kontakt
/
engelsystem
3
0
Fork 0
Code Issues 12 Pull Requests Projects Releases Wiki Activity

mysql to mysqli and a lot of cleanup and mvc

Browse Source
main
Philip Häusler 11 years ago
parent d50cc21f50
commit bfb0cacd54
30 changed files with 859 additions and 1361 deletions
Show Stats Download Patch File Download Diff File

20
db/install.sql
Unescape Escape View File

@ -1286,26 +1286,6 @@ INSERT INTO `UserGroups` (`id`, `uid`, `group_id`) VALUES
(21, 3, -2), (21, 3, -2),
(22, 3, -5); (22, 3, -5);
-- --------------------------------------------------------
--
-- Tabellenstruktur für Tabelle `UserPicture`
--
DROP TABLE IF EXISTS `UserPicture`;
CREATE TABLE IF NOT EXISTS `UserPicture` (
`UID` int(11) NOT NULL DEFAULT '0',
`Bild` longblob NOT NULL,
`ContentType` varchar(20) NOT NULL DEFAULT '',
`show` char(1) NOT NULL DEFAULT 'N',
PRIMARY KEY (`UID`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
--
-- Daten für Tabelle `UserPicture`
--
-- -------------------------------------------------------- -- --------------------------------------------------------
-- --

2
db/update.php
Unescape Escape View File

@ -1,6 +1,6 @@
<?php <?php
require_once (dirname(__FILE__) . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR . 'public' . DIRECTORY_SEPARATOR . 'bootstrap.php'); require_once (dirname(__FILE__) . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR . 'public' . DIRECTORY_SEPARATOR . 'bootstrap.php');
require_once ('includes/sys_mysql.php'); require_once ('includes/mysql_provider.php');
require_once ('config/config.php'); require_once ('config/config.php');
require_once ('config/config_db.php'); require_once ('config/config_db.php');
sql_connect($config['host'], $config['user'], $config['pw'], $config['db']); sql_connect($config['host'], $config['user'], $config['pw'], $config['db']);

11
includes/helper/error_helper.php
Unescape Escape View File

@ -0,0 +1,11 @@
<?php
/**
* Displays a fatal message and stops execution.
* @param string $message
*/
function engelsystem_error($message) {
die($message);
}
?>

59
includes/helper/message_helper.php
Unescape Escape View File

@ -0,0 +1,59 @@
<?php
/**
* Gibt zwischengespeicherte Fehlermeldungen zurück und löscht den Zwischenspeicher
*/
function msg() {
if (!isset ($_SESSION['msg']))
return "";
$msg = $_SESSION['msg'];
$_SESSION['msg'] = "";
return $msg;
}
/**
* Rendert eine Information
*/
function info($msg, $immediatly = false) {
if ($immediatly) {
if ($msg == "")
return "";
return '<p class="info">' . $msg . '</p>';
} else {
if (!isset ($_SESSION['msg']))
$_SESSION['msg'] = "";
$_SESSION['msg'] .= info($msg, true);
}
}
/**
* Rendert eine Fehlermeldung
*/
function error($msg, $immediatly = false) {
if ($immediatly) {
if ($msg == "")
return "";
return '<p class="error">' . $msg . '</p>';
} else {
if (!isset ($_SESSION['msg']))
$_SESSION['msg'] = "";
$_SESSION['msg'] .= error($msg, true);
}
}
/**
* Rendert eine Erfolgsmeldung
*/
function success($msg, $immediatly = false) {
if ($immediatly) {
if ($msg == "")
return "";
return '<p class="success">' . $msg . '</p>';
} else {
if (!isset ($_SESSION['msg']))
$_SESSION['msg'] = "";
$_SESSION['msg'] .= success($msg, true);
}
}
?>

7
includes/model/LogEntries_model.php
Unescape Escape View File

@ -6,17 +6,14 @@
* @param $message Log Message * @param $message Log Message
*/ */
function LogEntry_create($nick, $message) { function LogEntry_create($nick, $message) {
$timestamp = time(); return sql_query("INSERT INTO `LogEntries` SET `timestamp`=" . sql_escape(time()) . ", `nick`='" . sql_escape($nick) . "', `message`='" . sql_escape($message) . "'");
sql_query("INSERT INTO `LogEntries` SET `timestamp`=" . sql_escape($timestamp) . ", `nick`='" . sql_escape($nick) . "', `message`='" . sql_escape($message) . "'");
} }
/** /**
* Returns log entries of the last 24 hours with maximum count of 1000. * Returns log entries of the last 24 hours with maximum count of 1000.
*/ */
function LogEntries() { function LogEntries() {
$log_entries_source = sql_select("SELECT * FROM `LogEntries` WHERE `timestamp` > " . (time() - 24*60*60) . " ORDER BY `timestamp` DESC LIMIT 1000"); return sql_select("SELECT * FROM `LogEntries` WHERE `timestamp` > " . (time() - 24*60*60) . " ORDER BY `timestamp` DESC LIMIT 1000");
return $log_entries_source;
} }

18
includes/model/Sprache_model.php
Unescape Escape View File

@ -0,0 +1,18 @@
<?php
/**
* Load a string by key.
* @param string $textid
* @param string $sprache
*/
function Sprache($textid, $sprache) {
$sprache_source = sql_select("SELECT * FROM `Sprache` WHERE `TextID`='" . sql_escape($textid) . "' AND `Sprache`='" . sql_escape($sprache) . "' LIMIT 1");
if($sprache_source === false)
return false;
if(count($sprache_source) == 1)
return $sprache_source[0];
return null;
}
?>

7
includes/model/User_model.php
Unescape Escape View File

@ -1,11 +1,12 @@
<?php <?php
/** /**
* Returns user by id. * Returns user by id.
* @param $id UID * @param $id UID
*/ */
function User($id) { function User($id) {
$user_source = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); $user_source = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
if($user_source === false)
return false;
if(count($user_source) > 0) if(count($user_source) > 0)
return $user_source[0]; return $user_source[0];
return null; return null;
@ -31,7 +32,9 @@ function User_by_api_key($api_key) {
*/ */
function User_reset_api_key(&$user) { function User_reset_api_key(&$user) {
$user['api_key'] = md5($user['Nick'] . time() . rand()); $user['api_key'] = md5($user['Nick'] . time() . rand());
sql_query("UPDATE `User` SET `api_key`='" . sql_escape($user['api_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1"); $result = sql_query("UPDATE `User` SET `api_key`='" . sql_escape($user['api_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1");
if($result === false)
return false;
engelsystem_log("API key resetted."); engelsystem_log("API key resetted.");
} }

176
includes/mysql_provider.php
Unescape Escape View File

@ -0,0 +1,176 @@
<?php
/**
* Close connection.
*/
function sql_close() {
global $sql_connection;
return $sql_connection->close();
}
/**
* Start new transaction.
*/
function sql_transaction_start() {
global $sql_nested_transaction_level;
if($sql_nested_transaction_level++ == 0)
return sql_query("BEGIN");
else
return true;
}
/**
* Commit transaction.
*/
function sql_transaction_commit() {
global $sql_nested_transaction_level;
if(--$sql_nested_transaction_level == 0)
return sql_query("COMMIT");
else
return true;
}
/**
* Stop transaction, revert database.
*/
function sql_transaction_rollback() {
global $sql_nested_transaction_level;
if(--$sql_nested_transaction_level == 0)
return sql_query("ROLLBACK");
else
return true;
}
/**
* Logs an sql error.
* @param string $message
* @return false
*/
function sql_error($message) {
sql_close();
$message = trim($message) . "\n";
$message .= debug_string_backtrace() . "\n";
error_log('mysql_provider error: ' . $message);
return false;
}
/**
* Connect to mysql server.
* @param string $host Host
* @param string $user Username
* @param string $pass Password
* @param string $db DB to select
* @return mysqli The connection handler
*/
function sql_connect($host, $user, $pass, $db) {
global $sql_connection;
$sql_connection = new mysqli($host, $user, $pass, $db);
if ($sql_connection->connect_errno)
return sql_error("Unable to connect to MySQL: " . $sql_connection->connect_error);
$result = $sql_connection->query("SET CHARACTER SET utf8;");
if (! $result)
return sql_error("Unable to set utf8 character set (" . $sql_connection->errno . ") " . $sql_connection->error);
$result = $sql_connection->set_charset('utf8');
if (! $result)
return sql_error("Unable to set utf8 names (" . $sql_connection->errno . ") " . $sql_connection->error);
return $sql_connection;
}
/**
* Change the selected db in current mysql-connection.
* @param $db_name
* @return bool true on success, false on error
*/
function sql_select_db($db_name) {
global $sql_connection;
if (!$sql_connection->select_db($db_name))
return sql_error("No database selected.");
return true;
}
/**
* MySQL SELECT query
* @param string $query
* @return Result array or false on error
*/
function sql_select($query) {
global $sql_connection;
$result = $sql_connection->query($query);
if ($result) {
$data = array();
while ($line = $result->fetch_assoc())
array_push($data, $line);
return $data;
} else
return sql_error("MySQL-query error: " . $query . " (" . $sql_connection->errno . ") " . $sql_connection->error);
}
/**
* MySQL execute a query
* @param string $query
* @return mysqli_result|boolean Result resource or false on error
*/
function sql_query($query) {
global $sql_connection;
$result = $sql_connection->query($query);
if ($result) {
return $result;
} else
usr_error("MySQL-query error: " . $query . " (" . $sql_connection->errno . ") " . $sql_connection->error);
}
/**
* Returns last inserted id.
*
* @return int
*/
function sql_id() {
global $sql_connection;
return $sql_connection->insert_id;
}
/**
* Escape a string for a sql query.
*
* @param string $query
* @return string
*/
function sql_escape($query) {
global $sql_connection;
return $sql_connection->real_escape_string($query);
}
/**
* Count query result lines.
*
* @param string $query
* @return int Count of result lines
*/
function sql_num_query($query) {
global $sql_connection;
return sql_query($query)->num_rows;
}
function sql_select_single_col($query) {
$result = sql_select($query);
return array_map('array_shift', $result);
}
function sql_select_single_cell($query) {
return array_shift(array_shift(sql_select($query)));
}
?>

205
includes/pages/admin_language.php
Unescape Escape View File

@ -1,110 +1,105 @@
<?php <?php
function admin_language() { function admin_language() {
global $user; global $user;
global $languages;
$html = "";
if (!isset ($_POST["TextID"])) { $html = "";
$html .= Get_Text("Hello") . User_Nick_render($user) . ", <br />\n"; if (!isset ($_POST["TextID"])) {
$html .= Get_Text("pub_sprache_text1") . "<br /><br />\n"; $html .= Get_Text("Hello") . User_Nick_render($user) . ", <br />\n";
$html .= Get_Text("pub_sprache_text1") . "<br /><br />\n";
$html .= "<a href=\"" . page_link_to("admin_language") . "&ShowEntry=y\">" . Get_Text("pub_sprache_ShowEntry") . "</a>";
// ausgabe Tabellenueberschift $html .= "<a href=\"" . page_link_to("admin_language") . "&ShowEntry=y\">" . Get_Text("pub_sprache_ShowEntry") . "</a>";
$SQL_Sprachen = "SELECT `Sprache` FROM `Sprache` GROUP BY `Sprache`;"; // ausgabe Tabellenueberschift
$erg_Sprachen = sql_query($SQL_Sprachen); $html .= "\t<table border=\"0\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n\t\t<tr>";
$html .= "\t\t<td class=\"contenttopic\"><b>" . Get_Text("pub_sprache_TextID") . "</b></td>";
for ($i = 0; $i < mysql_num_rows($erg_Sprachen); $i++) foreach($languages as $language => $language_name) {
$Sprachen[mysql_result($erg_Sprachen, $i, "Sprache")] = $i; $html .= "<td class=\"contenttopic\"><b>" .
Get_Text("pub_sprache_Sprache") . " " . $language .
$html .= "\t<table border=\"0\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n\t\t<tr>"; "</b></td>";
$html .= "\t\t<td class=\"contenttopic\"><b>" . Get_Text("pub_sprache_TextID") . "</b></td>"; $Sprachen[$language] = $language_name;
foreach ($Sprachen as $Name => $Value) }
$html .= "<td class=\"contenttopic\"><b>" . $html .= "\t\t<td class=\"contenttopic\"><b>" . Get_Text("pub_sprache_Edit") . "</b></td>";
Get_Text("pub_sprache_Sprache") . " " . $Name . $html .= "\t\t</tr>";
"</b></td>";
$html .= "\t\t<td class=\"contenttopic\"><b>" . Get_Text("pub_sprache_Edit") . "</b></td>"; if (isset ($_GET["ShowEntry"])) {
$html .= "\t\t</tr>"; // ausgabe eintraege
$sprache_source = sql_select("SELECT * FROM `Sprache` ORDER BY `TextID`, `Sprache`");
if (isset ($_GET["ShowEntry"])) {
// ausgabe eintraege $TextID_Old = $sprache_source[0]['TextID'];
$SQL = "SELECT * FROM `Sprache` ORDER BY `TextID`;"; foreach($sprache_source as $sprache_entry) {
$erg = sql_query($SQL); $TextID_New = $sprache_entry['TextID'];
if ($TextID_Old != $TextID_New) {
$TextID_Old = mysql_result($erg, 0, "TextID"); $html .= "<form action=\"" . page_link_to("admin_language") . "\" method=\"post\">";
for ($i = 0; $i < mysql_num_rows($erg); $i++) { $html .= "<tr class=\"content\">\n";
$TextID_New = mysql_result($erg, $i, "TextID"); $html .= "\t\t<td>$TextID_Old " .
if ($TextID_Old != $TextID_New) { "<input name=\"TextID\" type=\"hidden\" value=\"$TextID_Old\"> </td>\n";
$html .= "<form action=\"" . page_link_to("admin_language") . "\" method=\"post\">";
$html .= "<tr class=\"content\">\n"; foreach ($Sprachen as $Name => $Value) {
$html .= "\t\t<td>$TextID_Old " . $Value = html_entity_decode($Value, ENT_QUOTES);
"<input name=\"TextID\" type=\"hidden\" value=\"$TextID_Old\"> </td>\n"; $html .= "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Value</textarea></td>\n";
$Sprachen[$Name] = "";
foreach ($Sprachen as $Name => $Value) { }
$Value = html_entity_decode($Value, ENT_QUOTES);
$html .= "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Value</textarea></td>\n"; $html .= "\t\t<td><input type=\"submit\" value=\"Save\"></td>\n";
$Sprachen[$Name] = ""; $html .= "</tr>";
} $html .= "</form>\n";
$TextID_Old = $TextID_New;
$html .= "\t\t<td><input type=\"submit\" value=\"Save\"></td>\n"; }
$html .= "</tr>"; $Sprachen[$sprache_entry['Sprache']] = $sprache_entry['Text'];
$html .= "</form>\n"; } /*FOR*/
$TextID_Old = $TextID_New; }
}
$Sprachen[mysql_result($erg, $i, "Sprache")] = mysql_result($erg, $i, "Text"); //fuer neu eintraege
} /*FOR*/ $html .= "<form action=\"" . page_link_to("admin_language") . "\" method=\"post\">";
} $html .= "<tr class=\"content\">\n";
$html .= "\t\t<td><input name=\"TextID\" type=\"text\" size=\"40\" value=\"new\"> </td>\n";
//fuer neu eintraege
$html .= "<form action=\"" . page_link_to("admin_language") . "\" method=\"post\">"; foreach ($Sprachen as $Name => $Value)
$html .= "<tr class=\"content\">\n"; $html .= "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Name Text</textarea></td>\n";
$html .= "\t\t<td><input name=\"TextID\" type=\"text\" size=\"40\" value=\"new\"> </td>\n";
$html .= "\t\t<td><input type=\"submit\" value=\"Save\"></td>\n";
foreach ($Sprachen as $Name => $Value) $html .= "</tr>";
$html .= "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Name Text</textarea></td>\n"; $html .= "</form>\n";
$html .= "\t\t<td><input type=\"submit\" value=\"Save\"></td>\n"; $html .= "</table>\n";
$html .= "</tr>"; } /*if( !isset( $TextID ) )*/
$html .= "</form>\n"; else {
$html .= "edit: " . $_POST["TextID"] . "<br /><br />";
$html .= "</table>\n"; foreach ($_POST as $k => $v) {
} /*if( !isset( $TextID ) )*/ if ($k != "TextID") {
else { $sql_test = "SELECT * FROM `Sprache` " .
$html .= "edit: " . $_POST["TextID"] . "<br /><br />"; "WHERE `TextID`='" . sql_escape($_POST["TextID"])
foreach ($_POST as $k => $v) { . "' AND `Sprache`='"
if ($k != "TextID") { . sql_escape($k) . "'";
$sql_test = "SELECT * FROM `Sprache` " .
"WHERE `TextID`='" . sql_escape($_POST["TextID"]) $erg_test = sql_select("SELECT * FROM `Sprache` WHERE `TextID`='" . sql_escape($_POST["TextID"]) . "' AND `Sprache`='" . sql_escape($k) . "'");
. "' AND `Sprache`='" if (count($erg_test) == 0) {
. sql_escape($k) . "'"; $sql_save = "INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) " .
"VALUES ('" . sql_escape($_POST["TextID"]) . "', '"
$erg_test = sql_query($sql_test); . sql_escape($k) . "', '"
. sql_escape($v) . "')";
if (mysql_num_rows($erg_test) == 0) {
$sql_save = "INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) " . $html .= $sql_save . "<br />";
"VALUES ('" . sql_escape($_POST["TextID"]) . "', '" $Erg = sql_query($sql_save);
. sql_escape($k) . "', '" $html .= success("$k Save: OK<br />\n", true);
. sql_escape($v) . "')"; } else
if ($erg_test[0]['Text'] != $v) {
$html .= $sql_save . "<br />"; $sql_save = "UPDATE `Sprache` SET `Text`='"
$Erg = sql_query($sql_save); . sql_escape($v) . "' " .
$html .= success("$k Save: OK<br />\n", true); "WHERE `TextID`='"
} else . sql_escape($_POST["TextID"])
if (mysql_result($erg_test, 0, "Text") != $v) { . "' AND `Sprache`='" . sql_escape($k) . "' ";
$sql_save = "UPDATE `Sprache` SET `Text`='"
. sql_escape($v) . "' " . $html .= $sql_save . "<br />";
"WHERE `TextID`='" $Erg = sql_query($sql_save);
. sql_escape($_POST["TextID"]) $html .= success(" $k Update: OK<br />\n", true);
. "' AND `Sprache`='" . sql_escape($k) . "' "; } else
$html .= "\t $k no changes<br />\n";
$html .= $sql_save . "<br />"; }
$Erg = sql_query($sql_save); }
$html .= success(" $k Update: OK<br />\n", true);
} else }
$html .= "\t $k no changes<br />\n"; return $html;
}
}
}
return $html;
} }
?> ?>

6
includes/pages/admin_news.php
Unescape Escape View File

@ -17,6 +17,10 @@ function admin_news() {
if (count($news) > 0) { if (count($news) > 0) {
list ($news) = $news; list ($news) = $news;
$user_source = User($news['UID']);
if($user_source === false)
engelsystem_error("Unable to load user.");
$html .= '<a href="' . page_link_to("news") . '">&laquo Back</a>'; $html .= '<a href="' . page_link_to("news") . '">&laquo Back</a>';
$html .= "<form action=\"" . page_link_to("admin_news") . "&action=save\" method=\"post\">\n"; $html .= "<form action=\"" . page_link_to("admin_news") . "&action=save\" method=\"post\">\n";
@ -29,7 +33,7 @@ function admin_news() {
$html .= " <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">" . $html .= " <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">" .
$news["Text"] . "</textarea></td></tr>\n"; $news["Text"] . "</textarea></td></tr>\n";
$html .= " <tr><td>Engel</td><td>" . $html .= " <tr><td>Engel</td><td>" .
UID2Nick($news["UID"]) . "</td></tr>\n"; User_Nick_render($user_source) . "</td></tr>\n";
$html .= " <tr><td>Treffen</td><td>" . html_select_key('eTreffen', 'eTreffen', array ( $html .= " <tr><td>Treffen</td><td>" . html_select_key('eTreffen', 'eTreffen', array (
'1' => "Ja", '1' => "Ja",
'0' => "Nein" '0' => "Nein"

24
includes/pages/admin_questions.php
Unescape Escape View File

@ -18,28 +18,42 @@ function admin_questions() {
if (!isset ($_REQUEST['action'])) { if (!isset ($_REQUEST['action'])) {
$open_questions = ""; $open_questions = "";
$questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0"); $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0");
foreach ($questions as $question) foreach ($questions as $question) {
$user_source = User($question['UID']);
if($user_source === false)
engelsystem_error("Unable to load user.");
$open_questions .= template_render( $open_questions .= template_render(
'../templates/admin_question_unanswered.html', array ( '../templates/admin_question_unanswered.html', array (
'question_nick' => UID2Nick($question['UID']), 'question_nick' => User_Nick_render($user_source),
'question_id' => $question['QID'], 'question_id' => $question['QID'],
'link' => page_link_to("admin_questions"), 'link' => page_link_to("admin_questions"),
'question' => str_replace("\n", '<br />', $question['Question']) 'question' => str_replace("\n", '<br />', $question['Question'])
)); ));
}
$answered_questions = ""; $answered_questions = "";
$questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0"); $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0");
foreach ($questions as $question) foreach ($questions as $question) {
$user_source = User($question['UID']);
if($user_source === false)
engelsystem_error("Unable to load user.");
$answer_user_source = User($question['AID']);
if($answer_user_source === false)
engelsystem_error("Unable to load user.");
$answered_questions .= template_render( $answered_questions .= template_render(
'../templates/admin_question_answered.html', array ( '../templates/admin_question_answered.html', array (
'question_id' => $question['QID'], 'question_id' => $question['QID'],
'question_nick' => UID2Nick($question['UID']), 'question_nick' => User_Nick_render($user_source),
'question' => str_replace("\n", "<br />", $question['Question']), 'question' => str_replace("\n", "<br />", $question['Question']),
'answer_nick' => UID2Nick($question['AID']), 'answer_nick' => User_Nick_render($answer_user_source),
'answer' => str_replace("\n", "<br />", $question['Answer']), 'answer' => str_replace("\n", "<br />", $question['Answer']),
'link' => page_link_to("admin_questions"), 'link' => page_link_to("admin_questions"),
)); ));
}
return template_render('../templates/admin_questions.html', array ( return template_render('../templates/admin_questions.html', array (
'link' => page_link_to("admin_questions"), 'link' => page_link_to("admin_questions"),

38
includes/pages/admin_user.php
Unescape Escape View File

@ -26,38 +26,38 @@ function admin_user() {
$html .= "<table>\n"; $html .= "<table>\n";
$html .= " <tr><td>Nick</td><td>" . $html .= " <tr><td>Nick</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eNick\" value=\"" . "<input type=\"text\" size=\"40\" name=\"eNick\" value=\"" .
mysql_result($Erg, 0, "Nick") . "\"></td></tr>\n"; $user_source['Nick'] . "\"></td></tr>\n";
$html .= " <tr><td>lastLogIn</td><td>" . $html .= " <tr><td>lastLogIn</td><td>" .
date("Y-m-d H:i", mysql_result($Erg, 0, "lastLogIn")) . "</td></tr>\n"; date("Y-m-d H:i", $user_source['lastLogIn']) . "</td></tr>\n";
$html .= " <tr><td>Name</td><td>" . $html .= " <tr><td>Name</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eName\" value=\"" . "<input type=\"text\" size=\"40\" name=\"eName\" value=\"" .
mysql_result($Erg, 0, "Name") . "\"></td></tr>\n"; $user_source['Name'] . "\"></td></tr>\n";
$html .= " <tr><td>Vorname</td><td>" . $html .= " <tr><td>Vorname</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eVorname\" value=\"" . "<input type=\"text\" size=\"40\" name=\"eVorname\" value=\"" .
mysql_result($Erg, 0, "Vorname") . "\"></td></tr>\n"; $user_source['Vorname'] . "\"></td></tr>\n";
$html .= " <tr><td>Alter</td><td>" . $html .= " <tr><td>Alter</td><td>" .
"<input type=\"text\" size=\"5\" name=\"eAlter\" value=\"" . "<input type=\"text\" size=\"5\" name=\"eAlter\" value=\"" .
mysql_result($Erg, 0, "Alter") . "\"></td></tr>\n"; $user_source['Alter'] . "\"></td></tr>\n";
$html .= " <tr><td>Telefon</td><td>" . $html .= " <tr><td>Telefon</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eTelefon\" value=\"" . "<input type=\"text\" size=\"40\" name=\"eTelefon\" value=\"" .
mysql_result($Erg, 0, "Telefon") . "\"></td></tr>\n"; $user_source['Telefon'] . "\"></td></tr>\n";
$html .= " <tr><td>Handy</td><td>" . $html .= " <tr><td>Handy</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eHandy\" value=\"" . "<input type=\"text\" size=\"40\" name=\"eHandy\" value=\"" .
mysql_result($Erg, 0, "Handy") . "\"></td></tr>\n"; $user_source['Handy'] . "\"></td></tr>\n";
$html .= " <tr><td>DECT</td><td>" . $html .= " <tr><td>DECT</td><td>" .
"<input type=\"text\" size=\"4\" name=\"eDECT\" value=\"" . "<input type=\"text\" size=\"4\" name=\"eDECT\" value=\"" .
mysql_result($Erg, 0, "DECT") . "\"></td></tr>\n"; $user_source['DECT'] . "\"></td></tr>\n";
$html .= " <tr><td>email</td><td>" . $html .= " <tr><td>email</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eemail\" value=\"" . "<input type=\"text\" size=\"40\" name=\"eemail\" value=\"" .
mysql_result($Erg, 0, "email") . "\"></td></tr>\n"; $user_source['email'] . "\"></td></tr>\n";
$html .= " <tr><td>ICQ</td><td>" . $html .= " <tr><td>ICQ</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eICQ\" value=\"" . "<input type=\"text\" size=\"40\" name=\"eICQ\" value=\"" .
mysql_result($Erg, 0, "ICQ") . "\"></td></tr>\n"; $user_source['ICQ'] . "\"></td></tr>\n";
$html .= " <tr><td>jabber</td><td>" . $html .= " <tr><td>jabber</td><td>" .
"<input type=\"text\" size=\"40\" name=\"ejabber\" value=\"" . "<input type=\"text\" size=\"40\" name=\"ejabber\" value=\"" .
mysql_result($Erg, 0, "jabber") . "\"></td></tr>\n"; $user_source['jabber'] . "\"></td></tr>\n";
$html .= " <tr><td>Size</td><td>" . $html .= " <tr><td>Size</td><td>" .
html_select_key('size', 'eSize', $tshirt_sizes, mysql_result($Erg, 0, "Size")) . "</td></tr>\n"; html_select_key('size', 'eSize', $tshirt_sizes, $user_source['Size']) . "</td></tr>\n";
$options = array ( $options = array (
'1' => "Yes", '1' => "Yes",
@ -66,21 +66,21 @@ function admin_user() {
// Gekommen? // Gekommen?
$html .= " <tr><td>Gekommen</td><td>\n"; $html .= " <tr><td>Gekommen</td><td>\n";
$html .= html_options('eGekommen', $options, mysql_result($Erg, 0, "Gekommen")) . "</td></tr>\n"; $html .= html_options('eGekommen', $options, $user_source['Gekommen']) . "</td></tr>\n";
// Aktiv? // Aktiv?
$html .= " <tr><td>Aktiv</td><td>\n"; $html .= " <tr><td>Aktiv</td><td>\n";
$html .= html_options('eAktiv', $options, mysql_result($Erg, 0, "Aktiv")) . "</td></tr>\n"; $html .= html_options('eAktiv', $options, $user_source['Aktiv']) . "</td></tr>\n";
// T-Shirt bekommen? // T-Shirt bekommen?
$html .= " <tr><td>T-Shirt</td><td>\n"; $html .= " <tr><td>T-Shirt</td><td>\n";
$html .= html_options('eTshirt', $options, mysql_result($Erg, 0, "Tshirt")) . "</td></tr>\n"; $html .= html_options('eTshirt', $options, $user_source['Tshirt']) . "</td></tr>\n";
$html .= " <tr><td>Hometown</td><td>" . $html .= " <tr><td>Hometown</td><td>" .
"<input type=\"text\" size=\"40\" name=\"Hometown\" value=\"" . "<input type=\"text\" size=\"40\" name=\"Hometown\" value=\"" .
mysql_result($Erg, 0, "Hometown") . "\"></td></tr>\n"; $user_source['Hometown'] . "\"></td></tr>\n";
$html .= "</table>\n</td><td valign=\"top\">" . displayavatar($id, false) . "</td></tr>"; $html .= "</table>\n</td><td valign=\"top\">" . User_Avatar_render($user_source) . "</td></tr>";
$html .= "</td></tr>\n"; $html .= "</td></tr>\n";
$html .= "</table>\n<br />\n"; $html .= "</table>\n<br />\n";
@ -113,7 +113,7 @@ function admin_user() {
$selected_angel_types = array_unique($selected_angel_types); $selected_angel_types = array_unique($selected_angel_types);
// Assign angel-types // Assign angel-types
sql_start_transaction(); sql_transaction_start();
sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID'])); sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']));
$user_angel_type_info = array(); $user_angel_type_info = array();
if (!empty($selected_angel_types)) { if (!empty($selected_angel_types)) {
@ -131,7 +131,7 @@ function admin_user() {
if (!empty($accepted_angel_types)) if (!empty($accepted_angel_types))
sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id` = '" . sql_escape($user['UID']) . "' WHERE `user_id` = '" . sql_escape($user_source['UID']) . "' AND `angeltype_id` IN (" . implode(',', $accepted_angel_types) . ")"); sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id` = '" . sql_escape($user['UID']) . "' WHERE `user_id` = '" . sql_escape($user_source['UID']) . "' AND `angeltype_id` IN (" . implode(',', $accepted_angel_types) . ")");
} }
sql_stop_transaction(); sql_transaction_commit();
engelsystem_log("Set angeltypes of " . User_Nick_render($user_source) . " to: " . join(", ", $user_angel_type_info)); engelsystem_log("Set angeltypes of " . User_Nick_render($user_source) . " to: " . join(", ", $user_angel_type_info));
success("Angeltypes saved."); success("Angeltypes saved.");

207
includes/pages/user_messages.php
Unescape Escape View File

@ -1,107 +1,120 @@
<?php <?php
function user_unread_messages() { function user_unread_messages() {
global $user, $privileges; global $user, $privileges;
if (in_array("user_messages", $privileges)) { if (in_array("user_messages", $privileges)) {
$new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`=" . sql_escape($user['UID'])); $new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`=" . sql_escape($user['UID']));
if ($new_messages > 0) if ($new_messages > 0)
return sprintf('<p class="info"><a href="%s">%s %s %s</a></p><hr />', page_link_to("user_messages"), Get_Text("pub_messages_new1"), $new_messages, Get_Text("pub_messages_new2")); return sprintf('<p class="info"><a href="%s">%s %s %s</a></p><hr />', page_link_to("user_messages"), Get_Text("pub_messages_new1"), $new_messages, Get_Text("pub_messages_new2"));
} }
return ""; return "";
} }
function user_messages() { function user_messages() {
global $user; global $user;
if (!isset ($_REQUEST['action'])) { if (!isset ($_REQUEST['action'])) {
$users = sql_select("SELECT * FROM `User` WHERE NOT `UID`=" . sql_escape($user['UID']) . " ORDER BY `Nick`"); $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`=" . sql_escape($user['UID']) . " ORDER BY `Nick`");
$to_select_data = array ( $to_select_data = array (
"" => "Select recipient..." "" => "Select recipient..."
); );
foreach ($users as $u) foreach ($users as $u)
$to_select_data[$u['UID']] = $u['Nick']; $to_select_data[$u['UID']] = $u['Nick'];
$to_select = html_select_key('to', 'to', $to_select_data, ''); $to_select = html_select_key('to', 'to', $to_select_data, '');
$messages_html = ""; $messages_html = "";
$messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC"); $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC");
foreach ($messages as $message) { foreach ($messages as $message) {
$sender_user_source = User($message['SUID']);
$messages_html .= sprintf('<tr %s> <td>%s</td> <td>%s</td> <td>%s</td> <td>%s</td>' . if($sender_user_source === false)
'<td>%s</td>', ($message['isRead'] == 'N' ? ' class="new_message"' : ''), ($message['isRead'] == 'N' ? '•' : ''), date("Y-m-d H:i", $message['Datum']), UID2Nick($message['SUID']), UID2Nick($message['RUID']), str_replace("\n", '<br />', $message['Text'])); engelsystem_error("Unable to load user.");
$receiver_user_source = User($message['RUID']);
$messages_html .= '<td>'; if($receiver_user_source === false)
if ($message['RUID'] == $user['UID']) { engelsystem_error("Unable to load user.");
if ($message['isRead'] == 'N')
$messages_html .= '<a href="' . page_link_to("user_messages") . '&action=read&id=' . $message['id'] . '">' . Get_Text("pub_messages_MarkRead") . '</a>'; $messages_html .= sprintf(
} else { '<tr %s> <td>%s</td> <td>%s</td> <td>%s</td> <td>%s</td><td>%s</td>',
$messages_html .= '<a href="' . page_link_to("user_messages") . '&action=delete&id=' . $message['id'] . '">' . Get_Text("pub_messages_DelMsg") . '</a>'; ($message['isRead'] == 'N' ? ' class="new_message"' : ''),
} ($message['isRead'] == 'N' ? '•' : ''),
$messages_html .= '</td></tr>'; date("Y-m-d H:i", $message['Datum']),
} User_Nick_render($sender_user_source),
User_Nick_render($receiver_user_source),
return template_render('../templates/user_messages.html', array ( str_replace("\n", '<br />', $message['Text'])
'link' => page_link_to("user_messages"), );
'greeting' => Get_Text("Hello") . User_Nick_render($user) . ", <br />\n" . Get_Text("pub_messages_text1") . "<br /><br />\n",
'messages' => $messages_html, $messages_html .= '<td>';
'new_label' => Get_Text("pub_messages_Neu"), if ($message['RUID'] == $user['UID']) {
'date_label' => Get_Text("pub_messages_Datum"), if ($message['isRead'] == 'N')
'from_label' => Get_Text("pub_messages_Von"), $messages_html .= '<a href="' . page_link_to("user_messages") . '&action=read&id=' . $message['id'] . '">' . Get_Text("pub_messages_MarkRead") . '</a>';
'to_label' => Get_Text("pub_messages_An"), } else {
'text_label' => Get_Text("pub_messages_Text"), $messages_html .= '<a href="' . page_link_to("user_messages") . '&action=delete&id=' . $message['id'] . '">' . Get_Text("pub_messages_DelMsg") . '</a>';
'date' => date("Y-m-d H:i"), }
'from' => User_Nick_render($user), $messages_html .= '</td></tr>';
'to_select' => $to_select, }
'submit_label' => Get_Text("save")
)); return template_render('../templates/user_messages.html', array (
} else { 'link' => page_link_to("user_messages"),
switch ($_REQUEST['action']) { 'greeting' => Get_Text("Hello") . User_Nick_render($user) . ", <br />\n" . Get_Text("pub_messages_text1") . "<br /><br />\n",
case "read" : 'messages' => $messages_html,
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) 'new_label' => Get_Text("pub_messages_Neu"),
$id = $_REQUEST['id']; 'date_label' => Get_Text("pub_messages_Datum"),
else 'from_label' => Get_Text("pub_messages_Von"),
return error("Incomplete call, missing Message ID.", true); 'to_label' => Get_Text("pub_messages_An"),
'text_label' => Get_Text("pub_messages_Text"),
$message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); 'date' => date("Y-m-d H:i"),
if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) { 'from' => User_Nick_render($user),
sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1"); 'to_select' => $to_select,
redirect(page_link_to("user_messages")); 'submit_label' => Get_Text("save")
} else ));
return error("No Message found.", true); } else {
break; switch ($_REQUEST['action']) {
case "read" :
case "delete" : if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) $id = $_REQUEST['id'];
$id = $_REQUEST['id']; else
else return error("Incomplete call, missing Message ID.", true);
return error("Incomplete call, missing Message ID.", true);
$message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
$message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) {
if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) { sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1");
sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); redirect(page_link_to("user_messages"));
redirect(page_link_to("user_messages")); } else
} else return error("No Message found.", true);
return error("No Message found.", true); break;
break;
case "delete" :
case "send" : if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text'])); $id = $_REQUEST['id'];
$to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['to'])); else
if ($text != "" && is_numeric($to) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) { return error("Incomplete call, missing Message ID.", true);
sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'");
redirect(page_link_to("user_messages")); $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
} else { if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) {
return error(Get_Text("pub_messages_Send_Error"), true); sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
} redirect(page_link_to("user_messages"));
break; } else
return error("No Message found.", true);
default : break;
return error("Wrong action.", true);
} case "send" :
} $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
$to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['to']));
if ($text != "" && is_numeric($to) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) {
sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'");
redirect(page_link_to("user_messages"));
} else {
return error(Get_Text("pub_messages_Send_Error"), true);
}
break;
default :
return error("Wrong action.", true);
}
}
} }
?> ?>

15
includes/pages/user_news.php
Unescape Escape View File

@ -35,7 +35,12 @@ function display_news($news) {
$html .= '<article class="news' . ($news['Treffen'] == 1 ? ' meeting' : '') . '">'; $html .= '<article class="news' . ($news['Treffen'] == 1 ? ' meeting' : '') . '">';
$html .= '<details>'; $html .= '<details>';
$html .= date("Y-m-d H:i", $news['Datum']) . ', '; $html .= date("Y-m-d H:i", $news['Datum']) . ', ';
$html .= UID2Nick($news['UID']);
$user_source = User($news['UID']);
if($user_source === false)
engelsystem_error("Unable to load user.");
$html .= User_Nick_render($user_source);
if ($p != "news_comments") if ($p != "news_comments")
$html .= ', <a href="' . page_link_to("news_comments") . '&nid=' . $news['ID'] . '">Kommentare (' . sql_num_query("SELECT * FROM `news_comments` WHERE `Refid`='" . sql_escape($news['ID']) . "'") . ') &raquo;</a>'; $html .= ', <a href="' . page_link_to("news_comments") . '&nid=' . $news['ID'] . '">Kommentare (' . sql_num_query("SELECT * FROM `news_comments` WHERE `Refid`='" . sql_escape($news['ID']) . "'") . ') &raquo;</a>';
$html .= '</details>'; $html .= '</details>';
@ -69,11 +74,15 @@ function user_news_comments() {
$comments = sql_select("SELECT * FROM `news_comments` WHERE `Refid`='" . sql_escape($nid) . "' ORDER BY 'ID'"); $comments = sql_select("SELECT * FROM `news_comments` WHERE `Refid`='" . sql_escape($nid) . "' ORDER BY 'ID'");
foreach ($comments as $comment) { foreach ($comments as $comment) {
$user_source = User($comment['UID']);
if($user_source === false)
engelsystem_error("Unable to load user.");
$html .= '<article class="news_comment">'; $html .= '<article class="news_comment">';
$html .= DisplayAvatar($comment['UID']); $html .= User_Avatar_render($user_source);
$html .= '<details>'; $html .= '<details>';
$html .= $comment['Datum'] . ', '; $html .= $comment['Datum'] . ', ';
$html .= UID2Nick($comment['UID']); $html .= User_Nick_render($user_source);
$html .= '</details>'; $html .= '</details>';
$html .= '<p>' . nl2br($comment['Text']) . '</p>'; $html .= '<p>' . nl2br($comment['Text']) . '</p>';
$html .= '</article>'; $html .= '</article>';

7
includes/pages/user_questions.php
Unescape Escape View File

@ -12,7 +12,12 @@ function user_questions() {
$questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0 AND `UID`=" . sql_escape($user['UID'])); $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0 AND `UID`=" . sql_escape($user['UID']));
foreach ($questions as $question) { foreach ($questions as $question) {
$answered_questions .= '<tr><td>' . str_replace("\n", '<br />', $question['Question']) . '</td>'; $answered_questions .= '<tr><td>' . str_replace("\n", '<br />', $question['Question']) . '</td>';
$answered_questions .= '<td>' . UID2Nick($question['AID']) . '</td><td>' . str_replace("\n", '<br />', $question['Answer']) . '</td>';
$answer_user_source = User($question['AID']);
if($answer_user_source === false)
engelsystem_error("Unable to load user.");
$answered_questions .= '<td>' . User_Nick_render($answer_user_source) . '</td><td>' . str_replace("\n", '<br />', $question['Answer']) . '</td>';
$answered_questions .= '<td><a href="' . page_link_to("user_questions") . '&action=delete&id=' . $question['QID'] . '">Löschen</a></td><tr>'; $answered_questions .= '<td><a href="' . page_link_to("user_questions") . '&action=delete&id=' . $question['QID'] . '">Löschen</a></td><tr>';
} }

145
includes/pages/user_wakeup.php
Unescape Escape View File

@ -1,86 +1,87 @@
<?php <?php
function user_wakeup() { function user_wakeup() {
global $user; global $user;
$html = ""; $html = "";
if (isset ($_REQUEST['action'])) { if (isset ($_REQUEST['action'])) {
switch ($_REQUEST['action']) { switch ($_REQUEST['action']) {
case 'create' : case 'create' :
$date = DateTime::createFromFormat("Y-m-d H:i", $_REQUEST['Date']); $date = DateTime::createFromFormat("Y-m-d H:i", $_REQUEST['Date']);
if ($date != null) { if ($date != null) {
$date = $date->getTimestamp(); $date = $date->getTimestamp();
$bemerkung = strip_request_item_nl('Bemerkung'); $bemerkung = strip_request_item_nl('Bemerkung');
$ort = strip_request_item('Ort'); $ort = strip_request_item('Ort');
$SQL = "INSERT INTO `Wecken` (`UID`, `Date`, `Ort`, `Bemerkung`) " $SQL = "INSERT INTO `Wecken` (`UID`, `Date`, `Ort`, `Bemerkung`) "
. "VALUES ('" . sql_escape($user['UID']) . "', '" . "VALUES ('" . sql_escape($user['UID']) . "', '"
. sql_escape($date) . "', '" . sql_escape($ort) . "', " . "'" . sql_escape($date) . "', '" . sql_escape($ort) . "', " . "'"
. sql_escape($bemerkung) . "')"; . sql_escape($bemerkung) . "')";
sql_query($SQL); sql_query($SQL);
$html .= success(Get_Text(4), true); $html .= success(Get_Text(4), true);
} else } else
$html .= error("Broken date!", true); $html .= error("Broken date!", true);
break; break;
case 'delete' : case 'delete' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id']; $id = $_REQUEST['id'];
else else
return error("Incomplete call, missing wake-up ID.", true); return error("Incomplete call, missing wake-up ID.", true);
$wakeup = sql_select("SELECT * FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); $wakeup = sql_select("SELECT * FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
if (count($wakeup) > 0 && $wakeup[0]['UID'] == $user['UID']) { if (count($wakeup) > 0 && $wakeup[0]['UID'] == $user['UID']) {
sql_query("DELETE FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
$html .= success("Wake-up call deleted.", true); $html .= success("Wake-up call deleted.", true);
} else } else
return error("No wake-up found.", true); return error("No wake-up found.", true);
break; break;
} }
} }
$html .= "<p>" . Get_Text("Hello") . User_Nick_render($user) . ",<br />" $html .= "<p>" . Get_Text("Hello") . User_Nick_render($user) . ",<br />"
. Get_Text("pub_wake_beschreibung") . "</p>\n\n"; . Get_Text("pub_wake_beschreibung") . "</p>\n\n";
$html .= Get_Text("pub_wake_beschreibung2"); $html .= Get_Text("pub_wake_beschreibung2");
$html .= ' $html .= '
<table border="0" width="100%" class="border" cellpadding="2" cellspacing="1"> <table border="0" width="100%" class="border" cellpadding="2" cellspacing="1">
<tr class="contenttopic"> <tr class="contenttopic">
<th>' . Get_Text("pub_wake_Datum") . '</th> <th>' . Get_Text("pub_wake_Datum") . '</th>
<th>' . Get_Text("pub_waeckliste_Nick") . '</th> <th>' . Get_Text("pub_waeckliste_Nick") . '</th>
<th>' . Get_Text("pub_wake_Ort") . '</th> <th>' . Get_Text("pub_wake_Ort") . '</th>
<th>' . Get_Text("pub_wake_Bemerkung") . '</th> <th>' . Get_Text("pub_wake_Bemerkung") . '</th>
<th></th> <th></th>
</tr> </tr>
'; ';
$sql = "SELECT * FROM `Wecken` ORDER BY `Date` ASC"; $wecken_source = sql_select("SELECT * FROM `Wecken` ORDER BY `Date` ASC");
$Erg = sql_query($sql); foreach($wecken_source as $wecken) {
$count = mysql_num_rows($Erg); $html .= '<tr class="content">';
$html .= '<td>' . date("Y-m-d H:i", $wecken['Date']) . ' </td>';
for ($i = 0; $i < $count; $i++) { $user_source = User($wecken['UID']);
$row = mysql_fetch_row($Erg); if($user_source === false)
$html .= '<tr class="content">'; engelsystem_error("Unable to load user.");
$html .= '<td>' . date("Y-m-d H:i", mysql_result($Erg, $i, "Date")) . ' </td>';
$html .= '<td>' . UID2Nick(mysql_result($Erg, $i, "UID")) . ' </td>';
$html .= '<td>' . mysql_result($Erg, $i, "Ort") . ' </td>';
$html .= '<td>' . mysql_result($Erg, $i, "Bemerkung") . ' </td>';
if (mysql_result($Erg, $i, "UID") == $user['UID'])
$html .= '<td><a href="' . page_link_to("user_wakeup") . '&action=delete&id=' . mysql_result($Erg, $i, "ID") . "\">" . Get_Text("pub_wake_del") . '</a></td>';
else
$html .= '<td></td>';
$html .= '</tr>';
}
$html .= '</table><hr />' . Get_Text("pub_wake_Text2"); $html .= '<td>' . User_Nick_render($user_source) . ' </td>';
$html .= '<td>' . $wecken['Ort'] . ' </td>';
$html .= '<td>' . $wecken['Bemerkung'] . ' </td>';
if ($wecken['UID'] == $user['UID'])
$html .= '<td><a href="' . page_link_to("user_wakeup") . '&action=delete&id=' . $wecken['ID'] . "\">" . Get_Text("pub_wake_del") . '</a></td>';
else
$html .= '<td></td>';
$html .= '</tr>';
}
$html .= template_render('../templates/user_wakeup.html', array ( $html .= '</table><hr />' . Get_Text("pub_wake_Text2");
'wakeup_link' => page_link_to("user_wakeup"),
'date_text' => Get_Text("pub_wake_Datum"), $html .= template_render('../templates/user_wakeup.html', array (
'date_value' => date("Y-m-d H:i"), 'wakeup_link' => page_link_to("user_wakeup"),
'place_text' => Get_Text("pub_wake_Ort"), 'date_text' => Get_Text("pub_wake_Datum"),
'comment_text' => Get_Text("pub_wake_Bemerkung"), 'date_value' => date("Y-m-d H:i"),
'comment_value' => "Knock knock Leo, follow the white rabbit to the blue tent", 'place_text' => Get_Text("pub_wake_Ort"),
'submit_text' => Get_Text("pub_wake_bouton") 'comment_text' => Get_Text("pub_wake_Bemerkung"),
)); 'comment_value' => "Knock knock Leo, follow the white rabbit to the blue tent",
return $html; 'submit_text' => Get_Text("pub_wake_bouton")
));
return $html;
} }
?> ?>

5
includes/sys_auth.php
Unescape Escape View File

@ -31,8 +31,7 @@ function generate_salt($length = 16) {
// set the password of a user // set the password of a user
function set_password($uid, $password) { function set_password($uid, $password) {
$res = sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt(16) . '$')) . "' WHERE `UID` = " . intval($uid) . " LIMIT 1"); return sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt(16) . '$')) . "' WHERE `UID` = " . intval($uid) . " LIMIT 1");
return $res && (mysql_affected_rows() > 0);
} }
// verify a password given a precomputed salt. // verify a password given a precomputed salt.
@ -72,8 +71,6 @@ function json_auth_service() {
if (count($Erg) == 1) { if (count($Erg) == 1) {
$Erg = $Erg[0]; $Erg = $Erg[0];
if (verify_password($Pass, $Erg["Passwort"], $Erg["UID"])) { if (verify_password($Pass, $Erg["Passwort"], $Erg["UID"])) {
$UID = mysql_result($Erg, 0, "UID");
$user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($UID) . ";"); $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($UID) . ";");
foreach ($user_privs as $user_priv) foreach ($user_privs as $user_priv)
$privileges[] = $user_priv['name']; $privileges[] = $user_priv['name'];

38
includes/sys_lang.php
Unescape Escape View File

@ -1,38 +0,0 @@
<?php
/**
* Liste verfügbarer Sprachen
*/
$languages = array (
'DE' => "Deutsch",
'EN' => "English"
);
function Get_Text($TextID, $NoError = false) {
global $con, $error_messages, $debug;
if (!isset ($_SESSION['Sprache']))
$_SESSION['Sprache'] = "EN";
if ($_SESSION['Sprache'] == "")
$_SESSION['Sprache'] = "EN";
if (isset ($_GET["SetLanguage"]))
$_SESSION['Sprache'] = $_GET["SetLanguage"];
$SQL = "SELECT * FROM `Sprache` WHERE TextID=\"$TextID\" AND Sprache ='" . $_SESSION['Sprache'] . "'";
@ $Erg = mysql_query($SQL, $con);
if (mysql_num_rows($Erg) == 1)
return mysql_result($Erg, 0, "Text");
elseif ($NoError && !$debug)
return "";
elseif ($debug)
return "Error Data, '$TextID' found " . mysql_num_rows($Erg) . "x";
else
return $TextID;
}
function Print_Text($TextID, $NoError = false) {
echo Get_Text($TextID, $NoError);
}
?>

84
includes/sys_mysql.php
Unescape Escape View File

@ -1,84 +0,0 @@
<?php
function sql_connect($host, $user, $pw, $db) {
global $con;
global $host;
@ $con = mysql_connect($host, $user, $pw);
if ($con == null)
die("no mysql-connection");
if (!mysql_select_db($db, $con))
die("mysql db-selection failed");
mysql_query("SET CHARACTER SET utf8;", $con);
mysql_query("SET NAMES 'utf8'", $con);
}
// Do select query
function sql_select($query) {
global $con;
$start = microtime(true);
if ($result = mysql_query($query, $con)) {
$data = array ();
while ($line = mysql_fetch_assoc($result)) {
array_push($data, $line);
}
return $data;
} else {
print_r(debug_backtrace());
die('MySQL-query error: ' . $query . ", " . mysql_error($con));
}
}
function sql_select_single_col($query) {
$result = sql_select($query);
return array_map('array_shift', $result);
}
function sql_select_single_cell($query) {
return array_shift(array_shift(sql_select($query)));
}
// Execute a query
function sql_query($query) {
global $con;
$start = microtime(true);
if ($result = mysql_query($query, $con)) {
return $result;
} else {
die('MySQL-query error: ' . $query . ", " . mysql_error($con));
}
}
function sql_id() {
global $con;
return mysql_insert_id($con);
}
function sql_escape($query) {
return mysql_real_escape_string($query);
}
function sql_num_query($query) {
return mysql_num_rows(sql_query($query));
}
function sql_error() {
global $con;
return mysql_error($con);
}
$sql_transaction_counter = 0;
function sql_start_transaction() {
global $sql_transaction_counter;
if ($sql_transaction_counter++ == 0)
sql_query("START TRANSACTION");
}
function sql_stop_transaction() {
global $sql_transaction_counter;
if ($sql_transaction_counter-- == 1)
sql_query("COMMIT");
}
?>

55
includes/sys_page.php
Unescape Escape View File

@ -46,59 +46,4 @@ function check_email($email) {
return (bool) preg_match("#^([a-zA-Z0-9_+\-])+(\.([a-zA-Z0-9_+\-])+)*@((\[(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5]))\]))|((([\p{L}0-9])+(([\-])+([\p{L}0-9])+)*\.)+([\p{L}])+(([\-])+([\p{L}0-9])+)*))$#u", $email); return (bool) preg_match("#^([a-zA-Z0-9_+\-])+(\.([a-zA-Z0-9_+\-])+)*@((\[(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5]))\]))|((([\p{L}0-9])+(([\-])+([\p{L}0-9])+)*\.)+([\p{L}])+(([\-])+([\p{L}0-9])+)*))$#u", $email);
} }
/**
* Gibt zwischengespeicherte Fehlermeldungen zurück und löscht den Zwischenspeicher
*/
function msg() {
if (!isset ($_SESSION['msg']))
return "";
$msg = $_SESSION['msg'];
$_SESSION['msg'] = "";
return $msg;
}
/**
* Rendert eine Information
*/
function info($msg, $immediatly = false) {
if ($immediatly) {
if ($msg == "")
return "";
return '<p class="info">' . $msg . '</p>';
} else {
if (!isset ($_SESSION['msg']))
$_SESSION['msg'] = "";
$_SESSION['msg'] .= info($msg, true);
}
}
/**
* Rendert eine Fehlermeldung
*/
function error($msg, $immediatly = false) {
if ($immediatly) {
if ($msg == "")
return "";
return '<p class="error">' . $msg . '</p>';
} else {
if (!isset ($_SESSION['msg']))
$_SESSION['msg'] = "";
$_SESSION['msg'] .= error($msg, true);
}
}
/**
* Rendert eine Erfolgsmeldung
*/
function success($msg, $immediatly = false) {
if ($immediatly) {
if ($msg == "")
return "";
return '<p class="success">' . $msg . '</p>';
} else {
if (!isset ($_SESSION['msg']))
$_SESSION['msg'] = "";
$_SESSION['msg'] .= success($msg, true);
}
}
?> ?>

454
includes/sys_shift.php
Unescape Escape View File

@ -1,454 +0,0 @@
<?php
/**
* Shiftlänge ausrechnen, kommt im Format 12:23h zurück
*/
function shift_length($shift) {
$length = round(($shift['end'] - $shift['start']) / (60 * 60), 0) . ":";
$length .= str_pad((($shift['end'] - $shift['start']) % (60 * 60)) / 60, 2, "0", STR_PAD_LEFT) . "h";
return $length;
}
function load_shift_basics() {
global $VeranstaltungsTageMax, $Room, $RoomID, $EngelType, $EngelTypeID, $TID2Name, $Veranstaltungstage;
// erstellt ein Array der Räume
$rooms = sql_select("SELECT `RID`, `Name` FROM `Room` WHERE `Show`='Y' ORDER BY `Number`, `Name`");
foreach ($rooms as $i => $r) {
$Room[$i] = array (
'RID' => $r['RID'],
'Name' => $r['Name']
);
$RoomID[$r['RID']] = $r['Name'];
}
// erstellt ein Array der Engeltypen
$engel_types = sql_select("SELECT * FROM `EngelType` ORDER BY `name`");
foreach ($engel_types as $engel_type) {
$EngelType[$i] = array (
'id' => $engel_type['id'],
'name' => $engel_type['name'] . Get_Text("inc_schicht_engel")
);
$EngelTypeID[$engel_type['id']] = $engel_type['name'] . Get_Text("inc_schicht_engel");
$TID2Name[$engel_type['id']] = $engel_type['name'];
}
// Erste Schicht suchen
$Pos = 0;
$first_shift = sql_select("SELECT `DateS` FROM `Shifts` ORDER BY `DateS` LIMIT 1");
if (count($first_shift) > 0) {
do {
// Startdatum einlesen und link ausgeben
$DateS = substr($first_shift[0]['DateS'], 0, 10);
$VeranstaltungsTage[$Pos++] = $DateS;
// auslesen den endes und eventuelle weitere tage ausgeben
$last_shift = sql_select("SELECT MAX(`DateE`) FROM `Shifts` WHERE ( (`DateS` like '" . sql_escape($DateS) . "%') AND NOT (`DateE` like '%00:00:00'))");
$DateE = substr($last_shift[0]['DateE'], 0, 10);
if (strlen($DateE) == 0)
$DateE = $DateS;
else
while ($DateS != $DateE) {
$DateS = DatumUm1TagErhoehen($DateS);
$VeranstaltungsTage[$Pos++] = $DateS;
}
// suchen den nächsten eintrag
$first_shift = sql_select("SELECT `DateS` FROM `Shifts` " . "WHERE (`DateS` > '" . sql_escape($DateE) . " 23:59:59' ) " . "ORDER BY `DateS` " . "LIMIT 1");
} while (count($first_shift) > 0);
}
$VeranstaltungsTageMax = $Pos -1;
}
/*#######################################################
# gibt die engelschischten aus #
#######################################################*/
function ausgabe_Feld_Inhalt($SID, $Man) {
// gibt, nach <20>bergabe der der SchichtID (SID) und der RaumBeschreibung,
// die eingetragenden und und offenden Schichteint<6E>ge zur<75>ck
global $EngelType, $EngelTypeID, $TID2Name, $con, $debug, $gmdateOffset;
$Spalten = "";
if (!isset ($_GET["Icon"]))
$_GET["Icon"] = 1;
///////////////////////////////////////////////////////////////////
// Schow Admin Page
///////////////////////////////////////////////////////////////////
$Spalten .= funktion_isLinkAllowed_addLink_OrEmpty("admin/schichtplan.php?action=change&SID=$SID", "edit<br />\n");
///////////////////////////////////////////////////////////////////
// Ausgabe des Schichtnamens
///////////////////////////////////////////////////////////////////
$SQL = "SELECT `URL` FROM `Shifts` WHERE (`SID` = '$SID');";
$Erg = mysql_query($SQL, $con);
if (mysql_result($Erg, 0, 0) != "")
$Spalten .= "<a href=\"" . mysql_result($Erg, 0, 0) . "\" target=\"_black\"><u>$Man:</u></a><br />";
else
$Spalten .= "<u>" .
$Man . ":</u><br />";
///////////////////////////////////////////////////////////////////
// SQL abfrage f<>r die ben<65>tigten schichten
///////////////////////////////////////////////////////////////////
$SQL = "SELECT * FROM `ShiftEntry` WHERE (`SID` = '" . sql_escape($SID) . "') ORDER BY `TID`, `UID` DESC ;";
$Erg = mysql_query($SQL, $con);
$Anzahl = mysql_num_rows($Erg);
$Feld = 0;
$Temp_TID_old = -1;
for ($i = 0; $i < $Anzahl; $i++) {
if (isset ($Temp[$Feld]["TID"]))
$Temp_TID_old = $Temp[$Feld]["TID"];
if (isset ($Temp[$Feld]["UID"]))
$Temp_UID_old = $Temp[$Feld]["UID"];
$Temp_TID = mysql_result($Erg, $i, "TID");
// wenn sich der Type <20>ndert wird zumn<6D>sten feld geweckselt
if ($Temp_TID_old != $Temp_TID)
$Feld++;
$Temp[$Feld]["TID"] = $Temp_TID;
$Temp[$Feld]["UID"] = mysql_result($Erg, $i, "UID");
// sonderfall ersten durchlauf
if ($i == 0) {
$Temp_TID_old = $Temp[$Feld]["TID"];
$Temp_UID_old = $Temp[$Feld]["UID"];
}
// ist es eine zu vergeben schicht?
if ($Temp[$Feld]["UID"] == 0) {
if (isset ($Temp[$Feld]["free"]))
$Temp[$Feld]["free"]++;
else
$Temp[$Feld]["free"] = 1;
} else
$Temp[$Feld]["Engel"][] = $Temp[$Feld]["UID"];
} // FOR
///////////////////////////////////////////////////////////////////
// Aus gabe der Schicht
///////////////////////////////////////////////////////////////////
if (isset ($Temp))
if (count($Temp))
foreach ($Temp as $TempEntry => $TempValue) {
if (!isset ($TempValue["free"]))
$TempValue["free"] = 0;
// ausgabe EngelType
$Spalten .= $EngelTypeID[$TempValue["TID"]] . " ";
// ausgabe Eingetragener Engel
if (isset ($TempValue["Engel"]))
if (count($TempValue["Engel"]) > 0) {
if (count($TempValue["Engel"]) == 1)
$Spalten .= Get_Text("inc_schicht_ist") . ":<br />\n";
else
$Spalten .= Get_Text("inc_schicht_sind") . ":<br />\n";
foreach ($TempValue["Engel"] as $TempEngelEntry => $TempEngelID) {
if (funktion_isLinkAllowed("admin/user.php") === TRUE) {
// add color, wenn Engel "Gekommen"
$TempText = ((UIDgekommen($TempEngelID) == "1") ? "<span style=\"color: blue;\">" : "<span style=\"color: red;\">") .
UID2Nick($TempEngelID) . "</span>";
} else {
$TempText = UID2Nick($TempEngelID);
}
// add link to user
$TempText = funktion_isLinkAllowed_addLink_OrLinkText("admin/userChangeNormal.php?enterUID=$TempEngelID&Type=Normal", $TempText);
$Spalten .= "&nbsp;&nbsp;" . $TempText .
(($_GET["Icon"] == 1) ? DisplayAvatar($TempEngelID) : "") .
"<br />\n";
}
$Spalten = substr($Spalten, 0, strlen($Spalten) - 7);
}
// ausgabe ben<65>tigter Engel
////////////////////////////
//in vergangenheit
$SQLtime = "SELECT `DateE` FROM `Shifts` WHERE (`SID`='" . sql_escape($SID) . "' AND `DateE` >= '" .
gmdate("Y-m-d H:i:s", time() + $gmdateOffset) . "')";
$Ergtime = mysql_query($SQLtime, $con);
if (mysql_num_rows($Ergtime) > 0) {
//wenn keien rechte definiert sind
if (!isset ($_SESSION['CVS'][$TID2Name[$TempValue["TID"]]]))
$_SESSION['CVS'][$TID2Name[$TempValue["TID"]]] = "Y";
if ($_SESSION['CVS'][$TID2Name[$TempValue["TID"]]] == "Y")
if ($TempValue["free"] > 0) {
$Spalten .= "<br />\n&nbsp;&nbsp;<a href=\"./schichtplan_add.php?SID=$SID&TID=" .
$TempValue["TID"] . "\">";
$Spalten .= $TempValue["free"];
if ($TempValue["free"] != 1)
$Spalten .= Get_Text("inc_schicht_weitere") .
" " . Get_Text("inc_schicht_Engel") .
Get_Text("inc_schicht_wird");
else
$Spalten .= Get_Text("inc_schicht_weiterer") .
" " . Get_Text("inc_schicht_Engel") .
Get_Text("inc_schicht_werden");
$Spalten .= Get_Text("inc_schicht_noch_gesucht");
$Spalten .= "</a>";
}
} else {
if (isset ($TempValue["free"]))
if ($TempValue["free"] > 0)
$Spalten .= "<br />\n&nbsp;&nbsp;<h3><a>Fehlen noch: " .
$TempValue["free"] . "</a></h3>";
}
$Spalten .= "<br />\n";
} // FOREACH
return $Spalten;
} // function Ausgabe_Feld_Inhalt
/*#######################################################
# gibt die engelschischten Druckergerecht aus #
#######################################################*/
function Ausgabe_Feld_Inhalt_Druck($RID, $Man) {
// gibt, nach <20>bergabe der der SchichtID (SID) und der RaumBeschreibung,
// die eingetragenden und und offenden Schichteint<6E>ge zur<75>ck
} // function Ausgabe_Feld_Inhalt
/*#######################################################
# Ausgabe der Raum Spalten #
#######################################################*/
function CreateRoomShifts($raum) {
global $Spalten, $ausdatum, $con, $debug, $GlobalZeileProStunde, $error_messages;
/////////////////////////////////////////////////////////////
// beginnt die erste schicht vor dem heutigen tag und geht dar<61>ber hinaus
/////////////////////////////////////////////////////////////
$SQLSonder = "SELECT `SID`, `DateS`, `DateE` , `Len`, `Man` FROM `Shifts` " .
"WHERE ((`RID` = '" . sql_escape($raum) . "') AND (`DateE` > '$ausdatum 23:59:59') AND " .
"(`DateS` < '" . sql_escape($ausdatum) . " 00:00:00') ) ORDER BY `DateS`;";
$ErgSonder = mysql_query($SQLSonder, $con);
if ((mysql_num_rows($ErgSonder) > 1)) {
if (funktion_isLinkAllowed("admin/schichtplan.php") === TRUE) {
echo "<h1>" . Get_Text("pub_schichtplan_colision") . "</h1> ";
for ($i = 0; $i < mysql_num_rows($ErgSonder); $i++) {
echo "<a href=\"./../admin/schichtplan.php?action=change&SID=" .
mysql_result($ErgSonder, $i, "SID") . "\">" .
mysql_result($ErgSonder, $i, "DateS") .
" '" . mysql_result($ErgSonder, $i, "Man") . "' (RID $raum) (00-24)" .
"</a><br />\n";
}
}
}
elseif ((mysql_num_rows($ErgSonder) == 1)) {
$Spalten[0] .= "<td valign=\"top\" rowspan=\"" . (24 * $GlobalZeileProStunde) . "\">\n" .
"<h3>&uarr;&uarr;&uarr;</h3>" .
Ausgabe_Feld_Inhalt(mysql_result($ErgSonder, 0, "SID"), mysql_result($ErgSonder, 0, "Man")) .
"<h3>&darr;&darr;&darr;</h3>" .
"\n</td>\n";
return;
}
$ZeitZeiger = 0;
/////////////////////////////////////////////////////////////
// beginnt die erste schicht vor dem heutigen tag?
/////////////////////////////////////////////////////////////
$SQLSonder = "SELECT `SID`, `DateS`, `DateE` , `Len`, `Man` FROM `Shifts` " .
"WHERE ((`RID` = '" . sql_escape($raum) . "') AND (`DateE` > '" . sql_escape($ausdatum) . " 00:00:00') AND " .
"(`DateS` < '" . sql_escape($ausdatum) . " 00:00:00') ) ORDER BY `DateS`;";
$ErgSonder = mysql_query($SQLSonder, $con);
if ((mysql_num_rows($ErgSonder) > 1)) {
if (funktion_isLinkAllowed("admin/schichtplan.php") === TRUE) {
echo "<h1>" . Get_Text("pub_schichtplan_colision") . "</h1> ";
for ($i = 0; $i < mysql_num_rows($ErgSonder); $i++) {
echo "<a href=\"./../admin/schichtplan.php?action=change&SID=" .
mysql_result($ErgSonder, $i, "SID") . "\">" .
mysql_result($ErgSonder, $i, "DateS") .
" '" . mysql_result($ErgSonder, $i, "Man") . "' (RID $raum) (00-xx)" .
"</a><br />\n";
}
}
}
elseif ((mysql_num_rows($ErgSonder) == 1)) {
$ZeitZeiger = substr(mysql_result($ErgSonder, 0, "DateE"), 11, 2) + (substr(mysql_result($ErgSonder, 0, "DateE"), 14, 2) / 60);
$Spalten[0] .= "<td valign=\"top\" rowspan=\"" . ($ZeitZeiger * $GlobalZeileProStunde) . "\">\n" .
"<h3>&uarr;&uarr;&uarr;</h3>" .
Ausgabe_Feld_Inhalt(mysql_result($ErgSonder, 0, "SID"), mysql_result($ErgSonder, 0, "Man")) .
"\n</td>\n";
}
/////////////////////////////////////////////////////////////
// gibt die schichten f<>r den tag aus
/////////////////////////////////////////////////////////////
$SQL = "SELECT `SID`, `DateS`, `Len`, `Man` FROM `Shifts` " .
"WHERE ((`RID` = '" . sql_escape($raum) . "') and " .
"(`DateS` >= '" . sql_escape($ausdatum) . ' ' . sql_escape($ZeitZeiger) . ":00:00') and " .
"(`DateS` like '" . sql_escape($ausdatum) . "%')) ORDER BY `DateS`;";
$Erg = mysql_query($SQL, $con);
for ($i = 0; $i < mysql_num_rows($Erg); ++ $i) {
$ZeitPos = substr(mysql_result($Erg, $i, "DateS"), 11, 2) + (substr(mysql_result($Erg, $i, "DateS"), 14, 2) / 60);
$len = mysql_result($Erg, $i, "Len");
if ($len <= 0)
array_push($error_messages, "Error in shift denition SID=" . mysql_result($Erg, $i, "SID") . " Len=$len");
if ($ZeitZeiger < $ZeitPos) {
$Spalten[$ZeitZeiger * $GlobalZeileProStunde] .= "<td valign=\"top\" rowspan=\"" . (($ZeitPos - $ZeitZeiger) * $GlobalZeileProStunde) . "\">&nbsp;</td>\n";
$ZeitZeiger += $ZeitPos - $ZeitZeiger;
}
if ($ZeitZeiger == $ZeitPos) {
//sonderfall wenn die schicht <20>ber dei 24 stunden hinaus geht
// (eintrag abk<62>rzen, pfeiel ausgeben)
$Spalten[$ZeitZeiger * $GlobalZeileProStunde] .= "<td valign=\"top\" rowspan=\"" .
((($len + $ZeitZeiger) ? $len : 24 - $len + $ZeitZeiger) * $GlobalZeileProStunde) .
"\">\n" .
"" .
Ausgabe_Feld_Inhalt(mysql_result($Erg, $i, "SID"), mysql_result($Erg, $i, "Man")) .
((($ZeitZeiger + $len) > 24) ? "<h3>&darr;&darr;&darr;</h3>" : "") .
"\n</td>\n";
$ZeitZeiger += $len;
} else {
echo "<h1>" . Get_Text("pub_schichtplan_colision") . "</h1> ";
echo "<a href=\"./../admin/schichtplan.php?action=change&SID=" .
mysql_result($Erg, $i, "SID") . "\">" .
mysql_result($Erg, $i, "DateS") .
" '" . mysql_result($Erg, $i, "Man") . "' " .
" (" . mysql_result($Erg, $i, "SID") . " R$raum) (xx-xx)</a><br /><br />";
}
}
if ($ZeitZeiger < 24)
$Spalten[($ZeitZeiger * $GlobalZeileProStunde)] .= "<td valign=\"top\" rowspan=\"" .
((24 - $ZeitZeiger) * $GlobalZeileProStunde) .
"\">&nbsp;</td>\n";
} // function CreateRoomShifts
/*#######################################################
# Ausgabe der freien schichten #
#######################################################*/
function showEmptyShifts() {
global $con, $debug, $RoomID, $gmdateOffset;
echo "<table border=\"1\">\n";
echo "<tr>\n";
echo "<th>" . Get_Text("inc_schicht_date") . "</th>\n";
echo "<th>" . Get_Text("inc_schicht_time") . "</th>\n";
echo "<th>" . Get_Text("inc_schicht_room") . "</th>\n";
echo "<th>" . Get_Text("inc_schicht_commend") . "</th>\n";
echo "</tr>\n";
$sql = "SELECT `SID`, `DateS`, `Man`, `RID` FROM `Shifts` " .
"WHERE (`Shifts`.`DateS`>='" . gmdate("Y-m-d H:i:s", time() + $gmdateOffset) . "') " .
"ORDER BY `DateS`, `RID`;";
$Erg = mysql_query($sql, $con);
$angezeigt = 0;
for ($i = 0;($i < mysql_num_rows($Erg)) && ($angezeigt < 15); $i++)
if (isset ($RoomID[mysql_result($Erg, $i, "RID")]))
if ($RoomID[mysql_result($Erg, $i, "RID")] != "") {
$Sql2 = "SELECT `UID` FROM `ShiftEntry` " .
"WHERE `SID`=" . mysql_result($Erg, $i, "SID") . " AND " .
"`UID`='0';";
$Erg2 = mysql_query($Sql2, $con);
if (mysql_num_rows($Erg2) > 0) {
$angezeigt++;
echo "<tr>\n";
echo "<td>" . substr(mysql_result($Erg, $i, "DateS"), 0, 10) . "</td>\n";
echo "<td>" . substr(mysql_result($Erg, $i, "DateS"), 11) . "</td>\n";
echo "<td>" . $RoomID[mysql_result($Erg, $i, "RID")] . "</td>\n";
echo "<td>" .
ausgabe_Feld_Inhalt(mysql_result($Erg, $i, "SID"), mysql_result($Erg, $i, "Man")) .
"</td>\n";
echo "</tr>\n";
}
}
echo "</table>\n";
} //function showEmptyShifts
/*#######################################################
# Gibt die anzahl der Schichten im Raum zur<75>ck #
#######################################################*/
function SummRoomShifts($raum) {
global $ausdatum, $con, $debug, $GlobalZeileProStunde;
$SQLSonder = "SELECT `SID`, `DateS`, `Len`, `Man` FROM `Shifts` " .
"WHERE ((`RID` = '" . sql_escape($raum) . "') AND (`DateE` >= '$ausdatum 00:00:00') AND " .
"(`DateS` <= '$ausdatum 23:59:59') ) ORDER BY `DateS`;";
$ErgSonder = mysql_query($SQLSonder, $con);
return mysql_num_rows($ErgSonder);
}
function DatumUm1TagErhoehen($Datum) {
$Jahr = substr($Datum, 0, 4);
$Monat = substr($Datum, 5, 2);
$Tag = substr($Datum, 8, 2);
$Tag++;
switch ($Monat) {
case 1 :
$Mmax = 31;
break;
case 2 :
$Mmax = 28;
break;
case 3 :
$Mmax = 31;
break;
case 4 :
$Mmax = 30;
break;
case 5 :
$Mmax = 31;
break;
case 6 :
$Mmax = 30;
break;
case 7 :
$Mmax = 31;
break;
case 8 :
$Mmax = 31;
break;
case 9 :
$Mmax = 30;
break;
case 10 :
$Mmax = 31;
break;
case 11 :
$Mmax = 30;
break;
case 12 :
$Mmax = 31;
break;
}
if ($Tag > $Mmax) {
$Tag = 1;
$Monat++;
}
if ($Monat > 12) {
$Monat = 1;
$Jahr++;
}
$Tag = strlen($Tag) == 1 ? "0" . $Tag : $Tag;
$Monat = strlen($Monat) == 1 ? "0" . $Monat : $Monat;
return ("$Jahr-$Monat-$Tag");
}
?>

252
includes/sys_template.php
Unescape Escape View File

@ -5,17 +5,17 @@
* Liste der verfügbaren Themes * Liste der verfügbaren Themes
*/ */
$themes = array ( $themes = array (
"1" => "Standard-Style", "1" => "Standard-Style",
"2" => "ot/Gelber Style", "2" => "ot/Gelber Style",
"3" => "Club-Mate Style", "3" => "Club-Mate Style",
"5" => "Debian Style", "5" => "Debian Style",
"6" => "c-base Style", "6" => "c-base Style",
"7" => "Blau/Gelber Style", "7" => "Blau/Gelber Style",
"8" => "Pastel Style", "8" => "Pastel Style",
"4" => "Test Style", "4" => "Test Style",
"9" => "Test Style 21c3", "9" => "Test Style 21c3",
"10" => "Engelsystem 2.0", "10" => "Engelsystem 2.0",
"11" => "msquare (29c3)" "11" => "msquare (29c3)"
); );
/** /**
@ -26,14 +26,14 @@ $themes = array (
* @param selected Array mit den Keys, die ausgewählt sind * @param selected Array mit den Keys, die ausgewählt sind
*/ */
function form_checkboxes($name, $label, $items, $selected) { function form_checkboxes($name, $label, $items, $selected) {
$html = "<ul>"; $html = "<ul>";
foreach ($items as $key => $item) { foreach ($items as $key => $item) {
$id = $name . '_' . $key; $id = $name . '_' . $key;
$sel = array_search($key, $selected) !== false ? ' checked="checked"' : ""; $sel = array_search($key, $selected) !== false ? ' checked="checked"' : "";
$html .= '<li><input type="checkbox" id="' . $id . '" name="' . $id . '" value="checked"' . $sel . ' /><label for="' . $id . '">' . $item . '</label></li>'; $html .= '<li><input type="checkbox" id="' . $id . '" name="' . $id . '" value="checked"' . $sel . ' /><label for="' . $id . '">' . $item . '</label></li>';
} }
$html .= "</ul>"; $html .= "</ul>";
return form_element($label, $html); return form_element($label, $html);
} }
/** /**
@ -45,197 +45,223 @@ function form_checkboxes($name, $label, $items, $selected) {
* @param disabled Wie selected, nur dass die entsprechenden Checkboxen deaktiviert statt markiert sind * @param disabled Wie selected, nur dass die entsprechenden Checkboxen deaktiviert statt markiert sind
*/ */
function form_multi_checkboxes($names, $label, $items, $selected, $disabled = array()) { function form_multi_checkboxes($names, $label, $items, $selected, $disabled = array()) {
$html = "<table><thead><tr>"; $html = "<table><thead><tr>";
foreach ($names as $title) foreach ($names as $title)
$html .= "<th>$title</th>"; $html .= "<th>$title</th>";
$html .= "</tr></thead><tbody>"; $html .= "</tr></thead><tbody>";
foreach ($items as $key => $item) { foreach ($items as $key => $item) {
$html .= "<tr>"; $html .= "<tr>";
foreach ($names as $name => $title) { foreach ($names as $name => $title) {
$id = $name . '_' . $key; $id = $name . '_' . $key;
$sel = array_search($key, $selected[$name]) !== false ? ' checked="checked"' : ""; $sel = array_search($key, $selected[$name]) !== false ? ' checked="checked"' : "";
if (!empty($disabled) && !empty($disabled[$name]) && array_search($key, $disabled[$name]) !== false) if (!empty($disabled) && !empty($disabled[$name]) && array_search($key, $disabled[$name]) !== false)
$sel .= ' disabled="disabled"'; $sel .= ' disabled="disabled"';
$html .= '<td style="text-align: center;"><input type="checkbox" id="' . $id . '" name="' . $name . '[]" value="' . $key . '"' . $sel . ' /></td>'; $html .= '<td style="text-align: center;"><input type="checkbox" id="' . $id . '" name="' . $name . '[]" value="' . $key . '"' . $sel . ' /></td>';
} }
$html .= '<td><label for="' . $id . '">' . $item . '</label></td></tr>'; $html .= '<td><label for="' . $id . '">' . $item . '</label></td></tr>';
} }
$html .= "</tbody></table>"; $html .= "</tbody></table>";
return form_element($label, $html); return form_element($label, $html);
} }
/** /**
* Rendert eine Checkbox * Rendert eine Checkbox
*/ */
function form_checkbox($name, $label, $selected, $value = 'checked') { function form_checkbox($name, $label, $selected, $value = 'checked') {
return form_element("", '<input type="checkbox" id="' . $name . '" name="' . $name . '" value="' . $value . '"' . ($selected ? ' checked="checked"' : '') . ' /><label for="' . $name . '">' . $label . '</label>'); return form_element("", '<input type="checkbox" id="' . $name . '" name="' . $name . '" value="' . $value . '"' . ($selected ? ' checked="checked"' : '') . ' /><label for="' . $name . '">' . $label . '</label>');
} }
/** /**
* Rendert einen Infotext in das Formular * Rendert einen Infotext in das Formular
*/ */
function form_info($label, $text) { function form_info($label, $text) {
return form_element($label, $text, ""); return form_element($label, $text, "");
} }
/** /**
* Rendert den Absenden-Button eines Formulars * Rendert den Absenden-Button eines Formulars
*/ */
function form_submit($name, $label) { function form_submit($name, $label) {
return form_element('<input class="button save ' . $name . '" type="submit" name="' . $name . '" value="' . $label . '" />', ""); return form_element('<input class="button save ' . $name . '" type="submit" name="' . $name . '" value="' . $label . '" />', "");
} }
/** /**
* Rendert ein Formular-Textfeld * Rendert ein Formular-Textfeld
*/ */
function form_text($name, $label, $value, $disabled = false) { function form_text($name, $label, $value, $disabled = false) {
$disabled = $disabled ? ' disabled="disabled"' : ''; $disabled = $disabled ? ' disabled="disabled"' : '';
return form_element($label, '<input id="form_' . $name . '" type="text" name="' . $name . '" value="' . $value . '" ' . $disabled . '/>', 'form_' . $name); return form_element($label, '<input id="form_' . $name . '" type="text" name="' . $name . '" value="' . $value . '" ' . $disabled . '/>', 'form_' . $name);
} }
/** /**
* Rendert ein Formular-Passwortfeld * Rendert ein Formular-Passwortfeld
*/ */
function form_password($name, $label, $disabled = false) { function form_password($name, $label, $disabled = false) {
$disabled = $disabled ? ' disabled="disabled"' : ''; $disabled = $disabled ? ' disabled="disabled"' : '';
return form_element($label, '<input id="form_' . $name . '" type="password" name="' . $name . '" value="" ' . $disabled . '/>', 'form_' . $name); return form_element($label, '<input id="form_' . $name . '" type="password" name="' . $name . '" value="" ' . $disabled . '/>', 'form_' . $name);
} }
/** /**
* Rendert ein Formular-Textfeld * Rendert ein Formular-Textfeld
*/ */
function form_textarea($name, $label, $value, $disabled = false) { function form_textarea($name, $label, $value, $disabled = false) {
$disabled = $disabled ? ' disabled="disabled"' : ''; $disabled = $disabled ? ' disabled="disabled"' : '';
return form_element($label, '<textarea id="form_' . $name . '" type="text" name="' . $name . '" ' . $disabled . '>' . $value . '</textarea>', 'form_' . $name); return form_element($label, '<textarea id="form_' . $name . '" type="text" name="' . $name . '" ' . $disabled . '>' . $value . '</textarea>', 'form_' . $name);
} }
/** /**
* Rendert ein Formular-Auswahlfeld * Rendert ein Formular-Auswahlfeld
*/ */
function form_select($name, $label, $values, $selected) { function form_select($name, $label, $values, $selected) {
return form_element($label, html_select_key('form_' . $name, $name, $values, $selected), 'form_' . $name); return form_element($label, html_select_key('form_' . $name, $name, $values, $selected), 'form_' . $name);
} }
/** /**
* Rendert ein Formular-Element * Rendert ein Formular-Element
*/ */
function form_element($label, $input, $for = "") { function form_element($label, $input, $for = "") {
return '<div class="form_element">' . '<label for="' . $for . '" class="form_label">' . $label . '</label><div class="form_input">' . $input . '</div></div>'; return '<div class="form_element">' . '<label for="' . $for . '" class="form_label">' . $label . '</label><div class="form_input">' . $input . '</div></div>';
} }
/** /**
* Rendert ein Formular * Rendert ein Formular
*/ */
function form($elements, $action = "") { function form($elements, $action = "") {
return '<form action="' . $action . '" enctype="multipart/form-data" method="post"><div class="form">' . join($elements) . '</div></form>'; return '<form action="' . $action . '" enctype="multipart/form-data" method="post"><div class="form">' . join($elements) . '</div></form>';
} }
/** /**
* Generiert HTML Code für eine "Seite". Fügt dazu die übergebenen Elemente zusammen. * Generiert HTML Code für eine "Seite". Fügt dazu die übergebenen Elemente zusammen.
*/ */
function page($elements) { function page($elements) {
return join($elements); return join($elements);
} }
/** /**
* Rendert eine Datentabelle * Rendert eine Datentabelle
*/ */
function table($columns, $rows, $data = true) { function table($columns, $rows, $data = true) {
if (count($rows) == 0) if (count($rows) == 0)
return info("No data available.", true); return info("No data available.", true);
$html = ""; $html = "";
$html .= '<table' . ($data ? ' class="data"' : '') . '>'; $html .= '<table' . ($data ? ' class="data"' : '') . '>';
$html .= '<thead><tr>'; $html .= '<thead><tr>';
foreach ($columns as $key => $column) foreach ($columns as $key => $column)
$html .= '<th class="' . $key . '">' . $column . '</th>'; $html .= '<th class="' . $key . '">' . $column . '</th>';
$html .= '</tr></thead>'; $html .= '</tr></thead>';
$html .= '<tbody>'; $html .= '<tbody>';
foreach ($rows as $row) { foreach ($rows as $row) {
$html .= '<tr>'; $html .= '<tr>';
foreach ($columns as $key => $column) foreach ($columns as $key => $column)
if (isset ($row[$key])) if (isset ($row[$key]))
$html .= '<td class="' . $key . '">' . $row[$key] . '</td>'; $html .= '<td class="' . $key . '">' . $row[$key] . '</td>';
else else
$html .= '<td class="' . $key . '">&nbsp;</td>'; $html .= '<td class="' . $key . '">&nbsp;</td>';
$html .= '</tr>'; $html .= '</tr>';
} }
$html .= '</tbody>'; $html .= '</tbody>';
$html .= '</table>'; $html .= '</table>';
return $html; return $html;
} }
/** /**
* Rendert einen Knopf * Rendert einen Knopf
*/ */
function button($href, $label, $class = "") { function button($href, $label, $class = "") {
return '<a href="' . $href . '" class="button ' . $class . '">' . $label . '</a>'; return '<a href="' . $href . '" class="button ' . $class . '">' . $label . '</a>';
} }
/** /**
* Rendert eine Toolbar mit Knöpfen * Rendert eine Toolbar mit Knöpfen
*/ */
function buttons($buttons = array ()) { function buttons($buttons = array ()) {
return '<div class="toolbar">' . join(' ', $buttons) . '</div>'; return '<div class="toolbar">' . join(' ', $buttons) . '</div>';
} }
// Load and render template // Load and render template
function template_render($file, $data) { function template_render($file, $data) {
if (file_exists($file)) { if (file_exists($file)) {
$template = file_get_contents($file); $template = file_get_contents($file);
if (is_array($data)) if (is_array($data))
foreach ($data as $name => $content) { foreach ($data as $name => $content) {
$template = str_replace("%" . $name . "%", $content, $template); $template = str_replace("%" . $name . "%", $content, $template);
} }
return $template; return $template;
} else { } else {
die('Cannot find template file &laquo;' . $file . '&raquo;.'); die('Cannot find template file &laquo;' . $file . '&raquo;.');
} }
} }
function shorten($str) { function shorten($str) {
if (strlen($str) < 50) if (strlen($str) < 50)
return $str; return $str;
return '<span title="' . htmlentities($str, ENT_COMPAT, 'UTF-8') . '">' . substr($str, 0, 47) . '...</span>'; return '<span title="' . htmlentities($str, ENT_COMPAT, 'UTF-8') . '">' . substr($str, 0, 47) . '...</span>';
} }
function table_body($array) { function table_body($array) {
$html = ""; $html = "";
foreach ($array as $line) { foreach ($array as $line) {
$html .= "<tr>"; $html .= "<tr>";
if (is_array($line)) { if (is_array($line)) {
foreach ($line as $td) foreach ($line as $td)
$html .= "<td>" . $td . "</td>"; $html .= "<td>" . $td . "</td>";
} else { } else {
$html .= "<td>" . $line . "</td>"; $html .= "<td>" . $line . "</td>";
} }
$html .= "</tr>"; $html .= "</tr>";
} }
return $html; return $html;
} }
function html_options($name, $options, $selected = "") { function html_options($name, $options, $selected = "") {
$html = ""; $html = "";
foreach ($options as $value => $label) foreach ($options as $value => $label)
$html .= '<input type="radio"' . ($value == $selected ? ' checked="checked"' : '') . ' name="' . $name . '" value="' . $value . '"> ' . $label; $html .= '<input type="radio"' . ($value == $selected ? ' checked="checked"' : '') . ' name="' . $name . '" value="' . $value . '"> ' . $label;
return $html; return $html;
} }
function html_select_key($id, $name, $rows, $selected) { function html_select_key($id, $name, $rows, $selected) {
$html = '<select id="' . $id . '" name="' . $name . '">'; $html = '<select id="' . $id . '" name="' . $name . '">';
foreach ($rows as $key => $row) { foreach ($rows as $key => $row) {
if (($key == $selected) || ($row == $selected)) { if (($key == $selected) || ($row == $selected)) {
$html .= '<option value="' . $key . '" selected="selected">' . $row . '</option>'; $html .= '<option value="' . $key . '" selected="selected">' . $row . '</option>';
} else { } else {
$html .= '<option value="' . $key . '">' . $row . '</option>'; $html .= '<option value="' . $key . '">' . $row . '</option>';
} }
} }
$html .= '</select>'; $html .= '</select>';
return $html; return $html;
} }
function img_button($link, $icon, $text, $extra_text = '') { function img_button($link, $icon, $text, $extra_text = '') {
$translation = empty($text)? '' : Get_Text($text); $translation = empty($text)? '' : Get_Text($text);
return '<a href="' . htmlspecialchars($link) . '"><img src="pic/icons/' . htmlspecialchars($icon) . '.png" alt="' . $translation . '" ' . (empty($translation)? '' : 'title="' . $translation . '"') . '>' . (empty($extra_text)? '' : ' ' . $extra_text) . '</a>'; return '<a href="' . htmlspecialchars($link) . '"><img src="pic/icons/' . htmlspecialchars($icon) . '.png" alt="' . $translation . '" ' . (empty($translation)? '' : 'title="' . $translation . '"') . '>' . (empty($extra_text)? '' : ' ' . $extra_text) . '</a>';
}
function ReplaceSmilies($neueckig) {
$neueckig = str_replace(";o))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig);
$neueckig = str_replace(":-))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig);
$neueckig = str_replace(";o)", "<img src=\"pic/smiles/icon_wind.gif\">", $neueckig);
$neueckig = str_replace(":)", "<img src=\"pic/smiles/icon_smile.gif\">", $neueckig);
$neueckig = str_replace(":-)", "<img src=\"pic/smiles/icon_smile.gif\">", $neueckig);
$neueckig = str_replace(":(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig);
$neueckig = str_replace(":-(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig);
$neueckig = str_replace(":o(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig);
$neueckig = str_replace(":o)", "<img src=\"pic/smiles/icon_lol.gif\">", $neueckig);
$neueckig = str_replace(";o(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig);
$neueckig = str_replace(";(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig);
$neueckig = str_replace(";-(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig);
$neueckig = str_replace("8)", "<img src=\"pic/smiles/icon_rolleyes.gif\">", $neueckig);
$neueckig = str_replace("8o)", "<img src=\"pic/smiles/icon_rolleyes.gif\">", $neueckig);
$neueckig = str_replace(":P", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig);
$neueckig = str_replace(":-P", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig);
$neueckig = str_replace(":oP", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig);
$neueckig = str_replace(";P", "<img src=\"pic/smiles/icon_mad.gif\">", $neueckig);
$neueckig = str_replace(";oP", "<img src=\"pic/smiles/icon_mad.gif\">", $neueckig);
$neueckig = str_replace("?)", "<img src=\"pic/smiles/icon_question.gif\">", $neueckig);
return $neueckig;
} }
?> ?>

133
includes/sys_user.php
Unescape Escape View File

@ -1,133 +0,0 @@
<?php
function User_Nick_render($user_source) {
global $user, $privileges;
if($user['UID'] == $user_source['UID'] || in_array('user_shifts_admin', $privileges))
return '<a href="' . page_link_to('user_myshifts') . '&amp;id=' . $user_source['UID'] . '">' . htmlspecialchars($user_source['Nick']) . '</a>';
else
return htmlspecialchars($user_source['Nick']);
}
/**
* Available T-Shirt sizes
*/
$tshirt_sizes = array (
'' => "Please select...",
'S' => "S",
'M' => "M",
'L' => "L",
'XL' => "XL",
'2XL' => "2XL",
'3XL' => "3XL",
'4XL' => "4XL",
'5XL' => "5XL",
'S-G' => "S Girl",
'M-G' => "M Girl",
'L-G' => "L Girl",
'XL-G' => "XL Girl"
);
function UID2Nick($UID) {
if ($UID > 0)
$SQL = "SELECT Nick FROM `User` WHERE UID='" . sql_escape($UID) . "'";
else
$SQL = "SELECT Name FROM `Groups` WHERE UID='" . sql_escape($UID) . "'";
$Erg = sql_select($SQL);
if (count($Erg) > 0) {
if ($UID > 0)
return $Erg[0]['Nick'];
else
return "Group-" . $Erg[0]['Name'];
} else {
if ($UID == -1)
return "Guest";
else
return "UserID $UID not found";
}
}
function TID2Type($TID) {
global $con;
$SQL = "SELECT Name FROM `EngelType` WHERE TID='" . sql_escape($TID) . "'";
$Erg = mysql_query($SQL, $con);
if (mysql_num_rows($Erg))
return mysql_result($Erg, 0);
else
return "";
}
function ReplaceSmilies($neueckig) {
$neueckig = str_replace(";o))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig);
$neueckig = str_replace(":-))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig);
$neueckig = str_replace(";o)", "<img src=\"pic/smiles/icon_wind.gif\">", $neueckig);
$neueckig = str_replace(":)", "<img src=\"pic/smiles/icon_smile.gif\">", $neueckig);
$neueckig = str_replace(":-)", "<img src=\"pic/smiles/icon_smile.gif\">", $neueckig);
$neueckig = str_replace(":(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig);
$neueckig = str_replace(":-(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig);
$neueckig = str_replace(":o(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig);
$neueckig = str_replace(":o)", "<img src=\"pic/smiles/icon_lol.gif\">", $neueckig);
$neueckig = str_replace(";o(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig);
$neueckig = str_replace(";(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig);
$neueckig = str_replace(";-(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig);
$neueckig = str_replace("8)", "<img src=\"pic/smiles/icon_rolleyes.gif\">", $neueckig);
$neueckig = str_replace("8o)", "<img src=\"pic/smiles/icon_rolleyes.gif\">", $neueckig);
$neueckig = str_replace(":P", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig);
$neueckig = str_replace(":-P", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig);
$neueckig = str_replace(":oP", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig);
$neueckig = str_replace(";P", "<img src=\"pic/smiles/icon_mad.gif\">", $neueckig);
$neueckig = str_replace(";oP", "<img src=\"pic/smiles/icon_mad.gif\">", $neueckig);
$neueckig = str_replace("?)", "<img src=\"pic/smiles/icon_question.gif\">", $neueckig);
return $neueckig;
}
function GetPictureShow($UID) {
global $con;
$SQL = "SELECT `show` FROM `UserPicture` WHERE `UID`='" . sql_escape($UID) . "'";
$res = mysql_query($SQL, $con);
if (mysql_num_rows($res) == 1)
return mysql_result($res, 0, 0);
else
return "";
}
function displayPicture($UID, $height = "30") {
global $url, $ENGEL_ROOT;
if ($height > 0)
return ("<div class=\"avatar\"><img src=\"" . $url . $ENGEL_ROOT . "ShowUserPicture.php?UID=$UID\" height=\"$height\" alt=\"picture of USER$UID\" class=\"photo\"></div>");
else
return ("<div class=\"avatar\"><img class=\"avatar\" src=\"" . $url . $ENGEL_ROOT . "ShowUserPicture.php?UID=$UID\" alt=\"picture of USER$UID\"></div>");
}
function displayavatar($UID, $height = "30") {
global $con, $url, $ENGEL_ROOT;
if (GetPictureShow($UID) == 'Y')
return "&nbsp;" . displayPicture($UID, $height);
$user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($UID) . " LIMIT 1");
if (count($user) > 0)
if ($user[0]['Avatar'] > 0)
return '<div class="avatar">' . ("&nbsp;<img src=\"pic/avatar/avatar" . $user[0]['Avatar'] . ".gif\">") . '</div>';
}
function UIDgekommen($UID) {
global $con;
$SQL = "SELECT `Gekommen` FROM `User` WHERE UID='" . sql_escape($UID) . "'";
$Erg = mysql_query($SQL, $con);
if (mysql_num_rows($Erg))
return mysql_result($Erg, 0);
else
return "0";
}
?>

11
includes/view/Shifts_view.php
Unescape Escape View File

@ -0,0 +1,11 @@
<?php
/**
* Calc shift length in format 12:23h.
* @param Shift $shift
*/
function shift_length($shift) {
$length = round(($shift['end'] - $shift['start']) / (60 * 60), 0) . ":";
$length .= str_pad((($shift['end'] - $shift['start']) % (60 * 60)) / 60, 2, "0", STR_PAD_LEFT) . "h";
return $length;
}
?>

36
includes/view/Sprache_view.php
Unescape Escape View File

@ -0,0 +1,36 @@
<?php
/**
* Names of available languages.
*/
$languages = array (
'DE' => "Deutsch",
'EN' => "English"
);
/**
* Display acutual translation of given text id.
* @param string $TextID
* @param bool $NoError
* @return string
*/
function Get_Text($TextID, $NoError = false) {
global $debug;
if (!isset ($_SESSION['Sprache']))
$_SESSION['Sprache'] = "EN";
if ($_SESSION['Sprache'] == "")
$_SESSION['Sprache'] = "EN";
if (isset ($_GET["SetLanguage"]))
$_SESSION['Sprache'] = $_GET["SetLanguage"];
$sprache_source = Sprache($TextID, $_SESSION['Sprache']);
if($sprache_source === false)
engelsystem_error("Unable to load text key.");
if($sprache_source == null) {
if($NoError && !$debug)
return "";
return $TextID;
}
return $sprache_source['Text'];
}
?>

45
includes/view/User_view.php
Unescape Escape View File

@ -0,0 +1,45 @@
<?php
/**
* Available T-Shirt sizes
*/
$tshirt_sizes = array (
'' => "Please select...",
'S' => "S",
'M' => "M",
'L' => "L",
'XL' => "XL",
'2XL' => "2XL",
'3XL' => "3XL",
'4XL' => "4XL",
'5XL' => "5XL",
'S-G' => "S Girl",
'M-G' => "M Girl",
'L-G' => "L Girl",
'XL-G' => "XL Girl"
);
/**
* Render a users avatar.
* @param User $user
* @return string
*/
function User_Avatar_render($user) {
return '<div class="avatar">&nbsp;<img src="pic/avatar/avatar' . $user['Avatar'] . '.gif"></div>';
}
/**
* Render a user nickname.
* @param User $user_source
* @return string
*/
function User_Nick_render($user_source) {
global $user, $privileges;
if($user['UID'] == $user_source['UID'] || in_array('user_shifts_admin', $privileges))
return '<a href="' . page_link_to('user_myshifts') . '&amp;id=' . $user_source['UID'] . '">' . htmlspecialchars($user_source['Nick']) . '</a>';
else
return htmlspecialchars($user_source['Nick']);
}
?>

15
public/index.php
Unescape Escape View File

@ -1,19 +1,26 @@
<?php <?php
require_once ('bootstrap.php'); require_once ('bootstrap.php');
require_once ('includes/mysql_provider.php');
require_once ('includes/sys_auth.php'); require_once ('includes/sys_auth.php');
require_once ('includes/sys_counter.php'); require_once ('includes/sys_counter.php');
require_once ('includes/sys_lang.php');
require_once ('includes/sys_log.php'); require_once ('includes/sys_log.php');
require_once ('includes/sys_menu.php'); require_once ('includes/sys_menu.php');
require_once ('includes/sys_mysql.php');
require_once ('includes/sys_page.php'); require_once ('includes/sys_page.php');
require_once ('includes/sys_shift.php');
require_once ('includes/sys_template.php'); require_once ('includes/sys_template.php');
require_once ('includes/sys_user.php');
require_once ('includes/model/LogEntries_model.php'); require_once ('includes/model/LogEntries_model.php');
require_once ('includes/model/Sprache_model.php');
require_once ('includes/model/User_model.php'); require_once ('includes/model/User_model.php');
require_once ('includes/view/Shifts_view.php');
require_once ('includes/view/Sprache_view.php');
require_once ('includes/view/User_view.php');
require_once ('includes/helper/message_helper.php');
require_once ('includes/helper/error_helper.php');
require_once ('config/config.php'); require_once ('config/config.php');
require_once ('config/config_db.php'); require_once ('config/config_db.php');

51
services/cron_dect.php
Unescape Escape View File

@ -1,51 +0,0 @@
<?php
include "../includes/config.php";
include "../includes/config_IAX.php";
include "../includes/config_db.php";
include "../includes/error_handler.php";
include "../includes/funktion_modem.php";
include "../includes/funktion_cron.php";
// ausfuerungs Ruetmuss (in s)
$StartTimeBeforEvent = (60 / 4) * 60;
$AnrufDelay = -5;
$DebugDECT = false;
// Timeout erhoehen
set_time_limit(50000);
// SQL zusammensetzen
$SQL = "SELECT Shifts.DateS, Shifts.RID, ShiftEntry.UID, ShiftEntry.TID ".
"FROM `Shifts` INNER JOIN `ShiftEntry` ON `Shifts`.`SID` = `ShiftEntry`.`SID` ";
if($DebugDECT)
$SQL .= "WHERE (Shifts.DateS>'2007-07-09 09:45:00' AND ".
"Shifts.DateS<='2007-07-09 11:00:00');";
else
$SQL .= "WHERE ((`Shifts`.`DateS`>'". gmdate("Y-m-d H:i:s", time()+120+$gmdateOffset). "') AND ".
"(`Shifts`.`DateS`<='". gmdate("Y-m-d H:i:s", time()+120+$gmdateOffset+$StartTimeBeforEvent). "') );";
$Erg = mysql_query($SQL, $con);
echo mysql_error($con);
$Z = 0;
for($i = 0; $i < mysql_num_rows($Erg); $i++) {
if(mysql_result($Erg, $i, "UID") > 0) {
$DECTnumber = UID2DECT(mysql_result($Erg, $i, "UID"));
if($DECTnumber != "") {
echo "dial $DECTnumber\n";
DialNumberIAX( $DECTnumber, mysql_result($Erg, $i, "DateS"), mysql_result($Erg, $i, "RID"), mysql_result($Erg, $i, "TID"));
DialNumberModem( $DECTnumber, mysql_result($Erg, $i, "DateS"));
if($Z++ > 10) {
$Z = 0;
sleep(30);
}
}
}
}
return 0;
?>

19
services/dect_clear.php
Unescape Escape View File

@ -1,19 +0,0 @@
<?php
include "../includes/db.php";
include "../includes/config.php";
include "../includes/funktion_modem.php";
$SQL = "SELECT DECT FROM `User`;";
$Erg = mysql_query($SQL, $con);
echo mysql_error($con);
for($i=0; $i < mysql_num_rows($Erg); $i++) {
$Number = "#10" . mysql_result($Erg, $i, "DECT");
if(strlen($Number) == 7)
DialNumber($Number);
}
return 0;
?>

75
services/jabberserver.php
Unescape Escape View File

@ -1,75 +0,0 @@
<?php
require_once "../includes/config_jabber.php";
require_once "../includes/funktion_jabber.php";
include "../includes/config_MessegeServer.php";
// Set time limit to indefinite execution
set_time_limit(0);
if(DEBUG)
echo "DEBUG mode is enable\n\tjabber is disable\n\n";
if(!DEBUG) {
echo "INIT jabber\n";
$jabber = new Jabber($server, $port, $username, $password, $resource);
if(!($jabber->Connect() && $jabber->SendAuth()))
die("Couldn't connect to Jabber Server.");
}
echo "INIT socked\n";
// Create a UDP socket
$sock = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP) or die('Could not create socked (' . socket_strerror(socket_last_error()) . ')');
// Bind the socket to an address/port
socket_bind($sock, SERVER_ADDRESS, SERVER_PORT) or die('Could not bind to address (' . socket_strerror(socket_last_error()) . ')');
// Setzt Nonbock Mode
socket_set_nonblock($sock);
$RUNNING = true;
while($RUNNING) {
if(@socket_recvfrom($sock, $data, 65535, 0, $ip, $port)) {
// daten empfangen
$data = substr($data, 0, strlen($data)-1); //ENTER entfernen
echo "\n". gmdate("Y-m-d H:i:s", time()). "\tresive from $ip:$port ". strlen($data). " byte data ($data)\n";
PackedAnalyser( $data);
}
usleep(100000); // 100ms delay keeps the doctor away
} // end while
// disconnect jabber
if(!DEBUG)
$jabber->Disconnect();
// Close the master sockets
socket_close($sock);
function PackedAnalyser($data) {
global $jabber, $RUNNING;
// init array
$matches = array();
//#message
if(preg_match("/^#(message) ([^ ]+) (.+)/i", $data, $matches)) {
if($matches[2]=="" || $matches[3]=="")
echo "\t\t\t\t#messaage parameter fail\n";
else {
// Whisper
if(!DEBUG)
$jabber->SendMessage($value, "normal", NULL, array("body" => $message, "subject" => "Error in Pentabarf"), NULL);
else
echo "\t\t\t\tmessage to:\"". $matches[2]. "\" Text: \"". $matches[3]. "\"\n";
}
} elseif(preg_match("/^#quit/i", $data, $matches)) {
if(DEBUG) {
echo "\t\t\t\tSystem Shutdown\n\n";
$RUNNING = false;
}
} else
echo "\t\t\t\tcommand not found\n\n";
}
?>
Write Preview
Loading…
Cancel
Save