summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAngelo Cuccato <cuccato@web.de>2010-11-23 10:28:02 +0100
committerAngelo Cuccato <cuccato@web.de>2010-11-23 10:28:02 +0100
commit1e4779938497a580217cf0e082730c731282cd69 (patch)
treec39215b0c0beab7e099e276ffd6b0d6485d7075a
parent3b6e2b24b10ac6230f4f722e015b2c03b49e5dbb (diff)
check link before show
-rwxr-xr-xDB/Sprache.sql8
-rwxr-xr-xincludes/UserCVS.php49
-rwxr-xr-xincludes/funktion_activeUser.php8
-rwxr-xr-xincludes/funktion_schichtplan.php82
-rwxr-xr-xincludes/funktion_xml_schudle.php5
-rwxr-xr-xwww-ssl/admin/user.php16
6 files changed, 115 insertions, 53 deletions
diff --git a/DB/Sprache.sql b/DB/Sprache.sql
index 5bc5e190..76597b71 100755
--- a/DB/Sprache.sql
+++ b/DB/Sprache.sql
@@ -96,8 +96,8 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('33', 'DE', 'Sprache
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('33', 'EN', 'Language is saved. On the next page it will be active.');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('34', 'DE', 'Avatar wurde gesetzt.');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('34', 'EN', 'Avatar is saved.');
-INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('35', 'DE', '&lt;b&gt;Neue Anfrage:&lt;/b&gt;\r\nIn diesem Formular hast du die M&ouml;glichkeit, den Erzengeln eine Frage zu stellen. Wenn diese beantwortet ist, wirst du hier dar&uuml;ber informiert. Sollte die Frage von allgemeinem Interesse sein, wird diese in die Engel-FAQ &uuml;bernommen.');
-INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('35', 'EN', '<b>New Question</b>\r\nWith this form you may sumbit questions to our Archangels. Topics of common interest may be added to the FAQ. (Section: answered questions).\r\n');
+INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('35', 'DE', 'Neue Anfrage In diesem Formular hast du die M&ouml;glichkeit, den Erzengeln eine Frage zu stellen. Wenn diese beantwortet ist, wirst du hier dar&uuml;ber informiert. Sollte die Frage von allgemeinem Interesse sein, wird diese in die Engel-FAQ &uuml;bernommen.');
+INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('35', 'EN', 'New Question With this form you may sumbit questions to our Archangels. Topics of common interest may be added to the FAQ. (Section: answered questions).\r\n');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('36', 'DE', 'Stelle hier deine Frage');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('36', 'EN', 'Tell us your question');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('37', 'DE', 'Deine Anfrage war:');
@@ -325,8 +325,8 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_aktive_Active',
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_add_TextFor', 'EN', 'text for shift');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_add_WriteOK', 'EN', 'Now, you signed up for this shift. Thank you for your cooperation.');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_add_Text1', 'EN', 'Here you can sign up for a shift. As commend can you write what you want, it is only for you.');
-INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_colision', 'DE', '&lt;h1&gt;Fehler&lt;/h1&gt;\r\n&Uuml;berschneidung von Schichten:');
-INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_colision', 'EN', '&lt;h1&gt;error&lt;/h1&gt;\r\noverlap on shift:');
+INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_colision', 'DE', 'Fehler &Uuml;berschneidung von Schichten:');
+INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_colision', 'EN', 'error noverlap on shift:');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schicht_EmptyShifts', 'DE', 'Die n&auml;chsten 15 freien Schichten:');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schicht_EmptyShifts', 'EN', 'The next 15 empty shifts:');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('inc_schicht_date', 'DE', 'Datum');
diff --git a/includes/UserCVS.php b/includes/UserCVS.php
index 4f606b7e..9210e446 100755
--- a/includes/UserCVS.php
+++ b/includes/UserCVS.php
@@ -50,4 +50,53 @@ if( $DEBUG )
}
+function funktion_isLinkAllowed( $PageName)
+{
+ global $_SESSION;
+
+ // separate page parameter
+ $ParameterPos = strpos( $PageName, ".php?");
+ if( $ParameterPos === FALSE)
+ {
+ $pName = $PageName;
+ }
+ else
+ {
+ $pName = substr( $PageName, 0, $ParameterPos + 4);
+ }
+
+ // check rights
+ if( (isset( $_SESSION['CVS'][ $pName ]) === TRUE) &&
+ ($_SESSION['CVS'][ $pName ] == "Y") )
+ {
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+function funktion_isLinkAllowed_addLink_OrLinkText( $PageName, $LinkText)
+{
+ global $url, $ENGEL_ROOT;
+
+ if( funktion_isLinkAllowed( $PageName) === TRUE)
+ {
+ return "<a href=\"". $url. $ENGEL_ROOT. $PageName. "\">". $LinkText. "</a>";
+ }
+
+ return $LinkText;
+}
+
+function funktion_isLinkAllowed_addLink_OrEmpty( $PageName, $LinkText)
+{
+ global $url, $ENGEL_ROOT;
+
+ if( funktion_isLinkAllowed( $PageName) === TRUE)
+ {
+ return "<a href=\"". $url. $ENGEL_ROOT. $PageName. "\">". $LinkText. "</a>";
+ }
+
+ return "";
+}
+
?>
diff --git a/includes/funktion_activeUser.php b/includes/funktion_activeUser.php
index 808ccf73..d19895a8 100755
--- a/includes/funktion_activeUser.php
+++ b/includes/funktion_activeUser.php
@@ -39,11 +39,9 @@ for( $i=0; $i<mysql_num_rows($Erg); $i++)
if( $_SESSION['UID']>0 )
echo DisplayAvatar( mysql_result( $Erg, $i, "UID"));
// Schow Admin Page
- if( $_SESSION['CVS'][ "admin/userChangeNormal.php" ] == "Y" )
- echo " <a href=\"./../admin/userChangeNormal.php?enterUID=". mysql_result( $Erg, $i, "UID"). "&Type=Normal\">".
- mysql_result( $Erg, $i, "Nick"). "</a>";
- else
- echo mysql_result( $Erg, $i, "Nick");
+ echo funktion_isLinkAllowed_addLink_OrLinkText(
+ "admin/userChangeNormal.php?enterUID=". mysql_result( $Erg, $i, "UID"). "&Type=Normal",
+ mysql_result( $Erg, $i, "Nick"));
$Tlog = (substr( mysql_result( $Erg, $i, "lastLogIn"), 8, 2) * 60 * 60 * 24) + // Tag
(substr( mysql_result( $Erg, $i, "lastLogIn"), 11, 2) * 60 * 60) + // Stunde
diff --git a/includes/funktion_schichtplan.php b/includes/funktion_schichtplan.php
index ae4bf821..0b5b9910 100755
--- a/includes/funktion_schichtplan.php
+++ b/includes/funktion_schichtplan.php
@@ -18,11 +18,9 @@ function ausgabe_Feld_Inhalt( $SID, $Man )
///////////////////////////////////////////////////////////////////
// Schow Admin Page
///////////////////////////////////////////////////////////////////
- if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" )
- {
- $Spalten.= "<a href=\"./../admin/schichtplan.php?action=change&SID=$SID\">edit</a><br>\n\t\t";
- }
-
+ $Spalten.=funktion_isLinkAllowed_addLink_OrEmpty(
+ "admin/schichtplan.php?action=change&SID=$SID",
+ "edit<br>\n\t\t");
///////////////////////////////////////////////////////////////////
// Ausgabe des Schischtnamens
@@ -104,28 +102,30 @@ function ausgabe_Feld_Inhalt( $SID, $Man )
foreach( $TempValue["Engel"] as $TempEngelEntry=> $TempEngelID )
{
- if( $_SESSION['CVS'][ "admin/userChangeNormal.php" ] == "Y" )
- $Spalten.= " <a href=\"./../admin/userChangeNormal.php?enterUID=$TempEngelID&Type=Normal\">";
-
- if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" )
+ if( funktion_isLinkAllowed( "admin/user.php") === TRUE)
{
- if( UIDgekommen( $TempEngelID ) == "1")
- $Spalten.= "&nbsp;&nbsp;<span style=\"color: blue;\">".
- UID2Nick( $TempEngelID ).
- ($_GET["Icon"]==1? DisplayAvatar( $TempEngelID ): "").
- "</span><br>\n\t\t";
- else
- $Spalten.= "&nbsp;&nbsp;<span style=\"color: red;\">".
- UID2Nick( $TempEngelID ).
- ($_GET["Icon"]==1? DisplayAvatar( $TempEngelID ): "").
- "</span><br>\n\t\t";
+ // add color, wenn Engel "Gekommen"
+ $TempText=
+ ((UIDgekommen( $TempEngelID ) == "1")
+ ? "<span style=\"color: blue;\">"
+ : "<span style=\"color: red;\">").
+ UID2Nick( $TempEngelID). "</span>";
}
else
- $Spalten.= "&nbsp;&nbsp;". UID2Nick( $TempEngelID ).
- ($_GET["Icon"]==1? DisplayAvatar( $TempEngelID ): "").
- "<br>\n\t\t";
- if( $_SESSION['CVS'][ "admin/userChangeNormal.php" ] == "Y" )
- $Spalten.= " </a>";
+ {
+ $TempText = UID2Nick( $TempEngelID );
+ }
+
+ // add link to user
+ $TempText= funktion_isLinkAllowed_addLink_OrLinkText(
+ "admin/userChangeNormal.php?enterUID=$TempEngelID&Type=Normal",
+ $TempText);
+
+ $Spalten.= "&nbsp;&nbsp;". $TempText.
+ ( ($_GET["Icon"]==1) ? DisplayAvatar( $TempEngelID): "").
+ "<br>\n\t\t";
+
+
}
$Spalten = substr( $Spalten, 0, strlen($Spalten)-7 );
}
@@ -205,13 +205,17 @@ function CreateRoomShifts( $raum )
$ErgSonder = mysql_query($SQLSonder, $con);
if( (mysql_num_rows( $ErgSonder) > 1) )
{
- if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" )
+ if( funktion_isLinkAllowed( "admin/schichtplan.php") === TRUE )
{
echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> ";
- echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". mysql_result($ErgSonder, 0, "SID"). "\">".
- mysql_result($ErgSonder, 0, "DateS").
- " '". mysql_result($ErgSonder, 0, "Man")."' (RID $raum) (00-24)".
- "</a><br>\n\t\t";
+ for( $i=0; $i<mysql_num_rows( $ErgSonder); $i++)
+ {
+ echo "<a href=\"./../admin/schichtplan.php?action=change&SID=".
+ mysql_result($ErgSonder, $i, "SID"). "\">".
+ mysql_result($ErgSonder, $i, "DateS").
+ " '". mysql_result($ErgSonder, $i, "Man")."' (RID $raum) (00-24)".
+ "</a><br>\n\t\t";
+ }
}
}
elseif( (mysql_num_rows( $ErgSonder) == 1) )
@@ -236,13 +240,17 @@ function CreateRoomShifts( $raum )
$ErgSonder = mysql_query($SQLSonder, $con);
if( (mysql_num_rows( $ErgSonder) > 1) )
{
- if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" )
+ if( funktion_isLinkAllowed( "admin/schichtplan.php") === TRUE )
{
echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> ";
- echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". mysql_result($ErgSonder, 0, "SID"). "\">".
- mysql_result($ErgSonder, 0, "DateS").
- " '". mysql_result($ErgSonder, 0, "Man")."' (RID $raum) (00-xx)".
- "</a><br>\n\t\t";
+ for( $i=0; $i<mysql_num_rows( $ErgSonder); $i++)
+ {
+ echo "<a href=\"./../admin/schichtplan.php?action=change&SID=".
+ mysql_result($ErgSonder, $i, "SID"). "\">".
+ mysql_result($ErgSonder, $i, "DateS").
+ " '". mysql_result($ErgSonder, $i, "Man")."' (RID $raum) (00-xx)".
+ "</a><br>\n\t\t";
+ }
}
}
elseif( (mysql_num_rows( $ErgSonder) == 1) )
@@ -297,10 +305,12 @@ function CreateRoomShifts( $raum )
}
else
{
- echo Get_Text("pub_schichtplan_colision"). " ".
+ echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> ";
+ echo "<a href=\"./../admin/schichtplan.php?action=change&SID=".
+ mysql_result($Erg, $i, "SID"). "\">".
mysql_result($Erg, $i, "DateS").
" '". mysql_result($Erg, $i, "Man"). "' ".
- " (". mysql_result($Erg, $i, "SID"). " R$raum) (xx-xx)<br><br>";
+ " (". mysql_result($Erg, $i, "SID"). " R$raum) (xx-xx)</a><br><br>";
}
}
if( $ZeitZeiger < 24 )
diff --git a/includes/funktion_xml_schudle.php b/includes/funktion_xml_schudle.php
index f6931301..4ef0a42f 100755
--- a/includes/funktion_xml_schudle.php
+++ b/includes/funktion_xml_schudle.php
@@ -259,7 +259,7 @@ foreach($XMLmain->sub as $EventKey => $Event)
}
else
{
- echo "\t<td><a href=\"./schichtplan.php?action=change&SID=$SIDDB\">edit</a></td>\n";
+ echo "\t<td>". funktion_isLinkAllowed_addLink_OrLinkText("admin/schichtplan.php?action=change&SID=".$SIDDB, "edit"). "</td>\n";
$DS_OK++;
}
echo "\t</tr>\n";
@@ -299,7 +299,8 @@ if(mysql_num_rows($Erg2)>0 && $EnableSchudleDB )
"<input name=\"LenDB\" type=\"text\" value=\"$Len\" size=\"1\"readonly></td>\n";
echo "\t<td><input name=\"ManXML\" type=\"text\" value=\"\" size=\"40\"readonly>\n\t\t".
"<input name=\"ManDB\" type=\"text\" value=\"$Man\" size=\"40\"readonly></td>\n";
- echo "\t<td><a href=\"./schichtplan.php?action=change&SID=$SID\">edit</a></td>\n";
+ echo "\t<td>". funktion_isLinkAllowed_addLink_OrLinkText( "admin/schichtplan.php?action=change&SID=".$SID, "edit").
+ "</td>\n";
echo "\t<tr>\n";
}
echo "</table>";
diff --git a/www-ssl/admin/user.php b/www-ssl/admin/user.php
index a792f864..f8691563 100755
--- a/www-ssl/admin/user.php
+++ b/www-ssl/admin/user.php
@@ -88,12 +88,16 @@ if (!IsSet($_GET["enterUID"]))
echo "\t<td>".mysql_result($Erg, $n, "Aktiv")."</td>\n";
$Tshirt += mysql_result($Erg, $n, "Tshirt");
echo "\t<td>".mysql_result($Erg, $n, "Tshirt")."</td>\n";
- echo "\t<td><a href=\"./userChangeNormal.php?enterUID=".
- mysql_result($Erg, $n, "UID")."&Type=Normal\">&Auml;nd.</a></td>\n";
- echo "\t<td>";
-
- echo "<a href=\"./userChangeSecure.php?enterUID=".
- mysql_result($Erg, $n, "UID")."&Type=Secure\">Secure</a></td>\n";
+ echo "\t<td>". funktion_isLinkAllowed_addLink_OrEmpty(
+ "admin/userChangeNormal.php?enterUID=".
+ mysql_result($Erg, $n, "UID")."&Type=Normal",
+ "&Auml;nd.").
+ "</td>\n";
+ echo "\t<td>". funktion_isLinkAllowed_addLink_OrEmpty(
+ "admin/userChangeSecure.php?enterUID=".
+ mysql_result($Erg, $n, "UID")."&Type=Secure",
+ "Secure").
+ "</td>\n";
echo "</tr>\n";
}
echo "<tr>".