kontakt
/
engelsystem
3
0
Fork 0
Code Issues 12 Pull Requests Projects Releases Wiki Activity

mysql to mysqli and a lot of cleanup and mvc

Browse Source
main
Philip Häusler 11 years ago
parent d50cc21f50
commit bfb0cacd54
30 changed files with 859 additions and 1361 deletions
Show Stats Download Patch File Download Diff File

20
db/install.sql
Unescape Escape View File

@ -1286,26 +1286,6 @@ INSERT INTO `UserGroups` (`id`, `uid`, `group_id`) VALUES
(21, 3, -2),
(22, 3, -5);
-- --------------------------------------------------------
--
-- Tabellenstruktur für Tabelle `UserPicture`
--
DROP TABLE IF EXISTS `UserPicture`;
CREATE TABLE IF NOT EXISTS `UserPicture` (
`UID` int(11) NOT NULL DEFAULT '0',
`Bild` longblob NOT NULL,
`ContentType` varchar(20) NOT NULL DEFAULT '',
`show` char(1) NOT NULL DEFAULT 'N',
PRIMARY KEY (`UID`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
--
-- Daten für Tabelle `UserPicture`
--
-- --------------------------------------------------------
--

2
db/update.php
Unescape Escape View File

@ -1,6 +1,6 @@
<?php
require_once (dirname(__FILE__) . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR . 'public' . DIRECTORY_SEPARATOR . 'bootstrap.php');
require_once ('includes/sys_mysql.php');
require_once ('includes/mysql_provider.php');
require_once ('config/config.php');
require_once ('config/config_db.php');
sql_connect($config['host'], $config['user'], $config['pw'], $config['db']);

11
includes/helper/error_helper.php
Unescape Escape View File

@ -0,0 +1,11 @@
<?php
/**
* Displays a fatal message and stops execution.
* @param string $message
*/
function engelsystem_error($message) {
die($message);
}
?>

59
includes/helper/message_helper.php
Unescape Escape View File

@ -0,0 +1,59 @@
<?php
/**
* Gibt zwischengespeicherte Fehlermeldungen zurück und löscht den Zwischenspeicher
*/
function msg() {
if (!isset ($_SESSION['msg']))
return "";
$msg = $_SESSION['msg'];
$_SESSION['msg'] = "";
return $msg;
}
/**
* Rendert eine Information
*/
function info($msg, $immediatly = false) {
if ($immediatly) {
if ($msg == "")
return "";
return '<p class="info">' . $msg . '</p>';
} else {
if (!isset ($_SESSION['msg']))
$_SESSION['msg'] = "";
$_SESSION['msg'] .= info($msg, true);
}
}
/**
* Rendert eine Fehlermeldung
*/
function error($msg, $immediatly = false) {
if ($immediatly) {
if ($msg == "")
return "";
return '<p class="error">' . $msg . '</p>';
} else {
if (!isset ($_SESSION['msg']))
$_SESSION['msg'] = "";
$_SESSION['msg'] .= error($msg, true);
}
}
/**
* Rendert eine Erfolgsmeldung
*/
function success($msg, $immediatly = false) {
if ($immediatly) {
if ($msg == "")
return "";
return '<p class="success">' . $msg . '</p>';
} else {
if (!isset ($_SESSION['msg']))
$_SESSION['msg'] = "";
$_SESSION['msg'] .= success($msg, true);
}
}
?>

7
includes/model/LogEntries_model.php
Unescape Escape View File

@ -6,17 +6,14 @@
* @param $message Log Message
*/
function LogEntry_create($nick, $message) {
$timestamp = time();
sql_query("INSERT INTO `LogEntries` SET `timestamp`=" . sql_escape($timestamp) . ", `nick`='" . sql_escape($nick) . "', `message`='" . sql_escape($message) . "'");
return sql_query("INSERT INTO `LogEntries` SET `timestamp`=" . sql_escape(time()) . ", `nick`='" . sql_escape($nick) . "', `message`='" . sql_escape($message) . "'");
}
/**
* Returns log entries of the last 24 hours with maximum count of 1000.
*/
function LogEntries() {
$log_entries_source = sql_select("SELECT * FROM `LogEntries` WHERE `timestamp` > " . (time() - 24*60*60) . " ORDER BY `timestamp` DESC LIMIT 1000");
return $log_entries_source;
return sql_select("SELECT * FROM `LogEntries` WHERE `timestamp` > " . (time() - 24*60*60) . " ORDER BY `timestamp` DESC LIMIT 1000");
}

18
includes/model/Sprache_model.php
Unescape Escape View File

@ -0,0 +1,18 @@
<?php
/**
* Load a string by key.
* @param string $textid
* @param string $sprache
*/
function Sprache($textid, $sprache) {
$sprache_source = sql_select("SELECT * FROM `Sprache` WHERE `TextID`='" . sql_escape($textid) . "' AND `Sprache`='" . sql_escape($sprache) . "' LIMIT 1");
if($sprache_source === false)
return false;
if(count($sprache_source) == 1)
return $sprache_source[0];
return null;
}
?>

7
includes/model/User_model.php
Unescape Escape View File

@ -1,11 +1,12 @@
<?php
/**
* Returns user by id.
* @param $id UID
*/
function User($id) {
$user_source = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
if($user_source === false)
return false;
if(count($user_source) > 0)
return $user_source[0];
return null;
@ -31,7 +32,9 @@ function User_by_api_key($api_key) {
*/
function User_reset_api_key(&$user) {
$user['api_key'] = md5($user['Nick'] . time() . rand());
sql_query("UPDATE `User` SET `api_key`='" . sql_escape($user['api_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1");
$result = sql_query("UPDATE `User` SET `api_key`='" . sql_escape($user['api_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1");
if($result === false)
return false;
engelsystem_log("API key resetted.");
}

176
includes/mysql_provider.php
Unescape Escape View File

@ -0,0 +1,176 @@
<?php
/**
* Close connection.
*/
function sql_close() {
global $sql_connection;
return $sql_connection->close();
}
/**
* Start new transaction.
*/
function sql_transaction_start() {
global $sql_nested_transaction_level;
if($sql_nested_transaction_level++ == 0)
return sql_query("BEGIN");
else
return true;
}
/**
* Commit transaction.
*/
function sql_transaction_commit() {
global $sql_nested_transaction_level;
if(--$sql_nested_transaction_level == 0)
return sql_query("COMMIT");
else
return true;
}
/**
* Stop transaction, revert database.
*/
function sql_transaction_rollback() {
global $sql_nested_transaction_level;
if(--$sql_nested_transaction_level == 0)
return sql_query("ROLLBACK");
else
return true;
}
/**
* Logs an sql error.
* @param string $message
* @return false
*/
function sql_error($message) {
sql_close();
$message = trim($message) . "\n";
$message .= debug_string_backtrace() . "\n";
error_log('mysql_provider error: ' . $message);
return false;
}
/**
* Connect to mysql server.
* @param string $host Host
* @param string $user Username
* @param string $pass Password
* @param string $db DB to select
* @return mysqli The connection handler
*/
function sql_connect($host, $user, $pass, $db) {
global $sql_connection;
$sql_connection = new mysqli($host, $user, $pass, $db);
if ($sql_connection->connect_errno)
return sql_error("Unable to connect to MySQL: " . $sql_connection->connect_error);
$result = $sql_connection->query("SET CHARACTER SET utf8;");
if (! $result)
return sql_error("Unable to set utf8 character set (" . $sql_connection->errno . ") " . $sql_connection->error);
$result = $sql_connection->set_charset('utf8');
if (! $result)
return sql_error("Unable to set utf8 names (" . $sql_connection->errno . ") " . $sql_connection->error);
return $sql_connection;
}
/**
* Change the selected db in current mysql-connection.
* @param $db_name
* @return bool true on success, false on error
*/
function sql_select_db($db_name) {
global $sql_connection;
if (!$sql_connection->select_db($db_name))
return sql_error("No database selected.");
return true;
}
/**
* MySQL SELECT query
* @param string $query
* @return Result array or false on error
*/
function sql_select($query) {
global $sql_connection;
$result = $sql_connection->query($query);
if ($result) {
$data = array();
while ($line = $result->fetch_assoc())
array_push($data, $line);
return $data;
} else
return sql_error("MySQL-query error: " . $query . " (" . $sql_connection->errno . ") " . $sql_connection->error);
}
/**
* MySQL execute a query
* @param string $query
* @return mysqli_result|boolean Result resource or false on error
*/
function sql_query($query) {
global $sql_connection;
$result = $sql_connection->query($query);
if ($result) {
return $result;
} else
usr_error("MySQL-query error: " . $query . " (" . $sql_connection->errno . ") " . $sql_connection->error);
}
/**
* Returns last inserted id.
*
* @return int
*/
function sql_id() {
global $sql_connection;
return $sql_connection->insert_id;
}
/**
* Escape a string for a sql query.
*
* @param string $query
* @return string
*/
function sql_escape($query) {
global $sql_connection;
return $sql_connection->real_escape_string($query);
}
/**
* Count query result lines.
*
* @param string $query
* @return int Count of result lines
*/
function sql_num_query($query) {
global $sql_connection;
return sql_query($query)->num_rows;
}
function sql_select_single_col($query) {
$result = sql_select($query);
return array_map('array_shift', $result);
}
function sql_select_single_cell($query) {
return array_shift(array_shift(sql_select($query)));
}
?>

31
includes/pages/admin_language.php
Unescape Escape View File

@ -1,6 +1,7 @@
<?php
function admin_language() {
global $user;
global $languages;
$html = "";
if (!isset ($_POST["TextID"])) {
@ -9,29 +10,24 @@ function admin_language() {
$html .= "<a href=\"" . page_link_to("admin_language") . "&ShowEntry=y\">" . Get_Text("pub_sprache_ShowEntry") . "</a>";
// ausgabe Tabellenueberschift
$SQL_Sprachen = "SELECT `Sprache` FROM `Sprache` GROUP BY `Sprache`;";
$erg_Sprachen = sql_query($SQL_Sprachen);
for ($i = 0; $i < mysql_num_rows($erg_Sprachen); $i++)
$Sprachen[mysql_result($erg_Sprachen, $i, "Sprache")] = $i;
$html .= "\t<table border=\"0\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n\t\t<tr>";
$html .= "\t\t<td class=\"contenttopic\"><b>" . Get_Text("pub_sprache_TextID") . "</b></td>";
foreach ($Sprachen as $Name => $Value)
foreach($languages as $language => $language_name) {
$html .= "<td class=\"contenttopic\"><b>" .
Get_Text("pub_sprache_Sprache") . " " . $Name .
Get_Text("pub_sprache_Sprache") . " " . $language .
"</b></td>";
$Sprachen[$language] = $language_name;
}
$html .= "\t\t<td class=\"contenttopic\"><b>" . Get_Text("pub_sprache_Edit") . "</b></td>";
$html .= "\t\t</tr>";
if (isset ($_GET["ShowEntry"])) {
// ausgabe eintraege
$SQL = "SELECT * FROM `Sprache` ORDER BY `TextID`;";
$erg = sql_query($SQL);
$sprache_source = sql_select("SELECT * FROM `Sprache` ORDER BY `TextID`, `Sprache`");
$TextID_Old = mysql_result($erg, 0, "TextID");
for ($i = 0; $i < mysql_num_rows($erg); $i++) {
$TextID_New = mysql_result($erg, $i, "TextID");
$TextID_Old = $sprache_source[0]['TextID'];
foreach($sprache_source as $sprache_entry) {
$TextID_New = $sprache_entry['TextID'];
if ($TextID_Old != $TextID_New) {
$html .= "<form action=\"" . page_link_to("admin_language") . "\" method=\"post\">";
$html .= "<tr class=\"content\">\n";
@ -49,7 +45,7 @@ function admin_language() {
$html .= "</form>\n";
$TextID_Old = $TextID_New;
}
$Sprachen[mysql_result($erg, $i, "Sprache")] = mysql_result($erg, $i, "Text");
$Sprachen[$sprache_entry['Sprache']] = $sprache_entry['Text'];
} /*FOR*/
}
@ -76,9 +72,8 @@ function admin_language() {
. "' AND `Sprache`='"
. sql_escape($k) . "'";
$erg_test = sql_query($sql_test);
if (mysql_num_rows($erg_test) == 0) {
$erg_test = sql_select("SELECT * FROM `Sprache` WHERE `TextID`='" . sql_escape($_POST["TextID"]) . "' AND `Sprache`='" . sql_escape($k) . "'");
if (count($erg_test) == 0) {
$sql_save = "INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) " .
"VALUES ('" . sql_escape($_POST["TextID"]) . "', '"
. sql_escape($k) . "', '"
@ -88,7 +83,7 @@ function admin_language() {
$Erg = sql_query($sql_save);
$html .= success("$k Save: OK<br />\n", true);
} else
if (mysql_result($erg_test, 0, "Text") != $v) {
if ($erg_test[0]['Text'] != $v) {
$sql_save = "UPDATE `Sprache` SET `Text`='"
. sql_escape($v) . "' " .
"WHERE `TextID`='"

6
includes/pages/admin_news.php
Unescape Escape View File

@ -17,6 +17,10 @@ function admin_news() {
if (count($news) > 0) {
list ($news) = $news;
$user_source = User($news['UID']);
if($user_source === false)
engelsystem_error("Unable to load user.");
$html .= '<a href="' . page_link_to("news") . '">&laquo Back</a>';
$html .= "<form action=\"" . page_link_to("admin_news") . "&action=save\" method=\"post\">\n";
@ -29,7 +33,7 @@ function admin_news() {
$html .= " <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">" .
$news["Text"] . "</textarea></td></tr>\n";
$html .= " <tr><td>Engel</td><td>" .
UID2Nick($news["UID"]) . "</td></tr>\n";
User_Nick_render($user_source) . "</td></tr>\n";
$html .= " <tr><td>Treffen</td><td>" . html_select_key('eTreffen', 'eTreffen', array (
'1' => "Ja",
'0' => "Nein"

24
includes/pages/admin_questions.php
Unescape Escape View File

@ -18,28 +18,42 @@ function admin_questions() {
if (!isset ($_REQUEST['action'])) {
$open_questions = "";
$questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0");
foreach ($questions as $question)
foreach ($questions as $question) {
$user_source = User($question['UID']);
if($user_source === false)
engelsystem_error("Unable to load user.");
$open_questions .= template_render(
'../templates/admin_question_unanswered.html', array (
'question_nick' => UID2Nick($question['UID']),
'question_nick' => User_Nick_render($user_source),
'question_id' => $question['QID'],
'link' => page_link_to("admin_questions"),
'question' => str_replace("\n", '<br />', $question['Question'])
));
}
$answered_questions = "";
$questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0");
foreach ($questions as $question)
foreach ($questions as $question) {
$user_source = User($question['UID']);
if($user_source === false)
engelsystem_error("Unable to load user.");
$answer_user_source = User($question['AID']);
if($answer_user_source === false)
engelsystem_error("Unable to load user.");
$answered_questions .= template_render(
'../templates/admin_question_answered.html', array (
'question_id' => $question['QID'],
'question_nick' => UID2Nick($question['UID']),
'question_nick' => User_Nick_render($user_source),
'question' => str_replace("\n", "<br />", $question['Question']),
'answer_nick' => UID2Nick($question['AID']),
'answer_nick' => User_Nick_render($answer_user_source),
'answer' => str_replace("\n", "<br />", $question['Answer']),
'link' => page_link_to("admin_questions"),
));
}
return template_render('../templates/admin_questions.html', array (
'link' => page_link_to("admin_questions"),

38
includes/pages/admin_user.php
Unescape Escape View File

@ -26,38 +26,38 @@ function admin_user() {
$html .= "<table>\n";
$html .= " <tr><td>Nick</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eNick\" value=\"" .
mysql_result($Erg, 0, "Nick") . "\"></td></tr>\n";
$user_source['Nick'] . "\"></td></tr>\n";
$html .= " <tr><td>lastLogIn</td><td>" .
date("Y-m-d H:i", mysql_result($Erg, 0, "lastLogIn")) . "</td></tr>\n";
date("Y-m-d H:i", $user_source['lastLogIn']) . "</td></tr>\n";
$html .= " <tr><td>Name</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eName\" value=\"" .
mysql_result($Erg, 0, "Name") . "\"></td></tr>\n";
$user_source['Name'] . "\"></td></tr>\n";
$html .= " <tr><td>Vorname</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eVorname\" value=\"" .
mysql_result($Erg, 0, "Vorname") . "\"></td></tr>\n";
$user_source['Vorname'] . "\"></td></tr>\n";
$html .= " <tr><td>Alter</td><td>" .
"<input type=\"text\" size=\"5\" name=\"eAlter\" value=\"" .
mysql_result($Erg, 0, "Alter") . "\"></td></tr>\n";
$user_source['Alter'] . "\"></td></tr>\n";
$html .= " <tr><td>Telefon</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eTelefon\" value=\"" .
mysql_result($Erg, 0, "Telefon") . "\"></td></tr>\n";
$user_source['Telefon'] . "\"></td></tr>\n";
$html .= " <tr><td>Handy</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eHandy\" value=\"" .
mysql_result($Erg, 0, "Handy") . "\"></td></tr>\n";
$user_source['Handy'] . "\"></td></tr>\n";
$html .= " <tr><td>DECT</td><td>" .
"<input type=\"text\" size=\"4\" name=\"eDECT\" value=\"" .
mysql_result($Erg, 0, "DECT") . "\"></td></tr>\n";
$user_source['DECT'] . "\"></td></tr>\n";
$html .= " <tr><td>email</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eemail\" value=\"" .
mysql_result($Erg, 0, "email") . "\"></td></tr>\n";
$user_source['email'] . "\"></td></tr>\n";
$html .= " <tr><td>ICQ</td><td>" .
"<input type=\"text\" size=\"40\" name=\"eICQ\" value=\"" .
mysql_result($Erg, 0, "ICQ") . "\"></td></tr>\n";
$user_source['ICQ'] . "\"></td></tr>\n";
$html .= " <tr><td>jabber</td><td>" .
"<input type=\"text\" size=\"40\" name=\"ejabber\" value=\"" .
mysql_result($Erg, 0, "jabber") . "\"></td></tr>\n";
$user_source['jabber'] . "\"></td></tr>\n";
$html .= " <tr><td>Size</td><td>" .
html_select_key('size', 'eSize', $tshirt_sizes, mysql_result($Erg, 0, "Size")) . "</td></tr>\n";
html_select_key('size', 'eSize', $tshirt_sizes, $user_source['Size']) . "</td></tr>\n";
$options = array (
'1' => "Yes",
@ -66,21 +66,21 @@ function admin_user() {
// Gekommen?
$html .= " <tr><td>Gekommen</td><td>\n";
$html .= html_options('eGekommen', $options, mysql_result($Erg, 0, "Gekommen")) . "</td></tr>\n";
$html .= html_options('eGekommen', $options, $user_source['Gekommen']) . "</td></tr>\n";
// Aktiv?
$html .= " <tr><td>Aktiv</td><td>\n";
$html .= html_options('eAktiv', $options, mysql_result($Erg, 0, "Aktiv")) . "</td></tr>\n";
$html .= html_options('eAktiv', $options, $user_source['Aktiv']) . "</td></tr>\n";
// T-Shirt bekommen?
$html .= " <tr><td>T-Shirt</td><td>\n";
$html .= html_options('eTshirt', $options, mysql_result($Erg, 0, "Tshirt")) . "</td></tr>\n";
$html .= html_options('eTshirt', $options, $user_source['Tshirt']) . "</td></tr>\n";
$html .= " <tr><td>Hometown</td><td>" .
"<input type=\"text\" size=\"40\" name=\"Hometown\" value=\"" .
mysql_result($Erg, 0, "Hometown") . "\"></td></tr>\n";
$user_source['Hometown'] . "\"></td></tr>\n";
$html .= "</table>\n</td><td valign=\"top\">" . displayavatar($id, false) . "</td></tr>";
$html .= "</table>\n</td><td valign=\"top\">" . User_Avatar_render($user_source) . "</td></tr>";
$html .= "</td></tr>\n";
$html .= "</table>\n<br />\n";
@ -113,7 +113,7 @@ function admin_user() {
$selected_angel_types = array_unique($selected_angel_types);
// Assign angel-types
sql_start_transaction();
sql_transaction_start();
sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']));
$user_angel_type_info = array();
if (!empty($selected_angel_types)) {
@ -131,7 +131,7 @@ function admin_user() {
if (!empty($accepted_angel_types))
sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id` = '" . sql_escape($user['UID']) . "' WHERE `user_id` = '" . sql_escape($user_source['UID']) . "' AND `angeltype_id` IN (" . implode(',', $accepted_angel_types) . ")");
}
sql_stop_transaction();
sql_transaction_commit();
engelsystem_log("Set angeltypes of " . User_Nick_render($user_source) . " to: " . join(", ", $user_angel_type_info));
success("Angeltypes saved.");

19
includes/pages/user_messages.php
Unescape Escape View File

@ -30,9 +30,22 @@ function user_messages() {
$messages_html = "";
$messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC");
foreach ($messages as $message) {
$messages_html .= sprintf('<tr %s> <td>%s</td> <td>%s</td> <td>%s</td> <td>%s</td>' .
'<td>%s</td>', ($message['isRead'] == 'N' ? ' class="new_message"' : ''), ($message['isRead'] == 'N' ? '•' : ''), date("Y-m-d H:i", $message['Datum']), UID2Nick($message['SUID']), UID2Nick($message['RUID']), str_replace("\n", '<br />', $message['Text']));
$sender_user_source = User($message['SUID']);
if($sender_user_source === false)
engelsystem_error("Unable to load user.");
$receiver_user_source = User($message['RUID']);
if($receiver_user_source === false)
engelsystem_error("Unable to load user.");
$messages_html .= sprintf(
'<tr %s> <td>%s</td> <td>%s</td> <td>%s</td> <td>%s</td><td>%s</td>',
($message['isRead'] == 'N' ? ' class="new_message"' : ''),
($message['isRead'] == 'N' ? '•' : ''),
date("Y-m-d H:i", $message['Datum']),
User_Nick_render($sender_user_source),
User_Nick_render($receiver_user_source),
str_replace("\n", '<br />', $message['Text'])
);
$messages_html .= '<td>';
if ($message['RUID'] == $user['UID']) {

15
includes/pages/user_news.php
Unescape Escape View File

@ -35,7 +35,12 @@ function display_news($news) {
$html .= '<article class="news' . ($news['Treffen'] == 1 ? ' meeting' : '') . '">';
$html .= '<details>';
$html .= date("Y-m-d H:i", $news['Datum']) . ', ';
$html .= UID2Nick($news['UID']);
$user_source = User($news['UID']);
if($user_source === false)
engelsystem_error("Unable to load user.");
$html .= User_Nick_render($user_source);
if ($p != "news_comments")
$html .= ', <a href="' . page_link_to("news_comments") . '&nid=' . $news['ID'] . '">Kommentare (' . sql_num_query("SELECT * FROM `news_comments` WHERE `Refid`='" . sql_escape($news['ID']) . "'") . ') &raquo;</a>';
$html .= '</details>';
@ -69,11 +74,15 @@ function user_news_comments() {
$comments = sql_select("SELECT * FROM `news_comments` WHERE `Refid`='" . sql_escape($nid) . "' ORDER BY 'ID'");
foreach ($comments as $comment) {
$user_source = User($comment['UID']);
if($user_source === false)
engelsystem_error("Unable to load user.");
$html .= '<article class="news_comment">';
$html .= DisplayAvatar($comment['UID']);
$html .= User_Avatar_render($user_source);
$html .= '<details>';
$html .= $comment['Datum'] . ', ';
$html .= UID2Nick($comment['UID']);
$html .= User_Nick_render($user_source);
$html .= '</details>';
$html .= '<p>' . nl2br($comment['Text']) . '</p>';
$html .= '</article>';

7
includes/pages/user_questions.php
Unescape Escape View File

@ -12,7 +12,12 @@ function user_questions() {
$questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0 AND `UID`=" . sql_escape($user['UID']));
foreach ($questions as $question) {
$answered_questions .= '<tr><td>' . str_replace("\n", '<br />', $question['Question']) . '</td>';
$answered_questions .= '<td>' . UID2Nick($question['AID']) . '</td><td>' . str_replace("\n", '<br />', $question['Answer']) . '</td>';
$answer_user_source = User($question['AID']);
if($answer_user_source === false)
engelsystem_error("Unable to load user.");
$answered_questions .= '<td>' . User_Nick_render($answer_user_source) . '</td><td>' . str_replace("\n", '<br />', $question['Answer']) . '</td>';
$answered_questions .= '<td><a href="' . page_link_to("user_questions") . '&action=delete&id=' . $question['QID'] . '">Löschen</a></td><tr>';
}

25
includes/pages/user_wakeup.php
Unescape Escape View File

@ -52,19 +52,20 @@ function user_wakeup() {
</tr>
';
$sql = "SELECT * FROM `Wecken` ORDER BY `Date` ASC";
$Erg = sql_query($sql);
$count = mysql_num_rows($Erg);
for ($i = 0; $i < $count; $i++) {
$row = mysql_fetch_row($Erg);
$wecken_source = sql_select("SELECT * FROM `Wecken` ORDER BY `Date` ASC");
foreach($wecken_source as $wecken) {
$html .= '<tr class="content">';
$html .= '<td>' . date("Y-m-d H:i", mysql_result($Erg, $i, "Date")) . ' </td>';
$html .= '<td>' . UID2Nick(mysql_result($Erg, $i, "UID")) . ' </td>';
$html .= '<td>' . mysql_result($Erg, $i, "Ort") . ' </td>';
$html .= '<td>' . mysql_result($Erg, $i, "Bemerkung") . ' </td>';
if (mysql_result($Erg, $i, "UID") == $user['UID'])
$html .= '<td><a href="' . page_link_to("user_wakeup") . '&action=delete&id=' . mysql_result($Erg, $i, "ID") . "\">" . Get_Text("pub_wake_del") . '</a></td>';
$html .= '<td>' . date("Y-m-d H:i", $wecken['Date']) . ' </td>';
$user_source = User($wecken['UID']);
if($user_source === false)
engelsystem_error("Unable to load user.");
$html .= '<td>' . User_Nick_render($user_source) . ' </td>';
$html .= '<td>' . $wecken['Ort'] . ' </td>';
$html .= '<td>' . $wecken['Bemerkung'] . ' </td>';
if ($wecken['UID'] == $user['UID'])
$html .= '<td><a href="' . page_link_to("user_wakeup") . '&action=delete&id=' . $wecken['ID'] . "\">" . Get_Text("pub_wake_del") . '</a></td>';
else
$html .= '<td></td>';
$html .= '</tr>';

5
includes/sys_auth.php
Unescape Escape View File

@ -31,8 +31,7 @@ function generate_salt($length = 16) {
// set the password of a user
function set_password($uid, $password) {
$res = sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt(16) . '$')) . "' WHERE `UID` = " . intval($uid) . " LIMIT 1");
return $res && (mysql_affected_rows() > 0);
return sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt(16) . '$')) . "' WHERE `UID` = " . intval($uid) . " LIMIT 1");
}
// verify a password given a precomputed salt.
@ -72,8 +71,6 @@ function json_auth_service() {
if (count($Erg) == 1) {
$Erg = $Erg[0];
if (verify_password($Pass, $Erg["Passwort"], $Erg["UID"])) {
$UID = mysql_result($Erg, 0, "UID");
$user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($UID) . ";");
foreach ($user_privs as $user_priv)
$privileges[] = $user_priv['name'];

38
includes/sys_lang.php
Unescape Escape View File

@ -1,38 +0,0 @@
<?php
/**
* Liste verfügbarer Sprachen
*/
$languages = array (
'DE' => "Deutsch",
'EN' => "English"
);
function Get_Text($TextID, $NoError = false) {
global $con, $error_messages, $debug;
if (!isset ($_SESSION['Sprache']))
$_SESSION['Sprache'] = "EN";
if ($_SESSION['Sprache'] == "")
$_SESSION['Sprache'] = "EN";
if (isset ($_GET["SetLanguage"]))
$_SESSION['Sprache'] = $_GET["SetLanguage"];
$SQL = "SELECT * FROM `Sprache` WHERE TextID=\"$TextID\" AND Sprache ='" . $_SESSION['Sprache'] . "'";
@ $Erg = mysql_query($SQL, $con);
if (mysql_num_rows($Erg) == 1)
return mysql_result($Erg, 0, "Text");
elseif ($NoError && !$debug)
return "";
elseif ($debug)
return "Error Data, '$TextID' found " . mysql_num_rows($Erg) . "x";
else
return $TextID;
}
function Print_Text($TextID, $NoError = false) {
echo Get_Text($TextID, $NoError);
}
?>

84
includes/sys_mysql.php
Unescape Escape View File

@ -1,84 +0,0 @@
<?php
function sql_connect($host, $user, $pw, $db) {
global $con;
global $host;
@ $con = mysql_connect($host, $user, $pw);
if ($con == null)
die("no mysql-connection");
if (!mysql_select_db($db, $con))
die("mysql db-selection failed");
mysql_query("SET CHARACTER SET utf8;", $con);
mysql_query("SET NAMES 'utf8'", $con);
}
// Do select query
function sql_select($query) {
global $con;
$start = microtime(true);
if ($result = mysql_query($query, $con)) {
$data = array ();
while ($line = mysql_fetch_assoc($result)) {
array_push($data, $line);
}
return $data;
} else {
print_r(debug_backtrace());
die('MySQL-query error: ' . $query . ", " . mysql_error($con));
}
}
function sql_select_single_col($query) {
$result = sql_select($query);
return array_map('array_shift', $result);
}
function sql_select_single_cell($query) {
return array_shift(array_shift(sql_select($query)));
}
// Execute a query
function sql_query($query) {
global $con;
$start = microtime(true);
if ($result = mysql_query($query, $con)) {
return $result;
} else {
die('MySQL-query error: ' . $query . ", " . mysql_error($con));
}
}
function sql_id() {
global $con;
return mysql_insert_id($con);
}
function sql_escape($query) {
return mysql_real_escape_string($query);
}
function sql_num_query($query) {
return mysql_num_rows(sql_query($query));
}
function sql_error() {
global $con;
return mysql_error($con);
}
$sql_transaction_counter = 0;
function sql_start_transaction() {
global $sql_transaction_counter;
if ($sql_transaction_counter++ == 0)
sql_query("START TRANSACTION");
}
function sql_stop_transaction() {
global $sql_transaction_counter;
if ($sql_transaction_counter-- == 1)
sql_query("COMMIT");
}
?>

55
includes/sys_page.php
Unescape Escape View File

@ -46,59 +46,4 @@ function check_email($email) {
return (bool) preg_match("#^([a-zA-Z0-9_+\-])+(\.([a-zA-Z0-9_+\-])+)*@((\[(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5]))\]))|((([\p{L}0-9])+(([\-])+([\p{L}0-9])+)*\.)+([\p{L}])+(([\-])+([\p{L}0-9])+)*))$#u", $email);
}
/**
* Gibt zwischengespeicherte Fehlermeldungen zurück und löscht den Zwischenspeicher
*/
function msg() {
if (!isset ($_SESSION['msg']))
return "";
$msg = $_SESSION['msg'];
$_SESSION['msg'] = "";
return $msg;
}
/**
* Rendert eine Information
*/
function info($msg, $immediatly = false) {
if ($immediatly) {
if ($msg == "")
return "";
return '<p class="info">' . $msg . '</p>';
} else {
if (!isset ($_SESSION['msg']))
$_SESSION['msg'] = "";
$_SESSION['msg'] .= info($msg, true);
}
}
/**
* Rendert eine Fehlermeldung
*/
function error($msg, $immediatly = false) {
if ($immediatly) {
if ($msg == "")
return "";
return '<p class="error">' . $msg . '</p>';
} else {
if (!isset ($_SESSION['msg']))
$_SESSION['msg'] = "";
$_SESSION['msg'] .= error($msg, true);
}
}
/**
* Rendert eine Erfolgsmeldung
*/
function success($msg, $immediatly = false) {
if ($immediatly) {
if ($msg == "")
return "";
return '<p class="success">' . $msg . '</p>';
} else {
if (!isset ($_SESSION['msg']))
$_SESSION['msg'] = "";
$_SESSION['msg'] .= success($msg, true);
}
}
?>

454
includes/sys_shift.php
Unescape Escape View File

@ -1,454 +0,0 @@
<?php
/**
* Shiftlänge ausrechnen, kommt im Format 12:23h zurück
*/
function shift_length($shift) {
$length = round(($shift['end'] - $shift['start']) / (60 * 60), 0) . ":";
$length .= str_pad((($shift['end'] - $shift['start']) % (60 * 60)) / 60, 2, "0", STR_PAD_LEFT) . "h";
return $length;
}
function load_shift_basics() {
global $VeranstaltungsTageMax, $Room, $RoomID, $EngelType, $EngelTypeID, $TID2Name, $Veranstaltungstage;
// erstellt ein Array der Räume
$rooms = sql_select("SELECT `RID`, `Name` FROM `Room` WHERE `Show`='Y' ORDER BY `Number`, `Name`");
foreach ($rooms as $i => $r) {
$Room[$i] = array (
'RID' => $r['RID'],
'Name' => $r['Name']
);
$RoomID[$r['RID']] = $r['Name'];
}
// erstellt ein Array der Engeltypen
$engel_types = sql_select("SELECT * FROM `EngelType` ORDER BY `name`");
foreach ($engel_types as $engel_type) {
$EngelType[$i] = array (
'id' => $engel_type['id'],
'name' => $engel_type['name'] . Get_Text("inc_schicht_engel")
);
$EngelTypeID[$engel_type['id']] = $engel_type['name'] . Get_Text("inc_schicht_engel");
$TID2Name[$engel_type['id']] = $engel_type['name'];
}
// Erste Schicht suchen
$Pos = 0;
$first_shift = sql_select("SELECT `DateS` FROM `Shifts` ORDER BY `DateS` LIMIT 1");
if (count($first_shift) > 0) {
do {
// Startdatum einlesen und link ausgeben
$DateS = substr($first_shift[0]['DateS'], 0, 10);
$VeranstaltungsTage[$Pos++] = $DateS;
// auslesen den endes und eventuelle weitere tage ausgeben
$last_shift = sql_select("SELECT MAX(`DateE`) FROM `Shifts` WHERE ( (`DateS` like '" . sql_escape($DateS) . "%') AND NOT (`DateE` like '%00:00:00'))");
$DateE = substr($last_shift[0]['DateE'], 0, 10);
if (strlen($DateE) == 0)
$DateE = $DateS;
else
while ($DateS != $DateE) {
$DateS = DatumUm1TagErhoehen($DateS);
$VeranstaltungsTage[$Pos++] = $DateS;
}
// suchen den nächsten eintrag
$first_shift = sql_select("SELECT `DateS` FROM `Shifts` " . "WHERE (`DateS` > '" . sql_escape($DateE) . " 23:59:59' ) " . "ORDER BY `DateS` " . "LIMIT 1");
} while (count($first_shift) > 0);
}
$VeranstaltungsTageMax = $Pos -1;
}
/*#######################################################
# gibt die engelschischten aus #
#######################################################*/
function ausgabe_Feld_Inhalt($SID, $Man) {
// gibt, nach <20>bergabe der der SchichtID (SID) und der RaumBeschreibung,
// die eingetragenden und und offenden Schichteint<6E>ge zur<75>ck
global $EngelType, $EngelTypeID, $TID2Name, $con, $debug, $gmdateOffset;
$Spalten = "";
if (!isset ($_GET["Icon"]))
$_GET["Icon"] = 1;
///////////////////////////////////////////////////////////////////
// Schow Admin Page
///////////////////////////////////////////////////////////////////
$Spalten .= funktion_isLinkAllowed_addLink_OrEmpty("admin/schichtplan.php?action=change&SID=$SID", "edit<br />\n");
///////////////////////////////////////////////////////////////////
// Ausgabe des Schichtnamens
///////////////////////////////////////////////////////////////////
$SQL = "SELECT `URL` FROM `Shifts` WHERE (`SID` = '$SID');";
$Erg = mysql_query($SQL, $con);
if (mysql_result($Erg, 0, 0) != "")
$Spalten .= "<a href=\"" . mysql_result($Erg, 0, 0) . "\" target=\"_black\"><u>$Man:</u></a><br />";
else
$Spalten .= "<u>" .
$Man . ":</u><br />";
///////////////////////////////////////////////////////////////////
// SQL abfrage f<>r die ben<65>tigten schichten
///////////////////////////////////////////////////////////////////
$SQL = "SELECT * FROM `ShiftEntry` WHERE (`SID` = '" . sql_escape($SID) . "') ORDER BY `TID`, `UID` DESC ;";
$Erg = mysql_query($SQL, $con);
$Anzahl = mysql_num_rows($Erg);
$Feld = 0;
$Temp_TID_old = -1;
for ($i = 0; $i < $Anzahl; $i++) {
if (isset ($Temp[$Feld]["TID"]))
$Temp_TID_old = $Temp[$Feld]["TID"];
if (isset ($Temp[$Feld]["UID"]))
$Temp_UID_old = $Temp[$Feld]["UID"];
$Temp_TID = mysql_result($Erg, $i, "TID");
// wenn sich der Type <20>ndert wird zumn<6D>sten feld geweckselt
if ($Temp_TID_old != $Temp_TID)
$Feld++;
$Temp[$Feld]["TID"] = $Temp_TID;
$Temp[$Feld]["UID"] = mysql_result($Erg, $i, "UID");
// sonderfall ersten durchlauf
if ($i == 0) {
$Temp_TID_old = $Temp[$Feld]["TID"];
$Temp_UID_old = $Temp[$Feld]["UID"];
}
// ist es eine zu vergeben schicht?
if ($Temp[$Feld]["UID"] == 0) {
if (isset ($Temp[$Feld]["free"]))
$Temp[$Feld]["free"]++;
else
$Temp[$Feld]["free"] = 1;
} else
$Temp[$Feld]["Engel"][] = $Temp[$Feld]["UID"];
} // FOR
///////////////////////////////////////////////////////////////////
// Aus gabe der Schicht
///////////////////////////////////////////////////////////////////
if (isset ($Temp))
if (count($Temp))
foreach ($Temp as $TempEntry => $TempValue) {
if (!isset ($TempValue["free"]))
$TempValue["free"] = 0;
// ausgabe EngelType
$Spalten .= $EngelTypeID[$TempValue["TID"]] . " ";
// ausgabe Eingetragener Engel
if (isset ($TempValue["Engel"]))
if (count($TempValue["Engel"]) > 0) {
if (count($TempValue["Engel"]) == 1)
$Spalten .= Get_Text("inc_schicht_ist") . ":<br />\n";
else
$Spalten .= Get_Text("inc_schicht_sind") . ":<br />\n";
foreach ($TempValue["Engel"] as $TempEngelEntry => $TempEngelID) {
if (funktion_isLinkAllowed("admin/user.php") === TRUE) {
// add color, wenn Engel "Gekommen"
$TempText = ((UIDgekommen($TempEngelID) == "1") ? "<span style=\"color: blue;\">" : "<span style=\"color: red;\">") .
UID2Nick($TempEngelID) . "</span>";
} else {
$TempText = UID2Nick($TempEngelID);
}
// add link to user
$TempText = funktion_isLinkAllowed_addLink_OrLinkText("admin/userChangeNormal.php?enterUID=$TempEngelID&Type=Normal", $TempText);
$Spalten .= "&nbsp;&nbsp;" . $TempText .
(($_GET["Icon"] == 1) ? DisplayAvatar($TempEngelID) : "") .
"<br />\n";
}
$Spalten = substr($Spalten, 0, strlen($Spalten) - 7);
}
// ausgabe ben<65>tigter Engel
////////////////////////////
//in vergangenheit
$SQLtime = "SELECT `DateE` FROM `Shifts` WHERE (`SID`='" . sql_escape($SID) . "' AND `DateE` >= '" .
gmdate("Y-m-d H:i:s", time() + $gmdateOffset) . "')";
$Ergtime = mysql_query($SQLtime, $con);
if (mysql_num_rows($Ergtime) > 0) {
//wenn keien rechte definiert sind
if (!isset ($_SESSION['CVS'][$TID2Name[$TempValue["TID"]]]))
$_SESSION['CVS'][$TID2Name[$TempValue["TID"]]] = "Y";
if ($_SESSION['CVS'][$TID2Name[$TempValue["TID"]]] == "Y")
if ($TempValue["free"] > 0) {
$Spalten .= "<br />\n&nbsp;&nbsp;<a href=\"./schichtplan_add.php?SID=$SID&TID=" .
$TempValue["TID"] . "\">";
$Spalten .= $TempValue["free"];
if ($TempValue["free"] != 1)
$Spalten .= Get_Text("inc_schicht_weitere") .
" " . Get_Text("inc_schicht_Engel") .
Get_Text("inc_schicht_wird");
else
$Spalten .= Get_Text("inc_schicht_weiterer") .
" " . Get_Text("inc_schicht_Engel") .
Get_Text("inc_schicht_werden");
$Spalten .= Get_Text("inc_schicht_noch_gesucht");
$Spalten .= "</a>";
}
} else {
if (isset ($TempValue["free"]))
if ($TempValue["free"] > 0)
$Spalten .= "<br />\n&nbsp;&nbsp;<h3><a>Fehlen noch: " .
$TempValue["free"] . "</a></h3>";
}
$Spalten .= "<br />\n";
} // FOREACH
return $Spalten;
} // function Ausgabe_Feld_Inhalt
/*#######################################################
# gibt die engelschischten Druckergerecht aus #
#######################################################*/
function Ausgabe_Feld_Inhalt_Druck($RID, $Man) {
// gibt, nach <20>bergabe der der SchichtID (SID) und der RaumBeschreibung,
// die eingetragenden und und offenden Schichteint<6E>ge zur<75>ck
} // function Ausgabe_Feld_Inhalt
/*#######################################################
# Ausgabe der Raum Spalten #
#######################################################*/
function CreateRoomShifts($raum) {
global $Spalten, $ausdatum, $con, $debug, $GlobalZeileProStunde, $error_messages;
/////////////////////////////////////////////////////////////
// beginnt die erste schicht vor dem heutigen tag und geht dar<61>ber hinaus
/////////////////////////////////////////////////////////////
$SQLSonder = "SELECT `SID`, `DateS`, `DateE` , `Len`, `Man` FROM `Shifts` " .
"WHERE ((`RID` = '" . sql_escape($raum) . "') AND (`DateE` > '$ausdatum 23:59:59') AND " .
"(`DateS` < '" . sql_escape($ausdatum) . " 00:00:00') ) ORDER BY `DateS`;";
$ErgSonder = mysql_query($SQLSonder, $con);
if ((mysql_num_rows($ErgSonder) > 1)) {
if (funktion_isLinkAllowed("admin/schichtplan.php") === TRUE) {
echo "<h1>" . Get_Text("pub_schichtplan_colision") . "</h1> ";
for ($i = 0; $i < mysql_num_rows($ErgSonder); $i++) {
echo "<a href=\"./../admin/schichtplan.php?action=change&SID=" .
mysql_result($ErgSonder, $i, "SID") . "\">" .
mysql_result($ErgSonder, $i, "DateS") .
" '" . mysql_result($ErgSonder, $i, "Man") . "' (RID $raum) (00-24)" .
"</a><br />\n";
}
}
}
elseif ((mysql_num_rows($ErgSonder) == 1)) {
$Spalten[0] .= "<td valign=\"top\" rowspan=\"" . (24 * $GlobalZeileProStunde) . "\">\n" .
"<h3>&uarr;&uarr;&uarr;</h3>" .
Ausgabe_Feld_Inhalt(mysql_result($ErgSonder, 0, "SID"), mysql_result($ErgSonder, 0, "Man")) .
"<h3>&darr;&darr;&darr;</h3>" .
"\n</td>\n";
return;
}
$ZeitZeiger = 0;
/////////////////////////////////////////////////////////////
// beginnt die erste schicht vor dem heutigen tag?
/////////////////////////////////////////////////////////////
$SQLSonder = "SELECT `SID`, `DateS`, `DateE` , `Len`, `Man` FROM `Shifts` " .
"WHERE ((`RID` = '" . sql_escape($raum) . "') AND (`DateE` > '" . sql_escape($ausdatum) . " 00:00:00') AND " .
"(`DateS` < '" . sql_escape($ausdatum) . " 00:00:00') ) ORDER BY `DateS`;";
$ErgSonder = mysql_query($SQLSonder, $con);
if ((mysql_num_rows($ErgSonder) > 1)) {
if (funktion_isLinkAllowed("admin/schichtplan.php") === TRUE) {
echo "<h1>" . Get_Text("pub_schichtplan_colision") . "</h1> ";
for ($i = 0; $i < mysql_num_rows($ErgSonder); $i++) {
echo "<a href=\"./../admin/schichtplan.php?action=change&SID=" .
mysql_result($ErgSonder, $i, "SID") . "\">" .
mysql_result($ErgSonder, $i, "DateS") .
" '" . mysql_result($ErgSonder, $i, "Man") . "' (RID $raum) (00-xx)" .
"</a><br />\n";
}
}
}
elseif ((mysql_num_rows($ErgSonder) == 1)) {
$ZeitZeiger = substr(mysql_result($ErgSonder, 0, "DateE"), 11, 2) + (substr(mysql_result($ErgSonder, 0, "DateE"), 14, 2) / 60);
$Spalten[0] .= "<td valign=\"top\" rowspan=\"" . ($ZeitZeiger * $GlobalZeileProStunde) . "\">\n" .
"<h3>&uarr;&uarr;&uarr;</h3>" .
Ausgabe_Feld_Inhalt(mysql_result($ErgSonder, 0, "SID"), mysql_result($ErgSonder, 0, "Man")) .
"\n</td>\n";
}
/////////////////////////////////////////////////////////////
// gibt die schichten f<>r den tag aus
/////////////////////////////////////////////////////////////
$SQL = "SELECT `SID`, `DateS`, `Len`, `Man` FROM `Shifts` " .
"WHERE ((`RID` = '" . sql_escape($raum) . "') and " .
"(`DateS` >= '" . sql_escape($ausdatum) . ' ' . sql_escape($ZeitZeiger) . ":00:00') and " .
"(`DateS` like '" . sql_escape($ausdatum) . "%')) ORDER BY `DateS`;";
$Erg = mysql_query($SQL, $con);
for ($i = 0; $i < mysql_num_rows($Erg); ++ $i) {
$ZeitPos = substr(mysql_result($Erg, $i, "DateS"), 11, 2) + (substr(mysql_result($Erg, $i, "DateS"), 14, 2) / 60);
$len = mysql_result($Erg, $i, "Len");
if ($len <= 0)
array_push($error_messages, "Error in shift denition SID=" . mysql_result($Erg, $i, "SID") . " Len=$len");
if ($ZeitZeiger < $ZeitPos) {
$Spalten[$ZeitZeiger * $GlobalZeileProStunde] .= "<td valign=\"top\" rowspan=\"" . (($ZeitPos - $ZeitZeiger) * $GlobalZeileProStunde) . "\">&nbsp;</td>\n";
$ZeitZeiger += $ZeitPos - $ZeitZeiger;
}
if ($ZeitZeiger == $ZeitPos) {
//sonderfall wenn die schicht <20>ber dei 24 stunden hinaus geht
// (eintrag abk<62>rzen, pfeiel ausgeben)
$Spalten[$ZeitZeiger * $GlobalZeileProStunde] .= "<td valign=\"top\" rowspan=\"" .
((($len + $ZeitZeiger) ? $len : 24 - $len + $ZeitZeiger) * $GlobalZeileProStunde) .
"\">\n" .
"" .
Ausgabe_Feld_Inhalt(mysql_result($Erg, $i, "SID"), mysql_result($Erg, $i, "Man")) .
((($ZeitZeiger + $len) > 24) ? "<h3>&darr;&darr;&darr;</h3>" : "") .
"\n</td>\n";
$ZeitZeiger += $len;
} else {
echo "<h1>" . Get_Text("pub_schichtplan_colision") . "</h1> ";
echo "<a href=\"./../admin/schichtplan.php?action=change&SID=" .
mysql_result($Erg, $i, "SID") . "\">" .
mysql_result($Erg, $i, "DateS") .
" '" . mysql_result($Erg, $i, "Man") . "' " .
" (" . mysql_result($Erg, $i, "SID") . " R$raum) (xx-xx)</a><br /><br />";
}
}
if ($ZeitZeiger < 24)
$Spalten[($ZeitZeiger * $GlobalZeileProStunde)] .= "<td valign=\"top\" rowspan=\"" .
((24 - $ZeitZeiger) * $GlobalZeileProStunde) .
"\">&nbsp;</td>\n";
} // function CreateRoomShifts
/*#######################################################
# Ausgabe der freien schichten #
#######################################################*/
function showEmptyShifts() {
global $con, $debug, $RoomID, $gmdateOffset;
echo "<table border=\"1\">\n";
echo "<tr>\n";
echo "<th>" . Get_Text("inc_schicht_date") . "</th>\n";
echo "<th>" . Get_Text("inc_schicht_time") . "</th>\n";
echo "<th>" . Get_Text("inc_schicht_room") . "</th>\n";
echo "<th>" . Get_Text("inc_schicht_commend") . "</th>\n";
echo "</tr>\n";
$sql = "SELECT `SID`, `DateS`, `Man`, `RID` FROM `Shifts` " .
"WHERE (`Shifts`.`DateS`>='" . gmdate("Y-m-d H:i:s", time() + $gmdateOffset) . "') " .
"ORDER BY `DateS`, `RID`;";
$Erg = mysql_query($sql, $con);
$angezeigt = 0;
for ($i = 0;($i < mysql_num_rows($Erg)) && ($angezeigt < 15); $i++)
if (isset ($RoomID[mysql_result($Erg, $i, "RID")]))
if ($RoomID[mysql_result($Erg, $i, "RID")] != "") {
$Sql2 = "SELECT `UID` FROM `ShiftEntry` " .
"WHERE `SID`=" . mysql_result($Erg, $i, "SID") . " AND " .
"`UID`='0';";
$Erg2 = mysql_query($Sql2, $con);
if (mysql_num_rows($Erg2) > 0) {
$angezeigt++;
echo "<tr>\n";
echo "<td>" . substr(mysql_result($Erg, $i, "DateS"), 0, 10) . "</td>\n";
echo "<td>" . substr(mysql_result($Erg, $i, "DateS"), 11) . "</td>\n";
echo "<td>" . $RoomID[mysql_result($Erg, $i, "RID")] . "</td>\n";
echo "<td>" .
ausgabe_Feld_Inhalt(mysql_result($Erg, $i, "SID"), mysql_result($Erg, $i, "Man")) .
"</td>\n";
echo "</tr>\n";
}
}
echo "</table>\n";
} //function showEmptyShifts
/*#######################################################
# Gibt die anzahl der Schichten im Raum zur<75>ck #
#######################################################*/
function SummRoomShifts($raum) {
global $ausdatum, $con, $debug, $GlobalZeileProStunde;
$SQLSonder = "SELECT `SID`, `DateS`, `Len`, `Man` FROM `Shifts` " .
"WHERE ((`RID` = '" . sql_escape($raum) . "') AND (`DateE` >= '$ausdatum 00:00:00') AND " .
"(`DateS` <= '$ausdatum 23:59:59') ) ORDER BY `DateS`;";
$ErgSonder = mysql_query($SQLSonder, $con);
return mysql_num_rows($ErgSonder);
}
function DatumUm1TagErhoehen($Datum) {
$Jahr = substr($Datum, 0, 4);
$Monat = substr($Datum, 5, 2);
$Tag = substr($Datum, 8, 2);
$Tag++;
switch ($Monat) {
case 1 :
$Mmax = 31;
break;
case 2 :
$Mmax = 28;
break;
case 3 :
$Mmax = 31;
break;
case 4 :
$Mmax = 30;
break;
case 5 :
$Mmax = 31;
break;
case 6 :
$Mmax = 30;
break;
case 7 :
$Mmax = 31;
break;
case 8 :
$Mmax = 31;
break;
case 9 :
$Mmax = 30;
break;
case 10 :
$Mmax = 31;
break;
case 11 :
$Mmax = 30;
break;
case 12 :
$Mmax = 31;
break;
}
if ($Tag > $Mmax) {
$Tag = 1;
$Monat++;
}
if ($Monat > 12) {
$Monat = 1;
$Jahr++;
}
$Tag = strlen($Tag) == 1 ? "0" . $Tag : $Tag;
$Monat = strlen($Monat) == 1 ? "0" . $Monat : $Monat;
return ("$Jahr-$Monat-$Tag");
}
?>

26
includes/sys_template.php
Unescape Escape View File

@ -238,4 +238,30 @@ function img_button($link, $icon, $text, $extra_text = '') {
$translation = empty($text)? '' : Get_Text($text);
return '<a href="' . htmlspecialchars($link) . '"><img src="pic/icons/' . htmlspecialchars($icon) . '.png" alt="' . $translation . '" ' . (empty($translation)? '' : 'title="' . $translation . '"') . '>' . (empty($extra_text)? '' : ' ' . $extra_text) . '</a>';
}
function ReplaceSmilies($neueckig) {
$neueckig = str_replace(";o))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig);
$neueckig = str_replace(":-))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig);
$neueckig = str_replace(";o)", "<img src=\"pic/smiles/icon_wind.gif\">", $neueckig);
$neueckig = str_replace(":)", "<img src=\"pic/smiles/icon_smile.gif\">", $neueckig);
$neueckig = str_replace(":-)", "<img src=\"pic/smiles/icon_smile.gif\">", $neueckig);
$neueckig = str_replace(":(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig);
$neueckig = str_replace(":-(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig);
$neueckig = str_replace(":o(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig);
$neueckig = str_replace(":o)", "<img src=\"pic/smiles/icon_lol.gif\">", $neueckig);
$neueckig = str_replace(";o(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig);
$neueckig = str_replace(";(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig);
$neueckig = str_replace(";-(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig);
$neueckig = str_replace("8)", "<img src=\"pic/smiles/icon_rolleyes.gif\">", $neueckig);
$neueckig = str_replace("8o)", "<img src=\"pic/smiles/icon_rolleyes.gif\">", $neueckig);
$neueckig = str_replace(":P", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig);
$neueckig = str_replace(":-P", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig);
$neueckig = str_replace(":oP", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig);
$neueckig = str_replace(";P", "<img src=\"pic/smiles/icon_mad.gif\">", $neueckig);
$neueckig = str_replace(";oP", "<img src=\"pic/smiles/icon_mad.gif\">", $neueckig);
$neueckig = str_replace("?)", "<img src=\"pic/smiles/icon_question.gif\">", $neueckig);
return $neueckig;
}
?>

133
includes/sys_user.php
Unescape Escape View File

@ -1,133 +0,0 @@
<?php
function User_Nick_render($user_source) {
global $user, $privileges;
if($user['UID'] == $user_source['UID'] || in_array('user_shifts_admin', $privileges))
return '<a href="' . page_link_to('user_myshifts') . '&amp;id=' . $user_source['UID'] . '">' . htmlspecialchars($user_source['Nick']) . '</a>';
else
return htmlspecialchars($user_source['Nick']);
}
/**
* Available T-Shirt sizes
*/
$tshirt_sizes = array (
'' => "Please select...",
'S' => "S",
'M' => "M",
'L' => "L",
'XL' => "XL",
'2XL' => "2XL",
'3XL' => "3XL",
'4XL' => "4XL",
'5XL' => "5XL",
'S-G' => "S Girl",
'M-G' => "M Girl",
'L-G' => "L Girl",
'XL-G' => "XL Girl"
);
function UID2Nick($UID) {
if ($UID > 0)
$SQL = "SELECT Nick FROM `User` WHERE UID='" . sql_escape($UID) . "'";
else
$SQL = "SELECT Name FROM `Groups` WHERE UID='" . sql_escape($UID) . "'";
$Erg = sql_select($SQL);
if (count($Erg) > 0) {
if ($UID > 0)
return $Erg[0]['Nick'];
else
return "Group-" . $Erg[0]['Name'];
} else {
if ($UID == -1)
return "Guest";
else
return "UserID $UID not found";
}
}
function TID2Type($TID) {
global $con;
$SQL = "SELECT Name FROM `EngelType` WHERE TID='" . sql_escape($TID) . "'";
$Erg = mysql_query($SQL, $con);
if (mysql_num_rows($Erg))
return mysql_result($Erg, 0);
else
return "";
}
function ReplaceSmilies($neueckig) {
$neueckig = str_replace(";o))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig);
$neueckig = str_replace(":-))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig);
$neueckig = str_replace(";o)", "<img src=\"pic/smiles/icon_wind.gif\">", $neueckig);
$neueckig = str_replace(":)", "<img src=\"pic/smiles/icon_smile.gif\">", $neueckig);
$neueckig = str_replace(":-)", "<img src=\"pic/smiles/icon_smile.gif\">", $neueckig);
$neueckig = str_replace(":(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig);
$neueckig = str_replace(":-(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig);
$neueckig = str_replace(":o(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig);
$neueckig = str_replace(":o)", "<img src=\"pic/smiles/icon_lol.gif\">", $neueckig);
$neueckig = str_replace(";o(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig);
$neueckig = str_replace(";(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig);
$neueckig = str_replace(";-(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig);
$neueckig = str_replace("8)", "<img src=\"pic/smiles/icon_rolleyes.gif\">", $neueckig);
$neueckig = str_replace("8o)", "<img src=\"pic/smiles/icon_rolleyes.gif\">", $neueckig);
$neueckig = str_replace(":P", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig);
$neueckig = str_replace(":-P", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig);
$neueckig = str_replace(":oP", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig);
$neueckig = str_replace(";P", "<img src=\"pic/smiles/icon_mad.gif\">", $neueckig);
$neueckig = str_replace(";oP", "<img src=\"pic/smiles/icon_mad.gif\">", $neueckig);
$neueckig = str_replace("?)", "<img src=\"pic/smiles/icon_question.gif\">", $neueckig);
return $neueckig;
}
function GetPictureShow($UID) {
global $con;
$SQL = "SELECT `show` FROM `UserPicture` WHERE `UID`='" . sql_escape($UID) . "'";
$res = mysql_query($SQL, $con);
if (mysql_num_rows($res) == 1)
return mysql_result($res, 0, 0);
else
return "";
}
function displayPicture($UID, $height = "30") {
global $url, $ENGEL_ROOT;
if ($height > 0)
return ("<div class=\"avatar\"><img src=\"" . $url . $ENGEL_ROOT . "ShowUserPicture.php?UID=$UID\" height=\"$height\" alt=\"picture of USER$UID\" class=\"photo\"></div>");
else
return ("<div class=\"avatar\"><img class=\"avatar\" src=\"" . $url . $ENGEL_ROOT . "ShowUserPicture.php?UID=$UID\" alt=\"picture of USER$UID\"></div>");
}
function displayavatar($UID, $height = "30") {
global $con, $url, $ENGEL_ROOT;
if (GetPictureShow($UID) == 'Y')
return "&nbsp;" . displayPicture($UID, $height);
$user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($UID) . " LIMIT 1");
if (count($user) > 0)
if ($user[0]['Avatar'] > 0)
return '<div class="avatar">' . ("&nbsp;<img src=\"pic/avatar/avatar" . $user[0]['Avatar'] . ".gif\">") . '</div>';
}
function UIDgekommen($UID) {
global $con;
$SQL = "SELECT `Gekommen` FROM `User` WHERE UID='" . sql_escape($UID) . "'";
$Erg = mysql_query($SQL, $con);
if (mysql_num_rows($Erg))
return mysql_result($Erg, 0);
else
return "0";
}
?>

11
includes/view/Shifts_view.php
Unescape Escape View File

@ -0,0 +1,11 @@
<?php
/**
* Calc shift length in format 12:23h.
* @param Shift $shift
*/
function shift_length($shift) {
$length = round(($shift['end'] - $shift['start']) / (60 * 60), 0) . ":";
$length .= str_pad((($shift['end'] - $shift['start']) % (60 * 60)) / 60, 2, "0", STR_PAD_LEFT) . "h";
return $length;
}
?>

36
includes/view/Sprache_view.php
Unescape Escape View File

@ -0,0 +1,36 @@
<?php
/**
* Names of available languages.
*/
$languages = array (
'DE' => "Deutsch",
'EN' => "English"
);
/**
* Display acutual translation of given text id.
* @param string $TextID
* @param bool $NoError
* @return string
*/
function Get_Text($TextID, $NoError = false) {
global $debug;
if (!isset ($_SESSION['Sprache']))
$_SESSION['Sprache'] = "EN";
if ($_SESSION['Sprache'] == "")
$_SESSION['Sprache'] = "EN";
if (isset ($_GET["SetLanguage"]))
$_SESSION['Sprache'] = $_GET["SetLanguage"];
$sprache_source = Sprache($TextID, $_SESSION['Sprache']);
if($sprache_source === false)
engelsystem_error("Unable to load text key.");
if($sprache_source == null) {
if($NoError && !$debug)
return "";
return $TextID;
}
return $sprache_source['Text'];
}
?>

45
includes/view/User_view.php
Unescape Escape View File

@ -0,0 +1,45 @@
<?php
/**
* Available T-Shirt sizes
*/
$tshirt_sizes = array (
'' => "Please select...",
'S' => "S",
'M' => "M",
'L' => "L",
'XL' => "XL",
'2XL' => "2XL",
'3XL' => "3XL",
'4XL' => "4XL",
'5XL' => "5XL",
'S-G' => "S Girl",
'M-G' => "M Girl",
'L-G' => "L Girl",
'XL-G' => "XL Girl"
);
/**
* Render a users avatar.
* @param User $user
* @return string
*/
function User_Avatar_render($user) {
return '<div class="avatar">&nbsp;<img src="pic/avatar/avatar' . $user['Avatar'] . '.gif"></div>';
}
/**
* Render a user nickname.
* @param User $user_source
* @return string
*/
function User_Nick_render($user_source) {
global $user, $privileges;
if($user['UID'] == $user_source['UID'] || in_array('user_shifts_admin', $privileges))
return '<a href="' . page_link_to('user_myshifts') . '&amp;id=' . $user_source['UID'] . '">' . htmlspecialchars($user_source['Nick']) . '</a>';
else
return htmlspecialchars($user_source['Nick']);
}
?>

15
public/index.php
Unescape Escape View File

@ -1,19 +1,26 @@
<?php
require_once ('bootstrap.php');
require_once ('includes/mysql_provider.php');
require_once ('includes/sys_auth.php');
require_once ('includes/sys_counter.php');
require_once ('includes/sys_lang.php');
require_once ('includes/sys_log.php');
require_once ('includes/sys_menu.php');
require_once ('includes/sys_mysql.php');
require_once ('includes/sys_page.php');
require_once ('includes/sys_shift.php');
require_once ('includes/sys_template.php');
require_once ('includes/sys_user.php');
require_once ('includes/model/LogEntries_model.php');
require_once ('includes/model/Sprache_model.php');
require_once ('includes/model/User_model.php');
require_once ('includes/view/Shifts_view.php');
require_once ('includes/view/Sprache_view.php');
require_once ('includes/view/User_view.php');
require_once ('includes/helper/message_helper.php');
require_once ('includes/helper/error_helper.php');
require_once ('config/config.php');
require_once ('config/config_db.php');

51
services/cron_dect.php
Unescape Escape View File

@ -1,51 +0,0 @@
<?php
include "../includes/config.php";
include "../includes/config_IAX.php";
include "../includes/config_db.php";
include "../includes/error_handler.php";
include "../includes/funktion_modem.php";
include "../includes/funktion_cron.php";
// ausfuerungs Ruetmuss (in s)
$StartTimeBeforEvent = (60 / 4) * 60;
$AnrufDelay = -5;
$DebugDECT = false;
// Timeout erhoehen
set_time_limit(50000);
// SQL zusammensetzen
$SQL = "SELECT Shifts.DateS, Shifts.RID, ShiftEntry.UID, ShiftEntry.TID ".
"FROM `Shifts` INNER JOIN `ShiftEntry` ON `Shifts`.`SID` = `ShiftEntry`.`SID` ";
if($DebugDECT)
$SQL .= "WHERE (Shifts.DateS>'2007-07-09 09:45:00' AND ".
"Shifts.DateS<='2007-07-09 11:00:00');";
else
$SQL .= "WHERE ((`Shifts`.`DateS`>'". gmdate("Y-m-d H:i:s", time()+120+$gmdateOffset). "') AND ".
"(`Shifts`.`DateS`<='". gmdate("Y-m-d H:i:s", time()+120+$gmdateOffset+$StartTimeBeforEvent). "') );";
$Erg = mysql_query($SQL, $con);
echo mysql_error($con);
$Z = 0;
for($i = 0; $i < mysql_num_rows($Erg); $i++) {
if(mysql_result($Erg, $i, "UID") > 0) {
$DECTnumber = UID2DECT(mysql_result($Erg, $i, "UID"));
if($DECTnumber != "") {
echo "dial $DECTnumber\n";
DialNumberIAX( $DECTnumber, mysql_result($Erg, $i, "DateS"), mysql_result($Erg, $i, "RID"), mysql_result($Erg, $i, "TID"));
DialNumberModem( $DECTnumber, mysql_result($Erg, $i, "DateS"));
if($Z++ > 10) {
$Z = 0;
sleep(30);
}
}
}
}
return 0;
?>

19
services/dect_clear.php
Unescape Escape View File

@ -1,19 +0,0 @@
<?php
include "../includes/db.php";
include "../includes/config.php";
include "../includes/funktion_modem.php";
$SQL = "SELECT DECT FROM `User`;";
$Erg = mysql_query($SQL, $con);
echo mysql_error($con);
for($i=0; $i < mysql_num_rows($Erg); $i++) {
$Number = "#10" . mysql_result($Erg, $i, "DECT");
if(strlen($Number) == 7)
DialNumber($Number);
}
return 0;
?>

75
services/jabberserver.php
Unescape Escape View File

@ -1,75 +0,0 @@
<?php
require_once "../includes/config_jabber.php";
require_once "../includes/funktion_jabber.php";
include "../includes/config_MessegeServer.php";
// Set time limit to indefinite execution
set_time_limit(0);
if(DEBUG)
echo "DEBUG mode is enable\n\tjabber is disable\n\n";
if(!DEBUG) {
echo "INIT jabber\n";
$jabber = new Jabber($server, $port, $username, $password, $resource);
if(!($jabber->Connect() && $jabber->SendAuth()))
die("Couldn't connect to Jabber Server.");
}
echo "INIT socked\n";
// Create a UDP socket
$sock = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP) or die('Could not create socked (' . socket_strerror(socket_last_error()) . ')');
// Bind the socket to an address/port
socket_bind($sock, SERVER_ADDRESS, SERVER_PORT) or die('Could not bind to address (' . socket_strerror(socket_last_error()) . ')');
// Setzt Nonbock Mode
socket_set_nonblock($sock);
$RUNNING = true;
while($RUNNING) {
if(@socket_recvfrom($sock, $data, 65535, 0, $ip, $port)) {
// daten empfangen
$data = substr($data, 0, strlen($data)-1); //ENTER entfernen
echo "\n". gmdate("Y-m-d H:i:s", time()). "\tresive from $ip:$port ". strlen($data). " byte data ($data)\n";
PackedAnalyser( $data);
}
usleep(100000); // 100ms delay keeps the doctor away
} // end while
// disconnect jabber
if(!DEBUG)
$jabber->Disconnect();
// Close the master sockets
socket_close($sock);
function PackedAnalyser($data) {
global $jabber, $RUNNING;
// init array
$matches = array();
//#message
if(preg_match("/^#(message) ([^ ]+) (.+)/i", $data, $matches)) {
if($matches[2]=="" || $matches[3]=="")
echo "\t\t\t\t#messaage parameter fail\n";
else {
// Whisper
if(!DEBUG)
$jabber->SendMessage($value, "normal", NULL, array("body" => $message, "subject" => "Error in Pentabarf"), NULL);
else
echo "\t\t\t\tmessage to:\"". $matches[2]. "\" Text: \"". $matches[3]. "\"\n";
}
} elseif(preg_match("/^#quit/i", $data, $matches)) {
if(DEBUG) {
echo "\t\t\t\tSystem Shutdown\n\n";
$RUNNING = false;
}
} else
echo "\t\t\t\tcommand not found\n\n";
}
?>
Write Preview
Loading…
Cancel
Save