summaryrefslogtreecommitdiff
path: root/includes/pages
diff options
context:
space:
mode:
authorIgor Scheller <igor.scheller@igorshp.de>2017-01-21 13:58:53 +0100
committerIgor Scheller <igor.scheller@igorshp.de>2017-01-21 13:58:53 +0100
commit9a3ad8883403949a59e8935497a548ec536f1d40 (patch)
treed3c27912c925e53bc240640ccc1133d8f87f1fd3 /includes/pages
parentf7c09cb7ff84db1004a4fa83a70735475702023f (diff)
Changed from mysqli to PDO, some refactorings, faster sql queries
Diffstat (limited to 'includes/pages')
-rw-r--r--includes/pages/admin_active.php102
-rw-r--r--includes/pages/admin_arrive.php18
-rw-r--r--includes/pages/admin_free.php50
-rw-r--r--includes/pages/admin_groups.php69
-rw-r--r--includes/pages/admin_import.php14
-rw-r--r--includes/pages/admin_news.php35
-rw-r--r--includes/pages/admin_questions.php39
-rw-r--r--includes/pages/admin_rooms.php41
-rw-r--r--includes/pages/admin_shifts.php45
-rw-r--r--includes/pages/admin_user.php144
-rw-r--r--includes/pages/guest_login.php95
-rw-r--r--includes/pages/guest_stats.php12
-rw-r--r--includes/pages/user_atom.php8
-rw-r--r--includes/pages/user_messages.php44
-rw-r--r--includes/pages/user_myshifts.php67
-rw-r--r--includes/pages/user_news.php81
-rw-r--r--includes/pages/user_questions.php34
-rw-r--r--includes/pages/user_settings.php28
-rw-r--r--includes/pages/user_shifts.php67
19 files changed, 642 insertions, 351 deletions
diff --git a/includes/pages/admin_active.php b/includes/pages/admin_active.php
index c4b6e119..d3b290f9 100644
--- a/includes/pages/admin_active.php
+++ b/includes/pages/admin_active.php
@@ -1,5 +1,7 @@
<?php
+use Engelsystem\Database\DB;
+
/**
* @return string
*/
@@ -17,7 +19,7 @@ function admin_active()
$msg = '';
$search = '';
- $forced_count = sql_num_query('SELECT * FROM `User` WHERE `force_active`=1');
+ $forced_count = count(DB::select('SELECT `UID` FROM `User` WHERE `force_active`=1'));
$count = $forced_count;
$limit = '';
$set_active = '';
@@ -49,22 +51,31 @@ function admin_active()
$limit = ' LIMIT ' . $count;
}
if (isset($_REQUEST['ack'])) {
- sql_query('UPDATE `User` SET `Aktiv` = 0 WHERE `Tshirt` = 0');
- $users = sql_select("
- SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, $shift_sum_formula as `shift_length`
- FROM `User`
- LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID`
- LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID`
- WHERE `User`.`Gekommen` = 1 AND `User`.`force_active`=0
- GROUP BY `User`.`UID`
- ORDER BY `force_active` DESC, `shift_length` DESC" . $limit
- );
+ DB::update('UPDATE `User` SET `Aktiv` = 0 WHERE `Tshirt` = 0');
+ $users = DB::select(sprintf(
+ '
+ SELECT
+ `User`.*,
+ COUNT(`ShiftEntry`.`id`) AS `shift_count`,
+ %s AS `shift_length`
+ FROM `User`
+ LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID`
+ LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID`
+ WHERE `User`.`Gekommen` = 1
+ AND `User`.`force_active`=0
+ GROUP BY `User`.`UID`
+ ORDER BY `force_active` DESC, `shift_length` DESC
+ %s
+ ',
+ $shift_sum_formula,
+ $limit
+ ));
$user_nicks = [];
foreach ($users as $usr) {
- sql_query('UPDATE `User` SET `Aktiv` = 1 WHERE `UID`=\'' . sql_escape($usr['UID']) . '\'');
+ DB::update('UPDATE `User` SET `Aktiv` = 1 WHERE `UID`=?', [$usr['UID']]);
$user_nicks[] = User_Nick_render($usr);
}
- sql_query('UPDATE `User` SET `Aktiv`=1 WHERE `force_active`=TRUE');
+ DB::update('UPDATE `User` SET `Aktiv`=1 WHERE `force_active`=TRUE');
engelsystem_log('These angels are active now: ' . join(', ', $user_nicks));
$limit = '';
@@ -82,7 +93,7 @@ function admin_active()
$user_id = $_REQUEST['active'];
$user_source = User($user_id);
if ($user_source != null) {
- sql_query('UPDATE `User` SET `Aktiv`=1 WHERE `UID`=\'' . sql_escape($user_id) . '\' LIMIT 1');
+ DB::update('UPDATE `User` SET `Aktiv`=1 WHERE `UID`=? LIMIT 1', [$user_id]);
engelsystem_log('User ' . User_Nick_render($user_source) . ' is active now.');
$msg = success(_('Angel has been marked as active.'), true);
} else {
@@ -92,7 +103,7 @@ function admin_active()
$user_id = $_REQUEST['not_active'];
$user_source = User($user_id);
if ($user_source != null) {
- sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1");
+ DB::update('UPDATE `User` SET `Aktiv`=0 WHERE `UID`=? LIMIT 1', [$user_id]);
engelsystem_log('User ' . User_Nick_render($user_source) . ' is NOT active now.');
$msg = success(_('Angel has been marked as not active.'), true);
} else {
@@ -102,7 +113,7 @@ function admin_active()
$user_id = $_REQUEST['tshirt'];
$user_source = User($user_id);
if ($user_source != null) {
- sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1");
+ DB::update('UPDATE `User` SET `Tshirt`=1 WHERE `UID`=? LIMIT 1', [$user_id]);
engelsystem_log('User ' . User_Nick_render($user_source) . ' has tshirt now.');
$msg = success(_('Angel has got a t-shirt.'), true);
} else {
@@ -112,7 +123,7 @@ function admin_active()
$user_id = $_REQUEST['not_tshirt'];
$user_source = User($user_id);
if ($user_source != null) {
- sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1");
+ DB::update('UPDATE `User` SET `Tshirt`=0 WHERE `UID`=? LIMIT 1', [$user_id]);
engelsystem_log('User ' . User_Nick_render($user_source) . ' has NO tshirt.');
$msg = success(_('Angel has got no t-shirt.'), true);
} else {
@@ -120,18 +131,22 @@ function admin_active()
}
}
- $users = sql_select("
- SELECT
- `User`.*,
- COUNT(`ShiftEntry`.`id`) AS `shift_count`,
- ${shift_sum_formula} AS `shift_length`
- FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID`
- LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` "
- . ($show_all_shifts ? "" : "AND (`Shifts`.`end` < " . time() . " OR `Shifts`.`end` IS NULL)") . "
- WHERE `User`.`Gekommen` = 1
- GROUP BY `User`.`UID`
- ORDER BY `force_active` DESC, `shift_length` DESC" . $limit
- );
+ $users = DB::select(sprintf('
+ SELECT
+ `User`.*,
+ COUNT(`ShiftEntry`.`id`) AS `shift_count`,
+ %s AS `shift_length`
+ FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID`
+ LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` '
+ . ($show_all_shifts ? '' : 'AND (`Shifts`.`end` < ' . time() . " OR `Shifts`.`end` IS NULL)") . '
+ WHERE `User`.`Gekommen` = 1
+ GROUP BY `User`.`UID`
+ ORDER BY `force_active` DESC, `shift_length` DESC
+ %s
+ ',
+ $shift_sum_formula,
+ $limit
+ ));
$matched_users = [];
if ($search == '') {
$tokens = [];
@@ -194,21 +209,36 @@ function admin_active()
$shirt_statistics = [];
foreach (array_keys($tshirt_sizes) as $size) {
if ($size != '') {
+ $sc = DB::select(
+ 'SELECT count(*) FROM `User` WHERE `Size`=? AND `Gekommen`=1',
+ [$size]
+ );
+ $sc = array_shift($sc);
+ $sc = array_shift($sc);
+
+ $gc = DB::select(
+ 'SELECT count(*) FROM `User` WHERE `Size`=? AND `Tshirt`=1',
+ [$size]
+ );
+ $gc = array_shift($gc);
+ $gc = array_shift($gc);
+
$shirt_statistics[] = [
'size' => $size,
- 'needed' => sql_select_single_cell(
- "SELECT count(*) FROM `User` WHERE `Size`='" . sql_escape($size) . "' AND `Gekommen`=1"
- ),
- 'given' => sql_select_single_cell(
- "SELECT count(*) FROM `User` WHERE `Size`='" . sql_escape($size) . "' AND `Tshirt`=1"
- )
+ 'needed' => (int)$sc,
+ 'given' => (int)$gc
];
}
}
+
+ $uc = DB::select('SELECT count(*) FROM `User` WHERE `Tshirt`=1');
+ $uc = array_shift($uc);
+ $uc = array_shift($uc);
+
$shirt_statistics[] = [
'size' => '<b>' . _('Sum') . '</b>',
'needed' => '<b>' . User_arrived_count() . '</b>',
- 'given' => '<b>' . sql_select_single_cell('SELECT count(*) FROM `User` WHERE `Tshirt`=1') . '</b>'
+ 'given' => '<b>' . (int)$uc . '</b>'
];
return page_with_title(admin_active_title(), [
diff --git a/includes/pages/admin_arrive.php b/includes/pages/admin_arrive.php
index a17408e7..0080ccf9 100644
--- a/includes/pages/admin_arrive.php
+++ b/includes/pages/admin_arrive.php
@@ -1,5 +1,7 @@
<?php
+use Engelsystem\Database\DB;
+
/**
* @return string
*/
@@ -23,12 +25,12 @@ function admin_arrive()
$user_id = $_REQUEST['reset'];
$user_source = User($user_id);
if ($user_source != null) {
- sql_query("
+ DB::update('
UPDATE `User`
SET `Gekommen`=0, `arrival_date` = NULL
- WHERE `UID`='" . sql_escape($user_id) . "'
+ WHERE `UID`=?
LIMIT 1
- ");
+ ', [$user_id]);
engelsystem_log('User set to not arrived: ' . User_Nick_render($user_source));
success(_('Reset done. Angel has not arrived.'));
redirect(user_link($user_source));
@@ -39,12 +41,12 @@ function admin_arrive()
$user_id = $_REQUEST['arrived'];
$user_source = User($user_id);
if ($user_source != null) {
- sql_query("
+ DB::update('
UPDATE `User`
- SET `Gekommen`=1, `arrival_date`='" . time() . "'
- WHERE `UID`='" . sql_escape($user_id) . "'
+ SET `Gekommen`=1, `arrival_date`=?
+ WHERE `UID`=?
LIMIT 1
- ");
+ ', [time(), $user_id]);
engelsystem_log('User set has arrived: ' . User_Nick_render($user_source));
success(_('Angel has been marked as arrived.'));
redirect(user_link($user_source));
@@ -53,7 +55,7 @@ function admin_arrive()
}
}
- $users = sql_select('SELECT * FROM `User` ORDER BY `Nick`');
+ $users = DB::select('SELECT * FROM `User` ORDER BY `Nick`');
$arrival_count_at_day = [];
$planned_arrival_count_at_day = [];
$planned_departure_count_at_day = [];
diff --git a/includes/pages/admin_free.php b/includes/pages/admin_free.php
index 67d91006..630603ba 100644
--- a/includes/pages/admin_free.php
+++ b/includes/pages/admin_free.php
@@ -1,5 +1,7 @@
<?php
+use Engelsystem\Database\DB;
+
/**
* @return string
*/
@@ -20,19 +22,20 @@ function admin_free()
$search = strip_request_item('search');
}
- $angeltypesearch = '';
+ $angelTypeSearch = '';
if (empty($_REQUEST['angeltype'])) {
$_REQUEST['angeltype'] = '';
} else {
- $angeltypesearch = ' INNER JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id` = \''
- . sql_escape($_REQUEST['angeltype']) . "' AND `UserAngelTypes`.`user_id` = `User`.`UID`";
+ $angelTypeSearch = ' INNER JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id` = '
+ . DB::getPdo()->quote($_REQUEST['angeltype'])
+ . ' AND `UserAngelTypes`.`user_id` = `User`.`UID`';
if (isset($_REQUEST['confirmed_only'])) {
- $angeltypesearch .= ' AND `UserAngelTypes`.`confirm_user_id`';
+ $angelTypeSearch .= ' AND `UserAngelTypes`.`confirm_user_id`';
}
- $angeltypesearch .= ') ';
+ $angelTypeSearch .= ') ';
}
- $angel_types_source = sql_select('SELECT `id`, `name` FROM `AngelTypes` ORDER BY `name`');
+ $angel_types_source = DB::select('SELECT `id`, `name` FROM `AngelTypes` ORDER BY `name`');
$angel_types = [
'' => 'alle Typen'
];
@@ -40,20 +43,27 @@ function admin_free()
$angel_types[$angel_type['id']] = $angel_type['name'];
}
- $users = sql_select("
- SELECT `User`.*
- FROM `User`
- ${angeltypesearch}
- LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID`
- LEFT JOIN `Shifts`
- ON (
- `ShiftEntry`.`SID` = `Shifts`.`SID`
- AND `Shifts`.`start` < '" . sql_escape(time()) . "'
- AND `Shifts`.`end` > '" . sql_escape(time()) . "'
- )
- WHERE `User`.`Gekommen` = 1 AND `Shifts`.`SID` IS NULL
- GROUP BY `User`.`UID`
- ORDER BY `Nick`");
+ $users = DB::select('
+ SELECT `User`.*
+ FROM `User`
+ ' . $angelTypeSearch . '
+ LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID`
+ LEFT JOIN `Shifts`
+ ON (
+ `ShiftEntry`.`SID` = `Shifts`.`SID`
+ AND `Shifts`.`start` < ?
+ AND `Shifts`.`end` > ?
+ )
+ WHERE `User`.`Gekommen` = 1
+ AND `Shifts`.`SID` IS NULL
+ GROUP BY `User`.`UID`
+ ORDER BY `Nick`
+ ',
+ [
+ time(),
+ time(),
+ ]
+ );
$free_users_table = [];
if ($search == '') {
diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php
index 8e578cb2..bc33a2b0 100644
--- a/includes/pages/admin_groups.php
+++ b/includes/pages/admin_groups.php
@@ -1,5 +1,7 @@
<?php
+use Engelsystem\Database\DB;
+
/**
* @return string
*/
@@ -14,20 +16,20 @@ function admin_groups_title()
function admin_groups()
{
$html = '';
- $groups = sql_select('SELECT * FROM `Groups` ORDER BY `Name`');
+ $groups = DB::select('SELECT * FROM `Groups` ORDER BY `Name`');
if (!isset($_REQUEST['action'])) {
$groups_table = [];
foreach ($groups as $group) {
- $privileges = sql_select("
- SELECT *
+ $privileges = DB::select('
+ SELECT `name`
FROM `GroupPrivileges`
JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`)
- WHERE `group_id`='" . sql_escape($group['UID']) . "'
- ");
+ WHERE `group_id`=?
+ ', [$group['UID']]);
$privileges_html = [];
- foreach ($privileges as $priv) {
- $privileges_html[] = $priv['name'];
+ foreach ($privileges as $privilege) {
+ $privileges_html[] = $privilege['name'];
}
$groups_table[] = [
@@ -57,33 +59,33 @@ function admin_groups()
return error('Incomplete call, missing Groups ID.', true);
}
- $group = sql_select("SELECT * FROM `Groups` WHERE `UID`='" . sql_escape($group_id) . "' LIMIT 1");
- if (count($group) > 0) {
- $privileges = sql_select("
+ $group = DB::select('SELECT * FROM `Groups` WHERE `UID`=? LIMIT 1', [$group_id]);
+ if (!empty($group)) {
+ $privileges = DB::select('
SELECT `Privileges`.*, `GroupPrivileges`.`group_id`
FROM `Privileges`
LEFT OUTER JOIN `GroupPrivileges`
ON (
`Privileges`.`id` = `GroupPrivileges`.`privilege_id`
- AND `GroupPrivileges`.`group_id`='" . sql_escape($group_id) . "'
+ AND `GroupPrivileges`.`group_id`=?
)
ORDER BY `Privileges`.`name`
- ");
+ ', [$group_id]);
$privileges_html = '';
$privileges_form = [];
- foreach ($privileges as $priv) {
+ foreach ($privileges as $privilege) {
$privileges_form[] = form_checkbox(
'privileges[]',
- $priv['desc'] . ' (' . $priv['name'] . ')',
- $priv['group_id'] != '',
- $priv['id']
+ $privilege['desc'] . ' (' . $privilege['name'] . ')',
+ $privilege['group_id'] != '',
+ $privilege['id']
);
$privileges_html .= sprintf(
'<tr><td><input type="checkbox" name="privileges[]" value="%s" %s /></td> <td>%s</td> <td>%s</td></tr>',
- $priv['id'],
- ($priv['group_id'] != '' ? 'checked="checked"' : ''),
- $priv['name'],
- $priv['desc']
+ $privilege['id'],
+ ($privilege['group_id'] != '' ? 'checked="checked"' : ''),
+ $privilege['name'],
+ $privilege['desc']
);
}
@@ -103,20 +105,27 @@ function admin_groups()
return error('Incomplete call, missing Groups ID.', true);
}
- $group = sql_select("SELECT * FROM `Groups` WHERE `UID`='" . sql_escape($group_id) . "' LIMIT 1");
+ $group = DB::select('SELECT * FROM `Groups` WHERE `UID`=? LIMIT 1', [$group_id]);
if (!is_array($_REQUEST['privileges'])) {
$_REQUEST['privileges'] = [];
}
- if (count($group) > 0) {
- list($group) = $group;
- sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`='" . sql_escape($group_id) . "'");
+ if (!empty($group)) {
+ $group = array_shift($group);
+ DB::delete('DELETE FROM `GroupPrivileges` WHERE `group_id`=?', [$group_id]);
$privilege_names = [];
- foreach ($_REQUEST['privileges'] as $priv) {
- if (preg_match("/^[0-9]{1,}$/", $priv)) {
- $group_privileges_source = sql_select("SELECT * FROM `Privileges` WHERE `id`='" . sql_escape($priv) . "' LIMIT 1");
- if (count($group_privileges_source) > 0) {
- sql_query("INSERT INTO `GroupPrivileges` SET `group_id`='" . sql_escape($group_id) . "', `privilege_id`='" . sql_escape($priv) . "'");
- $privilege_names[] = $group_privileges_source[0]['name'];
+ foreach ($_REQUEST['privileges'] as $privilege) {
+ if (preg_match("/^[0-9]{1,}$/", $privilege)) {
+ $group_privileges_source = DB::select(
+ 'SELECT `name` FROM `Privileges` WHERE `id`=? LIMIT 1',
+ [$privilege]
+ );
+ if (!empty($group_privileges_source)) {
+ $group_privileges_source = array_shift($group_privileges_source);
+ DB::insert(
+ 'INSERT INTO `GroupPrivileges` (`group_id`, `privilege_id`) VALUES (?, ?)',
+ [$group_id, $privilege]
+ );
+ $privilege_names[] = $group_privileges_source['name'];
}
}
}
diff --git a/includes/pages/admin_import.php b/includes/pages/admin_import.php
index 2e37572f..7a246b4b 100644
--- a/includes/pages/admin_import.php
+++ b/includes/pages/admin_import.php
@@ -1,5 +1,7 @@
<?php
+use Engelsystem\Database\DB;
+
/**
* @return string
*/
@@ -252,10 +254,10 @@ function admin_import()
if ($result === false) {
engelsystem_error('Unable to create room.');
}
- $rooms_import[trim($room)] = sql_id();
+ $rooms_import[trim($room)] = $result;
}
foreach ($rooms_deleted as $room) {
- sql_query("DELETE FROM `Room` WHERE `Name`='" . sql_escape($room) . "' LIMIT 1");
+ DB::delete('DELETE FROM `Room` WHERE `Name`=? LIMIT 1', [$room]);
}
list($events_new, $events_updated, $events_deleted) = prepare_events(
@@ -317,11 +319,11 @@ function prepare_rooms($file)
$data = read_xml($file);
// Load rooms from db for compare with input
- $rooms = sql_select('SELECT * FROM `Room` WHERE `FromPentabarf`=\'Y\'');
+ $rooms = DB::select('SELECT `Name`, `RID` FROM `Room` WHERE `FromPentabarf`=\'Y\'');
$rooms_db = [];
$rooms_import = [];
foreach ($rooms as $room) {
- $rooms_db[] = (string)$room['Name'];
+ $rooms_db[] = $room['Name'];
$rooms_import[$room['Name']] = $room['RID'];
}
@@ -356,7 +358,7 @@ function prepare_events($file, $shifttype_id, $add_minutes_start, $add_minutes_e
global $rooms_import;
$data = read_xml($file);
- $rooms = sql_select('SELECT * FROM `Room`');
+ $rooms = Rooms(true);
$rooms_db = [];
foreach ($rooms as $room) {
$rooms_db[$room['Name']] = $room['RID'];
@@ -378,7 +380,7 @@ function prepare_events($file, $shifttype_id, $add_minutes_start, $add_minutes_e
];
}
- $shifts = sql_select('SELECT * FROM `Shifts` WHERE `PSID` IS NOT NULL ORDER BY `start`');
+ $shifts = DB::select('SELECT * FROM `Shifts` WHERE `PSID` IS NOT NULL ORDER BY `start`');
$shifts_db = [];
foreach ($shifts as $shift) {
$shifts_db[$shift['PSID']] = $shift;
diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php
index 6d52bcf5..86631d6b 100644
--- a/includes/pages/admin_news.php
+++ b/includes/pages/admin_news.php
@@ -1,5 +1,7 @@
<?php
+use Engelsystem\Database\DB;
+
/**
* @return string
*/
@@ -18,14 +20,14 @@ function admin_news()
return error('Incomplete call, missing News ID.', true);
}
- $news = sql_select("SELECT * FROM `News` WHERE `ID`='" . sql_escape($news_id) . "' LIMIT 1");
+ $news = DB::select('SELECT * FROM `News` WHERE `ID`=? LIMIT 1', [$news_id]);
if (empty($news)) {
return error('No News found.', true);
}
switch ($_REQUEST['action']) {
case 'edit':
- list($news) = $news;
+ $news = array_shift($news);
$user_source = User($news['UID']);
$html .= form([
@@ -43,21 +45,32 @@ function admin_news()
break;
case 'save':
- sql_query("UPDATE `News` SET
- `Datum`='" . sql_escape(time()) . "',
- `Betreff`='" . sql_escape($_POST["eBetreff"]) . "',
- `Text`='" . sql_escape($_POST["eText"]) . "',
- `UID`='" . sql_escape($user['UID']) . "',
- `Treffen`='" . sql_escape($_POST["eTreffen"]) . "'
- WHERE `ID`='" . sql_escape($news_id) . "'");
+ DB::update('
+ UPDATE `News` SET
+ `Datum`=?,
+ `Betreff`=?,
+ `Text`=?,
+ `UID`=?,
+ `Treffen`=?
+ WHERE `ID`=?
+ ',
+ [
+ time(),
+ $_POST["eBetreff"],
+ $_POST["eText"],
+ $user['UID'],
+ isset($_POST["eTreffen"]) ? 1 : 0,
+ $news_id
+ ]
+ );
engelsystem_log('News updated: ' . $_POST['eBetreff']);
success(_('News entry updated.'));
redirect(page_link_to('news'));
break;
case 'delete':
- list($news) = $news;
- sql_query("DELETE FROM `News` WHERE `ID`='" . sql_escape($news_id) . "' LIMIT 1");
+ $news = array_shift($news);
+ DB::delete('DELETE FROM `News` WHERE `ID`=? LIMIT 1', [$news_id]);
engelsystem_log('News deleted: ' . $news['Betreff']);
success(_('News entry deleted.'));
redirect(page_link_to('news'));
diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php
index 7dcb3057..ef84b111 100644
--- a/includes/pages/admin_questions.php
+++ b/includes/pages/admin_questions.php
@@ -1,5 +1,7 @@
<?php
+use Engelsystem\Database\DB;
+
/**
* @return string
*/
@@ -19,7 +21,7 @@ function admin_new_questions()
if ($page != 'admin_questions') {
if (in_array('admin_questions', $privileges)) {
- $new_messages = sql_num_query('SELECT * FROM `Questions` WHERE `AID` IS NULL');
+ $new_messages = count(DB::select('SELECT `QID` FROM `Questions` WHERE `AID` IS NULL'));
if ($new_messages > 0) {
return '<a href="' . page_link_to("admin_questions") . '">' . _('There are unanswered questions!') . '</a>';
@@ -39,7 +41,7 @@ function admin_questions()
if (!isset($_REQUEST['action'])) {
$unanswered_questions_table = [];
- $questions = sql_select("SELECT * FROM `Questions` WHERE `AID` IS NULL");
+ $questions = DB::select('SELECT * FROM `Questions` WHERE `AID` IS NULL');
foreach ($questions as $question) {
$user_source = User($question['UID']);
@@ -59,7 +61,7 @@ function admin_questions()
}
$answered_questions_table = [];
- $questions = sql_select("SELECT * FROM `Questions` WHERE NOT `AID` IS NULL");
+ $questions = DB::select('SELECT * FROM `Questions` WHERE NOT `AID` IS NULL');
foreach ($questions as $question) {
$user_source = User($question['UID']);
$answer_user_source = User($question['AID']);
@@ -102,7 +104,10 @@ function admin_questions()
return error('Incomplete call, missing Question ID.', true);
}
- $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($question_id) . "' LIMIT 1");
+ $question = DB::select(
+ 'SELECT * FROM `Questions` WHERE `QID`=? LIMIT 1',
+ [$question_id]
+ );
if (count($question) > 0 && $question[0]['AID'] == null) {
$answer = trim(
preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui",
@@ -111,12 +116,19 @@ function admin_questions()
));
if ($answer != '') {
- sql_query("
- UPDATE `Questions`
- SET `AID`='" . sql_escape($user['UID']) . "', `Answer`='" . sql_escape($answer) . "'
- WHERE `QID`='" . sql_escape($question_id) . "'
- LIMIT 1
- ");
+ DB::update(
+ '
+ UPDATE `Questions`
+ SET `AID`=?, `Answer`=?
+ WHERE `QID`=?
+ LIMIT 1
+ ',
+ [
+ $user['UID'],
+ $answer,
+ $question_id,
+ ]
+ );
engelsystem_log('Question ' . $question[0]['Question'] . ' answered: ' . $answer);
redirect(page_link_to('admin_questions'));
} else {
@@ -133,9 +145,12 @@ function admin_questions()
return error('Incomplete call, missing Question ID.', true);
}
- $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($question_id) . "' LIMIT 1");
+ $question = DB::select(
+ 'SELECT * FROM `Questions` WHERE `QID`=? LIMIT 1',
+ [$question_id]
+ );
if (count($question) > 0) {
- sql_query("DELETE FROM `Questions` WHERE `QID`='" . sql_escape($question_id) . "' LIMIT 1");
+ DB::delete('DELETE FROM `Questions` WHERE `QID`=? LIMIT 1', [$question_id]);
engelsystem_log('Question deleted: ' . $question[0]['Question']);
redirect(page_link_to('admin_questions'));
} else {
diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php
index 61923689..50be15f3 100644
--- a/includes/pages/admin_rooms.php
+++ b/includes/pages/admin_rooms.php
@@ -1,5 +1,7 @@
<?php
+use Engelsystem\Database\DB;
+
/**
* @return string
*/
@@ -13,7 +15,7 @@ function admin_rooms_title()
*/
function admin_rooms()
{
- $rooms_source = sql_select('SELECT * FROM `Room` ORDER BY `Name`');
+ $rooms_source = DB::select('SELECT * FROM `Room` ORDER BY `Name`');
$rooms = [];
foreach ($rooms_source as $room) {
$rooms[] = [
@@ -36,7 +38,7 @@ function admin_rooms()
$number = '';
$room_id = 0;
- $angeltypes_source = sql_select('SELECT * FROM `AngelTypes` ORDER BY `name`');
+ $angeltypes_source = DB::select('SELECT `id`, `name` FROM `AngelTypes` ORDER BY `name`');
$angeltypes = [];
$angeltypes_count = [];
foreach ($angeltypes_source as $angeltype) {
@@ -59,7 +61,10 @@ function admin_rooms()
$public = $room['show'];
$number = $room['Number'];
- $needed_angeltypes = sql_select("SELECT * FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($room_id) . "'");
+ $needed_angeltypes = DB::select(
+ 'SELECT `angel_type_id`, `count` FROM `NeededAngelTypes` WHERE `room_id`=?',
+ [$room_id]
+ );
foreach ($needed_angeltypes as $needed_angeltype) {
$angeltypes_count[$needed_angeltype['angel_type_id']] = $needed_angeltype['count'];
}
@@ -71,7 +76,13 @@ function admin_rooms()
if (isset($_REQUEST['name']) && strlen(strip_request_item('name')) > 0) {
$name = strip_request_item('name');
- if (isset($room) && sql_num_query("SELECT * FROM `Room` WHERE `Name`='" . sql_escape($name) . "' AND NOT `RID`=" . sql_escape($room_id)) > 0) {
+ if (
+ isset($room)
+ && count(DB::select(
+ 'SELECT RID FROM `Room` WHERE `Name`=? AND NOT `RID`=?',
+ [$name, $room_id]
+ )) > 0
+ ) {
$valid = false;
$msg .= error(_('This name is already in use.'), true);
}
@@ -111,17 +122,23 @@ function admin_rooms()
}
if ($valid) {
- if (isset($room_id)) {
- sql_query("
+ if (!empty($room_id)) {
+ DB::update('
UPDATE `Room`
SET
- `Name`='" . sql_escape($name) . "',
- `FromPentabarf`='" . sql_escape($from_pentabarf) . "',
- `show`='" . sql_escape($public) . "',
- `Number`='" . sql_escape($number) . "'
- WHERE `RID`='" . sql_escape($room_id) . "'
+ `Name`=?,
+ `FromPentabarf`=?,
+ `show`=?,
+ `Number`=?
+ WHERE `RID`=?
LIMIT 1
- ");
+ ', [
+ $name,
+ $from_pentabarf,
+ $public,
+ $number,
+ $room_id,
+ ]);
engelsystem_log(
'Room updated: ' . $name
. ', pentabarf import: ' . $from_pentabarf
diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php
index 1e19c5e4..c543e827 100644
--- a/includes/pages/admin_shifts.php
+++ b/includes/pages/admin_shifts.php
@@ -1,5 +1,7 @@
<?php
+use Engelsystem\Database\DB;
+
/**
* @return string
*/
@@ -27,14 +29,14 @@ function admin_shifts()
$shifttype_id = null;
// Locations laden (auch unsichtbare - fuer Erzengel ist das ok)
- $rooms = sql_select('SELECT * FROM `Room` ORDER BY `Name`');
+ $rooms = DB::select('SELECT `RID`, `Name` FROM `Room` ORDER BY `Name`');
$room_array = [];
foreach ($rooms as $room) {
$room_array[$room['RID']] = $room['Name'];
}
// Engeltypen laden
- $types = sql_select('SELECT * FROM `AngelTypes` ORDER BY `name`');
+ $types = DB::select('SELECT * FROM `AngelTypes` ORDER BY `name`');
$needed_angel_types = [];
foreach ($types as $type) {
$needed_angel_types[$type['id']] = 0;
@@ -53,9 +55,6 @@ function admin_shifts()
if (isset($_REQUEST['preview']) || isset($_REQUEST['back'])) {
if (isset($_REQUEST['shifttype_id'])) {
$shifttype = ShiftType($_REQUEST['shifttype_id']);
- if ($shifttype === false) {
- engelsystem_error('Unable to load shift type.');
- }
if ($shifttype == null) {
$valid = false;
error(_('Please select a shift type.'));
@@ -168,7 +167,13 @@ function admin_shifts()
if ($valid) {
if ($angelmode == 'location') {
$needed_angel_types = [];
- $needed_angel_types_location = sql_select("SELECT * FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($rid) . "'");
+ $needed_angel_types_location = DB::select('
+ SELECT `angel_type_id`, `count`
+ FROM `NeededAngelTypes`
+ WHERE `room_id`=?
+ ',
+ [$rid]
+ );
foreach ($needed_angel_types_location as $type) {
$needed_angel_types[$type['angel_type_id']] = $type['count'];
}
@@ -300,7 +305,12 @@ function admin_shifts()
]);
}
} elseif (isset($_REQUEST['submit'])) {
- if (!is_array($_SESSION['admin_shifts_shifts']) || !is_array($_SESSION['admin_shifts_types'])) {
+ if (
+ !isset($_SESSION['admin_shifts_shifts'])
+ || !isset($_SESSION['admin_shifts_types'])
+ || !is_array($_SESSION['admin_shifts_shifts'])
+ || !is_array($_SESSION['admin_shifts_types'])
+ ) {
redirect(page_link_to('admin_shifts'));
}
@@ -321,10 +331,23 @@ function admin_shifts()
);
foreach ($_SESSION['admin_shifts_types'] as $type_id => $count) {
- $angel_type_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($type_id) . "' LIMIT 1");
- if (count($angel_type_source) > 0) {
- sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`='" . sql_escape($shift_id) . "', `angel_type_id`='" . sql_escape($type_id) . "', `count`='" . sql_escape($count) . "'");
- $needed_angel_types_info[] = $angel_type_source[0]['name'] . ": " . $count;
+ $angel_type_source = DB::select('
+ SELECT *
+ FROM `AngelTypes`
+ WHERE `id` = ?
+ LIMIT 1', [$type_id]);
+ if (!empty($angel_type_source)) {
+ DB::insert('
+ INSERT INTO `NeededAngelTypes` (`shift_id`, `angel_type_id`, `count`)
+ VALUES (?, ?, ?)
+ ',
+ [
+ $shift_id,
+ $type_id,
+ $count
+ ]
+ );
+ $needed_angel_types_info[] = $angel_type_source[0]['name'] . ': ' . $count;
}
}
}
diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php
index 8e11c5f3..192becb0 100644
--- a/includes/pages/admin_user.php
+++ b/includes/pages/admin_user.php
@@ -1,5 +1,7 @@
<?php
+use Engelsystem\Database\DB;
+
/**
* @return string
*/
@@ -106,12 +108,18 @@ function admin_user()
$html .= '<hr />';
- $my_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($user['UID']) . "' ORDER BY `group_id` LIMIT 1");
+ $my_highest_group = DB::select(
+ 'SELECT group_id FROM `UserGroups` WHERE `uid`=? ORDER BY `group_id` LIMIT 1',
+ [$user['UID']]
+ );
if (count($my_highest_group) > 0) {
$my_highest_group = $my_highest_group[0]['group_id'];
}
- $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($user_id) . "' ORDER BY `group_id` LIMIT 1");
+ $his_highest_group = DB::select(
+ 'SELECT `group_id` FROM `UserGroups` WHERE `uid`=? ORDER BY `group_id` LIMIT 1',
+ [$user_id]
+ );
if (count($his_highest_group) > 0) {
$his_highest_group = $his_highest_group[0]['group_id'];
}
@@ -121,16 +129,21 @@ function admin_user()
. page_link_to('admin_user') . '&action=save_groups&id=' . $user_id . '" method="post">' . "\n";
$html .= '<table>';
- $groups = sql_select("
- SELECT *
- FROM `Groups`
- LEFT OUTER JOIN `UserGroups` ON (
- `UserGroups`.`group_id` = `Groups`.`UID`
- AND `UserGroups`.`uid` = '" . sql_escape($user_id) . "'
- )
- WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group) . "'
- ORDER BY `Groups`.`Name`
- ");
+ $groups = DB::select('
+ SELECT *
+ FROM `Groups`
+ LEFT OUTER JOIN `UserGroups` ON (
+ `UserGroups`.`group_id` = `Groups`.`UID`
+ AND `UserGroups`.`uid` = ?
+ )
+ WHERE `Groups`.`UID` >= ?
+ ORDER BY `Groups`.`Name`
+ ',
+ [
+ $user_id,
+ $my_highest_group,
+ ]
+ );
foreach ($groups as $group) {
$html .= '<tr><td><input type="checkbox" name="groups[]" value="' . $group['UID'] . '" '
. ($group['group_id'] != '' ? ' checked="checked"' : '')
@@ -154,20 +167,37 @@ function admin_user()
switch ($_REQUEST['action']) {
case 'save_groups':
if ($user_id != $user['UID']) {
- $my_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($user['UID']) . "' ORDER BY `group_id`");
- $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($user_id) . "' ORDER BY `group_id`");
-
- if (count($my_highest_group) > 0 && (count($his_highest_group) == 0 || ($my_highest_group[0]['group_id'] <= $his_highest_group[0]['group_id']))) {
- $groups_source = sql_select("
- SELECT *
- FROM `Groups`
- LEFT OUTER JOIN `UserGroups` ON (
- `UserGroups`.`group_id` = `Groups`.`UID`
- AND `UserGroups`.`uid` = '" . sql_escape($user_id) . "'
- )
- WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group[0]['group_id']) . "'
- ORDER BY `Groups`.`Name`
- ");
+ $my_highest_group = DB::select(
+ 'SELECT * FROM `UserGroups` WHERE `uid`=? ORDER BY `group_id`',
+ [$user['UID']]
+ );
+ $his_highest_group = DB::select(
+ 'SELECT * FROM `UserGroups` WHERE `uid`=? ORDER BY `group_id`',
+ [$user_id]
+ );
+
+ if (
+ count($my_highest_group) > 0
+ && (
+ count($his_highest_group) == 0
+ || ($my_highest_group[0]['group_id'] <= $his_highest_group[0]['group_id'])
+ )
+ ) {
+ $groups_source = DB::select('
+ SELECT *
+ FROM `Groups`
+ LEFT OUTER JOIN `UserGroups` ON (
+ `UserGroups`.`group_id` = `Groups`.`UID`
+ AND `UserGroups`.`uid` = ?
+ )
+ WHERE `Groups`.`UID` >= ?
+ ORDER BY `Groups`.`Name`
+ ',
+ [
+ $user_id,
+ $my_highest_group[0]['group_id'],
+ ]
+ );
$groups = [];
$grouplist = [];
foreach ($groups_source as $group) {
@@ -179,11 +209,14 @@ function admin_user()
$_REQUEST['groups'] = [];
}
- sql_query("DELETE FROM `UserGroups` WHERE `uid`='" . sql_escape($user_id) . "'");
+ DB::delete('DELETE FROM `UserGroups` WHERE `uid`=?', [$user_id]);
$user_groups_info = [];
foreach ($_REQUEST['groups'] as $group) {
if (in_array($group, $grouplist)) {
- sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($user_id) . "', `group_id`='" . sql_escape($group) . "'");
+ DB::insert(
+ 'INSERT INTO `UserGroups` (`uid`, `group_id`) VALUES (?, ?)',
+ [$user_id, $group]
+ );
$user_groups_info[] = $groups[$group]['Name'];
}
}
@@ -206,25 +239,42 @@ function admin_user()
if (in_array('admin_active', $privileges)) {
$force_active = $_REQUEST['force_active'];
}
- $SQL = "UPDATE `User` SET
- `Nick` = '" . sql_escape($_POST["eNick"]) . "',
- `Name` = '" . sql_escape($_POST["eName"]) . "',
- `Vorname` = '" . sql_escape($_POST["eVorname"]) . "',
- `Telefon` = '" . sql_escape($_POST["eTelefon"]) . "',
- `Handy` = '" . sql_escape($_POST["eHandy"]) . "',
- `Alter` = '" . sql_escape($_POST["eAlter"]) . "',
- `DECT` = '" . sql_escape($_POST["eDECT"]) . "',
- " . ($user_source['email_by_human_allowed'] ? "`email` = '" . sql_escape($_POST["eemail"]) . "'," : "") . "
- `jabber` = '" . sql_escape($_POST["ejabber"]) . "',
- `Size` = '" . sql_escape($_POST["eSize"]) . "',
- `Gekommen`= '" . sql_escape($_POST["eGekommen"]) . "',
- `Aktiv`= '" . sql_escape($_POST["eAktiv"]) . "',
- `force_active`= " . sql_escape($force_active) . ",
- `Tshirt` = '" . sql_escape($_POST["eTshirt"]) . "',
- `Hometown` = '" . sql_escape($_POST["Hometown"]) . "'
- WHERE `UID` = '" . sql_escape($user_id) . "'
- LIMIT 1";
- sql_query($SQL);
+ $sql = '
+ UPDATE `User` SET
+ `Nick` = ?,
+ `Name` = ?,
+ `Vorname` = ?,
+ `Telefon` = ?,
+ `Handy` = ?,
+ `Alter` =?,
+ `DECT` = ?,
+ ' . ($user_source['email_by_human_allowed'] ? '`email` = ' . DB::getPdo()->quote($_POST["eemail"]) . ',' : '') . '
+ `jabber` = ?,
+ `Size` = ?,
+ `Gekommen`= ?,
+ `Aktiv`= ?,
+ `force_active`= ?,
+ `Tshirt` = ?,
+ `Hometown` = ?
+ WHERE `UID` = ?
+ LIMIT 1';
+ DB::update($sql, [
+ $_POST['eNick'],
+ $_POST['eName'],
+ $_POST['eVorname'],
+ $_POST['eTelefon'],
+ $_POST['eHandy'],
+ $_POST['eAlter'],
+ $_POST['eDECT'],
+ $_POST['ejabber'],
+ $_POST['eSize'],
+ $_POST['eGekommen'],
+ $_POST['eAktiv'],
+ $force_active,
+ $_POST['eTshirt'],
+ $_POST['Hometown'],
+ $user_id,
+ ]);
engelsystem_log(
'Updated user: ' . $_POST['eNick'] . ', ' . $_POST['eSize']
. ', arrived: ' . $_POST['eGekommen']
diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php
index d202d92d..f08f9260 100644
--- a/includes/pages/guest_login.php
+++ b/includes/pages/guest_login.php
@@ -1,5 +1,7 @@
<?php
+use Engelsystem\Database\DB;
+
/**
* @return string
*/
@@ -37,8 +39,8 @@ function guest_register()
$msg = '';
$nick = '';
- $lastname = '';
- $prename = '';
+ $lastName = '';
+ $preName = '';
$age = '';
$tel = '';
$dect = '';
@@ -68,7 +70,7 @@ function guest_register()
if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 1) {
$nick = User_validate_Nick($_REQUEST['nick']);
- if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' LIMIT 1") > 0) {
+ if (count(DB::select('SELECT `UID` FROM `User` WHERE `Nick`=? LIMIT 1', [$nick])) > 0) {
$valid = false;
$msg .= error(sprintf(_('Your nick &quot;%s&quot; already exists.'), $nick), true);
}
@@ -148,10 +150,10 @@ function guest_register()
// Trivia
if (isset($_REQUEST['lastname'])) {
- $lastname = strip_request_item('lastname');
+ $lastName = strip_request_item('lastname');
}
if (isset($_REQUEST['prename'])) {
- $prename = strip_request_item('prename');
+ $preName = strip_request_item('prename');
}
if (isset($_REQUEST['age']) && preg_match("/^[0-9]{0,4}$/", $_REQUEST['age'])) {
$age = strip_request_item('age');
@@ -173,38 +175,65 @@ function guest_register()
}
if ($valid) {
- sql_query("
- INSERT INTO `User` SET
- `color`='" . sql_escape($default_theme) . "',
- `Nick`='" . sql_escape($nick) . "',
- `Vorname`='" . sql_escape($prename) . "',
- `Name`='" . sql_escape($lastname) . "',
- `Alter`='" . sql_escape($age) . "',
- `Telefon`='" . sql_escape($tel) . "',
- `DECT`='" . sql_escape($dect) . "',
- `Handy`='" . sql_escape($mobile) . "',
- `email`='" . sql_escape($mail) . "',
- `email_shiftinfo`=" . sql_bool($email_shiftinfo) . ",
- `email_by_human_allowed`=" . sql_bool($email_by_human_allowed) . ",
- `jabber`='" . sql_escape($jabber) . "',
- `Size`='" . sql_escape($tshirt_size) . "',
- `Passwort`='" . sql_escape($password_hash) . "',
- `kommentar`='" . sql_escape($comment) . "',
- `Hometown`='" . sql_escape($hometown) . "',
- `CreateDate`=NOW(),
- `Sprache`='" . sql_escape($_SESSION["locale"]) . "',
- `arrival_date`=NULL,
- `planned_arrival_date`='" . sql_escape($planned_arrival_date) . "'");
+ DB::insert('
+ INSERT INTO `User` (
+ `color`,
+ `Nick`,
+ `Vorname`,
+ `Name`,
+ `Alter`,
+ `Telefon`,
+ `DECT`,
+ `Handy`,
+ `email`,
+ `email_shiftinfo`,
+ `email_by_human_allowed`,
+ `jabber`,
+ `Size`,
+ `Passwort`,
+ `kommentar`,
+ `Hometown`,
+ `CreateDate`,
+ `Sprache`,
+ `arrival_date`,
+ `planned_arrival_date`
+ )
+ VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW(), ?, NULL, ?)
+ ',
+ [
+ $default_theme,
+ $nick,
+ $preName,
+ $lastName,
+ $age,
+ $tel,
+ $dect,
+ $mobile,
+ $mail,
+ (bool)$email_shiftinfo,
+ (bool)$email_by_human_allowed,
+ $jabber,
+ $tshirt_size,
+ $password_hash,
+ $comment,
+ $hometown,
+ $_SESSION['locale'],
+ $planned_arrival_date,
+ ]
+ );
// Assign user-group and set password
- $user_id = sql_id();
- sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($user_id) . "', `group_id`=-2");
+ $user_id = DB::getPdo()->lastInsertId();
+ DB::insert('INSERT INTO `UserGroups` (`uid`, `group_id`) VALUES (?, -2)', [$user_id]);
set_password($user_id, $_REQUEST['password']);
// Assign angel-types
$user_angel_types_info = [];
foreach ($selected_angel_types as $selected_angel_type_id) {
- sql_query("INSERT INTO `UserAngelTypes` SET `user_id`='" . sql_escape($user_id) . "', `angeltype_id`='" . sql_escape($selected_angel_type_id) . "'");
+ DB::insert(
+ 'INSERT INTO `UserAngelTypes` (`user_id`, `angeltype_id`) VALUES (?, ?)',
+ [$user_id, $selected_angel_type_id]
+ );
$user_angel_types_info[] = $angel_types[$selected_angel_type_id];
}
@@ -316,10 +345,10 @@ function guest_register()
form_text('jabber', _('Jabber'), $jabber),
div('row', [
div('col-sm-6', [
- form_text('prename', _('First name'), $prename)
+ form_text('prename', _('First name'), $preName)
]),
div('col-sm-6', [
- form_text('lastname', _('Last name'), $lastname)
+ form_text('lastname', _('Last name'), $lastName)
])
]),
div('row', [
@@ -361,7 +390,7 @@ function guest_login()
if (isset($_REQUEST['submit'])) {
if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 0) {
$nick = User_validate_Nick($_REQUEST['nick']);
- $login_user = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "'");
+ $login_user = DB::select('SELECT * FROM `User` WHERE `Nick`=?', [$nick]);
if (count($login_user) > 0) {
$login_user = $login_user[0];
if (isset($_REQUEST['password'])) {
diff --git a/includes/pages/guest_stats.php b/includes/pages/guest_stats.php
index c4e1af74..4add3e97 100644
--- a/includes/pages/guest_stats.php
+++ b/includes/pages/guest_stats.php
@@ -1,5 +1,7 @@
<?php
+use Engelsystem\Database\DB;
+
function guest_stats()
{
global $api_key;
@@ -8,21 +10,23 @@ function guest_stats()
if ($_REQUEST['api_key'] == $api_key) {
$stats = [];
- list($user_count) = sql_select('SELECT count(*) AS `user_count` FROM `User`');
+ list($user_count) = DB::select('SELECT count(*) AS `user_count` FROM `User`');
$stats['user_count'] = $user_count['user_count'];
- list($arrived_user_count) = sql_select('SELECT count(*) AS `user_count` FROM `User` WHERE `Gekommen`=1');
+ list($arrived_user_count) = DB::select('SELECT count(*) AS `user_count` FROM `User` WHERE `Gekommen`=1');
$stats['arrived_user_count'] = $arrived_user_count['user_count'];
- $done_shifts_seconds = sql_select_single_cell('
+ $done_shifts_seconds = DB::select('
SELECT SUM(`Shifts`.`end` - `Shifts`.`start`)
FROM `ShiftEntry`
JOIN `Shifts` USING (`SID`)
WHERE `Shifts`.`end` < UNIX_TIMESTAMP()
');
+ $done_shifts_seconds = array_shift($done_shifts_seconds);
+ $done_shifts_seconds = (int)array_shift($done_shifts_seconds);
$stats['done_work_hours'] = round($done_shifts_seconds / (60 * 60), 0);
- $users_in_action = sql_select('
+ $users_in_action = DB::select('
SELECT `Shifts`.`start`, `Shifts`.`end`
FROM `ShiftEntry`
JOIN `Shifts` ON `Shifts`.`SID`=`ShiftEntry`.`SID`
diff --git a/includes/pages/user_atom.php b/includes/pages/user_atom.php
index 913a8821..04edf03f 100644
--- a/includes/pages/user_atom.php
+++ b/includes/pages/user_atom.php
@@ -1,5 +1,7 @@
<?php
+use Engelsystem\Database\DB;
+
/**
* Publically available page to feed the news to feedreaders
*/
@@ -20,12 +22,12 @@ function user_atom()
engelsystem_error('No privilege for atom.');
}
- $news = sql_select("
+ $news = DB::select('
SELECT *
FROM `News`
- " . (empty($_REQUEST['meetings']) ? '' : 'WHERE `Treffen` = 1 ') . "
+ ' . (empty($_REQUEST['meetings']) ? '' : 'WHERE `Treffen` = 1 ') . '
ORDER BY `ID`
- DESC LIMIT " . (int)$display_news
+ DESC LIMIT ' . (int)$display_news
);
$output = make_atom_entries_from_news($news);
diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php
index 00dbafe8..e4669411 100644
--- a/includes/pages/user_messages.php
+++ b/includes/pages/user_messages.php
@@ -1,5 +1,7 @@
<?php
+use Engelsystem\Database\DB;
+
/**
* @return string
*/
@@ -16,7 +18,10 @@ function user_unread_messages()
global $user;
if (isset($user)) {
- $new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`='" . sql_escape($user['UID']) . "'");
+ $new_messages = count(DB::select(
+ 'SELECT `id` FROM `Messages` WHERE isRead=\'N\' AND `RUID`=?',
+ [$user['UID']]
+ ));
if ($new_messages > 0) {
return ' <span class="badge danger">' . $new_messages . '</span>';
}
@@ -32,7 +37,10 @@ function user_messages()
global $user;
if (!isset($_REQUEST['action'])) {
- $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`='" . sql_escape($user['UID']) . "' ORDER BY `Nick`");
+ $users = DB::select(
+ 'SELECT `UID`, `Nick` FROM `User` WHERE NOT `UID`=? ORDER BY `Nick`',
+ [$user['UID']]
+ );
$to_select_data = [
'' => _('Select recipient...')
@@ -44,13 +52,18 @@ function user_messages()
$to_select = html_select_key('to', 'to', $to_select_data, '');
- $messages = sql_select("
+ $messages = DB::select('
SELECT *
FROM `Messages`
- WHERE `SUID`='" . sql_escape($user['UID']) . "'
- OR `RUID`='" . sql_escape($user['UID']) . "'
+ WHERE `SUID`=?
+ OR `RUID`=?
ORDER BY `isRead`,`Datum` DESC
- ");
+ ',
+ [
+ $user['UID'],
+ $user['UID'],
+ ]
+ );
$messages_table = [
[
@@ -116,9 +129,15 @@ function user_messages()
return error(_('Incomplete call, missing Message ID.'), true);
}
- $message = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($message_id) . "' LIMIT 1");
+ $message = DB::select(
+ 'SELECT `RUID` FROM `Messages` WHERE `id`=? LIMIT 1',
+ [$message_id]
+ );
if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) {
- sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`='" . sql_escape($message_id) . "' LIMIT 1");
+ DB::update(
+ 'UPDATE `Messages` SET `isRead`=\'Y\' WHERE `id`=? LIMIT 1',
+ [$message_id]
+ );
redirect(page_link_to('user_messages'));
} else {
return error(_('No Message found.'), true);
@@ -132,9 +151,12 @@ function user_messages()
return error(_('Incomplete call, missing Message ID.'), true);
}
- $message = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($message_id) . "' LIMIT 1");
+ $message = DB::select(
+ 'SELECT `SUID` FROM `Messages` WHERE `id`=? LIMIT 1',
+ [$message_id]
+ );
if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) {
- sql_query("DELETE FROM `Messages` WHERE `id`='" . sql_escape($message_id) . "' LIMIT 1");
+ DB::delete('DELETE FROM `Messages` WHERE `id`=? LIMIT 1', [$message_id]);
redirect(page_link_to('user_messages'));
} else {
return error(_('No Message found.'), true);
@@ -142,7 +164,7 @@ function user_messages()
break;
case 'send':
- if (Message_send($_REQUEST['to'], $_REQUEST['text']) === true) {
+ if (Message_send($_REQUEST['to'], $_REQUEST['text'])) {
redirect(page_link_to('user_messages'));
} else {
return error(_('Transmitting was terminated with an Error.'), true);
diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php
index 2079c789..76b79032 100644
--- a/includes/pages/user_myshifts.php
+++ b/includes/pages/user_myshifts.php
@@ -1,5 +1,7 @@
<?php
+use Engelsystem\Database\DB;
+
/**
* @return string
*/
@@ -22,14 +24,15 @@ function user_myshifts()
isset($_REQUEST['id'])
&& in_array('user_shifts_admin', $privileges)
&& preg_match('/^[0-9]{1,}$/', $_REQUEST['id'])
- && sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($_REQUEST['id']) . "'") > 0
+ && count(DB::select('SELECT `UID` FROM `User` WHERE `UID`=?', [$_REQUEST['id']])) > 0
) {
$user_id = $_REQUEST['id'];
} else {
$user_id = $user['UID'];
}
- list($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1");
+ $shifts_user = DB::select('SELECT * FROM `User` WHERE `UID`=? LIMIT 1', [$user_id]);
+ $shifts_user = array_shift($shifts_user);
if (isset($_REQUEST['reset'])) {
if ($_REQUEST['reset'] == 'ack') {
@@ -46,24 +49,32 @@ function user_myshifts()
]);
} elseif (isset($_REQUEST['edit']) && preg_match('/^[0-9]*$/', $_REQUEST['edit'])) {
$user_id = $_REQUEST['edit'];
- $shift = sql_select("SELECT
- `ShiftEntry`.`freeloaded`,
- `ShiftEntry`.`freeload_comment`,
- `ShiftEntry`.`Comment`,
- `ShiftEntry`.`UID`,
- `ShiftTypes`.`name`,
- `Shifts`.*,
- `Room`.`Name`,
- `AngelTypes`.`name` AS `angel_type`
- FROM `ShiftEntry`
- JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`)
- JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`)
- JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)
- JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`)
- WHERE `ShiftEntry`.`id`='" . sql_escape($user_id) . "'
- AND `UID`='" . sql_escape($shifts_user['UID']) . "' LIMIT 1");
+ $shift = DB::select('
+ SELECT
+ `ShiftEntry`.`freeloaded`,
+ `ShiftEntry`.`freeload_comment`,
+ `ShiftEntry`.`Comment`,
+ `ShiftEntry`.`UID`,
+ `ShiftTypes`.`name`,
+ `Shifts`.*,
+ `Room`.`Name`,
+ `AngelTypes`.`name` AS `angel_type`
+ FROM `ShiftEntry`
+ JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`)
+ JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`)
+ JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)
+ JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`)
+ WHERE `ShiftEntry`.`id`=?
+ AND `UID`=?
+ LIMIT 1
+ ',
+ [
+ $user_id,
+ $shifts_user['UID'],
+ ]
+ );
if (count($shift) > 0) {
- $shift = $shift[0];
+ $shift = array_shift($shift);
$freeloaded = $shift['freeloaded'];
$freeload_comment = $shift['freeload_comment'];
@@ -120,13 +131,19 @@ function user_myshifts()
}
} elseif (isset($_REQUEST['cancel']) && preg_match('/^[0-9]*$/', $_REQUEST['cancel'])) {
$user_id = $_REQUEST['cancel'];
- $shift = sql_select("
- SELECT *
- FROM `Shifts`
- INNER JOIN `ShiftEntry` USING (`SID`)
- WHERE `ShiftEntry`.`id`='" . sql_escape($user_id) . "' AND `UID`='" . sql_escape($shifts_user['UID']) . "'");
+ $shift = DB::select('
+ SELECT *
+ FROM `Shifts`
+ INNER JOIN `ShiftEntry` USING (`SID`)
+ WHERE `ShiftEntry`.`id`=? AND `UID`=?
+ ',
+ [
+ $user_id,
+ $shifts_user['UID'],
+ ]
+ );
if (count($shift) > 0) {
- $shift = $shift[0];
+ $shift = array_shift($shift);
if (($shift['start'] > time() + $last_unsubscribe * 3600) || in_array('user_shifts_admin', $privileges)) {
$result = ShiftEntry_delete($user_id);
if ($result === false) {
diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php
index ceed75f2..3828e293 100644
--- a/includes/pages/user_news.php
+++ b/includes/pages/user_news.php
@@ -1,5 +1,7 @@
<?php
+use Engelsystem\Database\DB;
+
/**
* @return string
*/
@@ -39,18 +41,20 @@ function user_meetings()
$page = 0;
}
- $news = sql_select("
+ $news = DB::select(sprintf('
SELECT *
FROM `News`
WHERE `Treffen`=1
ORDER BY `Datum`DESC
- LIMIT " . sql_escape($page * $display_news) . ", " . sql_escape($display_news)
- );
+ LIMIT %u, %u',
+ $page * $display_news,
+ $display_news
+ ));
foreach ($news as $entry) {
$html .= display_news($entry);
}
- $dis_rows = ceil(sql_num_query('SELECT * FROM `News`') / $display_news);
+ $dis_rows = ceil(count(DB::select('SELECT `ID` FROM `News`')) / $display_news);
$html .= '<div class="text-center">' . '<ul class="pagination">';
for ($i = 0; $i < $dis_rows; $i++) {
if (isset($_REQUEST['page']) && $i == $_REQUEST['page']) {
@@ -98,7 +102,7 @@ function display_news($news)
. '<span class="glyphicon glyphicon-comment"></span> '
. _('Comments') . ' &raquo;</a> '
. '<span class="badge">'
- . sql_num_query("SELECT * FROM `NewsComments` WHERE `Refid`='" . sql_escape($news['ID']) . "'")
+ . count(DB::select('SELECT `ID` FROM `NewsComments` WHERE `Refid`=?', [$news['ID']]))
. '</span>';
}
$html .= '</div>';
@@ -117,28 +121,34 @@ function user_news_comments()
if (
isset($_REQUEST['nid'])
&& preg_match('/^[0-9]{1,}$/', $_REQUEST['nid'])
- && sql_num_query("SELECT * FROM `News` WHERE `ID`='" . sql_escape($_REQUEST['nid']) . "' LIMIT 1") > 0
+ && count(DB::select('SELECT `ID` FROM `News` WHERE `ID`=? LIMIT 1', [$_REQUEST['nid']])) > 0
) {
$nid = $_REQUEST['nid'];
- list($news) = sql_select("SELECT * FROM `News` WHERE `ID`='" . sql_escape($nid) . "' LIMIT 1");
+ $news = DB::select('SELECT * FROM `News` WHERE `ID`=? LIMIT 1', [$nid]);
+ $news = array_shift($news);
if (isset($_REQUEST['text'])) {
$text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
- sql_query("
- INSERT INTO `NewsComments` (`Refid`, `Datum`, `Text`, `UID`)
- VALUES (
- '" . sql_escape($nid) . "',
- '" . date("Y-m-d H:i:s") . "',
- '" . sql_escape($text) . "',
- '" . sql_escape($user["UID"]) . "'
- )
- ");
+ DB::insert('
+ INSERT INTO `NewsComments` (`Refid`, `Datum`, `Text`, `UID`)
+ VALUES (?, ?, ?, ?)
+ ',
+ [
+ $nid,
+ date("Y-m-d H:i:s"),
+ $text,
+ $user["UID"],
+ ]
+ );
engelsystem_log('Created news_comment: ' . $text);
$html .= success(_('Entry saved.'), true);
}
$html .= display_news($news);
- $comments = sql_select("SELECT * FROM `NewsComments` WHERE `Refid`='" . sql_escape($nid) . "' ORDER BY 'ID'");
+ $comments = DB::select(
+ 'SELECT * FROM `NewsComments` WHERE `Refid`=? ORDER BY \'ID\'',
+ [$nid]
+ );
foreach ($comments as $comment) {
$user_source = User($comment['UID']);
@@ -176,16 +186,18 @@ function user_news()
if (!isset($_POST['treffen']) || !in_array('admin_news', $privileges)) {
$_POST['treffen'] = 0;
}
- sql_query("
+ DB::insert('
INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`)
- VALUES (
- '" . sql_escape(time()) . "',
- '" . sql_escape($_POST["betreff"]) . "',
- '" . sql_escape($_POST["text"]) . "',
- '" . sql_escape($user['UID']) . "',
- '" . sql_escape($_POST["treffen"]) . "'
- )
- ");
+ VALUES (?, ?, ?, ?, ?)
+ ',
+ [
+ time(),
+ $_POST['betreff'],
+ $_POST['text'],
+ $user['UID'],
+ $_POST['treffen'],
+ ]
+ );
engelsystem_log('Created news: ' . $_POST['betreff'] . ', treffen: ' . $_POST['treffen']);
success(_('Entry saved.'));
redirect(page_link_to('news'));
@@ -197,17 +209,20 @@ function user_news()
$page = 0;
}
- $news = sql_select("
- SELECT *
- FROM `News`
- ORDER BY `Datum`
- DESC LIMIT " . sql_escape($page * $display_news) . ", " . sql_escape($display_news)
- );
+ $news = DB::select(sprintf('
+ SELECT *
+ FROM `News`
+ ORDER BY `Datum`
+ DESC LIMIT %u, %u
+ ',
+ $page * $display_news,
+ $display_news
+ ));
foreach ($news as $entry) {
$html .= display_news($entry);
}
- $dis_rows = ceil(sql_num_query('SELECT * FROM `News`') / $display_news);
+ $dis_rows = ceil(count(DB::select('SELECT `ID` FROM `News`')) / $display_news);
$html .= '<div class="text-center">' . '<ul class="pagination">';
for ($i = 0; $i < $dis_rows; $i++) {
if (isset($_REQUEST['page']) && $i == $_REQUEST['page']) {
diff --git a/includes/pages/user_questions.php b/includes/pages/user_questions.php
index b8ebe92d..04ae8914 100644
--- a/includes/pages/user_questions.php
+++ b/includes/pages/user_questions.php
@@ -1,5 +1,7 @@
<?php
+use Engelsystem\Database\DB;
+
/**
* @return string
*/
@@ -16,12 +18,14 @@ function user_questions()
global $user;
if (!isset($_REQUEST['action'])) {
- $open_questions = sql_select(
- "SELECT * FROM `Questions` WHERE `AID` IS NULL AND `UID`='" . sql_escape($user['UID']) . "'"
+ $open_questions = DB::select(
+ 'SELECT * FROM `Questions` WHERE `AID` IS NULL AND `UID`=?',
+ [$user['UID']]
);
- $answered_questions = sql_select(
- "SELECT * FROM `Questions` WHERE NOT `AID` IS NULL AND `UID`='" . sql_escape($user['UID']) . "'"
+ $answered_questions = DB::select(
+ 'SELECT * FROM `Questions` WHERE NOT `AID` IS NULL AND `UID`=?',
+ [$user['UID']]
);
foreach ($answered_questions as &$question) {
$answer_user_source = User($question['AID']);
@@ -34,11 +38,13 @@ function user_questions()
case 'ask':
$question = strip_request_item_nl('question');
if ($question != '') {
- $result = sql_query("
- INSERT INTO `Questions`
- SET `UID`='" . sql_escape($user['UID']) . "', `Question`='" . sql_escape($question) . "'
- ");
- if ($result === false) {
+ $result = DB::insert('
+ INSERT INTO `Questions` (`UID`, `Question`)
+ VALUES (?, ?)
+ ',
+ [$user['UID'], $question]
+ );
+ if (!$result) {
engelsystem_error(_('Unable to save question.'));
}
success(_('You question was saved.'));
@@ -56,9 +62,15 @@ function user_questions()
return error(_('Incomplete call, missing Question ID.'), true);
}
- $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($question_id) . "' LIMIT 1");
+ $question = DB::select(
+ 'SELECT `UID` FROM `Questions` WHERE `QID`=? LIMIT 1',
+ [$question_id]
+ );
if (count($question) > 0 && $question[0]['UID'] == $user['UID']) {
- sql_query("DELETE FROM `Questions` WHERE `QID`='" . sql_escape($question_id) . "' LIMIT 1");
+ DB::delete(
+ 'DELETE FROM `Questions` WHERE `QID`=? LIMIT 1',
+ [$question_id]
+ );
redirect(page_link_to('user_questions'));
} else {
return page_with_title(questions_title(), [
diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php
index b848ff5f..5d4ba368 100644
--- a/includes/pages/user_settings.php
+++ b/includes/pages/user_settings.php
@@ -1,5 +1,7 @@
<?php
+use Engelsystem\Database\DB;
+
/**
* @return string
*/
@@ -131,11 +133,16 @@ function user_settings_theme($user_source, $themes)
}
if ($valid) {
- sql_query("
+ DB::update('
UPDATE `User`
- SET `color`='" . sql_escape($user_source['color']) . "'
- WHERE `UID`='" . sql_escape($user_source['UID']) . "'
- ");
+ SET `color`=?
+ WHERE `UID`=?
+ ',
+ [
+ $user_source['color'],
+ $user_source['UID'],
+ ]
+ );
success(_('Theme changed.'));
redirect(page_link_to('user_settings'));
@@ -162,11 +169,16 @@ function user_settings_locale($user_source, $locales)
}
if ($valid) {
- sql_query("
+ DB::update('
UPDATE `User`
- SET `Sprache`='" . sql_escape($user_source['Sprache']) . "'
- WHERE `UID`='" . sql_escape($user_source['UID']) . "'
- ");
+ SET `Sprache`=?
+ WHERE `UID`=?
+ ',
+ [
+ $user_source['Sprache'],
+ $user_source['UID'],
+ ]
+ );
$_SESSION['locale'] = $user_source['Sprache'];
success('Language changed.');
diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php
index bfb33f12..16af0197 100644
--- a/includes/pages/user_shifts.php
+++ b/includes/pages/user_shifts.php
@@ -1,4 +1,6 @@
<?php
+
+use Engelsystem\Database\DB;
use Engelsystem\ShiftsFilter;
/**
@@ -70,12 +72,9 @@ function update_ShiftsFilter_timerange(ShiftsFilter $shiftsFilter, $days)
/**
* Update given ShiftsFilter with filter params from user input
*
- * @param ShiftsFilter $shiftsFilter
- * The shifts filter to update from request data
- * @param boolean $user_shifts_admin
- * Has the user user_shift_admin privilege?
- * @param string[] $days
- * An array of available filter days
+ * @param ShiftsFilter $shiftsFilter The shifts filter to update from request data
+ * @param boolean $user_shifts_admin Has the user user_shift_admin privilege?
+ * @param string[] $days An array of available filter days
*/
function update_ShiftsFilter(ShiftsFilter $shiftsFilter, $user_shifts_admin, $days)
{
@@ -91,8 +90,10 @@ function update_ShiftsFilter(ShiftsFilter $shiftsFilter, $user_shifts_admin, $da
*/
function load_rooms()
{
- $rooms = sql_select('SELECT `RID` AS `id`, `Name` AS `name` FROM `Room` WHERE `show`=\'Y\' ORDER BY `Name`');
- if (!$rooms || count($rooms) == 0) {
+ $rooms = DB::select(
+ 'SELECT `RID` AS `id`, `Name` AS `name` FROM `Room` WHERE `show`=\'Y\' ORDER BY `Name`'
+ );
+ if (empty($rooms)) {
error(_('The administration has not configured any rooms yet.'));
redirect('?');
}
@@ -104,12 +105,14 @@ function load_rooms()
*/
function load_days()
{
- $days = sql_select_single_col('
+ $days = DB::select('
SELECT DISTINCT DATE(FROM_UNIXTIME(`start`)) AS `id`, DATE(FROM_UNIXTIME(`start`)) AS `name`
FROM `Shifts`
ORDER BY `start`
');
- if (count($days) == 0) {
+ $days = array_map('array_shift', $days);
+
+ if (empty($days)) {
error(_('The administration has not configured any shifts yet.'));
redirect('?');
}
@@ -123,31 +126,35 @@ function load_types()
{
global $user;
- if (sql_num_query('SELECT `id`, `name` FROM `AngelTypes` WHERE `restricted` = 0') == 0) {
+ if (!count(DB::select('SELECT `id`, `name` FROM `AngelTypes` WHERE `restricted` = 0'))) {
error(_('The administration has not configured any angeltypes yet - or you are not subscribed to any angeltype.'));
redirect('?');
}
- $types = sql_select("
- SELECT
- `AngelTypes`.`id`,
- `AngelTypes`.`name`,
- (
- `AngelTypes`.`restricted`=0
- OR (
- NOT `UserAngelTypes`.`confirm_user_id` IS NULL
- OR `UserAngelTypes`.`id` IS NULL
+ $types = DB::select('
+ SELECT
+ `AngelTypes`.`id`,
+ `AngelTypes`.`name`,
+ (
+ `AngelTypes`.`restricted`=0
+ OR (
+ NOT `UserAngelTypes`.`confirm_user_id` IS NULL
+ OR `UserAngelTypes`.`id` IS NULL
+ )
+ ) AS `enabled`
+ FROM `AngelTypes`
+ LEFT JOIN `UserAngelTypes`
+ ON (
+ `UserAngelTypes`.`angeltype_id`=`AngelTypes`.`id`
+ AND `UserAngelTypes`.`user_id`=?
)
- ) AS `enabled`
- FROM `AngelTypes`
- LEFT JOIN `UserAngelTypes`
- ON (
- `UserAngelTypes`.`angeltype_id`=`AngelTypes`.`id`
- AND `UserAngelTypes`.`user_id`='" . sql_escape($user['UID']) . "'
- )
- ORDER BY `AngelTypes`.`name`
- ");
+ ORDER BY `AngelTypes`.`name`
+ ',
+ [
+ $user['UID'],
+ ]
+ );
if (empty($types)) {
- return sql_select('SELECT `id`, `name` FROM `AngelTypes` WHERE `restricted` = 0');
+ return DB::select('SELECT `id`, `name` FROM `AngelTypes` WHERE `restricted` = 0');
}
return $types;
}