admin rooms

2 files changed, 175 insertions, 27 deletions

diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php
new file mode 100644
index 00000000..6695d6a9
--- /dev/null
+++ b/includes/pages/admin_rooms.php
@@ -0,0 +1,148 @@
+<?php
+function admin_rooms() {
+	global $user;
+
+	$html = "";
+	$rooms = sql_select("SELECT * FROM `Room` ORDER BY `Number`, `Name`");
+	if (!isset ($_REQUEST["action"])) {
+		$html .= "Hallo " . $user['Nick'] .
+		",<br />\nhier hast du die M&ouml;glichkeit, neue R&auml;ume f&uuml;r die Schichtpl&auml;ne einzutragen " .
+		"oder vorhandene abzu&auml;ndern:<br /><br />\n";
+
+		$html .= "<a href=\"" . page_link_to("admin_rooms") . "&action=new\">Neuen Raum/Ort eintragen</a><br />\n";
+
+		// Räume auflisten
+		if (count($rooms) > 0) {
+			$html .= '<table><thead><tr>';
+
+			$html .= "<table width=\"100%\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n";
+			$html .= "<tr class=\"contenttopic\">\n";
+
+			// Tabellenüberschriften generieren
+			foreach ($rooms[0] as $attr => $tmp)
+				if ($attr == 'RID')
+					$html .= '<th>Anzahl: ' . count($rooms) . '</th>';
+				else
+					$html .= '<th>' . $attr . '</th>';
+			$html .= '<th>&nbsp;</th>';
+			$html .= '</tr></thead><tbody>';
+
+			foreach ($rooms as $i => $room) {
+				$html .= '<tr>';
+				foreach ($room as $attr => $value)
+					if ($attr == 'RID')
+						$html .= '<td>' . ($i +1) . '</td>';
+					else
+						$html .= '<td>' . $value . '</td>';
+				$html .= '<td><a href="' . page_link_to("admin_rooms") . '&action=change&RID=' . $room['RID'] . '">Edit</a></td>';
+				$html .= '</tr>';
+			}
+
+			$html .= '</tbody></table>';
+		}
+	} else {
+		switch ($_REQUEST["action"]) {
+
+			case 'new' :
+				$html .= template_render('../templates/admin_rooms_new_form.html', array (
+					'link' => page_link_to("admin_rooms")
+				));
+				break;
+
+			case 'newsave' :
+				$name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Name']));
+				$man = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Man']));
+				$from_pentabarf = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['FromPentabarf']));
+				$show = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['Show']));
+				$number = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['Number']));
+				sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($show) . "', `Number`='" . sql_escape($number) . "'");
+				header("Location: " . page_link_to("admin_rooms"));
+				break;
+
+			case 'change' :
+				if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID']))
+					$rid = $_REQUEST['RID'];
+				else
+					return error("Incomplete call, missing Room ID.");
+
+				$room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
+				if (count($room) > 0) {
+					list ($room) = $room;
+					$room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `RoomAngelTypes` ON (`AngelTypes`.`TID` = `RoomAngelTypes`.`angel_type_id` AND `RoomAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`Name`");
+
+					$angel_types = "";
+					foreach ($room_angel_types as $room_angel_type) {
+						if ($room_angel_type['count'] == "")
+							$room_angel_type['count'] = "0";
+						$angel_types .= '<tr><td>' . $room_angel_type['Name'] . '</td><td><input type="text" name="angel_type_' . $room_angel_type['TID'] . '" value="' . $room_angel_type['count'] . '" /></td></tr>';
+					}
+
+					$html .= template_render('../templates/admin_rooms_edit_form.html', array (
+						'link' => page_link_to("admin_rooms"),
+						'room_id' => $rid,
+						'name' => $room['Name'],
+						'man' => $room['Man'],
+						'number' => $room['Number'],
+						'from_pentabarf_options' => html_options('FromPentabarf', array (
+							'Y' => 'Yes',
+							'N' => 'No'
+						), $room['FromPentabarf']),
+						'show_options' => html_options('Show', array (
+							'Y' => 'Yes',
+							'N' => 'No'
+						), $room['show']),
+						'angel_types' => $angel_types
+					));
+				} else
+					return error("No Room found.");
+				break;
+
+			case 'changesave' :
+				if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID']))
+					$rid = $_REQUEST['RID'];
+				else
+					return error("Incomplete call, missing Room ID.");
+
+				$room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
+				if (count($room) > 0) {
+					list ($room) = $room;
+					$room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `RoomAngelTypes` ON (`AngelTypes`.`TID` = `RoomAngelTypes`.`angel_type_id` AND `RoomAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`Name`");
+
+					$name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Name']));
+					$man = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Man']));
+					$from_pentabarf = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['FromPentabarf']));
+					$show = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['Show']));
+					$number = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['Number']));
+					sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($show) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
+					sql_query("DELETE FROM `RoomAngelTypes` WHERE `room_id`=" . sql_escape($rid));
+					foreach ($room_angel_types as $room_angel_type) {
+						if (isset ($_REQUEST['angel_type_' . $room_angel_type['TID']]) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['angel_type_' . $room_angel_type['TID']]))
+							$count = $_REQUEST['angel_type_' . $room_angel_type['TID']];
+						else
+							$count = "0";
+						sql_query("INSERT INTO `RoomAngelTypes` SET `room_id`=" . sql_escape($rid) . ", `angel_type_id`=" . sql_escape($room_angel_type['TID']) . ", `count`=" . sql_escape($count));
+					}
+					header("Location: " . page_link_to("admin_rooms"));
+				} else
+					return error("No Room found.");
+				break;
+
+			case 'delete' :
+				if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID']))
+					$rid = $_REQUEST['RID'];
+				else
+					return error("Incomplete call, missing Room ID.");
+
+				if (sql_num_query("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1") > 0) {
+					sql_query("DELETE FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1");
+					sql_query("DELETE FROM `RoomAngelTypes` WHERE `room_id`=" . sql_escape($rid) . " LIMIT 1");
+					header("Location: " . page_link_to("admin_rooms"));
+				} else
+					return error("No Room found.");
+				break;
+
+		}
+	}
+	return $html;
+}
+?>
diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php
index 7012bb99..4295edb8 100644
--- a/includes/pages/user_news.php
+++ b/includes/pages/user_news.php
@@ -64,43 +64,43 @@ function user_news_output() {
 
 	for ($i = 1; $i <= $dis_rows; $i++) {
 		if (!((($i * $DISPLAY_NEWS) - $_GET["news_begin"]) == $DISPLAY_NEWS)) {
-			$html .= "<a href=\"./news.php?news_begin=" . (($i * $DISPLAY_NEWS) - $DISPLAY_NEWS -1) . "\">$i</a>&nbsp; ";
+			$html .= '<a href="' . page_link_to("news") . '&news_begin=' . (($i * $DISPLAY_NEWS) - $DISPLAY_NEWS -1) . '">' . $i . '</a>&nbsp; ';
 		} else {
 			$html .= "$i&nbsp; ";
 		}
 	}
 	$html .= '</div>
-			<br /><hr />
-			<h2>' . Get_Text(6) . '</h2>
-			<a name="Neu">&nbsp;</a>
-			
-			<form action="" method="post">
-			<?PHP
-			
-				// Datum mit uebergeben, um doppelte Eintraege zu verhindern 
-				// (Reload nach dem Eintragen!)
-			?>
-			<input type="hidden" name="date" value="' . date("Y-m-d H:i:s") . '">
-			<table>
-			 <tr>
-			  <td align="right">' . Get_Text(7) . '</td>
-			  <td><input type="text" name="betreff" size="60"></td>
-			 </tr>
-			 <tr>
-			  <td align="right">' . Get_Text(8) . '</td>
-			  <td><textarea name="text" cols="50" rows="10"></textarea></td>
-			 </tr>';
+					<br /><hr />
+					<h2>' . Get_Text(6) . '</h2>
+					<a name="Neu">&nbsp;</a>
+					
+					<form action="" method="post">
+					<?PHP
+					
+						// Datum mit uebergeben, um doppelte Eintraege zu verhindern 
+						// (Reload nach dem Eintragen!)
+					?>
+					<input type="hidden" name="date" value="' . date("Y-m-d H:i:s") . '">
+					<table>
+					 <tr>
+					  <td align="right">' . Get_Text(7) . '</td>
+					  <td><input type="text" name="betreff" size="60"></td>
+					 </tr>
+					 <tr>
+					  <td align="right">' . Get_Text(8) . '</td>
+					  <td><textarea name="text" cols="50" rows="10"></textarea></td>
+					 </tr>';
 	if (in_array('news_add_meeting', $privileges)) {
 		$html .= ' <tr>
-						  <td align="right">' . Get_Text(9) . '</td>
-						  <td><input type="checkbox" name="treffen" size="1" value="1"></td>
-						 </tr>';
+										  <td align="right">' . Get_Text(9) . '</td>
+										  <td><input type="checkbox" name="treffen" size="1" value="1"></td>
+										 </tr>';
 
 	}
 	$html .= '</table>
-			<br />
-			<input type="submit" value="' . Get_Text("save") . '">
-			</form>';
+					<br />
+					<input type="submit" value="' . Get_Text("save") . '">
+					</form>';
 	return $html;
 }
 ?>
\ No newline at end of file