#44 angeltypes recreated

main
Philip Häusler 13 years ago
parent def9532d6b
commit ce7f071c38

@ -15,7 +15,7 @@ function admin_active() {
$count = strip_request_item('count'); $count = strip_request_item('count');
else { else {
$ok = false; $ok = false;
$msg .= error("Please enter a number of angels to be marked as active."); $msg .= error("Please enter a number of angels to be marked as active.", true);
} }
if ($ok) if ($ok)
@ -27,7 +27,7 @@ function admin_active() {
sql_query("UPDATE `User` SET `Aktiv` = 1 WHERE `UID`=" . sql_escape($usr['UID'])); sql_query("UPDATE `User` SET `Aktiv` = 1 WHERE `UID`=" . sql_escape($usr['UID']));
$limit = ""; $limit = "";
$msg = success("Marked angels."); $msg = success("Marked angels.", true);
} else { } else {
$set_active = '<a href="' . page_link_to('admin_active') . '&amp;serach=' . $search . '">&laquo; back</a> | <a href="' . page_link_to('admin_active') . '&amp;search=' . $search . '&amp;count=' . $count . '&amp;set_active&amp;ack">apply</a>'; $set_active = '<a href="' . page_link_to('admin_active') . '&amp;serach=' . $search . '">&laquo; back</a> | <a href="' . page_link_to('admin_active') . '&amp;search=' . $search . '&amp;count=' . $count . '&amp;set_active&amp;ack">apply</a>';
} }
@ -36,22 +36,22 @@ function admin_active() {
if (isset ($_REQUEST['active']) && preg_match("/^[0-9]+$/", $_REQUEST['active'])) { if (isset ($_REQUEST['active']) && preg_match("/^[0-9]+$/", $_REQUEST['active'])) {
$id = $_REQUEST['active']; $id = $_REQUEST['active'];
sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
$msg = success("Angel has been marked as active."); $msg = success("Angel has been marked as active.", true);
} }
elseif (isset ($_REQUEST['not_active']) && preg_match("/^[0-9]+$/", $_REQUEST['not_active'])) { elseif (isset ($_REQUEST['not_active']) && preg_match("/^[0-9]+$/", $_REQUEST['not_active'])) {
$id = $_REQUEST['not_active']; $id = $_REQUEST['not_active'];
sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
$msg = success("Angel has been marked as not active."); $msg = success("Angel has been marked as not active.", true);
} }
elseif (isset ($_REQUEST['tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['tshirt'])) { elseif (isset ($_REQUEST['tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['tshirt'])) {
$id = $_REQUEST['tshirt']; $id = $_REQUEST['tshirt'];
sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
$msg = success("Angel has got a t-shirt."); $msg = success("Angel has got a t-shirt.", true);
} }
elseif (isset ($_REQUEST['not_tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['not_tshirt'])) { elseif (isset ($_REQUEST['not_tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['not_tshirt'])) {
$id = $_REQUEST['not_tshirt']; $id = $_REQUEST['not_tshirt'];
sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
$msg = success("Angel has got no t-shirt."); $msg = success("Angel has got no t-shirt.", true);
} }
$users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit); $users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit);

@ -8,12 +8,12 @@ function admin_arrive() {
if (isset ($_REQUEST['reset']) && preg_match("/^[0-9]*$/", $_REQUEST['reset'])) { if (isset ($_REQUEST['reset']) && preg_match("/^[0-9]*$/", $_REQUEST['reset'])) {
$id = $_REQUEST['reset']; $id = $_REQUEST['reset'];
sql_query("UPDATE `User` SET `Gekommen`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); sql_query("UPDATE `User` SET `Gekommen`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
$msg = success("Reset done. Angel has not arrived."); $msg = success("Reset done. Angel has not arrived.", true);
} }
elseif (isset ($_REQUEST['arrived']) && preg_match("/^[0-9]*$/", $_REQUEST['arrived'])) { elseif (isset ($_REQUEST['arrived']) && preg_match("/^[0-9]*$/", $_REQUEST['arrived'])) {
$id = $_REQUEST['arrived']; $id = $_REQUEST['arrived'];
sql_query("UPDATE `User` SET `Gekommen`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); sql_query("UPDATE `User` SET `Gekommen`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
$msg = success("Angel has been marked as arrived."); $msg = success("Angel has been marked as arrived.", true);
} }
$users = sql_select("SELECT * FROM `User` ORDER BY `Nick`"); $users = sql_select("SELECT * FROM `User` ORDER BY `Nick`");

@ -4,14 +4,7 @@ function admin_faq() {
$faqs_html = ""; $faqs_html = "";
$faqs = sql_select("SELECT * FROM `FAQ`"); $faqs = sql_select("SELECT * FROM `FAQ`");
foreach ($faqs as $faq) { foreach ($faqs as $faq) {
$faqs_html .= sprintf( $faqs_html .= sprintf('<tr><td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>' . '<td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>' . '<td><a href="%s&action=edit&id=%s">Edit</a></td></tr>', $faq['Frage_de'], $faq['Antwort_de'], $faq['Frage_en'], $faq['Antwort_en'], page_link_to('admin_faq'), $faq['FID']);
'<tr><td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>'
. '<td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>'
. '<td><a href="%s&action=edit&id=%s">Edit</a></td></tr>',
$faq['Frage_de'], $faq['Antwort_de'],
$faq['Frage_en'], $faq['Antwort_en'],
page_link_to('admin_faq'), $faq['FID']
);
} }
return template_render('../templates/admin_faq.html', array ( return template_render('../templates/admin_faq.html', array (
'link' => page_link_to("admin_faq"), 'link' => page_link_to("admin_faq"),
@ -25,12 +18,7 @@ function admin_faq() {
$question = strip_request_item_nl('question'); $question = strip_request_item_nl('question');
$answer = strip_request_item_nl('answer'); $answer = strip_request_item_nl('answer');
sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage) sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "'");
. "', `Frage_en`='" . sql_escape($question)
. "', `Antwort_de`='" . sql_escape($antwort)
. "', `Antwort_en`='" . sql_escape($answer)
. "'"
);
header("Location: " . page_link_to("admin_faq")); header("Location: " . page_link_to("admin_faq"));
break; break;
@ -39,7 +27,7 @@ function admin_faq() {
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id']; $id = $_REQUEST['id'];
else else
return error("Incomplete call, missing FAQ ID."); return error("Incomplete call, missing FAQ ID.", true);
$faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1"); $faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
if (count($faq) > 0) { if (count($faq) > 0) {
@ -50,23 +38,18 @@ function admin_faq() {
$question = strip_request_item_nl('question'); $question = strip_request_item_nl('question');
$answer = strip_request_item_nl('answer'); $answer = strip_request_item_nl('answer');
sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage) sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage) . "', `Frage_en`='" . sql_escape($question) . "', `Antwort_de`='" . sql_escape($antwort) . "', `Antwort_en`='" . sql_escape($answer) . "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
. "', `Frage_en`='" . sql_escape($question)
. "', `Antwort_de`='" . sql_escape($antwort)
. "', `Antwort_en`='" . sql_escape($answer)
. "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1"
);
header("Location: " . page_link_to("admin_faq")); header("Location: " . page_link_to("admin_faq"));
} else } else
return error("No FAQ found."); return error("No FAQ found.", true);
break; break;
case 'edit' : case 'edit' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id']; $id = $_REQUEST['id'];
else else
return error("Incomplete call, missing FAQ ID."); return error("Incomplete call, missing FAQ ID.", true);
$faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1"); $faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
if (count($faq) > 0) { if (count($faq) > 0) {
@ -81,14 +64,14 @@ function admin_faq() {
'answer' => $faq['Antwort_en'] 'answer' => $faq['Antwort_en']
)); ));
} else } else
return error("No FAQ found."); return error("No FAQ found.", true);
break; break;
case 'delete' : case 'delete' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id']; $id = $_REQUEST['id'];
else else
return error("Incomplete call, missing FAQ ID."); return error("Incomplete call, missing FAQ ID.", true);
$faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1"); $faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
if (count($faq) > 0) { if (count($faq) > 0) {
@ -97,7 +80,7 @@ function admin_faq() {
sql_query("DELETE FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("admin_faq")); header("Location: " . page_link_to("admin_faq"));
} else } else
return error("No FAQ found."); return error("No FAQ found.", true);
break; break;
} }
} }

@ -36,7 +36,7 @@ function admin_groups() {
if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id']; $id = $_REQUEST['id'];
else else
return error("Incomplete call, missing Groups ID."); return error("Incomplete call, missing Groups ID.", true);
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
if (count($room) > 0) { if (count($room) > 0) {
@ -62,14 +62,14 @@ function admin_groups() {
'privileges' => $privileges_html 'privileges' => $privileges_html
)); ));
} else } else
return error("No Group found."); return error("No Group found.", true);
break; break;
case 'save' : case 'save' :
if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id']; $id = $_REQUEST['id'];
else else
return error("Incomplete call, missing Groups ID."); return error("Incomplete call, missing Groups ID.", true);
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
if (!is_array($_REQUEST['privileges'])) if (!is_array($_REQUEST['privileges']))
@ -82,7 +82,7 @@ function admin_groups() {
sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv)); sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv));
header("Location: " . page_link_to("admin_groups")); header("Location: " . page_link_to("admin_groups"));
} else } else
return error("No Group found."); return error("No Group found.", true);
break; break;
} }
} }

@ -26,7 +26,7 @@ function admin_import() {
fclose($test_handle); fclose($test_handle);
unlink('../import/tmp'); unlink('../import/tmp');
} else { } else {
$msg = error("Webserver has no write-permission on import directory."); $msg = error("Webserver has no write-permission on import directory.", true);
} }
if (isset ($_REQUEST['submit'])) { if (isset ($_REQUEST['submit'])) {
@ -36,7 +36,7 @@ function admin_import() {
if (!$fp) { if (!$fp) {
$ok = false; $ok = false;
$msg = error("File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_REQUEST["url"] . "' not readable!" . "[$errstr ($errno)]"); $msg = error("File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_REQUEST["url"] . "' not readable!" . "[$errstr ($errno)]", true);
} else { } else {
$fileOut = fopen($import_file, "w"); $fileOut = fopen($import_file, "w");
$head = 'GET /' . $PentabarfXMLpath . $_REQUEST["url"] . ' HTTP/1.1' . "\r\n" . $head = 'GET /' . $PentabarfXMLpath . $_REQUEST["url"] . ' HTTP/1.1' . "\r\n" .
@ -75,7 +75,7 @@ function admin_import() {
} }
fclose($fileOut); fclose($fileOut);
fclose($fp); fclose($fp);
$msg .= success("Es wurden $Zeilen Zeilen eingelesen."); $msg .= success("Es wurden $Zeilen Zeilen eingelesen.", true);
} }
} }
elseif (isset ($_FILES['xcal_file']) && ($_FILES['xcal_file']['error'] == 0)) { elseif (isset ($_FILES['xcal_file']) && ($_FILES['xcal_file']['error'] == 0)) {
@ -83,16 +83,16 @@ function admin_import() {
libxml_use_internal_errors(true); libxml_use_internal_errors(true);
if (simplexml_load_file($import_file) === false) { if (simplexml_load_file($import_file) === false) {
$ok = false; $ok = false;
$msg = error("No valid xml/xcal file provided."); $msg = error("No valid xml/xcal file provided.", true);
unlink($import_file); unlink($import_file);
} }
} else { } else {
$ok = false; $ok = false;
$msg = error("File upload went wrong."); $msg = error("File upload went wrong.", true);
} }
} else { } else {
$ok = false; $ok = false;
$msg = error("Please provide some data."); $msg = error("Please provide some data.", true);
} }
} }

@ -86,7 +86,7 @@ function admin_language() {
$html .= $sql_save . "<br />"; $html .= $sql_save . "<br />";
$Erg = sql_query($sql_save); $Erg = sql_query($sql_save);
$html .= success("$k Save: OK<br />\n"); $html .= success("$k Save: OK<br />\n", true);
} else } else
if (mysql_result($erg_test, 0, "Text") != $v) { if (mysql_result($erg_test, 0, "Text") != $v) {
$sql_save = "UPDATE `Sprache` SET `Text`='" $sql_save = "UPDATE `Sprache` SET `Text`='"
@ -97,7 +97,7 @@ function admin_language() {
$html .= $sql_save . "<br />"; $html .= $sql_save . "<br />";
$Erg = sql_query($sql_save); $Erg = sql_query($sql_save);
$html .= success(" $k Update: OK<br />\n"); $html .= success(" $k Update: OK<br />\n", true);
} else } else
$html .= "\t $k no changes<br />\n"; $html .= "\t $k no changes<br />\n";
} }

@ -11,7 +11,7 @@ function admin_news() {
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id']; $id = $_REQUEST['id'];
else else
return error("Incomplete call, missing News ID."); return error("Incomplete call, missing News ID.", true);
$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
if (count($news) > 0) { if (count($news) > 0) {
@ -45,14 +45,14 @@ function admin_news() {
$html .= "<input type=\"submit\" name=\"submit\" value=\"Löschen\">\n"; $html .= "<input type=\"submit\" name=\"submit\" value=\"Löschen\">\n";
$html .= "</form>"; $html .= "</form>";
} else } else
return error("No News found."); return error("No News found.", true);
break; break;
case 'save' : case 'save' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id']; $id = $_REQUEST['id'];
else else
return error("Incomplete call, missing News ID."); return error("Incomplete call, missing News ID.", true);
$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
if (count($news) > 0) { if (count($news) > 0) {
@ -62,14 +62,14 @@ function admin_news() {
"', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1"); "', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1");
header("Location: " . page_link_to("news")); header("Location: " . page_link_to("news"));
} else } else
return error("No News found."); return error("No News found.", true);
break; break;
case 'delete' : case 'delete' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id']; $id = $_REQUEST['id'];
else else
return error("Incomplete call, missing News ID."); return error("Incomplete call, missing News ID.", true);
$news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
if (count($news) > 0) { if (count($news) > 0) {
@ -78,7 +78,7 @@ function admin_news() {
sql_query("DELETE FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("news")); header("Location: " . page_link_to("news"));
} else } else
return error("No News found."); return error("No News found.", true);
break; break;
} }
} }

@ -52,7 +52,7 @@ function admin_questions() {
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id']; $id = $_REQUEST['id'];
else else
return error("Incomplete call, missing Question ID."); return error("Incomplete call, missing Question ID.", true);
$question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
if (count($question) > 0 && $question[0]['AID'] == "0") { if (count($question) > 0 && $question[0]['AID'] == "0") {
@ -62,22 +62,22 @@ function admin_questions() {
sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("admin_questions")); header("Location: " . page_link_to("admin_questions"));
} else } else
return error("Gib eine Antwort ein!"); return error("Gib eine Antwort ein!", true);
} else } else
return error("No question found."); return error("No question found.", true);
break; break;
case 'delete' : case 'delete' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id']; $id = $_REQUEST['id'];
else else
return error("Incomplete call, missing Question ID."); return error("Incomplete call, missing Question ID.", true);
$question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
if (count($question) > 0) { if (count($question) > 0) {
sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("admin_questions")); header("Location: " . page_link_to("admin_questions"));
} else } else
return error("No question found."); return error("No question found.", true);
break; break;
} }
} }

@ -58,7 +58,7 @@ function admin_rooms() {
if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID'])) if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID']))
$rid = $_REQUEST['RID']; $rid = $_REQUEST['RID'];
else else
return error("Incomplete call, missing Room ID."); return error("Incomplete call, missing Room ID.", true);
$room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1"); $room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
if (count($room) > 0) { if (count($room) > 0) {
@ -89,14 +89,14 @@ function admin_rooms() {
'angel_types' => $angel_types 'angel_types' => $angel_types
)); ));
} else } else
return error("No Room found."); return error("No Room found.", true);
break; break;
case 'changesave' : case 'changesave' :
if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID'])) if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID']))
$rid = $_REQUEST['RID']; $rid = $_REQUEST['RID'];
else else
return error("Incomplete call, missing Room ID."); return error("Incomplete call, missing Room ID.", true);
$room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1"); $room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
if (count($room) > 0) { if (count($room) > 0) {
@ -119,21 +119,21 @@ function admin_rooms() {
} }
header("Location: " . page_link_to("admin_rooms")); header("Location: " . page_link_to("admin_rooms"));
} else } else
return error("No Room found."); return error("No Room found.", true);
break; break;
case 'delete' : case 'delete' :
if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID'])) if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID']))
$rid = $_REQUEST['RID']; $rid = $_REQUEST['RID'];
else else
return error("Incomplete call, missing Room ID."); return error("Incomplete call, missing Room ID.", true);
if (sql_num_query("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1") > 0) { if (sql_num_query("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1") > 0) {
sql_query("DELETE FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1"); sql_query("DELETE FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($rid) . " LIMIT 1"); sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($rid) . " LIMIT 1");
header("Location: " . page_link_to("admin_rooms")); header("Location: " . page_link_to("admin_rooms"));
} else } else
return error("No Room found."); return error("No Room found.", true);
break; break;
} }

@ -36,26 +36,26 @@ function admin_shifts() {
else { else {
$ok = false; $ok = false;
$rid = $rooms[0]['RID']; $rid = $rooms[0]['RID'];
$msg .= error("Wähle bitte einen Raum aus."); $msg .= error("Wähle bitte einen Raum aus.", true);
} }
if (isset ($_REQUEST['start']) && $tmp = DateTime :: createFromFormat("Y-m-d H:i", trim($_REQUEST['start']))) if (isset ($_REQUEST['start']) && $tmp = DateTime :: createFromFormat("Y-m-d H:i", trim($_REQUEST['start'])))
$start = $tmp->getTimestamp(); $start = $tmp->getTimestamp();
else { else {
$ok = false; $ok = false;
$msg .= error("Bitte gib einen Startzeitpunkt für die Schichten an."); $msg .= error("Bitte gib einen Startzeitpunkt für die Schichten an.", true);
} }
if (isset ($_REQUEST['end']) && $tmp = DateTime :: createFromFormat("Y-m-d H:i", trim($_REQUEST['end']))) if (isset ($_REQUEST['end']) && $tmp = DateTime :: createFromFormat("Y-m-d H:i", trim($_REQUEST['end'])))
$end = $tmp->getTimestamp(); $end = $tmp->getTimestamp();
else { else {
$ok = false; $ok = false;
$msg .= error("Bitte gib einen Endzeitpunkt für die Schichten an."); $msg .= error("Bitte gib einen Endzeitpunkt für die Schichten an.", true);
} }
if ($start >= $end) { if ($start >= $end) {
$ok = false; $ok = false;
$msg .= error("Das Ende muss nach dem Startzeitpunkt liegen!"); $msg .= error("Das Ende muss nach dem Startzeitpunkt liegen!", true);
} }
if (isset ($_REQUEST['mode'])) { if (isset ($_REQUEST['mode'])) {
@ -68,7 +68,7 @@ function admin_shifts() {
$length = trim($_REQUEST['length']); $length = trim($_REQUEST['length']);
} else { } else {
$ok = false; $ok = false;
$msg .= error("Bitte gib eine Schichtlänge in Minuten an."); $msg .= error("Bitte gib eine Schichtlänge in Minuten an.", true);
} }
} }
elseif ($_REQUEST['mode'] == 'variable') { elseif ($_REQUEST['mode'] == 'variable') {
@ -77,12 +77,12 @@ function admin_shifts() {
$change_hours = explode(",", $_REQUEST['change_hours']); $change_hours = explode(",", $_REQUEST['change_hours']);
} else { } else {
$ok = false; $ok = false;
$msg .= error("Bitte gib die Schichtwechsel-Stunden kommagetrennt ein."); $msg .= error("Bitte gib die Schichtwechsel-Stunden kommagetrennt ein.", true);
} }
} }
} else { } else {
$ok = false; $ok = false;
$msg .= error("Bitte wähle einen Modus."); $msg .= error("Bitte wähle einen Modus.", true);
} }
if (isset ($_REQUEST['angelmode'])) { if (isset ($_REQUEST['angelmode'])) {
@ -96,20 +96,20 @@ function admin_shifts() {
$needed_angel_types[$type['id']] = trim($_REQUEST['type_' . $type['id']]); $needed_angel_types[$type['id']] = trim($_REQUEST['type_' . $type['id']]);
} else { } else {
$ok = false; $ok = false;
$msg .= error("Bitte überprüfe die Eingaben für die benötigten Engel des Typs " . $type['name'] . "."); $msg .= error("Bitte überprüfe die Eingaben für die benötigten Engel des Typs " . $type['name'] . ".", true);
} }
} }
if (array_sum($needed_angel_types) == 0) { if (array_sum($needed_angel_types) == 0) {
$ok = false; $ok = false;
$msg .= error("Es werden 0 Engel benötigt. Bitte wähle benötigte Engel."); $msg .= error("Es werden 0 Engel benötigt. Bitte wähle benötigte Engel.", true);
} }
} else { } else {
$ok = false; $ok = false;
$msg .= error("Bitte Wähle einen Modus für die benötigten Engel."); $msg .= error("Bitte Wähle einen Modus für die benötigten Engel.", true);
} }
} else { } else {
$ok = false; $ok = false;
$msg .= error("Bitte wähle benötigte Engel."); $msg .= error("Bitte wähle benötigte Engel.", true);
} }
// Beim Zurück-Knopf das Formular zeigen // Beim Zurück-Knopf das Formular zeigen
@ -238,7 +238,7 @@ function admin_shifts() {
} }
} }
$msg = success("Schichten angelegt."); $msg = success("Schichten angelegt.", true);
} else { } else {
unset ($_SESSION['admin_shifts_shifts']); unset ($_SESSION['admin_shifts_shifts']);
unset ($_SESSION['admin_shifts_types']); unset ($_SESSION['admin_shifts_types']);

@ -165,12 +165,12 @@ function admin_user() {
if (in_array($group, $grouplist)) if (in_array($group, $grouplist))
sql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_query("INSERT INTO `UserGroups` SET `uid`=" .
sql_escape($id) . ", `group_id`=" . sql_escape($group)); sql_escape($id) . ", `group_id`=" . sql_escape($group));
$html .= success("Benutzergruppen gespeichert."); $html .= success("Benutzergruppen gespeichert.", true);
} else { } else {
$html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten."); $html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten.", true);
} }
} else { } else {
$html .= error("Du kannst Deine eigenen Rechte nicht bearbeiten."); $html .= error("Du kannst Deine eigenen Rechte nicht bearbeiten.", true);
} }
break; break;
@ -179,9 +179,9 @@ function admin_user() {
sql_query("DELETE FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id)); sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id));
sql_query("UPDATE `ShiftEntry` SET `UID`=0, `Comment`=NULL WHERE `UID`=" . sql_escape($id)); sql_query("UPDATE `ShiftEntry` SET `UID`=0, `Comment`=NULL WHERE `UID`=" . sql_escape($id));
$html .= success("Benutzer gelöscht!"); $html .= success("Benutzer gelöscht!", true);
} else { } else {
$html .= error("Du kannst Dich nicht selber löschen!"); $html .= error("Du kannst Dich nicht selber löschen!", true);
} }
break; break;
@ -204,15 +204,15 @@ function admin_user() {
"WHERE `UID` = '" . sql_escape($id) . "WHERE `UID` = '" . sql_escape($id) .
"' LIMIT 1;"; "' LIMIT 1;";
sql_query($SQL); sql_query($SQL);
$html .= success("Änderung wurde gespeichert...\n"); $html .= success("Änderung wurde gespeichert...\n", true);
break; break;
case 'change_pw' : case 'change_pw' :
if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) { if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) {
sql_query("UPDATE `User` SET `Passwort`='" . sql_escape(PassCrypt($_REQUEST['new_pw'])) . "' WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); sql_query("UPDATE `User` SET `Passwort`='" . sql_escape(PassCrypt($_REQUEST['new_pw'])) . "' WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
$html .= success("Passwort neu gesetzt."); $html .= success("Passwort neu gesetzt.", true);
} else { } else {
$html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!"); $html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!", true);
} }
break; break;
} }

@ -3,6 +3,7 @@
// Engel registrieren // Engel registrieren
function guest_register() { function guest_register() {
/*
$nick = ""; $nick = "";
$lastname = ""; $lastname = "";
$prename = ""; $prename = "";
@ -27,7 +28,7 @@ function guest_register() {
form_submit('submit', Get_Text("makeuser_Anmelden")) form_submit('submit', Get_Text("makeuser_Anmelden"))
)) ))
)); ));
*/
global $SubscribeMailinglist, $enable_tshirt_size; global $SubscribeMailinglist, $enable_tshirt_size;
$html = ""; $html = "";
@ -96,7 +97,7 @@ function guest_register() {
} }
if (isset ($error)) if (isset ($error))
$html .= error($error); $html .= error($error, true);
} else { } else {
// init vars // init vars
$_POST["Nick"] = ""; $_POST["Nick"] = "";
@ -252,7 +253,7 @@ function guest_login() {
} // Ende Check, ob User angemeldet wurde} } // Ende Check, ob User angemeldet wurde}
} }
if (isset ($ErrorText)) if (isset ($ErrorText))
$html .= error(Get_Text($ErrorText)); $html .= error(Get_Text($ErrorText), true);
$html .= guest_login_form(); $html .= guest_login_form();
return $html; return $html;
} }

@ -64,28 +64,28 @@ function user_messages() {
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id']; $id = $_REQUEST['id'];
else else
return error("Incomplete call, missing Message ID."); return error("Incomplete call, missing Message ID.", true);
$message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) { if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) {
sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1"); sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("user_messages")); header("Location: " . page_link_to("user_messages"));
} else } else
return error("No Message found."); return error("No Message found.", true);
break; break;
case "delete" : case "delete" :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id']; $id = $_REQUEST['id'];
else else
return error("Incomplete call, missing Message ID."); return error("Incomplete call, missing Message ID.", true);
$message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) { if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) {
sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("user_messages")); header("Location: " . page_link_to("user_messages"));
} else } else
return error("No Message found."); return error("No Message found.", true);
break; break;
case "send" : case "send" :
@ -95,12 +95,12 @@ function user_messages() {
sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'"); sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'");
header("Location: " . page_link_to("user_messages")); header("Location: " . page_link_to("user_messages"));
} else { } else {
return error(Get_Text("pub_messages_Send_Error")); return error(Get_Text("pub_messages_Send_Error"), true);
} }
break; break;
default : default :
return error("Wrong action."); return error("Wrong action.", true);
} }
} }
} }

@ -16,12 +16,12 @@ function user_myshifts() {
list ($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); list ($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
if ($id != $user['UID']) if ($id != $user['UID'])
$msg .= error("Du betrachtest die Schichten von " . $shifts_user['Nick'] . "."); $msg .= info(sprintf("You are viewing %s's shifts.", $shifts_user['Nick']), true);
if (isset ($_REQUEST['reset'])) { if (isset ($_REQUEST['reset'])) {
if ($_REQUEST['reset'] == "ack") { if ($_REQUEST['reset'] == "ack") {
user_reset_ical_key(); user_reset_ical_key();
return success("Key geändert."); return success("Key geändert.", true);
} }
return template_render('../templates/user_myshifts_reset.html', array ()); return template_render('../templates/user_myshifts_reset.html', array ());
} }
@ -55,9 +55,9 @@ function user_myshifts() {
$shift = $shift[0]; $shift = $shift[0];
if (($shift['start'] - time() < $LETZTES_AUSTRAGEN * 60) || in_array('user_shifts_admin', $privileges)) { if (($shift['start'] - time() < $LETZTES_AUSTRAGEN * 60) || in_array('user_shifts_admin', $privileges)) {
sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
$msg .= success("Du wurdest aus der Schicht ausgetragen."); $msg .= success("Du wurdest aus der Schicht ausgetragen.", true);
} else } else
$msg .= error("Es ist zu spät um sich aus der Schicht auszutragen. Frage ggf. einen Orga.'"); $msg .= error("Es ist zu spät um sich aus der Schicht auszutragen. Frage ggf. einen Orga.", true);
} else } else
header("Location: " . page_link_to('user_myshifts')); header("Location: " . page_link_to('user_myshifts'));
} }

@ -58,7 +58,7 @@ function user_news_comments() {
if (isset ($_REQUEST["text"])) { if (isset ($_REQUEST["text"])) {
$text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text'])); $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
sql_query("INSERT INTO `news_comments` (`Refid`, `Datum`, `Text`, `UID`) VALUES ('" . sql_escape($nid) . "', '" . date("Y-m-d H:i:s") . "', '" . sql_escape($text) . "', '" . sql_escape($user["UID"]) . "')"); sql_query("INSERT INTO `news_comments` (`Refid`, `Datum`, `Text`, `UID`) VALUES ('" . sql_escape($nid) . "', '" . date("Y-m-d H:i:s") . "', '" . sql_escape($text) . "', '" . sql_escape($user["UID"]) . "')");
$html .= success("Eintrag wurde gespeichert"); $html .= success("Eintrag wurde gespeichert", true);
} }
$html .= '<a href="' . page_link_to("news") . '">&laquo; Back</a>'; $html .= '<a href="' . page_link_to("news") . '">&laquo; Back</a>';
@ -114,7 +114,7 @@ function user_news() {
sql_query("INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) " . sql_query("INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) " .
"VALUES ('" . sql_escape(time()) . "', '" . sql_escape($_POST["betreff"]) . "', '" . sql_escape($_POST["text"]) . "', '" . sql_escape($user['UID']) . "VALUES ('" . sql_escape(time()) . "', '" . sql_escape($_POST["betreff"]) . "', '" . sql_escape($_POST["text"]) . "', '" . sql_escape($user['UID']) .
"', '" . sql_escape($_POST["treffen"]) . "');"); "', '" . sql_escape($_POST["treffen"]) . "');");
$html .= success(Get_Text(4)); $html .= success(Get_Text(4), true);
} }
if (isset ($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page'])) if (isset ($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page']))

@ -29,20 +29,20 @@ function user_questions() {
sql_query("INSERT INTO `Questions` SET `UID`=" . sql_escape($user['UID']) . ", `Question`='" . sql_escape($question) . "'"); sql_query("INSERT INTO `Questions` SET `UID`=" . sql_escape($user['UID']) . ", `Question`='" . sql_escape($question) . "'");
header("Location: " . page_link_to("user_questions")); header("Location: " . page_link_to("user_questions"));
} else } else
return error("Gib eine Frage ein!"); return error("Gib eine Frage ein!", true);
break; break;
case 'delete' : case 'delete' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id']; $id = $_REQUEST['id'];
else else
return error("Incomplete call, missing Question ID."); return error("Incomplete call, missing Question ID.", true);
$question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
if (count($question) > 0 && $question[0]['UID'] == $user['UID']) { if (count($question) > 0 && $question[0]['UID'] == $user['UID']) {
sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
header("Location: " . page_link_to("user_questions")); header("Location: " . page_link_to("user_questions"));
} else } else
return error("No question found."); return error("No question found.", true);
break; break;
} }
} }

@ -101,10 +101,10 @@ function user_settings() {
sql_query("UPDATE `User` SET `Passwort`='" . sql_escape(PassCrypt($_REQUEST['new_pw'])) . "' WHERE `UID`=" . sql_escape($user['UID']) . " LIMIT 1"); sql_query("UPDATE `User` SET `Passwort`='" . sql_escape(PassCrypt($_REQUEST['new_pw'])) . "' WHERE `UID`=" . sql_escape($user['UID']) . " LIMIT 1");
header("Location: " . page_link_to("user_settings")); header("Location: " . page_link_to("user_settings"));
} else { } else {
$html .= error(Get_Text(30)); $html .= error(Get_Text(30), true);
} }
} else { } else {
$html .= error(Get_Text(31)); $html .= error(Get_Text(31), true);
} }
return $html; return $html;
break; break;

@ -9,7 +9,7 @@ function user_shifts() {
header("Location: " . page_link_to('user_shifts')); header("Location: " . page_link_to('user_shifts'));
sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($entry_id) . " LIMIT 1"); sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($entry_id) . " LIMIT 1");
return success("Der Schicht-Eintrag wurde gelöscht.."); return success("Der Schicht-Eintrag wurde gelöscht..", true);
} }
// Schicht bearbeiten // Schicht bearbeiten
elseif (isset ($_REQUEST['edit_shift']) && in_array('admin_shifts', $privileges)) { elseif (isset ($_REQUEST['edit_shift']) && in_array('admin_shifts', $privileges)) {
@ -22,7 +22,7 @@ function user_shifts() {
header("Location: " . page_link_to('user_shifts')); header("Location: " . page_link_to('user_shifts'));
if (sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1") > 0) if (sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1") > 0)
return error("Du kannst nur Schichten bearbeiten, bei denen niemand eingetragen ist."); return error("Du kannst nur Schichten bearbeiten, bei denen niemand eingetragen ist.", true);
$shift = sql_select("SELECT * FROM `Shifts` JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1"); $shift = sql_select("SELECT * FROM `Shifts` JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1");
if (count($shift) == 0) if (count($shift) == 0)
@ -56,26 +56,26 @@ function user_shifts() {
else { else {
$ok = false; $ok = false;
$rid = $rooms[0]['RID']; $rid = $rooms[0]['RID'];
$msg .= error("Wähle bitte einen Raum aus."); $msg .= error("Wähle bitte einen Raum aus.", true);
} }
if (isset ($_REQUEST['start']) && $tmp = DateTime :: createFromFormat("Y-m-d H:i", trim($_REQUEST['start']))) if (isset ($_REQUEST['start']) && $tmp = DateTime :: createFromFormat("Y-m-d H:i", trim($_REQUEST['start'])))
$start = $tmp->getTimestamp(); $start = $tmp->getTimestamp();
else { else {
$ok = false; $ok = false;
$msg .= error("Bitte gib einen Startzeitpunkt für die Schichten an."); $msg .= error("Bitte gib einen Startzeitpunkt für die Schichten an.", true);
} }
if (isset ($_REQUEST['end']) && $tmp = DateTime :: createFromFormat("Y-m-d H:i", trim($_REQUEST['end']))) if (isset ($_REQUEST['end']) && $tmp = DateTime :: createFromFormat("Y-m-d H:i", trim($_REQUEST['end'])))
$end = $tmp->getTimestamp(); $end = $tmp->getTimestamp();
else { else {
$ok = false; $ok = false;
$msg .= error("Bitte gib einen Endzeitpunkt für die Schichten an."); $msg .= error("Bitte gib einen Endzeitpunkt für die Schichten an.", true);
} }
if ($start >= $end) { if ($start >= $end) {
$ok = false; $ok = false;
$msg .= error("Das Ende muss nach dem Startzeitpunkt liegen!"); $msg .= error("Das Ende muss nach dem Startzeitpunkt liegen!", true);
} }
foreach ($types as $type) { foreach ($types as $type) {
@ -83,12 +83,12 @@ function user_shifts() {
$needed_angel_types[$type['id']] = trim($_REQUEST['type_' . $type['id']]); $needed_angel_types[$type['id']] = trim($_REQUEST['type_' . $type['id']]);
} else { } else {
$ok = false; $ok = false;
$msg .= error("Bitte überprüfe die Eingaben für die benötigten Engel des Typs " . $type['name'] . "."); $msg .= error("Bitte überprüfe die Eingaben für die benötigten Engel des Typs " . $type['name'] . ".", true);
} }
} }
if (array_sum($needed_angel_types) == 0) { if (array_sum($needed_angel_types) == 0) {
$ok = false; $ok = false;
$msg .= error("Es werden 0 Engel benötigt. Bitte wähle benötigte Engel."); $msg .= error("Es werden 0 Engel benötigt. Bitte wähle benötigte Engel.", true);
} }
if ($ok) { if ($ok) {
@ -96,7 +96,7 @@ function user_shifts() {
sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`=" . sql_escape($shift_id)); sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`=" . sql_escape($shift_id));
foreach ($needed_angel_types as $type_id => $count) foreach ($needed_angel_types as $type_id => $count)
sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count)); sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count));
return success("Schicht gespeichert."); return success("Schicht gespeichert.", true);
} }
} }
@ -136,7 +136,7 @@ function user_shifts() {
sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`=" . sql_escape($shift_id)); sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`=" . sql_escape($shift_id));
sql_query("DELETE FROM `Shifts` WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1"); sql_query("DELETE FROM `Shifts` WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1");
return success("Die Schicht wurde gelöscht."); return success("Die Schicht wurde gelöscht.", true);
} }
return template_render('../templates/user_shifts_admin_delete.html', array ( return template_render('../templates/user_shifts_admin_delete.html', array (
@ -184,11 +184,11 @@ function user_shifts() {
$entries = sql_select("SELECT * FROM `ShiftEntry` WHERE `SID`=" . sql_escape($shift['SID'])); $entries = sql_select("SELECT * FROM `ShiftEntry` WHERE `SID`=" . sql_escape($shift['SID']));
foreach ($entries as $entry) foreach ($entries as $entry)
if ($entry['UID'] == $user_id) if ($entry['UID'] == $user_id)
return error("This angel does already have an entry for this shift."); return error("This angel does already have an entry for this shift.", true);
$comment = strip_request_item_nl('comment'); $comment = strip_request_item_nl('comment');
sql_query("INSERT INTO `ShiftEntry` SET `Comment`='" . sql_escape($comment) . "', `UID`=" . sql_escape($user_id) . ", `TID`=" . sql_escape($type_id) . ", `SID`=" . sql_escape($shift_id)); sql_query("INSERT INTO `ShiftEntry` SET `Comment`='" . sql_escape($comment) . "', `UID`=" . sql_escape($user_id) . ", `TID`=" . sql_escape($type_id) . ", `SID`=" . sql_escape($shift_id));
return success("Du bist eingetragen. Danke!") . '<a href="' . page_link_to('user_myshifts') . '">Meine Schichten &raquo;</a>'; return success("Du bist eingetragen. Danke!", true) . '<a href="' . page_link_to('user_myshifts') . '">Meine Schichten &raquo;</a>';
} }
if (in_array('user_shifts_admin', $privileges)) { if (in_array('user_shifts_admin', $privileges)) {

@ -17,23 +17,23 @@ function user_wakeup() {
. sql_escape($date) . "', '" . sql_escape($ort) . "', " . "'" . sql_escape($date) . "', '" . sql_escape($ort) . "', " . "'"
. sql_escape($bemerkung) . "')"; . sql_escape($bemerkung) . "')";
sql_query($SQL); sql_query($SQL);
$html .= success(Get_Text(4)); $html .= success(Get_Text(4), true);
} else } else
$html .= error("Broken date!"); $html .= error("Broken date!", true);
break; break;
case 'delete' : case 'delete' :
if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
$id = $_REQUEST['id']; $id = $_REQUEST['id'];
else else
return error("Incomplete call, missing wake-up ID."); return error("Incomplete call, missing wake-up ID.", true);
$wakeup = sql_select("SELECT * FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); $wakeup = sql_select("SELECT * FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
if (count($wakeup) > 0 && $wakeup[0]['UID'] == $user['UID']) { if (count($wakeup) > 0 && $wakeup[0]['UID'] == $user['UID']) {
sql_query("DELETE FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
$html .= success("Wake-up call deleted."); $html .= success("Wake-up call deleted.", true);
} else } else
return error("No wake-up found."); return error("No wake-up found.", true);
break; break;
} }
} }

Loading…
Cancel
Save