diff options
author | Angelo Cuccato <cuccato@web.de> | 2010-11-23 10:28:02 +0100 |
---|---|---|
committer | Angelo Cuccato <cuccato@web.de> | 2010-11-23 10:28:02 +0100 |
commit | 1e4779938497a580217cf0e082730c731282cd69 (patch) | |
tree | c39215b0c0beab7e099e276ffd6b0d6485d7075a | |
parent | 3b6e2b24b10ac6230f4f722e015b2c03b49e5dbb (diff) |
check link before show
-rwxr-xr-x | DB/Sprache.sql | 8 | ||||
-rwxr-xr-x | includes/UserCVS.php | 49 | ||||
-rwxr-xr-x | includes/funktion_activeUser.php | 8 | ||||
-rwxr-xr-x | includes/funktion_schichtplan.php | 82 | ||||
-rwxr-xr-x | includes/funktion_xml_schudle.php | 5 | ||||
-rwxr-xr-x | www-ssl/admin/user.php | 16 |
6 files changed, 115 insertions, 53 deletions
diff --git a/DB/Sprache.sql b/DB/Sprache.sql index 5bc5e190..76597b71 100755 --- a/DB/Sprache.sql +++ b/DB/Sprache.sql @@ -96,8 +96,8 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('33', 'DE', 'Sprache INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('33', 'EN', 'Language is saved. On the next page it will be active.');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('34', 'DE', 'Avatar wurde gesetzt.');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('34', 'EN', 'Avatar is saved.');
-INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('35', 'DE', '<b>Neue Anfrage:</b>\r\nIn diesem Formular hast du die Möglichkeit, den Erzengeln eine Frage zu stellen. Wenn diese beantwortet ist, wirst du hier darüber informiert. Sollte die Frage von allgemeinem Interesse sein, wird diese in die Engel-FAQ übernommen.');
-INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('35', 'EN', '<b>New Question</b>\r\nWith this form you may sumbit questions to our Archangels. Topics of common interest may be added to the FAQ. (Section: answered questions).\r\n');
+INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('35', 'DE', 'Neue Anfrage In diesem Formular hast du die Möglichkeit, den Erzengeln eine Frage zu stellen. Wenn diese beantwortet ist, wirst du hier darüber informiert. Sollte die Frage von allgemeinem Interesse sein, wird diese in die Engel-FAQ übernommen.');
+INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('35', 'EN', 'New Question With this form you may sumbit questions to our Archangels. Topics of common interest may be added to the FAQ. (Section: answered questions).\r\n');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('36', 'DE', 'Stelle hier deine Frage');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('36', 'EN', 'Tell us your question');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('37', 'DE', 'Deine Anfrage war:');
@@ -325,8 +325,8 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_aktive_Active', INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_add_TextFor', 'EN', 'text for shift');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_add_WriteOK', 'EN', 'Now, you signed up for this shift. Thank you for your cooperation.');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_add_Text1', 'EN', 'Here you can sign up for a shift. As commend can you write what you want, it is only for you.');
-INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_colision', 'DE', '<h1>Fehler</h1>\r\nÜberschneidung von Schichten:');
-INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_colision', 'EN', '<h1>error</h1>\r\noverlap on shift:');
+INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_colision', 'DE', 'Fehler Überschneidung von Schichten:');
+INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schichtplan_colision', 'EN', 'error noverlap on shift:');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schicht_EmptyShifts', 'DE', 'Die nächsten 15 freien Schichten:');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_schicht_EmptyShifts', 'EN', 'The next 15 empty shifts:');
INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('inc_schicht_date', 'DE', 'Datum');
diff --git a/includes/UserCVS.php b/includes/UserCVS.php index 4f606b7e..9210e446 100755 --- a/includes/UserCVS.php +++ b/includes/UserCVS.php @@ -50,4 +50,53 @@ if( $DEBUG ) } +function funktion_isLinkAllowed( $PageName) +{ + global $_SESSION; + + // separate page parameter + $ParameterPos = strpos( $PageName, ".php?"); + if( $ParameterPos === FALSE) + { + $pName = $PageName; + } + else + { + $pName = substr( $PageName, 0, $ParameterPos + 4); + } + + // check rights + if( (isset( $_SESSION['CVS'][ $pName ]) === TRUE) && + ($_SESSION['CVS'][ $pName ] == "Y") ) + { + return TRUE; + } + + return FALSE; +} + +function funktion_isLinkAllowed_addLink_OrLinkText( $PageName, $LinkText) +{ + global $url, $ENGEL_ROOT; + + if( funktion_isLinkAllowed( $PageName) === TRUE) + { + return "<a href=\"". $url. $ENGEL_ROOT. $PageName. "\">". $LinkText. "</a>"; + } + + return $LinkText; +} + +function funktion_isLinkAllowed_addLink_OrEmpty( $PageName, $LinkText) +{ + global $url, $ENGEL_ROOT; + + if( funktion_isLinkAllowed( $PageName) === TRUE) + { + return "<a href=\"". $url. $ENGEL_ROOT. $PageName. "\">". $LinkText. "</a>"; + } + + return ""; +} + ?> diff --git a/includes/funktion_activeUser.php b/includes/funktion_activeUser.php index 808ccf73..d19895a8 100755 --- a/includes/funktion_activeUser.php +++ b/includes/funktion_activeUser.php @@ -39,11 +39,9 @@ for( $i=0; $i<mysql_num_rows($Erg); $i++) if( $_SESSION['UID']>0 ) echo DisplayAvatar( mysql_result( $Erg, $i, "UID")); // Schow Admin Page - if( $_SESSION['CVS'][ "admin/userChangeNormal.php" ] == "Y" ) - echo " <a href=\"./../admin/userChangeNormal.php?enterUID=". mysql_result( $Erg, $i, "UID"). "&Type=Normal\">". - mysql_result( $Erg, $i, "Nick"). "</a>"; - else - echo mysql_result( $Erg, $i, "Nick"); + echo funktion_isLinkAllowed_addLink_OrLinkText( + "admin/userChangeNormal.php?enterUID=". mysql_result( $Erg, $i, "UID"). "&Type=Normal", + mysql_result( $Erg, $i, "Nick")); $Tlog = (substr( mysql_result( $Erg, $i, "lastLogIn"), 8, 2) * 60 * 60 * 24) + // Tag (substr( mysql_result( $Erg, $i, "lastLogIn"), 11, 2) * 60 * 60) + // Stunde diff --git a/includes/funktion_schichtplan.php b/includes/funktion_schichtplan.php index ae4bf821..0b5b9910 100755 --- a/includes/funktion_schichtplan.php +++ b/includes/funktion_schichtplan.php @@ -18,11 +18,9 @@ function ausgabe_Feld_Inhalt( $SID, $Man ) /////////////////////////////////////////////////////////////////// // Schow Admin Page /////////////////////////////////////////////////////////////////// - if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" ) - { - $Spalten.= "<a href=\"./../admin/schichtplan.php?action=change&SID=$SID\">edit</a><br>\n\t\t"; - } - + $Spalten.=funktion_isLinkAllowed_addLink_OrEmpty( + "admin/schichtplan.php?action=change&SID=$SID", + "edit<br>\n\t\t"); /////////////////////////////////////////////////////////////////// // Ausgabe des Schischtnamens @@ -104,28 +102,30 @@ function ausgabe_Feld_Inhalt( $SID, $Man ) foreach( $TempValue["Engel"] as $TempEngelEntry=> $TempEngelID ) { - if( $_SESSION['CVS'][ "admin/userChangeNormal.php" ] == "Y" ) - $Spalten.= " <a href=\"./../admin/userChangeNormal.php?enterUID=$TempEngelID&Type=Normal\">"; - - if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" ) + if( funktion_isLinkAllowed( "admin/user.php") === TRUE) { - if( UIDgekommen( $TempEngelID ) == "1") - $Spalten.= " <span style=\"color: blue;\">". - UID2Nick( $TempEngelID ). - ($_GET["Icon"]==1? DisplayAvatar( $TempEngelID ): ""). - "</span><br>\n\t\t"; - else - $Spalten.= " <span style=\"color: red;\">". - UID2Nick( $TempEngelID ). - ($_GET["Icon"]==1? DisplayAvatar( $TempEngelID ): ""). - "</span><br>\n\t\t"; + // add color, wenn Engel "Gekommen" + $TempText= + ((UIDgekommen( $TempEngelID ) == "1") + ? "<span style=\"color: blue;\">" + : "<span style=\"color: red;\">"). + UID2Nick( $TempEngelID). "</span>"; } else - $Spalten.= " ". UID2Nick( $TempEngelID ). - ($_GET["Icon"]==1? DisplayAvatar( $TempEngelID ): ""). - "<br>\n\t\t"; - if( $_SESSION['CVS'][ "admin/userChangeNormal.php" ] == "Y" ) - $Spalten.= " </a>"; + { + $TempText = UID2Nick( $TempEngelID ); + } + + // add link to user + $TempText= funktion_isLinkAllowed_addLink_OrLinkText( + "admin/userChangeNormal.php?enterUID=$TempEngelID&Type=Normal", + $TempText); + + $Spalten.= " ". $TempText. + ( ($_GET["Icon"]==1) ? DisplayAvatar( $TempEngelID): ""). + "<br>\n\t\t"; + + } $Spalten = substr( $Spalten, 0, strlen($Spalten)-7 ); } @@ -205,13 +205,17 @@ function CreateRoomShifts( $raum ) $ErgSonder = mysql_query($SQLSonder, $con); if( (mysql_num_rows( $ErgSonder) > 1) ) { - if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" ) + if( funktion_isLinkAllowed( "admin/schichtplan.php") === TRUE ) { echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> "; - echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". mysql_result($ErgSonder, 0, "SID"). "\">". - mysql_result($ErgSonder, 0, "DateS"). - " '". mysql_result($ErgSonder, 0, "Man")."' (RID $raum) (00-24)". - "</a><br>\n\t\t"; + for( $i=0; $i<mysql_num_rows( $ErgSonder); $i++) + { + echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". + mysql_result($ErgSonder, $i, "SID"). "\">". + mysql_result($ErgSonder, $i, "DateS"). + " '". mysql_result($ErgSonder, $i, "Man")."' (RID $raum) (00-24)". + "</a><br>\n\t\t"; + } } } elseif( (mysql_num_rows( $ErgSonder) == 1) ) @@ -236,13 +240,17 @@ function CreateRoomShifts( $raum ) $ErgSonder = mysql_query($SQLSonder, $con); if( (mysql_num_rows( $ErgSonder) > 1) ) { - if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" ) + if( funktion_isLinkAllowed( "admin/schichtplan.php") === TRUE ) { echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> "; - echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". mysql_result($ErgSonder, 0, "SID"). "\">". - mysql_result($ErgSonder, 0, "DateS"). - " '". mysql_result($ErgSonder, 0, "Man")."' (RID $raum) (00-xx)". - "</a><br>\n\t\t"; + for( $i=0; $i<mysql_num_rows( $ErgSonder); $i++) + { + echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". + mysql_result($ErgSonder, $i, "SID"). "\">". + mysql_result($ErgSonder, $i, "DateS"). + " '". mysql_result($ErgSonder, $i, "Man")."' (RID $raum) (00-xx)". + "</a><br>\n\t\t"; + } } } elseif( (mysql_num_rows( $ErgSonder) == 1) ) @@ -297,10 +305,12 @@ function CreateRoomShifts( $raum ) } else { - echo Get_Text("pub_schichtplan_colision"). " ". + echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> "; + echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". + mysql_result($Erg, $i, "SID"). "\">". mysql_result($Erg, $i, "DateS"). " '". mysql_result($Erg, $i, "Man"). "' ". - " (". mysql_result($Erg, $i, "SID"). " R$raum) (xx-xx)<br><br>"; + " (". mysql_result($Erg, $i, "SID"). " R$raum) (xx-xx)</a><br><br>"; } } if( $ZeitZeiger < 24 ) diff --git a/includes/funktion_xml_schudle.php b/includes/funktion_xml_schudle.php index f6931301..4ef0a42f 100755 --- a/includes/funktion_xml_schudle.php +++ b/includes/funktion_xml_schudle.php @@ -259,7 +259,7 @@ foreach($XMLmain->sub as $EventKey => $Event) } else { - echo "\t<td><a href=\"./schichtplan.php?action=change&SID=$SIDDB\">edit</a></td>\n"; + echo "\t<td>". funktion_isLinkAllowed_addLink_OrLinkText("admin/schichtplan.php?action=change&SID=".$SIDDB, "edit"). "</td>\n"; $DS_OK++; } echo "\t</tr>\n"; @@ -299,7 +299,8 @@ if(mysql_num_rows($Erg2)>0 && $EnableSchudleDB ) "<input name=\"LenDB\" type=\"text\" value=\"$Len\" size=\"1\"readonly></td>\n"; echo "\t<td><input name=\"ManXML\" type=\"text\" value=\"\" size=\"40\"readonly>\n\t\t". "<input name=\"ManDB\" type=\"text\" value=\"$Man\" size=\"40\"readonly></td>\n"; - echo "\t<td><a href=\"./schichtplan.php?action=change&SID=$SID\">edit</a></td>\n"; + echo "\t<td>". funktion_isLinkAllowed_addLink_OrLinkText( "admin/schichtplan.php?action=change&SID=".$SID, "edit"). + "</td>\n"; echo "\t<tr>\n"; } echo "</table>"; diff --git a/www-ssl/admin/user.php b/www-ssl/admin/user.php index a792f864..f8691563 100755 --- a/www-ssl/admin/user.php +++ b/www-ssl/admin/user.php @@ -88,12 +88,16 @@ if (!IsSet($_GET["enterUID"])) echo "\t<td>".mysql_result($Erg, $n, "Aktiv")."</td>\n"; $Tshirt += mysql_result($Erg, $n, "Tshirt"); echo "\t<td>".mysql_result($Erg, $n, "Tshirt")."</td>\n"; - echo "\t<td><a href=\"./userChangeNormal.php?enterUID=". - mysql_result($Erg, $n, "UID")."&Type=Normal\">Änd.</a></td>\n"; - echo "\t<td>"; - - echo "<a href=\"./userChangeSecure.php?enterUID=". - mysql_result($Erg, $n, "UID")."&Type=Secure\">Secure</a></td>\n"; + echo "\t<td>". funktion_isLinkAllowed_addLink_OrEmpty( + "admin/userChangeNormal.php?enterUID=". + mysql_result($Erg, $n, "UID")."&Type=Normal", + "Änd."). + "</td>\n"; + echo "\t<td>". funktion_isLinkAllowed_addLink_OrEmpty( + "admin/userChangeSecure.php?enterUID=". + mysql_result($Erg, $n, "UID")."&Type=Secure", + "Secure"). + "</td>\n"; echo "</tr>\n"; } echo "<tr>". |