From 0dabaa505e4463498665a1eb6ab95979578beab3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philip=20H=C3=A4usler?=
Date: Wed, 26 Dec 2012 14:02:27 +0100
Subject: [PATCH 01/14] #28 begin log
---
db/update.d/20_LogEntriesTable.php | 19 +
includes/model/LogEntries_model.php | 15 +
includes/model/User_model.php | 14 +
includes/pages/admin_active.php | 232 +++++-----
includes/pages/admin_angel_types.php | 8 +-
includes/pages/admin_arrive.php | 100 +++--
includes/pages/admin_groups.php | 166 +++----
includes/pages/admin_import.php | 522 ++++++++++++-----------
includes/pages/admin_news.php | 144 ++++---
includes/pages/admin_questions.php | 138 +++---
includes/pages/admin_rooms.php | 19 +-
includes/pages/admin_shifts.php | 9 +-
includes/pages/admin_user_angeltypes.php | 20 +-
includes/sys_log.php | 19 +
public/index.php | 1 +
15 files changed, 785 insertions(+), 641 deletions(-)
create mode 100644 db/update.d/20_LogEntriesTable.php
create mode 100644 includes/model/LogEntries_model.php
create mode 100644 includes/model/User_model.php
create mode 100644 includes/sys_log.php
diff --git a/db/update.d/20_LogEntriesTable.php b/db/update.d/20_LogEntriesTable.php
new file mode 100644
index 00000000..5ea82efc
--- /dev/null
+++ b/db/update.d/20_LogEntriesTable.php
@@ -0,0 +1,19 @@
+
\ No newline at end of file
diff --git a/includes/model/LogEntries_model.php b/includes/model/LogEntries_model.php
new file mode 100644
index 00000000..d8615f0e
--- /dev/null
+++ b/includes/model/LogEntries_model.php
@@ -0,0 +1,15 @@
+
\ No newline at end of file
diff --git a/includes/model/User_model.php b/includes/model/User_model.php
new file mode 100644
index 00000000..c2d2282e
--- /dev/null
+++ b/includes/model/User_model.php
@@ -0,0 +1,14 @@
+ 0)
+ return $user_source[0];
+ return null;
+}
+
+?>
\ No newline at end of file
diff --git a/includes/pages/admin_active.php b/includes/pages/admin_active.php
index 55384345..0dabe568 100644
--- a/includes/pages/admin_active.php
+++ b/includes/pages/admin_active.php
@@ -1,120 +1,144 @@
« back | apply ';
- }
- }
+ if ($ok)
+ $limit = " LIMIT " . $count;
+ if (isset ($_REQUEST['ack'])) {
+ sql_query("UPDATE `User` SET `Aktiv` = 0 WHERE `Tshirt` = 0");
+ $users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit);
+ $user_nicks = array();
+ foreach ($users as $usr) {
+ sql_query("UPDATE `User` SET `Aktiv` = 1 WHERE `UID`=" . sql_escape($usr['UID']));
+ $user_nicks[] = $usr['Nick'];
+ }
+ engelsystem_log("These angels are active now: " . join(", ", $user_nicks));
- if (isset ($_REQUEST['active']) && preg_match("/^[0-9]+$/", $_REQUEST['active'])) {
- $id = $_REQUEST['active'];
- sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
- $msg = success("Angel has been marked as active.", true);
- }
- elseif (isset ($_REQUEST['not_active']) && preg_match("/^[0-9]+$/", $_REQUEST['not_active'])) {
- $id = $_REQUEST['not_active'];
- sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
- $msg = success("Angel has been marked as not active.", true);
- }
- elseif (isset ($_REQUEST['tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['tshirt'])) {
- $id = $_REQUEST['tshirt'];
- sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
- $msg = success("Angel has got a t-shirt.", true);
- }
- elseif (isset ($_REQUEST['not_tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['not_tshirt'])) {
- $id = $_REQUEST['not_tshirt'];
- sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
- $msg = success("Angel has got no t-shirt.", true);
- }
+ $limit = "";
+ $msg = success("Marked angels.", true);
+ } else {
+ $set_active = '« back | apply ';
+ }
+ }
- $users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit);
+ if (isset ($_REQUEST['active']) && preg_match("/^[0-9]+$/", $_REQUEST['active'])) {
+ $id = $_REQUEST['active'];
+ $user_source = User($id);
+ if($user_source != null) {
+ sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+ engelsystem_log("User " . $user_source['Nick'] . " is active now.");
+ $msg = success("Angel has been marked as active.", true);
+ }
+ else $msg = error("Angel not found.", true);
+ }
+ elseif (isset ($_REQUEST['not_active']) && preg_match("/^[0-9]+$/", $_REQUEST['not_active'])) {
+ $id = $_REQUEST['not_active'];
+ $user_source = User($id);
+ if($user_source != null) {
+ sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+ engelsystem_log("User " . $user_source['Nick'] . " is NOT active now.");
+ $msg = success("Angel has been marked as not active.", true);
+ }
+ else $msg = error("Angel not found.", true);
+ }
+ elseif (isset ($_REQUEST['tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['tshirt'])) {
+ $id = $_REQUEST['tshirt'];
+ $user_source = User($id);
+ if($user_source != null) {
+ sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+ engelsystem_log("User " . $user_source['Nick'] . " has tshirt now.");
+ $msg = success("Angel has got a t-shirt.", true);
+ }
+ else $msg = error("Angel not found.", true);
+ }
+ elseif (isset ($_REQUEST['not_tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['not_tshirt'])) {
+ $id = $_REQUEST['not_tshirt'];
+ $user_source = User($id);
+ if($user_source != null) {
+ sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+ engelsystem_log("User " . $user_source['Nick'] . " NO tshirt.");
+ $msg = success("Angel has got no t-shirt.", true);
+ }
+ else $msg = error("Angel not found.", true);
+ }
- $table = "";
- if ($search == "")
- $tokens = array ();
- else
- $tokens = explode(" ", $search);
- foreach ($users as $usr) {
- if (count($tokens) > 0) {
- $match = false;
- $index = join("", $usr);
- foreach ($tokens as $t)
- if (strstr($index, trim($t))) {
- $match = true;
- break;
- }
- if (!$match)
- continue;
- }
- $table .= '';
- $table .= '' . $usr['Nick'] . ' ';
- $table .= '' . $tshirt_sizes[$usr['Size']] . ' ';
- $table .= '' . $usr['shift_count'] . ' ';
+ $users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit);
- if ($usr['shift_count'] == 0)
- $table .= '- ';
- else
- $table .= '' . round($usr['shift_length'] / 60) . ' min (' . round($usr['shift_length'] / 3600) . ' h) ';
+ $table = "";
+ if ($search == "")
+ $tokens = array ();
+ else
+ $tokens = explode(" ", $search);
+ foreach ($users as $usr) {
+ if (count($tokens) > 0) {
+ $match = false;
+ $index = join("", $usr);
+ foreach ($tokens as $t)
+ if (strstr($index, trim($t))) {
+ $match = true;
+ break;
+ }
+ if (!$match)
+ continue;
+ }
+ $table .= ' ';
+ $table .= '' . $usr['Nick'] . ' ';
+ $table .= '' . $tshirt_sizes[$usr['Size']] . ' ';
+ $table .= '' . $usr['shift_count'] . ' ';
- if ($usr['Aktiv'] == 1)
- $table .= 'yes ';
- else
- $table .= ' ';
- if ($usr['Tshirt'] == 1)
- $table .= 'yes ';
- else
- $table .= ' ';
+ if ($usr['shift_count'] == 0)
+ $table .= '- ';
+ else
+ $table .= '' . round($usr['shift_length'] / 60) . ' min (' . round($usr['shift_length'] / 3600) . ' h) ';
- $actions = array ();
- if ($usr['Aktiv'] == 0)
- $actions[] = 'set active ';
- if ($usr['Aktiv'] == 1 && $usr['Tshirt'] == 0) {
- $actions[] = 'remove active ';
- $actions[] = 'got t-shirt ';
- }
- if ($usr['Tshirt'] == 1)
- $actions[] = 'remove t-shirt ';
+ if ($usr['Aktiv'] == 1)
+ $table .= 'yes ';
+ else
+ $table .= ' ';
+ if ($usr['Tshirt'] == 1)
+ $table .= 'yes ';
+ else
+ $table .= ' ';
- $table .= '' . join(' | ', $actions) . ' ';
+ $actions = array ();
+ if ($usr['Aktiv'] == 0)
+ $actions[] = 'set active ';
+ if ($usr['Aktiv'] == 1 && $usr['Tshirt'] == 0) {
+ $actions[] = 'remove active ';
+ $actions[] = 'got t-shirt ';
+ }
+ if ($usr['Tshirt'] == 1)
+ $actions[] = 'remove t-shirt ';
- $table .= ' ';
- }
- return template_render('../templates/admin_active.html', array (
- 'search' => $search,
- 'count' => $count,
- 'set_active' => $set_active,
- 'table' => $table,
- 'msg' => $msg,
- 'link' => page_link_to('admin_active')
- ));
+ $table .= '' . join(' | ', $actions) . ' ';
+
+ $table .= '';
+ }
+ return template_render('../templates/admin_active.html', array (
+ 'search' => $search,
+ 'count' => $count,
+ 'set_active' => $set_active,
+ 'table' => $table,
+ 'msg' => $msg,
+ 'link' => page_link_to('admin_active')
+ ));
}
?>
\ No newline at end of file
diff --git a/includes/pages/admin_angel_types.php b/includes/pages/admin_angel_types.php
index 90289d61..d5841d1c 100644
--- a/includes/pages/admin_angel_types.php
+++ b/includes/pages/admin_angel_types.php
@@ -47,10 +47,13 @@ function admin_angel_types() {
$restricted = 0;
if ($ok) {
- if (isset ($id))
+ if (isset ($id)) {
sql_query("UPDATE `AngelTypes` SET `name`='" . sql_escape($name) . "', `restricted`=" . sql_escape($restricted) . " WHERE `id`=" . sql_escape($id) . " LIMIT 1");
- else
+ engelsystem_log("Updated angeltype: " . $name . ", restricted: " . $restricted);
+ } else {
sql_query("INSERT INTO `AngelTypes` SET `name`='" . sql_escape($name) . "', `restricted`=" . sql_escape($restricted));
+ engelsystem_log("Created angeltype: " . $name . ", restricted: " . $restricted);
+ }
success("Angel type saved.");
redirect(page_link_to('admin_angel_types'));
@@ -76,6 +79,7 @@ function admin_angel_types() {
sql_query("DELETE FROM `ShiftEntry` WHERE `TID`=" . sql_escape($id) . " LIMIT 1");
sql_query("DELETE FROM `AngelTypes` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
sql_query("DELETE FROM `UserAngelTypes` WHERE `angeltype_id`=" . sql_escape($id) . " LIMIT 1");
+ engelsystem_log("Deleted angel type: " . $name);
success(sprintf("Angel type %s deleted.", $name));
redirect(page_link_to('admin_angel_types'));
}
diff --git a/includes/pages/admin_arrive.php b/includes/pages/admin_arrive.php
index 2acad0b3..70a43394 100644
--- a/includes/pages/admin_arrive.php
+++ b/includes/pages/admin_arrive.php
@@ -1,52 +1,60 @@
0) {
- $match = false;
- $index = join("", $usr);
- foreach ($tokens as $t)
- if (strstr($index, trim($t))) {
- $match = true;
- break;
- }
- if (!$match)
- continue;
- }
- $table .= '';
- $table .= '' . $usr['Nick'] . ' ';
- if ($usr['Gekommen'] == 1)
- $table .= 'yes reset ';
- else
- $table .= 'arrived ';
- $table .= ' ';
- }
- return template_render('../templates/admin_arrive.html', array (
- 'search' => $search,
- 'table' => $table,
- 'msg' => $msg,
- 'link' => page_link_to('admin_arrive')
- ));
+ $users = sql_select("SELECT * FROM `User` ORDER BY `Nick`");
+ $table = "";
+ if ($search == "")
+ $tokens = array ();
+ else
+ $tokens = explode(" ", $search);
+ foreach ($users as $usr) {
+ if (count($tokens) > 0) {
+ $match = false;
+ $index = join("", $usr);
+ foreach ($tokens as $t)
+ if (strstr($index, trim($t))) {
+ $match = true;
+ break;
+ }
+ if (!$match)
+ continue;
+ }
+ $table .= '';
+ $table .= '' . $usr['Nick'] . ' ';
+ if ($usr['Gekommen'] == 1)
+ $table .= 'yes reset ';
+ else
+ $table .= 'arrived ';
+ $table .= ' ';
+ }
+ return template_render('../templates/admin_arrive.html', array (
+ 'search' => $search,
+ 'table' => $table,
+ 'msg' => $msg,
+ 'link' => page_link_to('admin_arrive')
+ ));
}
?>
\ No newline at end of file
diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php
index 2fc789fa..df472359 100644
--- a/includes/pages/admin_groups.php
+++ b/includes/pages/admin_groups.php
@@ -1,91 +1,99 @@
%s ',
- $group['Name']
- );
- $privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID']));
- $privileges_html = array ();
+ $html = "";
+ $groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`");
+ if (!isset ($_REQUEST["action"])) {
+ $groups_html = "";
+ foreach ($groups as $group) {
+ $groups_html .= sprintf(
+ '%s ',
+ $group['Name']
+ );
+ $privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID']));
+ $privileges_html = array ();
- foreach ($privileges as $priv)
- $privileges_html[] = $priv['name'];
+ foreach ($privileges as $priv)
+ $privileges_html[] = $priv['name'];
- $groups_html .= sprintf(
- '%s '
- . 'Ändern ',
- join(', ', $privileges_html),
- page_link_to("admin_groups"),
- $group['UID']
- );
- }
+ $groups_html .= sprintf(
+ '%s '
+ . 'Ändern ',
+ join(', ', $privileges_html),
+ page_link_to("admin_groups"),
+ $group['UID']
+ );
+ }
- return template_render('../templates/admin_groups.html', array (
- 'nick' => $user['Nick'],
- 'groups' => $groups_html
- ));
- } else {
- switch ($_REQUEST["action"]) {
- case 'edit' :
- if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
- $id = $_REQUEST['id'];
- else
- return error("Incomplete call, missing Groups ID.", true);
+ return template_render('../templates/admin_groups.html', array (
+ 'nick' => $user['Nick'],
+ 'groups' => $groups_html
+ ));
+ } else {
+ switch ($_REQUEST["action"]) {
+ case 'edit' :
+ if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing Groups ID.", true);
- $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
- if (count($room) > 0) {
- list ($room) = $room;
- $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`");
- $privileges_html = "";
- foreach ($privileges as $priv)
- $privileges_html .= sprintf(
- ' '
- . ' %s %s ',
- $priv['id'],
- ($priv['group_id'] != ""
- ? 'checked="checked"'
- : ''),
- $priv['name'],
- $priv['desc']
- );
+ $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+ if (count($room) > 0) {
+ list ($room) = $room;
+ $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`");
+ $privileges_html = "";
+ foreach ($privileges as $priv)
+ $privileges_html .= sprintf(
+ ' '
+ . ' %s %s ',
+ $priv['id'],
+ ($priv['group_id'] != ""
+ ? 'checked="checked"'
+ : ''),
+ $priv['name'],
+ $priv['desc']
+ );
- $html .= template_render('../templates/admin_groups_edit_form.html', array (
- 'link' => page_link_to("admin_groups"),
- 'id' => $id,
- 'privileges' => $privileges_html
- ));
- } else
- return error("No Group found.", true);
- break;
+ $html .= template_render('../templates/admin_groups_edit_form.html', array (
+ 'link' => page_link_to("admin_groups"),
+ 'id' => $id,
+ 'privileges' => $privileges_html
+ ));
+ } else
+ return error("No Group found.", true);
+ break;
- case 'save' :
- if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
- $id = $_REQUEST['id'];
- else
- return error("Incomplete call, missing Groups ID.", true);
+ case 'save' :
+ if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing Groups ID.", true);
- $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
- if (!is_array($_REQUEST['privileges']))
- $_REQUEST['privileges'] = array ();
- if (count($room) > 0) {
- list ($room) = $room;
- sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id));
- foreach ($_REQUEST['privileges'] as $priv)
- if (preg_match("/^[0-9]{1,}$/", $priv) && sql_num_query("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv)) > 0)
- sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv));
- header("Location: " . page_link_to("admin_groups"));
- } else
- return error("No Group found.", true);
- break;
- }
- }
- return $html;
+ $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+ if (!is_array($_REQUEST['privileges']))
+ $_REQUEST['privileges'] = array ();
+ if (count($room) > 0) {
+ list ($room) = $room;
+ sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id));
+ $privilege_names = array();
+ foreach ($_REQUEST['privileges'] as $priv) {
+ if (preg_match("/^[0-9]{1,}$/", $priv)) {
+ $group_privileges_source = sql_select("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv) . " LIMIT 1");
+ if(count($group_privileges_source) > 0) {
+ sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv));
+ $privilege_names[] = $group_privileges_source[0]['name'];
+ }
+ }
+ }
+ engelsystem_log("Group privileges of group " . $room['Name'] . " edited: " . join(", ", $privilege_names));
+ header("Location: " . page_link_to("admin_groups"));
+ } else
+ return error("No Group found.", true);
+ break;
+ }
+ }
+ return $html;
}
?>
diff --git a/includes/pages/admin_import.php b/includes/pages/admin_import.php
index 5ac62d2d..9a31d5cd 100644
--- a/includes/pages/admin_import.php
+++ b/includes/pages/admin_import.php
@@ -1,279 +1,281 @@
';
- $html .= $step == "input" ? '1. Input ' : '1. Input';
- $html .= ' » ';
- $html .= $step == "check" ? '2. Validate ' : '2. Validate';
- $html .= ' » ';
- $html .= $step == "import" ? '3. Import ' : '3. Import';
- $html .= '
';
-
- $import_file = '../import/import_' . $user['UID'] . '.xml';
-
- switch ($step) {
- case "input" :
- $ok = false;
- if ($test_handle = fopen('../import/tmp', 'w')) {
- fclose($test_handle);
- unlink('../import/tmp');
- } else {
- $msg = error("Webserver has no write-permission on import directory.", true);
- }
-
- if (isset ($_REQUEST['submit'])) {
- $ok = true;
- if (isset ($_REQUEST['user']) && $_REQUEST['user'] != "" && isset ($_REQUEST['password']) && $_REQUEST['password'] != "") {
- $fp = fsockopen("ssl://$PentabarfXMLhost", 443, $errno, $errstr, 5);
-
- if (!$fp) {
- $ok = false;
- $msg = error("File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_REQUEST["url"] . "' not readable!" . "[$errstr ($errno)]", true);
- } else {
- $fileOut = fopen($import_file, "w");
- $head = 'GET /' . $PentabarfXMLpath . $_REQUEST["url"] . ' HTTP/1.1' . "\r\n" .
- 'Host: ' . $PentabarfXMLhost . "\r\n" .
- 'User-Agent: Engelsystem' . "\r\n" .
- 'Authorization: Basic ' .
- base64_encode($_REQUEST["user"] . ':' . $_REQUEST["password"]) . "\r\n" .
- "\r\n";
- fputs($fp, $head);
- $Zeilen = -1;
- echo "";
- while (!feof($fp)) {
- $Temp = fgets($fp, 1024);
-
- // show header
- if ($Zeilen == -1) {
- echo $Temp;
- }
-
- // ende des headers
- if ($Temp == "\r\n") {
- echo " \n";
- $Zeilen = 0;
- $Temp = "";
- }
-
- //file ende?
- if ($Temp == "0\r\n")
- break;
-
- if (($Zeilen > -1) && ($Temp != "ffb\r\n")) {
- //steuerzeichen ausfiltern
- if (strpos("#$Temp", "\r\n") > 0)
- $Temp = substr($Temp, 0, strlen($Temp) - 2);
- if (strpos("#$Temp", "1005") > 0)
- $Temp = "";
- if (strpos("#$Temp", "783") > 0)
- $Temp = "";
- //schreiben in file
- fputs($fileOut, $Temp);
- $Zeilen++;
- }
- }
- fclose($fileOut);
- fclose($fp);
- $msg .= success("Es wurden $Zeilen Zeilen eingelesen.", true);
- }
- }
- elseif (isset ($_FILES['xcal_file']) && ($_FILES['xcal_file']['error'] == 0)) {
- if (move_uploaded_file($_FILES['xcal_file']['tmp_name'], $import_file)) {
- libxml_use_internal_errors(true);
- if (simplexml_load_file($import_file) === false) {
- $ok = false;
- $msg = error("No valid xml/xcal file provided.", true);
- unlink($import_file);
- }
- } else {
- $ok = false;
- $msg = error("File upload went wrong.", true);
- }
- } else {
- $ok = false;
- $msg = error("Please provide some data.", true);
- }
- }
-
- if ($ok)
- header("Location: " . page_link_to('admin_import') . "&step=check");
- else
- $html .= template_render('../templates/admin_import_input.html', array (
- 'link' => page_link_to('admin_import'),
- 'msg' => $msg,
- 'url' => "https://$PentabarfXMLhost/$PentabarfXMLpath"
- ));
- break;
-
- case "check" :
- if (!file_exists($import_file))
- header("Location: " . page_link_to('admin_import'));
-
- list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file);
- list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file);
-
- $html .= template_render('../templates/admin_import_check.html', array (
- 'link' => page_link_to('admin_import'),
- 'rooms_new' => count($rooms_new) == 0 ? "None " : table_body($rooms_new),
- 'rooms_deleted' => count($rooms_deleted) == 0 ? "None " : table_body($rooms_deleted),
- 'events_new' => count($events_new) == 0 ? "None " : table_body(shifts_printable($events_new)),
- 'events_updated' => count($events_updated) == 0 ? "None " : table_body(shifts_printable($events_updated)),
- 'events_deleted' => count($events_deleted) == 0 ? "None " : table_body(shifts_printable($events_deleted))
- ));
- break;
-
- case "import" :
- if (!file_exists($import_file))
- header("Location: " . page_link_to('admin_import'));
-
- list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file);
- foreach ($rooms_new as $room) {
- sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($room) . "', `FromPentabarf`='Y', `Show`='Y'");
- $rooms_import[trim($room)] = sql_id();
- }
- foreach ($rooms_deleted as $room)
- sql_query("DELETE FROM `Room` WHERE `Name`='" . sql_escape($room) . "' LIMIT 1");
-
- list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file);
- foreach ($events_new as $event)
- sql_query("INSERT INTO `Shifts` SET `name`='" .
- sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "'");
-
- foreach ($events_updated as $event)
- sql_query("UPDATE `Shifts` SET `name`='" .
- sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "' WHERE `PSID`=" . sql_escape($event['PSID']) . " LIMIT 1");
-
- foreach ($events_deleted as $event)
- sql_query("DELETE FROM `Shifts` WHERE `PSID`=" .
- sql_escape($event['PSID']) . " LIMIT 1");
-
- unlink($import_file);
-
- $html .= template_render('../templates/admin_import_import.html', array ());
- break;
- }
-
- return $html;
+ global $PentabarfXMLhost, $PentabarfXMLpath;
+ global $rooms_import;
+ global $user;
+ $html = "";
+
+ $step = "input";
+ if (isset ($_REQUEST['step']))
+ $step = $_REQUEST['step'];
+
+ $html .= '';
+ $html .= $step == "input" ? '1. Input ' : '1. Input';
+ $html .= ' » ';
+ $html .= $step == "check" ? '2. Validate ' : '2. Validate';
+ $html .= ' » ';
+ $html .= $step == "import" ? '3. Import ' : '3. Import';
+ $html .= '
';
+
+ $import_file = '../import/import_' . $user['UID'] . '.xml';
+
+ switch ($step) {
+ case "input" :
+ $ok = false;
+ if ($test_handle = fopen('../import/tmp', 'w')) {
+ fclose($test_handle);
+ unlink('../import/tmp');
+ } else {
+ $msg = error("Webserver has no write-permission on import directory.", true);
+ }
+
+ if (isset ($_REQUEST['submit'])) {
+ $ok = true;
+ if (isset ($_REQUEST['user']) && $_REQUEST['user'] != "" && isset ($_REQUEST['password']) && $_REQUEST['password'] != "") {
+ $fp = fsockopen("ssl://$PentabarfXMLhost", 443, $errno, $errstr, 5);
+
+ if (!$fp) {
+ $ok = false;
+ $msg = error("File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_REQUEST["url"] . "' not readable!" . "[$errstr ($errno)]", true);
+ } else {
+ $fileOut = fopen($import_file, "w");
+ $head = 'GET /' . $PentabarfXMLpath . $_REQUEST["url"] . ' HTTP/1.1' . "\r\n" .
+ 'Host: ' . $PentabarfXMLhost . "\r\n" .
+ 'User-Agent: Engelsystem' . "\r\n" .
+ 'Authorization: Basic ' .
+ base64_encode($_REQUEST["user"] . ':' . $_REQUEST["password"]) . "\r\n" .
+ "\r\n";
+ fputs($fp, $head);
+ $Zeilen = -1;
+ echo "";
+ while (!feof($fp)) {
+ $Temp = fgets($fp, 1024);
+
+ // show header
+ if ($Zeilen == -1) {
+ echo $Temp;
+ }
+
+ // ende des headers
+ if ($Temp == "\r\n") {
+ echo " \n";
+ $Zeilen = 0;
+ $Temp = "";
+ }
+
+ //file ende?
+ if ($Temp == "0\r\n")
+ break;
+
+ if (($Zeilen > -1) && ($Temp != "ffb\r\n")) {
+ //steuerzeichen ausfiltern
+ if (strpos("#$Temp", "\r\n") > 0)
+ $Temp = substr($Temp, 0, strlen($Temp) - 2);
+ if (strpos("#$Temp", "1005") > 0)
+ $Temp = "";
+ if (strpos("#$Temp", "783") > 0)
+ $Temp = "";
+ //schreiben in file
+ fputs($fileOut, $Temp);
+ $Zeilen++;
+ }
+ }
+ fclose($fileOut);
+ fclose($fp);
+ $msg .= success("Es wurden $Zeilen Zeilen eingelesen.", true);
+ }
+ }
+ elseif (isset ($_FILES['xcal_file']) && ($_FILES['xcal_file']['error'] == 0)) {
+ if (move_uploaded_file($_FILES['xcal_file']['tmp_name'], $import_file)) {
+ libxml_use_internal_errors(true);
+ if (simplexml_load_file($import_file) === false) {
+ $ok = false;
+ $msg = error("No valid xml/xcal file provided.", true);
+ unlink($import_file);
+ }
+ } else {
+ $ok = false;
+ $msg = error("File upload went wrong.", true);
+ }
+ } else {
+ $ok = false;
+ $msg = error("Please provide some data.", true);
+ }
+ }
+
+ if ($ok)
+ header("Location: " . page_link_to('admin_import') . "&step=check");
+ else
+ $html .= template_render('../templates/admin_import_input.html', array (
+ 'link' => page_link_to('admin_import'),
+ 'msg' => $msg,
+ 'url' => "https://$PentabarfXMLhost/$PentabarfXMLpath"
+ ));
+ break;
+
+ case "check" :
+ if (!file_exists($import_file))
+ header("Location: " . page_link_to('admin_import'));
+
+ list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file);
+ list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file);
+
+ $html .= template_render('../templates/admin_import_check.html', array (
+ 'link' => page_link_to('admin_import'),
+ 'rooms_new' => count($rooms_new) == 0 ? "None " : table_body($rooms_new),
+ 'rooms_deleted' => count($rooms_deleted) == 0 ? "None " : table_body($rooms_deleted),
+ 'events_new' => count($events_new) == 0 ? "None " : table_body(shifts_printable($events_new)),
+ 'events_updated' => count($events_updated) == 0 ? "None " : table_body(shifts_printable($events_updated)),
+ 'events_deleted' => count($events_deleted) == 0 ? "None " : table_body(shifts_printable($events_deleted))
+ ));
+ break;
+
+ case "import" :
+ if (!file_exists($import_file))
+ header("Location: " . page_link_to('admin_import'));
+
+ list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file);
+ foreach ($rooms_new as $room) {
+ sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($room) . "', `FromPentabarf`='Y', `Show`='Y'");
+ $rooms_import[trim($room)] = sql_id();
+ }
+ foreach ($rooms_deleted as $room)
+ sql_query("DELETE FROM `Room` WHERE `Name`='" . sql_escape($room) . "' LIMIT 1");
+
+ list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file);
+ foreach ($events_new as $event)
+ sql_query("INSERT INTO `Shifts` SET `name`='" .
+ sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "'");
+
+ foreach ($events_updated as $event)
+ sql_query("UPDATE `Shifts` SET `name`='" .
+ sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "' WHERE `PSID`=" . sql_escape($event['PSID']) . " LIMIT 1");
+
+ foreach ($events_deleted as $event)
+ sql_query("DELETE FROM `Shifts` WHERE `PSID`=" .
+ sql_escape($event['PSID']) . " LIMIT 1");
+
+ engelsystem_log("Pentabarf import done");
+
+ unlink($import_file);
+
+ $html .= template_render('../templates/admin_import_import.html', array ());
+ break;
+ }
+
+ return $html;
}
function prepare_rooms($file) {
- global $rooms_import;
- $data = read_xml($file);
-
- // Load rooms from db for compare with input
- $rooms = sql_select("SELECT * FROM `Room` WHERE `FromPentabarf`='Y'");
- $rooms_db = array ();
- $rooms_import = array ();
- foreach ($rooms as $room) {
- $rooms_db[] = $room['Name'];
- $rooms_import[$room['Name']] = $room['RID'];
- }
-
- $events = $data->vcalendar->vevent;
- $rooms_pb = array ();
- foreach ($events as $event) {
- $rooms_pb[] = $event->location;
- if (!isset ($rooms_import[trim($event->location)]))
- $rooms_import[trim($event->location)] = trim($event->location);
- }
- $rooms_pb = array_unique($rooms_pb);
-
- $rooms_new = array_diff($rooms_pb, $rooms_db);
- $rooms_deleted = array_diff($rooms_db, $rooms_pb);
-
- return array (
- $rooms_new,
- $rooms_deleted
- );
+ global $rooms_import;
+ $data = read_xml($file);
+
+ // Load rooms from db for compare with input
+ $rooms = sql_select("SELECT * FROM `Room` WHERE `FromPentabarf`='Y'");
+ $rooms_db = array ();
+ $rooms_import = array ();
+ foreach ($rooms as $room) {
+ $rooms_db[] = $room['Name'];
+ $rooms_import[$room['Name']] = $room['RID'];
+ }
+
+ $events = $data->vcalendar->vevent;
+ $rooms_pb = array ();
+ foreach ($events as $event) {
+ $rooms_pb[] = $event->location;
+ if (!isset ($rooms_import[trim($event->location)]))
+ $rooms_import[trim($event->location)] = trim($event->location);
+ }
+ $rooms_pb = array_unique($rooms_pb);
+
+ $rooms_new = array_diff($rooms_pb, $rooms_db);
+ $rooms_deleted = array_diff($rooms_db, $rooms_pb);
+
+ return array (
+ $rooms_new,
+ $rooms_deleted
+ );
}
function prepare_events($file) {
- global $rooms_import;
- $data = read_xml($file);
-
- $rooms = sql_select("SELECT * FROM `Room`");
- $rooms_db = array ();
- foreach ($rooms as $room)
- $rooms_db[$room['Name']] = $room['RID'];
-
- $events = $data->vcalendar->vevent;
- $shifts_pb = array ();
- foreach ($events as $event) {
- $event_pb = $event->children("http://pentabarf.org");
- $event_id = trim($event_pb-> {
- 'event-id' });
- $shifts_pb[$event_id] = array (
- 'start' => DateTime :: createFromFormat("Ymd\THis", $event->dtstart)->getTimestamp(),
- 'end' => DateTime :: createFromFormat("Ymd\THis", $event->dtend)->getTimestamp(),
- 'RID' => $rooms_import[trim($event->location)],
- 'name' => trim($event->summary),
- 'URL' => trim($event->url),
- 'PSID' => $event_id
- );
- }
-
- $shifts = sql_select("SELECT * FROM `Shifts` WHERE `PSID` IS NOT NULL ORDER BY `start`");
- $shifts_db = array ();
- foreach ($shifts as $shift)
- $shifts_db[$shift['PSID']] = $shift;
-
- $shifts_new = array ();
- $shifts_updated = array ();
- foreach ($shifts_pb as $shift)
- if (!isset ($shifts_db[$shift['PSID']]))
- $shifts_new[] = $shift;
- else {
- $tmp = $shifts_db[$shift['PSID']];
- if ($shift['name'] != $tmp['name'] || $shift['start'] != $tmp['start'] || $shift['end'] != $tmp['end'] || $shift['RID'] != $tmp['RID'] || $shift['URL'] != $tmp['URL'])
- $shifts_updated[] = $shift;
- }
-
- $shifts_deleted = array ();
- foreach ($shifts_db as $shift)
- if (!isset ($shifts_pb[$shift['PSID']]))
- $shifts_deleted[] = $shift;
-
- return array (
- $shifts_new,
- $shifts_updated,
- $shifts_deleted
- );
+ global $rooms_import;
+ $data = read_xml($file);
+
+ $rooms = sql_select("SELECT * FROM `Room`");
+ $rooms_db = array ();
+ foreach ($rooms as $room)
+ $rooms_db[$room['Name']] = $room['RID'];
+
+ $events = $data->vcalendar->vevent;
+ $shifts_pb = array ();
+ foreach ($events as $event) {
+ $event_pb = $event->children("http://pentabarf.org");
+ $event_id = trim($event_pb-> {
+ 'event-id' });
+ $shifts_pb[$event_id] = array (
+ 'start' => DateTime :: createFromFormat("Ymd\THis", $event->dtstart)->getTimestamp(),
+ 'end' => DateTime :: createFromFormat("Ymd\THis", $event->dtend)->getTimestamp(),
+ 'RID' => $rooms_import[trim($event->location)],
+ 'name' => trim($event->summary),
+ 'URL' => trim($event->url),
+ 'PSID' => $event_id
+ );
+ }
+
+ $shifts = sql_select("SELECT * FROM `Shifts` WHERE `PSID` IS NOT NULL ORDER BY `start`");
+ $shifts_db = array ();
+ foreach ($shifts as $shift)
+ $shifts_db[$shift['PSID']] = $shift;
+
+ $shifts_new = array ();
+ $shifts_updated = array ();
+ foreach ($shifts_pb as $shift)
+ if (!isset ($shifts_db[$shift['PSID']]))
+ $shifts_new[] = $shift;
+ else {
+ $tmp = $shifts_db[$shift['PSID']];
+ if ($shift['name'] != $tmp['name'] || $shift['start'] != $tmp['start'] || $shift['end'] != $tmp['end'] || $shift['RID'] != $tmp['RID'] || $shift['URL'] != $tmp['URL'])
+ $shifts_updated[] = $shift;
+ }
+
+ $shifts_deleted = array ();
+ foreach ($shifts_db as $shift)
+ if (!isset ($shifts_pb[$shift['PSID']]))
+ $shifts_deleted[] = $shift;
+
+ return array (
+ $shifts_new,
+ $shifts_updated,
+ $shifts_deleted
+ );
}
function read_xml($file) {
- global $xml_import;
- if (!isset ($xml_import))
- $xml_import = simplexml_load_file($file);
- return $xml_import;
+ global $xml_import;
+ if (!isset ($xml_import))
+ $xml_import = simplexml_load_file($file);
+ return $xml_import;
}
function shifts_printable($shifts) {
- global $rooms_import;
- $rooms = array_flip($rooms_import);
-
- uasort($shifts, 'shift_sort');
-
- $shifts_printable = array ();
- foreach ($shifts as $shift)
- $shifts_printable[] = array (
- 'day' => date("l, Y-m-d", $shift['start']),
- 'start' => date("H:i", $shift['start']),
- 'name' => shorten($shift['name']),
- 'end' => date("H:i", $shift['end']),
- 'room' => $rooms[$shift['RID']]
- );
- return $shifts_printable;
+ global $rooms_import;
+ $rooms = array_flip($rooms_import);
+
+ uasort($shifts, 'shift_sort');
+
+ $shifts_printable = array ();
+ foreach ($shifts as $shift)
+ $shifts_printable[] = array (
+ 'day' => date("l, Y-m-d", $shift['start']),
+ 'start' => date("H:i", $shift['start']),
+ 'name' => shorten($shift['name']),
+ 'end' => date("H:i", $shift['end']),
+ 'room' => $rooms[$shift['RID']]
+ );
+ return $shifts_printable;
}
function shift_sort($a, $b) {
- return ($a['start'] < $b['start']) ? -1 : 1;
+ return ($a['start'] < $b['start']) ? -1 : 1;
}
?>
diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php
index ca1f81fc..f6c06001 100644
--- a/includes/pages/admin_news.php
+++ b/includes/pages/admin_news.php
@@ -1,87 +1,89 @@
0) {
- list ($news) = $news;
+ if (!isset ($_GET["action"])) {
+ header("Location: " . page_link_to("news"));
+ } else {
+ $html = "";
+ switch ($_GET["action"]) {
+ case 'edit' :
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing News ID.", true);
- $html .= '« Back ';
+ $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
+ if (count($news) > 0) {
+ list ($news) = $news;
- $html .= "\n";
- $html .= " \n";
- $html .= " \n";
- $html .= " ";
+ $html .= "";
- $html .= "\n";
- $html .= " \n";
- $html .= " \n";
- $html .= " ";
- } else
- return error("No News found.", true);
- break;
+ $html .= " \n";
+ $html .= " \n";
+ $html .= "";
- case 'save' :
- if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
- $id = $_REQUEST['id'];
- else
- return error("Incomplete call, missing News ID.", true);
+ $html .= "\n";
+ $html .= " \n";
+ $html .= " \n";
+ $html .= " ";
+ } else
+ return error("No News found.", true);
+ break;
- $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
- if (count($news) > 0) {
- list ($news) = $news;
+ case 'save' :
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing News ID.", true);
- sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) .
- "', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1");
- header("Location: " . page_link_to("news"));
- } else
- return error("No News found.", true);
- break;
+ $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
+ if (count($news) > 0) {
+ list ($news) = $news;
- case 'delete' :
- if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
- $id = $_REQUEST['id'];
- else
- return error("Incomplete call, missing News ID.", true);
+ sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) .
+ "', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1");
+ engelsystem_log("News updated: " . $_POST["eBetreff"]);
+ header("Location: " . page_link_to("news"));
+ } else
+ return error("No News found.", true);
+ break;
- $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
- if (count($news) > 0) {
- list ($news) = $news;
+ case 'delete' :
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing News ID.", true);
- sql_query("DELETE FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
- header("Location: " . page_link_to("news"));
- } else
- return error("No News found.", true);
- break;
- }
- }
- return $html;
+ $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
+ if (count($news) > 0) {
+ list ($news) = $news;
+
+ sql_query("DELETE FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
+ engelsystem_log("News deleted: " . $news['Betreff']);
+ header("Location: " . page_link_to("news"));
+ } else
+ return error("No News found.", true);
+ break;
+ }
+ }
+ return $html;
}
?>
\ No newline at end of file
diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php
index df5e9196..a85c8c0f 100644
--- a/includes/pages/admin_questions.php
+++ b/includes/pages/admin_questions.php
@@ -1,85 +1,87 @@
0)
- return 'Es gibt unbeantwortete Fragen!
';
- }
+ if ($new_messages > 0)
+ return 'Es gibt unbeantwortete Fragen!
';
+ }
- return "";
+ return "";
}
function admin_questions() {
- global $user;
+ global $user;
- if (!isset ($_REQUEST['action'])) {
- $open_questions = "";
- $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0");
- foreach ($questions as $question)
- $open_questions .= template_render(
- '../templates/admin_question_unanswered.html', array (
- 'question_nick' => UID2Nick($question['UID']),
- 'question_id' => $question['QID'],
- 'link' => page_link_to("admin_questions"),
- 'question' => str_replace("\n", ' ', $question['Question'])
- ));
+ if (!isset ($_REQUEST['action'])) {
+ $open_questions = "";
+ $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0");
+ foreach ($questions as $question)
+ $open_questions .= template_render(
+ '../templates/admin_question_unanswered.html', array (
+ 'question_nick' => UID2Nick($question['UID']),
+ 'question_id' => $question['QID'],
+ 'link' => page_link_to("admin_questions"),
+ 'question' => str_replace("\n", ' ', $question['Question'])
+ ));
- $answered_questions = "";
- $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0");
+ $answered_questions = "";
+ $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0");
- foreach ($questions as $question)
- $answered_questions .= template_render(
- '../templates/admin_question_answered.html', array (
- 'question_id' => $question['QID'],
- 'question_nick' => UID2Nick($question['UID']),
- 'question' => str_replace("\n", " ", $question['Question']),
- 'answer_nick' => UID2Nick($question['AID']),
- 'answer' => str_replace("\n", " ", $question['Answer']),
- 'link' => page_link_to("admin_questions"),
- ));
+ foreach ($questions as $question)
+ $answered_questions .= template_render(
+ '../templates/admin_question_answered.html', array (
+ 'question_id' => $question['QID'],
+ 'question_nick' => UID2Nick($question['UID']),
+ 'question' => str_replace("\n", " ", $question['Question']),
+ 'answer_nick' => UID2Nick($question['AID']),
+ 'answer' => str_replace("\n", " ", $question['Answer']),
+ 'link' => page_link_to("admin_questions"),
+ ));
- return template_render('../templates/admin_questions.html', array (
- 'link' => page_link_to("admin_questions"),
- 'open_questions' => $open_questions,
- 'answered_questions' => $answered_questions
- ));
- } else {
- switch ($_REQUEST['action']) {
- case 'answer' :
- if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
- $id = $_REQUEST['id'];
- else
- return error("Incomplete call, missing Question ID.", true);
+ return template_render('../templates/admin_questions.html', array (
+ 'link' => page_link_to("admin_questions"),
+ 'open_questions' => $open_questions,
+ 'answered_questions' => $answered_questions
+ ));
+ } else {
+ switch ($_REQUEST['action']) {
+ case 'answer' :
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing Question ID.", true);
- $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
- if (count($question) > 0 && $question[0]['AID'] == "0") {
- $answer = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer'])));
+ $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
+ if (count($question) > 0 && $question[0]['AID'] == "0") {
+ $answer = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer'])));
- if ($answer != "") {
- sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
- header("Location: " . page_link_to("admin_questions"));
- } else
- return error("Gib eine Antwort ein!", true);
- } else
- return error("No question found.", true);
- break;
- case 'delete' :
- if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
- $id = $_REQUEST['id'];
- else
- return error("Incomplete call, missing Question ID.", true);
+ if ($answer != "") {
+ sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
+ engelsystem_log("Question " . $question[0]['Question'] . " answered: " . $answer);
+ header("Location: " . page_link_to("admin_questions"));
+ } else
+ return error("Gib eine Antwort ein!", true);
+ } else
+ return error("No question found.", true);
+ break;
+ case 'delete' :
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing Question ID.", true);
- $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
- if (count($question) > 0) {
- sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
- header("Location: " . page_link_to("admin_questions"));
- } else
- return error("No question found.", true);
- break;
- }
- }
+ $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
+ if (count($question) > 0) {
+ sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
+ engelsystem_log("Question deleted: " . $question[0]['Question']);
+ header("Location: " . page_link_to("admin_questions"));
+ } else
+ return error("No question found.", true);
+ break;
+ }
+ }
}
?>
diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php
index 160316c6..b92ea6a8 100644
--- a/includes/pages/admin_rooms.php
+++ b/includes/pages/admin_rooms.php
@@ -77,17 +77,26 @@ function admin_rooms() {
}
if ($ok) {
- if(isset($id))
+ if(isset($id)) {
sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`=" . sql_escape($id) . " LIMIT 1");
- else {
+ engelsystem_log("Room updated: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number);
+ } else {
sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "'");
$id = sql_id();
+ engelsystem_log("Room created: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number);
}
sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($id));
- foreach ($angeltypes_count as $angeltype_id => $angeltype_count)
- sql_query("INSERT INTO `NeededAngelTypes` SET `room_id`=" . sql_escape($id) . ", `angel_type_id`=" . sql_escape($angeltype_id) . ", `count`=" . sql_escape($angeltype_count));
+ $needed_angeltype_info = array();
+ foreach ($angeltypes_count as $angeltype_id => $angeltype_count) {
+ $angeltype_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($angeltype_id) . " LIMIT 1");
+ if(count($angeltype_source) > 0) {
+ sql_query("INSERT INTO `NeededAngelTypes` SET `room_id`=" . sql_escape($id) . ", `angel_type_id`=" . sql_escape($angeltype_id) . ", `count`=" . sql_escape($angeltype_count));
+ $needed_angeltype_info[] = $angeltypes_source[0]['name'] . ": " . $angeltype_count;
+ }
+ }
+ engelsystem_log("Set needed angeltypes of room " . $name . " to: " . join(", ", $needed_angeltype_info));
success("Room saved.");
redirect(page_link_to("admin_rooms"));
}
@@ -116,6 +125,8 @@ function admin_rooms() {
if (isset ($_REQUEST['ack'])) {
sql_query("DELETE FROM `Room` WHERE `RID`=" . sql_escape($id) . " LIMIT 1");
sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($id) . " LIMIT 1");
+
+ engelsystem_log("Room deleted: " . $name);
success(sprintf("Room %s deleted.", $name));
redirect(page_link_to('admin_rooms'));
}
diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php
index 303c580c..f35fa312 100644
--- a/includes/pages/admin_shifts.php
+++ b/includes/pages/admin_shifts.php
@@ -233,11 +233,18 @@ function admin_shifts() {
foreach ($_SESSION['admin_shifts_shifts'] as $shift) {
sql_query("INSERT INTO `Shifts` SET `start`=" . sql_escape($shift['start']) . ", `end`=" . sql_escape($shift['end']) . ", `RID`=" . sql_escape($shift['RID']) . ", `name`='" . sql_escape($shift['name']) . "'");
$shift_id = sql_id();
+ engelsystem_log("Shift created: " . $shift['name'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end']));
+ $needed_angel_types_info = array();
foreach ($_SESSION['admin_shifts_types'] as $type_id => $count) {
- sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count));
+ $angel_type_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($type_id) . " LIMIT 1");
+ if(count($angel_type_source) > 0) {
+ sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count));
+ $needed_angel_types_info[] = $angel_type_source[0]['name'] . ": " . $count;
+ }
}
}
+ engelsystem_log("Shift needs following angel types: " . join(", ", $needed_angel_types_info));
$msg = success("Schichten angelegt.", true);
} else {
unset ($_SESSION['admin_shifts_shifts']);
diff --git a/includes/pages/admin_user_angeltypes.php b/includes/pages/admin_user_angeltypes.php
index b22178e0..38c4d9c8 100644
--- a/includes/pages/admin_user_angeltypes.php
+++ b/includes/pages/admin_user_angeltypes.php
@@ -8,16 +8,24 @@ function admin_user_angeltypes() {
global $privileges;
if (isset ($_REQUEST['confirm']) && test_request_int('confirm') && sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " AND `confirm_user_id` IS NULL") > 0) {
- sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id`=" . sql_escape($_SESSION['uid']) . " WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " LIMIT 1");
-
- success("Confirmed.");
+ $user_angel_type_source = sql_select("SELECT `UserAngelTypes`.*, `User`.`Nick`, `AngelTypes`.`name` FROM `UserAngelTypes` JOIN `User` ON `User`.`UID`=`UserAngelTypes`.`user_id` JOIN `AngelTypes` ON `AngelTypes`.`id`=`UserAngelTypes`.`angeltype_id` WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " LIMIT 1");
+ if(count($user_angel_type_source) > 0) {
+ sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id`=" . sql_escape($_SESSION['uid']) . " WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " LIMIT 1");
+ engelsystem_log("Confirmed " . $user_angel_type_source[0]['Nick'] . " as " . $user_angel_type_source[0]['name']);
+ success("Confirmed.");
+ }
+ else error("Entry not found.");
redirect(page_link_to('admin_user_angeltypes'));
}
if (isset ($_REQUEST['discard']) && test_request_int('discard') && sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " AND `confirm_user_id` IS NULL") > 0) {
- sql_query("DELETE FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " LIMIT 1");
-
- success("Discarded.");
+ $user_angel_type_source = sql_select("SELECT `UserAngelTypes`.*, `User`.`Nick`, `AngelTypes`.`name` FROM `UserAngelTypes` JOIN `User` ON `User`.`UID`=`UserAngelTypes`.`user_id` JOIN `AngelTypes` ON `AngelTypes`.`id`=`UserAngelTypes`.`angeltype_id` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " LIMIT 1");
+ if(count($user_angel_type_source) > 0) {
+ sql_query("DELETE FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " LIMIT 1");
+ engelsystem_log("Discarded " . $user_angel_type_source[0]['Nick'] . " as " . $user_angel_type_source[0]['name']);
+ success("Discarded.");
+ }
+ else error("Entry not found.");
redirect(page_link_to('admin_user_angeltypes'));
}
diff --git a/includes/sys_log.php b/includes/sys_log.php
new file mode 100644
index 00000000..65c0aa41
--- /dev/null
+++ b/includes/sys_log.php
@@ -0,0 +1,19 @@
+
\ No newline at end of file
diff --git a/public/index.php b/public/index.php
index 45555a2b..1773b54b 100644
--- a/public/index.php
+++ b/public/index.php
@@ -3,6 +3,7 @@ require_once ('bootstrap.php');
require_once ('includes/sys_auth.php');
require_once ('includes/sys_counter.php');
require_once ('includes/sys_lang.php');
+require_once ('includes/sys_log.php');
require_once ('includes/sys_menu.php');
require_once ('includes/sys_mysql.php');
require_once ('includes/sys_page.php');
From 51c6547610066912c0b0a3e6309cfb6b149aa0c2 Mon Sep 17 00:00:00 2001
From: Jan-Philipp Litza
Date: Wed, 26 Dec 2012 16:58:09 +0100
Subject: [PATCH 02/14] advanced form in user administration for confirming
angeltypes
---
includes/pages/admin_user.php | 46 +++++++++++++++++++++++------------
includes/sys_mysql.php | 19 +++++++++++++++
includes/sys_template.php | 28 +++++++++++++++++++++
3 files changed, 77 insertions(+), 16 deletions(-)
diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php
index 5a986eca..a2ab7b07 100644
--- a/includes/pages/admin_user.php
+++ b/includes/pages/admin_user.php
@@ -92,28 +92,38 @@ function admin_user() {
// UserAngelType subform
list ($user_source) = sql_select($SQL);
- $selected_angel_types_source = sql_select("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']));
- $selected_angel_types = array ();
- foreach ($selected_angel_types_source as $selected_angel_type)
- $selected_angel_types[] = $selected_angel_type['angeltype_id'];
+ $selected_angel_types = sql_select_single_col("SELECT `angeltype_id` FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']));
+ $accepted_angel_types = sql_select_single_col("SELECT `angeltype_id` FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']) . " AND `confirm_user_id` IS NOT NULL");
+ $nonrestricted_angel_types = sql_select_single_col("SELECT `id` FROM `AngelTypes` WHERE `restricted` = 0");
- $angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`");
- $angel_types = array ();
+ $angel_types_source = sql_select("SELECT `id`, `name` FROM `AngelTypes` ORDER BY `name`");
+ $angel_types = array();
foreach ($angel_types_source as $angel_type)
- $angel_types[$angel_type['id']] = $angel_type['name'] . ($angel_type['restricted'] ? " (restricted)" : "");
+ $angel_types[$angel_type['id']] = $angel_type['name'];
if (isset ($_REQUEST['submit_user_angeltypes'])) {
- $selected_angel_types = array ();
- foreach ($angel_types as $angel_type_id => $angel_type_name) {
- if (isset ($_REQUEST['angel_types_' . $angel_type_id]))
- $selected_angel_types[] = $angel_type_id;
- }
+ $selected_angel_types = array_intersect($_REQUEST['selected_angel_types'], array_keys($angel_types));
+ $accepted_angel_types = array_diff(array_intersect($_REQUEST['accepted_angel_types'], array_keys($angel_types)), $nonrestricted_angel_types);
+ if (in_array("admin_user_angeltypes", $privileges))
+ $selected_angel_types = array_merge($selected_angel_types, $accepted_angel_types);
// Assign angel-types
- foreach ($angel_types_source as $angel_type) {
- if (!in_array($angel_type['id'], $selected_angel_types))
- sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']) . " AND `angeltype_id`=" . sql_escape($angel_type['id']) . " LIMIT 1");
+ sql_start_transaction();
+ sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']));
+ if (!empty($selected_angel_types)) {
+ $SQL = "INSERT INTO `UserAngelTypes` (`user_id`, `angeltype_id`) VALUES ";
+ foreach ($selected_angel_types as $selected_angel_type_id)
+ $SQL .= "(${user_source['UID']}, ${selected_angel_type_id}),";
+ // remove superfluous comma
+ $SQL = substr($SQL, 0, -1);
+ sql_query($SQL);
+ }
+ if (in_array("admin_user_angeltypes", $privileges)) {
+ sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id` = NULL WHERE `user_id` = " . sql_escape($user_source['UID']));
+ if (!empty($accepted_angel_types))
+ sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id` = '" . sql_escape($user['UID']) . "' WHERE `user_id` = '" . sql_escape($user_source['UID']) . "' AND `angeltype_id` IN (" . implode(',', $accepted_angel_types) . ")");
}
+ sql_stop_transaction();
foreach ($selected_angel_types as $selected_angel_type_id) {
if (sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']) . " AND `angeltype_id`=" . sql_escape($selected_angel_type_id) . " LIMIT 1") == 0) {
@@ -131,7 +141,11 @@ function admin_user() {
$html .= form(array (
msg(),
- form_checkboxes('angel_types', "Angeltypes", $angel_types, $selected_angel_types),
+ form_multi_checkboxes(array('selected_angel_types' => 'gewünscht', 'accepted_angel_types' => 'akzeptiert'),
+ "Angeltypes",
+ $angel_types,
+ array('selected_angel_types' => $selected_angel_types, 'accepted_angel_types' => array_merge($accepted_angel_types, $nonrestricted_angel_types)),
+ array('accepted_angel_types' => $nonrestricted_angel_types)),
form_submit('submit_user_angeltypes', Get_Text("Save"))
));
diff --git a/includes/sys_mysql.php b/includes/sys_mysql.php
index e418ddb8..81747ec2 100644
--- a/includes/sys_mysql.php
+++ b/includes/sys_mysql.php
@@ -31,6 +31,12 @@ function sql_select($query) {
}
}
+function sql_select_single_col($query) {
+ $result = sql_select($query);
+ return array_map('array_pop', $result);
+
+}
+
// Execute a query
function sql_query($query) {
global $con;
@@ -59,4 +65,17 @@ function sql_error() {
global $con;
return mysql_error($con);
}
+
+$sql_transaction_counter = 0;
+function sql_start_transaction() {
+ global $sql_transaction_counter;
+ if ($sql_transaction_counter++ == 0)
+ sql_query("START TRANSACTION");
+}
+
+function sql_stop_transaction() {
+ global $sql_transaction_counter;
+ if ($sql_transaction_counter-- == 1)
+ sql_query("COMMIT");
+}
?>
diff --git a/includes/sys_template.php b/includes/sys_template.php
index 4e701879..a988ff23 100644
--- a/includes/sys_template.php
+++ b/includes/sys_template.php
@@ -36,6 +36,34 @@ function form_checkboxes($name, $label, $items, $selected) {
return form_element($label, $html);
}
+/**
+ * Rendert eine Tabelle von Checkboxen für ein Formular
+ * @param names Assoziatives Array mit Namen der Checkboxen als Keys und Überschriften als Values
+ * @param label Die Beschriftung der gesamten Tabelle
+ * @param items Array mit den Beschriftungen der Zeilen
+ * @param selected Mehrdimensionales Array, wobei $selected[foo] ein Array der in der Datenreihe foo markierten Checkboxen ist
+ * @param disabled Wie selected, nur dass die entsprechenden Checkboxen deaktiviert statt markiert sind
+ */
+function form_multi_checkboxes($names, $label, $items, $selected, $disabled = array()) {
+ $html = "";
+ return form_element($label, $html);
+}
+
/**
* Rendert eine Checkbox
*/
From 3cc2896376c4ef5b8d01320259010ba4e4576a3a Mon Sep 17 00:00:00 2001
From: Jan-Philipp Litza
Date: Wed, 26 Dec 2012 17:27:27 +0100
Subject: [PATCH 03/14] multiply night shifts by 2 (confable with raw mysql)
---
includes/pages/admin_active.php | 8 ++++----
install/default-conf/config.php | 15 +++++++++++----
2 files changed, 15 insertions(+), 8 deletions(-)
diff --git a/includes/pages/admin_active.php b/includes/pages/admin_active.php
index 0dabe568..241d0904 100644
--- a/includes/pages/admin_active.php
+++ b/includes/pages/admin_active.php
@@ -1,6 +1,6 @@
page_link_to('admin_active')
));
}
-?>
\ No newline at end of file
+?>
diff --git a/install/default-conf/config.php b/install/default-conf/config.php
index d27d809a..543d1dce 100644
--- a/install/default-conf/config.php
+++ b/install/default-conf/config.php
@@ -37,10 +37,6 @@ $gmdateOffset=3600;
// für Developen 1, sonst = 0
$debug = 0;
-// SSL Cert-KEY
-$show_SSLCERT = "MD5: MD5SED \n".
- "SHA1: SHA1SED";
-
//globale const. fuer schischtplan
$GlobalZeileProStunde = 4;
@@ -61,4 +57,15 @@ $PentabarfXMLEventID = "31";
/// Passord for external Authorization, function only active if the var is defined
//$CurrentExternAuthPass = 23;
+// multiply "night shifts" (start or end between 2 and 6 exclusive) by 2
+$shift_sum_formula = "SUM(
+ (1+(
+ (HOUR(FROM_UNIXTIME(`Shifts`.`end`)) > 2 AND HOUR(FROM_UNIXTIME(`Shifts`.`end`)) < 6)
+ OR (HOUR(FROM_UNIXTIME(`Shifts`.`start`)) > 2 AND HOUR(FROM_UNIXTIME(`Shifts`.`start`)) < 6)
+ OR (HOUR(FROM_UNIXTIME(`Shifts`.`start`)) <= 2 AND HOUR(FROM_UNIXTIME(`Shifts`.`end`)) >= 6)
+ ))*(`Shifts`.`end` - `Shifts`.`start`)
+)";
+
+// weigh every shift the same
+//$shift_sum_formula = "SUM(`end` - `start`)";
?>
From fe6fab67be17cd271eb77294f33667a81c7ea156 Mon Sep 17 00:00:00 2001
From: Jan-Philipp Litza
Date: Wed, 26 Dec 2012 18:14:23 +0100
Subject: [PATCH 04/14] filter free angels by angeltype
---
includes/pages/admin_free.php | 20 ++++++++++++++++++--
templates/admin_free.html | 2 +-
2 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/includes/pages/admin_free.php b/includes/pages/admin_free.php
index d5e3bd36..d6f4b7a0 100644
--- a/includes/pages/admin_free.php
+++ b/includes/pages/admin_free.php
@@ -6,7 +6,22 @@ function admin_free() {
if (isset ($_REQUEST['search']))
$search = strip_request_item('search');
- $users = sql_select("SELECT `User`.* FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID` AND `Shifts`.`start` < " . sql_escape(time()) . " AND `Shifts`.`end` > " . sql_escape(time()) . ") WHERE `User`.`Gekommen` = 1 AND `Shifts`.`SID` IS NULL GROUP BY `User`.`UID` ORDER BY `Nick`");
+ $angeltypesearch = "";
+ if (empty ($_REQUEST['angeltype']))
+ $_REQUEST['angeltype'] = '';
+ else {
+ $angeltypesearch = " INNER JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id` = '" . sql_escape($_REQUEST['angeltype']) . "' AND `UserAngelTypes`.`user_id` = `User`.`UID`";
+ if (isset ($_REQUEST['confirmed_only']))
+ $angeltypesearch .= " AND `UserAngelTypes`.`confirm_user_id`";
+ $angeltypesearch .= ") ";
+ }
+
+ $angel_types_source = sql_select("SELECT `id`, `name` FROM `AngelTypes` ORDER BY `name`");
+ $angel_types = array('' => 'alle Typen');
+ foreach ($angel_types_source as $angel_type)
+ $angel_types[$angel_type['id']] = $angel_type['name'];
+
+ $users = sql_select("SELECT `User`.* FROM `User` ${angeltypesearch} LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID` AND `Shifts`.`start` < " . sql_escape(time()) . " AND `Shifts`.`end` > " . sql_escape(time()) . ") WHERE `User`.`Gekommen` = 1 AND `Shifts`.`SID` IS NULL GROUP BY `User`.`UID` ORDER BY `Nick`");
$table = "";
if ($search == "")
@@ -41,8 +56,9 @@ function admin_free() {
}
return template_render('../templates/admin_free.html', array (
'search' => $search,
+ 'angeltypes' => html_select_key('angeltype', 'angeltype', $angel_types, $_REQUEST['angeltype']),
'table' => $table,
'link' => page_link_to('admin_free')
));
}
-?>
\ No newline at end of file
+?>
diff --git a/templates/admin_free.html b/templates/admin_free.html
index 522de12b..35ac1afa 100644
--- a/templates/admin_free.html
+++ b/templates/admin_free.html
@@ -1,6 +1,6 @@
- Search Angel:
+ Search Angel: %angeltypes%
From e0e44fc8c3df2839e14c7914a6e665aea98435c9 Mon Sep 17 00:00:00 2001
From: Jan-Philipp Litza
Date: Wed, 26 Dec 2012 20:39:54 +0100
Subject: [PATCH 05/14] added Atom feed for news and meetings
---
db/update.d/21_Atom.php | 4 ++++
includes/pages/user_atom.php | 39 ++++++++++++++++++++++++++++++++++++
public/index.php | 5 +++++
templates/layout.html | 1 +
4 files changed, 49 insertions(+)
create mode 100644 db/update.d/21_Atom.php
create mode 100644 includes/pages/user_atom.php
diff --git a/db/update.d/21_Atom.php b/db/update.d/21_Atom.php
new file mode 100644
index 00000000..f592e0e6
--- /dev/null
+++ b/db/update.d/21_Atom.php
@@ -0,0 +1,4 @@
+ 0;
+?>
diff --git a/includes/pages/user_atom.php b/includes/pages/user_atom.php
new file mode 100644
index 00000000..fd28510f
--- /dev/null
+++ b/includes/pages/user_atom.php
@@ -0,0 +1,39 @@
+
+
+ Engelsystem
+ ' . $_SERVER['HTTP_HOST'] . htmlspecialchars(preg_replace('#[&?]key=[a-f0-9]{32}#', '', $_SERVER['REQUEST_URI'])) . '
+ ' . date('Y-m-d\TH:i:sP', $news[0]['Datum']) . " \n";
+ foreach ($news as $news_entry) {
+ $html .= "
+ " . htmlspecialchars($news_entry['Betreff']) . "
+
+ " . preg_replace('#^https?://#', '', page_link_to_absolute("news")) . "-${news_entry['ID']}
+ " . date('Y-m-d\TH:i:sP', $news_entry['Datum']) . "
+ " . htmlspecialchars($news_entry['Text']) . "
+ \n";
+ }
+ $html .= " ";
+ header("Content-Length: " . strlen($html));
+ echo $html;
+ die();
+}
+?>
diff --git a/public/index.php b/public/index.php
index 1773b54b..bd7e552d 100644
--- a/public/index.php
+++ b/public/index.php
@@ -40,6 +40,10 @@ if ($p == "ical") {
require_once ('includes/pages/user_ical.php');
user_ical();
}
+elseif ($p == "atom") {
+ require_once ('includes/pages/user_atom.php');
+ user_atom();
+}
// Recht dafür vorhanden?
elseif (in_array($p, $privileges)) {
if ($p == "news") {
@@ -185,6 +189,7 @@ if (isset ($user) && $p != "admin_user_angeltypes")
echo template_render('../templates/layout.html', array (
'theme' => isset ($user) ? $user['color'] : $default_theme,
'title' => $title,
+ 'atom_link' => ($p == 'news' || $p == 'user_meetings')? ' ' : '',
'menu' => make_menu(),
'content' => $content
));
diff --git a/templates/layout.html b/templates/layout.html
index 695b6c9c..f6d19c6f 100644
--- a/templates/layout.html
+++ b/templates/layout.html
@@ -14,6 +14,7 @@
+ %atom_link%
From 346209fbc2a4d439f7cc5f65ac8c0bc286cfa013 Mon Sep 17 00:00:00 2001
From: Jan-Philipp Litza
Date: Wed, 26 Dec 2012 20:41:11 +0100
Subject: [PATCH 06/14] ignore more files
---
.gitignore | 2 ++
1 file changed, 2 insertions(+)
diff --git a/.gitignore b/.gitignore
index e30374fe..463fa802 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,5 @@ includes_old
www-ssl_old
.project
.buildpath
+.*.swp
+_vimrc_local.vim
From 0c9dccacfb733feb2a86324e0ec524c8f3b20697 Mon Sep 17 00:00:00 2001
From: Jan-Philipp Litza
Date: Wed, 26 Dec 2012 23:15:08 +0100
Subject: [PATCH 07/14] allow angels to sign up for shifts whose types are not
selected as preferred in settings and auto-prefer these types
---
includes/pages/user_shifts.php | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php
index d627e3a2..073c0d36 100644
--- a/includes/pages/user_shifts.php
+++ b/includes/pages/user_shifts.php
@@ -191,7 +191,7 @@ function user_shifts() {
if (in_array('user_shifts_admin', $privileges))
$type = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($type_id) . " LIMIT 1");
else
- $type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = " . sql_escape($type_id) . " AND `UserAngelTypes`.`user_id` = " . sql_escape($user['UID']) . " AND (`AngelTypes`.`restricted` = 0 OR NOT `UserAngelTypes`.`confirm_user_id` IS NULL) LIMIT 1");
+ $type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = " . sql_escape($type_id) . " AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = " . sql_escape($user['UID']) . " AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1");
if (count($type) == 0)
header("Location: " . page_link_to('user_shifts'));
@@ -214,13 +214,13 @@ function user_shifts() {
$user_id = $user['UID'];
// TODO: Kollisionserkennung, andere Schichten zur gleichen Uhrzeit darf der Engel auch nicht belegt haben...
- $entries = sql_select("SELECT * FROM `ShiftEntry` WHERE `SID`=" . sql_escape($shift['SID']));
- foreach ($entries as $entry)
- if ($entry['UID'] == $user_id)
+ if (sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `UID` = '" . sql_escape($user_id) . "'"))
return error("This angel does already have an entry for this shift.", true);
$comment = strip_request_item_nl('comment');
sql_query("INSERT INTO `ShiftEntry` SET `Comment`='" . sql_escape($comment) . "', `UID`=" . sql_escape($user_id) . ", `TID`=" . sql_escape($selected_type_id) . ", `SID`=" . sql_escape($shift_id));
+ if (sql_num_query("SELECT * FROM `UserAngelTypes` INNER JOIN `AngelTypes` ON `AngelTypes`.`id` = `UserAngelTypes`.`angeltype_id` WHERE `AngelTypes`.`restricted` = 0 AND `user_id` = '" . sql_escape($user_id) . "' AND `angeltype_id` = '" . sql_escape($selected_type_id) . "'") == 0)
+ sql_query("INSERT INTO `UserAngelTypes` (`user_id`, `angeltype_id`) VALUES ('" . sql_escape($user_id) . "', '" . sql_escape($selected_type_id) . "')");
success("Du bist eingetragen. Danke!" . ' Meine Schichten » ');
redirect(page_link_to('user_shifts'));
From 7c42769ab897f7fe7903d34523a8a6a5ff6a868b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philip=20H=C3=A4usler?=
Date: Wed, 26 Dec 2012 19:53:27 +0100
Subject: [PATCH 08/14] #28 finnished logging
---
includes/pages/admin_user.php | 23 +-
includes/pages/guest_login.php | 7 +-
includes/pages/user_myshifts.php | 172 +++++++------
includes/pages/user_news.php | 2 +
includes/pages/user_settings.php | 400 ++++++++++++++++---------------
includes/pages/user_shifts.php | 26 +-
includes/sys_user.php | 175 +++++++-------
templates/user_questions.html | 2 +-
8 files changed, 423 insertions(+), 384 deletions(-)
diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php
index a2ab7b07..a23abc0c 100644
--- a/includes/pages/admin_user.php
+++ b/includes/pages/admin_user.php
@@ -135,6 +135,7 @@ function admin_user() {
}
}
+ engelsystem_log("Set angeltypes of " . $user_source['Nick'] . " to: " . join(", ", $user_angel_type_info));
success("Angeltypes saved.");
redirect(page_link_to('admin_user') . '&id=' . $user_source['UID']);
}
@@ -202,19 +203,26 @@ function admin_user() {
$his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($id) . " ORDER BY `group_id`");
if (count($my_highest_group) > 0 && (count($his_highest_group) == 0 || ($my_highest_group[0]['group_id'] <= $his_highest_group[0]['group_id']))) {
- $groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group[0]['group_id']) . " ORDER BY `Groups`.`Name`");
+ $groups_source = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group[0]['group_id']) . " ORDER BY `Groups`.`Name`");
+ $groups = array();
$grouplist = array ();
- foreach ($groups as $group)
+ foreach ($groups_source as $group) {
+ $groups[$group['UID']] = $group;
$grouplist[] = $group['UID'];
+ }
if (!is_array($_REQUEST['groups']))
$_REQUEST['groups'] = array ();
sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id));
- foreach ($_REQUEST['groups'] as $group)
- if (in_array($group, $grouplist))
- sql_query("INSERT INTO `UserGroups` SET `uid`=" .
- sql_escape($id) . ", `group_id`=" . sql_escape($group));
+ $user_groups_info = array();
+ foreach ($_REQUEST['groups'] as $group) {
+ if (in_array($group, $grouplist)) {
+ sql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape($id) . ", `group_id`=" . sql_escape($group));
+ $user_groups_info[] = $groups[$group]['Name'];
+ }
+ }
+ engelsystem_log("Set groups of " . $user_source['Nick'] . " to: " . join(", ", $user_groups_info));
$html .= success("Benutzergruppen gespeichert.", true);
} else {
$html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten.", true);
@@ -229,6 +237,7 @@ function admin_user() {
sql_query("DELETE FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id));
sql_query("UPDATE `ShiftEntry` SET `UID`=0, `Comment`=NULL WHERE `UID`=" . sql_escape($id));
+ engelsystem_log("Deleted user " . $user_source['Nick']);
$html .= success("Benutzer gelöscht!", true);
} else {
$html .= error("Du kannst Dich nicht selber löschen!", true);
@@ -254,12 +263,14 @@ function admin_user() {
"WHERE `UID` = '" . sql_escape($id) .
"' LIMIT 1;";
sql_query($SQL);
+ engelsystem_log("Updated user: " . $_POST["eNick"] . ", " . $_POST["eSize"] . ", arrived: " . $_POST["eGekommen"] . ", active: " . $_POST["eAktiv"] . ", tshirt: " . $_POST["eTshirt"]);
$html .= success("Änderung wurde gespeichert...\n", true);
break;
case 'change_pw' :
if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) {
set_password($id, $_REQUEST['new_pw']);
+ engelsystem_log("Set new password for " . $user_source['Nick']);
$html .= success("Passwort neu gesetzt.", true);
} else {
$html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!", true);
diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php
index db479388..073e2625 100644
--- a/includes/pages/guest_login.php
+++ b/includes/pages/guest_login.php
@@ -116,9 +116,12 @@ function guest_register() {
set_password($user_id, $_REQUEST['password']);
// Assign angel-types
- foreach ($selected_angel_types as $selected_angel_type_id)
+ $user_angel_types_info = array();
+ foreach ($selected_angel_types as $selected_angel_type_id) {
sql_query("INSERT INTO `UserAngelTypes` SET `user_id`=" . sql_escape($user_id) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id));
-
+ $user_angel_types_info[] = $angel_types[$selected_angel_type_id]['name'];
+ }
+ engelsystem_log("User " . $nick . " signed up as: " . join(", ", $user_angel_types_info));
success(Get_Text("makeuser_writeOK4"));
//if (!isset ($_SESSION['uid']))
redirect(page_link_to('login'));
diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php
index 2d1981fa..d8f94b81 100644
--- a/includes/pages/user_myshifts.php
+++ b/includes/pages/user_myshifts.php
@@ -3,100 +3,98 @@
// Zeigt die Schichten an, die ein Benutzer belegt
function user_myshifts() {
- global $LETZTES_AUSTRAGEN;
- global $user, $privileges;
- $msg = "";
+ global $LETZTES_AUSTRAGEN;
+ global $user, $privileges;
+ $msg = "";
- if (isset ($_REQUEST['id']) && in_array("user_shifts_admin", $privileges) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_REQUEST['id'])) > 0) {
- $id = $_REQUEST['id'];
- } else {
- $id = $user['UID'];
- }
+ if (isset ($_REQUEST['id']) && in_array("user_shifts_admin", $privileges) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_REQUEST['id'])) > 0) {
+ $id = $_REQUEST['id'];
+ } else {
+ $id = $user['UID'];
+ }
- list ($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+ list ($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
- if ($id != $user['UID'])
- $msg .= info(sprintf("You are viewing %s's shifts.", $shifts_user['Nick']), true);
+ if ($id != $user['UID'])
+ $msg .= info(sprintf("You are viewing %s's shifts.", $shifts_user['Nick']), true);
- if (isset ($_REQUEST['reset'])) {
- if ($_REQUEST['reset'] == "ack") {
- user_reset_ical_key($user);
- success("Key geändert.");
- redirect(page_link_to('user_myshifts'));
- }
- return template_render('../templates/user_myshifts_reset.html', array ());
- }
- elseif (isset ($_REQUEST['edit']) && preg_match("/^[0-9]*$/", $_REQUEST['edit'])) {
- $id = $_REQUEST['edit'];
- $shift = sql_select("SELECT `ShiftEntry`.`Comment`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`name` as `angel_type` FROM `ShiftEntry` JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`) JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `ShiftEntry`.`id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1");
- if (count($shift) > 0) {
- $shift = $shift[0];
+ if (isset ($_REQUEST['reset'])) {
+ if ($_REQUEST['reset'] == "ack") {
+ user_reset_ical_key($user);
+ success("Key geändert.");
+ redirect(page_link_to('user_myshifts'));
+ }
+ return template_render('../templates/user_myshifts_reset.html', array ());
+ }
+ elseif (isset ($_REQUEST['edit']) && preg_match("/^[0-9]*$/", $_REQUEST['edit'])) {
+ $id = $_REQUEST['edit'];
+ $shift = sql_select("SELECT `ShiftEntry`.`Comment`, `ShiftEntry`.`UID`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`name` as `angel_type` FROM `ShiftEntry` JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`) JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `ShiftEntry`.`id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1");
+ if (count($shift) > 0) {
+ $shift = $shift[0];
- if (isset ($_REQUEST['submit'])) {
- $comment = strip_request_item_nl('comment');
- sql_query("UPDATE `ShiftEntry` SET `Comment`='" . sql_escape($comment) . "' WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+ if (isset ($_REQUEST['submit'])) {
+ $comment = strip_request_item_nl('comment');
+ $user_source = User($shift['UID']);
+ sql_query("UPDATE `ShiftEntry` SET `Comment`='" . sql_escape($comment) . "' WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+ engelsystem_log("Updated " . $user_source['Nick'] . "'s shift " . $shift['name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end']) . " with comment " . $comment);
+ success("Schicht gespeichert.");
+ redirect(page_link_to('user_myshifts'));
+ }
- success("Schicht gespeichert.");
- redirect(page_link_to('user_myshifts'));
- }
+ return template_render('../templates/user_shifts_add.html', array (
+ 'angel' => $shifts_user['Nick'],
+ 'date' => date("Y-m-d H:i", $shift['start']) . ', ' . shift_length($shift),
+ 'location' => $shift['Name'],
+ 'title' => $shift['name'],
+ 'type' => $shift['angel_type'],
+ 'comment' => $shift['Comment']
+ ));
+ } else
+ redirect(page_link_to('user_myshifts'));
+ }
+ elseif (isset ($_REQUEST['cancel']) && preg_match("/^[0-9]*$/", $_REQUEST['cancel'])) {
+ $id = $_REQUEST['cancel'];
+ $shift = sql_select("SELECT * FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1");
+ if (count($shift) > 0) {
+ $shift = $shift[0];
+ if (($shift['start'] - time() < $LETZTES_AUSTRAGEN * 3600) || in_array('user_shifts_admin', $privileges)) {
+ sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+ $msg .= success(Get_Text("pub_myshifts_signed_off"), true);
+ } else
+ $msg .= error(Get_Text("pub_myshifts_too_late"), true);
+ } else
+ redirect(page_link_to('user_myshifts'));
+ }
+ $shifts = sql_select("SELECT * FROM `ShiftEntry` JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `UID`=" . sql_escape($shifts_user['UID']) . " ORDER BY `start`");
- return template_render('../templates/user_shifts_add.html', array (
- 'angel' => $shifts_user['Nick'],
- 'date' => date("Y-m-d H:i", $shift['start']) . ', ' . shift_length($shift),
- 'location' => $shift['Name'],
- 'title' => $shift['name'],
- 'type' => $shift['angel_type'],
- 'comment' => $shift['Comment']
- ));
- } else
- redirect(page_link_to('user_myshifts'));
- }
- elseif (isset ($_REQUEST['cancel']) && preg_match("/^[0-9]*$/", $_REQUEST['cancel'])) {
- $id = $_REQUEST['cancel'];
- $shift = sql_select("SELECT * FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1");
- if (count($shift) > 0) {
- $shift = $shift[0];
- if (($shift['start'] - time() < $LETZTES_AUSTRAGEN * 3600) || in_array('user_shifts_admin', $privileges)) {
- sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
- $msg .= success(Get_Text("pub_myshifts_signed_off"), true);
- } else
- $msg .= error(Get_Text("pub_myshifts_too_late"), true);
- } else
- redirect(page_link_to('user_myshifts'));
- }
- $shifts = sql_select("SELECT * FROM `ShiftEntry` JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `UID`=" . sql_escape($shifts_user['UID']) . " ORDER BY `start`");
+ $html = "";
+ foreach ($shifts as $shift) {
+ if (time() > $shift['end'])
+ $html .= '';
+ else
+ $html .= ' ';
+ $html .= '' . date("Y-m-d", $shift['start']) . ' ';
+ $html .= '' . date("H:i", $shift['start']) . ' - ' . date("H:i", $shift['end']) . ' ';
+ $html .= '' . $shift['Name'] . ' ';
+ $html .= '' . $shift['name'] . ' ';
+ $html .= '' . $shift['Comment'] . ' ';
+ $html .= '';
+ $html .= '' . Get_Text('edit') . ' ';
+ if ($shift['start'] - time() > $LETZTES_AUSTRAGEN * 3600)
+ $html .= ' | ' . Get_Text('sign_off') . ' ';
+ $html .= ' ';
+ $html .= ' ';
+ }
+ if ($html == "")
+ $html = '' . ucfirst(Get_Text('none')) . '... ' . sprintf(Get_Text('pub_myshifts_goto_shifts'), page_link_to('user_shifts')) . ' ';
- $html = "";
- foreach ($shifts as $shift) {
- if (time() > $shift['end'])
- $html .= '';
- else
- $html .= ' ';
- $html .= '' . date("Y-m-d", $shift['start']) . ' ';
- $html .= '' . date("H:i", $shift['start']) . ' - ' . date("H:i", $shift['end']) . ' ';
- $html .= '' . $shift['Name'] . ' ';
- $html .= '' . $shift['name'] . ' ';
- $html .= '' . $shift['Comment'] . ' ';
- $html .= '';
- $html .= '' . Get_Text('edit') . ' ';
- if ($shift['start'] - time() > $LETZTES_AUSTRAGEN * 3600)
- $html .= ' | ' . Get_Text('sign_off') . ' ';
- $html .= ' ';
- $html .= ' ';
- }
- if ($html == "")
- $html = '' . ucfirst(Get_Text('none')) . '... ' . sprintf(Get_Text('pub_myshifts_goto_shifts'), page_link_to('user_shifts')) . ' ';
-
- if ($shifts_user['ical_key'] == "")
- user_reset_ical_key($shifts_user);
-
- return msg().template_render('../templates/user_myshifts.html', array (
- 'intro' => sprintf(Get_Text('pub_myshifts_intro'), $LETZTES_AUSTRAGEN),
- 'shifts' => $html,
- 'msg' => $msg,
- 'ical_text' => sprintf(Get_Text('inc_schicht_ical_text'),
- page_link_to_absolute('ical') . '&key=' . $shifts_user['ical_key'],
- page_link_to('user_myshifts') . '&reset'),
-));
+ return msg().template_render('../templates/user_myshifts.html', array (
+ 'intro' => sprintf(Get_Text('pub_myshifts_intro'), $LETZTES_AUSTRAGEN),
+ 'shifts' => $html,
+ 'msg' => $msg,
+ 'ical_text' => sprintf(Get_Text('inc_schicht_ical_text'),
+ page_link_to_absolute('ical') . '&key=' . $shifts_user['ical_key'],
+ page_link_to('user_myshifts') . '&reset'),
+ ));
}
?>
diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php
index fcf2437c..95cc345e 100644
--- a/includes/pages/user_news.php
+++ b/includes/pages/user_news.php
@@ -58,6 +58,7 @@ function user_news_comments() {
if (isset ($_REQUEST["text"])) {
$text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
sql_query("INSERT INTO `news_comments` (`Refid`, `Datum`, `Text`, `UID`) VALUES ('" . sql_escape($nid) . "', '" . date("Y-m-d H:i:s") . "', '" . sql_escape($text) . "', '" . sql_escape($user["UID"]) . "')");
+ engelsystem_log("Created news_comment: " . $text);
$html .= success("Eintrag wurde gespeichert", true);
}
@@ -114,6 +115,7 @@ function user_news() {
sql_query("INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) " .
"VALUES ('" . sql_escape(time()) . "', '" . sql_escape($_POST["betreff"]) . "', '" . sql_escape($_POST["text"]) . "', '" . sql_escape($user['UID']) .
"', '" . sql_escape($_POST["treffen"]) . "');");
+ engelsystem_log("Created news: " . $_POST["betreff"] . ", treffen: " . $_POST["treffen"]);
$html .= success(Get_Text(4), true);
}
diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php
index 14dcf96f..70033d18 100644
--- a/includes/pages/user_settings.php
+++ b/includes/pages/user_settings.php
@@ -1,201 +1,207 @@
1) {
- $nick = strip_request_item('nick');
- if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) {
- $ok = false;
- $msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick3"), $nick), true);
- }
- } else {
- $ok = false;
- $msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick2"), strip_request_item('nick')), true);
- }
-
- if (isset ($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) {
- $mail = strip_request_item('mail');
- if (!check_email($mail)) {
- $ok = false;
- $msg .= error(Get_Text("makeuser_error_mail"), true);
- }
- } else {
- $ok = false;
- $msg .= error("Please enter your e-mail.", true);
- }
-
- if (isset ($_REQUEST['icq']))
- $icq = strip_request_item('icq');
- if (isset ($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) {
- $jabber = strip_request_item('jabber');
- if (!check_email($jabber)) {
- $ok = false;
- $msg .= error("Please check your jabber.", true);
- }
- }
-
- if (isset ($_REQUEST['tshirt_size']) && isset ($tshirt_sizes[$_REQUEST['tshirt_size']]))
- $tshirt_size = $_REQUEST['tshirt_size'];
- else {
- $ok = false;
- }
-
- $selected_angel_types = array ();
- foreach ($angel_types as $angel_type_id => $angel_type_name)
- if (isset ($_REQUEST['angel_types_' . $angel_type_id]))
- $selected_angel_types[] = $angel_type_id;
-
- // Trivia
- if (isset ($_REQUEST['lastname']))
- $lastname = strip_request_item('lastname');
- if (isset ($_REQUEST['prename']))
- $prename = strip_request_item('prename');
- if (isset ($_REQUEST['age']) && preg_match("/^[0-9]{0,4}$/", $_REQUEST['age']))
- $age = strip_request_item('age');
- if (isset ($_REQUEST['tel']))
- $tel = strip_request_item('tel');
- if (isset ($_REQUEST['dect']))
- $dect = strip_request_item('dect');
- if (isset ($_REQUEST['mobile']))
- $mobile = strip_request_item('mobile');
- if (isset ($_REQUEST['hometown']))
- $hometown = strip_request_item('hometown');
-
- if ($ok) {
- sql_query("UPDATE `User` SET `Nick`='" . sql_escape($nick) . "', `Vorname`='" . sql_escape($prename) . "', `Name`='" . sql_escape($lastname) .
- "', `Alter`='" . sql_escape($age) . "', `Telefon`='" . sql_escape($tel) . "', `DECT`='" . sql_escape($dect) . "', `Handy`='" . sql_escape($mobile) .
- "', `email`='" . sql_escape($mail) . "', `ICQ`='" . sql_escape($icq) . "', `jabber`='" . sql_escape($jabber) . "', `Size`='" . sql_escape($tshirt_size) .
- "', `Hometown`='" . sql_escape($hometown) . "' WHERE `UID`=" . sql_escape($user['UID']));
-
- // Assign angel-types
- foreach ($angel_types_source as $angel_type)
- if (!in_array($angel_type['id'], $selected_angel_types))
- sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID']) . " AND `angeltype_id`=" . sql_escape($angel_type['id']) . " LIMIT 1");
-
- foreach ($selected_angel_types as $selected_angel_type_id)
- if (sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID']) . " AND `angeltype_id`=" . sql_escape($selected_angel_type_id) . " LIMIT 1") == 0)
- sql_query("INSERT INTO `UserAngelTypes` SET `user_id`=" . sql_escape($user['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id));
-
- success("Settings saved.");
- redirect(page_link_to('user_settings'));
- }
- }
- elseif (isset ($_REQUEST['submit_password'])) {
- $ok = true;
-
- if (!isset ($_REQUEST['password']) || !verify_password($_REQUEST['password'], $user['Passwort'], $user['UID']))
- $msg .= error(Get_Text(30), true);
- elseif (strlen($_REQUEST['new_password']) < MIN_PASSWORD_LENGTH)
- $msg .= error(Get_Text("makeuser_error_password2"));
- elseif ($_REQUEST['new_password'] != $_REQUEST['new_password2'])
- $msg .= error(Get_Text("makeuser_error_password1"), true);
- elseif(set_password($user['UID'], $_REQUEST['new_password']))
- success("Password saved.");
- else
- error("Failed setting password.");
- redirect(page_link_to('user_settings'));
- }
- elseif (isset ($_REQUEST['submit_theme'])) {
- $ok = true;
-
- if (isset ($_REQUEST['theme']) && isset ($themes[$_REQUEST['theme']]))
- $selected_theme = $_REQUEST['theme'];
- else
- $ok = false;
-
- if ($ok) {
- sql_query("UPDATE `User` SET `color`='" . sql_escape($selected_theme) . "' WHERE `UID`=" . sql_escape($user['UID']));
-
- success("Theme changed.");
- redirect(page_link_to('user_settings'));
- }
- }
- elseif (isset ($_REQUEST['submit_language'])) {
- $ok = true;
-
- if (isset ($_REQUEST['language']) && isset ($languages[$_REQUEST['language']]))
- $selected_language = $_REQUEST['language'];
- else
- $ok = false;
-
- if ($ok) {
- sql_query("UPDATE `User` SET `Sprache`='" . sql_escape($selected_language) . "' WHERE `UID`=" . sql_escape($user['UID']));
- $_SESSION['Sprache'] = $selected_language;
-
- success("Language changed.");
- redirect(page_link_to('user_settings'));
- }
- }
-
- return page(array (
- sprintf(Get_Text("Hallo") . "%s, " . Get_Text(13), $user['Nick']),
- $msg,
- msg(),
- form(array (
- form_info("", Get_Text("pub_einstellungen_Text_UserData")),
- form_text('nick', Get_Text("makeuser_Nickname") . "*", $nick),
- form_text('lastname', Get_Text("makeuser_Nachname"), $lastname),
- form_text('prename', Get_Text("makeuser_Vorname"), $prename),
- form_text('age', Get_Text("makeuser_Alter"), $age),
- form_text('tel', Get_Text("makeuser_Telefon"), $tel),
- form_text('dect', Get_Text("makeuser_DECT"), $dect),
- form_text('mobile', Get_Text("makeuser_Handy"), $mobile),
- form_text('mail', Get_Text("makeuser_E-Mail") . "*", $mail),
- form_text('icq', "ICQ", $icq),
- form_text('jabber', "Jabber", $jabber),
- form_text('hometown', Get_Text("makeuser_Hometown"), $hometown),
- $enable_tshirt_size ? form_select('tshirt_size', Get_Text("makeuser_T-Shirt"), $tshirt_sizes, $tshirt_size) : '',
- form_checkboxes('angel_types', "What do you want to do?", $angel_types, $selected_angel_types),
- form_submit('submit', Get_Text("save"))
- )),
- form(array (
- form_info("", Get_Text(14)),
- form_password('password', Get_Text(15)),
- form_password('new_password', Get_Text(16)),
- form_password('new_password2', Get_Text(17)),
- form_submit('submit_password', Get_Text("save"))
- )),
- form(array (
- form_info("", Get_Text(18)),
- form_select('theme', Get_Text(19), $themes, $selected_theme),
- form_submit('submit_theme', Get_Text("save"))
- )),
- form(array (
- form_info("", Get_Text(20)),
- form_select('language', Get_Text(21), $languages, $selected_language),
- form_submit('submit_language', Get_Text("save"))
- ))
- ));
+ global $enable_tshirt_size, $tshirt_sizes, $themes, $languages;
+ global $user;
+
+ $msg = "";
+ $nick = $user['Nick'];
+ $lastname = $user['Name'];
+ $prename = $user['Vorname'];
+ $age = $user['Alter'];
+ $tel = $user['Telefon'];
+ $dect = $user['DECT'];
+ $mobile = $user['Handy'];
+ $mail = $user['email'];
+ $icq = $user['ICQ'];
+ $jabber = $user['jabber'];
+ $hometown = $user['Hometown'];
+ $tshirt_size = $user['Size'];
+ $password_hash = "";
+ $selected_theme = $user['color'];
+ $selected_language = $user['Sprache'];
+
+ $selected_angel_types_source = sql_select("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID']));
+ $selected_angel_types = array ();
+ foreach ($selected_angel_types_source as $selected_angel_type)
+ $selected_angel_types[] = $selected_angel_type['angeltype_id'];
+
+ $angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`");
+ $angel_types = array ();
+ foreach ($angel_types_source as $angel_type)
+ $angel_types[$angel_type['id']] = $angel_type['name'] . ($angel_type['restricted'] ? " (restricted)" : "");
+
+ if (isset ($_REQUEST['submit'])) {
+ $ok = true;
+
+ if (isset ($_REQUEST['nick']) && strlen(strip_request_item('nick')) > 1) {
+ $nick = strip_request_item('nick');
+ if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) {
+ $ok = false;
+ $msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick3"), $nick), true);
+ }
+ } else {
+ $ok = false;
+ $msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick2"), strip_request_item('nick')), true);
+ }
+
+ if (isset ($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) {
+ $mail = strip_request_item('mail');
+ if (!check_email($mail)) {
+ $ok = false;
+ $msg .= error(Get_Text("makeuser_error_mail"), true);
+ }
+ } else {
+ $ok = false;
+ $msg .= error("Please enter your e-mail.", true);
+ }
+
+ if (isset ($_REQUEST['icq']))
+ $icq = strip_request_item('icq');
+ if (isset ($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) {
+ $jabber = strip_request_item('jabber');
+ if (!check_email($jabber)) {
+ $ok = false;
+ $msg .= error("Please check your jabber.", true);
+ }
+ }
+
+ if (isset ($_REQUEST['tshirt_size']) && isset ($tshirt_sizes[$_REQUEST['tshirt_size']]))
+ $tshirt_size = $_REQUEST['tshirt_size'];
+ else {
+ $ok = false;
+ }
+
+ $selected_angel_types = array ();
+ foreach ($angel_types as $angel_type_id => $angel_type_name)
+ if (isset ($_REQUEST['angel_types_' . $angel_type_id]))
+ $selected_angel_types[] = $angel_type_id;
+
+ // Trivia
+ if (isset ($_REQUEST['lastname']))
+ $lastname = strip_request_item('lastname');
+ if (isset ($_REQUEST['prename']))
+ $prename = strip_request_item('prename');
+ if (isset ($_REQUEST['age']) && preg_match("/^[0-9]{0,4}$/", $_REQUEST['age']))
+ $age = strip_request_item('age');
+ if (isset ($_REQUEST['tel']))
+ $tel = strip_request_item('tel');
+ if (isset ($_REQUEST['dect']))
+ $dect = strip_request_item('dect');
+ if (isset ($_REQUEST['mobile']))
+ $mobile = strip_request_item('mobile');
+ if (isset ($_REQUEST['hometown']))
+ $hometown = strip_request_item('hometown');
+
+ if ($ok) {
+ sql_query("UPDATE `User` SET `Nick`='" . sql_escape($nick) . "', `Vorname`='" . sql_escape($prename) . "', `Name`='" . sql_escape($lastname) .
+ "', `Alter`='" . sql_escape($age) . "', `Telefon`='" . sql_escape($tel) . "', `DECT`='" . sql_escape($dect) . "', `Handy`='" . sql_escape($mobile) .
+ "', `email`='" . sql_escape($mail) . "', `ICQ`='" . sql_escape($icq) . "', `jabber`='" . sql_escape($jabber) . "', `Size`='" . sql_escape($tshirt_size) .
+ "', `Hometown`='" . sql_escape($hometown) . "' WHERE `UID`=" . sql_escape($user['UID']));
+
+ // Assign angel-types
+ $user_angel_type_info = array();
+ foreach ($angel_types_source as $angel_type) {
+ if (!in_array($angel_type['id'], $selected_angel_types))
+ sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID']) . " AND `angeltype_id`=" . sql_escape($angel_type['id']) . " LIMIT 1");
+ else
+ $user_angel_type_info[] = $angel_type['name'];
+ }
+
+ foreach ($selected_angel_types as $selected_angel_type_id) {
+ if (sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID']) . " AND `angeltype_id`=" . sql_escape($selected_angel_type_id) . " LIMIT 1") == 0)
+ sql_query("INSERT INTO `UserAngelTypes` SET `user_id`=" . sql_escape($user['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id));
+ }
+
+ engelsystem_log("Own angel types set to: " . join(", ", $user_angel_type_info));
+ success("Settings saved.");
+ redirect(page_link_to('user_settings'));
+ }
+ }
+ elseif (isset ($_REQUEST['submit_password'])) {
+ $ok = true;
+
+ if (!isset ($_REQUEST['password']) || !verify_password($_REQUEST['password'], $user['Passwort'], $user['UID']))
+ $msg .= error(Get_Text(30), true);
+ elseif (strlen($_REQUEST['new_password']) < MIN_PASSWORD_LENGTH)
+ $msg .= error(Get_Text("makeuser_error_password2"));
+ elseif ($_REQUEST['new_password'] != $_REQUEST['new_password2'])
+ $msg .= error(Get_Text("makeuser_error_password1"), true);
+ elseif(set_password($user['UID'], $_REQUEST['new_password']))
+ success("Password saved.");
+ else
+ error("Failed setting password.");
+ redirect(page_link_to('user_settings'));
+ }
+ elseif (isset ($_REQUEST['submit_theme'])) {
+ $ok = true;
+
+ if (isset ($_REQUEST['theme']) && isset ($themes[$_REQUEST['theme']]))
+ $selected_theme = $_REQUEST['theme'];
+ else
+ $ok = false;
+
+ if ($ok) {
+ sql_query("UPDATE `User` SET `color`='" . sql_escape($selected_theme) . "' WHERE `UID`=" . sql_escape($user['UID']));
+
+ success("Theme changed.");
+ redirect(page_link_to('user_settings'));
+ }
+ }
+ elseif (isset ($_REQUEST['submit_language'])) {
+ $ok = true;
+
+ if (isset ($_REQUEST['language']) && isset ($languages[$_REQUEST['language']]))
+ $selected_language = $_REQUEST['language'];
+ else
+ $ok = false;
+
+ if ($ok) {
+ sql_query("UPDATE `User` SET `Sprache`='" . sql_escape($selected_language) . "' WHERE `UID`=" . sql_escape($user['UID']));
+ $_SESSION['Sprache'] = $selected_language;
+
+ success("Language changed.");
+ redirect(page_link_to('user_settings'));
+ }
+ }
+
+ return page(array (
+ sprintf(Get_Text("Hallo") . "%s, " . Get_Text(13), $user['Nick']),
+ $msg,
+ msg(),
+ form(array (
+ form_info("", Get_Text("pub_einstellungen_Text_UserData")),
+ form_text('nick', Get_Text("makeuser_Nickname") . "*", $nick),
+ form_text('lastname', Get_Text("makeuser_Nachname"), $lastname),
+ form_text('prename', Get_Text("makeuser_Vorname"), $prename),
+ form_text('age', Get_Text("makeuser_Alter"), $age),
+ form_text('tel', Get_Text("makeuser_Telefon"), $tel),
+ form_text('dect', Get_Text("makeuser_DECT"), $dect),
+ form_text('mobile', Get_Text("makeuser_Handy"), $mobile),
+ form_text('mail', Get_Text("makeuser_E-Mail") . "*", $mail),
+ form_text('icq', "ICQ", $icq),
+ form_text('jabber', "Jabber", $jabber),
+ form_text('hometown', Get_Text("makeuser_Hometown"), $hometown),
+ $enable_tshirt_size ? form_select('tshirt_size', Get_Text("makeuser_T-Shirt"), $tshirt_sizes, $tshirt_size) : '',
+ form_checkboxes('angel_types', "What do you want to do?", $angel_types, $selected_angel_types),
+ form_submit('submit', Get_Text("save"))
+ )),
+ form(array (
+ form_info("", Get_Text(14)),
+ form_password('password', Get_Text(15)),
+ form_password('new_password', Get_Text(16)),
+ form_password('new_password2', Get_Text(17)),
+ form_submit('submit_password', Get_Text("save"))
+ )),
+ form(array (
+ form_info("", Get_Text(18)),
+ form_select('theme', Get_Text(19), $themes, $selected_theme),
+ form_submit('submit_theme', Get_Text("save"))
+ )),
+ form(array (
+ form_info("", Get_Text(20)),
+ form_select('language', Get_Text(21), $languages, $selected_language),
+ form_submit('submit_language', Get_Text("save"))
+ ))
+ ));
}
?>
diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php
index d627e3a2..3fb8e91f 100644
--- a/includes/pages/user_shifts.php
+++ b/includes/pages/user_shifts.php
@@ -9,8 +9,15 @@ function user_shifts() {
else
redirect(page_link_to('user_shifts'));
- sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($entry_id) . " LIMIT 1");
- success("Der Schicht-Eintrag wurde gelöscht.");
+ $shift_entry_source = sql_select("SELECT `User`.`Nick`, `ShiftEntry`.`Comment`, `ShiftEntry`.`UID`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`name` as `angel_type` FROM `ShiftEntry` JOIN `User` ON (`User`.`UID`=`ShiftEntry`.`UID`) JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`) JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `ShiftEntry`.`id`=" . sql_escape($entry_id) . " LIMIT 1");
+ if(count($shift_entry_source) > 0) {
+ $shift_entry_source = $shift_entry_source[0];
+ sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($entry_id) . " LIMIT 1");
+
+ engelsystem_log("Deleted " . $shift_entry_source['Nick'] . "'s shift: " . $shift_entry_source['name'] . " at " . $shift_entry_source['Name'] . " from " . date("y-m-d H:i", $shift_entry_source['start']) . " to " . date("y-m-d H:i", $shift_entry_source['end']) . " as " . $shift_entry_source['angel_type']);
+ success("Der Schicht-Eintrag wurde gelöscht.");
+ }
+ else error("Entry not found.");
redirect(page_link_to('user_shifts'));
}
// Schicht bearbeiten
@@ -43,9 +50,12 @@ function user_shifts() {
// Engeltypen laden
$types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`");
+ $angel_types = array();
$needed_angel_types = array ();
- foreach ($types as $type)
+ foreach ($types as $type) {
+ $angel_types[$type['id']] = $type;
$needed_angel_types[$type['id']] = 0;
+ }
// Benötigte Engeltypen vom Raum
$needed_angel_types_source = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `AngelTypes` LEFT JOIN `NeededAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id` AND `NeededAngelTypes`.`room_id`=" . sql_escape($shift['RID']) . ") ORDER BY `AngelTypes`.`name`");
@@ -110,8 +120,13 @@ function user_shifts() {
if ($ok) {
sql_query("UPDATE `Shifts` SET `start`=" . sql_escape($start) . ", `end`=" . sql_escape($end) . ", `RID`=" . sql_escape($rid) . ", `name`='" . sql_escape($name) . "' WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1");
sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`=" . sql_escape($shift_id));
- foreach ($needed_angel_types as $type_id => $count)
+ $needed_angel_types_info = array();
+ foreach ($needed_angel_types as $type_id => $count) {
sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count));
+ $needed_angel_types_info[] = $angel_types[$type_id];
+ }
+
+ engelsystem_log("Updated shift " . $name . " from " . date("y-m-d H:i", $start) . " to " . date("y-m-d H:i", $end) . " with angel types " . join(", ", $needed_angel_types_info));
success("Schicht gespeichert.");
redirect(page_link_to('user_shifts'));
}
@@ -155,6 +170,7 @@ function user_shifts() {
sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`=" . sql_escape($shift_id));
sql_query("DELETE FROM `Shifts` WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1");
+ engelsystem_log("Deleted shift " . $shift['name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end']));
success("Die Schicht wurde gelöscht.");
redirect(page_link_to('user_shifts'));
}
@@ -222,6 +238,8 @@ function user_shifts() {
$comment = strip_request_item_nl('comment');
sql_query("INSERT INTO `ShiftEntry` SET `Comment`='" . sql_escape($comment) . "', `UID`=" . sql_escape($user_id) . ", `TID`=" . sql_escape($selected_type_id) . ", `SID`=" . sql_escape($shift_id));
+ $user_source = User($user_id);
+ engelsystem_log("User " . $user_source['Nick'] . " signed up for shift " . $shift['name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end']));
success("Du bist eingetragen. Danke!" . ' Meine Schichten » ');
redirect(page_link_to('user_shifts'));
}
diff --git a/includes/sys_user.php b/includes/sys_user.php
index 20d9eca0..88002706 100644
--- a/includes/sys_user.php
+++ b/includes/sys_user.php
@@ -6,125 +6,126 @@
*/
$tshirt_sizes = array (
'' => "Please select...",
- 'S' => "S",
- 'M' => "M",
- 'L' => "L",
- 'XL' => "XL",
- '2XL' => "2XL",
- '3XL' => "3XL",
- '4XL' => "4XL",
- '5XL' => "5XL",
- 'S-G' => "S Girl",
- 'M-G' => "M Girl",
- 'L-G' => "L Girl",
- 'XL-G' => "XL Girl"
+ 'S' => "S",
+ 'M' => "M",
+ 'L' => "L",
+ 'XL' => "XL",
+ '2XL' => "2XL",
+ '3XL' => "3XL",
+ '4XL' => "4XL",
+ '5XL' => "5XL",
+ 'S-G' => "S Girl",
+ 'M-G' => "M Girl",
+ 'L-G' => "L Girl",
+ 'XL-G' => "XL Girl"
);
function user_reset_ical_key($user) {
- $user['ical_key'] = md5($user['Nick'] . time() . rand());
- sql_query("UPDATE `User` SET `ical_key`='" . sql_escape($user['ical_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1");
+ $user['ical_key'] = md5($user['Nick'] . time() . rand());
+ sql_query("UPDATE `User` SET `ical_key`='" . sql_escape($user['ical_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1");
+ engelsystem_log("iCal key resetted.");
}
function UID2Nick($UID) {
- if ($UID > 0)
- $SQL = "SELECT Nick FROM `User` WHERE UID='" . sql_escape($UID) . "'";
- else
- $SQL = "SELECT Name FROM `Groups` WHERE UID='" . sql_escape($UID) . "'";
-
- $Erg = sql_select($SQL);
-
- if (count($Erg) > 0) {
- if ($UID > 0)
- return $Erg[0]['Nick'];
- else
- return "Group-" . $Erg[0]['Name'];
- } else {
- if ($UID == -1)
- return "Guest";
- else
- return "UserID $UID not found";
- }
+ if ($UID > 0)
+ $SQL = "SELECT Nick FROM `User` WHERE UID='" . sql_escape($UID) . "'";
+ else
+ $SQL = "SELECT Name FROM `Groups` WHERE UID='" . sql_escape($UID) . "'";
+
+ $Erg = sql_select($SQL);
+
+ if (count($Erg) > 0) {
+ if ($UID > 0)
+ return $Erg[0]['Nick'];
+ else
+ return "Group-" . $Erg[0]['Name'];
+ } else {
+ if ($UID == -1)
+ return "Guest";
+ else
+ return "UserID $UID not found";
+ }
}
function TID2Type($TID) {
- global $con;
+ global $con;
- $SQL = "SELECT Name FROM `EngelType` WHERE TID='" . sql_escape($TID) . "'";
- $Erg = mysql_query($SQL, $con);
+ $SQL = "SELECT Name FROM `EngelType` WHERE TID='" . sql_escape($TID) . "'";
+ $Erg = mysql_query($SQL, $con);
- if (mysql_num_rows($Erg))
- return mysql_result($Erg, 0);
- else
- return "";
+ if (mysql_num_rows($Erg))
+ return mysql_result($Erg, 0);
+ else
+ return "";
}
function ReplaceSmilies($neueckig) {
- $neueckig = str_replace(";o))", " ", $neueckig);
- $neueckig = str_replace(":-))", " ", $neueckig);
- $neueckig = str_replace(";o)", " ", $neueckig);
- $neueckig = str_replace(":)", " ", $neueckig);
- $neueckig = str_replace(":-)", " ", $neueckig);
- $neueckig = str_replace(":(", " ", $neueckig);
- $neueckig = str_replace(":-(", " ", $neueckig);
- $neueckig = str_replace(":o(", " ", $neueckig);
- $neueckig = str_replace(":o)", " ", $neueckig);
- $neueckig = str_replace(";o(", " ", $neueckig);
- $neueckig = str_replace(";(", " ", $neueckig);
- $neueckig = str_replace(";-(", " ", $neueckig);
- $neueckig = str_replace("8)", " ", $neueckig);
- $neueckig = str_replace("8o)", " ", $neueckig);
- $neueckig = str_replace(":P", " ", $neueckig);
- $neueckig = str_replace(":-P", " ", $neueckig);
- $neueckig = str_replace(":oP", " ", $neueckig);
- $neueckig = str_replace(";P", " ", $neueckig);
- $neueckig = str_replace(";oP", " ", $neueckig);
- $neueckig = str_replace("?)", " ", $neueckig);
-
- return $neueckig;
+ $neueckig = str_replace(";o))", " ", $neueckig);
+ $neueckig = str_replace(":-))", " ", $neueckig);
+ $neueckig = str_replace(";o)", " ", $neueckig);
+ $neueckig = str_replace(":)", " ", $neueckig);
+ $neueckig = str_replace(":-)", " ", $neueckig);
+ $neueckig = str_replace(":(", " ", $neueckig);
+ $neueckig = str_replace(":-(", " ", $neueckig);
+ $neueckig = str_replace(":o(", " ", $neueckig);
+ $neueckig = str_replace(":o)", " ", $neueckig);
+ $neueckig = str_replace(";o(", " ", $neueckig);
+ $neueckig = str_replace(";(", " ", $neueckig);
+ $neueckig = str_replace(";-(", " ", $neueckig);
+ $neueckig = str_replace("8)", " ", $neueckig);
+ $neueckig = str_replace("8o)", " ", $neueckig);
+ $neueckig = str_replace(":P", " ", $neueckig);
+ $neueckig = str_replace(":-P", " ", $neueckig);
+ $neueckig = str_replace(":oP", " ", $neueckig);
+ $neueckig = str_replace(";P", " ", $neueckig);
+ $neueckig = str_replace(";oP", " ", $neueckig);
+ $neueckig = str_replace("?)", " ", $neueckig);
+
+ return $neueckig;
}
function GetPictureShow($UID) {
- global $con;
+ global $con;
- $SQL = "SELECT `show` FROM `UserPicture` WHERE `UID`='" . sql_escape($UID) . "'";
- $res = mysql_query($SQL, $con);
+ $SQL = "SELECT `show` FROM `UserPicture` WHERE `UID`='" . sql_escape($UID) . "'";
+ $res = mysql_query($SQL, $con);
- if (mysql_num_rows($res) == 1)
- return mysql_result($res, 0, 0);
- else
- return "";
+ if (mysql_num_rows($res) == 1)
+ return mysql_result($res, 0, 0);
+ else
+ return "";
}
function displayPicture($UID, $height = "30") {
- global $url, $ENGEL_ROOT;
+ global $url, $ENGEL_ROOT;
- if ($height > 0)
- return ("");
- else
- return ("");
+ if ($height > 0)
+ return ("");
+ else
+ return ("");
}
function displayavatar($UID, $height = "30") {
- global $con, $url, $ENGEL_ROOT;
+ global $con, $url, $ENGEL_ROOT;
- if (GetPictureShow($UID) == 'Y')
- return " " . displayPicture($UID, $height);
+ if (GetPictureShow($UID) == 'Y')
+ return " " . displayPicture($UID, $height);
- $user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($UID) . " LIMIT 1");
- if (count($user) > 0)
- if ($user[0]['Avatar'] > 0)
- return '' . ("
") . '
';
+ $user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($UID) . " LIMIT 1");
+ if (count($user) > 0)
+ if ($user[0]['Avatar'] > 0)
+ return '' . ("
") . '
';
}
function UIDgekommen($UID) {
- global $con;
+ global $con;
- $SQL = "SELECT `Gekommen` FROM `User` WHERE UID='" . sql_escape($UID) . "'";
- $Erg = mysql_query($SQL, $con);
+ $SQL = "SELECT `Gekommen` FROM `User` WHERE UID='" . sql_escape($UID) . "'";
+ $Erg = mysql_query($SQL, $con);
- if (mysql_num_rows($Erg))
- return mysql_result($Erg, 0);
- else
- return "0";
+ if (mysql_num_rows($Erg))
+ return mysql_result($Erg, 0);
+ else
+ return "0";
}
?>
diff --git a/templates/user_questions.html b/templates/user_questions.html
index 4cbe0338..0167ba6d 100644
--- a/templates/user_questions.html
+++ b/templates/user_questions.html
@@ -43,7 +43,7 @@
- Frage einen Orga:
+ Frage einen Erzengel:
From 74098af09d11d0af1292b17e6df0483a303b6cce Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philip=20H=C3=A4usler?=
Date: Wed, 26 Dec 2012 20:36:31 +0100
Subject: [PATCH 09/14] #28 finnished logging
---
includes/model/LogEntries_model.php | 7 ++-
includes/pages/admin_log.php | 86 +++++------------------------
public/index.php | 3 +
3 files changed, 24 insertions(+), 72 deletions(-)
diff --git a/includes/model/LogEntries_model.php b/includes/model/LogEntries_model.php
index d8615f0e..5659c0ee 100644
--- a/includes/model/LogEntries_model.php
+++ b/includes/model/LogEntries_model.php
@@ -6,10 +6,15 @@
* @param $message Log Message
*/
function LogEntry_create($nick, $message) {
- $timestamp = date();
+ $timestamp = time();
sql_query("INSERT INTO `LogEntries` SET `timestamp`=" . sql_escape($timestamp) . ", `nick`='" . sql_escape($nick) . "', `message`='" . sql_escape($message) . "'");
}
+function LogEntries() {
+ $log_entries_source = sql_select("SELECT * FROM `LogEntries` WHERE `timestamp` > " . (time() - 24*60*60) . " LIMIT 1000");
+ return $log_entries_source;
+}
+
?>
\ No newline at end of file
diff --git a/includes/pages/admin_log.php b/includes/pages/admin_log.php
index 4a29a496..ce30a246 100644
--- a/includes/pages/admin_log.php
+++ b/includes/pages/admin_log.php
@@ -1,76 +1,20 @@
0) {
- $html .= "\n";
- $html .= "\n\tTime \n\tUser \n\tCommend \n\tSQL Command \n \n";
- for ($n = 0; $n < mysql_num_rows($Erg); $n++) {
- $html .= "\n";
- $html .= "\t" . mysql_result($Erg, $n, "Time") . " \n";
- $html .= "\t" . UID2Nick(mysql_result($Erg, $n, "UID")) . displayavatar(mysql_result($Erg, $n, "UID")) . " \n";
- $html .= "\t" . mysql_result($Erg, $n, "Commend") . " \n";
- $html .= "\t" . mysql_result($Erg, $n, "SQLCommad") . " \n";
- $html .= " \n";
- }
- $html .= "
\n";
- } else {
- $html .= "Log is empty...";
- }
- $html .= " ";
-
- $html .= "Web Counter ";
- $html .= funktion_db_list("Counter");
-
- /*
- $html .= "Raeume ";
- funktion_db_list("Raeume");
-
- $html .= "Schichtbelegung ";
- funktion_db_list("Schichtbelegung");
-
- $html .= "Schichtplan Hier findest du alle bisher eingetragenen Schichten:";
- funktion_db_list("Schichtplan");
-
- $html .= "User ";
- funktion_db_list("User");
-
- $html .= "News ";
- funktion_db_list("News");
-
- $html .= "FAQ ";
- funktion_db_list("FAQ");
-
- $html .= "Deaktiviert";
- */
-
- $html .= " \n";
- $html .= funktion_db_element_list_2row("Tshirt-Size aller engel", "SELECT `Size`, COUNT(`Size`) FROM `User` GROUP BY `Size`");
- $html .= " \n";
- $html .= funktion_db_element_list_2row("Tshirt ausgegeben", "SELECT `Size`, COUNT(`Size`) FROM `User` WHERE `Tshirt`='1' GROUP BY `Size`");
- $html .= " \n";
- $html .= funktion_db_element_list_2row("Tshirt nicht ausgegeben (Gekommen=1)", "SELECT COUNT(`Size`), `Size` FROM `User` WHERE `Gekommen`='1' and `Tshirt`='0' GROUP BY `Size`");
-
- $html .= " \n";
- $html .= funktion_db_element_list_2row("Hometown", "SELECT COUNT(`Hometown`), `Hometown` FROM `User` GROUP BY `Hometown`");
- $html .= " \n";
- $html .= funktion_db_element_list_2row("Engeltypen", "SELECT COUNT(`Art`), `Art` FROM `User` GROUP BY `Art`");
-
- $html .= " \n";
- $html .= funktion_db_element_list_2row("Gesamte Arbeit", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID)");
- $html .= " \n";
- $html .= funktion_db_element_list_2row("Geleistete Arbeit", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (ShiftEntry.UID!=0)");
-
- $html .= " \n";
- $html .= funktion_db_element_list_2row("Gesamte Arbeit (Ohne Raum Aufbau (RID=7)", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (Shifts.RID!=7)");
- $html .= " \n";
- $html .= funktion_db_element_list_2row("Geleistete Arbeit (Ohne Raum Aufbau (RID=7)", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (ShiftEntry.UID!=0) AND (Shifts.RID!=7)");
-
- return $html;
+ $log_entries_source = LogEntries();
+ $log_entries = array();
+ foreach($log_entries_source as $log_entry) {
+ $log_entry['date'] = date("H:i", $log_entry['timestamp']);
+ $log_entries[] = $log_entry;
+ }
+
+ return page(array(
+ msg(),
+ table(array(
+ 'date' => "Time",
+ 'nick' => "Angel",
+ 'message' => "Log Entry"
+ ), $log_entries)
+ ));
}
?>
diff --git a/public/index.php b/public/index.php
index bd7e552d..a7efbd86 100644
--- a/public/index.php
+++ b/public/index.php
@@ -11,6 +11,9 @@ require_once ('includes/sys_shift.php');
require_once ('includes/sys_template.php');
require_once ('includes/sys_user.php');
+require_once ('includes/model/LogEntries_model.php');
+require_once ('includes/model/User_model.php');
+
require_once ('config/config.php');
require_once ('config/config_db.php');
From 12fb781946ee73e6fdabe11dee236597270f5e00 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philip=20H=C3=A4usler?=
Date: Thu, 27 Dec 2012 02:07:49 +0100
Subject: [PATCH 10/14] #28 finnished logging
---
includes/pages/admin_user.php | 25 +++++++++----------------
1 file changed, 9 insertions(+), 16 deletions(-)
diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php
index a23abc0c..8d900c1b 100644
--- a/includes/pages/admin_user.php
+++ b/includes/pages/admin_user.php
@@ -110,10 +110,13 @@ function admin_user() {
// Assign angel-types
sql_start_transaction();
sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']));
+ $user_angel_type_info = array();
if (!empty($selected_angel_types)) {
$SQL = "INSERT INTO `UserAngelTypes` (`user_id`, `angeltype_id`) VALUES ";
- foreach ($selected_angel_types as $selected_angel_type_id)
- $SQL .= "(${user_source['UID']}, ${selected_angel_type_id}),";
+ foreach ($selected_angel_types as $selected_angel_type_id) {
+ $SQL .= "(" . $user_source['UID'] . ", " . $selected_angel_type_id . "),";
+ $user_angel_type_info[] = $angel_types[$selected_angel_type_id] . (in_array($selected_angel_type_id, $accepted_angel_types) ? ' (confirmed)' : '');
+ }
// remove superfluous comma
$SQL = substr($SQL, 0, -1);
sql_query($SQL);
@@ -125,16 +128,6 @@ function admin_user() {
}
sql_stop_transaction();
- foreach ($selected_angel_types as $selected_angel_type_id) {
- if (sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']) . " AND `angeltype_id`=" . sql_escape($selected_angel_type_id) . " LIMIT 1") == 0) {
- if (in_array("admin_user_angeltypes", $privileges)) {
- sql_query("INSERT INTO `UserAngelTypes` SET `confirm_user_id`=" . sql_escape($user['UID']) . ", `user_id`=" . sql_escape($user_source['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id));
- } else {
- sql_query("INSERT INTO `UserAngelTypes` SET `user_id`=" . sql_escape($user_source['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id));
- }
- }
- }
-
engelsystem_log("Set angeltypes of " . $user_source['Nick'] . " to: " . join(", ", $user_angel_type_info));
success("Angeltypes saved.");
redirect(page_link_to('admin_user') . '&id=' . $user_source['UID']);
@@ -143,10 +136,10 @@ function admin_user() {
$html .= form(array (
msg(),
form_multi_checkboxes(array('selected_angel_types' => 'gewünscht', 'accepted_angel_types' => 'akzeptiert'),
- "Angeltypes",
- $angel_types,
- array('selected_angel_types' => $selected_angel_types, 'accepted_angel_types' => array_merge($accepted_angel_types, $nonrestricted_angel_types)),
- array('accepted_angel_types' => $nonrestricted_angel_types)),
+ "Angeltypes",
+ $angel_types,
+ array('selected_angel_types' => $selected_angel_types, 'accepted_angel_types' => array_merge($accepted_angel_types, $nonrestricted_angel_types)),
+ array('accepted_angel_types' => $nonrestricted_angel_types)),
form_submit('submit_user_angeltypes', Get_Text("Save"))
));
From 29a6f020e6a1a8e900239b9855f553e62a00dc26 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philip=20H=C3=A4usler?=
Date: Thu, 27 Dec 2012 02:18:02 +0100
Subject: [PATCH 11/14] #28 finnished logging, fixes, inverted log order
---
includes/model/LogEntries_model.php | 2 +-
includes/pages/admin_user_angeltypes.php | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/includes/model/LogEntries_model.php b/includes/model/LogEntries_model.php
index 5659c0ee..95ecf6cd 100644
--- a/includes/model/LogEntries_model.php
+++ b/includes/model/LogEntries_model.php
@@ -12,7 +12,7 @@ function LogEntry_create($nick, $message) {
}
function LogEntries() {
- $log_entries_source = sql_select("SELECT * FROM `LogEntries` WHERE `timestamp` > " . (time() - 24*60*60) . " LIMIT 1000");
+ $log_entries_source = sql_select("SELECT * FROM `LogEntries` WHERE `timestamp` > " . (time() - 24*60*60) . " ORDER BY `timestamp` DESC LIMIT 1000");
return $log_entries_source;
}
diff --git a/includes/pages/admin_user_angeltypes.php b/includes/pages/admin_user_angeltypes.php
index 38c4d9c8..ba9a825b 100644
--- a/includes/pages/admin_user_angeltypes.php
+++ b/includes/pages/admin_user_angeltypes.php
@@ -8,7 +8,7 @@ function admin_user_angeltypes() {
global $privileges;
if (isset ($_REQUEST['confirm']) && test_request_int('confirm') && sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " AND `confirm_user_id` IS NULL") > 0) {
- $user_angel_type_source = sql_select("SELECT `UserAngelTypes`.*, `User`.`Nick`, `AngelTypes`.`name` FROM `UserAngelTypes` JOIN `User` ON `User`.`UID`=`UserAngelTypes`.`user_id` JOIN `AngelTypes` ON `AngelTypes`.`id`=`UserAngelTypes`.`angeltype_id` WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " LIMIT 1");
+ $user_angel_type_source = sql_select("SELECT `UserAngelTypes`.*, `User`.`Nick`, `AngelTypes`.`name` FROM `UserAngelTypes` JOIN `User` ON `User`.`UID`=`UserAngelTypes`.`user_id` JOIN `AngelTypes` ON `AngelTypes`.`id`=`UserAngelTypes`.`angeltype_id` WHERE `UserAngelTypes`.`id`=" . sql_escape($_REQUEST['confirm']) . " LIMIT 1");
if(count($user_angel_type_source) > 0) {
sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id`=" . sql_escape($_SESSION['uid']) . " WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " LIMIT 1");
engelsystem_log("Confirmed " . $user_angel_type_source[0]['Nick'] . " as " . $user_angel_type_source[0]['name']);
@@ -19,7 +19,7 @@ function admin_user_angeltypes() {
}
if (isset ($_REQUEST['discard']) && test_request_int('discard') && sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " AND `confirm_user_id` IS NULL") > 0) {
- $user_angel_type_source = sql_select("SELECT `UserAngelTypes`.*, `User`.`Nick`, `AngelTypes`.`name` FROM `UserAngelTypes` JOIN `User` ON `User`.`UID`=`UserAngelTypes`.`user_id` JOIN `AngelTypes` ON `AngelTypes`.`id`=`UserAngelTypes`.`angeltype_id` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " LIMIT 1");
+ $user_angel_type_source = sql_select("SELECT `UserAngelTypes`.*, `User`.`Nick`, `AngelTypes`.`name` FROM `UserAngelTypes` JOIN `User` ON `User`.`UID`=`UserAngelTypes`.`user_id` JOIN `AngelTypes` ON `AngelTypes`.`id`=`UserAngelTypes`.`angeltype_id` WHERE `UserAngelTypes`.`id`=" . sql_escape($_REQUEST['discard']) . " LIMIT 1");
if(count($user_angel_type_source) > 0) {
sql_query("DELETE FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " LIMIT 1");
engelsystem_log("Discarded " . $user_angel_type_source[0]['Nick'] . " as " . $user_angel_type_source[0]['name']);
From 26ffee4a96f08aa58a348d11674f6fd29c1498b0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philip=20H=C3=A4usler?=
Date: Thu, 27 Dec 2012 02:18:56 +0100
Subject: [PATCH 12/14] #28 logging doku
---
includes/model/LogEntries_model.php | 3 +++
1 file changed, 3 insertions(+)
diff --git a/includes/model/LogEntries_model.php b/includes/model/LogEntries_model.php
index 95ecf6cd..f8a552f2 100644
--- a/includes/model/LogEntries_model.php
+++ b/includes/model/LogEntries_model.php
@@ -11,6 +11,9 @@ function LogEntry_create($nick, $message) {
sql_query("INSERT INTO `LogEntries` SET `timestamp`=" . sql_escape($timestamp) . ", `nick`='" . sql_escape($nick) . "', `message`='" . sql_escape($message) . "'");
}
+/**
+ * Returns log entries of the last 24 hours with maximum count of 1000.
+ */
function LogEntries() {
$log_entries_source = sql_select("SELECT * FROM `LogEntries` WHERE `timestamp` > " . (time() - 24*60*60) . " ORDER BY `timestamp` DESC LIMIT 1000");
return $log_entries_source;
From 670cd715c559c521fe8f315fa34c00ac4f5defcb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philip=20H=C3=A4usler?=
Date: Thu, 27 Dec 2012 02:44:21 +0100
Subject: [PATCH 13/14] #28 logging doku
---
includes/pages/user_shifts.php | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php
index c239ca71..bd7f7831 100644
--- a/includes/pages/user_shifts.php
+++ b/includes/pages/user_shifts.php
@@ -123,10 +123,10 @@ function user_shifts() {
$needed_angel_types_info = array();
foreach ($needed_angel_types as $type_id => $count) {
sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count));
- $needed_angel_types_info[] = $angel_types[$type_id];
+ $needed_angel_types_info[] = $angel_types[$type_id]['name'] . ": " . $count;
}
- engelsystem_log("Updated shift " . $name . " from " . date("y-m-d H:i", $start) . " to " . date("y-m-d H:i", $end) . " with angel types " . join(", ", $needed_angel_types_info));
+ engelsystem_log("Updated shift '" . $name . "' from " . date("y-m-d H:i", $start) . " to " . date("y-m-d H:i", $end) . " with angel types " . join(", ", $needed_angel_types_info));
success("Schicht gespeichert.");
redirect(page_link_to('user_shifts'));
}
From 0f0f847af4c9ffe8138c802086bda7eb15f9baef Mon Sep 17 00:00:00 2001
From: Jan-Philipp Litza
Date: Thu, 27 Dec 2012 02:54:57 +0100
Subject: [PATCH 14/14] minor fixes for logging and user editing and searching
---
includes/pages/admin_free.php | 1 +
includes/pages/admin_user.php | 8 +++++---
templates/admin_free.html | 2 +-
3 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/includes/pages/admin_free.php b/includes/pages/admin_free.php
index d6f4b7a0..88a96965 100644
--- a/includes/pages/admin_free.php
+++ b/includes/pages/admin_free.php
@@ -57,6 +57,7 @@ function admin_free() {
return template_render('../templates/admin_free.html', array (
'search' => $search,
'angeltypes' => html_select_key('angeltype', 'angeltype', $angel_types, $_REQUEST['angeltype']),
+ 'confirmed_only' => isset($_REQUEST['confirmed_only'])? 'checked' : '',
'table' => $table,
'link' => page_link_to('admin_free')
));
diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php
index 8d900c1b..f4902e1c 100644
--- a/includes/pages/admin_user.php
+++ b/includes/pages/admin_user.php
@@ -103,9 +103,10 @@ function admin_user() {
if (isset ($_REQUEST['submit_user_angeltypes'])) {
$selected_angel_types = array_intersect($_REQUEST['selected_angel_types'], array_keys($angel_types));
- $accepted_angel_types = array_diff(array_intersect($_REQUEST['accepted_angel_types'], array_keys($angel_types)), $nonrestricted_angel_types);
+ $accepted_angel_types = array_unique(array_diff(array_intersect($_REQUEST['accepted_angel_types'], array_keys($angel_types)), $nonrestricted_angel_types));
if (in_array("admin_user_angeltypes", $privileges))
- $selected_angel_types = array_merge($selected_angel_types, $accepted_angel_types);
+ $selected_angel_types = array_merge((array) $selected_angel_types, $accepted_angel_types);
+ $selected_angel_types = array_unique($selected_angel_types);
// Assign angel-types
sql_start_transaction();
@@ -227,10 +228,11 @@ function admin_user() {
case 'delete' :
if ($user['UID'] != $id) {
+ $nickname = sql_select("SELECT `Nick` FROM `User` WHERE `UID` = '" . sql_escape($id) . "' LIMIT 1");
sql_query("DELETE FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id));
sql_query("UPDATE `ShiftEntry` SET `UID`=0, `Comment`=NULL WHERE `UID`=" . sql_escape($id));
- engelsystem_log("Deleted user " . $user_source['Nick']);
+ engelsystem_log("Deleted user " . $nickname[0]['Nick']);
$html .= success("Benutzer gelöscht!", true);
} else {
$html .= error("Du kannst Dich nicht selber löschen!", true);
diff --git a/templates/admin_free.html b/templates/admin_free.html
index 35ac1afa..ef1dccf0 100644
--- a/templates/admin_free.html
+++ b/templates/admin_free.html
@@ -1,6 +1,6 @@
- Search Angel: %angeltypes%
+ Search Angel: %angeltypes% Nur zugelassene