diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php index fa2c23b7..a4de1c1b 100644 --- a/includes/pages/user_myshifts.php +++ b/includes/pages/user_myshifts.php @@ -21,7 +21,8 @@ function user_myshifts() { if (isset ($_REQUEST['reset'])) { if ($_REQUEST['reset'] == "ack") { user_reset_ical_key($user); - return success("Key geändert.", true); + success("Key geändert."); + redirect(page_link_to('user_myshifts')); } return template_render('../templates/user_myshifts_reset.html', array ()); } @@ -34,7 +35,9 @@ function user_myshifts() { if (isset ($_REQUEST['submit'])) { $comment = strip_request_item_nl('comment'); sql_query("UPDATE `ShiftEntry` SET `Comment`='" . sql_escape($comment) . "' WHERE `id`=" . sql_escape($id) . " LIMIT 1"); - header("Location: " . page_link_to('user_myshifts')); + + success("Schicht gespeichert."); + redirect(page_link_to('user_myshifts')); } return template_render('../templates/user_shifts_add.html', array ( @@ -46,7 +49,7 @@ function user_myshifts() { 'comment' => $shift['Comment'] )); } else - header("Location: " . page_link_to('user_myshifts')); + redirect(page_link_to('user_myshifts')); } elseif (isset ($_REQUEST['cancel']) && preg_match("/^[0-9]*$/", $_REQUEST['cancel'])) { $id = $_REQUEST['cancel']; @@ -59,7 +62,7 @@ function user_myshifts() { } else $msg .= error("Es ist zu spät um sich aus der Schicht auszutragen. Frage ggf. einen Orga.", true); } else - header("Location: " . page_link_to('user_myshifts')); + redirect(page_link_to('user_myshifts')); } $shifts = sql_select("SELECT * FROM `ShiftEntry` JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `UID`=" . sql_escape($shifts_user['UID']) . " ORDER BY `start`"); @@ -87,7 +90,7 @@ function user_myshifts() { if ($shifts_user['ical_key'] == "") user_reset_ical_key($shifts_user); - return template_render('../templates/user_myshifts.html', array ( + return msg().template_render('../templates/user_myshifts.html', array ( 'h' => $LETZTES_AUSTRAGEN, 'shifts' => $html, 'msg' => $msg, diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php index 8120a6c4..b7b504af 100644 --- a/includes/pages/user_shifts.php +++ b/includes/pages/user_shifts.php @@ -4,30 +4,33 @@ function user_shifts() { // Löschen einzelner Schicht-Einträge (Also Belegung einer Schicht von Engeln) durch Admins if (isset ($_REQUEST['entry_id']) && in_array('user_shifts_admin', $privileges)) { - if (isset ($_REQUEST['entry_id']) && preg_match("/^[0-9]*$/", $_REQUEST['entry_id'])) + if (isset ($_REQUEST['entry_id']) && test_request_int('entry_id')) $entry_id = $_REQUEST['entry_id']; else - header("Location: " . page_link_to('user_shifts')); + redirect(page_link_to('user_shifts')); sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($entry_id) . " LIMIT 1"); - return success("Der Schicht-Eintrag wurde gelöscht..", true); + success("Der Schicht-Eintrag wurde gelöscht."); + redirect(page_link_to('user_shifts')); } // Schicht bearbeiten elseif (isset ($_REQUEST['edit_shift']) && in_array('admin_shifts', $privileges)) { $msg = ""; $ok = true; - if (isset ($_REQUEST['edit_shift']) && preg_match("/^[0-9]*$/", $_REQUEST['edit_shift'])) + if (isset ($_REQUEST['edit_shift']) && test_request_int('edit_shift')) $shift_id = $_REQUEST['edit_shift']; else - header("Location: " . page_link_to('user_shifts')); + redirect(page_link_to('user_shifts')); - if (sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1") > 0) - return error("Du kannst nur Schichten bearbeiten, bei denen niemand eingetragen ist.", true); + if (sql_num_query("SELECT * FROM `ShiftEntry` WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1") > 0) { + error("Du kannst nur Schichten bearbeiten, bei denen niemand eingetragen ist."); + redirect(page_link_to('user_shift')); + } $shift = sql_select("SELECT * FROM `Shifts` JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1"); if (count($shift) == 0) - header("Location: " . page_link_to('user_shifts')); + redirect(page_link_to('user_shifts')); $shift = $shift[0]; // Locations laden @@ -37,10 +40,10 @@ function user_shifts() { $room_array[$room['RID']] = $room['Name']; // Engeltypen laden - $types = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `NeededAngelTypes` JOIN `AngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id`) WHERE `shift_id`=" . sql_escape($shift_id) . " ORDER BY `AngelTypes`.`name`"); + $needed_angel_types_source = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `AngelTypes` LEFT JOIN `NeededAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id` AND `NeededAngelTypes`.`shift_id`=" . sql_escape($shift_id) . ") ORDER BY `AngelTypes`.`name`"); $needed_angel_types = array (); - foreach ($types as $type) - $needed_angel_types[$type['id']] = $type['count']; + foreach ($needed_angel_types_source as $type) + $needed_angel_types[$type['id']] = $type['count'] != "" ? $type['count'] : "0"; $name = $shift['name']; $rid = $shift['RID']; @@ -79,7 +82,7 @@ function user_shifts() { $msg .= error("Das Ende muss nach dem Startzeitpunkt liegen!", true); } - foreach ($types as $type) { + foreach ($needed_angel_types_source as $type) { if (isset ($_REQUEST['type_' . $type['id']]) && preg_match("/^[0-9]+$/", trim($_REQUEST['type_' . $type['id']]))) { $needed_angel_types[$type['id']] = trim($_REQUEST['type_' . $type['id']]); } else { @@ -87,23 +90,20 @@ function user_shifts() { $msg .= error("Bitte überprüfe die Eingaben für die benötigten Engel des Typs " . $type['name'] . ".", true); } } - if (array_sum($needed_angel_types) == 0) { - $ok = false; - $msg .= error("Es werden 0 Engel benötigt. Bitte wähle benötigte Engel.", true); - } if ($ok) { sql_query("UPDATE `Shifts` SET `start`=" . sql_escape($start) . ", `end`=" . sql_escape($end) . ", `RID`=" . sql_escape($rid) . ", `name`='" . sql_escape($name) . "' WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1"); sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`=" . sql_escape($shift_id)); foreach ($needed_angel_types as $type_id => $count) sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count)); - return success("Schicht gespeichert.", true); + success("Schicht gespeichert."); + redirect(page_link_to('user_shifts')); } } $room_select = html_select_key('rid', 'rid', $room_array, $rid); $angel_types = ""; - foreach ($types as $type) { + foreach ($needed_angel_types_source as $type) { $angel_types .= template_render('../templates/admin_shifts_angel_types.html', array ( 'id' => $type['id'], 'type' => $type['name'], @@ -137,7 +137,8 @@ function user_shifts() { sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`=" . sql_escape($shift_id)); sql_query("DELETE FROM `Shifts` WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1"); - return success("Die Schicht wurde gelöscht.", true); + success("Die Schicht wurde gelöscht."); + redirect(page_link_to('user_shifts')); } return template_render('../templates/user_shifts_admin_delete.html', array ( @@ -169,6 +170,7 @@ function user_shifts() { $type = $type[0]; if (isset ($_REQUEST['submit'])) { + $selected_type_id = $type_id; if (in_array('user_shifts_admin', $privileges)) { if (isset ($_REQUEST['user_id']) && preg_match("/^[0-9]*$/", $_REQUEST['user_id'])) $user_id = $_REQUEST['user_id']; @@ -177,6 +179,9 @@ function user_shifts() { if (sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($user_id) . " LIMIT 1") == 0) redirect(page_link_to('user_shifts')); + + if (isset ($_REQUEST['angeltype_id']) && test_request_int('angeltype_id') && sql_num_query("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($_REQUEST['angeltype_id']) . " LIMIT 1") > 0) + $selected_type_id = $_REQUEST['angeltype_id']; } else $user_id = $user['UID']; @@ -187,8 +192,10 @@ function user_shifts() { return error("This angel does already have an entry for this shift.", true); $comment = strip_request_item_nl('comment'); - sql_query("INSERT INTO `ShiftEntry` SET `Comment`='" . sql_escape($comment) . "', `UID`=" . sql_escape($user_id) . ", `TID`=" . sql_escape($type_id) . ", `SID`=" . sql_escape($shift_id)); - return success("Du bist eingetragen. Danke!", true) . 'Meine Schichten »'; + sql_query("INSERT INTO `ShiftEntry` SET `Comment`='" . sql_escape($comment) . "', `UID`=" . sql_escape($user_id) . ", `TID`=" . sql_escape($selected_type_id) . ", `SID`=" . sql_escape($shift_id)); + + success("Du bist eingetragen. Danke!" . ' Meine Schichten »'); + redirect(page_link_to('user_shifts')); } if (in_array('user_shifts_admin', $privileges)) { @@ -277,9 +284,9 @@ function view_user_shifts() { ); $shifts = sql_select("SELECT `Shifts`.*, `Room`.`Name` as `room_name` FROM `Shifts` JOIN `Room` USING (`RID`) - WHERE `Shifts`.`RID` IN (" . implode(',', $_SESSION['user_shifts']['rooms']) . ") - AND DATE(FROM_UNIXTIME(`start`)) IN ('" . implode("','", $_SESSION['user_shifts']['days']) . "') - ORDER BY `start`"); + WHERE `Shifts`.`RID` IN (" . implode(',', $_SESSION['user_shifts']['rooms']) . ") + AND DATE(FROM_UNIXTIME(`start`)) IN ('" . implode("','", $_SESSION['user_shifts']['days']) . "') + ORDER BY `start`"); $shifts_table = ""; $row_count = 0; @@ -299,17 +306,17 @@ function view_user_shifts() { $is_free = false; $shift_has_special_needs = 0 < sql_num_query("SELECT `id` FROM `NeededAngelTypes` WHERE `shift_id` = " . $shift['SID']); $query = "SELECT * - FROM `NeededAngelTypes` - JOIN `AngelTypes` - ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id`) - WHERE "; + FROM `NeededAngelTypes` + JOIN `AngelTypes` + ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id`) + WHERE "; if ($shift_has_special_needs) $query .= "`shift_id` = " . sql_escape($shift['SID']); else $query .= "`room_id` = " . sql_escape($shift['RID']); $query .= " AND `count` > 0 - AND `angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") - ORDER BY `AngelTypes`.`name`"; + AND `angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") + ORDER BY `AngelTypes`.`name`"; $angeltypes = sql_select($query); if (count($angeltypes) > 0) {