Merge branch 'dev'

main
Philip Häusler 12 years ago
commit caeadadb27

2
.gitignore vendored

@ -2,3 +2,5 @@ includes_old
www-ssl_old
.project
.buildpath
.*.swp
_vimrc_local.vim

@ -0,0 +1,19 @@
<?php
if(sql_num_query("SHOW TABLES LIKE 'LogEntries'") == 0) {
sql_query("CREATE TABLE `LogEntries` (
`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`timestamp` INT NOT NULL ,
`nick` VARCHAR( 23 ) NOT NULL ,
`message` TEXT NOT NULL ,
INDEX ( `timestamp` )
) ENGINE = InnoDB;");
$applied = true;
}
if(sql_num_query("SHOW TABLES LIKE 'ChangeLog'") == 0) {
sql_query("DROP TABLE `ChangeLog`");
$applied = true;
}
?>

@ -0,0 +1,4 @@
<?php
mysql_query("INSERT IGNORE INTO `Privileges` (`name`, `desc`) VALUES ('atom', ' Atom news export')");
$applied = mysql_affected_rows() > 0;
?>

@ -0,0 +1,23 @@
<?php
/**
* Creates a log entry.
* @param $nick Username
* @param $message Log Message
*/
function LogEntry_create($nick, $message) {
$timestamp = time();
sql_query("INSERT INTO `LogEntries` SET `timestamp`=" . sql_escape($timestamp) . ", `nick`='" . sql_escape($nick) . "', `message`='" . sql_escape($message) . "'");
}
/**
* Returns log entries of the last 24 hours with maximum count of 1000.
*/
function LogEntries() {
$log_entries_source = sql_select("SELECT * FROM `LogEntries` WHERE `timestamp` > " . (time() - 24*60*60) . " ORDER BY `timestamp` DESC LIMIT 1000");
return $log_entries_source;
}
?>

@ -0,0 +1,14 @@
<?php
/**
* Returns user by id.
* @param $id UID
*/
function User($id) {
$user_source = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
if(count($user_source) > 0)
return $user_source[0];
return null;
}
?>

@ -1,120 +1,144 @@
<?php
function admin_active() {
global $tshirt_sizes;
$msg = "";
$search = "";
$count = 0;
$limit = "";
$set_active = "";
if (isset ($_REQUEST['search']))
$search = strip_request_item('search');
global $tshirt_sizes, $shift_sum_formula;
if (isset ($_REQUEST['set_active'])) {
$ok = true;
$msg = "";
$search = "";
$count = 0;
$limit = "";
$set_active = "";
if (isset ($_REQUEST['search']))
$search = strip_request_item('search');
if (isset ($_REQUEST['count']) && preg_match("/^[0-9]+$/", $_REQUEST['count']))
$count = strip_request_item('count');
else {
$ok = false;
$msg .= error("Please enter a number of angels to be marked as active.", true);
}
if (isset ($_REQUEST['set_active'])) {
$ok = true;
if ($ok)
$limit = " LIMIT " . $count;
if (isset ($_REQUEST['ack'])) {
sql_query("UPDATE `User` SET `Aktiv` = 0 WHERE `Tshirt` = 0");
$users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit);
foreach ($users as $usr)
sql_query("UPDATE `User` SET `Aktiv` = 1 WHERE `UID`=" . sql_escape($usr['UID']));
if (isset ($_REQUEST['count']) && preg_match("/^[0-9]+$/", $_REQUEST['count']))
$count = strip_request_item('count');
else {
$ok = false;
$msg .= error("Please enter a number of angels to be marked as active.", true);
}
$limit = "";
$msg = success("Marked angels.", true);
} else {
$set_active = '<a href="' . page_link_to('admin_active') . '&amp;serach=' . $search . '">&laquo; back</a> | <a href="' . page_link_to('admin_active') . '&amp;search=' . $search . '&amp;count=' . $count . '&amp;set_active&amp;ack">apply</a>';
}
}
if ($ok)
$limit = " LIMIT " . $count;
if (isset ($_REQUEST['ack'])) {
sql_query("UPDATE `User` SET `Aktiv` = 0 WHERE `Tshirt` = 0");
$users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, ${shift_sum_formula} as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit);
$user_nicks = array();
foreach ($users as $usr) {
sql_query("UPDATE `User` SET `Aktiv` = 1 WHERE `UID`=" . sql_escape($usr['UID']));
$user_nicks[] = $usr['Nick'];
}
engelsystem_log("These angels are active now: " . join(", ", $user_nicks));
if (isset ($_REQUEST['active']) && preg_match("/^[0-9]+$/", $_REQUEST['active'])) {
$id = $_REQUEST['active'];
sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
$msg = success("Angel has been marked as active.", true);
}
elseif (isset ($_REQUEST['not_active']) && preg_match("/^[0-9]+$/", $_REQUEST['not_active'])) {
$id = $_REQUEST['not_active'];
sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
$msg = success("Angel has been marked as not active.", true);
}
elseif (isset ($_REQUEST['tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['tshirt'])) {
$id = $_REQUEST['tshirt'];
sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
$msg = success("Angel has got a t-shirt.", true);
}
elseif (isset ($_REQUEST['not_tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['not_tshirt'])) {
$id = $_REQUEST['not_tshirt'];
sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
$msg = success("Angel has got no t-shirt.", true);
}
$limit = "";
$msg = success("Marked angels.", true);
} else {
$set_active = '<a href="' . page_link_to('admin_active') . '&amp;serach=' . $search . '">&laquo; back</a> | <a href="' . page_link_to('admin_active') . '&amp;search=' . $search . '&amp;count=' . $count . '&amp;set_active&amp;ack">apply</a>';
}
}
$users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit);
if (isset ($_REQUEST['active']) && preg_match("/^[0-9]+$/", $_REQUEST['active'])) {
$id = $_REQUEST['active'];
$user_source = User($id);
if($user_source != null) {
sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
engelsystem_log("User " . $user_source['Nick'] . " is active now.");
$msg = success("Angel has been marked as active.", true);
}
else $msg = error("Angel not found.", true);
}
elseif (isset ($_REQUEST['not_active']) && preg_match("/^[0-9]+$/", $_REQUEST['not_active'])) {
$id = $_REQUEST['not_active'];
$user_source = User($id);
if($user_source != null) {
sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
engelsystem_log("User " . $user_source['Nick'] . " is NOT active now.");
$msg = success("Angel has been marked as not active.", true);
}
else $msg = error("Angel not found.", true);
}
elseif (isset ($_REQUEST['tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['tshirt'])) {
$id = $_REQUEST['tshirt'];
$user_source = User($id);
if($user_source != null) {
sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
engelsystem_log("User " . $user_source['Nick'] . " has tshirt now.");
$msg = success("Angel has got a t-shirt.", true);
}
else $msg = error("Angel not found.", true);
}
elseif (isset ($_REQUEST['not_tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['not_tshirt'])) {
$id = $_REQUEST['not_tshirt'];
$user_source = User($id);
if($user_source != null) {
sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
engelsystem_log("User " . $user_source['Nick'] . " NO tshirt.");
$msg = success("Angel has got no t-shirt.", true);
}
else $msg = error("Angel not found.", true);
}
$table = "";
if ($search == "")
$tokens = array ();
else
$tokens = explode(" ", $search);
foreach ($users as $usr) {
if (count($tokens) > 0) {
$match = false;
$index = join("", $usr);
foreach ($tokens as $t)
if (strstr($index, trim($t))) {
$match = true;
break;
}
if (!$match)
continue;
}
$table .= '<tr>';
$table .= '<td>' . $usr['Nick'] . '</td>';
$table .= '<td>' . $tshirt_sizes[$usr['Size']] . '</td>';
$table .= '<td>' . $usr['shift_count'] . '</td>';
$users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, ${shift_sum_formula} as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit);
if ($usr['shift_count'] == 0)
$table .= '<td>-</td>';
else
$table .= '<td>' . round($usr['shift_length'] / 60) . ' min (' . round($usr['shift_length'] / 3600) . ' h)</td>';
$table = "";
if ($search == "")
$tokens = array ();
else
$tokens = explode(" ", $search);
foreach ($users as $usr) {
if (count($tokens) > 0) {
$match = false;
$index = join("", $usr);
foreach ($tokens as $t)
if (strstr($index, trim($t))) {
$match = true;
break;
}
if (!$match)
continue;
}
$table .= '<tr>';
$table .= '<td>' . $usr['Nick'] . '</td>';
$table .= '<td>' . $tshirt_sizes[$usr['Size']] . '</td>';
$table .= '<td>' . $usr['shift_count'] . '</td>';
if ($usr['Aktiv'] == 1)
$table .= '<td>yes</td>';
else
$table .= '<td></td>';
if ($usr['Tshirt'] == 1)
$table .= '<td>yes</td>';
else
$table .= '<td></td>';
if ($usr['shift_count'] == 0)
$table .= '<td>-</td>';
else
$table .= '<td>' . round($usr['shift_length'] / 60) . ' min (' . round($usr['shift_length'] / 3600) . ' h)</td>';
$actions = array ();
if ($usr['Aktiv'] == 0)
$actions[] = '<a href="' . page_link_to('admin_active') . '&amp;active=' . $usr['UID'] . '&amp;search=' . $search . '">set active</a>';
if ($usr['Aktiv'] == 1 && $usr['Tshirt'] == 0) {
$actions[] = '<a href="' . page_link_to('admin_active') . '&amp;not_active=' . $usr['UID'] . '&amp;search=' . $search . '">remove active</a>';
$actions[] = '<a href="' . page_link_to('admin_active') . '&amp;tshirt=' . $usr['UID'] . '&amp;search=' . $search . '">got t-shirt</a>';
}
if ($usr['Tshirt'] == 1)
$actions[] = '<a href="' . page_link_to('admin_active') . '&amp;not_tshirt=' . $usr['UID'] . '&amp;search=' . $search . '">remove t-shirt</a>';
if ($usr['Aktiv'] == 1)
$table .= '<td>yes</td>';
else
$table .= '<td></td>';
if ($usr['Tshirt'] == 1)
$table .= '<td>yes</td>';
else
$table .= '<td></td>';
$table .= '<td>' . join(' | ', $actions) . '</td>';
$actions = array ();
if ($usr['Aktiv'] == 0)
$actions[] = '<a href="' . page_link_to('admin_active') . '&amp;active=' . $usr['UID'] . '&amp;search=' . $search . '">set active</a>';
if ($usr['Aktiv'] == 1 && $usr['Tshirt'] == 0) {
$actions[] = '<a href="' . page_link_to('admin_active') . '&amp;not_active=' . $usr['UID'] . '&amp;search=' . $search . '">remove active</a>';
$actions[] = '<a href="' . page_link_to('admin_active') . '&amp;tshirt=' . $usr['UID'] . '&amp;search=' . $search . '">got t-shirt</a>';
}
if ($usr['Tshirt'] == 1)
$actions[] = '<a href="' . page_link_to('admin_active') . '&amp;not_tshirt=' . $usr['UID'] . '&amp;search=' . $search . '">remove t-shirt</a>';
$table .= '</tr>';
}
return template_render('../templates/admin_active.html', array (
'search' => $search,
'count' => $count,
'set_active' => $set_active,
'table' => $table,
'msg' => $msg,
'link' => page_link_to('admin_active')
));
$table .= '<td>' . join(' | ', $actions) . '</td>';
$table .= '</tr>';
}
return template_render('../templates/admin_active.html', array (
'search' => $search,
'count' => $count,
'set_active' => $set_active,
'table' => $table,
'msg' => $msg,
'link' => page_link_to('admin_active')
));
}
?>
?>

@ -47,10 +47,13 @@ function admin_angel_types() {
$restricted = 0;
if ($ok) {
if (isset ($id))
if (isset ($id)) {
sql_query("UPDATE `AngelTypes` SET `name`='" . sql_escape($name) . "', `restricted`=" . sql_escape($restricted) . " WHERE `id`=" . sql_escape($id) . " LIMIT 1");
else
engelsystem_log("Updated angeltype: " . $name . ", restricted: " . $restricted);
} else {
sql_query("INSERT INTO `AngelTypes` SET `name`='" . sql_escape($name) . "', `restricted`=" . sql_escape($restricted));
engelsystem_log("Created angeltype: " . $name . ", restricted: " . $restricted);
}
success("Angel type saved.");
redirect(page_link_to('admin_angel_types'));
@ -76,6 +79,7 @@ function admin_angel_types() {
sql_query("DELETE FROM `ShiftEntry` WHERE `TID`=" . sql_escape($id) . " LIMIT 1");
sql_query("DELETE FROM `AngelTypes` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
sql_query("DELETE FROM `UserAngelTypes` WHERE `angeltype_id`=" . sql_escape($id) . " LIMIT 1");
engelsystem_log("Deleted angel type: " . $name);
success(sprintf("Angel type %s deleted.", $name));
redirect(page_link_to('admin_angel_types'));
}

@ -1,52 +1,60 @@
<?php
function admin_arrive() {
$msg = "";
$search = "";
if (isset ($_REQUEST['search']))
$search = strip_request_item('search');
$msg = "";
$search = "";
if (isset ($_REQUEST['search']))
$search = strip_request_item('search');
if (isset ($_REQUEST['reset']) && preg_match("/^[0-9]*$/", $_REQUEST['reset'])) {
$id = $_REQUEST['reset'];
sql_query("UPDATE `User` SET `Gekommen`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
$msg = success("Reset done. Angel has not arrived.", true);
}
elseif (isset ($_REQUEST['arrived']) && preg_match("/^[0-9]*$/", $_REQUEST['arrived'])) {
$id = $_REQUEST['arrived'];
sql_query("UPDATE `User` SET `Gekommen`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
$msg = success("Angel has been marked as arrived.", true);
}
if (isset ($_REQUEST['reset']) && preg_match("/^[0-9]*$/", $_REQUEST['reset'])) {
$id = $_REQUEST['reset'];
$user_source = User($id);
if($user_source != null) {
sql_query("UPDATE `User` SET `Gekommen`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
engelsystem_log("User set to not arrived: " . $user_source['Nick']);
$msg = success("Reset done. Angel has not arrived.", true);
} else $msg = error("Angel not found.", true);
}
elseif (isset ($_REQUEST['arrived']) && preg_match("/^[0-9]*$/", $_REQUEST['arrived'])) {
$id = $_REQUEST['arrived'];
$user_source = User($id);
if($user_source != null) {
sql_query("UPDATE `User` SET `Gekommen`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
engelsystem_log("User set has arrived: " . $user_source['Nick']);
$msg = success("Angel has been marked as arrived.", true);
} else $msg = error("Angel not found.", true);
}
$users = sql_select("SELECT * FROM `User` ORDER BY `Nick`");
$table = "";
if ($search == "")
$tokens = array ();
else
$tokens = explode(" ", $search);
foreach ($users as $usr) {
if (count($tokens) > 0) {
$match = false;
$index = join("", $usr);
foreach ($tokens as $t)
if (strstr($index, trim($t))) {
$match = true;
break;
}
if (!$match)
continue;
}
$table .= '<tr>';
$table .= '<td>' . $usr['Nick'] . '</td>';
if ($usr['Gekommen'] == 1)
$table .= '<td>yes</td><td><a href="' . page_link_to('admin_arrive') . '&reset=' . $usr['UID'] . '&search=' . $search . '">reset</a></td>';
else
$table .= '<td></td><td><a href="' . page_link_to('admin_arrive') . '&arrived=' . $usr['UID'] . '&search=' . $search . '">arrived</a></td>';
$table .= '</tr>';
}
return template_render('../templates/admin_arrive.html', array (
'search' => $search,
'table' => $table,
'msg' => $msg,
'link' => page_link_to('admin_arrive')
));
$users = sql_select("SELECT * FROM `User` ORDER BY `Nick`");
$table = "";
if ($search == "")
$tokens = array ();
else
$tokens = explode(" ", $search);
foreach ($users as $usr) {
if (count($tokens) > 0) {
$match = false;
$index = join("", $usr);
foreach ($tokens as $t)
if (strstr($index, trim($t))) {
$match = true;
break;
}
if (!$match)
continue;
}
$table .= '<tr>';
$table .= '<td>' . $usr['Nick'] . '</td>';
if ($usr['Gekommen'] == 1)
$table .= '<td>yes</td><td><a href="' . page_link_to('admin_arrive') . '&reset=' . $usr['UID'] . '&search=' . $search . '">reset</a></td>';
else
$table .= '<td></td><td><a href="' . page_link_to('admin_arrive') . '&arrived=' . $usr['UID'] . '&search=' . $search . '">arrived</a></td>';
$table .= '</tr>';
}
return template_render('../templates/admin_arrive.html', array (
'search' => $search,
'table' => $table,
'msg' => $msg,
'link' => page_link_to('admin_arrive')
));
}
?>

@ -6,7 +6,22 @@ function admin_free() {
if (isset ($_REQUEST['search']))
$search = strip_request_item('search');
$users = sql_select("SELECT `User`.* FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID` AND `Shifts`.`start` < " . sql_escape(time()) . " AND `Shifts`.`end` > " . sql_escape(time()) . ") WHERE `User`.`Gekommen` = 1 AND `Shifts`.`SID` IS NULL GROUP BY `User`.`UID` ORDER BY `Nick`");
$angeltypesearch = "";
if (empty ($_REQUEST['angeltype']))
$_REQUEST['angeltype'] = '';
else {
$angeltypesearch = " INNER JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id` = '" . sql_escape($_REQUEST['angeltype']) . "' AND `UserAngelTypes`.`user_id` = `User`.`UID`";
if (isset ($_REQUEST['confirmed_only']))
$angeltypesearch .= " AND `UserAngelTypes`.`confirm_user_id`";
$angeltypesearch .= ") ";
}
$angel_types_source = sql_select("SELECT `id`, `name` FROM `AngelTypes` ORDER BY `name`");
$angel_types = array('' => 'alle Typen');
foreach ($angel_types_source as $angel_type)
$angel_types[$angel_type['id']] = $angel_type['name'];
$users = sql_select("SELECT `User`.* FROM `User` ${angeltypesearch} LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID` AND `Shifts`.`start` < " . sql_escape(time()) . " AND `Shifts`.`end` > " . sql_escape(time()) . ") WHERE `User`.`Gekommen` = 1 AND `Shifts`.`SID` IS NULL GROUP BY `User`.`UID` ORDER BY `Nick`");
$table = "";
if ($search == "")
@ -41,8 +56,10 @@ function admin_free() {
}
return template_render('../templates/admin_free.html', array (
'search' => $search,
'angeltypes' => html_select_key('angeltype', 'angeltype', $angel_types, $_REQUEST['angeltype']),
'confirmed_only' => isset($_REQUEST['confirmed_only'])? 'checked' : '',
'table' => $table,
'link' => page_link_to('admin_free')
));
}
?>
?>

@ -1,91 +1,99 @@
<?php
function admin_groups() {
global $user;
global $user;
$html = "";
$groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`");
if (!isset ($_REQUEST["action"])) {
$groups_html = "";
foreach ($groups as $group) {
$groups_html .= sprintf(
'<tr><td>%s</td>',
$group['Name']
);
$privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID']));
$privileges_html = array ();
$html = "";
$groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`");
if (!isset ($_REQUEST["action"])) {
$groups_html = "";
foreach ($groups as $group) {
$groups_html .= sprintf(
'<tr><td>%s</td>',
$group['Name']
);
$privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID']));
$privileges_html = array ();
foreach ($privileges as $priv)
$privileges_html[] = $priv['name'];
foreach ($privileges as $priv)
$privileges_html[] = $priv['name'];
$groups_html .= sprintf(
'<td>%s</td>'
. '<td><a href="%s&action=edit&id=%s">Ändern</a></td>',
join(', ', $privileges_html),
page_link_to("admin_groups"),
$group['UID']
);
}
$groups_html .= sprintf(
'<td>%s</td>'
. '<td><a href="%s&action=edit&id=%s">Ändern</a></td>',
join(', ', $privileges_html),
page_link_to("admin_groups"),
$group['UID']
);
}
return template_render('../templates/admin_groups.html', array (
'nick' => $user['Nick'],
'groups' => $groups_html
));
} else {
switch ($_REQUEST["action"]) {
case 'edit' :
if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing Groups ID.", true);
return template_render('../templates/admin_groups.html', array (
'nick' => $user['Nick'],
'groups' => $groups_html
));
} else {
switch ($_REQUEST["action"]) {
case 'edit' :
if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing Groups ID.", true);
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
if (count($room) > 0) {
list ($room) = $room;
$privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`");
$privileges_html = "";
foreach ($privileges as $priv)
$privileges_html .= sprintf(
'<tr><td><input type="checkbox" '
. 'name="privileges[]" value="%s" %s />'
. '</td> <td>%s</td> <td>%s</td></tr>',
$priv['id'],
($priv['group_id'] != ""
? 'checked="checked"'
: ''),
$priv['name'],
$priv['desc']
);
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
if (count($room) > 0) {
list ($room) = $room;
$privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`");
$privileges_html = "";
foreach ($privileges as $priv)
$privileges_html .= sprintf(
'<tr><td><input type="checkbox" '
. 'name="privileges[]" value="%s" %s />'
. '</td> <td>%s</td> <td>%s</td></tr>',
$priv['id'],
($priv['group_id'] != ""
? 'checked="checked"'
: ''),
$priv['name'],
$priv['desc']
);
$html .= template_render('../templates/admin_groups_edit_form.html', array (
'link' => page_link_to("admin_groups"),
'id' => $id,
'privileges' => $privileges_html
));
} else
return error("No Group found.", true);
break;
$html .= template_render('../templates/admin_groups_edit_form.html', array (
'link' => page_link_to("admin_groups"),
'id' => $id,
'privileges' => $privileges_html
));
} else
return error("No Group found.", true);
break;
case 'save' :
if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing Groups ID.", true);
case 'save' :
if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing Groups ID.", true);
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
if (!is_array($_REQUEST['privileges']))
$_REQUEST['privileges'] = array ();
if (count($room) > 0) {
list ($room) = $room;
sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id));
foreach ($_REQUEST['privileges'] as $priv)
if (preg_match("/^[0-9]{1,}$/", $priv) && sql_num_query("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv)) > 0)
sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv));
header("Location: " . page_link_to("admin_groups"));
} else
return error("No Group found.", true);
break;
}
}
return $html;
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
if (!is_array($_REQUEST['privileges']))
$_REQUEST['privileges'] = array ();
if (count($room) > 0) {
list ($room) = $room;
sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id));
$privilege_names = array();
foreach ($_REQUEST['privileges'] as $priv) {
if (preg_match("/^[0-9]{1,}$/", $priv)) {
$group_privileges_source = sql_select("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv) . " LIMIT 1");
if(count($group_privileges_source) > 0) {
sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv));
$privilege_names[] = $group_privileges_source[0]['name'];
}
}
}
engelsystem_log("Group privileges of group " . $room['Name'] . " edited: " . join(", ", $privilege_names));
header("Location: " . page_link_to("admin_groups"));
} else
return error("No Group found.", true);
break;
}
}
return $html;
}
?>

@ -1,279 +1,281 @@
<?php
function admin_import() {
global $PentabarfXMLhost, $PentabarfXMLpath;
global $rooms_import;
global $user;
$html = "";
$step = "input";
if (isset ($_REQUEST['step']))
$step = $_REQUEST['step'];
$html .= '<p>';
$html .= $step == "input" ? '<b>1. Input</b>' : '1. Input';
$html .= ' &raquo; ';
$html .= $step == "check" ? '<b>2. Validate</b>' : '2. Validate';
$html .= ' &raquo; ';
$html .= $step == "import" ? '<b>3. Import</b>' : '3. Import';
$html .= '</p>';
$import_file = '../import/import_' . $user['UID'] . '.xml';
switch ($step) {
case "input" :
$ok = false;
if ($test_handle = fopen('../import/tmp', 'w')) {
fclose($test_handle);
unlink('../import/tmp');
} else {
$msg = error("Webserver has no write-permission on import directory.", true);
}
if (isset ($_REQUEST['submit'])) {
$ok = true;
if (isset ($_REQUEST['user']) && $_REQUEST['user'] != "" && isset ($_REQUEST['password']) && $_REQUEST['password'] != "") {
$fp = fsockopen("ssl://$PentabarfXMLhost", 443, $errno, $errstr, 5);
if (!$fp) {
$ok = false;
$msg = error("File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_REQUEST["url"] . "' not readable!" . "[$errstr ($errno)]", true);
} else {
$fileOut = fopen($import_file, "w");
$head = 'GET /' . $PentabarfXMLpath . $_REQUEST["url"] . ' HTTP/1.1' . "\r\n" .
'Host: ' . $PentabarfXMLhost . "\r\n" .
'User-Agent: Engelsystem' . "\r\n" .
'Authorization: Basic ' .
base64_encode($_REQUEST["user"] . ':' . $_REQUEST["password"]) . "\r\n" .
"\r\n";
fputs($fp, $head);
$Zeilen = -1;
echo "<pre>";
while (!feof($fp)) {
$Temp = fgets($fp, 1024);
// show header
if ($Zeilen == -1) {
echo $Temp;
}
// ende des headers
if ($Temp == "\r\n") {
echo "</pre>\n";
$Zeilen = 0;
$Temp = "";
}
//file ende?
if ($Temp == "0\r\n")
break;
if (($Zeilen > -1) && ($Temp != "ffb\r\n")) {
//steuerzeichen ausfiltern
if (strpos("#$Temp", "\r\n") > 0)
$Temp = substr($Temp, 0, strlen($Temp) - 2);
if (strpos("#$Temp", "1005") > 0)
$Temp = "";
if (strpos("#$Temp", "783") > 0)
$Temp = "";
//schreiben in file
fputs($fileOut, $Temp);
$Zeilen++;
}
}
fclose($fileOut);
fclose($fp);
$msg .= success("Es wurden $Zeilen Zeilen eingelesen.", true);
}
}
elseif (isset ($_FILES['xcal_file']) && ($_FILES['xcal_file']['error'] == 0)) {
if (move_uploaded_file($_FILES['xcal_file']['tmp_name'], $import_file)) {
libxml_use_internal_errors(true);
if (simplexml_load_file($import_file) === false) {
$ok = false;
$msg = error("No valid xml/xcal file provided.", true);
unlink($import_file);
}
} else {
$ok = false;
$msg = error("File upload went wrong.", true);
}
} else {
$ok = false;
$msg = error("Please provide some data.", true);
}
}
if ($ok)
header("Location: " . page_link_to('admin_import') . "&step=check");
else
$html .= template_render('../templates/admin_import_input.html', array (
'link' => page_link_to('admin_import'),
'msg' => $msg,
'url' => "https://$PentabarfXMLhost/$PentabarfXMLpath"
));
break;
case "check" :
if (!file_exists($import_file))
header("Location: " . page_link_to('admin_import'));
list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file);
list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file);
$html .= template_render('../templates/admin_import_check.html', array (
'link' => page_link_to('admin_import'),
'rooms_new' => count($rooms_new) == 0 ? "<tr><td>None</td></tr>" : table_body($rooms_new),
'rooms_deleted' => count($rooms_deleted) == 0 ? "<tr><td>None</td></tr>" : table_body($rooms_deleted),
'events_new' => count($events_new) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_new)),
'events_updated' => count($events_updated) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_updated)),
'events_deleted' => count($events_deleted) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_deleted))
));
break;
case "import" :
if (!file_exists($import_file))
header("Location: " . page_link_to('admin_import'));
list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file);
foreach ($rooms_new as $room) {
sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($room) . "', `FromPentabarf`='Y', `Show`='Y'");
$rooms_import[trim($room)] = sql_id();
}
foreach ($rooms_deleted as $room)
sql_query("DELETE FROM `Room` WHERE `Name`='" . sql_escape($room) . "' LIMIT 1");
list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file);
foreach ($events_new as $event)
sql_query("INSERT INTO `Shifts` SET `name`='" .
sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "'");
foreach ($events_updated as $event)
sql_query("UPDATE `Shifts` SET `name`='" .
sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "' WHERE `PSID`=" . sql_escape($event['PSID']) . " LIMIT 1");
foreach ($events_deleted as $event)
sql_query("DELETE FROM `Shifts` WHERE `PSID`=" .
sql_escape($event['PSID']) . " LIMIT 1");
unlink($import_file);
$html .= template_render('../templates/admin_import_import.html', array ());
break;
}
return $html;
global $PentabarfXMLhost, $PentabarfXMLpath;
global $rooms_import;
global $user;
$html = "";
$step = "input";
if (isset ($_REQUEST['step']))
$step = $_REQUEST['step'];
$html .= '<p>';
$html .= $step == "input" ? '<b>1. Input</b>' : '1. Input';
$html .= ' &raquo; ';
$html .= $step == "check" ? '<b>2. Validate</b>' : '2. Validate';
$html .= ' &raquo; ';
$html .= $step == "import" ? '<b>3. Import</b>' : '3. Import';
$html .= '</p>';
$import_file = '../import/import_' . $user['UID'] . '.xml';
switch ($step) {
case "input" :
$ok = false;
if ($test_handle = fopen('../import/tmp', 'w')) {
fclose($test_handle);
unlink('../import/tmp');
} else {
$msg = error("Webserver has no write-permission on import directory.", true);
}
if (isset ($_REQUEST['submit'])) {
$ok = true;
if (isset ($_REQUEST['user']) && $_REQUEST['user'] != "" && isset ($_REQUEST['password']) && $_REQUEST['password'] != "") {
$fp = fsockopen("ssl://$PentabarfXMLhost", 443, $errno, $errstr, 5);
if (!$fp) {
$ok = false;
$msg = error("File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_REQUEST["url"] . "' not readable!" . "[$errstr ($errno)]", true);
} else {
$fileOut = fopen($import_file, "w");
$head = 'GET /' . $PentabarfXMLpath . $_REQUEST["url"] . ' HTTP/1.1' . "\r\n" .
'Host: ' . $PentabarfXMLhost . "\r\n" .
'User-Agent: Engelsystem' . "\r\n" .
'Authorization: Basic ' .
base64_encode($_REQUEST["user"] . ':' . $_REQUEST["password"]) . "\r\n" .
"\r\n";
fputs($fp, $head);
$Zeilen = -1;
echo "<pre>";
while (!feof($fp)) {
$Temp = fgets($fp, 1024);
// show header
if ($Zeilen == -1) {
echo $Temp;
}
// ende des headers
if ($Temp == "\r\n") {
echo "</pre>\n";
$Zeilen = 0;
$Temp = "";
}
//file ende?
if ($Temp == "0\r\n")
break;
if (($Zeilen > -1) && ($Temp != "ffb\r\n")) {
//steuerzeichen ausfiltern
if (strpos("#$Temp", "\r\n") > 0)
$Temp = substr($Temp, 0, strlen($Temp) - 2);
if (strpos("#$Temp", "1005") > 0)
$Temp = "";
if (strpos("#$Temp", "783") > 0)
$Temp = "";
//schreiben in file
fputs($fileOut, $Temp);
$Zeilen++;
}
}
fclose($fileOut);
fclose($fp);
$msg .= success("Es wurden $Zeilen Zeilen eingelesen.", true);
}
}
elseif (isset ($_FILES['xcal_file']) && ($_FILES['xcal_file']['error'] == 0)) {
if (move_uploaded_file($_FILES['xcal_file']['tmp_name'], $import_file)) {
libxml_use_internal_errors(true);
if (simplexml_load_file($import_file) === false) {
$ok = false;
$msg = error("No valid xml/xcal file provided.", true);
unlink($import_file);
}
} else {
$ok = false;
$msg = error("File upload went wrong.", true);
}
} else {
$ok = false;
$msg = error("Please provide some data.", true);
}
}
if ($ok)
header("Location: " . page_link_to('admin_import') . "&step=check");
else
$html .= template_render('../templates/admin_import_input.html', array (
'link' => page_link_to('admin_import'),
'msg' => $msg,
'url' => "https://$PentabarfXMLhost/$PentabarfXMLpath"
));
break;
case "check" :
if (!file_exists($import_file))
header("Location: " . page_link_to('admin_import'));
list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file);
list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file);
$html .= template_render('../templates/admin_import_check.html', array (
'link' => page_link_to('admin_import'),
'rooms_new' => count($rooms_new) == 0 ? "<tr><td>None</td></tr>" : table_body($rooms_new),
'rooms_deleted' => count($rooms_deleted) == 0 ? "<tr><td>None</td></tr>" : table_body($rooms_deleted),
'events_new' => count($events_new) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_new)),
'events_updated' => count($events_updated) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_updated)),
'events_deleted' => count($events_deleted) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_deleted))
));
break;
case "import" :
if (!file_exists($import_file))
header("Location: " . page_link_to('admin_import'));
list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file);
foreach ($rooms_new as $room) {
sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($room) . "', `FromPentabarf`='Y', `Show`='Y'");
$rooms_import[trim($room)] = sql_id();
}
foreach ($rooms_deleted as $room)
sql_query("DELETE FROM `Room` WHERE `Name`='" . sql_escape($room) . "' LIMIT 1");
list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file);
foreach ($events_new as $event)
sql_query("INSERT INTO `Shifts` SET `name`='" .
sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "'");
foreach ($events_updated as $event)
sql_query("UPDATE `Shifts` SET `name`='" .
sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "' WHERE `PSID`=" . sql_escape($event['PSID']) . " LIMIT 1");
foreach ($events_deleted as $event)
sql_query("DELETE FROM `Shifts` WHERE `PSID`=" .
sql_escape($event['PSID']) . " LIMIT 1");
engelsystem_log("Pentabarf import done");
unlink($import_file);
$html .= template_render('../templates/admin_import_import.html', array ());
break;
}
return $html;
}
function prepare_rooms($file) {
global $rooms_import;
$data = read_xml($file);
// Load rooms from db for compare with input
$rooms = sql_select("SELECT * FROM `Room` WHERE `FromPentabarf`='Y'");
$rooms_db = array ();
$rooms_import = array ();
foreach ($rooms as $room) {
$rooms_db[] = $room['Name'];
$rooms_import[$room['Name']] = $room['RID'];
}
$events = $data->vcalendar->vevent;
$rooms_pb = array ();
foreach ($events as $event) {
$rooms_pb[] = $event->location;
if (!isset ($rooms_import[trim($event->location)]))
$rooms_import[trim($event->location)] = trim($event->location);
}
$rooms_pb = array_unique($rooms_pb);
$rooms_new = array_diff($rooms_pb, $rooms_db);
$rooms_deleted = array_diff($rooms_db, $rooms_pb);
return array (
$rooms_new,
$rooms_deleted
);
global $rooms_import;
$data = read_xml($file);
// Load rooms from db for compare with input
$rooms = sql_select("SELECT * FROM `Room` WHERE `FromPentabarf`='Y'");
$rooms_db = array ();
$rooms_import = array ();
foreach ($rooms as $room) {
$rooms_db[] = $room['Name'];
$rooms_import[$room['Name']] = $room['RID'];
}
$events = $data->vcalendar->vevent;
$rooms_pb = array ();
foreach ($events as $event) {
$rooms_pb[] = $event->location;
if (!isset ($rooms_import[trim($event->location)]))
$rooms_import[trim($event->location)] = trim($event->location);
}
$rooms_pb = array_unique($rooms_pb);
$rooms_new = array_diff($rooms_pb, $rooms_db);
$rooms_deleted = array_diff($rooms_db, $rooms_pb);
return array (
$rooms_new,
$rooms_deleted
);
}
function prepare_events($file) {
global $rooms_import;
$data = read_xml($file);
$rooms = sql_select("SELECT * FROM `Room`");
$rooms_db = array ();
foreach ($rooms as $room)
$rooms_db[$room['Name']] = $room['RID'];
$events = $data->vcalendar->vevent;
$shifts_pb = array ();
foreach ($events as $event) {
$event_pb = $event->children("http://pentabarf.org");
$event_id = trim($event_pb-> {
'event-id' });
$shifts_pb[$event_id] = array (
'start' => DateTime :: createFromFormat("Ymd\THis", $event->dtstart)->getTimestamp(),
'end' => DateTime :: createFromFormat("Ymd\THis", $event->dtend)->getTimestamp(),
'RID' => $rooms_import[trim($event->location)],
'name' => trim($event->summary),
'URL' => trim($event->url),
'PSID' => $event_id
);
}
$shifts = sql_select("SELECT * FROM `Shifts` WHERE `PSID` IS NOT NULL ORDER BY `start`");
$shifts_db = array ();
foreach ($shifts as $shift)
$shifts_db[$shift['PSID']] = $shift;
$shifts_new = array ();
$shifts_updated = array ();
foreach ($shifts_pb as $shift)
if (!isset ($shifts_db[$shift['PSID']]))
$shifts_new[] = $shift;
else {
$tmp = $shifts_db[$shift['PSID']];
if ($shift['name'] != $tmp['name'] || $shift['start'] != $tmp['start'] || $shift['end'] != $tmp['end'] || $shift['RID'] != $tmp['RID'] || $shift['URL'] != $tmp['URL'])
$shifts_updated[] = $shift;
}
$shifts_deleted = array ();
foreach ($shifts_db as $shift)
if (!isset ($shifts_pb[$shift['PSID']]))
$shifts_deleted[] = $shift;
return array (
$shifts_new,
$shifts_updated,
$shifts_deleted
);
global $rooms_import;
$data = read_xml($file);
$rooms = sql_select("SELECT * FROM `Room`");
$rooms_db = array ();
foreach ($rooms as $room)
$rooms_db[$room['Name']] = $room['RID'];
$events = $data->vcalendar->vevent;
$shifts_pb = array ();
foreach ($events as $event) {
$event_pb = $event->children("http://pentabarf.org");
$event_id = trim($event_pb-> {
'event-id' });
$shifts_pb[$event_id] = array (
'start' => DateTime :: createFromFormat("Ymd\THis", $event->dtstart)->getTimestamp(),
'end' => DateTime :: createFromFormat("Ymd\THis", $event->dtend)->getTimestamp(),
'RID' => $rooms_import[trim($event->location)],
'name' => trim($event->summary),
'URL' => trim($event->url),
'PSID' => $event_id
);
}
$shifts = sql_select("SELECT * FROM `Shifts` WHERE `PSID` IS NOT NULL ORDER BY `start`");
$shifts_db = array ();
foreach ($shifts as $shift)
$shifts_db[$shift['PSID']] = $shift;
$shifts_new = array ();
$shifts_updated = array ();
foreach ($shifts_pb as $shift)
if (!isset ($shifts_db[$shift['PSID']]))
$shifts_new[] = $shift;
else {
$tmp = $shifts_db[$shift['PSID']];
if ($shift['name'] != $tmp['name'] || $shift['start'] != $tmp['start'] || $shift['end'] != $tmp['end'] || $shift['RID'] != $tmp['RID'] || $shift['URL'] != $tmp['URL'])
$shifts_updated[] = $shift;
}
$shifts_deleted = array ();
foreach ($shifts_db as $shift)
if (!isset ($shifts_pb[$shift['PSID']]))
$shifts_deleted[] = $shift;
return array (
$shifts_new,
$shifts_updated,
$shifts_deleted
);
}
function read_xml($file) {
global $xml_import;
if (!isset ($xml_import))
$xml_import = simplexml_load_file($file);
return $xml_import;
global $xml_import;
if (!isset ($xml_import))
$xml_import = simplexml_load_file($file);
return $xml_import;
}
function shifts_printable($shifts) {
global $rooms_import;
$rooms = array_flip($rooms_import);
uasort($shifts, 'shift_sort');
$shifts_printable = array ();
foreach ($shifts as $shift)
$shifts_printable[] = array (
'day' => date("l, Y-m-d", $shift['start']),
'start' => date("H:i", $shift['start']),
'name' => shorten($shift['name']),
'end' => date("H:i", $shift['end']),
'room' => $rooms[$shift['RID']]
);
return $shifts_printable;
global $rooms_import;
$rooms = array_flip($rooms_import);
uasort($shifts, 'shift_sort');
$shifts_printable = array ();
foreach ($shifts as $shift)
$shifts_printable[] = array (
'day' => date("l, Y-m-d", $shift['start']),
'start' => date("H:i", $shift['start']),
'name' => shorten($shift['name']),
'end' => date("H:i", $shift['end']),
'room' => $rooms[$shift['RID']]
);
return $shifts_printable;
}
function shift_sort($a, $b) {
return ($a['start'] < $b['start']) ? -1 : 1;
return ($a['start'] < $b['start']) ? -1 : 1;
}
?>

@ -1,76 +1,20 @@
<?php
function admin_log() {
require_once ("includes/funktion_db_list.php");
$html = "";
$SQL = "SELECT * FROM `ChangeLog` ORDER BY `Time` DESC LIMIT 0,10000";
$Erg = sql_query($SQL);
if (mysql_num_rows($Erg) > 0) {
$html .= "<table border=1>\n";
$html .= "<tr>\n\t<th>Time</th>\n\t<th>User</th>\n\t<th>Commend</th>\n\t<th>SQL Command</th>\n</tr>\n";
for ($n = 0; $n < mysql_num_rows($Erg); $n++) {
$html .= "<tr>\n";
$html .= "\t<td>" . mysql_result($Erg, $n, "Time") . "</td>\n";
$html .= "\t<td>" . UID2Nick(mysql_result($Erg, $n, "UID")) . displayavatar(mysql_result($Erg, $n, "UID")) . "</td>\n";
$html .= "\t<td>" . mysql_result($Erg, $n, "Commend") . "</td>\n";
$html .= "\t<td>" . mysql_result($Erg, $n, "SQLCommad") . "</td>\n";
$html .= "</tr>\n";
}
$html .= "</table>\n";
} else {
$html .= "Log is empty...";
}
$html .= "<hr />";
$html .= "<h1>Web Counter</h1>";
$html .= funktion_db_list("Counter");
/*
$html .= "<h1>Raeume</h1> <br />";
funktion_db_list("Raeume");
$html .= "<h1>Schichtbelegung</h1> <br />";
funktion_db_list("Schichtbelegung");
$html .= "<h1>Schichtplan</h1> <br />Hier findest du alle bisher eingetragenen Schichten:";
funktion_db_list("Schichtplan");
$html .= "<h1>User</h1> <br />";
funktion_db_list("User");
$html .= "<h1>News</h1> <br />";
funktion_db_list("News");
$html .= "<h1>FAQ</h1> <br />";
funktion_db_list("FAQ");
$html .= "Deaktiviert";
*/
$html .= "<hr>\n";
$html .= funktion_db_element_list_2row("Tshirt-Size aller engel", "SELECT `Size`, COUNT(`Size`) FROM `User` GROUP BY `Size`");
$html .= "<br />\n";
$html .= funktion_db_element_list_2row("Tshirt ausgegeben", "SELECT `Size`, COUNT(`Size`) FROM `User` WHERE `Tshirt`='1' GROUP BY `Size`");
$html .= "<br />\n";
$html .= funktion_db_element_list_2row("Tshirt nicht ausgegeben (Gekommen=1)", "SELECT COUNT(`Size`), `Size` FROM `User` WHERE `Gekommen`='1' and `Tshirt`='0' GROUP BY `Size`");
$html .= "<hr>\n";
$html .= funktion_db_element_list_2row("Hometown", "SELECT COUNT(`Hometown`), `Hometown` FROM `User` GROUP BY `Hometown`");
$html .= "<br />\n";
$html .= funktion_db_element_list_2row("Engeltypen", "SELECT COUNT(`Art`), `Art` FROM `User` GROUP BY `Art`");
$html .= "<hr>\n";
$html .= funktion_db_element_list_2row("Gesamte Arbeit", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID)");
$html .= "<br />\n";
$html .= funktion_db_element_list_2row("Geleistete Arbeit", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (ShiftEntry.UID!=0)");
$html .= "<hr>\n";
$html .= funktion_db_element_list_2row("Gesamte Arbeit (Ohne Raum Aufbau (RID=7)", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (Shifts.RID!=7)");
$html .= "<br />\n";
$html .= funktion_db_element_list_2row("Geleistete Arbeit (Ohne Raum Aufbau (RID=7)", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (ShiftEntry.UID!=0) AND (Shifts.RID!=7)");
return $html;
$log_entries_source = LogEntries();
$log_entries = array();
foreach($log_entries_source as $log_entry) {
$log_entry['date'] = date("H:i", $log_entry['timestamp']);
$log_entries[] = $log_entry;
}
return page(array(
msg(),
table(array(
'date' => "Time",
'nick' => "Angel",
'message' => "Log Entry"
), $log_entries)
));
}
?>

@ -1,87 +1,89 @@
<?php
function admin_news() {
global $user;
if (!isset ($_GET["action"])) {
header("Location: " . page_link_to("news"));
} else {
$html = "";
switch ($_GET["action"]) {
case 'edit' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing News ID.", true);
global $user;
$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
if (count($news) > 0) {
list ($news) = $news;
if (!isset ($_GET["action"])) {
header("Location: " . page_link_to("news"));
} else {
$html = "";
switch ($_GET["action"]) {
case 'edit' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing News ID.", true);
$html .= '<a href="' . page_link_to("news") . '">&laquo Back</a>';
$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
if (count($news) > 0) {
list ($news) = $news;
$html .= "<form action=\"" . page_link_to("admin_news") . "&action=save\" method=\"post\">\n";
$html .= '<a href="' . page_link_to("news") . '">&laquo Back</a>';
$html .= "<table>\n";
$html .= " <tr><td>Datum</td><td>" .
date("Y-m-d H:i", $news['Datum']) . "</td></tr>\n";
$html .= " <tr><td>Betreff</td><td><input type=\"text\" size=\"40\" name=\"eBetreff\" value=\"" .
$news["Betreff"] . "\"></td></tr>\n";
$html .= " <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">" .
$news["Text"] . "</textarea></td></tr>\n";
$html .= " <tr><td>Engel</td><td>" .
UID2Nick($news["UID"]) . "</td></tr>\n";
$html .= " <tr><td>Treffen</td><td>" . html_select_key('eTreffen', 'eTreffen', array (
'1' => "Ja",
'0' => "Nein"
), $news['Treffen']) . "</td></tr>\n";
$html .= "</table>";
$html .= "<form action=\"" . page_link_to("admin_news") . "&action=save\" method=\"post\">\n";
$html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n";
$html .= "<input type=\"submit\" name=\"submit\" value=\"Speichern\">\n";
$html .= "</form>";
$html .= "<table>\n";
$html .= " <tr><td>Datum</td><td>" .
date("Y-m-d H:i", $news['Datum']) . "</td></tr>\n";
$html .= " <tr><td>Betreff</td><td><input type=\"text\" size=\"40\" name=\"eBetreff\" value=\"" .
$news["Betreff"] . "\"></td></tr>\n";
$html .= " <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">" .
$news["Text"] . "</textarea></td></tr>\n";
$html .= " <tr><td>Engel</td><td>" .
UID2Nick($news["UID"]) . "</td></tr>\n";
$html .= " <tr><td>Treffen</td><td>" . html_select_key('eTreffen', 'eTreffen', array (
'1' => "Ja",
'0' => "Nein"
), $news['Treffen']) . "</td></tr>\n";
$html .= "</table>";
$html .= "<form action=\"" . page_link_to("admin_news") . "&action=delete\" method=\"POST\">\n";
$html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n";
$html .= "<input type=\"submit\" name=\"submit\" value=\"Löschen\">\n";
$html .= "</form>";
} else
return error("No News found.", true);
break;
$html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n";
$html .= "<input type=\"submit\" name=\"submit\" value=\"Speichern\">\n";
$html .= "</form>";
case 'save' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing News ID.", true);
$html .= "<form action=\"" . page_link_to("admin_news") . "&action=delete\" method=\"POST\">\n";
$html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n";
$html .= "<input type=\"submit\" name=\"submit\" value=\"Löschen\">\n";
$html .= "</form>";
} else
return error("No News found.", true);
break;
$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
if (count($news) > 0) {
list ($news) = $news;
case 'save' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing News ID.", true);
sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) .
"', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1");
header("Location: " . page_link_to("news"));
} else
return error("No News found.", true);
break;
$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
if (count($news) > 0) {
list ($news) = $news;
case 'delete' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing News ID.", true);
sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) .
"', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1");
engelsystem_log("News updated: " . $_POST["eBetreff"]);
header("Location: " . page_link_to("news"));
} else
return error("No News found.", true);
break;
$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
if (count($news) > 0) {
list ($news) = $news;
case 'delete' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing News ID.", true);
sql_query("DELETE FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("news"));
} else
return error("No News found.", true);
break;
}
}
return $html;
$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
if (count($news) > 0) {
list ($news) = $news;
sql_query("DELETE FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
engelsystem_log("News deleted: " . $news['Betreff']);
header("Location: " . page_link_to("news"));
} else
return error("No News found.", true);
break;
}
}
return $html;
}
?>

@ -1,85 +1,87 @@
<?php
function admin_new_questions() {
global $user, $privileges;
global $user, $privileges;
if (in_array("admin_questions", $privileges)) {
$new_messages = sql_num_query("SELECT * FROM `Questions` WHERE `AID`=0");
if (in_array("admin_questions", $privileges)) {
$new_messages = sql_num_query("SELECT * FROM `Questions` WHERE `AID`=0");
if ($new_messages > 0)
return '<p class="info"><a href="' . page_link_to("admin_questions") . '">Es gibt unbeantwortete Fragen!</a></p><hr />';
}
if ($new_messages > 0)
return '<p class="info"><a href="' . page_link_to("admin_questions") . '">Es gibt unbeantwortete Fragen!</a></p><hr />';
}
return "";
return "";
}
function admin_questions() {
global $user;
global $user;
if (!isset ($_REQUEST['action'])) {
$open_questions = "";
$questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0");
foreach ($questions as $question)
$open_questions .= template_render(
'../templates/admin_question_unanswered.html', array (
'question_nick' => UID2Nick($question['UID']),
'question_id' => $question['QID'],
'link' => page_link_to("admin_questions"),
'question' => str_replace("\n", '<br />', $question['Question'])
));
if (!isset ($_REQUEST['action'])) {
$open_questions = "";
$questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0");
foreach ($questions as $question)
$open_questions .= template_render(
'../templates/admin_question_unanswered.html', array (
'question_nick' => UID2Nick($question['UID']),
'question_id' => $question['QID'],
'link' => page_link_to("admin_questions"),
'question' => str_replace("\n", '<br />', $question['Question'])
));
$answered_questions = "";
$questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0");
$answered_questions = "";
$questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0");
foreach ($questions as $question)
$answered_questions .= template_render(
'../templates/admin_question_answered.html', array (
'question_id' => $question['QID'],
'question_nick' => UID2Nick($question['UID']),
'question' => str_replace("\n", "<br />", $question['Question']),
'answer_nick' => UID2Nick($question['AID']),
'answer' => str_replace("\n", "<br />", $question['Answer']),
'link' => page_link_to("admin_questions"),
));
foreach ($questions as $question)
$answered_questions .= template_render(
'../templates/admin_question_answered.html', array (
'question_id' => $question['QID'],
'question_nick' => UID2Nick($question['UID']),
'question' => str_replace("\n", "<br />", $question['Question']),
'answer_nick' => UID2Nick($question['AID']),
'answer' => str_replace("\n", "<br />", $question['Answer']),
'link' => page_link_to("admin_questions"),
));
return template_render('../templates/admin_questions.html', array (
'link' => page_link_to("admin_questions"),
'open_questions' => $open_questions,
'answered_questions' => $answered_questions
));
} else {
switch ($_REQUEST['action']) {
case 'answer' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing Question ID.", true);
return template_render('../templates/admin_questions.html', array (
'link' => page_link_to("admin_questions"),
'open_questions' => $open_questions,
'answered_questions' => $answered_questions
));
} else {
switch ($_REQUEST['action']) {
case 'answer' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing Question ID.", true);
$question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
if (count($question) > 0 && $question[0]['AID'] == "0") {
$answer = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer'])));
$question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
if (count($question) > 0 && $question[0]['AID'] == "0") {
$answer = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer'])));
if ($answer != "") {
sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("admin_questions"));
} else
return error("Gib eine Antwort ein!", true);
} else
return error("No question found.", true);
break;
case 'delete' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing Question ID.", true);
if ($answer != "") {
sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
engelsystem_log("Question " . $question[0]['Question'] . " answered: " . $answer);
header("Location: " . page_link_to("admin_questions"));
} else
return error("Gib eine Antwort ein!", true);
} else
return error("No question found.", true);
break;
case 'delete' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing Question ID.", true);
$question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
if (count($question) > 0) {
sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("admin_questions"));
} else
return error("No question found.", true);
break;
}
}
$question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
if (count($question) > 0) {
sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
engelsystem_log("Question deleted: " . $question[0]['Question']);
header("Location: " . page_link_to("admin_questions"));
} else
return error("No question found.", true);
break;
}
}
}
?>

@ -77,17 +77,26 @@ function admin_rooms() {
}
if ($ok) {
if(isset($id))
if(isset($id)) {
sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`=" . sql_escape($id) . " LIMIT 1");
else {
engelsystem_log("Room updated: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number);
} else {
sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "'");
$id = sql_id();
engelsystem_log("Room created: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number);
}
sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($id));
foreach ($angeltypes_count as $angeltype_id => $angeltype_count)
sql_query("INSERT INTO `NeededAngelTypes` SET `room_id`=" . sql_escape($id) . ", `angel_type_id`=" . sql_escape($angeltype_id) . ", `count`=" . sql_escape($angeltype_count));
$needed_angeltype_info = array();
foreach ($angeltypes_count as $angeltype_id => $angeltype_count) {
$angeltype_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($angeltype_id) . " LIMIT 1");
if(count($angeltype_source) > 0) {
sql_query("INSERT INTO `NeededAngelTypes` SET `room_id`=" . sql_escape($id) . ", `angel_type_id`=" . sql_escape($angeltype_id) . ", `count`=" . sql_escape($angeltype_count));
$needed_angeltype_info[] = $angeltypes_source[0]['name'] . ": " . $angeltype_count;
}
}
engelsystem_log("Set needed angeltypes of room " . $name . " to: " . join(", ", $needed_angeltype_info));
success("Room saved.");
redirect(page_link_to("admin_rooms"));
}
@ -116,6 +125,8 @@ function admin_rooms() {
if (isset ($_REQUEST['ack'])) {
sql_query("DELETE FROM `Room` WHERE `RID`=" . sql_escape($id) . " LIMIT 1");
sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($id) . " LIMIT 1");
engelsystem_log("Room deleted: " . $name);
success(sprintf("Room %s deleted.", $name));
redirect(page_link_to('admin_rooms'));
}

@ -233,11 +233,18 @@ function admin_shifts() {
foreach ($_SESSION['admin_shifts_shifts'] as $shift) {
sql_query("INSERT INTO `Shifts` SET `start`=" . sql_escape($shift['start']) . ", `end`=" . sql_escape($shift['end']) . ", `RID`=" . sql_escape($shift['RID']) . ", `name`='" . sql_escape($shift['name']) . "'");
$shift_id = sql_id();
engelsystem_log("Shift created: " . $shift['name'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end']));
$needed_angel_types_info = array();
foreach ($_SESSION['admin_shifts_types'] as $type_id => $count) {
sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count));
$angel_type_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($type_id) . " LIMIT 1");
if(count($angel_type_source) > 0) {
sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count));
$needed_angel_types_info[] = $angel_type_source[0]['name'] . ": " . $count;
}
}
}
engelsystem_log("Shift needs following angel types: " . join(", ", $needed_angel_types_info));
$msg = success("Schichten angelegt.", true);
} else {
unset ($_SESSION['admin_shifts_shifts']);

@ -92,46 +92,55 @@ function admin_user() {
// UserAngelType subform
list ($user_source) = sql_select($SQL);
$selected_angel_types_source = sql_select("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']));
$selected_angel_types = array ();
foreach ($selected_angel_types_source as $selected_angel_type)
$selected_angel_types[] = $selected_angel_type['angeltype_id'];
$selected_angel_types = sql_select_single_col("SELECT `angeltype_id` FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']));
$accepted_angel_types = sql_select_single_col("SELECT `angeltype_id` FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']) . " AND `confirm_user_id` IS NOT NULL");
$nonrestricted_angel_types = sql_select_single_col("SELECT `id` FROM `AngelTypes` WHERE `restricted` = 0");
$angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`");
$angel_types = array ();
$angel_types_source = sql_select("SELECT `id`, `name` FROM `AngelTypes` ORDER BY `name`");
$angel_types = array();
foreach ($angel_types_source as $angel_type)
$angel_types[$angel_type['id']] = $angel_type['name'] . ($angel_type['restricted'] ? " (restricted)" : "");
$angel_types[$angel_type['id']] = $angel_type['name'];
if (isset ($_REQUEST['submit_user_angeltypes'])) {
$selected_angel_types = array ();
foreach ($angel_types as $angel_type_id => $angel_type_name) {
if (isset ($_REQUEST['angel_types_' . $angel_type_id]))
$selected_angel_types[] = $angel_type_id;
}
$selected_angel_types = array_intersect($_REQUEST['selected_angel_types'], array_keys($angel_types));
$accepted_angel_types = array_unique(array_diff(array_intersect($_REQUEST['accepted_angel_types'], array_keys($angel_types)), $nonrestricted_angel_types));
if (in_array("admin_user_angeltypes", $privileges))
$selected_angel_types = array_merge((array) $selected_angel_types, $accepted_angel_types);
$selected_angel_types = array_unique($selected_angel_types);
// Assign angel-types
foreach ($angel_types_source as $angel_type) {
if (!in_array($angel_type['id'], $selected_angel_types))
sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']) . " AND `angeltype_id`=" . sql_escape($angel_type['id']) . " LIMIT 1");
}
foreach ($selected_angel_types as $selected_angel_type_id) {
if (sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']) . " AND `angeltype_id`=" . sql_escape($selected_angel_type_id) . " LIMIT 1") == 0) {
if (in_array("admin_user_angeltypes", $privileges)) {
sql_query("INSERT INTO `UserAngelTypes` SET `confirm_user_id`=" . sql_escape($user['UID']) . ", `user_id`=" . sql_escape($user_source['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id));
} else {
sql_query("INSERT INTO `UserAngelTypes` SET `user_id`=" . sql_escape($user_source['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id));
}
sql_start_transaction();
sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']));
$user_angel_type_info = array();
if (!empty($selected_angel_types)) {
$SQL = "INSERT INTO `UserAngelTypes` (`user_id`, `angeltype_id`) VALUES ";
foreach ($selected_angel_types as $selected_angel_type_id) {
$SQL .= "(" . $user_source['UID'] . ", " . $selected_angel_type_id . "),";
$user_angel_type_info[] = $angel_types[$selected_angel_type_id] . (in_array($selected_angel_type_id, $accepted_angel_types) ? ' (confirmed)' : '');
}
// remove superfluous comma
$SQL = substr($SQL, 0, -1);
sql_query($SQL);
}
if (in_array("admin_user_angeltypes", $privileges)) {
sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id` = NULL WHERE `user_id` = " . sql_escape($user_source['UID']));
if (!empty($accepted_angel_types))
sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id` = '" . sql_escape($user['UID']) . "' WHERE `user_id` = '" . sql_escape($user_source['UID']) . "' AND `angeltype_id` IN (" . implode(',', $accepted_angel_types) . ")");
}
sql_stop_transaction();
engelsystem_log("Set angeltypes of " . $user_source['Nick'] . " to: " . join(", ", $user_angel_type_info));
success("Angeltypes saved.");
redirect(page_link_to('admin_user') . '&id=' . $user_source['UID']);
}
$html .= form(array (
msg(),
form_checkboxes('angel_types', "Angeltypes", $angel_types, $selected_angel_types),
form_multi_checkboxes(array('selected_angel_types' => 'gewünscht', 'accepted_angel_types' => 'akzeptiert'),
"Angeltypes",
$angel_types,
array('selected_angel_types' => $selected_angel_types, 'accepted_angel_types' => array_merge($accepted_angel_types, $nonrestricted_angel_types)),
array('accepted_angel_types' => $nonrestricted_angel_types)),
form_submit('submit_user_angeltypes', Get_Text("Save"))
));
@ -188,19 +197,26 @@ function admin_user() {
$his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($id) . " ORDER BY `group_id`");
if (count($my_highest_group) > 0 && (count($his_highest_group) == 0 || ($my_highest_group[0]['group_id'] <= $his_highest_group[0]['group_id']))) {
$groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group[0]['group_id']) . " ORDER BY `Groups`.`Name`");
$groups_source = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group[0]['group_id']) . " ORDER BY `Groups`.`Name`");
$groups = array();
$grouplist = array ();
foreach ($groups as $group)
foreach ($groups_source as $group) {
$groups[$group['UID']] = $group;
$grouplist[] = $group['UID'];
}
if (!is_array($_REQUEST['groups']))
$_REQUEST['groups'] = array ();
sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id));
foreach ($_REQUEST['groups'] as $group)
if (in_array($group, $grouplist))
sql_query("INSERT INTO `UserGroups` SET `uid`=" .
sql_escape($id) . ", `group_id`=" . sql_escape($group));
$user_groups_info = array();
foreach ($_REQUEST['groups'] as $group) {
if (in_array($group, $grouplist)) {
sql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape($id) . ", `group_id`=" . sql_escape($group));
$user_groups_info[] = $groups[$group]['Name'];
}
}
engelsystem_log("Set groups of " . $user_source['Nick'] . " to: " . join(", ", $user_groups_info));
$html .= success("Benutzergruppen gespeichert.", true);
} else {
$html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten.", true);
@ -212,9 +228,11 @@ function admin_user() {
case 'delete' :
if ($user['UID'] != $id) {
$nickname = sql_select("SELECT `Nick` FROM `User` WHERE `UID` = '" . sql_escape($id) . "' LIMIT 1");
sql_query("DELETE FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id));
sql_query("UPDATE `ShiftEntry` SET `UID`=0, `Comment`=NULL WHERE `UID`=" . sql_escape($id));
engelsystem_log("Deleted user " . $nickname[0]['Nick']);
$html .= success("Benutzer gelöscht!", true);
} else {
$html .= error("Du kannst Dich nicht selber löschen!", true);
@ -240,12 +258,14 @@ function admin_user() {
"WHERE `UID` = '" . sql_escape($id) .
"' LIMIT 1;";
sql_query($SQL);
engelsystem_log("Updated user: " . $_POST["eNick"] . ", " . $_POST["eSize"] . ", arrived: " . $_POST["eGekommen"] . ", active: " . $_POST["eAktiv"] . ", tshirt: " . $_POST["eTshirt"]);
$html .= success("Änderung wurde gespeichert...\n", true);
break;
case 'change_pw' :
if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) {
set_password($id, $_REQUEST['new_pw']);
engelsystem_log("Set new password for " . $user_source['Nick']);
$html .= success("Passwort neu gesetzt.", true);
} else {
$html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!", true);

@ -8,16 +8,24 @@ function admin_user_angeltypes() {
global $privileges;
if (isset ($_REQUEST['confirm']) && test_request_int('confirm') && sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " AND `confirm_user_id` IS NULL") > 0) {
sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id`=" . sql_escape($_SESSION['uid']) . " WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " LIMIT 1");
success("Confirmed.");
$user_angel_type_source = sql_select("SELECT `UserAngelTypes`.*, `User`.`Nick`, `AngelTypes`.`name` FROM `UserAngelTypes` JOIN `User` ON `User`.`UID`=`UserAngelTypes`.`user_id` JOIN `AngelTypes` ON `AngelTypes`.`id`=`UserAngelTypes`.`angeltype_id` WHERE `UserAngelTypes`.`id`=" . sql_escape($_REQUEST['confirm']) . " LIMIT 1");
if(count($user_angel_type_source) > 0) {
sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id`=" . sql_escape($_SESSION['uid']) . " WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " LIMIT 1");
engelsystem_log("Confirmed " . $user_angel_type_source[0]['Nick'] . " as " . $user_angel_type_source[0]['name']);
success("Confirmed.");
}
else error("Entry not found.");
redirect(page_link_to('admin_user_angeltypes'));
}
if (isset ($_REQUEST['discard']) && test_request_int('discard') && sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " AND `confirm_user_id` IS NULL") > 0) {
sql_query("DELETE FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " LIMIT 1");
success("Discarded.");
$user_angel_type_source = sql_select("SELECT `UserAngelTypes`.*, `User`.`Nick`, `AngelTypes`.`name` FROM `UserAngelTypes` JOIN `User` ON `User`.`UID`=`UserAngelTypes`.`user_id` JOIN `AngelTypes` ON `AngelTypes`.`id`=`UserAngelTypes`.`angeltype_id` WHERE `UserAngelTypes`.`id`=" . sql_escape($_REQUEST['discard']) . " LIMIT 1");
if(count($user_angel_type_source) > 0) {
sql_query("DELETE FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " LIMIT 1");
engelsystem_log("Discarded " . $user_angel_type_source[0]['Nick'] . " as " . $user_angel_type_source[0]['name']);
success("Discarded.");
}
else error("Entry not found.");
redirect(page_link_to('admin_user_angeltypes'));
}

@ -116,9 +116,12 @@ function guest_register() {
set_password($user_id, $_REQUEST['password']);
// Assign angel-types
foreach ($selected_angel_types as $selected_angel_type_id)
$user_angel_types_info = array();
foreach ($selected_angel_types as $selected_angel_type_id) {
sql_query("INSERT INTO `UserAngelTypes` SET `user_id`=" . sql_escape($user_id) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id));
$user_angel_types_info[] = $angel_types[$selected_angel_type_id]['name'];
}
engelsystem_log("User " . $nick . " signed up as: " . join(", ", $user_angel_types_info));
success(Get_Text("makeuser_writeOK4"));
//if (!isset ($_SESSION['uid']))
redirect(page_link_to('login'));

@ -0,0 +1,39 @@
<?php
// publically available page to feed the news to feedreaders
function user_atom() {
global $ical_shifts, $user, $DISPLAY_NEWS;
if (isset ($_REQUEST['key']) && preg_match("/^[0-9a-f]{32}$/", $_REQUEST['key']))
$key = $_REQUEST['key'];
else
die("Missing key.");
$user = sql_select("SELECT * FROM `User` WHERE `ical_key`='" . sql_escape($key) . "' LIMIT 1");
if (count($user) == 0)
die("Key invalid.");
$user = $user[0];
$news = sql_select("SELECT * FROM `News` " . (empty($_REQUEST['meetings'])? '' : 'WHERE `Treffen` = 1 ') . "ORDER BY `ID` DESC LIMIT " . sql_escape($DISPLAY_NEWS));
header('Content-Type: application/atom+xml; charset=utf-8');
$html = '<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">
<title>Engelsystem</title>
<id>' . $_SERVER['HTTP_HOST'] . htmlspecialchars(preg_replace('#[&?]key=[a-f0-9]{32}#', '', $_SERVER['REQUEST_URI'])) . '</id>
<updated>' . date('Y-m-d\TH:i:sP', $news[0]['Datum']) . "</updated>\n";
foreach ($news as $news_entry) {
$html .= " <entry>
<title>" . htmlspecialchars($news_entry['Betreff']) . "</title>
<link href=\"" . page_link_to_absolute("news_comments&amp;nid=") . "${news_entry['ID']}\"/>
<id>" . preg_replace('#^https?://#', '', page_link_to_absolute("news")) . "-${news_entry['ID']}</id>
<updated>" . date('Y-m-d\TH:i:sP', $news_entry['Datum']) . "</updated>
<summary type=\"html\">" . htmlspecialchars($news_entry['Text']) . "</summary>
</entry>\n";
}
$html .= "</feed>";
header("Content-Length: " . strlen($html));
echo $html;
die();
}
?>

@ -3,100 +3,98 @@
// Zeigt die Schichten an, die ein Benutzer belegt
function user_myshifts() {
global $LETZTES_AUSTRAGEN;
global $user, $privileges;
$msg = "";
global $LETZTES_AUSTRAGEN;
global $user, $privileges;
$msg = "";
if (isset ($_REQUEST['id']) && in_array("user_shifts_admin", $privileges) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_REQUEST['id'])) > 0) {
$id = $_REQUEST['id'];
} else {
$id = $user['UID'];
}
if (isset ($_REQUEST['id']) && in_array("user_shifts_admin", $privileges) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_REQUEST['id'])) > 0) {
$id = $_REQUEST['id'];
} else {
$id = $user['UID'];
}
list ($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
list ($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
if ($id != $user['UID'])
$msg .= info(sprintf("You are viewing %s's shifts.", $shifts_user['Nick']), true);
if ($id != $user['UID'])
$msg .= info(sprintf("You are viewing %s's shifts.", $shifts_user['Nick']), true);
if (isset ($_REQUEST['reset'])) {
if ($_REQUEST['reset'] == "ack") {
user_reset_ical_key($user);
success("Key geändert.");
redirect(page_link_to('user_myshifts'));
}
return template_render('../templates/user_myshifts_reset.html', array ());
}
elseif (isset ($_REQUEST['edit']) && preg_match("/^[0-9]*$/", $_REQUEST['edit'])) {
$id = $_REQUEST['edit'];
$shift = sql_select("SELECT `ShiftEntry`.`Comment`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`name` as `angel_type` FROM `ShiftEntry` JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`) JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `ShiftEntry`.`id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1");
if (count($shift) > 0) {
$shift = $shift[0];
if (isset ($_REQUEST['reset'])) {
if ($_REQUEST['reset'] == "ack") {
user_reset_ical_key($user);
success("Key geändert.");
redirect(page_link_to('user_myshifts'));
}
return template_render('../templates/user_myshifts_reset.html', array ());
}
elseif (isset ($_REQUEST['edit']) && preg_match("/^[0-9]*$/", $_REQUEST['edit'])) {
$id = $_REQUEST['edit'];
$shift = sql_select("SELECT `ShiftEntry`.`Comment`, `ShiftEntry`.`UID`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`name` as `angel_type` FROM `ShiftEntry` JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`) JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `ShiftEntry`.`id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1");
if (count($shift) > 0) {
$shift = $shift[0];
if (isset ($_REQUEST['submit'])) {
$comment = strip_request_item_nl('comment');
sql_query("UPDATE `ShiftEntry` SET `Comment`='" . sql_escape($comment) . "' WHERE `id`=" . sql_escape($id) . " LIMIT 1");
if (isset ($_REQUEST['submit'])) {
$comment = strip_request_item_nl('comment');
$user_source = User($shift['UID']);
sql_query("UPDATE `ShiftEntry` SET `Comment`='" . sql_escape($comment) . "' WHERE `id`=" . sql_escape($id) . " LIMIT 1");
engelsystem_log("Updated " . $user_source['Nick'] . "'s shift " . $shift['name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end']) . " with comment " . $comment);
success("Schicht gespeichert.");
redirect(page_link_to('user_myshifts'));
}
success("Schicht gespeichert.");
redirect(page_link_to('user_myshifts'));
}
return template_render('../templates/user_shifts_add.html', array (
'angel' => $shifts_user['Nick'],
'date' => date("Y-m-d H:i", $shift['start']) . ', ' . shift_length($shift),
'location' => $shift['Name'],
'title' => $shift['name'],
'type' => $shift['angel_type'],
'comment' => $shift['Comment']
));
} else
redirect(page_link_to('user_myshifts'));
}
elseif (isset ($_REQUEST['cancel']) && preg_match("/^[0-9]*$/", $_REQUEST['cancel'])) {
$id = $_REQUEST['cancel'];
$shift = sql_select("SELECT * FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1");
if (count($shift) > 0) {
$shift = $shift[0];
if (($shift['start'] - time() < $LETZTES_AUSTRAGEN * 3600) || in_array('user_shifts_admin', $privileges)) {
sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
$msg .= success(Get_Text("pub_myshifts_signed_off"), true);
} else
$msg .= error(Get_Text("pub_myshifts_too_late"), true);
} else
redirect(page_link_to('user_myshifts'));
}
$shifts = sql_select("SELECT * FROM `ShiftEntry` JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `UID`=" . sql_escape($shifts_user['UID']) . " ORDER BY `start`");
return template_render('../templates/user_shifts_add.html', array (
'angel' => $shifts_user['Nick'],
'date' => date("Y-m-d H:i", $shift['start']) . ', ' . shift_length($shift),
'location' => $shift['Name'],
'title' => $shift['name'],
'type' => $shift['angel_type'],
'comment' => $shift['Comment']
));
} else
redirect(page_link_to('user_myshifts'));
}
elseif (isset ($_REQUEST['cancel']) && preg_match("/^[0-9]*$/", $_REQUEST['cancel'])) {
$id = $_REQUEST['cancel'];
$shift = sql_select("SELECT * FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1");
if (count($shift) > 0) {
$shift = $shift[0];
if (($shift['start'] - time() < $LETZTES_AUSTRAGEN * 3600) || in_array('user_shifts_admin', $privileges)) {
sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
$msg .= success(Get_Text("pub_myshifts_signed_off"), true);
} else
$msg .= error(Get_Text("pub_myshifts_too_late"), true);
} else
redirect(page_link_to('user_myshifts'));
}
$shifts = sql_select("SELECT * FROM `ShiftEntry` JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `UID`=" . sql_escape($shifts_user['UID']) . " ORDER BY `start`");
$html = "";
foreach ($shifts as $shift) {
if (time() > $shift['end'])
$html .= '<tr class="done">';
else
$html .= '<tr>';
$html .= '<td>' . date("Y-m-d", $shift['start']) . '</td>';
$html .= '<td>' . date("H:i", $shift['start']) . ' - ' . date("H:i", $shift['end']) . '</td>';
$html .= '<td>' . $shift['Name'] . '</td>';
$html .= '<td>' . $shift['name'] . '</td>';
$html .= '<td>' . $shift['Comment'] . '</td>';
$html .= '<td>';
$html .= '<a href="' . page_link_to('user_myshifts') . '&edit=' . $shift['id'] . '">' . Get_Text('edit') . '</a>';
if ($shift['start'] - time() > $LETZTES_AUSTRAGEN * 3600)
$html .= ' | <a href="' . page_link_to('user_myshifts') . '&cancel=' . $shift['id'] . '">' . Get_Text('sign_off') . '</a>';
$html .= '</td>';
$html .= '</tr>';
}
if ($html == "")
$html = '<tr><td>' . ucfirst(Get_Text('none')) . '...</td><td></td><td></td><td></td><td></td><td>' . sprintf(Get_Text('pub_myshifts_goto_shifts'), page_link_to('user_shifts')) . '</td></tr>';
$html = "";
foreach ($shifts as $shift) {
if (time() > $shift['end'])
$html .= '<tr class="done">';
else
$html .= '<tr>';
$html .= '<td>' . date("Y-m-d", $shift['start']) . '</td>';
$html .= '<td>' . date("H:i", $shift['start']) . ' - ' . date("H:i", $shift['end']) . '</td>';
$html .= '<td>' . $shift['Name'] . '</td>';
$html .= '<td>' . $shift['name'] . '</td>';
$html .= '<td>' . $shift['Comment'] . '</td>';
$html .= '<td>';
$html .= '<a href="' . page_link_to('user_myshifts') . '&edit=' . $shift['id'] . '">' . Get_Text('edit') . '</a>';
if ($shift['start'] - time() > $LETZTES_AUSTRAGEN * 3600)
$html .= ' | <a href="' . page_link_to('user_myshifts') . '&cancel=' . $shift['id'] . '">' . Get_Text('sign_off') . '</a>';
$html .= '</td>';
$html .= '</tr>';
}
if ($html == "")
$html = '<tr><td>' . ucfirst(Get_Text('none')) . '...</td><td></td><td></td><td></td><td></td><td>' . sprintf(Get_Text('pub_myshifts_goto_shifts'), page_link_to('user_shifts')) . '</td></tr>';
if ($shifts_user['ical_key'] == "")
user_reset_ical_key($shifts_user);
return msg().template_render('../templates/user_myshifts.html', array (
'intro' => sprintf(Get_Text('pub_myshifts_intro'), $LETZTES_AUSTRAGEN),
'shifts' => $html,
'msg' => $msg,
'ical_text' => sprintf(Get_Text('inc_schicht_ical_text'),
page_link_to_absolute('ical') . '&key=' . $shifts_user['ical_key'],
page_link_to('user_myshifts') . '&reset'),
));
return msg().template_render('../templates/user_myshifts.html', array (
'intro' => sprintf(Get_Text('pub_myshifts_intro'), $LETZTES_AUSTRAGEN),
'shifts' => $html,
'msg' => $msg,
'ical_text' => sprintf(Get_Text('inc_schicht_ical_text'),
page_link_to_absolute('ical') . '&key=' . $shifts_user['ical_key'],
page_link_to('user_myshifts') . '&reset'),
));
}
?>

@ -58,6 +58,7 @@ function user_news_comments() {
if (isset ($_REQUEST["text"])) {
$text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
sql_query("INSERT INTO `news_comments` (`Refid`, `Datum`, `Text`, `UID`) VALUES ('" . sql_escape($nid) . "', '" . date("Y-m-d H:i:s") . "', '" . sql_escape($text) . "', '" . sql_escape($user["UID"]) . "')");
engelsystem_log("Created news_comment: " . $text);
$html .= success("Eintrag wurde gespeichert", true);
}
@ -114,6 +115,7 @@ function user_news() {
sql_query("INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) " .
"VALUES ('" . sql_escape(time()) . "', '" . sql_escape($_POST["betreff"]) . "', '" . sql_escape($_POST["text"]) . "', '" . sql_escape($user['UID']) .
"', '" . sql_escape($_POST["treffen"]) . "');");
engelsystem_log("Created news: " . $_POST["betreff"] . ", treffen: " . $_POST["treffen"]);
$html .= success(Get_Text(4), true);
}

@ -1,201 +1,207 @@
<?php
function user_settings() {
global $enable_tshirt_size, $tshirt_sizes, $themes, $languages;
global $user;
$msg = "";
$nick = $user['Nick'];
$lastname = $user['Name'];
$prename = $user['Vorname'];
$age = $user['Alter'];
$tel = $user['Telefon'];
$dect = $user['DECT'];
$mobile = $user['Handy'];
$mail = $user['email'];
$icq = $user['ICQ'];
$jabber = $user['jabber'];
$hometown = $user['Hometown'];
$tshirt_size = $user['Size'];
$password_hash = "";
$selected_theme = $user['color'];
$selected_language = $user['Sprache'];
$selected_angel_types_source = sql_select("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID']));
$selected_angel_types = array ();
foreach ($selected_angel_types_source as $selected_angel_type)
$selected_angel_types[] = $selected_angel_type['angeltype_id'];
$angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`");
$angel_types = array ();
foreach ($angel_types_source as $angel_type)
$angel_types[$angel_type['id']] = $angel_type['name'] . ($angel_type['restricted'] ? " (restricted)" : "");
if (isset ($_REQUEST['submit'])) {
$ok = true;
if (isset ($_REQUEST['nick']) && strlen(strip_request_item('nick')) > 1) {
$nick = strip_request_item('nick');
if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) {
$ok = false;
$msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick3"), $nick), true);
}
} else {
$ok = false;
$msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick2"), strip_request_item('nick')), true);
}
if (isset ($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) {
$mail = strip_request_item('mail');
if (!check_email($mail)) {
$ok = false;
$msg .= error(Get_Text("makeuser_error_mail"), true);
}
} else {
$ok = false;
$msg .= error("Please enter your e-mail.", true);
}
if (isset ($_REQUEST['icq']))
$icq = strip_request_item('icq');
if (isset ($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) {
$jabber = strip_request_item('jabber');
if (!check_email($jabber)) {
$ok = false;
$msg .= error("Please check your jabber.", true);
}
}
if (isset ($_REQUEST['tshirt_size']) && isset ($tshirt_sizes[$_REQUEST['tshirt_size']]))
$tshirt_size = $_REQUEST['tshirt_size'];
else {
$ok = false;
}
$selected_angel_types = array ();
foreach ($angel_types as $angel_type_id => $angel_type_name)
if (isset ($_REQUEST['angel_types_' . $angel_type_id]))
$selected_angel_types[] = $angel_type_id;
// Trivia
if (isset ($_REQUEST['lastname']))
$lastname = strip_request_item('lastname');
if (isset ($_REQUEST['prename']))
$prename = strip_request_item('prename');
if (isset ($_REQUEST['age']) && preg_match("/^[0-9]{0,4}$/", $_REQUEST['age']))
$age = strip_request_item('age');
if (isset ($_REQUEST['tel']))
$tel = strip_request_item('tel');
if (isset ($_REQUEST['dect']))
$dect = strip_request_item('dect');
if (isset ($_REQUEST['mobile']))
$mobile = strip_request_item('mobile');
if (isset ($_REQUEST['hometown']))
$hometown = strip_request_item('hometown');
if ($ok) {
sql_query("UPDATE `User` SET `Nick`='" . sql_escape($nick) . "', `Vorname`='" . sql_escape($prename) . "', `Name`='" . sql_escape($lastname) .
"', `Alter`='" . sql_escape($age) . "', `Telefon`='" . sql_escape($tel) . "', `DECT`='" . sql_escape($dect) . "', `Handy`='" . sql_escape($mobile) .
"', `email`='" . sql_escape($mail) . "', `ICQ`='" . sql_escape($icq) . "', `jabber`='" . sql_escape($jabber) . "', `Size`='" . sql_escape($tshirt_size) .
"', `Hometown`='" . sql_escape($hometown) . "' WHERE `UID`=" . sql_escape($user['UID']));
// Assign angel-types
foreach ($angel_types_source as $angel_type)
if (!in_array($angel_type['id'], $selected_angel_types))
sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID']) . " AND `angeltype_id`=" . sql_escape($angel_type['id']) . " LIMIT 1");
foreach ($selected_angel_types as $selected_angel_type_id)
if (sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID']) . " AND `angeltype_id`=" . sql_escape($selected_angel_type_id) . " LIMIT 1") == 0)
sql_query("INSERT INTO `UserAngelTypes` SET `user_id`=" . sql_escape($user['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id));
success("Settings saved.");
redirect(page_link_to('user_settings'));
}
}
elseif (isset ($_REQUEST['submit_password'])) {
$ok = true;
if (!isset ($_REQUEST['password']) || !verify_password($_REQUEST['password'], $user['Passwort'], $user['UID']))
$msg .= error(Get_Text(30), true);
elseif (strlen($_REQUEST['new_password']) < MIN_PASSWORD_LENGTH)
$msg .= error(Get_Text("makeuser_error_password2"));
elseif ($_REQUEST['new_password'] != $_REQUEST['new_password2'])
$msg .= error(Get_Text("makeuser_error_password1"), true);
elseif(set_password($user['UID'], $_REQUEST['new_password']))
success("Password saved.");
else
error("Failed setting password.");
redirect(page_link_to('user_settings'));
}
elseif (isset ($_REQUEST['submit_theme'])) {
$ok = true;
if (isset ($_REQUEST['theme']) && isset ($themes[$_REQUEST['theme']]))
$selected_theme = $_REQUEST['theme'];
else
$ok = false;
if ($ok) {
sql_query("UPDATE `User` SET `color`='" . sql_escape($selected_theme) . "' WHERE `UID`=" . sql_escape($user['UID']));
success("Theme changed.");
redirect(page_link_to('user_settings'));
}
}
elseif (isset ($_REQUEST['submit_language'])) {
$ok = true;
if (isset ($_REQUEST['language']) && isset ($languages[$_REQUEST['language']]))
$selected_language = $_REQUEST['language'];
else
$ok = false;
if ($ok) {
sql_query("UPDATE `User` SET `Sprache`='" . sql_escape($selected_language) . "' WHERE `UID`=" . sql_escape($user['UID']));
$_SESSION['Sprache'] = $selected_language;
success("Language changed.");
redirect(page_link_to('user_settings'));
}
}
return page(array (
sprintf(Get_Text("Hallo") . "%s,<br />" . Get_Text(13), $user['Nick']),
$msg,
msg(),
form(array (
form_info("", Get_Text("pub_einstellungen_Text_UserData")),
form_text('nick', Get_Text("makeuser_Nickname") . "*", $nick),
form_text('lastname', Get_Text("makeuser_Nachname"), $lastname),
form_text('prename', Get_Text("makeuser_Vorname"), $prename),
form_text('age', Get_Text("makeuser_Alter"), $age),
form_text('tel', Get_Text("makeuser_Telefon"), $tel),
form_text('dect', Get_Text("makeuser_DECT"), $dect),
form_text('mobile', Get_Text("makeuser_Handy"), $mobile),
form_text('mail', Get_Text("makeuser_E-Mail") . "*", $mail),
form_text('icq', "ICQ", $icq),
form_text('jabber', "Jabber", $jabber),
form_text('hometown', Get_Text("makeuser_Hometown"), $hometown),
$enable_tshirt_size ? form_select('tshirt_size', Get_Text("makeuser_T-Shirt"), $tshirt_sizes, $tshirt_size) : '',
form_checkboxes('angel_types', "What do you want to do?", $angel_types, $selected_angel_types),
form_submit('submit', Get_Text("save"))
)),
form(array (
form_info("", Get_Text(14)),
form_password('password', Get_Text(15)),
form_password('new_password', Get_Text(16)),
form_password('new_password2', Get_Text(17)),
form_submit('submit_password', Get_Text("save"))
)),
form(array (
form_info("", Get_Text(18)),
form_select('theme', Get_Text(19), $themes, $selected_theme),
form_submit('submit_theme', Get_Text("save"))
)),
form(array (
form_info("", Get_Text(20)),
form_select('language', Get_Text(21), $languages, $selected_language),
form_submit('submit_language', Get_Text("save"))
))
));
global $enable_tshirt_size, $tshirt_sizes, $themes, $languages;
global $user;
$msg = "";
$nick = $user['Nick'];
$lastname = $user['Name'];
$prename = $user['Vorname'];
$age = $user['Alter'];
$tel = $user['Telefon'];
$dect = $user['DECT'];
$mobile = $user['Handy'];
$mail = $user['email'];
$icq = $user['ICQ'];
$jabber = $user['jabber'];
$hometown = $user['Hometown'];
$tshirt_size = $user['Size'];
$password_hash = "";
$selected_theme = $user['color'];
$selected_language = $user['Sprache'];
$selected_angel_types_source = sql_select("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID']));
$selected_angel_types = array ();
foreach ($selected_angel_types_source as $selected_angel_type)
$selected_angel_types[] = $selected_angel_type['angeltype_id'];
$angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`");
$angel_types = array ();
foreach ($angel_types_source as $angel_type)
$angel_types[$angel_type['id']] = $angel_type['name'] . ($angel_type['restricted'] ? " (restricted)" : "");
if (isset ($_REQUEST['submit'])) {
$ok = true;
if (isset ($_REQUEST['nick']) && strlen(strip_request_item('nick')) > 1) {
$nick = strip_request_item('nick');
if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) {
$ok = false;
$msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick3"), $nick), true);
}
} else {
$ok = false;
$msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick2"), strip_request_item('nick')), true);
}
if (isset ($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) {
$mail = strip_request_item('mail');
if (!check_email($mail)) {
$ok = false;
$msg .= error(Get_Text("makeuser_error_mail"), true);
}
} else {
$ok = false;
$msg .= error("Please enter your e-mail.", true);
}
if (isset ($_REQUEST['icq']))
$icq = strip_request_item('icq');
if (isset ($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) {
$jabber = strip_request_item('jabber');
if (!check_email($jabber)) {
$ok = false;
$msg .= error("Please check your jabber.", true);
}
}
if (isset ($_REQUEST['tshirt_size']) && isset ($tshirt_sizes[$_REQUEST['tshirt_size']]))
$tshirt_size = $_REQUEST['tshirt_size'];
else {
$ok = false;
}
$selected_angel_types = array ();
foreach ($angel_types as $angel_type_id => $angel_type_name)
if (isset ($_REQUEST['angel_types_' . $angel_type_id]))
$selected_angel_types[] = $angel_type_id;
// Trivia
if (isset ($_REQUEST['lastname']))
$lastname = strip_request_item('lastname');
if (isset ($_REQUEST['prename']))
$prename = strip_request_item('prename');
if (isset ($_REQUEST['age']) && preg_match("/^[0-9]{0,4}$/", $_REQUEST['age']))
$age = strip_request_item('age');
if (isset ($_REQUEST['tel']))
$tel = strip_request_item('tel');
if (isset ($_REQUEST['dect']))
$dect = strip_request_item('dect');
if (isset ($_REQUEST['mobile']))
$mobile = strip_request_item('mobile');
if (isset ($_REQUEST['hometown']))
$hometown = strip_request_item('hometown');
if ($ok) {
sql_query("UPDATE `User` SET `Nick`='" . sql_escape($nick) . "', `Vorname`='" . sql_escape($prename) . "', `Name`='" . sql_escape($lastname) .
"', `Alter`='" . sql_escape($age) . "', `Telefon`='" . sql_escape($tel) . "', `DECT`='" . sql_escape($dect) . "', `Handy`='" . sql_escape($mobile) .
"', `email`='" . sql_escape($mail) . "', `ICQ`='" . sql_escape($icq) . "', `jabber`='" . sql_escape($jabber) . "', `Size`='" . sql_escape($tshirt_size) .
"', `Hometown`='" . sql_escape($hometown) . "' WHERE `UID`=" . sql_escape($user['UID']));
// Assign angel-types
$user_angel_type_info = array();
foreach ($angel_types_source as $angel_type) {
if (!in_array($angel_type['id'], $selected_angel_types))
sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID']) . " AND `angeltype_id`=" . sql_escape($angel_type['id']) . " LIMIT 1");
else
$user_angel_type_info[] = $angel_type['name'];
}
foreach ($selected_angel_types as $selected_angel_type_id) {
if (sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID']) . " AND `angeltype_id`=" . sql_escape($selected_angel_type_id) . " LIMIT 1") == 0)
sql_query("INSERT INTO `UserAngelTypes` SET `user_id`=" . sql_escape($user['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id));
}
engelsystem_log("Own angel types set to: " . join(", ", $user_angel_type_info));
success("Settings saved.");
redirect(page_link_to('user_settings'));
}
}
elseif (isset ($_REQUEST['submit_password'])) {
$ok = true;
if (!isset ($_REQUEST['password']) || !verify_password($_REQUEST['password'], $user['Passwort'], $user['UID']))
$msg .= error(Get_Text(30), true);
elseif (strlen($_REQUEST['new_password']) < MIN_PASSWORD_LENGTH)
$msg .= error(Get_Text("makeuser_error_password2"));
elseif ($_REQUEST['new_password'] != $_REQUEST['new_password2'])
$msg .= error(Get_Text("makeuser_error_password1"), true);
elseif(set_password($user['UID'], $_REQUEST['new_password']))
success("Password saved.");
else
error("Failed setting password.");
redirect(page_link_to('user_settings'));
}
elseif (isset ($_REQUEST['submit_theme'])) {
$ok = true;
if (isset ($_REQUEST['theme']) && isset ($themes[$_REQUEST['theme']]))
$selected_theme = $_REQUEST['theme'];
else
$ok = false;
if ($ok) {
sql_query("UPDATE `User` SET `color`='" . sql_escape($selected_theme) . "' WHERE `UID`=" . sql_escape($user['UID']));
success("Theme changed.");
redirect(page_link_to('user_settings'));
}
}
elseif (isset ($_REQUEST['submit_language'])) {
$ok = true;
if (isset ($_REQUEST['language']) && isset ($languages[$_REQUEST['language']]))
$selected_language = $_REQUEST['language'];
else
$ok = false;
if ($ok) {
sql_query("UPDATE `User` SET `Sprache`='" . sql_escape($selected_language) . "' WHERE `UID`=" . sql_escape($user['UID']));
$_SESSION['Sprache'] = $selected_language;
success("Language changed.");
redirect(page_link_to('user_settings'));
}
}
return page(array (
sprintf(Get_Text("Hallo") . "%s,<br />" . Get_Text(13), $user['Nick']),
$msg,
msg(),
form(array (
form_info("", Get_Text("pub_einstellungen_Text_UserData")),
form_text('nick', Get_Text("makeuser_Nickname") . "*", $nick),
form_text('lastname', Get_Text("makeuser_Nachname"), $lastname),
form_text('prename', Get_Text("makeuser_Vorname"), $prename),
form_text('age', Get_Text("makeuser_Alter"), $age),
form_text('tel', Get_Text("makeuser_Telefon"), $tel),
form_text('dect', Get_Text("makeuser_DECT"), $dect),
form_text('mobile', Get_Text("makeuser_Handy"), $mobile),
form_text('mail', Get_Text("makeuser_E-Mail") . "*", $mail),
form_text('icq', "ICQ", $icq),
form_text('jabber', "Jabber", $jabber),
form_text('hometown', Get_Text("makeuser_Hometown"), $hometown),
$enable_tshirt_size ? form_select('tshirt_size', Get_Text("makeuser_T-Shirt"), $tshirt_sizes, $tshirt_size) : '',
form_checkboxes('angel_types', "What do you want to do?", $angel_types, $selected_angel_types),
form_submit('submit', Get_Text("save"))
)),
form(array (
form_info("", Get_Text(14)),
form_password('password', Get_Text(15)),
form_password('new_password', Get_Text(16)),
form_password('new_password2', Get_Text(17)),
form_submit('submit_password', Get_Text("save"))
)),
form(array (
form_info("", Get_Text(18)),
form_select('theme', Get_Text(19), $themes, $selected_theme),
form_submit('submit_theme', Get_Text("save"))
)),
form(array (
form_info("", Get_Text(20)),
form_select('language', Get_Text(21), $languages, $selected_language),
form_submit('submit_language', Get_Text("save"))
))
));
}
?>

@ -9,8 +9,15 @@ function user_shifts() {
else
redirect(page_link_to('user_shifts'));
sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($entry_id) . " LIMIT 1");
success("Der Schicht-Eintrag wurde gelöscht.");
$shift_entry_source = sql_select("SELECT `User`.`Nick`, `ShiftEntry`.`Comment`, `ShiftEntry`.`UID`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`name` as `angel_type` FROM `ShiftEntry` JOIN `User` ON (`User`.`UID`=`ShiftEntry`.`UID`) JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`) JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `ShiftEntry`.`id`=" . sql_escape($entry_id) . " LIMIT 1");
if(count($shift_entry_source) > 0) {
$shift_entry_source = $shift_entry_source[0];
sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($entry_id) . " LIMIT 1");
engelsystem_log("Deleted " . $shift_entry_source['Nick'] . "'s shift: " . $shift_entry_source['name'] . " at " . $shift_entry_source['Name'] . " from " . date("y-m-d H:i", $shift_entry_source['start']) . " to " . date("y-m-d H:i", $shift_entry_source['end']) . " as " . $shift_entry_source['angel_type']);
success("Der Schicht-Eintrag wurde gelöscht.");
}
else error("Entry not found.");
redirect(page_link_to('user_shifts'));
}
// Schicht bearbeiten
@ -43,9 +50,12 @@ function user_shifts() {
// Engeltypen laden
$types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`");
$angel_types = array();
$needed_angel_types = array ();
foreach ($types as $type)
foreach ($types as $type) {
$angel_types[$type['id']] = $type;
$needed_angel_types[$type['id']] = 0;
}
// Benötigte Engeltypen vom Raum
$needed_angel_types_source = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `AngelTypes` LEFT JOIN `NeededAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id` AND `NeededAngelTypes`.`room_id`=" . sql_escape($shift['RID']) . ") ORDER BY `AngelTypes`.`name`");
@ -110,8 +120,13 @@ function user_shifts() {
if ($ok) {
sql_query("UPDATE `Shifts` SET `start`=" . sql_escape($start) . ", `end`=" . sql_escape($end) . ", `RID`=" . sql_escape($rid) . ", `name`='" . sql_escape($name) . "' WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1");
sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`=" . sql_escape($shift_id));
foreach ($needed_angel_types as $type_id => $count)
$needed_angel_types_info = array();
foreach ($needed_angel_types as $type_id => $count) {
sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count));
$needed_angel_types_info[] = $angel_types[$type_id]['name'] . ": " . $count;
}
engelsystem_log("Updated shift '" . $name . "' from " . date("y-m-d H:i", $start) . " to " . date("y-m-d H:i", $end) . " with angel types " . join(", ", $needed_angel_types_info));
success("Schicht gespeichert.");
redirect(page_link_to('user_shifts'));
}
@ -155,6 +170,7 @@ function user_shifts() {
sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`=" . sql_escape($shift_id));
sql_query("DELETE FROM `Shifts` WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1");
engelsystem_log("Deleted shift " . $shift['name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end']));
success("Die Schicht wurde gelöscht.");
redirect(page_link_to('user_shifts'));
}
@ -191,7 +207,7 @@ function user_shifts() {
if (in_array('user_shifts_admin', $privileges))
$type = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($type_id) . " LIMIT 1");
else
$type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = " . sql_escape($type_id) . " AND `UserAngelTypes`.`user_id` = " . sql_escape($user['UID']) . " AND (`AngelTypes`.`restricted` = 0 OR NOT `UserAngelTypes`.`confirm_user_id` IS NULL) LIMIT 1");
$type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = " . sql_escape($type_id) . " AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = " . sql_escape($user['UID']) . " AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1");
if (count($type) == 0)
header("Location: " . page_link_to('user_shifts'));
@ -214,14 +230,16 @@ function user_shifts() {
$user_id = $user['UID'];
// TODO: Kollisionserkennung, andere Schichten zur gleichen Uhrzeit darf der Engel auch nicht belegt haben...
$entries = sql_select("SELECT * FROM `ShiftEntry` WHERE `SID`=" . sql_escape($shift['SID']));
foreach ($entries as $entry)
if ($entry['UID'] == $user_id)
if (sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `UID` = '" . sql_escape($user_id) . "'"))
return error("This angel does already have an entry for this shift.", true);
$comment = strip_request_item_nl('comment');
sql_query("INSERT INTO `ShiftEntry` SET `Comment`='" . sql_escape($comment) . "', `UID`=" . sql_escape($user_id) . ", `TID`=" . sql_escape($selected_type_id) . ", `SID`=" . sql_escape($shift_id));
if (sql_num_query("SELECT * FROM `UserAngelTypes` INNER JOIN `AngelTypes` ON `AngelTypes`.`id` = `UserAngelTypes`.`angeltype_id` WHERE `AngelTypes`.`restricted` = 0 AND `user_id` = '" . sql_escape($user_id) . "' AND `angeltype_id` = '" . sql_escape($selected_type_id) . "'") == 0)
sql_query("INSERT INTO `UserAngelTypes` (`user_id`, `angeltype_id`) VALUES ('" . sql_escape($user_id) . "', '" . sql_escape($selected_type_id) . "')");
$user_source = User($user_id);
engelsystem_log("User " . $user_source['Nick'] . " signed up for shift " . $shift['name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end']));
success("Du bist eingetragen. Danke!" . ' <a href="' . page_link_to('user_myshifts') . '">Meine Schichten &raquo;</a>');
redirect(page_link_to('user_shifts'));
}

@ -0,0 +1,19 @@
<?php
/**
* Write a log entry. This should be used to log user's activity.
* @param $message
*/
function engelsystem_log($message) {
global $user;
if(isset($user)) {
$nick = $user['Nick'];
} else {
$nick = "Guest";
}
LogEntry_create($nick, $message);
}
?>

@ -31,6 +31,12 @@ function sql_select($query) {
}
}
function sql_select_single_col($query) {
$result = sql_select($query);
return array_map('array_pop', $result);
}
// Execute a query
function sql_query($query) {
global $con;
@ -59,4 +65,17 @@ function sql_error() {
global $con;
return mysql_error($con);
}
$sql_transaction_counter = 0;
function sql_start_transaction() {
global $sql_transaction_counter;
if ($sql_transaction_counter++ == 0)
sql_query("START TRANSACTION");
}
function sql_stop_transaction() {
global $sql_transaction_counter;
if ($sql_transaction_counter-- == 1)
sql_query("COMMIT");
}
?>

@ -36,6 +36,34 @@ function form_checkboxes($name, $label, $items, $selected) {
return form_element($label, $html);
}
/**
* Rendert eine Tabelle von Checkboxen für ein Formular
* @param names Assoziatives Array mit Namen der Checkboxen als Keys und Überschriften als Values
* @param label Die Beschriftung der gesamten Tabelle
* @param items Array mit den Beschriftungen der Zeilen
* @param selected Mehrdimensionales Array, wobei $selected[foo] ein Array der in der Datenreihe foo markierten Checkboxen ist
* @param disabled Wie selected, nur dass die entsprechenden Checkboxen deaktiviert statt markiert sind
*/
function form_multi_checkboxes($names, $label, $items, $selected, $disabled = array()) {
$html = "<table><thead><tr>";
foreach ($names as $title)
$html .= "<th>$title</th>";
$html .= "</tr></thead><tbody>";
foreach ($items as $key => $item) {
$html .= "<tr>";
foreach ($names as $name => $title) {
$id = $name . '_' . $key;
$sel = array_search($key, $selected[$name]) !== false ? ' checked="checked"' : "";
if (!empty($disabled) && !empty($disabled[$name]) && array_search($key, $disabled[$name]) !== false)
$sel .= ' disabled="disabled"';
$html .= '<td style="text-align: center;"><input type="checkbox" id="' . $id . '" name="' . $name . '[]" value="' . $key . '"' . $sel . ' /></td>';
}
$html .= '<td><label for="' . $id . '">' . $item . '</label></td></tr>';
}
$html .= "</tbody></table>";
return form_element($label, $html);
}
/**
* Rendert eine Checkbox
*/

@ -6,125 +6,126 @@
*/
$tshirt_sizes = array (
'' => "Please select...",
'S' => "S",
'M' => "M",
'L' => "L",
'XL' => "XL",
'2XL' => "2XL",
'3XL' => "3XL",
'4XL' => "4XL",
'5XL' => "5XL",
'S-G' => "S Girl",
'M-G' => "M Girl",
'L-G' => "L Girl",
'XL-G' => "XL Girl"
'S' => "S",
'M' => "M",
'L' => "L",
'XL' => "XL",
'2XL' => "2XL",
'3XL' => "3XL",
'4XL' => "4XL",
'5XL' => "5XL",
'S-G' => "S Girl",
'M-G' => "M Girl",
'L-G' => "L Girl",
'XL-G' => "XL Girl"
);
function user_reset_ical_key($user) {
$user['ical_key'] = md5($user['Nick'] . time() . rand());
sql_query("UPDATE `User` SET `ical_key`='" . sql_escape($user['ical_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1");
$user['ical_key'] = md5($user['Nick'] . time() . rand());
sql_query("UPDATE `User` SET `ical_key`='" . sql_escape($user['ical_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1");
engelsystem_log("iCal key resetted.");
}
function UID2Nick($UID) {
if ($UID > 0)
$SQL = "SELECT Nick FROM `User` WHERE UID='" . sql_escape($UID) . "'";
else
$SQL = "SELECT Name FROM `Groups` WHERE UID='" . sql_escape($UID) . "'";
$Erg = sql_select($SQL);
if (count($Erg) > 0) {
if ($UID > 0)
return $Erg[0]['Nick'];
else
return "Group-" . $Erg[0]['Name'];
} else {
if ($UID == -1)
return "Guest";
else
return "UserID $UID not found";
}
if ($UID > 0)
$SQL = "SELECT Nick FROM `User` WHERE UID='" . sql_escape($UID) . "'";
else
$SQL = "SELECT Name FROM `Groups` WHERE UID='" . sql_escape($UID) . "'";
$Erg = sql_select($SQL);
if (count($Erg) > 0) {
if ($UID > 0)
return $Erg[0]['Nick'];
else
return "Group-" . $Erg[0]['Name'];
} else {
if ($UID == -1)
return "Guest";
else
return "UserID $UID not found";
}
}
function TID2Type($TID) {
global $con;
global $con;
$SQL = "SELECT Name FROM `EngelType` WHERE TID='" . sql_escape($TID) . "'";
$Erg = mysql_query($SQL, $con);
$SQL = "SELECT Name FROM `EngelType` WHERE TID='" . sql_escape($TID) . "'";
$Erg = mysql_query($SQL, $con);
if (mysql_num_rows($Erg))
return mysql_result($Erg, 0);
else
return "";
if (mysql_num_rows($Erg))
return mysql_result($Erg, 0);
else
return "";
}
function ReplaceSmilies($neueckig) {
$neueckig = str_replace(";o))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig);
$neueckig = str_replace(":-))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig);
$neueckig = str_replace(";o)", "<img src=\"pic/smiles/icon_wind.gif\">", $neueckig);
$neueckig = str_replace(":)", "<img src=\"pic/smiles/icon_smile.gif\">", $neueckig);
$neueckig = str_replace(":-)", "<img src=\"pic/smiles/icon_smile.gif\">", $neueckig);
$neueckig = str_replace(":(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig);
$neueckig = str_replace(":-(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig);
$neueckig = str_replace(":o(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig);
$neueckig = str_replace(":o)", "<img src=\"pic/smiles/icon_lol.gif\">", $neueckig);
$neueckig = str_replace(";o(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig);
$neueckig = str_replace(";(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig);
$neueckig = str_replace(";-(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig);
$neueckig = str_replace("8)", "<img src=\"pic/smiles/icon_rolleyes.gif\">", $neueckig);
$neueckig = str_replace("8o)", "<img src=\"pic/smiles/icon_rolleyes.gif\">", $neueckig);
$neueckig = str_replace(":P", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig);
$neueckig = str_replace(":-P", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig);
$neueckig = str_replace(":oP", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig);
$neueckig = str_replace(";P", "<img src=\"pic/smiles/icon_mad.gif\">", $neueckig);
$neueckig = str_replace(";oP", "<img src=\"pic/smiles/icon_mad.gif\">", $neueckig);
$neueckig = str_replace("?)", "<img src=\"pic/smiles/icon_question.gif\">", $neueckig);
return $neueckig;
$neueckig = str_replace(";o))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig);
$neueckig = str_replace(":-))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig);
$neueckig = str_replace(";o)", "<img src=\"pic/smiles/icon_wind.gif\">", $neueckig);
$neueckig = str_replace(":)", "<img src=\"pic/smiles/icon_smile.gif\">", $neueckig);
$neueckig = str_replace(":-)", "<img src=\"pic/smiles/icon_smile.gif\">", $neueckig);
$neueckig = str_replace(":(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig);
$neueckig = str_replace(":-(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig);
$neueckig = str_replace(":o(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig);
$neueckig = str_replace(":o)", "<img src=\"pic/smiles/icon_lol.gif\">", $neueckig);
$neueckig = str_replace(";o(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig);
$neueckig = str_replace(";(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig);
$neueckig = str_replace(";-(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig);
$neueckig = str_replace("8)", "<img src=\"pic/smiles/icon_rolleyes.gif\">", $neueckig);
$neueckig = str_replace("8o)", "<img src=\"pic/smiles/icon_rolleyes.gif\">", $neueckig);
$neueckig = str_replace(":P", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig);
$neueckig = str_replace(":-P", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig);
$neueckig = str_replace(":oP", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig);
$neueckig = str_replace(";P", "<img src=\"pic/smiles/icon_mad.gif\">", $neueckig);
$neueckig = str_replace(";oP", "<img src=\"pic/smiles/icon_mad.gif\">", $neueckig);
$neueckig = str_replace("?)", "<img src=\"pic/smiles/icon_question.gif\">", $neueckig);
return $neueckig;
}
function GetPictureShow($UID) {
global $con;
global $con;
$SQL = "SELECT `show` FROM `UserPicture` WHERE `UID`='" . sql_escape($UID) . "'";
$res = mysql_query($SQL, $con);
$SQL = "SELECT `show` FROM `UserPicture` WHERE `UID`='" . sql_escape($UID) . "'";
$res = mysql_query($SQL, $con);
if (mysql_num_rows($res) == 1)
return mysql_result($res, 0, 0);
else
return "";
if (mysql_num_rows($res) == 1)
return mysql_result($res, 0, 0);
else
return "";
}
function displayPicture($UID, $height = "30") {
global $url, $ENGEL_ROOT;
global $url, $ENGEL_ROOT;
if ($height > 0)
return ("<div class=\"avatar\"><img src=\"" . $url . $ENGEL_ROOT . "ShowUserPicture.php?UID=$UID\" height=\"$height\" alt=\"picture of USER$UID\" class=\"photo\"></div>");
else
return ("<div class=\"avatar\"><img class=\"avatar\" src=\"" . $url . $ENGEL_ROOT . "ShowUserPicture.php?UID=$UID\" alt=\"picture of USER$UID\"></div>");
if ($height > 0)
return ("<div class=\"avatar\"><img src=\"" . $url . $ENGEL_ROOT . "ShowUserPicture.php?UID=$UID\" height=\"$height\" alt=\"picture of USER$UID\" class=\"photo\"></div>");
else
return ("<div class=\"avatar\"><img class=\"avatar\" src=\"" . $url . $ENGEL_ROOT . "ShowUserPicture.php?UID=$UID\" alt=\"picture of USER$UID\"></div>");
}
function displayavatar($UID, $height = "30") {
global $con, $url, $ENGEL_ROOT;
global $con, $url, $ENGEL_ROOT;
if (GetPictureShow($UID) == 'Y')
return "&nbsp;" . displayPicture($UID, $height);
if (GetPictureShow($UID) == 'Y')
return "&nbsp;" . displayPicture($UID, $height);
$user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($UID) . " LIMIT 1");
if (count($user) > 0)
if ($user[0]['Avatar'] > 0)
return '<div class="avatar">' . ("&nbsp;<img src=\"pic/avatar/avatar" . $user[0]['Avatar'] . ".gif\">") . '</div>';
$user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($UID) . " LIMIT 1");
if (count($user) > 0)
if ($user[0]['Avatar'] > 0)
return '<div class="avatar">' . ("&nbsp;<img src=\"pic/avatar/avatar" . $user[0]['Avatar'] . ".gif\">") . '</div>';
}
function UIDgekommen($UID) {
global $con;
global $con;
$SQL = "SELECT `Gekommen` FROM `User` WHERE UID='" . sql_escape($UID) . "'";
$Erg = mysql_query($SQL, $con);
$SQL = "SELECT `Gekommen` FROM `User` WHERE UID='" . sql_escape($UID) . "'";
$Erg = mysql_query($SQL, $con);
if (mysql_num_rows($Erg))
return mysql_result($Erg, 0);
else
return "0";
if (mysql_num_rows($Erg))
return mysql_result($Erg, 0);
else
return "0";
}
?>

@ -37,10 +37,6 @@ $gmdateOffset=3600;
// für Developen 1, sonst = 0
$debug = 0;
// SSL Cert-KEY
$show_SSLCERT = "MD5:<br>MD5SED<br>\n".
"SHA1:<br>SHA1SED";
//globale const. fuer schischtplan
$GlobalZeileProStunde = 4;
@ -61,4 +57,15 @@ $PentabarfXMLEventID = "31";
/// Passord for external Authorization, function only active if the var is defined
//$CurrentExternAuthPass = 23;
// multiply "night shifts" (start or end between 2 and 6 exclusive) by 2
$shift_sum_formula = "SUM(
(1+(
(HOUR(FROM_UNIXTIME(`Shifts`.`end`)) > 2 AND HOUR(FROM_UNIXTIME(`Shifts`.`end`)) < 6)
OR (HOUR(FROM_UNIXTIME(`Shifts`.`start`)) > 2 AND HOUR(FROM_UNIXTIME(`Shifts`.`start`)) < 6)
OR (HOUR(FROM_UNIXTIME(`Shifts`.`start`)) <= 2 AND HOUR(FROM_UNIXTIME(`Shifts`.`end`)) >= 6)
))*(`Shifts`.`end` - `Shifts`.`start`)
)";
// weigh every shift the same
//$shift_sum_formula = "SUM(`end` - `start`)";
?>

@ -3,6 +3,7 @@ require_once ('bootstrap.php');
require_once ('includes/sys_auth.php');
require_once ('includes/sys_counter.php');
require_once ('includes/sys_lang.php');
require_once ('includes/sys_log.php');
require_once ('includes/sys_menu.php');
require_once ('includes/sys_mysql.php');
require_once ('includes/sys_page.php');
@ -10,6 +11,9 @@ require_once ('includes/sys_shift.php');
require_once ('includes/sys_template.php');
require_once ('includes/sys_user.php');
require_once ('includes/model/LogEntries_model.php');
require_once ('includes/model/User_model.php');
require_once ('config/config.php');
require_once ('config/config_db.php');
@ -39,6 +43,10 @@ if ($p == "ical") {
require_once ('includes/pages/user_ical.php');
user_ical();
}
elseif ($p == "atom") {
require_once ('includes/pages/user_atom.php');
user_atom();
}
// Recht dafür vorhanden?
elseif (in_array($p, $privileges)) {
if ($p == "news") {
@ -184,6 +192,7 @@ if (isset ($user) && $p != "admin_user_angeltypes")
echo template_render('../templates/layout.html', array (
'theme' => isset ($user) ? $user['color'] : $default_theme,
'title' => $title,
'atom_link' => ($p == 'news' || $p == 'user_meetings')? '<link href="' . page_link_to('atom') . (($p == 'user_meetings')? '&amp;meetings=1' : '') . '&amp;key=' . $user['ical_key'] . '" type="application/atom+xml" rel="alternate" title="Atom Feed">' : '',
'menu' => make_menu(),
'content' => $content
));

@ -1,6 +1,6 @@
<form action="%link%" method="post">
<p>
Search Angel: <input type="text" name="search" value="%search%" /><input type="submit" name="submit" value="Search" />
Search Angel: <input type="text" name="search" value="%search%" placeholder="Name"> %angeltypes% <label><input type="checkbox" name="confirmed_only" %confirmed_only% value="1"> Nur zugelassene</label> <input type="submit" name="submit" value="Search">
</p>
</form>
<table>

@ -14,6 +14,7 @@
<script type="text/javascript" src="css/forms.js"></script>
<link rel="stylesheet" type="text/css" href="css/base.css" />
<link rel="stylesheet" type="text/css" href="css/style%theme%.css" />
%atom_link%
</head>
<body class="background">
<header>

@ -43,7 +43,7 @@
</table>
<hr/>
<p>
Frage einen Orga:
Frage einen Erzengel:
</p>
<form action="%link%&action=ask" method="post">
<table>

Loading…
Cancel
Save