From 0dabaa505e4463498665a1eb6ab95979578beab3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philip=20H=C3=A4usler?= Date: Wed, 26 Dec 2012 14:02:27 +0100 Subject: [PATCH 01/14] #28 begin log --- db/update.d/20_LogEntriesTable.php | 19 + includes/model/LogEntries_model.php | 15 + includes/model/User_model.php | 14 + includes/pages/admin_active.php | 232 +++++----- includes/pages/admin_angel_types.php | 8 +- includes/pages/admin_arrive.php | 100 +++-- includes/pages/admin_groups.php | 166 +++---- includes/pages/admin_import.php | 522 ++++++++++++----------- includes/pages/admin_news.php | 144 ++++--- includes/pages/admin_questions.php | 138 +++--- includes/pages/admin_rooms.php | 19 +- includes/pages/admin_shifts.php | 9 +- includes/pages/admin_user_angeltypes.php | 20 +- includes/sys_log.php | 19 + public/index.php | 1 + 15 files changed, 785 insertions(+), 641 deletions(-) create mode 100644 db/update.d/20_LogEntriesTable.php create mode 100644 includes/model/LogEntries_model.php create mode 100644 includes/model/User_model.php create mode 100644 includes/sys_log.php diff --git a/db/update.d/20_LogEntriesTable.php b/db/update.d/20_LogEntriesTable.php new file mode 100644 index 00000000..5ea82efc --- /dev/null +++ b/db/update.d/20_LogEntriesTable.php @@ -0,0 +1,19 @@ + \ No newline at end of file diff --git a/includes/model/LogEntries_model.php b/includes/model/LogEntries_model.php new file mode 100644 index 00000000..d8615f0e --- /dev/null +++ b/includes/model/LogEntries_model.php @@ -0,0 +1,15 @@ + \ No newline at end of file diff --git a/includes/model/User_model.php b/includes/model/User_model.php new file mode 100644 index 00000000..c2d2282e --- /dev/null +++ b/includes/model/User_model.php @@ -0,0 +1,14 @@ + 0) + return $user_source[0]; + return null; +} + +?> \ No newline at end of file diff --git a/includes/pages/admin_active.php b/includes/pages/admin_active.php index 55384345..0dabe568 100644 --- a/includes/pages/admin_active.php +++ b/includes/pages/admin_active.php @@ -1,120 +1,144 @@ « back | apply'; - } - } + if ($ok) + $limit = " LIMIT " . $count; + if (isset ($_REQUEST['ack'])) { + sql_query("UPDATE `User` SET `Aktiv` = 0 WHERE `Tshirt` = 0"); + $users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit); + $user_nicks = array(); + foreach ($users as $usr) { + sql_query("UPDATE `User` SET `Aktiv` = 1 WHERE `UID`=" . sql_escape($usr['UID'])); + $user_nicks[] = $usr['Nick']; + } + engelsystem_log("These angels are active now: " . join(", ", $user_nicks)); - if (isset ($_REQUEST['active']) && preg_match("/^[0-9]+$/", $_REQUEST['active'])) { - $id = $_REQUEST['active']; - sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - $msg = success("Angel has been marked as active.", true); - } - elseif (isset ($_REQUEST['not_active']) && preg_match("/^[0-9]+$/", $_REQUEST['not_active'])) { - $id = $_REQUEST['not_active']; - sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - $msg = success("Angel has been marked as not active.", true); - } - elseif (isset ($_REQUEST['tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['tshirt'])) { - $id = $_REQUEST['tshirt']; - sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - $msg = success("Angel has got a t-shirt.", true); - } - elseif (isset ($_REQUEST['not_tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['not_tshirt'])) { - $id = $_REQUEST['not_tshirt']; - sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - $msg = success("Angel has got no t-shirt.", true); - } + $limit = ""; + $msg = success("Marked angels.", true); + } else { + $set_active = '« back | apply'; + } + } - $users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit); + if (isset ($_REQUEST['active']) && preg_match("/^[0-9]+$/", $_REQUEST['active'])) { + $id = $_REQUEST['active']; + $user_source = User($id); + if($user_source != null) { + sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + engelsystem_log("User " . $user_source['Nick'] . " is active now."); + $msg = success("Angel has been marked as active.", true); + } + else $msg = error("Angel not found.", true); + } + elseif (isset ($_REQUEST['not_active']) && preg_match("/^[0-9]+$/", $_REQUEST['not_active'])) { + $id = $_REQUEST['not_active']; + $user_source = User($id); + if($user_source != null) { + sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + engelsystem_log("User " . $user_source['Nick'] . " is NOT active now."); + $msg = success("Angel has been marked as not active.", true); + } + else $msg = error("Angel not found.", true); + } + elseif (isset ($_REQUEST['tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['tshirt'])) { + $id = $_REQUEST['tshirt']; + $user_source = User($id); + if($user_source != null) { + sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + engelsystem_log("User " . $user_source['Nick'] . " has tshirt now."); + $msg = success("Angel has got a t-shirt.", true); + } + else $msg = error("Angel not found.", true); + } + elseif (isset ($_REQUEST['not_tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['not_tshirt'])) { + $id = $_REQUEST['not_tshirt']; + $user_source = User($id); + if($user_source != null) { + sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + engelsystem_log("User " . $user_source['Nick'] . " NO tshirt."); + $msg = success("Angel has got no t-shirt.", true); + } + else $msg = error("Angel not found.", true); + } - $table = ""; - if ($search == "") - $tokens = array (); - else - $tokens = explode(" ", $search); - foreach ($users as $usr) { - if (count($tokens) > 0) { - $match = false; - $index = join("", $usr); - foreach ($tokens as $t) - if (strstr($index, trim($t))) { - $match = true; - break; - } - if (!$match) - continue; - } - $table .= ''; - $table .= '' . $usr['Nick'] . ''; - $table .= '' . $tshirt_sizes[$usr['Size']] . ''; - $table .= '' . $usr['shift_count'] . ''; + $users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit); - if ($usr['shift_count'] == 0) - $table .= '-'; - else - $table .= '' . round($usr['shift_length'] / 60) . ' min (' . round($usr['shift_length'] / 3600) . ' h)'; + $table = ""; + if ($search == "") + $tokens = array (); + else + $tokens = explode(" ", $search); + foreach ($users as $usr) { + if (count($tokens) > 0) { + $match = false; + $index = join("", $usr); + foreach ($tokens as $t) + if (strstr($index, trim($t))) { + $match = true; + break; + } + if (!$match) + continue; + } + $table .= ''; + $table .= '' . $usr['Nick'] . ''; + $table .= '' . $tshirt_sizes[$usr['Size']] . ''; + $table .= '' . $usr['shift_count'] . ''; - if ($usr['Aktiv'] == 1) - $table .= 'yes'; - else - $table .= ''; - if ($usr['Tshirt'] == 1) - $table .= 'yes'; - else - $table .= ''; + if ($usr['shift_count'] == 0) + $table .= '-'; + else + $table .= '' . round($usr['shift_length'] / 60) . ' min (' . round($usr['shift_length'] / 3600) . ' h)'; - $actions = array (); - if ($usr['Aktiv'] == 0) - $actions[] = 'set active'; - if ($usr['Aktiv'] == 1 && $usr['Tshirt'] == 0) { - $actions[] = 'remove active'; - $actions[] = 'got t-shirt'; - } - if ($usr['Tshirt'] == 1) - $actions[] = 'remove t-shirt'; + if ($usr['Aktiv'] == 1) + $table .= 'yes'; + else + $table .= ''; + if ($usr['Tshirt'] == 1) + $table .= 'yes'; + else + $table .= ''; - $table .= '' . join(' | ', $actions) . ''; + $actions = array (); + if ($usr['Aktiv'] == 0) + $actions[] = 'set active'; + if ($usr['Aktiv'] == 1 && $usr['Tshirt'] == 0) { + $actions[] = 'remove active'; + $actions[] = 'got t-shirt'; + } + if ($usr['Tshirt'] == 1) + $actions[] = 'remove t-shirt'; - $table .= ''; - } - return template_render('../templates/admin_active.html', array ( - 'search' => $search, - 'count' => $count, - 'set_active' => $set_active, - 'table' => $table, - 'msg' => $msg, - 'link' => page_link_to('admin_active') - )); + $table .= '' . join(' | ', $actions) . ''; + + $table .= ''; + } + return template_render('../templates/admin_active.html', array ( + 'search' => $search, + 'count' => $count, + 'set_active' => $set_active, + 'table' => $table, + 'msg' => $msg, + 'link' => page_link_to('admin_active') + )); } ?> \ No newline at end of file diff --git a/includes/pages/admin_angel_types.php b/includes/pages/admin_angel_types.php index 90289d61..d5841d1c 100644 --- a/includes/pages/admin_angel_types.php +++ b/includes/pages/admin_angel_types.php @@ -47,10 +47,13 @@ function admin_angel_types() { $restricted = 0; if ($ok) { - if (isset ($id)) + if (isset ($id)) { sql_query("UPDATE `AngelTypes` SET `name`='" . sql_escape($name) . "', `restricted`=" . sql_escape($restricted) . " WHERE `id`=" . sql_escape($id) . " LIMIT 1"); - else + engelsystem_log("Updated angeltype: " . $name . ", restricted: " . $restricted); + } else { sql_query("INSERT INTO `AngelTypes` SET `name`='" . sql_escape($name) . "', `restricted`=" . sql_escape($restricted)); + engelsystem_log("Created angeltype: " . $name . ", restricted: " . $restricted); + } success("Angel type saved."); redirect(page_link_to('admin_angel_types')); @@ -76,6 +79,7 @@ function admin_angel_types() { sql_query("DELETE FROM `ShiftEntry` WHERE `TID`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `AngelTypes` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `UserAngelTypes` WHERE `angeltype_id`=" . sql_escape($id) . " LIMIT 1"); + engelsystem_log("Deleted angel type: " . $name); success(sprintf("Angel type %s deleted.", $name)); redirect(page_link_to('admin_angel_types')); } diff --git a/includes/pages/admin_arrive.php b/includes/pages/admin_arrive.php index 2acad0b3..70a43394 100644 --- a/includes/pages/admin_arrive.php +++ b/includes/pages/admin_arrive.php @@ -1,52 +1,60 @@ 0) { - $match = false; - $index = join("", $usr); - foreach ($tokens as $t) - if (strstr($index, trim($t))) { - $match = true; - break; - } - if (!$match) - continue; - } - $table .= ''; - $table .= '' . $usr['Nick'] . ''; - if ($usr['Gekommen'] == 1) - $table .= 'yesreset'; - else - $table .= 'arrived'; - $table .= ''; - } - return template_render('../templates/admin_arrive.html', array ( - 'search' => $search, - 'table' => $table, - 'msg' => $msg, - 'link' => page_link_to('admin_arrive') - )); + $users = sql_select("SELECT * FROM `User` ORDER BY `Nick`"); + $table = ""; + if ($search == "") + $tokens = array (); + else + $tokens = explode(" ", $search); + foreach ($users as $usr) { + if (count($tokens) > 0) { + $match = false; + $index = join("", $usr); + foreach ($tokens as $t) + if (strstr($index, trim($t))) { + $match = true; + break; + } + if (!$match) + continue; + } + $table .= ''; + $table .= '' . $usr['Nick'] . ''; + if ($usr['Gekommen'] == 1) + $table .= 'yesreset'; + else + $table .= 'arrived'; + $table .= ''; + } + return template_render('../templates/admin_arrive.html', array ( + 'search' => $search, + 'table' => $table, + 'msg' => $msg, + 'link' => page_link_to('admin_arrive') + )); } ?> \ No newline at end of file diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php index 2fc789fa..df472359 100644 --- a/includes/pages/admin_groups.php +++ b/includes/pages/admin_groups.php @@ -1,91 +1,99 @@ %s', - $group['Name'] - ); - $privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID'])); - $privileges_html = array (); + $html = ""; + $groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`"); + if (!isset ($_REQUEST["action"])) { + $groups_html = ""; + foreach ($groups as $group) { + $groups_html .= sprintf( + '%s', + $group['Name'] + ); + $privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID'])); + $privileges_html = array (); - foreach ($privileges as $priv) - $privileges_html[] = $priv['name']; + foreach ($privileges as $priv) + $privileges_html[] = $priv['name']; - $groups_html .= sprintf( - '%s' - . 'Ändern', - join(', ', $privileges_html), - page_link_to("admin_groups"), - $group['UID'] - ); - } + $groups_html .= sprintf( + '%s' + . 'Ändern', + join(', ', $privileges_html), + page_link_to("admin_groups"), + $group['UID'] + ); + } - return template_render('../templates/admin_groups.html', array ( - 'nick' => $user['Nick'], - 'groups' => $groups_html - )); - } else { - switch ($_REQUEST["action"]) { - case 'edit' : - if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) - $id = $_REQUEST['id']; - else - return error("Incomplete call, missing Groups ID.", true); + return template_render('../templates/admin_groups.html', array ( + 'nick' => $user['Nick'], + 'groups' => $groups_html + )); + } else { + switch ($_REQUEST["action"]) { + case 'edit' : + if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Groups ID.", true); - $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - if (count($room) > 0) { - list ($room) = $room; - $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`"); - $privileges_html = ""; - foreach ($privileges as $priv) - $privileges_html .= sprintf( - '' - . ' %s %s', - $priv['id'], - ($priv['group_id'] != "" - ? 'checked="checked"' - : ''), - $priv['name'], - $priv['desc'] - ); + $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + if (count($room) > 0) { + list ($room) = $room; + $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`"); + $privileges_html = ""; + foreach ($privileges as $priv) + $privileges_html .= sprintf( + '' + . ' %s %s', + $priv['id'], + ($priv['group_id'] != "" + ? 'checked="checked"' + : ''), + $priv['name'], + $priv['desc'] + ); - $html .= template_render('../templates/admin_groups_edit_form.html', array ( - 'link' => page_link_to("admin_groups"), - 'id' => $id, - 'privileges' => $privileges_html - )); - } else - return error("No Group found.", true); - break; + $html .= template_render('../templates/admin_groups_edit_form.html', array ( + 'link' => page_link_to("admin_groups"), + 'id' => $id, + 'privileges' => $privileges_html + )); + } else + return error("No Group found.", true); + break; - case 'save' : - if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) - $id = $_REQUEST['id']; - else - return error("Incomplete call, missing Groups ID.", true); + case 'save' : + if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Groups ID.", true); - $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - if (!is_array($_REQUEST['privileges'])) - $_REQUEST['privileges'] = array (); - if (count($room) > 0) { - list ($room) = $room; - sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id)); - foreach ($_REQUEST['privileges'] as $priv) - if (preg_match("/^[0-9]{1,}$/", $priv) && sql_num_query("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv)) > 0) - sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv)); - header("Location: " . page_link_to("admin_groups")); - } else - return error("No Group found.", true); - break; - } - } - return $html; + $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + if (!is_array($_REQUEST['privileges'])) + $_REQUEST['privileges'] = array (); + if (count($room) > 0) { + list ($room) = $room; + sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id)); + $privilege_names = array(); + foreach ($_REQUEST['privileges'] as $priv) { + if (preg_match("/^[0-9]{1,}$/", $priv)) { + $group_privileges_source = sql_select("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv) . " LIMIT 1"); + if(count($group_privileges_source) > 0) { + sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv)); + $privilege_names[] = $group_privileges_source[0]['name']; + } + } + } + engelsystem_log("Group privileges of group " . $room['Name'] . " edited: " . join(", ", $privilege_names)); + header("Location: " . page_link_to("admin_groups")); + } else + return error("No Group found.", true); + break; + } + } + return $html; } ?> diff --git a/includes/pages/admin_import.php b/includes/pages/admin_import.php index 5ac62d2d..9a31d5cd 100644 --- a/includes/pages/admin_import.php +++ b/includes/pages/admin_import.php @@ -1,279 +1,281 @@ '; - $html .= $step == "input" ? '1. Input' : '1. Input'; - $html .= ' » '; - $html .= $step == "check" ? '2. Validate' : '2. Validate'; - $html .= ' » '; - $html .= $step == "import" ? '3. Import' : '3. Import'; - $html .= '

'; - - $import_file = '../import/import_' . $user['UID'] . '.xml'; - - switch ($step) { - case "input" : - $ok = false; - if ($test_handle = fopen('../import/tmp', 'w')) { - fclose($test_handle); - unlink('../import/tmp'); - } else { - $msg = error("Webserver has no write-permission on import directory.", true); - } - - if (isset ($_REQUEST['submit'])) { - $ok = true; - if (isset ($_REQUEST['user']) && $_REQUEST['user'] != "" && isset ($_REQUEST['password']) && $_REQUEST['password'] != "") { - $fp = fsockopen("ssl://$PentabarfXMLhost", 443, $errno, $errstr, 5); - - if (!$fp) { - $ok = false; - $msg = error("File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_REQUEST["url"] . "' not readable!" . "[$errstr ($errno)]", true); - } else { - $fileOut = fopen($import_file, "w"); - $head = 'GET /' . $PentabarfXMLpath . $_REQUEST["url"] . ' HTTP/1.1' . "\r\n" . - 'Host: ' . $PentabarfXMLhost . "\r\n" . - 'User-Agent: Engelsystem' . "\r\n" . - 'Authorization: Basic ' . - base64_encode($_REQUEST["user"] . ':' . $_REQUEST["password"]) . "\r\n" . - "\r\n"; - fputs($fp, $head); - $Zeilen = -1; - echo "
";
-						while (!feof($fp)) {
-							$Temp = fgets($fp, 1024);
-
-							// show header
-							if ($Zeilen == -1) {
-								echo $Temp;
-							}
-
-							// ende des headers
-							if ($Temp == "\r\n") {
-								echo "
\n"; - $Zeilen = 0; - $Temp = ""; - } - - //file ende? - if ($Temp == "0\r\n") - break; - - if (($Zeilen > -1) && ($Temp != "ffb\r\n")) { - //steuerzeichen ausfiltern - if (strpos("#$Temp", "\r\n") > 0) - $Temp = substr($Temp, 0, strlen($Temp) - 2); - if (strpos("#$Temp", "1005") > 0) - $Temp = ""; - if (strpos("#$Temp", "783") > 0) - $Temp = ""; - //schreiben in file - fputs($fileOut, $Temp); - $Zeilen++; - } - } - fclose($fileOut); - fclose($fp); - $msg .= success("Es wurden $Zeilen Zeilen eingelesen.", true); - } - } - elseif (isset ($_FILES['xcal_file']) && ($_FILES['xcal_file']['error'] == 0)) { - if (move_uploaded_file($_FILES['xcal_file']['tmp_name'], $import_file)) { - libxml_use_internal_errors(true); - if (simplexml_load_file($import_file) === false) { - $ok = false; - $msg = error("No valid xml/xcal file provided.", true); - unlink($import_file); - } - } else { - $ok = false; - $msg = error("File upload went wrong.", true); - } - } else { - $ok = false; - $msg = error("Please provide some data.", true); - } - } - - if ($ok) - header("Location: " . page_link_to('admin_import') . "&step=check"); - else - $html .= template_render('../templates/admin_import_input.html', array ( - 'link' => page_link_to('admin_import'), - 'msg' => $msg, - 'url' => "https://$PentabarfXMLhost/$PentabarfXMLpath" - )); - break; - - case "check" : - if (!file_exists($import_file)) - header("Location: " . page_link_to('admin_import')); - - list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file); - list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file); - - $html .= template_render('../templates/admin_import_check.html', array ( - 'link' => page_link_to('admin_import'), - 'rooms_new' => count($rooms_new) == 0 ? "None" : table_body($rooms_new), - 'rooms_deleted' => count($rooms_deleted) == 0 ? "None" : table_body($rooms_deleted), - 'events_new' => count($events_new) == 0 ? "None" : table_body(shifts_printable($events_new)), - 'events_updated' => count($events_updated) == 0 ? "None" : table_body(shifts_printable($events_updated)), - 'events_deleted' => count($events_deleted) == 0 ? "None" : table_body(shifts_printable($events_deleted)) - )); - break; - - case "import" : - if (!file_exists($import_file)) - header("Location: " . page_link_to('admin_import')); - - list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file); - foreach ($rooms_new as $room) { - sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($room) . "', `FromPentabarf`='Y', `Show`='Y'"); - $rooms_import[trim($room)] = sql_id(); - } - foreach ($rooms_deleted as $room) - sql_query("DELETE FROM `Room` WHERE `Name`='" . sql_escape($room) . "' LIMIT 1"); - - list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file); - foreach ($events_new as $event) - sql_query("INSERT INTO `Shifts` SET `name`='" . - sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "'"); - - foreach ($events_updated as $event) - sql_query("UPDATE `Shifts` SET `name`='" . - sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "' WHERE `PSID`=" . sql_escape($event['PSID']) . " LIMIT 1"); - - foreach ($events_deleted as $event) - sql_query("DELETE FROM `Shifts` WHERE `PSID`=" . - sql_escape($event['PSID']) . " LIMIT 1"); - - unlink($import_file); - - $html .= template_render('../templates/admin_import_import.html', array ()); - break; - } - - return $html; + global $PentabarfXMLhost, $PentabarfXMLpath; + global $rooms_import; + global $user; + $html = ""; + + $step = "input"; + if (isset ($_REQUEST['step'])) + $step = $_REQUEST['step']; + + $html .= '

'; + $html .= $step == "input" ? '1. Input' : '1. Input'; + $html .= ' » '; + $html .= $step == "check" ? '2. Validate' : '2. Validate'; + $html .= ' » '; + $html .= $step == "import" ? '3. Import' : '3. Import'; + $html .= '

'; + + $import_file = '../import/import_' . $user['UID'] . '.xml'; + + switch ($step) { + case "input" : + $ok = false; + if ($test_handle = fopen('../import/tmp', 'w')) { + fclose($test_handle); + unlink('../import/tmp'); + } else { + $msg = error("Webserver has no write-permission on import directory.", true); + } + + if (isset ($_REQUEST['submit'])) { + $ok = true; + if (isset ($_REQUEST['user']) && $_REQUEST['user'] != "" && isset ($_REQUEST['password']) && $_REQUEST['password'] != "") { + $fp = fsockopen("ssl://$PentabarfXMLhost", 443, $errno, $errstr, 5); + + if (!$fp) { + $ok = false; + $msg = error("File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_REQUEST["url"] . "' not readable!" . "[$errstr ($errno)]", true); + } else { + $fileOut = fopen($import_file, "w"); + $head = 'GET /' . $PentabarfXMLpath . $_REQUEST["url"] . ' HTTP/1.1' . "\r\n" . + 'Host: ' . $PentabarfXMLhost . "\r\n" . + 'User-Agent: Engelsystem' . "\r\n" . + 'Authorization: Basic ' . + base64_encode($_REQUEST["user"] . ':' . $_REQUEST["password"]) . "\r\n" . + "\r\n"; + fputs($fp, $head); + $Zeilen = -1; + echo "
";
+            while (!feof($fp)) {
+              $Temp = fgets($fp, 1024);
+
+              // show header
+              if ($Zeilen == -1) {
+                echo $Temp;
+              }
+
+              // ende des headers
+              if ($Temp == "\r\n") {
+                echo "
\n"; + $Zeilen = 0; + $Temp = ""; + } + + //file ende? + if ($Temp == "0\r\n") + break; + + if (($Zeilen > -1) && ($Temp != "ffb\r\n")) { + //steuerzeichen ausfiltern + if (strpos("#$Temp", "\r\n") > 0) + $Temp = substr($Temp, 0, strlen($Temp) - 2); + if (strpos("#$Temp", "1005") > 0) + $Temp = ""; + if (strpos("#$Temp", "783") > 0) + $Temp = ""; + //schreiben in file + fputs($fileOut, $Temp); + $Zeilen++; + } + } + fclose($fileOut); + fclose($fp); + $msg .= success("Es wurden $Zeilen Zeilen eingelesen.", true); + } + } + elseif (isset ($_FILES['xcal_file']) && ($_FILES['xcal_file']['error'] == 0)) { + if (move_uploaded_file($_FILES['xcal_file']['tmp_name'], $import_file)) { + libxml_use_internal_errors(true); + if (simplexml_load_file($import_file) === false) { + $ok = false; + $msg = error("No valid xml/xcal file provided.", true); + unlink($import_file); + } + } else { + $ok = false; + $msg = error("File upload went wrong.", true); + } + } else { + $ok = false; + $msg = error("Please provide some data.", true); + } + } + + if ($ok) + header("Location: " . page_link_to('admin_import') . "&step=check"); + else + $html .= template_render('../templates/admin_import_input.html', array ( + 'link' => page_link_to('admin_import'), + 'msg' => $msg, + 'url' => "https://$PentabarfXMLhost/$PentabarfXMLpath" + )); + break; + + case "check" : + if (!file_exists($import_file)) + header("Location: " . page_link_to('admin_import')); + + list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file); + list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file); + + $html .= template_render('../templates/admin_import_check.html', array ( + 'link' => page_link_to('admin_import'), + 'rooms_new' => count($rooms_new) == 0 ? "None" : table_body($rooms_new), + 'rooms_deleted' => count($rooms_deleted) == 0 ? "None" : table_body($rooms_deleted), + 'events_new' => count($events_new) == 0 ? "None" : table_body(shifts_printable($events_new)), + 'events_updated' => count($events_updated) == 0 ? "None" : table_body(shifts_printable($events_updated)), + 'events_deleted' => count($events_deleted) == 0 ? "None" : table_body(shifts_printable($events_deleted)) + )); + break; + + case "import" : + if (!file_exists($import_file)) + header("Location: " . page_link_to('admin_import')); + + list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file); + foreach ($rooms_new as $room) { + sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($room) . "', `FromPentabarf`='Y', `Show`='Y'"); + $rooms_import[trim($room)] = sql_id(); + } + foreach ($rooms_deleted as $room) + sql_query("DELETE FROM `Room` WHERE `Name`='" . sql_escape($room) . "' LIMIT 1"); + + list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file); + foreach ($events_new as $event) + sql_query("INSERT INTO `Shifts` SET `name`='" . + sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "'"); + + foreach ($events_updated as $event) + sql_query("UPDATE `Shifts` SET `name`='" . + sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "' WHERE `PSID`=" . sql_escape($event['PSID']) . " LIMIT 1"); + + foreach ($events_deleted as $event) + sql_query("DELETE FROM `Shifts` WHERE `PSID`=" . + sql_escape($event['PSID']) . " LIMIT 1"); + + engelsystem_log("Pentabarf import done"); + + unlink($import_file); + + $html .= template_render('../templates/admin_import_import.html', array ()); + break; + } + + return $html; } function prepare_rooms($file) { - global $rooms_import; - $data = read_xml($file); - - // Load rooms from db for compare with input - $rooms = sql_select("SELECT * FROM `Room` WHERE `FromPentabarf`='Y'"); - $rooms_db = array (); - $rooms_import = array (); - foreach ($rooms as $room) { - $rooms_db[] = $room['Name']; - $rooms_import[$room['Name']] = $room['RID']; - } - - $events = $data->vcalendar->vevent; - $rooms_pb = array (); - foreach ($events as $event) { - $rooms_pb[] = $event->location; - if (!isset ($rooms_import[trim($event->location)])) - $rooms_import[trim($event->location)] = trim($event->location); - } - $rooms_pb = array_unique($rooms_pb); - - $rooms_new = array_diff($rooms_pb, $rooms_db); - $rooms_deleted = array_diff($rooms_db, $rooms_pb); - - return array ( - $rooms_new, - $rooms_deleted - ); + global $rooms_import; + $data = read_xml($file); + + // Load rooms from db for compare with input + $rooms = sql_select("SELECT * FROM `Room` WHERE `FromPentabarf`='Y'"); + $rooms_db = array (); + $rooms_import = array (); + foreach ($rooms as $room) { + $rooms_db[] = $room['Name']; + $rooms_import[$room['Name']] = $room['RID']; + } + + $events = $data->vcalendar->vevent; + $rooms_pb = array (); + foreach ($events as $event) { + $rooms_pb[] = $event->location; + if (!isset ($rooms_import[trim($event->location)])) + $rooms_import[trim($event->location)] = trim($event->location); + } + $rooms_pb = array_unique($rooms_pb); + + $rooms_new = array_diff($rooms_pb, $rooms_db); + $rooms_deleted = array_diff($rooms_db, $rooms_pb); + + return array ( + $rooms_new, + $rooms_deleted + ); } function prepare_events($file) { - global $rooms_import; - $data = read_xml($file); - - $rooms = sql_select("SELECT * FROM `Room`"); - $rooms_db = array (); - foreach ($rooms as $room) - $rooms_db[$room['Name']] = $room['RID']; - - $events = $data->vcalendar->vevent; - $shifts_pb = array (); - foreach ($events as $event) { - $event_pb = $event->children("http://pentabarf.org"); - $event_id = trim($event_pb-> { - 'event-id' }); - $shifts_pb[$event_id] = array ( - 'start' => DateTime :: createFromFormat("Ymd\THis", $event->dtstart)->getTimestamp(), - 'end' => DateTime :: createFromFormat("Ymd\THis", $event->dtend)->getTimestamp(), - 'RID' => $rooms_import[trim($event->location)], - 'name' => trim($event->summary), - 'URL' => trim($event->url), - 'PSID' => $event_id - ); - } - - $shifts = sql_select("SELECT * FROM `Shifts` WHERE `PSID` IS NOT NULL ORDER BY `start`"); - $shifts_db = array (); - foreach ($shifts as $shift) - $shifts_db[$shift['PSID']] = $shift; - - $shifts_new = array (); - $shifts_updated = array (); - foreach ($shifts_pb as $shift) - if (!isset ($shifts_db[$shift['PSID']])) - $shifts_new[] = $shift; - else { - $tmp = $shifts_db[$shift['PSID']]; - if ($shift['name'] != $tmp['name'] || $shift['start'] != $tmp['start'] || $shift['end'] != $tmp['end'] || $shift['RID'] != $tmp['RID'] || $shift['URL'] != $tmp['URL']) - $shifts_updated[] = $shift; - } - - $shifts_deleted = array (); - foreach ($shifts_db as $shift) - if (!isset ($shifts_pb[$shift['PSID']])) - $shifts_deleted[] = $shift; - - return array ( - $shifts_new, - $shifts_updated, - $shifts_deleted - ); + global $rooms_import; + $data = read_xml($file); + + $rooms = sql_select("SELECT * FROM `Room`"); + $rooms_db = array (); + foreach ($rooms as $room) + $rooms_db[$room['Name']] = $room['RID']; + + $events = $data->vcalendar->vevent; + $shifts_pb = array (); + foreach ($events as $event) { + $event_pb = $event->children("http://pentabarf.org"); + $event_id = trim($event_pb-> { + 'event-id' }); + $shifts_pb[$event_id] = array ( + 'start' => DateTime :: createFromFormat("Ymd\THis", $event->dtstart)->getTimestamp(), + 'end' => DateTime :: createFromFormat("Ymd\THis", $event->dtend)->getTimestamp(), + 'RID' => $rooms_import[trim($event->location)], + 'name' => trim($event->summary), + 'URL' => trim($event->url), + 'PSID' => $event_id + ); + } + + $shifts = sql_select("SELECT * FROM `Shifts` WHERE `PSID` IS NOT NULL ORDER BY `start`"); + $shifts_db = array (); + foreach ($shifts as $shift) + $shifts_db[$shift['PSID']] = $shift; + + $shifts_new = array (); + $shifts_updated = array (); + foreach ($shifts_pb as $shift) + if (!isset ($shifts_db[$shift['PSID']])) + $shifts_new[] = $shift; + else { + $tmp = $shifts_db[$shift['PSID']]; + if ($shift['name'] != $tmp['name'] || $shift['start'] != $tmp['start'] || $shift['end'] != $tmp['end'] || $shift['RID'] != $tmp['RID'] || $shift['URL'] != $tmp['URL']) + $shifts_updated[] = $shift; + } + + $shifts_deleted = array (); + foreach ($shifts_db as $shift) + if (!isset ($shifts_pb[$shift['PSID']])) + $shifts_deleted[] = $shift; + + return array ( + $shifts_new, + $shifts_updated, + $shifts_deleted + ); } function read_xml($file) { - global $xml_import; - if (!isset ($xml_import)) - $xml_import = simplexml_load_file($file); - return $xml_import; + global $xml_import; + if (!isset ($xml_import)) + $xml_import = simplexml_load_file($file); + return $xml_import; } function shifts_printable($shifts) { - global $rooms_import; - $rooms = array_flip($rooms_import); - - uasort($shifts, 'shift_sort'); - - $shifts_printable = array (); - foreach ($shifts as $shift) - $shifts_printable[] = array ( - 'day' => date("l, Y-m-d", $shift['start']), - 'start' => date("H:i", $shift['start']), - 'name' => shorten($shift['name']), - 'end' => date("H:i", $shift['end']), - 'room' => $rooms[$shift['RID']] - ); - return $shifts_printable; + global $rooms_import; + $rooms = array_flip($rooms_import); + + uasort($shifts, 'shift_sort'); + + $shifts_printable = array (); + foreach ($shifts as $shift) + $shifts_printable[] = array ( + 'day' => date("l, Y-m-d", $shift['start']), + 'start' => date("H:i", $shift['start']), + 'name' => shorten($shift['name']), + 'end' => date("H:i", $shift['end']), + 'room' => $rooms[$shift['RID']] + ); + return $shifts_printable; } function shift_sort($a, $b) { - return ($a['start'] < $b['start']) ? -1 : 1; + return ($a['start'] < $b['start']) ? -1 : 1; } ?> diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php index ca1f81fc..f6c06001 100644 --- a/includes/pages/admin_news.php +++ b/includes/pages/admin_news.php @@ -1,87 +1,89 @@ 0) { - list ($news) = $news; + if (!isset ($_GET["action"])) { + header("Location: " . page_link_to("news")); + } else { + $html = ""; + switch ($_GET["action"]) { + case 'edit' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing News ID.", true); - $html .= '« Back'; + $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + if (count($news) > 0) { + list ($news) = $news; - $html .= "
\n"; + $html .= '« Back'; - $html .= "\n"; - $html .= " \n"; - $html .= " \n"; - $html .= " \n"; - $html .= " \n"; - $html .= " \n"; - $html .= "
Datum" . - date("Y-m-d H:i", $news['Datum']) . "
Betreff
Text
Engel" . - UID2Nick($news["UID"]) . "
Treffen" . html_select_key('eTreffen', 'eTreffen', array ( - '1' => "Ja", - '0' => "Nein" - ), $news['Treffen']) . "
"; + $html .= "\n"; - $html .= "\n"; - $html .= "\n"; - $html .= "
"; + $html .= "\n"; + $html .= " \n"; + $html .= " \n"; + $html .= " \n"; + $html .= " \n"; + $html .= " \n"; + $html .= "
Datum" . + date("Y-m-d H:i", $news['Datum']) . "
Betreff
Text
Engel" . + UID2Nick($news["UID"]) . "
Treffen" . html_select_key('eTreffen', 'eTreffen', array ( + '1' => "Ja", + '0' => "Nein" + ), $news['Treffen']) . "
"; - $html .= "
\n"; - $html .= "\n"; - $html .= "\n"; - $html .= "
"; - } else - return error("No News found.", true); - break; + $html .= "\n"; + $html .= "\n"; + $html .= ""; - case 'save' : - if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) - $id = $_REQUEST['id']; - else - return error("Incomplete call, missing News ID.", true); + $html .= "
\n"; + $html .= "\n"; + $html .= "\n"; + $html .= "
"; + } else + return error("No News found.", true); + break; - $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); - if (count($news) > 0) { - list ($news) = $news; + case 'save' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing News ID.", true); - sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) . - "', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1"); - header("Location: " . page_link_to("news")); - } else - return error("No News found.", true); - break; + $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + if (count($news) > 0) { + list ($news) = $news; - case 'delete' : - if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) - $id = $_REQUEST['id']; - else - return error("Incomplete call, missing News ID.", true); + sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) . + "', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1"); + engelsystem_log("News updated: " . $_POST["eBetreff"]); + header("Location: " . page_link_to("news")); + } else + return error("No News found.", true); + break; - $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); - if (count($news) > 0) { - list ($news) = $news; + case 'delete' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing News ID.", true); - sql_query("DELETE FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); - header("Location: " . page_link_to("news")); - } else - return error("No News found.", true); - break; - } - } - return $html; + $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + if (count($news) > 0) { + list ($news) = $news; + + sql_query("DELETE FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + engelsystem_log("News deleted: " . $news['Betreff']); + header("Location: " . page_link_to("news")); + } else + return error("No News found.", true); + break; + } + } + return $html; } ?> \ No newline at end of file diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php index df5e9196..a85c8c0f 100644 --- a/includes/pages/admin_questions.php +++ b/includes/pages/admin_questions.php @@ -1,85 +1,87 @@ 0) - return '

Es gibt unbeantwortete Fragen!


'; - } + if ($new_messages > 0) + return '

Es gibt unbeantwortete Fragen!


'; + } - return ""; + return ""; } function admin_questions() { - global $user; + global $user; - if (!isset ($_REQUEST['action'])) { - $open_questions = ""; - $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0"); - foreach ($questions as $question) - $open_questions .= template_render( - '../templates/admin_question_unanswered.html', array ( - 'question_nick' => UID2Nick($question['UID']), - 'question_id' => $question['QID'], - 'link' => page_link_to("admin_questions"), - 'question' => str_replace("\n", '
', $question['Question']) - )); + if (!isset ($_REQUEST['action'])) { + $open_questions = ""; + $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0"); + foreach ($questions as $question) + $open_questions .= template_render( + '../templates/admin_question_unanswered.html', array ( + 'question_nick' => UID2Nick($question['UID']), + 'question_id' => $question['QID'], + 'link' => page_link_to("admin_questions"), + 'question' => str_replace("\n", '
', $question['Question']) + )); - $answered_questions = ""; - $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0"); + $answered_questions = ""; + $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0"); - foreach ($questions as $question) - $answered_questions .= template_render( - '../templates/admin_question_answered.html', array ( - 'question_id' => $question['QID'], - 'question_nick' => UID2Nick($question['UID']), - 'question' => str_replace("\n", "
", $question['Question']), - 'answer_nick' => UID2Nick($question['AID']), - 'answer' => str_replace("\n", "
", $question['Answer']), - 'link' => page_link_to("admin_questions"), - )); + foreach ($questions as $question) + $answered_questions .= template_render( + '../templates/admin_question_answered.html', array ( + 'question_id' => $question['QID'], + 'question_nick' => UID2Nick($question['UID']), + 'question' => str_replace("\n", "
", $question['Question']), + 'answer_nick' => UID2Nick($question['AID']), + 'answer' => str_replace("\n", "
", $question['Answer']), + 'link' => page_link_to("admin_questions"), + )); - return template_render('../templates/admin_questions.html', array ( - 'link' => page_link_to("admin_questions"), - 'open_questions' => $open_questions, - 'answered_questions' => $answered_questions - )); - } else { - switch ($_REQUEST['action']) { - case 'answer' : - if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) - $id = $_REQUEST['id']; - else - return error("Incomplete call, missing Question ID.", true); + return template_render('../templates/admin_questions.html', array ( + 'link' => page_link_to("admin_questions"), + 'open_questions' => $open_questions, + 'answered_questions' => $answered_questions + )); + } else { + switch ($_REQUEST['action']) { + case 'answer' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Question ID.", true); - $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); - if (count($question) > 0 && $question[0]['AID'] == "0") { - $answer = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer']))); + $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + if (count($question) > 0 && $question[0]['AID'] == "0") { + $answer = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer']))); - if ($answer != "") { - sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); - header("Location: " . page_link_to("admin_questions")); - } else - return error("Gib eine Antwort ein!", true); - } else - return error("No question found.", true); - break; - case 'delete' : - if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) - $id = $_REQUEST['id']; - else - return error("Incomplete call, missing Question ID.", true); + if ($answer != "") { + sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + engelsystem_log("Question " . $question[0]['Question'] . " answered: " . $answer); + header("Location: " . page_link_to("admin_questions")); + } else + return error("Gib eine Antwort ein!", true); + } else + return error("No question found.", true); + break; + case 'delete' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Question ID.", true); - $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); - if (count($question) > 0) { - sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); - header("Location: " . page_link_to("admin_questions")); - } else - return error("No question found.", true); - break; - } - } + $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + if (count($question) > 0) { + sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + engelsystem_log("Question deleted: " . $question[0]['Question']); + header("Location: " . page_link_to("admin_questions")); + } else + return error("No question found.", true); + break; + } + } } ?> diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php index 160316c6..b92ea6a8 100644 --- a/includes/pages/admin_rooms.php +++ b/includes/pages/admin_rooms.php @@ -77,17 +77,26 @@ function admin_rooms() { } if ($ok) { - if(isset($id)) + if(isset($id)) { sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`=" . sql_escape($id) . " LIMIT 1"); - else { + engelsystem_log("Room updated: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number); + } else { sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "'"); $id = sql_id(); + engelsystem_log("Room created: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number); } sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($id)); - foreach ($angeltypes_count as $angeltype_id => $angeltype_count) - sql_query("INSERT INTO `NeededAngelTypes` SET `room_id`=" . sql_escape($id) . ", `angel_type_id`=" . sql_escape($angeltype_id) . ", `count`=" . sql_escape($angeltype_count)); + $needed_angeltype_info = array(); + foreach ($angeltypes_count as $angeltype_id => $angeltype_count) { + $angeltype_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($angeltype_id) . " LIMIT 1"); + if(count($angeltype_source) > 0) { + sql_query("INSERT INTO `NeededAngelTypes` SET `room_id`=" . sql_escape($id) . ", `angel_type_id`=" . sql_escape($angeltype_id) . ", `count`=" . sql_escape($angeltype_count)); + $needed_angeltype_info[] = $angeltypes_source[0]['name'] . ": " . $angeltype_count; + } + } + engelsystem_log("Set needed angeltypes of room " . $name . " to: " . join(", ", $needed_angeltype_info)); success("Room saved."); redirect(page_link_to("admin_rooms")); } @@ -116,6 +125,8 @@ function admin_rooms() { if (isset ($_REQUEST['ack'])) { sql_query("DELETE FROM `Room` WHERE `RID`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($id) . " LIMIT 1"); + + engelsystem_log("Room deleted: " . $name); success(sprintf("Room %s deleted.", $name)); redirect(page_link_to('admin_rooms')); } diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php index 303c580c..f35fa312 100644 --- a/includes/pages/admin_shifts.php +++ b/includes/pages/admin_shifts.php @@ -233,11 +233,18 @@ function admin_shifts() { foreach ($_SESSION['admin_shifts_shifts'] as $shift) { sql_query("INSERT INTO `Shifts` SET `start`=" . sql_escape($shift['start']) . ", `end`=" . sql_escape($shift['end']) . ", `RID`=" . sql_escape($shift['RID']) . ", `name`='" . sql_escape($shift['name']) . "'"); $shift_id = sql_id(); + engelsystem_log("Shift created: " . $shift['name'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end'])); + $needed_angel_types_info = array(); foreach ($_SESSION['admin_shifts_types'] as $type_id => $count) { - sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count)); + $angel_type_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($type_id) . " LIMIT 1"); + if(count($angel_type_source) > 0) { + sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count)); + $needed_angel_types_info[] = $angel_type_source[0]['name'] . ": " . $count; + } } } + engelsystem_log("Shift needs following angel types: " . join(", ", $needed_angel_types_info)); $msg = success("Schichten angelegt.", true); } else { unset ($_SESSION['admin_shifts_shifts']); diff --git a/includes/pages/admin_user_angeltypes.php b/includes/pages/admin_user_angeltypes.php index b22178e0..38c4d9c8 100644 --- a/includes/pages/admin_user_angeltypes.php +++ b/includes/pages/admin_user_angeltypes.php @@ -8,16 +8,24 @@ function admin_user_angeltypes() { global $privileges; if (isset ($_REQUEST['confirm']) && test_request_int('confirm') && sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " AND `confirm_user_id` IS NULL") > 0) { - sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id`=" . sql_escape($_SESSION['uid']) . " WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " LIMIT 1"); - - success("Confirmed."); + $user_angel_type_source = sql_select("SELECT `UserAngelTypes`.*, `User`.`Nick`, `AngelTypes`.`name` FROM `UserAngelTypes` JOIN `User` ON `User`.`UID`=`UserAngelTypes`.`user_id` JOIN `AngelTypes` ON `AngelTypes`.`id`=`UserAngelTypes`.`angeltype_id` WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " LIMIT 1"); + if(count($user_angel_type_source) > 0) { + sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id`=" . sql_escape($_SESSION['uid']) . " WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " LIMIT 1"); + engelsystem_log("Confirmed " . $user_angel_type_source[0]['Nick'] . " as " . $user_angel_type_source[0]['name']); + success("Confirmed."); + } + else error("Entry not found."); redirect(page_link_to('admin_user_angeltypes')); } if (isset ($_REQUEST['discard']) && test_request_int('discard') && sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " AND `confirm_user_id` IS NULL") > 0) { - sql_query("DELETE FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " LIMIT 1"); - - success("Discarded."); + $user_angel_type_source = sql_select("SELECT `UserAngelTypes`.*, `User`.`Nick`, `AngelTypes`.`name` FROM `UserAngelTypes` JOIN `User` ON `User`.`UID`=`UserAngelTypes`.`user_id` JOIN `AngelTypes` ON `AngelTypes`.`id`=`UserAngelTypes`.`angeltype_id` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " LIMIT 1"); + if(count($user_angel_type_source) > 0) { + sql_query("DELETE FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " LIMIT 1"); + engelsystem_log("Discarded " . $user_angel_type_source[0]['Nick'] . " as " . $user_angel_type_source[0]['name']); + success("Discarded."); + } + else error("Entry not found."); redirect(page_link_to('admin_user_angeltypes')); } diff --git a/includes/sys_log.php b/includes/sys_log.php new file mode 100644 index 00000000..65c0aa41 --- /dev/null +++ b/includes/sys_log.php @@ -0,0 +1,19 @@ + \ No newline at end of file diff --git a/public/index.php b/public/index.php index 45555a2b..1773b54b 100644 --- a/public/index.php +++ b/public/index.php @@ -3,6 +3,7 @@ require_once ('bootstrap.php'); require_once ('includes/sys_auth.php'); require_once ('includes/sys_counter.php'); require_once ('includes/sys_lang.php'); +require_once ('includes/sys_log.php'); require_once ('includes/sys_menu.php'); require_once ('includes/sys_mysql.php'); require_once ('includes/sys_page.php'); From 51c6547610066912c0b0a3e6309cfb6b149aa0c2 Mon Sep 17 00:00:00 2001 From: Jan-Philipp Litza Date: Wed, 26 Dec 2012 16:58:09 +0100 Subject: [PATCH 02/14] advanced form in user administration for confirming angeltypes --- includes/pages/admin_user.php | 46 +++++++++++++++++++++++------------ includes/sys_mysql.php | 19 +++++++++++++++ includes/sys_template.php | 28 +++++++++++++++++++++ 3 files changed, 77 insertions(+), 16 deletions(-) diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index 5a986eca..a2ab7b07 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -92,28 +92,38 @@ function admin_user() { // UserAngelType subform list ($user_source) = sql_select($SQL); - $selected_angel_types_source = sql_select("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID'])); - $selected_angel_types = array (); - foreach ($selected_angel_types_source as $selected_angel_type) - $selected_angel_types[] = $selected_angel_type['angeltype_id']; + $selected_angel_types = sql_select_single_col("SELECT `angeltype_id` FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID'])); + $accepted_angel_types = sql_select_single_col("SELECT `angeltype_id` FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']) . " AND `confirm_user_id` IS NOT NULL"); + $nonrestricted_angel_types = sql_select_single_col("SELECT `id` FROM `AngelTypes` WHERE `restricted` = 0"); - $angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); - $angel_types = array (); + $angel_types_source = sql_select("SELECT `id`, `name` FROM `AngelTypes` ORDER BY `name`"); + $angel_types = array(); foreach ($angel_types_source as $angel_type) - $angel_types[$angel_type['id']] = $angel_type['name'] . ($angel_type['restricted'] ? " (restricted)" : ""); + $angel_types[$angel_type['id']] = $angel_type['name']; if (isset ($_REQUEST['submit_user_angeltypes'])) { - $selected_angel_types = array (); - foreach ($angel_types as $angel_type_id => $angel_type_name) { - if (isset ($_REQUEST['angel_types_' . $angel_type_id])) - $selected_angel_types[] = $angel_type_id; - } + $selected_angel_types = array_intersect($_REQUEST['selected_angel_types'], array_keys($angel_types)); + $accepted_angel_types = array_diff(array_intersect($_REQUEST['accepted_angel_types'], array_keys($angel_types)), $nonrestricted_angel_types); + if (in_array("admin_user_angeltypes", $privileges)) + $selected_angel_types = array_merge($selected_angel_types, $accepted_angel_types); // Assign angel-types - foreach ($angel_types_source as $angel_type) { - if (!in_array($angel_type['id'], $selected_angel_types)) - sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']) . " AND `angeltype_id`=" . sql_escape($angel_type['id']) . " LIMIT 1"); + sql_start_transaction(); + sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID'])); + if (!empty($selected_angel_types)) { + $SQL = "INSERT INTO `UserAngelTypes` (`user_id`, `angeltype_id`) VALUES "; + foreach ($selected_angel_types as $selected_angel_type_id) + $SQL .= "(${user_source['UID']}, ${selected_angel_type_id}),"; + // remove superfluous comma + $SQL = substr($SQL, 0, -1); + sql_query($SQL); + } + if (in_array("admin_user_angeltypes", $privileges)) { + sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id` = NULL WHERE `user_id` = " . sql_escape($user_source['UID'])); + if (!empty($accepted_angel_types)) + sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id` = '" . sql_escape($user['UID']) . "' WHERE `user_id` = '" . sql_escape($user_source['UID']) . "' AND `angeltype_id` IN (" . implode(',', $accepted_angel_types) . ")"); } + sql_stop_transaction(); foreach ($selected_angel_types as $selected_angel_type_id) { if (sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']) . " AND `angeltype_id`=" . sql_escape($selected_angel_type_id) . " LIMIT 1") == 0) { @@ -131,7 +141,11 @@ function admin_user() { $html .= form(array ( msg(), - form_checkboxes('angel_types', "Angeltypes", $angel_types, $selected_angel_types), + form_multi_checkboxes(array('selected_angel_types' => 'gewünscht', 'accepted_angel_types' => 'akzeptiert'), + "Angeltypes", + $angel_types, + array('selected_angel_types' => $selected_angel_types, 'accepted_angel_types' => array_merge($accepted_angel_types, $nonrestricted_angel_types)), + array('accepted_angel_types' => $nonrestricted_angel_types)), form_submit('submit_user_angeltypes', Get_Text("Save")) )); diff --git a/includes/sys_mysql.php b/includes/sys_mysql.php index e418ddb8..81747ec2 100644 --- a/includes/sys_mysql.php +++ b/includes/sys_mysql.php @@ -31,6 +31,12 @@ function sql_select($query) { } } +function sql_select_single_col($query) { + $result = sql_select($query); + return array_map('array_pop', $result); + +} + // Execute a query function sql_query($query) { global $con; @@ -59,4 +65,17 @@ function sql_error() { global $con; return mysql_error($con); } + +$sql_transaction_counter = 0; +function sql_start_transaction() { + global $sql_transaction_counter; + if ($sql_transaction_counter++ == 0) + sql_query("START TRANSACTION"); +} + +function sql_stop_transaction() { + global $sql_transaction_counter; + if ($sql_transaction_counter-- == 1) + sql_query("COMMIT"); +} ?> diff --git a/includes/sys_template.php b/includes/sys_template.php index 4e701879..a988ff23 100644 --- a/includes/sys_template.php +++ b/includes/sys_template.php @@ -36,6 +36,34 @@ function form_checkboxes($name, $label, $items, $selected) { return form_element($label, $html); } +/** + * Rendert eine Tabelle von Checkboxen für ein Formular + * @param names Assoziatives Array mit Namen der Checkboxen als Keys und Überschriften als Values + * @param label Die Beschriftung der gesamten Tabelle + * @param items Array mit den Beschriftungen der Zeilen + * @param selected Mehrdimensionales Array, wobei $selected[foo] ein Array der in der Datenreihe foo markierten Checkboxen ist + * @param disabled Wie selected, nur dass die entsprechenden Checkboxen deaktiviert statt markiert sind + */ +function form_multi_checkboxes($names, $label, $items, $selected, $disabled = array()) { + $html = ""; + foreach ($names as $title) + $html .= ""; + $html .= ""; + foreach ($items as $key => $item) { + $html .= ""; + foreach ($names as $name => $title) { + $id = $name . '_' . $key; + $sel = array_search($key, $selected[$name]) !== false ? ' checked="checked"' : ""; + if (!empty($disabled) && !empty($disabled[$name]) && array_search($key, $disabled[$name]) !== false) + $sel .= ' disabled="disabled"'; + $html .= ''; + } + $html .= ''; + } + $html .= "
$title
"; + return form_element($label, $html); +} + /** * Rendert eine Checkbox */ From 3cc2896376c4ef5b8d01320259010ba4e4576a3a Mon Sep 17 00:00:00 2001 From: Jan-Philipp Litza Date: Wed, 26 Dec 2012 17:27:27 +0100 Subject: [PATCH 03/14] multiply night shifts by 2 (confable with raw mysql) --- includes/pages/admin_active.php | 8 ++++---- install/default-conf/config.php | 15 +++++++++++---- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/includes/pages/admin_active.php b/includes/pages/admin_active.php index 0dabe568..241d0904 100644 --- a/includes/pages/admin_active.php +++ b/includes/pages/admin_active.php @@ -1,6 +1,6 @@ page_link_to('admin_active') )); } -?> \ No newline at end of file +?> diff --git a/install/default-conf/config.php b/install/default-conf/config.php index d27d809a..543d1dce 100644 --- a/install/default-conf/config.php +++ b/install/default-conf/config.php @@ -37,10 +37,6 @@ $gmdateOffset=3600; // für Developen 1, sonst = 0 $debug = 0; -// SSL Cert-KEY -$show_SSLCERT = "MD5:
MD5SED
\n". - "SHA1:
SHA1SED"; - //globale const. fuer schischtplan $GlobalZeileProStunde = 4; @@ -61,4 +57,15 @@ $PentabarfXMLEventID = "31"; /// Passord for external Authorization, function only active if the var is defined //$CurrentExternAuthPass = 23; +// multiply "night shifts" (start or end between 2 and 6 exclusive) by 2 +$shift_sum_formula = "SUM( + (1+( + (HOUR(FROM_UNIXTIME(`Shifts`.`end`)) > 2 AND HOUR(FROM_UNIXTIME(`Shifts`.`end`)) < 6) + OR (HOUR(FROM_UNIXTIME(`Shifts`.`start`)) > 2 AND HOUR(FROM_UNIXTIME(`Shifts`.`start`)) < 6) + OR (HOUR(FROM_UNIXTIME(`Shifts`.`start`)) <= 2 AND HOUR(FROM_UNIXTIME(`Shifts`.`end`)) >= 6) + ))*(`Shifts`.`end` - `Shifts`.`start`) +)"; + +// weigh every shift the same +//$shift_sum_formula = "SUM(`end` - `start`)"; ?> From fe6fab67be17cd271eb77294f33667a81c7ea156 Mon Sep 17 00:00:00 2001 From: Jan-Philipp Litza Date: Wed, 26 Dec 2012 18:14:23 +0100 Subject: [PATCH 04/14] filter free angels by angeltype --- includes/pages/admin_free.php | 20 ++++++++++++++++++-- templates/admin_free.html | 2 +- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/includes/pages/admin_free.php b/includes/pages/admin_free.php index d5e3bd36..d6f4b7a0 100644 --- a/includes/pages/admin_free.php +++ b/includes/pages/admin_free.php @@ -6,7 +6,22 @@ function admin_free() { if (isset ($_REQUEST['search'])) $search = strip_request_item('search'); - $users = sql_select("SELECT `User`.* FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID` AND `Shifts`.`start` < " . sql_escape(time()) . " AND `Shifts`.`end` > " . sql_escape(time()) . ") WHERE `User`.`Gekommen` = 1 AND `Shifts`.`SID` IS NULL GROUP BY `User`.`UID` ORDER BY `Nick`"); + $angeltypesearch = ""; + if (empty ($_REQUEST['angeltype'])) + $_REQUEST['angeltype'] = ''; + else { + $angeltypesearch = " INNER JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id` = '" . sql_escape($_REQUEST['angeltype']) . "' AND `UserAngelTypes`.`user_id` = `User`.`UID`"; + if (isset ($_REQUEST['confirmed_only'])) + $angeltypesearch .= " AND `UserAngelTypes`.`confirm_user_id`"; + $angeltypesearch .= ") "; + } + + $angel_types_source = sql_select("SELECT `id`, `name` FROM `AngelTypes` ORDER BY `name`"); + $angel_types = array('' => 'alle Typen'); + foreach ($angel_types_source as $angel_type) + $angel_types[$angel_type['id']] = $angel_type['name']; + + $users = sql_select("SELECT `User`.* FROM `User` ${angeltypesearch} LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID` AND `Shifts`.`start` < " . sql_escape(time()) . " AND `Shifts`.`end` > " . sql_escape(time()) . ") WHERE `User`.`Gekommen` = 1 AND `Shifts`.`SID` IS NULL GROUP BY `User`.`UID` ORDER BY `Nick`"); $table = ""; if ($search == "") @@ -41,8 +56,9 @@ function admin_free() { } return template_render('../templates/admin_free.html', array ( 'search' => $search, + 'angeltypes' => html_select_key('angeltype', 'angeltype', $angel_types, $_REQUEST['angeltype']), 'table' => $table, 'link' => page_link_to('admin_free') )); } -?> \ No newline at end of file +?> diff --git a/templates/admin_free.html b/templates/admin_free.html index 522de12b..35ac1afa 100644 --- a/templates/admin_free.html +++ b/templates/admin_free.html @@ -1,6 +1,6 @@

- Search Angel: + Search Angel: %angeltypes%

From e0e44fc8c3df2839e14c7914a6e665aea98435c9 Mon Sep 17 00:00:00 2001 From: Jan-Philipp Litza Date: Wed, 26 Dec 2012 20:39:54 +0100 Subject: [PATCH 05/14] added Atom feed for news and meetings --- db/update.d/21_Atom.php | 4 ++++ includes/pages/user_atom.php | 39 ++++++++++++++++++++++++++++++++++++ public/index.php | 5 +++++ templates/layout.html | 1 + 4 files changed, 49 insertions(+) create mode 100644 db/update.d/21_Atom.php create mode 100644 includes/pages/user_atom.php diff --git a/db/update.d/21_Atom.php b/db/update.d/21_Atom.php new file mode 100644 index 00000000..f592e0e6 --- /dev/null +++ b/db/update.d/21_Atom.php @@ -0,0 +1,4 @@ + 0; +?> diff --git a/includes/pages/user_atom.php b/includes/pages/user_atom.php new file mode 100644 index 00000000..fd28510f --- /dev/null +++ b/includes/pages/user_atom.php @@ -0,0 +1,39 @@ + + + Engelsystem + ' . $_SERVER['HTTP_HOST'] . htmlspecialchars(preg_replace('#[&?]key=[a-f0-9]{32}#', '', $_SERVER['REQUEST_URI'])) . ' + ' . date('Y-m-d\TH:i:sP', $news[0]['Datum']) . "\n"; + foreach ($news as $news_entry) { + $html .= " + " . htmlspecialchars($news_entry['Betreff']) . " + + " . preg_replace('#^https?://#', '', page_link_to_absolute("news")) . "-${news_entry['ID']} + " . date('Y-m-d\TH:i:sP', $news_entry['Datum']) . " + " . htmlspecialchars($news_entry['Text']) . " + \n"; + } + $html .= ""; + header("Content-Length: " . strlen($html)); + echo $html; + die(); +} +?> diff --git a/public/index.php b/public/index.php index 1773b54b..bd7e552d 100644 --- a/public/index.php +++ b/public/index.php @@ -40,6 +40,10 @@ if ($p == "ical") { require_once ('includes/pages/user_ical.php'); user_ical(); } +elseif ($p == "atom") { + require_once ('includes/pages/user_atom.php'); + user_atom(); +} // Recht dafür vorhanden? elseif (in_array($p, $privileges)) { if ($p == "news") { @@ -185,6 +189,7 @@ if (isset ($user) && $p != "admin_user_angeltypes") echo template_render('../templates/layout.html', array ( 'theme' => isset ($user) ? $user['color'] : $default_theme, 'title' => $title, + 'atom_link' => ($p == 'news' || $p == 'user_meetings')? '' : '', 'menu' => make_menu(), 'content' => $content )); diff --git a/templates/layout.html b/templates/layout.html index 695b6c9c..f6d19c6f 100644 --- a/templates/layout.html +++ b/templates/layout.html @@ -14,6 +14,7 @@ + %atom_link%
From 346209fbc2a4d439f7cc5f65ac8c0bc286cfa013 Mon Sep 17 00:00:00 2001 From: Jan-Philipp Litza Date: Wed, 26 Dec 2012 20:41:11 +0100 Subject: [PATCH 06/14] ignore more files --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index e30374fe..463fa802 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,5 @@ includes_old www-ssl_old .project .buildpath +.*.swp +_vimrc_local.vim From 0c9dccacfb733feb2a86324e0ec524c8f3b20697 Mon Sep 17 00:00:00 2001 From: Jan-Philipp Litza Date: Wed, 26 Dec 2012 23:15:08 +0100 Subject: [PATCH 07/14] allow angels to sign up for shifts whose types are not selected as preferred in settings and auto-prefer these types --- includes/pages/user_shifts.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php index d627e3a2..073c0d36 100644 --- a/includes/pages/user_shifts.php +++ b/includes/pages/user_shifts.php @@ -191,7 +191,7 @@ function user_shifts() { if (in_array('user_shifts_admin', $privileges)) $type = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($type_id) . " LIMIT 1"); else - $type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = " . sql_escape($type_id) . " AND `UserAngelTypes`.`user_id` = " . sql_escape($user['UID']) . " AND (`AngelTypes`.`restricted` = 0 OR NOT `UserAngelTypes`.`confirm_user_id` IS NULL) LIMIT 1"); + $type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = " . sql_escape($type_id) . " AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = " . sql_escape($user['UID']) . " AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1"); if (count($type) == 0) header("Location: " . page_link_to('user_shifts')); @@ -214,13 +214,13 @@ function user_shifts() { $user_id = $user['UID']; // TODO: Kollisionserkennung, andere Schichten zur gleichen Uhrzeit darf der Engel auch nicht belegt haben... - $entries = sql_select("SELECT * FROM `ShiftEntry` WHERE `SID`=" . sql_escape($shift['SID'])); - foreach ($entries as $entry) - if ($entry['UID'] == $user_id) + if (sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`='" . sql_escape($shift['SID']) . "' AND `UID` = '" . sql_escape($user_id) . "'")) return error("This angel does already have an entry for this shift.", true); $comment = strip_request_item_nl('comment'); sql_query("INSERT INTO `ShiftEntry` SET `Comment`='" . sql_escape($comment) . "', `UID`=" . sql_escape($user_id) . ", `TID`=" . sql_escape($selected_type_id) . ", `SID`=" . sql_escape($shift_id)); + if (sql_num_query("SELECT * FROM `UserAngelTypes` INNER JOIN `AngelTypes` ON `AngelTypes`.`id` = `UserAngelTypes`.`angeltype_id` WHERE `AngelTypes`.`restricted` = 0 AND `user_id` = '" . sql_escape($user_id) . "' AND `angeltype_id` = '" . sql_escape($selected_type_id) . "'") == 0) + sql_query("INSERT INTO `UserAngelTypes` (`user_id`, `angeltype_id`) VALUES ('" . sql_escape($user_id) . "', '" . sql_escape($selected_type_id) . "')"); success("Du bist eingetragen. Danke!" . ' Meine Schichten »'); redirect(page_link_to('user_shifts')); From 7c42769ab897f7fe7903d34523a8a6a5ff6a868b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philip=20H=C3=A4usler?= Date: Wed, 26 Dec 2012 19:53:27 +0100 Subject: [PATCH 08/14] #28 finnished logging --- includes/pages/admin_user.php | 23 +- includes/pages/guest_login.php | 7 +- includes/pages/user_myshifts.php | 172 +++++++------ includes/pages/user_news.php | 2 + includes/pages/user_settings.php | 400 ++++++++++++++++--------------- includes/pages/user_shifts.php | 26 +- includes/sys_user.php | 175 +++++++------- templates/user_questions.html | 2 +- 8 files changed, 423 insertions(+), 384 deletions(-) diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index a2ab7b07..a23abc0c 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -135,6 +135,7 @@ function admin_user() { } } + engelsystem_log("Set angeltypes of " . $user_source['Nick'] . " to: " . join(", ", $user_angel_type_info)); success("Angeltypes saved."); redirect(page_link_to('admin_user') . '&id=' . $user_source['UID']); } @@ -202,19 +203,26 @@ function admin_user() { $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($id) . " ORDER BY `group_id`"); if (count($my_highest_group) > 0 && (count($his_highest_group) == 0 || ($my_highest_group[0]['group_id'] <= $his_highest_group[0]['group_id']))) { - $groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group[0]['group_id']) . " ORDER BY `Groups`.`Name`"); + $groups_source = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group[0]['group_id']) . " ORDER BY `Groups`.`Name`"); + $groups = array(); $grouplist = array (); - foreach ($groups as $group) + foreach ($groups_source as $group) { + $groups[$group['UID']] = $group; $grouplist[] = $group['UID']; + } if (!is_array($_REQUEST['groups'])) $_REQUEST['groups'] = array (); sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id)); - foreach ($_REQUEST['groups'] as $group) - if (in_array($group, $grouplist)) - sql_query("INSERT INTO `UserGroups` SET `uid`=" . - sql_escape($id) . ", `group_id`=" . sql_escape($group)); + $user_groups_info = array(); + foreach ($_REQUEST['groups'] as $group) { + if (in_array($group, $grouplist)) { + sql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape($id) . ", `group_id`=" . sql_escape($group)); + $user_groups_info[] = $groups[$group]['Name']; + } + } + engelsystem_log("Set groups of " . $user_source['Nick'] . " to: " . join(", ", $user_groups_info)); $html .= success("Benutzergruppen gespeichert.", true); } else { $html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten.", true); @@ -229,6 +237,7 @@ function admin_user() { sql_query("DELETE FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id)); sql_query("UPDATE `ShiftEntry` SET `UID`=0, `Comment`=NULL WHERE `UID`=" . sql_escape($id)); + engelsystem_log("Deleted user " . $user_source['Nick']); $html .= success("Benutzer gelöscht!", true); } else { $html .= error("Du kannst Dich nicht selber löschen!", true); @@ -254,12 +263,14 @@ function admin_user() { "WHERE `UID` = '" . sql_escape($id) . "' LIMIT 1;"; sql_query($SQL); + engelsystem_log("Updated user: " . $_POST["eNick"] . ", " . $_POST["eSize"] . ", arrived: " . $_POST["eGekommen"] . ", active: " . $_POST["eAktiv"] . ", tshirt: " . $_POST["eTshirt"]); $html .= success("Änderung wurde gespeichert...\n", true); break; case 'change_pw' : if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) { set_password($id, $_REQUEST['new_pw']); + engelsystem_log("Set new password for " . $user_source['Nick']); $html .= success("Passwort neu gesetzt.", true); } else { $html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!", true); diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index db479388..073e2625 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -116,9 +116,12 @@ function guest_register() { set_password($user_id, $_REQUEST['password']); // Assign angel-types - foreach ($selected_angel_types as $selected_angel_type_id) + $user_angel_types_info = array(); + foreach ($selected_angel_types as $selected_angel_type_id) { sql_query("INSERT INTO `UserAngelTypes` SET `user_id`=" . sql_escape($user_id) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id)); - + $user_angel_types_info[] = $angel_types[$selected_angel_type_id]['name']; + } + engelsystem_log("User " . $nick . " signed up as: " . join(", ", $user_angel_types_info)); success(Get_Text("makeuser_writeOK4")); //if (!isset ($_SESSION['uid'])) redirect(page_link_to('login')); diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php index 2d1981fa..d8f94b81 100644 --- a/includes/pages/user_myshifts.php +++ b/includes/pages/user_myshifts.php @@ -3,100 +3,98 @@ // Zeigt die Schichten an, die ein Benutzer belegt function user_myshifts() { - global $LETZTES_AUSTRAGEN; - global $user, $privileges; - $msg = ""; + global $LETZTES_AUSTRAGEN; + global $user, $privileges; + $msg = ""; - if (isset ($_REQUEST['id']) && in_array("user_shifts_admin", $privileges) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_REQUEST['id'])) > 0) { - $id = $_REQUEST['id']; - } else { - $id = $user['UID']; - } + if (isset ($_REQUEST['id']) && in_array("user_shifts_admin", $privileges) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_REQUEST['id'])) > 0) { + $id = $_REQUEST['id']; + } else { + $id = $user['UID']; + } - list ($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + list ($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - if ($id != $user['UID']) - $msg .= info(sprintf("You are viewing %s's shifts.", $shifts_user['Nick']), true); + if ($id != $user['UID']) + $msg .= info(sprintf("You are viewing %s's shifts.", $shifts_user['Nick']), true); - if (isset ($_REQUEST['reset'])) { - if ($_REQUEST['reset'] == "ack") { - user_reset_ical_key($user); - success("Key geändert."); - redirect(page_link_to('user_myshifts')); - } - return template_render('../templates/user_myshifts_reset.html', array ()); - } - elseif (isset ($_REQUEST['edit']) && preg_match("/^[0-9]*$/", $_REQUEST['edit'])) { - $id = $_REQUEST['edit']; - $shift = sql_select("SELECT `ShiftEntry`.`Comment`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`name` as `angel_type` FROM `ShiftEntry` JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`) JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `ShiftEntry`.`id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1"); - if (count($shift) > 0) { - $shift = $shift[0]; + if (isset ($_REQUEST['reset'])) { + if ($_REQUEST['reset'] == "ack") { + user_reset_ical_key($user); + success("Key geändert."); + redirect(page_link_to('user_myshifts')); + } + return template_render('../templates/user_myshifts_reset.html', array ()); + } + elseif (isset ($_REQUEST['edit']) && preg_match("/^[0-9]*$/", $_REQUEST['edit'])) { + $id = $_REQUEST['edit']; + $shift = sql_select("SELECT `ShiftEntry`.`Comment`, `ShiftEntry`.`UID`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`name` as `angel_type` FROM `ShiftEntry` JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`) JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `ShiftEntry`.`id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1"); + if (count($shift) > 0) { + $shift = $shift[0]; - if (isset ($_REQUEST['submit'])) { - $comment = strip_request_item_nl('comment'); - sql_query("UPDATE `ShiftEntry` SET `Comment`='" . sql_escape($comment) . "' WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + if (isset ($_REQUEST['submit'])) { + $comment = strip_request_item_nl('comment'); + $user_source = User($shift['UID']); + sql_query("UPDATE `ShiftEntry` SET `Comment`='" . sql_escape($comment) . "' WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + engelsystem_log("Updated " . $user_source['Nick'] . "'s shift " . $shift['name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end']) . " with comment " . $comment); + success("Schicht gespeichert."); + redirect(page_link_to('user_myshifts')); + } - success("Schicht gespeichert."); - redirect(page_link_to('user_myshifts')); - } + return template_render('../templates/user_shifts_add.html', array ( + 'angel' => $shifts_user['Nick'], + 'date' => date("Y-m-d H:i", $shift['start']) . ', ' . shift_length($shift), + 'location' => $shift['Name'], + 'title' => $shift['name'], + 'type' => $shift['angel_type'], + 'comment' => $shift['Comment'] + )); + } else + redirect(page_link_to('user_myshifts')); + } + elseif (isset ($_REQUEST['cancel']) && preg_match("/^[0-9]*$/", $_REQUEST['cancel'])) { + $id = $_REQUEST['cancel']; + $shift = sql_select("SELECT * FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1"); + if (count($shift) > 0) { + $shift = $shift[0]; + if (($shift['start'] - time() < $LETZTES_AUSTRAGEN * 3600) || in_array('user_shifts_admin', $privileges)) { + sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + $msg .= success(Get_Text("pub_myshifts_signed_off"), true); + } else + $msg .= error(Get_Text("pub_myshifts_too_late"), true); + } else + redirect(page_link_to('user_myshifts')); + } + $shifts = sql_select("SELECT * FROM `ShiftEntry` JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `UID`=" . sql_escape($shifts_user['UID']) . " ORDER BY `start`"); - return template_render('../templates/user_shifts_add.html', array ( - 'angel' => $shifts_user['Nick'], - 'date' => date("Y-m-d H:i", $shift['start']) . ', ' . shift_length($shift), - 'location' => $shift['Name'], - 'title' => $shift['name'], - 'type' => $shift['angel_type'], - 'comment' => $shift['Comment'] - )); - } else - redirect(page_link_to('user_myshifts')); - } - elseif (isset ($_REQUEST['cancel']) && preg_match("/^[0-9]*$/", $_REQUEST['cancel'])) { - $id = $_REQUEST['cancel']; - $shift = sql_select("SELECT * FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1"); - if (count($shift) > 0) { - $shift = $shift[0]; - if (($shift['start'] - time() < $LETZTES_AUSTRAGEN * 3600) || in_array('user_shifts_admin', $privileges)) { - sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); - $msg .= success(Get_Text("pub_myshifts_signed_off"), true); - } else - $msg .= error(Get_Text("pub_myshifts_too_late"), true); - } else - redirect(page_link_to('user_myshifts')); - } - $shifts = sql_select("SELECT * FROM `ShiftEntry` JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `UID`=" . sql_escape($shifts_user['UID']) . " ORDER BY `start`"); + $html = ""; + foreach ($shifts as $shift) { + if (time() > $shift['end']) + $html .= '
'; + else + $html .= ''; + $html .= ''; + $html .= ''; + $html .= ''; + $html .= ''; + $html .= ''; + $html .= ''; + $html .= ''; + } + if ($html == "") + $html = ''; - $html = ""; - foreach ($shifts as $shift) { - if (time() > $shift['end']) - $html .= ''; - else - $html .= ''; - $html .= ''; - $html .= ''; - $html .= ''; - $html .= ''; - $html .= ''; - $html .= ''; - $html .= ''; - } - if ($html == "") - $html = ''; - - if ($shifts_user['ical_key'] == "") - user_reset_ical_key($shifts_user); - - return msg().template_render('../templates/user_myshifts.html', array ( - 'intro' => sprintf(Get_Text('pub_myshifts_intro'), $LETZTES_AUSTRAGEN), - 'shifts' => $html, - 'msg' => $msg, - 'ical_text' => sprintf(Get_Text('inc_schicht_ical_text'), - page_link_to_absolute('ical') . '&key=' . $shifts_user['ical_key'], - page_link_to('user_myshifts') . '&reset'), -)); + return msg().template_render('../templates/user_myshifts.html', array ( + 'intro' => sprintf(Get_Text('pub_myshifts_intro'), $LETZTES_AUSTRAGEN), + 'shifts' => $html, + 'msg' => $msg, + 'ical_text' => sprintf(Get_Text('inc_schicht_ical_text'), + page_link_to_absolute('ical') . '&key=' . $shifts_user['ical_key'], + page_link_to('user_myshifts') . '&reset'), + )); } ?> diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php index fcf2437c..95cc345e 100644 --- a/includes/pages/user_news.php +++ b/includes/pages/user_news.php @@ -58,6 +58,7 @@ function user_news_comments() { if (isset ($_REQUEST["text"])) { $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text'])); sql_query("INSERT INTO `news_comments` (`Refid`, `Datum`, `Text`, `UID`) VALUES ('" . sql_escape($nid) . "', '" . date("Y-m-d H:i:s") . "', '" . sql_escape($text) . "', '" . sql_escape($user["UID"]) . "')"); + engelsystem_log("Created news_comment: " . $text); $html .= success("Eintrag wurde gespeichert", true); } @@ -114,6 +115,7 @@ function user_news() { sql_query("INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) " . "VALUES ('" . sql_escape(time()) . "', '" . sql_escape($_POST["betreff"]) . "', '" . sql_escape($_POST["text"]) . "', '" . sql_escape($user['UID']) . "', '" . sql_escape($_POST["treffen"]) . "');"); + engelsystem_log("Created news: " . $_POST["betreff"] . ", treffen: " . $_POST["treffen"]); $html .= success(Get_Text(4), true); } diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php index 14dcf96f..70033d18 100644 --- a/includes/pages/user_settings.php +++ b/includes/pages/user_settings.php @@ -1,201 +1,207 @@ 1) { - $nick = strip_request_item('nick'); - if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) { - $ok = false; - $msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick3"), $nick), true); - } - } else { - $ok = false; - $msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick2"), strip_request_item('nick')), true); - } - - if (isset ($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) { - $mail = strip_request_item('mail'); - if (!check_email($mail)) { - $ok = false; - $msg .= error(Get_Text("makeuser_error_mail"), true); - } - } else { - $ok = false; - $msg .= error("Please enter your e-mail.", true); - } - - if (isset ($_REQUEST['icq'])) - $icq = strip_request_item('icq'); - if (isset ($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) { - $jabber = strip_request_item('jabber'); - if (!check_email($jabber)) { - $ok = false; - $msg .= error("Please check your jabber.", true); - } - } - - if (isset ($_REQUEST['tshirt_size']) && isset ($tshirt_sizes[$_REQUEST['tshirt_size']])) - $tshirt_size = $_REQUEST['tshirt_size']; - else { - $ok = false; - } - - $selected_angel_types = array (); - foreach ($angel_types as $angel_type_id => $angel_type_name) - if (isset ($_REQUEST['angel_types_' . $angel_type_id])) - $selected_angel_types[] = $angel_type_id; - - // Trivia - if (isset ($_REQUEST['lastname'])) - $lastname = strip_request_item('lastname'); - if (isset ($_REQUEST['prename'])) - $prename = strip_request_item('prename'); - if (isset ($_REQUEST['age']) && preg_match("/^[0-9]{0,4}$/", $_REQUEST['age'])) - $age = strip_request_item('age'); - if (isset ($_REQUEST['tel'])) - $tel = strip_request_item('tel'); - if (isset ($_REQUEST['dect'])) - $dect = strip_request_item('dect'); - if (isset ($_REQUEST['mobile'])) - $mobile = strip_request_item('mobile'); - if (isset ($_REQUEST['hometown'])) - $hometown = strip_request_item('hometown'); - - if ($ok) { - sql_query("UPDATE `User` SET `Nick`='" . sql_escape($nick) . "', `Vorname`='" . sql_escape($prename) . "', `Name`='" . sql_escape($lastname) . - "', `Alter`='" . sql_escape($age) . "', `Telefon`='" . sql_escape($tel) . "', `DECT`='" . sql_escape($dect) . "', `Handy`='" . sql_escape($mobile) . - "', `email`='" . sql_escape($mail) . "', `ICQ`='" . sql_escape($icq) . "', `jabber`='" . sql_escape($jabber) . "', `Size`='" . sql_escape($tshirt_size) . - "', `Hometown`='" . sql_escape($hometown) . "' WHERE `UID`=" . sql_escape($user['UID'])); - - // Assign angel-types - foreach ($angel_types_source as $angel_type) - if (!in_array($angel_type['id'], $selected_angel_types)) - sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID']) . " AND `angeltype_id`=" . sql_escape($angel_type['id']) . " LIMIT 1"); - - foreach ($selected_angel_types as $selected_angel_type_id) - if (sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID']) . " AND `angeltype_id`=" . sql_escape($selected_angel_type_id) . " LIMIT 1") == 0) - sql_query("INSERT INTO `UserAngelTypes` SET `user_id`=" . sql_escape($user['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id)); - - success("Settings saved."); - redirect(page_link_to('user_settings')); - } - } - elseif (isset ($_REQUEST['submit_password'])) { - $ok = true; - - if (!isset ($_REQUEST['password']) || !verify_password($_REQUEST['password'], $user['Passwort'], $user['UID'])) - $msg .= error(Get_Text(30), true); - elseif (strlen($_REQUEST['new_password']) < MIN_PASSWORD_LENGTH) - $msg .= error(Get_Text("makeuser_error_password2")); - elseif ($_REQUEST['new_password'] != $_REQUEST['new_password2']) - $msg .= error(Get_Text("makeuser_error_password1"), true); - elseif(set_password($user['UID'], $_REQUEST['new_password'])) - success("Password saved."); - else - error("Failed setting password."); - redirect(page_link_to('user_settings')); - } - elseif (isset ($_REQUEST['submit_theme'])) { - $ok = true; - - if (isset ($_REQUEST['theme']) && isset ($themes[$_REQUEST['theme']])) - $selected_theme = $_REQUEST['theme']; - else - $ok = false; - - if ($ok) { - sql_query("UPDATE `User` SET `color`='" . sql_escape($selected_theme) . "' WHERE `UID`=" . sql_escape($user['UID'])); - - success("Theme changed."); - redirect(page_link_to('user_settings')); - } - } - elseif (isset ($_REQUEST['submit_language'])) { - $ok = true; - - if (isset ($_REQUEST['language']) && isset ($languages[$_REQUEST['language']])) - $selected_language = $_REQUEST['language']; - else - $ok = false; - - if ($ok) { - sql_query("UPDATE `User` SET `Sprache`='" . sql_escape($selected_language) . "' WHERE `UID`=" . sql_escape($user['UID'])); - $_SESSION['Sprache'] = $selected_language; - - success("Language changed."); - redirect(page_link_to('user_settings')); - } - } - - return page(array ( - sprintf(Get_Text("Hallo") . "%s,
" . Get_Text(13), $user['Nick']), - $msg, - msg(), - form(array ( - form_info("", Get_Text("pub_einstellungen_Text_UserData")), - form_text('nick', Get_Text("makeuser_Nickname") . "*", $nick), - form_text('lastname', Get_Text("makeuser_Nachname"), $lastname), - form_text('prename', Get_Text("makeuser_Vorname"), $prename), - form_text('age', Get_Text("makeuser_Alter"), $age), - form_text('tel', Get_Text("makeuser_Telefon"), $tel), - form_text('dect', Get_Text("makeuser_DECT"), $dect), - form_text('mobile', Get_Text("makeuser_Handy"), $mobile), - form_text('mail', Get_Text("makeuser_E-Mail") . "*", $mail), - form_text('icq', "ICQ", $icq), - form_text('jabber', "Jabber", $jabber), - form_text('hometown', Get_Text("makeuser_Hometown"), $hometown), - $enable_tshirt_size ? form_select('tshirt_size', Get_Text("makeuser_T-Shirt"), $tshirt_sizes, $tshirt_size) : '', - form_checkboxes('angel_types', "What do you want to do?", $angel_types, $selected_angel_types), - form_submit('submit', Get_Text("save")) - )), - form(array ( - form_info("", Get_Text(14)), - form_password('password', Get_Text(15)), - form_password('new_password', Get_Text(16)), - form_password('new_password2', Get_Text(17)), - form_submit('submit_password', Get_Text("save")) - )), - form(array ( - form_info("", Get_Text(18)), - form_select('theme', Get_Text(19), $themes, $selected_theme), - form_submit('submit_theme', Get_Text("save")) - )), - form(array ( - form_info("", Get_Text(20)), - form_select('language', Get_Text(21), $languages, $selected_language), - form_submit('submit_language', Get_Text("save")) - )) - )); + global $enable_tshirt_size, $tshirt_sizes, $themes, $languages; + global $user; + + $msg = ""; + $nick = $user['Nick']; + $lastname = $user['Name']; + $prename = $user['Vorname']; + $age = $user['Alter']; + $tel = $user['Telefon']; + $dect = $user['DECT']; + $mobile = $user['Handy']; + $mail = $user['email']; + $icq = $user['ICQ']; + $jabber = $user['jabber']; + $hometown = $user['Hometown']; + $tshirt_size = $user['Size']; + $password_hash = ""; + $selected_theme = $user['color']; + $selected_language = $user['Sprache']; + + $selected_angel_types_source = sql_select("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID'])); + $selected_angel_types = array (); + foreach ($selected_angel_types_source as $selected_angel_type) + $selected_angel_types[] = $selected_angel_type['angeltype_id']; + + $angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); + $angel_types = array (); + foreach ($angel_types_source as $angel_type) + $angel_types[$angel_type['id']] = $angel_type['name'] . ($angel_type['restricted'] ? " (restricted)" : ""); + + if (isset ($_REQUEST['submit'])) { + $ok = true; + + if (isset ($_REQUEST['nick']) && strlen(strip_request_item('nick')) > 1) { + $nick = strip_request_item('nick'); + if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) { + $ok = false; + $msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick3"), $nick), true); + } + } else { + $ok = false; + $msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick2"), strip_request_item('nick')), true); + } + + if (isset ($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) { + $mail = strip_request_item('mail'); + if (!check_email($mail)) { + $ok = false; + $msg .= error(Get_Text("makeuser_error_mail"), true); + } + } else { + $ok = false; + $msg .= error("Please enter your e-mail.", true); + } + + if (isset ($_REQUEST['icq'])) + $icq = strip_request_item('icq'); + if (isset ($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) { + $jabber = strip_request_item('jabber'); + if (!check_email($jabber)) { + $ok = false; + $msg .= error("Please check your jabber.", true); + } + } + + if (isset ($_REQUEST['tshirt_size']) && isset ($tshirt_sizes[$_REQUEST['tshirt_size']])) + $tshirt_size = $_REQUEST['tshirt_size']; + else { + $ok = false; + } + + $selected_angel_types = array (); + foreach ($angel_types as $angel_type_id => $angel_type_name) + if (isset ($_REQUEST['angel_types_' . $angel_type_id])) + $selected_angel_types[] = $angel_type_id; + + // Trivia + if (isset ($_REQUEST['lastname'])) + $lastname = strip_request_item('lastname'); + if (isset ($_REQUEST['prename'])) + $prename = strip_request_item('prename'); + if (isset ($_REQUEST['age']) && preg_match("/^[0-9]{0,4}$/", $_REQUEST['age'])) + $age = strip_request_item('age'); + if (isset ($_REQUEST['tel'])) + $tel = strip_request_item('tel'); + if (isset ($_REQUEST['dect'])) + $dect = strip_request_item('dect'); + if (isset ($_REQUEST['mobile'])) + $mobile = strip_request_item('mobile'); + if (isset ($_REQUEST['hometown'])) + $hometown = strip_request_item('hometown'); + + if ($ok) { + sql_query("UPDATE `User` SET `Nick`='" . sql_escape($nick) . "', `Vorname`='" . sql_escape($prename) . "', `Name`='" . sql_escape($lastname) . + "', `Alter`='" . sql_escape($age) . "', `Telefon`='" . sql_escape($tel) . "', `DECT`='" . sql_escape($dect) . "', `Handy`='" . sql_escape($mobile) . + "', `email`='" . sql_escape($mail) . "', `ICQ`='" . sql_escape($icq) . "', `jabber`='" . sql_escape($jabber) . "', `Size`='" . sql_escape($tshirt_size) . + "', `Hometown`='" . sql_escape($hometown) . "' WHERE `UID`=" . sql_escape($user['UID'])); + + // Assign angel-types + $user_angel_type_info = array(); + foreach ($angel_types_source as $angel_type) { + if (!in_array($angel_type['id'], $selected_angel_types)) + sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID']) . " AND `angeltype_id`=" . sql_escape($angel_type['id']) . " LIMIT 1"); + else + $user_angel_type_info[] = $angel_type['name']; + } + + foreach ($selected_angel_types as $selected_angel_type_id) { + if (sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID']) . " AND `angeltype_id`=" . sql_escape($selected_angel_type_id) . " LIMIT 1") == 0) + sql_query("INSERT INTO `UserAngelTypes` SET `user_id`=" . sql_escape($user['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id)); + } + + engelsystem_log("Own angel types set to: " . join(", ", $user_angel_type_info)); + success("Settings saved."); + redirect(page_link_to('user_settings')); + } + } + elseif (isset ($_REQUEST['submit_password'])) { + $ok = true; + + if (!isset ($_REQUEST['password']) || !verify_password($_REQUEST['password'], $user['Passwort'], $user['UID'])) + $msg .= error(Get_Text(30), true); + elseif (strlen($_REQUEST['new_password']) < MIN_PASSWORD_LENGTH) + $msg .= error(Get_Text("makeuser_error_password2")); + elseif ($_REQUEST['new_password'] != $_REQUEST['new_password2']) + $msg .= error(Get_Text("makeuser_error_password1"), true); + elseif(set_password($user['UID'], $_REQUEST['new_password'])) + success("Password saved."); + else + error("Failed setting password."); + redirect(page_link_to('user_settings')); + } + elseif (isset ($_REQUEST['submit_theme'])) { + $ok = true; + + if (isset ($_REQUEST['theme']) && isset ($themes[$_REQUEST['theme']])) + $selected_theme = $_REQUEST['theme']; + else + $ok = false; + + if ($ok) { + sql_query("UPDATE `User` SET `color`='" . sql_escape($selected_theme) . "' WHERE `UID`=" . sql_escape($user['UID'])); + + success("Theme changed."); + redirect(page_link_to('user_settings')); + } + } + elseif (isset ($_REQUEST['submit_language'])) { + $ok = true; + + if (isset ($_REQUEST['language']) && isset ($languages[$_REQUEST['language']])) + $selected_language = $_REQUEST['language']; + else + $ok = false; + + if ($ok) { + sql_query("UPDATE `User` SET `Sprache`='" . sql_escape($selected_language) . "' WHERE `UID`=" . sql_escape($user['UID'])); + $_SESSION['Sprache'] = $selected_language; + + success("Language changed."); + redirect(page_link_to('user_settings')); + } + } + + return page(array ( + sprintf(Get_Text("Hallo") . "%s,
" . Get_Text(13), $user['Nick']), + $msg, + msg(), + form(array ( + form_info("", Get_Text("pub_einstellungen_Text_UserData")), + form_text('nick', Get_Text("makeuser_Nickname") . "*", $nick), + form_text('lastname', Get_Text("makeuser_Nachname"), $lastname), + form_text('prename', Get_Text("makeuser_Vorname"), $prename), + form_text('age', Get_Text("makeuser_Alter"), $age), + form_text('tel', Get_Text("makeuser_Telefon"), $tel), + form_text('dect', Get_Text("makeuser_DECT"), $dect), + form_text('mobile', Get_Text("makeuser_Handy"), $mobile), + form_text('mail', Get_Text("makeuser_E-Mail") . "*", $mail), + form_text('icq', "ICQ", $icq), + form_text('jabber', "Jabber", $jabber), + form_text('hometown', Get_Text("makeuser_Hometown"), $hometown), + $enable_tshirt_size ? form_select('tshirt_size', Get_Text("makeuser_T-Shirt"), $tshirt_sizes, $tshirt_size) : '', + form_checkboxes('angel_types', "What do you want to do?", $angel_types, $selected_angel_types), + form_submit('submit', Get_Text("save")) + )), + form(array ( + form_info("", Get_Text(14)), + form_password('password', Get_Text(15)), + form_password('new_password', Get_Text(16)), + form_password('new_password2', Get_Text(17)), + form_submit('submit_password', Get_Text("save")) + )), + form(array ( + form_info("", Get_Text(18)), + form_select('theme', Get_Text(19), $themes, $selected_theme), + form_submit('submit_theme', Get_Text("save")) + )), + form(array ( + form_info("", Get_Text(20)), + form_select('language', Get_Text(21), $languages, $selected_language), + form_submit('submit_language', Get_Text("save")) + )) + )); } ?> diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php index d627e3a2..3fb8e91f 100644 --- a/includes/pages/user_shifts.php +++ b/includes/pages/user_shifts.php @@ -9,8 +9,15 @@ function user_shifts() { else redirect(page_link_to('user_shifts')); - sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($entry_id) . " LIMIT 1"); - success("Der Schicht-Eintrag wurde gelöscht."); + $shift_entry_source = sql_select("SELECT `User`.`Nick`, `ShiftEntry`.`Comment`, `ShiftEntry`.`UID`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`name` as `angel_type` FROM `ShiftEntry` JOIN `User` ON (`User`.`UID`=`ShiftEntry`.`UID`) JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`) JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `ShiftEntry`.`id`=" . sql_escape($entry_id) . " LIMIT 1"); + if(count($shift_entry_source) > 0) { + $shift_entry_source = $shift_entry_source[0]; + sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($entry_id) . " LIMIT 1"); + + engelsystem_log("Deleted " . $shift_entry_source['Nick'] . "'s shift: " . $shift_entry_source['name'] . " at " . $shift_entry_source['Name'] . " from " . date("y-m-d H:i", $shift_entry_source['start']) . " to " . date("y-m-d H:i", $shift_entry_source['end']) . " as " . $shift_entry_source['angel_type']); + success("Der Schicht-Eintrag wurde gelöscht."); + } + else error("Entry not found."); redirect(page_link_to('user_shifts')); } // Schicht bearbeiten @@ -43,9 +50,12 @@ function user_shifts() { // Engeltypen laden $types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); + $angel_types = array(); $needed_angel_types = array (); - foreach ($types as $type) + foreach ($types as $type) { + $angel_types[$type['id']] = $type; $needed_angel_types[$type['id']] = 0; + } // Benötigte Engeltypen vom Raum $needed_angel_types_source = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `AngelTypes` LEFT JOIN `NeededAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id` AND `NeededAngelTypes`.`room_id`=" . sql_escape($shift['RID']) . ") ORDER BY `AngelTypes`.`name`"); @@ -110,8 +120,13 @@ function user_shifts() { if ($ok) { sql_query("UPDATE `Shifts` SET `start`=" . sql_escape($start) . ", `end`=" . sql_escape($end) . ", `RID`=" . sql_escape($rid) . ", `name`='" . sql_escape($name) . "' WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1"); sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`=" . sql_escape($shift_id)); - foreach ($needed_angel_types as $type_id => $count) + $needed_angel_types_info = array(); + foreach ($needed_angel_types as $type_id => $count) { sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count)); + $needed_angel_types_info[] = $angel_types[$type_id]; + } + + engelsystem_log("Updated shift " . $name . " from " . date("y-m-d H:i", $start) . " to " . date("y-m-d H:i", $end) . " with angel types " . join(", ", $needed_angel_types_info)); success("Schicht gespeichert."); redirect(page_link_to('user_shifts')); } @@ -155,6 +170,7 @@ function user_shifts() { sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`=" . sql_escape($shift_id)); sql_query("DELETE FROM `Shifts` WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1"); + engelsystem_log("Deleted shift " . $shift['name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end'])); success("Die Schicht wurde gelöscht."); redirect(page_link_to('user_shifts')); } @@ -222,6 +238,8 @@ function user_shifts() { $comment = strip_request_item_nl('comment'); sql_query("INSERT INTO `ShiftEntry` SET `Comment`='" . sql_escape($comment) . "', `UID`=" . sql_escape($user_id) . ", `TID`=" . sql_escape($selected_type_id) . ", `SID`=" . sql_escape($shift_id)); + $user_source = User($user_id); + engelsystem_log("User " . $user_source['Nick'] . " signed up for shift " . $shift['name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end'])); success("Du bist eingetragen. Danke!" . ' Meine Schichten »'); redirect(page_link_to('user_shifts')); } diff --git a/includes/sys_user.php b/includes/sys_user.php index 20d9eca0..88002706 100644 --- a/includes/sys_user.php +++ b/includes/sys_user.php @@ -6,125 +6,126 @@ */ $tshirt_sizes = array ( '' => "Please select...", - 'S' => "S", - 'M' => "M", - 'L' => "L", - 'XL' => "XL", - '2XL' => "2XL", - '3XL' => "3XL", - '4XL' => "4XL", - '5XL' => "5XL", - 'S-G' => "S Girl", - 'M-G' => "M Girl", - 'L-G' => "L Girl", - 'XL-G' => "XL Girl" + 'S' => "S", + 'M' => "M", + 'L' => "L", + 'XL' => "XL", + '2XL' => "2XL", + '3XL' => "3XL", + '4XL' => "4XL", + '5XL' => "5XL", + 'S-G' => "S Girl", + 'M-G' => "M Girl", + 'L-G' => "L Girl", + 'XL-G' => "XL Girl" ); function user_reset_ical_key($user) { - $user['ical_key'] = md5($user['Nick'] . time() . rand()); - sql_query("UPDATE `User` SET `ical_key`='" . sql_escape($user['ical_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1"); + $user['ical_key'] = md5($user['Nick'] . time() . rand()); + sql_query("UPDATE `User` SET `ical_key`='" . sql_escape($user['ical_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1"); + engelsystem_log("iCal key resetted."); } function UID2Nick($UID) { - if ($UID > 0) - $SQL = "SELECT Nick FROM `User` WHERE UID='" . sql_escape($UID) . "'"; - else - $SQL = "SELECT Name FROM `Groups` WHERE UID='" . sql_escape($UID) . "'"; - - $Erg = sql_select($SQL); - - if (count($Erg) > 0) { - if ($UID > 0) - return $Erg[0]['Nick']; - else - return "Group-" . $Erg[0]['Name']; - } else { - if ($UID == -1) - return "Guest"; - else - return "UserID $UID not found"; - } + if ($UID > 0) + $SQL = "SELECT Nick FROM `User` WHERE UID='" . sql_escape($UID) . "'"; + else + $SQL = "SELECT Name FROM `Groups` WHERE UID='" . sql_escape($UID) . "'"; + + $Erg = sql_select($SQL); + + if (count($Erg) > 0) { + if ($UID > 0) + return $Erg[0]['Nick']; + else + return "Group-" . $Erg[0]['Name']; + } else { + if ($UID == -1) + return "Guest"; + else + return "UserID $UID not found"; + } } function TID2Type($TID) { - global $con; + global $con; - $SQL = "SELECT Name FROM `EngelType` WHERE TID='" . sql_escape($TID) . "'"; - $Erg = mysql_query($SQL, $con); + $SQL = "SELECT Name FROM `EngelType` WHERE TID='" . sql_escape($TID) . "'"; + $Erg = mysql_query($SQL, $con); - if (mysql_num_rows($Erg)) - return mysql_result($Erg, 0); - else - return ""; + if (mysql_num_rows($Erg)) + return mysql_result($Erg, 0); + else + return ""; } function ReplaceSmilies($neueckig) { - $neueckig = str_replace(";o))", "", $neueckig); - $neueckig = str_replace(":-))", "", $neueckig); - $neueckig = str_replace(";o)", "", $neueckig); - $neueckig = str_replace(":)", "", $neueckig); - $neueckig = str_replace(":-)", "", $neueckig); - $neueckig = str_replace(":(", "", $neueckig); - $neueckig = str_replace(":-(", "", $neueckig); - $neueckig = str_replace(":o(", "", $neueckig); - $neueckig = str_replace(":o)", "", $neueckig); - $neueckig = str_replace(";o(", "", $neueckig); - $neueckig = str_replace(";(", "", $neueckig); - $neueckig = str_replace(";-(", "", $neueckig); - $neueckig = str_replace("8)", "", $neueckig); - $neueckig = str_replace("8o)", "", $neueckig); - $neueckig = str_replace(":P", "", $neueckig); - $neueckig = str_replace(":-P", "", $neueckig); - $neueckig = str_replace(":oP", "", $neueckig); - $neueckig = str_replace(";P", "", $neueckig); - $neueckig = str_replace(";oP", "", $neueckig); - $neueckig = str_replace("?)", "", $neueckig); - - return $neueckig; + $neueckig = str_replace(";o))", "", $neueckig); + $neueckig = str_replace(":-))", "", $neueckig); + $neueckig = str_replace(";o)", "", $neueckig); + $neueckig = str_replace(":)", "", $neueckig); + $neueckig = str_replace(":-)", "", $neueckig); + $neueckig = str_replace(":(", "", $neueckig); + $neueckig = str_replace(":-(", "", $neueckig); + $neueckig = str_replace(":o(", "", $neueckig); + $neueckig = str_replace(":o)", "", $neueckig); + $neueckig = str_replace(";o(", "", $neueckig); + $neueckig = str_replace(";(", "", $neueckig); + $neueckig = str_replace(";-(", "", $neueckig); + $neueckig = str_replace("8)", "", $neueckig); + $neueckig = str_replace("8o)", "", $neueckig); + $neueckig = str_replace(":P", "", $neueckig); + $neueckig = str_replace(":-P", "", $neueckig); + $neueckig = str_replace(":oP", "", $neueckig); + $neueckig = str_replace(";P", "", $neueckig); + $neueckig = str_replace(";oP", "", $neueckig); + $neueckig = str_replace("?)", "", $neueckig); + + return $neueckig; } function GetPictureShow($UID) { - global $con; + global $con; - $SQL = "SELECT `show` FROM `UserPicture` WHERE `UID`='" . sql_escape($UID) . "'"; - $res = mysql_query($SQL, $con); + $SQL = "SELECT `show` FROM `UserPicture` WHERE `UID`='" . sql_escape($UID) . "'"; + $res = mysql_query($SQL, $con); - if (mysql_num_rows($res) == 1) - return mysql_result($res, 0, 0); - else - return ""; + if (mysql_num_rows($res) == 1) + return mysql_result($res, 0, 0); + else + return ""; } function displayPicture($UID, $height = "30") { - global $url, $ENGEL_ROOT; + global $url, $ENGEL_ROOT; - if ($height > 0) - return ("
\"picture
"); - else - return ("
\"picture
"); + if ($height > 0) + return ("
\"picture
"); + else + return ("
\"picture
"); } function displayavatar($UID, $height = "30") { - global $con, $url, $ENGEL_ROOT; + global $con, $url, $ENGEL_ROOT; - if (GetPictureShow($UID) == 'Y') - return " " . displayPicture($UID, $height); + if (GetPictureShow($UID) == 'Y') + return " " . displayPicture($UID, $height); - $user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($UID) . " LIMIT 1"); - if (count($user) > 0) - if ($user[0]['Avatar'] > 0) - return '
' . (" ") . '
'; + $user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($UID) . " LIMIT 1"); + if (count($user) > 0) + if ($user[0]['Avatar'] > 0) + return '
' . (" ") . '
'; } function UIDgekommen($UID) { - global $con; + global $con; - $SQL = "SELECT `Gekommen` FROM `User` WHERE UID='" . sql_escape($UID) . "'"; - $Erg = mysql_query($SQL, $con); + $SQL = "SELECT `Gekommen` FROM `User` WHERE UID='" . sql_escape($UID) . "'"; + $Erg = mysql_query($SQL, $con); - if (mysql_num_rows($Erg)) - return mysql_result($Erg, 0); - else - return "0"; + if (mysql_num_rows($Erg)) + return mysql_result($Erg, 0); + else + return "0"; } ?> diff --git a/templates/user_questions.html b/templates/user_questions.html index 4cbe0338..0167ba6d 100644 --- a/templates/user_questions.html +++ b/templates/user_questions.html @@ -43,7 +43,7 @@
' . date("Y-m-d", $shift['start']) . '' . date("H:i", $shift['start']) . ' - ' . date("H:i", $shift['end']) . '' . $shift['Name'] . '' . $shift['name'] . '' . $shift['Comment'] . ''; + $html .= '' . Get_Text('edit') . ''; + if ($shift['start'] - time() > $LETZTES_AUSTRAGEN * 3600) + $html .= ' | ' . Get_Text('sign_off') . ''; + $html .= '
' . ucfirst(Get_Text('none')) . '...' . sprintf(Get_Text('pub_myshifts_goto_shifts'), page_link_to('user_shifts')) . '
' . date("Y-m-d", $shift['start']) . '' . date("H:i", $shift['start']) . ' - ' . date("H:i", $shift['end']) . '' . $shift['Name'] . '' . $shift['name'] . '' . $shift['Comment'] . ''; - $html .= '' . Get_Text('edit') . ''; - if ($shift['start'] - time() > $LETZTES_AUSTRAGEN * 3600) - $html .= ' | ' . Get_Text('sign_off') . ''; - $html .= '
' . ucfirst(Get_Text('none')) . '...' . sprintf(Get_Text('pub_myshifts_goto_shifts'), page_link_to('user_shifts')) . '

- Frage einen Orga: + Frage einen Erzengel:

From 74098af09d11d0af1292b17e6df0483a303b6cce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philip=20H=C3=A4usler?= Date: Wed, 26 Dec 2012 20:36:31 +0100 Subject: [PATCH 09/14] #28 finnished logging --- includes/model/LogEntries_model.php | 7 ++- includes/pages/admin_log.php | 86 +++++------------------------ public/index.php | 3 + 3 files changed, 24 insertions(+), 72 deletions(-) diff --git a/includes/model/LogEntries_model.php b/includes/model/LogEntries_model.php index d8615f0e..5659c0ee 100644 --- a/includes/model/LogEntries_model.php +++ b/includes/model/LogEntries_model.php @@ -6,10 +6,15 @@ * @param $message Log Message */ function LogEntry_create($nick, $message) { - $timestamp = date(); + $timestamp = time(); sql_query("INSERT INTO `LogEntries` SET `timestamp`=" . sql_escape($timestamp) . ", `nick`='" . sql_escape($nick) . "', `message`='" . sql_escape($message) . "'"); } +function LogEntries() { + $log_entries_source = sql_select("SELECT * FROM `LogEntries` WHERE `timestamp` > " . (time() - 24*60*60) . " LIMIT 1000"); + return $log_entries_source; +} + ?> \ No newline at end of file diff --git a/includes/pages/admin_log.php b/includes/pages/admin_log.php index 4a29a496..ce30a246 100644 --- a/includes/pages/admin_log.php +++ b/includes/pages/admin_log.php @@ -1,76 +1,20 @@ 0) { - $html .= "
\n"; - $html .= "\n\t\n\t\n\t\n\t\n\n"; - for ($n = 0; $n < mysql_num_rows($Erg); $n++) { - $html .= "\n"; - $html .= "\t\n"; - $html .= "\t\n"; - $html .= "\t\n"; - $html .= "\t\n"; - $html .= "\n"; - } - $html .= "
TimeUserCommendSQL Command
" . mysql_result($Erg, $n, "Time") . "" . UID2Nick(mysql_result($Erg, $n, "UID")) . displayavatar(mysql_result($Erg, $n, "UID")) . "" . mysql_result($Erg, $n, "Commend") . "" . mysql_result($Erg, $n, "SQLCommad") . "
\n"; - } else { - $html .= "Log is empty..."; - } - $html .= "
"; - - $html .= "

Web Counter

"; - $html .= funktion_db_list("Counter"); - - /* - $html .= "

Raeume


"; - funktion_db_list("Raeume"); - - $html .= "

Schichtbelegung


"; - funktion_db_list("Schichtbelegung"); - - $html .= "

Schichtplan


Hier findest du alle bisher eingetragenen Schichten:"; - funktion_db_list("Schichtplan"); - - $html .= "

User


"; - funktion_db_list("User"); - - $html .= "

News


"; - funktion_db_list("News"); - - $html .= "

FAQ


"; - funktion_db_list("FAQ"); - - $html .= "Deaktiviert"; - */ - - $html .= "
\n"; - $html .= funktion_db_element_list_2row("Tshirt-Size aller engel", "SELECT `Size`, COUNT(`Size`) FROM `User` GROUP BY `Size`"); - $html .= "
\n"; - $html .= funktion_db_element_list_2row("Tshirt ausgegeben", "SELECT `Size`, COUNT(`Size`) FROM `User` WHERE `Tshirt`='1' GROUP BY `Size`"); - $html .= "
\n"; - $html .= funktion_db_element_list_2row("Tshirt nicht ausgegeben (Gekommen=1)", "SELECT COUNT(`Size`), `Size` FROM `User` WHERE `Gekommen`='1' and `Tshirt`='0' GROUP BY `Size`"); - - $html .= "
\n"; - $html .= funktion_db_element_list_2row("Hometown", "SELECT COUNT(`Hometown`), `Hometown` FROM `User` GROUP BY `Hometown`"); - $html .= "
\n"; - $html .= funktion_db_element_list_2row("Engeltypen", "SELECT COUNT(`Art`), `Art` FROM `User` GROUP BY `Art`"); - - $html .= "
\n"; - $html .= funktion_db_element_list_2row("Gesamte Arbeit", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID)"); - $html .= "
\n"; - $html .= funktion_db_element_list_2row("Geleistete Arbeit", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (ShiftEntry.UID!=0)"); - - $html .= "
\n"; - $html .= funktion_db_element_list_2row("Gesamte Arbeit (Ohne Raum Aufbau (RID=7)", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (Shifts.RID!=7)"); - $html .= "
\n"; - $html .= funktion_db_element_list_2row("Geleistete Arbeit (Ohne Raum Aufbau (RID=7)", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (ShiftEntry.UID!=0) AND (Shifts.RID!=7)"); - - return $html; + $log_entries_source = LogEntries(); + $log_entries = array(); + foreach($log_entries_source as $log_entry) { + $log_entry['date'] = date("H:i", $log_entry['timestamp']); + $log_entries[] = $log_entry; + } + + return page(array( + msg(), + table(array( + 'date' => "Time", + 'nick' => "Angel", + 'message' => "Log Entry" + ), $log_entries) + )); } ?> diff --git a/public/index.php b/public/index.php index bd7e552d..a7efbd86 100644 --- a/public/index.php +++ b/public/index.php @@ -11,6 +11,9 @@ require_once ('includes/sys_shift.php'); require_once ('includes/sys_template.php'); require_once ('includes/sys_user.php'); +require_once ('includes/model/LogEntries_model.php'); +require_once ('includes/model/User_model.php'); + require_once ('config/config.php'); require_once ('config/config_db.php'); From 12fb781946ee73e6fdabe11dee236597270f5e00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philip=20H=C3=A4usler?= Date: Thu, 27 Dec 2012 02:07:49 +0100 Subject: [PATCH 10/14] #28 finnished logging --- includes/pages/admin_user.php | 25 +++++++++---------------- 1 file changed, 9 insertions(+), 16 deletions(-) diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index a23abc0c..8d900c1b 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -110,10 +110,13 @@ function admin_user() { // Assign angel-types sql_start_transaction(); sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID'])); + $user_angel_type_info = array(); if (!empty($selected_angel_types)) { $SQL = "INSERT INTO `UserAngelTypes` (`user_id`, `angeltype_id`) VALUES "; - foreach ($selected_angel_types as $selected_angel_type_id) - $SQL .= "(${user_source['UID']}, ${selected_angel_type_id}),"; + foreach ($selected_angel_types as $selected_angel_type_id) { + $SQL .= "(" . $user_source['UID'] . ", " . $selected_angel_type_id . "),"; + $user_angel_type_info[] = $angel_types[$selected_angel_type_id] . (in_array($selected_angel_type_id, $accepted_angel_types) ? ' (confirmed)' : ''); + } // remove superfluous comma $SQL = substr($SQL, 0, -1); sql_query($SQL); @@ -125,16 +128,6 @@ function admin_user() { } sql_stop_transaction(); - foreach ($selected_angel_types as $selected_angel_type_id) { - if (sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']) . " AND `angeltype_id`=" . sql_escape($selected_angel_type_id) . " LIMIT 1") == 0) { - if (in_array("admin_user_angeltypes", $privileges)) { - sql_query("INSERT INTO `UserAngelTypes` SET `confirm_user_id`=" . sql_escape($user['UID']) . ", `user_id`=" . sql_escape($user_source['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id)); - } else { - sql_query("INSERT INTO `UserAngelTypes` SET `user_id`=" . sql_escape($user_source['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id)); - } - } - } - engelsystem_log("Set angeltypes of " . $user_source['Nick'] . " to: " . join(", ", $user_angel_type_info)); success("Angeltypes saved."); redirect(page_link_to('admin_user') . '&id=' . $user_source['UID']); @@ -143,10 +136,10 @@ function admin_user() { $html .= form(array ( msg(), form_multi_checkboxes(array('selected_angel_types' => 'gewünscht', 'accepted_angel_types' => 'akzeptiert'), - "Angeltypes", - $angel_types, - array('selected_angel_types' => $selected_angel_types, 'accepted_angel_types' => array_merge($accepted_angel_types, $nonrestricted_angel_types)), - array('accepted_angel_types' => $nonrestricted_angel_types)), + "Angeltypes", + $angel_types, + array('selected_angel_types' => $selected_angel_types, 'accepted_angel_types' => array_merge($accepted_angel_types, $nonrestricted_angel_types)), + array('accepted_angel_types' => $nonrestricted_angel_types)), form_submit('submit_user_angeltypes', Get_Text("Save")) )); From 29a6f020e6a1a8e900239b9855f553e62a00dc26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philip=20H=C3=A4usler?= Date: Thu, 27 Dec 2012 02:18:02 +0100 Subject: [PATCH 11/14] #28 finnished logging, fixes, inverted log order --- includes/model/LogEntries_model.php | 2 +- includes/pages/admin_user_angeltypes.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/includes/model/LogEntries_model.php b/includes/model/LogEntries_model.php index 5659c0ee..95ecf6cd 100644 --- a/includes/model/LogEntries_model.php +++ b/includes/model/LogEntries_model.php @@ -12,7 +12,7 @@ function LogEntry_create($nick, $message) { } function LogEntries() { - $log_entries_source = sql_select("SELECT * FROM `LogEntries` WHERE `timestamp` > " . (time() - 24*60*60) . " LIMIT 1000"); + $log_entries_source = sql_select("SELECT * FROM `LogEntries` WHERE `timestamp` > " . (time() - 24*60*60) . " ORDER BY `timestamp` DESC LIMIT 1000"); return $log_entries_source; } diff --git a/includes/pages/admin_user_angeltypes.php b/includes/pages/admin_user_angeltypes.php index 38c4d9c8..ba9a825b 100644 --- a/includes/pages/admin_user_angeltypes.php +++ b/includes/pages/admin_user_angeltypes.php @@ -8,7 +8,7 @@ function admin_user_angeltypes() { global $privileges; if (isset ($_REQUEST['confirm']) && test_request_int('confirm') && sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " AND `confirm_user_id` IS NULL") > 0) { - $user_angel_type_source = sql_select("SELECT `UserAngelTypes`.*, `User`.`Nick`, `AngelTypes`.`name` FROM `UserAngelTypes` JOIN `User` ON `User`.`UID`=`UserAngelTypes`.`user_id` JOIN `AngelTypes` ON `AngelTypes`.`id`=`UserAngelTypes`.`angeltype_id` WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " LIMIT 1"); + $user_angel_type_source = sql_select("SELECT `UserAngelTypes`.*, `User`.`Nick`, `AngelTypes`.`name` FROM `UserAngelTypes` JOIN `User` ON `User`.`UID`=`UserAngelTypes`.`user_id` JOIN `AngelTypes` ON `AngelTypes`.`id`=`UserAngelTypes`.`angeltype_id` WHERE `UserAngelTypes`.`id`=" . sql_escape($_REQUEST['confirm']) . " LIMIT 1"); if(count($user_angel_type_source) > 0) { sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id`=" . sql_escape($_SESSION['uid']) . " WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " LIMIT 1"); engelsystem_log("Confirmed " . $user_angel_type_source[0]['Nick'] . " as " . $user_angel_type_source[0]['name']); @@ -19,7 +19,7 @@ function admin_user_angeltypes() { } if (isset ($_REQUEST['discard']) && test_request_int('discard') && sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " AND `confirm_user_id` IS NULL") > 0) { - $user_angel_type_source = sql_select("SELECT `UserAngelTypes`.*, `User`.`Nick`, `AngelTypes`.`name` FROM `UserAngelTypes` JOIN `User` ON `User`.`UID`=`UserAngelTypes`.`user_id` JOIN `AngelTypes` ON `AngelTypes`.`id`=`UserAngelTypes`.`angeltype_id` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " LIMIT 1"); + $user_angel_type_source = sql_select("SELECT `UserAngelTypes`.*, `User`.`Nick`, `AngelTypes`.`name` FROM `UserAngelTypes` JOIN `User` ON `User`.`UID`=`UserAngelTypes`.`user_id` JOIN `AngelTypes` ON `AngelTypes`.`id`=`UserAngelTypes`.`angeltype_id` WHERE `UserAngelTypes`.`id`=" . sql_escape($_REQUEST['discard']) . " LIMIT 1"); if(count($user_angel_type_source) > 0) { sql_query("DELETE FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " LIMIT 1"); engelsystem_log("Discarded " . $user_angel_type_source[0]['Nick'] . " as " . $user_angel_type_source[0]['name']); From 26ffee4a96f08aa58a348d11674f6fd29c1498b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philip=20H=C3=A4usler?= Date: Thu, 27 Dec 2012 02:18:56 +0100 Subject: [PATCH 12/14] #28 logging doku --- includes/model/LogEntries_model.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/includes/model/LogEntries_model.php b/includes/model/LogEntries_model.php index 95ecf6cd..f8a552f2 100644 --- a/includes/model/LogEntries_model.php +++ b/includes/model/LogEntries_model.php @@ -11,6 +11,9 @@ function LogEntry_create($nick, $message) { sql_query("INSERT INTO `LogEntries` SET `timestamp`=" . sql_escape($timestamp) . ", `nick`='" . sql_escape($nick) . "', `message`='" . sql_escape($message) . "'"); } +/** + * Returns log entries of the last 24 hours with maximum count of 1000. + */ function LogEntries() { $log_entries_source = sql_select("SELECT * FROM `LogEntries` WHERE `timestamp` > " . (time() - 24*60*60) . " ORDER BY `timestamp` DESC LIMIT 1000"); return $log_entries_source; From 670cd715c559c521fe8f315fa34c00ac4f5defcb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philip=20H=C3=A4usler?= Date: Thu, 27 Dec 2012 02:44:21 +0100 Subject: [PATCH 13/14] #28 logging doku --- includes/pages/user_shifts.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php index c239ca71..bd7f7831 100644 --- a/includes/pages/user_shifts.php +++ b/includes/pages/user_shifts.php @@ -123,10 +123,10 @@ function user_shifts() { $needed_angel_types_info = array(); foreach ($needed_angel_types as $type_id => $count) { sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count)); - $needed_angel_types_info[] = $angel_types[$type_id]; + $needed_angel_types_info[] = $angel_types[$type_id]['name'] . ": " . $count; } - engelsystem_log("Updated shift " . $name . " from " . date("y-m-d H:i", $start) . " to " . date("y-m-d H:i", $end) . " with angel types " . join(", ", $needed_angel_types_info)); + engelsystem_log("Updated shift '" . $name . "' from " . date("y-m-d H:i", $start) . " to " . date("y-m-d H:i", $end) . " with angel types " . join(", ", $needed_angel_types_info)); success("Schicht gespeichert."); redirect(page_link_to('user_shifts')); } From 0f0f847af4c9ffe8138c802086bda7eb15f9baef Mon Sep 17 00:00:00 2001 From: Jan-Philipp Litza Date: Thu, 27 Dec 2012 02:54:57 +0100 Subject: [PATCH 14/14] minor fixes for logging and user editing and searching --- includes/pages/admin_free.php | 1 + includes/pages/admin_user.php | 8 +++++--- templates/admin_free.html | 2 +- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/includes/pages/admin_free.php b/includes/pages/admin_free.php index d6f4b7a0..88a96965 100644 --- a/includes/pages/admin_free.php +++ b/includes/pages/admin_free.php @@ -57,6 +57,7 @@ function admin_free() { return template_render('../templates/admin_free.html', array ( 'search' => $search, 'angeltypes' => html_select_key('angeltype', 'angeltype', $angel_types, $_REQUEST['angeltype']), + 'confirmed_only' => isset($_REQUEST['confirmed_only'])? 'checked' : '', 'table' => $table, 'link' => page_link_to('admin_free') )); diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index 8d900c1b..f4902e1c 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -103,9 +103,10 @@ function admin_user() { if (isset ($_REQUEST['submit_user_angeltypes'])) { $selected_angel_types = array_intersect($_REQUEST['selected_angel_types'], array_keys($angel_types)); - $accepted_angel_types = array_diff(array_intersect($_REQUEST['accepted_angel_types'], array_keys($angel_types)), $nonrestricted_angel_types); + $accepted_angel_types = array_unique(array_diff(array_intersect($_REQUEST['accepted_angel_types'], array_keys($angel_types)), $nonrestricted_angel_types)); if (in_array("admin_user_angeltypes", $privileges)) - $selected_angel_types = array_merge($selected_angel_types, $accepted_angel_types); + $selected_angel_types = array_merge((array) $selected_angel_types, $accepted_angel_types); + $selected_angel_types = array_unique($selected_angel_types); // Assign angel-types sql_start_transaction(); @@ -227,10 +228,11 @@ function admin_user() { case 'delete' : if ($user['UID'] != $id) { + $nickname = sql_select("SELECT `Nick` FROM `User` WHERE `UID` = '" . sql_escape($id) . "' LIMIT 1"); sql_query("DELETE FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id)); sql_query("UPDATE `ShiftEntry` SET `UID`=0, `Comment`=NULL WHERE `UID`=" . sql_escape($id)); - engelsystem_log("Deleted user " . $user_source['Nick']); + engelsystem_log("Deleted user " . $nickname[0]['Nick']); $html .= success("Benutzer gelöscht!", true); } else { $html .= error("Du kannst Dich nicht selber löschen!", true); diff --git a/templates/admin_free.html b/templates/admin_free.html index 35ac1afa..ef1dccf0 100644 --- a/templates/admin_free.html +++ b/templates/admin_free.html @@ -1,6 +1,6 @@

- Search Angel: %angeltypes% + Search Angel: %angeltypes%