Location: " . page_link_to('user_shifts')); redirect(page_link_to('user_shifts'));
$type = $type[0]; $type = $type[0];
if (isset ($_REQUEST['submit'])) { if (isset ($_REQUEST['submit'])) {

Write Preview
Loading…
Cancel
Save