summaryrefslogtreecommitdiff
path: root/includes/pages
diff options
context:
space:
mode:
authorPhilip Häusler <msquare@notrademark.de>2011-06-11 17:09:30 +0200
committerPhilip Häusler <msquare@notrademark.de>2011-06-11 17:09:30 +0200
commit3a31cebd1d39a6bcec2c22cbced60ca9d6177a42 (patch)
tree3cce86da26c408841e69bdee4e2ba012e0c72e47 /includes/pages
parentebecae2ccc37c8930245a562852c035d5ce8d5a1 (diff)
parent80a1a65aefcd2f33951dc60c72d29df1ad19b187 (diff)
merge special_includes_camp
Diffstat (limited to 'includes/pages')
-rw-r--r--includes/pages/admin_angel_types.php96
-rw-r--r--includes/pages/admin_faq.php105
-rw-r--r--includes/pages/admin_groups.php91
-rw-r--r--includes/pages/admin_import.php253
-rw-r--r--includes/pages/admin_language.php110
-rw-r--r--includes/pages/admin_log.php76
-rw-r--r--includes/pages/admin_news.php87
-rw-r--r--includes/pages/admin_questions.php85
-rw-r--r--includes/pages/admin_rooms.php143
-rw-r--r--includes/pages/admin_user.php324
-rw-r--r--includes/pages/guest_credits.php5
-rw-r--r--includes/pages/guest_faq.php24
-rw-r--r--includes/pages/guest_login.php269
-rw-r--r--includes/pages/guest_start.php13
-rw-r--r--includes/pages/user_messages.php239
-rw-r--r--includes/pages/user_news.php168
-rw-r--r--includes/pages/user_questions.php50
-rw-r--r--includes/pages/user_settings.php252
-rw-r--r--includes/pages/user_wakeup.php86
19 files changed, 2476 insertions, 0 deletions
diff --git a/includes/pages/admin_angel_types.php b/includes/pages/admin_angel_types.php
new file mode 100644
index 00000000..c5283899
--- /dev/null
+++ b/includes/pages/admin_angel_types.php
@@ -0,0 +1,96 @@
+<?php
+
+function admin_angel_types() {
+ $html = "";
+ if (!isset ($_REQUEST['action'])) {
+
+ $table = "";
+ $angel_types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `Name`");
+
+ foreach ($angel_types as $angel_type)
+ $table .= sprintf(
+ '<tr><td>%s</td><td>%s</td><td>'
+ . '<a href="%s&action=edit&id=%s">Edit</a></td></tr>',
+ $angel_type['Name'], $angel_type['Man'],
+ page_link_to("admin_angel_types"),
+ $angel_type['TID']
+ );
+
+ $html .= template_render('../templates/admin_angel_types.html', array (
+ 'link' => page_link_to("admin_angel_types"),
+ 'table' => $table
+ ));
+
+ } else {
+
+ switch ($_REQUEST['action']) {
+
+ case 'create' :
+ $name = strip_request_item("name");
+ $man = strip_request_item("man");
+
+ sql_query("INSERT INTO `AngelTypes` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "'");
+
+ header("Location: " . page_link_to("admin_angel_types"));
+ break;
+
+ case 'edit' :
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing AngelType ID.");
+
+ $angel_type = sql_select("SELECT * FROM `AngelTypes` WHERE `TID`=" . sql_escape($id) . " LIMIT 1");
+ if (count($angel_type) > 0) {
+ list ($angel_type) = $angel_type;
+
+ $html .= template_render(
+ '../templates/admin_angel_types_edit_form.html', array (
+ 'link' => page_link_to("admin_angel_types"),
+ 'id' => $id,
+ 'name' => $angel_type['Name'],
+ 'man' => $angel_type['Man']
+ ));
+ } else
+ return error("No Angel Type found.");
+ break;
+
+ case 'save' :
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing AngelType ID.");
+
+ $angel_type = sql_select("SELECT * FROM `AngelTypes` WHERE `TID`=" . sql_escape($id) . " LIMIT 1");
+ if (count($angel_type) > 0) {
+ list ($angel_type) = $angel_type;
+
+ $name = strip_request_item("name");
+ $man = strip_request_item("man");
+
+ sql_query("UPDATE `AngelTypes` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "' WHERE `TID`=" . sql_escape($id) . " LIMIT 1");
+ header("Location: " . page_link_to("admin_angel_types"));
+ } else
+ return error("No Angel Type found.");
+ break;
+
+ case 'delete' :
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing AngelType ID.");
+
+ $angel_type = sql_select("SELECT * FROM `AngelTypes` WHERE `TID`=" . sql_escape($id) . " LIMIT 1");
+ if (count($angel_type) > 0) {
+ sql_query("DELETE FROM `AngelTypes` WHERE `TID`=" . sql_escape($id) . " LIMIT 1");
+ sql_query("DELETE FROM `RoomAngelTypes` WHERE `angel_type_id`=" . sql_escape($id) . " LIMIT 1");
+ header("Location: " . page_link_to("admin_angel_types"));
+ } else
+ return error("No Angel Type found.");
+ break;
+ }
+ }
+
+ return $html;
+}
+?>
diff --git a/includes/pages/admin_faq.php b/includes/pages/admin_faq.php
new file mode 100644
index 00000000..b8ba1a64
--- /dev/null
+++ b/includes/pages/admin_faq.php
@@ -0,0 +1,105 @@
+<?php
+function admin_faq() {
+ if (!isset ($_REQUEST['action'])) {
+ $faqs_html = "";
+ $faqs = sql_select("SELECT * FROM `FAQ`");
+ foreach ($faqs as $faq) {
+ $faqs_html .= sprintf(
+ '<tr><td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>'
+ . '<td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>'
+ . '<td><a href="%s&action=edit&id=%s">Edit</a></td></tr>',
+ $faq['Frage_de'], $faq['Antwort_de'],
+ $faq['Frage_en'], $faq['Antwort_en'],
+ page_link_to('admin_faq'), $faq['FID']
+ );
+ }
+ return template_render('../templates/admin_faq.html', array (
+ 'link' => page_link_to("admin_faq"),
+ 'faqs' => $faqs_html
+ ));
+ } else {
+ switch ($_REQUEST['action']) {
+ case 'create' :
+ $frage = strip_request_item_nl('frage');
+ $antwort = strip_request_item_nl('antwort');
+ $question = strip_request_item_nl('question');
+ $answer = strip_request_item_nl('answer');
+
+ sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage)
+ . "', `Frage_en`='" . sql_escape($question)
+ . "', `Antwort_de`='" . sql_escape($antwort)
+ . "', `Antwort_en`='" . sql_escape($answer)
+ . "'"
+ );
+
+ header("Location: " . page_link_to("admin_faq"));
+ break;
+
+ case 'save' :
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing FAQ ID.");
+
+ $faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
+ if (count($faq) > 0) {
+ list ($faq) = $faq;
+
+ $frage = strip_request_item_nl('frage');
+ $antwort = strip_request_item_nl('antwort');
+ $question = strip_request_item_nl('question');
+ $answer = strip_request_item_nl('answer');
+
+ sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage)
+ . "', `Frage_en`='" . sql_escape($question)
+ . "', `Antwort_de`='" . sql_escape($antwort)
+ . "', `Antwort_en`='" . sql_escape($answer)
+ . "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1"
+ );
+
+ header("Location: " . page_link_to("admin_faq"));
+ } else
+ return error("No FAQ found.");
+ break;
+
+ case 'edit' :
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing FAQ ID.");
+
+ $faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
+ if (count($faq) > 0) {
+ list ($faq) = $faq;
+
+ return template_render('../templates/admin_faq_edit_form.html', array (
+ 'link' => page_link_to("admin_faq"),
+ 'id' => $id,
+ 'frage' => $faq['Frage_de'],
+ 'antwort' => $faq['Antwort_de'],
+ 'question' => $faq['Frage_en'],
+ 'answer' => $faq['Antwort_en']
+ ));
+ } else
+ return error("No FAQ found.");
+ break;
+
+ case 'delete' :
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing FAQ ID.");
+
+ $faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
+ if (count($faq) > 0) {
+ list ($faq) = $faq;
+
+ sql_query("DELETE FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1");
+ header("Location: " . page_link_to("admin_faq"));
+ } else
+ return error("No FAQ found.");
+ break;
+ }
+ }
+}
+?>
diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php
new file mode 100644
index 00000000..770f09b4
--- /dev/null
+++ b/includes/pages/admin_groups.php
@@ -0,0 +1,91 @@
+<?php
+function admin_groups() {
+ global $user;
+
+ $html = "";
+ $groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`");
+ if (!isset ($_REQUEST["action"])) {
+ $groups_html = "";
+ foreach ($groups as $group) {
+ $groups_html .= sprintf(
+ '<tr><td>%s</td>',
+ $group['Name']
+ );
+ $privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID']));
+ $privileges_html = array ();
+
+ foreach ($privileges as $priv)
+ $privileges_html[] = $priv['name'];
+
+ $groups_html .= sprintf(
+ '<td>%s</td>'
+ . '<td><a href="%s&action=edit&id=%s">Ändern</a></td>',
+ join(', ', $privileges_html),
+ page_link_to("admin_groups"),
+ $group['UID']
+ );
+ }
+
+ return template_render('../templates/admin_groups.html', array (
+ 'nick' => $user['Nick'],
+ 'groups' => $groups_html
+ ));
+ } else {
+ switch ($_REQUEST["action"]) {
+ case 'edit' :
+ if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing Groups ID.");
+
+ $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+ if (count($room) > 0) {
+ list ($room) = $room;
+ $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`");
+ $privileges_html = "";
+ foreach ($privileges as $priv)
+ $privileges_html .= sprintf(
+ '<tr><td><input type="checkbox" '
+ . 'name="privileges[]" value="%s" %s />'
+ . '</td> <td>%s</td> <td>%s</td></tr>',
+ $priv['id'],
+ ($priv['group_id'] != ""
+ ? 'checked="checked"'
+ : ''),
+ $priv['name'],
+ $priv['desc']
+ );
+
+ $html .= template_render('../templates/admin_groups_edit_form.html', array (
+ 'link' => page_link_to("admin_groups"),
+ 'id' => $id,
+ 'privileges' => $privileges_html
+ ));
+ } else
+ return error("No Group found.");
+ break;
+
+ case 'save' :
+ if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing Groups ID.");
+
+ $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+ if (!is_array($_REQUEST['privileges']))
+ $_REQUEST['privileges'] = array ();
+ if (count($room) > 0) {
+ list ($room) = $room;
+ sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id));
+ foreach ($_REQUEST['privileges'] as $priv)
+ if (preg_match("/^[0-9]{1,}$/", $priv) && sql_num_query("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv)) > 0)
+ sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv));
+ header("Location: " . page_link_to("admin_groups"));
+ } else
+ return error("No Group found.");
+ break;
+ }
+ }
+ return $html;
+}
+?>
diff --git a/includes/pages/admin_import.php b/includes/pages/admin_import.php
new file mode 100644
index 00000000..6523050c
--- /dev/null
+++ b/includes/pages/admin_import.php
@@ -0,0 +1,253 @@
+<?php
+function admin_import() {
+ global $Room, $RoomID, $RoomName;
+ global $PentabarfGetWith, $PentabarfXMLpath, $PentabarfXMLhost;
+
+ require_once ("includes/funktion_xml.php");
+ ///////////
+ // DEBUG //
+ ///////////
+ $ShowDataStrukture = 0;
+ $EnableRoomFunctions = 1;
+ $EnableRooms = 1;
+ $EnableSchudleFunctions = 1;
+ $EnableSchudle = 1;
+ $EnableSchudleDB = 1;
+
+ CreateRoomArrays();
+
+ $html = "";
+
+ /*##############################################################################################
+ F I L E
+ ##############################################################################################*/
+ $html .= "\n\n<br />\n<h1>XML File:</h1>\n";
+ if (isset ($_POST["PentabarfUser"]) && isset ($_POST["password"]) && isset ($_POST["PentabarfURL"])) {
+ $html .= "Update XCAL-File from Pentabarf..";
+ if ($PentabarfGetWith == "fsockopen") {
+
+ //backup error messeges and delate
+ $Backuperror_messages = $error_messages;
+ $fp = fsockopen("ssl://$PentabarfXMLhost", 443, $errno, $errstr, 30);
+ // $error_messages = $Backuperror_messages;
+
+ if (!$fp) {
+ $html .= "<h2>fail: File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_POST["PentabarfURL"] . "' not readable!" .
+ "[$errstr ($errno)]</h2>";
+ } else {
+ if (($fileOut = fopen("$Tempdir/engelXML", "w")) != FALSE) {
+ $head = 'GET /' . $PentabarfXMLpath . $_POST["PentabarfURL"] . ' HTTP/1.1' . "\r\n" .
+ 'Host: ' . $PentabarfXMLhost . "\r\n" .
+ 'User-Agent: Engelsystem' . "\r\n" .
+ 'Authorization: Basic ' .
+ base64_encode($_POST["PentabarfUser"] . ':' . $_POST["password"]) . "\r\n" .
+ "\r\n";
+ fputs($fp, $head);
+ $Zeilen = -1;
+ while (!feof($fp)) {
+ $Temp = fgets($fp, 1024);
+
+ // ende des headers
+ if ($Temp == "f20\r\n") {
+ $Zeilen = 0;
+ $Temp = "";
+ }
+
+ //file ende?
+ if ($Temp == "0\r\n")
+ break;
+
+ if (($Zeilen > -1) && ($Temp != "ffb\r\n")) {
+ //steuerzeichen ausfiltern
+ if (strpos("#$Temp", "\r\n") > 0)
+ $Temp = substr($Temp, 0, strlen($Temp) - 2);
+ if (strpos("#$Temp", "1005") > 0)
+ $Temp = "";
+ if (strpos("#$Temp", "783") > 0)
+ $Temp = "";
+ //schreiben in file
+ fputs($fileOut, $Temp);
+ $Zeilen++;
+ }
+ }
+ fclose($fileOut);
+
+ $html .= "<br />Es wurden $Zeilen Zeilen eingelesen<br />";
+ } else
+ $html .= "<h2>fail: File '$Tempdir/engelXML' not writeable!</h2>";
+ fclose($fp);
+ }
+ }
+ elseif ($PentabarfGetWith == "fopen") {
+ //user uns password in url einbauen
+ $FileNameIn = "https://" . $_POST["PentabarfUser"] . ':' . $_POST["password"] . "@" .
+ $PentabarfXMLhost . "/" . $PentabarfXMLpath . $_POST["PentabarfURL"];
+
+ if (($fileIn = fopen($FileNameIn, "r")) != FALSE) {
+ if (($fileOut = fopen("$Tempdir/engelXML", "w")) != FALSE) {
+ $Zeilen = 0;
+ while (!feof($fileIn)) {
+ $Zeilen++;
+ fputs($fileOut, fgets($fileIn));
+ }
+ fclose($fileOut);
+ $html .= "<br />Es wurden $Zeilen Zeilen eingelesen<br />";
+ } else
+ $html .= "<h2>fail: File '$Tempdir/engelXML' not writeable!</h2>";
+ fclose($fileIn);
+ } else
+ $html .= "<h2>fail: File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_POST["PentabarfURL"] . "' not readable!</h2>";
+ }
+ elseif ($PentabarfGetWith == "wget") {
+ $Command = "wget --http-user=" . $_POST["PentabarfUser"] . " --http-passwd=" . $_POST["password"] . " " .
+ "https://$PentabarfXMLhost/$PentabarfXMLpath" . $_POST["PentabarfURL"] .
+ " --output-file=$Tempdir/engelXMLwgetLog --output-document=$Tempdir/engelXML" .
+ " --no-check-certificate";
+ $html .= system($Command, $Status);
+ if ($Status == 0)
+ $html .= "OK.<br />";
+ else
+ $html .= "fail ($Status)($Command).<br />";
+ }
+ elseif ($PentabarfGetWith == "lynx") {
+ $Command = "lynx -auth=" . $_POST["PentabarfUser"] . ":" . $_POST["password"] . " -dump " .
+ "https://$PentabarfXMLhost/$PentabarfXMLpath" . $_POST["PentabarfURL"] . " > $Tempdir/engelXML";
+ $html .= system($Command, $Status);
+ if ($Status == 0)
+ $html .= "OK.<br />";
+ else
+ $html .= "fail ($Status)($Command).<br />";
+ }
+ elseif ($PentabarfGetWith == "fopen") {
+ //user uns password in url einbauen
+ $FileNameIn = "https://" . $_POST["PentabarfUser"] . ':' . $_POST["password"] . "@" .
+ $PentabarfXMLhost . "/" . $PentabarfXMLpath . $_POST["PentabarfURL"];
+
+ if (($fileIn = fopen($FileNameIn, "r")) != FALSE) {
+ if (($fileOut = fopen("$Tempdir/engelXML", "w")) != FALSE) {
+ $Zeilen = 0;
+ while (!feof($fileIn)) {
+ $Zeilen++;
+ fputs($fileOut, fgets($fileIn));
+ }
+ fclose($fileOut);
+ $html .= "<br />Es wurden $Zeilen Zeilen eingelesen<br />";
+ } else
+ $html .= "<h2>fail: File '$Tempdir/engelXML' not writeable!</h2>";
+ fclose($fileIn);
+ } else
+ $html .= "<h2>fail: File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_POST["PentabarfURL"] . "' not readable!</h2>";
+ }
+ elseif ($PentabarfGetWith == "wget") {
+ $Command = "wget --http-user=" . $_POST["PentabarfUser"] . " --http-passwd=" . $_POST["password"] . " " .
+ "https://$PentabarfXMLhost/$PentabarfXMLpath" . $_POST["PentabarfURL"] .
+ " --output-file=$Tempdir/engelXMLwgetLog --output-document=$Tempdir/engelXML" .
+ " --no-check-certificate";
+ $html .= system($Command, $Status);
+ if ($Status == 0)
+ $html .= "OK.<br />";
+ else
+ $html .= "fail ($Status)($Command).<br />";
+ }
+ elseif ($PentabarfGetWith == "lynx") {
+ $Command = "lynx -auth=" . $_POST["PentabarfUser"] . ":" . $_POST["password"] . " -dump " .
+ "https://$PentabarfXMLhost/$PentabarfXMLpath" . $_POST["PentabarfURL"] . " > $Tempdir/engelXML";
+ $html .= system($Command, $Status);
+ if ($Status == 0)
+ $html .= "OK.<br />";
+ else
+ $html .= "fail ($Status)($Command).<br />";
+ } else
+ $html .= "<h1>The PentabarfGetWith='$PentabarfGetWith' not supported</h1>";
+ } else {
+ $html .= "<form action=\"dbUpdateFromXLS.php\" method=\"post\">\n";
+ $html .= "<table border=\"0\">\n";
+ $html .= "\t<tr><td>XCAL-File: https://$PentabarfXMLhost/$PentabarfXMLpath</td>" .
+ "<td><input name=\"PentabarfURL\" type=\"text\" size=\"4\" maxlength=\"5\" " .
+ "value=\"$PentabarfXMLEventID\"></td></tr>\n";
+ $html .= "\t<tr><td>Username:</td>" .
+ "<td><input name=\"PentabarfUser\" type=\"text\" size=\"30\" maxlength=\"30\"></td></tr>\n";
+ $html .= "\t<tr><td>Password:</td>" .
+ "<td><input name=\"password\" type=\"password\" size=\"30\" maxlength=\"30\"></td></tr>\n";
+ $html .= "\t<tr><td></td><td><input type=\"submit\" name=\"FileUpload\" value=\"upload\"></td></tr>\n";
+ $html .= "</table>\n";
+ $html .= "</form>\n";
+ }
+
+ //readXMLfile("xml.php.xml");
+ if (readXMLfile("../import/27C3_sample.xcs.xml") == 0) {
+ $XMLmain = getXMLsubPease($XMLmain, "VCALENDAR");
+
+ if ($ShowDataStrukture) {
+ $html .= "<pre><br />";
+ $html .= $XMLmain->name;
+ $html .= "<br />";
+ print_r(array_values($XMLmain->sub));
+ $html .= "</pre>";
+ }
+
+ /*
+ $html .= "<br />";
+ $Feld=7;
+ $html .= "$Feld#". $XMLmain->sub[$Feld]->name. "<br />";
+ $html .= "$Feld#". $XMLmain->sub[$Feld]->sub;
+ //print_r(array_values ($XMLmain->sub[$Feld]->sub));
+ while(list($key, $value) = each($XMLmain->sub[$Feld]->sub))
+ $html .= "?ID".$value->sub[1]->data. "=". $value->sub[2]->data. "\n";
+ $html .= "</pre>";
+ */
+
+ /*##############################################################################################
+ V e r s i o n
+ ##############################################################################################*/
+
+ $html .= "<hr>\n";
+ $XMLrelease = getXMLsubPease($XMLmain, "X-WR-CALDESC");
+ $html .= "release: " . $XMLrelease->data . "<br />\n";
+ //$XMLreleaseDate = getXMLsubPease( $XMLmain, "RELEASE-DATE");
+ //$html .= "release date: ". $XMLreleaseDate->data. "<br />\n";
+ $html .= "<hr>\n";
+
+ /*##############################################################################################
+ V e r s i o n
+ ##############################################################################################*/
+ if ($EnableRoomFunctions)
+ include ("includes/funktion_xml_room.php");
+
+ if ($EnableSchudleFunctions)
+ include ("includes/funktion_xml_schudle.php");
+
+ /*##############################################################################################
+ U P D A T E A L L
+ ##############################################################################################*/
+ $html .= "\n\n<br />\n<h1>Update ALL:</h1>\n";
+
+ $html .= "<form action=\"dbUpdateFromXLS.php\">\n";
+ $html .= "\t<input type=\"submit\" name=\"UpdateALL\" value=\"now\">\n";
+ $html .= "</form>\n";
+
+ } //if XMLopenOOK
+ return $html;
+}
+
+/*##############################################################################################
+ erstellt Arrays der Reume
+ ##############################################################################################*/
+function CreateRoomArrays() {
+ global $Room, $RoomID, $RoomName, $con;
+
+ $sql = "SELECT `RID`, `Name` FROM `Room` " .
+ "WHERE `Show`='Y'" .
+ "ORDER BY `Number`, `Name`;";
+ $Erg = mysql_query($sql, $con);
+ $rowcount = mysql_num_rows($Erg);
+
+ for ($i = 0; $i < $rowcount; $i++) {
+ $Room[$i]["RID"] = mysql_result($Erg, $i, "RID");
+ $Room[$i]["Name"] = mysql_result($Erg, $i, "Name");
+ $RoomID[mysql_result($Erg, $i, "RID")] = mysql_result($Erg, $i, "Name");
+ $RoomName[mysql_result($Erg, $i, "Name")] = mysql_result($Erg, $i, "RID");
+ }
+}
+?>
+
diff --git a/includes/pages/admin_language.php b/includes/pages/admin_language.php
new file mode 100644
index 00000000..749cd643
--- /dev/null
+++ b/includes/pages/admin_language.php
@@ -0,0 +1,110 @@
+<?php
+function admin_language() {
+ global $user;
+
+ $html = "";
+ if (!isset ($_POST["TextID"])) {
+ $html .= Get_Text("Hello") . $user['Nick'] . ", <br />\n";
+ $html .= Get_Text("pub_sprache_text1") . "<br /><br />\n";
+
+ $html .= "<a href=\"" . page_link_to("admin_language") . "&ShowEntry=y\">" . Get_Text("pub_sprache_ShowEntry") . "</a>";
+ // ausgabe Tabellenueberschift
+ $SQL_Sprachen = "SELECT `Sprache` FROM `Sprache` GROUP BY `Sprache`;";
+ $erg_Sprachen = sql_query($SQL_Sprachen);
+
+ for ($i = 0; $i < mysql_num_rows($erg_Sprachen); $i++)
+ $Sprachen[mysql_result($erg_Sprachen, $i, "Sprache")] = $i;
+
+ $html .= "\t<table border=\"0\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n\t\t<tr>";
+ $html .= "\t\t<td class=\"contenttopic\"><b>" . Get_Text("pub_sprache_TextID") . "</b></td>";
+ foreach ($Sprachen as $Name => $Value)
+ $html .= "<td class=\"contenttopic\"><b>" .
+ Get_Text("pub_sprache_Sprache") . " " . $Name .
+ "</b></td>";
+ $html .= "\t\t<td class=\"contenttopic\"><b>" . Get_Text("pub_sprache_Edit") . "</b></td>";
+ $html .= "\t\t</tr>";
+
+ if (isset ($_GET["ShowEntry"])) {
+ // ausgabe eintraege
+ $SQL = "SELECT * FROM `Sprache` ORDER BY `TextID`;";
+ $erg = sql_query($SQL);
+
+ $TextID_Old = mysql_result($erg, 0, "TextID");
+ for ($i = 0; $i < mysql_num_rows($erg); $i++) {
+ $TextID_New = mysql_result($erg, $i, "TextID");
+ if ($TextID_Old != $TextID_New) {
+ $html .= "<form action=\"" . page_link_to("admin_language") . "\" method=\"post\">";
+ $html .= "<tr class=\"content\">\n";
+ $html .= "\t\t<td>$TextID_Old " .
+ "<input name=\"TextID\" type=\"hidden\" value=\"$TextID_Old\"> </td>\n";
+
+ foreach ($Sprachen as $Name => $Value) {
+ $Value = html_entity_decode($Value, ENT_QUOTES);
+ $html .= "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Value</textarea></td>\n";
+ $Sprachen[$Name] = "";
+ }
+
+ $html .= "\t\t<td><input type=\"submit\" value=\"Save\"></td>\n";
+ $html .= "</tr>";
+ $html .= "</form>\n";
+ $TextID_Old = $TextID_New;
+ }
+ $Sprachen[mysql_result($erg, $i, "Sprache")] = mysql_result($erg, $i, "Text");
+ } /*FOR*/
+ }
+
+ //fuer neu eintraege
+ $html .= "<form action=\"" . page_link_to("admin_language") . "\" method=\"post\">";
+ $html .= "<tr class=\"content\">\n";
+ $html .= "\t\t<td><input name=\"TextID\" type=\"text\" size=\"40\" value=\"new\"> </td>\n";
+
+ foreach ($Sprachen as $Name => $Value)
+ $html .= "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Name Text</textarea></td>\n";
+
+ $html .= "\t\t<td><input type=\"submit\" value=\"Save\"></td>\n";
+ $html .= "</tr>";
+ $html .= "</form>\n";
+
+ $html .= "</table>\n";
+ } /*if( !isset( $TextID ) )*/
+ else {
+ $html .= "edit: " . $_POST["TextID"] . "<br /><br />";
+ foreach ($_POST as $k => $v) {
+ if ($k != "TextID") {
+ $sql_test = "SELECT * FROM `Sprache` " .
+ "WHERE `TextID`='" . sql_escape($_POST["TextID"])
+ . "' AND `Sprache`='"
+ . sql_escape($k) . "'";
+
+ $erg_test = sql_query($sql_test);
+
+ if (mysql_num_rows($erg_test) == 0) {
+ $sql_save = "INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) " .
+ "VALUES ('" . sql_escape($_POST["TextID"]) . "', '"
+ . sql_escape($k) . "', '"
+ . sql_escape($v) . "')";
+
+ $html .= $sql_save . "<br />";
+ $Erg = sql_query($sql_save);
+ $html .= success("$k Save: OK<br />\n");
+ } else
+ if (mysql_result($erg_test, 0, "Text") != $v) {
+ $sql_save = "UPDATE `Sprache` SET `Text`='"
+ . sql_escape($v) . "' " .
+ "WHERE `TextID`='"
+ . sql_escape($_POST["TextID"])
+ . "' AND `Sprache`='" . sql_escape($k) . "' ";
+
+ $html .= $sql_save . "<br />";
+ $Erg = sql_query($sql_save);
+ $html .= success(" $k Update: OK<br />\n");
+ } else
+ $html .= "\t $k no changes<br />\n";
+ }
+ }
+
+ }
+ return $html;
+}
+?>
+
diff --git a/includes/pages/admin_log.php b/includes/pages/admin_log.php
new file mode 100644
index 00000000..2798b2cf
--- /dev/null
+++ b/includes/pages/admin_log.php
@@ -0,0 +1,76 @@
+<?php
+function admin_log() {
+ require_once ("includes/funktion_db_list.php");
+
+ $html = "";
+ $SQL = "SELECT * FROM `ChangeLog` ORDER BY `Time` DESC LIMIT 0,10000";
+ $Erg = sql_query($SQL);
+
+ if (mysql_num_rows($Erg) > 0) {
+ $html .= "<table border=1>\n";
+ $html .= "<tr>\n\t<th>Time</th>\n\t<th>User</th>\n\t<th>Commend</th>\n\t<th>SQL Command</th>\n</tr>\n";
+ for ($n = 0; $n < mysql_num_rows($Erg); $n++) {
+ $html .= "<tr>\n";
+ $html .= "\t<td>" . mysql_result($Erg, $n, "Time") . "</td>\n";
+ $html .= "\t<td>" . UID2Nick(mysql_result($Erg, $n, "UID")) . displayavatar(mysql_result($Erg, $n, "UID")) . "</td>\n";
+ $html .= "\t<td>" . mysql_result($Erg, $n, "Commend") . "</td>\n";
+ $html .= "\t<td>" . mysql_result($Erg, $n, "SQLCommad") . "</td>\n";
+ $html .= "</tr>\n";
+ }
+ $html .= "</table>\n";
+ } else {
+ $html .= "Log is empty...";
+ }
+ $html .= "<hr />";
+
+ $html .= "<h1>Web Counter</h1>";
+ $html .= funktion_db_list("Counter");
+
+ /*
+ $html .= "<h1>Raeume</h1> <br />";
+ funktion_db_list("Raeume");
+
+ $html .= "<h1>Schichtbelegung</h1> <br />";
+ funktion_db_list("Schichtbelegung");
+
+ $html .= "<h1>Schichtplan</h1> <br />Hier findest du alle bisher eingetragenen Schichten:";
+ funktion_db_list("Schichtplan");
+
+ $html .= "<h1>User</h1> <br />";
+ funktion_db_list("User");
+
+ $html .= "<h1>News</h1> <br />";
+ funktion_db_list("News");
+
+ $html .= "<h1>FAQ</h1> <br />";
+ funktion_db_list("FAQ");
+
+ $html .= "Deaktiviert";
+ */
+
+ $html .= "<hr>\n";
+ $html .= funktion_db_element_list_2row("Tshirt-Size aller engel", "SELECT `Size`, COUNT(`Size`) FROM `User` GROUP BY `Size`");
+ $html .= "<br />\n";
+ $html .= funktion_db_element_list_2row("Tshirt ausgegeben", "SELECT `Size`, COUNT(`Size`) FROM `User` WHERE `Tshirt`='1' GROUP BY `Size`");
+ $html .= "<br />\n";
+ $html .= funktion_db_element_list_2row("Tshirt nicht ausgegeben (Gekommen=1)", "SELECT COUNT(`Size`), `Size` FROM `User` WHERE `Gekommen`='1' and `Tshirt`='0' GROUP BY `Size`");
+
+ $html .= "<hr>\n";
+ $html .= funktion_db_element_list_2row("Hometown", "SELECT COUNT(`Hometown`), `Hometown` FROM `User` GROUP BY `Hometown`");
+ $html .= "<br />\n";
+ $html .= funktion_db_element_list_2row("Engeltypen", "SELECT COUNT(`Art`), `Art` FROM `User` GROUP BY `Art`");
+
+ $html .= "<hr>\n";
+ $html .= funktion_db_element_list_2row("Gesamte Arbeit", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID)");
+ $html .= "<br />\n";
+ $html .= funktion_db_element_list_2row("Geleisteter Arbeit", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (ShiftEntry.UID!=0)");
+
+ $html .= "<hr>\n";
+ $html .= funktion_db_element_list_2row("Gesamte Arbeit (Ohne Raum aufabau (RID=7)", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (Shifts.RID!=7)");
+ $html .= "<br />\n";
+ $html .= funktion_db_element_list_2row("Geleisteter Arbeit (Ohne Raum aufabau (RID=7)", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (ShiftEntry.UID!=0) AND (Shifts.RID!=7)");
+
+ return $html;
+}
+?>
+
diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php
new file mode 100644
index 00000000..2c6e1f45
--- /dev/null
+++ b/includes/pages/admin_news.php
@@ -0,0 +1,87 @@
+<?php
+function admin_news() {
+ global $user;
+
+ if (!isset ($_GET["action"])) {
+ header("Location: " . page_link_to("news"));
+ } else {
+ $html = "";
+ switch ($_GET["action"]) {
+ case 'edit' :
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing News ID.");
+
+ $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
+ if (count($news) > 0) {
+ list ($news) = $news;
+
+ $html .= '<a href="' . page_link_to("news") . '">&laquo Back</a>';
+
+ $html .= "<form action=\"" . page_link_to("admin_news") . "&action=save\" method=\"post\">\n";
+
+ $html .= "<table>\n";
+ $html .= " <tr><td>Datum</td><td>" .
+ date("Y-m-d H:i", $news['Datum']) . "</td></tr>\n";
+ $html .= " <tr><td>Betreff</td><td><input type=\"text\" size=\"40\" name=\"eBetreff\" value=\"" .
+ $news["Betreff"] . "\"></td></tr>\n";
+ $html .= " <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">" .
+ $news["Text"] . "</textarea></td></tr>\n";
+ $html .= " <tr><td>Engel</td><td>" .
+ UID2Nick($news["UID"]) . "</td></tr>\n";
+ $html .= " <tr><td>Treffen</td><td>" . html_select_key('eTreffen', array (
+ '1' => "Ja",
+ '0' => "Nein"
+ ), $news['Treffen']) . "</td></tr>\n";
+ $html .= "</table>";
+
+ $html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n";
+ $html .= "<input type=\"submit\" name=\"submit\" value=\"Speichern\">\n";
+ $html .= "</form>";
+
+ $html .= "<form action=\"" . page_link_to("admin_news") . "&action=delete\" method=\"POST\">\n";
+ $html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n";
+ $html .= "<input type=\"submit\" name=\"submit\" value=\"Löschen\">\n";
+ $html .= "</form>";
+ } else
+ return error("No News found.");
+ break;
+
+ case 'save' :
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing News ID.");
+
+ $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
+ if (count($news) > 0) {
+ list ($news) = $news;
+
+ sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) .
+ "', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1");
+ header("Location: " . page_link_to("news"));
+ } else
+ return error("No News found.");
+ break;
+
+ case 'delete' :
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing News ID.");
+
+ $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
+ if (count($news) > 0) {
+ list ($news) = $news;
+
+ sql_query("DELETE FROM `news` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
+ header("Location: " . page_link_to("news"));
+ } else
+ return error("No News found.");
+ break;
+ }
+ }
+ return $html;
+}
+?> \ No newline at end of file
diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php
new file mode 100644
index 00000000..0e4469d5
--- /dev/null
+++ b/includes/pages/admin_questions.php
@@ -0,0 +1,85 @@
+<?php
+function admin_new_questions() {
+ global $user, $privileges;
+
+ if (in_array("admin_questions", $privileges)) {
+ $new_messages = sql_num_query("SELECT * FROM `Questions` WHERE `AID`=0");
+
+ if ($new_messages > 0)
+ return '<p class="notice"><a href="' . page_link_to("admin_questions") . '">There are unanswered questions!</a></p><hr />';
+ }
+
+ return "";
+}
+
+function admin_questions() {
+ global $user;
+
+ if (!isset ($_REQUEST['action'])) {
+ $open_questions = "";
+ $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0");
+ foreach ($questions as $question)
+ $open_questions .= template_render(
+ '../templates/admin_question_unanswered.html', array (
+ 'question_nick' => UID2Nick($question['UID']),
+ 'question_id' => $question['QID'],
+ 'link' => page_link_to("admin_questions"),
+ 'question' => str_replace("\n", '<br />', $question['Question'])
+ ));
+
+ $answered_questions = "";
+ $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0");
+
+ foreach ($questions as $question)
+ $answered_questions .= template_render(
+ '../templates/admin_question_answered.html', array (
+ 'question_id' => $question['QID'],
+ 'question_nick' => UID2Nick($question['UID']),
+ 'question' => str_replace("\n", "<br />", $question['Question']),
+ 'answer_nick' => UID2Nick($question['AID']),
+ 'answer' => str_replace("\n", "<br />", $question['Answer']),
+ 'link' => page_link_to("admin_questions"),
+ ));
+
+ return template_render('../templates/admin_questions.html', array (
+ 'link' => page_link_to("admin_questions"),
+ 'open_questions' => $open_questions,
+ 'answered_questions' => $answered_questions
+ ));
+ } else {
+ switch ($_REQUEST['action']) {
+ case 'answer' :
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing Question ID.");
+
+ $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
+ if (count($question) > 0 && $question[0]['AID'] == "0") {
+ $answer = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer'])));
+
+ if ($answer != "") {
+ sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
+ header("Location: " . page_link_to("admin_questions"));
+ } else
+ return error("Please enter an answer!");
+ } else
+ return error("No question found.");
+ break;
+ case 'delete' :
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing Question ID.");
+
+ $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
+ if (count($question) > 0) {
+ sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
+ header("Location: " . page_link_to("admin_questions"));
+ } else
+ return error("No question found.");
+ break;
+ }
+ }
+}
+?>
diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php
new file mode 100644
index 00000000..be54b8ea
--- /dev/null
+++ b/includes/pages/admin_rooms.php
@@ -0,0 +1,143 @@
+<?php
+function admin_rooms() {
+ global $user;
+
+ $html = "";
+ $rooms = sql_select("SELECT * FROM `Room` ORDER BY `Number`, `Name`");
+ if (!isset ($_REQUEST["action"])) {
+ $html .= "Hallo " . $user['Nick'] .
+ ",<br />\nhier hast du die M&ouml;glichkeit, neue R&auml;ume f&uuml;r die Schichtpl&auml;ne einzutragen " .
+ "oder vorhandene abzu&auml;ndern:<br /><br />\n";
+
+ // Räume auflisten
+ if (count($rooms) > 0) {
+ $html .= '<table><thead><tr>';
+
+ $html .= "<table width=\"100%\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n";
+ $html .= "<tr class=\"contenttopic\">\n";
+
+ // Tabellenüberschriften generieren
+ foreach ($rooms[0] as $attr => $tmp)
+ if ($attr != 'RID')
+ $html .= '<th>' . $attr . '</th>';
+ $html .= '<th>&nbsp;</th>';
+ $html .= '</tr></thead><tbody>';
+
+ foreach ($rooms as $i => $room) {
+ $html .= '<tr>';
+ foreach ($room as $attr => $value)
+ if ($attr != 'RID')
+ $html .= '<td>' . $value . '</td>';
+ $html .= '<td><a href="' . page_link_to("admin_rooms") . '&action=change&RID=' . $room['RID'] . '">Edit</a></td>';
+ $html .= '</tr>';
+ }
+
+ $html .= '</tbody></table>';
+ }
+ $html .= "<hr /><a href=\"" . page_link_to("admin_rooms") . "&action=new\">Neuen Raum/Ort eintragen</a><br />\n";
+ } else {
+ switch ($_REQUEST["action"]) {
+
+ case 'new' :
+ $html .= template_render('../templates/admin_rooms_new_form.html', array (
+ 'link' => page_link_to("admin_rooms")
+ ));
+ break;
+
+ case 'newsave' :
+ $name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Name']));
+ $man = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Man']));
+ $from_pentabarf = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['FromPentabarf']));
+ $show = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['Show']));
+ $number = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['Number']));
+ sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($show) . "', `Number`='" . sql_escape($number) . "'");
+ header("Location: " . page_link_to("admin_rooms"));
+ break;
+
+ case 'change' :
+ if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID']))
+ $rid = $_REQUEST['RID'];
+ else
+ return error("Incomplete call, missing Room ID.");
+
+ $room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
+ if (count($room) > 0) {
+ list ($room) = $room;
+ $room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `RoomAngelTypes` ON (`AngelTypes`.`TID` = `RoomAngelTypes`.`angel_type_id` AND `RoomAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`Name`");
+
+ $angel_types = "";
+ foreach ($room_angel_types as $room_angel_type) {
+ if ($room_angel_type['count'] == "")
+ $room_angel_type['count'] = "0";
+ $angel_types .= '<tr><td>' . $room_angel_type['Name'] . '</td><td><input type="text" name="angel_type_' . $room_angel_type['TID'] . '" value="' . $room_angel_type['count'] . '" /></td></tr>';
+ }
+
+ $html .= template_render('../templates/admin_rooms_edit_form.html', array (
+ 'link' => page_link_to("admin_rooms"),
+ 'room_id' => $rid,
+ 'name' => $room['Name'],
+ 'man' => $room['Man'],
+ 'number' => $room['Number'],
+ 'from_pentabarf_options' => html_options('FromPentabarf', array (
+ 'Y' => 'Yes',
+ 'N' => 'No'
+ ), $room['FromPentabarf']),
+ 'show_options' => html_options('Show', array (
+ 'Y' => 'Yes',
+ 'N' => 'No'
+ ), $room['show']),
+ 'angel_types' => $angel_types
+ ));
+ } else
+ return error("No Room found.");
+ break;
+
+ case 'changesave' :
+ if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID']))
+ $rid = $_REQUEST['RID'];
+ else
+ return error("Incomplete call, missing Room ID.");
+
+ $room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
+ if (count($room) > 0) {
+ list ($room) = $room;
+ $room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `RoomAngelTypes` ON (`AngelTypes`.`TID` = `RoomAngelTypes`.`angel_type_id` AND `RoomAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`Name`");
+
+ $name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Name']));
+ $man = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Man']));
+ $from_pentabarf = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['FromPentabarf']));
+ $show = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['Show']));
+ $number = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['Number']));
+ sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($show) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
+ sql_query("DELETE FROM `RoomAngelTypes` WHERE `room_id`=" . sql_escape($rid));
+ foreach ($room_angel_types as $room_angel_type) {
+ if (isset ($_REQUEST['angel_type_' . $room_angel_type['TID']]) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['angel_type_' . $room_angel_type['TID']]))
+ $count = $_REQUEST['angel_type_' . $room_angel_type['TID']];
+ else
+ $count = "0";
+ sql_query("INSERT INTO `RoomAngelTypes` SET `room_id`=" . sql_escape($rid) . ", `angel_type_id`=" . sql_escape($room_angel_type['TID']) . ", `count`=" . sql_escape($count));
+ }
+ header("Location: " . page_link_to("admin_rooms"));
+ } else
+ return error("No Room found.");
+ break;
+
+ case 'delete' :
+ if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID']))
+ $rid = $_REQUEST['RID'];
+ else
+ return error("Incomplete call, missing Room ID.");
+
+ if (sql_num_query("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1") > 0) {
+ sql_query("DELETE FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
+ sql_query("DELETE FROM `RoomAngelTypes` WHERE `room_id`=" . sql_escape($rid) . " LIMIT 1");
+ header("Location: " . page_link_to("admin_rooms"));
+ } else
+ return error("No Room found.");
+ break;
+
+ }
+ }
+ return $html;
+}
+?>
diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php
new file mode 100644
index 00000000..0399dda8
--- /dev/null
+++ b/includes/pages/admin_user.php
@@ -0,0 +1,324 @@
+<?php
+function admin_user() {
+ global $user;
+
+ include ("includes/funktion_db_list.php");
+
+ $html = "";
+
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_REQUEST['id'])) > 0) {
+ $id = $_REQUEST['id'];
+ if (!isset ($_REQUEST['action'])) {
+ $html .= "Hallo,<br />" .
+ "hier kannst du den Eintrag &auml;ndern. Unter dem Punkt 'Gekommen' " .
+ "wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, " .
+ "dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. " .
+ "Wenn T-Shirt ein 'Ja' enth&auml;lt, bedeutet dies, dass der Engel " .
+ "bereits sein T-Shirt erhalten hat.<br /><br />\n";
+
+ $html .= "<form action=\"" . page_link_to("admin_user") . "&action=save&id=$id\" method=\"post\">\n";
+ $html .= "<table border=\"0\">\n";
+ $html .= "<input type=\"hidden\" name=\"Type\" value=\"Normal\">\n";
+
+ $SQL = "SELECT * FROM `User` WHERE `UID`='" . $id . "'";
+ $Erg = sql_query($SQL);
+
+ $html .= "<tr><td>\n";
+ $html .= "<table>\n";
+ $html .= " <tr><td>Nick</td><td>" .
+ "<input type=\"text\" size=\"40\" name=\"eNick\" value=\"" .
+ mysql_result($Erg, 0, "Nick") . "\"></td></tr>\n";
+ $html .= " <tr><td>lastLogIn</td><td>" .
+ date("Y-m-d H:i", mysql_result($Erg, 0, "lastLogIn")) . "</td></tr>\n";
+ $html .= " <tr><td>Name</td><td>" .
+ "<input type=\"text\" size=\"40\" name=\"eName\" value=\"" .
+ mysql_result($Erg, 0, "Name") . "\"></td></tr>\n";
+ $html .= " <tr><td>Vorname</td><td>" .
+ "<input type=\"text\" size=\"40\" name=\"eVorname\" value=\"" .
+ mysql_result($Erg, 0, "Vorname") . "\"></td></tr>\n";
+ $html .= " <tr><td>Alter</td><td>" .
+ "<input type=\"text\" size=\"5\" name=\"eAlter\" value=\"" .
+ mysql_result($Erg, 0, "Alter") . "\"></td></tr>\n";
+ $html .= " <tr><td>Telefon</td><td>" .
+ "<input type=\"text\" size=\"40\" name=\"eTelefon\" value=\"" .
+ mysql_result($Erg, 0, "Telefon") . "\"></td></tr>\n";
+ $html .= " <tr><td>Handy</td><td>" .
+ "<input type=\"text\" size=\"40\" name=\"eHandy\" value=\"" .
+ mysql_result($Erg, 0, "Handy") . "\"></td></tr>\n";
+ $html .= " <tr><td>DECT</td><td>" .
+ "<input type=\"text\" size=\"4\" name=\"eDECT\" value=\"" .
+ mysql_result($Erg, 0, "DECT") . "\"></td></tr>\n";
+ $html .= " <tr><td>email</td><td>" .
+ "<input type=\"text\" size=\"40\" name=\"eemail\" value=\"" .
+ mysql_result($Erg, 0, "email") . "\"></td></tr>\n";
+ $html .= " <tr><td>ICQ</td><td>" .
+ "<input type=\"text\" size=\"40\" name=\"eICQ\" value=\"" .
+ mysql_result($Erg, 0, "ICQ") . "\"></td></tr>\n";
+ $html .= " <tr><td>jabber</td><td>" .
+ "<input type=\"text\" size=\"40\" name=\"ejabber\" value=\"" .
+ mysql_result($Erg, 0, "jabber") . "\"></td></tr>\n";
+ $html .= " <tr><td>Size</td><td>" .
+ html_select_key('size', array (
+ 'S' => "S",
+ 'M' => "M",
+ 'L' => "L",
+ 'XL' => "XL",
+ '2XL' => "2XL",
+ '3XL' => "3XL",
+ '4XL' => "4XL",
+ '5XL' => "5XL",
+ 'S-G' => "S Girl",
+ 'M-G' => "M Girl",
+ 'L-G' => "L Girl",
+ 'XL-G' => "XL Girl"
+ ), mysql_result($Erg, 0, "Size")) . "</td></tr>\n";
+
+ $options = array (
+ '1' => "Yes",
+ '0' => "No"
+ );
+
+ // Gekommen?
+ $html .= " <tr><td>Gekommen</td><td>\n";
+ $html .= html_options('eGekommen', $options, mysql_result($Erg, 0, "Gekommen")) . "</td></tr>\n";
+
+ // Aktiv?
+ $html .= " <tr><td>Aktiv</td><td>\n";
+ $html .= html_options('eAktiv', $options, mysql_result($Erg, 0, "Aktiv")) . "</td></tr>\n";
+
+ // T-Shirt bekommen?
+ $html .= " <tr><td>T-Shirt</td><td>\n";
+ $html .= html_options('eTshirt', $options, mysql_result($Erg, 0, "Tshirt")) . "</td></tr>\n";
+
+ $html .= " <tr><td>Hometown</td><td>" .
+ "<input type=\"text\" size=\"40\" name=\"Hometown\" value=\"" .
+ mysql_result($Erg, 0, "Hometown") . "\"></td></tr>\n";
+
+ $html .= "</table>\n</td><td valign=\"top\">" . displayavatar($id, false) . "</td></tr>";
+
+ $html .= "</td></tr>\n";
+ $html .= "</table>\n<br />\n";
+ $html .= "<input type=\"submit\" value=\"Speichern\">\n";
+ $html .= "</form>";
+
+ $html .= "<hr />";
+
+ $html .= "Hier kannst Du das Passwort dieses Engels neu setzen:<form action=\"" . page_link_to("admin_user") . "&action=change_pw&id=$id\" method=\"post\">\n";
+ $html .= "<table>\n";
+ $html .= " <tr><td>Passwort</td><td>" .
+ "<input type=\"password\" size=\"40\" name=\"new_pw\" value=\"\"></td></tr>\n";
+ $html .= " <tr><td>Wiederholung</td><td>" .
+ "<input type=\"password\" size=\"40\" name=\"new_pw2\" value=\"\"></td></tr>\n";
+
+ $html .= "</table>";
+ $html .= "<input type=\"submit\" value=\"Speichern\">\n";
+ $html .= "</form>";
+
+ $html .= "<hr />";
+
+ $html .= "Hier kannst Du die Benutzergruppen des Engels festlegen:<form action=\"" . page_link_to("admin_user") . "&action=save_groups&id=" . $id . "\" method=\"post\">\n";
+ $html .= '<table>';
+
+ list ($my_highest_group) = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($user['UID']) . " ORDER BY `uid`");
+ list ($his_highest_group) = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($id) . " ORDER BY `uid`");
+
+ if ($id != $user['UID'] && $my_highest_group <= $his_highest_group) {
+ $groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group['group_id']) . " ORDER BY `Groups`.`Name`");
+ foreach ($groups as $group)
+ $html .= '<tr><td><input type="checkbox" name="groups[]" value="' . $group['UID'] . '"' . ($group['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $group['Name'] . '</td></tr>';
+
+ $html .= '</table>';
+
+ $html .= "<input type=\"submit\" value=\"Speichern\">\n";
+ $html .= "</form>";
+
+ $html .= "<hr />";
+ }
+
+ $html .= "<form action=\"" . page_link_to("admin_user") . "&action=delete&id=" . $id . "\" method=\"post\">\n";
+ $html .= "<input type=\"submit\" value=\"Löschen\">\n";
+ $html .= "</form>";
+
+ $html .= "<hr />";
+ $html .= funktion_db_element_list_2row("Freeloader Shifts", "SELECT `Remove_Time`, `Length`, `Comment` FROM `ShiftFreeloader` WHERE UID=" . $_REQUEST['id']);
+ } else {
+ switch ($_REQUEST['action']) {
+ case 'save_groups' :
+ if ($id != $user['UID']) {
+ list ($my_highest_group) = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($user['UID']) . " ORDER BY `uid`");
+ list ($his_highest_group) = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($id) . " ORDER BY `uid`");
+
+ if ($my_highest_group <= $his_highest_group) {
+ $groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group['group_id']) . " ORDER BY `Groups`.`Name`");
+ $grouplist = array ();
+ foreach ($groups as $group)
+ $grouplist[] = $group['UID'];
+
+ if (!is_array($_REQUEST['groups']))
+ $_REQUEST['groups'] = array ();
+
+ sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id));
+ foreach ($_REQUEST['groups'] as $group)
+ if (in_array($group, $grouplist))
+ sql_query("INSERT INTO `UserGroups` SET `uid`=" .
+ sql_escape($id) . ", `group_id`=" . sql_escape($group));
+ $html .= success("Benutzergruppen gespeichert.");
+ } else {
+ $html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten.");
+ }
+ } else {
+ $html .= error("Du kannst Deine eigenen Rechte nicht bearbeiten.");
+ }
+ break;
+
+ case 'delete' :
+ if ($user['UID'] != $id) {
+ sql_query("DELETE FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+ sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id));
+ sql_query("UPDATE `ShiftEntry` SET `UID`=0, `Comment`=NULL WHERE `UID`=" . sql_escape($id));
+ $html .= success("Benutzer gelöscht!");
+ } else {
+ $html .= error("Du kannst Dich nicht selber löschen!");
+ }
+ break;
+
+ case 'save' :
+ $SQL = "UPDATE `User` SET ";
+ $SQL .= " `Nick` = '" . $_POST["eNick"] . "', `Name` = '" . $_POST["eName"] . "', " .
+ "`Vorname` = '" . $_POST["eVorname"] . "', " .
+ "`Telefon` = '" . $_POST["eTelefon"] . "', " .
+ "`Handy` = '" . $_POST["eHandy"] . "', " .
+ "`Alter` = '" . $_POST["eAlter"] . "', " .
+ "`DECT` = '" . $_POST["eDECT"] . "', " .
+ "`email` = '" . $_POST["eemail"] . "', " .
+ "`ICQ` = '" . $_POST["eICQ"] . "', " .
+ "`jabber` = '" . $_POST["ejabber"] . "', " .
+ "`Size` = '" . $_POST["eSize"] . "', " .
+ "`Gekommen`= '" . $_POST["eGekommen"] . "', " .
+ "`Aktiv`= '" . $_POST["eAktiv"] . "', " .
+ "`Tshirt` = '" . $_POST["eTshirt"] . "', " .
+ "`Hometown` = '" . $_POST["Hometown"] . "' " .
+ "WHERE `UID` = '" . $id .
+ "' LIMIT 1;";
+ sql_query($SQL);
+ $html .= success("Änderung wurde gespeichert...\n");
+ break;
+
+ case 'change_pw' :
+ if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) {
+ sql_query("UPDATE `User` SET `Passwort`='" . sql_escape(PassCrypt($_REQUEST['new_pw'])) . "' WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+ $html .= success("Passwort neu gesetzt.");
+ } else {
+ $html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!");
+ }
+ break;
+ }
+ }
+ } else {
+ // Userliste, keine UID uebergeben...
+
+ $html .= "<a href=\"" . page_link_to("register") . "\">Neuen Engel eintragen &raquo;</a><br /><br />\n";
+
+ if (!isset ($_GET["OrderBy"]))
+ $_GET["OrderBy"] = "Nick";
+ $SQL = "SELECT * FROM `User` ORDER BY `" . sql_escape($_GET["OrderBy"]) . "` ASC";
+ $Erg = sql_query($SQL);
+
+ // anzahl zeilen
+ $Zeilen = mysql_num_rows($Erg);
+
+ $html .= "Anzahl Engel: $Zeilen<br /><br />\n";
+ $html .= '
+ <table width="100%" class="border" cellpadding="2" cellspacing="1"> <thead>
+ <tr class="contenttopic">
+ <th>
+ <a href="' . page_link_to("admin_user") . '&OrderBy=Nick">Nick</a>
+ </th>
+ <th><a href="' . page_link_to("admin_user") . '&OrderBy=Vorname">Vorname</a> <a href="' . page_link_to("admin_user") . '&OrderBy=Name">Name</a></th>
+ <th><a href="' . page_link_to("admin_user") . '&OrderBy=Alter">Alter</a></th>
+ <th>
+ <a href="' . page_link_to("admin_user") . '&OrderBy=email">E-Mail</a>
+ </th>
+ <th><a href="' . page_link_to("admin_user") . '&OrderBy=Size">Gr&ouml;&szlig;e</a></th>
+ <th><a href="' . page_link_to("admin_user") . '&OrderBy=Gekommen">Gekommen</a></th>
+ <th><a href="' . page_link_to("admin_user") . '&OrderBy=Aktiv">Aktiv</a></th>
+ <th><a href="' . page_link_to("admin_user") . '&OrderBy=Tshirt">T-Shirt</a></th>
+ <th><a href="' . page_link_to("admin_user") . '&OrderBy=CreateDate">Registriert</a></th>
+ <th>&Auml;nd.</th>
+ </tr></thead>';
+ $Gekommen = 0;
+ $Active = 0;
+ $Tshirt = 0;
+
+ for ($n = 0; $n < $Zeilen; $n++) {
+ $title = "";
+ $user_groups = sql_select("SELECT * FROM `UserGroups` JOIN `Groups` ON (`Groups`.`UID` = `UserGroups`.`group_id`) WHERE `UserGroups`.`uid`=" . sql_escape(mysql_result($Erg, $n, "UID")) . " ORDER BY `Groups`.`Name`");
+ $groups = array ();
+ foreach ($user_groups as $user_group) {
+ $groups[] = $user_group['Name'];
+ }
+ $title .= 'Groups: ' . join(", ", $groups) . "<br />";
+ if (strlen(mysql_result($Erg, $n, "Telefon")) > 0)
+ $title .= "Tel: " . mysql_result($Erg, $n, "Telefon") . "<br />";
+ if (strlen(mysql_result($Erg, $n, "Handy")) > 0)
+ $title .= "Handy: " . mysql_result($Erg, $n, "Handy") . "<br />";
+ if (strlen(mysql_result($Erg, $n, "DECT")) > 0)
+ $title .= "DECT: <a href=\"./dect.php?custum=" . mysql_result($Erg, $n, "DECT") . "\">" .
+ mysql_result($Erg, $n, "DECT") . "</a><br />";
+ if (strlen(mysql_result($Erg, $n, "Hometown")) > 0)
+ $title .= "Hometown: " . mysql_result($Erg, $n, "Hometown") . "<br />";
+ if (strlen(mysql_result($Erg, $n, "lastLogIn")) > 0)
+ $title .= "Last login: " . date("Y-m-d H:i", mysql_result($Erg, $n, "lastLogIn")) . "<br />";
+ if (strlen(mysql_result($Erg, $n, "Art")) > 0)
+ $title .= "Type: " . mysql_result($Erg, $n, "Art") . "<br />";
+ if (strlen(mysql_result($Erg, $n, "ICQ")) > 0)
+ $title .= "ICQ: " . mysql_result($Erg, $n, "ICQ") . "<br />";
+ if (strlen(mysql_result($Erg, $n, "jabber")) > 0)
+ $title .= "jabber: " . mysql_result($Erg, $n, "jabber") . "<br />";
+
+ $html .= "<tr class=\"content\">\n";
+ $html .= "\t<td>" . mysql_result($Erg, $n, "Nick") . "</td>\n";
+ $html .= "\t<td>" . mysql_result($Erg, $n, "Vorname") . " " . mysql_result($Erg, $n, "Name") . "</td>\n";
+ $html .= "\t<td>" . mysql_result($Erg, $n, "Alter") . "</td>\n";
+ $html .= "\t<td>";
+ if (strlen(mysql_result($Erg, $n, "email")) > 0)
+ $html .= "<a href=\"mailto:" . mysql_result($Erg, $n, "email") . "\">" .
+ mysql_result($Erg, $n, "email") . "</a>";
+ $html .= '<div class="hidden">' . $title . '</div>';
+ $html .= "</td>\n";
+ $html .= "\t<td>" . mysql_result($Erg, $n, "Size") . "</td>\n";
+ $Gekommen += mysql_result($Erg, $n, "Gekommen");
+ $html .= "\t<td>" . mysql_result($Erg, $n, "Gekommen") . "</td>\n";
+ $Active += mysql_result($Erg, $n, "Aktiv");
+ $html .= "\t<td>" . mysql_result($Erg, $n, "Aktiv") . "</td>\n";
+ $Tshirt += mysql_result($Erg, $n, "Tshirt");
+ $html .= "\t<td>" . mysql_result($Erg, $n, "Tshirt") . "</td>\n";
+ $html .= "<td>" . mysql_result($Erg, $n, "CreateDate") . "</td>";
+ $html .= "\t<td>" . '<a href="' . page_link_to("admin_user") . '&id=' . mysql_result($Erg, $n, "UID") . '">Edit</a>' .
+ "</td>\n";
+ $html .= "</tr>\n";
+ }
+ $html .= "<tr>" .
+ "<td></td><td></td><td></td><td></td><td></td>" .
+ "<td>$Gekommen</td><td>$Active</td><td>$Tshirt</td><td></td><td></td></tr>\n";
+ $html .= "\t</table>\n";
+ // Ende Userliste
+
+ $html .= "<hr /><h2>Statistics</h2>";
+ $html .= funktion_db_element_list_2row("Hometown", "SELECT COUNT(`Hometown`), `Hometown` FROM `User` GROUP BY `Hometown`");
+
+ $html .= "<br />\n";
+
+ $html .= funktion_db_element_list_2row("Engeltypen", "SELECT COUNT(`Art`), `Art` FROM `User` GROUP BY `Art`");
+
+ $html .= "<br />\n";
+
+ $html .= funktion_db_element_list_2row("Used Groups", "SELECT Groups.Name AS 'GroupName', COUNT(Groups.Name) AS Count FROM `UserGroups` " .
+ "LEFT JOIN `Groups` ON Groups.UID = UserGroups.group_id " .
+ "WHERE (UserGroups.group_id!='NULL') " .
+ "GROUP BY `GroupName` " .
+ "");
+ }
+ return $html;
+}
+?> \ No newline at end of file
diff --git a/includes/pages/guest_credits.php b/includes/pages/guest_credits.php
new file mode 100644
index 00000000..89f68fde
--- /dev/null
+++ b/includes/pages/guest_credits.php
@@ -0,0 +1,5 @@
+<?php
+function guest_credits() {
+ return template_render('../templates/guest_credits.html', array ());
+}
+?> \ No newline at end of file
diff --git a/includes/pages/guest_faq.php b/includes/pages/guest_faq.php
new file mode 100644
index 00000000..e639731b
--- /dev/null
+++ b/includes/pages/guest_faq.php
@@ -0,0 +1,24 @@
+<?php
+function guest_faq() {
+ $html = "";
+ $faqs = sql_select("SELECT * FROM `FAQ`");
+ foreach ($faqs as $faq) {
+ $html .= "<dl>";
+ if ($_SESSION['Sprache'] == "DE") {
+ $html .= sprintf(
+ '<dt>%s</dt> <dd>%s</dd>',
+ $faq['Frage_de'],
+ $faq['Antwort_de']
+ );
+ } else {
+ $html .= sprintf(
+ '<dt>%s</dt> <dd>%s</dd>',
+ $faq['Frage_en'],
+ $faq['Antwort_en']
+ );
+ }
+ $html .= "</dl>";
+ }
+ return $html;
+}
+?>
diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php
new file mode 100644
index 00000000..db20a207
--- /dev/null
+++ b/includes/pages/guest_login.php
@@ -0,0 +1,269 @@
+<?php
+
+
+// Engel registrieren
+function guest_register() {
+ $html = "";
+ $success = "none";
+
+ if (isset ($_POST["send"])) {
+ $eNick = trim($_POST["Nick"]);
+
+ if ($_POST["Alter"] == "")
+ $_POST["Alter"] = 23;
+
+ // user vorhanden?
+ $Ergans = sql_select("SELECT UID FROM `User` WHERE `Nick`='" . sql_escape($_POST["Nick"]) . "'");
+
+ if (strlen($_POST["Nick"]) < 2)
+ $error = Get_Text("makeuser_error_nick1")
+ . $_POST["Nick"] . Get_Text("makeuser_error_nick2");
+
+ elseif (count($Ergans) > 0)
+ $error = Get_Text("makeuser_error_nick1")
+ . $_POST["Nick"] . Get_Text("makeuser_error_nick3");
+
+ elseif (strlen($_POST["email"]) <= 6 && strstr($_POST["email"], "@") == FALSE && strstr($_POST["email"], ".") == false)
+ $error = Get_Text("makeuser_error_mail");
+
+ elseif (!is_numeric($_POST["Alter"]))
+ $error = Get_Text("makeuser_error_Alter");
+
+ elseif ($_POST["Passwort"] != $_POST["Passwort2"])
+ $error = Get_Text("makeuser_error_password1");
+
+ elseif (strlen($_POST["Passwort"]) < 6)
+ $error = Get_Text("makeuser_error_password2");
+
+ else {
+ $_POST["Passwort"] = PassCrypt($_POST["Passwort"]);
+ unset ($_POST["Passwort2"]);
+
+ $Erg = sql_query("INSERT INTO `User` (" .
+ "`Nick` , " . "`Name` , " .
+ "`Vorname`, " . "`Alter` , " .
+ "`Telefon`, " . "`DECT`, " .
+ "`Handy`, " . "`email`, " .
+ "`ICQ`, " . "`jabber`, " .
+ "`Size`, " . "`Passwort`, " .
+ "`Art` , " . "`kommentar`, " .
+ "`Hometown`," . "`CreateDate`, `Sprache` ) " .
+ "VALUES ( '"
+ . sql_escape($_POST["Nick"]) . "', " . "'"
+ . sql_escape($_POST["Name"]) . "', " . "'"
+ . sql_escape($_POST["Vorname"]) . "', " . "'"
+ . sql_escape($_POST["Alter"]) . "', " . "'"
+ . sql_escape($_POST["Telefon"]) . "', " . "'"
+ . sql_escape($_POST["DECT"]) . "', " . "'"
+ . sql_escape($_POST["Handy"]) . "', " . "'"
+ . sql_escape($_POST["email"]) . "', " . "'"
+ . sql_escape($_POST["ICQ"]) . "', " . "'"
+ . sql_escape($_POST["jabber"]) . "', " . "'"
+ . sql_escape($_POST["Size"]) . "', " . "'"
+ . sql_escape($_POST["Passwort"]) . "', " . "'"
+ . sql_escape($_POST["Art"]) . "', " . "'"
+ . sql_escape($_POST["kommentar"]) . "', " . "'"
+ . sql_escape($_POST["Hometown"]) . "',"
+ . "NOW(), '"
+ . sql_escape($_SESSION["Sprache"])
+ . "')"
+ );
+
+ if ($Erg != 1) {
+ $html .= Get_Text("makeuser_error_write1") . "<br />\n";
+ $error = sql_error();
+ } else {
+ $html .= "<p class=\"success\">" . Get_Text("makeuser_writeOK") . "\n";
+
+ $Erg3 = mysql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape(sql_id()) . ", `group_id`=-2");
+
+ if ($Erg3 != 1) {
+ $html .= "<h1>" . Get_Text("makeuser_error_write2") . "<br />\n";
+ $error = sql_error();
+ } else {
+ $html .= Get_Text("makeuser_writeOK2") . "<br />\n";
+ $html .= "<h1>" . Get_Text("makeuser_writeOK3") . "</h1>\n";
+ }
+
+ $html .= Get_Text("makeuser_writeOK4") . "</p><p></p>\n<br /><br />\n";
+ $success = "any";
+
+ if (isset ($SubscribeMailinglist)) {
+ if ($_POST["subscribe-mailinglist"] == "") {
+ $headers = "From: " . $_POST["email"] . "\r\n" .
+ "X-Mailer: PHP/" . phpversion();
+ mail($SubscribeMailinglist, "subject", "message", $headers);
+ }
+ }
+ }
+ }
+
+ if (isset ($error))
+ $html .= error($error);
+ } else {
+ // init vars
+ $_POST["Nick"] = "";
+ $_POST["Name"] = "";
+ $_POST["Vorname"] = "";
+ $_POST["Alter"] = "";
+ $_POST["Telefon"] = "";
+ $_POST["DECT"] = "";
+ $_POST["Handy"] = "";
+ $_POST["email"] = "";
+ $_POST["subscribe-mailinglist"] = "";
+ $_POST["ICQ"] = "";
+ $_POST["jabber"] = "";
+ $_POST["Size"] = "L";
+ $_POST["Art"] = "";
+ $_POST["kommentar"] = "";
+ $_POST["Hometown"] = "";
+ }
+
+ if ($success == "none") {
+ $html .= "<h1>" . Get_Text("makeuser_text0") . "</h1>\n";
+ $html .= "<h2>" . Get_Text("makeuser_text1") . "</h2>\n";
+ $html .= "<form action=\"\" method=\"post\">\n";
+ $html .= "<table>\n";
+ $html .= "<tr><td>" . Get_Text("makeuser_Nickname") . "*</td><td><input type=\"text\" size=\"40\" name=\"Nick\" value=\"" . $_POST["Nick"] . "\" /></td></tr>\n";
+ $html .= "<tr><td>" . Get_Text("makeuser_Nachname") . "</td><td><input type=\"text\" size=\"40\" name=\"Name\" value=\"" . $_POST["Name"] . "\" /></td></tr>\n";
+ $html .= "<tr><td>" . Get_Text("makeuser_Vorname") . "</td><td><input type=\"text\" size=\"40\" name=\"Vorname\" value=\"" . $_POST["Vorname"] . "\" /></td></tr>\n";
+ $html .= "<tr><td>" . Get_Text("makeuser_Alter") . "</td><td><input type=\"text\" size=\"40\" name=\"Alter\" value=\"" . $_POST["Alter"] . "\"></td></tr>\n";
+ $html .= "<tr><td>" . Get_Text("makeuser_Telefon") . "</td><td><input type=\"text\" size=\"40\" name=\"Telefon\" value=\"" . $_POST["Telefon"] . "\"></td></tr>\n";
+ $html .= "<tr><td>" . Get_Text("makeuser_DECT") . "</td><td><input type=\"text\" size=\"40\" name=\"DECT\" value=\"" . $_POST["DECT"] . "\"></td><td>\n";
+ $html .= "<!--a href=\"https://21c3.ccc.de/wiki/index.php/POC\"><img src=\"./pic/external.png\" alt=\"external: \">DECT</a--></td></tr>\n";
+ $html .= "<tr><td>" . Get_Text("makeuser_Handy") . "</td><td><input type=\"text\" size=\"40\" name=\"Handy\" value=\"" . $_POST["Handy"] . "\"></td></tr>\n";
+ $html .= "<tr><td>" . Get_Text("makeuser_E-Mail") . "*</td><td><input type=\"text\" size=\"40\" name=\"email\" value=\"" . $_POST["email"] . "\"></td></tr>\n";
+
+ if (isset ($SubscribeMailinglist))
+ $html .= "<tr><td>" . Get_Text("makeuser_subscribe-mailinglist") . "</td><td><input type=\"checkbox\" name=\"subscribe-mailinglist\" value=\"" . $_POST["subscribe-mailinglist"] . "\">($SubscribeMailinglist)</td></tr>\n";
+
+ $html .= "<tr><td>ICQ</td><td><input type=\"text\" size=\"40\" name=\"ICQ\" value=\"" . $_POST["ICQ"] . "\"></td></tr>\n";
+ $html .= "<tr><td>jabber</td><td><input type=\"text\" size=\"40\" name=\"jabber\" value=\"" . $_POST["jabber"] . "\"></td></tr>\n";
+ $html .= "<tr><td>" . Get_Text("makeuser_T-Shirt") . " Gr&ouml;sse*</td><td align=\"left\">\n";
+ $html .= "<select name=\"Size\">\n";
+ $html .= "<option value=\"S\"";
+ if ($_POST["Size"] == "S")
+ $html .= " selected";
+ $html .= ">S</option>\n";
+ $html .= "<option value=\"M\"";
+ if ($_POST["Size"] == "M")
+ $html .= " selected";
+ $html .= ">M</option>\n";
+ $html .= "<option value=\"L\"";
+ if ($_POST["Size"] == "L")
+ $html .= " selected";
+ $html .= ">L</option>\n";
+ $html .= "<option value=\"XL\"";
+ if ($_POST["Size"] == "XL")
+ $html .= " selected";
+ $html .= ">XL</option>\n";
+ $html .= "<option value=\"2XL\"";
+ if ($_POST["Size"] == "2XL")
+ $html .= " selected";
+ $html .= ">2XL</option>\n";
+ $html .= "<option value=\"3XL\"";
+ if ($_POST["Size"] == "3XL")
+ $html .= " selected";
+ $html .= ">3XL</option>\n";
+ $html .= "<option value=\"4XL\"";
+ if ($_POST["Size"] == "4XL")
+ $html .= " selected";
+ $html .= ">4XL</option>\n";
+ $html .= "<option value=\"5XL\"";
+ if ($_POST["Size"] == "5XL")
+ $html .= " selected";
+ $html .= ">5XL</option>\n";
+ $html .= "<option value=\"S-G\"";
+ if ($_POST["Size"] == "S-G")
+ $html .= " selected";
+ $html .= ">S Girl</option>\n";
+ $html .= "<option value=\"M-G\"";
+ if ($_POST["Size"] == "M-G")
+ $html .= " selected";
+ $html .= ">M Girl</option>\n";
+ $html .= "<option value=\"L-G\"";
+ if ($_POST["Size"] == "L-G")
+ $html .= " selected";
+ $html .= ">L Girl</option>\n";
+ $html .= "<option value=\"XL-G\"";
+ if ($_POST["Size"] == "XL-G")
+ $html .= " selected";
+ $html .= ">XL Girl</option>\n";
+ $html .= "</select>\n";
+ $html .= "</td></tr>\n";
+ $html .= "<tr><td>" . Get_Text("makeuser_Engelart") . "</td><td align=\"left\">\n";
+ $html .= "<select name=\"Art\">\n";
+
+ $engel_types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `NAME`");
+ foreach ($engel_types as $engel_type) {
+ $Name = $engel_type['Name'] . Get_Text("inc_schicht_engel");
+ $html .= "<option value=\"" . $Name . "\"";
+
+ if ($_POST["Art"] == $Name)
+ $html .= " selected";
+
+ $html .= ">$Name</option>\n";
+ }
+
+ $html .= "</select>\n";
+ $html .= "</td>\n";
+ $html .= "</tr>\n";
+ $html .= "<tr>\n";
+ $html .= "<td>" . Get_Text("makeuser_text2") . "</td>\n";
+ $html .= "<td><textarea rows=\"5\" cols=\"40\" name=\"kommentar\">" . $_POST["kommentar"] . "</textarea></td>\n";
+ $html .= "</tr>\n";
+ $html .= "<tr><td>" . Get_Text("makeuser_Hometown") . "</td><td><input type=\"text\" size=\"40\" name=\"Hometown\" value=\"" . $_POST["Hometown"] . "\"></td></tr>\n";
+ $html .= "<tr><td>" . Get_Text("makeuser_Passwort") . "*</td><td><input type=\"password\" size=\"40\" name=\"Passwort\"/></td></tr>\n";
+ $html .= "<tr><td>" . Get_Text("makeuser_Passwort2") . "*</td><td><input type=\"password\" size=\"40\" name=\"Passwort2\"/></td></tr>\n";
+ $html .= "<tr><td>&nbsp;</td><td><input type=\"submit\" name=\"send\" value=\"" . Get_Text("makeuser_Anmelden") . "\"/></td></tr>\n";
+ $html .= "</table>\n";
+ $html .= "</form>\n";
+ $html .= Get_Text("makeuser_text3");
+ }
+ return $html;
+}
+
+function guest_logout() {
+ unset ($_SESSION['uid']);
+ header("Location: " . page_link_to("start"));
+}
+
+function guest_login() {
+ global $user;
+ unset ($_SESSION['uid']);
+
+ $html = "";
+ if (isset ($_REQUEST['login_submit'])) {
+ $login_user = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($_REQUEST["user"]) . "'");
+
+ if (count($login_user) == 1) { // Check, ob User angemeldet wird...
+ $login_user = $login_user[0];
+ if ($login_user["Passwort"] == PassCrypt($_REQUEST["password"])) { // Passwort ok...
+ $_SESSION['uid'] = $login_user['UID'];
+ $_SESSION['Sprache'] = $login_user['Sprache'];
+ header("Location: " . page_link_to("news"));
+ } else { // Passwort nicht ok...
+ $ErrorText = "pub_index_pass_no_ok";
+ } // Ende Passwort-Check
+ } else { // Anzahl der User in User-Tabelle <> 1 --> keine Anmeldung
+ if ($user_anz == 0)
+ $ErrorText = "pub_index_User_unset";
+ else
+ $ErrorText = "pub_index_User_more_as_one";
+ } // Ende Check, ob User angemeldet wurde}
+ }
+ if (isset ($ErrorText))
+ $html .= error(Get_Text($ErrorText));
+ $html .= guest_login_form();
+ return $html;
+}
+
+function guest_login_form() {
+ return template_render("../templates/guest_login_form.html", array (
+ 'link' => page_link_to("login"),
+ 'nick' => Get_Text("index_lang_nick"),
+ 'pass' => Get_Text("index_lang_pass"),
+ 'send' => Get_Text("index_lang_send")
+ ));
+}
+?>
diff --git a/includes/pages/guest_start.php b/includes/pages/guest_start.php
new file mode 100644
index 00000000..286511f2
--- /dev/null
+++ b/includes/pages/guest_start.php
@@ -0,0 +1,13 @@
+<?php
+function guest_start() {
+ require_once ('includes/pages/guest_login.php');
+ $html = "<p>" . Get_Text("index_text1") . "</p>\n";
+ $html .= "<p>" . Get_Text("index_text2") . "</p>\n";
+ $html .= "<p>" . Get_Text("index_text3") . "</p>\n";
+
+ $html .= guest_login_form();
+
+ $html .= "<h6>" . Get_Text("index_text4") . "</h6>";
+ return $html;
+}
+?> \ No newline at end of file
diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php
new file mode 100644
index 00000000..a13b28f0
--- /dev/null
+++ b/includes/pages/user_messages.php
@@ -0,0 +1,239 @@
+<?php
+function user_unread_messages() {
+ global $user, $privileges;
+
+ if (in_array("user_messages", $privileges)) {
+ $new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`=" . sql_escape($user['UID']));
+
+ if ($new_messages > 0)
+ return sprintf(
+ '<p class="notice"><a href="%s">%s %s %s</a></p><hr />',
+ page_link_to("user_messages"),
+ Get_Text("pub_messages_new1"),
+ $new_messages,
+ Get_Text("pub_messages_new2")
+ );
+ }
+
+ return "";
+}
+
+function user_messages() {
+ global $user;
+
+ if (!isset ($_REQUEST['action'])) {
+ $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`="
+ . sql_escape($user['UID']) . " ORDER BY `Nick`");
+
+ $to_select_data = array (
+ "" => "Select receiver..."
+ );
+
+ foreach ($users as $u)
+ $to_select_data[$u['UID']] = $u['Nick'];
+
+ $to_select = html_select_key('to', $to_select_data, '');
+
+ $messages_html = "";
+ $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`="
+ . sql_escape($user['UID'])
+ . " OR `RUID`=" . sql_escape($user['UID'])
+ . " ORDER BY `isRead`,`Datum` DESC"
+ );
+ foreach ($messages as $message) {
+
+ $messages_html .= sprintf(
+ '<tr %s> <td>%s</td> <td>%s</td> <td>%s</td> <td>%s</td>'
+ .'<td>%s</td>',
+ ($message['isRead'] == 'N' ? ' class="new_message"' : ''),
+ ($message['isRead'] == 'N' ? '•' : ''),
+ date("Y-m-d H:i", $message['Datum']),
+ UID2Nick($message['SUID']),
+ UID2Nick($message['RUID']),
+ str_replace("\n", '<br />', $message['Text'])
+ );
+
+ $messages_html .= '<td>';
+ if ($message['RUID'] == $user['UID']) {
+ if ($message['isRead'] == 'N')
+ $messages_html .= '<a href="' . page_link_to("user_messages") . '&action=read&id=' . $message['id'] . '">' . Get_Text("pub_messages_MarkRead") . '</a>';
+ } else {
+ $messages_html .= '<a href="' . page_link_to("user_messages") . '&action=delete&id=' . $message['id'] . '">' . Get_Text("pub_messages_DelMsg") . '</a>';
+ }
+ $messages_html .= '</td></tr>';
+ }
+
+ return template_render('../templates/user_messages.html', array (
+ 'link' => page_link_to("user_messages"),
+ 'greeting' => Get_Text("Hello") . $user['Nick'] . ", <br />\n"
+ . Get_Text("pub_messages_text1") . "<br /><br />\n",
+ 'messages' => $messages_html,
+ 'new_label' => Get_Text("pub_messages_Neu"),
+ 'date_label' => Get_Text("pub_messages_Datum"),
+ 'from_label' => Get_Text("pub_messages_Von"),
+ 'to_label' => Get_Text("pub_messages_An"),
+ 'text_label' => Get_Text("pub_messages_Text"),
+ 'date' => date("Y-m-d H:i"),
+ 'from' => $user['Nick'],
+ 'to_select' => $to_select,
+ 'submit_label' => Get_Text("save")
+ ));
+ } else {
+ switch ($_REQUEST['action']) {
+ case "read" :
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing Message ID.");
+
+ $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+ if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) {
+ sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+ header("Location: " . page_link_to("user_messages"));
+ } else
+ return error("No Message found.");
+ break;
+
+ case "delete" :
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing Message ID.");
+
+ $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+ if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) {
+ sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+ header("Location: " . page_link_to("user_messages"));
+ } else
+ return error("No Message found.");
+ break;
+
+ case "send" :
+ $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
+ $to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['to']));
+ if ($text != "" && is_numeric($to) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) {
+ sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'");
+ header("Location: " . page_link_to("user_messages"));
+ } else {
+ return error(Get_Text("pub_messages_Send_Error"));
+ }
+ break;
+ }
+ return "";
+ }
+
+ if (!isset ($_GET["action"]))
+ $_GET["action"] = "start";
+
+ switch ($_GET["action"]) {
+ case "start" :
+ echo Get_Text("Hello") . $_SESSION['Nick'] . ", <br />\n";
+ echo Get_Text("pub_messages_text1") . "<br /><br />\n";
+
+ //show exist Messages
+ $SQL = "SELECT * FROM `Messages` WHERE `SUID`='" . $_SESSION["UID"] . "' OR `RUID`='" . $_SESSION["UID"] . "'";
+ $erg = mysql_query($SQL, $con);
+
+ echo "<table border=\"0\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n";
+ echo "<tr>\n";
+ echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Datum") . "</b></td>\n";
+ echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Von") . "</b></td>\n";
+ echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_An") . "</b></td>\n";
+ echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Text") . "</b></td>\n";
+ echo "<td class=\"contenttopic\"></td>\n";
+ echo "</tr>\n";
+
+ for ($i = 0; $i < mysql_num_rows($erg); $i++) {
+ echo "<tr class=\"content\">\n";
+ echo "<td>" . mysql_result($erg, $i, "Datum") . "</td>\n";
+ echo "<td>" . UID2Nick(mysql_result($erg, $i, "SUID")) . "</td>\n";
+ echo "<td>" . UID2Nick(mysql_result($erg, $i, "RUID")) . "</td>\n";
+ echo "<td>" . mysql_result($erg, $i, "Text") . "</td>\n";
+ echo "<td>";
+
+ if (mysql_result($erg, $i, "RUID") == $_SESSION["UID"]) {
+ echo "<a href=\"?action=DelMsg&Datum=" . mysql_result($erg, $i, "Datum") . "\">" . Get_Text("pub_messages_DelMsg") . "</a>";
+
+ if (mysql_result($erg, $i, "isRead") == "N")
+ echo "<a href=\"?action=MarkRead&Datum=" . mysql_result($erg, $i, "Datum") . "\">" . Get_Text("pub_messages_MarkRead") . "</a>";
+ } else {
+ if (mysql_result($erg, $i, "isRead") == "N")
+ echo Get_Text("pub_messages_NotRead");
+ }
+
+ echo "</td>\n";
+ echo "</tr>\n";
+ }
+
+ // send Messeges
+ echo "<form action=\"" . $_SERVER['SCRIPT_NAME'] . "?action=SendMsg\" method=\"POST\">";
+ echo "<tr class=\"content\">\n";
+ echo "<td></td>\n";
+ echo "<td></td>\n";
+
+ // Listet alle Nicks auf
+ echo "<td><select name=\"RUID\">\n";
+
+ $usql = "SELECT * FROM `User` WHERE (`UID`!='" . $_SESSION["UID"] . "') ORDER BY `Nick`";
+ $uErg = mysql_query($usql, $con);
+ $urowcount = mysql_num_rows($uErg);
+
+ for ($k = 0; $k < $urowcount; $k++) {
+ echo "<option value=\"" . mysql_result($uErg, $k, "UID") . "\">" . mysql_result($uErg, $k, "Nick") . "</option>\n";
+ }
+
+ echo "</select></td>\n";
+ echo "<td><textarea name=\"Text\" cols=\"30\" rows=\"10\"></textarea></td>\n";
+ echo "<td><input type=\"submit\" value=\"" . Get_Text("save") . "\"></td>\n";
+ echo "</tr>\n";
+ echo "</form>";
+
+ echo "</table>\n";
+ break;
+
+ case "SendMsg" :
+ echo Get_Text("pub_messages_Send1") . "...<br />\n";
+
+ $SQL = "INSERT INTO `Messages` ( `Datum` , `SUID` , `RUID` , `Text` ) VALUES (" .
+ "'" . gmdate("Y-m-j H:i:s", time()) . "', " .
+ "'" . $_SESSION["UID"] . "', " .
+ "'" . $_POST["RUID"] . "', " .
+ "'" . $_POST["Text"] . "');";
+
+ $Erg = mysql_query($SQL, $con);
+
+ if ($Erg == 1)
+ echo Get_Text("pub_messages_Send_OK") . "\n";
+ else
+ echo Get_Text("pub_messages_Send_Error") . "...\n(" . mysql_error($con) . ")";
+ break;
+
+ case "MarkRead" :
+ $SQL = "UPDATE `Messages` SET `isRead` = 'Y' " .
+ "WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID`='" . $_SESSION["UID"] . "' " .
+ "LIMIT 1 ;";
+ $Erg = mysql_query($SQL, $con);
+
+ if ($Erg == 1)
+ echo Get_Text("pub_messages_MarkRead_OK") . "\n";
+ else
+ echo Get_Text("pub_messages_MarkRead_KO") . "...\n(" . mysql_error($con) . ")";
+ break;
+
+ case "DelMsg" :
+ $SQL = "DELETE FROM `Messages` " .
+ "WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID` ='" . $_SESSION["UID"] . "' " .
+ "LIMIT 1;";
+ $Erg = mysql_query($SQL, $con);
+
+ if ($Erg == 1)
+ echo Get_Text("pub_messages_DelMsg_OK") . "\n";
+ else
+ echo Get_Text("pub_messages_DelMsg_KO") . "...\n(" . mysql_error($con) . ")";
+ break;
+
+ default :
+ echo Get_Text("pub_messages_NoCommand");
+ }
+}
+?>
diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php
new file mode 100644
index 00000000..818c2da2
--- /dev/null
+++ b/includes/pages/user_news.php
@@ -0,0 +1,168 @@
+<?php
+function user_meetings() {
+ global $DISPLAY_NEWS, $privileges, $user;
+
+ $html = "";
+
+ if (isset ($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page']))
+ $page = $_REQUEST['page'];
+ else
+ $page = 0;
+
+ $news = sql_select("SELECT * FROM `News` WHERE `Treffen`=1 ORDER BY `ID` DESC LIMIT " . ($page * $DISPLAY_NEWS) . ", " . $DISPLAY_NEWS);
+ foreach ($news as $entry)
+ $html .= display_news($entry);
+
+ $html .= "<div class=\"pagination\">\n\n";
+ $dis_rows = ceil(sql_num_query("SELECT * FROM `News` WHERE `Treffen`=1") / $DISPLAY_NEWS);
+
+ $html .= Get_Text(5);
+
+ for ($i = 0; $i < $dis_rows; $i++) {
+ if ($i == $_REQUEST['page'])
+ $html .= ($i +1) . "&nbsp; ";
+ else
+ $html .= '<a href="' . page_link_to("news") . '&page=' . $i . '">' . ($i +1) . '</a>&nbsp; ';
+ }
+ $html .= '</div>';
+ return $html;
+}
+
+function display_news($news) {
+ global $privileges, $p;
+
+ $html .= "";
+ $html .= '<article class="news' . ($news['Treffen'] == 1 ? ' meeting' : '') . '">';
+ $html .= '<details>';
+ $html .= date("Y-m-d H:i", $news['Datum']) . ', ';
+ $html .= UID2Nick($news['UID']);
+ if ($p != "news_comments")
+ $html .= ', <a href="' . page_link_to("news_comments") . '&nid=' . $news['ID'] . '">Kommentare (' . sql_num_query("SELECT * FROM `news_comments` WHERE `Refid`='" . sql_escape($news['ID']) . "'") . ') &raquo;</a>';
+ $html .= '</details>';
+ $html .= '<h3>' . ($news['Treffen'] == 1 ? '[Meeting] ' : '') . ReplaceSmilies($news['Betreff']) . '</h3>';
+ $html .= '<p>' . ReplaceSmilies(nl2br($news['Text'])) . '</p>';
+ if (in_array("admin_news", $privileges))
+ $html .= "<details><a href=\"" . page_link_to("admin_news") . "&action=edit&id=" . $news['ID'] . "\">Edit</a></details>\n";
+
+ $html .= '</article>';
+ return $html;
+}
+
+function user_news_comments() {
+ global $user;
+
+ $html = "";
+ if (isset ($_REQUEST["nid"]) && preg_match("/^[0-9]{1,}$/", $_REQUEST['nid']) && sql_num_query("SELECT * FROM `News` WHERE `ID`=" . sql_escape($_REQUEST['nid']) . " LIMIT 1") > 0) {
+ $nid = $_REQUEST["nid"];
+ list ($news) = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($_REQUEST['nid']) . " LIMIT 1");
+ if (isset ($_REQUEST["text"])) {
+ $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
+ sql_query("INSERT INTO `news_comments` (`Refid`, `Datum`, `Text`, `UID`) VALUES ('" . sql_escape($nid) . "', '" . date("Y-m-d H:i:s") . "', '" . sql_escape($text) . "', '" . sql_escape($user["UID"]) . "')");
+ $html .= success("Eintrag wurde gespeichert");
+ }
+
+ $html .= '<a href="' . page_link_to("news") . '">&laquo; Back</a>';
+ $html .= display_news($news);
+
+ $html .= '<h2>Kommentare</h2>';
+
+ $comments = sql_select("SELECT * FROM `news_comments` WHERE `Refid`='" . $nid . "' ORDER BY 'ID'");
+ foreach ($comments as $comment) {
+ $html .= '<article class="news_comment">';
+ $html .= DisplayAvatar($comment['UID']);
+ $html .= '<details>';
+ $html .= $comment['Datum'] . ', ';
+ $html .= UID2Nick($comment['UID']);
+ $html .= '</details>';
+ $html .= '<p>' . nl2br($comment['Text']) . '</p>';
+ $html .= '</article>';
+ }
+
+ $html .= "</table>";
+ $html .= '
+ <br />
+ <hr>
+ <h2>Neuer Kommentar:</h2>
+ <a name="Neu">&nbsp;</a>
+
+ <form action="' . page_link_to("news_comments") . '" method="post">
+ <input type="hidden" name="nid" value="' . $_REQUEST["nid"] . '">
+ <table>
+ <tr>
+ <td align="right" valign="top">Text:</td>
+ <td><textarea name="text" cols="50" rows="10"></textarea></td>
+ </tr>
+ </table>
+ <br />
+ <input type="submit" value="sichern...">
+ </form>';
+ } else {
+ $html .= "Fehlerhafter Aufruf!";
+ }
+
+ return $html;
+}
+
+function user_news() {
+ global $DISPLAY_NEWS, $privileges, $user;
+
+ $html = "";
+
+ if (isset ($_POST["text"]) && isset ($_POST["betreff"])) {
+ if (!isset ($_POST["treffen"]) || !in_array("admin_news", $privileges))
+ $_POST["treffen"] = 0;
+ sql_query("INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) " .
+ "VALUES ('" . sql_escape(time()) . "', '" . sql_escape($_POST["betreff"]) . "', '" . sql_escape($_POST["text"]) . "', '" . sql_escape($user['UID']) .
+ "', '" . sql_escape($_POST["treffen"]) . "');");
+ $html .= success(Get_Text(4));
+ }
+
+ if (isset ($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page']))
+ $page = $_REQUEST['page'];
+ else
+ $page = 0;
+
+ $news = sql_select("SELECT * FROM `News` ORDER BY `ID` DESC LIMIT " . ($page * $DISPLAY_NEWS) . ", " . $DISPLAY_NEWS);
+ foreach ($news as $entry)
+ $html .= display_news($entry);
+
+ $html .= "<div class=\"pagination\">\n\n";
+ $dis_rows = ceil(sql_num_query("SELECT * FROM `News`") / $DISPLAY_NEWS);
+
+ $html .= Get_Text(5);
+
+ for ($i = 0; $i < $dis_rows; $i++) {
+ if ($i == $_REQUEST['page'])
+ $html .= ($i +1) . "&nbsp; ";
+ else
+ $html .= '<a href="' . page_link_to("news") . '&page=' . $i . '">' . ($i +1) . '</a>&nbsp; ';
+ }
+ $html .= '</div>
+ <br /><hr />
+ <h2>' . Get_Text(6) . '</h2>
+ <a name="Neu">&nbsp;</a>
+
+ <form action="" method="post">
+ <table>
+ <tr>
+ <td align="right">' . Get_Text(7) . '</td>
+ <td><input type="text" name="betreff" size="60"></td>
+ </tr>
+ <tr>
+ <td align="right">' . Get_Text(8) . '</td>
+ <td><textarea name="text" cols="50" rows="10"></textarea></td>
+ </tr>';
+ if (in_array('admin_news', $privileges)) {
+ $html .= ' <tr>
+ <td align="right">' . Get_Text(9) . '</td>
+ <td><input type="checkbox" name="treffen" size="1" value="1"></td>
+ </tr>';
+
+ }
+ $html .= '</table>
+ <br />
+ <input type="submit" value="' . Get_Text("save") . '">
+ </form>';
+ return $html;
+}
+?> \ No newline at end of file
diff --git a/includes/pages/user_questions.php b/includes/pages/user_questions.php
new file mode 100644
index 00000000..4e9daa5a
--- /dev/null
+++ b/includes/pages/user_questions.php
@@ -0,0 +1,50 @@
+<?php
+function user_questions() {
+ global $user;
+
+ if (!isset ($_REQUEST['action'])) {
+ $open_questions = "";
+ $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0 AND `UID`=" . sql_escape($user['UID']));
+ foreach ($questions as $question)
+ $open_questions .= '<tr><td>' . str_replace("\n", '<br />', $question['Question']) . '</td><td><a href="' . page_link_to("user_questions") . '&action=delete&id=' . $question['QID'] . '">Delete</a></td><tr>';
+
+ $answered_questions = "";
+ $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0 AND `UID`=" . sql_escape($user['UID']));
+ foreach ($questions as $question) {
+ $answered_questions .= '<tr><td>' . str_replace("\n", '<br />', $question['Question']) . '</td>';
+ $answered_questions .= '<td>' . UID2Nick($question['AID']) . '</td><td>' . str_replace("\n", '<br />', $question['Answer']) . '</td>';
+ $answered_questions .= '<td><a href="' . page_link_to("user_questions") . '&action=delete&id=' . $question['QID'] . '">Delete</a></td><tr>';
+ }
+
+ return template_render('../templates/user_questions.html', array (
+ 'link' => page_link_to("user_questions"),
+ 'open_questions' => $open_questions,
+ 'answered_questions' => $answered_questions
+ ));
+ } else {
+ switch ($_REQUEST['action']) {
+ case 'ask' :
+ $question = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['question'])));
+ if ($question != "") {
+ sql_query("INSERT INTO `Questions` SET `UID`=" . sql_escape($user['UID']) . ", `Question`='" . sql_escape($question) . "'");
+ header("Location: " . page_link_to("user_questions"));
+ } else
+ return error("Please enter a question!");
+ break;
+ case 'delete' :
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing Question ID.");
+
+ $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
+ if (count($question) > 0 && $question[0]['UID'] == $user['UID']) {
+ sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
+ header("Location: " . page_link_to("user_questions"));
+ } else
+ return error("No question found.");
+ break;
+ }
+ }
+}
+?> \ No newline at end of file
diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php
new file mode 100644
index 00000000..97c8626f
--- /dev/null
+++ b/includes/pages/user_settings.php
@@ -0,0 +1,252 @@
+<?php
+function user_settings() {
+ global $user;
+
+ if (!isset ($_REQUEST['action'])) {
+ $tshirt_html = template_render('../templates/user_settings_tshirt.html', array (
+ 'label_size' => Get_Text("makeuser_T-Shirt"),
+ 'size_select' => ($user['Tshirt'] == 0) ? html_select_key('size', array (
+ 'S' => "S",
+ 'M' => "M",
+ 'L' => "L",
+ 'XL' => "XL",
+ '2XL' => "2XL",
+ '3XL' => "3XL",
+ '4XL' => "4XL",
+ '5XL' => "5XL",
+ 'S-G' => "S Girl",
+ 'M-G' => "M Girl",
+ 'L-G' => "L Girl",
+ 'XL-G' => "XL Girl"
+ ), $user['Size']) : $user['Size']
+ ));
+
+ return template_render('../templates/user_settings.html', array (
+ 'link' => page_link_to("user_settings"),
+ 'greeting' => Get_Text("Hallo") . $user['Nick'] . ",<br />" . Get_Text(13),
+ 'text_user_data' => Get_Text("pub_einstellungen_Text_UserData"),
+ 'label_nick' => Get_Text("pub_einstellungen_Nick"),
+ 'label_name' => Get_Text("pub_einstellungen_Name"),
+ 'label_prename' => Get_Text("pub_einstellungen_Vorname"),
+ 'label_age' => Get_Text("pub_einstellungen_Alter"),
+ 'label_tel' => Get_Text("pub_einstellungen_Telefon"),
+ 'label_mobile' => Get_Text("pub_einstellungen_Handy"),
+ 'label_dect' => Get_Text("pub_einstellungen_DECT"),
+ 'label_mail' => Get_Text("pub_einstellungen_Email"),
+ 'label_hometown' => Get_Text("pub_einstellungen_Hometown"),
+ 'nick' => $user['Nick'],
+ 'name' => $user['Name'],
+ 'prename' => $user['Vorname'],
+ 'age' => $user['Alter'],
+ 'tel' => $user['Telefon'],
+ 'mobile' => $user['Handy'],
+ 'dect' => $user['DECT'],
+ 'mail' => $user['email'],
+ 'icq' => $user['ICQ'],
+ 'jabber' => $user['jabber'],
+ 'hometown' => $user['Hometown'],
+ 'label_save' => Get_Text("save"),
+ 'tshirts' => $tshirt_html,
+ 'text_password' => Get_Text(14),
+ 'current_pw_label' => Get_Text(15),
+ 'new_pw_label' => Get_Text(16),
+ 'new_pw2_label' => Get_Text(17),
+ 'text_theme' => Get_Text(18),
+ 'theme_label' => Get_Text(19),
+ 'theme_select' => html_select_key('theme', array (
+ "1" => "Standard-Style",
+ "2" => "ot/Gelber Style",
+ "3" => "Club-Mate Style",
+ "5" => "Debian Style",
+ "6" => "c-base Style",
+ "7" => "Blau/Gelber Style",
+ "8" => "Pastel Style",
+ "4" => "Test Style",
+ "9" => "Test Style 21c3",
+ "10" => "msquare (cccamp2011)"
+ ), $user['color']),
+ 'text_language' => Get_Text(20),
+ 'language_label' => Get_Text(21),
+ 'language_select' => html_select_key('language', array (
+ 'DE' => "Deutsch",
+ 'EN' => "English"
+ ), $user['Sprache'])
+ ));
+ } else {
+ switch ($_REQUEST['action']) {
+ case 'sprache' :
+ if (isset ($_REQUEST['language']) && preg_match("/^DE|EN$/", $_REQUEST['language']))
+ $language = $_REQUEST['language'];
+ else
+ $language = "EN";
+ sql_query("UPDATE `User` SET " . "`Sprache`='" . sql_escape($language) . "' WHERE `UID`=" . sql_escape($user['UID']) . " LIMIT 1");
+ $_SESSION['Sprache'] = $language;
+ header("Location: " . page_link_to("user_settings"));
+ break;
+
+ case 'colour' :
+ $theme = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['theme']));
+ sql_query("UPDATE `User` SET " . "`color`='" . sql_escape($theme) . "' WHERE `UID`=" . sql_escape($user['UID']) . " LIMIT 1");
+ header("Location: " . page_link_to("user_settings"));
+ break;
+
+ case 'set' :
+ $html = "";
+ if ($_REQUEST["new_pw"] == $_REQUEST["new_pw2"]) {
+ if (PassCrypt($_REQUEST["current_pw"]) == $user['Passwort']) {
+ sql_query("UPDATE `User` SET `Passwort`='" . sql_escape(PassCrypt($_REQUEST['new_pw'])) . "' WHERE `UID`=" . sql_escape($user['UID']) . " LIMIT 1");
+ header("Location: " . page_link_to("user_settings"));
+ } else {
+ $html .= error(Get_Text(30));
+ }
+ } else {
+ $html .= error(Get_Text(31));
+ }
+ return $html;
+ break;
+
+ case "setUserData" :
+ $nick = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['nick']));
+ $name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['name']));
+ $prename = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['prename']));
+ $age = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['age']));
+ $tel = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['tel']));
+ $mobile = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['mobile']));
+ $dect = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['dect']));
+ $mail = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['mail']));
+ $icq = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['icq']));
+ $jabber = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['jabber']));
+ $hometown = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['hometown']));
+ $size = ($user['TShirt'] == 0) ? preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['size'])) : $user['Size'];
+
+ sql_query("UPDATE `User` SET " .
+ "`Nick`='" . sql_escape($nick) . "', " .
+ "`Name`='" . sql_escape($name) . "', " .
+ "`Vorname`='" . sql_escape($prename) . "', " .
+ "`Alter`='" . sql_escape($age) . "', " .
+ "`Telefon`='" . sql_escape($tel) . "', " .
+ "`Handy`='" . sql_escape($mobile) . "', " .
+ "`DECT`='" . sql_escape($dect) . "', " .
+ "`email`='" . sql_escape($mail) . "', " .
+ "`ICQ`='" . sql_escape($icq) . "', " .
+ "`jabber`='" . sql_escape($jabber) . "', " .
+ "`Hometown`='" . sql_escape($hometown) . "', " .
+ "`Size`='" . sql_escape($size) . "' " .
+ "WHERE `UID`=" . sql_escape($user['UID']) . " LIMIT 1");
+ header("Location: " . page_link_to("user_settings"));
+ break;
+ }
+ }
+
+ // AVATARE
+ /*
+ if (get_cfg_var("file_uploads")) {
+ echo "<br />\n<hr width=\"100%\">\n<br />\n\n";
+ echo Get_Text('pub_einstellungen_PictureUpload') . "<br />";
+ echo "<form action=\"./einstellungen.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+ echo "<input type=\"hidden\" name=\"action\" value=\"sendPicture\">\n";
+ echo "<input name=\"file\" type=\"file\" size=\"50\" maxlength=\"" . get_cfg_var("post_max_size") . "\">\n";
+ echo "(max " . get_cfg_var("post_max_size") . "Byte)<br />\n";
+ echo "<input type=\"submit\" value=\"" . Get_Text("upload"), "\">\n";
+ echo "</form>\n";
+ }
+
+ switch (GetPicturShow($_SESSION['UID'])) {
+ case 'Y' :
+ echo Get_Text('pub_einstellungen_PictureShow') . "<br />";
+ echo displayPictur($_SESSION['UID'], 0);
+ echo "<form action=\"./einstellungen.php\" method=\"post\">\n";
+ echo "<input type=\"hidden\" name=\"action\" value=\"delPicture\">\n";
+ echo "<input type=\"submit\" value=\"" . Get_Text("delete"), "\">\n";
+ echo "</form>\n";
+ break;
+ case 'N' :
+ echo Get_Text('pub_einstellungen_PictureNoShow') . "<br />";
+ echo displayPictur($_SESSION['UID'], 0);
+ echo "<form action=\"./einstellungen.php\" method=\"post\">\n";
+ echo "<input type=\"hidden\" name=\"action\" value=\"delPicture\">\n";
+ echo "<input type=\"submit\" value=\"" . Get_Text("delete"), "\">\n";
+ echo "</form>\n";
+ echo "<br />\n<hr width=\"100%\">\n<br />\n\n";
+ case '' :
+ echo "<br />\n<hr width=\"100%\">\n<br />\n\n";
+ echo Get_Text(22) . "<br />";
+ echo "\n<form action=\"./einstellungen.php\" method=\"post\">\n";
+ echo "<input type=\"hidden\" name=\"action\" value=\"avatar\">\n";
+ echo "<table>\n";
+ echo "<tr>\n<td>" . Get_Text(23) . "<br /></td>\n</tr>\n";
+ echo "<tr>\n";
+ echo "<td>\n";
+ echo "<select name=\"eAvatar\" onChange=\"document.avatar.src = '" . $url . $ENGEL_ROOT . "pic/avatar/avatar' + this.value + '.gif'\" onKeyup=\"document.avatar.src = '" . $url . $ENGEL_ROOT . "pic/avatar/avatar' + this.value + '.gif'\">\n";
+
+ for ($i = 1; file_exists("../pic/avatar/avatar" . $i . ".gif"); $i++)
+ echo "<option value=\"" . $i . "\"" . ($_SESSION['Avatar'] == $i ? " selected" : "") . ">avatar" . $i . "</option>\n";
+
+ echo "</select>&nbsp;&nbsp;\n";
+ echo "<img src=\"" . $url . $ENGEL_ROOT . "pic/avatar/avatar" . $_SESSION['Avatar'] . ".gif\" name=\"avatar\" border=\"0\" align=\"top\">\n";
+ echo "</td>\n</tr>\n";
+ echo "</table>\n";
+ echo "<input type=\"submit\" value=\"" . Get_Text("save") . "\">\n";
+ echo "</form>\n";
+ break;
+ } //CASE
+
+ } else {
+ switch ($_POST["action"]) {
+
+ case 'avatar' :
+ $chsql = "UPDATE `User` SET `Avatar`='" . $_POST["eAvatar"] . "' WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1";
+ $Erg = mysql_query($chsql, $con);
+ $_SESSION['Avatar'] = $_POST["eAvatar"];
+ if ($Erg == 1)
+ Print_Text(34);
+ else
+ Print_Text(29);
+ break;
+
+ case 'setUserData' :
+
+ break;
+
+ case 'sendPicture' :
+ if ($_FILES["file"]["size"] > 0) {
+ if (($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/png") || ($_FILES["file"]["type"] == "image/gif")) {
+ $data = addslashes(fread(fopen($_FILES["file"]["tmp_name"], "r"), filesize($_FILES["file"]["tmp_name"])));
+
+ if (GetPicturShow($_SESSION['UID']) == "")
+ $SQL = "INSERT INTO `UserPicture` " .
+ "( `UID`,`Bild`, `ContentType`, `show`) " .
+ "VALUES ('" . $_SESSION['UID'] . "', '$data', '" . $_FILES["file"]["type"] . "', 'N')";
+ else
+ $SQL = "UPDATE `UserPicture` SET " .
+ "`Bild`='$data', " .
+ "`ContentType`='" . $_FILES["file"]["type"] . "', " .
+ "`show`='N' " .
+ "WHERE `UID`='" . $_SESSION['UID'] . "'";
+
+ $res = mysql_query($SQL, $con);
+ if ($res)
+ Print_Text("pub_einstellungen_send_OK");
+ else
+ Print_Text("pub_einstellungen_send_KO");
+
+ echo "<h6>('" . $_FILES["file"]["name"] . "', MIME-Type: " . $_FILES["file"]["type"] . ", " . $_FILES["file"]["size"] . " Byte)</h6>";
+ } else
+ Print_Text("pub_einstellungen_send_KO");
+ } else
+ Print_Text("pub_einstellungen_send_KO");
+ break;
+
+ case 'delPicture' :
+ $chsql = "DELETE FROM `UserPicture` WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1";
+ $Erg = mysql_query($chsql, $con);
+ if ($Erg == 1)
+ Print_Text("pub_einstellungen_del_OK");
+ else
+ Print_Text("pub_einstellungen_del_KO");
+ Break;
+ }
+ }
+ */
+}
+?>
diff --git a/includes/pages/user_wakeup.php b/includes/pages/user_wakeup.php
new file mode 100644
index 00000000..2c6940e7
--- /dev/null
+++ b/includes/pages/user_wakeup.php
@@ -0,0 +1,86 @@
+<?php
+function user_wakeup() {
+ global $user;
+
+ $html = "";
+
+ if (isset ($_REQUEST['action'])) {
+ switch ($_REQUEST['action']) {
+ case 'create' :
+ $date = DateTime::createFromFormat("Y-m-d H:i", $_REQUEST['Date']);
+ if ($date != null) {
+ $date = $date->getTimestamp();
+ $bemerkung = strip_request_item_nl('Bemerkung');
+ $ort = strip_request_item('Ort');
+ $SQL = "INSERT INTO `Wecken` (`UID`, `Date`, `Ort`, `Bemerkung`) "
+ . "VALUES ('" . sql_escape($user['UID']) . "', '"
+ . sql_escape($date) . "', '" . sql_escape($ort) . "', " . "'"
+ . sql_escape($bemerkung) . "')";
+ sql_query($SQL);
+ $html .= success(Get_Text(4));
+ } else
+ $html .= error("Broken date!");
+ break;
+
+ case 'delete' :
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing wake-up ID.");
+
+ $wakeup = sql_select("SELECT * FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
+ if (count($wakeup) > 0 && $wakeup[0]['UID'] == $user['UID']) {
+ sql_query("DELETE FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
+ $html .= success("Wake-up call deleted.");
+ } else
+ return error("No wake-up found.");
+ break;
+ }
+ }
+
+ $html .= "<p>" . Get_Text("Hello") . $user['Nick'] . ",<br />"
+ . Get_Text("pub_wake_beschreibung") . "</p>\n\n";
+ $html .= Get_Text("pub_wake_beschreibung2");
+ $html .= '
+<table border="0" width="100%" class="border" cellpadding="2" cellspacing="1">
+ <tr class="contenttopic">
+ <th>' . Get_Text("pub_wake_Datum") . '</th>
+ <th>' . Get_Text("pub_waeckliste_Nick") . '</th>
+ <th>' . Get_Text("pub_wake_Ort") . '</th>
+ <th>' . Get_Text("pub_wake_Bemerkung") . '</th>
+ <th></th>
+ </tr>
+';
+
+ $sql = "SELECT * FROM `Wecken` ORDER BY `Date` ASC";
+ $Erg = sql_query($sql);
+ $count = mysql_num_rows($Erg);
+
+ for ($i = 0; $i < $count; $i++) {
+ $row = mysql_fetch_row($Erg);
+ $html .= '<tr class="content">';
+ $html .= '<td>' . date("Y-m-d H:i", mysql_result($Erg, $i, "Date")) . ' </td>';
+ $html .= '<td>' . UID2Nick(mysql_result($Erg, $i, "UID")) . ' </td>';
+ $html .= '<td>' . mysql_result($Erg, $i, "Ort") . ' </td>';
+ $html .= '<td>' . mysql_result($Erg, $i, "Bemerkung") . ' </td>';
+ if (mysql_result($Erg, $i, "UID") == $user['UID'])
+ $html .= '<td><a href="' . page_link_to("user_wakeup") . '&action=delete&id=' . mysql_result($Erg, $i, "ID") . "\">" . Get_Text("pub_wake_del") . '</a></td>';
+ else
+ $html .= '<td></td>';
+ $html .= '</tr>';
+ }
+
+ $html .= '</table><hr />' . Get_Text("pub_wake_Text2");
+
+ $html .= template_render('../templates/user_wakeup.html', array (
+ 'wakeup_link' => page_link_to("user_wakeup"),
+ 'date_text' => Get_Text("pub_wake_Datum"),
+ 'date_value' => date("Y-m-d H:i"),
+ 'place_text' => Get_Text("pub_wake_Ort"),
+ 'comment_text' => Get_Text("pub_wake_Bemerkung"),
+ 'comment_value' => "Knock knock Leo, follow the white rabbit to the blue tent",
+ 'submit_text' => Get_Text("pub_wake_bouton")
+ ));
+ return $html;
+}
+?>